May  4 06:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29455]: pam_unix(cron:session): session closed for user root
May  4 06:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Failed password for invalid user debian from 117.157.93.168 port 55440 ssh2
May  4 06:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Connection closed by 117.157.93.168 port 55440 [preauth]
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session closed for user root
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Invalid user piso from 81.133.106.57
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: input_userauth_request: invalid user piso [preauth]
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: Invalid user debian from 117.157.93.168
May  4 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: Failed password for invalid user debian from 117.157.93.168 port 35410 ssh2
May  4 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: Connection closed by 117.157.93.168 port 35410 [preauth]
May  4 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Failed password for invalid user piso from 81.133.106.57 port 44374 ssh2
May  4 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Received disconnect from 81.133.106.57 port 44374:11: Bye Bye [preauth]
May  4 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Disconnected from 81.133.106.57 port 44374 [preauth]
May  4 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Invalid user debian from 117.157.93.168
May  4 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for invalid user debian from 117.157.93.168 port 35426 ssh2
May  4 06:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Connection closed by 117.157.93.168 port 35426 [preauth]
May  4 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Invalid user debian from 117.157.93.168
May  4 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Failed password for invalid user debian from 117.157.93.168 port 35428 ssh2
May  4 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Connection closed by 117.157.93.168 port 35428 [preauth]
May  4 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Invalid user debian from 117.157.93.168
May  4 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Failed password for invalid user debian from 117.157.93.168 port 35432 ssh2
May  4 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Connection closed by 117.157.93.168 port 35432 [preauth]
May  4 06:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Invalid user debian from 117.157.93.168
May  4 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for invalid user debian from 117.157.93.168 port 60318 ssh2
May  4 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Connection closed by 117.157.93.168 port 60318 [preauth]
May  4 06:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Invalid user debian from 117.157.93.168
May  4 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for invalid user debian from 117.157.93.168 port 60330 ssh2
May  4 06:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Connection closed by 117.157.93.168 port 60330 [preauth]
May  4 06:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Invalid user debian from 117.157.93.168
May  4 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Failed password for invalid user debian from 117.157.93.168 port 58256 ssh2
May  4 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4689]: Connection closed by 117.157.93.168 port 58256 [preauth]
May  4 06:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: Invalid user debian from 117.157.93.168
May  4 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: input_userauth_request: invalid user debian [preauth]
May  4 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: Failed password for invalid user debian from 117.157.93.168 port 58272 ssh2
May  4 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4699]: Connection closed by 117.157.93.168 port 58272 [preauth]
May  4 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4719]: pam_unix(cron:session): session closed for user root
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4713]: pam_unix(cron:session): session closed for user p13x
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Invalid user debian from 117.157.93.168
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4785]: Successful su for rubyman by root
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4785]: + ??? root:rubyman
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325863 of user rubyman.
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4785]: pam_unix(su:session): session closed for user rubyman
May  4 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325863.
May  4 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Failed password for invalid user debian from 117.157.93.168 port 58276 ssh2
May  4 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4701]: Connection closed by 117.157.93.168 port 58276 [preauth]
May  4 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4715]: pam_unix(cron:session): session closed for user root
May  4 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1272]: pam_unix(cron:session): session closed for user root
May  4 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Invalid user debian from 117.157.93.168
May  4 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4714]: pam_unix(cron:session): session closed for user samftp
May  4 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Failed password for invalid user debian from 117.157.93.168 port 55682 ssh2
May  4 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4949]: Connection closed by 117.157.93.168 port 55682 [preauth]
May  4 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Invalid user debian from 117.157.93.168
May  4 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Failed password for invalid user debian from 117.157.93.168 port 55698 ssh2
May  4 06:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Connection closed by 117.157.93.168 port 55698 [preauth]
May  4 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Invalid user debian from 117.157.93.168
May  4 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for invalid user debian from 117.157.93.168 port 55704 ssh2
May  4 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Connection closed by 117.157.93.168 port 55704 [preauth]
May  4 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Invalid user debian from 117.157.93.168
May  4 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Failed password for invalid user debian from 117.157.93.168 port 49364 ssh2
May  4 06:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Connection closed by 117.157.93.168 port 49364 [preauth]
May  4 06:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Invalid user debian from 117.157.93.168
May  4 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Failed password for invalid user debian from 117.157.93.168 port 49374 ssh2
May  4 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5244]: Connection closed by 117.157.93.168 port 49374 [preauth]
May  4 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Invalid user debian from 117.157.93.168
May  4 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Failed password for invalid user debian from 117.157.93.168 port 49388 ssh2
May  4 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Connection closed by 117.157.93.168 port 49388 [preauth]
May  4 06:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Invalid user debian from 117.157.93.168
May  4 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Failed password for invalid user debian from 117.157.93.168 port 43540 ssh2
May  4 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Connection closed by 117.157.93.168 port 43540 [preauth]
May  4 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Invalid user debian from 117.157.93.168
May  4 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Failed password for invalid user debian from 117.157.93.168 port 43554 ssh2
May  4 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Connection closed by 117.157.93.168 port 43554 [preauth]
May  4 06:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Invalid user debian from 117.157.93.168
May  4 06:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3265]: pam_unix(cron:session): session closed for user root
May  4 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Failed password for invalid user debian from 117.157.93.168 port 43558 ssh2
May  4 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Connection closed by 117.157.93.168 port 43558 [preauth]
May  4 06:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Invalid user debian from 117.157.93.168
May  4 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Failed password for invalid user debian from 117.157.93.168 port 41856 ssh2
May  4 06:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Connection closed by 117.157.93.168 port 41856 [preauth]
May  4 06:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: Invalid user debian from 117.157.93.168
May  4 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: Failed password for invalid user debian from 117.157.93.168 port 41862 ssh2
May  4 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5328]: Connection closed by 117.157.93.168 port 41862 [preauth]
May  4 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Invalid user debian from 117.157.93.168
May  4 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Failed password for invalid user debian from 117.157.93.168 port 41870 ssh2
May  4 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Connection closed by 117.157.93.168 port 41870 [preauth]
May  4 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: Invalid user debian from 117.157.93.168
May  4 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: Failed password for invalid user debian from 117.157.93.168 port 44272 ssh2
May  4 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: Connection closed by 117.157.93.168 port 44272 [preauth]
May  4 06:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Invalid user debian from 117.157.93.168
May  4 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Failed password for invalid user debian from 117.157.93.168 port 44288 ssh2
May  4 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5363]: Connection closed by 117.157.93.168 port 44288 [preauth]
May  4 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Invalid user debian from 117.157.93.168
May  4 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Failed password for invalid user debian from 117.157.93.168 port 44292 ssh2
May  4 06:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Connection closed by 117.157.93.168 port 44292 [preauth]
May  4 06:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Invalid user debian from 117.157.93.168
May  4 06:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: input_userauth_request: invalid user debian [preauth]
May  4 06:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Failed password for invalid user debian from 117.157.93.168 port 34286 ssh2
May  4 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5376]: Connection closed by 117.157.93.168 port 34286 [preauth]
May  4 06:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: Invalid user debian from 117.157.93.168
May  4 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5395]: pam_unix(cron:session): session closed for user p13x
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: Successful su for rubyman by root
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: + ??? root:rubyman
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325866 of user rubyman.
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5471]: pam_unix(su:session): session closed for user rubyman
May  4 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325866.
May  4 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: Failed password for invalid user debian from 117.157.93.168 port 34288 ssh2
May  4 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5388]: Connection closed by 117.157.93.168 port 34288 [preauth]
May  4 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Invalid user debian from 117.157.93.168
May  4 06:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1766]: pam_unix(cron:session): session closed for user root
May  4 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Failed password for invalid user debian from 117.157.93.168 port 33932 ssh2
May  4 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Connection closed by 117.157.93.168 port 33932 [preauth]
May  4 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5396]: pam_unix(cron:session): session closed for user samftp
May  4 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Invalid user debian from 117.157.93.168
May  4 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Failed password for invalid user debian from 117.157.93.168 port 33934 ssh2
May  4 06:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5713]: Connection closed by 117.157.93.168 port 33934 [preauth]
May  4 06:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Invalid user debian from 117.157.93.168
May  4 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Failed password for invalid user debian from 117.157.93.168 port 33944 ssh2
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Invalid user user8 from 81.133.106.57
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: input_userauth_request: invalid user user8 [preauth]
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Connection closed by 117.157.93.168 port 33944 [preauth]
May  4 06:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Invalid user debian from 117.157.93.168
May  4 06:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Failed password for invalid user user8 from 81.133.106.57 port 34529 ssh2
May  4 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Received disconnect from 81.133.106.57 port 34529:11: Bye Bye [preauth]
May  4 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Disconnected from 81.133.106.57 port 34529 [preauth]
May  4 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for invalid user debian from 117.157.93.168 port 53882 ssh2
May  4 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Connection closed by 117.157.93.168 port 53882 [preauth]
May  4 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Invalid user debian from 117.157.93.168
May  4 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Failed password for invalid user debian from 117.157.93.168 port 53886 ssh2
May  4 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5753]: Connection closed by 117.157.93.168 port 53886 [preauth]
May  4 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Invalid user debian from 117.157.93.168
May  4 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for invalid user debian from 117.157.93.168 port 53888 ssh2
May  4 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Connection closed by 117.157.93.168 port 53888 [preauth]
May  4 06:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Invalid user debian from 117.157.93.168
May  4 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Failed password for invalid user debian from 117.157.93.168 port 34900 ssh2
May  4 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Connection closed by 117.157.93.168 port 34900 [preauth]
May  4 06:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Invalid user debian from 117.157.93.168
May  4 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Failed password for invalid user debian from 117.157.93.168 port 34912 ssh2
May  4 06:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Connection closed by 117.157.93.168 port 34912 [preauth]
May  4 06:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: Invalid user debian from 117.157.93.168
May  4 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3748]: pam_unix(cron:session): session closed for user root
May  4 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: Failed password for invalid user debian from 117.157.93.168 port 34922 ssh2
May  4 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5796]: Connection closed by 117.157.93.168 port 34922 [preauth]
May  4 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: Invalid user debian from 117.157.93.168
May  4 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: Failed password for invalid user debian from 117.157.93.168 port 59264 ssh2
May  4 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: Connection closed by 117.157.93.168 port 59264 [preauth]
May  4 06:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Invalid user debian from 117.157.93.168
May  4 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Failed password for invalid user debian from 117.157.93.168 port 59280 ssh2
May  4 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5918]: Connection closed by 117.157.93.168 port 59280 [preauth]
May  4 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Invalid user debian from 117.157.93.168
May  4 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Failed password for invalid user debian from 117.157.93.168 port 59296 ssh2
May  4 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Connection closed by 117.157.93.168 port 59296 [preauth]
May  4 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Invalid user debian from 117.157.93.168
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Invalid user admin from 64.226.117.59
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: input_userauth_request: invalid user admin [preauth]
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Failed password for invalid user debian from 117.157.93.168 port 35148 ssh2
May  4 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Failed password for invalid user admin from 64.226.117.59 port 34078 ssh2
May  4 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Connection closed by 117.157.93.168 port 35148 [preauth]
May  4 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Connection closed by 64.226.117.59 port 34078 [preauth]
May  4 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Invalid user debian from 117.157.93.168
May  4 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Failed password for invalid user debian from 117.157.93.168 port 35150 ssh2
May  4 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Connection closed by 117.157.93.168 port 35150 [preauth]
May  4 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Invalid user debian from 117.157.93.168
May  4 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Failed password for invalid user debian from 117.157.93.168 port 55728 ssh2
May  4 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5967]: Connection closed by 117.157.93.168 port 55728 [preauth]
May  4 06:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Invalid user debian from 117.157.93.168
May  4 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: input_userauth_request: invalid user debian [preauth]
May  4 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for invalid user debian from 117.157.93.168 port 55740 ssh2
May  4 06:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Connection closed by 117.157.93.168 port 55740 [preauth]
May  4 06:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Invalid user debian from 117.157.93.168
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session closed for user p13x
May  4 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: Successful su for rubyman by root
May  4 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: + ??? root:rubyman
May  4 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325872 of user rubyman.
May  4 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: pam_unix(su:session): session closed for user rubyman
May  4 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325872.
May  4 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Failed password for invalid user debian from 117.157.93.168 port 55756 ssh2
May  4 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: Connection closed by 117.157.93.168 port 55756 [preauth]
May  4 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Invalid user debian from 117.157.93.168
May  4 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2326]: pam_unix(cron:session): session closed for user root
May  4 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session closed for user samftp
May  4 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Failed password for invalid user debian from 117.157.93.168 port 46652 ssh2
May  4 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Connection closed by 117.157.93.168 port 46652 [preauth]
May  4 06:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Invalid user debian from 117.157.93.168
May  4 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for invalid user debian from 117.157.93.168 port 46660 ssh2
May  4 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 117.157.93.168 port 46660 [preauth]
May  4 06:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Invalid user debian from 117.157.93.168
May  4 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Failed password for invalid user debian from 117.157.93.168 port 46662 ssh2
May  4 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Connection closed by 117.157.93.168 port 46662 [preauth]
May  4 06:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Invalid user debian from 117.157.93.168
May  4 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Failed password for invalid user debian from 117.157.93.168 port 40472 ssh2
May  4 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection closed by 117.157.93.168 port 40472 [preauth]
May  4 06:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Invalid user debian from 117.157.93.168
May  4 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.35.231  user=root
May  4 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Failed password for invalid user debian from 117.157.93.168 port 40488 ssh2
May  4 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Connection closed by 117.157.93.168 port 40488 [preauth]
May  4 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Failed password for root from 104.168.35.231 port 40932 ssh2
May  4 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Received disconnect from 104.168.35.231 port 40932:11: Bye Bye [preauth]
May  4 06:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Disconnected from 104.168.35.231 port 40932 [preauth]
May  4 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Invalid user debian from 117.157.93.168
May  4 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: input_userauth_request: invalid user debian [preauth]
May  4 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Failed password for invalid user debian from 117.157.93.168 port 40500 ssh2
May  4 06:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Connection closed by 117.157.93.168 port 40500 [preauth]
May  4 06:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Invalid user admin from 117.157.93.168
May  4 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Failed password for invalid user admin from 117.157.93.168 port 49456 ssh2
May  4 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6339]: Connection closed by 117.157.93.168 port 49456 [preauth]
May  4 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4718]: pam_unix(cron:session): session closed for user root
May  4 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Invalid user admin from 117.157.93.168
May  4 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for invalid user admin from 117.157.93.168 port 48580 ssh2
May  4 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Connection closed by 117.157.93.168 port 48580 [preauth]
May  4 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Invalid user admin from 117.157.93.168
May  4 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Failed password for invalid user admin from 117.157.93.168 port 48586 ssh2
May  4 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Connection closed by 117.157.93.168 port 48586 [preauth]
May  4 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Invalid user admin from 117.157.93.168
May  4 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Failed password for invalid user admin from 117.157.93.168 port 48588 ssh2
May  4 06:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Connection closed by 117.157.93.168 port 48588 [preauth]
May  4 06:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Invalid user admin from 117.157.93.168
May  4 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Failed password for invalid user admin from 117.157.93.168 port 45434 ssh2
May  4 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Connection closed by 117.157.93.168 port 45434 [preauth]
May  4 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Invalid user admin from 117.157.93.168
May  4 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Failed password for invalid user admin from 117.157.93.168 port 45450 ssh2
May  4 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Connection closed by 117.157.93.168 port 45450 [preauth]
May  4 06:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Invalid user admin from 117.157.93.168
May  4 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Failed password for invalid user admin from 117.157.93.168 port 45454 ssh2
May  4 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Connection closed by 117.157.93.168 port 45454 [preauth]
May  4 06:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Invalid user admin from 117.157.93.168
May  4 06:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Failed password for invalid user admin from 117.157.93.168 port 42804 ssh2
May  4 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Connection closed by 117.157.93.168 port 42804 [preauth]
May  4 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Invalid user admin from 117.157.93.168
May  4 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: input_userauth_request: invalid user admin [preauth]
May  4 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Failed password for invalid user admin from 117.157.93.168 port 42820 ssh2
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Failed password for root from 81.133.106.57 port 52926 ssh2
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Connection closed by 117.157.93.168 port 42820 [preauth]
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Received disconnect from 81.133.106.57 port 52926:11: Bye Bye [preauth]
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6433]: Disconnected from 81.133.106.57 port 52926 [preauth]
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user p13x
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: Successful su for rubyman by root
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: + ??? root:rubyman
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325874 of user rubyman.
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6510]: pam_unix(su:session): session closed for user rubyman
May  4 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325874.
May  4 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Invalid user admin from 117.157.93.168
May  4 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2818]: pam_unix(cron:session): session closed for user root
May  4 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Failed password for invalid user admin from 117.157.93.168 port 42822 ssh2
May  4 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Connection closed by 117.157.93.168 port 42822 [preauth]
May  4 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session closed for user samftp
May  4 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Invalid user admin from 117.157.93.168
May  4 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Failed password for invalid user admin from 117.157.93.168 port 38652 ssh2
May  4 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Connection closed by 117.157.93.168 port 38652 [preauth]
May  4 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Invalid user admin from 117.157.93.168
May  4 06:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for invalid user admin from 117.157.93.168 port 38660 ssh2
May  4 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Connection closed by 117.157.93.168 port 38660 [preauth]
May  4 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Invalid user admin from 117.157.93.168
May  4 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Failed password for invalid user admin from 117.157.93.168 port 38668 ssh2
May  4 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Connection closed by 117.157.93.168 port 38668 [preauth]
May  4 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Invalid user admin from 117.157.93.168
May  4 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Failed password for invalid user admin from 117.157.93.168 port 47994 ssh2
May  4 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Connection closed by 117.157.93.168 port 47994 [preauth]
May  4 06:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: Invalid user admin from 117.157.93.168
May  4 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: Failed password for invalid user admin from 117.157.93.168 port 48002 ssh2
May  4 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6738]: Connection closed by 117.157.93.168 port 48002 [preauth]
May  4 06:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Invalid user admin from 117.157.93.168
May  4 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Failed password for invalid user admin from 117.157.93.168 port 33708 ssh2
May  4 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6749]: Connection closed by 117.157.93.168 port 33708 [preauth]
May  4 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Invalid user admin from 117.157.93.168
May  4 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Failed password for invalid user admin from 117.157.93.168 port 33710 ssh2
May  4 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Connection closed by 117.157.93.168 port 33710 [preauth]
May  4 06:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Invalid user admin from 117.157.93.168
May  4 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user root
May  4 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Failed password for invalid user admin from 117.157.93.168 port 33720 ssh2
May  4 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Connection closed by 117.157.93.168 port 33720 [preauth]
May  4 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Invalid user admin from 117.157.93.168
May  4 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Failed password for invalid user admin from 117.157.93.168 port 44986 ssh2
May  4 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6808]: Connection closed by 117.157.93.168 port 44986 [preauth]
May  4 06:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Invalid user admin from 117.157.93.168
May  4 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Failed password for invalid user admin from 117.157.93.168 port 45002 ssh2
May  4 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Connection closed by 117.157.93.168 port 45002 [preauth]
May  4 06:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Invalid user admin from 117.157.93.168
May  4 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Failed password for invalid user admin from 117.157.93.168 port 45004 ssh2
May  4 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6821]: Connection closed by 117.157.93.168 port 45004 [preauth]
May  4 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Invalid user admin from 117.157.93.168
May  4 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Failed password for invalid user admin from 117.157.93.168 port 33524 ssh2
May  4 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Connection closed by 117.157.93.168 port 33524 [preauth]
May  4 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Invalid user admin from 117.157.93.168
May  4 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user admin from 117.157.93.168 port 33528 ssh2
May  4 06:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Connection closed by 117.157.93.168 port 33528 [preauth]
May  4 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Invalid user admin from 117.157.93.168
May  4 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Failed password for invalid user admin from 117.157.93.168 port 33544 ssh2
May  4 06:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Connection closed by 117.157.93.168 port 33544 [preauth]
May  4 06:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Invalid user admin from 117.157.93.168
May  4 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: input_userauth_request: invalid user admin [preauth]
May  4 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Failed password for invalid user admin from 117.157.93.168 port 60402 ssh2
May  4 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Connection closed by 117.157.93.168 port 60402 [preauth]
May  4 06:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Invalid user admin from 117.157.93.168
May  4 06:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6882]: pam_unix(cron:session): session closed for user p13x
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: Successful su for rubyman by root
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: + ??? root:rubyman
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325879 of user rubyman.
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7036]: pam_unix(su:session): session closed for user rubyman
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325879.
May  4 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Failed password for invalid user admin from 117.157.93.168 port 60406 ssh2
May  4 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Connection closed by 117.157.93.168 port 60406 [preauth]
May  4 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Invalid user admin from 117.157.93.168
May  4 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session closed for user root
May  4 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6883]: pam_unix(cron:session): session closed for user samftp
May  4 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Failed password for invalid user admin from 117.157.93.168 port 60408 ssh2
May  4 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Connection closed by 117.157.93.168 port 60408 [preauth]
May  4 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Invalid user admin from 117.157.93.168
May  4 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Failed password for invalid user admin from 117.157.93.168 port 57378 ssh2
May  4 06:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7240]: Connection closed by 117.157.93.168 port 57378 [preauth]
May  4 06:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Invalid user admin from 117.157.93.168
May  4 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Failed password for invalid user admin from 117.157.93.168 port 57386 ssh2
May  4 06:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Connection closed by 117.157.93.168 port 57386 [preauth]
May  4 06:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Invalid user admin from 117.157.93.168
May  4 06:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Failed password for invalid user admin from 117.157.93.168 port 59104 ssh2
May  4 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Connection closed by 117.157.93.168 port 59104 [preauth]
May  4 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Invalid user admin from 117.157.93.168
May  4 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Failed password for invalid user admin from 117.157.93.168 port 59110 ssh2
May  4 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Connection closed by 117.157.93.168 port 59110 [preauth]
May  4 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Invalid user admin from 117.157.93.168
May  4 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for invalid user admin from 117.157.93.168 port 59118 ssh2
May  4 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Connection closed by 117.157.93.168 port 59118 [preauth]
May  4 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Invalid user admin from 117.157.93.168
May  4 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Failed password for invalid user admin from 117.157.93.168 port 59466 ssh2
May  4 06:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Connection closed by 117.157.93.168 port 59466 [preauth]
May  4 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Invalid user admin from 117.157.93.168
May  4 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Failed password for invalid user admin from 117.157.93.168 port 59468 ssh2
May  4 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7311]: Connection closed by 117.157.93.168 port 59468 [preauth]
May  4 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: Invalid user admin from 117.157.93.168
May  4 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: Failed password for invalid user admin from 117.157.93.168 port 59472 ssh2
May  4 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: Connection closed by 117.157.93.168 port 59472 [preauth]
May  4 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session closed for user root
May  4 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Invalid user admin from 117.157.93.168
May  4 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for invalid user admin from 117.157.93.168 port 33358 ssh2
May  4 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Connection closed by 117.157.93.168 port 33358 [preauth]
May  4 06:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user admin from 117.157.93.168
May  4 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user admin from 117.157.93.168 port 33370 ssh2
May  4 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 117.157.93.168 port 33370 [preauth]
May  4 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Invalid user admin from 117.157.93.168
May  4 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Failed password for invalid user admin from 117.157.93.168 port 33380 ssh2
May  4 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Connection closed by 117.157.93.168 port 33380 [preauth]
May  4 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Invalid user admin from 117.157.93.168
May  4 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Failed password for invalid user admin from 117.157.93.168 port 39102 ssh2
May  4 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7371]: Connection closed by 117.157.93.168 port 39102 [preauth]
May  4 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Failed password for root from 81.133.106.57 port 43091 ssh2
May  4 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Received disconnect from 81.133.106.57 port 43091:11: Bye Bye [preauth]
May  4 06:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Disconnected from 81.133.106.57 port 43091 [preauth]
May  4 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Invalid user admin from 117.157.93.168
May  4 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Failed password for invalid user admin from 117.157.93.168 port 39112 ssh2
May  4 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Connection closed by 117.157.93.168 port 39112 [preauth]
May  4 06:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Invalid user admin from 117.157.93.168
May  4 06:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user admin from 117.157.93.168 port 39124 ssh2
May  4 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Connection closed by 117.157.93.168 port 39124 [preauth]
May  4 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Invalid user admin from 117.157.93.168
May  4 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Failed password for invalid user admin from 117.157.93.168 port 33296 ssh2
May  4 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7401]: Connection closed by 117.157.93.168 port 33296 [preauth]
May  4 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Invalid user admin from 117.157.93.168
May  4 06:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: input_userauth_request: invalid user admin [preauth]
May  4 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Failed password for invalid user admin from 117.157.93.168 port 33300 ssh2
May  4 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7411]: Connection closed by 117.157.93.168 port 33300 [preauth]
May  4 06:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Invalid user admin from 117.157.93.168
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7429]: pam_unix(cron:session): session closed for user root
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user p13x
May  4 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7592]: Successful su for rubyman by root
May  4 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7592]: + ??? root:rubyman
May  4 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325887 of user rubyman.
May  4 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7592]: pam_unix(su:session): session closed for user rubyman
May  4 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325887.
May  4 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Failed password for invalid user admin from 117.157.93.168 port 33308 ssh2
May  4 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Connection closed by 117.157.93.168 port 33308 [preauth]
May  4 06:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user root
May  4 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Invalid user admin from 117.157.93.168
May  4 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3747]: pam_unix(cron:session): session closed for user root
May  4 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Failed password for invalid user admin from 117.157.93.168 port 54434 ssh2
May  4 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Connection closed by 117.157.93.168 port 54434 [preauth]
May  4 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session closed for user samftp
May  4 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Invalid user admin from 117.157.93.168
May  4 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Failed password for invalid user admin from 117.157.93.168 port 54450 ssh2
May  4 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7825]: Connection closed by 117.157.93.168 port 54450 [preauth]
May  4 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: Invalid user admin from 117.157.93.168
May  4 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: Failed password for invalid user admin from 117.157.93.168 port 54460 ssh2
May  4 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: Connection closed by 117.157.93.168 port 54460 [preauth]
May  4 06:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: Invalid user admin from 117.157.93.168
May  4 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: Failed password for invalid user admin from 117.157.93.168 port 49724 ssh2
May  4 06:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7850]: Connection closed by 117.157.93.168 port 49724 [preauth]
May  4 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Invalid user admin from 117.157.93.168
May  4 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Failed password for invalid user admin from 117.157.93.168 port 49740 ssh2
May  4 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7859]: Connection closed by 117.157.93.168 port 49740 [preauth]
May  4 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Invalid user admin from 117.157.93.168
May  4 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for invalid user admin from 117.157.93.168 port 49744 ssh2
May  4 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Connection closed by 117.157.93.168 port 49744 [preauth]
May  4 06:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Invalid user admin from 117.157.93.168
May  4 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Failed password for invalid user admin from 117.157.93.168 port 55536 ssh2
May  4 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Connection closed by 117.157.93.168 port 55536 [preauth]
May  4 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Invalid user admin from 117.157.93.168
May  4 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Failed password for invalid user admin from 117.157.93.168 port 55546 ssh2
May  4 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7897]: Connection closed by 117.157.93.168 port 55546 [preauth]
May  4 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Invalid user admin from 117.157.93.168
May  4 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session closed for user root
May  4 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Failed password for invalid user admin from 117.157.93.168 port 55562 ssh2
May  4 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Connection closed by 117.157.93.168 port 55562 [preauth]
May  4 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Invalid user admin from 117.157.93.168
May  4 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Failed password for invalid user admin from 117.157.93.168 port 60498 ssh2
May  4 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Connection closed by 117.157.93.168 port 60498 [preauth]
May  4 06:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Invalid user admin from 117.157.93.168
May  4 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Failed password for invalid user admin from 117.157.93.168 port 60500 ssh2
May  4 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Connection closed by 117.157.93.168 port 60500 [preauth]
May  4 06:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Invalid user admin from 117.157.93.168
May  4 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Failed password for invalid user admin from 117.157.93.168 port 60504 ssh2
May  4 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Connection closed by 117.157.93.168 port 60504 [preauth]
May  4 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Invalid user admin from 117.157.93.168
May  4 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Failed password for invalid user admin from 117.157.93.168 port 43722 ssh2
May  4 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Connection closed by 117.157.93.168 port 43722 [preauth]
May  4 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: Invalid user admin from 117.157.93.168
May  4 06:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: Failed password for invalid user admin from 117.157.93.168 port 43728 ssh2
May  4 06:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7984]: Connection closed by 117.157.93.168 port 43728 [preauth]
May  4 06:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Invalid user admin from 117.157.93.168
May  4 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Failed password for invalid user admin from 117.157.93.168 port 43736 ssh2
May  4 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7995]: Connection closed by 117.157.93.168 port 43736 [preauth]
May  4 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Invalid user admin from 117.157.93.168
May  4 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Failed password for invalid user admin from 117.157.93.168 port 42054 ssh2
May  4 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Connection closed by 117.157.93.168 port 42054 [preauth]
May  4 06:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Invalid user admin from 117.157.93.168
May  4 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: input_userauth_request: invalid user admin [preauth]
May  4 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session closed for user p13x
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Failed password for invalid user admin from 117.157.93.168 port 42066 ssh2
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: Successful su for rubyman by root
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: + ??? root:rubyman
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325890 of user rubyman.
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: pam_unix(su:session): session closed for user rubyman
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325890.
May  4 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Connection closed by 117.157.93.168 port 42066 [preauth]
May  4 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Invalid user admin from 117.157.93.168
May  4 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4717]: pam_unix(cron:session): session closed for user root
May  4 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Failed password for invalid user admin from 117.157.93.168 port 42074 ssh2
May  4 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8135]: Connection closed by 117.157.93.168 port 42074 [preauth]
May  4 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user samftp
May  4 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Invalid user admin from 117.157.93.168
May  4 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Failed password for invalid user admin from 117.157.93.168 port 55618 ssh2
May  4 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Connection closed by 117.157.93.168 port 55618 [preauth]
May  4 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Invalid user admin from 117.157.93.168
May  4 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Failed password for invalid user admin from 117.157.93.168 port 55634 ssh2
May  4 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8303]: Connection closed by 117.157.93.168 port 55634 [preauth]
May  4 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Invalid user admin from 117.157.93.168
May  4 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for invalid user admin from 117.157.93.168 port 55640 ssh2
May  4 06:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Connection closed by 117.157.93.168 port 55640 [preauth]
May  4 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Invalid user admin from 117.157.93.168
May  4 06:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Failed password for invalid user admin from 117.157.93.168 port 53256 ssh2
May  4 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8331]: Connection closed by 117.157.93.168 port 53256 [preauth]
May  4 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Invalid user admin from 117.157.93.168
May  4 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Failed password for invalid user admin from 117.157.93.168 port 53264 ssh2
May  4 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8342]: Connection closed by 117.157.93.168 port 53264 [preauth]
May  4 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Invalid user admin from 117.157.93.168
May  4 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Failed password for invalid user admin from 117.157.93.168 port 53280 ssh2
May  4 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Connection closed by 117.157.93.168 port 53280 [preauth]
May  4 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Invalid user admin from 117.157.93.168
May  4 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Invalid user chin from 81.133.106.57
May  4 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: input_userauth_request: invalid user chin [preauth]
May  4 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Failed password for invalid user chin from 81.133.106.57 port 33252 ssh2
May  4 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Received disconnect from 81.133.106.57 port 33252:11: Bye Bye [preauth]
May  4 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8370]: Disconnected from 81.133.106.57 port 33252 [preauth]
May  4 06:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for invalid user admin from 117.157.93.168 port 43174 ssh2
May  4 06:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Connection closed by 117.157.93.168 port 43174 [preauth]
May  4 06:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Invalid user admin from 117.157.93.168
May  4 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Failed password for invalid user admin from 117.157.93.168 port 43186 ssh2
May  4 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: Connection closed by 117.157.93.168 port 43186 [preauth]
May  4 06:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Invalid user admin from 117.157.93.168
May  4 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6885]: pam_unix(cron:session): session closed for user root
May  4 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user admin from 117.157.93.168 port 43194 ssh2
May  4 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Connection closed by 117.157.93.168 port 43194 [preauth]
May  4 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user admin from 117.157.93.168
May  4 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user admin from 117.157.93.168 port 49692 ssh2
May  4 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 117.157.93.168 port 49692 [preauth]
May  4 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: Invalid user admin from 117.157.93.168
May  4 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: Failed password for invalid user admin from 117.157.93.168 port 49696 ssh2
May  4 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: Connection closed by 117.157.93.168 port 49696 [preauth]
May  4 06:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Invalid user admin from 117.157.93.168
May  4 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Failed password for invalid user admin from 117.157.93.168 port 49712 ssh2
May  4 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Connection closed by 117.157.93.168 port 49712 [preauth]
May  4 06:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: Invalid user admin from 117.157.93.168
May  4 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: Failed password for invalid user admin from 117.157.93.168 port 35120 ssh2
May  4 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: Connection closed by 117.157.93.168 port 35120 [preauth]
May  4 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Invalid user admin from 117.157.93.168
May  4 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Failed password for invalid user admin from 117.157.93.168 port 35124 ssh2
May  4 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8468]: Connection closed by 117.157.93.168 port 35124 [preauth]
May  4 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Invalid user admin from 117.157.93.168
May  4 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Failed password for invalid user admin from 117.157.93.168 port 35138 ssh2
May  4 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Connection closed by 117.157.93.168 port 35138 [preauth]
May  4 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Invalid user admin from 117.157.93.168
May  4 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Failed password for invalid user admin from 117.157.93.168 port 33196 ssh2
May  4 06:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8481]: Connection closed by 117.157.93.168 port 33196 [preauth]
May  4 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Invalid user admin from 117.157.93.168
May  4 06:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: input_userauth_request: invalid user admin [preauth]
May  4 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Failed password for invalid user admin from 117.157.93.168 port 33200 ssh2
May  4 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Connection closed by 117.157.93.168 port 33200 [preauth]
May  4 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: Invalid user admin from 117.157.93.168
May  4 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: input_userauth_request: invalid user admin [preauth]
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session closed for user p13x
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8587]: Successful su for rubyman by root
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8587]: + ??? root:rubyman
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325894 of user rubyman.
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8587]: pam_unix(su:session): session closed for user rubyman
May  4 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325894.
May  4 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8496]: pam_unix(cron:session): session closed for user root
May  4 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: Failed password for invalid user admin from 117.157.93.168 port 33216 ssh2
May  4 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session closed for user root
May  4 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8494]: Connection closed by 117.157.93.168 port 33216 [preauth]
May  4 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Invalid user admin from 117.157.93.168
May  4 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: input_userauth_request: invalid user admin [preauth]
May  4 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.35.231  user=root
May  4 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Failed password for root from 104.168.35.231 port 44504 ssh2
May  4 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Received disconnect from 104.168.35.231 port 44504:11: Bye Bye [preauth]
May  4 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Disconnected from 104.168.35.231 port 44504 [preauth]
May  4 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Failed password for invalid user admin from 117.157.93.168 port 39806 ssh2
May  4 06:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8761]: Connection closed by 117.157.93.168 port 39806 [preauth]
May  4 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Invalid user admin from 117.157.93.168
May  4 06:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: input_userauth_request: invalid user admin [preauth]
May  4 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session closed for user samftp
May  4 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for invalid user admin from 117.157.93.168 port 39810 ssh2
May  4 06:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Connection closed by 117.157.93.168 port 39810 [preauth]
May  4 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: Invalid user pi from 117.157.93.168
May  4 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: input_userauth_request: invalid user pi [preauth]
May  4 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168
May  4 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: Failed password for invalid user pi from 117.157.93.168 port 33192 ssh2
May  4 06:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8841]: Connection closed by 117.157.93.168 port 33192 [preauth]
May  4 06:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: User ftp from 117.157.93.168 not allowed because not listed in AllowUsers
May  4 06:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: input_userauth_request: invalid user ftp [preauth]
May  4 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.157.93.168  user=ftp
May  4 06:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: Failed password for invalid user ftp from 117.157.93.168 port 33206 ssh2
May  4 06:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8853]: Connection closed by 117.157.93.168 port 33206 [preauth]
May  4 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7428]: pam_unix(cron:session): session closed for user root
May  4 06:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session closed for user p13x
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9031]: Successful su for rubyman by root
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9031]: + ??? root:rubyman
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325898 of user rubyman.
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9031]: pam_unix(su:session): session closed for user rubyman
May  4 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325898.
May  4 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user root
May  4 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session closed for user samftp
May  4 06:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: User daemon from 81.133.106.57 not allowed because not listed in AllowUsers
May  4 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: input_userauth_request: invalid user daemon [preauth]
May  4 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=daemon
May  4 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for invalid user daemon from 81.133.106.57 port 51642 ssh2
May  4 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Received disconnect from 81.133.106.57 port 51642:11: Bye Bye [preauth]
May  4 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Disconnected from 81.133.106.57 port 51642 [preauth]
May  4 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Invalid user admin from 64.226.117.59
May  4 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: input_userauth_request: invalid user admin [preauth]
May  4 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Failed password for invalid user admin from 64.226.117.59 port 46712 ssh2
May  4 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9404]: Connection closed by 64.226.117.59 port 46712 [preauth]
May  4 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session closed for user root
May  4 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9501]: pam_unix(cron:session): session closed for user p13x
May  4 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9562]: Successful su for rubyman by root
May  4 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9562]: + ??? root:rubyman
May  4 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325902 of user rubyman.
May  4 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9562]: pam_unix(su:session): session closed for user rubyman
May  4 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325902.
May  4 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session closed for user root
May  4 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9502]: pam_unix(cron:session): session closed for user samftp
May  4 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8503]: pam_unix(cron:session): session closed for user root
May  4 06:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Failed password for root from 81.133.106.57 port 41802 ssh2
May  4 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Received disconnect from 81.133.106.57 port 41802:11: Bye Bye [preauth]
May  4 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Disconnected from 81.133.106.57 port 41802 [preauth]
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9905]: pam_unix(cron:session): session closed for user root
May  4 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session closed for user p13x
May  4 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9968]: Successful su for rubyman by root
May  4 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9968]: + ??? root:rubyman
May  4 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325908 of user rubyman.
May  4 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9968]: pam_unix(su:session): session closed for user rubyman
May  4 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325908.
May  4 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9902]: pam_unix(cron:session): session closed for user root
May  4 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6884]: pam_unix(cron:session): session closed for user root
May  4 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session closed for user samftp
May  4 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8973]: pam_unix(cron:session): session closed for user root
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session closed for user p13x
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: Successful su for rubyman by root
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: + ??? root:rubyman
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325912 of user rubyman.
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10495]: pam_unix(su:session): session closed for user rubyman
May  4 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325912.
May  4 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7426]: pam_unix(cron:session): session closed for user root
May  4 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10418]: pam_unix(cron:session): session closed for user samftp
May  4 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  4 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Failed password for root from 218.92.0.209 port 64548 ssh2
May  4 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: message repeated 4 times: [ Failed password for root from 218.92.0.209 port 64548 ssh2]
May  4 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 64548 ssh2 [preauth]
May  4 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Disconnecting: Too many authentication failures [preauth]
May  4 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  4 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user root
May  4 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Invalid user root1 from 81.133.106.57
May  4 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: input_userauth_request: invalid user root1 [preauth]
May  4 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Failed password for invalid user root1 from 81.133.106.57 port 60193 ssh2
May  4 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Received disconnect from 81.133.106.57 port 60193:11: Bye Bye [preauth]
May  4 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10848]: Disconnected from 81.133.106.57 port 60193 [preauth]
May  4 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.35.231  user=root
May  4 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Failed password for root from 104.168.35.231 port 39294 ssh2
May  4 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Received disconnect from 104.168.35.231 port 39294:11: Bye Bye [preauth]
May  4 06:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Disconnected from 104.168.35.231 port 39294 [preauth]
May  4 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user p13x
May  4 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10965]: Successful su for rubyman by root
May  4 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10965]: + ??? root:rubyman
May  4 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325916 of user rubyman.
May  4 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10965]: pam_unix(su:session): session closed for user rubyman
May  4 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325916.
May  4 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session closed for user root
May  4 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user samftp
May  4 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session closed for user root
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11296]: pam_unix(cron:session): session closed for user p13x
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11354]: Successful su for rubyman by root
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11354]: + ??? root:rubyman
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325919 of user rubyman.
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11354]: pam_unix(su:session): session closed for user rubyman
May  4 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325919.
May  4 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session closed for user root
May  4 06:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11297]: pam_unix(cron:session): session closed for user samftp
May  4 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 06:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Failed password for root from 81.133.106.57 port 50354 ssh2
May  4 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Received disconnect from 81.133.106.57 port 50354:11: Bye Bye [preauth]
May  4 06:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11578]: Disconnected from 81.133.106.57 port 50354 [preauth]
May  4 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10420]: pam_unix(cron:session): session closed for user root
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11691]: pam_unix(cron:session): session closed for user p13x
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: Successful su for rubyman by root
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: + ??? root:rubyman
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325923 of user rubyman.
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11753]: pam_unix(su:session): session closed for user rubyman
May  4 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325923.
May  4 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8972]: pam_unix(cron:session): session closed for user root
May  4 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session closed for user samftp
May  4 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: Invalid user quser from 176.31.162.135
May  4 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: input_userauth_request: invalid user quser [preauth]
May  4 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 06:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: Failed password for invalid user quser from 176.31.162.135 port 59868 ssh2
May  4 06:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11944]: Connection closed by 176.31.162.135 port 59868 [preauth]
May  4 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user root
May  4 06:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: Invalid user user from 81.133.106.57
May  4 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: input_userauth_request: invalid user user [preauth]
May  4 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: Failed password for invalid user user from 81.133.106.57 port 40514 ssh2
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: Received disconnect from 81.133.106.57 port 40514:11: Bye Bye [preauth]
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12075]: Disconnected from 81.133.106.57 port 40514 [preauth]
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12094]: pam_unix(cron:session): session closed for user root
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user p13x
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: Successful su for rubyman by root
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: + ??? root:rubyman
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325929 of user rubyman.
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12157]: pam_unix(su:session): session closed for user rubyman
May  4 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325929.
May  4 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session closed for user root
May  4 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session closed for user root
May  4 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user samftp
May  4 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: Invalid user admin from 64.226.117.59
May  4 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: input_userauth_request: invalid user admin [preauth]
May  4 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: Failed password for invalid user admin from 64.226.117.59 port 58396 ssh2
May  4 06:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12368]: Connection closed by 64.226.117.59 port 58396 [preauth]
May  4 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11299]: pam_unix(cron:session): session closed for user root
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12522]: pam_unix(cron:session): session closed for user p13x
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: Successful su for rubyman by root
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: + ??? root:rubyman
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325934 of user rubyman.
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12588]: pam_unix(su:session): session closed for user rubyman
May  4 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325934.
May  4 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9903]: pam_unix(cron:session): session closed for user root
May  4 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12523]: pam_unix(cron:session): session closed for user samftp
May  4 06:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: Invalid user itmuser from 50.235.31.47
May  4 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: input_userauth_request: invalid user itmuser [preauth]
May  4 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 06:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: Failed password for invalid user itmuser from 50.235.31.47 port 34982 ssh2
May  4 06:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12766]: Connection closed by 50.235.31.47 port 34982 [preauth]
May  4 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12828]: Invalid user admin from 139.19.117.131
May  4 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12828]: input_userauth_request: invalid user admin [preauth]
May  4 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11696]: pam_unix(cron:session): session closed for user root
May  4 06:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12828]: Connection closed by 139.19.117.131 port 56868 [preauth]
May  4 06:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Failed password for root from 81.133.106.57 port 58908 ssh2
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Received disconnect from 81.133.106.57 port 58908:11: Bye Bye [preauth]
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Disconnected from 81.133.106.57 port 58908 [preauth]
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Invalid user admin from 104.168.35.231
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: input_userauth_request: invalid user admin [preauth]
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.35.231
May  4 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Failed password for invalid user admin from 104.168.35.231 port 59722 ssh2
May  4 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Received disconnect from 104.168.35.231 port 59722:11: Bye Bye [preauth]
May  4 06:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Disconnected from 104.168.35.231 port 59722 [preauth]
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user p13x
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12976]: Successful su for rubyman by root
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12976]: + ??? root:rubyman
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325937 of user rubyman.
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12976]: pam_unix(su:session): session closed for user rubyman
May  4 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325937.
May  4 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10419]: pam_unix(cron:session): session closed for user root
May  4 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user samftp
May  4 06:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Failed password for root from 190.103.202.7 port 43458 ssh2
May  4 06:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Connection closed by 190.103.202.7 port 43458 [preauth]
May  4 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session closed for user root
May  4 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session closed for user p13x
May  4 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13386]: Successful su for rubyman by root
May  4 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13386]: + ??? root:rubyman
May  4 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325941 of user rubyman.
May  4 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13386]: pam_unix(su:session): session closed for user rubyman
May  4 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325941.
May  4 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
May  4 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session closed for user samftp
May  4 06:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Invalid user pasha from 81.133.106.57
May  4 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: input_userauth_request: invalid user pasha [preauth]
May  4 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  4 06:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 06:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user pasha from 81.133.106.57 port 49070 ssh2
May  4 06:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Received disconnect from 81.133.106.57 port 49070:11: Bye Bye [preauth]
May  4 06:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Disconnected from 81.133.106.57 port 49070 [preauth]
May  4 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12525]: pam_unix(cron:session): session closed for user root
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session closed for user p13x
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: Successful su for rubyman by root
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: + ??? root:rubyman
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325945 of user rubyman.
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13889]: pam_unix(su:session): session closed for user rubyman
May  4 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325945.
May  4 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11298]: pam_unix(cron:session): session closed for user root
May  4 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13828]: pam_unix(cron:session): session closed for user samftp
May  4 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12920]: pam_unix(cron:session): session closed for user root
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session closed for user root
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14235]: pam_unix(cron:session): session closed for user root
May  4 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session closed for user p13x
May  4 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: Successful su for rubyman by root
May  4 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: + ??? root:rubyman
May  4 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325953 of user rubyman.
May  4 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14321]: pam_unix(su:session): session closed for user rubyman
May  4 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325953.
May  4 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session closed for user root
May  4 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session closed for user root
May  4 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session closed for user samftp
May  4 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14511]: Failed password for root from 81.133.106.57 port 39231 ssh2
May  4 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14511]: Received disconnect from 81.133.106.57 port 39231:11: Bye Bye [preauth]
May  4 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14511]: Disconnected from 81.133.106.57 port 39231 [preauth]
May  4 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session closed for user root
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session closed for user p13x
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14801]: Successful su for rubyman by root
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14801]: + ??? root:rubyman
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325957 of user rubyman.
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14801]: pam_unix(su:session): session closed for user rubyman
May  4 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325957.
May  4 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session closed for user root
May  4 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14737]: pam_unix(cron:session): session closed for user samftp
May  4 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13830]: pam_unix(cron:session): session closed for user root
May  4 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Invalid user admin from 64.226.117.59
May  4 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: input_userauth_request: invalid user admin [preauth]
May  4 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Failed password for invalid user admin from 64.226.117.59 port 33554 ssh2
May  4 07:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Connection closed by 64.226.117.59 port 33554 [preauth]
May  4 07:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Invalid user vscode from 81.133.106.57
May  4 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: input_userauth_request: invalid user vscode [preauth]
May  4 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Failed password for invalid user vscode from 81.133.106.57 port 57630 ssh2
May  4 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Received disconnect from 81.133.106.57 port 57630:11: Bye Bye [preauth]
May  4 07:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Disconnected from 81.133.106.57 port 57630 [preauth]
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15142]: pam_unix(cron:session): session closed for user p13x
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: Successful su for rubyman by root
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: + ??? root:rubyman
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325960 of user rubyman.
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: pam_unix(su:session): session closed for user rubyman
May  4 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325960.
May  4 07:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12524]: pam_unix(cron:session): session closed for user root
May  4 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15143]: pam_unix(cron:session): session closed for user samftp
May  4 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14234]: pam_unix(cron:session): session closed for user root
May  4 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15535]: pam_unix(cron:session): session closed for user p13x
May  4 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: Successful su for rubyman by root
May  4 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: + ??? root:rubyman
May  4 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325965 of user rubyman.
May  4 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15595]: pam_unix(su:session): session closed for user rubyman
May  4 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325965.
May  4 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user root
May  4 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15536]: pam_unix(cron:session): session closed for user samftp
May  4 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session closed for user root
May  4 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57  user=root
May  4 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Failed password for root from 81.133.106.57 port 47788 ssh2
May  4 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Received disconnect from 81.133.106.57 port 47788:11: Bye Bye [preauth]
May  4 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15868]: Disconnected from 81.133.106.57 port 47788 [preauth]
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15931]: pam_unix(cron:session): session closed for user p13x
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: Successful su for rubyman by root
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: + ??? root:rubyman
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325968 of user rubyman.
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15988]: pam_unix(su:session): session closed for user rubyman
May  4 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325968.
May  4 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session closed for user root
May  4 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15932]: pam_unix(cron:session): session closed for user samftp
May  4 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15145]: pam_unix(cron:session): session closed for user root
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16310]: pam_unix(cron:session): session closed for user root
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16305]: pam_unix(cron:session): session closed for user p13x
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: Successful su for rubyman by root
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: + ??? root:rubyman
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325973 of user rubyman.
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16370]: pam_unix(su:session): session closed for user rubyman
May  4 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325973.
May  4 07:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16307]: pam_unix(cron:session): session closed for user root
May  4 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13829]: pam_unix(cron:session): session closed for user root
May  4 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16306]: pam_unix(cron:session): session closed for user samftp
May  4 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Invalid user xd from 81.133.106.57
May  4 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: input_userauth_request: invalid user xd [preauth]
May  4 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Failed password for invalid user xd from 81.133.106.57 port 37960 ssh2
May  4 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Received disconnect from 81.133.106.57 port 37960:11: Bye Bye [preauth]
May  4 07:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Disconnected from 81.133.106.57 port 37960 [preauth]
May  4 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15538]: pam_unix(cron:session): session closed for user root
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session closed for user p13x
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16862]: Successful su for rubyman by root
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16862]: + ??? root:rubyman
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325979 of user rubyman.
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16862]: pam_unix(su:session): session closed for user rubyman
May  4 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325979.
May  4 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14233]: pam_unix(cron:session): session closed for user root
May  4 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16795]: pam_unix(cron:session): session closed for user samftp
May  4 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 07:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: Failed password for root from 218.92.0.210 port 52198 ssh2
May  4 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15934]: pam_unix(cron:session): session closed for user root
May  4 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Invalid user taibabi from 81.133.106.57
May  4 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: input_userauth_request: invalid user taibabi [preauth]
May  4 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Failed password for invalid user taibabi from 81.133.106.57 port 56339 ssh2
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Received disconnect from 81.133.106.57 port 56339:11: Bye Bye [preauth]
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17214]: Disconnected from 81.133.106.57 port 56339 [preauth]
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17229]: pam_unix(cron:session): session closed for user p13x
May  4 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17294]: Successful su for rubyman by root
May  4 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17294]: + ??? root:rubyman
May  4 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325982 of user rubyman.
May  4 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17294]: pam_unix(su:session): session closed for user rubyman
May  4 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325982.
May  4 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14738]: pam_unix(cron:session): session closed for user root
May  4 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session closed for user samftp
May  4 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16309]: pam_unix(cron:session): session closed for user root
May  4 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session closed for user p13x
May  4 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17703]: Successful su for rubyman by root
May  4 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17703]: + ??? root:rubyman
May  4 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325986 of user rubyman.
May  4 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17703]: pam_unix(su:session): session closed for user rubyman
May  4 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325986.
May  4 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15144]: pam_unix(cron:session): session closed for user root
May  4 07:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17637]: pam_unix(cron:session): session closed for user samftp
May  4 07:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Invalid user admin from 64.226.117.59
May  4 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: input_userauth_request: invalid user admin [preauth]
May  4 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Failed password for invalid user admin from 64.226.117.59 port 58940 ssh2
May  4 07:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Connection closed by 64.226.117.59 port 58940 [preauth]
May  4 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user root
May  4 07:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: Invalid user ec2-user from 81.133.106.57
May  4 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: input_userauth_request: invalid user ec2-user [preauth]
May  4 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.133.106.57
May  4 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: Failed password for invalid user ec2-user from 81.133.106.57 port 46497 ssh2
May  4 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: Received disconnect from 81.133.106.57 port 46497:11: Bye Bye [preauth]
May  4 07:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: Disconnected from 81.133.106.57 port 46497 [preauth]
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18173]: pam_unix(cron:session): session closed for user p13x
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: Successful su for rubyman by root
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: + ??? root:rubyman
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325992 of user rubyman.
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18287]: pam_unix(su:session): session closed for user rubyman
May  4 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325992.
May  4 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18171]: pam_unix(cron:session): session closed for user root
May  4 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15537]: pam_unix(cron:session): session closed for user root
May  4 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session closed for user samftp
May  4 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17232]: pam_unix(cron:session): session closed for user root
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session closed for user root
May  4 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18665]: pam_unix(cron:session): session closed for user p13x
May  4 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18737]: Successful su for rubyman by root
May  4 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18737]: + ??? root:rubyman
May  4 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 325997 of user rubyman.
May  4 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18737]: pam_unix(su:session): session closed for user rubyman
May  4 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 325997.
May  4 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18668]: pam_unix(cron:session): session closed for user root
May  4 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15933]: pam_unix(cron:session): session closed for user root
May  4 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18666]: pam_unix(cron:session): session closed for user samftp
May  4 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17639]: pam_unix(cron:session): session closed for user root
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19108]: pam_unix(cron:session): session closed for user p13x
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19174]: Successful su for rubyman by root
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19174]: + ??? root:rubyman
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326004 of user rubyman.
May  4 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19174]: pam_unix(su:session): session closed for user rubyman
May  4 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326004.
May  4 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16308]: pam_unix(cron:session): session closed for user root
May  4 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19109]: pam_unix(cron:session): session closed for user samftp
May  4 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18176]: pam_unix(cron:session): session closed for user root
May  4 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19525]: pam_unix(cron:session): session closed for user p13x
May  4 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19591]: Successful su for rubyman by root
May  4 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19591]: + ??? root:rubyman
May  4 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326007 of user rubyman.
May  4 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19591]: pam_unix(su:session): session closed for user rubyman
May  4 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326007.
May  4 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user root
May  4 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19526]: pam_unix(cron:session): session closed for user samftp
May  4 07:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: Failed password for root from 185.93.89.118 port 15274 ssh2
May  4 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19505]: Connection closed by 185.93.89.118 port 15274 [preauth]
May  4 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: Failed password for root from 185.93.89.118 port 49222 ssh2
May  4 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19799]: Connection closed by 185.93.89.118 port 49222 [preauth]
May  4 07:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session closed for user root
May  4 07:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Failed password for root from 185.93.89.118 port 32294 ssh2
May  4 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Connection closed by 185.93.89.118 port 32294 [preauth]
May  4 07:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19943]: pam_unix(cron:session): session closed for user p13x
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20012]: Successful su for rubyman by root
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20012]: + ??? root:rubyman
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326009 of user rubyman.
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20012]: pam_unix(su:session): session closed for user rubyman
May  4 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326009.
May  4 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session closed for user root
May  4 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Failed password for root from 185.93.89.118 port 33886 ssh2
May  4 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19944]: pam_unix(cron:session): session closed for user samftp
May  4 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19913]: Connection closed by 185.93.89.118 port 33886 [preauth]
May  4 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20200]: Failed password for root from 185.93.89.118 port 38328 ssh2
May  4 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20200]: Connection closed by 185.93.89.118 port 38328 [preauth]
May  4 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19111]: pam_unix(cron:session): session closed for user root
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user p13x
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20409]: Successful su for rubyman by root
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20409]: + ??? root:rubyman
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326015 of user rubyman.
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20409]: pam_unix(su:session): session closed for user rubyman
May  4 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326015.
May  4 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17638]: pam_unix(cron:session): session closed for user root
May  4 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session closed for user samftp
May  4 07:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Invalid user zookeeper from 46.244.96.25
May  4 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: input_userauth_request: invalid user zookeeper [preauth]
May  4 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Failed password for invalid user zookeeper from 46.244.96.25 port 55208 ssh2
May  4 07:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Connection closed by 46.244.96.25 port 55208 [preauth]
May  4 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19529]: pam_unix(cron:session): session closed for user root
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session closed for user root
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20753]: pam_unix(cron:session): session closed for user p13x
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: Successful su for rubyman by root
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: + ??? root:rubyman
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326017 of user rubyman.
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20827]: pam_unix(su:session): session closed for user rubyman
May  4 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326017.
May  4 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20755]: pam_unix(cron:session): session closed for user root
May  4 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session closed for user root
May  4 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Invalid user admin from 64.226.117.59
May  4 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: input_userauth_request: invalid user admin [preauth]
May  4 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session closed for user samftp
May  4 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Failed password for invalid user admin from 64.226.117.59 port 43006 ssh2
May  4 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Connection closed by 64.226.117.59 port 43006 [preauth]
May  4 07:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19946]: pam_unix(cron:session): session closed for user root
May  4 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session closed for user p13x
May  4 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: Successful su for rubyman by root
May  4 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: + ??? root:rubyman
May  4 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326024 of user rubyman.
May  4 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: pam_unix(su:session): session closed for user rubyman
May  4 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326024.
May  4 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session closed for user root
May  4 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session closed for user samftp
May  4 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user root
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21661]: pam_unix(cron:session): session closed for user root
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21663]: pam_unix(cron:session): session closed for user p13x
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21748]: Successful su for rubyman by root
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21748]: + ??? root:rubyman
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326029 of user rubyman.
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21748]: pam_unix(su:session): session closed for user rubyman
May  4 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326029.
May  4 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19110]: pam_unix(cron:session): session closed for user root
May  4 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21670]: pam_unix(cron:session): session closed for user samftp
May  4 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session closed for user root
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user p13x
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22490]: Successful su for rubyman by root
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22490]: + ??? root:rubyman
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326034 of user rubyman.
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22490]: pam_unix(su:session): session closed for user rubyman
May  4 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326034.
May  4 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19528]: pam_unix(cron:session): session closed for user root
May  4 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user samftp
May  4 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21213]: pam_unix(cron:session): session closed for user root
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22858]: pam_unix(cron:session): session closed for user p13x
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22928]: Successful su for rubyman by root
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22928]: + ??? root:rubyman
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326039 of user rubyman.
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22928]: pam_unix(su:session): session closed for user rubyman
May  4 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326039.
May  4 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19945]: pam_unix(cron:session): session closed for user root
May  4 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session closed for user samftp
May  4 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session closed for user root
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session closed for user root
May  4 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user p13x
May  4 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: Successful su for rubyman by root
May  4 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: + ??? root:rubyman
May  4 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326042 of user rubyman.
May  4 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23474]: pam_unix(su:session): session closed for user rubyman
May  4 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326042.
May  4 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session closed for user root
May  4 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session closed for user root
May  4 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session closed for user samftp
May  4 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22422]: pam_unix(cron:session): session closed for user root
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23936]: pam_unix(cron:session): session closed for user p13x
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24024]: Successful su for rubyman by root
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24024]: + ??? root:rubyman
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326047 of user rubyman.
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24024]: pam_unix(su:session): session closed for user rubyman
May  4 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326047.
May  4 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20756]: pam_unix(cron:session): session closed for user root
May  4 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23937]: pam_unix(cron:session): session closed for user samftp
May  4 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22862]: pam_unix(cron:session): session closed for user root
May  4 07:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Invalid user admin from 64.226.117.59
May  4 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: input_userauth_request: invalid user admin [preauth]
May  4 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Failed password for invalid user admin from 64.226.117.59 port 60970 ssh2
May  4 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Connection closed by 64.226.117.59 port 60970 [preauth]
May  4 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session closed for user p13x
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24455]: Successful su for rubyman by root
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24455]: + ??? root:rubyman
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326050 of user rubyman.
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24455]: pam_unix(su:session): session closed for user rubyman
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326050.
May  4 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for root from 218.92.0.201 port 37056 ssh2
May  4 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21212]: pam_unix(cron:session): session closed for user root
May  4 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user samftp
May  4 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for root from 218.92.0.201 port 37056 ssh2
May  4 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: message repeated 3 times: [ Failed password for root from 218.92.0.201 port 37056 ssh2]
May  4 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 37056 ssh2 [preauth]
May  4 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Disconnecting: Too many authentication failures [preauth]
May  4 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 07:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Failed password for root from 218.92.0.201 port 40622 ssh2
May  4 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: message repeated 3 times: [ Failed password for root from 218.92.0.201 port 40622 ssh2]
May  4 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session closed for user root
May  4 07:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Failed password for root from 218.92.0.201 port 40622 ssh2
May  4 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Failed password for root from 218.92.0.201 port 40622 ssh2
May  4 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 40622 ssh2 [preauth]
May  4 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: Disconnecting: Too many authentication failures [preauth]
May  4 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24702]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session closed for user p13x
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24882]: Successful su for rubyman by root
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24882]: + ??? root:rubyman
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326054 of user rubyman.
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24882]: pam_unix(su:session): session closed for user rubyman
May  4 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326054.
May  4 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session closed for user root
May  4 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24812]: pam_unix(cron:session): session closed for user samftp
May  4 07:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23939]: pam_unix(cron:session): session closed for user root
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session closed for user p13x
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25295]: Successful su for rubyman by root
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25295]: + ??? root:rubyman
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326059 of user rubyman.
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25295]: pam_unix(su:session): session closed for user rubyman
May  4 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326059.
May  4 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22421]: pam_unix(cron:session): session closed for user root
May  4 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25225]: pam_unix(cron:session): session closed for user samftp
May  4 07:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user root
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session closed for user root
May  4 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user p13x
May  4 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25710]: Successful su for rubyman by root
May  4 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25710]: + ??? root:rubyman
May  4 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326065 of user rubyman.
May  4 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25710]: pam_unix(su:session): session closed for user rubyman
May  4 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326065.
May  4 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25643]: pam_unix(cron:session): session closed for user root
May  4 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22861]: pam_unix(cron:session): session closed for user root
May  4 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25642]: pam_unix(cron:session): session closed for user samftp
May  4 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session closed for user root
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session closed for user p13x
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: Successful su for rubyman by root
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: + ??? root:rubyman
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326068 of user rubyman.
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: pam_unix(su:session): session closed for user rubyman
May  4 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326068.
May  4 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session closed for user root
May  4 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26063]: pam_unix(cron:session): session closed for user samftp
May  4 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session closed for user root
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session closed for user p13x
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: Successful su for rubyman by root
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: + ??? root:rubyman
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326072 of user rubyman.
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26611]: pam_unix(su:session): session closed for user rubyman
May  4 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326072.
May  4 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23938]: pam_unix(cron:session): session closed for user root
May  4 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session closed for user samftp
May  4 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session closed for user p13x
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: Successful su for rubyman by root
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: + ??? root:rubyman
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326076 of user rubyman.
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27056]: pam_unix(su:session): session closed for user rubyman
May  4 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326076.
May  4 07:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session closed for user root
May  4 07:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session closed for user samftp
May  4 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Invalid user admin from 64.226.117.59
May  4 07:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: input_userauth_request: invalid user admin [preauth]
May  4 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Failed password for invalid user admin from 64.226.117.59 port 51636 ssh2
May  4 07:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27299]: Connection closed by 64.226.117.59 port 51636 [preauth]
May  4 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session closed for user root
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user p13x
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: Successful su for rubyman by root
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: + ??? root:rubyman
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326081 of user rubyman.
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27527]: pam_unix(su:session): session closed for user rubyman
May  4 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326081.
May  4 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session closed for user root
May  4 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user samftp
May  4 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session closed for user root
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27876]: pam_unix(cron:session): session closed for user root
May  4 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27870]: pam_unix(cron:session): session closed for user p13x
May  4 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27939]: Successful su for rubyman by root
May  4 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27939]: + ??? root:rubyman
May  4 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326085 of user rubyman.
May  4 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27939]: pam_unix(su:session): session closed for user rubyman
May  4 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326085.
May  4 07:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user root
May  4 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session closed for user root
May  4 07:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session closed for user samftp
May  4 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26980]: pam_unix(cron:session): session closed for user root
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session closed for user p13x
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: Successful su for rubyman by root
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: + ??? root:rubyman
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326091 of user rubyman.
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: pam_unix(su:session): session closed for user rubyman
May  4 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326091.
May  4 07:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user root
May  4 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user samftp
May  4 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27462]: pam_unix(cron:session): session closed for user root
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28696]: pam_unix(cron:session): session closed for user p13x
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: Successful su for rubyman by root
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: + ??? root:rubyman
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326094 of user rubyman.
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28761]: pam_unix(su:session): session closed for user rubyman
May  4 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326094.
May  4 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session closed for user root
May  4 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28697]: pam_unix(cron:session): session closed for user samftp
May  4 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27875]: pam_unix(cron:session): session closed for user root
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29201]: pam_unix(cron:session): session closed for user p13x
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29270]: Successful su for rubyman by root
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29270]: + ??? root:rubyman
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326098 of user rubyman.
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29270]: pam_unix(su:session): session closed for user rubyman
May  4 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326098.
May  4 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session closed for user root
May  4 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29202]: pam_unix(cron:session): session closed for user samftp
May  4 07:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user root
May  4 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session closed for user p13x
May  4 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: Successful su for rubyman by root
May  4 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: + ??? root:rubyman
May  4 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326104 of user rubyman.
May  4 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session closed for user rubyman
May  4 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326104.
May  4 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26979]: pam_unix(cron:session): session closed for user root
May  4 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session closed for user samftp
May  4 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28699]: pam_unix(cron:session): session closed for user root
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session closed for user root
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user p13x
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30088]: Successful su for rubyman by root
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30088]: + ??? root:rubyman
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326110 of user rubyman.
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30088]: pam_unix(su:session): session closed for user rubyman
May  4 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326110.
May  4 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: Invalid user admin from 64.226.117.59
May  4 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: input_userauth_request: invalid user admin [preauth]
May  4 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
May  4 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27461]: pam_unix(cron:session): session closed for user root
May  4 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: Failed password for invalid user admin from 64.226.117.59 port 50620 ssh2
May  4 07:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30131]: Connection closed by 64.226.117.59 port 50620 [preauth]
May  4 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user samftp
May  4 07:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  4 07:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30328]: Failed password for root from 50.235.31.47 port 33364 ssh2
May  4 07:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30328]: Connection closed by 50.235.31.47 port 33364 [preauth]
May  4 07:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29204]: pam_unix(cron:session): session closed for user root
May  4 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30450]: pam_unix(cron:session): session closed for user p13x
May  4 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30519]: Successful su for rubyman by root
May  4 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30519]: + ??? root:rubyman
May  4 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326113 of user rubyman.
May  4 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30519]: pam_unix(su:session): session closed for user rubyman
May  4 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326113.
May  4 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session closed for user root
May  4 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30451]: pam_unix(cron:session): session closed for user samftp
May  4 07:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: Invalid user netadmin from 45.144.233.139
May  4 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: input_userauth_request: invalid user netadmin [preauth]
May  4 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 07:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: Failed password for invalid user netadmin from 45.144.233.139 port 33706 ssh2
May  4 07:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: Received disconnect from 45.144.233.139 port 33706:11: Bye Bye [preauth]
May  4 07:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30736]: Disconnected from 45.144.233.139 port 33706 [preauth]
May  4 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29615]: pam_unix(cron:session): session closed for user root
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30845]: pam_unix(cron:session): session closed for user p13x
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: Successful su for rubyman by root
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: + ??? root:rubyman
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326117 of user rubyman.
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: pam_unix(su:session): session closed for user rubyman
May  4 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326117.
May  4 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user root
May  4 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30846]: pam_unix(cron:session): session closed for user samftp
May  4 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session closed for user root
May  4 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 07:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 218.92.0.204 port 11710 ssh2
May  4 07:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 218.92.0.204 port 11710 ssh2
May  4 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session closed for user p13x
May  4 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: Successful su for rubyman by root
May  4 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: + ??? root:rubyman
May  4 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326120 of user rubyman.
May  4 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session closed for user rubyman
May  4 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326120.
May  4 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 218.92.0.204 port 11710 ssh2
May  4 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28698]: pam_unix(cron:session): session closed for user root
May  4 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31254]: pam_unix(cron:session): session closed for user samftp
May  4 07:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 218.92.0.204 port 11710 ssh2
May  4 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Failed password for root from 218.92.0.204 port 11710 ssh2
May  4 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 11710 ssh2 [preauth]
May  4 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: Disconnecting: Too many authentication failures [preauth]
May  4 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 07:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31232]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 07:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Failed password for root from 218.92.0.204 port 17374 ssh2
May  4 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: message repeated 5 times: [ Failed password for root from 218.92.0.204 port 17374 ssh2]
May  4 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 17374 ssh2 [preauth]
May  4 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Disconnecting: Too many authentication failures [preauth]
May  4 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30453]: pam_unix(cron:session): session closed for user root
May  4 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Failed password for root from 218.92.0.204 port 13216 ssh2
May  4 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Received disconnect from 218.92.0.204 port 13216:11:  [preauth]
May  4 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Disconnected from 218.92.0.204 port 13216 [preauth]
May  4 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session closed for user p13x
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: Successful su for rubyman by root
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: + ??? root:rubyman
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326124 of user rubyman.
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: pam_unix(su:session): session closed for user rubyman
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326124.
May  4 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session closed for user root
May  4 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29203]: pam_unix(cron:session): session closed for user root
May  4 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31668]: pam_unix(cron:session): session closed for user samftp
May  4 07:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30849]: pam_unix(cron:session): session closed for user root
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32171]: pam_unix(cron:session): session closed for user root
May  4 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32166]: pam_unix(cron:session): session closed for user p13x
May  4 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: Successful su for rubyman by root
May  4 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: + ??? root:rubyman
May  4 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326132 of user rubyman.
May  4 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32235]: pam_unix(su:session): session closed for user rubyman
May  4 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326132.
May  4 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32168]: pam_unix(cron:session): session closed for user root
May  4 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29614]: pam_unix(cron:session): session closed for user root
May  4 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32167]: pam_unix(cron:session): session closed for user samftp
May  4 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session closed for user root
May  4 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session closed for user p13x
May  4 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: Successful su for rubyman by root
May  4 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: + ??? root:rubyman
May  4 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326137 of user rubyman.
May  4 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: pam_unix(su:session): session closed for user rubyman
May  4 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326137.
May  4 07:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
May  4 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32615]: pam_unix(cron:session): session closed for user samftp
May  4 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user root
May  4 07:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Invalid user admin from 64.226.117.59
May  4 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: input_userauth_request: invalid user admin [preauth]
May  4 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user admin from 64.226.117.59 port 47596 ssh2
May  4 07:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Connection closed by 64.226.117.59 port 47596 [preauth]
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user p13x
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[757]: Successful su for rubyman by root
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[757]: + ??? root:rubyman
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326140 of user rubyman.
May  4 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[757]: pam_unix(su:session): session closed for user rubyman
May  4 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326140.
May  4 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30452]: pam_unix(cron:session): session closed for user root
May  4 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[687]: pam_unix(cron:session): session closed for user samftp
May  4 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32170]: pam_unix(cron:session): session closed for user root
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1108]: pam_unix(cron:session): session closed for user p13x
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1176]: Successful su for rubyman by root
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1176]: + ??? root:rubyman
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326143 of user rubyman.
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1176]: pam_unix(su:session): session closed for user rubyman
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326143.
May  4 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Invalid user nexus from 80.94.95.125
May  4 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: input_userauth_request: invalid user nexus [preauth]
May  4 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 07:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30848]: pam_unix(cron:session): session closed for user root
May  4 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for invalid user nexus from 80.94.95.125 port 46196 ssh2
May  4 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1109]: pam_unix(cron:session): session closed for user samftp
May  4 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for invalid user nexus from 80.94.95.125 port 46196 ssh2
May  4 07:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for invalid user nexus from 80.94.95.125 port 46196 ssh2
May  4 07:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for invalid user nexus from 80.94.95.125 port 46196 ssh2
May  4 07:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Failed password for invalid user nexus from 80.94.95.125 port 46196 ssh2
May  4 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Received disconnect from 80.94.95.125 port 46196:11: Bye [preauth]
May  4 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: Disconnected from 80.94.95.125 port 46196 [preauth]
May  4 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 07:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1246]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 07:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session closed for user root
May  4 07:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Invalid user samba from 93.113.63.124
May  4 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: input_userauth_request: invalid user samba [preauth]
May  4 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Failed password for invalid user samba from 93.113.63.124 port 39716 ssh2
May  4 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Received disconnect from 93.113.63.124 port 39716:11: Bye Bye [preauth]
May  4 07:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Disconnected from 93.113.63.124 port 39716 [preauth]
May  4 07:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1562]: Did not receive identification string from 193.32.162.84
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1580]: pam_unix(cron:session): session closed for user p13x
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1645]: Successful su for rubyman by root
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1645]: + ??? root:rubyman
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326148 of user rubyman.
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1645]: pam_unix(su:session): session closed for user rubyman
May  4 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326148.
May  4 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31255]: pam_unix(cron:session): session closed for user root
May  4 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1581]: pam_unix(cron:session): session closed for user samftp
May  4 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session closed for user root
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2098]: pam_unix(cron:session): session closed for user root
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2093]: pam_unix(cron:session): session closed for user p13x
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2166]: Successful su for rubyman by root
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2166]: + ??? root:rubyman
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326152 of user rubyman.
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2166]: pam_unix(su:session): session closed for user rubyman
May  4 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326152.
May  4 07:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2095]: pam_unix(cron:session): session closed for user root
May  4 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
May  4 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2094]: pam_unix(cron:session): session closed for user samftp
May  4 07:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1111]: pam_unix(cron:session): session closed for user root
May  4 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2542]: pam_unix(cron:session): session closed for user p13x
May  4 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: Successful su for rubyman by root
May  4 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: + ??? root:rubyman
May  4 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326158 of user rubyman.
May  4 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2620]: pam_unix(su:session): session closed for user rubyman
May  4 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326158.
May  4 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32169]: pam_unix(cron:session): session closed for user root
May  4 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2543]: pam_unix(cron:session): session closed for user samftp
May  4 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Invalid user samba from 45.144.233.139
May  4 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: input_userauth_request: invalid user samba [preauth]
May  4 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Failed password for invalid user samba from 45.144.233.139 port 46250 ssh2
May  4 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Received disconnect from 45.144.233.139 port 46250:11: Bye Bye [preauth]
May  4 07:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2829]: Disconnected from 45.144.233.139 port 46250 [preauth]
May  4 07:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1583]: pam_unix(cron:session): session closed for user root
May  4 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user p13x
May  4 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3049]: Successful su for rubyman by root
May  4 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3049]: + ??? root:rubyman
May  4 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326162 of user rubyman.
May  4 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3049]: pam_unix(su:session): session closed for user rubyman
May  4 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326162.
May  4 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session closed for user root
May  4 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2989]: pam_unix(cron:session): session closed for user samftp
May  4 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2097]: pam_unix(cron:session): session closed for user root
May  4 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3395]: pam_unix(cron:session): session closed for user p13x
May  4 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: Successful su for rubyman by root
May  4 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: + ??? root:rubyman
May  4 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326166 of user rubyman.
May  4 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3468]: pam_unix(su:session): session closed for user rubyman
May  4 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326166.
May  4 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user root
May  4 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3396]: pam_unix(cron:session): session closed for user samftp
May  4 07:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Invalid user admin from 64.226.117.59
May  4 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: input_userauth_request: invalid user admin [preauth]
May  4 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Failed password for invalid user admin from 64.226.117.59 port 36000 ssh2
May  4 07:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3713]: Connection closed by 64.226.117.59 port 36000 [preauth]
May  4 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2545]: pam_unix(cron:session): session closed for user root
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3831]: pam_unix(cron:session): session closed for user p13x
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3893]: Successful su for rubyman by root
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3893]: + ??? root:rubyman
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326171 of user rubyman.
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3893]: pam_unix(su:session): session closed for user rubyman
May  4 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326171.
May  4 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1110]: pam_unix(cron:session): session closed for user root
May  4 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3832]: pam_unix(cron:session): session closed for user samftp
May  4 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user root
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session closed for user root
May  4 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4375]: pam_unix(cron:session): session closed for user p13x
May  4 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: Successful su for rubyman by root
May  4 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: + ??? root:rubyman
May  4 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326173 of user rubyman.
May  4 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4500]: pam_unix(su:session): session closed for user rubyman
May  4 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326173.
May  4 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1582]: pam_unix(cron:session): session closed for user root
May  4 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4381]: pam_unix(cron:session): session closed for user root
May  4 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4377]: pam_unix(cron:session): session closed for user samftp
May  4 07:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Invalid user dima from 93.113.63.124
May  4 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: input_userauth_request: invalid user dima [preauth]
May  4 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 07:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Failed password for invalid user dima from 93.113.63.124 port 54086 ssh2
May  4 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Received disconnect from 93.113.63.124 port 54086:11: Bye Bye [preauth]
May  4 07:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4720]: Disconnected from 93.113.63.124 port 54086 [preauth]
May  4 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3398]: pam_unix(cron:session): session closed for user root
May  4 07:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Invalid user taibabi from 45.144.233.139
May  4 07:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: input_userauth_request: invalid user taibabi [preauth]
May  4 07:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Failed password for invalid user taibabi from 45.144.233.139 port 48990 ssh2
May  4 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Received disconnect from 45.144.233.139 port 48990:11: Bye Bye [preauth]
May  4 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Disconnected from 45.144.233.139 port 48990 [preauth]
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4886]: pam_unix(cron:session): session closed for user p13x
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4963]: Successful su for rubyman by root
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4963]: + ??? root:rubyman
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326180 of user rubyman.
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4963]: pam_unix(su:session): session closed for user rubyman
May  4 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326180.
May  4 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Invalid user phion from 176.31.162.135
May  4 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: input_userauth_request: invalid user phion [preauth]
May  4 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2096]: pam_unix(cron:session): session closed for user root
May  4 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Failed password for invalid user phion from 176.31.162.135 port 32870 ssh2
May  4 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4990]: Connection closed by 176.31.162.135 port 32870 [preauth]
May  4 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4887]: pam_unix(cron:session): session closed for user samftp
May  4 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3834]: pam_unix(cron:session): session closed for user root
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5503]: pam_unix(cron:session): session closed for user p13x
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: Successful su for rubyman by root
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: + ??? root:rubyman
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326183 of user rubyman.
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5608]: pam_unix(su:session): session closed for user rubyman
May  4 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326183.
May  4 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2544]: pam_unix(cron:session): session closed for user root
May  4 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session closed for user samftp
May  4 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session closed for user root
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6050]: pam_unix(cron:session): session closed for user p13x
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6123]: Successful su for rubyman by root
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6123]: + ??? root:rubyman
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326187 of user rubyman.
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6123]: pam_unix(su:session): session closed for user rubyman
May  4 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326187.
May  4 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user root
May  4 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session closed for user samftp
May  4 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session closed for user root
May  4 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for root from 218.92.0.205 port 59526 ssh2
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6464]: pam_unix(cron:session): session closed for user p13x
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6522]: Successful su for rubyman by root
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6522]: + ??? root:rubyman
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326192 of user rubyman.
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6522]: pam_unix(su:session): session closed for user rubyman
May  4 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326192.
May  4 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for root from 218.92.0.205 port 59526 ssh2
May  4 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3397]: pam_unix(cron:session): session closed for user root
May  4 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6465]: pam_unix(cron:session): session closed for user samftp
May  4 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for root from 218.92.0.205 port 59526 ssh2
May  4 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 59526 ssh2]
May  4 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 59526 ssh2 [preauth]
May  4 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Disconnecting: Too many authentication failures [preauth]
May  4 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 07:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: Failed password for root from 218.92.0.205 port 56870 ssh2
May  4 07:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: message repeated 4 times: [ Failed password for root from 218.92.0.205 port 56870 ssh2]
May  4 07:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session closed for user root
May  4 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: Failed password for root from 218.92.0.205 port 56870 ssh2
May  4 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 56870 ssh2 [preauth]
May  4 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: Disconnecting: Too many authentication failures [preauth]
May  4 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 07:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 07:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: Failed password for root from 218.92.0.205 port 32914 ssh2
May  4 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: Received disconnect from 218.92.0.205 port 32914:11:  [preauth]
May  4 07:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6813]: Disconnected from 218.92.0.205 port 32914 [preauth]
May  4 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Invalid user admin from 64.226.117.59
May  4 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: input_userauth_request: invalid user admin [preauth]
May  4 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Failed password for invalid user admin from 64.226.117.59 port 37686 ssh2
May  4 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Connection closed by 64.226.117.59 port 37686 [preauth]
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6881]: pam_unix(cron:session): session closed for user root
May  4 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session closed for user p13x
May  4 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: Successful su for rubyman by root
May  4 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: + ??? root:rubyman
May  4 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326199 of user rubyman.
May  4 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7037]: pam_unix(su:session): session closed for user rubyman
May  4 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326199.
May  4 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6878]: pam_unix(cron:session): session closed for user root
May  4 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3833]: pam_unix(cron:session): session closed for user root
May  4 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Invalid user leidyroa from 45.144.233.139
May  4 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: input_userauth_request: invalid user leidyroa [preauth]
May  4 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6877]: pam_unix(cron:session): session closed for user samftp
May  4 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Failed password for invalid user leidyroa from 45.144.233.139 port 35504 ssh2
May  4 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Received disconnect from 45.144.233.139 port 35504:11: Bye Bye [preauth]
May  4 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Disconnected from 45.144.233.139 port 35504 [preauth]
May  4 07:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Invalid user taibabi from 93.113.63.124
May  4 07:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: input_userauth_request: invalid user taibabi [preauth]
May  4 07:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Failed password for invalid user taibabi from 93.113.63.124 port 51046 ssh2
May  4 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Received disconnect from 93.113.63.124 port 51046:11: Bye Bye [preauth]
May  4 07:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Disconnected from 93.113.63.124 port 51046 [preauth]
May  4 07:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session closed for user root
May  4 07:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  4 07:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Failed password for root from 218.92.0.252 port 22050 ssh2
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7408]: pam_unix(cron:session): session closed for user p13x
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: Successful su for rubyman by root
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: + ??? root:rubyman
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326201 of user rubyman.
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7481]: pam_unix(su:session): session closed for user rubyman
May  4 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326201.
May  4 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session closed for user root
May  4 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7409]: pam_unix(cron:session): session closed for user samftp
May  4 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6467]: pam_unix(cron:session): session closed for user root
May  4 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Invalid user admin from 139.19.117.131
May  4 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: input_userauth_request: invalid user admin [preauth]
May  4 07:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Connection closed by 139.19.117.131 port 40184 [preauth]
May  4 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session closed for user p13x
May  4 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: Successful su for rubyman by root
May  4 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: + ??? root:rubyman
May  4 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326207 of user rubyman.
May  4 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8003]: pam_unix(su:session): session closed for user rubyman
May  4 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326207.
May  4 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4888]: pam_unix(cron:session): session closed for user root
May  4 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7938]: pam_unix(cron:session): session closed for user samftp
May  4 07:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Invalid user ssh-user from 193.70.84.184
May  4 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: input_userauth_request: invalid user ssh-user [preauth]
May  4 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Failed password for invalid user ssh-user from 193.70.84.184 port 44230 ssh2
May  4 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6880]: pam_unix(cron:session): session closed for user root
May  4 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8285]: Connection closed by 193.70.84.184 port 44230 [preauth]
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session closed for user p13x
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: Successful su for rubyman by root
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: + ??? root:rubyman
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326211 of user rubyman.
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: pam_unix(su:session): session closed for user rubyman
May  4 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326211.
May  4 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session closed for user root
May  4 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session closed for user samftp
May  4 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7411]: pam_unix(cron:session): session closed for user root
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8800]: pam_unix(cron:session): session closed for user p13x
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8865]: Successful su for rubyman by root
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8865]: + ??? root:rubyman
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326215 of user rubyman.
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8865]: pam_unix(su:session): session closed for user rubyman
May  4 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326215.
May  4 07:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session closed for user root
May  4 07:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8801]: pam_unix(cron:session): session closed for user samftp
May  4 07:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Invalid user loris from 45.144.233.139
May  4 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: input_userauth_request: invalid user loris [preauth]
May  4 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: pam_unix(sshd:auth): check pass; user unknown
May  4 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 07:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Failed password for invalid user loris from 45.144.233.139 port 36282 ssh2
May  4 07:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Received disconnect from 45.144.233.139 port 36282:11: Bye Bye [preauth]
May  4 07:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9090]: Disconnected from 45.144.233.139 port 36282 [preauth]
May  4 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7940]: pam_unix(cron:session): session closed for user root
May  4 07:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: Failed password for root from 185.93.89.118 port 54946 ssh2
May  4 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9096]: Connection closed by 185.93.89.118 port 54946 [preauth]
May  4 07:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 07:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 07:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Failed password for root from 185.93.89.118 port 43216 ssh2
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session closed for user root
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9331]: pam_unix(cron:session): session closed for user root
May  4 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9329]: pam_unix(cron:session): session closed for user p13x
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Connection closed by 185.93.89.118 port 43216 [preauth]
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: Successful su for rubyman by root
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: + ??? root:rubyman
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326220 of user rubyman.
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9427]: pam_unix(su:session): session closed for user rubyman
May  4 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326220.
May  4 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session closed for user root
May  4 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9332]: pam_unix(cron:session): session closed for user root
May  4 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9330]: pam_unix(cron:session): session closed for user samftp
May  4 08:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Failed password for root from 185.93.89.118 port 2460 ssh2
May  4 08:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Invalid user ociistst from 93.113.63.124
May  4 08:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: input_userauth_request: invalid user ociistst [preauth]
May  4 08:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Connection closed by 185.93.89.118 port 2460 [preauth]
May  4 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Failed password for invalid user ociistst from 93.113.63.124 port 40788 ssh2
May  4 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Received disconnect from 93.113.63.124 port 40788:11: Bye Bye [preauth]
May  4 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Disconnected from 93.113.63.124 port 40788 [preauth]
May  4 08:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Failed password for root from 185.93.89.118 port 65242 ssh2
May  4 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8377]: pam_unix(cron:session): session closed for user root
May  4 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Connection closed by 185.93.89.118 port 65242 [preauth]
May  4 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Failed password for root from 185.93.89.118 port 60666 ssh2
May  4 08:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Connection closed by 185.93.89.118 port 60666 [preauth]
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session closed for user p13x
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: Successful su for rubyman by root
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: + ??? root:rubyman
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326224 of user rubyman.
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9906]: pam_unix(su:session): session closed for user rubyman
May  4 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326224.
May  4 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session closed for user root
May  4 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user samftp
May  4 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Invalid user  from 65.49.1.172
May  4 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: input_userauth_request: invalid user  [preauth]
May  4 08:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10102]: Connection closed by 65.49.1.172 port 23723 [preauth]
May  4 08:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user root
May  4 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Invalid user admin from 64.226.117.59
May  4 08:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: input_userauth_request: invalid user admin [preauth]
May  4 08:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for invalid user admin from 64.226.117.59 port 38780 ssh2
May  4 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Connection closed by 64.226.117.59 port 38780 [preauth]
May  4 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10338]: pam_unix(cron:session): session closed for user p13x
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10403]: Successful su for rubyman by root
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10403]: + ??? root:rubyman
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326229 of user rubyman.
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10403]: pam_unix(su:session): session closed for user rubyman
May  4 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326229.
May  4 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7410]: pam_unix(cron:session): session closed for user root
May  4 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session closed for user samftp
May  4 08:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session closed for user root
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session closed for user p13x
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10874]: Successful su for rubyman by root
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10874]: + ??? root:rubyman
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326234 of user rubyman.
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10874]: pam_unix(su:session): session closed for user rubyman
May  4 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326234.
May  4 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7939]: pam_unix(cron:session): session closed for user root
May  4 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session closed for user samftp
May  4 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9841]: pam_unix(cron:session): session closed for user root
May  4 08:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 08:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Failed password for root from 45.144.233.139 port 36092 ssh2
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Received disconnect from 45.144.233.139 port 36092:11: Bye Bye [preauth]
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Disconnected from 45.144.233.139 port 36092 [preauth]
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Invalid user ftpadmin from 164.68.105.9
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: input_userauth_request: invalid user ftpadmin [preauth]
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Failed password for invalid user ftpadmin from 164.68.105.9 port 37752 ssh2
May  4 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11156]: Connection closed by 164.68.105.9 port 37752 [preauth]
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user p13x
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11267]: Successful su for rubyman by root
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11267]: + ??? root:rubyman
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326237 of user rubyman.
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11267]: pam_unix(su:session): session closed for user rubyman
May  4 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326237.
May  4 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session closed for user root
May  4 08:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user samftp
May  4 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10341]: pam_unix(cron:session): session closed for user root
May  4 08:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: Invalid user leidyroa from 93.113.63.124
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: input_userauth_request: invalid user leidyroa [preauth]
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session closed for user root
May  4 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11612]: pam_unix(cron:session): session closed for user p13x
May  4 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11678]: Successful su for rubyman by root
May  4 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11678]: + ??? root:rubyman
May  4 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326240 of user rubyman.
May  4 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11678]: pam_unix(su:session): session closed for user rubyman
May  4 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326240.
May  4 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: Failed password for invalid user leidyroa from 93.113.63.124 port 54364 ssh2
May  4 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: Received disconnect from 93.113.63.124 port 54364:11: Bye Bye [preauth]
May  4 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11608]: Disconnected from 93.113.63.124 port 54364 [preauth]
May  4 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session closed for user root
May  4 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session closed for user root
May  4 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11613]: pam_unix(cron:session): session closed for user samftp
May  4 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session closed for user root
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session closed for user p13x
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12091]: Successful su for rubyman by root
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12091]: + ??? root:rubyman
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326246 of user rubyman.
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12091]: pam_unix(su:session): session closed for user rubyman
May  4 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326246.
May  4 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user samftp
May  4 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9333]: pam_unix(cron:session): session closed for user root
May  4 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session closed for user root
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12434]: pam_unix(cron:session): session closed for user p13x
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: Successful su for rubyman by root
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: + ??? root:rubyman
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326250 of user rubyman.
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12493]: pam_unix(su:session): session closed for user rubyman
May  4 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326250.
May  4 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session closed for user root
May  4 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session closed for user samftp
May  4 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session closed for user root
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12823]: pam_unix(cron:session): session closed for user p13x
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12883]: Successful su for rubyman by root
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12883]: + ??? root:rubyman
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326255 of user rubyman.
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12883]: pam_unix(su:session): session closed for user rubyman
May  4 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326255.
May  4 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session closed for user root
May  4 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12824]: pam_unix(cron:session): session closed for user samftp
May  4 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Failed password for root from 45.144.233.139 port 35314 ssh2
May  4 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Received disconnect from 45.144.233.139 port 35314:11: Bye Bye [preauth]
May  4 08:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Disconnected from 45.144.233.139 port 35314 [preauth]
May  4 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Invalid user admin from 64.226.117.59
May  4 08:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: input_userauth_request: invalid user admin [preauth]
May  4 08:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Failed password for invalid user admin from 64.226.117.59 port 47926 ssh2
May  4 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13092]: Connection closed by 64.226.117.59 port 47926 [preauth]
May  4 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session closed for user root
May  4 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session closed for user p13x
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: Successful su for rubyman by root
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: + ??? root:rubyman
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326260 of user rubyman.
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session closed for user rubyman
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326260.
May  4 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user root
May  4 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session closed for user root
May  4 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session closed for user samftp
May  4 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session closed for user root
May  4 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Invalid user taibabi from 93.113.63.124
May  4 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: input_userauth_request: invalid user taibabi [preauth]
May  4 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Failed password for invalid user taibabi from 93.113.63.124 port 44384 ssh2
May  4 08:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Received disconnect from 93.113.63.124 port 44384:11: Bye Bye [preauth]
May  4 08:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Disconnected from 93.113.63.124 port 44384 [preauth]
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session closed for user root
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session closed for user p13x
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: Successful su for rubyman by root
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: + ??? root:rubyman
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326263 of user rubyman.
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13886]: pam_unix(su:session): session closed for user rubyman
May  4 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326263.
May  4 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session closed for user root
May  4 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user root
May  4 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session closed for user samftp
May  4 08:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session closed for user root
May  4 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session closed for user p13x
May  4 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: Successful su for rubyman by root
May  4 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: + ??? root:rubyman
May  4 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326270 of user rubyman.
May  4 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14318]: pam_unix(su:session): session closed for user rubyman
May  4 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326270.
May  4 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user root
May  4 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session closed for user samftp
May  4 08:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session closed for user root
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session closed for user p13x
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: Successful su for rubyman by root
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: + ??? root:rubyman
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326273 of user rubyman.
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14723]: pam_unix(su:session): session closed for user rubyman
May  4 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326273.
May  4 08:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user root
May  4 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session closed for user samftp
May  4 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 08:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user root
May  4 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Failed password for root from 45.144.233.139 port 50992 ssh2
May  4 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Received disconnect from 45.144.233.139 port 50992:11: Bye Bye [preauth]
May  4 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Disconnected from 45.144.233.139 port 50992 [preauth]
May  4 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session closed for user p13x
May  4 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: Successful su for rubyman by root
May  4 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: + ??? root:rubyman
May  4 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326278 of user rubyman.
May  4 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15129]: pam_unix(su:session): session closed for user rubyman
May  4 08:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326278.
May  4 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session closed for user root
May  4 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session closed for user samftp
May  4 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user root
May  4 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15459]: pam_unix(cron:session): session closed for user p13x
May  4 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15521]: Successful su for rubyman by root
May  4 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15521]: + ??? root:rubyman
May  4 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326281 of user rubyman.
May  4 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15521]: pam_unix(su:session): session closed for user rubyman
May  4 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326281.
May  4 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12825]: pam_unix(cron:session): session closed for user root
May  4 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15460]: pam_unix(cron:session): session closed for user samftp
May  4 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session closed for user root
May  4 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Invalid user chris from 93.113.63.124
May  4 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: input_userauth_request: invalid user chris [preauth]
May  4 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Invalid user admin from 64.226.117.59
May  4 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: input_userauth_request: invalid user admin [preauth]
May  4 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Failed password for invalid user chris from 93.113.63.124 port 48506 ssh2
May  4 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Received disconnect from 93.113.63.124 port 48506:11: Bye Bye [preauth]
May  4 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15831]: Disconnected from 93.113.63.124 port 48506 [preauth]
May  4 08:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Failed password for invalid user admin from 64.226.117.59 port 43986 ssh2
May  4 08:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15842]: Connection closed by 64.226.117.59 port 43986 [preauth]
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15858]: pam_unix(cron:session): session closed for user root
May  4 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session closed for user p13x
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15926]: Successful su for rubyman by root
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15926]: + ??? root:rubyman
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326290 of user rubyman.
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15926]: pam_unix(su:session): session closed for user rubyman
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326290.
May  4 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Invalid user admin from 80.94.95.112
May  4 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: input_userauth_request: invalid user admin [preauth]
May  4 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session closed for user root
May  4 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session closed for user root
May  4 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for invalid user admin from 80.94.95.112 port 34762 ssh2
May  4 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user samftp
May  4 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for invalid user admin from 80.94.95.112 port 34762 ssh2
May  4 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for invalid user admin from 80.94.95.112 port 34762 ssh2
May  4 08:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for invalid user admin from 80.94.95.112 port 34762 ssh2
May  4 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for invalid user admin from 80.94.95.112 port 34762 ssh2
May  4 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Received disconnect from 80.94.95.112 port 34762:11: Bye [preauth]
May  4 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Disconnected from 80.94.95.112 port 34762 [preauth]
May  4 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 08:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15068]: pam_unix(cron:session): session closed for user root
May  4 08:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Invalid user db2fenc1 from 190.103.202.7
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: input_userauth_request: invalid user db2fenc1 [preauth]
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session closed for user p13x
May  4 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: Successful su for rubyman by root
May  4 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: + ??? root:rubyman
May  4 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326291 of user rubyman.
May  4 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session closed for user rubyman
May  4 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326291.
May  4 08:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user db2fenc1 from 190.103.202.7 port 41662 ssh2
May  4 08:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Connection closed by 190.103.202.7 port 41662 [preauth]
May  4 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session closed for user root
May  4 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16271]: pam_unix(cron:session): session closed for user samftp
May  4 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15462]: pam_unix(cron:session): session closed for user root
May  4 08:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Failed password for root from 45.144.233.139 port 55460 ssh2
May  4 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Received disconnect from 45.144.233.139 port 55460:11: Bye Bye [preauth]
May  4 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Disconnected from 45.144.233.139 port 55460 [preauth]
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user root
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16735]: pam_unix(cron:session): session closed for user p13x
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16720]: Connection closed by 46.244.96.25 port 59776 [preauth]
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16800]: Successful su for rubyman by root
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16800]: + ??? root:rubyman
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326298 of user rubyman.
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16800]: pam_unix(su:session): session closed for user rubyman
May  4 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326298.
May  4 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session closed for user root
May  4 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16736]: pam_unix(cron:session): session closed for user samftp
May  4 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16832]: Connection closed by 46.244.96.25 port 59786 [preauth]
May  4 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Invalid user hamza from 46.244.96.25
May  4 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: input_userauth_request: invalid user hamza [preauth]
May  4 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Failed password for invalid user hamza from 46.244.96.25 port 44108 ssh2
May  4 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Connection closed by 46.244.96.25 port 44108 [preauth]
May  4 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session closed for user root
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session closed for user p13x
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17227]: Successful su for rubyman by root
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17227]: + ??? root:rubyman
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326301 of user rubyman.
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17227]: pam_unix(su:session): session closed for user rubyman
May  4 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326301.
May  4 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session closed for user root
May  4 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session closed for user samftp
May  4 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16273]: pam_unix(cron:session): session closed for user root
May  4 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session closed for user p13x
May  4 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: Successful su for rubyman by root
May  4 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: + ??? root:rubyman
May  4 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326304 of user rubyman.
May  4 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17642]: pam_unix(su:session): session closed for user rubyman
May  4 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326304.
May  4 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session closed for user root
May  4 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17583]: pam_unix(cron:session): session closed for user samftp
May  4 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16738]: pam_unix(cron:session): session closed for user root
May  4 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Invalid user user from 93.113.63.124
May  4 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: input_userauth_request: invalid user user [preauth]
May  4 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Failed password for invalid user user from 93.113.63.124 port 58906 ssh2
May  4 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Received disconnect from 93.113.63.124 port 58906:11: Bye Bye [preauth]
May  4 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18081]: Disconnected from 93.113.63.124 port 58906 [preauth]
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session closed for user root
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session closed for user p13x
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: Successful su for rubyman by root
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: + ??? root:rubyman
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326312 of user rubyman.
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: pam_unix(su:session): session closed for user rubyman
May  4 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326312.
May  4 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18105]: pam_unix(cron:session): session closed for user root
May  4 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15461]: pam_unix(cron:session): session closed for user root
May  4 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18103]: pam_unix(cron:session): session closed for user samftp
May  4 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18423]: Did not receive identification string from 193.32.162.97
May  4 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17168]: pam_unix(cron:session): session closed for user root
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18543]: pam_unix(cron:session): session closed for user p13x
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: Successful su for rubyman by root
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: + ??? root:rubyman
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326314 of user rubyman.
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18611]: pam_unix(su:session): session closed for user rubyman
May  4 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326314.
May  4 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session closed for user root
May  4 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session closed for user samftp
May  4 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Invalid user dima from 45.144.233.139
May  4 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: input_userauth_request: invalid user dima [preauth]
May  4 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Invalid user admin from 64.226.117.59
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: input_userauth_request: invalid user admin [preauth]
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Failed password for invalid user dima from 45.144.233.139 port 47530 ssh2
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Received disconnect from 45.144.233.139 port 47530:11: Bye Bye [preauth]
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Disconnected from 45.144.233.139 port 47530 [preauth]
May  4 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session closed for user root
May  4 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Failed password for invalid user admin from 64.226.117.59 port 50080 ssh2
May  4 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Connection closed by 64.226.117.59 port 50080 [preauth]
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session closed for user p13x
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: Successful su for rubyman by root
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: + ??? root:rubyman
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326318 of user rubyman.
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: pam_unix(su:session): session closed for user rubyman
May  4 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326318.
May  4 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session closed for user root
May  4 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session closed for user samftp
May  4 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session closed for user root
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session closed for user p13x
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19434]: Successful su for rubyman by root
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19434]: + ??? root:rubyman
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326324 of user rubyman.
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19434]: pam_unix(su:session): session closed for user rubyman
May  4 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326324.
May  4 08:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16737]: pam_unix(cron:session): session closed for user root
May  4 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session closed for user samftp
May  4 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session closed for user root
May  4 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  4 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: Connection closed by 46.244.96.25 port 48410 [preauth]
May  4 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: Failed password for root from 46.244.96.25 port 48976 ssh2
May  4 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19764]: Connection closed by 46.244.96.25 port 48976 [preauth]
May  4 08:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Connection closed by 46.244.96.25 port 53824 [preauth]
May  4 08:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Invalid user ejabberd from 193.70.84.184
May  4 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: input_userauth_request: invalid user ejabberd [preauth]
May  4 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 08:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Failed password for invalid user ejabberd from 193.70.84.184 port 34988 ssh2
May  4 08:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Connection closed by 193.70.84.184 port 34988 [preauth]
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19805]: pam_unix(cron:session): session closed for user p13x
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: Successful su for rubyman by root
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: + ??? root:rubyman
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326327 of user rubyman.
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: pam_unix(su:session): session closed for user rubyman
May  4 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326327.
May  4 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17167]: pam_unix(cron:session): session closed for user root
May  4 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19806]: pam_unix(cron:session): session closed for user samftp
May  4 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session closed for user root
May  4 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: Failed password for root from 93.113.63.124 port 52284 ssh2
May  4 08:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: Received disconnect from 93.113.63.124 port 52284:11: Bye Bye [preauth]
May  4 08:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20183]: Disconnected from 93.113.63.124 port 52284 [preauth]
May  4 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: Invalid user yos from 193.32.162.97
May  4 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: input_userauth_request: invalid user yos [preauth]
May  4 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20218]: pam_unix(cron:session): session closed for user root
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20213]: pam_unix(cron:session): session closed for user p13x
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20280]: Successful su for rubyman by root
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20280]: + ??? root:rubyman
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326330 of user rubyman.
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20280]: pam_unix(su:session): session closed for user rubyman
May  4 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326330.
May  4 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: Failed password for invalid user yos from 193.32.162.97 port 48412 ssh2
May  4 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20201]: Connection closed by 193.32.162.97 port 48412 [preauth]
May  4 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20215]: pam_unix(cron:session): session closed for user root
May  4 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session closed for user root
May  4 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Invalid user ubuntu from 80.94.95.116
May  4 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: input_userauth_request: invalid user ubuntu [preauth]
May  4 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  4 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20214]: pam_unix(cron:session): session closed for user samftp
May  4 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Failed password for invalid user ubuntu from 80.94.95.116 port 40262 ssh2
May  4 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20418]: Connection closed by 80.94.95.116 port 40262 [preauth]
May  4 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session closed for user root
May  4 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session closed for user p13x
May  4 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: Successful su for rubyman by root
May  4 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: + ??? root:rubyman
May  4 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326336 of user rubyman.
May  4 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20710]: pam_unix(su:session): session closed for user rubyman
May  4 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326336.
May  4 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18106]: pam_unix(cron:session): session closed for user root
May  4 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: Invalid user ociistst from 45.144.233.139
May  4 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: input_userauth_request: invalid user ociistst [preauth]
May  4 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session closed for user samftp
May  4 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: Failed password for invalid user ociistst from 45.144.233.139 port 53472 ssh2
May  4 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: Received disconnect from 45.144.233.139 port 53472:11: Bye Bye [preauth]
May  4 08:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20884]: Disconnected from 45.144.233.139 port 53472 [preauth]
May  4 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19808]: pam_unix(cron:session): session closed for user root
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21064]: pam_unix(cron:session): session closed for user p13x
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21131]: Successful su for rubyman by root
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21131]: + ??? root:rubyman
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326341 of user rubyman.
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21131]: pam_unix(su:session): session closed for user rubyman
May  4 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326341.
May  4 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session closed for user root
May  4 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21065]: pam_unix(cron:session): session closed for user samftp
May  4 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20217]: pam_unix(cron:session): session closed for user root
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user p13x
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21568]: Successful su for rubyman by root
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21568]: + ??? root:rubyman
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326346 of user rubyman.
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21568]: pam_unix(su:session): session closed for user rubyman
May  4 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326346.
May  4 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session closed for user root
May  4 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user samftp
May  4 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Invalid user admin from 64.226.117.59
May  4 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: input_userauth_request: invalid user admin [preauth]
May  4 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Failed password for invalid user admin from 64.226.117.59 port 42708 ssh2
May  4 08:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22051]: Connection closed by 64.226.117.59 port 42708 [preauth]
May  4 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20644]: pam_unix(cron:session): session closed for user root
May  4 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user p13x
May  4 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22311]: Successful su for rubyman by root
May  4 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22311]: + ??? root:rubyman
May  4 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326348 of user rubyman.
May  4 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22311]: pam_unix(su:session): session closed for user rubyman
May  4 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326348.
May  4 08:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session closed for user root
May  4 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user samftp
May  4 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21067]: pam_unix(cron:session): session closed for user root
May  4 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Invalid user loris from 93.113.63.124
May  4 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: input_userauth_request: invalid user loris [preauth]
May  4 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Failed password for invalid user loris from 93.113.63.124 port 55960 ssh2
May  4 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Received disconnect from 93.113.63.124 port 55960:11: Bye Bye [preauth]
May  4 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22608]: Disconnected from 93.113.63.124 port 55960 [preauth]
May  4 08:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Invalid user elk from 190.103.202.7
May  4 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: input_userauth_request: invalid user elk [preauth]
May  4 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 08:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Failed password for invalid user elk from 190.103.202.7 port 49616 ssh2
May  4 08:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22640]: Connection closed by 190.103.202.7 port 49616 [preauth]
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user root
May  4 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22704]: pam_unix(cron:session): session closed for user p13x
May  4 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22785]: Successful su for rubyman by root
May  4 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22785]: + ??? root:rubyman
May  4 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326354 of user rubyman.
May  4 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22785]: pam_unix(su:session): session closed for user rubyman
May  4 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326354.
May  4 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user root
May  4 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19807]: pam_unix(cron:session): session closed for user root
May  4 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22705]: pam_unix(cron:session): session closed for user samftp
May  4 08:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Invalid user taibabi from 45.144.233.139
May  4 08:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: input_userauth_request: invalid user taibabi [preauth]
May  4 08:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Failed password for invalid user taibabi from 45.144.233.139 port 36878 ssh2
May  4 08:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Received disconnect from 45.144.233.139 port 36878:11: Bye Bye [preauth]
May  4 08:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Disconnected from 45.144.233.139 port 36878 [preauth]
May  4 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21504]: pam_unix(cron:session): session closed for user root
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23197]: pam_unix(cron:session): session closed for user p13x
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: Successful su for rubyman by root
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: + ??? root:rubyman
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326359 of user rubyman.
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23269]: pam_unix(su:session): session closed for user rubyman
May  4 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326359.
May  4 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20216]: pam_unix(cron:session): session closed for user root
May  4 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23198]: pam_unix(cron:session): session closed for user samftp
May  4 08:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22234]: pam_unix(cron:session): session closed for user root
May  4 08:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Invalid user mapr from 193.32.162.97
May  4 08:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: input_userauth_request: invalid user mapr [preauth]
May  4 08:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 08:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Failed password for invalid user mapr from 193.32.162.97 port 57726 ssh2
May  4 08:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Connection closed by 193.32.162.97 port 57726 [preauth]
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23701]: pam_unix(cron:session): session closed for user p13x
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: Successful su for rubyman by root
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: + ??? root:rubyman
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326362 of user rubyman.
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23849]: pam_unix(su:session): session closed for user rubyman
May  4 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326362.
May  4 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session closed for user root
May  4 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23702]: pam_unix(cron:session): session closed for user samftp
May  4 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session closed for user root
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session closed for user p13x
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24309]: Successful su for rubyman by root
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24309]: + ??? root:rubyman
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326366 of user rubyman.
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24309]: pam_unix(su:session): session closed for user rubyman
May  4 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326366.
May  4 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21066]: pam_unix(cron:session): session closed for user root
May  4 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session closed for user samftp
May  4 08:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23201]: pam_unix(cron:session): session closed for user root
May  4 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session closed for user p13x
May  4 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24736]: Successful su for rubyman by root
May  4 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24736]: + ??? root:rubyman
May  4 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326373 of user rubyman.
May  4 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24736]: pam_unix(su:session): session closed for user rubyman
May  4 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326373.
May  4 08:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session closed for user root
May  4 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user samftp
May  4 08:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23704]: pam_unix(cron:session): session closed for user root
May  4 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Failed password for root from 93.113.63.124 port 33878 ssh2
May  4 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Received disconnect from 93.113.63.124 port 33878:11: Bye Bye [preauth]
May  4 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24999]: Disconnected from 93.113.63.124 port 33878 [preauth]
May  4 08:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 08:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Failed password for root from 45.144.233.139 port 51140 ssh2
May  4 08:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Received disconnect from 45.144.233.139 port 51140:11: Bye Bye [preauth]
May  4 08:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25053]: Disconnected from 45.144.233.139 port 51140 [preauth]
May  4 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Invalid user admin from 64.226.117.59
May  4 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: input_userauth_request: invalid user admin [preauth]
May  4 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Failed password for invalid user admin from 64.226.117.59 port 36344 ssh2
May  4 08:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Connection closed by 64.226.117.59 port 36344 [preauth]
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session closed for user root
May  4 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25090]: pam_unix(cron:session): session closed for user p13x
May  4 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: Successful su for rubyman by root
May  4 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: + ??? root:rubyman
May  4 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326375 of user rubyman.
May  4 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: pam_unix(su:session): session closed for user rubyman
May  4 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326375.
May  4 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session closed for user root
May  4 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session closed for user root
May  4 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25091]: pam_unix(cron:session): session closed for user samftp
May  4 08:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24238]: pam_unix(cron:session): session closed for user root
May  4 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25535]: pam_unix(cron:session): session closed for user p13x
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: Successful su for rubyman by root
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: + ??? root:rubyman
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326381 of user rubyman.
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: pam_unix(su:session): session closed for user rubyman
May  4 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326381.
May  4 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user root
May  4 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25536]: pam_unix(cron:session): session closed for user samftp
May  4 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: Failed password for root from 176.31.162.135 port 53138 ssh2
May  4 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25804]: Connection closed by 176.31.162.135 port 53138 [preauth]
May  4 08:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24673]: pam_unix(cron:session): session closed for user root
May  4 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 08:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Failed password for root from 164.68.105.9 port 49224 ssh2
May  4 08:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Connection closed by 164.68.105.9 port 49224 [preauth]
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session closed for user p13x
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: Successful su for rubyman by root
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: + ??? root:rubyman
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326384 of user rubyman.
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: pam_unix(su:session): session closed for user rubyman
May  4 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326384.
May  4 08:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session closed for user root
May  4 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25940]: pam_unix(cron:session): session closed for user samftp
May  4 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25094]: pam_unix(cron:session): session closed for user root
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26339]: pam_unix(cron:session): session closed for user p13x
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26401]: Successful su for rubyman by root
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26401]: + ??? root:rubyman
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326388 of user rubyman.
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26401]: pam_unix(su:session): session closed for user rubyman
May  4 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326388.
May  4 08:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23703]: pam_unix(cron:session): session closed for user root
May  4 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26340]: pam_unix(cron:session): session closed for user samftp
May  4 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25539]: pam_unix(cron:session): session closed for user root
May  4 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Invalid user oneadmin from 193.32.162.97
May  4 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: input_userauth_request: invalid user oneadmin [preauth]
May  4 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 08:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Failed password for invalid user oneadmin from 193.32.162.97 port 38784 ssh2
May  4 08:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26765]: Connection closed by 193.32.162.97 port 38784 [preauth]
May  4 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session closed for user p13x
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: Successful su for rubyman by root
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: + ??? root:rubyman
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326392 of user rubyman.
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: pam_unix(su:session): session closed for user rubyman
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326392.
May  4 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26817]: pam_unix(cron:session): session closed for user root
May  4 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24236]: pam_unix(cron:session): session closed for user root
May  4 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session closed for user samftp
May  4 08:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Invalid user user1 from 45.144.233.139
May  4 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: input_userauth_request: invalid user user1 [preauth]
May  4 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Failed password for invalid user user1 from 45.144.233.139 port 60560 ssh2
May  4 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Received disconnect from 45.144.233.139 port 60560:11: Bye Bye [preauth]
May  4 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Disconnected from 45.144.233.139 port 60560 [preauth]
May  4 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25942]: pam_unix(cron:session): session closed for user root
May  4 08:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 08:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27362]: Failed password for root from 93.113.63.124 port 60342 ssh2
May  4 08:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27362]: Received disconnect from 93.113.63.124 port 60342:11: Bye Bye [preauth]
May  4 08:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27362]: Disconnected from 93.113.63.124 port 60342 [preauth]
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user root
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27406]: pam_unix(cron:session): session closed for user p13x
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: Successful su for rubyman by root
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: + ??? root:rubyman
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326401 of user rubyman.
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: pam_unix(su:session): session closed for user rubyman
May  4 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326401.
May  4 08:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session closed for user root
May  4 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24672]: pam_unix(cron:session): session closed for user root
May  4 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27407]: pam_unix(cron:session): session closed for user samftp
May  4 08:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session closed for user root
May  4 08:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: Failed password for root from 218.92.0.201 port 34536 ssh2
May  4 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: message repeated 3 times: [ Failed password for root from 218.92.0.201 port 34536 ssh2]
May  4 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Did not receive identification string from 1.202.218.100
May  4 08:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: Failed password for root from 218.92.0.201 port 34536 ssh2
May  4 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 34536 ssh2 [preauth]
May  4 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: Disconnecting: Too many authentication failures [preauth]
May  4 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27814]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: Invalid user wqmarlduiqkmgs from 1.202.218.100
May  4 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: input_userauth_request: invalid user wqmarlduiqkmgs [preauth]
May  4 08:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27855]: fatal: ssh_packet_get_string: incomplete message [preauth]
May  4 08:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27878]: pam_unix(cron:session): session closed for user p13x
May  4 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: Successful su for rubyman by root
May  4 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: + ??? root:rubyman
May  4 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326403 of user rubyman.
May  4 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: pam_unix(su:session): session closed for user rubyman
May  4 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326403.
May  4 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25093]: pam_unix(cron:session): session closed for user root
May  4 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session closed for user samftp
May  4 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Invalid user admin from 64.226.117.59
May  4 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: input_userauth_request: invalid user admin [preauth]
May  4 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Failed password for invalid user admin from 64.226.117.59 port 41860 ssh2
May  4 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28192]: Connection closed by 64.226.117.59 port 41860 [preauth]
May  4 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session closed for user root
May  4 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Did not receive identification string from 154.81.156.51
May  4 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session closed for user p13x
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28340]: Successful su for rubyman by root
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28340]: + ??? root:rubyman
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326408 of user rubyman.
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28340]: pam_unix(su:session): session closed for user rubyman
May  4 08:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326408.
May  4 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25537]: pam_unix(cron:session): session closed for user root
May  4 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Invalid user user from 80.94.95.112
May  4 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: input_userauth_request: invalid user user [preauth]
May  4 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session closed for user samftp
May  4 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Failed password for invalid user user from 80.94.95.112 port 64087 ssh2
May  4 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Failed password for invalid user user from 80.94.95.112 port 64087 ssh2
May  4 08:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Failed password for invalid user user from 80.94.95.112 port 64087 ssh2
May  4 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Failed password for invalid user user from 80.94.95.112 port 64087 ssh2
May  4 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Failed password for invalid user user from 80.94.95.112 port 64087 ssh2
May  4 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Received disconnect from 80.94.95.112 port 64087:11: Bye [preauth]
May  4 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: Disconnected from 80.94.95.112 port 64087 [preauth]
May  4 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28491]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user root
May  4 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session closed for user p13x
May  4 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28739]: Successful su for rubyman by root
May  4 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28739]: + ??? root:rubyman
May  4 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326411 of user rubyman.
May  4 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28739]: pam_unix(su:session): session closed for user rubyman
May  4 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326411.
May  4 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25941]: pam_unix(cron:session): session closed for user root
May  4 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session closed for user samftp
May  4 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session closed for user root
May  4 08:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Invalid user steam from 45.144.233.139
May  4 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: input_userauth_request: invalid user steam [preauth]
May  4 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user steam from 45.144.233.139 port 41332 ssh2
May  4 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Received disconnect from 45.144.233.139 port 41332:11: Bye Bye [preauth]
May  4 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Disconnected from 45.144.233.139 port 41332 [preauth]
May  4 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user p13x
May  4 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: Successful su for rubyman by root
May  4 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: + ??? root:rubyman
May  4 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326416 of user rubyman.
May  4 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: pam_unix(su:session): session closed for user rubyman
May  4 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326416.
May  4 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session closed for user root
May  4 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user samftp
May  4 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session closed for user root
May  4 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Failed password for root from 93.113.63.124 port 48122 ssh2
May  4 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Received disconnect from 93.113.63.124 port 48122:11: Bye Bye [preauth]
May  4 08:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Disconnected from 93.113.63.124 port 48122 [preauth]
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session closed for user root
May  4 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session closed for user p13x
May  4 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29668]: Successful su for rubyman by root
May  4 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29668]: + ??? root:rubyman
May  4 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326420 of user rubyman.
May  4 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29668]: pam_unix(su:session): session closed for user rubyman
May  4 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326420.
May  4 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29600]: pam_unix(cron:session): session closed for user root
May  4 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user root
May  4 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session closed for user samftp
May  4 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session closed for user root
May  4 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: Invalid user master from 193.32.162.97
May  4 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: input_userauth_request: invalid user master [preauth]
May  4 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 08:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: Failed password for invalid user master from 193.32.162.97 port 48074 ssh2
May  4 08:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29969]: Connection closed by 193.32.162.97 port 48074 [preauth]
May  4 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session closed for user p13x
May  4 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: Successful su for rubyman by root
May  4 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: + ??? root:rubyman
May  4 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326425 of user rubyman.
May  4 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30103]: pam_unix(su:session): session closed for user rubyman
May  4 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326425.
May  4 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user root
May  4 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session closed for user samftp
May  4 08:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user root
May  4 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for root from 185.93.89.118 port 12554 ssh2
May  4 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Connection closed by 185.93.89.118 port 12554 [preauth]
May  4 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Failed password for root from 185.93.89.118 port 60276 ssh2
May  4 08:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Connection closed by 185.93.89.118 port 60276 [preauth]
May  4 08:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session closed for user p13x
May  4 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: Successful su for rubyman by root
May  4 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: + ??? root:rubyman
May  4 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326429 of user rubyman.
May  4 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: pam_unix(su:session): session closed for user rubyman
May  4 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326429.
May  4 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27880]: pam_unix(cron:session): session closed for user root
May  4 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session closed for user samftp
May  4 08:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Failed password for root from 185.93.89.118 port 19664 ssh2
May  4 08:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Connection closed by 185.93.89.118 port 19664 [preauth]
May  4 08:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Failed password for root from 185.93.89.118 port 59104 ssh2
May  4 08:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Connection closed by 185.93.89.118 port 59104 [preauth]
May  4 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29602]: pam_unix(cron:session): session closed for user root
May  4 08:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: Failed password for root from 185.93.89.118 port 49590 ssh2
May  4 08:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30758]: Connection closed by 185.93.89.118 port 49590 [preauth]
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user p13x
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: Successful su for rubyman by root
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: + ??? root:rubyman
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326434 of user rubyman.
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30899]: pam_unix(su:session): session closed for user rubyman
May  4 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326434.
May  4 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Invalid user temp from 45.144.233.139
May  4 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: input_userauth_request: invalid user temp [preauth]
May  4 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session closed for user root
May  4 08:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user samftp
May  4 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Failed password for invalid user temp from 45.144.233.139 port 47950 ssh2
May  4 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Received disconnect from 45.144.233.139 port 47950:11: Bye Bye [preauth]
May  4 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31006]: Disconnected from 45.144.233.139 port 47950 [preauth]
May  4 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Invalid user admin from 64.226.117.59
May  4 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: input_userauth_request: invalid user admin [preauth]
May  4 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for invalid user admin from 64.226.117.59 port 42612 ssh2
May  4 08:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Connection closed by 64.226.117.59 port 42612 [preauth]
May  4 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30037]: pam_unix(cron:session): session closed for user root
May  4 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session closed for user p13x
May  4 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: Successful su for rubyman by root
May  4 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: + ??? root:rubyman
May  4 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326438 of user rubyman.
May  4 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: pam_unix(su:session): session closed for user rubyman
May  4 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326438.
May  4 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session closed for user root
May  4 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31238]: pam_unix(cron:session): session closed for user samftp
May  4 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30448]: pam_unix(cron:session): session closed for user root
May  4 08:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Invalid user steam from 93.113.63.124
May  4 08:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: input_userauth_request: invalid user steam [preauth]
May  4 08:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Failed password for invalid user steam from 93.113.63.124 port 44384 ssh2
May  4 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Received disconnect from 93.113.63.124 port 44384:11: Bye Bye [preauth]
May  4 08:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Disconnected from 93.113.63.124 port 44384 [preauth]
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31659]: pam_unix(cron:session): session closed for user root
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31654]: pam_unix(cron:session): session closed for user p13x
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: Successful su for rubyman by root
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: + ??? root:rubyman
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326444 of user rubyman.
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31735]: pam_unix(su:session): session closed for user rubyman
May  4 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326444.
May  4 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session closed for user root
May  4 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29187]: pam_unix(cron:session): session closed for user root
May  4 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31655]: pam_unix(cron:session): session closed for user samftp
May  4 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session closed for user root
May  4 08:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Invalid user www from 134.209.152.88
May  4 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: input_userauth_request: invalid user www [preauth]
May  4 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.152.88
May  4 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for invalid user www from 134.209.152.88 port 38364 ssh2
May  4 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Received disconnect from 134.209.152.88 port 38364:11: Bye Bye [preauth]
May  4 08:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Disconnected from 134.209.152.88 port 38364 [preauth]
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session closed for user p13x
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32170]: Successful su for rubyman by root
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32170]: + ??? root:rubyman
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326447 of user rubyman.
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32170]: pam_unix(su:session): session closed for user rubyman
May  4 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326447.
May  4 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29601]: pam_unix(cron:session): session closed for user root
May  4 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32104]: pam_unix(cron:session): session closed for user samftp
May  4 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session closed for user root
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32500]: pam_unix(cron:session): session closed for user p13x
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: Successful su for rubyman by root
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: + ??? root:rubyman
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326451 of user rubyman.
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32570]: pam_unix(su:session): session closed for user rubyman
May  4 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326451.
May  4 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session closed for user root
May  4 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session closed for user samftp
May  4 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Invalid user loginuser from 193.32.162.97
May  4 08:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: input_userauth_request: invalid user loginuser [preauth]
May  4 08:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 08:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Failed password for invalid user loginuser from 193.32.162.97 port 57364 ssh2
May  4 08:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Connection closed by 193.32.162.97 port 57364 [preauth]
May  4 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session closed for user root
May  4 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: Invalid user chris from 45.144.233.139
May  4 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: input_userauth_request: invalid user chris [preauth]
May  4 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: Failed password for invalid user chris from 45.144.233.139 port 43246 ssh2
May  4 08:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: Received disconnect from 45.144.233.139 port 43246:11: Bye Bye [preauth]
May  4 08:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[516]: Disconnected from 45.144.233.139 port 43246 [preauth]
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session closed for user p13x
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: Successful su for rubyman by root
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: + ??? root:rubyman
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326455 of user rubyman.
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: pam_unix(su:session): session closed for user rubyman
May  4 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326455.
May  4 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30447]: pam_unix(cron:session): session closed for user root
May  4 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[581]: pam_unix(cron:session): session closed for user samftp
May  4 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user root
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1016]: pam_unix(cron:session): session closed for user p13x
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: Successful su for rubyman by root
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: + ??? root:rubyman
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326460 of user rubyman.
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session closed for user rubyman
May  4 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326460.
May  4 08:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30837]: pam_unix(cron:session): session closed for user root
May  4 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1017]: pam_unix(cron:session): session closed for user samftp
May  4 08:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: Failed password for root from 185.213.164.48 port 47550 ssh2
May  4 08:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: Received disconnect from 185.213.164.48 port 47550:11: Bye Bye [preauth]
May  4 08:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1272]: Disconnected from 185.213.164.48 port 47550 [preauth]
May  4 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user root
May  4 08:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Invalid user admin from 64.226.117.59
May  4 08:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: input_userauth_request: invalid user admin [preauth]
May  4 08:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 08:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 08:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Failed password for invalid user admin from 64.226.117.59 port 40204 ssh2
May  4 08:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Connection closed by 64.226.117.59 port 40204 [preauth]
May  4 08:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Failed password for root from 93.113.63.124 port 51646 ssh2
May  4 08:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Received disconnect from 93.113.63.124 port 51646:11: Bye Bye [preauth]
May  4 08:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: Disconnected from 93.113.63.124 port 51646 [preauth]
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1493]: pam_unix(cron:session): session closed for user root
May  4 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1486]: pam_unix(cron:session): session closed for user p13x
May  4 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1570]: Successful su for rubyman by root
May  4 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1570]: + ??? root:rubyman
May  4 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326463 of user rubyman.
May  4 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1570]: pam_unix(su:session): session closed for user rubyman
May  4 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326463.
May  4 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1490]: pam_unix(cron:session): session closed for user root
May  4 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session closed for user root
May  4 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1488]: pam_unix(cron:session): session closed for user samftp
May  4 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Invalid user taibabi from 103.59.95.142
May  4 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: input_userauth_request: invalid user taibabi [preauth]
May  4 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for invalid user taibabi from 103.59.95.142 port 42458 ssh2
May  4 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Received disconnect from 103.59.95.142 port 42458:11: Bye Bye [preauth]
May  4 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Disconnected from 103.59.95.142 port 42458 [preauth]
May  4 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[584]: pam_unix(cron:session): session closed for user root
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session closed for user p13x
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2108]: Successful su for rubyman by root
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2108]: + ??? root:rubyman
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326469 of user rubyman.
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2108]: pam_unix(su:session): session closed for user rubyman
May  4 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326469.
May  4 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31657]: pam_unix(cron:session): session closed for user root
May  4 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session closed for user samftp
May  4 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1020]: pam_unix(cron:session): session closed for user root
May  4 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Invalid user admin from 139.19.117.131
May  4 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: input_userauth_request: invalid user admin [preauth]
May  4 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Connection closed by 139.19.117.131 port 43636 [preauth]
May  4 08:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: Failed password for root from 45.144.233.139 port 46746 ssh2
May  4 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: Received disconnect from 45.144.233.139 port 46746:11: Bye Bye [preauth]
May  4 08:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2447]: Disconnected from 45.144.233.139 port 46746 [preauth]
May  4 08:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session closed for user p13x
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2535]: Successful su for rubyman by root
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2535]: + ??? root:rubyman
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326474 of user rubyman.
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2535]: pam_unix(su:session): session closed for user rubyman
May  4 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326474.
May  4 08:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user root
May  4 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session closed for user samftp
May  4 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1492]: pam_unix(cron:session): session closed for user root
May  4 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2898]: pam_unix(cron:session): session closed for user p13x
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: Successful su for rubyman by root
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: + ??? root:rubyman
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326477 of user rubyman.
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2969]: pam_unix(su:session): session closed for user rubyman
May  4 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326477.
May  4 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session closed for user root
May  4 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2900]: pam_unix(cron:session): session closed for user samftp
May  4 08:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: Connection closed by 167.94.138.62 port 36812 [preauth]
May  4 08:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2044]: pam_unix(cron:session): session closed for user root
May  4 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session closed for user p13x
May  4 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3381]: Successful su for rubyman by root
May  4 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3381]: + ??? root:rubyman
May  4 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326481 of user rubyman.
May  4 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3381]: pam_unix(su:session): session closed for user rubyman
May  4 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326481.
May  4 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[583]: pam_unix(cron:session): session closed for user root
May  4 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Invalid user loginuser from 193.32.162.97
May  4 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: input_userauth_request: invalid user loginuser [preauth]
May  4 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user samftp
May  4 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Failed password for invalid user loginuser from 193.32.162.97 port 38420 ssh2
May  4 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3494]: Connection closed by 193.32.162.97 port 38420 [preauth]
May  4 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: Invalid user msr from 50.235.31.47
May  4 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: input_userauth_request: invalid user msr [preauth]
May  4 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: Failed password for invalid user msr from 50.235.31.47 port 59106 ssh2
May  4 08:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3618]: Connection closed by 50.235.31.47 port 59106 [preauth]
May  4 08:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session closed for user root
May  4 08:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: Invalid user temp from 93.113.63.124
May  4 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: input_userauth_request: invalid user temp [preauth]
May  4 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: pam_unix(sshd:auth): check pass; user unknown
May  4 08:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: Failed password for invalid user temp from 93.113.63.124 port 37000 ssh2
May  4 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: Received disconnect from 93.113.63.124 port 37000:11: Bye Bye [preauth]
May  4 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: Disconnected from 93.113.63.124 port 37000 [preauth]
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session closed for user root
May  4 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session closed for user root
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3766]: pam_unix(cron:session): session closed for user p13x
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: Successful su for rubyman by root
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: + ??? root:rubyman
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326487 of user rubyman.
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: pam_unix(su:session): session closed for user rubyman
May  4 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326487.
May  4 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user root
May  4 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session closed for user root
May  4 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3768]: pam_unix(cron:session): session closed for user samftp
May  4 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2902]: pam_unix(cron:session): session closed for user root
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session closed for user p13x
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4529]: Successful su for rubyman by root
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4529]: + ??? root:rubyman
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326492 of user rubyman.
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4529]: pam_unix(su:session): session closed for user rubyman
May  4 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326492.
May  4 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1491]: pam_unix(cron:session): session closed for user root
May  4 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session closed for user samftp
May  4 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Failed password for root from 45.144.233.139 port 45804 ssh2
May  4 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Received disconnect from 45.144.233.139 port 45804:11: Bye Bye [preauth]
May  4 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Disconnected from 45.144.233.139 port 45804 [preauth]
May  4 09:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Invalid user admin from 64.226.117.59
May  4 09:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: input_userauth_request: invalid user admin [preauth]
May  4 09:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Failed password for invalid user admin from 64.226.117.59 port 41052 ssh2
May  4 09:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4785]: Connection closed by 64.226.117.59 port 41052 [preauth]
May  4 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user root
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4896]: pam_unix(cron:session): session closed for user p13x
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4966]: Successful su for rubyman by root
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4966]: + ??? root:rubyman
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326498 of user rubyman.
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4966]: pam_unix(su:session): session closed for user rubyman
May  4 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326498.
May  4 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2043]: pam_unix(cron:session): session closed for user root
May  4 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4897]: pam_unix(cron:session): session closed for user samftp
May  4 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session closed for user root
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5506]: pam_unix(cron:session): session closed for user p13x
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5609]: Successful su for rubyman by root
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5609]: + ??? root:rubyman
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326501 of user rubyman.
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5609]: pam_unix(su:session): session closed for user rubyman
May  4 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326501.
May  4 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session closed for user root
May  4 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5507]: pam_unix(cron:session): session closed for user samftp
May  4 09:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user root
May  4 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Invalid user ubuntu from 80.94.95.115
May  4 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: input_userauth_request: invalid user ubuntu [preauth]
May  4 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  4 09:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Failed password for invalid user ubuntu from 80.94.95.115 port 35016 ssh2
May  4 09:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Connection closed by 80.94.95.115 port 35016 [preauth]
May  4 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session closed for user p13x
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: Successful su for rubyman by root
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: + ??? root:rubyman
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326505 of user rubyman.
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6125]: pam_unix(su:session): session closed for user rubyman
May  4 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326505.
May  4 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2901]: pam_unix(cron:session): session closed for user root
May  4 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session closed for user samftp
May  4 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4899]: pam_unix(cron:session): session closed for user root
May  4 09:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Invalid user taibabi from 185.213.164.48
May  4 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: input_userauth_request: invalid user taibabi [preauth]
May  4 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Failed password for invalid user taibabi from 185.213.164.48 port 47776 ssh2
May  4 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Received disconnect from 185.213.164.48 port 47776:11: Bye Bye [preauth]
May  4 09:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6403]: Disconnected from 185.213.164.48 port 47776 [preauth]
May  4 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Invalid user netadmin from 93.113.63.124
May  4 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: input_userauth_request: invalid user netadmin [preauth]
May  4 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Failed password for invalid user netadmin from 93.113.63.124 port 53038 ssh2
May  4 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Received disconnect from 93.113.63.124 port 53038:11: Bye Bye [preauth]
May  4 09:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6435]: Disconnected from 93.113.63.124 port 53038 [preauth]
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6473]: pam_unix(cron:session): session closed for user root
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session closed for user p13x
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6533]: Successful su for rubyman by root
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6533]: + ??? root:rubyman
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326510 of user rubyman.
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6533]: pam_unix(su:session): session closed for user rubyman
May  4 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326510.
May  4 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6470]: pam_unix(cron:session): session closed for user root
May  4 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3312]: pam_unix(cron:session): session closed for user root
May  4 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session closed for user samftp
May  4 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5510]: pam_unix(cron:session): session closed for user root
May  4 09:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 09:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for root from 45.144.233.139 port 50208 ssh2
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Received disconnect from 45.144.233.139 port 50208:11: Bye Bye [preauth]
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Disconnected from 45.144.233.139 port 50208 [preauth]
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: Invalid user loginuser from 193.32.162.97
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: input_userauth_request: invalid user loginuser [preauth]
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: Failed password for invalid user loginuser from 193.32.162.97 port 47710 ssh2
May  4 09:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6861]: Connection closed by 193.32.162.97 port 47710 [preauth]
May  4 09:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.100.49.20  user=root
May  4 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Failed password for root from 114.100.49.20 port 34789 ssh2
May  4 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Received disconnect from 114.100.49.20 port 34789:11: Bye Bye [preauth]
May  4 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6883]: Disconnected from 114.100.49.20 port 34789 [preauth]
May  4 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session closed for user p13x
May  4 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: Successful su for rubyman by root
May  4 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: + ??? root:rubyman
May  4 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326514 of user rubyman.
May  4 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7071]: pam_unix(su:session): session closed for user rubyman
May  4 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326514.
May  4 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session closed for user root
May  4 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session closed for user samftp
May  4 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6054]: pam_unix(cron:session): session closed for user root
May  4 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7413]: pam_unix(cron:session): session closed for user p13x
May  4 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7480]: Successful su for rubyman by root
May  4 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7480]: + ??? root:rubyman
May  4 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326518 of user rubyman.
May  4 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7480]: pam_unix(su:session): session closed for user rubyman
May  4 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326518.
May  4 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session closed for user root
May  4 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session closed for user samftp
May  4 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6472]: pam_unix(cron:session): session closed for user root
May  4 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7933]: pam_unix(cron:session): session closed for user p13x
May  4 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: Successful su for rubyman by root
May  4 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: + ??? root:rubyman
May  4 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326522 of user rubyman.
May  4 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8000]: pam_unix(su:session): session closed for user rubyman
May  4 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326522.
May  4 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Invalid user admin from 64.226.117.59
May  4 09:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: input_userauth_request: invalid user admin [preauth]
May  4 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4898]: pam_unix(cron:session): session closed for user root
May  4 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for invalid user admin from 64.226.117.59 port 58338 ssh2
May  4 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 64.226.117.59 port 58338 [preauth]
May  4 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7934]: pam_unix(cron:session): session closed for user samftp
May  4 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6994]: pam_unix(cron:session): session closed for user root
May  4 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8363]: pam_unix(cron:session): session closed for user p13x
May  4 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: Successful su for rubyman by root
May  4 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: + ??? root:rubyman
May  4 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326526 of user rubyman.
May  4 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8483]: pam_unix(su:session): session closed for user rubyman
May  4 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326526.
May  4 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8361]: pam_unix(cron:session): session closed for user root
May  4 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5509]: pam_unix(cron:session): session closed for user root
May  4 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8364]: pam_unix(cron:session): session closed for user samftp
May  4 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session closed for user root
May  4 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8807]: Connection reset by 205.210.31.51 port 58450 [preauth]
May  4 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Failed password for root from 93.113.63.124 port 40750 ssh2
May  4 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Received disconnect from 93.113.63.124 port 40750:11: Bye Bye [preauth]
May  4 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Disconnected from 93.113.63.124 port 40750 [preauth]
May  4 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: Invalid user odoo17 from 185.213.164.48
May  4 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: input_userauth_request: invalid user odoo17 [preauth]
May  4 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: Failed password for invalid user odoo17 from 185.213.164.48 port 51002 ssh2
May  4 09:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: Received disconnect from 185.213.164.48 port 51002:11: Bye Bye [preauth]
May  4 09:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8845]: Disconnected from 185.213.164.48 port 51002 [preauth]
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session closed for user root
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8895]: pam_unix(cron:session): session closed for user p13x
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8970]: Successful su for rubyman by root
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8970]: + ??? root:rubyman
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326531 of user rubyman.
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8970]: pam_unix(su:session): session closed for user rubyman
May  4 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326531.
May  4 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8897]: pam_unix(cron:session): session closed for user root
May  4 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session closed for user root
May  4 09:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8896]: pam_unix(cron:session): session closed for user samftp
May  4 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 09:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Failed password for root from 45.144.233.139 port 54434 ssh2
May  4 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Received disconnect from 45.144.233.139 port 54434:11: Bye Bye [preauth]
May  4 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Disconnected from 45.144.233.139 port 54434 [preauth]
May  4 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Invalid user user2 from 103.59.95.142
May  4 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: input_userauth_request: invalid user user2 [preauth]
May  4 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Failed password for invalid user user2 from 103.59.95.142 port 37586 ssh2
May  4 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Received disconnect from 103.59.95.142 port 37586:11: Bye Bye [preauth]
May  4 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Disconnected from 103.59.95.142 port 37586 [preauth]
May  4 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7937]: pam_unix(cron:session): session closed for user root
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9457]: pam_unix(cron:session): session closed for user p13x
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9525]: Successful su for rubyman by root
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9525]: + ??? root:rubyman
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326538 of user rubyman.
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9525]: pam_unix(su:session): session closed for user rubyman
May  4 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326538.
May  4 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6471]: pam_unix(cron:session): session closed for user root
May  4 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9458]: pam_unix(cron:session): session closed for user samftp
May  4 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8366]: pam_unix(cron:session): session closed for user root
May  4 09:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session closed for user p13x
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9923]: Successful su for rubyman by root
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9923]: + ??? root:rubyman
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326541 of user rubyman.
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9923]: pam_unix(su:session): session closed for user rubyman
May  4 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326541.
May  4 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6993]: pam_unix(cron:session): session closed for user root
May  4 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user samftp
May  4 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Invalid user loginuser from 193.32.162.97
May  4 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: input_userauth_request: invalid user loginuser [preauth]
May  4 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Failed password for invalid user loginuser from 193.32.162.97 port 57000 ssh2
May  4 09:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10168]: Connection closed by 193.32.162.97 port 57000 [preauth]
May  4 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session closed for user root
May  4 09:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Did not receive identification string from 80.64.18.84
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user p13x
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: Successful su for rubyman by root
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: + ??? root:rubyman
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326545 of user rubyman.
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session closed for user rubyman
May  4 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326545.
May  4 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7415]: pam_unix(cron:session): session closed for user root
May  4 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session closed for user samftp
May  4 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user root
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10830]: pam_unix(cron:session): session closed for user p13x
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: Successful su for rubyman by root
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: + ??? root:rubyman
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326549 of user rubyman.
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10890]: pam_unix(su:session): session closed for user rubyman
May  4 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326549.
May  4 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7935]: pam_unix(cron:session): session closed for user root
May  4 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10831]: pam_unix(cron:session): session closed for user samftp
May  4 09:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11131]: Failed password for root from 93.113.63.124 port 40080 ssh2
May  4 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11131]: Received disconnect from 93.113.63.124 port 40080:11: Bye Bye [preauth]
May  4 09:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11131]: Disconnected from 93.113.63.124 port 40080 [preauth]
May  4 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user root
May  4 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139  user=root
May  4 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Failed password for root from 45.144.233.139 port 41326 ssh2
May  4 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Received disconnect from 45.144.233.139 port 41326:11: Bye Bye [preauth]
May  4 09:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Disconnected from 45.144.233.139 port 41326 [preauth]
May  4 09:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Invalid user admin from 64.226.117.59
May  4 09:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: input_userauth_request: invalid user admin [preauth]
May  4 09:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 09:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user admin from 64.226.117.59 port 46398 ssh2
May  4 09:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Connection closed by 64.226.117.59 port 46398 [preauth]
May  4 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Failed password for root from 185.213.164.48 port 39864 ssh2
May  4 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Received disconnect from 185.213.164.48 port 39864:11: Bye Bye [preauth]
May  4 09:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Disconnected from 185.213.164.48 port 39864 [preauth]
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11232]: pam_unix(cron:session): session closed for user root
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session closed for user p13x
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: Successful su for rubyman by root
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: + ??? root:rubyman
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326554 of user rubyman.
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11296]: pam_unix(su:session): session closed for user rubyman
May  4 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326554.
May  4 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session closed for user root
May  4 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8365]: pam_unix(cron:session): session closed for user root
May  4 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user samftp
May  4 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session closed for user root
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11660]: pam_unix(cron:session): session closed for user p13x
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11729]: Successful su for rubyman by root
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11729]: + ??? root:rubyman
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326559 of user rubyman.
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11729]: pam_unix(su:session): session closed for user rubyman
May  4 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326559.
May  4 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8898]: pam_unix(cron:session): session closed for user root
May  4 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11661]: pam_unix(cron:session): session closed for user samftp
May  4 09:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Invalid user test from 103.59.95.142
May  4 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: input_userauth_request: invalid user test [preauth]
May  4 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Failed password for invalid user test from 103.59.95.142 port 46986 ssh2
May  4 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Received disconnect from 103.59.95.142 port 46986:11: Bye Bye [preauth]
May  4 09:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Disconnected from 103.59.95.142 port 46986 [preauth]
May  4 09:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10833]: pam_unix(cron:session): session closed for user root
May  4 09:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  4 09:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Failed password for root from 218.92.0.217 port 11270 ssh2
May  4 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 11270 ssh2]
May  4 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Received disconnect from 218.92.0.217 port 11270:11:  [preauth]
May  4 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Disconnected from 218.92.0.217 port 11270 [preauth]
May  4 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12053]: pam_unix(cron:session): session closed for user root
May  4 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session closed for user p13x
May  4 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12118]: Successful su for rubyman by root
May  4 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12118]: + ??? root:rubyman
May  4 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326563 of user rubyman.
May  4 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12118]: pam_unix(su:session): session closed for user rubyman
May  4 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326563.
May  4 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9459]: pam_unix(cron:session): session closed for user root
May  4 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session closed for user samftp
May  4 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11231]: pam_unix(cron:session): session closed for user root
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12458]: pam_unix(cron:session): session closed for user p13x
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12517]: Successful su for rubyman by root
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12517]: + ??? root:rubyman
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326569 of user rubyman.
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12517]: pam_unix(su:session): session closed for user rubyman
May  4 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326569.
May  4 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session closed for user root
May  4 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12459]: pam_unix(cron:session): session closed for user samftp
May  4 09:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11663]: pam_unix(cron:session): session closed for user root
May  4 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session closed for user p13x
May  4 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: Successful su for rubyman by root
May  4 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: + ??? root:rubyman
May  4 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326572 of user rubyman.
May  4 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12908]: pam_unix(su:session): session closed for user rubyman
May  4 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326572.
May  4 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session closed for user root
May  4 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session closed for user samftp
May  4 09:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Invalid user loginuser from 193.32.162.97
May  4 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: input_userauth_request: invalid user loginuser [preauth]
May  4 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Invalid user liuyong from 45.144.233.139
May  4 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: input_userauth_request: invalid user liuyong [preauth]
May  4 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 09:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Failed password for invalid user loginuser from 193.32.162.97 port 38058 ssh2
May  4 09:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13103]: Connection closed by 193.32.162.97 port 38058 [preauth]
May  4 09:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Failed password for invalid user liuyong from 45.144.233.139 port 35364 ssh2
May  4 09:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Received disconnect from 45.144.233.139 port 35364:11: Bye Bye [preauth]
May  4 09:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Disconnected from 45.144.233.139 port 35364 [preauth]
May  4 09:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session closed for user root
May  4 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: Failed password for root from 93.113.63.124 port 59828 ssh2
May  4 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: Received disconnect from 93.113.63.124 port 59828:11: Bye Bye [preauth]
May  4 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: Disconnected from 93.113.63.124 port 59828 [preauth]
May  4 09:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Failed password for root from 185.213.164.48 port 40282 ssh2
May  4 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Received disconnect from 185.213.164.48 port 40282:11: Bye Bye [preauth]
May  4 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13218]: Disconnected from 185.213.164.48 port 40282 [preauth]
May  4 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 09:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Failed password for root from 218.92.0.230 port 23890 ssh2
May  4 09:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 23890 ssh2]
May  4 09:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Received disconnect from 218.92.0.230 port 23890:11:  [preauth]
May  4 09:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Disconnected from 218.92.0.230 port 23890 [preauth]
May  4 09:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13253]: pam_unix(cron:session): session closed for user root
May  4 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13248]: pam_unix(cron:session): session closed for user p13x
May  4 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13322]: Successful su for rubyman by root
May  4 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13322]: + ??? root:rubyman
May  4 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326579 of user rubyman.
May  4 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13322]: pam_unix(su:session): session closed for user rubyman
May  4 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326579.
May  4 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13250]: pam_unix(cron:session): session closed for user root
May  4 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10832]: pam_unix(cron:session): session closed for user root
May  4 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13249]: pam_unix(cron:session): session closed for user samftp
May  4 09:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12462]: pam_unix(cron:session): session closed for user root
May  4 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13787]: pam_unix(cron:session): session closed for user p13x
May  4 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: Successful su for rubyman by root
May  4 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: + ??? root:rubyman
May  4 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326583 of user rubyman.
May  4 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13852]: pam_unix(su:session): session closed for user rubyman
May  4 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326583.
May  4 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session closed for user root
May  4 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13788]: pam_unix(cron:session): session closed for user samftp
May  4 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Invalid user admin from 64.226.117.59
May  4 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: input_userauth_request: invalid user admin [preauth]
May  4 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Failed password for invalid user admin from 64.226.117.59 port 37830 ssh2
May  4 09:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Connection closed by 64.226.117.59 port 37830 [preauth]
May  4 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12852]: pam_unix(cron:session): session closed for user root
May  4 09:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Invalid user production from 202.179.66.26
May  4 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: input_userauth_request: invalid user production [preauth]
May  4 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for invalid user production from 202.179.66.26 port 36304 ssh2
May  4 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Received disconnect from 202.179.66.26 port 36304:11: Bye Bye [preauth]
May  4 09:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Disconnected from 202.179.66.26 port 36304 [preauth]
May  4 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user p13x
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14259]: Successful su for rubyman by root
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14259]: + ??? root:rubyman
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326586 of user rubyman.
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14259]: pam_unix(su:session): session closed for user rubyman
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326586.
May  4 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11662]: pam_unix(cron:session): session closed for user root
May  4 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Invalid user solomon from 103.59.95.142
May  4 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: input_userauth_request: invalid user solomon [preauth]
May  4 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user samftp
May  4 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Failed password for invalid user solomon from 103.59.95.142 port 46902 ssh2
May  4 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Received disconnect from 103.59.95.142 port 46902:11: Bye Bye [preauth]
May  4 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14324]: Disconnected from 103.59.95.142 port 46902 [preauth]
May  4 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13252]: pam_unix(cron:session): session closed for user root
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14598]: pam_unix(cron:session): session closed for user p13x
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14668]: Successful su for rubyman by root
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14668]: + ??? root:rubyman
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326592 of user rubyman.
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14668]: pam_unix(su:session): session closed for user rubyman
May  4 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326592.
May  4 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12057]: pam_unix(cron:session): session closed for user root
May  4 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14599]: pam_unix(cron:session): session closed for user samftp
May  4 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13790]: pam_unix(cron:session): session closed for user root
May  4 09:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: Invalid user user from 45.144.233.139
May  4 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: input_userauth_request: invalid user user [preauth]
May  4 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.144.233.139
May  4 09:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: Failed password for invalid user user from 45.144.233.139 port 44146 ssh2
May  4 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: Received disconnect from 45.144.233.139 port 44146:11: Bye Bye [preauth]
May  4 09:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: Disconnected from 45.144.233.139 port 44146 [preauth]
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session closed for user p13x
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: Successful su for rubyman by root
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: + ??? root:rubyman
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326594 of user rubyman.
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15070]: pam_unix(su:session): session closed for user rubyman
May  4 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326594.
May  4 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12461]: pam_unix(cron:session): session closed for user root
May  4 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user samftp
May  4 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user root
May  4 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Failed password for root from 93.113.63.124 port 34208 ssh2
May  4 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Received disconnect from 93.113.63.124 port 34208:11: Bye Bye [preauth]
May  4 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15356]: Disconnected from 93.113.63.124 port 34208 [preauth]
May  4 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 09:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Failed password for root from 185.213.164.48 port 36458 ssh2
May  4 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Received disconnect from 185.213.164.48 port 36458:11: Bye Bye [preauth]
May  4 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Disconnected from 185.213.164.48 port 36458 [preauth]
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session closed for user root
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session closed for user p13x
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15473]: Successful su for rubyman by root
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15473]: + ??? root:rubyman
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326601 of user rubyman.
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15473]: pam_unix(su:session): session closed for user rubyman
May  4 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326601.
May  4 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session closed for user root
May  4 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12851]: pam_unix(cron:session): session closed for user root
May  4 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session closed for user samftp
May  4 09:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: Failed password for root from 164.68.105.9 port 44524 ssh2
May  4 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15709]: Connection closed by 164.68.105.9 port 44524 [preauth]
May  4 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session closed for user root
May  4 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Invalid user loginuser from 193.32.162.97
May  4 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: input_userauth_request: invalid user loginuser [preauth]
May  4 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Failed password for invalid user loginuser from 193.32.162.97 port 47348 ssh2
May  4 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15817]: Connection closed by 193.32.162.97 port 47348 [preauth]
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15831]: pam_unix(cron:session): session closed for user p13x
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15897]: Successful su for rubyman by root
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15897]: + ??? root:rubyman
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326606 of user rubyman.
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15897]: pam_unix(su:session): session closed for user rubyman
May  4 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326606.
May  4 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13251]: pam_unix(cron:session): session closed for user root
May  4 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15832]: pam_unix(cron:session): session closed for user samftp
May  4 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user root
May  4 09:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  4 09:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for root from 218.92.0.231 port 52424 ssh2
May  4 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for root from 218.92.0.231 port 52424 ssh2
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Received disconnect from 218.92.0.231 port 52424:11:  [preauth]
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Disconnected from 218.92.0.231 port 52424 [preauth]
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16222]: pam_unix(cron:session): session closed for user p13x
May  4 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: Successful su for rubyman by root
May  4 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: + ??? root:rubyman
May  4 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326609 of user rubyman.
May  4 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: pam_unix(su:session): session closed for user rubyman
May  4 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326609.
May  4 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13789]: pam_unix(cron:session): session closed for user root
May  4 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  4 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16223]: pam_unix(cron:session): session closed for user samftp
May  4 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Failed password for root from 218.92.0.223 port 46786 ssh2
May  4 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: message repeated 2 times: [ Failed password for root from 218.92.0.223 port 46786 ssh2]
May  4 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Received disconnect from 218.92.0.223 port 46786:11:  [preauth]
May  4 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Disconnected from 218.92.0.223 port 46786 [preauth]
May  4 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  4 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  4 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Failed password for root from 218.92.0.223 port 23138 ssh2
May  4 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Failed password for root from 218.92.0.223 port 23138 ssh2
May  4 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16488]: Failed password for root from 218.92.0.223 port 23138 ssh2
May  4 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Failed password for root from 218.92.0.206 port 65158 ssh2
May  4 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 65158 ssh2]
May  4 09:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session closed for user root
May  4 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Failed password for root from 218.92.0.206 port 65158 ssh2
May  4 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 65158 ssh2 [preauth]
May  4 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Disconnecting: Too many authentication failures [preauth]
May  4 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  4 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Failed password for root from 218.92.0.231 port 58624 ssh2
May  4 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Received disconnect from 218.92.0.231 port 58624:11:  [preauth]
May  4 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Disconnected from 218.92.0.231 port 58624 [preauth]
May  4 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Invalid user admin from 64.226.117.59
May  4 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: input_userauth_request: invalid user admin [preauth]
May  4 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Failed password for invalid user admin from 64.226.117.59 port 33530 ssh2
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Connection closed by 64.226.117.59 port 33530 [preauth]
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16688]: pam_unix(cron:session): session closed for user p13x
May  4 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: Successful su for rubyman by root
May  4 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: + ??? root:rubyman
May  4 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326612 of user rubyman.
May  4 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16751]: pam_unix(su:session): session closed for user rubyman
May  4 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326612.
May  4 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user root
May  4 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16689]: pam_unix(cron:session): session closed for user samftp
May  4 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Invalid user mark from 103.59.95.142
May  4 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: input_userauth_request: invalid user mark [preauth]
May  4 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Failed password for invalid user mark from 103.59.95.142 port 41900 ssh2
May  4 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Received disconnect from 103.59.95.142 port 41900:11: Bye Bye [preauth]
May  4 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Disconnected from 103.59.95.142 port 41900 [preauth]
May  4 09:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session closed for user root
May  4 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16219]: Connection reset by 218.92.0.231 port 44274 [preauth]
May  4 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session closed for user p13x
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: Successful su for rubyman by root
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: + ??? root:rubyman
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326616 of user rubyman.
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17176]: pam_unix(su:session): session closed for user rubyman
May  4 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326616.
May  4 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session closed for user root
May  4 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Connection reset by 218.92.0.231 port 50994 [preauth]
May  4 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session closed for user samftp
May  4 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Failed password for root from 218.92.0.236 port 43890 ssh2
May  4 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 43890 ssh2]
May  4 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Received disconnect from 218.92.0.236 port 43890:11:  [preauth]
May  4 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Disconnected from 218.92.0.236 port 43890 [preauth]
May  4 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session closed for user root
May  4 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: Invalid user liuyong from 93.113.63.124
May  4 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: input_userauth_request: invalid user liuyong [preauth]
May  4 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: Failed password for invalid user liuyong from 93.113.63.124 port 45200 ssh2
May  4 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: Received disconnect from 93.113.63.124 port 45200:11: Bye Bye [preauth]
May  4 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17501]: Disconnected from 93.113.63.124 port 45200 [preauth]
May  4 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Failed password for root from 202.179.66.26 port 54200 ssh2
May  4 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Received disconnect from 202.179.66.26 port 54200:11: Bye Bye [preauth]
May  4 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17514]: Disconnected from 202.179.66.26 port 54200 [preauth]
May  4 09:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: Invalid user ibmuser from 193.70.84.184
May  4 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: input_userauth_request: invalid user ibmuser [preauth]
May  4 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: Failed password for invalid user ibmuser from 193.70.84.184 port 58966 ssh2
May  4 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17529]: Connection closed by 193.70.84.184 port 58966 [preauth]
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17538]: pam_unix(cron:session): session closed for user root
May  4 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17533]: pam_unix(cron:session): session closed for user p13x
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17609]: Successful su for rubyman by root
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17609]: + ??? root:rubyman
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326620 of user rubyman.
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17609]: pam_unix(su:session): session closed for user rubyman
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326620.
May  4 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: Invalid user farmacia from 185.213.164.48
May  4 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: input_userauth_request: invalid user farmacia [preauth]
May  4 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session closed for user root
May  4 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17535]: pam_unix(cron:session): session closed for user root
May  4 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: Failed password for invalid user farmacia from 185.213.164.48 port 34122 ssh2
May  4 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: Received disconnect from 185.213.164.48 port 34122:11: Bye Bye [preauth]
May  4 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17631]: Disconnected from 185.213.164.48 port 34122 [preauth]
May  4 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17534]: pam_unix(cron:session): session closed for user samftp
May  4 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16691]: pam_unix(cron:session): session closed for user root
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session closed for user p13x
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: Successful su for rubyman by root
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: + ??? root:rubyman
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326626 of user rubyman.
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: pam_unix(su:session): session closed for user rubyman
May  4 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326626.
May  4 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session closed for user root
May  4 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18095]: pam_unix(cron:session): session closed for user samftp
May  4 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session closed for user root
May  4 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18511]: pam_unix(cron:session): session closed for user p13x
May  4 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: Successful su for rubyman by root
May  4 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: + ??? root:rubyman
May  4 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326631 of user rubyman.
May  4 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18571]: pam_unix(su:session): session closed for user rubyman
May  4 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326631.
May  4 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session closed for user root
May  4 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18512]: pam_unix(cron:session): session closed for user samftp
May  4 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17537]: pam_unix(cron:session): session closed for user root
May  4 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Invalid user loginuser from 193.32.162.97
May  4 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: input_userauth_request: invalid user loginuser [preauth]
May  4 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Failed password for invalid user loginuser from 193.32.162.97 port 56638 ssh2
May  4 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18864]: Connection closed by 193.32.162.97 port 56638 [preauth]
May  4 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18914]: pam_unix(cron:session): session closed for user p13x
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18977]: Successful su for rubyman by root
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18977]: + ??? root:rubyman
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326636 of user rubyman.
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18977]: pam_unix(su:session): session closed for user rubyman
May  4 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326636.
May  4 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session closed for user root
May  4 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18915]: pam_unix(cron:session): session closed for user samftp
May  4 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Failed password for root from 185.93.89.118 port 49972 ssh2
May  4 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Connection closed by 185.93.89.118 port 49972 [preauth]
May  4 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18098]: pam_unix(cron:session): session closed for user root
May  4 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Failed password for root from 185.93.89.118 port 56952 ssh2
May  4 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Connection closed by 185.93.89.118 port 56952 [preauth]
May  4 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19335]: pam_unix(cron:session): session closed for user p13x
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19396]: Successful su for rubyman by root
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19396]: + ??? root:rubyman
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326639 of user rubyman.
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19396]: pam_unix(su:session): session closed for user rubyman
May  4 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326639.
May  4 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Invalid user office from 103.59.95.142
May  4 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: input_userauth_request: invalid user office [preauth]
May  4 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: Failed password for root from 185.93.89.118 port 65482 ssh2
May  4 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16690]: pam_unix(cron:session): session closed for user root
May  4 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session closed for user samftp
May  4 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Failed password for invalid user office from 103.59.95.142 port 55354 ssh2
May  4 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Received disconnect from 103.59.95.142 port 55354:11: Bye Bye [preauth]
May  4 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19459]: Disconnected from 103.59.95.142 port 55354 [preauth]
May  4 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19305]: Connection closed by 185.93.89.118 port 65482 [preauth]
May  4 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Failed password for root from 185.93.89.118 port 6724 ssh2
May  4 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Connection closed by 185.93.89.118 port 6724 [preauth]
May  4 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18514]: pam_unix(cron:session): session closed for user root
May  4 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: Invalid user admin from 64.226.117.59
May  4 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: input_userauth_request: invalid user admin [preauth]
May  4 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Failed password for root from 185.93.89.118 port 37736 ssh2
May  4 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Connection closed by 185.93.89.118 port 37736 [preauth]
May  4 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: Failed password for invalid user admin from 64.226.117.59 port 58232 ssh2
May  4 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19696]: Connection closed by 64.226.117.59 port 58232 [preauth]
May  4 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Invalid user user1 from 93.113.63.124
May  4 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: input_userauth_request: invalid user user1 [preauth]
May  4 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124
May  4 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Failed password for invalid user user1 from 93.113.63.124 port 46990 ssh2
May  4 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Received disconnect from 93.113.63.124 port 46990:11: Bye Bye [preauth]
May  4 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19729]: Disconnected from 93.113.63.124 port 46990 [preauth]
May  4 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: Invalid user seekcy from 80.94.95.116
May  4 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: input_userauth_request: invalid user seekcy [preauth]
May  4 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: Failed password for invalid user seekcy from 80.94.95.116 port 36340 ssh2
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: Connection closed by 80.94.95.116 port 36340 [preauth]
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session closed for user root
May  4 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session closed for user p13x
May  4 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19830]: Successful su for rubyman by root
May  4 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19830]: + ??? root:rubyman
May  4 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326646 of user rubyman.
May  4 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19830]: pam_unix(su:session): session closed for user rubyman
May  4 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326646.
May  4 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19762]: pam_unix(cron:session): session closed for user root
May  4 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user root
May  4 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session closed for user samftp
May  4 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Invalid user taibabi from 185.213.164.48
May  4 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: input_userauth_request: invalid user taibabi [preauth]
May  4 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Failed password for invalid user taibabi from 185.213.164.48 port 41170 ssh2
May  4 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Received disconnect from 185.213.164.48 port 41170:11: Bye Bye [preauth]
May  4 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Disconnected from 185.213.164.48 port 41170 [preauth]
May  4 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Invalid user user_1 from 202.179.66.26
May  4 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: input_userauth_request: invalid user user_1 [preauth]
May  4 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Failed password for invalid user user_1 from 202.179.66.26 port 34894 ssh2
May  4 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Received disconnect from 202.179.66.26 port 34894:11: Bye Bye [preauth]
May  4 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Disconnected from 202.179.66.26 port 34894 [preauth]
May  4 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session closed for user root
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session closed for user p13x
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20269]: Successful su for rubyman by root
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20269]: + ??? root:rubyman
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326648 of user rubyman.
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20269]: pam_unix(su:session): session closed for user rubyman
May  4 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326648.
May  4 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17536]: pam_unix(cron:session): session closed for user root
May  4 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session closed for user samftp
May  4 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19338]: pam_unix(cron:session): session closed for user root
May  4 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20610]: pam_unix(cron:session): session closed for user p13x
May  4 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: Successful su for rubyman by root
May  4 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: + ??? root:rubyman
May  4 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326653 of user rubyman.
May  4 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: pam_unix(su:session): session closed for user rubyman
May  4 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326653.
May  4 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18097]: pam_unix(cron:session): session closed for user root
May  4 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20611]: pam_unix(cron:session): session closed for user samftp
May  4 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Received disconnect from 218.92.0.231 port 37352:11:  [preauth]
May  4 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Disconnected from 218.92.0.231 port 37352 [preauth]
May  4 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session closed for user root
May  4 09:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Invalid user shuaishuai from 193.70.84.184
May  4 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: input_userauth_request: invalid user shuaishuai [preauth]
May  4 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Failed password for invalid user shuaishuai from 193.70.84.184 port 40644 ssh2
May  4 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Connection closed by 193.70.84.184 port 40644 [preauth]
May  4 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21019]: pam_unix(cron:session): session closed for user p13x
May  4 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21082]: Successful su for rubyman by root
May  4 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21082]: + ??? root:rubyman
May  4 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326656 of user rubyman.
May  4 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21082]: pam_unix(su:session): session closed for user rubyman
May  4 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326656.
May  4 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18513]: pam_unix(cron:session): session closed for user root
May  4 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21020]: pam_unix(cron:session): session closed for user samftp
May  4 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session closed for user root
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user p13x
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: Successful su for rubyman by root
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: + ??? root:rubyman
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326660 of user rubyman.
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21575]: pam_unix(su:session): session closed for user rubyman
May  4 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326660.
May  4 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user root
May  4 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session closed for user root
May  4 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user samftp
May  4 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Invalid user loginuser from 193.32.162.97
May  4 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: input_userauth_request: invalid user loginuser [preauth]
May  4 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Failed password for invalid user loginuser from 193.32.162.97 port 37696 ssh2
May  4 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: Connection closed by 193.32.162.97 port 37696 [preauth]
May  4 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20613]: pam_unix(cron:session): session closed for user root
May  4 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.113.63.124  user=root
May  4 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Failed password for root from 93.113.63.124 port 59408 ssh2
May  4 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Received disconnect from 93.113.63.124 port 59408:11: Bye Bye [preauth]
May  4 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22273]: Disconnected from 93.113.63.124 port 59408 [preauth]
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22321]: pam_unix(cron:session): session closed for user root
May  4 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22312]: pam_unix(cron:session): session closed for user p13x
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22391]: Successful su for rubyman by root
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22391]: + ??? root:rubyman
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326669 of user rubyman.
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22391]: pam_unix(su:session): session closed for user rubyman
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326669.
May  4 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Invalid user user1 from 185.213.164.48
May  4 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: input_userauth_request: invalid user user1 [preauth]
May  4 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19337]: pam_unix(cron:session): session closed for user root
May  4 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22315]: pam_unix(cron:session): session closed for user root
May  4 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Failed password for invalid user user1 from 185.213.164.48 port 50676 ssh2
May  4 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Received disconnect from 185.213.164.48 port 50676:11: Bye Bye [preauth]
May  4 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Disconnected from 185.213.164.48 port 50676 [preauth]
May  4 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22313]: pam_unix(cron:session): session closed for user samftp
May  4 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Invalid user ts3server from 103.59.95.142
May  4 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: input_userauth_request: invalid user ts3server [preauth]
May  4 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Failed password for invalid user ts3server from 103.59.95.142 port 50786 ssh2
May  4 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Received disconnect from 103.59.95.142 port 50786:11: Bye Bye [preauth]
May  4 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Disconnected from 103.59.95.142 port 50786 [preauth]
May  4 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21022]: pam_unix(cron:session): session closed for user root
May  4 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: Invalid user manager from 202.179.66.26
May  4 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: input_userauth_request: invalid user manager [preauth]
May  4 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: Failed password for invalid user manager from 202.179.66.26 port 43822 ssh2
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: Received disconnect from 202.179.66.26 port 43822:11: Bye Bye [preauth]
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22791]: Disconnected from 202.179.66.26 port 43822 [preauth]
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22802]: pam_unix(cron:session): session closed for user p13x
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22885]: Successful su for rubyman by root
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22885]: + ??? root:rubyman
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326672 of user rubyman.
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22885]: pam_unix(su:session): session closed for user rubyman
May  4 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326672.
May  4 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19763]: pam_unix(cron:session): session closed for user root
May  4 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22803]: pam_unix(cron:session): session closed for user samftp
May  4 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Invalid user admin from 64.226.117.59
May  4 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: input_userauth_request: invalid user admin [preauth]
May  4 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Failed password for invalid user admin from 64.226.117.59 port 39994 ssh2
May  4 09:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Connection closed by 64.226.117.59 port 39994 [preauth]
May  4 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session closed for user root
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session closed for user p13x
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: Successful su for rubyman by root
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: + ??? root:rubyman
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326677 of user rubyman.
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23429]: pam_unix(su:session): session closed for user rubyman
May  4 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326677.
May  4 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20205]: pam_unix(cron:session): session closed for user root
May  4 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23270]: pam_unix(cron:session): session closed for user samftp
May  4 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22318]: pam_unix(cron:session): session closed for user root
May  4 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23859]: pam_unix(cron:session): session closed for user p13x
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: Successful su for rubyman by root
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: + ??? root:rubyman
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326681 of user rubyman.
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: pam_unix(su:session): session closed for user rubyman
May  4 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326681.
May  4 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20612]: pam_unix(cron:session): session closed for user root
May  4 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23861]: pam_unix(cron:session): session closed for user samftp
May  4 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22806]: pam_unix(cron:session): session closed for user root
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24308]: pam_unix(cron:session): session closed for user p13x
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24374]: Successful su for rubyman by root
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24374]: + ??? root:rubyman
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326683 of user rubyman.
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24374]: pam_unix(su:session): session closed for user rubyman
May  4 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326683.
May  4 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21021]: pam_unix(cron:session): session closed for user root
May  4 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session closed for user samftp
May  4 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23272]: pam_unix(cron:session): session closed for user root
May  4 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Invalid user gaurav from 185.213.164.48
May  4 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: input_userauth_request: invalid user gaurav [preauth]
May  4 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Failed password for invalid user gaurav from 185.213.164.48 port 41650 ssh2
May  4 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Received disconnect from 185.213.164.48 port 41650:11: Bye Bye [preauth]
May  4 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Disconnected from 185.213.164.48 port 41650 [preauth]
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24745]: pam_unix(cron:session): session closed for user root
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24740]: pam_unix(cron:session): session closed for user p13x
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24813]: Successful su for rubyman by root
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24813]: + ??? root:rubyman
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326689 of user rubyman.
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24813]: pam_unix(su:session): session closed for user rubyman
May  4 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326689.
May  4 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24742]: pam_unix(cron:session): session closed for user root
May  4 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21456]: pam_unix(cron:session): session closed for user root
May  4 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24741]: pam_unix(cron:session): session closed for user samftp
May  4 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23863]: pam_unix(cron:session): session closed for user root
May  4 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25121]: Did not receive identification string from 193.32.162.136
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25184]: pam_unix(cron:session): session closed for user p13x
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: Successful su for rubyman by root
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: + ??? root:rubyman
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326694 of user rubyman.
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25251]: pam_unix(su:session): session closed for user rubyman
May  4 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326694.
May  4 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: Invalid user jeff from 103.59.95.142
May  4 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: input_userauth_request: invalid user jeff [preauth]
May  4 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22316]: pam_unix(cron:session): session closed for user root
May  4 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: Failed password for invalid user jeff from 103.59.95.142 port 58902 ssh2
May  4 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: Received disconnect from 103.59.95.142 port 58902:11: Bye Bye [preauth]
May  4 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25317]: Disconnected from 103.59.95.142 port 58902 [preauth]
May  4 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25185]: pam_unix(cron:session): session closed for user samftp
May  4 09:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 09:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Failed password for root from 202.179.66.26 port 52738 ssh2
May  4 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Received disconnect from 202.179.66.26 port 52738:11: Bye Bye [preauth]
May  4 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Disconnected from 202.179.66.26 port 52738 [preauth]
May  4 09:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: Invalid user oracle from 193.32.162.97
May  4 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: input_userauth_request: invalid user oracle [preauth]
May  4 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: Failed password for invalid user oracle from 193.32.162.97 port 46986 ssh2
May  4 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25503]: Connection closed by 193.32.162.97 port 46986 [preauth]
May  4 09:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24311]: pam_unix(cron:session): session closed for user root
May  4 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user p13x
May  4 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: Successful su for rubyman by root
May  4 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: + ??? root:rubyman
May  4 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326697 of user rubyman.
May  4 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25675]: pam_unix(su:session): session closed for user rubyman
May  4 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326697.
May  4 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22805]: pam_unix(cron:session): session closed for user root
May  4 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user samftp
May  4 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24744]: pam_unix(cron:session): session closed for user root
May  4 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 09:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25953]: Failed password for root from 218.92.0.222 port 52722 ssh2
May  4 09:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Invalid user admin from 64.226.117.59
May  4 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: input_userauth_request: invalid user admin [preauth]
May  4 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Failed password for invalid user admin from 64.226.117.59 port 37346 ssh2
May  4 09:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Connection closed by 64.226.117.59 port 37346 [preauth]
May  4 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Failed password for root from 218.92.0.218 port 33334 ssh2
May  4 09:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Failed password for root from 218.92.0.218 port 33334 ssh2
May  4 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26015]: pam_unix(cron:session): session closed for user p13x
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26077]: Successful su for rubyman by root
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26077]: + ??? root:rubyman
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326701 of user rubyman.
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26077]: pam_unix(su:session): session closed for user rubyman
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326701.
May  4 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Failed password for root from 218.92.0.218 port 33334 ssh2
May  4 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23271]: pam_unix(cron:session): session closed for user root
May  4 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session closed for user samftp
May  4 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Received disconnect from 218.92.0.218 port 33334:11:  [preauth]
May  4 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Disconnected from 218.92.0.218 port 33334 [preauth]
May  4 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25187]: pam_unix(cron:session): session closed for user root
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session closed for user p13x
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26553]: Successful su for rubyman by root
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26553]: + ??? root:rubyman
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326706 of user rubyman.
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26553]: pam_unix(su:session): session closed for user rubyman
May  4 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326706.
May  4 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23862]: pam_unix(cron:session): session closed for user root
May  4 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session closed for user samftp
May  4 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25613]: pam_unix(cron:session): session closed for user root
May  4 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Invalid user template from 185.213.164.48
May  4 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: input_userauth_request: invalid user template [preauth]
May  4 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Failed password for invalid user template from 185.213.164.48 port 53962 ssh2
May  4 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Received disconnect from 185.213.164.48 port 53962:11: Bye Bye [preauth]
May  4 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26866]: Disconnected from 185.213.164.48 port 53962 [preauth]
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session closed for user root
May  4 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session closed for user p13x
May  4 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: Successful su for rubyman by root
May  4 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: + ??? root:rubyman
May  4 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326711 of user rubyman.
May  4 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: pam_unix(su:session): session closed for user rubyman
May  4 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326711.
May  4 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session closed for user root
May  4 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26892]: pam_unix(cron:session): session closed for user root
May  4 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26890]: pam_unix(cron:session): session closed for user samftp
May  4 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26018]: pam_unix(cron:session): session closed for user root
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user p13x
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27507]: Successful su for rubyman by root
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27507]: + ??? root:rubyman
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326715 of user rubyman.
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27507]: pam_unix(su:session): session closed for user rubyman
May  4 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326715.
May  4 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24743]: pam_unix(cron:session): session closed for user root
May  4 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user samftp
May  4 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: Did not receive identification string from 104.234.115.10
May  4 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26410]: pam_unix(cron:session): session closed for user root
May  4 09:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Invalid user vmarketing from 202.179.66.26
May  4 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: input_userauth_request: invalid user vmarketing [preauth]
May  4 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Failed password for invalid user vmarketing from 202.179.66.26 port 33430 ssh2
May  4 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Received disconnect from 202.179.66.26 port 33430:11: Bye Bye [preauth]
May  4 09:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Disconnected from 202.179.66.26 port 33430 [preauth]
May  4 09:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Invalid user sol from 193.32.162.136
May  4 09:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: input_userauth_request: invalid user sol [preauth]
May  4 09:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.136
May  4 09:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27792]: Connection closed by 104.234.115.10 port 34332 [preauth]
May  4 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Failed password for invalid user sol from 193.32.162.136 port 36222 ssh2
May  4 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Connection closed by 193.32.162.136 port 36222 [preauth]
May  4 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27855]: pam_unix(cron:session): session closed for user p13x
May  4 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: Successful su for rubyman by root
May  4 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: + ??? root:rubyman
May  4 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326720 of user rubyman.
May  4 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27917]: pam_unix(su:session): session closed for user rubyman
May  4 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326720.
May  4 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25186]: pam_unix(cron:session): session closed for user root
May  4 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27856]: pam_unix(cron:session): session closed for user samftp
May  4 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: Invalid user ubuntu from 103.59.95.142
May  4 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: input_userauth_request: invalid user ubuntu [preauth]
May  4 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: Failed password for invalid user ubuntu from 103.59.95.142 port 40780 ssh2
May  4 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: Received disconnect from 103.59.95.142 port 40780:11: Bye Bye [preauth]
May  4 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: Disconnected from 103.59.95.142 port 40780 [preauth]
May  4 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session closed for user root
May  4 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for root from 218.92.0.236 port 14624 ssh2
May  4 09:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for root from 218.92.0.236 port 14624 ssh2
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28257]: pam_unix(cron:session): session closed for user p13x
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28315]: Successful su for rubyman by root
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28315]: + ??? root:rubyman
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326725 of user rubyman.
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28315]: pam_unix(su:session): session closed for user rubyman
May  4 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326725.
May  4 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for root from 218.92.0.236 port 14624 ssh2
May  4 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Received disconnect from 218.92.0.236 port 14624:11:  [preauth]
May  4 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Disconnected from 218.92.0.236 port 14624 [preauth]
May  4 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
May  4 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28258]: pam_unix(cron:session): session closed for user samftp
May  4 09:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Invalid user vbox from 46.244.96.25
May  4 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: input_userauth_request: invalid user vbox [preauth]
May  4 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 09:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Failed password for invalid user vbox from 46.244.96.25 port 35634 ssh2
May  4 09:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Connection closed by 46.244.96.25 port 35634 [preauth]
May  4 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Invalid user hadoop from 193.32.162.97
May  4 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: input_userauth_request: invalid user hadoop [preauth]
May  4 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 09:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Failed password for invalid user hadoop from 193.32.162.97 port 56276 ssh2
May  4 09:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28528]: Connection closed by 193.32.162.97 port 56276 [preauth]
May  4 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session closed for user p13x
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28713]: Successful su for rubyman by root
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28713]: + ??? root:rubyman
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326727 of user rubyman.
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28713]: pam_unix(su:session): session closed for user rubyman
May  4 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326727.
May  4 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user root
May  4 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session closed for user samftp
May  4 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: Invalid user admin from 64.226.117.59
May  4 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: input_userauth_request: invalid user admin [preauth]
May  4 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 09:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: Failed password for invalid user admin from 64.226.117.59 port 60562 ssh2
May  4 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28975]: Connection closed by 64.226.117.59 port 60562 [preauth]
May  4 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27859]: pam_unix(cron:session): session closed for user root
May  4 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Invalid user dima from 185.213.164.48
May  4 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: input_userauth_request: invalid user dima [preauth]
May  4 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 09:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Failed password for invalid user dima from 185.213.164.48 port 39736 ssh2
May  4 09:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Received disconnect from 185.213.164.48 port 39736:11: Bye Bye [preauth]
May  4 09:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29138]: Disconnected from 185.213.164.48 port 39736 [preauth]
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session closed for user root
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session closed for user p13x
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29230]: Successful su for rubyman by root
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29230]: + ??? root:rubyman
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326734 of user rubyman.
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29230]: pam_unix(su:session): session closed for user rubyman
May  4 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326734.
May  4 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session closed for user root
May  4 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26409]: pam_unix(cron:session): session closed for user root
May  4 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29158]: pam_unix(cron:session): session closed for user samftp
May  4 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session closed for user root
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session closed for user p13x
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: Successful su for rubyman by root
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: + ??? root:rubyman
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326738 of user rubyman.
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session closed for user rubyman
May  4 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326738.
May  4 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session closed for user root
May  4 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29606]: pam_unix(cron:session): session closed for user samftp
May  4 09:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Invalid user admin from 139.19.117.131
May  4 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: input_userauth_request: invalid user admin [preauth]
May  4 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session closed for user root
May  4 09:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29934]: Connection closed by 139.19.117.131 port 54618 [preauth]
May  4 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user p13x
May  4 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30085]: Successful su for rubyman by root
May  4 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30085]: + ??? root:rubyman
May  4 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326742 of user rubyman.
May  4 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30085]: pam_unix(su:session): session closed for user rubyman
May  4 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326742.
May  4 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user root
May  4 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user samftp
May  4 09:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Failed password for root from 202.179.66.26 port 42342 ssh2
May  4 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Received disconnect from 202.179.66.26 port 42342:11: Bye Bye [preauth]
May  4 09:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Disconnected from 202.179.66.26 port 42342 [preauth]
May  4 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session closed for user root
May  4 09:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30418]: pam_unix(cron:session): session closed for user p13x
May  4 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30481]: Successful su for rubyman by root
May  4 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30481]: + ??? root:rubyman
May  4 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326746 of user rubyman.
May  4 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30481]: pam_unix(su:session): session closed for user rubyman
May  4 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326746.
May  4 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27857]: pam_unix(cron:session): session closed for user root
May  4 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30419]: pam_unix(cron:session): session closed for user samftp
May  4 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: Invalid user solana from 193.32.162.136
May  4 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: input_userauth_request: invalid user solana [preauth]
May  4 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.136
May  4 09:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: Failed password for invalid user solana from 193.32.162.136 port 51626 ssh2
May  4 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: Failed password for root from 103.59.95.142 port 35872 ssh2
May  4 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30661]: Connection closed by 193.32.162.136 port 51626 [preauth]
May  4 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: Received disconnect from 103.59.95.142 port 35872:11: Bye Bye [preauth]
May  4 09:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: Disconnected from 103.59.95.142 port 35872 [preauth]
May  4 09:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 09:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29608]: pam_unix(cron:session): session closed for user root
May  4 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Failed password for root from 218.92.0.206 port 26710 ssh2
May  4 09:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 26710 ssh2]
May  4 09:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 26710 ssh2 [preauth]
May  4 09:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Disconnecting: Too many authentication failures [preauth]
May  4 09:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 09:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 09:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 09:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 218.92.0.206 port 10794 ssh2
May  4 09:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 218.92.0.206 port 10794 ssh2
May  4 09:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 218.92.0.206 port 10794 ssh2
May  4 09:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 218.92.0.206 port 10794 ssh2
May  4 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session closed for user p13x
May  4 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30880]: Successful su for rubyman by root
May  4 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30880]: + ??? root:rubyman
May  4 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326749 of user rubyman.
May  4 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30880]: pam_unix(su:session): session closed for user rubyman
May  4 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326749.
May  4 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 218.92.0.206 port 10794 ssh2
May  4 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session closed for user root
May  4 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session closed for user samftp
May  4 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Failed password for root from 218.92.0.206 port 10794 ssh2
May  4 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 10794 ssh2 [preauth]
May  4 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: Disconnecting: Too many authentication failures [preauth]
May  4 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30793]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session closed for user root
May  4 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Did not receive identification string from 193.32.162.135
May  4 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: User john from 185.213.164.48 not allowed because not listed in AllowUsers
May  4 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: input_userauth_request: invalid user john [preauth]
May  4 09:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=john
May  4 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Failed password for invalid user john from 185.213.164.48 port 51064 ssh2
May  4 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Received disconnect from 185.213.164.48 port 51064:11: Bye Bye [preauth]
May  4 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Disconnected from 185.213.164.48 port 51064 [preauth]
May  4 09:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: Invalid user hadoop from 193.32.162.97
May  4 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: input_userauth_request: invalid user hadoop [preauth]
May  4 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: pam_unix(sshd:auth): check pass; user unknown
May  4 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: Failed password for invalid user hadoop from 193.32.162.97 port 37334 ssh2
May  4 10:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31218]: Connection closed by 193.32.162.97 port 37334 [preauth]
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31227]: pam_unix(cron:session): session closed for user root
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session closed for user root
May  4 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session closed for user p13x
May  4 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31325]: Successful su for rubyman by root
May  4 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31325]: + ??? root:rubyman
May  4 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326754 of user rubyman.
May  4 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31325]: pam_unix(su:session): session closed for user rubyman
May  4 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326754.
May  4 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session closed for user root
May  4 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session closed for user root
May  4 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session closed for user samftp
May  4 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30421]: pam_unix(cron:session): session closed for user root
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31744]: pam_unix(cron:session): session closed for user p13x
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: Successful su for rubyman by root
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: + ??? root:rubyman
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326760 of user rubyman.
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: pam_unix(su:session): session closed for user rubyman
May  4 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326760.
May  4 10:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session closed for user root
May  4 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session closed for user samftp
May  4 10:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Invalid user admin from 64.226.117.59
May  4 10:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: input_userauth_request: invalid user admin [preauth]
May  4 10:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Failed password for invalid user admin from 64.226.117.59 port 43400 ssh2
May  4 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32006]: Connection closed by 64.226.117.59 port 43400 [preauth]
May  4 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session closed for user root
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32154]: pam_unix(cron:session): session closed for user p13x
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: Successful su for rubyman by root
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: + ??? root:rubyman
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326764 of user rubyman.
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32215]: pam_unix(su:session): session closed for user rubyman
May  4 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326764.
May  4 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29607]: pam_unix(cron:session): session closed for user root
May  4 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32155]: pam_unix(cron:session): session closed for user samftp
May  4 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session closed for user root
May  4 10:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Invalid user taibabi from 202.179.66.26
May  4 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: input_userauth_request: invalid user taibabi [preauth]
May  4 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Failed password for invalid user taibabi from 202.179.66.26 port 51262 ssh2
May  4 10:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Received disconnect from 202.179.66.26 port 51262:11: Bye Bye [preauth]
May  4 10:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Disconnected from 202.179.66.26 port 51262 [preauth]
May  4 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session closed for user p13x
May  4 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: Successful su for rubyman by root
May  4 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: + ??? root:rubyman
May  4 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326768 of user rubyman.
May  4 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32717]: pam_unix(su:session): session closed for user rubyman
May  4 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326768.
May  4 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
May  4 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32556]: pam_unix(cron:session): session closed for user samftp
May  4 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session closed for user root
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user p13x
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[701]: Successful su for rubyman by root
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[701]: + ??? root:rubyman
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326772 of user rubyman.
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[701]: pam_unix(su:session): session closed for user rubyman
May  4 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326772.
May  4 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30420]: pam_unix(cron:session): session closed for user root
May  4 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[624]: pam_unix(cron:session): session closed for user samftp
May  4 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Invalid user vision from 103.59.95.142
May  4 10:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: input_userauth_request: invalid user vision [preauth]
May  4 10:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 10:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Failed password for invalid user vision from 103.59.95.142 port 60940 ssh2
May  4 10:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Received disconnect from 103.59.95.142 port 60940:11: Bye Bye [preauth]
May  4 10:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Disconnected from 103.59.95.142 port 60940 [preauth]
May  4 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Invalid user ts3server from 80.94.95.115
May  4 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: input_userauth_request: invalid user ts3server [preauth]
May  4 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  4 10:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Failed password for root from 218.92.0.112 port 54690 ssh2
May  4 10:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Failed password for invalid user ts3server from 80.94.95.115 port 18858 ssh2
May  4 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[934]: Connection closed by 80.94.95.115 port 18858 [preauth]
May  4 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Failed password for root from 218.92.0.112 port 54690 ssh2
May  4 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Failed password for root from 218.92.0.112 port 54690 ssh2
May  4 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Received disconnect from 218.92.0.112 port 54690:11:  [preauth]
May  4 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: Disconnected from 218.92.0.112 port 54690 [preauth]
May  4 10:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[935]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32157]: pam_unix(cron:session): session closed for user root
May  4 10:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Invalid user supervisor from 185.213.164.48
May  4 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: input_userauth_request: invalid user supervisor [preauth]
May  4 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for invalid user supervisor from 185.213.164.48 port 35480 ssh2
May  4 10:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Received disconnect from 185.213.164.48 port 35480:11: Bye Bye [preauth]
May  4 10:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Disconnected from 185.213.164.48 port 35480 [preauth]
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1067]: pam_unix(cron:session): session closed for user root
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1062]: pam_unix(cron:session): session closed for user p13x
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: Successful su for rubyman by root
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: + ??? root:rubyman
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326778 of user rubyman.
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: pam_unix(su:session): session closed for user rubyman
May  4 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326778.
May  4 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1064]: pam_unix(cron:session): session closed for user root
May  4 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session closed for user root
May  4 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session closed for user samftp
May  4 10:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Invalid user liufeng from 50.235.31.47
May  4 10:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: input_userauth_request: invalid user liufeng [preauth]
May  4 10:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Failed password for invalid user liufeng from 50.235.31.47 port 34128 ssh2
May  4 10:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1417]: Connection closed by 50.235.31.47 port 34128 [preauth]
May  4 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32558]: pam_unix(cron:session): session closed for user root
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1567]: pam_unix(cron:session): session closed for user p13x
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1643]: Successful su for rubyman by root
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1643]: + ??? root:rubyman
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326782 of user rubyman.
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1643]: pam_unix(su:session): session closed for user rubyman
May  4 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326782.
May  4 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user root
May  4 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1568]: pam_unix(cron:session): session closed for user samftp
May  4 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user root
May  4 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Invalid user hadoop from 193.32.162.97
May  4 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Failed password for invalid user hadoop from 193.32.162.97 port 46624 ssh2
May  4 10:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Connection closed by 193.32.162.97 port 46624 [preauth]
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2088]: pam_unix(cron:session): session closed for user p13x
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2151]: Successful su for rubyman by root
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2151]: + ??? root:rubyman
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326787 of user rubyman.
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2151]: pam_unix(su:session): session closed for user rubyman
May  4 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326787.
May  4 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31746]: pam_unix(cron:session): session closed for user root
May  4 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session closed for user samftp
May  4 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1066]: pam_unix(cron:session): session closed for user root
May  4 10:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Invalid user admin from 64.226.117.59
May  4 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: input_userauth_request: invalid user admin [preauth]
May  4 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Failed password for invalid user admin from 64.226.117.59 port 38614 ssh2
May  4 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Connection closed by 64.226.117.59 port 38614 [preauth]
May  4 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user p13x
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2570]: Successful su for rubyman by root
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2570]: + ??? root:rubyman
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326790 of user rubyman.
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2570]: pam_unix(su:session): session closed for user rubyman
May  4 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326790.
May  4 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32156]: pam_unix(cron:session): session closed for user root
May  4 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user samftp
May  4 10:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Invalid user rramirez from 202.179.66.26
May  4 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: input_userauth_request: invalid user rramirez [preauth]
May  4 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Failed password for invalid user rramirez from 202.179.66.26 port 60176 ssh2
May  4 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Received disconnect from 202.179.66.26 port 60176:11: Bye Bye [preauth]
May  4 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2786]: Disconnected from 202.179.66.26 port 60176 [preauth]
May  4 10:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session closed for user root
May  4 10:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Invalid user titan from 164.68.105.9
May  4 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: input_userauth_request: invalid user titan [preauth]
May  4 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Failed password for invalid user titan from 164.68.105.9 port 56456 ssh2
May  4 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Connection closed by 164.68.105.9 port 56456 [preauth]
May  4 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2950]: pam_unix(cron:session): session closed for user p13x
May  4 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3063]: Successful su for rubyman by root
May  4 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3063]: + ??? root:rubyman
May  4 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326794 of user rubyman.
May  4 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3063]: pam_unix(su:session): session closed for user rubyman
May  4 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326794.
May  4 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2948]: pam_unix(cron:session): session closed for user root
May  4 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  4 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32557]: pam_unix(cron:session): session closed for user root
May  4 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2951]: pam_unix(cron:session): session closed for user samftp
May  4 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Failed password for root from 218.92.0.219 port 20558 ssh2
May  4 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 20558 ssh2]
May  4 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Received disconnect from 218.92.0.219 port 20558:11:  [preauth]
May  4 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Disconnected from 218.92.0.219 port 20558 [preauth]
May  4 10:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  4 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session closed for user root
May  4 10:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Invalid user gold from 185.213.164.48
May  4 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: input_userauth_request: invalid user gold [preauth]
May  4 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Failed password for invalid user gold from 185.213.164.48 port 43954 ssh2
May  4 10:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Received disconnect from 185.213.164.48 port 43954:11: Bye Bye [preauth]
May  4 10:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Disconnected from 185.213.164.48 port 43954 [preauth]
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user root
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session closed for user p13x
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: Successful su for rubyman by root
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: + ??? root:rubyman
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326799 of user rubyman.
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: pam_unix(su:session): session closed for user rubyman
May  4 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326799.
May  4 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session closed for user root
May  4 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session closed for user root
May  4 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session closed for user samftp
May  4 10:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Invalid user devops from 103.59.95.142
May  4 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: input_userauth_request: invalid user devops [preauth]
May  4 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Failed password for invalid user devops from 103.59.95.142 port 33292 ssh2
May  4 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Received disconnect from 103.59.95.142 port 33292:11: Bye Bye [preauth]
May  4 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Disconnected from 103.59.95.142 port 33292 [preauth]
May  4 10:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2513]: pam_unix(cron:session): session closed for user root
May  4 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user p13x
May  4 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: Successful su for rubyman by root
May  4 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: + ??? root:rubyman
May  4 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326807 of user rubyman.
May  4 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: pam_unix(su:session): session closed for user rubyman
May  4 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326807.
May  4 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1065]: pam_unix(cron:session): session closed for user root
May  4 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user samftp
May  4 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2953]: pam_unix(cron:session): session closed for user root
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4533]: pam_unix(cron:session): session closed for user p13x
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4601]: Successful su for rubyman by root
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4601]: + ??? root:rubyman
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326811 of user rubyman.
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4601]: pam_unix(su:session): session closed for user rubyman
May  4 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326811.
May  4 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session closed for user root
May  4 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4534]: pam_unix(cron:session): session closed for user samftp
May  4 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Invalid user christian from 80.94.95.241
May  4 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: input_userauth_request: invalid user christian [preauth]
May  4 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Failed password for invalid user christian from 80.94.95.241 port 23519 ssh2
May  4 10:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Failed password for invalid user christian from 80.94.95.241 port 23519 ssh2
May  4 10:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Failed password for invalid user christian from 80.94.95.241 port 23519 ssh2
May  4 10:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Failed password for invalid user christian from 80.94.95.241 port 23519 ssh2
May  4 10:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Failed password for invalid user christian from 80.94.95.241 port 23519 ssh2
May  4 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Received disconnect from 80.94.95.241 port 23519:11: Bye [preauth]
May  4 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Disconnected from 80.94.95.241 port 23519 [preauth]
May  4 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 10:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session closed for user root
May  4 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4959]: pam_unix(cron:session): session closed for user p13x
May  4 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5203]: Successful su for rubyman by root
May  4 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5203]: + ??? root:rubyman
May  4 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326813 of user rubyman.
May  4 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5203]: pam_unix(su:session): session closed for user rubyman
May  4 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326813.
May  4 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2090]: pam_unix(cron:session): session closed for user root
May  4 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4960]: pam_unix(cron:session): session closed for user samftp
May  4 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session closed for user root
May  4 10:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Invalid user hadoop from 193.32.162.97
May  4 10:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Invalid user dima from 202.179.66.26
May  4 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: input_userauth_request: invalid user dima [preauth]
May  4 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Failed password for invalid user hadoop from 193.32.162.97 port 55914 ssh2
May  4 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: Connection closed by 193.32.162.97 port 55914 [preauth]
May  4 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Failed password for invalid user dima from 202.179.66.26 port 40866 ssh2
May  4 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Received disconnect from 202.179.66.26 port 40866:11: Bye Bye [preauth]
May  4 10:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Disconnected from 202.179.66.26 port 40866 [preauth]
May  4 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session closed for user p13x
May  4 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: Successful su for rubyman by root
May  4 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: + ??? root:rubyman
May  4 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326818 of user rubyman.
May  4 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: pam_unix(su:session): session closed for user rubyman
May  4 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326818.
May  4 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session closed for user root
May  4 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session closed for user samftp
May  4 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Invalid user admin from 64.226.117.59
May  4 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: input_userauth_request: invalid user admin [preauth]
May  4 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Failed password for invalid user admin from 64.226.117.59 port 32774 ssh2
May  4 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5998]: Connection closed by 64.226.117.59 port 32774 [preauth]
May  4 10:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4536]: pam_unix(cron:session): session closed for user root
May  4 10:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 10:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: Failed password for root from 185.213.164.48 port 42304 ssh2
May  4 10:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: Received disconnect from 185.213.164.48 port 42304:11: Bye Bye [preauth]
May  4 10:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: Disconnected from 185.213.164.48 port 42304 [preauth]
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6132]: pam_unix(cron:session): session closed for user root
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6126]: pam_unix(cron:session): session closed for user p13x
May  4 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: Successful su for rubyman by root
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: + ??? root:rubyman
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326821 of user rubyman.
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: pam_unix(su:session): session closed for user rubyman
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326821.
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Invalid user  from 116.198.207.211
May  4 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: input_userauth_request: invalid user  [preauth]
May  4 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session closed for user root
May  4 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2952]: pam_unix(cron:session): session closed for user root
May  4 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session closed for user samftp
May  4 10:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Connection closed by 116.198.207.211 port 52484 [preauth]
May  4 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session closed for user root
May  4 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6555]: pam_unix(cron:session): session closed for user p13x
May  4 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6624]: Successful su for rubyman by root
May  4 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6624]: + ??? root:rubyman
May  4 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326827 of user rubyman.
May  4 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6624]: pam_unix(su:session): session closed for user rubyman
May  4 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326827.
May  4 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session closed for user root
May  4 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6556]: pam_unix(cron:session): session closed for user samftp
May  4 10:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: Failed password for root from 218.92.0.230 port 62416 ssh2
May  4 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6817]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 62416 ssh2]
May  4 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Invalid user user from 103.59.95.142
May  4 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: input_userauth_request: invalid user user [preauth]
May  4 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 10:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Failed password for invalid user user from 103.59.95.142 port 44898 ssh2
May  4 10:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Received disconnect from 103.59.95.142 port 44898:11: Bye Bye [preauth]
May  4 10:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6850]: Disconnected from 103.59.95.142 port 44898 [preauth]
May  4 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session closed for user root
May  4 10:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7077]: pam_unix(cron:session): session closed for user root
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7082]: pam_unix(cron:session): session closed for user p13x
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7152]: Successful su for rubyman by root
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7152]: + ??? root:rubyman
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326833 of user rubyman.
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7152]: pam_unix(su:session): session closed for user rubyman
May  4 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326833.
May  4 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3925]: pam_unix(cron:session): session closed for user root
May  4 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session closed for user samftp
May  4 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user root
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user p13x
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: Successful su for rubyman by root
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: + ??? root:rubyman
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326837 of user rubyman.
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7644]: pam_unix(su:session): session closed for user rubyman
May  4 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326837.
May  4 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4535]: pam_unix(cron:session): session closed for user root
May  4 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session closed for user samftp
May  4 10:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6558]: pam_unix(cron:session): session closed for user root
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session closed for user p13x
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8064]: Successful su for rubyman by root
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8064]: + ??? root:rubyman
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326840 of user rubyman.
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8064]: pam_unix(su:session): session closed for user rubyman
May  4 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326840.
May  4 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session closed for user root
May  4 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session closed for user samftp
May  4 10:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Failed password for root from 202.179.66.26 port 49776 ssh2
May  4 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Received disconnect from 202.179.66.26 port 49776:11: Bye Bye [preauth]
May  4 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Disconnected from 202.179.66.26 port 49776 [preauth]
May  4 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session closed for user root
May  4 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Failed password for root from 185.213.164.48 port 36808 ssh2
May  4 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Received disconnect from 185.213.164.48 port 36808:11: Bye Bye [preauth]
May  4 10:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Disconnected from 185.213.164.48 port 36808 [preauth]
May  4 10:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session closed for user root
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session closed for user p13x
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: Successful su for rubyman by root
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: + ??? root:rubyman
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326848 of user rubyman.
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session closed for user rubyman
May  4 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326848.
May  4 10:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session closed for user root
May  4 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session closed for user root
May  4 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session closed for user samftp
May  4 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 10:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: Failed password for root from 185.93.89.118 port 29476 ssh2
May  4 10:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8414]: Connection closed by 185.93.89.118 port 29476 [preauth]
May  4 10:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 10:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Invalid user git from 116.198.207.211
May  4 10:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: input_userauth_request: invalid user git [preauth]
May  4 10:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.198.207.211
May  4 10:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: Invalid user wang from 116.198.207.211
May  4 10:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: input_userauth_request: invalid user wang [preauth]
May  4 10:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.198.207.211
May  4 10:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Failed password for root from 185.93.89.118 port 20178 ssh2
May  4 10:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Failed password for invalid user git from 116.198.207.211 port 47800 ssh2
May  4 10:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: Failed password for invalid user wang from 116.198.207.211 port 54728 ssh2
May  4 10:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Connection closed by 116.198.207.211 port 47800 [preauth]
May  4 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8820]: Connection closed by 116.198.207.211 port 54728 [preauth]
May  4 10:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7485]: pam_unix(cron:session): session closed for user root
May  4 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Connection closed by 185.93.89.118 port 20178 [preauth]
May  4 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: Invalid user hadoop from 193.32.162.97
May  4 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: Failed password for invalid user hadoop from 193.32.162.97 port 36972 ssh2
May  4 10:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8847]: Connection closed by 193.32.162.97 port 36972 [preauth]
May  4 10:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 10:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Failed password for root from 185.93.89.118 port 18310 ssh2
May  4 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Invalid user gpadmin from 116.198.207.211
May  4 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: input_userauth_request: invalid user gpadmin [preauth]
May  4 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.198.207.211
May  4 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Connection closed by 185.93.89.118 port 18310 [preauth]
May  4 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Invalid user nginx from 116.198.207.211
May  4 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: input_userauth_request: invalid user nginx [preauth]
May  4 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.198.207.211
May  4 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Failed password for invalid user gpadmin from 116.198.207.211 port 32910 ssh2
May  4 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8895]: Connection closed by 116.198.207.211 port 32910 [preauth]
May  4 10:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Failed password for invalid user nginx from 116.198.207.211 port 33426 ssh2
May  4 10:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8897]: Connection closed by 116.198.207.211 port 33426 [preauth]
May  4 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Connection closed by 116.198.207.211 port 39838 [preauth]
May  4 10:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8858]: Connection closed by 116.198.207.211 port 40354 [preauth]
May  4 10:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Connection closed by 116.198.207.211 port 47282 [preauth]
May  4 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Connection closed by 116.198.207.211 port 33936 [preauth]
May  4 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 10:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Failed password for root from 185.93.89.118 port 27892 ssh2
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8935]: pam_unix(cron:session): session closed for user p13x
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: Invalid user admin from 64.226.117.59
May  4 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: input_userauth_request: invalid user admin [preauth]
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9006]: Successful su for rubyman by root
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9006]: + ??? root:rubyman
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326851 of user rubyman.
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9006]: pam_unix(su:session): session closed for user rubyman
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326851.
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Connection closed by 185.93.89.118 port 27892 [preauth]
May  4 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user root
May  4 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: Failed password for invalid user admin from 64.226.117.59 port 42166 ssh2
May  4 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: Connection closed by 64.226.117.59 port 42166 [preauth]
May  4 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8936]: pam_unix(cron:session): session closed for user samftp
May  4 10:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 10:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Failed password for root from 185.93.89.118 port 29056 ssh2
May  4 10:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9077]: Connection closed by 185.93.89.118 port 29056 [preauth]
May  4 10:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8775]: Connection closed by 116.198.207.211 port 55238 [preauth]
May  4 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session closed for user root
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9469]: pam_unix(cron:session): session closed for user p13x
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: Successful su for rubyman by root
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: + ??? root:rubyman
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326854 of user rubyman.
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: pam_unix(su:session): session closed for user rubyman
May  4 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326854.
May  4 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session closed for user root
May  4 10:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session closed for user samftp
May  4 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 10:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Failed password for root from 103.59.95.142 port 55948 ssh2
May  4 10:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Received disconnect from 103.59.95.142 port 55948:11: Bye Bye [preauth]
May  4 10:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Disconnected from 103.59.95.142 port 55948 [preauth]
May  4 10:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session closed for user root
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session closed for user p13x
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9937]: Successful su for rubyman by root
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9937]: + ??? root:rubyman
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326858 of user rubyman.
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9937]: pam_unix(su:session): session closed for user rubyman
May  4 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326858.
May  4 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session closed for user root
May  4 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user samftp
May  4 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session closed for user root
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session closed for user p13x
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: Successful su for rubyman by root
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: + ??? root:rubyman
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326862 of user rubyman.
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: pam_unix(su:session): session closed for user rubyman
May  4 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326862.
May  4 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session closed for user root
May  4 10:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session closed for user samftp
May  4 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session closed for user root
May  4 10:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Invalid user test from 202.179.66.26
May  4 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: input_userauth_request: invalid user test [preauth]
May  4 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Invalid user dmdba from 185.213.164.48
May  4 10:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: input_userauth_request: invalid user dmdba [preauth]
May  4 10:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Failed password for invalid user test from 202.179.66.26 port 58700 ssh2
May  4 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Failed password for invalid user dmdba from 185.213.164.48 port 44574 ssh2
May  4 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Received disconnect from 202.179.66.26 port 58700:11: Bye Bye [preauth]
May  4 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Disconnected from 202.179.66.26 port 58700 [preauth]
May  4 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Received disconnect from 185.213.164.48 port 44574:11: Bye Bye [preauth]
May  4 10:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Disconnected from 185.213.164.48 port 44574 [preauth]
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user root
May  4 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session closed for user p13x
May  4 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10905]: Successful su for rubyman by root
May  4 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10905]: + ??? root:rubyman
May  4 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326867 of user rubyman.
May  4 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10905]: pam_unix(su:session): session closed for user rubyman
May  4 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326867.
May  4 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Invalid user starbound from 190.103.202.7
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: input_userauth_request: invalid user starbound [preauth]
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session closed for user root
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session closed for user root
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Invalid user dev from 176.31.162.135
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: input_userauth_request: invalid user dev [preauth]
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Invalid user pritchard from 80.94.95.125
May  4 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: input_userauth_request: invalid user pritchard [preauth]
May  4 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for invalid user starbound from 190.103.202.7 port 43692 ssh2
May  4 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Connection closed by 190.103.202.7 port 43692 [preauth]
May  4 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10838]: pam_unix(cron:session): session closed for user samftp
May  4 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Failed password for invalid user dev from 176.31.162.135 port 35290 ssh2
May  4 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: Connection closed by 176.31.162.135 port 35290 [preauth]
May  4 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Failed password for invalid user pritchard from 80.94.95.125 port 47601 ssh2
May  4 10:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Failed password for invalid user pritchard from 80.94.95.125 port 47601 ssh2
May  4 10:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Failed password for invalid user pritchard from 80.94.95.125 port 47601 ssh2
May  4 10:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Failed password for invalid user pritchard from 80.94.95.125 port 47601 ssh2
May  4 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Failed password for invalid user pritchard from 80.94.95.125 port 47601 ssh2
May  4 10:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Received disconnect from 80.94.95.125 port 47601:11: Bye [preauth]
May  4 10:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: Disconnected from 80.94.95.125 port 47601 [preauth]
May  4 10:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 10:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11086]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user root
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session closed for user p13x
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: Successful su for rubyman by root
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: + ??? root:rubyman
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326872 of user rubyman.
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: pam_unix(su:session): session closed for user rubyman
May  4 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326872.
May  4 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user root
May  4 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session closed for user samftp
May  4 10:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10358]: pam_unix(cron:session): session closed for user root
May  4 10:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  4 10:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Failed password for root from 124.198.59.254 port 38468 ssh2
May  4 10:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Connection closed by 124.198.59.254 port 38468 [preauth]
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11672]: pam_unix(cron:session): session closed for user p13x
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11734]: Successful su for rubyman by root
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11734]: + ??? root:rubyman
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326877 of user rubyman.
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11734]: pam_unix(su:session): session closed for user rubyman
May  4 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326877.
May  4 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8937]: pam_unix(cron:session): session closed for user root
May  4 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11673]: pam_unix(cron:session): session closed for user samftp
May  4 10:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Invalid user oracle from 193.32.162.97
May  4 10:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: input_userauth_request: invalid user oracle [preauth]
May  4 10:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Failed password for invalid user oracle from 193.32.162.97 port 46262 ssh2
May  4 10:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Connection closed by 193.32.162.97 port 46262 [preauth]
May  4 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user root
May  4 10:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Invalid user admin from 64.226.117.59
May  4 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: input_userauth_request: invalid user admin [preauth]
May  4 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Failed password for invalid user admin from 64.226.117.59 port 34744 ssh2
May  4 10:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Connection closed by 64.226.117.59 port 34744 [preauth]
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session closed for user p13x
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12119]: Successful su for rubyman by root
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12119]: + ??? root:rubyman
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326880 of user rubyman.
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12119]: pam_unix(su:session): session closed for user rubyman
May  4 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326880.
May  4 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session closed for user root
May  4 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session closed for user samftp
May  4 10:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Failed password for root from 103.59.95.142 port 43608 ssh2
May  4 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Received disconnect from 103.59.95.142 port 43608:11: Bye Bye [preauth]
May  4 10:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12311]: Disconnected from 103.59.95.142 port 43608 [preauth]
May  4 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11265]: pam_unix(cron:session): session closed for user root
May  4 10:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 10:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Failed password for root from 218.92.0.112 port 47430 ssh2
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 47430 ssh2]
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Received disconnect from 218.92.0.112 port 47430:11:  [preauth]
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Disconnected from 218.92.0.112 port 47430 [preauth]
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user p13x
May  4 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: Successful su for rubyman by root
May  4 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: + ??? root:rubyman
May  4 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326886 of user rubyman.
May  4 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12531]: pam_unix(su:session): session closed for user rubyman
May  4 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326886.
May  4 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user root
May  4 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user samftp
May  4 10:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Invalid user h from 195.178.110.50
May  4 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: input_userauth_request: invalid user h [preauth]
May  4 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 10:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Failed password for invalid user h from 195.178.110.50 port 44424 ssh2
May  4 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12745]: Connection closed by 195.178.110.50 port 44424 [preauth]
May  4 10:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11675]: pam_unix(cron:session): session closed for user root
May  4 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Invalid user 5 from 195.178.110.50
May  4 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: input_userauth_request: invalid user 5 [preauth]
May  4 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 10:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Failed password for invalid user 5 from 195.178.110.50 port 3308 ssh2
May  4 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Connection closed by 195.178.110.50 port 3308 [preauth]
May  4 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: Invalid user ` from 195.178.110.50
May  4 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: input_userauth_request: invalid user ` [preauth]
May  4 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Invalid user hubin from 185.213.164.48
May  4 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: input_userauth_request: invalid user hubin [preauth]
May  4 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: Failed password for invalid user ` from 195.178.110.50 port 36482 ssh2
May  4 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Failed password for invalid user hubin from 185.213.164.48 port 41222 ssh2
May  4 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Received disconnect from 185.213.164.48 port 41222:11: Bye Bye [preauth]
May  4 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12819]: Disconnected from 185.213.164.48 port 41222 [preauth]
May  4 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12817]: Connection closed by 195.178.110.50 port 36482 [preauth]
May  4 10:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Invalid user - from 195.178.110.50
May  4 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: input_userauth_request: invalid user - [preauth]
May  4 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: pam_unix(sshd:auth): bad username [-]
May  4 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Failed password for invalid user - from 195.178.110.50 port 31864 ssh2
May  4 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Connection closed by 195.178.110.50 port 31864 [preauth]
May  4 10:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Invalid user X from 195.178.110.50
May  4 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: input_userauth_request: invalid user X [preauth]
May  4 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Failed password for invalid user X from 195.178.110.50 port 31892 ssh2
May  4 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12852]: Connection closed by 195.178.110.50 port 31892 [preauth]
May  4 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session closed for user root
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session closed for user p13x
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Invalid user taibabi from 202.179.66.26
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: input_userauth_request: invalid user taibabi [preauth]
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12941]: Successful su for rubyman by root
May  4 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12941]: + ??? root:rubyman
May  4 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326890 of user rubyman.
May  4 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12941]: pam_unix(su:session): session closed for user rubyman
May  4 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326890.
May  4 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Failed password for invalid user taibabi from 202.179.66.26 port 39376 ssh2
May  4 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Received disconnect from 202.179.66.26 port 39376:11: Bye Bye [preauth]
May  4 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Disconnected from 202.179.66.26 port 39376 [preauth]
May  4 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session closed for user root
May  4 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session closed for user root
May  4 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user samftp
May  4 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session closed for user root
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13301]: pam_unix(cron:session): session closed for user p13x
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13369]: Successful su for rubyman by root
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13369]: + ??? root:rubyman
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326895 of user rubyman.
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13369]: pam_unix(su:session): session closed for user rubyman
May  4 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326895.
May  4 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session closed for user root
May  4 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13302]: pam_unix(cron:session): session closed for user samftp
May  4 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session closed for user root
May  4 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session closed for user p13x
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: Successful su for rubyman by root
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: + ??? root:rubyman
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326899 of user rubyman.
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13880]: pam_unix(su:session): session closed for user rubyman
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326899.
May  4 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13799]: Connection closed by 20.65.194.56 port 41650 [preauth]
May  4 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session closed for user root
May  4 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session closed for user samftp
May  4 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session closed for user root
May  4 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14213]: pam_unix(cron:session): session closed for user p13x
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: Successful su for rubyman by root
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: + ??? root:rubyman
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326903 of user rubyman.
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14276]: pam_unix(su:session): session closed for user rubyman
May  4 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326903.
May  4 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11674]: pam_unix(cron:session): session closed for user root
May  4 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session closed for user samftp
May  4 10:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Invalid user web from 80.94.95.115
May  4 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: input_userauth_request: invalid user web [preauth]
May  4 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  4 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Failed password for invalid user web from 80.94.95.115 port 19762 ssh2
May  4 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14462]: Connection closed by 80.94.95.115 port 19762 [preauth]
May  4 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13304]: pam_unix(cron:session): session closed for user root
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14619]: pam_unix(cron:session): session closed for user p13x
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14684]: Successful su for rubyman by root
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14684]: + ??? root:rubyman
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326906 of user rubyman.
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14684]: pam_unix(su:session): session closed for user rubyman
May  4 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326906.
May  4 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user root
May  4 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14621]: pam_unix(cron:session): session closed for user samftp
May  4 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Failed password for root from 103.59.95.142 port 40236 ssh2
May  4 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Received disconnect from 103.59.95.142 port 40236:11: Bye Bye [preauth]
May  4 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Disconnected from 103.59.95.142 port 40236 [preauth]
May  4 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Invalid user admin from 64.226.117.59
May  4 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: input_userauth_request: invalid user admin [preauth]
May  4 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Failed password for invalid user admin from 64.226.117.59 port 51686 ssh2
May  4 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14902]: Connection closed by 64.226.117.59 port 51686 [preauth]
May  4 10:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Invalid user oracle from 193.32.162.97
May  4 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: input_userauth_request: invalid user oracle [preauth]
May  4 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Failed password for invalid user oracle from 193.32.162.97 port 55552 ssh2
May  4 10:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14939]: Connection closed by 193.32.162.97 port 55552 [preauth]
May  4 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session closed for user root
May  4 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Failed password for root from 218.92.0.228 port 11592 ssh2
May  4 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 11592 ssh2]
May  4 10:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Received disconnect from 218.92.0.228 port 11592:11:  [preauth]
May  4 10:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: Disconnected from 218.92.0.228 port 11592 [preauth]
May  4 10:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 10:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14991]: Failed password for root from 218.92.0.228 port 14336 ssh2
May  4 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Invalid user sam from 185.213.164.48
May  4 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: input_userauth_request: invalid user sam [preauth]
May  4 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Failed password for invalid user sam from 185.213.164.48 port 42576 ssh2
May  4 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Received disconnect from 185.213.164.48 port 42576:11: Bye Bye [preauth]
May  4 10:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15006]: Disconnected from 185.213.164.48 port 42576 [preauth]
May  4 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Invalid user ubnt from 80.94.95.125
May  4 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: input_userauth_request: invalid user ubnt [preauth]
May  4 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for invalid user ubnt from 80.94.95.125 port 61556 ssh2
May  4 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15050]: pam_unix(cron:session): session closed for user root
May  4 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15045]: pam_unix(cron:session): session closed for user p13x
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: Successful su for rubyman by root
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: + ??? root:rubyman
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326913 of user rubyman.
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: pam_unix(su:session): session closed for user rubyman
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326913.
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for invalid user ubnt from 80.94.95.125 port 61556 ssh2
May  4 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15047]: pam_unix(cron:session): session closed for user root
May  4 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session closed for user root
May  4 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for invalid user ubnt from 80.94.95.125 port 61556 ssh2
May  4 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session closed for user samftp
May  4 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for invalid user ubnt from 80.94.95.125 port 61556 ssh2
May  4 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for root from 218.92.0.228 port 62072 ssh2
May  4 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for root from 218.92.0.228 port 62072 ssh2
May  4 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Failed password for invalid user ubnt from 80.94.95.125 port 61556 ssh2
May  4 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Received disconnect from 80.94.95.125 port 61556:11: Bye [preauth]
May  4 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Disconnected from 80.94.95.125 port 61556 [preauth]
May  4 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for root from 218.92.0.228 port 62072 ssh2
May  4 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Received disconnect from 218.92.0.228 port 62072:11:  [preauth]
May  4 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Disconnected from 218.92.0.228 port 62072 [preauth]
May  4 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session closed for user root
May  4 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Failed password for root from 202.179.66.26 port 48304 ssh2
May  4 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Received disconnect from 202.179.66.26 port 48304:11: Bye Bye [preauth]
May  4 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15378]: Disconnected from 202.179.66.26 port 48304 [preauth]
May  4 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session closed for user p13x
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: Successful su for rubyman by root
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: + ??? root:rubyman
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326916 of user rubyman.
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15531]: pam_unix(su:session): session closed for user rubyman
May  4 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326916.
May  4 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session closed for user root
May  4 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session closed for user samftp
May  4 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15721]: Invalid user  from 170.64.198.192
May  4 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15721]: input_userauth_request: invalid user  [preauth]
May  4 10:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15721]: Connection closed by 170.64.198.192 port 40112 [preauth]
May  4 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14623]: pam_unix(cron:session): session closed for user root
May  4 10:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Invalid user user1 from 170.64.198.192
May  4 10:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: input_userauth_request: invalid user user1 [preauth]
May  4 10:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Failed password for invalid user user1 from 170.64.198.192 port 44842 ssh2
May  4 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Connection closed by 170.64.198.192 port 44842 [preauth]
May  4 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Invalid user oracle from 170.64.198.192
May  4 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: input_userauth_request: invalid user oracle [preauth]
May  4 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Failed password for invalid user oracle from 170.64.198.192 port 38950 ssh2
May  4 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Connection closed by 170.64.198.192 port 38950 [preauth]
May  4 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session closed for user p13x
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: Successful su for rubyman by root
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: + ??? root:rubyman
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326921 of user rubyman.
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15933]: pam_unix(su:session): session closed for user rubyman
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326921.
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Invalid user zabbix from 170.64.198.192
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: input_userauth_request: invalid user zabbix [preauth]
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for invalid user zabbix from 170.64.198.192 port 38966 ssh2
May  4 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13303]: pam_unix(cron:session): session closed for user root
May  4 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Connection closed by 170.64.198.192 port 38966 [preauth]
May  4 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session closed for user samftp
May  4 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for root from 170.64.198.192 port 52772 ssh2
May  4 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Connection closed by 170.64.198.192 port 52772 [preauth]
May  4 10:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Failed password for root from 170.64.198.192 port 52788 ssh2
May  4 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Connection closed by 170.64.198.192 port 52788 [preauth]
May  4 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Invalid user ts from 170.64.198.192
May  4 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: input_userauth_request: invalid user ts [preauth]
May  4 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Failed password for invalid user ts from 170.64.198.192 port 32780 ssh2
May  4 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16140]: Connection closed by 170.64.198.192 port 32780 [preauth]
May  4 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Invalid user user2 from 170.64.198.192
May  4 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: input_userauth_request: invalid user user2 [preauth]
May  4 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Failed password for invalid user user2 from 170.64.198.192 port 32804 ssh2
May  4 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Connection closed by 170.64.198.192 port 32804 [preauth]
May  4 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Invalid user samba from 170.64.198.192
May  4 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: input_userauth_request: invalid user samba [preauth]
May  4 10:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Failed password for invalid user samba from 170.64.198.192 port 50508 ssh2
May  4 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Connection closed by 170.64.198.192 port 50508 [preauth]
May  4 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Invalid user apache from 170.64.198.192
May  4 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: input_userauth_request: invalid user apache [preauth]
May  4 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Failed password for invalid user apache from 170.64.198.192 port 50520 ssh2
May  4 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16185]: Connection closed by 170.64.198.192 port 50520 [preauth]
May  4 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session closed for user root
May  4 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: Invalid user test from 170.64.198.192
May  4 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: input_userauth_request: invalid user test [preauth]
May  4 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: Failed password for invalid user test from 170.64.198.192 port 51366 ssh2
May  4 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16202]: Connection closed by 170.64.198.192 port 51366 [preauth]
May  4 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Invalid user ec2-user from 170.64.198.192
May  4 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: input_userauth_request: invalid user ec2-user [preauth]
May  4 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Failed password for invalid user ec2-user from 170.64.198.192 port 51374 ssh2
May  4 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16216]: Connection closed by 170.64.198.192 port 51374 [preauth]
May  4 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: Invalid user testuser from 170.64.198.192
May  4 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: input_userauth_request: invalid user testuser [preauth]
May  4 10:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: Failed password for invalid user testuser from 170.64.198.192 port 53282 ssh2
May  4 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16227]: Connection closed by 170.64.198.192 port 53282 [preauth]
May  4 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Invalid user odoo from 170.64.198.192
May  4 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: input_userauth_request: invalid user odoo [preauth]
May  4 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Failed password for invalid user odoo from 170.64.198.192 port 53294 ssh2
May  4 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16250]: Connection closed by 170.64.198.192 port 53294 [preauth]
May  4 10:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: Failed password for root from 170.64.198.192 port 35166 ssh2
May  4 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16260]: Connection closed by 170.64.198.192 port 35166 [preauth]
May  4 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Invalid user steam from 170.64.198.192
May  4 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: input_userauth_request: invalid user steam [preauth]
May  4 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Failed password for invalid user steam from 170.64.198.192 port 35178 ssh2
May  4 10:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16270]: Connection closed by 170.64.198.192 port 35178 [preauth]
May  4 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user p13x
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: Successful su for rubyman by root
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: + ??? root:rubyman
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326924 of user rubyman.
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session closed for user rubyman
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326924.
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: Invalid user test from 170.64.198.192
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: input_userauth_request: invalid user test [preauth]
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user root
May  4 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: Failed password for invalid user test from 170.64.198.192 port 37334 ssh2
May  4 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16280]: Connection closed by 170.64.198.192 port 37334 [preauth]
May  4 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user samftp
May  4 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Failed password for root from 170.64.198.192 port 37346 ssh2
May  4 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Connection closed by 170.64.198.192 port 37346 [preauth]
May  4 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Invalid user user1 from 170.64.198.192
May  4 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: input_userauth_request: invalid user user1 [preauth]
May  4 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Failed password for invalid user user1 from 170.64.198.192 port 53704 ssh2
May  4 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Connection closed by 170.64.198.192 port 53704 [preauth]
May  4 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Failed password for root from 170.64.198.192 port 53706 ssh2
May  4 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Connection closed by 170.64.198.192 port 53706 [preauth]
May  4 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: Failed password for root from 170.64.198.192 port 53720 ssh2
May  4 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16605]: Connection closed by 170.64.198.192 port 53720 [preauth]
May  4 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Failed password for root from 170.64.198.192 port 47662 ssh2
May  4 10:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16638]: Connection closed by 170.64.198.192 port 47662 [preauth]
May  4 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Invalid user nexus from 170.64.198.192
May  4 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: input_userauth_request: invalid user nexus [preauth]
May  4 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user nexus from 170.64.198.192 port 47676 ssh2
May  4 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Connection closed by 170.64.198.192 port 47676 [preauth]
May  4 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session closed for user root
May  4 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: Invalid user user from 170.64.198.192
May  4 10:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: input_userauth_request: invalid user user [preauth]
May  4 10:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: Failed password for invalid user user from 170.64.198.192 port 51546 ssh2
May  4 10:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16680]: Connection closed by 170.64.198.192 port 51546 [preauth]
May  4 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: Invalid user pi from 170.64.198.192
May  4 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: input_userauth_request: invalid user pi [preauth]
May  4 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: Failed password for invalid user pi from 170.64.198.192 port 51576 ssh2
May  4 10:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16691]: Connection closed by 170.64.198.192 port 51576 [preauth]
May  4 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Invalid user dmdba from 170.64.198.192
May  4 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: input_userauth_request: invalid user dmdba [preauth]
May  4 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Failed password for invalid user dmdba from 170.64.198.192 port 51926 ssh2
May  4 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16709]: Connection closed by 170.64.198.192 port 51926 [preauth]
May  4 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Invalid user dev from 170.64.198.192
May  4 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: input_userauth_request: invalid user dev [preauth]
May  4 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Failed password for invalid user dev from 170.64.198.192 port 51938 ssh2
May  4 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16727]: Connection closed by 170.64.198.192 port 51938 [preauth]
May  4 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Invalid user jenkins from 170.64.198.192
May  4 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: input_userauth_request: invalid user jenkins [preauth]
May  4 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Failed password for invalid user jenkins from 170.64.198.192 port 52792 ssh2
May  4 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Connection closed by 170.64.198.192 port 52792 [preauth]
May  4 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Invalid user rancher from 170.64.198.192
May  4 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: input_userauth_request: invalid user rancher [preauth]
May  4 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Failed password for invalid user rancher from 170.64.198.192 port 52806 ssh2
May  4 10:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Connection closed by 170.64.198.192 port 52806 [preauth]
May  4 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session closed for user p13x
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: Successful su for rubyman by root
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: + ??? root:rubyman
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326930 of user rubyman.
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16868]: pam_unix(su:session): session closed for user rubyman
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326930.
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16751]: pam_unix(cron:session): session closed for user root
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Invalid user newtest from 193.70.84.184
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: input_userauth_request: invalid user newtest [preauth]
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: Invalid user esroot from 170.64.198.192
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: input_userauth_request: invalid user esroot [preauth]
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session closed for user root
May  4 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for invalid user newtest from 193.70.84.184 port 33026 ssh2
May  4 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Connection closed by 193.70.84.184 port 33026 [preauth]
May  4 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: Failed password for invalid user esroot from 170.64.198.192 port 53050 ssh2
May  4 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session closed for user samftp
May  4 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16834]: Connection closed by 170.64.198.192 port 53050 [preauth]
May  4 10:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Failed password for root from 170.64.198.192 port 53058 ssh2
May  4 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17124]: Connection closed by 170.64.198.192 port 53058 [preauth]
May  4 10:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Invalid user plex from 170.64.198.192
May  4 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: input_userauth_request: invalid user plex [preauth]
May  4 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Failed password for invalid user plex from 170.64.198.192 port 58536 ssh2
May  4 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Connection closed by 170.64.198.192 port 58536 [preauth]
May  4 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Invalid user gitlab from 170.64.198.192
May  4 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: input_userauth_request: invalid user gitlab [preauth]
May  4 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Failed password for invalid user gitlab from 170.64.198.192 port 58540 ssh2
May  4 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Connection closed by 170.64.198.192 port 58540 [preauth]
May  4 10:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Failed password for root from 170.64.198.192 port 59368 ssh2
May  4 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17169]: Connection closed by 170.64.198.192 port 59368 [preauth]
May  4 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: Invalid user developer from 170.64.198.192
May  4 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: input_userauth_request: invalid user developer [preauth]
May  4 10:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: Failed password for invalid user developer from 170.64.198.192 port 59388 ssh2
May  4 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17190]: Connection closed by 170.64.198.192 port 59388 [preauth]
May  4 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Invalid user nginx from 170.64.198.192
May  4 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: input_userauth_request: invalid user nginx [preauth]
May  4 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Failed password for invalid user nginx from 170.64.198.192 port 59414 ssh2
May  4 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17193]: Connection closed by 170.64.198.192 port 59414 [preauth]
May  4 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15871]: pam_unix(cron:session): session closed for user root
May  4 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Invalid user ftpuser from 170.64.198.192
May  4 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: input_userauth_request: invalid user ftpuser [preauth]
May  4 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Failed password for invalid user ftpuser from 170.64.198.192 port 43986 ssh2
May  4 10:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Connection closed by 170.64.198.192 port 43986 [preauth]
May  4 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Invalid user admin from 170.64.198.192
May  4 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: input_userauth_request: invalid user admin [preauth]
May  4 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Failed password for invalid user admin from 170.64.198.192 port 43994 ssh2
May  4 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Connection closed by 170.64.198.192 port 43994 [preauth]
May  4 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: Invalid user admin from 185.213.164.48
May  4 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: input_userauth_request: invalid user admin [preauth]
May  4 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: Failed password for invalid user admin from 185.213.164.48 port 48150 ssh2
May  4 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: Received disconnect from 185.213.164.48 port 48150:11: Bye Bye [preauth]
May  4 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17249]: Disconnected from 185.213.164.48 port 48150 [preauth]
May  4 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Failed password for root from 170.64.198.192 port 47982 ssh2
May  4 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17264]: Connection closed by 170.64.198.192 port 47982 [preauth]
May  4 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Invalid user ubuntu from 170.64.198.192
May  4 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: input_userauth_request: invalid user ubuntu [preauth]
May  4 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Failed password for invalid user ubuntu from 170.64.198.192 port 47996 ssh2
May  4 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17276]: Connection closed by 170.64.198.192 port 47996 [preauth]
May  4 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Invalid user oracle from 170.64.198.192
May  4 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: input_userauth_request: invalid user oracle [preauth]
May  4 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Failed password for invalid user oracle from 170.64.198.192 port 55188 ssh2
May  4 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17289]: Connection closed by 170.64.198.192 port 55188 [preauth]
May  4 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for root from 170.64.198.192 port 55194 ssh2
May  4 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Connection closed by 170.64.198.192 port 55194 [preauth]
May  4 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session closed for user root
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session closed for user p13x
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: Successful su for rubyman by root
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: + ??? root:rubyman
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326937 of user rubyman.
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17379]: pam_unix(su:session): session closed for user rubyman
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326937.
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Invalid user media from 170.64.198.192
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: input_userauth_request: invalid user media [preauth]
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14622]: pam_unix(cron:session): session closed for user root
May  4 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Failed password for invalid user media from 170.64.198.192 port 55180 ssh2
May  4 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session closed for user root
May  4 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17302]: Connection closed by 170.64.198.192 port 55180 [preauth]
May  4 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user samftp
May  4 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 10:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17585]: Failed password for root from 170.64.198.192 port 55184 ssh2
May  4 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Failed password for root from 103.59.95.142 port 39892 ssh2
May  4 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17585]: Connection closed by 170.64.198.192 port 55184 [preauth]
May  4 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Received disconnect from 103.59.95.142 port 39892:11: Bye Bye [preauth]
May  4 10:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17583]: Disconnected from 103.59.95.142 port 39892 [preauth]
May  4 10:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Invalid user steam from 170.64.198.192
May  4 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: input_userauth_request: invalid user steam [preauth]
May  4 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Failed password for invalid user steam from 170.64.198.192 port 60194 ssh2
May  4 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Connection closed by 170.64.198.192 port 60194 [preauth]
May  4 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Failed password for root from 170.64.198.192 port 60200 ssh2
May  4 10:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Connection closed by 170.64.198.192 port 60200 [preauth]
May  4 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Invalid user oracle from 170.64.198.192
May  4 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: input_userauth_request: invalid user oracle [preauth]
May  4 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Failed password for invalid user oracle from 170.64.198.192 port 60210 ssh2
May  4 10:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17641]: Connection closed by 170.64.198.192 port 60210 [preauth]
May  4 10:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: Invalid user postgres from 170.64.198.192
May  4 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: input_userauth_request: invalid user postgres [preauth]
May  4 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: Failed password for invalid user postgres from 170.64.198.192 port 52640 ssh2
May  4 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17658]: Connection closed by 170.64.198.192 port 52640 [preauth]
May  4 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Invalid user deployer from 170.64.198.192
May  4 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: input_userauth_request: invalid user deployer [preauth]
May  4 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Failed password for invalid user deployer from 170.64.198.192 port 52656 ssh2
May  4 10:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17680]: Connection closed by 170.64.198.192 port 52656 [preauth]
May  4 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
May  4 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Invalid user gitlab-runner from 170.64.198.192
May  4 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: input_userauth_request: invalid user gitlab-runner [preauth]
May  4 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Failed password for invalid user gitlab-runner from 170.64.198.192 port 54670 ssh2
May  4 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Connection closed by 170.64.198.192 port 54670 [preauth]
May  4 10:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Invalid user es from 170.64.198.192
May  4 10:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: input_userauth_request: invalid user es [preauth]
May  4 10:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Failed password for invalid user es from 170.64.198.192 port 54672 ssh2
May  4 10:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Connection closed by 170.64.198.192 port 54672 [preauth]
May  4 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Invalid user jms from 170.64.198.192
May  4 10:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: input_userauth_request: invalid user jms [preauth]
May  4 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for invalid user jms from 170.64.198.192 port 42706 ssh2
May  4 10:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Connection closed by 170.64.198.192 port 42706 [preauth]
May  4 10:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Invalid user elasticsearch from 170.64.198.192
May  4 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: input_userauth_request: invalid user elasticsearch [preauth]
May  4 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for invalid user elasticsearch from 170.64.198.192 port 42708 ssh2
May  4 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Connection closed by 170.64.198.192 port 42708 [preauth]
May  4 10:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: User proxy from 170.64.198.192 not allowed because not listed in AllowUsers
May  4 10:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: input_userauth_request: invalid user proxy [preauth]
May  4 10:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=proxy
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for invalid user proxy from 170.64.198.192 port 57574 ssh2
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Invalid user admin from 64.226.117.59
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: input_userauth_request: invalid user admin [preauth]
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 170.64.198.192 port 57574 [preauth]
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Failed password for invalid user admin from 64.226.117.59 port 42714 ssh2
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17781]: Connection closed by 64.226.117.59 port 42714 [preauth]
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Invalid user dmdba from 170.64.198.192
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: input_userauth_request: invalid user dmdba [preauth]
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Failed password for invalid user dmdba from 170.64.198.192 port 57586 ssh2
May  4 10:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Connection closed by 170.64.198.192 port 57586 [preauth]
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17892]: pam_unix(cron:session): session closed for user p13x
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17968]: Successful su for rubyman by root
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17968]: + ??? root:rubyman
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326939 of user rubyman.
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17968]: pam_unix(su:session): session closed for user rubyman
May  4 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326939.
May  4 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Invalid user developer from 170.64.198.192
May  4 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: input_userauth_request: invalid user developer [preauth]
May  4 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Failed password for invalid user developer from 170.64.198.192 port 38166 ssh2
May  4 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Connection closed by 170.64.198.192 port 38166 [preauth]
May  4 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15048]: pam_unix(cron:session): session closed for user root
May  4 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: Invalid user cloudftp from 202.179.66.26
May  4 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: input_userauth_request: invalid user cloudftp [preauth]
May  4 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session closed for user samftp
May  4 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: Failed password for invalid user cloudftp from 202.179.66.26 port 57230 ssh2
May  4 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: Invalid user mehdi from 170.64.198.192
May  4 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: input_userauth_request: invalid user mehdi [preauth]
May  4 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: Received disconnect from 202.179.66.26 port 57230:11: Bye Bye [preauth]
May  4 10:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18119]: Disconnected from 202.179.66.26 port 57230 [preauth]
May  4 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: Failed password for invalid user mehdi from 170.64.198.192 port 38186 ssh2
May  4 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18164]: Connection closed by 170.64.198.192 port 38186 [preauth]
May  4 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: Invalid user kingbase from 170.64.198.192
May  4 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: input_userauth_request: invalid user kingbase [preauth]
May  4 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: Failed password for invalid user kingbase from 170.64.198.192 port 38196 ssh2
May  4 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18172]: Connection closed by 170.64.198.192 port 38196 [preauth]
May  4 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: Invalid user runner from 170.64.198.192
May  4 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: input_userauth_request: invalid user runner [preauth]
May  4 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: Failed password for invalid user runner from 170.64.198.192 port 33672 ssh2
May  4 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: Connection closed by 170.64.198.192 port 33672 [preauth]
May  4 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: Invalid user oracle from 193.32.162.97
May  4 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: input_userauth_request: invalid user oracle [preauth]
May  4 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Invalid user git from 170.64.198.192
May  4 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: input_userauth_request: invalid user git [preauth]
May  4 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: Failed password for invalid user oracle from 193.32.162.97 port 36610 ssh2
May  4 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18204]: Connection closed by 193.32.162.97 port 36610 [preauth]
May  4 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Failed password for invalid user git from 170.64.198.192 port 33700 ssh2
May  4 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Connection closed by 170.64.198.192 port 33700 [preauth]
May  4 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Invalid user vagrant from 170.64.198.192
May  4 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: input_userauth_request: invalid user vagrant [preauth]
May  4 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Failed password for invalid user vagrant from 170.64.198.192 port 47362 ssh2
May  4 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Connection closed by 170.64.198.192 port 47362 [preauth]
May  4 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18240]: Failed password for root from 170.64.198.192 port 47370 ssh2
May  4 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18240]: Connection closed by 170.64.198.192 port 47370 [preauth]
May  4 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Invalid user guest from 170.64.198.192
May  4 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: input_userauth_request: invalid user guest [preauth]
May  4 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session closed for user root
May  4 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user guest from 170.64.198.192 port 53472 ssh2
May  4 10:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Connection closed by 170.64.198.192 port 53472 [preauth]
May  4 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Invalid user gitlab from 170.64.198.192
May  4 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: input_userauth_request: invalid user gitlab [preauth]
May  4 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Failed password for invalid user gitlab from 170.64.198.192 port 53484 ssh2
May  4 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Connection closed by 170.64.198.192 port 53484 [preauth]
May  4 10:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Invalid user hadoop from 170.64.198.192
May  4 10:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Failed password for invalid user hadoop from 170.64.198.192 port 36936 ssh2
May  4 10:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Connection closed by 170.64.198.192 port 36936 [preauth]
May  4 10:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Invalid user plexserver from 170.64.198.192
May  4 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: input_userauth_request: invalid user plexserver [preauth]
May  4 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for invalid user plexserver from 170.64.198.192 port 36950 ssh2
May  4 10:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Connection closed by 170.64.198.192 port 36950 [preauth]
May  4 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Invalid user data from 170.64.198.192
May  4 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: input_userauth_request: invalid user data [preauth]
May  4 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Failed password for invalid user data from 170.64.198.192 port 55228 ssh2
May  4 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18322]: Connection closed by 170.64.198.192 port 55228 [preauth]
May  4 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: Invalid user oscar from 170.64.198.192
May  4 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: input_userauth_request: invalid user oscar [preauth]
May  4 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: Failed password for invalid user oscar from 170.64.198.192 port 55242 ssh2
May  4 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18334]: Connection closed by 170.64.198.192 port 55242 [preauth]
May  4 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Invalid user gpuadmin from 170.64.198.192
May  4 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: input_userauth_request: invalid user gpuadmin [preauth]
May  4 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session closed for user p13x
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: Successful su for rubyman by root
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: + ??? root:rubyman
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326943 of user rubyman.
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: pam_unix(su:session): session closed for user rubyman
May  4 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326943.
May  4 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Failed password for invalid user gpuadmin from 170.64.198.192 port 55256 ssh2
May  4 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Connection closed by 170.64.198.192 port 55256 [preauth]
May  4 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session closed for user root
May  4 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session closed for user samftp
May  4 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Failed password for root from 170.64.198.192 port 55754 ssh2
May  4 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18576]: Connection closed by 170.64.198.192 port 55754 [preauth]
May  4 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Failed password for root from 170.64.198.192 port 55758 ssh2
May  4 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Connection closed by 170.64.198.192 port 55758 [preauth]
May  4 10:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Invalid user ansible from 170.64.198.192
May  4 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: input_userauth_request: invalid user ansible [preauth]
May  4 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user ansible from 170.64.198.192 port 36354 ssh2
May  4 10:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Connection closed by 170.64.198.192 port 36354 [preauth]
May  4 10:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: Invalid user tom from 170.64.198.192
May  4 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: input_userauth_request: invalid user tom [preauth]
May  4 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: Failed password for invalid user tom from 170.64.198.192 port 36370 ssh2
May  4 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18638]: Connection closed by 170.64.198.192 port 36370 [preauth]
May  4 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: User ftp from 170.64.198.192 not allowed because not listed in AllowUsers
May  4 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: input_userauth_request: invalid user ftp [preauth]
May  4 10:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=ftp
May  4 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: Failed password for invalid user ftp from 170.64.198.192 port 57120 ssh2
May  4 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18648]: Connection closed by 170.64.198.192 port 57120 [preauth]
May  4 10:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: User mysql from 170.64.198.192 not allowed because not listed in AllowUsers
May  4 10:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: input_userauth_request: invalid user mysql [preauth]
May  4 10:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=mysql
May  4 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Failed password for invalid user mysql from 170.64.198.192 port 57124 ssh2
May  4 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Connection closed by 170.64.198.192 port 57124 [preauth]
May  4 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Invalid user minecraft from 170.64.198.192
May  4 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: input_userauth_request: invalid user minecraft [preauth]
May  4 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Failed password for invalid user minecraft from 170.64.198.192 port 51394 ssh2
May  4 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Connection closed by 170.64.198.192 port 51394 [preauth]
May  4 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session closed for user root
May  4 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Invalid user lighthouse from 170.64.198.192
May  4 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: input_userauth_request: invalid user lighthouse [preauth]
May  4 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Failed password for invalid user lighthouse from 170.64.198.192 port 51410 ssh2
May  4 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Connection closed by 170.64.198.192 port 51410 [preauth]
May  4 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Invalid user uftp from 170.64.198.192
May  4 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: input_userauth_request: invalid user uftp [preauth]
May  4 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Failed password for invalid user uftp from 170.64.198.192 port 51442 ssh2
May  4 10:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18720]: Connection closed by 170.64.198.192 port 51442 [preauth]
May  4 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Invalid user mongo from 170.64.198.192
May  4 10:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: input_userauth_request: invalid user mongo [preauth]
May  4 10:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Failed password for invalid user mongo from 170.64.198.192 port 56202 ssh2
May  4 10:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18745]: Connection closed by 170.64.198.192 port 56202 [preauth]
May  4 10:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Invalid user gitlab-runner from 170.64.198.192
May  4 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: input_userauth_request: invalid user gitlab-runner [preauth]
May  4 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Failed password for invalid user gitlab-runner from 170.64.198.192 port 56206 ssh2
May  4 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18756]: Connection closed by 170.64.198.192 port 56206 [preauth]
May  4 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Invalid user guest from 170.64.198.192
May  4 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: input_userauth_request: invalid user guest [preauth]
May  4 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Failed password for invalid user guest from 170.64.198.192 port 53050 ssh2
May  4 10:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18773]: Connection closed by 170.64.198.192 port 53050 [preauth]
May  4 10:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Invalid user elastic from 170.64.198.192
May  4 10:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: input_userauth_request: invalid user elastic [preauth]
May  4 10:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Failed password for invalid user elastic from 170.64.198.192 port 53054 ssh2
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18783]: Connection closed by 170.64.198.192 port 53054 [preauth]
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18786]: pam_unix(cron:session): session closed for user p13x
May  4 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: Successful su for rubyman by root
May  4 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: + ??? root:rubyman
May  4 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326949 of user rubyman.
May  4 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: pam_unix(su:session): session closed for user rubyman
May  4 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326949.
May  4 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: Invalid user hadoop from 170.64.198.192
May  4 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user root
May  4 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: Failed password for invalid user hadoop from 170.64.198.192 port 54730 ssh2
May  4 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18788]: pam_unix(cron:session): session closed for user samftp
May  4 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18933]: Connection closed by 170.64.198.192 port 54730 [preauth]
May  4 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: Invalid user es from 170.64.198.192
May  4 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: input_userauth_request: invalid user es [preauth]
May  4 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: Failed password for invalid user es from 170.64.198.192 port 54734 ssh2
May  4 10:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19038]: Connection closed by 170.64.198.192 port 54734 [preauth]
May  4 10:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Invalid user niaoyun from 170.64.198.192
May  4 10:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: input_userauth_request: invalid user niaoyun [preauth]
May  4 10:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Failed password for invalid user niaoyun from 170.64.198.192 port 53612 ssh2
May  4 10:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19051]: Connection closed by 170.64.198.192 port 53612 [preauth]
May  4 10:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: Failed password for root from 170.64.198.192 port 53618 ssh2
May  4 10:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19081]: Connection closed by 170.64.198.192 port 53618 [preauth]
May  4 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: Invalid user master from 170.64.198.192
May  4 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: input_userauth_request: invalid user master [preauth]
May  4 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: Failed password for invalid user master from 170.64.198.192 port 40680 ssh2
May  4 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: Connection closed by 170.64.198.192 port 40680 [preauth]
May  4 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Invalid user server from 170.64.198.192
May  4 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: input_userauth_request: invalid user server [preauth]
May  4 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Failed password for invalid user server from 170.64.198.192 port 40682 ssh2
May  4 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Connection closed by 170.64.198.192 port 40682 [preauth]
May  4 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: Invalid user administrator from 170.64.198.192
May  4 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: input_userauth_request: invalid user administrator [preauth]
May  4 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17895]: pam_unix(cron:session): session closed for user root
May  4 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: Failed password for invalid user administrator from 170.64.198.192 port 40692 ssh2
May  4 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19124]: Connection closed by 170.64.198.192 port 40692 [preauth]
May  4 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Failed password for root from 170.64.198.192 port 35702 ssh2
May  4 10:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Connection closed by 170.64.198.192 port 35702 [preauth]
May  4 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19049]: Connection reset by 218.92.0.229 port 55866 [preauth]
May  4 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: User mysql from 170.64.198.192 not allowed because not listed in AllowUsers
May  4 10:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: input_userauth_request: invalid user mysql [preauth]
May  4 10:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=mysql
May  4 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: Failed password for invalid user mysql from 170.64.198.192 port 35708 ssh2
May  4 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19164]: Connection closed by 170.64.198.192 port 35708 [preauth]
May  4 10:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Invalid user wang from 170.64.198.192
May  4 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: input_userauth_request: invalid user wang [preauth]
May  4 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Failed password for invalid user wang from 170.64.198.192 port 45846 ssh2
May  4 10:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19179]: Connection closed by 170.64.198.192 port 45846 [preauth]
May  4 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Invalid user ubnt from 170.64.198.192
May  4 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: input_userauth_request: invalid user ubnt [preauth]
May  4 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Failed password for invalid user ubnt from 170.64.198.192 port 45866 ssh2
May  4 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19191]: Connection closed by 170.64.198.192 port 45866 [preauth]
May  4 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: Invalid user observer from 170.64.198.192
May  4 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: input_userauth_request: invalid user observer [preauth]
May  4 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: Failed password for invalid user observer from 170.64.198.192 port 60650 ssh2
May  4 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19201]: Connection closed by 170.64.198.192 port 60650 [preauth]
May  4 10:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: Invalid user openvpn from 170.64.198.192
May  4 10:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: input_userauth_request: invalid user openvpn [preauth]
May  4 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: Failed password for invalid user openvpn from 170.64.198.192 port 60662 ssh2
May  4 10:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19213]: Connection closed by 170.64.198.192 port 60662 [preauth]
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19224]: pam_unix(cron:session): session closed for user p13x
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19295]: Successful su for rubyman by root
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19295]: + ??? root:rubyman
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326953 of user rubyman.
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19295]: pam_unix(su:session): session closed for user rubyman
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326953.
May  4 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
May  4 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Failed password for root from 170.64.198.192 port 39020 ssh2
May  4 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session closed for user samftp
May  4 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Connection closed by 170.64.198.192 port 39020 [preauth]
May  4 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: Invalid user admin from 170.64.198.192
May  4 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: input_userauth_request: invalid user admin [preauth]
May  4 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: Failed password for invalid user admin from 170.64.198.192 port 39032 ssh2
May  4 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19482]: Connection closed by 170.64.198.192 port 39032 [preauth]
May  4 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Failed password for root from 170.64.198.192 port 54150 ssh2
May  4 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19484]: Connection closed by 170.64.198.192 port 54150 [preauth]
May  4 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Failed password for root from 170.64.198.192 port 54154 ssh2
May  4 10:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Connection closed by 170.64.198.192 port 54154 [preauth]
May  4 10:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19518]: Failed password for root from 170.64.198.192 port 54166 ssh2
May  4 10:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19518]: Connection closed by 170.64.198.192 port 54166 [preauth]
May  4 10:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19529]: Failed password for root from 170.64.198.192 port 37032 ssh2
May  4 10:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19529]: Connection closed by 170.64.198.192 port 37032 [preauth]
May  4 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: Invalid user ftpuser from 170.64.198.192
May  4 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: input_userauth_request: invalid user ftpuser [preauth]
May  4 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: Failed password for invalid user ftpuser from 170.64.198.192 port 37038 ssh2
May  4 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19554]: Connection closed by 170.64.198.192 port 37038 [preauth]
May  4 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session closed for user root
May  4 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: Invalid user esearch from 170.64.198.192
May  4 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: input_userauth_request: invalid user esearch [preauth]
May  4 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Invalid user daniel from 185.213.164.48
May  4 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: input_userauth_request: invalid user daniel [preauth]
May  4 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: Failed password for invalid user esearch from 170.64.198.192 port 34102 ssh2
May  4 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19586]: Connection closed by 170.64.198.192 port 34102 [preauth]
May  4 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Failed password for invalid user daniel from 185.213.164.48 port 38184 ssh2
May  4 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Received disconnect from 185.213.164.48 port 38184:11: Bye Bye [preauth]
May  4 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Disconnected from 185.213.164.48 port 38184 [preauth]
May  4 10:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19602]: Failed password for root from 170.64.198.192 port 34124 ssh2
May  4 10:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19602]: Connection closed by 170.64.198.192 port 34124 [preauth]
May  4 10:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Failed password for root from 170.64.198.192 port 54020 ssh2
May  4 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Connection closed by 170.64.198.192 port 54020 [preauth]
May  4 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: Invalid user test from 170.64.198.192
May  4 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: input_userauth_request: invalid user test [preauth]
May  4 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: Failed password for invalid user test from 170.64.198.192 port 54026 ssh2
May  4 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: Connection closed by 170.64.198.192 port 54026 [preauth]
May  4 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: Invalid user nvidia from 170.64.198.192
May  4 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: input_userauth_request: invalid user nvidia [preauth]
May  4 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: Failed password for invalid user nvidia from 170.64.198.192 port 33938 ssh2
May  4 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19650]: Connection closed by 170.64.198.192 port 33938 [preauth]
May  4 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19660]: Failed password for root from 170.64.198.192 port 33950 ssh2
May  4 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19660]: Connection closed by 170.64.198.192 port 33950 [preauth]
May  4 10:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19685]: pam_unix(cron:session): session closed for user root
May  4 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19679]: pam_unix(cron:session): session closed for user p13x
May  4 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: Successful su for rubyman by root
May  4 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: + ??? root:rubyman
May  4 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326956 of user rubyman.
May  4 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19750]: pam_unix(su:session): session closed for user rubyman
May  4 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326956.
May  4 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: Failed password for root from 170.64.198.192 port 33954 ssh2
May  4 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19675]: Connection closed by 170.64.198.192 port 33954 [preauth]
May  4 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19682]: pam_unix(cron:session): session closed for user root
May  4 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session closed for user root
May  4 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Invalid user user from 170.64.198.192
May  4 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: input_userauth_request: invalid user user [preauth]
May  4 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19681]: pam_unix(cron:session): session closed for user samftp
May  4 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Failed password for invalid user user from 170.64.198.192 port 38762 ssh2
May  4 10:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Connection closed by 170.64.198.192 port 38762 [preauth]
May  4 10:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: Failed password for root from 170.64.198.192 port 38778 ssh2
May  4 10:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19967]: Connection closed by 170.64.198.192 port 38778 [preauth]
May  4 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Invalid user weblogic from 170.64.198.192
May  4 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: input_userauth_request: invalid user weblogic [preauth]
May  4 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Failed password for invalid user weblogic from 170.64.198.192 port 33998 ssh2
May  4 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19988]: Connection closed by 170.64.198.192 port 33998 [preauth]
May  4 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: Invalid user debian from 170.64.198.192
May  4 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: input_userauth_request: invalid user debian [preauth]
May  4 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: Failed password for invalid user debian from 170.64.198.192 port 34008 ssh2
May  4 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20002]: Connection closed by 170.64.198.192 port 34008 [preauth]
May  4 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Invalid user admin from 170.64.198.192
May  4 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: input_userauth_request: invalid user admin [preauth]
May  4 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Failed password for invalid user admin from 170.64.198.192 port 53584 ssh2
May  4 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Connection closed by 170.64.198.192 port 53584 [preauth]
May  4 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: Failed password for root from 170.64.198.192 port 53586 ssh2
May  4 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20039]: Connection closed by 170.64.198.192 port 53586 [preauth]
May  4 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Invalid user user from 170.64.198.192
May  4 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: input_userauth_request: invalid user user [preauth]
May  4 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18790]: pam_unix(cron:session): session closed for user root
May  4 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Failed password for invalid user user from 170.64.198.192 port 34024 ssh2
May  4 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Connection closed by 170.64.198.192 port 34024 [preauth]
May  4 10:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Invalid user debian from 170.64.198.192
May  4 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: input_userauth_request: invalid user debian [preauth]
May  4 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Failed password for invalid user debian from 170.64.198.192 port 34046 ssh2
May  4 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Connection closed by 170.64.198.192 port 34046 [preauth]
May  4 10:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Failed password for root from 170.64.198.192 port 55698 ssh2
May  4 10:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Connection closed by 170.64.198.192 port 55698 [preauth]
May  4 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Invalid user opc from 170.64.198.192
May  4 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: input_userauth_request: invalid user opc [preauth]
May  4 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for invalid user opc from 170.64.198.192 port 55706 ssh2
May  4 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Connection closed by 170.64.198.192 port 55706 [preauth]
May  4 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Failed password for root from 170.64.198.192 port 55714 ssh2
May  4 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Connection closed by 170.64.198.192 port 55714 [preauth]
May  4 10:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Failed password for root from 170.64.198.192 port 57686 ssh2
May  4 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20131]: Connection closed by 170.64.198.192 port 57686 [preauth]
May  4 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Invalid user centos from 170.64.198.192
May  4 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: input_userauth_request: invalid user centos [preauth]
May  4 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session closed for user p13x
May  4 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Failed password for invalid user centos from 170.64.198.192 port 57688 ssh2
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20219]: Successful su for rubyman by root
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20219]: + ??? root:rubyman
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Connection closed by 170.64.198.192 port 57688 [preauth]
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326962 of user rubyman.
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20219]: pam_unix(su:session): session closed for user rubyman
May  4 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326962.
May  4 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Invalid user postgres from 170.64.198.192
May  4 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: input_userauth_request: invalid user postgres [preauth]
May  4 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session closed for user root
May  4 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session closed for user samftp
May  4 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Failed password for invalid user postgres from 170.64.198.192 port 56388 ssh2
May  4 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Connection closed by 170.64.198.192 port 56388 [preauth]
May  4 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Invalid user elsearch from 170.64.198.192
May  4 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: input_userauth_request: invalid user elsearch [preauth]
May  4 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Invalid user dima from 103.59.95.142
May  4 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: input_userauth_request: invalid user dima [preauth]
May  4 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Failed password for invalid user elsearch from 170.64.198.192 port 56414 ssh2
May  4 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Connection closed by 170.64.198.192 port 56414 [preauth]
May  4 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Failed password for invalid user dima from 103.59.95.142 port 51618 ssh2
May  4 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Received disconnect from 103.59.95.142 port 51618:11: Bye Bye [preauth]
May  4 10:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Disconnected from 103.59.95.142 port 51618 [preauth]
May  4 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Invalid user appuser from 170.64.198.192
May  4 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: input_userauth_request: invalid user appuser [preauth]
May  4 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Failed password for invalid user appuser from 170.64.198.192 port 51230 ssh2
May  4 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Connection closed by 170.64.198.192 port 51230 [preauth]
May  4 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Invalid user pi from 170.64.198.192
May  4 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: input_userauth_request: invalid user pi [preauth]
May  4 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Failed password for invalid user pi from 170.64.198.192 port 51240 ssh2
May  4 10:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Connection closed by 170.64.198.192 port 51240 [preauth]
May  4 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for root from 170.64.198.192 port 35672 ssh2
May  4 10:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Connection closed by 170.64.198.192 port 35672 [preauth]
May  4 10:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Invalid user minecraft from 170.64.198.192
May  4 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: input_userauth_request: invalid user minecraft [preauth]
May  4 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Failed password for invalid user minecraft from 170.64.198.192 port 35688 ssh2
May  4 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20468]: Connection closed by 170.64.198.192 port 35688 [preauth]
May  4 10:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Invalid user deploy from 170.64.198.192
May  4 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: input_userauth_request: invalid user deploy [preauth]
May  4 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user root
May  4 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Failed password for invalid user deploy from 170.64.198.192 port 47406 ssh2
May  4 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20480]: Connection closed by 170.64.198.192 port 47406 [preauth]
May  4 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Invalid user tools from 170.64.198.192
May  4 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: input_userauth_request: invalid user tools [preauth]
May  4 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Invalid user bob from 202.179.66.26
May  4 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: input_userauth_request: invalid user bob [preauth]
May  4 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Failed password for invalid user tools from 170.64.198.192 port 47434 ssh2
May  4 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20513]: Connection closed by 170.64.198.192 port 47434 [preauth]
May  4 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Failed password for invalid user bob from 202.179.66.26 port 37934 ssh2
May  4 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Received disconnect from 202.179.66.26 port 37934:11: Bye Bye [preauth]
May  4 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Disconnected from 202.179.66.26 port 37934 [preauth]
May  4 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Invalid user esuser from 170.64.198.192
May  4 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: input_userauth_request: invalid user esuser [preauth]
May  4 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Failed password for invalid user esuser from 170.64.198.192 port 47462 ssh2
May  4 10:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Connection closed by 170.64.198.192 port 47462 [preauth]
May  4 10:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Failed password for root from 170.64.198.192 port 58642 ssh2
May  4 10:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: Connection closed by 170.64.198.192 port 58642 [preauth]
May  4 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Invalid user testuser from 170.64.198.192
May  4 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: input_userauth_request: invalid user testuser [preauth]
May  4 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Failed password for invalid user testuser from 170.64.198.192 port 58644 ssh2
May  4 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20552]: Connection closed by 170.64.198.192 port 58644 [preauth]
May  4 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Invalid user test from 170.64.198.192
May  4 10:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: input_userauth_request: invalid user test [preauth]
May  4 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Failed password for invalid user test from 170.64.198.192 port 56956 ssh2
May  4 10:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 170.64.198.192 port 56956 [preauth]
May  4 10:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Invalid user admin from 170.64.198.192
May  4 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: input_userauth_request: invalid user admin [preauth]
May  4 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Failed password for invalid user admin from 170.64.198.192 port 56972 ssh2
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20573]: Connection closed by 170.64.198.192 port 56972 [preauth]
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20584]: pam_unix(cron:session): session closed for user p13x
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20645]: Successful su for rubyman by root
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20645]: + ??? root:rubyman
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326966 of user rubyman.
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20645]: pam_unix(su:session): session closed for user rubyman
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326966.
May  4 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Invalid user kubernetes from 170.64.198.192
May  4 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: input_userauth_request: invalid user kubernetes [preauth]
May  4 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session closed for user root
May  4 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Failed password for invalid user kubernetes from 170.64.198.192 port 47836 ssh2
May  4 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Connection closed by 170.64.198.192 port 47836 [preauth]
May  4 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20585]: pam_unix(cron:session): session closed for user samftp
May  4 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Invalid user es from 170.64.198.192
May  4 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: input_userauth_request: invalid user es [preauth]
May  4 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Failed password for invalid user es from 170.64.198.192 port 47854 ssh2
May  4 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20854]: Connection closed by 170.64.198.192 port 47854 [preauth]
May  4 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Failed password for root from 170.64.198.192 port 33620 ssh2
May  4 10:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20870]: Connection closed by 170.64.198.192 port 33620 [preauth]
May  4 10:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Invalid user dev from 170.64.198.192
May  4 10:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: input_userauth_request: invalid user dev [preauth]
May  4 10:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user dev from 170.64.198.192 port 33646 ssh2
May  4 10:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Connection closed by 170.64.198.192 port 33646 [preauth]
May  4 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Invalid user postgres from 170.64.198.192
May  4 10:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: input_userauth_request: invalid user postgres [preauth]
May  4 10:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for invalid user postgres from 170.64.198.192 port 41540 ssh2
May  4 10:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Connection closed by 170.64.198.192 port 41540 [preauth]
May  4 10:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: Failed password for root from 170.64.198.192 port 41548 ssh2
May  4 10:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: Connection closed by 170.64.198.192 port 41548 [preauth]
May  4 10:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: Failed password for root from 170.64.198.192 port 41562 ssh2
May  4 10:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20939]: Connection closed by 170.64.198.192 port 41562 [preauth]
May  4 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Invalid user admin from 64.226.117.59
May  4 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: input_userauth_request: invalid user admin [preauth]
May  4 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19684]: pam_unix(cron:session): session closed for user root
May  4 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Invalid user user2 from 170.64.198.192
May  4 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: input_userauth_request: invalid user user2 [preauth]
May  4 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Failed password for invalid user admin from 64.226.117.59 port 55506 ssh2
May  4 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Connection closed by 64.226.117.59 port 55506 [preauth]
May  4 10:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Failed password for invalid user user2 from 170.64.198.192 port 38370 ssh2
May  4 10:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20971]: Connection closed by 170.64.198.192 port 38370 [preauth]
May  4 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: Invalid user gitlab from 170.64.198.192
May  4 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: input_userauth_request: invalid user gitlab [preauth]
May  4 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: Failed password for invalid user gitlab from 170.64.198.192 port 38376 ssh2
May  4 10:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20981]: Connection closed by 170.64.198.192 port 38376 [preauth]
May  4 10:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20993]: Failed password for root from 170.64.198.192 port 49458 ssh2
May  4 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20993]: Connection closed by 170.64.198.192 port 49458 [preauth]
May  4 10:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Invalid user elasticsearch from 170.64.198.192
May  4 10:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: input_userauth_request: invalid user elasticsearch [preauth]
May  4 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Failed password for invalid user elasticsearch from 170.64.198.192 port 49462 ssh2
May  4 10:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Connection closed by 170.64.198.192 port 49462 [preauth]
May  4 10:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for root from 170.64.198.192 port 33310 ssh2
May  4 10:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Connection closed by 170.64.198.192 port 33310 [preauth]
May  4 10:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: Invalid user jfedu1 from 170.64.198.192
May  4 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: input_userauth_request: invalid user jfedu1 [preauth]
May  4 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: Failed password for invalid user jfedu1 from 170.64.198.192 port 33326 ssh2
May  4 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21026]: Connection closed by 170.64.198.192 port 33326 [preauth]
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session closed for user p13x
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: Successful su for rubyman by root
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: + ??? root:rubyman
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326969 of user rubyman.
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: pam_unix(su:session): session closed for user rubyman
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326969.
May  4 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: Invalid user minecraft from 170.64.198.192
May  4 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: input_userauth_request: invalid user minecraft [preauth]
May  4 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user root
May  4 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: Failed password for invalid user minecraft from 170.64.198.192 port 40880 ssh2
May  4 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21126]: Connection closed by 170.64.198.192 port 40880 [preauth]
May  4 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session closed for user samftp
May  4 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: Invalid user hadoop from 170.64.198.192
May  4 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: Failed password for invalid user hadoop from 170.64.198.192 port 40892 ssh2
May  4 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21331]: Connection closed by 170.64.198.192 port 40892 [preauth]
May  4 10:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Invalid user oracle from 193.32.162.97
May  4 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: input_userauth_request: invalid user oracle [preauth]
May  4 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: Invalid user git from 170.64.198.192
May  4 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: input_userauth_request: invalid user git [preauth]
May  4 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Failed password for invalid user oracle from 193.32.162.97 port 45900 ssh2
May  4 10:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Connection closed by 193.32.162.97 port 45900 [preauth]
May  4 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: Failed password for invalid user git from 170.64.198.192 port 42954 ssh2
May  4 10:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: Connection closed by 170.64.198.192 port 42954 [preauth]
May  4 10:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Invalid user solr from 170.64.198.192
May  4 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: input_userauth_request: invalid user solr [preauth]
May  4 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Failed password for invalid user solr from 170.64.198.192 port 42970 ssh2
May  4 10:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21367]: Connection closed by 170.64.198.192 port 42970 [preauth]
May  4 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Failed password for root from 170.64.198.192 port 42972 ssh2
May  4 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Connection closed by 170.64.198.192 port 42972 [preauth]
May  4 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Failed password for root from 170.64.198.192 port 50820 ssh2
May  4 10:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Connection closed by 170.64.198.192 port 50820 [preauth]
May  4 10:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21402]: Failed password for root from 170.64.198.192 port 50830 ssh2
May  4 10:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21402]: Connection closed by 170.64.198.192 port 50830 [preauth]
May  4 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Invalid user kingbase from 170.64.198.192
May  4 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: input_userauth_request: invalid user kingbase [preauth]
May  4 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20153]: pam_unix(cron:session): session closed for user root
May  4 10:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Failed password for invalid user kingbase from 170.64.198.192 port 48526 ssh2
May  4 10:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Connection closed by 170.64.198.192 port 48526 [preauth]
May  4 10:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Failed password for root from 170.64.198.192 port 48538 ssh2
May  4 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21441]: Connection closed by 170.64.198.192 port 48538 [preauth]
May  4 10:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Invalid user lsfadmin from 170.64.198.192
May  4 10:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: input_userauth_request: invalid user lsfadmin [preauth]
May  4 10:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Failed password for invalid user lsfadmin from 170.64.198.192 port 40010 ssh2
May  4 10:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Connection closed by 170.64.198.192 port 40010 [preauth]
May  4 10:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Failed password for root from 170.64.198.192 port 40020 ssh2
May  4 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21479]: Connection closed by 170.64.198.192 port 40020 [preauth]
May  4 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Invalid user web-admin from 164.68.105.9
May  4 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: input_userauth_request: invalid user web-admin [preauth]
May  4 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 10:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Invalid user odoo16 from 170.64.198.192
May  4 10:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: input_userauth_request: invalid user odoo16 [preauth]
May  4 10:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Failed password for invalid user web-admin from 164.68.105.9 port 54126 ssh2
May  4 10:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21482]: Connection closed by 164.68.105.9 port 54126 [preauth]
May  4 10:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Failed password for invalid user odoo16 from 170.64.198.192 port 51716 ssh2
May  4 10:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Connection closed by 170.64.198.192 port 51716 [preauth]
May  4 10:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: Invalid user yealink from 170.64.198.192
May  4 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: input_userauth_request: invalid user yealink [preauth]
May  4 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: Failed password for invalid user yealink from 170.64.198.192 port 51720 ssh2
May  4 10:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21495]: Connection closed by 170.64.198.192 port 51720 [preauth]
May  4 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Invalid user postgres from 170.64.198.192
May  4 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: input_userauth_request: invalid user postgres [preauth]
May  4 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session closed for user p13x
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21587]: Successful su for rubyman by root
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21587]: + ??? root:rubyman
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326973 of user rubyman.
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21587]: pam_unix(su:session): session closed for user rubyman
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326973.
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Failed password for invalid user postgres from 170.64.198.192 port 51732 ssh2
May  4 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21505]: Connection closed by 170.64.198.192 port 51732 [preauth]
May  4 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18789]: pam_unix(cron:session): session closed for user root
May  4 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Invalid user nginx from 170.64.198.192
May  4 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: input_userauth_request: invalid user nginx [preauth]
May  4 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session closed for user samftp
May  4 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Failed password for invalid user nginx from 170.64.198.192 port 46900 ssh2
May  4 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21867]: Connection closed by 170.64.198.192 port 46900 [preauth]
May  4 10:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Invalid user postgres from 170.64.198.192
May  4 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: input_userauth_request: invalid user postgres [preauth]
May  4 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for invalid user postgres from 170.64.198.192 port 46908 ssh2
May  4 10:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Connection closed by 170.64.198.192 port 46908 [preauth]
May  4 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: Invalid user wso2 from 170.64.198.192
May  4 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: input_userauth_request: invalid user wso2 [preauth]
May  4 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: Failed password for invalid user wso2 from 170.64.198.192 port 60324 ssh2
May  4 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: Connection closed by 170.64.198.192 port 60324 [preauth]
May  4 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: User ftp from 170.64.198.192 not allowed because not listed in AllowUsers
May  4 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: input_userauth_request: invalid user ftp [preauth]
May  4 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=ftp
May  4 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Failed password for invalid user ftp from 170.64.198.192 port 60340 ssh2
May  4 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Connection closed by 170.64.198.192 port 60340 [preauth]
May  4 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: Invalid user hive from 170.64.198.192
May  4 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: input_userauth_request: invalid user hive [preauth]
May  4 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: Failed password for invalid user hive from 170.64.198.192 port 48386 ssh2
May  4 10:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22122]: Connection closed by 170.64.198.192 port 48386 [preauth]
May  4 10:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: Invalid user hadoop from 170.64.198.192
May  4 10:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: input_userauth_request: invalid user hadoop [preauth]
May  4 10:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: Failed password for invalid user hadoop from 170.64.198.192 port 48388 ssh2
May  4 10:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: Connection closed by 170.64.198.192 port 48388 [preauth]
May  4 10:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: Invalid user lighthouse from 170.64.198.192
May  4 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: input_userauth_request: invalid user lighthouse [preauth]
May  4 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Invalid user duo from 185.213.164.48
May  4 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: input_userauth_request: invalid user duo [preauth]
May  4 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48
May  4 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20588]: pam_unix(cron:session): session closed for user root
May  4 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: Failed password for invalid user lighthouse from 170.64.198.192 port 41500 ssh2
May  4 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22161]: Connection closed by 170.64.198.192 port 41500 [preauth]
May  4 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Failed password for invalid user duo from 185.213.164.48 port 41706 ssh2
May  4 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Received disconnect from 185.213.164.48 port 41706:11: Bye Bye [preauth]
May  4 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22163]: Disconnected from 185.213.164.48 port 41706 [preauth]
May  4 10:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Invalid user tomcat from 170.64.198.192
May  4 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: input_userauth_request: invalid user tomcat [preauth]
May  4 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Failed password for invalid user tomcat from 170.64.198.192 port 41510 ssh2
May  4 10:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22198]: Connection closed by 170.64.198.192 port 41510 [preauth]
May  4 10:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Invalid user stream from 170.64.198.192
May  4 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: input_userauth_request: invalid user stream [preauth]
May  4 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user stream from 170.64.198.192 port 59586 ssh2
May  4 10:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Connection closed by 170.64.198.192 port 59586 [preauth]
May  4 10:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Invalid user dolphinscheduler from 170.64.198.192
May  4 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Failed password for invalid user dolphinscheduler from 170.64.198.192 port 59602 ssh2
May  4 10:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22247]: Connection closed by 170.64.198.192 port 59602 [preauth]
May  4 10:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22263]: Failed password for root from 170.64.198.192 port 59606 ssh2
May  4 10:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22263]: Connection closed by 170.64.198.192 port 59606 [preauth]
May  4 10:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: Invalid user gpadmin from 170.64.198.192
May  4 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: input_userauth_request: invalid user gpadmin [preauth]
May  4 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: Failed password for invalid user gpadmin from 170.64.198.192 port 50044 ssh2
May  4 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22266]: Connection closed by 170.64.198.192 port 50044 [preauth]
May  4 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: Invalid user test2 from 170.64.198.192
May  4 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: input_userauth_request: invalid user test2 [preauth]
May  4 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22282]: Did not receive identification string from 193.32.162.89
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: Failed password for invalid user test2 from 170.64.198.192 port 50052 ssh2
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
May  4 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22292]: pam_unix(cron:session): session closed for user p13x
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22280]: Connection closed by 170.64.198.192 port 50052 [preauth]
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: Successful su for rubyman by root
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: + ??? root:rubyman
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326978 of user rubyman.
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: pam_unix(su:session): session closed for user rubyman
May  4 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326978.
May  4 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session closed for user root
May  4 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user root
May  4 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: Invalid user deploy from 170.64.198.192
May  4 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: input_userauth_request: invalid user deploy [preauth]
May  4 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: Failed password for invalid user deploy from 170.64.198.192 port 38280 ssh2
May  4 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22293]: pam_unix(cron:session): session closed for user samftp
May  4 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22499]: Connection closed by 170.64.198.192 port 38280 [preauth]
May  4 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Invalid user opc from 170.64.198.192
May  4 10:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: input_userauth_request: invalid user opc [preauth]
May  4 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Failed password for invalid user opc from 170.64.198.192 port 38298 ssh2
May  4 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22620]: Connection closed by 170.64.198.192 port 38298 [preauth]
May  4 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Invalid user admin from 170.64.198.192
May  4 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: input_userauth_request: invalid user admin [preauth]
May  4 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Failed password for invalid user admin from 170.64.198.192 port 41090 ssh2
May  4 10:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22631]: Connection closed by 170.64.198.192 port 41090 [preauth]
May  4 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Invalid user bigdata from 170.64.198.192
May  4 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: input_userauth_request: invalid user bigdata [preauth]
May  4 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Failed password for invalid user bigdata from 170.64.198.192 port 41100 ssh2
May  4 10:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Connection closed by 170.64.198.192 port 41100 [preauth]
May  4 10:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: Invalid user server from 170.64.198.192
May  4 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: input_userauth_request: invalid user server [preauth]
May  4 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: Failed password for invalid user server from 170.64.198.192 port 37116 ssh2
May  4 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22656]: Connection closed by 170.64.198.192 port 37116 [preauth]
May  4 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Invalid user ubuntu from 170.64.198.192
May  4 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: input_userauth_request: invalid user ubuntu [preauth]
May  4 10:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Failed password for invalid user ubuntu from 170.64.198.192 port 37120 ssh2
May  4 10:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 10:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Connection closed by 170.64.198.192 port 37120 [preauth]
May  4 10:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Failed password for root from 218.92.0.233 port 48124 ssh2
May  4 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: Invalid user git from 170.64.198.192
May  4 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: input_userauth_request: invalid user git [preauth]
May  4 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session closed for user root
May  4 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Failed password for root from 218.92.0.233 port 48124 ssh2
May  4 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: Failed password for invalid user git from 170.64.198.192 port 60112 ssh2
May  4 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22697]: Connection closed by 170.64.198.192 port 60112 [preauth]
May  4 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Failed password for root from 218.92.0.233 port 48124 ssh2
May  4 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Received disconnect from 218.92.0.233 port 48124:11:  [preauth]
May  4 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: Disconnected from 218.92.0.233 port 48124 [preauth]
May  4 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22695]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 10:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Failed password for root from 170.64.198.192 port 60116 ssh2
May  4 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Connection closed by 170.64.198.192 port 60116 [preauth]
May  4 10:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 10:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for root from 218.92.0.233 port 51416 ssh2
May  4 10:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for root from 218.92.0.233 port 51416 ssh2
May  4 10:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Failed password for root from 170.64.198.192 port 60132 ssh2
May  4 10:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Connection closed by 170.64.198.192 port 60132 [preauth]
May  4 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Invalid user docker from 170.64.198.192
May  4 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: input_userauth_request: invalid user docker [preauth]
May  4 10:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for root from 218.92.0.233 port 51416 ssh2
May  4 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Received disconnect from 218.92.0.233 port 51416:11:  [preauth]
May  4 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Disconnected from 218.92.0.233 port 51416 [preauth]
May  4 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Failed password for invalid user docker from 170.64.198.192 port 42350 ssh2
May  4 10:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Connection closed by 170.64.198.192 port 42350 [preauth]
May  4 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Failed password for root from 170.64.198.192 port 42356 ssh2
May  4 10:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Connection closed by 170.64.198.192 port 42356 [preauth]
May  4 10:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Failed password for root from 170.64.198.192 port 54686 ssh2
May  4 10:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Connection closed by 170.64.198.192 port 54686 [preauth]
May  4 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Invalid user sadmin from 170.64.198.192
May  4 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: input_userauth_request: invalid user sadmin [preauth]
May  4 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Failed password for root from 218.92.0.218 port 57236 ssh2
May  4 10:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Failed password for invalid user sadmin from 170.64.198.192 port 54694 ssh2
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Connection closed by 170.64.198.192 port 54694 [preauth]
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Failed password for root from 218.92.0.218 port 57236 ssh2
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session closed for user p13x
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22899]: Successful su for rubyman by root
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22899]: + ??? root:rubyman
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326984 of user rubyman.
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22899]: pam_unix(su:session): session closed for user rubyman
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326984.
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Invalid user esuser from 170.64.198.192
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: input_userauth_request: invalid user esuser [preauth]
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Failed password for root from 218.92.0.218 port 57236 ssh2
May  4 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Received disconnect from 218.92.0.218 port 57236:11:  [preauth]
May  4 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Disconnected from 218.92.0.218 port 57236 [preauth]
May  4 10:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19683]: pam_unix(cron:session): session closed for user root
May  4 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Failed password for invalid user esuser from 170.64.198.192 port 46910 ssh2
May  4 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22898]: Connection closed by 170.64.198.192 port 46910 [preauth]
May  4 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session closed for user samftp
May  4 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Invalid user elastic from 170.64.198.192
May  4 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: input_userauth_request: invalid user elastic [preauth]
May  4 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user elastic from 170.64.198.192 port 46926 ssh2
May  4 10:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Connection closed by 170.64.198.192 port 46926 [preauth]
May  4 10:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: Invalid user dolphinscheduler from 170.64.198.192
May  4 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: Failed password for invalid user dolphinscheduler from 170.64.198.192 port 39600 ssh2
May  4 10:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23124]: Connection closed by 170.64.198.192 port 39600 [preauth]
May  4 10:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Invalid user apache from 170.64.198.192
May  4 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: input_userauth_request: invalid user apache [preauth]
May  4 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Failed password for invalid user apache from 170.64.198.192 port 39606 ssh2
May  4 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Connection closed by 170.64.198.192 port 39606 [preauth]
May  4 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Invalid user ranger from 170.64.198.192
May  4 10:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: input_userauth_request: invalid user ranger [preauth]
May  4 10:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Failed password for invalid user ranger from 170.64.198.192 port 39610 ssh2
May  4 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Connection closed by 170.64.198.192 port 39610 [preauth]
May  4 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Invalid user bot from 170.64.198.192
May  4 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: input_userauth_request: invalid user bot [preauth]
May  4 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Failed password for invalid user bot from 170.64.198.192 port 33394 ssh2
May  4 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Connection closed by 170.64.198.192 port 33394 [preauth]
May  4 10:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Failed password for root from 170.64.198.192 port 33416 ssh2
May  4 10:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Connection closed by 170.64.198.192 port 33416 [preauth]
May  4 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session closed for user root
May  4 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Invalid user docker from 170.64.198.192
May  4 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: input_userauth_request: invalid user docker [preauth]
May  4 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Failed password for invalid user docker from 170.64.198.192 port 55278 ssh2
May  4 10:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Connection closed by 170.64.198.192 port 55278 [preauth]
May  4 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Invalid user tom from 170.64.198.192
May  4 10:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: input_userauth_request: invalid user tom [preauth]
May  4 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Failed password for invalid user tom from 170.64.198.192 port 55284 ssh2
May  4 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Connection closed by 170.64.198.192 port 55284 [preauth]
May  4 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Invalid user flink from 170.64.198.192
May  4 10:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: input_userauth_request: invalid user flink [preauth]
May  4 10:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Failed password for invalid user flink from 170.64.198.192 port 60730 ssh2
May  4 10:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Connection closed by 170.64.198.192 port 60730 [preauth]
May  4 10:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Failed password for root from 170.64.198.192 port 60740 ssh2
May  4 10:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Connection closed by 170.64.198.192 port 60740 [preauth]
May  4 10:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Invalid user fastuser from 170.64.198.192
May  4 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: input_userauth_request: invalid user fastuser [preauth]
May  4 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Failed password for invalid user fastuser from 170.64.198.192 port 42422 ssh2
May  4 10:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Connection closed by 170.64.198.192 port 42422 [preauth]
May  4 10:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: Invalid user guest from 170.64.198.192
May  4 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: input_userauth_request: invalid user guest [preauth]
May  4 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: Failed password for invalid user guest from 170.64.198.192 port 42434 ssh2
May  4 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23289]: Connection closed by 170.64.198.192 port 42434 [preauth]
May  4 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Invalid user app from 202.179.66.26
May  4 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: input_userauth_request: invalid user app [preauth]
May  4 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: Invalid user steam from 170.64.198.192
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: input_userauth_request: invalid user steam [preauth]
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23329]: pam_unix(cron:session): session closed for user p13x
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: Successful su for rubyman by root
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: + ??? root:rubyman
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326987 of user rubyman.
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: pam_unix(su:session): session closed for user rubyman
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326987.
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Failed password for invalid user app from 202.179.66.26 port 46846 ssh2
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Received disconnect from 202.179.66.26 port 46846:11: Bye Bye [preauth]
May  4 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Disconnected from 202.179.66.26 port 46846 [preauth]
May  4 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: Failed password for invalid user steam from 170.64.198.192 port 43576 ssh2
May  4 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: Connection closed by 170.64.198.192 port 43576 [preauth]
May  4 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Invalid user user from 103.59.95.142
May  4 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: input_userauth_request: invalid user user [preauth]
May  4 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session closed for user root
May  4 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session closed for user samftp
May  4 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Failed password for invalid user user from 103.59.95.142 port 54292 ssh2
May  4 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Received disconnect from 103.59.95.142 port 54292:11: Bye Bye [preauth]
May  4 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23533]: Disconnected from 103.59.95.142 port 54292 [preauth]
May  4 10:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: Failed password for root from 170.64.198.192 port 43592 ssh2
May  4 10:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: Connection closed by 170.64.198.192 port 43592 [preauth]
May  4 10:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Invalid user app from 170.64.198.192
May  4 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: input_userauth_request: invalid user app [preauth]
May  4 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Failed password for invalid user app from 170.64.198.192 port 43604 ssh2
May  4 10:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Connection closed by 170.64.198.192 port 43604 [preauth]
May  4 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Invalid user www from 170.64.198.192
May  4 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: input_userauth_request: invalid user www [preauth]
May  4 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Failed password for invalid user www from 170.64.198.192 port 47840 ssh2
May  4 10:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Connection closed by 170.64.198.192 port 47840 [preauth]
May  4 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Invalid user user from 170.64.198.192
May  4 10:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: input_userauth_request: invalid user user [preauth]
May  4 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Failed password for invalid user user from 170.64.198.192 port 47848 ssh2
May  4 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Connection closed by 170.64.198.192 port 47848 [preauth]
May  4 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: Invalid user sonar from 170.64.198.192
May  4 10:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: input_userauth_request: invalid user sonar [preauth]
May  4 10:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: Failed password for invalid user sonar from 170.64.198.192 port 56758 ssh2
May  4 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: Connection closed by 170.64.198.192 port 56758 [preauth]
May  4 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: Failed password for root from 170.64.198.192 port 56772 ssh2
May  4 10:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23724]: Connection closed by 170.64.198.192 port 56772 [preauth]
May  4 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: Invalid user odoo17 from 170.64.198.192
May  4 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: input_userauth_request: invalid user odoo17 [preauth]
May  4 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session closed for user root
May  4 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: Failed password for invalid user odoo17 from 170.64.198.192 port 46876 ssh2
May  4 10:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: Connection closed by 170.64.198.192 port 46876 [preauth]
May  4 10:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: Invalid user system from 170.64.198.192
May  4 10:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: input_userauth_request: invalid user system [preauth]
May  4 10:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: Failed password for invalid user system from 170.64.198.192 port 46900 ssh2
May  4 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23855]: Connection closed by 170.64.198.192 port 46900 [preauth]
May  4 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: Failed password for root from 170.64.198.192 port 55330 ssh2
May  4 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: Connection closed by 170.64.198.192 port 55330 [preauth]
May  4 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Invalid user debian from 170.64.198.192
May  4 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: input_userauth_request: invalid user debian [preauth]
May  4 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Failed password for invalid user debian from 170.64.198.192 port 55348 ssh2
May  4 10:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23903]: Connection closed by 170.64.198.192 port 55348 [preauth]
May  4 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Invalid user uftp from 170.64.198.192
May  4 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: input_userauth_request: invalid user uftp [preauth]
May  4 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for invalid user uftp from 170.64.198.192 port 39776 ssh2
May  4 10:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Connection closed by 170.64.198.192 port 39776 [preauth]
May  4 10:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Invalid user ftpuser from 170.64.198.192
May  4 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: input_userauth_request: invalid user ftpuser [preauth]
May  4 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Failed password for invalid user ftpuser from 170.64.198.192 port 39784 ssh2
May  4 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Connection closed by 170.64.198.192 port 39784 [preauth]
May  4 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Invalid user www from 170.64.198.192
May  4 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: input_userauth_request: invalid user www [preauth]
May  4 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session closed for user p13x
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: Successful su for rubyman by root
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: + ??? root:rubyman
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326992 of user rubyman.
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: pam_unix(su:session): session closed for user rubyman
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326992.
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for invalid user www from 170.64.198.192 port 39816 ssh2
May  4 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Connection closed by 170.64.198.192 port 39816 [preauth]
May  4 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20586]: pam_unix(cron:session): session closed for user root
May  4 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Invalid user flask from 170.64.198.192
May  4 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: input_userauth_request: invalid user flask [preauth]
May  4 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23951]: pam_unix(cron:session): session closed for user samftp
May  4 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for invalid user flask from 170.64.198.192 port 52178 ssh2
May  4 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Connection closed by 170.64.198.192 port 52178 [preauth]
May  4 10:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: Invalid user nginx from 170.64.198.192
May  4 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: input_userauth_request: invalid user nginx [preauth]
May  4 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: Failed password for invalid user nginx from 170.64.198.192 port 52188 ssh2
May  4 10:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: Connection closed by 170.64.198.192 port 52188 [preauth]
May  4 10:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Invalid user sonar from 170.64.198.192
May  4 10:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: input_userauth_request: invalid user sonar [preauth]
May  4 10:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Failed password for invalid user sonar from 170.64.198.192 port 41148 ssh2
May  4 10:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24233]: Connection closed by 170.64.198.192 port 41148 [preauth]
May  4 10:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Failed password for root from 170.64.198.192 port 41164 ssh2
May  4 10:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Connection closed by 170.64.198.192 port 41164 [preauth]
May  4 10:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Invalid user username from 170.64.198.192
May  4 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: input_userauth_request: invalid user username [preauth]
May  4 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Failed password for invalid user username from 170.64.198.192 port 55512 ssh2
May  4 10:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24272]: Connection closed by 170.64.198.192 port 55512 [preauth]
May  4 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: User backup from 170.64.198.192 not allowed because not listed in AllowUsers
May  4 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: input_userauth_request: invalid user backup [preauth]
May  4 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=backup
May  4 10:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Failed password for invalid user backup from 170.64.198.192 port 55528 ssh2
May  4 10:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Connection closed by 170.64.198.192 port 55528 [preauth]
May  4 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Invalid user wang from 170.64.198.192
May  4 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: input_userauth_request: invalid user wang [preauth]
May  4 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22824]: pam_unix(cron:session): session closed for user root
May  4 10:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Failed password for invalid user wang from 170.64.198.192 port 34092 ssh2
May  4 10:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Connection closed by 170.64.198.192 port 34092 [preauth]
May  4 10:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Invalid user dolphinscheduler from 170.64.198.192
May  4 10:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 10:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Failed password for invalid user dolphinscheduler from 170.64.198.192 port 34100 ssh2
May  4 10:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Connection closed by 170.64.198.192 port 34100 [preauth]
May  4 10:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Invalid user demo from 170.64.198.192
May  4 10:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: input_userauth_request: invalid user demo [preauth]
May  4 10:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for invalid user demo from 170.64.198.192 port 45788 ssh2
May  4 10:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Connection closed by 170.64.198.192 port 45788 [preauth]
May  4 10:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Invalid user amir from 170.64.198.192
May  4 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: input_userauth_request: invalid user amir [preauth]
May  4 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user amir from 170.64.198.192 port 45790 ssh2
May  4 10:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Connection closed by 170.64.198.192 port 45790 [preauth]
May  4 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192  user=root
May  4 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Failed password for root from 170.64.198.192 port 45804 ssh2
May  4 10:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24388]: Connection closed by 170.64.198.192 port 45804 [preauth]
May  4 10:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: Invalid user user from 170.64.198.192
May  4 10:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: input_userauth_request: invalid user user [preauth]
May  4 10:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: Failed password for invalid user user from 170.64.198.192 port 56468 ssh2
May  4 10:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24399]: Connection closed by 170.64.198.192 port 56468 [preauth]
May  4 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Invalid user factorio from 170.64.198.192
May  4 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: input_userauth_request: invalid user factorio [preauth]
May  4 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Failed password for invalid user factorio from 170.64.198.192 port 56480 ssh2
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Connection closed by 170.64.198.192 port 56480 [preauth]
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24420]: pam_unix(cron:session): session closed for user p13x
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24486]: Successful su for rubyman by root
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24486]: + ??? root:rubyman
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 326996 of user rubyman.
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24486]: pam_unix(su:session): session closed for user rubyman
May  4 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 326996.
May  4 10:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session closed for user root
May  4 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Invalid user g from 170.64.198.192
May  4 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: input_userauth_request: invalid user g [preauth]
May  4 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user samftp
May  4 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Failed password for invalid user g from 170.64.198.192 port 41776 ssh2
May  4 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24576]: Connection closed by 170.64.198.192 port 41776 [preauth]
May  4 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: Invalid user jumpserver from 170.64.198.192
May  4 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: input_userauth_request: invalid user jumpserver [preauth]
May  4 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: Failed password for invalid user jumpserver from 170.64.198.192 port 41780 ssh2
May  4 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24688]: Connection closed by 170.64.198.192 port 41780 [preauth]
May  4 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: Invalid user admin from 64.226.117.59
May  4 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: input_userauth_request: invalid user admin [preauth]
May  4 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Invalid user dev from 170.64.198.192
May  4 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: input_userauth_request: invalid user dev [preauth]
May  4 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: Failed password for invalid user admin from 64.226.117.59 port 41660 ssh2
May  4 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24703]: Connection closed by 64.226.117.59 port 41660 [preauth]
May  4 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Failed password for invalid user dev from 170.64.198.192 port 47842 ssh2
May  4 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24705]: Connection closed by 170.64.198.192 port 47842 [preauth]
May  4 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Invalid user centos from 170.64.198.192
May  4 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: input_userauth_request: invalid user centos [preauth]
May  4 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Failed password for invalid user centos from 170.64.198.192 port 47844 ssh2
May  4 10:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24728]: Connection closed by 170.64.198.192 port 47844 [preauth]
May  4 10:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Invalid user dspace from 170.64.198.192
May  4 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: input_userauth_request: invalid user dspace [preauth]
May  4 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Failed password for invalid user dspace from 170.64.198.192 port 50446 ssh2
May  4 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Connection closed by 170.64.198.192 port 50446 [preauth]
May  4 10:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: Invalid user ec2-user from 170.64.198.192
May  4 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: input_userauth_request: invalid user ec2-user [preauth]
May  4 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: Failed password for invalid user ec2-user from 170.64.198.192 port 50462 ssh2
May  4 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24761]: Connection closed by 170.64.198.192 port 50462 [preauth]
May  4 10:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  4 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: Invalid user ubuntu from 170.64.198.192
May  4 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: input_userauth_request: invalid user ubuntu [preauth]
May  4 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.198.192
May  4 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 80.94.95.29 port 38565 ssh2
May  4 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: Failed password for invalid user ubuntu from 170.64.198.192 port 50466 ssh2
May  4 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: Connection closed by 170.64.198.192 port 50466 [preauth]
May  4 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 80.94.95.29 port 38565 ssh2
May  4 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user root
May  4 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 80.94.95.29 port 38565 ssh2
May  4 10:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.48  user=root
May  4 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Failed password for root from 185.213.164.48 port 34422 ssh2
May  4 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Received disconnect from 185.213.164.48 port 34422:11: Bye Bye [preauth]
May  4 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Disconnected from 185.213.164.48 port 34422 [preauth]
May  4 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 80.94.95.29 port 38565 ssh2
May  4 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 80.94.95.29 port 38565 ssh2
May  4 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Received disconnect from 80.94.95.29 port 38565:11: Bye [preauth]
May  4 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Disconnected from 80.94.95.29 port 38565 [preauth]
May  4 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  4 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 10:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Invalid user oracle from 193.32.162.97
May  4 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: input_userauth_request: invalid user oracle [preauth]
May  4 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 10:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Failed password for invalid user oracle from 193.32.162.97 port 55190 ssh2
May  4 10:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24855]: Connection closed by 193.32.162.97 port 55190 [preauth]
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24865]: pam_unix(cron:session): session closed for user root
May  4 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session closed for user p13x
May  4 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: Successful su for rubyman by root
May  4 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: + ??? root:rubyman
May  4 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327000 of user rubyman.
May  4 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24946]: pam_unix(su:session): session closed for user rubyman
May  4 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327000.
May  4 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session closed for user root
May  4 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session closed for user root
May  4 10:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session closed for user samftp
May  4 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23954]: pam_unix(cron:session): session closed for user root
May  4 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25313]: pam_unix(cron:session): session closed for user p13x
May  4 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: Successful su for rubyman by root
May  4 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: + ??? root:rubyman
May  4 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327005 of user rubyman.
May  4 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: pam_unix(su:session): session closed for user rubyman
May  4 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327005.
May  4 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user root
May  4 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25314]: pam_unix(cron:session): session closed for user samftp
May  4 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Invalid user admin from 139.19.117.131
May  4 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: input_userauth_request: invalid user admin [preauth]
May  4 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24423]: pam_unix(cron:session): session closed for user root
May  4 10:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25640]: Connection closed by 139.19.117.131 port 47896 [preauth]
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25728]: pam_unix(cron:session): session closed for user p13x
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25788]: Successful su for rubyman by root
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25788]: + ??? root:rubyman
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327009 of user rubyman.
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25788]: pam_unix(su:session): session closed for user rubyman
May  4 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327009.
May  4 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session closed for user root
May  4 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25729]: pam_unix(cron:session): session closed for user samftp
May  4 10:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Failed password for root from 202.179.66.26 port 55772 ssh2
May  4 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Received disconnect from 202.179.66.26 port 55772:11: Bye Bye [preauth]
May  4 10:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Disconnected from 202.179.66.26 port 55772 [preauth]
May  4 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24864]: pam_unix(cron:session): session closed for user root
May  4 10:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user p13x
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26183]: Successful su for rubyman by root
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26183]: + ??? root:rubyman
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327013 of user rubyman.
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26183]: pam_unix(su:session): session closed for user rubyman
May  4 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327013.
May  4 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Failed password for root from 103.59.95.142 port 58780 ssh2
May  4 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Received disconnect from 103.59.95.142 port 58780:11: Bye Bye [preauth]
May  4 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Disconnected from 103.59.95.142 port 58780 [preauth]
May  4 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user root
May  4 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user samftp
May  4 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25316]: pam_unix(cron:session): session closed for user root
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session closed for user p13x
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: Successful su for rubyman by root
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: + ??? root:rubyman
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327018 of user rubyman.
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: pam_unix(su:session): session closed for user rubyman
May  4 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327018.
May  4 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session closed for user root
May  4 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session closed for user samftp
May  4 10:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26851]: Did not receive identification string from 193.32.162.84
May  4 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: Invalid user phantom from 50.235.31.47
May  4 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: input_userauth_request: invalid user phantom [preauth]
May  4 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: pam_unix(sshd:auth): check pass; user unknown
May  4 10:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 10:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: Failed password for invalid user phantom from 50.235.31.47 port 38726 ssh2
May  4 10:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26924]: Connection closed by 50.235.31.47 port 38726 [preauth]
May  4 10:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25731]: pam_unix(cron:session): session closed for user root
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session closed for user root
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session closed for user root
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27052]: pam_unix(cron:session): session closed for user p13x
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: Successful su for rubyman by root
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: + ??? root:rubyman
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327025 of user rubyman.
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27154]: pam_unix(su:session): session closed for user rubyman
May  4 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327025.
May  4 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24422]: pam_unix(cron:session): session closed for user root
May  4 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user root
May  4 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27053]: pam_unix(cron:session): session closed for user samftp
May  4 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session closed for user root
May  4 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Invalid user admin from 64.226.117.59
May  4 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: input_userauth_request: invalid user admin [preauth]
May  4 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Failed password for invalid user admin from 64.226.117.59 port 41564 ssh2
May  4 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27604]: Connection closed by 64.226.117.59 port 41564 [preauth]
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session closed for user p13x
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27692]: Successful su for rubyman by root
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27692]: + ??? root:rubyman
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327028 of user rubyman.
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27692]: pam_unix(su:session): session closed for user rubyman
May  4 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327028.
May  4 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session closed for user root
May  4 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session closed for user samftp
May  4 11:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Invalid user admin from 80.94.95.112
May  4 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: input_userauth_request: invalid user admin [preauth]
May  4 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user admin from 80.94.95.112 port 46160 ssh2
May  4 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user admin from 80.94.95.112 port 46160 ssh2
May  4 11:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user admin from 80.94.95.112 port 46160 ssh2
May  4 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user admin from 80.94.95.112 port 46160 ssh2
May  4 11:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user admin from 80.94.95.112 port 46160 ssh2
May  4 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Received disconnect from 80.94.95.112 port 46160:11: Bye [preauth]
May  4 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Disconnected from 80.94.95.112 port 46160 [preauth]
May  4 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 11:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session closed for user root
May  4 11:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Invalid user oracle from 193.32.162.97
May  4 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: input_userauth_request: invalid user oracle [preauth]
May  4 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Failed password for invalid user oracle from 193.32.162.97 port 36248 ssh2
May  4 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Connection closed by 193.32.162.97 port 36248 [preauth]
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session closed for user p13x
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28100]: Successful su for rubyman by root
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28100]: + ??? root:rubyman
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327033 of user rubyman.
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28100]: pam_unix(su:session): session closed for user rubyman
May  4 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327033.
May  4 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25315]: pam_unix(cron:session): session closed for user root
May  4 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session closed for user samftp
May  4 11:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user root
May  4 11:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Failed password for root from 202.179.66.26 port 36466 ssh2
May  4 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Received disconnect from 202.179.66.26 port 36466:11: Bye Bye [preauth]
May  4 11:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Disconnected from 202.179.66.26 port 36466 [preauth]
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session closed for user p13x
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: Successful su for rubyman by root
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: + ??? root:rubyman
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327037 of user rubyman.
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: pam_unix(su:session): session closed for user rubyman
May  4 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327037.
May  4 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25730]: pam_unix(cron:session): session closed for user root
May  4 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: Invalid user validator from 193.32.162.84
May  4 11:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: input_userauth_request: invalid user validator [preauth]
May  4 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session closed for user samftp
May  4 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: Failed password for invalid user validator from 193.32.162.84 port 57970 ssh2
May  4 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28614]: Connection closed by 193.32.162.84 port 57970 [preauth]
May  4 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session closed for user root
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session closed for user p13x
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28904]: Successful su for rubyman by root
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28904]: + ??? root:rubyman
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327040 of user rubyman.
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28904]: pam_unix(su:session): session closed for user rubyman
May  4 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327040.
May  4 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session closed for user root
May  4 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user samftp
May  4 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: Invalid user bruno from 103.234.53.78
May  4 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: input_userauth_request: invalid user bruno [preauth]
May  4 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: Failed password for invalid user bruno from 103.234.53.78 port 54250 ssh2
May  4 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29165]: Connection closed by 103.234.53.78 port 54250 [preauth]
May  4 11:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Invalid user applvis from 103.234.53.78
May  4 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: input_userauth_request: invalid user applvis [preauth]
May  4 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Failed password for invalid user applvis from 103.234.53.78 port 34608 ssh2
May  4 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Connection closed by 103.234.53.78 port 34608 [preauth]
May  4 11:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Invalid user admin from 103.234.53.78
May  4 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: input_userauth_request: invalid user admin [preauth]
May  4 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Failed password for invalid user admin from 103.234.53.78 port 34616 ssh2
May  4 11:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29193]: Connection closed by 103.234.53.78 port 34616 [preauth]
May  4 11:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Invalid user taibabi from 103.59.95.142
May  4 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: input_userauth_request: invalid user taibabi [preauth]
May  4 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Failed password for invalid user taibabi from 103.59.95.142 port 54060 ssh2
May  4 11:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Failed password for root from 103.234.53.78 port 34622 ssh2
May  4 11:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29218]: Connection closed by 103.234.53.78 port 34622 [preauth]
May  4 11:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Received disconnect from 103.59.95.142 port 54060:11: Bye Bye [preauth]
May  4 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Disconnected from 103.59.95.142 port 54060 [preauth]
May  4 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for root from 103.234.53.78 port 36404 ssh2
May  4 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 103.234.53.78 port 36404 [preauth]
May  4 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29231]: Failed password for root from 103.234.53.78 port 36420 ssh2
May  4 11:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29231]: Connection closed by 103.234.53.78 port 36420 [preauth]
May  4 11:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for root from 103.234.53.78 port 36434 ssh2
May  4 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Connection closed by 103.234.53.78 port 36434 [preauth]
May  4 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session closed for user root
May  4 11:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Failed password for root from 103.234.53.78 port 45364 ssh2
May  4 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29274]: Connection closed by 103.234.53.78 port 45364 [preauth]
May  4 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Failed password for root from 103.234.53.78 port 45380 ssh2
May  4 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Connection closed by 103.234.53.78 port 45380 [preauth]
May  4 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Failed password for root from 103.234.53.78 port 45386 ssh2
May  4 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: Connection closed by 103.234.53.78 port 45386 [preauth]
May  4 11:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Failed password for root from 103.234.53.78 port 59754 ssh2
May  4 11:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29319]: Connection closed by 103.234.53.78 port 59754 [preauth]
May  4 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Failed password for root from 103.234.53.78 port 59760 ssh2
May  4 11:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Connection closed by 103.234.53.78 port 59760 [preauth]
May  4 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 11:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Failed password for root from 103.234.53.78 port 43156 ssh2
May  4 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for root from 218.92.0.112 port 11490 ssh2
May  4 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29346]: Connection closed by 103.234.53.78 port 43156 [preauth]
May  4 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for root from 218.92.0.112 port 11490 ssh2
May  4 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Failed password for root from 103.234.53.78 port 43166 ssh2
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for root from 218.92.0.112 port 11490 ssh2
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Connection closed by 103.234.53.78 port 43166 [preauth]
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Received disconnect from 218.92.0.112 port 11490:11:  [preauth]
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Disconnected from 218.92.0.112 port 11490 [preauth]
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for root from 103.234.53.78 port 43182 ssh2
May  4 11:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Connection closed by 103.234.53.78 port 43182 [preauth]
May  4 11:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Failed password for root from 103.234.53.78 port 40048 ssh2
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29373]: Connection closed by 103.234.53.78 port 40048 [preauth]
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session closed for user root
May  4 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session closed for user p13x
May  4 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29459]: Successful su for rubyman by root
May  4 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29459]: + ??? root:rubyman
May  4 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327046 of user rubyman.
May  4 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29459]: pam_unix(su:session): session closed for user rubyman
May  4 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327046.
May  4 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29389]: pam_unix(cron:session): session closed for user root
May  4 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session closed for user root
May  4 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Failed password for root from 103.234.53.78 port 40052 ssh2
May  4 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29384]: Connection closed by 103.234.53.78 port 40052 [preauth]
May  4 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session closed for user samftp
May  4 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Failed password for root from 103.234.53.78 port 40068 ssh2
May  4 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29650]: Connection closed by 103.234.53.78 port 40068 [preauth]
May  4 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: Failed password for root from 103.234.53.78 port 41528 ssh2
May  4 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: Connection closed by 103.234.53.78 port 41528 [preauth]
May  4 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29689]: Failed password for root from 103.234.53.78 port 41530 ssh2
May  4 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29689]: Connection closed by 103.234.53.78 port 41530 [preauth]
May  4 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: Failed password for root from 103.234.53.78 port 41538 ssh2
May  4 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29704]: Connection closed by 103.234.53.78 port 41538 [preauth]
May  4 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Invalid user yt from 103.234.53.78
May  4 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: input_userauth_request: invalid user yt [preauth]
May  4 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Failed password for invalid user yt from 103.234.53.78 port 38828 ssh2
May  4 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29715]: Connection closed by 103.234.53.78 port 38828 [preauth]
May  4 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Invalid user weblogic from 103.234.53.78
May  4 11:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: input_userauth_request: invalid user weblogic [preauth]
May  4 11:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Failed password for invalid user weblogic from 103.234.53.78 port 38840 ssh2
May  4 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Connection closed by 103.234.53.78 port 38840 [preauth]
May  4 11:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: Invalid user user08 from 103.234.53.78
May  4 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: input_userauth_request: invalid user user08 [preauth]
May  4 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: Failed password for invalid user user08 from 103.234.53.78 port 38842 ssh2
May  4 11:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29745]: Connection closed by 103.234.53.78 port 38842 [preauth]
May  4 11:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: Invalid user ts3 from 103.234.53.78
May  4 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: input_userauth_request: invalid user ts3 [preauth]
May  4 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: Failed password for invalid user ts3 from 103.234.53.78 port 44334 ssh2
May  4 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29756]: Connection closed by 103.234.53.78 port 44334 [preauth]
May  4 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session closed for user root
May  4 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: Invalid user test10 from 103.234.53.78
May  4 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: input_userauth_request: invalid user test10 [preauth]
May  4 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: Failed password for invalid user test10 from 103.234.53.78 port 44350 ssh2
May  4 11:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29763]: Connection closed by 103.234.53.78 port 44350 [preauth]
May  4 11:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Invalid user sonar from 103.234.53.78
May  4 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: input_userauth_request: invalid user sonar [preauth]
May  4 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Failed password for invalid user sonar from 103.234.53.78 port 44364 ssh2
May  4 11:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Connection closed by 103.234.53.78 port 44364 [preauth]
May  4 11:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: Invalid user rust from 103.234.53.78
May  4 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: input_userauth_request: invalid user rust [preauth]
May  4 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: Failed password for invalid user rust from 103.234.53.78 port 50184 ssh2
May  4 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29797]: Connection closed by 103.234.53.78 port 50184 [preauth]
May  4 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: Invalid user pbsdata from 103.234.53.78
May  4 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: input_userauth_request: invalid user pbsdata [preauth]
May  4 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: Failed password for invalid user pbsdata from 103.234.53.78 port 50196 ssh2
May  4 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: Connection closed by 103.234.53.78 port 50196 [preauth]
May  4 11:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Invalid user neutron from 103.234.53.78
May  4 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: input_userauth_request: invalid user neutron [preauth]
May  4 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Failed password for invalid user neutron from 103.234.53.78 port 50206 ssh2
May  4 11:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Connection closed by 103.234.53.78 port 50206 [preauth]
May  4 11:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Invalid user lsfadmin from 103.234.53.78
May  4 11:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: input_userauth_request: invalid user lsfadmin [preauth]
May  4 11:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Failed password for invalid user lsfadmin from 103.234.53.78 port 37322 ssh2
May  4 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Connection closed by 103.234.53.78 port 37322 [preauth]
May  4 11:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Invalid user j2deployer from 103.234.53.78
May  4 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: input_userauth_request: invalid user j2deployer [preauth]
May  4 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Failed password for invalid user j2deployer from 103.234.53.78 port 37334 ssh2
May  4 11:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Connection closed by 103.234.53.78 port 37334 [preauth]
May  4 11:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Invalid user gtaserver from 103.234.53.78
May  4 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: input_userauth_request: invalid user gtaserver [preauth]
May  4 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Failed password for invalid user gtaserver from 103.234.53.78 port 37340 ssh2
May  4 11:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29850]: Connection closed by 103.234.53.78 port 37340 [preauth]
May  4 11:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Invalid user ftpTest from 103.234.53.78
May  4 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: input_userauth_request: invalid user ftpTest [preauth]
May  4 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Failed password for invalid user ftpTest from 103.234.53.78 port 55292 ssh2
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session closed for user p13x
May  4 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29861]: Connection closed by 103.234.53.78 port 55292 [preauth]
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29936]: Successful su for rubyman by root
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29936]: + ??? root:rubyman
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327050 of user rubyman.
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29936]: pam_unix(su:session): session closed for user rubyman
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327050.
May  4 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: Invalid user elasearch from 103.234.53.78
May  4 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: input_userauth_request: invalid user elasearch [preauth]
May  4 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: Failed password for invalid user elasearch from 103.234.53.78 port 55294 ssh2
May  4 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user root
May  4 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29951]: Connection closed by 103.234.53.78 port 55294 [preauth]
May  4 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Failed password for root from 185.93.89.118 port 16182 ssh2
May  4 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: Invalid user debug from 103.234.53.78
May  4 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: input_userauth_request: invalid user debug [preauth]
May  4 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session closed for user samftp
May  4 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: Failed password for invalid user debug from 103.234.53.78 port 55308 ssh2
May  4 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30113]: Connection closed by 103.234.53.78 port 55308 [preauth]
May  4 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29848]: Connection closed by 185.93.89.118 port 16182 [preauth]
May  4 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Invalid user cpcao from 103.234.53.78
May  4 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: input_userauth_request: invalid user cpcao [preauth]
May  4 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Failed password for invalid user cpcao from 103.234.53.78 port 33942 ssh2
May  4 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Connection closed by 103.234.53.78 port 33942 [preauth]
May  4 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Invalid user black from 103.234.53.78
May  4 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: input_userauth_request: invalid user black [preauth]
May  4 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Failed password for invalid user black from 103.234.53.78 port 33948 ssh2
May  4 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Connection closed by 103.234.53.78 port 33948 [preauth]
May  4 11:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Invalid user ansadmin from 103.234.53.78
May  4 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: input_userauth_request: invalid user ansadmin [preauth]
May  4 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Failed password for invalid user ansadmin from 103.234.53.78 port 33962 ssh2
May  4 11:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Connection closed by 103.234.53.78 port 33962 [preauth]
May  4 11:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: Invalid user adam from 103.234.53.78
May  4 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: input_userauth_request: invalid user adam [preauth]
May  4 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: Failed password for invalid user adam from 103.234.53.78 port 44948 ssh2
May  4 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30165]: Connection closed by 103.234.53.78 port 44948 [preauth]
May  4 11:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Failed password for root from 185.93.89.118 port 30842 ssh2
May  4 11:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Connection closed by 185.93.89.118 port 30842 [preauth]
May  4 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: Failed password for root from 103.234.53.78 port 44960 ssh2
May  4 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: Connection closed by 103.234.53.78 port 44960 [preauth]
May  4 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: Failed password for root from 103.234.53.78 port 44964 ssh2
May  4 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30191]: Connection closed by 103.234.53.78 port 44964 [preauth]
May  4 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: Failed password for root from 103.234.53.78 port 38362 ssh2
May  4 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: Connection closed by 103.234.53.78 port 38362 [preauth]
May  4 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May  4 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Failed password for root from 103.234.53.78 port 38378 ssh2
May  4 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30213]: Connection closed by 103.234.53.78 port 38378 [preauth]
May  4 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: Failed password for root from 103.234.53.78 port 38384 ssh2
May  4 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30234]: Connection closed by 103.234.53.78 port 38384 [preauth]
May  4 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30244]: Failed password for root from 103.234.53.78 port 47970 ssh2
May  4 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30244]: Connection closed by 103.234.53.78 port 47970 [preauth]
May  4 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: Failed password for root from 185.93.89.118 port 26110 ssh2
May  4 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30254]: Failed password for root from 103.234.53.78 port 47986 ssh2
May  4 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30254]: Connection closed by 103.234.53.78 port 47986 [preauth]
May  4 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: Connection closed by 185.93.89.118 port 26110 [preauth]
May  4 11:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30269]: Failed password for root from 103.234.53.78 port 47992 ssh2
May  4 11:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30269]: Connection closed by 103.234.53.78 port 47992 [preauth]
May  4 11:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Failed password for root from 103.234.53.78 port 43772 ssh2
May  4 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30280]: Connection closed by 103.234.53.78 port 43772 [preauth]
May  4 11:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30289]: Failed password for root from 103.234.53.78 port 43788 ssh2
May  4 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30289]: Connection closed by 103.234.53.78 port 43788 [preauth]
May  4 11:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: Failed password for root from 103.234.53.78 port 43796 ssh2
May  4 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30293]: Connection closed by 103.234.53.78 port 43796 [preauth]
May  4 11:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for root from 103.234.53.78 port 55514 ssh2
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Connection closed by 103.234.53.78 port 55514 [preauth]
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30315]: pam_unix(cron:session): session closed for user p13x
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30383]: Successful su for rubyman by root
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30383]: + ??? root:rubyman
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327057 of user rubyman.
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30383]: pam_unix(su:session): session closed for user rubyman
May  4 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327057.
May  4 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session closed for user root
May  4 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Failed password for root from 185.93.89.118 port 56646 ssh2
May  4 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30271]: Connection closed by 185.93.89.118 port 56646 [preauth]
May  4 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: Failed password for root from 103.234.53.78 port 55528 ssh2
May  4 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: Connection closed by 103.234.53.78 port 55528 [preauth]
May  4 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30316]: pam_unix(cron:session): session closed for user samftp
May  4 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Failed password for root from 103.234.53.78 port 55536 ssh2
May  4 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Connection closed by 103.234.53.78 port 55536 [preauth]
May  4 11:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Failed password for root from 103.234.53.78 port 41240 ssh2
May  4 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Connection closed by 103.234.53.78 port 41240 [preauth]
May  4 11:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Failed password for root from 103.234.53.78 port 41246 ssh2
May  4 11:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Connection closed by 103.234.53.78 port 41246 [preauth]
May  4 11:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Failed password for root from 103.234.53.78 port 41252 ssh2
May  4 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30595]: Connection closed by 103.234.53.78 port 41252 [preauth]
May  4 11:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30549]: Failed password for root from 185.93.89.118 port 14000 ssh2
May  4 11:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Failed password for root from 103.234.53.78 port 33940 ssh2
May  4 11:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Connection closed by 103.234.53.78 port 33940 [preauth]
May  4 11:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30549]: Connection closed by 185.93.89.118 port 14000 [preauth]
May  4 11:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: Invalid user xguest from 103.234.53.78
May  4 11:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: input_userauth_request: invalid user xguest [preauth]
May  4 11:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: Failed password for invalid user xguest from 103.234.53.78 port 33946 ssh2
May  4 11:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30609]: Connection closed by 103.234.53.78 port 33946 [preauth]
May  4 11:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Invalid user vpopmail from 103.234.53.78
May  4 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: input_userauth_request: invalid user vpopmail [preauth]
May  4 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Failed password for invalid user vpopmail from 103.234.53.78 port 33962 ssh2
May  4 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Connection closed by 103.234.53.78 port 33962 [preauth]
May  4 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Invalid user admin from 64.226.117.59
May  4 11:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: input_userauth_request: invalid user admin [preauth]
May  4 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Invalid user uftp from 103.234.53.78
May  4 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: input_userauth_request: invalid user uftp [preauth]
May  4 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Failed password for invalid user admin from 64.226.117.59 port 36326 ssh2
May  4 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30633]: Connection closed by 64.226.117.59 port 36326 [preauth]
May  4 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Failed password for invalid user uftp from 103.234.53.78 port 47304 ssh2
May  4 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Connection closed by 103.234.53.78 port 47304 [preauth]
May  4 11:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Invalid user testuser from 103.234.53.78
May  4 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: input_userauth_request: invalid user testuser [preauth]
May  4 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29392]: pam_unix(cron:session): session closed for user root
May  4 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Failed password for invalid user testuser from 103.234.53.78 port 47310 ssh2
May  4 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Connection closed by 103.234.53.78 port 47310 [preauth]
May  4 11:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Invalid user te from 103.234.53.78
May  4 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: input_userauth_request: invalid user te [preauth]
May  4 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Failed password for invalid user te from 103.234.53.78 port 47314 ssh2
May  4 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Connection closed by 103.234.53.78 port 47314 [preauth]
May  4 11:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Invalid user simple from 103.234.53.78
May  4 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: input_userauth_request: invalid user simple [preauth]
May  4 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Failed password for invalid user simple from 103.234.53.78 port 42686 ssh2
May  4 11:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Connection closed by 103.234.53.78 port 42686 [preauth]
May  4 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Invalid user reese from 103.234.53.78
May  4 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: input_userauth_request: invalid user reese [preauth]
May  4 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Failed password for invalid user reese from 103.234.53.78 port 42702 ssh2
May  4 11:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30691]: Connection closed by 103.234.53.78 port 42702 [preauth]
May  4 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Invalid user oracle from 103.234.53.78
May  4 11:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: input_userauth_request: invalid user oracle [preauth]
May  4 11:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Failed password for invalid user oracle from 103.234.53.78 port 42708 ssh2
May  4 11:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Connection closed by 103.234.53.78 port 42708 [preauth]
May  4 11:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Invalid user monitor from 103.234.53.78
May  4 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: input_userauth_request: invalid user monitor [preauth]
May  4 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Failed password for invalid user monitor from 103.234.53.78 port 45116 ssh2
May  4 11:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30723]: Connection closed by 103.234.53.78 port 45116 [preauth]
May  4 11:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Invalid user lian from 103.234.53.78
May  4 11:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: input_userauth_request: invalid user lian [preauth]
May  4 11:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Failed password for invalid user lian from 103.234.53.78 port 45128 ssh2
May  4 11:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Connection closed by 103.234.53.78 port 45128 [preauth]
May  4 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Invalid user infra from 103.234.53.78
May  4 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: input_userauth_request: invalid user infra [preauth]
May  4 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user p13x
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: Successful su for rubyman by root
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: + ??? root:rubyman
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327058 of user rubyman.
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: pam_unix(su:session): session closed for user rubyman
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327058.
May  4 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Failed password for invalid user infra from 103.234.53.78 port 45136 ssh2
May  4 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30739]: Connection closed by 103.234.53.78 port 45136 [preauth]
May  4 11:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session closed for user root
May  4 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: Invalid user gpu02 from 103.234.53.78
May  4 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: input_userauth_request: invalid user gpu02 [preauth]
May  4 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session closed for user samftp
May  4 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: Failed password for invalid user gpu02 from 103.234.53.78 port 41386 ssh2
May  4 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: Connection closed by 103.234.53.78 port 41386 [preauth]
May  4 11:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: Invalid user frappe from 103.234.53.78
May  4 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: input_userauth_request: invalid user frappe [preauth]
May  4 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: Failed password for invalid user frappe from 103.234.53.78 port 41396 ssh2
May  4 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30995]: Connection closed by 103.234.53.78 port 41396 [preauth]
May  4 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Invalid user dujh from 103.234.53.78
May  4 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: input_userauth_request: invalid user dujh [preauth]
May  4 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Failed password for invalid user dujh from 103.234.53.78 port 53806 ssh2
May  4 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31009]: Connection closed by 103.234.53.78 port 53806 [preauth]
May  4 11:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Invalid user dbuser from 103.234.53.78
May  4 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: input_userauth_request: invalid user dbuser [preauth]
May  4 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Failed password for invalid user dbuser from 103.234.53.78 port 53810 ssh2
May  4 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31032]: Connection closed by 103.234.53.78 port 53810 [preauth]
May  4 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Invalid user cirros from 103.234.53.78
May  4 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: input_userauth_request: invalid user cirros [preauth]
May  4 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Failed password for root from 45.116.79.186 port 58470 ssh2
May  4 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Received disconnect from 45.116.79.186 port 58470:11: Bye Bye [preauth]
May  4 11:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31034]: Disconnected from 45.116.79.186 port 58470 [preauth]
May  4 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Failed password for invalid user cirros from 103.234.53.78 port 39438 ssh2
May  4 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Connection closed by 103.234.53.78 port 39438 [preauth]
May  4 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: Invalid user ne from 202.179.66.26
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: input_userauth_request: invalid user ne [preauth]
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Invalid user bb from 103.234.53.78
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: input_userauth_request: invalid user bb [preauth]
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: Failed password for invalid user ne from 202.179.66.26 port 45388 ssh2
May  4 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Failed password for invalid user bb from 103.234.53.78 port 39452 ssh2
May  4 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: Received disconnect from 202.179.66.26 port 45388:11: Bye Bye [preauth]
May  4 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31068]: Disconnected from 202.179.66.26 port 45388 [preauth]
May  4 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Invalid user oracle from 193.32.162.97
May  4 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: input_userauth_request: invalid user oracle [preauth]
May  4 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Connection closed by 103.234.53.78 port 39452 [preauth]
May  4 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Invalid user altair from 103.234.53.78
May  4 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: input_userauth_request: invalid user altair [preauth]
May  4 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Failed password for invalid user oracle from 193.32.162.97 port 45538 ssh2
May  4 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Connection closed by 193.32.162.97 port 45538 [preauth]
May  4 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user altair from 103.234.53.78 port 41294 ssh2
May  4 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Connection closed by 103.234.53.78 port 41294 [preauth]
May  4 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session closed for user root
May  4 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for root from 103.234.53.78 port 41302 ssh2
May  4 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Connection closed by 103.234.53.78 port 41302 [preauth]
May  4 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Failed password for root from 103.234.53.78 port 41304 ssh2
May  4 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31113]: Connection closed by 103.234.53.78 port 41304 [preauth]
May  4 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Failed password for root from 103.234.53.78 port 56160 ssh2
May  4 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Connection closed by 103.234.53.78 port 56160 [preauth]
May  4 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Failed password for root from 103.234.53.78 port 56164 ssh2
May  4 11:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Connection closed by 103.234.53.78 port 56164 [preauth]
May  4 11:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for root from 103.234.53.78 port 56174 ssh2
May  4 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Connection closed by 103.234.53.78 port 56174 [preauth]
May  4 11:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Failed password for root from 103.234.53.78 port 44120 ssh2
May  4 11:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Connection closed by 103.234.53.78 port 44120 [preauth]
May  4 11:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Failed password for root from 103.234.53.78 port 44130 ssh2
May  4 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31172]: Connection closed by 103.234.53.78 port 44130 [preauth]
May  4 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user p13x
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: Successful su for rubyman by root
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: + ??? root:rubyman
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327062 of user rubyman.
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: pam_unix(su:session): session closed for user rubyman
May  4 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327062.
May  4 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session closed for user root
May  4 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Failed password for root from 103.234.53.78 port 44190 ssh2
May  4 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Connection closed by 103.234.53.78 port 44190 [preauth]
May  4 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session closed for user root
May  4 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user samftp
May  4 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Failed password for root from 103.234.53.78 port 44196 ssh2
May  4 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31461]: Connection closed by 103.234.53.78 port 44196 [preauth]
May  4 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Failed password for root from 103.234.53.78 port 52808 ssh2
May  4 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31526]: Connection closed by 103.234.53.78 port 52808 [preauth]
May  4 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Failed password for root from 103.234.53.78 port 52822 ssh2
May  4 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31536]: Connection closed by 103.234.53.78 port 52822 [preauth]
May  4 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Failed password for root from 103.234.53.78 port 52838 ssh2
May  4 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Connection closed by 103.234.53.78 port 52838 [preauth]
May  4 11:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Failed password for root from 103.234.53.78 port 43740 ssh2
May  4 11:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31573]: Connection closed by 103.234.53.78 port 43740 [preauth]
May  4 11:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: Failed password for root from 103.234.53.78 port 43742 ssh2
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: Invalid user node from 193.32.162.84
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: input_userauth_request: invalid user node [preauth]
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31596]: Connection closed by 103.234.53.78 port 43742 [preauth]
May  4 11:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: Failed password for invalid user node from 193.32.162.84 port 60452 ssh2
May  4 11:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31599]: Connection closed by 193.32.162.84 port 60452 [preauth]
May  4 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31601]: Failed password for root from 103.234.53.78 port 57126 ssh2
May  4 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31601]: Connection closed by 103.234.53.78 port 57126 [preauth]
May  4 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session closed for user root
May  4 11:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: Failed password for root from 103.234.53.78 port 57140 ssh2
May  4 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31626]: Connection closed by 103.234.53.78 port 57140 [preauth]
May  4 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31650]: Failed password for root from 103.234.53.78 port 37164 ssh2
May  4 11:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31650]: Connection closed by 103.234.53.78 port 37164 [preauth]
May  4 11:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Failed password for root from 103.234.53.78 port 37168 ssh2
May  4 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Connection closed by 103.234.53.78 port 37168 [preauth]
May  4 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78  user=root
May  4 11:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Failed password for root from 103.234.53.78 port 37266 ssh2
May  4 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Connection closed by 103.234.53.78 port 37266 [preauth]
May  4 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Invalid user wwwlogs from 103.234.53.78
May  4 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: input_userauth_request: invalid user wwwlogs [preauth]
May  4 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Failed password for invalid user wwwlogs from 103.234.53.78 port 37270 ssh2
May  4 11:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Connection closed by 103.234.53.78 port 37270 [preauth]
May  4 11:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Invalid user vagrant from 103.234.53.78
May  4 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: input_userauth_request: invalid user vagrant [preauth]
May  4 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31731]: pam_unix(cron:session): session closed for user root
May  4 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user p13x
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31797]: Successful su for rubyman by root
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31797]: + ??? root:rubyman
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327070 of user rubyman.
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31797]: pam_unix(su:session): session closed for user rubyman
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327070.
May  4 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Failed password for invalid user vagrant from 103.234.53.78 port 37276 ssh2
May  4 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Connection closed by 103.234.53.78 port 37276 [preauth]
May  4 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session closed for user root
May  4 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user root
May  4 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Invalid user ubuntuserver from 103.234.53.78
May  4 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: input_userauth_request: invalid user ubuntuserver [preauth]
May  4 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session closed for user samftp
May  4 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Failed password for invalid user ubuntuserver from 103.234.53.78 port 46618 ssh2
May  4 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31878]: Connection closed by 103.234.53.78 port 46618 [preauth]
May  4 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: Invalid user test from 103.234.53.78
May  4 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: input_userauth_request: invalid user test [preauth]
May  4 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: Failed password for invalid user test from 103.234.53.78 port 41142 ssh2
May  4 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32020]: Connection closed by 103.234.53.78 port 41142 [preauth]
May  4 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: Failed password for root from 103.59.95.142 port 33456 ssh2
May  4 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: Received disconnect from 103.59.95.142 port 33456:11: Bye Bye [preauth]
May  4 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32037]: Disconnected from 103.59.95.142 port 33456 [preauth]
May  4 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Invalid user support from 103.234.53.78
May  4 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: input_userauth_request: invalid user support [preauth]
May  4 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Failed password for invalid user support from 103.234.53.78 port 41144 ssh2
May  4 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32046]: Connection closed by 103.234.53.78 port 41144 [preauth]
May  4 11:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: Invalid user serverpilot from 103.234.53.78
May  4 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: input_userauth_request: invalid user serverpilot [preauth]
May  4 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: Failed password for invalid user serverpilot from 103.234.53.78 port 55938 ssh2
May  4 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32057]: Connection closed by 103.234.53.78 port 55938 [preauth]
May  4 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: Invalid user public from 103.234.53.78
May  4 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: input_userauth_request: invalid user public [preauth]
May  4 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: Failed password for invalid user public from 103.234.53.78 port 55948 ssh2
May  4 11:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32067]: Connection closed by 103.234.53.78 port 55948 [preauth]
May  4 11:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Invalid user operador from 103.234.53.78
May  4 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: input_userauth_request: invalid user operador [preauth]
May  4 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session closed for user root
May  4 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Failed password for invalid user operador from 103.234.53.78 port 42346 ssh2
May  4 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Connection closed by 103.234.53.78 port 42346 [preauth]
May  4 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Invalid user melvin from 103.234.53.78
May  4 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: input_userauth_request: invalid user melvin [preauth]
May  4 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32108]: Connection closed by 172.105.128.12 port 38282 [preauth]
May  4 11:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32125]: Connection closed by 172.105.128.12 port 38288 [preauth]
May  4 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32127]: fatal: Unable to negotiate with 172.105.128.12 port 38294: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  4 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Failed password for invalid user melvin from 103.234.53.78 port 42350 ssh2
May  4 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32100]: Connection closed by 103.234.53.78 port 42350 [preauth]
May  4 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Invalid user ken from 103.234.53.78
May  4 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: input_userauth_request: invalid user ken [preauth]
May  4 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.234.53.78
May  4 11:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Failed password for invalid user ken from 103.234.53.78 port 60526 ssh2
May  4 11:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32129]: Connection closed by 103.234.53.78 port 60526 [preauth]
May  4 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32190]: pam_unix(cron:session): session closed for user p13x
May  4 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32257]: Successful su for rubyman by root
May  4 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32257]: + ??? root:rubyman
May  4 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327075 of user rubyman.
May  4 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32257]: pam_unix(su:session): session closed for user rubyman
May  4 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327075.
May  4 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29390]: pam_unix(cron:session): session closed for user root
May  4 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32191]: pam_unix(cron:session): session closed for user samftp
May  4 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session closed for user root
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32609]: pam_unix(cron:session): session closed for user p13x
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: Successful su for rubyman by root
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: + ??? root:rubyman
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327078 of user rubyman.
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32758]: pam_unix(su:session): session closed for user rubyman
May  4 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327078.
May  4 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session closed for user root
May  4 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32021]: Connection reset by 218.92.0.237 port 17274 [preauth]
May  4 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32610]: pam_unix(cron:session): session closed for user samftp
May  4 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31729]: pam_unix(cron:session): session closed for user root
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[662]: pam_unix(cron:session): session closed for user p13x
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: Successful su for rubyman by root
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: + ??? root:rubyman
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327083 of user rubyman.
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[742]: pam_unix(su:session): session closed for user rubyman
May  4 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327083.
May  4 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30317]: pam_unix(cron:session): session closed for user root
May  4 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session closed for user samftp
May  4 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32193]: pam_unix(cron:session): session closed for user root
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1097]: pam_unix(cron:session): session closed for user p13x
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: Successful su for rubyman by root
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: + ??? root:rubyman
May  4 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327085 of user rubyman.
May  4 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1163]: pam_unix(su:session): session closed for user rubyman
May  4 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327085.
May  4 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Invalid user dev from 202.179.66.26
May  4 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: input_userauth_request: invalid user dev [preauth]
May  4 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 11:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session closed for user root
May  4 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Failed password for invalid user dev from 202.179.66.26 port 54306 ssh2
May  4 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Received disconnect from 202.179.66.26 port 54306:11: Bye Bye [preauth]
May  4 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Disconnected from 202.179.66.26 port 54306 [preauth]
May  4 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1098]: pam_unix(cron:session): session closed for user samftp
May  4 11:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Invalid user admin from 64.226.117.59
May  4 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: input_userauth_request: invalid user admin [preauth]
May  4 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Failed password for invalid user admin from 64.226.117.59 port 44728 ssh2
May  4 11:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Connection closed by 64.226.117.59 port 44728 [preauth]
May  4 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: Invalid user wang from 80.94.95.116
May  4 11:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: input_userauth_request: invalid user wang [preauth]
May  4 11:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  4 11:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: Failed password for invalid user wang from 80.94.95.116 port 30998 ssh2
May  4 11:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1397]: Connection closed by 80.94.95.116 port 30998 [preauth]
May  4 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session closed for user root
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user root
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session closed for user p13x
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1646]: Successful su for rubyman by root
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1646]: + ??? root:rubyman
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327090 of user rubyman.
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1646]: pam_unix(su:session): session closed for user rubyman
May  4 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327090.
May  4 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session closed for user root
May  4 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 218.92.0.206 port 56608 ssh2
May  4 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session closed for user root
May  4 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session closed for user samftp
May  4 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 218.92.0.206 port 56608 ssh2
May  4 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 56608 ssh2]
May  4 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: Invalid user oracle from 193.32.162.97
May  4 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: input_userauth_request: invalid user oracle [preauth]
May  4 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: Failed password for invalid user oracle from 193.32.162.97 port 54828 ssh2
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 218.92.0.206 port 56608 ssh2
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 56608 ssh2 [preauth]
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Disconnecting: Too many authentication failures [preauth]
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1911]: Connection closed by 193.32.162.97 port 54828 [preauth]
May  4 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 11:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Failed password for root from 218.92.0.206 port 48940 ssh2
May  4 11:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 48940 ssh2]
May  4 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session closed for user root
May  4 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Failed password for root from 218.92.0.206 port 48940 ssh2
May  4 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Failed password for root from 218.92.0.206 port 48940 ssh2
May  4 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 48940 ssh2 [preauth]
May  4 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Disconnecting: Too many authentication failures [preauth]
May  4 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Failed password for root from 218.92.0.206 port 59816 ssh2
May  4 11:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Received disconnect from 218.92.0.206 port 59816:11:  [preauth]
May  4 11:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Disconnected from 218.92.0.206 port 59816 [preauth]
May  4 11:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Invalid user solana from 193.32.162.84
May  4 11:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: input_userauth_request: invalid user solana [preauth]
May  4 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Failed password for invalid user solana from 193.32.162.84 port 34760 ssh2
May  4 11:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2113]: Connection closed by 193.32.162.84 port 34760 [preauth]
May  4 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2120]: pam_unix(cron:session): session closed for user p13x
May  4 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: Successful su for rubyman by root
May  4 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: + ??? root:rubyman
May  4 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327096 of user rubyman.
May  4 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: pam_unix(su:session): session closed for user rubyman
May  4 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327096.
May  4 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31728]: pam_unix(cron:session): session closed for user root
May  4 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2121]: pam_unix(cron:session): session closed for user samftp
May  4 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Invalid user ki from 103.59.95.142
May  4 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: input_userauth_request: invalid user ki [preauth]
May  4 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142
May  4 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Failed password for invalid user ki from 103.59.95.142 port 49098 ssh2
May  4 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Received disconnect from 103.59.95.142 port 49098:11: Bye Bye [preauth]
May  4 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Disconnected from 103.59.95.142 port 49098 [preauth]
May  4 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1101]: pam_unix(cron:session): session closed for user root
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session closed for user root
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2553]: pam_unix(cron:session): session closed for user p13x
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: Successful su for rubyman by root
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: + ??? root:rubyman
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327100 of user rubyman.
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2626]: pam_unix(su:session): session closed for user rubyman
May  4 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327100.
May  4 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32192]: pam_unix(cron:session): session closed for user root
May  4 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session closed for user samftp
May  4 11:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1577]: pam_unix(cron:session): session closed for user root
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user p13x
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: Successful su for rubyman by root
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: + ??? root:rubyman
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327105 of user rubyman.
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3045]: pam_unix(su:session): session closed for user rubyman
May  4 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327105.
May  4 11:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session closed for user root
May  4 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user samftp
May  4 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 11:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Failed password for root from 218.92.0.226 port 49888 ssh2
May  4 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 49888 ssh2]
May  4 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Received disconnect from 218.92.0.226 port 49888:11:  [preauth]
May  4 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Disconnected from 218.92.0.226 port 49888 [preauth]
May  4 11:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session closed for user root
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session closed for user p13x
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: Successful su for rubyman by root
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: + ??? root:rubyman
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327111 of user rubyman.
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: pam_unix(su:session): session closed for user rubyman
May  4 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327111.
May  4 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session closed for user root
May  4 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session closed for user samftp
May  4 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Invalid user metis from 202.179.66.26
May  4 11:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: input_userauth_request: invalid user metis [preauth]
May  4 11:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Failed password for invalid user metis from 202.179.66.26 port 34990 ssh2
May  4 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Received disconnect from 202.179.66.26 port 34990:11: Bye Bye [preauth]
May  4 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3739]: Disconnected from 202.179.66.26 port 34990 [preauth]
May  4 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Invalid user ubuntu from 45.116.79.186
May  4 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Failed password for invalid user ubuntu from 45.116.79.186 port 33180 ssh2
May  4 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Received disconnect from 45.116.79.186 port 33180:11: Bye Bye [preauth]
May  4 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Disconnected from 45.116.79.186 port 33180 [preauth]
May  4 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session closed for user root
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user root
May  4 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session closed for user p13x
May  4 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3911]: Successful su for rubyman by root
May  4 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3911]: + ??? root:rubyman
May  4 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327114 of user rubyman.
May  4 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3911]: pam_unix(su:session): session closed for user rubyman
May  4 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327114.
May  4 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3841]: pam_unix(cron:session): session closed for user root
May  4 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1100]: pam_unix(cron:session): session closed for user root
May  4 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session closed for user samftp
May  4 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user root
May  4 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Invalid user % from 195.178.110.50
May  4 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: input_userauth_request: invalid user % [preauth]
May  4 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 11:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for invalid user % from 195.178.110.50 port 6936 ssh2
May  4 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Invalid user admin from 64.226.117.59
May  4 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: input_userauth_request: invalid user admin [preauth]
May  4 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for invalid user admin from 64.226.117.59 port 59074 ssh2
May  4 11:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Connection closed by 64.226.117.59 port 59074 [preauth]
May  4 11:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Connection closed by 195.178.110.50 port 6936 [preauth]
May  4 11:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session closed for user p13x
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4544]: Successful su for rubyman by root
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4544]: + ??? root:rubyman
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327118 of user rubyman.
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4544]: pam_unix(su:session): session closed for user rubyman
May  4 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327118.
May  4 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1576]: pam_unix(cron:session): session closed for user root
May  4 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4459]: pam_unix(cron:session): session closed for user samftp
May  4 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Invalid user P from 195.178.110.50
May  4 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: input_userauth_request: invalid user P [preauth]
May  4 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 11:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Failed password for invalid user P from 195.178.110.50 port 41422 ssh2
May  4 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Connection closed by 195.178.110.50 port 41422 [preauth]
May  4 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Invalid user { from 195.178.110.50
May  4 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: input_userauth_request: invalid user { [preauth]
May  4 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Failed password for invalid user { from 195.178.110.50 port 20856 ssh2
May  4 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session closed for user root
May  4 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Connection closed by 195.178.110.50 port 20856 [preauth]
May  4 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Invalid user H from 195.178.110.50
May  4 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: input_userauth_request: invalid user H [preauth]
May  4 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 11:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user H from 195.178.110.50 port 9392 ssh2
May  4 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Invalid user oracle from 193.32.162.97
May  4 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: input_userauth_request: invalid user oracle [preauth]
May  4 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Connection closed by 195.178.110.50 port 9392 [preauth]
May  4 11:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Failed password for invalid user oracle from 193.32.162.97 port 35886 ssh2
May  4 11:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4899]: Connection closed by 193.32.162.97 port 35886 [preauth]
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user p13x
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4983]: Successful su for rubyman by root
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4983]: + ??? root:rubyman
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327122 of user rubyman.
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4983]: pam_unix(su:session): session closed for user rubyman
May  4 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327122.
May  4 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2122]: pam_unix(cron:session): session closed for user root
May  4 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session closed for user samftp
May  4 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.59.95.142  user=root
May  4 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: Failed password for root from 103.59.95.142 port 51740 ssh2
May  4 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: Received disconnect from 103.59.95.142 port 51740:11: Bye Bye [preauth]
May  4 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5360]: Disconnected from 103.59.95.142 port 51740 [preauth]
May  4 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Invalid user s from 195.178.110.50
May  4 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: input_userauth_request: invalid user s [preauth]
May  4 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 11:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Failed password for invalid user s from 195.178.110.50 port 47920 ssh2
May  4 11:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Connection closed by 195.178.110.50 port 47920 [preauth]
May  4 11:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Invalid user sol from 193.32.162.84
May  4 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: input_userauth_request: invalid user sol [preauth]
May  4 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Failed password for invalid user sol from 193.32.162.84 port 37294 ssh2
May  4 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Connection closed by 193.32.162.84 port 37294 [preauth]
May  4 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session closed for user root
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5530]: pam_unix(cron:session): session closed for user p13x
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: Successful su for rubyman by root
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: + ??? root:rubyman
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327126 of user rubyman.
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: pam_unix(su:session): session closed for user rubyman
May  4 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327126.
May  4 11:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session closed for user root
May  4 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5531]: pam_unix(cron:session): session closed for user samftp
May  4 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4461]: pam_unix(cron:session): session closed for user root
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session closed for user p13x
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6137]: Successful su for rubyman by root
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6137]: + ??? root:rubyman
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327130 of user rubyman.
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6137]: pam_unix(su:session): session closed for user rubyman
May  4 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327130.
May  4 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user root
May  4 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6067]: pam_unix(cron:session): session closed for user samftp
May  4 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  4 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Failed password for root from 46.244.96.25 port 56962 ssh2
May  4 11:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Connection closed by 46.244.96.25 port 56962 [preauth]
May  4 11:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Failed password for root from 45.116.79.186 port 41430 ssh2
May  4 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Received disconnect from 45.116.79.186 port 41430:11: Bye Bye [preauth]
May  4 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Disconnected from 45.116.79.186 port 41430 [preauth]
May  4 11:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4917]: pam_unix(cron:session): session closed for user root
May  4 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Failed password for root from 190.103.202.7 port 54614 ssh2
May  4 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Connection closed by 190.103.202.7 port 54614 [preauth]
May  4 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Invalid user starbound from 202.179.66.26
May  4 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: input_userauth_request: invalid user starbound [preauth]
May  4 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26
May  4 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Failed password for invalid user starbound from 202.179.66.26 port 43914 ssh2
May  4 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Received disconnect from 202.179.66.26 port 43914:11: Bye Bye [preauth]
May  4 11:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Disconnected from 202.179.66.26 port 43914 [preauth]
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6497]: pam_unix(cron:session): session closed for user root
May  4 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user p13x
May  4 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6556]: Successful su for rubyman by root
May  4 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6556]: + ??? root:rubyman
May  4 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327135 of user rubyman.
May  4 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6556]: pam_unix(su:session): session closed for user rubyman
May  4 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327135.
May  4 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user root
May  4 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session closed for user root
May  4 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user samftp
May  4 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5537]: pam_unix(cron:session): session closed for user root
May  4 11:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  4 11:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Failed password for root from 218.92.0.217 port 17160 ssh2
May  4 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 17160 ssh2]
May  4 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Received disconnect from 218.92.0.217 port 17160:11:  [preauth]
May  4 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: Disconnected from 218.92.0.217 port 17160 [preauth]
May  4 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6904]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user p13x
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7096]: Successful su for rubyman by root
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7096]: + ??? root:rubyman
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327140 of user rubyman.
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7096]: pam_unix(su:session): session closed for user rubyman
May  4 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327140.
May  4 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3842]: pam_unix(cron:session): session closed for user root
May  4 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7014]: pam_unix(cron:session): session closed for user samftp
May  4 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6069]: pam_unix(cron:session): session closed for user root
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user p13x
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: Successful su for rubyman by root
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: + ??? root:rubyman
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327144 of user rubyman.
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: pam_unix(su:session): session closed for user rubyman
May  4 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327144.
May  4 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4460]: pam_unix(cron:session): session closed for user root
May  4 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session closed for user samftp
May  4 11:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Invalid user admin from 64.226.117.59
May  4 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: input_userauth_request: invalid user admin [preauth]
May  4 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user admin from 64.226.117.59 port 52178 ssh2
May  4 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Connection closed by 64.226.117.59 port 52178 [preauth]
May  4 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session closed for user p13x
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: Successful su for rubyman by root
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: + ??? root:rubyman
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327148 of user rubyman.
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: pam_unix(su:session): session closed for user rubyman
May  4 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327148.
May  4 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session closed for user root
May  4 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7957]: pam_unix(cron:session): session closed for user samftp
May  4 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8264]: Did not receive identification string from 92.118.39.61
May  4 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7016]: pam_unix(cron:session): session closed for user root
May  4 11:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Invalid user popo from 193.32.162.97
May  4 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: input_userauth_request: invalid user popo [preauth]
May  4 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Failed password for invalid user popo from 193.32.162.97 port 45176 ssh2
May  4 11:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8356]: Connection closed by 193.32.162.97 port 45176 [preauth]
May  4 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8386]: pam_unix(cron:session): session closed for user p13x
May  4 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: Successful su for rubyman by root
May  4 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: + ??? root:rubyman
May  4 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327154 of user rubyman.
May  4 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: pam_unix(su:session): session closed for user rubyman
May  4 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327154.
May  4 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5536]: pam_unix(cron:session): session closed for user root
May  4 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Invalid user ubuntu from 193.32.162.84
May  4 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8387]: pam_unix(cron:session): session closed for user samftp
May  4 11:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Failed password for invalid user ubuntu from 193.32.162.84 port 39788 ssh2
May  4 11:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Connection closed by 193.32.162.84 port 39788 [preauth]
May  4 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: Invalid user song from 45.116.79.186
May  4 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: input_userauth_request: invalid user song [preauth]
May  4 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: Failed password for invalid user song from 45.116.79.186 port 49678 ssh2
May  4 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: Received disconnect from 45.116.79.186 port 49678:11: Bye Bye [preauth]
May  4 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8696]: Disconnected from 45.116.79.186 port 49678 [preauth]
May  4 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7426]: pam_unix(cron:session): session closed for user root
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8828]: pam_unix(cron:session): session closed for user root
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8823]: pam_unix(cron:session): session closed for user p13x
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8897]: Successful su for rubyman by root
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8897]: + ??? root:rubyman
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327157 of user rubyman.
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8897]: pam_unix(su:session): session closed for user rubyman
May  4 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327157.
May  4 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8825]: pam_unix(cron:session): session closed for user root
May  4 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6068]: pam_unix(cron:session): session closed for user root
May  4 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8824]: pam_unix(cron:session): session closed for user samftp
May  4 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.179.66.26  user=root
May  4 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: Failed password for root from 202.179.66.26 port 52834 ssh2
May  4 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: Received disconnect from 202.179.66.26 port 52834:11: Bye Bye [preauth]
May  4 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9240]: Disconnected from 202.179.66.26 port 52834 [preauth]
May  4 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 11:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for root from 218.92.0.226 port 63046 ssh2
May  4 11:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for root from 218.92.0.226 port 63046 ssh2
May  4 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session closed for user root
May  4 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for root from 218.92.0.226 port 63046 ssh2
May  4 11:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Received disconnect from 218.92.0.226 port 63046:11:  [preauth]
May  4 11:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Disconnected from 218.92.0.226 port 63046 [preauth]
May  4 11:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9386]: pam_unix(cron:session): session closed for user p13x
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: Successful su for rubyman by root
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: + ??? root:rubyman
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327162 of user rubyman.
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session closed for user rubyman
May  4 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327162.
May  4 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
May  4 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9387]: pam_unix(cron:session): session closed for user samftp
May  4 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Failed password for root from 218.92.0.201 port 39490 ssh2
May  4 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 39490 ssh2]
May  4 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 39490 ssh2 [preauth]
May  4 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Disconnecting: Too many authentication failures [preauth]
May  4 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Failed password for root from 218.92.0.201 port 14154 ssh2
May  4 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Failed password for root from 218.92.0.201 port 14154 ssh2
May  4 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 14154 ssh2]
May  4 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8389]: pam_unix(cron:session): session closed for user root
May  4 11:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Failed password for root from 218.92.0.201 port 14154 ssh2
May  4 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Failed password for root from 218.92.0.201 port 14154 ssh2
May  4 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 14154 ssh2 [preauth]
May  4 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: Disconnecting: Too many authentication failures [preauth]
May  4 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9680]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 11:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 11:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Failed password for root from 218.92.0.201 port 21774 ssh2
May  4 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Received disconnect from 218.92.0.201 port 21774:11:  [preauth]
May  4 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Disconnected from 218.92.0.201 port 21774 [preauth]
May  4 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session closed for user p13x
May  4 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: Successful su for rubyman by root
May  4 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: + ??? root:rubyman
May  4 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327166 of user rubyman.
May  4 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: pam_unix(su:session): session closed for user rubyman
May  4 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327166.
May  4 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7015]: pam_unix(cron:session): session closed for user root
May  4 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user samftp
May  4 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8827]: pam_unix(cron:session): session closed for user root
May  4 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Failed password for root from 218.92.0.222 port 54436 ssh2
May  4 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 54436 ssh2]
May  4 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Received disconnect from 218.92.0.222 port 54436:11:  [preauth]
May  4 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Disconnected from 218.92.0.222 port 54436 [preauth]
May  4 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 11:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Failed password for root from 218.92.0.222 port 54642 ssh2
May  4 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 54642 ssh2]
May  4 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Received disconnect from 218.92.0.222 port 54642:11:  [preauth]
May  4 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: Disconnected from 218.92.0.222 port 54642 [preauth]
May  4 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10175]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10201]: pam_unix(cron:session): session closed for user p13x
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10354]: Successful su for rubyman by root
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10354]: + ??? root:rubyman
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327170 of user rubyman.
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10354]: pam_unix(su:session): session closed for user rubyman
May  4 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327170.
May  4 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user root
May  4 11:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10202]: pam_unix(cron:session): session closed for user samftp
May  4 11:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9389]: pam_unix(cron:session): session closed for user root
May  4 11:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Connection reset by 111.91.25.27 port 49474 [preauth]
May  4 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10773]: pam_unix(cron:session): session closed for user p13x
May  4 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10832]: Successful su for rubyman by root
May  4 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10832]: + ??? root:rubyman
May  4 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327174 of user rubyman.
May  4 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10832]: pam_unix(su:session): session closed for user rubyman
May  4 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327174.
May  4 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7958]: pam_unix(cron:session): session closed for user root
May  4 11:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Invalid user admin from 64.226.117.59
May  4 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: input_userauth_request: invalid user admin [preauth]
May  4 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10774]: pam_unix(cron:session): session closed for user samftp
May  4 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Failed password for invalid user admin from 64.226.117.59 port 43592 ssh2
May  4 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Connection closed by 64.226.117.59 port 43592 [preauth]
May  4 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Invalid user azureuser from 45.116.79.186
May  4 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: input_userauth_request: invalid user azureuser [preauth]
May  4 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Failed password for invalid user azureuser from 45.116.79.186 port 57924 ssh2
May  4 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Received disconnect from 45.116.79.186 port 57924:11: Bye Bye [preauth]
May  4 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11021]: Disconnected from 45.116.79.186 port 57924 [preauth]
May  4 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
May  4 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11169]: pam_unix(cron:session): session closed for user root
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user p13x
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11235]: Successful su for rubyman by root
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11235]: + ??? root:rubyman
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327182 of user rubyman.
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11235]: pam_unix(su:session): session closed for user rubyman
May  4 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327182.
May  4 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user root
May  4 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8388]: pam_unix(cron:session): session closed for user root
May  4 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user samftp
May  4 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10220]: pam_unix(cron:session): session closed for user root
May  4 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Invalid user sonar from 193.32.162.97
May  4 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: input_userauth_request: invalid user sonar [preauth]
May  4 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Failed password for invalid user sonar from 193.32.162.97 port 54466 ssh2
May  4 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11510]: Connection closed by 193.32.162.97 port 54466 [preauth]
May  4 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Invalid user ubuntu from 193.32.162.84
May  4 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Failed password for invalid user ubuntu from 193.32.162.84 port 42274 ssh2
May  4 11:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11542]: Connection closed by 193.32.162.84 port 42274 [preauth]
May  4 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Invalid user node from 92.118.39.61
May  4 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: input_userauth_request: invalid user node [preauth]
May  4 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Failed password for invalid user node from 92.118.39.61 port 58136 ssh2
May  4 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Connection closed by 92.118.39.61 port 58136 [preauth]
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11606]: pam_unix(cron:session): session closed for user p13x
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11671]: Successful su for rubyman by root
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11671]: + ??? root:rubyman
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327185 of user rubyman.
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11671]: pam_unix(su:session): session closed for user rubyman
May  4 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327185.
May  4 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8826]: pam_unix(cron:session): session closed for user root
May  4 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11607]: pam_unix(cron:session): session closed for user samftp
May  4 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session closed for user root
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user p13x
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: Successful su for rubyman by root
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: + ??? root:rubyman
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327190 of user rubyman.
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: pam_unix(su:session): session closed for user rubyman
May  4 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327190.
May  4 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9388]: pam_unix(cron:session): session closed for user root
May  4 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session closed for user samftp
May  4 11:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 11:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: Failed password for root from 218.92.0.218 port 23712 ssh2
May  4 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 23712 ssh2]
May  4 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: Received disconnect from 218.92.0.218 port 23712:11:  [preauth]
May  4 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: Disconnected from 218.92.0.218 port 23712 [preauth]
May  4 11:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12266]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11168]: pam_unix(cron:session): session closed for user root
May  4 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: Invalid user jack from 124.198.59.254
May  4 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: input_userauth_request: invalid user jack [preauth]
May  4 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  4 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: Failed password for invalid user jack from 124.198.59.254 port 46186 ssh2
May  4 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: Connection closed by 124.198.59.254 port 46186 [preauth]
May  4 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12400]: pam_unix(cron:session): session closed for user p13x
May  4 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: Successful su for rubyman by root
May  4 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: + ??? root:rubyman
May  4 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327193 of user rubyman.
May  4 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12459]: pam_unix(su:session): session closed for user rubyman
May  4 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327193.
May  4 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user root
May  4 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12401]: pam_unix(cron:session): session closed for user samftp
May  4 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11609]: pam_unix(cron:session): session closed for user root
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session closed for user p13x
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: Successful su for rubyman by root
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: + ??? root:rubyman
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327196 of user rubyman.
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: pam_unix(su:session): session closed for user rubyman
May  4 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327196.
May  4 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session closed for user root
May  4 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Invalid user kris from 45.116.79.186
May  4 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: input_userauth_request: invalid user kris [preauth]
May  4 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session closed for user root
May  4 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Failed password for invalid user kris from 45.116.79.186 port 37936 ssh2
May  4 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12784]: pam_unix(cron:session): session closed for user samftp
May  4 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Received disconnect from 45.116.79.186 port 37936:11: Bye Bye [preauth]
May  4 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13023]: Disconnected from 45.116.79.186 port 37936 [preauth]
May  4 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session closed for user root
May  4 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  4 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13213]: Failed password for root from 50.235.31.47 port 35846 ssh2
May  4 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13213]: Connection closed by 50.235.31.47 port 35846 [preauth]
May  4 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: Invalid user tiarrah from 176.31.162.135
May  4 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: input_userauth_request: invalid user tiarrah [preauth]
May  4 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 11:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: Failed password for invalid user tiarrah from 176.31.162.135 port 52032 ssh2
May  4 11:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: Connection closed by 176.31.162.135 port 52032 [preauth]
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session closed for user root
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session closed for user p13x
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: Successful su for rubyman by root
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: + ??? root:rubyman
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327203 of user rubyman.
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13347]: pam_unix(su:session): session closed for user rubyman
May  4 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327203.
May  4 11:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session closed for user root
May  4 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10775]: pam_unix(cron:session): session closed for user root
May  4 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session closed for user samftp
May  4 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12404]: pam_unix(cron:session): session closed for user root
May  4 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: Invalid user admin from 64.226.117.59
May  4 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: input_userauth_request: invalid user admin [preauth]
May  4 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: Failed password for invalid user admin from 64.226.117.59 port 48018 ssh2
May  4 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13774]: Connection closed by 64.226.117.59 port 48018 [preauth]
May  4 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13813]: pam_unix(cron:session): session closed for user p13x
May  4 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13881]: Successful su for rubyman by root
May  4 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13881]: + ??? root:rubyman
May  4 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327207 of user rubyman.
May  4 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13881]: pam_unix(su:session): session closed for user rubyman
May  4 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327207.
May  4 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session closed for user root
May  4 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13814]: pam_unix(cron:session): session closed for user samftp
May  4 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12786]: pam_unix(cron:session): session closed for user root
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session closed for user p13x
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14284]: Successful su for rubyman by root
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14284]: + ??? root:rubyman
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327212 of user rubyman.
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14284]: pam_unix(su:session): session closed for user rubyman
May  4 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327212.
May  4 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11608]: pam_unix(cron:session): session closed for user root
May  4 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session closed for user samftp
May  4 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Invalid user ubuntu from 193.32.162.84
May  4 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Failed password for invalid user ubuntu from 193.32.162.84 port 44774 ssh2
May  4 11:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14468]: Connection closed by 193.32.162.84 port 44774 [preauth]
May  4 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Invalid user mohammad from 193.32.162.97
May  4 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: input_userauth_request: invalid user mohammad [preauth]
May  4 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user mohammad from 193.32.162.97 port 35522 ssh2
May  4 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Connection closed by 193.32.162.97 port 35522 [preauth]
May  4 11:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session closed for user root
May  4 11:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Invalid user validator from 92.118.39.61
May  4 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: input_userauth_request: invalid user validator [preauth]
May  4 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Failed password for invalid user validator from 92.118.39.61 port 39930 ssh2
May  4 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14568]: Connection closed by 92.118.39.61 port 39930 [preauth]
May  4 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  4 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Failed password for root from 80.94.95.116 port 59278 ssh2
May  4 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14580]: Connection closed by 80.94.95.116 port 59278 [preauth]
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session closed for user p13x
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: Successful su for rubyman by root
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: + ??? root:rubyman
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327216 of user rubyman.
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session closed for user rubyman
May  4 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327216.
May  4 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user root
May  4 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session closed for user samftp
May  4 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session closed for user root
May  4 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for root from 45.116.79.186 port 46176 ssh2
May  4 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Received disconnect from 45.116.79.186 port 46176:11: Bye Bye [preauth]
May  4 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Disconnected from 45.116.79.186 port 46176 [preauth]
May  4 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session closed for user p13x
May  4 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: Successful su for rubyman by root
May  4 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: + ??? root:rubyman
May  4 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327219 of user rubyman.
May  4 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15101]: pam_unix(su:session): session closed for user rubyman
May  4 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327219.
May  4 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12402]: pam_unix(cron:session): session closed for user root
May  4 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session closed for user samftp
May  4 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14219]: pam_unix(cron:session): session closed for user root
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session closed for user root
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session closed for user p13x
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15495]: Successful su for rubyman by root
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15495]: + ??? root:rubyman
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327226 of user rubyman.
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15495]: pam_unix(su:session): session closed for user rubyman
May  4 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327226.
May  4 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session closed for user root
May  4 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12785]: pam_unix(cron:session): session closed for user root
May  4 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session closed for user samftp
May  4 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user root
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session closed for user p13x
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: Successful su for rubyman by root
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: + ??? root:rubyman
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327230 of user rubyman.
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15923]: pam_unix(su:session): session closed for user rubyman
May  4 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327230.
May  4 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session closed for user root
May  4 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user samftp
May  4 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15045]: pam_unix(cron:session): session closed for user root
May  4 11:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16241]: pam_unix(cron:session): session closed for user p13x
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: Successful su for rubyman by root
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: + ??? root:rubyman
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327235 of user rubyman.
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: pam_unix(su:session): session closed for user rubyman
May  4 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327235.
May  4 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13815]: pam_unix(cron:session): session closed for user root
May  4 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  4 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16242]: pam_unix(cron:session): session closed for user samftp
May  4 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: Failed password for root from 218.92.0.227 port 26106 ssh2
May  4 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 26106 ssh2]
May  4 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: Received disconnect from 218.92.0.227 port 26106:11:  [preauth]
May  4 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: Disconnected from 218.92.0.227 port 26106 [preauth]
May  4 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16418]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  4 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Invalid user admin from 64.226.117.59
May  4 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: input_userauth_request: invalid user admin [preauth]
May  4 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Failed password for invalid user admin from 64.226.117.59 port 58182 ssh2
May  4 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16562]: Connection closed by 64.226.117.59 port 58182 [preauth]
May  4 11:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session closed for user root
May  4 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16703]: pam_unix(cron:session): session closed for user p13x
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16766]: Successful su for rubyman by root
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16766]: + ??? root:rubyman
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327239 of user rubyman.
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16766]: pam_unix(su:session): session closed for user rubyman
May  4 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327239.
May  4 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session closed for user root
May  4 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16704]: pam_unix(cron:session): session closed for user samftp
May  4 11:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Failed password for root from 45.116.79.186 port 54416 ssh2
May  4 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Received disconnect from 45.116.79.186 port 54416:11: Bye Bye [preauth]
May  4 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Disconnected from 45.116.79.186 port 54416 [preauth]
May  4 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session closed for user root
May  4 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Invalid user ubuntu from 193.32.162.84
May  4 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Failed password for invalid user ubuntu from 193.32.162.84 port 47314 ssh2
May  4 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17081]: Connection closed by 193.32.162.84 port 47314 [preauth]
May  4 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Invalid user mohammad from 193.32.162.97
May  4 11:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: input_userauth_request: invalid user mohammad [preauth]
May  4 11:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17135]: pam_unix(cron:session): session closed for user p13x
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17194]: Successful su for rubyman by root
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17194]: + ??? root:rubyman
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327243 of user rubyman.
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17194]: pam_unix(su:session): session closed for user rubyman
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327243.
May  4 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Failed password for invalid user mohammad from 193.32.162.97 port 44812 ssh2
May  4 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17132]: Connection closed by 193.32.162.97 port 44812 [preauth]
May  4 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session closed for user root
May  4 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for root from 218.92.0.237 port 26502 ssh2
May  4 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17137]: pam_unix(cron:session): session closed for user samftp
May  4 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for root from 218.92.0.237 port 26502 ssh2
May  4 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for root from 218.92.0.237 port 26502 ssh2
May  4 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Received disconnect from 218.92.0.237 port 26502:11:  [preauth]
May  4 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Disconnected from 218.92.0.237 port 26502 [preauth]
May  4 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 11:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Invalid user polkadot from 92.118.39.61
May  4 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: input_userauth_request: invalid user polkadot [preauth]
May  4 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 11:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Failed password for invalid user polkadot from 92.118.39.61 port 49856 ssh2
May  4 11:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Connection closed by 92.118.39.61 port 49856 [preauth]
May  4 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16244]: pam_unix(cron:session): session closed for user root
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session closed for user root
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17546]: pam_unix(cron:session): session closed for user p13x
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: Successful su for rubyman by root
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: + ??? root:rubyman
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327245 of user rubyman.
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17616]: pam_unix(su:session): session closed for user rubyman
May  4 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327245.
May  4 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17548]: pam_unix(cron:session): session closed for user root
May  4 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15044]: pam_unix(cron:session): session closed for user root
May  4 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17547]: pam_unix(cron:session): session closed for user samftp
May  4 11:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Did not receive identification string from 137.63.148.89
May  4 11:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89  user=root
May  4 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17980]: Failed password for root from 137.63.148.89 port 54846 ssh2
May  4 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17980]: Connection closed by 137.63.148.89 port 54846 [preauth]
May  4 11:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Invalid user admin from 137.63.148.89
May  4 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: input_userauth_request: invalid user admin [preauth]
May  4 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Failed password for invalid user admin from 137.63.148.89 port 56784 ssh2
May  4 11:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Connection closed by 137.63.148.89 port 56784 [preauth]
May  4 11:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Invalid user ubuntu from 137.63.148.89
May  4 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user ubuntu from 137.63.148.89 port 56790 ssh2
May  4 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Connection closed by 137.63.148.89 port 56790 [preauth]
May  4 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16706]: pam_unix(cron:session): session closed for user root
May  4 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 11:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89  user=root
May  4 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Failed password for root from 164.68.105.9 port 57314 ssh2
May  4 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18033]: Connection closed by 164.68.105.9 port 57314 [preauth]
May  4 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Failed password for root from 137.63.148.89 port 56800 ssh2
May  4 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Connection closed by 137.63.148.89 port 56800 [preauth]
May  4 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Invalid user postgres from 137.63.148.89
May  4 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: input_userauth_request: invalid user postgres [preauth]
May  4 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Failed password for invalid user postgres from 137.63.148.89 port 42294 ssh2
May  4 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Connection closed by 137.63.148.89 port 42294 [preauth]
May  4 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Invalid user user from 137.63.148.89
May  4 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: input_userauth_request: invalid user user [preauth]
May  4 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Failed password for invalid user user from 137.63.148.89 port 42306 ssh2
May  4 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Connection closed by 137.63.148.89 port 42306 [preauth]
May  4 11:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Invalid user pi from 137.63.148.89
May  4 11:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: input_userauth_request: invalid user pi [preauth]
May  4 11:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Failed password for invalid user pi from 137.63.148.89 port 33972 ssh2
May  4 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Connection closed by 137.63.148.89 port 33972 [preauth]
May  4 11:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Invalid user test from 137.63.148.89
May  4 11:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: input_userauth_request: invalid user test [preauth]
May  4 11:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Failed password for invalid user test from 137.63.148.89 port 34002 ssh2
May  4 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: Connection closed by 137.63.148.89 port 34002 [preauth]
May  4 11:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Invalid user deploy from 137.63.148.89
May  4 11:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: input_userauth_request: invalid user deploy [preauth]
May  4 11:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Failed password for invalid user deploy from 137.63.148.89 port 34040 ssh2
May  4 11:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Connection closed by 137.63.148.89 port 34040 [preauth]
May  4 11:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: Invalid user oracle from 137.63.148.89
May  4 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: input_userauth_request: invalid user oracle [preauth]
May  4 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: Failed password for invalid user oracle from 137.63.148.89 port 53306 ssh2
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18122]: Connection closed by 137.63.148.89 port 53306 [preauth]
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18134]: pam_unix(cron:session): session closed for user p13x
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: Successful su for rubyman by root
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: + ??? root:rubyman
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327252 of user rubyman.
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18203]: pam_unix(su:session): session closed for user rubyman
May  4 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327252.
May  4 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Invalid user steam from 137.63.148.89
May  4 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: input_userauth_request: invalid user steam [preauth]
May  4 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session closed for user root
May  4 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Failed password for invalid user steam from 137.63.148.89 port 53308 ssh2
May  4 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18135]: pam_unix(cron:session): session closed for user samftp
May  4 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18197]: Connection closed by 137.63.148.89 port 53308 [preauth]
May  4 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Invalid user odoo from 137.63.148.89
May  4 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: input_userauth_request: invalid user odoo [preauth]
May  4 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Failed password for invalid user odoo from 137.63.148.89 port 46044 ssh2
May  4 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18386]: Connection closed by 137.63.148.89 port 46044 [preauth]
May  4 11:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: Invalid user ubuntu from 137.63.148.89
May  4 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: Failed password for invalid user ubuntu from 137.63.148.89 port 46054 ssh2
May  4 11:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18398]: Connection closed by 137.63.148.89 port 46054 [preauth]
May  4 11:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Invalid user user from 137.63.148.89
May  4 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: input_userauth_request: invalid user user [preauth]
May  4 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Failed password for invalid user user from 137.63.148.89 port 42134 ssh2
May  4 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Connection closed by 137.63.148.89 port 42134 [preauth]
May  4 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: Invalid user admin from 137.63.148.89
May  4 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: input_userauth_request: invalid user admin [preauth]
May  4 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: Failed password for invalid user admin from 137.63.148.89 port 42140 ssh2
May  4 11:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: Connection closed by 137.63.148.89 port 42140 [preauth]
May  4 11:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Invalid user test from 137.63.148.89
May  4 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: input_userauth_request: invalid user test [preauth]
May  4 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Failed password for invalid user test from 137.63.148.89 port 42158 ssh2
May  4 11:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Connection closed by 137.63.148.89 port 42158 [preauth]
May  4 11:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Invalid user oracle from 137.63.148.89
May  4 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: input_userauth_request: invalid user oracle [preauth]
May  4 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Failed password for invalid user oracle from 137.63.148.89 port 49582 ssh2
May  4 11:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Connection closed by 137.63.148.89 port 49582 [preauth]
May  4 11:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Invalid user deploy from 137.63.148.89
May  4 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: input_userauth_request: invalid user deploy [preauth]
May  4 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17139]: pam_unix(cron:session): session closed for user root
May  4 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Failed password for invalid user deploy from 137.63.148.89 port 49586 ssh2
May  4 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18478]: Connection closed by 137.63.148.89 port 49586 [preauth]
May  4 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Invalid user cs2 from 137.63.148.89
May  4 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: input_userauth_request: invalid user cs2 [preauth]
May  4 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Failed password for invalid user cs2 from 137.63.148.89 port 59672 ssh2
May  4 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Connection closed by 137.63.148.89 port 59672 [preauth]
May  4 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Failed password for root from 185.93.89.118 port 20064 ssh2
May  4 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Invalid user minecraft from 137.63.148.89
May  4 11:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: input_userauth_request: invalid user minecraft [preauth]
May  4 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18464]: Connection closed by 185.93.89.118 port 20064 [preauth]
May  4 11:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Failed password for invalid user minecraft from 137.63.148.89 port 59676 ssh2
May  4 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Connection closed by 137.63.148.89 port 59676 [preauth]
May  4 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Invalid user steam from 137.63.148.89
May  4 11:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: input_userauth_request: invalid user steam [preauth]
May  4 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.63.148.89
May  4 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Failed password for invalid user steam from 137.63.148.89 port 59692 ssh2
May  4 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18523]: Connection closed by 137.63.148.89 port 59692 [preauth]
May  4 11:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18522]: Failed password for root from 185.93.89.118 port 36662 ssh2
May  4 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18522]: Connection closed by 185.93.89.118 port 36662 [preauth]
May  4 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user p13x
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18635]: Successful su for rubyman by root
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18635]: + ??? root:rubyman
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327256 of user rubyman.
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18635]: pam_unix(su:session): session closed for user rubyman
May  4 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327256.
May  4 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18554]: Failed password for root from 185.93.89.118 port 32488 ssh2
May  4 11:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session closed for user root
May  4 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18554]: Connection closed by 185.93.89.118 port 32488 [preauth]
May  4 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user samftp
May  4 11:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Failed password for root from 185.93.89.118 port 37522 ssh2
May  4 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Connection closed by 185.93.89.118 port 37522 [preauth]
May  4 11:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Failed password for root from 185.93.89.118 port 58134 ssh2
May  4 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17551]: pam_unix(cron:session): session closed for user root
May  4 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Connection closed by 185.93.89.118 port 58134 [preauth]
May  4 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session closed for user p13x
May  4 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: Successful su for rubyman by root
May  4 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: + ??? root:rubyman
May  4 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327261 of user rubyman.
May  4 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19051]: pam_unix(su:session): session closed for user rubyman
May  4 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327261.
May  4 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16243]: pam_unix(cron:session): session closed for user root
May  4 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session closed for user samftp
May  4 11:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Invalid user dev from 45.116.79.186
May  4 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: input_userauth_request: invalid user dev [preauth]
May  4 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Failed password for invalid user dev from 45.116.79.186 port 34432 ssh2
May  4 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Received disconnect from 45.116.79.186 port 34432:11: Bye Bye [preauth]
May  4 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Disconnected from 45.116.79.186 port 34432 [preauth]
May  4 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session closed for user root
May  4 11:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Invalid user admin from 64.226.117.59
May  4 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: input_userauth_request: invalid user admin [preauth]
May  4 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19405]: pam_unix(cron:session): session closed for user p13x
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: Successful su for rubyman by root
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: + ??? root:rubyman
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327264 of user rubyman.
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: pam_unix(su:session): session closed for user rubyman
May  4 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327264.
May  4 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Failed password for invalid user admin from 64.226.117.59 port 43148 ssh2
May  4 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Connection closed by 64.226.117.59 port 43148 [preauth]
May  4 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16705]: pam_unix(cron:session): session closed for user root
May  4 11:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19406]: pam_unix(cron:session): session closed for user samftp
May  4 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user root
May  4 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18980]: Connection reset by 218.92.0.233 port 28624 [preauth]
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session closed for user root
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19818]: pam_unix(cron:session): session closed for user p13x
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19886]: Successful su for rubyman by root
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19886]: + ??? root:rubyman
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327268 of user rubyman.
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19886]: pam_unix(su:session): session closed for user rubyman
May  4 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327268.
May  4 11:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session closed for user root
May  4 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17138]: pam_unix(cron:session): session closed for user root
May  4 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session closed for user samftp
May  4 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: Invalid user ubuntu from 193.32.162.84
May  4 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: input_userauth_request: invalid user ubuntu [preauth]
May  4 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: Failed password for invalid user ubuntu from 193.32.162.84 port 49804 ssh2
May  4 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20118]: Connection closed by 193.32.162.84 port 49804 [preauth]
May  4 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user root
May  4 11:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Invalid user mohammad from 193.32.162.97
May  4 11:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: input_userauth_request: invalid user mohammad [preauth]
May  4 11:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Failed password for invalid user mohammad from 193.32.162.97 port 54102 ssh2
May  4 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Connection closed by 193.32.162.97 port 54102 [preauth]
May  4 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20257]: pam_unix(cron:session): session closed for user p13x
May  4 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20331]: Successful su for rubyman by root
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20331]: + ??? root:rubyman
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327275 of user rubyman.
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20331]: pam_unix(su:session): session closed for user rubyman
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327275.
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: Invalid user odoo from 193.70.84.184
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: input_userauth_request: invalid user odoo [preauth]
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session closed for user root
May  4 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: Failed password for invalid user odoo from 193.70.84.184 port 58784 ssh2
May  4 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20312]: Connection closed by 193.70.84.184 port 58784 [preauth]
May  4 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20258]: pam_unix(cron:session): session closed for user samftp
May  4 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  4 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for root from 218.92.0.216 port 22052 ssh2
May  4 11:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Invalid user solana from 92.118.39.61
May  4 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: input_userauth_request: invalid user solana [preauth]
May  4 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for root from 218.92.0.216 port 22052 ssh2
May  4 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Failed password for invalid user solana from 92.118.39.61 port 59790 ssh2
May  4 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Failed password for root from 218.92.0.216 port 22052 ssh2
May  4 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: Connection closed by 92.118.39.61 port 59790 [preauth]
May  4 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Received disconnect from 218.92.0.216 port 22052:11:  [preauth]
May  4 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: Disconnected from 218.92.0.216 port 22052 [preauth]
May  4 11:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20524]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  4 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session closed for user root
May  4 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20675]: pam_unix(cron:session): session closed for user p13x
May  4 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20738]: Successful su for rubyman by root
May  4 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20738]: + ??? root:rubyman
May  4 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327278 of user rubyman.
May  4 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20738]: pam_unix(su:session): session closed for user rubyman
May  4 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327278.
May  4 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session closed for user root
May  4 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20676]: pam_unix(cron:session): session closed for user samftp
May  4 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session closed for user root
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session closed for user p13x
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21150]: Successful su for rubyman by root
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21150]: + ??? root:rubyman
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327281 of user rubyman.
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21150]: pam_unix(su:session): session closed for user rubyman
May  4 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327281.
May  4 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session closed for user root
May  4 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session closed for user samftp
May  4 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Invalid user wildfly from 45.116.79.186
May  4 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: input_userauth_request: invalid user wildfly [preauth]
May  4 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): check pass; user unknown
May  4 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Failed password for invalid user wildfly from 45.116.79.186 port 42676 ssh2
May  4 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Received disconnect from 45.116.79.186 port 42676:11: Bye Bye [preauth]
May  4 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Disconnected from 45.116.79.186 port 42676 [preauth]
May  4 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20260]: pam_unix(cron:session): session closed for user root
May  4 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session closed for user p13x
May  4 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21601]: Successful su for rubyman by root
May  4 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21601]: + ??? root:rubyman
May  4 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327285 of user rubyman.
May  4 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21601]: pam_unix(su:session): session closed for user rubyman
May  4 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327285.
May  4 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user root
May  4 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session closed for user samftp
May  4 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20678]: pam_unix(cron:session): session closed for user root
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session closed for user root
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session closed for user root
May  4 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session closed for user p13x
May  4 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: Successful su for rubyman by root
May  4 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: + ??? root:rubyman
May  4 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327290 of user rubyman.
May  4 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22377]: pam_unix(su:session): session closed for user rubyman
May  4 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327290.
May  4 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22280]: pam_unix(cron:session): session closed for user root
May  4 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session closed for user root
May  4 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session closed for user samftp
May  4 12:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: Failed password for root from 218.92.0.220 port 18682 ssh2
May  4 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 18682 ssh2]
May  4 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: Received disconnect from 218.92.0.220 port 18682:11:  [preauth]
May  4 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: Disconnected from 218.92.0.220 port 18682 [preauth]
May  4 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22644]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user root
May  4 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Invalid user admin from 64.226.117.59
May  4 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: input_userauth_request: invalid user admin [preauth]
May  4 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Failed password for invalid user admin from 64.226.117.59 port 53342 ssh2
May  4 12:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Connection closed by 64.226.117.59 port 53342 [preauth]
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22842]: pam_unix(cron:session): session closed for user p13x
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: Successful su for rubyman by root
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: + ??? root:rubyman
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327297 of user rubyman.
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: pam_unix(su:session): session closed for user rubyman
May  4 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327297.
May  4 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19822]: pam_unix(cron:session): session closed for user root
May  4 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22843]: pam_unix(cron:session): session closed for user samftp
May  4 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Failed password for root from 176.31.162.135 port 55666 ssh2
May  4 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23150]: Connection closed by 176.31.162.135 port 55666 [preauth]
May  4 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session closed for user root
May  4 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Invalid user ubuntu from 193.32.162.84
May  4 12:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: input_userauth_request: invalid user ubuntu [preauth]
May  4 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 12:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Failed password for invalid user ubuntu from 193.32.162.84 port 52298 ssh2
May  4 12:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Connection closed by 193.32.162.84 port 52298 [preauth]
May  4 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session closed for user p13x
May  4 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: Successful su for rubyman by root
May  4 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: + ??? root:rubyman
May  4 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327300 of user rubyman.
May  4 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: pam_unix(su:session): session closed for user rubyman
May  4 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327300.
May  4 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20259]: pam_unix(cron:session): session closed for user root
May  4 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user samftp
May  4 12:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: Invalid user mohammad from 193.32.162.97
May  4 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: input_userauth_request: invalid user mohammad [preauth]
May  4 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: Failed password for invalid user mohammad from 193.32.162.97 port 35160 ssh2
May  4 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23702]: Connection closed by 193.32.162.97 port 35160 [preauth]
May  4 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session closed for user root
May  4 12:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  4 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23873]: Failed password for root from 218.92.0.215 port 32000 ssh2
May  4 12:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Invalid user ethereum from 92.118.39.61
May  4 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: input_userauth_request: invalid user ethereum [preauth]
May  4 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session closed for user p13x
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23976]: Successful su for rubyman by root
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23976]: + ??? root:rubyman
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327304 of user rubyman.
May  4 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23976]: pam_unix(su:session): session closed for user rubyman
May  4 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327304.
May  4 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Failed password for invalid user ethereum from 92.118.39.61 port 41484 ssh2
May  4 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23900]: Connection closed by 92.118.39.61 port 41484 [preauth]
May  4 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20677]: pam_unix(cron:session): session closed for user root
May  4 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  4 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23905]: pam_unix(cron:session): session closed for user samftp
May  4 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24125]: Failed password for root from 218.92.0.215 port 1062 ssh2
May  4 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Invalid user taibabi from 45.116.79.186
May  4 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: input_userauth_request: invalid user taibabi [preauth]
May  4 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 12:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Failed password for invalid user taibabi from 45.116.79.186 port 50926 ssh2
May  4 12:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Received disconnect from 45.116.79.186 port 50926:11: Bye Bye [preauth]
May  4 12:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Disconnected from 45.116.79.186 port 50926 [preauth]
May  4 12:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user root
May  4 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session closed for user p13x
May  4 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24419]: Successful su for rubyman by root
May  4 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24419]: + ??? root:rubyman
May  4 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327308 of user rubyman.
May  4 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24419]: pam_unix(su:session): session closed for user rubyman
May  4 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327308.
May  4 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user root
May  4 12:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session closed for user samftp
May  4 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session closed for user root
May  4 12:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session closed for user root
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24782]: pam_unix(cron:session): session closed for user p13x
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: Successful su for rubyman by root
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: + ??? root:rubyman
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327315 of user rubyman.
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: pam_unix(su:session): session closed for user rubyman
May  4 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327315.
May  4 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24784]: pam_unix(cron:session): session closed for user root
May  4 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user root
May  4 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session closed for user samftp
May  4 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session closed for user root
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25220]: pam_unix(cron:session): session closed for user p13x
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: Successful su for rubyman by root
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: + ??? root:rubyman
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327319 of user rubyman.
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session closed for user rubyman
May  4 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327319.
May  4 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22281]: pam_unix(cron:session): session closed for user root
May  4 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25221]: pam_unix(cron:session): session closed for user samftp
May  4 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user root
May  4 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25644]: pam_unix(cron:session): session closed for user p13x
May  4 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25706]: Successful su for rubyman by root
May  4 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25706]: + ??? root:rubyman
May  4 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327323 of user rubyman.
May  4 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25706]: pam_unix(su:session): session closed for user rubyman
May  4 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327323.
May  4 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session closed for user root
May  4 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user samftp
May  4 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Invalid user admin from 64.226.117.59
May  4 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: input_userauth_request: invalid user admin [preauth]
May  4 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Failed password for invalid user admin from 64.226.117.59 port 45258 ssh2
May  4 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25914]: Connection closed by 64.226.117.59 port 45258 [preauth]
May  4 12:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session closed for user root
May  4 12:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Failed password for root from 45.116.79.186 port 59164 ssh2
May  4 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Received disconnect from 45.116.79.186 port 59164:11: Bye Bye [preauth]
May  4 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Disconnected from 45.116.79.186 port 59164 [preauth]
May  4 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26046]: pam_unix(cron:session): session closed for user p13x
May  4 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26107]: Successful su for rubyman by root
May  4 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26107]: + ??? root:rubyman
May  4 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327327 of user rubyman.
May  4 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26107]: pam_unix(su:session): session closed for user rubyman
May  4 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327327.
May  4 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user root
May  4 12:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26048]: pam_unix(cron:session): session closed for user samftp
May  4 12:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Invalid user ubuntu from 193.32.162.84
May  4 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: input_userauth_request: invalid user ubuntu [preauth]
May  4 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Failed password for invalid user ubuntu from 193.32.162.84 port 54812 ssh2
May  4 12:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26288]: Connection closed by 193.32.162.84 port 54812 [preauth]
May  4 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session closed for user root
May  4 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26448]: pam_unix(cron:session): session closed for user p13x
May  4 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: Successful su for rubyman by root
May  4 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: + ??? root:rubyman
May  4 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327330 of user rubyman.
May  4 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: pam_unix(su:session): session closed for user rubyman
May  4 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327330.
May  4 12:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session closed for user root
May  4 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session closed for user root
May  4 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26449]: pam_unix(cron:session): session closed for user samftp
May  4 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: Invalid user javad from 193.32.162.97
May  4 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: input_userauth_request: invalid user javad [preauth]
May  4 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: Failed password for invalid user javad from 193.32.162.97 port 44448 ssh2
May  4 12:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26858]: Connection closed by 193.32.162.97 port 44448 [preauth]
May  4 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session closed for user root
May  4 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Invalid user ethereumdocker from 92.118.39.61
May  4 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: input_userauth_request: invalid user ethereumdocker [preauth]
May  4 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Failed password for invalid user ethereumdocker from 92.118.39.61 port 51408 ssh2
May  4 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Connection closed by 92.118.39.61 port 51408 [preauth]
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27066]: pam_unix(cron:session): session closed for user root
May  4 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27060]: pam_unix(cron:session): session closed for user p13x
May  4 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27143]: Successful su for rubyman by root
May  4 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27143]: + ??? root:rubyman
May  4 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327335 of user rubyman.
May  4 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27143]: pam_unix(su:session): session closed for user rubyman
May  4 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327335.
May  4 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27062]: pam_unix(cron:session): session closed for user root
May  4 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user root
May  4 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27061]: pam_unix(cron:session): session closed for user samftp
May  4 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26050]: pam_unix(cron:session): session closed for user root
May  4 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Invalid user user from 80.94.95.112
May  4 12:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: input_userauth_request: invalid user user [preauth]
May  4 12:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Failed password for invalid user user from 80.94.95.112 port 63703 ssh2
May  4 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session closed for user p13x
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Failed password for invalid user user from 80.94.95.112 port 63703 ssh2
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27643]: Successful su for rubyman by root
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27643]: + ??? root:rubyman
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327342 of user rubyman.
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27643]: pam_unix(su:session): session closed for user rubyman
May  4 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327342.
May  4 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Failed password for invalid user user from 80.94.95.112 port 63703 ssh2
May  4 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session closed for user root
May  4 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session closed for user samftp
May  4 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Failed password for invalid user user from 80.94.95.112 port 63703 ssh2
May  4 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Failed password for invalid user user from 80.94.95.112 port 63703 ssh2
May  4 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Received disconnect from 80.94.95.112 port 63703:11: Bye [preauth]
May  4 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Disconnected from 80.94.95.112 port 63703 [preauth]
May  4 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 12:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26524]: pam_unix(cron:session): session closed for user root
May  4 12:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27979]: pam_unix(cron:session): session closed for user p13x
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: Successful su for rubyman by root
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: + ??? root:rubyman
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327347 of user rubyman.
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28041]: pam_unix(su:session): session closed for user rubyman
May  4 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327347.
May  4 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session closed for user root
May  4 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session closed for user samftp
May  4 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Invalid user ubuntu from 45.116.79.186
May  4 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: input_userauth_request: invalid user ubuntu [preauth]
May  4 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Failed password for invalid user ubuntu from 45.116.79.186 port 39168 ssh2
May  4 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Received disconnect from 45.116.79.186 port 39168:11: Bye Bye [preauth]
May  4 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Disconnected from 45.116.79.186 port 39168 [preauth]
May  4 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27064]: pam_unix(cron:session): session closed for user root
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28374]: pam_unix(cron:session): session closed for user p13x
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28435]: Successful su for rubyman by root
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28435]: + ??? root:rubyman
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327350 of user rubyman.
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28435]: pam_unix(su:session): session closed for user rubyman
May  4 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327350.
May  4 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25646]: pam_unix(cron:session): session closed for user root
May  4 12:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session closed for user samftp
May  4 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session closed for user root
May  4 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Invalid user admin from 64.226.117.59
May  4 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: input_userauth_request: invalid user admin [preauth]
May  4 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Failed password for invalid user admin from 64.226.117.59 port 43680 ssh2
May  4 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Connection closed by 64.226.117.59 port 43680 [preauth]
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session closed for user p13x
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: Successful su for rubyman by root
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: + ??? root:rubyman
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327355 of user rubyman.
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session closed for user rubyman
May  4 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327355.
May  4 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26049]: pam_unix(cron:session): session closed for user root
May  4 12:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session closed for user samftp
May  4 12:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user root
May  4 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Invalid user ubuntu from 193.32.162.84
May  4 12:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: input_userauth_request: invalid user ubuntu [preauth]
May  4 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Failed password for invalid user ubuntu from 193.32.162.84 port 57318 ssh2
May  4 12:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29229]: Connection closed by 193.32.162.84 port 57318 [preauth]
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session closed for user root
May  4 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29288]: pam_unix(cron:session): session closed for user p13x
May  4 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: Successful su for rubyman by root
May  4 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: + ??? root:rubyman
May  4 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327358 of user rubyman.
May  4 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29360]: pam_unix(su:session): session closed for user rubyman
May  4 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327358.
May  4 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session closed for user root
May  4 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26450]: pam_unix(cron:session): session closed for user root
May  4 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29289]: pam_unix(cron:session): session closed for user samftp
May  4 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session closed for user root
May  4 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Invalid user ali from 193.32.162.97
May  4 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: input_userauth_request: invalid user ali [preauth]
May  4 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Failed password for invalid user ali from 193.32.162.97 port 53738 ssh2
May  4 12:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29716]: Connection closed by 193.32.162.97 port 53738 [preauth]
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session closed for user p13x
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: Successful su for rubyman by root
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: + ??? root:rubyman
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327363 of user rubyman.
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29797]: pam_unix(su:session): session closed for user rubyman
May  4 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327363.
May  4 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27063]: pam_unix(cron:session): session closed for user root
May  4 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user samftp
May  4 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Invalid user ether from 92.118.39.61
May  4 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: input_userauth_request: invalid user ether [preauth]
May  4 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Failed password for invalid user ether from 92.118.39.61 port 33102 ssh2
May  4 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30050]: Connection closed by 92.118.39.61 port 33102 [preauth]
May  4 12:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28784]: pam_unix(cron:session): session closed for user root
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session closed for user root
May  4 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session closed for user p13x
May  4 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: Successful su for rubyman by root
May  4 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: + ??? root:rubyman
May  4 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327367 of user rubyman.
May  4 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30212]: pam_unix(su:session): session closed for user rubyman
May  4 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327367.
May  4 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session closed for user root
May  4 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user samftp
May  4 12:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: Invalid user ftpuser from 45.116.79.186
May  4 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: input_userauth_request: invalid user ftpuser [preauth]
May  4 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: Failed password for invalid user ftpuser from 45.116.79.186 port 47416 ssh2
May  4 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: Received disconnect from 45.116.79.186 port 47416:11: Bye Bye [preauth]
May  4 12:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30448]: Disconnected from 45.116.79.186 port 47416 [preauth]
May  4 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session closed for user root
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30556]: pam_unix(cron:session): session closed for user p13x
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: Successful su for rubyman by root
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: + ??? root:rubyman
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327374 of user rubyman.
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30616]: pam_unix(su:session): session closed for user rubyman
May  4 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327374.
May  4 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session closed for user root
May  4 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30557]: pam_unix(cron:session): session closed for user samftp
May  4 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Failed password for root from 218.92.0.201 port 42108 ssh2
May  4 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 42108 ssh2]
May  4 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 42108 ssh2 [preauth]
May  4 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: Disconnecting: Too many authentication failures [preauth]
May  4 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 12:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30735]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 12:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 12:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Failed password for root from 218.92.0.201 port 43726 ssh2
May  4 12:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 43726 ssh2]
May  4 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
May  4 12:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Failed password for root from 218.92.0.201 port 43726 ssh2
May  4 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 43726 ssh2]
May  4 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 43726 ssh2 [preauth]
May  4 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: Disconnecting: Too many authentication failures [preauth]
May  4 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 12:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: Failed password for root from 218.92.0.201 port 52750 ssh2
May  4 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: Received disconnect from 218.92.0.201 port 52750:11:  [preauth]
May  4 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: Disconnected from 218.92.0.201 port 52750 [preauth]
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30956]: pam_unix(cron:session): session closed for user p13x
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: Successful su for rubyman by root
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: + ??? root:rubyman
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327376 of user rubyman.
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session closed for user rubyman
May  4 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327376.
May  4 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session closed for user root
May  4 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30957]: pam_unix(cron:session): session closed for user samftp
May  4 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session closed for user root
May  4 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31375]: pam_unix(cron:session): session closed for user root
May  4 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31370]: pam_unix(cron:session): session closed for user p13x
May  4 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: Successful su for rubyman by root
May  4 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: + ??? root:rubyman
May  4 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327381 of user rubyman.
May  4 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: pam_unix(su:session): session closed for user rubyman
May  4 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327381.
May  4 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session closed for user root
May  4 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31372]: pam_unix(cron:session): session closed for user root
May  4 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session closed for user samftp
May  4 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Invalid user @ from 195.178.110.50
May  4 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: input_userauth_request: invalid user @ [preauth]
May  4 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Failed password for invalid user @ from 195.178.110.50 port 54562 ssh2
May  4 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Connection closed by 195.178.110.50 port 54562 [preauth]
May  4 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Invalid user k from 195.178.110.50
May  4 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: input_userauth_request: invalid user k [preauth]
May  4 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30559]: pam_unix(cron:session): session closed for user root
May  4 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Failed password for invalid user k from 195.178.110.50 port 33956 ssh2
May  4 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Connection closed by 195.178.110.50 port 33956 [preauth]
May  4 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: Invalid user admin from 64.226.117.59
May  4 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: input_userauth_request: invalid user admin [preauth]
May  4 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: Failed password for invalid user admin from 64.226.117.59 port 34730 ssh2
May  4 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31758]: Connection closed by 64.226.117.59 port 34730 [preauth]
May  4 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Invalid user 8 from 195.178.110.50
May  4 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: input_userauth_request: invalid user 8 [preauth]
May  4 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Failed password for invalid user 8 from 195.178.110.50 port 6932 ssh2
May  4 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31757]: Connection closed by 195.178.110.50 port 6932 [preauth]
May  4 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31818]: pam_unix(cron:session): session closed for user p13x
May  4 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: Successful su for rubyman by root
May  4 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: + ??? root:rubyman
May  4 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327387 of user rubyman.
May  4 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31884]: pam_unix(su:session): session closed for user rubyman
May  4 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327387.
May  4 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29292]: pam_unix(cron:session): session closed for user root
May  4 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session closed for user samftp
May  4 12:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: Invalid user ubuntu from 193.32.162.84
May  4 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: input_userauth_request: invalid user ubuntu [preauth]
May  4 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: Failed password for invalid user ubuntu from 193.32.162.84 port 59818 ssh2
May  4 12:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32092]: Connection closed by 193.32.162.84 port 59818 [preauth]
May  4 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Invalid user c from 195.178.110.50
May  4 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: input_userauth_request: invalid user c [preauth]
May  4 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 12:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Failed password for invalid user c from 195.178.110.50 port 11568 ssh2
May  4 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Connection closed by 195.178.110.50 port 11568 [preauth]
May  4 12:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30959]: pam_unix(cron:session): session closed for user root
May  4 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Invalid user 0 from 195.178.110.50
May  4 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: input_userauth_request: invalid user 0 [preauth]
May  4 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Failed password for invalid user 0 from 195.178.110.50 port 6934 ssh2
May  4 12:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32123]: Connection closed by 195.178.110.50 port 6934 [preauth]
May  4 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32236]: pam_unix(cron:session): session closed for user p13x
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32301]: Successful su for rubyman by root
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32301]: + ??? root:rubyman
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327390 of user rubyman.
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32301]: pam_unix(su:session): session closed for user rubyman
May  4 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327390.
May  4 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user root
May  4 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session closed for user samftp
May  4 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Failed password for root from 45.116.79.186 port 55670 ssh2
May  4 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Received disconnect from 45.116.79.186 port 55670:11: Bye Bye [preauth]
May  4 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32546]: Disconnected from 45.116.79.186 port 55670 [preauth]
May  4 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31374]: pam_unix(cron:session): session closed for user root
May  4 12:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Invalid user mohammad from 193.32.162.97
May  4 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: input_userauth_request: invalid user mohammad [preauth]
May  4 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.97
May  4 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Failed password for invalid user mohammad from 193.32.162.97 port 34796 ssh2
May  4 12:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32688]: Connection closed by 193.32.162.97 port 34796 [preauth]
May  4 12:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32749]: pam_unix(cron:session): session closed for user p13x
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: Successful su for rubyman by root
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: + ??? root:rubyman
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327394 of user rubyman.
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: pam_unix(su:session): session closed for user rubyman
May  4 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327394.
May  4 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user root
May  4 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32750]: pam_unix(cron:session): session closed for user samftp
May  4 12:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61  user=root
May  4 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for root from 92.118.39.61 port 43028 ssh2
May  4 12:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Connection closed by 92.118.39.61 port 43028 [preauth]
May  4 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session closed for user root
May  4 12:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 12:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Failed password for root from 218.92.0.237 port 19428 ssh2
May  4 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 19428 ssh2]
May  4 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Received disconnect from 218.92.0.237 port 19428:11:  [preauth]
May  4 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Disconnected from 218.92.0.237 port 19428 [preauth]
May  4 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session closed for user p13x
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: Successful su for rubyman by root
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: + ??? root:rubyman
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327399 of user rubyman.
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: pam_unix(su:session): session closed for user rubyman
May  4 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327399.
May  4 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30558]: pam_unix(cron:session): session closed for user root
May  4 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session closed for user samftp
May  4 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user root
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session closed for user root
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1149]: pam_unix(cron:session): session closed for user p13x
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: Successful su for rubyman by root
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: + ??? root:rubyman
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327402 of user rubyman.
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1242]: pam_unix(su:session): session closed for user rubyman
May  4 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327402.
May  4 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session closed for user root
May  4 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30958]: pam_unix(cron:session): session closed for user root
May  4 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session closed for user samftp
May  4 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32754]: pam_unix(cron:session): session closed for user root
May  4 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session closed for user p13x
May  4 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1743]: Successful su for rubyman by root
May  4 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1743]: + ??? root:rubyman
May  4 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327408 of user rubyman.
May  4 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1743]: pam_unix(su:session): session closed for user rubyman
May  4 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327408.
May  4 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31373]: pam_unix(cron:session): session closed for user root
May  4 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session closed for user samftp
May  4 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session closed for user root
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2170]: pam_unix(cron:session): session closed for user p13x
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: Successful su for rubyman by root
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: + ??? root:rubyman
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327413 of user rubyman.
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2230]: pam_unix(su:session): session closed for user rubyman
May  4 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327413.
May  4 12:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session closed for user root
May  4 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session closed for user samftp
May  4 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Invalid user admin from 64.226.117.59
May  4 12:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: input_userauth_request: invalid user admin [preauth]
May  4 12:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Failed password for invalid user admin from 64.226.117.59 port 47836 ssh2
May  4 12:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2466]: Connection closed by 64.226.117.59 port 47836 [preauth]
May  4 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Invalid user iman from 45.116.79.186
May  4 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: input_userauth_request: invalid user iman [preauth]
May  4 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Failed password for invalid user iman from 45.116.79.186 port 35686 ssh2
May  4 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Received disconnect from 45.116.79.186 port 35686:11: Bye Bye [preauth]
May  4 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2476]: Disconnected from 45.116.79.186 port 35686 [preauth]
May  4 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session closed for user root
May  4 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Invalid user ubuntu from 193.32.162.84
May  4 12:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: input_userauth_request: invalid user ubuntu [preauth]
May  4 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 12:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Failed password for invalid user ubuntu from 193.32.162.84 port 34070 ssh2
May  4 12:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Connection closed by 193.32.162.84 port 34070 [preauth]
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session closed for user p13x
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2665]: Successful su for rubyman by root
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2665]: + ??? root:rubyman
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327417 of user rubyman.
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2665]: pam_unix(su:session): session closed for user rubyman
May  4 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327417.
May  4 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session closed for user root
May  4 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session closed for user samftp
May  4 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session closed for user root
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session closed for user p13x
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: Successful su for rubyman by root
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: + ??? root:rubyman
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327421 of user rubyman.
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: pam_unix(su:session): session closed for user rubyman
May  4 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327421.
May  4 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32753]: pam_unix(cron:session): session closed for user root
May  4 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session closed for user samftp
May  4 12:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session closed for user root
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user root
May  4 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session closed for user p13x
May  4 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3533]: Successful su for rubyman by root
May  4 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3533]: + ??? root:rubyman
May  4 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327425 of user rubyman.
May  4 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3533]: pam_unix(su:session): session closed for user rubyman
May  4 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327425.
May  4 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session closed for user root
May  4 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session closed for user root
May  4 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session closed for user samftp
May  4 12:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61  user=root
May  4 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Failed password for root from 92.118.39.61 port 52962 ssh2
May  4 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Connection closed by 92.118.39.61 port 52962 [preauth]
May  4 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2604]: pam_unix(cron:session): session closed for user root
May  4 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user p13x
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: Successful su for rubyman by root
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: + ??? root:rubyman
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327430 of user rubyman.
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4027]: pam_unix(su:session): session closed for user rubyman
May  4 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327430.
May  4 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session closed for user root
May  4 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user samftp
May  4 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3030]: pam_unix(cron:session): session closed for user root
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session closed for user p13x
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4598]: Successful su for rubyman by root
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4598]: + ??? root:rubyman
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327436 of user rubyman.
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4598]: pam_unix(su:session): session closed for user rubyman
May  4 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327436.
May  4 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1663]: pam_unix(cron:session): session closed for user root
May  4 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session closed for user samftp
May  4 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for root from 45.116.79.186 port 43924 ssh2
May  4 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Received disconnect from 45.116.79.186 port 43924:11: Bye Bye [preauth]
May  4 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Disconnected from 45.116.79.186 port 43924 [preauth]
May  4 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session closed for user root
May  4 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4955]: pam_unix(cron:session): session closed for user p13x
May  4 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: Successful su for rubyman by root
May  4 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: + ??? root:rubyman
May  4 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327439 of user rubyman.
May  4 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5200]: pam_unix(su:session): session closed for user rubyman
May  4 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327439.
May  4 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session closed for user root
May  4 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4956]: pam_unix(cron:session): session closed for user samftp
May  4 12:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3926]: pam_unix(cron:session): session closed for user root
May  4 12:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  4 12:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Failed password for root from 218.92.0.208 port 59850 ssh2
May  4 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: message repeated 4 times: [ Failed password for root from 218.92.0.208 port 59850 ssh2]
May  4 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: error: maximum authentication attempts exceeded for root from 218.92.0.208 port 59850 ssh2 [preauth]
May  4 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: Disconnecting: Too many authentication failures [preauth]
May  4 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  4 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5509]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 12:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Invalid user admin from 64.226.117.59
May  4 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: input_userauth_request: invalid user admin [preauth]
May  4 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  4 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for invalid user admin from 64.226.117.59 port 45782 ssh2
May  4 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Connection closed by 64.226.117.59 port 45782 [preauth]
May  4 12:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 218.92.0.208 port 42056 ssh2
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user p13x
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5673]: Successful su for rubyman by root
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5673]: + ??? root:rubyman
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327442 of user rubyman.
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5673]: pam_unix(su:session): session closed for user rubyman
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327442.
May  4 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 218.92.0.208 port 42056 ssh2
May  4 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2603]: pam_unix(cron:session): session closed for user root
May  4 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 218.92.0.208 port 42056 ssh2
May  4 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5602]: pam_unix(cron:session): session closed for user samftp
May  4 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 218.92.0.208 port 42056 ssh2
May  4 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84  user=root
May  4 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 218.92.0.208 port 42056 ssh2
May  4 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Failed password for root from 193.32.162.84 port 36578 ssh2
May  4 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5952]: Connection closed by 193.32.162.84 port 36578 [preauth]
May  4 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Failed password for root from 218.92.0.208 port 42056 ssh2
May  4 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: error: maximum authentication attempts exceeded for root from 218.92.0.208 port 42056 ssh2 [preauth]
May  4 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: Disconnecting: Too many authentication failures [preauth]
May  4 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  4 12:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5585]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 12:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  4 12:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for root from 218.92.0.208 port 42138 ssh2
May  4 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Received disconnect from 218.92.0.208 port 42138:11:  [preauth]
May  4 12:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Disconnected from 218.92.0.208 port 42138 [preauth]
May  4 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4533]: pam_unix(cron:session): session closed for user root
May  4 12:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6129]: pam_unix(cron:session): session closed for user root
May  4 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6124]: pam_unix(cron:session): session closed for user p13x
May  4 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: Successful su for rubyman by root
May  4 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: + ??? root:rubyman
May  4 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327446 of user rubyman.
May  4 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: pam_unix(su:session): session closed for user rubyman
May  4 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327446.
May  4 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6126]: pam_unix(cron:session): session closed for user root
May  4 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session closed for user root
May  4 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6125]: pam_unix(cron:session): session closed for user samftp
May  4 12:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Failed password for root from 218.92.0.220 port 51262 ssh2
May  4 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4959]: pam_unix(cron:session): session closed for user root
May  4 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Failed password for root from 218.92.0.220 port 51262 ssh2
May  4 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Failed password for root from 218.92.0.220 port 51262 ssh2
May  4 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Received disconnect from 218.92.0.220 port 51262:11:  [preauth]
May  4 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Disconnected from 218.92.0.220 port 51262 [preauth]
May  4 12:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6554]: pam_unix(cron:session): session closed for user p13x
May  4 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: Successful su for rubyman by root
May  4 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: + ??? root:rubyman
May  4 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327454 of user rubyman.
May  4 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: pam_unix(su:session): session closed for user rubyman
May  4 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327454.
May  4 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3466]: pam_unix(cron:session): session closed for user root
May  4 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6555]: pam_unix(cron:session): session closed for user samftp
May  4 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session closed for user root
May  4 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Failed password for root from 185.93.89.118 port 54328 ssh2
May  4 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: Connection closed by 185.93.89.118 port 54328 [preauth]
May  4 12:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Invalid user deploy from 45.116.79.186
May  4 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: input_userauth_request: invalid user deploy [preauth]
May  4 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Failed password for invalid user deploy from 45.116.79.186 port 52164 ssh2
May  4 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Received disconnect from 45.116.79.186 port 52164:11: Bye Bye [preauth]
May  4 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Disconnected from 45.116.79.186 port 52164 [preauth]
May  4 12:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Failed password for root from 185.93.89.118 port 24898 ssh2
May  4 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7006]: Connection closed by 185.93.89.118 port 24898 [preauth]
May  4 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Invalid user gwei from 92.118.39.61
May  4 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: input_userauth_request: invalid user gwei [preauth]
May  4 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Failed password for invalid user gwei from 92.118.39.61 port 34656 ssh2
May  4 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Connection closed by 92.118.39.61 port 34656 [preauth]
May  4 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session closed for user p13x
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7151]: Successful su for rubyman by root
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7151]: + ??? root:rubyman
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327459 of user rubyman.
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7151]: pam_unix(su:session): session closed for user rubyman
May  4 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327459.
May  4 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3925]: pam_unix(cron:session): session closed for user root
May  4 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session closed for user samftp
May  4 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: Failed password for root from 185.93.89.118 port 5644 ssh2
May  4 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: Connection closed by 185.93.89.118 port 5644 [preauth]
May  4 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6128]: pam_unix(cron:session): session closed for user root
May  4 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Failed password for root from 185.93.89.118 port 44622 ssh2
May  4 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Connection closed by 185.93.89.118 port 44622 [preauth]
May  4 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Failed password for root from 185.93.89.118 port 10128 ssh2
May  4 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7423]: Connection closed by 185.93.89.118 port 10128 [preauth]
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7594]: pam_unix(cron:session): session closed for user p13x
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: Successful su for rubyman by root
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: + ??? root:rubyman
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327463 of user rubyman.
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: pam_unix(su:session): session closed for user rubyman
May  4 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327463.
May  4 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4532]: pam_unix(cron:session): session closed for user root
May  4 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7595]: pam_unix(cron:session): session closed for user samftp
May  4 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6557]: pam_unix(cron:session): session closed for user root
May  4 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session closed for user p13x
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: Successful su for rubyman by root
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: + ??? root:rubyman
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327466 of user rubyman.
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8155]: pam_unix(su:session): session closed for user rubyman
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327466.
May  4 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user root
May  4 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4957]: pam_unix(cron:session): session closed for user root
May  4 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session closed for user samftp
May  4 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7086]: pam_unix(cron:session): session closed for user root
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session closed for user root
May  4 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user p13x
May  4 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8633]: Successful su for rubyman by root
May  4 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8633]: + ??? root:rubyman
May  4 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327472 of user rubyman.
May  4 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8633]: pam_unix(su:session): session closed for user rubyman
May  4 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327472.
May  4 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session closed for user root
May  4 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5603]: pam_unix(cron:session): session closed for user root
May  4 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session closed for user samftp
May  4 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session closed for user root
May  4 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Invalid user admin from 64.226.117.59
May  4 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: input_userauth_request: invalid user admin [preauth]
May  4 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Invalid user hadoopuser from 46.244.96.25
May  4 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: input_userauth_request: invalid user hadoopuser [preauth]
May  4 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Failed password for invalid user admin from 64.226.117.59 port 51164 ssh2
May  4 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Connection closed by 64.226.117.59 port 51164 [preauth]
May  4 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Failed password for invalid user hadoopuser from 46.244.96.25 port 50176 ssh2
May  4 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Connection closed by 46.244.96.25 port 50176 [preauth]
May  4 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84  user=root
May  4 12:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for root from 193.32.162.84 port 39084 ssh2
May  4 12:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Connection closed by 193.32.162.84 port 39084 [preauth]
May  4 12:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 12:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Failed password for root from 218.92.0.228 port 36122 ssh2
May  4 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 36122 ssh2]
May  4 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Received disconnect from 218.92.0.228 port 36122:11:  [preauth]
May  4 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Disconnected from 218.92.0.228 port 36122 [preauth]
May  4 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for root from 218.92.0.228 port 38554 ssh2
May  4 12:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for root from 218.92.0.228 port 38554 ssh2
May  4 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session closed for user p13x
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9088]: Successful su for rubyman by root
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9088]: + ??? root:rubyman
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327475 of user rubyman.
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9088]: pam_unix(su:session): session closed for user rubyman
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327475.
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for root from 218.92.0.228 port 38554 ssh2
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Received disconnect from 218.92.0.228 port 38554:11:  [preauth]
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Disconnected from 218.92.0.228 port 38554 [preauth]
May  4 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6127]: pam_unix(cron:session): session closed for user root
May  4 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session closed for user samftp
May  4 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  4 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: Failed password for root from 193.70.84.184 port 57812 ssh2
May  4 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9396]: Connection closed by 193.70.84.184 port 57812 [preauth]
May  4 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session closed for user root
May  4 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Failed password for root from 45.116.79.186 port 60418 ssh2
May  4 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Received disconnect from 45.116.79.186 port 60418:11: Bye Bye [preauth]
May  4 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Disconnected from 45.116.79.186 port 60418 [preauth]
May  4 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session closed for user p13x
May  4 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: Successful su for rubyman by root
May  4 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: + ??? root:rubyman
May  4 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327481 of user rubyman.
May  4 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9607]: pam_unix(su:session): session closed for user rubyman
May  4 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327481.
May  4 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6556]: pam_unix(cron:session): session closed for user root
May  4 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session closed for user samftp
May  4 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user root
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9952]: pam_unix(cron:session): session closed for user p13x
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: Successful su for rubyman by root
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: + ??? root:rubyman
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327483 of user rubyman.
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: pam_unix(su:session): session closed for user rubyman
May  4 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327483.
May  4 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session closed for user root
May  4 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session closed for user samftp
May  4 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9022]: pam_unix(cron:session): session closed for user root
May  4 12:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Invalid user tes from 50.235.31.47
May  4 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: input_userauth_request: invalid user tes [preauth]
May  4 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Failed password for invalid user tes from 50.235.31.47 port 34786 ssh2
May  4 12:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10375]: Connection closed by 50.235.31.47 port 34786 [preauth]
May  4 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Invalid user web3 from 92.118.39.61
May  4 12:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: input_userauth_request: invalid user web3 [preauth]
May  4 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Failed password for invalid user web3 from 92.118.39.61 port 44580 ssh2
May  4 12:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10425]: Connection closed by 92.118.39.61 port 44580 [preauth]
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user p13x
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: Successful su for rubyman by root
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: + ??? root:rubyman
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327489 of user rubyman.
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: pam_unix(su:session): session closed for user rubyman
May  4 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327489.
May  4 12:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session closed for user root
May  4 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10454]: pam_unix(cron:session): session closed for user samftp
May  4 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9552]: pam_unix(cron:session): session closed for user root
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session closed for user root
May  4 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session closed for user p13x
May  4 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: Successful su for rubyman by root
May  4 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: + ??? root:rubyman
May  4 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327492 of user rubyman.
May  4 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10983]: pam_unix(su:session): session closed for user rubyman
May  4 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327492.
May  4 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10916]: pam_unix(cron:session): session closed for user root
May  4 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session closed for user root
May  4 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10915]: pam_unix(cron:session): session closed for user samftp
May  4 12:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9956]: pam_unix(cron:session): session closed for user root
May  4 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11341]: pam_unix(cron:session): session closed for user p13x
May  4 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11406]: Successful su for rubyman by root
May  4 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11406]: + ??? root:rubyman
May  4 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327499 of user rubyman.
May  4 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11406]: pam_unix(su:session): session closed for user rubyman
May  4 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327499.
May  4 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8562]: pam_unix(cron:session): session closed for user root
May  4 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11342]: pam_unix(cron:session): session closed for user samftp
May  4 12:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 12:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Failed password for root from 35.200.237.19 port 1115 ssh2
May  4 12:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Received disconnect from 35.200.237.19 port 1115:11: Bye Bye [preauth]
May  4 12:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11620]: Disconnected from 35.200.237.19 port 1115 [preauth]
May  4 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10457]: pam_unix(cron:session): session closed for user root
May  4 12:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 12:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Failed password for root from 45.116.79.186 port 40442 ssh2
May  4 12:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Received disconnect from 45.116.79.186 port 40442:11: Bye Bye [preauth]
May  4 12:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Disconnected from 45.116.79.186 port 40442 [preauth]
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11747]: pam_unix(cron:session): session closed for user p13x
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11809]: Successful su for rubyman by root
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11809]: + ??? root:rubyman
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327503 of user rubyman.
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11809]: pam_unix(su:session): session closed for user rubyman
May  4 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327503.
May  4 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session closed for user root
May  4 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session closed for user samftp
May  4 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Invalid user gns3 from 193.32.162.84
May  4 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: input_userauth_request: invalid user gns3 [preauth]
May  4 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Failed password for invalid user gns3 from 193.32.162.84 port 41570 ssh2
May  4 12:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Connection closed by 193.32.162.84 port 41570 [preauth]
May  4 12:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Invalid user admin from 64.226.117.59
May  4 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: input_userauth_request: invalid user admin [preauth]
May  4 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Failed password for invalid user admin from 64.226.117.59 port 60506 ssh2
May  4 12:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Connection closed by 64.226.117.59 port 60506 [preauth]
May  4 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session closed for user root
May  4 12:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 12:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Failed password for root from 218.92.0.218 port 30388 ssh2
May  4 12:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Failed password for root from 218.92.0.218 port 30388 ssh2
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12138]: pam_unix(cron:session): session closed for user p13x
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12197]: Successful su for rubyman by root
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12197]: + ??? root:rubyman
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327507 of user rubyman.
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12197]: pam_unix(su:session): session closed for user rubyman
May  4 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327507.
May  4 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Failed password for root from 218.92.0.218 port 30388 ssh2
May  4 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Received disconnect from 218.92.0.218 port 30388:11:  [preauth]
May  4 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: Disconnected from 218.92.0.218 port 30388 [preauth]
May  4 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12125]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session closed for user root
May  4 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12139]: pam_unix(cron:session): session closed for user samftp
May  4 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 12:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Failed password for root from 218.92.0.112 port 51538 ssh2
May  4 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 51538 ssh2]
May  4 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Received disconnect from 218.92.0.112 port 51538:11:  [preauth]
May  4 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: Disconnected from 218.92.0.112 port 51538 [preauth]
May  4 12:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12425]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11344]: pam_unix(cron:session): session closed for user root
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session closed for user p13x
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: Successful su for rubyman by root
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: + ??? root:rubyman
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327511 of user rubyman.
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12607]: pam_unix(su:session): session closed for user rubyman
May  4 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327511.
May  4 12:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session closed for user root
May  4 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user samftp
May  4 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11750]: pam_unix(cron:session): session closed for user root
May  4 12:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 12:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for root from 80.94.95.125 port 59093 ssh2
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for root from 80.94.95.125 port 59093 ssh2
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12937]: pam_unix(cron:session): session closed for user root
May  4 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12932]: pam_unix(cron:session): session closed for user p13x
May  4 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: Successful su for rubyman by root
May  4 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: + ??? root:rubyman
May  4 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327515 of user rubyman.
May  4 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13002]: pam_unix(su:session): session closed for user rubyman
May  4 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327515.
May  4 12:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for root from 80.94.95.125 port 59093 ssh2
May  4 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12934]: pam_unix(cron:session): session closed for user root
May  4 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10455]: pam_unix(cron:session): session closed for user root
May  4 12:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Failed password for root from 80.94.95.125 port 59093 ssh2
May  4 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Received disconnect from 80.94.95.125 port 59093:11: Bye [preauth]
May  4 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: Disconnected from 80.94.95.125 port 59093 [preauth]
May  4 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12920]: PAM service(sshd) ignoring max retries; 4 > 3
May  4 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12933]: pam_unix(cron:session): session closed for user samftp
May  4 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12141]: pam_unix(cron:session): session closed for user root
May  4 12:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 12:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Failed password for root from 164.68.105.9 port 39648 ssh2
May  4 12:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Connection closed by 164.68.105.9 port 39648 [preauth]
May  4 12:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: Invalid user validate from 92.118.39.61
May  4 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: input_userauth_request: invalid user validate [preauth]
May  4 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: Failed password for invalid user validate from 92.118.39.61 port 54504 ssh2
May  4 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13353]: Connection closed by 92.118.39.61 port 54504 [preauth]
May  4 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13366]: pam_unix(cron:session): session closed for user p13x
May  4 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: Successful su for rubyman by root
May  4 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: + ??? root:rubyman
May  4 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327521 of user rubyman.
May  4 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: pam_unix(su:session): session closed for user rubyman
May  4 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327521.
May  4 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session closed for user root
May  4 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13367]: pam_unix(cron:session): session closed for user samftp
May  4 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user root
May  4 12:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186  user=root
May  4 12:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Failed password for root from 45.116.79.186 port 48690 ssh2
May  4 12:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Received disconnect from 45.116.79.186 port 48690:11: Bye Bye [preauth]
May  4 12:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Disconnected from 45.116.79.186 port 48690 [preauth]
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session closed for user p13x
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: Successful su for rubyman by root
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: + ??? root:rubyman
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327523 of user rubyman.
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: pam_unix(su:session): session closed for user rubyman
May  4 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327523.
May  4 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11343]: pam_unix(cron:session): session closed for user root
May  4 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session closed for user samftp
May  4 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12936]: pam_unix(cron:session): session closed for user root
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14276]: pam_unix(cron:session): session closed for user p13x
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: Successful su for rubyman by root
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: + ??? root:rubyman
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327528 of user rubyman.
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14338]: pam_unix(su:session): session closed for user rubyman
May  4 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327528.
May  4 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11749]: pam_unix(cron:session): session closed for user root
May  4 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14277]: pam_unix(cron:session): session closed for user samftp
May  4 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Invalid user admin from 139.19.117.131
May  4 12:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: input_userauth_request: invalid user admin [preauth]
May  4 12:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Connection closed by 139.19.117.131 port 57542 [preauth]
May  4 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13369]: pam_unix(cron:session): session closed for user root
May  4 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Invalid user admin from 64.226.117.59
May  4 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: input_userauth_request: invalid user admin [preauth]
May  4 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Failed password for invalid user admin from 64.226.117.59 port 55868 ssh2
May  4 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Connection closed by 64.226.117.59 port 55868 [preauth]
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session closed for user p13x
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: Successful su for rubyman by root
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: + ??? root:rubyman
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327531 of user rubyman.
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14748]: pam_unix(su:session): session closed for user rubyman
May  4 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327531.
May  4 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12140]: pam_unix(cron:session): session closed for user root
May  4 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14688]: pam_unix(cron:session): session closed for user samftp
May  4 12:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 12:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Failed password for root from 35.200.237.19 port 1124 ssh2
May  4 12:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Received disconnect from 35.200.237.19 port 1124:11: Bye Bye [preauth]
May  4 12:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Disconnected from 35.200.237.19 port 1124 [preauth]
May  4 12:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13886]: pam_unix(cron:session): session closed for user root
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15099]: pam_unix(cron:session): session closed for user root
May  4 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15094]: pam_unix(cron:session): session closed for user p13x
May  4 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15161]: Successful su for rubyman by root
May  4 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15161]: + ??? root:rubyman
May  4 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327535 of user rubyman.
May  4 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15161]: pam_unix(su:session): session closed for user rubyman
May  4 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327535.
May  4 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session closed for user root
May  4 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12548]: pam_unix(cron:session): session closed for user root
May  4 12:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session closed for user samftp
May  4 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14280]: pam_unix(cron:session): session closed for user root
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15521]: pam_unix(cron:session): session closed for user p13x
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15587]: Successful su for rubyman by root
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15587]: + ??? root:rubyman
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327541 of user rubyman.
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15587]: pam_unix(su:session): session closed for user rubyman
May  4 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327541.
May  4 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12935]: pam_unix(cron:session): session closed for user root
May  4 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session closed for user samftp
May  4 12:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  4 12:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.128.169
May  4 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14690]: pam_unix(cron:session): session closed for user root
May  4 12:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Invalid user one from 45.116.79.186
May  4 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: input_userauth_request: invalid user one [preauth]
May  4 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 12:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Failed password for invalid user one from 45.116.79.186 port 56942 ssh2
May  4 12:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Received disconnect from 45.116.79.186 port 56942:11: Bye Bye [preauth]
May  4 12:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Disconnected from 45.116.79.186 port 56942 [preauth]
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15937]: pam_unix(cron:session): session closed for user p13x
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: Successful su for rubyman by root
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: + ??? root:rubyman
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327546 of user rubyman.
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15998]: pam_unix(su:session): session closed for user rubyman
May  4 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327546.
May  4 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13368]: pam_unix(cron:session): session closed for user root
May  4 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15938]: pam_unix(cron:session): session closed for user samftp
May  4 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session closed for user root
May  4 12:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Invalid user delegate from 92.118.39.61
May  4 12:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: input_userauth_request: invalid user delegate [preauth]
May  4 12:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 12:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user delegate from 92.118.39.61 port 36198 ssh2
May  4 12:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Connection closed by 92.118.39.61 port 36198 [preauth]
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session closed for user p13x
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: Successful su for rubyman by root
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: + ??? root:rubyman
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327550 of user rubyman.
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: pam_unix(su:session): session closed for user rubyman
May  4 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327550.
May  4 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session closed for user root
May  4 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session closed for user samftp
May  4 12:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session closed for user root
May  4 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16766]: pam_unix(cron:session): session closed for user p13x
May  4 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: Successful su for rubyman by root
May  4 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: + ??? root:rubyman
May  4 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327554 of user rubyman.
May  4 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16827]: pam_unix(su:session): session closed for user rubyman
May  4 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327554.
May  4 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14278]: pam_unix(cron:session): session closed for user root
May  4 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16767]: pam_unix(cron:session): session closed for user samftp
May  4 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15940]: pam_unix(cron:session): session closed for user root
May  4 12:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: Invalid user bots from 35.200.237.19
May  4 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: input_userauth_request: invalid user bots [preauth]
May  4 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: pam_unix(sshd:auth): check pass; user unknown
May  4 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 12:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: Failed password for invalid user bots from 35.200.237.19 port 1120 ssh2
May  4 12:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: Received disconnect from 35.200.237.19 port 1120:11: Bye Bye [preauth]
May  4 12:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17145]: Disconnected from 35.200.237.19 port 1120 [preauth]
May  4 12:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Invalid user christian from 80.94.95.241
May  4 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: input_userauth_request: invalid user christian [preauth]
May  4 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session closed for user root
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17202]: pam_unix(cron:session): session closed for user root
May  4 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user p13x
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user christian from 80.94.95.241 port 63539 ssh2
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: Successful su for rubyman by root
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: + ??? root:rubyman
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327560 of user rubyman.
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17300]: pam_unix(su:session): session closed for user rubyman
May  4 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327560.
May  4 13:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user christian from 80.94.95.241 port 63539 ssh2
May  4 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14689]: pam_unix(cron:session): session closed for user root
May  4 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17203]: pam_unix(cron:session): session closed for user root
May  4 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user christian from 80.94.95.241 port 63539 ssh2
May  4 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user samftp
May  4 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user christian from 80.94.95.241 port 63539 ssh2
May  4 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for invalid user christian from 80.94.95.241 port 63539 ssh2
May  4 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Received disconnect from 80.94.95.241 port 63539:11: Bye [preauth]
May  4 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Disconnected from 80.94.95.241 port 63539 [preauth]
May  4 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 13:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Invalid user admin from 64.226.117.59
May  4 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: input_userauth_request: invalid user admin [preauth]
May  4 13:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user admin from 64.226.117.59 port 48936 ssh2
May  4 13:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Connection closed by 64.226.117.59 port 48936 [preauth]
May  4 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16323]: pam_unix(cron:session): session closed for user root
May  4 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Failed password for root from 218.92.0.218 port 54570 ssh2
May  4 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Failed password for root from 218.92.0.218 port 54570 ssh2
May  4 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Failed password for root from 218.92.0.218 port 54570 ssh2
May  4 13:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Received disconnect from 218.92.0.218 port 54570:11:  [preauth]
May  4 13:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: Disconnected from 218.92.0.218 port 54570 [preauth]
May  4 13:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17596]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session closed for user p13x
May  4 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: Successful su for rubyman by root
May  4 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: + ??? root:rubyman
May  4 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327565 of user rubyman.
May  4 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17897]: pam_unix(su:session): session closed for user rubyman
May  4 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327565.
May  4 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session closed for user root
May  4 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17725]: pam_unix(cron:session): session closed for user samftp
May  4 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Connection reset by 218.92.0.228 port 18888 [preauth]
May  4 13:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 13:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Failed password for root from 218.92.0.230 port 31958 ssh2
May  4 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16769]: pam_unix(cron:session): session closed for user root
May  4 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Failed password for root from 218.92.0.230 port 31958 ssh2
May  4 13:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Failed password for root from 218.92.0.230 port 31958 ssh2
May  4 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Received disconnect from 218.92.0.230 port 31958:11:  [preauth]
May  4 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: Disconnected from 218.92.0.230 port 31958 [preauth]
May  4 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18162]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Invalid user piso from 45.116.79.186
May  4 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: input_userauth_request: invalid user piso [preauth]
May  4 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 13:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Failed password for invalid user piso from 45.116.79.186 port 36962 ssh2
May  4 13:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Received disconnect from 45.116.79.186 port 36962:11: Bye Bye [preauth]
May  4 13:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Disconnected from 45.116.79.186 port 36962 [preauth]
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session closed for user p13x
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: Successful su for rubyman by root
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: + ??? root:rubyman
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327568 of user rubyman.
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session closed for user rubyman
May  4 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327568.
May  4 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session closed for user root
May  4 13:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session closed for user samftp
May  4 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17205]: pam_unix(cron:session): session closed for user root
May  4 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18662]: pam_unix(cron:session): session closed for user p13x
May  4 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18728]: Successful su for rubyman by root
May  4 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18728]: + ??? root:rubyman
May  4 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327575 of user rubyman.
May  4 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18728]: pam_unix(su:session): session closed for user rubyman
May  4 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327575.
May  4 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15939]: pam_unix(cron:session): session closed for user root
May  4 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18664]: pam_unix(cron:session): session closed for user samftp
May  4 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17727]: pam_unix(cron:session): session closed for user root
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19076]: pam_unix(cron:session): session closed for user p13x
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19136]: Successful su for rubyman by root
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19136]: + ??? root:rubyman
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327576 of user rubyman.
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19136]: pam_unix(su:session): session closed for user rubyman
May  4 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327576.
May  4 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session closed for user root
May  4 13:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19077]: pam_unix(cron:session): session closed for user samftp
May  4 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18253]: pam_unix(cron:session): session closed for user root
May  4 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Invalid user ubuntu from 92.118.39.61
May  4 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: input_userauth_request: invalid user ubuntu [preauth]
May  4 13:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Failed password for invalid user ubuntu from 92.118.39.61 port 46124 ssh2
May  4 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Connection closed by 92.118.39.61 port 46124 [preauth]
May  4 13:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Invalid user feelware from 35.200.237.19
May  4 13:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: input_userauth_request: invalid user feelware [preauth]
May  4 13:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19483]: pam_unix(cron:session): session closed for user root
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19477]: pam_unix(cron:session): session closed for user p13x
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19547]: Successful su for rubyman by root
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19547]: + ??? root:rubyman
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327585 of user rubyman.
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19547]: pam_unix(su:session): session closed for user rubyman
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Failed password for invalid user feelware from 35.200.237.19 port 1116 ssh2
May  4 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327585.
May  4 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Received disconnect from 35.200.237.19 port 1116:11: Bye Bye [preauth]
May  4 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Disconnected from 35.200.237.19 port 1116 [preauth]
May  4 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19480]: pam_unix(cron:session): session closed for user root
May  4 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16768]: pam_unix(cron:session): session closed for user root
May  4 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19478]: pam_unix(cron:session): session closed for user samftp
May  4 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18666]: pam_unix(cron:session): session closed for user root
May  4 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19932]: pam_unix(cron:session): session closed for user p13x
May  4 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20007]: Successful su for rubyman by root
May  4 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20007]: + ??? root:rubyman
May  4 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327587 of user rubyman.
May  4 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20007]: pam_unix(su:session): session closed for user rubyman
May  4 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327587.
May  4 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17204]: pam_unix(cron:session): session closed for user root
May  4 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19933]: pam_unix(cron:session): session closed for user samftp
May  4 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19079]: pam_unix(cron:session): session closed for user root
May  4 13:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Invalid user rede from 45.116.79.186
May  4 13:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: input_userauth_request: invalid user rede [preauth]
May  4 13:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.116.79.186
May  4 13:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Failed password for invalid user rede from 45.116.79.186 port 45208 ssh2
May  4 13:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Received disconnect from 45.116.79.186 port 45208:11: Bye Bye [preauth]
May  4 13:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20284]: Disconnected from 45.116.79.186 port 45208 [preauth]
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20339]: pam_unix(cron:session): session closed for user p13x
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20401]: Successful su for rubyman by root
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20401]: + ??? root:rubyman
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327591 of user rubyman.
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20401]: pam_unix(su:session): session closed for user rubyman
May  4 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327591.
May  4 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17726]: pam_unix(cron:session): session closed for user root
May  4 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session closed for user samftp
May  4 13:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Invalid user admin from 64.226.117.59
May  4 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: input_userauth_request: invalid user admin [preauth]
May  4 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user admin from 64.226.117.59 port 39382 ssh2
May  4 13:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Connection closed by 64.226.117.59 port 39382 [preauth]
May  4 13:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 13:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: Failed password for root from 176.31.162.135 port 35946 ssh2
May  4 13:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20614]: Connection closed by 176.31.162.135 port 35946 [preauth]
May  4 13:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19482]: pam_unix(cron:session): session closed for user root
May  4 13:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20743]: pam_unix(cron:session): session closed for user p13x
May  4 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: Successful su for rubyman by root
May  4 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: + ??? root:rubyman
May  4 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327595 of user rubyman.
May  4 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: pam_unix(su:session): session closed for user rubyman
May  4 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327595.
May  4 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session closed for user root
May  4 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20744]: pam_unix(cron:session): session closed for user samftp
May  4 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77  user=root
May  4 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20684]: Failed password for root from 113.125.184.77 port 60086 ssh2
May  4 13:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20684]: Connection closed by 113.125.184.77 port 60086 [preauth]
May  4 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session closed for user root
May  4 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session closed for user p13x
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21316]: Successful su for rubyman by root
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21316]: + ??? root:rubyman
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327598 of user rubyman.
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21316]: pam_unix(su:session): session closed for user rubyman
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327598.
May  4 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21157]: pam_unix(cron:session): session closed for user root
May  4 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18665]: pam_unix(cron:session): session closed for user root
May  4 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session closed for user samftp
May  4 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20342]: pam_unix(cron:session): session closed for user root
May  4 13:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Invalid user debian from 46.244.96.25
May  4 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: input_userauth_request: invalid user debian [preauth]
May  4 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 13:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Failed password for invalid user debian from 46.244.96.25 port 45370 ssh2
May  4 13:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Connection closed by 46.244.96.25 port 45370 [preauth]
May  4 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session closed for user root
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user p13x
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: Successful su for rubyman by root
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: + ??? root:rubyman
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327605 of user rubyman.
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22075]: pam_unix(su:session): session closed for user rubyman
May  4 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327605.
May  4 13:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user root
May  4 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19078]: pam_unix(cron:session): session closed for user root
May  4 13:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session closed for user samftp
May  4 13:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Invalid user deploy from 35.200.237.19
May  4 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: input_userauth_request: invalid user deploy [preauth]
May  4 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user deploy from 35.200.237.19 port 1101 ssh2
May  4 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Received disconnect from 35.200.237.19 port 1101:11: Bye Bye [preauth]
May  4 13:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Disconnected from 35.200.237.19 port 1101 [preauth]
May  4 13:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session closed for user root
May  4 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session closed for user p13x
May  4 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: Successful su for rubyman by root
May  4 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: + ??? root:rubyman
May  4 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327610 of user rubyman.
May  4 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: pam_unix(su:session): session closed for user rubyman
May  4 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327610.
May  4 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19481]: pam_unix(cron:session): session closed for user root
May  4 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session closed for user samftp
May  4 13:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: Invalid user ubuntu from 92.118.39.61
May  4 13:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: input_userauth_request: invalid user ubuntu [preauth]
May  4 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: Failed password for invalid user ubuntu from 92.118.39.61 port 56050 ssh2
May  4 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: Connection closed by 92.118.39.61 port 56050 [preauth]
May  4 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: Invalid user svnuser from 113.125.184.77
May  4 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: input_userauth_request: invalid user svnuser [preauth]
May  4 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session closed for user root
May  4 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: Failed password for invalid user svnuser from 113.125.184.77 port 48594 ssh2
May  4 13:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session closed for user p13x
May  4 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23073]: Successful su for rubyman by root
May  4 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23073]: + ??? root:rubyman
May  4 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327614 of user rubyman.
May  4 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23073]: pam_unix(su:session): session closed for user rubyman
May  4 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327614.
May  4 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user root
May  4 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session closed for user samftp
May  4 13:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session closed for user root
May  4 13:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Invalid user elastic from 113.125.184.77
May  4 13:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: input_userauth_request: invalid user elastic [preauth]
May  4 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: Invalid user uftp from 113.125.184.77
May  4 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: input_userauth_request: invalid user uftp [preauth]
May  4 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: Failed password for invalid user uftp from 113.125.184.77 port 46692 ssh2
May  4 13:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22924]: Connection closed by 113.125.184.77 port 46692 [preauth]
May  4 13:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23525]: pam_unix(cron:session): session closed for user p13x
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23583]: Successful su for rubyman by root
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23583]: + ??? root:rubyman
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327618 of user rubyman.
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23583]: pam_unix(su:session): session closed for user rubyman
May  4 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327618.
May  4 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20341]: pam_unix(cron:session): session closed for user root
May  4 13:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23526]: pam_unix(cron:session): session closed for user samftp
May  4 13:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Invalid user ts from 113.125.184.77
May  4 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: input_userauth_request: invalid user ts [preauth]
May  4 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Failed password for invalid user ts from 113.125.184.77 port 38560 ssh2
May  4 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session closed for user root
May  4 13:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: Invalid user admin from 64.226.117.59
May  4 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: input_userauth_request: invalid user admin [preauth]
May  4 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: Failed password for invalid user admin from 64.226.117.59 port 47386 ssh2
May  4 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: Connection closed by 64.226.117.59 port 47386 [preauth]
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24056]: pam_unix(cron:session): session closed for user p13x
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24115]: Successful su for rubyman by root
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24115]: + ??? root:rubyman
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327621 of user rubyman.
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24115]: pam_unix(su:session): session closed for user rubyman
May  4 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327621.
May  4 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20745]: pam_unix(cron:session): session closed for user root
May  4 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24057]: pam_unix(cron:session): session closed for user samftp
May  4 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Invalid user uftp from 113.125.184.77
May  4 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: input_userauth_request: invalid user uftp [preauth]
May  4 13:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Failed password for invalid user uftp from 113.125.184.77 port 34642 ssh2
May  4 13:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Connection closed by 113.125.184.77 port 34642 [preauth]
May  4 13:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Failed password for invalid user elastic from 113.125.184.77 port 48244 ssh2
May  4 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23455]: Connection closed by 113.125.184.77 port 48244 [preauth]
May  4 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23017]: pam_unix(cron:session): session closed for user root
May  4 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Connection reset by 218.92.0.218 port 40994 [preauth]
May  4 13:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77  user=root
May  4 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Failed password for root from 113.125.184.77 port 55296 ssh2
May  4 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24038]: Connection closed by 113.125.184.77 port 55296 [preauth]
May  4 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session closed for user root
May  4 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24511]: pam_unix(cron:session): session closed for user p13x
May  4 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24589]: Successful su for rubyman by root
May  4 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24589]: + ??? root:rubyman
May  4 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327625 of user rubyman.
May  4 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24589]: pam_unix(su:session): session closed for user rubyman
May  4 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327625.
May  4 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24513]: pam_unix(cron:session): session closed for user root
May  4 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session closed for user root
May  4 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24768]: Invalid user username from 115.231.78.11
May  4 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24768]: input_userauth_request: invalid user username [preauth]
May  4 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24768]: Connection closed by 115.231.78.11 port 30000 [preauth]
May  4 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24512]: pam_unix(cron:session): session closed for user samftp
May  4 13:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Invalid user taibabi from 35.200.237.19
May  4 13:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: input_userauth_request: invalid user taibabi [preauth]
May  4 13:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77  user=root
May  4 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23528]: pam_unix(cron:session): session closed for user root
May  4 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Failed password for invalid user taibabi from 35.200.237.19 port 1145 ssh2
May  4 13:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: Failed password for root from 113.125.184.77 port 44822 ssh2
May  4 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Received disconnect from 35.200.237.19 port 1145:11: Bye Bye [preauth]
May  4 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Disconnected from 35.200.237.19 port 1145 [preauth]
May  4 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Invalid user nexus from 113.125.184.77
May  4 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: input_userauth_request: invalid user nexus [preauth]
May  4 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Failed password for invalid user nexus from 113.125.184.77 port 44830 ssh2
May  4 13:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Connection closed by 113.125.184.77 port 44830 [preauth]
May  4 13:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 13:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: Failed password for root from 218.92.0.236 port 47904 ssh2
May  4 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 47904 ssh2]
May  4 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: Received disconnect from 218.92.0.236 port 47904:11:  [preauth]
May  4 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: Disconnected from 218.92.0.236 port 47904 [preauth]
May  4 13:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24901]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 13:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24485]: Connection closed by 113.125.184.77 port 44822 [preauth]
May  4 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user rabbitmq from 113.125.184.77
May  4 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user rabbitmq [preauth]
May  4 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user rabbitmq from 113.125.184.77 port 53536 ssh2
May  4 13:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Connection closed by 113.125.184.77 port 53536 [preauth]
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: Invalid user nvidia from 113.125.184.77
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: input_userauth_request: invalid user nvidia [preauth]
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24970]: pam_unix(cron:session): session closed for user p13x
May  4 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25039]: Successful su for rubyman by root
May  4 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25039]: + ??? root:rubyman
May  4 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327632 of user rubyman.
May  4 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25039]: pam_unix(su:session): session closed for user rubyman
May  4 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327632.
May  4 13:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: Failed password for invalid user nvidia from 113.125.184.77 port 44848 ssh2
May  4 13:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24508]: Connection closed by 113.125.184.77 port 44848 [preauth]
May  4 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session closed for user root
May  4 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session closed for user samftp
May  4 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Invalid user test2 from 113.125.184.77
May  4 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: input_userauth_request: invalid user test2 [preauth]
May  4 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.125.184.77
May  4 13:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Failed password for invalid user test2 from 113.125.184.77 port 35906 ssh2
May  4 13:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Connection closed by 113.125.184.77 port 35906 [preauth]
May  4 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Invalid user [ from 195.178.110.50
May  4 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: input_userauth_request: invalid user [ [preauth]
May  4 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Failed password for invalid user [ from 195.178.110.50 port 35768 ssh2
May  4 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Connection closed by 195.178.110.50 port 35768 [preauth]
May  4 13:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24059]: pam_unix(cron:session): session closed for user root
May  4 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Invalid user ( from 195.178.110.50
May  4 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: input_userauth_request: invalid user ( [preauth]
May  4 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Failed password for invalid user ( from 195.178.110.50 port 54598 ssh2
May  4 13:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25284]: Connection closed by 195.178.110.50 port 54598 [preauth]
May  4 13:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session closed for user root
May  4 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25391]: pam_unix(cron:session): session closed for user p13x
May  4 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: Successful su for rubyman by root
May  4 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: + ??? root:rubyman
May  4 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327635 of user rubyman.
May  4 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: pam_unix(su:session): session closed for user rubyman
May  4 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327635.
May  4 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session closed for user root
May  4 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Invalid user S from 195.178.110.50
May  4 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: input_userauth_request: invalid user S [preauth]
May  4 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25392]: pam_unix(cron:session): session closed for user samftp
May  4 13:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Failed password for invalid user S from 195.178.110.50 port 25788 ssh2
May  4 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25370]: Connection closed by 195.178.110.50 port 25788 [preauth]
May  4 13:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Invalid user ~ from 195.178.110.50
May  4 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: input_userauth_request: invalid user ~ [preauth]
May  4 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 13:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Failed password for invalid user ~ from 195.178.110.50 port 2884 ssh2
May  4 13:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25658]: Connection closed by 195.178.110.50 port 2884 [preauth]
May  4 13:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session closed for user root
May  4 13:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 13:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Failed password for root from 218.92.0.198 port 11384 ssh2
May  4 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 11384 ssh2]
May  4 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Received disconnect from 218.92.0.198 port 11384:11:  [preauth]
May  4 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Disconnected from 218.92.0.198 port 11384 [preauth]
May  4 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 13:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Invalid user K from 195.178.110.50
May  4 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: input_userauth_request: invalid user K [preauth]
May  4 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: Failed password for root from 218.92.0.198 port 40920 ssh2
May  4 13:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Failed password for invalid user K from 195.178.110.50 port 15620 ssh2
May  4 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: Failed password for root from 218.92.0.198 port 40920 ssh2
May  4 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: Failed password for root from 218.92.0.198 port 40920 ssh2
May  4 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: Received disconnect from 218.92.0.198 port 40920:11:  [preauth]
May  4 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: Disconnected from 218.92.0.198 port 40920 [preauth]
May  4 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25780]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25720]: Connection closed by 195.178.110.50 port 15620 [preauth]
May  4 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 13:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Failed password for root from 218.92.0.198 port 47034 ssh2
May  4 13:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 13:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Failed password for root from 218.92.0.198 port 47034 ssh2
May  4 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: Failed password for root from 218.92.0.222 port 33596 ssh2
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25813]: pam_unix(cron:session): session closed for user p13x
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: Successful su for rubyman by root
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: + ??? root:rubyman
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Failed password for root from 218.92.0.198 port 47034 ssh2
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327640 of user rubyman.
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: pam_unix(su:session): session closed for user rubyman
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327640.
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Received disconnect from 218.92.0.198 port 47034:11:  [preauth]
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Disconnected from 218.92.0.198 port 47034 [preauth]
May  4 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: Failed password for root from 218.92.0.222 port 33596 ssh2
May  4 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: Failed password for root from 218.92.0.222 port 33596 ssh2
May  4 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23016]: pam_unix(cron:session): session closed for user root
May  4 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25814]: pam_unix(cron:session): session closed for user samftp
May  4 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: Received disconnect from 218.92.0.222 port 33596:11:  [preauth]
May  4 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: Disconnected from 218.92.0.222 port 33596 [preauth]
May  4 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25802]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 13:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Failed password for root from 218.92.0.222 port 37948 ssh2
May  4 13:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 37948 ssh2]
May  4 13:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Received disconnect from 218.92.0.222 port 37948:11:  [preauth]
May  4 13:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Disconnected from 218.92.0.222 port 37948 [preauth]
May  4 13:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Invalid user ubuntu from 92.118.39.61
May  4 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: input_userauth_request: invalid user ubuntu [preauth]
May  4 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Failed password for invalid user ubuntu from 92.118.39.61 port 37744 ssh2
May  4 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26122]: Connection closed by 92.118.39.61 port 37744 [preauth]
May  4 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session closed for user root
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26209]: pam_unix(cron:session): session closed for user p13x
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26270]: Successful su for rubyman by root
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26270]: + ??? root:rubyman
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327645 of user rubyman.
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26270]: pam_unix(su:session): session closed for user rubyman
May  4 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327645.
May  4 13:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23527]: pam_unix(cron:session): session closed for user root
May  4 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26210]: pam_unix(cron:session): session closed for user samftp
May  4 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25394]: pam_unix(cron:session): session closed for user root
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session closed for user root
May  4 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user p13x
May  4 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26755]: Successful su for rubyman by root
May  4 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26755]: + ??? root:rubyman
May  4 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327648 of user rubyman.
May  4 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26755]: pam_unix(su:session): session closed for user rubyman
May  4 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327648.
May  4 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26686]: pam_unix(cron:session): session closed for user root
May  4 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24058]: pam_unix(cron:session): session closed for user root
May  4 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26685]: pam_unix(cron:session): session closed for user samftp
May  4 13:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Invalid user admin from 64.226.117.59
May  4 13:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: input_userauth_request: invalid user admin [preauth]
May  4 13:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Failed password for invalid user admin from 64.226.117.59 port 47346 ssh2
May  4 13:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Connection closed by 64.226.117.59 port 47346 [preauth]
May  4 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25816]: pam_unix(cron:session): session closed for user root
May  4 13:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: Failed password for root from 35.200.237.19 port 1124 ssh2
May  4 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: Received disconnect from 35.200.237.19 port 1124:11: Bye Bye [preauth]
May  4 13:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27156]: Disconnected from 35.200.237.19 port 1124 [preauth]
May  4 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user p13x
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27261]: Successful su for rubyman by root
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27261]: + ??? root:rubyman
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327655 of user rubyman.
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27261]: pam_unix(su:session): session closed for user rubyman
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327655.
May  4 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Invalid user rahman from 164.68.105.9
May  4 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: input_userauth_request: invalid user rahman [preauth]
May  4 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session closed for user root
May  4 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Failed password for invalid user rahman from 164.68.105.9 port 56468 ssh2
May  4 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Connection closed by 164.68.105.9 port 56468 [preauth]
May  4 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user samftp
May  4 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26212]: pam_unix(cron:session): session closed for user root
May  4 13:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 13:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Failed password for root from 185.93.89.118 port 25676 ssh2
May  4 13:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Connection closed by 185.93.89.118 port 25676 [preauth]
May  4 13:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179  user=root
May  4 13:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Failed password for root from 199.188.103.179 port 36588 ssh2
May  4 13:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Connection closed by 199.188.103.179 port 36588 [preauth]
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session closed for user p13x
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: Successful su for rubyman by root
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: + ??? root:rubyman
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327658 of user rubyman.
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27722]: pam_unix(su:session): session closed for user rubyman
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327658.
May  4 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27641]: Failed password for root from 185.93.89.118 port 29296 ssh2
May  4 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27641]: Connection closed by 185.93.89.118 port 29296 [preauth]
May  4 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24972]: pam_unix(cron:session): session closed for user root
May  4 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27663]: pam_unix(cron:session): session closed for user samftp
May  4 13:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 13:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Failed password for root from 185.93.89.118 port 54920 ssh2
May  4 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27875]: Connection closed by 185.93.89.118 port 54920 [preauth]
May  4 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26688]: pam_unix(cron:session): session closed for user root
May  4 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 13:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Failed password for root from 185.93.89.118 port 11660 ssh2
May  4 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Connection closed by 185.93.89.118 port 11660 [preauth]
May  4 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 13:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Failed password for root from 185.93.89.118 port 60024 ssh2
May  4 13:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Connection closed by 185.93.89.118 port 60024 [preauth]
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session closed for user p13x
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: Successful su for rubyman by root
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: + ??? root:rubyman
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327662 of user rubyman.
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: pam_unix(su:session): session closed for user rubyman
May  4 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327662.
May  4 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25393]: pam_unix(cron:session): session closed for user root
May  4 13:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session closed for user samftp
May  4 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user root
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28465]: pam_unix(cron:session): session closed for user p13x
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: Successful su for rubyman by root
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: + ??? root:rubyman
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327667 of user rubyman.
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: pam_unix(su:session): session closed for user rubyman
May  4 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327667.
May  4 13:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25815]: pam_unix(cron:session): session closed for user root
May  4 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session closed for user samftp
May  4 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session closed for user root
May  4 13:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: Invalid user sanjeet from 176.31.162.135
May  4 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: input_userauth_request: invalid user sanjeet [preauth]
May  4 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: Failed password for invalid user sanjeet from 176.31.162.135 port 47868 ssh2
May  4 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28848]: Connection closed by 176.31.162.135 port 47868 [preauth]
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28866]: pam_unix(cron:session): session closed for user root
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28860]: pam_unix(cron:session): session closed for user p13x
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28936]: Successful su for rubyman by root
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28936]: + ??? root:rubyman
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327671 of user rubyman.
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28936]: pam_unix(su:session): session closed for user rubyman
May  4 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327671.
May  4 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28862]: pam_unix(cron:session): session closed for user root
May  4 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26211]: pam_unix(cron:session): session closed for user root
May  4 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28861]: pam_unix(cron:session): session closed for user samftp
May  4 13:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Invalid user sol from 92.118.39.61
May  4 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: input_userauth_request: invalid user sol [preauth]
May  4 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Failed password for invalid user sol from 92.118.39.61 port 47670 ssh2
May  4 13:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Connection closed by 92.118.39.61 port 47670 [preauth]
May  4 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session closed for user root
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29401]: pam_unix(cron:session): session closed for user p13x
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29471]: Successful su for rubyman by root
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29471]: + ??? root:rubyman
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327678 of user rubyman.
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29471]: pam_unix(su:session): session closed for user rubyman
May  4 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327678.
May  4 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26687]: pam_unix(cron:session): session closed for user root
May  4 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29402]: pam_unix(cron:session): session closed for user samftp
May  4 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Invalid user deploy from 35.200.237.19
May  4 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: input_userauth_request: invalid user deploy [preauth]
May  4 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Failed password for invalid user deploy from 35.200.237.19 port 1145 ssh2
May  4 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Received disconnect from 35.200.237.19 port 1145:11: Bye Bye [preauth]
May  4 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Disconnected from 35.200.237.19 port 1145 [preauth]
May  4 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28468]: pam_unix(cron:session): session closed for user root
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29819]: pam_unix(cron:session): session closed for user p13x
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29886]: Successful su for rubyman by root
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29886]: + ??? root:rubyman
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327680 of user rubyman.
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29886]: pam_unix(su:session): session closed for user rubyman
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327680.
May  4 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user root
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for root from 218.92.0.218 port 32620 ssh2
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: Invalid user admin from 64.226.117.59
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: input_userauth_request: invalid user admin [preauth]
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29820]: pam_unix(cron:session): session closed for user samftp
May  4 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for root from 218.92.0.218 port 32620 ssh2
May  4 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: Failed password for invalid user admin from 64.226.117.59 port 35988 ssh2
May  4 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30039]: Connection closed by 64.226.117.59 port 35988 [preauth]
May  4 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for root from 218.92.0.218 port 32620 ssh2
May  4 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Received disconnect from 218.92.0.218 port 32620:11:  [preauth]
May  4 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Disconnected from 218.92.0.218 port 32620 [preauth]
May  4 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  4 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28865]: pam_unix(cron:session): session closed for user root
May  4 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session closed for user p13x
May  4 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: Successful su for rubyman by root
May  4 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: + ??? root:rubyman
May  4 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327684 of user rubyman.
May  4 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30280]: pam_unix(su:session): session closed for user rubyman
May  4 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327684.
May  4 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session closed for user root
May  4 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30223]: pam_unix(cron:session): session closed for user samftp
May  4 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session closed for user root
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session closed for user p13x
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: Successful su for rubyman by root
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: + ??? root:rubyman
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327688 of user rubyman.
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30677]: pam_unix(su:session): session closed for user rubyman
May  4 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327688.
May  4 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session closed for user root
May  4 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30616]: pam_unix(cron:session): session closed for user samftp
May  4 13:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 13:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Failed password for root from 218.92.0.226 port 24052 ssh2
May  4 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Failed password for root from 218.92.0.226 port 24052 ssh2
May  4 13:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29825]: pam_unix(cron:session): session closed for user root
May  4 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Failed password for root from 218.92.0.226 port 24052 ssh2
May  4 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Received disconnect from 218.92.0.226 port 24052:11:  [preauth]
May  4 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Disconnected from 218.92.0.226 port 24052 [preauth]
May  4 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31024]: pam_unix(cron:session): session closed for user root
May  4 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session closed for user p13x
May  4 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: Successful su for rubyman by root
May  4 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: + ??? root:rubyman
May  4 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327692 of user rubyman.
May  4 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: pam_unix(su:session): session closed for user rubyman
May  4 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327692.
May  4 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31021]: pam_unix(cron:session): session closed for user root
May  4 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28467]: pam_unix(cron:session): session closed for user root
May  4 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31020]: pam_unix(cron:session): session closed for user samftp
May  4 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30225]: pam_unix(cron:session): session closed for user root
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session closed for user p13x
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: Successful su for rubyman by root
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: + ??? root:rubyman
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327700 of user rubyman.
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: pam_unix(su:session): session closed for user rubyman
May  4 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327700.
May  4 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28864]: pam_unix(cron:session): session closed for user root
May  4 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31452]: pam_unix(cron:session): session closed for user samftp
May  4 13:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Invalid user admin from 35.200.237.19
May  4 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: input_userauth_request: invalid user admin [preauth]
May  4 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session closed for user root
May  4 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Failed password for invalid user admin from 35.200.237.19 port 1123 ssh2
May  4 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Received disconnect from 35.200.237.19 port 1123:11: Bye Bye [preauth]
May  4 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31787]: Disconnected from 35.200.237.19 port 1123 [preauth]
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31867]: pam_unix(cron:session): session closed for user p13x
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: Successful su for rubyman by root
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: + ??? root:rubyman
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327703 of user rubyman.
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31932]: pam_unix(su:session): session closed for user rubyman
May  4 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327703.
May  4 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session closed for user root
May  4 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31868]: pam_unix(cron:session): session closed for user samftp
May  4 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Invalid user btc from 92.118.39.61
May  4 13:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: input_userauth_request: invalid user btc [preauth]
May  4 13:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Failed password for invalid user btc from 92.118.39.61 port 57594 ssh2
May  4 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32186]: Connection closed by 92.118.39.61 port 57594 [preauth]
May  4 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31023]: pam_unix(cron:session): session closed for user root
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session closed for user p13x
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32340]: Successful su for rubyman by root
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32340]: + ??? root:rubyman
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327707 of user rubyman.
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32340]: pam_unix(su:session): session closed for user rubyman
May  4 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327707.
May  4 13:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29821]: pam_unix(cron:session): session closed for user root
May  4 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32282]: pam_unix(cron:session): session closed for user samftp
May  4 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session closed for user root
May  4 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Invalid user admin from 64.226.117.59
May  4 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: input_userauth_request: invalid user admin [preauth]
May  4 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Failed password for invalid user admin from 64.226.117.59 port 48484 ssh2
May  4 13:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Connection closed by 64.226.117.59 port 48484 [preauth]
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user p13x
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: Successful su for rubyman by root
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: + ??? root:rubyman
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327710 of user rubyman.
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[387]: pam_unix(su:session): session closed for user rubyman
May  4 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327710.
May  4 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30224]: pam_unix(cron:session): session closed for user root
May  4 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[319]: pam_unix(cron:session): session closed for user samftp
May  4 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31870]: pam_unix(cron:session): session closed for user root
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session closed for user root
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session closed for user p13x
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[854]: Successful su for rubyman by root
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[854]: + ??? root:rubyman
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327719 of user rubyman.
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[854]: pam_unix(su:session): session closed for user rubyman
May  4 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327719.
May  4 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session closed for user root
May  4 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30617]: pam_unix(cron:session): session closed for user root
May  4 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session closed for user samftp
May  4 13:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 13:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Failed password for root from 218.92.0.229 port 58440 ssh2
May  4 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 58440 ssh2]
May  4 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Received disconnect from 218.92.0.229 port 58440:11:  [preauth]
May  4 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: Disconnected from 218.92.0.229 port 58440 [preauth]
May  4 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1094]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 13:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Failed password for root from 218.92.0.229 port 50854 ssh2
May  4 13:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 50854 ssh2]
May  4 13:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Received disconnect from 218.92.0.229 port 50854:11:  [preauth]
May  4 13:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: Disconnected from 218.92.0.229 port 50854 [preauth]
May  4 13:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1105]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 13:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32284]: pam_unix(cron:session): session closed for user root
May  4 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Failed password for root from 218.92.0.229 port 10458 ssh2
May  4 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 10458 ssh2]
May  4 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Received disconnect from 218.92.0.229 port 10458:11:  [preauth]
May  4 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: Disconnected from 218.92.0.229 port 10458 [preauth]
May  4 13:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1139]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1251]: pam_unix(cron:session): session closed for user p13x
May  4 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1334]: Successful su for rubyman by root
May  4 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1334]: + ??? root:rubyman
May  4 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327720 of user rubyman.
May  4 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1334]: pam_unix(su:session): session closed for user rubyman
May  4 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327720.
May  4 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31022]: pam_unix(cron:session): session closed for user root
May  4 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1257]: pam_unix(cron:session): session closed for user samftp
May  4 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[321]: pam_unix(cron:session): session closed for user root
May  4 13:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Failed password for root from 35.200.237.19 port 1112 ssh2
May  4 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Received disconnect from 35.200.237.19 port 1112:11: Bye Bye [preauth]
May  4 13:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1657]: Disconnected from 35.200.237.19 port 1112 [preauth]
May  4 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session closed for user p13x
May  4 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: Successful su for rubyman by root
May  4 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: + ??? root:rubyman
May  4 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327724 of user rubyman.
May  4 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session closed for user rubyman
May  4 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327724.
May  4 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session closed for user root
May  4 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1716]: pam_unix(cron:session): session closed for user samftp
May  4 13:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session closed for user root
May  4 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Failed password for root from 218.92.0.210 port 29726 ssh2
May  4 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 29726 ssh2]
May  4 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 29726 ssh2 [preauth]
May  4 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Disconnecting: Too many authentication failures [preauth]
May  4 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 13:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 13:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: Failed password for root from 218.92.0.210 port 16950 ssh2
May  4 13:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 16950 ssh2]
May  4 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user p13x
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2283]: Successful su for rubyman by root
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2283]: + ??? root:rubyman
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327730 of user rubyman.
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2283]: pam_unix(su:session): session closed for user rubyman
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327730.
May  4 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: Failed password for root from 218.92.0.210 port 16950 ssh2
May  4 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31869]: pam_unix(cron:session): session closed for user root
May  4 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: Failed password for root from 218.92.0.210 port 16950 ssh2
May  4 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session closed for user samftp
May  4 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: Failed password for root from 218.92.0.210 port 16950 ssh2
May  4 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 16950 ssh2 [preauth]
May  4 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: Disconnecting: Too many authentication failures [preauth]
May  4 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 13:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2193]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 13:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for root from 218.92.0.210 port 42052 ssh2
May  4 13:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Received disconnect from 218.92.0.210 port 42052:11:  [preauth]
May  4 13:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Disconnected from 218.92.0.210 port 42052 [preauth]
May  4 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1259]: pam_unix(cron:session): session closed for user root
May  4 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user p13x
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: Successful su for rubyman by root
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: + ??? root:rubyman
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327733 of user rubyman.
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: pam_unix(su:session): session closed for user rubyman
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327733.
May  4 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user root
May  4 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32283]: pam_unix(cron:session): session closed for user root
May  4 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session closed for user samftp
May  4 13:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Invalid user eth from 92.118.39.61
May  4 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: input_userauth_request: invalid user eth [preauth]
May  4 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 13:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for invalid user eth from 92.118.39.61 port 39288 ssh2
May  4 13:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Connection closed by 92.118.39.61 port 39288 [preauth]
May  4 13:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Failed password for root from 218.92.0.237 port 30876 ssh2
May  4 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 30876 ssh2]
May  4 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Received disconnect from 218.92.0.237 port 30876:11:  [preauth]
May  4 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Disconnected from 218.92.0.237 port 30876 [preauth]
May  4 13:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1718]: pam_unix(cron:session): session closed for user root
May  4 13:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Did not receive identification string from 193.32.162.84
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session closed for user root
May  4 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3164]: pam_unix(cron:session): session closed for user p13x
May  4 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: Successful su for rubyman by root
May  4 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: + ??? root:rubyman
May  4 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327739 of user rubyman.
May  4 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3238]: pam_unix(su:session): session closed for user rubyman
May  4 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327739.
May  4 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session closed for user root
May  4 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[320]: pam_unix(cron:session): session closed for user root
May  4 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3165]: pam_unix(cron:session): session closed for user samftp
May  4 13:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Invalid user admin from 64.226.117.59
May  4 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: input_userauth_request: invalid user admin [preauth]
May  4 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Failed password for invalid user admin from 64.226.117.59 port 50260 ssh2
May  4 13:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Connection closed by 64.226.117.59 port 50260 [preauth]
May  4 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session closed for user root
May  4 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user p13x
May  4 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3719]: Successful su for rubyman by root
May  4 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3719]: + ??? root:rubyman
May  4 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327744 of user rubyman.
May  4 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3719]: pam_unix(su:session): session closed for user rubyman
May  4 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327744.
May  4 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user root
May  4 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session closed for user samftp
May  4 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session closed for user root
May  4 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4092]: pam_unix(cron:session): session closed for user p13x
May  4 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: Successful su for rubyman by root
May  4 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: + ??? root:rubyman
May  4 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327748 of user rubyman.
May  4 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4153]: pam_unix(su:session): session closed for user rubyman
May  4 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327748.
May  4 13:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session closed for user root
May  4 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session closed for user samftp
May  4 13:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for root from 35.200.237.19 port 1144 ssh2
May  4 13:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Received disconnect from 35.200.237.19 port 1144:11: Bye Bye [preauth]
May  4 13:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Disconnected from 35.200.237.19 port 1144 [preauth]
May  4 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3168]: pam_unix(cron:session): session closed for user root
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4656]: pam_unix(cron:session): session closed for user p13x
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4720]: Successful su for rubyman by root
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4720]: + ??? root:rubyman
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327753 of user rubyman.
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4720]: pam_unix(su:session): session closed for user rubyman
May  4 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327753.
May  4 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1717]: pam_unix(cron:session): session closed for user root
May  4 13:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4657]: pam_unix(cron:session): session closed for user samftp
May  4 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session closed for user root
May  4 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 13:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Failed password for root from 218.92.0.226 port 37880 ssh2
May  4 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 37880 ssh2]
May  4 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Received disconnect from 218.92.0.226 port 37880:11:  [preauth]
May  4 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: Disconnected from 218.92.0.226 port 37880 [preauth]
May  4 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5247]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  4 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5268]: pam_unix(cron:session): session closed for user p13x
May  4 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5338]: Successful su for rubyman by root
May  4 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5338]: + ??? root:rubyman
May  4 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327756 of user rubyman.
May  4 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5338]: pam_unix(su:session): session closed for user rubyman
May  4 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327756.
May  4 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2218]: pam_unix(cron:session): session closed for user root
May  4 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5270]: pam_unix(cron:session): session closed for user samftp
May  4 13:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Invalid user admin from 80.94.95.112
May  4 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: input_userauth_request: invalid user admin [preauth]
May  4 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 13:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user admin from 80.94.95.112 port 48385 ssh2
May  4 13:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user admin from 80.94.95.112 port 48385 ssh2
May  4 13:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user admin from 80.94.95.112 port 48385 ssh2
May  4 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session closed for user root
May  4 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user admin from 80.94.95.112 port 48385 ssh2
May  4 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Failed password for invalid user admin from 80.94.95.112 port 48385 ssh2
May  4 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Received disconnect from 80.94.95.112 port 48385:11: Bye [preauth]
May  4 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: Disconnected from 80.94.95.112 port 48385 [preauth]
May  4 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 13:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5621]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5746]: pam_unix(cron:session): session closed for user root
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5740]: pam_unix(cron:session): session closed for user p13x
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: Successful su for rubyman by root
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: + ??? root:rubyman
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327760 of user rubyman.
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5893]: pam_unix(su:session): session closed for user rubyman
May  4 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327760.
May  4 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5742]: pam_unix(cron:session): session closed for user root
May  4 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session closed for user root
May  4 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5741]: pam_unix(cron:session): session closed for user samftp
May  4 13:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Invalid user validator from 193.32.162.84
May  4 13:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: input_userauth_request: invalid user validator [preauth]
May  4 13:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 13:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Failed password for invalid user validator from 193.32.162.84 port 57682 ssh2
May  4 13:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6121]: Connection closed by 193.32.162.84 port 57682 [preauth]
May  4 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4659]: pam_unix(cron:session): session closed for user root
May  4 13:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Invalid user dogecoin from 92.118.39.61
May  4 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: input_userauth_request: invalid user dogecoin [preauth]
May  4 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 13:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Failed password for invalid user dogecoin from 92.118.39.61 port 49212 ssh2
May  4 13:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Connection closed by 92.118.39.61 port 49212 [preauth]
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session closed for user p13x
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6346]: Successful su for rubyman by root
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6346]: + ??? root:rubyman
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327765 of user rubyman.
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6346]: pam_unix(su:session): session closed for user rubyman
May  4 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327765.
May  4 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session closed for user root
May  4 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user samftp
May  4 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5273]: pam_unix(cron:session): session closed for user root
May  4 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Invalid user admin from 64.226.117.59
May  4 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: input_userauth_request: invalid user admin [preauth]
May  4 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Failed password for invalid user admin from 64.226.117.59 port 40840 ssh2
May  4 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6681]: Connection closed by 64.226.117.59 port 40840 [preauth]
May  4 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6693]: pam_unix(cron:session): session closed for user p13x
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6754]: Successful su for rubyman by root
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6754]: + ??? root:rubyman
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327769 of user rubyman.
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6754]: pam_unix(su:session): session closed for user rubyman
May  4 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327769.
May  4 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session closed for user root
May  4 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6694]: pam_unix(cron:session): session closed for user samftp
May  4 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: Invalid user grandma from 35.200.237.19
May  4 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: input_userauth_request: invalid user grandma [preauth]
May  4 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: Failed password for invalid user grandma from 35.200.237.19 port 1113 ssh2
May  4 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: Received disconnect from 35.200.237.19 port 1113:11: Bye Bye [preauth]
May  4 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7096]: Disconnected from 35.200.237.19 port 1113 [preauth]
May  4 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5745]: pam_unix(cron:session): session closed for user root
May  4 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7196]: pam_unix(cron:session): session closed for user p13x
May  4 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: Successful su for rubyman by root
May  4 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: + ??? root:rubyman
May  4 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327774 of user rubyman.
May  4 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: pam_unix(su:session): session closed for user rubyman
May  4 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327774.
May  4 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session closed for user root
May  4 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7197]: pam_unix(cron:session): session closed for user samftp
May  4 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user root
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7697]: pam_unix(cron:session): session closed for user p13x
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: Successful su for rubyman by root
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: + ??? root:rubyman
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327779 of user rubyman.
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session closed for user rubyman
May  4 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327779.
May  4 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4658]: pam_unix(cron:session): session closed for user root
May  4 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7698]: pam_unix(cron:session): session closed for user samftp
May  4 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6696]: pam_unix(cron:session): session closed for user root
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8139]: pam_unix(cron:session): session closed for user root
May  4 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8133]: pam_unix(cron:session): session closed for user p13x
May  4 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8218]: Successful su for rubyman by root
May  4 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8218]: + ??? root:rubyman
May  4 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327782 of user rubyman.
May  4 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8218]: pam_unix(su:session): session closed for user rubyman
May  4 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327782.
May  4 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8136]: pam_unix(cron:session): session closed for user root
May  4 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5272]: pam_unix(cron:session): session closed for user root
May  4 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session closed for user samftp
May  4 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session closed for user root
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session closed for user p13x
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: Successful su for rubyman by root
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: + ??? root:rubyman
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327789 of user rubyman.
May  4 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: pam_unix(su:session): session closed for user rubyman
May  4 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327789.
May  4 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5744]: pam_unix(cron:session): session closed for user root
May  4 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user samftp
May  4 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7700]: pam_unix(cron:session): session closed for user root
May  4 13:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Invalid user node from 193.32.162.84
May  4 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: input_userauth_request: invalid user node [preauth]
May  4 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 13:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Failed password for invalid user node from 193.32.162.84 port 60250 ssh2
May  4 13:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Connection closed by 193.32.162.84 port 60250 [preauth]
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9014]: pam_unix(cron:session): session closed for user p13x
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9077]: Successful su for rubyman by root
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9077]: + ??? root:rubyman
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327792 of user rubyman.
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9077]: pam_unix(su:session): session closed for user rubyman
May  4 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327792.
May  4 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session closed for user root
May  4 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Invalid user admin from 139.19.117.131
May  4 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: input_userauth_request: invalid user admin [preauth]
May  4 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session closed for user samftp
May  4 13:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9370]: Connection closed by 139.19.117.131 port 35550 [preauth]
May  4 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session closed for user root
May  4 13:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  4 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Failed password for root from 218.92.0.225 port 48394 ssh2
May  4 13:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61  user=root
May  4 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Failed password for root from 218.92.0.225 port 48394 ssh2
May  4 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Failed password for root from 92.118.39.61 port 59136 ssh2
May  4 13:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9492]: Connection closed by 92.118.39.61 port 59136 [preauth]
May  4 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Failed password for root from 218.92.0.225 port 48394 ssh2
May  4 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Received disconnect from 218.92.0.225 port 48394:11:  [preauth]
May  4 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: Disconnected from 218.92.0.225 port 48394 [preauth]
May  4 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9472]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  4 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Failed password for root from 35.200.237.19 port 1119 ssh2
May  4 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Received disconnect from 35.200.237.19 port 1119:11: Bye Bye [preauth]
May  4 13:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9526]: Disconnected from 35.200.237.19 port 1119 [preauth]
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session closed for user p13x
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: Successful su for rubyman by root
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: + ??? root:rubyman
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327797 of user rubyman.
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session closed for user rubyman
May  4 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327797.
May  4 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6695]: pam_unix(cron:session): session closed for user root
May  4 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  4 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session closed for user samftp
May  4 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for root from 218.92.0.225 port 32996 ssh2
May  4 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 32996 ssh2]
May  4 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Received disconnect from 218.92.0.225 port 32996:11:  [preauth]
May  4 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Disconnected from 218.92.0.225 port 32996 [preauth]
May  4 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  4 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session closed for user root
May  4 13:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: Invalid user admin from 64.226.117.59
May  4 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: input_userauth_request: invalid user admin [preauth]
May  4 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for root from 218.92.0.205 port 24282 ssh2
May  4 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: Failed password for invalid user admin from 64.226.117.59 port 33102 ssh2
May  4 13:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9907]: Connection closed by 64.226.117.59 port 33102 [preauth]
May  4 13:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for root from 218.92.0.205 port 24282 ssh2
May  4 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 24282 ssh2]
May  4 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 24282 ssh2 [preauth]
May  4 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Disconnecting: Too many authentication failures [preauth]
May  4 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 13:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 13:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Failed password for root from 218.92.0.205 port 49418 ssh2
May  4 13:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Failed password for root from 190.103.202.7 port 56862 ssh2
May  4 13:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Connection closed by 190.103.202.7 port 56862 [preauth]
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Failed password for root from 218.92.0.205 port 49418 ssh2
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session closed for user p13x
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: Successful su for rubyman by root
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: + ??? root:rubyman
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327799 of user rubyman.
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10024]: pam_unix(su:session): session closed for user rubyman
May  4 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327799.
May  4 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Failed password for root from 218.92.0.205 port 49418 ssh2
May  4 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7198]: pam_unix(cron:session): session closed for user root
May  4 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9963]: pam_unix(cron:session): session closed for user samftp
May  4 13:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Failed password for root from 218.92.0.205 port 49418 ssh2
May  4 13:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 49418 ssh2]
May  4 13:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 49418 ssh2 [preauth]
May  4 13:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: Disconnecting: Too many authentication failures [preauth]
May  4 13:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 13:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9948]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 13:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 13:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10324]: Failed password for root from 218.92.0.205 port 25000 ssh2
May  4 13:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10324]: Received disconnect from 218.92.0.205 port 25000:11:  [preauth]
May  4 13:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10324]: Disconnected from 218.92.0.205 port 25000 [preauth]
May  4 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9017]: pam_unix(cron:session): session closed for user root
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session closed for user root
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session closed for user p13x
May  4 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: Successful su for rubyman by root
May  4 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: + ??? root:rubyman
May  4 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327804 of user rubyman.
May  4 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10534]: pam_unix(su:session): session closed for user rubyman
May  4 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327804.
May  4 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7699]: pam_unix(cron:session): session closed for user root
May  4 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user root
May  4 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session closed for user samftp
May  4 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session closed for user root
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10949]: pam_unix(cron:session): session closed for user p13x
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: Successful su for rubyman by root
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: + ??? root:rubyman
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327810 of user rubyman.
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11016]: pam_unix(su:session): session closed for user rubyman
May  4 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327810.
May  4 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8137]: pam_unix(cron:session): session closed for user root
May  4 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session closed for user samftp
May  4 13:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9965]: pam_unix(cron:session): session closed for user root
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session closed for user p13x
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11413]: Successful su for rubyman by root
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11413]: + ??? root:rubyman
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327815 of user rubyman.
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11413]: pam_unix(su:session): session closed for user rubyman
May  4 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327815.
May  4 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session closed for user root
May  4 13:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session closed for user samftp
May  4 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user root
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11750]: pam_unix(cron:session): session closed for user p13x
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: Successful su for rubyman by root
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: + ??? root:rubyman
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327819 of user rubyman.
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session closed for user rubyman
May  4 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327819.
May  4 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session closed for user root
May  4 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session closed for user samftp
May  4 13:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Invalid user taibabi from 35.200.237.19
May  4 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: input_userauth_request: invalid user taibabi [preauth]
May  4 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 13:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Failed password for invalid user taibabi from 35.200.237.19 port 1128 ssh2
May  4 13:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Received disconnect from 35.200.237.19 port 1128:11: Bye Bye [preauth]
May  4 13:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12003]: Disconnected from 35.200.237.19 port 1128 [preauth]
May  4 13:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Invalid user solana from 193.32.162.84
May  4 13:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: input_userauth_request: invalid user solana [preauth]
May  4 13:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: pam_unix(sshd:auth): check pass; user unknown
May  4 13:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 13:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Failed password for invalid user solana from 193.32.162.84 port 34572 ssh2
May  4 13:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Connection closed by 193.32.162.84 port 34572 [preauth]
May  4 13:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session closed for user root
May  4 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12150]: pam_unix(cron:session): session closed for user p13x
May  4 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12208]: Successful su for rubyman by root
May  4 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12208]: + ??? root:rubyman
May  4 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327821 of user rubyman.
May  4 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12208]: pam_unix(su:session): session closed for user rubyman
May  4 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327821.
May  4 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session closed for user root
May  4 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12151]: pam_unix(cron:session): session closed for user samftp
May  4 13:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 13:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61  user=root
May  4 13:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Failed password for root from 92.118.39.61 port 40830 ssh2
May  4 13:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Connection closed by 92.118.39.61 port 40830 [preauth]
May  4 13:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session closed for user root
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user root
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12552]: pam_unix(cron:session): session closed for user root
May  4 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12549]: pam_unix(cron:session): session closed for user p13x
May  4 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12637]: Successful su for rubyman by root
May  4 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12637]: + ??? root:rubyman
May  4 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327828 of user rubyman.
May  4 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12637]: pam_unix(su:session): session closed for user rubyman
May  4 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327828.
May  4 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9964]: pam_unix(cron:session): session closed for user root
May  4 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12553]: pam_unix(cron:session): session closed for user root
May  4 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12551]: pam_unix(cron:session): session closed for user samftp
May  4 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Invalid user admin from 64.226.117.59
May  4 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: input_userauth_request: invalid user admin [preauth]
May  4 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for invalid user admin from 64.226.117.59 port 60078 ssh2
May  4 14:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Connection closed by 64.226.117.59 port 60078 [preauth]
May  4 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session closed for user root
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user p13x
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: Successful su for rubyman by root
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: + ??? root:rubyman
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327833 of user rubyman.
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: pam_unix(su:session): session closed for user rubyman
May  4 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327833.
May  4 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user root
May  4 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user samftp
May  4 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session closed for user root
May  4 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session closed for user p13x
May  4 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: Successful su for rubyman by root
May  4 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: + ??? root:rubyman
May  4 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327837 of user rubyman.
May  4 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: pam_unix(su:session): session closed for user rubyman
May  4 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327837.
May  4 14:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session closed for user root
May  4 14:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user samftp
May  4 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session closed for user root
May  4 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user p13x
May  4 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: Successful su for rubyman by root
May  4 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: + ??? root:rubyman
May  4 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327840 of user rubyman.
May  4 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14008]: pam_unix(su:session): session closed for user rubyman
May  4 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327840.
May  4 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session closed for user root
May  4 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session closed for user samftp
May  4 14:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: Invalid user teo from 35.200.237.19
May  4 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: input_userauth_request: invalid user teo [preauth]
May  4 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: Failed password for invalid user teo from 35.200.237.19 port 1132 ssh2
May  4 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: Received disconnect from 35.200.237.19 port 1132:11: Bye Bye [preauth]
May  4 14:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14251]: Disconnected from 35.200.237.19 port 1132 [preauth]
May  4 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13039]: pam_unix(cron:session): session closed for user root
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session closed for user p13x
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: Successful su for rubyman by root
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: + ??? root:rubyman
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327845 of user rubyman.
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14402]: pam_unix(su:session): session closed for user rubyman
May  4 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327845.
May  4 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session closed for user root
May  4 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user samftp
May  4 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user root
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session closed for user root
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14753]: pam_unix(cron:session): session closed for user p13x
May  4 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: Successful su for rubyman by root
May  4 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: + ??? root:rubyman
May  4 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327848 of user rubyman.
May  4 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: pam_unix(su:session): session closed for user rubyman
May  4 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327848.
May  4 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session closed for user root
May  4 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12152]: pam_unix(cron:session): session closed for user root
May  4 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Invalid user sol from 193.32.162.84
May  4 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: input_userauth_request: invalid user sol [preauth]
May  4 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session closed for user samftp
May  4 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Failed password for invalid user sol from 193.32.162.84 port 37112 ssh2
May  4 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15007]: Connection closed by 193.32.162.84 port 37112 [preauth]
May  4 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user root
May  4 14:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Invalid user trade-bot from 92.118.39.61
May  4 14:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: input_userauth_request: invalid user trade-bot [preauth]
May  4 14:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Failed password for invalid user trade-bot from 92.118.39.61 port 50756 ssh2
May  4 14:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Connection closed by 92.118.39.61 port 50756 [preauth]
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15183]: pam_unix(cron:session): session closed for user p13x
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: Successful su for rubyman by root
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: + ??? root:rubyman
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327856 of user rubyman.
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15250]: pam_unix(su:session): session closed for user rubyman
May  4 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327856.
May  4 14:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  4 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12554]: pam_unix(cron:session): session closed for user root
May  4 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15184]: pam_unix(cron:session): session closed for user samftp
May  4 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Failed password for root from 218.92.0.231 port 61718 ssh2
May  4 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 61718 ssh2]
May  4 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Received disconnect from 218.92.0.231 port 61718:11:  [preauth]
May  4 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Disconnected from 218.92.0.231 port 61718 [preauth]
May  4 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  4 14:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session closed for user root
May  4 14:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Failed password for root from 185.93.89.118 port 31300 ssh2
May  4 14:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Connection closed by 185.93.89.118 port 31300 [preauth]
May  4 14:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Invalid user admin from 64.226.117.59
May  4 14:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: input_userauth_request: invalid user admin [preauth]
May  4 14:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Failed password for invalid user admin from 64.226.117.59 port 33468 ssh2
May  4 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Connection closed by 64.226.117.59 port 33468 [preauth]
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session closed for user p13x
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15647]: Successful su for rubyman by root
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15647]: + ??? root:rubyman
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327859 of user rubyman.
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15647]: pam_unix(su:session): session closed for user rubyman
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327859.
May  4 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Failed password for root from 185.93.89.118 port 23850 ssh2
May  4 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13034]: pam_unix(cron:session): session closed for user root
May  4 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user samftp
May  4 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15562]: Connection closed by 185.93.89.118 port 23850 [preauth]
May  4 14:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for root from 185.93.89.118 port 41414 ssh2
May  4 14:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Connection closed by 185.93.89.118 port 41414 [preauth]
May  4 14:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session closed for user root
May  4 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: Failed password for root from 185.93.89.118 port 18294 ssh2
May  4 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15891]: Connection closed by 185.93.89.118 port 18294 [preauth]
May  4 14:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Failed password for root from 185.93.89.118 port 54416 ssh2
May  4 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session closed for user p13x
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: Successful su for rubyman by root
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: + ??? root:rubyman
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327863 of user rubyman.
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: pam_unix(su:session): session closed for user rubyman
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327863.
May  4 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Connection closed by 185.93.89.118 port 54416 [preauth]
May  4 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user root
May  4 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user samftp
May  4 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session closed for user root
May  4 14:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Invalid user pulsedebug from 35.200.237.19
May  4 14:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: input_userauth_request: invalid user pulsedebug [preauth]
May  4 14:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Failed password for invalid user pulsedebug from 35.200.237.19 port 1119 ssh2
May  4 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Received disconnect from 35.200.237.19 port 1119:11: Bye Bye [preauth]
May  4 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Disconnected from 35.200.237.19 port 1119 [preauth]
May  4 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session closed for user p13x
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16501]: Successful su for rubyman by root
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16501]: + ??? root:rubyman
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327866 of user rubyman.
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16501]: pam_unix(su:session): session closed for user rubyman
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327866.
May  4 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session closed for user root
May  4 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session closed for user root
May  4 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user samftp
May  4 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user root
May  4 14:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 218.92.0.206 port 39758 ssh2
May  4 14:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 218.92.0.206 port 39758 ssh2
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session closed for user root
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16932]: pam_unix(cron:session): session closed for user p13x
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 218.92.0.206 port 39758 ssh2
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17009]: Successful su for rubyman by root
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17009]: + ??? root:rubyman
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327874 of user rubyman.
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17009]: pam_unix(su:session): session closed for user rubyman
May  4 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327874.
May  4 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16934]: pam_unix(cron:session): session closed for user root
May  4 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session closed for user root
May  4 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 218.92.0.206 port 39758 ssh2
May  4 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16933]: pam_unix(cron:session): session closed for user samftp
May  4 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 218.92.0.206 port 39758 ssh2
May  4 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 39758 ssh2 [preauth]
May  4 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Disconnecting: Too many authentication failures [preauth]
May  4 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 14:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Failed password for root from 218.92.0.206 port 20446 ssh2
May  4 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: message repeated 5 times: [ Failed password for root from 218.92.0.206 port 20446 ssh2]
May  4 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 20446 ssh2 [preauth]
May  4 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: Disconnecting: Too many authentication failures [preauth]
May  4 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17227]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 14:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Failed password for root from 218.92.0.206 port 54770 ssh2
May  4 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Received disconnect from 218.92.0.206 port 54770:11:  [preauth]
May  4 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17294]: Disconnected from 218.92.0.206 port 54770 [preauth]
May  4 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15994]: pam_unix(cron:session): session closed for user root
May  4 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Invalid user v from 195.178.110.50
May  4 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: input_userauth_request: invalid user v [preauth]
May  4 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 14:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for invalid user v from 195.178.110.50 port 26296 ssh2
May  4 14:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Connection closed by 195.178.110.50 port 26296 [preauth]
May  4 14:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session closed for user p13x
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: Successful su for rubyman by root
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: + ??? root:rubyman
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327878 of user rubyman.
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: pam_unix(su:session): session closed for user rubyman
May  4 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327878.
May  4 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session closed for user root
May  4 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session closed for user samftp
May  4 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Invalid user C from 195.178.110.50
May  4 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: input_userauth_request: invalid user C [preauth]
May  4 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 14:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Failed password for invalid user C from 195.178.110.50 port 28314 ssh2
May  4 14:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17355]: Connection closed by 195.178.110.50 port 28314 [preauth]
May  4 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: Invalid user n from 195.178.110.50
May  4 14:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: input_userauth_request: invalid user n [preauth]
May  4 14:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 14:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: Failed password for invalid user n from 195.178.110.50 port 9318 ssh2
May  4 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: Connection closed by 195.178.110.50 port 9318 [preauth]
May  4 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user root
May  4 14:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Invalid user ubuntu from 193.32.162.84
May  4 14:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Failed password for invalid user ubuntu from 193.32.162.84 port 39654 ssh2
May  4 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Connection closed by 193.32.162.84 port 39654 [preauth]
May  4 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Invalid user ; from 195.178.110.50
May  4 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: input_userauth_request: invalid user ; [preauth]
May  4 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Failed password for invalid user ; from 195.178.110.50 port 56084 ssh2
May  4 14:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Connection closed by 195.178.110.50 port 56084 [preauth]
May  4 14:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session closed for user p13x
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17984]: Successful su for rubyman by root
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17984]: + ??? root:rubyman
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327882 of user rubyman.
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17984]: pam_unix(su:session): session closed for user rubyman
May  4 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327882.
May  4 14:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15185]: pam_unix(cron:session): session closed for user root
May  4 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user samftp
May  4 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Invalid user f from 195.178.110.50
May  4 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: input_userauth_request: invalid user f [preauth]
May  4 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Failed password for invalid user f from 195.178.110.50 port 13244 ssh2
May  4 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Connection closed by 195.178.110.50 port 13244 [preauth]
May  4 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16936]: pam_unix(cron:session): session closed for user root
May  4 14:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Invalid user trade.bot from 92.118.39.61
May  4 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: input_userauth_request: invalid user trade.bot [preauth]
May  4 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Failed password for invalid user trade.bot from 92.118.39.61 port 60682 ssh2
May  4 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18289]: Connection closed by 92.118.39.61 port 60682 [preauth]
May  4 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session closed for user p13x
May  4 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18407]: Successful su for rubyman by root
May  4 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18407]: + ??? root:rubyman
May  4 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327885 of user rubyman.
May  4 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18407]: pam_unix(su:session): session closed for user rubyman
May  4 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327885.
May  4 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user root
May  4 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session closed for user samftp
May  4 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session closed for user root
May  4 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Invalid user admin from 64.226.117.59
May  4 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: input_userauth_request: invalid user admin [preauth]
May  4 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Failed password for invalid user admin from 64.226.117.59 port 54884 ssh2
May  4 14:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Connection closed by 64.226.117.59 port 54884 [preauth]
May  4 14:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18750]: pam_unix(cron:session): session closed for user p13x
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: Successful su for rubyman by root
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: + ??? root:rubyman
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327890 of user rubyman.
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18821]: pam_unix(su:session): session closed for user rubyman
May  4 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327890.
May  4 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15993]: pam_unix(cron:session): session closed for user root
May  4 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18751]: pam_unix(cron:session): session closed for user samftp
May  4 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18982]: Failed password for root from 35.200.237.19 port 1116 ssh2
May  4 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18982]: Received disconnect from 35.200.237.19 port 1116:11: Bye Bye [preauth]
May  4 14:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18982]: Disconnected from 35.200.237.19 port 1116 [preauth]
May  4 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17919]: pam_unix(cron:session): session closed for user root
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19163]: pam_unix(cron:session): session closed for user root
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19158]: pam_unix(cron:session): session closed for user p13x
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19226]: Successful su for rubyman by root
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19226]: + ??? root:rubyman
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327893 of user rubyman.
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19226]: pam_unix(su:session): session closed for user rubyman
May  4 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327893.
May  4 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19160]: pam_unix(cron:session): session closed for user root
May  4 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user root
May  4 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19159]: pam_unix(cron:session): session closed for user samftp
May  4 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session closed for user root
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19597]: pam_unix(cron:session): session closed for user p13x
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19679]: Successful su for rubyman by root
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19679]: + ??? root:rubyman
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327899 of user rubyman.
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19679]: pam_unix(su:session): session closed for user rubyman
May  4 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327899.
May  4 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16935]: pam_unix(cron:session): session closed for user root
May  4 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session closed for user samftp
May  4 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18753]: pam_unix(cron:session): session closed for user root
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session closed for user root
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session closed for user p13x
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20097]: Successful su for rubyman by root
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20097]: + ??? root:rubyman
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327904 of user rubyman.
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20097]: pam_unix(su:session): session closed for user rubyman
May  4 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327904.
May  4 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session closed for user root
May  4 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20031]: pam_unix(cron:session): session closed for user samftp
May  4 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19162]: pam_unix(cron:session): session closed for user root
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session closed for user p13x
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: Successful su for rubyman by root
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: + ??? root:rubyman
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327910 of user rubyman.
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20489]: pam_unix(su:session): session closed for user rubyman
May  4 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327910.
May  4 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session closed for user root
May  4 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session closed for user samftp
May  4 14:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Invalid user ubuntu from 193.32.162.84
May  4 14:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Failed password for invalid user ubuntu from 193.32.162.84 port 42198 ssh2
May  4 14:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Connection closed by 193.32.162.84 port 42198 [preauth]
May  4 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user root
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20831]: pam_unix(cron:session): session closed for user p13x
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: Successful su for rubyman by root
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: + ??? root:rubyman
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327912 of user rubyman.
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: pam_unix(su:session): session closed for user rubyman
May  4 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327912.
May  4 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session closed for user root
May  4 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20832]: pam_unix(cron:session): session closed for user samftp
May  4 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Invalid user tradebot from 92.118.39.61
May  4 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: input_userauth_request: invalid user tradebot [preauth]
May  4 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Failed password for invalid user tradebot from 92.118.39.61 port 42374 ssh2
May  4 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21123]: Connection closed by 92.118.39.61 port 42374 [preauth]
May  4 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: Failed password for root from 218.92.0.220 port 45016 ssh2
May  4 14:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 45016 ssh2]
May  4 14:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: Received disconnect from 218.92.0.220 port 45016:11:  [preauth]
May  4 14:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: Disconnected from 218.92.0.220 port 45016 [preauth]
May  4 14:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21125]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 14:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 14:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20033]: pam_unix(cron:session): session closed for user root
May  4 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Failed password for root from 35.200.237.19 port 1121 ssh2
May  4 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Received disconnect from 35.200.237.19 port 1121:11: Bye Bye [preauth]
May  4 14:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Disconnected from 35.200.237.19 port 1121 [preauth]
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21288]: pam_unix(cron:session): session closed for user root
May  4 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21281]: pam_unix(cron:session): session closed for user p13x
May  4 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21355]: Successful su for rubyman by root
May  4 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21355]: + ??? root:rubyman
May  4 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327916 of user rubyman.
May  4 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21355]: pam_unix(su:session): session closed for user rubyman
May  4 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327916.
May  4 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18752]: pam_unix(cron:session): session closed for user root
May  4 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21285]: pam_unix(cron:session): session closed for user root
May  4 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21282]: pam_unix(cron:session): session closed for user samftp
May  4 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Invalid user admin from 64.226.117.59
May  4 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: input_userauth_request: invalid user admin [preauth]
May  4 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for invalid user admin from 64.226.117.59 port 45352 ssh2
May  4 14:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Connection closed by 64.226.117.59 port 45352 [preauth]
May  4 14:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session closed for user root
May  4 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21752]: pam_unix(cron:session): session closed for user p13x
May  4 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22101]: Successful su for rubyman by root
May  4 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22101]: + ??? root:rubyman
May  4 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327923 of user rubyman.
May  4 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22101]: pam_unix(su:session): session closed for user rubyman
May  4 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327923.
May  4 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19161]: pam_unix(cron:session): session closed for user root
May  4 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21832]: pam_unix(cron:session): session closed for user samftp
May  4 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20835]: pam_unix(cron:session): session closed for user root
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22498]: pam_unix(cron:session): session closed for user p13x
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: Successful su for rubyman by root
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: + ??? root:rubyman
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327927 of user rubyman.
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22577]: pam_unix(su:session): session closed for user rubyman
May  4 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327927.
May  4 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session closed for user root
May  4 14:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session closed for user samftp
May  4 14:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: Did not receive identification string from 39.106.156.142
May  4 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21287]: pam_unix(cron:session): session closed for user root
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22972]: pam_unix(cron:session): session closed for user p13x
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23037]: Successful su for rubyman by root
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23037]: + ??? root:rubyman
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327931 of user rubyman.
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23037]: pam_unix(su:session): session closed for user rubyman
May  4 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327931.
May  4 14:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20032]: pam_unix(cron:session): session closed for user root
May  4 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22974]: pam_unix(cron:session): session closed for user samftp
May  4 14:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21846]: pam_unix(cron:session): session closed for user root
May  4 14:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23488]: pam_unix(cron:session): session closed for user p13x
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: Successful su for rubyman by root
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: + ??? root:rubyman
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327934 of user rubyman.
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23549]: pam_unix(su:session): session closed for user rubyman
May  4 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327934.
May  4 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user root
May  4 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23489]: pam_unix(cron:session): session closed for user samftp
May  4 14:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22501]: pam_unix(cron:session): session closed for user root
May  4 14:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Invalid user user from 35.200.237.19
May  4 14:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: input_userauth_request: invalid user user [preauth]
May  4 14:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Failed password for invalid user user from 35.200.237.19 port 1119 ssh2
May  4 14:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Received disconnect from 35.200.237.19 port 1119:11: Bye Bye [preauth]
May  4 14:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23981]: Disconnected from 35.200.237.19 port 1119 [preauth]
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session closed for user root
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24015]: pam_unix(cron:session): session closed for user p13x
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: Successful su for rubyman by root
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: + ??? root:rubyman
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327938 of user rubyman.
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24082]: pam_unix(su:session): session closed for user rubyman
May  4 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327938.
May  4 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24017]: pam_unix(cron:session): session closed for user root
May  4 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: Invalid user ubuntu from 193.32.162.84
May  4 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20833]: pam_unix(cron:session): session closed for user root
May  4 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: Failed password for invalid user ubuntu from 193.32.162.84 port 44732 ssh2
May  4 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24134]: Connection closed by 193.32.162.84 port 44732 [preauth]
May  4 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24016]: pam_unix(cron:session): session closed for user samftp
May  4 14:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 14:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Failed password for root from 218.92.0.201 port 42692 ssh2
May  4 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22978]: pam_unix(cron:session): session closed for user root
May  4 14:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Invalid user bot from 92.118.39.61
May  4 14:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: input_userauth_request: invalid user bot [preauth]
May  4 14:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Failed password for invalid user bot from 92.118.39.61 port 52300 ssh2
May  4 14:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Connection closed by 92.118.39.61 port 52300 [preauth]
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24491]: pam_unix(cron:session): session closed for user p13x
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: Successful su for rubyman by root
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: + ??? root:rubyman
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327945 of user rubyman.
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24564]: pam_unix(su:session): session closed for user rubyman
May  4 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327945.
May  4 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21286]: pam_unix(cron:session): session closed for user root
May  4 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24492]: pam_unix(cron:session): session closed for user samftp
May  4 14:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Invalid user mike from 46.244.96.25
May  4 14:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: input_userauth_request: invalid user mike [preauth]
May  4 14:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 14:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Failed password for invalid user mike from 46.244.96.25 port 50314 ssh2
May  4 14:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Connection closed by 46.244.96.25 port 50314 [preauth]
May  4 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23491]: pam_unix(cron:session): session closed for user root
May  4 14:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Invalid user admin from 64.226.117.59
May  4 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: input_userauth_request: invalid user admin [preauth]
May  4 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Failed password for invalid user admin from 64.226.117.59 port 41248 ssh2
May  4 14:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Connection closed by 64.226.117.59 port 41248 [preauth]
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24917]: pam_unix(cron:session): session closed for user p13x
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24986]: Successful su for rubyman by root
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24986]: + ??? root:rubyman
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327948 of user rubyman.
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24986]: pam_unix(su:session): session closed for user rubyman
May  4 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327948.
May  4 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21834]: pam_unix(cron:session): session closed for user root
May  4 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24919]: pam_unix(cron:session): session closed for user samftp
May  4 14:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Invalid user mingtian from 193.70.84.184
May  4 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: input_userauth_request: invalid user mingtian [preauth]
May  4 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 14:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Failed password for invalid user mingtian from 193.70.84.184 port 57308 ssh2
May  4 14:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Connection closed by 193.70.84.184 port 57308 [preauth]
May  4 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24019]: pam_unix(cron:session): session closed for user root
May  4 14:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25279]: Did not receive identification string from 47.236.74.146
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25329]: pam_unix(cron:session): session closed for user p13x
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: Successful su for rubyman by root
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: + ??? root:rubyman
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327952 of user rubyman.
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: pam_unix(su:session): session closed for user rubyman
May  4 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327952.
May  4 14:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session closed for user root
May  4 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25330]: pam_unix(cron:session): session closed for user samftp
May  4 14:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session closed for user root
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session closed for user p13x
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25805]: Successful su for rubyman by root
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25805]: + ??? root:rubyman
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327957 of user rubyman.
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25805]: pam_unix(su:session): session closed for user rubyman
May  4 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327957.
May  4 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22975]: pam_unix(cron:session): session closed for user root
May  4 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session closed for user samftp
May  4 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: Invalid user user1 from 164.68.105.9
May  4 14:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: input_userauth_request: invalid user user1 [preauth]
May  4 14:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 14:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: Failed password for invalid user user1 from 164.68.105.9 port 48692 ssh2
May  4 14:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: Connection closed by 164.68.105.9 port 48692 [preauth]
May  4 14:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user root
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26144]: pam_unix(cron:session): session closed for user root
May  4 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session closed for user p13x
May  4 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: Successful su for rubyman by root
May  4 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: + ??? root:rubyman
May  4 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327962 of user rubyman.
May  4 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: pam_unix(su:session): session closed for user rubyman
May  4 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327962.
May  4 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26141]: pam_unix(cron:session): session closed for user root
May  4 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23490]: pam_unix(cron:session): session closed for user root
May  4 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26140]: pam_unix(cron:session): session closed for user samftp
May  4 14:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Invalid user mastodon from 35.200.237.19
May  4 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: input_userauth_request: invalid user mastodon [preauth]
May  4 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Failed password for invalid user mastodon from 35.200.237.19 port 1098 ssh2
May  4 14:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Received disconnect from 35.200.237.19 port 1098:11: Bye Bye [preauth]
May  4 14:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Disconnected from 35.200.237.19 port 1098 [preauth]
May  4 14:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  4 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: Failed password for root from 50.235.31.47 port 34890 ssh2
May  4 14:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: Connection closed by 50.235.31.47 port 34890 [preauth]
May  4 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25332]: pam_unix(cron:session): session closed for user root
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user p13x
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26715]: Successful su for rubyman by root
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26715]: + ??? root:rubyman
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327967 of user rubyman.
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26715]: pam_unix(su:session): session closed for user rubyman
May  4 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327967.
May  4 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24018]: pam_unix(cron:session): session closed for user root
May  4 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user samftp
May  4 14:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: Invalid user  from 139.59.226.171
May  4 14:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: input_userauth_request: invalid user  [preauth]
May  4 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26995]: Connection closed by 139.59.226.171 port 60444 [preauth]
May  4 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user root
May  4 14:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: Invalid user ubuntu from 193.32.162.84
May  4 14:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: Failed password for invalid user ubuntu from 193.32.162.84 port 47264 ssh2
May  4 14:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: Connection closed by 193.32.162.84 port 47264 [preauth]
May  4 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27123]: pam_unix(cron:session): session closed for user p13x
May  4 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: Successful su for rubyman by root
May  4 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: + ??? root:rubyman
May  4 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327970 of user rubyman.
May  4 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: pam_unix(su:session): session closed for user rubyman
May  4 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327970.
May  4 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24493]: pam_unix(cron:session): session closed for user root
May  4 14:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27124]: pam_unix(cron:session): session closed for user samftp
May  4 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: Invalid user tradebot from 92.118.39.61
May  4 14:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: input_userauth_request: invalid user tradebot [preauth]
May  4 14:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: Failed password for invalid user tradebot from 92.118.39.61 port 33994 ssh2
May  4 14:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27467]: Connection closed by 92.118.39.61 port 33994 [preauth]
May  4 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26143]: pam_unix(cron:session): session closed for user root
May  4 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27589]: pam_unix(cron:session): session closed for user p13x
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27650]: Successful su for rubyman by root
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27650]: + ??? root:rubyman
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327974 of user rubyman.
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27650]: pam_unix(su:session): session closed for user rubyman
May  4 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327974.
May  4 14:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user root
May  4 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27590]: pam_unix(cron:session): session closed for user samftp
May  4 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27846]: Did not receive identification string from 35.236.117.26
May  4 14:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Invalid user admin from 64.226.117.59
May  4 14:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: input_userauth_request: invalid user admin [preauth]
May  4 14:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Failed password for invalid user admin from 64.226.117.59 port 42018 ssh2
May  4 14:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Connection closed by 64.226.117.59 port 42018 [preauth]
May  4 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user root
May  4 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28008]: pam_unix(cron:session): session closed for user p13x
May  4 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: Successful su for rubyman by root
May  4 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: + ??? root:rubyman
May  4 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327981 of user rubyman.
May  4 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: pam_unix(su:session): session closed for user rubyman
May  4 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327981.
May  4 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25331]: pam_unix(cron:session): session closed for user root
May  4 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session closed for user samftp
May  4 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session closed for user root
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28419]: pam_unix(cron:session): session closed for user root
May  4 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28413]: pam_unix(cron:session): session closed for user p13x
May  4 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28483]: Successful su for rubyman by root
May  4 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28483]: + ??? root:rubyman
May  4 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28483]: pam_unix(su:session): session closed for user rubyman
May  4 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327983 of user rubyman.
May  4 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327983.
May  4 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28415]: pam_unix(cron:session): session closed for user root
May  4 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session closed for user root
May  4 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session closed for user samftp
May  4 14:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Invalid user piso from 35.200.237.19
May  4 14:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: input_userauth_request: invalid user piso [preauth]
May  4 14:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Failed password for invalid user piso from 35.200.237.19 port 1124 ssh2
May  4 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Received disconnect from 35.200.237.19 port 1124:11: Bye Bye [preauth]
May  4 14:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28752]: Disconnected from 35.200.237.19 port 1124 [preauth]
May  4 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27592]: pam_unix(cron:session): session closed for user root
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session closed for user p13x
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28916]: Successful su for rubyman by root
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28916]: + ??? root:rubyman
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327988 of user rubyman.
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28916]: pam_unix(su:session): session closed for user rubyman
May  4 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327988.
May  4 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26142]: pam_unix(cron:session): session closed for user root
May  4 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session closed for user samftp
May  4 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session closed for user root
May  4 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session closed for user p13x
May  4 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: Successful su for rubyman by root
May  4 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: + ??? root:rubyman
May  4 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327993 of user rubyman.
May  4 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: pam_unix(su:session): session closed for user rubyman
May  4 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327993.
May  4 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user root
May  4 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session closed for user samftp
May  4 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28417]: pam_unix(cron:session): session closed for user root
May  4 14:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  4 14:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29707]: Failed password for root from 124.198.59.254 port 59774 ssh2
May  4 14:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29707]: Connection closed by 124.198.59.254 port 59774 [preauth]
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29778]: pam_unix(cron:session): session closed for user p13x
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: Successful su for rubyman by root
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: + ??? root:rubyman
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 327997 of user rubyman.
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29840]: pam_unix(su:session): session closed for user rubyman
May  4 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 327997.
May  4 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session closed for user root
May  4 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29779]: pam_unix(cron:session): session closed for user samftp
May  4 14:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Invalid user ubuntu from 193.32.162.84
May  4 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Failed password for invalid user ubuntu from 193.32.162.84 port 49840 ssh2
May  4 14:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30059]: Connection closed by 193.32.162.84 port 49840 [preauth]
May  4 14:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session closed for user root
May  4 14:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61  user=root
May  4 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Failed password for root from 92.118.39.61 port 43920 ssh2
May  4 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Connection closed by 92.118.39.61 port 43920 [preauth]
May  4 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30181]: pam_unix(cron:session): session closed for user p13x
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: Successful su for rubyman by root
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: + ??? root:rubyman
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328000 of user rubyman.
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30288]: pam_unix(su:session): session closed for user rubyman
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328000.
May  4 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30179]: pam_unix(cron:session): session closed for user root
May  4 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27591]: pam_unix(cron:session): session closed for user root
May  4 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30182]: pam_unix(cron:session): session closed for user samftp
May  4 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session closed for user root
May  4 14:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Invalid user taibabi from 152.206.118.154
May  4 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: input_userauth_request: invalid user taibabi [preauth]
May  4 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 14:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Failed password for invalid user taibabi from 152.206.118.154 port 59910 ssh2
May  4 14:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Received disconnect from 152.206.118.154 port 59910:11: Bye Bye [preauth]
May  4 14:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Disconnected from 152.206.118.154 port 59910 [preauth]
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session closed for user root
May  4 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30664]: pam_unix(cron:session): session closed for user p13x
May  4 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: Successful su for rubyman by root
May  4 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: + ??? root:rubyman
May  4 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328005 of user rubyman.
May  4 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: pam_unix(su:session): session closed for user rubyman
May  4 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328005.
May  4 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session closed for user root
May  4 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session closed for user root
May  4 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30665]: pam_unix(cron:session): session closed for user samftp
May  4 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: Invalid user ADMIN from 64.226.117.59
May  4 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: input_userauth_request: invalid user ADMIN [preauth]
May  4 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: Failed password for invalid user ADMIN from 64.226.117.59 port 48050 ssh2
May  4 14:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30940]: Connection closed by 64.226.117.59 port 48050 [preauth]
May  4 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session closed for user root
May  4 14:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Invalid user sonar from 35.200.237.19
May  4 14:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: input_userauth_request: invalid user sonar [preauth]
May  4 14:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Failed password for invalid user sonar from 35.200.237.19 port 1092 ssh2
May  4 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Received disconnect from 35.200.237.19 port 1092:11: Bye Bye [preauth]
May  4 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Disconnected from 35.200.237.19 port 1092 [preauth]
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user p13x
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31176]: Successful su for rubyman by root
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31176]: + ??? root:rubyman
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328011 of user rubyman.
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31176]: pam_unix(su:session): session closed for user rubyman
May  4 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328011.
May  4 14:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28416]: pam_unix(cron:session): session closed for user root
May  4 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user samftp
May  4 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30184]: pam_unix(cron:session): session closed for user root
May  4 14:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: Failed password for root from 218.92.0.206 port 11308 ssh2
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 11308 ssh2]
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 11308 ssh2 [preauth]
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: Disconnecting: Too many authentication failures [preauth]
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31510]: pam_unix(cron:session): session closed for user p13x
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31573]: Successful su for rubyman by root
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31573]: + ??? root:rubyman
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328016 of user rubyman.
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31573]: pam_unix(su:session): session closed for user rubyman
May  4 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328016.
May  4 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session closed for user root
May  4 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31511]: pam_unix(cron:session): session closed for user samftp
May  4 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: Failed password for root from 218.92.0.206 port 40792 ssh2
May  4 14:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: Failed password for root from 218.92.0.206 port 40792 ssh2
May  4 14:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: Invalid user userTest from 164.68.105.9
May  4 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: input_userauth_request: invalid user userTest [preauth]
May  4 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 14:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: Failed password for root from 218.92.0.206 port 40792 ssh2
May  4 14:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: Failed password for invalid user userTest from 164.68.105.9 port 54054 ssh2
May  4 14:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: Connection closed by 164.68.105.9 port 54054 [preauth]
May  4 14:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: Failed password for root from 218.92.0.206 port 40792 ssh2
May  4 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 40792 ssh2]
May  4 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 40792 ssh2 [preauth]
May  4 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: Disconnecting: Too many authentication failures [preauth]
May  4 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31708]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 14:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31815]: Failed password for root from 218.92.0.206 port 47052 ssh2
May  4 14:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31815]: Received disconnect from 218.92.0.206 port 47052:11:  [preauth]
May  4 14:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31815]: Disconnected from 218.92.0.206 port 47052 [preauth]
May  4 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session closed for user root
May  4 14:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31877]: Did not receive identification string from 35.236.117.26
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session closed for user p13x
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32012]: Successful su for rubyman by root
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32012]: + ??? root:rubyman
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328021 of user rubyman.
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32012]: pam_unix(su:session): session closed for user rubyman
May  4 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328021.
May  4 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session closed for user root
May  4 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session closed for user samftp
May  4 14:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31110]: pam_unix(cron:session): session closed for user root
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user p13x
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32409]: Successful su for rubyman by root
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32409]: + ??? root:rubyman
May  4 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328024 of user rubyman.
May  4 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32409]: pam_unix(su:session): session closed for user rubyman
May  4 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328024.
May  4 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29780]: pam_unix(cron:session): session closed for user root
May  4 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32348]: pam_unix(cron:session): session closed for user samftp
May  4 14:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31513]: pam_unix(cron:session): session closed for user root
May  4 14:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Invalid user ubuntu from 193.32.162.84
May  4 14:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[408]: pam_unix(cron:session): session closed for user root
May  4 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[399]: pam_unix(cron:session): session closed for user p13x
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user ubuntu from 193.32.162.84 port 52392 ssh2
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Connection closed by 193.32.162.84 port 52392 [preauth]
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[491]: Successful su for rubyman by root
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[491]: + ??? root:rubyman
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328029 of user rubyman.
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[491]: pam_unix(su:session): session closed for user rubyman
May  4 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328029.
May  4 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[404]: pam_unix(cron:session): session closed for user root
May  4 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30183]: pam_unix(cron:session): session closed for user root
May  4 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[400]: pam_unix(cron:session): session closed for user samftp
May  4 14:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[726]: Failed password for root from 139.59.226.171 port 51186 ssh2
May  4 14:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[726]: Connection closed by 139.59.226.171 port 51186 [preauth]
May  4 14:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Invalid user pi from 139.59.226.171
May  4 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: input_userauth_request: invalid user pi [preauth]
May  4 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Failed password for invalid user pi from 139.59.226.171 port 47170 ssh2
May  4 14:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[753]: Connection closed by 139.59.226.171 port 47170 [preauth]
May  4 14:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Invalid user hive from 139.59.226.171
May  4 14:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: input_userauth_request: invalid user hive [preauth]
May  4 14:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Failed password for invalid user hive from 139.59.226.171 port 47176 ssh2
May  4 14:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[768]: Connection closed by 139.59.226.171 port 47176 [preauth]
May  4 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Invalid user git from 139.59.226.171
May  4 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: input_userauth_request: invalid user git [preauth]
May  4 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Failed password for invalid user git from 139.59.226.171 port 47192 ssh2
May  4 14:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Connection closed by 139.59.226.171 port 47192 [preauth]
May  4 14:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Invalid user wang from 139.59.226.171
May  4 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: input_userauth_request: invalid user wang [preauth]
May  4 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session closed for user root
May  4 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Failed password for invalid user wang from 139.59.226.171 port 37920 ssh2
May  4 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[797]: Connection closed by 139.59.226.171 port 37920 [preauth]
May  4 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Invalid user nginx from 139.59.226.171
May  4 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: input_userauth_request: invalid user nginx [preauth]
May  4 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Failed password for invalid user nginx from 139.59.226.171 port 37926 ssh2
May  4 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Connection closed by 139.59.226.171 port 37926 [preauth]
May  4 14:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Invalid user mongo from 139.59.226.171
May  4 14:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: input_userauth_request: invalid user mongo [preauth]
May  4 14:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Failed password for invalid user mongo from 139.59.226.171 port 57130 ssh2
May  4 14:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Connection closed by 139.59.226.171 port 57130 [preauth]
May  4 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: Invalid user user from 139.59.226.171
May  4 14:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: input_userauth_request: invalid user user [preauth]
May  4 14:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61  user=root
May  4 14:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Failed password for root from 92.118.39.61 port 53846 ssh2
May  4 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: Failed password for invalid user user from 139.59.226.171 port 57140 ssh2
May  4 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Connection closed by 92.118.39.61 port 53846 [preauth]
May  4 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[854]: Connection closed by 139.59.226.171 port 57140 [preauth]
May  4 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: Invalid user oracle from 139.59.226.171
May  4 14:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: input_userauth_request: invalid user oracle [preauth]
May  4 14:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: Failed password for invalid user oracle from 139.59.226.171 port 57144 ssh2
May  4 14:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: Connection closed by 139.59.226.171 port 57144 [preauth]
May  4 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: Invalid user gpadmin from 139.59.226.171
May  4 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: input_userauth_request: invalid user gpadmin [preauth]
May  4 14:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: Failed password for invalid user gpadmin from 139.59.226.171 port 49580 ssh2
May  4 14:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[886]: Connection closed by 139.59.226.171 port 49580 [preauth]
May  4 14:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: Failed password for root from 139.59.226.171 port 49596 ssh2
May  4 14:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[896]: Connection closed by 139.59.226.171 port 49596 [preauth]
May  4 14:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Invalid user esroot from 139.59.226.171
May  4 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: input_userauth_request: invalid user esroot [preauth]
May  4 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[912]: pam_unix(cron:session): session closed for user p13x
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session closed for user root
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[989]: Successful su for rubyman by root
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[989]: + ??? root:rubyman
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328033 of user rubyman.
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[989]: pam_unix(su:session): session closed for user rubyman
May  4 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328033.
May  4 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Failed password for invalid user esroot from 139.59.226.171 port 48270 ssh2
May  4 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Connection closed by 139.59.226.171 port 48270 [preauth]
May  4 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Invalid user gitlab from 139.59.226.171
May  4 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: input_userauth_request: invalid user gitlab [preauth]
May  4 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session closed for user root
May  4 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session closed for user samftp
May  4 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Failed password for invalid user gitlab from 139.59.226.171 port 48286 ssh2
May  4 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Connection closed by 139.59.226.171 port 48286 [preauth]
May  4 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Invalid user apache from 139.59.226.171
May  4 14:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: input_userauth_request: invalid user apache [preauth]
May  4 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Failed password for invalid user apache from 139.59.226.171 port 50656 ssh2
May  4 14:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1190]: Connection closed by 139.59.226.171 port 50656 [preauth]
May  4 14:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19  user=root
May  4 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Failed password for root from 139.59.226.171 port 50662 ssh2
May  4 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1202]: Connection closed by 139.59.226.171 port 50662 [preauth]
May  4 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for root from 35.200.237.19 port 1111 ssh2
May  4 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Received disconnect from 35.200.237.19 port 1111:11: Bye Bye [preauth]
May  4 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Disconnected from 35.200.237.19 port 1111 [preauth]
May  4 14:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Failed password for root from 139.59.226.171 port 50678 ssh2
May  4 14:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Connection closed by 139.59.226.171 port 50678 [preauth]
May  4 14:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Invalid user user from 139.59.226.171
May  4 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: input_userauth_request: invalid user user [preauth]
May  4 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Invalid user ubnt from 80.94.95.125
May  4 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: input_userauth_request: invalid user ubnt [preauth]
May  4 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Failed password for invalid user user from 139.59.226.171 port 35788 ssh2
May  4 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user ubnt from 80.94.95.125 port 62219 ssh2
May  4 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1251]: Connection closed by 139.59.226.171 port 35788 [preauth]
May  4 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Invalid user lighthouse from 139.59.226.171
May  4 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: input_userauth_request: invalid user lighthouse [preauth]
May  4 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user ubnt from 80.94.95.125 port 62219 ssh2
May  4 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Failed password for invalid user lighthouse from 139.59.226.171 port 35804 ssh2
May  4 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: Connection closed by 139.59.226.171 port 35804 [preauth]
May  4 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user ubnt from 80.94.95.125 port 62219 ssh2
May  4 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Invalid user flask from 139.59.226.171
May  4 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: input_userauth_request: invalid user flask [preauth]
May  4 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user ubnt from 80.94.95.125 port 62219 ssh2
May  4 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Failed password for invalid user flask from 139.59.226.171 port 51586 ssh2
May  4 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1285]: Connection closed by 139.59.226.171 port 51586 [preauth]
May  4 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user ubnt from 80.94.95.125 port 62219 ssh2
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Received disconnect from 80.94.95.125 port 62219:11: Bye [preauth]
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Disconnected from 80.94.95.125 port 62219 [preauth]
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: Invalid user user1 from 139.59.226.171
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: input_userauth_request: invalid user user1 [preauth]
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user root
May  4 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: Failed password for invalid user user1 from 139.59.226.171 port 51600 ssh2
May  4 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: Connection closed by 139.59.226.171 port 51600 [preauth]
May  4 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Invalid user hadoop from 139.59.226.171
May  4 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: input_userauth_request: invalid user hadoop [preauth]
May  4 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Failed password for invalid user hadoop from 139.59.226.171 port 51610 ssh2
May  4 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Connection closed by 139.59.226.171 port 51610 [preauth]
May  4 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: Invalid user oracle from 139.59.226.171
May  4 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: input_userauth_request: invalid user oracle [preauth]
May  4 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: Failed password for invalid user oracle from 139.59.226.171 port 54700 ssh2
May  4 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1338]: Connection closed by 139.59.226.171 port 54700 [preauth]
May  4 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: Invalid user test from 139.59.226.171
May  4 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: input_userauth_request: invalid user test [preauth]
May  4 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: Failed password for invalid user test from 139.59.226.171 port 54704 ssh2
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1353]: Connection closed by 139.59.226.171 port 54704 [preauth]
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Invalid user admin from 64.226.117.59
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: input_userauth_request: invalid user admin [preauth]
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Failed password for invalid user admin from 64.226.117.59 port 55230 ssh2
May  4 14:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Connection closed by 64.226.117.59 port 55230 [preauth]
May  4 14:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Failed password for root from 139.59.226.171 port 58678 ssh2
May  4 14:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1376]: Connection closed by 139.59.226.171 port 58678 [preauth]
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session closed for user p13x
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1495]: Successful su for rubyman by root
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1495]: + ??? root:rubyman
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328038 of user rubyman.
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1495]: pam_unix(su:session): session closed for user rubyman
May  4 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328038.
May  4 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session closed for user root
May  4 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session closed for user samftp
May  4 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Failed password for root from 139.59.226.171 port 59084 ssh2
May  4 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Connection closed by 139.59.226.171 port 59084 [preauth]
May  4 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Failed password for root from 139.59.226.171 port 46314 ssh2
May  4 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1732]: Connection closed by 139.59.226.171 port 46314 [preauth]
May  4 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Invalid user tom from 139.59.226.171
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: input_userauth_request: invalid user tom [preauth]
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Invalid user oscar from 139.59.226.171
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: input_userauth_request: invalid user oscar [preauth]
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Failed password for root from 139.59.226.171 port 41604 ssh2
May  4 14:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Connection closed by 139.59.226.171 port 41604 [preauth]
May  4 14:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Failed password for invalid user tom from 139.59.226.171 port 59082 ssh2
May  4 14:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1760]: Connection closed by 139.59.226.171 port 59082 [preauth]
May  4 14:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Failed password for invalid user oscar from 139.59.226.171 port 41590 ssh2
May  4 14:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Connection closed by 139.59.226.171 port 41590 [preauth]
May  4 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Invalid user user1 from 139.59.226.171
May  4 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: input_userauth_request: invalid user user1 [preauth]
May  4 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[407]: pam_unix(cron:session): session closed for user root
May  4 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Failed password for invalid user user1 from 139.59.226.171 port 39560 ssh2
May  4 14:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1790]: Connection closed by 139.59.226.171 port 39560 [preauth]
May  4 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Invalid user pankaj from 197.5.145.121
May  4 14:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: input_userauth_request: invalid user pankaj [preauth]
May  4 14:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user flink from 139.59.226.171
May  4 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user flink [preauth]
May  4 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Failed password for invalid user pankaj from 197.5.145.121 port 36583 ssh2
May  4 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Received disconnect from 197.5.145.121 port 36583:11: Bye Bye [preauth]
May  4 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Disconnected from 197.5.145.121 port 36583 [preauth]
May  4 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user flink from 139.59.226.171 port 52384 ssh2
May  4 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 139.59.226.171 port 52384 [preauth]
May  4 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Failed password for root from 139.59.226.171 port 39546 ssh2
May  4 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Connection closed by 139.59.226.171 port 39546 [preauth]
May  4 14:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Invalid user apache from 139.59.226.171
May  4 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: input_userauth_request: invalid user apache [preauth]
May  4 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Failed password for invalid user apache from 139.59.226.171 port 60256 ssh2
May  4 14:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1847]: Connection closed by 139.59.226.171 port 60256 [preauth]
May  4 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: Failed password for root from 139.59.226.171 port 60258 ssh2
May  4 14:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1858]: Connection closed by 139.59.226.171 port 60258 [preauth]
May  4 14:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Invalid user nginx from 139.59.226.171
May  4 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: input_userauth_request: invalid user nginx [preauth]
May  4 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Failed password for invalid user nginx from 139.59.226.171 port 60264 ssh2
May  4 14:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Connection closed by 139.59.226.171 port 60264 [preauth]
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1884]: pam_unix(cron:session): session closed for user p13x
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: Successful su for rubyman by root
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: + ??? root:rubyman
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328042 of user rubyman.
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: pam_unix(su:session): session closed for user rubyman
May  4 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328042.
May  4 14:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31512]: pam_unix(cron:session): session closed for user root
May  4 14:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session closed for user samftp
May  4 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Invalid user esuser from 139.59.226.171
May  4 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: input_userauth_request: invalid user esuser [preauth]
May  4 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Invalid user git from 139.59.226.171
May  4 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: input_userauth_request: invalid user git [preauth]
May  4 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Failed password for invalid user esuser from 139.59.226.171 port 33604 ssh2
May  4 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2214]: Connection closed by 139.59.226.171 port 33604 [preauth]
May  4 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Failed password for invalid user git from 139.59.226.171 port 55466 ssh2
May  4 14:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2216]: Connection closed by 139.59.226.171 port 55466 [preauth]
May  4 14:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Invalid user postgres from 139.59.226.171
May  4 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: input_userauth_request: invalid user postgres [preauth]
May  4 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for invalid user postgres from 139.59.226.171 port 55478 ssh2
May  4 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Connection closed by 139.59.226.171 port 55478 [preauth]
May  4 14:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Invalid user svnuser from 139.59.226.171
May  4 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: input_userauth_request: invalid user svnuser [preauth]
May  4 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Failed password for invalid user svnuser from 139.59.226.171 port 57302 ssh2
May  4 14:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2250]: Connection closed by 139.59.226.171 port 57302 [preauth]
May  4 14:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Invalid user dolphinscheduler from 139.59.226.171
May  4 14:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 14:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Failed password for invalid user dolphinscheduler from 139.59.226.171 port 57318 ssh2
May  4 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2262]: Connection closed by 139.59.226.171 port 57318 [preauth]
May  4 14:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Failed password for root from 139.59.226.171 port 57332 ssh2
May  4 14:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2286]: Connection closed by 139.59.226.171 port 57332 [preauth]
May  4 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session closed for user root
May  4 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Invalid user sonar from 139.59.226.171
May  4 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: input_userauth_request: invalid user sonar [preauth]
May  4 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Failed password for invalid user sonar from 139.59.226.171 port 51218 ssh2
May  4 14:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2316]: Connection closed by 139.59.226.171 port 51218 [preauth]
May  4 14:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Invalid user app from 139.59.226.171
May  4 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: input_userauth_request: invalid user app [preauth]
May  4 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Failed password for invalid user app from 139.59.226.171 port 59638 ssh2
May  4 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Connection closed by 139.59.226.171 port 59638 [preauth]
May  4 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Invalid user tools from 139.59.226.171
May  4 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: input_userauth_request: invalid user tools [preauth]
May  4 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Failed password for invalid user tools from 139.59.226.171 port 59642 ssh2
May  4 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Connection closed by 139.59.226.171 port 59642 [preauth]
May  4 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Invalid user lighthouse from 139.59.226.171
May  4 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: input_userauth_request: invalid user lighthouse [preauth]
May  4 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Failed password for invalid user lighthouse from 139.59.226.171 port 59652 ssh2
May  4 14:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2364]: Connection closed by 139.59.226.171 port 59652 [preauth]
May  4 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Invalid user gpadmin from 139.59.226.171
May  4 14:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: input_userauth_request: invalid user gpadmin [preauth]
May  4 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session closed for user p13x
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2469]: Successful su for rubyman by root
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2469]: + ??? root:rubyman
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328046 of user rubyman.
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2469]: pam_unix(su:session): session closed for user rubyman
May  4 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328046.
May  4 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Failed password for invalid user gpadmin from 139.59.226.171 port 60136 ssh2
May  4 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2393]: Connection closed by 139.59.226.171 port 60136 [preauth]
May  4 14:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session closed for user root
May  4 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session closed for user samftp
May  4 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: User mysql from 139.59.226.171 not allowed because not listed in AllowUsers
May  4 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: input_userauth_request: invalid user mysql [preauth]
May  4 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=mysql
May  4 14:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: Failed password for invalid user mysql from 139.59.226.171 port 47864 ssh2
May  4 14:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2664]: Connection closed by 139.59.226.171 port 47864 [preauth]
May  4 14:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: Invalid user oracle from 139.59.226.171
May  4 14:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: input_userauth_request: invalid user oracle [preauth]
May  4 14:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: Failed password for invalid user oracle from 139.59.226.171 port 60142 ssh2
May  4 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Failed password for root from 139.59.226.171 port 47880 ssh2
May  4 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2687]: Connection closed by 139.59.226.171 port 60142 [preauth]
May  4 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2682]: Connection closed by 139.59.226.171 port 47880 [preauth]
May  4 14:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Failed password for root from 139.59.226.171 port 45812 ssh2
May  4 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Connection closed by 139.59.226.171 port 45812 [preauth]
May  4 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Failed password for root from 139.59.226.171 port 45792 ssh2
May  4 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Connection closed by 139.59.226.171 port 45792 [preauth]
May  4 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session closed for user root
May  4 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Invalid user test from 139.59.226.171
May  4 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: input_userauth_request: invalid user test [preauth]
May  4 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Failed password for invalid user test from 139.59.226.171 port 44964 ssh2
May  4 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Connection closed by 139.59.226.171 port 44964 [preauth]
May  4 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: Failed password for root from 139.59.226.171 port 46040 ssh2
May  4 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2787]: Connection closed by 139.59.226.171 port 46040 [preauth]
May  4 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Invalid user app from 139.59.226.171
May  4 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: input_userauth_request: invalid user app [preauth]
May  4 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Failed password for invalid user app from 139.59.226.171 port 37488 ssh2
May  4 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Connection closed by 139.59.226.171 port 37488 [preauth]
May  4 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Invalid user elastic from 139.59.226.171
May  4 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: input_userauth_request: invalid user elastic [preauth]
May  4 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Failed password for invalid user elastic from 139.59.226.171 port 37494 ssh2
May  4 14:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Connection closed by 139.59.226.171 port 37494 [preauth]
May  4 14:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Invalid user guest from 139.59.226.171
May  4 14:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: input_userauth_request: invalid user guest [preauth]
May  4 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Failed password for root from 139.59.226.171 port 41742 ssh2
May  4 14:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Connection closed by 139.59.226.171 port 41742 [preauth]
May  4 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Failed password for invalid user guest from 139.59.226.171 port 41754 ssh2
May  4 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Connection closed by 139.59.226.171 port 41754 [preauth]
May  4 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Failed password for root from 139.59.226.171 port 41760 ssh2
May  4 14:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Connection closed by 139.59.226.171 port 41760 [preauth]
May  4 14:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user root
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session closed for user p13x
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Invalid user sonar from 139.59.226.171
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: input_userauth_request: invalid user sonar [preauth]
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: Successful su for rubyman by root
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: + ??? root:rubyman
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328053 of user rubyman.
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: pam_unix(su:session): session closed for user rubyman
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328053.
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session closed for user root
May  4 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Failed password for invalid user sonar from 139.59.226.171 port 50200 ssh2
May  4 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Connection closed by 139.59.226.171 port 50200 [preauth]
May  4 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session closed for user root
May  4 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session closed for user samftp
May  4 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Invalid user jumpserver from 139.59.226.171
May  4 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: input_userauth_request: invalid user jumpserver [preauth]
May  4 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Failed password for invalid user jumpserver from 139.59.226.171 port 50202 ssh2
May  4 14:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3143]: Connection closed by 139.59.226.171 port 50202 [preauth]
May  4 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Failed password for root from 139.59.226.171 port 41256 ssh2
May  4 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Connection closed by 139.59.226.171 port 41256 [preauth]
May  4 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Invalid user ranger from 139.59.226.171
May  4 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: input_userauth_request: invalid user ranger [preauth]
May  4 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Failed password for invalid user ranger from 139.59.226.171 port 38288 ssh2
May  4 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Connection closed by 139.59.226.171 port 38288 [preauth]
May  4 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Invalid user tom from 139.59.226.171
May  4 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: input_userauth_request: invalid user tom [preauth]
May  4 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Invalid user git from 139.59.226.171
May  4 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: input_userauth_request: invalid user git [preauth]
May  4 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Failed password for invalid user tom from 139.59.226.171 port 41248 ssh2
May  4 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for invalid user git from 139.59.226.171 port 38278 ssh2
May  4 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Connection closed by 139.59.226.171 port 41248 [preauth]
May  4 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Connection closed by 139.59.226.171 port 38278 [preauth]
May  4 14:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Failed password for root from 139.59.226.171 port 37476 ssh2
May  4 14:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Connection closed by 139.59.226.171 port 37476 [preauth]
May  4 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1887]: pam_unix(cron:session): session closed for user root
May  4 14:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Invalid user tom from 139.59.226.171
May  4 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: input_userauth_request: invalid user tom [preauth]
May  4 14:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Failed password for invalid user tom from 139.59.226.171 port 37496 ssh2
May  4 14:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3266]: Connection closed by 139.59.226.171 port 37496 [preauth]
May  4 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: Failed password for root from 139.59.226.171 port 58488 ssh2
May  4 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: Connection closed by 139.59.226.171 port 58488 [preauth]
May  4 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Invalid user ubuntu from 139.59.226.171
May  4 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Failed password for invalid user ubuntu from 139.59.226.171 port 58490 ssh2
May  4 14:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Connection closed by 139.59.226.171 port 58490 [preauth]
May  4 14:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Invalid user elsearch from 139.59.226.171
May  4 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: input_userauth_request: invalid user elsearch [preauth]
May  4 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Failed password for invalid user elsearch from 139.59.226.171 port 45452 ssh2
May  4 14:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3301]: Connection closed by 139.59.226.171 port 45452 [preauth]
May  4 14:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Invalid user rancher from 139.59.226.171
May  4 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: input_userauth_request: invalid user rancher [preauth]
May  4 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Failed password for root from 176.31.162.135 port 38360 ssh2
May  4 14:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Failed password for invalid user rancher from 139.59.226.171 port 34580 ssh2
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Connection closed by 176.31.162.135 port 38360 [preauth]
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Connection closed by 139.59.226.171 port 34580 [preauth]
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session closed for user p13x
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: Successful su for rubyman by root
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: + ??? root:rubyman
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328056 of user rubyman.
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session closed for user rubyman
May  4 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328056.
May  4 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[406]: pam_unix(cron:session): session closed for user root
May  4 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user samftp
May  4 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Invalid user rancher from 139.59.226.171
May  4 14:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: input_userauth_request: invalid user rancher [preauth]
May  4 14:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: Failed password for root from 139.59.226.171 port 34592 ssh2
May  4 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Failed password for invalid user rancher from 139.59.226.171 port 34600 ssh2
May  4 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3644]: Connection closed by 139.59.226.171 port 34592 [preauth]
May  4 14:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3647]: Connection closed by 139.59.226.171 port 34600 [preauth]
May  4 14:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Failed password for root from 139.59.226.171 port 38996 ssh2
May  4 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Connection closed by 139.59.226.171 port 38996 [preauth]
May  4 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Invalid user es from 139.59.226.171
May  4 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: input_userauth_request: invalid user es [preauth]
May  4 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Invalid user user from 139.59.226.171
May  4 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: input_userauth_request: invalid user user [preauth]
May  4 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Failed password for invalid user es from 139.59.226.171 port 38984 ssh2
May  4 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Connection closed by 139.59.226.171 port 38984 [preauth]
May  4 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Failed password for invalid user user from 139.59.226.171 port 50870 ssh2
May  4 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3675]: Connection closed by 139.59.226.171 port 50870 [preauth]
May  4 14:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Failed password for root from 139.59.226.171 port 50874 ssh2
May  4 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3706]: Connection closed by 139.59.226.171 port 50874 [preauth]
May  4 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: Invalid user cris from 35.200.237.19
May  4 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: input_userauth_request: invalid user cris [preauth]
May  4 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: Invalid user data from 139.59.226.171
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: input_userauth_request: invalid user data [preauth]
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: Failed password for invalid user cris from 35.200.237.19 port 1146 ssh2
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: Received disconnect from 35.200.237.19 port 1146:11: Bye Bye [preauth]
May  4 14:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3708]: Disconnected from 35.200.237.19 port 1146 [preauth]
May  4 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2400]: pam_unix(cron:session): session closed for user root
May  4 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: Failed password for invalid user data from 139.59.226.171 port 58802 ssh2
May  4 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: Connection closed by 139.59.226.171 port 58802 [preauth]
May  4 14:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: Invalid user ubuntu from 193.32.162.84
May  4 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: Failed password for invalid user ubuntu from 193.32.162.84 port 54962 ssh2
May  4 14:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3740]: Connection closed by 193.32.162.84 port 54962 [preauth]
May  4 14:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: Invalid user oracle from 139.59.226.171
May  4 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: input_userauth_request: invalid user oracle [preauth]
May  4 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: Failed password for invalid user oracle from 139.59.226.171 port 53190 ssh2
May  4 14:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: Connection closed by 139.59.226.171 port 53190 [preauth]
May  4 14:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Invalid user plex from 139.59.226.171
May  4 14:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: input_userauth_request: invalid user plex [preauth]
May  4 14:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Failed password for invalid user plex from 139.59.226.171 port 53194 ssh2
May  4 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3780]: Connection closed by 139.59.226.171 port 53194 [preauth]
May  4 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Failed password for root from 185.93.89.118 port 44964 ssh2
May  4 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Connection closed by 185.93.89.118 port 44964 [preauth]
May  4 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Invalid user steam from 139.59.226.171
May  4 14:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: input_userauth_request: invalid user steam [preauth]
May  4 14:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Invalid user bigdata from 139.59.226.171
May  4 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: input_userauth_request: invalid user bigdata [preauth]
May  4 14:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Failed password for invalid user steam from 139.59.226.171 port 55110 ssh2
May  4 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3791]: Connection closed by 139.59.226.171 port 55110 [preauth]
May  4 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Invalid user esuser from 139.59.226.171
May  4 14:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: input_userauth_request: invalid user esuser [preauth]
May  4 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Failed password for invalid user bigdata from 139.59.226.171 port 58812 ssh2
May  4 14:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Connection closed by 139.59.226.171 port 58812 [preauth]
May  4 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Failed password for invalid user esuser from 139.59.226.171 port 55122 ssh2
May  4 14:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3803]: Connection closed by 139.59.226.171 port 55122 [preauth]
May  4 14:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3822]: pam_unix(cron:session): session closed for user p13x
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3889]: Successful su for rubyman by root
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3889]: + ??? root:rubyman
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328061 of user rubyman.
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3889]: pam_unix(su:session): session closed for user rubyman
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328061.
May  4 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Invalid user docker from 139.59.226.171
May  4 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: input_userauth_request: invalid user docker [preauth]
May  4 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 14:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session closed for user root
May  4 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3790]: Failed password for root from 185.93.89.118 port 59866 ssh2
May  4 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Failed password for invalid user docker from 139.59.226.171 port 55018 ssh2
May  4 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3900]: Connection closed by 139.59.226.171 port 55018 [preauth]
May  4 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Failed password for root from 152.206.118.154 port 51830 ssh2
May  4 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Received disconnect from 152.206.118.154 port 51830:11: Bye Bye [preauth]
May  4 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Disconnected from 152.206.118.154 port 51830 [preauth]
May  4 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3823]: pam_unix(cron:session): session closed for user samftp
May  4 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Invalid user admin from 139.19.117.131
May  4 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: input_userauth_request: invalid user admin [preauth]
May  4 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: Invalid user user from 139.59.226.171
May  4 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: input_userauth_request: invalid user user [preauth]
May  4 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3790]: Connection closed by 185.93.89.118 port 59866 [preauth]
May  4 14:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: Failed password for invalid user user from 139.59.226.171 port 55028 ssh2
May  4 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4107]: Connection closed by 139.59.226.171 port 55028 [preauth]
May  4 14:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: Invalid user observer from 139.59.226.171
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: input_userauth_request: invalid user observer [preauth]
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Invalid user elastic from 139.59.226.171
May  4 14:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: input_userauth_request: invalid user elastic [preauth]
May  4 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Failed password for invalid user elastic from 139.59.226.171 port 60506 ssh2
May  4 14:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 139.19.117.131 port 42414 [preauth]
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4140]: Connection closed by 139.59.226.171 port 60506 [preauth]
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: Failed password for invalid user observer from 139.59.226.171 port 55006 ssh2
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4127]: Connection closed by 139.59.226.171 port 55006 [preauth]
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Invalid user oracle from 139.59.226.171
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: input_userauth_request: invalid user oracle [preauth]
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Failed password for invalid user oracle from 139.59.226.171 port 60512 ssh2
May  4 14:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Connection closed by 139.59.226.171 port 60512 [preauth]
May  4 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Invalid user postgres from 139.59.226.171
May  4 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: input_userauth_request: invalid user postgres [preauth]
May  4 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: Failed password for root from 185.93.89.118 port 48458 ssh2
May  4 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Failed password for invalid user postgres from 139.59.226.171 port 46204 ssh2
May  4 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Connection closed by 139.59.226.171 port 46204 [preauth]
May  4 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: Connection closed by 185.93.89.118 port 48458 [preauth]
May  4 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Invalid user ts from 139.59.226.171
May  4 14:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: input_userauth_request: invalid user ts [preauth]
May  4 14:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Failed password for invalid user ts from 139.59.226.171 port 46206 ssh2
May  4 14:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Connection closed by 139.59.226.171 port 46206 [preauth]
May  4 14:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3265]: Connection reset by 218.92.0.237 port 41170 [preauth]
May  4 14:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Failed password for root from 139.59.226.171 port 46218 ssh2
May  4 14:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4185]: Connection closed by 139.59.226.171 port 46218 [preauth]
May  4 14:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user root
May  4 14:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Invalid user ftpuser from 139.59.226.171
May  4 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: input_userauth_request: invalid user ftpuser [preauth]
May  4 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Failed password for root from 185.93.89.118 port 21504 ssh2
May  4 14:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Failed password for invalid user ftpuser from 139.59.226.171 port 46220 ssh2
May  4 14:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Connection closed by 139.59.226.171 port 46220 [preauth]
May  4 14:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Invalid user telegramapi from 92.118.39.61
May  4 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: input_userauth_request: invalid user telegramapi [preauth]
May  4 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Failed password for invalid user telegramapi from 92.118.39.61 port 35540 ssh2
May  4 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Connection closed by 92.118.39.61 port 35540 [preauth]
May  4 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4159]: Connection closed by 185.93.89.118 port 21504 [preauth]
May  4 14:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Invalid user gitlab from 139.59.226.171
May  4 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: input_userauth_request: invalid user gitlab [preauth]
May  4 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Invalid user test from 139.59.226.171
May  4 14:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: input_userauth_request: invalid user test [preauth]
May  4 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Failed password for invalid user gitlab from 139.59.226.171 port 46358 ssh2
May  4 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4266]: Connection closed by 139.59.226.171 port 46358 [preauth]
May  4 14:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Invalid user guest from 139.59.226.171
May  4 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: input_userauth_request: invalid user guest [preauth]
May  4 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Failed password for invalid user test from 139.59.226.171 port 46346 ssh2
May  4 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4283]: Connection closed by 139.59.226.171 port 46346 [preauth]
May  4 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Failed password for invalid user guest from 139.59.226.171 port 46366 ssh2
May  4 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Connection closed by 139.59.226.171 port 46366 [preauth]
May  4 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Invalid user worker from 139.59.226.171
May  4 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: input_userauth_request: invalid user worker [preauth]
May  4 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 14:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Failed password for invalid user worker from 139.59.226.171 port 42154 ssh2
May  4 14:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4422]: Connection closed by 139.59.226.171 port 42154 [preauth]
May  4 14:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4265]: Failed password for root from 185.93.89.118 port 63132 ssh2
May  4 14:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4265]: Connection closed by 185.93.89.118 port 63132 [preauth]
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user p13x
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: Successful su for rubyman by root
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: + ??? root:rubyman
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328064 of user rubyman.
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4523]: pam_unix(su:session): session closed for user rubyman
May  4 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328064.
May  4 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Invalid user zabbix from 139.59.226.171
May  4 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: input_userauth_request: invalid user zabbix [preauth]
May  4 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session closed for user root
May  4 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session closed for user samftp
May  4 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Failed password for invalid user zabbix from 139.59.226.171 port 59974 ssh2
May  4 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Connection closed by 139.59.226.171 port 59974 [preauth]
May  4 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Failed password for root from 139.59.226.171 port 50054 ssh2
May  4 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Connection closed by 139.59.226.171 port 50054 [preauth]
May  4 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: Invalid user flask from 139.59.226.171
May  4 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: input_userauth_request: invalid user flask [preauth]
May  4 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: Failed password for invalid user flask from 139.59.226.171 port 50062 ssh2
May  4 14:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: Connection closed by 139.59.226.171 port 50062 [preauth]
May  4 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: Invalid user gitlab from 139.59.226.171
May  4 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: input_userauth_request: invalid user gitlab [preauth]
May  4 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: Failed password for invalid user gitlab from 139.59.226.171 port 50076 ssh2
May  4 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Invalid user testuser from 139.59.226.171
May  4 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: input_userauth_request: invalid user testuser [preauth]
May  4 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: Connection closed by 139.59.226.171 port 50076 [preauth]
May  4 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Invalid user Admin from 64.226.117.59
May  4 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: input_userauth_request: invalid user Admin [preauth]
May  4 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for invalid user testuser from 139.59.226.171 port 49218 ssh2
May  4 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 14:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Connection closed by 139.59.226.171 port 49218 [preauth]
May  4 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Invalid user postgres from 139.59.226.171
May  4 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: input_userauth_request: invalid user postgres [preauth]
May  4 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Failed password for invalid user Admin from 64.226.117.59 port 58812 ssh2
May  4 14:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4765]: Connection closed by 64.226.117.59 port 58812 [preauth]
May  4 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Failed password for invalid user postgres from 139.59.226.171 port 49224 ssh2
May  4 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3742]: Connection reset by 218.92.0.198 port 10394 [preauth]
May  4 14:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Connection closed by 139.59.226.171 port 49224 [preauth]
May  4 14:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Invalid user jenkins from 139.59.226.171
May  4 14:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: input_userauth_request: invalid user jenkins [preauth]
May  4 14:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Failed password for invalid user jenkins from 139.59.226.171 port 47952 ssh2
May  4 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4794]: Connection closed by 139.59.226.171 port 47952 [preauth]
May  4 14:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session closed for user root
May  4 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4833]: Failed password for root from 139.59.226.171 port 47956 ssh2
May  4 14:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4833]: Connection closed by 139.59.226.171 port 47956 [preauth]
May  4 14:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Invalid user steam from 139.59.226.171
May  4 14:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: input_userauth_request: invalid user steam [preauth]
May  4 14:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Failed password for invalid user steam from 139.59.226.171 port 57342 ssh2
May  4 14:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Connection closed by 139.59.226.171 port 57342 [preauth]
May  4 14:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Invalid user test from 139.59.226.171
May  4 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: input_userauth_request: invalid user test [preauth]
May  4 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Failed password for invalid user test from 139.59.226.171 port 57350 ssh2
May  4 14:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Connection closed by 139.59.226.171 port 57350 [preauth]
May  4 14:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Invalid user test from 139.59.226.171
May  4 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: input_userauth_request: invalid user test [preauth]
May  4 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session closed for user p13x
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Failed password for invalid user test from 139.59.226.171 port 41174 ssh2
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4974]: Successful su for rubyman by root
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4974]: + ??? root:rubyman
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328068 of user rubyman.
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4974]: pam_unix(su:session): session closed for user rubyman
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328068.
May  4 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: Connection closed by 139.59.226.171 port 41174 [preauth]
May  4 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session closed for user root
May  4 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4904]: pam_unix(cron:session): session closed for user samftp
May  4 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Invalid user centos from 139.59.226.171
May  4 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: input_userauth_request: invalid user centos [preauth]
May  4 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Failed password for invalid user centos from 139.59.226.171 port 40854 ssh2
May  4 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: Connection closed by 139.59.226.171 port 40854 [preauth]
May  4 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Invalid user tomcat from 139.59.226.171
May  4 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: input_userauth_request: invalid user tomcat [preauth]
May  4 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Failed password for invalid user tomcat from 139.59.226.171 port 40856 ssh2
May  4 14:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Connection closed by 139.59.226.171 port 40856 [preauth]
May  4 14:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: User mysql from 139.59.226.171 not allowed because not listed in AllowUsers
May  4 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: input_userauth_request: invalid user mysql [preauth]
May  4 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=mysql
May  4 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3825]: pam_unix(cron:session): session closed for user root
May  4 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user mysql from 139.59.226.171 port 44346 ssh2
May  4 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Connection closed by 139.59.226.171 port 44346 [preauth]
May  4 14:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5434]: Failed password for root from 139.59.226.171 port 57836 ssh2
May  4 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5434]: Connection closed by 139.59.226.171 port 57836 [preauth]
May  4 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Failed password for root from 139.59.226.171 port 56826 ssh2
May  4 14:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5479]: Connection closed by 139.59.226.171 port 56826 [preauth]
May  4 14:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Invalid user zabbix from 139.59.226.171
May  4 14:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: input_userauth_request: invalid user zabbix [preauth]
May  4 14:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user zabbix from 139.59.226.171 port 48188 ssh2
May  4 14:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Connection closed by 139.59.226.171 port 48188 [preauth]
May  4 14:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Invalid user kubernetes from 139.59.226.171
May  4 14:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: input_userauth_request: invalid user kubernetes [preauth]
May  4 14:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Failed password for invalid user kubernetes from 139.59.226.171 port 48190 ssh2
May  4 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5519]: Connection closed by 139.59.226.171 port 48190 [preauth]
May  4 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Invalid user observer from 139.59.226.171
May  4 14:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: input_userauth_request: invalid user observer [preauth]
May  4 14:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for invalid user observer from 139.59.226.171 port 51022 ssh2
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Connection closed by 139.59.226.171 port 51022 [preauth]
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5557]: pam_unix(cron:session): session closed for user root
May  4 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5548]: pam_unix(cron:session): session closed for user p13x
May  4 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: Successful su for rubyman by root
May  4 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: + ??? root:rubyman
May  4 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328076 of user rubyman.
May  4 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5656]: pam_unix(su:session): session closed for user rubyman
May  4 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328076.
May  4 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5553]: pam_unix(cron:session): session closed for user root
May  4 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2399]: pam_unix(cron:session): session closed for user root
May  4 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5550]: pam_unix(cron:session): session closed for user samftp
May  4 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Invalid user hadoop from 139.59.226.171
May  4 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: input_userauth_request: invalid user hadoop [preauth]
May  4 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for invalid user hadoop from 139.59.226.171 port 51032 ssh2
May  4 14:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Connection closed by 139.59.226.171 port 51032 [preauth]
May  4 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Invalid user bot from 139.59.226.171
May  4 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: input_userauth_request: invalid user bot [preauth]
May  4 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Failed password for invalid user bot from 139.59.226.171 port 48280 ssh2
May  4 14:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5970]: Connection closed by 139.59.226.171 port 48280 [preauth]
May  4 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Invalid user ranger from 139.59.226.171
May  4 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: input_userauth_request: invalid user ranger [preauth]
May  4 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Invalid user oracle from 139.59.226.171
May  4 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: input_userauth_request: invalid user oracle [preauth]
May  4 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Failed password for invalid user ranger from 139.59.226.171 port 48308 ssh2
May  4 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Connection closed by 139.59.226.171 port 48308 [preauth]
May  4 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Failed password for invalid user oracle from 139.59.226.171 port 37182 ssh2
May  4 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5990]: Connection closed by 139.59.226.171 port 37182 [preauth]
May  4 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: User ftp from 139.59.226.171 not allowed because not listed in AllowUsers
May  4 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: input_userauth_request: invalid user ftp [preauth]
May  4 14:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=ftp
May  4 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Failed password for invalid user ftp from 139.59.226.171 port 37196 ssh2
May  4 14:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Connection closed by 139.59.226.171 port 37196 [preauth]
May  4 14:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Invalid user elastic from 139.59.226.171
May  4 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: input_userauth_request: invalid user elastic [preauth]
May  4 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Failed password for invalid user elastic from 139.59.226.171 port 42434 ssh2
May  4 14:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6023]: Connection closed by 139.59.226.171 port 42434 [preauth]
May  4 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session closed for user root
May  4 14:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Failed password for root from 139.59.226.171 port 42444 ssh2
May  4 14:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6035]: Connection closed by 139.59.226.171 port 42444 [preauth]
May  4 14:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Invalid user admin from 139.59.226.171
May  4 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: input_userauth_request: invalid user admin [preauth]
May  4 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Failed password for invalid user admin from 139.59.226.171 port 48528 ssh2
May  4 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Connection closed by 139.59.226.171 port 48528 [preauth]
May  4 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Invalid user default from 139.59.226.171
May  4 14:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: input_userauth_request: invalid user default [preauth]
May  4 14:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Failed password for invalid user default from 139.59.226.171 port 48538 ssh2
May  4 14:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Connection closed by 139.59.226.171 port 48538 [preauth]
May  4 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Invalid user tomcat from 139.59.226.171
May  4 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: input_userauth_request: invalid user tomcat [preauth]
May  4 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: Invalid user gitlab from 139.59.226.171
May  4 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: input_userauth_request: invalid user gitlab [preauth]
May  4 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Failed password for invalid user tomcat from 139.59.226.171 port 48548 ssh2
May  4 14:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6105]: Connection closed by 139.59.226.171 port 48548 [preauth]
May  4 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: Failed password for invalid user gitlab from 139.59.226.171 port 60150 ssh2
May  4 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6111]: Connection closed by 139.59.226.171 port 60150 [preauth]
May  4 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6124]: Failed password for root from 139.59.226.171 port 60154 ssh2
May  4 14:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6124]: Connection closed by 139.59.226.171 port 60154 [preauth]
May  4 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: Invalid user hadoop from 139.59.226.171
May  4 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: input_userauth_request: invalid user hadoop [preauth]
May  4 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: Failed password for invalid user hadoop from 139.59.226.171 port 45208 ssh2
May  4 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6135]: Connection closed by 139.59.226.171 port 45208 [preauth]
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session closed for user p13x
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6217]: Successful su for rubyman by root
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6217]: + ??? root:rubyman
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328078 of user rubyman.
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6217]: pam_unix(su:session): session closed for user rubyman
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328078.
May  4 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Invalid user tools from 139.59.226.171
May  4 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: input_userauth_request: invalid user tools [preauth]
May  4 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session closed for user root
May  4 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Failed password for invalid user tools from 139.59.226.171 port 45212 ssh2
May  4 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Connection closed by 139.59.226.171 port 45212 [preauth]
May  4 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6147]: pam_unix(cron:session): session closed for user samftp
May  4 14:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Invalid user www from 139.59.226.171
May  4 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: input_userauth_request: invalid user www [preauth]
May  4 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Failed password for invalid user www from 139.59.226.171 port 37478 ssh2
May  4 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6406]: Connection closed by 139.59.226.171 port 37478 [preauth]
May  4 14:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Invalid user admin from 139.59.226.171
May  4 14:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: input_userauth_request: invalid user admin [preauth]
May  4 14:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Failed password for invalid user admin from 139.59.226.171 port 37468 ssh2
May  4 14:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6425]: Connection closed by 139.59.226.171 port 37468 [preauth]
May  4 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: Failed password for root from 139.59.226.171 port 37494 ssh2
May  4 14:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: Connection closed by 139.59.226.171 port 37494 [preauth]
May  4 14:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Invalid user es from 139.59.226.171
May  4 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: input_userauth_request: invalid user es [preauth]
May  4 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Failed password for root from 139.59.226.171 port 40382 ssh2
May  4 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6452]: Connection closed by 139.59.226.171 port 40382 [preauth]
May  4 14:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Failed password for invalid user es from 139.59.226.171 port 40396 ssh2
May  4 14:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Connection closed by 139.59.226.171 port 40396 [preauth]
May  4 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4906]: pam_unix(cron:session): session closed for user root
May  4 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Invalid user oracle from 139.59.226.171
May  4 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: input_userauth_request: invalid user oracle [preauth]
May  4 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Failed password for invalid user oracle from 139.59.226.171 port 51832 ssh2
May  4 14:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6494]: Connection closed by 139.59.226.171 port 51832 [preauth]
May  4 14:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: Invalid user flink from 139.59.226.171
May  4 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: input_userauth_request: invalid user flink [preauth]
May  4 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: Failed password for invalid user flink from 139.59.226.171 port 56850 ssh2
May  4 14:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6518]: Connection closed by 139.59.226.171 port 56850 [preauth]
May  4 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Invalid user mj from 35.200.237.19
May  4 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: input_userauth_request: invalid user mj [preauth]
May  4 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.200.237.19
May  4 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Failed password for invalid user mj from 35.200.237.19 port 1112 ssh2
May  4 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Received disconnect from 35.200.237.19 port 1112:11: Bye Bye [preauth]
May  4 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6548]: Disconnected from 35.200.237.19 port 1112 [preauth]
May  4 14:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Invalid user oracle from 139.59.226.171
May  4 14:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: input_userauth_request: invalid user oracle [preauth]
May  4 14:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Failed password for invalid user oracle from 139.59.226.171 port 58192 ssh2
May  4 14:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6558]: Connection closed by 139.59.226.171 port 58192 [preauth]
May  4 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session closed for user p13x
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: Successful su for rubyman by root
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: + ??? root:rubyman
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328083 of user rubyman.
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6633]: pam_unix(su:session): session closed for user rubyman
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328083.
May  4 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: Invalid user nvidia from 139.59.226.171
May  4 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: input_userauth_request: invalid user nvidia [preauth]
May  4 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user root
May  4 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Invalid user ubnt from 139.59.226.171
May  4 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: input_userauth_request: invalid user ubnt [preauth]
May  4 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: Failed password for invalid user nvidia from 139.59.226.171 port 38104 ssh2
May  4 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6649]: Connection closed by 139.59.226.171 port 38104 [preauth]
May  4 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user samftp
May  4 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Failed password for invalid user ubnt from 139.59.226.171 port 38092 ssh2
May  4 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Connection closed by 139.59.226.171 port 38092 [preauth]
May  4 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 139.59.226.171 port 57310 ssh2
May  4 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Connection closed by 139.59.226.171 port 57310 [preauth]
May  4 14:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: Invalid user developer from 139.59.226.171
May  4 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: input_userauth_request: invalid user developer [preauth]
May  4 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: Failed password for invalid user developer from 139.59.226.171 port 57324 ssh2
May  4 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6864]: Connection closed by 139.59.226.171 port 57324 [preauth]
May  4 14:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: Failed password for root from 139.59.226.171 port 57322 ssh2
May  4 14:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: Connection closed by 139.59.226.171 port 57322 [preauth]
May  4 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Failed password for root from 139.59.226.171 port 43528 ssh2
May  4 14:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6873]: Connection closed by 139.59.226.171 port 43528 [preauth]
May  4 14:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: User ftp from 139.59.226.171 not allowed because not listed in AllowUsers
May  4 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: input_userauth_request: invalid user ftp [preauth]
May  4 14:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=ftp
May  4 14:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Failed password for invalid user ftp from 139.59.226.171 port 43544 ssh2
May  4 14:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6878]: Connection closed by 139.59.226.171 port 43544 [preauth]
May  4 14:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: Invalid user mongodb from 139.59.226.171
May  4 14:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: input_userauth_request: invalid user mongodb [preauth]
May  4 14:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: Failed password for invalid user mongodb from 139.59.226.171 port 49998 ssh2
May  4 14:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6902]: Connection closed by 139.59.226.171 port 49998 [preauth]
May  4 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: Invalid user mongodb from 139.59.226.171
May  4 14:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: input_userauth_request: invalid user mongodb [preauth]
May  4 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5556]: pam_unix(cron:session): session closed for user root
May  4 14:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: Failed password for invalid user mongodb from 139.59.226.171 port 50002 ssh2
May  4 14:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: Connection closed by 139.59.226.171 port 50002 [preauth]
May  4 14:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Invalid user app from 139.59.226.171
May  4 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: input_userauth_request: invalid user app [preauth]
May  4 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7038]: Bad protocol version identification '' from 18.217.80.88 port 57046
May  4 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Failed password for invalid user app from 139.59.226.171 port 36212 ssh2
May  4 14:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Connection closed by 139.59.226.171 port 36212 [preauth]
May  4 14:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Invalid user www from 139.59.226.171
May  4 14:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: input_userauth_request: invalid user www [preauth]
May  4 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Bad protocol version identification '\026\003\001' from 18.217.80.88 port 40644
May  4 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.201 port 10772 ssh2
May  4 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Failed password for invalid user www from 139.59.226.171 port 36234 ssh2
May  4 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Connection closed by 139.59.226.171 port 36234 [preauth]
May  4 14:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.201 port 10772 ssh2
May  4 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: Failed password for root from 152.206.118.154 port 58814 ssh2
May  4 14:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: Received disconnect from 152.206.118.154 port 58814:11: Bye Bye [preauth]
May  4 14:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7084]: Disconnected from 152.206.118.154 port 58814 [preauth]
May  4 14:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: Invalid user elasticsearch from 139.59.226.171
May  4 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: input_userauth_request: invalid user elasticsearch [preauth]
May  4 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.201 port 10772 ssh2
May  4 14:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7099]: Bad protocol version identification 'GET / HTTP/1.1' from 18.217.80.88 port 55416
May  4 14:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: Failed password for invalid user elasticsearch from 139.59.226.171 port 59886 ssh2
May  4 14:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7097]: Connection closed by 139.59.226.171 port 59886 [preauth]
May  4 14:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.201 port 10772 ssh2
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7116]: pam_unix(cron:session): session closed for user p13x
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7175]: Successful su for rubyman by root
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7175]: + ??? root:rubyman
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328086 of user rubyman.
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7175]: pam_unix(su:session): session closed for user rubyman
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328086.
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.201 port 10772 ssh2
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 10772 ssh2 [preauth]
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Disconnecting: Too many authentication failures [preauth]
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 14:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3824]: pam_unix(cron:session): session closed for user root
May  4 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7117]: pam_unix(cron:session): session closed for user samftp
May  4 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Invalid user sonar from 139.59.226.171
May  4 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: input_userauth_request: invalid user sonar [preauth]
May  4 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Failed password for root from 139.59.226.171 port 54238 ssh2
May  4 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Connection closed by 139.59.226.171 port 54238 [preauth]
May  4 14:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Failed password for invalid user sonar from 139.59.226.171 port 59870 ssh2
May  4 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: Invalid user postgres from 139.59.226.171
May  4 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: input_userauth_request: invalid user postgres [preauth]
May  4 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Connection closed by 139.59.226.171 port 59870 [preauth]
May  4 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Invalid user ubuntu from 193.32.162.84
May  4 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: input_userauth_request: invalid user ubuntu [preauth]
May  4 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: Failed password for invalid user postgres from 139.59.226.171 port 35908 ssh2
May  4 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 14:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: Connection closed by 139.59.226.171 port 35908 [preauth]
May  4 14:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Failed password for invalid user ubuntu from 193.32.162.84 port 57502 ssh2
May  4 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Connection closed by 193.32.162.84 port 57502 [preauth]
May  4 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Invalid user dev from 139.59.226.171
May  4 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: input_userauth_request: invalid user dev [preauth]
May  4 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Failed password for invalid user dev from 139.59.226.171 port 35910 ssh2
May  4 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Connection closed by 139.59.226.171 port 35910 [preauth]
May  4 14:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Invalid user guest from 139.59.226.171
May  4 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: input_userauth_request: invalid user guest [preauth]
May  4 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Failed password for invalid user guest from 139.59.226.171 port 35920 ssh2
May  4 14:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Connection closed by 139.59.226.171 port 35920 [preauth]
May  4 14:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Invalid user elsearch from 139.59.226.171
May  4 14:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: input_userauth_request: invalid user elsearch [preauth]
May  4 14:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Failed password for invalid user elsearch from 139.59.226.171 port 34564 ssh2
May  4 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7425]: Connection closed by 139.59.226.171 port 34564 [preauth]
May  4 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Invalid user tomcat from 139.59.226.171
May  4 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: input_userauth_request: invalid user tomcat [preauth]
May  4 14:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Invalid user git from 139.59.226.171
May  4 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: input_userauth_request: invalid user git [preauth]
May  4 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Failed password for invalid user tomcat from 139.59.226.171 port 34560 ssh2
May  4 14:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7428]: Connection closed by 139.59.226.171 port 34560 [preauth]
May  4 14:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Failed password for invalid user git from 139.59.226.171 port 40422 ssh2
May  4 14:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Connection closed by 139.59.226.171 port 40422 [preauth]
May  4 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Invalid user vagrant from 139.59.226.171
May  4 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: input_userauth_request: invalid user vagrant [preauth]
May  4 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6149]: pam_unix(cron:session): session closed for user root
May  4 14:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Failed password for invalid user vagrant from 139.59.226.171 port 40428 ssh2
May  4 14:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Connection closed by 139.59.226.171 port 40428 [preauth]
May  4 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Connection closed by 18.217.80.88 port 52462 [preauth]
May  4 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Invalid user esuser from 139.59.226.171
May  4 14:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: input_userauth_request: invalid user esuser [preauth]
May  4 14:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Failed password for invalid user esuser from 139.59.226.171 port 40546 ssh2
May  4 14:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7482]: Connection closed by 139.59.226.171 port 40546 [preauth]
May  4 14:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Invalid user tianyu from 197.5.145.121
May  4 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: input_userauth_request: invalid user tianyu [preauth]
May  4 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 14:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Invalid user esuser from 139.59.226.171
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: input_userauth_request: invalid user esuser [preauth]
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Failed password for invalid user tianyu from 197.5.145.121 port 36584 ssh2
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Received disconnect from 197.5.145.121 port 36584:11: Bye Bye [preauth]
May  4 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Disconnected from 197.5.145.121 port 36584 [preauth]
May  4 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Failed password for invalid user esuser from 139.59.226.171 port 40572 ssh2
May  4 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7612]: Connection closed by 139.59.226.171 port 40572 [preauth]
May  4 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Failed password for root from 139.59.226.171 port 34248 ssh2
May  4 14:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7614]: Connection closed by 139.59.226.171 port 34248 [preauth]
May  4 14:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: Invalid user ftpuser from 139.59.226.171
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: input_userauth_request: invalid user ftpuser [preauth]
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7652]: pam_unix(cron:session): session closed for user p13x
May  4 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: Successful su for rubyman by root
May  4 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: + ??? root:rubyman
May  4 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328091 of user rubyman.
May  4 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7721]: pam_unix(su:session): session closed for user rubyman
May  4 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328091.
May  4 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: Failed password for invalid user ftpuser from 139.59.226.171 port 48104 ssh2
May  4 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7647]: Connection closed by 139.59.226.171 port 48104 [preauth]
May  4 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session closed for user root
May  4 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Invalid user admin from 139.59.226.171
May  4 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: input_userauth_request: invalid user admin [preauth]
May  4 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session closed for user samftp
May  4 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Failed password for invalid user admin from 139.59.226.171 port 48116 ssh2
May  4 14:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Connection closed by 139.59.226.171 port 48116 [preauth]
May  4 14:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Invalid user es from 139.59.226.171
May  4 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: input_userauth_request: invalid user es [preauth]
May  4 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Failed password for invalid user es from 139.59.226.171 port 44900 ssh2
May  4 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7930]: Connection closed by 139.59.226.171 port 44900 [preauth]
May  4 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Failed password for root from 139.59.226.171 port 44912 ssh2
May  4 14:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Connection closed by 139.59.226.171 port 44912 [preauth]
May  4 14:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: Invalid user deploy from 139.59.226.171
May  4 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: input_userauth_request: invalid user deploy [preauth]
May  4 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: Failed password for invalid user deploy from 139.59.226.171 port 56376 ssh2
May  4 14:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: Connection closed by 139.59.226.171 port 56376 [preauth]
May  4 14:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: Invalid user dev from 139.59.226.171
May  4 14:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: input_userauth_request: invalid user dev [preauth]
May  4 14:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6572]: pam_unix(cron:session): session closed for user root
May  4 14:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: Failed password for invalid user dev from 139.59.226.171 port 56390 ssh2
May  4 14:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7993]: Connection closed by 139.59.226.171 port 56390 [preauth]
May  4 14:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Invalid user oscar from 139.59.226.171
May  4 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: input_userauth_request: invalid user oscar [preauth]
May  4 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Failed password for invalid user oscar from 139.59.226.171 port 58576 ssh2
May  4 14:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Connection closed by 139.59.226.171 port 58576 [preauth]
May  4 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Invalid user demo from 139.59.226.171
May  4 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: input_userauth_request: invalid user demo [preauth]
May  4 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Invalid user dolphinscheduler from 139.59.226.171
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Invalid user telegram from 92.118.39.61
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: input_userauth_request: invalid user telegram [preauth]
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Failed password for invalid user demo from 139.59.226.171 port 43766 ssh2
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Connection closed by 139.59.226.171 port 43766 [preauth]
May  4 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Failed password for invalid user telegram from 92.118.39.61 port 45464 ssh2
May  4 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Connection closed by 92.118.39.61 port 45464 [preauth]
May  4 14:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Failed password for invalid user dolphinscheduler from 139.59.226.171 port 58588 ssh2
May  4 14:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Connection closed by 139.59.226.171 port 58588 [preauth]
May  4 14:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Invalid user pi from 139.59.226.171
May  4 14:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: input_userauth_request: invalid user pi [preauth]
May  4 14:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Failed password for invalid user pi from 139.59.226.171 port 58592 ssh2
May  4 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8061]: Connection closed by 139.59.226.171 port 58592 [preauth]
May  4 14:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Invalid user oceanbase from 139.59.226.171
May  4 14:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: input_userauth_request: invalid user oceanbase [preauth]
May  4 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Failed password for invalid user oceanbase from 139.59.226.171 port 49790 ssh2
May  4 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 14:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8085]: Connection closed by 139.59.226.171 port 49790 [preauth]
May  4 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Invalid user admin from 64.226.117.59
May  4 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: input_userauth_request: invalid user admin [preauth]
May  4 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): check pass; user unknown
May  4 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for invalid user admin from 64.226.117.59 port 59186 ssh2
May  4 15:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 64.226.117.59 port 59186 [preauth]
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8112]: pam_unix(cron:session): session closed for user root
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session closed for user root
May  4 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session closed for user p13x
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: Successful su for rubyman by root
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: + ??? root:rubyman
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328096 of user rubyman.
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8219]: pam_unix(su:session): session closed for user rubyman
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Invalid user lighthouse from 139.59.226.171
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: input_userauth_request: invalid user lighthouse [preauth]
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328096.
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Failed password for invalid user lighthouse from 139.59.226.171 port 37270 ssh2
May  4 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Connection closed by 139.59.226.171 port 37270 [preauth]
May  4 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session closed for user root
May  4 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session closed for user root
May  4 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Invalid user dev from 139.59.226.171
May  4 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: input_userauth_request: invalid user dev [preauth]
May  4 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session closed for user samftp
May  4 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Failed password for invalid user dev from 139.59.226.171 port 49774 ssh2
May  4 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Connection closed by 139.59.226.171 port 49774 [preauth]
May  4 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: Failed password for root from 139.59.226.171 port 56576 ssh2
May  4 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8454]: Connection closed by 139.59.226.171 port 56576 [preauth]
May  4 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Failed password for root from 139.59.226.171 port 56584 ssh2
May  4 15:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Connection closed by 139.59.226.171 port 56584 [preauth]
May  4 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: Failed password for root from 139.59.226.171 port 47074 ssh2
May  4 15:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8484]: Connection closed by 139.59.226.171 port 47074 [preauth]
May  4 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Failed password for root from 139.59.226.171 port 37284 ssh2
May  4 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Connection closed by 139.59.226.171 port 37284 [preauth]
May  4 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: Invalid user user from 139.59.226.171
May  4 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: input_userauth_request: invalid user user [preauth]
May  4 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: Failed password for invalid user user from 139.59.226.171 port 47084 ssh2
May  4 15:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8496]: Connection closed by 139.59.226.171 port 47084 [preauth]
May  4 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Failed password for root from 139.59.226.171 port 46636 ssh2
May  4 15:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Connection closed by 139.59.226.171 port 46636 [preauth]
May  4 15:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Invalid user svnuser from 139.59.226.171
May  4 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: input_userauth_request: invalid user svnuser [preauth]
May  4 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session closed for user root
May  4 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Failed password for invalid user svnuser from 139.59.226.171 port 46644 ssh2
May  4 15:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8528]: Connection closed by 139.59.226.171 port 46644 [preauth]
May  4 15:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Invalid user ftpuser from 139.59.226.171
May  4 15:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: input_userauth_request: invalid user ftpuser [preauth]
May  4 15:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Invalid user ubuntu from 139.59.226.171
May  4 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: input_userauth_request: invalid user ubuntu [preauth]
May  4 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Failed password for invalid user ftpuser from 139.59.226.171 port 46646 ssh2
May  4 15:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8608]: Connection closed by 139.59.226.171 port 46646 [preauth]
May  4 15:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Failed password for invalid user ubuntu from 139.59.226.171 port 40088 ssh2
May  4 15:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8610]: Connection closed by 139.59.226.171 port 40088 [preauth]
May  4 15:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Failed password for root from 139.59.226.171 port 40102 ssh2
May  4 15:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Connection closed by 139.59.226.171 port 40102 [preauth]
May  4 15:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Invalid user esadmin from 139.59.226.171
May  4 15:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: input_userauth_request: invalid user esadmin [preauth]
May  4 15:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Failed password for invalid user esadmin from 139.59.226.171 port 33934 ssh2
May  4 15:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8645]: Connection closed by 139.59.226.171 port 33934 [preauth]
May  4 15:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Failed password for root from 139.59.226.171 port 33948 ssh2
May  4 15:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8657]: Connection closed by 139.59.226.171 port 33948 [preauth]
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8670]: pam_unix(cron:session): session closed for user p13x
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: Successful su for rubyman by root
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: + ??? root:rubyman
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328102 of user rubyman.
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8750]: pam_unix(su:session): session closed for user rubyman
May  4 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328102.
May  4 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5554]: pam_unix(cron:session): session closed for user root
May  4 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session closed for user samftp
May  4 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Invalid user flask from 139.59.226.171
May  4 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: input_userauth_request: invalid user flask [preauth]
May  4 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user flask from 139.59.226.171 port 52884 ssh2
May  4 15:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection closed by 139.59.226.171 port 52884 [preauth]
May  4 15:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Failed password for root from 139.59.226.171 port 34880 ssh2
May  4 15:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Connection closed by 139.59.226.171 port 34880 [preauth]
May  4 15:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Invalid user deploy from 139.59.226.171
May  4 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: input_userauth_request: invalid user deploy [preauth]
May  4 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Failed password for invalid user deploy from 139.59.226.171 port 52896 ssh2
May  4 15:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Connection closed by 139.59.226.171 port 52896 [preauth]
May  4 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for root from 139.59.226.171 port 34886 ssh2
May  4 15:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Connection closed by 139.59.226.171 port 34886 [preauth]
May  4 15:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Invalid user rabbitmq from 139.59.226.171
May  4 15:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: input_userauth_request: invalid user rabbitmq [preauth]
May  4 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Failed password for invalid user rabbitmq from 139.59.226.171 port 56312 ssh2
May  4 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8988]: Connection closed by 139.59.226.171 port 56312 [preauth]
May  4 15:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Failed password for root from 139.59.226.171 port 56328 ssh2
May  4 15:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9000]: Connection closed by 139.59.226.171 port 56328 [preauth]
May  4 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7656]: pam_unix(cron:session): session closed for user root
May  4 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Failed password for root from 139.59.226.171 port 51814 ssh2
May  4 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9024]: Connection closed by 139.59.226.171 port 51814 [preauth]
May  4 15:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Failed password for root from 139.59.226.171 port 51806 ssh2
May  4 15:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9055]: Connection closed by 139.59.226.171 port 51806 [preauth]
May  4 15:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Failed password for root from 139.59.226.171 port 50216 ssh2
May  4 15:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9057]: Connection closed by 139.59.226.171 port 50216 [preauth]
May  4 15:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Invalid user wang from 139.59.226.171
May  4 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: input_userauth_request: invalid user wang [preauth]
May  4 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Failed password for invalid user wang from 139.59.226.171 port 50222 ssh2
May  4 15:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9068]: Connection closed by 139.59.226.171 port 50222 [preauth]
May  4 15:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Invalid user hadoop from 139.59.226.171
May  4 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: input_userauth_request: invalid user hadoop [preauth]
May  4 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Failed password for invalid user hadoop from 139.59.226.171 port 41510 ssh2
May  4 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9091]: Connection closed by 139.59.226.171 port 41510 [preauth]
May  4 15:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Failed password for root from 139.59.226.171 port 41516 ssh2
May  4 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9102]: Connection closed by 139.59.226.171 port 41516 [preauth]
May  4 15:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: User ftp from 139.59.226.171 not allowed because not listed in AllowUsers
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: input_userauth_request: invalid user ftp [preauth]
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=ftp
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9214]: pam_unix(cron:session): session closed for user p13x
May  4 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9306]: Successful su for rubyman by root
May  4 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9306]: + ??? root:rubyman
May  4 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328105 of user rubyman.
May  4 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9306]: pam_unix(su:session): session closed for user rubyman
May  4 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328105.
May  4 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Failed password for invalid user ftp from 139.59.226.171 port 44492 ssh2
May  4 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Connection closed by 139.59.226.171 port 44492 [preauth]
May  4 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session closed for user root
May  4 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Invalid user uftp from 139.59.226.171
May  4 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: input_userauth_request: invalid user uftp [preauth]
May  4 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9215]: pam_unix(cron:session): session closed for user samftp
May  4 15:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Failed password for invalid user uftp from 139.59.226.171 port 44500 ssh2
May  4 15:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Connection closed by 139.59.226.171 port 44500 [preauth]
May  4 15:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Invalid user awsgui from 139.59.226.171
May  4 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: input_userauth_request: invalid user awsgui [preauth]
May  4 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Failed password for invalid user awsgui from 139.59.226.171 port 44758 ssh2
May  4 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9498]: Connection closed by 139.59.226.171 port 44758 [preauth]
May  4 15:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: Invalid user dolphinscheduler from 139.59.226.171
May  4 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: Failed password for invalid user dolphinscheduler from 139.59.226.171 port 44764 ssh2
May  4 15:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9522]: Connection closed by 139.59.226.171 port 44764 [preauth]
May  4 15:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: Failed password for root from 139.59.226.171 port 32876 ssh2
May  4 15:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9532]: Connection closed by 139.59.226.171 port 32876 [preauth]
May  4 15:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Invalid user yarn from 139.59.226.171
May  4 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: input_userauth_request: invalid user yarn [preauth]
May  4 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Failed password for invalid user yarn from 139.59.226.171 port 32882 ssh2
May  4 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9535]: Connection closed by 139.59.226.171 port 32882 [preauth]
May  4 15:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Invalid user test2 from 139.59.226.171
May  4 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: input_userauth_request: invalid user test2 [preauth]
May  4 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Failed password for invalid user test2 from 139.59.226.171 port 32896 ssh2
May  4 15:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: Connection closed by 139.59.226.171 port 32896 [preauth]
May  4 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session closed for user root
May  4 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Invalid user guest from 139.59.226.171
May  4 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: input_userauth_request: invalid user guest [preauth]
May  4 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for invalid user guest from 139.59.226.171 port 33220 ssh2
May  4 15:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Connection closed by 139.59.226.171 port 33220 [preauth]
May  4 15:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Invalid user wang from 139.59.226.171
May  4 15:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: input_userauth_request: invalid user wang [preauth]
May  4 15:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Failed password for invalid user wang from 139.59.226.171 port 51150 ssh2
May  4 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9606]: Connection closed by 139.59.226.171 port 51150 [preauth]
May  4 15:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: Invalid user www from 139.59.226.171
May  4 15:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: input_userauth_request: invalid user www [preauth]
May  4 15:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Invalid user oracle from 139.59.226.171
May  4 15:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: input_userauth_request: invalid user oracle [preauth]
May  4 15:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: Failed password for invalid user www from 139.59.226.171 port 51158 ssh2
May  4 15:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9624]: Connection closed by 139.59.226.171 port 51158 [preauth]
May  4 15:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Failed password for invalid user oracle from 139.59.226.171 port 33216 ssh2
May  4 15:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Connection closed by 139.59.226.171 port 33216 [preauth]
May  4 15:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Invalid user minecraft from 50.235.31.47
May  4 15:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: input_userauth_request: invalid user minecraft [preauth]
May  4 15:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 15:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Failed password for invalid user minecraft from 50.235.31.47 port 55004 ssh2
May  4 15:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9643]: Connection closed by 50.235.31.47 port 55004 [preauth]
May  4 15:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Invalid user nexus from 139.59.226.171
May  4 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: input_userauth_request: invalid user nexus [preauth]
May  4 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Failed password for invalid user nexus from 139.59.226.171 port 34242 ssh2
May  4 15:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Connection closed by 139.59.226.171 port 34242 [preauth]
May  4 15:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Invalid user app from 139.59.226.171
May  4 15:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: input_userauth_request: invalid user app [preauth]
May  4 15:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Failed password for invalid user app from 139.59.226.171 port 52588 ssh2
May  4 15:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Connection closed by 139.59.226.171 port 52588 [preauth]
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9668]: pam_unix(cron:session): session closed for user p13x
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: Successful su for rubyman by root
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: + ??? root:rubyman
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328109 of user rubyman.
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9733]: pam_unix(su:session): session closed for user rubyman
May  4 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328109.
May  4 15:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session closed for user root
May  4 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9669]: pam_unix(cron:session): session closed for user samftp
May  4 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Failed password for root from 139.59.226.171 port 34236 ssh2
May  4 15:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Connection closed by 139.59.226.171 port 34236 [preauth]
May  4 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Failed password for root from 139.59.226.171 port 52596 ssh2
May  4 15:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Connection closed by 139.59.226.171 port 52596 [preauth]
May  4 15:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171  user=root
May  4 15:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9924]: Failed password for root from 139.59.226.171 port 56118 ssh2
May  4 15:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9924]: Connection closed by 139.59.226.171 port 56118 [preauth]
May  4 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Invalid user sugi from 139.59.226.171
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: input_userauth_request: invalid user sugi [preauth]
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: Invalid user jang from 197.5.145.121
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: input_userauth_request: invalid user jang [preauth]
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: Failed password for invalid user jang from 197.5.145.121 port 36585 ssh2
May  4 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Failed password for invalid user sugi from 139.59.226.171 port 40826 ssh2
May  4 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: Received disconnect from 197.5.145.121 port 36585:11: Bye Bye [preauth]
May  4 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9959]: Disconnected from 197.5.145.121 port 36585 [preauth]
May  4 15:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9957]: Connection closed by 139.59.226.171 port 40826 [preauth]
May  4 15:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Invalid user es from 139.59.226.171
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: input_userauth_request: invalid user es [preauth]
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.226.171
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Invalid user test from 152.206.118.154
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: input_userauth_request: invalid user test [preauth]
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 15:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9993]: Connection reset by 147.185.132.58 port 61842 [preauth]
May  4 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Failed password for invalid user es from 139.59.226.171 port 56126 ssh2
May  4 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for invalid user test from 152.206.118.154 port 51040 ssh2
May  4 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9995]: Connection closed by 139.59.226.171 port 56126 [preauth]
May  4 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Received disconnect from 152.206.118.154 port 51040:11: Bye Bye [preauth]
May  4 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Disconnected from 152.206.118.154 port 51040 [preauth]
May  4 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8674]: pam_unix(cron:session): session closed for user root
May  4 15:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Did not receive identification string from 154.81.156.51
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10090]: pam_unix(cron:session): session closed for user p13x
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: Successful su for rubyman by root
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: + ??? root:rubyman
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328114 of user rubyman.
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10151]: pam_unix(su:session): session closed for user rubyman
May  4 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328114.
May  4 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7118]: pam_unix(cron:session): session closed for user root
May  4 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10091]: pam_unix(cron:session): session closed for user samftp
May  4 15:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9217]: pam_unix(cron:session): session closed for user root
May  4 15:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Invalid user chenwei from 176.31.162.135
May  4 15:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: input_userauth_request: invalid user chenwei [preauth]
May  4 15:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 15:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Failed password for invalid user chenwei from 176.31.162.135 port 47082 ssh2
May  4 15:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10529]: Connection closed by 176.31.162.135 port 47082 [preauth]
May  4 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: Invalid user 3 from 195.178.110.50
May  4 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: input_userauth_request: invalid user 3 [preauth]
May  4 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: Failed password for invalid user 3 from 195.178.110.50 port 44592 ssh2
May  4 15:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: Connection closed by 195.178.110.50 port 44592 [preauth]
May  4 15:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Invalid user ubuntu from 193.32.162.84
May  4 15:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: input_userauth_request: invalid user ubuntu [preauth]
May  4 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 15:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Failed password for invalid user ubuntu from 193.32.162.84 port 60062 ssh2
May  4 15:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Connection closed by 193.32.162.84 port 60062 [preauth]
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: Invalid user ^ from 195.178.110.50
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: input_userauth_request: invalid user ^ [preauth]
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10626]: pam_unix(cron:session): session closed for user root
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10611]: pam_unix(cron:session): session closed for user p13x
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10731]: Successful su for rubyman by root
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10731]: + ??? root:rubyman
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328117 of user rubyman.
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10731]: pam_unix(su:session): session closed for user rubyman
May  4 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328117.
May  4 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: Failed password for invalid user ^ from 195.178.110.50 port 2618 ssh2
May  4 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10613]: pam_unix(cron:session): session closed for user root
May  4 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session closed for user root
May  4 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10575]: Connection closed by 195.178.110.50 port 2618 [preauth]
May  4 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10612]: pam_unix(cron:session): session closed for user samftp
May  4 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Invalid user + from 195.178.110.50
May  4 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: input_userauth_request: invalid user + [preauth]
May  4 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: pam_unix(sshd:auth): bad username [+]
May  4 15:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Failed password for invalid user + from 195.178.110.50 port 64686 ssh2
May  4 15:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10920]: Connection closed by 195.178.110.50 port 64686 [preauth]
May  4 15:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9672]: pam_unix(cron:session): session closed for user root
May  4 15:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Invalid user V from 195.178.110.50
May  4 15:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: input_userauth_request: invalid user V [preauth]
May  4 15:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for invalid user V from 195.178.110.50 port 27812 ssh2
May  4 15:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Connection closed by 195.178.110.50 port 27812 [preauth]
May  4 15:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Invalid user project from 46.244.96.25
May  4 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: input_userauth_request: invalid user project [preauth]
May  4 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 15:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Failed password for invalid user project from 46.244.96.25 port 33892 ssh2
May  4 15:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Connection closed by 46.244.96.25 port 33892 [preauth]
May  4 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Invalid user # from 195.178.110.50
May  4 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: input_userauth_request: invalid user # [preauth]
May  4 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user p13x
May  4 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: Successful su for rubyman by root
May  4 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: + ??? root:rubyman
May  4 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328124 of user rubyman.
May  4 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11164]: pam_unix(su:session): session closed for user rubyman
May  4 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328124.
May  4 15:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Failed password for invalid user # from 195.178.110.50 port 26924 ssh2
May  4 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session closed for user root
May  4 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session closed for user samftp
May  4 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Connection closed by 195.178.110.50 port 26924 [preauth]
May  4 15:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 15:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for root from 218.92.0.237 port 50328 ssh2
May  4 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Invalid user admin from 64.226.117.59
May  4 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: input_userauth_request: invalid user admin [preauth]
May  4 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session closed for user root
May  4 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Failed password for invalid user admin from 64.226.117.59 port 43234 ssh2
May  4 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11411]: Connection closed by 64.226.117.59 port 43234 [preauth]
May  4 15:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Failed password for root from 218.92.0.233 port 37742 ssh2
May  4 15:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 37742 ssh2]
May  4 15:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Received disconnect from 218.92.0.233 port 37742:11:  [preauth]
May  4 15:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Disconnected from 218.92.0.233 port 37742 [preauth]
May  4 15:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 15:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Invalid user btc1 from 92.118.39.61
May  4 15:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: input_userauth_request: invalid user btc1 [preauth]
May  4 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Failed password for invalid user btc1 from 92.118.39.61 port 55390 ssh2
May  4 15:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Connection closed by 92.118.39.61 port 55390 [preauth]
May  4 15:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session closed for user p13x
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11573]: Successful su for rubyman by root
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11573]: + ??? root:rubyman
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328127 of user rubyman.
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11573]: pam_unix(su:session): session closed for user rubyman
May  4 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328127.
May  4 15:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8672]: pam_unix(cron:session): session closed for user root
May  4 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user samftp
May  4 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 15:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: Failed password for root from 218.92.0.233 port 48492 ssh2
May  4 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 48492 ssh2]
May  4 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: Received disconnect from 218.92.0.233 port 48492:11:  [preauth]
May  4 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: Disconnected from 218.92.0.233 port 48492 [preauth]
May  4 15:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11731]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 15:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10625]: pam_unix(cron:session): session closed for user root
May  4 15:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 15:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Failed password for root from 218.92.0.233 port 41438 ssh2
May  4 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 41438 ssh2]
May  4 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Received disconnect from 218.92.0.233 port 41438:11:  [preauth]
May  4 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: Disconnected from 218.92.0.233 port 41438 [preauth]
May  4 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11874]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  4 15:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Invalid user taibabi from 197.5.145.121
May  4 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: input_userauth_request: invalid user taibabi [preauth]
May  4 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Failed password for invalid user taibabi from 197.5.145.121 port 36586 ssh2
May  4 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Received disconnect from 197.5.145.121 port 36586:11: Bye Bye [preauth]
May  4 15:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11902]: Disconnected from 197.5.145.121 port 36586 [preauth]
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11913]: pam_unix(cron:session): session closed for user p13x
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11973]: Successful su for rubyman by root
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11973]: + ??? root:rubyman
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328132 of user rubyman.
May  4 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11973]: pam_unix(su:session): session closed for user rubyman
May  4 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328132.
May  4 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9216]: pam_unix(cron:session): session closed for user root
May  4 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user samftp
May  4 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11098]: pam_unix(cron:session): session closed for user root
May  4 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12302]: pam_unix(cron:session): session closed for user p13x
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12428]: Successful su for rubyman by root
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12428]: + ??? root:rubyman
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328136 of user rubyman.
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12428]: pam_unix(su:session): session closed for user rubyman
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328136.
May  4 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session closed for user root
May  4 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9670]: pam_unix(cron:session): session closed for user root
May  4 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12303]: pam_unix(cron:session): session closed for user samftp
May  4 15:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 15:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Failed password for root from 152.206.118.154 port 57292 ssh2
May  4 15:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Received disconnect from 152.206.118.154 port 57292:11: Bye Bye [preauth]
May  4 15:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12644]: Disconnected from 152.206.118.154 port 57292 [preauth]
May  4 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user root
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12786]: pam_unix(cron:session): session closed for user root
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session closed for user p13x
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12850]: Successful su for rubyman by root
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12850]: + ??? root:rubyman
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328140 of user rubyman.
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12850]: pam_unix(su:session): session closed for user rubyman
May  4 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328140.
May  4 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12783]: pam_unix(cron:session): session closed for user root
May  4 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session closed for user root
May  4 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12782]: pam_unix(cron:session): session closed for user samftp
May  4 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session closed for user root
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user p13x
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: Successful su for rubyman by root
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: + ??? root:rubyman
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328146 of user rubyman.
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13283]: pam_unix(su:session): session closed for user rubyman
May  4 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328146.
May  4 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10614]: pam_unix(cron:session): session closed for user root
May  4 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session closed for user samftp
May  4 15:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Invalid user ubuntu from 193.32.162.84
May  4 15:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: input_userauth_request: invalid user ubuntu [preauth]
May  4 15:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 15:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Failed password for invalid user ubuntu from 193.32.162.84 port 34388 ssh2
May  4 15:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Connection closed by 193.32.162.84 port 34388 [preauth]
May  4 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12310]: pam_unix(cron:session): session closed for user root
May  4 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session closed for user p13x
May  4 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13787]: Successful su for rubyman by root
May  4 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13787]: + ??? root:rubyman
May  4 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328150 of user rubyman.
May  4 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13787]: pam_unix(su:session): session closed for user rubyman
May  4 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328150.
May  4 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session closed for user root
May  4 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session closed for user samftp
May  4 15:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Invalid user taibabi from 197.5.145.121
May  4 15:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: input_userauth_request: invalid user taibabi [preauth]
May  4 15:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Failed password for invalid user taibabi from 197.5.145.121 port 36587 ssh2
May  4 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Received disconnect from 197.5.145.121 port 36587:11: Bye Bye [preauth]
May  4 15:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Disconnected from 197.5.145.121 port 36587 [preauth]
May  4 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12785]: pam_unix(cron:session): session closed for user root
May  4 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user p13x
May  4 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14189]: Successful su for rubyman by root
May  4 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14189]: + ??? root:rubyman
May  4 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328157 of user rubyman.
May  4 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14189]: pam_unix(su:session): session closed for user rubyman
May  4 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328157.
May  4 15:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user root
May  4 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user samftp
May  4 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Invalid user admin from 64.226.117.59
May  4 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: input_userauth_request: invalid user admin [preauth]
May  4 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Failed password for invalid user admin from 64.226.117.59 port 59464 ssh2
May  4 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14366]: Connection closed by 64.226.117.59 port 59464 [preauth]
May  4 15:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user root
May  4 15:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Invalid user filecoin from 92.118.39.61
May  4 15:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: input_userauth_request: invalid user filecoin [preauth]
May  4 15:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 15:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Failed password for invalid user filecoin from 92.118.39.61 port 37080 ssh2
May  4 15:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14500]: Connection closed by 92.118.39.61 port 37080 [preauth]
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14528]: pam_unix(cron:session): session closed for user p13x
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: Successful su for rubyman by root
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: + ??? root:rubyman
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328159 of user rubyman.
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14593]: pam_unix(su:session): session closed for user rubyman
May  4 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328159.
May  4 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user root
May  4 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14529]: pam_unix(cron:session): session closed for user samftp
May  4 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13725]: pam_unix(cron:session): session closed for user root
May  4 15:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Invalid user admin from 152.206.118.154
May  4 15:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: input_userauth_request: invalid user admin [preauth]
May  4 15:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Failed password for invalid user admin from 152.206.118.154 port 56870 ssh2
May  4 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Received disconnect from 152.206.118.154 port 56870:11: Bye Bye [preauth]
May  4 15:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Disconnected from 152.206.118.154 port 56870 [preauth]
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14947]: pam_unix(cron:session): session closed for user root
May  4 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session closed for user p13x
May  4 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15011]: Successful su for rubyman by root
May  4 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15011]: + ??? root:rubyman
May  4 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328163 of user rubyman.
May  4 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15011]: pam_unix(su:session): session closed for user rubyman
May  4 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328163.
May  4 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session closed for user root
May  4 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12309]: pam_unix(cron:session): session closed for user root
May  4 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14942]: pam_unix(cron:session): session closed for user samftp
May  4 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session closed for user p13x
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15432]: Successful su for rubyman by root
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15432]: + ??? root:rubyman
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328168 of user rubyman.
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15432]: pam_unix(su:session): session closed for user rubyman
May  4 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328168.
May  4 15:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12784]: pam_unix(cron:session): session closed for user root
May  4 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session closed for user samftp
May  4 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Invalid user sebastien from 197.5.145.121
May  4 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: input_userauth_request: invalid user sebastien [preauth]
May  4 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session closed for user root
May  4 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Failed password for invalid user sebastien from 197.5.145.121 port 36588 ssh2
May  4 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Received disconnect from 197.5.145.121 port 36588:11: Bye Bye [preauth]
May  4 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Disconnected from 197.5.145.121 port 36588 [preauth]
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15760]: pam_unix(cron:session): session closed for user root
May  4 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15762]: pam_unix(cron:session): session closed for user p13x
May  4 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15825]: Successful su for rubyman by root
May  4 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15825]: + ??? root:rubyman
May  4 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328175 of user rubyman.
May  4 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15825]: pam_unix(su:session): session closed for user rubyman
May  4 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328175.
May  4 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user root
May  4 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15763]: pam_unix(cron:session): session closed for user samftp
May  4 15:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 15:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Failed password for root from 80.94.95.125 port 44847 ssh2
May  4 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 44847 ssh2]
May  4 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Received disconnect from 80.94.95.125 port 44847:11: Bye [preauth]
May  4 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: Disconnected from 80.94.95.125 port 44847 [preauth]
May  4 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 15:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16016]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session closed for user root
May  4 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84  user=root
May  4 15:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Failed password for root from 193.32.162.84 port 36940 ssh2
May  4 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Connection closed by 193.32.162.84 port 36940 [preauth]
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16153]: pam_unix(cron:session): session closed for user p13x
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16212]: Successful su for rubyman by root
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16212]: + ??? root:rubyman
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328177 of user rubyman.
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16212]: pam_unix(su:session): session closed for user rubyman
May  4 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328177.
May  4 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13724]: pam_unix(cron:session): session closed for user root
May  4 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16154]: pam_unix(cron:session): session closed for user samftp
May  4 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session closed for user root
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16580]: pam_unix(cron:session): session closed for user p13x
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: Successful su for rubyman by root
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: + ??? root:rubyman
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328181 of user rubyman.
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16659]: pam_unix(su:session): session closed for user rubyman
May  4 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328181.
May  4 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user root
May  4 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16581]: pam_unix(cron:session): session closed for user samftp
May  4 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15765]: pam_unix(cron:session): session closed for user root
May  4 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Invalid user admin from 64.226.117.59
May  4 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: input_userauth_request: invalid user admin [preauth]
May  4 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 15:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Failed password for invalid user admin from 64.226.117.59 port 40890 ssh2
May  4 15:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Connection closed by 64.226.117.59 port 40890 [preauth]
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session closed for user root
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session closed for user p13x
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17091]: Successful su for rubyman by root
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17091]: + ??? root:rubyman
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328187 of user rubyman.
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17091]: pam_unix(su:session): session closed for user rubyman
May  4 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328187.
May  4 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session closed for user root
May  4 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session closed for user root
May  4 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session closed for user samftp
May  4 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16156]: pam_unix(cron:session): session closed for user root
May  4 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Invalid user xiaolong from 152.206.118.154
May  4 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: input_userauth_request: invalid user xiaolong [preauth]
May  4 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 15:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Failed password for invalid user xiaolong from 152.206.118.154 port 40742 ssh2
May  4 15:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Received disconnect from 152.206.118.154 port 40742:11: Bye Bye [preauth]
May  4 15:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17385]: Disconnected from 152.206.118.154 port 40742 [preauth]
May  4 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: Invalid user lotus from 92.118.39.61
May  4 15:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: input_userauth_request: invalid user lotus [preauth]
May  4 15:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 15:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: Failed password for invalid user lotus from 92.118.39.61 port 47008 ssh2
May  4 15:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17405]: Connection closed by 92.118.39.61 port 47008 [preauth]
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session closed for user p13x
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17537]: Successful su for rubyman by root
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17537]: + ??? root:rubyman
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328191 of user rubyman.
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17537]: pam_unix(su:session): session closed for user rubyman
May  4 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328191.
May  4 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session closed for user root
May  4 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session closed for user samftp
May  4 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Invalid user deploy from 197.5.145.121
May  4 15:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: input_userauth_request: invalid user deploy [preauth]
May  4 15:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for invalid user deploy from 197.5.145.121 port 36589 ssh2
May  4 15:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Received disconnect from 197.5.145.121 port 36589:11: Bye Bye [preauth]
May  4 15:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Disconnected from 197.5.145.121 port 36589 [preauth]
May  4 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16588]: pam_unix(cron:session): session closed for user root
May  4 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17996]: pam_unix(cron:session): session closed for user p13x
May  4 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: Successful su for rubyman by root
May  4 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: + ??? root:rubyman
May  4 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328197 of user rubyman.
May  4 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: pam_unix(su:session): session closed for user rubyman
May  4 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328197.
May  4 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session closed for user root
May  4 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session closed for user samftp
May  4 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17027]: pam_unix(cron:session): session closed for user root
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18410]: pam_unix(cron:session): session closed for user p13x
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: Successful su for rubyman by root
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: + ??? root:rubyman
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328201 of user rubyman.
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18475]: pam_unix(su:session): session closed for user rubyman
May  4 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328201.
May  4 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15764]: pam_unix(cron:session): session closed for user root
May  4 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18411]: pam_unix(cron:session): session closed for user samftp
May  4 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session closed for user root
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18815]: pam_unix(cron:session): session closed for user p13x
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18878]: Successful su for rubyman by root
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18878]: + ??? root:rubyman
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328204 of user rubyman.
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18878]: pam_unix(su:session): session closed for user rubyman
May  4 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328204.
May  4 15:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16155]: pam_unix(cron:session): session closed for user root
May  4 15:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18816]: pam_unix(cron:session): session closed for user samftp
May  4 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session closed for user root
May  4 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84  user=root
May  4 15:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: Failed password for root from 193.32.162.84 port 39510 ssh2
May  4 15:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19151]: Connection closed by 193.32.162.84 port 39510 [preauth]
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user root
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19221]: pam_unix(cron:session): session closed for user p13x
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: Successful su for rubyman by root
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: + ??? root:rubyman
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328212 of user rubyman.
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19300]: pam_unix(su:session): session closed for user rubyman
May  4 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328212.
May  4 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19223]: pam_unix(cron:session): session closed for user root
May  4 15:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16582]: pam_unix(cron:session): session closed for user root
May  4 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19222]: pam_unix(cron:session): session closed for user samftp
May  4 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18413]: pam_unix(cron:session): session closed for user root
May  4 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19603]: Failed password for root from 197.5.145.121 port 36590 ssh2
May  4 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19603]: Received disconnect from 197.5.145.121 port 36590:11: Bye Bye [preauth]
May  4 15:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19603]: Disconnected from 197.5.145.121 port 36590 [preauth]
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19676]: pam_unix(cron:session): session closed for user p13x
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19747]: Successful su for rubyman by root
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19747]: + ??? root:rubyman
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328213 of user rubyman.
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19747]: pam_unix(su:session): session closed for user rubyman
May  4 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328213.
May  4 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session closed for user root
May  4 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19678]: pam_unix(cron:session): session closed for user samftp
May  4 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: Invalid user datauser from 164.68.105.9
May  4 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: input_userauth_request: invalid user datauser [preauth]
May  4 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 15:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: Failed password for invalid user datauser from 164.68.105.9 port 59896 ssh2
May  4 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Invalid user vadim from 152.206.118.154
May  4 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: input_userauth_request: invalid user vadim [preauth]
May  4 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 15:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19931]: Connection closed by 164.68.105.9 port 59896 [preauth]
May  4 15:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Failed password for invalid user vadim from 152.206.118.154 port 55264 ssh2
May  4 15:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Received disconnect from 152.206.118.154 port 55264:11: Bye Bye [preauth]
May  4 15:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19933]: Disconnected from 152.206.118.154 port 55264 [preauth]
May  4 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session closed for user root
May  4 15:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Invalid user admin from 64.226.117.59
May  4 15:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: input_userauth_request: invalid user admin [preauth]
May  4 15:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 15:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Failed password for invalid user admin from 64.226.117.59 port 53612 ssh2
May  4 15:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20096]: Connection closed by 64.226.117.59 port 53612 [preauth]
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session closed for user p13x
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: Successful su for rubyman by root
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: + ??? root:rubyman
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328218 of user rubyman.
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: pam_unix(su:session): session closed for user rubyman
May  4 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328218.
May  4 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session closed for user root
May  4 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20118]: pam_unix(cron:session): session closed for user samftp
May  4 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Invalid user degen from 92.118.39.61
May  4 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: input_userauth_request: invalid user degen [preauth]
May  4 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.61
May  4 15:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Failed password for invalid user degen from 92.118.39.61 port 56934 ssh2
May  4 15:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Connection closed by 92.118.39.61 port 56934 [preauth]
May  4 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session closed for user root
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session closed for user p13x
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: Successful su for rubyman by root
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: + ??? root:rubyman
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328221 of user rubyman.
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: pam_unix(su:session): session closed for user rubyman
May  4 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328221.
May  4 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session closed for user root
May  4 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session closed for user samftp
May  4 15:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19681]: pam_unix(cron:session): session closed for user root
May  4 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21020]: pam_unix(cron:session): session closed for user p13x
May  4 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21083]: Successful su for rubyman by root
May  4 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21083]: + ??? root:rubyman
May  4 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328225 of user rubyman.
May  4 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21083]: pam_unix(su:session): session closed for user rubyman
May  4 15:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328225.
May  4 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18412]: pam_unix(cron:session): session closed for user root
May  4 15:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21021]: pam_unix(cron:session): session closed for user samftp
May  4 15:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 15:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: Failed password for root from 218.92.0.204 port 49594 ssh2
May  4 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 49594 ssh2]
May  4 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 49594 ssh2 [preauth]
May  4 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: Disconnecting: Too many authentication failures [preauth]
May  4 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21309]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 15:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 218.92.0.204 port 14178 ssh2
May  4 15:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 218.92.0.204 port 14178 ssh2
May  4 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session closed for user root
May  4 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 218.92.0.204 port 14178 ssh2
May  4 15:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 14178 ssh2]
May  4 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Failed password for root from 218.92.0.204 port 14178 ssh2
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 14178 ssh2 [preauth]
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: Disconnecting: Too many authentication failures [preauth]
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21365]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Invalid user user from 80.94.95.112
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: input_userauth_request: invalid user user [preauth]
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user user from 80.94.95.112 port 62916 ssh2
May  4 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user user from 80.94.95.112 port 62916 ssh2
May  4 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user user from 80.94.95.112 port 62916 ssh2
May  4 15:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user user from 80.94.95.112 port 62916 ssh2
May  4 15:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user user from 80.94.95.112 port 62916 ssh2
May  4 15:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Received disconnect from 80.94.95.112 port 62916:11: Bye [preauth]
May  4 15:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Disconnected from 80.94.95.112 port 62916 [preauth]
May  4 15:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 15:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user root
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session closed for user p13x
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: Successful su for rubyman by root
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: + ??? root:rubyman
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328232 of user rubyman.
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21602]: pam_unix(su:session): session closed for user rubyman
May  4 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328232.
May  4 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Invalid user emerald from 197.5.145.121
May  4 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: input_userauth_request: invalid user emerald [preauth]
May  4 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session closed for user root
May  4 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18817]: pam_unix(cron:session): session closed for user root
May  4 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Failed password for invalid user emerald from 197.5.145.121 port 36591 ssh2
May  4 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Received disconnect from 197.5.145.121 port 36591:11: Bye Bye [preauth]
May  4 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21680]: Disconnected from 197.5.145.121 port 36591 [preauth]
May  4 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21523]: pam_unix(cron:session): session closed for user samftp
May  4 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session closed for user root
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22335]: pam_unix(cron:session): session closed for user p13x
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22422]: Successful su for rubyman by root
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22422]: + ??? root:rubyman
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328235 of user rubyman.
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22422]: pam_unix(su:session): session closed for user rubyman
May  4 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328235.
May  4 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19224]: pam_unix(cron:session): session closed for user root
May  4 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session closed for user samftp
May  4 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Invalid user gns3 from 193.32.162.84
May  4 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: input_userauth_request: invalid user gns3 [preauth]
May  4 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.84
May  4 15:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Failed password for invalid user gns3 from 193.32.162.84 port 42062 ssh2
May  4 15:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Connection closed by 193.32.162.84 port 42062 [preauth]
May  4 15:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Did not receive identification string from 198.235.24.216
May  4 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21023]: pam_unix(cron:session): session closed for user root
May  4 15:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Invalid user ak from 152.206.118.154
May  4 15:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: input_userauth_request: invalid user ak [preauth]
May  4 15:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 15:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Failed password for invalid user ak from 152.206.118.154 port 33800 ssh2
May  4 15:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Received disconnect from 152.206.118.154 port 33800:11: Bye Bye [preauth]
May  4 15:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Disconnected from 152.206.118.154 port 33800 [preauth]
May  4 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22800]: pam_unix(cron:session): session closed for user p13x
May  4 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22875]: Successful su for rubyman by root
May  4 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22875]: + ??? root:rubyman
May  4 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328240 of user rubyman.
May  4 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22875]: pam_unix(su:session): session closed for user rubyman
May  4 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328240.
May  4 15:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19679]: pam_unix(cron:session): session closed for user root
May  4 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22801]: pam_unix(cron:session): session closed for user samftp
May  4 15:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session closed for user root
May  4 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23262]: pam_unix(cron:session): session closed for user p13x
May  4 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23412]: Successful su for rubyman by root
May  4 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23412]: + ??? root:rubyman
May  4 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328243 of user rubyman.
May  4 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23412]: pam_unix(su:session): session closed for user rubyman
May  4 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328243.
May  4 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session closed for user root
May  4 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23263]: pam_unix(cron:session): session closed for user samftp
May  4 15:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22339]: pam_unix(cron:session): session closed for user root
May  4 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: Invalid user admin from 64.226.117.59
May  4 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: input_userauth_request: invalid user admin [preauth]
May  4 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.117.59
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: Failed password for invalid user admin from 64.226.117.59 port 46636 ssh2
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session closed for user p13x
May  4 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23744]: Connection closed by 64.226.117.59 port 46636 [preauth]
May  4 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23922]: Successful su for rubyman by root
May  4 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23922]: + ??? root:rubyman
May  4 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328248 of user rubyman.
May  4 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23922]: pam_unix(su:session): session closed for user rubyman
May  4 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328248.
May  4 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session closed for user root
May  4 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23757]: pam_unix(cron:session): session closed for user samftp
May  4 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22803]: pam_unix(cron:session): session closed for user root
May  4 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Invalid user billing from 197.5.145.121
May  4 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: input_userauth_request: invalid user billing [preauth]
May  4 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Failed password for invalid user billing from 197.5.145.121 port 36592 ssh2
May  4 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Received disconnect from 197.5.145.121 port 36592:11: Bye Bye [preauth]
May  4 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: Disconnected from 197.5.145.121 port 36592 [preauth]
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24299]: pam_unix(cron:session): session closed for user root
May  4 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session closed for user p13x
May  4 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: Successful su for rubyman by root
May  4 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: + ??? root:rubyman
May  4 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328251 of user rubyman.
May  4 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: pam_unix(su:session): session closed for user rubyman
May  4 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328251.
May  4 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24296]: pam_unix(cron:session): session closed for user root
May  4 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21022]: pam_unix(cron:session): session closed for user root
May  4 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24295]: pam_unix(cron:session): session closed for user samftp
May  4 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23265]: pam_unix(cron:session): session closed for user root
May  4 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24732]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.48.24 port 56248
May  4 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session closed for user p13x
May  4 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: Successful su for rubyman by root
May  4 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: + ??? root:rubyman
May  4 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328259 of user rubyman.
May  4 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session closed for user rubyman
May  4 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328259.
May  4 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session closed for user root
May  4 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Did not receive identification string from 165.154.48.24
May  4 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Connection closed by 165.154.48.24 port 42042 [preauth]
May  4 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25016]: Protocol major versions differ for 165.154.48.24: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May  4 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session closed for user samftp
May  4 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23759]: pam_unix(cron:session): session closed for user root
May  4 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 15:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Failed password for root from 185.93.89.118 port 5512 ssh2
May  4 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Connection closed by 185.93.89.118 port 5512 [preauth]
May  4 15:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 15:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Failed password for root from 185.93.89.118 port 52238 ssh2
May  4 15:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25125]: Connection closed by 185.93.89.118 port 52238 [preauth]
May  4 15:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user p13x
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25263]: Successful su for rubyman by root
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25263]: + ??? root:rubyman
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328263 of user rubyman.
May  4 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25263]: pam_unix(su:session): session closed for user rubyman
May  4 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328263.
May  4 15:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session closed for user root
May  4 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session closed for user samftp
May  4 15:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 15:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Failed password for root from 185.93.89.118 port 42268 ssh2
May  4 15:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Connection closed by 185.93.89.118 port 42268 [preauth]
May  4 15:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25484]: Failed password for root from 152.206.118.154 port 52750 ssh2
May  4 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25484]: Received disconnect from 152.206.118.154 port 52750:11: Bye Bye [preauth]
May  4 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25484]: Disconnected from 152.206.118.154 port 52750 [preauth]
May  4 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24298]: pam_unix(cron:session): session closed for user root
May  4 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Failed password for root from 185.93.89.118 port 45590 ssh2
May  4 15:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Connection closed by 185.93.89.118 port 45590 [preauth]
May  4 15:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  4 15:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Failed password for root from 185.93.89.118 port 60026 ssh2
May  4 15:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25552]: Connection closed by 185.93.89.118 port 60026 [preauth]
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25615]: pam_unix(cron:session): session closed for user p13x
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: Successful su for rubyman by root
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: + ??? root:rubyman
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328265 of user rubyman.
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25680]: pam_unix(su:session): session closed for user rubyman
May  4 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328265.
May  4 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22802]: pam_unix(cron:session): session closed for user root
May  4 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user samftp
May  4 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session closed for user root
May  4 15:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Invalid user nima from 197.5.145.121
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: input_userauth_request: invalid user nima [preauth]
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26019]: pam_unix(cron:session): session closed for user p13x
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26134]: Successful su for rubyman by root
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26134]: + ??? root:rubyman
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328270 of user rubyman.
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26134]: pam_unix(su:session): session closed for user rubyman
May  4 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328270.
May  4 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Failed password for invalid user nima from 197.5.145.121 port 36593 ssh2
May  4 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user root
May  4 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Received disconnect from 197.5.145.121 port 36593:11: Bye Bye [preauth]
May  4 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Disconnected from 197.5.145.121 port 36593 [preauth]
May  4 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23264]: pam_unix(cron:session): session closed for user root
May  4 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user samftp
May  4 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25197]: pam_unix(cron:session): session closed for user root
May  4 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Invalid user christian from 80.94.95.241
May  4 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: input_userauth_request: invalid user christian [preauth]
May  4 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user christian from 80.94.95.241 port 54541 ssh2
May  4 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user christian from 80.94.95.241 port 54541 ssh2
May  4 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user christian from 80.94.95.241 port 54541 ssh2
May  4 15:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26597]: pam_unix(cron:session): session closed for user root
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session closed for user p13x
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user christian from 80.94.95.241 port 54541 ssh2
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: Successful su for rubyman by root
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: + ??? root:rubyman
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328274 of user rubyman.
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26660]: pam_unix(su:session): session closed for user rubyman
May  4 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328274.
May  4 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user christian from 80.94.95.241 port 54541 ssh2
May  4 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Received disconnect from 80.94.95.241 port 54541:11: Bye [preauth]
May  4 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Disconnected from 80.94.95.241 port 54541 [preauth]
May  4 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 15:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session closed for user root
May  4 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session closed for user root
May  4 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26593]: pam_unix(cron:session): session closed for user samftp
May  4 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Invalid user hadoop from 116.147.40.93
May  4 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: input_userauth_request: invalid user hadoop [preauth]
May  4 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Failed password for invalid user hadoop from 116.147.40.93 port 44586 ssh2
May  4 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Received disconnect from 116.147.40.93 port 44586:11: Bye Bye [preauth]
May  4 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26955]: Disconnected from 116.147.40.93 port 44586 [preauth]
May  4 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25618]: pam_unix(cron:session): session closed for user root
May  4 15:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  4 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Failed password for root from 50.235.31.47 port 33476 ssh2
May  4 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session closed for user p13x
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27070]: Connection closed by 50.235.31.47 port 33476 [preauth]
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: Successful su for rubyman by root
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: + ??? root:rubyman
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328280 of user rubyman.
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: pam_unix(su:session): session closed for user rubyman
May  4 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328280.
May  4 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24297]: pam_unix(cron:session): session closed for user root
May  4 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session closed for user samftp
May  4 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session closed for user root
May  4 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27564]: pam_unix(cron:session): session closed for user p13x
May  4 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: Successful su for rubyman by root
May  4 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: + ??? root:rubyman
May  4 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328284 of user rubyman.
May  4 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27626]: pam_unix(su:session): session closed for user rubyman
May  4 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328284.
May  4 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session closed for user root
May  4 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27565]: pam_unix(cron:session): session closed for user samftp
May  4 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26596]: pam_unix(cron:session): session closed for user root
May  4 15:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Failed password for root from 152.206.118.154 port 50078 ssh2
May  4 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Received disconnect from 152.206.118.154 port 50078:11: Bye Bye [preauth]
May  4 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Disconnected from 152.206.118.154 port 50078 [preauth]
May  4 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27969]: pam_unix(cron:session): session closed for user p13x
May  4 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: Successful su for rubyman by root
May  4 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: + ??? root:rubyman
May  4 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328289 of user rubyman.
May  4 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: pam_unix(su:session): session closed for user rubyman
May  4 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328289.
May  4 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25196]: pam_unix(cron:session): session closed for user root
May  4 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27971]: pam_unix(cron:session): session closed for user samftp
May  4 15:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Invalid user dms from 197.5.145.121
May  4 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: input_userauth_request: invalid user dms [preauth]
May  4 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Failed password for invalid user dms from 197.5.145.121 port 36594 ssh2
May  4 15:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Received disconnect from 197.5.145.121 port 36594:11: Bye Bye [preauth]
May  4 15:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Disconnected from 197.5.145.121 port 36594 [preauth]
May  4 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session closed for user root
May  4 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28367]: pam_unix(cron:session): session closed for user p13x
May  4 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28427]: Successful su for rubyman by root
May  4 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28427]: + ??? root:rubyman
May  4 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328293 of user rubyman.
May  4 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28427]: pam_unix(su:session): session closed for user rubyman
May  4 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328293.
May  4 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session closed for user root
May  4 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session closed for user samftp
May  4 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27567]: pam_unix(cron:session): session closed for user root
May  4 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28778]: pam_unix(cron:session): session closed for user root
May  4 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28773]: pam_unix(cron:session): session closed for user p13x
May  4 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: Successful su for rubyman by root
May  4 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: + ??? root:rubyman
May  4 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328301 of user rubyman.
May  4 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28842]: pam_unix(su:session): session closed for user rubyman
May  4 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328301.
May  4 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28775]: pam_unix(cron:session): session closed for user root
May  4 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session closed for user root
May  4 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28774]: pam_unix(cron:session): session closed for user samftp
May  4 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session closed for user root
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29307]: pam_unix(cron:session): session closed for user p13x
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29379]: Successful su for rubyman by root
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29379]: + ??? root:rubyman
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328302 of user rubyman.
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29379]: pam_unix(su:session): session closed for user rubyman
May  4 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328302.
May  4 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session closed for user root
May  4 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29308]: pam_unix(cron:session): session closed for user samftp
May  4 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session closed for user root
May  4 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session closed for user p13x
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: Successful su for rubyman by root
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: + ??? root:rubyman
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328306 of user rubyman.
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29784]: pam_unix(su:session): session closed for user rubyman
May  4 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328306.
May  4 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session closed for user root
May  4 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session closed for user samftp
May  4 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28777]: pam_unix(cron:session): session closed for user root
May  4 15:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Invalid user user from 197.5.145.121
May  4 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: input_userauth_request: invalid user user [preauth]
May  4 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Failed password for invalid user user from 197.5.145.121 port 36595 ssh2
May  4 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Received disconnect from 197.5.145.121 port 36595:11: Bye Bye [preauth]
May  4 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30117]: Disconnected from 197.5.145.121 port 36595 [preauth]
May  4 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session closed for user p13x
May  4 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: Successful su for rubyman by root
May  4 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: + ??? root:rubyman
May  4 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328310 of user rubyman.
May  4 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: pam_unix(su:session): session closed for user rubyman
May  4 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328310.
May  4 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27566]: pam_unix(cron:session): session closed for user root
May  4 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session closed for user samftp
May  4 15:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29310]: pam_unix(cron:session): session closed for user root
May  4 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Failed password for root from 152.206.118.154 port 38146 ssh2
May  4 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Received disconnect from 152.206.118.154 port 38146:11: Bye Bye [preauth]
May  4 15:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Disconnected from 152.206.118.154 port 38146 [preauth]
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user p13x
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30596]: Successful su for rubyman by root
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30596]: + ??? root:rubyman
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328316 of user rubyman.
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30596]: pam_unix(su:session): session closed for user rubyman
May  4 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328316.
May  4 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session closed for user root
May  4 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user samftp
May  4 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: Invalid user steamcmd from 46.244.96.25
May  4 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: input_userauth_request: invalid user steamcmd [preauth]
May  4 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: Failed password for invalid user steamcmd from 46.244.96.25 port 55396 ssh2
May  4 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30779]: Connection closed by 46.244.96.25 port 55396 [preauth]
May  4 15:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session closed for user root
May  4 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  4 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.140.249.122
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30946]: pam_unix(cron:session): session closed for user root
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30941]: pam_unix(cron:session): session closed for user p13x
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31011]: Successful su for rubyman by root
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31011]: + ??? root:rubyman
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328320 of user rubyman.
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31011]: pam_unix(su:session): session closed for user rubyman
May  4 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328320.
May  4 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30943]: pam_unix(cron:session): session closed for user root
May  4 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session closed for user root
May  4 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30942]: pam_unix(cron:session): session closed for user samftp
May  4 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session closed for user root
May  4 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31387]: pam_unix(cron:session): session closed for user p13x
May  4 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31453]: Successful su for rubyman by root
May  4 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31453]: + ??? root:rubyman
May  4 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328325 of user rubyman.
May  4 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31453]: pam_unix(su:session): session closed for user rubyman
May  4 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328325.
May  4 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28776]: pam_unix(cron:session): session closed for user root
May  4 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31388]: pam_unix(cron:session): session closed for user samftp
May  4 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 15:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: Failed password for root from 116.147.40.93 port 49382 ssh2
May  4 15:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: Received disconnect from 116.147.40.93 port 49382:11: Bye Bye [preauth]
May  4 15:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31687]: Disconnected from 116.147.40.93 port 49382 [preauth]
May  4 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30540]: pam_unix(cron:session): session closed for user root
May  4 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session closed for user p13x
May  4 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: Successful su for rubyman by root
May  4 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: + ??? root:rubyman
May  4 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328328 of user rubyman.
May  4 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31862]: pam_unix(su:session): session closed for user rubyman
May  4 15:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328328.
May  4 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29309]: pam_unix(cron:session): session closed for user root
May  4 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session closed for user samftp
May  4 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Invalid user admin from 139.19.117.131
May  4 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: input_userauth_request: invalid user admin [preauth]
May  4 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32059]: Connection closed by 139.19.117.131 port 55272 [preauth]
May  4 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: Invalid user alice from 197.5.145.121
May  4 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: input_userauth_request: invalid user alice [preauth]
May  4 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Invalid user taibabi from 116.147.40.93
May  4 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: input_userauth_request: invalid user taibabi [preauth]
May  4 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30945]: pam_unix(cron:session): session closed for user root
May  4 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: Failed password for invalid user alice from 197.5.145.121 port 36596 ssh2
May  4 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: Received disconnect from 197.5.145.121 port 36596:11: Bye Bye [preauth]
May  4 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32135]: Disconnected from 197.5.145.121 port 36596 [preauth]
May  4 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Failed password for invalid user taibabi from 116.147.40.93 port 41338 ssh2
May  4 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Received disconnect from 116.147.40.93 port 41338:11: Bye Bye [preauth]
May  4 15:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32137]: Disconnected from 116.147.40.93 port 41338 [preauth]
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session closed for user p13x
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32278]: Successful su for rubyman by root
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32278]: + ??? root:rubyman
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328333 of user rubyman.
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32278]: pam_unix(su:session): session closed for user rubyman
May  4 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328333.
May  4 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session closed for user root
May  4 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session closed for user samftp
May  4 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31390]: pam_unix(cron:session): session closed for user root
May  4 15:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Invalid user farid from 116.147.40.93
May  4 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: input_userauth_request: invalid user farid [preauth]
May  4 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 15:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Failed password for invalid user farid from 116.147.40.93 port 33292 ssh2
May  4 15:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Received disconnect from 116.147.40.93 port 33292:11: Bye Bye [preauth]
May  4 15:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32567]: Disconnected from 116.147.40.93 port 33292 [preauth]
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session closed for user p13x
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: Successful su for rubyman by root
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: + ??? root:rubyman
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328338 of user rubyman.
May  4 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[323]: pam_unix(su:session): session closed for user rubyman
May  4 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328338.
May  4 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session closed for user root
May  4 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session closed for user samftp
May  4 15:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Invalid user dima from 152.206.118.154
May  4 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: input_userauth_request: invalid user dima [preauth]
May  4 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Failed password for invalid user dima from 152.206.118.154 port 43654 ssh2
May  4 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Received disconnect from 152.206.118.154 port 43654:11: Bye Bye [preauth]
May  4 15:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Disconnected from 152.206.118.154 port 43654 [preauth]
May  4 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session closed for user root
May  4 15:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Failed password for root from 116.147.40.93 port 53476 ssh2
May  4 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Received disconnect from 116.147.40.93 port 53476:11: Bye Bye [preauth]
May  4 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Disconnected from 116.147.40.93 port 53476 [preauth]
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[716]: pam_unix(cron:session): session closed for user root
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[711]: pam_unix(cron:session): session closed for user p13x
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: Successful su for rubyman by root
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: + ??? root:rubyman
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328342 of user rubyman.
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: pam_unix(su:session): session closed for user rubyman
May  4 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328342.
May  4 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session closed for user root
May  4 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30539]: pam_unix(cron:session): session closed for user root
May  4 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[712]: pam_unix(cron:session): session closed for user samftp
May  4 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session closed for user root
May  4 15:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Invalid user mayank from 176.31.162.135
May  4 15:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: input_userauth_request: invalid user mayank [preauth]
May  4 15:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Failed password for invalid user mayank from 176.31.162.135 port 56854 ssh2
May  4 15:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Connection closed by 176.31.162.135 port 56854 [preauth]
May  4 15:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Invalid user marc from 116.147.40.93
May  4 15:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: input_userauth_request: invalid user marc [preauth]
May  4 15:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 15:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Failed password for invalid user marc from 116.147.40.93 port 45432 ssh2
May  4 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Received disconnect from 116.147.40.93 port 45432:11: Bye Bye [preauth]
May  4 15:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Disconnected from 116.147.40.93 port 45432 [preauth]
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session closed for user p13x
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1263]: Successful su for rubyman by root
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1263]: + ??? root:rubyman
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328346 of user rubyman.
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1263]: pam_unix(su:session): session closed for user rubyman
May  4 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328346.
May  4 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session closed for user root
May  4 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1171]: pam_unix(cron:session): session closed for user samftp
May  4 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32727]: pam_unix(cron:session): session closed for user root
May  4 15:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Failed password for root from 116.147.40.93 port 37384 ssh2
May  4 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Received disconnect from 116.147.40.93 port 37384:11: Bye Bye [preauth]
May  4 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Disconnected from 116.147.40.93 port 37384 [preauth]
May  4 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Failed password for root from 197.5.145.121 port 36597 ssh2
May  4 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Received disconnect from 197.5.145.121 port 36597:11: Bye Bye [preauth]
May  4 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Disconnected from 197.5.145.121 port 36597 [preauth]
May  4 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session closed for user p13x
May  4 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1731]: Successful su for rubyman by root
May  4 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1731]: + ??? root:rubyman
May  4 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328351 of user rubyman.
May  4 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1731]: pam_unix(su:session): session closed for user rubyman
May  4 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328351.
May  4 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31389]: pam_unix(cron:session): session closed for user root
May  4 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session closed for user samftp
May  4 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[715]: pam_unix(cron:session): session closed for user root
May  4 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Invalid user user from 116.147.40.93
May  4 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: input_userauth_request: invalid user user [preauth]
May  4 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session closed for user p13x
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2222]: Successful su for rubyman by root
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2222]: + ??? root:rubyman
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328354 of user rubyman.
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2222]: pam_unix(su:session): session closed for user rubyman
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328354.
May  4 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Failed password for invalid user user from 116.147.40.93 port 57576 ssh2
May  4 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Received disconnect from 116.147.40.93 port 57576:11: Bye Bye [preauth]
May  4 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Disconnected from 116.147.40.93 port 57576 [preauth]
May  4 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session closed for user root
May  4 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2163]: pam_unix(cron:session): session closed for user samftp
May  4 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user N from 195.178.110.50
May  4 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user N [preauth]
May  4 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user N from 195.178.110.50 port 44418 ssh2
May  4 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 195.178.110.50 port 44418 [preauth]
May  4 15:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Invalid user y from 195.178.110.50
May  4 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: input_userauth_request: invalid user y [preauth]
May  4 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Failed password for invalid user y from 195.178.110.50 port 7342 ssh2
May  4 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1173]: pam_unix(cron:session): session closed for user root
May  4 15:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Connection closed by 195.178.110.50 port 7342 [preauth]
May  4 15:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: Invalid user F from 195.178.110.50
May  4 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: input_userauth_request: invalid user F [preauth]
May  4 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: Failed password for invalid user F from 195.178.110.50 port 30822 ssh2
May  4 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: Connection closed by 195.178.110.50 port 30822 [preauth]
May  4 15:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session closed for user p13x
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2651]: Successful su for rubyman by root
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2651]: + ??? root:rubyman
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328360 of user rubyman.
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2651]: pam_unix(su:session): session closed for user rubyman
May  4 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328360.
May  4 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session closed for user root
May  4 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Invalid user q from 195.178.110.50
May  4 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: input_userauth_request: invalid user q [preauth]
May  4 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session closed for user samftp
May  4 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for root from 116.147.40.93 port 49528 ssh2
May  4 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Received disconnect from 116.147.40.93 port 49528:11: Bye Bye [preauth]
May  4 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Disconnected from 116.147.40.93 port 49528 [preauth]
May  4 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Failed password for invalid user q from 195.178.110.50 port 30278 ssh2
May  4 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Connection closed by 195.178.110.50 port 30278 [preauth]
May  4 15:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Invalid user > from 195.178.110.50
May  4 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: input_userauth_request: invalid user > [preauth]
May  4 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: pam_unix(sshd:auth): check pass; user unknown
May  4 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Failed password for invalid user > from 195.178.110.50 port 36282 ssh2
May  4 15:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2865]: Connection closed by 195.178.110.50 port 36282 [preauth]
May  4 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session closed for user root
May  4 15:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 15:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: Failed password for root from 152.206.118.154 port 35846 ssh2
May  4 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: Received disconnect from 152.206.118.154 port 35846:11: Bye Bye [preauth]
May  4 16:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3010]: Disconnected from 152.206.118.154 port 35846 [preauth]
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session closed for user root
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session closed for user root
May  4 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session closed for user p13x
May  4 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3112]: Successful su for rubyman by root
May  4 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3112]: + ??? root:rubyman
May  4 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328368 of user rubyman.
May  4 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3112]: pam_unix(su:session): session closed for user rubyman
May  4 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328368.
May  4 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3026]: pam_unix(cron:session): session closed for user root
May  4 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session closed for user root
May  4 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Invalid user taibabi from 116.147.40.93
May  4 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: input_userauth_request: invalid user taibabi [preauth]
May  4 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session closed for user samftp
May  4 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Failed password for invalid user taibabi from 116.147.40.93 port 41488 ssh2
May  4 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Received disconnect from 116.147.40.93 port 41488:11: Bye Bye [preauth]
May  4 16:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Disconnected from 116.147.40.93 port 41488 [preauth]
May  4 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2165]: pam_unix(cron:session): session closed for user root
May  4 16:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3517]: Connection reset by 218.92.0.207 port 30188 [preauth]
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session closed for user p13x
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: Successful su for rubyman by root
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: + ??? root:rubyman
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328369 of user rubyman.
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3647]: pam_unix(su:session): session closed for user rubyman
May  4 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328369.
May  4 16:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session closed for user root
May  4 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session closed for user samftp
May  4 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Invalid user monitor from 116.147.40.93
May  4 16:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: input_userauth_request: invalid user monitor [preauth]
May  4 16:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Failed password for invalid user monitor from 116.147.40.93 port 33440 ssh2
May  4 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Received disconnect from 116.147.40.93 port 33440:11: Bye Bye [preauth]
May  4 16:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Disconnected from 116.147.40.93 port 33440 [preauth]
May  4 16:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Invalid user amule from 197.5.145.121
May  4 16:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: input_userauth_request: invalid user amule [preauth]
May  4 16:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 16:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Failed password for invalid user amule from 197.5.145.121 port 36598 ssh2
May  4 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Received disconnect from 197.5.145.121 port 36598:11: Bye Bye [preauth]
May  4 16:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3859]: Disconnected from 197.5.145.121 port 36598 [preauth]
May  4 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session closed for user root
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4016]: pam_unix(cron:session): session closed for user p13x
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: Successful su for rubyman by root
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: + ??? root:rubyman
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328375 of user rubyman.
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: pam_unix(su:session): session closed for user rubyman
May  4 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328375.
May  4 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1172]: pam_unix(cron:session): session closed for user root
May  4 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session closed for user samftp
May  4 16:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Invalid user odoo17 from 116.147.40.93
May  4 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: input_userauth_request: invalid user odoo17 [preauth]
May  4 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Failed password for invalid user odoo17 from 116.147.40.93 port 53628 ssh2
May  4 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Received disconnect from 116.147.40.93 port 53628:11: Bye Bye [preauth]
May  4 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4381]: Disconnected from 116.147.40.93 port 53628 [preauth]
May  4 16:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Invalid user uatuser from 193.70.84.184
May  4 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: input_userauth_request: invalid user uatuser [preauth]
May  4 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 16:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user uatuser from 193.70.84.184 port 57882 ssh2
May  4 16:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Connection closed by 193.70.84.184 port 57882 [preauth]
May  4 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3028]: pam_unix(cron:session): session closed for user root
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4592]: pam_unix(cron:session): session closed for user p13x
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: Successful su for rubyman by root
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: + ??? root:rubyman
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328378 of user rubyman.
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: pam_unix(su:session): session closed for user rubyman
May  4 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328378.
May  4 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session closed for user root
May  4 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4593]: pam_unix(cron:session): session closed for user samftp
May  4 16:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: Invalid user dmdba from 116.147.40.93
May  4 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: input_userauth_request: invalid user dmdba [preauth]
May  4 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: Failed password for invalid user dmdba from 116.147.40.93 port 45582 ssh2
May  4 16:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: Received disconnect from 116.147.40.93 port 45582:11: Bye Bye [preauth]
May  4 16:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4882]: Disconnected from 116.147.40.93 port 45582 [preauth]
May  4 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session closed for user root
May  4 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5192]: pam_unix(cron:session): session closed for user p13x
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: Successful su for rubyman by root
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: + ??? root:rubyman
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328381 of user rubyman.
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5264]: pam_unix(su:session): session closed for user rubyman
May  4 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328381.
May  4 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2164]: pam_unix(cron:session): session closed for user root
May  4 16:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5193]: pam_unix(cron:session): session closed for user samftp
May  4 16:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 16:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for root from 116.147.40.93 port 37538 ssh2
May  4 16:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Received disconnect from 116.147.40.93 port 37538:11: Bye Bye [preauth]
May  4 16:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Disconnected from 116.147.40.93 port 37538 [preauth]
May  4 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4019]: pam_unix(cron:session): session closed for user root
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5668]: pam_unix(cron:session): session closed for user root
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5663]: pam_unix(cron:session): session closed for user p13x
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: Successful su for rubyman by root
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: + ??? root:rubyman
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328386 of user rubyman.
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: pam_unix(su:session): session closed for user rubyman
May  4 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328386.
May  4 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5665]: pam_unix(cron:session): session closed for user root
May  4 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session closed for user root
May  4 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5664]: pam_unix(cron:session): session closed for user samftp
May  4 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Invalid user homepage from 116.147.40.93
May  4 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: input_userauth_request: invalid user homepage [preauth]
May  4 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Failed password for invalid user homepage from 116.147.40.93 port 57724 ssh2
May  4 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Received disconnect from 116.147.40.93 port 57724:11: Bye Bye [preauth]
May  4 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Disconnected from 116.147.40.93 port 57724 [preauth]
May  4 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session closed for user root
May  4 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 16:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Failed password for root from 152.206.118.154 port 60106 ssh2
May  4 16:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Received disconnect from 152.206.118.154 port 60106:11: Bye Bye [preauth]
May  4 16:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Disconnected from 152.206.118.154 port 60106 [preauth]
May  4 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Failed password for root from 197.5.145.121 port 36599 ssh2
May  4 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Received disconnect from 197.5.145.121 port 36599:11: Bye Bye [preauth]
May  4 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Disconnected from 197.5.145.121 port 36599 [preauth]
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session closed for user p13x
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: Successful su for rubyman by root
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: + ??? root:rubyman
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328391 of user rubyman.
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6280]: pam_unix(su:session): session closed for user rubyman
May  4 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328391.
May  4 16:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3027]: pam_unix(cron:session): session closed for user root
May  4 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session closed for user samftp
May  4 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5195]: pam_unix(cron:session): session closed for user root
May  4 16:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 16:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Failed password for root from 116.147.40.93 port 49680 ssh2
May  4 16:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Received disconnect from 116.147.40.93 port 49680:11: Bye Bye [preauth]
May  4 16:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6545]: Disconnected from 116.147.40.93 port 49680 [preauth]
May  4 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: Invalid user angel from 190.103.202.7
May  4 16:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: input_userauth_request: invalid user angel [preauth]
May  4 16:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 16:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: Failed password for invalid user angel from 190.103.202.7 port 59256 ssh2
May  4 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: Connection closed by 190.103.202.7 port 59256 [preauth]
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user p13x
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: Successful su for rubyman by root
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: + ??? root:rubyman
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328396 of user rubyman.
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: pam_unix(su:session): session closed for user rubyman
May  4 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328396.
May  4 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session closed for user root
May  4 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session closed for user samftp
May  4 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Invalid user gakusei from 164.177.31.66
May  4 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: input_userauth_request: invalid user gakusei [preauth]
May  4 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Failed password for invalid user gakusei from 164.177.31.66 port 34922 ssh2
May  4 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Received disconnect from 164.177.31.66 port 34922:11: Bye Bye [preauth]
May  4 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Disconnected from 164.177.31.66 port 34922 [preauth]
May  4 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5667]: pam_unix(cron:session): session closed for user root
May  4 16:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 16:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Failed password for root from 116.147.40.93 port 41634 ssh2
May  4 16:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Received disconnect from 116.147.40.93 port 41634:11: Bye Bye [preauth]
May  4 16:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Disconnected from 116.147.40.93 port 41634 [preauth]
May  4 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7135]: pam_unix(cron:session): session closed for user p13x
May  4 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: Successful su for rubyman by root
May  4 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: + ??? root:rubyman
May  4 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328399 of user rubyman.
May  4 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: pam_unix(su:session): session closed for user rubyman
May  4 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328399.
May  4 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4018]: pam_unix(cron:session): session closed for user root
May  4 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user samftp
May  4 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session closed for user root
May  4 16:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Invalid user oracle from 116.147.40.93
May  4 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: input_userauth_request: invalid user oracle [preauth]
May  4 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Failed password for invalid user oracle from 116.147.40.93 port 33592 ssh2
May  4 16:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Received disconnect from 116.147.40.93 port 33592:11: Bye Bye [preauth]
May  4 16:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7602]: Disconnected from 116.147.40.93 port 33592 [preauth]
May  4 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7637]: pam_unix(cron:session): session closed for user p13x
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: Successful su for rubyman by root
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: + ??? root:rubyman
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328404 of user rubyman.
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session closed for user rubyman
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328404.
May  4 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7635]: pam_unix(cron:session): session closed for user root
May  4 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4594]: pam_unix(cron:session): session closed for user root
May  4 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7639]: pam_unix(cron:session): session closed for user samftp
May  4 16:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user root
May  4 16:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  4 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Failed password for root from 116.147.40.93 port 53776 ssh2
May  4 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Received disconnect from 116.147.40.93 port 53776:11: Bye Bye [preauth]
May  4 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8158]: Disconnected from 116.147.40.93 port 53776 [preauth]
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8177]: pam_unix(cron:session): session closed for user root
May  4 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8171]: pam_unix(cron:session): session closed for user p13x
May  4 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: Successful su for rubyman by root
May  4 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: + ??? root:rubyman
May  4 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328411 of user rubyman.
May  4 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8250]: pam_unix(su:session): session closed for user rubyman
May  4 16:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328411.
May  4 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8173]: pam_unix(cron:session): session closed for user root
May  4 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5194]: pam_unix(cron:session): session closed for user root
May  4 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8172]: pam_unix(cron:session): session closed for user samftp
May  4 16:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 16:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8530]: Failed password for root from 197.5.145.121 port 36600 ssh2
May  4 16:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8530]: Received disconnect from 197.5.145.121 port 36600:11: Bye Bye [preauth]
May  4 16:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8530]: Disconnected from 197.5.145.121 port 36600 [preauth]
May  4 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7138]: pam_unix(cron:session): session closed for user root
May  4 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session closed for user p13x
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: Successful su for rubyman by root
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: + ??? root:rubyman
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328416 of user rubyman.
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8718]: pam_unix(su:session): session closed for user rubyman
May  4 16:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328416.
May  4 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: Invalid user zy from 116.147.40.93
May  4 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: input_userauth_request: invalid user zy [preauth]
May  4 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5666]: pam_unix(cron:session): session closed for user root
May  4 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: Failed password for invalid user zy from 116.147.40.93 port 45734 ssh2
May  4 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: Received disconnect from 116.147.40.93 port 45734:11: Bye Bye [preauth]
May  4 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8711]: Disconnected from 116.147.40.93 port 45734 [preauth]
May  4 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session closed for user samftp
May  4 16:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: Failed password for root from 152.206.118.154 port 52348 ssh2
May  4 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: Received disconnect from 152.206.118.154 port 52348:11: Bye Bye [preauth]
May  4 16:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: Disconnected from 152.206.118.154 port 52348 [preauth]
May  4 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session closed for user root
May  4 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session closed for user p13x
May  4 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9211]: Successful su for rubyman by root
May  4 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9211]: + ??? root:rubyman
May  4 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328418 of user rubyman.
May  4 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9211]: pam_unix(su:session): session closed for user rubyman
May  4 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328418.
May  4 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session closed for user root
May  4 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9061]: pam_unix(cron:session): session closed for user samftp
May  4 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Invalid user rony from 116.147.40.93
May  4 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: input_userauth_request: invalid user rony [preauth]
May  4 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  4 16:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Failed password for invalid user rony from 116.147.40.93 port 37684 ssh2
May  4 16:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Received disconnect from 116.147.40.93 port 37684:11: Bye Bye [preauth]
May  4 16:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Disconnected from 116.147.40.93 port 37684 [preauth]
May  4 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session closed for user root
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9577]: pam_unix(cron:session): session closed for user p13x
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: Successful su for rubyman by root
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: + ??? root:rubyman
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328422 of user rubyman.
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9638]: pam_unix(su:session): session closed for user rubyman
May  4 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328422.
May  4 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user root
May  4 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9578]: pam_unix(cron:session): session closed for user samftp
May  4 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8631]: pam_unix(cron:session): session closed for user root
May  4 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9983]: pam_unix(cron:session): session closed for user p13x
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10045]: Successful su for rubyman by root
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10045]: + ??? root:rubyman
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328427 of user rubyman.
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10045]: pam_unix(su:session): session closed for user rubyman
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328427.
May  4 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: Invalid user users from 164.68.105.9
May  4 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: input_userauth_request: invalid user users [preauth]
May  4 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: Failed password for invalid user users from 164.68.105.9 port 34338 ssh2
May  4 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user root
May  4 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10072]: Connection closed by 164.68.105.9 port 34338 [preauth]
May  4 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9984]: pam_unix(cron:session): session closed for user samftp
May  4 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session closed for user root
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session closed for user root
May  4 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10481]: pam_unix(cron:session): session closed for user p13x
May  4 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: Successful su for rubyman by root
May  4 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: + ??? root:rubyman
May  4 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328435 of user rubyman.
May  4 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: pam_unix(su:session): session closed for user rubyman
May  4 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328435.
May  4 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10483]: pam_unix(cron:session): session closed for user root
May  4 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session closed for user root
May  4 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Invalid user delme from 197.5.145.121
May  4 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: input_userauth_request: invalid user delme [preauth]
May  4 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10482]: pam_unix(cron:session): session closed for user samftp
May  4 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Failed password for invalid user delme from 197.5.145.121 port 36601 ssh2
May  4 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Received disconnect from 197.5.145.121 port 36601:11: Bye Bye [preauth]
May  4 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Disconnected from 197.5.145.121 port 36601 [preauth]
May  4 16:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 16:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Failed password for root from 164.177.31.66 port 39850 ssh2
May  4 16:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Received disconnect from 164.177.31.66 port 39850:11: Bye Bye [preauth]
May  4 16:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10881]: Disconnected from 164.177.31.66 port 39850 [preauth]
May  4 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9580]: pam_unix(cron:session): session closed for user root
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user p13x
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: Successful su for rubyman by root
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: + ??? root:rubyman
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328437 of user rubyman.
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11041]: pam_unix(su:session): session closed for user rubyman
May  4 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328437.
May  4 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session closed for user root
May  4 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10974]: pam_unix(cron:session): session closed for user samftp
May  4 16:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 16:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for root from 218.92.0.207 port 28894 ssh2
May  4 16:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for root from 218.92.0.207 port 28894 ssh2
May  4 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Received disconnect from 218.92.0.207 port 28894:11:  [preauth]
May  4 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Disconnected from 218.92.0.207 port 28894 [preauth]
May  4 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9986]: pam_unix(cron:session): session closed for user root
May  4 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: Failed password for root from 218.92.0.207 port 36332 ssh2
May  4 16:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: message repeated 5 times: [ Failed password for root from 218.92.0.207 port 36332 ssh2]
May  4 16:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 36332 ssh2 [preauth]
May  4 16:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: Disconnecting: Too many authentication failures [preauth]
May  4 16:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 16:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11316]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 16:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for root from 218.92.0.207 port 51226 ssh2
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11373]: pam_unix(cron:session): session closed for user root
May  4 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11375]: pam_unix(cron:session): session closed for user p13x
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11442]: Successful su for rubyman by root
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11442]: + ??? root:rubyman
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328440 of user rubyman.
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11442]: pam_unix(su:session): session closed for user rubyman
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328440.
May  4 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for root from 218.92.0.207 port 51226 ssh2
May  4 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8629]: pam_unix(cron:session): session closed for user root
May  4 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for root from 218.92.0.207 port 51226 ssh2
May  4 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11376]: pam_unix(cron:session): session closed for user samftp
May  4 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Failed password for root from 218.92.0.207 port 51226 ssh2
May  4 16:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Received disconnect from 218.92.0.207 port 51226:11:  [preauth]
May  4 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: Disconnected from 218.92.0.207 port 51226 [preauth]
May  4 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 16:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11363]: PAM service(sshd) ignoring max retries; 4 > 3
May  4 16:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Failed password for root from 152.206.118.154 port 59184 ssh2
May  4 16:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Received disconnect from 152.206.118.154 port 59184:11: Bye Bye [preauth]
May  4 16:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Disconnected from 152.206.118.154 port 59184 [preauth]
May  4 16:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10485]: pam_unix(cron:session): session closed for user root
May  4 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11785]: pam_unix(cron:session): session closed for user p13x
May  4 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: Successful su for rubyman by root
May  4 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: + ??? root:rubyman
May  4 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328446 of user rubyman.
May  4 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11848]: pam_unix(su:session): session closed for user rubyman
May  4 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328446.
May  4 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9062]: pam_unix(cron:session): session closed for user root
May  4 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11786]: pam_unix(cron:session): session closed for user samftp
May  4 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10976]: pam_unix(cron:session): session closed for user root
May  4 16:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 16:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Failed password for root from 190.103.202.7 port 56956 ssh2
May  4 16:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12146]: Connection closed by 190.103.202.7 port 56956 [preauth]
May  4 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12169]: pam_unix(cron:session): session closed for user p13x
May  4 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: Successful su for rubyman by root
May  4 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: + ??? root:rubyman
May  4 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328449 of user rubyman.
May  4 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12232]: pam_unix(su:session): session closed for user rubyman
May  4 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328449.
May  4 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9579]: pam_unix(cron:session): session closed for user root
May  4 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12170]: pam_unix(cron:session): session closed for user samftp
May  4 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11378]: pam_unix(cron:session): session closed for user root
May  4 16:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Invalid user ubuntu from 197.5.145.121
May  4 16:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: input_userauth_request: invalid user ubuntu [preauth]
May  4 16:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Failed password for invalid user ubuntu from 197.5.145.121 port 36602 ssh2
May  4 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Received disconnect from 197.5.145.121 port 36602:11: Bye Bye [preauth]
May  4 16:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12520]: Disconnected from 197.5.145.121 port 36602 [preauth]
May  4 16:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 16:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Failed password for root from 164.177.31.66 port 51172 ssh2
May  4 16:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Received disconnect from 164.177.31.66 port 51172:11: Bye Bye [preauth]
May  4 16:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Disconnected from 164.177.31.66 port 51172 [preauth]
May  4 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session closed for user root
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12576]: pam_unix(cron:session): session closed for user p13x
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: Successful su for rubyman by root
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: + ??? root:rubyman
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328458 of user rubyman.
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12645]: pam_unix(su:session): session closed for user rubyman
May  4 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328458.
May  4 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9985]: pam_unix(cron:session): session closed for user root
May  4 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12578]: pam_unix(cron:session): session closed for user root
May  4 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12577]: pam_unix(cron:session): session closed for user samftp
May  4 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11788]: pam_unix(cron:session): session closed for user root
May  4 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user p13x
May  4 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: Successful su for rubyman by root
May  4 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: + ??? root:rubyman
May  4 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328461 of user rubyman.
May  4 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13069]: pam_unix(su:session): session closed for user rubyman
May  4 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328461.
May  4 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session closed for user root
May  4 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session closed for user samftp
May  4 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session closed for user root
May  4 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Invalid user suporte from 50.235.31.47
May  4 16:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: input_userauth_request: invalid user suporte [preauth]
May  4 16:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Failed password for invalid user suporte from 50.235.31.47 port 34216 ssh2
May  4 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13389]: Connection closed by 50.235.31.47 port 34216 [preauth]
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13407]: pam_unix(cron:session): session closed for user p13x
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13565]: Successful su for rubyman by root
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13565]: + ??? root:rubyman
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328463 of user rubyman.
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13565]: pam_unix(su:session): session closed for user rubyman
May  4 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328463.
May  4 16:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user root
May  4 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13408]: pam_unix(cron:session): session closed for user samftp
May  4 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12580]: pam_unix(cron:session): session closed for user root
May  4 16:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Invalid user zzz from 152.206.118.154
May  4 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: input_userauth_request: invalid user zzz [preauth]
May  4 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 16:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Failed password for invalid user zzz from 152.206.118.154 port 53368 ssh2
May  4 16:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Received disconnect from 152.206.118.154 port 53368:11: Bye Bye [preauth]
May  4 16:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Disconnected from 152.206.118.154 port 53368 [preauth]
May  4 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13909]: pam_unix(cron:session): session closed for user p13x
May  4 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: Successful su for rubyman by root
May  4 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: + ??? root:rubyman
May  4 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328467 of user rubyman.
May  4 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13978]: pam_unix(su:session): session closed for user rubyman
May  4 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328467.
May  4 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11377]: pam_unix(cron:session): session closed for user root
May  4 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session closed for user samftp
May  4 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session closed for user root
May  4 16:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Invalid user stefanos from 117.50.119.17
May  4 16:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: input_userauth_request: invalid user stefanos [preauth]
May  4 16:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.119.17
May  4 16:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Failed password for invalid user stefanos from 117.50.119.17 port 56250 ssh2
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session closed for user p13x
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: Successful su for rubyman by root
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: + ??? root:rubyman
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328472 of user rubyman.
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14377]: pam_unix(su:session): session closed for user rubyman
May  4 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328472.
May  4 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session closed for user root
May  4 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Invalid user piso from 197.5.145.121
May  4 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: input_userauth_request: invalid user piso [preauth]
May  4 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session closed for user samftp
May  4 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Failed password for invalid user piso from 197.5.145.121 port 36603 ssh2
May  4 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Received disconnect from 197.5.145.121 port 36603:11: Bye Bye [preauth]
May  4 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14517]: Disconnected from 197.5.145.121 port 36603 [preauth]
May  4 16:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Invalid user admin from 80.94.95.112
May  4 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: input_userauth_request: invalid user admin [preauth]
May  4 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 16:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user admin from 80.94.95.112 port 56392 ssh2
May  4 16:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user admin from 80.94.95.112 port 56392 ssh2
May  4 16:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user root
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user admin from 80.94.95.112 port 56392 ssh2
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Invalid user ubuntu from 164.177.31.66
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: input_userauth_request: invalid user ubuntu [preauth]
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user admin from 80.94.95.112 port 56392 ssh2
May  4 16:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Failed password for invalid user ubuntu from 164.177.31.66 port 45126 ssh2
May  4 16:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Received disconnect from 164.177.31.66 port 45126:11: Bye Bye [preauth]
May  4 16:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14649]: Disconnected from 164.177.31.66 port 45126 [preauth]
May  4 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user admin from 80.94.95.112 port 56392 ssh2
May  4 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Received disconnect from 80.94.95.112 port 56392:11: Bye [preauth]
May  4 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Disconnected from 80.94.95.112 port 56392 [preauth]
May  4 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 16:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session closed for user root
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14725]: pam_unix(cron:session): session closed for user p13x
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14792]: Successful su for rubyman by root
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14792]: + ??? root:rubyman
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328476 of user rubyman.
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14792]: pam_unix(su:session): session closed for user rubyman
May  4 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328476.
May  4 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14727]: pam_unix(cron:session): session closed for user root
May  4 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user root
May  4 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14726]: pam_unix(cron:session): session closed for user samftp
May  4 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15034]: Did not receive identification string from 45.116.79.13
May  4 16:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: Did not receive identification string from 45.116.79.13
May  4 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session closed for user root
May  4 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15155]: pam_unix(cron:session): session closed for user p13x
May  4 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: Successful su for rubyman by root
May  4 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: + ??? root:rubyman
May  4 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328482 of user rubyman.
May  4 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15220]: pam_unix(su:session): session closed for user rubyman
May  4 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328482.
May  4 16:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15357]: Did not receive identification string from 193.32.162.185
May  4 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12579]: pam_unix(cron:session): session closed for user root
May  4 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15156]: pam_unix(cron:session): session closed for user samftp
May  4 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user root
May  4 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  4 16:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Failed password for root from 80.94.95.29 port 25972 ssh2
May  4 16:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 25972 ssh2]
May  4 16:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Received disconnect from 80.94.95.29 port 25972:11: Bye [preauth]
May  4 16:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Disconnected from 80.94.95.29 port 25972 [preauth]
May  4 16:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  4 16:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session closed for user p13x
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: Successful su for rubyman by root
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: + ??? root:rubyman
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328485 of user rubyman.
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15620]: pam_unix(su:session): session closed for user rubyman
May  4 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328485.
May  4 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session closed for user root
May  4 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15559]: pam_unix(cron:session): session closed for user samftp
May  4 16:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14729]: pam_unix(cron:session): session closed for user root
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15952]: pam_unix(cron:session): session closed for user p13x
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: Successful su for rubyman by root
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: + ??? root:rubyman
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328489 of user rubyman.
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16010]: pam_unix(su:session): session closed for user rubyman
May  4 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328489.
May  4 16:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13410]: pam_unix(cron:session): session closed for user root
May  4 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session closed for user samftp
May  4 16:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Failed password for root from 197.5.145.121 port 36604 ssh2
May  4 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Received disconnect from 197.5.145.121 port 36604:11: Bye Bye [preauth]
May  4 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Disconnected from 197.5.145.121 port 36604 [preauth]
May  4 16:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154  user=root
May  4 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Failed password for root from 152.206.118.154 port 38058 ssh2
May  4 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15158]: pam_unix(cron:session): session closed for user root
May  4 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Received disconnect from 152.206.118.154 port 38058:11: Bye Bye [preauth]
May  4 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16246]: Disconnected from 152.206.118.154 port 38058 [preauth]
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16329]: pam_unix(cron:session): session closed for user p13x
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: Successful su for rubyman by root
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: + ??? root:rubyman
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328494 of user rubyman.
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16386]: pam_unix(su:session): session closed for user rubyman
May  4 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328494.
May  4 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session closed for user root
May  4 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session closed for user samftp
May  4 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Invalid user user from 164.177.31.66
May  4 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: input_userauth_request: invalid user user [preauth]
May  4 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Failed password for invalid user user from 164.177.31.66 port 49806 ssh2
May  4 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Received disconnect from 164.177.31.66 port 49806:11: Bye Bye [preauth]
May  4 16:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Disconnected from 164.177.31.66 port 49806 [preauth]
May  4 16:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session closed for user root
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16793]: pam_unix(cron:session): session closed for user root
May  4 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user p13x
May  4 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16854]: Successful su for rubyman by root
May  4 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16854]: + ??? root:rubyman
May  4 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328498 of user rubyman.
May  4 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16854]: pam_unix(su:session): session closed for user rubyman
May  4 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328498.
May  4 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session closed for user root
May  4 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user root
May  4 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user samftp
May  4 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user root
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session closed for user p13x
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: Successful su for rubyman by root
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: + ??? root:rubyman
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328506 of user rubyman.
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17313]: pam_unix(su:session): session closed for user rubyman
May  4 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328506.
May  4 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14728]: pam_unix(cron:session): session closed for user root
May  4 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session closed for user samftp
May  4 16:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session closed for user root
May  4 16:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  4 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17637]: Failed password for root from 218.92.0.203 port 47088 ssh2
May  4 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session closed for user p13x
May  4 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: Successful su for rubyman by root
May  4 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: + ??? root:rubyman
May  4 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328508 of user rubyman.
May  4 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17727]: pam_unix(su:session): session closed for user rubyman
May  4 16:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328508.
May  4 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15157]: pam_unix(cron:session): session closed for user root
May  4 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17663]: pam_unix(cron:session): session closed for user samftp
May  4 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  4 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Failed password for root from 218.92.0.203 port 55124 ssh2
May  4 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16792]: pam_unix(cron:session): session closed for user root
May  4 16:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.119.17  user=root
May  4 16:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18158]: Failed password for root from 117.50.119.17 port 59854 ssh2
May  4 16:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: Invalid user gecko from 197.5.145.121
May  4 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: input_userauth_request: invalid user gecko [preauth]
May  4 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121
May  4 16:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: Failed password for invalid user gecko from 197.5.145.121 port 36605 ssh2
May  4 16:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: Received disconnect from 197.5.145.121 port 36605:11: Bye Bye [preauth]
May  4 16:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18185]: Disconnected from 197.5.145.121 port 36605 [preauth]
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18204]: pam_unix(cron:session): session closed for user p13x
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: Successful su for rubyman by root
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: + ??? root:rubyman
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328513 of user rubyman.
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: pam_unix(su:session): session closed for user rubyman
May  4 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328513.
May  4 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session closed for user root
May  4 16:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18205]: pam_unix(cron:session): session closed for user samftp
May  4 16:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 16:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Failed password for root from 164.177.31.66 port 45434 ssh2
May  4 16:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Received disconnect from 164.177.31.66 port 45434:11: Bye Bye [preauth]
May  4 16:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18525]: Disconnected from 164.177.31.66 port 45434 [preauth]
May  4 16:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17245]: pam_unix(cron:session): session closed for user root
May  4 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18614]: pam_unix(cron:session): session closed for user p13x
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: Successful su for rubyman by root
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: + ??? root:rubyman
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328517 of user rubyman.
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: pam_unix(su:session): session closed for user rubyman
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328517.
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Invalid user seafile from 152.206.118.154
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: input_userauth_request: invalid user seafile [preauth]
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 16:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user root
May  4 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for invalid user seafile from 152.206.118.154 port 54008 ssh2
May  4 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Received disconnect from 152.206.118.154 port 54008:11: Bye Bye [preauth]
May  4 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Disconnected from 152.206.118.154 port 54008 [preauth]
May  4 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18615]: pam_unix(cron:session): session closed for user samftp
May  4 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17665]: pam_unix(cron:session): session closed for user root
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19028]: pam_unix(cron:session): session closed for user root
May  4 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19023]: pam_unix(cron:session): session closed for user p13x
May  4 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19102]: Successful su for rubyman by root
May  4 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19102]: + ??? root:rubyman
May  4 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328519 of user rubyman.
May  4 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19102]: pam_unix(su:session): session closed for user rubyman
May  4 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328519.
May  4 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16331]: pam_unix(cron:session): session closed for user root
May  4 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19025]: pam_unix(cron:session): session closed for user root
May  4 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19024]: pam_unix(cron:session): session closed for user samftp
May  4 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18207]: pam_unix(cron:session): session closed for user root
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19462]: pam_unix(cron:session): session closed for user p13x
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19531]: Successful su for rubyman by root
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19531]: + ??? root:rubyman
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328526 of user rubyman.
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19531]: pam_unix(su:session): session closed for user rubyman
May  4 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328526.
May  4 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session closed for user root
May  4 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19463]: pam_unix(cron:session): session closed for user samftp
May  4 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18617]: pam_unix(cron:session): session closed for user root
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session closed for user p13x
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19943]: Successful su for rubyman by root
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19943]: + ??? root:rubyman
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328530 of user rubyman.
May  4 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19943]: pam_unix(su:session): session closed for user rubyman
May  4 16:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328530.
May  4 16:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17244]: pam_unix(cron:session): session closed for user root
May  4 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session closed for user samftp
May  4 16:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: Failed password for root from 197.5.145.121 port 36606 ssh2
May  4 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: Received disconnect from 197.5.145.121 port 36606:11: Bye Bye [preauth]
May  4 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: Disconnected from 197.5.145.121 port 36606 [preauth]
May  4 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19027]: pam_unix(cron:session): session closed for user root
May  4 16:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Invalid user odoo17 from 164.177.31.66
May  4 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: input_userauth_request: invalid user odoo17 [preauth]
May  4 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Failed password for invalid user odoo17 from 164.177.31.66 port 38814 ssh2
May  4 16:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Received disconnect from 164.177.31.66 port 38814:11: Bye Bye [preauth]
May  4 16:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Disconnected from 164.177.31.66 port 38814 [preauth]
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20291]: pam_unix(cron:session): session closed for user p13x
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: Successful su for rubyman by root
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: + ??? root:rubyman
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328536 of user rubyman.
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: pam_unix(su:session): session closed for user rubyman
May  4 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328536.
May  4 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session closed for user root
May  4 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20292]: pam_unix(cron:session): session closed for user samftp
May  4 16:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.119.17  user=root
May  4 16:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20598]: Failed password for root from 117.50.119.17 port 54696 ssh2
May  4 16:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19466]: pam_unix(cron:session): session closed for user root
May  4 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session closed for user p13x
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: Successful su for rubyman by root
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: + ??? root:rubyman
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328540 of user rubyman.
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20809]: pam_unix(su:session): session closed for user rubyman
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328540.
May  4 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20693]: pam_unix(cron:session): session closed for user root
May  4 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18206]: pam_unix(cron:session): session closed for user root
May  4 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session closed for user samftp
May  4 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session closed for user root
May  4 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Invalid user taibabi from 152.206.118.154
May  4 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: input_userauth_request: invalid user taibabi [preauth]
May  4 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 16:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Failed password for invalid user taibabi from 152.206.118.154 port 57986 ssh2
May  4 16:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Received disconnect from 152.206.118.154 port 57986:11: Bye Bye [preauth]
May  4 16:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Disconnected from 152.206.118.154 port 57986 [preauth]
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21214]: pam_unix(cron:session): session closed for user root
May  4 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21208]: pam_unix(cron:session): session closed for user p13x
May  4 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: Successful su for rubyman by root
May  4 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: + ??? root:rubyman
May  4 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328545 of user rubyman.
May  4 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21304]: pam_unix(su:session): session closed for user rubyman
May  4 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328545.
May  4 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21210]: pam_unix(cron:session): session closed for user root
May  4 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18616]: pam_unix(cron:session): session closed for user root
May  4 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21209]: pam_unix(cron:session): session closed for user samftp
May  4 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user root
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21692]: pam_unix(cron:session): session closed for user p13x
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21861]: Successful su for rubyman by root
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21861]: + ??? root:rubyman
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328548 of user rubyman.
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21861]: pam_unix(su:session): session closed for user rubyman
May  4 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328548.
May  4 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19026]: pam_unix(cron:session): session closed for user root
May  4 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21698]: pam_unix(cron:session): session closed for user samftp
May  4 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user root
May  4 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session closed for user p13x
May  4 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: Successful su for rubyman by root
May  4 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: + ??? root:rubyman
May  4 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328552 of user rubyman.
May  4 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22543]: pam_unix(su:session): session closed for user rubyman
May  4 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328552.
May  4 16:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19465]: pam_unix(cron:session): session closed for user root
May  4 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session closed for user samftp
May  4 16:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.121  user=root
May  4 16:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Failed password for root from 197.5.145.121 port 36607 ssh2
May  4 16:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Received disconnect from 197.5.145.121 port 36607:11: Bye Bye [preauth]
May  4 16:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Disconnected from 197.5.145.121 port 36607 [preauth]
May  4 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: Invalid user ozzy from 164.177.31.66
May  4 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: input_userauth_request: invalid user ozzy [preauth]
May  4 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: Failed password for invalid user ozzy from 164.177.31.66 port 47216 ssh2
May  4 16:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: Received disconnect from 164.177.31.66 port 47216:11: Bye Bye [preauth]
May  4 16:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: Disconnected from 164.177.31.66 port 47216 [preauth]
May  4 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21213]: pam_unix(cron:session): session closed for user root
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session closed for user p13x
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: Successful su for rubyman by root
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: + ??? root:rubyman
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328557 of user rubyman.
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: pam_unix(su:session): session closed for user rubyman
May  4 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328557.
May  4 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session closed for user root
May  4 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session closed for user samftp
May  4 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user root
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user p13x
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: Successful su for rubyman by root
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: + ??? root:rubyman
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328560 of user rubyman.
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: pam_unix(su:session): session closed for user rubyman
May  4 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328560.
May  4 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20293]: pam_unix(cron:session): session closed for user root
May  4 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user samftp
May  4 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session closed for user root
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session closed for user root
May  4 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session closed for user p13x
May  4 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24046]: Successful su for rubyman by root
May  4 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24046]: + ??? root:rubyman
May  4 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328565 of user rubyman.
May  4 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24046]: pam_unix(su:session): session closed for user rubyman
May  4 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328565.
May  4 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user root
May  4 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session closed for user root
May  4 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session closed for user samftp
May  4 16:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Invalid user kelvin from 152.206.118.154
May  4 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: input_userauth_request: invalid user kelvin [preauth]
May  4 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 16:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Failed password for invalid user kelvin from 152.206.118.154 port 37356 ssh2
May  4 16:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Received disconnect from 152.206.118.154 port 37356:11: Bye Bye [preauth]
May  4 16:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Disconnected from 152.206.118.154 port 37356 [preauth]
May  4 16:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user root
May  4 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24438]: pam_unix(cron:session): session closed for user p13x
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: Successful su for rubyman by root
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: + ??? root:rubyman
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328571 of user rubyman.
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: pam_unix(su:session): session closed for user rubyman
May  4 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328571.
May  4 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21212]: pam_unix(cron:session): session closed for user root
May  4 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session closed for user samftp
May  4 16:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user root
May  4 16:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Invalid user user from 164.177.31.66
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: input_userauth_request: invalid user user [preauth]
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24869]: pam_unix(cron:session): session closed for user p13x
May  4 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: Successful su for rubyman by root
May  4 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: + ??? root:rubyman
May  4 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328576 of user rubyman.
May  4 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24935]: pam_unix(su:session): session closed for user rubyman
May  4 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328576.
May  4 16:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Failed password for invalid user user from 164.177.31.66 port 34026 ssh2
May  4 16:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Received disconnect from 164.177.31.66 port 34026:11: Bye Bye [preauth]
May  4 16:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Disconnected from 164.177.31.66 port 34026 [preauth]
May  4 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session closed for user root
May  4 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24870]: pam_unix(cron:session): session closed for user samftp
May  4 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 16:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 16:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Failed password for root from 218.92.0.205 port 44416 ssh2
May  4 16:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25158]: Failed password for root from 14.103.133.104 port 54370 ssh2
May  4 16:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25158]: Received disconnect from 14.103.133.104 port 54370:11: Bye Bye [preauth]
May  4 16:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25158]: Disconnected from 14.103.133.104 port 54370 [preauth]
May  4 16:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Failed password for root from 218.92.0.205 port 44416 ssh2
May  4 16:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 44416 ssh2]
May  4 16:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user root
May  4 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Failed password for root from 218.92.0.205 port 44416 ssh2
May  4 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 44416 ssh2 [preauth]
May  4 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Disconnecting: Too many authentication failures [preauth]
May  4 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 16:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session closed for user p13x
May  4 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: Successful su for rubyman by root
May  4 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: + ??? root:rubyman
May  4 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328579 of user rubyman.
May  4 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: pam_unix(su:session): session closed for user rubyman
May  4 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328579.
May  4 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session closed for user root
May  4 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session closed for user samftp
May  4 16:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session closed for user root
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session closed for user p13x
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25753]: Successful su for rubyman by root
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25753]: + ??? root:rubyman
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328583 of user rubyman.
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25753]: pam_unix(su:session): session closed for user rubyman
May  4 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328583.
May  4 16:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user root
May  4 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25694]: pam_unix(cron:session): session closed for user samftp
May  4 16:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  4 16:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.38.2.214
May  4 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session closed for user root
May  4 16:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Connection closed by 46.244.96.25 port 34874 [preauth]
May  4 16:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  4 16:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Failed password for root from 46.244.96.25 port 56998 ssh2
May  4 16:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26063]: Connection closed by 46.244.96.25 port 56998 [preauth]
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session closed for user root
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26108]: pam_unix(cron:session): session closed for user p13x
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: Successful su for rubyman by root
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: + ??? root:rubyman
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328588 of user rubyman.
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: pam_unix(su:session): session closed for user rubyman
May  4 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328588.
May  4 16:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
May  4 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26111]: pam_unix(cron:session): session closed for user root
May  4 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session closed for user samftp
May  4 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25288]: pam_unix(cron:session): session closed for user root
May  4 16:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Invalid user user from 116.118.48.186
May  4 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: input_userauth_request: invalid user user [preauth]
May  4 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 16:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Failed password for invalid user user from 116.118.48.186 port 44218 ssh2
May  4 16:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Received disconnect from 116.118.48.186 port 44218:11: Bye Bye [preauth]
May  4 16:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Disconnected from 116.118.48.186 port 44218 [preauth]
May  4 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Invalid user daniel from 152.206.118.154
May  4 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: input_userauth_request: invalid user daniel [preauth]
May  4 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Failed password for invalid user daniel from 152.206.118.154 port 36916 ssh2
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Received disconnect from 152.206.118.154 port 36916:11: Bye Bye [preauth]
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Disconnected from 152.206.118.154 port 36916 [preauth]
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26623]: pam_unix(cron:session): session closed for user p13x
May  4 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: Successful su for rubyman by root
May  4 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: + ??? root:rubyman
May  4 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328592 of user rubyman.
May  4 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: pam_unix(su:session): session closed for user rubyman
May  4 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328592.
May  4 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user root
May  4 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26624]: pam_unix(cron:session): session closed for user samftp
May  4 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Invalid user i from 195.178.110.50
May  4 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: input_userauth_request: invalid user i [preauth]
May  4 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 16:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Failed password for invalid user i from 195.178.110.50 port 60816 ssh2
May  4 16:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Connection closed by 195.178.110.50 port 60816 [preauth]
May  4 16:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Invalid user 6 from 195.178.110.50
May  4 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: input_userauth_request: invalid user 6 [preauth]
May  4 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 16:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Failed password for invalid user 6 from 195.178.110.50 port 60876 ssh2
May  4 16:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26889]: Connection closed by 195.178.110.50 port 60876 [preauth]
May  4 16:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25696]: pam_unix(cron:session): session closed for user root
May  4 16:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Invalid user reception from 164.177.31.66
May  4 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: input_userauth_request: invalid user reception [preauth]
May  4 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Failed password for invalid user reception from 164.177.31.66 port 60176 ssh2
May  4 16:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Received disconnect from 164.177.31.66 port 60176:11: Bye Bye [preauth]
May  4 16:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Disconnected from 164.177.31.66 port 60176 [preauth]
May  4 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Invalid user a from 195.178.110.50
May  4 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: input_userauth_request: invalid user a [preauth]
May  4 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 16:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Failed password for invalid user a from 195.178.110.50 port 6738 ssh2
May  4 16:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Connection closed by 195.178.110.50 port 6738 [preauth]
May  4 16:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session closed for user p13x
May  4 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: Successful su for rubyman by root
May  4 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: + ??? root:rubyman
May  4 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328596 of user rubyman.
May  4 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27166]: pam_unix(su:session): session closed for user rubyman
May  4 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328596.
May  4 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session closed for user root
May  4 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session closed for user samftp
May  4 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: Invalid user . from 195.178.110.50
May  4 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: input_userauth_request: invalid user . [preauth]
May  4 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: Invalid user admin from 139.19.117.131
May  4 16:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: input_userauth_request: invalid user admin [preauth]
May  4 16:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: Failed password for invalid user . from 195.178.110.50 port 7700 ssh2
May  4 16:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: Connection closed by 195.178.110.50 port 7700 [preauth]
May  4 16:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27367]: Connection closed by 139.19.117.131 port 49470 [preauth]
May  4 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: Invalid user Y from 195.178.110.50
May  4 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: input_userauth_request: invalid user Y [preauth]
May  4 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 16:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: Failed password for invalid user Y from 195.178.110.50 port 55006 ssh2
May  4 16:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27380]: Connection closed by 195.178.110.50 port 55006 [preauth]
May  4 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user root
May  4 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session closed for user p13x
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: Successful su for rubyman by root
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: + ??? root:rubyman
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328600 of user rubyman.
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27633]: pam_unix(su:session): session closed for user rubyman
May  4 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328600.
May  4 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session closed for user root
May  4 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session closed for user samftp
May  4 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session closed for user root
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27969]: pam_unix(cron:session): session closed for user p13x
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: Successful su for rubyman by root
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: + ??? root:rubyman
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328604 of user rubyman.
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28033]: pam_unix(su:session): session closed for user rubyman
May  4 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328604.
May  4 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session closed for user root
May  4 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27971]: pam_unix(cron:session): session closed for user samftp
May  4 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27101]: pam_unix(cron:session): session closed for user root
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28370]: pam_unix(cron:session): session closed for user root
May  4 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28364]: pam_unix(cron:session): session closed for user p13x
May  4 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28440]: Successful su for rubyman by root
May  4 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28440]: + ??? root:rubyman
May  4 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328608 of user rubyman.
May  4 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28440]: pam_unix(su:session): session closed for user rubyman
May  4 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328608.
May  4 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25695]: pam_unix(cron:session): session closed for user root
May  4 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28367]: pam_unix(cron:session): session closed for user root
May  4 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28365]: pam_unix(cron:session): session closed for user samftp
May  4 16:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.119.17  user=root
May  4 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Failed password for root from 117.50.119.17 port 39200 ssh2
May  4 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Received disconnect from 117.50.119.17 port 39200:11: Bye Bye [preauth]
May  4 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28702]: Disconnected from 117.50.119.17 port 39200 [preauth]
May  4 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27576]: pam_unix(cron:session): session closed for user root
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user p13x
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: Successful su for rubyman by root
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: + ??? root:rubyman
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328614 of user rubyman.
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28869]: pam_unix(su:session): session closed for user rubyman
May  4 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328614.
May  4 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session closed for user root
May  4 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user samftp
May  4 16:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Invalid user david from 164.177.31.66
May  4 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: input_userauth_request: invalid user david [preauth]
May  4 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 16:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Failed password for invalid user david from 164.177.31.66 port 51858 ssh2
May  4 16:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Received disconnect from 164.177.31.66 port 51858:11: Bye Bye [preauth]
May  4 16:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29152]: Disconnected from 164.177.31.66 port 51858 [preauth]
May  4 16:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 16:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for root from 14.103.133.104 port 37362 ssh2
May  4 16:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Received disconnect from 14.103.133.104 port 37362:11: Bye Bye [preauth]
May  4 16:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Disconnected from 14.103.133.104 port 37362 [preauth]
May  4 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session closed for user root
May  4 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Invalid user henri from 152.206.118.154
May  4 16:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: input_userauth_request: invalid user henri [preauth]
May  4 16:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.206.118.154
May  4 16:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Failed password for invalid user henri from 152.206.118.154 port 43804 ssh2
May  4 16:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Received disconnect from 152.206.118.154 port 43804:11: Bye Bye [preauth]
May  4 16:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Disconnected from 152.206.118.154 port 43804 [preauth]
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session closed for user p13x
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29382]: Successful su for rubyman by root
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29382]: + ??? root:rubyman
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328619 of user rubyman.
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29382]: pam_unix(su:session): session closed for user rubyman
May  4 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328619.
May  4 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26625]: pam_unix(cron:session): session closed for user root
May  4 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session closed for user samftp
May  4 16:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29596]: Did not receive identification string from 80.64.18.84
May  4 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28369]: pam_unix(cron:session): session closed for user root
May  4 16:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Invalid user iptv from 14.103.133.104
May  4 16:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: input_userauth_request: invalid user iptv [preauth]
May  4 16:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 16:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Failed password for invalid user iptv from 14.103.133.104 port 59870 ssh2
May  4 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Received disconnect from 14.103.133.104 port 59870:11: Bye Bye [preauth]
May  4 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Disconnected from 14.103.133.104 port 59870 [preauth]
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29726]: pam_unix(cron:session): session closed for user p13x
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: Successful su for rubyman by root
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: + ??? root:rubyman
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328624 of user rubyman.
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29789]: pam_unix(su:session): session closed for user rubyman
May  4 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328624.
May  4 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session closed for user root
May  4 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session closed for user samftp
May  4 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session closed for user root
May  4 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Invalid user user from 14.103.133.104
May  4 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: input_userauth_request: invalid user user [preauth]
May  4 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: pam_unix(sshd:auth): check pass; user unknown
May  4 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Failed password for invalid user user from 14.103.133.104 port 54164 ssh2
May  4 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Received disconnect from 14.103.133.104 port 54164:11: Bye Bye [preauth]
May  4 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Disconnected from 14.103.133.104 port 54164 [preauth]
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30137]: pam_unix(cron:session): session closed for user p13x
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: Successful su for rubyman by root
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: + ??? root:rubyman
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328627 of user rubyman.
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30198]: pam_unix(su:session): session closed for user rubyman
May  4 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328627.
May  4 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27575]: pam_unix(cron:session): session closed for user root
May  4 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30138]: pam_unix(cron:session): session closed for user samftp
May  4 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29321]: pam_unix(cron:session): session closed for user root
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30534]: pam_unix(cron:session): session closed for user root
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30529]: pam_unix(cron:session): session closed for user root
May  4 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30527]: pam_unix(cron:session): session closed for user p13x
May  4 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: Successful su for rubyman by root
May  4 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: + ??? root:rubyman
May  4 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328635 of user rubyman.
May  4 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30622]: pam_unix(su:session): session closed for user rubyman
May  4 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328635.
May  4 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session closed for user root
May  4 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30531]: pam_unix(cron:session): session closed for user root
May  4 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30528]: pam_unix(cron:session): session closed for user samftp
May  4 17:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Invalid user piso from 14.103.133.104
May  4 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: input_userauth_request: invalid user piso [preauth]
May  4 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Failed password for invalid user piso from 14.103.133.104 port 48464 ssh2
May  4 17:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Received disconnect from 14.103.133.104 port 48464:11: Bye Bye [preauth]
May  4 17:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30862]: Disconnected from 14.103.133.104 port 48464 [preauth]
May  4 17:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user root
May  4 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Failed password for root from 116.118.48.186 port 60738 ssh2
May  4 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Received disconnect from 116.118.48.186 port 60738:11: Bye Bye [preauth]
May  4 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Disconnected from 116.118.48.186 port 60738 [preauth]
May  4 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: Invalid user taibabi from 164.177.31.66
May  4 17:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: Failed password for invalid user taibabi from 164.177.31.66 port 37030 ssh2
May  4 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: Received disconnect from 164.177.31.66 port 37030:11: Bye Bye [preauth]
May  4 17:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30960]: Disconnected from 164.177.31.66 port 37030 [preauth]
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31027]: pam_unix(cron:session): session closed for user p13x
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: Successful su for rubyman by root
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: + ??? root:rubyman
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328637 of user rubyman.
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: pam_unix(su:session): session closed for user rubyman
May  4 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328637.
May  4 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31028]: pam_unix(cron:session): session closed for user samftp
May  4 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28368]: pam_unix(cron:session): session closed for user root
May  4 17:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Invalid user piso from 103.52.115.223
May  4 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: input_userauth_request: invalid user piso [preauth]
May  4 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Failed password for invalid user piso from 103.52.115.223 port 56846 ssh2
May  4 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Received disconnect from 103.52.115.223 port 56846:11: Bye Bye [preauth]
May  4 17:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Disconnected from 103.52.115.223 port 56846 [preauth]
May  4 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session closed for user root
May  4 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Failed password for root from 14.103.133.104 port 42744 ssh2
May  4 17:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Received disconnect from 14.103.133.104 port 42744:11: Bye Bye [preauth]
May  4 17:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Disconnected from 14.103.133.104 port 42744 [preauth]
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31439]: pam_unix(cron:session): session closed for user p13x
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31502]: Successful su for rubyman by root
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31502]: + ??? root:rubyman
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328643 of user rubyman.
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31502]: pam_unix(su:session): session closed for user rubyman
May  4 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328643.
May  4 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session closed for user root
May  4 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31440]: pam_unix(cron:session): session closed for user samftp
May  4 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user root
May  4 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: Failed password for root from 14.103.133.104 port 37006 ssh2
May  4 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: Received disconnect from 14.103.133.104 port 37006:11: Bye Bye [preauth]
May  4 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: Disconnected from 14.103.133.104 port 37006 [preauth]
May  4 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31856]: pam_unix(cron:session): session closed for user p13x
May  4 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: Successful su for rubyman by root
May  4 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: + ??? root:rubyman
May  4 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328645 of user rubyman.
May  4 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31926]: pam_unix(su:session): session closed for user rubyman
May  4 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328645.
May  4 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29320]: pam_unix(cron:session): session closed for user root
May  4 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31857]: pam_unix(cron:session): session closed for user samftp
May  4 17:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 17:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: Failed password for root from 218.92.0.206 port 54024 ssh2
May  4 17:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32151]: Failed password for root from 218.92.0.206 port 54024 ssh2
May  4 17:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31031]: pam_unix(cron:session): session closed for user root
May  4 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 17:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Failed password for root from 218.92.0.206 port 62752 ssh2
May  4 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: message repeated 5 times: [ Failed password for root from 218.92.0.206 port 62752 ssh2]
May  4 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 62752 ssh2 [preauth]
May  4 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Disconnecting: Too many authentication failures [preauth]
May  4 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  4 17:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32271]: pam_unix(cron:session): session closed for user p13x
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32329]: Successful su for rubyman by root
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32329]: + ??? root:rubyman
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328649 of user rubyman.
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32329]: pam_unix(su:session): session closed for user rubyman
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328649.
May  4 17:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Invalid user deploy from 14.103.133.104
May  4 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: input_userauth_request: invalid user deploy [preauth]
May  4 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session closed for user root
May  4 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Failed password for invalid user deploy from 14.103.133.104 port 59532 ssh2
May  4 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Received disconnect from 14.103.133.104 port 59532:11: Bye Bye [preauth]
May  4 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32401]: Disconnected from 14.103.133.104 port 59532 [preauth]
May  4 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32272]: pam_unix(cron:session): session closed for user samftp
May  4 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31442]: pam_unix(cron:session): session closed for user root
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[313]: pam_unix(cron:session): session closed for user root
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[306]: pam_unix(cron:session): session closed for user p13x
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: Successful su for rubyman by root
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: + ??? root:rubyman
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328657 of user rubyman.
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[385]: pam_unix(su:session): session closed for user rubyman
May  4 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328657.
May  4 17:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[309]: pam_unix(cron:session): session closed for user root
May  4 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30139]: pam_unix(cron:session): session closed for user root
May  4 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[307]: pam_unix(cron:session): session closed for user samftp
May  4 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Invalid user dmdba from 164.177.31.66
May  4 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: input_userauth_request: invalid user dmdba [preauth]
May  4 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Failed password for invalid user dmdba from 164.177.31.66 port 55044 ssh2
May  4 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Received disconnect from 164.177.31.66 port 55044:11: Bye Bye [preauth]
May  4 17:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[612]: Disconnected from 164.177.31.66 port 55044 [preauth]
May  4 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Invalid user ubuntu from 14.103.133.104
May  4 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: input_userauth_request: invalid user ubuntu [preauth]
May  4 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Failed password for invalid user ubuntu from 14.103.133.104 port 53822 ssh2
May  4 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Received disconnect from 14.103.133.104 port 53822:11: Bye Bye [preauth]
May  4 17:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Disconnected from 14.103.133.104 port 53822 [preauth]
May  4 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session closed for user root
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session closed for user p13x
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: Successful su for rubyman by root
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: + ??? root:rubyman
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328660 of user rubyman.
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[881]: pam_unix(su:session): session closed for user rubyman
May  4 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328660.
May  4 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[811]: pam_unix(cron:session): session closed for user samftp
May  4 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user root
May  4 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32274]: pam_unix(cron:session): session closed for user root
May  4 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Invalid user snmp from 117.50.119.17
May  4 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: input_userauth_request: invalid user snmp [preauth]
May  4 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.119.17
May  4 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Failed password for invalid user snmp from 117.50.119.17 port 57098 ssh2
May  4 17:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for root from 116.118.48.186 port 37062 ssh2
May  4 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Received disconnect from 116.118.48.186 port 37062:11: Bye Bye [preauth]
May  4 17:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Disconnected from 116.118.48.186 port 37062 [preauth]
May  4 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Invalid user taibabi from 14.103.133.104
May  4 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Failed password for invalid user taibabi from 14.103.133.104 port 48090 ssh2
May  4 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Received disconnect from 14.103.133.104 port 48090:11: Bye Bye [preauth]
May  4 17:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Disconnected from 14.103.133.104 port 48090 [preauth]
May  4 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session closed for user p13x
May  4 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: Successful su for rubyman by root
May  4 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: + ??? root:rubyman
May  4 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328664 of user rubyman.
May  4 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session closed for user rubyman
May  4 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328664.
May  4 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31029]: pam_unix(cron:session): session closed for user root
May  4 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1259]: pam_unix(cron:session): session closed for user samftp
May  4 17:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[312]: pam_unix(cron:session): session closed for user root
May  4 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user p13x
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: Successful su for rubyman by root
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: + ??? root:rubyman
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328668 of user rubyman.
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1782]: pam_unix(su:session): session closed for user rubyman
May  4 17:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328668.
May  4 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Failed password for root from 14.103.133.104 port 42360 ssh2
May  4 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Received disconnect from 14.103.133.104 port 42360:11: Bye Bye [preauth]
May  4 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1707]: Disconnected from 14.103.133.104 port 42360 [preauth]
May  4 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31441]: pam_unix(cron:session): session closed for user root
May  4 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user samftp
May  4 17:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: Failed password for root from 103.52.115.223 port 58104 ssh2
May  4 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: Received disconnect from 103.52.115.223 port 58104:11: Bye Bye [preauth]
May  4 17:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2057]: Disconnected from 103.52.115.223 port 58104 [preauth]
May  4 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[813]: pam_unix(cron:session): session closed for user root
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user p13x
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: Successful su for rubyman by root
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: + ??? root:rubyman
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328672 of user rubyman.
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2331]: pam_unix(su:session): session closed for user rubyman
May  4 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328672.
May  4 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session closed for user root
May  4 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session closed for user root
May  4 17:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user samftp
May  4 17:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Failed password for root from 14.103.133.104 port 36656 ssh2
May  4 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Received disconnect from 14.103.133.104 port 36656:11: Bye Bye [preauth]
May  4 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Disconnected from 14.103.133.104 port 36656 [preauth]
May  4 17:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session closed for user root
May  4 17:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Invalid user taibabi from 164.177.31.66
May  4 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for invalid user taibabi from 164.177.31.66 port 42632 ssh2
May  4 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Received disconnect from 164.177.31.66 port 42632:11: Bye Bye [preauth]
May  4 17:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Disconnected from 164.177.31.66 port 42632 [preauth]
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2751]: pam_unix(cron:session): session closed for user root
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session closed for user p13x
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2817]: Successful su for rubyman by root
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2817]: + ??? root:rubyman
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328676 of user rubyman.
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2817]: pam_unix(su:session): session closed for user rubyman
May  4 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328676.
May  4 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session closed for user root
May  4 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32273]: pam_unix(cron:session): session closed for user root
May  4 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user samftp
May  4 17:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Connection closed by 172.105.128.13 port 60426 [preauth]
May  4 17:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Connection closed by 172.105.128.13 port 60432 [preauth]
May  4 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3068]: fatal: Unable to negotiate with 172.105.128.13 port 60448: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  4 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1713]: pam_unix(cron:session): session closed for user root
May  4 17:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: Invalid user pradeep from 14.103.133.104
May  4 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: input_userauth_request: invalid user pradeep [preauth]
May  4 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: Failed password for invalid user pradeep from 14.103.133.104 port 59178 ssh2
May  4 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: Received disconnect from 14.103.133.104 port 59178:11: Bye Bye [preauth]
May  4 17:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3140]: Disconnected from 14.103.133.104 port 59178 [preauth]
May  4 17:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  4 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3183]: Failed password for root from 193.70.84.184 port 36134 ssh2
May  4 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3183]: Connection closed by 193.70.84.184 port 36134 [preauth]
May  4 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session closed for user p13x
May  4 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3273]: Successful su for rubyman by root
May  4 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3273]: + ??? root:rubyman
May  4 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328684 of user rubyman.
May  4 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3273]: pam_unix(su:session): session closed for user rubyman
May  4 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328684.
May  4 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
May  4 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session closed for user samftp
May  4 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2218]: pam_unix(cron:session): session closed for user root
May  4 17:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Invalid user taibabi from 14.103.133.104
May  4 17:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Failed password for invalid user taibabi from 14.103.133.104 port 53470 ssh2
May  4 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Received disconnect from 14.103.133.104 port 53470:11: Bye Bye [preauth]
May  4 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3642]: Disconnected from 14.103.133.104 port 53470 [preauth]
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3662]: pam_unix(cron:session): session closed for user p13x
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3721]: Successful su for rubyman by root
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3721]: + ??? root:rubyman
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328686 of user rubyman.
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3721]: pam_unix(su:session): session closed for user rubyman
May  4 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328686.
May  4 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user root
May  4 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session closed for user samftp
May  4 17:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user root
May  4 17:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Invalid user mutua from 116.118.48.186
May  4 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: input_userauth_request: invalid user mutua [preauth]
May  4 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Failed password for invalid user mutua from 116.118.48.186 port 58940 ssh2
May  4 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Received disconnect from 116.118.48.186 port 58940:11: Bye Bye [preauth]
May  4 17:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4042]: Disconnected from 116.118.48.186 port 58940 [preauth]
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session closed for user p13x
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: Successful su for rubyman by root
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: + ??? root:rubyman
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328691 of user rubyman.
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: pam_unix(su:session): session closed for user rubyman
May  4 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328691.
May  4 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session closed for user root
May  4 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session closed for user samftp
May  4 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: Failed password for root from 14.103.133.104 port 47760 ssh2
May  4 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: Received disconnect from 14.103.133.104 port 47760:11: Bye Bye [preauth]
May  4 17:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4533]: Disconnected from 14.103.133.104 port 47760 [preauth]
May  4 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Invalid user zhangtao from 164.68.105.9
May  4 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: input_userauth_request: invalid user zhangtao [preauth]
May  4 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 17:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Failed password for invalid user zhangtao from 164.68.105.9 port 44436 ssh2
May  4 17:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Connection closed by 164.68.105.9 port 44436 [preauth]
May  4 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3210]: pam_unix(cron:session): session closed for user root
May  4 17:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Invalid user hr from 123.252.238.214
May  4 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: input_userauth_request: invalid user hr [preauth]
May  4 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Failed password for invalid user hr from 123.252.238.214 port 58050 ssh2
May  4 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Received disconnect from 123.252.238.214 port 58050:11: Bye Bye [preauth]
May  4 17:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4650]: Disconnected from 123.252.238.214 port 58050 [preauth]
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session closed for user p13x
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4733]: Successful su for rubyman by root
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4733]: + ??? root:rubyman
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328694 of user rubyman.
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4733]: pam_unix(su:session): session closed for user rubyman
May  4 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328694.
May  4 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session closed for user root
May  4 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4671]: pam_unix(cron:session): session closed for user samftp
May  4 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Invalid user dev from 103.52.115.223
May  4 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: input_userauth_request: invalid user dev [preauth]
May  4 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Failed password for invalid user dev from 103.52.115.223 port 54118 ssh2
May  4 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Received disconnect from 103.52.115.223 port 54118:11: Bye Bye [preauth]
May  4 17:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Disconnected from 103.52.115.223 port 54118 [preauth]
May  4 17:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Failed password for root from 164.177.31.66 port 47746 ssh2
May  4 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Received disconnect from 164.177.31.66 port 47746:11: Bye Bye [preauth]
May  4 17:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Disconnected from 164.177.31.66 port 47746 [preauth]
May  4 17:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Invalid user postgres from 168.228.180.12
May  4 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: input_userauth_request: invalid user postgres [preauth]
May  4 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Failed password for invalid user postgres from 168.228.180.12 port 28929 ssh2
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Received disconnect from 168.228.180.12 port 28929:11: Bye Bye [preauth]
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5007]: Disconnected from 168.228.180.12 port 28929 [preauth]
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Invalid user hassan from 14.103.133.104
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: input_userauth_request: invalid user hassan [preauth]
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Failed password for invalid user hassan from 14.103.133.104 port 42022 ssh2
May  4 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Received disconnect from 14.103.133.104 port 42022:11: Bye Bye [preauth]
May  4 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5189]: Disconnected from 14.103.133.104 port 42022 [preauth]
May  4 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3665]: pam_unix(cron:session): session closed for user root
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session closed for user root
May  4 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session closed for user p13x
May  4 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5358]: Successful su for rubyman by root
May  4 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5358]: + ??? root:rubyman
May  4 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328700 of user rubyman.
May  4 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5358]: pam_unix(su:session): session closed for user rubyman
May  4 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328700.
May  4 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session closed for user root
May  4 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session closed for user root
May  4 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session closed for user samftp
May  4 17:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 17:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: Failed password for root from 176.31.162.135 port 50222 ssh2
May  4 17:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5670]: Connection closed by 176.31.162.135 port 50222 [preauth]
May  4 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session closed for user root
May  4 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Failed password for root from 14.103.133.104 port 36308 ssh2
May  4 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Received disconnect from 14.103.133.104 port 36308:11: Bye Bye [preauth]
May  4 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Disconnected from 14.103.133.104 port 36308 [preauth]
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5783]: pam_unix(cron:session): session closed for user p13x
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5936]: Successful su for rubyman by root
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5936]: + ??? root:rubyman
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328705 of user rubyman.
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5936]: pam_unix(su:session): session closed for user rubyman
May  4 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328705.
May  4 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user root
May  4 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5784]: pam_unix(cron:session): session closed for user samftp
May  4 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Did not receive identification string from 218.250.66.235
May  4 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4673]: pam_unix(cron:session): session closed for user root
May  4 17:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Invalid user bruno from 190.103.202.7
May  4 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: input_userauth_request: invalid user bruno [preauth]
May  4 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Failed password for invalid user bruno from 190.103.202.7 port 53140 ssh2
May  4 17:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6233]: Connection closed by 190.103.202.7 port 53140 [preauth]
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6302]: pam_unix(cron:session): session closed for user root
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6304]: pam_unix(cron:session): session closed for user p13x
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: Successful su for rubyman by root
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: + ??? root:rubyman
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328708 of user rubyman.
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6368]: pam_unix(su:session): session closed for user rubyman
May  4 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328708.
May  4 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Invalid user ftp-test from 14.103.133.104
May  4 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: input_userauth_request: invalid user ftp-test [preauth]
May  4 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session closed for user root
May  4 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Failed password for invalid user ftp-test from 14.103.133.104 port 58836 ssh2
May  4 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Received disconnect from 14.103.133.104 port 58836:11: Bye Bye [preauth]
May  4 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6443]: Disconnected from 14.103.133.104 port 58836 [preauth]
May  4 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6305]: pam_unix(cron:session): session closed for user samftp
May  4 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session closed for user root
May  4 17:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Invalid user rajeev from 168.228.180.12
May  4 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: input_userauth_request: invalid user rajeev [preauth]
May  4 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Failed password for invalid user rajeev from 168.228.180.12 port 34419 ssh2
May  4 17:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Received disconnect from 168.228.180.12 port 34419:11: Bye Bye [preauth]
May  4 17:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Disconnected from 168.228.180.12 port 34419 [preauth]
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6710]: pam_unix(cron:session): session closed for user p13x
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6774]: Successful su for rubyman by root
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6774]: + ??? root:rubyman
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328713 of user rubyman.
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6774]: pam_unix(su:session): session closed for user rubyman
May  4 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328713.
May  4 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3664]: pam_unix(cron:session): session closed for user root
May  4 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6711]: pam_unix(cron:session): session closed for user samftp
May  4 17:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Invalid user wyt from 14.103.133.104
May  4 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: input_userauth_request: invalid user wyt [preauth]
May  4 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Failed password for invalid user wyt from 14.103.133.104 port 53126 ssh2
May  4 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Received disconnect from 14.103.133.104 port 53126:11: Bye Bye [preauth]
May  4 17:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7091]: Disconnected from 14.103.133.104 port 53126 [preauth]
May  4 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5786]: pam_unix(cron:session): session closed for user root
May  4 17:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Invalid user pradeep from 116.118.48.186
May  4 17:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: input_userauth_request: invalid user pradeep [preauth]
May  4 17:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 17:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Invalid user wps from 164.177.31.66
May  4 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: input_userauth_request: invalid user wps [preauth]
May  4 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Failed password for invalid user pradeep from 116.118.48.186 port 47914 ssh2
May  4 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Received disconnect from 116.118.48.186 port 47914:11: Bye Bye [preauth]
May  4 17:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Disconnected from 116.118.48.186 port 47914 [preauth]
May  4 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Failed password for invalid user wps from 164.177.31.66 port 51102 ssh2
May  4 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Received disconnect from 164.177.31.66 port 51102:11: Bye Bye [preauth]
May  4 17:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Disconnected from 164.177.31.66 port 51102 [preauth]
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session closed for user p13x
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: Successful su for rubyman by root
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: + ??? root:rubyman
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328717 of user rubyman.
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7282]: pam_unix(su:session): session closed for user rubyman
May  4 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328717.
May  4 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session closed for user root
May  4 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user samftp
May  4 17:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Failed password for root from 218.92.0.210 port 20540 ssh2
May  4 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 20540 ssh2]
May  4 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 20540 ssh2 [preauth]
May  4 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Disconnecting: Too many authentication failures [preauth]
May  4 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 17:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 17:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 17:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 218.92.0.210 port 39360 ssh2
May  4 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 218.92.0.210 port 39360 ssh2
May  4 17:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6307]: pam_unix(cron:session): session closed for user root
May  4 17:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 218.92.0.210 port 39360 ssh2
May  4 17:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104  user=root
May  4 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 218.92.0.210 port 39360 ssh2
May  4 17:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Failed password for root from 14.103.133.104 port 47418 ssh2
May  4 17:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Received disconnect from 14.103.133.104 port 47418:11: Bye Bye [preauth]
May  4 17:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Disconnected from 14.103.133.104 port 47418 [preauth]
May  4 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 218.92.0.210 port 39360 ssh2
May  4 17:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Invalid user login from 168.228.180.12
May  4 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: input_userauth_request: invalid user login [preauth]
May  4 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 218.92.0.210 port 39360 ssh2
May  4 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 39360 ssh2 [preauth]
May  4 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Disconnecting: Too many authentication failures [preauth]
May  4 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 17:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 17:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Failed password for invalid user login from 168.228.180.12 port 20247 ssh2
May  4 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Received disconnect from 168.228.180.12 port 20247:11: Bye Bye [preauth]
May  4 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Disconnected from 168.228.180.12 port 20247 [preauth]
May  4 17:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 17:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Failed password for root from 218.92.0.210 port 20950 ssh2
May  4 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Received disconnect from 218.92.0.210 port 20950:11:  [preauth]
May  4 17:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Disconnected from 218.92.0.210 port 20950 [preauth]
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7752]: pam_unix(cron:session): session closed for user root
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7743]: pam_unix(cron:session): session closed for user p13x
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: Successful su for rubyman by root
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: + ??? root:rubyman
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328722 of user rubyman.
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: pam_unix(su:session): session closed for user rubyman
May  4 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328722.
May  4 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7749]: pam_unix(cron:session): session closed for user root
May  4 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4672]: pam_unix(cron:session): session closed for user root
May  4 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7744]: pam_unix(cron:session): session closed for user samftp
May  4 17:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Invalid user taibabi from 103.52.115.223
May  4 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Failed password for invalid user taibabi from 103.52.115.223 port 33980 ssh2
May  4 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Received disconnect from 103.52.115.223 port 33980:11: Bye Bye [preauth]
May  4 17:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8035]: Disconnected from 103.52.115.223 port 33980 [preauth]
May  4 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session closed for user root
May  4 17:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Invalid user ts3server from 14.103.133.104
May  4 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: input_userauth_request: invalid user ts3server [preauth]
May  4 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Failed password for invalid user ts3server from 14.103.133.104 port 41710 ssh2
May  4 17:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Received disconnect from 14.103.133.104 port 41710:11: Bye Bye [preauth]
May  4 17:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8205]: Disconnected from 14.103.133.104 port 41710 [preauth]
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8218]: pam_unix(cron:session): session closed for user p13x
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: Successful su for rubyman by root
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: + ??? root:rubyman
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328727 of user rubyman.
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8284]: pam_unix(su:session): session closed for user rubyman
May  4 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328727.
May  4 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session closed for user root
May  4 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8219]: pam_unix(cron:session): session closed for user samftp
May  4 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user root
May  4 17:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Invalid user vendas from 168.228.180.12
May  4 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: input_userauth_request: invalid user vendas [preauth]
May  4 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Failed password for invalid user vendas from 168.228.180.12 port 27513 ssh2
May  4 17:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Received disconnect from 168.228.180.12 port 27513:11: Bye Bye [preauth]
May  4 17:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Disconnected from 168.228.180.12 port 27513 [preauth]
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8639]: pam_unix(cron:session): session closed for user p13x
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8711]: Successful su for rubyman by root
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8711]: + ??? root:rubyman
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328731 of user rubyman.
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8711]: pam_unix(su:session): session closed for user rubyman
May  4 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328731.
May  4 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5785]: pam_unix(cron:session): session closed for user root
May  4 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8640]: pam_unix(cron:session): session closed for user samftp
May  4 17:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Invalid user mutua from 14.103.133.104
May  4 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: input_userauth_request: invalid user mutua [preauth]
May  4 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Failed password for invalid user mutua from 14.103.133.104 port 36002 ssh2
May  4 17:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Received disconnect from 14.103.133.104 port 36002:11: Bye Bye [preauth]
May  4 17:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Disconnected from 14.103.133.104 port 36002 [preauth]
May  4 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7751]: pam_unix(cron:session): session closed for user root
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9063]: pam_unix(cron:session): session closed for user p13x
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: Successful su for rubyman by root
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: + ??? root:rubyman
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328736 of user rubyman.
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9214]: pam_unix(su:session): session closed for user rubyman
May  4 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328736.
May  4 17:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6306]: pam_unix(cron:session): session closed for user root
May  4 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9064]: pam_unix(cron:session): session closed for user samftp
May  4 17:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Failed password for root from 164.177.31.66 port 46160 ssh2
May  4 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Received disconnect from 164.177.31.66 port 46160:11: Bye Bye [preauth]
May  4 17:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Disconnected from 164.177.31.66 port 46160 [preauth]
May  4 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Invalid user frappe from 14.103.133.104
May  4 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: input_userauth_request: invalid user frappe [preauth]
May  4 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.133.104
May  4 17:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: Invalid user taibabi from 168.228.180.12
May  4 17:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Failed password for invalid user frappe from 14.103.133.104 port 58532 ssh2
May  4 17:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Received disconnect from 14.103.133.104 port 58532:11: Bye Bye [preauth]
May  4 17:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Disconnected from 14.103.133.104 port 58532 [preauth]
May  4 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: Failed password for invalid user taibabi from 168.228.180.12 port 34435 ssh2
May  4 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: Received disconnect from 168.228.180.12 port 34435:11: Bye Bye [preauth]
May  4 17:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9490]: Disconnected from 168.228.180.12 port 34435 [preauth]
May  4 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8221]: pam_unix(cron:session): session closed for user root
May  4 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9584]: pam_unix(cron:session): session closed for user p13x
May  4 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9645]: Successful su for rubyman by root
May  4 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9645]: + ??? root:rubyman
May  4 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328739 of user rubyman.
May  4 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9645]: pam_unix(su:session): session closed for user rubyman
May  4 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328739.
May  4 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6712]: pam_unix(cron:session): session closed for user root
May  4 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9585]: pam_unix(cron:session): session closed for user samftp
May  4 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8642]: pam_unix(cron:session): session closed for user root
May  4 17:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Invalid user login from 123.252.238.214
May  4 17:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: input_userauth_request: invalid user login [preauth]
May  4 17:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Failed password for invalid user login from 123.252.238.214 port 39308 ssh2
May  4 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Received disconnect from 123.252.238.214 port 39308:11: Bye Bye [preauth]
May  4 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Disconnected from 123.252.238.214 port 39308 [preauth]
May  4 17:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 17:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Failed password for root from 116.118.48.186 port 55848 ssh2
May  4 17:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Received disconnect from 116.118.48.186 port 55848:11: Bye Bye [preauth]
May  4 17:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Disconnected from 116.118.48.186 port 55848 [preauth]
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session closed for user root
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9990]: pam_unix(cron:session): session closed for user p13x
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10062]: Successful su for rubyman by root
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10062]: + ??? root:rubyman
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328745 of user rubyman.
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10062]: pam_unix(su:session): session closed for user rubyman
May  4 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328745.
May  4 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session closed for user root
May  4 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7223]: pam_unix(cron:session): session closed for user root
May  4 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9991]: pam_unix(cron:session): session closed for user samftp
May  4 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Invalid user ebrahim from 168.228.180.12
May  4 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: input_userauth_request: invalid user ebrahim [preauth]
May  4 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for invalid user ebrahim from 168.228.180.12 port 47414 ssh2
May  4 17:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Received disconnect from 168.228.180.12 port 47414:11: Bye Bye [preauth]
May  4 17:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Disconnected from 168.228.180.12 port 47414 [preauth]
May  4 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9067]: pam_unix(cron:session): session closed for user root
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10527]: pam_unix(cron:session): session closed for user p13x
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: Successful su for rubyman by root
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: + ??? root:rubyman
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328749 of user rubyman.
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10603]: pam_unix(su:session): session closed for user rubyman
May  4 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328749.
May  4 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7750]: pam_unix(cron:session): session closed for user root
May  4 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session closed for user samftp
May  4 17:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Failed password for root from 103.52.115.223 port 49034 ssh2
May  4 17:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Received disconnect from 103.52.115.223 port 49034:11: Bye Bye [preauth]
May  4 17:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Disconnected from 103.52.115.223 port 49034 [preauth]
May  4 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9587]: pam_unix(cron:session): session closed for user root
May  4 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10988]: pam_unix(cron:session): session closed for user p13x
May  4 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11051]: Successful su for rubyman by root
May  4 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11051]: + ??? root:rubyman
May  4 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328753 of user rubyman.
May  4 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11051]: pam_unix(su:session): session closed for user rubyman
May  4 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328753.
May  4 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8220]: pam_unix(cron:session): session closed for user root
May  4 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10989]: pam_unix(cron:session): session closed for user samftp
May  4 17:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Invalid user dut from 168.228.180.12
May  4 17:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: input_userauth_request: invalid user dut [preauth]
May  4 17:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Failed password for invalid user dut from 168.228.180.12 port 61388 ssh2
May  4 17:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Received disconnect from 168.228.180.12 port 61388:11: Bye Bye [preauth]
May  4 17:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Disconnected from 168.228.180.12 port 61388 [preauth]
May  4 17:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session closed for user root
May  4 17:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Invalid user ubuntu from 164.177.31.66
May  4 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: input_userauth_request: invalid user ubuntu [preauth]
May  4 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Failed password for invalid user ubuntu from 164.177.31.66 port 35820 ssh2
May  4 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Received disconnect from 164.177.31.66 port 35820:11: Bye Bye [preauth]
May  4 17:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11362]: Disconnected from 164.177.31.66 port 35820 [preauth]
May  4 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11381]: pam_unix(cron:session): session closed for user p13x
May  4 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: Successful su for rubyman by root
May  4 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: + ??? root:rubyman
May  4 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328758 of user rubyman.
May  4 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11441]: pam_unix(su:session): session closed for user rubyman
May  4 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328758.
May  4 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8641]: pam_unix(cron:session): session closed for user root
May  4 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11382]: pam_unix(cron:session): session closed for user samftp
May  4 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session closed for user root
May  4 17:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Invalid user frappe from 168.228.180.12
May  4 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: input_userauth_request: invalid user frappe [preauth]
May  4 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Failed password for invalid user frappe from 168.228.180.12 port 17906 ssh2
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Received disconnect from 168.228.180.12 port 17906:11: Bye Bye [preauth]
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Disconnected from 168.228.180.12 port 17906 [preauth]
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session closed for user p13x
May  4 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: Successful su for rubyman by root
May  4 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: + ??? root:rubyman
May  4 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328763 of user rubyman.
May  4 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: pam_unix(su:session): session closed for user rubyman
May  4 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328763.
May  4 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9066]: pam_unix(cron:session): session closed for user root
May  4 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session closed for user samftp
May  4 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10991]: pam_unix(cron:session): session closed for user root
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session closed for user root
May  4 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user p13x
May  4 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: Successful su for rubyman by root
May  4 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: + ??? root:rubyman
May  4 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328766 of user rubyman.
May  4 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12241]: pam_unix(su:session): session closed for user rubyman
May  4 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328766.
May  4 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user root
May  4 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9586]: pam_unix(cron:session): session closed for user root
May  4 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: Invalid user rajeev from 36.255.8.54
May  4 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: input_userauth_request: invalid user rajeev [preauth]
May  4 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: Failed password for invalid user rajeev from 36.255.8.54 port 54180 ssh2
May  4 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: Received disconnect from 36.255.8.54 port 54180:11: Bye Bye [preauth]
May  4 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12348]: Disconnected from 36.255.8.54 port 54180 [preauth]
May  4 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session closed for user samftp
May  4 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11384]: pam_unix(cron:session): session closed for user root
May  4 17:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Invalid user hengshi from 168.228.180.12
May  4 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: input_userauth_request: invalid user hengshi [preauth]
May  4 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for root from 116.118.48.186 port 32804 ssh2
May  4 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Received disconnect from 116.118.48.186 port 32804:11: Bye Bye [preauth]
May  4 17:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Disconnected from 116.118.48.186 port 32804 [preauth]
May  4 17:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Failed password for invalid user hengshi from 168.228.180.12 port 61425 ssh2
May  4 17:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Received disconnect from 168.228.180.12 port 61425:11: Bye Bye [preauth]
May  4 17:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Disconnected from 168.228.180.12 port 61425 [preauth]
May  4 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12609]: pam_unix(cron:session): session closed for user p13x
May  4 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12673]: Successful su for rubyman by root
May  4 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12673]: + ??? root:rubyman
May  4 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328773 of user rubyman.
May  4 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12673]: pam_unix(su:session): session closed for user rubyman
May  4 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328773.
May  4 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session closed for user root
May  4 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12610]: pam_unix(cron:session): session closed for user samftp
May  4 17:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Invalid user xiaoliang from 176.31.162.135
May  4 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: input_userauth_request: invalid user xiaoliang [preauth]
May  4 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Failed password for invalid user xiaoliang from 176.31.162.135 port 57362 ssh2
May  4 17:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Connection closed by 176.31.162.135 port 57362 [preauth]
May  4 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session closed for user root
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13010]: pam_unix(cron:session): session closed for user p13x
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: Successful su for rubyman by root
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: + ??? root:rubyman
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328775 of user rubyman.
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13076]: pam_unix(su:session): session closed for user rubyman
May  4 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328775.
May  4 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session closed for user root
May  4 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session closed for user samftp
May  4 17:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13298]: Failed password for root from 103.52.115.223 port 37362 ssh2
May  4 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13298]: Received disconnect from 103.52.115.223 port 37362:11: Bye Bye [preauth]
May  4 17:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13298]: Disconnected from 103.52.115.223 port 37362 [preauth]
May  4 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Invalid user lighthouse from 164.177.31.66
May  4 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: input_userauth_request: invalid user lighthouse [preauth]
May  4 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session closed for user root
May  4 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Failed password for invalid user lighthouse from 164.177.31.66 port 41114 ssh2
May  4 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Received disconnect from 164.177.31.66 port 41114:11: Bye Bye [preauth]
May  4 17:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Disconnected from 164.177.31.66 port 41114 [preauth]
May  4 17:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Invalid user hr from 168.228.180.12
May  4 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: input_userauth_request: invalid user hr [preauth]
May  4 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Failed password for invalid user hr from 168.228.180.12 port 28985 ssh2
May  4 17:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Received disconnect from 168.228.180.12 port 28985:11: Bye Bye [preauth]
May  4 17:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Disconnected from 168.228.180.12 port 28985 [preauth]
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session closed for user p13x
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: Successful su for rubyman by root
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: + ??? root:rubyman
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328780 of user rubyman.
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: pam_unix(su:session): session closed for user rubyman
May  4 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328780.
May  4 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10990]: pam_unix(cron:session): session closed for user root
May  4 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session closed for user samftp
May  4 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12612]: pam_unix(cron:session): session closed for user root
May  4 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session closed for user p13x
May  4 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: Successful su for rubyman by root
May  4 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: + ??? root:rubyman
May  4 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328783 of user rubyman.
May  4 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13980]: pam_unix(su:session): session closed for user rubyman
May  4 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328783.
May  4 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11383]: pam_unix(cron:session): session closed for user root
May  4 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session closed for user samftp
May  4 17:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: Invalid user int from 193.70.84.184
May  4 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: input_userauth_request: invalid user int [preauth]
May  4 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 17:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: Failed password for invalid user int from 193.70.84.184 port 40444 ssh2
May  4 17:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14219]: Connection closed by 193.70.84.184 port 40444 [preauth]
May  4 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session closed for user root
May  4 17:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Invalid user souken from 168.228.180.12
May  4 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: input_userauth_request: invalid user souken [preauth]
May  4 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Failed password for invalid user souken from 168.228.180.12 port 20145 ssh2
May  4 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Received disconnect from 168.228.180.12 port 20145:11: Bye Bye [preauth]
May  4 17:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Disconnected from 168.228.180.12 port 20145 [preauth]
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14324]: pam_unix(cron:session): session closed for user root
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user p13x
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: Successful su for rubyman by root
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: + ??? root:rubyman
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328790 of user rubyman.
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14390]: pam_unix(su:session): session closed for user rubyman
May  4 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328790.
May  4 17:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14321]: pam_unix(cron:session): session closed for user root
May  4 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11791]: pam_unix(cron:session): session closed for user root
May  4 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session closed for user samftp
May  4 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session closed for user root
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14754]: pam_unix(cron:session): session closed for user p13x
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: Successful su for rubyman by root
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: + ??? root:rubyman
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328793 of user rubyman.
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14822]: pam_unix(su:session): session closed for user rubyman
May  4 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328793.
May  4 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session closed for user root
May  4 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14755]: pam_unix(cron:session): session closed for user samftp
May  4 17:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: Invalid user mkatsf from 103.167.216.46
May  4 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: input_userauth_request: invalid user mkatsf [preauth]
May  4 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13914]: pam_unix(cron:session): session closed for user root
May  4 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: Failed password for invalid user mkatsf from 103.167.216.46 port 64975 ssh2
May  4 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: Received disconnect from 103.167.216.46 port 64975:11: Bye Bye [preauth]
May  4 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15082]: Disconnected from 103.167.216.46 port 64975 [preauth]
May  4 17:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Invalid user git from 168.228.180.12
May  4 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: input_userauth_request: invalid user git [preauth]
May  4 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Failed password for invalid user git from 168.228.180.12 port 28701 ssh2
May  4 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Received disconnect from 168.228.180.12 port 28701:11: Bye Bye [preauth]
May  4 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Disconnected from 168.228.180.12 port 28701 [preauth]
May  4 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15171]: pam_unix(cron:session): session closed for user p13x
May  4 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: Successful su for rubyman by root
May  4 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: + ??? root:rubyman
May  4 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328798 of user rubyman.
May  4 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: pam_unix(su:session): session closed for user rubyman
May  4 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328798.
May  4 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Failed password for root from 116.118.48.186 port 35962 ssh2
May  4 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Received disconnect from 116.118.48.186 port 35962:11: Bye Bye [preauth]
May  4 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Disconnected from 116.118.48.186 port 35962 [preauth]
May  4 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12611]: pam_unix(cron:session): session closed for user root
May  4 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15172]: pam_unix(cron:session): session closed for user samftp
May  4 17:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Failed password for root from 164.177.31.66 port 46694 ssh2
May  4 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Received disconnect from 164.177.31.66 port 46694:11: Bye Bye [preauth]
May  4 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15414]: Disconnected from 164.177.31.66 port 46694 [preauth]
May  4 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14323]: pam_unix(cron:session): session closed for user root
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session closed for user p13x
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: Successful su for rubyman by root
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: + ??? root:rubyman
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328801 of user rubyman.
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: pam_unix(su:session): session closed for user rubyman
May  4 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328801.
May  4 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session closed for user root
May  4 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session closed for user samftp
May  4 17:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for root from 103.52.115.223 port 51968 ssh2
May  4 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Received disconnect from 103.52.115.223 port 51968:11: Bye Bye [preauth]
May  4 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Disconnected from 103.52.115.223 port 51968 [preauth]
May  4 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14758]: pam_unix(cron:session): session closed for user root
May  4 17:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12  user=root
May  4 17:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Failed password for root from 168.228.180.12 port 48631 ssh2
May  4 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Received disconnect from 168.228.180.12 port 48631:11: Bye Bye [preauth]
May  4 17:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Disconnected from 168.228.180.12 port 48631 [preauth]
May  4 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15958]: pam_unix(cron:session): session closed for user p13x
May  4 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16074]: Successful su for rubyman by root
May  4 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16074]: + ??? root:rubyman
May  4 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328806 of user rubyman.
May  4 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16074]: pam_unix(su:session): session closed for user rubyman
May  4 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328806.
May  4 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
May  4 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session closed for user root
May  4 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15959]: pam_unix(cron:session): session closed for user samftp
May  4 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15174]: pam_unix(cron:session): session closed for user root
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16431]: pam_unix(cron:session): session closed for user root
May  4 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16426]: pam_unix(cron:session): session closed for user p13x
May  4 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: Successful su for rubyman by root
May  4 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: + ??? root:rubyman
May  4 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328812 of user rubyman.
May  4 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16526]: pam_unix(su:session): session closed for user rubyman
May  4 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328812.
May  4 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16428]: pam_unix(cron:session): session closed for user root
May  4 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session closed for user root
May  4 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16427]: pam_unix(cron:session): session closed for user samftp
May  4 17:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Invalid user salma from 103.167.216.46
May  4 17:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: input_userauth_request: invalid user salma [preauth]
May  4 17:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Failed password for invalid user salma from 103.167.216.46 port 7772 ssh2
May  4 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Received disconnect from 103.167.216.46 port 7772:11: Bye Bye [preauth]
May  4 17:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Disconnected from 103.167.216.46 port 7772 [preauth]
May  4 17:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15563]: pam_unix(cron:session): session closed for user root
May  4 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12  user=root
May  4 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Failed password for root from 168.228.180.12 port 27432 ssh2
May  4 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Received disconnect from 168.228.180.12 port 27432:11: Bye Bye [preauth]
May  4 17:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16843]: Disconnected from 168.228.180.12 port 27432 [preauth]
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session closed for user p13x
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: Successful su for rubyman by root
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: + ??? root:rubyman
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328816 of user rubyman.
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17013]: pam_unix(su:session): session closed for user rubyman
May  4 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328816.
May  4 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14322]: pam_unix(cron:session): session closed for user root
May  4 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session closed for user samftp
May  4 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user root
May  4 17:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Failed password for root from 164.177.31.66 port 56372 ssh2
May  4 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Received disconnect from 164.177.31.66 port 56372:11: Bye Bye [preauth]
May  4 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17299]: Disconnected from 164.177.31.66 port 56372 [preauth]
May  4 17:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 17:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Failed password for root from 103.167.216.46 port 15704 ssh2
May  4 17:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Received disconnect from 103.167.216.46 port 15704:11: Bye Bye [preauth]
May  4 17:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Disconnected from 103.167.216.46 port 15704 [preauth]
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17353]: pam_unix(cron:session): session closed for user p13x
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: Successful su for rubyman by root
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: + ??? root:rubyman
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328822 of user rubyman.
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17415]: pam_unix(su:session): session closed for user rubyman
May  4 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328822.
May  4 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Invalid user admin from 36.255.8.54
May  4 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: input_userauth_request: invalid user admin [preauth]
May  4 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14756]: pam_unix(cron:session): session closed for user root
May  4 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Failed password for invalid user admin from 36.255.8.54 port 48604 ssh2
May  4 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Received disconnect from 36.255.8.54 port 48604:11: Bye Bye [preauth]
May  4 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17350]: Disconnected from 36.255.8.54 port 48604 [preauth]
May  4 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17354]: pam_unix(cron:session): session closed for user samftp
May  4 17:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 17:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17657]: Failed password for root from 140.249.188.255 port 36930 ssh2
May  4 17:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17657]: Received disconnect from 140.249.188.255 port 36930:11: Bye Bye [preauth]
May  4 17:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17657]: Disconnected from 140.249.188.255 port 36930 [preauth]
May  4 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Invalid user admin from 168.228.180.12
May  4 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: input_userauth_request: invalid user admin [preauth]
May  4 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16430]: pam_unix(cron:session): session closed for user root
May  4 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Failed password for invalid user admin from 168.228.180.12 port 63553 ssh2
May  4 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Received disconnect from 168.228.180.12 port 63553:11: Bye Bye [preauth]
May  4 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Disconnected from 168.228.180.12 port 63553 [preauth]
May  4 17:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Invalid user xt from 177.182.181.8
May  4 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: input_userauth_request: invalid user xt [preauth]
May  4 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Failed password for invalid user xt from 177.182.181.8 port 48034 ssh2
May  4 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Received disconnect from 177.182.181.8 port 48034:11: Bye Bye [preauth]
May  4 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17780]: Disconnected from 177.182.181.8 port 48034 [preauth]
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17824]: pam_unix(cron:session): session closed for user p13x
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17953]: Successful su for rubyman by root
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17953]: + ??? root:rubyman
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328825 of user rubyman.
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17953]: pam_unix(su:session): session closed for user rubyman
May  4 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328825.
May  4 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15173]: pam_unix(cron:session): session closed for user root
May  4 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user samftp
May  4 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: Invalid user hassan from 116.118.48.186
May  4 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: input_userauth_request: invalid user hassan [preauth]
May  4 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 17:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: Failed password for invalid user hassan from 116.118.48.186 port 58336 ssh2
May  4 17:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: Received disconnect from 116.118.48.186 port 58336:11: Bye Bye [preauth]
May  4 17:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: Disconnected from 116.118.48.186 port 58336 [preauth]
May  4 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session closed for user root
May  4 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Invalid user & from 195.178.110.50
May  4 17:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: input_userauth_request: invalid user & [preauth]
May  4 17:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 17:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Invalid user taibabi from 103.167.216.46
May  4 17:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for invalid user & from 195.178.110.50 port 32768 ssh2
May  4 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Failed password for invalid user taibabi from 103.167.216.46 port 16257 ssh2
May  4 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Received disconnect from 103.167.216.46 port 16257:11: Bye Bye [preauth]
May  4 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Disconnected from 103.167.216.46 port 16257 [preauth]
May  4 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Connection closed by 195.178.110.50 port 32768 [preauth]
May  4 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18308]: pam_unix(cron:session): session closed for user p13x
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18375]: Successful su for rubyman by root
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18375]: + ??? root:rubyman
May  4 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328828 of user rubyman.
May  4 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18375]: pam_unix(su:session): session closed for user rubyman
May  4 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328828.
May  4 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session closed for user root
May  4 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Invalid user Q from 195.178.110.50
May  4 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: input_userauth_request: invalid user Q [preauth]
May  4 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18309]: pam_unix(cron:session): session closed for user samftp
May  4 17:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Failed password for invalid user Q from 195.178.110.50 port 20858 ssh2
May  4 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Connection closed by 195.178.110.50 port 20858 [preauth]
May  4 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: Invalid user | from 195.178.110.50
May  4 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: input_userauth_request: invalid user | [preauth]
May  4 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 17:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: Failed password for invalid user | from 195.178.110.50 port 12046 ssh2
May  4 17:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: Invalid user scm from 168.228.180.12
May  4 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: input_userauth_request: invalid user scm [preauth]
May  4 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18574]: Connection closed by 195.178.110.50 port 12046 [preauth]
May  4 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: Failed password for invalid user scm from 168.228.180.12 port 48217 ssh2
May  4 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: Received disconnect from 168.228.180.12 port 48217:11: Bye Bye [preauth]
May  4 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18626]: Disconnected from 168.228.180.12 port 48217 [preauth]
May  4 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17356]: pam_unix(cron:session): session closed for user root
May  4 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Invalid user emilio from 103.52.115.223
May  4 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: input_userauth_request: invalid user emilio [preauth]
May  4 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Failed password for invalid user emilio from 103.52.115.223 port 57456 ssh2
May  4 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Received disconnect from 103.52.115.223 port 57456:11: Bye Bye [preauth]
May  4 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18669]: Disconnected from 103.52.115.223 port 57456 [preauth]
May  4 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Invalid user I from 195.178.110.50
May  4 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: input_userauth_request: invalid user I [preauth]
May  4 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Failed password for invalid user I from 195.178.110.50 port 9506 ssh2
May  4 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18628]: Connection closed by 195.178.110.50 port 9506 [preauth]
May  4 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user root
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session closed for user p13x
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: Successful su for rubyman by root
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: + ??? root:rubyman
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328834 of user rubyman.
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18803]: pam_unix(su:session): session closed for user rubyman
May  4 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328834.
May  4 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18726]: pam_unix(cron:session): session closed for user root
May  4 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session closed for user root
May  4 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Invalid user t from 195.178.110.50
May  4 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: input_userauth_request: invalid user t [preauth]
May  4 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18725]: pam_unix(cron:session): session closed for user samftp
May  4 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Failed password for invalid user t from 195.178.110.50 port 53018 ssh2
May  4 17:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18702]: Connection closed by 195.178.110.50 port 53018 [preauth]
May  4 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session closed for user root
May  4 17:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Invalid user username from 103.167.216.46
May  4 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: input_userauth_request: invalid user username [preauth]
May  4 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Failed password for invalid user username from 103.167.216.46 port 48788 ssh2
May  4 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Received disconnect from 103.167.216.46 port 48788:11: Bye Bye [preauth]
May  4 17:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19115]: Disconnected from 103.167.216.46 port 48788 [preauth]
May  4 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session closed for user p13x
May  4 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19240]: Successful su for rubyman by root
May  4 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19240]: + ??? root:rubyman
May  4 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328839 of user rubyman.
May  4 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19240]: pam_unix(su:session): session closed for user rubyman
May  4 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328839.
May  4 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16429]: pam_unix(cron:session): session closed for user root
May  4 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session closed for user samftp
May  4 17:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Failed password for root from 164.177.31.66 port 48156 ssh2
May  4 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Received disconnect from 164.177.31.66 port 48156:11: Bye Bye [preauth]
May  4 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19454]: Disconnected from 164.177.31.66 port 48156 [preauth]
May  4 17:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12  user=root
May  4 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Failed password for root from 168.228.180.12 port 16365 ssh2
May  4 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Received disconnect from 168.228.180.12 port 16365:11: Bye Bye [preauth]
May  4 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Disconnected from 168.228.180.12 port 16365 [preauth]
May  4 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18311]: pam_unix(cron:session): session closed for user root
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session closed for user p13x
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19660]: Successful su for rubyman by root
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19660]: + ??? root:rubyman
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328843 of user rubyman.
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19660]: pam_unix(su:session): session closed for user rubyman
May  4 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328843.
May  4 17:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user root
May  4 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session closed for user samftp
May  4 17:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 17:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Failed password for root from 103.167.216.46 port 42796 ssh2
May  4 17:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Received disconnect from 103.167.216.46 port 42796:11: Bye Bye [preauth]
May  4 17:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19879]: Disconnected from 103.167.216.46 port 42796 [preauth]
May  4 17:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: Invalid user scm from 123.252.238.214
May  4 17:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: input_userauth_request: invalid user scm [preauth]
May  4 17:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: Failed password for invalid user scm from 123.252.238.214 port 34234 ssh2
May  4 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: Received disconnect from 123.252.238.214 port 34234:11: Bye Bye [preauth]
May  4 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19921]: Disconnected from 123.252.238.214 port 34234 [preauth]
May  4 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18729]: pam_unix(cron:session): session closed for user root
May  4 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session closed for user p13x
May  4 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: Successful su for rubyman by root
May  4 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: + ??? root:rubyman
May  4 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328847 of user rubyman.
May  4 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20082]: pam_unix(su:session): session closed for user rubyman
May  4 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328847.
May  4 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17355]: pam_unix(cron:session): session closed for user root
May  4 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session closed for user samftp
May  4 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12  user=root
May  4 17:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Failed password for root from 168.228.180.12 port 16070 ssh2
May  4 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Received disconnect from 168.228.180.12 port 16070:11: Bye Bye [preauth]
May  4 17:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20315]: Disconnected from 168.228.180.12 port 16070 [preauth]
May  4 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session closed for user root
May  4 17:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session closed for user p13x
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: Successful su for rubyman by root
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: + ??? root:rubyman
May  4 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328850 of user rubyman.
May  4 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: pam_unix(su:session): session closed for user rubyman
May  4 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328850.
May  4 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Failed password for root from 103.167.216.46 port 59039 ssh2
May  4 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Received disconnect from 103.167.216.46 port 59039:11: Bye Bye [preauth]
May  4 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Disconnected from 103.167.216.46 port 59039 [preauth]
May  4 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session closed for user root
May  4 17:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session closed for user samftp
May  4 17:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Invalid user ubuntu from 116.118.48.186
May  4 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: input_userauth_request: invalid user ubuntu [preauth]
May  4 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 17:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Failed password for invalid user ubuntu from 116.118.48.186 port 51182 ssh2
May  4 17:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Received disconnect from 116.118.48.186 port 51182:11: Bye Bye [preauth]
May  4 17:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Disconnected from 116.118.48.186 port 51182 [preauth]
May  4 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19591]: pam_unix(cron:session): session closed for user root
May  4 17:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: User john from 50.235.31.47 not allowed because not listed in AllowUsers
May  4 17:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: input_userauth_request: invalid user john [preauth]
May  4 17:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=john
May  4 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Failed password for invalid user john from 50.235.31.47 port 36918 ssh2
May  4 17:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Connection closed by 50.235.31.47 port 36918 [preauth]
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session closed for user p13x
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: Successful su for rubyman by root
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: + ??? root:rubyman
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328858 of user rubyman.
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20903]: pam_unix(su:session): session closed for user rubyman
May  4 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328858.
May  4 17:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user root
May  4 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18310]: pam_unix(cron:session): session closed for user root
May  4 17:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user samftp
May  4 17:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Invalid user data from 168.228.180.12
May  4 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: input_userauth_request: invalid user data [preauth]
May  4 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Failed password for invalid user data from 168.228.180.12 port 47189 ssh2
May  4 17:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Received disconnect from 168.228.180.12 port 47189:11: Bye Bye [preauth]
May  4 17:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Disconnected from 168.228.180.12 port 47189 [preauth]
May  4 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20018]: pam_unix(cron:session): session closed for user root
May  4 17:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 17:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for root from 218.92.0.204 port 53850 ssh2
May  4 17:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 53850 ssh2]
May  4 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 17:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for root from 218.92.0.204 port 53850 ssh2
May  4 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: Failed password for root from 103.52.115.223 port 55796 ssh2
May  4 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: Received disconnect from 103.52.115.223 port 55796:11: Bye Bye [preauth]
May  4 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: Disconnected from 103.52.115.223 port 55796 [preauth]
May  4 17:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Failed password for root from 103.167.216.46 port 29697 ssh2
May  4 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Received disconnect from 103.167.216.46 port 29697:11: Bye Bye [preauth]
May  4 17:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21271]: Disconnected from 103.167.216.46 port 29697 [preauth]
May  4 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for root from 218.92.0.204 port 53850 ssh2
May  4 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 53850 ssh2 [preauth]
May  4 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Disconnecting: Too many authentication failures [preauth]
May  4 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66  user=root
May  4 17:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 17:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Failed password for root from 164.177.31.66 port 55366 ssh2
May  4 17:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Received disconnect from 164.177.31.66 port 55366:11: Bye Bye [preauth]
May  4 17:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21294]: Disconnected from 164.177.31.66 port 55366 [preauth]
May  4 17:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21308]: Did not receive identification string from 193.32.162.139
May  4 17:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Failed password for root from 218.92.0.204 port 45328 ssh2
May  4 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session closed for user p13x
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21388]: Successful su for rubyman by root
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21388]: + ??? root:rubyman
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328860 of user rubyman.
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21388]: pam_unix(su:session): session closed for user rubyman
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328860.
May  4 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Failed password for root from 218.92.0.204 port 45328 ssh2
May  4 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18728]: pam_unix(cron:session): session closed for user root
May  4 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Failed password for root from 218.92.0.204 port 45328 ssh2
May  4 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21321]: pam_unix(cron:session): session closed for user samftp
May  4 17:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Failed password for root from 218.92.0.204 port 45328 ssh2
May  4 17:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 45328 ssh2]
May  4 17:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 45328 ssh2 [preauth]
May  4 17:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: Disconnecting: Too many authentication failures [preauth]
May  4 17:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 17:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21296]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 17:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  4 17:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Failed password for root from 218.92.0.204 port 29032 ssh2
May  4 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Received disconnect from 218.92.0.204 port 29032:11:  [preauth]
May  4 17:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Disconnected from 218.92.0.204 port 29032 [preauth]
May  4 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session closed for user root
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21850]: pam_unix(cron:session): session closed for user p13x
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22102]: Successful su for rubyman by root
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22102]: + ??? root:rubyman
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328865 of user rubyman.
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22102]: pam_unix(su:session): session closed for user rubyman
May  4 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328865.
May  4 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session closed for user root
May  4 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21851]: pam_unix(cron:session): session closed for user samftp
May  4 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: Invalid user admin from 139.19.117.131
May  4 17:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: input_userauth_request: invalid user admin [preauth]
May  4 17:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22323]: Connection closed by 139.19.117.131 port 51570 [preauth]
May  4 17:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Invalid user dima from 168.228.180.12
May  4 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: input_userauth_request: invalid user dima [preauth]
May  4 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Failed password for invalid user dima from 168.228.180.12 port 16161 ssh2
May  4 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Received disconnect from 168.228.180.12 port 16161:11: Bye Bye [preauth]
May  4 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Disconnected from 168.228.180.12 port 16161 [preauth]
May  4 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user root
May  4 17:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 17:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Failed password for root from 103.167.216.46 port 27659 ssh2
May  4 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Received disconnect from 103.167.216.46 port 27659:11: Bye Bye [preauth]
May  4 17:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22450]: Disconnected from 103.167.216.46 port 27659 [preauth]
May  4 17:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Invalid user taibabi from 177.182.181.8
May  4 17:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 17:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Failed password for invalid user taibabi from 177.182.181.8 port 51162 ssh2
May  4 17:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Received disconnect from 177.182.181.8 port 51162:11: Bye Bye [preauth]
May  4 17:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22453]: Disconnected from 177.182.181.8 port 51162 [preauth]
May  4 17:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: Invalid user ebrahim from 123.252.238.214
May  4 17:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: input_userauth_request: invalid user ebrahim [preauth]
May  4 17:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 17:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: Failed password for invalid user ebrahim from 123.252.238.214 port 59450 ssh2
May  4 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: Received disconnect from 123.252.238.214 port 59450:11: Bye Bye [preauth]
May  4 17:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22498]: Disconnected from 123.252.238.214 port 59450 [preauth]
May  4 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Failed password for root from 80.94.95.125 port 55690 ssh2
May  4 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Failed password for root from 80.94.95.125 port 55690 ssh2
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session closed for user p13x
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: Successful su for rubyman by root
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: + ??? root:rubyman
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328869 of user rubyman.
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22586]: pam_unix(su:session): session closed for user rubyman
May  4 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328869.
May  4 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Failed password for root from 80.94.95.125 port 55690 ssh2
May  4 17:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19590]: pam_unix(cron:session): session closed for user root
May  4 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Failed password for root from 80.94.95.125 port 55690 ssh2
May  4 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22515]: pam_unix(cron:session): session closed for user samftp
May  4 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Failed password for root from 80.94.95.125 port 55690 ssh2
May  4 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Received disconnect from 80.94.95.125 port 55690:11: Bye [preauth]
May  4 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: Disconnected from 80.94.95.125 port 55690 [preauth]
May  4 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22500]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user root
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22989]: pam_unix(cron:session): session closed for user p13x
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23050]: Successful su for rubyman by root
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23050]: + ??? root:rubyman
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328874 of user rubyman.
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23050]: pam_unix(su:session): session closed for user rubyman
May  4 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328874.
May  4 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session closed for user root
May  4 17:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22990]: pam_unix(cron:session): session closed for user samftp
May  4 17:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: Invalid user taibabi from 168.228.180.12
May  4 17:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: Failed password for invalid user taibabi from 168.228.180.12 port 48421 ssh2
May  4 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: Received disconnect from 168.228.180.12 port 48421:11: Bye Bye [preauth]
May  4 17:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23278]: Disconnected from 168.228.180.12 port 48421 [preauth]
May  4 17:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 17:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Failed password for root from 103.167.216.46 port 5957 ssh2
May  4 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Received disconnect from 103.167.216.46 port 5957:11: Bye Bye [preauth]
May  4 17:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23288]: Disconnected from 103.167.216.46 port 5957 [preauth]
May  4 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21855]: pam_unix(cron:session): session closed for user root
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23497]: pam_unix(cron:session): session closed for user root
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23492]: pam_unix(cron:session): session closed for user p13x
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23561]: Successful su for rubyman by root
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23561]: + ??? root:rubyman
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328877 of user rubyman.
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23561]: pam_unix(su:session): session closed for user rubyman
May  4 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328877.
May  4 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23494]: pam_unix(cron:session): session closed for user root
May  4 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session closed for user root
May  4 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23493]: pam_unix(cron:session): session closed for user samftp
May  4 17:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Invalid user iptv from 116.118.48.186
May  4 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: input_userauth_request: invalid user iptv [preauth]
May  4 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Failed password for invalid user iptv from 116.118.48.186 port 43108 ssh2
May  4 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Received disconnect from 116.118.48.186 port 43108:11: Bye Bye [preauth]
May  4 17:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23877]: Disconnected from 116.118.48.186 port 43108 [preauth]
May  4 17:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Invalid user zhangyx from 164.177.31.66
May  4 17:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: input_userauth_request: invalid user zhangyx [preauth]
May  4 17:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.177.31.66
May  4 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22517]: pam_unix(cron:session): session closed for user root
May  4 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Failed password for invalid user zhangyx from 164.177.31.66 port 58132 ssh2
May  4 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Received disconnect from 164.177.31.66 port 58132:11: Bye Bye [preauth]
May  4 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Disconnected from 164.177.31.66 port 58132 [preauth]
May  4 17:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23909]: Connection closed by 130.195.9.170 port 52764 [preauth]
May  4 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Invalid user jenkins from 46.244.96.25
May  4 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: input_userauth_request: invalid user jenkins [preauth]
May  4 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Failed password for invalid user jenkins from 46.244.96.25 port 34018 ssh2
May  4 17:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24051]: Connection closed by 46.244.96.25 port 34018 [preauth]
May  4 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session closed for user p13x
May  4 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: Successful su for rubyman by root
May  4 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: + ??? root:rubyman
May  4 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328883 of user rubyman.
May  4 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24128]: pam_unix(su:session): session closed for user rubyman
May  4 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328883.
May  4 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
May  4 17:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24063]: pam_unix(cron:session): session closed for user samftp
May  4 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Invalid user user1 from 168.228.180.12
May  4 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: input_userauth_request: invalid user user1 [preauth]
May  4 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: Invalid user dima from 103.167.216.46
May  4 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: input_userauth_request: invalid user dima [preauth]
May  4 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Failed password for invalid user user1 from 168.228.180.12 port 27313 ssh2
May  4 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Received disconnect from 168.228.180.12 port 27313:11: Bye Bye [preauth]
May  4 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Disconnected from 168.228.180.12 port 27313 [preauth]
May  4 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: Failed password for invalid user dima from 103.167.216.46 port 45845 ssh2
May  4 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: Received disconnect from 103.167.216.46 port 45845:11: Bye Bye [preauth]
May  4 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24350]: Disconnected from 103.167.216.46 port 45845 [preauth]
May  4 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22992]: pam_unix(cron:session): session closed for user root
May  4 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Failed password for root from 103.52.115.223 port 32950 ssh2
May  4 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Received disconnect from 103.52.115.223 port 32950:11: Bye Bye [preauth]
May  4 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Disconnected from 103.52.115.223 port 32950 [preauth]
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session closed for user p13x
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24576]: Successful su for rubyman by root
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24576]: + ??? root:rubyman
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328887 of user rubyman.
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24576]: pam_unix(su:session): session closed for user rubyman
May  4 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328887.
May  4 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session closed for user root
May  4 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24509]: pam_unix(cron:session): session closed for user samftp
May  4 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23496]: pam_unix(cron:session): session closed for user root
May  4 17:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Did not receive identification string from 193.32.162.131
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user p13x
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24990]: Successful su for rubyman by root
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24990]: + ??? root:rubyman
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328891 of user rubyman.
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24990]: pam_unix(su:session): session closed for user rubyman
May  4 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328891.
May  4 17:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21854]: pam_unix(cron:session): session closed for user root
May  4 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session closed for user samftp
May  4 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Invalid user ftpuser from 103.167.216.46
May  4 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: input_userauth_request: invalid user ftpuser [preauth]
May  4 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Failed password for invalid user ftpuser from 103.167.216.46 port 7287 ssh2
May  4 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Received disconnect from 103.167.216.46 port 7287:11: Bye Bye [preauth]
May  4 17:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25176]: Disconnected from 103.167.216.46 port 7287 [preauth]
May  4 17:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12  user=root
May  4 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Failed password for root from 168.228.180.12 port 48531 ssh2
May  4 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Received disconnect from 168.228.180.12 port 48531:11: Bye Bye [preauth]
May  4 17:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Disconnected from 168.228.180.12 port 48531 [preauth]
May  4 17:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Invalid user sunny from 36.255.8.54
May  4 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: input_userauth_request: invalid user sunny [preauth]
May  4 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 17:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Failed password for invalid user sunny from 36.255.8.54 port 40346 ssh2
May  4 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Received disconnect from 36.255.8.54 port 40346:11: Bye Bye [preauth]
May  4 17:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Disconnected from 36.255.8.54 port 40346 [preauth]
May  4 17:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Invalid user ct from 177.182.181.8
May  4 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: input_userauth_request: invalid user ct [preauth]
May  4 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Failed password for invalid user ct from 177.182.181.8 port 54774 ssh2
May  4 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Received disconnect from 177.182.181.8 port 54774:11: Bye Bye [preauth]
May  4 17:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25240]: Disconnected from 177.182.181.8 port 54774 [preauth]
May  4 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24065]: pam_unix(cron:session): session closed for user root
May  4 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session closed for user p13x
May  4 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25415]: Successful su for rubyman by root
May  4 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25415]: + ??? root:rubyman
May  4 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328895 of user rubyman.
May  4 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25415]: pam_unix(su:session): session closed for user rubyman
May  4 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328895.
May  4 17:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22516]: pam_unix(cron:session): session closed for user root
May  4 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session closed for user samftp
May  4 17:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24511]: pam_unix(cron:session): session closed for user root
May  4 17:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: Invalid user taibabi from 103.167.216.46
May  4 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: input_userauth_request: invalid user taibabi [preauth]
May  4 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: pam_unix(sshd:auth): check pass; user unknown
May  4 17:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 17:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: Failed password for invalid user taibabi from 103.167.216.46 port 2982 ssh2
May  4 17:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: Received disconnect from 103.167.216.46 port 2982:11: Bye Bye [preauth]
May  4 17:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25735]: Disconnected from 103.167.216.46 port 2982 [preauth]
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session closed for user root
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user root
May  4 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session closed for user p13x
May  4 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25844]: Successful su for rubyman by root
May  4 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25844]: + ??? root:rubyman
May  4 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328904 of user rubyman.
May  4 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25844]: pam_unix(su:session): session closed for user rubyman
May  4 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328904.
May  4 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22991]: pam_unix(cron:session): session closed for user root
May  4 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25758]: pam_unix(cron:session): session closed for user root
May  4 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: Invalid user sunny from 168.228.180.12
May  4 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: input_userauth_request: invalid user sunny [preauth]
May  4 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.180.12
May  4 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session closed for user samftp
May  4 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: Failed password for invalid user sunny from 168.228.180.12 port 20459 ssh2
May  4 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: Received disconnect from 168.228.180.12 port 20459:11: Bye Bye [preauth]
May  4 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26000]: Disconnected from 168.228.180.12 port 20459 [preauth]
May  4 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session closed for user root
May  4 18:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session closed for user p13x
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: Successful su for rubyman by root
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: + ??? root:rubyman
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328907 of user rubyman.
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26313]: pam_unix(su:session): session closed for user rubyman
May  4 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328907.
May  4 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23495]: pam_unix(cron:session): session closed for user root
May  4 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26250]: pam_unix(cron:session): session closed for user samftp
May  4 18:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 18:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for root from 116.118.48.186 port 57964 ssh2
May  4 18:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Received disconnect from 116.118.48.186 port 57964:11: Bye Bye [preauth]
May  4 18:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Disconnected from 116.118.48.186 port 57964 [preauth]
May  4 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session closed for user root
May  4 18:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Invalid user frontend from 103.167.216.46
May  4 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: input_userauth_request: invalid user frontend [preauth]
May  4 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Failed password for invalid user frontend from 103.167.216.46 port 42673 ssh2
May  4 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Received disconnect from 103.167.216.46 port 42673:11: Bye Bye [preauth]
May  4 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Disconnected from 103.167.216.46 port 42673 [preauth]
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26740]: pam_unix(cron:session): session closed for user p13x
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: Successful su for rubyman by root
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: + ??? root:rubyman
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328910 of user rubyman.
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26803]: pam_unix(su:session): session closed for user rubyman
May  4 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328910.
May  4 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24064]: pam_unix(cron:session): session closed for user root
May  4 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session closed for user samftp
May  4 18:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session closed for user root
May  4 18:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27135]: Failed password for root from 190.103.202.7 port 54778 ssh2
May  4 18:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27135]: Connection closed by 190.103.202.7 port 54778 [preauth]
May  4 18:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Invalid user ubuntu from 103.52.115.223
May  4 18:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session closed for user p13x
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: Successful su for rubyman by root
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: + ??? root:rubyman
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328916 of user rubyman.
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27271]: pam_unix(su:session): session closed for user rubyman
May  4 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328916.
May  4 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Failed password for invalid user ubuntu from 103.52.115.223 port 38204 ssh2
May  4 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Received disconnect from 103.52.115.223 port 38204:11: Bye Bye [preauth]
May  4 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27203]: Disconnected from 103.52.115.223 port 38204 [preauth]
May  4 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24510]: pam_unix(cron:session): session closed for user root
May  4 18:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session closed for user samftp
May  4 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Invalid user ms from 103.167.216.46
May  4 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: input_userauth_request: invalid user ms [preauth]
May  4 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Failed password for invalid user ms from 103.167.216.46 port 23398 ssh2
May  4 18:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Received disconnect from 103.167.216.46 port 23398:11: Bye Bye [preauth]
May  4 18:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Disconnected from 103.167.216.46 port 23398 [preauth]
May  4 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session closed for user root
May  4 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Invalid user user1 from 36.255.8.54
May  4 18:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: input_userauth_request: invalid user user1 [preauth]
May  4 18:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 18:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Failed password for invalid user user1 from 36.255.8.54 port 40190 ssh2
May  4 18:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Received disconnect from 36.255.8.54 port 40190:11: Bye Bye [preauth]
May  4 18:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Disconnected from 36.255.8.54 port 40190 [preauth]
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session closed for user p13x
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: Successful su for rubyman by root
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: + ??? root:rubyman
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328917 of user rubyman.
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: pam_unix(su:session): session closed for user rubyman
May  4 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328917.
May  4 18:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user root
May  4 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27668]: pam_unix(cron:session): session closed for user samftp
May  4 18:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 18:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Failed password for root from 177.182.181.8 port 37240 ssh2
May  4 18:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Received disconnect from 177.182.181.8 port 37240:11: Bye Bye [preauth]
May  4 18:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Disconnected from 177.182.181.8 port 37240 [preauth]
May  4 18:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session closed for user root
May  4 18:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session closed for user root
May  4 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28078]: pam_unix(cron:session): session closed for user p13x
May  4 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: Successful su for rubyman by root
May  4 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: + ??? root:rubyman
May  4 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328925 of user rubyman.
May  4 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28148]: pam_unix(su:session): session closed for user rubyman
May  4 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328925.
May  4 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session closed for user root
May  4 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28081]: pam_unix(cron:session): session closed for user root
May  4 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28080]: pam_unix(cron:session): session closed for user samftp
May  4 18:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28358]: Failed password for root from 103.167.216.46 port 39344 ssh2
May  4 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28358]: Received disconnect from 103.167.216.46 port 39344:11: Bye Bye [preauth]
May  4 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28358]: Disconnected from 103.167.216.46 port 39344 [preauth]
May  4 18:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27209]: pam_unix(cron:session): session closed for user root
May  4 18:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28029]: Connection closed by 130.195.9.170 port 42990 [preauth]
May  4 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session closed for user p13x
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28580]: Successful su for rubyman by root
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28580]: + ??? root:rubyman
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328928 of user rubyman.
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28580]: pam_unix(su:session): session closed for user rubyman
May  4 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328928.
May  4 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25759]: pam_unix(cron:session): session closed for user root
May  4 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user samftp
May  4 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session closed for user root
May  4 18:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=root
May  4 18:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Failed password for root from 103.167.216.46 port 16604 ssh2
May  4 18:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Received disconnect from 103.167.216.46 port 16604:11: Bye Bye [preauth]
May  4 18:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28913]: Disconnected from 103.167.216.46 port 16604 [preauth]
May  4 18:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Connection closed by 130.195.9.170 port 56782 [preauth]
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28926]: pam_unix(cron:session): session closed for user p13x
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28986]: Successful su for rubyman by root
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28986]: + ??? root:rubyman
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328933 of user rubyman.
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28986]: pam_unix(su:session): session closed for user rubyman
May  4 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328933.
May  4 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26251]: pam_unix(cron:session): session closed for user root
May  4 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28927]: pam_unix(cron:session): session closed for user samftp
May  4 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Invalid user frappe from 116.118.48.186
May  4 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: input_userauth_request: invalid user frappe [preauth]
May  4 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user frappe from 116.118.48.186 port 53902 ssh2
May  4 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Received disconnect from 116.118.48.186 port 53902:11: Bye Bye [preauth]
May  4 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Disconnected from 116.118.48.186 port 53902 [preauth]
May  4 18:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28083]: pam_unix(cron:session): session closed for user root
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session closed for user p13x
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: Successful su for rubyman by root
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: + ??? root:rubyman
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328936 of user rubyman.
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29505]: pam_unix(su:session): session closed for user rubyman
May  4 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328936.
May  4 18:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session closed for user root
May  4 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29440]: pam_unix(cron:session): session closed for user samftp
May  4 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user root
May  4 18:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Invalid user erpnext from 103.167.216.46
May  4 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: input_userauth_request: invalid user erpnext [preauth]
May  4 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Failed password for invalid user erpnext from 103.167.216.46 port 55688 ssh2
May  4 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Received disconnect from 103.167.216.46 port 55688:11: Bye Bye [preauth]
May  4 18:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29792]: Disconnected from 103.167.216.46 port 55688 [preauth]
May  4 18:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29315]: Connection closed by 130.195.9.170 port 59560 [preauth]
May  4 18:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Invalid user frappe from 123.252.238.214
May  4 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: input_userauth_request: invalid user frappe [preauth]
May  4 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for invalid user frappe from 123.252.238.214 port 56200 ssh2
May  4 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Received disconnect from 123.252.238.214 port 56200:11: Bye Bye [preauth]
May  4 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Disconnected from 123.252.238.214 port 56200 [preauth]
May  4 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session closed for user p13x
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29960]: Successful su for rubyman by root
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29960]: + ??? root:rubyman
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328939 of user rubyman.
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29960]: pam_unix(su:session): session closed for user rubyman
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328939.
May  4 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user root
May  4 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27208]: pam_unix(cron:session): session closed for user root
May  4 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29848]: pam_unix(cron:session): session closed for user samftp
May  4 18:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: Failed password for root from 103.52.115.223 port 40180 ssh2
May  4 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: Received disconnect from 103.52.115.223 port 40180:11: Bye Bye [preauth]
May  4 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30198]: Disconnected from 103.52.115.223 port 40180 [preauth]
May  4 18:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Did not receive identification string from 123.200.20.14
May  4 18:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30241]: Connection closed by 123.200.20.14 port 23040 [preauth]
May  4 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28929]: pam_unix(cron:session): session closed for user root
May  4 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Invalid user factorio from 152.32.190.168
May  4 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: input_userauth_request: invalid user factorio [preauth]
May  4 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Failed password for invalid user factorio from 152.32.190.168 port 51350 ssh2
May  4 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Connection closed by 123.200.20.14 port 23048 [preauth]
May  4 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Received disconnect from 152.32.190.168 port 51350:11: Bye Bye [preauth]
May  4 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Disconnected from 152.32.190.168 port 51350 [preauth]
May  4 18:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30291]: Connection closed by 123.200.20.14 port 58210 [preauth]
May  4 18:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14  user=root
May  4 18:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Failed password for root from 123.200.20.14 port 38570 ssh2
May  4 18:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Connection closed by 123.200.20.14 port 38570 [preauth]
May  4 18:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Invalid user postgres from 123.200.20.14
May  4 18:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: input_userauth_request: invalid user postgres [preauth]
May  4 18:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Failed password for invalid user postgres from 123.200.20.14 port 38580 ssh2
May  4 18:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Connection closed by 123.200.20.14 port 38580 [preauth]
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30356]: pam_unix(cron:session): session closed for user root
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session closed for user p13x
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: Successful su for rubyman by root
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: + ??? root:rubyman
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328946 of user rubyman.
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30421]: pam_unix(su:session): session closed for user rubyman
May  4 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328946.
May  4 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Invalid user user from 123.200.20.14
May  4 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: input_userauth_request: invalid user user [preauth]
May  4 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30353]: pam_unix(cron:session): session closed for user root
May  4 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27669]: pam_unix(cron:session): session closed for user root
May  4 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Failed password for invalid user user from 123.200.20.14 port 17506 ssh2
May  4 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Connection closed by 123.200.20.14 port 17506 [preauth]
May  4 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session closed for user samftp
May  4 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: Invalid user pi from 123.200.20.14
May  4 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: input_userauth_request: invalid user pi [preauth]
May  4 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: Failed password for invalid user pi from 123.200.20.14 port 43608 ssh2
May  4 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30579]: Connection closed by 123.200.20.14 port 43608 [preauth]
May  4 18:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for root from 177.182.181.8 port 55788 ssh2
May  4 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Received disconnect from 177.182.181.8 port 55788:11: Bye Bye [preauth]
May  4 18:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Disconnected from 177.182.181.8 port 55788 [preauth]
May  4 18:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Invalid user test from 123.200.20.14
May  4 18:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: input_userauth_request: invalid user test [preauth]
May  4 18:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Failed password for invalid user test from 123.200.20.14 port 43618 ssh2
May  4 18:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30644]: Connection closed by 123.200.20.14 port 43618 [preauth]
May  4 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Invalid user deploy from 123.200.20.14
May  4 18:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: input_userauth_request: invalid user deploy [preauth]
May  4 18:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Failed password for invalid user deploy from 123.200.20.14 port 56524 ssh2
May  4 18:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Connection closed by 123.200.20.14 port 56524 [preauth]
May  4 18:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Invalid user oracle from 123.200.20.14
May  4 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: input_userauth_request: invalid user oracle [preauth]
May  4 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Failed password for invalid user oracle from 123.200.20.14 port 24360 ssh2
May  4 18:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Connection closed by 123.200.20.14 port 24360 [preauth]
May  4 18:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: Invalid user dima from 45.95.233.112
May  4 18:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: input_userauth_request: invalid user dima [preauth]
May  4 18:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Invalid user uno85 from 103.167.216.46
May  4 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: input_userauth_request: invalid user uno85 [preauth]
May  4 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29443]: pam_unix(cron:session): session closed for user root
May  4 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Invalid user steam from 123.200.20.14
May  4 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: input_userauth_request: invalid user steam [preauth]
May  4 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: Failed password for invalid user dima from 45.95.233.112 port 55536 ssh2
May  4 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: Received disconnect from 45.95.233.112 port 55536:11: Bye Bye [preauth]
May  4 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30712]: Disconnected from 45.95.233.112 port 55536 [preauth]
May  4 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Failed password for invalid user uno85 from 103.167.216.46 port 10831 ssh2
May  4 18:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Received disconnect from 103.167.216.46 port 10831:11: Bye Bye [preauth]
May  4 18:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30714]: Disconnected from 103.167.216.46 port 10831 [preauth]
May  4 18:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Failed password for invalid user steam from 123.200.20.14 port 24370 ssh2
May  4 18:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30710]: Connection closed by 123.200.20.14 port 24370 [preauth]
May  4 18:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Invalid user odoo from 123.200.20.14
May  4 18:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: input_userauth_request: invalid user odoo [preauth]
May  4 18:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Failed password for invalid user odoo from 123.200.20.14 port 36696 ssh2
May  4 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30746]: Connection closed by 123.200.20.14 port 36696 [preauth]
May  4 18:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: Invalid user ubuntu from 123.200.20.14
May  4 18:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: Failed password for invalid user ubuntu from 123.200.20.14 port 36722 ssh2
May  4 18:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30762]: Connection closed by 123.200.20.14 port 36722 [preauth]
May  4 18:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: Invalid user user from 123.200.20.14
May  4 18:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: input_userauth_request: invalid user user [preauth]
May  4 18:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: Failed password for invalid user user from 123.200.20.14 port 40704 ssh2
May  4 18:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30785]: Connection closed by 123.200.20.14 port 40704 [preauth]
May  4 18:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Invalid user admin from 123.200.20.14
May  4 18:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: input_userauth_request: invalid user admin [preauth]
May  4 18:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Failed password for invalid user admin from 123.200.20.14 port 28564 ssh2
May  4 18:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30796]: Connection closed by 123.200.20.14 port 28564 [preauth]
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30816]: pam_unix(cron:session): session closed for user p13x
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: Successful su for rubyman by root
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: + ??? root:rubyman
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328950 of user rubyman.
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30889]: pam_unix(su:session): session closed for user rubyman
May  4 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328950.
May  4 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Invalid user test from 123.200.20.14
May  4 18:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: input_userauth_request: invalid user test [preauth]
May  4 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28082]: pam_unix(cron:session): session closed for user root
May  4 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session closed for user samftp
May  4 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Failed password for invalid user test from 123.200.20.14 port 28572 ssh2
May  4 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30887]: Connection closed by 123.200.20.14 port 28572 [preauth]
May  4 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Invalid user oracle from 123.200.20.14
May  4 18:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: input_userauth_request: invalid user oracle [preauth]
May  4 18:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Failed password for invalid user oracle from 123.200.20.14 port 9162 ssh2
May  4 18:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31079]: Connection closed by 123.200.20.14 port 9162 [preauth]
May  4 18:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Invalid user deploy from 123.200.20.14
May  4 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: input_userauth_request: invalid user deploy [preauth]
May  4 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user deploy from 123.200.20.14 port 9178 ssh2
May  4 18:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Connection closed by 123.200.20.14 port 9178 [preauth]
May  4 18:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: Invalid user cs2 from 123.200.20.14
May  4 18:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: input_userauth_request: invalid user cs2 [preauth]
May  4 18:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: Failed password for invalid user cs2 from 123.200.20.14 port 48610 ssh2
May  4 18:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31104]: Connection closed by 123.200.20.14 port 48610 [preauth]
May  4 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Invalid user minecraft from 123.200.20.14
May  4 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: input_userauth_request: invalid user minecraft [preauth]
May  4 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Failed password for invalid user minecraft from 123.200.20.14 port 48620 ssh2
May  4 18:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31114]: Connection closed by 123.200.20.14 port 48620 [preauth]
May  4 18:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Invalid user steam from 123.200.20.14
May  4 18:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: input_userauth_request: invalid user steam [preauth]
May  4 18:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.200.20.14
May  4 18:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Failed password for invalid user steam from 123.200.20.14 port 48634 ssh2
May  4 18:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Connection closed by 123.200.20.14 port 48634 [preauth]
May  4 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29851]: pam_unix(cron:session): session closed for user root
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session closed for user p13x
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31301]: Successful su for rubyman by root
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31301]: + ??? root:rubyman
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328955 of user rubyman.
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31301]: pam_unix(su:session): session closed for user rubyman
May  4 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328955.
May  4 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user root
May  4 18:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session closed for user samftp
May  4 18:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 18:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: Failed password for root from 164.68.105.9 port 44208 ssh2
May  4 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31500]: Connection closed by 164.68.105.9 port 44208 [preauth]
May  4 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Invalid user zahir from 103.167.216.46
May  4 18:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: input_userauth_request: invalid user zahir [preauth]
May  4 18:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Failed password for invalid user zahir from 103.167.216.46 port 38891 ssh2
May  4 18:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Received disconnect from 103.167.216.46 port 38891:11: Bye Bye [preauth]
May  4 18:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Disconnected from 103.167.216.46 port 38891 [preauth]
May  4 18:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30355]: pam_unix(cron:session): session closed for user root
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31639]: pam_unix(cron:session): session closed for user p13x
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: Successful su for rubyman by root
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: + ??? root:rubyman
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328959 of user rubyman.
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: pam_unix(su:session): session closed for user rubyman
May  4 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328959.
May  4 18:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28928]: pam_unix(cron:session): session closed for user root
May  4 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31640]: pam_unix(cron:session): session closed for user samftp
May  4 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Invalid user deploy from 116.118.48.186
May  4 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: input_userauth_request: invalid user deploy [preauth]
May  4 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Failed password for invalid user deploy from 116.118.48.186 port 44836 ssh2
May  4 18:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Received disconnect from 116.118.48.186 port 44836:11: Bye Bye [preauth]
May  4 18:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31899]: Disconnected from 116.118.48.186 port 44836 [preauth]
May  4 18:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session closed for user root
May  4 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32071]: pam_unix(cron:session): session closed for user p13x
May  4 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32131]: Successful su for rubyman by root
May  4 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32131]: + ??? root:rubyman
May  4 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328963 of user rubyman.
May  4 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32131]: pam_unix(su:session): session closed for user rubyman
May  4 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328963.
May  4 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29442]: pam_unix(cron:session): session closed for user root
May  4 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Invalid user ads from 103.167.216.46
May  4 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: input_userauth_request: invalid user ads [preauth]
May  4 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32072]: pam_unix(cron:session): session closed for user samftp
May  4 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Failed password for invalid user ads from 103.167.216.46 port 43564 ssh2
May  4 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Received disconnect from 103.167.216.46 port 43564:11: Bye Bye [preauth]
May  4 18:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32283]: Disconnected from 103.167.216.46 port 43564 [preauth]
May  4 18:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Invalid user souken from 123.252.238.214
May  4 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: input_userauth_request: invalid user souken [preauth]
May  4 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Failed password for invalid user souken from 123.252.238.214 port 50334 ssh2
May  4 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Received disconnect from 123.252.238.214 port 50334:11: Bye Bye [preauth]
May  4 18:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Disconnected from 123.252.238.214 port 50334 [preauth]
May  4 18:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session closed for user root
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session closed for user root
May  4 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session closed for user p13x
May  4 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32544]: Successful su for rubyman by root
May  4 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32544]: + ??? root:rubyman
May  4 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328967 of user rubyman.
May  4 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32544]: pam_unix(su:session): session closed for user rubyman
May  4 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328967.
May  4 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session closed for user root
May  4 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session closed for user root
May  4 18:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session closed for user samftp
May  4 18:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223  user=root
May  4 18:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Failed password for root from 103.52.115.223 port 47310 ssh2
May  4 18:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Received disconnect from 103.52.115.223 port 47310:11: Bye Bye [preauth]
May  4 18:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Disconnected from 103.52.115.223 port 47310 [preauth]
May  4 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31645]: pam_unix(cron:session): session closed for user root
May  4 18:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Invalid user ubuntu from 103.167.216.46
May  4 18:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Failed password for invalid user ubuntu from 103.167.216.46 port 30821 ssh2
May  4 18:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Received disconnect from 103.167.216.46 port 30821:11: Bye Bye [preauth]
May  4 18:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Disconnected from 103.167.216.46 port 30821 [preauth]
May  4 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Invalid user dima from 177.182.181.8
May  4 18:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: input_userauth_request: invalid user dima [preauth]
May  4 18:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session closed for user p13x
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[647]: Successful su for rubyman by root
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[647]: + ??? root:rubyman
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328973 of user rubyman.
May  4 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[647]: pam_unix(su:session): session closed for user rubyman
May  4 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328973.
May  4 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Failed password for invalid user dima from 177.182.181.8 port 42864 ssh2
May  4 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Received disconnect from 177.182.181.8 port 42864:11: Bye Bye [preauth]
May  4 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Disconnected from 177.182.181.8 port 42864 [preauth]
May  4 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30354]: pam_unix(cron:session): session closed for user root
May  4 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[575]: pam_unix(cron:session): session closed for user samftp
May  4 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32076]: pam_unix(cron:session): session closed for user root
May  4 18:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Invalid user dev from 145.239.89.124
May  4 18:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: input_userauth_request: invalid user dev [preauth]
May  4 18:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Failed password for invalid user dev from 145.239.89.124 port 39578 ssh2
May  4 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Received disconnect from 145.239.89.124 port 39578:11: Bye Bye [preauth]
May  4 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Disconnected from 145.239.89.124 port 39578 [preauth]
May  4 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Invalid user christian from 80.94.95.241
May  4 18:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: input_userauth_request: invalid user christian [preauth]
May  4 18:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 18:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user christian from 80.94.95.241 port 20077 ssh2
May  4 18:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user christian from 80.94.95.241 port 20077 ssh2
May  4 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user christian from 80.94.95.241 port 20077 ssh2
May  4 18:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user christian from 80.94.95.241 port 20077 ssh2
May  4 18:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user christian from 80.94.95.241 port 20077 ssh2
May  4 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Received disconnect from 80.94.95.241 port 20077:11: Bye [preauth]
May  4 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Disconnected from 80.94.95.241 port 20077 [preauth]
May  4 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 18:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session closed for user root
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1026]: pam_unix(cron:session): session closed for user p13x
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1093]: Successful su for rubyman by root
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1093]: + ??? root:rubyman
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328976 of user rubyman.
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1093]: pam_unix(su:session): session closed for user rubyman
May  4 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328976.
May  4 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session closed for user root
May  4 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session closed for user samftp
May  4 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session closed for user root
May  4 18:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Invalid user will from 103.167.216.46
May  4 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: input_userauth_request: invalid user will [preauth]
May  4 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46
May  4 18:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Failed password for invalid user will from 103.167.216.46 port 39939 ssh2
May  4 18:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Received disconnect from 103.167.216.46 port 39939:11: Bye Bye [preauth]
May  4 18:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Disconnected from 103.167.216.46 port 39939 [preauth]
May  4 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Did not receive identification string from 51.83.74.178
May  4 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user p13x
May  4 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: Successful su for rubyman by root
May  4 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: + ??? root:rubyman
May  4 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328982 of user rubyman.
May  4 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1566]: pam_unix(su:session): session closed for user rubyman
May  4 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328982.
May  4 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session closed for user root
May  4 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Invalid user ubuntu from 51.83.74.178
May  4 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.74.178
May  4 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Failed password for invalid user ubuntu from 51.83.74.178 port 39626 ssh2
May  4 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user samftp
May  4 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Connection closed by 51.83.74.178 port 39626 [preauth]
May  4 18:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: Invalid user sol from 51.83.74.178
May  4 18:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: input_userauth_request: invalid user sol [preauth]
May  4 18:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.74.178
May  4 18:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: Failed password for invalid user sol from 51.83.74.178 port 39636 ssh2
May  4 18:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1769]: Connection closed by 51.83.74.178 port 39636 [preauth]
May  4 18:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Invalid user solana from 51.83.74.178
May  4 18:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: input_userauth_request: invalid user solana [preauth]
May  4 18:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.74.178
May  4 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Failed password for invalid user solana from 51.83.74.178 port 35420 ssh2
May  4 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1780]: Connection closed by 51.83.74.178 port 35420 [preauth]
May  4 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session closed for user root
May  4 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session closed for user p13x
May  4 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2082]: Successful su for rubyman by root
May  4 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2082]: + ??? root:rubyman
May  4 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328985 of user rubyman.
May  4 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2082]: pam_unix(su:session): session closed for user rubyman
May  4 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328985.
May  4 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31644]: pam_unix(cron:session): session closed for user root
May  4 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session closed for user samftp
May  4 18:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 18:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2261]: Failed password for root from 116.118.48.186 port 51838 ssh2
May  4 18:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2261]: Received disconnect from 116.118.48.186 port 51838:11: Bye Bye [preauth]
May  4 18:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2261]: Disconnected from 116.118.48.186 port 51838 [preauth]
May  4 18:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: User lp from 103.167.216.46 not allowed because not listed in AllowUsers
May  4 18:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: input_userauth_request: invalid user lp [preauth]
May  4 18:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.167.216.46  user=lp
May  4 18:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Failed password for invalid user lp from 103.167.216.46 port 28142 ssh2
May  4 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Received disconnect from 103.167.216.46 port 28142:11: Bye Bye [preauth]
May  4 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2301]: Disconnected from 103.167.216.46 port 28142 [preauth]
May  4 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session closed for user root
May  4 18:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Invalid user postgres from 123.252.238.214
May  4 18:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: input_userauth_request: invalid user postgres [preauth]
May  4 18:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 18:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Failed password for invalid user postgres from 123.252.238.214 port 48612 ssh2
May  4 18:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Received disconnect from 123.252.238.214 port 48612:11: Bye Bye [preauth]
May  4 18:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Disconnected from 123.252.238.214 port 48612 [preauth]
May  4 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Invalid user dima from 45.95.233.112
May  4 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: input_userauth_request: invalid user dima [preauth]
May  4 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Failed password for invalid user dima from 45.95.233.112 port 52814 ssh2
May  4 18:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Received disconnect from 45.95.233.112 port 52814:11: Bye Bye [preauth]
May  4 18:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2399]: Disconnected from 45.95.233.112 port 52814 [preauth]
May  4 18:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Invalid user debian from 152.32.190.168
May  4 18:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: input_userauth_request: invalid user debian [preauth]
May  4 18:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for invalid user debian from 152.32.190.168 port 49510 ssh2
May  4 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Received disconnect from 152.32.190.168 port 49510:11: Bye Bye [preauth]
May  4 18:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Disconnected from 152.32.190.168 port 49510 [preauth]
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session closed for user root
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session closed for user p13x
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: Successful su for rubyman by root
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: + ??? root:rubyman
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328992 of user rubyman.
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2520]: pam_unix(su:session): session closed for user rubyman
May  4 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328992.
May  4 18:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session closed for user root
May  4 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32074]: pam_unix(cron:session): session closed for user root
May  4 18:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2447]: pam_unix(cron:session): session closed for user samftp
May  4 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Failed password for root from 140.249.188.255 port 56668 ssh2
May  4 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Received disconnect from 140.249.188.255 port 56668:11: Bye Bye [preauth]
May  4 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Disconnected from 140.249.188.255 port 56668 [preauth]
May  4 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user root
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2915]: pam_unix(cron:session): session closed for user p13x
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: Successful su for rubyman by root
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: + ??? root:rubyman
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 328995 of user rubyman.
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: pam_unix(su:session): session closed for user rubyman
May  4 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 328995.
May  4 18:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session closed for user root
May  4 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2916]: pam_unix(cron:session): session closed for user samftp
May  4 18:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Invalid user faro from 103.52.115.223
May  4 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: input_userauth_request: invalid user faro [preauth]
May  4 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Failed password for invalid user faro from 103.52.115.223 port 47612 ssh2
May  4 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Received disconnect from 103.52.115.223 port 47612:11: Bye Bye [preauth]
May  4 18:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3213]: Disconnected from 103.52.115.223 port 47612 [preauth]
May  4 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session closed for user root
May  4 18:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Invalid user debian from 177.182.181.8
May  4 18:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: input_userauth_request: invalid user debian [preauth]
May  4 18:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 18:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for invalid user debian from 177.182.181.8 port 45426 ssh2
May  4 18:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Received disconnect from 177.182.181.8 port 45426:11: Bye Bye [preauth]
May  4 18:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Disconnected from 177.182.181.8 port 45426 [preauth]
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session closed for user p13x
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: Successful su for rubyman by root
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: + ??? root:rubyman
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329000 of user rubyman.
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3403]: pam_unix(su:session): session closed for user rubyman
May  4 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329000.
May  4 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session closed for user root
May  4 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3322]: pam_unix(cron:session): session closed for user samftp
May  4 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Invalid user nginx from 145.239.89.124
May  4 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: input_userauth_request: invalid user nginx [preauth]
May  4 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Failed password for invalid user nginx from 145.239.89.124 port 60852 ssh2
May  4 18:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Received disconnect from 145.239.89.124 port 60852:11: Bye Bye [preauth]
May  4 18:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3612]: Disconnected from 145.239.89.124 port 60852 [preauth]
May  4 18:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session closed for user root
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session closed for user p13x
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: Successful su for rubyman by root
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: + ??? root:rubyman
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329005 of user rubyman.
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: pam_unix(su:session): session closed for user rubyman
May  4 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329005.
May  4 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session closed for user root
May  4 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session closed for user samftp
May  4 18:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session closed for user root
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session closed for user p13x
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: Successful su for rubyman by root
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: + ??? root:rubyman
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329009 of user rubyman.
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: pam_unix(su:session): session closed for user rubyman
May  4 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329009.
May  4 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
May  4 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user samftp
May  4 18:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Invalid user magento from 45.95.233.112
May  4 18:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: input_userauth_request: invalid user magento [preauth]
May  4 18:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Failed password for invalid user magento from 45.95.233.112 port 40000 ssh2
May  4 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Received disconnect from 45.95.233.112 port 40000:11: Bye Bye [preauth]
May  4 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4654]: Disconnected from 45.95.233.112 port 40000 [preauth]
May  4 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session closed for user root
May  4 18:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Invalid user ftpuser from 140.249.188.255
May  4 18:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: input_userauth_request: invalid user ftpuser [preauth]
May  4 18:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 18:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Failed password for invalid user ftpuser from 140.249.188.255 port 57006 ssh2
May  4 18:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Received disconnect from 140.249.188.255 port 57006:11: Bye Bye [preauth]
May  4 18:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Disconnected from 140.249.188.255 port 57006 [preauth]
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4784]: pam_unix(cron:session): session closed for user root
May  4 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user p13x
May  4 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: Successful su for rubyman by root
May  4 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: + ??? root:rubyman
May  4 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329015 of user rubyman.
May  4 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: pam_unix(su:session): session closed for user rubyman
May  4 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329015.
May  4 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session closed for user root
May  4 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session closed for user root
May  4 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session closed for user samftp
May  4 18:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Invalid user taibabi from 36.255.8.54
May  4 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Failed password for invalid user taibabi from 36.255.8.54 port 53160 ssh2
May  4 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Received disconnect from 36.255.8.54 port 53160:11: Bye Bye [preauth]
May  4 18:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5281]: Disconnected from 36.255.8.54 port 53160 [preauth]
May  4 18:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168  user=root
May  4 18:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Failed password for root from 152.32.190.168 port 37340 ssh2
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Received disconnect from 152.32.190.168 port 37340:11: Bye Bye [preauth]
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5293]: Disconnected from 152.32.190.168 port 37340 [preauth]
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: Invalid user piso from 116.118.48.186
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: input_userauth_request: invalid user piso [preauth]
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: Failed password for invalid user piso from 116.118.48.186 port 34920 ssh2
May  4 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: Received disconnect from 116.118.48.186 port 34920:11: Bye Bye [preauth]
May  4 18:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5307]: Disconnected from 116.118.48.186 port 34920 [preauth]
May  4 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session closed for user root
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session closed for user p13x
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: Successful su for rubyman by root
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: + ??? root:rubyman
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329018 of user rubyman.
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: pam_unix(su:session): session closed for user rubyman
May  4 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329018.
May  4 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session closed for user root
May  4 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session closed for user samftp
May  4 18:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Failed password for root from 213.165.85.145 port 54286 ssh2
May  4 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Received disconnect from 213.165.85.145 port 54286:11: Bye Bye [preauth]
May  4 18:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Disconnected from 213.165.85.145 port 54286 [preauth]
May  4 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user root
May  4 18:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Invalid user dima from 145.239.89.124
May  4 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: input_userauth_request: invalid user dima [preauth]
May  4 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Failed password for invalid user dima from 145.239.89.124 port 60600 ssh2
May  4 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Received disconnect from 145.239.89.124 port 60600:11: Bye Bye [preauth]
May  4 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5936]: Disconnected from 145.239.89.124 port 60600 [preauth]
May  4 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user p13x
May  4 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: Successful su for rubyman by root
May  4 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: + ??? root:rubyman
May  4 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329022 of user rubyman.
May  4 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6059]: pam_unix(su:session): session closed for user rubyman
May  4 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329022.
May  4 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user root
May  4 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user samftp
May  4 18:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Invalid user test from 103.52.115.223
May  4 18:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: input_userauth_request: invalid user test [preauth]
May  4 18:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4783]: pam_unix(cron:session): session closed for user root
May  4 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Failed password for invalid user test from 103.52.115.223 port 51912 ssh2
May  4 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Received disconnect from 103.52.115.223 port 51912:11: Bye Bye [preauth]
May  4 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Disconnected from 103.52.115.223 port 51912 [preauth]
May  4 18:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 18:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Failed password for root from 177.182.181.8 port 44922 ssh2
May  4 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Received disconnect from 177.182.181.8 port 44922:11: Bye Bye [preauth]
May  4 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6387]: Disconnected from 177.182.181.8 port 44922 [preauth]
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user p13x
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: Successful su for rubyman by root
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: + ??? root:rubyman
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329025 of user rubyman.
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6473]: pam_unix(su:session): session closed for user rubyman
May  4 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329025.
May  4 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session closed for user root
May  4 18:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user samftp
May  4 18:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Invalid user ubuntu from 45.95.233.112
May  4 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Failed password for invalid user ubuntu from 45.95.233.112 port 37174 ssh2
May  4 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Received disconnect from 45.95.233.112 port 37174:11: Bye Bye [preauth]
May  4 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Disconnected from 45.95.233.112 port 37174 [preauth]
May  4 18:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session closed for user root
May  4 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session closed for user p13x
May  4 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: Successful su for rubyman by root
May  4 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: + ??? root:rubyman
May  4 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329029 of user rubyman.
May  4 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6881]: pam_unix(su:session): session closed for user rubyman
May  4 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329029.
May  4 18:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session closed for user root
May  4 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user samftp
May  4 18:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 18:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7212]: Failed password for root from 140.249.188.255 port 57292 ssh2
May  4 18:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7212]: Received disconnect from 140.249.188.255 port 57292:11: Bye Bye [preauth]
May  4 18:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7212]: Disconnected from 140.249.188.255 port 57292 [preauth]
May  4 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user root
May  4 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session closed for user p13x
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: Successful su for rubyman by root
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: + ??? root:rubyman
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329036 of user rubyman.
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: pam_unix(su:session): session closed for user rubyman
May  4 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329036.
May  4 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user root
May  4 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user root
May  4 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user samftp
May  4 18:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Invalid user magento from 152.32.190.168
May  4 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: input_userauth_request: invalid user magento [preauth]
May  4 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214  user=root
May  4 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user root
May  4 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Failed password for invalid user magento from 152.32.190.168 port 59444 ssh2
May  4 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Received disconnect from 152.32.190.168 port 59444:11: Bye Bye [preauth]
May  4 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Disconnected from 152.32.190.168 port 59444 [preauth]
May  4 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: Failed password for root from 123.252.238.214 port 58936 ssh2
May  4 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: Received disconnect from 123.252.238.214 port 58936:11: Bye Bye [preauth]
May  4 18:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7791]: Disconnected from 123.252.238.214 port 58936 [preauth]
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session closed for user p13x
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7943]: Successful su for rubyman by root
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7943]: + ??? root:rubyman
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329039 of user rubyman.
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7943]: pam_unix(su:session): session closed for user rubyman
May  4 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329039.
May  4 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session closed for user root
May  4 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user samftp
May  4 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: Invalid user dima from 145.239.89.124
May  4 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: input_userauth_request: invalid user dima [preauth]
May  4 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: Failed password for invalid user dima from 145.239.89.124 port 60346 ssh2
May  4 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: Received disconnect from 145.239.89.124 port 60346:11: Bye Bye [preauth]
May  4 18:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8161]: Disconnected from 145.239.89.124 port 60346 [preauth]
May  4 18:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Invalid user wyt from 116.118.48.186
May  4 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: input_userauth_request: invalid user wyt [preauth]
May  4 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Failed password for invalid user wyt from 116.118.48.186 port 52012 ssh2
May  4 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Received disconnect from 116.118.48.186 port 52012:11: Bye Bye [preauth]
May  4 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8190]: Disconnected from 116.118.48.186 port 52012 [preauth]
May  4 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user root
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session closed for user p13x
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8384]: Successful su for rubyman by root
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8384]: + ??? root:rubyman
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329044 of user rubyman.
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8384]: pam_unix(su:session): session closed for user rubyman
May  4 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329044.
May  4 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user root
May  4 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user samftp
May  4 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user root
May  4 18:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Invalid user singh from 45.95.233.112
May  4 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: input_userauth_request: invalid user singh [preauth]
May  4 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Failed password for invalid user singh from 45.95.233.112 port 59924 ssh2
May  4 18:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Received disconnect from 45.95.233.112 port 59924:11: Bye Bye [preauth]
May  4 18:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8680]: Disconnected from 45.95.233.112 port 59924 [preauth]
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session closed for user p13x
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: Successful su for rubyman by root
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: + ??? root:rubyman
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329047 of user rubyman.
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: pam_unix(su:session): session closed for user rubyman
May  4 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329047.
May  4 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user root
May  4 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8751]: pam_unix(cron:session): session closed for user samftp
May  4 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session closed for user root
May  4 18:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Invalid user esther from 103.52.115.223
May  4 18:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: input_userauth_request: invalid user esther [preauth]
May  4 18:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Failed password for invalid user esther from 103.52.115.223 port 44224 ssh2
May  4 18:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Received disconnect from 103.52.115.223 port 44224:11: Bye Bye [preauth]
May  4 18:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Disconnected from 103.52.115.223 port 44224 [preauth]
May  4 18:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Invalid user mcserver from 190.103.202.7
May  4 18:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: input_userauth_request: invalid user mcserver [preauth]
May  4 18:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 18:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Failed password for invalid user mcserver from 190.103.202.7 port 40174 ssh2
May  4 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9103]: Connection closed by 190.103.202.7 port 40174 [preauth]
May  4 18:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Invalid user venkata from 177.182.181.8
May  4 18:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: input_userauth_request: invalid user venkata [preauth]
May  4 18:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Failed password for invalid user venkata from 177.182.181.8 port 51494 ssh2
May  4 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Received disconnect from 177.182.181.8 port 51494:11: Bye Bye [preauth]
May  4 18:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9216]: Disconnected from 177.182.181.8 port 51494 [preauth]
May  4 18:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Invalid user username from 140.249.188.255
May  4 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: input_userauth_request: invalid user username [preauth]
May  4 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user username from 140.249.188.255 port 57578 ssh2
May  4 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Received disconnect from 140.249.188.255 port 57578:11: Bye Bye [preauth]
May  4 18:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Disconnected from 140.249.188.255 port 57578 [preauth]
May  4 18:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 18:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Failed password for root from 213.165.85.145 port 39226 ssh2
May  4 18:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Received disconnect from 213.165.85.145 port 39226:11: Bye Bye [preauth]
May  4 18:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Disconnected from 213.165.85.145 port 39226 [preauth]
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9250]: pam_unix(cron:session): session closed for user p13x
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9349]: Successful su for rubyman by root
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9349]: + ??? root:rubyman
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329053 of user rubyman.
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9349]: pam_unix(su:session): session closed for user rubyman
May  4 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329053.
May  4 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user root
May  4 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9251]: pam_unix(cron:session): session closed for user samftp
May  4 18:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Invalid user  from 85.198.17.145
May  4 18:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: input_userauth_request: invalid user  [preauth]
May  4 18:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9555]: Connection closed by 85.198.17.145 port 40698 [preauth]
May  4 18:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user root
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session closed for user root
May  4 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9687]: pam_unix(cron:session): session closed for user p13x
May  4 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: Successful su for rubyman by root
May  4 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: + ??? root:rubyman
May  4 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329057 of user rubyman.
May  4 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: pam_unix(su:session): session closed for user rubyman
May  4 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329057.
May  4 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session closed for user root
May  4 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user root
May  4 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session closed for user samftp
May  4 18:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8753]: pam_unix(cron:session): session closed for user root
May  4 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Invalid user testuser from 145.239.89.124
May  4 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: input_userauth_request: invalid user testuser [preauth]
May  4 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Failed password for invalid user testuser from 145.239.89.124 port 60460 ssh2
May  4 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Received disconnect from 145.239.89.124 port 60460:11: Bye Bye [preauth]
May  4 18:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Disconnected from 145.239.89.124 port 60460 [preauth]
May  4 18:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Invalid user ubuntu from 152.32.190.168
May  4 18:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Failed password for invalid user ubuntu from 152.32.190.168 port 36662 ssh2
May  4 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Received disconnect from 152.32.190.168 port 36662:11: Bye Bye [preauth]
May  4 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Disconnected from 152.32.190.168 port 36662 [preauth]
May  4 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Invalid user dut from 123.252.238.214
May  4 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: input_userauth_request: invalid user dut [preauth]
May  4 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Invalid user A from 195.178.110.50
May  4 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: input_userauth_request: invalid user A [preauth]
May  4 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session closed for user p13x
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10191]: Successful su for rubyman by root
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10191]: + ??? root:rubyman
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329061 of user rubyman.
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10191]: pam_unix(su:session): session closed for user rubyman
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329061.
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Failed password for invalid user dut from 123.252.238.214 port 38364 ssh2
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Received disconnect from 123.252.238.214 port 38364:11: Bye Bye [preauth]
May  4 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Disconnected from 123.252.238.214 port 38364 [preauth]
May  4 18:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Failed password for invalid user A from 195.178.110.50 port 62850 ssh2
May  4 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user root
May  4 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session closed for user samftp
May  4 18:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10093]: Connection closed by 195.178.110.50 port 62850 [preauth]
May  4 18:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Invalid user l from 195.178.110.50
May  4 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: input_userauth_request: invalid user l [preauth]
May  4 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Failed password for invalid user l from 195.178.110.50 port 65172 ssh2
May  4 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10480]: Connection closed by 195.178.110.50 port 65172 [preauth]
May  4 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session closed for user root
May  4 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Invalid user 9 from 195.178.110.50
May  4 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: input_userauth_request: invalid user 9 [preauth]
May  4 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Failed password for invalid user 9 from 195.178.110.50 port 30774 ssh2
May  4 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 195.178.110.50 port 30774 [preauth]
May  4 18:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112  user=root
May  4 18:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Failed password for root from 45.95.233.112 port 59186 ssh2
May  4 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Received disconnect from 45.95.233.112 port 59186:11: Bye Bye [preauth]
May  4 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Disconnected from 45.95.233.112 port 59186 [preauth]
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session closed for user p13x
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10776]: Successful su for rubyman by root
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10776]: + ??? root:rubyman
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329066 of user rubyman.
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10776]: pam_unix(su:session): session closed for user rubyman
May  4 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329066.
May  4 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user root
May  4 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session closed for user samftp
May  4 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Invalid user d from 195.178.110.50
May  4 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: input_userauth_request: invalid user d [preauth]
May  4 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: Connection closed by 134.209.152.88 port 46860 [preauth]
May  4 18:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for invalid user d from 195.178.110.50 port 51652 ssh2
May  4 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Invalid user taibabi from 116.118.48.186
May  4 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Failed password for invalid user taibabi from 116.118.48.186 port 49158 ssh2
May  4 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Received disconnect from 116.118.48.186 port 49158:11: Bye Bye [preauth]
May  4 18:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10976]: Disconnected from 116.118.48.186 port 49158 [preauth]
May  4 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 195.178.110.50 port 51652 [preauth]
May  4 18:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Invalid user git from 81.70.167.132
May  4 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: input_userauth_request: invalid user git [preauth]
May  4 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  4 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Failed password for invalid user git from 81.70.167.132 port 57950 ssh2
May  4 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Received disconnect from 81.70.167.132 port 57950:11: Bye Bye [preauth]
May  4 18:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Disconnected from 81.70.167.132 port 57950 [preauth]
May  4 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session closed for user root
May  4 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Invalid user 1 from 195.178.110.50
May  4 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: input_userauth_request: invalid user 1 [preauth]
May  4 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Failed password for invalid user 1 from 195.178.110.50 port 40490 ssh2
May  4 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Connection closed by 195.178.110.50 port 40490 [preauth]
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session closed for user p13x
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: Successful su for rubyman by root
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: + ??? root:rubyman
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329069 of user rubyman.
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11173]: pam_unix(su:session): session closed for user rubyman
May  4 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329069.
May  4 18:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user root
May  4 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session closed for user samftp
May  4 18:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Invalid user mkatsf from 140.249.188.255
May  4 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: input_userauth_request: invalid user mkatsf [preauth]
May  4 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 18:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for invalid user mkatsf from 140.249.188.255 port 57916 ssh2
May  4 18:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Received disconnect from 140.249.188.255 port 57916:11: Bye Bye [preauth]
May  4 18:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Disconnected from 140.249.188.255 port 57916 [preauth]
May  4 18:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user root
May  4 18:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Invalid user taibabi from 213.165.85.145
May  4 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 18:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Failed password for invalid user taibabi from 213.165.85.145 port 52286 ssh2
May  4 18:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Received disconnect from 213.165.85.145 port 52286:11: Bye Bye [preauth]
May  4 18:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11472]: Disconnected from 213.165.85.145 port 52286 [preauth]
May  4 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user p13x
May  4 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11621]: Successful su for rubyman by root
May  4 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11621]: + ??? root:rubyman
May  4 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329073 of user rubyman.
May  4 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11621]: pam_unix(su:session): session closed for user rubyman
May  4 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329073.
May  4 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11501]: pam_unix(cron:session): session closed for user root
May  4 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8752]: pam_unix(cron:session): session closed for user root
May  4 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user samftp
May  4 18:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11901]: Failed password for root from 85.198.17.145 port 45730 ssh2
May  4 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11901]: Connection closed by 85.198.17.145 port 45730 [preauth]
May  4 18:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: Invalid user pi from 85.198.17.145
May  4 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: input_userauth_request: invalid user pi [preauth]
May  4 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: Failed password for invalid user pi from 85.198.17.145 port 45732 ssh2
May  4 18:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11904]: Connection closed by 85.198.17.145 port 45732 [preauth]
May  4 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Invalid user hive from 85.198.17.145
May  4 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: input_userauth_request: invalid user hive [preauth]
May  4 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session closed for user root
May  4 18:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Failed password for invalid user hive from 85.198.17.145 port 45740 ssh2
May  4 18:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11914]: Connection closed by 85.198.17.145 port 45740 [preauth]
May  4 18:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Invalid user git from 85.198.17.145
May  4 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: input_userauth_request: invalid user git [preauth]
May  4 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Failed password for invalid user git from 85.198.17.145 port 54120 ssh2
May  4 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Connection closed by 85.198.17.145 port 54120 [preauth]
May  4 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Invalid user wang from 85.198.17.145
May  4 18:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: input_userauth_request: invalid user wang [preauth]
May  4 18:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Failed password for invalid user wang from 85.198.17.145 port 54130 ssh2
May  4 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Connection closed by 85.198.17.145 port 54130 [preauth]
May  4 18:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 18:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Invalid user nginx from 85.198.17.145
May  4 18:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: input_userauth_request: invalid user nginx [preauth]
May  4 18:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Failed password for root from 177.182.181.8 port 39030 ssh2
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Received disconnect from 177.182.181.8 port 39030:11: Bye Bye [preauth]
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11958]: Disconnected from 177.182.181.8 port 39030 [preauth]
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for invalid user nginx from 85.198.17.145 port 54144 ssh2
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Invalid user hsm from 103.52.115.223
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: input_userauth_request: invalid user hsm [preauth]
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Connection closed by 85.198.17.145 port 54144 [preauth]
May  4 18:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Invalid user mongo from 85.198.17.145
May  4 18:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: input_userauth_request: invalid user mongo [preauth]
May  4 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Failed password for invalid user hsm from 103.52.115.223 port 48114 ssh2
May  4 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Received disconnect from 103.52.115.223 port 48114:11: Bye Bye [preauth]
May  4 18:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Disconnected from 103.52.115.223 port 48114 [preauth]
May  4 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Failed password for invalid user mongo from 85.198.17.145 port 40724 ssh2
May  4 18:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11979]: Connection closed by 85.198.17.145 port 40724 [preauth]
May  4 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Invalid user user from 85.198.17.145
May  4 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: input_userauth_request: invalid user user [preauth]
May  4 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Failed password for invalid user user from 85.198.17.145 port 40734 ssh2
May  4 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11986]: Connection closed by 85.198.17.145 port 40734 [preauth]
May  4 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: Invalid user oracle from 85.198.17.145
May  4 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: input_userauth_request: invalid user oracle [preauth]
May  4 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: Failed password for invalid user oracle from 85.198.17.145 port 40748 ssh2
May  4 18:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11996]: Connection closed by 85.198.17.145 port 40748 [preauth]
May  4 18:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Invalid user gpadmin from 85.198.17.145
May  4 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: input_userauth_request: invalid user gpadmin [preauth]
May  4 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Failed password for invalid user gpadmin from 85.198.17.145 port 57098 ssh2
May  4 18:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Connection closed by 85.198.17.145 port 57098 [preauth]
May  4 18:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Invalid user star from 145.239.89.124
May  4 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: input_userauth_request: invalid user star [preauth]
May  4 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12018]: pam_unix(cron:session): session closed for user root
May  4 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session closed for user p13x
May  4 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: Successful su for rubyman by root
May  4 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: + ??? root:rubyman
May  4 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329082 of user rubyman.
May  4 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12085]: pam_unix(su:session): session closed for user rubyman
May  4 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329082.
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Failed password for invalid user star from 145.239.89.124 port 41802 ssh2
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Failed password for root from 85.198.17.145 port 57114 ssh2
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Received disconnect from 145.239.89.124 port 41802:11: Bye Bye [preauth]
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12008]: Disconnected from 145.239.89.124 port 41802 [preauth]
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12010]: Connection closed by 85.198.17.145 port 57114 [preauth]
May  4 18:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12015]: pam_unix(cron:session): session closed for user root
May  4 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Invalid user esroot from 85.198.17.145
May  4 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: input_userauth_request: invalid user esroot [preauth]
May  4 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9252]: pam_unix(cron:session): session closed for user root
May  4 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session closed for user samftp
May  4 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Failed password for invalid user esroot from 85.198.17.145 port 57116 ssh2
May  4 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Connection closed by 85.198.17.145 port 57116 [preauth]
May  4 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Invalid user gitlab from 85.198.17.145
May  4 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: input_userauth_request: invalid user gitlab [preauth]
May  4 18:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Failed password for invalid user gitlab from 85.198.17.145 port 60366 ssh2
May  4 18:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Connection closed by 85.198.17.145 port 60366 [preauth]
May  4 18:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: Invalid user apache from 85.198.17.145
May  4 18:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: input_userauth_request: invalid user apache [preauth]
May  4 18:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: Failed password for invalid user apache from 85.198.17.145 port 60370 ssh2
May  4 18:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12303]: Connection closed by 85.198.17.145 port 60370 [preauth]
May  4 18:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: Failed password for root from 85.198.17.145 port 60376 ssh2
May  4 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: Connection closed by 85.198.17.145 port 60376 [preauth]
May  4 18:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: Failed password for root from 85.198.17.145 port 53786 ssh2
May  4 18:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12341]: Connection closed by 85.198.17.145 port 53786 [preauth]
May  4 18:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Invalid user user from 85.198.17.145
May  4 18:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: input_userauth_request: invalid user user [preauth]
May  4 18:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Failed password for invalid user user from 85.198.17.145 port 53798 ssh2
May  4 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Connection closed by 85.198.17.145 port 53798 [preauth]
May  4 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: Invalid user lighthouse from 85.198.17.145
May  4 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: input_userauth_request: invalid user lighthouse [preauth]
May  4 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: Failed password for invalid user lighthouse from 85.198.17.145 port 42878 ssh2
May  4 18:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: Connection closed by 85.198.17.145 port 42878 [preauth]
May  4 18:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Invalid user flask from 85.198.17.145
May  4 18:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: input_userauth_request: invalid user flask [preauth]
May  4 18:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Failed password for invalid user flask from 85.198.17.145 port 42880 ssh2
May  4 18:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12376]: Connection closed by 85.198.17.145 port 42880 [preauth]
May  4 18:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: Invalid user user1 from 85.198.17.145
May  4 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: input_userauth_request: invalid user user1 [preauth]
May  4 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11113]: pam_unix(cron:session): session closed for user root
May  4 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: Failed password for invalid user user1 from 85.198.17.145 port 42890 ssh2
May  4 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12386]: Connection closed by 85.198.17.145 port 42890 [preauth]
May  4 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Invalid user hadoop from 85.198.17.145
May  4 18:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: input_userauth_request: invalid user hadoop [preauth]
May  4 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Failed password for invalid user hadoop from 85.198.17.145 port 47064 ssh2
May  4 18:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Connection closed by 85.198.17.145 port 47064 [preauth]
May  4 18:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Invalid user oracle from 85.198.17.145
May  4 18:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: input_userauth_request: invalid user oracle [preauth]
May  4 18:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Failed password for invalid user oracle from 85.198.17.145 port 47066 ssh2
May  4 18:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12419]: Connection closed by 85.198.17.145 port 47066 [preauth]
May  4 18:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Invalid user test from 85.198.17.145
May  4 18:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: input_userauth_request: invalid user test [preauth]
May  4 18:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Failed password for invalid user test from 85.198.17.145 port 47070 ssh2
May  4 18:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Connection closed by 85.198.17.145 port 47070 [preauth]
May  4 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Invalid user ubuntu from 152.32.190.168
May  4 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Failed password for root from 85.198.17.145 port 35264 ssh2
May  4 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12451]: Connection closed by 85.198.17.145 port 35264 [preauth]
May  4 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Failed password for invalid user ubuntu from 152.32.190.168 port 43670 ssh2
May  4 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Received disconnect from 152.32.190.168 port 43670:11: Bye Bye [preauth]
May  4 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Disconnected from 152.32.190.168 port 43670 [preauth]
May  4 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Invalid user developer from 85.198.17.145
May  4 18:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: input_userauth_request: invalid user developer [preauth]
May  4 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for invalid user developer from 85.198.17.145 port 35272 ssh2
May  4 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 85.198.17.145 port 35272 [preauth]
May  4 18:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for root from 85.198.17.145 port 35276 ssh2
May  4 18:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Connection closed by 85.198.17.145 port 35276 [preauth]
May  4 18:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: User mysql from 85.198.17.145 not allowed because not listed in AllowUsers
May  4 18:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: input_userauth_request: invalid user mysql [preauth]
May  4 18:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=mysql
May  4 18:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for invalid user mysql from 85.198.17.145 port 45566 ssh2
May  4 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Connection closed by 85.198.17.145 port 45566 [preauth]
May  4 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user p13x
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: Successful su for rubyman by root
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: + ??? root:rubyman
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329087 of user rubyman.
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12555]: pam_unix(su:session): session closed for user rubyman
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329087.
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Failed password for root from 85.198.17.145 port 45578 ssh2
May  4 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12478]: Connection closed by 85.198.17.145 port 45578 [preauth]
May  4 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Invalid user tom from 85.198.17.145
May  4 18:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: input_userauth_request: invalid user tom [preauth]
May  4 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session closed for user root
May  4 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Failed password for invalid user tom from 85.198.17.145 port 45586 ssh2
May  4 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12491]: pam_unix(cron:session): session closed for user samftp
May  4 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12613]: Connection closed by 85.198.17.145 port 45586 [preauth]
May  4 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Failed password for root from 85.198.17.145 port 36082 ssh2
May  4 18:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12736]: Connection closed by 85.198.17.145 port 36082 [preauth]
May  4 18:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Invalid user oscar from 85.198.17.145
May  4 18:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: input_userauth_request: invalid user oscar [preauth]
May  4 18:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Failed password for invalid user oscar from 85.198.17.145 port 36092 ssh2
May  4 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Connection closed by 85.198.17.145 port 36092 [preauth]
May  4 18:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Invalid user taibabi from 45.95.233.112
May  4 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Failed password for root from 85.198.17.145 port 36104 ssh2
May  4 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12749]: Connection closed by 85.198.17.145 port 36104 [preauth]
May  4 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Failed password for invalid user taibabi from 45.95.233.112 port 37772 ssh2
May  4 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Received disconnect from 45.95.233.112 port 37772:11: Bye Bye [preauth]
May  4 18:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12763]: Disconnected from 45.95.233.112 port 37772 [preauth]
May  4 18:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Failed password for root from 85.198.17.145 port 40672 ssh2
May  4 18:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12773]: Connection closed by 85.198.17.145 port 40672 [preauth]
May  4 18:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Invalid user user1 from 85.198.17.145
May  4 18:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: input_userauth_request: invalid user user1 [preauth]
May  4 18:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Invalid user dima from 36.255.8.54
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: input_userauth_request: invalid user dima [preauth]
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user user1 from 85.198.17.145 port 40684 ssh2
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Connection closed by 85.198.17.145 port 40684 [preauth]
May  4 18:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Failed password for invalid user dima from 36.255.8.54 port 44572 ssh2
May  4 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Received disconnect from 36.255.8.54 port 44572:11: Bye Bye [preauth]
May  4 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12785]: Disconnected from 36.255.8.54 port 44572 [preauth]
May  4 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12802]: Failed password for root from 85.198.17.145 port 54430 ssh2
May  4 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12802]: Connection closed by 85.198.17.145 port 54430 [preauth]
May  4 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Invalid user flink from 85.198.17.145
May  4 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: input_userauth_request: invalid user flink [preauth]
May  4 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Failed password for invalid user flink from 85.198.17.145 port 54440 ssh2
May  4 18:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12813]: Connection closed by 85.198.17.145 port 54440 [preauth]
May  4 18:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Invalid user apache from 85.198.17.145
May  4 18:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: input_userauth_request: invalid user apache [preauth]
May  4 18:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user root
May  4 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for invalid user apache from 85.198.17.145 port 54456 ssh2
May  4 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Connection closed by 85.198.17.145 port 54456 [preauth]
May  4 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for root from 85.198.17.145 port 53328 ssh2
May  4 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Connection closed by 85.198.17.145 port 53328 [preauth]
May  4 18:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Invalid user nginx from 85.198.17.145
May  4 18:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: input_userauth_request: invalid user nginx [preauth]
May  4 18:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Failed password for invalid user nginx from 85.198.17.145 port 53334 ssh2
May  4 18:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12855]: Connection closed by 85.198.17.145 port 53334 [preauth]
May  4 18:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: Invalid user esuser from 85.198.17.145
May  4 18:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: input_userauth_request: invalid user esuser [preauth]
May  4 18:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: Failed password for invalid user esuser from 85.198.17.145 port 53350 ssh2
May  4 18:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12857]: Connection closed by 85.198.17.145 port 53350 [preauth]
May  4 18:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Failed password for root from 85.198.17.145 port 54914 ssh2
May  4 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12881]: Connection closed by 85.198.17.145 port 54914 [preauth]
May  4 18:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Invalid user git from 85.198.17.145
May  4 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: input_userauth_request: invalid user git [preauth]
May  4 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Failed password for invalid user git from 85.198.17.145 port 54924 ssh2
May  4 18:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12890]: Connection closed by 85.198.17.145 port 54924 [preauth]
May  4 18:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Invalid user postgres from 85.198.17.145
May  4 18:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: input_userauth_request: invalid user postgres [preauth]
May  4 18:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Failed password for invalid user postgres from 85.198.17.145 port 54932 ssh2
May  4 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12893]: Connection closed by 85.198.17.145 port 54932 [preauth]
May  4 18:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Invalid user svnuser from 85.198.17.145
May  4 18:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: input_userauth_request: invalid user svnuser [preauth]
May  4 18:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Failed password for invalid user svnuser from 85.198.17.145 port 47000 ssh2
May  4 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12903]: Connection closed by 85.198.17.145 port 47000 [preauth]
May  4 18:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Invalid user dolphinscheduler from 85.198.17.145
May  4 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user p13x
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Failed password for invalid user dolphinscheduler from 85.198.17.145 port 47002 ssh2
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: Successful su for rubyman by root
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: + ??? root:rubyman
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329090 of user rubyman.
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12975]: pam_unix(su:session): session closed for user rubyman
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329090.
May  4 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Connection closed by 85.198.17.145 port 47002 [preauth]
May  4 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session closed for user root
May  4 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Failed password for root from 85.198.17.145 port 47014 ssh2
May  4 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user samftp
May  4 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13013]: Connection closed by 85.198.17.145 port 47014 [preauth]
May  4 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Invalid user plexserver from 85.198.17.145
May  4 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: input_userauth_request: invalid user plexserver [preauth]
May  4 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Failed password for invalid user plexserver from 85.198.17.145 port 57008 ssh2
May  4 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Connection closed by 85.198.17.145 port 57008 [preauth]
May  4 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: Invalid user sonar from 85.198.17.145
May  4 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: input_userauth_request: invalid user sonar [preauth]
May  4 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: Failed password for invalid user sonar from 85.198.17.145 port 57024 ssh2
May  4 18:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13167]: Connection closed by 85.198.17.145 port 57024 [preauth]
May  4 18:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Invalid user app from 85.198.17.145
May  4 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: input_userauth_request: invalid user app [preauth]
May  4 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Failed password for invalid user app from 85.198.17.145 port 57032 ssh2
May  4 18:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13177]: Connection closed by 85.198.17.145 port 57032 [preauth]
May  4 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Invalid user tools from 85.198.17.145
May  4 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: input_userauth_request: invalid user tools [preauth]
May  4 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Failed password for invalid user tools from 85.198.17.145 port 49988 ssh2
May  4 18:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13203]: Connection closed by 85.198.17.145 port 49988 [preauth]
May  4 18:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Invalid user lighthouse from 85.198.17.145
May  4 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: input_userauth_request: invalid user lighthouse [preauth]
May  4 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Failed password for invalid user lighthouse from 85.198.17.145 port 49996 ssh2
May  4 18:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13205]: Connection closed by 85.198.17.145 port 49996 [preauth]
May  4 18:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: User mysql from 85.198.17.145 not allowed because not listed in AllowUsers
May  4 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: input_userauth_request: invalid user mysql [preauth]
May  4 18:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=mysql
May  4 18:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: Failed password for invalid user mysql from 85.198.17.145 port 50000 ssh2
May  4 18:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13215]: Connection closed by 85.198.17.145 port 50000 [preauth]
May  4 18:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Failed password for root from 85.198.17.145 port 58582 ssh2
May  4 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13237]: Connection closed by 85.198.17.145 port 58582 [preauth]
May  4 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Invalid user gpadmin from 85.198.17.145
May  4 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: input_userauth_request: invalid user gpadmin [preauth]
May  4 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Failed password for invalid user gpadmin from 85.198.17.145 port 58596 ssh2
May  4 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Connection closed by 85.198.17.145 port 58596 [preauth]
May  4 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12017]: pam_unix(cron:session): session closed for user root
May  4 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Invalid user oracle from 85.198.17.145
May  4 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: input_userauth_request: invalid user oracle [preauth]
May  4 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for invalid user oracle from 85.198.17.145 port 58612 ssh2
May  4 18:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 85.198.17.145 port 58612 [preauth]
May  4 18:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: Failed password for root from 85.198.17.145 port 59706 ssh2
May  4 18:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: Connection closed by 85.198.17.145 port 59706 [preauth]
May  4 18:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: Invalid user www from 85.198.17.145
May  4 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: input_userauth_request: invalid user www [preauth]
May  4 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: Failed password for invalid user www from 85.198.17.145 port 59718 ssh2
May  4 18:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13288]: Connection closed by 85.198.17.145 port 59718 [preauth]
May  4 18:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: Failed password for root from 85.198.17.145 port 48448 ssh2
May  4 18:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: Connection closed by 85.198.17.145 port 48448 [preauth]
May  4 18:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Invalid user oscar from 85.198.17.145
May  4 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: input_userauth_request: invalid user oscar [preauth]
May  4 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Failed password for invalid user oscar from 85.198.17.145 port 48464 ssh2
May  4 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Connection closed by 85.198.17.145 port 48464 [preauth]
May  4 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Invalid user test from 85.198.17.145
May  4 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: input_userauth_request: invalid user test [preauth]
May  4 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Failed password for invalid user test from 85.198.17.145 port 48466 ssh2
May  4 18:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13326]: Connection closed by 85.198.17.145 port 48466 [preauth]
May  4 18:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Invalid user admin from 85.198.17.145
May  4 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: input_userauth_request: invalid user admin [preauth]
May  4 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Failed password for invalid user admin from 85.198.17.145 port 58146 ssh2
May  4 18:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Connection closed by 85.198.17.145 port 58146 [preauth]
May  4 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Invalid user frontend from 140.249.188.255
May  4 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: input_userauth_request: invalid user frontend [preauth]
May  4 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 18:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for invalid user frontend from 140.249.188.255 port 58202 ssh2
May  4 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Received disconnect from 140.249.188.255 port 58202:11: Bye Bye [preauth]
May  4 18:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Disconnected from 140.249.188.255 port 58202 [preauth]
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user p13x
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: Successful su for rubyman by root
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: + ??? root:rubyman
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329093 of user rubyman.
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13415]: pam_unix(su:session): session closed for user rubyman
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329093.
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for root from 85.198.17.145 port 58156 ssh2
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Connection closed by 85.198.17.145 port 58156 [preauth]
May  4 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Invalid user app from 85.198.17.145
May  4 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: input_userauth_request: invalid user app [preauth]
May  4 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user root
May  4 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Failed password for invalid user app from 85.198.17.145 port 58170 ssh2
May  4 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13438]: Connection closed by 85.198.17.145 port 58170 [preauth]
May  4 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user samftp
May  4 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Invalid user elastic from 85.198.17.145
May  4 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: input_userauth_request: invalid user elastic [preauth]
May  4 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Failed password for invalid user elastic from 85.198.17.145 port 49942 ssh2
May  4 18:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13695]: Connection closed by 85.198.17.145 port 49942 [preauth]
May  4 18:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Invalid user ftp-test from 116.118.48.186
May  4 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: input_userauth_request: invalid user ftp-test [preauth]
May  4 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Failed password for root from 85.198.17.145 port 49948 ssh2
May  4 18:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13716]: Connection closed by 85.198.17.145 port 49948 [preauth]
May  4 18:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Failed password for invalid user ftp-test from 116.118.48.186 port 41754 ssh2
May  4 18:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Received disconnect from 116.118.48.186 port 41754:11: Bye Bye [preauth]
May  4 18:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13718]: Disconnected from 116.118.48.186 port 41754 [preauth]
May  4 18:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Invalid user guest from 85.198.17.145
May  4 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: input_userauth_request: invalid user guest [preauth]
May  4 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Failed password for invalid user guest from 85.198.17.145 port 49954 ssh2
May  4 18:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13721]: Connection closed by 85.198.17.145 port 49954 [preauth]
May  4 18:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Failed password for root from 85.198.17.145 port 37128 ssh2
May  4 18:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13745]: Connection closed by 85.198.17.145 port 37128 [preauth]
May  4 18:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: Invalid user sonar from 85.198.17.145
May  4 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: input_userauth_request: invalid user sonar [preauth]
May  4 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: Failed password for invalid user sonar from 85.198.17.145 port 37144 ssh2
May  4 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13758]: Connection closed by 85.198.17.145 port 37144 [preauth]
May  4 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Invalid user jumpserver from 85.198.17.145
May  4 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: input_userauth_request: invalid user jumpserver [preauth]
May  4 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for invalid user jumpserver from 85.198.17.145 port 37152 ssh2
May  4 18:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 85.198.17.145 port 37152 [preauth]
May  4 18:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Invalid user tom from 85.198.17.145
May  4 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: input_userauth_request: invalid user tom [preauth]
May  4 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Failed password for invalid user tom from 85.198.17.145 port 49118 ssh2
May  4 18:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13785]: Connection closed by 85.198.17.145 port 49118 [preauth]
May  4 18:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Failed password for root from 85.198.17.145 port 49134 ssh2
May  4 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13796]: Connection closed by 85.198.17.145 port 49134 [preauth]
May  4 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12493]: pam_unix(cron:session): session closed for user root
May  4 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Invalid user git from 85.198.17.145
May  4 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: input_userauth_request: invalid user git [preauth]
May  4 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Failed password for invalid user git from 85.198.17.145 port 49138 ssh2
May  4 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Connection closed by 85.198.17.145 port 49138 [preauth]
May  4 18:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: Invalid user ranger from 85.198.17.145
May  4 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: input_userauth_request: invalid user ranger [preauth]
May  4 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: Failed password for root from 213.165.85.145 port 54932 ssh2
May  4 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: Received disconnect from 213.165.85.145 port 54932:11: Bye Bye [preauth]
May  4 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: Disconnected from 213.165.85.145 port 54932 [preauth]
May  4 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: Failed password for invalid user ranger from 85.198.17.145 port 56116 ssh2
May  4 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13829]: Connection closed by 85.198.17.145 port 56116 [preauth]
May  4 18:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: Failed password for root from 85.198.17.145 port 56128 ssh2
May  4 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: Connection closed by 85.198.17.145 port 56128 [preauth]
May  4 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: Invalid user appuser from 85.198.17.145
May  4 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: input_userauth_request: invalid user appuser [preauth]
May  4 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: Failed password for invalid user appuser from 85.198.17.145 port 56130 ssh2
May  4 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13854]: Connection closed by 85.198.17.145 port 56130 [preauth]
May  4 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: Invalid user tom from 85.198.17.145
May  4 18:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: input_userauth_request: invalid user tom [preauth]
May  4 18:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: Failed password for invalid user tom from 85.198.17.145 port 45858 ssh2
May  4 18:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13867]: Connection closed by 85.198.17.145 port 45858 [preauth]
May  4 18:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for root from 85.198.17.145 port 45866 ssh2
May  4 18:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Connection closed by 85.198.17.145 port 45866 [preauth]
May  4 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Invalid user ubuntu from 85.198.17.145
May  4 18:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for invalid user ubuntu from 85.198.17.145 port 47802 ssh2
May  4 18:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Connection closed by 85.198.17.145 port 47802 [preauth]
May  4 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Invalid user elsearch from 85.198.17.145
May  4 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: input_userauth_request: invalid user elsearch [preauth]
May  4 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Failed password for invalid user elsearch from 85.198.17.145 port 47818 ssh2
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13890]: Connection closed by 85.198.17.145 port 47818 [preauth]
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13904]: pam_unix(cron:session): session closed for user p13x
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13966]: Successful su for rubyman by root
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13966]: + ??? root:rubyman
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329096 of user rubyman.
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13966]: pam_unix(su:session): session closed for user rubyman
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329096.
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: Invalid user nginx from 85.198.17.145
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: input_userauth_request: invalid user nginx [preauth]
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11112]: pam_unix(cron:session): session closed for user root
May  4 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: Failed password for invalid user nginx from 85.198.17.145 port 47834 ssh2
May  4 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13901]: Connection closed by 85.198.17.145 port 47834 [preauth]
May  4 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Invalid user rancher from 85.198.17.145
May  4 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: input_userauth_request: invalid user rancher [preauth]
May  4 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13905]: pam_unix(cron:session): session closed for user samftp
May  4 18:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Failed password for invalid user rancher from 85.198.17.145 port 33584 ssh2
May  4 18:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14124]: Connection closed by 85.198.17.145 port 33584 [preauth]
May  4 18:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Failed password for root from 85.198.17.145 port 33588 ssh2
May  4 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Connection closed by 85.198.17.145 port 33588 [preauth]
May  4 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Invalid user rancher from 85.198.17.145
May  4 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: input_userauth_request: invalid user rancher [preauth]
May  4 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Failed password for invalid user rancher from 85.198.17.145 port 33604 ssh2
May  4 18:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Connection closed by 85.198.17.145 port 33604 [preauth]
May  4 18:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Invalid user es from 85.198.17.145
May  4 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: input_userauth_request: invalid user es [preauth]
May  4 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Failed password for invalid user es from 85.198.17.145 port 60930 ssh2
May  4 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Connection closed by 85.198.17.145 port 60930 [preauth]
May  4 18:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Failed password for root from 85.198.17.145 port 60934 ssh2
May  4 18:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14189]: Connection closed by 85.198.17.145 port 60934 [preauth]
May  4 18:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: Invalid user user from 85.198.17.145
May  4 18:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: input_userauth_request: invalid user user [preauth]
May  4 18:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: Failed password for invalid user user from 85.198.17.145 port 60936 ssh2
May  4 18:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: Connection closed by 85.198.17.145 port 60936 [preauth]
May  4 18:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: Failed password for root from 85.198.17.145 port 32906 ssh2
May  4 18:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14214]: Connection closed by 85.198.17.145 port 32906 [preauth]
May  4 18:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: Invalid user uftp from 85.198.17.145
May  4 18:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: input_userauth_request: invalid user uftp [preauth]
May  4 18:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: Failed password for invalid user uftp from 85.198.17.145 port 32908 ssh2
May  4 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14226]: Connection closed by 85.198.17.145 port 32908 [preauth]
May  4 18:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12919]: pam_unix(cron:session): session closed for user root
May  4 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Invalid user itops from 145.239.89.124
May  4 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: input_userauth_request: invalid user itops [preauth]
May  4 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Invalid user data from 85.198.17.145
May  4 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: input_userauth_request: invalid user data [preauth]
May  4 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Failed password for invalid user data from 85.198.17.145 port 32914 ssh2
May  4 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Failed password for invalid user itops from 145.239.89.124 port 42162 ssh2
May  4 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Connection closed by 85.198.17.145 port 32914 [preauth]
May  4 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Received disconnect from 145.239.89.124 port 42162:11: Bye Bye [preauth]
May  4 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Disconnected from 145.239.89.124 port 42162 [preauth]
May  4 18:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Invalid user bigdata from 85.198.17.145
May  4 18:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: input_userauth_request: invalid user bigdata [preauth]
May  4 18:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Failed password for invalid user bigdata from 85.198.17.145 port 55548 ssh2
May  4 18:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Connection closed by 85.198.17.145 port 55548 [preauth]
May  4 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Invalid user oracle from 85.198.17.145
May  4 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: input_userauth_request: invalid user oracle [preauth]
May  4 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Failed password for invalid user oracle from 85.198.17.145 port 55554 ssh2
May  4 18:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14273]: Connection closed by 85.198.17.145 port 55554 [preauth]
May  4 18:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Invalid user plex from 85.198.17.145
May  4 18:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: input_userauth_request: invalid user plex [preauth]
May  4 18:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Failed password for invalid user plex from 85.198.17.145 port 55560 ssh2
May  4 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Connection closed by 85.198.17.145 port 55560 [preauth]
May  4 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Invalid user steam from 85.198.17.145
May  4 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: input_userauth_request: invalid user steam [preauth]
May  4 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Failed password for invalid user steam from 85.198.17.145 port 51500 ssh2
May  4 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Connection closed by 85.198.17.145 port 51500 [preauth]
May  4 18:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Invalid user esuser from 85.198.17.145
May  4 18:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: input_userauth_request: invalid user esuser [preauth]
May  4 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Failed password for invalid user esuser from 85.198.17.145 port 51502 ssh2
May  4 18:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Connection closed by 85.198.17.145 port 51502 [preauth]
May  4 18:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Invalid user observer from 85.198.17.145
May  4 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: input_userauth_request: invalid user observer [preauth]
May  4 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for invalid user observer from 85.198.17.145 port 54474 ssh2
May  4 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Connection closed by 85.198.17.145 port 54474 [preauth]
May  4 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Invalid user docker from 85.198.17.145
May  4 18:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: input_userauth_request: invalid user docker [preauth]
May  4 18:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Failed password for invalid user docker from 85.198.17.145 port 54488 ssh2
May  4 18:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14323]: Connection closed by 85.198.17.145 port 54488 [preauth]
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session closed for user root
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session closed for user p13x
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: Successful su for rubyman by root
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: + ??? root:rubyman
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329103 of user rubyman.
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14406]: pam_unix(su:session): session closed for user rubyman
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329103.
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Invalid user user from 85.198.17.145
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: input_userauth_request: invalid user user [preauth]
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Failed password for invalid user user from 85.198.17.145 port 54504 ssh2
May  4 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session closed for user root
May  4 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14334]: Connection closed by 85.198.17.145 port 54504 [preauth]
May  4 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user root
May  4 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Invalid user elastic from 85.198.17.145
May  4 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: input_userauth_request: invalid user elastic [preauth]
May  4 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user samftp
May  4 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Failed password for invalid user elastic from 85.198.17.145 port 48874 ssh2
May  4 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Connection closed by 85.198.17.145 port 48874 [preauth]
May  4 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: Invalid user oracle from 85.198.17.145
May  4 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: input_userauth_request: invalid user oracle [preauth]
May  4 18:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: Failed password for invalid user oracle from 85.198.17.145 port 48878 ssh2
May  4 18:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14629]: Connection closed by 85.198.17.145 port 48878 [preauth]
May  4 18:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Invalid user postgres from 85.198.17.145
May  4 18:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: input_userauth_request: invalid user postgres [preauth]
May  4 18:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Failed password for invalid user postgres from 85.198.17.145 port 48882 ssh2
May  4 18:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Connection closed by 85.198.17.145 port 48882 [preauth]
May  4 18:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Invalid user ts from 85.198.17.145
May  4 18:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: input_userauth_request: invalid user ts [preauth]
May  4 18:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Failed password for invalid user ts from 85.198.17.145 port 39212 ssh2
May  4 18:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14665]: Connection closed by 85.198.17.145 port 39212 [preauth]
May  4 18:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Failed password for root from 85.198.17.145 port 39218 ssh2
May  4 18:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14667]: Connection closed by 85.198.17.145 port 39218 [preauth]
May  4 18:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Invalid user ftpuser from 85.198.17.145
May  4 18:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: input_userauth_request: invalid user ftpuser [preauth]
May  4 18:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for invalid user ftpuser from 85.198.17.145 port 39222 ssh2
May  4 18:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Connection closed by 85.198.17.145 port 39222 [preauth]
May  4 18:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Invalid user test from 85.198.17.145
May  4 18:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: input_userauth_request: invalid user test [preauth]
May  4 18:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Invalid user terrariaserver from 45.95.233.112
May  4 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: input_userauth_request: invalid user terrariaserver [preauth]
May  4 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Failed password for invalid user test from 85.198.17.145 port 47754 ssh2
May  4 18:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Connection closed by 85.198.17.145 port 47754 [preauth]
May  4 18:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Invalid user gitlab from 85.198.17.145
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: input_userauth_request: invalid user gitlab [preauth]
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Failed password for invalid user terrariaserver from 45.95.233.112 port 38980 ssh2
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Received disconnect from 45.95.233.112 port 38980:11: Bye Bye [preauth]
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14702]: Disconnected from 45.95.233.112 port 38980 [preauth]
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session closed for user root
May  4 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Failed password for invalid user gitlab from 85.198.17.145 port 47758 ssh2
May  4 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14707]: Connection closed by 85.198.17.145 port 47758 [preauth]
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Invalid user guest from 85.198.17.145
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: input_userauth_request: invalid user guest [preauth]
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Invalid user taibabi from 177.182.181.8
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Failed password for invalid user taibabi from 177.182.181.8 port 52304 ssh2
May  4 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Failed password for invalid user guest from 85.198.17.145 port 38836 ssh2
May  4 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Received disconnect from 177.182.181.8 port 52304:11: Bye Bye [preauth]
May  4 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Disconnected from 177.182.181.8 port 52304 [preauth]
May  4 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14730]: Connection closed by 85.198.17.145 port 38836 [preauth]
May  4 18:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: Invalid user worker from 85.198.17.145
May  4 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: input_userauth_request: invalid user worker [preauth]
May  4 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: Failed password for invalid user worker from 85.198.17.145 port 38854 ssh2
May  4 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14748]: Connection closed by 85.198.17.145 port 38854 [preauth]
May  4 18:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Invalid user flask from 85.198.17.145
May  4 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: input_userauth_request: invalid user flask [preauth]
May  4 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Failed password for invalid user flask from 85.198.17.145 port 38872 ssh2
May  4 18:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Connection closed by 85.198.17.145 port 38872 [preauth]
May  4 18:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Invalid user gpuadmin from 85.198.17.145
May  4 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: input_userauth_request: invalid user gpuadmin [preauth]
May  4 18:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for invalid user gpuadmin from 85.198.17.145 port 53602 ssh2
May  4 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Connection closed by 85.198.17.145 port 53602 [preauth]
May  4 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Invalid user zabbix from 85.198.17.145
May  4 18:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: input_userauth_request: invalid user zabbix [preauth]
May  4 18:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Failed password for invalid user zabbix from 85.198.17.145 port 53606 ssh2
May  4 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: Invalid user foo from 103.52.115.223
May  4 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: input_userauth_request: invalid user foo [preauth]
May  4 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14784]: Connection closed by 85.198.17.145 port 53606 [preauth]
May  4 18:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: Failed password for invalid user foo from 103.52.115.223 port 45140 ssh2
May  4 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: Received disconnect from 103.52.115.223 port 45140:11: Bye Bye [preauth]
May  4 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14786]: Disconnected from 103.52.115.223 port 45140 [preauth]
May  4 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for root from 85.198.17.145 port 53614 ssh2
May  4 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Connection closed by 85.198.17.145 port 53614 [preauth]
May  4 18:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Invalid user flask from 85.198.17.145
May  4 18:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: input_userauth_request: invalid user flask [preauth]
May  4 18:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Failed password for invalid user flask from 85.198.17.145 port 40262 ssh2
May  4 18:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14798]: Connection closed by 85.198.17.145 port 40262 [preauth]
May  4 18:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Invalid user gitlab from 85.198.17.145
May  4 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: input_userauth_request: invalid user gitlab [preauth]
May  4 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14814]: pam_unix(cron:session): session closed for user p13x
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: Successful su for rubyman by root
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: + ??? root:rubyman
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329107 of user rubyman.
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14880]: pam_unix(su:session): session closed for user rubyman
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329107.
May  4 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Failed password for invalid user gitlab from 85.198.17.145 port 40276 ssh2
May  4 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14809]: Connection closed by 85.198.17.145 port 40276 [preauth]
May  4 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: Invalid user testuser from 85.198.17.145
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: input_userauth_request: invalid user testuser [preauth]
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Invalid user terrariaserver from 152.32.190.168
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: input_userauth_request: invalid user terrariaserver [preauth]
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12016]: pam_unix(cron:session): session closed for user root
May  4 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14815]: pam_unix(cron:session): session closed for user samftp
May  4 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Failed password for invalid user terrariaserver from 152.32.190.168 port 39300 ssh2
May  4 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: Failed password for invalid user testuser from 85.198.17.145 port 40292 ssh2
May  4 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Received disconnect from 152.32.190.168 port 39300:11: Bye Bye [preauth]
May  4 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14999]: Disconnected from 152.32.190.168 port 39300 [preauth]
May  4 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: Connection closed by 85.198.17.145 port 40292 [preauth]
May  4 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Invalid user postgres from 85.198.17.145
May  4 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: input_userauth_request: invalid user postgres [preauth]
May  4 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Failed password for invalid user postgres from 85.198.17.145 port 33286 ssh2
May  4 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15076]: Connection closed by 85.198.17.145 port 33286 [preauth]
May  4 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Invalid user jenkins from 85.198.17.145
May  4 18:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: input_userauth_request: invalid user jenkins [preauth]
May  4 18:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Failed password for invalid user jenkins from 85.198.17.145 port 33294 ssh2
May  4 18:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15086]: Connection closed by 85.198.17.145 port 33294 [preauth]
May  4 18:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Failed password for root from 85.198.17.145 port 33296 ssh2
May  4 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Connection closed by 85.198.17.145 port 33296 [preauth]
May  4 18:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Invalid user admin from 85.198.17.145
May  4 18:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: input_userauth_request: invalid user admin [preauth]
May  4 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Failed password for invalid user admin from 85.198.17.145 port 45048 ssh2
May  4 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15112]: Connection closed by 85.198.17.145 port 45048 [preauth]
May  4 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Invalid user weblogic from 85.198.17.145
May  4 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: input_userauth_request: invalid user weblogic [preauth]
May  4 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Failed password for invalid user weblogic from 85.198.17.145 port 45060 ssh2
May  4 18:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15123]: Connection closed by 85.198.17.145 port 45060 [preauth]
May  4 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Invalid user centos from 85.198.17.145
May  4 18:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: input_userauth_request: invalid user centos [preauth]
May  4 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Failed password for invalid user centos from 85.198.17.145 port 45494 ssh2
May  4 18:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Connection closed by 85.198.17.145 port 45494 [preauth]
May  4 18:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Invalid user steam from 85.198.17.145
May  4 18:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: input_userauth_request: invalid user steam [preauth]
May  4 18:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Failed password for invalid user steam from 85.198.17.145 port 45500 ssh2
May  4 18:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15147]: Connection closed by 85.198.17.145 port 45500 [preauth]
May  4 18:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Invalid user test from 85.198.17.145
May  4 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: input_userauth_request: invalid user test [preauth]
May  4 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session closed for user root
May  4 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Failed password for invalid user test from 85.198.17.145 port 45502 ssh2
May  4 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Connection closed by 85.198.17.145 port 45502 [preauth]
May  4 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Invalid user test from 85.198.17.145
May  4 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: input_userauth_request: invalid user test [preauth]
May  4 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Failed password for invalid user test from 85.198.17.145 port 47492 ssh2
May  4 18:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15187]: Connection closed by 85.198.17.145 port 47492 [preauth]
May  4 18:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Failed password for root from 85.198.17.145 port 47502 ssh2
May  4 18:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15189]: Connection closed by 85.198.17.145 port 47502 [preauth]
May  4 18:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Invalid user centos from 85.198.17.145
May  4 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: input_userauth_request: invalid user centos [preauth]
May  4 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Failed password for invalid user centos from 85.198.17.145 port 47512 ssh2
May  4 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15200]: Connection closed by 85.198.17.145 port 47512 [preauth]
May  4 18:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Invalid user tomcat from 85.198.17.145
May  4 18:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: input_userauth_request: invalid user tomcat [preauth]
May  4 18:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Failed password for invalid user tomcat from 85.198.17.145 port 42530 ssh2
May  4 18:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214  user=root
May  4 18:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Connection closed by 85.198.17.145 port 42530 [preauth]
May  4 18:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: User mysql from 85.198.17.145 not allowed because not listed in AllowUsers
May  4 18:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: input_userauth_request: invalid user mysql [preauth]
May  4 18:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=mysql
May  4 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15225]: Failed password for root from 123.252.238.214 port 50984 ssh2
May  4 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15225]: Received disconnect from 123.252.238.214 port 50984:11: Bye Bye [preauth]
May  4 18:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15225]: Disconnected from 123.252.238.214 port 50984 [preauth]
May  4 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Failed password for invalid user mysql from 85.198.17.145 port 42542 ssh2
May  4 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Connection closed by 85.198.17.145 port 42542 [preauth]
May  4 18:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: Failed password for root from 85.198.17.145 port 42548 ssh2
May  4 18:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15239]: Connection closed by 85.198.17.145 port 42548 [preauth]
May  4 18:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Failed password for root from 85.198.17.145 port 58076 ssh2
May  4 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15249]: Connection closed by 85.198.17.145 port 58076 [preauth]
May  4 18:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Invalid user zabbix from 85.198.17.145
May  4 18:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: input_userauth_request: invalid user zabbix [preauth]
May  4 18:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15262]: pam_unix(cron:session): session closed for user p13x
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: Successful su for rubyman by root
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: + ??? root:rubyman
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329111 of user rubyman.
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15324]: pam_unix(su:session): session closed for user rubyman
May  4 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329111.
May  4 18:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Failed password for invalid user zabbix from 85.198.17.145 port 58086 ssh2
May  4 18:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Connection closed by 85.198.17.145 port 58086 [preauth]
May  4 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Invalid user kubernetes from 85.198.17.145
May  4 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: input_userauth_request: invalid user kubernetes [preauth]
May  4 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12492]: pam_unix(cron:session): session closed for user root
May  4 18:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15263]: pam_unix(cron:session): session closed for user samftp
May  4 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Failed password for invalid user kubernetes from 85.198.17.145 port 58094 ssh2
May  4 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: Connection closed by 85.198.17.145 port 58094 [preauth]
May  4 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: Invalid user observer from 85.198.17.145
May  4 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: input_userauth_request: invalid user observer [preauth]
May  4 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: Failed password for invalid user observer from 85.198.17.145 port 47670 ssh2
May  4 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15510]: Connection closed by 85.198.17.145 port 47670 [preauth]
May  4 18:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: Invalid user hadoop from 85.198.17.145
May  4 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: input_userauth_request: invalid user hadoop [preauth]
May  4 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: Failed password for invalid user hadoop from 85.198.17.145 port 47684 ssh2
May  4 18:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: Connection closed by 85.198.17.145 port 47684 [preauth]
May  4 18:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Invalid user bot from 85.198.17.145
May  4 18:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: input_userauth_request: invalid user bot [preauth]
May  4 18:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Failed password for invalid user bot from 85.198.17.145 port 41848 ssh2
May  4 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15535]: Connection closed by 85.198.17.145 port 41848 [preauth]
May  4 18:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Invalid user debianuser from 85.198.17.145
May  4 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: input_userauth_request: invalid user debianuser [preauth]
May  4 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Failed password for invalid user debianuser from 85.198.17.145 port 41856 ssh2
May  4 18:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Connection closed by 85.198.17.145 port 41856 [preauth]
May  4 18:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Invalid user ranger from 85.198.17.145
May  4 18:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: input_userauth_request: invalid user ranger [preauth]
May  4 18:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Failed password for invalid user ranger from 85.198.17.145 port 41864 ssh2
May  4 18:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Connection closed by 85.198.17.145 port 41864 [preauth]
May  4 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Invalid user oracle from 85.198.17.145
May  4 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: input_userauth_request: invalid user oracle [preauth]
May  4 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Failed password for invalid user oracle from 85.198.17.145 port 59274 ssh2
May  4 18:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15572]: Connection closed by 85.198.17.145 port 59274 [preauth]
May  4 18:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15582]: User ftp from 85.198.17.145 not allowed because not listed in AllowUsers
May  4 18:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15582]: input_userauth_request: invalid user ftp [preauth]
May  4 18:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=ftp
May  4 18:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15582]: Failed password for invalid user ftp from 85.198.17.145 port 59286 ssh2
May  4 18:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15582]: Connection closed by 85.198.17.145 port 59286 [preauth]
May  4 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: Invalid user elastic from 85.198.17.145
May  4 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: input_userauth_request: invalid user elastic [preauth]
May  4 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user root
May  4 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: Failed password for invalid user elastic from 85.198.17.145 port 59290 ssh2
May  4 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15584]: Connection closed by 85.198.17.145 port 59290 [preauth]
May  4 18:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15614]: Failed password for root from 85.198.17.145 port 40528 ssh2
May  4 18:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15614]: Connection closed by 85.198.17.145 port 40528 [preauth]
May  4 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Invalid user admin from 85.198.17.145
May  4 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: input_userauth_request: invalid user admin [preauth]
May  4 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Failed password for invalid user admin from 85.198.17.145 port 40534 ssh2
May  4 18:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15625]: Connection closed by 85.198.17.145 port 40534 [preauth]
May  4 18:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: Invalid user default from 85.198.17.145
May  4 18:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: input_userauth_request: invalid user default [preauth]
May  4 18:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: Failed password for invalid user default from 85.198.17.145 port 40540 ssh2
May  4 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: Connection closed by 85.198.17.145 port 40540 [preauth]
May  4 18:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: Invalid user tomcat from 85.198.17.145
May  4 18:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: input_userauth_request: invalid user tomcat [preauth]
May  4 18:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: Failed password for invalid user tomcat from 85.198.17.145 port 49146 ssh2
May  4 18:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15649]: Connection closed by 85.198.17.145 port 49146 [preauth]
May  4 18:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  4 18:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Invalid user gitlab from 85.198.17.145
May  4 18:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: input_userauth_request: invalid user gitlab [preauth]
May  4 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15659]: Failed password for root from 193.70.84.184 port 55520 ssh2
May  4 18:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15659]: Connection closed by 193.70.84.184 port 55520 [preauth]
May  4 18:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Failed password for invalid user gitlab from 85.198.17.145 port 49154 ssh2
May  4 18:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Connection closed by 85.198.17.145 port 49154 [preauth]
May  4 18:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Failed password for root from 85.198.17.145 port 49162 ssh2
May  4 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15663]: Connection closed by 85.198.17.145 port 49162 [preauth]
May  4 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Invalid user hadoop from 85.198.17.145
May  4 18:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: input_userauth_request: invalid user hadoop [preauth]
May  4 18:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Failed password for invalid user hadoop from 85.198.17.145 port 33304 ssh2
May  4 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15673]: Connection closed by 85.198.17.145 port 33304 [preauth]
May  4 18:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Invalid user tools from 85.198.17.145
May  4 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: input_userauth_request: invalid user tools [preauth]
May  4 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user p13x
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15752]: Successful su for rubyman by root
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15752]: + ??? root:rubyman
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329116 of user rubyman.
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15752]: pam_unix(su:session): session closed for user rubyman
May  4 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329116.
May  4 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Failed password for invalid user tools from 85.198.17.145 port 33308 ssh2
May  4 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15687]: Connection closed by 85.198.17.145 port 33308 [preauth]
May  4 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
May  4 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Invalid user admin from 85.198.17.145
May  4 18:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: input_userauth_request: invalid user admin [preauth]
May  4 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user samftp
May  4 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Failed password for invalid user admin from 85.198.17.145 port 33318 ssh2
May  4 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15839]: Connection closed by 85.198.17.145 port 33318 [preauth]
May  4 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Invalid user www from 85.198.17.145
May  4 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: input_userauth_request: invalid user www [preauth]
May  4 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Failed password for invalid user www from 85.198.17.145 port 42078 ssh2
May  4 18:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15941]: Connection closed by 85.198.17.145 port 42078 [preauth]
May  4 18:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Failed password for root from 85.198.17.145 port 42088 ssh2
May  4 18:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15951]: Connection closed by 85.198.17.145 port 42088 [preauth]
May  4 18:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15965]: Failed password for root from 85.198.17.145 port 42090 ssh2
May  4 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15965]: Connection closed by 85.198.17.145 port 42090 [preauth]
May  4 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Invalid user es from 85.198.17.145
May  4 18:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: input_userauth_request: invalid user es [preauth]
May  4 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Failed password for invalid user es from 85.198.17.145 port 36548 ssh2
May  4 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15975]: Connection closed by 85.198.17.145 port 36548 [preauth]
May  4 18:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15985]: Failed password for root from 85.198.17.145 port 36572 ssh2
May  4 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15985]: Connection closed by 85.198.17.145 port 36572 [preauth]
May  4 18:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: Invalid user oracle from 85.198.17.145
May  4 18:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: input_userauth_request: invalid user oracle [preauth]
May  4 18:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: Failed password for invalid user oracle from 85.198.17.145 port 60360 ssh2
May  4 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: Connection closed by 85.198.17.145 port 60360 [preauth]
May  4 18:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: Invalid user uftp from 85.198.17.145
May  4 18:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: input_userauth_request: invalid user uftp [preauth]
May  4 18:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Invalid user postgres from 213.165.85.145
May  4 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: input_userauth_request: invalid user postgres [preauth]
May  4 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 18:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: Failed password for invalid user uftp from 85.198.17.145 port 60372 ssh2
May  4 18:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16010]: Connection closed by 85.198.17.145 port 60372 [preauth]
May  4 18:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Invalid user flink from 85.198.17.145
May  4 18:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: input_userauth_request: invalid user flink [preauth]
May  4 18:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Failed password for invalid user postgres from 213.165.85.145 port 49404 ssh2
May  4 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Received disconnect from 213.165.85.145 port 49404:11: Bye Bye [preauth]
May  4 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Disconnected from 213.165.85.145 port 49404 [preauth]
May  4 18:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14817]: pam_unix(cron:session): session closed for user root
May  4 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Failed password for invalid user flink from 85.198.17.145 port 60376 ssh2
May  4 18:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16022]: Connection closed by 85.198.17.145 port 60376 [preauth]
May  4 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Invalid user gitlab-runner from 85.198.17.145
May  4 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: input_userauth_request: invalid user gitlab-runner [preauth]
May  4 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Failed password for invalid user gitlab-runner from 85.198.17.145 port 55046 ssh2
May  4 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16043]: Connection closed by 85.198.17.145 port 55046 [preauth]
May  4 18:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: Invalid user es from 85.198.17.145
May  4 18:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: input_userauth_request: invalid user es [preauth]
May  4 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: Failed password for invalid user es from 85.198.17.145 port 55060 ssh2
May  4 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: Connection closed by 85.198.17.145 port 55060 [preauth]
May  4 18:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Invalid user oracle from 85.198.17.145
May  4 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: input_userauth_request: invalid user oracle [preauth]
May  4 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user oracle from 85.198.17.145 port 55072 ssh2
May  4 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Connection closed by 85.198.17.145 port 55072 [preauth]
May  4 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: Invalid user ubnt from 85.198.17.145
May  4 18:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: input_userauth_request: invalid user ubnt [preauth]
May  4 18:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: Failed password for invalid user ubnt from 85.198.17.145 port 41710 ssh2
May  4 18:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16077]: Connection closed by 85.198.17.145 port 41710 [preauth]
May  4 18:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: Invalid user nvidia from 85.198.17.145
May  4 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: input_userauth_request: invalid user nvidia [preauth]
May  4 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: Failed password for invalid user nvidia from 85.198.17.145 port 41714 ssh2
May  4 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16089]: Connection closed by 85.198.17.145 port 41714 [preauth]
May  4 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Failed password for root from 85.198.17.145 port 41718 ssh2
May  4 18:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16100]: Connection closed by 85.198.17.145 port 41718 [preauth]
May  4 18:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: Failed password for root from 85.198.17.145 port 57562 ssh2
May  4 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16102]: Connection closed by 85.198.17.145 port 57562 [preauth]
May  4 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Invalid user developer from 85.198.17.145
May  4 18:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: input_userauth_request: invalid user developer [preauth]
May  4 18:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Failed password for invalid user developer from 85.198.17.145 port 57568 ssh2
May  4 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16112]: Connection closed by 85.198.17.145 port 57568 [preauth]
May  4 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16123]: pam_unix(cron:session): session closed for user p13x
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: Successful su for rubyman by root
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: + ??? root:rubyman
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329119 of user rubyman.
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: pam_unix(su:session): session closed for user rubyman
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329119.
May  4 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
May  4 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: Failed password for root from 85.198.17.145 port 57572 ssh2
May  4 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: Connection closed by 85.198.17.145 port 57572 [preauth]
May  4 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16124]: pam_unix(cron:session): session closed for user samftp
May  4 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: User ftp from 85.198.17.145 not allowed because not listed in AllowUsers
May  4 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: input_userauth_request: invalid user ftp [preauth]
May  4 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=ftp
May  4 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Invalid user ts3server from 116.118.48.186
May  4 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: input_userauth_request: invalid user ts3server [preauth]
May  4 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: Failed password for invalid user ftp from 85.198.17.145 port 44168 ssh2
May  4 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: Connection closed by 85.198.17.145 port 44168 [preauth]
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Invalid user mongodb from 85.198.17.145
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: input_userauth_request: invalid user mongodb [preauth]
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Invalid user taibabi from 145.239.89.124
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Failed password for invalid user ts3server from 116.118.48.186 port 58698 ssh2
May  4 18:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Received disconnect from 116.118.48.186 port 58698:11: Bye Bye [preauth]
May  4 18:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16360]: Disconnected from 116.118.48.186 port 58698 [preauth]
May  4 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Failed password for invalid user taibabi from 145.239.89.124 port 34792 ssh2
May  4 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Failed password for invalid user mongodb from 85.198.17.145 port 44176 ssh2
May  4 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Received disconnect from 145.239.89.124 port 34792:11: Bye Bye [preauth]
May  4 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Disconnected from 145.239.89.124 port 34792 [preauth]
May  4 18:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16362]: Connection closed by 85.198.17.145 port 44176 [preauth]
May  4 18:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Invalid user mongodb from 85.198.17.145
May  4 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: input_userauth_request: invalid user mongodb [preauth]
May  4 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Failed password for invalid user mongodb from 85.198.17.145 port 44186 ssh2
May  4 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16374]: Connection closed by 85.198.17.145 port 44186 [preauth]
May  4 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Invalid user app from 85.198.17.145
May  4 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: input_userauth_request: invalid user app [preauth]
May  4 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Failed password for invalid user app from 85.198.17.145 port 47850 ssh2
May  4 18:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16388]: Connection closed by 85.198.17.145 port 47850 [preauth]
May  4 18:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Failed password for root from 85.198.17.145 port 47860 ssh2
May  4 18:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16398]: Connection closed by 85.198.17.145 port 47860 [preauth]
May  4 18:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Invalid user www from 85.198.17.145
May  4 18:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: input_userauth_request: invalid user www [preauth]
May  4 18:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Failed password for invalid user www from 85.198.17.145 port 47876 ssh2
May  4 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16408]: Connection closed by 85.198.17.145 port 47876 [preauth]
May  4 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: Invalid user sonar from 85.198.17.145
May  4 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: input_userauth_request: invalid user sonar [preauth]
May  4 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: Failed password for invalid user sonar from 85.198.17.145 port 40542 ssh2
May  4 18:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16426]: Connection closed by 85.198.17.145 port 40542 [preauth]
May  4 18:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Invalid user elasticsearch from 85.198.17.145
May  4 18:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: input_userauth_request: invalid user elasticsearch [preauth]
May  4 18:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15265]: pam_unix(cron:session): session closed for user root
May  4 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Failed password for invalid user elasticsearch from 85.198.17.145 port 40558 ssh2
May  4 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16439]: Connection closed by 85.198.17.145 port 40558 [preauth]
May  4 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Invalid user docker from 85.198.17.145
May  4 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: input_userauth_request: invalid user docker [preauth]
May  4 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Failed password for invalid user docker from 85.198.17.145 port 57650 ssh2
May  4 18:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16487]: Connection closed by 85.198.17.145 port 57650 [preauth]
May  4 18:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Failed password for root from 85.198.17.145 port 57658 ssh2
May  4 18:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16490]: Connection closed by 85.198.17.145 port 57658 [preauth]
May  4 18:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: Invalid user postgres from 85.198.17.145
May  4 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: input_userauth_request: invalid user postgres [preauth]
May  4 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: Failed password for invalid user postgres from 85.198.17.145 port 57664 ssh2
May  4 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16511]: Connection closed by 85.198.17.145 port 57664 [preauth]
May  4 18:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: Invalid user dev from 85.198.17.145
May  4 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: input_userauth_request: invalid user dev [preauth]
May  4 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: Failed password for invalid user dev from 85.198.17.145 port 33592 ssh2
May  4 18:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16540]: Connection closed by 85.198.17.145 port 33592 [preauth]
May  4 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Invalid user guest from 85.198.17.145
May  4 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: input_userauth_request: invalid user guest [preauth]
May  4 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Failed password for invalid user guest from 85.198.17.145 port 33596 ssh2
May  4 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Connection closed by 85.198.17.145 port 33596 [preauth]
May  4 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Invalid user tomcat from 85.198.17.145
May  4 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: input_userauth_request: invalid user tomcat [preauth]
May  4 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user tomcat from 85.198.17.145 port 33612 ssh2
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Connection closed by 85.198.17.145 port 33612 [preauth]
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Invalid user dev from 45.95.233.112
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: input_userauth_request: invalid user dev [preauth]
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Invalid user elsearch from 85.198.17.145
May  4 18:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: input_userauth_request: invalid user elsearch [preauth]
May  4 18:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Failed password for invalid user dev from 45.95.233.112 port 39726 ssh2
May  4 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Received disconnect from 45.95.233.112 port 39726:11: Bye Bye [preauth]
May  4 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16569]: Disconnected from 45.95.233.112 port 39726 [preauth]
May  4 18:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Failed password for invalid user elsearch from 85.198.17.145 port 33450 ssh2
May  4 18:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Connection closed by 85.198.17.145 port 33450 [preauth]
May  4 18:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: Invalid user git from 85.198.17.145
May  4 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: input_userauth_request: invalid user git [preauth]
May  4 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session closed for user root
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16589]: pam_unix(cron:session): session closed for user p13x
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: Successful su for rubyman by root
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: + ??? root:rubyman
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329124 of user rubyman.
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16670]: pam_unix(su:session): session closed for user rubyman
May  4 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329124.
May  4 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: Failed password for invalid user git from 85.198.17.145 port 33454 ssh2
May  4 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16573]: Connection closed by 85.198.17.145 port 33454 [preauth]
May  4 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session closed for user root
May  4 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Invalid user vagrant from 85.198.17.145
May  4 18:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: input_userauth_request: invalid user vagrant [preauth]
May  4 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13906]: pam_unix(cron:session): session closed for user root
May  4 18:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Failed password for invalid user vagrant from 85.198.17.145 port 33456 ssh2
May  4 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Connection closed by 85.198.17.145 port 33456 [preauth]
May  4 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16590]: pam_unix(cron:session): session closed for user samftp
May  4 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: Invalid user esuser from 85.198.17.145
May  4 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: input_userauth_request: invalid user esuser [preauth]
May  4 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: Failed password for invalid user esuser from 85.198.17.145 port 60788 ssh2
May  4 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16893]: Connection closed by 85.198.17.145 port 60788 [preauth]
May  4 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Invalid user ftpuser from 85.198.17.145
May  4 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: input_userauth_request: invalid user ftpuser [preauth]
May  4 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for invalid user ftpuser from 85.198.17.145 port 60790 ssh2
May  4 18:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Connection closed by 85.198.17.145 port 60790 [preauth]
May  4 18:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Invalid user esuser from 85.198.17.145
May  4 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: input_userauth_request: invalid user esuser [preauth]
May  4 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Failed password for invalid user esuser from 85.198.17.145 port 60802 ssh2
May  4 18:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Connection closed by 85.198.17.145 port 60802 [preauth]
May  4 18:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16942]: Failed password for root from 85.198.17.145 port 50796 ssh2
May  4 18:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16942]: Connection closed by 85.198.17.145 port 50796 [preauth]
May  4 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Invalid user worker from 85.198.17.145
May  4 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: input_userauth_request: invalid user worker [preauth]
May  4 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Failed password for invalid user worker from 85.198.17.145 port 50810 ssh2
May  4 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Connection closed by 85.198.17.145 port 50810 [preauth]
May  4 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Invalid user ftpuser from 85.198.17.145
May  4 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: input_userauth_request: invalid user ftpuser [preauth]
May  4 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Failed password for invalid user ftpuser from 85.198.17.145 port 50826 ssh2
May  4 18:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Connection closed by 85.198.17.145 port 50826 [preauth]
May  4 18:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Invalid user admin from 85.198.17.145
May  4 18:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: input_userauth_request: invalid user admin [preauth]
May  4 18:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Failed password for invalid user admin from 85.198.17.145 port 42784 ssh2
May  4 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Connection closed by 85.198.17.145 port 42784 [preauth]
May  4 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Invalid user steam from 85.198.17.145
May  4 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: input_userauth_request: invalid user steam [preauth]
May  4 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session closed for user root
May  4 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Failed password for invalid user steam from 85.198.17.145 port 42796 ssh2
May  4 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Connection closed by 85.198.17.145 port 42796 [preauth]
May  4 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Invalid user es from 85.198.17.145
May  4 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: input_userauth_request: invalid user es [preauth]
May  4 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Failed password for invalid user es from 85.198.17.145 port 35956 ssh2
May  4 18:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Connection closed by 85.198.17.145 port 35956 [preauth]
May  4 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: Failed password for root from 85.198.17.145 port 35970 ssh2
May  4 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17031]: Connection closed by 85.198.17.145 port 35970 [preauth]
May  4 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Invalid user deploy from 85.198.17.145
May  4 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: input_userauth_request: invalid user deploy [preauth]
May  4 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Failed password for invalid user deploy from 85.198.17.145 port 35982 ssh2
May  4 18:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Connection closed by 85.198.17.145 port 35982 [preauth]
May  4 18:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Invalid user demo from 85.198.17.145
May  4 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: input_userauth_request: invalid user demo [preauth]
May  4 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Failed password for invalid user demo from 85.198.17.145 port 40438 ssh2
May  4 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Connection closed by 85.198.17.145 port 40438 [preauth]
May  4 18:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Invalid user deploy from 85.198.17.145
May  4 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: input_userauth_request: invalid user deploy [preauth]
May  4 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for invalid user deploy from 85.198.17.145 port 40446 ssh2
May  4 18:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Connection closed by 85.198.17.145 port 40446 [preauth]
May  4 18:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Invalid user dev from 85.198.17.145
May  4 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: input_userauth_request: invalid user dev [preauth]
May  4 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Failed password for root from 176.31.162.135 port 51092 ssh2
May  4 18:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Connection closed by 176.31.162.135 port 51092 [preauth]
May  4 18:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Failed password for invalid user dev from 85.198.17.145 port 40456 ssh2
May  4 18:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Connection closed by 85.198.17.145 port 40456 [preauth]
May  4 18:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Invalid user oscar from 85.198.17.145
May  4 18:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: input_userauth_request: invalid user oscar [preauth]
May  4 18:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Failed password for invalid user oscar from 85.198.17.145 port 37020 ssh2
May  4 18:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17082]: Connection closed by 85.198.17.145 port 37020 [preauth]
May  4 18:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: Invalid user dolphinscheduler from 85.198.17.145
May  4 18:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 18:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: Failed password for invalid user dolphinscheduler from 85.198.17.145 port 37030 ssh2
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17092]: Connection closed by 85.198.17.145 port 37030 [preauth]
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17095]: pam_unix(cron:session): session closed for user p13x
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: Successful su for rubyman by root
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: + ??? root:rubyman
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329129 of user rubyman.
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: pam_unix(su:session): session closed for user rubyman
May  4 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329129.
May  4 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: Invalid user pi from 85.198.17.145
May  4 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: input_userauth_request: invalid user pi [preauth]
May  4 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: Failed password for invalid user pi from 85.198.17.145 port 37036 ssh2
May  4 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: Connection closed by 85.198.17.145 port 37036 [preauth]
May  4 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session closed for user root
May  4 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session closed for user samftp
May  4 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Invalid user dev from 85.198.17.145
May  4 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: input_userauth_request: invalid user dev [preauth]
May  4 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Failed password for invalid user dev from 85.198.17.145 port 51066 ssh2
May  4 18:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17334]: Connection closed by 85.198.17.145 port 51066 [preauth]
May  4 18:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Invalid user oceanbase from 85.198.17.145
May  4 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: input_userauth_request: invalid user oceanbase [preauth]
May  4 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for invalid user oceanbase from 85.198.17.145 port 51068 ssh2
May  4 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Connection closed by 85.198.17.145 port 51068 [preauth]
May  4 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Invalid user lighthouse from 85.198.17.145
May  4 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: input_userauth_request: invalid user lighthouse [preauth]
May  4 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Failed password for invalid user lighthouse from 85.198.17.145 port 51084 ssh2
May  4 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Connection closed by 85.198.17.145 port 51084 [preauth]
May  4 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: Failed password for root from 85.198.17.145 port 43130 ssh2
May  4 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17389]: Connection closed by 85.198.17.145 port 43130 [preauth]
May  4 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: Failed password for root from 85.198.17.145 port 43136 ssh2
May  4 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17401]: Connection closed by 85.198.17.145 port 43136 [preauth]
May  4 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Failed password for root from 85.198.17.145 port 43148 ssh2
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Invalid user taibabi from 152.32.190.168
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17403]: Connection closed by 85.198.17.145 port 43148 [preauth]
May  4 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Failed password for invalid user taibabi from 152.32.190.168 port 43544 ssh2
May  4 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Received disconnect from 152.32.190.168 port 43544:11: Bye Bye [preauth]
May  4 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17428]: Disconnected from 152.32.190.168 port 43544 [preauth]
May  4 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Failed password for root from 85.198.17.145 port 37534 ssh2
May  4 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17430]: Connection closed by 85.198.17.145 port 37534 [preauth]
May  4 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Invalid user user from 85.198.17.145
May  4 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: input_userauth_request: invalid user user [preauth]
May  4 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Invalid user odin from 177.182.181.8
May  4 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: input_userauth_request: invalid user odin [preauth]
May  4 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for invalid user user from 85.198.17.145 port 37542 ssh2
May  4 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Connection closed by 85.198.17.145 port 37542 [preauth]
May  4 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16126]: pam_unix(cron:session): session closed for user root
May  4 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user odin from 177.182.181.8 port 58124 ssh2
May  4 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Received disconnect from 177.182.181.8 port 58124:11: Bye Bye [preauth]
May  4 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Disconnected from 177.182.181.8 port 58124 [preauth]
May  4 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for root from 85.198.17.145 port 37546 ssh2
May  4 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Connection closed by 85.198.17.145 port 37546 [preauth]
May  4 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Invalid user svnuser from 85.198.17.145
May  4 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: input_userauth_request: invalid user svnuser [preauth]
May  4 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Failed password for invalid user svnuser from 85.198.17.145 port 53872 ssh2
May  4 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17480]: Connection closed by 85.198.17.145 port 53872 [preauth]
May  4 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Invalid user ftpuser from 85.198.17.145
May  4 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: input_userauth_request: invalid user ftpuser [preauth]
May  4 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Failed password for invalid user ftpuser from 85.198.17.145 port 53878 ssh2
May  4 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17493]: Connection closed by 85.198.17.145 port 53878 [preauth]
May  4 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Invalid user ubuntu from 85.198.17.145
May  4 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Failed password for invalid user ubuntu from 85.198.17.145 port 53884 ssh2
May  4 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Connection closed by 85.198.17.145 port 53884 [preauth]
May  4 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 85.198.17.145 port 52758 ssh2
May  4 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Connection closed by 85.198.17.145 port 52758 [preauth]
May  4 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Invalid user esadmin from 85.198.17.145
May  4 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: input_userauth_request: invalid user esadmin [preauth]
May  4 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Failed password for invalid user esadmin from 85.198.17.145 port 52764 ssh2
May  4 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17531]: Connection closed by 85.198.17.145 port 52764 [preauth]
May  4 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for root from 85.198.17.145 port 52774 ssh2
May  4 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Connection closed by 85.198.17.145 port 52774 [preauth]
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: Invalid user flask from 85.198.17.145
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: input_userauth_request: invalid user flask [preauth]
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Invalid user mahi from 103.52.115.223
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: input_userauth_request: invalid user mahi [preauth]
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Failed password for invalid user mahi from 103.52.115.223 port 49790 ssh2
May  4 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Received disconnect from 103.52.115.223 port 49790:11: Bye Bye [preauth]
May  4 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Disconnected from 103.52.115.223 port 49790 [preauth]
May  4 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: Failed password for invalid user flask from 85.198.17.145 port 57680 ssh2
May  4 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17551]: Connection closed by 85.198.17.145 port 57680 [preauth]
May  4 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Invalid user deploy from 85.198.17.145
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: input_userauth_request: invalid user deploy [preauth]
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session closed for user p13x
May  4 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: Successful su for rubyman by root
May  4 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: + ??? root:rubyman
May  4 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329134 of user rubyman.
May  4 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17626]: pam_unix(su:session): session closed for user rubyman
May  4 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329134.
May  4 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Failed password for invalid user deploy from 85.198.17.145 port 57690 ssh2
May  4 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14816]: pam_unix(cron:session): session closed for user root
May  4 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17553]: Connection closed by 85.198.17.145 port 57690 [preauth]
May  4 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session closed for user samftp
May  4 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Failed password for root from 85.198.17.145 port 57698 ssh2
May  4 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Connection closed by 85.198.17.145 port 57698 [preauth]
May  4 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Failed password for root from 85.198.17.145 port 38422 ssh2
May  4 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Connection closed by 85.198.17.145 port 38422 [preauth]
May  4 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: Invalid user oracle from 85.198.17.145
May  4 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: input_userauth_request: invalid user oracle [preauth]
May  4 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: Failed password for invalid user oracle from 85.198.17.145 port 38424 ssh2
May  4 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17931]: Connection closed by 85.198.17.145 port 38424 [preauth]
May  4 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Invalid user rabbitmq from 85.198.17.145
May  4 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: input_userauth_request: invalid user rabbitmq [preauth]
May  4 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Invalid user taibabi from 123.252.238.214
May  4 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  4 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Failed password for invalid user rabbitmq from 85.198.17.145 port 38440 ssh2
May  4 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: Connection closed by 85.198.17.145 port 38440 [preauth]
May  4 18:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Failed password for invalid user taibabi from 123.252.238.214 port 48894 ssh2
May  4 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Received disconnect from 123.252.238.214 port 48894:11: Bye Bye [preauth]
May  4 18:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17957]: Disconnected from 123.252.238.214 port 48894 [preauth]
May  4 18:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Failed password for root from 85.198.17.145 port 44284 ssh2
May  4 18:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Connection closed by 85.198.17.145 port 44284 [preauth]
May  4 18:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Failed password for root from 85.198.17.145 port 44290 ssh2
May  4 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17970]: Connection closed by 85.198.17.145 port 44290 [preauth]
May  4 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Failed password for root from 85.198.17.145 port 41678 ssh2
May  4 18:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17996]: Connection closed by 85.198.17.145 port 41678 [preauth]
May  4 18:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Failed password for root from 85.198.17.145 port 41690 ssh2
May  4 18:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Connection closed by 85.198.17.145 port 41690 [preauth]
May  4 18:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Invalid user wang from 85.198.17.145
May  4 18:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: input_userauth_request: invalid user wang [preauth]
May  4 18:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16593]: pam_unix(cron:session): session closed for user root
May  4 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for invalid user wang from 85.198.17.145 port 41694 ssh2
May  4 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Connection closed by 85.198.17.145 port 41694 [preauth]
May  4 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Invalid user hadoop from 85.198.17.145
May  4 18:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: input_userauth_request: invalid user hadoop [preauth]
May  4 18:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Failed password for invalid user hadoop from 85.198.17.145 port 35752 ssh2
May  4 18:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18045]: Connection closed by 85.198.17.145 port 35752 [preauth]
May  4 18:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for root from 85.198.17.145 port 35760 ssh2
May  4 18:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Connection closed by 85.198.17.145 port 35760 [preauth]
May  4 18:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Invalid user elasticsearch from 85.198.17.145
May  4 18:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: input_userauth_request: invalid user elasticsearch [preauth]
May  4 18:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Failed password for invalid user elasticsearch from 85.198.17.145 port 35774 ssh2
May  4 18:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Connection closed by 85.198.17.145 port 35774 [preauth]
May  4 18:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: User ftp from 85.198.17.145 not allowed because not listed in AllowUsers
May  4 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: input_userauth_request: invalid user ftp [preauth]
May  4 18:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=ftp
May  4 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for invalid user ftp from 85.198.17.145 port 54292 ssh2
May  4 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Connection closed by 85.198.17.145 port 54292 [preauth]
May  4 18:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Invalid user uftp from 85.198.17.145
May  4 18:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: input_userauth_request: invalid user uftp [preauth]
May  4 18:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Failed password for invalid user uftp from 85.198.17.145 port 54306 ssh2
May  4 18:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Connection closed by 85.198.17.145 port 54306 [preauth]
May  4 18:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: Invalid user awsgui from 85.198.17.145
May  4 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: input_userauth_request: invalid user awsgui [preauth]
May  4 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: Failed password for invalid user awsgui from 85.198.17.145 port 54318 ssh2
May  4 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18099]: Connection closed by 85.198.17.145 port 54318 [preauth]
May  4 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Invalid user dolphinscheduler from 85.198.17.145
May  4 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  4 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Failed password for invalid user dolphinscheduler from 85.198.17.145 port 39224 ssh2
May  4 18:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18110]: Connection closed by 85.198.17.145 port 39224 [preauth]
May  4 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18127]: pam_unix(cron:session): session closed for user p13x
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: Successful su for rubyman by root
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: + ??? root:rubyman
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329137 of user rubyman.
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18188]: pam_unix(su:session): session closed for user rubyman
May  4 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329137.
May  4 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Failed password for root from 85.198.17.145 port 39228 ssh2
May  4 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18123]: Connection closed by 85.198.17.145 port 39228 [preauth]
May  4 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Invalid user yarn from 85.198.17.145
May  4 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: input_userauth_request: invalid user yarn [preauth]
May  4 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15264]: pam_unix(cron:session): session closed for user root
May  4 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Failed password for invalid user yarn from 85.198.17.145 port 39238 ssh2
May  4 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18128]: pam_unix(cron:session): session closed for user samftp
May  4 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Connection closed by 85.198.17.145 port 39238 [preauth]
May  4 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: Invalid user test2 from 85.198.17.145
May  4 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: input_userauth_request: invalid user test2 [preauth]
May  4 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: Failed password for invalid user test2 from 85.198.17.145 port 37212 ssh2
May  4 18:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18380]: Connection closed by 85.198.17.145 port 37212 [preauth]
May  4 18:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: Invalid user oracle from 85.198.17.145
May  4 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: input_userauth_request: invalid user oracle [preauth]
May  4 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: Failed password for invalid user oracle from 85.198.17.145 port 37218 ssh2
May  4 18:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18391]: Connection closed by 85.198.17.145 port 37218 [preauth]
May  4 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: Invalid user guest from 85.198.17.145
May  4 18:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: input_userauth_request: invalid user guest [preauth]
May  4 18:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: Failed password for invalid user guest from 85.198.17.145 port 37230 ssh2
May  4 18:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18394]: Connection closed by 85.198.17.145 port 37230 [preauth]
May  4 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Invalid user wang from 85.198.17.145
May  4 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: input_userauth_request: invalid user wang [preauth]
May  4 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Failed password for invalid user wang from 85.198.17.145 port 40272 ssh2
May  4 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Connection closed by 85.198.17.145 port 40272 [preauth]
May  4 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Invalid user www from 85.198.17.145
May  4 18:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: input_userauth_request: invalid user www [preauth]
May  4 18:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Failed password for invalid user www from 85.198.17.145 port 40286 ssh2
May  4 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Connection closed by 85.198.17.145 port 40286 [preauth]
May  4 18:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Failed password for root from 85.198.17.145 port 40290 ssh2
May  4 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Connection closed by 85.198.17.145 port 40290 [preauth]
May  4 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Invalid user nexus from 85.198.17.145
May  4 18:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: input_userauth_request: invalid user nexus [preauth]
May  4 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Invalid user guest from 213.165.85.145
May  4 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: input_userauth_request: invalid user guest [preauth]
May  4 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 18:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Failed password for invalid user nexus from 85.198.17.145 port 48200 ssh2
May  4 18:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Failed password for invalid user guest from 213.165.85.145 port 41204 ssh2
May  4 18:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18461]: Connection closed by 85.198.17.145 port 48200 [preauth]
May  4 18:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Received disconnect from 213.165.85.145 port 41204:11: Bye Bye [preauth]
May  4 18:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Disconnected from 213.165.85.145 port 41204 [preauth]
May  4 18:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: Invalid user app from 85.198.17.145
May  4 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: input_userauth_request: invalid user app [preauth]
May  4 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session closed for user root
May  4 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: Failed password for invalid user app from 85.198.17.145 port 48208 ssh2
May  4 18:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: Connection closed by 85.198.17.145 port 48208 [preauth]
May  4 18:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: Invalid user nvidia from 85.198.17.145
May  4 18:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: input_userauth_request: invalid user nvidia [preauth]
May  4 18:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: Failed password for invalid user nvidia from 85.198.17.145 port 48210 ssh2
May  4 18:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18498]: Connection closed by 85.198.17.145 port 48210 [preauth]
May  4 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Invalid user debian from 145.239.89.124
May  4 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: input_userauth_request: invalid user debian [preauth]
May  4 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Failed password for invalid user debian from 145.239.89.124 port 42826 ssh2
May  4 18:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Received disconnect from 145.239.89.124 port 42826:11: Bye Bye [preauth]
May  4 18:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18509]: Disconnected from 145.239.89.124 port 42826 [preauth]
May  4 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Failed password for root from 85.198.17.145 port 45204 ssh2
May  4 18:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18511]: Connection closed by 85.198.17.145 port 45204 [preauth]
May  4 18:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145  user=root
May  4 18:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Failed password for root from 85.198.17.145 port 45216 ssh2
May  4 18:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18520]: Connection closed by 85.198.17.145 port 45216 [preauth]
May  4 18:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: Invalid user es from 85.198.17.145
May  4 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: input_userauth_request: invalid user es [preauth]
May  4 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: Failed password for invalid user es from 85.198.17.145 port 45230 ssh2
May  4 18:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18535]: Connection closed by 85.198.17.145 port 45230 [preauth]
May  4 18:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: Invalid user sugi from 85.198.17.145
May  4 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: input_userauth_request: invalid user sugi [preauth]
May  4 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.198.17.145
May  4 18:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: Failed password for invalid user sugi from 85.198.17.145 port 40190 ssh2
May  4 18:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18545]: Connection closed by 85.198.17.145 port 40190 [preauth]
May  4 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18566]: pam_unix(cron:session): session closed for user p13x
May  4 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18633]: Successful su for rubyman by root
May  4 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18633]: + ??? root:rubyman
May  4 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329142 of user rubyman.
May  4 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18633]: pam_unix(su:session): session closed for user rubyman
May  4 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329142.
May  4 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
May  4 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18567]: pam_unix(cron:session): session closed for user samftp
May  4 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Invalid user factorio from 45.95.233.112
May  4 18:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: input_userauth_request: invalid user factorio [preauth]
May  4 18:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Failed password for invalid user factorio from 45.95.233.112 port 53978 ssh2
May  4 18:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Received disconnect from 45.95.233.112 port 53978:11: Bye Bye [preauth]
May  4 18:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Disconnected from 45.95.233.112 port 53978 [preauth]
May  4 18:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  4 18:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: Failed password for root from 218.92.0.212 port 20324 ssh2
May  4 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: message repeated 2 times: [ Failed password for root from 218.92.0.212 port 20324 ssh2]
May  4 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session closed for user root
May  4 18:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: Failed password for root from 218.92.0.212 port 20324 ssh2
May  4 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session closed for user root
May  4 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session closed for user p13x
May  4 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: Successful su for rubyman by root
May  4 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: + ??? root:rubyman
May  4 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329145 of user rubyman.
May  4 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session closed for user rubyman
May  4 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329145.
May  4 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session closed for user root
May  4 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16125]: pam_unix(cron:session): session closed for user root
May  4 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session closed for user samftp
May  4 18:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Failed password for root from 116.118.48.186 port 59596 ssh2
May  4 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Received disconnect from 116.118.48.186 port 59596:11: Bye Bye [preauth]
May  4 18:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19274]: Disconnected from 116.118.48.186 port 59596 [preauth]
May  4 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session closed for user root
May  4 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Invalid user user from 80.94.95.112
May  4 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: input_userauth_request: invalid user user [preauth]
May  4 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user user from 80.94.95.112 port 64302 ssh2
May  4 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19369]: Did not receive identification string from 196.251.114.29
May  4 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user user from 80.94.95.112 port 64302 ssh2
May  4 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user user from 80.94.95.112 port 64302 ssh2
May  4 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user user from 80.94.95.112 port 64302 ssh2
May  4 18:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user user from 80.94.95.112 port 64302 ssh2
May  4 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Received disconnect from 80.94.95.112 port 64302:11: Bye [preauth]
May  4 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Disconnected from 80.94.95.112 port 64302 [preauth]
May  4 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 18:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 18:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Invalid user superuser from 176.31.162.135
May  4 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: input_userauth_request: invalid user superuser [preauth]
May  4 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Failed password for invalid user superuser from 176.31.162.135 port 54582 ssh2
May  4 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Connection closed by 176.31.162.135 port 54582 [preauth]
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user p13x
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: Successful su for rubyman by root
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: + ??? root:rubyman
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329151 of user rubyman.
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: pam_unix(su:session): session closed for user rubyman
May  4 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329151.
May  4 18:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session closed for user root
May  4 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19430]: pam_unix(cron:session): session closed for user samftp
May  4 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18570]: pam_unix(cron:session): session closed for user root
May  4 18:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Invalid user test1 from 152.32.190.168
May  4 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: input_userauth_request: invalid user test1 [preauth]
May  4 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 18:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Failed password for invalid user test1 from 152.32.190.168 port 52186 ssh2
May  4 18:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Received disconnect from 152.32.190.168 port 52186:11: Bye Bye [preauth]
May  4 18:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Disconnected from 152.32.190.168 port 52186 [preauth]
May  4 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session closed for user p13x
May  4 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: Successful su for rubyman by root
May  4 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: + ??? root:rubyman
May  4 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329155 of user rubyman.
May  4 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19919]: pam_unix(su:session): session closed for user rubyman
May  4 18:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329155.
May  4 18:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session closed for user root
May  4 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19859]: pam_unix(cron:session): session closed for user samftp
May  4 18:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20179]: Failed password for root from 177.182.181.8 port 60520 ssh2
May  4 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20179]: Received disconnect from 177.182.181.8 port 60520:11: Bye Bye [preauth]
May  4 18:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20179]: Disconnected from 177.182.181.8 port 60520 [preauth]
May  4 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user root
May  4 18:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54  user=root
May  4 18:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  4 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Failed password for root from 36.255.8.54 port 37398 ssh2
May  4 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Received disconnect from 36.255.8.54 port 37398:11: Bye Bye [preauth]
May  4 18:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Disconnected from 36.255.8.54 port 37398 [preauth]
May  4 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20169]: Failed password for root from 124.198.59.254 port 58622 ssh2
May  4 18:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20169]: Connection closed by 124.198.59.254 port 58622 [preauth]
May  4 18:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20269]: pam_unix(cron:session): session closed for user p13x
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20327]: Successful su for rubyman by root
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20327]: + ??? root:rubyman
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329158 of user rubyman.
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20327]: pam_unix(su:session): session closed for user rubyman
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329158.
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Invalid user taibabi from 103.52.115.223
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: input_userauth_request: invalid user taibabi [preauth]
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Invalid user ubuntu from 145.239.89.124
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: input_userauth_request: invalid user ubuntu [preauth]
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Failed password for invalid user taibabi from 103.52.115.223 port 38584 ssh2
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Received disconnect from 103.52.115.223 port 38584:11: Bye Bye [preauth]
May  4 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20266]: Disconnected from 103.52.115.223 port 38584 [preauth]
May  4 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17569]: pam_unix(cron:session): session closed for user root
May  4 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Failed password for invalid user ubuntu from 145.239.89.124 port 43930 ssh2
May  4 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Received disconnect from 145.239.89.124 port 43930:11: Bye Bye [preauth]
May  4 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20410]: Disconnected from 145.239.89.124 port 43930 [preauth]
May  4 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session closed for user samftp
May  4 18:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Invalid user itops from 45.95.233.112
May  4 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: input_userauth_request: invalid user itops [preauth]
May  4 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): check pass; user unknown
May  4 18:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Failed password for invalid user itops from 45.95.233.112 port 54412 ssh2
May  4 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Received disconnect from 45.95.233.112 port 54412:11: Bye Bye [preauth]
May  4 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20551]: Disconnected from 45.95.233.112 port 54412 [preauth]
May  4 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 18:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19432]: pam_unix(cron:session): session closed for user root
May  4 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Failed password for root from 213.165.85.145 port 35986 ssh2
May  4 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Received disconnect from 213.165.85.145 port 35986:11: Bye Bye [preauth]
May  4 18:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Disconnected from 213.165.85.145 port 35986 [preauth]
May  4 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user p13x
May  4 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20733]: Successful su for rubyman by root
May  4 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20733]: + ??? root:rubyman
May  4 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329163 of user rubyman.
May  4 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20733]: pam_unix(su:session): session closed for user rubyman
May  4 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329163.
May  4 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18129]: pam_unix(cron:session): session closed for user root
May  4 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user samftp
May  4 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19861]: pam_unix(cron:session): session closed for user root
May  4 18:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 18:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 18:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: Failed password for root from 140.249.188.255 port 58958 ssh2
May  4 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: Received disconnect from 140.249.188.255 port 58958:11: Bye Bye [preauth]
May  4 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: Disconnected from 140.249.188.255 port 58958 [preauth]
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21095]: pam_unix(cron:session): session closed for user root
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session closed for user root
May  4 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21088]: pam_unix(cron:session): session closed for user p13x
May  4 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: Successful su for rubyman by root
May  4 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: + ??? root:rubyman
May  4 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329172 of user rubyman.
May  4 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21191]: pam_unix(su:session): session closed for user rubyman
May  4 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329172.
May  4 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21092]: pam_unix(cron:session): session closed for user root
May  4 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18569]: pam_unix(cron:session): session closed for user root
May  4 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user samftp
May  4 19:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session closed for user root
May  4 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21636]: pam_unix(cron:session): session closed for user p13x
May  4 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: Successful su for rubyman by root
May  4 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: + ??? root:rubyman
May  4 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329175 of user rubyman.
May  4 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21727]: pam_unix(su:session): session closed for user rubyman
May  4 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329175.
May  4 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user root
May  4 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21637]: pam_unix(cron:session): session closed for user samftp
May  4 19:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Failed password for root from 116.118.48.186 port 44512 ssh2
May  4 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Received disconnect from 116.118.48.186 port 44512:11: Bye Bye [preauth]
May  4 19:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22213]: Disconnected from 116.118.48.186 port 44512 [preauth]
May  4 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20673]: pam_unix(cron:session): session closed for user root
May  4 19:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Invalid user itops from 152.32.190.168
May  4 19:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: input_userauth_request: invalid user itops [preauth]
May  4 19:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user itops from 152.32.190.168 port 52200 ssh2
May  4 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Received disconnect from 152.32.190.168 port 52200:11: Bye Bye [preauth]
May  4 19:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Disconnected from 152.32.190.168 port 52200 [preauth]
May  4 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session closed for user p13x
May  4 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: Successful su for rubyman by root
May  4 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: + ??? root:rubyman
May  4 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329178 of user rubyman.
May  4 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22472]: pam_unix(su:session): session closed for user rubyman
May  4 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329178.
May  4 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19431]: pam_unix(cron:session): session closed for user root
May  4 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user samftp
May  4 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21094]: pam_unix(cron:session): session closed for user root
May  4 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Invalid user magento from 145.239.89.124
May  4 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: input_userauth_request: invalid user magento [preauth]
May  4 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Failed password for invalid user magento from 145.239.89.124 port 44024 ssh2
May  4 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Received disconnect from 145.239.89.124 port 44024:11: Bye Bye [preauth]
May  4 19:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Disconnected from 145.239.89.124 port 44024 [preauth]
May  4 19:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112  user=root
May  4 19:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: Failed password for root from 45.95.233.112 port 48984 ssh2
May  4 19:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: Received disconnect from 45.95.233.112 port 48984:11: Bye Bye [preauth]
May  4 19:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: Disconnected from 45.95.233.112 port 48984 [preauth]
May  4 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22853]: pam_unix(cron:session): session closed for user p13x
May  4 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22924]: Successful su for rubyman by root
May  4 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22924]: + ??? root:rubyman
May  4 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329181 of user rubyman.
May  4 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22924]: pam_unix(su:session): session closed for user rubyman
May  4 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329181.
May  4 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19860]: pam_unix(cron:session): session closed for user root
May  4 19:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22855]: pam_unix(cron:session): session closed for user samftp
May  4 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Invalid user hengshi from 36.255.8.54
May  4 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: input_userauth_request: invalid user hengshi [preauth]
May  4 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 19:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Failed password for invalid user hengshi from 36.255.8.54 port 52294 ssh2
May  4 19:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Received disconnect from 36.255.8.54 port 52294:11: Bye Bye [preauth]
May  4 19:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Disconnected from 36.255.8.54 port 52294 [preauth]
May  4 19:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Invalid user unreal from 177.182.181.8
May  4 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: input_userauth_request: invalid user unreal [preauth]
May  4 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 19:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Failed password for invalid user unreal from 177.182.181.8 port 49996 ssh2
May  4 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Received disconnect from 177.182.181.8 port 49996:11: Bye Bye [preauth]
May  4 19:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Disconnected from 177.182.181.8 port 49996 [preauth]
May  4 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session closed for user root
May  4 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: Invalid user dmdba from 213.165.85.145
May  4 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: input_userauth_request: invalid user dmdba [preauth]
May  4 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: Failed password for invalid user dmdba from 213.165.85.145 port 46938 ssh2
May  4 19:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: Received disconnect from 213.165.85.145 port 46938:11: Bye Bye [preauth]
May  4 19:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23240]: Disconnected from 213.165.85.145 port 46938 [preauth]
May  4 19:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: Connection closed by 71.30.105.186 port 53424 [preauth]
May  4 19:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Invalid user admin from 80.94.95.112
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: input_userauth_request: invalid user admin [preauth]
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user p13x
May  4 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: Successful su for rubyman by root
May  4 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: + ??? root:rubyman
May  4 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329187 of user rubyman.
May  4 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23463]: pam_unix(su:session): session closed for user rubyman
May  4 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329187.
May  4 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user admin from 80.94.95.112 port 48120 ssh2
May  4 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20271]: pam_unix(cron:session): session closed for user root
May  4 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user admin from 80.94.95.112 port 48120 ssh2
May  4 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user samftp
May  4 19:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user admin from 80.94.95.112 port 48120 ssh2
May  4 19:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user admin from 80.94.95.112 port 48120 ssh2
May  4 19:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Invalid user joy from 103.52.115.223
May  4 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: input_userauth_request: invalid user joy [preauth]
May  4 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 19:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for invalid user admin from 80.94.95.112 port 48120 ssh2
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Failed password for invalid user joy from 103.52.115.223 port 55668 ssh2
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Received disconnect from 80.94.95.112 port 48120:11: Bye [preauth]
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Disconnected from 80.94.95.112 port 48120 [preauth]
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Received disconnect from 103.52.115.223 port 55668:11: Bye Bye [preauth]
May  4 19:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Disconnected from 103.52.115.223 port 55668 [preauth]
May  4 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Invalid user erpnext from 140.249.188.255
May  4 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: input_userauth_request: invalid user erpnext [preauth]
May  4 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Failed password for invalid user erpnext from 140.249.188.255 port 59300 ssh2
May  4 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Received disconnect from 140.249.188.255 port 59300:11: Bye Bye [preauth]
May  4 19:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Disconnected from 140.249.188.255 port 59300 [preauth]
May  4 19:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user root
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23913]: pam_unix(cron:session): session closed for user root
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23905]: pam_unix(cron:session): session closed for user p13x
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23985]: Successful su for rubyman by root
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23985]: + ??? root:rubyman
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329189 of user rubyman.
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23985]: pam_unix(su:session): session closed for user rubyman
May  4 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329189.
May  4 19:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23908]: pam_unix(cron:session): session closed for user root
May  4 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20672]: pam_unix(cron:session): session closed for user root
May  4 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23907]: pam_unix(cron:session): session closed for user samftp
May  4 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22857]: pam_unix(cron:session): session closed for user root
May  4 19:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Invalid user ubnt from 80.94.95.125
May  4 19:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: input_userauth_request: invalid user ubnt [preauth]
May  4 19:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 19:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user ubnt from 80.94.95.125 port 63048 ssh2
May  4 19:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user p13x
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24468]: Successful su for rubyman by root
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24468]: + ??? root:rubyman
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329195 of user rubyman.
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24468]: pam_unix(su:session): session closed for user rubyman
May  4 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329195.
May  4 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user ubnt from 80.94.95.125 port 63048 ssh2
May  4 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user ubnt from 80.94.95.125 port 63048 ssh2
May  4 19:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session closed for user root
May  4 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user samftp
May  4 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user ubnt from 80.94.95.125 port 63048 ssh2
May  4 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Failed password for invalid user ubnt from 80.94.95.125 port 63048 ssh2
May  4 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Received disconnect from 80.94.95.125 port 63048:11: Bye [preauth]
May  4 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: Disconnected from 80.94.95.125 port 63048 [preauth]
May  4 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 19:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24368]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23398]: pam_unix(cron:session): session closed for user root
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session closed for user p13x
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: Invalid user ubuntu from 45.95.233.112
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: input_userauth_request: invalid user ubuntu [preauth]
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24881]: Successful su for rubyman by root
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24881]: + ??? root:rubyman
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329200 of user rubyman.
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24881]: pam_unix(su:session): session closed for user rubyman
May  4 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329200.
May  4 19:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: Failed password for invalid user ubuntu from 45.95.233.112 port 46598 ssh2
May  4 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: Received disconnect from 45.95.233.112 port 46598:11: Bye Bye [preauth]
May  4 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24814]: Disconnected from 45.95.233.112 port 46598 [preauth]
May  4 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21639]: pam_unix(cron:session): session closed for user root
May  4 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Invalid user star from 152.32.190.168
May  4 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: input_userauth_request: invalid user star [preauth]
May  4 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124  user=root
May  4 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session closed for user samftp
May  4 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Failed password for invalid user star from 152.32.190.168 port 36684 ssh2
May  4 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Received disconnect from 152.32.190.168 port 36684:11: Bye Bye [preauth]
May  4 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Disconnected from 152.32.190.168 port 36684 [preauth]
May  4 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for root from 145.239.89.124 port 34914 ssh2
May  4 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Received disconnect from 145.239.89.124 port 34914:11: Bye Bye [preauth]
May  4 19:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Disconnected from 145.239.89.124 port 34914 [preauth]
May  4 19:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: Invalid user taibabi from 116.118.48.186
May  4 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: input_userauth_request: invalid user taibabi [preauth]
May  4 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 19:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: Failed password for invalid user taibabi from 116.118.48.186 port 52562 ssh2
May  4 19:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: Received disconnect from 116.118.48.186 port 52562:11: Bye Bye [preauth]
May  4 19:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25107]: Disconnected from 116.118.48.186 port 52562 [preauth]
May  4 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23911]: pam_unix(cron:session): session closed for user root
May  4 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session closed for user p13x
May  4 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: Successful su for rubyman by root
May  4 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: + ??? root:rubyman
May  4 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329204 of user rubyman.
May  4 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25299]: pam_unix(su:session): session closed for user rubyman
May  4 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329204.
May  4 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
May  4 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session closed for user samftp
May  4 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Invalid user data from 36.255.8.54
May  4 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: input_userauth_request: invalid user data [preauth]
May  4 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24391]: pam_unix(cron:session): session closed for user root
May  4 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Failed password for invalid user data from 36.255.8.54 port 43542 ssh2
May  4 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Received disconnect from 36.255.8.54 port 43542:11: Bye Bye [preauth]
May  4 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25562]: Disconnected from 36.255.8.54 port 43542 [preauth]
May  4 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Invalid user admin from 213.165.85.145
May  4 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: input_userauth_request: invalid user admin [preauth]
May  4 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Failed password for invalid user admin from 213.165.85.145 port 50766 ssh2
May  4 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Received disconnect from 213.165.85.145 port 50766:11: Bye Bye [preauth]
May  4 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25596]: Disconnected from 213.165.85.145 port 50766 [preauth]
May  4 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Invalid user arun from 50.235.31.47
May  4 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: input_userauth_request: invalid user arun [preauth]
May  4 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Failed password for invalid user arun from 50.235.31.47 port 34892 ssh2
May  4 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Connection closed by 50.235.31.47 port 34892 [preauth]
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25662]: pam_unix(cron:session): session closed for user p13x
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: Successful su for rubyman by root
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: + ??? root:rubyman
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329207 of user rubyman.
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25770]: pam_unix(su:session): session closed for user rubyman
May  4 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329207.
May  4 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25659]: pam_unix(cron:session): session closed for user root
May  4 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Invalid user zahir from 140.249.188.255
May  4 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: input_userauth_request: invalid user zahir [preauth]
May  4 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22856]: pam_unix(cron:session): session closed for user root
May  4 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Failed password for invalid user zahir from 140.249.188.255 port 59594 ssh2
May  4 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Received disconnect from 140.249.188.255 port 59594:11: Bye Bye [preauth]
May  4 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25839]: Disconnected from 140.249.188.255 port 59594 [preauth]
May  4 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25663]: pam_unix(cron:session): session closed for user samftp
May  4 19:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Failed password for root from 177.182.181.8 port 43342 ssh2
May  4 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Received disconnect from 177.182.181.8 port 43342:11: Bye Bye [preauth]
May  4 19:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26021]: Disconnected from 177.182.181.8 port 43342 [preauth]
May  4 19:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Failed password for root from 164.68.105.9 port 41738 ssh2
May  4 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Connection closed by 164.68.105.9 port 41738 [preauth]
May  4 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session closed for user root
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user root
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session closed for user p13x
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: Successful su for rubyman by root
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: + ??? root:rubyman
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329212 of user rubyman.
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: pam_unix(su:session): session closed for user rubyman
May  4 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329212.
May  4 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
May  4 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session closed for user root
May  4 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user samftp
May  4 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Invalid user deploy from 103.52.115.223
May  4 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: input_userauth_request: invalid user deploy [preauth]
May  4 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Failed password for invalid user deploy from 103.52.115.223 port 53062 ssh2
May  4 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Received disconnect from 103.52.115.223 port 53062:11: Bye Bye [preauth]
May  4 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Disconnected from 103.52.115.223 port 53062 [preauth]
May  4 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25231]: pam_unix(cron:session): session closed for user root
May  4 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session closed for user p13x
May  4 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26727]: Successful su for rubyman by root
May  4 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26727]: + ??? root:rubyman
May  4 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329220 of user rubyman.
May  4 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26727]: pam_unix(su:session): session closed for user rubyman
May  4 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329220.
May  4 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23909]: pam_unix(cron:session): session closed for user root
May  4 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session closed for user samftp
May  4 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Invalid user nginx from 45.95.233.112
May  4 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: input_userauth_request: invalid user nginx [preauth]
May  4 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26981]: Did not receive identification string from 189.91.255.92
May  4 19:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Failed password for invalid user nginx from 45.95.233.112 port 34550 ssh2
May  4 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Received disconnect from 45.95.233.112 port 34550:11: Bye Bye [preauth]
May  4 19:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26982]: Disconnected from 45.95.233.112 port 34550 [preauth]
May  4 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Failed password for root from 189.91.255.92 port 53431 ssh2
May  4 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27011]: Connection closed by 189.91.255.92 port 53431 [preauth]
May  4 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user root
May  4 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124  user=root
May  4 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Failed password for root from 145.239.89.124 port 56924 ssh2
May  4 19:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Received disconnect from 145.239.89.124 port 56924:11: Bye Bye [preauth]
May  4 19:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Disconnected from 145.239.89.124 port 56924 [preauth]
May  4 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: Failed password for root from 189.91.255.92 port 56571 ssh2
May  4 19:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27063]: Connection closed by 189.91.255.92 port 56571 [preauth]
May  4 19:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Failed password for root from 189.91.255.92 port 59761 ssh2
May  4 19:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session closed for user p13x
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Connection closed by 189.91.255.92 port 59761 [preauth]
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: Successful su for rubyman by root
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: + ??? root:rubyman
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329223 of user rubyman.
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27206]: pam_unix(su:session): session closed for user rubyman
May  4 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329223.
May  4 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session closed for user root
May  4 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Failed password for root from 189.91.255.92 port 62655 ssh2
May  4 19:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session closed for user samftp
May  4 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Connection closed by 189.91.255.92 port 62655 [preauth]
May  4 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27430]: Failed password for root from 189.91.255.92 port 64205 ssh2
May  4 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27430]: Connection closed by 189.91.255.92 port 64205 [preauth]
May  4 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Failed password for root from 189.91.255.92 port 9854 ssh2
May  4 19:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Connection closed by 189.91.255.92 port 9854 [preauth]
May  4 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Invalid user taibabi from 152.32.190.168
May  4 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: input_userauth_request: invalid user taibabi [preauth]
May  4 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for invalid user taibabi from 152.32.190.168 port 60556 ssh2
May  4 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Received disconnect from 152.32.190.168 port 60556:11: Bye Bye [preauth]
May  4 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Disconnected from 152.32.190.168 port 60556 [preauth]
May  4 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27516]: Failed password for root from 189.91.255.92 port 12044 ssh2
May  4 19:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27516]: Connection closed by 189.91.255.92 port 12044 [preauth]
May  4 19:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session closed for user root
May  4 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27520]: Failed password for root from 189.91.255.92 port 14580 ssh2
May  4 19:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Failed password for root from 189.91.255.92 port 15924 ssh2
May  4 19:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27563]: Connection closed by 189.91.255.92 port 15924 [preauth]
May  4 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27595]: Failed password for root from 189.91.255.92 port 18138 ssh2
May  4 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27595]: Connection closed by 189.91.255.92 port 18138 [preauth]
May  4 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27619]: pam_unix(cron:session): session closed for user p13x
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27605]: Failed password for root from 189.91.255.92 port 19886 ssh2
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: Successful su for rubyman by root
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: + ??? root:rubyman
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329228 of user rubyman.
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: pam_unix(su:session): session closed for user rubyman
May  4 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329228.
May  4 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27605]: Connection closed by 189.91.255.92 port 19886 [preauth]
May  4 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session closed for user root
May  4 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27620]: pam_unix(cron:session): session closed for user samftp
May  4 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Failed password for root from 189.91.255.92 port 24004 ssh2
May  4 19:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27868]: Connection closed by 189.91.255.92 port 24004 [preauth]
May  4 19:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Invalid user local from 116.118.48.186
May  4 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: input_userauth_request: invalid user local [preauth]
May  4 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186
May  4 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Invalid user ads from 140.249.188.255
May  4 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: input_userauth_request: invalid user ads [preauth]
May  4 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 19:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Failed password for invalid user local from 116.118.48.186 port 54076 ssh2
May  4 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Received disconnect from 116.118.48.186 port 54076:11: Bye Bye [preauth]
May  4 19:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27932]: Disconnected from 116.118.48.186 port 54076 [preauth]
May  4 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Failed password for root from 189.91.255.92 port 25138 ssh2
May  4 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for invalid user ads from 140.249.188.255 port 59900 ssh2
May  4 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Received disconnect from 140.249.188.255 port 59900:11: Bye Bye [preauth]
May  4 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Disconnected from 140.249.188.255 port 59900 [preauth]
May  4 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26656]: pam_unix(cron:session): session closed for user root
May  4 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Connection closed by 189.91.255.92 port 25138 [preauth]
May  4 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: Failed password for root from 213.165.85.145 port 60980 ssh2
May  4 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: Received disconnect from 213.165.85.145 port 60980:11: Bye Bye [preauth]
May  4 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: Disconnected from 213.165.85.145 port 60980 [preauth]
May  4 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Failed password for root from 189.91.255.92 port 30906 ssh2
May  4 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: Connection closed by 189.91.255.92 port 30906 [preauth]
May  4 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: Failed password for root from 189.91.255.92 port 32992 ssh2
May  4 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27991]: Connection closed by 189.91.255.92 port 32992 [preauth]
May  4 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Failed password for root from 189.91.255.92 port 34942 ssh2
May  4 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.247.251  user=root
May  4 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Connection closed by 189.91.255.92 port 34942 [preauth]
May  4 19:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214  user=root
May  4 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Failed password for root from 147.182.247.251 port 34756 ssh2
May  4 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Connection closed by 147.182.247.251 port 34756 [preauth]
May  4 19:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.182.247.251  user=root
May  4 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Failed password for root from 123.252.238.214 port 33056 ssh2
May  4 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Received disconnect from 123.252.238.214 port 33056:11: Bye Bye [preauth]
May  4 19:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28028]: Disconnected from 123.252.238.214 port 33056 [preauth]
May  4 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Failed password for root from 147.182.247.251 port 34758 ssh2
May  4 19:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28030]: Connection closed by 147.182.247.251 port 34758 [preauth]
May  4 19:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28043]: pam_unix(cron:session): session closed for user p13x
May  4 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28111]: Successful su for rubyman by root
May  4 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28111]: + ??? root:rubyman
May  4 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329231 of user rubyman.
May  4 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28111]: pam_unix(su:session): session closed for user rubyman
May  4 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329231.
May  4 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Failed password for root from 189.91.255.92 port 37688 ssh2
May  4 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25230]: pam_unix(cron:session): session closed for user root
May  4 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Connection closed by 189.91.255.92 port 37688 [preauth]
May  4 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user samftp
May  4 19:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for root from 189.91.255.92 port 39484 ssh2
May  4 19:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Connection closed by 189.91.255.92 port 39484 [preauth]
May  4 19:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Failed password for root from 189.91.255.92 port 41234 ssh2
May  4 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Connection closed by 189.91.255.92 port 41234 [preauth]
May  4 19:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session closed for user root
May  4 19:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Failed password for root from 189.91.255.92 port 43418 ssh2
May  4 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Failed password for root from 189.91.255.92 port 47000 ssh2
May  4 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28461]: pam_unix(cron:session): session closed for user root
May  4 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28455]: pam_unix(cron:session): session closed for user p13x
May  4 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: Successful su for rubyman by root
May  4 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: + ??? root:rubyman
May  4 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329237 of user rubyman.
May  4 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28529]: pam_unix(su:session): session closed for user rubyman
May  4 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329237.
May  4 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session closed for user root
May  4 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28458]: pam_unix(cron:session): session closed for user root
May  4 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28452]: Failed password for root from 189.91.255.92 port 52174 ssh2
May  4 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28456]: pam_unix(cron:session): session closed for user samftp
May  4 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Failed password for root from 189.91.255.92 port 54822 ssh2
May  4 19:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Failed password for root from 177.182.181.8 port 38886 ssh2
May  4 19:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Received disconnect from 177.182.181.8 port 38886:11: Bye Bye [preauth]
May  4 19:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28746]: Disconnected from 177.182.181.8 port 38886 [preauth]
May  4 19:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Failed password for root from 189.91.255.92 port 56810 ssh2
May  4 19:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28769]: Connection closed by 189.91.255.92 port 56810 [preauth]
May  4 19:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Failed password for root from 189.91.255.92 port 58194 ssh2
May  4 19:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Connection closed by 189.91.255.92 port 58194 [preauth]
May  4 19:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session closed for user root
May  4 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28805]: Failed password for root from 189.91.255.92 port 60718 ssh2
May  4 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Failed password for root from 189.91.255.92 port 62194 ssh2
May  4 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Invalid user taibabi from 45.95.233.112
May  4 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: input_userauth_request: invalid user taibabi [preauth]
May  4 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Failed password for invalid user taibabi from 45.95.233.112 port 50244 ssh2
May  4 19:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Received disconnect from 45.95.233.112 port 50244:11: Bye Bye [preauth]
May  4 19:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Disconnected from 45.95.233.112 port 50244 [preauth]
May  4 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28845]: Connection closed by 189.91.255.92 port 62194 [preauth]
May  4 19:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Failed password for root from 189.91.255.92 port 64730 ssh2
May  4 19:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Connection closed by 189.91.255.92 port 64730 [preauth]
May  4 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: Invalid user peer from 27.112.78.170
May  4 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: input_userauth_request: invalid user peer [preauth]
May  4 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28911]: pam_unix(cron:session): session closed for user p13x
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Failed password for root from 189.91.255.92 port 11899 ssh2
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: Successful su for rubyman by root
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: + ??? root:rubyman
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329241 of user rubyman.
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: pam_unix(su:session): session closed for user rubyman
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329241.
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: Failed password for invalid user peer from 27.112.78.170 port 41912 ssh2
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28906]: Connection closed by 189.91.255.92 port 11899 [preauth]
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: Received disconnect from 27.112.78.170 port 41912:11: Bye Bye [preauth]
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28908]: Disconnected from 27.112.78.170 port 41912 [preauth]
May  4 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user root
May  4 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session closed for user samftp
May  4 19:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Failed password for root from 189.91.255.92 port 12651 ssh2
May  4 19:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Connection closed by 189.91.255.92 port 12651 [preauth]
May  4 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Failed password for root from 189.91.255.92 port 15367 ssh2
May  4 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29276]: Connection closed by 189.91.255.92 port 15367 [preauth]
May  4 19:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: Failed password for root from 189.91.255.92 port 16783 ssh2
May  4 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Invalid user testftp from 145.239.89.124
May  4 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: input_userauth_request: invalid user testftp [preauth]
May  4 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Failed password for invalid user testftp from 145.239.89.124 port 58014 ssh2
May  4 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Received disconnect from 145.239.89.124 port 58014:11: Bye Bye [preauth]
May  4 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Disconnected from 145.239.89.124 port 58014 [preauth]
May  4 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Invalid user peachy from 103.52.115.223
May  4 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: input_userauth_request: invalid user peachy [preauth]
May  4 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Failed password for invalid user peachy from 103.52.115.223 port 34658 ssh2
May  4 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Received disconnect from 103.52.115.223 port 34658:11: Bye Bye [preauth]
May  4 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29335]: Disconnected from 103.52.115.223 port 34658 [preauth]
May  4 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29305]: Connection closed by 189.91.255.92 port 16783 [preauth]
May  4 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session closed for user root
May  4 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Failed password for root from 189.91.255.92 port 19145 ssh2
May  4 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29337]: Connection closed by 189.91.255.92 port 19145 [preauth]
May  4 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29380]: Failed password for root from 189.91.255.92 port 20971 ssh2
May  4 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29380]: Connection closed by 189.91.255.92 port 20971 [preauth]
May  4 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Failed password for root from 189.91.255.92 port 23177 ssh2
May  4 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29392]: Connection closed by 189.91.255.92 port 23177 [preauth]
May  4 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Failed password for root from 189.91.255.92 port 25623 ssh2
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session closed for user root
May  4 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session closed for user p13x
May  4 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29514]: Successful su for rubyman by root
May  4 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29514]: + ??? root:rubyman
May  4 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329244 of user rubyman.
May  4 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29514]: pam_unix(su:session): session closed for user rubyman
May  4 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329244.
May  4 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26655]: pam_unix(cron:session): session closed for user root
May  4 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Connection closed by 189.91.255.92 port 25623 [preauth]
May  4 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Failed password for root from 189.91.255.92 port 27129 ssh2
May  4 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session closed for user samftp
May  4 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Connection closed by 189.91.255.92 port 27129 [preauth]
May  4 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29703]: Failed password for root from 189.91.255.92 port 29731 ssh2
May  4 19:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29703]: Connection closed by 189.91.255.92 port 29731 [preauth]
May  4 19:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: Failed password for root from 189.91.255.92 port 31217 ssh2
May  4 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: Connection closed by 189.91.255.92 port 31217 [preauth]
May  4 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for root from 189.91.255.92 port 33457 ssh2
May  4 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 189.91.255.92 port 33457 [preauth]
May  4 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Failed password for root from 189.91.255.92 port 34957 ssh2
May  4 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29773]: Connection closed by 189.91.255.92 port 34957 [preauth]
May  4 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28460]: pam_unix(cron:session): session closed for user root
May  4 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Failed password for root from 189.91.255.92 port 36299 ssh2
May  4 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: Invalid user sharing from 152.32.190.168
May  4 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: input_userauth_request: invalid user sharing [preauth]
May  4 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: Failed password for invalid user sharing from 152.32.190.168 port 53746 ssh2
May  4 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: Received disconnect from 152.32.190.168 port 53746:11: Bye Bye [preauth]
May  4 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29804]: Disconnected from 152.32.190.168 port 53746 [preauth]
May  4 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Did not receive identification string from 189.91.255.92
May  4 19:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Connection closed by 189.91.255.92 port 36299 [preauth]
May  4 19:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Invalid user sasan from 107.189.29.175
May  4 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: input_userauth_request: invalid user sasan [preauth]
May  4 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Failed password for root from 189.91.255.92 port 38831 ssh2
May  4 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Failed password for invalid user sasan from 107.189.29.175 port 43740 ssh2
May  4 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Received disconnect from 107.189.29.175 port 43740:11: Bye Bye [preauth]
May  4 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Disconnected from 107.189.29.175 port 43740 [preauth]
May  4 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29839]: Connection closed by 189.91.255.92 port 38831 [preauth]
May  4 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: Failed password for root from 189.91.255.92 port 40733 ssh2
May  4 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29853]: Connection closed by 189.91.255.92 port 40733 [preauth]
May  4 19:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session closed for user p13x
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29940]: Successful su for rubyman by root
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29940]: + ??? root:rubyman
May  4 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329249 of user rubyman.
May  4 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29940]: pam_unix(su:session): session closed for user rubyman
May  4 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329249.
May  4 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29865]: Failed password for root from 189.91.255.92 port 42151 ssh2
May  4 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user root
May  4 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session closed for user samftp
May  4 19:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29865]: Connection closed by 189.91.255.92 port 42151 [preauth]
May  4 19:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30135]: Failed password for root from 189.91.255.92 port 45135 ssh2
May  4 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30135]: Connection closed by 189.91.255.92 port 45135 [preauth]
May  4 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Failed password for root from 189.91.255.92 port 46711 ssh2
May  4 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session closed for user root
May  4 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Failed password for root from 189.91.255.92 port 48867 ssh2
May  4 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Failed password for root from 213.165.85.145 port 58038 ssh2
May  4 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Received disconnect from 213.165.85.145 port 58038:11: Bye Bye [preauth]
May  4 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30231]: Disconnected from 213.165.85.145 port 58038 [preauth]
May  4 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Failed password for root from 189.91.255.92 port 51641 ssh2
May  4 19:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30199]: Connection closed by 189.91.255.92 port 48867 [preauth]
May  4 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30237]: Connection closed by 189.91.255.92 port 51641 [preauth]
May  4 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Failed password for root from 189.91.255.92 port 53891 ssh2
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30280]: pam_unix(cron:session): session closed for user p13x
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: Successful su for rubyman by root
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: + ??? root:rubyman
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329254 of user rubyman.
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30344]: pam_unix(su:session): session closed for user rubyman
May  4 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329254.
May  4 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Connection closed by 189.91.255.92 port 53891 [preauth]
May  4 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27621]: pam_unix(cron:session): session closed for user root
May  4 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session closed for user samftp
May  4 19:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for root from 189.91.255.92 port 57827 ssh2
May  4 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: Failed password for root from 189.91.255.92 port 59237 ssh2
May  4 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Invalid user git from 36.255.8.54
May  4 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: input_userauth_request: invalid user git [preauth]
May  4 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Failed password for invalid user git from 36.255.8.54 port 56088 ssh2
May  4 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Received disconnect from 36.255.8.54 port 56088:11: Bye Bye [preauth]
May  4 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Disconnected from 36.255.8.54 port 56088 [preauth]
May  4 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30542]: Connection closed by 189.91.255.92 port 59237 [preauth]
May  4 19:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: Failed password for root from 189.91.255.92 port 61511 ssh2
May  4 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30575]: Connection closed by 189.91.255.92 port 61511 [preauth]
May  4 19:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session closed for user root
May  4 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.118.48.186  user=root
May  4 19:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Failed password for root from 189.91.255.92 port 63373 ssh2
May  4 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: Failed password for root from 116.118.48.186 port 44622 ssh2
May  4 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: Received disconnect from 116.118.48.186 port 44622:11: Bye Bye [preauth]
May  4 19:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: Disconnected from 116.118.48.186 port 44622 [preauth]
May  4 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Connection closed by 189.91.255.92 port 63373 [preauth]
May  4 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Failed password for root from 189.91.255.92 port 9416 ssh2
May  4 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Connection closed by 189.91.255.92 port 9416 [preauth]
May  4 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 189.91.255.92 port 11740 ssh2
May  4 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Connection closed by 189.91.255.92 port 11740 [preauth]
May  4 19:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: Invalid user testftp from 45.95.233.112
May  4 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: input_userauth_request: invalid user testftp [preauth]
May  4 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: Failed password for invalid user testftp from 45.95.233.112 port 47680 ssh2
May  4 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: Received disconnect from 45.95.233.112 port 47680:11: Bye Bye [preauth]
May  4 19:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30693]: Disconnected from 45.95.233.112 port 47680 [preauth]
May  4 19:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session closed for user root
May  4 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30704]: pam_unix(cron:session): session closed for user p13x
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Failed password for root from 189.91.255.92 port 13958 ssh2
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: Successful su for rubyman by root
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: + ??? root:rubyman
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329258 of user rubyman.
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: pam_unix(su:session): session closed for user rubyman
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329258.
May  4 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30683]: Connection closed by 189.91.255.92 port 13958 [preauth]
May  4 19:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session closed for user root
May  4 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user root
May  4 19:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30705]: pam_unix(cron:session): session closed for user samftp
May  4 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: Failed password for root from 189.91.255.92 port 16176 ssh2
May  4 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Failed password for root from 189.91.255.92 port 17418 ssh2
May  4 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30991]: Connection closed by 189.91.255.92 port 17418 [preauth]
May  4 19:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Failed password for root from 189.91.255.92 port 19438 ssh2
May  4 19:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29879]: pam_unix(cron:session): session closed for user root
May  4 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Connection closed by 189.91.255.92 port 19438 [preauth]
May  4 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Failed password for root from 189.91.255.92 port 21218 ssh2
May  4 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31050]: Connection closed by 189.91.255.92 port 21218 [preauth]
May  4 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  4 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Failed password for root from 46.244.96.25 port 48966 ssh2
May  4 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Connection closed by 46.244.96.25 port 48966 [preauth]
May  4 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Failed password for root from 189.91.255.92 port 25038 ssh2
May  4 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Connection closed by 189.91.255.92 port 25038 [preauth]
May  4 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Failed password for root from 189.91.255.92 port 25948 ssh2
May  4 19:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31128]: Connection closed by 189.91.255.92 port 25948 [preauth]
May  4 19:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124  user=root
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: Failed password for root from 145.239.89.124 port 53478 ssh2
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: Received disconnect from 145.239.89.124 port 53478:11: Bye Bye [preauth]
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: Disconnected from 145.239.89.124 port 53478 [preauth]
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31155]: pam_unix(cron:session): session closed for user p13x
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31220]: Successful su for rubyman by root
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31220]: + ??? root:rubyman
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329265 of user rubyman.
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31220]: pam_unix(su:session): session closed for user rubyman
May  4 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329265.
May  4 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28459]: pam_unix(cron:session): session closed for user root
May  4 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31156]: pam_unix(cron:session): session closed for user samftp
May  4 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Invalid user dave from 177.182.181.8
May  4 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: input_userauth_request: invalid user dave [preauth]
May  4 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31139]: Failed password for root from 189.91.255.92 port 28090 ssh2
May  4 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Failed password for invalid user dave from 177.182.181.8 port 47842 ssh2
May  4 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Received disconnect from 177.182.181.8 port 47842:11: Bye Bye [preauth]
May  4 19:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Disconnected from 177.182.181.8 port 47842 [preauth]
May  4 19:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31419]: Failed password for root from 189.91.255.92 port 31682 ssh2
May  4 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: Failed password for root from 189.91.255.92 port 34084 ssh2
May  4 19:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31452]: Connection closed by 189.91.255.92 port 34084 [preauth]
May  4 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user root
May  4 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Failed password for root from 189.91.255.92 port 36238 ssh2
May  4 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Connection closed by 189.91.255.92 port 36238 [preauth]
May  4 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31506]: Failed password for root from 189.91.255.92 port 37572 ssh2
May  4 19:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Failed password for root from 189.91.255.92 port 41248 ssh2
May  4 19:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Connection closed by 189.91.255.92 port 41248 [preauth]
May  4 19:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31572]: pam_unix(cron:session): session closed for user p13x
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: Successful su for rubyman by root
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: + ??? root:rubyman
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329269 of user rubyman.
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31633]: pam_unix(su:session): session closed for user rubyman
May  4 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329269.
May  4 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session closed for user root
May  4 19:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31573]: pam_unix(cron:session): session closed for user samftp
May  4 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31568]: Failed password for root from 189.91.255.92 port 42482 ssh2
May  4 19:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Failed password for root from 189.91.255.92 port 46548 ssh2
May  4 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31840]: Connection closed by 189.91.255.92 port 46548 [preauth]
May  4 19:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Failed password for root from 189.91.255.92 port 47636 ssh2
May  4 19:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31871]: Connection closed by 189.91.255.92 port 47636 [preauth]
May  4 19:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user root
May  4 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Invalid user ubuntu from 103.52.115.223
May  4 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: input_userauth_request: invalid user ubuntu [preauth]
May  4 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for invalid user ubuntu from 103.52.115.223 port 34182 ssh2
May  4 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Received disconnect from 103.52.115.223 port 34182:11: Bye Bye [preauth]
May  4 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Disconnected from 103.52.115.223 port 34182 [preauth]
May  4 19:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Failed password for root from 189.91.255.92 port 51834 ssh2
May  4 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31910]: Connection closed by 189.91.255.92 port 51834 [preauth]
May  4 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Failed password for root from 189.91.255.92 port 54526 ssh2
May  4 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168  user=root
May  4 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Failed password for root from 152.32.190.168 port 49044 ssh2
May  4 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Received disconnect from 152.32.190.168 port 49044:11: Bye Bye [preauth]
May  4 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Disconnected from 152.32.190.168 port 49044 [preauth]
May  4 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 19:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: Failed password for root from 107.189.29.175 port 51718 ssh2
May  4 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: Received disconnect from 107.189.29.175 port 51718:11: Bye Bye [preauth]
May  4 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32003]: Disconnected from 107.189.29.175 port 51718 [preauth]
May  4 19:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32001]: Failed password for root from 189.91.255.92 port 55680 ssh2
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32024]: pam_unix(cron:session): session closed for user p13x
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32084]: Successful su for rubyman by root
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32084]: + ??? root:rubyman
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329272 of user rubyman.
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32084]: pam_unix(su:session): session closed for user rubyman
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329272.
May  4 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user root
May  4 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32025]: pam_unix(cron:session): session closed for user samftp
May  4 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Failed password for root from 189.91.255.92 port 58282 ssh2
May  4 19:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32122]: Connection closed by 189.91.255.92 port 58282 [preauth]
May  4 19:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: Failed password for root from 189.91.255.92 port 60372 ssh2
May  4 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32269]: Connection closed by 189.91.255.92 port 60372 [preauth]
May  4 19:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Failed password for root from 189.91.255.92 port 64048 ssh2
May  4 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session closed for user root
May  4 19:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32330]: Failed password for root from 189.91.255.92 port 9105 ssh2
May  4 19:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Failed password for root from 213.165.85.145 port 59984 ssh2
May  4 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Received disconnect from 213.165.85.145 port 59984:11: Bye Bye [preauth]
May  4 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Disconnected from 213.165.85.145 port 59984 [preauth]
May  4 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Failed password for root from 189.91.255.92 port 11177 ssh2
May  4 19:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Failed password for root from 189.91.255.92 port 13261 ssh2
May  4 19:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32405]: Connection closed by 189.91.255.92 port 13261 [preauth]
May  4 19:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session closed for user p13x
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: Successful su for rubyman by root
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: + ??? root:rubyman
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329275 of user rubyman.
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: pam_unix(su:session): session closed for user rubyman
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329275.
May  4 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session closed for user root
May  4 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Failed password for root from 189.91.255.92 port 14617 ssh2
May  4 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Connection closed by 189.91.255.92 port 14617 [preauth]
May  4 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session closed for user samftp
May  4 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Invalid user testuser from 45.95.233.112
May  4 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: input_userauth_request: invalid user testuser [preauth]
May  4 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Failed password for invalid user testuser from 45.95.233.112 port 60550 ssh2
May  4 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Received disconnect from 45.95.233.112 port 60550:11: Bye Bye [preauth]
May  4 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[326]: Disconnected from 45.95.233.112 port 60550 [preauth]
May  4 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Failed password for root from 189.91.255.92 port 17919 ssh2
May  4 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for root from 189.91.255.92 port 19973 ssh2
May  4 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Connection closed by 189.91.255.92 port 19973 [preauth]
May  4 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31575]: pam_unix(cron:session): session closed for user root
May  4 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Invalid user itadmin from 50.235.31.47
May  4 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: input_userauth_request: invalid user itadmin [preauth]
May  4 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: Failed password for root from 189.91.255.92 port 22741 ssh2
May  4 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[408]: Connection closed by 189.91.255.92 port 22741 [preauth]
May  4 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Failed password for invalid user itadmin from 50.235.31.47 port 55174 ssh2
May  4 19:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[449]: Connection closed by 50.235.31.47 port 55174 [preauth]
May  4 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: Invalid user vendas from 36.255.8.54
May  4 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: input_userauth_request: invalid user vendas [preauth]
May  4 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  4 19:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: Failed password for invalid user vendas from 36.255.8.54 port 34466 ssh2
May  4 19:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: Received disconnect from 36.255.8.54 port 34466:11: Bye Bye [preauth]
May  4 19:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[467]: Disconnected from 36.255.8.54 port 34466 [preauth]
May  4 19:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: Failed password for root from 189.91.255.92 port 24367 ssh2
May  4 19:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[452]: Connection closed by 189.91.255.92 port 24367 [preauth]
May  4 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Failed password for root from 189.91.255.92 port 25499 ssh2
May  4 19:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[494]: Connection closed by 189.91.255.92 port 25499 [preauth]
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[521]: pam_unix(cron:session): session closed for user root
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[515]: pam_unix(cron:session): session closed for user p13x
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[587]: Successful su for rubyman by root
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[587]: + ??? root:rubyman
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329280 of user rubyman.
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[587]: pam_unix(su:session): session closed for user rubyman
May  4 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329280.
May  4 19:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[517]: pam_unix(cron:session): session closed for user root
May  4 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user root
May  4 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Failed password for root from 189.91.255.92 port 29045 ssh2
May  4 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[516]: pam_unix(cron:session): session closed for user samftp
May  4 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Connection closed by 189.91.255.92 port 29045 [preauth]
May  4 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: Failed password for root from 189.91.255.92 port 30147 ssh2
May  4 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[835]: Connection closed by 189.91.255.92 port 30147 [preauth]
May  4 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: Failed password for root from 189.91.255.92 port 32355 ssh2
May  4 19:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[861]: Connection closed by 189.91.255.92 port 32355 [preauth]
May  4 19:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Invalid user terrariaserver from 145.239.89.124
May  4 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: input_userauth_request: invalid user terrariaserver [preauth]
May  4 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Failed password for invalid user terrariaserver from 145.239.89.124 port 44416 ssh2
May  4 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Received disconnect from 145.239.89.124 port 44416:11: Bye Bye [preauth]
May  4 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Disconnected from 145.239.89.124 port 44416 [preauth]
May  4 19:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: Failed password for root from 189.91.255.92 port 34777 ssh2
May  4 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[873]: Connection closed by 189.91.255.92 port 34777 [preauth]
May  4 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32027]: pam_unix(cron:session): session closed for user root
May  4 19:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Failed password for root from 189.91.255.92 port 35935 ssh2
May  4 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Connection closed by 189.91.255.92 port 35935 [preauth]
May  4 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Failed password for root from 189.91.255.92 port 38839 ssh2
May  4 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Connection closed by 189.91.255.92 port 38839 [preauth]
May  4 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Failed password for root from 189.91.255.92 port 41377 ssh2
May  4 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session closed for user p13x
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1077]: Successful su for rubyman by root
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1077]: + ??? root:rubyman
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329286 of user rubyman.
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1077]: pam_unix(su:session): session closed for user rubyman
May  4 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329286.
May  4 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session closed for user root
May  4 19:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for root from 189.91.255.92 port 42663 ssh2
May  4 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session closed for user samftp
May  4 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Connection closed by 189.91.255.92 port 42663 [preauth]
May  4 19:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Connection closed by 189.91.255.92 port 41377 [preauth]
May  4 19:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: Invalid user deploy from 81.70.167.132
May  4 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: input_userauth_request: invalid user deploy [preauth]
May  4 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  4 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: Failed password for root from 189.91.255.92 port 45993 ssh2
May  4 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: Failed password for invalid user deploy from 81.70.167.132 port 53326 ssh2
May  4 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: Received disconnect from 81.70.167.132 port 53326:11: Bye Bye [preauth]
May  4 19:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1312]: Disconnected from 81.70.167.132 port 53326 [preauth]
May  4 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1298]: Connection closed by 189.91.255.92 port 45993 [preauth]
May  4 19:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1339]: Failed password for root from 189.91.255.92 port 46869 ssh2
May  4 19:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1339]: Connection closed by 189.91.255.92 port 46869 [preauth]
May  4 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  4 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1367]: Failed password for root from 218.92.0.215 port 60288 ssh2
May  4 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session closed for user root
May  4 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for root from 189.91.255.92 port 49031 ssh2
May  4 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1367]: Received disconnect from 218.92.0.215 port 60288:11:  [preauth]
May  4 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1367]: Disconnected from 218.92.0.215 port 60288 [preauth]
May  4 19:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Connection closed by 189.91.255.92 port 49031 [preauth]
May  4 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Failed password for root from 189.91.255.92 port 52055 ssh2
May  4 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Connection closed by 189.91.255.92 port 52055 [preauth]
May  4 19:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for root from 189.91.255.92 port 54405 ssh2
May  4 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Connection closed by 189.91.255.92 port 54405 [preauth]
May  4 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Failed password for root from 189.91.255.92 port 56501 ssh2
May  4 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1503]: pam_unix(cron:session): session closed for user p13x
May  4 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Failed password for root from 177.182.181.8 port 46254 ssh2
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Received disconnect from 177.182.181.8 port 46254:11: Bye Bye [preauth]
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: Disconnected from 177.182.181.8 port 46254 [preauth]
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1571]: Successful su for rubyman by root
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1571]: + ??? root:rubyman
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329290 of user rubyman.
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1571]: pam_unix(su:session): session closed for user rubyman
May  4 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329290.
May  4 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31157]: pam_unix(cron:session): session closed for user root
May  4 19:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session closed for user samftp
May  4 19:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1490]: Connection closed by 189.91.255.92 port 56501 [preauth]
May  4 19:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Failed password for root from 189.91.255.92 port 57901 ssh2
May  4 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Connection closed by 189.91.255.92 port 57901 [preauth]
May  4 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Failed password for root from 189.91.255.92 port 59945 ssh2
May  4 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1782]: Connection closed by 189.91.255.92 port 59945 [preauth]
May  4 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for root from 189.91.255.92 port 62797 ssh2
May  4 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 189.91.255.92 port 62797 [preauth]
May  4 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[520]: pam_unix(cron:session): session closed for user root
May  4 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Failed password for root from 107.189.29.175 port 58032 ssh2
May  4 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Received disconnect from 107.189.29.175 port 58032:11: Bye Bye [preauth]
May  4 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Disconnected from 107.189.29.175 port 58032 [preauth]
May  4 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: Failed password for root from 189.91.255.92 port 65397 ssh2
May  4 19:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1856]: Connection closed by 189.91.255.92 port 65397 [preauth]
May  4 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Failed password for root from 189.91.255.92 port 10094 ssh2
May  4 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1890]: Connection closed by 189.91.255.92 port 10094 [preauth]
May  4 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Failed password for root from 189.91.255.92 port 11754 ssh2
May  4 19:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2006]: Connection closed by 189.91.255.92 port 11754 [preauth]
May  4 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2018]: Failed password for root from 189.91.255.92 port 14072 ssh2
May  4 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2030]: pam_unix(cron:session): session closed for user p13x
May  4 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: Successful su for rubyman by root
May  4 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: + ??? root:rubyman
May  4 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329295 of user rubyman.
May  4 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: pam_unix(su:session): session closed for user rubyman
May  4 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329295.
May  4 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31574]: pam_unix(cron:session): session closed for user root
May  4 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session closed for user samftp
May  4 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for root from 189.91.255.92 port 15538 ssh2
May  4 19:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Connection closed by 189.91.255.92 port 15538 [preauth]
May  4 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Failed password for root from 189.91.255.92 port 17438 ssh2
May  4 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: Invalid user dima from 152.32.190.168
May  4 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: input_userauth_request: invalid user dima [preauth]
May  4 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: Failed password for invalid user dima from 152.32.190.168 port 40786 ssh2
May  4 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: Received disconnect from 152.32.190.168 port 40786:11: Bye Bye [preauth]
May  4 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2312]: Disconnected from 152.32.190.168 port 40786 [preauth]
May  4 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Connection closed by 189.91.255.92 port 17438 [preauth]
May  4 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Invalid user \\ from 195.178.110.50
May  4 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: input_userauth_request: invalid user \\\\ [preauth]
May  4 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Failed password for invalid user \\ from 195.178.110.50 port 24020 ssh2
May  4 19:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Connection closed by 195.178.110.50 port 24020 [preauth]
May  4 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Failed password for root from 189.91.255.92 port 19124 ssh2
May  4 19:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Connection closed by 189.91.255.92 port 19124 [preauth]
May  4 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session closed for user root
May  4 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Failed password for root from 189.91.255.92 port 21680 ssh2
May  4 19:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112  user=root
May  4 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Connection closed by 189.91.255.92 port 21680 [preauth]
May  4 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: Invalid user userftp from 27.112.78.170
May  4 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: input_userauth_request: invalid user userftp [preauth]
May  4 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Invalid user ) from 195.178.110.50
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: input_userauth_request: invalid user ) [preauth]
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Failed password for root from 45.95.233.112 port 54034 ssh2
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Received disconnect from 45.95.233.112 port 54034:11: Bye Bye [preauth]
May  4 19:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Disconnected from 45.95.233.112 port 54034 [preauth]
May  4 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Failed password for invalid user ) from 195.178.110.50 port 52796 ssh2
May  4 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: Failed password for invalid user userftp from 27.112.78.170 port 35460 ssh2
May  4 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: Received disconnect from 27.112.78.170 port 35460:11: Bye Bye [preauth]
May  4 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2409]: Disconnected from 27.112.78.170 port 35460 [preauth]
May  4 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Connection closed by 195.178.110.50 port 52796 [preauth]
May  4 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Invalid user leo from 103.52.115.223
May  4 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: input_userauth_request: invalid user leo [preauth]
May  4 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.52.115.223
May  4 19:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Failed password for root from 189.91.255.92 port 23946 ssh2
May  4 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Failed password for invalid user leo from 103.52.115.223 port 49688 ssh2
May  4 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Received disconnect from 103.52.115.223 port 49688:11: Bye Bye [preauth]
May  4 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Disconnected from 103.52.115.223 port 49688 [preauth]
May  4 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Invalid user lizy from 213.165.85.145
May  4 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: input_userauth_request: invalid user lizy [preauth]
May  4 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Failed password for invalid user lizy from 213.165.85.145 port 36676 ssh2
May  4 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Received disconnect from 213.165.85.145 port 36676:11: Bye Bye [preauth]
May  4 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Disconnected from 213.165.85.145 port 36676 [preauth]
May  4 19:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Connection closed by 189.91.255.92 port 23946 [preauth]
May  4 19:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Failed password for root from 189.91.255.92 port 26542 ssh2
May  4 19:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Connection closed by 189.91.255.92 port 26542 [preauth]
May  4 19:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2462]: Failed password for root from 189.91.255.92 port 28830 ssh2
May  4 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Invalid user T from 195.178.110.50
May  4 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: input_userauth_request: invalid user T [preauth]
May  4 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session closed for user p13x
May  4 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: Successful su for rubyman by root
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: + ??? root:rubyman
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329297 of user rubyman.
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: pam_unix(su:session): session closed for user rubyman
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329297.
May  4 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Failed password for invalid user T from 195.178.110.50 port 45290 ssh2
May  4 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2430]: Connection closed by 195.178.110.50 port 45290 [preauth]
May  4 19:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32026]: pam_unix(cron:session): session closed for user root
May  4 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session closed for user samftp
May  4 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Failed password for root from 189.91.255.92 port 30288 ssh2
May  4 19:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: Invalid user ! from 195.178.110.50
May  4 19:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: input_userauth_request: invalid user ! [preauth]
May  4 19:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 19:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Connection closed by 189.91.255.92 port 30288 [preauth]
May  4 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Failed password for root from 189.91.255.92 port 32976 ssh2
May  4 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Connection closed by 189.91.255.92 port 32976 [preauth]
May  4 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: Failed password for invalid user ! from 195.178.110.50 port 24046 ssh2
May  4 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: Connection closed by 195.178.110.50 port 24046 [preauth]
May  4 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Failed password for root from 189.91.255.92 port 34760 ssh2
May  4 19:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Connection closed by 189.91.255.92 port 34760 [preauth]
May  4 19:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1506]: pam_unix(cron:session): session closed for user root
May  4 19:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2831]: Failed password for root from 189.91.255.92 port 35650 ssh2
May  4 19:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2831]: Connection closed by 189.91.255.92 port 35650 [preauth]
May  4 19:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Invalid user L from 195.178.110.50
May  4 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: input_userauth_request: invalid user L [preauth]
May  4 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 19:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Failed password for invalid user L from 195.178.110.50 port 5066 ssh2
May  4 19:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Connection closed by 195.178.110.50 port 5066 [preauth]
May  4 19:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2874]: Failed password for root from 189.91.255.92 port 39492 ssh2
May  4 19:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2874]: Connection closed by 189.91.255.92 port 39492 [preauth]
May  4 19:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2911]: Failed password for root from 189.91.255.92 port 40804 ssh2
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session closed for user root
May  4 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session closed for user p13x
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3002]: Successful su for rubyman by root
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3002]: + ??? root:rubyman
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329303 of user rubyman.
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3002]: pam_unix(su:session): session closed for user rubyman
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329303.
May  4 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Invalid user sky from 145.239.89.124
May  4 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: input_userauth_request: invalid user sky [preauth]
May  4 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user root
May  4 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session closed for user root
May  4 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Failed password for invalid user sky from 145.239.89.124 port 47190 ssh2
May  4 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Received disconnect from 145.239.89.124 port 47190:11: Bye Bye [preauth]
May  4 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Disconnected from 145.239.89.124 port 47190 [preauth]
May  4 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session closed for user samftp
May  4 19:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: Failed password for root from 189.91.255.92 port 43592 ssh2
May  4 19:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3230]: Failed password for root from 189.91.255.92 port 46018 ssh2
May  4 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: Connection closed by 189.91.255.92 port 43592 [preauth]
May  4 19:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3230]: Connection closed by 189.91.255.92 port 46018 [preauth]
May  4 19:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: Failed password for root from 189.91.255.92 port 48310 ssh2
May  4 19:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: Connection closed by 189.91.255.92 port 48310 [preauth]
May  4 19:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user root
May  4 19:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Failed password for root from 189.91.255.92 port 50926 ssh2
May  4 19:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Failed password for root from 140.249.188.255 port 60654 ssh2
May  4 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Received disconnect from 140.249.188.255 port 60654:11: Bye Bye [preauth]
May  4 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3321]: Disconnected from 140.249.188.255 port 60654 [preauth]
May  4 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Failed password for root from 189.91.255.92 port 52702 ssh2
May  4 19:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Connection closed by 189.91.255.92 port 50926 [preauth]
May  4 19:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3333]: Connection closed by 189.91.255.92 port 52702 [preauth]
May  4 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: Failed password for root from 189.91.255.92 port 54646 ssh2
May  4 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3356]: Connection closed by 189.91.255.92 port 54646 [preauth]
May  4 19:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3388]: pam_unix(cron:session): session closed for user p13x
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3472]: Successful su for rubyman by root
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3472]: + ??? root:rubyman
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329308 of user rubyman.
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3472]: pam_unix(su:session): session closed for user rubyman
May  4 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329308.
May  4 19:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Failed password for root from 189.91.255.92 port 56934 ssh2
May  4 19:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session closed for user root
May  4 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Connection closed by 189.91.255.92 port 56934 [preauth]
May  4 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3389]: pam_unix(cron:session): session closed for user samftp
May  4 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Failed password for root from 189.91.255.92 port 59812 ssh2
May  4 19:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for root from 189.91.255.92 port 61064 ssh2
May  4 19:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Connection closed by 189.91.255.92 port 61064 [preauth]
May  4 19:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Connection closed by 189.91.255.92 port 59812 [preauth]
May  4 19:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Failed password for root from 189.91.255.92 port 64312 ssh2
May  4 19:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3728]: Connection closed by 189.91.255.92 port 64312 [preauth]
May  4 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2489]: pam_unix(cron:session): session closed for user root
May  4 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Failed password for root from 189.91.255.92 port 10211 ssh2
May  4 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Connection closed by 189.91.255.92 port 10211 [preauth]
May  4 19:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Failed password for root from 189.91.255.92 port 11221 ssh2
May  4 19:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Connection closed by 189.91.255.92 port 11221 [preauth]
May  4 19:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Failed password for root from 189.91.255.92 port 15325 ssh2
May  4 19:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3855]: pam_unix(cron:session): session closed for user p13x
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Invalid user odoo17 from 107.189.29.175
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: input_userauth_request: invalid user odoo17 [preauth]
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: Successful su for rubyman by root
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: + ??? root:rubyman
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329312 of user rubyman.
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: pam_unix(su:session): session closed for user rubyman
May  4 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329312.
May  4 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Failed password for invalid user odoo17 from 107.189.29.175 port 36102 ssh2
May  4 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Received disconnect from 107.189.29.175 port 36102:11: Bye Bye [preauth]
May  4 19:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Disconnected from 107.189.29.175 port 36102 [preauth]
May  4 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session closed for user root
May  4 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3856]: pam_unix(cron:session): session closed for user samftp
May  4 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Failed password for root from 189.91.255.92 port 16757 ssh2
May  4 19:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Connection closed by 189.91.255.92 port 16757 [preauth]
May  4 19:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: Failed password for root from 189.91.255.92 port 18645 ssh2
May  4 19:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4150]: Connection closed by 189.91.255.92 port 18645 [preauth]
May  4 19:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.255.92  user=root
May  4 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Failed password for root from 189.91.255.92 port 20621 ssh2
May  4 19:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Connection closed by 189.91.255.92 port 20621 [preauth]
May  4 19:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session closed for user root
May  4 19:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for root from 189.91.248.139 port 23275 ssh2
May  4 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Connection closed by 189.91.248.139 port 23275 [preauth]
May  4 19:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Failed password for root from 189.91.248.139 port 23503 ssh2
May  4 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4264]: Connection closed by 189.91.248.139 port 23503 [preauth]
May  4 19:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Failed password for root from 189.91.248.139 port 23667 ssh2
May  4 19:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Connection closed by 189.91.248.139 port 23667 [preauth]
May  4 19:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Failed password for root from 189.91.248.139 port 23751 ssh2
May  4 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Connection closed by 189.91.248.139 port 23751 [preauth]
May  4 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Invalid user ubuntu from 177.182.181.8
May  4 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: input_userauth_request: invalid user ubuntu [preauth]
May  4 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 19:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Failed password for invalid user ubuntu from 177.182.181.8 port 37450 ssh2
May  4 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Received disconnect from 177.182.181.8 port 37450:11: Bye Bye [preauth]
May  4 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Disconnected from 177.182.181.8 port 37450 [preauth]
May  4 19:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Failed password for root from 189.91.248.139 port 24039 ssh2
May  4 19:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Connection closed by 189.91.248.139 port 24039 [preauth]
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user p13x
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: Successful su for rubyman by root
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: + ??? root:rubyman
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329315 of user rubyman.
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: pam_unix(su:session): session closed for user rubyman
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329315.
May  4 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session closed for user root
May  4 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Failed password for root from 189.91.248.139 port 24227 ssh2
May  4 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Connection closed by 189.91.248.139 port 24227 [preauth]
May  4 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session closed for user samftp
May  4 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Failed password for root from 189.91.248.139 port 24443 ssh2
May  4 19:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Connection closed by 189.91.248.139 port 24443 [preauth]
May  4 19:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Failed password for root from 189.91.248.139 port 24635 ssh2
May  4 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4734]: Connection closed by 189.91.248.139 port 24635 [preauth]
May  4 19:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: Failed password for root from 189.91.248.139 port 24909 ssh2
May  4 19:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4758]: Connection closed by 189.91.248.139 port 24909 [preauth]
May  4 19:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Failed password for root from 189.91.248.139 port 25073 ssh2
May  4 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Connection closed by 189.91.248.139 port 25073 [preauth]
May  4 19:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: Failed password for root from 189.91.248.139 port 25249 ssh2
May  4 19:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: Connection closed by 189.91.248.139 port 25249 [preauth]
May  4 19:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Invalid user dima from 152.32.190.168
May  4 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: input_userauth_request: invalid user dima [preauth]
May  4 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3396]: pam_unix(cron:session): session closed for user root
May  4 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Failed password for invalid user dima from 152.32.190.168 port 59812 ssh2
May  4 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Received disconnect from 152.32.190.168 port 59812:11: Bye Bye [preauth]
May  4 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4797]: Disconnected from 152.32.190.168 port 59812 [preauth]
May  4 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Failed password for root from 189.91.248.139 port 25447 ssh2
May  4 19:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Connection closed by 189.91.248.139 port 25447 [preauth]
May  4 19:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Failed password for root from 189.91.248.139 port 25719 ssh2
May  4 19:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4848]: Connection closed by 189.91.248.139 port 25719 [preauth]
May  4 19:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: Failed password for root from 189.91.248.139 port 25887 ssh2
May  4 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4861]: Connection closed by 189.91.248.139 port 25887 [preauth]
May  4 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Failed password for root from 189.91.248.139 port 26095 ssh2
May  4 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Invalid user pzuser from 213.165.85.145
May  4 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: input_userauth_request: invalid user pzuser [preauth]
May  4 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4877]: Connection closed by 189.91.248.139 port 26095 [preauth]
May  4 19:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Failed password for invalid user pzuser from 213.165.85.145 port 43022 ssh2
May  4 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Received disconnect from 213.165.85.145 port 43022:11: Bye Bye [preauth]
May  4 19:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4888]: Disconnected from 213.165.85.145 port 43022 [preauth]
May  4 19:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Failed password for root from 189.91.248.139 port 26269 ssh2
May  4 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Connection closed by 189.91.248.139 port 26269 [preauth]
May  4 19:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Failed password for root from 189.91.248.139 port 26495 ssh2
May  4 19:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Connection closed by 189.91.248.139 port 26495 [preauth]
May  4 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4928]: pam_unix(cron:session): session closed for user p13x
May  4 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: Successful su for rubyman by root
May  4 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: + ??? root:rubyman
May  4 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329319 of user rubyman.
May  4 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5004]: pam_unix(su:session): session closed for user rubyman
May  4 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329319.
May  4 19:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Failed password for root from 189.91.248.139 port 26687 ssh2
May  4 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Connection closed by 189.91.248.139 port 26687 [preauth]
May  4 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session closed for user root
May  4 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4929]: pam_unix(cron:session): session closed for user samftp
May  4 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: Invalid user sharing from 45.95.233.112
May  4 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: input_userauth_request: invalid user sharing [preauth]
May  4 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Failed password for root from 189.91.248.139 port 26889 ssh2
May  4 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5332]: Connection closed by 189.91.248.139 port 26889 [preauth]
May  4 19:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: Failed password for invalid user sharing from 45.95.233.112 port 59848 ssh2
May  4 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: Received disconnect from 45.95.233.112 port 59848:11: Bye Bye [preauth]
May  4 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5364]: Disconnected from 45.95.233.112 port 59848 [preauth]
May  4 19:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: Failed password for root from 189.91.248.139 port 27073 ssh2
May  4 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: Connection closed by 189.91.248.139 port 27073 [preauth]
May  4 19:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: Failed password for root from 189.91.248.139 port 27321 ssh2
May  4 19:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5402]: Connection closed by 189.91.248.139 port 27321 [preauth]
May  4 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Invalid user taibabi from 27.112.78.170
May  4 19:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: input_userauth_request: invalid user taibabi [preauth]
May  4 19:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 19:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Failed password for invalid user taibabi from 27.112.78.170 port 42028 ssh2
May  4 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Received disconnect from 27.112.78.170 port 42028:11: Bye Bye [preauth]
May  4 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Disconnected from 27.112.78.170 port 42028 [preauth]
May  4 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Failed password for root from 189.91.248.139 port 27505 ssh2
May  4 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5414]: Connection closed by 189.91.248.139 port 27505 [preauth]
May  4 19:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Failed password for root from 189.91.248.139 port 27749 ssh2
May  4 19:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5440]: Connection closed by 189.91.248.139 port 27749 [preauth]
May  4 19:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3858]: pam_unix(cron:session): session closed for user root
May  4 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Failed password for root from 189.91.248.139 port 27951 ssh2
May  4 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5456]: Connection closed by 189.91.248.139 port 27951 [preauth]
May  4 19:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Failed password for root from 189.91.248.139 port 28193 ssh2
May  4 19:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5492]: Connection closed by 189.91.248.139 port 28193 [preauth]
May  4 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Invalid user ubuntu from 145.239.89.124
May  4 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: input_userauth_request: invalid user ubuntu [preauth]
May  4 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Failed password for invalid user ubuntu from 145.239.89.124 port 35290 ssh2
May  4 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Received disconnect from 145.239.89.124 port 35290:11: Bye Bye [preauth]
May  4 19:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5494]: Disconnected from 145.239.89.124 port 35290 [preauth]
May  4 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for root from 189.91.248.139 port 28369 ssh2
May  4 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Connection closed by 189.91.248.139 port 28369 [preauth]
May  4 19:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Failed password for root from 189.91.248.139 port 28641 ssh2
May  4 19:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5537]: Connection closed by 189.91.248.139 port 28641 [preauth]
May  4 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: Failed password for root from 189.91.248.139 port 28815 ssh2
May  4 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5557]: Connection closed by 189.91.248.139 port 28815 [preauth]
May  4 19:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Failed password for root from 189.91.248.139 port 29023 ssh2
May  4 19:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5586]: Connection closed by 189.91.248.139 port 29023 [preauth]
May  4 19:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session closed for user root
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session closed for user p13x
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: Successful su for rubyman by root
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: + ??? root:rubyman
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329323 of user rubyman.
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5685]: pam_unix(su:session): session closed for user rubyman
May  4 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329323.
May  4 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session closed for user root
May  4 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session closed for user root
May  4 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: Failed password for root from 189.91.248.139 port 29217 ssh2
May  4 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5599]: Connection closed by 189.91.248.139 port 29217 [preauth]
May  4 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session closed for user samftp
May  4 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Failed password for root from 189.91.248.139 port 29453 ssh2
May  4 19:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5980]: Connection closed by 189.91.248.139 port 29453 [preauth]
May  4 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Failed password for root from 189.91.248.139 port 29601 ssh2
May  4 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5991]: Connection closed by 189.91.248.139 port 29601 [preauth]
May  4 19:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Failed password for root from 189.91.248.139 port 29813 ssh2
May  4 19:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Connection closed by 189.91.248.139 port 29813 [preauth]
May  4 19:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Failed password for root from 189.91.248.139 port 29963 ssh2
May  4 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6024]: Connection closed by 189.91.248.139 port 29963 [preauth]
May  4 19:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Failed password for root from 140.249.188.255 port 60948 ssh2
May  4 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Received disconnect from 140.249.188.255 port 60948:11: Bye Bye [preauth]
May  4 19:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6036]: Disconnected from 140.249.188.255 port 60948 [preauth]
May  4 19:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Invalid user server from 81.70.167.132
May  4 19:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: input_userauth_request: invalid user server [preauth]
May  4 19:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  4 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for root from 189.91.248.139 port 30137 ssh2
May  4 19:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 189.91.248.139 port 30137 [preauth]
May  4 19:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Failed password for invalid user server from 81.70.167.132 port 35360 ssh2
May  4 19:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Received disconnect from 81.70.167.132 port 35360:11: Bye Bye [preauth]
May  4 19:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Disconnected from 81.70.167.132 port 35360 [preauth]
May  4 19:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session closed for user root
May  4 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Failed password for root from 189.91.248.139 port 30325 ssh2
May  4 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Connection closed by 189.91.248.139 port 30325 [preauth]
May  4 19:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed password for root from 189.91.248.139 port 30509 ssh2
May  4 19:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Connection closed by 189.91.248.139 port 30509 [preauth]
May  4 19:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Failed password for root from 189.91.248.139 port 30691 ssh2
May  4 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6114]: Connection closed by 189.91.248.139 port 30691 [preauth]
May  4 19:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Failed password for root from 189.91.248.139 port 30919 ssh2
May  4 19:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6140]: Connection closed by 189.91.248.139 port 30919 [preauth]
May  4 19:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Failed password for root from 189.91.248.139 port 31161 ssh2
May  4 19:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Connection closed by 189.91.248.139 port 31161 [preauth]
May  4 19:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6175]: pam_unix(cron:session): session closed for user p13x
May  4 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: Successful su for rubyman by root
May  4 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: + ??? root:rubyman
May  4 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329329 of user rubyman.
May  4 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6244]: pam_unix(su:session): session closed for user rubyman
May  4 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329329.
May  4 19:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Failed password for root from 189.91.248.139 port 31433 ssh2
May  4 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6170]: Connection closed by 189.91.248.139 port 31433 [preauth]
May  4 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user root
May  4 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6176]: pam_unix(cron:session): session closed for user samftp
May  4 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Failed password for root from 189.91.248.139 port 31655 ssh2
May  4 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Connection closed by 189.91.248.139 port 31655 [preauth]
May  4 19:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: Failed password for root from 189.91.248.139 port 31871 ssh2
May  4 19:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6432]: Connection closed by 189.91.248.139 port 31871 [preauth]
May  4 19:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Failed password for root from 189.91.248.139 port 32023 ssh2
May  4 19:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6442]: Connection closed by 189.91.248.139 port 32023 [preauth]
May  4 19:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Failed password for root from 189.91.248.139 port 32197 ssh2
May  4 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6470]: Connection closed by 189.91.248.139 port 32197 [preauth]
May  4 19:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Failed password for root from 189.91.248.139 port 32379 ssh2
May  4 19:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Connection closed by 189.91.248.139 port 32379 [preauth]
May  4 19:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: Failed password for root from 189.91.248.139 port 32581 ssh2
May  4 19:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6503]: Connection closed by 189.91.248.139 port 32581 [preauth]
May  4 19:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 19:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Failed password for root from 107.189.29.175 port 42410 ssh2
May  4 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Received disconnect from 107.189.29.175 port 42410:11: Bye Bye [preauth]
May  4 19:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6505]: Disconnected from 107.189.29.175 port 42410 [preauth]
May  4 19:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Failed password for root from 189.91.248.139 port 32743 ssh2
May  4 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6507]: Connection closed by 189.91.248.139 port 32743 [preauth]
May  4 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session closed for user root
May  4 19:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Failed password for root from 189.91.248.139 port 32919 ssh2
May  4 19:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6522]: Connection closed by 189.91.248.139 port 32919 [preauth]
May  4 19:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Failed password for root from 189.91.248.139 port 33209 ssh2
May  4 19:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Connection closed by 189.91.248.139 port 33209 [preauth]
May  4 19:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for root from 189.91.248.139 port 33439 ssh2
May  4 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 189.91.248.139 port 33439 [preauth]
May  4 19:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Failed password for root from 189.91.248.139 port 33667 ssh2
May  4 19:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Connection closed by 189.91.248.139 port 33667 [preauth]
May  4 19:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: Failed password for root from 189.91.248.139 port 33823 ssh2
May  4 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: Connection closed by 189.91.248.139 port 33823 [preauth]
May  4 19:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: Failed password for root from 189.91.248.139 port 34033 ssh2
May  4 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6603]: Connection closed by 189.91.248.139 port 34033 [preauth]
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user p13x
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: Successful su for rubyman by root
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: + ??? root:rubyman
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329334 of user rubyman.
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6686]: pam_unix(su:session): session closed for user rubyman
May  4 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329334.
May  4 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3395]: pam_unix(cron:session): session closed for user root
May  4 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Failed password for root from 189.91.248.139 port 34259 ssh2
May  4 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: Connection closed by 189.91.248.139 port 34259 [preauth]
May  4 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user samftp
May  4 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for root from 189.91.248.139 port 34517 ssh2
May  4 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Connection closed by 189.91.248.139 port 34517 [preauth]
May  4 19:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Failed password for root from 189.91.248.139 port 34723 ssh2
May  4 19:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Connection closed by 189.91.248.139 port 34723 [preauth]
May  4 19:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Failed password for root from 189.91.248.139 port 34915 ssh2
May  4 19:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6884]: Connection closed by 189.91.248.139 port 34915 [preauth]
May  4 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Failed password for root from 189.91.248.139 port 35145 ssh2
May  4 19:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6900]: Connection closed by 189.91.248.139 port 35145 [preauth]
May  4 19:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Failed password for root from 189.91.248.139 port 35345 ssh2
May  4 19:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Connection closed by 189.91.248.139 port 35345 [preauth]
May  4 19:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: Failed password for root from 189.91.248.139 port 35539 ssh2
May  4 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7010]: Connection closed by 189.91.248.139 port 35539 [preauth]
May  4 19:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Failed password for root from 189.91.248.139 port 35735 ssh2
May  4 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7025]: Connection closed by 189.91.248.139 port 35735 [preauth]
May  4 19:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Failed password for root from 189.91.248.139 port 35947 ssh2
May  4 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7039]: Connection closed by 189.91.248.139 port 35947 [preauth]
May  4 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session closed for user root
May  4 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 189.91.248.139 port 36109 ssh2
May  4 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Connection closed by 189.91.248.139 port 36109 [preauth]
May  4 19:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Failed password for root from 189.91.248.139 port 36297 ssh2
May  4 19:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Connection closed by 189.91.248.139 port 36297 [preauth]
May  4 19:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7095]: Failed password for root from 189.91.248.139 port 36529 ssh2
May  4 19:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7095]: Connection closed by 189.91.248.139 port 36529 [preauth]
May  4 19:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Failed password for root from 189.91.248.139 port 36711 ssh2
May  4 19:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7124]: Connection closed by 189.91.248.139 port 36711 [preauth]
May  4 19:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7126]: Failed password for root from 189.91.248.139 port 36903 ssh2
May  4 19:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7126]: Connection closed by 189.91.248.139 port 36903 [preauth]
May  4 19:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Failed password for root from 189.91.248.139 port 37115 ssh2
May  4 19:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Connection closed by 189.91.248.139 port 37115 [preauth]
May  4 19:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7147]: Failed password for root from 189.91.248.139 port 37365 ssh2
May  4 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7147]: Connection closed by 189.91.248.139 port 37365 [preauth]
May  4 19:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7160]: pam_unix(cron:session): session closed for user p13x
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7224]: Successful su for rubyman by root
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7224]: + ??? root:rubyman
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329337 of user rubyman.
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7224]: pam_unix(su:session): session closed for user rubyman
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329337.
May  4 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: Failed password for root from 189.91.248.139 port 37595 ssh2
May  4 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7149]: Connection closed by 189.91.248.139 port 37595 [preauth]
May  4 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3857]: pam_unix(cron:session): session closed for user root
May  4 19:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7161]: pam_unix(cron:session): session closed for user samftp
May  4 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: Failed password for root from 189.91.248.139 port 37785 ssh2
May  4 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7283]: Connection closed by 189.91.248.139 port 37785 [preauth]
May  4 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Failed password for root from 189.91.248.139 port 38023 ssh2
May  4 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Connection closed by 189.91.248.139 port 38023 [preauth]
May  4 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Invalid user debian from 45.95.233.112
May  4 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: input_userauth_request: invalid user debian [preauth]
May  4 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Failed password for invalid user debian from 45.95.233.112 port 60928 ssh2
May  4 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Received disconnect from 45.95.233.112 port 60928:11: Bye Bye [preauth]
May  4 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7408]: Disconnected from 45.95.233.112 port 60928 [preauth]
May  4 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Failed password for root from 189.91.248.139 port 38247 ssh2
May  4 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7415]: Connection closed by 189.91.248.139 port 38247 [preauth]
May  4 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Failed password for root from 189.91.248.139 port 38461 ssh2
May  4 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7430]: Connection closed by 189.91.248.139 port 38461 [preauth]
May  4 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Failed password for root from 189.91.248.139 port 38687 ssh2
May  4 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Connection closed by 189.91.248.139 port 38687 [preauth]
May  4 19:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 189.91.248.139 port 38883 ssh2
May  4 19:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Connection closed by 189.91.248.139 port 38883 [preauth]
May  4 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for root from 189.91.248.139 port 39085 ssh2
May  4 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Connection closed by 189.91.248.139 port 39085 [preauth]
May  4 19:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7485]: Failed password for root from 189.91.248.139 port 39331 ssh2
May  4 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7485]: Connection closed by 189.91.248.139 port 39331 [preauth]
May  4 19:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6179]: pam_unix(cron:session): session closed for user root
May  4 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Failed password for root from 189.91.248.139 port 39517 ssh2
May  4 19:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7589]: Connection closed by 189.91.248.139 port 39517 [preauth]
May  4 19:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for root from 189.91.248.139 port 39749 ssh2
May  4 19:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Connection closed by 189.91.248.139 port 39749 [preauth]
May  4 19:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Invalid user teamspeak from 177.182.181.8
May  4 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: input_userauth_request: invalid user teamspeak [preauth]
May  4 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: Failed password for root from 189.91.248.139 port 39993 ssh2
May  4 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: Connection closed by 189.91.248.139 port 39993 [preauth]
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: Invalid user nginx from 152.32.190.168
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: input_userauth_request: invalid user nginx [preauth]
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Failed password for invalid user teamspeak from 177.182.181.8 port 57224 ssh2
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Received disconnect from 177.182.181.8 port 57224:11: Bye Bye [preauth]
May  4 19:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Disconnected from 177.182.181.8 port 57224 [preauth]
May  4 19:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: Failed password for invalid user nginx from 152.32.190.168 port 56498 ssh2
May  4 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: Received disconnect from 152.32.190.168 port 56498:11: Bye Bye [preauth]
May  4 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7658]: Disconnected from 152.32.190.168 port 56498 [preauth]
May  4 19:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7660]: Failed password for root from 189.91.248.139 port 40203 ssh2
May  4 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7660]: Connection closed by 189.91.248.139 port 40203 [preauth]
May  4 19:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Invalid user cisco from 213.165.85.145
May  4 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: input_userauth_request: invalid user cisco [preauth]
May  4 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Failed password for root from 189.91.248.139 port 40429 ssh2
May  4 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7671]: Connection closed by 189.91.248.139 port 40429 [preauth]
May  4 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Failed password for invalid user cisco from 213.165.85.145 port 56360 ssh2
May  4 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Received disconnect from 213.165.85.145 port 56360:11: Bye Bye [preauth]
May  4 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Disconnected from 213.165.85.145 port 56360 [preauth]
May  4 19:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7687]: Failed password for root from 189.91.248.139 port 40639 ssh2
May  4 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7687]: Connection closed by 189.91.248.139 port 40639 [preauth]
May  4 19:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7689]: Failed password for root from 189.91.248.139 port 40845 ssh2
May  4 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7689]: Connection closed by 189.91.248.139 port 40845 [preauth]
May  4 19:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session closed for user p13x
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: Successful su for rubyman by root
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: + ??? root:rubyman
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329341 of user rubyman.
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: pam_unix(su:session): session closed for user rubyman
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329341.
May  4 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7701]: Failed password for root from 189.91.248.139 port 41069 ssh2
May  4 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7701]: Connection closed by 189.91.248.139 port 41069 [preauth]
May  4 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7703]: pam_unix(cron:session): session closed for user root
May  4 19:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session closed for user root
May  4 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Invalid user singh from 145.239.89.124
May  4 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: input_userauth_request: invalid user singh [preauth]
May  4 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Failed password for root from 189.91.248.139 port 41259 ssh2
May  4 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Connection closed by 189.91.248.139 port 41259 [preauth]
May  4 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7706]: pam_unix(cron:session): session closed for user samftp
May  4 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Failed password for invalid user singh from 145.239.89.124 port 49582 ssh2
May  4 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Received disconnect from 145.239.89.124 port 49582:11: Bye Bye [preauth]
May  4 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Disconnected from 145.239.89.124 port 49582 [preauth]
May  4 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Failed password for root from 189.91.248.139 port 41455 ssh2
May  4 19:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8064]: Connection closed by 189.91.248.139 port 41455 [preauth]
May  4 19:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: Failed password for root from 189.91.248.139 port 41663 ssh2
May  4 19:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8077]: Connection closed by 189.91.248.139 port 41663 [preauth]
May  4 19:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Failed password for root from 189.91.248.139 port 41871 ssh2
May  4 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8097]: Connection closed by 189.91.248.139 port 41871 [preauth]
May  4 19:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8110]: Failed password for root from 189.91.248.139 port 42095 ssh2
May  4 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8110]: Connection closed by 189.91.248.139 port 42095 [preauth]
May  4 19:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Failed password for root from 189.91.248.139 port 42287 ssh2
May  4 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Connection closed by 189.91.248.139 port 42287 [preauth]
May  4 19:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Failed password for root from 189.91.248.139 port 42467 ssh2
May  4 19:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8157]: Connection closed by 189.91.248.139 port 42467 [preauth]
May  4 19:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Failed password for root from 189.91.248.139 port 42689 ssh2
May  4 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8159]: Connection closed by 189.91.248.139 port 42689 [preauth]
May  4 19:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
May  4 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: Failed password for root from 189.91.248.139 port 42891 ssh2
May  4 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8171]: Connection closed by 189.91.248.139 port 42891 [preauth]
May  4 19:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8210]: Failed password for root from 189.91.248.139 port 43107 ssh2
May  4 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8210]: Connection closed by 189.91.248.139 port 43107 [preauth]
May  4 19:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: Failed password for root from 189.91.248.139 port 43331 ssh2
May  4 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: Connection closed by 189.91.248.139 port 43331 [preauth]
May  4 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: Failed password for root from 189.91.248.139 port 43483 ssh2
May  4 19:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8225]: Connection closed by 189.91.248.139 port 43483 [preauth]
May  4 19:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Failed password for root from 189.91.248.139 port 43701 ssh2
May  4 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Connection closed by 189.91.248.139 port 43701 [preauth]
May  4 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8258]: Failed password for root from 189.91.248.139 port 43917 ssh2
May  4 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8258]: Connection closed by 189.91.248.139 port 43917 [preauth]
May  4 19:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Failed password for root from 189.91.248.139 port 44055 ssh2
May  4 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Connection closed by 189.91.248.139 port 44055 [preauth]
May  4 19:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: Failed password for root from 189.91.248.139 port 44263 ssh2
May  4 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8270]: Connection closed by 189.91.248.139 port 44263 [preauth]
May  4 19:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8289]: pam_unix(cron:session): session closed for user root
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8284]: pam_unix(cron:session): session closed for user p13x
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: Successful su for rubyman by root
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: + ??? root:rubyman
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329346 of user rubyman.
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8356]: pam_unix(su:session): session closed for user rubyman
May  4 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329346.
May  4 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session closed for user root
May  4 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Failed password for root from 189.91.248.139 port 44461 ssh2
May  4 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session closed for user root
May  4 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Connection closed by 189.91.248.139 port 44461 [preauth]
May  4 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session closed for user samftp
May  4 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for root from 189.91.248.139 port 44681 ssh2
May  4 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Connection closed by 189.91.248.139 port 44681 [preauth]
May  4 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Invalid user ejbca from 27.112.78.170
May  4 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: input_userauth_request: invalid user ejbca [preauth]
May  4 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Failed password for invalid user ejbca from 27.112.78.170 port 40230 ssh2
May  4 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Received disconnect from 27.112.78.170 port 40230:11: Bye Bye [preauth]
May  4 19:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8583]: Disconnected from 27.112.78.170 port 40230 [preauth]
May  4 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Invalid user dima from 140.249.188.255
May  4 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: input_userauth_request: invalid user dima [preauth]
May  4 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 19:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Failed password for root from 189.91.248.139 port 44875 ssh2
May  4 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8585]: Connection closed by 189.91.248.139 port 44875 [preauth]
May  4 19:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Failed password for invalid user dima from 140.249.188.255 port 33060 ssh2
May  4 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Received disconnect from 140.249.188.255 port 33060:11: Bye Bye [preauth]
May  4 19:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8588]: Disconnected from 140.249.188.255 port 33060 [preauth]
May  4 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: Failed password for root from 189.91.248.139 port 45087 ssh2
May  4 19:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8600]: Connection closed by 189.91.248.139 port 45087 [preauth]
May  4 19:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: Failed password for root from 189.91.248.139 port 45277 ssh2
May  4 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: Connection closed by 189.91.248.139 port 45277 [preauth]
May  4 19:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Failed password for root from 189.91.248.139 port 45477 ssh2
May  4 19:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Connection closed by 189.91.248.139 port 45477 [preauth]
May  4 19:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Failed password for root from 189.91.248.139 port 45669 ssh2
May  4 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8638]: Connection closed by 189.91.248.139 port 45669 [preauth]
May  4 19:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Failed password for root from 189.91.248.139 port 45889 ssh2
May  4 19:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Connection closed by 189.91.248.139 port 45889 [preauth]
May  4 19:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7163]: pam_unix(cron:session): session closed for user root
May  4 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Failed password for root from 189.91.248.139 port 46099 ssh2
May  4 19:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8665]: Connection closed by 189.91.248.139 port 46099 [preauth]
May  4 19:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Failed password for root from 189.91.248.139 port 46303 ssh2
May  4 19:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8702]: Connection closed by 189.91.248.139 port 46303 [preauth]
May  4 19:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Failed password for root from 189.91.248.139 port 46505 ssh2
May  4 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Connection closed by 189.91.248.139 port 46505 [preauth]
May  4 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Failed password for root from 189.91.248.139 port 46709 ssh2
May  4 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Connection closed by 189.91.248.139 port 46709 [preauth]
May  4 19:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Failed password for root from 189.91.248.139 port 46937 ssh2
May  4 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Connection closed by 189.91.248.139 port 46937 [preauth]
May  4 19:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: Failed password for root from 189.91.248.139 port 47123 ssh2
May  4 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: Connection closed by 189.91.248.139 port 47123 [preauth]
May  4 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Failed password for root from 189.91.248.139 port 47321 ssh2
May  4 19:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Connection closed by 189.91.248.139 port 47321 [preauth]
May  4 19:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for root from 189.91.248.139 port 47529 ssh2
May  4 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Connection closed by 189.91.248.139 port 47529 [preauth]
May  4 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8782]: pam_unix(cron:session): session closed for user p13x
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: Successful su for rubyman by root
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: + ??? root:rubyman
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329354 of user rubyman.
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8853]: pam_unix(su:session): session closed for user rubyman
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329354.
May  4 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: Failed password for root from 189.91.248.139 port 47747 ssh2
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: Connection closed by 189.91.248.139 port 47747 [preauth]
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Invalid user data from 107.189.29.175
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: input_userauth_request: invalid user data [preauth]
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user root
May  4 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Failed password for invalid user data from 107.189.29.175 port 48712 ssh2
May  4 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Received disconnect from 107.189.29.175 port 48712:11: Bye Bye [preauth]
May  4 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Disconnected from 107.189.29.175 port 48712 [preauth]
May  4 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8783]: pam_unix(cron:session): session closed for user samftp
May  4 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: Failed password for root from 189.91.248.139 port 47929 ssh2
May  4 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8932]: Connection closed by 189.91.248.139 port 47929 [preauth]
May  4 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Failed password for root from 189.91.248.139 port 48141 ssh2
May  4 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Connection closed by 189.91.248.139 port 48141 [preauth]
May  4 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Failed password for root from 189.91.248.139 port 48369 ssh2
May  4 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9058]: Connection closed by 189.91.248.139 port 48369 [preauth]
May  4 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Failed password for root from 189.91.248.139 port 48559 ssh2
May  4 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9073]: Connection closed by 189.91.248.139 port 48559 [preauth]
May  4 19:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Failed password for root from 189.91.248.139 port 48791 ssh2
May  4 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9084]: Connection closed by 189.91.248.139 port 48791 [preauth]
May  4 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: Failed password for root from 189.91.248.139 port 49023 ssh2
May  4 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9095]: Connection closed by 189.91.248.139 port 49023 [preauth]
May  4 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Failed password for root from 189.91.248.139 port 49223 ssh2
May  4 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9109]: Connection closed by 189.91.248.139 port 49223 [preauth]
May  4 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Failed password for root from 189.91.248.139 port 49441 ssh2
May  4 19:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Connection closed by 189.91.248.139 port 49441 [preauth]
May  4 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session closed for user root
May  4 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9221]: Failed password for root from 189.91.248.139 port 49655 ssh2
May  4 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9221]: Connection closed by 189.91.248.139 port 49655 [preauth]
May  4 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for root from 189.91.248.139 port 49885 ssh2
May  4 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Connection closed by 189.91.248.139 port 49885 [preauth]
May  4 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for root from 189.91.248.139 port 50089 ssh2
May  4 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Connection closed by 189.91.248.139 port 50089 [preauth]
May  4 19:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 189.91.248.139 port 50303 ssh2
May  4 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 189.91.248.139 port 50303 [preauth]
May  4 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Failed password for root from 189.91.248.139 port 50513 ssh2
May  4 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Connection closed by 189.91.248.139 port 50513 [preauth]
May  4 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: Failed password for root from 189.91.248.139 port 50721 ssh2
May  4 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: Connection closed by 189.91.248.139 port 50721 [preauth]
May  4 19:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Failed password for root from 189.91.248.139 port 50921 ssh2
May  4 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9333]: Connection closed by 189.91.248.139 port 50921 [preauth]
May  4 19:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for root from 189.91.248.139 port 51151 ssh2
May  4 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Connection closed by 189.91.248.139 port 51151 [preauth]
May  4 19:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session closed for user p13x
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9415]: Successful su for rubyman by root
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9415]: + ??? root:rubyman
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329356 of user rubyman.
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9415]: pam_unix(su:session): session closed for user rubyman
May  4 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329356.
May  4 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for root from 189.91.248.139 port 51379 ssh2
May  4 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Connection closed by 189.91.248.139 port 51379 [preauth]
May  4 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6178]: pam_unix(cron:session): session closed for user root
May  4 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session closed for user samftp
May  4 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Failed password for root from 189.91.248.139 port 51571 ssh2
May  4 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Connection closed by 189.91.248.139 port 51571 [preauth]
May  4 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Failed password for root from 189.91.248.139 port 51833 ssh2
May  4 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9597]: Connection closed by 189.91.248.139 port 51833 [preauth]
May  4 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Failed password for root from 189.91.248.139 port 52057 ssh2
May  4 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Connection closed by 189.91.248.139 port 52057 [preauth]
May  4 19:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Failed password for root from 189.91.248.139 port 52277 ssh2
May  4 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9631]: Connection closed by 189.91.248.139 port 52277 [preauth]
May  4 19:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Failed password for root from 189.91.248.139 port 52543 ssh2
May  4 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Connection closed by 189.91.248.139 port 52543 [preauth]
May  4 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Failed password for root from 189.91.248.139 port 52753 ssh2
May  4 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9645]: Connection closed by 189.91.248.139 port 52753 [preauth]
May  4 19:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: Failed password for root from 189.91.248.139 port 52945 ssh2
May  4 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: Connection closed by 189.91.248.139 port 52945 [preauth]
May  4 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9672]: Failed password for root from 189.91.248.139 port 53183 ssh2
May  4 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9672]: Connection closed by 189.91.248.139 port 53183 [preauth]
May  4 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112  user=root
May  4 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8288]: pam_unix(cron:session): session closed for user root
May  4 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Failed password for root from 45.95.233.112 port 58452 ssh2
May  4 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Received disconnect from 45.95.233.112 port 58452:11: Bye Bye [preauth]
May  4 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Disconnected from 45.95.233.112 port 58452 [preauth]
May  4 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Failed password for root from 189.91.248.139 port 53375 ssh2
May  4 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Connection closed by 189.91.248.139 port 53375 [preauth]
May  4 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Failed password for root from 189.91.248.139 port 53569 ssh2
May  4 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Connection closed by 189.91.248.139 port 53569 [preauth]
May  4 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for root from 218.92.0.201 port 58546 ssh2
May  4 19:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for root from 189.91.248.139 port 53791 ssh2
May  4 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for root from 218.92.0.201 port 58546 ssh2
May  4 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Connection closed by 189.91.248.139 port 53791 [preauth]
May  4 19:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for root from 218.92.0.201 port 58546 ssh2
May  4 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Failed password for root from 189.91.248.139 port 53965 ssh2
May  4 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Connection closed by 189.91.248.139 port 53965 [preauth]
May  4 19:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for root from 218.92.0.201 port 58546 ssh2
May  4 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: Failed password for root from 189.91.248.139 port 54189 ssh2
May  4 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: Connection closed by 189.91.248.139 port 54189 [preauth]
May  4 19:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for root from 218.92.0.201 port 58546 ssh2
May  4 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 58546 ssh2 [preauth]
May  4 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Disconnecting: Too many authentication failures [preauth]
May  4 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 19:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 19:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: Failed password for root from 189.91.248.139 port 54379 ssh2
May  4 19:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9765]: Connection closed by 189.91.248.139 port 54379 [preauth]
May  4 19:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9777]: Failed password for root from 189.91.248.139 port 54595 ssh2
May  4 19:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9777]: Connection closed by 189.91.248.139 port 54595 [preauth]
May  4 19:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: Invalid user abc from 130.195.4.218
May  4 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: input_userauth_request: invalid user abc [preauth]
May  4 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9779]: Failed password for root from 189.91.248.139 port 54797 ssh2
May  4 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9779]: Connection closed by 189.91.248.139 port 54797 [preauth]
May  4 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.4.218
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9790]: Failed password for root from 189.91.248.139 port 54999 ssh2
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user p13x
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9790]: Connection closed by 189.91.248.139 port 54999 [preauth]
May  4 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9763]: Failed password for invalid user abc from 130.195.4.218 port 56820 ssh2
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: Successful su for rubyman by root
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: + ??? root:rubyman
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329360 of user rubyman.
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9862]: pam_unix(su:session): session closed for user rubyman
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329360.
May  4 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session closed for user root
May  4 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Failed password for root from 189.91.248.139 port 55213 ssh2
May  4 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: Connection closed by 189.91.248.139 port 55213 [preauth]
May  4 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user samftp
May  4 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: Failed password for root from 218.92.0.201 port 36212 ssh2
May  4 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: Failed password for root from 189.91.248.139 port 55425 ssh2
May  4 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10042]: Connection closed by 189.91.248.139 port 55425 [preauth]
May  4 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: Failed password for root from 218.92.0.201 port 36212 ssh2
May  4 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: Failed password for root from 189.91.248.139 port 55645 ssh2
May  4 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: Connection closed by 189.91.248.139 port 55645 [preauth]
May  4 19:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: Failed password for root from 218.92.0.201 port 36212 ssh2
May  4 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for root from 189.91.248.139 port 55845 ssh2
May  4 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection closed by 189.91.248.139 port 55845 [preauth]
May  4 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: Failed password for root from 218.92.0.201 port 36212 ssh2
May  4 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Failed password for root from 189.91.248.139 port 56073 ssh2
May  4 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Connection closed by 189.91.248.139 port 56073 [preauth]
May  4 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10029]: Failed password for root from 218.92.0.201 port 36212 ssh2
May  4 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Failed password for root from 189.91.248.139 port 56265 ssh2
May  4 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Connection closed by 189.91.248.139 port 56265 [preauth]
May  4 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: Failed password for root from 189.91.248.139 port 56465 ssh2
May  4 19:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10104]: Connection closed by 189.91.248.139 port 56465 [preauth]
May  4 19:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Failed password for root from 189.91.248.139 port 56681 ssh2
May  4 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10118]: Connection closed by 189.91.248.139 port 56681 [preauth]
May  4 19:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: Failed password for root from 189.91.248.139 port 56883 ssh2
May  4 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session closed for user root
May  4 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10128]: Connection closed by 189.91.248.139 port 56883 [preauth]
May  4 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for root from 189.91.248.139 port 57085 ssh2
May  4 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Connection closed by 189.91.248.139 port 57085 [preauth]
May  4 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124  user=root
May  4 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Failed password for root from 145.239.89.124 port 56860 ssh2
May  4 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Received disconnect from 145.239.89.124 port 56860:11: Bye Bye [preauth]
May  4 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10160]: Disconnected from 145.239.89.124 port 56860 [preauth]
May  4 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for root from 189.91.248.139 port 57251 ssh2
May  4 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 189.91.248.139 port 57251 [preauth]
May  4 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: Failed password for root from 189.91.248.139 port 57499 ssh2
May  4 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: Connection closed by 189.91.248.139 port 57499 [preauth]
May  4 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Failed password for root from 189.91.248.139 port 57709 ssh2
May  4 19:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Connection closed by 189.91.248.139 port 57709 [preauth]
May  4 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Failed password for root from 189.91.248.139 port 57957 ssh2
May  4 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Connection closed by 189.91.248.139 port 57957 [preauth]
May  4 19:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Failed password for root from 189.91.248.139 port 58195 ssh2
May  4 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Connection closed by 189.91.248.139 port 58195 [preauth]
May  4 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: Invalid user testuser from 152.32.190.168
May  4 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: input_userauth_request: invalid user testuser [preauth]
May  4 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: Invalid user taibabi from 213.165.85.145
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: input_userauth_request: invalid user taibabi [preauth]
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: Failed password for invalid user testuser from 152.32.190.168 port 60372 ssh2
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: Received disconnect from 152.32.190.168 port 60372:11: Bye Bye [preauth]
May  4 19:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10305]: Disconnected from 152.32.190.168 port 60372 [preauth]
May  4 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Failed password for root from 189.91.248.139 port 58391 ssh2
May  4 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10307]: Connection closed by 189.91.248.139 port 58391 [preauth]
May  4 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: Failed password for invalid user taibabi from 213.165.85.145 port 55468 ssh2
May  4 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: Received disconnect from 213.165.85.145 port 55468:11: Bye Bye [preauth]
May  4 19:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: Disconnected from 213.165.85.145 port 55468 [preauth]
May  4 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10325]: pam_unix(cron:session): session closed for user p13x
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: Successful su for rubyman by root
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: + ??? root:rubyman
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329366 of user rubyman.
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: pam_unix(su:session): session closed for user rubyman
May  4 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329366.
May  4 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: Failed password for root from 189.91.248.139 port 58639 ssh2
May  4 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10322]: Connection closed by 189.91.248.139 port 58639 [preauth]
May  4 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7162]: pam_unix(cron:session): session closed for user root
May  4 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session closed for user samftp
May  4 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10511]: Failed password for root from 189.91.248.139 port 58837 ssh2
May  4 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10511]: Connection closed by 189.91.248.139 port 58837 [preauth]
May  4 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Failed password for root from 189.91.248.139 port 59069 ssh2
May  4 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10600]: Connection closed by 189.91.248.139 port 59069 [preauth]
May  4 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10614]: Failed password for root from 189.91.248.139 port 59299 ssh2
May  4 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10614]: Connection closed by 189.91.248.139 port 59299 [preauth]
May  4 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Failed password for root from 189.91.248.139 port 59457 ssh2
May  4 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Connection closed by 189.91.248.139 port 59457 [preauth]
May  4 19:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Failed password for root from 189.91.248.139 port 59677 ssh2
May  4 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Connection closed by 189.91.248.139 port 59677 [preauth]
May  4 19:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for root from 189.91.248.139 port 59881 ssh2
May  4 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Connection closed by 189.91.248.139 port 59881 [preauth]
May  4 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Failed password for root from 189.91.248.139 port 60065 ssh2
May  4 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Connection closed by 189.91.248.139 port 60065 [preauth]
May  4 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: Failed password for root from 189.91.248.139 port 60279 ssh2
May  4 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: Connection closed by 189.91.248.139 port 60279 [preauth]
May  4 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9356]: pam_unix(cron:session): session closed for user root
May  4 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Failed password for root from 189.91.248.139 port 60475 ssh2
May  4 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10741]: Connection closed by 189.91.248.139 port 60475 [preauth]
May  4 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: Failed password for root from 189.91.248.139 port 60689 ssh2
May  4 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: Connection closed by 189.91.248.139 port 60689 [preauth]
May  4 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Invalid user mamad from 177.182.181.8
May  4 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: input_userauth_request: invalid user mamad [preauth]
May  4 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Failed password for root from 189.91.248.139 port 60901 ssh2
May  4 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Connection closed by 189.91.248.139 port 60901 [preauth]
May  4 19:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Failed password for invalid user mamad from 177.182.181.8 port 37362 ssh2
May  4 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Received disconnect from 177.182.181.8 port 37362:11: Bye Bye [preauth]
May  4 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10780]: Disconnected from 177.182.181.8 port 37362 [preauth]
May  4 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Failed password for root from 189.91.248.139 port 61133 ssh2
May  4 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10791]: Connection closed by 189.91.248.139 port 61133 [preauth]
May  4 19:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Failed password for root from 189.91.248.139 port 61365 ssh2
May  4 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Connection closed by 189.91.248.139 port 61365 [preauth]
May  4 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 189.91.248.139 port 61573 ssh2
May  4 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 189.91.248.139 port 61573 [preauth]
May  4 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Failed password for root from 189.91.248.139 port 61781 ssh2
May  4 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10826]: Connection closed by 189.91.248.139 port 61781 [preauth]
May  4 19:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: Failed password for root from 189.91.248.139 port 61995 ssh2
May  4 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10837]: Connection closed by 189.91.248.139 port 61995 [preauth]
May  4 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session closed for user p13x
May  4 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: Successful su for rubyman by root
May  4 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: + ??? root:rubyman
May  4 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329368 of user rubyman.
May  4 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: pam_unix(su:session): session closed for user rubyman
May  4 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329368.
May  4 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Failed password for root from 189.91.248.139 port 62199 ssh2
May  4 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10840]: Connection closed by 189.91.248.139 port 62199 [preauth]
May  4 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user root
May  4 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session closed for user root
May  4 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session closed for user samftp
May  4 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Failed password for root from 189.91.248.139 port 62405 ssh2
May  4 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Connection closed by 189.91.248.139 port 62405 [preauth]
May  4 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Failed password for root from 189.91.248.139 port 62607 ssh2
May  4 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Connection closed by 189.91.248.139 port 62607 [preauth]
May  4 19:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Failed password for root from 189.91.248.139 port 62807 ssh2
May  4 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255  user=root
May  4 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11127]: Connection closed by 189.91.248.139 port 62807 [preauth]
May  4 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: Failed password for root from 140.249.188.255 port 33410 ssh2
May  4 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: Received disconnect from 140.249.188.255 port 33410:11: Bye Bye [preauth]
May  4 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11147]: Disconnected from 140.249.188.255 port 33410 [preauth]
May  4 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Failed password for root from 189.91.248.139 port 62995 ssh2
May  4 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Connection closed by 189.91.248.139 port 62995 [preauth]
May  4 19:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Failed password for root from 189.91.248.139 port 63157 ssh2
May  4 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Connection closed by 189.91.248.139 port 63157 [preauth]
May  4 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Failed password for root from 189.91.248.139 port 63339 ssh2
May  4 19:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Connection closed by 189.91.248.139 port 63339 [preauth]
May  4 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for root from 189.91.248.139 port 63537 ssh2
May  4 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Connection closed by 189.91.248.139 port 63537 [preauth]
May  4 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 19:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Failed password for root from 107.189.29.175 port 55014 ssh2
May  4 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Received disconnect from 107.189.29.175 port 55014:11: Bye Bye [preauth]
May  4 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11195]: Disconnected from 107.189.29.175 port 55014 [preauth]
May  4 19:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Failed password for root from 189.91.248.139 port 63725 ssh2
May  4 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Connection closed by 189.91.248.139 port 63725 [preauth]
May  4 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session closed for user root
May  4 19:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Failed password for root from 189.91.248.139 port 63921 ssh2
May  4 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Connection closed by 189.91.248.139 port 63921 [preauth]
May  4 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Failed password for root from 189.91.248.139 port 64091 ssh2
May  4 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Connection closed by 189.91.248.139 port 64091 [preauth]
May  4 19:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Failed password for root from 189.91.248.139 port 64307 ssh2
May  4 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Connection closed by 189.91.248.139 port 64307 [preauth]
May  4 19:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: Failed password for root from 189.91.248.139 port 64505 ssh2
May  4 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11263]: Connection closed by 189.91.248.139 port 64505 [preauth]
May  4 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for root from 189.91.248.139 port 64693 ssh2
May  4 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 189.91.248.139 port 64693 [preauth]
May  4 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Invalid user testemail from 176.31.162.135
May  4 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: input_userauth_request: invalid user testemail [preauth]
May  4 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 19:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Failed password for invalid user testemail from 176.31.162.135 port 57430 ssh2
May  4 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Connection closed by 176.31.162.135 port 57430 [preauth]
May  4 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for root from 189.91.248.139 port 64907 ssh2
May  4 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 189.91.248.139 port 64907 [preauth]
May  4 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Failed password for root from 189.91.248.139 port 65119 ssh2
May  4 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Connection closed by 189.91.248.139 port 65119 [preauth]
May  4 19:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user p13x
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Failed password for root from 189.91.248.139 port 65317 ssh2
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: Successful su for rubyman by root
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: + ??? root:rubyman
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329374 of user rubyman.
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: pam_unix(su:session): session closed for user rubyman
May  4 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329374.
May  4 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Connection closed by 189.91.248.139 port 65317 [preauth]
May  4 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Invalid user people from 27.112.78.170
May  4 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: input_userauth_request: invalid user people [preauth]
May  4 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session closed for user root
May  4 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user samftp
May  4 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Failed password for root from 189.91.248.139 port 9022 ssh2
May  4 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11407]: Connection closed by 189.91.248.139 port 9022 [preauth]
May  4 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Failed password for invalid user people from 27.112.78.170 port 40464 ssh2
May  4 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Received disconnect from 27.112.78.170 port 40464:11: Bye Bye [preauth]
May  4 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11439]: Disconnected from 27.112.78.170 port 40464 [preauth]
May  4 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Failed password for root from 189.91.248.139 port 9256 ssh2
May  4 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11572]: Connection closed by 189.91.248.139 port 9256 [preauth]
May  4 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Failed password for root from 189.91.248.139 port 9474 ssh2
May  4 19:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Connection closed by 189.91.248.139 port 9474 [preauth]
May  4 19:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Failed password for root from 189.91.248.139 port 9678 ssh2
May  4 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11588]: Connection closed by 189.91.248.139 port 9678 [preauth]
May  4 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Failed password for root from 189.91.248.139 port 9892 ssh2
May  4 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Connection closed by 189.91.248.139 port 9892 [preauth]
May  4 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Failed password for root from 189.91.248.139 port 10114 ssh2
May  4 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Connection closed by 189.91.248.139 port 10114 [preauth]
May  4 19:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: Failed password for root from 189.91.248.139 port 10328 ssh2
May  4 19:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11634]: Connection closed by 189.91.248.139 port 10328 [preauth]
May  4 19:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Failed password for root from 189.91.248.139 port 10546 ssh2
May  4 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Connection closed by 189.91.248.139 port 10546 [preauth]
May  4 19:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session closed for user root
May  4 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Failed password for root from 189.91.248.139 port 10742 ssh2
May  4 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 189.91.248.139 port 10742 [preauth]
May  4 19:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11675]: Failed password for root from 189.91.248.139 port 10932 ssh2
May  4 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11675]: Connection closed by 189.91.248.139 port 10932 [preauth]
May  4 19:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for root from 189.91.248.139 port 11162 ssh2
May  4 19:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Connection closed by 189.91.248.139 port 11162 [preauth]
May  4 19:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Failed password for root from 189.91.248.139 port 11368 ssh2
May  4 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Connection closed by 189.91.248.139 port 11368 [preauth]
May  4 19:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11711]: Failed password for root from 189.91.248.139 port 11574 ssh2
May  4 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11711]: Connection closed by 189.91.248.139 port 11574 [preauth]
May  4 19:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Failed password for root from 189.91.248.139 port 11782 ssh2
May  4 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11724]: Connection closed by 189.91.248.139 port 11782 [preauth]
May  4 19:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: Failed password for root from 189.91.248.139 port 11982 ssh2
May  4 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11726]: Connection closed by 189.91.248.139 port 11982 [preauth]
May  4 19:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Failed password for root from 189.91.248.139 port 12180 ssh2
May  4 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Connection closed by 189.91.248.139 port 12180 [preauth]
May  4 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Invalid user star from 45.95.233.112
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: input_userauth_request: invalid user star [preauth]
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11751]: pam_unix(cron:session): session closed for user p13x
May  4 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: Successful su for rubyman by root
May  4 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: + ??? root:rubyman
May  4 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329379 of user rubyman.
May  4 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11814]: pam_unix(su:session): session closed for user rubyman
May  4 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329379.
May  4 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Failed password for invalid user star from 45.95.233.112 port 33758 ssh2
May  4 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Received disconnect from 45.95.233.112 port 33758:11: Bye Bye [preauth]
May  4 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11746]: Disconnected from 45.95.233.112 port 33758 [preauth]
May  4 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Failed password for root from 189.91.248.139 port 12428 ssh2
May  4 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: Connection closed by 189.91.248.139 port 12428 [preauth]
May  4 19:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8784]: pam_unix(cron:session): session closed for user root
May  4 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11752]: pam_unix(cron:session): session closed for user samftp
May  4 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Failed password for root from 189.91.248.139 port 12630 ssh2
May  4 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11966]: Connection closed by 189.91.248.139 port 12630 [preauth]
May  4 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: Failed password for root from 189.91.248.139 port 12844 ssh2
May  4 19:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11994]: Connection closed by 189.91.248.139 port 12844 [preauth]
May  4 19:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for root from 189.91.248.139 port 13058 ssh2
May  4 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Connection closed by 189.91.248.139 port 13058 [preauth]
May  4 19:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Failed password for root from 189.91.248.139 port 13276 ssh2
May  4 19:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12026]: Connection closed by 189.91.248.139 port 13276 [preauth]
May  4 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Failed password for root from 189.91.248.139 port 13480 ssh2
May  4 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12028]: Connection closed by 189.91.248.139 port 13480 [preauth]
May  4 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Failed password for root from 189.91.248.139 port 13716 ssh2
May  4 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12038]: Connection closed by 189.91.248.139 port 13716 [preauth]
May  4 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Failed password for root from 189.91.248.139 port 13944 ssh2
May  4 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12061]: Connection closed by 189.91.248.139 port 13944 [preauth]
May  4 19:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Failed password for root from 189.91.248.139 port 14160 ssh2
May  4 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12063]: Connection closed by 189.91.248.139 port 14160 [preauth]
May  4 19:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user root
May  4 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Failed password for root from 189.91.248.139 port 14354 ssh2
May  4 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12073]: Connection closed by 189.91.248.139 port 14354 [preauth]
May  4 19:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Failed password for root from 189.91.248.139 port 14566 ssh2
May  4 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12105]: Connection closed by 189.91.248.139 port 14566 [preauth]
May  4 19:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12107]: Failed password for root from 189.91.248.139 port 14780 ssh2
May  4 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12107]: Connection closed by 189.91.248.139 port 14780 [preauth]
May  4 19:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12119]: Failed password for root from 189.91.248.139 port 14950 ssh2
May  4 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Invalid user vagrant from 164.68.105.9
May  4 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: input_userauth_request: invalid user vagrant [preauth]
May  4 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 19:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12119]: Connection closed by 189.91.248.139 port 14950 [preauth]
May  4 19:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Failed password for invalid user vagrant from 164.68.105.9 port 49280 ssh2
May  4 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Connection closed by 164.68.105.9 port 49280 [preauth]
May  4 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for root from 189.91.248.139 port 15192 ssh2
May  4 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Connection closed by 189.91.248.139 port 15192 [preauth]
May  4 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Failed password for root from 189.91.248.139 port 15398 ssh2
May  4 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Connection closed by 189.91.248.139 port 15398 [preauth]
May  4 19:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Invalid user e from 130.195.4.229
May  4 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: input_userauth_request: invalid user e [preauth]
May  4 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: Failed password for root from 189.91.248.139 port 15584 ssh2
May  4 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12156]: Connection closed by 189.91.248.139 port 15584 [preauth]
May  4 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.4.229
May  4 19:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Failed password for root from 189.91.248.139 port 15810 ssh2
May  4 19:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Connection closed by 189.91.248.139 port 15810 [preauth]
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user p13x
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Failed password for invalid user e from 130.195.4.229 port 51708 ssh2
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12236]: Successful su for rubyman by root
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12236]: + ??? root:rubyman
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329382 of user rubyman.
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12236]: pam_unix(su:session): session closed for user rubyman
May  4 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329382.
May  4 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9353]: pam_unix(cron:session): session closed for user root
May  4 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: Failed password for root from 189.91.248.139 port 16020 ssh2
May  4 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12170]: Connection closed by 189.91.248.139 port 16020 [preauth]
May  4 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12174]: pam_unix(cron:session): session closed for user samftp
May  4 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Failed password for root from 189.91.248.139 port 17016 ssh2
May  4 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12421]: Connection closed by 189.91.248.139 port 17016 [preauth]
May  4 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12158]: Connection closed by 130.195.4.229 port 51708 [preauth]
May  4 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Invalid user factorio from 145.239.89.124
May  4 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: input_userauth_request: invalid user factorio [preauth]
May  4 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Failed password for root from 189.91.248.139 port 19090 ssh2
May  4 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Failed password for invalid user factorio from 145.239.89.124 port 51410 ssh2
May  4 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Received disconnect from 145.239.89.124 port 51410:11: Bye Bye [preauth]
May  4 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Disconnected from 145.239.89.124 port 51410 [preauth]
May  4 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12441]: Connection closed by 189.91.248.139 port 19090 [preauth]
May  4 19:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Failed password for root from 189.91.248.139 port 20798 ssh2
May  4 19:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12466]: Connection closed by 189.91.248.139 port 20798 [preauth]
May  4 19:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Failed password for root from 189.91.248.139 port 23116 ssh2
May  4 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12476]: Connection closed by 189.91.248.139 port 23116 [preauth]
May  4 19:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Failed password for root from 189.91.248.139 port 24410 ssh2
May  4 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12499]: Connection closed by 189.91.248.139 port 24410 [preauth]
May  4 19:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Failed password for root from 189.91.248.139 port 25518 ssh2
May  4 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user root
May  4 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12501]: Connection closed by 189.91.248.139 port 25518 [preauth]
May  4 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Failed password for root from 189.91.248.139 port 26830 ssh2
May  4 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Connection closed by 189.91.248.139 port 26830 [preauth]
May  4 19:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Failed password for root from 189.91.248.139 port 28016 ssh2
May  4 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Connection closed by 189.91.248.139 port 28016 [preauth]
May  4 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Failed password for root from 189.91.248.139 port 29214 ssh2
May  4 19:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: Connection closed by 189.91.248.139 port 29214 [preauth]
May  4 19:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Failed password for root from 189.91.248.139 port 30588 ssh2
May  4 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Connection closed by 189.91.248.139 port 30588 [preauth]
May  4 19:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: Failed password for root from 189.91.248.139 port 31322 ssh2
May  4 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12586]: Connection closed by 189.91.248.139 port 31322 [preauth]
May  4 19:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12610]: pam_unix(cron:session): session closed for user p13x
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: Successful su for rubyman by root
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: + ??? root:rubyman
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329386 of user rubyman.
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: pam_unix(su:session): session closed for user rubyman
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329386.
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Invalid user odoo17 from 213.165.85.145
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: input_userauth_request: invalid user odoo17 [preauth]
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Failed password for root from 189.91.248.139 port 33410 ssh2
May  4 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Failed password for invalid user odoo17 from 213.165.85.145 port 53730 ssh2
May  4 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Received disconnect from 213.165.85.145 port 53730:11: Bye Bye [preauth]
May  4 19:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12606]: Disconnected from 213.165.85.145 port 53730 [preauth]
May  4 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
May  4 19:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12611]: pam_unix(cron:session): session closed for user samftp
May  4 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12597]: Connection closed by 189.91.248.139 port 33410 [preauth]
May  4 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Failed password for root from 189.91.248.139 port 35094 ssh2
May  4 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Invalid user sky from 152.32.190.168
May  4 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: input_userauth_request: invalid user sky [preauth]
May  4 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user sky from 152.32.190.168 port 54390 ssh2
May  4 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Received disconnect from 152.32.190.168 port 54390:11: Bye Bye [preauth]
May  4 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Disconnected from 152.32.190.168 port 54390 [preauth]
May  4 19:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12849]: Connection closed by 189.91.248.139 port 35094 [preauth]
May  4 19:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12874]: Failed password for root from 189.91.248.139 port 37648 ssh2
May  4 19:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12874]: Connection closed by 189.91.248.139 port 37648 [preauth]
May  4 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Failed password for root from 189.91.248.139 port 41888 ssh2
May  4 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11754]: pam_unix(cron:session): session closed for user root
May  4 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12913]: Connection closed by 189.91.248.139 port 41888 [preauth]
May  4 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Failed password for root from 189.91.248.139 port 43346 ssh2
May  4 19:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12943]: Connection closed by 189.91.248.139 port 43346 [preauth]
May  4 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Invalid user pranali from 118.26.39.187
May  4 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: input_userauth_request: invalid user pranali [preauth]
May  4 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 19:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Failed password for invalid user pranali from 118.26.39.187 port 57666 ssh2
May  4 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Received disconnect from 118.26.39.187 port 57666:11: Bye Bye [preauth]
May  4 19:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12974]: Disconnected from 118.26.39.187 port 57666 [preauth]
May  4 19:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Failed password for root from 107.189.29.175 port 33082 ssh2
May  4 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Received disconnect from 107.189.29.175 port 33082:11: Bye Bye [preauth]
May  4 19:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Disconnected from 107.189.29.175 port 33082 [preauth]
May  4 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Did not receive identification string from 189.91.248.139
May  4 19:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: Failed password for root from 189.91.248.139 port 48224 ssh2
May  4 19:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: Connection closed by 189.91.248.139 port 48224 [preauth]
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user root
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13012]: pam_unix(cron:session): session closed for user p13x
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13087]: Successful su for rubyman by root
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13087]: + ??? root:rubyman
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329395 of user rubyman.
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13087]: pam_unix(su:session): session closed for user rubyman
May  4 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329395.
May  4 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Invalid user ms from 140.249.188.255
May  4 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: input_userauth_request: invalid user ms [preauth]
May  4 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.249.188.255
May  4 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session closed for user root
May  4 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session closed for user root
May  4 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Failed password for invalid user ms from 140.249.188.255 port 33758 ssh2
May  4 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Received disconnect from 140.249.188.255 port 33758:11: Bye Bye [preauth]
May  4 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Disconnected from 140.249.188.255 port 33758 [preauth]
May  4 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13013]: pam_unix(cron:session): session closed for user samftp
May  4 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Failed password for root from 189.91.248.139 port 50288 ssh2
May  4 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Failed password for root from 189.91.248.139 port 55316 ssh2
May  4 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13359]: Connection closed by 189.91.248.139 port 55316 [preauth]
May  4 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session closed for user root
May  4 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for root from 189.91.248.139 port 57598 ssh2
May  4 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8  user=root
May  4 19:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Failed password for root from 177.182.181.8 port 57404 ssh2
May  4 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Connection closed by 189.91.248.139 port 57598 [preauth]
May  4 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Received disconnect from 177.182.181.8 port 57404:11: Bye Bye [preauth]
May  4 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13400]: Disconnected from 177.182.181.8 port 57404 [preauth]
May  4 19:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for root from 189.91.248.139 port 59262 ssh2
May  4 19:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 189.91.248.139 port 59262 [preauth]
May  4 19:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Failed password for root from 189.91.248.139 port 61972 ssh2
May  4 19:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Connection closed by 189.91.248.139 port 61972 [preauth]
May  4 19:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user p13x
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: Successful su for rubyman by root
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: + ??? root:rubyman
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329396 of user rubyman.
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: pam_unix(su:session): session closed for user rubyman
May  4 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329396.
May  4 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for root from 189.91.248.139 port 64514 ssh2
May  4 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user root
May  4 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Connection closed by 189.91.248.139 port 64514 [preauth]
May  4 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user samftp
May  4 19:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Failed password for root from 189.91.248.139 port 9131 ssh2
May  4 19:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13818]: Connection closed by 189.91.248.139 port 9131 [preauth]
May  4 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Invalid user sky from 45.95.233.112
May  4 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: input_userauth_request: invalid user sky [preauth]
May  4 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Failed password for invalid user sky from 45.95.233.112 port 46558 ssh2
May  4 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Received disconnect from 45.95.233.112 port 46558:11: Bye Bye [preauth]
May  4 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Disconnected from 45.95.233.112 port 46558 [preauth]
May  4 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13859]: Failed password for root from 189.91.248.139 port 12985 ssh2
May  4 19:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13859]: Connection closed by 189.91.248.139 port 12985 [preauth]
May  4 19:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for root from 189.91.248.139 port 14447 ssh2
May  4 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Connection closed by 189.91.248.139 port 14447 [preauth]
May  4 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12613]: pam_unix(cron:session): session closed for user root
May  4 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Failed password for root from 189.91.248.139 port 16591 ssh2
May  4 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Connection closed by 189.91.248.139 port 16591 [preauth]
May  4 19:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Failed password for root from 189.91.248.139 port 18909 ssh2
May  4 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13936]: Connection closed by 189.91.248.139 port 18909 [preauth]
May  4 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Invalid user teamspeak from 27.112.78.170
May  4 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: input_userauth_request: invalid user teamspeak [preauth]
May  4 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Failed password for invalid user teamspeak from 27.112.78.170 port 43548 ssh2
May  4 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Received disconnect from 27.112.78.170 port 43548:11: Bye Bye [preauth]
May  4 19:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13959]: Disconnected from 27.112.78.170 port 43548 [preauth]
May  4 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13970]: Failed password for root from 189.91.248.139 port 21387 ssh2
May  4 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13992]: pam_unix(cron:session): session closed for user p13x
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14056]: Successful su for rubyman by root
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14056]: + ??? root:rubyman
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329402 of user rubyman.
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14056]: pam_unix(su:session): session closed for user rubyman
May  4 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329402.
May  4 19:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user root
May  4 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13980]: Failed password for root from 189.91.248.139 port 22617 ssh2
May  4 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13993]: pam_unix(cron:session): session closed for user samftp
May  4 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Failed password for root from 189.91.248.139 port 26113 ssh2
May  4 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14238]: Connection closed by 189.91.248.139 port 26113 [preauth]
May  4 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: Failed password for root from 189.91.248.139 port 27369 ssh2
May  4 19:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14272]: Connection closed by 189.91.248.139 port 27369 [preauth]
May  4 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user root
May  4 19:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Failed password for root from 189.91.248.139 port 28839 ssh2
May  4 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14304]: Connection closed by 189.91.248.139 port 28839 [preauth]
May  4 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Invalid user taibabi from 145.239.89.124
May  4 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: input_userauth_request: invalid user taibabi [preauth]
May  4 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Failed password for root from 189.91.248.139 port 33209 ssh2
May  4 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user taibabi from 145.239.89.124 port 60796 ssh2
May  4 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Received disconnect from 145.239.89.124 port 60796:11: Bye Bye [preauth]
May  4 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Disconnected from 145.239.89.124 port 60796 [preauth]
May  4 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14344]: Connection closed by 189.91.248.139 port 33209 [preauth]
May  4 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14400]: pam_unix(cron:session): session closed for user p13x
May  4 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: Successful su for rubyman by root
May  4 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: + ??? root:rubyman
May  4 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329404 of user rubyman.
May  4 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14460]: pam_unix(su:session): session closed for user rubyman
May  4 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329404.
May  4 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11753]: pam_unix(cron:session): session closed for user root
May  4 19:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session closed for user samftp
May  4 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Failed password for root from 189.91.248.139 port 35657 ssh2
May  4 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Connection closed by 189.91.248.139 port 35657 [preauth]
May  4 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for root from 189.91.248.139 port 38979 ssh2
May  4 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Connection closed by 189.91.248.139 port 38979 [preauth]
May  4 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Failed password for root from 189.91.248.139 port 40439 ssh2
May  4 19:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Connection closed by 189.91.248.139 port 40439 [preauth]
May  4 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session closed for user root
May  4 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Failed password for root from 189.91.248.139 port 42163 ssh2
May  4 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14700]: Connection closed by 189.91.248.139 port 42163 [preauth]
May  4 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Failed password for root from 189.91.248.139 port 46225 ssh2
May  4 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Connection closed by 189.91.248.139 port 46225 [preauth]
May  4 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Did not receive identification string from 189.91.248.139
May  4 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: Failed password for root from 189.91.248.139 port 48871 ssh2
May  4 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14793]: Connection closed by 189.91.248.139 port 48871 [preauth]
May  4 19:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Invalid user admin from 139.19.117.131
May  4 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: input_userauth_request: invalid user admin [preauth]
May  4 19:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Failed password for root from 189.91.248.139 port 49405 ssh2
May  4 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14804]: Connection closed by 189.91.248.139 port 49405 [preauth]
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14819]: pam_unix(cron:session): session closed for user p13x
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: Successful su for rubyman by root
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: + ??? root:rubyman
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329408 of user rubyman.
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14879]: pam_unix(su:session): session closed for user rubyman
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329408.
May  4 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12175]: pam_unix(cron:session): session closed for user root
May  4 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14820]: pam_unix(cron:session): session closed for user samftp
May  4 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: Failed password for root from 189.91.248.139 port 51593 ssh2
May  4 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Invalid user omm from 213.165.85.145
May  4 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: input_userauth_request: invalid user omm [preauth]
May  4 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14816]: Connection closed by 139.19.117.131 port 42676 [preauth]
May  4 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Failed password for invalid user omm from 213.165.85.145 port 52638 ssh2
May  4 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Received disconnect from 213.165.85.145 port 52638:11: Bye Bye [preauth]
May  4 19:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15073]: Disconnected from 213.165.85.145 port 52638 [preauth]
May  4 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: Connection closed by 189.91.248.139 port 51593 [preauth]
May  4 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Failed password for root from 189.91.248.139 port 53187 ssh2
May  4 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Connection closed by 189.91.248.139 port 53187 [preauth]
May  4 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: Failed password for root from 189.91.248.139 port 55433 ssh2
May  4 19:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Invalid user ubuntu from 107.189.29.175
May  4 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: input_userauth_request: invalid user ubuntu [preauth]
May  4 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Failed password for invalid user ubuntu from 107.189.29.175 port 39386 ssh2
May  4 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15115]: Connection closed by 189.91.248.139 port 55433 [preauth]
May  4 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Received disconnect from 107.189.29.175 port 39386:11: Bye Bye [preauth]
May  4 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Disconnected from 107.189.29.175 port 39386 [preauth]
May  4 19:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13995]: pam_unix(cron:session): session closed for user root
May  4 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: Failed password for root from 189.91.248.139 port 58719 ssh2
May  4 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15148]: Connection closed by 189.91.248.139 port 58719 [preauth]
May  4 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Failed password for root from 187.33.9.100 port 38616 ssh2
May  4 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Received disconnect from 187.33.9.100 port 38616:11: Bye Bye [preauth]
May  4 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Disconnected from 187.33.9.100 port 38616 [preauth]
May  4 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15150]: Connection closed by 152.32.190.168 port 48458 [preauth]
May  4 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Failed password for root from 189.91.248.139 port 59661 ssh2
May  4 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Connection closed by 189.91.248.139 port 59661 [preauth]
May  4 19:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Failed password for root from 189.91.248.139 port 61279 ssh2
May  4 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: Failed password for root from 189.91.248.139 port 63587 ssh2
May  4 19:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: Connection closed by 189.91.248.139 port 63587 [preauth]
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15252]: pam_unix(cron:session): session closed for user root
May  4 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15247]: pam_unix(cron:session): session closed for user p13x
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15317]: Successful su for rubyman by root
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15317]: + ??? root:rubyman
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329414 of user rubyman.
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15317]: pam_unix(su:session): session closed for user rubyman
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329414.
May  4 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15249]: pam_unix(cron:session): session closed for user root
May  4 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12612]: pam_unix(cron:session): session closed for user root
May  4 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Failed password for root from 189.91.248.139 port 65391 ssh2
May  4 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15248]: pam_unix(cron:session): session closed for user samftp
May  4 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Connection closed by 189.91.248.139 port 65391 [preauth]
May  4 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: Failed password for root from 189.91.248.139 port 10370 ssh2
May  4 19:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15523]: Connection closed by 189.91.248.139 port 10370 [preauth]
May  4 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15554]: Failed password for root from 189.91.248.139 port 13988 ssh2
May  4 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session closed for user root
May  4 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Failed password for root from 189.91.248.139 port 15478 ssh2
May  4 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15586]: Connection closed by 189.91.248.139 port 15478 [preauth]
May  4 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Invalid user test1 from 45.95.233.112
May  4 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: input_userauth_request: invalid user test1 [preauth]
May  4 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.95.233.112
May  4 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Failed password for invalid user test1 from 45.95.233.112 port 50946 ssh2
May  4 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Received disconnect from 45.95.233.112 port 50946:11: Bye Bye [preauth]
May  4 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15617]: Disconnected from 45.95.233.112 port 50946 [preauth]
May  4 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: Failed password for root from 189.91.248.139 port 19054 ssh2
May  4 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15627]: Connection closed by 189.91.248.139 port 19054 [preauth]
May  4 19:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Failed password for root from 189.91.248.139 port 19932 ssh2
May  4 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Connection closed by 189.91.248.139 port 19932 [preauth]
May  4 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15678]: pam_unix(cron:session): session closed for user p13x
May  4 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15750]: Successful su for rubyman by root
May  4 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15750]: + ??? root:rubyman
May  4 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329419 of user rubyman.
May  4 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15750]: pam_unix(su:session): session closed for user rubyman
May  4 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329419.
May  4 19:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Failed password for root from 189.91.248.139 port 23524 ssh2
May  4 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13015]: pam_unix(cron:session): session closed for user root
May  4 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15683]: pam_unix(cron:session): session closed for user samftp
May  4 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15675]: Connection closed by 189.91.248.139 port 23524 [preauth]
May  4 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: Failed password for root from 189.91.248.139 port 26162 ssh2
May  4 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: Connection closed by 189.91.248.139 port 26162 [preauth]
May  4 19:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Failed password for root from 189.91.248.139 port 28578 ssh2
May  4 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15977]: Connection closed by 189.91.248.139 port 28578 [preauth]
May  4 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session closed for user root
May  4 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: Failed password for root from 189.91.248.139 port 30044 ssh2
May  4 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16000]: Connection closed by 189.91.248.139 port 30044 [preauth]
May  4 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Invalid user ubuntu from 177.182.181.8
May  4 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: input_userauth_request: invalid user ubuntu [preauth]
May  4 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 19:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Failed password for invalid user ubuntu from 177.182.181.8 port 39746 ssh2
May  4 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Received disconnect from 177.182.181.8 port 39746:11: Bye Bye [preauth]
May  4 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16011]: Disconnected from 177.182.181.8 port 39746 [preauth]
May  4 19:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Failed password for root from 189.91.248.139 port 32272 ssh2
May  4 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16039]: Connection closed by 189.91.248.139 port 32272 [preauth]
May  4 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: Failed password for root from 189.91.248.139 port 34688 ssh2
May  4 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16092]: pam_unix(cron:session): session closed for user p13x
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: Successful su for rubyman by root
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: + ??? root:rubyman
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329423 of user rubyman.
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16152]: pam_unix(su:session): session closed for user rubyman
May  4 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329423.
May  4 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Failed password for root from 189.91.248.139 port 36060 ssh2
May  4 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13555]: pam_unix(cron:session): session closed for user root
May  4 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16071]: Connection closed by 189.91.248.139 port 36060 [preauth]
May  4 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session closed for user samftp
May  4 19:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Failed password for root from 189.91.248.139 port 39738 ssh2
May  4 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Connection closed by 189.91.248.139 port 39738 [preauth]
May  4 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: Invalid user sharing from 145.239.89.124
May  4 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: input_userauth_request: invalid user sharing [preauth]
May  4 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 19:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: Failed password for invalid user sharing from 145.239.89.124 port 34946 ssh2
May  4 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: Received disconnect from 145.239.89.124 port 34946:11: Bye Bye [preauth]
May  4 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16336]: Disconnected from 145.239.89.124 port 34946 [preauth]
May  4 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16358]: Failed password for root from 189.91.248.139 port 41828 ssh2
May  4 19:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Failed password for root from 189.91.248.139 port 43366 ssh2
May  4 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15251]: pam_unix(cron:session): session closed for user root
May  4 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for root from 189.91.248.139 port 47062 ssh2
May  4 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16368]: Connection closed by 189.91.248.139 port 43366 [preauth]
May  4 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Failed password for root from 189.91.248.139 port 48354 ssh2
May  4 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Connection closed by 189.91.248.139 port 48354 [preauth]
May  4 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Connection closed by 189.91.248.139 port 47062 [preauth]
May  4 19:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for root from 27.112.78.170 port 51956 ssh2
May  4 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Received disconnect from 27.112.78.170 port 51956:11: Bye Bye [preauth]
May  4 19:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Disconnected from 27.112.78.170 port 51956 [preauth]
May  4 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for root from 118.26.39.187 port 47942 ssh2
May  4 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Received disconnect from 118.26.39.187 port 47942:11: Bye Bye [preauth]
May  4 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Disconnected from 118.26.39.187 port 47942 [preauth]
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16527]: pam_unix(cron:session): session closed for user p13x
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16606]: Successful su for rubyman by root
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16606]: + ??? root:rubyman
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329426 of user rubyman.
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16606]: pam_unix(su:session): session closed for user rubyman
May  4 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329426.
May  4 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13994]: pam_unix(cron:session): session closed for user root
May  4 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 189.91.248.139 port 50042 ssh2
May  4 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session closed for user samftp
May  4 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Connection closed by 189.91.248.139 port 50042 [preauth]
May  4 19:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Failed password for root from 189.91.248.139 port 54076 ssh2
May  4 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16801]: Connection closed by 189.91.248.139 port 54076 [preauth]
May  4 19:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Failed password for root from 189.91.248.139 port 57716 ssh2
May  4 19:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16841]: Connection closed by 189.91.248.139 port 57716 [preauth]
May  4 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15685]: pam_unix(cron:session): session closed for user root
May  4 19:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for root from 189.91.248.139 port 60756 ssh2
May  4 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Connection closed by 189.91.248.139 port 60756 [preauth]
May  4 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16936]: Failed password for root from 189.91.248.139 port 63136 ssh2
May  4 19:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16968]: Failed password for root from 189.91.248.139 port 64882 ssh2
May  4 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for root from 218.92.0.201 port 44384 ssh2
May  4 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session closed for user p13x
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: Successful su for rubyman by root
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: + ??? root:rubyman
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329430 of user rubyman.
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17054]: pam_unix(su:session): session closed for user rubyman
May  4 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329430.
May  4 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: Failed password for root from 189.91.248.139 port 10351 ssh2
May  4 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for root from 218.92.0.201 port 44384 ssh2
May  4 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session closed for user root
May  4 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: Connection closed by 189.91.248.139 port 10351 [preauth]
May  4 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user samftp
May  4 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for root from 218.92.0.201 port 44384 ssh2
May  4 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for root from 107.189.29.175 port 45696 ssh2
May  4 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Received disconnect from 107.189.29.175 port 45696:11: Bye Bye [preauth]
May  4 19:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Disconnected from 107.189.29.175 port 45696 [preauth]
May  4 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for root from 218.92.0.201 port 44384 ssh2
May  4 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for root from 218.92.0.201 port 44384 ssh2
May  4 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 44384 ssh2 [preauth]
May  4 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Disconnecting: Too many authentication failures [preauth]
May  4 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 19:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Failed password for root from 213.165.85.145 port 57388 ssh2
May  4 19:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Received disconnect from 213.165.85.145 port 57388:11: Bye Bye [preauth]
May  4 19:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17275]: Disconnected from 213.165.85.145 port 57388 [preauth]
May  4 19:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Failed password for root from 189.91.248.139 port 12189 ssh2
May  4 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17277]: Connection reset by 218.92.0.201 port 61402 [preauth]
May  4 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17290]: Failed password for root from 189.91.248.139 port 16147 ssh2
May  4 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user root
May  4 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17328]: Failed password for root from 189.91.248.139 port 18267 ssh2
May  4 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for root from 189.91.248.139 port 20719 ssh2
May  4 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Connection closed by 189.91.248.139 port 20719 [preauth]
May  4 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Invalid user dev from 152.32.190.168
May  4 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: input_userauth_request: invalid user dev [preauth]
May  4 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: pam_unix(sshd:auth): check pass; user unknown
May  4 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Failed password for root from 189.91.248.139 port 22607 ssh2
May  4 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Failed password for invalid user dev from 152.32.190.168 port 48288 ssh2
May  4 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Received disconnect from 152.32.190.168 port 48288:11: Bye Bye [preauth]
May  4 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Disconnected from 152.32.190.168 port 48288 [preauth]
May  4 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Connection closed by 189.91.248.139 port 22607 [preauth]
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session closed for user root
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17412]: pam_unix(cron:session): session closed for user root
May  4 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session closed for user p13x
May  4 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: Successful su for rubyman by root
May  4 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: + ??? root:rubyman
May  4 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329439 of user rubyman.
May  4 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17516]: pam_unix(su:session): session closed for user rubyman
May  4 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329439.
May  4 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17413]: pam_unix(cron:session): session closed for user root
May  4 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session closed for user root
May  4 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for root from 189.91.248.139 port 24781 ssh2
May  4 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session closed for user samftp
May  4 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Connection closed by 189.91.248.139 port 24781 [preauth]
May  4 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: Failed password for root from 189.91.248.139 port 28287 ssh2
May  4 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: Connection closed by 189.91.248.139 port 28287 [preauth]
May  4 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: Failed password for root from 189.91.248.139 port 31245 ssh2
May  4 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session closed for user root
May  4 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17802]: Connection closed by 189.91.248.139 port 31245 [preauth]
May  4 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Failed password for root from 189.91.248.139 port 33797 ssh2
May  4 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17971]: Connection closed by 189.91.248.139 port 33797 [preauth]
May  4 20:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Failed password for root from 189.91.248.139 port 35137 ssh2
May  4 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17999]: Connection closed by 189.91.248.139 port 35137 [preauth]
May  4 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Failed password for root from 189.91.248.139 port 36837 ssh2
May  4 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Invalid user taibabi from 187.33.9.100
May  4 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Failed password for invalid user taibabi from 187.33.9.100 port 21671 ssh2
May  4 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Received disconnect from 187.33.9.100 port 21671:11: Bye Bye [preauth]
May  4 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18026]: Disconnected from 187.33.9.100 port 21671 [preauth]
May  4 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Failed password for root from 189.91.248.139 port 38473 ssh2
May  4 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Connection closed by 189.91.248.139 port 36837 [preauth]
May  4 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18064]: pam_unix(cron:session): session closed for user p13x
May  4 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: Successful su for rubyman by root
May  4 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: + ??? root:rubyman
May  4 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329443 of user rubyman.
May  4 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18135]: pam_unix(su:session): session closed for user rubyman
May  4 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329443.
May  4 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18040]: Connection closed by 189.91.248.139 port 38473 [preauth]
May  4 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15250]: pam_unix(cron:session): session closed for user root
May  4 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18065]: pam_unix(cron:session): session closed for user samftp
May  4 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Failed password for root from 189.91.248.139 port 41755 ssh2
May  4 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18281]: Connection closed by 189.91.248.139 port 41755 [preauth]
May  4 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Failed password for root from 189.91.248.139 port 43079 ssh2
May  4 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18345]: Connection closed by 189.91.248.139 port 43079 [preauth]
May  4 20:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18369]: Failed password for root from 189.91.248.139 port 45645 ssh2
May  4 20:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session closed for user root
May  4 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18393]: Failed password for root from 189.91.248.139 port 47983 ssh2
May  4 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18393]: Connection closed by 189.91.248.139 port 47983 [preauth]
May  4 20:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18439]: Failed password for root from 189.91.248.139 port 49953 ssh2
May  4 20:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18439]: Connection closed by 189.91.248.139 port 49953 [preauth]
May  4 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Invalid user test1 from 145.239.89.124
May  4 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: input_userauth_request: invalid user test1 [preauth]
May  4 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.89.124
May  4 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Failed password for invalid user test1 from 145.239.89.124 port 48788 ssh2
May  4 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Received disconnect from 145.239.89.124 port 48788:11: Bye Bye [preauth]
May  4 20:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18465]: Disconnected from 145.239.89.124 port 48788 [preauth]
May  4 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Failed password for root from 189.91.248.139 port 52413 ssh2
May  4 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18463]: Connection closed by 189.91.248.139 port 52413 [preauth]
May  4 20:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Failed password for root from 189.91.248.139 port 54599 ssh2
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18498]: pam_unix(cron:session): session closed for user p13x
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Connection closed by 189.91.248.139 port 54599 [preauth]
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18557]: Successful su for rubyman by root
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18557]: + ??? root:rubyman
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329445 of user rubyman.
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18557]: pam_unix(su:session): session closed for user rubyman
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329445.
May  4 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15684]: pam_unix(cron:session): session closed for user root
May  4 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Failed password for root from 189.91.248.139 port 55687 ssh2
May  4 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18571]: Connection closed by 189.91.248.139 port 55687 [preauth]
May  4 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18500]: pam_unix(cron:session): session closed for user samftp
May  4 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: Failed password for root from 189.91.248.139 port 57355 ssh2
May  4 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18740]: Connection closed by 189.91.248.139 port 57355 [preauth]
May  4 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Failed password for root from 189.91.248.139 port 58879 ssh2
May  4 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Connection closed by 189.91.248.139 port 58879 [preauth]
May  4 20:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Failed password for root from 189.91.248.139 port 60807 ssh2
May  4 20:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Invalid user mahsa from 177.182.181.8
May  4 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: input_userauth_request: invalid user mahsa [preauth]
May  4 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.182.181.8
May  4 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18797]: Connection closed by 189.91.248.139 port 60807 [preauth]
May  4 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Failed password for invalid user mahsa from 177.182.181.8 port 45878 ssh2
May  4 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Received disconnect from 177.182.181.8 port 45878:11: Bye Bye [preauth]
May  4 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Disconnected from 177.182.181.8 port 45878 [preauth]
May  4 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session closed for user root
May  4 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: Failed password for root from 189.91.248.139 port 63883 ssh2
May  4 20:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18853]: Connection closed by 189.91.248.139 port 63883 [preauth]
May  4 20:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: Failed password for root from 189.91.248.139 port 10500 ssh2
May  4 20:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Failed password for root from 189.91.248.139 port 12790 ssh2
May  4 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18886]: Connection closed by 189.91.248.139 port 10500 [preauth]
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session closed for user p13x
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: Successful su for rubyman by root
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: + ??? root:rubyman
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329450 of user rubyman.
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18980]: pam_unix(su:session): session closed for user rubyman
May  4 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329450.
May  4 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session closed for user root
May  4 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18919]: pam_unix(cron:session): session closed for user samftp
May  4 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Connection closed by 189.91.248.139 port 12790 [preauth]
May  4 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Failed password for root from 189.91.248.139 port 15122 ssh2
May  4 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19155]: Connection closed by 189.91.248.139 port 15122 [preauth]
May  4 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Failed password for root from 189.91.248.139 port 16278 ssh2
May  4 20:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Connection closed by 189.91.248.139 port 16278 [preauth]
May  4 20:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: Failed password for root from 189.91.248.139 port 19440 ssh2
May  4 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19209]: Connection closed by 189.91.248.139 port 19440 [preauth]
May  4 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18068]: pam_unix(cron:session): session closed for user root
May  4 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: Invalid user matheus from 107.189.29.175
May  4 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: input_userauth_request: invalid user matheus [preauth]
May  4 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: Failed password for root from 189.91.248.139 port 21030 ssh2
May  4 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19241]: Connection closed by 189.91.248.139 port 21030 [preauth]
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: Invalid user peace from 118.26.39.187
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: input_userauth_request: invalid user peace [preauth]
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: Failed password for invalid user matheus from 107.189.29.175 port 51994 ssh2
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: Received disconnect from 107.189.29.175 port 51994:11: Bye Bye [preauth]
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19253]: Disconnected from 107.189.29.175 port 51994 [preauth]
May  4 20:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: Failed password for invalid user peace from 118.26.39.187 port 30044 ssh2
May  4 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: Received disconnect from 118.26.39.187 port 30044:11: Bye Bye [preauth]
May  4 20:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19285]: Disconnected from 118.26.39.187 port 30044 [preauth]
May  4 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for root from 189.91.248.139 port 23134 ssh2
May  4 20:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Invalid user ins from 27.112.78.170
May  4 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: input_userauth_request: invalid user ins [preauth]
May  4 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 20:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Failed password for invalid user ins from 27.112.78.170 port 55318 ssh2
May  4 20:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Received disconnect from 27.112.78.170 port 55318:11: Bye Bye [preauth]
May  4 20:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Disconnected from 27.112.78.170 port 55318 [preauth]
May  4 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Failed password for root from 189.91.248.139 port 24574 ssh2
May  4 20:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: Failed password for root from 189.91.248.139 port 26778 ssh2
May  4 20:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Connection closed by 189.91.248.139 port 24574 [preauth]
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19354]: pam_unix(cron:session): session closed for user p13x
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19413]: Successful su for rubyman by root
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19413]: + ??? root:rubyman
May  4 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329455 of user rubyman.
May  4 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19413]: pam_unix(su:session): session closed for user rubyman
May  4 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329455.
May  4 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: Connection closed by 189.91.248.139 port 26778 [preauth]
May  4 20:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session closed for user root
May  4 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19466]: Failed password for root from 189.91.248.139 port 28816 ssh2
May  4 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19466]: Connection closed by 189.91.248.139 port 28816 [preauth]
May  4 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19355]: pam_unix(cron:session): session closed for user samftp
May  4 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: Failed password for root from 189.91.248.139 port 30914 ssh2
May  4 20:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: Invalid user u1 from 213.165.85.145
May  4 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: input_userauth_request: invalid user u1 [preauth]
May  4 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19605]: Connection closed by 189.91.248.139 port 30914 [preauth]
May  4 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: Failed password for invalid user u1 from 213.165.85.145 port 45856 ssh2
May  4 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: Received disconnect from 213.165.85.145 port 45856:11: Bye Bye [preauth]
May  4 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19647]: Disconnected from 213.165.85.145 port 45856 [preauth]
May  4 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19657]: Failed password for root from 189.91.248.139 port 33380 ssh2
May  4 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19657]: Connection closed by 189.91.248.139 port 33380 [preauth]
May  4 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18502]: pam_unix(cron:session): session closed for user root
May  4 20:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Failed password for root from 189.91.248.139 port 35498 ssh2
May  4 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: Failed password for root from 189.91.248.139 port 42176 ssh2
May  4 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: Invalid user singh from 152.32.190.168
May  4 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: input_userauth_request: invalid user singh [preauth]
May  4 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session closed for user root
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session closed for user p13x
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: Successful su for rubyman by root
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: + ??? root:rubyman
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329457 of user rubyman.
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19849]: pam_unix(su:session): session closed for user rubyman
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329457.
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: Failed password for invalid user singh from 152.32.190.168 port 50154 ssh2
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: Received disconnect from 152.32.190.168 port 50154:11: Bye Bye [preauth]
May  4 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19776]: Disconnected from 152.32.190.168 port 50154 [preauth]
May  4 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19781]: pam_unix(cron:session): session closed for user root
May  4 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session closed for user root
May  4 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19780]: pam_unix(cron:session): session closed for user samftp
May  4 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Failed password for root from 189.91.248.139 port 43600 ssh2
May  4 20:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19966]: Connection closed by 189.91.248.139 port 43600 [preauth]
May  4 20:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20080]: Failed password for root from 189.91.248.139 port 45348 ssh2
May  4 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20080]: Connection closed by 189.91.248.139 port 45348 [preauth]
May  4 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Failed password for root from 189.91.248.139 port 49084 ssh2
May  4 20:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20113]: Connection closed by 189.91.248.139 port 49084 [preauth]
May  4 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18921]: pam_unix(cron:session): session closed for user root
May  4 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: Failed password for root from 189.91.248.139 port 51276 ssh2
May  4 20:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: Connection closed by 189.91.248.139 port 51276 [preauth]
May  4 20:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20185]: Failed password for root from 189.91.248.139 port 52670 ssh2
May  4 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20185]: Connection closed by 189.91.248.139 port 52670 [preauth]
May  4 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Failed password for root from 189.91.248.139 port 56110 ssh2
May  4 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session closed for user p13x
May  4 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: Successful su for rubyman by root
May  4 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: + ??? root:rubyman
May  4 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329464 of user rubyman.
May  4 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20294]: pam_unix(su:session): session closed for user rubyman
May  4 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329464.
May  4 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17414]: pam_unix(cron:session): session closed for user root
May  4 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user samftp
May  4 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Failed password for root from 189.91.248.139 port 57606 ssh2
May  4 20:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Invalid user elias from 187.33.9.100
May  4 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: input_userauth_request: invalid user elias [preauth]
May  4 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Failed password for invalid user elias from 187.33.9.100 port 13698 ssh2
May  4 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Received disconnect from 187.33.9.100 port 13698:11: Bye Bye [preauth]
May  4 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Disconnected from 187.33.9.100 port 13698 [preauth]
May  4 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Failed password for root from 189.91.248.139 port 59440 ssh2
May  4 20:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20431]: Connection closed by 189.91.248.139 port 57606 [preauth]
May  4 20:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Connection closed by 189.91.248.139 port 59440 [preauth]
May  4 20:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for root from 189.91.248.139 port 63282 ssh2
May  4 20:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Connection closed by 189.91.248.139 port 63282 [preauth]
May  4 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19357]: pam_unix(cron:session): session closed for user root
May  4 20:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Failed password for root from 189.91.248.139 port 9795 ssh2
May  4 20:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20588]: Connection closed by 189.91.248.139 port 9795 [preauth]
May  4 20:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Failed password for root from 189.91.248.139 port 10909 ssh2
May  4 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Connection closed by 189.91.248.139 port 10909 [preauth]
May  4 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20650]: pam_unix(cron:session): session closed for user p13x
May  4 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20621]: Failed password for root from 189.91.248.139 port 12701 ssh2
May  4 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20713]: Successful su for rubyman by root
May  4 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20713]: + ??? root:rubyman
May  4 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329468 of user rubyman.
May  4 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20713]: pam_unix(su:session): session closed for user rubyman
May  4 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329468.
May  4 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18066]: pam_unix(cron:session): session closed for user root
May  4 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20651]: pam_unix(cron:session): session closed for user samftp
May  4 20:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: Failed password for root from 189.91.248.139 port 17025 ssh2
May  4 20:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20621]: Connection closed by 189.91.248.139 port 12701 [preauth]
May  4 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Failed password for root from 189.91.248.139 port 20247 ssh2
May  4 20:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20857]: Connection closed by 189.91.248.139 port 17025 [preauth]
May  4 20:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20947]: Connection closed by 189.91.248.139 port 20247 [preauth]
May  4 20:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: Failed password for root from 189.91.248.139 port 21867 ssh2
May  4 20:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20969]: Connection closed by 189.91.248.139 port 21867 [preauth]
May  4 20:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session closed for user root
May  4 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Failed password for root from 189.91.248.139 port 23287 ssh2
May  4 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20979]: Connection closed by 189.91.248.139 port 23287 [preauth]
May  4 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Failed password for root from 189.91.248.139 port 26155 ssh2
May  4 20:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Connection closed by 189.91.248.139 port 26155 [preauth]
May  4 20:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: Failed password for root from 189.91.248.139 port 30055 ssh2
May  4 20:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21058]: Connection closed by 189.91.248.139 port 30055 [preauth]
May  4 20:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session closed for user p13x
May  4 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21139]: Successful su for rubyman by root
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21139]: + ??? root:rubyman
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329472 of user rubyman.
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21139]: pam_unix(su:session): session closed for user rubyman
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329472.
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Invalid user user from 107.189.29.175
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: input_userauth_request: invalid user user [preauth]
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18501]: pam_unix(cron:session): session closed for user root
May  4 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Failed password for root from 189.91.248.139 port 30919 ssh2
May  4 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Failed password for invalid user user from 107.189.29.175 port 58294 ssh2
May  4 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Received disconnect from 107.189.29.175 port 58294:11: Bye Bye [preauth]
May  4 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21128]: Disconnected from 107.189.29.175 port 58294 [preauth]
May  4 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Connection closed by 189.91.248.139 port 30919 [preauth]
May  4 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21073]: pam_unix(cron:session): session closed for user samftp
May  4 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Failed password for root from 189.91.248.139 port 32843 ssh2
May  4 20:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21360]: Connection closed by 189.91.248.139 port 32843 [preauth]
May  4 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Failed password for root from 189.91.248.139 port 35607 ssh2
May  4 20:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21396]: Connection closed by 189.91.248.139 port 35607 [preauth]
May  4 20:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Failed password for root from 189.91.248.139 port 38715 ssh2
May  4 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session closed for user root
May  4 20:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: Failed password for root from 189.91.248.139 port 39977 ssh2
May  4 20:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Connection closed by 189.91.248.139 port 38715 [preauth]
May  4 20:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21457]: Connection closed by 189.91.248.139 port 39977 [preauth]
May  4 20:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Failed password for root from 189.91.248.139 port 42935 ssh2
May  4 20:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21501]: Connection closed by 189.91.248.139 port 42935 [preauth]
May  4 20:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: Failed password for root from 189.91.248.139 port 44601 ssh2
May  4 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21524]: pam_unix(cron:session): session closed for user p13x
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21663]: Successful su for rubyman by root
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21663]: + ??? root:rubyman
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329476 of user rubyman.
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21663]: pam_unix(su:session): session closed for user rubyman
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329476.
May  4 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session closed for user root
May  4 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21511]: Connection closed by 189.91.248.139 port 44601 [preauth]
May  4 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18920]: pam_unix(cron:session): session closed for user root
May  4 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21525]: pam_unix(cron:session): session closed for user samftp
May  4 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for root from 189.91.248.139 port 47915 ssh2
May  4 20:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Connection closed by 189.91.248.139 port 47915 [preauth]
May  4 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for root from 189.91.248.139 port 49755 ssh2
May  4 20:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Connection closed by 189.91.248.139 port 49755 [preauth]
May  4 20:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 20:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Failed password for root from 118.26.39.187 port 12150 ssh2
May  4 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Received disconnect from 118.26.39.187 port 12150:11: Bye Bye [preauth]
May  4 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22246]: Disconnected from 118.26.39.187 port 12150 [preauth]
May  4 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Invalid user steam from 213.165.85.145
May  4 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: input_userauth_request: invalid user steam [preauth]
May  4 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Failed password for invalid user steam from 213.165.85.145 port 50016 ssh2
May  4 20:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Received disconnect from 213.165.85.145 port 50016:11: Bye Bye [preauth]
May  4 20:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22279]: Disconnected from 213.165.85.145 port 50016 [preauth]
May  4 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for root from 189.91.248.139 port 52771 ssh2
May  4 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session closed for user root
May  4 20:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: Failed password for root from 189.91.248.139 port 54961 ssh2
May  4 20:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 20:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22326]: Connection closed by 189.91.248.139 port 54961 [preauth]
May  4 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Failed password for root from 27.112.78.170 port 52600 ssh2
May  4 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Received disconnect from 27.112.78.170 port 52600:11: Bye Bye [preauth]
May  4 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Disconnected from 27.112.78.170 port 52600 [preauth]
May  4 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Invalid user kafka from 193.70.84.184
May  4 20:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: input_userauth_request: invalid user kafka [preauth]
May  4 20:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 20:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Failed password for invalid user kafka from 193.70.84.184 port 33240 ssh2
May  4 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22341]: Connection closed by 193.70.84.184 port 33240 [preauth]
May  4 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Failed password for root from 189.91.248.139 port 56513 ssh2
May  4 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Connection closed by 189.91.248.139 port 56513 [preauth]
May  4 20:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22367]: Failed password for root from 189.91.248.139 port 58561 ssh2
May  4 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: Failed password for root from 189.91.248.139 port 59783 ssh2
May  4 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22380]: Connection closed by 189.91.248.139 port 59783 [preauth]
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22421]: pam_unix(cron:session): session closed for user root
May  4 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22412]: pam_unix(cron:session): session closed for user p13x
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22495]: Successful su for rubyman by root
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22495]: + ??? root:rubyman
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329481 of user rubyman.
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22495]: pam_unix(su:session): session closed for user rubyman
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329481.
May  4 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user root
May  4 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19356]: pam_unix(cron:session): session closed for user root
May  4 20:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Failed password for root from 189.91.248.139 port 61323 ssh2
May  4 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session closed for user samftp
May  4 20:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Connection closed by 189.91.248.139 port 61323 [preauth]
May  4 20:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168  user=root
May  4 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for root from 152.32.190.168 port 59890 ssh2
May  4 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Received disconnect from 152.32.190.168 port 59890:11: Bye Bye [preauth]
May  4 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Disconnected from 152.32.190.168 port 59890 [preauth]
May  4 20:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Failed password for root from 189.91.248.139 port 63621 ssh2
May  4 20:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Connection closed by 189.91.248.139 port 63621 [preauth]
May  4 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21075]: pam_unix(cron:session): session closed for user root
May  4 20:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Failed password for root from 189.91.248.139 port 9800 ssh2
May  4 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Connection closed by 189.91.248.139 port 9800 [preauth]
May  4 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: Failed password for root from 189.91.248.139 port 14980 ssh2
May  4 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: Connection closed by 189.91.248.139 port 14980 [preauth]
May  4 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22895]: Failed password for root from 189.91.248.139 port 17146 ssh2
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22908]: pam_unix(cron:session): session closed for user p13x
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: Successful su for rubyman by root
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: + ??? root:rubyman
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329487 of user rubyman.
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23007]: pam_unix(su:session): session closed for user rubyman
May  4 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329487.
May  4 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22895]: Connection closed by 189.91.248.139 port 17146 [preauth]
May  4 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19783]: pam_unix(cron:session): session closed for user root
May  4 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session closed for user samftp
May  4 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23198]: Failed password for root from 189.91.248.139 port 21014 ssh2
May  4 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23198]: Connection closed by 189.91.248.139 port 21014 [preauth]
May  4 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Failed password for root from 189.91.248.139 port 25722 ssh2
May  4 20:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Invalid user pranali from 187.33.9.100
May  4 20:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: input_userauth_request: invalid user pranali [preauth]
May  4 20:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Failed password for invalid user pranali from 187.33.9.100 port 29798 ssh2
May  4 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Received disconnect from 187.33.9.100 port 29798:11: Bye Bye [preauth]
May  4 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Disconnected from 187.33.9.100 port 29798 [preauth]
May  4 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user root
May  4 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Connection closed by 189.91.248.139 port 25722 [preauth]
May  4 20:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for root from 189.91.248.139 port 28646 ssh2
May  4 20:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Connection closed by 189.91.248.139 port 28646 [preauth]
May  4 20:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: Failed password for root from 189.91.248.139 port 31272 ssh2
May  4 20:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session closed for user p13x
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: Successful su for rubyman by root
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: + ??? root:rubyman
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329490 of user rubyman.
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23519]: pam_unix(su:session): session closed for user rubyman
May  4 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329490.
May  4 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23452]: Failed password for root from 189.91.248.139 port 33842 ssh2
May  4 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: Connection closed by 189.91.248.139 port 31272 [preauth]
May  4 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session closed for user root
May  4 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session closed for user samftp
May  4 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Failed password for root from 189.91.248.139 port 35180 ssh2
May  4 20:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23739]: Failed password for root from 189.91.248.139 port 37096 ssh2
May  4 20:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Connection closed by 189.91.248.139 port 35180 [preauth]
May  4 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Invalid user app from 107.189.29.175
May  4 20:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: input_userauth_request: invalid user app [preauth]
May  4 20:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Failed password for invalid user app from 107.189.29.175 port 36358 ssh2
May  4 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Received disconnect from 107.189.29.175 port 36358:11: Bye Bye [preauth]
May  4 20:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23862]: Disconnected from 107.189.29.175 port 36358 [preauth]
May  4 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Failed password for root from 189.91.248.139 port 40872 ssh2
May  4 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user root
May  4 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Connection closed by 189.91.248.139 port 40872 [preauth]
May  4 20:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Failed password for root from 189.91.248.139 port 42068 ssh2
May  4 20:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23918]: Connection closed by 189.91.248.139 port 42068 [preauth]
May  4 20:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23929]: Failed password for root from 189.91.248.139 port 43472 ssh2
May  4 20:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: Failed password for root from 189.91.248.139 port 45998 ssh2
May  4 20:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23968]: Connection closed by 189.91.248.139 port 45998 [preauth]
May  4 20:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session closed for user p13x
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: Successful su for rubyman by root
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: + ??? root:rubyman
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329497 of user rubyman.
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: pam_unix(su:session): session closed for user rubyman
May  4 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329497.
May  4 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20652]: pam_unix(cron:session): session closed for user root
May  4 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24000]: pam_unix(cron:session): session closed for user samftp
May  4 20:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for root from 189.91.248.139 port 48726 ssh2
May  4 20:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Connection closed by 189.91.248.139 port 48726 [preauth]
May  4 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Failed password for root from 189.91.248.139 port 51088 ssh2
May  4 20:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Connection closed by 189.91.248.139 port 51088 [preauth]
May  4 20:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: Failed password for root from 189.91.248.139 port 52094 ssh2
May  4 20:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24298]: Connection closed by 189.91.248.139 port 52094 [preauth]
May  4 20:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: Failed password for root from 189.91.248.139 port 53940 ssh2
May  4 20:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24326]: Connection closed by 189.91.248.139 port 53940 [preauth]
May  4 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session closed for user root
May  4 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Did not receive identification string from 189.91.248.139
May  4 20:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Failed password for root from 189.91.248.139 port 57572 ssh2
May  4 20:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24371]: Connection closed by 189.91.248.139 port 57572 [preauth]
May  4 20:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24410]: Failed password for root from 189.91.248.139 port 60138 ssh2
May  4 20:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session closed for user p13x
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: Successful su for rubyman by root
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: + ??? root:rubyman
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329499 of user rubyman.
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: pam_unix(su:session): session closed for user rubyman
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329499.
May  4 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24430]: Failed password for root from 189.91.248.139 port 62180 ssh2
May  4 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21074]: pam_unix(cron:session): session closed for user root
May  4 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session closed for user samftp
May  4 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24712]: Failed password for root from 189.91.248.139 port 64536 ssh2
May  4 20:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24712]: Connection closed by 189.91.248.139 port 64536 [preauth]
May  4 20:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24742]: Failed password for root from 189.91.248.139 port 11163 ssh2
May  4 20:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: Failed password for root from 189.91.248.139 port 12927 ssh2
May  4 20:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Failed password for root from 213.165.85.145 port 43026 ssh2
May  4 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Received disconnect from 213.165.85.145 port 43026:11: Bye Bye [preauth]
May  4 20:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24775]: Disconnected from 213.165.85.145 port 43026 [preauth]
May  4 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23459]: pam_unix(cron:session): session closed for user root
May  4 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24773]: Connection closed by 189.91.248.139 port 12927 [preauth]
May  4 20:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24816]: Failed password for root from 189.91.248.139 port 16393 ssh2
May  4 20:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24848]: Failed password for root from 189.91.248.139 port 19167 ssh2
May  4 20:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session closed for user root
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session closed for user p13x
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24953]: Successful su for rubyman by root
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24953]: + ??? root:rubyman
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329502 of user rubyman.
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24953]: pam_unix(su:session): session closed for user rubyman
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329502.
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Invalid user elektra from 118.26.39.187
May  4 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: input_userauth_request: invalid user elektra [preauth]
May  4 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session closed for user root
May  4 20:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24871]: Failed password for root from 189.91.248.139 port 22043 ssh2
May  4 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21526]: pam_unix(cron:session): session closed for user root
May  4 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Failed password for invalid user elektra from 118.26.39.187 port 49250 ssh2
May  4 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Received disconnect from 118.26.39.187 port 49250:11: Bye Bye [preauth]
May  4 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Disconnected from 118.26.39.187 port 49250 [preauth]
May  4 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session closed for user samftp
May  4 20:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: Failed password for root from 189.91.248.139 port 23469 ssh2
May  4 20:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: Connection closed by 189.91.248.139 port 23469 [preauth]
May  4 20:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for root from 189.91.248.139 port 26281 ssh2
May  4 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.190.168  user=root
May  4 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Failed password for root from 152.32.190.168 port 52352 ssh2
May  4 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Received disconnect from 152.32.190.168 port 52352:11: Bye Bye [preauth]
May  4 20:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25230]: Disconnected from 152.32.190.168 port 52352 [preauth]
May  4 20:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: Failed password for root from 189.91.248.139 port 28073 ssh2
May  4 20:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25232]: Connection closed by 189.91.248.139 port 28073 [preauth]
May  4 20:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session closed for user root
May  4 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 20:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Failed password for root from 27.112.78.170 port 33416 ssh2
May  4 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Received disconnect from 27.112.78.170 port 33416:11: Bye Bye [preauth]
May  4 20:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Disconnected from 27.112.78.170 port 33416 [preauth]
May  4 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: Invalid user w from 195.178.110.50
May  4 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: input_userauth_request: invalid user w [preauth]
May  4 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: Failed password for invalid user w from 195.178.110.50 port 49280 ssh2
May  4 20:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: Connection closed by 195.178.110.50 port 49280 [preauth]
May  4 20:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25275]: Failed password for root from 189.91.248.139 port 29993 ssh2
May  4 20:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25275]: Connection closed by 189.91.248.139 port 29993 [preauth]
May  4 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: Invalid user D from 195.178.110.50
May  4 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: input_userauth_request: invalid user D [preauth]
May  4 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: Failed password for invalid user D from 195.178.110.50 port 37638 ssh2
May  4 20:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25335]: Failed password for root from 189.91.248.139 port 35851 ssh2
May  4 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25335]: Connection closed by 189.91.248.139 port 35851 [preauth]
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25349]: pam_unix(cron:session): session closed for user p13x
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: Successful su for rubyman by root
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: + ??? root:rubyman
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329508 of user rubyman.
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: pam_unix(su:session): session closed for user rubyman
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329508.
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25293]: Connection closed by 195.178.110.50 port 37638 [preauth]
May  4 20:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user root
May  4 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session closed for user samftp
May  4 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25442]: Failed password for root from 189.91.248.139 port 36443 ssh2
May  4 20:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25442]: Connection closed by 189.91.248.139 port 36443 [preauth]
May  4 20:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25616]: Failed password for root from 189.91.248.139 port 38459 ssh2
May  4 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: Invalid user o from 195.178.110.50
May  4 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: input_userauth_request: invalid user o [preauth]
May  4 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: Failed password for invalid user o from 195.178.110.50 port 2570 ssh2
May  4 20:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Failed password for root from 189.91.248.139 port 39845 ssh2
May  4 20:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25454]: Connection closed by 195.178.110.50 port 2570 [preauth]
May  4 20:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25651]: Connection closed by 189.91.248.139 port 39845 [preauth]
May  4 20:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25616]: Connection closed by 189.91.248.139 port 38459 [preauth]
May  4 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: Failed password for root from 189.91.248.139 port 41409 ssh2
May  4 20:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session closed for user root
May  4 20:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: Connection closed by 189.91.248.139 port 41409 [preauth]
May  4 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Failed password for root from 187.33.9.100 port 22527 ssh2
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Received disconnect from 187.33.9.100 port 22527:11: Bye Bye [preauth]
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25717]: Disconnected from 187.33.9.100 port 22527 [preauth]
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: Invalid user < from 195.178.110.50
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: input_userauth_request: invalid user < [preauth]
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: Failed password for invalid user < from 195.178.110.50 port 3592 ssh2
May  4 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Failed password for root from 189.91.248.139 port 43415 ssh2
May  4 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25719]: Connection closed by 189.91.248.139 port 43415 [preauth]
May  4 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25663]: Connection closed by 195.178.110.50 port 3592 [preauth]
May  4 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Failed password for root from 189.91.248.139 port 47309 ssh2
May  4 20:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Invalid user dmdba from 107.189.29.175
May  4 20:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: input_userauth_request: invalid user dmdba [preauth]
May  4 20:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Connection closed by 189.91.248.139 port 47309 [preauth]
May  4 20:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Failed password for invalid user dmdba from 107.189.29.175 port 42656 ssh2
May  4 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Received disconnect from 107.189.29.175 port 42656:11: Bye Bye [preauth]
May  4 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Disconnected from 107.189.29.175 port 42656 [preauth]
May  4 20:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Failed password for root from 189.91.248.139 port 49895 ssh2
May  4 20:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25773]: Connection closed by 189.91.248.139 port 49895 [preauth]
May  4 20:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session closed for user root
May  4 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25788]: pam_unix(cron:session): session closed for user p13x
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: Successful su for rubyman by root
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: + ??? root:rubyman
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329512 of user rubyman.
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: pam_unix(su:session): session closed for user rubyman
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329512.
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Invalid user g from 195.178.110.50
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: input_userauth_request: invalid user g [preauth]
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22910]: pam_unix(cron:session): session closed for user root
May  4 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Failed password for invalid user g from 195.178.110.50 port 32832 ssh2
May  4 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25783]: Failed password for root from 189.91.248.139 port 50793 ssh2
May  4 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25745]: Connection closed by 195.178.110.50 port 32832 [preauth]
May  4 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25789]: pam_unix(cron:session): session closed for user samftp
May  4 20:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26043]: Failed password for root from 189.91.248.139 port 52147 ssh2
May  4 20:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Failed password for root from 189.91.248.139 port 54365 ssh2
May  4 20:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Failed password for root from 189.91.248.139 port 57365 ssh2
May  4 20:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session closed for user root
May  4 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  4 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Failed password for root from 46.244.96.25 port 45626 ssh2
May  4 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Connection closed by 46.244.96.25 port 45626 [preauth]
May  4 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Failed password for root from 189.91.248.139 port 60427 ssh2
May  4 20:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26100]: Connection closed by 189.91.248.139 port 57365 [preauth]
May  4 20:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26193]: pam_unix(cron:session): session closed for user p13x
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: Successful su for rubyman by root
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: + ??? root:rubyman
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329518 of user rubyman.
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: pam_unix(su:session): session closed for user rubyman
May  4 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329518.
May  4 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session closed for user root
May  4 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session closed for user samftp
May  4 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Failed password for root from 189.91.248.139 port 61867 ssh2
May  4 20:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26174]: Connection closed by 189.91.248.139 port 61867 [preauth]
May  4 20:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: Failed password for root from 189.91.248.139 port 11250 ssh2
May  4 20:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: Failed password for root from 189.91.248.139 port 12758 ssh2
May  4 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26554]: Connection closed by 189.91.248.139 port 12758 [preauth]
May  4 20:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26528]: Connection closed by 189.91.248.139 port 11250 [preauth]
May  4 20:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Failed password for root from 189.91.248.139 port 15846 ssh2
May  4 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session closed for user root
May  4 20:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26594]: Connection closed by 189.91.248.139 port 15846 [preauth]
May  4 20:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Failed password for root from 189.91.248.139 port 18870 ssh2
May  4 20:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26655]: Failed password for root from 189.91.248.139 port 20192 ssh2
May  4 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26655]: Connection closed by 189.91.248.139 port 20192 [preauth]
May  4 20:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26632]: Connection closed by 189.91.248.139 port 18870 [preauth]
May  4 20:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26689]: pam_unix(cron:session): session closed for user p13x
May  4 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26748]: Successful su for rubyman by root
May  4 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26748]: + ??? root:rubyman
May  4 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329521 of user rubyman.
May  4 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26748]: pam_unix(su:session): session closed for user rubyman
May  4 20:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329521.
May  4 20:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Failed password for root from 189.91.248.139 port 21948 ssh2
May  4 20:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user root
May  4 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26690]: pam_unix(cron:session): session closed for user samftp
May  4 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Failed password for root from 20.87.21.241 port 41464 ssh2
May  4 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Received disconnect from 20.87.21.241 port 41464:11: Bye Bye [preauth]
May  4 20:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26965]: Disconnected from 20.87.21.241 port 41464 [preauth]
May  4 20:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: Failed password for root from 189.91.248.139 port 26236 ssh2
May  4 20:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: Failed password for root from 189.91.248.139 port 27704 ssh2
May  4 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26979]: Connection closed by 189.91.248.139 port 26236 [preauth]
May  4 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: Connection closed by 189.91.248.139 port 27704 [preauth]
May  4 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25791]: pam_unix(cron:session): session closed for user root
May  4 20:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27053]: Failed password for root from 189.91.248.139 port 30136 ssh2
May  4 20:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145  user=root
May  4 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Failed password for root from 189.91.248.139 port 32792 ssh2
May  4 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Failed password for root from 213.165.85.145 port 42496 ssh2
May  4 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Received disconnect from 213.165.85.145 port 42496:11: Bye Bye [preauth]
May  4 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: Disconnected from 213.165.85.145 port 42496 [preauth]
May  4 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Connection closed by 189.91.248.139 port 32792 [preauth]
May  4 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Failed password for root from 189.91.248.139 port 34074 ssh2
May  4 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27109]: Connection closed by 189.91.248.139 port 34074 [preauth]
May  4 20:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Failed password for root from 103.211.217.182 port 41354 ssh2
May  4 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Received disconnect from 103.211.217.182 port 41354:11: Bye Bye [preauth]
May  4 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Disconnected from 103.211.217.182 port 41354 [preauth]
May  4 20:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Failed password for root from 189.91.248.139 port 36558 ssh2
May  4 20:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27143]: Connection closed by 189.91.248.139 port 36558 [preauth]
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
May  4 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27167]: pam_unix(cron:session): session closed for user p13x
May  4 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27243]: Successful su for rubyman by root
May  4 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27243]: + ??? root:rubyman
May  4 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329529 of user rubyman.
May  4 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27243]: pam_unix(su:session): session closed for user rubyman
May  4 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329529.
May  4 20:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session closed for user root
May  4 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27169]: pam_unix(cron:session): session closed for user root
May  4 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Failed password for root from 189.91.248.139 port 37972 ssh2
May  4 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27168]: pam_unix(cron:session): session closed for user samftp
May  4 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Connection closed by 189.91.248.139 port 37972 [preauth]
May  4 20:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27508]: Failed password for root from 189.91.248.139 port 40058 ssh2
May  4 20:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27508]: Connection closed by 189.91.248.139 port 40058 [preauth]
May  4 20:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Failed password for root from 189.91.248.139 port 41544 ssh2
May  4 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27543]: Connection closed by 189.91.248.139 port 41544 [preauth]
May  4 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Invalid user rabbitmq from 81.70.167.132
May  4 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: input_userauth_request: invalid user rabbitmq [preauth]
May  4 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  4 20:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Failed password for invalid user rabbitmq from 81.70.167.132 port 57916 ssh2
May  4 20:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Received disconnect from 81.70.167.132 port 57916:11: Bye Bye [preauth]
May  4 20:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Disconnected from 81.70.167.132 port 57916 [preauth]
May  4 20:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27581]: Failed password for root from 189.91.248.139 port 45186 ssh2
May  4 20:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27581]: Connection closed by 189.91.248.139 port 45186 [preauth]
May  4 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26196]: pam_unix(cron:session): session closed for user root
May  4 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Invalid user steam from 118.26.39.187
May  4 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: input_userauth_request: invalid user steam [preauth]
May  4 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Failed password for invalid user steam from 118.26.39.187 port 31348 ssh2
May  4 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Received disconnect from 118.26.39.187 port 31348:11: Bye Bye [preauth]
May  4 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27623]: Disconnected from 118.26.39.187 port 31348 [preauth]
May  4 20:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: Failed password for root from 189.91.248.139 port 46238 ssh2
May  4 20:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: Connection closed by 189.91.248.139 port 46238 [preauth]
May  4 20:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27633]: Failed password for root from 189.91.248.139 port 48858 ssh2
May  4 20:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Failed password for root from 189.91.248.139 port 50144 ssh2
May  4 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27677]: pam_unix(cron:session): session closed for user p13x
May  4 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27746]: Successful su for rubyman by root
May  4 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27746]: + ??? root:rubyman
May  4 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329533 of user rubyman.
May  4 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27746]: pam_unix(su:session): session closed for user rubyman
May  4 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329533.
May  4 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session closed for user root
May  4 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session closed for user samftp
May  4 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: Failed password for root from 189.91.248.139 port 52756 ssh2
May  4 20:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Connection closed by 189.91.248.139 port 50144 [preauth]
May  4 20:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27946]: Failed password for root from 189.91.248.139 port 55100 ssh2
May  4 20:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27946]: Connection closed by 189.91.248.139 port 55100 [preauth]
May  4 20:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27744]: Connection closed by 189.91.248.139 port 52756 [preauth]
May  4 20:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Failed password for root from 107.189.29.175 port 48964 ssh2
May  4 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session closed for user root
May  4 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Received disconnect from 107.189.29.175 port 48964:11: Bye Bye [preauth]
May  4 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Disconnected from 107.189.29.175 port 48964 [preauth]
May  4 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Failed password for root from 27.112.78.170 port 36168 ssh2
May  4 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Received disconnect from 27.112.78.170 port 36168:11: Bye Bye [preauth]
May  4 20:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28043]: Disconnected from 27.112.78.170 port 36168 [preauth]
May  4 20:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27969]: Failed password for root from 189.91.248.139 port 56816 ssh2
May  4 20:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Invalid user ftp_user from 103.211.217.182
May  4 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: input_userauth_request: invalid user ftp_user [preauth]
May  4 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Failed password for invalid user ftp_user from 103.211.217.182 port 43338 ssh2
May  4 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Received disconnect from 103.211.217.182 port 43338:11: Bye Bye [preauth]
May  4 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28075]: Disconnected from 103.211.217.182 port 43338 [preauth]
May  4 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Failed password for root from 189.91.248.139 port 9775 ssh2
May  4 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Connection closed by 189.91.248.139 port 9775 [preauth]
May  4 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Invalid user tomcat from 187.33.9.100
May  4 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: input_userauth_request: invalid user tomcat [preauth]
May  4 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Failed password for invalid user tomcat from 187.33.9.100 port 26281 ssh2
May  4 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Received disconnect from 187.33.9.100 port 26281:11: Bye Bye [preauth]
May  4 20:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28089]: Disconnected from 187.33.9.100 port 26281 [preauth]
May  4 20:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session closed for user p13x
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: Successful su for rubyman by root
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: + ??? root:rubyman
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329535 of user rubyman.
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28174]: pam_unix(su:session): session closed for user rubyman
May  4 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329535.
May  4 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28099]: Failed password for root from 189.91.248.139 port 12249 ssh2
May  4 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28099]: Connection closed by 189.91.248.139 port 12249 [preauth]
May  4 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session closed for user root
May  4 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user samftp
May  4 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Failed password for root from 189.91.248.139 port 13329 ssh2
May  4 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28294]: Connection closed by 189.91.248.139 port 13329 [preauth]
May  4 20:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Failed password for root from 189.91.248.139 port 14801 ssh2
May  4 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28368]: Connection closed by 189.91.248.139 port 14801 [preauth]
May  4 20:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: Failed password for root from 189.91.248.139 port 16519 ssh2
May  4 20:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28392]: Connection closed by 189.91.248.139 port 16519 [preauth]
May  4 20:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Failed password for root from 189.91.248.139 port 20443 ssh2
May  4 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user root
May  4 20:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28424]: Connection closed by 189.91.248.139 port 20443 [preauth]
May  4 20:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Failed password for root from 189.91.248.139 port 22871 ssh2
May  4 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28465]: Connection closed by 189.91.248.139 port 22871 [preauth]
May  4 20:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: Invalid user myliea from 164.68.105.9
May  4 20:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: input_userauth_request: invalid user myliea [preauth]
May  4 20:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 20:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: Failed password for invalid user myliea from 164.68.105.9 port 40866 ssh2
May  4 20:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Failed password for root from 189.91.248.139 port 24169 ssh2
May  4 20:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28502]: Connection closed by 164.68.105.9 port 40866 [preauth]
May  4 20:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28500]: Connection closed by 189.91.248.139 port 24169 [preauth]
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user p13x
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28582]: Successful su for rubyman by root
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28582]: + ??? root:rubyman
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329540 of user rubyman.
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28582]: pam_unix(su:session): session closed for user rubyman
May  4 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329540.
May  4 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25790]: pam_unix(cron:session): session closed for user root
May  4 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session closed for user samftp
May  4 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: Failed password for root from 189.91.248.139 port 27785 ssh2
May  4 20:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Failed password for root from 189.91.248.139 port 30861 ssh2
May  4 20:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Failed password for root from 189.91.248.139 port 32245 ssh2
May  4 20:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Connection closed by 189.91.248.139 port 32245 [preauth]
May  4 20:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Invalid user try2 from 20.87.21.241
May  4 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: input_userauth_request: invalid user try2 [preauth]
May  4 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Failed password for invalid user try2 from 20.87.21.241 port 52694 ssh2
May  4 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Received disconnect from 20.87.21.241 port 52694:11: Bye Bye [preauth]
May  4 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28833]: Disconnected from 20.87.21.241 port 52694 [preauth]
May  4 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27680]: pam_unix(cron:session): session closed for user root
May  4 20:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Failed password for root from 189.91.248.139 port 35513 ssh2
May  4 20:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Connection closed by 189.91.248.139 port 35513 [preauth]
May  4 20:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: Failed password for root from 189.91.248.139 port 38447 ssh2
May  4 20:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Failed password for root from 103.211.217.182 port 54844 ssh2
May  4 20:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Received disconnect from 103.211.217.182 port 54844:11: Bye Bye [preauth]
May  4 20:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28895]: Disconnected from 103.211.217.182 port 54844 [preauth]
May  4 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28876]: Connection closed by 189.91.248.139 port 38447 [preauth]
May  4 20:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Failed password for root from 189.91.248.139 port 41189 ssh2
May  4 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28940]: pam_unix(cron:session): session closed for user p13x
May  4 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29006]: Successful su for rubyman by root
May  4 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29006]: + ??? root:rubyman
May  4 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329545 of user rubyman.
May  4 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29006]: pam_unix(su:session): session closed for user rubyman
May  4 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329545.
May  4 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26195]: pam_unix(cron:session): session closed for user root
May  4 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28941]: pam_unix(cron:session): session closed for user samftp
May  4 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29269]: Failed password for root from 189.91.248.139 port 44053 ssh2
May  4 20:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Failed password for root from 189.91.248.139 port 45745 ssh2
May  4 20:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Failed password for root from 189.91.248.139 port 48549 ssh2
May  4 20:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Connection closed by 189.91.248.139 port 48549 [preauth]
May  4 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user root
May  4 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Failed password for root from 189.91.248.139 port 49867 ssh2
May  4 20:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29365]: Connection closed by 189.91.248.139 port 49867 [preauth]
May  4 20:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Failed password for root from 189.91.248.139 port 52707 ssh2
May  4 20:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Connection closed by 189.91.248.139 port 52707 [preauth]
May  4 20:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Invalid user oasis from 213.165.85.145
May  4 20:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: input_userauth_request: invalid user oasis [preauth]
May  4 20:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.165.85.145
May  4 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Failed password for invalid user oasis from 213.165.85.145 port 35916 ssh2
May  4 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Received disconnect from 213.165.85.145 port 35916:11: Bye Bye [preauth]
May  4 20:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Disconnected from 213.165.85.145 port 35916 [preauth]
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session closed for user root
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29464]: pam_unix(cron:session): session closed for user p13x
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29536]: Successful su for rubyman by root
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29536]: + ??? root:rubyman
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329552 of user rubyman.
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29536]: pam_unix(su:session): session closed for user rubyman
May  4 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329552.
May  4 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session closed for user root
May  4 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26692]: pam_unix(cron:session): session closed for user root
May  4 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session closed for user samftp
May  4 20:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29434]: Failed password for root from 189.91.248.139 port 53797 ssh2
May  4 20:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28526]: pam_unix(cron:session): session closed for user root
May  4 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Invalid user deploy from 20.87.21.241
May  4 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: input_userauth_request: invalid user deploy [preauth]
May  4 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: Invalid user gitlab-runner from 103.211.217.182
May  4 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: input_userauth_request: invalid user gitlab-runner [preauth]
May  4 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for invalid user deploy from 20.87.21.241 port 48484 ssh2
May  4 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Received disconnect from 20.87.21.241 port 48484:11: Bye Bye [preauth]
May  4 20:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Disconnected from 20.87.21.241 port 48484 [preauth]
May  4 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: Failed password for invalid user gitlab-runner from 103.211.217.182 port 36180 ssh2
May  4 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: Received disconnect from 103.211.217.182 port 36180:11: Bye Bye [preauth]
May  4 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29844]: Disconnected from 103.211.217.182 port 36180 [preauth]
May  4 20:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29800]: Failed password for root from 189.91.248.139 port 64111 ssh2
May  4 20:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Failed password for root from 189.91.248.139 port 11734 ssh2
May  4 20:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29856]: Connection closed by 189.91.248.139 port 11734 [preauth]
May  4 20:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 20:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: Failed password for root from 189.91.248.139 port 14722 ssh2
May  4 20:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 80.94.95.125 port 56517 ssh2
May  4 20:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 80.94.95.125 port 56517 ssh2
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session closed for user p13x
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29984]: Successful su for rubyman by root
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29984]: + ??? root:rubyman
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329555 of user rubyman.
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29984]: pam_unix(su:session): session closed for user rubyman
May  4 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329555.
May  4 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 80.94.95.125 port 56517 ssh2
May  4 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 80.94.95.125 port 56517 ssh2
May  4 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user root
May  4 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session closed for user samftp
May  4 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Failed password for root from 80.94.95.125 port 56517 ssh2
May  4 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Received disconnect from 80.94.95.125 port 56517:11: Bye [preauth]
May  4 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: Disconnected from 80.94.95.125 port 56517 [preauth]
May  4 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29900]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29892]: Connection closed by 189.91.248.139 port 14722 [preauth]
May  4 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 20:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30163]: Failed password for root from 189.91.248.139 port 18130 ssh2
May  4 20:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Failed password for root from 107.189.29.175 port 55270 ssh2
May  4 20:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Received disconnect from 107.189.29.175 port 55270:11: Bye Bye [preauth]
May  4 20:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Disconnected from 107.189.29.175 port 55270 [preauth]
May  4 20:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Invalid user dima from 118.26.39.187
May  4 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: input_userauth_request: invalid user dima [preauth]
May  4 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Failed password for invalid user dima from 118.26.39.187 port 13446 ssh2
May  4 20:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Received disconnect from 118.26.39.187 port 13446:11: Bye Bye [preauth]
May  4 20:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Disconnected from 118.26.39.187 port 13446 [preauth]
May  4 20:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: Failed password for root from 189.91.248.139 port 19696 ssh2
May  4 20:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30214]: Failed password for root from 189.91.248.139 port 22212 ssh2
May  4 20:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30214]: Connection closed by 189.91.248.139 port 22212 [preauth]
May  4 20:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30202]: Connection closed by 189.91.248.139 port 19696 [preauth]
May  4 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28943]: pam_unix(cron:session): session closed for user root
May  4 20:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Failed password for root from 189.91.248.139 port 25520 ssh2
May  4 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Failed password for root from 189.91.248.139 port 28088 ssh2
May  4 20:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30263]: Connection closed by 189.91.248.139 port 25520 [preauth]
May  4 20:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Connection closed by 189.91.248.139 port 28088 [preauth]
May  4 20:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30316]: Failed password for root from 189.91.248.139 port 29504 ssh2
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session closed for user p13x
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: Successful su for rubyman by root
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: + ??? root:rubyman
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329558 of user rubyman.
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: pam_unix(su:session): session closed for user rubyman
May  4 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329558.
May  4 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30316]: Connection closed by 189.91.248.139 port 29504 [preauth]
May  4 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session closed for user root
May  4 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session closed for user samftp
May  4 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Failed password for root from 189.91.248.139 port 33192 ssh2
May  4 20:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Invalid user elektra from 187.33.9.100
May  4 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: input_userauth_request: invalid user elektra [preauth]
May  4 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Failed password for invalid user elektra from 187.33.9.100 port 30654 ssh2
May  4 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Received disconnect from 187.33.9.100 port 30654:11: Bye Bye [preauth]
May  4 20:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Disconnected from 187.33.9.100 port 30654 [preauth]
May  4 20:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30553]: Connection closed by 189.91.248.139 port 33192 [preauth]
May  4 20:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Failed password for root from 189.91.248.139 port 36200 ssh2
May  4 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Invalid user sjh from 103.211.217.182
May  4 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: input_userauth_request: invalid user sjh [preauth]
May  4 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Failed password for invalid user sjh from 103.211.217.182 port 39862 ssh2
May  4 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Received disconnect from 103.211.217.182 port 39862:11: Bye Bye [preauth]
May  4 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Disconnected from 103.211.217.182 port 39862 [preauth]
May  4 20:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.91.248.139  user=root
May  4 20:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Failed password for root from 189.91.248.139 port 37564 ssh2
May  4 20:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Connection closed by 189.91.248.139 port 36200 [preauth]
May  4 20:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30623]: Connection closed by 189.91.248.139 port 37564 [preauth]
May  4 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session closed for user root
May  4 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Invalid user reza from 20.87.21.241
May  4 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: input_userauth_request: invalid user reza [preauth]
May  4 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Failed password for invalid user reza from 20.87.21.241 port 58610 ssh2
May  4 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Received disconnect from 20.87.21.241 port 58610:11: Bye Bye [preauth]
May  4 20:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30686]: Disconnected from 20.87.21.241 port 58610 [preauth]
May  4 20:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Invalid user deploy from 27.112.78.170
May  4 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: input_userauth_request: invalid user deploy [preauth]
May  4 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 20:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Failed password for invalid user deploy from 27.112.78.170 port 48776 ssh2
May  4 20:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Received disconnect from 27.112.78.170 port 48776:11: Bye Bye [preauth]
May  4 20:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30717]: Disconnected from 27.112.78.170 port 48776 [preauth]
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session closed for user p13x
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30806]: Successful su for rubyman by root
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30806]: + ??? root:rubyman
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329563 of user rubyman.
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30806]: pam_unix(su:session): session closed for user rubyman
May  4 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329563.
May  4 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session closed for user root
May  4 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session closed for user samftp
May  4 20:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132  user=root
May  4 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: Failed password for root from 81.70.167.132 port 39820 ssh2
May  4 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: Received disconnect from 81.70.167.132 port 39820:11: Bye Bye [preauth]
May  4 20:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31022]: Disconnected from 81.70.167.132 port 39820 [preauth]
May  4 20:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user root
May  4 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session closed for user p13x
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31209]: Successful su for rubyman by root
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31209]: + ??? root:rubyman
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329566 of user rubyman.
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31209]: pam_unix(su:session): session closed for user rubyman
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329566.
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Invalid user hasan from 103.211.217.182
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: input_userauth_request: invalid user hasan [preauth]
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session closed for user root
May  4 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for invalid user hasan from 103.211.217.182 port 45224 ssh2
May  4 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Received disconnect from 103.211.217.182 port 45224:11: Bye Bye [preauth]
May  4 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Disconnected from 103.211.217.182 port 45224 [preauth]
May  4 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session closed for user samftp
May  4 20:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Invalid user caja from 50.235.31.47
May  4 20:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: input_userauth_request: invalid user caja [preauth]
May  4 20:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session closed for user root
May  4 20:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for invalid user caja from 50.235.31.47 port 42472 ssh2
May  4 20:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Connection closed by 50.235.31.47 port 42472 [preauth]
May  4 20:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Invalid user es from 20.87.21.241
May  4 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: input_userauth_request: invalid user es [preauth]
May  4 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Failed password for invalid user es from 20.87.21.241 port 40122 ssh2
May  4 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Received disconnect from 20.87.21.241 port 40122:11: Bye Bye [preauth]
May  4 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31517]: Disconnected from 20.87.21.241 port 40122 [preauth]
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31552]: pam_unix(cron:session): session closed for user root
May  4 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session closed for user p13x
May  4 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: Successful su for rubyman by root
May  4 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: + ??? root:rubyman
May  4 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329569 of user rubyman.
May  4 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: pam_unix(su:session): session closed for user rubyman
May  4 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329569.
May  4 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session closed for user root
May  4 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28942]: pam_unix(cron:session): session closed for user root
May  4 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session closed for user samftp
May  4 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user root
May  4 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Invalid user tony from 107.189.29.175
May  4 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: input_userauth_request: invalid user tony [preauth]
May  4 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Failed password for invalid user tony from 107.189.29.175 port 33344 ssh2
May  4 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Received disconnect from 107.189.29.175 port 33344:11: Bye Bye [preauth]
May  4 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31978]: Disconnected from 107.189.29.175 port 33344 [preauth]
May  4 20:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Invalid user legal from 103.211.217.182
May  4 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: input_userauth_request: invalid user legal [preauth]
May  4 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Failed password for invalid user legal from 103.211.217.182 port 46702 ssh2
May  4 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Received disconnect from 103.211.217.182 port 46702:11: Bye Bye [preauth]
May  4 20:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31989]: Disconnected from 103.211.217.182 port 46702 [preauth]
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32020]: pam_unix(cron:session): session closed for user p13x
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32086]: Successful su for rubyman by root
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32086]: + ??? root:rubyman
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329575 of user rubyman.
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32086]: pam_unix(su:session): session closed for user rubyman
May  4 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329575.
May  4 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session closed for user root
May  4 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32021]: pam_unix(cron:session): session closed for user samftp
May  4 20:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 20:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: Failed password for root from 218.92.0.207 port 23272 ssh2
May  4 20:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 23272 ssh2]
May  4 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session closed for user root
May  4 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: Failed password for root from 218.92.0.207 port 23272 ssh2
May  4 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 23272 ssh2 [preauth]
May  4 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: Disconnecting: Too many authentication failures [preauth]
May  4 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  4 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32297]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 20:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: Invalid user liuz from 20.87.21.241
May  4 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: input_userauth_request: invalid user liuz [preauth]
May  4 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: Failed password for invalid user liuz from 20.87.21.241 port 43550 ssh2
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Invalid user nick from 118.26.39.187
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: input_userauth_request: invalid user nick [preauth]
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: Received disconnect from 20.87.21.241 port 43550:11: Bye Bye [preauth]
May  4 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32406]: Disconnected from 20.87.21.241 port 43550 [preauth]
May  4 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Failed password for invalid user nick from 118.26.39.187 port 50546 ssh2
May  4 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Received disconnect from 118.26.39.187 port 50546:11: Bye Bye [preauth]
May  4 20:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Disconnected from 118.26.39.187 port 50546 [preauth]
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32420]: pam_unix(cron:session): session closed for user p13x
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32487]: Successful su for rubyman by root
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32487]: + ??? root:rubyman
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329580 of user rubyman.
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32487]: pam_unix(su:session): session closed for user rubyman
May  4 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329580.
May  4 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user root
May  4 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session closed for user samftp
May  4 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Invalid user ai from 187.33.9.100
May  4 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: input_userauth_request: invalid user ai [preauth]
May  4 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31551]: pam_unix(cron:session): session closed for user root
May  4 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Failed password for invalid user ai from 187.33.9.100 port 52674 ssh2
May  4 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Received disconnect from 187.33.9.100 port 52674:11: Bye Bye [preauth]
May  4 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[389]: Disconnected from 187.33.9.100 port 52674 [preauth]
May  4 20:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: Invalid user taibabi from 103.211.217.182
May  4 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: Failed password for invalid user taibabi from 103.211.217.182 port 54946 ssh2
May  4 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: Received disconnect from 103.211.217.182 port 54946:11: Bye Bye [preauth]
May  4 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[439]: Disconnected from 103.211.217.182 port 54946 [preauth]
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[498]: pam_unix(cron:session): session closed for user p13x
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[560]: Successful su for rubyman by root
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[560]: + ??? root:rubyman
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329583 of user rubyman.
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[560]: pam_unix(su:session): session closed for user rubyman
May  4 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329583.
May  4 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30329]: pam_unix(cron:session): session closed for user root
May  4 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[499]: pam_unix(cron:session): session closed for user samftp
May  4 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32023]: pam_unix(cron:session): session closed for user root
May  4 20:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Invalid user rich from 23.94.179.104
May  4 20:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: input_userauth_request: invalid user rich [preauth]
May  4 20:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  4 20:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Failed password for invalid user rich from 23.94.179.104 port 41344 ssh2
May  4 20:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Connection closed by 23.94.179.104 port 41344 [preauth]
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[938]: pam_unix(cron:session): session closed for user p13x
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: Successful su for rubyman by root
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: + ??? root:rubyman
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329589 of user rubyman.
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1002]: pam_unix(su:session): session closed for user rubyman
May  4 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329589.
May  4 20:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user root
May  4 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Invalid user sai from 20.87.21.241
May  4 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: input_userauth_request: invalid user sai [preauth]
May  4 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[939]: pam_unix(cron:session): session closed for user samftp
May  4 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Failed password for invalid user sai from 20.87.21.241 port 49162 ssh2
May  4 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Received disconnect from 20.87.21.241 port 49162:11: Bye Bye [preauth]
May  4 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Disconnected from 20.87.21.241 port 49162 [preauth]
May  4 20:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Invalid user drew from 27.112.78.170
May  4 20:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: input_userauth_request: invalid user drew [preauth]
May  4 20:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Failed password for invalid user drew from 27.112.78.170 port 35156 ssh2
May  4 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Received disconnect from 27.112.78.170 port 35156:11: Bye Bye [preauth]
May  4 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Disconnected from 27.112.78.170 port 35156 [preauth]
May  4 20:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: Failed password for root from 103.211.217.182 port 52462 ssh2
May  4 20:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: Received disconnect from 103.211.217.182 port 52462:11: Bye Bye [preauth]
May  4 20:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: Disconnected from 103.211.217.182 port 52462 [preauth]
May  4 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session closed for user root
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session closed for user root
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session closed for user p13x
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: Successful su for rubyman by root
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: + ??? root:rubyman
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329594 of user rubyman.
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1481]: pam_unix(su:session): session closed for user rubyman
May  4 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329594.
May  4 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session closed for user root
May  4 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session closed for user root
May  4 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session closed for user samftp
May  4 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: Invalid user taibabi from 107.189.29.175
May  4 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: Failed password for invalid user taibabi from 107.189.29.175 port 39648 ssh2
May  4 20:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: Received disconnect from 107.189.29.175 port 39648:11: Bye Bye [preauth]
May  4 20:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1716]: Disconnected from 107.189.29.175 port 39648 [preauth]
May  4 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[501]: pam_unix(cron:session): session closed for user root
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session closed for user p13x
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: Successful su for rubyman by root
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: + ??? root:rubyman
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329597 of user rubyman.
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2024]: pam_unix(su:session): session closed for user rubyman
May  4 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329597.
May  4 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session closed for user root
May  4 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1873]: pam_unix(cron:session): session closed for user samftp
May  4 20:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Invalid user dima from 103.211.217.182
May  4 20:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: input_userauth_request: invalid user dima [preauth]
May  4 20:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: Invalid user dima from 20.87.21.241
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: input_userauth_request: invalid user dima [preauth]
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user dima from 103.211.217.182 port 38860 ssh2
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Received disconnect from 103.211.217.182 port 38860:11: Bye Bye [preauth]
May  4 20:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Disconnected from 103.211.217.182 port 38860 [preauth]
May  4 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: Failed password for invalid user dima from 20.87.21.241 port 45156 ssh2
May  4 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: Received disconnect from 20.87.21.241 port 45156:11: Bye Bye [preauth]
May  4 20:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2243]: Disconnected from 20.87.21.241 port 45156 [preauth]
May  4 20:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2241]: Connection closed by 185.226.197.14 port 33269 [preauth]
May  4 20:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[941]: pam_unix(cron:session): session closed for user root
May  4 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user p13x
May  4 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2451]: Successful su for rubyman by root
May  4 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2451]: + ??? root:rubyman
May  4 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329603 of user rubyman.
May  4 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2451]: pam_unix(su:session): session closed for user rubyman
May  4 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329603.
May  4 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32022]: pam_unix(cron:session): session closed for user root
May  4 20:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2377]: pam_unix(cron:session): session closed for user samftp
May  4 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session closed for user root
May  4 20:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Invalid user devop from 187.33.9.100
May  4 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: input_userauth_request: invalid user devop [preauth]
May  4 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Failed password for invalid user devop from 187.33.9.100 port 36871 ssh2
May  4 20:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Received disconnect from 187.33.9.100 port 36871:11: Bye Bye [preauth]
May  4 20:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Disconnected from 187.33.9.100 port 36871 [preauth]
May  4 20:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Invalid user ai from 118.26.39.187
May  4 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: input_userauth_request: invalid user ai [preauth]
May  4 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Failed password for invalid user ai from 118.26.39.187 port 32650 ssh2
May  4 20:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Received disconnect from 118.26.39.187 port 32650:11: Bye Bye [preauth]
May  4 20:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Disconnected from 118.26.39.187 port 32650 [preauth]
May  4 20:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 20:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Failed password for root from 190.103.202.7 port 40802 ssh2
May  4 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Connection closed by 190.103.202.7 port 40802 [preauth]
May  4 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2819]: pam_unix(cron:session): session closed for user p13x
May  4 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2888]: Successful su for rubyman by root
May  4 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2888]: + ??? root:rubyman
May  4 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329606 of user rubyman.
May  4 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2888]: pam_unix(su:session): session closed for user rubyman
May  4 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329606.
May  4 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session closed for user root
May  4 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session closed for user samftp
May  4 20:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Failed password for root from 103.211.217.182 port 54996 ssh2
May  4 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Received disconnect from 103.211.217.182 port 54996:11: Bye Bye [preauth]
May  4 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Disconnected from 103.211.217.182 port 54996 [preauth]
May  4 20:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Invalid user taibabi from 20.87.21.241
May  4 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1875]: pam_unix(cron:session): session closed for user root
May  4 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Failed password for invalid user taibabi from 20.87.21.241 port 38428 ssh2
May  4 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Received disconnect from 20.87.21.241 port 38428:11: Bye Bye [preauth]
May  4 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3139]: Disconnected from 20.87.21.241 port 38428 [preauth]
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3235]: pam_unix(cron:session): session closed for user p13x
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3342]: Successful su for rubyman by root
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3342]: + ??? root:rubyman
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329609 of user rubyman.
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3342]: pam_unix(su:session): session closed for user rubyman
May  4 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329609.
May  4 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3232]: pam_unix(cron:session): session closed for user root
May  4 20:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[500]: pam_unix(cron:session): session closed for user root
May  4 20:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3236]: pam_unix(cron:session): session closed for user samftp
May  4 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session closed for user root
May  4 20:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Invalid user user from 107.189.29.175
May  4 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: input_userauth_request: invalid user user [preauth]
May  4 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Failed password for invalid user user from 107.189.29.175 port 45944 ssh2
May  4 20:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Received disconnect from 107.189.29.175 port 45944:11: Bye Bye [preauth]
May  4 20:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Disconnected from 107.189.29.175 port 45944 [preauth]
May  4 20:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Invalid user ftpuser from 103.211.217.182
May  4 20:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: input_userauth_request: invalid user ftpuser [preauth]
May  4 20:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session closed for user root
May  4 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session closed for user p13x
May  4 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: Successful su for rubyman by root
May  4 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: + ??? root:rubyman
May  4 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329617 of user rubyman.
May  4 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: pam_unix(su:session): session closed for user rubyman
May  4 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329617.
May  4 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Failed password for invalid user ftpuser from 103.211.217.182 port 54542 ssh2
May  4 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Received disconnect from 103.211.217.182 port 54542:11: Bye Bye [preauth]
May  4 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Disconnected from 103.211.217.182 port 54542 [preauth]
May  4 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session closed for user root
May  4 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[940]: pam_unix(cron:session): session closed for user root
May  4 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session closed for user samftp
May  4 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Invalid user liming from 27.112.78.170
May  4 20:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: input_userauth_request: invalid user liming [preauth]
May  4 20:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user root
May  4 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Failed password for invalid user liming from 27.112.78.170 port 56386 ssh2
May  4 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Received disconnect from 27.112.78.170 port 56386:11: Bye Bye [preauth]
May  4 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: Disconnected from 27.112.78.170 port 56386 [preauth]
May  4 20:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 20:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Failed password for root from 20.87.21.241 port 34482 ssh2
May  4 20:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Received disconnect from 20.87.21.241 port 34482:11: Bye Bye [preauth]
May  4 20:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4193]: Disconnected from 20.87.21.241 port 34482 [preauth]
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session closed for user p13x
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: Successful su for rubyman by root
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: + ??? root:rubyman
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329621 of user rubyman.
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: pam_unix(su:session): session closed for user rubyman
May  4 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329621.
May  4 20:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session closed for user root
May  4 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user samftp
May  4 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3238]: pam_unix(cron:session): session closed for user root
May  4 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Invalid user user02 from 176.31.162.135
May  4 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: input_userauth_request: invalid user user02 [preauth]
May  4 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Failed password for invalid user user02 from 176.31.162.135 port 38102 ssh2
May  4 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4757]: Connection closed by 176.31.162.135 port 38102 [preauth]
May  4 20:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Failed password for root from 103.211.217.182 port 53816 ssh2
May  4 20:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Received disconnect from 103.211.217.182 port 53816:11: Bye Bye [preauth]
May  4 20:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Disconnected from 103.211.217.182 port 53816 [preauth]
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user p13x
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4902]: Successful su for rubyman by root
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4902]: + ??? root:rubyman
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329626 of user rubyman.
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4902]: pam_unix(su:session): session closed for user rubyman
May  4 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329626.
May  4 20:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1874]: pam_unix(cron:session): session closed for user root
May  4 20:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session closed for user samftp
May  4 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session closed for user root
May  4 20:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 20:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Invalid user dima from 187.33.9.100
May  4 20:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: input_userauth_request: invalid user dima [preauth]
May  4 20:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for root from 20.87.21.241 port 48084 ssh2
May  4 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Received disconnect from 20.87.21.241 port 48084:11: Bye Bye [preauth]
May  4 20:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Disconnected from 20.87.21.241 port 48084 [preauth]
May  4 20:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Failed password for invalid user dima from 187.33.9.100 port 31284 ssh2
May  4 20:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Received disconnect from 187.33.9.100 port 31284:11: Bye Bye [preauth]
May  4 20:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5421]: Disconnected from 187.33.9.100 port 31284 [preauth]
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session closed for user p13x
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: Successful su for rubyman by root
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: + ??? root:rubyman
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329630 of user rubyman.
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5520]: pam_unix(su:session): session closed for user rubyman
May  4 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329630.
May  4 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user root
May  4 20:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5448]: pam_unix(cron:session): session closed for user samftp
May  4 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: Invalid user marina from 118.26.39.187
May  4 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: input_userauth_request: invalid user marina [preauth]
May  4 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: Failed password for invalid user marina from 118.26.39.187 port 14738 ssh2
May  4 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: Received disconnect from 118.26.39.187 port 14738:11: Bye Bye [preauth]
May  4 20:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5768]: Disconnected from 118.26.39.187 port 14738 [preauth]
May  4 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  4 20:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for root from 80.94.95.29 port 32758 ssh2
May  4 20:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
May  4 20:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for root from 80.94.95.29 port 32758 ssh2
May  4 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: message repeated 2 times: [ Failed password for root from 80.94.95.29 port 32758 ssh2]
May  4 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for root from 80.94.95.29 port 32758 ssh2
May  4 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Received disconnect from 80.94.95.29 port 32758:11: Bye [preauth]
May  4 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Disconnected from 80.94.95.29 port 32758 [preauth]
May  4 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  4 20:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 20:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Failed password for root from 103.211.217.182 port 33876 ssh2
May  4 20:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Received disconnect from 103.211.217.182 port 33876:11: Bye Bye [preauth]
May  4 20:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5938]: Disconnected from 103.211.217.182 port 33876 [preauth]
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user p13x
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: Successful su for rubyman by root
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: + ??? root:rubyman
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329634 of user rubyman.
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6061]: pam_unix(su:session): session closed for user rubyman
May  4 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329634.
May  4 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2821]: pam_unix(cron:session): session closed for user root
May  4 20:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user samftp
May  4 20:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 20:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Failed password for root from 107.189.29.175 port 52246 ssh2
May  4 20:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Received disconnect from 107.189.29.175 port 52246:11: Bye Bye [preauth]
May  4 20:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Disconnected from 107.189.29.175 port 52246 [preauth]
May  4 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4839]: pam_unix(cron:session): session closed for user root
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user root
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6410]: pam_unix(cron:session): session closed for user p13x
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6488]: Successful su for rubyman by root
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6488]: + ??? root:rubyman
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329639 of user rubyman.
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6488]: pam_unix(su:session): session closed for user rubyman
May  4 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329639.
May  4 20:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user root
May  4 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3237]: pam_unix(cron:session): session closed for user root
May  4 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Invalid user xsj from 20.87.21.241
May  4 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: input_userauth_request: invalid user xsj [preauth]
May  4 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6411]: pam_unix(cron:session): session closed for user samftp
May  4 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Failed password for invalid user xsj from 20.87.21.241 port 49722 ssh2
May  4 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Received disconnect from 20.87.21.241 port 49722:11: Bye Bye [preauth]
May  4 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6583]: Disconnected from 20.87.21.241 port 49722 [preauth]
May  4 20:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5450]: pam_unix(cron:session): session closed for user root
May  4 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: Failed password for root from 103.211.217.182 port 46860 ssh2
May  4 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: Received disconnect from 103.211.217.182 port 46860:11: Bye Bye [preauth]
May  4 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6768]: Disconnected from 103.211.217.182 port 46860 [preauth]
May  4 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session closed for user p13x
May  4 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7012]: Successful su for rubyman by root
May  4 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7012]: + ??? root:rubyman
May  4 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329644 of user rubyman.
May  4 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7012]: pam_unix(su:session): session closed for user rubyman
May  4 20:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329644.
May  4 20:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session closed for user root
May  4 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6857]: pam_unix(cron:session): session closed for user samftp
May  4 20:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Invalid user mohamed from 27.112.78.170
May  4 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: input_userauth_request: invalid user mohamed [preauth]
May  4 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 20:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Failed password for invalid user mohamed from 27.112.78.170 port 35116 ssh2
May  4 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Received disconnect from 27.112.78.170 port 35116:11: Bye Bye [preauth]
May  4 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7255]: Disconnected from 27.112.78.170 port 35116 [preauth]
May  4 20:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
May  4 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session closed for user p13x
May  4 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: Successful su for rubyman by root
May  4 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: + ??? root:rubyman
May  4 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329646 of user rubyman.
May  4 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: pam_unix(su:session): session closed for user rubyman
May  4 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329646.
May  4 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user root
May  4 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session closed for user samftp
May  4 20:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Failed password for root from 20.87.21.241 port 53318 ssh2
May  4 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Received disconnect from 20.87.21.241 port 53318:11: Bye Bye [preauth]
May  4 20:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7730]: Disconnected from 20.87.21.241 port 53318 [preauth]
May  4 20:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Failed password for root from 103.211.217.182 port 56402 ssh2
May  4 20:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Received disconnect from 103.211.217.182 port 56402:11: Bye Bye [preauth]
May  4 20:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7756]: Disconnected from 103.211.217.182 port 56402 [preauth]
May  4 20:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user root
May  4 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session closed for user p13x
May  4 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7951]: Successful su for rubyman by root
May  4 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7951]: + ??? root:rubyman
May  4 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329650 of user rubyman.
May  4 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7951]: pam_unix(su:session): session closed for user rubyman
May  4 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329650.
May  4 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session closed for user root
May  4 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7885]: pam_unix(cron:session): session closed for user samftp
May  4 20:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 20:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8164]: Failed password for root from 187.33.9.100 port 11923 ssh2
May  4 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8164]: Received disconnect from 187.33.9.100 port 11923:11: Bye Bye [preauth]
May  4 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8164]: Disconnected from 187.33.9.100 port 11923 [preauth]
May  4 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user root
May  4 20:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Invalid user taibabi from 107.189.29.175
May  4 20:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 20:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Failed password for invalid user taibabi from 107.189.29.175 port 58550 ssh2
May  4 20:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Received disconnect from 107.189.29.175 port 58550:11: Bye Bye [preauth]
May  4 20:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8274]: Disconnected from 107.189.29.175 port 58550 [preauth]
May  4 20:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Invalid user tomcat from 118.26.39.187
May  4 20:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: input_userauth_request: invalid user tomcat [preauth]
May  4 20:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Failed password for invalid user tomcat from 118.26.39.187 port 51842 ssh2
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user p13x
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Received disconnect from 118.26.39.187 port 51842:11: Bye Bye [preauth]
May  4 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8315]: Disconnected from 118.26.39.187 port 51842 [preauth]
May  4 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: Successful su for rubyman by root
May  4 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: + ??? root:rubyman
May  4 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329654 of user rubyman.
May  4 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8391]: pam_unix(su:session): session closed for user rubyman
May  4 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329654.
May  4 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5449]: pam_unix(cron:session): session closed for user root
May  4 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Invalid user mailserver from 103.211.217.182
May  4 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: input_userauth_request: invalid user mailserver [preauth]
May  4 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user samftp
May  4 20:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Failed password for invalid user mailserver from 103.211.217.182 port 53802 ssh2
May  4 20:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Received disconnect from 103.211.217.182 port 53802:11: Bye Bye [preauth]
May  4 20:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8560]: Disconnected from 103.211.217.182 port 53802 [preauth]
May  4 20:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Invalid user node from 20.87.21.241
May  4 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: input_userauth_request: invalid user node [preauth]
May  4 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
May  4 20:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Failed password for invalid user node from 20.87.21.241 port 50098 ssh2
May  4 20:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Received disconnect from 20.87.21.241 port 50098:11: Bye Bye [preauth]
May  4 20:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8658]: Disconnected from 20.87.21.241 port 50098 [preauth]
May  4 20:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Invalid user admin from 139.19.117.131
May  4 20:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: input_userauth_request: invalid user admin [preauth]
May  4 20:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Connection closed by 139.19.117.131 port 54482 [preauth]
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session closed for user root
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8761]: pam_unix(cron:session): session closed for user p13x
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8828]: Successful su for rubyman by root
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8828]: + ??? root:rubyman
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329660 of user rubyman.
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8828]: pam_unix(su:session): session closed for user rubyman
May  4 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329660.
May  4 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user root
May  4 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8763]: pam_unix(cron:session): session closed for user root
May  4 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8762]: pam_unix(cron:session): session closed for user samftp
May  4 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session closed for user root
May  4 20:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Invalid user student from 103.211.217.182
May  4 20:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: input_userauth_request: invalid user student [preauth]
May  4 20:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session closed for user p13x
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9389]: Successful su for rubyman by root
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9389]: + ??? root:rubyman
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329664 of user rubyman.
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9389]: pam_unix(su:session): session closed for user rubyman
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329664.
May  4 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Failed password for invalid user student from 103.211.217.182 port 34420 ssh2
May  4 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Received disconnect from 103.211.217.182 port 34420:11: Bye Bye [preauth]
May  4 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Disconnected from 103.211.217.182 port 34420 [preauth]
May  4 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user root
May  4 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session closed for user samftp
May  4 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session closed for user root
May  4 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Invalid user operation from 20.87.21.241
May  4 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: input_userauth_request: invalid user operation [preauth]
May  4 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Failed password for invalid user operation from 20.87.21.241 port 60868 ssh2
May  4 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Received disconnect from 20.87.21.241 port 60868:11: Bye Bye [preauth]
May  4 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Disconnected from 20.87.21.241 port 60868 [preauth]
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session closed for user p13x
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: Successful su for rubyman by root
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: + ??? root:rubyman
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329669 of user rubyman.
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9798]: pam_unix(su:session): session closed for user rubyman
May  4 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329669.
May  4 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user root
May  4 20:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session closed for user samftp
May  4 20:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: Failed password for root from 27.112.78.170 port 38862 ssh2
May  4 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: Received disconnect from 27.112.78.170 port 38862:11: Bye Bye [preauth]
May  4 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: Disconnected from 27.112.78.170 port 38862 [preauth]
May  4 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8766]: pam_unix(cron:session): session closed for user root
May  4 20:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Invalid user kafka from 193.70.84.184
May  4 20:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: input_userauth_request: invalid user kafka [preauth]
May  4 20:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Invalid user taibabi from 103.211.217.182
May  4 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Failed password for invalid user kafka from 193.70.84.184 port 37656 ssh2
May  4 20:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10106]: Connection closed by 193.70.84.184 port 37656 [preauth]
May  4 20:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Failed password for invalid user taibabi from 103.211.217.182 port 52974 ssh2
May  4 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Received disconnect from 103.211.217.182 port 52974:11: Bye Bye [preauth]
May  4 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Disconnected from 103.211.217.182 port 52974 [preauth]
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session closed for user p13x
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: Successful su for rubyman by root
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: + ??? root:rubyman
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329672 of user rubyman.
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10193]: pam_unix(su:session): session closed for user rubyman
May  4 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329672.
May  4 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user root
May  4 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10136]: pam_unix(cron:session): session closed for user samftp
May  4 20:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 20:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Failed password for root from 107.189.29.175 port 36628 ssh2
May  4 20:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Received disconnect from 107.189.29.175 port 36628:11: Bye Bye [preauth]
May  4 20:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Disconnected from 107.189.29.175 port 36628 [preauth]
May  4 20:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: Invalid user steam from 187.33.9.100
May  4 20:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: input_userauth_request: invalid user steam [preauth]
May  4 20:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: Failed password for invalid user steam from 187.33.9.100 port 57575 ssh2
May  4 20:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: Received disconnect from 187.33.9.100 port 57575:11: Bye Bye [preauth]
May  4 20:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10549]: Disconnected from 187.33.9.100 port 57575 [preauth]
May  4 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user root
May  4 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Invalid user boss from 20.87.21.241
May  4 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: input_userauth_request: invalid user boss [preauth]
May  4 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Failed password for invalid user boss from 20.87.21.241 port 55814 ssh2
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Received disconnect from 20.87.21.241 port 55814:11: Bye Bye [preauth]
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10671]: Disconnected from 20.87.21.241 port 55814 [preauth]
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session closed for user p13x
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: Successful su for rubyman by root
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: + ??? root:rubyman
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329676 of user rubyman.
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: pam_unix(su:session): session closed for user rubyman
May  4 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329676.
May  4 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7886]: pam_unix(cron:session): session closed for user root
May  4 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session closed for user samftp
May  4 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9735]: pam_unix(cron:session): session closed for user root
May  4 20:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Failed password for root from 103.211.217.182 port 60558 ssh2
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Received disconnect from 103.211.217.182 port 60558:11: Bye Bye [preauth]
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11041]: Disconnected from 103.211.217.182 port 60558 [preauth]
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Invalid user taibabi from 118.26.39.187
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: input_userauth_request: invalid user taibabi [preauth]
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 20:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Failed password for invalid user taibabi from 118.26.39.187 port 33942 ssh2
May  4 20:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Received disconnect from 118.26.39.187 port 33942:11: Bye Bye [preauth]
May  4 20:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11053]: Disconnected from 118.26.39.187 port 33942 [preauth]
May  4 20:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Invalid user christian from 80.94.95.241
May  4 20:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: input_userauth_request: invalid user christian [preauth]
May  4 20:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 20:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for invalid user christian from 80.94.95.241 port 38893 ssh2
May  4 20:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for invalid user christian from 80.94.95.241 port 38893 ssh2
May  4 20:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for invalid user christian from 80.94.95.241 port 38893 ssh2
May  4 20:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for invalid user christian from 80.94.95.241 port 38893 ssh2
May  4 20:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Failed password for invalid user christian from 80.94.95.241 port 38893 ssh2
May  4 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Received disconnect from 80.94.95.241 port 38893:11: Bye [preauth]
May  4 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: Disconnected from 80.94.95.241 port 38893 [preauth]
May  4 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11079]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11112]: pam_unix(cron:session): session closed for user root
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user p13x
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: Successful su for rubyman by root
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: + ??? root:rubyman
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329680 of user rubyman.
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11177]: pam_unix(su:session): session closed for user rubyman
May  4 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329680.
May  4 20:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session closed for user root
May  4 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session closed for user root
May  4 20:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user samftp
May  4 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10138]: pam_unix(cron:session): session closed for user root
May  4 20:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session closed for user p13x
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11604]: Successful su for rubyman by root
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11604]: + ??? root:rubyman
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329686 of user rubyman.
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11604]: pam_unix(su:session): session closed for user rubyman
May  4 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329686.
May  4 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8764]: pam_unix(cron:session): session closed for user root
May  4 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user samftp
May  4 20:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Invalid user mahi from 20.87.21.241
May  4 20:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: input_userauth_request: invalid user mahi [preauth]
May  4 20:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Failed password for invalid user mahi from 20.87.21.241 port 41262 ssh2
May  4 20:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Received disconnect from 20.87.21.241 port 41262:11: Bye Bye [preauth]
May  4 20:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11785]: Disconnected from 20.87.21.241 port 41262 [preauth]
May  4 20:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Invalid user 4 from 195.178.110.50
May  4 20:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: input_userauth_request: invalid user 4 [preauth]
May  4 20:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Failed password for invalid user 4 from 195.178.110.50 port 52332 ssh2
May  4 20:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: Connection closed by 195.178.110.50 port 52332 [preauth]
May  4 20:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Invalid user newuser from 103.211.217.182
May  4 20:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: input_userauth_request: invalid user newuser [preauth]
May  4 20:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Failed password for invalid user newuser from 103.211.217.182 port 59892 ssh2
May  4 20:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Received disconnect from 103.211.217.182 port 59892:11: Bye Bye [preauth]
May  4 20:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11851]: Disconnected from 103.211.217.182 port 59892 [preauth]
May  4 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Invalid user _ from 195.178.110.50
May  4 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: input_userauth_request: invalid user _ [preauth]
May  4 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user root
May  4 20:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Failed password for invalid user _ from 195.178.110.50 port 23896 ssh2
May  4 20:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Connection closed by 195.178.110.50 port 23896 [preauth]
May  4 20:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Invalid user , from 195.178.110.50
May  4 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: input_userauth_request: invalid user , [preauth]
May  4 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Failed password for invalid user , from 195.178.110.50 port 6186 ssh2
May  4 20:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Connection closed by 195.178.110.50 port 6186 [preauth]
May  4 20:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11951]: pam_unix(cron:session): session closed for user p13x
May  4 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: Successful su for rubyman by root
May  4 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: + ??? root:rubyman
May  4 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329690 of user rubyman.
May  4 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12008]: pam_unix(su:session): session closed for user rubyman
May  4 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329690.
May  4 20:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session closed for user root
May  4 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11952]: pam_unix(cron:session): session closed for user samftp
May  4 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: Invalid user W from 195.178.110.50
May  4 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: input_userauth_request: invalid user W [preauth]
May  4 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: Failed password for invalid user W from 195.178.110.50 port 31184 ssh2
May  4 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11931]: Connection closed by 195.178.110.50 port 31184 [preauth]
May  4 20:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11111]: pam_unix(cron:session): session closed for user root
May  4 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: Invalid user $ from 195.178.110.50
May  4 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: input_userauth_request: invalid user $ [preauth]
May  4 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 20:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: Failed password for invalid user $ from 195.178.110.50 port 6826 ssh2
May  4 20:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12214]: Connection closed by 195.178.110.50 port 6826 [preauth]
May  4 20:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175  user=root
May  4 20:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Failed password for root from 107.189.29.175 port 42938 ssh2
May  4 20:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Received disconnect from 107.189.29.175 port 42938:11: Bye Bye [preauth]
May  4 20:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Disconnected from 107.189.29.175 port 42938 [preauth]
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12353]: pam_unix(cron:session): session closed for user p13x
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12412]: Successful su for rubyman by root
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12412]: + ??? root:rubyman
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329694 of user rubyman.
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12412]: pam_unix(su:session): session closed for user rubyman
May  4 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329694.
May  4 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9734]: pam_unix(cron:session): session closed for user root
May  4 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session closed for user samftp
May  4 20:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182  user=root
May  4 20:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Failed password for root from 103.211.217.182 port 36678 ssh2
May  4 20:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Received disconnect from 103.211.217.182 port 36678:11: Bye Bye [preauth]
May  4 20:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12598]: Disconnected from 103.211.217.182 port 36678 [preauth]
May  4 20:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Invalid user kiran from 27.112.78.170
May  4 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: input_userauth_request: invalid user kiran [preauth]
May  4 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Invalid user saracino from 20.87.21.241
May  4 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: input_userauth_request: invalid user saracino [preauth]
May  4 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Failed password for invalid user kiran from 27.112.78.170 port 40062 ssh2
May  4 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Received disconnect from 27.112.78.170 port 40062:11: Bye Bye [preauth]
May  4 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Disconnected from 27.112.78.170 port 40062 [preauth]
May  4 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Failed password for invalid user saracino from 20.87.21.241 port 33164 ssh2
May  4 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Received disconnect from 20.87.21.241 port 33164:11: Bye Bye [preauth]
May  4 20:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12622]: Disconnected from 20.87.21.241 port 33164 [preauth]
May  4 20:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user root
May  4 20:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: Invalid user marina from 187.33.9.100
May  4 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: input_userauth_request: invalid user marina [preauth]
May  4 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: Failed password for invalid user marina from 187.33.9.100 port 42181 ssh2
May  4 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: Received disconnect from 187.33.9.100 port 42181:11: Bye Bye [preauth]
May  4 20:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12688]: Disconnected from 187.33.9.100 port 42181 [preauth]
May  4 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session closed for user p13x
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: Successful su for rubyman by root
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: + ??? root:rubyman
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329699 of user rubyman.
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12809]: pam_unix(su:session): session closed for user rubyman
May  4 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329699.
May  4 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10137]: pam_unix(cron:session): session closed for user root
May  4 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12742]: pam_unix(cron:session): session closed for user samftp
May  4 20:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Invalid user vpnuser from 50.235.31.47
May  4 20:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: input_userauth_request: invalid user vpnuser [preauth]
May  4 20:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Failed password for invalid user vpnuser from 50.235.31.47 port 51162 ssh2
May  4 20:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12988]: Connection closed by 50.235.31.47 port 51162 [preauth]
May  4 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11954]: pam_unix(cron:session): session closed for user root
May  4 20:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 20:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Invalid user user from 103.211.217.182
May  4 20:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: input_userauth_request: invalid user user [preauth]
May  4 20:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): check pass; user unknown
May  4 20:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 20:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for invalid user user from 103.211.217.182 port 58904 ssh2
May  4 20:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Received disconnect from 103.211.217.182 port 58904:11: Bye Bye [preauth]
May  4 20:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Disconnected from 103.211.217.182 port 58904 [preauth]
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user root
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13144]: pam_unix(cron:session): session closed for user root
May  4 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13141]: pam_unix(cron:session): session closed for user p13x
May  4 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13231]: Successful su for rubyman by root
May  4 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13231]: + ??? root:rubyman
May  4 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329707 of user rubyman.
May  4 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13231]: pam_unix(su:session): session closed for user rubyman
May  4 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329707.
May  4 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13145]: pam_unix(cron:session): session closed for user root
May  4 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session closed for user root
May  4 21:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13143]: pam_unix(cron:session): session closed for user samftp
May  4 21:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Invalid user qi from 118.26.39.187
May  4 21:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: input_userauth_request: invalid user qi [preauth]
May  4 21:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 21:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Failed password for invalid user qi from 118.26.39.187 port 16044 ssh2
May  4 21:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Received disconnect from 118.26.39.187 port 16044:11: Bye Bye [preauth]
May  4 21:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Disconnected from 118.26.39.187 port 16044 [preauth]
May  4 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: Invalid user taibabi from 20.87.21.241
May  4 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: input_userauth_request: invalid user taibabi [preauth]
May  4 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: Failed password for invalid user taibabi from 20.87.21.241 port 38650 ssh2
May  4 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: Received disconnect from 20.87.21.241 port 38650:11: Bye Bye [preauth]
May  4 21:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13610]: Disconnected from 20.87.21.241 port 38650 [preauth]
May  4 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12356]: pam_unix(cron:session): session closed for user root
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session closed for user p13x
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13817]: Successful su for rubyman by root
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13817]: + ??? root:rubyman
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329709 of user rubyman.
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13817]: pam_unix(su:session): session closed for user rubyman
May  4 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329709.
May  4 21:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11110]: pam_unix(cron:session): session closed for user root
May  4 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13748]: pam_unix(cron:session): session closed for user samftp
May  4 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12744]: pam_unix(cron:session): session closed for user root
May  4 21:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Invalid user dennis from 103.211.217.182
May  4 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: input_userauth_request: invalid user dennis [preauth]
May  4 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.211.217.182
May  4 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Failed password for invalid user dennis from 103.211.217.182 port 52852 ssh2
May  4 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Received disconnect from 103.211.217.182 port 52852:11: Bye Bye [preauth]
May  4 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Disconnected from 103.211.217.182 port 52852 [preauth]
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14150]: pam_unix(cron:session): session closed for user p13x
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: Successful su for rubyman by root
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: + ??? root:rubyman
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329713 of user rubyman.
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14211]: pam_unix(su:session): session closed for user rubyman
May  4 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329713.
May  4 21:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user root
May  4 21:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session closed for user samftp
May  4 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session closed for user root
May  4 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Invalid user raymond from 107.189.29.175
May  4 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: input_userauth_request: invalid user raymond [preauth]
May  4 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.189.29.175
May  4 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Failed password for invalid user raymond from 107.189.29.175 port 49244 ssh2
May  4 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Received disconnect from 107.189.29.175 port 49244:11: Bye Bye [preauth]
May  4 21:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14486]: Disconnected from 107.189.29.175 port 49244 [preauth]
May  4 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Invalid user liuyu from 20.87.21.241
May  4 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: input_userauth_request: invalid user liuyu [preauth]
May  4 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 21:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Failed password for invalid user liuyu from 20.87.21.241 port 39660 ssh2
May  4 21:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Received disconnect from 20.87.21.241 port 39660:11: Bye Bye [preauth]
May  4 21:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14509]: Disconnected from 20.87.21.241 port 39660 [preauth]
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14562]: pam_unix(cron:session): session closed for user p13x
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: Successful su for rubyman by root
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: + ??? root:rubyman
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329717 of user rubyman.
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14631]: pam_unix(su:session): session closed for user rubyman
May  4 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329717.
May  4 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11953]: pam_unix(cron:session): session closed for user root
May  4 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14563]: pam_unix(cron:session): session closed for user samftp
May  4 21:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user root
May  4 21:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 21:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Failed password for root from 187.33.9.100 port 24135 ssh2
May  4 21:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Received disconnect from 187.33.9.100 port 24135:11: Bye Bye [preauth]
May  4 21:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Disconnected from 187.33.9.100 port 24135 [preauth]
May  4 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session closed for user p13x
May  4 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15036]: Successful su for rubyman by root
May  4 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15036]: + ??? root:rubyman
May  4 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329721 of user rubyman.
May  4 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15036]: pam_unix(su:session): session closed for user rubyman
May  4 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329721.
May  4 21:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session closed for user root
May  4 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session closed for user samftp
May  4 21:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Invalid user foundry from 27.112.78.170
May  4 21:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: input_userauth_request: invalid user foundry [preauth]
May  4 21:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Failed password for invalid user foundry from 27.112.78.170 port 44696 ssh2
May  4 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Received disconnect from 27.112.78.170 port 44696:11: Bye Bye [preauth]
May  4 21:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: Disconnected from 27.112.78.170 port 44696 [preauth]
May  4 21:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session closed for user root
May  4 21:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 21:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Failed password for root from 20.87.21.241 port 34082 ssh2
May  4 21:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Received disconnect from 20.87.21.241 port 34082:11: Bye Bye [preauth]
May  4 21:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Disconnected from 20.87.21.241 port 34082 [preauth]
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session closed for user root
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15372]: pam_unix(cron:session): session closed for user p13x
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: Successful su for rubyman by root
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: + ??? root:rubyman
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329725 of user rubyman.
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15440]: pam_unix(su:session): session closed for user rubyman
May  4 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329725.
May  4 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session closed for user root
May  4 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12743]: pam_unix(cron:session): session closed for user root
May  4 21:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15373]: pam_unix(cron:session): session closed for user samftp
May  4 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session closed for user root
May  4 21:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Invalid user sakib from 164.68.105.9
May  4 21:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: input_userauth_request: invalid user sakib [preauth]
May  4 21:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 21:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Failed password for invalid user sakib from 164.68.105.9 port 35222 ssh2
May  4 21:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Connection closed by 164.68.105.9 port 35222 [preauth]
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session closed for user p13x
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: Successful su for rubyman by root
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: + ??? root:rubyman
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329731 of user rubyman.
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session closed for user rubyman
May  4 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329731.
May  4 21:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Invalid user weiliu from 118.26.39.187
May  4 21:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: input_userauth_request: invalid user weiliu [preauth]
May  4 21:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13146]: pam_unix(cron:session): session closed for user root
May  4 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Failed password for invalid user weiliu from 118.26.39.187 port 53140 ssh2
May  4 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session closed for user samftp
May  4 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Received disconnect from 118.26.39.187 port 53140:11: Bye Bye [preauth]
May  4 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15903]: Disconnected from 118.26.39.187 port 53140 [preauth]
May  4 21:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Connection reset by 198.235.24.35 port 59782 [preauth]
May  4 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14978]: pam_unix(cron:session): session closed for user root
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session closed for user p13x
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16248]: Successful su for rubyman by root
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16248]: + ??? root:rubyman
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329738 of user rubyman.
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16248]: pam_unix(su:session): session closed for user rubyman
May  4 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329738.
May  4 21:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session closed for user root
May  4 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session closed for user samftp
May  4 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Failed password for root from 20.87.21.241 port 47792 ssh2
May  4 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Received disconnect from 20.87.21.241 port 47792:11: Bye Bye [preauth]
May  4 21:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16423]: Disconnected from 20.87.21.241 port 47792 [preauth]
May  4 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session closed for user root
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session closed for user p13x
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: Successful su for rubyman by root
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: + ??? root:rubyman
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329740 of user rubyman.
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: pam_unix(su:session): session closed for user rubyman
May  4 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329740.
May  4 21:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session closed for user root
May  4 21:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16639]: pam_unix(cron:session): session closed for user samftp
May  4 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session closed for user root
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17063]: pam_unix(cron:session): session closed for user p13x
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17175]: Successful su for rubyman by root
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17175]: + ??? root:rubyman
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329743 of user rubyman.
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17175]: pam_unix(su:session): session closed for user rubyman
May  4 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329743.
May  4 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user root
May  4 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session closed for user root
May  4 21:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session closed for user samftp
May  4 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Invalid user ssd from 187.33.9.100
May  4 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: input_userauth_request: invalid user ssd [preauth]
May  4 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Failed password for invalid user ssd from 187.33.9.100 port 28518 ssh2
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Invalid user openwrt from 20.87.21.241
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: input_userauth_request: invalid user openwrt [preauth]
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Received disconnect from 187.33.9.100 port 28518:11: Bye Bye [preauth]
May  4 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Disconnected from 187.33.9.100 port 28518 [preauth]
May  4 21:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Failed password for invalid user openwrt from 20.87.21.241 port 56152 ssh2
May  4 21:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Received disconnect from 20.87.21.241 port 56152:11: Bye Bye [preauth]
May  4 21:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Disconnected from 20.87.21.241 port 56152 [preauth]
May  4 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session closed for user root
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session closed for user root
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17569]: pam_unix(cron:session): session closed for user p13x
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: Successful su for rubyman by root
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: + ??? root:rubyman
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329748 of user rubyman.
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17636]: pam_unix(su:session): session closed for user rubyman
May  4 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329748.
May  4 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Invalid user piso from 27.112.78.170
May  4 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: input_userauth_request: invalid user piso [preauth]
May  4 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session closed for user root
May  4 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session closed for user root
May  4 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Failed password for invalid user piso from 27.112.78.170 port 46746 ssh2
May  4 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Received disconnect from 27.112.78.170 port 46746:11: Bye Bye [preauth]
May  4 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Disconnected from 27.112.78.170 port 46746 [preauth]
May  4 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17570]: pam_unix(cron:session): session closed for user samftp
May  4 21:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16641]: pam_unix(cron:session): session closed for user root
May  4 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18130]: pam_unix(cron:session): session closed for user p13x
May  4 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: Successful su for rubyman by root
May  4 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: + ??? root:rubyman
May  4 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329755 of user rubyman.
May  4 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: pam_unix(su:session): session closed for user rubyman
May  4 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329755.
May  4 21:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15375]: pam_unix(cron:session): session closed for user root
May  4 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18131]: pam_unix(cron:session): session closed for user samftp
May  4 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.87.21.241  user=root
May  4 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Failed password for root from 20.87.21.241 port 53710 ssh2
May  4 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Received disconnect from 20.87.21.241 port 53710:11: Bye Bye [preauth]
May  4 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Disconnected from 20.87.21.241 port 53710 [preauth]
May  4 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session closed for user root
May  4 21:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Invalid user devop from 118.26.39.187
May  4 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: input_userauth_request: invalid user devop [preauth]
May  4 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Failed password for invalid user devop from 118.26.39.187 port 35242 ssh2
May  4 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Received disconnect from 118.26.39.187 port 35242:11: Bye Bye [preauth]
May  4 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Disconnected from 118.26.39.187 port 35242 [preauth]
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session closed for user p13x
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: Successful su for rubyman by root
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: + ??? root:rubyman
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329759 of user rubyman.
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: pam_unix(su:session): session closed for user rubyman
May  4 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329759.
May  4 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session closed for user root
May  4 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session closed for user samftp
May  4 21:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session closed for user root
May  4 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18949]: pam_unix(cron:session): session closed for user p13x
May  4 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: Successful su for rubyman by root
May  4 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: + ??? root:rubyman
May  4 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329764 of user rubyman.
May  4 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19013]: pam_unix(su:session): session closed for user rubyman
May  4 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329764.
May  4 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session closed for user root
May  4 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18950]: pam_unix(cron:session): session closed for user samftp
May  4 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18133]: pam_unix(cron:session): session closed for user root
May  4 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session closed for user p13x
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: Successful su for rubyman by root
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: + ??? root:rubyman
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329766 of user rubyman.
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19425]: pam_unix(su:session): session closed for user rubyman
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329766.
May  4 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16640]: pam_unix(cron:session): session closed for user root
May  4 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session closed for user samftp
May  4 21:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session closed for user root
May  4 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  4 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19691]: Failed password for root from 218.92.0.216 port 23516 ssh2
May  4 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: Invalid user test2 from 187.33.9.100
May  4 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: input_userauth_request: invalid user test2 [preauth]
May  4 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: Failed password for invalid user test2 from 187.33.9.100 port 21606 ssh2
May  4 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: Received disconnect from 187.33.9.100 port 21606:11: Bye Bye [preauth]
May  4 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19722]: Disconnected from 187.33.9.100 port 21606 [preauth]
May  4 21:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19691]: Received disconnect from 218.92.0.216 port 23516:11:  [preauth]
May  4 21:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19691]: Disconnected from 218.92.0.216 port 23516 [preauth]
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user root
May  4 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19781]: pam_unix(cron:session): session closed for user p13x
May  4 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19853]: Successful su for rubyman by root
May  4 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19853]: + ??? root:rubyman
May  4 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329771 of user rubyman.
May  4 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19853]: pam_unix(su:session): session closed for user rubyman
May  4 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329771.
May  4 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session closed for user root
May  4 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session closed for user root
May  4 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19783]: pam_unix(cron:session): session closed for user samftp
May  4 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18952]: pam_unix(cron:session): session closed for user root
May  4 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Invalid user mark from 27.112.78.170
May  4 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: input_userauth_request: invalid user mark [preauth]
May  4 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 21:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Failed password for invalid user mark from 27.112.78.170 port 48932 ssh2
May  4 21:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Received disconnect from 27.112.78.170 port 48932:11: Bye Bye [preauth]
May  4 21:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20216]: Disconnected from 27.112.78.170 port 48932 [preauth]
May  4 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20219]: pam_unix(cron:session): session closed for user p13x
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20289]: Successful su for rubyman by root
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20289]: + ??? root:rubyman
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329777 of user rubyman.
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20289]: pam_unix(su:session): session closed for user rubyman
May  4 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329777.
May  4 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17572]: pam_unix(cron:session): session closed for user root
May  4 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20220]: pam_unix(cron:session): session closed for user samftp
May  4 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19367]: pam_unix(cron:session): session closed for user root
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20625]: pam_unix(cron:session): session closed for user root
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20627]: pam_unix(cron:session): session closed for user p13x
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20692]: Successful su for rubyman by root
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20692]: + ??? root:rubyman
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329780 of user rubyman.
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20692]: pam_unix(su:session): session closed for user rubyman
May  4 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329780.
May  4 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18132]: pam_unix(cron:session): session closed for user root
May  4 21:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session closed for user samftp
May  4 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Failed password for root from 118.26.39.187 port 17348 ssh2
May  4 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Received disconnect from 118.26.39.187 port 17348:11: Bye Bye [preauth]
May  4 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Disconnected from 118.26.39.187 port 17348 [preauth]
May  4 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session closed for user root
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session closed for user p13x
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: Successful su for rubyman by root
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: + ??? root:rubyman
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329786 of user rubyman.
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21102]: pam_unix(su:session): session closed for user rubyman
May  4 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329786.
May  4 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session closed for user root
May  4 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session closed for user samftp
May  4 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 21:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: Failed password for root from 218.92.0.228 port 17686 ssh2
May  4 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 17686 ssh2]
May  4 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: Received disconnect from 218.92.0.228 port 17686:11:  [preauth]
May  4 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: Disconnected from 218.92.0.228 port 17686 [preauth]
May  4 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21361]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 21:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 21:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: Failed password for root from 218.92.0.228 port 31492 ssh2
May  4 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 31492 ssh2]
May  4 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: Received disconnect from 218.92.0.228 port 31492:11:  [preauth]
May  4 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: Disconnected from 218.92.0.228 port 31492 [preauth]
May  4 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20222]: pam_unix(cron:session): session closed for user root
May  4 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 21:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for root from 218.92.0.228 port 57188 ssh2
May  4 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 57188 ssh2]
May  4 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Received disconnect from 218.92.0.228 port 57188:11:  [preauth]
May  4 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Disconnected from 218.92.0.228 port 57188 [preauth]
May  4 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session closed for user p13x
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: Successful su for rubyman by root
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: + ??? root:rubyman
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329790 of user rubyman.
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session closed for user rubyman
May  4 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329790.
May  4 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18951]: pam_unix(cron:session): session closed for user root
May  4 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session closed for user samftp
May  4 21:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 21:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Failed password for root from 218.92.0.210 port 7850 ssh2
May  4 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 7850 ssh2]
May  4 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 7850 ssh2 [preauth]
May  4 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: Disconnecting: Too many authentication failures [preauth]
May  4 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22075]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20631]: pam_unix(cron:session): session closed for user root
May  4 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 21:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: Failed password for root from 218.92.0.210 port 58750 ssh2
May  4 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 58750 ssh2]
May  4 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 21:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: Failed password for root from 218.92.0.210 port 58750 ssh2
May  4 21:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for root from 187.33.9.100 port 47587 ssh2
May  4 21:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Received disconnect from 187.33.9.100 port 47587:11: Bye Bye [preauth]
May  4 21:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Disconnected from 187.33.9.100 port 47587 [preauth]
May  4 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: Failed password for root from 218.92.0.210 port 58750 ssh2
May  4 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: Failed password for root from 218.92.0.210 port 58750 ssh2
May  4 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 58750 ssh2 [preauth]
May  4 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: Disconnecting: Too many authentication failures [preauth]
May  4 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 21:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22130]: PAM service(sshd) ignoring max retries; 6 > 3
May  4 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  4 21:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Failed password for root from 218.92.0.210 port 51270 ssh2
May  4 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Received disconnect from 218.92.0.210 port 51270:11:  [preauth]
May  4 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22201]: Disconnected from 218.92.0.210 port 51270 [preauth]
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22234]: pam_unix(cron:session): session closed for user root
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session closed for user p13x
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: Successful su for rubyman by root
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: + ??? root:rubyman
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329796 of user rubyman.
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: pam_unix(su:session): session closed for user rubyman
May  4 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329796.
May  4 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user root
May  4 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19366]: pam_unix(cron:session): session closed for user root
May  4 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session closed for user samftp
May  4 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session closed for user root
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22722]: pam_unix(cron:session): session closed for user p13x
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22799]: Successful su for rubyman by root
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22799]: + ??? root:rubyman
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329799 of user rubyman.
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22799]: pam_unix(su:session): session closed for user rubyman
May  4 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329799.
May  4 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session closed for user root
May  4 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22723]: pam_unix(cron:session): session closed for user samftp
May  4 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session closed for user root
May  4 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: Invalid user test from 27.112.78.170
May  4 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: input_userauth_request: invalid user test [preauth]
May  4 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: Failed password for invalid user test from 27.112.78.170 port 58382 ssh2
May  4 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: Received disconnect from 27.112.78.170 port 58382:11: Bye Bye [preauth]
May  4 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23170]: Disconnected from 27.112.78.170 port 58382 [preauth]
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23188]: pam_unix(cron:session): session closed for user p13x
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: Successful su for rubyman by root
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: + ??? root:rubyman
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329804 of user rubyman.
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23255]: pam_unix(su:session): session closed for user rubyman
May  4 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329804.
May  4 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20221]: pam_unix(cron:session): session closed for user root
May  4 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session closed for user samftp
May  4 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22232]: pam_unix(cron:session): session closed for user root
May  4 21:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Failed password for root from 190.103.202.7 port 35008 ssh2
May  4 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Connection closed by 190.103.202.7 port 35008 [preauth]
May  4 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23695]: pam_unix(cron:session): session closed for user p13x
May  4 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: Successful su for rubyman by root
May  4 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: + ??? root:rubyman
May  4 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329807 of user rubyman.
May  4 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23756]: pam_unix(su:session): session closed for user rubyman
May  4 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329807.
May  4 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session closed for user root
May  4 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23696]: pam_unix(cron:session): session closed for user samftp
May  4 21:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 21:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Failed password for root from 118.26.39.187 port 54456 ssh2
May  4 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Received disconnect from 118.26.39.187 port 54456:11: Bye Bye [preauth]
May  4 21:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24092]: Disconnected from 118.26.39.187 port 54456 [preauth]
May  4 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22725]: pam_unix(cron:session): session closed for user root
May  4 21:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session closed for user p13x
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: Successful su for rubyman by root
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: + ??? root:rubyman
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329812 of user rubyman.
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24295]: pam_unix(su:session): session closed for user rubyman
May  4 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329812.
May  4 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session closed for user root
May  4 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user samftp
May  4 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Invalid user melissa from 46.244.96.25
May  4 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: input_userauth_request: invalid user melissa [preauth]
May  4 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  4 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23192]: pam_unix(cron:session): session closed for user root
May  4 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Failed password for invalid user melissa from 46.244.96.25 port 37250 ssh2
May  4 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24562]: Connection closed by 46.244.96.25 port 37250 [preauth]
May  4 21:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Invalid user weiliu from 187.33.9.100
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: input_userauth_request: invalid user weiliu [preauth]
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session closed for user root
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session closed for user p13x
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24742]: Successful su for rubyman by root
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24742]: + ??? root:rubyman
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329815 of user rubyman.
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24742]: pam_unix(su:session): session closed for user rubyman
May  4 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329815.
May  4 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for invalid user weiliu from 187.33.9.100 port 39681 ssh2
May  4 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session closed for user root
May  4 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Received disconnect from 187.33.9.100 port 39681:11: Bye Bye [preauth]
May  4 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Disconnected from 187.33.9.100 port 39681 [preauth]
May  4 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session closed for user root
May  4 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session closed for user samftp
May  4 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23698]: pam_unix(cron:session): session closed for user root
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user p13x
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25181]: Successful su for rubyman by root
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25181]: + ??? root:rubyman
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329822 of user rubyman.
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25181]: pam_unix(su:session): session closed for user rubyman
May  4 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329822.
May  4 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user root
May  4 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user samftp
May  4 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.83.49.109 port 40352
May  4 21:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Failed password for root from 218.92.0.236 port 38508 ssh2
May  4 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Failed password for root from 218.92.0.236 port 38508 ssh2
May  4 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session closed for user root
May  4 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Failed password for root from 218.92.0.236 port 38508 ssh2
May  4 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Received disconnect from 218.92.0.236 port 38508:11:  [preauth]
May  4 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: Disconnected from 218.92.0.236 port 38508 [preauth]
May  4 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25430]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  4 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session closed for user p13x
May  4 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: Successful su for rubyman by root
May  4 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: + ??? root:rubyman
May  4 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329826 of user rubyman.
May  4 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: pam_unix(su:session): session closed for user rubyman
May  4 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329826.
May  4 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22724]: pam_unix(cron:session): session closed for user root
May  4 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25532]: pam_unix(cron:session): session closed for user samftp
May  4 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session closed for user root
May  4 21:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: Failed password for root from 27.112.78.170 port 39496 ssh2
May  4 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: Received disconnect from 27.112.78.170 port 39496:11: Bye Bye [preauth]
May  4 21:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25907]: Disconnected from 27.112.78.170 port 39496 [preauth]
May  4 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session closed for user p13x
May  4 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25997]: Successful su for rubyman by root
May  4 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25997]: + ??? root:rubyman
May  4 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329830 of user rubyman.
May  4 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25997]: pam_unix(su:session): session closed for user rubyman
May  4 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329830.
May  4 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23190]: pam_unix(cron:session): session closed for user root
May  4 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25928]: pam_unix(cron:session): session closed for user samftp
May  4 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session closed for user root
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26328]: pam_unix(cron:session): session closed for user p13x
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26387]: Successful su for rubyman by root
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26387]: + ??? root:rubyman
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329833 of user rubyman.
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26387]: pam_unix(su:session): session closed for user rubyman
May  4 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329833.
May  4 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23697]: pam_unix(cron:session): session closed for user root
May  4 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26329]: pam_unix(cron:session): session closed for user samftp
May  4 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Failed password for root from 118.26.39.187 port 36564 ssh2
May  4 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Received disconnect from 118.26.39.187 port 36564:11: Bye Bye [preauth]
May  4 21:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Disconnected from 118.26.39.187 port 36564 [preauth]
May  4 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25534]: pam_unix(cron:session): session closed for user root
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26810]: pam_unix(cron:session): session closed for user root
May  4 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session closed for user p13x
May  4 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: Successful su for rubyman by root
May  4 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: + ??? root:rubyman
May  4 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329840 of user rubyman.
May  4 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: pam_unix(su:session): session closed for user rubyman
May  4 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329840.
May  4 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user root
May  4 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26807]: pam_unix(cron:session): session closed for user root
May  4 21:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26806]: pam_unix(cron:session): session closed for user samftp
May  4 21:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Invalid user qi from 187.33.9.100
May  4 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: input_userauth_request: invalid user qi [preauth]
May  4 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Failed password for invalid user qi from 187.33.9.100 port 44126 ssh2
May  4 21:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Received disconnect from 187.33.9.100 port 44126:11: Bye Bye [preauth]
May  4 21:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27188]: Disconnected from 187.33.9.100 port 44126 [preauth]
May  4 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user root
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27306]: pam_unix(cron:session): session closed for user p13x
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27397]: Successful su for rubyman by root
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27397]: + ??? root:rubyman
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329843 of user rubyman.
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27397]: pam_unix(su:session): session closed for user rubyman
May  4 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329843.
May  4 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27307]: pam_unix(cron:session): session closed for user samftp
May  4 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session closed for user root
May  4 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session closed for user root
May  4 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27770]: pam_unix(cron:session): session closed for user p13x
May  4 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27833]: Successful su for rubyman by root
May  4 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27833]: + ??? root:rubyman
May  4 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329849 of user rubyman.
May  4 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27833]: pam_unix(su:session): session closed for user rubyman
May  4 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329849.
May  4 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session closed for user root
May  4 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27771]: pam_unix(cron:session): session closed for user samftp
May  4 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26809]: pam_unix(cron:session): session closed for user root
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session closed for user p13x
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: Successful su for rubyman by root
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: + ??? root:rubyman
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329852 of user rubyman.
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28235]: pam_unix(su:session): session closed for user rubyman
May  4 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329852.
May  4 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25533]: pam_unix(cron:session): session closed for user root
May  4 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session closed for user samftp
May  4 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27310]: pam_unix(cron:session): session closed for user root
May  4 21:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170  user=root
May  4 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Failed password for root from 27.112.78.170 port 44294 ssh2
May  4 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Received disconnect from 27.112.78.170 port 44294:11: Bye Bye [preauth]
May  4 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Disconnected from 27.112.78.170 port 44294 [preauth]
May  4 21:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28576]: pam_unix(cron:session): session closed for user p13x
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28639]: Successful su for rubyman by root
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28639]: + ??? root:rubyman
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329857 of user rubyman.
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28639]: pam_unix(su:session): session closed for user rubyman
May  4 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329857.
May  4 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session closed for user root
May  4 21:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28577]: pam_unix(cron:session): session closed for user samftp
May  4 21:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Failed password for root from 218.92.0.198 port 59932 ssh2
May  4 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 59932 ssh2]
May  4 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Received disconnect from 218.92.0.198 port 59932:11:  [preauth]
May  4 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Disconnected from 218.92.0.198 port 59932 [preauth]
May  4 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 21:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 21:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: Failed password for root from 218.92.0.198 port 10582 ssh2
May  4 21:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 10582 ssh2]
May  4 21:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: Received disconnect from 218.92.0.198 port 10582:11:  [preauth]
May  4 21:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: Disconnected from 218.92.0.198 port 10582 [preauth]
May  4 21:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28856]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 21:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 21:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Failed password for root from 218.92.0.198 port 47864 ssh2
May  4 21:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Failed password for root from 218.92.0.198 port 47864 ssh2
May  4 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27773]: pam_unix(cron:session): session closed for user root
May  4 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Failed password for root from 218.92.0.198 port 47864 ssh2
May  4 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Received disconnect from 218.92.0.198 port 47864:11:  [preauth]
May  4 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: Disconnected from 218.92.0.198 port 47864 [preauth]
May  4 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28882]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Invalid user taibabi from 118.26.39.187
May  4 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: input_userauth_request: invalid user taibabi [preauth]
May  4 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Failed password for invalid user taibabi from 118.26.39.187 port 18668 ssh2
May  4 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Received disconnect from 118.26.39.187 port 18668:11: Bye Bye [preauth]
May  4 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28966]: Disconnected from 118.26.39.187 port 18668 [preauth]
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28990]: pam_unix(cron:session): session closed for user root
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session closed for user p13x
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: Successful su for rubyman by root
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: + ??? root:rubyman
May  4 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329861 of user rubyman.
May  4 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: pam_unix(su:session): session closed for user rubyman
May  4 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329861.
May  4 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28987]: pam_unix(cron:session): session closed for user root
May  4 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26330]: pam_unix(cron:session): session closed for user root
May  4 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session closed for user samftp
May  4 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session closed for user root
May  4 21:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Invalid user nick from 187.33.9.100
May  4 21:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: input_userauth_request: invalid user nick [preauth]
May  4 21:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Failed password for invalid user nick from 187.33.9.100 port 36092 ssh2
May  4 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Received disconnect from 187.33.9.100 port 36092:11: Bye Bye [preauth]
May  4 21:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Disconnected from 187.33.9.100 port 36092 [preauth]
May  4 21:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user p13x
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29595]: Successful su for rubyman by root
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29595]: + ??? root:rubyman
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329865 of user rubyman.
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29595]: pam_unix(su:session): session closed for user rubyman
May  4 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329865.
May  4 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26808]: pam_unix(cron:session): session closed for user root
May  4 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session closed for user samftp
May  4 21:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Invalid user O from 195.178.110.50
May  4 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: input_userauth_request: invalid user O [preauth]
May  4 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 21:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for invalid user O from 195.178.110.50 port 33102 ssh2
May  4 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28579]: pam_unix(cron:session): session closed for user root
May  4 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Connection closed by 195.178.110.50 port 33102 [preauth]
May  4 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Invalid user z from 195.178.110.50
May  4 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: input_userauth_request: invalid user z [preauth]
May  4 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 21:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Failed password for invalid user z from 195.178.110.50 port 38344 ssh2
May  4 21:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Connection closed by 195.178.110.50 port 38344 [preauth]
May  4 21:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session closed for user p13x
May  4 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: Successful su for rubyman by root
May  4 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: + ??? root:rubyman
May  4 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329869 of user rubyman.
May  4 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: pam_unix(su:session): session closed for user rubyman
May  4 21:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329869.
May  4 21:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27309]: pam_unix(cron:session): session closed for user root
May  4 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user samftp
May  4 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Invalid user G from 195.178.110.50
May  4 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: input_userauth_request: invalid user G [preauth]
May  4 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 21:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Failed password for invalid user G from 195.178.110.50 port 26426 ssh2
May  4 21:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Connection closed by 195.178.110.50 port 26426 [preauth]
May  4 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Invalid user riad from 193.70.84.184
May  4 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: input_userauth_request: invalid user riad [preauth]
May  4 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 21:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Failed password for invalid user riad from 193.70.84.184 port 43592 ssh2
May  4 21:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Connection closed by 193.70.84.184 port 43592 [preauth]
May  4 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Invalid user r from 195.178.110.50
May  4 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: input_userauth_request: invalid user r [preauth]
May  4 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 21:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Failed password for invalid user r from 195.178.110.50 port 57544 ssh2
May  4 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Connection closed by 195.178.110.50 port 57544 [preauth]
May  4 21:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28989]: pam_unix(cron:session): session closed for user root
May  4 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Invalid user ? from 195.178.110.50
May  4 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: input_userauth_request: invalid user ? [preauth]
May  4 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Failed password for invalid user ? from 195.178.110.50 port 51550 ssh2
May  4 21:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Connection closed by 195.178.110.50 port 51550 [preauth]
May  4 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30346]: pam_unix(cron:session): session closed for user p13x
May  4 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: Successful su for rubyman by root
May  4 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: + ??? root:rubyman
May  4 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329873 of user rubyman.
May  4 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: pam_unix(su:session): session closed for user rubyman
May  4 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329873.
May  4 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session closed for user root
May  4 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session closed for user samftp
May  4 21:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session closed for user root
May  4 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session closed for user p13x
May  4 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: Successful su for rubyman by root
May  4 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: + ??? root:rubyman
May  4 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329878 of user rubyman.
May  4 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30864]: pam_unix(su:session): session closed for user rubyman
May  4 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329878.
May  4 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session closed for user root
May  4 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session closed for user root
May  4 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session closed for user samftp
May  4 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session closed for user root
May  4 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: Invalid user space from 27.112.78.170
May  4 21:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: input_userauth_request: invalid user space [preauth]
May  4 21:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: Failed password for invalid user space from 27.112.78.170 port 34536 ssh2
May  4 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: Received disconnect from 27.112.78.170 port 34536:11: Bye Bye [preauth]
May  4 21:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: Disconnected from 27.112.78.170 port 34536 [preauth]
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session closed for user root
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session closed for user p13x
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: Successful su for rubyman by root
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: + ??? root:rubyman
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329882 of user rubyman.
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31313]: pam_unix(su:session): session closed for user rubyman
May  4 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329882.
May  4 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31238]: pam_unix(cron:session): session closed for user root
May  4 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28578]: pam_unix(cron:session): session closed for user root
May  4 21:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session closed for user samftp
May  4 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session closed for user root
May  4 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Failed password for root from 118.26.39.187 port 55770 ssh2
May  4 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Received disconnect from 118.26.39.187 port 55770:11: Bye Bye [preauth]
May  4 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31581]: Disconnected from 118.26.39.187 port 55770 [preauth]
May  4 21:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Invalid user peace from 187.33.9.100
May  4 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: input_userauth_request: invalid user peace [preauth]
May  4 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for invalid user peace from 187.33.9.100 port 40402 ssh2
May  4 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Received disconnect from 187.33.9.100 port 40402:11: Bye Bye [preauth]
May  4 21:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Disconnected from 187.33.9.100 port 40402 [preauth]
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31691]: pam_unix(cron:session): session closed for user p13x
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31756]: Successful su for rubyman by root
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31756]: + ??? root:rubyman
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329888 of user rubyman.
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31756]: pam_unix(su:session): session closed for user rubyman
May  4 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329888.
May  4 21:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28988]: pam_unix(cron:session): session closed for user root
May  4 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31692]: pam_unix(cron:session): session closed for user samftp
May  4 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Invalid user admin from 80.94.95.112
May  4 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: input_userauth_request: invalid user admin [preauth]
May  4 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user root
May  4 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Failed password for invalid user admin from 80.94.95.112 port 26094 ssh2
May  4 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Failed password for invalid user admin from 80.94.95.112 port 26094 ssh2
May  4 21:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Failed password for invalid user admin from 80.94.95.112 port 26094 ssh2
May  4 21:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Failed password for invalid user admin from 80.94.95.112 port 26094 ssh2
May  4 21:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Failed password for invalid user admin from 80.94.95.112 port 26094 ssh2
May  4 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Received disconnect from 80.94.95.112 port 26094:11: Bye [preauth]
May  4 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: Disconnected from 80.94.95.112 port 26094 [preauth]
May  4 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32027]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user p13x
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32166]: Successful su for rubyman by root
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32166]: + ??? root:rubyman
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329894 of user rubyman.
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32166]: pam_unix(su:session): session closed for user rubyman
May  4 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329894.
May  4 21:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session closed for user root
May  4 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user samftp
May  4 21:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session closed for user root
May  4 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32510]: pam_unix(cron:session): session closed for user p13x
May  4 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: Successful su for rubyman by root
May  4 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: + ??? root:rubyman
May  4 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329896 of user rubyman.
May  4 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: pam_unix(su:session): session closed for user rubyman
May  4 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329896.
May  4 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user root
May  4 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32511]: pam_unix(cron:session): session closed for user samftp
May  4 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31694]: pam_unix(cron:session): session closed for user root
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session closed for user p13x
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[643]: Successful su for rubyman by root
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[643]: + ??? root:rubyman
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329900 of user rubyman.
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[643]: pam_unix(su:session): session closed for user rubyman
May  4 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329900.
May  4 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session closed for user root
May  4 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session closed for user samftp
May  4 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session closed for user root
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1012]: pam_unix(cron:session): session closed for user root
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session closed for user p13x
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: Successful su for rubyman by root
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: + ??? root:rubyman
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329908 of user rubyman.
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session closed for user rubyman
May  4 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329908.
May  4 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session closed for user root
May  4 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user root
May  4 21:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session closed for user samftp
May  4 21:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Invalid user taibabi from 27.112.78.170
May  4 21:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: input_userauth_request: invalid user taibabi [preauth]
May  4 21:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.112.78.170
May  4 21:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Failed password for invalid user taibabi from 27.112.78.170 port 40212 ssh2
May  4 21:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Received disconnect from 27.112.78.170 port 40212:11: Bye Bye [preauth]
May  4 21:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Disconnected from 27.112.78.170 port 40212 [preauth]
May  4 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session closed for user root
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1513]: pam_unix(cron:session): session closed for user p13x
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: Successful su for rubyman by root
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: + ??? root:rubyman
May  4 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329910 of user rubyman.
May  4 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1588]: pam_unix(su:session): session closed for user rubyman
May  4 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329910.
May  4 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 21:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session closed for user root
May  4 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Failed password for root from 187.33.9.100 port 44816 ssh2
May  4 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session closed for user samftp
May  4 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Received disconnect from 187.33.9.100 port 44816:11: Bye Bye [preauth]
May  4 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Disconnected from 187.33.9.100 port 44816 [preauth]
May  4 21:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Invalid user test2 from 118.26.39.187
May  4 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: input_userauth_request: invalid user test2 [preauth]
May  4 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 21:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Failed password for invalid user test2 from 118.26.39.187 port 37866 ssh2
May  4 21:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Received disconnect from 118.26.39.187 port 37866:11: Bye Bye [preauth]
May  4 21:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Disconnected from 118.26.39.187 port 37866 [preauth]
May  4 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session closed for user root
May  4 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user p13x
May  4 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: Successful su for rubyman by root
May  4 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: + ??? root:rubyman
May  4 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329916 of user rubyman.
May  4 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2095]: pam_unix(su:session): session closed for user rubyman
May  4 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329916.
May  4 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31693]: pam_unix(cron:session): session closed for user root
May  4 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session closed for user samftp
May  4 21:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session closed for user root
May  4 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user p13x
May  4 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2524]: Successful su for rubyman by root
May  4 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2524]: + ??? root:rubyman
May  4 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329919 of user rubyman.
May  4 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2524]: pam_unix(su:session): session closed for user rubyman
May  4 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329919.
May  4 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user root
May  4 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session closed for user samftp
May  4 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session closed for user root
May  4 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Invalid user zm from 190.103.202.7
May  4 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: input_userauth_request: invalid user zm [preauth]
May  4 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 21:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Failed password for invalid user zm from 190.103.202.7 port 44326 ssh2
May  4 21:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Connection closed by 190.103.202.7 port 44326 [preauth]
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2893]: pam_unix(cron:session): session closed for user p13x
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: Successful su for rubyman by root
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: + ??? root:rubyman
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329922 of user rubyman.
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2958]: pam_unix(su:session): session closed for user rubyman
May  4 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329922.
May  4 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32512]: pam_unix(cron:session): session closed for user root
May  4 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session closed for user samftp
May  4 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2037]: pam_unix(cron:session): session closed for user root
May  4 21:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: Invalid user admin from 139.19.117.131
May  4 21:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: input_userauth_request: invalid user admin [preauth]
May  4 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: Connection closed by 139.19.117.131 port 36626 [preauth]
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session closed for user root
May  4 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3296]: pam_unix(cron:session): session closed for user p13x
May  4 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: Successful su for rubyman by root
May  4 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: + ??? root:rubyman
May  4 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329930 of user rubyman.
May  4 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: pam_unix(su:session): session closed for user rubyman
May  4 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329930.
May  4 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session closed for user root
May  4 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3298]: pam_unix(cron:session): session closed for user root
May  4 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3297]: pam_unix(cron:session): session closed for user samftp
May  4 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session closed for user root
May  4 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session closed for user p13x
May  4 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: Successful su for rubyman by root
May  4 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: + ??? root:rubyman
May  4 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329933 of user rubyman.
May  4 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3845]: pam_unix(su:session): session closed for user rubyman
May  4 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329933.
May  4 21:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session closed for user root
May  4 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session closed for user samftp
May  4 21:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100  user=root
May  4 21:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Failed password for root from 187.33.9.100 port 15114 ssh2
May  4 21:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Received disconnect from 187.33.9.100 port 15114:11: Bye Bye [preauth]
May  4 21:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4102]: Disconnected from 187.33.9.100 port 15114 [preauth]
May  4 21:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2896]: pam_unix(cron:session): session closed for user root
May  4 21:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Invalid user ssd from 118.26.39.187
May  4 21:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: input_userauth_request: invalid user ssd [preauth]
May  4 21:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Failed password for invalid user ssd from 118.26.39.187 port 19970 ssh2
May  4 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Received disconnect from 118.26.39.187 port 19970:11: Bye Bye [preauth]
May  4 21:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Disconnected from 118.26.39.187 port 19970 [preauth]
May  4 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session closed for user p13x
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: Successful su for rubyman by root
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: + ??? root:rubyman
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329937 of user rubyman.
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4430]: pam_unix(su:session): session closed for user rubyman
May  4 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329937.
May  4 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1515]: pam_unix(cron:session): session closed for user root
May  4 21:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session closed for user samftp
May  4 21:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4670]: Did not receive identification string from 102.209.22.204
May  4 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3300]: pam_unix(cron:session): session closed for user root
May  4 21:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4793]: pam_unix(cron:session): session closed for user p13x
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: Successful su for rubyman by root
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: + ??? root:rubyman
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329940 of user rubyman.
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4866]: pam_unix(su:session): session closed for user rubyman
May  4 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329940.
May  4 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2036]: pam_unix(cron:session): session closed for user root
May  4 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4794]: pam_unix(cron:session): session closed for user samftp
May  4 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user root
May  4 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: Invalid user ubnt from 176.65.148.10
May  4 21:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: input_userauth_request: invalid user ubnt [preauth]
May  4 21:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.148.10
May  4 21:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: Failed password for invalid user ubnt from 176.65.148.10 port 42928 ssh2
May  4 21:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5361]: Disconnecting: Change of username or service not allowed: (ubnt,ssh-connection) -> (VNC,ssh-connection) [preauth]
May  4 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5407]: pam_unix(cron:session): session closed for user p13x
May  4 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: Successful su for rubyman by root
May  4 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: + ??? root:rubyman
May  4 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329946 of user rubyman.
May  4 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: pam_unix(su:session): session closed for user rubyman
May  4 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329946.
May  4 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session closed for user root
May  4 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5408]: pam_unix(cron:session): session closed for user samftp
May  4 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session closed for user root
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5959]: pam_unix(cron:session): session closed for user root
May  4 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session closed for user p13x
May  4 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6034]: Successful su for rubyman by root
May  4 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6034]: + ??? root:rubyman
May  4 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329952 of user rubyman.
May  4 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6034]: pam_unix(su:session): session closed for user rubyman
May  4 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329952.
May  4 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session closed for user root
May  4 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session closed for user root
May  4 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session closed for user samftp
May  4 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4796]: pam_unix(cron:session): session closed for user root
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session closed for user p13x
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6474]: Successful su for rubyman by root
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6474]: + ??? root:rubyman
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329954 of user rubyman.
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6474]: pam_unix(su:session): session closed for user rubyman
May  4 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329954.
May  4 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3299]: pam_unix(cron:session): session closed for user root
May  4 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user samftp
May  4 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user root
May  4 21:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Invalid user taibabi from 187.33.9.100
May  4 21:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: input_userauth_request: invalid user taibabi [preauth]
May  4 21:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: pam_unix(sshd:auth): check pass; user unknown
May  4 21:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.33.9.100
May  4 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Failed password for invalid user taibabi from 187.33.9.100 port 47640 ssh2
May  4 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Received disconnect from 187.33.9.100 port 47640:11: Bye Bye [preauth]
May  4 21:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6760]: Disconnected from 187.33.9.100 port 47640 [preauth]
May  4 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user p13x
May  4 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: Successful su for rubyman by root
May  4 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: + ??? root:rubyman
May  4 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329959 of user rubyman.
May  4 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: pam_unix(su:session): session closed for user rubyman
May  4 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329959.
May  4 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session closed for user root
May  4 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user samftp
May  4 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session closed for user root
May  4 21:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187  user=root
May  4 21:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Failed password for root from 118.26.39.187 port 57078 ssh2
May  4 21:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Received disconnect from 118.26.39.187 port 57078:11: Bye Bye [preauth]
May  4 21:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Disconnected from 118.26.39.187 port 57078 [preauth]
May  4 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user p13x
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: Successful su for rubyman by root
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: + ??? root:rubyman
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329964 of user rubyman.
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: pam_unix(su:session): session closed for user rubyman
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329964.
May  4 21:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session closed for user root
May  4 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Failed password for root from 218.92.0.179 port 56176 ssh2
May  4 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user samftp
May  4 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Failed password for root from 218.92.0.179 port 56176 ssh2
May  4 21:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Failed password for root from 218.92.0.179 port 56176 ssh2
May  4 21:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Received disconnect from 218.92.0.179 port 56176:11:  [preauth]
May  4 21:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Disconnected from 218.92.0.179 port 56176 [preauth]
May  4 21:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 21:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user root
May  4 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7840]: pam_unix(cron:session): session closed for user p13x
May  4 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7903]: Successful su for rubyman by root
May  4 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7903]: + ??? root:rubyman
May  4 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329966 of user rubyman.
May  4 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7903]: pam_unix(su:session): session closed for user rubyman
May  4 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329966.
May  4 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4795]: pam_unix(cron:session): session closed for user root
May  4 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7841]: pam_unix(cron:session): session closed for user samftp
May  4 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session closed for user root
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8293]: pam_unix(cron:session): session closed for user root
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8298]: pam_unix(cron:session): session closed for user root
May  4 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8291]: pam_unix(cron:session): session closed for user p13x
May  4 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: Successful su for rubyman by root
May  4 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: + ??? root:rubyman
May  4 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329970 of user rubyman.
May  4 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session closed for user rubyman
May  4 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329970.
May  4 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8295]: pam_unix(cron:session): session closed for user root
May  4 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session closed for user root
May  4 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8292]: pam_unix(cron:session): session closed for user samftp
May  4 22:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session closed for user root
May  4 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session closed for user p13x
May  4 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: Successful su for rubyman by root
May  4 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: + ??? root:rubyman
May  4 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329978 of user rubyman.
May  4 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session closed for user rubyman
May  4 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329978.
May  4 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session closed for user root
May  4 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session closed for user samftp
May  4 22:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for root from 218.92.0.179 port 57203 ssh2
May  4 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7843]: pam_unix(cron:session): session closed for user root
May  4 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for root from 218.92.0.179 port 57203 ssh2
May  4 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for root from 218.92.0.179 port 57203 ssh2
May  4 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Received disconnect from 218.92.0.179 port 57203:11:  [preauth]
May  4 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Disconnected from 218.92.0.179 port 57203 [preauth]
May  4 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session closed for user p13x
May  4 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9436]: Successful su for rubyman by root
May  4 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9436]: + ??? root:rubyman
May  4 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329982 of user rubyman.
May  4 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9436]: pam_unix(su:session): session closed for user rubyman
May  4 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329982.
May  4 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user root
May  4 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session closed for user samftp
May  4 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session closed for user root
May  4 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: Failed password for root from 218.92.0.179 port 30213 ssh2
May  4 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 30213 ssh2]
May  4 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: Received disconnect from 218.92.0.179 port 30213:11:  [preauth]
May  4 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: Disconnected from 218.92.0.179 port 30213 [preauth]
May  4 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9759]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9789]: pam_unix(cron:session): session closed for user p13x
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9849]: Successful su for rubyman by root
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9849]: + ??? root:rubyman
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329986 of user rubyman.
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9849]: pam_unix(su:session): session closed for user rubyman
May  4 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329986.
May  4 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user root
May  4 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9790]: pam_unix(cron:session): session closed for user samftp
May  4 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Invalid user elias from 118.26.39.187
May  4 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: input_userauth_request: invalid user elias [preauth]
May  4 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.39.187
May  4 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Failed password for invalid user elias from 118.26.39.187 port 39180 ssh2
May  4 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Received disconnect from 118.26.39.187 port 39180:11: Bye Bye [preauth]
May  4 22:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Disconnected from 118.26.39.187 port 39180 [preauth]
May  4 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user root
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session closed for user p13x
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: Successful su for rubyman by root
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: + ??? root:rubyman
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329989 of user rubyman.
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: pam_unix(su:session): session closed for user rubyman
May  4 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329989.
May  4 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
May  4 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10199]: pam_unix(cron:session): session closed for user samftp
May  4 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9377]: pam_unix(cron:session): session closed for user root
May  4 22:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session closed for user root
May  4 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session closed for user p13x
May  4 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: Successful su for rubyman by root
May  4 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: + ??? root:rubyman
May  4 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329996 of user rubyman.
May  4 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10860]: pam_unix(su:session): session closed for user rubyman
May  4 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329996.
May  4 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user root
May  4 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7842]: pam_unix(cron:session): session closed for user root
May  4 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user samftp
May  4 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9793]: pam_unix(cron:session): session closed for user root
May  4 22:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  4 22:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Failed password for root from 218.92.0.219 port 34714 ssh2
May  4 22:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 34714 ssh2]
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11213]: pam_unix(cron:session): session closed for user p13x
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Received disconnect from 218.92.0.219 port 34714:11:  [preauth]
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Disconnected from 218.92.0.219 port 34714 [preauth]
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: Successful su for rubyman by root
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: + ??? root:rubyman
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 329999 of user rubyman.
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session closed for user rubyman
May  4 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 329999.
May  4 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  4 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8296]: pam_unix(cron:session): session closed for user root
May  4 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11214]: pam_unix(cron:session): session closed for user samftp
May  4 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for root from 218.92.0.219 port 48934 ssh2
May  4 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 48934 ssh2]
May  4 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Received disconnect from 218.92.0.219 port 48934:11:  [preauth]
May  4 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Disconnected from 218.92.0.219 port 48934 [preauth]
May  4 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  4 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10201]: pam_unix(cron:session): session closed for user root
May  4 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: Failed password for root from 218.92.0.198 port 40684 ssh2
May  4 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 40684 ssh2]
May  4 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: Received disconnect from 218.92.0.198 port 40684:11:  [preauth]
May  4 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: Disconnected from 218.92.0.198 port 40684 [preauth]
May  4 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 22:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 22:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for root from 218.92.0.198 port 35196 ssh2
May  4 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 35196 ssh2]
May  4 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Received disconnect from 218.92.0.198 port 35196:11:  [preauth]
May  4 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Disconnected from 218.92.0.198 port 35196 [preauth]
May  4 22:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 22:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Failed password for root from 218.92.0.198 port 42422 ssh2
May  4 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 42422 ssh2]
May  4 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Received disconnect from 218.92.0.198 port 42422:11:  [preauth]
May  4 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Disconnected from 218.92.0.198 port 42422 [preauth]
May  4 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session closed for user p13x
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: Successful su for rubyman by root
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: + ??? root:rubyman
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330003 of user rubyman.
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11711]: pam_unix(su:session): session closed for user rubyman
May  4 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330003.
May  4 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session closed for user root
May  4 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user samftp
May  4 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session closed for user root
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12054]: pam_unix(cron:session): session closed for user p13x
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: Successful su for rubyman by root
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: + ??? root:rubyman
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330010 of user rubyman.
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12114]: pam_unix(su:session): session closed for user rubyman
May  4 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330010.
May  4 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  4 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session closed for user root
May  4 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Failed password for root from 218.92.0.209 port 26488 ssh2
May  4 22:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12055]: pam_unix(cron:session): session closed for user samftp
May  4 22:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11216]: pam_unix(cron:session): session closed for user root
May  4 22:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Connection reset by 218.92.0.219 port 60252 [preauth]
May  4 22:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Failed password for root from 218.92.0.179 port 24732 ssh2
May  4 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 24732 ssh2]
May  4 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Received disconnect from 218.92.0.179 port 24732:11:  [preauth]
May  4 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Disconnected from 218.92.0.179 port 24732 [preauth]
May  4 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session closed for user p13x
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: Successful su for rubyman by root
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: + ??? root:rubyman
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330012 of user rubyman.
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12589]: pam_unix(su:session): session closed for user rubyman
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330012.
May  4 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session closed for user root
May  4 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9792]: pam_unix(cron:session): session closed for user root
May  4 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12484]: pam_unix(cron:session): session closed for user samftp
May  4 22:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session closed for user root
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12973]: pam_unix(cron:session): session closed for user root
May  4 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12968]: pam_unix(cron:session): session closed for user p13x
May  4 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: Successful su for rubyman by root
May  4 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: + ??? root:rubyman
May  4 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330017 of user rubyman.
May  4 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13042]: pam_unix(su:session): session closed for user rubyman
May  4 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330017.
May  4 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12970]: pam_unix(cron:session): session closed for user root
May  4 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10200]: pam_unix(cron:session): session closed for user root
May  4 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12969]: pam_unix(cron:session): session closed for user samftp
May  4 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Invalid user user from 176.31.162.135
May  4 22:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: input_userauth_request: invalid user user [preauth]
May  4 22:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 22:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Failed password for invalid user user from 176.31.162.135 port 47320 ssh2
May  4 22:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Connection closed by 176.31.162.135 port 47320 [preauth]
May  4 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12057]: pam_unix(cron:session): session closed for user root
May  4 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13420]: pam_unix(cron:session): session closed for user p13x
May  4 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: Successful su for rubyman by root
May  4 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: + ??? root:rubyman
May  4 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330023 of user rubyman.
May  4 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13585]: pam_unix(su:session): session closed for user rubyman
May  4 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330023.
May  4 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session closed for user root
May  4 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13422]: pam_unix(cron:session): session closed for user samftp
May  4 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12486]: pam_unix(cron:session): session closed for user root
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13935]: pam_unix(cron:session): session closed for user p13x
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13997]: Successful su for rubyman by root
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13997]: + ??? root:rubyman
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330028 of user rubyman.
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13997]: pam_unix(su:session): session closed for user rubyman
May  4 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330028.
May  4 22:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11215]: pam_unix(cron:session): session closed for user root
May  4 22:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13936]: pam_unix(cron:session): session closed for user samftp
May  4 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session closed for user root
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14347]: pam_unix(cron:session): session closed for user p13x
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: Successful su for rubyman by root
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: + ??? root:rubyman
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330030 of user rubyman.
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: pam_unix(su:session): session closed for user rubyman
May  4 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330030.
May  4 22:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
May  4 22:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14348]: pam_unix(cron:session): session closed for user samftp
May  4 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13424]: pam_unix(cron:session): session closed for user root
May  4 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session closed for user p13x
May  4 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14835]: Successful su for rubyman by root
May  4 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14835]: + ??? root:rubyman
May  4 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330035 of user rubyman.
May  4 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14835]: pam_unix(su:session): session closed for user rubyman
May  4 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330035.
May  4 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12056]: pam_unix(cron:session): session closed for user root
May  4 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session closed for user samftp
May  4 22:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: Invalid user user03 from 164.68.105.9
May  4 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: input_userauth_request: invalid user user03 [preauth]
May  4 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: Failed password for invalid user user03 from 164.68.105.9 port 52058 ssh2
May  4 22:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15099]: Connection closed by 164.68.105.9 port 52058 [preauth]
May  4 22:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13938]: pam_unix(cron:session): session closed for user root
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15218]: pam_unix(cron:session): session closed for user root
May  4 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15213]: pam_unix(cron:session): session closed for user p13x
May  4 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15280]: Successful su for rubyman by root
May  4 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15280]: + ??? root:rubyman
May  4 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330040 of user rubyman.
May  4 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15280]: pam_unix(su:session): session closed for user rubyman
May  4 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330040.
May  4 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15215]: pam_unix(cron:session): session closed for user root
May  4 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12485]: pam_unix(cron:session): session closed for user root
May  4 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15214]: pam_unix(cron:session): session closed for user samftp
May  4 22:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Invalid user dell from 50.235.31.47
May  4 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: input_userauth_request: invalid user dell [preauth]
May  4 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 22:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for invalid user dell from 50.235.31.47 port 38592 ssh2
May  4 22:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Connection closed by 50.235.31.47 port 38592 [preauth]
May  4 22:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session closed for user root
May  4 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session closed for user p13x
May  4 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15721]: Successful su for rubyman by root
May  4 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15721]: + ??? root:rubyman
May  4 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330044 of user rubyman.
May  4 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15721]: pam_unix(su:session): session closed for user rubyman
May  4 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330044.
May  4 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12971]: pam_unix(cron:session): session closed for user root
May  4 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15652]: pam_unix(cron:session): session closed for user samftp
May  4 22:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14773]: pam_unix(cron:session): session closed for user root
May  4 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Invalid user j from 195.178.110.50
May  4 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: input_userauth_request: invalid user j [preauth]
May  4 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Invalid user user from 80.94.95.112
May  4 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: input_userauth_request: invalid user user [preauth]
May  4 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 22:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Failed password for invalid user j from 195.178.110.50 port 52036 ssh2
May  4 22:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user user from 80.94.95.112 port 63161 ssh2
May  4 22:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Connection closed by 195.178.110.50 port 52036 [preauth]
May  4 22:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user user from 80.94.95.112 port 63161 ssh2
May  4 22:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user user from 80.94.95.112 port 63161 ssh2
May  4 22:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user user from 80.94.95.112 port 63161 ssh2
May  4 22:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user user from 80.94.95.112 port 63161 ssh2
May  4 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Received disconnect from 80.94.95.112 port 63161:11: Bye [preauth]
May  4 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Disconnected from 80.94.95.112 port 63161 [preauth]
May  4 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  4 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: Invalid user 7 from 195.178.110.50
May  4 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: input_userauth_request: invalid user 7 [preauth]
May  4 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: Failed password for invalid user 7 from 195.178.110.50 port 19054 ssh2
May  4 22:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16006]: Connection closed by 195.178.110.50 port 19054 [preauth]
May  4 22:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user root
May  4 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user p13x
May  4 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16139]: Successful su for rubyman by root
May  4 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16139]: + ??? root:rubyman
May  4 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330048 of user rubyman.
May  4 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16139]: pam_unix(su:session): session closed for user rubyman
May  4 22:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330048.
May  4 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13423]: pam_unix(cron:session): session closed for user root
May  4 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session closed for user samftp
May  4 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Invalid user b from 195.178.110.50
May  4 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: input_userauth_request: invalid user b [preauth]
May  4 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Failed password for invalid user b from 195.178.110.50 port 12414 ssh2
May  4 22:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16064]: Connection closed by 195.178.110.50 port 12414 [preauth]
May  4 22:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Invalid user  from 195.178.110.50
May  4 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: input_userauth_request: invalid user  [preauth]
May  4 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Failed password for invalid user  from 195.178.110.50 port 14722 ssh2
May  4 22:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16321]: Connection closed by 195.178.110.50 port 14722 [preauth]
May  4 22:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15217]: pam_unix(cron:session): session closed for user root
May  4 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Invalid user Z from 195.178.110.50
May  4 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: input_userauth_request: invalid user Z [preauth]
May  4 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Failed password for invalid user Z from 195.178.110.50 port 59122 ssh2
May  4 22:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Invalid user e from 130.195.4.218
May  4 22:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: input_userauth_request: invalid user e [preauth]
May  4 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.4.218
May  4 22:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Connection closed by 195.178.110.50 port 59122 [preauth]
May  4 22:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for invalid user e from 130.195.4.218 port 54614 ssh2
May  4 22:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 130.195.4.218 port 54614 [preauth]
May  4 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user p13x
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: Successful su for rubyman by root
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: + ??? root:rubyman
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330055 of user rubyman.
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: pam_unix(su:session): session closed for user rubyman
May  4 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330055.
May  4 22:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13937]: pam_unix(cron:session): session closed for user root
May  4 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user samftp
May  4 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session closed for user root
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16989]: pam_unix(cron:session): session closed for user p13x
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: Successful su for rubyman by root
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: + ??? root:rubyman
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330058 of user rubyman.
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17048]: pam_unix(su:session): session closed for user rubyman
May  4 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330058.
May  4 22:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session closed for user root
May  4 22:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16990]: pam_unix(cron:session): session closed for user samftp
May  4 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session closed for user root
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session closed for user root
May  4 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17401]: pam_unix(cron:session): session closed for user p13x
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17470]: Invalid user  from 64.62.197.189
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17470]: input_userauth_request: invalid user  [preauth]
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: Successful su for rubyman by root
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: + ??? root:rubyman
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330061 of user rubyman.
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session closed for user rubyman
May  4 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330061.
May  4 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session closed for user root
May  4 22:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session closed for user root
May  4 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17470]: Connection closed by 64.62.197.189 port 31093 [preauth]
May  4 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17402]: pam_unix(cron:session): session closed for user samftp
May  4 22:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 22:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17796]: Failed password for root from 218.92.0.222 port 58924 ssh2
May  4 22:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17796]: Failed password for root from 218.92.0.222 port 58924 ssh2
May  4 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session closed for user root
May  4 22:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17988]: pam_unix(cron:session): session closed for user p13x
May  4 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: Successful su for rubyman by root
May  4 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: + ??? root:rubyman
May  4 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330067 of user rubyman.
May  4 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18066]: pam_unix(su:session): session closed for user rubyman
May  4 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330067.
May  4 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15216]: pam_unix(cron:session): session closed for user root
May  4 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17989]: pam_unix(cron:session): session closed for user samftp
May  4 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session closed for user root
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session closed for user p13x
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18511]: Successful su for rubyman by root
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18511]: + ??? root:rubyman
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330072 of user rubyman.
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18511]: pam_unix(su:session): session closed for user rubyman
May  4 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330072.
May  4 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session closed for user root
May  4 22:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18449]: pam_unix(cron:session): session closed for user samftp
May  4 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session closed for user root
May  4 22:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user p13x
May  4 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: Successful su for rubyman by root
May  4 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: + ??? root:rubyman
May  4 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330076 of user rubyman.
May  4 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18922]: pam_unix(su:session): session closed for user rubyman
May  4 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330076.
May  4 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16075]: pam_unix(cron:session): session closed for user root
May  4 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user samftp
May  4 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17991]: pam_unix(cron:session): session closed for user root
May  4 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19305]: pam_unix(cron:session): session closed for user p13x
May  4 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: Successful su for rubyman by root
May  4 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: + ??? root:rubyman
May  4 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330080 of user rubyman.
May  4 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: pam_unix(su:session): session closed for user rubyman
May  4 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330080.
May  4 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user root
May  4 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19306]: pam_unix(cron:session): session closed for user samftp
May  4 22:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18451]: pam_unix(cron:session): session closed for user root
May  4 22:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: Connection reset by 218.92.0.228 port 57510 [preauth]
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19780]: pam_unix(cron:session): session closed for user root
May  4 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19775]: pam_unix(cron:session): session closed for user p13x
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19844]: Successful su for rubyman by root
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19844]: + ??? root:rubyman
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330086 of user rubyman.
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19844]: pam_unix(su:session): session closed for user rubyman
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330086.
May  4 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19777]: pam_unix(cron:session): session closed for user root
May  4 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session closed for user root
May  4 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19776]: pam_unix(cron:session): session closed for user samftp
May  4 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20213]: pam_unix(cron:session): session closed for user p13x
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20279]: Successful su for rubyman by root
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20279]: + ??? root:rubyman
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330090 of user rubyman.
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20279]: pam_unix(su:session): session closed for user rubyman
May  4 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330090.
May  4 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session closed for user root
May  4 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20214]: pam_unix(cron:session): session closed for user samftp
May  4 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session closed for user root
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session closed for user p13x
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20703]: Successful su for rubyman by root
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20703]: + ??? root:rubyman
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330094 of user rubyman.
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20703]: pam_unix(su:session): session closed for user rubyman
May  4 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330094.
May  4 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17990]: pam_unix(cron:session): session closed for user root
May  4 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20641]: pam_unix(cron:session): session closed for user samftp
May  4 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19779]: pam_unix(cron:session): session closed for user root
May  4 22:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 22:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Failed password for root from 218.92.0.230 port 51254 ssh2
May  4 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 51254 ssh2]
May  4 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Received disconnect from 218.92.0.230 port 51254:11:  [preauth]
May  4 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Disconnected from 218.92.0.230 port 51254 [preauth]
May  4 22:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session closed for user p13x
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: Successful su for rubyman by root
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: + ??? root:rubyman
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330098 of user rubyman.
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: pam_unix(su:session): session closed for user rubyman
May  4 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330098.
May  4 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18450]: pam_unix(cron:session): session closed for user root
May  4 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21054]: pam_unix(cron:session): session closed for user samftp
May  4 22:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20216]: pam_unix(cron:session): session closed for user root
May  4 22:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for root from 218.92.0.179 port 38838 ssh2
May  4 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21495]: pam_unix(cron:session): session closed for user p13x
May  4 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: Successful su for rubyman by root
May  4 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: + ??? root:rubyman
May  4 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330102 of user rubyman.
May  4 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: pam_unix(su:session): session closed for user rubyman
May  4 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330102.
May  4 22:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for root from 218.92.0.179 port 38838 ssh2
May  4 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
May  4 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for root from 218.92.0.179 port 38838 ssh2
May  4 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Received disconnect from 218.92.0.179 port 38838:11:  [preauth]
May  4 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Disconnected from 218.92.0.179 port 38838 [preauth]
May  4 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session closed for user samftp
May  4 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20643]: pam_unix(cron:session): session closed for user root
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22280]: pam_unix(cron:session): session closed for user root
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22273]: pam_unix(cron:session): session closed for user p13x
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: Successful su for rubyman by root
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: + ??? root:rubyman
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330107 of user rubyman.
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session closed for user rubyman
May  4 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330107.
May  4 22:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session closed for user root
May  4 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session closed for user root
May  4 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session closed for user samftp
May  4 22:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22599]: Bad protocol version identification '\026\003\001' from 184.105.247.195 port 30154
May  4 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user root
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user p13x
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22839]: Successful su for rubyman by root
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22839]: + ??? root:rubyman
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330112 of user rubyman.
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22839]: pam_unix(su:session): session closed for user rubyman
May  4 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330112.
May  4 22:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19778]: pam_unix(cron:session): session closed for user root
May  4 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session closed for user samftp
May  4 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user root
May  4 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23223]: pam_unix(cron:session): session closed for user p13x
May  4 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23289]: Successful su for rubyman by root
May  4 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23289]: + ??? root:rubyman
May  4 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330116 of user rubyman.
May  4 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23289]: pam_unix(su:session): session closed for user rubyman
May  4 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330116.
May  4 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20215]: pam_unix(cron:session): session closed for user root
May  4 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23224]: pam_unix(cron:session): session closed for user samftp
May  4 22:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session closed for user root
May  4 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23722]: pam_unix(cron:session): session closed for user p13x
May  4 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: Successful su for rubyman by root
May  4 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: + ??? root:rubyman
May  4 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330119 of user rubyman.
May  4 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: pam_unix(su:session): session closed for user rubyman
May  4 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330119.
May  4 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20642]: pam_unix(cron:session): session closed for user root
May  4 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23723]: pam_unix(cron:session): session closed for user samftp
May  4 22:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session closed for user root
May  4 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24247]: pam_unix(cron:session): session closed for user p13x
May  4 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: Successful su for rubyman by root
May  4 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: + ??? root:rubyman
May  4 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330124 of user rubyman.
May  4 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: pam_unix(su:session): session closed for user rubyman
May  4 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330124.
May  4 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user root
May  4 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user samftp
May  4 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23226]: pam_unix(cron:session): session closed for user root
May  4 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session closed for user root
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24681]: pam_unix(cron:session): session closed for user p13x
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: Successful su for rubyman by root
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: + ??? root:rubyman
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330127 of user rubyman.
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: pam_unix(su:session): session closed for user rubyman
May  4 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330127.
May  4 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user root
May  4 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session closed for user root
May  4 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session closed for user samftp
May  4 22:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session closed for user root
May  4 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session closed for user p13x
May  4 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: Successful su for rubyman by root
May  4 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: + ??? root:rubyman
May  4 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330135 of user rubyman.
May  4 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: pam_unix(su:session): session closed for user rubyman
May  4 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330135.
May  4 22:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session closed for user root
May  4 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session closed for user samftp
May  4 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session closed for user root
May  4 22:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: Invalid user host03 from 164.68.105.9
May  4 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: input_userauth_request: invalid user host03 [preauth]
May  4 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  4 22:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: Failed password for invalid user host03 from 164.68.105.9 port 47746 ssh2
May  4 22:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25541]: Connection closed by 164.68.105.9 port 47746 [preauth]
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session closed for user p13x
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: Successful su for rubyman by root
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: + ??? root:rubyman
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330137 of user rubyman.
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25618]: pam_unix(su:session): session closed for user rubyman
May  4 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330137.
May  4 22:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session closed for user root
May  4 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session closed for user samftp
May  4 22:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Connection reset by 218.92.0.237 port 18754 [preauth]
May  4 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user root
May  4 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25947]: pam_unix(cron:session): session closed for user p13x
May  4 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26016]: Successful su for rubyman by root
May  4 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26016]: + ??? root:rubyman
May  4 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330141 of user rubyman.
May  4 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26016]: pam_unix(su:session): session closed for user rubyman
May  4 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330141.
May  4 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23225]: pam_unix(cron:session): session closed for user root
May  4 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25949]: pam_unix(cron:session): session closed for user samftp
May  4 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session closed for user root
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26347]: pam_unix(cron:session): session closed for user p13x
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26538]: Successful su for rubyman by root
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26538]: + ??? root:rubyman
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330145 of user rubyman.
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26538]: pam_unix(su:session): session closed for user rubyman
May  4 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330145.
May  4 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session closed for user root
May  4 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session closed for user root
May  4 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26348]: pam_unix(cron:session): session closed for user samftp
May  4 22:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25558]: pam_unix(cron:session): session closed for user root
May  4 22:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26945]: pam_unix(cron:session): session closed for user root
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session closed for user p13x
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27038]: Successful su for rubyman by root
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27038]: + ??? root:rubyman
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330154 of user rubyman.
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27038]: pam_unix(su:session): session closed for user rubyman
May  4 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330154.
May  4 22:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26941]: pam_unix(cron:session): session closed for user root
May  4 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24250]: pam_unix(cron:session): session closed for user root
May  4 22:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26940]: pam_unix(cron:session): session closed for user samftp
May  4 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session closed for user root
May  4 22:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  4 22:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27382]: Failed password for root from 218.92.0.205 port 39986 ssh2
May  4 22:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session closed for user p13x
May  4 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: Successful su for rubyman by root
May  4 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: + ??? root:rubyman
May  4 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330156 of user rubyman.
May  4 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: pam_unix(su:session): session closed for user rubyman
May  4 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330156.
May  4 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session closed for user root
May  4 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27475]: pam_unix(cron:session): session closed for user samftp
May  4 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session closed for user root
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session closed for user p13x
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: Successful su for rubyman by root
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: + ??? root:rubyman
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330161 of user rubyman.
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: pam_unix(su:session): session closed for user rubyman
May  4 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330161.
May  4 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session closed for user root
May  4 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session closed for user samftp
May  4 22:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26944]: pam_unix(cron:session): session closed for user root
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session closed for user p13x
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: Successful su for rubyman by root
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: + ??? root:rubyman
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330165 of user rubyman.
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28343]: pam_unix(su:session): session closed for user rubyman
May  4 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330165.
May  4 22:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session closed for user root
May  4 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28287]: pam_unix(cron:session): session closed for user samftp
May  4 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27477]: pam_unix(cron:session): session closed for user root
May  4 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Failed password for root from 218.92.0.179 port 36262 ssh2
May  4 22:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Failed password for root from 218.92.0.179 port 36262 ssh2
May  4 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session closed for user p13x
May  4 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28750]: Successful su for rubyman by root
May  4 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28750]: + ??? root:rubyman
May  4 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330168 of user rubyman.
May  4 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28750]: pam_unix(su:session): session closed for user rubyman
May  4 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330168.
May  4 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Failed password for root from 218.92.0.179 port 36262 ssh2
May  4 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Received disconnect from 218.92.0.179 port 36262:11:  [preauth]
May  4 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: Disconnected from 218.92.0.179 port 36262 [preauth]
May  4 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28669]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25950]: pam_unix(cron:session): session closed for user root
May  4 22:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28690]: pam_unix(cron:session): session closed for user samftp
May  4 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session closed for user root
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session closed for user root
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user p13x
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29256]: Successful su for rubyman by root
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29256]: + ??? root:rubyman
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330176 of user rubyman.
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29256]: pam_unix(su:session): session closed for user rubyman
May  4 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330176.
May  4 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29187]: pam_unix(cron:session): session closed for user root
May  4 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session closed for user root
May  4 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user samftp
May  4 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 22:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Failed password for root from 218.92.0.220 port 51018 ssh2
May  4 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 51018 ssh2]
May  4 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Received disconnect from 218.92.0.220 port 51018:11:  [preauth]
May  4 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: Disconnected from 218.92.0.220 port 51018 [preauth]
May  4 22:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29484]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28289]: pam_unix(cron:session): session closed for user root
May  4 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user p13x
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29705]: Successful su for rubyman by root
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29705]: + ??? root:rubyman
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330178 of user rubyman.
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29705]: pam_unix(su:session): session closed for user rubyman
May  4 22:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330178.
May  4 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26943]: pam_unix(cron:session): session closed for user root
May  4 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user samftp
May  4 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28692]: pam_unix(cron:session): session closed for user root
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30044]: pam_unix(cron:session): session closed for user p13x
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: Successful su for rubyman by root
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: + ??? root:rubyman
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330182 of user rubyman.
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session closed for user rubyman
May  4 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330182.
May  4 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27476]: pam_unix(cron:session): session closed for user root
May  4 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session closed for user samftp
May  4 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session closed for user root
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30436]: pam_unix(cron:session): session closed for user p13x
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: Successful su for rubyman by root
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: + ??? root:rubyman
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330187 of user rubyman.
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30499]: pam_unix(su:session): session closed for user rubyman
May  4 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330187.
May  4 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session closed for user root
May  4 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session closed for user samftp
May  4 22:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session closed for user p13x
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30892]: Successful su for rubyman by root
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30892]: + ??? root:rubyman
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330191 of user rubyman.
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30892]: pam_unix(su:session): session closed for user rubyman
May  4 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330191.
May  4 22:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28288]: pam_unix(cron:session): session closed for user root
May  4 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session closed for user samftp
May  4 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30047]: pam_unix(cron:session): session closed for user root
May  4 22:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Invalid user admin from 139.19.117.131
May  4 22:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: input_userauth_request: invalid user admin [preauth]
May  4 22:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31213]: Connection closed by 139.19.117.131 port 35176 [preauth]
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session closed for user root
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session closed for user p13x
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: Successful su for rubyman by root
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: + ??? root:rubyman
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330197 of user rubyman.
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: pam_unix(su:session): session closed for user rubyman
May  4 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330197.
May  4 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session closed for user root
May  4 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28691]: pam_unix(cron:session): session closed for user root
May  4 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session closed for user samftp
May  4 22:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session closed for user root
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user p13x
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31749]: Successful su for rubyman by root
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31749]: + ??? root:rubyman
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330201 of user rubyman.
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31749]: pam_unix(su:session): session closed for user rubyman
May  4 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330201.
May  4 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29188]: pam_unix(cron:session): session closed for user root
May  4 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session closed for user samftp
May  4 22:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session closed for user root
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32099]: pam_unix(cron:session): session closed for user p13x
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32164]: Successful su for rubyman by root
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32164]: + ??? root:rubyman
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330205 of user rubyman.
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32164]: pam_unix(su:session): session closed for user rubyman
May  4 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330205.
May  4 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user root
May  4 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32100]: pam_unix(cron:session): session closed for user samftp
May  4 22:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session closed for user root
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session closed for user p13x
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: Successful su for rubyman by root
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: + ??? root:rubyman
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330209 of user rubyman.
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32568]: pam_unix(su:session): session closed for user rubyman
May  4 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330209.
May  4 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30046]: pam_unix(cron:session): session closed for user root
May  4 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32502]: pam_unix(cron:session): session closed for user samftp
May  4 22:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Invalid user yangxu from 193.70.84.184
May  4 22:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: input_userauth_request: invalid user yangxu [preauth]
May  4 22:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  4 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user yangxu from 193.70.84.184 port 41436 ssh2
May  4 22:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Connection closed by 193.70.84.184 port 41436 [preauth]
May  4 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session closed for user root
May  4 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[570]: pam_unix(cron:session): session closed for user p13x
May  4 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: Successful su for rubyman by root
May  4 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: + ??? root:rubyman
May  4 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330214 of user rubyman.
May  4 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[637]: pam_unix(su:session): session closed for user rubyman
May  4 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330214.
May  4 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session closed for user root
May  4 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session closed for user samftp
May  4 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32103]: pam_unix(cron:session): session closed for user root
May  4 22:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[984]: Invalid user taibabi from 14.103.115.159
May  4 22:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[984]: input_userauth_request: invalid user taibabi [preauth]
May  4 22:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[984]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 22:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[984]: Failed password for invalid user taibabi from 14.103.115.159 port 59604 ssh2
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session closed for user root
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1003]: pam_unix(cron:session): session closed for user p13x
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1074]: Successful su for rubyman by root
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1074]: + ??? root:rubyman
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330216 of user rubyman.
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1074]: pam_unix(su:session): session closed for user rubyman
May  4 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330216.
May  4 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1005]: pam_unix(cron:session): session closed for user root
May  4 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session closed for user root
May  4 22:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1004]: pam_unix(cron:session): session closed for user samftp
May  4 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session closed for user root
May  4 22:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 22:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: Failed password for root from 218.92.0.111 port 61458 ssh2
May  4 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 61458 ssh2]
May  4 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: Received disconnect from 218.92.0.111 port 61458:11:  [preauth]
May  4 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: Disconnected from 218.92.0.111 port 61458 [preauth]
May  4 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 22:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user p13x
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1593]: Successful su for rubyman by root
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1593]: + ??? root:rubyman
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330223 of user rubyman.
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1593]: pam_unix(su:session): session closed for user rubyman
May  4 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330223.
May  4 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Invalid user ' from 195.178.110.50
May  4 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: input_userauth_request: invalid user ' [preauth]
May  4 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session closed for user root
May  4 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user samftp
May  4 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Failed password for invalid user ' from 195.178.110.50 port 38084 ssh2
May  4 22:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1486]: Connection closed by 195.178.110.50 port 38084 [preauth]
May  4 22:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Invalid user R from 195.178.110.50
May  4 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: input_userauth_request: invalid user R [preauth]
May  4 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for root from 218.92.0.111 port 29106 ssh2
May  4 22:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Failed password for invalid user R from 195.178.110.50 port 40204 ssh2
May  4 22:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for root from 218.92.0.111 port 29106 ssh2
May  4 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1798]: Connection closed by 195.178.110.50 port 40204 [preauth]
May  4 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Failed password for root from 218.92.0.111 port 29106 ssh2
May  4 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Received disconnect from 218.92.0.111 port 29106:11:  [preauth]
May  4 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: Disconnected from 218.92.0.111 port 29106 [preauth]
May  4 22:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 22:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 22:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Failed password for root from 218.92.0.111 port 29016 ssh2
May  4 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session closed for user root
May  4 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Failed password for root from 218.92.0.111 port 29016 ssh2
May  4 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Failed password for root from 218.92.0.111 port 29016 ssh2
May  4 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Received disconnect from 218.92.0.111 port 29016:11:  [preauth]
May  4 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: Disconnected from 218.92.0.111 port 29016 [preauth]
May  4 22:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1872]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: Invalid user } from 195.178.110.50
May  4 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: input_userauth_request: invalid user } [preauth]
May  4 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: Failed password for invalid user } from 195.178.110.50 port 33920 ssh2
May  4 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1871]: Connection closed by 195.178.110.50 port 33920 [preauth]
May  4 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Connection reset by 218.92.0.231 port 36434 [preauth]
May  4 22:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 22:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Invalid user J from 195.178.110.50
May  4 22:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: input_userauth_request: invalid user J [preauth]
May  4 22:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for root from 218.92.0.201 port 60284 ssh2
May  4 22:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Failed password for invalid user J from 195.178.110.50 port 46760 ssh2
May  4 22:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for root from 218.92.0.201 port 60284 ssh2
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session closed for user p13x
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: Successful su for rubyman by root
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: + ??? root:rubyman
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330226 of user rubyman.
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: pam_unix(su:session): session closed for user rubyman
May  4 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330226.
May  4 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1983]: Connection closed by 195.178.110.50 port 46760 [preauth]
May  4 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for root from 218.92.0.201 port 60284 ssh2
May  4 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user root
May  4 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session closed for user samftp
May  4 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for root from 218.92.0.201 port 60284 ssh2
May  4 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Failed password for root from 218.92.0.201 port 60284 ssh2
May  4 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 60284 ssh2 [preauth]
May  4 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: Disconnecting: Too many authentication failures [preauth]
May  4 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  4 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2037]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user u from 195.178.110.50
May  4 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user u [preauth]
May  4 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
May  4 22:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 22:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user u from 195.178.110.50 port 39972 ssh2
May  4 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 195.178.110.50 port 39972 [preauth]
May  4 22:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session closed for user root
May  4 22:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1507]: Connection reset by 218.92.0.111 port 34752 [preauth]
May  4 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2474]: pam_unix(cron:session): session closed for user p13x
May  4 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: Successful su for rubyman by root
May  4 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: + ??? root:rubyman
May  4 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330232 of user rubyman.
May  4 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2540]: pam_unix(su:session): session closed for user rubyman
May  4 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330232.
May  4 22:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32102]: pam_unix(cron:session): session closed for user root
May  4 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Connection reset by 218.92.0.111 port 45706 [preauth]
May  4 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session closed for user samftp
May  4 22:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1521]: pam_unix(cron:session): session closed for user root
May  4 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2904]: pam_unix(cron:session): session closed for user p13x
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: Successful su for rubyman by root
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: + ??? root:rubyman
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330234 of user rubyman.
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2971]: pam_unix(su:session): session closed for user rubyman
May  4 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330234.
May  4 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user root
May  4 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session closed for user samftp
May  4 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user root
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session closed for user root
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session closed for user root
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session closed for user p13x
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: Successful su for rubyman by root
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: + ??? root:rubyman
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330243 of user rubyman.
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session closed for user rubyman
May  4 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330243.
May  4 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session closed for user root
May  4 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session closed for user root
May  4 23:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session closed for user samftp
May  4 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session closed for user root
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3855]: pam_unix(cron:session): session closed for user p13x
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3928]: Successful su for rubyman by root
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3928]: + ??? root:rubyman
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330245 of user rubyman.
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3928]: pam_unix(su:session): session closed for user rubyman
May  4 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330245.
May  4 23:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1006]: pam_unix(cron:session): session closed for user root
May  4 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3856]: pam_unix(cron:session): session closed for user samftp
May  4 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: Failed password for root from 80.94.95.125 port 24544 ssh2
May  4 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 24544 ssh2]
May  4 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user root
May  4 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: Failed password for root from 80.94.95.125 port 24544 ssh2
May  4 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: Received disconnect from 80.94.95.125 port 24544:11: Bye [preauth]
May  4 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: Disconnected from 80.94.95.125 port 24544 [preauth]
May  4 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  4 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4196]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session closed for user p13x
May  4 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4519]: Successful su for rubyman by root
May  4 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4519]: + ??? root:rubyman
May  4 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330250 of user rubyman.
May  4 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4519]: pam_unix(su:session): session closed for user rubyman
May  4 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330250.
May  4 23:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session closed for user root
May  4 23:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4446]: pam_unix(cron:session): session closed for user samftp
May  4 23:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  4 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3307]: pam_unix(cron:session): session closed for user root
May  4 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Failed password for root from 190.103.202.7 port 37412 ssh2
May  4 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4782]: Connection closed by 190.103.202.7 port 37412 [preauth]
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4875]: pam_unix(cron:session): session closed for user p13x
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: Successful su for rubyman by root
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: + ??? root:rubyman
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330254 of user rubyman.
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session closed for user rubyman
May  4 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330254.
May  4 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session closed for user root
May  4 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4876]: pam_unix(cron:session): session closed for user samftp
May  4 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3858]: pam_unix(cron:session): session closed for user root
May  4 23:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for root from 218.92.0.179 port 32939 ssh2
May  4 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32939 ssh2]
May  4 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Received disconnect from 218.92.0.179 port 32939:11:  [preauth]
May  4 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Disconnected from 218.92.0.179 port 32939 [preauth]
May  4 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session closed for user p13x
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: Successful su for rubyman by root
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: + ??? root:rubyman
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330259 of user rubyman.
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5592]: pam_unix(su:session): session closed for user rubyman
May  4 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330259.
May  4 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2477]: pam_unix(cron:session): session closed for user root
May  4 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5495]: pam_unix(cron:session): session closed for user samftp
May  4 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: Invalid user support from 218.21.245.202
May  4 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: input_userauth_request: invalid user support [preauth]
May  4 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.21.245.202
May  4 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: Failed password for invalid user support from 218.21.245.202 port 34815 ssh2
May  4 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5798]: Connection closed by 218.21.245.202 port 34815 [preauth]
May  4 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4448]: pam_unix(cron:session): session closed for user root
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session closed for user root
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6035]: pam_unix(cron:session): session closed for user p13x
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6112]: Successful su for rubyman by root
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6112]: + ??? root:rubyman
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330263 of user rubyman.
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6112]: pam_unix(su:session): session closed for user rubyman
May  4 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330263.
May  4 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6037]: pam_unix(cron:session): session closed for user root
May  4 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session closed for user root
May  4 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6036]: pam_unix(cron:session): session closed for user samftp
May  4 23:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4878]: pam_unix(cron:session): session closed for user root
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session closed for user p13x
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: Successful su for rubyman by root
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: + ??? root:rubyman
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330267 of user rubyman.
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6544]: pam_unix(su:session): session closed for user rubyman
May  4 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330267.
May  4 23:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session closed for user root
May  4 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session closed for user samftp
May  4 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5497]: pam_unix(cron:session): session closed for user root
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session closed for user p13x
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: Successful su for rubyman by root
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: + ??? root:rubyman
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330272 of user rubyman.
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: pam_unix(su:session): session closed for user rubyman
May  4 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330272.
May  4 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3857]: pam_unix(cron:session): session closed for user root
May  4 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session closed for user samftp
May  4 23:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Connection reset by 218.92.0.218 port 20136 [preauth]
May  4 23:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session closed for user root
May  4 23:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  4 23:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Failed password for root from 218.92.0.225 port 54378 ssh2
May  4 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Failed password for root from 218.92.0.225 port 54378 ssh2
May  4 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Received disconnect from 218.92.0.225 port 54378:11:  [preauth]
May  4 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: Disconnected from 218.92.0.225 port 54378 [preauth]
May  4 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7342]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session closed for user p13x
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: Successful su for rubyman by root
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: + ??? root:rubyman
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330276 of user rubyman.
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: pam_unix(su:session): session closed for user rubyman
May  4 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330276.
May  4 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4447]: pam_unix(cron:session): session closed for user root
May  4 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session closed for user samftp
May  4 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session closed for user root
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7912]: pam_unix(cron:session): session closed for user p13x
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: Successful su for rubyman by root
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: + ??? root:rubyman
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330281 of user rubyman.
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8035]: pam_unix(su:session): session closed for user rubyman
May  4 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330281.
May  4 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7910]: pam_unix(cron:session): session closed for user root
May  4 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4877]: pam_unix(cron:session): session closed for user root
May  4 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7913]: pam_unix(cron:session): session closed for user samftp
May  4 23:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for root from 218.92.0.179 port 10314 ssh2
May  4 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10314 ssh2]
May  4 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Received disconnect from 218.92.0.179 port 10314:11:  [preauth]
May  4 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Disconnected from 218.92.0.179 port 10314 [preauth]
May  4 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session closed for user root
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user root
May  4 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session closed for user p13x
May  4 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: Successful su for rubyman by root
May  4 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: + ??? root:rubyman
May  4 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330289 of user rubyman.
May  4 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: pam_unix(su:session): session closed for user rubyman
May  4 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330289.
May  4 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session closed for user root
May  4 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session closed for user root
May  4 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session closed for user samftp
May  4 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session closed for user root
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8899]: pam_unix(cron:session): session closed for user p13x
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: Successful su for rubyman by root
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: + ??? root:rubyman
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330292 of user rubyman.
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: pam_unix(su:session): session closed for user rubyman
May  4 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330292.
May  4 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6038]: pam_unix(cron:session): session closed for user root
May  4 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session closed for user samftp
May  4 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session closed for user root
May  4 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session closed for user p13x
May  4 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9499]: Successful su for rubyman by root
May  4 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9499]: + ??? root:rubyman
May  4 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330296 of user rubyman.
May  4 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9499]: pam_unix(su:session): session closed for user rubyman
May  4 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330296.
May  4 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session closed for user root
May  4 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session closed for user samftp
May  4 23:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  4 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Failed password for root from 218.92.0.235 port 44008 ssh2
May  4 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Connection closed by 45.33.80.243 port 48364 [preauth]
May  4 23:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Failed password for root from 218.92.0.235 port 44008 ssh2
May  4 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: Connection closed by 45.33.80.243 port 48366 [preauth]
May  4 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9711]: fatal: Unable to negotiate with 45.33.80.243 port 48380: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  4 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Failed password for root from 218.92.0.235 port 44008 ssh2
May  4 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Received disconnect from 218.92.0.235 port 44008:11:  [preauth]
May  4 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Disconnected from 218.92.0.235 port 44008 [preauth]
May  4 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  4 23:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session closed for user root
May  4 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  4 23:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: Failed password for root from 218.92.0.235 port 54984 ssh2
May  4 23:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9817]: message repeated 2 times: [ Failed password for root from 218.92.0.235 port 54984 ssh2]
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9846]: pam_unix(cron:session): session closed for user p13x
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: Successful su for rubyman by root
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: + ??? root:rubyman
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330300 of user rubyman.
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9909]: pam_unix(su:session): session closed for user rubyman
May  4 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330300.
May  4 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session closed for user root
May  4 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9847]: pam_unix(cron:session): session closed for user samftp
May  4 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Invalid user kam from 14.103.115.159
May  4 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: input_userauth_request: invalid user kam [preauth]
May  4 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Failed password for invalid user kam from 14.103.115.159 port 45682 ssh2
May  4 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Received disconnect from 14.103.115.159 port 45682:11: Bye Bye [preauth]
May  4 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10096]: Disconnected from 14.103.115.159 port 45682 [preauth]
May  4 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8902]: pam_unix(cron:session): session closed for user root
May  4 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session closed for user p13x
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: Successful su for rubyman by root
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: + ??? root:rubyman
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330304 of user rubyman.
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: pam_unix(su:session): session closed for user rubyman
May  4 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330304.
May  4 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user root
May  4 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session closed for user samftp
May  4 23:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for root from 218.92.0.112 port 34362 ssh2
May  4 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 34362 ssh2]
May  4 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Received disconnect from 218.92.0.112 port 34362:11:  [preauth]
May  4 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Disconnected from 218.92.0.112 port 34362 [preauth]
May  4 23:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session closed for user root
May  4 23:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10764]: Connection closed by 14.103.115.159 port 50916 [preauth]
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session closed for user root
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session closed for user p13x
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: Successful su for rubyman by root
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: + ??? root:rubyman
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330309 of user rubyman.
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10880]: pam_unix(su:session): session closed for user rubyman
May  4 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330309.
May  4 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session closed for user root
May  4 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7914]: pam_unix(cron:session): session closed for user root
May  4 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session closed for user samftp
May  4 23:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: Failed password for root from 218.92.0.220 port 22782 ssh2
May  4 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 22782 ssh2]
May  4 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: Received disconnect from 218.92.0.220 port 22782:11:  [preauth]
May  4 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: Disconnected from 218.92.0.220 port 22782 [preauth]
May  4 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11123]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  4 23:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session closed for user root
May  4 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11242]: pam_unix(cron:session): session closed for user p13x
May  4 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: Successful su for rubyman by root
May  4 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: + ??? root:rubyman
May  4 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330313 of user rubyman.
May  4 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11309]: pam_unix(su:session): session closed for user rubyman
May  4 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330313.
May  4 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session closed for user root
May  4 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11243]: pam_unix(cron:session): session closed for user samftp
May  4 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Invalid user ftptest from 14.103.115.159
May  4 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: input_userauth_request: invalid user ftptest [preauth]
May  4 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Failed password for invalid user ftptest from 14.103.115.159 port 51600 ssh2
May  4 23:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Received disconnect from 14.103.115.159 port 51600:11: Bye Bye [preauth]
May  4 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Disconnected from 14.103.115.159 port 51600 [preauth]
May  4 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: Failed password for root from 218.92.0.179 port 15694 ssh2
May  4 23:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11528]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 15694 ssh2]
May  4 23:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  4 23:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for root from 164.68.105.9 port 35038 ssh2
May  4 23:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Connection closed by 164.68.105.9 port 35038 [preauth]
May  4 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10331]: pam_unix(cron:session): session closed for user root
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11650]: pam_unix(cron:session): session closed for user root
May  4 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session closed for user p13x
May  4 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11714]: Successful su for rubyman by root
May  4 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11714]: + ??? root:rubyman
May  4 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330318 of user rubyman.
May  4 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11714]: pam_unix(su:session): session closed for user rubyman
May  4 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330318.
May  4 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session closed for user root
May  4 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user samftp
May  4 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session closed for user root
May  4 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Received disconnect from 14.103.115.159 port 38268:11: Bye Bye [preauth]
May  4 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Disconnected from 14.103.115.159 port 38268 [preauth]
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12038]: pam_unix(cron:session): session closed for user p13x
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: Successful su for rubyman by root
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: + ??? root:rubyman
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330321 of user rubyman.
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12099]: pam_unix(su:session): session closed for user rubyman
May  4 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330321.
May  4 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session closed for user root
May  4 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12039]: pam_unix(cron:session): session closed for user samftp
May  4 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11245]: pam_unix(cron:session): session closed for user root
May  4 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session closed for user p13x
May  4 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12506]: Successful su for rubyman by root
May  4 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12506]: + ??? root:rubyman
May  4 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330326 of user rubyman.
May  4 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12506]: pam_unix(su:session): session closed for user rubyman
May  4 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330326.
May  4 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9848]: pam_unix(cron:session): session closed for user root
May  4 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user samftp
May  4 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12682]: Connection closed by 14.103.115.159 port 60240 [preauth]
May  4 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session closed for user root
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session closed for user root
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session closed for user p13x
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: Successful su for rubyman by root
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: + ??? root:rubyman
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330331 of user rubyman.
May  4 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: pam_unix(su:session): session closed for user rubyman
May  4 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330331.
May  4 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session closed for user root
May  4 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session closed for user root
May  4 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session closed for user samftp
May  4 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Did not receive identification string from 193.32.162.137
May  4 23:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user root
May  4 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Invalid user mao from 14.103.115.159
May  4 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: input_userauth_request: invalid user mao [preauth]
May  4 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Failed password for invalid user mao from 14.103.115.159 port 43848 ssh2
May  4 23:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Received disconnect from 14.103.115.159 port 43848:11: Bye Bye [preauth]
May  4 23:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13174]: Disconnected from 14.103.115.159 port 43848 [preauth]
May  4 23:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Invalid user ubnt from 80.94.95.125
May  4 23:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: input_userauth_request: invalid user ubnt [preauth]
May  4 23:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session closed for user p13x
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user ubnt from 80.94.95.125 port 61544 ssh2
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: Successful su for rubyman by root
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: + ??? root:rubyman
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330336 of user rubyman.
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session closed for user rubyman
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330336.
May  4 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user ubnt from 80.94.95.125 port 61544 ssh2
May  4 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session closed for user root
May  4 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session closed for user samftp
May  4 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user ubnt from 80.94.95.125 port 61544 ssh2
May  4 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user ubnt from 80.94.95.125 port 61544 ssh2
May  4 23:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user ubnt from 80.94.95.125 port 61544 ssh2
May  4 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Received disconnect from 80.94.95.125 port 61544:11: Bye [preauth]
May  4 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Disconnected from 80.94.95.125 port 61544 [preauth]
May  4 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  4 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session closed for user root
May  4 23:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: Failed password for root from 218.92.0.179 port 23942 ssh2
May  4 23:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23942 ssh2]
May  4 23:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: Received disconnect from 218.92.0.179 port 23942:11:  [preauth]
May  4 23:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: Disconnected from 218.92.0.179 port 23942 [preauth]
May  4 23:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13779]: pam_unix(cron:session): session closed for user p13x
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: Successful su for rubyman by root
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: + ??? root:rubyman
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330341 of user rubyman.
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13839]: pam_unix(su:session): session closed for user rubyman
May  4 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330341.
May  4 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session closed for user root
May  4 23:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session closed for user samftp
May  4 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session closed for user root
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session closed for user p13x
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: Successful su for rubyman by root
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: + ??? root:rubyman
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330344 of user rubyman.
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14233]: pam_unix(su:session): session closed for user rubyman
May  4 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330344.
May  4 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
May  4 23:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user samftp
May  4 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session closed for user root
May  4 23:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user p13x
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14644]: Successful su for rubyman by root
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14644]: + ??? root:rubyman
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330349 of user rubyman.
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14644]: pam_unix(su:session): session closed for user rubyman
May  4 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330349.
May  4 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session closed for user root
May  4 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user samftp
May  4 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session closed for user root
May  4 23:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Invalid user taibabi from 14.103.115.159
May  4 23:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: input_userauth_request: invalid user taibabi [preauth]
May  4 23:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Failed password for invalid user taibabi from 14.103.115.159 port 51572 ssh2
May  4 23:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Received disconnect from 14.103.115.159 port 51572:11: Bye Bye [preauth]
May  4 23:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Disconnected from 14.103.115.159 port 51572 [preauth]
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15000]: pam_unix(cron:session): session closed for user root
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session closed for user p13x
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15061]: Successful su for rubyman by root
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15061]: + ??? root:rubyman
May  4 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330355 of user rubyman.
May  4 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15061]: pam_unix(su:session): session closed for user rubyman
May  4 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330355.
May  4 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session closed for user root
May  4 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session closed for user root
May  4 23:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session closed for user samftp
May  4 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Invalid user test from 50.235.31.47
May  4 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: input_userauth_request: invalid user test [preauth]
May  4 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  4 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Failed password for invalid user test from 50.235.31.47 port 52862 ssh2
May  4 23:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15262]: Connection closed by 50.235.31.47 port 52862 [preauth]
May  4 23:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session closed for user root
May  4 23:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 23:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Failed password for root from 218.92.0.112 port 24574 ssh2
May  4 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 24574 ssh2]
May  4 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Received disconnect from 218.92.0.112 port 24574:11:  [preauth]
May  4 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Disconnected from 218.92.0.112 port 24574 [preauth]
May  4 23:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15419]: pam_unix(cron:session): session closed for user p13x
May  4 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: Successful su for rubyman by root
May  4 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: + ??? root:rubyman
May  4 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330358 of user rubyman.
May  4 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15486]: pam_unix(su:session): session closed for user rubyman
May  4 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330358.
May  4 23:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12833]: pam_unix(cron:session): session closed for user root
May  4 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15420]: pam_unix(cron:session): session closed for user samftp
May  4 23:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Invalid user trx from 14.103.115.159
May  4 23:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: input_userauth_request: invalid user trx [preauth]
May  4 23:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Failed password for invalid user trx from 14.103.115.159 port 41330 ssh2
May  4 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Received disconnect from 14.103.115.159 port 41330:11: Bye Bye [preauth]
May  4 23:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15706]: Disconnected from 14.103.115.159 port 41330 [preauth]
May  4 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session closed for user root
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15832]: pam_unix(cron:session): session closed for user p13x
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15892]: Successful su for rubyman by root
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15892]: + ??? root:rubyman
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330361 of user rubyman.
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15892]: pam_unix(su:session): session closed for user rubyman
May  4 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330361.
May  4 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session closed for user root
May  4 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15833]: pam_unix(cron:session): session closed for user samftp
May  4 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14999]: pam_unix(cron:session): session closed for user root
May  4 23:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159  user=root
May  4 23:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: Failed password for root from 14.103.115.159 port 55610 ssh2
May  4 23:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: Received disconnect from 14.103.115.159 port 55610:11: Bye Bye [preauth]
May  4 23:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16204]: Disconnected from 14.103.115.159 port 55610 [preauth]
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16224]: pam_unix(cron:session): session closed for user p13x
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: Successful su for rubyman by root
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: + ??? root:rubyman
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330365 of user rubyman.
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16283]: pam_unix(su:session): session closed for user rubyman
May  4 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330365.
May  4 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13781]: pam_unix(cron:session): session closed for user root
May  4 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16225]: pam_unix(cron:session): session closed for user samftp
May  4 23:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  4 23:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Failed password for root from 176.31.162.135 port 34640 ssh2
May  4 23:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16512]: Connection closed by 176.31.162.135 port 34640 [preauth]
May  4 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session closed for user root
May  4 23:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  4 23:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Failed password for root from 46.244.96.25 port 45118 ssh2
May  4 23:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Connection closed by 46.244.96.25 port 45118 [preauth]
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16670]: pam_unix(cron:session): session closed for user p13x
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: Successful su for rubyman by root
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: + ??? root:rubyman
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330370 of user rubyman.
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16735]: pam_unix(su:session): session closed for user rubyman
May  4 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330370.
May  4 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session closed for user root
May  4 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16671]: pam_unix(cron:session): session closed for user samftp
May  4 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Invalid user dima from 14.103.115.159
May  4 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: input_userauth_request: invalid user dima [preauth]
May  4 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Failed password for invalid user dima from 14.103.115.159 port 40988 ssh2
May  4 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Received disconnect from 14.103.115.159 port 40988:11: Bye Bye [preauth]
May  4 23:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16979]: Disconnected from 14.103.115.159 port 40988 [preauth]
May  4 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15835]: pam_unix(cron:session): session closed for user root
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17104]: pam_unix(cron:session): session closed for user root
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session closed for user p13x
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: Successful su for rubyman by root
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: + ??? root:rubyman
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330373 of user rubyman.
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17167]: pam_unix(su:session): session closed for user rubyman
May  4 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330373.
May  4 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17101]: pam_unix(cron:session): session closed for user root
May  4 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session closed for user root
May  4 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17100]: pam_unix(cron:session): session closed for user samftp
May  4 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16227]: pam_unix(cron:session): session closed for user root
May  4 23:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159  user=root
May  4 23:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for root from 14.103.115.159 port 57520 ssh2
May  4 23:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Received disconnect from 14.103.115.159 port 57520:11: Bye Bye [preauth]
May  4 23:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Disconnected from 14.103.115.159 port 57520 [preauth]
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17548]: pam_unix(cron:session): session closed for user p13x
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17617]: Successful su for rubyman by root
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17617]: + ??? root:rubyman
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330380 of user rubyman.
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17617]: pam_unix(su:session): session closed for user rubyman
May  4 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330380.
May  4 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17550]: pam_unix(cron:session): session closed for user samftp
May  4 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14998]: pam_unix(cron:session): session closed for user root
May  4 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16673]: pam_unix(cron:session): session closed for user root
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18074]: pam_unix(cron:session): session closed for user p13x
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18140]: Successful su for rubyman by root
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18140]: + ??? root:rubyman
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330385 of user rubyman.
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18140]: pam_unix(su:session): session closed for user rubyman
May  4 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330385.
May  4 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15421]: pam_unix(cron:session): session closed for user root
May  4 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18075]: pam_unix(cron:session): session closed for user samftp
May  4 23:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Invalid user prtg from 14.103.115.159
May  4 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: input_userauth_request: invalid user prtg [preauth]
May  4 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Failed password for invalid user prtg from 14.103.115.159 port 52178 ssh2
May  4 23:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Received disconnect from 14.103.115.159 port 52178:11: Bye Bye [preauth]
May  4 23:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Disconnected from 14.103.115.159 port 52178 [preauth]
May  4 23:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Invalid user christian from 80.94.95.241
May  4 23:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: input_userauth_request: invalid user christian [preauth]
May  4 23:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 23:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for invalid user christian from 80.94.95.241 port 42087 ssh2
May  4 23:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for invalid user christian from 80.94.95.241 port 42087 ssh2
May  4 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for invalid user christian from 80.94.95.241 port 42087 ssh2
May  4 23:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for invalid user christian from 80.94.95.241 port 42087 ssh2
May  4 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Failed password for invalid user christian from 80.94.95.241 port 42087 ssh2
May  4 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Received disconnect from 80.94.95.241 port 42087:11: Bye [preauth]
May  4 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: Disconnected from 80.94.95.241 port 42087 [preauth]
May  4 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  4 23:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18367]: PAM service(sshd) ignoring max retries; 5 > 3
May  4 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17103]: pam_unix(cron:session): session closed for user root
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18487]: pam_unix(cron:session): session closed for user p13x
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: Successful su for rubyman by root
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: + ??? root:rubyman
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330388 of user rubyman.
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18547]: pam_unix(su:session): session closed for user rubyman
May  4 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330388.
May  4 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session closed for user root
May  4 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18488]: pam_unix(cron:session): session closed for user samftp
May  4 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session closed for user root
May  4 23:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Invalid user s1 from 14.103.115.159
May  4 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: input_userauth_request: invalid user s1 [preauth]
May  4 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.115.159
May  4 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Failed password for invalid user s1 from 14.103.115.159 port 35124 ssh2
May  4 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Received disconnect from 14.103.115.159 port 35124:11: Bye Bye [preauth]
May  4 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18840]: Disconnected from 14.103.115.159 port 35124 [preauth]
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18899]: pam_unix(cron:session): session closed for user p13x
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: Successful su for rubyman by root
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: + ??? root:rubyman
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330391 of user rubyman.
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session closed for user rubyman
May  4 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330391.
May  4 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16226]: pam_unix(cron:session): session closed for user root
May  4 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session closed for user samftp
May  4 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18077]: pam_unix(cron:session): session closed for user root
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
May  4 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19306]: pam_unix(cron:session): session closed for user p13x
May  4 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: Successful su for rubyman by root
May  4 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: + ??? root:rubyman
May  4 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330395 of user rubyman.
May  4 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19375]: pam_unix(su:session): session closed for user rubyman
May  4 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330395.
May  4 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session closed for user root
May  4 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16672]: pam_unix(cron:session): session closed for user root
May  4 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session closed for user samftp
May  4 23:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: Invalid user B from 195.178.110.50
May  4 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: input_userauth_request: invalid user B [preauth]
May  4 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 23:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: Failed password for invalid user B from 195.178.110.50 port 38080 ssh2
May  4 23:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19620]: Connection closed by 195.178.110.50 port 38080 [preauth]
May  4 23:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18490]: pam_unix(cron:session): session closed for user root
May  4 23:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: Invalid user m from 195.178.110.50
May  4 23:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: input_userauth_request: invalid user m [preauth]
May  4 23:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 23:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: Failed password for invalid user m from 195.178.110.50 port 49392 ssh2
May  4 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19673]: Connection closed by 195.178.110.50 port 49392 [preauth]
May  4 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Invalid user  from 195.178.110.50
May  4 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: input_userauth_request: invalid user  [preauth]
May  4 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 23:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Failed password for invalid user  from 195.178.110.50 port 44178 ssh2
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19757]: pam_unix(cron:session): session closed for user p13x
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19825]: Successful su for rubyman by root
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19825]: + ??? root:rubyman
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330401 of user rubyman.
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19825]: pam_unix(su:session): session closed for user rubyman
May  4 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330401.
May  4 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19737]: Connection closed by 195.178.110.50 port 44178 [preauth]
May  4 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17102]: pam_unix(cron:session): session closed for user root
May  4 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19758]: pam_unix(cron:session): session closed for user samftp
May  4 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: Invalid user e from 195.178.110.50
May  4 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: input_userauth_request: invalid user e [preauth]
May  4 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 23:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: Failed password for invalid user e from 195.178.110.50 port 19084 ssh2
May  4 23:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19981]: Connection closed by 195.178.110.50 port 19084 [preauth]
May  4 23:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Invalid user 2 from 195.178.110.50
May  4 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: input_userauth_request: invalid user 2 [preauth]
May  4 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  4 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18902]: pam_unix(cron:session): session closed for user root
May  4 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Failed password for invalid user 2 from 195.178.110.50 port 37298 ssh2
May  4 23:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20060]: Connection closed by 195.178.110.50 port 37298 [preauth]
May  4 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20181]: pam_unix(cron:session): session closed for user p13x
May  4 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20239]: Successful su for rubyman by root
May  4 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20239]: + ??? root:rubyman
May  4 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330405 of user rubyman.
May  4 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20239]: pam_unix(su:session): session closed for user rubyman
May  4 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330405.
May  4 23:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17551]: pam_unix(cron:session): session closed for user root
May  4 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20182]: pam_unix(cron:session): session closed for user samftp
May  4 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Failed password for root from 218.92.0.112 port 13544 ssh2
May  4 23:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 13544 ssh2]
May  4 23:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Received disconnect from 218.92.0.112 port 13544:11:  [preauth]
May  4 23:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: Disconnected from 218.92.0.112 port 13544 [preauth]
May  4 23:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20420]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  4 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user root
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20575]: pam_unix(cron:session): session closed for user p13x
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: Successful su for rubyman by root
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: + ??? root:rubyman
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330410 of user rubyman.
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20635]: pam_unix(su:session): session closed for user rubyman
May  4 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330410.
May  4 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18076]: pam_unix(cron:session): session closed for user root
May  4 23:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20576]: pam_unix(cron:session): session closed for user samftp
May  4 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session closed for user root
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session closed for user p13x
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21098]: Successful su for rubyman by root
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21098]: + ??? root:rubyman
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330415 of user rubyman.
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21098]: pam_unix(su:session): session closed for user rubyman
May  4 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330415.
May  4 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session closed for user root
May  4 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18489]: pam_unix(cron:session): session closed for user root
May  4 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session closed for user samftp
May  4 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20184]: pam_unix(cron:session): session closed for user root
May  4 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  4 23:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: Failed password for root from 218.92.0.222 port 39122 ssh2
May  4 23:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21445]: Failed password for root from 218.92.0.222 port 39122 ssh2
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21522]: pam_unix(cron:session): session closed for user root
May  4 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session closed for user p13x
May  4 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21596]: Successful su for rubyman by root
May  4 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21596]: + ??? root:rubyman
May  4 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330418 of user rubyman.
May  4 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21596]: pam_unix(su:session): session closed for user rubyman
May  4 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330418.
May  4 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21518]: pam_unix(cron:session): session closed for user root
May  4 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user root
May  4 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21517]: pam_unix(cron:session): session closed for user samftp
May  4 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20578]: pam_unix(cron:session): session closed for user root
May  4 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22294]: pam_unix(cron:session): session closed for user p13x
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22371]: Successful su for rubyman by root
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22371]: + ??? root:rubyman
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330424 of user rubyman.
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22371]: pam_unix(su:session): session closed for user rubyman
May  4 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330424.
May  4 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session closed for user root
May  4 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user samftp
May  4 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20986]: pam_unix(cron:session): session closed for user root
May  4 23:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Failed password for root from 218.92.0.179 port 53968 ssh2
May  4 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 53968 ssh2]
May  4 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Received disconnect from 218.92.0.179 port 53968:11:  [preauth]
May  4 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: Disconnected from 218.92.0.179 port 53968 [preauth]
May  4 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22686]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  4 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22751]: pam_unix(cron:session): session closed for user p13x
May  4 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22826]: Successful su for rubyman by root
May  4 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22826]: + ??? root:rubyman
May  4 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330429 of user rubyman.
May  4 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22826]: pam_unix(su:session): session closed for user rubyman
May  4 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330429.
May  4 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19759]: pam_unix(cron:session): session closed for user root
May  4 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22752]: pam_unix(cron:session): session closed for user samftp
May  4 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21520]: pam_unix(cron:session): session closed for user root
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23220]: pam_unix(cron:session): session closed for user p13x
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: Successful su for rubyman by root
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: + ??? root:rubyman
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330432 of user rubyman.
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23281]: pam_unix(su:session): session closed for user rubyman
May  4 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330432.
May  4 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20183]: pam_unix(cron:session): session closed for user root
May  4 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23221]: pam_unix(cron:session): session closed for user samftp
May  4 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23710]: pam_unix(cron:session): session closed for user p13x
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: Successful su for rubyman by root
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: + ??? root:rubyman
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330438 of user rubyman.
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: pam_unix(su:session): session closed for user rubyman
May  4 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330438.
May  4 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20577]: pam_unix(cron:session): session closed for user root
May  4 23:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23711]: pam_unix(cron:session): session closed for user samftp
May  4 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user root
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24240]: pam_unix(cron:session): session closed for user root
May  4 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24234]: pam_unix(cron:session): session closed for user p13x
May  4 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: Successful su for rubyman by root
May  4 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: + ??? root:rubyman
May  4 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330444 of user rubyman.
May  4 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24319]: pam_unix(su:session): session closed for user rubyman
May  4 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330444.
May  4 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24236]: pam_unix(cron:session): session closed for user root
May  4 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20985]: pam_unix(cron:session): session closed for user root
May  4 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session closed for user samftp
May  4 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: Failed password for root from 218.92.0.111 port 46330 ssh2
May  4 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 46330 ssh2]
May  4 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: Received disconnect from 218.92.0.111 port 46330:11:  [preauth]
May  4 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: Disconnected from 218.92.0.111 port 46330 [preauth]
May  4 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24516]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  4 23:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for root from 218.92.0.237 port 42456 ssh2
May  4 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23223]: pam_unix(cron:session): session closed for user root
May  4 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for root from 218.92.0.237 port 42456 ssh2
May  4 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for root from 218.92.0.237 port 42456 ssh2
May  4 23:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Received disconnect from 218.92.0.237 port 42456:11:  [preauth]
May  4 23:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Disconnected from 218.92.0.237 port 42456 [preauth]
May  4 23:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  4 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session closed for user p13x
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: Successful su for rubyman by root
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: + ??? root:rubyman
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330447 of user rubyman.
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24793]: pam_unix(su:session): session closed for user rubyman
May  4 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330447.
May  4 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21519]: pam_unix(cron:session): session closed for user root
May  4 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session closed for user samftp
May  4 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23713]: pam_unix(cron:session): session closed for user root
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25137]: pam_unix(cron:session): session closed for user p13x
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25200]: Successful su for rubyman by root
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25200]: + ??? root:rubyman
May  4 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330451 of user rubyman.
May  4 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25200]: pam_unix(su:session): session closed for user rubyman
May  4 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330451.
May  4 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session closed for user root
May  4 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24557]: Connection reset by 218.92.0.111 port 46338 [preauth]
May  4 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25138]: pam_unix(cron:session): session closed for user samftp
May  4 23:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24662]: Connection reset by 218.92.0.111 port 63068 [preauth]
May  4 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24239]: pam_unix(cron:session): session closed for user root
May  4 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24698]: Connection reset by 218.92.0.111 port 47684 [preauth]
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25550]: pam_unix(cron:session): session closed for user p13x
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25614]: Successful su for rubyman by root
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25614]: + ??? root:rubyman
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330456 of user rubyman.
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25614]: pam_unix(su:session): session closed for user rubyman
May  4 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330456.
May  4 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session closed for user root
May  4 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session closed for user samftp
May  4 23:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session closed for user root
May  4 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session closed for user p13x
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: Successful su for rubyman by root
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: + ??? root:rubyman
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330460 of user rubyman.
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: pam_unix(su:session): session closed for user rubyman
May  4 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330460.
May  4 23:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23222]: pam_unix(cron:session): session closed for user root
May  4 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session closed for user samftp
May  4 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25142]: pam_unix(cron:session): session closed for user root
May  4 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Invalid user admin from 139.19.117.131
May  4 23:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: input_userauth_request: invalid user admin [preauth]
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26351]: pam_unix(cron:session): session closed for user root
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26346]: pam_unix(cron:session): session closed for user p13x
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: Successful su for rubyman by root
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: + ??? root:rubyman
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330465 of user rubyman.
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26415]: pam_unix(su:session): session closed for user rubyman
May  4 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330465.
May  4 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26335]: Connection closed by 139.19.117.131 port 56186 [preauth]
May  4 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26348]: pam_unix(cron:session): session closed for user root
May  4 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23712]: pam_unix(cron:session): session closed for user root
May  4 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26347]: pam_unix(cron:session): session closed for user samftp
May  4 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25553]: pam_unix(cron:session): session closed for user root
May  4 23:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Invalid user w from 176.31.162.135
May  4 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: input_userauth_request: invalid user w [preauth]
May  4 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  4 23:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Failed password for invalid user w from 176.31.162.135 port 45634 ssh2
May  4 23:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26806]: Connection closed by 176.31.162.135 port 45634 [preauth]
May  4 23:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: Invalid user pp from 190.103.202.7
May  4 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: input_userauth_request: invalid user pp [preauth]
May  4 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: pam_unix(sshd:auth): check pass; user unknown
May  4 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  4 23:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: Failed password for invalid user pp from 190.103.202.7 port 55086 ssh2
May  4 23:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26816]: Connection closed by 190.103.202.7 port 55086 [preauth]
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26860]: pam_unix(cron:session): session closed for user p13x
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Connection reset by 218.92.0.112 port 47652 [preauth]
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26952]: Successful su for rubyman by root
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26952]: + ??? root:rubyman
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330468 of user rubyman.
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26952]: pam_unix(su:session): session closed for user rubyman
May  4 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330468.
May  4 23:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24238]: pam_unix(cron:session): session closed for user root
May  4 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26862]: pam_unix(cron:session): session closed for user samftp
May  4 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session closed for user root
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27348]: pam_unix(cron:session): session closed for user p13x
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: Successful su for rubyman by root
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: + ??? root:rubyman
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330472 of user rubyman.
May  4 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27436]: pam_unix(su:session): session closed for user rubyman
May  4 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330472.
May  4 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session closed for user root
May  4 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user samftp
May  4 23:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26350]: pam_unix(cron:session): session closed for user root
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27791]: pam_unix(cron:session): session closed for user p13x
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27853]: Successful su for rubyman by root
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27853]: + ??? root:rubyman
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330476 of user rubyman.
May  4 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27853]: pam_unix(su:session): session closed for user rubyman
May  4 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330476.
May  4 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25139]: pam_unix(cron:session): session closed for user root
May  4 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27792]: pam_unix(cron:session): session closed for user samftp
May  4 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26864]: pam_unix(cron:session): session closed for user root
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28191]: pam_unix(cron:session): session closed for user p13x
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: Successful su for rubyman by root
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: + ??? root:rubyman
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330481 of user rubyman.
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28253]: pam_unix(su:session): session closed for user rubyman
May  4 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330481.
May  4 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session closed for user root
May  4 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28192]: pam_unix(cron:session): session closed for user samftp
May  4 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session closed for user root
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28599]: pam_unix(cron:session): session closed for user root
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28594]: pam_unix(cron:session): session closed for user p13x
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: Successful su for rubyman by root
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: + ??? root:rubyman
May  4 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330484 of user rubyman.
May  4 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28664]: pam_unix(su:session): session closed for user rubyman
May  4 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330484.
May  4 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28596]: pam_unix(cron:session): session closed for user root
May  4 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session closed for user root
May  4 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28595]: pam_unix(cron:session): session closed for user samftp
May  4 23:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 23:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for root from 218.92.0.229 port 16236 ssh2
May  4 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for root from 218.92.0.229 port 16236 ssh2
May  4 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27794]: pam_unix(cron:session): session closed for user root
May  4 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for root from 218.92.0.229 port 16236 ssh2
May  4 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Received disconnect from 218.92.0.229 port 16236:11:  [preauth]
May  4 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Disconnected from 218.92.0.229 port 16236 [preauth]
May  4 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Failed password for root from 218.92.0.229 port 16246 ssh2
May  4 23:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 16246 ssh2]
May  4 23:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Received disconnect from 218.92.0.229 port 16246:11:  [preauth]
May  4 23:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Disconnected from 218.92.0.229 port 16246 [preauth]
May  4 23:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 23:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 23:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Failed password for root from 218.92.0.229 port 15566 ssh2
May  4 23:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  4 23:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Failed password for root from 218.92.0.229 port 15566 ssh2
May  4 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Failed password for root from 218.92.0.229 port 15566 ssh2
May  4 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Received disconnect from 218.92.0.229 port 15566:11:  [preauth]
May  4 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: Disconnected from 218.92.0.229 port 15566 [preauth]
May  4 23:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28996]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  4 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session closed for user p13x
May  4 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: Successful su for rubyman by root
May  4 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: + ??? root:rubyman
May  4 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330490 of user rubyman.
May  4 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29198]: pam_unix(su:session): session closed for user rubyman
May  4 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330490.
May  4 23:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26349]: pam_unix(cron:session): session closed for user root
May  4 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session closed for user samftp
May  4 23:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session closed for user root
May  4 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session closed for user p13x
May  4 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: Successful su for rubyman by root
May  4 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: + ??? root:rubyman
May  4 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330494 of user rubyman.
May  4 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29609]: pam_unix(su:session): session closed for user rubyman
May  4 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330494.
May  4 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26863]: pam_unix(cron:session): session closed for user root
May  4 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session closed for user samftp
May  4 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Connection reset by 218.92.0.217 port 26096 [preauth]
May  4 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28598]: pam_unix(cron:session): session closed for user root
May  4 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session closed for user p13x
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30018]: Successful su for rubyman by root
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30018]: + ??? root:rubyman
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330499 of user rubyman.
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30018]: pam_unix(su:session): session closed for user rubyman
May  4 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330499.
May  4 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session closed for user root
May  4 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session closed for user samftp
May  4 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session closed for user root
May  4 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  4 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  4 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  4 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30345]: pam_unix(cron:session): session closed for user p13x
May  4 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30406]: Successful su for rubyman by root
May  4 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30406]: + ??? root:rubyman
May  4 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  4 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330502 of user rubyman.
May  4 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30406]: pam_unix(su:session): session closed for user rubyman
May  4 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330502.
May  4 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27793]: pam_unix(cron:session): session closed for user root
May  4 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30346]: pam_unix(cron:session): session closed for user samftp
May  4 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session closed for user root
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session closed for user root
May  5 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30747]: pam_unix(cron:session): session closed for user root
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session closed for user p13x
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30834]: Successful su for rubyman by root
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30834]: + ??? root:rubyman
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330510 of user rubyman.
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30834]: pam_unix(su:session): session closed for user rubyman
May  5 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330510.
May  5 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28193]: pam_unix(cron:session): session closed for user root
May  5 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30748]: pam_unix(cron:session): session closed for user root
May  5 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30746]: pam_unix(cron:session): session closed for user samftp
May  5 00:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session closed for user root
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session closed for user root
May  5 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session closed for user p13x
May  5 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: Successful su for rubyman by root
May  5 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: + ??? root:rubyman
May  5 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330514 of user rubyman.
May  5 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session closed for user rubyman
May  5 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330514.
May  5 00:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28597]: pam_unix(cron:session): session closed for user root
May  5 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user samftp
May  5 00:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session closed for user root
May  5 00:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  5 00:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Failed password for root from 218.92.0.228 port 58120 ssh2
May  5 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 58120 ssh2]
May  5 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Received disconnect from 218.92.0.228 port 58120:11:  [preauth]
May  5 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: Disconnected from 218.92.0.228 port 58120 [preauth]
May  5 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31617]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  5 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  5 00:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: Failed password for root from 218.92.0.228 port 58130 ssh2
May  5 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 58130 ssh2]
May  5 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: Received disconnect from 218.92.0.228 port 58130:11:  [preauth]
May  5 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: Disconnected from 218.92.0.228 port 58130 [preauth]
May  5 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31634]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  5 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session closed for user p13x
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: Successful su for rubyman by root
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: + ??? root:rubyman
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330518 of user rubyman.
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: pam_unix(su:session): session closed for user rubyman
May  5 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330518.
May  5 00:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Failed password for root from 218.92.0.228 port 28916 ssh2
May  5 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session closed for user root
May  5 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31668]: pam_unix(cron:session): session closed for user samftp
May  5 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Failed password for root from 218.92.0.228 port 28916 ssh2
May  5 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Failed password for root from 218.92.0.228 port 28916 ssh2
May  5 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Received disconnect from 218.92.0.228 port 28916:11:  [preauth]
May  5 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Disconnected from 218.92.0.228 port 28916 [preauth]
May  5 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  5 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user root
May  5 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 00:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32044]: Failed password for root from 218.92.0.212 port 16412 ssh2
May  5 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32094]: pam_unix(cron:session): session closed for user p13x
May  5 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32156]: Successful su for rubyman by root
May  5 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32156]: + ??? root:rubyman
May  5 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330524 of user rubyman.
May  5 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32156]: pam_unix(su:session): session closed for user rubyman
May  5 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330524.
May  5 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session closed for user root
May  5 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32095]: pam_unix(cron:session): session closed for user samftp
May  5 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session closed for user root
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user p13x
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: Successful su for rubyman by root
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: + ??? root:rubyman
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330529 of user rubyman.
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32553]: pam_unix(su:session): session closed for user rubyman
May  5 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330529.
May  5 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session closed for user root
May  5 00:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session closed for user samftp
May  5 00:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user root
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[560]: pam_unix(cron:session): session closed for user root
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session closed for user p13x
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: Successful su for rubyman by root
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: + ??? root:rubyman
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330533 of user rubyman.
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[628]: pam_unix(su:session): session closed for user rubyman
May  5 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330533.
May  5 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[557]: pam_unix(cron:session): session closed for user root
May  5 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session closed for user root
May  5 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[556]: pam_unix(cron:session): session closed for user samftp
May  5 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32097]: pam_unix(cron:session): session closed for user root
May  5 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  5 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Failed password for root from 218.92.0.221 port 61802 ssh2
May  5 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Failed password for root from 218.92.0.221 port 61802 ssh2
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session closed for user p13x
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: Successful su for rubyman by root
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: + ??? root:rubyman
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330538 of user rubyman.
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1100]: pam_unix(su:session): session closed for user rubyman
May  5 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330538.
May  5 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Failed password for root from 218.92.0.221 port 61802 ssh2
May  5 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Received disconnect from 218.92.0.221 port 61802:11:  [preauth]
May  5 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: Disconnected from 218.92.0.221 port 61802 [preauth]
May  5 00:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1009]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  5 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user root
May  5 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session closed for user samftp
May  5 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session closed for user root
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user p13x
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: Successful su for rubyman by root
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: + ??? root:rubyman
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330540 of user rubyman.
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1568]: pam_unix(su:session): session closed for user rubyman
May  5 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330540.
May  5 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session closed for user root
May  5 00:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user samftp
May  5 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[559]: pam_unix(cron:session): session closed for user root
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user p13x
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: Successful su for rubyman by root
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: + ??? root:rubyman
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330544 of user rubyman.
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2071]: pam_unix(su:session): session closed for user rubyman
May  5 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330544.
May  5 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
May  5 00:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session closed for user samftp
May  5 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1032]: pam_unix(cron:session): session closed for user root
May  5 00:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Invalid user ryan from 193.70.84.184
May  5 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: input_userauth_request: invalid user ryan [preauth]
May  5 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 00:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Failed password for invalid user ryan from 193.70.84.184 port 38356 ssh2
May  5 00:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2354]: Connection closed by 193.70.84.184 port 38356 [preauth]
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session closed for user p13x
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2550]: Successful su for rubyman by root
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2550]: + ??? root:rubyman
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330548 of user rubyman.
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2550]: pam_unix(su:session): session closed for user rubyman
May  5 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330548.
May  5 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session closed for user root
May  5 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32096]: pam_unix(cron:session): session closed for user root
May  5 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session closed for user samftp
May  5 00:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1503]: pam_unix(cron:session): session closed for user root
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session closed for user root
May  5 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2956]: pam_unix(cron:session): session closed for user p13x
May  5 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: Successful su for rubyman by root
May  5 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: + ??? root:rubyman
May  5 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330554 of user rubyman.
May  5 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3025]: pam_unix(su:session): session closed for user rubyman
May  5 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330554.
May  5 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2958]: pam_unix(cron:session): session closed for user root
May  5 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user root
May  5 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2957]: pam_unix(cron:session): session closed for user samftp
May  5 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2012]: pam_unix(cron:session): session closed for user root
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3397]: pam_unix(cron:session): session closed for user p13x
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3476]: Successful su for rubyman by root
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3476]: + ??? root:rubyman
May  5 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330560 of user rubyman.
May  5 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3476]: pam_unix(su:session): session closed for user rubyman
May  5 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330560.
May  5 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[558]: pam_unix(cron:session): session closed for user root
May  5 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3398]: pam_unix(cron:session): session closed for user samftp
May  5 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session closed for user root
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user p13x
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: Successful su for rubyman by root
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: + ??? root:rubyman
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330563 of user rubyman.
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3907]: pam_unix(su:session): session closed for user rubyman
May  5 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330563.
May  5 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session closed for user root
May  5 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session closed for user samftp
May  5 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session closed for user root
May  5 00:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Failed password for root from 218.92.0.179 port 19076 ssh2
May  5 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 19076 ssh2]
May  5 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Received disconnect from 218.92.0.179 port 19076:11:  [preauth]
May  5 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Disconnected from 218.92.0.179 port 19076 [preauth]
May  5 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4422]: pam_unix(cron:session): session closed for user p13x
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4493]: Successful su for rubyman by root
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4493]: + ??? root:rubyman
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330567 of user rubyman.
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4493]: pam_unix(su:session): session closed for user rubyman
May  5 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330567.
May  5 00:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session closed for user root
May  5 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4423]: pam_unix(cron:session): session closed for user samftp
May  5 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3401]: pam_unix(cron:session): session closed for user root
May  5 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session closed for user p13x
May  5 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4928]: Successful su for rubyman by root
May  5 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4928]: + ??? root:rubyman
May  5 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330572 of user rubyman.
May  5 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4928]: pam_unix(su:session): session closed for user rubyman
May  5 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330572.
May  5 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session closed for user root
May  5 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4861]: pam_unix(cron:session): session closed for user samftp
May  5 00:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user root
May  5 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Invalid user ] from 195.178.110.50
May  5 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: input_userauth_request: invalid user ] [preauth]
May  5 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Failed password for invalid user ] from 195.178.110.50 port 9884 ssh2
May  5 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Connection closed by 195.178.110.50 port 9884 [preauth]
May  5 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Invalid user * from 195.178.110.50
May  5 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: input_userauth_request: invalid user * [preauth]
May  5 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Failed password for invalid user * from 195.178.110.50 port 22020 ssh2
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user root
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5472]: pam_unix(cron:session): session closed for user p13x
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5412]: Connection closed by 195.178.110.50 port 22020 [preauth]
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: Successful su for rubyman by root
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: + ??? root:rubyman
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330576 of user rubyman.
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: pam_unix(su:session): session closed for user rubyman
May  5 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330576.
May  5 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session closed for user root
May  5 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session closed for user root
May  5 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5473]: pam_unix(cron:session): session closed for user samftp
May  5 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Invalid user U from 195.178.110.50
May  5 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: input_userauth_request: invalid user U [preauth]
May  5 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for invalid user U from 195.178.110.50 port 63726 ssh2
May  5 00:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Connection closed by 195.178.110.50 port 63726 [preauth]
May  5 00:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4425]: pam_unix(cron:session): session closed for user root
May  5 00:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Invalid user " from 195.178.110.50
May  5 00:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: input_userauth_request: invalid user " [preauth]
May  5 00:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Failed password for invalid user " from 195.178.110.50 port 61386 ssh2
May  5 00:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: Connection closed by 195.178.110.50 port 61386 [preauth]
May  5 00:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: Invalid user M from 195.178.110.50
May  5 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: input_userauth_request: invalid user M [preauth]
May  5 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: Failed password for invalid user M from 195.178.110.50 port 33172 ssh2
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6051]: pam_unix(cron:session): session closed for user p13x
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6130]: Successful su for rubyman by root
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6130]: + ??? root:rubyman
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330582 of user rubyman.
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6130]: pam_unix(su:session): session closed for user rubyman
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330582.
May  5 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5996]: Connection closed by 195.178.110.50 port 33172 [preauth]
May  5 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2959]: pam_unix(cron:session): session closed for user root
May  5 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6052]: pam_unix(cron:session): session closed for user samftp
May  5 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4864]: pam_unix(cron:session): session closed for user root
May  5 00:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Invalid user admin from 80.94.95.112
May  5 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: input_userauth_request: invalid user admin [preauth]
May  5 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user admin from 80.94.95.112 port 36937 ssh2
May  5 00:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6453]: Connection closed by 46.244.96.25 port 44892 [preauth]
May  5 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user admin from 80.94.95.112 port 36937 ssh2
May  5 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: Invalid user jean from 46.244.96.25
May  5 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: input_userauth_request: invalid user jean [preauth]
May  5 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user admin from 80.94.95.112 port 36937 ssh2
May  5 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: Failed password for invalid user jean from 46.244.96.25 port 44904 ssh2
May  5 00:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6455]: Connection closed by 46.244.96.25 port 44904 [preauth]
May  5 00:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user admin from 80.94.95.112 port 36937 ssh2
May  5 00:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user admin from 80.94.95.112 port 36937 ssh2
May  5 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Received disconnect from 80.94.95.112 port 36937:11: Bye [preauth]
May  5 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Disconnected from 80.94.95.112 port 36937 [preauth]
May  5 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 00:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session closed for user root
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session closed for user p13x
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: Successful su for rubyman by root
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: + ??? root:rubyman
May  5 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330587 of user rubyman.
May  5 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: pam_unix(su:session): session closed for user rubyman
May  5 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330587.
May  5 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3399]: pam_unix(cron:session): session closed for user root
May  5 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session closed for user samftp
May  5 00:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user root
May  5 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 00:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Failed password for root from 218.92.0.211 port 59550 ssh2
May  5 00:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: message repeated 4 times: [ Failed password for root from 218.92.0.211 port 59550 ssh2]
May  5 00:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 59550 ssh2 [preauth]
May  5 00:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: Disconnecting: Too many authentication failures [preauth]
May  5 00:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 00:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6833]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 00:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session closed for user p13x
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: Successful su for rubyman by root
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: + ??? root:rubyman
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330591 of user rubyman.
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7048]: pam_unix(su:session): session closed for user rubyman
May  5 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330591.
May  5 00:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session closed for user root
May  5 00:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session closed for user samftp
May  5 00:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6054]: pam_unix(cron:session): session closed for user root
May  5 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session closed for user p13x
May  5 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: Successful su for rubyman by root
May  5 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: + ??? root:rubyman
May  5 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330594 of user rubyman.
May  5 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: pam_unix(su:session): session closed for user rubyman
May  5 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330594.
May  5 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4424]: pam_unix(cron:session): session closed for user root
May  5 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session closed for user samftp
May  5 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user root
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7924]: pam_unix(cron:session): session closed for user root
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session closed for user p13x
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7994]: Successful su for rubyman by root
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7994]: + ??? root:rubyman
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330600 of user rubyman.
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7994]: pam_unix(su:session): session closed for user rubyman
May  5 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330600.
May  5 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7921]: pam_unix(cron:session): session closed for user root
May  5 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session closed for user root
May  5 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session closed for user samftp
May  5 00:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session closed for user root
May  5 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8378]: pam_unix(cron:session): session closed for user p13x
May  5 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: Successful su for rubyman by root
May  5 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: + ??? root:rubyman
May  5 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330604 of user rubyman.
May  5 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8450]: pam_unix(su:session): session closed for user rubyman
May  5 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330604.
May  5 00:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session closed for user root
May  5 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8379]: pam_unix(cron:session): session closed for user samftp
May  5 00:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Invalid user kelly from 50.235.31.47
May  5 00:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: input_userauth_request: invalid user kelly [preauth]
May  5 00:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 00:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Failed password for invalid user kelly from 50.235.31.47 port 46298 ssh2
May  5 00:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Connection closed by 50.235.31.47 port 46298 [preauth]
May  5 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session closed for user root
May  5 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session closed for user p13x
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: Successful su for rubyman by root
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: + ??? root:rubyman
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330608 of user rubyman.
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: pam_unix(su:session): session closed for user rubyman
May  5 00:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330608.
May  5 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6053]: pam_unix(cron:session): session closed for user root
May  5 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session closed for user samftp
May  5 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7923]: pam_unix(cron:session): session closed for user root
May  5 00:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  5 00:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: Failed password for root from 218.92.0.252 port 43740 ssh2
May  5 00:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9346]: pam_unix(cron:session): session closed for user p13x
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: Successful su for rubyman by root
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: + ??? root:rubyman
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330613 of user rubyman.
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: pam_unix(su:session): session closed for user rubyman
May  5 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330613.
May  5 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user root
May  5 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9347]: pam_unix(cron:session): session closed for user samftp
May  5 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8381]: pam_unix(cron:session): session closed for user root
May  5 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9747]: pam_unix(cron:session): session closed for user p13x
May  5 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9809]: Successful su for rubyman by root
May  5 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9809]: + ??? root:rubyman
May  5 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330617 of user rubyman.
May  5 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9809]: pam_unix(su:session): session closed for user rubyman
May  5 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330617.
May  5 00:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session closed for user root
May  5 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9748]: pam_unix(cron:session): session closed for user samftp
May  5 00:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8815]: pam_unix(cron:session): session closed for user root
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session closed for user root
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10142]: pam_unix(cron:session): session closed for user p13x
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10230]: Successful su for rubyman by root
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10230]: + ??? root:rubyman
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330622 of user rubyman.
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10230]: pam_unix(su:session): session closed for user rubyman
May  5 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330622.
May  5 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10145]: pam_unix(cron:session): session closed for user root
May  5 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user root
May  5 00:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10143]: pam_unix(cron:session): session closed for user samftp
May  5 00:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session closed for user root
May  5 00:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for root from 218.92.0.179 port 50655 ssh2
May  5 00:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for root from 218.92.0.179 port 50655 ssh2
May  5 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session closed for user p13x
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10816]: Successful su for rubyman by root
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10816]: + ??? root:rubyman
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330626 of user rubyman.
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10816]: pam_unix(su:session): session closed for user rubyman
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330626.
May  5 00:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for root from 218.92.0.179 port 50655 ssh2
May  5 00:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7922]: pam_unix(cron:session): session closed for user root
May  5 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user samftp
May  5 00:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9750]: pam_unix(cron:session): session closed for user root
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session closed for user p13x
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: Successful su for rubyman by root
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: + ??? root:rubyman
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330630 of user rubyman.
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: pam_unix(su:session): session closed for user rubyman
May  5 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330630.
May  5 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8380]: pam_unix(cron:session): session closed for user root
May  5 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11146]: pam_unix(cron:session): session closed for user samftp
May  5 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session closed for user root
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11537]: pam_unix(cron:session): session closed for user p13x
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11602]: Successful su for rubyman by root
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11602]: + ??? root:rubyman
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330634 of user rubyman.
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11602]: pam_unix(su:session): session closed for user rubyman
May  5 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330634.
May  5 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8814]: pam_unix(cron:session): session closed for user root
May  5 00:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11538]: pam_unix(cron:session): session closed for user samftp
May  5 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session closed for user root
May  5 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11937]: pam_unix(cron:session): session closed for user p13x
May  5 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: Successful su for rubyman by root
May  5 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: + ??? root:rubyman
May  5 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330638 of user rubyman.
May  5 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11995]: pam_unix(su:session): session closed for user rubyman
May  5 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330638.
May  5 00:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session closed for user root
May  5 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11938]: pam_unix(cron:session): session closed for user samftp
May  5 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11148]: pam_unix(cron:session): session closed for user root
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session closed for user root
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session closed for user p13x
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12401]: Successful su for rubyman by root
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12401]: + ??? root:rubyman
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330644 of user rubyman.
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12401]: pam_unix(su:session): session closed for user rubyman
May  5 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330644.
May  5 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session closed for user root
May  5 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9749]: pam_unix(cron:session): session closed for user root
May  5 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session closed for user samftp
May  5 00:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11540]: pam_unix(cron:session): session closed for user root
May  5 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12746]: pam_unix(cron:session): session closed for user p13x
May  5 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12813]: Successful su for rubyman by root
May  5 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12813]: + ??? root:rubyman
May  5 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330648 of user rubyman.
May  5 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12813]: pam_unix(su:session): session closed for user rubyman
May  5 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330648.
May  5 00:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10146]: pam_unix(cron:session): session closed for user root
May  5 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12747]: pam_unix(cron:session): session closed for user samftp
May  5 00:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session closed for user root
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session closed for user p13x
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13210]: Successful su for rubyman by root
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13210]: + ??? root:rubyman
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330654 of user rubyman.
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13210]: pam_unix(su:session): session closed for user rubyman
May  5 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330654.
May  5 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session closed for user root
May  5 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session closed for user samftp
May  5 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session closed for user root
May  5 00:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Invalid user smtp from 190.103.202.7
May  5 00:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: input_userauth_request: invalid user smtp [preauth]
May  5 00:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 00:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for invalid user smtp from 190.103.202.7 port 59804 ssh2
May  5 00:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Connection closed by 190.103.202.7 port 59804 [preauth]
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13646]: pam_unix(cron:session): session closed for user p13x
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: Successful su for rubyman by root
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: + ??? root:rubyman
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330656 of user rubyman.
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13713]: pam_unix(su:session): session closed for user rubyman
May  5 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330656.
May  5 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11147]: pam_unix(cron:session): session closed for user root
May  5 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session closed for user samftp
May  5 00:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12749]: pam_unix(cron:session): session closed for user root
May  5 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14050]: pam_unix(cron:session): session closed for user p13x
May  5 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: Successful su for rubyman by root
May  5 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: + ??? root:rubyman
May  5 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330661 of user rubyman.
May  5 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: pam_unix(su:session): session closed for user rubyman
May  5 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330661.
May  5 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11539]: pam_unix(cron:session): session closed for user root
May  5 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14051]: pam_unix(cron:session): session closed for user samftp
May  5 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user root
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user root
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session closed for user p13x
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: Successful su for rubyman by root
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: + ??? root:rubyman
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330664 of user rubyman.
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session closed for user rubyman
May  5 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330664.
May  5 00:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session closed for user root
May  5 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session closed for user root
May  5 00:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session closed for user samftp
May  5 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session closed for user root
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14903]: pam_unix(cron:session): session closed for user p13x
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14977]: Successful su for rubyman by root
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14977]: + ??? root:rubyman
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330672 of user rubyman.
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14977]: pam_unix(su:session): session closed for user rubyman
May  5 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330672.
May  5 00:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session closed for user root
May  5 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session closed for user samftp
May  5 00:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  5 00:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Failed password for root from 218.92.0.226 port 42844 ssh2
May  5 00:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 42844 ssh2]
May  5 00:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Received disconnect from 218.92.0.226 port 42844:11:  [preauth]
May  5 00:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Disconnected from 218.92.0.226 port 42844 [preauth]
May  5 00:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  5 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session closed for user root
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15303]: pam_unix(cron:session): session closed for user p13x
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: Successful su for rubyman by root
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: + ??? root:rubyman
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330674 of user rubyman.
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session closed for user rubyman
May  5 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330674.
May  5 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12748]: pam_unix(cron:session): session closed for user root
May  5 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user samftp
May  5 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user root
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15701]: pam_unix(cron:session): session closed for user p13x
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15762]: Successful su for rubyman by root
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15762]: + ??? root:rubyman
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330678 of user rubyman.
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15762]: pam_unix(su:session): session closed for user rubyman
May  5 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330678.
May  5 00:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user root
May  5 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user samftp
May  5 00:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: Failed password for root from 218.92.0.179 port 49483 ssh2
May  5 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49483 ssh2]
May  5 00:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: Received disconnect from 218.92.0.179 port 49483:11:  [preauth]
May  5 00:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: Disconnected from 218.92.0.179 port 49483 [preauth]
May  5 00:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15881]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14906]: pam_unix(cron:session): session closed for user root
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16090]: pam_unix(cron:session): session closed for user p13x
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16206]: Successful su for rubyman by root
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16206]: + ??? root:rubyman
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330682 of user rubyman.
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16206]: pam_unix(su:session): session closed for user rubyman
May  5 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330682.
May  5 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16088]: pam_unix(cron:session): session closed for user root
May  5 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session closed for user root
May  5 00:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16091]: pam_unix(cron:session): session closed for user samftp
May  5 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user root
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session closed for user root
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session closed for user p13x
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16689]: Successful su for rubyman by root
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16689]: + ??? root:rubyman
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330688 of user rubyman.
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16689]: pam_unix(su:session): session closed for user rubyman
May  5 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330688.
May  5 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16607]: pam_unix(cron:session): session closed for user root
May  5 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14052]: pam_unix(cron:session): session closed for user root
May  5 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16606]: pam_unix(cron:session): session closed for user samftp
May  5 00:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user root
May  5 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Failed password for root from 218.92.0.179 port 34566 ssh2
May  5 00:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 34566 ssh2]
May  5 00:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Received disconnect from 218.92.0.179 port 34566:11:  [preauth]
May  5 00:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: Disconnected from 218.92.0.179 port 34566 [preauth]
May  5 00:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17023]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17083]: pam_unix(cron:session): session closed for user p13x
May  5 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: Successful su for rubyman by root
May  5 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: + ??? root:rubyman
May  5 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330694 of user rubyman.
May  5 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: pam_unix(su:session): session closed for user rubyman
May  5 00:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330694.
May  5 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user root
May  5 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session closed for user samftp
May  5 00:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Invalid user ts3server from 164.68.105.9
May  5 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: input_userauth_request: invalid user ts3server [preauth]
May  5 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 00:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Failed password for invalid user ts3server from 164.68.105.9 port 34518 ssh2
May  5 00:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Connection closed by 164.68.105.9 port 34518 [preauth]
May  5 00:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session closed for user root
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user p13x
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: Successful su for rubyman by root
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: + ??? root:rubyman
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330697 of user rubyman.
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: pam_unix(su:session): session closed for user rubyman
May  5 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330697.
May  5 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14905]: pam_unix(cron:session): session closed for user root
May  5 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for root from 218.92.0.179 port 64351 ssh2
May  5 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user samftp
May  5 00:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for root from 218.92.0.179 port 64351 ssh2
May  5 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Failed password for root from 218.92.0.179 port 64351 ssh2
May  5 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Received disconnect from 218.92.0.179 port 64351:11:  [preauth]
May  5 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: Disconnected from 218.92.0.179 port 64351 [preauth]
May  5 00:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17626]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session closed for user root
May  5 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session closed for user p13x
May  5 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: Successful su for rubyman by root
May  5 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: + ??? root:rubyman
May  5 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330701 of user rubyman.
May  5 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: pam_unix(su:session): session closed for user rubyman
May  5 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330701.
May  5 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session closed for user root
May  5 00:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session closed for user samftp
May  5 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17086]: pam_unix(cron:session): session closed for user root
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18438]: pam_unix(cron:session): session closed for user p13x
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: Successful su for rubyman by root
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: + ??? root:rubyman
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330706 of user rubyman.
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18502]: pam_unix(su:session): session closed for user rubyman
May  5 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330706.
May  5 00:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session closed for user root
May  5 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18439]: pam_unix(cron:session): session closed for user samftp
May  5 00:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  5 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Failed password for root from 165.154.14.28 port 34826 ssh2
May  5 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Received disconnect from 165.154.14.28 port 34826:11: Bye Bye [preauth]
May  5 00:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18713]: Disconnected from 165.154.14.28 port 34826 [preauth]
May  5 00:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user root
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session closed for user root
May  5 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session closed for user p13x
May  5 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: Successful su for rubyman by root
May  5 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: + ??? root:rubyman
May  5 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330712 of user rubyman.
May  5 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18915]: pam_unix(su:session): session closed for user rubyman
May  5 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330712.
May  5 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16092]: pam_unix(cron:session): session closed for user root
May  5 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session closed for user root
May  5 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session closed for user samftp
May  5 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user root
May  5 00:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: Failed password for root from 218.92.0.179 port 49318 ssh2
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user p13x
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: Failed password for root from 218.92.0.179 port 49318 ssh2
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19361]: Successful su for rubyman by root
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19361]: + ??? root:rubyman
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330715 of user rubyman.
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19361]: pam_unix(su:session): session closed for user rubyman
May  5 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330715.
May  5 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: Failed password for root from 218.92.0.179 port 49318 ssh2
May  5 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: Received disconnect from 218.92.0.179 port 49318:11:  [preauth]
May  5 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: Disconnected from 218.92.0.179 port 49318 [preauth]
May  5 00:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19271]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16613]: pam_unix(cron:session): session closed for user root
May  5 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session closed for user samftp
May  5 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18442]: pam_unix(cron:session): session closed for user root
May  5 00:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session closed for user p13x
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19774]: Successful su for rubyman by root
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19774]: + ??? root:rubyman
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330720 of user rubyman.
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19774]: pam_unix(su:session): session closed for user rubyman
May  5 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330720.
May  5 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session closed for user root
May  5 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19692]: Received disconnect from 218.92.0.220 port 20474:11:  [preauth]
May  5 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19692]: Disconnected from 218.92.0.220 port 20474 [preauth]
May  5 00:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session closed for user samftp
May  5 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18846]: pam_unix(cron:session): session closed for user root
May  5 00:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  5 00:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Failed password for root from 218.92.0.230 port 53228 ssh2
May  5 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Failed password for root from 218.92.0.230 port 53228 ssh2
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user p13x
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: Successful su for rubyman by root
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: + ??? root:rubyman
May  5 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330724 of user rubyman.
May  5 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: pam_unix(su:session): session closed for user rubyman
May  5 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330724.
May  5 00:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session closed for user root
May  5 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session closed for user samftp
May  5 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Received disconnect from 218.92.0.230 port 37662:11:  [preauth]
May  5 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Disconnected from 218.92.0.230 port 37662 [preauth]
May  5 00:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user root
May  5 00:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  5 00:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: Failed password for root from 218.92.0.230 port 58766 ssh2
May  5 00:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: Received disconnect from 218.92.0.230 port 58766:11:  [preauth]
May  5 00:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20500]: Disconnected from 218.92.0.230 port 58766 [preauth]
May  5 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Failed password for root from 218.92.0.233 port 33876 ssh2
May  5 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 33876 ssh2]
May  5 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Received disconnect from 218.92.0.233 port 33876:11:  [preauth]
May  5 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Disconnected from 218.92.0.233 port 33876 [preauth]
May  5 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 00:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20522]: Failed password for root from 218.92.0.233 port 33880 ssh2
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20535]: pam_unix(cron:session): session closed for user p13x
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20595]: Successful su for rubyman by root
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20595]: + ??? root:rubyman
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330727 of user rubyman.
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20595]: pam_unix(su:session): session closed for user rubyman
May  5 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330727.
May  5 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session closed for user root
May  5 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20536]: pam_unix(cron:session): session closed for user samftp
May  5 00:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19716]: pam_unix(cron:session): session closed for user root
May  5 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Invalid user admin from 139.19.117.131
May  5 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: input_userauth_request: invalid user admin [preauth]
May  5 00:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20924]: Failed password for root from 218.92.0.210 port 5956 ssh2
May  5 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20924]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 5956 ssh2]
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session closed for user root
May  5 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20947]: pam_unix(cron:session): session closed for user p13x
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: Successful su for rubyman by root
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: + ??? root:rubyman
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330731 of user rubyman.
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21011]: pam_unix(su:session): session closed for user rubyman
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330731.
May  5 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Connection closed by 139.19.117.131 port 33198 [preauth]
May  5 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20949]: pam_unix(cron:session): session closed for user root
May  5 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18441]: pam_unix(cron:session): session closed for user root
May  5 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20369]: Connection reset by 218.92.0.230 port 27118 [preauth]
May  5 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20948]: pam_unix(cron:session): session closed for user samftp
May  5 00:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Connection reset by 218.92.0.230 port 35690 [preauth]
May  5 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session closed for user root
May  5 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session closed for user p13x
May  5 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: Successful su for rubyman by root
May  5 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: + ??? root:rubyman
May  5 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330737 of user rubyman.
May  5 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21478]: pam_unix(su:session): session closed for user rubyman
May  5 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330737.
May  5 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18845]: pam_unix(cron:session): session closed for user root
May  5 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21410]: pam_unix(cron:session): session closed for user samftp
May  5 00:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session closed for user root
May  5 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session closed for user p13x
May  5 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22213]: Successful su for rubyman by root
May  5 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22213]: + ??? root:rubyman
May  5 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330741 of user rubyman.
May  5 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22213]: pam_unix(su:session): session closed for user rubyman
May  5 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330741.
May  5 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session closed for user root
May  5 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session closed for user samftp
May  5 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session closed for user root
May  5 00:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: Failed password for root from 218.92.0.179 port 55247 ssh2
May  5 00:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22561]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55247 ssh2]
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user p13x
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22679]: Successful su for rubyman by root
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22679]: + ??? root:rubyman
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330745 of user rubyman.
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22679]: pam_unix(su:session): session closed for user rubyman
May  5 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330745.
May  5 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session closed for user root
May  5 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session closed for user samftp
May  5 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21412]: pam_unix(cron:session): session closed for user root
May  5 00:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Invalid user shi from 165.154.14.28
May  5 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: input_userauth_request: invalid user shi [preauth]
May  5 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Failed password for invalid user shi from 165.154.14.28 port 40342 ssh2
May  5 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Received disconnect from 165.154.14.28 port 40342:11: Bye Bye [preauth]
May  5 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Disconnected from 165.154.14.28 port 40342 [preauth]
May  5 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session closed for user p13x
May  5 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: Successful su for rubyman by root
May  5 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: + ??? root:rubyman
May  5 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330751 of user rubyman.
May  5 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23137]: pam_unix(su:session): session closed for user rubyman
May  5 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330751.
May  5 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user root
May  5 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session closed for user samftp
May  5 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user root
May  5 00:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  5 00:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Failed password for root from 50.235.31.47 port 52530 ssh2
May  5 00:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Connection closed by 50.235.31.47 port 52530 [preauth]
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23585]: pam_unix(cron:session): session closed for user root
May  5 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session closed for user p13x
May  5 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: Successful su for rubyman by root
May  5 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: + ??? root:rubyman
May  5 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330754 of user rubyman.
May  5 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23656]: pam_unix(su:session): session closed for user rubyman
May  5 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330754.
May  5 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23581]: pam_unix(cron:session): session closed for user root
May  5 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session closed for user root
May  5 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23580]: pam_unix(cron:session): session closed for user samftp
May  5 00:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session closed for user root
May  5 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user p13x
May  5 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: Successful su for rubyman by root
May  5 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: + ??? root:rubyman
May  5 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330759 of user rubyman.
May  5 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24204]: pam_unix(su:session): session closed for user rubyman
May  5 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330759.
May  5 00:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20950]: pam_unix(cron:session): session closed for user root
May  5 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user samftp
May  5 00:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: Invalid user x from 195.178.110.50
May  5 00:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: input_userauth_request: invalid user x [preauth]
May  5 00:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session closed for user root
May  5 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: Failed password for invalid user x from 195.178.110.50 port 58574 ssh2
May  5 00:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24427]: Connection closed by 195.178.110.50 port 58574 [preauth]
May  5 00:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Failed password for root from 218.92.0.179 port 10702 ssh2
May  5 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10702 ssh2]
May  5 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Received disconnect from 218.92.0.179 port 10702:11:  [preauth]
May  5 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Disconnected from 218.92.0.179 port 10702 [preauth]
May  5 00:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: Invalid user E from 195.178.110.50
May  5 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: input_userauth_request: invalid user E [preauth]
May  5 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: Failed password for invalid user E from 195.178.110.50 port 25454 ssh2
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24538]: Connection closed by 195.178.110.50 port 25454 [preauth]
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session closed for user p13x
May  5 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: Successful su for rubyman by root
May  5 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: + ??? root:rubyman
May  5 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330764 of user rubyman.
May  5 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24660]: pam_unix(su:session): session closed for user rubyman
May  5 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330764.
May  5 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21411]: pam_unix(cron:session): session closed for user root
May  5 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session closed for user samftp
May  5 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Invalid user p from 195.178.110.50
May  5 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: input_userauth_request: invalid user p [preauth]
May  5 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for invalid user p from 195.178.110.50 port 60196 ssh2
May  5 00:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  5 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Connection closed by 195.178.110.50 port 60196 [preauth]
May  5 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23583]: pam_unix(cron:session): session closed for user root
May  5 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: Failed password for root from 218.92.0.221 port 41594 ssh2
May  5 00:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  5 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Invalid user = from 195.178.110.50
May  5 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: input_userauth_request: invalid user = [preauth]
May  5 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: Failed password for root from 218.92.0.221 port 29122 ssh2
May  5 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: Received disconnect from 218.92.0.221 port 29122:11:  [preauth]
May  5 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24977]: Disconnected from 218.92.0.221 port 29122 [preauth]
May  5 00:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Failed password for invalid user = from 195.178.110.50 port 64922 ssh2
May  5 00:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24917]: Connection closed by 195.178.110.50 port 64922 [preauth]
May  5 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session closed for user p13x
May  5 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25076]: Successful su for rubyman by root
May  5 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25076]: + ??? root:rubyman
May  5 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330767 of user rubyman.
May  5 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25076]: pam_unix(su:session): session closed for user rubyman
May  5 00:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330767.
May  5 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user root
May  5 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user samftp
May  5 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24134]: pam_unix(cron:session): session closed for user root
May  5 00:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 00:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for root from 80.94.95.29 port 44768 ssh2
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 44768 ssh2]
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session closed for user p13x
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25485]: Successful su for rubyman by root
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25485]: + ??? root:rubyman
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330773 of user rubyman.
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25485]: pam_unix(su:session): session closed for user rubyman
May  5 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330773.
May  5 00:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for root from 80.94.95.29 port 44768 ssh2
May  5 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Received disconnect from 80.94.95.29 port 44768:11: Bye [preauth]
May  5 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Disconnected from 80.94.95.29 port 44768 [preauth]
May  5 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session closed for user root
May  5 00:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session closed for user samftp
May  5 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24591]: pam_unix(cron:session): session closed for user root
May  5 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 00:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Invalid user dell from 165.154.14.28
May  5 00:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: input_userauth_request: invalid user dell [preauth]
May  5 00:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: pam_unix(sshd:auth): check pass; user unknown
May  5 00:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Failed password for invalid user dell from 165.154.14.28 port 46356 ssh2
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Received disconnect from 165.154.14.28 port 46356:11: Bye Bye [preauth]
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Disconnected from 165.154.14.28 port 46356 [preauth]
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session closed for user root
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user root
May  5 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25827]: pam_unix(cron:session): session closed for user p13x
May  5 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25924]: Successful su for rubyman by root
May  5 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25924]: + ??? root:rubyman
May  5 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330776 of user rubyman.
May  5 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25924]: pam_unix(su:session): session closed for user rubyman
May  5 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330776.
May  5 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session closed for user root
May  5 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25830]: pam_unix(cron:session): session closed for user root
May  5 01:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user samftp
May  5 01:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Invalid user junior from 134.209.152.88
May  5 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: input_userauth_request: invalid user junior [preauth]
May  5 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.152.88
May  5 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Failed password for invalid user junior from 134.209.152.88 port 44694 ssh2
May  5 01:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Received disconnect from 134.209.152.88 port 44694:11: Bye Bye [preauth]
May  5 01:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26198]: Disconnected from 134.209.152.88 port 44694 [preauth]
May  5 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user root
May  5 01:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 01:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Failed password for root from 176.31.162.135 port 60376 ssh2
May  5 01:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Connection closed by 176.31.162.135 port 60376 [preauth]
May  5 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26330]: pam_unix(cron:session): session closed for user p13x
May  5 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: Successful su for rubyman by root
May  5 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: + ??? root:rubyman
May  5 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330782 of user rubyman.
May  5 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26396]: pam_unix(su:session): session closed for user rubyman
May  5 01:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330782.
May  5 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session closed for user root
May  5 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session closed for user samftp
May  5 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session closed for user root
May  5 01:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26813]: pam_unix(cron:session): session closed for user p13x
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: Successful su for rubyman by root
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: + ??? root:rubyman
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330787 of user rubyman.
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26876]: pam_unix(su:session): session closed for user rubyman
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330787.
May  5 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129  user=root
May  5 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for root from 102.209.62.129 port 48978 ssh2
May  5 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user root
May  5 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Received disconnect from 102.209.62.129 port 48978:11: Bye Bye [preauth]
May  5 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Disconnected from 102.209.62.129 port 48978 [preauth]
May  5 01:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26814]: pam_unix(cron:session): session closed for user samftp
May  5 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session closed for user root
May  5 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session closed for user p13x
May  5 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: Successful su for rubyman by root
May  5 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: + ??? root:rubyman
May  5 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330790 of user rubyman.
May  5 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27360]: pam_unix(su:session): session closed for user rubyman
May  5 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330790.
May  5 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24590]: pam_unix(cron:session): session closed for user root
May  5 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27279]: pam_unix(cron:session): session closed for user samftp
May  5 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26333]: pam_unix(cron:session): session closed for user root
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session closed for user p13x
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: Successful su for rubyman by root
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: + ??? root:rubyman
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330794 of user rubyman.
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: pam_unix(su:session): session closed for user rubyman
May  5 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330794.
May  5 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Invalid user esuser from 87.201.127.149
May  5 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: input_userauth_request: invalid user esuser [preauth]
May  5 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
May  5 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Failed password for invalid user esuser from 87.201.127.149 port 49126 ssh2
May  5 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Received disconnect from 87.201.127.149 port 49126:11: Bye Bye [preauth]
May  5 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: Disconnected from 87.201.127.149 port 49126 [preauth]
May  5 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session closed for user samftp
May  5 01:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26816]: pam_unix(cron:session): session closed for user root
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session closed for user root
May  5 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session closed for user p13x
May  5 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28213]: Successful su for rubyman by root
May  5 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28213]: + ??? root:rubyman
May  5 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330798 of user rubyman.
May  5 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28213]: pam_unix(su:session): session closed for user rubyman
May  5 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330798.
May  5 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session closed for user root
May  5 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session closed for user root
May  5 01:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session closed for user samftp
May  5 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27281]: pam_unix(cron:session): session closed for user root
May  5 01:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: Failed password for root from 218.92.0.179 port 34655 ssh2
May  5 01:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: Invalid user zahid from 102.209.62.129
May  5 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: input_userauth_request: invalid user zahid [preauth]
May  5 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: Failed password for root from 218.92.0.179 port 34655 ssh2
May  5 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28572]: pam_unix(cron:session): session closed for user p13x
May  5 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28644]: Successful su for rubyman by root
May  5 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28644]: + ??? root:rubyman
May  5 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330804 of user rubyman.
May  5 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28644]: pam_unix(su:session): session closed for user rubyman
May  5 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330804.
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: Failed password for root from 218.92.0.179 port 34655 ssh2
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: Received disconnect from 218.92.0.179 port 34655:11:  [preauth]
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: Disconnected from 218.92.0.179 port 34655 [preauth]
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28559]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: Failed password for invalid user zahid from 102.209.62.129 port 46442 ssh2
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: Received disconnect from 102.209.62.129 port 46442:11: Bye Bye [preauth]
May  5 01:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: Disconnected from 102.209.62.129 port 46442 [preauth]
May  5 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25831]: pam_unix(cron:session): session closed for user root
May  5 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28573]: pam_unix(cron:session): session closed for user samftp
May  5 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  5 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for root from 165.154.14.28 port 37186 ssh2
May  5 01:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Received disconnect from 165.154.14.28 port 37186:11: Bye Bye [preauth]
May  5 01:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Disconnected from 165.154.14.28 port 37186 [preauth]
May  5 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 01:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: Failed password for root from 218.92.0.201 port 38892 ssh2
May  5 01:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28827]: message repeated 3 times: [ Failed password for root from 218.92.0.201 port 38892 ssh2]
May  5 01:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Failed password for root from 87.201.127.149 port 33270 ssh2
May  5 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Received disconnect from 87.201.127.149 port 33270:11: Bye Bye [preauth]
May  5 01:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28897]: Disconnected from 87.201.127.149 port 33270 [preauth]
May  5 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session closed for user root
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session closed for user p13x
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: Successful su for rubyman by root
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: + ??? root:rubyman
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330809 of user rubyman.
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29148]: pam_unix(su:session): session closed for user rubyman
May  5 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330809.
May  5 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26332]: pam_unix(cron:session): session closed for user root
May  5 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session closed for user samftp
May  5 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28147]: pam_unix(cron:session): session closed for user root
May  5 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  5 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Failed password for root from 218.92.0.231 port 11978 ssh2
May  5 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 11978 ssh2]
May  5 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Received disconnect from 218.92.0.231 port 11978:11:  [preauth]
May  5 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: Disconnected from 218.92.0.231 port 11978 [preauth]
May  5 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29439]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session closed for user p13x
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: Successful su for rubyman by root
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: + ??? root:rubyman
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330813 of user rubyman.
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29565]: pam_unix(su:session): session closed for user rubyman
May  5 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330813.
May  5 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26815]: pam_unix(cron:session): session closed for user root
May  5 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session closed for user samftp
May  5 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129  user=root
May  5 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: Failed password for root from 102.209.62.129 port 55472 ssh2
May  5 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: Received disconnect from 102.209.62.129 port 55472:11: Bye Bye [preauth]
May  5 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29783]: Disconnected from 102.209.62.129 port 55472 [preauth]
May  5 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Failed password for root from 87.201.127.149 port 40856 ssh2
May  5 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Received disconnect from 87.201.127.149 port 40856:11: Bye Bye [preauth]
May  5 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Disconnected from 87.201.127.149 port 40856 [preauth]
May  5 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28575]: pam_unix(cron:session): session closed for user root
May  5 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user p13x
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: Successful su for rubyman by root
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: + ??? root:rubyman
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330816 of user rubyman.
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: pam_unix(su:session): session closed for user rubyman
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330816.
May  5 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user root
May  5 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27280]: pam_unix(cron:session): session closed for user root
May  5 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session closed for user samftp
May  5 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28998]: pam_unix(cron:session): session closed for user root
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30404]: pam_unix(cron:session): session closed for user root
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30399]: pam_unix(cron:session): session closed for user p13x
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: Successful su for rubyman by root
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: + ??? root:rubyman
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330824 of user rubyman.
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: pam_unix(su:session): session closed for user rubyman
May  5 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330824.
May  5 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session closed for user root
May  5 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session closed for user root
May  5 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30400]: pam_unix(cron:session): session closed for user samftp
May  5 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Failed password for root from 190.103.202.7 port 60880 ssh2
May  5 01:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Connection closed by 190.103.202.7 port 60880 [preauth]
May  5 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Failed password for root from 87.201.127.149 port 48436 ssh2
May  5 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Received disconnect from 87.201.127.149 port 48436:11: Bye Bye [preauth]
May  5 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30708]: Disconnected from 87.201.127.149 port 48436 [preauth]
May  5 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30742]: Did not receive identification string from 68.183.12.36
May  5 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Invalid user  from 196.251.88.103
May  5 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: input_userauth_request: invalid user  [preauth]
May  5 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session closed for user root
May  5 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: Invalid user taibabi from 102.209.62.129
May  5 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: input_userauth_request: invalid user taibabi [preauth]
May  5 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: Failed password for invalid user taibabi from 102.209.62.129 port 36270 ssh2
May  5 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: Received disconnect from 102.209.62.129 port 36270:11: Bye Bye [preauth]
May  5 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30773]: Disconnected from 102.209.62.129 port 36270 [preauth]
May  5 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Connection closed by 196.251.88.103 port 33084 [preauth]
May  5 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session closed for user p13x
May  5 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: Successful su for rubyman by root
May  5 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: + ??? root:rubyman
May  5 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330828 of user rubyman.
May  5 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30901]: pam_unix(su:session): session closed for user rubyman
May  5 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330828.
May  5 01:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session closed for user root
May  5 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user samftp
May  5 01:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Invalid user kingbase from 196.251.88.103
May  5 01:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: input_userauth_request: invalid user kingbase [preauth]
May  5 01:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Failed password for invalid user kingbase from 196.251.88.103 port 41774 ssh2
May  5 01:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Connection closed by 196.251.88.103 port 41774 [preauth]
May  5 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29920]: pam_unix(cron:session): session closed for user root
May  5 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Failed password for root from 196.251.88.103 port 36292 ssh2
May  5 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: Connection closed by 196.251.88.103 port 36292 [preauth]
May  5 01:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for root from 196.251.88.103 port 59044 ssh2
May  5 01:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Connection closed by 196.251.88.103 port 59044 [preauth]
May  5 01:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Invalid user elsearch from 196.251.88.103
May  5 01:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: input_userauth_request: invalid user elsearch [preauth]
May  5 01:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Failed password for invalid user elsearch from 196.251.88.103 port 53566 ssh2
May  5 01:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Connection closed by 196.251.88.103 port 53566 [preauth]
May  5 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: Invalid user vagrant from 196.251.88.103
May  5 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: input_userauth_request: invalid user vagrant [preauth]
May  5 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: Failed password for invalid user vagrant from 196.251.88.103 port 48084 ssh2
May  5 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31233]: Connection closed by 196.251.88.103 port 48084 [preauth]
May  5 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Invalid user demo from 196.251.88.103
May  5 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: input_userauth_request: invalid user demo [preauth]
May  5 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Failed password for invalid user demo from 196.251.88.103 port 42596 ssh2
May  5 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Connection closed by 196.251.88.103 port 42596 [preauth]
May  5 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31258]: pam_unix(cron:session): session closed for user p13x
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: Successful su for rubyman by root
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: + ??? root:rubyman
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330831 of user rubyman.
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31324]: pam_unix(su:session): session closed for user rubyman
May  5 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330831.
May  5 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28574]: pam_unix(cron:session): session closed for user root
May  5 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Invalid user wang from 196.251.88.103
May  5 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: input_userauth_request: invalid user wang [preauth]
May  5 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31259]: pam_unix(cron:session): session closed for user samftp
May  5 01:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Failed password for invalid user wang from 196.251.88.103 port 37108 ssh2
May  5 01:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31325]: Connection closed by 196.251.88.103 port 37108 [preauth]
May  5 01:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Invalid user wafer from 87.201.127.149
May  5 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: input_userauth_request: invalid user wafer [preauth]
May  5 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Failed password for invalid user wafer from 87.201.127.149 port 56016 ssh2
May  5 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: User mysql from 196.251.88.103 not allowed because not listed in AllowUsers
May  5 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: input_userauth_request: invalid user mysql [preauth]
May  5 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Received disconnect from 87.201.127.149 port 56016:11: Bye Bye [preauth]
May  5 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Disconnected from 87.201.127.149 port 56016 [preauth]
May  5 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=mysql
May  5 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Failed password for invalid user mysql from 196.251.88.103 port 59852 ssh2
May  5 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Connection closed by 196.251.88.103 port 59852 [preauth]
May  5 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: Invalid user developer from 196.251.88.103
May  5 01:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: input_userauth_request: invalid user developer [preauth]
May  5 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: Failed password for invalid user developer from 196.251.88.103 port 54368 ssh2
May  5 01:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: Connection closed by 196.251.88.103 port 54368 [preauth]
May  5 01:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Invalid user test from 165.154.14.28
May  5 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: input_userauth_request: invalid user test [preauth]
May  5 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user test from 165.154.14.28 port 33608 ssh2
May  5 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Received disconnect from 165.154.14.28 port 33608:11: Bye Bye [preauth]
May  5 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Disconnected from 165.154.14.28 port 33608 [preauth]
May  5 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Invalid user user from 196.251.88.103
May  5 01:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: input_userauth_request: invalid user user [preauth]
May  5 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  5 01:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Failed password for invalid user user from 196.251.88.103 port 48880 ssh2
May  5 01:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Connection closed by 196.251.88.103 port 48880 [preauth]
May  5 01:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 218.92.0.236 port 33040 ssh2
May  5 01:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 218.92.0.236 port 33040 ssh2
May  5 01:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: Failed password for root from 196.251.88.103 port 43398 ssh2
May  5 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 218.92.0.236 port 33040 ssh2
May  5 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Received disconnect from 218.92.0.236 port 33040:11:  [preauth]
May  5 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Disconnected from 218.92.0.236 port 33040 [preauth]
May  5 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  5 01:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31574]: Connection closed by 196.251.88.103 port 43398 [preauth]
May  5 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30403]: pam_unix(cron:session): session closed for user root
May  5 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: Invalid user postgres from 196.251.88.103
May  5 01:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: input_userauth_request: invalid user postgres [preauth]
May  5 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Invalid user samba from 196.251.88.103
May  5 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: input_userauth_request: invalid user samba [preauth]
May  5 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: Failed password for invalid user postgres from 196.251.88.103 port 37918 ssh2
May  5 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31585]: Connection closed by 196.251.88.103 port 37918 [preauth]
May  5 01:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for root from 218.92.0.179 port 19632 ssh2
May  5 01:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Failed password for invalid user samba from 196.251.88.103 port 60664 ssh2
May  5 01:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Connection closed by 196.251.88.103 port 60664 [preauth]
May  5 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for root from 218.92.0.179 port 19632 ssh2
May  5 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for root from 218.92.0.179 port 19632 ssh2
May  5 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Received disconnect from 218.92.0.179 port 19632:11:  [preauth]
May  5 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Disconnected from 218.92.0.179 port 19632 [preauth]
May  5 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Invalid user deployer from 196.251.88.103
May  5 01:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: input_userauth_request: invalid user deployer [preauth]
May  5 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Failed password for invalid user deployer from 196.251.88.103 port 54946 ssh2
May  5 01:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31657]: Connection closed by 196.251.88.103 port 54946 [preauth]
May  5 01:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129  user=root
May  5 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Failed password for root from 102.209.62.129 port 45306 ssh2
May  5 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Received disconnect from 102.209.62.129 port 45306:11: Bye Bye [preauth]
May  5 01:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31671]: Disconnected from 102.209.62.129 port 45306 [preauth]
May  5 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Invalid user server from 196.251.88.103
May  5 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: input_userauth_request: invalid user server [preauth]
May  5 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for invalid user server from 196.251.88.103 port 49462 ssh2
May  5 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Connection closed by 196.251.88.103 port 49462 [preauth]
May  5 01:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31706]: pam_unix(cron:session): session closed for user p13x
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31767]: Successful su for rubyman by root
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31767]: + ??? root:rubyman
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330835 of user rubyman.
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31767]: pam_unix(su:session): session closed for user rubyman
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330835.
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: Invalid user ftpuser from 196.251.88.103
May  5 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: input_userauth_request: invalid user ftpuser [preauth]
May  5 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session closed for user root
May  5 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: Failed password for invalid user ftpuser from 196.251.88.103 port 43982 ssh2
May  5 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31702]: Connection closed by 196.251.88.103 port 43982 [preauth]
May  5 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31707]: pam_unix(cron:session): session closed for user samftp
May  5 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Invalid user opc from 196.251.88.103
May  5 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: input_userauth_request: invalid user opc [preauth]
May  5 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Failed password for invalid user opc from 196.251.88.103 port 38496 ssh2
May  5 01:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Connection closed by 196.251.88.103 port 38496 [preauth]
May  5 01:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: Invalid user oscar from 196.251.88.103
May  5 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: input_userauth_request: invalid user oscar [preauth]
May  5 01:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: Failed password for invalid user oscar from 196.251.88.103 port 33010 ssh2
May  5 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31977]: Connection closed by 196.251.88.103 port 33010 [preauth]
May  5 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Invalid user oracle from 196.251.88.103
May  5 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: input_userauth_request: invalid user oracle [preauth]
May  5 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Failed password for invalid user oracle from 196.251.88.103 port 55754 ssh2
May  5 01:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32002]: Connection closed by 196.251.88.103 port 55754 [preauth]
May  5 01:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: Invalid user admin from 196.251.88.103
May  5 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: input_userauth_request: invalid user admin [preauth]
May  5 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: Failed password for invalid user admin from 196.251.88.103 port 50266 ssh2
May  5 01:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32026]: Connection closed by 196.251.88.103 port 50266 [preauth]
May  5 01:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Invalid user dmdba from 196.251.88.103
May  5 01:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: input_userauth_request: invalid user dmdba [preauth]
May  5 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user root
May  5 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Failed password for invalid user dmdba from 196.251.88.103 port 44786 ssh2
May  5 01:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Connection closed by 196.251.88.103 port 44786 [preauth]
May  5 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Invalid user odoo from 196.251.88.103
May  5 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: input_userauth_request: invalid user odoo [preauth]
May  5 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Failed password for invalid user odoo from 196.251.88.103 port 39298 ssh2
May  5 01:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Connection closed by 196.251.88.103 port 39298 [preauth]
May  5 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Failed password for root from 196.251.88.103 port 33812 ssh2
May  5 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Connection closed by 196.251.88.103 port 33812 [preauth]
May  5 01:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: User mysql from 196.251.88.103 not allowed because not listed in AllowUsers
May  5 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: input_userauth_request: invalid user mysql [preauth]
May  5 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=mysql
May  5 01:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Failed password for invalid user mysql from 196.251.88.103 port 56556 ssh2
May  5 01:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Connection closed by 196.251.88.103 port 56556 [preauth]
May  5 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: Failed password for root from 87.201.127.149 port 35360 ssh2
May  5 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: Received disconnect from 87.201.127.149 port 35360:11: Bye Bye [preauth]
May  5 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32111]: Disconnected from 87.201.127.149 port 35360 [preauth]
May  5 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Invalid user dev from 196.251.88.103
May  5 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: input_userauth_request: invalid user dev [preauth]
May  5 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for invalid user dev from 196.251.88.103 port 51072 ssh2
May  5 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Connection closed by 196.251.88.103 port 51072 [preauth]
May  5 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Invalid user docker from 196.251.88.103
May  5 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: input_userauth_request: invalid user docker [preauth]
May  5 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32136]: pam_unix(cron:session): session closed for user p13x
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32202]: Successful su for rubyman by root
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32202]: + ??? root:rubyman
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330839 of user rubyman.
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32202]: pam_unix(su:session): session closed for user rubyman
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330839.
May  5 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Failed password for invalid user docker from 196.251.88.103 port 45588 ssh2
May  5 01:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session closed for user root
May  5 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32131]: Connection closed by 196.251.88.103 port 45588 [preauth]
May  5 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32137]: pam_unix(cron:session): session closed for user samftp
May  5 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Invalid user user2 from 196.251.88.103
May  5 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: input_userauth_request: invalid user user2 [preauth]
May  5 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Failed password for invalid user user2 from 196.251.88.103 port 40104 ssh2
May  5 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32353]: Connection closed by 196.251.88.103 port 40104 [preauth]
May  5 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Invalid user gitlab-runner from 196.251.88.103
May  5 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Failed password for invalid user gitlab-runner from 196.251.88.103 port 34616 ssh2
May  5 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Connection closed by 196.251.88.103 port 34616 [preauth]
May  5 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Failed password for root from 196.251.88.103 port 57362 ssh2
May  5 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32413]: Connection closed by 196.251.88.103 port 57362 [preauth]
May  5 01:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Failed password for root from 196.251.88.103 port 51874 ssh2
May  5 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32424]: Connection closed by 196.251.88.103 port 51874 [preauth]
May  5 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Invalid user runner from 196.251.88.103
May  5 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: input_userauth_request: invalid user runner [preauth]
May  5 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Failed password for invalid user runner from 196.251.88.103 port 46388 ssh2
May  5 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32447]: Connection closed by 196.251.88.103 port 46388 [preauth]
May  5 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31261]: pam_unix(cron:session): session closed for user root
May  5 01:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Invalid user server from 196.251.88.103
May  5 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: input_userauth_request: invalid user server [preauth]
May  5 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for invalid user server from 196.251.88.103 port 40906 ssh2
May  5 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 196.251.88.103 port 40906 [preauth]
May  5 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Failed password for root from 196.251.88.103 port 35426 ssh2
May  5 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Connection closed by 196.251.88.103 port 35426 [preauth]
May  5 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Invalid user wang from 196.251.88.103
May  5 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: input_userauth_request: invalid user wang [preauth]
May  5 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Failed password for invalid user wang from 196.251.88.103 port 58174 ssh2
May  5 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Connection closed by 196.251.88.103 port 58174 [preauth]
May  5 01:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Invalid user tom from 196.251.88.103
May  5 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: input_userauth_request: invalid user tom [preauth]
May  5 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Failed password for invalid user tom from 196.251.88.103 port 52692 ssh2
May  5 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Invalid user nfs from 102.209.62.129
May  5 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: input_userauth_request: invalid user nfs [preauth]
May  5 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Connection closed by 196.251.88.103 port 52692 [preauth]
May  5 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Failed password for invalid user nfs from 102.209.62.129 port 54336 ssh2
May  5 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Received disconnect from 102.209.62.129 port 54336:11: Bye Bye [preauth]
May  5 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Disconnected from 102.209.62.129 port 54336 [preauth]
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32572]: pam_unix(cron:session): session closed for user root
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32567]: pam_unix(cron:session): session closed for user p13x
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Invalid user amir from 196.251.88.103
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: input_userauth_request: invalid user amir [preauth]
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32738]: Successful su for rubyman by root
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32738]: + ??? root:rubyman
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330845 of user rubyman.
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32738]: pam_unix(su:session): session closed for user rubyman
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330845.
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32569]: pam_unix(cron:session): session closed for user root
May  5 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29919]: pam_unix(cron:session): session closed for user root
May  5 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Failed password for invalid user amir from 196.251.88.103 port 47202 ssh2
May  5 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32554]: Connection closed by 196.251.88.103 port 47202 [preauth]
May  5 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32568]: pam_unix(cron:session): session closed for user samftp
May  5 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: Invalid user oracle from 196.251.88.103
May  5 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: input_userauth_request: invalid user oracle [preauth]
May  5 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: Failed password for invalid user oracle from 196.251.88.103 port 41676 ssh2
May  5 01:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[514]: Connection closed by 196.251.88.103 port 41676 [preauth]
May  5 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Invalid user www from 196.251.88.103
May  5 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: input_userauth_request: invalid user www [preauth]
May  5 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Failed password for invalid user www from 196.251.88.103 port 57822 ssh2
May  5 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Connection closed by 196.251.88.103 port 57822 [preauth]
May  5 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Invalid user www from 196.251.88.103
May  5 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: input_userauth_request: invalid user www [preauth]
May  5 01:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Failed password for invalid user www from 196.251.88.103 port 36230 ssh2
May  5 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Invalid user gitlab from 196.251.88.103
May  5 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: input_userauth_request: invalid user gitlab [preauth]
May  5 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Connection closed by 196.251.88.103 port 36230 [preauth]
May  5 01:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Failed password for invalid user gitlab from 196.251.88.103 port 51692 ssh2
May  5 01:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[583]: Connection closed by 196.251.88.103 port 51692 [preauth]
May  5 01:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31709]: pam_unix(cron:session): session closed for user root
May  5 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[595]: Failed password for root from 196.251.88.103 port 46204 ssh2
May  5 01:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[595]: Connection closed by 196.251.88.103 port 46204 [preauth]
May  5 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Invalid user junior from 87.201.127.149
May  5 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: input_userauth_request: invalid user junior [preauth]
May  5 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Invalid user postgres from 196.251.88.103
May  5 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: input_userauth_request: invalid user postgres [preauth]
May  5 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Failed password for invalid user junior from 87.201.127.149 port 42938 ssh2
May  5 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Received disconnect from 87.201.127.149 port 42938:11: Bye Bye [preauth]
May  5 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Disconnected from 87.201.127.149 port 42938 [preauth]
May  5 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Failed password for invalid user postgres from 196.251.88.103 port 40718 ssh2
May  5 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Connection closed by 196.251.88.103 port 40718 [preauth]
May  5 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Invalid user test from 196.251.88.103
May  5 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: input_userauth_request: invalid user test [preauth]
May  5 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Failed password for invalid user test from 196.251.88.103 port 35236 ssh2
May  5 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Connection closed by 196.251.88.103 port 35236 [preauth]
May  5 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Invalid user debian from 196.251.88.103
May  5 01:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: input_userauth_request: invalid user debian [preauth]
May  5 01:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Failed password for invalid user debian from 196.251.88.103 port 57986 ssh2
May  5 01:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[669]: Connection closed by 196.251.88.103 port 57986 [preauth]
May  5 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Failed password for root from 196.251.88.103 port 52502 ssh2
May  5 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Connection closed by 196.251.88.103 port 52502 [preauth]
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session closed for user p13x
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[777]: Successful su for rubyman by root
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[777]: + ??? root:rubyman
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330849 of user rubyman.
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[777]: pam_unix(su:session): session closed for user rubyman
May  5 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330849.
May  5 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session closed for user root
May  5 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[702]: pam_unix(cron:session): session closed for user samftp
May  5 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: Invalid user minecraft from 196.251.88.103
May  5 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: input_userauth_request: invalid user minecraft [preauth]
May  5 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: Failed password for invalid user minecraft from 196.251.88.103 port 47018 ssh2
May  5 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: Connection closed by 196.251.88.103 port 47018 [preauth]
May  5 01:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Failed password for root from 196.251.88.103 port 41528 ssh2
May  5 01:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Connection closed by 196.251.88.103 port 41528 [preauth]
May  5 01:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Invalid user steam from 196.251.88.103
May  5 01:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: input_userauth_request: invalid user steam [preauth]
May  5 01:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Invalid user btc from 68.183.12.36
May  5 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: input_userauth_request: invalid user btc [preauth]
May  5 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Failed password for invalid user steam from 196.251.88.103 port 34422 ssh2
May  5 01:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for invalid user btc from 68.183.12.36 port 60686 ssh2
May  5 01:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Connection closed by 68.183.12.36 port 60686 [preauth]
May  5 01:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[999]: Connection closed by 196.251.88.103 port 34422 [preauth]
May  5 01:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: User proxy from 196.251.88.103 not allowed because not listed in AllowUsers
May  5 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: input_userauth_request: invalid user proxy [preauth]
May  5 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=proxy
May  5 01:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: Failed password for invalid user proxy from 196.251.88.103 port 56262 ssh2
May  5 01:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: Connection closed by 196.251.88.103 port 56262 [preauth]
May  5 01:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Invalid user deploy from 196.251.88.103
May  5 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: input_userauth_request: invalid user deploy [preauth]
May  5 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for invalid user deploy from 196.251.88.103 port 50788 ssh2
May  5 01:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Connection closed by 196.251.88.103 port 50788 [preauth]
May  5 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32139]: pam_unix(cron:session): session closed for user root
May  5 01:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Failed password for root from 196.251.88.103 port 45312 ssh2
May  5 01:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Connection closed by 196.251.88.103 port 45312 [preauth]
May  5 01:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: Invalid user docker from 196.251.88.103
May  5 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: input_userauth_request: invalid user docker [preauth]
May  5 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: Failed password for invalid user docker from 196.251.88.103 port 39832 ssh2
May  5 01:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1087]: Connection closed by 196.251.88.103 port 39832 [preauth]
May  5 01:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Invalid user nginx from 196.251.88.103
May  5 01:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: input_userauth_request: invalid user nginx [preauth]
May  5 01:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Failed password for invalid user nginx from 196.251.88.103 port 34344 ssh2
May  5 01:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1113]: Connection closed by 196.251.88.103 port 34344 [preauth]
May  5 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Failed password for root from 218.92.0.179 port 13638 ssh2
May  5 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Failed password for root from 218.92.0.179 port 13638 ssh2
May  5 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Invalid user postgres from 196.251.88.103
May  5 01:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: input_userauth_request: invalid user postgres [preauth]
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Failed password for root from 218.92.0.179 port 13638 ssh2
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Received disconnect from 218.92.0.179 port 13638:11:  [preauth]
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Disconnected from 218.92.0.179 port 13638 [preauth]
May  5 01:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1149]: pam_unix(cron:session): session closed for user root
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session closed for user p13x
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: Successful su for rubyman by root
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: + ??? root:rubyman
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330854 of user rubyman.
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1239]: pam_unix(su:session): session closed for user rubyman
May  5 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330854.
May  5 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Failed password for invalid user postgres from 196.251.88.103 port 51614 ssh2
May  5 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Failed password for root from 196.251.88.103 port 57094 ssh2
May  5 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1147]: Connection closed by 196.251.88.103 port 51614 [preauth]
May  5 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1133]: Connection closed by 196.251.88.103 port 57094 [preauth]
May  5 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user root
May  5 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session closed for user samftp
May  5 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Invalid user factorio from 196.251.88.103
May  5 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: input_userauth_request: invalid user factorio [preauth]
May  5 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Failed password for invalid user factorio from 196.251.88.103 port 46126 ssh2
May  5 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Connection closed by 196.251.88.103 port 46126 [preauth]
May  5 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Invalid user wolli from 102.209.62.129
May  5 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: input_userauth_request: invalid user wolli [preauth]
May  5 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Invalid user ubuntu from 196.251.88.103
May  5 01:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: input_userauth_request: invalid user ubuntu [preauth]
May  5 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Failed password for invalid user wolli from 102.209.62.129 port 35132 ssh2
May  5 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Received disconnect from 102.209.62.129 port 35132:11: Bye Bye [preauth]
May  5 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Disconnected from 102.209.62.129 port 35132 [preauth]
May  5 01:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Failed password for invalid user ubuntu from 196.251.88.103 port 40640 ssh2
May  5 01:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1479]: Connection closed by 196.251.88.103 port 40640 [preauth]
May  5 01:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: Invalid user hadoop from 196.251.88.103
May  5 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: input_userauth_request: invalid user hadoop [preauth]
May  5 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: Failed password for invalid user hadoop from 196.251.88.103 port 35154 ssh2
May  5 01:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: Connection closed by 196.251.88.103 port 35154 [preauth]
May  5 01:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1515]: Failed password for root from 196.251.88.103 port 57906 ssh2
May  5 01:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1515]: Connection closed by 196.251.88.103 port 57906 [preauth]
May  5 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Invalid user es from 196.251.88.103
May  5 01:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: input_userauth_request: invalid user es [preauth]
May  5 01:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Invalid user dima from 87.201.127.149
May  5 01:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: input_userauth_request: invalid user dima [preauth]
May  5 01:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Failed password for invalid user es from 196.251.88.103 port 52418 ssh2
May  5 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1539]: Connection closed by 196.251.88.103 port 52418 [preauth]
May  5 01:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Failed password for invalid user dima from 87.201.127.149 port 50516 ssh2
May  5 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Received disconnect from 87.201.127.149 port 50516:11: Bye Bye [preauth]
May  5 01:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Disconnected from 87.201.127.149 port 50516 [preauth]
May  5 01:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.201.61.225  user=root
May  5 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32571]: pam_unix(cron:session): session closed for user root
May  5 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Failed password for root from 101.201.61.225 port 46474 ssh2
May  5 01:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1505]: Connection closed by 101.201.61.225 port 46474 [preauth]
May  5 01:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Failed password for root from 196.251.88.103 port 46934 ssh2
May  5 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Connection closed by 196.251.88.103 port 46934 [preauth]
May  5 01:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Invalid user gitlab-runner from 196.251.88.103
May  5 01:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Failed password for invalid user gitlab-runner from 196.251.88.103 port 41458 ssh2
May  5 01:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: Invalid user appuser from 196.251.88.103
May  5 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: input_userauth_request: invalid user appuser [preauth]
May  5 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Connection closed by 196.251.88.103 port 41458 [preauth]
May  5 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: Failed password for invalid user appuser from 196.251.88.103 port 35978 ssh2
May  5 01:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: Connection closed by 196.251.88.103 port 35978 [preauth]
May  5 01:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: Invalid user nginx from 196.251.88.103
May  5 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: input_userauth_request: invalid user nginx [preauth]
May  5 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: Failed password for invalid user nginx from 196.251.88.103 port 46754 ssh2
May  5 01:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1646]: Connection closed by 196.251.88.103 port 46754 [preauth]
May  5 01:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Failed password for root from 196.251.88.103 port 41014 ssh2
May  5 01:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Connection closed by 196.251.88.103 port 41014 [preauth]
May  5 01:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session closed for user p13x
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1756]: Successful su for rubyman by root
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1756]: + ??? root:rubyman
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330859 of user rubyman.
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1756]: pam_unix(su:session): session closed for user rubyman
May  5 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330859.
May  5 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Failed password for root from 196.251.88.103 port 46792 ssh2
May  5 01:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Connection closed by 196.251.88.103 port 46792 [preauth]
May  5 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31260]: pam_unix(cron:session): session closed for user root
May  5 01:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session closed for user samftp
May  5 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Invalid user hadoop from 196.251.88.103
May  5 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: input_userauth_request: invalid user hadoop [preauth]
May  5 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Failed password for invalid user hadoop from 196.251.88.103 port 41282 ssh2
May  5 01:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1971]: Connection closed by 196.251.88.103 port 41282 [preauth]
May  5 01:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Invalid user lighthouse from 196.251.88.103
May  5 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: input_userauth_request: invalid user lighthouse [preauth]
May  5 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Failed password for invalid user lighthouse from 196.251.88.103 port 49518 ssh2
May  5 01:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Connection closed by 196.251.88.103 port 49518 [preauth]
May  5 01:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Invalid user jfedu1 from 196.251.88.103
May  5 01:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: input_userauth_request: invalid user jfedu1 [preauth]
May  5 01:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Failed password for invalid user jfedu1 from 196.251.88.103 port 44032 ssh2
May  5 01:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Connection closed by 196.251.88.103 port 44032 [preauth]
May  5 01:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Invalid user test from 196.251.88.103
May  5 01:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: input_userauth_request: invalid user test [preauth]
May  5 01:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Failed password for invalid user test from 196.251.88.103 port 38548 ssh2
May  5 01:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Connection closed by 196.251.88.103 port 38548 [preauth]
May  5 01:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user test from 165.154.14.28
May  5 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user test [preauth]
May  5 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user test from 165.154.14.28 port 48362 ssh2
May  5 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Received disconnect from 165.154.14.28 port 48362:11: Bye Bye [preauth]
May  5 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Disconnected from 165.154.14.28 port 48362 [preauth]
May  5 01:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Failed password for root from 196.251.88.103 port 32952 ssh2
May  5 01:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Connection closed by 196.251.88.103 port 32952 [preauth]
May  5 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[704]: pam_unix(cron:session): session closed for user root
May  5 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Invalid user dmdba from 196.251.88.103
May  5 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: input_userauth_request: invalid user dmdba [preauth]
May  5 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Failed password for invalid user dmdba from 196.251.88.103 port 54680 ssh2
May  5 01:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Connection closed by 196.251.88.103 port 54680 [preauth]
May  5 01:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user weblogic from 196.251.88.103
May  5 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user weblogic [preauth]
May  5 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user weblogic from 196.251.88.103 port 47514 ssh2
May  5 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 196.251.88.103 port 47514 [preauth]
May  5 01:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  5 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Failed password for root from 196.251.88.103 port 42030 ssh2
May  5 01:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Connection closed by 196.251.88.103 port 42030 [preauth]
May  5 01:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for root from 218.92.0.218 port 55804 ssh2
May  5 01:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for root from 218.92.0.218 port 55804 ssh2
May  5 01:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for root from 218.92.0.218 port 55804 ssh2
May  5 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Received disconnect from 218.92.0.218 port 55804:11:  [preauth]
May  5 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Disconnected from 218.92.0.218 port 55804 [preauth]
May  5 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  5 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Failed password for root from 196.251.88.103 port 35498 ssh2
May  5 01:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2201]: Connection closed by 196.251.88.103 port 35498 [preauth]
May  5 01:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Failed password for root from 196.251.88.103 port 58142 ssh2
May  5 01:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2213]: Connection closed by 196.251.88.103 port 58142 [preauth]
May  5 01:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2245]: pam_unix(cron:session): session closed for user p13x
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2306]: Successful su for rubyman by root
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2306]: + ??? root:rubyman
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330862 of user rubyman.
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2306]: pam_unix(su:session): session closed for user rubyman
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330862.
May  5 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for root from 196.251.88.103 port 52766 ssh2
May  5 01:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Connection closed by 196.251.88.103 port 52766 [preauth]
May  5 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31708]: pam_unix(cron:session): session closed for user root
May  5 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2246]: pam_unix(cron:session): session closed for user samftp
May  5 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Invalid user admin from 196.251.88.103
May  5 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: input_userauth_request: invalid user admin [preauth]
May  5 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Failed password for invalid user admin from 196.251.88.103 port 47290 ssh2
May  5 01:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2510]: Connection closed by 196.251.88.103 port 47290 [preauth]
May  5 01:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Invalid user user from 196.251.88.103
May  5 01:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: input_userauth_request: invalid user user [preauth]
May  5 01:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Failed password for invalid user user from 196.251.88.103 port 41806 ssh2
May  5 01:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Connection closed by 196.251.88.103 port 41806 [preauth]
May  5 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Invalid user user2 from 196.251.88.103
May  5 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: input_userauth_request: invalid user user2 [preauth]
May  5 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Failed password for root from 87.201.127.149 port 58090 ssh2
May  5 01:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Received disconnect from 87.201.127.149 port 58090:11: Bye Bye [preauth]
May  5 01:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Disconnected from 87.201.127.149 port 58090 [preauth]
May  5 01:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Failed password for invalid user user2 from 196.251.88.103 port 36322 ssh2
May  5 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Invalid user abhi from 102.209.62.129
May  5 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: input_userauth_request: invalid user abhi [preauth]
May  5 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2569]: Connection closed by 196.251.88.103 port 36322 [preauth]
May  5 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Failed password for invalid user abhi from 102.209.62.129 port 44158 ssh2
May  5 01:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Received disconnect from 102.209.62.129 port 44158:11: Bye Bye [preauth]
May  5 01:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2571]: Disconnected from 102.209.62.129 port 44158 [preauth]
May  5 01:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Failed password for root from 196.251.88.103 port 59072 ssh2
May  5 01:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Connection closed by 196.251.88.103 port 59072 [preauth]
May  5 01:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: Invalid user ubuntu from 196.251.88.103
May  5 01:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: input_userauth_request: invalid user ubuntu [preauth]
May  5 01:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: Failed password for invalid user ubuntu from 196.251.88.103 port 53584 ssh2
May  5 01:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: Connection closed by 196.251.88.103 port 53584 [preauth]
May  5 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1157]: pam_unix(cron:session): session closed for user root
May  5 01:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Invalid user tools from 196.251.88.103
May  5 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: input_userauth_request: invalid user tools [preauth]
May  5 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Failed password for invalid user tools from 196.251.88.103 port 48098 ssh2
May  5 01:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2686]: Connection closed by 196.251.88.103 port 48098 [preauth]
May  5 01:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: Invalid user hive from 101.201.61.225
May  5 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: input_userauth_request: invalid user hive [preauth]
May  5 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.201.61.225
May  5 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: Failed password for root from 196.251.88.103 port 52310 ssh2
May  5 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2721]: Connection closed by 196.251.88.103 port 52310 [preauth]
May  5 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: Failed password for invalid user hive from 101.201.61.225 port 40790 ssh2
May  5 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2727]: Connection closed by 101.201.61.225 port 40790 [preauth]
May  5 01:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Invalid user kingbase from 196.251.88.103
May  5 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: input_userauth_request: invalid user kingbase [preauth]
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Invalid user nginx from 101.201.61.225
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: input_userauth_request: invalid user nginx [preauth]
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.201.61.225
May  5 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for invalid user kingbase from 196.251.88.103 port 46824 ssh2
May  5 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Connection closed by 196.251.88.103 port 46824 [preauth]
May  5 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Failed password for invalid user nginx from 101.201.61.225 port 34584 ssh2
May  5 01:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2764]: Connection closed by 101.201.61.225 port 34584 [preauth]
May  5 01:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Invalid user user from 101.201.61.225
May  5 01:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: input_userauth_request: invalid user user [preauth]
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2788]: pam_unix(cron:session): session closed for user root
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2783]: pam_unix(cron:session): session closed for user p13x
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: Successful su for rubyman by root
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: + ??? root:rubyman
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330866 of user rubyman.
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2857]: pam_unix(su:session): session closed for user rubyman
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330866.
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.201.61.225
May  5 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Invalid user esearch from 196.251.88.103
May  5 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: input_userauth_request: invalid user esearch [preauth]
May  5 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2785]: pam_unix(cron:session): session closed for user root
May  5 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Failed password for invalid user user from 101.201.61.225 port 34602 ssh2
May  5 01:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2776]: Connection closed by 101.201.61.225 port 34602 [preauth]
May  5 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Failed password for invalid user esearch from 196.251.88.103 port 41342 ssh2
May  5 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2779]: Connection closed by 196.251.88.103 port 41342 [preauth]
May  5 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32138]: pam_unix(cron:session): session closed for user root
May  5 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2784]: pam_unix(cron:session): session closed for user samftp
May  5 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Invalid user ec2-user from 196.251.88.103
May  5 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: input_userauth_request: invalid user ec2-user [preauth]
May  5 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for invalid user ec2-user from 196.251.88.103 port 35862 ssh2
May  5 01:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 196.251.88.103 port 35862 [preauth]
May  5 01:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: Invalid user hive from 196.251.88.103
May  5 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: input_userauth_request: invalid user hive [preauth]
May  5 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: Failed password for invalid user hive from 196.251.88.103 port 53126 ssh2
May  5 01:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3136]: Connection closed by 196.251.88.103 port 53126 [preauth]
May  5 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Invalid user flask from 101.201.61.225
May  5 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: input_userauth_request: invalid user flask [preauth]
May  5 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.201.61.225
May  5 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Invalid user user1 from 101.201.61.225
May  5 01:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: input_userauth_request: invalid user user1 [preauth]
May  5 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.201.61.225
May  5 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Failed password for invalid user flask from 101.201.61.225 port 37380 ssh2
May  5 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3151]: Connection closed by 101.201.61.225 port 37380 [preauth]
May  5 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Failed password for invalid user user1 from 101.201.61.225 port 37382 ssh2
May  5 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Failed password for root from 196.251.88.103 port 47640 ssh2
May  5 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3153]: Connection closed by 196.251.88.103 port 47640 [preauth]
May  5 01:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Connection closed by 101.201.61.225 port 37382 [preauth]
May  5 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: User backup from 196.251.88.103 not allowed because not listed in AllowUsers
May  5 01:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: input_userauth_request: invalid user backup [preauth]
May  5 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session closed for user root
May  5 01:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=backup
May  5 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Failed password for invalid user backup from 196.251.88.103 port 42158 ssh2
May  5 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Connection closed by 196.251.88.103 port 42158 [preauth]
May  5 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Invalid user openvpn from 196.251.88.103
May  5 01:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: input_userauth_request: invalid user openvpn [preauth]
May  5 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Failed password for invalid user openvpn from 196.251.88.103 port 36672 ssh2
May  5 01:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3227]: Connection closed by 196.251.88.103 port 36672 [preauth]
May  5 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Connection closed by 101.201.61.225 port 52348 [preauth]
May  5 01:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3146]: Connection reset by 101.201.61.225 port 37372 [preauth]
May  5 01:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Connection reset by 101.201.61.225 port 43530 [preauth]
May  5 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Invalid user nvidia from 196.251.88.103
May  5 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: input_userauth_request: invalid user nvidia [preauth]
May  5 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Connection reset by 101.201.61.225 port 43502 [preauth]
May  5 01:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Failed password for invalid user nvidia from 196.251.88.103 port 59424 ssh2
May  5 01:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Connection closed by 196.251.88.103 port 59424 [preauth]
May  5 01:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: Invalid user debian from 196.251.88.103
May  5 01:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: input_userauth_request: invalid user debian [preauth]
May  5 01:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: Failed password for invalid user debian from 196.251.88.103 port 53780 ssh2
May  5 01:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: Connection closed by 196.251.88.103 port 53780 [preauth]
May  5 01:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2761]: Connection closed by 101.201.61.225 port 40808 [preauth]
May  5 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for root from 196.251.88.103 port 48450 ssh2
May  5 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Connection closed by 196.251.88.103 port 48450 [preauth]
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session closed for user p13x
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3359]: Successful su for rubyman by root
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3359]: + ??? root:rubyman
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330872 of user rubyman.
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3359]: pam_unix(su:session): session closed for user rubyman
May  5 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330872.
May  5 01:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Connection closed by 101.201.61.225 port 34596 [preauth]
May  5 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Invalid user ubuntu from 196.251.88.103
May  5 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: input_userauth_request: invalid user ubuntu [preauth]
May  5 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user samftp
May  5 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32570]: pam_unix(cron:session): session closed for user root
May  5 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Failed password for invalid user ubuntu from 196.251.88.103 port 42926 ssh2
May  5 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2839]: Connection closed by 101.201.61.225 port 34618 [preauth]
May  5 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3293]: Connection closed by 196.251.88.103 port 42926 [preauth]
May  5 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3082]: Connection closed by 101.201.61.225 port 43476 [preauth]
May  5 01:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Failed password for root from 196.251.88.103 port 37474 ssh2
May  5 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Connection closed by 196.251.88.103 port 37474 [preauth]
May  5 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Invalid user guest from 196.251.88.103
May  5 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: input_userauth_request: invalid user guest [preauth]
May  5 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Failed password for invalid user guest from 196.251.88.103 port 60224 ssh2
May  5 01:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Connection closed by 196.251.88.103 port 60224 [preauth]
May  5 01:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Invalid user ftpuser from 196.251.88.103
May  5 01:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: input_userauth_request: invalid user ftpuser [preauth]
May  5 01:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Failed password for invalid user ftpuser from 196.251.88.103 port 54746 ssh2
May  5 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Connection closed by 196.251.88.103 port 54746 [preauth]
May  5 01:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Invalid user testuser from 196.251.88.103
May  5 01:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: input_userauth_request: invalid user testuser [preauth]
May  5 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Invalid user arad from 102.209.62.129
May  5 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: input_userauth_request: invalid user arad [preauth]
May  5 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Failed password for invalid user testuser from 196.251.88.103 port 49262 ssh2
May  5 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Connection closed by 196.251.88.103 port 49262 [preauth]
May  5 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Failed password for invalid user arad from 102.209.62.129 port 53188 ssh2
May  5 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Received disconnect from 102.209.62.129 port 53188:11: Bye Bye [preauth]
May  5 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Disconnected from 102.209.62.129 port 53188 [preauth]
May  5 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Invalid user plexserver from 196.251.88.103
May  5 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: input_userauth_request: invalid user plexserver [preauth]
May  5 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session closed for user root
May  5 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for invalid user plexserver from 196.251.88.103 port 43786 ssh2
May  5 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Connection closed by 196.251.88.103 port 43786 [preauth]
May  5 01:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Invalid user elastic from 196.251.88.103
May  5 01:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: input_userauth_request: invalid user elastic [preauth]
May  5 01:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Failed password for invalid user elastic from 196.251.88.103 port 38306 ssh2
May  5 01:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3703]: Connection closed by 196.251.88.103 port 38306 [preauth]
May  5 01:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: Invalid user ranger from 196.251.88.103
May  5 01:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: input_userauth_request: invalid user ranger [preauth]
May  5 01:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: Failed password for invalid user ranger from 196.251.88.103 port 32824 ssh2
May  5 01:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: Connection closed by 196.251.88.103 port 32824 [preauth]
May  5 01:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: Invalid user opc from 196.251.88.103
May  5 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: input_userauth_request: invalid user opc [preauth]
May  5 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: Failed password for invalid user opc from 196.251.88.103 port 55568 ssh2
May  5 01:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3743]: Connection closed by 196.251.88.103 port 55568 [preauth]
May  5 01:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: Invalid user testuser from 196.251.88.103
May  5 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: input_userauth_request: invalid user testuser [preauth]
May  5 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: Failed password for invalid user testuser from 196.251.88.103 port 50084 ssh2
May  5 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3753]: Connection closed by 196.251.88.103 port 50084 [preauth]
May  5 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3769]: pam_unix(cron:session): session closed for user p13x
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: Successful su for rubyman by root
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: + ??? root:rubyman
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330878 of user rubyman.
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: pam_unix(su:session): session closed for user rubyman
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330878.
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Invalid user data from 196.251.88.103
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: input_userauth_request: invalid user data [preauth]
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[703]: pam_unix(cron:session): session closed for user root
May  5 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Failed password for invalid user data from 196.251.88.103 port 44596 ssh2
May  5 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Connection closed by 196.251.88.103 port 44596 [preauth]
May  5 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3770]: pam_unix(cron:session): session closed for user samftp
May  5 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Invalid user wso2 from 196.251.88.103
May  5 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: input_userauth_request: invalid user wso2 [preauth]
May  5 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Failed password for invalid user wso2 from 196.251.88.103 port 39108 ssh2
May  5 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4052]: Connection closed by 196.251.88.103 port 39108 [preauth]
May  5 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for root from 196.251.88.103 port 33620 ssh2
May  5 01:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Connection closed by 196.251.88.103 port 33620 [preauth]
May  5 01:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: Invalid user postgres from 196.251.88.103
May  5 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: input_userauth_request: invalid user postgres [preauth]
May  5 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: Failed password for invalid user postgres from 196.251.88.103 port 56370 ssh2
May  5 01:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4086]: Connection closed by 196.251.88.103 port 56370 [preauth]
May  5 01:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4117]: Failed password for root from 196.251.88.103 port 50888 ssh2
May  5 01:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4117]: Connection closed by 196.251.88.103 port 50888 [preauth]
May  5 01:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2787]: pam_unix(cron:session): session closed for user root
May  5 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4128]: Failed password for root from 196.251.88.103 port 45404 ssh2
May  5 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4128]: Connection closed by 196.251.88.103 port 45404 [preauth]
May  5 01:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: Invalid user user1 from 196.251.88.103
May  5 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: input_userauth_request: invalid user user1 [preauth]
May  5 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: Failed password for invalid user user1 from 196.251.88.103 port 39930 ssh2
May  5 01:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4161]: Connection closed by 196.251.88.103 port 39930 [preauth]
May  5 01:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Invalid user tom from 196.251.88.103
May  5 01:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: input_userauth_request: invalid user tom [preauth]
May  5 01:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Failed password for invalid user tom from 196.251.88.103 port 34454 ssh2
May  5 01:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4180]: Connection closed by 196.251.88.103 port 34454 [preauth]
May  5 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Invalid user sonar from 196.251.88.103
May  5 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: input_userauth_request: invalid user sonar [preauth]
May  5 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Failed password for invalid user sonar from 196.251.88.103 port 57204 ssh2
May  5 01:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Connection closed by 196.251.88.103 port 57204 [preauth]
May  5 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: Invalid user gpadmin from 196.251.88.103
May  5 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: input_userauth_request: invalid user gpadmin [preauth]
May  5 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: Failed password for invalid user gpadmin from 196.251.88.103 port 51716 ssh2
May  5 01:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4205]: Connection closed by 196.251.88.103 port 51716 [preauth]
May  5 01:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: Invalid user solr from 196.251.88.103
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: input_userauth_request: invalid user solr [preauth]
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4220]: pam_unix(cron:session): session closed for user p13x
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4438]: Successful su for rubyman by root
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4438]: + ??? root:rubyman
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330880 of user rubyman.
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4438]: pam_unix(su:session): session closed for user rubyman
May  5 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330880.
May  5 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: Failed password for invalid user solr from 196.251.88.103 port 46226 ssh2
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4217]: Connection closed by 196.251.88.103 port 46226 [preauth]
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session closed for user root
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Invalid user michal from 87.201.127.149
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: input_userauth_request: invalid user michal [preauth]
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4221]: pam_unix(cron:session): session closed for user samftp
May  5 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Failed password for invalid user michal from 87.201.127.149 port 45010 ssh2
May  5 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Received disconnect from 87.201.127.149 port 45010:11: Bye Bye [preauth]
May  5 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Disconnected from 87.201.127.149 port 45010 [preauth]
May  5 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for root from 196.251.88.103 port 40748 ssh2
May  5 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Connection closed by 196.251.88.103 port 40748 [preauth]
May  5 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Invalid user tech from 46.244.96.25
May  5 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: input_userauth_request: invalid user tech [preauth]
May  5 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 01:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Invalid user odoo17 from 196.251.88.103
May  5 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: input_userauth_request: invalid user odoo17 [preauth]
May  5 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Failed password for invalid user tech from 46.244.96.25 port 34644 ssh2
May  5 01:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4649]: Connection closed by 46.244.96.25 port 34644 [preauth]
May  5 01:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Failed password for invalid user odoo17 from 196.251.88.103 port 35264 ssh2
May  5 01:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Connection closed by 196.251.88.103 port 35264 [preauth]
May  5 01:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Invalid user dev from 196.251.88.103
May  5 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: input_userauth_request: invalid user dev [preauth]
May  5 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Failed password for invalid user dev from 196.251.88.103 port 58012 ssh2
May  5 01:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Connection closed by 196.251.88.103 port 58012 [preauth]
May  5 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Invalid user elasticsearch from 196.251.88.103
May  5 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Invalid user eth from 68.183.12.36
May  5 01:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: input_userauth_request: invalid user eth [preauth]
May  5 01:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Failed password for invalid user elasticsearch from 196.251.88.103 port 52528 ssh2
May  5 01:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4708]: Connection closed by 196.251.88.103 port 52528 [preauth]
May  5 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Failed password for invalid user eth from 68.183.12.36 port 35012 ssh2
May  5 01:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Connection closed by 68.183.12.36 port 35012 [preauth]
May  5 01:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Failed password for root from 196.251.88.103 port 47040 ssh2
May  5 01:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Connection closed by 196.251.88.103 port 47040 [preauth]
May  5 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3292]: pam_unix(cron:session): session closed for user root
May  5 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: Invalid user dev from 196.251.88.103
May  5 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: input_userauth_request: invalid user dev [preauth]
May  5 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: Failed password for invalid user dev from 196.251.88.103 port 41554 ssh2
May  5 01:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4753]: Connection closed by 196.251.88.103 port 41554 [preauth]
May  5 01:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: Invalid user pi from 196.251.88.103
May  5 01:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: input_userauth_request: invalid user pi [preauth]
May  5 01:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: Failed password for invalid user pi from 196.251.88.103 port 36074 ssh2
May  5 01:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4763]: Connection closed by 196.251.88.103 port 36074 [preauth]
May  5 01:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129  user=root
May  5 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Invalid user user from 196.251.88.103
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: input_userauth_request: invalid user user [preauth]
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4772]: Failed password for root from 102.209.62.129 port 33984 ssh2
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4772]: Received disconnect from 102.209.62.129 port 33984:11: Bye Bye [preauth]
May  5 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4772]: Disconnected from 102.209.62.129 port 33984 [preauth]
May  5 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Failed password for invalid user user from 196.251.88.103 port 58822 ssh2
May  5 01:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Connection closed by 196.251.88.103 port 58822 [preauth]
May  5 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Invalid user minecraft from 196.251.88.103
May  5 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: input_userauth_request: invalid user minecraft [preauth]
May  5 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Failed password for invalid user minecraft from 196.251.88.103 port 53334 ssh2
May  5 01:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Connection closed by 196.251.88.103 port 53334 [preauth]
May  5 01:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user p13x
May  5 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Failed password for root from 196.251.88.103 port 47850 ssh2
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Connection closed by 196.251.88.103 port 47850 [preauth]
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: Successful su for rubyman by root
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: + ??? root:rubyman
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330886 of user rubyman.
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: pam_unix(su:session): session closed for user rubyman
May  5 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330886.
May  5 01:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1685]: pam_unix(cron:session): session closed for user root
May  5 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Invalid user lighthouse from 196.251.88.103
May  5 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: input_userauth_request: invalid user lighthouse [preauth]
May  5 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user samftp
May  5 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Failed password for invalid user lighthouse from 196.251.88.103 port 42366 ssh2
May  5 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Connection closed by 196.251.88.103 port 42366 [preauth]
May  5 01:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Failed password for root from 196.251.88.103 port 36886 ssh2
May  5 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Connection closed by 196.251.88.103 port 36886 [preauth]
May  5 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Invalid user user1 from 196.251.88.103
May  5 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: input_userauth_request: invalid user user1 [preauth]
May  5 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Failed password for invalid user user1 from 196.251.88.103 port 59636 ssh2
May  5 01:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5311]: Connection closed by 196.251.88.103 port 59636 [preauth]
May  5 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Invalid user user from 196.251.88.103
May  5 01:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: input_userauth_request: invalid user user [preauth]
May  5 01:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Failed password for invalid user user from 196.251.88.103 port 54152 ssh2
May  5 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5322]: Connection closed by 196.251.88.103 port 54152 [preauth]
May  5 01:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: Invalid user g from 196.251.88.103
May  5 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: input_userauth_request: invalid user g [preauth]
May  5 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: Failed password for invalid user g from 196.251.88.103 port 48666 ssh2
May  5 01:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5346]: Connection closed by 196.251.88.103 port 48666 [preauth]
May  5 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5356]: User syslog from 164.68.105.9 not allowed because not listed in AllowUsers
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5356]: input_userauth_request: invalid user syslog [preauth]
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=syslog
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Invalid user plex from 196.251.88.103
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: input_userauth_request: invalid user plex [preauth]
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session closed for user root
May  5 01:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5356]: Failed password for invalid user syslog from 164.68.105.9 port 60296 ssh2
May  5 01:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5356]: Connection closed by 164.68.105.9 port 60296 [preauth]
May  5 01:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Failed password for invalid user plex from 196.251.88.103 port 43178 ssh2
May  5 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5366]: Connection closed by 196.251.88.103 port 43178 [preauth]
May  5 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Invalid user svnuser from 165.154.14.28
May  5 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: input_userauth_request: invalid user svnuser [preauth]
May  5 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Failed password for invalid user svnuser from 165.154.14.28 port 50116 ssh2
May  5 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Received disconnect from 165.154.14.28 port 50116:11: Bye Bye [preauth]
May  5 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5393]: Disconnected from 165.154.14.28 port 50116 [preauth]
May  5 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Invalid user lsfadmin from 196.251.88.103
May  5 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: input_userauth_request: invalid user lsfadmin [preauth]
May  5 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Failed password for invalid user lsfadmin from 196.251.88.103 port 37688 ssh2
May  5 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Connection closed by 196.251.88.103 port 37688 [preauth]
May  5 01:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: Invalid user git from 196.251.88.103
May  5 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: input_userauth_request: invalid user git [preauth]
May  5 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: Failed password for invalid user git from 196.251.88.103 port 60436 ssh2
May  5 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5416]: Connection closed by 196.251.88.103 port 60436 [preauth]
May  5 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: User ftp from 196.251.88.103 not allowed because not listed in AllowUsers
May  5 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: input_userauth_request: invalid user ftp [preauth]
May  5 01:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=ftp
May  5 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: Failed password for invalid user ftp from 196.251.88.103 port 54952 ssh2
May  5 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5437]: Connection closed by 196.251.88.103 port 54952 [preauth]
May  5 01:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Invalid user naim from 87.201.127.149
May  5 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: input_userauth_request: invalid user naim [preauth]
May  5 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Invalid user sadmin from 196.251.88.103
May  5 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: input_userauth_request: invalid user sadmin [preauth]
May  5 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Failed password for invalid user naim from 87.201.127.149 port 52590 ssh2
May  5 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Received disconnect from 87.201.127.149 port 52590:11: Bye Bye [preauth]
May  5 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5447]: Disconnected from 87.201.127.149 port 52590 [preauth]
May  5 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Failed password for invalid user sadmin from 196.251.88.103 port 49468 ssh2
May  5 01:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5457]: Connection closed by 196.251.88.103 port 49468 [preauth]
May  5 01:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Invalid user odoo16 from 196.251.88.103
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: input_userauth_request: invalid user odoo16 [preauth]
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5480]: pam_unix(cron:session): session closed for user root
May  5 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5473]: pam_unix(cron:session): session closed for user p13x
May  5 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: Successful su for rubyman by root
May  5 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: + ??? root:rubyman
May  5 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330891 of user rubyman.
May  5 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5574]: pam_unix(su:session): session closed for user rubyman
May  5 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330891.
May  5 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Failed password for invalid user odoo16 from 196.251.88.103 port 43984 ssh2
May  5 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5470]: Connection closed by 196.251.88.103 port 43984 [preauth]
May  5 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session closed for user root
May  5 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session closed for user root
May  5 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session closed for user samftp
May  5 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Failed password for root from 196.251.88.103 port 38498 ssh2
May  5 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Connection closed by 196.251.88.103 port 38498 [preauth]
May  5 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5892]: Did not receive identification string from 91.144.21.210
May  5 01:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Failed password for root from 196.251.88.103 port 33014 ssh2
May  5 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Connection closed by 196.251.88.103 port 33014 [preauth]
May  5 01:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Invalid user postgres from 196.251.88.103
May  5 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: input_userauth_request: invalid user postgres [preauth]
May  5 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Did not receive identification string from 91.144.21.210
May  5 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Failed password for invalid user postgres from 196.251.88.103 port 55758 ssh2
May  5 01:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Connection closed by 196.251.88.103 port 55758 [preauth]
May  5 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Invalid user kubernetes from 196.251.88.103
May  5 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: input_userauth_request: invalid user kubernetes [preauth]
May  5 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Failed password for invalid user kubernetes from 196.251.88.103 port 50276 ssh2
May  5 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Connection closed by 196.251.88.103 port 50276 [preauth]
May  5 01:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Invalid user NL5xUDpV2xRa from 91.144.21.210
May  5 01:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: input_userauth_request: invalid user NL5xUDpV2xRa [preauth]
May  5 01:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: fatal: ssh_packet_get_string: incomplete message [preauth]
May  5 01:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session closed for user root
May  5 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Failed password for root from 196.251.88.103 port 44794 ssh2
May  5 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Connection closed by 196.251.88.103 port 44794 [preauth]
May  5 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Invalid user jenkins from 196.251.88.103
May  5 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: input_userauth_request: invalid user jenkins [preauth]
May  5 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Failed password for invalid user jenkins from 196.251.88.103 port 39314 ssh2
May  5 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Connection closed by 196.251.88.103 port 39314 [preauth]
May  5 01:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Invalid user gpuadmin from 196.251.88.103
May  5 01:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: input_userauth_request: invalid user gpuadmin [preauth]
May  5 01:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Failed password for invalid user gpuadmin from 196.251.88.103 port 33832 ssh2
May  5 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6034]: Connection closed by 196.251.88.103 port 33832 [preauth]
May  5 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Invalid user mongo from 196.251.88.103
May  5 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: input_userauth_request: invalid user mongo [preauth]
May  5 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Failed password for invalid user mongo from 196.251.88.103 port 56580 ssh2
May  5 01:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6051]: Connection closed by 196.251.88.103 port 56580 [preauth]
May  5 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Invalid user pi from 196.251.88.103
May  5 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: input_userauth_request: invalid user pi [preauth]
May  5 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Failed password for invalid user pi from 196.251.88.103 port 51090 ssh2
May  5 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6063]: Connection closed by 196.251.88.103 port 51090 [preauth]
May  5 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Invalid user wanghy from 102.209.62.129
May  5 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: input_userauth_request: invalid user wanghy [preauth]
May  5 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Invalid user media from 196.251.88.103
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: input_userauth_request: invalid user media [preauth]
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Failed password for invalid user wanghy from 102.209.62.129 port 43022 ssh2
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session closed for user p13x
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Received disconnect from 102.209.62.129 port 43022:11: Bye Bye [preauth]
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6074]: Disconnected from 102.209.62.129 port 43022 [preauth]
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: Successful su for rubyman by root
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: + ??? root:rubyman
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330895 of user rubyman.
May  5 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6156]: pam_unix(su:session): session closed for user rubyman
May  5 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330895.
May  5 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Failed password for invalid user media from 196.251.88.103 port 45606 ssh2
May  5 01:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6076]: Connection closed by 196.251.88.103 port 45606 [preauth]
May  5 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2786]: pam_unix(cron:session): session closed for user root
May  5 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session closed for user samftp
May  5 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Invalid user apache from 196.251.88.103
May  5 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: input_userauth_request: invalid user apache [preauth]
May  5 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Failed password for invalid user apache from 196.251.88.103 port 40120 ssh2
May  5 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Connection closed by 196.251.88.103 port 40120 [preauth]
May  5 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Failed password for root from 196.251.88.103 port 34634 ssh2
May  5 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6358]: Connection closed by 196.251.88.103 port 34634 [preauth]
May  5 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Invalid user weblogic from 117.216.143.31
May  5 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: input_userauth_request: invalid user weblogic [preauth]
May  5 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Invalid user stream from 196.251.88.103
May  5 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: input_userauth_request: invalid user stream [preauth]
May  5 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Failed password for invalid user stream from 196.251.88.103 port 57382 ssh2
May  5 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Connection closed by 196.251.88.103 port 57382 [preauth]
May  5 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Failed password for invalid user weblogic from 117.216.143.31 port 48702 ssh2
May  5 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Received disconnect from 117.216.143.31 port 48702:11: Bye Bye [preauth]
May  5 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Disconnected from 117.216.143.31 port 48702 [preauth]
May  5 01:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Invalid user flask from 196.251.88.103
May  5 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: input_userauth_request: invalid user flask [preauth]
May  5 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Failed password for invalid user flask from 196.251.88.103 port 51898 ssh2
May  5 01:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Connection closed by 196.251.88.103 port 51898 [preauth]
May  5 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Invalid user steam from 196.251.88.103
May  5 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: input_userauth_request: invalid user steam [preauth]
May  5 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6383]: Connection closed by 101.37.23.196 port 50588 [preauth]
May  5 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Failed password for invalid user steam from 196.251.88.103 port 46398 ssh2
May  5 01:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Connection closed by 196.251.88.103 port 46398 [preauth]
May  5 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user root
May  5 01:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Invalid user hadoop from 196.251.88.103
May  5 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: input_userauth_request: invalid user hadoop [preauth]
May  5 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Failed password for invalid user hadoop from 196.251.88.103 port 40928 ssh2
May  5 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6463]: Connection closed by 196.251.88.103 port 40928 [preauth]
May  5 01:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Invalid user mk from 87.201.127.149
May  5 01:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: input_userauth_request: invalid user mk [preauth]
May  5 01:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Failed password for invalid user mk from 87.201.127.149 port 60160 ssh2
May  5 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Received disconnect from 87.201.127.149 port 60160:11: Bye Bye [preauth]
May  5 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Disconnected from 87.201.127.149 port 60160 [preauth]
May  5 01:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: Failed password for root from 196.251.88.103 port 35450 ssh2
May  5 01:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: Connection closed by 196.251.88.103 port 35450 [preauth]
May  5 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Invalid user ts from 196.251.88.103
May  5 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: input_userauth_request: invalid user ts [preauth]
May  5 01:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user ts from 196.251.88.103 port 58206 ssh2
May  5 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Connection closed by 196.251.88.103 port 58206 [preauth]
May  5 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Failed password for root from 196.251.88.103 port 52716 ssh2
May  5 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Connection closed by 196.251.88.103 port 52716 [preauth]
May  5 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Invalid user admin from 196.251.88.103
May  5 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: input_userauth_request: invalid user admin [preauth]
May  5 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Failed password for invalid user admin from 196.251.88.103 port 47236 ssh2
May  5 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6530]: pam_unix(cron:session): session closed for user p13x
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: Successful su for rubyman by root
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: + ??? root:rubyman
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330899 of user rubyman.
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6589]: pam_unix(su:session): session closed for user rubyman
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330899.
May  5 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Connection closed by 196.251.88.103 port 47236 [preauth]
May  5 01:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3291]: pam_unix(cron:session): session closed for user root
May  5 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Invalid user deploy from 196.251.88.103
May  5 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: input_userauth_request: invalid user deploy [preauth]
May  5 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session closed for user samftp
May  5 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Failed password for invalid user deploy from 196.251.88.103 port 41754 ssh2
May  5 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: Connection closed by 196.251.88.103 port 41754 [preauth]
May  5 01:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Invalid user nginx from 196.251.88.103
May  5 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: input_userauth_request: invalid user nginx [preauth]
May  5 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Failed password for invalid user nginx from 196.251.88.103 port 36270 ssh2
May  5 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6788]: Connection closed by 196.251.88.103 port 36270 [preauth]
May  5 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Invalid user dspace from 196.251.88.103
May  5 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: input_userauth_request: invalid user dspace [preauth]
May  5 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Failed password for invalid user dspace from 196.251.88.103 port 59016 ssh2
May  5 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6810]: Connection closed by 196.251.88.103 port 59016 [preauth]
May  5 01:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Invalid user rancher from 196.251.88.103
May  5 01:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: input_userauth_request: invalid user rancher [preauth]
May  5 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Failed password for invalid user rancher from 196.251.88.103 port 53528 ssh2
May  5 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6830]: Connection closed by 196.251.88.103 port 53528 [preauth]
May  5 01:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Invalid user ec2-user from 196.251.88.103
May  5 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: input_userauth_request: invalid user ec2-user [preauth]
May  5 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user ec2-user from 196.251.88.103 port 48044 ssh2
May  5 01:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Connection closed by 196.251.88.103 port 48044 [preauth]
May  5 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user root
May  5 01:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6880]: Failed password for root from 196.251.88.103 port 42558 ssh2
May  5 01:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6880]: Connection closed by 196.251.88.103 port 42558 [preauth]
May  5 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Invalid user gitlab from 196.251.88.103
May  5 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: input_userauth_request: invalid user gitlab [preauth]
May  5 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Failed password for invalid user gitlab from 196.251.88.103 port 37076 ssh2
May  5 01:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6896]: Connection closed by 196.251.88.103 port 37076 [preauth]
May  5 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: Invalid user tomcat from 196.251.88.103
May  5 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: input_userauth_request: invalid user tomcat [preauth]
May  5 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: Failed password for invalid user tomcat from 196.251.88.103 port 59830 ssh2
May  5 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7008]: Connection closed by 196.251.88.103 port 59830 [preauth]
May  5 01:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Invalid user master from 196.251.88.103
May  5 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: input_userauth_request: invalid user master [preauth]
May  5 01:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Failed password for invalid user master from 196.251.88.103 port 54348 ssh2
May  5 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7018]: Connection closed by 196.251.88.103 port 54348 [preauth]
May  5 01:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7044]: pam_unix(cron:session): session closed for user p13x
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7123]: Successful su for rubyman by root
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7123]: + ??? root:rubyman
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330903 of user rubyman.
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7123]: pam_unix(su:session): session closed for user rubyman
May  5 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330903.
May  5 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: Failed password for root from 196.251.88.103 port 48862 ssh2
May  5 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7029]: Connection closed by 196.251.88.103 port 48862 [preauth]
May  5 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3771]: pam_unix(cron:session): session closed for user root
May  5 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7046]: pam_unix(cron:session): session closed for user samftp
May  5 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Invalid user guest from 196.251.88.103
May  5 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: input_userauth_request: invalid user guest [preauth]
May  5 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Failed password for invalid user guest from 196.251.88.103 port 43376 ssh2
May  5 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Connection closed by 196.251.88.103 port 43376 [preauth]
May  5 01:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Invalid user edge from 102.209.62.129
May  5 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: input_userauth_request: invalid user edge [preauth]
May  5 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Invalid user developer from 196.251.88.103
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: input_userauth_request: invalid user developer [preauth]
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Failed password for invalid user edge from 102.209.62.129 port 52050 ssh2
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Received disconnect from 102.209.62.129 port 52050:11: Bye Bye [preauth]
May  5 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7308]: Disconnected from 102.209.62.129 port 52050 [preauth]
May  5 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Failed password for invalid user developer from 196.251.88.103 port 37888 ssh2
May  5 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Connection closed by 196.251.88.103 port 37888 [preauth]
May  5 01:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Invalid user jumpserver from 196.251.88.103
May  5 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: input_userauth_request: invalid user jumpserver [preauth]
May  5 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Failed password for invalid user jumpserver from 196.251.88.103 port 60638 ssh2
May  5 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7340]: Connection closed by 196.251.88.103 port 60638 [preauth]
May  5 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Invalid user observer from 196.251.88.103
May  5 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: input_userauth_request: invalid user observer [preauth]
May  5 01:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Failed password for invalid user observer from 196.251.88.103 port 55150 ssh2
May  5 01:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Connection closed by 196.251.88.103 port 55150 [preauth]
May  5 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Invalid user git from 196.251.88.103
May  5 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: input_userauth_request: invalid user git [preauth]
May  5 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Failed password for root from 87.201.127.149 port 39514 ssh2
May  5 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Received disconnect from 87.201.127.149 port 39514:11: Bye Bye [preauth]
May  5 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Disconnected from 87.201.127.149 port 39514 [preauth]
May  5 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Failed password for invalid user git from 196.251.88.103 port 49662 ssh2
May  5 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Connection closed by 196.251.88.103 port 49662 [preauth]
May  5 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session closed for user root
May  5 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Invalid user esuser from 196.251.88.103
May  5 01:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: input_userauth_request: invalid user esuser [preauth]
May  5 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for invalid user esuser from 196.251.88.103 port 44174 ssh2
May  5 01:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Connection closed by 196.251.88.103 port 44174 [preauth]
May  5 01:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: Failed password for root from 196.251.88.103 port 38686 ssh2
May  5 01:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7414]: Connection closed by 196.251.88.103 port 38686 [preauth]
May  5 01:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: Failed password for root from 196.251.88.103 port 33202 ssh2
May  5 01:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7437]: Connection closed by 196.251.88.103 port 33202 [preauth]
May  5 01:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Invalid user app from 196.251.88.103
May  5 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: input_userauth_request: invalid user app [preauth]
May  5 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Failed password for invalid user app from 196.251.88.103 port 55954 ssh2
May  5 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7460]: Connection closed by 196.251.88.103 port 55954 [preauth]
May  5 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Invalid user git from 196.251.88.103
May  5 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: input_userauth_request: invalid user git [preauth]
May  5 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session closed for user p13x
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7641]: Successful su for rubyman by root
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7641]: + ??? root:rubyman
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330906 of user rubyman.
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7641]: pam_unix(su:session): session closed for user rubyman
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330906.
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Failed password for invalid user git from 196.251.88.103 port 50470 ssh2
May  5 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7472]: Connection closed by 196.251.88.103 port 50470 [preauth]
May  5 01:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4222]: pam_unix(cron:session): session closed for user root
May  5 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: Invalid user bot from 196.251.88.103
May  5 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: input_userauth_request: invalid user bot [preauth]
May  5 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session closed for user samftp
May  5 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: Failed password for invalid user bot from 196.251.88.103 port 44990 ssh2
May  5 01:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7731]: Connection closed by 196.251.88.103 port 44990 [preauth]
May  5 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Invalid user fastuser from 196.251.88.103
May  5 01:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: input_userauth_request: invalid user fastuser [preauth]
May  5 01:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for invalid user fastuser from 196.251.88.103 port 39502 ssh2
May  5 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Connection closed by 196.251.88.103 port 39502 [preauth]
May  5 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Invalid user jms from 196.251.88.103
May  5 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: input_userauth_request: invalid user jms [preauth]
May  5 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Failed password for invalid user jms from 196.251.88.103 port 34020 ssh2
May  5 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Connection closed by 196.251.88.103 port 34020 [preauth]
May  5 01:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Invalid user steam from 196.251.88.103
May  5 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: input_userauth_request: invalid user steam [preauth]
May  5 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Failed password for invalid user steam from 196.251.88.103 port 56764 ssh2
May  5 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Connection closed by 196.251.88.103 port 56764 [preauth]
May  5 01:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Invalid user nexus from 196.251.88.103
May  5 01:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: input_userauth_request: invalid user nexus [preauth]
May  5 01:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Failed password for invalid user nexus from 196.251.88.103 port 51276 ssh2
May  5 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Connection closed by 196.251.88.103 port 51276 [preauth]
May  5 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session closed for user root
May  5 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Failed password for root from 196.251.88.103 port 45788 ssh2
May  5 01:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7949]: Connection closed by 196.251.88.103 port 45788 [preauth]
May  5 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  5 01:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Invalid user ftpuser from 196.251.88.103
May  5 01:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: input_userauth_request: invalid user ftpuser [preauth]
May  5 01:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Failed password for root from 218.92.0.217 port 56594 ssh2
May  5 01:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Failed password for invalid user ftpuser from 196.251.88.103 port 40302 ssh2
May  5 01:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7972]: Connection closed by 196.251.88.103 port 40302 [preauth]
May  5 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Failed password for root from 218.92.0.217 port 56594 ssh2
May  5 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Failed password for root from 218.92.0.217 port 56594 ssh2
May  5 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Received disconnect from 218.92.0.217 port 56594:11:  [preauth]
May  5 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Disconnected from 218.92.0.217 port 56594 [preauth]
May  5 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  5 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Failed password for root from 196.251.88.103 port 34816 ssh2
May  5 01:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Connection closed by 196.251.88.103 port 34816 [preauth]
May  5 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: Invalid user yealink from 196.251.88.103
May  5 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: input_userauth_request: invalid user yealink [preauth]
May  5 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: Failed password for invalid user yealink from 196.251.88.103 port 57562 ssh2
May  5 01:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8009]: Connection closed by 196.251.88.103 port 57562 [preauth]
May  5 01:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Invalid user ansible from 196.251.88.103
May  5 01:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: input_userauth_request: invalid user ansible [preauth]
May  5 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session closed for user root
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8030]: pam_unix(cron:session): session closed for user p13x
May  5 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Failed password for invalid user ansible from 196.251.88.103 port 52074 ssh2
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8106]: Successful su for rubyman by root
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8106]: + ??? root:rubyman
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330912 of user rubyman.
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8106]: pam_unix(su:session): session closed for user rubyman
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330912.
May  5 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8019]: Connection closed by 196.251.88.103 port 52074 [preauth]
May  5 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user root
May  5 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
May  5 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: Invalid user zabbix from 196.251.88.103
May  5 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: input_userauth_request: invalid user zabbix [preauth]
May  5 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8031]: pam_unix(cron:session): session closed for user samftp
May  5 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: Failed password for invalid user zabbix from 196.251.88.103 port 46592 ssh2
May  5 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8232]: Connection closed by 196.251.88.103 port 46592 [preauth]
May  5 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: Invalid user debian from 196.251.88.103
May  5 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: input_userauth_request: invalid user debian [preauth]
May  5 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: Failed password for invalid user debian from 196.251.88.103 port 41104 ssh2
May  5 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8341]: Connection closed by 196.251.88.103 port 41104 [preauth]
May  5 01:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Failed password for root from 87.201.127.149 port 47090 ssh2
May  5 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Received disconnect from 87.201.127.149 port 47090:11: Bye Bye [preauth]
May  5 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8364]: Disconnected from 87.201.127.149 port 47090 [preauth]
May  5 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Failed password for root from 196.251.88.103 port 35618 ssh2
May  5 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Connection closed by 196.251.88.103 port 35618 [preauth]
May  5 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Failed password for root from 218.92.0.179 port 57946 ssh2
May  5 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: Invalid user gcs from 102.209.62.129
May  5 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: input_userauth_request: invalid user gcs [preauth]
May  5 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Failed password for root from 218.92.0.179 port 57946 ssh2
May  5 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Failed password for root from 196.251.88.103 port 58362 ssh2
May  5 01:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8379]: Connection closed by 196.251.88.103 port 58362 [preauth]
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: Failed password for invalid user gcs from 102.209.62.129 port 32846 ssh2
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Failed password for root from 218.92.0.179 port 57946 ssh2
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: Received disconnect from 102.209.62.129 port 32846:11: Bye Bye [preauth]
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8391]: Disconnected from 102.209.62.129 port 32846 [preauth]
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Received disconnect from 218.92.0.179 port 57946:11:  [preauth]
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: Disconnected from 218.92.0.179 port 57946 [preauth]
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8377]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user flink from 196.251.88.103
May  5 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user flink [preauth]
May  5 01:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user flink from 196.251.88.103 port 52880 ssh2
May  5 01:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 196.251.88.103 port 52880 [preauth]
May  5 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7049]: pam_unix(cron:session): session closed for user root
May  5 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Invalid user bnb from 68.183.12.36
May  5 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: input_userauth_request: invalid user bnb [preauth]
May  5 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Invalid user esroot from 196.251.88.103
May  5 01:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: input_userauth_request: invalid user esroot [preauth]
May  5 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Failed password for invalid user bnb from 68.183.12.36 port 34978 ssh2
May  5 01:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Connection closed by 68.183.12.36 port 34978 [preauth]
May  5 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Failed password for invalid user esroot from 196.251.88.103 port 47400 ssh2
May  5 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8444]: Connection closed by 196.251.88.103 port 47400 [preauth]
May  5 01:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Invalid user dell from 165.154.14.28
May  5 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: input_userauth_request: invalid user dell [preauth]
May  5 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Failed password for root from 196.251.88.103 port 41912 ssh2
May  5 01:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8465]: Connection closed by 196.251.88.103 port 41912 [preauth]
May  5 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Failed password for invalid user dell from 165.154.14.28 port 56202 ssh2
May  5 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Received disconnect from 165.154.14.28 port 56202:11: Bye Bye [preauth]
May  5 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Disconnected from 165.154.14.28 port 56202 [preauth]
May  5 01:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: Invalid user dolphinscheduler from 196.251.88.103
May  5 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: Failed password for invalid user dolphinscheduler from 196.251.88.103 port 36424 ssh2
May  5 01:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8491]: Connection closed by 196.251.88.103 port 36424 [preauth]
May  5 01:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Invalid user dolphinscheduler from 196.251.88.103
May  5 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Failed password for invalid user dolphinscheduler from 196.251.88.103 port 59174 ssh2
May  5 01:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8503]: Connection closed by 196.251.88.103 port 59174 [preauth]
May  5 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Invalid user guest from 196.251.88.103
May  5 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: input_userauth_request: invalid user guest [preauth]
May  5 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session closed for user p13x
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8606]: Successful su for rubyman by root
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8606]: + ??? root:rubyman
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330918 of user rubyman.
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8606]: pam_unix(su:session): session closed for user rubyman
May  5 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330918.
May  5 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Failed password for invalid user guest from 196.251.88.103 port 53688 ssh2
May  5 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Connection closed by 196.251.88.103 port 53688 [preauth]
May  5 01:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user root
May  5 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Invalid user bigdata from 196.251.88.103
May  5 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: input_userauth_request: invalid user bigdata [preauth]
May  5 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user samftp
May  5 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Failed password for invalid user bigdata from 196.251.88.103 port 48200 ssh2
May  5 01:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Connection closed by 196.251.88.103 port 48200 [preauth]
May  5 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for root from 196.251.88.103 port 42712 ssh2
May  5 01:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Connection closed by 196.251.88.103 port 42712 [preauth]
May  5 01:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: Invalid user es from 196.251.88.103
May  5 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: input_userauth_request: invalid user es [preauth]
May  5 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: Failed password for invalid user es from 196.251.88.103 port 37224 ssh2
May  5 01:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8835]: Connection closed by 196.251.88.103 port 37224 [preauth]
May  5 01:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: Invalid user uftp from 196.251.88.103
May  5 01:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: input_userauth_request: invalid user uftp [preauth]
May  5 01:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: Failed password for invalid user uftp from 196.251.88.103 port 59970 ssh2
May  5 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8851]: Connection closed by 196.251.88.103 port 59970 [preauth]
May  5 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: Failed password for root from 196.251.88.103 port 54486 ssh2
May  5 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: Connection closed by 196.251.88.103 port 54486 [preauth]
May  5 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user root
May  5 01:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Invalid user user from 196.251.88.103
May  5 01:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: input_userauth_request: invalid user user [preauth]
May  5 01:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Failed password for invalid user user from 196.251.88.103 port 49002 ssh2
May  5 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Connection closed by 196.251.88.103 port 49002 [preauth]
May  5 01:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Invalid user mehdi from 196.251.88.103
May  5 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: input_userauth_request: invalid user mehdi [preauth]
May  5 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Failed password for invalid user mehdi from 196.251.88.103 port 43520 ssh2
May  5 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8917]: Connection closed by 196.251.88.103 port 43520 [preauth]
May  5 01:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Invalid user ubnt from 196.251.88.103
May  5 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: input_userauth_request: invalid user ubnt [preauth]
May  5 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Failed password for invalid user ubnt from 196.251.88.103 port 38048 ssh2
May  5 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8942]: Connection closed by 196.251.88.103 port 38048 [preauth]
May  5 01:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Invalid user elastic from 196.251.88.103
May  5 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: input_userauth_request: invalid user elastic [preauth]
May  5 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Failed password for invalid user elastic from 196.251.88.103 port 60794 ssh2
May  5 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8964]: Connection closed by 196.251.88.103 port 60794 [preauth]
May  5 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: Invalid user oracle from 196.251.88.103
May  5 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: input_userauth_request: invalid user oracle [preauth]
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8978]: pam_unix(cron:session): session closed for user p13x
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: Successful su for rubyman by root
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: + ??? root:rubyman
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330921 of user rubyman.
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: pam_unix(su:session): session closed for user rubyman
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330921.
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: Failed password for invalid user oracle from 196.251.88.103 port 55304 ssh2
May  5 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8975]: Connection closed by 196.251.88.103 port 55304 [preauth]
May  5 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Invalid user uftp from 87.201.127.149
May  5 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: input_userauth_request: invalid user uftp [preauth]
May  5 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session closed for user root
May  5 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8979]: pam_unix(cron:session): session closed for user samftp
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Invalid user apache from 196.251.88.103
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: input_userauth_request: invalid user apache [preauth]
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Failed password for invalid user uftp from 87.201.127.149 port 54672 ssh2
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Received disconnect from 87.201.127.149 port 54672:11: Bye Bye [preauth]
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Disconnected from 87.201.127.149 port 54672 [preauth]
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Failed password for invalid user apache from 196.251.88.103 port 49818 ssh2
May  5 01:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9329]: Connection closed by 196.251.88.103 port 49818 [preauth]
May  5 01:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Invalid user admin from 196.251.88.103
May  5 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: input_userauth_request: invalid user admin [preauth]
May  5 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Failed password for invalid user admin from 196.251.88.103 port 44330 ssh2
May  5 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Connection closed by 196.251.88.103 port 44330 [preauth]
May  5 01:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Invalid user test from 196.251.88.103
May  5 01:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: input_userauth_request: invalid user test [preauth]
May  5 01:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Failed password for invalid user test from 196.251.88.103 port 38844 ssh2
May  5 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Connection closed by 196.251.88.103 port 38844 [preauth]
May  5 01:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: Invalid user admin from 196.251.88.103
May  5 01:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: input_userauth_request: invalid user admin [preauth]
May  5 01:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: Failed password for invalid user admin from 196.251.88.103 port 33354 ssh2
May  5 01:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: Connection closed by 196.251.88.103 port 33354 [preauth]
May  5 01:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Invalid user es from 196.251.88.103
May  5 01:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: input_userauth_request: invalid user es [preauth]
May  5 01:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user root
May  5 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Failed password for invalid user es from 196.251.88.103 port 56102 ssh2
May  5 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Connection closed by 196.251.88.103 port 56102 [preauth]
May  5 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Invalid user user from 80.94.95.112
May  5 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: input_userauth_request: invalid user user [preauth]
May  5 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Invalid user system from 196.251.88.103
May  5 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: input_userauth_request: invalid user system [preauth]
May  5 01:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user user from 80.94.95.112 port 63674 ssh2
May  5 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129  user=root
May  5 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Failed password for root from 102.209.62.129 port 41878 ssh2
May  5 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user user from 80.94.95.112 port 63674 ssh2
May  5 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Received disconnect from 102.209.62.129 port 41878:11: Bye Bye [preauth]
May  5 01:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Disconnected from 102.209.62.129 port 41878 [preauth]
May  5 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: User ftp from 196.251.88.103 not allowed because not listed in AllowUsers
May  5 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: input_userauth_request: invalid user ftp [preauth]
May  5 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=ftp
May  5 01:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user user from 80.94.95.112 port 63674 ssh2
May  5 01:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Failed password for invalid user system from 196.251.88.103 port 50614 ssh2
May  5 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Failed password for invalid user ftp from 196.251.88.103 port 45124 ssh2
May  5 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9456]: Connection closed by 196.251.88.103 port 50614 [preauth]
May  5 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Connection closed by 196.251.88.103 port 45124 [preauth]
May  5 01:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user user from 80.94.95.112 port 63674 ssh2
May  5 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user user from 80.94.95.112 port 63674 ssh2
May  5 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Received disconnect from 80.94.95.112 port 63674:11: Bye [preauth]
May  5 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Disconnected from 80.94.95.112 port 63674 [preauth]
May  5 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 01:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for root from 196.251.88.103 port 39640 ssh2
May  5 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Connection closed by 196.251.88.103 port 39640 [preauth]
May  5 01:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: Invalid user minecraft from 196.251.88.103
May  5 01:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: input_userauth_request: invalid user minecraft [preauth]
May  5 01:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: Failed password for invalid user minecraft from 196.251.88.103 port 34156 ssh2
May  5 01:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9513]: Connection closed by 196.251.88.103 port 34156 [preauth]
May  5 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session closed for user p13x
May  5 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9593]: Successful su for rubyman by root
May  5 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9593]: + ??? root:rubyman
May  5 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330925 of user rubyman.
May  5 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9593]: pam_unix(su:session): session closed for user rubyman
May  5 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330925.
May  5 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: Invalid user administrator from 196.251.88.103
May  5 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: input_userauth_request: invalid user administrator [preauth]
May  5 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user root
May  5 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session closed for user samftp
May  5 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: Failed password for invalid user administrator from 196.251.88.103 port 56902 ssh2
May  5 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: Invalid user centos from 196.251.88.103
May  5 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: input_userauth_request: invalid user centos [preauth]
May  5 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9523]: Connection closed by 196.251.88.103 port 56902 [preauth]
May  5 01:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: Failed password for invalid user centos from 196.251.88.103 port 51420 ssh2
May  5 01:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9757]: Connection closed by 196.251.88.103 port 51420 [preauth]
May  5 01:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: Invalid user test2 from 196.251.88.103
May  5 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: input_userauth_request: invalid user test2 [preauth]
May  5 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: Failed password for invalid user test2 from 196.251.88.103 port 45936 ssh2
May  5 01:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9787]: Connection closed by 196.251.88.103 port 45936 [preauth]
May  5 01:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Invalid user dolphinscheduler from 196.251.88.103
May  5 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Failed password for invalid user dolphinscheduler from 196.251.88.103 port 52102 ssh2
May  5 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9818]: Connection closed by 196.251.88.103 port 52102 [preauth]
May  5 01:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 01:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for root from 80.94.95.125 port 46407 ssh2
May  5 01:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Invalid user centos from 196.251.88.103
May  5 01:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: input_userauth_request: invalid user centos [preauth]
May  5 01:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for root from 80.94.95.125 port 46407 ssh2
May  5 01:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Failed password for invalid user centos from 196.251.88.103 port 33166 ssh2
May  5 01:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9844]: Connection closed by 196.251.88.103 port 33166 [preauth]
May  5 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for root from 80.94.95.125 port 46407 ssh2
May  5 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session closed for user root
May  5 01:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Invalid user username from 196.251.88.103
May  5 01:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: input_userauth_request: invalid user username [preauth]
May  5 01:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for root from 80.94.95.125 port 46407 ssh2
May  5 01:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Failed password for invalid user username from 196.251.88.103 port 48516 ssh2
May  5 01:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9855]: Connection closed by 196.251.88.103 port 48516 [preauth]
May  5 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for root from 80.94.95.125 port 46407 ssh2
May  5 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Received disconnect from 80.94.95.125 port 46407:11: Bye [preauth]
May  5 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Disconnected from 80.94.95.125 port 46407 [preauth]
May  5 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 01:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: Invalid user hadoop from 196.251.88.103
May  5 01:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: input_userauth_request: invalid user hadoop [preauth]
May  5 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: Failed password for invalid user hadoop from 196.251.88.103 port 41664 ssh2
May  5 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9896]: Connection closed by 196.251.88.103 port 41664 [preauth]
May  5 01:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: Invalid user elasticsearch from 196.251.88.103
May  5 01:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 01:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: Failed password for invalid user elasticsearch from 196.251.88.103 port 33104 ssh2
May  5 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9914]: Connection closed by 196.251.88.103 port 33104 [preauth]
May  5 01:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9930]: Failed password for root from 196.251.88.103 port 55552 ssh2
May  5 01:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9930]: Connection closed by 196.251.88.103 port 55552 [preauth]
May  5 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9932]: Failed password for root from 87.201.127.149 port 34024 ssh2
May  5 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9932]: Received disconnect from 87.201.127.149 port 34024:11: Bye Bye [preauth]
May  5 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9932]: Disconnected from 87.201.127.149 port 34024 [preauth]
May  5 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: Invalid user test from 196.251.88.103
May  5 01:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: input_userauth_request: invalid user test [preauth]
May  5 01:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: Failed password for invalid user test from 196.251.88.103 port 41260 ssh2
May  5 01:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9943]: Connection closed by 196.251.88.103 port 41260 [preauth]
May  5 01:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9957]: pam_unix(cron:session): session closed for user p13x
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: Successful su for rubyman by root
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: + ??? root:rubyman
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330928 of user rubyman.
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10018]: pam_unix(su:session): session closed for user rubyman
May  5 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330928.
May  5 01:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103  user=root
May  5 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7048]: pam_unix(cron:session): session closed for user root
May  5 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session closed for user samftp
May  5 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Failed password for root from 196.251.88.103 port 59338 ssh2
May  5 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9953]: Connection closed by 196.251.88.103 port 59338 [preauth]
May  5 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Invalid user esuser from 196.251.88.103
May  5 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: input_userauth_request: invalid user esuser [preauth]
May  5 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Failed password for invalid user esuser from 196.251.88.103 port 46434 ssh2
May  5 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Connection closed by 196.251.88.103 port 46434 [preauth]
May  5 01:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Invalid user uftp from 196.251.88.103
May  5 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: input_userauth_request: invalid user uftp [preauth]
May  5 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Failed password for invalid user uftp from 196.251.88.103 port 38664 ssh2
May  5 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Connection closed by 196.251.88.103 port 38664 [preauth]
May  5 01:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Invalid user sonar from 196.251.88.103
May  5 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: input_userauth_request: invalid user sonar [preauth]
May  5 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Failed password for invalid user sonar from 196.251.88.103 port 60448 ssh2
May  5 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: Connection closed by 196.251.88.103 port 60448 [preauth]
May  5 01:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Invalid user niaoyun from 196.251.88.103
May  5 01:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: input_userauth_request: invalid user niaoyun [preauth]
May  5 01:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Invalid user gitlab from 196.251.88.103
May  5 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: input_userauth_request: invalid user gitlab [preauth]
May  5 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.88.103
May  5 01:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user niaoyun from 196.251.88.103 port 54690 ssh2
May  5 01:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Connection closed by 196.251.88.103 port 54690 [preauth]
May  5 01:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Failed password for invalid user gitlab from 196.251.88.103 port 44974 ssh2
May  5 01:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Connection closed by 196.251.88.103 port 44974 [preauth]
May  5 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8981]: pam_unix(cron:session): session closed for user root
May  5 01:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Invalid user tian from 102.209.62.129
May  5 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: input_userauth_request: invalid user tian [preauth]
May  5 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Failed password for invalid user tian from 102.209.62.129 port 50904 ssh2
May  5 01:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Received disconnect from 102.209.62.129 port 50904:11: Bye Bye [preauth]
May  5 01:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Disconnected from 102.209.62.129 port 50904 [preauth]
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10469]: pam_unix(cron:session): session closed for user root
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session closed for user p13x
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10546]: Successful su for rubyman by root
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10546]: + ??? root:rubyman
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330932 of user rubyman.
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10546]: pam_unix(su:session): session closed for user rubyman
May  5 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330932.
May  5 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session closed for user root
May  5 01:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session closed for user root
May  5 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user samftp
May  5 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session closed for user root
May  5 01:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Failed password for root from 87.201.127.149 port 41614 ssh2
May  5 01:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Received disconnect from 87.201.127.149 port 41614:11: Bye Bye [preauth]
May  5 01:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10936]: Disconnected from 87.201.127.149 port 41614 [preauth]
May  5 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 01:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Failed password for root from 218.92.0.233 port 57252 ssh2
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Failed password for root from 218.92.0.233 port 57252 ssh2
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session closed for user p13x
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11032]: Successful su for rubyman by root
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11032]: + ??? root:rubyman
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330938 of user rubyman.
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11032]: pam_unix(su:session): session closed for user rubyman
May  5 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330938.
May  5 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Failed password for root from 218.92.0.233 port 57252 ssh2
May  5 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Received disconnect from 218.92.0.233 port 57252:11:  [preauth]
May  5 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: Disconnected from 218.92.0.233 port 57252 [preauth]
May  5 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10954]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user root
May  5 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session closed for user samftp
May  5 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Failed password for root from 218.92.0.233 port 56208 ssh2
May  5 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 56208 ssh2]
May  5 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Received disconnect from 218.92.0.233 port 56208:11:  [preauth]
May  5 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Disconnected from 218.92.0.233 port 56208 [preauth]
May  5 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 01:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 01:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: Failed password for root from 218.92.0.233 port 42732 ssh2
May  5 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 42732 ssh2]
May  5 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: Received disconnect from 218.92.0.233 port 42732:11:  [preauth]
May  5 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: Disconnected from 218.92.0.233 port 42732 [preauth]
May  5 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11261]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 01:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session closed for user root
May  5 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Invalid user zhangsan from 165.154.14.28
May  5 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: input_userauth_request: invalid user zhangsan [preauth]
May  5 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Failed password for invalid user zhangsan from 165.154.14.28 port 45032 ssh2
May  5 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Received disconnect from 165.154.14.28 port 45032:11: Bye Bye [preauth]
May  5 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Disconnected from 165.154.14.28 port 45032 [preauth]
May  5 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session closed for user p13x
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: Successful su for rubyman by root
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: + ??? root:rubyman
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330944 of user rubyman.
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11428]: pam_unix(su:session): session closed for user rubyman
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330944.
May  5 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Invalid user dxu from 102.209.62.129
May  5 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: input_userauth_request: invalid user dxu [preauth]
May  5 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session closed for user root
May  5 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11369]: pam_unix(cron:session): session closed for user samftp
May  5 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Failed password for invalid user dxu from 102.209.62.129 port 59932 ssh2
May  5 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Received disconnect from 102.209.62.129 port 59932:11: Bye Bye [preauth]
May  5 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Disconnected from 102.209.62.129 port 59932 [preauth]
May  5 01:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session closed for user root
May  5 01:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Invalid user usdt from 68.183.12.36
May  5 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: input_userauth_request: invalid user usdt [preauth]
May  5 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Failed password for invalid user usdt from 68.183.12.36 port 58306 ssh2
May  5 01:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11710]: Connection closed by 68.183.12.36 port 58306 [preauth]
May  5 01:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Invalid user ftpuser from 87.201.127.149
May  5 01:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: input_userauth_request: invalid user ftpuser [preauth]
May  5 01:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Failed password for invalid user ftpuser from 87.201.127.149 port 49194 ssh2
May  5 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Received disconnect from 87.201.127.149 port 49194:11: Bye Bye [preauth]
May  5 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Disconnected from 87.201.127.149 port 49194 [preauth]
May  5 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11772]: pam_unix(cron:session): session closed for user p13x
May  5 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11837]: Successful su for rubyman by root
May  5 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11837]: + ??? root:rubyman
May  5 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330947 of user rubyman.
May  5 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11837]: pam_unix(su:session): session closed for user rubyman
May  5 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330947.
May  5 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8980]: pam_unix(cron:session): session closed for user root
May  5 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session closed for user samftp
May  5 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session closed for user root
May  5 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: Invalid user hpe from 117.216.143.31
May  5 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: input_userauth_request: invalid user hpe [preauth]
May  5 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: Failed password for invalid user hpe from 117.216.143.31 port 35672 ssh2
May  5 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: Received disconnect from 117.216.143.31 port 35672:11: Bye Bye [preauth]
May  5 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: Disconnected from 117.216.143.31 port 35672 [preauth]
May  5 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 01:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 218.92.0.201 port 19842 ssh2
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12170]: pam_unix(cron:session): session closed for user p13x
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: Successful su for rubyman by root
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: + ??? root:rubyman
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330951 of user rubyman.
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: pam_unix(su:session): session closed for user rubyman
May  5 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330951.
May  5 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 218.92.0.201 port 19842 ssh2
May  5 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12168]: pam_unix(cron:session): session closed for user root
May  5 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session closed for user root
May  5 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 218.92.0.201 port 19842 ssh2
May  5 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12171]: pam_unix(cron:session): session closed for user samftp
May  5 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 218.92.0.201 port 19842 ssh2
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Failed password for root from 218.92.0.201 port 19842 ssh2
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 19842 ssh2 [preauth]
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Disconnecting: Too many authentication failures [preauth]
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Failed password for root from 50.235.31.47 port 60696 ssh2
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12524]: Connection closed by 50.235.31.47 port 60696 [preauth]
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Invalid user dima from 102.209.62.129
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: input_userauth_request: invalid user dima [preauth]
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Failed password for invalid user dima from 102.209.62.129 port 40734 ssh2
May  5 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Received disconnect from 102.209.62.129 port 40734:11: Bye Bye [preauth]
May  5 01:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12513]: Disconnected from 102.209.62.129 port 40734 [preauth]
May  5 01:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for root from 218.92.0.201 port 40602 ssh2
May  5 01:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 40602 ssh2]
May  5 01:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Invalid user sanjeev from 87.201.127.149
May  5 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: input_userauth_request: invalid user sanjeev [preauth]
May  5 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for root from 218.92.0.201 port 40602 ssh2
May  5 01:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Failed password for invalid user sanjeev from 87.201.127.149 port 56770 ssh2
May  5 01:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Received disconnect from 87.201.127.149 port 56770:11: Bye Bye [preauth]
May  5 01:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Disconnected from 87.201.127.149 port 56770 [preauth]
May  5 01:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Failed password for root from 218.92.0.201 port 40602 ssh2
May  5 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11371]: pam_unix(cron:session): session closed for user root
May  5 01:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12669]: pam_unix(cron:session): session closed for user root
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session closed for user p13x
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12733]: Successful su for rubyman by root
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12733]: + ??? root:rubyman
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330959 of user rubyman.
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12733]: pam_unix(su:session): session closed for user rubyman
May  5 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330959.
May  5 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session closed for user root
May  5 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session closed for user root
May  5 01:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  5 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session closed for user samftp
May  5 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Failed password for root from 218.92.0.198 port 25410 ssh2
May  5 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 25410 ssh2]
May  5 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Received disconnect from 218.92.0.198 port 25410:11:  [preauth]
May  5 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Disconnected from 218.92.0.198 port 25410 [preauth]
May  5 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  5 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  5 01:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Failed password for root from 218.92.0.198 port 23606 ssh2
May  5 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 23606 ssh2]
May  5 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Received disconnect from 218.92.0.198 port 23606:11:  [preauth]
May  5 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: Disconnected from 218.92.0.198 port 23606 [preauth]
May  5 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12945]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  5 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  5 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Failed password for root from 218.92.0.198 port 23636 ssh2
May  5 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 23636 ssh2]
May  5 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Received disconnect from 218.92.0.198 port 23636:11:  [preauth]
May  5 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: Disconnected from 218.92.0.198 port 23636 [preauth]
May  5 01:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12968]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  5 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11775]: pam_unix(cron:session): session closed for user root
May  5 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13095]: pam_unix(cron:session): session closed for user p13x
May  5 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13165]: Successful su for rubyman by root
May  5 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13165]: + ??? root:rubyman
May  5 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330961 of user rubyman.
May  5 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13165]: pam_unix(su:session): session closed for user rubyman
May  5 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330961.
May  5 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session closed for user root
May  5 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13096]: pam_unix(cron:session): session closed for user samftp
May  5 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Failed password for root from 87.201.127.149 port 36114 ssh2
May  5 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Received disconnect from 87.201.127.149 port 36114:11: Bye Bye [preauth]
May  5 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Disconnected from 87.201.127.149 port 36114 [preauth]
May  5 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Invalid user aws from 102.209.62.129
May  5 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: input_userauth_request: invalid user aws [preauth]
May  5 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Failed password for invalid user aws from 102.209.62.129 port 49770 ssh2
May  5 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Received disconnect from 102.209.62.129 port 49770:11: Bye Bye [preauth]
May  5 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Disconnected from 102.209.62.129 port 49770 [preauth]
May  5 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12173]: pam_unix(cron:session): session closed for user root
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13607]: pam_unix(cron:session): session closed for user p13x
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: Successful su for rubyman by root
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: + ??? root:rubyman
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330967 of user rubyman.
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13669]: pam_unix(su:session): session closed for user rubyman
May  5 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330967.
May  5 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10967]: pam_unix(cron:session): session closed for user root
May  5 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session closed for user samftp
May  5 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12668]: pam_unix(cron:session): session closed for user root
May  5 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Invalid user taibabi from 147.0.206.46
May  5 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: input_userauth_request: invalid user taibabi [preauth]
May  5 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 01:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Invalid user chenchen from 165.154.14.28
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: input_userauth_request: invalid user chenchen [preauth]
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Failed password for invalid user taibabi from 147.0.206.46 port 53084 ssh2
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Received disconnect from 147.0.206.46 port 53084:11: Bye Bye [preauth]
May  5 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Disconnected from 147.0.206.46 port 53084 [preauth]
May  5 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Failed password for invalid user chenchen from 165.154.14.28 port 42524 ssh2
May  5 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Received disconnect from 165.154.14.28 port 42524:11: Bye Bye [preauth]
May  5 01:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13999]: Disconnected from 165.154.14.28 port 42524 [preauth]
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14013]: pam_unix(cron:session): session closed for user p13x
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14075]: Successful su for rubyman by root
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14075]: + ??? root:rubyman
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330970 of user rubyman.
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14075]: pam_unix(su:session): session closed for user rubyman
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330970.
May  5 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149  user=root
May  5 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11370]: pam_unix(cron:session): session closed for user root
May  5 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: Failed password for root from 87.201.127.149 port 43700 ssh2
May  5 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session closed for user samftp
May  5 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: Received disconnect from 87.201.127.149 port 43700:11: Bye Bye [preauth]
May  5 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14086]: Disconnected from 87.201.127.149 port 43700 [preauth]
May  5 01:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Invalid user test3 from 102.209.62.129
May  5 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: input_userauth_request: invalid user test3 [preauth]
May  5 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13098]: pam_unix(cron:session): session closed for user root
May  5 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user test3 from 102.209.62.129 port 58796 ssh2
May  5 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Received disconnect from 102.209.62.129 port 58796:11: Bye Bye [preauth]
May  5 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Disconnected from 102.209.62.129 port 58796 [preauth]
May  5 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session closed for user p13x
May  5 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14477]: Successful su for rubyman by root
May  5 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14477]: + ??? root:rubyman
May  5 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330975 of user rubyman.
May  5 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14477]: pam_unix(su:session): session closed for user rubyman
May  5 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330975.
May  5 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11774]: pam_unix(cron:session): session closed for user root
May  5 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session closed for user samftp
May  5 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13610]: pam_unix(cron:session): session closed for user root
May  5 01:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Invalid user taibabi from 87.201.127.149
May  5 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: input_userauth_request: invalid user taibabi [preauth]
May  5 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Invalid user usdc from 68.183.12.36
May  5 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: input_userauth_request: invalid user usdc [preauth]
May  5 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Failed password for invalid user taibabi from 87.201.127.149 port 51322 ssh2
May  5 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Received disconnect from 87.201.127.149 port 51322:11: Bye Bye [preauth]
May  5 01:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14794]: Disconnected from 87.201.127.149 port 51322 [preauth]
May  5 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for invalid user usdc from 68.183.12.36 port 32802 ssh2
May  5 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Connection closed by 68.183.12.36 port 32802 [preauth]
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14831]: pam_unix(cron:session): session closed for user root
May  5 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14826]: pam_unix(cron:session): session closed for user p13x
May  5 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: Successful su for rubyman by root
May  5 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: + ??? root:rubyman
May  5 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330979 of user rubyman.
May  5 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: pam_unix(su:session): session closed for user rubyman
May  5 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330979.
May  5 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14828]: pam_unix(cron:session): session closed for user root
May  5 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12172]: pam_unix(cron:session): session closed for user root
May  5 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14827]: pam_unix(cron:session): session closed for user samftp
May  5 01:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session closed for user root
May  5 01:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129  user=root
May  5 01:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Failed password for root from 102.209.62.129 port 39590 ssh2
May  5 01:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Received disconnect from 102.209.62.129 port 39590:11: Bye Bye [preauth]
May  5 01:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Disconnected from 102.209.62.129 port 39590 [preauth]
May  5 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session closed for user p13x
May  5 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15322]: Successful su for rubyman by root
May  5 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15322]: + ??? root:rubyman
May  5 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330983 of user rubyman.
May  5 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15322]: pam_unix(su:session): session closed for user rubyman
May  5 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330983.
May  5 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session closed for user root
May  5 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15255]: pam_unix(cron:session): session closed for user samftp
May  5 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Failed password for root from 218.92.0.179 port 32898 ssh2
May  5 01:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Failed password for root from 218.92.0.179 port 32898 ssh2
May  5 01:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35  user=root
May  5 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Failed password for root from 218.92.0.179 port 32898 ssh2
May  5 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Received disconnect from 218.92.0.179 port 32898:11:  [preauth]
May  5 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Disconnected from 218.92.0.179 port 32898 [preauth]
May  5 01:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for root from 81.192.46.35 port 60764 ssh2
May  5 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Received disconnect from 81.192.46.35 port 60764:11: Bye Bye [preauth]
May  5 01:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Disconnected from 81.192.46.35 port 60764 [preauth]
May  5 01:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session closed for user root
May  5 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Invalid user taibabi from 87.201.127.149
May  5 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: input_userauth_request: invalid user taibabi [preauth]
May  5 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.201.127.149
May  5 01:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Failed password for invalid user taibabi from 87.201.127.149 port 58904 ssh2
May  5 01:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Received disconnect from 87.201.127.149 port 58904:11: Bye Bye [preauth]
May  5 01:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Disconnected from 87.201.127.149 port 58904 [preauth]
May  5 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user p13x
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: Successful su for rubyman by root
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: + ??? root:rubyman
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330987 of user rubyman.
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: pam_unix(su:session): session closed for user rubyman
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330987.
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Invalid user keums from 117.216.143.31
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: input_userauth_request: invalid user keums [preauth]
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13097]: pam_unix(cron:session): session closed for user root
May  5 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Failed password for invalid user keums from 117.216.143.31 port 49484 ssh2
May  5 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Received disconnect from 117.216.143.31 port 49484:11: Bye Bye [preauth]
May  5 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Disconnected from 117.216.143.31 port 49484 [preauth]
May  5 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user samftp
May  5 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14830]: pam_unix(cron:session): session closed for user root
May  5 01:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Invalid user zhangfeng from 102.209.62.129
May  5 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: input_userauth_request: invalid user zhangfeng [preauth]
May  5 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Failed password for invalid user zhangfeng from 102.209.62.129 port 48616 ssh2
May  5 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Received disconnect from 102.209.62.129 port 48616:11: Bye Bye [preauth]
May  5 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16008]: Disconnected from 102.209.62.129 port 48616 [preauth]
May  5 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16057]: pam_unix(cron:session): session closed for user p13x
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: Successful su for rubyman by root
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: + ??? root:rubyman
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330991 of user rubyman.
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16117]: pam_unix(su:session): session closed for user rubyman
May  5 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330991.
May  5 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session closed for user root
May  5 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16058]: pam_unix(cron:session): session closed for user samftp
May  5 01:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: Connection closed by 71.6.232.25 port 47350 [preauth]
May  5 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session closed for user root
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session closed for user p13x
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16527]: Successful su for rubyman by root
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16527]: + ??? root:rubyman
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 330996 of user rubyman.
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16527]: pam_unix(su:session): session closed for user rubyman
May  5 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 330996.
May  5 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session closed for user root
May  5 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Invalid user services from 165.154.14.28
May  5 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: input_userauth_request: invalid user services [preauth]
May  5 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user services from 165.154.14.28 port 40050 ssh2
May  5 01:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session closed for user samftp
May  5 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Received disconnect from 165.154.14.28 port 40050:11: Bye Bye [preauth]
May  5 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Disconnected from 165.154.14.28 port 40050 [preauth]
May  5 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session closed for user root
May  5 01:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Invalid user admin from 117.216.143.31
May  5 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: input_userauth_request: invalid user admin [preauth]
May  5 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 01:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Failed password for invalid user admin from 117.216.143.31 port 34454 ssh2
May  5 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Received disconnect from 117.216.143.31 port 34454:11: Bye Bye [preauth]
May  5 01:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16871]: Disconnected from 117.216.143.31 port 34454 [preauth]
May  5 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: Invalid user taibabi from 102.209.62.129
May  5 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: input_userauth_request: invalid user taibabi [preauth]
May  5 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: Failed password for invalid user taibabi from 102.209.62.129 port 57642 ssh2
May  5 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: Received disconnect from 102.209.62.129 port 57642:11: Bye Bye [preauth]
May  5 01:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16873]: Disconnected from 102.209.62.129 port 57642 [preauth]
May  5 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: Invalid user admin from 139.19.117.131
May  5 01:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: input_userauth_request: invalid user admin [preauth]
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16930]: pam_unix(cron:session): session closed for user root
May  5 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16919]: pam_unix(cron:session): session closed for user p13x
May  5 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17003]: Successful su for rubyman by root
May  5 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17003]: + ??? root:rubyman
May  5 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331002 of user rubyman.
May  5 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17003]: pam_unix(su:session): session closed for user rubyman
May  5 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331002.
May  5 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: Connection closed by 139.19.117.131 port 55744 [preauth]
May  5 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16927]: pam_unix(cron:session): session closed for user root
May  5 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14419]: pam_unix(cron:session): session closed for user root
May  5 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16920]: pam_unix(cron:session): session closed for user samftp
May  5 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16060]: pam_unix(cron:session): session closed for user root
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17360]: pam_unix(cron:session): session closed for user p13x
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17430]: Successful su for rubyman by root
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17430]: + ??? root:rubyman
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331005 of user rubyman.
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17430]: pam_unix(su:session): session closed for user rubyman
May  5 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331005.
May  5 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14829]: pam_unix(cron:session): session closed for user root
May  5 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17361]: pam_unix(cron:session): session closed for user samftp
May  5 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user root
May  5 01:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Invalid user gitlab-runner from 102.209.62.129
May  5 01:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 01:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Failed password for invalid user gitlab-runner from 102.209.62.129 port 38436 ssh2
May  5 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Received disconnect from 102.209.62.129 port 38436:11: Bye Bye [preauth]
May  5 01:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17782]: Disconnected from 102.209.62.129 port 38436 [preauth]
May  5 01:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Invalid user xrp from 68.183.12.36
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: input_userauth_request: invalid user xrp [preauth]
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session closed for user p13x
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: Successful su for rubyman by root
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: + ??? root:rubyman
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331012 of user rubyman.
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: pam_unix(su:session): session closed for user rubyman
May  5 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331012.
May  5 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Failed password for invalid user xrp from 68.183.12.36 port 35468 ssh2
May  5 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17890]: Connection closed by 68.183.12.36 port 35468 [preauth]
May  5 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15256]: pam_unix(cron:session): session closed for user root
May  5 01:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session closed for user samftp
May  5 01:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Invalid user zdy from 117.216.143.31
May  5 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: input_userauth_request: invalid user zdy [preauth]
May  5 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 01:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Failed password for invalid user zdy from 117.216.143.31 port 45438 ssh2
May  5 01:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Received disconnect from 117.216.143.31 port 45438:11: Bye Bye [preauth]
May  5 01:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18218]: Disconnected from 117.216.143.31 port 45438 [preauth]
May  5 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Invalid user lzh from 128.199.20.225
May  5 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: input_userauth_request: invalid user lzh [preauth]
May  5 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 01:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Failed password for invalid user lzh from 128.199.20.225 port 38700 ssh2
May  5 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Received disconnect from 128.199.20.225 port 38700:11: Bye Bye [preauth]
May  5 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Disconnected from 128.199.20.225 port 38700 [preauth]
May  5 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session closed for user root
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18317]: pam_unix(cron:session): session closed for user p13x
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: Successful su for rubyman by root
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: + ??? root:rubyman
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331013 of user rubyman.
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18386]: pam_unix(su:session): session closed for user rubyman
May  5 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331013.
May  5 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session closed for user root
May  5 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18318]: pam_unix(cron:session): session closed for user samftp
May  5 01:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46  user=root
May  5 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Failed password for root from 147.0.206.46 port 52726 ssh2
May  5 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Received disconnect from 147.0.206.46 port 52726:11: Bye Bye [preauth]
May  5 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Disconnected from 147.0.206.46 port 52726 [preauth]
May  5 01:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session closed for user root
May  5 01:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Invalid user vijay from 102.209.62.129
May  5 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: input_userauth_request: invalid user vijay [preauth]
May  5 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.209.62.129
May  5 01:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Failed password for invalid user vijay from 102.209.62.129 port 47460 ssh2
May  5 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Received disconnect from 102.209.62.129 port 47460:11: Bye Bye [preauth]
May  5 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18716]: Disconnected from 102.209.62.129 port 47460 [preauth]
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user p13x
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: Successful su for rubyman by root
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: + ??? root:rubyman
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331017 of user rubyman.
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: pam_unix(su:session): session closed for user rubyman
May  5 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331017.
May  5 01:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16059]: pam_unix(cron:session): session closed for user root
May  5 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session closed for user samftp
May  5 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session closed for user root
May  5 01:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user root
May  5 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session closed for user p13x
May  5 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19206]: Successful su for rubyman by root
May  5 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19206]: + ??? root:rubyman
May  5 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331023 of user rubyman.
May  5 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19206]: pam_unix(su:session): session closed for user rubyman
May  5 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331023.
May  5 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19141]: pam_unix(cron:session): session closed for user root
May  5 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session closed for user root
May  5 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session closed for user samftp
May  5 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  5 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for root from 165.154.14.28 port 43756 ssh2
May  5 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Received disconnect from 165.154.14.28 port 43756:11: Bye Bye [preauth]
May  5 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Disconnected from 165.154.14.28 port 43756 [preauth]
May  5 01:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18321]: pam_unix(cron:session): session closed for user root
May  5 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session closed for user p13x
May  5 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19666]: Successful su for rubyman by root
May  5 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19666]: + ??? root:rubyman
May  5 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331027 of user rubyman.
May  5 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19666]: pam_unix(su:session): session closed for user rubyman
May  5 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331027.
May  5 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session closed for user root
May  5 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session closed for user samftp
May  5 01:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Invalid user project from 81.192.46.35
May  5 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: input_userauth_request: invalid user project [preauth]
May  5 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Failed password for invalid user project from 81.192.46.35 port 58302 ssh2
May  5 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Received disconnect from 81.192.46.35 port 58302:11: Bye Bye [preauth]
May  5 01:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19857]: Disconnected from 81.192.46.35 port 58302 [preauth]
May  5 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18733]: pam_unix(cron:session): session closed for user root
May  5 01:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for root from 218.92.0.179 port 41267 ssh2
May  5 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for root from 218.92.0.179 port 41267 ssh2
May  5 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20014]: pam_unix(cron:session): session closed for user p13x
May  5 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: Successful su for rubyman by root
May  5 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: + ??? root:rubyman
May  5 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331032 of user rubyman.
May  5 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: pam_unix(su:session): session closed for user rubyman
May  5 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331032.
May  5 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for root from 218.92.0.179 port 41267 ssh2
May  5 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Received disconnect from 218.92.0.179 port 41267:11:  [preauth]
May  5 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Disconnected from 218.92.0.179 port 41267 [preauth]
May  5 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17362]: pam_unix(cron:session): session closed for user root
May  5 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session closed for user samftp
May  5 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session closed for user root
May  5 01:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46  user=root
May  5 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Failed password for root from 147.0.206.46 port 59382 ssh2
May  5 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Received disconnect from 147.0.206.46 port 59382:11: Bye Bye [preauth]
May  5 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20387]: Disconnected from 147.0.206.46 port 59382 [preauth]
May  5 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Invalid user edna from 117.216.143.31
May  5 01:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: input_userauth_request: invalid user edna [preauth]
May  5 01:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Failed password for invalid user edna from 117.216.143.31 port 43594 ssh2
May  5 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Received disconnect from 117.216.143.31 port 43594:11: Bye Bye [preauth]
May  5 01:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20397]: Disconnected from 117.216.143.31 port 43594 [preauth]
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20410]: pam_unix(cron:session): session closed for user p13x
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: Connection reset by 218.92.0.227 port 27426 [preauth]
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: Successful su for rubyman by root
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: + ??? root:rubyman
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331036 of user rubyman.
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20477]: pam_unix(su:session): session closed for user rubyman
May  5 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331036.
May  5 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17895]: pam_unix(cron:session): session closed for user root
May  5 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session closed for user samftp
May  5 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session closed for user root
May  5 01:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: Connection closed by 148.113.210.228 port 55292 [preauth]
May  5 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user p13x
May  5 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: Successful su for rubyman by root
May  5 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: + ??? root:rubyman
May  5 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331039 of user rubyman.
May  5 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20899]: pam_unix(su:session): session closed for user rubyman
May  5 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331039.
May  5 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18319]: pam_unix(cron:session): session closed for user root
May  5 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Invalid user ada from 68.183.12.36
May  5 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: input_userauth_request: invalid user ada [preauth]
May  5 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: pam_unix(sshd:auth): check pass; user unknown
May  5 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user samftp
May  5 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Failed password for invalid user ada from 68.183.12.36 port 49966 ssh2
May  5 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21005]: Connection closed by 68.183.12.36 port 49966 [preauth]
May  5 01:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session closed for user root
May  5 01:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Failed password for root from 218.92.0.179 port 15713 ssh2
May  5 01:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 15713 ssh2]
May  5 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Received disconnect from 218.92.0.179 port 15713:11:  [preauth]
May  5 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: Disconnected from 218.92.0.179 port 15713 [preauth]
May  5 01:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21143]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user root
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session closed for user root
May  5 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21258]: pam_unix(cron:session): session closed for user p13x
May  5 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21364]: Successful su for rubyman by root
May  5 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21364]: + ??? root:rubyman
May  5 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331046 of user rubyman.
May  5 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21364]: pam_unix(su:session): session closed for user rubyman
May  5 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331046.
May  5 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session closed for user root
May  5 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session closed for user root
May  5 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21259]: pam_unix(cron:session): session closed for user samftp
May  5 02:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session closed for user root
May  5 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for root from 164.68.105.9 port 52006 ssh2
May  5 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Connection closed by 164.68.105.9 port 52006 [preauth]
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22082]: pam_unix(cron:session): session closed for user p13x
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: Successful su for rubyman by root
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: + ??? root:rubyman
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331050 of user rubyman.
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22159]: pam_unix(su:session): session closed for user rubyman
May  5 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331050.
May  5 02:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19142]: pam_unix(cron:session): session closed for user root
May  5 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session closed for user samftp
May  5 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: Invalid user angel from 81.192.46.35
May  5 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: input_userauth_request: invalid user angel [preauth]
May  5 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: Failed password for invalid user angel from 81.192.46.35 port 38132 ssh2
May  5 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: Received disconnect from 81.192.46.35 port 38132:11: Bye Bye [preauth]
May  5 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22352]: Disconnected from 81.192.46.35 port 38132 [preauth]
May  5 02:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  5 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for root from 165.154.14.28 port 55428 ssh2
May  5 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Received disconnect from 165.154.14.28 port 55428:11: Bye Bye [preauth]
May  5 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Disconnected from 165.154.14.28 port 55428 [preauth]
May  5 02:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session closed for user root
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22579]: pam_unix(cron:session): session closed for user p13x
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22640]: Successful su for rubyman by root
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22640]: + ??? root:rubyman
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331054 of user rubyman.
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22640]: pam_unix(su:session): session closed for user rubyman
May  5 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331054.
May  5 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session closed for user root
May  5 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22580]: pam_unix(cron:session): session closed for user samftp
May  5 02:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Invalid user taibabi from 147.0.206.46
May  5 02:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: input_userauth_request: invalid user taibabi [preauth]
May  5 02:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Failed password for invalid user taibabi from 147.0.206.46 port 37812 ssh2
May  5 02:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Received disconnect from 147.0.206.46 port 37812:11: Bye Bye [preauth]
May  5 02:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22919]: Disconnected from 147.0.206.46 port 37812 [preauth]
May  5 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user root
May  5 02:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Invalid user postgres from 128.199.20.225
May  5 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: input_userauth_request: invalid user postgres [preauth]
May  5 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user postgres from 128.199.20.225 port 33440 ssh2
May  5 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Received disconnect from 128.199.20.225 port 33440:11: Bye Bye [preauth]
May  5 02:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Disconnected from 128.199.20.225 port 33440 [preauth]
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23039]: pam_unix(cron:session): session closed for user p13x
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23098]: Successful su for rubyman by root
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23098]: + ??? root:rubyman
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331059 of user rubyman.
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23098]: pam_unix(su:session): session closed for user rubyman
May  5 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331059.
May  5 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session closed for user root
May  5 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session closed for user samftp
May  5 02:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Invalid user hall from 117.216.143.31
May  5 02:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: input_userauth_request: invalid user hall [preauth]
May  5 02:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 02:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Failed password for invalid user hall from 117.216.143.31 port 42442 ssh2
May  5 02:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Received disconnect from 117.216.143.31 port 42442:11: Bye Bye [preauth]
May  5 02:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23416]: Disconnected from 117.216.143.31 port 42442 [preauth]
May  5 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session closed for user root
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session closed for user p13x
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: Successful su for rubyman by root
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: + ??? root:rubyman
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331062 of user rubyman.
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: pam_unix(su:session): session closed for user rubyman
May  5 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331062.
May  5 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user root
May  5 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23540]: pam_unix(cron:session): session closed for user samftp
May  5 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22582]: pam_unix(cron:session): session closed for user root
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user root
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session closed for user p13x
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: Successful su for rubyman by root
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: + ??? root:rubyman
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331067 of user rubyman.
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: pam_unix(su:session): session closed for user rubyman
May  5 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331067.
May  5 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session closed for user root
May  5 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
May  5 02:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session closed for user samftp
May  5 02:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23042]: pam_unix(cron:session): session closed for user root
May  5 02:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Invalid user sangmin from 81.192.46.35
May  5 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: input_userauth_request: invalid user sangmin [preauth]
May  5 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Failed password for invalid user sangmin from 81.192.46.35 port 46188 ssh2
May  5 02:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Received disconnect from 81.192.46.35 port 46188:11: Bye Bye [preauth]
May  5 02:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Disconnected from 81.192.46.35 port 46188 [preauth]
May  5 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24538]: pam_unix(cron:session): session closed for user p13x
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24613]: Successful su for rubyman by root
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24613]: + ??? root:rubyman
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331072 of user rubyman.
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24613]: pam_unix(su:session): session closed for user rubyman
May  5 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331072.
May  5 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user xy from 117.216.143.31
May  5 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user xy [preauth]
May  5 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Invalid user sol from 68.183.12.36
May  5 02:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: input_userauth_request: invalid user sol [preauth]
May  5 02:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user root
May  5 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user xy from 117.216.143.31 port 57550 ssh2
May  5 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Received disconnect from 117.216.143.31 port 57550:11: Bye Bye [preauth]
May  5 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Disconnected from 117.216.143.31 port 57550 [preauth]
May  5 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Failed password for invalid user sol from 68.183.12.36 port 44312 ssh2
May  5 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24539]: pam_unix(cron:session): session closed for user samftp
May  5 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Connection closed by 68.183.12.36 port 44312 [preauth]
May  5 02:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23542]: pam_unix(cron:session): session closed for user root
May  5 02:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Invalid user usera from 147.0.206.46
May  5 02:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: input_userauth_request: invalid user usera [preauth]
May  5 02:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Failed password for invalid user usera from 147.0.206.46 port 44460 ssh2
May  5 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session closed for user p13x
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Received disconnect from 147.0.206.46 port 44460:11: Bye Bye [preauth]
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Disconnected from 147.0.206.46 port 44460 [preauth]
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25037]: Successful su for rubyman by root
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25037]: + ??? root:rubyman
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331076 of user rubyman.
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25037]: pam_unix(su:session): session closed for user rubyman
May  5 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331076.
May  5 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22084]: pam_unix(cron:session): session closed for user root
May  5 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session closed for user samftp
May  5 02:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session closed for user root
May  5 02:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: Invalid user zhanghang from 165.154.14.28
May  5 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: input_userauth_request: invalid user zhanghang [preauth]
May  5 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 02:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: Failed password for invalid user zhanghang from 165.154.14.28 port 52418 ssh2
May  5 02:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: Received disconnect from 165.154.14.28 port 52418:11: Bye Bye [preauth]
May  5 02:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25307]: Disconnected from 165.154.14.28 port 52418 [preauth]
May  5 02:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25388]: pam_unix(cron:session): session closed for user p13x
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25448]: Successful su for rubyman by root
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25448]: + ??? root:rubyman
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331081 of user rubyman.
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25448]: pam_unix(su:session): session closed for user rubyman
May  5 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331081.
May  5 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22581]: pam_unix(cron:session): session closed for user root
May  5 02:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session closed for user samftp
May  5 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Invalid user user from 128.199.20.225
May  5 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: input_userauth_request: invalid user user [preauth]
May  5 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Failed password for invalid user user from 128.199.20.225 port 41278 ssh2
May  5 02:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Received disconnect from 128.199.20.225 port 41278:11: Bye Bye [preauth]
May  5 02:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25644]: Disconnected from 128.199.20.225 port 41278 [preauth]
May  5 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session closed for user root
May  5 02:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Invalid user fengyingchao from 117.216.143.31
May  5 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: input_userauth_request: invalid user fengyingchao [preauth]
May  5 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 02:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Failed password for invalid user fengyingchao from 117.216.143.31 port 37544 ssh2
May  5 02:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Received disconnect from 117.216.143.31 port 37544:11: Bye Bye [preauth]
May  5 02:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Disconnected from 117.216.143.31 port 37544 [preauth]
May  5 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Failed password for root from 218.92.0.179 port 25757 ssh2
May  5 02:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 25757 ssh2]
May  5 02:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Received disconnect from 218.92.0.179 port 25757:11:  [preauth]
May  5 02:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Disconnected from 218.92.0.179 port 25757 [preauth]
May  5 02:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session closed for user p13x
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25908]: Successful su for rubyman by root
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25908]: + ??? root:rubyman
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331085 of user rubyman.
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25908]: pam_unix(su:session): session closed for user rubyman
May  5 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331085.
May  5 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session closed for user root
May  5 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23041]: pam_unix(cron:session): session closed for user root
May  5 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25796]: pam_unix(cron:session): session closed for user samftp
May  5 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session closed for user root
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user root
May  5 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26283]: pam_unix(cron:session): session closed for user p13x
May  5 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26351]: Successful su for rubyman by root
May  5 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26351]: + ??? root:rubyman
May  5 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331091 of user rubyman.
May  5 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26351]: pam_unix(su:session): session closed for user rubyman
May  5 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331091.
May  5 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session closed for user root
May  5 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26285]: pam_unix(cron:session): session closed for user root
May  5 02:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26284]: pam_unix(cron:session): session closed for user samftp
May  5 02:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Invalid user david from 190.103.202.7
May  5 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: input_userauth_request: invalid user david [preauth]
May  5 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 02:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Failed password for invalid user david from 190.103.202.7 port 47666 ssh2
May  5 02:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26683]: Connection closed by 190.103.202.7 port 47666 [preauth]
May  5 02:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25391]: pam_unix(cron:session): session closed for user root
May  5 02:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35  user=root
May  5 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: Failed password for root from 81.192.46.35 port 54246 ssh2
May  5 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: Received disconnect from 81.192.46.35 port 54246:11: Bye Bye [preauth]
May  5 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: Disconnected from 81.192.46.35 port 54246 [preauth]
May  5 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26794]: pam_unix(cron:session): session closed for user p13x
May  5 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: Successful su for rubyman by root
May  5 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: + ??? root:rubyman
May  5 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331095 of user rubyman.
May  5 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: pam_unix(su:session): session closed for user rubyman
May  5 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331095.
May  5 02:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session closed for user root
May  5 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session closed for user samftp
May  5 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Invalid user joao from 27.254.235.4
May  5 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: input_userauth_request: invalid user joao [preauth]
May  5 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Failed password for invalid user joao from 27.254.235.4 port 55126 ssh2
May  5 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46  user=root
May  5 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Received disconnect from 27.254.235.4 port 55126:11: Bye Bye [preauth]
May  5 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Disconnected from 27.254.235.4 port 55126 [preauth]
May  5 02:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: Failed password for root from 147.0.206.46 port 51112 ssh2
May  5 02:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: Received disconnect from 147.0.206.46 port 51112:11: Bye Bye [preauth]
May  5 02:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27174]: Disconnected from 147.0.206.46 port 51112 [preauth]
May  5 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session closed for user root
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27270]: pam_unix(cron:session): session closed for user p13x
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27342]: Successful su for rubyman by root
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27342]: + ??? root:rubyman
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331099 of user rubyman.
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27342]: pam_unix(su:session): session closed for user rubyman
May  5 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331099.
May  5 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24540]: pam_unix(cron:session): session closed for user root
May  5 02:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27271]: pam_unix(cron:session): session closed for user samftp
May  5 02:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  5 02:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: Failed password for root from 218.92.0.218 port 63026 ssh2
May  5 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 63026 ssh2]
May  5 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: Received disconnect from 218.92.0.218 port 63026:11:  [preauth]
May  5 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: Disconnected from 218.92.0.218 port 63026 [preauth]
May  5 02:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27584]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  5 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user root
May  5 02:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  5 02:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 218.92.0.235 port 38420 ssh2
May  5 02:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 218.92.0.235 port 38420 ssh2
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user p13x
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27797]: Successful su for rubyman by root
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27797]: + ??? root:rubyman
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331105 of user rubyman.
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27797]: pam_unix(su:session): session closed for user rubyman
May  5 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331105.
May  5 02:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user root
May  5 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session closed for user samftp
May  5 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Invalid user doge from 68.183.12.36
May  5 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: input_userauth_request: invalid user doge [preauth]
May  5 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Failed password for invalid user doge from 68.183.12.36 port 41240 ssh2
May  5 02:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27990]: Connection closed by 68.183.12.36 port 41240 [preauth]
May  5 02:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Invalid user md from 128.199.20.225
May  5 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: input_userauth_request: invalid user md [preauth]
May  5 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Failed password for invalid user md from 128.199.20.225 port 37206 ssh2
May  5 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Received disconnect from 128.199.20.225 port 37206:11: Bye Bye [preauth]
May  5 02:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28052]: Disconnected from 128.199.20.225 port 37206 [preauth]
May  5 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session closed for user root
May  5 02:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Invalid user user from 165.154.14.28
May  5 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: input_userauth_request: invalid user user [preauth]
May  5 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Failed password for invalid user user from 165.154.14.28 port 43014 ssh2
May  5 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Received disconnect from 165.154.14.28 port 43014:11: Bye Bye [preauth]
May  5 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28107]: Disconnected from 165.154.14.28 port 43014 [preauth]
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session closed for user p13x
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28205]: Successful su for rubyman by root
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28205]: + ??? root:rubyman
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331107 of user rubyman.
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28205]: pam_unix(su:session): session closed for user rubyman
May  5 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331107.
May  5 02:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25390]: pam_unix(cron:session): session closed for user root
May  5 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session closed for user samftp
May  5 02:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: Invalid user shanghaizhongxin from 117.216.143.31
May  5 02:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: input_userauth_request: invalid user shanghaizhongxin [preauth]
May  5 02:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 02:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: Failed password for invalid user shanghaizhongxin from 117.216.143.31 port 41018 ssh2
May  5 02:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: Received disconnect from 117.216.143.31 port 41018:11: Bye Bye [preauth]
May  5 02:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28398]: Disconnected from 117.216.143.31 port 41018 [preauth]
May  5 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27273]: pam_unix(cron:session): session closed for user root
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28546]: pam_unix(cron:session): session closed for user root
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28541]: pam_unix(cron:session): session closed for user p13x
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28611]: Successful su for rubyman by root
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28611]: + ??? root:rubyman
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331113 of user rubyman.
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28611]: pam_unix(su:session): session closed for user rubyman
May  5 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331113.
May  5 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28543]: pam_unix(cron:session): session closed for user root
May  5 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25797]: pam_unix(cron:session): session closed for user root
May  5 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28542]: pam_unix(cron:session): session closed for user samftp
May  5 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35  user=root
May  5 02:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Failed password for root from 81.192.46.35 port 34078 ssh2
May  5 02:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Received disconnect from 81.192.46.35 port 34078:11: Bye Bye [preauth]
May  5 02:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Disconnected from 81.192.46.35 port 34078 [preauth]
May  5 02:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user root
May  5 02:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46  user=root
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28973]: Failed password for root from 147.0.206.46 port 57760 ssh2
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28973]: Received disconnect from 147.0.206.46 port 57760:11: Bye Bye [preauth]
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28973]: Disconnected from 147.0.206.46 port 57760 [preauth]
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28984]: pam_unix(cron:session): session closed for user p13x
May  5 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: Successful su for rubyman by root
May  5 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: + ??? root:rubyman
May  5 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331119 of user rubyman.
May  5 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: pam_unix(su:session): session closed for user rubyman
May  5 02:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331119.
May  5 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26286]: pam_unix(cron:session): session closed for user root
May  5 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session closed for user samftp
May  5 02:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Invalid user work from 27.254.235.4
May  5 02:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: input_userauth_request: invalid user work [preauth]
May  5 02:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Failed password for invalid user work from 27.254.235.4 port 57080 ssh2
May  5 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Received disconnect from 27.254.235.4 port 57080:11: Bye Bye [preauth]
May  5 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29339]: Disconnected from 27.254.235.4 port 57080 [preauth]
May  5 02:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  5 02:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Failed password for root from 193.70.84.184 port 43352 ssh2
May  5 02:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29374]: Connection closed by 193.70.84.184 port 43352 [preauth]
May  5 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session closed for user root
May  5 02:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Failed password for root from 218.92.0.179 port 49133 ssh2
May  5 02:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49133 ssh2]
May  5 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Received disconnect from 218.92.0.179 port 49133:11:  [preauth]
May  5 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Disconnected from 218.92.0.179 port 49133 [preauth]
May  5 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user root
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session closed for user p13x
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: Successful su for rubyman by root
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: + ??? root:rubyman
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331123 of user rubyman.
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29567]: pam_unix(su:session): session closed for user rubyman
May  5 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331123.
May  5 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session closed for user root
May  5 02:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session closed for user samftp
May  5 02:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28545]: pam_unix(cron:session): session closed for user root
May  5 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session closed for user p13x
May  5 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: Successful su for rubyman by root
May  5 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: + ??? root:rubyman
May  5 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331127 of user rubyman.
May  5 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: pam_unix(su:session): session closed for user rubyman
May  5 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331127.
May  5 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27272]: pam_unix(cron:session): session closed for user root
May  5 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session closed for user samftp
May  5 02:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Invalid user taibabi from 27.254.235.4
May  5 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: input_userauth_request: invalid user taibabi [preauth]
May  5 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Failed password for invalid user taibabi from 27.254.235.4 port 36890 ssh2
May  5 02:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Received disconnect from 27.254.235.4 port 36890:11: Bye Bye [preauth]
May  5 02:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Disconnected from 27.254.235.4 port 36890 [preauth]
May  5 02:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28987]: pam_unix(cron:session): session closed for user root
May  5 02:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Invalid user chenchao from 128.199.20.225
May  5 02:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: input_userauth_request: invalid user chenchao [preauth]
May  5 02:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Failed password for invalid user chenchao from 128.199.20.225 port 56378 ssh2
May  5 02:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Received disconnect from 128.199.20.225 port 56378:11: Bye Bye [preauth]
May  5 02:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Disconnected from 128.199.20.225 port 56378 [preauth]
May  5 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Connection reset by 218.92.0.236 port 50756 [preauth]
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30311]: pam_unix(cron:session): session closed for user p13x
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: Successful su for rubyman by root
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: + ??? root:rubyman
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331130 of user rubyman.
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30374]: pam_unix(su:session): session closed for user rubyman
May  5 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331130.
May  5 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
May  5 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30312]: pam_unix(cron:session): session closed for user samftp
May  5 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29505]: pam_unix(cron:session): session closed for user root
May  5 02:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Invalid user alex from 117.216.143.31
May  5 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: input_userauth_request: invalid user alex [preauth]
May  5 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 02:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Failed password for invalid user alex from 117.216.143.31 port 42680 ssh2
May  5 02:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Received disconnect from 117.216.143.31 port 42680:11: Bye Bye [preauth]
May  5 02:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30648]: Disconnected from 117.216.143.31 port 42680 [preauth]
May  5 02:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Invalid user ubuntu from 165.154.14.28
May  5 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: input_userauth_request: invalid user ubuntu [preauth]
May  5 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Failed password for invalid user ubuntu from 165.154.14.28 port 55018 ssh2
May  5 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Received disconnect from 165.154.14.28 port 55018:11: Bye Bye [preauth]
May  5 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Disconnected from 165.154.14.28 port 55018 [preauth]
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session closed for user root
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30707]: pam_unix(cron:session): session closed for user p13x
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30777]: Successful su for rubyman by root
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30777]: + ??? root:rubyman
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331135 of user rubyman.
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30777]: pam_unix(su:session): session closed for user rubyman
May  5 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331135.
May  5 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session closed for user root
May  5 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28143]: pam_unix(cron:session): session closed for user root
May  5 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user samftp
May  5 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: Invalid user angel from 81.192.46.35
May  5 02:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: input_userauth_request: invalid user angel [preauth]
May  5 02:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Invalid user dot from 68.183.12.36
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: input_userauth_request: invalid user dot [preauth]
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: Failed password for invalid user angel from 81.192.46.35 port 42142 ssh2
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: Received disconnect from 81.192.46.35 port 42142:11: Bye Bye [preauth]
May  5 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30993]: Disconnected from 81.192.46.35 port 42142 [preauth]
May  5 02:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for invalid user dot from 68.183.12.36 port 56546 ssh2
May  5 02:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Connection closed by 68.183.12.36 port 56546 [preauth]
May  5 02:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46  user=root
May  5 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31055]: Failed password for root from 147.0.206.46 port 36172 ssh2
May  5 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31055]: Received disconnect from 147.0.206.46 port 36172:11: Bye Bye [preauth]
May  5 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31055]: Disconnected from 147.0.206.46 port 36172 [preauth]
May  5 02:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Invalid user hwserver from 27.254.235.4
May  5 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: input_userauth_request: invalid user hwserver [preauth]
May  5 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session closed for user root
May  5 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Failed password for invalid user hwserver from 27.254.235.4 port 44936 ssh2
May  5 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Received disconnect from 27.254.235.4 port 44936:11: Bye Bye [preauth]
May  5 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31072]: Disconnected from 27.254.235.4 port 44936 [preauth]
May  5 02:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for root from 218.92.0.179 port 18504 ssh2
May  5 02:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for root from 218.92.0.179 port 18504 ssh2
May  5 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Failed password for root from 218.92.0.179 port 18504 ssh2
May  5 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Received disconnect from 218.92.0.179 port 18504:11:  [preauth]
May  5 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: Disconnected from 218.92.0.179 port 18504 [preauth]
May  5 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31131]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Failed password for root from 46.244.96.25 port 33454 ssh2
May  5 02:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Connection closed by 46.244.96.25 port 33454 [preauth]
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session closed for user p13x
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31223]: Successful su for rubyman by root
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31223]: + ??? root:rubyman
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331140 of user rubyman.
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31223]: pam_unix(su:session): session closed for user rubyman
May  5 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331140.
May  5 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28544]: pam_unix(cron:session): session closed for user root
May  5 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31159]: pam_unix(cron:session): session closed for user samftp
May  5 02:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Connection closed by 46.244.96.25 port 51154 [preauth]
May  5 02:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30314]: pam_unix(cron:session): session closed for user root
May  5 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31567]: pam_unix(cron:session): session closed for user p13x
May  5 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31628]: Successful su for rubyman by root
May  5 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31628]: + ??? root:rubyman
May  5 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331146 of user rubyman.
May  5 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31628]: pam_unix(su:session): session closed for user rubyman
May  5 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331146.
May  5 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session closed for user root
May  5 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31568]: pam_unix(cron:session): session closed for user samftp
May  5 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user root
May  5 02:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Invalid user jtribino from 27.254.235.4
May  5 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: input_userauth_request: invalid user jtribino [preauth]
May  5 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Failed password for invalid user jtribino from 27.254.235.4 port 52978 ssh2
May  5 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  5 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Received disconnect from 27.254.235.4 port 52978:11: Bye Bye [preauth]
May  5 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31926]: Disconnected from 27.254.235.4 port 52978 [preauth]
May  5 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: Failed password for root from 218.92.0.217 port 22776 ssh2
May  5 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 22776 ssh2]
May  5 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: Received disconnect from 218.92.0.217 port 22776:11:  [preauth]
May  5 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: Disconnected from 218.92.0.217 port 22776 [preauth]
May  5 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32000]: pam_unix(cron:session): session closed for user p13x
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: Successful su for rubyman by root
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: + ??? root:rubyman
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331150 of user rubyman.
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: pam_unix(su:session): session closed for user rubyman
May  5 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331150.
May  5 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29504]: pam_unix(cron:session): session closed for user root
May  5 02:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32001]: pam_unix(cron:session): session closed for user samftp
May  5 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31161]: pam_unix(cron:session): session closed for user root
May  5 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 02:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Failed password for root from 218.92.0.233 port 28890 ssh2
May  5 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 28890 ssh2]
May  5 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Received disconnect from 218.92.0.233 port 28890:11:  [preauth]
May  5 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: Disconnected from 218.92.0.233 port 28890 [preauth]
May  5 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32345]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  5 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32400]: pam_unix(cron:session): session closed for user p13x
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: Successful su for rubyman by root
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: + ??? root:rubyman
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331153 of user rubyman.
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32465]: pam_unix(su:session): session closed for user rubyman
May  5 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331153.
May  5 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: Invalid user cpa from 128.199.20.225
May  5 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: input_userauth_request: invalid user cpa [preauth]
May  5 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session closed for user root
May  5 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: Failed password for invalid user cpa from 128.199.20.225 port 40348 ssh2
May  5 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: Received disconnect from 128.199.20.225 port 40348:11: Bye Bye [preauth]
May  5 02:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32397]: Disconnected from 128.199.20.225 port 40348 [preauth]
May  5 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32401]: pam_unix(cron:session): session closed for user samftp
May  5 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31571]: pam_unix(cron:session): session closed for user root
May  5 02:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Invalid user test1 from 27.254.235.4
May  5 02:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: input_userauth_request: invalid user test1 [preauth]
May  5 02:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Failed password for invalid user test1 from 27.254.235.4 port 32792 ssh2
May  5 02:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Received disconnect from 27.254.235.4 port 32792:11: Bye Bye [preauth]
May  5 02:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[399]: Disconnected from 27.254.235.4 port 32792 [preauth]
May  5 02:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: Invalid user roo from 147.0.206.46
May  5 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: input_userauth_request: invalid user roo [preauth]
May  5 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: Failed password for invalid user roo from 147.0.206.46 port 42816 ssh2
May  5 02:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: Received disconnect from 147.0.206.46 port 42816:11: Bye Bye [preauth]
May  5 02:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[444]: Disconnected from 147.0.206.46 port 42816 [preauth]
May  5 02:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: Invalid user wangdd from 81.192.46.35
May  5 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: input_userauth_request: invalid user wangdd [preauth]
May  5 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: Failed password for invalid user wangdd from 81.192.46.35 port 50206 ssh2
May  5 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: Received disconnect from 81.192.46.35 port 50206:11: Bye Bye [preauth]
May  5 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[462]: Disconnected from 81.192.46.35 port 50206 [preauth]
May  5 02:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session closed for user root
May  5 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session closed for user p13x
May  5 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[548]: Successful su for rubyman by root
May  5 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[548]: + ??? root:rubyman
May  5 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331159 of user rubyman.
May  5 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[548]: pam_unix(su:session): session closed for user rubyman
May  5 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331159.
May  5 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: Failed password for root from 94.254.0.234 port 35504 ssh2
May  5 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: Received disconnect from 94.254.0.234 port 35504:11: Bye Bye [preauth]
May  5 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: Disconnected from 94.254.0.234 port 35504 [preauth]
May  5 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30313]: pam_unix(cron:session): session closed for user root
May  5 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session closed for user root
May  5 02:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session closed for user samftp
May  5 02:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32003]: pam_unix(cron:session): session closed for user root
May  5 02:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Invalid user polkituser from 165.154.14.28
May  5 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: input_userauth_request: invalid user polkituser [preauth]
May  5 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 02:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Failed password for invalid user polkituser from 165.154.14.28 port 60772 ssh2
May  5 02:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Received disconnect from 165.154.14.28 port 60772:11: Bye Bye [preauth]
May  5 02:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[929]: Disconnected from 165.154.14.28 port 60772 [preauth]
May  5 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[943]: pam_unix(cron:session): session closed for user p13x
May  5 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1013]: Successful su for rubyman by root
May  5 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1013]: + ??? root:rubyman
May  5 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331162 of user rubyman.
May  5 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1013]: pam_unix(su:session): session closed for user rubyman
May  5 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331162.
May  5 02:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session closed for user root
May  5 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session closed for user samftp
May  5 02:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: Failed password for root from 218.92.0.179 port 40468 ssh2
May  5 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40468 ssh2]
May  5 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: Received disconnect from 218.92.0.179 port 40468:11:  [preauth]
May  5 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: Disconnected from 218.92.0.179 port 40468 [preauth]
May  5 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1215]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session closed for user root
May  5 02:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Failed password for root from 27.254.235.4 port 40834 ssh2
May  5 02:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Received disconnect from 27.254.235.4 port 40834:11: Bye Bye [preauth]
May  5 02:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1371]: Disconnected from 27.254.235.4 port 40834 [preauth]
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1403]: pam_unix(cron:session): session closed for user p13x
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1491]: Successful su for rubyman by root
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1491]: + ??? root:rubyman
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331167 of user rubyman.
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1491]: pam_unix(su:session): session closed for user rubyman
May  5 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331167.
May  5 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31160]: pam_unix(cron:session): session closed for user root
May  5 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1406]: pam_unix(cron:session): session closed for user samftp
May  5 02:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Invalid user trx from 68.183.12.36
May  5 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: input_userauth_request: invalid user trx [preauth]
May  5 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Failed password for invalid user trx from 68.183.12.36 port 49226 ssh2
May  5 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Connection closed by 68.183.12.36 port 49226 [preauth]
May  5 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session closed for user root
May  5 02:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: Failed password for root from 218.92.0.179 port 12552 ssh2
May  5 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12552 ssh2]
May  5 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: Received disconnect from 218.92.0.179 port 12552:11:  [preauth]
May  5 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: Disconnected from 218.92.0.179 port 12552 [preauth]
May  5 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1800]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user p13x
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1982]: Successful su for rubyman by root
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1982]: + ??? root:rubyman
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331171 of user rubyman.
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1982]: pam_unix(su:session): session closed for user rubyman
May  5 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331171.
May  5 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31570]: pam_unix(cron:session): session closed for user root
May  5 02:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user samftp
May  5 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session closed for user root
May  5 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Invalid user ftpuser from 27.254.235.4
May  5 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: input_userauth_request: invalid user ftpuser [preauth]
May  5 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Failed password for invalid user ftpuser from 27.254.235.4 port 48876 ssh2
May  5 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Received disconnect from 27.254.235.4 port 48876:11: Bye Bye [preauth]
May  5 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Disconnected from 27.254.235.4 port 48876 [preauth]
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2337]: pam_unix(cron:session): session closed for user p13x
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: Successful su for rubyman by root
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: + ??? root:rubyman
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331174 of user rubyman.
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2417]: pam_unix(su:session): session closed for user rubyman
May  5 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331174.
May  5 02:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32002]: pam_unix(cron:session): session closed for user root
May  5 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session closed for user samftp
May  5 02:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  5 02:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Failed password for root from 218.92.0.232 port 40668 ssh2
May  5 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user qtss from 128.199.20.225
May  5 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user qtss [preauth]
May  5 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Failed password for root from 218.92.0.232 port 40668 ssh2
May  5 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user qtss from 128.199.20.225 port 40054 ssh2
May  5 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Received disconnect from 128.199.20.225 port 40054:11: Bye Bye [preauth]
May  5 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Disconnected from 128.199.20.225 port 40054 [preauth]
May  5 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Failed password for root from 218.92.0.232 port 40668 ssh2
May  5 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Received disconnect from 218.92.0.232 port 40668:11:  [preauth]
May  5 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: Disconnected from 218.92.0.232 port 40668 [preauth]
May  5 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2653]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  5 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  5 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Invalid user stu from 147.0.206.46
May  5 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: input_userauth_request: invalid user stu [preauth]
May  5 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for root from 218.92.0.232 port 42704 ssh2
May  5 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Failed password for invalid user stu from 147.0.206.46 port 49472 ssh2
May  5 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Received disconnect from 147.0.206.46 port 49472:11: Bye Bye [preauth]
May  5 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Disconnected from 147.0.206.46 port 49472 [preauth]
May  5 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1408]: pam_unix(cron:session): session closed for user root
May  5 02:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for root from 218.92.0.232 port 42704 ssh2
May  5 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Failed password for root from 218.92.0.232 port 42704 ssh2
May  5 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Received disconnect from 218.92.0.232 port 42704:11:  [preauth]
May  5 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: Disconnected from 218.92.0.232 port 42704 [preauth]
May  5 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2694]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  5 02:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Invalid user wartung from 81.192.46.35
May  5 02:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: input_userauth_request: invalid user wartung [preauth]
May  5 02:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Failed password for invalid user wartung from 81.192.46.35 port 58282 ssh2
May  5 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Received disconnect from 81.192.46.35 port 58282:11: Bye Bye [preauth]
May  5 02:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Disconnected from 81.192.46.35 port 58282 [preauth]
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session closed for user root
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2801]: pam_unix(cron:session): session closed for user p13x
May  5 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2874]: Successful su for rubyman by root
May  5 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2874]: + ??? root:rubyman
May  5 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331181 of user rubyman.
May  5 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2874]: pam_unix(su:session): session closed for user rubyman
May  5 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331181.
May  5 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user root
May  5 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32402]: pam_unix(cron:session): session closed for user root
May  5 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2803]: pam_unix(cron:session): session closed for user samftp
May  5 02:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session closed for user root
May  5 02:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Invalid user taibabi from 27.254.235.4
May  5 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: input_userauth_request: invalid user taibabi [preauth]
May  5 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3246]: pam_unix(cron:session): session closed for user p13x
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: Successful su for rubyman by root
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: + ??? root:rubyman
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331184 of user rubyman.
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3309]: pam_unix(su:session): session closed for user rubyman
May  5 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331184.
May  5 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Failed password for invalid user taibabi from 27.254.235.4 port 56920 ssh2
May  5 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Received disconnect from 27.254.235.4 port 56920:11: Bye Bye [preauth]
May  5 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: Disconnected from 27.254.235.4 port 56920 [preauth]
May  5 02:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session closed for user root
May  5 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3247]: pam_unix(cron:session): session closed for user samftp
May  5 02:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user root
May  5 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3698]: pam_unix(cron:session): session closed for user p13x
May  5 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3759]: Successful su for rubyman by root
May  5 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3759]: + ??? root:rubyman
May  5 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331188 of user rubyman.
May  5 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3759]: pam_unix(su:session): session closed for user rubyman
May  5 02:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331188.
May  5 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[945]: pam_unix(cron:session): session closed for user root
May  5 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3699]: pam_unix(cron:session): session closed for user samftp
May  5 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Invalid user dzfp from 165.154.14.28
May  5 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: input_userauth_request: invalid user dzfp [preauth]
May  5 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  5 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Failed password for invalid user dzfp from 165.154.14.28 port 42146 ssh2
May  5 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Received disconnect from 165.154.14.28 port 42146:11: Bye Bye [preauth]
May  5 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Disconnected from 165.154.14.28 port 42146 [preauth]
May  5 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session closed for user root
May  5 02:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Invalid user dima from 94.254.0.234
May  5 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: input_userauth_request: invalid user dima [preauth]
May  5 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 02:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Failed password for invalid user dima from 94.254.0.234 port 43502 ssh2
May  5 02:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Received disconnect from 94.254.0.234 port 43502:11: Bye Bye [preauth]
May  5 02:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4124]: Disconnected from 94.254.0.234 port 43502 [preauth]
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4139]: pam_unix(cron:session): session closed for user p13x
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: Successful su for rubyman by root
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: + ??? root:rubyman
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331193 of user rubyman.
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4198]: pam_unix(su:session): session closed for user rubyman
May  5 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331193.
May  5 02:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1407]: pam_unix(cron:session): session closed for user root
May  5 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4140]: pam_unix(cron:session): session closed for user samftp
May  5 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  5 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Failed password for root from 218.92.0.221 port 35792 ssh2
May  5 02:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 35792 ssh2]
May  5 02:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Received disconnect from 218.92.0.221 port 35792:11:  [preauth]
May  5 02:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Disconnected from 218.92.0.221 port 35792 [preauth]
May  5 02:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  5 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Failed password for root from 27.254.235.4 port 36730 ssh2
May  5 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Received disconnect from 27.254.235.4 port 36730:11: Bye Bye [preauth]
May  5 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4582]: Disconnected from 27.254.235.4 port 36730 [preauth]
May  5 02:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user root
May  5 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4702]: pam_unix(cron:session): session closed for user p13x
May  5 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4764]: Successful su for rubyman by root
May  5 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4764]: + ??? root:rubyman
May  5 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331196 of user rubyman.
May  5 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4764]: pam_unix(su:session): session closed for user rubyman
May  5 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331196.
May  5 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user root
May  5 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Invalid user test from 147.0.206.46
May  5 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: input_userauth_request: invalid user test [preauth]
May  5 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Failed password for invalid user test from 147.0.206.46 port 56122 ssh2
May  5 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Received disconnect from 147.0.206.46 port 56122:11: Bye Bye [preauth]
May  5 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Disconnected from 147.0.206.46 port 56122 [preauth]
May  5 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4703]: pam_unix(cron:session): session closed for user samftp
May  5 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5210]: Did not receive identification string from 156.227.234.187
May  5 02:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Invalid user ltc from 68.183.12.36
May  5 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: input_userauth_request: invalid user ltc [preauth]
May  5 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Failed password for invalid user ltc from 68.183.12.36 port 33796 ssh2
May  5 02:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Connection closed by 68.183.12.36 port 33796 [preauth]
May  5 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3701]: pam_unix(cron:session): session closed for user root
May  5 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Invalid user postgres from 81.192.46.35
May  5 02:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: input_userauth_request: invalid user postgres [preauth]
May  5 02:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Failed password for invalid user postgres from 81.192.46.35 port 38106 ssh2
May  5 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Received disconnect from 81.192.46.35 port 38106:11: Bye Bye [preauth]
May  5 02:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5260]: Disconnected from 81.192.46.35 port 38106 [preauth]
May  5 02:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: Invalid user hik from 128.199.20.225
May  5 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: input_userauth_request: invalid user hik [preauth]
May  5 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: Failed password for invalid user hik from 128.199.20.225 port 36224 ssh2
May  5 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: Received disconnect from 128.199.20.225 port 36224:11: Bye Bye [preauth]
May  5 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5304]: Disconnected from 128.199.20.225 port 36224 [preauth]
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5338]: pam_unix(cron:session): session closed for user root
May  5 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5332]: pam_unix(cron:session): session closed for user p13x
May  5 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5404]: Successful su for rubyman by root
May  5 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5404]: + ??? root:rubyman
May  5 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331200 of user rubyman.
May  5 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5404]: pam_unix(su:session): session closed for user rubyman
May  5 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331200.
May  5 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session closed for user root
May  5 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5334]: pam_unix(cron:session): session closed for user root
May  5 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5333]: pam_unix(cron:session): session closed for user samftp
May  5 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for root from 27.254.235.4 port 44772 ssh2
May  5 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Received disconnect from 27.254.235.4 port 44772:11: Bye Bye [preauth]
May  5 02:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Disconnected from 27.254.235.4 port 44772 [preauth]
May  5 02:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4142]: pam_unix(cron:session): session closed for user root
May  5 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5910]: pam_unix(cron:session): session closed for user p13x
May  5 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: Successful su for rubyman by root
May  5 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: + ??? root:rubyman
May  5 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331206 of user rubyman.
May  5 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5978]: pam_unix(su:session): session closed for user rubyman
May  5 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331206.
May  5 02:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session closed for user root
May  5 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5911]: pam_unix(cron:session): session closed for user samftp
May  5 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4705]: pam_unix(cron:session): session closed for user root
May  5 02:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6336]: pam_unix(cron:session): session closed for user p13x
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6396]: Successful su for rubyman by root
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6396]: + ??? root:rubyman
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331210 of user rubyman.
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6396]: pam_unix(su:session): session closed for user rubyman
May  5 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331210.
May  5 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: Failed password for root from 46.244.96.25 port 33840 ssh2
May  5 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6333]: Connection closed by 46.244.96.25 port 33840 [preauth]
May  5 02:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session closed for user root
May  5 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6338]: pam_unix(cron:session): session closed for user samftp
May  5 02:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Invalid user mark from 94.254.0.234
May  5 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: input_userauth_request: invalid user mark [preauth]
May  5 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Failed password for invalid user mark from 94.254.0.234 port 34752 ssh2
May  5 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Received disconnect from 94.254.0.234 port 34752:11: Bye Bye [preauth]
May  5 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Disconnected from 94.254.0.234 port 34752 [preauth]
May  5 02:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5336]: pam_unix(cron:session): session closed for user root
May  5 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Invalid user vasya from 27.254.235.4
May  5 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: input_userauth_request: invalid user vasya [preauth]
May  5 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Failed password for invalid user vasya from 27.254.235.4 port 52810 ssh2
May  5 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Received disconnect from 27.254.235.4 port 52810:11: Bye Bye [preauth]
May  5 02:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Disconnected from 27.254.235.4 port 52810 [preauth]
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6739]: pam_unix(cron:session): session closed for user p13x
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6808]: Successful su for rubyman by root
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6808]: + ??? root:rubyman
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331214 of user rubyman.
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6808]: pam_unix(su:session): session closed for user rubyman
May  5 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331214.
May  5 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session closed for user root
May  5 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6740]: pam_unix(cron:session): session closed for user samftp
May  5 02:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  5 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7098]: Failed password for root from 165.154.14.28 port 58080 ssh2
May  5 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7098]: Received disconnect from 165.154.14.28 port 58080:11: Bye Bye [preauth]
May  5 02:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7098]: Disconnected from 165.154.14.28 port 58080 [preauth]
May  5 02:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46  user=root
May  5 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Failed password for root from 147.0.206.46 port 34526 ssh2
May  5 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Received disconnect from 147.0.206.46 port 34526:11: Bye Bye [preauth]
May  5 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7136]: Disconnected from 147.0.206.46 port 34526 [preauth]
May  5 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5913]: pam_unix(cron:session): session closed for user root
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7256]: pam_unix(cron:session): session closed for user p13x
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: Successful su for rubyman by root
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: + ??? root:rubyman
May  5 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331219 of user rubyman.
May  5 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: pam_unix(su:session): session closed for user rubyman
May  5 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331219.
May  5 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7254]: pam_unix(cron:session): session closed for user root
May  5 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session closed for user root
May  5 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7257]: pam_unix(cron:session): session closed for user samftp
May  5 02:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Invalid user ceshi3 from 81.192.46.35
May  5 02:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: input_userauth_request: invalid user ceshi3 [preauth]
May  5 02:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Failed password for invalid user ceshi3 from 81.192.46.35 port 46164 ssh2
May  5 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Received disconnect from 81.192.46.35 port 46164:11: Bye Bye [preauth]
May  5 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7706]: Disconnected from 81.192.46.35 port 46164 [preauth]
May  5 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6340]: pam_unix(cron:session): session closed for user root
May  5 02:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Invalid user admin from 27.254.235.4
May  5 02:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: input_userauth_request: invalid user admin [preauth]
May  5 02:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Failed password for invalid user admin from 27.254.235.4 port 60852 ssh2
May  5 02:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Received disconnect from 27.254.235.4 port 60852:11: Bye Bye [preauth]
May  5 02:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Disconnected from 27.254.235.4 port 60852 [preauth]
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session closed for user root
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7864]: pam_unix(cron:session): session closed for user p13x
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7934]: Successful su for rubyman by root
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7934]: + ??? root:rubyman
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331228 of user rubyman.
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7934]: pam_unix(su:session): session closed for user rubyman
May  5 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331228.
May  5 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7866]: pam_unix(cron:session): session closed for user root
May  5 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4704]: pam_unix(cron:session): session closed for user root
May  5 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Invalid user hyh from 128.199.20.225
May  5 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: input_userauth_request: invalid user hyh [preauth]
May  5 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7865]: pam_unix(cron:session): session closed for user samftp
May  5 02:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Failed password for invalid user hyh from 128.199.20.225 port 58280 ssh2
May  5 02:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Received disconnect from 128.199.20.225 port 58280:11: Bye Bye [preauth]
May  5 02:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8093]: Disconnected from 128.199.20.225 port 58280 [preauth]
May  5 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6742]: pam_unix(cron:session): session closed for user root
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session closed for user p13x
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8400]: Successful su for rubyman by root
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8400]: + ??? root:rubyman
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331229 of user rubyman.
May  5 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8400]: pam_unix(su:session): session closed for user rubyman
May  5 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331229.
May  5 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5335]: pam_unix(cron:session): session closed for user root
May  5 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user samftp
May  5 02:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Invalid user admin from 80.94.95.112
May  5 02:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: input_userauth_request: invalid user admin [preauth]
May  5 02:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Invalid user link from 68.183.12.36
May  5 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: input_userauth_request: invalid user link [preauth]
May  5 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for invalid user admin from 80.94.95.112 port 26421 ssh2
May  5 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Failed password for invalid user link from 68.183.12.36 port 43348 ssh2
May  5 02:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Connection closed by 68.183.12.36 port 43348 [preauth]
May  5 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for invalid user admin from 80.94.95.112 port 26421 ssh2
May  5 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7260]: pam_unix(cron:session): session closed for user root
May  5 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for invalid user admin from 80.94.95.112 port 26421 ssh2
May  5 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for invalid user admin from 80.94.95.112 port 26421 ssh2
May  5 02:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Failed password for invalid user admin from 80.94.95.112 port 26421 ssh2
May  5 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Received disconnect from 80.94.95.112 port 26421:11: Bye [preauth]
May  5 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: Disconnected from 80.94.95.112 port 26421 [preauth]
May  5 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 02:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8661]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 02:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Invalid user kserge from 27.254.235.4
May  5 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: input_userauth_request: invalid user kserge [preauth]
May  5 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Failed password for invalid user kserge from 27.254.235.4 port 40662 ssh2
May  5 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Received disconnect from 27.254.235.4 port 40662:11: Bye Bye [preauth]
May  5 02:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8746]: Disconnected from 27.254.235.4 port 40662 [preauth]
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session closed for user p13x
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8833]: Successful su for rubyman by root
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8833]: + ??? root:rubyman
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331235 of user rubyman.
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8833]: pam_unix(su:session): session closed for user rubyman
May  5 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331235.
May  5 02:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5912]: pam_unix(cron:session): session closed for user root
May  5 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Failed password for root from 94.254.0.234 port 33022 ssh2
May  5 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session closed for user samftp
May  5 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Received disconnect from 94.254.0.234 port 33022:11: Bye Bye [preauth]
May  5 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8938]: Disconnected from 94.254.0.234 port 33022 [preauth]
May  5 02:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session closed for user root
May  5 02:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Invalid user mb from 147.0.206.46
May  5 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: input_userauth_request: invalid user mb [preauth]
May  5 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Failed password for invalid user mb from 147.0.206.46 port 41174 ssh2
May  5 02:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Received disconnect from 147.0.206.46 port 41174:11: Bye Bye [preauth]
May  5 02:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Disconnected from 147.0.206.46 port 41174 [preauth]
May  5 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session closed for user p13x
May  5 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: Successful su for rubyman by root
May  5 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: + ??? root:rubyman
May  5 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331237 of user rubyman.
May  5 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9365]: pam_unix(su:session): session closed for user rubyman
May  5 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331237.
May  5 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6339]: pam_unix(cron:session): session closed for user root
May  5 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session closed for user samftp
May  5 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user root
May  5 02:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Invalid user monica from 27.254.235.4
May  5 02:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: input_userauth_request: invalid user monica [preauth]
May  5 02:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Failed password for invalid user monica from 27.254.235.4 port 48702 ssh2
May  5 02:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Received disconnect from 27.254.235.4 port 48702:11: Bye Bye [preauth]
May  5 02:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Disconnected from 27.254.235.4 port 48702 [preauth]
May  5 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Invalid user dev from 81.192.46.35
May  5 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: input_userauth_request: invalid user dev [preauth]
May  5 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Failed password for invalid user dev from 81.192.46.35 port 54222 ssh2
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Received disconnect from 81.192.46.35 port 54222:11: Bye Bye [preauth]
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9697]: Disconnected from 81.192.46.35 port 54222 [preauth]
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9700]: pam_unix(cron:session): session closed for user p13x
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9776]: Successful su for rubyman by root
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9776]: + ??? root:rubyman
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331241 of user rubyman.
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9776]: pam_unix(su:session): session closed for user rubyman
May  5 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331241.
May  5 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6741]: pam_unix(cron:session): session closed for user root
May  5 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9701]: pam_unix(cron:session): session closed for user samftp
May  5 02:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  5 02:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Failed password for root from 165.154.14.28 port 48572 ssh2
May  5 02:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Received disconnect from 165.154.14.28 port 48572:11: Bye Bye [preauth]
May  5 02:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10004]: Disconnected from 165.154.14.28 port 48572 [preauth]
May  5 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session closed for user root
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session closed for user root
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10116]: pam_unix(cron:session): session closed for user p13x
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10181]: Successful su for rubyman by root
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10181]: + ??? root:rubyman
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331247 of user rubyman.
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10181]: pam_unix(su:session): session closed for user rubyman
May  5 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331247.
May  5 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10118]: pam_unix(cron:session): session closed for user root
May  5 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7259]: pam_unix(cron:session): session closed for user root
May  5 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10117]: pam_unix(cron:session): session closed for user samftp
May  5 02:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Invalid user ts3 from 128.199.20.225
May  5 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: input_userauth_request: invalid user ts3 [preauth]
May  5 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user ts3 from 128.199.20.225 port 54692 ssh2
May  5 02:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Received disconnect from 128.199.20.225 port 54692:11: Bye Bye [preauth]
May  5 02:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Disconnected from 128.199.20.225 port 54692 [preauth]
May  5 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session closed for user root
May  5 02:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10691]: pam_unix(cron:session): session closed for user p13x
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: Successful su for rubyman by root
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: + ??? root:rubyman
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331252 of user rubyman.
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: pam_unix(su:session): session closed for user rubyman
May  5 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331252.
May  5 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Failed password for root from 27.254.235.4 port 56744 ssh2
May  5 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Received disconnect from 27.254.235.4 port 56744:11: Bye Bye [preauth]
May  5 02:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Disconnected from 27.254.235.4 port 56744 [preauth]
May  5 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session closed for user root
May  5 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10692]: pam_unix(cron:session): session closed for user samftp
May  5 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  5 02:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Failed password for root from 218.92.0.227 port 20640 ssh2
May  5 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 20640 ssh2]
May  5 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Received disconnect from 218.92.0.227 port 20640:11:  [preauth]
May  5 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Disconnected from 218.92.0.227 port 20640 [preauth]
May  5 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  5 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  5 02:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 218.92.0.227 port 20644 ssh2
May  5 02:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 20644 ssh2]
May  5 02:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Received disconnect from 218.92.0.227 port 20644:11:  [preauth]
May  5 02:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Disconnected from 218.92.0.227 port 20644 [preauth]
May  5 02:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  5 02:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Failed password for root from 94.254.0.234 port 48786 ssh2
May  5 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Received disconnect from 94.254.0.234 port 48786:11: Bye Bye [preauth]
May  5 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Disconnected from 94.254.0.234 port 48786 [preauth]
May  5 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9704]: pam_unix(cron:session): session closed for user root
May  5 02:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  5 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Failed password for root from 218.92.0.227 port 32266 ssh2
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11122]: pam_unix(cron:session): session closed for user p13x
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: Successful su for rubyman by root
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: + ??? root:rubyman
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331256 of user rubyman.
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: pam_unix(su:session): session closed for user rubyman
May  5 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331256.
May  5 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Failed password for root from 218.92.0.227 port 32266 ssh2
May  5 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user root
May  5 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Failed password for root from 218.92.0.227 port 32266 ssh2
May  5 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Received disconnect from 218.92.0.227 port 32266:11:  [preauth]
May  5 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Disconnected from 218.92.0.227 port 32266 [preauth]
May  5 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  5 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11123]: pam_unix(cron:session): session closed for user samftp
May  5 02:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Invalid user user from 147.0.206.46
May  5 02:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: input_userauth_request: invalid user user [preauth]
May  5 02:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Failed password for invalid user user from 147.0.206.46 port 47826 ssh2
May  5 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Received disconnect from 147.0.206.46 port 47826:11: Bye Bye [preauth]
May  5 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11401]: Disconnected from 147.0.206.46 port 47826 [preauth]
May  5 02:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user root
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session closed for user p13x
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11592]: Successful su for rubyman by root
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11592]: + ??? root:rubyman
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331260 of user rubyman.
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11592]: pam_unix(su:session): session closed for user rubyman
May  5 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331260.
May  5 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session closed for user root
May  5 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session closed for user samftp
May  5 02:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Failed password for root from 27.254.235.4 port 36554 ssh2
May  5 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Received disconnect from 27.254.235.4 port 36554:11: Bye Bye [preauth]
May  5 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Disconnected from 27.254.235.4 port 36554 [preauth]
May  5 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Invalid user user2 from 50.235.31.47
May  5 02:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: input_userauth_request: invalid user user2 [preauth]
May  5 02:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 02:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Failed password for invalid user user2 from 50.235.31.47 port 36252 ssh2
May  5 02:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11834]: Connection closed by 50.235.31.47 port 36252 [preauth]
May  5 02:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Invalid user uni from 68.183.12.36
May  5 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: input_userauth_request: invalid user uni [preauth]
May  5 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10694]: pam_unix(cron:session): session closed for user root
May  5 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Failed password for invalid user uni from 68.183.12.36 port 58908 ssh2
May  5 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Connection closed by 68.183.12.36 port 58908 [preauth]
May  5 02:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Invalid user potok from 81.192.46.35
May  5 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: input_userauth_request: invalid user potok [preauth]
May  5 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Failed password for invalid user potok from 81.192.46.35 port 34048 ssh2
May  5 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Received disconnect from 81.192.46.35 port 34048:11: Bye Bye [preauth]
May  5 02:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Disconnected from 81.192.46.35 port 34048 [preauth]
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session closed for user p13x
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: Successful su for rubyman by root
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: + ??? root:rubyman
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331265 of user rubyman.
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: pam_unix(su:session): session closed for user rubyman
May  5 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331265.
May  5 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session closed for user root
May  5 02:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session closed for user samftp
May  5 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11125]: pam_unix(cron:session): session closed for user root
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12335]: pam_unix(cron:session): session closed for user root
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session closed for user p13x
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12398]: Successful su for rubyman by root
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12398]: + ??? root:rubyman
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331267 of user rubyman.
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12398]: pam_unix(su:session): session closed for user rubyman
May  5 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331267.
May  5 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12332]: pam_unix(cron:session): session closed for user root
May  5 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9703]: pam_unix(cron:session): session closed for user root
May  5 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12331]: pam_unix(cron:session): session closed for user samftp
May  5 02:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: Invalid user user from 27.254.235.4
May  5 02:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: input_userauth_request: invalid user user [preauth]
May  5 02:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: Failed password for invalid user user from 27.254.235.4 port 44598 ssh2
May  5 02:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: Received disconnect from 27.254.235.4 port 44598:11: Bye Bye [preauth]
May  5 02:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12629]: Disconnected from 27.254.235.4 port 44598 [preauth]
May  5 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session closed for user root
May  5 02:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Invalid user cjw from 128.199.20.225
May  5 02:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user cjw [preauth]
May  5 02:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user cjw from 128.199.20.225 port 57222 ssh2
May  5 02:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Received disconnect from 128.199.20.225 port 57222:11: Bye Bye [preauth]
May  5 02:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Disconnected from 128.199.20.225 port 57222 [preauth]
May  5 02:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Invalid user taibabi from 94.254.0.234
May  5 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: input_userauth_request: invalid user taibabi [preauth]
May  5 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 02:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Failed password for invalid user taibabi from 94.254.0.234 port 51386 ssh2
May  5 02:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Received disconnect from 94.254.0.234 port 51386:11: Bye Bye [preauth]
May  5 02:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12730]: Disconnected from 94.254.0.234 port 51386 [preauth]
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12750]: pam_unix(cron:session): session closed for user p13x
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12817]: Successful su for rubyman by root
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12817]: + ??? root:rubyman
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331274 of user rubyman.
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12817]: pam_unix(su:session): session closed for user rubyman
May  5 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331274.
May  5 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user root
May  5 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12751]: pam_unix(cron:session): session closed for user samftp
May  5 02:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session closed for user root
May  5 02:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Invalid user mami from 147.0.206.46
May  5 02:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: input_userauth_request: invalid user mami [preauth]
May  5 02:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Failed password for invalid user mami from 147.0.206.46 port 54474 ssh2
May  5 02:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Received disconnect from 147.0.206.46 port 54474:11: Bye Bye [preauth]
May  5 02:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13136]: Disconnected from 147.0.206.46 port 54474 [preauth]
May  5 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user p13x
May  5 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: Successful su for rubyman by root
May  5 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: + ??? root:rubyman
May  5 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331277 of user rubyman.
May  5 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: pam_unix(su:session): session closed for user rubyman
May  5 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331277.
May  5 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10693]: pam_unix(cron:session): session closed for user root
May  5 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session closed for user samftp
May  5 02:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Did not receive identification string from 47.96.40.217
May  5 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12334]: pam_unix(cron:session): session closed for user root
May  5 02:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Invalid user dima from 27.254.235.4
May  5 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: input_userauth_request: invalid user dima [preauth]
May  5 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Failed password for invalid user dima from 27.254.235.4 port 52640 ssh2
May  5 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Received disconnect from 27.254.235.4 port 52640:11: Bye Bye [preauth]
May  5 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13595]: Disconnected from 27.254.235.4 port 52640 [preauth]
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session closed for user p13x
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: Successful su for rubyman by root
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: + ??? root:rubyman
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331281 of user rubyman.
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: pam_unix(su:session): session closed for user rubyman
May  5 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331281.
May  5 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11124]: pam_unix(cron:session): session closed for user root
May  5 02:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session closed for user samftp
May  5 02:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12753]: pam_unix(cron:session): session closed for user root
May  5 02:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Invalid user dev from 81.192.46.35
May  5 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: input_userauth_request: invalid user dev [preauth]
May  5 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Failed password for invalid user dev from 81.192.46.35 port 42194 ssh2
May  5 02:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Received disconnect from 81.192.46.35 port 42194:11: Bye Bye [preauth]
May  5 02:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Disconnected from 81.192.46.35 port 42194 [preauth]
May  5 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session closed for user p13x
May  5 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14124]: Successful su for rubyman by root
May  5 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14124]: + ??? root:rubyman
May  5 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331287 of user rubyman.
May  5 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14124]: pam_unix(su:session): session closed for user rubyman
May  5 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331287.
May  5 02:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session closed for user root
May  5 02:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session closed for user samftp
May  5 02:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user root
May  5 02:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Did not receive identification string from 80.64.18.84
May  5 02:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Failed password for root from 27.254.235.4 port 60682 ssh2
May  5 02:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Received disconnect from 27.254.235.4 port 60682:11: Bye Bye [preauth]
May  5 02:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Disconnected from 27.254.235.4 port 60682 [preauth]
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user root
May  5 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session closed for user p13x
May  5 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: Successful su for rubyman by root
May  5 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: + ??? root:rubyman
May  5 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331290 of user rubyman.
May  5 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session closed for user rubyman
May  5 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331290.
May  5 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session closed for user root
May  5 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session closed for user root
May  5 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session closed for user samftp
May  5 02:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Invalid user taibabi from 94.254.0.234
May  5 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: input_userauth_request: invalid user taibabi [preauth]
May  5 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 02:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Failed password for invalid user taibabi from 94.254.0.234 port 60594 ssh2
May  5 02:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Received disconnect from 94.254.0.234 port 60594:11: Bye Bye [preauth]
May  5 02:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Disconnected from 94.254.0.234 port 60594 [preauth]
May  5 02:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session closed for user root
May  5 02:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: Invalid user shib from 68.183.12.36
May  5 02:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: input_userauth_request: invalid user shib [preauth]
May  5 02:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 02:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: Failed password for invalid user shib from 68.183.12.36 port 52880 ssh2
May  5 02:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14861]: Connection closed by 68.183.12.36 port 52880 [preauth]
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14909]: pam_unix(cron:session): session closed for user p13x
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14989]: Successful su for rubyman by root
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14989]: + ??? root:rubyman
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331296 of user rubyman.
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14989]: pam_unix(su:session): session closed for user rubyman
May  5 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331296.
May  5 02:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12333]: pam_unix(cron:session): session closed for user root
May  5 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14914]: pam_unix(cron:session): session closed for user samftp
May  5 02:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Connection reset by 218.92.0.218 port 54194 [preauth]
May  5 02:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Invalid user postgres from 128.199.20.225
May  5 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: input_userauth_request: invalid user postgres [preauth]
May  5 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for invalid user postgres from 128.199.20.225 port 47960 ssh2
May  5 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Received disconnect from 128.199.20.225 port 47960:11: Bye Bye [preauth]
May  5 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Disconnected from 128.199.20.225 port 47960 [preauth]
May  5 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Invalid user dima from 147.0.206.46
May  5 02:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: input_userauth_request: invalid user dima [preauth]
May  5 02:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 02:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Failed password for invalid user dima from 147.0.206.46 port 32890 ssh2
May  5 02:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Received disconnect from 147.0.206.46 port 32890:11: Bye Bye [preauth]
May  5 02:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Disconnected from 147.0.206.46 port 32890 [preauth]
May  5 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session closed for user root
May  5 02:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session closed for user p13x
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: Successful su for rubyman by root
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: + ??? root:rubyman
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331300 of user rubyman.
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15384]: pam_unix(su:session): session closed for user rubyman
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331300.
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Failed password for root from 27.254.235.4 port 40492 ssh2
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Received disconnect from 27.254.235.4 port 40492:11: Bye Bye [preauth]
May  5 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15310]: Disconnected from 27.254.235.4 port 40492 [preauth]
May  5 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12752]: pam_unix(cron:session): session closed for user root
May  5 02:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user samftp
May  5 02:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user root
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session closed for user p13x
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15771]: Successful su for rubyman by root
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15771]: + ??? root:rubyman
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331303 of user rubyman.
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15771]: pam_unix(su:session): session closed for user rubyman
May  5 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331303.
May  5 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session closed for user root
May  5 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15711]: pam_unix(cron:session): session closed for user samftp
May  5 02:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Invalid user user123 from 81.192.46.35
May  5 02:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: input_userauth_request: invalid user user123 [preauth]
May  5 02:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 02:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Failed password for invalid user user123 from 81.192.46.35 port 50250 ssh2
May  5 02:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Received disconnect from 81.192.46.35 port 50250:11: Bye Bye [preauth]
May  5 02:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15994]: Disconnected from 81.192.46.35 port 50250 [preauth]
May  5 02:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14916]: pam_unix(cron:session): session closed for user root
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user p13x
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: Successful su for rubyman by root
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: + ??? root:rubyman
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331307 of user rubyman.
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: pam_unix(su:session): session closed for user rubyman
May  5 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331307.
May  5 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session closed for user root
May  5 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user samftp
May  5 02:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  5 02:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Failed password for root from 27.254.235.4 port 48534 ssh2
May  5 02:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Received disconnect from 27.254.235.4 port 48534:11: Bye Bye [preauth]
May  5 02:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16341]: Disconnected from 27.254.235.4 port 48534 [preauth]
May  5 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15325]: pam_unix(cron:session): session closed for user root
May  5 02:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Failed password for root from 218.92.0.179 port 47909 ssh2
May  5 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 47909 ssh2]
May  5 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Received disconnect from 218.92.0.179 port 47909:11:  [preauth]
May  5 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: Disconnected from 218.92.0.179 port 47909 [preauth]
May  5 02:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16399]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 02:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 02:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Invalid user administrador from 94.254.0.234
May  5 02:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: input_userauth_request: invalid user administrador [preauth]
May  5 02:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  5 02:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 02:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user administrador from 94.254.0.234 port 44596 ssh2
May  5 02:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Received disconnect from 94.254.0.234 port 44596:11: Bye Bye [preauth]
May  5 02:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Disconnected from 94.254.0.234 port 44596 [preauth]
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16530]: pam_unix(cron:session): session closed for user root
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16526]: pam_unix(cron:session): session closed for user root
May  5 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16524]: pam_unix(cron:session): session closed for user p13x
May  5 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: Successful su for rubyman by root
May  5 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: + ??? root:rubyman
May  5 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331312 of user rubyman.
May  5 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16644]: pam_unix(su:session): session closed for user rubyman
May  5 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331312.
May  5 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16527]: pam_unix(cron:session): session closed for user root
May  5 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session closed for user root
May  5 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16525]: pam_unix(cron:session): session closed for user samftp
May  5 03:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15713]: pam_unix(cron:session): session closed for user root
May  5 03:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Invalid user postgres from 147.0.206.46
May  5 03:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: input_userauth_request: invalid user postgres [preauth]
May  5 03:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Failed password for invalid user postgres from 147.0.206.46 port 39536 ssh2
May  5 03:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Received disconnect from 147.0.206.46 port 39536:11: Bye Bye [preauth]
May  5 03:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17055]: Disconnected from 147.0.206.46 port 39536 [preauth]
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session closed for user p13x
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: Successful su for rubyman by root
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: + ??? root:rubyman
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331320 of user rubyman.
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: pam_unix(su:session): session closed for user rubyman
May  5 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331320.
May  5 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user root
May  5 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session closed for user samftp
May  5 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17339]: Did not receive identification string from 193.32.162.130
May  5 03:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Invalid user ubuntu from 27.254.235.4
May  5 03:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: input_userauth_request: invalid user ubuntu [preauth]
May  5 03:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 03:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Failed password for invalid user ubuntu from 27.254.235.4 port 56576 ssh2
May  5 03:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Received disconnect from 27.254.235.4 port 56576:11: Bye Bye [preauth]
May  5 03:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Disconnected from 27.254.235.4 port 56576 [preauth]
May  5 03:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225  user=root
May  5 03:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Failed password for root from 128.199.20.225 port 58334 ssh2
May  5 03:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Received disconnect from 128.199.20.225 port 58334:11: Bye Bye [preauth]
May  5 03:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Disconnected from 128.199.20.225 port 58334 [preauth]
May  5 03:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session closed for user root
May  5 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user p13x
May  5 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: Successful su for rubyman by root
May  5 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: + ??? root:rubyman
May  5 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331323 of user rubyman.
May  5 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: pam_unix(su:session): session closed for user rubyman
May  5 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331323.
May  5 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14915]: pam_unix(cron:session): session closed for user root
May  5 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session closed for user samftp
May  5 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16529]: pam_unix(cron:session): session closed for user root
May  5 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Invalid user xlm from 68.183.12.36
May  5 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: input_userauth_request: invalid user xlm [preauth]
May  5 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Failed password for invalid user xlm from 68.183.12.36 port 36862 ssh2
May  5 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Connection closed by 68.183.12.36 port 36862 [preauth]
May  5 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Invalid user arkserver from 164.68.105.9
May  5 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: input_userauth_request: invalid user arkserver [preauth]
May  5 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 03:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Failed password for invalid user arkserver from 164.68.105.9 port 51464 ssh2
May  5 03:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Connection closed by 164.68.105.9 port 51464 [preauth]
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session closed for user p13x
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: Successful su for rubyman by root
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: + ??? root:rubyman
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331327 of user rubyman.
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18091]: pam_unix(su:session): session closed for user rubyman
May  5 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331327.
May  5 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35  user=root
May  5 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session closed for user root
May  5 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Failed password for root from 81.192.46.35 port 58308 ssh2
May  5 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Received disconnect from 81.192.46.35 port 58308:11: Bye Bye [preauth]
May  5 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Disconnected from 81.192.46.35 port 58308 [preauth]
May  5 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session closed for user samftp
May  5 03:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Invalid user zhaomin from 27.254.235.4
May  5 03:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: input_userauth_request: invalid user zhaomin [preauth]
May  5 03:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  5 03:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Failed password for invalid user zhaomin from 27.254.235.4 port 36384 ssh2
May  5 03:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Received disconnect from 27.254.235.4 port 36384:11: Bye Bye [preauth]
May  5 03:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18332]: Disconnected from 27.254.235.4 port 36384 [preauth]
May  5 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17079]: pam_unix(cron:session): session closed for user root
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18442]: pam_unix(cron:session): session closed for user p13x
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18505]: Successful su for rubyman by root
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18505]: + ??? root:rubyman
May  5 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331330 of user rubyman.
May  5 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18505]: pam_unix(su:session): session closed for user rubyman
May  5 03:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331330.
May  5 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15712]: pam_unix(cron:session): session closed for user root
May  5 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18443]: pam_unix(cron:session): session closed for user samftp
May  5 03:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Invalid user hadoop from 94.254.0.234
May  5 03:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: input_userauth_request: invalid user hadoop [preauth]
May  5 03:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Failed password for invalid user hadoop from 94.254.0.234 port 43466 ssh2
May  5 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Received disconnect from 94.254.0.234 port 43466:11: Bye Bye [preauth]
May  5 03:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18693]: Disconnected from 94.254.0.234 port 43466 [preauth]
May  5 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17501]: pam_unix(cron:session): session closed for user root
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session closed for user root
May  5 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18854]: pam_unix(cron:session): session closed for user p13x
May  5 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: Successful su for rubyman by root
May  5 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: + ??? root:rubyman
May  5 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331337 of user rubyman.
May  5 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18924]: pam_unix(su:session): session closed for user rubyman
May  5 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331337.
May  5 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user root
May  5 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user root
May  5 03:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user samftp
May  5 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: Invalid user ssm from 147.0.206.46
May  5 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: input_userauth_request: invalid user ssm [preauth]
May  5 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: Failed password for invalid user ssm from 147.0.206.46 port 46180 ssh2
May  5 03:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: Received disconnect from 147.0.206.46 port 46180:11: Bye Bye [preauth]
May  5 03:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19166]: Disconnected from 147.0.206.46 port 46180 [preauth]
May  5 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user root
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session closed for user p13x
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19363]: Successful su for rubyman by root
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19363]: + ??? root:rubyman
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331341 of user rubyman.
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19363]: pam_unix(su:session): session closed for user rubyman
May  5 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331341.
May  5 03:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16528]: pam_unix(cron:session): session closed for user root
May  5 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user samftp
May  5 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session closed for user root
May  5 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: User mysql from 128.199.20.225 not allowed because not listed in AllowUsers
May  5 03:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: input_userauth_request: invalid user mysql [preauth]
May  5 03:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225  user=mysql
May  5 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Failed password for invalid user mysql from 128.199.20.225 port 52478 ssh2
May  5 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Received disconnect from 128.199.20.225 port 52478:11: Bye Bye [preauth]
May  5 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Disconnected from 128.199.20.225 port 52478 [preauth]
May  5 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19716]: pam_unix(cron:session): session closed for user p13x
May  5 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19777]: Successful su for rubyman by root
May  5 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19777]: + ??? root:rubyman
May  5 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331344 of user rubyman.
May  5 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19777]: pam_unix(su:session): session closed for user rubyman
May  5 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331344.
May  5 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17077]: pam_unix(cron:session): session closed for user root
May  5 03:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19717]: pam_unix(cron:session): session closed for user samftp
May  5 03:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
May  5 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: Invalid user user from 81.192.46.35
May  5 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: input_userauth_request: invalid user user [preauth]
May  5 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 03:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: Failed password for invalid user user from 81.192.46.35 port 38132 ssh2
May  5 03:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: Received disconnect from 81.192.46.35 port 38132:11: Bye Bye [preauth]
May  5 03:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20111]: Disconnected from 81.192.46.35 port 38132 [preauth]
May  5 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session closed for user p13x
May  5 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20192]: Successful su for rubyman by root
May  5 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20192]: + ??? root:rubyman
May  5 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331349 of user rubyman.
May  5 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20192]: pam_unix(su:session): session closed for user rubyman
May  5 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331349.
May  5 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17500]: pam_unix(cron:session): session closed for user root
May  5 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20132]: pam_unix(cron:session): session closed for user samftp
May  5 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user root
May  5 03:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Invalid user test from 94.254.0.234
May  5 03:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: input_userauth_request: invalid user test [preauth]
May  5 03:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Failed password for invalid user test from 94.254.0.234 port 51628 ssh2
May  5 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Received disconnect from 94.254.0.234 port 51628:11: Bye Bye [preauth]
May  5 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20464]: Disconnected from 94.254.0.234 port 51628 [preauth]
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session closed for user p13x
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: Successful su for rubyman by root
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: + ??? root:rubyman
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331354 of user rubyman.
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20637]: pam_unix(su:session): session closed for user rubyman
May  5 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331354.
May  5 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session closed for user root
May  5 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session closed for user root
May  5 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session closed for user samftp
May  5 03:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19719]: pam_unix(cron:session): session closed for user root
May  5 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Invalid user debian from 147.0.206.46
May  5 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: input_userauth_request: invalid user debian [preauth]
May  5 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Failed password for invalid user debian from 147.0.206.46 port 52828 ssh2
May  5 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Received disconnect from 147.0.206.46 port 52828:11: Bye Bye [preauth]
May  5 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Disconnected from 147.0.206.46 port 52828 [preauth]
May  5 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Invalid user avax from 68.183.12.36
May  5 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: input_userauth_request: invalid user avax [preauth]
May  5 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Failed password for invalid user avax from 68.183.12.36 port 50362 ssh2
May  5 03:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21013]: Connection closed by 68.183.12.36 port 50362 [preauth]
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session closed for user root
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21024]: pam_unix(cron:session): session closed for user p13x
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21097]: Successful su for rubyman by root
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21097]: + ??? root:rubyman
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331359 of user rubyman.
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21097]: pam_unix(su:session): session closed for user rubyman
May  5 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331359.
May  5 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21027]: pam_unix(cron:session): session closed for user root
May  5 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18444]: pam_unix(cron:session): session closed for user root
May  5 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21026]: pam_unix(cron:session): session closed for user samftp
May  5 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20134]: pam_unix(cron:session): session closed for user root
May  5 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user p13x
May  5 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: Successful su for rubyman by root
May  5 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: + ??? root:rubyman
May  5 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331364 of user rubyman.
May  5 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: pam_unix(su:session): session closed for user rubyman
May  5 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331364.
May  5 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
May  5 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21503]: pam_unix(cron:session): session closed for user samftp
May  5 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20532]: pam_unix(cron:session): session closed for user root
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22240]: pam_unix(cron:session): session closed for user p13x
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: Successful su for rubyman by root
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: + ??? root:rubyman
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331368 of user rubyman.
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22318]: pam_unix(su:session): session closed for user rubyman
May  5 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331368.
May  5 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session closed for user root
May  5 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22245]: pam_unix(cron:session): session closed for user samftp
May  5 03:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Invalid user potok from 128.199.20.225
May  5 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: input_userauth_request: invalid user potok [preauth]
May  5 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Failed password for invalid user potok from 128.199.20.225 port 49940 ssh2
May  5 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Received disconnect from 128.199.20.225 port 49940:11: Bye Bye [preauth]
May  5 03:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22585]: Disconnected from 128.199.20.225 port 49940 [preauth]
May  5 03:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21029]: pam_unix(cron:session): session closed for user root
May  5 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35  user=root
May  5 03:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Failed password for root from 81.192.46.35 port 46190 ssh2
May  5 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Received disconnect from 81.192.46.35 port 46190:11: Bye Bye [preauth]
May  5 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Disconnected from 81.192.46.35 port 46190 [preauth]
May  5 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: Failed password for root from 218.92.0.179 port 23891 ssh2
May  5 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23891 ssh2]
May  5 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: Received disconnect from 218.92.0.179 port 23891:11:  [preauth]
May  5 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: Disconnected from 218.92.0.179 port 23891 [preauth]
May  5 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22682]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22706]: pam_unix(cron:session): session closed for user p13x
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Invalid user stafi from 94.254.0.234
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: input_userauth_request: invalid user stafi [preauth]
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: Successful su for rubyman by root
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: + ??? root:rubyman
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331372 of user rubyman.
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22777]: pam_unix(su:session): session closed for user rubyman
May  5 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331372.
May  5 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Failed password for invalid user stafi from 94.254.0.234 port 37118 ssh2
May  5 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Received disconnect from 94.254.0.234 port 37118:11: Bye Bye [preauth]
May  5 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Disconnected from 94.254.0.234 port 37118 [preauth]
May  5 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19718]: pam_unix(cron:session): session closed for user root
May  5 03:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22707]: pam_unix(cron:session): session closed for user samftp
May  5 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21505]: pam_unix(cron:session): session closed for user root
May  5 03:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Invalid user Mohammed from 80.94.95.241
May  5 03:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: input_userauth_request: invalid user Mohammed [preauth]
May  5 03:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Failed password for invalid user Mohammed from 80.94.95.241 port 52056 ssh2
May  5 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session closed for user p13x
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: Successful su for rubyman by root
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: + ??? root:rubyman
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331377 of user rubyman.
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23243]: pam_unix(su:session): session closed for user rubyman
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331377.
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Failed password for invalid user Mohammed from 80.94.95.241 port 52056 ssh2
May  5 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Failed password for invalid user Mohammed from 80.94.95.241 port 52056 ssh2
May  5 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20133]: pam_unix(cron:session): session closed for user root
May  5 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23170]: pam_unix(cron:session): session closed for user samftp
May  5 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Failed password for invalid user Mohammed from 80.94.95.241 port 52056 ssh2
May  5 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Failed password for invalid user Mohammed from 80.94.95.241 port 52056 ssh2
May  5 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Received disconnect from 80.94.95.241 port 52056:11: Bye [preauth]
May  5 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: Disconnected from 80.94.95.241 port 52056 [preauth]
May  5 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23156]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Invalid user mahendra from 147.0.206.46
May  5 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: input_userauth_request: invalid user mahendra [preauth]
May  5 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Failed password for invalid user mahendra from 147.0.206.46 port 59476 ssh2
May  5 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Received disconnect from 147.0.206.46 port 59476:11: Bye Bye [preauth]
May  5 03:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Disconnected from 147.0.206.46 port 59476 [preauth]
May  5 03:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user root
May  5 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23679]: pam_unix(cron:session): session closed for user root
May  5 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23674]: pam_unix(cron:session): session closed for user p13x
May  5 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: Successful su for rubyman by root
May  5 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: + ??? root:rubyman
May  5 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331383 of user rubyman.
May  5 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: pam_unix(su:session): session closed for user rubyman
May  5 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331383.
May  5 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session closed for user root
May  5 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session closed for user root
May  5 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23675]: pam_unix(cron:session): session closed for user samftp
May  5 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user root
May  5 03:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24235]: pam_unix(cron:session): session closed for user p13x
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: Successful su for rubyman by root
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: + ??? root:rubyman
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331387 of user rubyman.
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24315]: pam_unix(su:session): session closed for user rubyman
May  5 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331387.
May  5 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21028]: pam_unix(cron:session): session closed for user root
May  5 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24236]: pam_unix(cron:session): session closed for user samftp
May  5 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session closed for user root
May  5 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Invalid user matic from 68.183.12.36
May  5 03:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: input_userauth_request: invalid user matic [preauth]
May  5 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Failed password for invalid user matic from 68.183.12.36 port 44330 ssh2
May  5 03:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Connection closed by 68.183.12.36 port 44330 [preauth]
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session closed for user root
May  5 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session closed for user p13x
May  5 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24754]: Successful su for rubyman by root
May  5 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24754]: + ??? root:rubyman
May  5 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331389 of user rubyman.
May  5 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24754]: pam_unix(su:session): session closed for user rubyman
May  5 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331389.
May  5 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21504]: pam_unix(cron:session): session closed for user root
May  5 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24692]: pam_unix(cron:session): session closed for user samftp
May  5 03:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24902]: Connection closed by 46.244.96.25 port 46978 [preauth]
May  5 03:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 03:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Failed password for root from 46.244.96.25 port 46980 ssh2
May  5 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24954]: Connection closed by 46.244.96.25 port 46980 [preauth]
May  5 03:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 03:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Failed password for root from 94.254.0.234 port 34342 ssh2
May  5 03:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Received disconnect from 94.254.0.234 port 34342:11: Bye Bye [preauth]
May  5 03:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Disconnected from 94.254.0.234 port 34342 [preauth]
May  5 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23678]: pam_unix(cron:session): session closed for user root
May  5 03:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: User mysql from 81.192.46.35 not allowed because not listed in AllowUsers
May  5 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: input_userauth_request: invalid user mysql [preauth]
May  5 03:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35  user=mysql
May  5 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Failed password for invalid user mysql from 81.192.46.35 port 54250 ssh2
May  5 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Received disconnect from 81.192.46.35 port 54250:11: Bye Bye [preauth]
May  5 03:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25056]: Disconnected from 81.192.46.35 port 54250 [preauth]
May  5 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: Invalid user srun from 128.199.20.225
May  5 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: input_userauth_request: invalid user srun [preauth]
May  5 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 03:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: Failed password for invalid user srun from 128.199.20.225 port 33174 ssh2
May  5 03:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: Received disconnect from 128.199.20.225 port 33174:11: Bye Bye [preauth]
May  5 03:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25074]: Disconnected from 128.199.20.225 port 33174 [preauth]
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25107]: pam_unix(cron:session): session closed for user p13x
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25173]: Successful su for rubyman by root
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25173]: + ??? root:rubyman
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331395 of user rubyman.
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25173]: pam_unix(su:session): session closed for user rubyman
May  5 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331395.
May  5 03:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session closed for user root
May  5 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25108]: pam_unix(cron:session): session closed for user samftp
May  5 03:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  5 03:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: Failed password for root from 218.92.0.235 port 57356 ssh2
May  5 03:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24239]: pam_unix(cron:session): session closed for user root
May  5 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Invalid user pdx from 199.188.103.179
May  5 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: input_userauth_request: invalid user pdx [preauth]
May  5 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179
May  5 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Failed password for invalid user pdx from 199.188.103.179 port 55126 ssh2
May  5 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Connection closed by 199.188.103.179 port 55126 [preauth]
May  5 03:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Invalid user tester from 147.0.206.46
May  5 03:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: input_userauth_request: invalid user tester [preauth]
May  5 03:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25520]: pam_unix(cron:session): session closed for user p13x
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: Successful su for rubyman by root
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: + ??? root:rubyman
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331400 of user rubyman.
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25597]: pam_unix(su:session): session closed for user rubyman
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331400.
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Failed password for invalid user tester from 147.0.206.46 port 37896 ssh2
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Received disconnect from 147.0.206.46 port 37896:11: Bye Bye [preauth]
May  5 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Disconnected from 147.0.206.46 port 37896 [preauth]
May  5 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session closed for user root
May  5 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25521]: pam_unix(cron:session): session closed for user samftp
May  5 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: Invalid user ttuser from 164.68.105.9
May  5 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: input_userauth_request: invalid user ttuser [preauth]
May  5 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: Failed password for invalid user ttuser from 164.68.105.9 port 55552 ssh2
May  5 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25837]: Connection closed by 164.68.105.9 port 55552 [preauth]
May  5 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24694]: pam_unix(cron:session): session closed for user root
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25935]: pam_unix(cron:session): session closed for user root
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25930]: pam_unix(cron:session): session closed for user p13x
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26001]: Successful su for rubyman by root
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26001]: + ??? root:rubyman
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331404 of user rubyman.
May  5 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26001]: pam_unix(su:session): session closed for user rubyman
May  5 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331404.
May  5 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session closed for user root
May  5 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23171]: pam_unix(cron:session): session closed for user root
May  5 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user samftp
May  5 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user root
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session closed for user p13x
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26433]: Successful su for rubyman by root
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26433]: + ??? root:rubyman
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331409 of user rubyman.
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26433]: pam_unix(su:session): session closed for user rubyman
May  5 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331409.
May  5 03:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session closed for user root
May  5 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session closed for user samftp
May  5 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session closed for user root
May  5 03:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Invalid user localadmin from 94.254.0.234
May  5 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: input_userauth_request: invalid user localadmin [preauth]
May  5 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Failed password for invalid user localadmin from 94.254.0.234 port 58586 ssh2
May  5 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Received disconnect from 94.254.0.234 port 58586:11: Bye Bye [preauth]
May  5 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Disconnected from 94.254.0.234 port 58586 [preauth]
May  5 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26839]: pam_unix(cron:session): session closed for user p13x
May  5 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26918]: Successful su for rubyman by root
May  5 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26918]: + ??? root:rubyman
May  5 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331413 of user rubyman.
May  5 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26918]: pam_unix(su:session): session closed for user rubyman
May  5 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331413.
May  5 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24238]: pam_unix(cron:session): session closed for user root
May  5 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Did not receive identification string from 8.222.190.17
May  5 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session closed for user samftp
May  5 03:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Invalid user hy from 81.192.46.35
May  5 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: input_userauth_request: invalid user hy [preauth]
May  5 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.46.35
May  5 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25934]: pam_unix(cron:session): session closed for user root
May  5 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Failed password for invalid user hy from 81.192.46.35 port 34076 ssh2
May  5 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Received disconnect from 81.192.46.35 port 34076:11: Bye Bye [preauth]
May  5 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27225]: Disconnected from 81.192.46.35 port 34076 [preauth]
May  5 03:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27272]: Connection closed by 138.68.130.42 port 48460 [preauth]
May  5 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27322]: pam_unix(cron:session): session closed for user p13x
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: Successful su for rubyman by root
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: + ??? root:rubyman
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331416 of user rubyman.
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: pam_unix(su:session): session closed for user rubyman
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331416.
May  5 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225  user=root
May  5 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24693]: pam_unix(cron:session): session closed for user root
May  5 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27323]: pam_unix(cron:session): session closed for user samftp
May  5 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: Failed password for root from 128.199.20.225 port 39662 ssh2
May  5 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: Received disconnect from 128.199.20.225 port 39662:11: Bye Bye [preauth]
May  5 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27497]: Disconnected from 128.199.20.225 port 39662 [preauth]
May  5 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Invalid user marcel from 147.0.206.46
May  5 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: input_userauth_request: invalid user marcel [preauth]
May  5 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for invalid user marcel from 147.0.206.46 port 44536 ssh2
May  5 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Received disconnect from 147.0.206.46 port 44536:11: Bye Bye [preauth]
May  5 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Disconnected from 147.0.206.46 port 44536 [preauth]
May  5 03:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session closed for user root
May  5 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27772]: pam_unix(cron:session): session closed for user p13x
May  5 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27837]: Successful su for rubyman by root
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27837]: + ??? root:rubyman
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331421 of user rubyman.
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27837]: pam_unix(su:session): session closed for user rubyman
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331421.
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Invalid user ftm from 68.183.12.36
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: input_userauth_request: invalid user ftm [preauth]
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user root
May  5 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Failed password for invalid user ftm from 68.183.12.36 port 52088 ssh2
May  5 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Connection closed by 68.183.12.36 port 52088 [preauth]
May  5 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27773]: pam_unix(cron:session): session closed for user samftp
May  5 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session closed for user root
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session closed for user root
May  5 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session closed for user p13x
May  5 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: Successful su for rubyman by root
May  5 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: + ??? root:rubyman
May  5 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331427 of user rubyman.
May  5 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28250]: pam_unix(su:session): session closed for user rubyman
May  5 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331427.
May  5 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user root
May  5 03:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28178]: pam_unix(cron:session): session closed for user root
May  5 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session closed for user samftp
May  5 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Invalid user yaoye from 176.31.162.135
May  5 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: input_userauth_request: invalid user yaoye [preauth]
May  5 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Failed password for invalid user yaoye from 176.31.162.135 port 42396 ssh2
May  5 03:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Connection closed by 176.31.162.135 port 42396 [preauth]
May  5 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session closed for user root
May  5 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28605]: pam_unix(cron:session): session closed for user p13x
May  5 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: Successful su for rubyman by root
May  5 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: + ??? root:rubyman
May  5 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331430 of user rubyman.
May  5 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28679]: pam_unix(su:session): session closed for user rubyman
May  5 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331430.
May  5 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25933]: pam_unix(cron:session): session closed for user root
May  5 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28606]: pam_unix(cron:session): session closed for user samftp
May  5 03:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 03:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: Failed password for root from 94.254.0.234 port 51740 ssh2
May  5 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: Received disconnect from 94.254.0.234 port 51740:11: Bye Bye [preauth]
May  5 03:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28924]: Disconnected from 94.254.0.234 port 51740 [preauth]
May  5 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27775]: pam_unix(cron:session): session closed for user root
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29074]: pam_unix(cron:session): session closed for user p13x
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: Successful su for rubyman by root
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: + ??? root:rubyman
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331434 of user rubyman.
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29176]: pam_unix(su:session): session closed for user rubyman
May  5 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331434.
May  5 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user root
May  5 03:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29075]: pam_unix(cron:session): session closed for user samftp
May  5 03:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session closed for user root
May  5 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Invalid user user from 147.0.206.46
May  5 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: input_userauth_request: invalid user user [preauth]
May  5 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Failed password for invalid user user from 147.0.206.46 port 51176 ssh2
May  5 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Received disconnect from 147.0.206.46 port 51176:11: Bye Bye [preauth]
May  5 03:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29480]: Disconnected from 147.0.206.46 port 51176 [preauth]
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session closed for user p13x
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29590]: Successful su for rubyman by root
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29590]: + ??? root:rubyman
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331439 of user rubyman.
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29590]: pam_unix(su:session): session closed for user rubyman
May  5 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331439.
May  5 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session closed for user root
May  5 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session closed for user samftp
May  5 03:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Invalid user user from 128.199.20.225
May  5 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: input_userauth_request: invalid user user [preauth]
May  5 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Failed password for invalid user user from 128.199.20.225 port 39508 ssh2
May  5 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Received disconnect from 128.199.20.225 port 39508:11: Bye Bye [preauth]
May  5 03:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29805]: Disconnected from 128.199.20.225 port 39508 [preauth]
May  5 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28608]: pam_unix(cron:session): session closed for user root
May  5 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 03:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: Failed password for root from 190.103.202.7 port 45044 ssh2
May  5 03:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: Connection closed by 190.103.202.7 port 45044 [preauth]
May  5 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session closed for user p13x
May  5 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30005]: Successful su for rubyman by root
May  5 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30005]: + ??? root:rubyman
May  5 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331443 of user rubyman.
May  5 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30005]: pam_unix(su:session): session closed for user rubyman
May  5 03:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331443.
May  5 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27324]: pam_unix(cron:session): session closed for user root
May  5 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user samftp
May  5 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session closed for user root
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session closed for user root
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session closed for user p13x
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30401]: Successful su for rubyman by root
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30401]: + ??? root:rubyman
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331447 of user rubyman.
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30401]: pam_unix(su:session): session closed for user rubyman
May  5 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331447.
May  5 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30334]: pam_unix(cron:session): session closed for user root
May  5 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27774]: pam_unix(cron:session): session closed for user root
May  5 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30333]: pam_unix(cron:session): session closed for user samftp
May  5 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29528]: pam_unix(cron:session): session closed for user root
May  5 03:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: Invalid user user5 from 94.254.0.234
May  5 03:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: input_userauth_request: invalid user user5 [preauth]
May  5 03:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: Failed password for invalid user user5 from 94.254.0.234 port 40918 ssh2
May  5 03:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: Received disconnect from 94.254.0.234 port 40918:11: Bye Bye [preauth]
May  5 03:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30747]: Disconnected from 94.254.0.234 port 40918 [preauth]
May  5 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30758]: pam_unix(cron:session): session closed for user p13x
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: Successful su for rubyman by root
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: + ??? root:rubyman
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331453 of user rubyman.
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30825]: pam_unix(su:session): session closed for user rubyman
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331453.
May  5 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Invalid user vet from 68.183.12.36
May  5 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: input_userauth_request: invalid user vet [preauth]
May  5 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28179]: pam_unix(cron:session): session closed for user root
May  5 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Failed password for invalid user vet from 68.183.12.36 port 34760 ssh2
May  5 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30860]: Connection closed by 68.183.12.36 port 34760 [preauth]
May  5 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30759]: pam_unix(cron:session): session closed for user samftp
May  5 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29943]: pam_unix(cron:session): session closed for user root
May  5 03:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  5 03:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Failed password for root from 218.92.0.207 port 2180 ssh2
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 2180 ssh2]
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 2180 ssh2 [preauth]
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: Disconnecting: Too many authentication failures [preauth]
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31140]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session closed for user p13x
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31237]: Successful su for rubyman by root
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31237]: + ??? root:rubyman
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331457 of user rubyman.
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31237]: pam_unix(su:session): session closed for user rubyman
May  5 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331457.
May  5 03:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28607]: pam_unix(cron:session): session closed for user root
May  5 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user samftp
May  5 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Invalid user gs from 147.0.206.46
May  5 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: input_userauth_request: invalid user gs [preauth]
May  5 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.0.206.46
May  5 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Failed password for invalid user gs from 147.0.206.46 port 57830 ssh2
May  5 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Received disconnect from 147.0.206.46 port 57830:11: Bye Bye [preauth]
May  5 03:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31458]: Disconnected from 147.0.206.46 port 57830 [preauth]
May  5 03:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30336]: pam_unix(cron:session): session closed for user root
May  5 03:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for root from 218.92.0.179 port 20559 ssh2
May  5 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20559 ssh2]
May  5 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Received disconnect from 218.92.0.179 port 20559:11:  [preauth]
May  5 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Disconnected from 218.92.0.179 port 20559 [preauth]
May  5 03:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session closed for user p13x
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31648]: Successful su for rubyman by root
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31648]: + ??? root:rubyman
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331460 of user rubyman.
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31648]: pam_unix(su:session): session closed for user rubyman
May  5 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331460.
May  5 03:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29079]: pam_unix(cron:session): session closed for user root
May  5 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session closed for user samftp
May  5 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30761]: pam_unix(cron:session): session closed for user root
May  5 03:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Invalid user dev01 from 128.199.20.225
May  5 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: input_userauth_request: invalid user dev01 [preauth]
May  5 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Failed password for invalid user dev01 from 128.199.20.225 port 48326 ssh2
May  5 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Received disconnect from 128.199.20.225 port 48326:11: Bye Bye [preauth]
May  5 03:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31958]: Disconnected from 128.199.20.225 port 48326 [preauth]
May  5 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32007]: pam_unix(cron:session): session closed for user p13x
May  5 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: Successful su for rubyman by root
May  5 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: + ??? root:rubyman
May  5 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331464 of user rubyman.
May  5 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session closed for user rubyman
May  5 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331464.
May  5 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29527]: pam_unix(cron:session): session closed for user root
May  5 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32009]: pam_unix(cron:session): session closed for user samftp
May  5 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session closed for user root
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session closed for user root
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32403]: pam_unix(cron:session): session closed for user p13x
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: Successful su for rubyman by root
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: + ??? root:rubyman
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331471 of user rubyman.
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32476]: pam_unix(su:session): session closed for user rubyman
May  5 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331471.
May  5 03:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32405]: pam_unix(cron:session): session closed for user root
May  5 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29941]: pam_unix(cron:session): session closed for user root
May  5 03:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32404]: pam_unix(cron:session): session closed for user samftp
May  5 03:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: Invalid user zhliu from 94.254.0.234
May  5 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: input_userauth_request: invalid user zhliu [preauth]
May  5 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: Failed password for invalid user zhliu from 94.254.0.234 port 33666 ssh2
May  5 03:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: Received disconnect from 94.254.0.234 port 33666:11: Bye Bye [preauth]
May  5 03:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[346]: Disconnected from 94.254.0.234 port 33666 [preauth]
May  5 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session closed for user root
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[509]: pam_unix(cron:session): session closed for user p13x
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: Successful su for rubyman by root
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: + ??? root:rubyman
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331475 of user rubyman.
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: pam_unix(su:session): session closed for user rubyman
May  5 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331475.
May  5 03:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30335]: pam_unix(cron:session): session closed for user root
May  5 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[510]: pam_unix(cron:session): session closed for user samftp
May  5 03:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 03:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: Failed password for root from 80.94.95.125 port 58873 ssh2
May  5 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 58873 ssh2]
May  5 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: Received disconnect from 80.94.95.125 port 58873:11: Bye [preauth]
May  5 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: Disconnected from 80.94.95.125 port 58873 [preauth]
May  5 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[831]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32011]: pam_unix(cron:session): session closed for user root
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session closed for user p13x
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: Successful su for rubyman by root
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: + ??? root:rubyman
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331479 of user rubyman.
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session closed for user rubyman
May  5 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331479.
May  5 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30760]: pam_unix(cron:session): session closed for user root
May  5 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user samftp
May  5 03:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session closed for user root
May  5 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Invalid user ubnt from 80.94.95.125
May  5 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: input_userauth_request: invalid user ubnt [preauth]
May  5 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 03:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for invalid user ubnt from 80.94.95.125 port 62059 ssh2
May  5 03:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for invalid user ubnt from 80.94.95.125 port 62059 ssh2
May  5 03:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for invalid user ubnt from 80.94.95.125 port 62059 ssh2
May  5 03:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for invalid user ubnt from 80.94.95.125 port 62059 ssh2
May  5 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for invalid user ubnt from 80.94.95.125 port 62059 ssh2
May  5 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Received disconnect from 80.94.95.125 port 62059:11: Bye [preauth]
May  5 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Disconnected from 80.94.95.125 port 62059 [preauth]
May  5 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 03:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1397]: pam_unix(cron:session): session closed for user p13x
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: Successful su for rubyman by root
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: + ??? root:rubyman
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331483 of user rubyman.
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: pam_unix(su:session): session closed for user rubyman
May  5 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331483.
May  5 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session closed for user root
May  5 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session closed for user samftp
May  5 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Invalid user eos from 68.183.12.36
May  5 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: input_userauth_request: invalid user eos [preauth]
May  5 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 218.92.0.179 port 15713 ssh2
May  5 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Failed password for invalid user eos from 68.183.12.36 port 53622 ssh2
May  5 03:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Connection closed by 68.183.12.36 port 53622 [preauth]
May  5 03:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 218.92.0.179 port 15713 ssh2
May  5 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Failed password for root from 218.92.0.179 port 15713 ssh2
May  5 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Received disconnect from 218.92.0.179 port 15713:11:  [preauth]
May  5 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: Disconnected from 218.92.0.179 port 15713 [preauth]
May  5 03:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1656]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[512]: pam_unix(cron:session): session closed for user root
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1850]: pam_unix(cron:session): session closed for user p13x
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: Successful su for rubyman by root
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: + ??? root:rubyman
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331489 of user rubyman.
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: pam_unix(su:session): session closed for user rubyman
May  5 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331489.
May  5 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1848]: pam_unix(cron:session): session closed for user root
May  5 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session closed for user root
May  5 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session closed for user samftp
May  5 03:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Invalid user zyserver from 128.199.20.225
May  5 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: input_userauth_request: invalid user zyserver [preauth]
May  5 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.20.225
May  5 03:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Failed password for invalid user zyserver from 128.199.20.225 port 59620 ssh2
May  5 03:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Received disconnect from 128.199.20.225 port 59620:11: Bye Bye [preauth]
May  5 03:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2274]: Disconnected from 128.199.20.225 port 59620 [preauth]
May  5 03:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session closed for user root
May  5 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Invalid user tim from 94.254.0.234
May  5 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: input_userauth_request: invalid user tim [preauth]
May  5 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Failed password for invalid user tim from 94.254.0.234 port 55322 ssh2
May  5 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Received disconnect from 94.254.0.234 port 55322:11: Bye Bye [preauth]
May  5 03:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2394]: Disconnected from 94.254.0.234 port 55322 [preauth]
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2457]: pam_unix(cron:session): session closed for user root
May  5 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session closed for user p13x
May  5 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: Successful su for rubyman by root
May  5 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: + ??? root:rubyman
May  5 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331495 of user rubyman.
May  5 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2525]: pam_unix(su:session): session closed for user rubyman
May  5 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331495.
May  5 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32010]: pam_unix(cron:session): session closed for user root
May  5 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session closed for user root
May  5 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user samftp
May  5 03:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1400]: pam_unix(cron:session): session closed for user root
May  5 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user p13x
May  5 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: Successful su for rubyman by root
May  5 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: + ??? root:rubyman
May  5 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331497 of user rubyman.
May  5 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: pam_unix(su:session): session closed for user rubyman
May  5 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331497.
May  5 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session closed for user root
May  5 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session closed for user samftp
May  5 03:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user root
May  5 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3319]: pam_unix(cron:session): session closed for user p13x
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3395]: Successful su for rubyman by root
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3395]: + ??? root:rubyman
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331502 of user rubyman.
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3395]: pam_unix(su:session): session closed for user rubyman
May  5 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331502.
May  5 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session closed for user root
May  5 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3320]: pam_unix(cron:session): session closed for user samftp
May  5 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2455]: pam_unix(cron:session): session closed for user root
May  5 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: Failed password for root from 176.31.162.135 port 44420 ssh2
May  5 03:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: Connection closed by 176.31.162.135 port 44420 [preauth]
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session closed for user p13x
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: Successful su for rubyman by root
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: + ??? root:rubyman
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331506 of user rubyman.
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3841]: pam_unix(su:session): session closed for user rubyman
May  5 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331506.
May  5 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session closed for user root
May  5 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session closed for user samftp
May  5 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user root
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user p13x
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4420]: Successful su for rubyman by root
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4420]: + ??? root:rubyman
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331509 of user rubyman.
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4420]: pam_unix(su:session): session closed for user rubyman
May  5 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331509.
May  5 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session closed for user root
May  5 03:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session closed for user samftp
May  5 03:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Invalid user rancid from 94.254.0.234
May  5 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: input_userauth_request: invalid user rancid [preauth]
May  5 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Failed password for invalid user rancid from 94.254.0.234 port 39054 ssh2
May  5 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Received disconnect from 94.254.0.234 port 39054:11: Bye Bye [preauth]
May  5 03:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4646]: Disconnected from 94.254.0.234 port 39054 [preauth]
May  5 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3322]: pam_unix(cron:session): session closed for user root
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session closed for user root
May  5 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user p13x
May  5 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: Successful su for rubyman by root
May  5 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: + ??? root:rubyman
May  5 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331516 of user rubyman.
May  5 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: pam_unix(su:session): session closed for user rubyman
May  5 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331516.
May  5 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session closed for user root
May  5 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user root
May  5 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4777]: pam_unix(cron:session): session closed for user samftp
May  5 03:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Invalid user theta from 68.183.12.36
May  5 03:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: input_userauth_request: invalid user theta [preauth]
May  5 03:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Failed password for invalid user theta from 68.183.12.36 port 42818 ssh2
May  5 03:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Connection closed by 68.183.12.36 port 42818 [preauth]
May  5 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user root
May  5 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5420]: pam_unix(cron:session): session closed for user p13x
May  5 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: Successful su for rubyman by root
May  5 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: + ??? root:rubyman
May  5 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331520 of user rubyman.
May  5 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5501]: pam_unix(su:session): session closed for user rubyman
May  5 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331520.
May  5 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session closed for user root
May  5 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5421]: pam_unix(cron:session): session closed for user samftp
May  5 03:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4213]: pam_unix(cron:session): session closed for user root
May  5 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  5 03:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Failed password for root from 193.70.84.184 port 37964 ssh2
May  5 03:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Connection reset by 198.235.24.167 port 65252 [preauth]
May  5 03:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5914]: Connection closed by 193.70.84.184 port 37964 [preauth]
May  5 03:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Invalid user admin from 139.19.117.131
May  5 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: input_userauth_request: invalid user admin [preauth]
May  5 03:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Connection closed by 139.19.117.131 port 57958 [preauth]
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session closed for user p13x
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: Successful su for rubyman by root
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: + ??? root:rubyman
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331524 of user rubyman.
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: pam_unix(su:session): session closed for user rubyman
May  5 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331524.
May  5 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user root
May  5 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user samftp
May  5 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session closed for user root
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user p13x
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: Successful su for rubyman by root
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: + ??? root:rubyman
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331527 of user rubyman.
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session closed for user rubyman
May  5 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331527.
May  5 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session closed for user root
May  5 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session closed for user samftp
May  5 03:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5423]: pam_unix(cron:session): session closed for user root
May  5 03:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 03:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Failed password for root from 94.254.0.234 port 44578 ssh2
May  5 03:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Received disconnect from 94.254.0.234 port 44578:11: Bye Bye [preauth]
May  5 03:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Disconnected from 94.254.0.234 port 44578 [preauth]
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session closed for user p13x
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: Successful su for rubyman by root
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: + ??? root:rubyman
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331533 of user rubyman.
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6870]: pam_unix(su:session): session closed for user rubyman
May  5 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331533.
May  5 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session closed for user root
May  5 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user samftp
May  5 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user root
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7318]: pam_unix(cron:session): session closed for user root
May  5 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7313]: pam_unix(cron:session): session closed for user p13x
May  5 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7377]: Successful su for rubyman by root
May  5 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7377]: + ??? root:rubyman
May  5 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331539 of user rubyman.
May  5 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7377]: pam_unix(su:session): session closed for user rubyman
May  5 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331539.
May  5 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7315]: pam_unix(cron:session): session closed for user root
May  5 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4212]: pam_unix(cron:session): session closed for user root
May  5 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7314]: pam_unix(cron:session): session closed for user samftp
May  5 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user root
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7858]: pam_unix(cron:session): session closed for user p13x
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7927]: Successful su for rubyman by root
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7927]: + ??? root:rubyman
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331541 of user rubyman.
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7927]: pam_unix(su:session): session closed for user rubyman
May  5 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331541.
May  5 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session closed for user root
May  5 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7859]: pam_unix(cron:session): session closed for user samftp
May  5 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
May  5 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8289]: pam_unix(cron:session): session closed for user p13x
May  5 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8358]: Successful su for rubyman by root
May  5 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8358]: + ??? root:rubyman
May  5 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331546 of user rubyman.
May  5 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8358]: pam_unix(su:session): session closed for user rubyman
May  5 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331546.
May  5 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5422]: pam_unix(cron:session): session closed for user root
May  5 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8290]: pam_unix(cron:session): session closed for user samftp
May  5 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: Invalid user bch from 68.183.12.36
May  5 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: input_userauth_request: invalid user bch [preauth]
May  5 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: Failed password for invalid user bch from 68.183.12.36 port 55990 ssh2
May  5 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: Connection closed by 68.183.12.36 port 55990 [preauth]
May  5 03:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7317]: pam_unix(cron:session): session closed for user root
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8729]: pam_unix(cron:session): session closed for user p13x
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8790]: Successful su for rubyman by root
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8790]: + ??? root:rubyman
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331549 of user rubyman.
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8790]: pam_unix(su:session): session closed for user rubyman
May  5 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331549.
May  5 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Invalid user ubuntu from 94.254.0.234
May  5 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: input_userauth_request: invalid user ubuntu [preauth]
May  5 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session closed for user root
May  5 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8730]: pam_unix(cron:session): session closed for user samftp
May  5 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Failed password for invalid user ubuntu from 94.254.0.234 port 34144 ssh2
May  5 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Received disconnect from 94.254.0.234 port 34144:11: Bye Bye [preauth]
May  5 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Disconnected from 94.254.0.234 port 34144 [preauth]
May  5 03:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7861]: pam_unix(cron:session): session closed for user root
May  5 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session closed for user p13x
May  5 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9313]: Successful su for rubyman by root
May  5 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9313]: + ??? root:rubyman
May  5 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331553 of user rubyman.
May  5 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9313]: pam_unix(su:session): session closed for user rubyman
May  5 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331553.
May  5 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session closed for user root
May  5 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session closed for user samftp
May  5 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8292]: pam_unix(cron:session): session closed for user root
May  5 03:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9654]: pam_unix(cron:session): session closed for user root
May  5 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9649]: pam_unix(cron:session): session closed for user p13x
May  5 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9728]: Successful su for rubyman by root
May  5 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9728]: + ??? root:rubyman
May  5 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331560 of user rubyman.
May  5 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9728]: pam_unix(su:session): session closed for user rubyman
May  5 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331560.
May  5 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9651]: pam_unix(cron:session): session closed for user root
May  5 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user root
May  5 03:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9650]: pam_unix(cron:session): session closed for user samftp
May  5 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8732]: pam_unix(cron:session): session closed for user root
May  5 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10091]: pam_unix(cron:session): session closed for user p13x
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10155]: Successful su for rubyman by root
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10155]: + ??? root:rubyman
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331563 of user rubyman.
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10155]: pam_unix(su:session): session closed for user rubyman
May  5 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331563.
May  5 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7316]: pam_unix(cron:session): session closed for user root
May  5 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10092]: pam_unix(cron:session): session closed for user samftp
May  5 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9224]: pam_unix(cron:session): session closed for user root
May  5 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10598]: pam_unix(cron:session): session closed for user p13x
May  5 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: Successful su for rubyman by root
May  5 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: + ??? root:rubyman
May  5 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331567 of user rubyman.
May  5 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10695]: pam_unix(su:session): session closed for user rubyman
May  5 03:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331567.
May  5 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7860]: pam_unix(cron:session): session closed for user root
May  5 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10599]: pam_unix(cron:session): session closed for user samftp
May  5 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9653]: pam_unix(cron:session): session closed for user root
May  5 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Invalid user admin01 from 94.254.0.234
May  5 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: input_userauth_request: invalid user admin01 [preauth]
May  5 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Failed password for invalid user admin01 from 94.254.0.234 port 55856 ssh2
May  5 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Received disconnect from 94.254.0.234 port 55856:11: Bye Bye [preauth]
May  5 03:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10977]: Disconnected from 94.254.0.234 port 55856 [preauth]
May  5 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session closed for user p13x
May  5 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11109]: Successful su for rubyman by root
May  5 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11109]: + ??? root:rubyman
May  5 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331571 of user rubyman.
May  5 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11109]: pam_unix(su:session): session closed for user rubyman
May  5 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331571.
May  5 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8291]: pam_unix(cron:session): session closed for user root
May  5 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session closed for user samftp
May  5 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10094]: pam_unix(cron:session): session closed for user root
May  5 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session closed for user p13x
May  5 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11509]: Successful su for rubyman by root
May  5 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11509]: + ??? root:rubyman
May  5 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331576 of user rubyman.
May  5 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11509]: pam_unix(su:session): session closed for user rubyman
May  5 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331576.
May  5 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8731]: pam_unix(cron:session): session closed for user root
May  5 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session closed for user samftp
May  5 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Invalid user xmr from 68.183.12.36
May  5 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: input_userauth_request: invalid user xmr [preauth]
May  5 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: pam_unix(sshd:auth): check pass; user unknown
May  5 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Failed password for invalid user xmr from 68.183.12.36 port 42076 ssh2
May  5 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Connection closed by 68.183.12.36 port 42076 [preauth]
May  5 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10601]: pam_unix(cron:session): session closed for user root
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11845]: pam_unix(cron:session): session closed for user root
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
May  5 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11843]: pam_unix(cron:session): session closed for user p13x
May  5 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11932]: Successful su for rubyman by root
May  5 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11932]: + ??? root:rubyman
May  5 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331582 of user rubyman.
May  5 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11932]: pam_unix(su:session): session closed for user rubyman
May  5 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331582.
May  5 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11846]: pam_unix(cron:session): session closed for user root
May  5 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9223]: pam_unix(cron:session): session closed for user root
May  5 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11844]: pam_unix(cron:session): session closed for user samftp
May  5 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11048]: pam_unix(cron:session): session closed for user root
May  5 04:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Failed password for root from 218.92.0.179 port 31572 ssh2
May  5 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31572 ssh2]
May  5 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Received disconnect from 218.92.0.179 port 31572:11:  [preauth]
May  5 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: Disconnected from 218.92.0.179 port 31572 [preauth]
May  5 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12282]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session closed for user p13x
May  5 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12406]: Successful su for rubyman by root
May  5 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12406]: + ??? root:rubyman
May  5 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331587 of user rubyman.
May  5 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12406]: pam_unix(su:session): session closed for user rubyman
May  5 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331587.
May  5 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9652]: pam_unix(cron:session): session closed for user root
May  5 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session closed for user samftp
May  5 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session closed for user root
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12734]: pam_unix(cron:session): session closed for user p13x
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: Successful su for rubyman by root
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: + ??? root:rubyman
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331590 of user rubyman.
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12793]: pam_unix(su:session): session closed for user rubyman
May  5 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331590.
May  5 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Invalid user kean from 94.254.0.234
May  5 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: input_userauth_request: invalid user kean [preauth]
May  5 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10093]: pam_unix(cron:session): session closed for user root
May  5 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12735]: pam_unix(cron:session): session closed for user samftp
May  5 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Failed password for invalid user kean from 94.254.0.234 port 55178 ssh2
May  5 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Received disconnect from 94.254.0.234 port 55178:11: Bye Bye [preauth]
May  5 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Disconnected from 94.254.0.234 port 55178 [preauth]
May  5 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user root
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session closed for user p13x
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13183]: Successful su for rubyman by root
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13183]: + ??? root:rubyman
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331596 of user rubyman.
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13183]: pam_unix(su:session): session closed for user rubyman
May  5 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331596.
May  5 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10600]: pam_unix(cron:session): session closed for user root
May  5 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13126]: pam_unix(cron:session): session closed for user samftp
May  5 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session closed for user root
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session closed for user p13x
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13686]: Successful su for rubyman by root
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13686]: + ??? root:rubyman
May  5 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331600 of user rubyman.
May  5 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13686]: pam_unix(su:session): session closed for user rubyman
May  5 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331600.
May  5 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session closed for user root
May  5 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13619]: pam_unix(cron:session): session closed for user samftp
May  5 04:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session closed for user root
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session closed for user root
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user p13x
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: Successful su for rubyman by root
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: + ??? root:rubyman
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331603 of user rubyman.
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14102]: pam_unix(su:session): session closed for user rubyman
May  5 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331603.
May  5 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session closed for user root
May  5 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11442]: pam_unix(cron:session): session closed for user root
May  5 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session closed for user samftp
May  5 04:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session closed for user root
May  5 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session closed for user p13x
May  5 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: Successful su for rubyman by root
May  5 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: + ??? root:rubyman
May  5 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331609 of user rubyman.
May  5 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14527]: pam_unix(su:session): session closed for user rubyman
May  5 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331609.
May  5 04:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session closed for user root
May  5 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session closed for user samftp
May  5 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Invalid user algorand from 68.183.12.36
May  5 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: input_userauth_request: invalid user algorand [preauth]
May  5 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Failed password for invalid user algorand from 68.183.12.36 port 57184 ssh2
May  5 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Connection closed by 68.183.12.36 port 57184 [preauth]
May  5 04:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234  user=root
May  5 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Failed password for root from 94.254.0.234 port 40178 ssh2
May  5 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Received disconnect from 94.254.0.234 port 40178:11: Bye Bye [preauth]
May  5 04:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Disconnected from 94.254.0.234 port 40178 [preauth]
May  5 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13621]: pam_unix(cron:session): session closed for user root
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user p13x
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: Successful su for rubyman by root
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: + ??? root:rubyman
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331614 of user rubyman.
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: pam_unix(su:session): session closed for user rubyman
May  5 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331614.
May  5 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12343]: pam_unix(cron:session): session closed for user root
May  5 04:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user samftp
May  5 04:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session closed for user root
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session closed for user p13x
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15336]: Successful su for rubyman by root
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15336]: + ??? root:rubyman
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331616 of user rubyman.
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15336]: pam_unix(su:session): session closed for user rubyman
May  5 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331616.
May  5 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session closed for user root
May  5 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15273]: pam_unix(cron:session): session closed for user samftp
May  5 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14459]: pam_unix(cron:session): session closed for user root
May  5 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15659]: pam_unix(cron:session): session closed for user p13x
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15785]: Successful su for rubyman by root
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15785]: + ??? root:rubyman
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15785]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331621 of user rubyman.
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15785]: pam_unix(su:session): session closed for user rubyman
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331621.
May  5 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15657]: pam_unix(cron:session): session closed for user root
May  5 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13127]: pam_unix(cron:session): session closed for user root
May  5 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session closed for user samftp
May  5 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Invalid user winadmin from 50.235.31.47
May  5 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: input_userauth_request: invalid user winadmin [preauth]
May  5 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Failed password for invalid user winadmin from 50.235.31.47 port 40858 ssh2
May  5 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16052]: Connection closed by 50.235.31.47 port 40858 [preauth]
May  5 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user root
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16143]: pam_unix(cron:session): session closed for user root
May  5 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session closed for user p13x
May  5 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16210]: Successful su for rubyman by root
May  5 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16210]: + ??? root:rubyman
May  5 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331629 of user rubyman.
May  5 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16210]: pam_unix(su:session): session closed for user rubyman
May  5 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331629.
May  5 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16140]: pam_unix(cron:session): session closed for user root
May  5 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13620]: pam_unix(cron:session): session closed for user root
May  5 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session closed for user samftp
May  5 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15275]: pam_unix(cron:session): session closed for user root
May  5 04:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Invalid user denver from 94.254.0.234
May  5 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: input_userauth_request: invalid user denver [preauth]
May  5 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.254.0.234
May  5 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Failed password for invalid user denver from 94.254.0.234 port 43518 ssh2
May  5 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Received disconnect from 94.254.0.234 port 43518:11: Bye Bye [preauth]
May  5 04:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16594]: Disconnected from 94.254.0.234 port 43518 [preauth]
May  5 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16614]: pam_unix(cron:session): session closed for user p13x
May  5 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: Successful su for rubyman by root
May  5 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: + ??? root:rubyman
May  5 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331632 of user rubyman.
May  5 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16687]: pam_unix(su:session): session closed for user rubyman
May  5 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331632.
May  5 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session closed for user root
May  5 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16615]: pam_unix(cron:session): session closed for user samftp
May  5 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user root
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17048]: pam_unix(cron:session): session closed for user p13x
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17111]: Successful su for rubyman by root
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17111]: + ??? root:rubyman
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331637 of user rubyman.
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17111]: pam_unix(su:session): session closed for user rubyman
May  5 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331637.
May  5 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session closed for user root
May  5 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Did not receive identification string from 193.32.162.135
May  5 04:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user samftp
May  5 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16142]: pam_unix(cron:session): session closed for user root
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17446]: pam_unix(cron:session): session closed for user p13x
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: Successful su for rubyman by root
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: + ??? root:rubyman
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331639 of user rubyman.
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17515]: pam_unix(su:session): session closed for user rubyman
May  5 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331639.
May  5 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user root
May  5 04:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17447]: pam_unix(cron:session): session closed for user samftp
May  5 04:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: Invalid user near from 68.183.12.36
May  5 04:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: input_userauth_request: invalid user near [preauth]
May  5 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: Failed password for invalid user near from 68.183.12.36 port 49190 ssh2
May  5 04:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17747]: Connection closed by 68.183.12.36 port 49190 [preauth]
May  5 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session closed for user root
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17977]: pam_unix(cron:session): session closed for user p13x
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: Successful su for rubyman by root
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: + ??? root:rubyman
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331643 of user rubyman.
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18045]: pam_unix(su:session): session closed for user rubyman
May  5 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331643.
May  5 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15274]: pam_unix(cron:session): session closed for user root
May  5 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17978]: pam_unix(cron:session): session closed for user samftp
May  5 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session closed for user root
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18395]: pam_unix(cron:session): session closed for user root
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session closed for user p13x
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: Successful su for rubyman by root
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: + ??? root:rubyman
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331649 of user rubyman.
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: pam_unix(su:session): session closed for user rubyman
May  5 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331649.
May  5 04:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18392]: pam_unix(cron:session): session closed for user root
May  5 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user root
May  5 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18391]: pam_unix(cron:session): session closed for user samftp
May  5 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user root
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session closed for user p13x
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: Successful su for rubyman by root
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: + ??? root:rubyman
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331654 of user rubyman.
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: pam_unix(su:session): session closed for user rubyman
May  5 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331654.
May  5 04:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16141]: pam_unix(cron:session): session closed for user root
May  5 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session closed for user samftp
May  5 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17980]: pam_unix(cron:session): session closed for user root
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session closed for user root
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session closed for user p13x
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19319]: Successful su for rubyman by root
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19319]: + ??? root:rubyman
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331657 of user rubyman.
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19319]: pam_unix(su:session): session closed for user rubyman
May  5 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331657.
May  5 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16616]: pam_unix(cron:session): session closed for user root
May  5 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session closed for user samftp
May  5 04:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18394]: pam_unix(cron:session): session closed for user root
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19663]: pam_unix(cron:session): session closed for user p13x
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19730]: Successful su for rubyman by root
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19730]: + ??? root:rubyman
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331663 of user rubyman.
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19730]: pam_unix(su:session): session closed for user rubyman
May  5 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331663.
May  5 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session closed for user root
May  5 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19666]: pam_unix(cron:session): session closed for user samftp
May  5 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18835]: pam_unix(cron:session): session closed for user root
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session closed for user p13x
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: Successful su for rubyman by root
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: + ??? root:rubyman
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331668 of user rubyman.
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20142]: pam_unix(su:session): session closed for user rubyman
May  5 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331668.
May  5 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17448]: pam_unix(cron:session): session closed for user root
May  5 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session closed for user samftp
May  5 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19258]: pam_unix(cron:session): session closed for user root
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session closed for user root
May  5 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session closed for user p13x
May  5 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20544]: Successful su for rubyman by root
May  5 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20544]: + ??? root:rubyman
May  5 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331672 of user rubyman.
May  5 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20544]: pam_unix(su:session): session closed for user rubyman
May  5 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331672.
May  5 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17979]: pam_unix(cron:session): session closed for user root
May  5 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session closed for user root
May  5 04:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user samftp
May  5 04:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Invalid user zec from 68.183.12.36
May  5 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: input_userauth_request: invalid user zec [preauth]
May  5 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Failed password for invalid user zec from 68.183.12.36 port 50808 ssh2
May  5 04:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Connection closed by 68.183.12.36 port 50808 [preauth]
May  5 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19670]: pam_unix(cron:session): session closed for user root
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20917]: pam_unix(cron:session): session closed for user p13x
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20983]: Successful su for rubyman by root
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20983]: + ??? root:rubyman
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331676 of user rubyman.
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20983]: pam_unix(su:session): session closed for user rubyman
May  5 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331676.
May  5 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18393]: pam_unix(cron:session): session closed for user root
May  5 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20918]: pam_unix(cron:session): session closed for user samftp
May  5 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session closed for user root
May  5 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session closed for user p13x
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: Successful su for rubyman by root
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: + ??? root:rubyman
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331680 of user rubyman.
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21423]: pam_unix(su:session): session closed for user rubyman
May  5 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331680.
May  5 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18834]: pam_unix(cron:session): session closed for user root
May  5 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21366]: pam_unix(cron:session): session closed for user samftp
May  5 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session closed for user root
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user p13x
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: Successful su for rubyman by root
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: + ??? root:rubyman
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331684 of user rubyman.
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22143]: pam_unix(su:session): session closed for user rubyman
May  5 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331684.
May  5 04:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19257]: pam_unix(cron:session): session closed for user root
May  5 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session closed for user samftp
May  5 04:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  5 04:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Failed password for root from 193.70.84.184 port 35972 ssh2
May  5 04:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Connection closed by 193.70.84.184 port 35972 [preauth]
May  5 04:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session closed for user root
May  5 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22548]: pam_unix(cron:session): session closed for user p13x
May  5 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22617]: Successful su for rubyman by root
May  5 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22617]: + ??? root:rubyman
May  5 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331690 of user rubyman.
May  5 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22617]: pam_unix(su:session): session closed for user rubyman
May  5 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331690.
May  5 04:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19669]: pam_unix(cron:session): session closed for user root
May  5 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22549]: pam_unix(cron:session): session closed for user samftp
May  5 04:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Invalid user frr from 190.103.202.7
May  5 04:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: input_userauth_request: invalid user frr [preauth]
May  5 04:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 04:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Failed password for invalid user frr from 190.103.202.7 port 56774 ssh2
May  5 04:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22885]: Connection closed by 190.103.202.7 port 56774 [preauth]
May  5 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session closed for user root
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23022]: pam_unix(cron:session): session closed for user root
May  5 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23017]: pam_unix(cron:session): session closed for user p13x
May  5 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23083]: Successful su for rubyman by root
May  5 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23083]: + ??? root:rubyman
May  5 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331692 of user rubyman.
May  5 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23083]: pam_unix(su:session): session closed for user rubyman
May  5 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331692.
May  5 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23019]: pam_unix(cron:session): session closed for user root
May  5 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20075]: pam_unix(cron:session): session closed for user root
May  5 04:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23018]: pam_unix(cron:session): session closed for user samftp
May  5 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user root
May  5 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session closed for user p13x
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23620]: Successful su for rubyman by root
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23620]: + ??? root:rubyman
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331698 of user rubyman.
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23620]: pam_unix(su:session): session closed for user rubyman
May  5 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331698.
May  5 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user root
May  5 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session closed for user samftp
May  5 04:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Failed password for root from 218.92.0.179 port 17914 ssh2
May  5 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 17914 ssh2]
May  5 04:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Received disconnect from 218.92.0.179 port 17914:11:  [preauth]
May  5 04:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Disconnected from 218.92.0.179 port 17914 [preauth]
May  5 04:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22552]: pam_unix(cron:session): session closed for user root
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24079]: pam_unix(cron:session): session closed for user p13x
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24139]: Successful su for rubyman by root
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24139]: + ??? root:rubyman
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331703 of user rubyman.
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24139]: pam_unix(su:session): session closed for user rubyman
May  5 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331703.
May  5 04:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20919]: pam_unix(cron:session): session closed for user root
May  5 04:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24080]: pam_unix(cron:session): session closed for user samftp
May  5 04:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: Invalid user icp from 68.183.12.36
May  5 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: input_userauth_request: invalid user icp [preauth]
May  5 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: Failed password for invalid user icp from 68.183.12.36 port 42892 ssh2
May  5 04:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24390]: Connection closed by 68.183.12.36 port 42892 [preauth]
May  5 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23021]: pam_unix(cron:session): session closed for user root
May  5 04:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Failed password for root from 218.92.0.179 port 57886 ssh2
May  5 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57886 ssh2]
May  5 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Received disconnect from 218.92.0.179 port 57886:11:  [preauth]
May  5 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Disconnected from 218.92.0.179 port 57886 [preauth]
May  5 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24526]: pam_unix(cron:session): session closed for user p13x
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: Successful su for rubyman by root
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: + ??? root:rubyman
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331706 of user rubyman.
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24593]: pam_unix(su:session): session closed for user rubyman
May  5 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331706.
May  5 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session closed for user root
May  5 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24528]: pam_unix(cron:session): session closed for user samftp
May  5 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session closed for user root
May  5 04:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Failed password for root from 218.92.0.179 port 19415 ssh2
May  5 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session closed for user p13x
May  5 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25007]: Successful su for rubyman by root
May  5 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25007]: + ??? root:rubyman
May  5 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331710 of user rubyman.
May  5 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25007]: pam_unix(su:session): session closed for user rubyman
May  5 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331710.
May  5 04:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Failed password for root from 218.92.0.179 port 19415 ssh2
May  5 04:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user root
May  5 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session closed for user samftp
May  5 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24930]: Failed password for root from 218.92.0.179 port 19415 ssh2
May  5 04:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24083]: pam_unix(cron:session): session closed for user root
May  5 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Invalid user admin from 46.244.96.25
May  5 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: input_userauth_request: invalid user admin [preauth]
May  5 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 04:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Failed password for invalid user admin from 46.244.96.25 port 37112 ssh2
May  5 04:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25272]: Connection closed by 46.244.96.25 port 37112 [preauth]
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25372]: pam_unix(cron:session): session closed for user root
May  5 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25367]: pam_unix(cron:session): session closed for user p13x
May  5 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25435]: Successful su for rubyman by root
May  5 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25435]: + ??? root:rubyman
May  5 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331714 of user rubyman.
May  5 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25435]: pam_unix(su:session): session closed for user rubyman
May  5 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331714.
May  5 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25369]: pam_unix(cron:session): session closed for user root
May  5 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22550]: pam_unix(cron:session): session closed for user root
May  5 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25368]: pam_unix(cron:session): session closed for user samftp
May  5 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: Invalid user adminweb from 176.31.162.135
May  5 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: input_userauth_request: invalid user adminweb [preauth]
May  5 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 04:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: Failed password for invalid user adminweb from 176.31.162.135 port 53152 ssh2
May  5 04:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25655]: Connection closed by 176.31.162.135 port 53152 [preauth]
May  5 04:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25255]: Connection closed by 46.244.96.25 port 37108 [preauth]
May  5 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24530]: pam_unix(cron:session): session closed for user root
May  5 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25800]: pam_unix(cron:session): session closed for user p13x
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25868]: Successful su for rubyman by root
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25868]: + ??? root:rubyman
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331721 of user rubyman.
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25868]: pam_unix(su:session): session closed for user rubyman
May  5 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331721.
May  5 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23020]: pam_unix(cron:session): session closed for user root
May  5 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25801]: pam_unix(cron:session): session closed for user samftp
May  5 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24950]: pam_unix(cron:session): session closed for user root
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26197]: pam_unix(cron:session): session closed for user p13x
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26259]: Successful su for rubyman by root
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26259]: + ??? root:rubyman
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331724 of user rubyman.
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26259]: pam_unix(su:session): session closed for user rubyman
May  5 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331724.
May  5 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23549]: pam_unix(cron:session): session closed for user root
May  5 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26198]: pam_unix(cron:session): session closed for user samftp
May  5 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session closed for user root
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user p13x
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26740]: Successful su for rubyman by root
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26740]: + ??? root:rubyman
May  5 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331729 of user rubyman.
May  5 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26740]: pam_unix(su:session): session closed for user rubyman
May  5 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331729.
May  5 04:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24082]: pam_unix(cron:session): session closed for user root
May  5 04:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26680]: pam_unix(cron:session): session closed for user samftp
May  5 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25803]: pam_unix(cron:session): session closed for user root
May  5 04:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Invalid user david from 164.68.105.9
May  5 04:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: input_userauth_request: invalid user david [preauth]
May  5 04:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 04:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Failed password for invalid user david from 164.68.105.9 port 37410 ssh2
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27127]: Connection closed by 164.68.105.9 port 37410 [preauth]
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27139]: pam_unix(cron:session): session closed for user p13x
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: Successful su for rubyman by root
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: + ??? root:rubyman
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331734 of user rubyman.
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27205]: pam_unix(su:session): session closed for user rubyman
May  5 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331734.
May  5 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24529]: pam_unix(cron:session): session closed for user root
May  5 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27140]: pam_unix(cron:session): session closed for user samftp
May  5 04:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: Invalid user qtum from 68.183.12.36
May  5 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: input_userauth_request: invalid user qtum [preauth]
May  5 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: Failed password for invalid user qtum from 68.183.12.36 port 50864 ssh2
May  5 04:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27481]: Connection closed by 68.183.12.36 port 50864 [preauth]
May  5 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26200]: pam_unix(cron:session): session closed for user root
May  5 04:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Invalid user admin from 80.94.95.112
May  5 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: input_userauth_request: invalid user admin [preauth]
May  5 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 04:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user admin from 80.94.95.112 port 27602 ssh2
May  5 04:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user admin from 80.94.95.112 port 27602 ssh2
May  5 04:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user admin from 80.94.95.112 port 27602 ssh2
May  5 04:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.83.51.228 port 36266
May  5 04:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user admin from 80.94.95.112 port 27602 ssh2
May  5 04:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user admin from 80.94.95.112 port 27602 ssh2
May  5 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Received disconnect from 80.94.95.112 port 27602:11: Bye [preauth]
May  5 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Disconnected from 80.94.95.112 port 27602 [preauth]
May  5 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session closed for user root
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27604]: pam_unix(cron:session): session closed for user p13x
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: Successful su for rubyman by root
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: + ??? root:rubyman
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331736 of user rubyman.
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: pam_unix(su:session): session closed for user rubyman
May  5 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331736.
May  5 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27607]: pam_unix(cron:session): session closed for user root
May  5 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24948]: pam_unix(cron:session): session closed for user root
May  5 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27605]: pam_unix(cron:session): session closed for user samftp
May  5 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26684]: pam_unix(cron:session): session closed for user root
May  5 04:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Failed password for root from 218.92.0.179 port 48711 ssh2
May  5 04:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 48711 ssh2]
May  5 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Received disconnect from 218.92.0.179 port 48711:11:  [preauth]
May  5 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: Disconnected from 218.92.0.179 port 48711 [preauth]
May  5 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27989]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session closed for user p13x
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28114]: Successful su for rubyman by root
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28114]: + ??? root:rubyman
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331742 of user rubyman.
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28114]: pam_unix(su:session): session closed for user rubyman
May  5 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331742.
May  5 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25370]: pam_unix(cron:session): session closed for user root
May  5 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28049]: pam_unix(cron:session): session closed for user samftp
May  5 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user root
May  5 04:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session closed for user p13x
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28512]: Successful su for rubyman by root
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28512]: + ??? root:rubyman
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331746 of user rubyman.
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28512]: pam_unix(su:session): session closed for user rubyman
May  5 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331746.
May  5 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25802]: pam_unix(cron:session): session closed for user root
May  5 04:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session closed for user samftp
May  5 04:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27610]: pam_unix(cron:session): session closed for user root
May  5 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session closed for user p13x
May  5 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28915]: Successful su for rubyman by root
May  5 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28915]: + ??? root:rubyman
May  5 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331752 of user rubyman.
May  5 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28915]: pam_unix(su:session): session closed for user rubyman
May  5 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331752.
May  5 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session closed for user root
May  5 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28843]: pam_unix(cron:session): session closed for user samftp
May  5 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28051]: pam_unix(cron:session): session closed for user root
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session closed for user p13x
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29470]: Successful su for rubyman by root
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29470]: + ??? root:rubyman
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331755 of user rubyman.
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29470]: pam_unix(su:session): session closed for user rubyman
May  5 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331755.
May  5 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session closed for user root
May  5 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26683]: pam_unix(cron:session): session closed for user root
May  5 04:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session closed for user samftp
May  5 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session closed for user root
May  5 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29857]: pam_unix(cron:session): session closed for user root
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29851]: pam_unix(cron:session): session closed for user p13x
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: Successful su for rubyman by root
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: + ??? root:rubyman
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331761 of user rubyman.
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: pam_unix(su:session): session closed for user rubyman
May  5 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331761.
May  5 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29853]: pam_unix(cron:session): session closed for user root
May  5 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session closed for user root
May  5 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session closed for user samftp
May  5 04:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28845]: pam_unix(cron:session): session closed for user root
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30275]: pam_unix(cron:session): session closed for user p13x
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: Successful su for rubyman by root
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: + ??? root:rubyman
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331767 of user rubyman.
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: pam_unix(su:session): session closed for user rubyman
May  5 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331767.
May  5 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session closed for user root
May  5 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session closed for user samftp
May  5 04:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Invalid user fil from 68.183.12.36
May  5 04:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: input_userauth_request: invalid user fil [preauth]
May  5 04:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Failed password for invalid user fil from 68.183.12.36 port 42424 ssh2
May  5 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Connection closed by 68.183.12.36 port 42424 [preauth]
May  5 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session closed for user root
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30687]: pam_unix(cron:session): session closed for user p13x
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30748]: Successful su for rubyman by root
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30748]: + ??? root:rubyman
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331770 of user rubyman.
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30748]: pam_unix(su:session): session closed for user rubyman
May  5 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331770.
May  5 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28050]: pam_unix(cron:session): session closed for user root
May  5 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30688]: pam_unix(cron:session): session closed for user samftp
May  5 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29856]: pam_unix(cron:session): session closed for user root
May  5 04:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Connection closed by 174.138.52.189 port 45850 [preauth]
May  5 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session closed for user p13x
May  5 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31164]: Successful su for rubyman by root
May  5 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31164]: + ??? root:rubyman
May  5 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331774 of user rubyman.
May  5 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31164]: pam_unix(su:session): session closed for user rubyman
May  5 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331774.
May  5 04:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28450]: pam_unix(cron:session): session closed for user root
May  5 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31103]: pam_unix(cron:session): session closed for user samftp
May  5 04:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user root
May  5 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Invalid user admin from 139.19.117.131
May  5 04:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: input_userauth_request: invalid user admin [preauth]
May  5 04:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31476]: Connection closed by 139.19.117.131 port 46068 [preauth]
May  5 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session closed for user p13x
May  5 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31575]: Successful su for rubyman by root
May  5 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31575]: + ??? root:rubyman
May  5 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331778 of user rubyman.
May  5 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31575]: pam_unix(su:session): session closed for user rubyman
May  5 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331778.
May  5 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28844]: pam_unix(cron:session): session closed for user root
May  5 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session closed for user samftp
May  5 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30690]: pam_unix(cron:session): session closed for user root
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31933]: pam_unix(cron:session): session closed for user root
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session closed for user p13x
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32010]: Successful su for rubyman by root
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32010]: + ??? root:rubyman
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331786 of user rubyman.
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32010]: pam_unix(su:session): session closed for user rubyman
May  5 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331786.
May  5 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31930]: pam_unix(cron:session): session closed for user root
May  5 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29357]: pam_unix(cron:session): session closed for user root
May  5 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31929]: pam_unix(cron:session): session closed for user samftp
May  5 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session closed for user root
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user p13x
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: Successful su for rubyman by root
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: + ??? root:rubyman
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331787 of user rubyman.
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: pam_unix(su:session): session closed for user rubyman
May  5 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331787.
May  5 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session closed for user root
May  5 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user samftp
May  5 04:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31507]: pam_unix(cron:session): session closed for user root
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[420]: pam_unix(cron:session): session closed for user p13x
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[498]: Successful su for rubyman by root
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[498]: + ??? root:rubyman
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331791 of user rubyman.
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[498]: pam_unix(su:session): session closed for user rubyman
May  5 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331791.
May  5 04:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session closed for user root
May  5 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[422]: pam_unix(cron:session): session closed for user samftp
May  5 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31932]: pam_unix(cron:session): session closed for user root
May  5 04:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for root from 218.92.0.179 port 25311 ssh2
May  5 04:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 25311 ssh2]
May  5 04:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Received disconnect from 218.92.0.179 port 25311:11:  [preauth]
May  5 04:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Disconnected from 218.92.0.179 port 25311 [preauth]
May  5 04:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session closed for user p13x
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: Successful su for rubyman by root
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: + ??? root:rubyman
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331797 of user rubyman.
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[938]: pam_unix(su:session): session closed for user rubyman
May  5 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331797.
May  5 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30689]: pam_unix(cron:session): session closed for user root
May  5 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[876]: pam_unix(cron:session): session closed for user samftp
May  5 04:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Invalid user hbar from 68.183.12.36
May  5 04:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: input_userauth_request: invalid user hbar [preauth]
May  5 04:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Failed password for invalid user hbar from 68.183.12.36 port 54348 ssh2
May  5 04:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Connection closed by 68.183.12.36 port 54348 [preauth]
May  5 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32363]: pam_unix(cron:session): session closed for user root
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1316]: pam_unix(cron:session): session closed for user p13x
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: Successful su for rubyman by root
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: + ??? root:rubyman
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331801 of user rubyman.
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1379]: pam_unix(su:session): session closed for user rubyman
May  5 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331801.
May  5 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31104]: pam_unix(cron:session): session closed for user root
May  5 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1317]: pam_unix(cron:session): session closed for user samftp
May  5 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[427]: pam_unix(cron:session): session closed for user root
May  5 04:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Failed password for root from 190.103.202.7 port 60000 ssh2
May  5 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Connection closed by 190.103.202.7 port 60000 [preauth]
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session closed for user root
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1763]: pam_unix(cron:session): session closed for user p13x
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1842]: Successful su for rubyman by root
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1842]: + ??? root:rubyman
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331807 of user rubyman.
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1842]: pam_unix(su:session): session closed for user rubyman
May  5 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331807.
May  5 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1765]: pam_unix(cron:session): session closed for user root
May  5 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31506]: pam_unix(cron:session): session closed for user root
May  5 04:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1764]: pam_unix(cron:session): session closed for user samftp
May  5 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[878]: pam_unix(cron:session): session closed for user root
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2292]: pam_unix(cron:session): session closed for user p13x
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2361]: Successful su for rubyman by root
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2361]: + ??? root:rubyman
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331810 of user rubyman.
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2361]: pam_unix(su:session): session closed for user rubyman
May  5 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331810.
May  5 04:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31931]: pam_unix(cron:session): session closed for user root
May  5 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2293]: pam_unix(cron:session): session closed for user samftp
May  5 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session closed for user root
May  5 04:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for root from 218.92.0.179 port 40055 ssh2
May  5 04:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40055 ssh2]
May  5 04:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Received disconnect from 218.92.0.179 port 40055:11:  [preauth]
May  5 04:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Disconnected from 218.92.0.179 port 40055 [preauth]
May  5 04:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2743]: pam_unix(cron:session): session closed for user p13x
May  5 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: Successful su for rubyman by root
May  5 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: + ??? root:rubyman
May  5 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331813 of user rubyman.
May  5 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2806]: pam_unix(su:session): session closed for user rubyman
May  5 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331813.
May  5 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session closed for user root
May  5 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2744]: pam_unix(cron:session): session closed for user samftp
May  5 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session closed for user root
May  5 04:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3147]: pam_unix(cron:session): session closed for user p13x
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: Successful su for rubyman by root
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: + ??? root:rubyman
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331817 of user rubyman.
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3216]: pam_unix(su:session): session closed for user rubyman
May  5 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331817.
May  5 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[423]: pam_unix(cron:session): session closed for user root
May  5 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3148]: pam_unix(cron:session): session closed for user samftp
May  5 04:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2295]: pam_unix(cron:session): session closed for user root
May  5 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3609]: pam_unix(cron:session): session closed for user p13x
May  5 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3670]: Successful su for rubyman by root
May  5 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3670]: + ??? root:rubyman
May  5 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331823 of user rubyman.
May  5 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3670]: pam_unix(su:session): session closed for user rubyman
May  5 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331823.
May  5 04:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[877]: pam_unix(cron:session): session closed for user root
May  5 04:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3610]: pam_unix(cron:session): session closed for user samftp
May  5 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session closed for user root
May  5 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4039]: pam_unix(cron:session): session closed for user root
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session closed for user p13x
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: Successful su for rubyman by root
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: + ??? root:rubyman
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331828 of user rubyman.
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: pam_unix(su:session): session closed for user rubyman
May  5 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331828.
May  5 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1318]: pam_unix(cron:session): session closed for user root
May  5 04:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session closed for user root
May  5 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session closed for user samftp
May  5 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Invalid user dgb from 68.183.12.36
May  5 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: input_userauth_request: invalid user dgb [preauth]
May  5 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: pam_unix(sshd:auth): check pass; user unknown
May  5 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 04:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Failed password for invalid user dgb from 68.183.12.36 port 58066 ssh2
May  5 04:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4532]: Connection closed by 68.183.12.36 port 58066 [preauth]
May  5 04:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3151]: pam_unix(cron:session): session closed for user root
May  5 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4627]: pam_unix(cron:session): session closed for user p13x
May  5 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4696]: Successful su for rubyman by root
May  5 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4696]: + ??? root:rubyman
May  5 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331831 of user rubyman.
May  5 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4696]: pam_unix(su:session): session closed for user rubyman
May  5 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331831.
May  5 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1766]: pam_unix(cron:session): session closed for user root
May  5 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session closed for user samftp
May  5 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3613]: pam_unix(cron:session): session closed for user root
May  5 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5251]: pam_unix(cron:session): session closed for user p13x
May  5 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5315]: Successful su for rubyman by root
May  5 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5315]: + ??? root:rubyman
May  5 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331837 of user rubyman.
May  5 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5315]: pam_unix(su:session): session closed for user rubyman
May  5 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331837.
May  5 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2294]: pam_unix(cron:session): session closed for user root
May  5 04:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5252]: pam_unix(cron:session): session closed for user samftp
May  5 04:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4036]: pam_unix(cron:session): session closed for user root
May  5 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 04:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5703]: Did not receive identification string from 134.209.168.219
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5713]: pam_unix(cron:session): session closed for user p13x
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5774]: Successful su for rubyman by root
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5774]: + ??? root:rubyman
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331839 of user rubyman.
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5774]: pam_unix(su:session): session closed for user rubyman
May  5 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331839.
May  5 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2745]: pam_unix(cron:session): session closed for user root
May  5 04:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5714]: pam_unix(cron:session): session closed for user samftp
May  5 04:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session closed for user root
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6212]: pam_unix(cron:session): session closed for user p13x
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6274]: Successful su for rubyman by root
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6274]: + ??? root:rubyman
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331845 of user rubyman.
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6274]: pam_unix(su:session): session closed for user rubyman
May  5 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331845.
May  5 04:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3150]: pam_unix(cron:session): session closed for user root
May  5 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6213]: pam_unix(cron:session): session closed for user samftp
May  5 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5255]: pam_unix(cron:session): session closed for user root
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session closed for user root
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session closed for user p13x
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: Successful su for rubyman by root
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: + ??? root:rubyman
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331849 of user rubyman.
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session closed for user rubyman
May  5 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331849.
May  5 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user root
May  5 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3612]: pam_unix(cron:session): session closed for user root
May  5 05:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user samftp
May  5 05:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5716]: pam_unix(cron:session): session closed for user root
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user p13x
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7292]: Successful su for rubyman by root
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7292]: + ??? root:rubyman
May  5 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331854 of user rubyman.
May  5 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7292]: pam_unix(su:session): session closed for user rubyman
May  5 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331854.
May  5 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session closed for user root
May  5 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session closed for user samftp
May  5 05:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6215]: pam_unix(cron:session): session closed for user root
May  5 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7733]: pam_unix(cron:session): session closed for user p13x
May  5 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: Successful su for rubyman by root
May  5 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: + ??? root:rubyman
May  5 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331858 of user rubyman.
May  5 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7809]: pam_unix(su:session): session closed for user rubyman
May  5 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331858.
May  5 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session closed for user root
May  5 05:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7734]: pam_unix(cron:session): session closed for user samftp
May  5 05:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Invalid user snx from 68.183.12.36
May  5 05:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: input_userauth_request: invalid user snx [preauth]
May  5 05:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 05:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Failed password for invalid user snx from 68.183.12.36 port 52968 ssh2
May  5 05:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Connection closed by 68.183.12.36 port 52968 [preauth]
May  5 05:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session closed for user root
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8174]: pam_unix(cron:session): session closed for user p13x
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8243]: Successful su for rubyman by root
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8243]: + ??? root:rubyman
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331863 of user rubyman.
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8243]: pam_unix(su:session): session closed for user rubyman
May  5 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331863.
May  5 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5254]: pam_unix(cron:session): session closed for user root
May  5 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8175]: pam_unix(cron:session): session closed for user samftp
May  5 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7228]: pam_unix(cron:session): session closed for user root
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session closed for user p13x
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: Successful su for rubyman by root
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: + ??? root:rubyman
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331866 of user rubyman.
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8656]: pam_unix(su:session): session closed for user rubyman
May  5 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331866.
May  5 05:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5715]: pam_unix(cron:session): session closed for user root
May  5 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user samftp
May  5 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session closed for user root
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9011]: pam_unix(cron:session): session closed for user root
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9005]: pam_unix(cron:session): session closed for user p13x
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: Successful su for rubyman by root
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: + ??? root:rubyman
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331873 of user rubyman.
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: pam_unix(su:session): session closed for user rubyman
May  5 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331873.
May  5 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session closed for user root
May  5 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9007]: pam_unix(cron:session): session closed for user root
May  5 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9006]: pam_unix(cron:session): session closed for user samftp
May  5 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8177]: pam_unix(cron:session): session closed for user root
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9564]: pam_unix(cron:session): session closed for user p13x
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: Successful su for rubyman by root
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: + ??? root:rubyman
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331878 of user rubyman.
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: pam_unix(su:session): session closed for user rubyman
May  5 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331878.
May  5 05:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user root
May  5 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9565]: pam_unix(cron:session): session closed for user samftp
May  5 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session closed for user root
May  5 05:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Failed password for root from 218.92.0.179 port 18955 ssh2
May  5 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18955 ssh2]
May  5 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Received disconnect from 218.92.0.179 port 18955:11:  [preauth]
May  5 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Disconnected from 218.92.0.179 port 18955 [preauth]
May  5 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9969]: pam_unix(cron:session): session closed for user p13x
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10033]: Successful su for rubyman by root
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10033]: + ??? root:rubyman
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331883 of user rubyman.
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10033]: pam_unix(su:session): session closed for user rubyman
May  5 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331883.
May  5 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7227]: pam_unix(cron:session): session closed for user root
May  5 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9970]: pam_unix(cron:session): session closed for user samftp
May  5 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session closed for user root
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10463]: pam_unix(cron:session): session closed for user p13x
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: Successful su for rubyman by root
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: + ??? root:rubyman
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331886 of user rubyman.
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10530]: pam_unix(su:session): session closed for user rubyman
May  5 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331886.
May  5 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7735]: pam_unix(cron:session): session closed for user root
May  5 05:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user samftp
May  5 05:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session closed for user root
May  5 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10933]: pam_unix(cron:session): session closed for user p13x
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: Successful su for rubyman by root
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: + ??? root:rubyman
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331890 of user rubyman.
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session closed for user rubyman
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331890.
May  5 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10931]: pam_unix(cron:session): session closed for user root
May  5 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8176]: pam_unix(cron:session): session closed for user root
May  5 05:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10934]: pam_unix(cron:session): session closed for user samftp
May  5 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  5 05:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for root from 218.92.0.179 port 46366 ssh2
May  5 05:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for root from 218.92.0.208 port 59734 ssh2
May  5 05:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for root from 218.92.0.179 port 46366 ssh2
May  5 05:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for root from 218.92.0.179 port 46366 ssh2
May  5 05:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Received disconnect from 218.92.0.179 port 46366:11:  [preauth]
May  5 05:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Disconnected from 218.92.0.179 port 46366 [preauth]
May  5 05:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Received disconnect from 218.92.0.208 port 59734:11:  [preauth]
May  5 05:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Disconnected from 218.92.0.208 port 59734 [preauth]
May  5 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  5 05:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11300]: Failed password for root from 218.92.0.208 port 50334 ssh2
May  5 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Invalid user chz from 68.183.12.36
May  5 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: input_userauth_request: invalid user chz [preauth]
May  5 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 05:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Failed password for invalid user chz from 68.183.12.36 port 49384 ssh2
May  5 05:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Connection closed by 68.183.12.36 port 49384 [preauth]
May  5 05:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9972]: pam_unix(cron:session): session closed for user root
May  5 05:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11368]: Connection closed by 46.244.96.25 port 60618 [preauth]
May  5 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Invalid user k8s from 46.244.96.25
May  5 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: input_userauth_request: invalid user k8s [preauth]
May  5 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 05:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Failed password for invalid user k8s from 46.244.96.25 port 60628 ssh2
May  5 05:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Connection closed by 46.244.96.25 port 60628 [preauth]
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11424]: pam_unix(cron:session): session closed for user root
May  5 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session closed for user p13x
May  5 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: Successful su for rubyman by root
May  5 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: + ??? root:rubyman
May  5 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331893 of user rubyman.
May  5 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11491]: pam_unix(su:session): session closed for user rubyman
May  5 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331893.
May  5 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user root
May  5 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session closed for user root
May  5 05:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user samftp
May  5 05:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session closed for user root
May  5 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user p13x
May  5 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11920]: Successful su for rubyman by root
May  5 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11920]: + ??? root:rubyman
May  5 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331900 of user rubyman.
May  5 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11920]: pam_unix(su:session): session closed for user rubyman
May  5 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331900.
May  5 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9008]: pam_unix(cron:session): session closed for user root
May  5 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session closed for user samftp
May  5 05:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Invalid user db2admin from 50.235.31.47
May  5 05:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: input_userauth_request: invalid user db2admin [preauth]
May  5 05:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 05:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Failed password for invalid user db2admin from 50.235.31.47 port 33670 ssh2
May  5 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Connection closed by 50.235.31.47 port 33670 [preauth]
May  5 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session closed for user root
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12249]: pam_unix(cron:session): session closed for user p13x
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12325]: Successful su for rubyman by root
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12325]: + ??? root:rubyman
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331904 of user rubyman.
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12325]: pam_unix(su:session): session closed for user rubyman
May  5 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331904.
May  5 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session closed for user root
May  5 05:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12250]: pam_unix(cron:session): session closed for user samftp
May  5 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session closed for user root
May  5 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12644]: pam_unix(cron:session): session closed for user p13x
May  5 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12703]: Successful su for rubyman by root
May  5 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12703]: + ??? root:rubyman
May  5 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331908 of user rubyman.
May  5 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12703]: pam_unix(su:session): session closed for user rubyman
May  5 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331908.
May  5 05:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9971]: pam_unix(cron:session): session closed for user root
May  5 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12645]: pam_unix(cron:session): session closed for user samftp
May  5 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session closed for user root
May  5 05:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: Invalid user  from 43.157.138.184
May  5 05:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: input_userauth_request: invalid user  [preauth]
May  5 05:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12989]: Connection closed by 43.157.138.184 port 40908 [preauth]
May  5 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user p13x
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13105]: Successful su for rubyman by root
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13105]: + ??? root:rubyman
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331913 of user rubyman.
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13105]: pam_unix(su:session): session closed for user rubyman
May  5 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331913.
May  5 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session closed for user root
May  5 05:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session closed for user samftp
May  5 05:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12252]: pam_unix(cron:session): session closed for user root
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session closed for user root
May  5 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session closed for user p13x
May  5 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: Successful su for rubyman by root
May  5 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: + ??? root:rubyman
May  5 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331915 of user rubyman.
May  5 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: pam_unix(su:session): session closed for user rubyman
May  5 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331915.
May  5 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session closed for user root
May  5 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session closed for user root
May  5 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13439]: pam_unix(cron:session): session closed for user samftp
May  5 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user root
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session closed for user p13x
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14040]: Successful su for rubyman by root
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14040]: + ??? root:rubyman
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331921 of user rubyman.
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14040]: pam_unix(su:session): session closed for user rubyman
May  5 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331921.
May  5 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session closed for user root
May  5 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session closed for user samftp
May  5 05:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Invalid user ldo from 68.183.12.36
May  5 05:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: input_userauth_request: invalid user ldo [preauth]
May  5 05:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 05:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Failed password for invalid user ldo from 68.183.12.36 port 51942 ssh2
May  5 05:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Connection closed by 68.183.12.36 port 51942 [preauth]
May  5 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13046]: pam_unix(cron:session): session closed for user root
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user root
May  5 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session closed for user p13x
May  5 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: Successful su for rubyman by root
May  5 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: + ??? root:rubyman
May  5 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331925 of user rubyman.
May  5 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: pam_unix(su:session): session closed for user rubyman
May  5 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331925.
May  5 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11853]: pam_unix(cron:session): session closed for user root
May  5 05:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14384]: pam_unix(cron:session): session closed for user samftp
May  5 05:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session closed for user root
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14787]: pam_unix(cron:session): session closed for user p13x
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: Successful su for rubyman by root
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: + ??? root:rubyman
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331931 of user rubyman.
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: pam_unix(su:session): session closed for user rubyman
May  5 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331931.
May  5 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12251]: pam_unix(cron:session): session closed for user root
May  5 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14788]: pam_unix(cron:session): session closed for user samftp
May  5 05:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user root
May  5 05:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  5 05:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: Failed password for root from 193.70.84.184 port 50176 ssh2
May  5 05:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15136]: Connection closed by 193.70.84.184 port 50176 [preauth]
May  5 05:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Failed password for root from 218.92.0.179 port 10105 ssh2
May  5 05:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10105 ssh2]
May  5 05:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Received disconnect from 218.92.0.179 port 10105:11:  [preauth]
May  5 05:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Disconnected from 218.92.0.179 port 10105 [preauth]
May  5 05:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15186]: pam_unix(cron:session): session closed for user p13x
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15247]: Successful su for rubyman by root
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15247]: + ??? root:rubyman
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331935 of user rubyman.
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15247]: pam_unix(su:session): session closed for user rubyman
May  5 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331935.
May  5 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session closed for user root
May  5 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15187]: pam_unix(cron:session): session closed for user samftp
May  5 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14386]: pam_unix(cron:session): session closed for user root
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user root
May  5 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15583]: pam_unix(cron:session): session closed for user p13x
May  5 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: Successful su for rubyman by root
May  5 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: + ??? root:rubyman
May  5 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331940 of user rubyman.
May  5 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: pam_unix(su:session): session closed for user rubyman
May  5 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331940.
May  5 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session closed for user root
May  5 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session closed for user root
May  5 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session closed for user samftp
May  5 05:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session closed for user root
May  5 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user p13x
May  5 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16069]: Successful su for rubyman by root
May  5 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16069]: + ??? root:rubyman
May  5 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331944 of user rubyman.
May  5 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16069]: pam_unix(su:session): session closed for user rubyman
May  5 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331944.
May  5 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session closed for user root
May  5 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16007]: pam_unix(cron:session): session closed for user samftp
May  5 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15189]: pam_unix(cron:session): session closed for user root
May  5 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16385]: pam_unix(cron:session): session closed for user p13x
May  5 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: Successful su for rubyman by root
May  5 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: + ??? root:rubyman
May  5 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331949 of user rubyman.
May  5 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: pam_unix(su:session): session closed for user rubyman
May  5 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331949.
May  5 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session closed for user root
May  5 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16386]: pam_unix(cron:session): session closed for user samftp
May  5 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user root
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session closed for user p13x
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16929]: Successful su for rubyman by root
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16929]: + ??? root:rubyman
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331952 of user rubyman.
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16929]: pam_unix(su:session): session closed for user rubyman
May  5 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331952.
May  5 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14385]: pam_unix(cron:session): session closed for user root
May  5 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16845]: pam_unix(cron:session): session closed for user samftp
May  5 05:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Invalid user crv from 68.183.12.36
May  5 05:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: input_userauth_request: invalid user crv [preauth]
May  5 05:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 05:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Failed password for invalid user crv from 68.183.12.36 port 39920 ssh2
May  5 05:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17180]: Connection closed by 68.183.12.36 port 39920 [preauth]
May  5 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16009]: pam_unix(cron:session): session closed for user root
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user p13x
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: Successful su for rubyman by root
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: + ??? root:rubyman
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331957 of user rubyman.
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17334]: pam_unix(su:session): session closed for user rubyman
May  5 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331957.
May  5 05:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14789]: pam_unix(cron:session): session closed for user root
May  5 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user samftp
May  5 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session closed for user root
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session closed for user root
May  5 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17682]: pam_unix(cron:session): session closed for user p13x
May  5 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17759]: Successful su for rubyman by root
May  5 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17759]: + ??? root:rubyman
May  5 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331961 of user rubyman.
May  5 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17759]: pam_unix(su:session): session closed for user rubyman
May  5 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331961.
May  5 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15188]: pam_unix(cron:session): session closed for user root
May  5 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17685]: pam_unix(cron:session): session closed for user root
May  5 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17683]: pam_unix(cron:session): session closed for user samftp
May  5 05:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  5 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18090]: Failed password for root from 218.92.0.208 port 57440 ssh2
May  5 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Failed password for root from 218.92.0.179 port 16507 ssh2
May  5 05:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 16507 ssh2]
May  5 05:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Received disconnect from 218.92.0.179 port 16507:11:  [preauth]
May  5 05:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Disconnected from 218.92.0.179 port 16507 [preauth]
May  5 05:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
May  5 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user p13x
May  5 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: Successful su for rubyman by root
May  5 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: + ??? root:rubyman
May  5 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331966 of user rubyman.
May  5 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18313]: pam_unix(su:session): session closed for user rubyman
May  5 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331966.
May  5 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user root
May  5 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user samftp
May  5 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session closed for user root
May  5 05:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Failed password for root from 218.92.0.179 port 24465 ssh2
May  5 05:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 24465 ssh2]
May  5 05:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Received disconnect from 218.92.0.179 port 24465:11:  [preauth]
May  5 05:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: Disconnected from 218.92.0.179 port 24465 [preauth]
May  5 05:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18600]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session closed for user p13x
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18722]: Successful su for rubyman by root
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18722]: + ??? root:rubyman
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331971 of user rubyman.
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18722]: pam_unix(su:session): session closed for user rubyman
May  5 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331971.
May  5 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16008]: pam_unix(cron:session): session closed for user root
May  5 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18659]: pam_unix(cron:session): session closed for user samftp
May  5 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17687]: pam_unix(cron:session): session closed for user root
May  5 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user p13x
May  5 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19132]: Successful su for rubyman by root
May  5 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19132]: + ??? root:rubyman
May  5 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331976 of user rubyman.
May  5 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19132]: pam_unix(su:session): session closed for user rubyman
May  5 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331976.
May  5 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session closed for user root
May  5 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session closed for user samftp
May  5 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session closed for user root
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19477]: pam_unix(cron:session): session closed for user p13x
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19538]: Successful su for rubyman by root
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19538]: + ??? root:rubyman
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331979 of user rubyman.
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19538]: pam_unix(su:session): session closed for user rubyman
May  5 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331979.
May  5 05:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16846]: pam_unix(cron:session): session closed for user root
May  5 05:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19478]: pam_unix(cron:session): session closed for user samftp
May  5 05:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18661]: pam_unix(cron:session): session closed for user root
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user root
May  5 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19888]: pam_unix(cron:session): session closed for user p13x
May  5 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: Successful su for rubyman by root
May  5 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: + ??? root:rubyman
May  5 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331982 of user rubyman.
May  5 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19961]: pam_unix(su:session): session closed for user rubyman
May  5 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331982.
May  5 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session closed for user root
May  5 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17274]: pam_unix(cron:session): session closed for user root
May  5 05:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session closed for user samftp
May  5 05:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Invalid user lrc from 68.183.12.36
May  5 05:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: input_userauth_request: invalid user lrc [preauth]
May  5 05:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 05:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Failed password for invalid user lrc from 68.183.12.36 port 59226 ssh2
May  5 05:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Connection closed by 68.183.12.36 port 59226 [preauth]
May  5 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19075]: pam_unix(cron:session): session closed for user root
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session closed for user p13x
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: Successful su for rubyman by root
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: + ??? root:rubyman
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331988 of user rubyman.
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20390]: pam_unix(su:session): session closed for user rubyman
May  5 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331988.
May  5 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user samftp
May  5 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17686]: pam_unix(cron:session): session closed for user root
May  5 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19481]: pam_unix(cron:session): session closed for user root
May  5 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session closed for user p13x
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: Successful su for rubyman by root
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: + ??? root:rubyman
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331994 of user rubyman.
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20800]: pam_unix(su:session): session closed for user rubyman
May  5 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331994.
May  5 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session closed for user root
May  5 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user samftp
May  5 05:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 05:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: Failed password for root from 185.93.89.118 port 63248 ssh2
May  5 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20726]: Connection closed by 185.93.89.118 port 63248 [preauth]
May  5 05:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for root from 218.92.0.179 port 61946 ssh2
May  5 05:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 05:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for root from 218.92.0.179 port 61946 ssh2
May  5 05:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: Failed password for root from 185.93.89.118 port 39110 ssh2
May  5 05:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Failed password for root from 218.92.0.179 port 61946 ssh2
May  5 05:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21006]: Connection closed by 185.93.89.118 port 39110 [preauth]
May  5 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Received disconnect from 218.92.0.179 port 61946:11:  [preauth]
May  5 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: Disconnected from 218.92.0.179 port 61946 [preauth]
May  5 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21015]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 05:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: Failed password for root from 185.93.89.118 port 65278 ssh2
May  5 05:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21031]: Connection closed by 185.93.89.118 port 65278 [preauth]
May  5 05:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user root
May  5 05:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Failed password for root from 185.93.89.118 port 40086 ssh2
May  5 05:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Connection closed by 185.93.89.118 port 40086 [preauth]
May  5 05:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 05:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Failed password for root from 185.93.89.118 port 63440 ssh2
May  5 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Connection closed by 185.93.89.118 port 63440 [preauth]
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21158]: pam_unix(cron:session): session closed for user p13x
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: Successful su for rubyman by root
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: + ??? root:rubyman
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 331997 of user rubyman.
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21246]: pam_unix(su:session): session closed for user rubyman
May  5 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 331997.
May  5 05:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18660]: pam_unix(cron:session): session closed for user root
May  5 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session closed for user samftp
May  5 05:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20326]: pam_unix(cron:session): session closed for user root
May  5 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session closed for user p13x
May  5 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21692]: Successful su for rubyman by root
May  5 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21692]: + ??? root:rubyman
May  5 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332001 of user rubyman.
May  5 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21692]: pam_unix(su:session): session closed for user rubyman
May  5 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332001.
May  5 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session closed for user root
May  5 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user samftp
May  5 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20740]: pam_unix(cron:session): session closed for user root
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22357]: pam_unix(cron:session): session closed for user root
May  5 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user p13x
May  5 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: Successful su for rubyman by root
May  5 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: + ??? root:rubyman
May  5 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332004 of user rubyman.
May  5 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22439]: pam_unix(su:session): session closed for user rubyman
May  5 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332004.
May  5 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session closed for user root
May  5 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19480]: pam_unix(cron:session): session closed for user root
May  5 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user samftp
May  5 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session closed for user root
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22838]: pam_unix(cron:session): session closed for user p13x
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: Successful su for rubyman by root
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: + ??? root:rubyman
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332011 of user rubyman.
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22917]: pam_unix(su:session): session closed for user rubyman
May  5 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332011.
May  5 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session closed for user root
May  5 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session closed for user samftp
May  5 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session closed for user root
May  5 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session closed for user p13x
May  5 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23452]: Successful su for rubyman by root
May  5 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23452]: + ??? root:rubyman
May  5 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332014 of user rubyman.
May  5 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23452]: pam_unix(su:session): session closed for user rubyman
May  5 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332014.
May  5 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20325]: pam_unix(cron:session): session closed for user root
May  5 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session closed for user samftp
May  5 05:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Invalid user amp from 68.183.12.36
May  5 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: input_userauth_request: invalid user amp [preauth]
May  5 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.12.36
May  5 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Failed password for invalid user amp from 68.183.12.36 port 42874 ssh2
May  5 05:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Connection closed by 68.183.12.36 port 42874 [preauth]
May  5 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22356]: pam_unix(cron:session): session closed for user root
May  5 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session closed for user p13x
May  5 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23965]: Successful su for rubyman by root
May  5 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23965]: + ??? root:rubyman
May  5 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332019 of user rubyman.
May  5 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23965]: pam_unix(su:session): session closed for user rubyman
May  5 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332019.
May  5 05:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session closed for user root
May  5 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session closed for user samftp
May  5 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22841]: pam_unix(cron:session): session closed for user root
May  5 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session closed for user p13x
May  5 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: Successful su for rubyman by root
May  5 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: + ??? root:rubyman
May  5 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332023 of user rubyman.
May  5 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24473]: pam_unix(su:session): session closed for user rubyman
May  5 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332023.
May  5 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session closed for user root
May  5 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session closed for user root
May  5 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session closed for user samftp
May  5 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23300]: pam_unix(cron:session): session closed for user root
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session closed for user root
May  5 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24855]: pam_unix(cron:session): session closed for user p13x
May  5 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: Successful su for rubyman by root
May  5 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: + ??? root:rubyman
May  5 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332031 of user rubyman.
May  5 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24933]: pam_unix(su:session): session closed for user rubyman
May  5 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332031.
May  5 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24858]: pam_unix(cron:session): session closed for user root
May  5 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21611]: pam_unix(cron:session): session closed for user root
May  5 05:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24856]: pam_unix(cron:session): session closed for user samftp
May  5 05:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session closed for user root
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session closed for user p13x
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25375]: Successful su for rubyman by root
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25375]: + ??? root:rubyman
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332034 of user rubyman.
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25375]: pam_unix(su:session): session closed for user rubyman
May  5 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332034.
May  5 05:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22355]: pam_unix(cron:session): session closed for user root
May  5 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user samftp
May  5 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session closed for user root
May  5 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session closed for user p13x
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: Successful su for rubyman by root
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: + ??? root:rubyman
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332037 of user rubyman.
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: pam_unix(su:session): session closed for user rubyman
May  5 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332037.
May  5 05:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22840]: pam_unix(cron:session): session closed for user root
May  5 05:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session closed for user samftp
May  5 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Invalid user storm from 50.235.31.47
May  5 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: input_userauth_request: invalid user storm [preauth]
May  5 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 05:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Failed password for invalid user storm from 50.235.31.47 port 53678 ssh2
May  5 05:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Connection closed by 50.235.31.47 port 53678 [preauth]
May  5 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session closed for user root
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user p13x
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: Successful su for rubyman by root
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: + ??? root:rubyman
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332041 of user rubyman.
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26177]: pam_unix(su:session): session closed for user rubyman
May  5 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332041.
May  5 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23299]: pam_unix(cron:session): session closed for user root
May  5 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26117]: pam_unix(cron:session): session closed for user samftp
May  5 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user root
May  5 05:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Invalid user admin from 139.19.117.131
May  5 05:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: input_userauth_request: invalid user admin [preauth]
May  5 05:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Connection closed by 139.19.117.131 port 54976 [preauth]
May  5 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26592]: pam_unix(cron:session): session closed for user p13x
May  5 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: Successful su for rubyman by root
May  5 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: + ??? root:rubyman
May  5 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332045 of user rubyman.
May  5 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26651]: pam_unix(su:session): session closed for user rubyman
May  5 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332045.
May  5 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session closed for user root
May  5 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26593]: pam_unix(cron:session): session closed for user samftp
May  5 05:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25719]: pam_unix(cron:session): session closed for user root
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27045]: pam_unix(cron:session): session closed for user root
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session closed for user p13x
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: Successful su for rubyman by root
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: + ??? root:rubyman
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332054 of user rubyman.
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27125]: pam_unix(su:session): session closed for user rubyman
May  5 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332054.
May  5 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session closed for user root
May  5 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session closed for user root
May  5 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session closed for user samftp
May  5 05:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user root
May  5 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27547]: pam_unix(cron:session): session closed for user p13x
May  5 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27618]: Successful su for rubyman by root
May  5 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27618]: + ??? root:rubyman
May  5 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332055 of user rubyman.
May  5 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27618]: pam_unix(su:session): session closed for user rubyman
May  5 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332055.
May  5 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session closed for user root
May  5 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27548]: pam_unix(cron:session): session closed for user samftp
May  5 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session closed for user root
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27954]: pam_unix(cron:session): session closed for user p13x
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28017]: Successful su for rubyman by root
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28017]: + ??? root:rubyman
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332060 of user rubyman.
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28017]: pam_unix(su:session): session closed for user rubyman
May  5 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332060.
May  5 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session closed for user root
May  5 05:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27955]: pam_unix(cron:session): session closed for user samftp
May  5 05:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Failed password for root from 218.92.0.179 port 41185 ssh2
May  5 05:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41185 ssh2]
May  5 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Received disconnect from 218.92.0.179 port 41185:11:  [preauth]
May  5 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: Disconnected from 218.92.0.179 port 41185 [preauth]
May  5 05:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28125]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session closed for user root
May  5 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28359]: pam_unix(cron:session): session closed for user p13x
May  5 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28420]: Successful su for rubyman by root
May  5 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28420]: + ??? root:rubyman
May  5 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332064 of user rubyman.
May  5 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28420]: pam_unix(su:session): session closed for user rubyman
May  5 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332064.
May  5 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25718]: pam_unix(cron:session): session closed for user root
May  5 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session closed for user samftp
May  5 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27550]: pam_unix(cron:session): session closed for user root
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28751]: pam_unix(cron:session): session closed for user p13x
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28814]: Successful su for rubyman by root
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28814]: + ??? root:rubyman
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332067 of user rubyman.
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28814]: pam_unix(su:session): session closed for user rubyman
May  5 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332067.
May  5 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user root
May  5 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session closed for user samftp
May  5 05:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Invalid user biadmin from 164.68.105.9
May  5 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: input_userauth_request: invalid user biadmin [preauth]
May  5 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Failed password for invalid user biadmin from 164.68.105.9 port 33356 ssh2
May  5 05:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29149]: Connection closed by 164.68.105.9 port 33356 [preauth]
May  5 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session closed for user root
May  5 05:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 05:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Failed password for root from 157.245.88.137 port 39694 ssh2
May  5 05:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Received disconnect from 157.245.88.137 port 39694:11: Bye Bye [preauth]
May  5 05:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29223]: Disconnected from 157.245.88.137 port 39694 [preauth]
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29265]: pam_unix(cron:session): session closed for user root
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session closed for user p13x
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29330]: Successful su for rubyman by root
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29330]: + ??? root:rubyman
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332073 of user rubyman.
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29330]: pam_unix(su:session): session closed for user rubyman
May  5 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332073.
May  5 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29257]: pam_unix(cron:session): session closed for user root
May  5 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session closed for user root
May  5 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29256]: pam_unix(cron:session): session closed for user samftp
May  5 05:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28362]: pam_unix(cron:session): session closed for user root
May  5 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29704]: pam_unix(cron:session): session closed for user p13x
May  5 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: Successful su for rubyman by root
May  5 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: + ??? root:rubyman
May  5 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332079 of user rubyman.
May  5 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29775]: pam_unix(su:session): session closed for user rubyman
May  5 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332079.
May  5 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session closed for user root
May  5 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29705]: pam_unix(cron:session): session closed for user samftp
May  5 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session closed for user root
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30112]: pam_unix(cron:session): session closed for user p13x
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30172]: Successful su for rubyman by root
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30172]: + ??? root:rubyman
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332083 of user rubyman.
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30172]: pam_unix(su:session): session closed for user rubyman
May  5 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332083.
May  5 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27549]: pam_unix(cron:session): session closed for user root
May  5 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30113]: pam_unix(cron:session): session closed for user samftp
May  5 05:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Invalid user claire from 120.48.162.75
May  5 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: input_userauth_request: invalid user claire [preauth]
May  5 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Failed password for invalid user claire from 120.48.162.75 port 58186 ssh2
May  5 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Received disconnect from 120.48.162.75 port 58186:11: Bye Bye [preauth]
May  5 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30392]: Disconnected from 120.48.162.75 port 58186 [preauth]
May  5 05:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29264]: pam_unix(cron:session): session closed for user root
May  5 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30504]: pam_unix(cron:session): session closed for user p13x
May  5 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30569]: Successful su for rubyman by root
May  5 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30569]: + ??? root:rubyman
May  5 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332086 of user rubyman.
May  5 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30569]: pam_unix(su:session): session closed for user rubyman
May  5 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332086.
May  5 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session closed for user root
May  5 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30505]: pam_unix(cron:session): session closed for user samftp
May  5 05:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30755]: Did not receive identification string from 8.219.222.66
May  5 05:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Invalid user  from 8.219.222.66
May  5 05:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: input_userauth_request: invalid user  [preauth]
May  5 05:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30777]: Connection closed by 8.219.222.66 port 20182 [preauth]
May  5 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29707]: pam_unix(cron:session): session closed for user root
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30905]: pam_unix(cron:session): session closed for user p13x
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30966]: Successful su for rubyman by root
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30966]: + ??? root:rubyman
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332089 of user rubyman.
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30966]: pam_unix(su:session): session closed for user rubyman
May  5 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332089.
May  5 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session closed for user root
May  5 05:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30906]: pam_unix(cron:session): session closed for user samftp
May  5 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30115]: pam_unix(cron:session): session closed for user root
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session closed for user root
May  5 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31311]: pam_unix(cron:session): session closed for user p13x
May  5 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31380]: Successful su for rubyman by root
May  5 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31380]: + ??? root:rubyman
May  5 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332095 of user rubyman.
May  5 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31380]: pam_unix(su:session): session closed for user rubyman
May  5 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332095.
May  5 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session closed for user root
May  5 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session closed for user root
May  5 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31312]: pam_unix(cron:session): session closed for user samftp
May  5 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30507]: pam_unix(cron:session): session closed for user root
May  5 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session closed for user p13x
May  5 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31818]: Successful su for rubyman by root
May  5 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31818]: + ??? root:rubyman
May  5 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332101 of user rubyman.
May  5 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31818]: pam_unix(su:session): session closed for user rubyman
May  5 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332101.
May  5 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29258]: pam_unix(cron:session): session closed for user root
May  5 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user samftp
May  5 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Invalid user centos from 143.110.176.215
May  5 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: input_userauth_request: invalid user centos [preauth]
May  5 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): check pass; user unknown
May  5 05:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 05:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Failed password for invalid user centos from 143.110.176.215 port 57148 ssh2
May  5 05:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Received disconnect from 143.110.176.215 port 57148:11: Bye Bye [preauth]
May  5 05:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32050]: Disconnected from 143.110.176.215 port 57148 [preauth]
May  5 05:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Failed password for root from 218.92.0.179 port 38093 ssh2
May  5 05:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 38093 ssh2]
May  5 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Received disconnect from 218.92.0.179 port 38093:11:  [preauth]
May  5 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Disconnected from 218.92.0.179 port 38093 [preauth]
May  5 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30908]: pam_unix(cron:session): session closed for user root
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32177]: pam_unix(cron:session): session closed for user p13x
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: Successful su for rubyman by root
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: + ??? root:rubyman
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332103 of user rubyman.
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32241]: pam_unix(su:session): session closed for user rubyman
May  5 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332103.
May  5 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29706]: pam_unix(cron:session): session closed for user root
May  5 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32178]: pam_unix(cron:session): session closed for user samftp
May  5 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 05:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Failed password for root from 157.245.88.137 port 53422 ssh2
May  5 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Received disconnect from 157.245.88.137 port 53422:11: Bye Bye [preauth]
May  5 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Disconnected from 157.245.88.137 port 53422 [preauth]
May  5 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user root
May  5 05:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 05:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for root from 218.92.0.210 port 53646 ssh2
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32582]: pam_unix(cron:session): session closed for user p13x
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: Successful su for rubyman by root
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: + ??? root:rubyman
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332109 of user rubyman.
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32743]: pam_unix(su:session): session closed for user rubyman
May  5 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332109.
May  5 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30114]: pam_unix(cron:session): session closed for user root
May  5 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32583]: pam_unix(cron:session): session closed for user samftp
May  5 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user root
May  5 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[647]: pam_unix(cron:session): session closed for user p13x
May  5 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[722]: Successful su for rubyman by root
May  5 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[722]: + ??? root:rubyman
May  5 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332112 of user rubyman.
May  5 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[722]: pam_unix(su:session): session closed for user rubyman
May  5 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332112.
May  5 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30506]: pam_unix(cron:session): session closed for user root
May  5 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 05:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Did not receive identification string from 196.251.114.29
May  5 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session closed for user samftp
May  5 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32181]: pam_unix(cron:session): session closed for user root
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1085]: pam_unix(cron:session): session closed for user root
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1092]: pam_unix(cron:session): session closed for user root
May  5 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1083]: pam_unix(cron:session): session closed for user p13x
May  5 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: Successful su for rubyman by root
May  5 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: + ??? root:rubyman
May  5 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332115 of user rubyman.
May  5 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1187]: pam_unix(su:session): session closed for user rubyman
May  5 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332115.
May  5 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1086]: pam_unix(cron:session): session closed for user root
May  5 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30907]: pam_unix(cron:session): session closed for user root
May  5 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1084]: pam_unix(cron:session): session closed for user samftp
May  5 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32586]: pam_unix(cron:session): session closed for user root
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session closed for user p13x
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1737]: Successful su for rubyman by root
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1737]: + ??? root:rubyman
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332123 of user rubyman.
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1737]: pam_unix(su:session): session closed for user rubyman
May  5 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332123.
May  5 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session closed for user root
May  5 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session closed for user samftp
May  5 06:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Invalid user fanslau from 120.48.162.75
May  5 06:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: input_userauth_request: invalid user fanslau [preauth]
May  5 06:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Failed password for invalid user fanslau from 120.48.162.75 port 48070 ssh2
May  5 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Received disconnect from 120.48.162.75 port 48070:11: Bye Bye [preauth]
May  5 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2076]: Disconnected from 120.48.162.75 port 48070 [preauth]
May  5 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session closed for user root
May  5 06:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Invalid user splunk from 157.245.88.137
May  5 06:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: input_userauth_request: invalid user splunk [preauth]
May  5 06:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Failed password for invalid user splunk from 157.245.88.137 port 55178 ssh2
May  5 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Received disconnect from 157.245.88.137 port 55178:11: Bye Bye [preauth]
May  5 06:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2147]: Disconnected from 157.245.88.137 port 55178 [preauth]
May  5 06:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Failed password for root from 218.92.0.179 port 44183 ssh2
May  5 06:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Failed password for root from 218.92.0.179 port 44183 ssh2
May  5 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session closed for user p13x
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Failed password for root from 218.92.0.179 port 44183 ssh2
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Received disconnect from 218.92.0.179 port 44183:11:  [preauth]
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: Disconnected from 218.92.0.179 port 44183 [preauth]
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2160]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2238]: Successful su for rubyman by root
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2238]: + ??? root:rubyman
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332126 of user rubyman.
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2238]: pam_unix(su:session): session closed for user rubyman
May  5 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332126.
May  5 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session closed for user root
May  5 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2172]: pam_unix(cron:session): session closed for user samftp
May  5 06:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Invalid user openlava from 120.48.162.75
May  5 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: input_userauth_request: invalid user openlava [preauth]
May  5 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Failed password for invalid user openlava from 120.48.162.75 port 56612 ssh2
May  5 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1090]: pam_unix(cron:session): session closed for user root
May  5 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Received disconnect from 120.48.162.75 port 56612:11: Bye Bye [preauth]
May  5 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Disconnected from 120.48.162.75 port 56612 [preauth]
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2605]: pam_unix(cron:session): session closed for user p13x
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2669]: Successful su for rubyman by root
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2669]: + ??? root:rubyman
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332130 of user rubyman.
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2669]: pam_unix(su:session): session closed for user rubyman
May  5 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332130.
May  5 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32179]: pam_unix(cron:session): session closed for user root
May  5 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2606]: pam_unix(cron:session): session closed for user samftp
May  5 06:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75  user=root
May  5 06:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session closed for user root
May  5 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Failed password for root from 120.48.162.75 port 36932 ssh2
May  5 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Received disconnect from 120.48.162.75 port 36932:11: Bye Bye [preauth]
May  5 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Disconnected from 120.48.162.75 port 36932 [preauth]
May  5 06:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 06:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Failed password for root from 46.244.96.25 port 52564 ssh2
May  5 06:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Connection closed by 46.244.96.25 port 52564 [preauth]
May  5 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3029]: pam_unix(cron:session): session closed for user p13x
May  5 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3089]: Successful su for rubyman by root
May  5 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3089]: + ??? root:rubyman
May  5 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332135 of user rubyman.
May  5 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3089]: pam_unix(su:session): session closed for user rubyman
May  5 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332135.
May  5 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32584]: pam_unix(cron:session): session closed for user root
May  5 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3030]: pam_unix(cron:session): session closed for user samftp
May  5 06:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: Received disconnect from 120.48.162.75 port 45474:11: Bye Bye [preauth]
May  5 06:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3314]: Disconnected from 120.48.162.75 port 45474 [preauth]
May  5 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2174]: pam_unix(cron:session): session closed for user root
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user root
May  5 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session closed for user p13x
May  5 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: Successful su for rubyman by root
May  5 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: + ??? root:rubyman
May  5 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332138 of user rubyman.
May  5 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session closed for user rubyman
May  5 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332138.
May  5 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session closed for user root
May  5 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session closed for user root
May  5 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session closed for user samftp
May  5 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2608]: pam_unix(cron:session): session closed for user root
May  5 06:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: Invalid user postgres from 143.110.176.215
May  5 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: input_userauth_request: invalid user postgres [preauth]
May  5 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: Failed password for invalid user postgres from 143.110.176.215 port 42328 ssh2
May  5 06:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: Received disconnect from 143.110.176.215 port 42328:11: Bye Bye [preauth]
May  5 06:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3895]: Disconnected from 143.110.176.215 port 42328 [preauth]
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user p13x
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: Successful su for rubyman by root
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: + ??? root:rubyman
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332145 of user rubyman.
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4020]: pam_unix(su:session): session closed for user rubyman
May  5 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332145.
May  5 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1087]: pam_unix(cron:session): session closed for user root
May  5 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session closed for user samftp
May  5 06:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75  user=root
May  5 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Failed password for root from 120.48.162.75 port 34318 ssh2
May  5 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Received disconnect from 120.48.162.75 port 34318:11: Bye Bye [preauth]
May  5 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4202]: Disconnected from 120.48.162.75 port 34318 [preauth]
May  5 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Invalid user csgo from 157.245.88.137
May  5 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: input_userauth_request: invalid user csgo [preauth]
May  5 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Failed password for invalid user csgo from 157.245.88.137 port 42698 ssh2
May  5 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Received disconnect from 157.245.88.137 port 42698:11: Bye Bye [preauth]
May  5 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4373]: Disconnected from 157.245.88.137 port 42698 [preauth]
May  5 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session closed for user root
May  5 06:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user p13x
May  5 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4585]: Successful su for rubyman by root
May  5 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4585]: + ??? root:rubyman
May  5 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332149 of user rubyman.
May  5 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4585]: pam_unix(su:session): session closed for user rubyman
May  5 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332149.
May  5 06:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session closed for user root
May  5 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session closed for user samftp
May  5 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Invalid user machine from 120.48.162.75
May  5 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: input_userauth_request: invalid user machine [preauth]
May  5 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Failed password for invalid user machine from 120.48.162.75 port 42854 ssh2
May  5 06:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Received disconnect from 120.48.162.75 port 42854:11: Bye Bye [preauth]
May  5 06:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Disconnected from 120.48.162.75 port 42854 [preauth]
May  5 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session closed for user root
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session closed for user p13x
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5184]: Successful su for rubyman by root
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5184]: + ??? root:rubyman
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332152 of user rubyman.
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5184]: pam_unix(su:session): session closed for user rubyman
May  5 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332152.
May  5 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2173]: pam_unix(cron:session): session closed for user root
May  5 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5354]: Did not receive identification string from 2.57.122.57
May  5 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4941]: pam_unix(cron:session): session closed for user samftp
May  5 06:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session closed for user root
May  5 06:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Invalid user yslee from 120.48.162.75
May  5 06:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: input_userauth_request: invalid user yslee [preauth]
May  5 06:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user yslee from 120.48.162.75 port 59928 ssh2
May  5 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Received disconnect from 120.48.162.75 port 59928:11: Bye Bye [preauth]
May  5 06:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Disconnected from 120.48.162.75 port 59928 [preauth]
May  5 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session closed for user p13x
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5720]: Successful su for rubyman by root
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5720]: + ??? root:rubyman
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332159 of user rubyman.
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5720]: pam_unix(su:session): session closed for user rubyman
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332159.
May  5 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session closed for user root
May  5 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2607]: pam_unix(cron:session): session closed for user root
May  5 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user samftp
May  5 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4521]: pam_unix(cron:session): session closed for user root
May  5 06:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75  user=root
May  5 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Failed password for root from 120.48.162.75 port 40230 ssh2
May  5 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Received disconnect from 120.48.162.75 port 40230:11: Bye Bye [preauth]
May  5 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Disconnected from 120.48.162.75 port 40230 [preauth]
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session closed for user root
May  5 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session closed for user p13x
May  5 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6272]: Successful su for rubyman by root
May  5 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6272]: + ??? root:rubyman
May  5 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332164 of user rubyman.
May  5 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6272]: pam_unix(su:session): session closed for user rubyman
May  5 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332164.
May  5 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session closed for user root
May  5 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3031]: pam_unix(cron:session): session closed for user root
May  5 06:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session closed for user samftp
May  5 06:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session closed for user root
May  5 06:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: Invalid user mythtv from 120.48.162.75
May  5 06:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: input_userauth_request: invalid user mythtv [preauth]
May  5 06:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: Failed password for invalid user mythtv from 120.48.162.75 port 48764 ssh2
May  5 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: Received disconnect from 120.48.162.75 port 48764:11: Bye Bye [preauth]
May  5 06:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6549]: Disconnected from 120.48.162.75 port 48764 [preauth]
May  5 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Invalid user eric from 176.31.162.135
May  5 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: input_userauth_request: invalid user eric [preauth]
May  5 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 06:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Failed password for invalid user eric from 176.31.162.135 port 46838 ssh2
May  5 06:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6620]: Connection closed by 176.31.162.135 port 46838 [preauth]
May  5 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6634]: pam_unix(cron:session): session closed for user p13x
May  5 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: Successful su for rubyman by root
May  5 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: + ??? root:rubyman
May  5 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332169 of user rubyman.
May  5 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6713]: pam_unix(su:session): session closed for user rubyman
May  5 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332169.
May  5 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user root
May  5 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6635]: pam_unix(cron:session): session closed for user samftp
May  5 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for root from 157.245.88.137 port 43600 ssh2
May  5 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Received disconnect from 157.245.88.137 port 43600:11: Bye Bye [preauth]
May  5 06:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Disconnected from 157.245.88.137 port 43600 [preauth]
May  5 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Invalid user nexus from 143.110.176.215
May  5 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: input_userauth_request: invalid user nexus [preauth]
May  5 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Failed password for invalid user nexus from 143.110.176.215 port 34416 ssh2
May  5 06:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Received disconnect from 143.110.176.215 port 34416:11: Bye Bye [preauth]
May  5 06:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Disconnected from 143.110.176.215 port 34416 [preauth]
May  5 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user root
May  5 06:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75  user=root
May  5 06:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: Failed password for root from 120.48.162.75 port 57300 ssh2
May  5 06:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: Received disconnect from 120.48.162.75 port 57300:11: Bye Bye [preauth]
May  5 06:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7056]: Disconnected from 120.48.162.75 port 57300 [preauth]
May  5 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7171]: pam_unix(cron:session): session closed for user p13x
May  5 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7237]: Successful su for rubyman by root
May  5 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7237]: + ??? root:rubyman
May  5 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332172 of user rubyman.
May  5 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7237]: pam_unix(su:session): session closed for user rubyman
May  5 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332172.
May  5 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session closed for user root
May  5 06:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7173]: pam_unix(cron:session): session closed for user samftp
May  5 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75  user=root
May  5 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Failed password for root from 120.48.162.75 port 37602 ssh2
May  5 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Received disconnect from 120.48.162.75 port 37602:11: Bye Bye [preauth]
May  5 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7445]: Disconnected from 120.48.162.75 port 37602 [preauth]
May  5 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session closed for user root
May  5 06:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: Invalid user ubuntu from 2.57.122.57
May  5 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: input_userauth_request: invalid user ubuntu [preauth]
May  5 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: Failed password for invalid user ubuntu from 2.57.122.57 port 57808 ssh2
May  5 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7642]: Connection closed by 2.57.122.57 port 57808 [preauth]
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session closed for user p13x
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: Successful su for rubyman by root
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: + ??? root:rubyman
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332176 of user rubyman.
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7744]: pam_unix(su:session): session closed for user rubyman
May  5 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332176.
May  5 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4520]: pam_unix(cron:session): session closed for user root
May  5 06:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session closed for user samftp
May  5 06:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Invalid user admin2 from 120.48.162.75
May  5 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: input_userauth_request: invalid user admin2 [preauth]
May  5 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Failed password for invalid user admin2 from 120.48.162.75 port 46136 ssh2
May  5 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Received disconnect from 120.48.162.75 port 46136:11: Bye Bye [preauth]
May  5 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7940]: Disconnected from 120.48.162.75 port 46136 [preauth]
May  5 06:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6638]: pam_unix(cron:session): session closed for user root
May  5 06:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Did not receive identification string from 193.32.162.136
May  5 06:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 06:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: Failed password for root from 218.92.0.211 port 18930 ssh2
May  5 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: Failed password for root from 218.92.0.211 port 18930 ssh2
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session closed for user p13x
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: Successful su for rubyman by root
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: + ??? root:rubyman
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332180 of user rubyman.
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8183]: pam_unix(su:session): session closed for user rubyman
May  5 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332180.
May  5 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: Failed password for root from 218.92.0.211 port 18930 ssh2
May  5 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4942]: pam_unix(cron:session): session closed for user root
May  5 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: Invalid user user1 from 120.48.162.75
May  5 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: input_userauth_request: invalid user user1 [preauth]
May  5 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75
May  5 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session closed for user samftp
May  5 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: Failed password for root from 218.92.0.211 port 18930 ssh2
May  5 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: Failed password for invalid user user1 from 120.48.162.75 port 54668 ssh2
May  5 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: Received disconnect from 120.48.162.75 port 54668:11: Bye Bye [preauth]
May  5 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8102]: Disconnected from 120.48.162.75 port 54668 [preauth]
May  5 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: Failed password for root from 218.92.0.211 port 18930 ssh2
May  5 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 18930 ssh2 [preauth]
May  5 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: Disconnecting: Too many authentication failures [preauth]
May  5 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 06:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8089]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7175]: pam_unix(cron:session): session closed for user root
May  5 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Received disconnect from 120.48.162.75 port 34970:11: Bye Bye [preauth]
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Disconnected from 120.48.162.75 port 34970 [preauth]
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user root
May  5 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8554]: pam_unix(cron:session): session closed for user p13x
May  5 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: Successful su for rubyman by root
May  5 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: + ??? root:rubyman
May  5 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332183 of user rubyman.
May  5 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: pam_unix(su:session): session closed for user rubyman
May  5 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332183.
May  5 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session closed for user root
May  5 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user root
May  5 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session closed for user samftp
May  5 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Invalid user vbox from 157.245.88.137
May  5 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: input_userauth_request: invalid user vbox [preauth]
May  5 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7680]: pam_unix(cron:session): session closed for user root
May  5 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Failed password for invalid user vbox from 157.245.88.137 port 48450 ssh2
May  5 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Received disconnect from 157.245.88.137 port 48450:11: Bye Bye [preauth]
May  5 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Disconnected from 157.245.88.137 port 48450 [preauth]
May  5 06:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.48.162.75  user=root
May  5 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: Failed password for root from 120.48.162.75 port 43514 ssh2
May  5 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: Received disconnect from 120.48.162.75 port 43514:11: Bye Bye [preauth]
May  5 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8977]: Disconnected from 120.48.162.75 port 43514 [preauth]
May  5 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9006]: pam_unix(cron:session): session closed for user p13x
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: Successful su for rubyman by root
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: + ??? root:rubyman
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332190 of user rubyman.
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9076]: pam_unix(su:session): session closed for user rubyman
May  5 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332190.
May  5 06:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user root
May  5 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9007]: pam_unix(cron:session): session closed for user samftp
May  5 06:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session closed for user root
May  5 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Invalid user user from 190.103.202.7
May  5 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: input_userauth_request: invalid user user [preauth]
May  5 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 06:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Failed password for invalid user user from 190.103.202.7 port 57796 ssh2
May  5 06:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9453]: Connection closed by 190.103.202.7 port 57796 [preauth]
May  5 06:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Invalid user shared from 143.110.176.215
May  5 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: input_userauth_request: invalid user shared [preauth]
May  5 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Failed password for invalid user shared from 143.110.176.215 port 58550 ssh2
May  5 06:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Received disconnect from 143.110.176.215 port 58550:11: Bye Bye [preauth]
May  5 06:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9516]: Disconnected from 143.110.176.215 port 58550 [preauth]
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9535]: pam_unix(cron:session): session closed for user root
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session closed for user p13x
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9597]: Successful su for rubyman by root
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9597]: + ??? root:rubyman
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332193 of user rubyman.
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9597]: pam_unix(su:session): session closed for user rubyman
May  5 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332193.
May  5 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6637]: pam_unix(cron:session): session closed for user root
May  5 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session closed for user samftp
May  5 06:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user root
May  5 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session closed for user p13x
May  5 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10006]: Successful su for rubyman by root
May  5 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10006]: + ??? root:rubyman
May  5 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332200 of user rubyman.
May  5 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10006]: pam_unix(su:session): session closed for user rubyman
May  5 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332200.
May  5 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7174]: pam_unix(cron:session): session closed for user root
May  5 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session closed for user samftp
May  5 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9009]: pam_unix(cron:session): session closed for user root
May  5 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10431]: pam_unix(cron:session): session closed for user p13x
May  5 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: Successful su for rubyman by root
May  5 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: + ??? root:rubyman
May  5 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332202 of user rubyman.
May  5 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10504]: pam_unix(su:session): session closed for user rubyman
May  5 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332202.
May  5 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7678]: pam_unix(cron:session): session closed for user root
May  5 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10439]: pam_unix(cron:session): session closed for user samftp
May  5 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Invalid user sol from 193.32.162.136
May  5 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: input_userauth_request: invalid user sol [preauth]
May  5 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.136
May  5 06:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Failed password for invalid user sol from 193.32.162.136 port 45472 ssh2
May  5 06:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Connection closed by 193.32.162.136 port 45472 [preauth]
May  5 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9540]: pam_unix(cron:session): session closed for user root
May  5 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Invalid user solana from 2.57.122.57
May  5 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: input_userauth_request: invalid user solana [preauth]
May  5 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Failed password for invalid user solana from 2.57.122.57 port 48332 ssh2
May  5 06:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Connection closed by 2.57.122.57 port 48332 [preauth]
May  5 06:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Invalid user teddi from 157.245.88.137
May  5 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: input_userauth_request: invalid user teddi [preauth]
May  5 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for invalid user teddi from 157.245.88.137 port 55238 ssh2
May  5 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Received disconnect from 157.245.88.137 port 55238:11: Bye Bye [preauth]
May  5 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Disconnected from 157.245.88.137 port 55238 [preauth]
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user root
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session closed for user p13x
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: Successful su for rubyman by root
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: + ??? root:rubyman
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332207 of user rubyman.
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10970]: pam_unix(su:session): session closed for user rubyman
May  5 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332207.
May  5 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user root
May  5 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session closed for user root
May  5 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user samftp
May  5 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9947]: pam_unix(cron:session): session closed for user root
May  5 06:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 06:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Failed password for root from 185.93.89.118 port 58018 ssh2
May  5 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Connection closed by 185.93.89.118 port 58018 [preauth]
May  5 06:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user p13x
May  5 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: Successful su for rubyman by root
May  5 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: + ??? root:rubyman
May  5 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332213 of user rubyman.
May  5 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session closed for user rubyman
May  5 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332213.
May  5 06:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for root from 185.93.89.118 port 14628 ssh2
May  5 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session closed for user root
May  5 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Connection closed by 185.93.89.118 port 14628 [preauth]
May  5 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session closed for user samftp
May  5 06:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Failed password for root from 185.93.89.118 port 44636 ssh2
May  5 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11577]: Connection closed by 185.93.89.118 port 44636 [preauth]
May  5 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10442]: pam_unix(cron:session): session closed for user root
May  5 06:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for root from 185.93.89.118 port 53028 ssh2
May  5 06:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Connection closed by 185.93.89.118 port 53028 [preauth]
May  5 06:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 06:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Failed password for root from 185.93.89.118 port 12496 ssh2
May  5 06:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11685]: Connection closed by 185.93.89.118 port 12496 [preauth]
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11745]: pam_unix(cron:session): session closed for user p13x
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11806]: Successful su for rubyman by root
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11806]: + ??? root:rubyman
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332218 of user rubyman.
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11806]: pam_unix(su:session): session closed for user rubyman
May  5 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332218.
May  5 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9008]: pam_unix(cron:session): session closed for user root
May  5 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11746]: pam_unix(cron:session): session closed for user samftp
May  5 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Invalid user chenkun from 143.110.176.215
May  5 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: input_userauth_request: invalid user chenkun [preauth]
May  5 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Failed password for invalid user chenkun from 143.110.176.215 port 60466 ssh2
May  5 06:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Received disconnect from 143.110.176.215 port 60466:11: Bye Bye [preauth]
May  5 06:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11993]: Disconnected from 143.110.176.215 port 60466 [preauth]
May  5 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session closed for user p13x
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12188]: Successful su for rubyman by root
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12188]: + ??? root:rubyman
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332220 of user rubyman.
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12188]: pam_unix(su:session): session closed for user rubyman
May  5 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332220.
May  5 06:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session closed for user root
May  5 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user samftp
May  5 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user root
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12536]: pam_unix(cron:session): session closed for user p13x
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12597]: Successful su for rubyman by root
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12597]: + ??? root:rubyman
May  5 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332226 of user rubyman.
May  5 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12597]: pam_unix(su:session): session closed for user rubyman
May  5 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332226.
May  5 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9946]: pam_unix(cron:session): session closed for user root
May  5 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session closed for user samftp
May  5 06:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Invalid user Mohammed from 80.94.95.241
May  5 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: input_userauth_request: invalid user Mohammed [preauth]
May  5 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 06:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user Mohammed from 80.94.95.241 port 52474 ssh2
May  5 06:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user Mohammed from 80.94.95.241 port 52474 ssh2
May  5 06:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user Mohammed from 80.94.95.241 port 52474 ssh2
May  5 06:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user Mohammed from 80.94.95.241 port 52474 ssh2
May  5 06:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Failed password for invalid user Mohammed from 80.94.95.241 port 52474 ssh2
May  5 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Received disconnect from 80.94.95.241 port 52474:11: Bye [preauth]
May  5 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: Disconnected from 80.94.95.241 port 52474 [preauth]
May  5 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12775]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 06:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: Invalid user db2inst1 from 157.245.88.137
May  5 06:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: input_userauth_request: invalid user db2inst1 [preauth]
May  5 06:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: Failed password for invalid user db2inst1 from 157.245.88.137 port 54916 ssh2
May  5 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11748]: pam_unix(cron:session): session closed for user root
May  5 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: Received disconnect from 157.245.88.137 port 54916:11: Bye Bye [preauth]
May  5 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12837]: Disconnected from 157.245.88.137 port 54916 [preauth]
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12929]: pam_unix(cron:session): session closed for user root
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session closed for user p13x
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13007]: Successful su for rubyman by root
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13007]: + ??? root:rubyman
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332228 of user rubyman.
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13007]: pam_unix(su:session): session closed for user rubyman
May  5 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332228.
May  5 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session closed for user root
May  5 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10440]: pam_unix(cron:session): session closed for user root
May  5 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12925]: pam_unix(cron:session): session closed for user samftp
May  5 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12132]: pam_unix(cron:session): session closed for user root
May  5 06:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Invalid user solana from 193.32.162.136
May  5 06:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: input_userauth_request: invalid user solana [preauth]
May  5 06:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.136
May  5 06:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Failed password for invalid user solana from 193.32.162.136 port 59588 ssh2
May  5 06:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13340]: Connection closed by 193.32.162.136 port 59588 [preauth]
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13390]: pam_unix(cron:session): session closed for user p13x
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13552]: Successful su for rubyman by root
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13552]: + ??? root:rubyman
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332235 of user rubyman.
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13552]: pam_unix(su:session): session closed for user rubyman
May  5 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332235.
May  5 06:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user root
May  5 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session closed for user samftp
May  5 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12539]: pam_unix(cron:session): session closed for user root
May  5 06:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Invalid user sol from 2.57.122.57
May  5 06:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: input_userauth_request: invalid user sol [preauth]
May  5 06:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Failed password for invalid user sol from 2.57.122.57 port 58600 ssh2
May  5 06:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13855]: Connection closed by 2.57.122.57 port 58600 [preauth]
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13907]: pam_unix(cron:session): session closed for user p13x
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: Successful su for rubyman by root
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: + ??? root:rubyman
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332242 of user rubyman.
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13969]: pam_unix(su:session): session closed for user rubyman
May  5 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332242.
May  5 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session closed for user root
May  5 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13908]: pam_unix(cron:session): session closed for user samftp
May  5 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: Failed password for root from 218.92.0.179 port 52193 ssh2
May  5 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52193 ssh2]
May  5 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: Received disconnect from 218.92.0.179 port 52193:11:  [preauth]
May  5 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: Disconnected from 218.92.0.179 port 52193 [preauth]
May  5 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14212]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Invalid user zookeeper from 143.110.176.215
May  5 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: input_userauth_request: invalid user zookeeper [preauth]
May  5 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12928]: pam_unix(cron:session): session closed for user root
May  5 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Failed password for invalid user zookeeper from 143.110.176.215 port 46912 ssh2
May  5 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Received disconnect from 143.110.176.215 port 46912:11: Bye Bye [preauth]
May  5 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14232]: Disconnected from 143.110.176.215 port 46912 [preauth]
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session closed for user p13x
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14376]: Successful su for rubyman by root
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14376]: + ??? root:rubyman
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332243 of user rubyman.
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14376]: pam_unix(su:session): session closed for user rubyman
May  5 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332243.
May  5 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11747]: pam_unix(cron:session): session closed for user root
May  5 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session closed for user samftp
May  5 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13393]: pam_unix(cron:session): session closed for user root
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session closed for user p13x
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14778]: Successful su for rubyman by root
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14778]: + ??? root:rubyman
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332247 of user rubyman.
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14778]: pam_unix(su:session): session closed for user rubyman
May  5 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332247.
May  5 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user root
May  5 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user samftp
May  5 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Failed password for root from 157.245.88.137 port 55212 ssh2
May  5 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Received disconnect from 157.245.88.137 port 55212:11: Bye Bye [preauth]
May  5 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Disconnected from 157.245.88.137 port 55212 [preauth]
May  5 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session closed for user root
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user root
May  5 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15125]: pam_unix(cron:session): session closed for user p13x
May  5 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: Successful su for rubyman by root
May  5 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: + ??? root:rubyman
May  5 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332253 of user rubyman.
May  5 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15190]: pam_unix(su:session): session closed for user rubyman
May  5 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332253.
May  5 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user root
May  5 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session closed for user root
May  5 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15126]: pam_unix(cron:session): session closed for user samftp
May  5 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user root
May  5 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Invalid user admin from 80.94.95.112
May  5 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: input_userauth_request: invalid user admin [preauth]
May  5 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for invalid user admin from 80.94.95.112 port 20727 ssh2
May  5 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for invalid user admin from 80.94.95.112 port 20727 ssh2
May  5 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for invalid user admin from 80.94.95.112 port 20727 ssh2
May  5 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for invalid user admin from 80.94.95.112 port 20727 ssh2
May  5 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session closed for user p13x
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: Successful su for rubyman by root
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: + ??? root:rubyman
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332257 of user rubyman.
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15613]: pam_unix(su:session): session closed for user rubyman
May  5 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332257.
May  5 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for invalid user admin from 80.94.95.112 port 20727 ssh2
May  5 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Received disconnect from 80.94.95.112 port 20727:11: Bye [preauth]
May  5 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Disconnected from 80.94.95.112 port 20727 [preauth]
May  5 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session closed for user root
May  5 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session closed for user samftp
May  5 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14721]: pam_unix(cron:session): session closed for user root
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session closed for user p13x
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: Successful su for rubyman by root
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: + ??? root:rubyman
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332262 of user rubyman.
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16004]: pam_unix(su:session): session closed for user rubyman
May  5 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332262.
May  5 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session closed for user root
May  5 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15947]: pam_unix(cron:session): session closed for user samftp
May  5 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user root
May  5 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 218.92.0.179 port 16940 ssh2
May  5 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 218.92.0.179 port 16940 ssh2
May  5 06:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Failed password for root from 218.92.0.179 port 16940 ssh2
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Invalid user wsj from 143.110.176.215
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: input_userauth_request: invalid user wsj [preauth]
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Received disconnect from 218.92.0.179 port 16940:11:  [preauth]
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: Disconnected from 218.92.0.179 port 16940 [preauth]
May  5 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16303]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for invalid user wsj from 143.110.176.215 port 41400 ssh2
May  5 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Received disconnect from 143.110.176.215 port 41400:11: Bye Bye [preauth]
May  5 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Disconnected from 143.110.176.215 port 41400 [preauth]
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16332]: pam_unix(cron:session): session closed for user p13x
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: Successful su for rubyman by root
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: + ??? root:rubyman
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332266 of user rubyman.
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16389]: pam_unix(su:session): session closed for user rubyman
May  5 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332266.
May  5 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Bad protocol version identification 'GET / HTTP/1.1' from 65.49.20.66 port 14484
May  5 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13909]: pam_unix(cron:session): session closed for user root
May  5 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16333]: pam_unix(cron:session): session closed for user samftp
May  5 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: Invalid user dspace from 164.68.105.9
May  5 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: input_userauth_request: invalid user dspace [preauth]
May  5 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: Failed password for invalid user dspace from 164.68.105.9 port 39266 ssh2
May  5 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16662]: Connection closed by 164.68.105.9 port 39266 [preauth]
May  5 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user root
May  5 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Failed password for root from 157.245.88.137 port 37442 ssh2
May  5 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Received disconnect from 157.245.88.137 port 37442:11: Bye Bye [preauth]
May  5 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16706]: Disconnected from 157.245.88.137 port 37442 [preauth]
May  5 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Invalid user sol from 2.57.122.57
May  5 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: input_userauth_request: invalid user sol [preauth]
May  5 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Failed password for invalid user sol from 2.57.122.57 port 35308 ssh2
May  5 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16736]: Connection closed by 2.57.122.57 port 35308 [preauth]
May  5 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user p13x
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: Successful su for rubyman by root
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: + ??? root:rubyman
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332270 of user rubyman.
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: pam_unix(su:session): session closed for user rubyman
May  5 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332270.
May  5 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session closed for user root
May  5 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user samftp
May  5 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15949]: pam_unix(cron:session): session closed for user root
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user root
May  5 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17206]: pam_unix(cron:session): session closed for user p13x
May  5 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: Successful su for rubyman by root
May  5 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: + ??? root:rubyman
May  5 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332275 of user rubyman.
May  5 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17285]: pam_unix(su:session): session closed for user rubyman
May  5 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332275.
May  5 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17208]: pam_unix(cron:session): session closed for user root
May  5 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14720]: pam_unix(cron:session): session closed for user root
May  5 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17207]: pam_unix(cron:session): session closed for user samftp
May  5 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16335]: pam_unix(cron:session): session closed for user root
May  5 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session closed for user root
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session closed for user p13x
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: Successful su for rubyman by root
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: + ??? root:rubyman
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332280 of user rubyman.
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18041]: pam_unix(su:session): session closed for user rubyman
May  5 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332280.
May  5 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session closed for user root
May  5 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17967]: pam_unix(cron:session): session closed for user samftp
May  5 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session closed for user root
May  5 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session closed for user p13x
May  5 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18456]: Successful su for rubyman by root
May  5 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18456]: + ??? root:rubyman
May  5 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332283 of user rubyman.
May  5 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18456]: pam_unix(su:session): session closed for user rubyman
May  5 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332283.
May  5 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user root
May  5 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18388]: pam_unix(cron:session): session closed for user samftp
May  5 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17211]: pam_unix(cron:session): session closed for user root
May  5 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Invalid user liwp from 206.189.62.213
May  5 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: input_userauth_request: invalid user liwp [preauth]
May  5 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Failed password for invalid user liwp from 206.189.62.213 port 35998 ssh2
May  5 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Received disconnect from 206.189.62.213 port 35998:11: Bye Bye [preauth]
May  5 06:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18784]: Disconnected from 206.189.62.213 port 35998 [preauth]
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18799]: pam_unix(cron:session): session closed for user p13x
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18861]: Successful su for rubyman by root
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18861]: + ??? root:rubyman
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332290 of user rubyman.
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18861]: pam_unix(su:session): session closed for user rubyman
May  5 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332290.
May  5 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: Invalid user lili from 157.245.88.137
May  5 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: input_userauth_request: invalid user lili [preauth]
May  5 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user root
May  5 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: Failed password for invalid user lili from 157.245.88.137 port 37328 ssh2
May  5 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: Received disconnect from 157.245.88.137 port 37328:11: Bye Bye [preauth]
May  5 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18940]: Disconnected from 157.245.88.137 port 37328 [preauth]
May  5 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18800]: pam_unix(cron:session): session closed for user samftp
May  5 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: Invalid user kernel from 143.110.176.215
May  5 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: input_userauth_request: invalid user kernel [preauth]
May  5 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: Failed password for invalid user kernel from 143.110.176.215 port 46706 ssh2
May  5 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: Received disconnect from 143.110.176.215 port 46706:11: Bye Bye [preauth]
May  5 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19086]: Disconnected from 143.110.176.215 port 46706 [preauth]
May  5 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session closed for user root
May  5 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19212]: pam_unix(cron:session): session closed for user p13x
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19336]: Successful su for rubyman by root
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19336]: + ??? root:rubyman
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332291 of user rubyman.
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19336]: pam_unix(su:session): session closed for user rubyman
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332291.
May  5 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19209]: pam_unix(cron:session): session closed for user root
May  5 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16334]: pam_unix(cron:session): session closed for user root
May  5 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19213]: pam_unix(cron:session): session closed for user samftp
May  5 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session closed for user root
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19728]: pam_unix(cron:session): session closed for user root
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user p13x
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: Successful su for rubyman by root
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: + ??? root:rubyman
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332298 of user rubyman.
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: pam_unix(su:session): session closed for user rubyman
May  5 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332298.
May  5 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user root
May  5 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session closed for user root
May  5 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user samftp
May  5 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18802]: pam_unix(cron:session): session closed for user root
May  5 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Invalid user sol from 2.57.122.57
May  5 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: input_userauth_request: invalid user sol [preauth]
May  5 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for root from 218.92.0.179 port 20967 ssh2
May  5 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Failed password for invalid user sol from 2.57.122.57 port 53686 ssh2
May  5 06:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20121]: Connection closed by 2.57.122.57 port 53686 [preauth]
May  5 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for root from 218.92.0.179 port 20967 ssh2
May  5 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Failed password for root from 218.92.0.179 port 20967 ssh2
May  5 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Received disconnect from 218.92.0.179 port 20967:11:  [preauth]
May  5 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: Disconnected from 218.92.0.179 port 20967 [preauth]
May  5 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20110]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session closed for user p13x
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: Successful su for rubyman by root
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: + ??? root:rubyman
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332302 of user rubyman.
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: pam_unix(su:session): session closed for user rubyman
May  5 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332302.
May  5 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17209]: pam_unix(cron:session): session closed for user root
May  5 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20164]: pam_unix(cron:session): session closed for user samftp
May  5 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19215]: pam_unix(cron:session): session closed for user root
May  5 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Did not receive identification string from 104.236.145.10
May  5 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20571]: pam_unix(cron:session): session closed for user p13x
May  5 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20631]: Successful su for rubyman by root
May  5 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20631]: + ??? root:rubyman
May  5 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332306 of user rubyman.
May  5 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20631]: pam_unix(su:session): session closed for user rubyman
May  5 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332306.
May  5 06:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session closed for user root
May  5 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20572]: pam_unix(cron:session): session closed for user samftp
May  5 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19727]: pam_unix(cron:session): session closed for user root
May  5 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Failed password for root from 157.245.88.137 port 56682 ssh2
May  5 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Received disconnect from 157.245.88.137 port 56682:11: Bye Bye [preauth]
May  5 06:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20933]: Disconnected from 157.245.88.137 port 56682 [preauth]
May  5 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session closed for user p13x
May  5 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: Successful su for rubyman by root
May  5 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: + ??? root:rubyman
May  5 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332310 of user rubyman.
May  5 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session closed for user rubyman
May  5 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332310.
May  5 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18389]: pam_unix(cron:session): session closed for user root
May  5 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session closed for user samftp
May  5 06:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Invalid user gpu from 143.110.176.215
May  5 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: input_userauth_request: invalid user gpu [preauth]
May  5 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20166]: pam_unix(cron:session): session closed for user root
May  5 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Failed password for invalid user gpu from 143.110.176.215 port 45752 ssh2
May  5 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Received disconnect from 143.110.176.215 port 45752:11: Bye Bye [preauth]
May  5 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Disconnected from 143.110.176.215 port 45752 [preauth]
May  5 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21398]: Invalid user admin from 139.19.117.131
May  5 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21398]: input_userauth_request: invalid user admin [preauth]
May  5 06:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21398]: Connection closed by 139.19.117.131 port 41460 [preauth]
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user p13x
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: Successful su for rubyman by root
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: + ??? root:rubyman
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332315 of user rubyman.
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: pam_unix(su:session): session closed for user rubyman
May  5 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332315.
May  5 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18801]: pam_unix(cron:session): session closed for user root
May  5 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session closed for user samftp
May  5 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20574]: pam_unix(cron:session): session closed for user root
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session closed for user root
May  5 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22145]: pam_unix(cron:session): session closed for user p13x
May  5 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: Successful su for rubyman by root
May  5 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: + ??? root:rubyman
May  5 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332322 of user rubyman.
May  5 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: pam_unix(su:session): session closed for user rubyman
May  5 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332322.
May  5 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session closed for user root
May  5 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19214]: pam_unix(cron:session): session closed for user root
May  5 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session closed for user samftp
May  5 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session closed for user root
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session closed for user p13x
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: Successful su for rubyman by root
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: + ??? root:rubyman
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332324 of user rubyman.
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: pam_unix(su:session): session closed for user rubyman
May  5 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332324.
May  5 06:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session closed for user root
May  5 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session closed for user samftp
May  5 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session closed for user root
May  5 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213  user=root
May  5 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Failed password for root from 206.189.62.213 port 46806 ssh2
May  5 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Received disconnect from 206.189.62.213 port 46806:11: Bye Bye [preauth]
May  5 06:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Disconnected from 206.189.62.213 port 46806 [preauth]
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23104]: pam_unix(cron:session): session closed for user p13x
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23170]: Successful su for rubyman by root
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23170]: + ??? root:rubyman
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332328 of user rubyman.
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23170]: pam_unix(su:session): session closed for user rubyman
May  5 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332328.
May  5 06:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session closed for user root
May  5 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23106]: pam_unix(cron:session): session closed for user samftp
May  5 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Invalid user fmaster from 157.245.88.137
May  5 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: input_userauth_request: invalid user fmaster [preauth]
May  5 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Failed password for invalid user fmaster from 157.245.88.137 port 49552 ssh2
May  5 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Received disconnect from 157.245.88.137 port 49552:11: Bye Bye [preauth]
May  5 06:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23488]: Disconnected from 157.245.88.137 port 49552 [preauth]
May  5 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user root
May  5 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Invalid user solana from 2.57.122.57
May  5 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: input_userauth_request: invalid user solana [preauth]
May  5 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Failed password for invalid user solana from 2.57.122.57 port 37642 ssh2
May  5 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Connection closed by 2.57.122.57 port 37642 [preauth]
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23623]: pam_unix(cron:session): session closed for user p13x
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: Successful su for rubyman by root
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: + ??? root:rubyman
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332334 of user rubyman.
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23684]: pam_unix(su:session): session closed for user rubyman
May  5 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332334.
May  5 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20573]: pam_unix(cron:session): session closed for user root
May  5 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23624]: pam_unix(cron:session): session closed for user samftp
May  5 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session closed for user root
May  5 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Invalid user zhouwei from 143.110.176.215
May  5 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: input_userauth_request: invalid user zhouwei [preauth]
May  5 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Failed password for invalid user zhouwei from 143.110.176.215 port 35010 ssh2
May  5 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Received disconnect from 143.110.176.215 port 35010:11: Bye Bye [preauth]
May  5 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Disconnected from 143.110.176.215 port 35010 [preauth]
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24142]: pam_unix(cron:session): session closed for user p13x
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24216]: Successful su for rubyman by root
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24216]: + ??? root:rubyman
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332336 of user rubyman.
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24216]: pam_unix(su:session): session closed for user rubyman
May  5 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332336.
May  5 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session closed for user root
May  5 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24144]: pam_unix(cron:session): session closed for user samftp
May  5 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23108]: pam_unix(cron:session): session closed for user root
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session closed for user root
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24583]: pam_unix(cron:session): session closed for user p13x
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24663]: Successful su for rubyman by root
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24663]: + ??? root:rubyman
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332343 of user rubyman.
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24663]: pam_unix(su:session): session closed for user rubyman
May  5 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332343.
May  5 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user root
May  5 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session closed for user root
May  5 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24584]: pam_unix(cron:session): session closed for user samftp
May  5 06:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session closed for user root
May  5 06:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Invalid user byte from 206.189.62.213
May  5 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: input_userauth_request: invalid user byte [preauth]
May  5 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Failed password for invalid user byte from 206.189.62.213 port 33148 ssh2
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Received disconnect from 206.189.62.213 port 33148:11: Bye Bye [preauth]
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25029]: Disconnected from 206.189.62.213 port 33148 [preauth]
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25040]: pam_unix(cron:session): session closed for user p13x
May  5 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: Successful su for rubyman by root
May  5 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: + ??? root:rubyman
May  5 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332347 of user rubyman.
May  5 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: pam_unix(su:session): session closed for user rubyman
May  5 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332347.
May  5 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user root
May  5 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25041]: pam_unix(cron:session): session closed for user samftp
May  5 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  5 06:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25300]: Failed password for root from 218.92.0.252 port 28910 ssh2
May  5 06:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24147]: pam_unix(cron:session): session closed for user root
May  5 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: Invalid user jack from 157.245.88.137
May  5 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: input_userauth_request: invalid user jack [preauth]
May  5 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: Failed password for invalid user jack from 157.245.88.137 port 58856 ssh2
May  5 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: Received disconnect from 157.245.88.137 port 58856:11: Bye Bye [preauth]
May  5 06:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25427]: Disconnected from 157.245.88.137 port 58856 [preauth]
May  5 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25455]: pam_unix(cron:session): session closed for user p13x
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: Successful su for rubyman by root
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: + ??? root:rubyman
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332350 of user rubyman.
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25516]: pam_unix(su:session): session closed for user rubyman
May  5 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332350.
May  5 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session closed for user root
May  5 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25456]: pam_unix(cron:session): session closed for user samftp
May  5 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session closed for user root
May  5 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 06:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25793]: Failed password for root from 218.92.0.212 port 9578 ssh2
May  5 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Failed password for root from 218.92.0.212 port 29646 ssh2
May  5 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25860]: pam_unix(cron:session): session closed for user p13x
May  5 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25927]: Successful su for rubyman by root
May  5 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25927]: + ??? root:rubyman
May  5 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332355 of user rubyman.
May  5 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25927]: pam_unix(su:session): session closed for user rubyman
May  5 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332355.
May  5 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23107]: pam_unix(cron:session): session closed for user root
May  5 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25861]: pam_unix(cron:session): session closed for user samftp
May  5 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: Invalid user shiny from 46.244.96.25
May  5 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: input_userauth_request: invalid user shiny [preauth]
May  5 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 06:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Connection closed by 46.244.96.25 port 36796 [preauth]
May  5 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: Failed password for invalid user shiny from 46.244.96.25 port 36806 ssh2
May  5 06:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26117]: Connection closed by 46.244.96.25 port 36806 [preauth]
May  5 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25043]: pam_unix(cron:session): session closed for user root
May  5 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26264]: pam_unix(cron:session): session closed for user p13x
May  5 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: Successful su for rubyman by root
May  5 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: + ??? root:rubyman
May  5 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332360 of user rubyman.
May  5 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: pam_unix(su:session): session closed for user rubyman
May  5 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332360.
May  5 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23625]: pam_unix(cron:session): session closed for user root
May  5 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26265]: pam_unix(cron:session): session closed for user samftp
May  5 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Failed password for root from 218.92.0.179 port 22195 ssh2
May  5 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Invalid user dell from 143.110.176.215
May  5 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: input_userauth_request: invalid user dell [preauth]
May  5 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Failed password for root from 218.92.0.179 port 22195 ssh2
May  5 06:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Failed password for invalid user dell from 143.110.176.215 port 45056 ssh2
May  5 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Received disconnect from 143.110.176.215 port 45056:11: Bye Bye [preauth]
May  5 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Disconnected from 143.110.176.215 port 45056 [preauth]
May  5 06:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Failed password for root from 218.92.0.179 port 22195 ssh2
May  5 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Received disconnect from 218.92.0.179 port 22195:11:  [preauth]
May  5 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Disconnected from 218.92.0.179 port 22195 [preauth]
May  5 06:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25458]: pam_unix(cron:session): session closed for user root
May  5 06:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Invalid user validator from 2.57.122.57
May  5 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: input_userauth_request: invalid user validator [preauth]
May  5 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Failed password for invalid user validator from 2.57.122.57 port 48096 ssh2
May  5 06:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26692]: Connection closed by 2.57.122.57 port 48096 [preauth]
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26753]: pam_unix(cron:session): session closed for user root
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session closed for user p13x
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: Successful su for rubyman by root
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: + ??? root:rubyman
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332366 of user rubyman.
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: pam_unix(su:session): session closed for user rubyman
May  5 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332366.
May  5 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session closed for user root
May  5 06:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24146]: pam_unix(cron:session): session closed for user root
May  5 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session closed for user samftp
May  5 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Invalid user developer from 206.189.62.213
May  5 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: input_userauth_request: invalid user developer [preauth]
May  5 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Failed password for invalid user developer from 206.189.62.213 port 33358 ssh2
May  5 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Received disconnect from 206.189.62.213 port 33358:11: Bye Bye [preauth]
May  5 06:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27122]: Disconnected from 206.189.62.213 port 33358 [preauth]
May  5 06:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25863]: pam_unix(cron:session): session closed for user root
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27250]: pam_unix(cron:session): session closed for user p13x
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: Successful su for rubyman by root
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: + ??? root:rubyman
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332368 of user rubyman.
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27323]: pam_unix(su:session): session closed for user rubyman
May  5 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332368.
May  5 06:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session closed for user root
May  5 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27251]: pam_unix(cron:session): session closed for user samftp
May  5 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: Failed password for root from 157.245.88.137 port 34820 ssh2
May  5 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: Received disconnect from 157.245.88.137 port 34820:11: Bye Bye [preauth]
May  5 06:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27591]: Disconnected from 157.245.88.137 port 34820 [preauth]
May  5 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26267]: pam_unix(cron:session): session closed for user root
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session closed for user p13x
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: Successful su for rubyman by root
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: + ??? root:rubyman
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332372 of user rubyman.
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27779]: pam_unix(su:session): session closed for user rubyman
May  5 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332372.
May  5 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session closed for user root
May  5 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27719]: pam_unix(cron:session): session closed for user samftp
May  5 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26752]: pam_unix(cron:session): session closed for user root
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user p13x
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: Successful su for rubyman by root
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: + ??? root:rubyman
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332377 of user rubyman.
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session closed for user rubyman
May  5 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332377.
May  5 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25457]: pam_unix(cron:session): session closed for user root
May  5 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session closed for user samftp
May  5 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27253]: pam_unix(cron:session): session closed for user root
May  5 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Did not receive identification string from 193.32.162.139
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28514]: pam_unix(cron:session): session closed for user p13x
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28573]: Successful su for rubyman by root
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28573]: + ??? root:rubyman
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332382 of user rubyman.
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28573]: pam_unix(su:session): session closed for user rubyman
May  5 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332382.
May  5 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25862]: pam_unix(cron:session): session closed for user root
May  5 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session closed for user samftp
May  5 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Invalid user sonic from 206.189.62.213
May  5 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: input_userauth_request: invalid user sonic [preauth]
May  5 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 06:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Failed password for invalid user sonic from 206.189.62.213 port 49106 ssh2
May  5 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Received disconnect from 206.189.62.213 port 49106:11: Bye Bye [preauth]
May  5 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Disconnected from 206.189.62.213 port 49106 [preauth]
May  5 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Failed password for root from 218.92.0.179 port 47626 ssh2
May  5 06:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Failed password for root from 218.92.0.179 port 47626 ssh2
May  5 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27721]: pam_unix(cron:session): session closed for user root
May  5 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Failed password for root from 218.92.0.179 port 47626 ssh2
May  5 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Received disconnect from 218.92.0.179 port 47626:11:  [preauth]
May  5 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Disconnected from 218.92.0.179 port 47626 [preauth]
May  5 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Invalid user lisi from 143.110.176.215
May  5 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: input_userauth_request: invalid user lisi [preauth]
May  5 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: pam_unix(sshd:auth): check pass; user unknown
May  5 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Failed password for invalid user lisi from 143.110.176.215 port 56174 ssh2
May  5 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Received disconnect from 143.110.176.215 port 56174:11: Bye Bye [preauth]
May  5 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Disconnected from 143.110.176.215 port 56174 [preauth]
May  5 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28933]: pam_unix(cron:session): session closed for user root
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28937]: pam_unix(cron:session): session closed for user root
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session closed for user p13x
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: Successful su for rubyman by root
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: + ??? root:rubyman
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332388 of user rubyman.
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session closed for user rubyman
May  5 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332388.
May  5 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Failed password for root from 80.94.95.125 port 10513 ssh2
May  5 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26266]: pam_unix(cron:session): session closed for user root
May  5 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28934]: pam_unix(cron:session): session closed for user root
May  5 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Failed password for root from 80.94.95.125 port 10513 ssh2
May  5 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Failed password for root from 80.94.95.125 port 10513 ssh2
May  5 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28932]: pam_unix(cron:session): session closed for user samftp
May  5 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Failed password for root from 80.94.95.125 port 10513 ssh2
May  5 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Failed password for root from 80.94.95.125 port 10513 ssh2
May  5 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Received disconnect from 80.94.95.125 port 10513:11: Bye [preauth]
May  5 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Disconnected from 80.94.95.125 port 10513 [preauth]
May  5 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28119]: pam_unix(cron:session): session closed for user root
May  5 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Invalid user ladyaspb from 157.245.88.137
May  5 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: input_userauth_request: invalid user ladyaspb [preauth]
May  5 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Failed password for invalid user ladyaspb from 157.245.88.137 port 60278 ssh2
May  5 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Received disconnect from 157.245.88.137 port 60278:11: Bye Bye [preauth]
May  5 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Disconnected from 157.245.88.137 port 60278 [preauth]
May  5 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29538]: pam_unix(cron:session): session closed for user p13x
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29607]: Successful su for rubyman by root
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29607]: + ??? root:rubyman
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332391 of user rubyman.
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29607]: pam_unix(su:session): session closed for user rubyman
May  5 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332391.
May  5 07:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26751]: pam_unix(cron:session): session closed for user root
May  5 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29539]: pam_unix(cron:session): session closed for user samftp
May  5 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user root
May  5 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Invalid user validator from 2.57.122.57
May  5 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: input_userauth_request: invalid user validator [preauth]
May  5 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Failed password for invalid user validator from 2.57.122.57 port 34226 ssh2
May  5 07:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Connection closed by 2.57.122.57 port 34226 [preauth]
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session closed for user p13x
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: Successful su for rubyman by root
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: + ??? root:rubyman
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332397 of user rubyman.
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30013]: pam_unix(su:session): session closed for user rubyman
May  5 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332397.
May  5 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27252]: pam_unix(cron:session): session closed for user root
May  5 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user samftp
May  5 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28936]: pam_unix(cron:session): session closed for user root
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session closed for user p13x
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30409]: Successful su for rubyman by root
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30409]: + ??? root:rubyman
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332402 of user rubyman.
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30409]: pam_unix(su:session): session closed for user rubyman
May  5 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332402.
May  5 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27720]: pam_unix(cron:session): session closed for user root
May  5 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session closed for user samftp
May  5 07:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Failed password for root from 218.92.0.179 port 55556 ssh2
May  5 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29541]: pam_unix(cron:session): session closed for user root
May  5 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Failed password for root from 218.92.0.179 port 55556 ssh2
May  5 07:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Invalid user kdcproxy from 206.189.62.213
May  5 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: input_userauth_request: invalid user kdcproxy [preauth]
May  5 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Failed password for root from 218.92.0.179 port 55556 ssh2
May  5 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Failed password for invalid user kdcproxy from 206.189.62.213 port 53958 ssh2
May  5 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Received disconnect from 206.189.62.213 port 53958:11: Bye Bye [preauth]
May  5 07:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Disconnected from 206.189.62.213 port 53958 [preauth]
May  5 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Received disconnect from 218.92.0.179 port 55556:11:  [preauth]
May  5 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Disconnected from 218.92.0.179 port 55556 [preauth]
May  5 07:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30741]: pam_unix(cron:session): session closed for user p13x
May  5 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: Successful su for rubyman by root
May  5 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: + ??? root:rubyman
May  5 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332404 of user rubyman.
May  5 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30799]: pam_unix(su:session): session closed for user rubyman
May  5 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332404.
May  5 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session closed for user root
May  5 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30742]: pam_unix(cron:session): session closed for user samftp
May  5 07:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session closed for user root
May  5 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Invalid user recruit from 176.31.162.135
May  5 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: input_userauth_request: invalid user recruit [preauth]
May  5 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Failed password for invalid user recruit from 176.31.162.135 port 56222 ssh2
May  5 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31099]: Connection closed by 176.31.162.135 port 56222 [preauth]
May  5 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: Invalid user test from 143.110.176.215
May  5 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: input_userauth_request: invalid user test [preauth]
May  5 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: Failed password for invalid user test from 143.110.176.215 port 56376 ssh2
May  5 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: Received disconnect from 143.110.176.215 port 56376:11: Bye Bye [preauth]
May  5 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31122]: Disconnected from 143.110.176.215 port 56376 [preauth]
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31152]: pam_unix(cron:session): session closed for user root
May  5 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session closed for user p13x
May  5 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31218]: Successful su for rubyman by root
May  5 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31218]: + ??? root:rubyman
May  5 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332408 of user rubyman.
May  5 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31218]: pam_unix(su:session): session closed for user rubyman
May  5 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332408.
May  5 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user root
May  5 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31149]: pam_unix(cron:session): session closed for user root
May  5 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31148]: pam_unix(cron:session): session closed for user samftp
May  5 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31454]: Failed password for root from 157.245.88.137 port 56942 ssh2
May  5 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31454]: Received disconnect from 157.245.88.137 port 56942:11: Bye Bye [preauth]
May  5 07:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31454]: Disconnected from 157.245.88.137 port 56942 [preauth]
May  5 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session closed for user root
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session closed for user p13x
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31657]: Successful su for rubyman by root
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31657]: + ??? root:rubyman
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332414 of user rubyman.
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31657]: pam_unix(su:session): session closed for user rubyman
May  5 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332414.
May  5 07:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28935]: pam_unix(cron:session): session closed for user root
May  5 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31584]: pam_unix(cron:session): session closed for user samftp
May  5 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session closed for user root
May  5 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32015]: pam_unix(cron:session): session closed for user p13x
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32076]: Successful su for rubyman by root
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32076]: + ??? root:rubyman
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332418 of user rubyman.
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32076]: pam_unix(su:session): session closed for user rubyman
May  5 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332418.
May  5 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29540]: pam_unix(cron:session): session closed for user root
May  5 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32016]: pam_unix(cron:session): session closed for user samftp
May  5 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31151]: pam_unix(cron:session): session closed for user root
May  5 07:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: User bin from 206.189.62.213 not allowed because not listed in AllowUsers
May  5 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: input_userauth_request: invalid user bin [preauth]
May  5 07:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213  user=bin
May  5 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: Failed password for invalid user bin from 206.189.62.213 port 56454 ssh2
May  5 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: Received disconnect from 206.189.62.213 port 56454:11: Bye Bye [preauth]
May  5 07:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32393]: Disconnected from 206.189.62.213 port 56454 [preauth]
May  5 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session closed for user p13x
May  5 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: Successful su for rubyman by root
May  5 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: + ??? root:rubyman
May  5 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332421 of user rubyman.
May  5 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32477]: pam_unix(su:session): session closed for user rubyman
May  5 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332421.
May  5 07:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user root
May  5 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session closed for user samftp
May  5 07:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Invalid user solv from 2.57.122.57
May  5 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: input_userauth_request: invalid user solv [preauth]
May  5 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31586]: pam_unix(cron:session): session closed for user root
May  5 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Failed password for invalid user solv from 2.57.122.57 port 42152 ssh2
May  5 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[370]: Connection closed by 2.57.122.57 port 42152 [preauth]
May  5 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session closed for user p13x
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[601]: Successful su for rubyman by root
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[601]: + ??? root:rubyman
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332427 of user rubyman.
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[601]: pam_unix(su:session): session closed for user rubyman
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332427.
May  5 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session closed for user root
May  5 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session closed for user root
May  5 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[487]: pam_unix(cron:session): session closed for user samftp
May  5 07:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32019]: pam_unix(cron:session): session closed for user root
May  5 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Failed password for root from 185.93.89.118 port 29654 ssh2
May  5 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[908]: Connection closed by 185.93.89.118 port 29654 [preauth]
May  5 07:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: Invalid user L from 195.178.110.50
May  5 07:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: input_userauth_request: invalid user L [preauth]
May  5 07:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 07:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: Failed password for invalid user L from 195.178.110.50 port 16964 ssh2
May  5 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: Connection closed by 195.178.110.50 port 16964 [preauth]
May  5 07:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: Failed password for root from 185.93.89.118 port 32570 ssh2
May  5 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: Connection closed by 185.93.89.118 port 32570 [preauth]
May  5 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[994]: Invalid user - from 195.178.110.50
May  5 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[994]: input_userauth_request: invalid user - [preauth]
May  5 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[994]: pam_unix(sshd:auth): bad username [-]
May  5 07:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[994]: Failed password for invalid user - from 195.178.110.50 port 55304 ssh2
May  5 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Failed password for root from 157.245.88.137 port 42796 ssh2
May  5 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Received disconnect from 157.245.88.137 port 42796:11: Bye Bye [preauth]
May  5 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Disconnected from 157.245.88.137 port 42796 [preauth]
May  5 07:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[994]: Connection closed by 195.178.110.50 port 55304 [preauth]
May  5 07:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session closed for user root
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user p13x
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1090]: Successful su for rubyman by root
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1090]: + ??? root:rubyman
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332431 of user rubyman.
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1090]: pam_unix(su:session): session closed for user rubyman
May  5 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332431.
May  5 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user root
May  5 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session closed for user root
May  5 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1020]: pam_unix(cron:session): session closed for user samftp
May  5 07:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Invalid user l from 195.178.110.50
May  5 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: input_userauth_request: invalid user l [preauth]
May  5 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Invalid user liuzhaoxing from 143.110.176.215
May  5 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: input_userauth_request: invalid user liuzhaoxing [preauth]
May  5 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Failed password for invalid user l from 195.178.110.50 port 55338 ssh2
May  5 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Failed password for invalid user liuzhaoxing from 143.110.176.215 port 52890 ssh2
May  5 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1016]: Connection closed by 195.178.110.50 port 55338 [preauth]
May  5 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Received disconnect from 143.110.176.215 port 52890:11: Bye Bye [preauth]
May  5 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1348]: Disconnected from 143.110.176.215 port 52890 [preauth]
May  5 07:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: Failed password for root from 185.93.89.118 port 47696 ssh2
May  5 07:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1015]: Connection closed by 185.93.89.118 port 47696 [preauth]
May  5 07:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Invalid user M from 195.178.110.50
May  5 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: input_userauth_request: invalid user M [preauth]
May  5 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 07:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Failed password for invalid user M from 195.178.110.50 port 4946 ssh2
May  5 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1365]: Connection closed by 195.178.110.50 port 4946 [preauth]
May  5 07:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Failed password for root from 185.93.89.118 port 7110 ssh2
May  5 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Connection closed by 185.93.89.118 port 7110 [preauth]
May  5 07:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session closed for user root
May  5 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: Invalid user . from 195.178.110.50
May  5 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: input_userauth_request: invalid user . [preauth]
May  5 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: Failed password for invalid user . from 195.178.110.50 port 27972 ssh2
May  5 07:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1412]: Connection closed by 195.178.110.50 port 27972 [preauth]
May  5 07:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: Failed password for root from 185.93.89.118 port 21120 ssh2
May  5 07:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1423]: Connection closed by 185.93.89.118 port 21120 [preauth]
May  5 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1535]: pam_unix(cron:session): session closed for user p13x
May  5 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1608]: Successful su for rubyman by root
May  5 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1608]: + ??? root:rubyman
May  5 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332437 of user rubyman.
May  5 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1608]: pam_unix(su:session): session closed for user rubyman
May  5 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332437.
May  5 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31150]: pam_unix(cron:session): session closed for user root
May  5 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1536]: pam_unix(cron:session): session closed for user samftp
May  5 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[489]: pam_unix(cron:session): session closed for user root
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session closed for user p13x
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: Successful su for rubyman by root
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: + ??? root:rubyman
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332440 of user rubyman.
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2112]: pam_unix(su:session): session closed for user rubyman
May  5 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332440.
May  5 07:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31585]: pam_unix(cron:session): session closed for user root
May  5 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user samftp
May  5 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Invalid user seller from 206.189.62.213
May  5 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: input_userauth_request: invalid user seller [preauth]
May  5 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Failed password for invalid user seller from 206.189.62.213 port 48588 ssh2
May  5 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Received disconnect from 206.189.62.213 port 48588:11: Bye Bye [preauth]
May  5 07:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Disconnected from 206.189.62.213 port 48588 [preauth]
May  5 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session closed for user p13x
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2533]: Successful su for rubyman by root
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2533]: + ??? root:rubyman
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332444 of user rubyman.
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2533]: pam_unix(su:session): session closed for user rubyman
May  5 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332444.
May  5 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32017]: pam_unix(cron:session): session closed for user root
May  5 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2469]: pam_unix(cron:session): session closed for user samftp
May  5 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1538]: pam_unix(cron:session): session closed for user root
May  5 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2905]: pam_unix(cron:session): session closed for user p13x
May  5 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2972]: Successful su for rubyman by root
May  5 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2972]: + ??? root:rubyman
May  5 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332448 of user rubyman.
May  5 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2972]: pam_unix(su:session): session closed for user rubyman
May  5 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332448.
May  5 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session closed for user root
May  5 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2907]: pam_unix(cron:session): session closed for user samftp
May  5 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Failed password for root from 218.92.0.179 port 15734 ssh2
May  5 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 15734 ssh2]
May  5 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session closed for user root
May  5 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137  user=root
May  5 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Failed password for root from 157.245.88.137 port 51220 ssh2
May  5 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Received disconnect from 157.245.88.137 port 51220:11: Bye Bye [preauth]
May  5 07:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3279]: Disconnected from 157.245.88.137 port 51220 [preauth]
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3311]: pam_unix(cron:session): session closed for user root
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3306]: pam_unix(cron:session): session closed for user p13x
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3385]: Successful su for rubyman by root
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3385]: + ??? root:rubyman
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332455 of user rubyman.
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3385]: pam_unix(su:session): session closed for user rubyman
May  5 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332455.
May  5 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3308]: pam_unix(cron:session): session closed for user root
May  5 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[488]: pam_unix(cron:session): session closed for user root
May  5 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3307]: pam_unix(cron:session): session closed for user samftp
May  5 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: Invalid user solv from 2.57.122.57
May  5 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: input_userauth_request: invalid user solv [preauth]
May  5 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: Failed password for invalid user solv from 2.57.122.57 port 58776 ssh2
May  5 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3700]: Connection closed by 2.57.122.57 port 58776 [preauth]
May  5 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session closed for user root
May  5 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: Invalid user cacti from 143.110.176.215
May  5 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: input_userauth_request: invalid user cacti [preauth]
May  5 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: Failed password for invalid user cacti from 143.110.176.215 port 51704 ssh2
May  5 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: Received disconnect from 143.110.176.215 port 51704:11: Bye Bye [preauth]
May  5 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3762]: Disconnected from 143.110.176.215 port 51704 [preauth]
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session closed for user p13x
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: Successful su for rubyman by root
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: + ??? root:rubyman
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332458 of user rubyman.
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: pam_unix(su:session): session closed for user rubyman
May  5 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332458.
May  5 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
May  5 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session closed for user samftp
May  5 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Invalid user dell from 206.189.62.213
May  5 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: input_userauth_request: invalid user dell [preauth]
May  5 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Failed password for invalid user dell from 206.189.62.213 port 55866 ssh2
May  5 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Received disconnect from 206.189.62.213 port 55866:11: Bye Bye [preauth]
May  5 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Disconnected from 206.189.62.213 port 55866 [preauth]
May  5 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2910]: pam_unix(cron:session): session closed for user root
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4261]: pam_unix(cron:session): session closed for user root
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4263]: pam_unix(cron:session): session closed for user p13x
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: Successful su for rubyman by root
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: + ??? root:rubyman
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332462 of user rubyman.
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: pam_unix(su:session): session closed for user rubyman
May  5 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332462.
May  5 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1537]: pam_unix(cron:session): session closed for user root
May  5 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session closed for user samftp
May  5 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3310]: pam_unix(cron:session): session closed for user root
May  5 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session closed for user p13x
May  5 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: Successful su for rubyman by root
May  5 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: + ??? root:rubyman
May  5 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332467 of user rubyman.
May  5 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4875]: pam_unix(su:session): session closed for user rubyman
May  5 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332467.
May  5 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user root
May  5 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session closed for user samftp
May  5 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112  user=root
May  5 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for root from 159.65.145.112 port 52564 ssh2
May  5 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 159.65.145.112 port 52564 [preauth]
May  5 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3793]: pam_unix(cron:session): session closed for user root
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user p13x
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: Successful su for rubyman by root
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: + ??? root:rubyman
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332471 of user rubyman.
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5485]: pam_unix(su:session): session closed for user rubyman
May  5 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332471.
May  5 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session closed for user root
May  5 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user samftp
May  5 07:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Invalid user r00t from 157.245.88.137
May  5 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: input_userauth_request: invalid user r00t [preauth]
May  5 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.88.137
May  5 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Failed password for invalid user r00t from 157.245.88.137 port 58686 ssh2
May  5 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Received disconnect from 157.245.88.137 port 58686:11: Bye Bye [preauth]
May  5 07:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5783]: Disconnected from 157.245.88.137 port 58686 [preauth]
May  5 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session closed for user root
May  5 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  5 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: Failed password for root from 50.235.31.47 port 42168 ssh2
May  5 07:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: Connection closed by 50.235.31.47 port 42168 [preauth]
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session closed for user root
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user p13x
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: Successful su for rubyman by root
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: + ??? root:rubyman
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332478 of user rubyman.
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6049]: pam_unix(su:session): session closed for user rubyman
May  5 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332478.
May  5 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5971]: pam_unix(cron:session): session closed for user root
May  5 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2908]: pam_unix(cron:session): session closed for user root
May  5 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session closed for user samftp
May  5 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session closed for user root
May  5 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Invalid user hostmaster from 206.189.62.213
May  5 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: input_userauth_request: invalid user hostmaster [preauth]
May  5 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Failed password for invalid user hostmaster from 206.189.62.213 port 46168 ssh2
May  5 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Received disconnect from 206.189.62.213 port 46168:11: Bye Bye [preauth]
May  5 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Disconnected from 206.189.62.213 port 46168 [preauth]
May  5 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112  user=root
May  5 07:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Failed password for root from 159.65.145.112 port 44592 ssh2
May  5 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Invalid user pi from 159.65.145.112
May  5 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: input_userauth_request: invalid user pi [preauth]
May  5 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6393]: Connection closed by 159.65.145.112 port 44592 [preauth]
May  5 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Failed password for invalid user pi from 159.65.145.112 port 44598 ssh2
May  5 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Invalid user hive from 159.65.145.112
May  5 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: input_userauth_request: invalid user hive [preauth]
May  5 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Connection closed by 159.65.145.112 port 44598 [preauth]
May  5 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session closed for user p13x
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: Successful su for rubyman by root
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: + ??? root:rubyman
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332482 of user rubyman.
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session closed for user rubyman
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332482.
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Invalid user git from 159.65.145.112
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: input_userauth_request: invalid user git [preauth]
May  5 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Failed password for invalid user hive from 159.65.145.112 port 44608 ssh2
May  5 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3309]: pam_unix(cron:session): session closed for user root
May  5 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6408]: Connection closed by 159.65.145.112 port 44608 [preauth]
May  5 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session closed for user samftp
May  5 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Invalid user wang from 159.65.145.112
May  5 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: input_userauth_request: invalid user wang [preauth]
May  5 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Failed password for invalid user git from 159.65.145.112 port 44618 ssh2
May  5 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215  user=root
May  5 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Failed password for root from 143.110.176.215 port 45628 ssh2
May  5 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Received disconnect from 143.110.176.215 port 45628:11: Bye Bye [preauth]
May  5 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6694]: Disconnected from 143.110.176.215 port 45628 [preauth]
May  5 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Connection closed by 159.65.145.112 port 44618 [preauth]
May  5 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Invalid user nginx from 159.65.145.112
May  5 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: input_userauth_request: invalid user nginx [preauth]
May  5 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for root from 218.92.0.201 port 62062 ssh2
May  5 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Failed password for invalid user wang from 159.65.145.112 port 44164 ssh2
May  5 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for root from 218.92.0.201 port 62062 ssh2
May  5 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Invalid user mongo from 159.65.145.112
May  5 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: input_userauth_request: invalid user mongo [preauth]
May  5 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Connection closed by 159.65.145.112 port 44164 [preauth]
May  5 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Failed password for invalid user nginx from 159.65.145.112 port 44174 ssh2
May  5 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for root from 218.92.0.201 port 62062 ssh2
May  5 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Invalid user user from 159.65.145.112
May  5 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: input_userauth_request: invalid user user [preauth]
May  5 07:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Failed password for invalid user mongo from 159.65.145.112 port 44190 ssh2
May  5 07:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Connection closed by 159.65.145.112 port 44174 [preauth]
May  5 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for root from 218.92.0.201 port 62062 ssh2
May  5 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Invalid user oracle from 159.65.145.112
May  5 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: input_userauth_request: invalid user oracle [preauth]
May  5 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Connection closed by 159.65.145.112 port 44190 [preauth]
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Failed password for invalid user user from 159.65.145.112 port 44204 ssh2
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for root from 218.92.0.201 port 62062 ssh2
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 62062 ssh2 [preauth]
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Disconnecting: Too many authentication failures [preauth]
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: Invalid user gpadmin from 159.65.145.112
May  5 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: input_userauth_request: invalid user gpadmin [preauth]
May  5 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6683]: Connection closed by 159.65.145.112 port 44204 [preauth]
May  5 07:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Failed password for invalid user oracle from 159.65.145.112 port 47832 ssh2
May  5 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112
May  5 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Failed password for root from 218.92.0.201 port 21588 ssh2
May  5 07:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: Failed password for invalid user gpadmin from 159.65.145.112 port 47844 ssh2
May  5 07:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6704]: Connection closed by 159.65.145.112 port 47832 [preauth]
May  5 07:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.145.112  user=root
May  5 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Invalid user esroot from 159.65.145.112
May  5 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: input_userauth_request: invalid user esroot [preauth]
May  5 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Failed password for root from 159.65.145.112 port 47852 ssh2
May  5 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session closed for user root
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6787]: Connection reset by 159.65.145.112 port 40230 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Connection reset by 159.65.145.112 port 50854 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Connection reset by 159.65.145.112 port 50850 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Connection reset by 159.65.145.112 port 47852 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Connection reset by 159.65.145.112 port 40218 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Did not receive identification string from 159.65.145.112
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: Connection reset by 159.65.145.112 port 47844 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: Connection reset by 159.65.145.112 port 47856 [preauth]
May  5 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6742]: Connection reset by 159.65.145.112 port 50838 [preauth]
May  5 07:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for root from 218.92.0.201 port 35414 ssh2
May  5 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 35414 ssh2]
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session closed for user p13x
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7030]: Successful su for rubyman by root
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7030]: + ??? root:rubyman
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332488 of user rubyman.
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7030]: pam_unix(su:session): session closed for user rubyman
May  5 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332488.
May  5 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for root from 218.92.0.201 port 35414 ssh2
May  5 07:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session closed for user root
May  5 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6880]: pam_unix(cron:session): session closed for user samftp
May  5 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for root from 218.92.0.201 port 35414 ssh2
May  5 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Failed password for root from 218.92.0.201 port 35414 ssh2
May  5 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 35414 ssh2 [preauth]
May  5 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: Disconnecting: Too many authentication failures [preauth]
May  5 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6848]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Invalid user solv from 2.57.122.57
May  5 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: input_userauth_request: invalid user solv [preauth]
May  5 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Failed password for invalid user solv from 2.57.122.57 port 34150 ssh2
May  5 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7301]: Connection closed by 2.57.122.57 port 34150 [preauth]
May  5 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5973]: pam_unix(cron:session): session closed for user root
May  5 07:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for root from 218.92.0.179 port 54375 ssh2
May  5 07:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for root from 218.92.0.179 port 54375 ssh2
May  5 07:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Failed password for root from 218.92.0.179 port 54375 ssh2
May  5 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Received disconnect from 218.92.0.179 port 54375:11:  [preauth]
May  5 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: Disconnected from 218.92.0.179 port 54375 [preauth]
May  5 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7346]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Did not receive identification string from 193.32.162.185
May  5 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session closed for user p13x
May  5 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: Successful su for rubyman by root
May  5 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: + ??? root:rubyman
May  5 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332489 of user rubyman.
May  5 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7460]: pam_unix(su:session): session closed for user rubyman
May  5 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332489.
May  5 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session closed for user root
May  5 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7398]: pam_unix(cron:session): session closed for user samftp
May  5 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session closed for user root
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7918]: pam_unix(cron:session): session closed for user p13x
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7986]: Successful su for rubyman by root
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7986]: + ??? root:rubyman
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332494 of user rubyman.
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7986]: pam_unix(su:session): session closed for user rubyman
May  5 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332494.
May  5 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4807]: pam_unix(cron:session): session closed for user root
May  5 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7919]: pam_unix(cron:session): session closed for user samftp
May  5 07:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6882]: pam_unix(cron:session): session closed for user root
May  5 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Invalid user nvidia from 206.189.62.213
May  5 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: input_userauth_request: invalid user nvidia [preauth]
May  5 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Failed password for invalid user nvidia from 206.189.62.213 port 47180 ssh2
May  5 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Received disconnect from 206.189.62.213 port 47180:11: Bye Bye [preauth]
May  5 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8335]: Disconnected from 206.189.62.213 port 47180 [preauth]
May  5 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8359]: pam_unix(cron:session): session closed for user root
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8354]: pam_unix(cron:session): session closed for user p13x
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: Successful su for rubyman by root
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: + ??? root:rubyman
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332500 of user rubyman.
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8425]: pam_unix(su:session): session closed for user rubyman
May  5 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332500.
May  5 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session closed for user root
May  5 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8356]: pam_unix(cron:session): session closed for user root
May  5 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8355]: pam_unix(cron:session): session closed for user samftp
May  5 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7400]: pam_unix(cron:session): session closed for user root
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8812]: pam_unix(cron:session): session closed for user p13x
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: Successful su for rubyman by root
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: + ??? root:rubyman
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332503 of user rubyman.
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: pam_unix(su:session): session closed for user rubyman
May  5 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332503.
May  5 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5972]: pam_unix(cron:session): session closed for user root
May  5 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8813]: pam_unix(cron:session): session closed for user samftp
May  5 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: Invalid user jwang from 143.110.176.215
May  5 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: input_userauth_request: invalid user jwang [preauth]
May  5 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: Failed password for invalid user jwang from 143.110.176.215 port 53952 ssh2
May  5 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: Received disconnect from 143.110.176.215 port 53952:11: Bye Bye [preauth]
May  5 07:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9214]: Disconnected from 143.110.176.215 port 53952 [preauth]
May  5 07:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7921]: pam_unix(cron:session): session closed for user root
May  5 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Invalid user local from 190.103.202.7
May  5 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: input_userauth_request: invalid user local [preauth]
May  5 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for invalid user local from 190.103.202.7 port 54856 ssh2
May  5 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Connection closed by 190.103.202.7 port 54856 [preauth]
May  5 07:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Failed password for root from 218.92.0.179 port 62911 ssh2
May  5 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62911 ssh2]
May  5 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Received disconnect from 218.92.0.179 port 62911:11:  [preauth]
May  5 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: Disconnected from 218.92.0.179 port 62911 [preauth]
May  5 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9327]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9347]: pam_unix(cron:session): session closed for user p13x
May  5 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: Successful su for rubyman by root
May  5 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: + ??? root:rubyman
May  5 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332508 of user rubyman.
May  5 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9413]: pam_unix(su:session): session closed for user rubyman
May  5 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332508.
May  5 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6436]: pam_unix(cron:session): session closed for user root
May  5 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session closed for user samftp
May  5 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8358]: pam_unix(cron:session): session closed for user root
May  5 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9755]: pam_unix(cron:session): session closed for user p13x
May  5 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: Successful su for rubyman by root
May  5 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: + ??? root:rubyman
May  5 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332512 of user rubyman.
May  5 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9816]: pam_unix(su:session): session closed for user rubyman
May  5 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332512.
May  5 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6881]: pam_unix(cron:session): session closed for user root
May  5 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9756]: pam_unix(cron:session): session closed for user samftp
May  5 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8815]: pam_unix(cron:session): session closed for user root
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session closed for user p13x
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10226]: Successful su for rubyman by root
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10226]: + ??? root:rubyman
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332516 of user rubyman.
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10226]: pam_unix(su:session): session closed for user rubyman
May  5 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332516.
May  5 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7399]: pam_unix(cron:session): session closed for user root
May  5 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session closed for user samftp
May  5 07:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: Invalid user ubuntu from 206.189.62.213
May  5 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: input_userauth_request: invalid user ubuntu [preauth]
May  5 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: Failed password for invalid user ubuntu from 206.189.62.213 port 55490 ssh2
May  5 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: Received disconnect from 206.189.62.213 port 55490:11: Bye Bye [preauth]
May  5 07:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10508]: Disconnected from 206.189.62.213 port 55490 [preauth]
May  5 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Invalid user solana from 2.57.122.57
May  5 07:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: input_userauth_request: invalid user solana [preauth]
May  5 07:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Failed password for invalid user solana from 2.57.122.57 port 44184 ssh2
May  5 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10543]: Connection closed by 2.57.122.57 port 44184 [preauth]
May  5 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9352]: pam_unix(cron:session): session closed for user root
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session closed for user root
May  5 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10694]: pam_unix(cron:session): session closed for user p13x
May  5 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: Successful su for rubyman by root
May  5 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: + ??? root:rubyman
May  5 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332520 of user rubyman.
May  5 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: pam_unix(su:session): session closed for user rubyman
May  5 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332520.
May  5 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7920]: pam_unix(cron:session): session closed for user root
May  5 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10696]: pam_unix(cron:session): session closed for user root
May  5 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10695]: pam_unix(cron:session): session closed for user samftp
May  5 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session closed for user root
May  5 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session closed for user p13x
May  5 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11210]: Successful su for rubyman by root
May  5 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11210]: + ??? root:rubyman
May  5 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332526 of user rubyman.
May  5 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11210]: pam_unix(su:session): session closed for user rubyman
May  5 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332526.
May  5 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8357]: pam_unix(cron:session): session closed for user root
May  5 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session closed for user samftp
May  5 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session closed for user root
May  5 07:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: Invalid user sbs from 143.110.176.215
May  5 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: input_userauth_request: invalid user sbs [preauth]
May  5 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: Failed password for invalid user sbs from 143.110.176.215 port 56236 ssh2
May  5 07:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: Received disconnect from 143.110.176.215 port 56236:11: Bye Bye [preauth]
May  5 07:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11525]: Disconnected from 143.110.176.215 port 56236 [preauth]
May  5 07:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Invalid user Mohammed from 80.94.95.241
May  5 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: input_userauth_request: invalid user Mohammed [preauth]
May  5 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Failed password for invalid user Mohammed from 80.94.95.241 port 59042 ssh2
May  5 07:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Failed password for invalid user Mohammed from 80.94.95.241 port 59042 ssh2
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session closed for user p13x
May  5 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11612]: Successful su for rubyman by root
May  5 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11612]: + ??? root:rubyman
May  5 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332529 of user rubyman.
May  5 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11612]: pam_unix(su:session): session closed for user rubyman
May  5 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332529.
May  5 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Failed password for invalid user Mohammed from 80.94.95.241 port 59042 ssh2
May  5 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8814]: pam_unix(cron:session): session closed for user root
May  5 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Failed password for invalid user Mohammed from 80.94.95.241 port 59042 ssh2
May  5 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session closed for user samftp
May  5 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Failed password for invalid user Mohammed from 80.94.95.241 port 59042 ssh2
May  5 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Received disconnect from 80.94.95.241 port 59042:11: Bye [preauth]
May  5 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: Disconnected from 80.94.95.241 port 59042 [preauth]
May  5 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 07:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11536]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session closed for user root
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11938]: pam_unix(cron:session): session closed for user p13x
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11996]: Successful su for rubyman by root
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11996]: + ??? root:rubyman
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332535 of user rubyman.
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11996]: pam_unix(su:session): session closed for user rubyman
May  5 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332535.
May  5 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session closed for user root
May  5 07:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session closed for user samftp
May  5 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11141]: pam_unix(cron:session): session closed for user root
May  5 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Invalid user iexcel_qingdao from 206.189.62.213
May  5 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: input_userauth_request: invalid user iexcel_qingdao [preauth]
May  5 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Failed password for invalid user iexcel_qingdao from 206.189.62.213 port 59720 ssh2
May  5 07:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Received disconnect from 206.189.62.213 port 59720:11: Bye Bye [preauth]
May  5 07:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Disconnected from 206.189.62.213 port 59720 [preauth]
May  5 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session closed for user p13x
May  5 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: Successful su for rubyman by root
May  5 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: + ??? root:rubyman
May  5 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332539 of user rubyman.
May  5 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: pam_unix(su:session): session closed for user rubyman
May  5 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332539.
May  5 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9757]: pam_unix(cron:session): session closed for user root
May  5 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session closed for user samftp
May  5 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11551]: pam_unix(cron:session): session closed for user root
May  5 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Invalid user mos from 176.31.162.135
May  5 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: input_userauth_request: invalid user mos [preauth]
May  5 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12733]: pam_unix(cron:session): session closed for user root
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session closed for user p13x
May  5 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Failed password for invalid user mos from 176.31.162.135 port 60282 ssh2
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12794]: Successful su for rubyman by root
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12794]: + ??? root:rubyman
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332541 of user rubyman.
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12794]: pam_unix(su:session): session closed for user rubyman
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332541.
May  5 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Connection closed by 176.31.162.135 port 60282 [preauth]
May  5 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session closed for user root
May  5 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10151]: pam_unix(cron:session): session closed for user root
May  5 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session closed for user samftp
May  5 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session closed for user root
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session closed for user p13x
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13216]: Successful su for rubyman by root
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13216]: + ??? root:rubyman
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332548 of user rubyman.
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13216]: pam_unix(su:session): session closed for user rubyman
May  5 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332548.
May  5 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10697]: pam_unix(cron:session): session closed for user root
May  5 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session closed for user samftp
May  5 07:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Invalid user solana from 2.57.122.57
May  5 07:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: input_userauth_request: invalid user solana [preauth]
May  5 07:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user solana from 2.57.122.57 port 56270 ssh2
May  5 07:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Connection closed by 2.57.122.57 port 56270 [preauth]
May  5 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session closed for user root
May  5 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session closed for user p13x
May  5 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13727]: Successful su for rubyman by root
May  5 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13727]: + ??? root:rubyman
May  5 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332552 of user rubyman.
May  5 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13727]: pam_unix(su:session): session closed for user rubyman
May  5 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332552.
May  5 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session closed for user root
May  5 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user samftp
May  5 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Invalid user net from 143.110.176.215
May  5 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: input_userauth_request: invalid user net [preauth]
May  5 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Failed password for invalid user net from 143.110.176.215 port 54676 ssh2
May  5 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Received disconnect from 143.110.176.215 port 54676:11: Bye Bye [preauth]
May  5 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13913]: Disconnected from 143.110.176.215 port 54676 [preauth]
May  5 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Invalid user user from 80.94.95.29
May  5 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: input_userauth_request: invalid user user [preauth]
May  5 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Failed password for invalid user user from 80.94.95.29 port 55594 ssh2
May  5 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Failed password for invalid user user from 80.94.95.29 port 55594 ssh2
May  5 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Failed password for invalid user user from 80.94.95.29 port 55594 ssh2
May  5 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Failed password for invalid user user from 80.94.95.29 port 55594 ssh2
May  5 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12732]: pam_unix(cron:session): session closed for user root
May  5 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Failed password for invalid user user from 80.94.95.29 port 55594 ssh2
May  5 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Received disconnect from 80.94.95.29 port 55594:11: Bye [preauth]
May  5 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: Disconnected from 80.94.95.29 port 55594 [preauth]
May  5 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13946]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 07:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Invalid user cyl from 206.189.62.213
May  5 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: input_userauth_request: invalid user cyl [preauth]
May  5 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Failed password for invalid user cyl from 206.189.62.213 port 56098 ssh2
May  5 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Received disconnect from 206.189.62.213 port 56098:11: Bye Bye [preauth]
May  5 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Disconnected from 206.189.62.213 port 56098 [preauth]
May  5 07:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  5 07:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 218.92.0.207 port 44876 ssh2
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14071]: pam_unix(cron:session): session closed for user p13x
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: Successful su for rubyman by root
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: + ??? root:rubyman
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332555 of user rubyman.
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14131]: pam_unix(su:session): session closed for user rubyman
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332555.
May  5 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 218.92.0.207 port 44876 ssh2
May  5 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11550]: pam_unix(cron:session): session closed for user root
May  5 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 218.92.0.207 port 44876 ssh2
May  5 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14072]: pam_unix(cron:session): session closed for user samftp
May  5 07:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 218.92.0.207 port 44876 ssh2
May  5 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 218.92.0.207 port 44876 ssh2
May  5 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 44876 ssh2 [preauth]
May  5 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Disconnecting: Too many authentication failures [preauth]
May  5 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  5 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 07:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user root
May  5 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Failed password for root from 80.94.95.29 port 65010 ssh2
May  5 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 65010 ssh2]
May  5 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Received disconnect from 80.94.95.29 port 65010:11: Bye [preauth]
May  5 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: Disconnected from 80.94.95.29 port 65010 [preauth]
May  5 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14407]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user p13x
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14594]: Successful su for rubyman by root
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14594]: + ??? root:rubyman
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332561 of user rubyman.
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14594]: pam_unix(su:session): session closed for user rubyman
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332561.
May  5 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session closed for user root
May  5 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session closed for user root
May  5 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user samftp
May  5 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session closed for user root
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session closed for user root
May  5 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14969]: pam_unix(cron:session): session closed for user p13x
May  5 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15042]: Successful su for rubyman by root
May  5 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15042]: + ??? root:rubyman
May  5 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332564 of user rubyman.
May  5 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15042]: pam_unix(su:session): session closed for user rubyman
May  5 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332564.
May  5 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session closed for user root
May  5 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session closed for user root
May  5 07:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session closed for user samftp
May  5 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14075]: pam_unix(cron:session): session closed for user root
May  5 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session closed for user p13x
May  5 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15461]: Successful su for rubyman by root
May  5 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15461]: + ??? root:rubyman
May  5 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332571 of user rubyman.
May  5 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15461]: pam_unix(su:session): session closed for user rubyman
May  5 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332571.
May  5 07:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session closed for user root
May  5 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15397]: pam_unix(cron:session): session closed for user samftp
May  5 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session closed for user root
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15792]: pam_unix(cron:session): session closed for user p13x
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: Successful su for rubyman by root
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: + ??? root:rubyman
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332575 of user rubyman.
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15852]: pam_unix(su:session): session closed for user rubyman
May  5 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332575.
May  5 07:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user root
May  5 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15793]: pam_unix(cron:session): session closed for user samftp
May  5 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: User news from 206.189.62.213 not allowed because not listed in AllowUsers
May  5 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: input_userauth_request: invalid user news [preauth]
May  5 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213  user=news
May  5 07:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Failed password for invalid user news from 206.189.62.213 port 35820 ssh2
May  5 07:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Received disconnect from 206.189.62.213 port 35820:11: Bye Bye [preauth]
May  5 07:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16032]: Disconnected from 206.189.62.213 port 35820 [preauth]
May  5 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session closed for user root
May  5 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: Invalid user test from 143.110.176.215
May  5 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: input_userauth_request: invalid user test [preauth]
May  5 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.176.215
May  5 07:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: Failed password for invalid user test from 143.110.176.215 port 55158 ssh2
May  5 07:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: Received disconnect from 143.110.176.215 port 55158:11: Bye Bye [preauth]
May  5 07:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16108]: Disconnected from 143.110.176.215 port 55158 [preauth]
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16179]: pam_unix(cron:session): session closed for user p13x
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16237]: Successful su for rubyman by root
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16237]: + ??? root:rubyman
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332579 of user rubyman.
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16237]: pam_unix(su:session): session closed for user rubyman
May  5 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332579.
May  5 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session closed for user root
May  5 07:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16180]: pam_unix(cron:session): session closed for user samftp
May  5 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Failed password for root from 2.57.122.57 port 42032 ssh2
May  5 07:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16454]: Connection closed by 2.57.122.57 port 42032 [preauth]
May  5 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15399]: pam_unix(cron:session): session closed for user root
May  5 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Invalid user admin from 139.19.117.131
May  5 07:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: input_userauth_request: invalid user admin [preauth]
May  5 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16582]: Connection closed by 139.19.117.131 port 40598 [preauth]
May  5 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16625]: pam_unix(cron:session): session closed for user p13x
May  5 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16690]: Successful su for rubyman by root
May  5 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16690]: + ??? root:rubyman
May  5 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332583 of user rubyman.
May  5 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16690]: pam_unix(su:session): session closed for user rubyman
May  5 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332583.
May  5 07:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14074]: pam_unix(cron:session): session closed for user root
May  5 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16626]: pam_unix(cron:session): session closed for user samftp
May  5 07:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session closed for user root
May  5 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Failed password for root from 218.92.0.179 port 62017 ssh2
May  5 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62017 ssh2]
May  5 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Received disconnect from 218.92.0.179 port 62017:11:  [preauth]
May  5 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: Disconnected from 218.92.0.179 port 62017 [preauth]
May  5 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16966]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17060]: pam_unix(cron:session): session closed for user root
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session closed for user p13x
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17125]: Successful su for rubyman by root
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17125]: + ??? root:rubyman
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332588 of user rubyman.
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17125]: pam_unix(su:session): session closed for user rubyman
May  5 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332588.
May  5 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17056]: pam_unix(cron:session): session closed for user root
May  5 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session closed for user root
May  5 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session closed for user samftp
May  5 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16182]: pam_unix(cron:session): session closed for user root
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17487]: pam_unix(cron:session): session closed for user p13x
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: Successful su for rubyman by root
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: + ??? root:rubyman
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332592 of user rubyman.
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17565]: pam_unix(su:session): session closed for user rubyman
May  5 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332592.
May  5 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session closed for user root
May  5 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session closed for user samftp
May  5 07:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213  user=root
May  5 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17925]: Failed password for root from 206.189.62.213 port 48864 ssh2
May  5 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17925]: Received disconnect from 206.189.62.213 port 48864:11: Bye Bye [preauth]
May  5 07:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17925]: Disconnected from 206.189.62.213 port 48864 [preauth]
May  5 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session closed for user root
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session closed for user p13x
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: Successful su for rubyman by root
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: + ??? root:rubyman
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332597 of user rubyman.
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: pam_unix(su:session): session closed for user rubyman
May  5 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332597.
May  5 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15398]: pam_unix(cron:session): session closed for user root
May  5 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session closed for user samftp
May  5 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session closed for user root
May  5 07:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18449]: pam_unix(cron:session): session closed for user p13x
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18512]: Successful su for rubyman by root
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18512]: + ??? root:rubyman
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332600 of user rubyman.
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18512]: pam_unix(su:session): session closed for user rubyman
May  5 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332600.
May  5 07:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15794]: pam_unix(cron:session): session closed for user root
May  5 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.111  user=root
May  5 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18450]: pam_unix(cron:session): session closed for user samftp
May  5 07:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Failed password for root from 103.103.245.111 port 51424 ssh2
May  5 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18437]: Connection closed by 103.103.245.111 port 51424 [preauth]
May  5 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Invalid user michael from 193.70.84.184
May  5 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: input_userauth_request: invalid user michael [preauth]
May  5 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session closed for user root
May  5 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Failed password for invalid user michael from 193.70.84.184 port 42318 ssh2
May  5 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Connection closed by 193.70.84.184 port 42318 [preauth]
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user p13x
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18921]: Successful su for rubyman by root
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18921]: + ??? root:rubyman
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332604 of user rubyman.
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18921]: pam_unix(su:session): session closed for user rubyman
May  5 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332604.
May  5 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16181]: pam_unix(cron:session): session closed for user root
May  5 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user samftp
May  5 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18035]: pam_unix(cron:session): session closed for user root
May  5 07:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Failed password for root from 218.92.0.179 port 45195 ssh2
May  5 07:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45195 ssh2]
May  5 07:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Received disconnect from 218.92.0.179 port 45195:11:  [preauth]
May  5 07:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Disconnected from 218.92.0.179 port 45195 [preauth]
May  5 07:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19278]: pam_unix(cron:session): session closed for user root
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19272]: pam_unix(cron:session): session closed for user p13x
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19342]: Successful su for rubyman by root
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19342]: + ??? root:rubyman
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332608 of user rubyman.
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19342]: pam_unix(su:session): session closed for user rubyman
May  5 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332608.
May  5 07:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19274]: pam_unix(cron:session): session closed for user root
May  5 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16627]: pam_unix(cron:session): session closed for user root
May  5 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19273]: pam_unix(cron:session): session closed for user samftp
May  5 07:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: Invalid user ubuntu from 2.57.122.57
May  5 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: input_userauth_request: invalid user ubuntu [preauth]
May  5 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: Failed password for invalid user ubuntu from 2.57.122.57 port 46306 ssh2
May  5 07:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19573]: Connection closed by 2.57.122.57 port 46306 [preauth]
May  5 07:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 07:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Failed password for root from 185.213.164.101 port 39444 ssh2
May  5 07:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Received disconnect from 185.213.164.101 port 39444:11: Bye Bye [preauth]
May  5 07:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Disconnected from 185.213.164.101 port 39444 [preauth]
May  5 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18452]: pam_unix(cron:session): session closed for user root
May  5 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: Invalid user dsp_nmst from 206.189.62.213
May  5 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: input_userauth_request: invalid user dsp_nmst [preauth]
May  5 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: Failed password for invalid user dsp_nmst from 206.189.62.213 port 57530 ssh2
May  5 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: Received disconnect from 206.189.62.213 port 57530:11: Bye Bye [preauth]
May  5 07:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19671]: Disconnected from 206.189.62.213 port 57530 [preauth]
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user p13x
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: Successful su for rubyman by root
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: + ??? root:rubyman
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332614 of user rubyman.
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: pam_unix(su:session): session closed for user rubyman
May  5 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332614.
May  5 07:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17057]: pam_unix(cron:session): session closed for user root
May  5 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user samftp
May  5 07:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Failed password for root from 218.92.0.179 port 44791 ssh2
May  5 07:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Failed password for root from 218.92.0.179 port 44791 ssh2
May  5 07:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Failed password for root from 218.92.0.179 port 44791 ssh2
May  5 07:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Received disconnect from 218.92.0.179 port 44791:11:  [preauth]
May  5 07:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: Disconnected from 218.92.0.179 port 44791 [preauth]
May  5 07:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19979]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
May  5 07:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.111  user=root
May  5 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19990]: Failed password for root from 103.103.245.111 port 50290 ssh2
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20140]: pam_unix(cron:session): session closed for user p13x
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20206]: Successful su for rubyman by root
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20206]: + ??? root:rubyman
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332618 of user rubyman.
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20206]: pam_unix(su:session): session closed for user rubyman
May  5 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332618.
May  5 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session closed for user root
May  5 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session closed for user samftp
May  5 07:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20015]: Connection reset by 103.103.245.111 port 57134 [preauth]
May  5 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19990]: Connection reset by 103.103.245.111 port 50290 [preauth]
May  5 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session closed for user root
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user p13x
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: Successful su for rubyman by root
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: + ??? root:rubyman
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332624 of user rubyman.
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20602]: pam_unix(su:session): session closed for user rubyman
May  5 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332624.
May  5 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18033]: pam_unix(cron:session): session closed for user root
May  5 07:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session closed for user samftp
May  5 07:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19727]: pam_unix(cron:session): session closed for user root
May  5 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20951]: pam_unix(cron:session): session closed for user p13x
May  5 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: Successful su for rubyman by root
May  5 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: + ??? root:rubyman
May  5 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332627 of user rubyman.
May  5 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21008]: pam_unix(su:session): session closed for user rubyman
May  5 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332627.
May  5 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18451]: pam_unix(cron:session): session closed for user root
May  5 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20952]: pam_unix(cron:session): session closed for user samftp
May  5 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20143]: pam_unix(cron:session): session closed for user root
May  5 07:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21391]: pam_unix(cron:session): session closed for user root
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21386]: pam_unix(cron:session): session closed for user p13x
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Invalid user qbit from 206.189.62.213
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: input_userauth_request: invalid user qbit [preauth]
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: Successful su for rubyman by root
May  5 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: + ??? root:rubyman
May  5 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332631 of user rubyman.
May  5 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: pam_unix(su:session): session closed for user rubyman
May  5 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332631.
May  5 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Failed password for invalid user qbit from 206.189.62.213 port 57248 ssh2
May  5 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Received disconnect from 206.189.62.213 port 57248:11: Bye Bye [preauth]
May  5 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Disconnected from 206.189.62.213 port 57248 [preauth]
May  5 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user root
May  5 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
May  5 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session closed for user samftp
May  5 07:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Did not receive identification string from 164.68.105.9
May  5 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session closed for user root
May  5 07:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22146]: pam_unix(cron:session): session closed for user p13x
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: Successful su for rubyman by root
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: + ??? root:rubyman
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332636 of user rubyman.
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: pam_unix(su:session): session closed for user rubyman
May  5 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332636.
May  5 07:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19275]: pam_unix(cron:session): session closed for user root
May  5 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session closed for user samftp
May  5 07:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: Invalid user mpt from 103.90.226.193
May  5 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: input_userauth_request: invalid user mpt [preauth]
May  5 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 07:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: Failed password for invalid user mpt from 103.90.226.193 port 54766 ssh2
May  5 07:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: Received disconnect from 103.90.226.193 port 54766:11: Bye Bye [preauth]
May  5 07:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22489]: Disconnected from 103.90.226.193 port 54766 [preauth]
May  5 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session closed for user root
May  5 07:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Failed password for root from 162.214.226.167 port 35794 ssh2
May  5 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Received disconnect from 162.214.226.167 port 35794:11: Bye Bye [preauth]
May  5 07:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22581]: Disconnected from 162.214.226.167 port 35794 [preauth]
May  5 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session closed for user p13x
May  5 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: Successful su for rubyman by root
May  5 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: + ??? root:rubyman
May  5 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332642 of user rubyman.
May  5 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: pam_unix(su:session): session closed for user rubyman
May  5 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332642.
May  5 07:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session closed for user root
May  5 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session closed for user samftp
May  5 07:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Invalid user ubuntu from 2.57.122.57
May  5 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: input_userauth_request: invalid user ubuntu [preauth]
May  5 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Failed password for invalid user ubuntu from 2.57.122.57 port 43074 ssh2
May  5 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Connection closed by 2.57.122.57 port 43074 [preauth]
May  5 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user root
May  5 07:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23080]: pam_unix(cron:session): session closed for user p13x
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: Successful su for rubyman by root
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: + ??? root:rubyman
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332644 of user rubyman.
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23147]: pam_unix(su:session): session closed for user rubyman
May  5 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332644.
May  5 07:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session closed for user root
May  5 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Failed password for root from 185.93.89.118 port 41184 ssh2
May  5 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session closed for user samftp
May  5 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23061]: Connection closed by 185.93.89.118 port 41184 [preauth]
May  5 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Failed password for root from 185.93.89.118 port 30990 ssh2
May  5 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Connection closed by 185.93.89.118 port 30990 [preauth]
May  5 07:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user root
May  5 07:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Failed password for root from 185.93.89.118 port 44506 ssh2
May  5 07:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Connection closed by 185.93.89.118 port 44506 [preauth]
May  5 07:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Failed password for root from 185.93.89.118 port 35494 ssh2
May  5 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23564]: Connection closed by 185.93.89.118 port 35494 [preauth]
May  5 07:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23596]: pam_unix(cron:session): session closed for user p13x
May  5 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: Successful su for rubyman by root
May  5 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: + ??? root:rubyman
May  5 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332650 of user rubyman.
May  5 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23663]: pam_unix(su:session): session closed for user rubyman
May  5 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332650.
May  5 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session closed for user root
May  5 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session closed for user samftp
May  5 07:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 07:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Failed password for root from 185.93.89.118 port 18298 ssh2
May  5 07:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23582]: Connection closed by 185.93.89.118 port 18298 [preauth]
May  5 07:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Invalid user zqj from 206.189.62.213
May  5 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: input_userauth_request: invalid user zqj [preauth]
May  5 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Failed password for invalid user zqj from 206.189.62.213 port 50858 ssh2
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Invalid user florian from 50.235.31.47
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: input_userauth_request: invalid user florian [preauth]
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: pam_unix(sshd:auth): check pass; user unknown
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Received disconnect from 206.189.62.213 port 50858:11: Bye Bye [preauth]
May  5 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Disconnected from 206.189.62.213 port 50858 [preauth]
May  5 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session closed for user root
May  5 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Failed password for invalid user florian from 50.235.31.47 port 46102 ssh2
May  5 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24036]: Connection closed by 50.235.31.47 port 46102 [preauth]
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24125]: pam_unix(cron:session): session closed for user root
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
May  5 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24123]: pam_unix(cron:session): session closed for user p13x
May  5 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24231]: Successful su for rubyman by root
May  5 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24231]: + ??? root:rubyman
May  5 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332652 of user rubyman.
May  5 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24231]: pam_unix(su:session): session closed for user rubyman
May  5 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332652.
May  5 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user root
May  5 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20953]: pam_unix(cron:session): session closed for user root
May  5 08:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24124]: pam_unix(cron:session): session closed for user samftp
May  5 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session closed for user root
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session closed for user p13x
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: Successful su for rubyman by root
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: + ??? root:rubyman
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332660 of user rubyman.
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24740]: pam_unix(su:session): session closed for user rubyman
May  5 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332660.
May  5 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user root
May  5 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session closed for user samftp
May  5 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: Invalid user developer from 185.213.164.101
May  5 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: input_userauth_request: invalid user developer [preauth]
May  5 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: Failed password for invalid user developer from 185.213.164.101 port 55668 ssh2
May  5 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: Received disconnect from 185.213.164.101 port 55668:11: Bye Bye [preauth]
May  5 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24943]: Disconnected from 185.213.164.101 port 55668 [preauth]
May  5 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23599]: pam_unix(cron:session): session closed for user root
May  5 08:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Failed password for root from 162.214.226.167 port 44898 ssh2
May  5 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Received disconnect from 162.214.226.167 port 44898:11: Bye Bye [preauth]
May  5 08:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Disconnected from 162.214.226.167 port 44898 [preauth]
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25093]: pam_unix(cron:session): session closed for user p13x
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: Successful su for rubyman by root
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: + ??? root:rubyman
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332665 of user rubyman.
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25159]: pam_unix(su:session): session closed for user rubyman
May  5 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332665.
May  5 08:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user root
May  5 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25094]: pam_unix(cron:session): session closed for user samftp
May  5 08:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.143.131  user=root
May  5 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Failed password for root from 142.93.143.131 port 57748 ssh2
May  5 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user root
May  5 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Connection closed by 142.93.143.131 port 57748 [preauth]
May  5 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session closed for user p13x
May  5 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: Successful su for rubyman by root
May  5 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: + ??? root:rubyman
May  5 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332667 of user rubyman.
May  5 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: pam_unix(su:session): session closed for user rubyman
May  5 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332667.
May  5 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user root
May  5 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25503]: pam_unix(cron:session): session closed for user samftp
May  5 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user root
May  5 08:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Invalid user elasticsearch from 206.189.62.213
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.62.213
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: Invalid user est from 103.90.226.193
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: input_userauth_request: invalid user est [preauth]
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Failed password for invalid user elasticsearch from 206.189.62.213 port 55680 ssh2
May  5 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: Failed password for invalid user est from 103.90.226.193 port 39136 ssh2
May  5 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Received disconnect from 206.189.62.213 port 55680:11: Bye Bye [preauth]
May  5 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25857]: Disconnected from 206.189.62.213 port 55680 [preauth]
May  5 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: Received disconnect from 103.90.226.193 port 39136:11: Bye Bye [preauth]
May  5 08:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25855]: Disconnected from 103.90.226.193 port 39136 [preauth]
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25906]: pam_unix(cron:session): session closed for user p13x
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25968]: Successful su for rubyman by root
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25968]: + ??? root:rubyman
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332672 of user rubyman.
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25968]: pam_unix(su:session): session closed for user rubyman
May  5 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332672.
May  5 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session closed for user root
May  5 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25907]: pam_unix(cron:session): session closed for user samftp
May  5 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Invalid user ubuntu from 2.57.122.57
May  5 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: input_userauth_request: invalid user ubuntu [preauth]
May  5 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 08:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Failed password for invalid user ubuntu from 2.57.122.57 port 50622 ssh2
May  5 08:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26162]: Connection closed by 2.57.122.57 port 50622 [preauth]
May  5 08:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Invalid user service from 80.94.95.125
May  5 08:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: input_userauth_request: invalid user service [preauth]
May  5 08:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 08:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Failed password for invalid user service from 80.94.95.125 port 17253 ssh2
May  5 08:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Failed password for invalid user service from 80.94.95.125 port 17253 ssh2
May  5 08:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Failed password for invalid user service from 80.94.95.125 port 17253 ssh2
May  5 08:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25096]: pam_unix(cron:session): session closed for user root
May  5 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Failed password for invalid user service from 80.94.95.125 port 17253 ssh2
May  5 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Failed password for invalid user service from 80.94.95.125 port 17253 ssh2
May  5 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Received disconnect from 80.94.95.125 port 17253:11: Bye [preauth]
May  5 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Disconnected from 80.94.95.125 port 17253 [preauth]
May  5 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 08:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26313]: pam_unix(cron:session): session closed for user root
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session closed for user p13x
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: Successful su for rubyman by root
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: + ??? root:rubyman
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332677 of user rubyman.
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26377]: pam_unix(su:session): session closed for user rubyman
May  5 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332677.
May  5 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user root
May  5 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23598]: pam_unix(cron:session): session closed for user root
May  5 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user samftp
May  5 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25505]: pam_unix(cron:session): session closed for user root
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user p13x
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: Successful su for rubyman by root
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: + ??? root:rubyman
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332683 of user rubyman.
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26895]: pam_unix(su:session): session closed for user rubyman
May  5 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332683.
May  5 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user root
May  5 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26824]: pam_unix(cron:session): session closed for user samftp
May  5 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25909]: pam_unix(cron:session): session closed for user root
May  5 08:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 08:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Failed password for root from 185.213.164.101 port 43910 ssh2
May  5 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Failed password for root from 162.214.226.167 port 53176 ssh2
May  5 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Received disconnect from 162.214.226.167 port 53176:11: Bye Bye [preauth]
May  5 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Disconnected from 162.214.226.167 port 53176 [preauth]
May  5 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Received disconnect from 185.213.164.101 port 43910:11: Bye Bye [preauth]
May  5 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27234]: Disconnected from 185.213.164.101 port 43910 [preauth]
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27297]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27297]: pam_unix(cron:session): session closed for user p13x
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27379]: Successful su for rubyman by root
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27379]: + ??? root:rubyman
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332685 of user rubyman.
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27379]: pam_unix(su:session): session closed for user rubyman
May  5 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332685.
May  5 08:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session closed for user root
May  5 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27298]: pam_unix(cron:session): session closed for user samftp
May  5 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26312]: pam_unix(cron:session): session closed for user root
May  5 08:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Failed password for root from 218.92.0.179 port 44359 ssh2
May  5 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 44359 ssh2]
May  5 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Received disconnect from 218.92.0.179 port 44359:11:  [preauth]
May  5 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: Disconnected from 218.92.0.179 port 44359 [preauth]
May  5 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27730]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session closed for user p13x
May  5 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27822]: Successful su for rubyman by root
May  5 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27822]: + ??? root:rubyman
May  5 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332689 of user rubyman.
May  5 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27822]: pam_unix(su:session): session closed for user rubyman
May  5 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332689.
May  5 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25095]: pam_unix(cron:session): session closed for user root
May  5 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session closed for user samftp
May  5 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: Invalid user m from 195.178.110.50
May  5 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: input_userauth_request: invalid user m [preauth]
May  5 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 08:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: Failed password for invalid user m from 195.178.110.50 port 49234 ssh2
May  5 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27740]: Connection closed by 195.178.110.50 port 49234 [preauth]
May  5 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Invalid user N from 195.178.110.50
May  5 08:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: input_userauth_request: invalid user N [preauth]
May  5 08:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 08:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Failed password for invalid user N from 195.178.110.50 port 56292 ssh2
May  5 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28036]: Connection closed by 195.178.110.50 port 56292 [preauth]
May  5 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26826]: pam_unix(cron:session): session closed for user root
May  5 08:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Invalid user  from 195.178.110.50
May  5 08:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: input_userauth_request: invalid user  [preauth]
May  5 08:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 08:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Failed password for invalid user  from 195.178.110.50 port 16440 ssh2
May  5 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28085]: Connection closed by 195.178.110.50 port 16440 [preauth]
May  5 08:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28170]: pam_unix(cron:session): session closed for user p13x
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28282]: Successful su for rubyman by root
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28282]: + ??? root:rubyman
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332693 of user rubyman.
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28282]: pam_unix(su:session): session closed for user rubyman
May  5 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332693.
May  5 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28168]: pam_unix(cron:session): session closed for user root
May  5 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25504]: pam_unix(cron:session): session closed for user root
May  5 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28171]: pam_unix(cron:session): session closed for user samftp
May  5 08:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Invalid user n from 195.178.110.50
May  5 08:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: input_userauth_request: invalid user n [preauth]
May  5 08:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Failed password for invalid user n from 195.178.110.50 port 9790 ssh2
May  5 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28155]: Connection closed by 195.178.110.50 port 9790 [preauth]
May  5 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27301]: pam_unix(cron:session): session closed for user root
May  5 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: Invalid user O from 195.178.110.50
May  5 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: input_userauth_request: invalid user O [preauth]
May  5 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 08:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: Failed password for invalid user O from 195.178.110.50 port 3882 ssh2
May  5 08:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28537]: Connection closed by 195.178.110.50 port 3882 [preauth]
May  5 08:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 08:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Failed password for root from 103.90.226.193 port 47464 ssh2
May  5 08:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Received disconnect from 103.90.226.193 port 47464:11: Bye Bye [preauth]
May  5 08:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28627]: Disconnected from 103.90.226.193 port 47464 [preauth]
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28663]: pam_unix(cron:session): session closed for user root
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session closed for user p13x
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28730]: Successful su for rubyman by root
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28730]: + ??? root:rubyman
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332700 of user rubyman.
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28730]: pam_unix(su:session): session closed for user rubyman
May  5 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332700.
May  5 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session closed for user root
May  5 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25908]: pam_unix(cron:session): session closed for user root
May  5 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session closed for user samftp
May  5 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27763]: pam_unix(cron:session): session closed for user root
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session closed for user p13x
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: Successful su for rubyman by root
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: + ??? root:rubyman
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332706 of user rubyman.
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29268]: pam_unix(su:session): session closed for user rubyman
May  5 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332706.
May  5 08:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user root
May  5 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session closed for user samftp
May  5 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: Invalid user ubuntu from 2.57.122.57
May  5 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: input_userauth_request: invalid user ubuntu [preauth]
May  5 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 08:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: Failed password for invalid user ubuntu from 2.57.122.57 port 44328 ssh2
May  5 08:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29458]: Connection closed by 2.57.122.57 port 44328 [preauth]
May  5 08:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Invalid user developer from 162.214.226.167
May  5 08:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: input_userauth_request: invalid user developer [preauth]
May  5 08:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Failed password for invalid user developer from 162.214.226.167 port 33220 ssh2
May  5 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Received disconnect from 162.214.226.167 port 33220:11: Bye Bye [preauth]
May  5 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29502]: Disconnected from 162.214.226.167 port 33220 [preauth]
May  5 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session closed for user root
May  5 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Invalid user subhash from 185.213.164.101
May  5 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: input_userauth_request: invalid user subhash [preauth]
May  5 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Failed password for invalid user subhash from 185.213.164.101 port 33240 ssh2
May  5 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Received disconnect from 185.213.164.101 port 33240:11: Bye Bye [preauth]
May  5 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29588]: Disconnected from 185.213.164.101 port 33240 [preauth]
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29616]: pam_unix(cron:session): session closed for user p13x
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29677]: Successful su for rubyman by root
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29677]: + ??? root:rubyman
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332708 of user rubyman.
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29677]: pam_unix(su:session): session closed for user rubyman
May  5 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332708.
May  5 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26825]: pam_unix(cron:session): session closed for user root
May  5 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29617]: pam_unix(cron:session): session closed for user samftp
May  5 08:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28662]: pam_unix(cron:session): session closed for user root
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session closed for user p13x
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30082]: Successful su for rubyman by root
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30082]: + ??? root:rubyman
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332713 of user rubyman.
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30082]: pam_unix(su:session): session closed for user rubyman
May  5 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332713.
May  5 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27299]: pam_unix(cron:session): session closed for user root
May  5 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30022]: pam_unix(cron:session): session closed for user samftp
May  5 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29197]: pam_unix(cron:session): session closed for user root
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30422]: pam_unix(cron:session): session closed for user p13x
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: Successful su for rubyman by root
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: + ??? root:rubyman
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332716 of user rubyman.
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30485]: pam_unix(su:session): session closed for user rubyman
May  5 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332716.
May  5 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27762]: pam_unix(cron:session): session closed for user root
May  5 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session closed for user samftp
May  5 08:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29619]: pam_unix(cron:session): session closed for user root
May  5 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: Failed password for root from 218.92.0.179 port 43004 ssh2
May  5 08:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 43004 ssh2]
May  5 08:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: Received disconnect from 218.92.0.179 port 43004:11:  [preauth]
May  5 08:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: Disconnected from 218.92.0.179 port 43004 [preauth]
May  5 08:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30815]: pam_unix(cron:session): session closed for user root
May  5 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30809]: pam_unix(cron:session): session closed for user p13x
May  5 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: Successful su for rubyman by root
May  5 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: + ??? root:rubyman
May  5 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332720 of user rubyman.
May  5 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30883]: pam_unix(su:session): session closed for user rubyman
May  5 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332720.
May  5 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30811]: pam_unix(cron:session): session closed for user root
May  5 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session closed for user root
May  5 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30810]: pam_unix(cron:session): session closed for user samftp
May  5 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user root
May  5 08:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 08:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Failed password for root from 103.90.226.193 port 55794 ssh2
May  5 08:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Received disconnect from 103.90.226.193 port 55794:11: Bye Bye [preauth]
May  5 08:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31221]: Disconnected from 103.90.226.193 port 55794 [preauth]
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session closed for user p13x
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: Successful su for rubyman by root
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: + ??? root:rubyman
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332727 of user rubyman.
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: pam_unix(su:session): session closed for user rubyman
May  5 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332727.
May  5 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session closed for user root
May  5 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session closed for user samftp
May  5 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Invalid user subhash from 162.214.226.167
May  5 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: input_userauth_request: invalid user subhash [preauth]
May  5 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Invalid user lyh from 163.172.50.15
May  5 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: input_userauth_request: invalid user lyh [preauth]
May  5 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Failed password for invalid user subhash from 162.214.226.167 port 41508 ssh2
May  5 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Received disconnect from 162.214.226.167 port 41508:11: Bye Bye [preauth]
May  5 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31497]: Disconnected from 162.214.226.167 port 41508 [preauth]
May  5 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Failed password for invalid user lyh from 163.172.50.15 port 42796 ssh2
May  5 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Received disconnect from 163.172.50.15 port 42796:11: Bye Bye [preauth]
May  5 08:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Disconnected from 163.172.50.15 port 42796 [preauth]
May  5 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user root
May  5 08:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Invalid user admin from 185.213.164.101
May  5 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: input_userauth_request: invalid user admin [preauth]
May  5 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Failed password for invalid user admin from 185.213.164.101 port 33404 ssh2
May  5 08:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Received disconnect from 185.213.164.101 port 33404:11: Bye Bye [preauth]
May  5 08:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31645]: Disconnected from 185.213.164.101 port 33404 [preauth]
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user root
May  5 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user p13x
May  5 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31743]: Successful su for rubyman by root
May  5 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31743]: + ??? root:rubyman
May  5 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332731 of user rubyman.
May  5 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31743]: pam_unix(su:session): session closed for user rubyman
May  5 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332731.
May  5 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29196]: pam_unix(cron:session): session closed for user root
May  5 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user samftp
May  5 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30814]: pam_unix(cron:session): session closed for user root
May  5 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32089]: pam_unix(cron:session): session closed for user p13x
May  5 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32151]: Successful su for rubyman by root
May  5 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32151]: + ??? root:rubyman
May  5 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332735 of user rubyman.
May  5 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32151]: pam_unix(su:session): session closed for user rubyman
May  5 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332735.
May  5 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29618]: pam_unix(cron:session): session closed for user root
May  5 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Invalid user solana from 2.57.122.57
May  5 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: input_userauth_request: invalid user solana [preauth]
May  5 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32090]: pam_unix(cron:session): session closed for user samftp
May  5 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Failed password for invalid user solana from 2.57.122.57 port 55440 ssh2
May  5 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32296]: Connection closed by 2.57.122.57 port 55440 [preauth]
May  5 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user root
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session closed for user p13x
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: Successful su for rubyman by root
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: + ??? root:rubyman
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332739 of user rubyman.
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32550]: pam_unix(su:session): session closed for user rubyman
May  5 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332739.
May  5 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session closed for user root
May  5 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user samftp
May  5 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user root
May  5 08:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[531]: Did not receive identification string from 128.203.203.105
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[565]: pam_unix(cron:session): session closed for user root
May  5 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[559]: pam_unix(cron:session): session closed for user p13x
May  5 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[632]: Successful su for rubyman by root
May  5 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[632]: + ??? root:rubyman
May  5 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332747 of user rubyman.
May  5 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[632]: pam_unix(su:session): session closed for user rubyman
May  5 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332747.
May  5 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user root
May  5 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[561]: pam_unix(cron:session): session closed for user root
May  5 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[560]: pam_unix(cron:session): session closed for user samftp
May  5 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32092]: pam_unix(cron:session): session closed for user root
May  5 08:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Invalid user admin from 162.214.226.167
May  5 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: input_userauth_request: invalid user admin [preauth]
May  5 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Failed password for invalid user admin from 162.214.226.167 port 49828 ssh2
May  5 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Received disconnect from 162.214.226.167 port 49828:11: Bye Bye [preauth]
May  5 08:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1010]: Disconnected from 162.214.226.167 port 49828 [preauth]
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session closed for user p13x
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: Successful su for rubyman by root
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: + ??? root:rubyman
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332749 of user rubyman.
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: pam_unix(su:session): session closed for user rubyman
May  5 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332749.
May  5 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30812]: pam_unix(cron:session): session closed for user root
May  5 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1032]: pam_unix(cron:session): session closed for user samftp
May  5 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user root
May  5 08:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Invalid user venus from 103.90.226.193
May  5 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: input_userauth_request: invalid user venus [preauth]
May  5 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Failed password for invalid user venus from 103.90.226.193 port 35880 ssh2
May  5 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Received disconnect from 103.90.226.193 port 35880:11: Bye Bye [preauth]
May  5 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1498]: Disconnected from 103.90.226.193 port 35880 [preauth]
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session closed for user p13x
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: Successful su for rubyman by root
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: + ??? root:rubyman
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332755 of user rubyman.
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1575]: pam_unix(su:session): session closed for user rubyman
May  5 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332755.
May  5 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Invalid user est from 185.213.164.101
May  5 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: input_userauth_request: invalid user est [preauth]
May  5 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session closed for user root
May  5 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Failed password for invalid user est from 185.213.164.101 port 53646 ssh2
May  5 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1503]: pam_unix(cron:session): session closed for user samftp
May  5 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Received disconnect from 185.213.164.101 port 53646:11: Bye Bye [preauth]
May  5 08:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Disconnected from 185.213.164.101 port 53646 [preauth]
May  5 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[564]: pam_unix(cron:session): session closed for user root
May  5 08:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Invalid user vincent from 46.244.96.25
May  5 08:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: input_userauth_request: invalid user vincent [preauth]
May  5 08:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 08:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Failed password for invalid user vincent from 46.244.96.25 port 42298 ssh2
May  5 08:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Connection closed by 46.244.96.25 port 42298 [preauth]
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2024]: pam_unix(cron:session): session closed for user p13x
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2086]: Successful su for rubyman by root
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2086]: + ??? root:rubyman
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332758 of user rubyman.
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2086]: pam_unix(su:session): session closed for user rubyman
May  5 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332758.
May  5 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session closed for user root
May  5 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session closed for user samftp
May  5 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session closed for user root
May  5 08:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Failed password for root from 218.92.0.179 port 39521 ssh2
May  5 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39521 ssh2]
May  5 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Received disconnect from 218.92.0.179 port 39521:11:  [preauth]
May  5 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Disconnected from 218.92.0.179 port 39521 [preauth]
May  5 08:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session closed for user p13x
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2507]: Successful su for rubyman by root
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2507]: + ??? root:rubyman
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332762 of user rubyman.
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2507]: pam_unix(su:session): session closed for user rubyman
May  5 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332762.
May  5 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32091]: pam_unix(cron:session): session closed for user root
May  5 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session closed for user samftp
May  5 08:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Invalid user cloud from 163.172.50.15
May  5 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: input_userauth_request: invalid user cloud [preauth]
May  5 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Failed password for invalid user cloud from 163.172.50.15 port 60082 ssh2
May  5 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Received disconnect from 163.172.50.15 port 60082:11: Bye Bye [preauth]
May  5 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2729]: Disconnected from 163.172.50.15 port 60082 [preauth]
May  5 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session closed for user root
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session closed for user root
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user p13x
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: Successful su for rubyman by root
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: + ??? root:rubyman
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332765 of user rubyman.
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: pam_unix(su:session): session closed for user rubyman
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332765.
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Invalid user solana from 2.57.122.57
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: input_userauth_request: invalid user solana [preauth]
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Failed password for invalid user solana from 2.57.122.57 port 34008 ssh2
May  5 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2867]: Connection closed by 2.57.122.57 port 34008 [preauth]
May  5 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session closed for user root
May  5 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user root
May  5 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user samftp
May  5 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: Invalid user daniel from 162.214.226.167
May  5 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: input_userauth_request: invalid user daniel [preauth]
May  5 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: Failed password for invalid user daniel from 162.214.226.167 port 58144 ssh2
May  5 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: Received disconnect from 162.214.226.167 port 58144:11: Bye Bye [preauth]
May  5 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3208]: Disconnected from 162.214.226.167 port 58144 [preauth]
May  5 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2028]: pam_unix(cron:session): session closed for user root
May  5 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3313]: pam_unix(cron:session): session closed for user p13x
May  5 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3396]: Successful su for rubyman by root
May  5 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3396]: + ??? root:rubyman
May  5 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332772 of user rubyman.
May  5 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3396]: pam_unix(su:session): session closed for user rubyman
May  5 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332772.
May  5 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[563]: pam_unix(cron:session): session closed for user root
May  5 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3314]: pam_unix(cron:session): session closed for user samftp
May  5 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2443]: pam_unix(cron:session): session closed for user root
May  5 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Invalid user User from 176.31.162.135
May  5 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: input_userauth_request: invalid user User [preauth]
May  5 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 08:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Failed password for invalid user User from 176.31.162.135 port 52612 ssh2
May  5 08:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3718]: Connection closed by 176.31.162.135 port 52612 [preauth]
May  5 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3772]: pam_unix(cron:session): session closed for user p13x
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3831]: Successful su for rubyman by root
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3831]: + ??? root:rubyman
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332775 of user rubyman.
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3831]: pam_unix(su:session): session closed for user rubyman
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332775.
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Invalid user sam from 185.213.164.101
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: input_userauth_request: invalid user sam [preauth]
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1034]: pam_unix(cron:session): session closed for user root
May  5 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Failed password for invalid user sam from 185.213.164.101 port 52980 ssh2
May  5 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Received disconnect from 185.213.164.101 port 52980:11: Bye Bye [preauth]
May  5 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3769]: Disconnected from 185.213.164.101 port 52980 [preauth]
May  5 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session closed for user samftp
May  5 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session closed for user root
May  5 08:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Invalid user yichen from 103.90.226.193
May  5 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: input_userauth_request: invalid user yichen [preauth]
May  5 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Failed password for invalid user yichen from 103.90.226.193 port 44180 ssh2
May  5 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Received disconnect from 103.90.226.193 port 44180:11: Bye Bye [preauth]
May  5 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4188]: Disconnected from 103.90.226.193 port 44180 [preauth]
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user p13x
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: Successful su for rubyman by root
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: + ??? root:rubyman
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332779 of user rubyman.
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4381]: pam_unix(su:session): session closed for user rubyman
May  5 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332779.
May  5 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session closed for user root
May  5 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session closed for user samftp
May  5 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3317]: pam_unix(cron:session): session closed for user root
May  5 08:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Invalid user system from 163.172.50.15
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: input_userauth_request: invalid user system [preauth]
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Invalid user admin from 80.94.95.112
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: input_userauth_request: invalid user admin [preauth]
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Failed password for invalid user system from 163.172.50.15 port 47022 ssh2
May  5 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Received disconnect from 163.172.50.15 port 47022:11: Bye Bye [preauth]
May  5 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Disconnected from 163.172.50.15 port 47022 [preauth]
May  5 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user admin from 80.94.95.112 port 54164 ssh2
May  5 08:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user admin from 80.94.95.112 port 54164 ssh2
May  5 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user admin from 80.94.95.112 port 54164 ssh2
May  5 08:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user admin from 80.94.95.112 port 54164 ssh2
May  5 08:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user admin from 80.94.95.112 port 54164 ssh2
May  5 08:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Received disconnect from 80.94.95.112 port 54164:11: Bye [preauth]
May  5 08:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Disconnected from 80.94.95.112 port 54164 [preauth]
May  5 08:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 08:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4776]: pam_unix(cron:session): session closed for user p13x
May  5 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: Successful su for rubyman by root
May  5 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: + ??? root:rubyman
May  5 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332784 of user rubyman.
May  5 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session closed for user rubyman
May  5 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332784.
May  5 08:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session closed for user root
May  5 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4777]: pam_unix(cron:session): session closed for user samftp
May  5 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session closed for user root
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5388]: pam_unix(cron:session): session closed for user root
May  5 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session closed for user p13x
May  5 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: Successful su for rubyman by root
May  5 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: + ??? root:rubyman
May  5 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332788 of user rubyman.
May  5 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5465]: pam_unix(su:session): session closed for user rubyman
May  5 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332788.
May  5 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2441]: pam_unix(cron:session): session closed for user root
May  5 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5385]: pam_unix(cron:session): session closed for user root
May  5 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Invalid user parisa from 162.214.226.167
May  5 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: input_userauth_request: invalid user parisa [preauth]
May  5 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5384]: pam_unix(cron:session): session closed for user samftp
May  5 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for invalid user parisa from 162.214.226.167 port 38234 ssh2
May  5 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Received disconnect from 162.214.226.167 port 38234:11: Bye Bye [preauth]
May  5 08:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Disconnected from 162.214.226.167 port 38234 [preauth]
May  5 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user root
May  5 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for root from 218.92.0.179 port 39975 ssh2
May  5 08:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39975 ssh2]
May  5 08:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Received disconnect from 218.92.0.179 port 39975:11:  [preauth]
May  5 08:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Disconnected from 218.92.0.179 port 39975 [preauth]
May  5 08:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user p13x
May  5 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6044]: Successful su for rubyman by root
May  5 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6044]: + ??? root:rubyman
May  5 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332793 of user rubyman.
May  5 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6044]: pam_unix(su:session): session closed for user rubyman
May  5 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332793.
May  5 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2874]: pam_unix(cron:session): session closed for user root
May  5 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session closed for user samftp
May  5 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user root
May  5 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Invalid user solana from 2.57.122.57
May  5 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: input_userauth_request: invalid user solana [preauth]
May  5 08:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Failed password for invalid user solana from 2.57.122.57 port 49556 ssh2
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6388]: Connection closed by 2.57.122.57 port 49556 [preauth]
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user p13x
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: Successful su for rubyman by root
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: + ??? root:rubyman
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332800 of user rubyman.
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session closed for user rubyman
May  5 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332800.
May  5 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3316]: pam_unix(cron:session): session closed for user root
May  5 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session closed for user samftp
May  5 08:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Invalid user fangwei from 185.213.164.101
May  5 08:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: input_userauth_request: invalid user fangwei [preauth]
May  5 08:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Failed password for invalid user fangwei from 185.213.164.101 port 46846 ssh2
May  5 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Received disconnect from 185.213.164.101 port 46846:11: Bye Bye [preauth]
May  5 08:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Disconnected from 185.213.164.101 port 46846 [preauth]
May  5 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5387]: pam_unix(cron:session): session closed for user root
May  5 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user p13x
May  5 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: Successful su for rubyman by root
May  5 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: + ??? root:rubyman
May  5 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332802 of user rubyman.
May  5 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6869]: pam_unix(su:session): session closed for user rubyman
May  5 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332802.
May  5 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session closed for user root
May  5 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user samftp
May  5 08:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Invalid user cqs from 163.172.50.15
May  5 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: input_userauth_request: invalid user cqs [preauth]
May  5 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Failed password for root from 218.92.0.179 port 21951 ssh2
May  5 08:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for invalid user cqs from 163.172.50.15 port 59598 ssh2
May  5 08:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Received disconnect from 163.172.50.15 port 59598:11: Bye Bye [preauth]
May  5 08:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Disconnected from 163.172.50.15 port 59598 [preauth]
May  5 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Failed password for root from 218.92.0.179 port 21951 ssh2
May  5 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Failed password for root from 218.92.0.179 port 21951 ssh2
May  5 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Received disconnect from 218.92.0.179 port 21951:11:  [preauth]
May  5 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: Disconnected from 218.92.0.179 port 21951 [preauth]
May  5 08:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7175]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
May  5 08:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Invalid user fangwei from 103.90.226.193
May  5 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: input_userauth_request: invalid user fangwei [preauth]
May  5 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Failed password for invalid user fangwei from 103.90.226.193 port 52484 ssh2
May  5 08:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Received disconnect from 103.90.226.193 port 52484:11: Bye Bye [preauth]
May  5 08:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Disconnected from 103.90.226.193 port 52484 [preauth]
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session closed for user p13x
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: Successful su for rubyman by root
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: + ??? root:rubyman
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332807 of user rubyman.
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7378]: pam_unix(su:session): session closed for user rubyman
May  5 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332807.
May  5 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user root
May  5 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user samftp
May  5 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user root
May  5 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for root from 162.214.226.167 port 46506 ssh2
May  5 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Received disconnect from 162.214.226.167 port 46506:11: Bye Bye [preauth]
May  5 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Disconnected from 162.214.226.167 port 46506 [preauth]
May  5 08:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Did not receive identification string from 80.64.18.84
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session closed for user root
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session closed for user p13x
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: Successful su for rubyman by root
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: + ??? root:rubyman
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332810 of user rubyman.
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: pam_unix(su:session): session closed for user rubyman
May  5 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332810.
May  5 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user root
May  5 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user root
May  5 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user samftp
May  5 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session closed for user root
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8304]: pam_unix(cron:session): session closed for user p13x
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: Successful su for rubyman by root
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: + ??? root:rubyman
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332816 of user rubyman.
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8374]: pam_unix(su:session): session closed for user rubyman
May  5 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332816.
May  5 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5386]: pam_unix(cron:session): session closed for user root
May  5 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session closed for user samftp
May  5 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user root
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8738]: pam_unix(cron:session): session closed for user p13x
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: Successful su for rubyman by root
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: + ??? root:rubyman
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332819 of user rubyman.
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8799]: pam_unix(su:session): session closed for user rubyman
May  5 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332819.
May  5 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session closed for user root
May  5 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8740]: pam_unix(cron:session): session closed for user samftp
May  5 08:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Failed password for root from 185.213.164.101 port 57452 ssh2
May  5 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Received disconnect from 185.213.164.101 port 57452:11: Bye Bye [preauth]
May  5 08:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9029]: Disconnected from 185.213.164.101 port 57452 [preauth]
May  5 08:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user root
May  5 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Invalid user chenshan from 163.172.50.15
May  5 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: input_userauth_request: invalid user chenshan [preauth]
May  5 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user chenshan from 163.172.50.15 port 34544 ssh2
May  5 08:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Received disconnect from 163.172.50.15 port 34544:11: Bye Bye [preauth]
May  5 08:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Disconnected from 163.172.50.15 port 34544 [preauth]
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session closed for user p13x
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: Successful su for rubyman by root
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: + ??? root:rubyman
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332824 of user rubyman.
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: pam_unix(su:session): session closed for user rubyman
May  5 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332824.
May  5 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session closed for user root
May  5 08:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9243]: pam_unix(cron:session): session closed for user samftp
May  5 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user root
May  5 08:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Failed password for root from 2.57.122.57 port 49294 ssh2
May  5 08:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9655]: Connection closed by 2.57.122.57 port 49294 [preauth]
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9669]: pam_unix(cron:session): session closed for user p13x
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9793]: Successful su for rubyman by root
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9793]: + ??? root:rubyman
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332830 of user rubyman.
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9793]: pam_unix(su:session): session closed for user rubyman
May  5 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332830.
May  5 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9667]: pam_unix(cron:session): session closed for user root
May  5 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session closed for user root
May  5 08:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9670]: pam_unix(cron:session): session closed for user samftp
May  5 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Invalid user sam from 162.214.226.167
May  5 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: input_userauth_request: invalid user sam [preauth]
May  5 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Failed password for invalid user sam from 162.214.226.167 port 54842 ssh2
May  5 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Received disconnect from 162.214.226.167 port 54842:11: Bye Bye [preauth]
May  5 08:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Disconnected from 162.214.226.167 port 54842 [preauth]
May  5 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8742]: pam_unix(cron:session): session closed for user root
May  5 08:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: Invalid user subhash from 103.90.226.193
May  5 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: input_userauth_request: invalid user subhash [preauth]
May  5 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: Failed password for invalid user subhash from 103.90.226.193 port 60776 ssh2
May  5 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: Received disconnect from 103.90.226.193 port 60776:11: Bye Bye [preauth]
May  5 08:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10114]: Disconnected from 103.90.226.193 port 60776 [preauth]
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10167]: pam_unix(cron:session): session closed for user root
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user p13x
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: Successful su for rubyman by root
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: + ??? root:rubyman
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332834 of user rubyman.
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session closed for user rubyman
May  5 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332834.
May  5 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session closed for user root
May  5 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user root
May  5 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session closed for user samftp
May  5 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9245]: pam_unix(cron:session): session closed for user root
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session closed for user p13x
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: Successful su for rubyman by root
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: + ??? root:rubyman
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332840 of user rubyman.
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10837]: pam_unix(su:session): session closed for user rubyman
May  5 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332840.
May  5 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session closed for user root
May  5 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session closed for user samftp
May  5 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9673]: pam_unix(cron:session): session closed for user root
May  5 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Failed password for root from 218.92.0.179 port 21951 ssh2
May  5 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 21951 ssh2]
May  5 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Received disconnect from 218.92.0.179 port 21951:11:  [preauth]
May  5 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Disconnected from 218.92.0.179 port 21951 [preauth]
May  5 08:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user p13x
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: Successful su for rubyman by root
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: + ??? root:rubyman
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332844 of user rubyman.
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session closed for user rubyman
May  5 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332844.
May  5 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user root
May  5 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Invalid user angel from 163.172.50.15
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: input_userauth_request: invalid user angel [preauth]
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Invalid user radmin from 50.235.31.47
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: input_userauth_request: invalid user radmin [preauth]
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user samftp
May  5 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Failed password for invalid user angel from 163.172.50.15 port 57764 ssh2
May  5 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Received disconnect from 163.172.50.15 port 57764:11: Bye Bye [preauth]
May  5 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11380]: Disconnected from 163.172.50.15 port 57764 [preauth]
May  5 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Failed password for invalid user radmin from 50.235.31.47 port 58314 ssh2
May  5 08:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11388]: Connection closed by 50.235.31.47 port 58314 [preauth]
May  5 08:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 08:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Failed password for root from 185.213.164.101 port 33852 ssh2
May  5 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Received disconnect from 185.213.164.101 port 33852:11: Bye Bye [preauth]
May  5 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Disconnected from 185.213.164.101 port 33852 [preauth]
May  5 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session closed for user root
May  5 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11575]: pam_unix(cron:session): session closed for user p13x
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11635]: Successful su for rubyman by root
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11635]: + ??? root:rubyman
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332847 of user rubyman.
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11635]: pam_unix(su:session): session closed for user rubyman
May  5 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332847.
May  5 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8741]: pam_unix(cron:session): session closed for user root
May  5 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session closed for user samftp
May  5 08:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10773]: pam_unix(cron:session): session closed for user root
May  5 08:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Invalid user admin from 139.19.117.131
May  5 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: input_userauth_request: invalid user admin [preauth]
May  5 08:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Connection closed by 139.19.117.131 port 47034 [preauth]
May  5 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session closed for user p13x
May  5 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: Successful su for rubyman by root
May  5 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: + ??? root:rubyman
May  5 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332850 of user rubyman.
May  5 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: pam_unix(su:session): session closed for user rubyman
May  5 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332850.
May  5 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9244]: pam_unix(cron:session): session closed for user root
May  5 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session closed for user samftp
May  5 08:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 08:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Failed password for root from 162.214.226.167 port 34908 ssh2
May  5 08:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Received disconnect from 162.214.226.167 port 34908:11: Bye Bye [preauth]
May  5 08:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12197]: Disconnected from 162.214.226.167 port 34908 [preauth]
May  5 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11168]: pam_unix(cron:session): session closed for user root
May  5 08:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Invalid user lighthouse from 164.68.105.9
May  5 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: input_userauth_request: invalid user lighthouse [preauth]
May  5 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Failed password for invalid user lighthouse from 164.68.105.9 port 34486 ssh2
May  5 08:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Connection closed by 164.68.105.9 port 34486 [preauth]
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12370]: pam_unix(cron:session): session closed for user root
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12365]: pam_unix(cron:session): session closed for user p13x
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: Successful su for rubyman by root
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: + ??? root:rubyman
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332855 of user rubyman.
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12432]: pam_unix(su:session): session closed for user rubyman
May  5 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332855.
May  5 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user root
May  5 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9672]: pam_unix(cron:session): session closed for user root
May  5 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session closed for user samftp
May  5 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11578]: pam_unix(cron:session): session closed for user root
May  5 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Invalid user parisa from 103.90.226.193
May  5 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: input_userauth_request: invalid user parisa [preauth]
May  5 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Failed password for invalid user parisa from 103.90.226.193 port 40846 ssh2
May  5 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Received disconnect from 103.90.226.193 port 40846:11: Bye Bye [preauth]
May  5 08:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12698]: Disconnected from 103.90.226.193 port 40846 [preauth]
May  5 08:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 08:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: Failed password for root from 2.57.122.57 port 52254 ssh2
May  5 08:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12768]: Connection closed by 2.57.122.57 port 52254 [preauth]
May  5 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session closed for user p13x
May  5 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12857]: Successful su for rubyman by root
May  5 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12857]: + ??? root:rubyman
May  5 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332861 of user rubyman.
May  5 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12857]: pam_unix(su:session): session closed for user rubyman
May  5 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332861.
May  5 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session closed for user root
May  5 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user samftp
May  5 08:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 08:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Failed password for root from 185.93.89.118 port 56400 ssh2
May  5 08:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12770]: Connection closed by 185.93.89.118 port 56400 [preauth]
May  5 08:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 08:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Failed password for root from 185.93.89.118 port 26136 ssh2
May  5 08:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Connection closed by 185.93.89.118 port 26136 [preauth]
May  5 08:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11965]: pam_unix(cron:session): session closed for user root
May  5 08:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15  user=root
May  5 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Failed password for root from 163.172.50.15 port 50730 ssh2
May  5 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Received disconnect from 163.172.50.15 port 50730:11: Bye Bye [preauth]
May  5 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13135]: Disconnected from 163.172.50.15 port 50730 [preauth]
May  5 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 08:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Failed password for root from 185.93.89.118 port 35654 ssh2
May  5 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Connection closed by 185.93.89.118 port 35654 [preauth]
May  5 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 08:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13166]: Failed password for root from 185.93.89.118 port 32948 ssh2
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session closed for user p13x
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: Successful su for rubyman by root
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: + ??? root:rubyman
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332864 of user rubyman.
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13255]: pam_unix(su:session): session closed for user rubyman
May  5 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332864.
May  5 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13166]: Connection closed by 185.93.89.118 port 32948 [preauth]
May  5 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10772]: pam_unix(cron:session): session closed for user root
May  5 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session closed for user samftp
May  5 08:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 08:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13333]: Failed password for root from 185.93.89.118 port 3386 ssh2
May  5 08:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13333]: Connection closed by 185.93.89.118 port 3386 [preauth]
May  5 08:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user root
May  5 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Failed password for root from 185.213.164.101 port 54416 ssh2
May  5 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Received disconnect from 185.213.164.101 port 54416:11: Bye Bye [preauth]
May  5 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13607]: Disconnected from 185.213.164.101 port 54416 [preauth]
May  5 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session closed for user p13x
May  5 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: Successful su for rubyman by root
May  5 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: + ??? root:rubyman
May  5 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332868 of user rubyman.
May  5 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: pam_unix(su:session): session closed for user rubyman
May  5 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332868.
May  5 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session closed for user root
May  5 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session closed for user samftp
May  5 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user root
May  5 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: Invalid user tmp from 162.214.226.167
May  5 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: input_userauth_request: invalid user tmp [preauth]
May  5 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: Failed password for invalid user tmp from 162.214.226.167 port 43244 ssh2
May  5 08:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: Received disconnect from 162.214.226.167 port 43244:11: Bye Bye [preauth]
May  5 08:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14079]: Disconnected from 162.214.226.167 port 43244 [preauth]
May  5 08:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: Failed password for root from 218.92.0.179 port 19076 ssh2
May  5 08:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 19076 ssh2]
May  5 08:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: Received disconnect from 218.92.0.179 port 19076:11:  [preauth]
May  5 08:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: Disconnected from 218.92.0.179 port 19076 [preauth]
May  5 08:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14081]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Invalid user ubnt from 80.94.95.241
May  5 08:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: input_userauth_request: invalid user ubnt [preauth]
May  5 08:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session closed for user p13x
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Failed password for invalid user ubnt from 80.94.95.241 port 24025 ssh2
May  5 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: Successful su for rubyman by root
May  5 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: + ??? root:rubyman
May  5 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332873 of user rubyman.
May  5 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: pam_unix(su:session): session closed for user rubyman
May  5 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332873.
May  5 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Failed password for invalid user ubnt from 80.94.95.241 port 24025 ssh2
May  5 08:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session closed for user root
May  5 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Failed password for invalid user ubnt from 80.94.95.241 port 24025 ssh2
May  5 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session closed for user samftp
May  5 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Failed password for invalid user ubnt from 80.94.95.241 port 24025 ssh2
May  5 08:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Failed password for invalid user ubnt from 80.94.95.241 port 24025 ssh2
May  5 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Received disconnect from 80.94.95.241 port 24025:11: Bye [preauth]
May  5 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: Disconnected from 80.94.95.241 port 24025 [preauth]
May  5 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14101]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session closed for user root
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user root
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14507]: pam_unix(cron:session): session closed for user p13x
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14579]: Successful su for rubyman by root
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14579]: + ??? root:rubyman
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332876 of user rubyman.
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14579]: pam_unix(su:session): session closed for user rubyman
May  5 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332876.
May  5 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session closed for user root
May  5 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session closed for user root
May  5 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14508]: pam_unix(cron:session): session closed for user samftp
May  5 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13704]: pam_unix(cron:session): session closed for user root
May  5 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14949]: pam_unix(cron:session): session closed for user p13x
May  5 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: Successful su for rubyman by root
May  5 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: + ??? root:rubyman
May  5 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332883 of user rubyman.
May  5 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15018]: pam_unix(su:session): session closed for user rubyman
May  5 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332883.
May  5 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session closed for user root
May  5 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14950]: pam_unix(cron:session): session closed for user samftp
May  5 08:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Invalid user dcsl from 163.172.50.15
May  5 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: input_userauth_request: invalid user dcsl [preauth]
May  5 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Failed password for invalid user dcsl from 163.172.50.15 port 36342 ssh2
May  5 08:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Received disconnect from 163.172.50.15 port 36342:11: Bye Bye [preauth]
May  5 08:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Disconnected from 163.172.50.15 port 36342 [preauth]
May  5 08:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Invalid user admin from 103.90.226.193
May  5 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: input_userauth_request: invalid user admin [preauth]
May  5 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Failed password for invalid user admin from 103.90.226.193 port 49146 ssh2
May  5 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Received disconnect from 103.90.226.193 port 49146:11: Bye Bye [preauth]
May  5 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15260]: Disconnected from 103.90.226.193 port 49146 [preauth]
May  5 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14115]: pam_unix(cron:session): session closed for user root
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15355]: pam_unix(cron:session): session closed for user p13x
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15414]: Successful su for rubyman by root
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15414]: + ??? root:rubyman
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332888 of user rubyman.
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15414]: pam_unix(su:session): session closed for user rubyman
May  5 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332888.
May  5 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user root
May  5 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15356]: pam_unix(cron:session): session closed for user samftp
May  5 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session closed for user root
May  5 08:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Invalid user admin from 185.213.164.101
May  5 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: input_userauth_request: invalid user admin [preauth]
May  5 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Failed password for invalid user admin from 185.213.164.101 port 34152 ssh2
May  5 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Received disconnect from 185.213.164.101 port 34152:11: Bye Bye [preauth]
May  5 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: Disconnected from 185.213.164.101 port 34152 [preauth]
May  5 08:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Failed password for root from 2.57.122.57 port 57724 ssh2
May  5 08:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Connection closed by 2.57.122.57 port 57724 [preauth]
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15745]: pam_unix(cron:session): session closed for user p13x
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15808]: Successful su for rubyman by root
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15808]: + ??? root:rubyman
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332891 of user rubyman.
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15808]: pam_unix(su:session): session closed for user rubyman
May  5 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332891.
May  5 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session closed for user root
May  5 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15746]: pam_unix(cron:session): session closed for user samftp
May  5 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Invalid user venus from 162.214.226.167
May  5 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: input_userauth_request: invalid user venus [preauth]
May  5 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 08:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Failed password for invalid user venus from 162.214.226.167 port 51560 ssh2
May  5 08:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Received disconnect from 162.214.226.167 port 51560:11: Bye Bye [preauth]
May  5 08:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16027]: Disconnected from 162.214.226.167 port 51560 [preauth]
May  5 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user root
May  5 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16133]: pam_unix(cron:session): session closed for user p13x
May  5 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16200]: Successful su for rubyman by root
May  5 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16200]: + ??? root:rubyman
May  5 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332895 of user rubyman.
May  5 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16200]: pam_unix(su:session): session closed for user rubyman
May  5 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332895.
May  5 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session closed for user root
May  5 08:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16134]: pam_unix(cron:session): session closed for user samftp
May  5 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15358]: pam_unix(cron:session): session closed for user root
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16567]: pam_unix(cron:session): session closed for user root
May  5 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user p13x
May  5 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16648]: Successful su for rubyman by root
May  5 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16648]: + ??? root:rubyman
May  5 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332900 of user rubyman.
May  5 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16648]: pam_unix(su:session): session closed for user rubyman
May  5 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332900.
May  5 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16564]: pam_unix(cron:session): session closed for user root
May  5 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session closed for user root
May  5 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16563]: pam_unix(cron:session): session closed for user samftp
May  5 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15748]: pam_unix(cron:session): session closed for user root
May  5 08:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for root from 218.92.0.179 port 52259 ssh2
May  5 08:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for root from 218.92.0.179 port 52259 ssh2
May  5 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Invalid user sysadmin from 163.172.50.15
May  5 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: input_userauth_request: invalid user sysadmin [preauth]
May  5 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for root from 218.92.0.179 port 52259 ssh2
May  5 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Received disconnect from 218.92.0.179 port 52259:11:  [preauth]
May  5 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Disconnected from 218.92.0.179 port 52259 [preauth]
May  5 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Failed password for invalid user sysadmin from 163.172.50.15 port 47788 ssh2
May  5 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Received disconnect from 163.172.50.15 port 47788:11: Bye Bye [preauth]
May  5 08:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17017]: Disconnected from 163.172.50.15 port 47788 [preauth]
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session closed for user p13x
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17107]: Successful su for rubyman by root
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17107]: + ??? root:rubyman
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332904 of user rubyman.
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17107]: pam_unix(su:session): session closed for user rubyman
May  5 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332904.
May  5 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session closed for user root
May  5 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17039]: pam_unix(cron:session): session closed for user samftp
May  5 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16136]: pam_unix(cron:session): session closed for user root
May  5 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17440]: pam_unix(cron:session): session closed for user p13x
May  5 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: Successful su for rubyman by root
May  5 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: + ??? root:rubyman
May  5 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332908 of user rubyman.
May  5 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17517]: pam_unix(su:session): session closed for user rubyman
May  5 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332908.
May  5 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14951]: pam_unix(cron:session): session closed for user root
May  5 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session closed for user samftp
May  5 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16566]: pam_unix(cron:session): session closed for user root
May  5 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 08:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Failed password for root from 103.90.226.193 port 57466 ssh2
May  5 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Received disconnect from 103.90.226.193 port 57466:11: Bye Bye [preauth]
May  5 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17912]: Disconnected from 103.90.226.193 port 57466 [preauth]
May  5 08:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Invalid user testemail from 193.70.84.184
May  5 08:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: input_userauth_request: invalid user testemail [preauth]
May  5 08:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 08:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Failed password for invalid user testemail from 193.70.84.184 port 49304 ssh2
May  5 08:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17927]: Connection closed by 193.70.84.184 port 49304 [preauth]
May  5 08:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Failed password for root from 185.213.164.101 port 50640 ssh2
May  5 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Received disconnect from 185.213.164.101 port 50640:11: Bye Bye [preauth]
May  5 08:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17961]: Disconnected from 185.213.164.101 port 50640 [preauth]
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17983]: pam_unix(cron:session): session closed for user p13x
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18051]: Successful su for rubyman by root
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18051]: + ??? root:rubyman
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332912 of user rubyman.
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18051]: pam_unix(su:session): session closed for user rubyman
May  5 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332912.
May  5 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15357]: pam_unix(cron:session): session closed for user root
May  5 08:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17984]: pam_unix(cron:session): session closed for user samftp
May  5 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Failed password for root from 162.214.226.167 port 59864 ssh2
May  5 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Received disconnect from 162.214.226.167 port 59864:11: Bye Bye [preauth]
May  5 08:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18239]: Disconnected from 162.214.226.167 port 59864 [preauth]
May  5 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17041]: pam_unix(cron:session): session closed for user root
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18399]: pam_unix(cron:session): session closed for user p13x
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: Successful su for rubyman by root
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: + ??? root:rubyman
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332916 of user rubyman.
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18466]: pam_unix(su:session): session closed for user rubyman
May  5 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332916.
May  5 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15747]: pam_unix(cron:session): session closed for user root
May  5 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18400]: pam_unix(cron:session): session closed for user samftp
May  5 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17443]: pam_unix(cron:session): session closed for user root
May  5 08:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Invalid user firedancer from 2.57.122.57
May  5 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: input_userauth_request: invalid user firedancer [preauth]
May  5 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: pam_unix(sshd:auth): check pass; user unknown
May  5 08:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Failed password for invalid user firedancer from 2.57.122.57 port 49116 ssh2
May  5 08:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18785]: Connection closed by 2.57.122.57 port 49116 [preauth]
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18820]: pam_unix(cron:session): session closed for user root
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18825]: pam_unix(cron:session): session closed for user root
May  5 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18817]: pam_unix(cron:session): session closed for user p13x
May  5 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: Successful su for rubyman by root
May  5 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: + ??? root:rubyman
May  5 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332924 of user rubyman.
May  5 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: pam_unix(su:session): session closed for user rubyman
May  5 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332924.
May  5 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16135]: pam_unix(cron:session): session closed for user root
May  5 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18821]: pam_unix(cron:session): session closed for user root
May  5 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18818]: pam_unix(cron:session): session closed for user samftp
May  5 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15  user=root
May  5 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: Failed password for root from 163.172.50.15 port 36870 ssh2
May  5 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: Received disconnect from 163.172.50.15 port 36870:11: Bye Bye [preauth]
May  5 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: Disconnected from 163.172.50.15 port 36870 [preauth]
May  5 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session closed for user root
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19328]: pam_unix(cron:session): session closed for user p13x
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19393]: Successful su for rubyman by root
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19393]: + ??? root:rubyman
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332928 of user rubyman.
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19393]: pam_unix(su:session): session closed for user rubyman
May  5 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332928.
May  5 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16565]: pam_unix(cron:session): session closed for user root
May  5 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19329]: pam_unix(cron:session): session closed for user samftp
May  5 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18403]: pam_unix(cron:session): session closed for user root
May  5 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19747]: pam_unix(cron:session): session closed for user p13x
May  5 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: Successful su for rubyman by root
May  5 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: + ??? root:rubyman
May  5 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332932 of user rubyman.
May  5 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19807]: pam_unix(su:session): session closed for user rubyman
May  5 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332932.
May  5 09:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17040]: pam_unix(cron:session): session closed for user root
May  5 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19748]: pam_unix(cron:session): session closed for user samftp
May  5 09:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18824]: pam_unix(cron:session): session closed for user root
May  5 09:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Failed password for root from 218.92.0.179 port 56895 ssh2
May  5 09:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56895 ssh2]
May  5 09:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Received disconnect from 218.92.0.179 port 56895:11:  [preauth]
May  5 09:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: Disconnected from 218.92.0.179 port 56895 [preauth]
May  5 09:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20101]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: Invalid user fangwei from 162.214.226.167
May  5 09:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: input_userauth_request: invalid user fangwei [preauth]
May  5 09:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 09:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: Failed password for invalid user fangwei from 162.214.226.167 port 39922 ssh2
May  5 09:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: Received disconnect from 162.214.226.167 port 39922:11: Bye Bye [preauth]
May  5 09:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: Disconnected from 162.214.226.167 port 39922 [preauth]
May  5 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session closed for user p13x
May  5 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20222]: Successful su for rubyman by root
May  5 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20222]: + ??? root:rubyman
May  5 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332936 of user rubyman.
May  5 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20222]: pam_unix(su:session): session closed for user rubyman
May  5 09:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332936.
May  5 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session closed for user root
May  5 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20164]: pam_unix(cron:session): session closed for user samftp
May  5 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101  user=root
May  5 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Failed password for root from 185.213.164.101 port 49708 ssh2
May  5 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Received disconnect from 185.213.164.101 port 49708:11: Bye Bye [preauth]
May  5 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Disconnected from 185.213.164.101 port 49708 [preauth]
May  5 09:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19331]: pam_unix(cron:session): session closed for user root
May  5 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 09:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Failed password for root from 103.90.226.193 port 37550 ssh2
May  5 09:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Received disconnect from 103.90.226.193 port 37550:11: Bye Bye [preauth]
May  5 09:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20501]: Disconnected from 103.90.226.193 port 37550 [preauth]
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20561]: pam_unix(cron:session): session closed for user p13x
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: Successful su for rubyman by root
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: + ??? root:rubyman
May  5 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332940 of user rubyman.
May  5 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20620]: pam_unix(su:session): session closed for user rubyman
May  5 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332940.
May  5 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17985]: pam_unix(cron:session): session closed for user root
May  5 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20562]: pam_unix(cron:session): session closed for user samftp
May  5 09:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Invalid user squid from 80.94.95.125
May  5 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: input_userauth_request: invalid user squid [preauth]
May  5 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 09:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for invalid user squid from 80.94.95.125 port 51954 ssh2
May  5 09:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for invalid user squid from 80.94.95.125 port 51954 ssh2
May  5 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for invalid user squid from 80.94.95.125 port 51954 ssh2
May  5 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for invalid user squid from 80.94.95.125 port 51954 ssh2
May  5 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for invalid user squid from 80.94.95.125 port 51954 ssh2
May  5 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Received disconnect from 80.94.95.125 port 51954:11: Bye [preauth]
May  5 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Disconnected from 80.94.95.125 port 51954 [preauth]
May  5 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19750]: pam_unix(cron:session): session closed for user root
May  5 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Invalid user Data from 163.172.50.15
May  5 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: input_userauth_request: invalid user Data [preauth]
May  5 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Failed password for invalid user Data from 163.172.50.15 port 60774 ssh2
May  5 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Received disconnect from 163.172.50.15 port 60774:11: Bye Bye [preauth]
May  5 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Disconnected from 163.172.50.15 port 60774 [preauth]
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user root
May  5 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session closed for user p13x
May  5 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21042]: Successful su for rubyman by root
May  5 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21042]: + ??? root:rubyman
May  5 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332945 of user rubyman.
May  5 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21042]: pam_unix(su:session): session closed for user rubyman
May  5 09:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332945.
May  5 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18402]: pam_unix(cron:session): session closed for user root
May  5 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20974]: pam_unix(cron:session): session closed for user root
May  5 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session closed for user samftp
May  5 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20166]: pam_unix(cron:session): session closed for user root
May  5 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21442]: pam_unix(cron:session): session closed for user p13x
May  5 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21513]: Successful su for rubyman by root
May  5 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21513]: + ??? root:rubyman
May  5 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332950 of user rubyman.
May  5 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21513]: pam_unix(su:session): session closed for user rubyman
May  5 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332950.
May  5 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18823]: pam_unix(cron:session): session closed for user root
May  5 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21443]: pam_unix(cron:session): session closed for user samftp
May  5 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20564]: pam_unix(cron:session): session closed for user root
May  5 09:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Invalid user node from 2.57.122.57
May  5 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: input_userauth_request: invalid user node [preauth]
May  5 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Failed password for invalid user node from 2.57.122.57 port 40640 ssh2
May  5 09:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22129]: Connection closed by 2.57.122.57 port 40640 [preauth]
May  5 09:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Invalid user 0 from 195.178.110.50
May  5 09:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: input_userauth_request: invalid user 0 [preauth]
May  5 09:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Failed password for invalid user 0 from 195.178.110.50 port 48804 ssh2
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22177]: pam_unix(cron:session): session closed for user p13x
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22256]: Successful su for rubyman by root
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22256]: + ??? root:rubyman
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332953 of user rubyman.
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22256]: pam_unix(su:session): session closed for user rubyman
May  5 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332953.
May  5 09:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19330]: pam_unix(cron:session): session closed for user root
May  5 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22117]: Connection closed by 195.178.110.50 port 48804 [preauth]
May  5 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22178]: pam_unix(cron:session): session closed for user samftp
May  5 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: Invalid user o from 195.178.110.50
May  5 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: input_userauth_request: invalid user o [preauth]
May  5 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 09:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: Failed password for invalid user o from 195.178.110.50 port 24578 ssh2
May  5 09:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22454]: Connection closed by 195.178.110.50 port 24578 [preauth]
May  5 09:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Invalid user est from 162.214.226.167
May  5 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: input_userauth_request: invalid user est [preauth]
May  5 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20976]: pam_unix(cron:session): session closed for user root
May  5 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Failed password for invalid user est from 162.214.226.167 port 48238 ssh2
May  5 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Received disconnect from 162.214.226.167 port 48238:11: Bye Bye [preauth]
May  5 09:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Disconnected from 162.214.226.167 port 48238 [preauth]
May  5 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: Invalid user P from 195.178.110.50
May  5 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: input_userauth_request: invalid user P [preauth]
May  5 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 09:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: Failed password for invalid user P from 195.178.110.50 port 8980 ssh2
May  5 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22554]: Connection closed by 195.178.110.50 port 8980 [preauth]
May  5 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22648]: pam_unix(cron:session): session closed for user p13x
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22715]: Successful su for rubyman by root
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22715]: + ??? root:rubyman
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332959 of user rubyman.
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22715]: pam_unix(su:session): session closed for user rubyman
May  5 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332959.
May  5 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19749]: pam_unix(cron:session): session closed for user root
May  5 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22649]: pam_unix(cron:session): session closed for user samftp
May  5 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Invalid user 1 from 195.178.110.50
May  5 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: input_userauth_request: invalid user 1 [preauth]
May  5 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 09:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Failed password for invalid user 1 from 195.178.110.50 port 52120 ssh2
May  5 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22637]: Connection closed by 195.178.110.50 port 52120 [preauth]
May  5 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Invalid user daniel from 185.213.164.101
May  5 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: input_userauth_request: invalid user daniel [preauth]
May  5 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 09:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Failed password for invalid user daniel from 185.213.164.101 port 34930 ssh2
May  5 09:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Received disconnect from 185.213.164.101 port 34930:11: Bye Bye [preauth]
May  5 09:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Disconnected from 185.213.164.101 port 34930 [preauth]
May  5 09:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: Invalid user p from 195.178.110.50
May  5 09:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: input_userauth_request: invalid user p [preauth]
May  5 09:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: Failed password for invalid user p from 195.178.110.50 port 2580 ssh2
May  5 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21445]: pam_unix(cron:session): session closed for user root
May  5 09:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22988]: Connection closed by 195.178.110.50 port 2580 [preauth]
May  5 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session closed for user p13x
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23246]: Successful su for rubyman by root
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23246]: + ??? root:rubyman
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332962 of user rubyman.
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23246]: pam_unix(su:session): session closed for user rubyman
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332962.
May  5 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session closed for user root
May  5 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20165]: pam_unix(cron:session): session closed for user root
May  5 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23117]: pam_unix(cron:session): session closed for user samftp
May  5 09:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Invalid user gpu02 from 163.172.50.15
May  5 09:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: input_userauth_request: invalid user gpu02 [preauth]
May  5 09:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22181]: pam_unix(cron:session): session closed for user root
May  5 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user gpu02 from 163.172.50.15 port 48392 ssh2
May  5 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Received disconnect from 163.172.50.15 port 48392:11: Bye Bye [preauth]
May  5 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Disconnected from 163.172.50.15 port 48392 [preauth]
May  5 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Invalid user admin from 103.90.226.193
May  5 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: input_userauth_request: invalid user admin [preauth]
May  5 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 09:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Failed password for invalid user admin from 103.90.226.193 port 45864 ssh2
May  5 09:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Received disconnect from 103.90.226.193 port 45864:11: Bye Bye [preauth]
May  5 09:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Disconnected from 103.90.226.193 port 45864 [preauth]
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23720]: pam_unix(cron:session): session closed for user root
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23714]: pam_unix(cron:session): session closed for user p13x
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: Successful su for rubyman by root
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: + ??? root:rubyman
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332968 of user rubyman.
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23877]: pam_unix(su:session): session closed for user rubyman
May  5 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332968.
May  5 09:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23716]: pam_unix(cron:session): session closed for user root
May  5 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20563]: pam_unix(cron:session): session closed for user root
May  5 09:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23715]: pam_unix(cron:session): session closed for user samftp
May  5 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22651]: pam_unix(cron:session): session closed for user root
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session closed for user p13x
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24357]: Successful su for rubyman by root
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24357]: + ??? root:rubyman
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332973 of user rubyman.
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24357]: pam_unix(su:session): session closed for user rubyman
May  5 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332973.
May  5 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user root
May  5 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session closed for user samftp
May  5 09:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session closed for user root
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24728]: pam_unix(cron:session): session closed for user p13x
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24787]: Successful su for rubyman by root
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24787]: + ??? root:rubyman
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332976 of user rubyman.
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24787]: pam_unix(su:session): session closed for user rubyman
May  5 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332976.
May  5 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21444]: pam_unix(cron:session): session closed for user root
May  5 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session closed for user samftp
May  5 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Invalid user admin from 162.214.226.167
May  5 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: input_userauth_request: invalid user admin [preauth]
May  5 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Did not receive identification string from 182.43.12.71
May  5 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Failed password for invalid user admin from 162.214.226.167 port 56542 ssh2
May  5 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Received disconnect from 162.214.226.167 port 56542:11: Bye Bye [preauth]
May  5 09:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Disconnected from 162.214.226.167 port 56542 [preauth]
May  5 09:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23718]: pam_unix(cron:session): session closed for user root
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session closed for user p13x
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25198]: Successful su for rubyman by root
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25198]: + ??? root:rubyman
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332982 of user rubyman.
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25198]: pam_unix(su:session): session closed for user rubyman
May  5 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332982.
May  5 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22179]: pam_unix(cron:session): session closed for user root
May  5 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session closed for user samftp
May  5 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Invalid user tmp from 185.213.164.101
May  5 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: input_userauth_request: invalid user tmp [preauth]
May  5 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 09:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Failed password for invalid user tmp from 185.213.164.101 port 36924 ssh2
May  5 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Received disconnect from 185.213.164.101 port 36924:11: Bye Bye [preauth]
May  5 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25457]: Disconnected from 185.213.164.101 port 36924 [preauth]
May  5 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24281]: pam_unix(cron:session): session closed for user root
May  5 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25434]: Connection closed by 46.210.230.72 port 8237 [preauth]
May  5 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Invalid user exchange from 2.57.122.57
May  5 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: input_userauth_request: invalid user exchange [preauth]
May  5 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for root from 218.92.0.179 port 15557 ssh2
May  5 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user exchange from 2.57.122.57 port 57344 ssh2
May  5 09:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Connection closed by 2.57.122.57 port 57344 [preauth]
May  5 09:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for root from 218.92.0.179 port 15557 ssh2
May  5 09:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for root from 218.92.0.179 port 15557 ssh2
May  5 09:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Received disconnect from 218.92.0.179 port 15557:11:  [preauth]
May  5 09:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Disconnected from 218.92.0.179 port 15557 [preauth]
May  5 09:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Invalid user cistest from 190.103.202.7
May  5 09:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: input_userauth_request: invalid user cistest [preauth]
May  5 09:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Failed password for invalid user cistest from 190.103.202.7 port 50228 ssh2
May  5 09:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: Connection closed by 190.103.202.7 port 50228 [preauth]
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25559]: pam_unix(cron:session): session closed for user p13x
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: Successful su for rubyman by root
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: + ??? root:rubyman
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332984 of user rubyman.
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25624]: pam_unix(su:session): session closed for user rubyman
May  5 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332984.
May  5 09:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22650]: pam_unix(cron:session): session closed for user root
May  5 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25560]: pam_unix(cron:session): session closed for user samftp
May  5 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Invalid user lixing from 163.172.50.15
May  5 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: input_userauth_request: invalid user lixing [preauth]
May  5 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Failed password for invalid user lixing from 163.172.50.15 port 58492 ssh2
May  5 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Received disconnect from 163.172.50.15 port 58492:11: Bye Bye [preauth]
May  5 09:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25813]: Disconnected from 163.172.50.15 port 58492 [preauth]
May  5 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session closed for user root
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25971]: pam_unix(cron:session): session closed for user root
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25966]: pam_unix(cron:session): session closed for user p13x
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26034]: Successful su for rubyman by root
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26034]: + ??? root:rubyman
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332991 of user rubyman.
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26034]: pam_unix(su:session): session closed for user rubyman
May  5 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332991.
May  5 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25968]: pam_unix(cron:session): session closed for user root
May  5 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23118]: pam_unix(cron:session): session closed for user root
May  5 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25967]: pam_unix(cron:session): session closed for user samftp
May  5 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Invalid user tmp from 103.90.226.193
May  5 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: input_userauth_request: invalid user tmp [preauth]
May  5 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25138]: pam_unix(cron:session): session closed for user root
May  5 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Failed password for invalid user tmp from 103.90.226.193 port 54170 ssh2
May  5 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Received disconnect from 103.90.226.193 port 54170:11: Bye Bye [preauth]
May  5 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Disconnected from 103.90.226.193 port 54170 [preauth]
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26389]: pam_unix(cron:session): session closed for user p13x
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26543]: Successful su for rubyman by root
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26543]: + ??? root:rubyman
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 332994 of user rubyman.
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26543]: pam_unix(su:session): session closed for user rubyman
May  5 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 332994.
May  5 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23717]: pam_unix(cron:session): session closed for user root
May  5 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26391]: pam_unix(cron:session): session closed for user samftp
May  5 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25562]: pam_unix(cron:session): session closed for user root
May  5 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Invalid user mpt from 162.214.226.167
May  5 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: input_userauth_request: invalid user mpt [preauth]
May  5 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Failed password for invalid user mpt from 162.214.226.167 port 36636 ssh2
May  5 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Received disconnect from 162.214.226.167 port 36636:11: Bye Bye [preauth]
May  5 09:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Disconnected from 162.214.226.167 port 36636 [preauth]
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session closed for user root
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session closed for user p13x
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: Successful su for rubyman by root
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: + ??? root:rubyman
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333000 of user rubyman.
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26974]: pam_unix(su:session): session closed for user rubyman
May  5 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333000.
May  5 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session closed for user root
May  5 09:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26885]: pam_unix(cron:session): session closed for user samftp
May  5 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25970]: pam_unix(cron:session): session closed for user root
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27369]: pam_unix(cron:session): session closed for user p13x
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: Successful su for rubyman by root
May  5 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: + ??? root:rubyman
May  5 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333004 of user rubyman.
May  5 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27466]: pam_unix(su:session): session closed for user rubyman
May  5 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333004.
May  5 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session closed for user root
May  5 09:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session closed for user samftp
May  5 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Invalid user venus from 185.213.164.101
May  5 09:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: input_userauth_request: invalid user venus [preauth]
May  5 09:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 09:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Failed password for invalid user venus from 185.213.164.101 port 48364 ssh2
May  5 09:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Received disconnect from 185.213.164.101 port 48364:11: Bye Bye [preauth]
May  5 09:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Disconnected from 185.213.164.101 port 48364 [preauth]
May  5 09:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session closed for user root
May  5 09:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Invalid user test from 163.172.50.15
May  5 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: input_userauth_request: invalid user test [preauth]
May  5 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Failed password for invalid user test from 163.172.50.15 port 49016 ssh2
May  5 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Received disconnect from 163.172.50.15 port 49016:11: Bye Bye [preauth]
May  5 09:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27758]: Disconnected from 163.172.50.15 port 49016 [preauth]
May  5 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27809]: pam_unix(cron:session): session closed for user p13x
May  5 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27877]: Successful su for rubyman by root
May  5 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27877]: + ??? root:rubyman
May  5 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333010 of user rubyman.
May  5 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27877]: pam_unix(su:session): session closed for user rubyman
May  5 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333010.
May  5 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25137]: pam_unix(cron:session): session closed for user root
May  5 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27810]: pam_unix(cron:session): session closed for user samftp
May  5 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session closed for user root
May  5 09:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Invalid user bodega from 46.244.96.25
May  5 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: input_userauth_request: invalid user bodega [preauth]
May  5 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for invalid user bodega from 46.244.96.25 port 48186 ssh2
May  5 09:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Connection closed by 46.244.96.25 port 48186 [preauth]
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28221]: pam_unix(cron:session): session closed for user root
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session closed for user p13x
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28289]: Successful su for rubyman by root
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28289]: + ??? root:rubyman
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333012 of user rubyman.
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28289]: pam_unix(su:session): session closed for user rubyman
May  5 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333012.
May  5 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25561]: pam_unix(cron:session): session closed for user root
May  5 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28218]: pam_unix(cron:session): session closed for user root
May  5 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28215]: pam_unix(cron:session): session closed for user samftp
May  5 09:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Connection closed by 46.244.96.25 port 48174 [preauth]
May  5 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session closed for user root
May  5 09:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 09:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: Failed password for root from 2.57.122.57 port 43350 ssh2
May  5 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: Connection closed by 2.57.122.57 port 43350 [preauth]
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28652]: pam_unix(cron:session): session closed for user p13x
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: Successful su for rubyman by root
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: + ??? root:rubyman
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333018 of user rubyman.
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28718]: pam_unix(su:session): session closed for user rubyman
May  5 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333018.
May  5 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25969]: pam_unix(cron:session): session closed for user root
May  5 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session closed for user samftp
May  5 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Failed password for root from 103.90.226.193 port 34252 ssh2
May  5 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Received disconnect from 103.90.226.193 port 34252:11: Bye Bye [preauth]
May  5 09:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28942]: Disconnected from 103.90.226.193 port 34252 [preauth]
May  5 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session closed for user root
May  5 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167  user=root
May  5 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Failed password for root from 162.214.226.167 port 44968 ssh2
May  5 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Received disconnect from 162.214.226.167 port 44968:11: Bye Bye [preauth]
May  5 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Disconnected from 162.214.226.167 port 44968 [preauth]
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session closed for user p13x
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29219]: Successful su for rubyman by root
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29219]: + ??? root:rubyman
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333021 of user rubyman.
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29219]: pam_unix(su:session): session closed for user rubyman
May  5 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333021.
May  5 09:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user root
May  5 09:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29155]: pam_unix(cron:session): session closed for user samftp
May  5 09:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Invalid user mailbackup from 176.31.162.135
May  5 09:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: input_userauth_request: invalid user mailbackup [preauth]
May  5 09:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Failed password for invalid user mailbackup from 176.31.162.135 port 37716 ssh2
May  5 09:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Connection closed by 176.31.162.135 port 37716 [preauth]
May  5 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28220]: pam_unix(cron:session): session closed for user root
May  5 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29577]: pam_unix(cron:session): session closed for user p13x
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29640]: Successful su for rubyman by root
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29640]: + ??? root:rubyman
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333025 of user rubyman.
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29640]: pam_unix(su:session): session closed for user rubyman
May  5 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333025.
May  5 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session closed for user root
May  5 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29578]: pam_unix(cron:session): session closed for user samftp
May  5 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Invalid user sjkim from 163.172.50.15
May  5 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: input_userauth_request: invalid user sjkim [preauth]
May  5 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Failed password for invalid user sjkim from 163.172.50.15 port 44226 ssh2
May  5 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Received disconnect from 163.172.50.15 port 44226:11: Bye Bye [preauth]
May  5 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29837]: Disconnected from 163.172.50.15 port 44226 [preauth]
May  5 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session closed for user root
May  5 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Invalid user yichen from 185.213.164.101
May  5 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: input_userauth_request: invalid user yichen [preauth]
May  5 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 09:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Failed password for invalid user yichen from 185.213.164.101 port 43040 ssh2
May  5 09:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Received disconnect from 185.213.164.101 port 43040:11: Bye Bye [preauth]
May  5 09:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29922]: Disconnected from 185.213.164.101 port 43040 [preauth]
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session closed for user p13x
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: Successful su for rubyman by root
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: + ??? root:rubyman
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333029 of user rubyman.
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30047]: pam_unix(su:session): session closed for user rubyman
May  5 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333029.
May  5 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27371]: pam_unix(cron:session): session closed for user root
May  5 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session closed for user samftp
May  5 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29157]: pam_unix(cron:session): session closed for user root
May  5 09:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: Failed password for root from 218.92.0.179 port 27300 ssh2
May  5 09:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 27300 ssh2]
May  5 09:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: Received disconnect from 218.92.0.179 port 27300:11:  [preauth]
May  5 09:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: Disconnected from 218.92.0.179 port 27300 [preauth]
May  5 09:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30329]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session closed for user root
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session closed for user p13x
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30452]: Successful su for rubyman by root
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30452]: + ??? root:rubyman
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333033 of user rubyman.
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30452]: pam_unix(su:session): session closed for user rubyman
May  5 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333033.
May  5 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session closed for user root
May  5 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27812]: pam_unix(cron:session): session closed for user root
May  5 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session closed for user samftp
May  5 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29580]: pam_unix(cron:session): session closed for user root
May  5 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session closed for user p13x
May  5 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30876]: Successful su for rubyman by root
May  5 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30876]: + ??? root:rubyman
May  5 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333039 of user rubyman.
May  5 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30876]: pam_unix(su:session): session closed for user rubyman
May  5 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333039.
May  5 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28219]: pam_unix(cron:session): session closed for user root
May  5 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session closed for user samftp
May  5 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: Failed password for root from 218.92.0.179 port 37501 ssh2
May  5 09:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37501 ssh2]
May  5 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Invalid user yichen from 162.214.226.167
May  5 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: input_userauth_request: invalid user yichen [preauth]
May  5 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.214.226.167
May  5 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Failed password for invalid user yichen from 162.214.226.167 port 53300 ssh2
May  5 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Received disconnect from 162.214.226.167 port 53300:11: Bye Bye [preauth]
May  5 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Disconnected from 162.214.226.167 port 53300 [preauth]
May  5 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session closed for user root
May  5 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session closed for user p13x
May  5 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: Successful su for rubyman by root
May  5 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: + ??? root:rubyman
May  5 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333044 of user rubyman.
May  5 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: pam_unix(su:session): session closed for user rubyman
May  5 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333044.
May  5 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session closed for user root
May  5 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31220]: pam_unix(cron:session): session closed for user samftp
May  5 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: Invalid user frappe from 50.235.31.47
May  5 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: input_userauth_request: invalid user frappe [preauth]
May  5 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 09:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: Failed password for invalid user frappe from 50.235.31.47 port 40542 ssh2
May  5 09:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: Connection closed by 50.235.31.47 port 40542 [preauth]
May  5 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Invalid user daniel from 103.90.226.193
May  5 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: input_userauth_request: invalid user daniel [preauth]
May  5 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 09:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Failed password for invalid user daniel from 103.90.226.193 port 42558 ssh2
May  5 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Received disconnect from 103.90.226.193 port 42558:11: Bye Bye [preauth]
May  5 09:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Disconnected from 103.90.226.193 port 42558 [preauth]
May  5 09:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session closed for user root
May  5 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: Invalid user loan from 2.57.122.57
May  5 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: input_userauth_request: invalid user loan [preauth]
May  5 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: Failed password for invalid user loan from 2.57.122.57 port 45502 ssh2
May  5 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: Connection closed by 2.57.122.57 port 45502 [preauth]
May  5 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: Invalid user wuxh from 163.172.50.15
May  5 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: input_userauth_request: invalid user wuxh [preauth]
May  5 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: Failed password for invalid user wuxh from 163.172.50.15 port 37972 ssh2
May  5 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: Received disconnect from 163.172.50.15 port 37972:11: Bye Bye [preauth]
May  5 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31600]: Disconnected from 163.172.50.15 port 37972 [preauth]
May  5 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31628]: pam_unix(cron:session): session closed for user p13x
May  5 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31709]: Successful su for rubyman by root
May  5 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31709]: + ??? root:rubyman
May  5 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333048 of user rubyman.
May  5 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31709]: pam_unix(su:session): session closed for user rubyman
May  5 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333048.
May  5 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29156]: pam_unix(cron:session): session closed for user root
May  5 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31629]: pam_unix(cron:session): session closed for user samftp
May  5 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session closed for user root
May  5 09:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Invalid user mpt from 185.213.164.101
May  5 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: input_userauth_request: invalid user mpt [preauth]
May  5 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 09:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Failed password for invalid user mpt from 185.213.164.101 port 52094 ssh2
May  5 09:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Received disconnect from 185.213.164.101 port 52094:11: Bye Bye [preauth]
May  5 09:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Disconnected from 185.213.164.101 port 52094 [preauth]
May  5 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32056]: pam_unix(cron:session): session closed for user p13x
May  5 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32119]: Successful su for rubyman by root
May  5 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32119]: + ??? root:rubyman
May  5 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333052 of user rubyman.
May  5 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32119]: pam_unix(su:session): session closed for user rubyman
May  5 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333052.
May  5 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29579]: pam_unix(cron:session): session closed for user root
May  5 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32057]: pam_unix(cron:session): session closed for user samftp
May  5 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session closed for user root
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32462]: pam_unix(cron:session): session closed for user root
May  5 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32457]: pam_unix(cron:session): session closed for user p13x
May  5 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32531]: Successful su for rubyman by root
May  5 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32531]: + ??? root:rubyman
May  5 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333058 of user rubyman.
May  5 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32531]: pam_unix(su:session): session closed for user rubyman
May  5 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333058.
May  5 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32459]: pam_unix(cron:session): session closed for user root
May  5 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session closed for user root
May  5 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32458]: pam_unix(cron:session): session closed for user samftp
May  5 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31632]: pam_unix(cron:session): session closed for user root
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session closed for user p13x
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: Successful su for rubyman by root
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: + ??? root:rubyman
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333061 of user rubyman.
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[625]: pam_unix(su:session): session closed for user rubyman
May  5 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333061.
May  5 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session closed for user root
May  5 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[556]: pam_unix(cron:session): session closed for user samftp
May  5 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session closed for user root
May  5 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[997]: pam_unix(cron:session): session closed for user p13x
May  5 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1062]: Successful su for rubyman by root
May  5 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1062]: + ??? root:rubyman
May  5 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333066 of user rubyman.
May  5 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1062]: pam_unix(su:session): session closed for user rubyman
May  5 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333066.
May  5 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session closed for user root
May  5 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[998]: pam_unix(cron:session): session closed for user samftp
May  5 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15  user=root
May  5 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Failed password for root from 163.172.50.15 port 57914 ssh2
May  5 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Received disconnect from 163.172.50.15 port 57914:11: Bye Bye [preauth]
May  5 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Disconnected from 163.172.50.15 port 57914 [preauth]
May  5 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32461]: pam_unix(cron:session): session closed for user root
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1467]: pam_unix(cron:session): session closed for user p13x
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: Successful su for rubyman by root
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: + ??? root:rubyman
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333069 of user rubyman.
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1527]: pam_unix(su:session): session closed for user rubyman
May  5 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333069.
May  5 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session closed for user root
May  5 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1468]: pam_unix(cron:session): session closed for user samftp
May  5 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: Invalid user developer from 103.90.226.193
May  5 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: input_userauth_request: invalid user developer [preauth]
May  5 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: Failed password for invalid user developer from 103.90.226.193 port 50864 ssh2
May  5 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: Received disconnect from 103.90.226.193 port 50864:11: Bye Bye [preauth]
May  5 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1736]: Disconnected from 103.90.226.193 port 50864 [preauth]
May  5 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[558]: pam_unix(cron:session): session closed for user root
May  5 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Failed password for root from 185.93.89.118 port 64254 ssh2
May  5 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Connection closed by 185.93.89.118 port 64254 [preauth]
May  5 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: Invalid user parisa from 185.213.164.101
May  5 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: input_userauth_request: invalid user parisa [preauth]
May  5 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.101
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session closed for user p13x
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2045]: Successful su for rubyman by root
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2045]: + ??? root:rubyman
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333074 of user rubyman.
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2045]: pam_unix(su:session): session closed for user rubyman
May  5 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333074.
May  5 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: Failed password for invalid user parisa from 185.213.164.101 port 32988 ssh2
May  5 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: Received disconnect from 185.213.164.101 port 32988:11: Bye Bye [preauth]
May  5 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1908]: Disconnected from 185.213.164.101 port 32988 [preauth]
May  5 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31631]: pam_unix(cron:session): session closed for user root
May  5 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user samftp
May  5 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Failed password for root from 185.93.89.118 port 39634 ssh2
May  5 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Connection closed by 185.93.89.118 port 39634 [preauth]
May  5 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1000]: pam_unix(cron:session): session closed for user root
May  5 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Invalid user lender from 2.57.122.57
May  5 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: input_userauth_request: invalid user lender [preauth]
May  5 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: Failed password for root from 185.93.89.118 port 52864 ssh2
May  5 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Failed password for invalid user lender from 2.57.122.57 port 58454 ssh2
May  5 09:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2315]: Connection closed by 2.57.122.57 port 58454 [preauth]
May  5 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: Connection closed by 185.93.89.118 port 52864 [preauth]
May  5 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 09:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Failed password for root from 185.93.89.118 port 33838 ssh2
May  5 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Connection closed by 185.93.89.118 port 33838 [preauth]
May  5 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2419]: pam_unix(cron:session): session closed for user root
May  5 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2414]: pam_unix(cron:session): session closed for user p13x
May  5 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: Successful su for rubyman by root
May  5 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: + ??? root:rubyman
May  5 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333077 of user rubyman.
May  5 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2487]: pam_unix(su:session): session closed for user rubyman
May  5 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333077.
May  5 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2416]: pam_unix(cron:session): session closed for user root
May  5 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session closed for user root
May  5 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2415]: pam_unix(cron:session): session closed for user samftp
May  5 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: Failed password for root from 185.93.89.118 port 27344 ssh2
May  5 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2382]: Connection closed by 185.93.89.118 port 27344 [preauth]
May  5 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session closed for user root
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2875]: pam_unix(cron:session): session closed for user p13x
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: Successful su for rubyman by root
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: + ??? root:rubyman
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333083 of user rubyman.
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2950]: pam_unix(su:session): session closed for user rubyman
May  5 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333083.
May  5 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32460]: pam_unix(cron:session): session closed for user root
May  5 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session closed for user samftp
May  5 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session closed for user root
May  5 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Invalid user Admin from 163.172.50.15
May  5 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: input_userauth_request: invalid user Admin [preauth]
May  5 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Failed password for invalid user Admin from 163.172.50.15 port 44892 ssh2
May  5 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Received disconnect from 163.172.50.15 port 44892:11: Bye Bye [preauth]
May  5 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Disconnected from 163.172.50.15 port 44892 [preauth]
May  5 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user p13x
May  5 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: Successful su for rubyman by root
May  5 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: + ??? root:rubyman
May  5 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333088 of user rubyman.
May  5 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3346]: pam_unix(su:session): session closed for user rubyman
May  5 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333088.
May  5 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[557]: pam_unix(cron:session): session closed for user root
May  5 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user samftp
May  5 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Connection reset by 205.210.31.166 port 63626 [preauth]
May  5 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2418]: pam_unix(cron:session): session closed for user root
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session closed for user p13x
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: Successful su for rubyman by root
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: + ??? root:rubyman
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333091 of user rubyman.
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: pam_unix(su:session): session closed for user rubyman
May  5 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333091.
May  5 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session closed for user root
May  5 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session closed for user samftp
May  5 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2880]: pam_unix(cron:session): session closed for user root
May  5 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4170]: pam_unix(cron:session): session closed for user p13x
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: Successful su for rubyman by root
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: + ??? root:rubyman
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333097 of user rubyman.
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: pam_unix(su:session): session closed for user rubyman
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333097.
May  5 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session closed for user root
May  5 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session closed for user root
May  5 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session closed for user samftp
May  5 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Invalid user sam from 103.90.226.193
May  5 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: input_userauth_request: invalid user sam [preauth]
May  5 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193
May  5 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Failed password for invalid user sam from 103.90.226.193 port 59168 ssh2
May  5 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Received disconnect from 103.90.226.193 port 59168:11: Bye Bye [preauth]
May  5 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4703]: Disconnected from 103.90.226.193 port 59168 [preauth]
May  5 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user root
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session closed for user root
May  5 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user p13x
May  5 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4905]: Successful su for rubyman by root
May  5 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4905]: + ??? root:rubyman
May  5 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333104 of user rubyman.
May  5 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4905]: pam_unix(su:session): session closed for user rubyman
May  5 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333104.
May  5 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session closed for user root
May  5 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user root
May  5 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user samftp
May  5 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3734]: pam_unix(cron:session): session closed for user root
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5475]: pam_unix(cron:session): session closed for user p13x
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5578]: Successful su for rubyman by root
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5578]: + ??? root:rubyman
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333107 of user rubyman.
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5578]: pam_unix(su:session): session closed for user rubyman
May  5 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333107.
May  5 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2417]: pam_unix(cron:session): session closed for user root
May  5 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5477]: pam_unix(cron:session): session closed for user samftp
May  5 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 09:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Failed password for root from 2.57.122.57 port 43582 ssh2
May  5 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session closed for user root
May  5 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Connection closed by 2.57.122.57 port 43582 [preauth]
May  5 09:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Invalid user testuser from 163.172.50.15
May  5 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: input_userauth_request: invalid user testuser [preauth]
May  5 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Failed password for invalid user testuser from 163.172.50.15 port 35360 ssh2
May  5 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Received disconnect from 163.172.50.15 port 35360:11: Bye Bye [preauth]
May  5 09:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5969]: Disconnected from 163.172.50.15 port 35360 [preauth]
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6039]: pam_unix(cron:session): session closed for user p13x
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6105]: Successful su for rubyman by root
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6105]: + ??? root:rubyman
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333110 of user rubyman.
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6105]: pam_unix(su:session): session closed for user rubyman
May  5 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333110.
May  5 09:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2879]: pam_unix(cron:session): session closed for user root
May  5 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6040]: pam_unix(cron:session): session closed for user samftp
May  5 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user root
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6445]: pam_unix(cron:session): session closed for user p13x
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6509]: Successful su for rubyman by root
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6509]: + ??? root:rubyman
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333115 of user rubyman.
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6509]: pam_unix(su:session): session closed for user rubyman
May  5 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333115.
May  5 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user root
May  5 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user samftp
May  5 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5479]: pam_unix(cron:session): session closed for user root
May  5 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Failed password for root from 220.117.239.116 port 39008 ssh2
May  5 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: message repeated 5 times: [ Failed password for root from 220.117.239.116 port 39008 ssh2]
May  5 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: error: maximum authentication attempts exceeded for root from 220.117.239.116 port 39008 ssh2 [preauth]
May  5 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Disconnecting: Too many authentication failures [preauth]
May  5 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user p13x
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: Successful su for rubyman by root
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: + ??? root:rubyman
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333121 of user rubyman.
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: pam_unix(su:session): session closed for user rubyman
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333121.
May  5 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Failed password for root from 220.117.239.116 port 41846 ssh2
May  5 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3733]: pam_unix(cron:session): session closed for user root
May  5 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Failed password for root from 220.117.239.116 port 41846 ssh2
May  5 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session closed for user samftp
May  5 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Failed password for root from 220.117.239.116 port 41846 ssh2
May  5 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: message repeated 3 times: [ Failed password for root from 220.117.239.116 port 41846 ssh2]
May  5 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: error: maximum authentication attempts exceeded for root from 220.117.239.116 port 41846 ssh2 [preauth]
May  5 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: Disconnecting: Too many authentication failures [preauth]
May  5 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6853]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: Failed password for root from 220.117.239.116 port 44630 ssh2
May  5 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: message repeated 5 times: [ Failed password for root from 220.117.239.116 port 44630 ssh2]
May  5 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: error: maximum authentication attempts exceeded for root from 220.117.239.116 port 44630 ssh2 [preauth]
May  5 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: Disconnecting: Too many authentication failures [preauth]
May  5 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7237]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116  user=root
May  5 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Failed password for root from 220.117.239.116 port 47524 ssh2
May  5 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Received disconnect from 220.117.239.116 port 47524:11: disconnected by user [preauth]
May  5 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7289]: Disconnected from 220.117.239.116 port 47524 [preauth]
May  5 09:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Invalid user admin from 220.117.239.116
May  5 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: input_userauth_request: invalid user admin [preauth]
May  5 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6042]: pam_unix(cron:session): session closed for user root
May  5 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Invalid user grafana from 46.244.96.25
May  5 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: input_userauth_request: invalid user grafana [preauth]
May  5 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user admin from 220.117.239.116 port 48230 ssh2
May  5 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Failed password for invalid user grafana from 46.244.96.25 port 43556 ssh2
May  5 09:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7291]: Connection closed by 46.244.96.25 port 43556 [preauth]
May  5 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user admin from 220.117.239.116 port 48230 ssh2
May  5 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user admin from 220.117.239.116 port 48230 ssh2
May  5 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user admin from 220.117.239.116 port 48230 ssh2
May  5 09:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user admin from 220.117.239.116 port 48230 ssh2
May  5 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user admin from 220.117.239.116 port 48230 ssh2
May  5 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: error: maximum authentication attempts exceeded for invalid user admin from 220.117.239.116 port 48230 ssh2 [preauth]
May  5 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Disconnecting: Too many authentication failures [preauth]
May  5 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Invalid user admin from 220.117.239.116
May  5 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: input_userauth_request: invalid user admin [preauth]
May  5 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Failed password for invalid user admin from 220.117.239.116 port 51024 ssh2
May  5 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Failed password for invalid user admin from 220.117.239.116 port 51024 ssh2
May  5 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Failed password for invalid user admin from 220.117.239.116 port 51024 ssh2
May  5 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Failed password for invalid user admin from 220.117.239.116 port 51024 ssh2
May  5 09:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Failed password for invalid user admin from 220.117.239.116 port 51024 ssh2
May  5 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Failed password for invalid user admin from 220.117.239.116 port 51024 ssh2
May  5 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: error: maximum authentication attempts exceeded for invalid user admin from 220.117.239.116 port 51024 ssh2 [preauth]
May  5 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: Disconnecting: Too many authentication failures [preauth]
May  5 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7351]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7385]: pam_unix(cron:session): session closed for user root
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7380]: pam_unix(cron:session): session closed for user p13x
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Invalid user admin from 220.117.239.116
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: input_userauth_request: invalid user admin [preauth]
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7450]: Successful su for rubyman by root
May  5 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7450]: + ??? root:rubyman
May  5 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333123 of user rubyman.
May  5 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7450]: pam_unix(su:session): session closed for user rubyman
May  5 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333123.
May  5 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7382]: pam_unix(cron:session): session closed for user root
May  5 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for invalid user admin from 220.117.239.116 port 54054 ssh2
May  5 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session closed for user root
May  5 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for invalid user admin from 220.117.239.116 port 54054 ssh2
May  5 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7381]: pam_unix(cron:session): session closed for user samftp
May  5 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for invalid user admin from 220.117.239.116 port 54054 ssh2
May  5 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for invalid user admin from 220.117.239.116 port 54054 ssh2
May  5 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Received disconnect from 220.117.239.116 port 54054:11: disconnected by user [preauth]
May  5 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Disconnected from 220.117.239.116 port 54054 [preauth]
May  5 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Invalid user oracle from 220.117.239.116
May  5 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: input_userauth_request: invalid user oracle [preauth]
May  5 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Failed password for root from 103.90.226.193 port 39250 ssh2
May  5 09:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Received disconnect from 103.90.226.193 port 39250:11: Bye Bye [preauth]
May  5 09:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Disconnected from 103.90.226.193 port 39250 [preauth]
May  5 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for invalid user oracle from 220.117.239.116 port 55838 ssh2
May  5 09:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for invalid user oracle from 220.117.239.116 port 55838 ssh2
May  5 09:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for invalid user oracle from 220.117.239.116 port 55838 ssh2
May  5 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for invalid user oracle from 220.117.239.116 port 55838 ssh2
May  5 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for invalid user oracle from 220.117.239.116 port 55838 ssh2
May  5 09:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for invalid user oracle from 220.117.239.116 port 55838 ssh2
May  5 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: error: maximum authentication attempts exceeded for invalid user oracle from 220.117.239.116 port 55838 ssh2 [preauth]
May  5 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Disconnecting: Too many authentication failures [preauth]
May  5 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Invalid user oracle from 220.117.239.116
May  5 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: input_userauth_request: invalid user oracle [preauth]
May  5 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user oracle from 220.117.239.116 port 58700 ssh2
May  5 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for root from 218.92.0.179 port 48515 ssh2
May  5 09:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user oracle from 220.117.239.116 port 58700 ssh2
May  5 09:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for root from 218.92.0.179 port 48515 ssh2
May  5 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user oracle from 220.117.239.116 port 58700 ssh2
May  5 09:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for root from 218.92.0.179 port 48515 ssh2
May  5 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session closed for user root
May  5 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Received disconnect from 218.92.0.179 port 48515:11:  [preauth]
May  5 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Disconnected from 218.92.0.179 port 48515 [preauth]
May  5 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user oracle from 220.117.239.116 port 58700 ssh2
May  5 09:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user oracle from 220.117.239.116 port 58700 ssh2
May  5 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user oracle from 220.117.239.116 port 58700 ssh2
May  5 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: maximum authentication attempts exceeded for invalid user oracle from 220.117.239.116 port 58700 ssh2 [preauth]
May  5 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Disconnecting: Too many authentication failures [preauth]
May  5 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Invalid user oracle from 220.117.239.116
May  5 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: input_userauth_request: invalid user oracle [preauth]
May  5 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Failed password for invalid user oracle from 220.117.239.116 port 33190 ssh2
May  5 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Failed password for invalid user oracle from 220.117.239.116 port 33190 ssh2
May  5 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Received disconnect from 220.117.239.116 port 33190:11: disconnected by user [preauth]
May  5 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Disconnected from 220.117.239.116 port 33190 [preauth]
May  5 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Invalid user usuario from 220.117.239.116
May  5 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: input_userauth_request: invalid user usuario [preauth]
May  5 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user usuario from 220.117.239.116 port 34334 ssh2
May  5 09:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user usuario from 220.117.239.116 port 34334 ssh2
May  5 09:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user usuario from 220.117.239.116 port 34334 ssh2
May  5 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user usuario from 220.117.239.116 port 34334 ssh2
May  5 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user usuario from 220.117.239.116 port 34334 ssh2
May  5 09:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Failed password for invalid user usuario from 220.117.239.116 port 34334 ssh2
May  5 09:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: error: maximum authentication attempts exceeded for invalid user usuario from 220.117.239.116 port 34334 ssh2 [preauth]
May  5 09:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Disconnecting: Too many authentication failures [preauth]
May  5 09:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Invalid user usuario from 220.117.239.116
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: input_userauth_request: invalid user usuario [preauth]
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7951]: pam_unix(cron:session): session closed for user p13x
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: Successful su for rubyman by root
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: + ??? root:rubyman
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333128 of user rubyman.
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8021]: pam_unix(su:session): session closed for user rubyman
May  5 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333128.
May  5 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for invalid user usuario from 220.117.239.116 port 37102 ssh2
May  5 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Invalid user env from 163.172.50.15
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: input_userauth_request: invalid user env [preauth]
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.50.15
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for invalid user usuario from 220.117.239.116 port 37102 ssh2
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
May  5 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7952]: pam_unix(cron:session): session closed for user samftp
May  5 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Failed password for invalid user env from 163.172.50.15 port 49962 ssh2
May  5 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Received disconnect from 163.172.50.15 port 49962:11: Bye Bye [preauth]
May  5 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Disconnected from 163.172.50.15 port 49962 [preauth]
May  5 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for invalid user usuario from 220.117.239.116 port 37102 ssh2
May  5 09:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for invalid user usuario from 220.117.239.116 port 37102 ssh2
May  5 09:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for invalid user usuario from 220.117.239.116 port 37102 ssh2
May  5 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Failed password for invalid user usuario from 220.117.239.116 port 37102 ssh2
May  5 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: error: maximum authentication attempts exceeded for invalid user usuario from 220.117.239.116 port 37102 ssh2 [preauth]
May  5 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: Disconnecting: Too many authentication failures [preauth]
May  5 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7947]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Invalid user usuario from 220.117.239.116
May  5 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: input_userauth_request: invalid user usuario [preauth]
May  5 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Failed password for invalid user usuario from 220.117.239.116 port 39998 ssh2
May  5 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Failed password for invalid user usuario from 220.117.239.116 port 39998 ssh2
May  5 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Received disconnect from 220.117.239.116 port 39998:11: disconnected by user [preauth]
May  5 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Disconnected from 220.117.239.116 port 39998 [preauth]
May  5 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Invalid user test from 220.117.239.116
May  5 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: input_userauth_request: invalid user test [preauth]
May  5 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user test from 220.117.239.116 port 41056 ssh2
May  5 09:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user test from 220.117.239.116 port 41056 ssh2
May  5 09:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user test from 220.117.239.116 port 41056 ssh2
May  5 09:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user test from 220.117.239.116 port 41056 ssh2
May  5 09:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user test from 220.117.239.116 port 41056 ssh2
May  5 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session closed for user root
May  5 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user test from 220.117.239.116 port 41056 ssh2
May  5 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: maximum authentication attempts exceeded for invalid user test from 220.117.239.116 port 41056 ssh2 [preauth]
May  5 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Disconnecting: Too many authentication failures [preauth]
May  5 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Invalid user test from 220.117.239.116
May  5 09:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: input_userauth_request: invalid user test [preauth]
May  5 09:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user test from 220.117.239.116 port 44146 ssh2
May  5 09:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user test from 220.117.239.116 port 44146 ssh2
May  5 09:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user test from 220.117.239.116 port 44146 ssh2
May  5 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user test from 220.117.239.116 port 44146 ssh2
May  5 09:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user test from 220.117.239.116 port 44146 ssh2
May  5 09:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Failed password for invalid user test from 220.117.239.116 port 44146 ssh2
May  5 09:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: error: maximum authentication attempts exceeded for invalid user test from 220.117.239.116 port 44146 ssh2 [preauth]
May  5 09:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: Disconnecting: Too many authentication failures [preauth]
May  5 09:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8337]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Invalid user test from 220.117.239.116
May  5 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: input_userauth_request: invalid user test [preauth]
May  5 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Failed password for invalid user test from 220.117.239.116 port 46940 ssh2
May  5 09:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Failed password for invalid user test from 220.117.239.116 port 46940 ssh2
May  5 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Received disconnect from 220.117.239.116 port 46940:11: disconnected by user [preauth]
May  5 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Disconnected from 220.117.239.116 port 46940 [preauth]
May  5 09:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Invalid user user from 220.117.239.116
May  5 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: input_userauth_request: invalid user user [preauth]
May  5 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user user from 220.117.239.116 port 48106 ssh2
May  5 09:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user user from 220.117.239.116 port 48106 ssh2
May  5 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session closed for user p13x
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: Successful su for rubyman by root
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: + ??? root:rubyman
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333134 of user rubyman.
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: pam_unix(su:session): session closed for user rubyman
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333134.
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user user from 220.117.239.116 port 48106 ssh2
May  5 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5478]: pam_unix(cron:session): session closed for user root
May  5 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user user from 220.117.239.116 port 48106 ssh2
May  5 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8401]: pam_unix(cron:session): session closed for user samftp
May  5 09:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user user from 220.117.239.116 port 48106 ssh2
May  5 09:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Failed password for invalid user user from 220.117.239.116 port 48106 ssh2
May  5 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: error: maximum authentication attempts exceeded for invalid user user from 220.117.239.116 port 48106 ssh2 [preauth]
May  5 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: Disconnecting: Too many authentication failures [preauth]
May  5 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8389]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Invalid user user from 220.117.239.116
May  5 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: input_userauth_request: invalid user user [preauth]
May  5 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user user from 220.117.239.116 port 50946 ssh2
May  5 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user user from 220.117.239.116 port 50946 ssh2
May  5 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user user from 220.117.239.116 port 50946 ssh2
May  5 09:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user user from 220.117.239.116 port 50946 ssh2
May  5 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user user from 220.117.239.116 port 50946 ssh2
May  5 09:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Failed password for invalid user user from 220.117.239.116 port 50946 ssh2
May  5 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: error: maximum authentication attempts exceeded for invalid user user from 220.117.239.116 port 50946 ssh2 [preauth]
May  5 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: Disconnecting: Too many authentication failures [preauth]
May  5 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8668]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Invalid user user from 220.117.239.116
May  5 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: input_userauth_request: invalid user user [preauth]
May  5 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user user from 220.117.239.116 port 53876 ssh2
May  5 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user user from 220.117.239.116 port 53876 ssh2
May  5 09:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user user from 220.117.239.116 port 53876 ssh2
May  5 09:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7384]: pam_unix(cron:session): session closed for user root
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user user from 220.117.239.116 port 53876 ssh2
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Received disconnect from 220.117.239.116 port 53876:11: disconnected by user [preauth]
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Disconnected from 220.117.239.116 port 53876 [preauth]
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Invalid user ftpuser from 220.117.239.116
May  5 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: input_userauth_request: invalid user ftpuser [preauth]
May  5 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user ftpuser from 220.117.239.116 port 55888 ssh2
May  5 09:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user ftpuser from 220.117.239.116 port 55888 ssh2
May  5 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user ftpuser from 220.117.239.116 port 55888 ssh2
May  5 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user ftpuser from 220.117.239.116 port 55888 ssh2
May  5 09:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user ftpuser from 220.117.239.116 port 55888 ssh2
May  5 09:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user ftpuser from 220.117.239.116 port 55888 ssh2
May  5 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: error: maximum authentication attempts exceeded for invalid user ftpuser from 220.117.239.116 port 55888 ssh2 [preauth]
May  5 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Disconnecting: Too many authentication failures [preauth]
May  5 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Invalid user ftpuser from 220.117.239.116
May  5 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: input_userauth_request: invalid user ftpuser [preauth]
May  5 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user ftpuser from 220.117.239.116 port 58538 ssh2
May  5 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user ftpuser from 220.117.239.116 port 58538 ssh2
May  5 09:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user ftpuser from 220.117.239.116 port 58538 ssh2
May  5 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user ftpuser from 220.117.239.116 port 58538 ssh2
May  5 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user ftpuser from 220.117.239.116 port 58538 ssh2
May  5 09:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8832]: pam_unix(cron:session): session closed for user p13x
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8898]: Successful su for rubyman by root
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8898]: + ??? root:rubyman
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333137 of user rubyman.
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8898]: pam_unix(su:session): session closed for user rubyman
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333137.
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Failed password for invalid user ftpuser from 220.117.239.116 port 58538 ssh2
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: error: maximum authentication attempts exceeded for invalid user ftpuser from 220.117.239.116 port 58538 ssh2 [preauth]
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: Disconnecting: Too many authentication failures [preauth]
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8804]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Invalid user ftpuser from 220.117.239.116
May  5 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: input_userauth_request: invalid user ftpuser [preauth]
May  5 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6041]: pam_unix(cron:session): session closed for user root
May  5 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for invalid user ftpuser from 220.117.239.116 port 32954 ssh2
May  5 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Invalid user admin from 80.94.95.112
May  5 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: input_userauth_request: invalid user admin [preauth]
May  5 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 09:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8833]: pam_unix(cron:session): session closed for user samftp
May  5 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for invalid user ftpuser from 220.117.239.116 port 32954 ssh2
May  5 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user admin from 80.94.95.112 port 10040 ssh2
May  5 09:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for invalid user ftpuser from 220.117.239.116 port 32954 ssh2
May  5 09:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user admin from 80.94.95.112 port 10040 ssh2
May  5 09:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Failed password for invalid user ftpuser from 220.117.239.116 port 32954 ssh2
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user admin from 80.94.95.112 port 10040 ssh2
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Received disconnect from 220.117.239.116 port 32954:11: disconnected by user [preauth]
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: Disconnected from 220.117.239.116 port 32954 [preauth]
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8951]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Invalid user test1 from 220.117.239.116
May  5 09:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: input_userauth_request: invalid user test1 [preauth]
May  5 09:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user admin from 80.94.95.112 port 10040 ssh2
May  5 09:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user test1 from 220.117.239.116 port 34714 ssh2
May  5 09:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Failed password for invalid user admin from 80.94.95.112 port 10040 ssh2
May  5 09:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Received disconnect from 80.94.95.112 port 10040:11: Bye [preauth]
May  5 09:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: Disconnected from 80.94.95.112 port 10040 [preauth]
May  5 09:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 09:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8933]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user test1 from 220.117.239.116 port 34714 ssh2
May  5 09:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user test1 from 220.117.239.116 port 34714 ssh2
May  5 09:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user test1 from 220.117.239.116 port 34714 ssh2
May  5 09:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user test1 from 220.117.239.116 port 34714 ssh2
May  5 09:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Failed password for invalid user test1 from 220.117.239.116 port 34714 ssh2
May  5 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: error: maximum authentication attempts exceeded for invalid user test1 from 220.117.239.116 port 34714 ssh2 [preauth]
May  5 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: Disconnecting: Too many authentication failures [preauth]
May  5 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9101]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Invalid user test1 from 220.117.239.116
May  5 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: input_userauth_request: invalid user test1 [preauth]
May  5 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user test1 from 220.117.239.116 port 37380 ssh2
May  5 09:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 09:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user test1 from 220.117.239.116 port 37380 ssh2
May  5 09:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Failed password for root from 2.57.122.57 port 60596 ssh2
May  5 09:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Connection closed by 2.57.122.57 port 60596 [preauth]
May  5 09:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user test1 from 220.117.239.116 port 37380 ssh2
May  5 09:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7954]: pam_unix(cron:session): session closed for user root
May  5 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user test1 from 220.117.239.116 port 37380 ssh2
May  5 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user test1 from 220.117.239.116 port 37380 ssh2
May  5 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Invalid user telecomadmin from 80.94.95.125
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: input_userauth_request: invalid user telecomadmin [preauth]
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Failed password for invalid user test1 from 220.117.239.116 port 37380 ssh2
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: error: maximum authentication attempts exceeded for invalid user test1 from 220.117.239.116 port 37380 ssh2 [preauth]
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: Disconnecting: Too many authentication failures [preauth]
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9235]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Invalid user test1 from 220.117.239.116
May  5 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: input_userauth_request: invalid user test1 [preauth]
May  5 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Failed password for invalid user telecomadmin from 80.94.95.125 port 14936 ssh2
May  5 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Failed password for invalid user test1 from 220.117.239.116 port 39792 ssh2
May  5 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Failed password for invalid user telecomadmin from 80.94.95.125 port 14936 ssh2
May  5 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Failed password for invalid user test1 from 220.117.239.116 port 39792 ssh2
May  5 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Received disconnect from 220.117.239.116 port 39792:11: disconnected by user [preauth]
May  5 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Disconnected from 220.117.239.116 port 39792 [preauth]
May  5 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Failed password for invalid user telecomadmin from 80.94.95.125 port 14936 ssh2
May  5 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Invalid user test2 from 220.117.239.116
May  5 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: input_userauth_request: invalid user test2 [preauth]
May  5 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Failed password for invalid user telecomadmin from 80.94.95.125 port 14936 ssh2
May  5 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user test2 from 220.117.239.116 port 40784 ssh2
May  5 09:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Failed password for invalid user telecomadmin from 80.94.95.125 port 14936 ssh2
May  5 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Received disconnect from 80.94.95.125 port 14936:11: Bye [preauth]
May  5 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: Disconnected from 80.94.95.125 port 14936 [preauth]
May  5 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9309]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 09:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user test2 from 220.117.239.116 port 40784 ssh2
May  5 09:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user test2 from 220.117.239.116 port 40784 ssh2
May  5 09:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user test2 from 220.117.239.116 port 40784 ssh2
May  5 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user test2 from 220.117.239.116 port 40784 ssh2
May  5 09:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for invalid user test2 from 220.117.239.116 port 40784 ssh2
May  5 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: error: maximum authentication attempts exceeded for invalid user test2 from 220.117.239.116 port 40784 ssh2 [preauth]
May  5 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Disconnecting: Too many authentication failures [preauth]
May  5 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Invalid user test2 from 220.117.239.116
May  5 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: input_userauth_request: invalid user test2 [preauth]
May  5 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user test2 from 220.117.239.116 port 43322 ssh2
May  5 09:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user test2 from 220.117.239.116 port 43322 ssh2
May  5 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session closed for user p13x
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: Successful su for rubyman by root
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: + ??? root:rubyman
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333141 of user rubyman.
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9443]: pam_unix(su:session): session closed for user rubyman
May  5 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333141.
May  5 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user test2 from 220.117.239.116 port 43322 ssh2
May  5 09:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session closed for user root
May  5 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user test2 from 220.117.239.116 port 43322 ssh2
May  5 09:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session closed for user samftp
May  5 09:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user test2 from 220.117.239.116 port 43322 ssh2
May  5 09:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Failed password for invalid user test2 from 220.117.239.116 port 43322 ssh2
May  5 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: error: maximum authentication attempts exceeded for invalid user test2 from 220.117.239.116 port 43322 ssh2 [preauth]
May  5 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: Disconnecting: Too many authentication failures [preauth]
May  5 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9367]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: Invalid user test2 from 220.117.239.116
May  5 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: input_userauth_request: invalid user test2 [preauth]
May  5 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: Failed password for invalid user test2 from 220.117.239.116 port 46044 ssh2
May  5 09:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: Failed password for invalid user test2 from 220.117.239.116 port 46044 ssh2
May  5 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: Received disconnect from 220.117.239.116 port 46044:11: disconnected by user [preauth]
May  5 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: Disconnected from 220.117.239.116 port 46044 [preauth]
May  5 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9630]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Invalid user ubuntu from 220.117.239.116
May  5 09:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: input_userauth_request: invalid user ubuntu [preauth]
May  5 09:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user ubuntu from 220.117.239.116 port 47072 ssh2
May  5 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user ubuntu from 220.117.239.116 port 47072 ssh2
May  5 09:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user ubuntu from 220.117.239.116 port 47072 ssh2
May  5 09:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user ubuntu from 220.117.239.116 port 47072 ssh2
May  5 09:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user ubuntu from 220.117.239.116 port 47072 ssh2
May  5 09:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user ubuntu from 220.117.239.116 port 47072 ssh2
May  5 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: error: maximum authentication attempts exceeded for invalid user ubuntu from 220.117.239.116 port 47072 ssh2 [preauth]
May  5 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Disconnecting: Too many authentication failures [preauth]
May  5 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Invalid user ubuntu from 220.117.239.116
May  5 09:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: input_userauth_request: invalid user ubuntu [preauth]
May  5 09:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Failed password for invalid user ubuntu from 220.117.239.116 port 49434 ssh2
May  5 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session closed for user root
May  5 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Failed password for invalid user ubuntu from 220.117.239.116 port 49434 ssh2
May  5 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Failed password for invalid user ubuntu from 220.117.239.116 port 49434 ssh2
May  5 09:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Failed password for invalid user ubuntu from 220.117.239.116 port 49434 ssh2
May  5 09:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Failed password for invalid user ubuntu from 220.117.239.116 port 49434 ssh2
May  5 09:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Failed password for invalid user ubuntu from 220.117.239.116 port 49434 ssh2
May  5 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: error: maximum authentication attempts exceeded for invalid user ubuntu from 220.117.239.116 port 49434 ssh2 [preauth]
May  5 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: Disconnecting: Too many authentication failures [preauth]
May  5 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9689]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 09:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Invalid user ubuntu from 220.117.239.116
May  5 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: input_userauth_request: invalid user ubuntu [preauth]
May  5 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Failed password for invalid user ubuntu from 220.117.239.116 port 51958 ssh2
May  5 09:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Failed password for invalid user ubuntu from 220.117.239.116 port 51958 ssh2
May  5 09:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Failed password for invalid user ubuntu from 220.117.239.116 port 51958 ssh2
May  5 09:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Failed password for invalid user ubuntu from 220.117.239.116 port 51958 ssh2
May  5 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Received disconnect from 220.117.239.116 port 51958:11: disconnected by user [preauth]
May  5 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Disconnected from 220.117.239.116 port 51958 [preauth]
May  5 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 09:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Invalid user pi from 220.117.239.116
May  5 09:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: input_userauth_request: invalid user pi [preauth]
May  5 09:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Failed password for invalid user pi from 220.117.239.116 port 53808 ssh2
May  5 09:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Failed password for invalid user pi from 220.117.239.116 port 53808 ssh2
May  5 09:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Failed password for invalid user pi from 220.117.239.116 port 53808 ssh2
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user root
May  5 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9797]: pam_unix(cron:session): session closed for user p13x
May  5 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: Successful su for rubyman by root
May  5 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: + ??? root:rubyman
May  5 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333149 of user rubyman.
May  5 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9867]: pam_unix(su:session): session closed for user rubyman
May  5 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333149.
May  5 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Failed password for invalid user pi from 220.117.239.116 port 53808 ssh2
May  5 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Received disconnect from 220.117.239.116 port 53808:11: disconnected by user [preauth]
May  5 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: Disconnected from 220.117.239.116 port 53808 [preauth]
May  5 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9776]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 09:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9799]: pam_unix(cron:session): session closed for user root
May  5 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Invalid user baikal from 220.117.239.116
May  5 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: input_userauth_request: invalid user baikal [preauth]
May  5 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.117.239.116
May  5 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session closed for user root
May  5 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Failed password for invalid user baikal from 220.117.239.116 port 55634 ssh2
May  5 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Received disconnect from 220.117.239.116 port 55634:11: disconnected by user [preauth]
May  5 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9949]: Disconnected from 220.117.239.116 port 55634 [preauth]
May  5 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9798]: pam_unix(cron:session): session closed for user samftp
May  5 09:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: Invalid user cxc from 61.222.211.114
May  5 09:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: input_userauth_request: invalid user cxc [preauth]
May  5 09:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 09:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: Failed password for invalid user cxc from 61.222.211.114 port 42070 ssh2
May  5 09:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: Received disconnect from 61.222.211.114 port 42070:11: Bye Bye [preauth]
May  5 09:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10081]: Disconnected from 61.222.211.114 port 42070 [preauth]
May  5 09:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session closed for user root
May  5 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10309]: pam_unix(cron:session): session closed for user p13x
May  5 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: Successful su for rubyman by root
May  5 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: + ??? root:rubyman
May  5 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333150 of user rubyman.
May  5 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10380]: pam_unix(su:session): session closed for user rubyman
May  5 09:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333150.
May  5 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7383]: pam_unix(cron:session): session closed for user root
May  5 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user samftp
May  5 09:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.90.226.193  user=root
May  5 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Failed password for root from 103.90.226.193 port 47588 ssh2
May  5 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Received disconnect from 103.90.226.193 port 47588:11: Bye Bye [preauth]
May  5 09:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10645]: Disconnected from 103.90.226.193 port 47588 [preauth]
May  5 09:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  5 09:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10686]: Failed password for root from 218.92.0.203 port 9410 ssh2
May  5 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session closed for user root
May  5 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10801]: pam_unix(cron:session): session closed for user p13x
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: Successful su for rubyman by root
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: + ??? root:rubyman
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333155 of user rubyman.
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10861]: pam_unix(su:session): session closed for user rubyman
May  5 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333155.
May  5 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7953]: pam_unix(cron:session): session closed for user root
May  5 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10802]: pam_unix(cron:session): session closed for user samftp
May  5 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: Failed password for root from 185.213.174.209 port 51496 ssh2
May  5 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: Received disconnect from 185.213.174.209 port 51496:11: Bye Bye [preauth]
May  5 09:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11080]: Disconnected from 185.213.174.209 port 51496 [preauth]
May  5 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session closed for user root
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session closed for user p13x
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: Successful su for rubyman by root
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: + ??? root:rubyman
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333160 of user rubyman.
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11257]: pam_unix(su:session): session closed for user rubyman
May  5 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333160.
May  5 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session closed for user root
May  5 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session closed for user samftp
May  5 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Did not receive identification string from 193.32.162.139
May  5 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user root
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user p13x
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11653]: Successful su for rubyman by root
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11653]: + ??? root:rubyman
May  5 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333162 of user rubyman.
May  5 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11653]: pam_unix(su:session): session closed for user rubyman
May  5 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333162.
May  5 09:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8834]: pam_unix(cron:session): session closed for user root
May  5 09:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user samftp
May  5 09:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session closed for user root
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session closed for user root
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11978]: pam_unix(cron:session): session closed for user p13x
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12042]: Successful su for rubyman by root
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12042]: + ??? root:rubyman
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333168 of user rubyman.
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12042]: pam_unix(su:session): session closed for user rubyman
May  5 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333168.
May  5 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11980]: pam_unix(cron:session): session closed for user root
May  5 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user root
May  5 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11979]: pam_unix(cron:session): session closed for user samftp
May  5 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57  user=root
May  5 09:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: Invalid user zhangsan from 103.176.78.28
May  5 09:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: input_userauth_request: invalid user zhangsan [preauth]
May  5 09:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for root from 2.57.122.57 port 37508 ssh2
May  5 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Connection closed by 2.57.122.57 port 37508 [preauth]
May  5 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: Failed password for invalid user zhangsan from 103.176.78.28 port 43628 ssh2
May  5 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: Received disconnect from 103.176.78.28 port 43628:11: Bye Bye [preauth]
May  5 09:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12322]: Disconnected from 103.176.78.28 port 43628 [preauth]
May  5 09:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11200]: pam_unix(cron:session): session closed for user root
May  5 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12422]: pam_unix(cron:session): session closed for user p13x
May  5 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12486]: Successful su for rubyman by root
May  5 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12486]: + ??? root:rubyman
May  5 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333173 of user rubyman.
May  5 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12486]: pam_unix(su:session): session closed for user rubyman
May  5 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333173.
May  5 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9800]: pam_unix(cron:session): session closed for user root
May  5 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user samftp
May  5 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session closed for user root
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session closed for user p13x
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12868]: Successful su for rubyman by root
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12868]: + ??? root:rubyman
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333176 of user rubyman.
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12868]: pam_unix(su:session): session closed for user rubyman
May  5 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333176.
May  5 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10311]: pam_unix(cron:session): session closed for user root
May  5 09:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12810]: pam_unix(cron:session): session closed for user samftp
May  5 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11982]: pam_unix(cron:session): session closed for user root
May  5 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session closed for user p13x
May  5 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13264]: Successful su for rubyman by root
May  5 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13264]: + ??? root:rubyman
May  5 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333181 of user rubyman.
May  5 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13264]: pam_unix(su:session): session closed for user rubyman
May  5 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333181.
May  5 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session closed for user root
May  5 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session closed for user samftp
May  5 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user root
May  5 09:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Invalid user vpn from 176.31.162.135
May  5 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: input_userauth_request: invalid user vpn [preauth]
May  5 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 09:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Failed password for invalid user vpn from 176.31.162.135 port 44094 ssh2
May  5 09:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13677]: Connection closed by 176.31.162.135 port 44094 [preauth]
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13709]: pam_unix(cron:session): session closed for user p13x
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: Successful su for rubyman by root
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: + ??? root:rubyman
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333186 of user rubyman.
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13774]: pam_unix(su:session): session closed for user rubyman
May  5 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333186.
May  5 09:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11199]: pam_unix(cron:session): session closed for user root
May  5 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13710]: pam_unix(cron:session): session closed for user samftp
May  5 09:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Invalid user bio3 from 61.222.211.114
May  5 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: input_userauth_request: invalid user bio3 [preauth]
May  5 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Failed password for invalid user bio3 from 61.222.211.114 port 45840 ssh2
May  5 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Received disconnect from 61.222.211.114 port 45840:11: Bye Bye [preauth]
May  5 09:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13956]: Disconnected from 61.222.211.114 port 45840 [preauth]
May  5 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session closed for user root
May  5 09:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 09:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Invalid user ubnt from 80.94.95.241
May  5 09:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: input_userauth_request: invalid user ubnt [preauth]
May  5 09:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for invalid user ubnt from 80.94.95.241 port 35851 ssh2
May  5 09:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for invalid user ubnt from 80.94.95.241 port 35851 ssh2
May  5 09:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for invalid user ubnt from 80.94.95.241 port 35851 ssh2
May  5 09:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for invalid user ubnt from 80.94.95.241 port 35851 ssh2
May  5 09:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): check pass; user unknown
May  5 09:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for invalid user ubnt from 80.94.95.241 port 35851 ssh2
May  5 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Received disconnect from 80.94.95.241 port 35851:11: Bye [preauth]
May  5 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Disconnected from 80.94.95.241 port 35851 [preauth]
May  5 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 09:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14115]: pam_unix(cron:session): session closed for user root
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14111]: pam_unix(cron:session): session closed for user root
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14109]: pam_unix(cron:session): session closed for user p13x
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: Successful su for rubyman by root
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: + ??? root:rubyman
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333190 of user rubyman.
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: pam_unix(su:session): session closed for user rubyman
May  5 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333190.
May  5 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14112]: pam_unix(cron:session): session closed for user root
May  5 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session closed for user root
May  5 10:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14110]: pam_unix(cron:session): session closed for user samftp
May  5 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session closed for user root
May  5 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Invalid user email from 46.25.236.192
May  5 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: input_userauth_request: invalid user email [preauth]
May  5 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Failed password for invalid user email from 46.25.236.192 port 41458 ssh2
May  5 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Received disconnect from 46.25.236.192 port 41458:11: Bye Bye [preauth]
May  5 10:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14547]: Disconnected from 46.25.236.192 port 41458 [preauth]
May  5 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user p13x
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: Successful su for rubyman by root
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: + ??? root:rubyman
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333197 of user rubyman.
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14687]: pam_unix(su:session): session closed for user rubyman
May  5 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333197.
May  5 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11981]: pam_unix(cron:session): session closed for user root
May  5 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session closed for user samftp
May  5 10:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Invalid user windows from 45.176.12.6
May  5 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: input_userauth_request: invalid user windows [preauth]
May  5 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Failed password for invalid user windows from 45.176.12.6 port 43062 ssh2
May  5 10:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Received disconnect from 45.176.12.6 port 43062:11: Bye Bye [preauth]
May  5 10:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14873]: Disconnected from 45.176.12.6 port 43062 [preauth]
May  5 10:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 10:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Failed password for root from 119.160.193.12 port 39044 ssh2
May  5 10:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Received disconnect from 119.160.193.12 port 39044:11: Bye Bye [preauth]
May  5 10:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14882]: Disconnected from 119.160.193.12 port 39044 [preauth]
May  5 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13712]: pam_unix(cron:session): session closed for user root
May  5 10:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Invalid user user from 190.60.51.173
May  5 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: input_userauth_request: invalid user user [preauth]
May  5 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 10:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Failed password for invalid user user from 190.60.51.173 port 54160 ssh2
May  5 10:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Received disconnect from 190.60.51.173 port 54160:11: Bye Bye [preauth]
May  5 10:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14979]: Disconnected from 190.60.51.173 port 54160 [preauth]
May  5 10:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user p13x
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15097]: Successful su for rubyman by root
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15097]: + ??? root:rubyman
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333200 of user rubyman.
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15097]: pam_unix(su:session): session closed for user rubyman
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333200.
May  5 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Invalid user server from 185.213.174.209
May  5 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: input_userauth_request: invalid user server [preauth]
May  5 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Failed password for root from 218.92.0.179 port 14212 ssh2
May  5 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session closed for user root
May  5 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Failed password for invalid user server from 185.213.174.209 port 51892 ssh2
May  5 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Received disconnect from 185.213.174.209 port 51892:11: Bye Bye [preauth]
May  5 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Disconnected from 185.213.174.209 port 51892 [preauth]
May  5 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15040]: pam_unix(cron:session): session closed for user samftp
May  5 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Failed password for root from 218.92.0.179 port 14212 ssh2
May  5 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Failed password for root from 218.92.0.179 port 14212 ssh2
May  5 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Received disconnect from 218.92.0.179 port 14212:11:  [preauth]
May  5 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: Disconnected from 218.92.0.179 port 14212 [preauth]
May  5 10:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15029]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Invalid user ubuntu from 2.57.122.57
May  5 10:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: input_userauth_request: invalid user ubuntu [preauth]
May  5 10:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.57.122.57
May  5 10:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Failed password for invalid user ubuntu from 2.57.122.57 port 43554 ssh2
May  5 10:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Connection closed by 2.57.122.57 port 43554 [preauth]
May  5 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14114]: pam_unix(cron:session): session closed for user root
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session closed for user p13x
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15488]: Successful su for rubyman by root
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15488]: + ??? root:rubyman
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333203 of user rubyman.
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15488]: pam_unix(su:session): session closed for user rubyman
May  5 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333203.
May  5 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session closed for user root
May  5 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session closed for user samftp
May  5 10:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Failed password for root from 190.103.202.7 port 49640 ssh2
May  5 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session closed for user root
May  5 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15729]: Connection closed by 190.103.202.7 port 49640 [preauth]
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15818]: pam_unix(cron:session): session closed for user p13x
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15879]: Successful su for rubyman by root
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15879]: + ??? root:rubyman
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333209 of user rubyman.
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15879]: pam_unix(su:session): session closed for user rubyman
May  5 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333209.
May  5 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session closed for user root
May  5 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15819]: pam_unix(cron:session): session closed for user samftp
May  5 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session closed for user root
May  5 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Invalid user Q from 195.178.110.50
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: input_userauth_request: invalid user Q [preauth]
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Invalid user gt from 61.222.211.114
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: input_userauth_request: invalid user gt [preauth]
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Failed password for invalid user Q from 195.178.110.50 port 13250 ssh2
May  5 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Failed password for invalid user gt from 61.222.211.114 port 44656 ssh2
May  5 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Received disconnect from 61.222.211.114 port 44656:11: Bye Bye [preauth]
May  5 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16164]: Disconnected from 61.222.211.114 port 44656 [preauth]
May  5 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16117]: Connection closed by 195.178.110.50 port 13250 [preauth]
May  5 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Invalid user 2 from 195.178.110.50
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: input_userauth_request: invalid user 2 [preauth]
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16220]: pam_unix(cron:session): session closed for user root
May  5 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16215]: pam_unix(cron:session): session closed for user p13x
May  5 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16282]: Successful su for rubyman by root
May  5 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16282]: + ??? root:rubyman
May  5 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333216 of user rubyman.
May  5 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16282]: pam_unix(su:session): session closed for user rubyman
May  5 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333216.
May  5 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user 2 from 195.178.110.50 port 57824 ssh2
May  5 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13711]: pam_unix(cron:session): session closed for user root
May  5 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16217]: pam_unix(cron:session): session closed for user root
May  5 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 195.178.110.50 port 57824 [preauth]
May  5 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16216]: pam_unix(cron:session): session closed for user samftp
May  5 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Invalid user q from 195.178.110.50
May  5 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: input_userauth_request: invalid user q [preauth]
May  5 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 10:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Failed password for invalid user q from 195.178.110.50 port 30620 ssh2
May  5 10:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Connection closed by 195.178.110.50 port 30620 [preauth]
May  5 10:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15431]: pam_unix(cron:session): session closed for user root
May  5 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Invalid user R from 195.178.110.50
May  5 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: input_userauth_request: invalid user R [preauth]
May  5 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 10:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Failed password for invalid user R from 195.178.110.50 port 41276 ssh2
May  5 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16577]: Connection closed by 195.178.110.50 port 41276 [preauth]
May  5 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Invalid user 3 from 195.178.110.50
May  5 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: input_userauth_request: invalid user 3 [preauth]
May  5 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 10:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Failed password for invalid user 3 from 195.178.110.50 port 16304 ssh2
May  5 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16694]: pam_unix(cron:session): session closed for user p13x
May  5 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16763]: Successful su for rubyman by root
May  5 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16763]: + ??? root:rubyman
May  5 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333218 of user rubyman.
May  5 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16763]: pam_unix(su:session): session closed for user rubyman
May  5 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333218.
May  5 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16664]: Connection closed by 195.178.110.50 port 16304 [preauth]
May  5 10:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14113]: pam_unix(cron:session): session closed for user root
May  5 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16695]: pam_unix(cron:session): session closed for user samftp
May  5 10:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Invalid user junsun from 103.176.78.28
May  5 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: input_userauth_request: invalid user junsun [preauth]
May  5 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for invalid user junsun from 103.176.78.28 port 44596 ssh2
May  5 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Received disconnect from 103.176.78.28 port 44596:11: Bye Bye [preauth]
May  5 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Disconnected from 103.176.78.28 port 44596 [preauth]
May  5 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15821]: pam_unix(cron:session): session closed for user root
May  5 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Failed password for root from 185.213.174.209 port 46048 ssh2
May  5 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Received disconnect from 185.213.174.209 port 46048:11: Bye Bye [preauth]
May  5 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17048]: Disconnected from 185.213.174.209 port 46048 [preauth]
May  5 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Invalid user danny from 46.25.236.192
May  5 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: input_userauth_request: invalid user danny [preauth]
May  5 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Failed password for invalid user danny from 46.25.236.192 port 52778 ssh2
May  5 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Received disconnect from 46.25.236.192 port 52778:11: Bye Bye [preauth]
May  5 10:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Disconnected from 46.25.236.192 port 52778 [preauth]
May  5 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session closed for user p13x
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17196]: Successful su for rubyman by root
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17196]: + ??? root:rubyman
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333221 of user rubyman.
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17196]: pam_unix(su:session): session closed for user rubyman
May  5 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333221.
May  5 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session closed for user root
May  5 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session closed for user samftp
May  5 10:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 10:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17441]: Failed password for root from 190.60.51.173 port 43828 ssh2
May  5 10:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17441]: Received disconnect from 190.60.51.173 port 43828:11: Bye Bye [preauth]
May  5 10:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17441]: Disconnected from 190.60.51.173 port 43828 [preauth]
May  5 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16219]: pam_unix(cron:session): session closed for user root
May  5 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 10:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Failed password for root from 119.160.193.12 port 38430 ssh2
May  5 10:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Received disconnect from 119.160.193.12 port 38430:11: Bye Bye [preauth]
May  5 10:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Disconnected from 119.160.193.12 port 38430 [preauth]
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user p13x
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: Successful su for rubyman by root
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: + ??? root:rubyman
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333226 of user rubyman.
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17615]: pam_unix(su:session): session closed for user rubyman
May  5 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333226.
May  5 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session closed for user root
May  5 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17554]: pam_unix(cron:session): session closed for user samftp
May  5 10:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16697]: pam_unix(cron:session): session closed for user root
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18080]: pam_unix(cron:session): session closed for user p13x
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: Successful su for rubyman by root
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: + ??? root:rubyman
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333230 of user rubyman.
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18200]: pam_unix(su:session): session closed for user rubyman
May  5 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333230.
May  5 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18078]: pam_unix(cron:session): session closed for user root
May  5 10:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15430]: pam_unix(cron:session): session closed for user root
May  5 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18081]: pam_unix(cron:session): session closed for user samftp
May  5 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17135]: pam_unix(cron:session): session closed for user root
May  5 10:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114  user=root
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18605]: pam_unix(cron:session): session closed for user root
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18600]: pam_unix(cron:session): session closed for user p13x
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: Invalid user lora from 45.176.12.6
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: input_userauth_request: invalid user lora [preauth]
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: Successful su for rubyman by root
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: + ??? root:rubyman
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333235 of user rubyman.
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18670]: pam_unix(su:session): session closed for user rubyman
May  5 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333235.
May  5 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Failed password for root from 61.222.211.114 port 48138 ssh2
May  5 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Received disconnect from 61.222.211.114 port 48138:11: Bye Bye [preauth]
May  5 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18595]: Disconnected from 61.222.211.114 port 48138 [preauth]
May  5 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: Failed password for invalid user lora from 45.176.12.6 port 44120 ssh2
May  5 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18602]: pam_unix(cron:session): session closed for user root
May  5 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: Received disconnect from 45.176.12.6 port 44120:11: Bye Bye [preauth]
May  5 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18597]: Disconnected from 45.176.12.6 port 44120 [preauth]
May  5 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15820]: pam_unix(cron:session): session closed for user root
May  5 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18601]: pam_unix(cron:session): session closed for user samftp
May  5 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for root from 218.92.0.179 port 55776 ssh2
May  5 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session closed for user root
May  5 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for root from 218.92.0.179 port 55776 ssh2
May  5 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Failed password for root from 218.92.0.179 port 55776 ssh2
May  5 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Received disconnect from 218.92.0.179 port 55776:11:  [preauth]
May  5 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: Disconnected from 218.92.0.179 port 55776 [preauth]
May  5 10:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18950]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: Invalid user ftpuser from 185.213.174.209
May  5 10:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: input_userauth_request: invalid user ftpuser [preauth]
May  5 10:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: Failed password for invalid user ftpuser from 185.213.174.209 port 55306 ssh2
May  5 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: Received disconnect from 185.213.174.209 port 55306:11: Bye Bye [preauth]
May  5 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19026]: Disconnected from 185.213.174.209 port 55306 [preauth]
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19050]: pam_unix(cron:session): session closed for user p13x
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19123]: Successful su for rubyman by root
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19123]: + ??? root:rubyman
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333241 of user rubyman.
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19123]: pam_unix(su:session): session closed for user rubyman
May  5 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333241.
May  5 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16218]: pam_unix(cron:session): session closed for user root
May  5 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19051]: pam_unix(cron:session): session closed for user samftp
May  5 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18083]: pam_unix(cron:session): session closed for user root
May  5 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19460]: pam_unix(cron:session): session closed for user p13x
May  5 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: Successful su for rubyman by root
May  5 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: + ??? root:rubyman
May  5 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333245 of user rubyman.
May  5 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: pam_unix(su:session): session closed for user rubyman
May  5 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333245.
May  5 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16696]: pam_unix(cron:session): session closed for user root
May  5 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19461]: pam_unix(cron:session): session closed for user samftp
May  5 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19727]: Failed password for root from 46.25.236.192 port 32956 ssh2
May  5 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19727]: Received disconnect from 46.25.236.192 port 32956:11: Bye Bye [preauth]
May  5 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19727]: Disconnected from 46.25.236.192 port 32956 [preauth]
May  5 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18604]: pam_unix(cron:session): session closed for user root
May  5 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Invalid user malik from 190.60.51.173
May  5 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: input_userauth_request: invalid user malik [preauth]
May  5 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 10:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Failed password for invalid user malik from 190.60.51.173 port 58376 ssh2
May  5 10:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Received disconnect from 190.60.51.173 port 58376:11: Bye Bye [preauth]
May  5 10:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Disconnected from 190.60.51.173 port 58376 [preauth]
May  5 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session closed for user p13x
May  5 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19946]: Successful su for rubyman by root
May  5 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19946]: + ??? root:rubyman
May  5 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333248 of user rubyman.
May  5 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19946]: pam_unix(su:session): session closed for user rubyman
May  5 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333248.
May  5 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session closed for user root
May  5 10:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session closed for user samftp
May  5 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28  user=root
May  5 10:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Invalid user kudrethoxha from 119.160.193.12
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: input_userauth_request: invalid user kudrethoxha [preauth]
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Failed password for root from 103.176.78.28 port 49130 ssh2
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Received disconnect from 103.176.78.28 port 49130:11: Bye Bye [preauth]
May  5 10:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20142]: Disconnected from 103.176.78.28 port 49130 [preauth]
May  5 10:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Failed password for invalid user kudrethoxha from 119.160.193.12 port 60368 ssh2
May  5 10:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Received disconnect from 119.160.193.12 port 60368:11: Bye Bye [preauth]
May  5 10:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20154]: Disconnected from 119.160.193.12 port 60368 [preauth]
May  5 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19054]: pam_unix(cron:session): session closed for user root
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session closed for user p13x
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: Successful su for rubyman by root
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: + ??? root:rubyman
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333252 of user rubyman.
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: pam_unix(su:session): session closed for user rubyman
May  5 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333252.
May  5 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session closed for user root
May  5 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session closed for user samftp
May  5 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Invalid user email from 45.176.12.6
May  5 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: input_userauth_request: invalid user email [preauth]
May  5 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Failed password for invalid user email from 45.176.12.6 port 39360 ssh2
May  5 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Received disconnect from 45.176.12.6 port 39360:11: Bye Bye [preauth]
May  5 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Disconnected from 45.176.12.6 port 39360 [preauth]
May  5 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19463]: pam_unix(cron:session): session closed for user root
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session closed for user p13x
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: Successful su for rubyman by root
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: + ??? root:rubyman
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333258 of user rubyman.
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: pam_unix(su:session): session closed for user rubyman
May  5 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333258.
May  5 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session closed for user root
May  5 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18082]: pam_unix(cron:session): session closed for user root
May  5 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session closed for user samftp
May  5 10:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Invalid user user from 185.213.174.209
May  5 10:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: input_userauth_request: invalid user user [preauth]
May  5 10:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Invalid user ydkwon from 61.222.211.114
May  5 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: input_userauth_request: invalid user ydkwon [preauth]
May  5 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Failed password for invalid user user from 185.213.174.209 port 49082 ssh2
May  5 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Received disconnect from 185.213.174.209 port 49082:11: Bye Bye [preauth]
May  5 10:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21016]: Disconnected from 185.213.174.209 port 49082 [preauth]
May  5 10:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Failed password for invalid user ydkwon from 61.222.211.114 port 49614 ssh2
May  5 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Received disconnect from 61.222.211.114 port 49614:11: Bye Bye [preauth]
May  5 10:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21018]: Disconnected from 61.222.211.114 port 49614 [preauth]
May  5 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19886]: pam_unix(cron:session): session closed for user root
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session closed for user p13x
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: Successful su for rubyman by root
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: + ??? root:rubyman
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333262 of user rubyman.
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21244]: pam_unix(su:session): session closed for user rubyman
May  5 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333262.
May  5 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18603]: pam_unix(cron:session): session closed for user root
May  5 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21151]: pam_unix(cron:session): session closed for user samftp
May  5 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: Failed password for root from 218.92.0.179 port 63711 ssh2
May  5 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63711 ssh2]
May  5 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: Received disconnect from 218.92.0.179 port 63711:11:  [preauth]
May  5 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: Disconnected from 218.92.0.179 port 63711 [preauth]
May  5 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21430]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20301]: pam_unix(cron:session): session closed for user root
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21599]: pam_unix(cron:session): session closed for user root
May  5 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21601]: pam_unix(cron:session): session closed for user p13x
May  5 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21686]: Successful su for rubyman by root
May  5 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21686]: + ??? root:rubyman
May  5 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333267 of user rubyman.
May  5 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21686]: pam_unix(su:session): session closed for user rubyman
May  5 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333267.
May  5 10:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19053]: pam_unix(cron:session): session closed for user root
May  5 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21602]: pam_unix(cron:session): session closed for user samftp
May  5 10:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Invalid user server from 46.25.236.192
May  5 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: input_userauth_request: invalid user server [preauth]
May  5 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user root
May  5 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Failed password for invalid user server from 46.25.236.192 port 41306 ssh2
May  5 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Received disconnect from 46.25.236.192 port 41306:11: Bye Bye [preauth]
May  5 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22251]: Disconnected from 46.25.236.192 port 41306 [preauth]
May  5 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user p13x
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22429]: Successful su for rubyman by root
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22429]: + ??? root:rubyman
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333271 of user rubyman.
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22429]: pam_unix(su:session): session closed for user rubyman
May  5 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333271.
May  5 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: Failed password for root from 190.60.51.173 port 50206 ssh2
May  5 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: Received disconnect from 190.60.51.173 port 50206:11: Bye Bye [preauth]
May  5 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: Disconnected from 190.60.51.173 port 50206 [preauth]
May  5 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19462]: pam_unix(cron:session): session closed for user root
May  5 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user samftp
May  5 10:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22676]: Did not receive identification string from 193.32.162.134
May  5 10:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Invalid user admin from 80.94.95.112
May  5 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: input_userauth_request: invalid user admin [preauth]
May  5 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user admin from 80.94.95.112 port 10698 ssh2
May  5 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user admin from 80.94.95.112 port 10698 ssh2
May  5 10:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Failed password for root from 45.176.12.6 port 39612 ssh2
May  5 10:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Received disconnect from 45.176.12.6 port 39612:11: Bye Bye [preauth]
May  5 10:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22702]: Disconnected from 45.176.12.6 port 39612 [preauth]
May  5 10:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user admin from 80.94.95.112 port 10698 ssh2
May  5 10:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21153]: pam_unix(cron:session): session closed for user root
May  5 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user admin from 80.94.95.112 port 10698 ssh2
May  5 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user admin from 80.94.95.112 port 10698 ssh2
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Received disconnect from 80.94.95.112 port 10698:11: Bye [preauth]
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Disconnected from 80.94.95.112 port 10698 [preauth]
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Invalid user user from 119.160.193.12
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: input_userauth_request: invalid user user [preauth]
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Failed password for invalid user user from 119.160.193.12 port 34918 ssh2
May  5 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Received disconnect from 119.160.193.12 port 34918:11: Bye Bye [preauth]
May  5 10:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22744]: Disconnected from 119.160.193.12 port 34918 [preauth]
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22819]: pam_unix(cron:session): session closed for user p13x
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22888]: Successful su for rubyman by root
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22888]: + ??? root:rubyman
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333275 of user rubyman.
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22888]: pam_unix(su:session): session closed for user rubyman
May  5 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333275.
May  5 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session closed for user root
May  5 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22820]: pam_unix(cron:session): session closed for user samftp
May  5 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user root
May  5 10:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Invalid user ljj from 103.176.78.28
May  5 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: input_userauth_request: invalid user ljj [preauth]
May  5 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Failed password for invalid user ljj from 103.176.78.28 port 48952 ssh2
May  5 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Received disconnect from 103.176.78.28 port 48952:11: Bye Bye [preauth]
May  5 10:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23218]: Disconnected from 103.176.78.28 port 48952 [preauth]
May  5 10:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: Invalid user yan from 185.213.174.209
May  5 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: input_userauth_request: invalid user yan [preauth]
May  5 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: Failed password for invalid user yan from 185.213.174.209 port 58030 ssh2
May  5 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: Received disconnect from 185.213.174.209 port 58030:11: Bye Bye [preauth]
May  5 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23242]: Disconnected from 185.213.174.209 port 58030 [preauth]
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23276]: pam_unix(cron:session): session closed for user root
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23269]: pam_unix(cron:session): session closed for user p13x
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: Successful su for rubyman by root
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: + ??? root:rubyman
May  5 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333281 of user rubyman.
May  5 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23431]: pam_unix(su:session): session closed for user rubyman
May  5 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333281.
May  5 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20300]: pam_unix(cron:session): session closed for user root
May  5 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23271]: pam_unix(cron:session): session closed for user root
May  5 10:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23270]: pam_unix(cron:session): session closed for user samftp
May  5 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session closed for user root
May  5 10:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Invalid user linchunli from 61.222.211.114
May  5 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: input_userauth_request: invalid user linchunli [preauth]
May  5 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Failed password for invalid user linchunli from 61.222.211.114 port 55108 ssh2
May  5 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Received disconnect from 61.222.211.114 port 55108:11: Bye Bye [preauth]
May  5 10:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Disconnected from 61.222.211.114 port 55108 [preauth]
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session closed for user p13x
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: Successful su for rubyman by root
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: + ??? root:rubyman
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333287 of user rubyman.
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23973]: pam_unix(su:session): session closed for user rubyman
May  5 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333287.
May  5 10:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user root
May  5 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session closed for user samftp
May  5 10:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 10:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Failed password for root from 185.93.89.118 port 57968 ssh2
May  5 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22822]: pam_unix(cron:session): session closed for user root
May  5 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Connection closed by 185.93.89.118 port 57968 [preauth]
May  5 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Invalid user  from 47.76.164.177
May  5 10:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: input_userauth_request: invalid user  [preauth]
May  5 10:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24288]: Connection closed by 47.76.164.177 port 59904 [preauth]
May  5 10:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 10:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Failed password for root from 185.93.89.118 port 31182 ssh2
May  5 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24275]: Connection closed by 185.93.89.118 port 31182 [preauth]
May  5 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24360]: pam_unix(cron:session): session closed for user p13x
May  5 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24429]: Successful su for rubyman by root
May  5 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24429]: + ??? root:rubyman
May  5 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333291 of user rubyman.
May  5 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24429]: pam_unix(su:session): session closed for user rubyman
May  5 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333291.
May  5 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21152]: pam_unix(cron:session): session closed for user root
May  5 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session closed for user samftp
May  5 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Failed password for root from 185.93.89.118 port 2050 ssh2
May  5 10:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: Connection closed by 185.93.89.118 port 2050 [preauth]
May  5 10:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  5 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24663]: Failed password for root from 50.235.31.47 port 55814 ssh2
May  5 10:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24663]: Connection closed by 50.235.31.47 port 55814 [preauth]
May  5 10:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 10:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Failed password for root from 185.93.89.118 port 34948 ssh2
May  5 10:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24629]: Connection closed by 185.93.89.118 port 34948 [preauth]
May  5 10:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23273]: pam_unix(cron:session): session closed for user root
May  5 10:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Invalid user danny from 45.176.12.6
May  5 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: input_userauth_request: invalid user danny [preauth]
May  5 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: Failed password for root from 46.25.236.192 port 49646 ssh2
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for invalid user danny from 45.176.12.6 port 59338 ssh2
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: Received disconnect from 46.25.236.192 port 49646:11: Bye Bye [preauth]
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24756]: Disconnected from 46.25.236.192 port 49646 [preauth]
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Received disconnect from 45.176.12.6 port 59338:11: Bye Bye [preauth]
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Disconnected from 45.176.12.6 port 59338 [preauth]
May  5 10:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Failed password for root from 185.93.89.118 port 11910 ssh2
May  5 10:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24699]: Connection closed by 185.93.89.118 port 11910 [preauth]
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session closed for user p13x
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: Successful su for rubyman by root
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: + ??? root:rubyman
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333293 of user rubyman.
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: pam_unix(su:session): session closed for user rubyman
May  5 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333293.
May  5 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21603]: pam_unix(cron:session): session closed for user root
May  5 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session closed for user samftp
May  5 10:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Invalid user nhat from 190.60.51.173
May  5 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: input_userauth_request: invalid user nhat [preauth]
May  5 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user nhat from 190.60.51.173 port 59848 ssh2
May  5 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Received disconnect from 190.60.51.173 port 59848:11: Bye Bye [preauth]
May  5 10:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Disconnected from 190.60.51.173 port 59848 [preauth]
May  5 10:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23898]: pam_unix(cron:session): session closed for user root
May  5 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Invalid user yan from 119.160.193.12
May  5 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: input_userauth_request: invalid user yan [preauth]
May  5 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Failed password for invalid user yan from 119.160.193.12 port 47708 ssh2
May  5 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Received disconnect from 119.160.193.12 port 47708:11: Bye Bye [preauth]
May  5 10:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25181]: Disconnected from 119.160.193.12 port 47708 [preauth]
May  5 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session closed for user p13x
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: Successful su for rubyman by root
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: + ??? root:rubyman
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333297 of user rubyman.
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: pam_unix(su:session): session closed for user rubyman
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333297.
May  5 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user root
May  5 10:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Failed password for root from 185.213.174.209 port 44752 ssh2
May  5 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Received disconnect from 185.213.174.209 port 44752:11: Bye Bye [preauth]
May  5 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25199]: Disconnected from 185.213.174.209 port 44752 [preauth]
May  5 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user samftp
May  5 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: Failed password for root from 195.211.44.138 port 48960 ssh2
May  5 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: Received disconnect from 195.211.44.138 port 48960:11: Bye Bye [preauth]
May  5 10:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: Disconnected from 195.211.44.138 port 48960 [preauth]
May  5 10:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: Invalid user btc from 193.32.162.134
May  5 10:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: input_userauth_request: invalid user btc [preauth]
May  5 10:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 10:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: Failed password for invalid user btc from 193.32.162.134 port 46726 ssh2
May  5 10:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: Connection closed by 193.32.162.134 port 46726 [preauth]
May  5 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session closed for user root
May  5 10:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session closed for user root
May  5 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25632]: pam_unix(cron:session): session closed for user p13x
May  5 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25705]: Successful su for rubyman by root
May  5 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25705]: + ??? root:rubyman
May  5 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333305 of user rubyman.
May  5 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25705]: pam_unix(su:session): session closed for user rubyman
May  5 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333305.
May  5 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session closed for user root
May  5 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22821]: pam_unix(cron:session): session closed for user root
May  5 10:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25633]: pam_unix(cron:session): session closed for user samftp
May  5 10:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 10:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: Failed password for root from 218.92.0.215 port 42418 ssh2
May  5 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: message repeated 5 times: [ Failed password for root from 218.92.0.215 port 42418 ssh2]
May  5 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 42418 ssh2 [preauth]
May  5 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: Disconnecting: Too many authentication failures [preauth]
May  5 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 10:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25909]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 10:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24793]: pam_unix(cron:session): session closed for user root
May  5 10:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session closed for user p13x
May  5 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: Successful su for rubyman by root
May  5 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: + ??? root:rubyman
May  5 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333309 of user rubyman.
May  5 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26131]: pam_unix(su:session): session closed for user rubyman
May  5 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333309.
May  5 10:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23272]: pam_unix(cron:session): session closed for user root
May  5 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26063]: pam_unix(cron:session): session closed for user samftp
May  5 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Invalid user oracle from 103.176.78.28
May  5 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: input_userauth_request: invalid user oracle [preauth]
May  5 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Failed password for invalid user oracle from 103.176.78.28 port 54650 ssh2
May  5 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Received disconnect from 103.176.78.28 port 54650:11: Bye Bye [preauth]
May  5 10:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26294]: Disconnected from 103.176.78.28 port 54650 [preauth]
May  5 10:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Invalid user tom from 61.222.211.114
May  5 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: input_userauth_request: invalid user tom [preauth]
May  5 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Failed password for invalid user tom from 61.222.211.114 port 48138 ssh2
May  5 10:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Received disconnect from 61.222.211.114 port 48138:11: Bye Bye [preauth]
May  5 10:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26323]: Disconnected from 61.222.211.114 port 48138 [preauth]
May  5 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session closed for user root
May  5 10:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Invalid user librenms from 46.101.74.125
May  5 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: input_userauth_request: invalid user librenms [preauth]
May  5 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 10:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Failed password for invalid user librenms from 46.101.74.125 port 39668 ssh2
May  5 10:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Received disconnect from 46.101.74.125 port 39668:11: Bye Bye [preauth]
May  5 10:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Disconnected from 46.101.74.125 port 39668 [preauth]
May  5 10:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.76.164.177  user=root
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session closed for user p13x
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Failed password for root from 47.76.164.177 port 36390 ssh2
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: Successful su for rubyman by root
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: + ??? root:rubyman
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333312 of user rubyman.
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26613]: pam_unix(su:session): session closed for user rubyman
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333312.
May  5 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Connection closed by 47.76.164.177 port 36390 [preauth]
May  5 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23893]: pam_unix(cron:session): session closed for user root
May  5 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26552]: pam_unix(cron:session): session closed for user samftp
May  5 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Failed password for root from 45.176.12.6 port 49076 ssh2
May  5 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Received disconnect from 45.176.12.6 port 49076:11: Bye Bye [preauth]
May  5 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26734]: Disconnected from 45.176.12.6 port 49076 [preauth]
May  5 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Invalid user pi from 47.76.164.177
May  5 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: input_userauth_request: invalid user pi [preauth]
May  5 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.76.164.177
May  5 10:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Failed password for invalid user pi from 47.76.164.177 port 36420 ssh2
May  5 10:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26808]: Connection closed by 47.76.164.177 port 36420 [preauth]
May  5 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Invalid user nginx from 47.76.164.177
May  5 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: input_userauth_request: invalid user nginx [preauth]
May  5 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.76.164.177
May  5 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Failed password for invalid user nginx from 47.76.164.177 port 46376 ssh2
May  5 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Connection closed by 47.76.164.177 port 46376 [preauth]
May  5 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session closed for user root
May  5 10:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: Invalid user mutua from 128.251.119.173
May  5 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: input_userauth_request: invalid user mutua [preauth]
May  5 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: Failed password for invalid user mutua from 128.251.119.173 port 8768 ssh2
May  5 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26973]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session closed for user p13x
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27088]: Successful su for rubyman by root
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27088]: + ??? root:rubyman
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333315 of user rubyman.
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27088]: pam_unix(su:session): session closed for user rubyman
May  5 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333315.
May  5 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Failed password for root from 46.25.236.192 port 57996 ssh2
May  5 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Received disconnect from 46.25.236.192 port 57996:11: Bye Bye [preauth]
May  5 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26988]: Disconnected from 46.25.236.192 port 57996 [preauth]
May  5 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session closed for user root
May  5 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session closed for user samftp
May  5 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Invalid user kudrethoxha from 190.60.51.173
May  5 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: input_userauth_request: invalid user kudrethoxha [preauth]
May  5 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Failed password for invalid user kudrethoxha from 190.60.51.173 port 57386 ssh2
May  5 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Received disconnect from 190.60.51.173 port 57386:11: Bye Bye [preauth]
May  5 10:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27316]: Disconnected from 190.60.51.173 port 57386 [preauth]
May  5 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 10:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Failed password for root from 185.213.174.209 port 46350 ssh2
May  5 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Received disconnect from 185.213.174.209 port 46350:11: Bye Bye [preauth]
May  5 10:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27320]: Disconnected from 185.213.174.209 port 46350 [preauth]
May  5 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26065]: pam_unix(cron:session): session closed for user root
May  5 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27487]: pam_unix(cron:session): session closed for user p13x
May  5 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: Successful su for rubyman by root
May  5 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: + ??? root:rubyman
May  5 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333320 of user rubyman.
May  5 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: pam_unix(su:session): session closed for user rubyman
May  5 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333320.
May  5 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: Invalid user server from 119.160.193.12
May  5 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: input_userauth_request: invalid user server [preauth]
May  5 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session closed for user root
May  5 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: Failed password for invalid user server from 119.160.193.12 port 35918 ssh2
May  5 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: Received disconnect from 119.160.193.12 port 35918:11: Bye Bye [preauth]
May  5 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27555]: Disconnected from 119.160.193.12 port 35918 [preauth]
May  5 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27488]: pam_unix(cron:session): session closed for user samftp
May  5 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27630]: Failed password for root from 164.68.105.9 port 57626 ssh2
May  5 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27630]: Connection closed by 164.68.105.9 port 57626 [preauth]
May  5 10:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session closed for user root
May  5 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27810]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Invalid user hung from 46.244.96.25
May  5 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: input_userauth_request: invalid user hung [preauth]
May  5 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 10:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Failed password for invalid user hung from 46.244.96.25 port 35576 ssh2
May  5 10:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27878]: Connection closed by 46.244.96.25 port 35576 [preauth]
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27904]: pam_unix(cron:session): session closed for user root
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27897]: pam_unix(cron:session): session closed for user p13x
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: Successful su for rubyman by root
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: + ??? root:rubyman
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333325 of user rubyman.
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27968]: pam_unix(su:session): session closed for user rubyman
May  5 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333325.
May  5 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session closed for user root
May  5 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user root
May  5 10:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27900]: pam_unix(cron:session): session closed for user samftp
May  5 10:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Invalid user eth from 193.32.162.134
May  5 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: input_userauth_request: invalid user eth [preauth]
May  5 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Failed password for invalid user eth from 193.32.162.134 port 58922 ssh2
May  5 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28241]: Connection closed by 193.32.162.134 port 58922 [preauth]
May  5 10:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27007]: pam_unix(cron:session): session closed for user root
May  5 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28334]: pam_unix(cron:session): session closed for user p13x
May  5 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28404]: Successful su for rubyman by root
May  5 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28404]: + ??? root:rubyman
May  5 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333330 of user rubyman.
May  5 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28404]: pam_unix(su:session): session closed for user rubyman
May  5 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333330.
May  5 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session closed for user root
May  5 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28335]: pam_unix(cron:session): session closed for user samftp
May  5 10:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Invalid user user from 128.251.119.173
May  5 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: input_userauth_request: invalid user user [preauth]
May  5 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Failed password for invalid user user from 128.251.119.173 port 8768 ssh2
May  5 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: Failed password for root from 45.176.12.6 port 54050 ssh2
May  5 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: Received disconnect from 45.176.12.6 port 54050:11: Bye Bye [preauth]
May  5 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: Disconnected from 45.176.12.6 port 54050 [preauth]
May  5 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session closed for user root
May  5 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Failed password for root from 218.92.0.179 port 20248 ssh2
May  5 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20248 ssh2]
May  5 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Received disconnect from 218.92.0.179 port 20248:11:  [preauth]
May  5 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Disconnected from 218.92.0.179 port 20248 [preauth]
May  5 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Invalid user tunnel from 61.222.211.114
May  5 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: input_userauth_request: invalid user tunnel [preauth]
May  5 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Failed password for invalid user tunnel from 61.222.211.114 port 36060 ssh2
May  5 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Received disconnect from 61.222.211.114 port 36060:11: Bye Bye [preauth]
May  5 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Disconnected from 61.222.211.114 port 36060 [preauth]
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28746]: pam_unix(cron:session): session closed for user p13x
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28809]: Successful su for rubyman by root
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28809]: + ??? root:rubyman
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333334 of user rubyman.
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28809]: pam_unix(su:session): session closed for user rubyman
May  5 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333334.
May  5 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26064]: pam_unix(cron:session): session closed for user root
May  5 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28747]: pam_unix(cron:session): session closed for user samftp
May  5 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session closed for user root
May  5 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28  user=root
May  5 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: Failed password for root from 103.176.78.28 port 56966 ssh2
May  5 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: Received disconnect from 103.176.78.28 port 56966:11: Bye Bye [preauth]
May  5 10:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29202]: Disconnected from 103.176.78.28 port 56966 [preauth]
May  5 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user email from 185.213.174.209
May  5 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user email [preauth]
May  5 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user email from 185.213.174.209 port 58098 ssh2
May  5 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Received disconnect from 185.213.174.209 port 58098:11: Bye Bye [preauth]
May  5 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Disconnected from 185.213.174.209 port 58098 [preauth]
May  5 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Invalid user mysqld from 128.251.119.173
May  5 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: input_userauth_request: invalid user mysqld [preauth]
May  5 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Invalid user telnet from 80.94.95.125
May  5 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: input_userauth_request: invalid user telnet [preauth]
May  5 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 10:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Failed password for invalid user mysqld from 128.251.119.173 port 8768 ssh2
May  5 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user telnet from 80.94.95.125 port 12219 ssh2
May  5 10:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user telnet from 80.94.95.125 port 12219 ssh2
May  5 10:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user telnet from 80.94.95.125 port 12219 ssh2
May  5 10:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29253]: pam_unix(cron:session): session closed for user p13x
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: Successful su for rubyman by root
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: + ??? root:rubyman
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333338 of user rubyman.
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29319]: pam_unix(su:session): session closed for user rubyman
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333338.
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user telnet from 80.94.95.125 port 12219 ssh2
May  5 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session closed for user root
May  5 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Failed password for invalid user telnet from 80.94.95.125 port 12219 ssh2
May  5 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Received disconnect from 80.94.95.125 port 12219:11: Bye [preauth]
May  5 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: Disconnected from 80.94.95.125 port 12219 [preauth]
May  5 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29239]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29254]: pam_unix(cron:session): session closed for user samftp
May  5 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29541]: Invalid user  from 65.49.1.76
May  5 10:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29541]: input_userauth_request: invalid user  [preauth]
May  5 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Invalid user lora from 46.25.236.192
May  5 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: input_userauth_request: invalid user lora [preauth]
May  5 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29541]: Connection closed by 65.49.1.76 port 9453 [preauth]
May  5 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Failed password for invalid user lora from 46.25.236.192 port 38102 ssh2
May  5 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Received disconnect from 46.25.236.192 port 38102:11: Bye Bye [preauth]
May  5 10:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29546]: Disconnected from 46.25.236.192 port 38102 [preauth]
May  5 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28337]: pam_unix(cron:session): session closed for user root
May  5 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Failed password for root from 190.60.51.173 port 56614 ssh2
May  5 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Received disconnect from 190.60.51.173 port 56614:11: Bye Bye [preauth]
May  5 10:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Disconnected from 190.60.51.173 port 56614 [preauth]
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29674]: pam_unix(cron:session): session closed for user p13x
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29742]: Successful su for rubyman by root
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29742]: + ??? root:rubyman
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333342 of user rubyman.
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29742]: pam_unix(su:session): session closed for user rubyman
May  5 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333342.
May  5 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session closed for user root
May  5 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29675]: pam_unix(cron:session): session closed for user samftp
May  5 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Invalid user windows from 119.160.193.12
May  5 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: input_userauth_request: invalid user windows [preauth]
May  5 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Failed password for invalid user windows from 119.160.193.12 port 59822 ssh2
May  5 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Received disconnect from 119.160.193.12 port 59822:11: Bye Bye [preauth]
May  5 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Disconnected from 119.160.193.12 port 59822 [preauth]
May  5 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28749]: pam_unix(cron:session): session closed for user root
May  5 10:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: Invalid user devops from 128.251.119.173
May  5 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: input_userauth_request: invalid user devops [preauth]
May  5 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: Failed password for invalid user devops from 128.251.119.173 port 8768 ssh2
May  5 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30022]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Invalid user lbx from 46.101.74.125
May  5 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: input_userauth_request: invalid user lbx [preauth]
May  5 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30090]: pam_unix(cron:session): session closed for user root
May  5 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30084]: pam_unix(cron:session): session closed for user p13x
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30155]: Successful su for rubyman by root
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30155]: + ??? root:rubyman
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333346 of user rubyman.
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30155]: pam_unix(su:session): session closed for user rubyman
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333346.
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Failed password for invalid user lbx from 46.101.74.125 port 41710 ssh2
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Received disconnect from 46.101.74.125 port 41710:11: Bye Bye [preauth]
May  5 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Disconnected from 46.101.74.125 port 41710 [preauth]
May  5 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30086]: pam_unix(cron:session): session closed for user root
May  5 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session closed for user root
May  5 10:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30085]: pam_unix(cron:session): session closed for user samftp
May  5 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29256]: pam_unix(cron:session): session closed for user root
May  5 10:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Invalid user yan from 45.176.12.6
May  5 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: input_userauth_request: invalid user yan [preauth]
May  5 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Failed password for invalid user yan from 45.176.12.6 port 59764 ssh2
May  5 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Received disconnect from 45.176.12.6 port 59764:11: Bye Bye [preauth]
May  5 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30471]: Disconnected from 45.176.12.6 port 59764 [preauth]
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30515]: pam_unix(cron:session): session closed for user p13x
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30579]: Successful su for rubyman by root
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30579]: + ??? root:rubyman
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333353 of user rubyman.
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30579]: pam_unix(su:session): session closed for user rubyman
May  5 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333353.
May  5 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Invalid user mutua from 195.211.44.138
May  5 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: input_userauth_request: invalid user mutua [preauth]
May  5 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session closed for user root
May  5 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  5 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Failed password for invalid user mutua from 195.211.44.138 port 49176 ssh2
May  5 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Received disconnect from 195.211.44.138 port 49176:11: Bye Bye [preauth]
May  5 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Disconnected from 195.211.44.138 port 49176 [preauth]
May  5 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30516]: pam_unix(cron:session): session closed for user samftp
May  5 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Failed password for root from 186.96.145.241 port 54816 ssh2
May  5 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30733]: Connection closed by 186.96.145.241 port 54816 [preauth]
May  5 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Invalid user mike from 128.251.119.173
May  5 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: input_userauth_request: invalid user mike [preauth]
May  5 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Failed password for invalid user mike from 128.251.119.173 port 8768 ssh2
May  5 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29677]: pam_unix(cron:session): session closed for user root
May  5 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Invalid user bnb from 193.32.162.134
May  5 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: input_userauth_request: invalid user bnb [preauth]
May  5 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 10:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Failed password for invalid user bnb from 193.32.162.134 port 42750 ssh2
May  5 10:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Connection closed by 193.32.162.134 port 42750 [preauth]
May  5 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Invalid user ubnt from 80.94.95.241
May  5 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: input_userauth_request: invalid user ubnt [preauth]
May  5 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30924]: pam_unix(cron:session): session closed for user p13x
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114  user=root
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30986]: Successful su for rubyman by root
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30986]: + ??? root:rubyman
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333356 of user rubyman.
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30986]: pam_unix(su:session): session closed for user rubyman
May  5 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333356.
May  5 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user ubnt from 80.94.95.241 port 29904 ssh2
May  5 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Failed password for root from 61.222.211.114 port 52576 ssh2
May  5 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Received disconnect from 61.222.211.114 port 52576:11: Bye Bye [preauth]
May  5 10:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30913]: Disconnected from 61.222.211.114 port 52576 [preauth]
May  5 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28336]: pam_unix(cron:session): session closed for user root
May  5 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user ubnt from 80.94.95.241 port 29904 ssh2
May  5 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30925]: pam_unix(cron:session): session closed for user samftp
May  5 10:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user ubnt from 80.94.95.241 port 29904 ssh2
May  5 10:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user ubnt from 80.94.95.241 port 29904 ssh2
May  5 10:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user ubnt from 80.94.95.241 port 29904 ssh2
May  5 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Received disconnect from 80.94.95.241 port 29904:11: Bye [preauth]
May  5 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Disconnected from 80.94.95.241 port 29904 [preauth]
May  5 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: Invalid user kudrethoxha from 185.213.174.209
May  5 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: input_userauth_request: invalid user kudrethoxha [preauth]
May  5 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: Failed password for invalid user kudrethoxha from 185.213.174.209 port 49520 ssh2
May  5 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: Received disconnect from 185.213.174.209 port 49520:11: Bye Bye [preauth]
May  5 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: Disconnected from 185.213.174.209 port 49520 [preauth]
May  5 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30089]: pam_unix(cron:session): session closed for user root
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user p13x
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: Successful su for rubyman by root
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: + ??? root:rubyman
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333360 of user rubyman.
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31392]: pam_unix(su:session): session closed for user rubyman
May  5 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333360.
May  5 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28748]: pam_unix(cron:session): session closed for user root
May  5 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session closed for user samftp
May  5 10:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30518]: pam_unix(cron:session): session closed for user root
May  5 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Invalid user user from 46.25.236.192
May  5 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: input_userauth_request: invalid user user [preauth]
May  5 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Failed password for invalid user user from 46.25.236.192 port 46444 ssh2
May  5 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Received disconnect from 46.25.236.192 port 46444:11: Bye Bye [preauth]
May  5 10:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31695]: Disconnected from 46.25.236.192 port 46444 [preauth]
May  5 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Failed password for root from 190.60.51.173 port 49136 ssh2
May  5 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Received disconnect from 190.60.51.173 port 49136:11: Bye Bye [preauth]
May  5 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Disconnected from 190.60.51.173 port 49136 [preauth]
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session closed for user p13x
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: Successful su for rubyman by root
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: + ??? root:rubyman
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333366 of user rubyman.
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31851]: pam_unix(su:session): session closed for user rubyman
May  5 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333366.
May  5 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session closed for user root
May  5 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session closed for user root
May  5 10:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session closed for user samftp
May  5 10:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Invalid user tbd from 103.176.78.28
May  5 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: input_userauth_request: invalid user tbd [preauth]
May  5 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Failed password for invalid user tbd from 103.176.78.28 port 48664 ssh2
May  5 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Received disconnect from 103.176.78.28 port 48664:11: Bye Bye [preauth]
May  5 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32105]: Disconnected from 103.176.78.28 port 48664 [preauth]
May  5 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Invalid user admin from 139.19.117.131
May  5 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: input_userauth_request: invalid user admin [preauth]
May  5 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32159]: Failed password for root from 46.101.74.125 port 32808 ssh2
May  5 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32159]: Received disconnect from 46.101.74.125 port 32808:11: Bye Bye [preauth]
May  5 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32159]: Disconnected from 46.101.74.125 port 32808 [preauth]
May  5 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30928]: pam_unix(cron:session): session closed for user root
May  5 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32168]: Connection closed by 139.19.117.131 port 51542 [preauth]
May  5 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Invalid user nhat from 119.160.193.12
May  5 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: input_userauth_request: invalid user nhat [preauth]
May  5 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Failed password for invalid user nhat from 119.160.193.12 port 34122 ssh2
May  5 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Received disconnect from 119.160.193.12 port 34122:11: Bye Bye [preauth]
May  5 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32233]: Disconnected from 119.160.193.12 port 34122 [preauth]
May  5 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Invalid user postgres from 45.176.12.6
May  5 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: input_userauth_request: invalid user postgres [preauth]
May  5 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Failed password for invalid user postgres from 45.176.12.6 port 41436 ssh2
May  5 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Received disconnect from 45.176.12.6 port 41436:11: Bye Bye [preauth]
May  5 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32252]: Disconnected from 45.176.12.6 port 41436 [preauth]
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32268]: pam_unix(cron:session): session closed for user root
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32263]: pam_unix(cron:session): session closed for user p13x
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: Successful su for rubyman by root
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: + ??? root:rubyman
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333368 of user rubyman.
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32328]: pam_unix(su:session): session closed for user rubyman
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333368.
May  5 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Invalid user lbx from 128.251.119.173
May  5 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: input_userauth_request: invalid user lbx [preauth]
May  5 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32265]: pam_unix(cron:session): session closed for user root
May  5 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29676]: pam_unix(cron:session): session closed for user root
May  5 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Failed password for invalid user lbx from 128.251.119.173 port 8768 ssh2
May  5 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32341]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32264]: pam_unix(cron:session): session closed for user samftp
May  5 10:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
May  5 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[331]: pam_unix(cron:session): session closed for user p13x
May  5 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: Successful su for rubyman by root
May  5 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: + ??? root:rubyman
May  5 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333375 of user rubyman.
May  5 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[414]: pam_unix(su:session): session closed for user rubyman
May  5 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333375.
May  5 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30088]: pam_unix(cron:session): session closed for user root
May  5 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user samftp
May  5 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Invalid user librenms from 195.211.44.138
May  5 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: input_userauth_request: invalid user librenms [preauth]
May  5 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Failed password for invalid user librenms from 195.211.44.138 port 49294 ssh2
May  5 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Received disconnect from 195.211.44.138 port 49294:11: Bye Bye [preauth]
May  5 10:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Disconnected from 195.211.44.138 port 49294 [preauth]
May  5 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Failed password for root from 218.92.0.179 port 42245 ssh2
May  5 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42245 ssh2]
May  5 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Received disconnect from 218.92.0.179 port 42245:11:  [preauth]
May  5 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Disconnected from 218.92.0.179 port 42245 [preauth]
May  5 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session closed for user root
May  5 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Invalid user lora from 185.213.174.209
May  5 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: input_userauth_request: invalid user lora [preauth]
May  5 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Failed password for invalid user lora from 185.213.174.209 port 36522 ssh2
May  5 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Received disconnect from 185.213.174.209 port 36522:11: Bye Bye [preauth]
May  5 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Disconnected from 185.213.174.209 port 36522 [preauth]
May  5 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Invalid user yuxiang from 128.251.119.173
May  5 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: input_userauth_request: invalid user yuxiang [preauth]
May  5 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user yuxiang from 128.251.119.173 port 8768 ssh2
May  5 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[802]: pam_unix(cron:session): session closed for user p13x
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: Successful su for rubyman by root
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: + ??? root:rubyman
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333378 of user rubyman.
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[868]: pam_unix(su:session): session closed for user rubyman
May  5 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333378.
May  5 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30517]: pam_unix(cron:session): session closed for user root
May  5 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session closed for user samftp
May  5 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Invalid user root1 from 61.222.211.114
May  5 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: input_userauth_request: invalid user root1 [preauth]
May  5 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Failed password for invalid user root1 from 61.222.211.114 port 48854 ssh2
May  5 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Received disconnect from 61.222.211.114 port 48854:11: Bye Bye [preauth]
May  5 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Disconnected from 61.222.211.114 port 48854 [preauth]
May  5 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32267]: pam_unix(cron:session): session closed for user root
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session closed for user p13x
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1316]: Successful su for rubyman by root
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1316]: + ??? root:rubyman
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333382 of user rubyman.
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1316]: pam_unix(su:session): session closed for user rubyman
May  5 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333382.
May  5 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30926]: pam_unix(cron:session): session closed for user root
May  5 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Invalid user usdt from 193.32.162.134
May  5 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: input_userauth_request: invalid user usdt [preauth]
May  5 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1241]: pam_unix(cron:session): session closed for user samftp
May  5 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Failed password for invalid user usdt from 193.32.162.134 port 54802 ssh2
May  5 10:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Connection closed by 193.32.162.134 port 54802 [preauth]
May  5 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
May  5 10:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Invalid user djq19 from 128.251.119.173
May  5 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: input_userauth_request: invalid user djq19 [preauth]
May  5 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Failed password for invalid user djq19 from 128.251.119.173 port 8768 ssh2
May  5 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1642]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Failed password for root from 46.25.236.192 port 54794 ssh2
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Received disconnect from 46.25.236.192 port 54794:11: Bye Bye [preauth]
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Disconnected from 46.25.236.192 port 54794 [preauth]
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Invalid user liuzy from 46.101.74.125
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: input_userauth_request: invalid user liuzy [preauth]
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Failed password for invalid user liuzy from 46.101.74.125 port 46984 ssh2
May  5 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Received disconnect from 46.101.74.125 port 46984:11: Bye Bye [preauth]
May  5 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Disconnected from 46.101.74.125 port 46984 [preauth]
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1706]: pam_unix(cron:session): session closed for user p13x
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1773]: Successful su for rubyman by root
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1773]: + ??? root:rubyman
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333386 of user rubyman.
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1773]: pam_unix(su:session): session closed for user rubyman
May  5 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333386.
May  5 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user root
May  5 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1707]: pam_unix(cron:session): session closed for user samftp
May  5 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 10:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Failed password for root from 190.60.51.173 port 46546 ssh2
May  5 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Received disconnect from 190.60.51.173 port 46546:11: Bye Bye [preauth]
May  5 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2050]: Disconnected from 190.60.51.173 port 46546 [preauth]
May  5 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Failed password for root from 218.92.0.179 port 35078 ssh2
May  5 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35078 ssh2]
May  5 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Received disconnect from 218.92.0.179 port 35078:11:  [preauth]
May  5 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Disconnected from 218.92.0.179 port 35078 [preauth]
May  5 10:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user kudrethoxha from 45.176.12.6
May  5 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user kudrethoxha [preauth]
May  5 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user kudrethoxha from 45.176.12.6 port 35800 ssh2
May  5 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Received disconnect from 45.176.12.6 port 35800:11: Bye Bye [preauth]
May  5 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Disconnected from 45.176.12.6 port 35800 [preauth]
May  5 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session closed for user root
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2210]: pam_unix(cron:session): session closed for user root
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2204]: pam_unix(cron:session): session closed for user p13x
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: Successful su for rubyman by root
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: + ??? root:rubyman
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333393 of user rubyman.
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: pam_unix(su:session): session closed for user rubyman
May  5 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333393.
May  5 10:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session closed for user root
May  5 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session closed for user root
May  5 10:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session closed for user samftp
May  5 10:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2536]: Failed password for root from 119.160.193.12 port 53676 ssh2
May  5 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2536]: Received disconnect from 119.160.193.12 port 53676:11: Bye Bye [preauth]
May  5 10:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2536]: Disconnected from 119.160.193.12 port 53676 [preauth]
May  5 10:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2568]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1243]: pam_unix(cron:session): session closed for user root
May  5 10:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Invalid user iptv from 103.176.78.28
May  5 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: input_userauth_request: invalid user iptv [preauth]
May  5 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Failed password for invalid user iptv from 103.176.78.28 port 52464 ssh2
May  5 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Received disconnect from 103.176.78.28 port 52464:11: Bye Bye [preauth]
May  5 10:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2638]: Disconnected from 103.176.78.28 port 52464 [preauth]
May  5 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Failed password for root from 185.213.174.209 port 52444 ssh2
May  5 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Received disconnect from 185.213.174.209 port 52444:11: Bye Bye [preauth]
May  5 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2674]: Disconnected from 185.213.174.209 port 52444 [preauth]
May  5 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session closed for user p13x
May  5 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2766]: Successful su for rubyman by root
May  5 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2766]: + ??? root:rubyman
May  5 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333396 of user rubyman.
May  5 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2766]: pam_unix(su:session): session closed for user rubyman
May  5 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333396.
May  5 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32266]: pam_unix(cron:session): session closed for user root
May  5 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2697]: pam_unix(cron:session): session closed for user samftp
May  5 10:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for root from 195.211.44.138 port 49420 ssh2
May  5 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Received disconnect from 195.211.44.138 port 49420:11: Bye Bye [preauth]
May  5 10:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Disconnected from 195.211.44.138 port 49420 [preauth]
May  5 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session closed for user root
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session closed for user p13x
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3174]: Successful su for rubyman by root
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3174]: + ??? root:rubyman
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333402 of user rubyman.
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3174]: pam_unix(su:session): session closed for user rubyman
May  5 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333402.
May  5 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user root
May  5 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3110]: pam_unix(cron:session): session closed for user samftp
May  5 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Invalid user librenms from 128.251.119.173
May  5 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: input_userauth_request: invalid user librenms [preauth]
May  5 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Failed password for invalid user librenms from 128.251.119.173 port 8768 ssh2
May  5 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session closed for user root
May  5 10:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114  user=root
May  5 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Failed password for root from 61.222.211.114 port 36324 ssh2
May  5 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Received disconnect from 61.222.211.114 port 36324:11: Bye Bye [preauth]
May  5 10:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3540]: Disconnected from 61.222.211.114 port 36324 [preauth]
May  5 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session closed for user p13x
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: Successful su for rubyman by root
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: + ??? root:rubyman
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333404 of user rubyman.
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: pam_unix(su:session): session closed for user rubyman
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333404.
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Invalid user user from 46.101.74.125
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: input_userauth_request: invalid user user [preauth]
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session closed for user root
May  5 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Failed password for invalid user user from 46.101.74.125 port 58284 ssh2
May  5 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Received disconnect from 46.101.74.125 port 58284:11: Bye Bye [preauth]
May  5 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3543]: Disconnected from 46.101.74.125 port 58284 [preauth]
May  5 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session closed for user samftp
May  5 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Failed password for root from 218.92.0.179 port 12178 ssh2
May  5 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12178 ssh2]
May  5 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Received disconnect from 218.92.0.179 port 12178:11:  [preauth]
May  5 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: Disconnected from 218.92.0.179 port 12178 [preauth]
May  5 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3846]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2699]: pam_unix(cron:session): session closed for user root
May  5 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Invalid user server from 45.176.12.6
May  5 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: input_userauth_request: invalid user server [preauth]
May  5 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Failed password for invalid user server from 45.176.12.6 port 54834 ssh2
May  5 10:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Received disconnect from 45.176.12.6 port 54834:11: Bye Bye [preauth]
May  5 10:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Disconnected from 45.176.12.6 port 54834 [preauth]
May  5 10:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4016]: pam_unix(cron:session): session closed for user p13x
May  5 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: Successful su for rubyman by root
May  5 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: + ??? root:rubyman
May  5 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333409 of user rubyman.
May  5 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4077]: pam_unix(su:session): session closed for user rubyman
May  5 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333409.
May  5 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1242]: pam_unix(cron:session): session closed for user root
May  5 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session closed for user samftp
May  5 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Invalid user postgres from 46.25.236.192
May  5 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: input_userauth_request: invalid user postgres [preauth]
May  5 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for invalid user postgres from 46.25.236.192 port 34900 ssh2
May  5 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Received disconnect from 46.25.236.192 port 34900:11: Bye Bye [preauth]
May  5 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Disconnected from 46.25.236.192 port 34900 [preauth]
May  5 10:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4371]: Did not receive identification string from 193.32.162.139
May  5 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Invalid user lora from 190.60.51.173
May  5 10:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: input_userauth_request: invalid user lora [preauth]
May  5 10:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Failed password for invalid user lora from 190.60.51.173 port 45472 ssh2
May  5 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Received disconnect from 190.60.51.173 port 45472:11: Bye Bye [preauth]
May  5 10:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Disconnected from 190.60.51.173 port 45472 [preauth]
May  5 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: Invalid user usdc from 193.32.162.134
May  5 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: input_userauth_request: invalid user usdc [preauth]
May  5 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: Failed password for invalid user usdc from 193.32.162.134 port 38624 ssh2
May  5 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4456]: Connection closed by 193.32.162.134 port 38624 [preauth]
May  5 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session closed for user root
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4590]: pam_unix(cron:session): session closed for user root
May  5 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4583]: pam_unix(cron:session): session closed for user p13x
May  5 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: Successful su for rubyman by root
May  5 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: + ??? root:rubyman
May  5 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333414 of user rubyman.
May  5 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4653]: pam_unix(su:session): session closed for user rubyman
May  5 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333414.
May  5 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session closed for user root
May  5 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
May  5 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session closed for user samftp
May  5 10:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 10:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: Failed password for root from 185.213.174.209 port 37738 ssh2
May  5 10:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: Received disconnect from 185.213.174.209 port 37738:11: Bye Bye [preauth]
May  5 10:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: Disconnected from 185.213.174.209 port 37738 [preauth]
May  5 10:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session closed for user root
May  5 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Failed password for root from 119.160.193.12 port 52900 ssh2
May  5 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Received disconnect from 119.160.193.12 port 52900:11: Bye Bye [preauth]
May  5 10:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Disconnected from 119.160.193.12 port 52900 [preauth]
May  5 10:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Invalid user gp from 128.251.119.173
May  5 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: input_userauth_request: invalid user gp [preauth]
May  5 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Failed password for invalid user gp from 128.251.119.173 port 8768 ssh2
May  5 10:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4989]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5226]: pam_unix(cron:session): session closed for user p13x
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: Successful su for rubyman by root
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: + ??? root:rubyman
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333419 of user rubyman.
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5300]: pam_unix(su:session): session closed for user rubyman
May  5 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333419.
May  5 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session closed for user root
May  5 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5227]: pam_unix(cron:session): session closed for user samftp
May  5 10:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Invalid user mysqld from 195.211.44.138
May  5 10:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: input_userauth_request: invalid user mysqld [preauth]
May  5 10:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Failed password for invalid user mysqld from 195.211.44.138 port 49546 ssh2
May  5 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Received disconnect from 195.211.44.138 port 49546:11: Bye Bye [preauth]
May  5 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5554]: Disconnected from 195.211.44.138 port 49546 [preauth]
May  5 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4019]: pam_unix(cron:session): session closed for user root
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session closed for user p13x
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5771]: Successful su for rubyman by root
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5771]: + ??? root:rubyman
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333422 of user rubyman.
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5771]: pam_unix(su:session): session closed for user rubyman
May  5 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333422.
May  5 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2698]: pam_unix(cron:session): session closed for user root
May  5 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5711]: pam_unix(cron:session): session closed for user samftp
May  5 10:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Invalid user mysqld from 46.101.74.125
May  5 10:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: input_userauth_request: invalid user mysqld [preauth]
May  5 10:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Failed password for invalid user mysqld from 46.101.74.125 port 47328 ssh2
May  5 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Received disconnect from 46.101.74.125 port 47328:11: Bye Bye [preauth]
May  5 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Disconnected from 46.101.74.125 port 47328 [preauth]
May  5 10:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 10:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Invalid user zabbix from 103.176.78.28
May  5 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: input_userauth_request: invalid user zabbix [preauth]
May  5 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Failed password for root from 190.103.202.7 port 42318 ssh2
May  5 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Connection closed by 190.103.202.7 port 42318 [preauth]
May  5 10:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Failed password for invalid user zabbix from 103.176.78.28 port 45872 ssh2
May  5 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Received disconnect from 103.176.78.28 port 45872:11: Bye Bye [preauth]
May  5 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Disconnected from 103.176.78.28 port 45872 [preauth]
May  5 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6099]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4589]: pam_unix(cron:session): session closed for user root
May  5 10:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Invalid user ircd from 45.176.12.6
May  5 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: input_userauth_request: invalid user ircd [preauth]
May  5 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user p13x
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: Successful su for rubyman by root
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: + ??? root:rubyman
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333426 of user rubyman.
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6285]: pam_unix(su:session): session closed for user rubyman
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333426.
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Failed password for invalid user ircd from 45.176.12.6 port 58946 ssh2
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Received disconnect from 45.176.12.6 port 58946:11: Bye Bye [preauth]
May  5 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Disconnected from 45.176.12.6 port 58946 [preauth]
May  5 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session closed for user root
May  5 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user samftp
May  5 10:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Invalid user zou from 61.222.211.114
May  5 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: input_userauth_request: invalid user zou [preauth]
May  5 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Failed password for invalid user zou from 61.222.211.114 port 39138 ssh2
May  5 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Received disconnect from 61.222.211.114 port 39138:11: Bye Bye [preauth]
May  5 10:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Disconnected from 61.222.211.114 port 39138 [preauth]
May  5 10:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session closed for user root
May  5 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user p13x
May  5 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: Successful su for rubyman by root
May  5 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: + ??? root:rubyman
May  5 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333432 of user rubyman.
May  5 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: pam_unix(su:session): session closed for user rubyman
May  5 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333432.
May  5 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session closed for user root
May  5 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user samftp
May  5 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Invalid user liuzy from 128.251.119.173
May  5 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: input_userauth_request: invalid user liuzy [preauth]
May  5 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173
May  5 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Failed password for invalid user liuzy from 128.251.119.173 port 8768 ssh2
May  5 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6875]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Failed password for root from 46.25.236.192 port 43240 ssh2
May  5 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Received disconnect from 46.25.236.192 port 43240:11: Bye Bye [preauth]
May  5 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Disconnected from 46.25.236.192 port 43240 [preauth]
May  5 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Invalid user ftpuser from 190.60.51.173
May  5 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: input_userauth_request: invalid user ftpuser [preauth]
May  5 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5713]: pam_unix(cron:session): session closed for user root
May  5 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Failed password for invalid user ftpuser from 190.60.51.173 port 59212 ssh2
May  5 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Received disconnect from 190.60.51.173 port 59212:11: Bye Bye [preauth]
May  5 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Disconnected from 190.60.51.173 port 59212 [preauth]
May  5 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: Invalid user windows from 185.213.174.209
May  5 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: input_userauth_request: invalid user windows [preauth]
May  5 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: Failed password for invalid user windows from 185.213.174.209 port 51934 ssh2
May  5 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: Received disconnect from 185.213.174.209 port 51934:11: Bye Bye [preauth]
May  5 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7093]: Disconnected from 185.213.174.209 port 51934 [preauth]
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7158]: pam_unix(cron:session): session closed for user root
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7153]: pam_unix(cron:session): session closed for user p13x
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7225]: Successful su for rubyman by root
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7225]: + ??? root:rubyman
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333437 of user rubyman.
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7225]: pam_unix(su:session): session closed for user rubyman
May  5 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333437.
May  5 10:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7155]: pam_unix(cron:session): session closed for user root
May  5 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4018]: pam_unix(cron:session): session closed for user root
May  5 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7154]: pam_unix(cron:session): session closed for user samftp
May  5 10:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for root from 218.92.0.179 port 20061 ssh2
May  5 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for root from 218.92.0.179 port 20061 ssh2
May  5 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6224]: pam_unix(cron:session): session closed for user root
May  5 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for root from 218.92.0.179 port 20061 ssh2
May  5 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Received disconnect from 218.92.0.179 port 20061:11:  [preauth]
May  5 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Disconnected from 218.92.0.179 port 20061 [preauth]
May  5 10:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Invalid user xrp from 193.32.162.134
May  5 10:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: input_userauth_request: invalid user xrp [preauth]
May  5 10:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Failed password for invalid user xrp from 193.32.162.134 port 50676 ssh2
May  5 10:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Connection closed by 193.32.162.134 port 50676 [preauth]
May  5 10:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: Invalid user lora from 119.160.193.12
May  5 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: input_userauth_request: invalid user lora [preauth]
May  5 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 10:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: Failed password for invalid user lora from 119.160.193.12 port 36920 ssh2
May  5 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: Received disconnect from 119.160.193.12 port 36920:11: Bye Bye [preauth]
May  5 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7667]: Disconnected from 119.160.193.12 port 36920 [preauth]
May  5 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7681]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7692]: pam_unix(cron:session): session closed for user p13x
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: Successful su for rubyman by root
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: + ??? root:rubyman
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333441 of user rubyman.
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7775]: pam_unix(su:session): session closed for user rubyman
May  5 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333441.
May  5 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4586]: pam_unix(cron:session): session closed for user root
May  5 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7693]: pam_unix(cron:session): session closed for user samftp
May  5 10:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Failed password for root from 176.31.162.135 port 33144 ssh2
May  5 10:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Connection closed by 176.31.162.135 port 33144 [preauth]
May  5 10:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Invalid user yuxiang from 195.211.44.138
May  5 10:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: input_userauth_request: invalid user yuxiang [preauth]
May  5 10:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Failed password for invalid user yuxiang from 195.211.44.138 port 49670 ssh2
May  5 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Received disconnect from 195.211.44.138 port 49670:11: Bye Bye [preauth]
May  5 10:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Disconnected from 195.211.44.138 port 49670 [preauth]
May  5 10:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6620]: pam_unix(cron:session): session closed for user root
May  5 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Failed password for root from 46.101.74.125 port 37312 ssh2
May  5 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Received disconnect from 46.101.74.125 port 37312:11: Bye Bye [preauth]
May  5 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8037]: Disconnected from 46.101.74.125 port 37312 [preauth]
May  5 10:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 10:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: Failed password for root from 218.92.0.179 port 55619 ssh2
May  5 10:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8105]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55619 ssh2]
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session closed for user p13x
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8208]: Successful su for rubyman by root
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8208]: + ??? root:rubyman
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333445 of user rubyman.
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8208]: pam_unix(su:session): session closed for user rubyman
May  5 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333445.
May  5 10:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5228]: pam_unix(cron:session): session closed for user root
May  5 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8136]: pam_unix(cron:session): session closed for user samftp
May  5 10:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: Invalid user nhat from 45.176.12.6
May  5 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: input_userauth_request: invalid user nhat [preauth]
May  5 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 10:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: Failed password for invalid user nhat from 45.176.12.6 port 34976 ssh2
May  5 10:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: Received disconnect from 45.176.12.6 port 34976:11: Bye Bye [preauth]
May  5 10:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: Disconnected from 45.176.12.6 port 34976 [preauth]
May  5 10:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7157]: pam_unix(cron:session): session closed for user root
May  5 10:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session closed for user p13x
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8635]: Successful su for rubyman by root
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8635]: + ??? root:rubyman
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333451 of user rubyman.
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8635]: pam_unix(su:session): session closed for user rubyman
May  5 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333451.
May  5 10:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session closed for user root
May  5 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session closed for user samftp
May  5 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7697]: pam_unix(cron:session): session closed for user root
May  5 10:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Invalid user sheepdog from 103.176.78.28
May  5 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: input_userauth_request: invalid user sheepdog [preauth]
May  5 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 10:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Failed password for invalid user sheepdog from 103.176.78.28 port 39472 ssh2
May  5 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Received disconnect from 103.176.78.28 port 39472:11: Bye Bye [preauth]
May  5 10:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8970]: Disconnected from 103.176.78.28 port 39472 [preauth]
May  5 10:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114  user=root
May  5 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Failed password for root from 61.222.211.114 port 52622 ssh2
May  5 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Received disconnect from 61.222.211.114 port 52622:11: Bye Bye [preauth]
May  5 10:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8980]: Disconnected from 61.222.211.114 port 52622 [preauth]
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8993]: pam_unix(cron:session): session closed for user p13x
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9056]: Successful su for rubyman by root
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9056]: + ??? root:rubyman
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333452 of user rubyman.
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9056]: pam_unix(su:session): session closed for user rubyman
May  5 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333452.
May  5 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session closed for user root
May  5 10:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session closed for user samftp
May  5 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209  user=root
May  5 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Failed password for root from 185.213.174.209 port 49308 ssh2
May  5 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Received disconnect from 185.213.174.209 port 49308:11: Bye Bye [preauth]
May  5 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Disconnected from 185.213.174.209 port 49308 [preauth]
May  5 10:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.251.119.173  user=root
May  5 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for root from 128.251.119.173 port 8768 ssh2
May  5 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Received disconnect from 128.251.119.173 port 8768:11: Bye Bye [preauth]
May  5 10:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Disconnected from 128.251.119.173 port 8768 [preauth]
May  5 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session closed for user root
May  5 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Failed password for root from 190.60.51.173 port 38160 ssh2
May  5 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Received disconnect from 190.60.51.173 port 38160:11: Bye Bye [preauth]
May  5 10:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Disconnected from 190.60.51.173 port 38160 [preauth]
May  5 10:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 10:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Invalid user yan from 46.25.236.192
May  5 10:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: input_userauth_request: invalid user yan [preauth]
May  5 10:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: pam_unix(sshd:auth): check pass; user unknown
May  5 10:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 10:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Failed password for invalid user yan from 46.25.236.192 port 51578 ssh2
May  5 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Received disconnect from 46.25.236.192 port 51578:11: Bye Bye [preauth]
May  5 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9471]: Disconnected from 46.25.236.192 port 51578 [preauth]
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9526]: pam_unix(cron:session): session closed for user root
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session closed for user root
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9520]: pam_unix(cron:session): session closed for user p13x
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: Successful su for rubyman by root
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: + ??? root:rubyman
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333460 of user rubyman.
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9612]: pam_unix(su:session): session closed for user rubyman
May  5 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333460.
May  5 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session closed for user root
May  5 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session closed for user root
May  5 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9521]: pam_unix(cron:session): session closed for user samftp
May  5 11:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session closed for user root
May  5 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Connection closed by 197.148.6.162 port 48674 [preauth]
May  5 11:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Invalid user mutua from 46.101.74.125
May  5 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: input_userauth_request: invalid user mutua [preauth]
May  5 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Failed password for invalid user mutua from 46.101.74.125 port 55588 ssh2
May  5 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Received disconnect from 46.101.74.125 port 55588:11: Bye Bye [preauth]
May  5 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10002]: Disconnected from 46.101.74.125 port 55588 [preauth]
May  5 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10031]: pam_unix(cron:session): session closed for user p13x
May  5 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: Successful su for rubyman by root
May  5 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: + ??? root:rubyman
May  5 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333463 of user rubyman.
May  5 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10102]: pam_unix(su:session): session closed for user rubyman
May  5 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333463.
May  5 11:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7156]: pam_unix(cron:session): session closed for user root
May  5 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10033]: pam_unix(cron:session): session closed for user samftp
May  5 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 11:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10396]: Failed password for root from 119.160.193.12 port 34190 ssh2
May  5 11:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10396]: Received disconnect from 119.160.193.12 port 34190:11: Bye Bye [preauth]
May  5 11:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10396]: Disconnected from 119.160.193.12 port 34190 [preauth]
May  5 11:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 11:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Failed password for root from 195.211.44.138 port 49792 ssh2
May  5 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Received disconnect from 195.211.44.138 port 49792:11: Bye Bye [preauth]
May  5 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10418]: Disconnected from 195.211.44.138 port 49792 [preauth]
May  5 11:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session closed for user root
May  5 11:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Invalid user ftpuser from 45.176.12.6
May  5 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: input_userauth_request: invalid user ftpuser [preauth]
May  5 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Failed password for invalid user ftpuser from 45.176.12.6 port 52364 ssh2
May  5 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Received disconnect from 45.176.12.6 port 52364:11: Bye Bye [preauth]
May  5 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10482]: Disconnected from 45.176.12.6 port 52364 [preauth]
May  5 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Invalid user r from 195.178.110.50
May  5 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: input_userauth_request: invalid user r [preauth]
May  5 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Failed password for invalid user r from 195.178.110.50 port 11310 ssh2
May  5 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Connection closed by 195.178.110.50 port 11310 [preauth]
May  5 11:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Invalid user ada from 193.32.162.134
May  5 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: input_userauth_request: invalid user ada [preauth]
May  5 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session closed for user p13x
May  5 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10631]: Successful su for rubyman by root
May  5 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10631]: + ??? root:rubyman
May  5 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333468 of user rubyman.
May  5 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10631]: pam_unix(su:session): session closed for user rubyman
May  5 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333468.
May  5 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Failed password for invalid user ada from 193.32.162.134 port 34496 ssh2
May  5 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Invalid user S from 195.178.110.50
May  5 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: input_userauth_request: invalid user S [preauth]
May  5 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 193.32.162.134 port 34496 [preauth]
May  5 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7694]: pam_unix(cron:session): session closed for user root
May  5 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Failed password for invalid user S from 195.178.110.50 port 26698 ssh2
May  5 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10552]: pam_unix(cron:session): session closed for user samftp
May  5 11:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10528]: Connection closed by 195.178.110.50 port 26698 [preauth]
May  5 11:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Invalid user 4 from 195.178.110.50
May  5 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: input_userauth_request: invalid user 4 [preauth]
May  5 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Failed password for invalid user 4 from 195.178.110.50 port 36026 ssh2
May  5 11:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10861]: Connection closed by 195.178.110.50 port 36026 [preauth]
May  5 11:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session closed for user root
May  5 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Invalid user s from 195.178.110.50
May  5 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: input_userauth_request: invalid user s [preauth]
May  5 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Failed password for invalid user s from 195.178.110.50 port 24286 ssh2
May  5 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10921]: Connection closed by 195.178.110.50 port 24286 [preauth]
May  5 11:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11008]: pam_unix(cron:session): session closed for user p13x
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11071]: Successful su for rubyman by root
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11071]: + ??? root:rubyman
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333471 of user rubyman.
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11071]: pam_unix(su:session): session closed for user rubyman
May  5 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333471.
May  5 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8137]: pam_unix(cron:session): session closed for user root
May  5 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11009]: pam_unix(cron:session): session closed for user samftp
May  5 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Invalid user T from 195.178.110.50
May  5 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: input_userauth_request: invalid user T [preauth]
May  5 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Failed password for invalid user T from 195.178.110.50 port 45842 ssh2
May  5 11:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10986]: Connection closed by 195.178.110.50 port 45842 [preauth]
May  5 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10035]: pam_unix(cron:session): session closed for user root
May  5 11:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Invalid user nhat from 185.213.174.209
May  5 11:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: input_userauth_request: invalid user nhat [preauth]
May  5 11:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Failed password for root from 218.92.0.179 port 38794 ssh2
May  5 11:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Failed password for invalid user nhat from 185.213.174.209 port 39500 ssh2
May  5 11:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Received disconnect from 185.213.174.209 port 39500:11: Bye Bye [preauth]
May  5 11:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11370]: Disconnected from 185.213.174.209 port 39500 [preauth]
May  5 11:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Failed password for root from 218.92.0.179 port 38794 ssh2
May  5 11:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11356]: Failed password for root from 218.92.0.179 port 38794 ssh2
May  5 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11407]: pam_unix(cron:session): session closed for user p13x
May  5 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11470]: Successful su for rubyman by root
May  5 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11470]: + ??? root:rubyman
May  5 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333476 of user rubyman.
May  5 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11470]: pam_unix(su:session): session closed for user rubyman
May  5 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333476.
May  5 11:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session closed for user root
May  5 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11408]: pam_unix(cron:session): session closed for user samftp
May  5 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: Invalid user jongbhak from 61.222.211.114
May  5 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: input_userauth_request: invalid user jongbhak [preauth]
May  5 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 11:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: Failed password for invalid user jongbhak from 61.222.211.114 port 50372 ssh2
May  5 11:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: Received disconnect from 61.222.211.114 port 50372:11: Bye Bye [preauth]
May  5 11:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11688]: Disconnected from 61.222.211.114 port 50372 [preauth]
May  5 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10555]: pam_unix(cron:session): session closed for user root
May  5 11:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Invalid user windows from 46.25.236.192
May  5 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: input_userauth_request: invalid user windows [preauth]
May  5 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Failed password for invalid user windows from 46.25.236.192 port 59908 ssh2
May  5 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Received disconnect from 46.25.236.192 port 59908:11: Bye Bye [preauth]
May  5 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Disconnected from 46.25.236.192 port 59908 [preauth]
May  5 11:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173  user=root
May  5 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11800]: Failed password for root from 190.60.51.173 port 40680 ssh2
May  5 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11800]: Received disconnect from 190.60.51.173 port 40680:11: Bye Bye [preauth]
May  5 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11800]: Disconnected from 190.60.51.173 port 40680 [preauth]
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session closed for user root
May  5 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11813]: pam_unix(cron:session): session closed for user p13x
May  5 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11880]: Successful su for rubyman by root
May  5 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11880]: + ??? root:rubyman
May  5 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333483 of user rubyman.
May  5 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11880]: pam_unix(su:session): session closed for user rubyman
May  5 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333483.
May  5 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session closed for user root
May  5 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11815]: pam_unix(cron:session): session closed for user root
May  5 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11814]: pam_unix(cron:session): session closed for user samftp
May  5 11:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Failed password for root from 46.101.74.125 port 60966 ssh2
May  5 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Received disconnect from 46.101.74.125 port 60966:11: Bye Bye [preauth]
May  5 11:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Disconnected from 46.101.74.125 port 60966 [preauth]
May  5 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Invalid user ttx from 103.176.78.28
May  5 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: input_userauth_request: invalid user ttx [preauth]
May  5 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 11:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Failed password for invalid user ttx from 103.176.78.28 port 50834 ssh2
May  5 11:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Received disconnect from 103.176.78.28 port 50834:11: Bye Bye [preauth]
May  5 11:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12112]: Disconnected from 103.176.78.28 port 50834 [preauth]
May  5 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11011]: pam_unix(cron:session): session closed for user root
May  5 11:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Invalid user user from 45.176.12.6
May  5 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: input_userauth_request: invalid user user [preauth]
May  5 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 11:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Failed password for invalid user user from 45.176.12.6 port 55050 ssh2
May  5 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Received disconnect from 45.176.12.6 port 55050:11: Bye Bye [preauth]
May  5 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12220]: Disconnected from 45.176.12.6 port 55050 [preauth]
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user p13x
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12313]: Successful su for rubyman by root
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12313]: + ??? root:rubyman
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333485 of user rubyman.
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12313]: pam_unix(su:session): session closed for user rubyman
May  5 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333485.
May  5 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session closed for user root
May  5 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user samftp
May  5 11:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Invalid user mike from 195.211.44.138
May  5 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: input_userauth_request: invalid user mike [preauth]
May  5 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Failed password for invalid user mike from 195.211.44.138 port 49914 ssh2
May  5 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Received disconnect from 195.211.44.138 port 49914:11: Bye Bye [preauth]
May  5 11:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12554]: Disconnected from 195.211.44.138 port 49914 [preauth]
May  5 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11410]: pam_unix(cron:session): session closed for user root
May  5 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Invalid user email from 119.160.193.12
May  5 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: input_userauth_request: invalid user email [preauth]
May  5 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Failed password for invalid user email from 119.160.193.12 port 49950 ssh2
May  5 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Received disconnect from 119.160.193.12 port 49950:11: Bye Bye [preauth]
May  5 11:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Disconnected from 119.160.193.12 port 49950 [preauth]
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12649]: pam_unix(cron:session): session closed for user p13x
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12711]: Successful su for rubyman by root
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12711]: + ??? root:rubyman
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333489 of user rubyman.
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12711]: pam_unix(su:session): session closed for user rubyman
May  5 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333489.
May  5 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10034]: pam_unix(cron:session): session closed for user root
May  5 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12650]: pam_unix(cron:session): session closed for user samftp
May  5 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11817]: pam_unix(cron:session): session closed for user root
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13042]: pam_unix(cron:session): session closed for user p13x
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: Successful su for rubyman by root
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: + ??? root:rubyman
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333495 of user rubyman.
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13104]: pam_unix(su:session): session closed for user rubyman
May  5 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333495.
May  5 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10553]: pam_unix(cron:session): session closed for user root
May  5 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13044]: pam_unix(cron:session): session closed for user samftp
May  5 11:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Invalid user postgres from 185.213.174.209
May  5 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: input_userauth_request: invalid user postgres [preauth]
May  5 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Failed password for invalid user postgres from 185.213.174.209 port 56040 ssh2
May  5 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Received disconnect from 185.213.174.209 port 56040:11: Bye Bye [preauth]
May  5 11:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Disconnected from 185.213.174.209 port 56040 [preauth]
May  5 11:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Invalid user sol from 193.32.162.134
May  5 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: input_userauth_request: invalid user sol [preauth]
May  5 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Failed password for invalid user sol from 193.32.162.134 port 46546 ssh2
May  5 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13321]: Connection closed by 193.32.162.134 port 46546 [preauth]
May  5 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12239]: pam_unix(cron:session): session closed for user root
May  5 11:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session closed for user p13x
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: Successful su for rubyman by root
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: + ??? root:rubyman
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333499 of user rubyman.
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session closed for user rubyman
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333499.
May  5 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Failed password for root from 185.93.89.118 port 43934 ssh2
May  5 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session closed for user root
May  5 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11010]: pam_unix(cron:session): session closed for user root
May  5 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13414]: Connection closed by 185.93.89.118 port 43934 [preauth]
May  5 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session closed for user samftp
May  5 11:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Failed password for root from 218.92.0.179 port 44844 ssh2
May  5 11:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Failed password for root from 218.92.0.179 port 44844 ssh2
May  5 11:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: Failed password for root from 185.93.89.118 port 63102 ssh2
May  5 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Failed password for root from 218.92.0.179 port 44844 ssh2
May  5 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Received disconnect from 218.92.0.179 port 44844:11:  [preauth]
May  5 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Disconnected from 218.92.0.179 port 44844 [preauth]
May  5 11:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: Connection closed by 185.93.89.118 port 63102 [preauth]
May  5 11:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Failed password for root from 185.93.89.118 port 20746 ssh2
May  5 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session closed for user root
May  5 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Connection closed by 185.93.89.118 port 20746 [preauth]
May  5 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Failed password for root from 46.101.74.125 port 45260 ssh2
May  5 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Received disconnect from 46.101.74.125 port 45260:11: Bye Bye [preauth]
May  5 11:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Disconnected from 46.101.74.125 port 45260 [preauth]
May  5 11:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Invalid user wangdd from 193.70.84.184
May  5 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: input_userauth_request: invalid user wangdd [preauth]
May  5 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: Invalid user ravi from 61.222.211.114
May  5 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: input_userauth_request: invalid user ravi [preauth]
May  5 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Failed password for invalid user wangdd from 193.70.84.184 port 33178 ssh2
May  5 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14028]: Connection closed by 193.70.84.184 port 33178 [preauth]
May  5 11:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for root from 185.93.89.118 port 41916 ssh2
May  5 11:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: Failed password for invalid user ravi from 61.222.211.114 port 50172 ssh2
May  5 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: Received disconnect from 61.222.211.114 port 50172:11: Bye Bye [preauth]
May  5 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14037]: Disconnected from 61.222.211.114 port 50172 [preauth]
May  5 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 185.93.89.118 port 41916 [preauth]
May  5 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session closed for user root
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14063]: pam_unix(cron:session): session closed for user p13x
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: Successful su for rubyman by root
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: + ??? root:rubyman
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333502 of user rubyman.
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14130]: pam_unix(su:session): session closed for user rubyman
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333502.
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Invalid user ftpuser from 46.25.236.192
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: input_userauth_request: invalid user ftpuser [preauth]
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session closed for user root
May  5 11:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Failed password for invalid user ftpuser from 46.25.236.192 port 40020 ssh2
May  5 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Received disconnect from 46.25.236.192 port 40020:11: Bye Bye [preauth]
May  5 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Disconnected from 46.25.236.192 port 40020 [preauth]
May  5 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session closed for user root
May  5 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session closed for user samftp
May  5 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: Failed password for root from 185.93.89.118 port 4480 ssh2
May  5 11:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14040]: Connection closed by 185.93.89.118 port 4480 [preauth]
May  5 11:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Invalid user server from 190.60.51.173
May  5 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: input_userauth_request: invalid user server [preauth]
May  5 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Failed password for invalid user server from 190.60.51.173 port 39176 ssh2
May  5 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Received disconnect from 190.60.51.173 port 39176:11: Bye Bye [preauth]
May  5 11:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14362]: Disconnected from 190.60.51.173 port 39176 [preauth]
May  5 11:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Failed password for root from 45.176.12.6 port 37330 ssh2
May  5 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Received disconnect from 45.176.12.6 port 37330:11: Bye Bye [preauth]
May  5 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Disconnected from 45.176.12.6 port 37330 [preauth]
May  5 11:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13046]: pam_unix(cron:session): session closed for user root
May  5 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session closed for user p13x
May  5 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14564]: Successful su for rubyman by root
May  5 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14564]: + ??? root:rubyman
May  5 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333508 of user rubyman.
May  5 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14564]: pam_unix(su:session): session closed for user rubyman
May  5 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333508.
May  5 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session closed for user root
May  5 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session closed for user samftp
May  5 11:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Invalid user devops from 195.211.44.138
May  5 11:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: input_userauth_request: invalid user devops [preauth]
May  5 11:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user devops from 195.211.44.138 port 50042 ssh2
May  5 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Received disconnect from 195.211.44.138 port 50042:11: Bye Bye [preauth]
May  5 11:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Disconnected from 195.211.44.138 port 50042 [preauth]
May  5 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user root
May  5 11:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Invalid user lab from 103.176.78.28
May  5 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: input_userauth_request: invalid user lab [preauth]
May  5 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 11:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Failed password for invalid user lab from 103.176.78.28 port 46142 ssh2
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Received disconnect from 103.176.78.28 port 46142:11: Bye Bye [preauth]
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14884]: Disconnected from 103.176.78.28 port 46142 [preauth]
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: Invalid user malik from 119.160.193.12
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: input_userauth_request: invalid user malik [preauth]
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 11:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: Failed password for invalid user malik from 119.160.193.12 port 58396 ssh2
May  5 11:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: Received disconnect from 119.160.193.12 port 58396:11: Bye Bye [preauth]
May  5 11:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14887]: Disconnected from 119.160.193.12 port 58396 [preauth]
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14915]: pam_unix(cron:session): session closed for user p13x
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14979]: Successful su for rubyman by root
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14979]: + ??? root:rubyman
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333513 of user rubyman.
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14979]: pam_unix(su:session): session closed for user rubyman
May  5 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333513.
May  5 11:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user root
May  5 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14916]: pam_unix(cron:session): session closed for user samftp
May  5 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: Invalid user user from 50.235.31.47
May  5 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: input_userauth_request: invalid user user [preauth]
May  5 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: Failed password for invalid user user from 50.235.31.47 port 41040 ssh2
May  5 11:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15197]: Connection closed by 50.235.31.47 port 41040 [preauth]
May  5 11:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Invalid user malik from 185.213.174.209
May  5 11:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: input_userauth_request: invalid user malik [preauth]
May  5 11:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Failed password for invalid user malik from 185.213.174.209 port 60750 ssh2
May  5 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Received disconnect from 185.213.174.209 port 60750:11: Bye Bye [preauth]
May  5 11:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15223]: Disconnected from 185.213.174.209 port 60750 [preauth]
May  5 11:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Invalid user jiaxiao from 116.193.191.90
May  5 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: input_userauth_request: invalid user jiaxiao [preauth]
May  5 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session closed for user root
May  5 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Failed password for invalid user jiaxiao from 116.193.191.90 port 45228 ssh2
May  5 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Received disconnect from 116.193.191.90 port 45228:11: Bye Bye [preauth]
May  5 11:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15235]: Disconnected from 116.193.191.90 port 45228 [preauth]
May  5 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session closed for user p13x
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15386]: Successful su for rubyman by root
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15386]: + ??? root:rubyman
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333517 of user rubyman.
May  5 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15386]: pam_unix(su:session): session closed for user rubyman
May  5 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333517.
May  5 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15321]: Connection closed by 172.104.11.51 port 9292 [preauth]
May  5 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 172.104.11.51 port 9304 [preauth]
May  5 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12651]: pam_unix(cron:session): session closed for user root
May  5 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15526]: fatal: Unable to negotiate with 172.104.11.51 port 9318: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  5 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15325]: pam_unix(cron:session): session closed for user samftp
May  5 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14497]: pam_unix(cron:session): session closed for user root
May  5 11:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Invalid user mike from 46.101.74.125
May  5 11:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: input_userauth_request: invalid user mike [preauth]
May  5 11:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 11:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Failed password for invalid user mike from 46.101.74.125 port 36296 ssh2
May  5 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Received disconnect from 46.101.74.125 port 36296:11: Bye Bye [preauth]
May  5 11:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15700]: Disconnected from 46.101.74.125 port 36296 [preauth]
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session closed for user p13x
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: Successful su for rubyman by root
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: + ??? root:rubyman
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333521 of user rubyman.
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15784]: pam_unix(su:session): session closed for user rubyman
May  5 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333521.
May  5 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13045]: pam_unix(cron:session): session closed for user root
May  5 11:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session closed for user samftp
May  5 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14919]: pam_unix(cron:session): session closed for user root
May  5 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Invalid user doge from 193.32.162.134
May  5 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: input_userauth_request: invalid user doge [preauth]
May  5 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Failed password for invalid user doge from 193.32.162.134 port 58598 ssh2
May  5 11:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Connection closed by 193.32.162.134 port 58598 [preauth]
May  5 11:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Failed password for root from 45.176.12.6 port 39204 ssh2
May  5 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Received disconnect from 45.176.12.6 port 39204:11: Bye Bye [preauth]
May  5 11:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Disconnected from 45.176.12.6 port 39204 [preauth]
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16115]: pam_unix(cron:session): session closed for user root
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16110]: pam_unix(cron:session): session closed for user p13x
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: Successful su for rubyman by root
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: + ??? root:rubyman
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333524 of user rubyman.
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16178]: pam_unix(su:session): session closed for user rubyman
May  5 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333524.
May  5 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16112]: pam_unix(cron:session): session closed for user root
May  5 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user root
May  5 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16111]: pam_unix(cron:session): session closed for user samftp
May  5 11:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: Invalid user kudrethoxha from 46.25.236.192
May  5 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: input_userauth_request: invalid user kudrethoxha [preauth]
May  5 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 11:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Invalid user admin from 61.222.211.114
May  5 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: input_userauth_request: invalid user admin [preauth]
May  5 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: Failed password for invalid user kudrethoxha from 46.25.236.192 port 48356 ssh2
May  5 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: Received disconnect from 46.25.236.192 port 48356:11: Bye Bye [preauth]
May  5 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16382]: Disconnected from 46.25.236.192 port 48356 [preauth]
May  5 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Failed password for invalid user admin from 61.222.211.114 port 47908 ssh2
May  5 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Received disconnect from 61.222.211.114 port 47908:11: Bye Bye [preauth]
May  5 11:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16397]: Disconnected from 61.222.211.114 port 47908 [preauth]
May  5 11:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16441]: Did not receive identification string from 223.108.170.210
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Invalid user danny from 190.60.51.173
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: input_userauth_request: invalid user danny [preauth]
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Failed password for invalid user danny from 190.60.51.173 port 42882 ssh2
May  5 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Received disconnect from 190.60.51.173 port 42882:11: Bye Bye [preauth]
May  5 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16442]: Disconnected from 190.60.51.173 port 42882 [preauth]
May  5 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15327]: pam_unix(cron:session): session closed for user root
May  5 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Failed password for root from 223.108.170.210 port 2154 ssh2
May  5 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16461]: Connection closed by 223.108.170.210 port 2154 [preauth]
May  5 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: Failed password for root from 223.108.170.210 port 2155 ssh2
May  5 11:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16513]: Connection closed by 223.108.170.210 port 2155 [preauth]
May  5 11:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: Failed password for root from 223.108.170.210 port 2156 ssh2
May  5 11:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16556]: Connection closed by 223.108.170.210 port 2156 [preauth]
May  5 11:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16570]: Failed password for root from 223.108.170.210 port 2157 ssh2
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16594]: pam_unix(cron:session): session closed for user p13x
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: Successful su for rubyman by root
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: + ??? root:rubyman
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333530 of user rubyman.
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16674]: pam_unix(su:session): session closed for user rubyman
May  5 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333530.
May  5 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16570]: Connection closed by 223.108.170.210 port 2157 [preauth]
May  5 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session closed for user root
May  5 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16595]: pam_unix(cron:session): session closed for user samftp
May  5 11:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Failed password for root from 223.108.170.210 port 2158 ssh2
May  5 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Invalid user jhchoi from 117.216.143.31
May  5 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: input_userauth_request: invalid user jhchoi [preauth]
May  5 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16744]: Connection closed by 223.108.170.210 port 2158 [preauth]
May  5 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Failed password for invalid user jhchoi from 117.216.143.31 port 38812 ssh2
May  5 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Received disconnect from 117.216.143.31 port 38812:11: Bye Bye [preauth]
May  5 11:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16863]: Disconnected from 117.216.143.31 port 38812 [preauth]
May  5 11:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for root from 223.108.170.210 port 2159 ssh2
May  5 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Connection closed by 223.108.170.210 port 2159 [preauth]
May  5 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: Invalid user lbx from 195.211.44.138
May  5 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: input_userauth_request: invalid user lbx [preauth]
May  5 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: Failed password for invalid user lbx from 195.211.44.138 port 50162 ssh2
May  5 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: Received disconnect from 195.211.44.138 port 50162:11: Bye Bye [preauth]
May  5 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16930]: Disconnected from 195.211.44.138 port 50162 [preauth]
May  5 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 223.108.170.210 port 2160 ssh2
May  5 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Connection closed by 223.108.170.210 port 2160 [preauth]
May  5 11:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15723]: pam_unix(cron:session): session closed for user root
May  5 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for root from 223.108.170.210 port 2161 ssh2
May  5 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Connection closed by 223.108.170.210 port 2161 [preauth]
May  5 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Failed password for root from 223.108.170.210 port 2162 ssh2
May  5 11:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16996]: Connection closed by 223.108.170.210 port 2162 [preauth]
May  5 11:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Failed password for root from 223.108.170.210 port 2163 ssh2
May  5 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Connection closed by 223.108.170.210 port 2163 [preauth]
May  5 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: Invalid user danny from 185.213.174.209
May  5 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: input_userauth_request: invalid user danny [preauth]
May  5 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 11:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: Failed password for invalid user danny from 185.213.174.209 port 60278 ssh2
May  5 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: Received disconnect from 185.213.174.209 port 60278:11: Bye Bye [preauth]
May  5 11:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17038]: Disconnected from 185.213.174.209 port 60278 [preauth]
May  5 11:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Failed password for root from 223.108.170.210 port 2164 ssh2
May  5 11:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17040]: Connection closed by 223.108.170.210 port 2164 [preauth]
May  5 11:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session closed for user root
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17064]: pam_unix(cron:session): session closed for user p13x
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17129]: Successful su for rubyman by root
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17129]: + ??? root:rubyman
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333535 of user rubyman.
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17129]: pam_unix(su:session): session closed for user rubyman
May  5 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333535.
May  5 11:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session closed for user root
May  5 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17060]: Failed password for root from 223.108.170.210 port 2165 ssh2
May  5 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17065]: pam_unix(cron:session): session closed for user samftp
May  5 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17060]: Connection closed by 223.108.170.210 port 2165 [preauth]
May  5 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for root from 223.108.170.210 port 2166 ssh2
May  5 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: Invalid user ftpuser from 119.160.193.12
May  5 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: input_userauth_request: invalid user ftpuser [preauth]
May  5 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 11:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Connection closed by 223.108.170.210 port 2166 [preauth]
May  5 11:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: Failed password for invalid user ftpuser from 119.160.193.12 port 37292 ssh2
May  5 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: Received disconnect from 119.160.193.12 port 37292:11: Bye Bye [preauth]
May  5 11:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17327]: Disconnected from 119.160.193.12 port 37292 [preauth]
May  5 11:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Failed password for root from 223.108.170.210 port 2167 ssh2
May  5 11:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17349]: Connection closed by 223.108.170.210 port 2167 [preauth]
May  5 11:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Failed password for root from 223.108.170.210 port 2168 ssh2
May  5 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17372]: Connection closed by 223.108.170.210 port 2168 [preauth]
May  5 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16114]: pam_unix(cron:session): session closed for user root
May  5 11:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Failed password for root from 223.108.170.210 port 2169 ssh2
May  5 11:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17391]: Connection closed by 223.108.170.210 port 2169 [preauth]
May  5 11:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Failed password for root from 223.108.170.210 port 2170 ssh2
May  5 11:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17425]: Connection closed by 223.108.170.210 port 2170 [preauth]
May  5 11:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Failed password for root from 223.108.170.210 port 2171 ssh2
May  5 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17461]: Connection closed by 223.108.170.210 port 2171 [preauth]
May  5 11:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session closed for user p13x
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: Successful su for rubyman by root
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: + ??? root:rubyman
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333539 of user rubyman.
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session closed for user rubyman
May  5 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333539.
May  5 11:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14918]: pam_unix(cron:session): session closed for user root
May  5 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: Failed password for root from 223.108.170.210 port 2172 ssh2
May  5 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session closed for user samftp
May  5 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: Connection closed by 223.108.170.210 port 2172 [preauth]
May  5 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Failed password for root from 46.101.74.125 port 58256 ssh2
May  5 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Received disconnect from 46.101.74.125 port 58256:11: Bye Bye [preauth]
May  5 11:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17783]: Disconnected from 46.101.74.125 port 58256 [preauth]
May  5 11:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: Failed password for root from 223.108.170.210 port 2173 ssh2
May  5 11:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17748]: Connection closed by 223.108.170.210 port 2173 [preauth]
May  5 11:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28  user=root
May  5 11:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: Failed password for root from 103.176.78.28 port 57494 ssh2
May  5 11:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: Received disconnect from 103.176.78.28 port 57494:11: Bye Bye [preauth]
May  5 11:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17789]: Disconnected from 103.176.78.28 port 57494 [preauth]
May  5 11:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Failed password for root from 223.108.170.210 port 2174 ssh2
May  5 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17894]: Connection closed by 223.108.170.210 port 2174 [preauth]
May  5 11:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Failed password for root from 223.108.170.210 port 2175 ssh2
May  5 11:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17906]: Connection closed by 223.108.170.210 port 2175 [preauth]
May  5 11:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16601]: pam_unix(cron:session): session closed for user root
May  5 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17943]: Failed password for root from 223.108.170.210 port 2176 ssh2
May  5 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17943]: Connection closed by 223.108.170.210 port 2176 [preauth]
May  5 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for root from 223.108.170.210 port 2177 ssh2
May  5 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Connection closed by 223.108.170.210 port 2177 [preauth]
May  5 11:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18010]: Failed password for root from 223.108.170.210 port 2178 ssh2
May  5 11:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18010]: Connection closed by 223.108.170.210 port 2178 [preauth]
May  5 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Invalid user test from 80.94.95.125
May  5 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: input_userauth_request: invalid user test [preauth]
May  5 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user test from 80.94.95.125 port 32501 ssh2
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Invalid user gitlab-runner from 117.216.143.31
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user test from 80.94.95.125 port 32501 ssh2
May  5 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Failed password for invalid user gitlab-runner from 117.216.143.31 port 42064 ssh2
May  5 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Failed password for root from 45.176.12.6 port 59206 ssh2
May  5 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Received disconnect from 117.216.143.31 port 42064:11: Bye Bye [preauth]
May  5 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18039]: Disconnected from 117.216.143.31 port 42064 [preauth]
May  5 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Received disconnect from 45.176.12.6 port 59206:11: Bye Bye [preauth]
May  5 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Disconnected from 45.176.12.6 port 59206 [preauth]
May  5 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18055]: pam_unix(cron:session): session closed for user p13x
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18121]: Successful su for rubyman by root
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18121]: + ??? root:rubyman
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333544 of user rubyman.
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18121]: pam_unix(su:session): session closed for user rubyman
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333544.
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user test from 80.94.95.125 port 32501 ssh2
May  5 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Failed password for root from 223.108.170.210 port 2179 ssh2
May  5 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18024]: Connection closed by 223.108.170.210 port 2179 [preauth]
May  5 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user test from 80.94.95.125 port 32501 ssh2
May  5 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15326]: pam_unix(cron:session): session closed for user root
May  5 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18056]: pam_unix(cron:session): session closed for user samftp
May  5 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user test from 80.94.95.125 port 32501 ssh2
May  5 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Received disconnect from 80.94.95.125 port 32501:11: Bye [preauth]
May  5 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Disconnected from 80.94.95.125 port 32501 [preauth]
May  5 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Failed password for root from 223.108.170.210 port 2180 ssh2
May  5 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18248]: Connection closed by 223.108.170.210 port 2180 [preauth]
May  5 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: Failed password for root from 223.108.170.210 port 2181 ssh2
May  5 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: Connection closed by 223.108.170.210 port 2181 [preauth]
May  5 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Failed password for root from 223.108.170.210 port 2182 ssh2
May  5 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Connection closed by 223.108.170.210 port 2182 [preauth]
May  5 11:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17067]: pam_unix(cron:session): session closed for user root
May  5 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18379]: Failed password for root from 223.108.170.210 port 2183 ssh2
May  5 11:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18379]: Connection closed by 223.108.170.210 port 2183 [preauth]
May  5 11:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18423]: Failed password for root from 223.108.170.210 port 2184 ssh2
May  5 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18423]: Connection closed by 223.108.170.210 port 2184 [preauth]
May  5 11:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18450]: Failed password for root from 223.108.170.210 port 2185 ssh2
May  5 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18450]: Connection closed by 223.108.170.210 port 2185 [preauth]
May  5 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18487]: pam_unix(cron:session): session closed for user root
May  5 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18482]: pam_unix(cron:session): session closed for user p13x
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18549]: Successful su for rubyman by root
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18549]: + ??? root:rubyman
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333548 of user rubyman.
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18549]: pam_unix(su:session): session closed for user rubyman
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333548.
May  5 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: Failed password for root from 223.108.170.210 port 2186 ssh2
May  5 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: Connection closed by 223.108.170.210 port 2186 [preauth]
May  5 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18484]: pam_unix(cron:session): session closed for user root
May  5 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15722]: pam_unix(cron:session): session closed for user root
May  5 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18483]: pam_unix(cron:session): session closed for user samftp
May  5 11:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Failed password for root from 223.108.170.210 port 2187 ssh2
May  5 11:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18692]: Connection closed by 223.108.170.210 port 2187 [preauth]
May  5 11:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for root from 223.108.170.210 port 2188 ssh2
May  5 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Connection closed by 223.108.170.210 port 2188 [preauth]
May  5 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Failed password for root from 223.108.170.210 port 2189 ssh2
May  5 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18812]: Connection closed by 223.108.170.210 port 2189 [preauth]
May  5 11:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Invalid user nhat from 46.25.236.192
May  5 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: input_userauth_request: invalid user nhat [preauth]
May  5 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Failed password for invalid user nhat from 46.25.236.192 port 56692 ssh2
May  5 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Received disconnect from 46.25.236.192 port 56692:11: Bye Bye [preauth]
May  5 11:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Disconnected from 46.25.236.192 port 56692 [preauth]
May  5 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user root
May  5 11:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: Failed password for root from 223.108.170.210 port 2190 ssh2
May  5 11:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18836]: Connection closed by 223.108.170.210 port 2190 [preauth]
May  5 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Invalid user email from 190.60.51.173
May  5 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: input_userauth_request: invalid user email [preauth]
May  5 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Failed password for invalid user email from 190.60.51.173 port 35728 ssh2
May  5 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Received disconnect from 190.60.51.173 port 35728:11: Bye Bye [preauth]
May  5 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18879]: Disconnected from 190.60.51.173 port 35728 [preauth]
May  5 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: Invalid user user from 61.222.211.114
May  5 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: input_userauth_request: invalid user user [preauth]
May  5 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: Failed password for invalid user user from 61.222.211.114 port 51702 ssh2
May  5 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: Received disconnect from 61.222.211.114 port 51702:11: Bye Bye [preauth]
May  5 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18883]: Disconnected from 61.222.211.114 port 51702 [preauth]
May  5 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18881]: Failed password for root from 223.108.170.210 port 2191 ssh2
May  5 11:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18881]: Connection closed by 223.108.170.210 port 2191 [preauth]
May  5 11:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: Failed password for root from 223.108.170.210 port 2192 ssh2
May  5 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: Connection closed by 223.108.170.210 port 2192 [preauth]
May  5 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Invalid user dot from 193.32.162.134
May  5 11:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: input_userauth_request: invalid user dot [preauth]
May  5 11:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Failed password for invalid user dot from 193.32.162.134 port 42418 ssh2
May  5 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18929]: Connection closed by 193.32.162.134 port 42418 [preauth]
May  5 11:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18944]: pam_unix(cron:session): session closed for user p13x
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Failed password for root from 223.108.170.210 port 2193 ssh2
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19009]: Successful su for rubyman by root
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19009]: + ??? root:rubyman
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333553 of user rubyman.
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19009]: pam_unix(su:session): session closed for user rubyman
May  5 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333553.
May  5 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Connection closed by 223.108.170.210 port 2193 [preauth]
May  5 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16113]: pam_unix(cron:session): session closed for user root
May  5 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18945]: pam_unix(cron:session): session closed for user samftp
May  5 11:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Failed password for root from 223.108.170.210 port 2194 ssh2
May  5 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19092]: Connection closed by 223.108.170.210 port 2194 [preauth]
May  5 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 11:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Failed password for root from 223.108.170.210 port 2195 ssh2
May  5 11:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Failed password for root from 195.211.44.138 port 50286 ssh2
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: Invalid user ircd from 185.213.174.209
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: input_userauth_request: invalid user ircd [preauth]
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.174.209
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Received disconnect from 195.211.44.138 port 50286:11: Bye Bye [preauth]
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19234]: Disconnected from 195.211.44.138 port 50286 [preauth]
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Connection closed by 223.108.170.210 port 2195 [preauth]
May  5 11:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: Failed password for invalid user ircd from 185.213.174.209 port 39144 ssh2
May  5 11:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: Received disconnect from 185.213.174.209 port 39144:11: Bye Bye [preauth]
May  5 11:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: Disconnected from 185.213.174.209 port 39144 [preauth]
May  5 11:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: Failed password for root from 223.108.170.210 port 2196 ssh2
May  5 11:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19257]: Connection closed by 223.108.170.210 port 2196 [preauth]
May  5 11:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18059]: pam_unix(cron:session): session closed for user root
May  5 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Failed password for root from 223.108.170.210 port 2197 ssh2
May  5 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Connection closed by 223.108.170.210 port 2197 [preauth]
May  5 11:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: Failed password for root from 223.108.170.210 port 2198 ssh2
May  5 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19322]: Connection closed by 223.108.170.210 port 2198 [preauth]
May  5 11:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Invalid user dvr from 117.216.143.31
May  5 11:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: input_userauth_request: invalid user dvr [preauth]
May  5 11:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Failed password for invalid user dvr from 117.216.143.31 port 41582 ssh2
May  5 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Received disconnect from 117.216.143.31 port 41582:11: Bye Bye [preauth]
May  5 11:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19351]: Disconnected from 117.216.143.31 port 41582 [preauth]
May  5 11:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Failed password for root from 223.108.170.210 port 2199 ssh2
May  5 11:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Connection closed by 223.108.170.210 port 2199 [preauth]
May  5 11:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Failed password for root from 223.108.170.210 port 2200 ssh2
May  5 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19385]: pam_unix(cron:session): session closed for user p13x
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Connection closed by 223.108.170.210 port 2200 [preauth]
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: Successful su for rubyman by root
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: + ??? root:rubyman
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333557 of user rubyman.
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19447]: pam_unix(su:session): session closed for user rubyman
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333557.
May  5 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16600]: pam_unix(cron:session): session closed for user root
May  5 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19386]: pam_unix(cron:session): session closed for user samftp
May  5 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19463]: Failed password for root from 223.108.170.210 port 2201 ssh2
May  5 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19463]: Connection closed by 223.108.170.210 port 2201 [preauth]
May  5 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: Failed password for root from 223.108.170.210 port 2202 ssh2
May  5 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: Connection closed by 223.108.170.210 port 2202 [preauth]
May  5 11:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19689]: Failed password for root from 223.108.170.210 port 2203 ssh2
May  5 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19689]: Connection closed by 223.108.170.210 port 2203 [preauth]
May  5 11:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Invalid user gp from 46.101.74.125
May  5 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: input_userauth_request: invalid user gp [preauth]
May  5 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18486]: pam_unix(cron:session): session closed for user root
May  5 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Failed password for root from 223.108.170.210 port 2204 ssh2
May  5 11:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Failed password for invalid user gp from 46.101.74.125 port 48866 ssh2
May  5 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Received disconnect from 46.101.74.125 port 48866:11: Bye Bye [preauth]
May  5 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19738]: Disconnected from 46.101.74.125 port 48866 [preauth]
May  5 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Connection closed by 223.108.170.210 port 2204 [preauth]
May  5 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 11:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: Failed password for root from 119.160.193.12 port 53824 ssh2
May  5 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Failed password for root from 223.108.170.210 port 2205 ssh2
May  5 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: Received disconnect from 119.160.193.12 port 53824:11: Bye Bye [preauth]
May  5 11:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19765]: Disconnected from 119.160.193.12 port 53824 [preauth]
May  5 11:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Connection closed by 223.108.170.210 port 2205 [preauth]
May  5 11:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Failed password for root from 223.108.170.210 port 2206 ssh2
May  5 11:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19789]: Connection closed by 223.108.170.210 port 2206 [preauth]
May  5 11:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Failed password for root from 223.108.170.210 port 2207 ssh2
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19808]: Connection closed by 223.108.170.210 port 2207 [preauth]
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session closed for user p13x
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: Successful su for rubyman by root
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: + ??? root:rubyman
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333562 of user rubyman.
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: pam_unix(su:session): session closed for user rubyman
May  5 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333562.
May  5 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17066]: pam_unix(cron:session): session closed for user root
May  5 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session closed for user samftp
May  5 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19871]: Failed password for root from 223.108.170.210 port 2208 ssh2
May  5 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19871]: Connection closed by 223.108.170.210 port 2208 [preauth]
May  5 11:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: Failed password for root from 223.108.170.210 port 2209 ssh2
May  5 11:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20084]: Connection closed by 223.108.170.210 port 2209 [preauth]
May  5 11:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6  user=root
May  5 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Failed password for root from 45.176.12.6 port 35114 ssh2
May  5 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Received disconnect from 45.176.12.6 port 35114:11: Bye Bye [preauth]
May  5 11:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20114]: Disconnected from 45.176.12.6 port 35114 [preauth]
May  5 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Invalid user stream from 164.68.105.9
May  5 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: input_userauth_request: invalid user stream [preauth]
May  5 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 11:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for invalid user stream from 164.68.105.9 port 36918 ssh2
May  5 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: Failed password for root from 223.108.170.210 port 2210 ssh2
May  5 11:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 164.68.105.9 port 36918 [preauth]
May  5 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20112]: Connection closed by 223.108.170.210 port 2210 [preauth]
May  5 11:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: Failed password for root from 223.108.170.210 port 2211 ssh2
May  5 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18947]: pam_unix(cron:session): session closed for user root
May  5 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: Connection closed by 223.108.170.210 port 2211 [preauth]
May  5 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: Failed password for root from 223.108.170.210 port 2212 ssh2
May  5 11:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: Connection closed by 223.108.170.210 port 2212 [preauth]
May  5 11:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Failed password for root from 223.108.170.210 port 2213 ssh2
May  5 11:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Connection closed by 223.108.170.210 port 2213 [preauth]
May  5 11:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20221]: Failed password for root from 223.108.170.210 port 2214 ssh2
May  5 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20221]: Connection closed by 223.108.170.210 port 2214 [preauth]
May  5 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session closed for user p13x
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20303]: Successful su for rubyman by root
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20303]: + ??? root:rubyman
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333565 of user rubyman.
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20303]: pam_unix(su:session): session closed for user rubyman
May  5 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333565.
May  5 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user root
May  5 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20243]: pam_unix(cron:session): session closed for user samftp
May  5 11:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Failed password for root from 223.108.170.210 port 2215 ssh2
May  5 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Connection closed by 223.108.170.210 port 2215 [preauth]
May  5 11:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: Failed password for root from 223.108.170.210 port 2216 ssh2
May  5 11:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20491]: Connection closed by 223.108.170.210 port 2216 [preauth]
May  5 11:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Failed password for root from 223.108.170.210 port 2217 ssh2
May  5 11:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20525]: Connection closed by 223.108.170.210 port 2217 [preauth]
May  5 11:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Invalid user admin from 117.216.143.31
May  5 11:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: input_userauth_request: invalid user admin [preauth]
May  5 11:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user admin from 117.216.143.31 port 44714 ssh2
May  5 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Received disconnect from 117.216.143.31 port 44714:11: Bye Bye [preauth]
May  5 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Disconnected from 117.216.143.31 port 44714 [preauth]
May  5 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Failed password for root from 223.108.170.210 port 2218 ssh2
May  5 11:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20557]: Connection closed by 223.108.170.210 port 2218 [preauth]
May  5 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19388]: pam_unix(cron:session): session closed for user root
May  5 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Failed password for root from 223.108.170.210 port 2219 ssh2
May  5 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Connection closed by 223.108.170.210 port 2219 [preauth]
May  5 11:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Failed password for root from 223.108.170.210 port 2220 ssh2
May  5 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: User mysql from 103.176.78.28 not allowed because not listed in AllowUsers
May  5 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: input_userauth_request: invalid user mysql [preauth]
May  5 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28  user=mysql
May  5 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20608]: Connection closed by 223.108.170.210 port 2220 [preauth]
May  5 11:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Failed password for invalid user mysql from 103.176.78.28 port 48146 ssh2
May  5 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Received disconnect from 103.176.78.28 port 48146:11: Bye Bye [preauth]
May  5 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20631]: Disconnected from 103.176.78.28 port 48146 [preauth]
May  5 11:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Failed password for root from 223.108.170.210 port 2221 ssh2
May  5 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Connection closed by 223.108.170.210 port 2221 [preauth]
May  5 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
May  5 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session closed for user p13x
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: Successful su for rubyman by root
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: + ??? root:rubyman
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333574 of user rubyman.
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20736]: pam_unix(su:session): session closed for user rubyman
May  5 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333574.
May  5 11:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18058]: pam_unix(cron:session): session closed for user root
May  5 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session closed for user root
May  5 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for root from 218.92.0.204 port 27102 ssh2
May  5 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20652]: Failed password for root from 223.108.170.210 port 2222 ssh2
May  5 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session closed for user samftp
May  5 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20652]: Connection closed by 223.108.170.210 port 2222 [preauth]
May  5 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for root from 218.92.0.204 port 27102 ssh2
May  5 11:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for root from 218.92.0.204 port 27102 ssh2
May  5 11:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for root from 218.92.0.204 port 27102 ssh2
May  5 11:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Failed password for root from 223.108.170.210 port 2223 ssh2
May  5 11:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Connection closed by 223.108.170.210 port 2223 [preauth]
May  5 11:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for root from 218.92.0.204 port 27102 ssh2
May  5 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 27102 ssh2 [preauth]
May  5 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Disconnecting: Too many authentication failures [preauth]
May  5 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Invalid user an from 124.198.59.254
May  5 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: input_userauth_request: invalid user an [preauth]
May  5 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  5 11:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Failed password for invalid user an from 124.198.59.254 port 52344 ssh2
May  5 11:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20964]: Connection closed by 124.198.59.254 port 52344 [preauth]
May  5 11:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Failed password for root from 223.108.170.210 port 2224 ssh2
May  5 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20987]: Connection closed by 223.108.170.210 port 2224 [preauth]
May  5 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Failed password for root from 223.108.170.210 port 2225 ssh2
May  5 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session closed for user root
May  5 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21008]: Connection closed by 223.108.170.210 port 2225 [preauth]
May  5 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Failed password for root from 223.108.170.210 port 2226 ssh2
May  5 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: Failed password for root from 46.25.236.192 port 36802 ssh2
May  5 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: Received disconnect from 46.25.236.192 port 36802:11: Bye Bye [preauth]
May  5 11:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21070]: Disconnected from 46.25.236.192 port 36802 [preauth]
May  5 11:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21046]: Connection closed by 223.108.170.210 port 2226 [preauth]
May  5 11:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Failed password for root from 223.108.170.210 port 2227 ssh2
May  5 11:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21072]: Connection closed by 223.108.170.210 port 2227 [preauth]
May  5 11:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Invalid user windows from 190.60.51.173
May  5 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: input_userauth_request: invalid user windows [preauth]
May  5 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for invalid user windows from 190.60.51.173 port 49426 ssh2
May  5 11:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Received disconnect from 190.60.51.173 port 49426:11: Bye Bye [preauth]
May  5 11:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Disconnected from 190.60.51.173 port 49426 [preauth]
May  5 11:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Failed password for root from 223.108.170.210 port 2228 ssh2
May  5 11:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21107]: Connection closed by 223.108.170.210 port 2228 [preauth]
May  5 11:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user p13x
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: Successful su for rubyman by root
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: + ??? root:rubyman
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333576 of user rubyman.
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: pam_unix(su:session): session closed for user rubyman
May  5 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333576.
May  5 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Invalid user ltsp169 from 61.222.211.114
May  5 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: input_userauth_request: invalid user ltsp169 [preauth]
May  5 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18485]: pam_unix(cron:session): session closed for user root
May  5 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for root from 223.108.170.210 port 2229 ssh2
May  5 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21134]: pam_unix(cron:session): session closed for user samftp
May  5 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Failed password for invalid user ltsp169 from 61.222.211.114 port 53786 ssh2
May  5 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Received disconnect from 61.222.211.114 port 53786:11: Bye Bye [preauth]
May  5 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21378]: Disconnected from 61.222.211.114 port 53786 [preauth]
May  5 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 223.108.170.210 port 2229 [preauth]
May  5 11:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Invalid user stptbdd from 116.193.191.90
May  5 11:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: input_userauth_request: invalid user stptbdd [preauth]
May  5 11:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 11:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Failed password for invalid user stptbdd from 116.193.191.90 port 33718 ssh2
May  5 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Invalid user djq19 from 195.211.44.138
May  5 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: input_userauth_request: invalid user djq19 [preauth]
May  5 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Received disconnect from 116.193.191.90 port 33718:11: Bye Bye [preauth]
May  5 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Disconnected from 116.193.191.90 port 33718 [preauth]
May  5 11:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Failed password for root from 223.108.170.210 port 2230 ssh2
May  5 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Failed password for invalid user djq19 from 195.211.44.138 port 50412 ssh2
May  5 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Received disconnect from 195.211.44.138 port 50412:11: Bye Bye [preauth]
May  5 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Disconnected from 195.211.44.138 port 50412 [preauth]
May  5 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Connection closed by 223.108.170.210 port 2230 [preauth]
May  5 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: Failed password for root from 223.108.170.210 port 2231 ssh2
May  5 11:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21460]: Connection closed by 223.108.170.210 port 2231 [preauth]
May  5 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: Failed password for root from 223.108.170.210 port 2232 ssh2
May  5 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: Connection closed by 223.108.170.210 port 2232 [preauth]
May  5 11:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session closed for user root
May  5 11:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Failed password for root from 223.108.170.210 port 2233 ssh2
May  5 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Connection closed by 223.108.170.210 port 2233 [preauth]
May  5 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21543]: Failed password for root from 223.108.170.210 port 2234 ssh2
May  5 11:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21543]: Connection closed by 223.108.170.210 port 2234 [preauth]
May  5 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Failed password for root from 46.101.74.125 port 35154 ssh2
May  5 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Received disconnect from 46.101.74.125 port 35154:11: Bye Bye [preauth]
May  5 11:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21577]: Disconnected from 46.101.74.125 port 35154 [preauth]
May  5 11:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for root from 223.108.170.210 port 2235 ssh2
May  5 11:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Connection closed by 223.108.170.210 port 2235 [preauth]
May  5 11:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user p13x
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: Successful su for rubyman by root
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: + ??? root:rubyman
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333579 of user rubyman.
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21687]: pam_unix(su:session): session closed for user rubyman
May  5 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333579.
May  5 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18946]: pam_unix(cron:session): session closed for user root
May  5 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user samftp
May  5 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: Failed password for root from 223.108.170.210 port 2236 ssh2
May  5 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21601]: Connection closed by 223.108.170.210 port 2236 [preauth]
May  5 11:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Failed password for root from 223.108.170.210 port 2237 ssh2
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Invalid user trx from 193.32.162.134
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: input_userauth_request: invalid user trx [preauth]
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22165]: Connection closed by 223.108.170.210 port 2237 [preauth]
May  5 11:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Failed password for invalid user trx from 193.32.162.134 port 54470 ssh2
May  5 11:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22193]: Connection closed by 193.32.162.134 port 54470 [preauth]
May  5 11:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Failed password for root from 218.92.0.179 port 59045 ssh2
May  5 11:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Failed password for root from 218.92.0.179 port 59045 ssh2
May  5 11:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Failed password for root from 218.92.0.179 port 59045 ssh2
May  5 11:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Received disconnect from 218.92.0.179 port 59045:11:  [preauth]
May  5 11:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Disconnected from 218.92.0.179 port 59045 [preauth]
May  5 11:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Failed password for root from 223.108.170.210 port 2238 ssh2
May  5 11:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Connection closed by 223.108.170.210 port 2238 [preauth]
May  5 11:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for root from 223.108.170.210 port 2239 ssh2
May  5 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Connection closed by 223.108.170.210 port 2239 [preauth]
May  5 11:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session closed for user root
May  5 11:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Invalid user malik from 45.176.12.6
May  5 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: input_userauth_request: invalid user malik [preauth]
May  5 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.176.12.6
May  5 11:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Failed password for root from 223.108.170.210 port 2240 ssh2
May  5 11:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22269]: Connection closed by 223.108.170.210 port 2240 [preauth]
May  5 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Failed password for invalid user malik from 45.176.12.6 port 38076 ssh2
May  5 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Received disconnect from 45.176.12.6 port 38076:11: Bye Bye [preauth]
May  5 11:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22304]: Disconnected from 45.176.12.6 port 38076 [preauth]
May  5 11:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: Failed password for root from 223.108.170.210 port 2241 ssh2
May  5 11:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: Connection closed by 223.108.170.210 port 2241 [preauth]
May  5 11:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: Failed password for root from 223.108.170.210 port 2242 ssh2
May  5 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22346]: Connection closed by 223.108.170.210 port 2242 [preauth]
May  5 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session closed for user p13x
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22463]: Successful su for rubyman by root
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22463]: + ??? root:rubyman
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333584 of user rubyman.
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22463]: pam_unix(su:session): session closed for user rubyman
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333584.
May  5 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Failed password for root from 223.108.170.210 port 2243 ssh2
May  5 11:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19387]: pam_unix(cron:session): session closed for user root
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22365]: Connection closed by 223.108.170.210 port 2243 [preauth]
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Invalid user postgres from 119.160.193.12
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: input_userauth_request: invalid user postgres [preauth]
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session closed for user samftp
May  5 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Failed password for invalid user postgres from 119.160.193.12 port 33594 ssh2
May  5 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Received disconnect from 119.160.193.12 port 33594:11: Bye Bye [preauth]
May  5 11:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22610]: Disconnected from 119.160.193.12 port 33594 [preauth]
May  5 11:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Failed password for root from 223.108.170.210 port 2244 ssh2
May  5 11:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22646]: Connection closed by 223.108.170.210 port 2244 [preauth]
May  5 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Failed password for root from 223.108.170.210 port 2245 ssh2
May  5 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22685]: Connection closed by 223.108.170.210 port 2245 [preauth]
May  5 11:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: Failed password for root from 223.108.170.210 port 2246 ssh2
May  5 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: Connection closed by 223.108.170.210 port 2246 [preauth]
May  5 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session closed for user root
May  5 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Failed password for root from 223.108.170.210 port 2247 ssh2
May  5 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Connection closed by 223.108.170.210 port 2247 [preauth]
May  5 11:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22786]: Failed password for root from 223.108.170.210 port 2248 ssh2
May  5 11:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22786]: Connection closed by 223.108.170.210 port 2248 [preauth]
May  5 11:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for root from 223.108.170.210 port 2249 ssh2
May  5 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Connection closed by 223.108.170.210 port 2249 [preauth]
May  5 11:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22837]: Failed password for root from 223.108.170.210 port 2250 ssh2
May  5 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session closed for user p13x
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: Successful su for rubyman by root
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: + ??? root:rubyman
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333587 of user rubyman.
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22921]: pam_unix(su:session): session closed for user rubyman
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333587.
May  5 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22837]: Connection closed by 223.108.170.210 port 2250 [preauth]
May  5 11:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19822]: pam_unix(cron:session): session closed for user root
May  5 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22851]: pam_unix(cron:session): session closed for user samftp
May  5 11:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Failed password for root from 223.108.170.210 port 2251 ssh2
May  5 11:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23021]: Connection closed by 223.108.170.210 port 2251 [preauth]
May  5 11:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23145]: Failed password for root from 223.108.170.210 port 2252 ssh2
May  5 11:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23145]: Connection closed by 223.108.170.210 port 2252 [preauth]
May  5 11:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for root from 223.108.170.210 port 2253 ssh2
May  5 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Connection closed by 223.108.170.210 port 2253 [preauth]
May  5 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session closed for user root
May  5 11:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: Failed password for root from 223.108.170.210 port 2254 ssh2
May  5 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23213]: Connection closed by 223.108.170.210 port 2254 [preauth]
May  5 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Failed password for root from 223.108.170.210 port 2255 ssh2
May  5 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Connection closed by 223.108.170.210 port 2255 [preauth]
May  5 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31  user=root
May  5 11:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Failed password for root from 223.108.170.210 port 2256 ssh2
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Failed password for root from 117.216.143.31 port 52990 ssh2
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Invalid user admin from 80.94.95.112
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: input_userauth_request: invalid user admin [preauth]
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Received disconnect from 117.216.143.31 port 52990:11: Bye Bye [preauth]
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Disconnected from 117.216.143.31 port 52990 [preauth]
May  5 11:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Connection closed by 223.108.170.210 port 2256 [preauth]
May  5 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user admin from 80.94.95.112 port 33945 ssh2
May  5 11:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user admin from 80.94.95.112 port 33945 ssh2
May  5 11:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user admin from 80.94.95.112 port 33945 ssh2
May  5 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session closed for user root
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23399]: pam_unix(cron:session): session closed for user p13x
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23476]: Successful su for rubyman by root
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23476]: + ??? root:rubyman
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333592 of user rubyman.
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23476]: pam_unix(su:session): session closed for user rubyman
May  5 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333592.
May  5 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user admin from 80.94.95.112 port 33945 ssh2
May  5 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Failed password for root from 223.108.170.210 port 2257 ssh2
May  5 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session closed for user root
May  5 11:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Connection closed by 223.108.170.210 port 2257 [preauth]
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user admin from 80.94.95.112 port 33945 ssh2
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session closed for user root
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Received disconnect from 80.94.95.112 port 33945:11: Bye [preauth]
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Disconnected from 80.94.95.112 port 33945 [preauth]
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session closed for user samftp
May  5 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: Invalid user eyftpuser from 46.244.96.25
May  5 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: input_userauth_request: invalid user eyftpuser [preauth]
May  5 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: Failed password for invalid user eyftpuser from 46.244.96.25 port 51486 ssh2
May  5 11:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: Connection closed by 46.244.96.25 port 51486 [preauth]
May  5 11:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for root from 223.108.170.210 port 2258 ssh2
May  5 11:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Connection closed by 223.108.170.210 port 2258 [preauth]
May  5 11:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: Failed password for root from 223.108.170.210 port 2259 ssh2
May  5 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23701]: Connection closed by 223.108.170.210 port 2259 [preauth]
May  5 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Failed password for root from 223.108.170.210 port 2260 ssh2
May  5 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Connection closed by 223.108.170.210 port 2260 [preauth]
May  5 11:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22382]: pam_unix(cron:session): session closed for user root
May  5 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Failed password for root from 223.108.170.210 port 2261 ssh2
May  5 11:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Connection closed by 223.108.170.210 port 2261 [preauth]
May  5 11:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: Connection closed by 46.210.200.26 port 11545 [preauth]
May  5 11:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: Failed password for root from 223.108.170.210 port 2262 ssh2
May  5 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: Connection closed by 223.108.170.210 port 2262 [preauth]
May  5 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  5 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23955]: Did not receive identification string from 216.10.247.13
May  5 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Failed password for root from 223.108.170.210 port 2263 ssh2
May  5 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Failed password for root from 46.25.236.192 port 45138 ssh2
May  5 11:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Received disconnect from 46.25.236.192 port 45138:11: Bye Bye [preauth]
May  5 11:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23937]: Disconnected from 46.25.236.192 port 45138 [preauth]
May  5 11:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Connection closed by 223.108.170.210 port 2263 [preauth]
May  5 11:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Failed password for root from 223.108.170.210 port 2264 ssh2
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user p13x
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: Successful su for rubyman by root
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: + ??? root:rubyman
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333599 of user rubyman.
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24057]: pam_unix(su:session): session closed for user rubyman
May  5 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333599.
May  5 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Connection closed by 223.108.170.210 port 2264 [preauth]
May  5 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session closed for user root
May  5 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session closed for user samftp
May  5 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: Failed password for root from 46.101.74.125 port 51292 ssh2
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: Received disconnect from 46.101.74.125 port 51292:11: Bye Bye [preauth]
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24246]: Disconnected from 46.101.74.125 port 51292 [preauth]
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Invalid user ircd from 190.60.51.173
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: input_userauth_request: invalid user ircd [preauth]
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Failed password for root from 223.108.170.210 port 2265 ssh2
May  5 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Failed password for invalid user ircd from 190.60.51.173 port 41596 ssh2
May  5 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Received disconnect from 190.60.51.173 port 41596:11: Bye Bye [preauth]
May  5 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24258]: Disconnected from 190.60.51.173 port 41596 [preauth]
May  5 11:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24132]: Connection closed by 223.108.170.210 port 2265 [preauth]
May  5 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: Invalid user liuzy from 195.211.44.138
May  5 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: input_userauth_request: invalid user liuzy [preauth]
May  5 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: Failed password for invalid user liuzy from 195.211.44.138 port 50540 ssh2
May  5 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: Received disconnect from 195.211.44.138 port 50540:11: Bye Bye [preauth]
May  5 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24290]: Disconnected from 195.211.44.138 port 50540 [preauth]
May  5 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: Failed password for root from 223.108.170.210 port 2266 ssh2
May  5 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24261]: Connection closed by 223.108.170.210 port 2266 [preauth]
May  5 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Invalid user ubuntu from 103.176.78.28
May  5 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: input_userauth_request: invalid user ubuntu [preauth]
May  5 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Failed password for invalid user ubuntu from 103.176.78.28 port 48030 ssh2
May  5 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Received disconnect from 103.176.78.28 port 48030:11: Bye Bye [preauth]
May  5 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24304]: Disconnected from 103.176.78.28 port 48030 [preauth]
May  5 11:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Failed password for root from 223.108.170.210 port 2267 ssh2
May  5 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: Invalid user ssc from 61.222.211.114
May  5 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: input_userauth_request: invalid user ssc [preauth]
May  5 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114
May  5 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Connection closed by 223.108.170.210 port 2267 [preauth]
May  5 11:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: Failed password for invalid user ssc from 61.222.211.114 port 44098 ssh2
May  5 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: Received disconnect from 61.222.211.114 port 44098:11: Bye Bye [preauth]
May  5 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24341]: Disconnected from 61.222.211.114 port 44098 [preauth]
May  5 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22853]: pam_unix(cron:session): session closed for user root
May  5 11:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Failed password for root from 223.108.170.210 port 2268 ssh2
May  5 11:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Connection closed by 223.108.170.210 port 2268 [preauth]
May  5 11:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for root from 223.108.170.210 port 2269 ssh2
May  5 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Connection closed by 223.108.170.210 port 2269 [preauth]
May  5 11:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for root from 223.108.170.210 port 2270 ssh2
May  5 11:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Connection closed by 223.108.170.210 port 2270 [preauth]
May  5 11:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user p13x
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Failed password for root from 223.108.170.210 port 2271 ssh2
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24515]: Successful su for rubyman by root
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24515]: + ??? root:rubyman
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333601 of user rubyman.
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24515]: pam_unix(su:session): session closed for user rubyman
May  5 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333601.
May  5 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24439]: Connection closed by 223.108.170.210 port 2271 [preauth]
May  5 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21135]: pam_unix(cron:session): session closed for user root
May  5 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user samftp
May  5 11:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Failed password for root from 223.108.170.210 port 2272 ssh2
May  5 11:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Connection closed by 223.108.170.210 port 2272 [preauth]
May  5 11:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for root from 223.108.170.210 port 2273 ssh2
May  5 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Connection closed by 223.108.170.210 port 2273 [preauth]
May  5 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Failed password for root from 223.108.170.210 port 2274 ssh2
May  5 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Connection closed by 223.108.170.210 port 2274 [preauth]
May  5 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session closed for user root
May  5 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Invalid user tes from 117.216.143.31
May  5 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: input_userauth_request: invalid user tes [preauth]
May  5 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Failed password for root from 223.108.170.210 port 2275 ssh2
May  5 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Failed password for invalid user tes from 117.216.143.31 port 48590 ssh2
May  5 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Connection closed by 223.108.170.210 port 2275 [preauth]
May  5 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Received disconnect from 117.216.143.31 port 48590:11: Bye Bye [preauth]
May  5 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Disconnected from 117.216.143.31 port 48590 [preauth]
May  5 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Failed password for root from 223.108.170.210 port 2276 ssh2
May  5 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24823]: Connection closed by 223.108.170.210 port 2276 [preauth]
May  5 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Invalid user dell from 116.193.191.90
May  5 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: input_userauth_request: invalid user dell [preauth]
May  5 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 11:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Failed password for invalid user dell from 116.193.191.90 port 39534 ssh2
May  5 11:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Received disconnect from 116.193.191.90 port 39534:11: Bye Bye [preauth]
May  5 11:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24846]: Disconnected from 116.193.191.90 port 39534 [preauth]
May  5 11:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24849]: Failed password for root from 223.108.170.210 port 2277 ssh2
May  5 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24849]: Connection closed by 223.108.170.210 port 2277 [preauth]
May  5 11:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Failed password for root from 223.108.170.210 port 2278 ssh2
May  5 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session closed for user p13x
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: Successful su for rubyman by root
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: + ??? root:rubyman
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24872]: Connection closed by 223.108.170.210 port 2278 [preauth]
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333608 of user rubyman.
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: pam_unix(su:session): session closed for user rubyman
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333608.
May  5 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session closed for user root
May  5 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session closed for user samftp
May  5 11:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Failed password for root from 223.108.170.210 port 2279 ssh2
May  5 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24984]: Connection closed by 223.108.170.210 port 2279 [preauth]
May  5 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Failed password for root from 223.108.170.210 port 2280 ssh2
May  5 11:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Connection closed by 223.108.170.210 port 2280 [preauth]
May  5 11:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12  user=root
May  5 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Failed password for root from 119.160.193.12 port 39800 ssh2
May  5 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Received disconnect from 119.160.193.12 port 39800:11: Bye Bye [preauth]
May  5 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Disconnected from 119.160.193.12 port 39800 [preauth]
May  5 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25183]: Failed password for root from 223.108.170.210 port 2281 ssh2
May  5 11:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25183]: Connection closed by 223.108.170.210 port 2281 [preauth]
May  5 11:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23980]: pam_unix(cron:session): session closed for user root
May  5 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: Invalid user ltc from 193.32.162.134
May  5 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: input_userauth_request: invalid user ltc [preauth]
May  5 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: Failed password for invalid user ltc from 193.32.162.134 port 38290 ssh2
May  5 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: Failed password for root from 223.108.170.210 port 2282 ssh2
May  5 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25221]: Connection closed by 193.32.162.134 port 38290 [preauth]
May  5 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: Connection closed by 223.108.170.210 port 2282 [preauth]
May  5 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25255]: Failed password for root from 223.108.170.210 port 2283 ssh2
May  5 11:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25255]: Connection closed by 223.108.170.210 port 2283 [preauth]
May  5 11:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Failed password for root from 223.108.170.210 port 2284 ssh2
May  5 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Connection closed by 223.108.170.210 port 2284 [preauth]
May  5 11:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session closed for user p13x
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25393]: Successful su for rubyman by root
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25393]: + ??? root:rubyman
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333611 of user rubyman.
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25393]: pam_unix(su:session): session closed for user rubyman
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25305]: Failed password for root from 223.108.170.210 port 2285 ssh2
May  5 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333611.
May  5 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25305]: Connection closed by 223.108.170.210 port 2285 [preauth]
May  5 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22381]: pam_unix(cron:session): session closed for user root
May  5 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session closed for user samftp
May  5 11:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Failed password for root from 223.108.170.210 port 2286 ssh2
May  5 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25593]: Did not receive identification string from 198.235.24.82
May  5 11:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25494]: Connection closed by 223.108.170.210 port 2286 [preauth]
May  5 11:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Failed password for root from 223.108.170.210 port 2287 ssh2
May  5 11:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Connection closed by 223.108.170.210 port 2287 [preauth]
May  5 11:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25618]: Failed password for root from 223.108.170.210 port 2288 ssh2
May  5 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25618]: Connection closed by 223.108.170.210 port 2288 [preauth]
May  5 11:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session closed for user root
May  5 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Failed password for root from 223.108.170.210 port 2289 ssh2
May  5 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Connection closed by 223.108.170.210 port 2289 [preauth]
May  5 11:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: Failed password for root from 223.108.170.210 port 2290 ssh2
May  5 11:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25684]: Connection closed by 223.108.170.210 port 2290 [preauth]
May  5 11:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Failed password for root from 223.108.170.210 port 2291 ssh2
May  5 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25716]: Connection closed by 223.108.170.210 port 2291 [preauth]
May  5 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for root from 223.108.170.210 port 2292 ssh2
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25751]: pam_unix(cron:session): session closed for user root
May  5 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session closed for user p13x
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Connection closed by 223.108.170.210 port 2292 [preauth]
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: Successful su for rubyman by root
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: + ??? root:rubyman
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333613 of user rubyman.
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: pam_unix(su:session): session closed for user rubyman
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333613.
May  5 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user root
May  5 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22852]: pam_unix(cron:session): session closed for user root
May  5 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session closed for user samftp
May  5 11:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Failed password for root from 223.108.170.210 port 2293 ssh2
May  5 11:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Connection closed by 223.108.170.210 port 2293 [preauth]
May  5 11:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Failed password for root from 223.108.170.210 port 2294 ssh2
May  5 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Connection closed by 223.108.170.210 port 2294 [preauth]
May  5 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Invalid user on from 117.216.143.31
May  5 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: input_userauth_request: invalid user on [preauth]
May  5 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Failed password for invalid user on from 117.216.143.31 port 42582 ssh2
May  5 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Received disconnect from 117.216.143.31 port 42582:11: Bye Bye [preauth]
May  5 11:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Disconnected from 117.216.143.31 port 42582 [preauth]
May  5 11:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Failed password for root from 223.108.170.210 port 2295 ssh2
May  5 11:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26067]: Connection closed by 223.108.170.210 port 2295 [preauth]
May  5 11:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24889]: pam_unix(cron:session): session closed for user root
May  5 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: Failed password for root from 46.101.74.125 port 47516 ssh2
May  5 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: Received disconnect from 46.101.74.125 port 47516:11: Bye Bye [preauth]
May  5 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26103]: Disconnected from 46.101.74.125 port 47516 [preauth]
May  5 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26093]: Failed password for root from 223.108.170.210 port 2296 ssh2
May  5 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26093]: Connection closed by 223.108.170.210 port 2296 [preauth]
May  5 11:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for root from 223.108.170.210 port 2297 ssh2
May  5 11:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Connection closed by 223.108.170.210 port 2297 [preauth]
May  5 11:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: Failed password for root from 223.108.170.210 port 2298 ssh2
May  5 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: Connection closed by 223.108.170.210 port 2298 [preauth]
May  5 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26177]: Failed password for root from 223.108.170.210 port 2299 ssh2
May  5 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26177]: Connection closed by 223.108.170.210 port 2299 [preauth]
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session closed for user p13x
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26257]: Successful su for rubyman by root
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26257]: + ??? root:rubyman
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333620 of user rubyman.
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26257]: pam_unix(su:session): session closed for user rubyman
May  5 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333620.
May  5 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session closed for user root
May  5 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Invalid user malik from 46.25.236.192
May  5 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: input_userauth_request: invalid user malik [preauth]
May  5 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26190]: pam_unix(cron:session): session closed for user samftp
May  5 11:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Failed password for invalid user malik from 46.25.236.192 port 53486 ssh2
May  5 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Received disconnect from 46.25.236.192 port 53486:11: Bye Bye [preauth]
May  5 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26435]: Disconnected from 46.25.236.192 port 53486 [preauth]
May  5 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Failed password for root from 223.108.170.210 port 2300 ssh2
May  5 11:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26187]: Connection closed by 223.108.170.210 port 2300 [preauth]
May  5 11:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Failed password for root from 223.108.170.210 port 2301 ssh2
May  5 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26534]: Connection closed by 223.108.170.210 port 2301 [preauth]
May  5 11:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Invalid user user from 195.211.44.138
May  5 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: input_userauth_request: invalid user user [preauth]
May  5 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for invalid user user from 195.211.44.138 port 50662 ssh2
May  5 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Received disconnect from 195.211.44.138 port 50662:11: Bye Bye [preauth]
May  5 11:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Disconnected from 195.211.44.138 port 50662 [preauth]
May  5 11:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Failed password for root from 223.108.170.210 port 2302 ssh2
May  5 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26567]: Connection closed by 223.108.170.210 port 2302 [preauth]
May  5 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25329]: pam_unix(cron:session): session closed for user root
May  5 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Invalid user yan from 190.60.51.173
May  5 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: input_userauth_request: invalid user yan [preauth]
May  5 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Failed password for root from 223.108.170.210 port 2303 ssh2
May  5 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Failed password for invalid user yan from 190.60.51.173 port 35452 ssh2
May  5 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26595]: Connection closed by 223.108.170.210 port 2303 [preauth]
May  5 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Received disconnect from 190.60.51.173 port 35452:11: Bye Bye [preauth]
May  5 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26613]: Disconnected from 190.60.51.173 port 35452 [preauth]
May  5 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Failed password for root from 223.108.170.210 port 2304 ssh2
May  5 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26636]: Connection closed by 223.108.170.210 port 2304 [preauth]
May  5 11:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26662]: Failed password for root from 223.108.170.210 port 2305 ssh2
May  5 11:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26662]: Connection closed by 223.108.170.210 port 2305 [preauth]
May  5 11:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: Failed password for root from 223.108.170.210 port 2306 ssh2
May  5 11:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26680]: Connection closed by 223.108.170.210 port 2306 [preauth]
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.222.211.114  user=root
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26705]: pam_unix(cron:session): session closed for user p13x
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: Successful su for rubyman by root
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: + ??? root:rubyman
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333624 of user rubyman.
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: pam_unix(su:session): session closed for user rubyman
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333624.
May  5 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26696]: Failed password for root from 61.222.211.114 port 37546 ssh2
May  5 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26696]: Received disconnect from 61.222.211.114 port 37546:11: Bye Bye [preauth]
May  5 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26696]: Disconnected from 61.222.211.114 port 37546 [preauth]
May  5 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23979]: pam_unix(cron:session): session closed for user root
May  5 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26706]: pam_unix(cron:session): session closed for user samftp
May  5 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: Failed password for root from 223.108.170.210 port 2307 ssh2
May  5 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: Connection closed by 223.108.170.210 port 2307 [preauth]
May  5 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 11:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: Failed password for root from 176.31.162.135 port 48324 ssh2
May  5 11:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26990]: Connection closed by 176.31.162.135 port 48324 [preauth]
May  5 11:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26992]: Failed password for root from 223.108.170.210 port 2308 ssh2
May  5 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26992]: Connection closed by 223.108.170.210 port 2308 [preauth]
May  5 11:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: Failed password for root from 223.108.170.210 port 2309 ssh2
May  5 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27041]: Connection closed by 223.108.170.210 port 2309 [preauth]
May  5 11:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25750]: pam_unix(cron:session): session closed for user root
May  5 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Failed password for root from 223.108.170.210 port 2310 ssh2
May  5 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27084]: Connection closed by 223.108.170.210 port 2310 [preauth]
May  5 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Invalid user ubnt from 80.94.95.241
May  5 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: input_userauth_request: invalid user ubnt [preauth]
May  5 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 11:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for invalid user ubnt from 80.94.95.241 port 25818 ssh2
May  5 11:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for invalid user ubnt from 80.94.95.241 port 25818 ssh2
May  5 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for invalid user ubnt from 80.94.95.241 port 25818 ssh2
May  5 11:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Failed password for root from 223.108.170.210 port 2311 ssh2
May  5 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Invalid user shcho from 103.176.78.28
May  5 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: input_userauth_request: invalid user shcho [preauth]
May  5 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27119]: Connection closed by 223.108.170.210 port 2311 [preauth]
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for invalid user ubnt from 80.94.95.241 port 25818 ssh2
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for invalid user shcho from 103.176.78.28 port 45090 ssh2
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Received disconnect from 103.176.78.28 port 45090:11: Bye Bye [preauth]
May  5 11:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Disconnected from 103.176.78.28 port 45090 [preauth]
May  5 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for invalid user ubnt from 80.94.95.241 port 25818 ssh2
May  5 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Received disconnect from 80.94.95.241 port 25818:11: Bye [preauth]
May  5 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Disconnected from 80.94.95.241 port 25818 [preauth]
May  5 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 11:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 11:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Failed password for root from 223.108.170.210 port 2312 ssh2
May  5 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Connection closed by 223.108.170.210 port 2312 [preauth]
May  5 11:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Invalid user admin from 139.19.117.131
May  5 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: input_userauth_request: invalid user admin [preauth]
May  5 11:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Failed password for root from 223.108.170.210 port 2313 ssh2
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Connection closed by 223.108.170.210 port 2313 [preauth]
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user p13x
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: Successful su for rubyman by root
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: + ??? root:rubyman
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333627 of user rubyman.
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: pam_unix(su:session): session closed for user rubyman
May  5 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333627.
May  5 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session closed for user root
May  5 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user samftp
May  5 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27175]: Connection closed by 139.19.117.131 port 47544 [preauth]
May  5 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: Failed password for root from 223.108.170.210 port 2314 ssh2
May  5 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27247]: Connection closed by 223.108.170.210 port 2314 [preauth]
May  5 11:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27506]: Failed password for root from 223.108.170.210 port 2315 ssh2
May  5 11:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27506]: Connection closed by 223.108.170.210 port 2315 [preauth]
May  5 11:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Failed password for root from 223.108.170.210 port 2316 ssh2
May  5 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Connection closed by 223.108.170.210 port 2316 [preauth]
May  5 11:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26192]: pam_unix(cron:session): session closed for user root
May  5 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Failed password for root from 223.108.170.210 port 2317 ssh2
May  5 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27567]: Connection closed by 223.108.170.210 port 2317 [preauth]
May  5 11:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: Failed password for root from 223.108.170.210 port 2318 ssh2
May  5 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27598]: Connection closed by 223.108.170.210 port 2318 [preauth]
May  5 11:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Invalid user danny from 119.160.193.12
May  5 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: input_userauth_request: invalid user danny [preauth]
May  5 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Failed password for invalid user danny from 119.160.193.12 port 45944 ssh2
May  5 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Received disconnect from 119.160.193.12 port 45944:11: Bye Bye [preauth]
May  5 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Disconnected from 119.160.193.12 port 45944 [preauth]
May  5 11:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Failed password for root from 223.108.170.210 port 2319 ssh2
May  5 11:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Connection closed by 223.108.170.210 port 2319 [preauth]
May  5 11:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27652]: Failed password for root from 223.108.170.210 port 2320 ssh2
May  5 11:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27652]: Connection closed by 223.108.170.210 port 2320 [preauth]
May  5 11:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27668]: pam_unix(cron:session): session closed for user p13x
May  5 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: Successful su for rubyman by root
May  5 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: + ??? root:rubyman
May  5 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333631 of user rubyman.
May  5 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27795]: pam_unix(su:session): session closed for user rubyman
May  5 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333631.
May  5 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session closed for user root
May  5 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24888]: pam_unix(cron:session): session closed for user root
May  5 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27669]: pam_unix(cron:session): session closed for user samftp
May  5 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for root from 223.108.170.210 port 2321 ssh2
May  5 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Connection closed by 223.108.170.210 port 2321 [preauth]
May  5 11:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Failed password for root from 223.108.170.210 port 2322 ssh2
May  5 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28019]: Connection closed by 223.108.170.210 port 2322 [preauth]
May  5 11:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Failed password for root from 223.108.170.210 port 2323 ssh2
May  5 11:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Connection closed by 223.108.170.210 port 2323 [preauth]
May  5 11:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: Invalid user liyanjun from 212.227.232.57
May  5 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: input_userauth_request: invalid user liyanjun [preauth]
May  5 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 11:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: Invalid user readonly from 14.103.228.246
May  5 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: input_userauth_request: invalid user readonly [preauth]
May  5 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: Failed password for invalid user liyanjun from 212.227.232.57 port 55716 ssh2
May  5 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: Received disconnect from 212.227.232.57 port 55716:11: Bye Bye [preauth]
May  5 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28080]: Disconnected from 212.227.232.57 port 55716 [preauth]
May  5 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Failed password for root from 223.108.170.210 port 2324 ssh2
May  5 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26708]: pam_unix(cron:session): session closed for user root
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28077]: Connection closed by 223.108.170.210 port 2324 [preauth]
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: Failed password for invalid user readonly from 14.103.228.246 port 39100 ssh2
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: Received disconnect from 14.103.228.246 port 39100:11: Bye Bye [preauth]
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28091]: Disconnected from 14.103.228.246 port 39100 [preauth]
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Invalid user zxu from 116.193.191.90
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: input_userauth_request: invalid user zxu [preauth]
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Failed password for invalid user zxu from 116.193.191.90 port 47444 ssh2
May  5 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Received disconnect from 116.193.191.90 port 47444:11: Bye Bye [preauth]
May  5 11:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Disconnected from 116.193.191.90 port 47444 [preauth]
May  5 11:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Failed password for root from 223.108.170.210 port 2325 ssh2
May  5 11:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Connection closed by 223.108.170.210 port 2325 [preauth]
May  5 11:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Failed password for root from 223.108.170.210 port 2326 ssh2
May  5 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28133]: Connection closed by 223.108.170.210 port 2326 [preauth]
May  5 11:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Invalid user node from 193.32.162.134
May  5 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: input_userauth_request: invalid user node [preauth]
May  5 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Failed password for invalid user node from 193.32.162.134 port 50342 ssh2
May  5 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Connection closed by 193.32.162.134 port 50342 [preauth]
May  5 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Invalid user djq19 from 46.101.74.125
May  5 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: input_userauth_request: invalid user djq19 [preauth]
May  5 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Failed password for root from 223.108.170.210 port 2327 ssh2
May  5 11:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Failed password for invalid user djq19 from 46.101.74.125 port 55568 ssh2
May  5 11:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Received disconnect from 46.101.74.125 port 55568:11: Bye Bye [preauth]
May  5 11:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28182]: Disconnected from 46.101.74.125 port 55568 [preauth]
May  5 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28169]: Connection closed by 223.108.170.210 port 2327 [preauth]
May  5 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28201]: pam_unix(cron:session): session closed for user root
May  5 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session closed for user p13x
May  5 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28267]: Successful su for rubyman by root
May  5 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28267]: + ??? root:rubyman
May  5 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333640 of user rubyman.
May  5 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28267]: pam_unix(su:session): session closed for user rubyman
May  5 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333640.
May  5 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28198]: pam_unix(cron:session): session closed for user root
May  5 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session closed for user root
May  5 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Failed password for root from 223.108.170.210 port 2328 ssh2
May  5 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session closed for user samftp
May  5 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Connection closed by 223.108.170.210 port 2328 [preauth]
May  5 11:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Failed password for root from 223.108.170.210 port 2329 ssh2
May  5 11:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Connection closed by 223.108.170.210 port 2329 [preauth]
May  5 11:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28508]: Failed password for root from 223.108.170.210 port 2330 ssh2
May  5 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28508]: Connection closed by 223.108.170.210 port 2330 [preauth]
May  5 11:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Failed password for root from 223.108.170.210 port 2331 ssh2
May  5 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session closed for user root
May  5 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: Connection closed by 223.108.170.210 port 2331 [preauth]
May  5 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: Failed password for root from 223.108.170.210 port 2332 ssh2
May  5 11:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28569]: Connection closed by 223.108.170.210 port 2332 [preauth]
May  5 11:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: Invalid user deploy from 117.216.143.31
May  5 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: input_userauth_request: invalid user deploy [preauth]
May  5 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: Failed password for invalid user deploy from 117.216.143.31 port 60946 ssh2
May  5 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: Received disconnect from 117.216.143.31 port 60946:11: Bye Bye [preauth]
May  5 11:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28579]: Disconnected from 117.216.143.31 port 60946 [preauth]
May  5 11:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: Failed password for root from 223.108.170.210 port 2333 ssh2
May  5 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: Connection closed by 223.108.170.210 port 2333 [preauth]
May  5 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  5 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28616]: Failed password for root from 218.92.0.203 port 2530 ssh2
May  5 11:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28616]: Failed password for root from 218.92.0.203 port 2530 ssh2
May  5 11:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28618]: Failed password for root from 223.108.170.210 port 2334 ssh2
May  5 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28618]: Connection closed by 223.108.170.210 port 2334 [preauth]
May  5 11:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28639]: pam_unix(cron:session): session closed for user p13x
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: Successful su for rubyman by root
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: + ??? root:rubyman
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333642 of user rubyman.
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: pam_unix(su:session): session closed for user rubyman
May  5 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333642.
May  5 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25749]: pam_unix(cron:session): session closed for user root
May  5 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28640]: pam_unix(cron:session): session closed for user samftp
May  5 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28637]: Failed password for root from 223.108.170.210 port 2335 ssh2
May  5 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28637]: Connection closed by 223.108.170.210 port 2335 [preauth]
May  5 11:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for root from 223.108.170.210 port 2336 ssh2
May  5 11:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Connection closed by 223.108.170.210 port 2336 [preauth]
May  5 11:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Invalid user ircd from 46.25.236.192
May  5 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: input_userauth_request: invalid user ircd [preauth]
May  5 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  5 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Failed password for invalid user ircd from 46.25.236.192 port 33590 ssh2
May  5 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Received disconnect from 46.25.236.192 port 33590:11: Bye Bye [preauth]
May  5 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28944]: Disconnected from 46.25.236.192 port 33590 [preauth]
May  5 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Failed password for root from 223.108.170.210 port 2337 ssh2
May  5 11:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28933]: Connection closed by 223.108.170.210 port 2337 [preauth]
May  5 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Invalid user gp from 195.211.44.138
May  5 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: input_userauth_request: invalid user gp [preauth]
May  5 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138
May  5 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user gp from 195.211.44.138 port 50790 ssh2
May  5 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Received disconnect from 195.211.44.138 port 50790:11: Bye Bye [preauth]
May  5 11:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Disconnected from 195.211.44.138 port 50790 [preauth]
May  5 11:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28962]: Failed password for root from 223.108.170.210 port 2338 ssh2
May  5 11:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28962]: Connection closed by 223.108.170.210 port 2338 [preauth]
May  5 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27671]: pam_unix(cron:session): session closed for user root
May  5 11:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Failed password for root from 223.108.170.210 port 2339 ssh2
May  5 11:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28993]: Connection closed by 223.108.170.210 port 2339 [preauth]
May  5 11:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Invalid user postgres from 190.60.51.173
May  5 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: input_userauth_request: invalid user postgres [preauth]
May  5 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.60.51.173
May  5 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Failed password for invalid user postgres from 190.60.51.173 port 54268 ssh2
May  5 11:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Received disconnect from 190.60.51.173 port 54268:11: Bye Bye [preauth]
May  5 11:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Disconnected from 190.60.51.173 port 54268 [preauth]
May  5 11:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Failed password for root from 223.108.170.210 port 2340 ssh2
May  5 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Connection closed by 223.108.170.210 port 2340 [preauth]
May  5 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: Failed password for root from 223.108.170.210 port 2341 ssh2
May  5 11:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29139]: Connection closed by 223.108.170.210 port 2341 [preauth]
May  5 11:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session closed for user p13x
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29226]: Successful su for rubyman by root
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29226]: + ??? root:rubyman
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333646 of user rubyman.
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29226]: pam_unix(su:session): session closed for user rubyman
May  5 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333646.
May  5 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26191]: pam_unix(cron:session): session closed for user root
May  5 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session closed for user samftp
May  5 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: Failed password for root from 223.108.170.210 port 2342 ssh2
May  5 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29157]: Connection closed by 223.108.170.210 port 2342 [preauth]
May  5 11:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Failed password for root from 223.108.170.210 port 2343 ssh2
May  5 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29422]: Connection closed by 223.108.170.210 port 2343 [preauth]
May  5 11:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29455]: Failed password for root from 223.108.170.210 port 2344 ssh2
May  5 11:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29455]: Connection closed by 223.108.170.210 port 2344 [preauth]
May  5 11:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Failed password for root from 223.108.170.210 port 2345 ssh2
May  5 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Connection closed by 223.108.170.210 port 2345 [preauth]
May  5 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session closed for user root
May  5 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: Failed password for root from 223.108.170.210 port 2346 ssh2
May  5 11:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29519]: Connection closed by 223.108.170.210 port 2346 [preauth]
May  5 11:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: Invalid user shutdown from 193.70.84.184
May  5 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: input_userauth_request: invalid user shutdown [preauth]
May  5 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: Failed password for invalid user shutdown from 193.70.84.184 port 36094 ssh2
May  5 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29569]: Connection closed by 193.70.84.184 port 36094 [preauth]
May  5 11:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: Failed password for root from 223.108.170.210 port 2347 ssh2
May  5 11:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: Connection closed by 223.108.170.210 port 2347 [preauth]
May  5 11:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: Failed password for root from 223.108.170.210 port 2348 ssh2
May  5 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: Connection closed by 223.108.170.210 port 2348 [preauth]
May  5 11:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session closed for user p13x
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: Successful su for rubyman by root
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: + ??? root:rubyman
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333651 of user rubyman.
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session closed for user rubyman
May  5 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333651.
May  5 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26707]: pam_unix(cron:session): session closed for user root
May  5 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29604]: pam_unix(cron:session): session closed for user samftp
May  5 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: Failed password for root from 223.108.170.210 port 2349 ssh2
May  5 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29592]: Connection closed by 223.108.170.210 port 2349 [preauth]
May  5 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Failed password for root from 223.108.170.210 port 2350 ssh2
May  5 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Connection closed by 223.108.170.210 port 2350 [preauth]
May  5 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Failed password for root from 223.108.170.210 port 2351 ssh2
May  5 11:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Connection closed by 223.108.170.210 port 2351 [preauth]
May  5 11:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Invalid user zhangsan from 196.189.87.177
May  5 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: input_userauth_request: invalid user zhangsan [preauth]
May  5 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Failed password for root from 223.108.170.210 port 2352 ssh2
May  5 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Failed password for invalid user zhangsan from 196.189.87.177 port 13020 ssh2
May  5 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Received disconnect from 196.189.87.177 port 13020:11: Bye Bye [preauth]
May  5 11:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29924]: Disconnected from 196.189.87.177 port 13020 [preauth]
May  5 11:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29899]: Connection closed by 223.108.170.210 port 2352 [preauth]
May  5 11:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28642]: pam_unix(cron:session): session closed for user root
May  5 11:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Failed password for root from 223.108.170.210 port 2353 ssh2
May  5 11:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29926]: Connection closed by 223.108.170.210 port 2353 [preauth]
May  5 11:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Failed password for root from 223.108.170.210 port 2354 ssh2
May  5 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29968]: Connection closed by 223.108.170.210 port 2354 [preauth]
May  5 11:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: Failed password for root from 223.108.170.210 port 2355 ssh2
May  5 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: Connection closed by 223.108.170.210 port 2355 [preauth]
May  5 11:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user p13x
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: Successful su for rubyman by root
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: + ??? root:rubyman
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333656 of user rubyman.
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30089]: pam_unix(su:session): session closed for user rubyman
May  5 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333656.
May  5 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Invalid user ircd from 119.160.193.12
May  5 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: input_userauth_request: invalid user ircd [preauth]
May  5 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.160.193.12
May  5 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user root
May  5 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: Failed password for root from 223.108.170.210 port 2356 ssh2
May  5 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Failed password for invalid user ircd from 119.160.193.12 port 39246 ssh2
May  5 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Received disconnect from 119.160.193.12 port 39246:11: Bye Bye [preauth]
May  5 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Disconnected from 119.160.193.12 port 39246 [preauth]
May  5 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: Connection closed by 223.108.170.210 port 2356 [preauth]
May  5 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session closed for user samftp
May  5 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28  user=root
May  5 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Failed password for root from 103.176.78.28 port 40328 ssh2
May  5 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Received disconnect from 103.176.78.28 port 40328:11: Bye Bye [preauth]
May  5 11:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30260]: Disconnected from 103.176.78.28 port 40328 [preauth]
May  5 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for root from 218.92.0.179 port 25563 ssh2
May  5 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Failed password for root from 223.108.170.210 port 2357 ssh2
May  5 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for root from 218.92.0.179 port 25563 ssh2
May  5 11:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30259]: Connection closed by 223.108.170.210 port 2357 [preauth]
May  5 11:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Invalid user yuxiang from 46.101.74.125
May  5 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: input_userauth_request: invalid user yuxiang [preauth]
May  5 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for root from 218.92.0.179 port 25563 ssh2
May  5 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Received disconnect from 218.92.0.179 port 25563:11:  [preauth]
May  5 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Disconnected from 218.92.0.179 port 25563 [preauth]
May  5 11:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Failed password for invalid user yuxiang from 46.101.74.125 port 32826 ssh2
May  5 11:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Received disconnect from 46.101.74.125 port 32826:11: Bye Bye [preauth]
May  5 11:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Disconnected from 46.101.74.125 port 32826 [preauth]
May  5 11:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Failed password for root from 223.108.170.210 port 2358 ssh2
May  5 11:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30288]: Connection closed by 223.108.170.210 port 2358 [preauth]
May  5 11:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: Failed password for root from 223.108.170.210 port 2359 ssh2
May  5 11:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30323]: Connection closed by 223.108.170.210 port 2359 [preauth]
May  5 11:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29165]: pam_unix(cron:session): session closed for user root
May  5 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Failed password for root from 223.108.170.210 port 2360 ssh2
May  5 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30348]: Connection closed by 223.108.170.210 port 2360 [preauth]
May  5 11:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Failed password for root from 223.108.170.210 port 2361 ssh2
May  5 11:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30389]: Connection closed by 223.108.170.210 port 2361 [preauth]
May  5 11:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: Failed password for root from 223.108.170.210 port 2362 ssh2
May  5 11:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30421]: Connection closed by 223.108.170.210 port 2362 [preauth]
May  5 11:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30450]: pam_unix(cron:session): session closed for user root
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session closed for user p13x
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: Successful su for rubyman by root
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: + ??? root:rubyman
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333662 of user rubyman.
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: pam_unix(su:session): session closed for user rubyman
May  5 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333662.
May  5 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Failed password for root from 223.108.170.210 port 2363 ssh2
May  5 11:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30432]: Connection closed by 223.108.170.210 port 2363 [preauth]
May  5 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30447]: pam_unix(cron:session): session closed for user root
May  5 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session closed for user root
May  5 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30446]: pam_unix(cron:session): session closed for user samftp
May  5 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Failed password for root from 223.108.170.210 port 2364 ssh2
May  5 11:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30667]: Connection closed by 223.108.170.210 port 2364 [preauth]
May  5 11:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Failed password for root from 223.108.170.210 port 2365 ssh2
May  5 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30731]: Connection closed by 223.108.170.210 port 2365 [preauth]
May  5 11:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Failed password for root from 223.108.170.210 port 2366 ssh2
May  5 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: Invalid user freeneo_ktlrs from 196.189.87.177
May  5 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: input_userauth_request: invalid user freeneo_ktlrs [preauth]
May  5 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Connection closed by 223.108.170.210 port 2366 [preauth]
May  5 11:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: Failed password for invalid user freeneo_ktlrs from 196.189.87.177 port 13021 ssh2
May  5 11:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: Received disconnect from 196.189.87.177 port 13021:11: Bye Bye [preauth]
May  5 11:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30786]: Disconnected from 196.189.87.177 port 13021 [preauth]
May  5 11:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29606]: pam_unix(cron:session): session closed for user root
May  5 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Failed password for root from 223.108.170.210 port 2367 ssh2
May  5 11:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30788]: Connection closed by 223.108.170.210 port 2367 [preauth]
May  5 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: Failed password for root from 223.108.170.210 port 2368 ssh2
May  5 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: Connection closed by 223.108.170.210 port 2368 [preauth]
May  5 11:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Failed password for root from 223.108.170.210 port 2369 ssh2
May  5 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Connection closed by 223.108.170.210 port 2369 [preauth]
May  5 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
May  5 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30895]: pam_unix(cron:session): session closed for user p13x
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30962]: Successful su for rubyman by root
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30962]: + ??? root:rubyman
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333665 of user rubyman.
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30962]: pam_unix(su:session): session closed for user rubyman
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333665.
May  5 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Failed password for root from 223.108.170.210 port 2370 ssh2
May  5 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Failed password for root from 116.193.191.90 port 50820 ssh2
May  5 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30877]: Connection closed by 223.108.170.210 port 2370 [preauth]
May  5 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Received disconnect from 116.193.191.90 port 50820:11: Bye Bye [preauth]
May  5 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30884]: Disconnected from 116.193.191.90 port 50820 [preauth]
May  5 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session closed for user root
May  5 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Invalid user jpz from 117.216.143.31
May  5 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: input_userauth_request: invalid user jpz [preauth]
May  5 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30896]: pam_unix(cron:session): session closed for user samftp
May  5 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Failed password for invalid user jpz from 117.216.143.31 port 37196 ssh2
May  5 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Received disconnect from 117.216.143.31 port 37196:11: Bye Bye [preauth]
May  5 11:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31090]: Disconnected from 117.216.143.31 port 37196 [preauth]
May  5 11:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Failed password for root from 223.108.170.210 port 2371 ssh2
May  5 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Invalid user mapr from 193.32.162.134
May  5 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: input_userauth_request: invalid user mapr [preauth]
May  5 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31106]: Connection closed by 223.108.170.210 port 2371 [preauth]
May  5 11:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for invalid user mapr from 193.32.162.134 port 34162 ssh2
May  5 11:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Connection closed by 193.32.162.134 port 34162 [preauth]
May  5 11:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: Failed password for root from 223.108.170.210 port 2372 ssh2
May  5 11:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31167]: Connection closed by 223.108.170.210 port 2372 [preauth]
May  5 11:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 11:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Failed password for root from 195.211.44.138 port 50910 ssh2
May  5 11:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Received disconnect from 195.211.44.138 port 50910:11: Bye Bye [preauth]
May  5 11:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31201]: Disconnected from 195.211.44.138 port 50910 [preauth]
May  5 11:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 223.108.170.210 port 2373 ssh2
May  5 11:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Connection closed by 223.108.170.210 port 2373 [preauth]
May  5 11:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30028]: pam_unix(cron:session): session closed for user root
May  5 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: Failed password for root from 223.108.170.210 port 2374 ssh2
May  5 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: Connection closed by 223.108.170.210 port 2374 [preauth]
May  5 11:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Failed password for root from 223.108.170.210 port 2375 ssh2
May  5 11:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Connection closed by 223.108.170.210 port 2375 [preauth]
May  5 11:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for root from 223.108.170.210 port 2376 ssh2
May  5 11:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Connection closed by 223.108.170.210 port 2376 [preauth]
May  5 11:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31324]: pam_unix(cron:session): session closed for user p13x
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: Successful su for rubyman by root
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: + ??? root:rubyman
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333668 of user rubyman.
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31386]: pam_unix(su:session): session closed for user rubyman
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333668.
May  5 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: Failed password for root from 223.108.170.210 port 2377 ssh2
May  5 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31313]: Connection closed by 223.108.170.210 port 2377 [preauth]
May  5 11:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28641]: pam_unix(cron:session): session closed for user root
May  5 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session closed for user samftp
May  5 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Failed password for root from 223.108.170.210 port 2378 ssh2
May  5 11:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31511]: Connection closed by 223.108.170.210 port 2378 [preauth]
May  5 11:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31580]: Failed password for root from 223.108.170.210 port 2379 ssh2
May  5 11:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31580]: Connection closed by 223.108.170.210 port 2379 [preauth]
May  5 11:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177  user=root
May  5 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Failed password for root from 196.189.87.177 port 13084 ssh2
May  5 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Received disconnect from 196.189.87.177 port 13084:11: Bye Bye [preauth]
May  5 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Disconnected from 196.189.87.177 port 13084 [preauth]
May  5 11:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: Failed password for root from 223.108.170.210 port 2380 ssh2
May  5 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: Connection closed by 223.108.170.210 port 2380 [preauth]
May  5 11:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30449]: pam_unix(cron:session): session closed for user root
May  5 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Failed password for root from 223.108.170.210 port 2381 ssh2
May  5 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Connection closed by 223.108.170.210 port 2381 [preauth]
May  5 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Failed password for root from 223.108.170.210 port 2382 ssh2
May  5 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31697]: Connection closed by 223.108.170.210 port 2382 [preauth]
May  5 11:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Failed password for root from 223.108.170.210 port 2383 ssh2
May  5 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Connection closed by 223.108.170.210 port 2383 [preauth]
May  5 11:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31750]: pam_unix(cron:session): session closed for user p13x
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: Successful su for rubyman by root
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: + ??? root:rubyman
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333672 of user rubyman.
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31810]: pam_unix(su:session): session closed for user rubyman
May  5 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333672.
May  5 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Failed password for root from 223.108.170.210 port 2384 ssh2
May  5 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31739]: Connection closed by 223.108.170.210 port 2384 [preauth]
May  5 11:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session closed for user root
May  5 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session closed for user samftp
May  5 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31952]: Failed password for root from 223.108.170.210 port 2385 ssh2
May  5 11:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31952]: Connection closed by 223.108.170.210 port 2385 [preauth]
May  5 11:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32023]: Failed password for root from 223.108.170.210 port 2386 ssh2
May  5 11:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32023]: Connection closed by 223.108.170.210 port 2386 [preauth]
May  5 11:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: Failed password for root from 223.108.170.210 port 2387 ssh2
May  5 11:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32054]: Connection closed by 223.108.170.210 port 2387 [preauth]
May  5 11:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30898]: pam_unix(cron:session): session closed for user root
May  5 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Failed password for root from 223.108.170.210 port 2388 ssh2
May  5 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32086]: Connection closed by 223.108.170.210 port 2388 [preauth]
May  5 11:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125  user=root
May  5 11:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: Failed password for root from 46.101.74.125 port 33116 ssh2
May  5 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: Received disconnect from 46.101.74.125 port 33116:11: Bye Bye [preauth]
May  5 11:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32126]: Disconnected from 46.101.74.125 port 33116 [preauth]
May  5 11:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Failed password for root from 223.108.170.210 port 2389 ssh2
May  5 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32116]: Connection closed by 223.108.170.210 port 2389 [preauth]
May  5 11:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31  user=root
May  5 11:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: Failed password for root from 117.216.143.31 port 57280 ssh2
May  5 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: Received disconnect from 117.216.143.31 port 57280:11: Bye Bye [preauth]
May  5 11:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32152]: Disconnected from 117.216.143.31 port 57280 [preauth]
May  5 11:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32154]: Failed password for root from 223.108.170.210 port 2390 ssh2
May  5 11:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32154]: Connection closed by 223.108.170.210 port 2390 [preauth]
May  5 11:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: Failed password for root from 223.108.170.210 port 2391 ssh2
May  5 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32185]: pam_unix(cron:session): session closed for user p13x
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: Successful su for rubyman by root
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: + ??? root:rubyman
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333678 of user rubyman.
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32248]: pam_unix(su:session): session closed for user rubyman
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333678.
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32164]: Connection closed by 223.108.170.210 port 2391 [preauth]
May  5 11:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session closed for user root
May  5 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32186]: pam_unix(cron:session): session closed for user samftp
May  5 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Invalid user wangrui from 196.189.87.177
May  5 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: input_userauth_request: invalid user wangrui [preauth]
May  5 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Failed password for invalid user wangrui from 196.189.87.177 port 13085 ssh2
May  5 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Received disconnect from 196.189.87.177 port 13085:11: Bye Bye [preauth]
May  5 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32430]: Disconnected from 196.189.87.177 port 13085 [preauth]
May  5 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: Failed password for root from 223.108.170.210 port 2392 ssh2
May  5 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32299]: Connection closed by 223.108.170.210 port 2392 [preauth]
May  5 11:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: Failed password for root from 223.108.170.210 port 2393 ssh2
May  5 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32440]: Connection closed by 223.108.170.210 port 2393 [preauth]
May  5 11:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for root from 223.108.170.210 port 2394 ssh2
May  5 11:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Connection closed by 223.108.170.210 port 2394 [preauth]
May  5 11:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user root
May  5 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Failed password for root from 223.108.170.210 port 2395 ssh2
May  5 11:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Connection closed by 223.108.170.210 port 2395 [preauth]
May  5 11:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Failed password for root from 223.108.170.210 port 2396 ssh2
May  5 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32538]: Connection closed by 223.108.170.210 port 2396 [preauth]
May  5 11:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Failed password for root from 223.108.170.210 port 2397 ssh2
May  5 11:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32570]: Connection closed by 223.108.170.210 port 2397 [preauth]
May  5 11:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: Failed password for root from 223.108.170.210 port 2398 ssh2
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32626]: pam_unix(cron:session): session closed for user root
May  5 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32620]: pam_unix(cron:session): session closed for user p13x
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: Successful su for rubyman by root
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: + ??? root:rubyman
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333681 of user rubyman.
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[305]: pam_unix(su:session): session closed for user rubyman
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333681.
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32592]: Connection closed by 223.108.170.210 port 2398 [preauth]
May  5 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32622]: pam_unix(cron:session): session closed for user root
May  5 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session closed for user root
May  5 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32621]: pam_unix(cron:session): session closed for user samftp
May  5 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Invalid user huwentao from 212.227.232.57
May  5 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: input_userauth_request: invalid user huwentao [preauth]
May  5 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Failed password for root from 223.108.170.210 port 2399 ssh2
May  5 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Failed password for invalid user huwentao from 212.227.232.57 port 40336 ssh2
May  5 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Received disconnect from 212.227.232.57 port 40336:11: Bye Bye [preauth]
May  5 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Disconnected from 212.227.232.57 port 40336 [preauth]
May  5 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[329]: Connection closed by 223.108.170.210 port 2399 [preauth]
May  5 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[561]: Failed password for root from 223.108.170.210 port 2400 ssh2
May  5 11:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[561]: Connection closed by 223.108.170.210 port 2400 [preauth]
May  5 11:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Invalid user yubx from 14.103.228.246
May  5 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: input_userauth_request: invalid user yubx [preauth]
May  5 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Failed password for invalid user yubx from 14.103.228.246 port 48942 ssh2
May  5 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Received disconnect from 14.103.228.246 port 48942:11: Bye Bye [preauth]
May  5 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[600]: Disconnected from 14.103.228.246 port 48942 [preauth]
May  5 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Failed password for root from 223.108.170.210 port 2401 ssh2
May  5 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Connection closed by 223.108.170.210 port 2401 [preauth]
May  5 11:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user root
May  5 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Failed password for root from 223.108.170.210 port 2402 ssh2
May  5 11:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[623]: Connection closed by 223.108.170.210 port 2402 [preauth]
May  5 11:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Invalid user ap from 103.176.78.28
May  5 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: input_userauth_request: invalid user ap [preauth]
May  5 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Failed password for invalid user ap from 103.176.78.28 port 47834 ssh2
May  5 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Received disconnect from 103.176.78.28 port 47834:11: Bye Bye [preauth]
May  5 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[671]: Disconnected from 103.176.78.28 port 47834 [preauth]
May  5 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Failed password for root from 223.108.170.210 port 2403 ssh2
May  5 11:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[660]: Connection closed by 223.108.170.210 port 2403 [preauth]
May  5 11:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: User mysql from 196.189.87.177 not allowed because not listed in AllowUsers
May  5 11:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: input_userauth_request: invalid user mysql [preauth]
May  5 11:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177  user=mysql
May  5 11:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Failed password for root from 223.108.170.210 port 2404 ssh2
May  5 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[705]: Connection closed by 223.108.170.210 port 2404 [preauth]
May  5 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Failed password for invalid user mysql from 196.189.87.177 port 13086 ssh2
May  5 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Received disconnect from 196.189.87.177 port 13086:11: Bye Bye [preauth]
May  5 11:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Disconnected from 196.189.87.177 port 13086 [preauth]
May  5 11:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Failed password for root from 223.108.170.210 port 2405 ssh2
May  5 11:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Connection closed by 223.108.170.210 port 2405 [preauth]
May  5 11:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session closed for user p13x
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: Successful su for rubyman by root
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: + ??? root:rubyman
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333688 of user rubyman.
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session closed for user rubyman
May  5 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333688.
May  5 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30448]: pam_unix(cron:session): session closed for user root
May  5 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session closed for user samftp
May  5 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Failed password for root from 223.108.170.210 port 2406 ssh2
May  5 11:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Connection closed by 223.108.170.210 port 2406 [preauth]
May  5 11:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: Failed password for root from 223.108.170.210 port 2407 ssh2
May  5 11:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1021]: Connection closed by 223.108.170.210 port 2407 [preauth]
May  5 11:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for root from 223.108.170.210 port 2408 ssh2
May  5 11:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Connection closed by 223.108.170.210 port 2408 [preauth]
May  5 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Invalid user testuser from 117.216.143.31
May  5 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: input_userauth_request: invalid user testuser [preauth]
May  5 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 11:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Failed password for invalid user testuser from 117.216.143.31 port 50210 ssh2
May  5 11:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Received disconnect from 117.216.143.31 port 50210:11: Bye Bye [preauth]
May  5 11:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Disconnected from 117.216.143.31 port 50210 [preauth]
May  5 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32190]: pam_unix(cron:session): session closed for user root
May  5 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: User mysql from 14.103.228.246 not allowed because not listed in AllowUsers
May  5 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: input_userauth_request: invalid user mysql [preauth]
May  5 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246  user=mysql
May  5 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Failed password for root from 223.108.170.210 port 2409 ssh2
May  5 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Failed password for root from 195.211.44.138 port 51038 ssh2
May  5 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Received disconnect from 195.211.44.138 port 51038:11: Bye Bye [preauth]
May  5 11:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1092]: Disconnected from 195.211.44.138 port 51038 [preauth]
May  5 11:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Connection closed by 223.108.170.210 port 2409 [preauth]
May  5 11:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Failed password for invalid user mysql from 14.103.228.246 port 34066 ssh2
May  5 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Received disconnect from 14.103.228.246 port 34066:11: Bye Bye [preauth]
May  5 11:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Disconnected from 14.103.228.246 port 34066 [preauth]
May  5 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Failed password for root from 223.108.170.210 port 2410 ssh2
May  5 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Connection closed by 223.108.170.210 port 2410 [preauth]
May  5 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: Failed password for root from 223.108.170.210 port 2411 ssh2
May  5 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1161]: Connection closed by 223.108.170.210 port 2411 [preauth]
May  5 11:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Failed password for root from 223.108.170.210 port 2412 ssh2
May  5 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user p13x
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1282]: Successful su for rubyman by root
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1282]: + ??? root:rubyman
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333693 of user rubyman.
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1282]: pam_unix(su:session): session closed for user rubyman
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333693.
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1174]: Connection closed by 223.108.170.210 port 2412 [preauth]
May  5 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30897]: pam_unix(cron:session): session closed for user root
May  5 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user samftp
May  5 11:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: Failed password for root from 223.108.170.210 port 2413 ssh2
May  5 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: Connection closed by 223.108.170.210 port 2413 [preauth]
May  5 11:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Failed password for root from 223.108.170.210 port 2414 ssh2
May  5 11:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Connection closed by 223.108.170.210 port 2414 [preauth]
May  5 11:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: Failed password for root from 223.108.170.210 port 2415 ssh2
May  5 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: Connection closed by 223.108.170.210 port 2415 [preauth]
May  5 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Invalid user oneadmin from 193.32.162.134
May  5 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: input_userauth_request: invalid user oneadmin [preauth]
May  5 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Failed password for invalid user oneadmin from 193.32.162.134 port 46214 ssh2
May  5 11:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1577]: Connection closed by 193.32.162.134 port 46214 [preauth]
May  5 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Invalid user airchem from 116.193.191.90
May  5 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: input_userauth_request: invalid user airchem [preauth]
May  5 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32624]: pam_unix(cron:session): session closed for user root
May  5 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Invalid user teste from 196.189.87.177
May  5 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: input_userauth_request: invalid user teste [preauth]
May  5 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user airchem from 116.193.191.90 port 45248 ssh2
May  5 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Received disconnect from 116.193.191.90 port 45248:11: Bye Bye [preauth]
May  5 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Disconnected from 116.193.191.90 port 45248 [preauth]
May  5 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Failed password for invalid user teste from 196.189.87.177 port 13087 ssh2
May  5 11:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Failed password for root from 223.108.170.210 port 2416 ssh2
May  5 11:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Received disconnect from 196.189.87.177 port 13087:11: Bye Bye [preauth]
May  5 11:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1592]: Disconnected from 196.189.87.177 port 13087 [preauth]
May  5 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Connection closed by 223.108.170.210 port 2416 [preauth]
May  5 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for root from 223.108.170.210 port 2417 ssh2
May  5 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Connection closed by 223.108.170.210 port 2417 [preauth]
May  5 11:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: Invalid user gzc from 14.103.228.246
May  5 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: input_userauth_request: invalid user gzc [preauth]
May  5 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: Failed password for invalid user gzc from 14.103.228.246 port 56028 ssh2
May  5 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: Received disconnect from 14.103.228.246 port 56028:11: Bye Bye [preauth]
May  5 11:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1653]: Disconnected from 14.103.228.246 port 56028 [preauth]
May  5 11:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Failed password for root from 223.108.170.210 port 2418 ssh2
May  5 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Invalid user devops from 46.101.74.125
May  5 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: input_userauth_request: invalid user devops [preauth]
May  5 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.74.125
May  5 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Connection closed by 223.108.170.210 port 2418 [preauth]
May  5 11:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Failed password for invalid user devops from 46.101.74.125 port 44418 ssh2
May  5 11:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Received disconnect from 46.101.74.125 port 44418:11: Bye Bye [preauth]
May  5 11:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Disconnected from 46.101.74.125 port 44418 [preauth]
May  5 11:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1696]: pam_unix(cron:session): session closed for user p13x
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1763]: Successful su for rubyman by root
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1763]: + ??? root:rubyman
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333695 of user rubyman.
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1763]: pam_unix(su:session): session closed for user rubyman
May  5 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333695.
May  5 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Failed password for root from 223.108.170.210 port 2419 ssh2
May  5 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1678]: Connection closed by 223.108.170.210 port 2419 [preauth]
May  5 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session closed for user root
May  5 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1698]: pam_unix(cron:session): session closed for user samftp
May  5 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Invalid user liyong from 46.244.96.25
May  5 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: input_userauth_request: invalid user liyong [preauth]
May  5 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 11:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Failed password for invalid user liyong from 46.244.96.25 port 38702 ssh2
May  5 11:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2034]: Connection closed by 46.244.96.25 port 38702 [preauth]
May  5 11:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Failed password for root from 223.108.170.210 port 2420 ssh2
May  5 11:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1955]: Connection closed by 223.108.170.210 port 2420 [preauth]
May  5 11:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Failed password for root from 223.108.170.210 port 2421 ssh2
May  5 11:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2053]: Connection closed by 223.108.170.210 port 2421 [preauth]
May  5 11:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Failed password for root from 223.108.170.210 port 2422 ssh2
May  5 11:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Connection closed by 223.108.170.210 port 2422 [preauth]
May  5 11:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[747]: pam_unix(cron:session): session closed for user root
May  5 11:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: Failed password for root from 223.108.170.210 port 2423 ssh2
May  5 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2111]: Connection closed by 223.108.170.210 port 2423 [preauth]
May  5 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Failed password for root from 223.108.170.210 port 2424 ssh2
May  5 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Connection closed by 223.108.170.210 port 2424 [preauth]
May  5 11:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Failed password for root from 223.108.170.210 port 2425 ssh2
May  5 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Connection closed by 223.108.170.210 port 2425 [preauth]
May  5 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Invalid user freeneo_ktlrs from 14.103.228.246
May  5 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: input_userauth_request: invalid user freeneo_ktlrs [preauth]
May  5 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2211]: pam_unix(cron:session): session closed for user p13x
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: Successful su for rubyman by root
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: + ??? root:rubyman
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333699 of user rubyman.
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: pam_unix(su:session): session closed for user rubyman
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333699.
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Failed password for invalid user freeneo_ktlrs from 14.103.228.246 port 57590 ssh2
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Received disconnect from 14.103.228.246 port 57590:11: Bye Bye [preauth]
May  5 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Disconnected from 14.103.228.246 port 57590 [preauth]
May  5 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: Failed password for root from 223.108.170.210 port 2426 ssh2
May  5 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session closed for user root
May  5 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: Connection closed by 223.108.170.210 port 2426 [preauth]
May  5 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session closed for user samftp
May  5 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Failed password for root from 223.108.170.210 port 2427 ssh2
May  5 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Connection closed by 223.108.170.210 port 2427 [preauth]
May  5 11:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: Invalid user others from 196.189.87.177
May  5 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: input_userauth_request: invalid user others [preauth]
May  5 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 11:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Failed password for root from 223.108.170.210 port 2428 ssh2
May  5 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2489]: Connection closed by 223.108.170.210 port 2428 [preauth]
May  5 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: Failed password for invalid user others from 196.189.87.177 port 13088 ssh2
May  5 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: Received disconnect from 196.189.87.177 port 13088:11: Bye Bye [preauth]
May  5 11:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: Disconnected from 196.189.87.177 port 13088 [preauth]
May  5 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Failed password for root from 223.108.170.210 port 2429 ssh2
May  5 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Connection closed by 223.108.170.210 port 2429 [preauth]
May  5 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session closed for user root
May  5 11:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Failed password for root from 223.108.170.210 port 2430 ssh2
May  5 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Connection closed by 223.108.170.210 port 2430 [preauth]
May  5 11:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Failed password for root from 223.108.170.210 port 2431 ssh2
May  5 11:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2606]: Connection closed by 223.108.170.210 port 2431 [preauth]
May  5 11:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Failed password for root from 223.108.170.210 port 2432 ssh2
May  5 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2630]: Connection closed by 223.108.170.210 port 2432 [preauth]
May  5 11:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session closed for user root
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session closed for user p13x
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2747]: Successful su for rubyman by root
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2747]: + ??? root:rubyman
May  5 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333703 of user rubyman.
May  5 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2747]: pam_unix(su:session): session closed for user rubyman
May  5 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333703.
May  5 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Failed password for root from 223.108.170.210 port 2433 ssh2
May  5 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session closed for user root
May  5 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32189]: pam_unix(cron:session): session closed for user root
May  5 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Invalid user ttx from 212.227.232.57
May  5 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: input_userauth_request: invalid user ttx [preauth]
May  5 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2649]: Connection closed by 223.108.170.210 port 2433 [preauth]
May  5 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Failed password for invalid user ttx from 212.227.232.57 port 47024 ssh2
May  5 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Received disconnect from 212.227.232.57 port 47024:11: Bye Bye [preauth]
May  5 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Disconnected from 212.227.232.57 port 47024 [preauth]
May  5 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session closed for user samftp
May  5 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: Invalid user zhangsan from 14.103.228.246
May  5 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: input_userauth_request: invalid user zhangsan [preauth]
May  5 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: Failed password for invalid user zhangsan from 14.103.228.246 port 50500 ssh2
May  5 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: Received disconnect from 14.103.228.246 port 50500:11: Bye Bye [preauth]
May  5 11:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2974]: Disconnected from 14.103.228.246 port 50500 [preauth]
May  5 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Failed password for root from 223.108.170.210 port 2434 ssh2
May  5 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Connection closed by 223.108.170.210 port 2434 [preauth]
May  5 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Failed password for root from 223.108.170.210 port 2435 ssh2
May  5 11:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2996]: Connection closed by 223.108.170.210 port 2435 [preauth]
May  5 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Failed password for root from 223.108.170.210 port 2436 ssh2
May  5 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3014]: Connection closed by 223.108.170.210 port 2436 [preauth]
May  5 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1700]: pam_unix(cron:session): session closed for user root
May  5 11:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Failed password for root from 223.108.170.210 port 2437 ssh2
May  5 11:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3040]: Connection closed by 223.108.170.210 port 2437 [preauth]
May  5 11:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Failed password for root from 223.108.170.210 port 2438 ssh2
May  5 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Connection closed by 223.108.170.210 port 2438 [preauth]
May  5 11:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: Failed password for root from 223.108.170.210 port 2439 ssh2
May  5 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: Connection closed by 223.108.170.210 port 2439 [preauth]
May  5 11:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session closed for user p13x
May  5 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: Successful su for rubyman by root
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: + ??? root:rubyman
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333708 of user rubyman.
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3212]: pam_unix(su:session): session closed for user rubyman
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333708.
May  5 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: Failed password for root from 223.108.170.210 port 2440 ssh2
May  5 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Invalid user jino from 196.189.87.177
May  5 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: input_userauth_request: invalid user jino [preauth]
May  5 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3124]: Connection closed by 223.108.170.210 port 2440 [preauth]
May  5 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for invalid user jino from 196.189.87.177 port 13089 ssh2
May  5 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32623]: pam_unix(cron:session): session closed for user root
May  5 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Received disconnect from 196.189.87.177 port 13089:11: Bye Bye [preauth]
May  5 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Disconnected from 196.189.87.177 port 13089 [preauth]
May  5 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session closed for user samftp
May  5 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Failed password for root from 223.108.170.210 port 2441 ssh2
May  5 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3337]: Connection closed by 223.108.170.210 port 2441 [preauth]
May  5 11:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Failed password for root from 185.93.89.118 port 49586 ssh2
May  5 11:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Connection closed by 185.93.89.118 port 49586 [preauth]
May  5 11:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Invalid user install from 14.103.228.246
May  5 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: input_userauth_request: invalid user install [preauth]
May  5 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Failed password for root from 223.108.170.210 port 2442 ssh2
May  5 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Connection closed by 223.108.170.210 port 2442 [preauth]
May  5 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Failed password for invalid user install from 14.103.228.246 port 58712 ssh2
May  5 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Received disconnect from 14.103.228.246 port 58712:11: Bye Bye [preauth]
May  5 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3455]: Disconnected from 14.103.228.246 port 58712 [preauth]
May  5 11:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Failed password for root from 223.108.170.210 port 2443 ssh2
May  5 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3468]: Connection closed by 223.108.170.210 port 2443 [preauth]
May  5 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Failed password for root from 185.93.89.118 port 12308 ssh2
May  5 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Connection closed by 185.93.89.118 port 12308 [preauth]
May  5 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user root
May  5 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Failed password for root from 223.108.170.210 port 2444 ssh2
May  5 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Connection closed by 223.108.170.210 port 2444 [preauth]
May  5 11:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Failed password for root from 218.92.0.179 port 42829 ssh2
May  5 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Failed password for root from 195.211.44.138 port 51166 ssh2
May  5 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Received disconnect from 195.211.44.138 port 51166:11: Bye Bye [preauth]
May  5 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Disconnected from 195.211.44.138 port 51166 [preauth]
May  5 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Failed password for root from 218.92.0.179 port 42829 ssh2
May  5 11:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Failed password for root from 218.92.0.179 port 42829 ssh2
May  5 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Received disconnect from 218.92.0.179 port 42829:11:  [preauth]
May  5 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Disconnected from 218.92.0.179 port 42829 [preauth]
May  5 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 11:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Failed password for root from 223.108.170.210 port 2445 ssh2
May  5 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3537]: Connection closed by 223.108.170.210 port 2445 [preauth]
May  5 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Failed password for root from 185.93.89.118 port 13550 ssh2
May  5 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Connection closed by 185.93.89.118 port 13550 [preauth]
May  5 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31  user=root
May  5 11:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: Failed password for root from 117.216.143.31 port 45848 ssh2
May  5 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Failed password for root from 223.108.170.210 port 2446 ssh2
May  5 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: Received disconnect from 117.216.143.31 port 45848:11: Bye Bye [preauth]
May  5 11:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3607]: Disconnected from 117.216.143.31 port 45848 [preauth]
May  5 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3604]: Connection closed by 223.108.170.210 port 2446 [preauth]
May  5 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Invalid user cyrus from 103.176.78.28
May  5 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: input_userauth_request: invalid user cyrus [preauth]
May  5 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3634]: pam_unix(cron:session): session closed for user p13x
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Failed password for invalid user cyrus from 103.176.78.28 port 42290 ssh2
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Received disconnect from 103.176.78.28 port 42290:11: Bye Bye [preauth]
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3629]: Disconnected from 103.176.78.28 port 42290 [preauth]
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: Successful su for rubyman by root
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: + ??? root:rubyman
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333713 of user rubyman.
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3693]: pam_unix(su:session): session closed for user rubyman
May  5 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333713.
May  5 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Failed password for root from 223.108.170.210 port 2447 ssh2
May  5 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3619]: Connection closed by 223.108.170.210 port 2447 [preauth]
May  5 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user root
May  5 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for root from 185.93.89.118 port 4722 ssh2
May  5 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3635]: pam_unix(cron:session): session closed for user samftp
May  5 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Connection closed by 185.93.89.118 port 4722 [preauth]
May  5 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Failed password for root from 223.108.170.210 port 2448 ssh2
May  5 11:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Connection closed by 223.108.170.210 port 2448 [preauth]
May  5 11:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Failed password for root from 223.108.170.210 port 2449 ssh2
May  5 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Connection closed by 223.108.170.210 port 2449 [preauth]
May  5 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118  user=root
May  5 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Failed password for root from 185.93.89.118 port 11006 ssh2
May  5 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3887]: Connection closed by 185.93.89.118 port 11006 [preauth]
May  5 11:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Failed password for root from 223.108.170.210 port 2450 ssh2
May  5 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Invalid user www from 14.103.228.246
May  5 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: input_userauth_request: invalid user www [preauth]
May  5 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3925]: Connection closed by 223.108.170.210 port 2450 [preauth]
May  5 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Failed password for invalid user www from 14.103.228.246 port 35786 ssh2
May  5 11:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Received disconnect from 14.103.228.246 port 35786:11: Bye Bye [preauth]
May  5 11:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3955]: Disconnected from 14.103.228.246 port 35786 [preauth]
May  5 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session closed for user root
May  5 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: Failed password for root from 223.108.170.210 port 2451 ssh2
May  5 11:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: Connection closed by 223.108.170.210 port 2451 [preauth]
May  5 11:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Failed password for root from 223.108.170.210 port 2452 ssh2
May  5 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Connection closed by 223.108.170.210 port 2452 [preauth]
May  5 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177  user=root
May  5 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Failed password for root from 223.108.170.210 port 2453 ssh2
May  5 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Failed password for root from 196.189.87.177 port 13090 ssh2
May  5 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Received disconnect from 196.189.87.177 port 13090:11: Bye Bye [preauth]
May  5 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4068]: Disconnected from 196.189.87.177 port 13090 [preauth]
May  5 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Connection closed by 223.108.170.210 port 2453 [preauth]
May  5 11:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session closed for user p13x
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: Successful su for rubyman by root
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: + ??? root:rubyman
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333718 of user rubyman.
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: pam_unix(su:session): session closed for user rubyman
May  5 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333718.
May  5 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for root from 223.108.170.210 port 2454 ssh2
May  5 11:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Connection closed by 223.108.170.210 port 2454 [preauth]
May  5 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user root
May  5 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session closed for user samftp
May  5 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Invalid user 5 from 195.178.110.50
May  5 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: input_userauth_request: invalid user 5 [preauth]
May  5 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Failed password for invalid user 5 from 195.178.110.50 port 1554 ssh2
May  5 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: Connection closed by 195.178.110.50 port 1554 [preauth]
May  5 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Failed password for root from 223.108.170.210 port 2455 ssh2
May  5 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4448]: Connection closed by 223.108.170.210 port 2455 [preauth]
May  5 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Failed password for root from 223.108.170.210 port 2456 ssh2
May  5 11:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Connection closed by 223.108.170.210 port 2456 [preauth]
May  5 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Invalid user t from 195.178.110.50
May  5 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: input_userauth_request: invalid user t [preauth]
May  5 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for invalid user t from 195.178.110.50 port 19072 ssh2
May  5 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Failed password for root from 223.108.170.210 port 2457 ssh2
May  5 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 195.178.110.50 port 19072 [preauth]
May  5 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Connection closed by 223.108.170.210 port 2457 [preauth]
May  5 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user root
May  5 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: Failed password for root from 223.108.170.210 port 2458 ssh2
May  5 11:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4573]: Connection closed by 223.108.170.210 port 2458 [preauth]
May  5 11:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246  user=root
May  5 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Invalid user U from 195.178.110.50
May  5 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: input_userauth_request: invalid user U [preauth]
May  5 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Failed password for root from 14.103.228.246 port 52306 ssh2
May  5 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Received disconnect from 14.103.228.246 port 52306:11: Bye Bye [preauth]
May  5 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4619]: Disconnected from 14.103.228.246 port 52306 [preauth]
May  5 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for invalid user U from 195.178.110.50 port 2646 ssh2
May  5 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 195.178.110.50 port 2646 [preauth]
May  5 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for root from 223.108.170.210 port 2459 ssh2
May  5 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 223.108.170.210 port 2459 [preauth]
May  5 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Invalid user vyos from 193.32.162.134
May  5 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: input_userauth_request: invalid user vyos [preauth]
May  5 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Failed password for invalid user vyos from 193.32.162.134 port 58266 ssh2
May  5 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Connection closed by 193.32.162.134 port 58266 [preauth]
May  5 11:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Failed password for root from 223.108.170.210 port 2460 ssh2
May  5 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Connection closed by 223.108.170.210 port 2460 [preauth]
May  5 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Invalid user 6 from 195.178.110.50
May  5 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: input_userauth_request: invalid user 6 [preauth]
May  5 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for invalid user 6 from 195.178.110.50 port 14006 ssh2
May  5 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session closed for user p13x
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: Successful su for rubyman by root
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: + ??? root:rubyman
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333721 of user rubyman.
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4741]: pam_unix(su:session): session closed for user rubyman
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333721.
May  5 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for root from 223.108.170.210 port 2461 ssh2
May  5 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 195.178.110.50 port 14006 [preauth]
May  5 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1699]: pam_unix(cron:session): session closed for user root
May  5 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Connection closed by 223.108.170.210 port 2461 [preauth]
May  5 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user samftp
May  5 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Failed password for root from 223.108.170.210 port 2462 ssh2
May  5 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Invalid user hduser from 116.193.191.90
May  5 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: input_userauth_request: invalid user hduser [preauth]
May  5 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Connection closed by 223.108.170.210 port 2462 [preauth]
May  5 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Failed password for invalid user hduser from 116.193.191.90 port 38412 ssh2
May  5 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Received disconnect from 116.193.191.90 port 38412:11: Bye Bye [preauth]
May  5 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: Disconnected from 116.193.191.90 port 38412 [preauth]
May  5 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Invalid user u from 195.178.110.50
May  5 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: input_userauth_request: invalid user u [preauth]
May  5 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Failed password for invalid user u from 195.178.110.50 port 5484 ssh2
May  5 11:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Failed password for root from 223.108.170.210 port 2463 ssh2
May  5 11:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4890]: Connection closed by 195.178.110.50 port 5484 [preauth]
May  5 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Connection closed by 223.108.170.210 port 2463 [preauth]
May  5 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Failed password for root from 223.108.170.210 port 2464 ssh2
May  5 11:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5004]: Connection closed by 223.108.170.210 port 2464 [preauth]
May  5 11:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session closed for user root
May  5 11:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Failed password for root from 223.108.170.210 port 2465 ssh2
May  5 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Connection closed by 223.108.170.210 port 2465 [preauth]
May  5 11:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177  user=root
May  5 11:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Failed password for root from 196.189.87.177 port 13091 ssh2
May  5 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: Failed password for root from 223.108.170.210 port 2466 ssh2
May  5 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Received disconnect from 196.189.87.177 port 13091:11: Bye Bye [preauth]
May  5 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5276]: Disconnected from 196.189.87.177 port 13091 [preauth]
May  5 11:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5249]: Connection closed by 223.108.170.210 port 2466 [preauth]
May  5 11:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Failed password for root from 223.108.170.210 port 2467 ssh2
May  5 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Connection closed by 223.108.170.210 port 2467 [preauth]
May  5 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 11:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: Invalid user wangrui from 14.103.228.246
May  5 11:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: input_userauth_request: invalid user wangrui [preauth]
May  5 11:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: pam_unix(sshd:auth): check pass; user unknown
May  5 11:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5317]: pam_unix(cron:session): session closed for user root
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5313]: pam_unix(cron:session): session closed for user root
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5311]: pam_unix(cron:session): session closed for user p13x
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: Failed password for invalid user wangrui from 14.103.228.246 port 60966 ssh2
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: Received disconnect from 14.103.228.246 port 60966:11: Bye Bye [preauth]
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5308]: Disconnected from 14.103.228.246 port 60966 [preauth]
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: Successful su for rubyman by root
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: + ??? root:rubyman
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333727 of user rubyman.
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5409]: pam_unix(su:session): session closed for user rubyman
May  5 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333727.
May  5 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Failed password for root from 223.108.170.210 port 2468 ssh2
May  5 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5314]: pam_unix(cron:session): session closed for user root
May  5 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5305]: Connection closed by 223.108.170.210 port 2468 [preauth]
May  5 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session closed for user root
May  5 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57  user=root
May  5 12:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5312]: pam_unix(cron:session): session closed for user samftp
May  5 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for root from 212.227.232.57 port 50714 ssh2
May  5 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Received disconnect from 212.227.232.57 port 50714:11: Bye Bye [preauth]
May  5 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Disconnected from 212.227.232.57 port 50714 [preauth]
May  5 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Invalid user emo1 from 164.68.105.9
May  5 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: input_userauth_request: invalid user emo1 [preauth]
May  5 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 223.108.170.210 port 2469 ssh2
May  5 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Failed password for invalid user emo1 from 164.68.105.9 port 41486 ssh2
May  5 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5705]: Connection closed by 164.68.105.9 port 41486 [preauth]
May  5 12:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Connection closed by 223.108.170.210 port 2469 [preauth]
May  5 12:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Failed password for root from 223.108.170.210 port 2470 ssh2
May  5 12:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5712]: Connection closed by 223.108.170.210 port 2470 [preauth]
May  5 12:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5740]: Failed password for root from 223.108.170.210 port 2471 ssh2
May  5 12:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5740]: Connection closed by 223.108.170.210 port 2471 [preauth]
May  5 12:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session closed for user root
May  5 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Failed password for root from 223.108.170.210 port 2472 ssh2
May  5 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Connection closed by 223.108.170.210 port 2472 [preauth]
May  5 12:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Failed password for root from 223.108.170.210 port 2473 ssh2
May  5 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Connection closed by 223.108.170.210 port 2473 [preauth]
May  5 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Failed password for root from 223.108.170.210 port 2474 ssh2
May  5 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Connection closed by 223.108.170.210 port 2474 [preauth]
May  5 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user p13x
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6067]: Successful su for rubyman by root
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6067]: + ??? root:rubyman
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333731 of user rubyman.
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6067]: pam_unix(su:session): session closed for user rubyman
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333731.
May  5 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Failed password for root from 223.108.170.210 port 2475 ssh2
May  5 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session closed for user root
May  5 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: Connection closed by 223.108.170.210 port 2475 [preauth]
May  5 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user samftp
May  5 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Failed password for root from 223.108.170.210 port 2476 ssh2
May  5 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6245]: Connection closed by 223.108.170.210 port 2476 [preauth]
May  5 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Invalid user mariadb from 14.103.228.246
May  5 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: input_userauth_request: invalid user mariadb [preauth]
May  5 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Failed password for invalid user mariadb from 14.103.228.246 port 50054 ssh2
May  5 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Received disconnect from 14.103.228.246 port 50054:11: Bye Bye [preauth]
May  5 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Disconnected from 14.103.228.246 port 50054 [preauth]
May  5 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Failed password for root from 223.108.170.210 port 2477 ssh2
May  5 12:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection closed by 223.108.170.210 port 2477 [preauth]
May  5 12:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Failed password for root from 223.108.170.210 port 2478 ssh2
May  5 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6311]: Connection closed by 223.108.170.210 port 2478 [preauth]
May  5 12:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session closed for user root
May  5 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Invalid user yubx from 196.189.87.177
May  5 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: input_userauth_request: invalid user yubx [preauth]
May  5 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for invalid user yubx from 196.189.87.177 port 13092 ssh2
May  5 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Received disconnect from 196.189.87.177 port 13092:11: Bye Bye [preauth]
May  5 12:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Disconnected from 196.189.87.177 port 13092 [preauth]
May  5 12:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Failed password for root from 223.108.170.210 port 2479 ssh2
May  5 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Connection closed by 223.108.170.210 port 2479 [preauth]
May  5 12:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Failed password for root from 223.108.170.210 port 2480 ssh2
May  5 12:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Connection closed by 223.108.170.210 port 2480 [preauth]
May  5 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Failed password for root from 195.211.44.138 port 51296 ssh2
May  5 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Received disconnect from 195.211.44.138 port 51296:11: Bye Bye [preauth]
May  5 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6412]: Disconnected from 195.211.44.138 port 51296 [preauth]
May  5 12:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Failed password for root from 223.108.170.210 port 2481 ssh2
May  5 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6409]: Connection closed by 223.108.170.210 port 2481 [preauth]
May  5 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session closed for user p13x
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: Successful su for rubyman by root
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: + ??? root:rubyman
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333735 of user rubyman.
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6498]: pam_unix(su:session): session closed for user rubyman
May  5 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333735.
May  5 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: Failed password for root from 223.108.170.210 port 2482 ssh2
May  5 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session closed for user root
May  5 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: Connection closed by 223.108.170.210 port 2482 [preauth]
May  5 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session closed for user samftp
May  5 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: Failed password for root from 223.108.170.210 port 2483 ssh2
May  5 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6679]: Connection closed by 223.108.170.210 port 2483 [preauth]
May  5 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Invalid user chenly from 117.216.143.31
May  5 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: input_userauth_request: invalid user chenly [preauth]
May  5 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Failed password for invalid user chenly from 117.216.143.31 port 52476 ssh2
May  5 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Received disconnect from 117.216.143.31 port 52476:11: Bye Bye [preauth]
May  5 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Disconnected from 117.216.143.31 port 52476 [preauth]
May  5 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Failed password for root from 223.108.170.210 port 2484 ssh2
May  5 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6713]: Connection closed by 223.108.170.210 port 2484 [preauth]
May  5 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Invalid user teste from 14.103.228.246
May  5 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: input_userauth_request: invalid user teste [preauth]
May  5 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Failed password for root from 223.108.170.210 port 2485 ssh2
May  5 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6735]: Connection closed by 223.108.170.210 port 2485 [preauth]
May  5 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Failed password for invalid user teste from 14.103.228.246 port 33668 ssh2
May  5 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Received disconnect from 14.103.228.246 port 33668:11: Bye Bye [preauth]
May  5 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Disconnected from 14.103.228.246 port 33668 [preauth]
May  5 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5316]: pam_unix(cron:session): session closed for user root
May  5 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Failed password for root from 223.108.170.210 port 2486 ssh2
May  5 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6772]: Connection closed by 223.108.170.210 port 2486 [preauth]
May  5 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Failed password for root from 223.108.170.210 port 2487 ssh2
May  5 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6803]: Connection closed by 223.108.170.210 port 2487 [preauth]
May  5 12:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: Failed password for root from 223.108.170.210 port 2488 ssh2
May  5 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6835]: Connection closed by 223.108.170.210 port 2488 [preauth]
May  5 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user p13x
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7010]: Successful su for rubyman by root
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7010]: + ??? root:rubyman
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333740 of user rubyman.
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7010]: pam_unix(su:session): session closed for user rubyman
May  5 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333740.
May  5 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user root
May  5 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for root from 223.108.170.210 port 2489 ssh2
May  5 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Connection closed by 223.108.170.210 port 2489 [preauth]
May  5 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user samftp
May  5 12:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Failed password for root from 223.108.170.210 port 2490 ssh2
May  5 12:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Connection closed by 223.108.170.210 port 2490 [preauth]
May  5 12:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177  user=root
May  5 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Failed password for root from 223.108.170.210 port 2491 ssh2
May  5 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Connection closed by 223.108.170.210 port 2491 [preauth]
May  5 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7263]: Failed password for root from 196.189.87.177 port 13093 ssh2
May  5 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7263]: Received disconnect from 196.189.87.177 port 13093:11: Bye Bye [preauth]
May  5 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7263]: Disconnected from 196.189.87.177 port 13093 [preauth]
May  5 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Invalid user yuanjiale from 103.176.78.28
May  5 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: input_userauth_request: invalid user yuanjiale [preauth]
May  5 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.176.78.28
May  5 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Failed password for invalid user yuanjiale from 103.176.78.28 port 60972 ssh2
May  5 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Received disconnect from 103.176.78.28 port 60972:11: Bye Bye [preauth]
May  5 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7266]: Disconnected from 103.176.78.28 port 60972 [preauth]
May  5 12:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for root from 223.108.170.210 port 2492 ssh2
May  5 12:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Connection closed by 223.108.170.210 port 2492 [preauth]
May  5 12:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user root
May  5 12:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for root from 223.108.170.210 port 2493 ssh2
May  5 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Connection closed by 223.108.170.210 port 2493 [preauth]
May  5 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Invalid user admin from 14.103.228.246
May  5 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: input_userauth_request: invalid user admin [preauth]
May  5 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Failed password for invalid user admin from 14.103.228.246 port 43256 ssh2
May  5 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Received disconnect from 14.103.228.246 port 43256:11: Bye Bye [preauth]
May  5 12:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7337]: Disconnected from 14.103.228.246 port 43256 [preauth]
May  5 12:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Failed password for root from 223.108.170.210 port 2494 ssh2
May  5 12:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7335]: Connection closed by 223.108.170.210 port 2494 [preauth]
May  5 12:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: Failed password for root from 223.108.170.210 port 2495 ssh2
May  5 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7360]: Connection closed by 223.108.170.210 port 2495 [preauth]
May  5 12:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session closed for user p13x
May  5 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: Successful su for rubyman by root
May  5 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: + ??? root:rubyman
May  5 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333743 of user rubyman.
May  5 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7451]: pam_unix(su:session): session closed for user rubyman
May  5 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333743.
May  5 12:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Failed password for root from 223.108.170.210 port 2496 ssh2
May  5 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session closed for user root
May  5 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Connection closed by 223.108.170.210 port 2496 [preauth]
May  5 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session closed for user samftp
May  5 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7729]: Failed password for root from 223.108.170.210 port 2497 ssh2
May  5 12:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7729]: Connection closed by 223.108.170.210 port 2497 [preauth]
May  5 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: Failed password for root from 223.108.170.210 port 2498 ssh2
May  5 12:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7769]: Connection closed by 223.108.170.210 port 2498 [preauth]
May  5 12:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Failed password for root from 223.108.170.210 port 2499 ssh2
May  5 12:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7793]: Connection closed by 223.108.170.210 port 2499 [preauth]
May  5 12:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session closed for user root
May  5 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Failed password for root from 223.108.170.210 port 2500 ssh2
May  5 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Connection closed by 223.108.170.210 port 2500 [preauth]
May  5 12:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: Failed password for root from 223.108.170.210 port 2501 ssh2
May  5 12:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7867]: Connection closed by 223.108.170.210 port 2501 [preauth]
May  5 12:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Failed password for root from 223.108.170.210 port 2502 ssh2
May  5 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Connection closed by 223.108.170.210 port 2502 [preauth]
May  5 12:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Invalid user others from 14.103.228.246
May  5 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: input_userauth_request: invalid user others [preauth]
May  5 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Failed password for invalid user others from 14.103.228.246 port 38082 ssh2
May  5 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Received disconnect from 14.103.228.246 port 38082:11: Bye Bye [preauth]
May  5 12:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Disconnected from 14.103.228.246 port 38082 [preauth]
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7930]: pam_unix(cron:session): session closed for user root
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7925]: pam_unix(cron:session): session closed for user p13x
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7999]: Successful su for rubyman by root
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7999]: + ??? root:rubyman
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333750 of user rubyman.
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7999]: pam_unix(su:session): session closed for user rubyman
May  5 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333750.
May  5 12:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Failed password for root from 223.108.170.210 port 2503 ssh2
May  5 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7927]: pam_unix(cron:session): session closed for user root
May  5 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Connection closed by 223.108.170.210 port 2503 [preauth]
May  5 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session closed for user root
May  5 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7926]: pam_unix(cron:session): session closed for user samftp
May  5 12:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Invalid user hpc-riscv from 193.32.162.134
May  5 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: input_userauth_request: invalid user hpc-riscv [preauth]
May  5 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Invalid user gzc from 196.189.87.177
May  5 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: input_userauth_request: invalid user gzc [preauth]
May  5 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Failed password for invalid user hpc-riscv from 193.32.162.134 port 42086 ssh2
May  5 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8237]: Connection closed by 193.32.162.134 port 42086 [preauth]
May  5 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Failed password for invalid user gzc from 196.189.87.177 port 13094 ssh2
May  5 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Received disconnect from 196.189.87.177 port 13094:11: Bye Bye [preauth]
May  5 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8239]: Disconnected from 196.189.87.177 port 13094 [preauth]
May  5 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Failed password for root from 223.108.170.210 port 2504 ssh2
May  5 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8191]: Connection closed by 223.108.170.210 port 2504 [preauth]
May  5 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Invalid user ubnt from 80.94.95.125
May  5 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: input_userauth_request: invalid user ubnt [preauth]
May  5 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Failed password for invalid user ubnt from 80.94.95.125 port 58038 ssh2
May  5 12:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Invalid user jira from 212.227.232.57
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: input_userauth_request: invalid user jira [preauth]
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Failed password for invalid user ubnt from 80.94.95.125 port 58038 ssh2
May  5 12:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Failed password for root from 223.108.170.210 port 2505 ssh2
May  5 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for invalid user jira from 212.227.232.57 port 50038 ssh2
May  5 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Received disconnect from 212.227.232.57 port 50038:11: Bye Bye [preauth]
May  5 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Disconnected from 212.227.232.57 port 50038 [preauth]
May  5 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Failed password for invalid user ubnt from 80.94.95.125 port 58038 ssh2
May  5 12:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Connection closed by 223.108.170.210 port 2505 [preauth]
May  5 12:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Failed password for invalid user ubnt from 80.94.95.125 port 58038 ssh2
May  5 12:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Failed password for invalid user ubnt from 80.94.95.125 port 58038 ssh2
May  5 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Received disconnect from 80.94.95.125 port 58038:11: Bye [preauth]
May  5 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: Disconnected from 80.94.95.125 port 58038 [preauth]
May  5 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8257]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 12:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: Failed password for root from 223.108.170.210 port 2506 ssh2
May  5 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: Connection closed by 223.108.170.210 port 2506 [preauth]
May  5 12:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session closed for user root
May  5 12:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Failed password for root from 223.108.170.210 port 2507 ssh2
May  5 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8316]: Connection closed by 223.108.170.210 port 2507 [preauth]
May  5 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Failed password for root from 223.108.170.210 port 2508 ssh2
May  5 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8350]: Connection closed by 223.108.170.210 port 2508 [preauth]
May  5 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
May  5 12:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: Failed password for root from 116.193.191.90 port 37896 ssh2
May  5 12:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: Received disconnect from 116.193.191.90 port 37896:11: Bye Bye [preauth]
May  5 12:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8381]: Disconnected from 116.193.191.90 port 37896 [preauth]
May  5 12:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: Failed password for root from 223.108.170.210 port 2509 ssh2
May  5 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: Connection closed by 223.108.170.210 port 2509 [preauth]
May  5 12:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user p13x
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8481]: Successful su for rubyman by root
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8481]: + ??? root:rubyman
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333753 of user rubyman.
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8481]: pam_unix(su:session): session closed for user rubyman
May  5 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333753.
May  5 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Failed password for root from 223.108.170.210 port 2510 ssh2
May  5 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5315]: pam_unix(cron:session): session closed for user root
May  5 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session closed for user samftp
May  5 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Connection closed by 223.108.170.210 port 2510 [preauth]
May  5 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Invalid user jino from 14.103.228.246
May  5 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: input_userauth_request: invalid user jino [preauth]
May  5 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Failed password for invalid user jino from 14.103.228.246 port 45614 ssh2
May  5 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Received disconnect from 14.103.228.246 port 45614:11: Bye Bye [preauth]
May  5 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Disconnected from 14.103.228.246 port 45614 [preauth]
May  5 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for root from 223.108.170.210 port 2511 ssh2
May  5 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Connection closed by 223.108.170.210 port 2511 [preauth]
May  5 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: Failed password for root from 223.108.170.210 port 2512 ssh2
May  5 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8727]: Connection closed by 223.108.170.210 port 2512 [preauth]
May  5 12:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Failed password for root from 223.108.170.210 port 2513 ssh2
May  5 12:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8758]: Connection closed by 223.108.170.210 port 2513 [preauth]
May  5 12:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session closed for user root
May  5 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: Failed password for root from 218.92.0.179 port 27879 ssh2
May  5 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: Failed password for root from 218.92.0.179 port 27879 ssh2
May  5 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Failed password for root from 223.108.170.210 port 2514 ssh2
May  5 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: Failed password for root from 218.92.0.179 port 27879 ssh2
May  5 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: Received disconnect from 218.92.0.179 port 27879:11:  [preauth]
May  5 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: Disconnected from 218.92.0.179 port 27879 [preauth]
May  5 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8770]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Connection closed by 223.108.170.210 port 2514 [preauth]
May  5 12:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Failed password for root from 223.108.170.210 port 2515 ssh2
May  5 12:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Connection closed by 223.108.170.210 port 2515 [preauth]
May  5 12:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: Invalid user ta from 196.189.87.177
May  5 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: input_userauth_request: invalid user ta [preauth]
May  5 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8833]: Failed password for root from 223.108.170.210 port 2516 ssh2
May  5 12:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8833]: Connection closed by 223.108.170.210 port 2516 [preauth]
May  5 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: Failed password for invalid user ta from 196.189.87.177 port 13095 ssh2
May  5 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: Received disconnect from 196.189.87.177 port 13095:11: Bye Bye [preauth]
May  5 12:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8849]: Disconnected from 196.189.87.177 port 13095 [preauth]
May  5 12:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session closed for user p13x
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: Successful su for rubyman by root
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: + ??? root:rubyman
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333757 of user rubyman.
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: pam_unix(su:session): session closed for user rubyman
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333757.
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.211.44.138  user=root
May  5 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: Failed password for root from 223.108.170.210 port 2517 ssh2
May  5 12:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user root
May  5 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8859]: Connection closed by 223.108.170.210 port 2517 [preauth]
May  5 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Failed password for root from 195.211.44.138 port 51420 ssh2
May  5 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Received disconnect from 195.211.44.138 port 51420:11: Bye Bye [preauth]
May  5 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8871]: Disconnected from 195.211.44.138 port 51420 [preauth]
May  5 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session closed for user samftp
May  5 12:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Failed password for root from 223.108.170.210 port 2518 ssh2
May  5 12:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Connection closed by 223.108.170.210 port 2518 [preauth]
May  5 12:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9226]: Failed password for root from 223.108.170.210 port 2519 ssh2
May  5 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246  user=root
May  5 12:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9226]: Connection closed by 223.108.170.210 port 2519 [preauth]
May  5 12:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Failed password for root from 14.103.228.246 port 52844 ssh2
May  5 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Received disconnect from 14.103.228.246 port 52844:11: Bye Bye [preauth]
May  5 12:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9250]: Disconnected from 14.103.228.246 port 52844 [preauth]
May  5 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Failed password for root from 223.108.170.210 port 2520 ssh2
May  5 12:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9274]: Connection closed by 223.108.170.210 port 2520 [preauth]
May  5 12:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7929]: pam_unix(cron:session): session closed for user root
May  5 12:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: Failed password for root from 223.108.170.210 port 2521 ssh2
May  5 12:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9315]: Connection closed by 223.108.170.210 port 2521 [preauth]
May  5 12:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Invalid user maestro from 117.216.143.31
May  5 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: input_userauth_request: invalid user maestro [preauth]
May  5 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.216.143.31
May  5 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Failed password for invalid user maestro from 117.216.143.31 port 36592 ssh2
May  5 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Received disconnect from 117.216.143.31 port 36592:11: Bye Bye [preauth]
May  5 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9359]: Disconnected from 117.216.143.31 port 36592 [preauth]
May  5 12:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: Failed password for root from 223.108.170.210 port 2522 ssh2
May  5 12:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: Connection closed by 223.108.170.210 port 2522 [preauth]
May  5 12:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Failed password for root from 218.92.0.179 port 21713 ssh2
May  5 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Failed password for root from 218.92.0.179 port 21713 ssh2
May  5 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: Failed password for root from 223.108.170.210 port 2523 ssh2
May  5 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Failed password for root from 218.92.0.179 port 21713 ssh2
May  5 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Received disconnect from 218.92.0.179 port 21713:11:  [preauth]
May  5 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: Disconnected from 218.92.0.179 port 21713 [preauth]
May  5 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9394]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9393]: Connection closed by 223.108.170.210 port 2523 [preauth]
May  5 12:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9419]: pam_unix(cron:session): session closed for user p13x
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: Successful su for rubyman by root
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: + ??? root:rubyman
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333764 of user rubyman.
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session closed for user rubyman
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333764.
May  5 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6436]: pam_unix(cron:session): session closed for user root
May  5 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Failed password for root from 223.108.170.210 port 2524 ssh2
May  5 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Connection closed by 223.108.170.210 port 2524 [preauth]
May  5 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session closed for user samftp
May  5 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for root from 223.108.170.210 port 2525 ssh2
May  5 12:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Connection closed by 223.108.170.210 port 2525 [preauth]
May  5 12:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Failed password for root from 223.108.170.210 port 2526 ssh2
May  5 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Connection closed by 223.108.170.210 port 2526 [preauth]
May  5 12:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: Failed password for root from 223.108.170.210 port 2527 ssh2
May  5 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Invalid user ta from 14.103.228.246
May  5 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: input_userauth_request: invalid user ta [preauth]
May  5 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.228.246
May  5 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9707]: Connection closed by 223.108.170.210 port 2527 [preauth]
May  5 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Failed password for invalid user ta from 14.103.228.246 port 60880 ssh2
May  5 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Received disconnect from 14.103.228.246 port 60880:11: Bye Bye [preauth]
May  5 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9732]: Disconnected from 14.103.228.246 port 60880 [preauth]
May  5 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session closed for user root
May  5 12:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: Failed password for root from 223.108.170.210 port 2528 ssh2
May  5 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Invalid user mariadb from 196.189.87.177
May  5 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: input_userauth_request: invalid user mariadb [preauth]
May  5 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9744]: Connection closed by 223.108.170.210 port 2528 [preauth]
May  5 12:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Failed password for invalid user mariadb from 196.189.87.177 port 13096 ssh2
May  5 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Received disconnect from 196.189.87.177 port 13096:11: Bye Bye [preauth]
May  5 12:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Disconnected from 196.189.87.177 port 13096 [preauth]
May  5 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Failed password for root from 223.108.170.210 port 2529 ssh2
May  5 12:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Connection closed by 223.108.170.210 port 2529 [preauth]
May  5 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Failed password for root from 223.108.170.210 port 2530 ssh2
May  5 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Connection closed by 223.108.170.210 port 2530 [preauth]
May  5 12:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session closed for user p13x
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9948]: Successful su for rubyman by root
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9948]: + ??? root:rubyman
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333767 of user rubyman.
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9948]: pam_unix(su:session): session closed for user rubyman
May  5 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333767.
May  5 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session closed for user root
May  5 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session closed for user root
May  5 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Failed password for root from 223.108.170.210 port 2531 ssh2
May  5 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Connection closed by 223.108.170.210 port 2531 [preauth]
May  5 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session closed for user samftp
May  5 12:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Failed password for root from 223.108.170.210 port 2532 ssh2
May  5 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10171]: Connection closed by 223.108.170.210 port 2532 [preauth]
May  5 12:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: Failed password for root from 223.108.170.210 port 2533 ssh2
May  5 12:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10196]: Connection closed by 223.108.170.210 port 2533 [preauth]
May  5 12:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Failed password for root from 223.108.170.210 port 2534 ssh2
May  5 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10299]: Connection closed by 223.108.170.210 port 2534 [preauth]
May  5 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user root
May  5 12:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for root from 223.108.170.210 port 2535 ssh2
May  5 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Connection closed by 223.108.170.210 port 2535 [preauth]
May  5 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Invalid user admin from 80.94.95.112
May  5 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: input_userauth_request: invalid user admin [preauth]
May  5 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 12:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for invalid user admin from 80.94.95.112 port 31973 ssh2
May  5 12:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for invalid user admin from 80.94.95.112 port 31973 ssh2
May  5 12:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for invalid user admin from 80.94.95.112 port 31973 ssh2
May  5 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Failed password for root from 223.108.170.210 port 2536 ssh2
May  5 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for invalid user admin from 80.94.95.112 port 31973 ssh2
May  5 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10368]: Connection closed by 223.108.170.210 port 2536 [preauth]
May  5 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Failed password for invalid user admin from 80.94.95.112 port 31973 ssh2
May  5 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Received disconnect from 80.94.95.112 port 31973:11: Bye [preauth]
May  5 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: Disconnected from 80.94.95.112 port 31973 [preauth]
May  5 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 12:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10366]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 12:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for root from 223.108.170.210 port 2537 ssh2
May  5 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Connection closed by 223.108.170.210 port 2537 [preauth]
May  5 12:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session closed for user root
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10446]: pam_unix(cron:session): session closed for user p13x
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: Successful su for rubyman by root
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: + ??? root:rubyman
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333772 of user rubyman.
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10518]: pam_unix(su:session): session closed for user rubyman
May  5 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333772.
May  5 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Failed password for root from 223.108.170.210 port 2538 ssh2
May  5 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10426]: Connection closed by 223.108.170.210 port 2538 [preauth]
May  5 12:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10448]: pam_unix(cron:session): session closed for user root
May  5 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user root
May  5 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10447]: pam_unix(cron:session): session closed for user samftp
May  5 12:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Failed password for root from 223.108.170.210 port 2539 ssh2
May  5 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10670]: Connection closed by 223.108.170.210 port 2539 [preauth]
May  5 12:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Failed password for root from 223.108.170.210 port 2540 ssh2
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Invalid user readonly from 196.189.87.177
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: input_userauth_request: invalid user readonly [preauth]
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Invalid user badmin from 212.227.232.57
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: input_userauth_request: invalid user badmin [preauth]
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Connection closed by 223.108.170.210 port 2540 [preauth]
May  5 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user readonly from 196.189.87.177 port 13097 ssh2
May  5 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Failed password for invalid user badmin from 212.227.232.57 port 43352 ssh2
May  5 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Received disconnect from 212.227.232.57 port 43352:11: Bye Bye [preauth]
May  5 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Disconnected from 212.227.232.57 port 43352 [preauth]
May  5 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Received disconnect from 196.189.87.177 port 13097:11: Bye Bye [preauth]
May  5 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Disconnected from 196.189.87.177 port 13097 [preauth]
May  5 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Failed password for root from 223.108.170.210 port 2541 ssh2
May  5 12:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Connection closed by 223.108.170.210 port 2541 [preauth]
May  5 12:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session closed for user root
May  5 12:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Failed password for root from 223.108.170.210 port 2542 ssh2
May  5 12:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10865]: Connection closed by 223.108.170.210 port 2542 [preauth]
May  5 12:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Failed password for root from 223.108.170.210 port 2543 ssh2
May  5 12:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Connection closed by 223.108.170.210 port 2543 [preauth]
May  5 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Failed password for root from 223.108.170.210 port 2544 ssh2
May  5 12:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Connection closed by 223.108.170.210 port 2544 [preauth]
May  5 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10955]: pam_unix(cron:session): session closed for user p13x
May  5 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11022]: Successful su for rubyman by root
May  5 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11022]: + ??? root:rubyman
May  5 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333776 of user rubyman.
May  5 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11022]: pam_unix(su:session): session closed for user rubyman
May  5 12:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333776.
May  5 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10944]: Failed password for root from 223.108.170.210 port 2545 ssh2
May  5 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10944]: Connection closed by 223.108.170.210 port 2545 [preauth]
May  5 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7928]: pam_unix(cron:session): session closed for user root
May  5 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10956]: pam_unix(cron:session): session closed for user samftp
May  5 12:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Failed password for root from 223.108.170.210 port 2546 ssh2
May  5 12:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11182]: Connection closed by 223.108.170.210 port 2546 [preauth]
May  5 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Failed password for root from 223.108.170.210 port 2547 ssh2
May  5 12:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11217]: Connection closed by 223.108.170.210 port 2547 [preauth]
May  5 12:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Invalid user riscv from 193.32.162.134
May  5 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: input_userauth_request: invalid user riscv [preauth]
May  5 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user riscv from 193.32.162.134 port 54138 ssh2
May  5 12:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Connection closed by 193.32.162.134 port 54138 [preauth]
May  5 12:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Failed password for root from 223.108.170.210 port 2548 ssh2
May  5 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11249]: Connection closed by 223.108.170.210 port 2548 [preauth]
May  5 12:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user root
May  5 12:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Failed password for root from 223.108.170.210 port 2549 ssh2
May  5 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Connection closed by 223.108.170.210 port 2549 [preauth]
May  5 12:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: Failed password for root from 223.108.170.210 port 2550 ssh2
May  5 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11313]: Connection closed by 223.108.170.210 port 2550 [preauth]
May  5 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Failed password for root from 223.108.170.210 port 2551 ssh2
May  5 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Connection closed by 223.108.170.210 port 2551 [preauth]
May  5 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11365]: pam_unix(cron:session): session closed for user p13x
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: Successful su for rubyman by root
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: + ??? root:rubyman
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333782 of user rubyman.
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: pam_unix(su:session): session closed for user rubyman
May  5 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333782.
May  5 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Failed password for root from 223.108.170.210 port 2552 ssh2
May  5 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8410]: pam_unix(cron:session): session closed for user root
May  5 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Connection closed by 223.108.170.210 port 2552 [preauth]
May  5 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11366]: pam_unix(cron:session): session closed for user samftp
May  5 12:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Invalid user tom from 196.189.87.177
May  5 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: input_userauth_request: invalid user tom [preauth]
May  5 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Failed password for root from 223.108.170.210 port 2553 ssh2
May  5 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Failed password for invalid user tom from 196.189.87.177 port 13098 ssh2
May  5 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Received disconnect from 196.189.87.177 port 13098:11: Bye Bye [preauth]
May  5 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Disconnected from 196.189.87.177 port 13098 [preauth]
May  5 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11606]: Connection closed by 223.108.170.210 port 2553 [preauth]
May  5 12:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for root from 223.108.170.210 port 2554 ssh2
May  5 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 223.108.170.210 port 2554 [preauth]
May  5 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Invalid user zhangxinkui from 116.193.191.90
May  5 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: input_userauth_request: invalid user zhangxinkui [preauth]
May  5 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Failed password for invalid user zhangxinkui from 116.193.191.90 port 54198 ssh2
May  5 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Received disconnect from 116.193.191.90 port 54198:11: Bye Bye [preauth]
May  5 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Disconnected from 116.193.191.90 port 54198 [preauth]
May  5 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Failed password for root from 223.108.170.210 port 2555 ssh2
May  5 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Connection closed by 223.108.170.210 port 2555 [preauth]
May  5 12:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session closed for user root
May  5 12:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: Failed password for root from 223.108.170.210 port 2556 ssh2
May  5 12:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: Connection closed by 223.108.170.210 port 2556 [preauth]
May  5 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Failed password for root from 223.108.170.210 port 2557 ssh2
May  5 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Connection closed by 223.108.170.210 port 2557 [preauth]
May  5 12:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Failed password for root from 223.108.170.210 port 2558 ssh2
May  5 12:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11758]: Connection closed by 223.108.170.210 port 2558 [preauth]
May  5 12:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11789]: pam_unix(cron:session): session closed for user p13x
May  5 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: Successful su for rubyman by root
May  5 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: + ??? root:rubyman
May  5 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333786 of user rubyman.
May  5 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: pam_unix(su:session): session closed for user rubyman
May  5 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333786.
May  5 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Failed password for root from 223.108.170.210 port 2559 ssh2
May  5 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11778]: Connection closed by 223.108.170.210 port 2559 [preauth]
May  5 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user root
May  5 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11790]: pam_unix(cron:session): session closed for user samftp
May  5 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: Failed password for root from 223.108.170.210 port 2560 ssh2
May  5 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12031]: Failed password for root from 218.92.0.205 port 41662 ssh2
May  5 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12001]: Connection closed by 223.108.170.210 port 2560 [preauth]
May  5 12:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12031]: Failed password for root from 218.92.0.205 port 41662 ssh2
May  5 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for root from 223.108.170.210 port 2561 ssh2
May  5 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Connection closed by 223.108.170.210 port 2561 [preauth]
May  5 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Failed password for root from 223.108.170.210 port 2562 ssh2
May  5 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12071]: Connection closed by 223.108.170.210 port 2562 [preauth]
May  5 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10958]: pam_unix(cron:session): session closed for user root
May  5 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for root from 218.92.0.205 port 59774 ssh2
May  5 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Failed password for root from 223.108.170.210 port 2563 ssh2
May  5 12:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Connection closed by 223.108.170.210 port 2563 [preauth]
May  5 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for root from 218.92.0.205 port 59774 ssh2
May  5 12:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: Failed password for root from 223.108.170.210 port 2564 ssh2
May  5 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12138]: Connection closed by 223.108.170.210 port 2564 [preauth]
May  5 12:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Received disconnect from 218.92.0.205 port 59774:11:  [preauth]
May  5 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Disconnected from 218.92.0.205 port 59774 [preauth]
May  5 12:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Failed password for root from 223.108.170.210 port 2565 ssh2
May  5 12:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Connection closed by 223.108.170.210 port 2565 [preauth]
May  5 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Invalid user www from 196.189.87.177
May  5 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: input_userauth_request: invalid user www [preauth]
May  5 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Failed password for invalid user www from 196.189.87.177 port 13099 ssh2
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Received disconnect from 196.189.87.177 port 13099:11: Bye Bye [preauth]
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Disconnected from 196.189.87.177 port 13099 [preauth]
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Failed password for root from 223.108.170.210 port 2566 ssh2
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session closed for user p13x
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: Successful su for rubyman by root
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: + ??? root:rubyman
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333790 of user rubyman.
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12255]: pam_unix(su:session): session closed for user rubyman
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333790.
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Connection closed by 223.108.170.210 port 2566 [preauth]
May  5 12:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session closed for user root
May  5 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session closed for user samftp
May  5 12:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Failed password for root from 223.108.170.210 port 2567 ssh2
May  5 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Connection closed by 223.108.170.210 port 2567 [preauth]
May  5 12:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Failed password for root from 223.108.170.210 port 2568 ssh2
May  5 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Connection closed by 223.108.170.210 port 2568 [preauth]
May  5 12:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Failed password for root from 223.108.170.210 port 2569 ssh2
May  5 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12492]: Connection closed by 223.108.170.210 port 2569 [preauth]
May  5 12:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11368]: pam_unix(cron:session): session closed for user root
May  5 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Failed password for root from 223.108.170.210 port 2570 ssh2
May  5 12:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12514]: Connection closed by 223.108.170.210 port 2570 [preauth]
May  5 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.108.170.210  user=root
May  5 12:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Failed password for root from 223.108.170.210 port 2571 ssh2
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12608]: pam_unix(cron:session): session closed for user root
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12603]: pam_unix(cron:session): session closed for user p13x
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: Successful su for rubyman by root
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: + ??? root:rubyman
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333796 of user rubyman.
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12668]: pam_unix(su:session): session closed for user rubyman
May  5 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333796.
May  5 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12605]: pam_unix(cron:session): session closed for user root
May  5 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session closed for user root
May  5 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12604]: pam_unix(cron:session): session closed for user samftp
May  5 12:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Invalid user pengqiwei from 212.227.232.57
May  5 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: input_userauth_request: invalid user pengqiwei [preauth]
May  5 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Failed password for invalid user pengqiwei from 212.227.232.57 port 39680 ssh2
May  5 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11792]: pam_unix(cron:session): session closed for user root
May  5 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Received disconnect from 212.227.232.57 port 39680:11: Bye Bye [preauth]
May  5 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Disconnected from 212.227.232.57 port 39680 [preauth]
May  5 12:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Invalid user install from 196.189.87.177
May  5 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: input_userauth_request: invalid user install [preauth]
May  5 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Failed password for invalid user install from 196.189.87.177 port 13100 ssh2
May  5 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Received disconnect from 196.189.87.177 port 13100:11: Bye Bye [preauth]
May  5 12:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12977]: Disconnected from 196.189.87.177 port 13100 [preauth]
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session closed for user p13x
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: Successful su for rubyman by root
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: + ??? root:rubyman
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333799 of user rubyman.
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13102]: pam_unix(su:session): session closed for user rubyman
May  5 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333799.
May  5 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10449]: pam_unix(cron:session): session closed for user root
May  5 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session closed for user samftp
May  5 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user root
May  5 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13385]: Did not receive identification string from 216.10.242.26
May  5 12:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 12:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Invalid user muser from 186.233.208.13
May  5 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: input_userauth_request: invalid user muser [preauth]
May  5 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13426]: Failed password for root from 35.222.117.243 port 51846 ssh2
May  5 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13426]: Received disconnect from 35.222.117.243 port 51846:11: Bye Bye [preauth]
May  5 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13426]: Disconnected from 35.222.117.243 port 51846 [preauth]
May  5 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Failed password for invalid user muser from 186.233.208.13 port 57912 ssh2
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Received disconnect from 186.233.208.13 port 57912:11: Bye Bye [preauth]
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Disconnected from 186.233.208.13 port 57912 [preauth]
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session closed for user root
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session closed for user p13x
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13604]: Successful su for rubyman by root
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13604]: + ??? root:rubyman
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333802 of user rubyman.
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13604]: pam_unix(su:session): session closed for user rubyman
May  5 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333802.
May  5 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10957]: pam_unix(cron:session): session closed for user root
May  5 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session closed for user samftp
May  5 12:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Invalid user admin from 196.189.87.177
May  5 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: input_userauth_request: invalid user admin [preauth]
May  5 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.189.87.177
May  5 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12607]: pam_unix(cron:session): session closed for user root
May  5 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Failed password for invalid user admin from 196.189.87.177 port 13101 ssh2
May  5 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Received disconnect from 196.189.87.177 port 13101:11: Bye Bye [preauth]
May  5 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Disconnected from 196.189.87.177 port 13101 [preauth]
May  5 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: User john from 50.235.31.47 not allowed because not listed in AllowUsers
May  5 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: input_userauth_request: invalid user john [preauth]
May  5 12:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=john
May  5 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user john from 50.235.31.47 port 38488 ssh2
May  5 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Connection closed by 50.235.31.47 port 38488 [preauth]
May  5 12:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Invalid user riscv from 193.32.162.134
May  5 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: input_userauth_request: invalid user riscv [preauth]
May  5 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Failed password for invalid user riscv from 193.32.162.134 port 37958 ssh2
May  5 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13906]: Connection closed by 193.32.162.134 port 37958 [preauth]
May  5 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13952]: pam_unix(cron:session): session closed for user p13x
May  5 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14020]: Successful su for rubyman by root
May  5 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14020]: + ??? root:rubyman
May  5 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333807 of user rubyman.
May  5 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14020]: pam_unix(su:session): session closed for user rubyman
May  5 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333807.
May  5 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11367]: pam_unix(cron:session): session closed for user root
May  5 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13953]: pam_unix(cron:session): session closed for user samftp
May  5 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user root
May  5 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Invalid user test from 116.193.191.90
May  5 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: input_userauth_request: invalid user test [preauth]
May  5 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user p13x
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14415]: Successful su for rubyman by root
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14415]: + ??? root:rubyman
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333812 of user rubyman.
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14415]: pam_unix(su:session): session closed for user rubyman
May  5 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333812.
May  5 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for invalid user test from 116.193.191.90 port 41768 ssh2
May  5 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Received disconnect from 116.193.191.90 port 41768:11: Bye Bye [preauth]
May  5 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Disconnected from 116.193.191.90 port 41768 [preauth]
May  5 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11791]: pam_unix(cron:session): session closed for user root
May  5 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14354]: pam_unix(cron:session): session closed for user samftp
May  5 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session closed for user root
May  5 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Failed password for root from 152.42.254.23 port 41414 ssh2
May  5 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Received disconnect from 152.42.254.23 port 41414:11: Bye Bye [preauth]
May  5 12:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Disconnected from 152.42.254.23 port 41414 [preauth]
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14766]: pam_unix(cron:session): session closed for user root
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session closed for user p13x
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: Successful su for rubyman by root
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: + ??? root:rubyman
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333816 of user rubyman.
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14828]: pam_unix(su:session): session closed for user rubyman
May  5 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333816.
May  5 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session closed for user root
May  5 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Invalid user web from 94.159.101.55
May  5 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: input_userauth_request: invalid user web [preauth]
May  5 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session closed for user root
May  5 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Failed password for invalid user web from 94.159.101.55 port 48386 ssh2
May  5 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session closed for user samftp
May  5 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Received disconnect from 94.159.101.55 port 48386:11: Bye Bye [preauth]
May  5 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Disconnected from 94.159.101.55 port 48386 [preauth]
May  5 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13955]: pam_unix(cron:session): session closed for user root
May  5 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Failed password for root from 218.92.0.179 port 45646 ssh2
May  5 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Failed password for root from 218.92.0.179 port 45646 ssh2
May  5 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57  user=root
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15144]: Failed password for root from 212.227.232.57 port 47450 ssh2
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Failed password for root from 218.92.0.179 port 45646 ssh2
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15144]: Received disconnect from 212.227.232.57 port 47450:11: Bye Bye [preauth]
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15144]: Disconnected from 212.227.232.57 port 47450 [preauth]
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Received disconnect from 218.92.0.179 port 45646:11:  [preauth]
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Disconnected from 218.92.0.179 port 45646 [preauth]
May  5 12:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user p13x
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15266]: Successful su for rubyman by root
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15266]: + ??? root:rubyman
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333824 of user rubyman.
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15266]: pam_unix(su:session): session closed for user rubyman
May  5 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333824.
May  5 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12606]: pam_unix(cron:session): session closed for user root
May  5 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user samftp
May  5 12:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14357]: pam_unix(cron:session): session closed for user root
May  5 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Failed password for root from 218.92.0.179 port 39428 ssh2
May  5 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39428 ssh2]
May  5 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Received disconnect from 218.92.0.179 port 39428:11:  [preauth]
May  5 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: Disconnected from 218.92.0.179 port 39428 [preauth]
May  5 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15578]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session closed for user p13x
May  5 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15656]: Successful su for rubyman by root
May  5 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15656]: + ??? root:rubyman
May  5 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333826 of user rubyman.
May  5 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15656]: pam_unix(su:session): session closed for user rubyman
May  5 12:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333826.
May  5 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user root
May  5 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session closed for user samftp
May  5 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14765]: pam_unix(cron:session): session closed for user root
May  5 12:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session closed for user p13x
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: Successful su for rubyman by root
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: + ??? root:rubyman
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333829 of user rubyman.
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16048]: pam_unix(su:session): session closed for user rubyman
May  5 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333829.
May  5 12:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Failed password for root from 186.233.208.13 port 46802 ssh2
May  5 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Received disconnect from 186.233.208.13 port 46802:11: Bye Bye [preauth]
May  5 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15987]: Disconnected from 186.233.208.13 port 46802 [preauth]
May  5 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session closed for user root
May  5 12:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user samftp
May  5 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session closed for user root
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user p13x
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16428]: Successful su for rubyman by root
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16428]: + ??? root:rubyman
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333833 of user rubyman.
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16428]: pam_unix(su:session): session closed for user rubyman
May  5 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333833.
May  5 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: Invalid user riscv from 193.32.162.134
May  5 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: input_userauth_request: invalid user riscv [preauth]
May  5 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13954]: pam_unix(cron:session): session closed for user root
May  5 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user samftp
May  5 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: Failed password for invalid user riscv from 193.32.162.134 port 50010 ssh2
May  5 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16506]: Connection closed by 193.32.162.134 port 50010 [preauth]
May  5 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session closed for user root
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session closed for user root
May  5 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session closed for user p13x
May  5 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: Successful su for rubyman by root
May  5 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: + ??? root:rubyman
May  5 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333838 of user rubyman.
May  5 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16916]: pam_unix(su:session): session closed for user rubyman
May  5 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333838.
May  5 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14356]: pam_unix(cron:session): session closed for user root
May  5 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session closed for user root
May  5 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session closed for user samftp
May  5 12:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15994]: pam_unix(cron:session): session closed for user root
May  5 12:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
May  5 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for root from 116.193.191.90 port 38694 ssh2
May  5 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Received disconnect from 116.193.191.90 port 38694:11: Bye Bye [preauth]
May  5 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Disconnected from 116.193.191.90 port 38694 [preauth]
May  5 12:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57  user=root
May  5 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user p13x
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: Successful su for rubyman by root
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: + ??? root:rubyman
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333844 of user rubyman.
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17362]: pam_unix(su:session): session closed for user rubyman
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333844.
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for root from 212.227.232.57 port 33402 ssh2
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Received disconnect from 212.227.232.57 port 33402:11: Bye Bye [preauth]
May  5 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Disconnected from 212.227.232.57 port 33402 [preauth]
May  5 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14764]: pam_unix(cron:session): session closed for user root
May  5 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user samftp
May  5 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.217.132  user=root
May  5 12:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17590]: Failed password for root from 106.54.217.132 port 49600 ssh2
May  5 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session closed for user root
May  5 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Failed password for root from 186.233.208.13 port 48434 ssh2
May  5 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Received disconnect from 186.233.208.13 port 48434:11: Bye Bye [preauth]
May  5 12:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Disconnected from 186.233.208.13 port 48434 [preauth]
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17716]: pam_unix(cron:session): session closed for user p13x
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: Successful su for rubyman by root
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: + ??? root:rubyman
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333848 of user rubyman.
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: pam_unix(su:session): session closed for user rubyman
May  5 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333848.
May  5 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user root
May  5 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17717]: pam_unix(cron:session): session closed for user samftp
May  5 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 12:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Failed password for root from 94.159.101.55 port 41732 ssh2
May  5 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Received disconnect from 94.159.101.55 port 41732:11: Bye Bye [preauth]
May  5 12:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18147]: Disconnected from 94.159.101.55 port 41732 [preauth]
May  5 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16833]: pam_unix(cron:session): session closed for user root
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session closed for user p13x
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: Successful su for rubyman by root
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: + ??? root:rubyman
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333851 of user rubyman.
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: pam_unix(su:session): session closed for user rubyman
May  5 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333851.
May  5 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15600]: pam_unix(cron:session): session closed for user root
May  5 12:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user samftp
May  5 12:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Invalid user huawei from 35.222.117.243
May  5 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: input_userauth_request: invalid user huawei [preauth]
May  5 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 12:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Failed password for invalid user huawei from 35.222.117.243 port 53516 ssh2
May  5 12:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Received disconnect from 35.222.117.243 port 53516:11: Bye Bye [preauth]
May  5 12:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18529]: Disconnected from 35.222.117.243 port 53516 [preauth]
May  5 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17299]: pam_unix(cron:session): session closed for user root
May  5 12:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Invalid user lampuser from 152.42.254.23
May  5 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: input_userauth_request: invalid user lampuser [preauth]
May  5 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 12:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Failed password for invalid user lampuser from 152.42.254.23 port 45080 ssh2
May  5 12:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Received disconnect from 152.42.254.23 port 45080:11: Bye Bye [preauth]
May  5 12:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18627]: Disconnected from 152.42.254.23 port 45080 [preauth]
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session closed for user p13x
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: Successful su for rubyman by root
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: + ??? root:rubyman
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333855 of user rubyman.
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: pam_unix(su:session): session closed for user rubyman
May  5 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333855.
May  5 12:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15993]: pam_unix(cron:session): session closed for user root
May  5 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session closed for user samftp
May  5 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17719]: pam_unix(cron:session): session closed for user root
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19073]: pam_unix(cron:session): session closed for user root
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19064]: pam_unix(cron:session): session closed for user p13x
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19138]: Successful su for rubyman by root
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19138]: + ??? root:rubyman
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333860 of user rubyman.
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19138]: pam_unix(su:session): session closed for user rubyman
May  5 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333860.
May  5 12:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session closed for user root
May  5 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user root
May  5 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session closed for user samftp
May  5 12:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Failed password for root from 186.233.208.13 port 45930 ssh2
May  5 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Received disconnect from 186.233.208.13 port 45930:11: Bye Bye [preauth]
May  5 12:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Disconnected from 186.233.208.13 port 45930 [preauth]
May  5 12:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Invalid user riscv from 193.32.162.134
May  5 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: input_userauth_request: invalid user riscv [preauth]
May  5 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Failed password for invalid user riscv from 193.32.162.134 port 33830 ssh2
May  5 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Connection closed by 193.32.162.134 port 33830 [preauth]
May  5 12:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session closed for user root
May  5 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19426]: Connection closed by 20.169.49.41 port 43864 [preauth]
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19513]: pam_unix(cron:session): session closed for user p13x
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19584]: Successful su for rubyman by root
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19584]: + ??? root:rubyman
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333867 of user rubyman.
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19584]: pam_unix(su:session): session closed for user rubyman
May  5 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333867.
May  5 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session closed for user root
May  5 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19514]: pam_unix(cron:session): session closed for user samftp
May  5 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Invalid user zhanghua from 212.227.232.57
May  5 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: input_userauth_request: invalid user zhanghua [preauth]
May  5 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for invalid user zhanghua from 212.227.232.57 port 53078 ssh2
May  5 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Received disconnect from 212.227.232.57 port 53078:11: Bye Bye [preauth]
May  5 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Disconnected from 212.227.232.57 port 53078 [preauth]
May  5 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18659]: pam_unix(cron:session): session closed for user root
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session closed for user p13x
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20004]: Successful su for rubyman by root
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20004]: + ??? root:rubyman
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333871 of user rubyman.
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20004]: pam_unix(su:session): session closed for user rubyman
May  5 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333871.
May  5 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17298]: pam_unix(cron:session): session closed for user root
May  5 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session closed for user samftp
May  5 12:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
May  5 12:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20213]: Failed password for root from 116.193.191.90 port 60660 ssh2
May  5 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20213]: Received disconnect from 116.193.191.90 port 60660:11: Bye Bye [preauth]
May  5 12:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20213]: Disconnected from 116.193.191.90 port 60660 [preauth]
May  5 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: Invalid user admin from 94.159.101.55
May  5 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: input_userauth_request: invalid user admin [preauth]
May  5 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: Failed password for invalid user admin from 94.159.101.55 port 55402 ssh2
May  5 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: Received disconnect from 94.159.101.55 port 55402:11: Bye Bye [preauth]
May  5 12:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20223]: Disconnected from 94.159.101.55 port 55402 [preauth]
May  5 12:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session closed for user root
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session closed for user p13x
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20399]: Successful su for rubyman by root
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20399]: + ??? root:rubyman
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333874 of user rubyman.
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20399]: pam_unix(su:session): session closed for user rubyman
May  5 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333874.
May  5 12:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17718]: pam_unix(cron:session): session closed for user root
May  5 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session closed for user samftp
May  5 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19517]: pam_unix(cron:session): session closed for user root
May  5 12:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Failed password for root from 35.222.117.243 port 32806 ssh2
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Received disconnect from 35.222.117.243 port 32806:11: Bye Bye [preauth]
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20695]: Disconnected from 35.222.117.243 port 32806 [preauth]
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Invalid user it from 186.233.208.13
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: input_userauth_request: invalid user it [preauth]
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Failed password for invalid user it from 186.233.208.13 port 41726 ssh2
May  5 12:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Received disconnect from 186.233.208.13 port 41726:11: Bye Bye [preauth]
May  5 12:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Disconnected from 186.233.208.13 port 41726 [preauth]
May  5 12:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: Invalid user muser from 152.42.254.23
May  5 12:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: input_userauth_request: invalid user muser [preauth]
May  5 12:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: Failed password for invalid user muser from 152.42.254.23 port 49860 ssh2
May  5 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: Received disconnect from 152.42.254.23 port 49860:11: Bye Bye [preauth]
May  5 12:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20734]: Disconnected from 152.42.254.23 port 49860 [preauth]
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20754]: pam_unix(cron:session): session closed for user p13x
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20820]: Successful su for rubyman by root
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20820]: + ??? root:rubyman
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333879 of user rubyman.
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20820]: pam_unix(su:session): session closed for user rubyman
May  5 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333879.
May  5 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session closed for user root
May  5 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20755]: pam_unix(cron:session): session closed for user samftp
May  5 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19938]: pam_unix(cron:session): session closed for user root
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21169]: pam_unix(cron:session): session closed for user root
May  5 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session closed for user p13x
May  5 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21258]: Successful su for rubyman by root
May  5 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21258]: + ??? root:rubyman
May  5 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333886 of user rubyman.
May  5 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21258]: pam_unix(su:session): session closed for user rubyman
May  5 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333886.
May  5 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session closed for user root
May  5 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session closed for user root
May  5 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21164]: pam_unix(cron:session): session closed for user samftp
May  5 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20340]: pam_unix(cron:session): session closed for user root
May  5 12:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119  user=root
May  5 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for root from 103.23.199.119 port 57248 ssh2
May  5 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Received disconnect from 103.23.199.119 port 57248:11: Bye Bye [preauth]
May  5 12:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Disconnected from 103.23.199.119 port 57248 [preauth]
May  5 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session closed for user p13x
May  5 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: Successful su for rubyman by root
May  5 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: + ??? root:rubyman
May  5 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333888 of user rubyman.
May  5 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21735]: pam_unix(su:session): session closed for user rubyman
May  5 12:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333888.
May  5 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user root
May  5 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session closed for user samftp
May  5 12:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: Invalid user yankai from 212.227.232.57
May  5 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: input_userauth_request: invalid user yankai [preauth]
May  5 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  5 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: Failed password for invalid user yankai from 212.227.232.57 port 50828 ssh2
May  5 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: Received disconnect from 212.227.232.57 port 50828:11: Bye Bye [preauth]
May  5 12:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22221]: Disconnected from 212.227.232.57 port 50828 [preauth]
May  5 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: Failed password for root from 50.235.31.47 port 54250 ssh2
May  5 12:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: Connection closed by 50.235.31.47 port 54250 [preauth]
May  5 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session closed for user root
May  5 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Invalid user partimag from 193.32.162.134
May  5 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: input_userauth_request: invalid user partimag [preauth]
May  5 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Failed password for invalid user partimag from 193.32.162.134 port 45882 ssh2
May  5 12:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Connection closed by 193.32.162.134 port 45882 [preauth]
May  5 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user p13x
May  5 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22493]: Successful su for rubyman by root
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22493]: + ??? root:rubyman
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333892 of user rubyman.
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22493]: pam_unix(su:session): session closed for user rubyman
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333892.
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Invalid user es from 94.159.101.55
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: input_userauth_request: invalid user es [preauth]
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19516]: pam_unix(cron:session): session closed for user root
May  5 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Failed password for invalid user es from 94.159.101.55 port 57078 ssh2
May  5 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Received disconnect from 94.159.101.55 port 57078:11: Bye Bye [preauth]
May  5 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22481]: Disconnected from 94.159.101.55 port 57078 [preauth]
May  5 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22421]: pam_unix(cron:session): session closed for user samftp
May  5 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: Invalid user jenkins from 186.233.208.13
May  5 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: input_userauth_request: invalid user jenkins [preauth]
May  5 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: Failed password for invalid user jenkins from 186.233.208.13 port 59532 ssh2
May  5 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: Received disconnect from 186.233.208.13 port 59532:11: Bye Bye [preauth]
May  5 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22704]: Disconnected from 186.233.208.13 port 59532 [preauth]
May  5 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session closed for user root
May  5 12:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: Did not receive identification string from 47.113.193.99
May  5 12:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22856]: Invalid user admin from 139.19.117.131
May  5 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22856]: input_userauth_request: invalid user admin [preauth]
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22869]: pam_unix(cron:session): session closed for user p13x
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22961]: Successful su for rubyman by root
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22961]: + ??? root:rubyman
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333896 of user rubyman.
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22961]: pam_unix(su:session): session closed for user rubyman
May  5 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333896.
May  5 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19937]: pam_unix(cron:session): session closed for user root
May  5 12:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22871]: pam_unix(cron:session): session closed for user samftp
May  5 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22856]: Connection closed by 139.19.117.131 port 47454 [preauth]
May  5 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session closed for user root
May  5 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Invalid user backuppc from 116.193.191.90
May  5 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: input_userauth_request: invalid user backuppc [preauth]
May  5 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Failed password for invalid user backuppc from 116.193.191.90 port 36090 ssh2
May  5 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Received disconnect from 116.193.191.90 port 36090:11: Bye Bye [preauth]
May  5 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23293]: Disconnected from 116.193.191.90 port 36090 [preauth]
May  5 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Failed password for root from 152.42.254.23 port 53368 ssh2
May  5 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Received disconnect from 152.42.254.23 port 53368:11: Bye Bye [preauth]
May  5 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23328]: Disconnected from 152.42.254.23 port 53368 [preauth]
May  5 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23413]: pam_unix(cron:session): session closed for user p13x
May  5 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: Successful su for rubyman by root
May  5 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: + ??? root:rubyman
May  5 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333901 of user rubyman.
May  5 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23534]: pam_unix(su:session): session closed for user rubyman
May  5 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333901.
May  5 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23411]: pam_unix(cron:session): session closed for user root
May  5 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20339]: pam_unix(cron:session): session closed for user root
May  5 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23415]: pam_unix(cron:session): session closed for user samftp
May  5 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Invalid user mongo from 35.222.117.243
May  5 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: input_userauth_request: invalid user mongo [preauth]
May  5 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Failed password for invalid user mongo from 35.222.117.243 port 40324 ssh2
May  5 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Received disconnect from 35.222.117.243 port 40324:11: Bye Bye [preauth]
May  5 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Disconnected from 35.222.117.243 port 40324 [preauth]
May  5 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22423]: pam_unix(cron:session): session closed for user root
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24038]: pam_unix(cron:session): session closed for user root
May  5 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session closed for user p13x
May  5 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24101]: Successful su for rubyman by root
May  5 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24101]: + ??? root:rubyman
May  5 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333905 of user rubyman.
May  5 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24101]: pam_unix(su:session): session closed for user rubyman
May  5 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333905.
May  5 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session closed for user root
May  5 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20756]: pam_unix(cron:session): session closed for user root
May  5 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session closed for user samftp
May  5 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22873]: pam_unix(cron:session): session closed for user root
May  5 12:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Invalid user es from 186.233.208.13
May  5 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: input_userauth_request: invalid user es [preauth]
May  5 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Failed password for invalid user es from 186.233.208.13 port 51118 ssh2
May  5 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Received disconnect from 186.233.208.13 port 51118:11: Bye Bye [preauth]
May  5 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24435]: Disconnected from 186.233.208.13 port 51118 [preauth]
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session closed for user p13x
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: Successful su for rubyman by root
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: + ??? root:rubyman
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333912 of user rubyman.
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24571]: pam_unix(su:session): session closed for user rubyman
May  5 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333912.
May  5 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21167]: pam_unix(cron:session): session closed for user root
May  5 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session closed for user samftp
May  5 12:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57  user=root
May  5 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: Failed password for root from 212.227.232.57 port 40340 ssh2
May  5 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: Received disconnect from 212.227.232.57 port 40340:11: Bye Bye [preauth]
May  5 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: Disconnected from 212.227.232.57 port 40340 [preauth]
May  5 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23417]: pam_unix(cron:session): session closed for user root
May  5 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Failed password for root from 94.159.101.55 port 37170 ssh2
May  5 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Received disconnect from 94.159.101.55 port 37170:11: Bye Bye [preauth]
May  5 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Disconnected from 94.159.101.55 port 37170 [preauth]
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user p13x
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24989]: Successful su for rubyman by root
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24989]: + ??? root:rubyman
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333915 of user rubyman.
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24989]: pam_unix(su:session): session closed for user rubyman
May  5 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333915.
May  5 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21656]: pam_unix(cron:session): session closed for user root
May  5 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user samftp
May  5 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Invalid user roundcube from 139.59.114.137
May  5 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: input_userauth_request: invalid user roundcube [preauth]
May  5 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for invalid user roundcube from 139.59.114.137 port 60854 ssh2
May  5 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Received disconnect from 139.59.114.137 port 60854:11: Bye Bye [preauth]
May  5 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Disconnected from 139.59.114.137 port 60854 [preauth]
May  5 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24037]: pam_unix(cron:session): session closed for user root
May  5 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session closed for user p13x
May  5 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: Successful su for rubyman by root
May  5 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: + ??? root:rubyman
May  5 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333918 of user rubyman.
May  5 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: pam_unix(su:session): session closed for user rubyman
May  5 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333918.
May  5 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: Invalid user binance from 193.32.162.134
May  5 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: input_userauth_request: invalid user binance [preauth]
May  5 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22422]: pam_unix(cron:session): session closed for user root
May  5 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: Failed password for invalid user binance from 193.32.162.134 port 57934 ssh2
May  5 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session closed for user samftp
May  5 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25338]: Connection closed by 193.32.162.134 port 57934 [preauth]
May  5 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session closed for user root
May  5 12:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Invalid user midas from 152.42.254.23
May  5 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: input_userauth_request: invalid user midas [preauth]
May  5 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Failed password for invalid user midas from 152.42.254.23 port 45794 ssh2
May  5 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Received disconnect from 152.42.254.23 port 45794:11: Bye Bye [preauth]
May  5 12:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25734]: Disconnected from 152.42.254.23 port 45794 [preauth]
May  5 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25754]: pam_unix(cron:session): session closed for user p13x
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: Successful su for rubyman by root
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: + ??? root:rubyman
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333922 of user rubyman.
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25813]: pam_unix(su:session): session closed for user rubyman
May  5 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333922.
May  5 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22872]: pam_unix(cron:session): session closed for user root
May  5 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session closed for user samftp
May  5 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Failed password for root from 186.233.208.13 port 48216 ssh2
May  5 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Received disconnect from 186.233.208.13 port 48216:11: Bye Bye [preauth]
May  5 12:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25998]: Disconnected from 186.233.208.13 port 48216 [preauth]
May  5 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Invalid user it from 35.222.117.243
May  5 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: input_userauth_request: invalid user it [preauth]
May  5 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user root
May  5 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Failed password for invalid user it from 35.222.117.243 port 47842 ssh2
May  5 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Received disconnect from 35.222.117.243 port 47842:11: Bye Bye [preauth]
May  5 12:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26070]: Disconnected from 35.222.117.243 port 47842 [preauth]
May  5 12:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 12:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Failed password for root from 218.92.0.205 port 8092 ssh2
May  5 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26123]: Failed password for root from 218.92.0.205 port 8092 ssh2
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session closed for user root
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26154]: pam_unix(cron:session): session closed for user p13x
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: Successful su for rubyman by root
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: + ??? root:rubyman
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333927 of user rubyman.
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: pam_unix(su:session): session closed for user rubyman
May  5 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333927.
May  5 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26156]: pam_unix(cron:session): session closed for user root
May  5 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23416]: pam_unix(cron:session): session closed for user root
May  5 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26155]: pam_unix(cron:session): session closed for user samftp
May  5 12:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 12:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Failed password for root from 218.92.0.205 port 17296 ssh2
May  5 12:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Failed password for root from 218.92.0.205 port 17296 ssh2
May  5 12:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Invalid user postgres from 116.193.191.90
May  5 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: input_userauth_request: invalid user postgres [preauth]
May  5 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 12:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Failed password for invalid user postgres from 116.193.191.90 port 38228 ssh2
May  5 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Received disconnect from 116.193.191.90 port 38228:11: Bye Bye [preauth]
May  5 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26573]: Disconnected from 116.193.191.90 port 38228 [preauth]
May  5 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25344]: pam_unix(cron:session): session closed for user root
May  5 12:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session closed for user p13x
May  5 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26741]: Successful su for rubyman by root
May  5 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26741]: + ??? root:rubyman
May  5 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333933 of user rubyman.
May  5 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26741]: pam_unix(su:session): session closed for user rubyman
May  5 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333933.
May  5 12:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session closed for user root
May  5 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user samftp
May  5 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25757]: pam_unix(cron:session): session closed for user root
May  5 12:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: Invalid user sjb from 212.227.232.57
May  5 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: input_userauth_request: invalid user sjb [preauth]
May  5 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: Failed password for invalid user sjb from 212.227.232.57 port 40842 ssh2
May  5 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: Received disconnect from 212.227.232.57 port 40842:11: Bye Bye [preauth]
May  5 12:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27096]: Disconnected from 212.227.232.57 port 40842 [preauth]
May  5 12:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Invalid user iexcel_wuhan from 103.23.199.119
May  5 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: input_userauth_request: invalid user iexcel_wuhan [preauth]
May  5 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Failed password for invalid user iexcel_wuhan from 103.23.199.119 port 51924 ssh2
May  5 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Received disconnect from 103.23.199.119 port 51924:11: Bye Bye [preauth]
May  5 12:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27130]: Disconnected from 103.23.199.119 port 51924 [preauth]
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27152]: pam_unix(cron:session): session closed for user p13x
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: Successful su for rubyman by root
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: + ??? root:rubyman
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333937 of user rubyman.
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27221]: pam_unix(su:session): session closed for user rubyman
May  5 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333937.
May  5 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session closed for user root
May  5 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27153]: pam_unix(cron:session): session closed for user samftp
May  5 12:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Invalid user web from 186.233.208.13
May  5 12:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: input_userauth_request: invalid user web [preauth]
May  5 12:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session closed for user root
May  5 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Failed password for invalid user web from 186.233.208.13 port 50498 ssh2
May  5 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Received disconnect from 186.233.208.13 port 50498:11: Bye Bye [preauth]
May  5 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27533]: Disconnected from 186.233.208.13 port 50498 [preauth]
May  5 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session closed for user p13x
May  5 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: Successful su for rubyman by root
May  5 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: + ??? root:rubyman
May  5 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333940 of user rubyman.
May  5 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27689]: pam_unix(su:session): session closed for user rubyman
May  5 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333940.
May  5 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session closed for user root
May  5 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session closed for user samftp
May  5 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user root
May  5 12:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Invalid user huawei from 152.42.254.23
May  5 12:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: input_userauth_request: invalid user huawei [preauth]
May  5 12:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 12:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Failed password for invalid user huawei from 152.42.254.23 port 59438 ssh2
May  5 12:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Received disconnect from 152.42.254.23 port 59438:11: Bye Bye [preauth]
May  5 12:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28007]: Disconnected from 152.42.254.23 port 59438 [preauth]
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28038]: pam_unix(cron:session): session closed for user p13x
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28099]: Successful su for rubyman by root
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28099]: + ??? root:rubyman
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333944 of user rubyman.
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28099]: pam_unix(su:session): session closed for user rubyman
May  5 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333944.
May  5 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Invalid user admin from 80.94.95.112
May  5 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: input_userauth_request: invalid user admin [preauth]
May  5 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Failed password for invalid user admin from 80.94.95.112 port 20604 ssh2
May  5 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session closed for user root
May  5 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28039]: pam_unix(cron:session): session closed for user samftp
May  5 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Failed password for invalid user admin from 80.94.95.112 port 20604 ssh2
May  5 12:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Failed password for invalid user admin from 80.94.95.112 port 20604 ssh2
May  5 12:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Failed password for invalid user admin from 80.94.95.112 port 20604 ssh2
May  5 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Failed password for invalid user admin from 80.94.95.112 port 20604 ssh2
May  5 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Received disconnect from 80.94.95.112 port 20604:11: Bye [preauth]
May  5 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: Disconnected from 80.94.95.112 port 20604 [preauth]
May  5 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 12:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28035]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 12:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Invalid user okx from 193.32.162.134
May  5 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: input_userauth_request: invalid user okx [preauth]
May  5 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Failed password for invalid user okx from 193.32.162.134 port 41754 ssh2
May  5 12:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28314]: Connection closed by 193.32.162.134 port 41754 [preauth]
May  5 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session closed for user root
May  5 12:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: Failed password for root from 35.222.117.243 port 55350 ssh2
May  5 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: Received disconnect from 35.222.117.243 port 55350:11: Bye Bye [preauth]
May  5 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28417]: Disconnected from 35.222.117.243 port 55350 [preauth]
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session closed for user root
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session closed for user p13x
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28515]: Successful su for rubyman by root
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28515]: + ??? root:rubyman
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333948 of user rubyman.
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28515]: pam_unix(su:session): session closed for user rubyman
May  5 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333948.
May  5 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user root
May  5 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session closed for user root
May  5 12:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session closed for user samftp
May  5 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session closed for user root
May  5 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28873]: pam_unix(cron:session): session closed for user p13x
May  5 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: Successful su for rubyman by root
May  5 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: + ??? root:rubyman
May  5 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333955 of user rubyman.
May  5 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28947]: pam_unix(su:session): session closed for user rubyman
May  5 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333955.
May  5 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Invalid user lampuser from 94.159.101.55
May  5 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: input_userauth_request: invalid user lampuser [preauth]
May  5 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Invalid user mongo from 186.233.208.13
May  5 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: input_userauth_request: invalid user mongo [preauth]
May  5 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session closed for user root
May  5 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Failed password for invalid user lampuser from 94.159.101.55 port 53914 ssh2
May  5 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Received disconnect from 94.159.101.55 port 53914:11: Bye Bye [preauth]
May  5 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29011]: Disconnected from 94.159.101.55 port 53914 [preauth]
May  5 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Failed password for invalid user mongo from 186.233.208.13 port 55204 ssh2
May  5 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28874]: pam_unix(cron:session): session closed for user samftp
May  5 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Received disconnect from 186.233.208.13 port 55204:11: Bye Bye [preauth]
May  5 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29074]: Disconnected from 186.233.208.13 port 55204 [preauth]
May  5 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Invalid user wduser from 176.31.162.135
May  5 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: input_userauth_request: invalid user wduser [preauth]
May  5 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session closed for user root
May  5 12:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Failed password for invalid user wduser from 176.31.162.135 port 43978 ssh2
May  5 12:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Connection closed by 176.31.162.135 port 43978 [preauth]
May  5 12:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Invalid user redhat from 212.227.232.57
May  5 12:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: input_userauth_request: invalid user redhat [preauth]
May  5 12:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 12:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Failed password for invalid user redhat from 212.227.232.57 port 49142 ssh2
May  5 12:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Received disconnect from 212.227.232.57 port 49142:11: Bye Bye [preauth]
May  5 12:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Disconnected from 212.227.232.57 port 49142 [preauth]
May  5 12:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Invalid user activemq from 116.193.191.90
May  5 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: input_userauth_request: invalid user activemq [preauth]
May  5 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Failed password for invalid user activemq from 116.193.191.90 port 56510 ssh2
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29444]: pam_unix(cron:session): session closed for user p13x
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Received disconnect from 116.193.191.90 port 56510:11: Bye Bye [preauth]
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Disconnected from 116.193.191.90 port 56510 [preauth]
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29508]: Successful su for rubyman by root
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29508]: + ??? root:rubyman
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333958 of user rubyman.
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29508]: pam_unix(su:session): session closed for user rubyman
May  5 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333958.
May  5 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session closed for user root
May  5 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29445]: pam_unix(cron:session): session closed for user samftp
May  5 12:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137  user=root
May  5 12:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Failed password for root from 139.59.114.137 port 50500 ssh2
May  5 12:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Received disconnect from 139.59.114.137 port 50500:11: Bye Bye [preauth]
May  5 12:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Disconnected from 139.59.114.137 port 50500 [preauth]
May  5 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session closed for user root
May  5 12:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for root from 218.92.0.179 port 10110 ssh2
May  5 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10110 ssh2]
May  5 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Received disconnect from 218.92.0.179 port 10110:11:  [preauth]
May  5 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Disconnected from 218.92.0.179 port 10110 [preauth]
May  5 12:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Invalid user ubnt from 80.94.95.125
May  5 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: input_userauth_request: invalid user ubnt [preauth]
May  5 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 12:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for invalid user ubnt from 80.94.95.125 port 44063 ssh2
May  5 12:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for invalid user ubnt from 80.94.95.125 port 44063 ssh2
May  5 12:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session closed for user p13x
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30017]: Successful su for rubyman by root
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30017]: + ??? root:rubyman
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333963 of user rubyman.
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30017]: pam_unix(su:session): session closed for user rubyman
May  5 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333963.
May  5 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for invalid user ubnt from 80.94.95.125 port 44063 ssh2
May  5 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27154]: pam_unix(cron:session): session closed for user root
May  5 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for invalid user ubnt from 80.94.95.125 port 44063 ssh2
May  5 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session closed for user samftp
May  5 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Failed password for invalid user ubnt from 80.94.95.125 port 44063 ssh2
May  5 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Received disconnect from 80.94.95.125 port 44063:11: Bye [preauth]
May  5 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: Disconnected from 80.94.95.125 port 44063 [preauth]
May  5 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29940]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: Invalid user V from 195.178.110.50
May  5 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: input_userauth_request: invalid user V [preauth]
May  5 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 12:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: Failed password for invalid user V from 195.178.110.50 port 31064 ssh2
May  5 12:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30137]: Connection closed by 195.178.110.50 port 31064 [preauth]
May  5 12:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28876]: pam_unix(cron:session): session closed for user root
May  5 12:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: Invalid user mongo from 152.42.254.23
May  5 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: input_userauth_request: invalid user mongo [preauth]
May  5 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 12:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: Failed password for invalid user mongo from 152.42.254.23 port 42364 ssh2
May  5 12:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: Received disconnect from 152.42.254.23 port 42364:11: Bye Bye [preauth]
May  5 12:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30402]: Disconnected from 152.42.254.23 port 42364 [preauth]
May  5 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: Invalid user 7 from 195.178.110.50
May  5 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: input_userauth_request: invalid user 7 [preauth]
May  5 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 12:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: Failed password for invalid user 7 from 195.178.110.50 port 1490 ssh2
May  5 12:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30310]: Connection closed by 195.178.110.50 port 1490 [preauth]
May  5 12:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30456]: pam_unix(cron:session): session closed for user p13x
May  5 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30541]: Successful su for rubyman by root
May  5 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30541]: + ??? root:rubyman
May  5 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333967 of user rubyman.
May  5 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30541]: pam_unix(su:session): session closed for user rubyman
May  5 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333967.
May  5 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session closed for user root
May  5 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30457]: pam_unix(cron:session): session closed for user samftp
May  5 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Invalid user sjb from 103.23.199.119
May  5 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: input_userauth_request: invalid user sjb [preauth]
May  5 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: Invalid user v from 195.178.110.50
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: input_userauth_request: invalid user v [preauth]
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Failed password for invalid user sjb from 103.23.199.119 port 42226 ssh2
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Received disconnect from 103.23.199.119 port 42226:11: Bye Bye [preauth]
May  5 12:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Disconnected from 103.23.199.119 port 42226 [preauth]
May  5 12:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: Failed password for invalid user v from 195.178.110.50 port 16128 ssh2
May  5 12:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: Connection closed by 195.178.110.50 port 16128 [preauth]
May  5 12:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Invalid user admin from 186.233.208.13
May  5 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: input_userauth_request: invalid user admin [preauth]
May  5 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Failed password for invalid user admin from 186.233.208.13 port 50712 ssh2
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Received disconnect from 186.233.208.13 port 50712:11: Bye Bye [preauth]
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Disconnected from 186.233.208.13 port 50712 [preauth]
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Invalid user W from 195.178.110.50
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: input_userauth_request: invalid user W [preauth]
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session closed for user root
May  5 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Failed password for invalid user W from 195.178.110.50 port 54576 ssh2
May  5 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30724]: Connection closed by 195.178.110.50 port 54576 [preauth]
May  5 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Invalid user 8 from 195.178.110.50
May  5 12:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: input_userauth_request: invalid user 8 [preauth]
May  5 12:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 12:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Failed password for invalid user 8 from 195.178.110.50 port 32636 ssh2
May  5 12:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Connection closed by 195.178.110.50 port 32636 [preauth]
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30959]: pam_unix(cron:session): session closed for user root
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30954]: pam_unix(cron:session): session closed for user p13x
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: Successful su for rubyman by root
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: + ??? root:rubyman
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333973 of user rubyman.
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31024]: pam_unix(su:session): session closed for user rubyman
May  5 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333973.
May  5 12:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30956]: pam_unix(cron:session): session closed for user root
May  5 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session closed for user root
May  5 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30955]: pam_unix(cron:session): session closed for user samftp
May  5 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Invalid user tiptop from 35.222.117.243
May  5 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: input_userauth_request: invalid user tiptop [preauth]
May  5 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Failed password for invalid user tiptop from 35.222.117.243 port 34634 ssh2
May  5 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Received disconnect from 35.222.117.243 port 34634:11: Bye Bye [preauth]
May  5 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31220]: Disconnected from 35.222.117.243 port 34634 [preauth]
May  5 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session closed for user root
May  5 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: Invalid user kraken from 193.32.162.134
May  5 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: input_userauth_request: invalid user kraken [preauth]
May  5 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Invalid user es from 94.159.101.55
May  5 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: input_userauth_request: invalid user es [preauth]
May  5 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: Failed password for invalid user kraken from 193.32.162.134 port 53806 ssh2
May  5 12:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31365]: Connection closed by 193.32.162.134 port 53806 [preauth]
May  5 12:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Failed password for invalid user es from 94.159.101.55 port 35692 ssh2
May  5 12:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Received disconnect from 94.159.101.55 port 35692:11: Bye Bye [preauth]
May  5 12:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Disconnected from 94.159.101.55 port 35692 [preauth]
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user p13x
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31486]: Successful su for rubyman by root
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31486]: + ??? root:rubyman
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333976 of user rubyman.
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31486]: pam_unix(su:session): session closed for user rubyman
May  5 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333976.
May  5 12:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session closed for user root
May  5 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session closed for user samftp
May  5 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30459]: pam_unix(cron:session): session closed for user root
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31858]: pam_unix(cron:session): session closed for user p13x
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31928]: Successful su for rubyman by root
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31928]: + ??? root:rubyman
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333981 of user rubyman.
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31928]: pam_unix(su:session): session closed for user rubyman
May  5 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333981.
May  5 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session closed for user root
May  5 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31860]: pam_unix(cron:session): session closed for user samftp
May  5 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57  user=root
May  5 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Failed password for root from 212.227.232.57 port 57698 ssh2
May  5 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Received disconnect from 212.227.232.57 port 57698:11: Bye Bye [preauth]
May  5 12:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32121]: Disconnected from 212.227.232.57 port 57698 [preauth]
May  5 12:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30958]: pam_unix(cron:session): session closed for user root
May  5 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: Invalid user debian from 139.59.114.137
May  5 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: input_userauth_request: invalid user debian [preauth]
May  5 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 12:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: Failed password for invalid user debian from 139.59.114.137 port 44700 ssh2
May  5 12:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: Received disconnect from 139.59.114.137 port 44700:11: Bye Bye [preauth]
May  5 12:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32227]: Disconnected from 139.59.114.137 port 44700 [preauth]
May  5 12:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 12:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: Failed password for root from 186.233.208.13 port 37350 ssh2
May  5 12:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: Received disconnect from 186.233.208.13 port 37350:11: Bye Bye [preauth]
May  5 12:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32277]: Disconnected from 186.233.208.13 port 37350 [preauth]
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32288]: pam_unix(cron:session): session closed for user p13x
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: Successful su for rubyman by root
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: + ??? root:rubyman
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333985 of user rubyman.
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: pam_unix(su:session): session closed for user rubyman
May  5 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333985.
May  5 12:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session closed for user root
May  5 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32289]: pam_unix(cron:session): session closed for user samftp
May  5 12:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31420]: pam_unix(cron:session): session closed for user root
May  5 12:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Invalid user haoyl from 116.193.191.90
May  5 12:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: input_userauth_request: invalid user haoyl [preauth]
May  5 12:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): check pass; user unknown
May  5 12:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Failed password for invalid user haoyl from 116.193.191.90 port 38990 ssh2
May  5 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Received disconnect from 116.193.191.90 port 38990:11: Bye Bye [preauth]
May  5 12:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Disconnected from 116.193.191.90 port 38990 [preauth]
May  5 12:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 12:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 12:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for root from 152.42.254.23 port 60788 ssh2
May  5 12:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Received disconnect from 152.42.254.23 port 60788:11: Bye Bye [preauth]
May  5 12:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Disconnected from 152.42.254.23 port 60788 [preauth]
May  5 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[329]: pam_unix(cron:session): session closed for user p13x
May  5 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[406]: Successful su for rubyman by root
May  5 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[406]: + ??? root:rubyman
May  5 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333988 of user rubyman.
May  5 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[406]: pam_unix(su:session): session closed for user rubyman
May  5 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333988.
May  5 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session closed for user root
May  5 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[330]: pam_unix(cron:session): session closed for user samftp
May  5 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session closed for user root
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user root
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user root
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session closed for user p13x
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[889]: Successful su for rubyman by root
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[889]: + ??? root:rubyman
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333993 of user rubyman.
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[889]: pam_unix(su:session): session closed for user rubyman
May  5 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333993.
May  5 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session closed for user root
May  5 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30458]: pam_unix(cron:session): session closed for user root
May  5 13:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session closed for user samftp
May  5 13:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Invalid user midas from 35.222.117.243
May  5 13:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: input_userauth_request: invalid user midas [preauth]
May  5 13:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user midas from 35.222.117.243 port 42148 ssh2
May  5 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Received disconnect from 35.222.117.243 port 42148:11: Bye Bye [preauth]
May  5 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Disconnected from 35.222.117.243 port 42148 [preauth]
May  5 13:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Failed password for root from 94.159.101.55 port 58534 ssh2
May  5 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Received disconnect from 94.159.101.55 port 58534:11: Bye Bye [preauth]
May  5 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Disconnected from 94.159.101.55 port 58534 [preauth]
May  5 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32291]: pam_unix(cron:session): session closed for user root
May  5 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1347]: pam_unix(cron:session): session closed for user p13x
May  5 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: Successful su for rubyman by root
May  5 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: + ??? root:rubyman
May  5 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 333999 of user rubyman.
May  5 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1421]: pam_unix(su:session): session closed for user rubyman
May  5 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 333999.
May  5 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30957]: pam_unix(cron:session): session closed for user root
May  5 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1348]: pam_unix(cron:session): session closed for user samftp
May  5 13:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Invalid user huawei from 186.233.208.13
May  5 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: input_userauth_request: invalid user huawei [preauth]
May  5 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 13:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Failed password for invalid user huawei from 186.233.208.13 port 58068 ssh2
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Received disconnect from 186.233.208.13 port 58068:11: Bye Bye [preauth]
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Disconnected from 186.233.208.13 port 58068 [preauth]
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Invalid user wjc from 103.23.199.119
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: input_userauth_request: invalid user wjc [preauth]
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for invalid user wjc from 103.23.199.119 port 43142 ssh2
May  5 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Received disconnect from 103.23.199.119 port 43142:11: Bye Bye [preauth]
May  5 13:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Disconnected from 103.23.199.119 port 43142 [preauth]
May  5 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[332]: pam_unix(cron:session): session closed for user root
May  5 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Invalid user uniswap from 193.32.162.134
May  5 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: input_userauth_request: invalid user uniswap [preauth]
May  5 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session closed for user p13x
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: Successful su for rubyman by root
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: + ??? root:rubyman
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334004 of user rubyman.
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1881]: pam_unix(su:session): session closed for user rubyman
May  5 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334004.
May  5 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Failed password for invalid user uniswap from 193.32.162.134 port 37626 ssh2
May  5 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Connection closed by 193.32.162.134 port 37626 [preauth]
May  5 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session closed for user root
May  5 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session closed for user samftp
May  5 13:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Invalid user zjw from 212.227.232.57
May  5 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: input_userauth_request: invalid user zjw [preauth]
May  5 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 13:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Failed password for invalid user zjw from 212.227.232.57 port 54956 ssh2
May  5 13:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Received disconnect from 212.227.232.57 port 54956:11: Bye Bye [preauth]
May  5 13:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2170]: Disconnected from 212.227.232.57 port 54956 [preauth]
May  5 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session closed for user root
May  5 13:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137  user=root
May  5 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Failed password for root from 139.59.114.137 port 58012 ssh2
May  5 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Received disconnect from 139.59.114.137 port 58012:11: Bye Bye [preauth]
May  5 13:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Disconnected from 139.59.114.137 port 58012 [preauth]
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session closed for user p13x
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: Successful su for rubyman by root
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: + ??? root:rubyman
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334007 of user rubyman.
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2373]: pam_unix(su:session): session closed for user rubyman
May  5 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334007.
May  5 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31861]: pam_unix(cron:session): session closed for user root
May  5 13:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session closed for user samftp
May  5 13:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for root from 218.92.0.179 port 44624 ssh2
May  5 13:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for root from 218.92.0.179 port 44624 ssh2
May  5 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1350]: pam_unix(cron:session): session closed for user root
May  5 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Failed password for root from 218.92.0.179 port 44624 ssh2
May  5 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Received disconnect from 218.92.0.179 port 44624:11:  [preauth]
May  5 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: Disconnected from 218.92.0.179 port 44624 [preauth]
May  5 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2644]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 13:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Failed password for root from 152.42.254.23 port 51194 ssh2
May  5 13:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Received disconnect from 152.42.254.23 port 51194:11: Bye Bye [preauth]
May  5 13:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Disconnected from 152.42.254.23 port 51194 [preauth]
May  5 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session closed for user p13x
May  5 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: Successful su for rubyman by root
May  5 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: + ??? root:rubyman
May  5 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334012 of user rubyman.
May  5 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2822]: pam_unix(su:session): session closed for user rubyman
May  5 13:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334012.
May  5 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32290]: pam_unix(cron:session): session closed for user root
May  5 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2760]: pam_unix(cron:session): session closed for user samftp
May  5 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Invalid user openuser from 46.244.96.25
May  5 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: input_userauth_request: invalid user openuser [preauth]
May  5 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 13:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Failed password for invalid user openuser from 46.244.96.25 port 58312 ssh2
May  5 13:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Connection closed by 46.244.96.25 port 58312 [preauth]
May  5 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1816]: pam_unix(cron:session): session closed for user root
May  5 13:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Invalid user midas from 186.233.208.13
May  5 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: input_userauth_request: invalid user midas [preauth]
May  5 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Failed password for invalid user midas from 186.233.208.13 port 56788 ssh2
May  5 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Received disconnect from 186.233.208.13 port 56788:11: Bye Bye [preauth]
May  5 13:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: Disconnected from 186.233.208.13 port 56788 [preauth]
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3175]: pam_unix(cron:session): session closed for user root
May  5 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session closed for user p13x
May  5 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: Successful su for rubyman by root
May  5 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: + ??? root:rubyman
May  5 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334016 of user rubyman.
May  5 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3243]: pam_unix(su:session): session closed for user rubyman
May  5 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334016.
May  5 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3172]: pam_unix(cron:session): session closed for user root
May  5 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[331]: pam_unix(cron:session): session closed for user root
May  5 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3170]: pam_unix(cron:session): session closed for user samftp
May  5 13:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Invalid user tiptop from 94.159.101.55
May  5 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: input_userauth_request: invalid user tiptop [preauth]
May  5 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Failed password for invalid user tiptop from 94.159.101.55 port 52868 ssh2
May  5 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Received disconnect from 94.159.101.55 port 52868:11: Bye Bye [preauth]
May  5 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Disconnected from 94.159.101.55 port 52868 [preauth]
May  5 13:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
May  5 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Failed password for root from 116.193.191.90 port 43500 ssh2
May  5 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Received disconnect from 116.193.191.90 port 43500:11: Bye Bye [preauth]
May  5 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Disconnected from 116.193.191.90 port 43500 [preauth]
May  5 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2308]: pam_unix(cron:session): session closed for user root
May  5 13:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Failed password for root from 35.222.117.243 port 49660 ssh2
May  5 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Received disconnect from 35.222.117.243 port 49660:11: Bye Bye [preauth]
May  5 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3638]: Disconnected from 35.222.117.243 port 49660 [preauth]
May  5 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Invalid user afcadmin from 164.68.105.9
May  5 13:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: input_userauth_request: invalid user afcadmin [preauth]
May  5 13:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3660]: pam_unix(cron:session): session closed for user p13x
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: Successful su for rubyman by root
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: + ??? root:rubyman
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334021 of user rubyman.
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: pam_unix(su:session): session closed for user rubyman
May  5 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334021.
May  5 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Failed password for invalid user afcadmin from 164.68.105.9 port 44502 ssh2
May  5 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3657]: Connection closed by 164.68.105.9 port 44502 [preauth]
May  5 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session closed for user root
May  5 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3661]: pam_unix(cron:session): session closed for user samftp
May  5 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2763]: pam_unix(cron:session): session closed for user root
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4099]: pam_unix(cron:session): session closed for user p13x
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4160]: Successful su for rubyman by root
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4160]: + ??? root:rubyman
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334025 of user rubyman.
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4160]: pam_unix(su:session): session closed for user rubyman
May  5 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334025.
May  5 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session closed for user root
May  5 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4100]: pam_unix(cron:session): session closed for user samftp
May  5 13:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Invalid user webmaster from 212.227.232.57
May  5 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: input_userauth_request: invalid user webmaster [preauth]
May  5 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Failed password for invalid user webmaster from 212.227.232.57 port 45008 ssh2
May  5 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Received disconnect from 212.227.232.57 port 45008:11: Bye Bye [preauth]
May  5 13:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4568]: Disconnected from 212.227.232.57 port 45008 [preauth]
May  5 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3174]: pam_unix(cron:session): session closed for user root
May  5 13:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137  user=root
May  5 13:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Failed password for root from 139.59.114.137 port 35868 ssh2
May  5 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Received disconnect from 139.59.114.137 port 35868:11: Bye Bye [preauth]
May  5 13:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Disconnected from 139.59.114.137 port 35868 [preauth]
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4663]: pam_unix(cron:session): session closed for user p13x
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4727]: Successful su for rubyman by root
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4727]: + ??? root:rubyman
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334030 of user rubyman.
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4727]: pam_unix(su:session): session closed for user rubyman
May  5 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334030.
May  5 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session closed for user root
May  5 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4664]: pam_unix(cron:session): session closed for user samftp
May  5 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: Invalid user jzj from 103.23.199.119
May  5 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: input_userauth_request: invalid user jzj [preauth]
May  5 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: Failed password for invalid user jzj from 103.23.199.119 port 47266 ssh2
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: Received disconnect from 103.23.199.119 port 47266:11: Bye Bye [preauth]
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4963]: Disconnected from 103.23.199.119 port 47266 [preauth]
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Invalid user tazos from 193.32.162.134
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: input_userauth_request: invalid user tazos [preauth]
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: Invalid user lampuser from 186.233.208.13
May  5 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: input_userauth_request: invalid user lampuser [preauth]
May  5 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Failed password for invalid user tazos from 193.32.162.134 port 49674 ssh2
May  5 13:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4965]: Connection closed by 193.32.162.134 port 49674 [preauth]
May  5 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: Failed password for invalid user lampuser from 186.233.208.13 port 35712 ssh2
May  5 13:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: Received disconnect from 186.233.208.13 port 35712:11: Bye Bye [preauth]
May  5 13:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4976]: Disconnected from 186.233.208.13 port 35712 [preauth]
May  5 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3663]: pam_unix(cron:session): session closed for user root
May  5 13:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Invalid user admin from 152.42.254.23
May  5 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: input_userauth_request: invalid user admin [preauth]
May  5 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Failed password for invalid user admin from 152.42.254.23 port 38846 ssh2
May  5 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Received disconnect from 152.42.254.23 port 38846:11: Bye Bye [preauth]
May  5 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5226]: Disconnected from 152.42.254.23 port 38846 [preauth]
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5284]: pam_unix(cron:session): session closed for user p13x
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5406]: Successful su for rubyman by root
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5406]: + ??? root:rubyman
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334034 of user rubyman.
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5406]: pam_unix(su:session): session closed for user rubyman
May  5 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334034.
May  5 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5282]: pam_unix(cron:session): session closed for user root
May  5 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2307]: pam_unix(cron:session): session closed for user root
May  5 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5285]: pam_unix(cron:session): session closed for user samftp
May  5 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4102]: pam_unix(cron:session): session closed for user root
May  5 13:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Invalid user muser from 94.159.101.55
May  5 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: input_userauth_request: invalid user muser [preauth]
May  5 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 13:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Failed password for invalid user muser from 94.159.101.55 port 34156 ssh2
May  5 13:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Received disconnect from 94.159.101.55 port 34156:11: Bye Bye [preauth]
May  5 13:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5907]: Disconnected from 94.159.101.55 port 34156 [preauth]
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5942]: pam_unix(cron:session): session closed for user root
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5937]: pam_unix(cron:session): session closed for user p13x
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6015]: Successful su for rubyman by root
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6015]: + ??? root:rubyman
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334041 of user rubyman.
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6015]: pam_unix(su:session): session closed for user rubyman
May  5 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334041.
May  5 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5939]: pam_unix(cron:session): session closed for user root
May  5 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2761]: pam_unix(cron:session): session closed for user root
May  5 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5938]: pam_unix(cron:session): session closed for user samftp
May  5 13:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session closed for user root
May  5 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6393]: pam_unix(cron:session): session closed for user p13x
May  5 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: Successful su for rubyman by root
May  5 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: + ??? root:rubyman
May  5 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334045 of user rubyman.
May  5 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6466]: pam_unix(su:session): session closed for user rubyman
May  5 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334045.
May  5 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3173]: pam_unix(cron:session): session closed for user root
May  5 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6394]: pam_unix(cron:session): session closed for user samftp
May  5 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: Invalid user jenkins from 35.222.117.243
May  5 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: input_userauth_request: invalid user jenkins [preauth]
May  5 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: Failed password for invalid user jenkins from 35.222.117.243 port 57178 ssh2
May  5 13:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: Received disconnect from 35.222.117.243 port 57178:11: Bye Bye [preauth]
May  5 13:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6651]: Disconnected from 35.222.117.243 port 57178 [preauth]
May  5 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5287]: pam_unix(cron:session): session closed for user root
May  5 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Failed password for root from 218.92.0.179 port 52220 ssh2
May  5 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52220 ssh2]
May  5 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Received disconnect from 218.92.0.179 port 52220:11:  [preauth]
May  5 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Disconnected from 218.92.0.179 port 52220 [preauth]
May  5 13:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Invalid user test from 116.193.191.90
May  5 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: input_userauth_request: invalid user test [preauth]
May  5 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 13:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Invalid user tiptop from 186.233.208.13
May  5 13:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: input_userauth_request: invalid user tiptop [preauth]
May  5 13:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Failed password for invalid user test from 116.193.191.90 port 50856 ssh2
May  5 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Received disconnect from 116.193.191.90 port 50856:11: Bye Bye [preauth]
May  5 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6798]: Disconnected from 116.193.191.90 port 50856 [preauth]
May  5 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Failed password for invalid user tiptop from 186.233.208.13 port 37042 ssh2
May  5 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Received disconnect from 186.233.208.13 port 37042:11: Bye Bye [preauth]
May  5 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6800]: Disconnected from 186.233.208.13 port 37042 [preauth]
May  5 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session closed for user p13x
May  5 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6891]: Successful su for rubyman by root
May  5 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6891]: + ??? root:rubyman
May  5 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334051 of user rubyman.
May  5 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6891]: pam_unix(su:session): session closed for user rubyman
May  5 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334051.
May  5 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3662]: pam_unix(cron:session): session closed for user root
May  5 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user samftp
May  5 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5941]: pam_unix(cron:session): session closed for user root
May  5 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Invalid user wzd from 212.227.232.57
May  5 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: input_userauth_request: invalid user wzd [preauth]
May  5 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 13:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for invalid user wzd from 212.227.232.57 port 52638 ssh2
May  5 13:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Received disconnect from 212.227.232.57 port 52638:11: Bye Bye [preauth]
May  5 13:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Disconnected from 212.227.232.57 port 52638 [preauth]
May  5 13:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Invalid user s3 from 139.59.114.137
May  5 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: input_userauth_request: invalid user s3 [preauth]
May  5 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for invalid user s3 from 139.59.114.137 port 55496 ssh2
May  5 13:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Received disconnect from 139.59.114.137 port 55496:11: Bye Bye [preauth]
May  5 13:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Disconnected from 139.59.114.137 port 55496 [preauth]
May  5 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session closed for user p13x
May  5 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: Successful su for rubyman by root
May  5 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: + ??? root:rubyman
May  5 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334053 of user rubyman.
May  5 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: pam_unix(su:session): session closed for user rubyman
May  5 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334053.
May  5 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4101]: pam_unix(cron:session): session closed for user root
May  5 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session closed for user samftp
May  5 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session closed for user root
May  5 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Invalid user tiptop from 152.42.254.23
May  5 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: input_userauth_request: invalid user tiptop [preauth]
May  5 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Failed password for invalid user tiptop from 152.42.254.23 port 44686 ssh2
May  5 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Received disconnect from 152.42.254.23 port 44686:11: Bye Bye [preauth]
May  5 13:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Disconnected from 152.42.254.23 port 44686 [preauth]
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session closed for user p13x
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: Successful su for rubyman by root
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: + ??? root:rubyman
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334056 of user rubyman.
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7937]: pam_unix(su:session): session closed for user rubyman
May  5 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334056.
May  5 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4665]: pam_unix(cron:session): session closed for user root
May  5 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user samftp
May  5 13:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 13:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Failed password for root from 94.159.101.55 port 60358 ssh2
May  5 13:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Received disconnect from 94.159.101.55 port 60358:11: Bye Bye [preauth]
May  5 13:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Disconnected from 94.159.101.55 port 60358 [preauth]
May  5 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: Failed password for root from 218.92.0.179 port 30220 ssh2
May  5 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 30220 ssh2]
May  5 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: Received disconnect from 218.92.0.179 port 30220:11:  [preauth]
May  5 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: Disconnected from 218.92.0.179 port 30220 [preauth]
May  5 13:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8189]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user root
May  5 13:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Invalid user mina from 193.32.162.134
May  5 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: input_userauth_request: invalid user mina [preauth]
May  5 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Failed password for invalid user mina from 193.32.162.134 port 33494 ssh2
May  5 13:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8254]: Connection closed by 193.32.162.134 port 33494 [preauth]
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
May  5 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user p13x
May  5 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: Successful su for rubyman by root
May  5 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: + ??? root:rubyman
May  5 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334064 of user rubyman.
May  5 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session closed for user rubyman
May  5 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334064.
May  5 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session closed for user root
May  5 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5286]: pam_unix(cron:session): session closed for user root
May  5 13:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session closed for user samftp
May  5 13:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 13:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: Failed password for root from 186.233.208.13 port 59828 ssh2
May  5 13:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: Received disconnect from 186.233.208.13 port 59828:11: Bye Bye [preauth]
May  5 13:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8611]: Disconnected from 186.233.208.13 port 59828 [preauth]
May  5 13:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Invalid user miner from 103.23.199.119
May  5 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: input_userauth_request: invalid user miner [preauth]
May  5 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Failed password for invalid user miner from 103.23.199.119 port 56252 ssh2
May  5 13:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Received disconnect from 103.23.199.119 port 56252:11: Bye Bye [preauth]
May  5 13:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8653]: Disconnected from 103.23.199.119 port 56252 [preauth]
May  5 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7347]: pam_unix(cron:session): session closed for user root
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session closed for user p13x
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: Successful su for rubyman by root
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: + ??? root:rubyman
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334066 of user rubyman.
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: pam_unix(su:session): session closed for user rubyman
May  5 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334066.
May  5 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5940]: pam_unix(cron:session): session closed for user root
May  5 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session closed for user samftp
May  5 13:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: Invalid user admin from 35.222.117.243
May  5 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: input_userauth_request: invalid user admin [preauth]
May  5 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: Failed password for invalid user admin from 35.222.117.243 port 36456 ssh2
May  5 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: Received disconnect from 35.222.117.243 port 36456:11: Bye Bye [preauth]
May  5 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9076]: Disconnected from 35.222.117.243 port 36456 [preauth]
May  5 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session closed for user root
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user root
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9314]: pam_unix(cron:session): session closed for user p13x
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: Successful su for rubyman by root
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: + ??? root:rubyman
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334072 of user rubyman.
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9382]: pam_unix(su:session): session closed for user rubyman
May  5 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334072.
May  5 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session closed for user root
May  5 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9315]: pam_unix(cron:session): session closed for user samftp
May  5 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user root
May  5 13:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Invalid user long from 212.227.232.57
May  5 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: input_userauth_request: invalid user long [preauth]
May  5 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Failed password for invalid user long from 212.227.232.57 port 54878 ssh2
May  5 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Received disconnect from 212.227.232.57 port 54878:11: Bye Bye [preauth]
May  5 13:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Disconnected from 212.227.232.57 port 54878 [preauth]
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session closed for user p13x
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: Successful su for rubyman by root
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: + ??? root:rubyman
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334078 of user rubyman.
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9794]: pam_unix(su:session): session closed for user rubyman
May  5 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334078.
May  5 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: Invalid user yangbo from 139.59.114.137
May  5 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: input_userauth_request: invalid user yangbo [preauth]
May  5 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user root
May  5 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: Failed password for invalid user yangbo from 139.59.114.137 port 34918 ssh2
May  5 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: Received disconnect from 139.59.114.137 port 34918:11: Bye Bye [preauth]
May  5 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9792]: Disconnected from 139.59.114.137 port 34918 [preauth]
May  5 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session closed for user samftp
May  5 13:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90  user=root
May  5 13:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10015]: Failed password for root from 116.193.191.90 port 46566 ssh2
May  5 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10015]: Received disconnect from 116.193.191.90 port 46566:11: Bye Bye [preauth]
May  5 13:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10015]: Disconnected from 116.193.191.90 port 46566 [preauth]
May  5 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8779]: pam_unix(cron:session): session closed for user root
May  5 13:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 13:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 13:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: Failed password for root from 152.42.254.23 port 34952 ssh2
May  5 13:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: Received disconnect from 152.42.254.23 port 34952:11: Bye Bye [preauth]
May  5 13:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: Disconnected from 152.42.254.23 port 34952 [preauth]
May  5 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Failed password for root from 186.233.208.13 port 56896 ssh2
May  5 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Received disconnect from 186.233.208.13 port 56896:11: Bye Bye [preauth]
May  5 13:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10084]: Disconnected from 186.233.208.13 port 56896 [preauth]
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session closed for user p13x
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: Successful su for rubyman by root
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: + ??? root:rubyman
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334080 of user rubyman.
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session closed for user rubyman
May  5 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334080.
May  5 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session closed for user root
May  5 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Invalid user huawei from 94.159.101.55
May  5 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: input_userauth_request: invalid user huawei [preauth]
May  5 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user samftp
May  5 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Failed password for invalid user huawei from 94.159.101.55 port 52582 ssh2
May  5 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Received disconnect from 94.159.101.55 port 52582:11: Bye Bye [preauth]
May  5 13:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10449]: Disconnected from 94.159.101.55 port 52582 [preauth]
May  5 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session closed for user root
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session closed for user root
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session closed for user p13x
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10770]: Successful su for rubyman by root
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10770]: + ??? root:rubyman
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334084 of user rubyman.
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10770]: pam_unix(su:session): session closed for user rubyman
May  5 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334084.
May  5 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session closed for user root
May  5 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user root
May  5 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session closed for user samftp
May  5 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session closed for user root
May  5 13:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Invalid user polkadot from 193.32.162.134
May  5 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: input_userauth_request: invalid user polkadot [preauth]
May  5 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for invalid user polkadot from 193.32.162.134 port 45546 ssh2
May  5 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Connection closed by 193.32.162.134 port 45546 [preauth]
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11126]: pam_unix(cron:session): session closed for user p13x
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11197]: Successful su for rubyman by root
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11197]: + ??? root:rubyman
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334090 of user rubyman.
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11197]: pam_unix(su:session): session closed for user rubyman
May  5 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334090.
May  5 13:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user root
May  5 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11127]: pam_unix(cron:session): session closed for user samftp
May  5 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session closed for user root
May  5 13:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Failed password for root from 35.222.117.243 port 43976 ssh2
May  5 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Received disconnect from 35.222.117.243 port 43976:11: Bye Bye [preauth]
May  5 13:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11495]: Disconnected from 35.222.117.243 port 43976 [preauth]
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11528]: pam_unix(cron:session): session closed for user p13x
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: Successful su for rubyman by root
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: + ??? root:rubyman
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334094 of user rubyman.
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11594]: pam_unix(su:session): session closed for user rubyman
May  5 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334094.
May  5 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session closed for user root
May  5 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session closed for user samftp
May  5 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Invalid user es from 186.233.208.13
May  5 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: input_userauth_request: invalid user es [preauth]
May  5 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  5 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Failed password for invalid user es from 186.233.208.13 port 34428 ssh2
May  5 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Received disconnect from 186.233.208.13 port 34428:11: Bye Bye [preauth]
May  5 13:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11773]: Disconnected from 186.233.208.13 port 34428 [preauth]
May  5 13:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Invalid user jupyter from 103.23.199.119
May  5 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: input_userauth_request: invalid user jupyter [preauth]
May  5 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Failed password for invalid user jupyter from 103.23.199.119 port 33438 ssh2
May  5 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Received disconnect from 103.23.199.119 port 33438:11: Bye Bye [preauth]
May  5 13:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11836]: Disconnected from 103.23.199.119 port 33438 [preauth]
May  5 13:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session closed for user root
May  5 13:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Invalid user wuyu from 212.227.232.57
May  5 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: input_userauth_request: invalid user wuyu [preauth]
May  5 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.232.57
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Failed password for invalid user wuyu from 212.227.232.57 port 46210 ssh2
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Received disconnect from 212.227.232.57 port 46210:11: Bye Bye [preauth]
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11921]: Disconnected from 212.227.232.57 port 46210 [preauth]
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session closed for user p13x
May  5 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: Successful su for rubyman by root
May  5 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: + ??? root:rubyman
May  5 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334100 of user rubyman.
May  5 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11984]: pam_unix(su:session): session closed for user rubyman
May  5 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334100.
May  5 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9316]: pam_unix(cron:session): session closed for user root
May  5 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session closed for user samftp
May  5 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Invalid user qwerty from 139.59.114.137
May  5 13:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: input_userauth_request: invalid user qwerty [preauth]
May  5 13:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Failed password for invalid user qwerty from 139.59.114.137 port 34760 ssh2
May  5 13:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Received disconnect from 139.59.114.137 port 34760:11: Bye Bye [preauth]
May  5 13:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12161]: Disconnected from 139.59.114.137 port 34760 [preauth]
May  5 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session closed for user root
May  5 13:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: Invalid user web from 152.42.254.23
May  5 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: input_userauth_request: invalid user web [preauth]
May  5 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: Failed password for invalid user web from 152.42.254.23 port 49128 ssh2
May  5 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: Received disconnect from 152.42.254.23 port 49128:11: Bye Bye [preauth]
May  5 13:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12252]: Disconnected from 152.42.254.23 port 49128 [preauth]
May  5 13:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: Invalid user mongo from 94.159.101.55
May  5 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: input_userauth_request: invalid user mongo [preauth]
May  5 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: Failed password for invalid user mongo from 94.159.101.55 port 60662 ssh2
May  5 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: Received disconnect from 94.159.101.55 port 60662:11: Bye Bye [preauth]
May  5 13:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: Disconnected from 94.159.101.55 port 60662 [preauth]
May  5 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12336]: pam_unix(cron:session): session closed for user p13x
May  5 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: Successful su for rubyman by root
May  5 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: + ??? root:rubyman
May  5 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334101 of user rubyman.
May  5 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12397]: pam_unix(su:session): session closed for user rubyman
May  5 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334101.
May  5 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session closed for user root
May  5 13:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session closed for user samftp
May  5 13:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session closed for user root
May  5 13:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Invalid user jakub from 116.193.191.90
May  5 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: input_userauth_request: invalid user jakub [preauth]
May  5 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.191.90
May  5 13:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Failed password for invalid user jakub from 116.193.191.90 port 35472 ssh2
May  5 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Received disconnect from 116.193.191.90 port 35472:11: Bye Bye [preauth]
May  5 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12714]: Disconnected from 116.193.191.90 port 35472 [preauth]
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session closed for user root
May  5 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session closed for user p13x
May  5 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: Successful su for rubyman by root
May  5 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: + ??? root:rubyman
May  5 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334109 of user rubyman.
May  5 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12792]: pam_unix(su:session): session closed for user rubyman
May  5 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334109.
May  5 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session closed for user root
May  5 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session closed for user root
May  5 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session closed for user samftp
May  5 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Did not receive identification string from 175.6.98.16
May  5 13:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Failed password for root from 175.6.98.16 port 44884 ssh2
May  5 13:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Connection closed by 175.6.98.16 port 44884 [preauth]
May  5 13:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session closed for user root
May  5 13:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13076]: Failed password for root from 175.6.98.16 port 46050 ssh2
May  5 13:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  5 13:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Failed password for root from 186.233.208.13 port 43978 ssh2
May  5 13:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Received disconnect from 186.233.208.13 port 43978:11: Bye Bye [preauth]
May  5 13:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13105]: Disconnected from 186.233.208.13 port 43978 [preauth]
May  5 13:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: Failed password for root from 175.6.98.16 port 49374 ssh2
May  5 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: Connection closed by 175.6.98.16 port 49374 [preauth]
May  5 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: Failed password for root from 175.6.98.16 port 50186 ssh2
May  5 13:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13138]: Connection closed by 175.6.98.16 port 50186 [preauth]
May  5 13:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session closed for user p13x
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: Successful su for rubyman by root
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: + ??? root:rubyman
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334112 of user rubyman.
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13227]: pam_unix(su:session): session closed for user rubyman
May  5 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334112.
May  5 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: Failed password for root from 175.6.98.16 port 51942 ssh2
May  5 13:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13157]: Connection closed by 175.6.98.16 port 51942 [preauth]
May  5 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session closed for user root
May  5 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13161]: pam_unix(cron:session): session closed for user samftp
May  5 13:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Failed password for root from 175.6.98.16 port 53070 ssh2
May  5 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13379]: Connection closed by 175.6.98.16 port 53070 [preauth]
May  5 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Failed password for root from 175.6.98.16 port 54158 ssh2
May  5 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13428]: Connection closed by 175.6.98.16 port 54158 [preauth]
May  5 13:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Failed password for root from 175.6.98.16 port 54818 ssh2
May  5 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Connection closed by 175.6.98.16 port 54818 [preauth]
May  5 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Failed password for root from 175.6.98.16 port 55530 ssh2
May  5 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Connection closed by 175.6.98.16 port 55530 [preauth]
May  5 13:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Failed password for root from 175.6.98.16 port 56208 ssh2
May  5 13:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Connection closed by 175.6.98.16 port 56208 [preauth]
May  5 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session closed for user root
May  5 13:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: Failed password for root from 175.6.98.16 port 58340 ssh2
May  5 13:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13625]: Connection closed by 175.6.98.16 port 58340 [preauth]
May  5 13:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for root from 175.6.98.16 port 58878 ssh2
May  5 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 175.6.98.16 port 58878 [preauth]
May  5 13:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 175.6.98.16 port 59494 ssh2
May  5 13:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Connection closed by 175.6.98.16 port 59494 [preauth]
May  5 13:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: Failed password for root from 175.6.98.16 port 59938 ssh2
May  5 13:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13673]: Connection closed by 175.6.98.16 port 59938 [preauth]
May  5 13:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Failed password for root from 175.6.98.16 port 32794 ssh2
May  5 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Connection closed by 175.6.98.16 port 32794 [preauth]
May  5 13:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13699]: pam_unix(cron:session): session closed for user p13x
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: Successful su for rubyman by root
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: + ??? root:rubyman
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334116 of user rubyman.
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13767]: pam_unix(su:session): session closed for user rubyman
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334116.
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: Failed password for root from 175.6.98.16 port 33202 ssh2
May  5 13:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13686]: Connection closed by 175.6.98.16 port 33202 [preauth]
May  5 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11128]: pam_unix(cron:session): session closed for user root
May  5 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Invalid user es from 35.222.117.243
May  5 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: input_userauth_request: invalid user es [preauth]
May  5 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Failed password for invalid user es from 35.222.117.243 port 51496 ssh2
May  5 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Received disconnect from 35.222.117.243 port 51496:11: Bye Bye [preauth]
May  5 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13886]: Disconnected from 35.222.117.243 port 51496 [preauth]
May  5 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13702]: pam_unix(cron:session): session closed for user samftp
May  5 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Failed password for root from 175.6.98.16 port 33788 ssh2
May  5 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13842]: Connection closed by 175.6.98.16 port 33788 [preauth]
May  5 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Failed password for root from 175.6.98.16 port 34316 ssh2
May  5 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Connection closed by 175.6.98.16 port 34316 [preauth]
May  5 13:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Failed password for root from 175.6.98.16 port 34772 ssh2
May  5 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13964]: Connection closed by 175.6.98.16 port 34772 [preauth]
May  5 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: Invalid user stake from 193.32.162.134
May  5 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: input_userauth_request: invalid user stake [preauth]
May  5 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: Failed password for invalid user stake from 193.32.162.134 port 57598 ssh2
May  5 13:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: Connection closed by 193.32.162.134 port 57598 [preauth]
May  5 13:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Failed password for root from 175.6.98.16 port 35796 ssh2
May  5 13:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13988]: Connection closed by 175.6.98.16 port 35796 [preauth]
May  5 13:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Invalid user muser from 106.54.217.132
May  5 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: input_userauth_request: invalid user muser [preauth]
May  5 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.217.132
May  5 13:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Failed password for invalid user muser from 106.54.217.132 port 35218 ssh2
May  5 13:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Failed password for root from 175.6.98.16 port 37392 ssh2
May  5 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Connection closed by 175.6.98.16 port 37392 [preauth]
May  5 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session closed for user root
May  5 13:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Invalid user anonymous from 172.174.5.146
May  5 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: input_userauth_request: invalid user anonymous [preauth]
May  5 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14057]: Failed password for root from 175.6.98.16 port 38334 ssh2
May  5 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14057]: Connection closed by 175.6.98.16 port 38334 [preauth]
May  5 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Failed password for invalid user anonymous from 172.174.5.146 port 23286 ssh2
May  5 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Received disconnect from 172.174.5.146 port 23286:11: Bye Bye [preauth]
May  5 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Disconnected from 172.174.5.146 port 23286 [preauth]
May  5 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Failed password for root from 175.6.98.16 port 39474 ssh2
May  5 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14080]: Connection closed by 175.6.98.16 port 39474 [preauth]
May  5 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14103]: Failed password for root from 175.6.98.16 port 40412 ssh2
May  5 13:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14103]: Connection closed by 175.6.98.16 port 40412 [preauth]
May  5 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Failed password for root from 218.92.0.179 port 58210 ssh2
May  5 13:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Failed password for root from 218.92.0.179 port 58210 ssh2
May  5 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Failed password for root from 175.6.98.16 port 40900 ssh2
May  5 13:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Connection closed by 175.6.98.16 port 40900 [preauth]
May  5 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Failed password for root from 218.92.0.179 port 58210 ssh2
May  5 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Received disconnect from 218.92.0.179 port 58210:11:  [preauth]
May  5 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Disconnected from 218.92.0.179 port 58210 [preauth]
May  5 13:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14117]: Failed password for root from 175.6.98.16 port 41400 ssh2
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14117]: Connection closed by 175.6.98.16 port 41400 [preauth]
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user p13x
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14190]: Successful su for rubyman by root
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14190]: + ??? root:rubyman
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334120 of user rubyman.
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14190]: pam_unix(su:session): session closed for user rubyman
May  5 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334120.
May  5 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11531]: pam_unix(cron:session): session closed for user root
May  5 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Invalid user guru from 139.59.114.137
May  5 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: input_userauth_request: invalid user guru [preauth]
May  5 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14129]: pam_unix(cron:session): session closed for user samftp
May  5 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user guru from 139.59.114.137 port 38996 ssh2
May  5 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14223]: Failed password for root from 175.6.98.16 port 41888 ssh2
May  5 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Received disconnect from 139.59.114.137 port 38996:11: Bye Bye [preauth]
May  5 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Disconnected from 139.59.114.137 port 38996 [preauth]
May  5 13:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14223]: Connection closed by 175.6.98.16 port 41888 [preauth]
May  5 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Failed password for root from 175.6.98.16 port 42628 ssh2
May  5 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Connection closed by 175.6.98.16 port 42628 [preauth]
May  5 13:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Invalid user jenkins from 152.42.254.23
May  5 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: input_userauth_request: invalid user jenkins [preauth]
May  5 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.98.16  user=root
May  5 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Failed password for invalid user jenkins from 152.42.254.23 port 53022 ssh2
May  5 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Received disconnect from 152.42.254.23 port 53022:11: Bye Bye [preauth]
May  5 13:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14435]: Disconnected from 152.42.254.23 port 53022 [preauth]
May  5 13:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Failed password for root from 175.6.98.16 port 46324 ssh2
May  5 13:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Connection closed by 175.6.98.16 port 46324 [preauth]
May  5 13:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 13:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13163]: pam_unix(cron:session): session closed for user root
May  5 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Failed password for root from 94.159.101.55 port 58952 ssh2
May  5 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Received disconnect from 94.159.101.55 port 58952:11: Bye Bye [preauth]
May  5 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Disconnected from 94.159.101.55 port 58952 [preauth]
May  5 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14539]: pam_unix(cron:session): session closed for user p13x
May  5 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14603]: Successful su for rubyman by root
May  5 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14603]: + ??? root:rubyman
May  5 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334123 of user rubyman.
May  5 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14603]: pam_unix(su:session): session closed for user rubyman
May  5 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334123.
May  5 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session closed for user root
May  5 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14540]: pam_unix(cron:session): session closed for user samftp
May  5 13:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Invalid user lunatic from 103.23.199.119
May  5 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: input_userauth_request: invalid user lunatic [preauth]
May  5 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Failed password for invalid user lunatic from 103.23.199.119 port 55726 ssh2
May  5 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Received disconnect from 103.23.199.119 port 55726:11: Bye Bye [preauth]
May  5 13:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14830]: Disconnected from 103.23.199.119 port 55726 [preauth]
May  5 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13704]: pam_unix(cron:session): session closed for user root
May  5 13:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Invalid user admin from 80.94.95.112
May  5 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: input_userauth_request: invalid user admin [preauth]
May  5 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 13:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user admin from 80.94.95.112 port 10654 ssh2
May  5 13:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user admin from 80.94.95.112 port 10654 ssh2
May  5 13:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user admin from 80.94.95.112 port 10654 ssh2
May  5 13:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user admin from 80.94.95.112 port 10654 ssh2
May  5 13:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user admin from 80.94.95.112 port 10654 ssh2
May  5 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Received disconnect from 80.94.95.112 port 10654:11: Bye [preauth]
May  5 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Disconnected from 80.94.95.112 port 10654 [preauth]
May  5 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 13:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14965]: pam_unix(cron:session): session closed for user root
May  5 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14960]: pam_unix(cron:session): session closed for user p13x
May  5 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: Successful su for rubyman by root
May  5 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: + ??? root:rubyman
May  5 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334128 of user rubyman.
May  5 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: pam_unix(su:session): session closed for user rubyman
May  5 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334128.
May  5 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14962]: pam_unix(cron:session): session closed for user root
May  5 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session closed for user root
May  5 13:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session closed for user samftp
May  5 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14131]: pam_unix(cron:session): session closed for user root
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session closed for user p13x
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: Successful su for rubyman by root
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: + ??? root:rubyman
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334134 of user rubyman.
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: pam_unix(su:session): session closed for user rubyman
May  5 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334134.
May  5 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session closed for user root
May  5 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session closed for user samftp
May  5 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14542]: pam_unix(cron:session): session closed for user root
May  5 13:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 13:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Failed password for root from 218.92.0.215 port 37830 ssh2
May  5 13:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: message repeated 3 times: [ Failed password for root from 218.92.0.215 port 37830 ssh2]
May  5 13:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Failed password for root from 218.92.0.215 port 37830 ssh2
May  5 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 37830 ssh2 [preauth]
May  5 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: Disconnecting: Too many authentication failures [preauth]
May  5 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15733]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Failed password for root from 218.92.0.179 port 61487 ssh2
May  5 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Failed password for root from 218.92.0.179 port 61487 ssh2
May  5 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session closed for user p13x
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: Successful su for rubyman by root
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: + ??? root:rubyman
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334137 of user rubyman.
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: pam_unix(su:session): session closed for user rubyman
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334137.
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Failed password for root from 218.92.0.179 port 61487 ssh2
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Received disconnect from 218.92.0.179 port 61487:11:  [preauth]
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Disconnected from 218.92.0.179 port 61487 [preauth]
May  5 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Failed password for root from 218.92.0.215 port 23580 ssh2
May  5 13:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13162]: pam_unix(cron:session): session closed for user root
May  5 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Failed password for root from 218.92.0.215 port 23580 ssh2
May  5 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session closed for user samftp
May  5 13:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Failed password for root from 218.92.0.215 port 23580 ssh2
May  5 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: message repeated 3 times: [ Failed password for root from 218.92.0.215 port 23580 ssh2]
May  5 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 23580 ssh2 [preauth]
May  5 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: Disconnecting: Too many authentication failures [preauth]
May  5 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 13:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15778]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 13:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 13:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Failed password for root from 218.92.0.215 port 46308 ssh2
May  5 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Received disconnect from 218.92.0.215 port 46308:11:  [preauth]
May  5 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16058]: Disconnected from 218.92.0.215 port 46308 [preauth]
May  5 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Failed password for root from 35.222.117.243 port 59014 ssh2
May  5 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Received disconnect from 35.222.117.243 port 59014:11: Bye Bye [preauth]
May  5 13:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16080]: Disconnected from 35.222.117.243 port 59014 [preauth]
May  5 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14964]: pam_unix(cron:session): session closed for user root
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session closed for user p13x
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16236]: Successful su for rubyman by root
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16236]: + ??? root:rubyman
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334143 of user rubyman.
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16236]: pam_unix(su:session): session closed for user rubyman
May  5 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334143.
May  5 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13703]: pam_unix(cron:session): session closed for user root
May  5 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16178]: pam_unix(cron:session): session closed for user samftp
May  5 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Failed password for root from 94.159.101.55 port 59352 ssh2
May  5 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Received disconnect from 94.159.101.55 port 59352:11: Bye Bye [preauth]
May  5 13:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16407]: Disconnected from 94.159.101.55 port 59352 [preauth]
May  5 13:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: Invalid user skynet from 139.59.114.137
May  5 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: input_userauth_request: invalid user skynet [preauth]
May  5 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: Failed password for invalid user skynet from 139.59.114.137 port 42954 ssh2
May  5 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: Received disconnect from 139.59.114.137 port 42954:11: Bye Bye [preauth]
May  5 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16436]: Disconnected from 139.59.114.137 port 42954 [preauth]
May  5 13:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Failed password for root from 152.42.254.23 port 39786 ssh2
May  5 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Received disconnect from 152.42.254.23 port 39786:11: Bye Bye [preauth]
May  5 13:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Disconnected from 152.42.254.23 port 39786 [preauth]
May  5 13:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15381]: pam_unix(cron:session): session closed for user root
May  5 13:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Invalid user dot from 193.32.162.134
May  5 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: input_userauth_request: invalid user dot [preauth]
May  5 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Failed password for invalid user dot from 193.32.162.134 port 41418 ssh2
May  5 13:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Connection closed by 193.32.162.134 port 41418 [preauth]
May  5 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session closed for user p13x
May  5 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16684]: Successful su for rubyman by root
May  5 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16684]: + ??? root:rubyman
May  5 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334145 of user rubyman.
May  5 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16684]: pam_unix(su:session): session closed for user rubyman
May  5 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334145.
May  5 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14130]: pam_unix(cron:session): session closed for user root
May  5 13:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session closed for user samftp
May  5 13:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user root
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17055]: pam_unix(cron:session): session closed for user root
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17049]: pam_unix(cron:session): session closed for user p13x
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: Successful su for rubyman by root
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: + ??? root:rubyman
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334152 of user rubyman.
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: pam_unix(su:session): session closed for user rubyman
May  5 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334152.
May  5 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17051]: pam_unix(cron:session): session closed for user root
May  5 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14541]: pam_unix(cron:session): session closed for user root
May  5 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17050]: pam_unix(cron:session): session closed for user samftp
May  5 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Invalid user fengyingchao from 172.174.5.146
May  5 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: input_userauth_request: invalid user fengyingchao [preauth]
May  5 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 13:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for invalid user fengyingchao from 172.174.5.146 port 47800 ssh2
May  5 13:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Received disconnect from 172.174.5.146 port 47800:11: Bye Bye [preauth]
May  5 13:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Disconnected from 172.174.5.146 port 47800 [preauth]
May  5 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16180]: pam_unix(cron:session): session closed for user root
May  5 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session closed for user p13x
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17572]: Successful su for rubyman by root
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17572]: + ??? root:rubyman
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334156 of user rubyman.
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17572]: pam_unix(su:session): session closed for user rubyman
May  5 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334156.
May  5 13:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14963]: pam_unix(cron:session): session closed for user root
May  5 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user samftp
May  5 13:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Invalid user zhy from 103.23.199.119
May  5 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: input_userauth_request: invalid user zhy [preauth]
May  5 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Failed password for invalid user zhy from 103.23.199.119 port 40176 ssh2
May  5 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Received disconnect from 103.23.199.119 port 40176:11: Bye Bye [preauth]
May  5 13:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Disconnected from 103.23.199.119 port 40176 [preauth]
May  5 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16623]: pam_unix(cron:session): session closed for user root
May  5 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session closed for user p13x
May  5 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18095]: Successful su for rubyman by root
May  5 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18095]: + ??? root:rubyman
May  5 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334159 of user rubyman.
May  5 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18095]: pam_unix(su:session): session closed for user rubyman
May  5 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334159.
May  5 13:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session closed for user root
May  5 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18028]: pam_unix(cron:session): session closed for user samftp
May  5 13:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Invalid user ubnt from 80.94.95.125
May  5 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: input_userauth_request: invalid user ubnt [preauth]
May  5 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 13:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Failed password for invalid user ubnt from 80.94.95.125 port 46822 ssh2
May  5 13:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Failed password for invalid user ubnt from 80.94.95.125 port 46822 ssh2
May  5 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Failed password for invalid user ubnt from 80.94.95.125 port 46822 ssh2
May  5 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Failed password for invalid user ubnt from 80.94.95.125 port 46822 ssh2
May  5 13:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Failed password for invalid user ubnt from 80.94.95.125 port 46822 ssh2
May  5 13:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Received disconnect from 80.94.95.125 port 46822:11: Bye [preauth]
May  5 13:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Disconnected from 80.94.95.125 port 46822 [preauth]
May  5 13:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 13:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17054]: pam_unix(cron:session): session closed for user root
May  5 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Invalid user muser from 35.222.117.243
May  5 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: input_userauth_request: invalid user muser [preauth]
May  5 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Failed password for invalid user muser from 35.222.117.243 port 38302 ssh2
May  5 13:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Received disconnect from 35.222.117.243 port 38302:11: Bye Bye [preauth]
May  5 13:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Disconnected from 35.222.117.243 port 38302 [preauth]
May  5 13:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: Failed password for root from 94.159.101.55 port 57728 ssh2
May  5 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: Received disconnect from 94.159.101.55 port 57728:11: Bye Bye [preauth]
May  5 13:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18438]: Disconnected from 94.159.101.55 port 57728 [preauth]
May  5 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Invalid user admin from 139.19.117.131
May  5 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: input_userauth_request: invalid user admin [preauth]
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18456]: pam_unix(cron:session): session closed for user p13x
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18522]: Successful su for rubyman by root
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18522]: + ??? root:rubyman
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334164 of user rubyman.
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18522]: pam_unix(su:session): session closed for user rubyman
May  5 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334164.
May  5 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user root
May  5 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18457]: pam_unix(cron:session): session closed for user samftp
May  5 13:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Connection closed by 139.19.117.131 port 44250 [preauth]
May  5 13:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Invalid user ubnt from 80.94.95.241
May  5 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: input_userauth_request: invalid user ubnt [preauth]
May  5 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 13:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for invalid user ubnt from 80.94.95.241 port 37559 ssh2
May  5 13:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for invalid user ubnt from 80.94.95.241 port 37559 ssh2
May  5 13:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for invalid user ubnt from 80.94.95.241 port 37559 ssh2
May  5 13:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Invalid user es from 152.42.254.23
May  5 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: input_userauth_request: invalid user es [preauth]
May  5 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137  user=root
May  5 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for invalid user ubnt from 80.94.95.241 port 37559 ssh2
May  5 13:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Failed password for invalid user es from 152.42.254.23 port 33282 ssh2
May  5 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Received disconnect from 152.42.254.23 port 33282:11: Bye Bye [preauth]
May  5 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Disconnected from 152.42.254.23 port 33282 [preauth]
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: Failed password for root from 139.59.114.137 port 60122 ssh2
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: Received disconnect from 139.59.114.137 port 60122:11: Bye Bye [preauth]
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18741]: Disconnected from 139.59.114.137 port 60122 [preauth]
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for invalid user ubnt from 80.94.95.241 port 37559 ssh2
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Received disconnect from 80.94.95.241 port 37559:11: Bye [preauth]
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Disconnected from 80.94.95.241 port 37559 [preauth]
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 13:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17499]: pam_unix(cron:session): session closed for user root
May  5 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18872]: pam_unix(cron:session): session closed for user p13x
May  5 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: Successful su for rubyman by root
May  5 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: + ??? root:rubyman
May  5 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334170 of user rubyman.
May  5 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: pam_unix(su:session): session closed for user rubyman
May  5 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334170.
May  5 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session closed for user root
May  5 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16179]: pam_unix(cron:session): session closed for user root
May  5 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18873]: pam_unix(cron:session): session closed for user samftp
May  5 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session closed for user root
May  5 13:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Invalid user chen2023 from 172.174.5.146
May  5 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: input_userauth_request: invalid user chen2023 [preauth]
May  5 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Invalid user stake from 193.32.162.134
May  5 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: input_userauth_request: invalid user stake [preauth]
May  5 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Failed password for invalid user chen2023 from 172.174.5.146 port 9821 ssh2
May  5 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Received disconnect from 172.174.5.146 port 9821:11: Bye Bye [preauth]
May  5 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19358]: Disconnected from 172.174.5.146 port 9821 [preauth]
May  5 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user stake from 193.32.162.134 port 53470 ssh2
May  5 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Connection closed by 193.32.162.134 port 53470 [preauth]
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session closed for user root
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session closed for user p13x
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19439]: Successful su for rubyman by root
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19439]: + ??? root:rubyman
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334174 of user rubyman.
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19439]: pam_unix(su:session): session closed for user rubyman
May  5 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334174.
May  5 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session closed for user root
May  5 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session closed for user root
May  5 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session closed for user samftp
May  5 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18459]: pam_unix(cron:session): session closed for user root
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19814]: pam_unix(cron:session): session closed for user p13x
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: Successful su for rubyman by root
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: + ??? root:rubyman
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334179 of user rubyman.
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19881]: pam_unix(su:session): session closed for user rubyman
May  5 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334179.
May  5 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17052]: pam_unix(cron:session): session closed for user root
May  5 13:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19815]: pam_unix(cron:session): session closed for user samftp
May  5 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: Did not receive identification string from 193.32.162.185
May  5 13:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for root from 218.92.0.179 port 54294 ssh2
May  5 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18875]: pam_unix(cron:session): session closed for user root
May  5 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for root from 218.92.0.179 port 54294 ssh2
May  5 13:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Failed password for root from 218.92.0.179 port 54294 ssh2
May  5 13:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Received disconnect from 218.92.0.179 port 54294:11:  [preauth]
May  5 13:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: Disconnected from 218.92.0.179 port 54294 [preauth]
May  5 13:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20149]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20234]: pam_unix(cron:session): session closed for user p13x
May  5 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: Successful su for rubyman by root
May  5 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: + ??? root:rubyman
May  5 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334184 of user rubyman.
May  5 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session closed for user rubyman
May  5 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334184.
May  5 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user root
May  5 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session closed for user samftp
May  5 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19375]: pam_unix(cron:session): session closed for user root
May  5 13:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55  user=root
May  5 13:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Failed password for root from 94.159.101.55 port 60086 ssh2
May  5 13:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Received disconnect from 94.159.101.55 port 60086:11: Bye Bye [preauth]
May  5 13:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20580]: Disconnected from 94.159.101.55 port 60086 [preauth]
May  5 13:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session closed for user p13x
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Failed password for root from 46.244.96.25 port 59768 ssh2
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: Successful su for rubyman by root
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: + ??? root:rubyman
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334189 of user rubyman.
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20694]: pam_unix(su:session): session closed for user rubyman
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334189.
May  5 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Connection closed by 46.244.96.25 port 59768 [preauth]
May  5 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session closed for user root
May  5 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session closed for user samftp
May  5 13:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Invalid user es from 35.222.117.243
May  5 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: input_userauth_request: invalid user es [preauth]
May  5 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Failed password for invalid user es from 35.222.117.243 port 45826 ssh2
May  5 13:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Received disconnect from 35.222.117.243 port 45826:11: Bye Bye [preauth]
May  5 13:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20905]: Disconnected from 35.222.117.243 port 45826 [preauth]
May  5 13:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 13:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Failed password for root from 152.42.254.23 port 34490 ssh2
May  5 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Received disconnect from 152.42.254.23 port 34490:11: Bye Bye [preauth]
May  5 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Disconnected from 152.42.254.23 port 34490 [preauth]
May  5 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Invalid user irfan from 139.59.114.137
May  5 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: input_userauth_request: invalid user irfan [preauth]
May  5 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Failed password for invalid user irfan from 139.59.114.137 port 54000 ssh2
May  5 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Received disconnect from 139.59.114.137 port 54000:11: Bye Bye [preauth]
May  5 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20961]: Disconnected from 139.59.114.137 port 54000 [preauth]
May  5 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Invalid user website from 103.23.199.119
May  5 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: input_userauth_request: invalid user website [preauth]
May  5 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Failed password for invalid user website from 103.23.199.119 port 60230 ssh2
May  5 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Received disconnect from 103.23.199.119 port 60230:11: Bye Bye [preauth]
May  5 13:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20963]: Disconnected from 103.23.199.119 port 60230 [preauth]
May  5 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19817]: pam_unix(cron:session): session closed for user root
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user p13x
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21113]: Successful su for rubyman by root
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21113]: + ??? root:rubyman
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334190 of user rubyman.
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21113]: pam_unix(su:session): session closed for user rubyman
May  5 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334190.
May  5 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18458]: pam_unix(cron:session): session closed for user root
May  5 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21049]: pam_unix(cron:session): session closed for user samftp
May  5 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for root from 185.210.89.26 port 54076 ssh2
May  5 13:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Connection closed by 185.210.89.26 port 54076 [preauth]
May  5 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session closed for user root
May  5 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: Invalid user wartung from 172.174.5.146
May  5 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: input_userauth_request: invalid user wartung [preauth]
May  5 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: Failed password for invalid user wartung from 172.174.5.146 port 28354 ssh2
May  5 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: Received disconnect from 172.174.5.146 port 28354:11: Bye Bye [preauth]
May  5 13:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21475]: Disconnected from 172.174.5.146 port 28354 [preauth]
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21502]: pam_unix(cron:session): session closed for user root
May  5 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user p13x
May  5 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21572]: Successful su for rubyman by root
May  5 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21572]: + ??? root:rubyman
May  5 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334194 of user rubyman.
May  5 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21572]: pam_unix(su:session): session closed for user rubyman
May  5 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334194.
May  5 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session closed for user root
May  5 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18874]: pam_unix(cron:session): session closed for user root
May  5 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user samftp
May  5 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Failed password for root from 218.92.0.179 port 55708 ssh2
May  5 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55708 ssh2]
May  5 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Received disconnect from 218.92.0.179 port 55708:11:  [preauth]
May  5 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Disconnected from 218.92.0.179 port 55708 [preauth]
May  5 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session closed for user root
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22274]: pam_unix(cron:session): session closed for user p13x
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: Successful su for rubyman by root
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: + ??? root:rubyman
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334201 of user rubyman.
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22352]: pam_unix(su:session): session closed for user rubyman
May  5 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334201.
May  5 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session closed for user root
May  5 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22275]: pam_unix(cron:session): session closed for user samftp
May  5 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: User mysql from 50.235.31.47 not allowed because not listed in AllowUsers
May  5 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: input_userauth_request: invalid user mysql [preauth]
May  5 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=mysql
May  5 13:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Failed password for invalid user mysql from 50.235.31.47 port 49742 ssh2
May  5 13:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22573]: Connection closed by 50.235.31.47 port 49742 [preauth]
May  5 13:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Invalid user delegate from 193.32.162.134
May  5 13:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: input_userauth_request: invalid user delegate [preauth]
May  5 13:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Failed password for invalid user delegate from 193.32.162.134 port 37290 ssh2
May  5 13:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22606]: Connection closed by 193.32.162.134 port 37290 [preauth]
May  5 13:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session closed for user root
May  5 13:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: Invalid user pi from 185.210.89.26
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: input_userauth_request: invalid user pi [preauth]
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Invalid user hive from 185.210.89.26
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: input_userauth_request: invalid user hive [preauth]
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: Invalid user git from 185.210.89.26
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: input_userauth_request: invalid user git [preauth]
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Invalid user wang from 185.210.89.26
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: input_userauth_request: invalid user wang [preauth]
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Invalid user nginx from 185.210.89.26
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: input_userauth_request: invalid user nginx [preauth]
May  5 13:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Invalid user mongo from 185.210.89.26
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: input_userauth_request: invalid user mongo [preauth]
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: Failed password for root from 185.210.89.26 port 58410 ssh2
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Invalid user user from 185.210.89.26
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: input_userauth_request: invalid user user [preauth]
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22711]: Connection closed by 185.210.89.26 port 58410 [preauth]
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: Failed password for invalid user pi from 185.210.89.26 port 58772 ssh2
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22714]: Connection closed by 185.210.89.26 port 58772 [preauth]
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Invalid user oracle from 185.210.89.26
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: input_userauth_request: invalid user oracle [preauth]
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Failed password for invalid user hive from 185.210.89.26 port 59134 ssh2
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: Failed password for invalid user git from 185.210.89.26 port 59496 ssh2
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Connection closed by 185.210.89.26 port 59134 [preauth]
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Invalid user gpadmin from 185.210.89.26
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: input_userauth_request: invalid user gpadmin [preauth]
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22719]: Connection closed by 185.210.89.26 port 59496 [preauth]
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Failed password for invalid user wang from 185.210.89.26 port 59858 ssh2
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Connection closed by 185.210.89.26 port 59858 [preauth]
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Invalid user esroot from 185.210.89.26
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: input_userauth_request: invalid user esroot [preauth]
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Failed password for invalid user nginx from 185.210.89.26 port 60220 ssh2
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Invalid user gitlab from 185.210.89.26
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: input_userauth_request: invalid user gitlab [preauth]
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Connection closed by 185.210.89.26 port 60220 [preauth]
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Failed password for invalid user mongo from 185.210.89.26 port 60582 ssh2
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: Invalid user apache from 185.210.89.26
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: input_userauth_request: invalid user apache [preauth]
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Connection closed by 185.210.89.26 port 60582 [preauth]
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Failed password for invalid user user from 185.210.89.26 port 60944 ssh2
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Connection closed by 185.210.89.26 port 60944 [preauth]
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Failed password for invalid user oracle from 185.210.89.26 port 33074 ssh2
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Invalid user user from 185.210.89.26
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: input_userauth_request: invalid user user [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22729]: Connection closed by 185.210.89.26 port 33074 [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for invalid user gpadmin from 185.210.89.26 port 33436 ssh2
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Failed password for invalid user esroot from 185.210.89.26 port 34160 ssh2
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Connection closed by 185.210.89.26 port 33436 [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Connection closed by 185.210.89.26 port 34160 [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Invalid user lighthouse from 185.210.89.26
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: input_userauth_request: invalid user lighthouse [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Failed password for invalid user gitlab from 185.210.89.26 port 34522 ssh2
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for root from 185.210.89.26 port 33798 ssh2
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Connection closed by 185.210.89.26 port 34522 [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Invalid user flask from 185.210.89.26
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: input_userauth_request: invalid user flask [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Connection closed by 185.210.89.26 port 33798 [preauth]
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: Failed password for invalid user apache from 185.210.89.26 port 34884 ssh2
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: Connection closed by 185.210.89.26 port 34884 [preauth]
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for root from 185.210.89.26 port 35246 ssh2
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Connection closed by 185.210.89.26 port 35246 [preauth]
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Invalid user user1 from 185.210.89.26
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: input_userauth_request: invalid user user1 [preauth]
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Failed password for root from 185.210.89.26 port 35608 ssh2
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Connection closed by 185.210.89.26 port 35608 [preauth]
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: Invalid user hadoop from 185.210.89.26
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: input_userauth_request: invalid user hadoop [preauth]
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Failed password for invalid user user from 185.210.89.26 port 35970 ssh2
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Invalid user oracle from 185.210.89.26
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: input_userauth_request: invalid user oracle [preauth]
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22761]: Connection closed by 185.210.89.26 port 35970 [preauth]
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Failed password for invalid user lighthouse from 185.210.89.26 port 36332 ssh2
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: Invalid user test from 185.210.89.26
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: input_userauth_request: invalid user test [preauth]
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Connection closed by 185.210.89.26 port 36332 [preauth]
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Failed password for invalid user flask from 185.210.89.26 port 36694 ssh2
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Connection closed by 185.210.89.26 port 36694 [preauth]
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Invalid user developer from 185.210.89.26
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: input_userauth_request: invalid user developer [preauth]
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Failed password for invalid user user1 from 185.210.89.26 port 37056 ssh2
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22769]: Connection closed by 185.210.89.26 port 37056 [preauth]
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: User mysql from 185.210.89.26 not allowed because not listed in AllowUsers
May  5 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: input_userauth_request: invalid user mysql [preauth]
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: Failed password for invalid user hadoop from 185.210.89.26 port 37418 ssh2
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=mysql
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: Connection closed by 185.210.89.26 port 37418 [preauth]
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Failed password for invalid user oracle from 185.210.89.26 port 37780 ssh2
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22773]: Connection closed by 185.210.89.26 port 37780 [preauth]
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Invalid user tom from 185.210.89.26
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: input_userauth_request: invalid user tom [preauth]
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: Failed password for invalid user test from 185.210.89.26 port 38142 ssh2
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22777]: Connection closed by 185.210.89.26 port 38142 [preauth]
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Failed password for root from 185.210.89.26 port 38504 ssh2
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Connection closed by 185.210.89.26 port 38504 [preauth]
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: Invalid user oscar from 185.210.89.26
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: input_userauth_request: invalid user oscar [preauth]
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Failed password for invalid user developer from 185.210.89.26 port 38866 ssh2
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22783]: Connection closed by 185.210.89.26 port 38866 [preauth]
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: Failed password for root from 185.210.89.26 port 39228 ssh2
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Failed password for invalid user mysql from 185.210.89.26 port 39590 ssh2
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22785]: Connection closed by 185.210.89.26 port 39228 [preauth]
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Connection closed by 185.210.89.26 port 39590 [preauth]
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: Invalid user user1 from 185.210.89.26
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: input_userauth_request: invalid user user1 [preauth]
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Failed password for root from 185.210.89.26 port 39952 ssh2
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Connection closed by 185.210.89.26 port 39952 [preauth]
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Failed password for invalid user tom from 185.210.89.26 port 40314 ssh2
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Failed password for root from 185.210.89.26 port 40684 ssh2
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Connection closed by 185.210.89.26 port 40314 [preauth]
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: Invalid user flink from 185.210.89.26
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: input_userauth_request: invalid user flink [preauth]
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22801]: Connection closed by 185.210.89.26 port 40684 [preauth]
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: Failed password for invalid user oscar from 185.210.89.26 port 41046 ssh2
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Invalid user apache from 185.210.89.26
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: input_userauth_request: invalid user apache [preauth]
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22803]: Connection closed by 185.210.89.26 port 41046 [preauth]
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Failed password for root from 185.210.89.26 port 41408 ssh2
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Connection closed by 185.210.89.26 port 41408 [preauth]
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Failed password for root from 185.210.89.26 port 41770 ssh2
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Invalid user nginx from 185.210.89.26
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: input_userauth_request: invalid user nginx [preauth]
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Connection closed by 185.210.89.26 port 41770 [preauth]
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Invalid user esuser from 185.210.89.26
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: input_userauth_request: invalid user esuser [preauth]
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: Failed password for invalid user user1 from 185.210.89.26 port 42132 ssh2
May  5 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session closed for user p13x
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: Connection closed by 185.210.89.26 port 42132 [preauth]
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: Failed password for root from 185.210.89.26 port 42494 ssh2
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: Successful su for rubyman by root
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: + ??? root:rubyman
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334205 of user rubyman.
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: pam_unix(su:session): session closed for user rubyman
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334205.
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22819]: Connection closed by 185.210.89.26 port 42494 [preauth]
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: Failed password for invalid user flink from 185.210.89.26 port 42856 ssh2
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22821]: Connection closed by 185.210.89.26 port 42856 [preauth]
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Failed password for invalid user apache from 185.210.89.26 port 43218 ssh2
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: Invalid user git from 185.210.89.26
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: input_userauth_request: invalid user git [preauth]
May  5 13:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Connection closed by 185.210.89.26 port 43218 [preauth]
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Invalid user postgres from 185.210.89.26
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: input_userauth_request: invalid user postgres [preauth]
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Invalid user svnuser from 185.210.89.26
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: input_userauth_request: invalid user svnuser [preauth]
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22826]: Failed password for root from 185.210.89.26 port 43580 ssh2
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22826]: Connection closed by 185.210.89.26 port 43580 [preauth]
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session closed for user root
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: Invalid user dolphinscheduler from 185.210.89.26
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Failed password for invalid user nginx from 185.210.89.26 port 43942 ssh2
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Connection closed by 185.210.89.26 port 43942 [preauth]
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Failed password for invalid user esuser from 185.210.89.26 port 44304 ssh2
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Connection closed by 185.210.89.26 port 44304 [preauth]
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: Failed password for invalid user git from 185.210.89.26 port 45046 ssh2
May  5 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22918]: Connection closed by 185.210.89.26 port 45046 [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Invalid user plexserver from 185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: input_userauth_request: invalid user plexserver [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Failed password for root from 185.210.89.26 port 44670 ssh2
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: Invalid user sonar from 185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: input_userauth_request: invalid user sonar [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Failed password for invalid user postgres from 185.210.89.26 port 45408 ssh2
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Connection closed by 185.210.89.26 port 44670 [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22965]: Connection closed by 185.210.89.26 port 45408 [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Invalid user app from 185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: input_userauth_request: invalid user app [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Failed password for invalid user svnuser from 185.210.89.26 port 45770 ssh2
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23008]: Connection closed by 185.210.89.26 port 45770 [preauth]
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Invalid user tools from 185.210.89.26
May  5 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: input_userauth_request: invalid user tools [preauth]
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Invalid user lighthouse from 185.210.89.26
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: input_userauth_request: invalid user lighthouse [preauth]
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: Failed password for invalid user dolphinscheduler from 185.210.89.26 port 46132 ssh2
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: Connection closed by 185.210.89.26 port 46132 [preauth]
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: User mysql from 185.210.89.26 not allowed because not listed in AllowUsers
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: input_userauth_request: invalid user mysql [preauth]
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Failed password for invalid user plexserver from 185.210.89.26 port 46856 ssh2
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: Failed password for root from 185.210.89.26 port 46494 ssh2
May  5 13:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user samftp
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=mysql
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: Failed password for invalid user sonar from 185.210.89.26 port 47218 ssh2
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23057]: Connection closed by 185.210.89.26 port 46494 [preauth]
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23089]: Connection closed by 185.210.89.26 port 46856 [preauth]
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23104]: Connection closed by 185.210.89.26 port 47218 [preauth]
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Failed password for invalid user app from 185.210.89.26 port 47580 ssh2
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: Invalid user gpadmin from 185.210.89.26
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: input_userauth_request: invalid user gpadmin [preauth]
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Connection closed by 185.210.89.26 port 47580 [preauth]
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Invalid user oracle from 185.210.89.26
May  5 13:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: input_userauth_request: invalid user oracle [preauth]
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Failed password for invalid user tools from 185.210.89.26 port 47942 ssh2
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Invalid user www from 185.210.89.26
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: input_userauth_request: invalid user www [preauth]
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23114]: Connection closed by 185.210.89.26 port 47942 [preauth]
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Failed password for invalid user lighthouse from 185.210.89.26 port 48304 ssh2
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Connection closed by 185.210.89.26 port 48304 [preauth]
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Failed password for invalid user mysql from 185.210.89.26 port 48666 ssh2
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Invalid user oscar from 185.210.89.26
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: input_userauth_request: invalid user oscar [preauth]
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Connection closed by 185.210.89.26 port 48666 [preauth]
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23134]: Failed password for root from 185.210.89.26 port 49028 ssh2
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: Invalid user test from 185.210.89.26
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: input_userauth_request: invalid user test [preauth]
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23134]: Connection closed by 185.210.89.26 port 49028 [preauth]
May  5 13:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: Failed password for invalid user gpadmin from 185.210.89.26 port 49390 ssh2
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: Invalid user admin from 185.210.89.26
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: input_userauth_request: invalid user admin [preauth]
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23143]: Connection closed by 185.210.89.26 port 49390 [preauth]
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Failed password for invalid user oracle from 185.210.89.26 port 49752 ssh2
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Invalid user app from 185.210.89.26
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: input_userauth_request: invalid user app [preauth]
May  5 13:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23158]: Connection closed by 185.210.89.26 port 49752 [preauth]
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Failed password for root from 185.210.89.26 port 50114 ssh2
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: Invalid user elastic from 185.210.89.26
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: input_userauth_request: invalid user elastic [preauth]
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Connection closed by 185.210.89.26 port 50114 [preauth]
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for root from 185.210.89.26 port 50838 ssh2
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Failed password for invalid user www from 185.210.89.26 port 50476 ssh2
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Connection closed by 185.210.89.26 port 50838 [preauth]
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Connection closed by 185.210.89.26 port 50476 [preauth]
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Failed password for invalid user oscar from 185.210.89.26 port 51200 ssh2
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: Failed password for invalid user test from 185.210.89.26 port 51562 ssh2
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23169]: Connection closed by 185.210.89.26 port 51200 [preauth]
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Invalid user guest from 185.210.89.26
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: input_userauth_request: invalid user guest [preauth]
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23171]: Connection closed by 185.210.89.26 port 51562 [preauth]
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: Failed password for invalid user admin from 185.210.89.26 port 51924 ssh2
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: Connection closed by 185.210.89.26 port 51924 [preauth]
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23181]: Failed password for root from 185.210.89.26 port 52286 ssh2
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Invalid user sonar from 185.210.89.26
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: input_userauth_request: invalid user sonar [preauth]
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23181]: Connection closed by 185.210.89.26 port 52286 [preauth]
May  5 13:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Failed password for invalid user app from 185.210.89.26 port 52648 ssh2
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Connection closed by 185.210.89.26 port 52648 [preauth]
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: Failed password for invalid user elastic from 185.210.89.26 port 53010 ssh2
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: Invalid user jumpserver from 185.210.89.26
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: input_userauth_request: invalid user jumpserver [preauth]
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23185]: Connection closed by 185.210.89.26 port 53010 [preauth]
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Failed password for root from 185.210.89.26 port 6232 ssh2
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: Invalid user tom from 185.210.89.26
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: input_userauth_request: invalid user tom [preauth]
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23188]: Connection closed by 185.210.89.26 port 6232 [preauth]
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Failed password for invalid user guest from 185.210.89.26 port 53734 ssh2
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23190]: Connection closed by 185.210.89.26 port 53734 [preauth]
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Invalid user git from 185.210.89.26
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: input_userauth_request: invalid user git [preauth]
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Failed password for root from 185.210.89.26 port 54096 ssh2
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Invalid user ranger from 185.210.89.26
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: input_userauth_request: invalid user ranger [preauth]
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Connection closed by 185.210.89.26 port 54096 [preauth]
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Failed password for invalid user sonar from 185.210.89.26 port 54458 ssh2
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: Invalid user appuser from 185.210.89.26
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: input_userauth_request: invalid user appuser [preauth]
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23195]: Connection closed by 185.210.89.26 port 54458 [preauth]
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Invalid user tom from 185.210.89.26
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: input_userauth_request: invalid user tom [preauth]
May  5 13:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: Failed password for invalid user jumpserver from 185.210.89.26 port 54820 ssh2
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23209]: Connection closed by 185.210.89.26 port 54820 [preauth]
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: Failed password for invalid user tom from 185.210.89.26 port 55182 ssh2
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: Failed password for root from 185.210.89.26 port 55544 ssh2
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23212]: Connection closed by 185.210.89.26 port 55182 [preauth]
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: Connection closed by 185.210.89.26 port 55544 [preauth]
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Invalid user ubuntu from 185.210.89.26
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: input_userauth_request: invalid user ubuntu [preauth]
May  5 13:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Failed password for invalid user git from 185.210.89.26 port 55906 ssh2
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23235]: Failed password for root from 185.210.89.26 port 56630 ssh2
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Connection closed by 185.210.89.26 port 55906 [preauth]
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Invalid user elsearch from 185.210.89.26
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: input_userauth_request: invalid user elsearch [preauth]
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Failed password for invalid user ranger from 185.210.89.26 port 56268 ssh2
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23235]: Connection closed by 185.210.89.26 port 56630 [preauth]
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Connection closed by 185.210.89.26 port 56268 [preauth]
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Invalid user nginx from 185.210.89.26
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: input_userauth_request: invalid user nginx [preauth]
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: Failed password for invalid user appuser from 185.210.89.26 port 56992 ssh2
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: Connection closed by 185.210.89.26 port 56992 [preauth]
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: Invalid user rancher from 185.210.89.26
May  5 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: input_userauth_request: invalid user rancher [preauth]
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Failed password for invalid user tom from 185.210.89.26 port 57354 ssh2
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23239]: Connection closed by 185.210.89.26 port 57354 [preauth]
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: Invalid user rancher from 185.210.89.26
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: input_userauth_request: invalid user rancher [preauth]
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: Failed password for root from 185.210.89.26 port 57716 ssh2
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23241]: Connection closed by 185.210.89.26 port 57716 [preauth]
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Invalid user es from 185.210.89.26
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: input_userauth_request: invalid user es [preauth]
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Failed password for invalid user ubuntu from 185.210.89.26 port 58078 ssh2
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23243]: Connection closed by 185.210.89.26 port 58078 [preauth]
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Failed password for invalid user elsearch from 185.210.89.26 port 58440 ssh2
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Connection closed by 185.210.89.26 port 58440 [preauth]
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Failed password for invalid user nginx from 185.210.89.26 port 58802 ssh2
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Invalid user user from 185.210.89.26
May  5 13:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: input_userauth_request: invalid user user [preauth]
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23247]: Connection closed by 185.210.89.26 port 58802 [preauth]
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: Failed password for invalid user rancher from 185.210.89.26 port 59166 ssh2
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: Connection closed by 185.210.89.26 port 59166 [preauth]
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: Invalid user uftp from 185.210.89.26
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: input_userauth_request: invalid user uftp [preauth]
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Failed password for root from 185.210.89.26 port 59534 ssh2
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: Invalid user data from 185.210.89.26
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: input_userauth_request: invalid user data [preauth]
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23254]: Connection closed by 185.210.89.26 port 59534 [preauth]
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: Failed password for invalid user rancher from 185.210.89.26 port 59896 ssh2
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: Connection closed by 185.210.89.26 port 59896 [preauth]
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Invalid user bigdata from 185.210.89.26
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: input_userauth_request: invalid user bigdata [preauth]
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Failed password for invalid user es from 185.210.89.26 port 60258 ssh2
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23263]: Connection closed by 185.210.89.26 port 60258 [preauth]
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Invalid user oracle from 185.210.89.26
May  5 13:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: input_userauth_request: invalid user oracle [preauth]
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Failed password for root from 185.210.89.26 port 60620 ssh2
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Connection closed by 185.210.89.26 port 60620 [preauth]
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Invalid user plex from 185.210.89.26
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: input_userauth_request: invalid user plex [preauth]
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Invalid user steam from 185.210.89.26
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: input_userauth_request: invalid user steam [preauth]
May  5 13:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Failed password for invalid user user from 185.210.89.26 port 60982 ssh2
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23267]: Connection closed by 185.210.89.26 port 60982 [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: Invalid user esuser from 185.210.89.26
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: input_userauth_request: invalid user esuser [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23269]: Failed password for root from 185.210.89.26 port 33112 ssh2
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23269]: Connection closed by 185.210.89.26 port 33112 [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: Failed password for invalid user data from 185.210.89.26 port 33836 ssh2
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Invalid user observer from 185.210.89.26
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: input_userauth_request: invalid user observer [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: Failed password for invalid user uftp from 185.210.89.26 port 33474 ssh2
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23273]: Connection closed by 185.210.89.26 port 33836 [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: Connection closed by 185.210.89.26 port 33474 [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Failed password for invalid user bigdata from 185.210.89.26 port 34198 ssh2
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Invalid user docker from 185.210.89.26
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: input_userauth_request: invalid user docker [preauth]
May  5 13:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for invalid user oracle from 185.210.89.26 port 34560 ssh2
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Connection closed by 185.210.89.26 port 34198 [preauth]
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Connection closed by 185.210.89.26 port 34560 [preauth]
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Invalid user user from 185.210.89.26
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: input_userauth_request: invalid user user [preauth]
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Failed password for invalid user plex from 185.210.89.26 port 34922 ssh2
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: Invalid user elastic from 185.210.89.26
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: input_userauth_request: invalid user elastic [preauth]
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23281]: Connection closed by 185.210.89.26 port 34922 [preauth]
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Failed password for invalid user steam from 185.210.89.26 port 35288 ssh2
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23283]: Connection closed by 185.210.89.26 port 35288 [preauth]
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Invalid user oracle from 185.210.89.26
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: input_userauth_request: invalid user oracle [preauth]
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: Failed password for invalid user esuser from 185.210.89.26 port 35654 ssh2
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23285]: Connection closed by 185.210.89.26 port 35654 [preauth]
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: Invalid user postgres from 185.210.89.26
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: input_userauth_request: invalid user postgres [preauth]
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Failed password for invalid user observer from 185.210.89.26 port 36016 ssh2
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Connection closed by 185.210.89.26 port 36016 [preauth]
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: Invalid user ts from 185.210.89.26
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: input_userauth_request: invalid user ts [preauth]
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Failed password for invalid user docker from 185.210.89.26 port 36378 ssh2
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Invalid user ftpuser from 185.210.89.26
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: input_userauth_request: invalid user ftpuser [preauth]
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23297]: Connection closed by 185.210.89.26 port 36378 [preauth]
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Failed password for invalid user user from 185.210.89.26 port 36740 ssh2
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23299]: Connection closed by 185.210.89.26 port 36740 [preauth]
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Invalid user test from 185.210.89.26
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: input_userauth_request: invalid user test [preauth]
May  5 13:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Invalid user jenkins from 94.159.101.55
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: input_userauth_request: invalid user jenkins [preauth]
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: Failed password for invalid user elastic from 185.210.89.26 port 37102 ssh2
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23301]: Connection closed by 185.210.89.26 port 37102 [preauth]
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Invalid user gitlab from 185.210.89.26
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: input_userauth_request: invalid user gitlab [preauth]
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Failed password for invalid user oracle from 185.210.89.26 port 37464 ssh2
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: Invalid user guest from 185.210.89.26
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: input_userauth_request: invalid user guest [preauth]
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Connection closed by 185.210.89.26 port 37464 [preauth]
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: Failed password for invalid user postgres from 185.210.89.26 port 37826 ssh2
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Invalid user worker from 185.210.89.26
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: input_userauth_request: invalid user worker [preauth]
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23407]: Connection closed by 185.210.89.26 port 37826 [preauth]
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: Failed password for invalid user ts from 185.210.89.26 port 38188 ssh2
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: Connection closed by 185.210.89.26 port 38188 [preauth]
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Failed password for root from 185.210.89.26 port 38550 ssh2
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23412]: Connection closed by 185.210.89.26 port 38550 [preauth]
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: Invalid user gpuadmin from 185.210.89.26
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: input_userauth_request: invalid user gpuadmin [preauth]
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Failed password for invalid user ftpuser from 185.210.89.26 port 38912 ssh2
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Failed password for invalid user jenkins from 94.159.101.55 port 39926 ssh2
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Connection closed by 185.210.89.26 port 38912 [preauth]
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Failed password for invalid user test from 185.210.89.26 port 39274 ssh2
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Received disconnect from 94.159.101.55 port 39926:11: Bye Bye [preauth]
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Disconnected from 94.159.101.55 port 39926 [preauth]
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Invalid user zabbix from 185.210.89.26
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: input_userauth_request: invalid user zabbix [preauth]
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Connection closed by 185.210.89.26 port 39274 [preauth]
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Failed password for invalid user gitlab from 185.210.89.26 port 39636 ssh2
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23421]: Connection closed by 185.210.89.26 port 39636 [preauth]
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: Failed password for invalid user guest from 185.210.89.26 port 39998 ssh2
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: Invalid user flask from 185.210.89.26
May  5 13:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: input_userauth_request: invalid user flask [preauth]
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Failed password for invalid user worker from 185.210.89.26 port 40360 ssh2
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23425]: Connection closed by 185.210.89.26 port 39998 [preauth]
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23427]: Connection closed by 185.210.89.26 port 40360 [preauth]
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Invalid user gitlab from 185.210.89.26
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: input_userauth_request: invalid user gitlab [preauth]
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Invalid user testuser from 185.210.89.26
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: input_userauth_request: invalid user testuser [preauth]
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Invalid user postgres from 185.210.89.26
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: input_userauth_request: invalid user postgres [preauth]
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: Failed password for invalid user gpuadmin from 185.210.89.26 port 41084 ssh2
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Invalid user jenkins from 185.210.89.26
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: input_userauth_request: invalid user jenkins [preauth]
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23429]: Connection closed by 185.210.89.26 port 41084 [preauth]
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Failed password for invalid user zabbix from 185.210.89.26 port 41446 ssh2
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Connection closed by 185.210.89.26 port 41446 [preauth]
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: Failed password for root from 185.210.89.26 port 41808 ssh2
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23445]: Connection closed by 185.210.89.26 port 41808 [preauth]
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: Failed password for invalid user flask from 185.210.89.26 port 42170 ssh2
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Invalid user admin from 185.210.89.26
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: input_userauth_request: invalid user admin [preauth]
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23447]: Connection closed by 185.210.89.26 port 42170 [preauth]
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Failed password for invalid user gitlab from 185.210.89.26 port 42532 ssh2
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: Invalid user weblogic from 185.210.89.26
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: input_userauth_request: invalid user weblogic [preauth]
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23449]: Connection closed by 185.210.89.26 port 42532 [preauth]
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Invalid user centos from 185.210.89.26
May  5 13:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: input_userauth_request: invalid user centos [preauth]
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Failed password for invalid user testuser from 185.210.89.26 port 42894 ssh2
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23451]: Connection closed by 185.210.89.26 port 42894 [preauth]
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: Invalid user steam from 185.210.89.26
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: input_userauth_request: invalid user steam [preauth]
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Failed password for invalid user postgres from 185.210.89.26 port 43256 ssh2
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Connection closed by 185.210.89.26 port 43256 [preauth]
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Invalid user test from 185.210.89.26
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: input_userauth_request: invalid user test [preauth]
May  5 13:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Failed password for invalid user jenkins from 185.210.89.26 port 43618 ssh2
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21501]: pam_unix(cron:session): session closed for user root
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Connection closed by 185.210.89.26 port 43618 [preauth]
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Invalid user test from 185.210.89.26
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: input_userauth_request: invalid user test [preauth]
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Failed password for root from 185.210.89.26 port 43980 ssh2
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23458]: Connection closed by 185.210.89.26 port 43980 [preauth]
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Invalid user centos from 185.210.89.26
May  5 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: input_userauth_request: invalid user centos [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Failed password for invalid user centos from 185.210.89.26 port 45066 ssh2
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23465]: Connection closed by 185.210.89.26 port 45066 [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Failed password for invalid user admin from 185.210.89.26 port 44342 ssh2
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Invalid user tomcat from 185.210.89.26
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: input_userauth_request: invalid user tomcat [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: Failed password for invalid user steam from 185.210.89.26 port 45428 ssh2
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Connection closed by 185.210.89.26 port 44342 [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: Connection closed by 185.210.89.26 port 45428 [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: Failed password for invalid user weblogic from 185.210.89.26 port 44704 ssh2
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: User mysql from 185.210.89.26 not allowed because not listed in AllowUsers
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: input_userauth_request: invalid user mysql [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23463]: Connection closed by 185.210.89.26 port 44704 [preauth]
May  5 13:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=mysql
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Failed password for invalid user test from 185.210.89.26 port 45790 ssh2
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23476]: Connection closed by 185.210.89.26 port 45790 [preauth]
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Failed password for invalid user test from 185.210.89.26 port 46152 ssh2
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23481]: Connection closed by 185.210.89.26 port 46152 [preauth]
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Failed password for root from 185.210.89.26 port 46514 ssh2
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23493]: Connection closed by 185.210.89.26 port 46514 [preauth]
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Invalid user zabbix from 185.210.89.26
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: input_userauth_request: invalid user zabbix [preauth]
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Failed password for invalid user centos from 185.210.89.26 port 46876 ssh2
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Connection closed by 185.210.89.26 port 46876 [preauth]
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: Invalid user kubernetes from 185.210.89.26
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: input_userauth_request: invalid user kubernetes [preauth]
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Failed password for invalid user tomcat from 185.210.89.26 port 47238 ssh2
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23506]: Connection closed by 185.210.89.26 port 47238 [preauth]
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Invalid user observer from 185.210.89.26
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: input_userauth_request: invalid user observer [preauth]
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: Failed password for invalid user mysql from 185.210.89.26 port 47600 ssh2
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: Connection closed by 185.210.89.26 port 47600 [preauth]
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23513]: Failed password for root from 185.210.89.26 port 47962 ssh2
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Invalid user bot from 185.210.89.26
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: input_userauth_request: invalid user bot [preauth]
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23513]: Connection closed by 185.210.89.26 port 47962 [preauth]
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Invalid user debianuser from 185.210.89.26
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: input_userauth_request: invalid user debianuser [preauth]
May  5 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Failed password for root from 185.210.89.26 port 48324 ssh2
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Invalid user hadoop from 185.210.89.26
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: input_userauth_request: invalid user hadoop [preauth]
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23515]: Connection closed by 185.210.89.26 port 48324 [preauth]
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Invalid user ranger from 185.210.89.26
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: input_userauth_request: invalid user ranger [preauth]
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Failed password for invalid user zabbix from 185.210.89.26 port 48686 ssh2
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Connection closed by 185.210.89.26 port 48686 [preauth]
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: Failed password for invalid user kubernetes from 185.210.89.26 port 49048 ssh2
May  5 13:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23520]: Connection closed by 185.210.89.26 port 49048 [preauth]
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23540]: User ftp from 185.210.89.26 not allowed because not listed in AllowUsers
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23540]: input_userauth_request: invalid user ftp [preauth]
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Failed password for invalid user observer from 185.210.89.26 port 49410 ssh2
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=ftp
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23522]: Connection closed by 185.210.89.26 port 49410 [preauth]
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Invalid user elastic from 185.210.89.26
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: input_userauth_request: invalid user elastic [preauth]
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Invalid user oracle from 185.210.89.26
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: input_userauth_request: invalid user oracle [preauth]
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Failed password for invalid user debianuser from 185.210.89.26 port 50504 ssh2
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Failed password for invalid user hadoop from 185.210.89.26 port 49780 ssh2
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Failed password for invalid user bot from 185.210.89.26 port 50142 ssh2
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Connection closed by 185.210.89.26 port 50504 [preauth]
May  5 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Connection closed by 185.210.89.26 port 49780 [preauth]
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Failed password for invalid user ranger from 185.210.89.26 port 50866 ssh2
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Connection closed by 185.210.89.26 port 50142 [preauth]
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23530]: Connection closed by 185.210.89.26 port 50866 [preauth]
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: Invalid user admin from 185.210.89.26
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: input_userauth_request: invalid user admin [preauth]
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: Invalid user default from 185.210.89.26
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: input_userauth_request: invalid user default [preauth]
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23540]: Failed password for invalid user ftp from 185.210.89.26 port 51590 ssh2
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Invalid user tomcat from 185.210.89.26
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: input_userauth_request: invalid user tomcat [preauth]
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23540]: Connection closed by 185.210.89.26 port 51590 [preauth]
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Failed password for invalid user elastic from 185.210.89.26 port 51952 ssh2
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23542]: Connection closed by 185.210.89.26 port 51952 [preauth]
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Invalid user gitlab from 185.210.89.26
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: input_userauth_request: invalid user gitlab [preauth]
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Failed password for invalid user oracle from 185.210.89.26 port 6202 ssh2
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23544]: Connection closed by 185.210.89.26 port 6202 [preauth]
May  5 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Invalid user hadoop from 185.210.89.26
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: input_userauth_request: invalid user hadoop [preauth]
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Failed password for root from 185.210.89.26 port 52314 ssh2
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23547]: Connection closed by 185.210.89.26 port 52314 [preauth]
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: Invalid user tools from 185.210.89.26
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: input_userauth_request: invalid user tools [preauth]
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: Failed password for invalid user admin from 185.210.89.26 port 52676 ssh2
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23549]: Connection closed by 185.210.89.26 port 52676 [preauth]
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: Invalid user admin from 185.210.89.26
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: input_userauth_request: invalid user admin [preauth]
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: Failed password for invalid user default from 185.210.89.26 port 53038 ssh2
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Failed password for invalid user tomcat from 185.210.89.26 port 53400 ssh2
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: Invalid user www from 185.210.89.26
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: input_userauth_request: invalid user www [preauth]
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: Connection closed by 185.210.89.26 port 53038 [preauth]
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Connection closed by 185.210.89.26 port 53400 [preauth]
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Failed password for invalid user gitlab from 185.210.89.26 port 53762 ssh2
May  5 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23555]: Connection closed by 185.210.89.26 port 53762 [preauth]
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: Invalid user es from 185.210.89.26
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: input_userauth_request: invalid user es [preauth]
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Failed password for root from 185.210.89.26 port 54132 ssh2
May  5 13:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23557]: Connection closed by 185.210.89.26 port 54132 [preauth]
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Failed password for invalid user hadoop from 185.210.89.26 port 54494 ssh2
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Invalid user oracle from 185.210.89.26
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: input_userauth_request: invalid user oracle [preauth]
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23559]: Connection closed by 185.210.89.26 port 54494 [preauth]
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: Failed password for invalid user tools from 185.210.89.26 port 6390 ssh2
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: Connection closed by 185.210.89.26 port 6390 [preauth]
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: Failed password for invalid user admin from 185.210.89.26 port 55218 ssh2
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Invalid user flink from 185.210.89.26
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: input_userauth_request: invalid user flink [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23570]: Connection closed by 185.210.89.26 port 55218 [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: Failed password for root from 185.210.89.26 port 56304 ssh2
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: Failed password for invalid user www from 185.210.89.26 port 55580 ssh2
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Invalid user gitlab-runner from 185.210.89.26
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23591]: Connection closed by 185.210.89.26 port 56304 [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23572]: Connection closed by 185.210.89.26 port 55580 [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: Failed password for invalid user es from 185.210.89.26 port 56666 ssh2
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23588]: Failed password for root from 185.210.89.26 port 6402 ssh2
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23594]: Connection closed by 185.210.89.26 port 56666 [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23588]: Connection closed by 185.210.89.26 port 6402 [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Invalid user es from 185.210.89.26
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: input_userauth_request: invalid user es [preauth]
May  5 13:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Invalid user oracle from 185.210.89.26
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: input_userauth_request: invalid user oracle [preauth]
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: Failed password for root from 185.210.89.26 port 57028 ssh2
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: Connection closed by 185.210.89.26 port 57028 [preauth]
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: Invalid user ubnt from 185.210.89.26
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: input_userauth_request: invalid user ubnt [preauth]
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Failed password for invalid user oracle from 185.210.89.26 port 57390 ssh2
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23598]: Connection closed by 185.210.89.26 port 57390 [preauth]
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: Invalid user nvidia from 185.210.89.26
May  5 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: input_userauth_request: invalid user nvidia [preauth]
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Failed password for invalid user flink from 185.210.89.26 port 58114 ssh2
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Connection closed by 185.210.89.26 port 58114 [preauth]
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Failed password for invalid user gitlab-runner from 185.210.89.26 port 58476 ssh2
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Connection closed by 185.210.89.26 port 58476 [preauth]
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Failed password for invalid user es from 185.210.89.26 port 58838 ssh2
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Connection closed by 185.210.89.26 port 58838 [preauth]
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Failed password for invalid user oracle from 185.210.89.26 port 59200 ssh2
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Connection closed by 185.210.89.26 port 59200 [preauth]
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: User ftp from 185.210.89.26 not allowed because not listed in AllowUsers
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: input_userauth_request: invalid user ftp [preauth]
May  5 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: Failed password for invalid user ubnt from 185.210.89.26 port 59562 ssh2
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=ftp
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: Failed password for invalid user nvidia from 185.210.89.26 port 59924 ssh2
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Invalid user developer from 185.210.89.26
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: input_userauth_request: invalid user developer [preauth]
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: Connection closed by 185.210.89.26 port 59562 [preauth]
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: Invalid user mongodb from 185.210.89.26
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: input_userauth_request: invalid user mongodb [preauth]
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: Connection closed by 185.210.89.26 port 59924 [preauth]
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: Invalid user mongodb from 185.210.89.26
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: input_userauth_request: invalid user mongodb [preauth]
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Failed password for root from 185.210.89.26 port 60286 ssh2
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23619]: Connection closed by 185.210.89.26 port 60286 [preauth]
May  5 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Failed password for root from 185.210.89.26 port 60648 ssh2
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: Invalid user app from 185.210.89.26
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: input_userauth_request: invalid user app [preauth]
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Connection closed by 185.210.89.26 port 60648 [preauth]
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: Failed password for root from 185.210.89.26 port 33140 ssh2
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23631]: Connection closed by 185.210.89.26 port 33140 [preauth]
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: Failed password for invalid user ftp from 185.210.89.26 port 33502 ssh2
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23633]: Connection closed by 185.210.89.26 port 33502 [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Failed password for invalid user developer from 185.210.89.26 port 32778 ssh2
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: Failed password for invalid user mongodb from 185.210.89.26 port 33864 ssh2
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Invalid user sonar from 185.210.89.26
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: input_userauth_request: invalid user sonar [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23635]: Connection closed by 185.210.89.26 port 32778 [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23637]: Connection closed by 185.210.89.26 port 33864 [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: Failed password for invalid user mongodb from 185.210.89.26 port 34226 ssh2
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: Invalid user elasticsearch from 185.210.89.26
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23640]: Connection closed by 185.210.89.26 port 34226 [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Invalid user www from 185.210.89.26
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: input_userauth_request: invalid user www [preauth]
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Invalid user docker from 185.210.89.26
May  5 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: input_userauth_request: invalid user docker [preauth]
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: Failed password for invalid user app from 185.210.89.26 port 34588 ssh2
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23642]: Connection closed by 185.210.89.26 port 34588 [preauth]
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Invalid user postgres from 185.210.89.26
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: input_userauth_request: invalid user postgres [preauth]
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Failed password for root from 185.210.89.26 port 34950 ssh2
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23644]: Connection closed by 185.210.89.26 port 34950 [preauth]
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Invalid user dev from 185.210.89.26
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: input_userauth_request: invalid user dev [preauth]
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: Invalid user guest from 185.210.89.26
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: input_userauth_request: invalid user guest [preauth]
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Failed password for invalid user sonar from 185.210.89.26 port 35674 ssh2
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: Invalid user tomcat from 185.210.89.26
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: input_userauth_request: invalid user tomcat [preauth]
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Connection closed by 185.210.89.26 port 35674 [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: Failed password for invalid user elasticsearch from 185.210.89.26 port 36036 ssh2
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Failed password for invalid user www from 185.210.89.26 port 35312 ssh2
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Invalid user elsearch from 185.210.89.26
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: input_userauth_request: invalid user elsearch [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Failed password for invalid user docker from 185.210.89.26 port 36398 ssh2
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: Connection closed by 185.210.89.26 port 36036 [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23653]: Connection closed by 185.210.89.26 port 36398 [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Connection closed by 185.210.89.26 port 35312 [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: Invalid user git from 185.210.89.26
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: input_userauth_request: invalid user git [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Failed password for root from 185.210.89.26 port 36760 ssh2
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: Connection closed by 185.210.89.26 port 36760 [preauth]
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Failed password for invalid user postgres from 185.210.89.26 port 37122 ssh2
May  5 13:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23658]: Connection closed by 185.210.89.26 port 37122 [preauth]
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: Invalid user esuser from 185.210.89.26
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: input_userauth_request: invalid user esuser [preauth]
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: Invalid user ftpuser from 185.210.89.26
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: input_userauth_request: invalid user ftpuser [preauth]
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Failed password for invalid user dev from 185.210.89.26 port 37484 ssh2
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Connection closed by 185.210.89.26 port 37484 [preauth]
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: Invalid user esuser from 185.210.89.26
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: input_userauth_request: invalid user esuser [preauth]
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: Failed password for invalid user guest from 185.210.89.26 port 37846 ssh2
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23670]: Connection closed by 185.210.89.26 port 37846 [preauth]
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: Failed password for invalid user tomcat from 185.210.89.26 port 38208 ssh2
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Invalid user worker from 185.210.89.26
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: input_userauth_request: invalid user worker [preauth]
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23672]: Connection closed by 185.210.89.26 port 38208 [preauth]
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Failed password for invalid user elsearch from 185.210.89.26 port 38570 ssh2
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Connection closed by 185.210.89.26 port 38570 [preauth]
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: Failed password for invalid user esuser from 185.210.89.26 port 39656 ssh2
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: Invalid user ftpuser from 185.210.89.26
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: input_userauth_request: invalid user ftpuser [preauth]
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23678]: Connection closed by 185.210.89.26 port 39656 [preauth]
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: Failed password for invalid user git from 185.210.89.26 port 38932 ssh2
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23676]: Connection closed by 185.210.89.26 port 38932 [preauth]
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Invalid user admin from 185.210.89.26
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: input_userauth_request: invalid user admin [preauth]
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: Failed password for invalid user ftpuser from 185.210.89.26 port 40018 ssh2
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: Connection closed by 185.210.89.26 port 40018 [preauth]
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Invalid user steam from 185.210.89.26
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: input_userauth_request: invalid user steam [preauth]
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Invalid user es from 185.210.89.26
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: input_userauth_request: invalid user es [preauth]
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: Failed password for invalid user esuser from 185.210.89.26 port 40388 ssh2
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Failed password for invalid user worker from 185.210.89.26 port 41112 ssh2
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23682]: Connection closed by 185.210.89.26 port 40388 [preauth]
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23688]: Connection closed by 185.210.89.26 port 41112 [preauth]
May  5 13:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Failed password for root from 185.210.89.26 port 40750 ssh2
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23712]: pam_unix(cron:session): session closed for user p13x
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: Failed password for invalid user ftpuser from 185.210.89.26 port 41474 ssh2
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Connection closed by 185.210.89.26 port 40750 [preauth]
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23690]: Connection closed by 185.210.89.26 port 41474 [preauth]
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23869]: Successful su for rubyman by root
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23869]: + ??? root:rubyman
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334209 of user rubyman.
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23869]: pam_unix(su:session): session closed for user rubyman
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334209.
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Invalid user deploy from 185.210.89.26
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: input_userauth_request: invalid user deploy [preauth]
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Failed password for invalid user admin from 185.210.89.26 port 41836 ssh2
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Invalid user demo from 185.210.89.26
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: input_userauth_request: invalid user demo [preauth]
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Connection closed by 185.210.89.26 port 41836 [preauth]
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Failed password for invalid user steam from 185.210.89.26 port 42198 ssh2
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Invalid user dev from 185.210.89.26
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: input_userauth_request: invalid user dev [preauth]
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23694]: Connection closed by 185.210.89.26 port 42198 [preauth]
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Failed password for root from 185.210.89.26 port 42922 ssh2
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Invalid user oscar from 185.210.89.26
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: input_userauth_request: invalid user oscar [preauth]
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23707]: Connection closed by 185.210.89.26 port 42922 [preauth]
May  5 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Failed password for invalid user es from 185.210.89.26 port 42560 ssh2
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Invalid user deploy from 185.210.89.26
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: input_userauth_request: invalid user deploy [preauth]
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Connection closed by 185.210.89.26 port 42560 [preauth]
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Invalid user dolphinscheduler from 185.210.89.26
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Failed password for invalid user deploy from 185.210.89.26 port 43284 ssh2
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Connection closed by 185.210.89.26 port 43284 [preauth]
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Failed password for invalid user demo from 185.210.89.26 port 43646 ssh2
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Invalid user pi from 185.210.89.26
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: input_userauth_request: invalid user pi [preauth]
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Connection closed by 185.210.89.26 port 43646 [preauth]
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Invalid user dev from 185.210.89.26
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: input_userauth_request: invalid user dev [preauth]
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Invalid user oceanbase from 185.210.89.26
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: input_userauth_request: invalid user oceanbase [preauth]
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20236]: pam_unix(cron:session): session closed for user root
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Failed password for invalid user oscar from 185.210.89.26 port 44740 ssh2
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Failed password for invalid user dev from 185.210.89.26 port 44370 ssh2
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Failed password for invalid user deploy from 185.210.89.26 port 44008 ssh2
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Invalid user lighthouse from 185.210.89.26
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: input_userauth_request: invalid user lighthouse [preauth]
May  5 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23953]: Connection closed by 185.210.89.26 port 44740 [preauth]
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Connection closed by 185.210.89.26 port 44370 [preauth]
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Connection closed by 185.210.89.26 port 44008 [preauth]
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Failed password for invalid user dolphinscheduler from 185.210.89.26 port 45102 ssh2
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Connection closed by 185.210.89.26 port 45102 [preauth]
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Failed password for invalid user pi from 185.210.89.26 port 45464 ssh2
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24014]: Connection closed by 185.210.89.26 port 45464 [preauth]
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23713]: pam_unix(cron:session): session closed for user samftp
May  5 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Failed password for invalid user dev from 185.210.89.26 port 45826 ssh2
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Connection closed by 185.210.89.26 port 45826 [preauth]
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Failed password for invalid user oceanbase from 185.210.89.26 port 46188 ssh2
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Invalid user user from 185.210.89.26
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: input_userauth_request: invalid user user [preauth]
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Connection closed by 185.210.89.26 port 46188 [preauth]
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Failed password for invalid user lighthouse from 185.210.89.26 port 46550 ssh2
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Connection closed by 185.210.89.26 port 46550 [preauth]
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Failed password for root from 185.210.89.26 port 46912 ssh2
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Invalid user svnuser from 185.210.89.26
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: input_userauth_request: invalid user svnuser [preauth]
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24067]: Connection closed by 185.210.89.26 port 46912 [preauth]
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Failed password for root from 185.210.89.26 port 47274 ssh2
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Invalid user ftpuser from 185.210.89.26
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: input_userauth_request: invalid user ftpuser [preauth]
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24086]: Connection closed by 185.210.89.26 port 47274 [preauth]
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Failed password for root from 185.210.89.26 port 47636 ssh2
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Connection closed by 185.210.89.26 port 47636 [preauth]
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: Invalid user ubuntu from 185.210.89.26
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: input_userauth_request: invalid user ubuntu [preauth]
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Failed password for root from 185.210.89.26 port 47998 ssh2
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Connection closed by 185.210.89.26 port 47998 [preauth]
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: Invalid user esadmin from 185.210.89.26
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: input_userauth_request: invalid user esadmin [preauth]
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Failed password for invalid user user from 185.210.89.26 port 48360 ssh2
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Connection closed by 185.210.89.26 port 48360 [preauth]
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24110]: Failed password for root from 185.210.89.26 port 48722 ssh2
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: Invalid user flask from 185.210.89.26
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: input_userauth_request: invalid user flask [preauth]
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24110]: Connection closed by 185.210.89.26 port 48722 [preauth]
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for invalid user svnuser from 185.210.89.26 port 49084 ssh2
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Invalid user deploy from 185.210.89.26
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: input_userauth_request: invalid user deploy [preauth]
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Connection closed by 185.210.89.26 port 49084 [preauth]
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Failed password for invalid user ftpuser from 185.210.89.26 port 49446 ssh2
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24114]: Connection closed by 185.210.89.26 port 49446 [preauth]
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Failed password for root from 185.210.89.26 port 50170 ssh2
May  5 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Connection closed by 185.210.89.26 port 50170 [preauth]
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: Failed password for invalid user ubuntu from 185.210.89.26 port 49808 ssh2
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: Failed password for invalid user esadmin from 185.210.89.26 port 50532 ssh2
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24120]: Connection closed by 185.210.89.26 port 50532 [preauth]
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: Connection closed by 185.210.89.26 port 49808 [preauth]
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Invalid user oracle from 185.210.89.26
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: input_userauth_request: invalid user oracle [preauth]
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Failed password for root from 185.210.89.26 port 50894 ssh2
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24122]: Connection closed by 185.210.89.26 port 50894 [preauth]
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: Invalid user rabbitmq from 185.210.89.26
May  5 13:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: input_userauth_request: invalid user rabbitmq [preauth]
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: Failed password for invalid user flask from 185.210.89.26 port 51256 ssh2
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24124]: Connection closed by 185.210.89.26 port 51256 [preauth]
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Failed password for invalid user deploy from 185.210.89.26 port 51618 ssh2
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24127]: Connection closed by 185.210.89.26 port 51618 [preauth]
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Failed password for root from 185.210.89.26 port 51980 ssh2
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Failed password for root from 185.210.89.26 port 52342 ssh2
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24129]: Connection closed by 185.210.89.26 port 51980 [preauth]
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Connection closed by 185.210.89.26 port 52342 [preauth]
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for invalid user oracle from 185.210.89.26 port 52704 ssh2
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Invalid user wang from 185.210.89.26
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: input_userauth_request: invalid user wang [preauth]
May  5 13:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Connection closed by 185.210.89.26 port 52704 [preauth]
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Invalid user hadoop from 185.210.89.26
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: input_userauth_request: invalid user hadoop [preauth]
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: Failed password for invalid user rabbitmq from 185.210.89.26 port 53066 ssh2
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24144]: Connection closed by 185.210.89.26 port 53066 [preauth]
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Failed password for root from 185.210.89.26 port 53428 ssh2
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24147]: Connection closed by 185.210.89.26 port 53428 [preauth]
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Failed password for root from 185.210.89.26 port 54152 ssh2
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Invalid user elasticsearch from 185.210.89.26
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Failed password for root from 185.210.89.26 port 53790 ssh2
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Connection closed by 185.210.89.26 port 54152 [preauth]
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Connection closed by 185.210.89.26 port 53790 [preauth]
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: User ftp from 185.210.89.26 not allowed because not listed in AllowUsers
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: input_userauth_request: invalid user ftp [preauth]
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=ftp
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Invalid user uftp from 185.210.89.26
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: input_userauth_request: invalid user uftp [preauth]
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: Invalid user awsgui from 185.210.89.26
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: input_userauth_request: invalid user awsgui [preauth]
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Failed password for invalid user wang from 185.210.89.26 port 54876 ssh2
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24167]: Connection closed by 185.210.89.26 port 54876 [preauth]
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: Invalid user dolphinscheduler from 185.210.89.26
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Failed password for invalid user hadoop from 185.210.89.26 port 55238 ssh2
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24169]: Connection closed by 185.210.89.26 port 55238 [preauth]
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Failed password for invalid user elasticsearch from 185.210.89.26 port 55962 ssh2
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Failed password for root from 185.210.89.26 port 55600 ssh2
May  5 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24174]: Connection closed by 185.210.89.26 port 55962 [preauth]
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for invalid user ftp from 185.210.89.26 port 56324 ssh2
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24171]: Connection closed by 185.210.89.26 port 55600 [preauth]
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Invalid user yarn from 185.210.89.26
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: input_userauth_request: invalid user yarn [preauth]
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Connection closed by 185.210.89.26 port 56324 [preauth]
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Failed password for invalid user uftp from 185.210.89.26 port 56686 ssh2
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Invalid user test2 from 185.210.89.26
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: input_userauth_request: invalid user test2 [preauth]
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24179]: Connection closed by 185.210.89.26 port 56686 [preauth]
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Invalid user oracle from 185.210.89.26
May  5 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: input_userauth_request: invalid user oracle [preauth]
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: Invalid user guest from 185.210.89.26
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: input_userauth_request: invalid user guest [preauth]
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: Failed password for invalid user awsgui from 185.210.89.26 port 57048 ssh2
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: Connection closed by 185.210.89.26 port 57048 [preauth]
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: Failed password for invalid user dolphinscheduler from 185.210.89.26 port 57410 ssh2
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Invalid user wang from 185.210.89.26
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: input_userauth_request: invalid user wang [preauth]
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24186]: Connection closed by 185.210.89.26 port 57410 [preauth]
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: Invalid user www from 185.210.89.26
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: input_userauth_request: invalid user www [preauth]
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: Invalid user nexus from 185.210.89.26
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: input_userauth_request: invalid user nexus [preauth]
May  5 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Failed password for invalid user yarn from 185.210.89.26 port 58134 ssh2
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: Connection closed by 185.210.89.26 port 58134 [preauth]
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Failed password for root from 185.210.89.26 port 57772 ssh2
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Failed password for invalid user oracle from 185.210.89.26 port 58862 ssh2
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Invalid user app from 185.210.89.26
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: input_userauth_request: invalid user app [preauth]
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Connection closed by 185.210.89.26 port 57772 [preauth]
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24203]: Connection closed by 185.210.89.26 port 58862 [preauth]
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Failed password for invalid user test2 from 185.210.89.26 port 58496 ssh2
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: Failed password for invalid user guest from 185.210.89.26 port 59228 ssh2
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Connection closed by 185.210.89.26 port 58496 [preauth]
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: Connection closed by 185.210.89.26 port 59228 [preauth]
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Failed password for invalid user wang from 185.210.89.26 port 59590 ssh2
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24211]: Connection closed by 185.210.89.26 port 59590 [preauth]
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26  user=root
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: Failed password for invalid user www from 185.210.89.26 port 6410 ssh2
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: Invalid user es from 185.210.89.26
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: input_userauth_request: invalid user es [preauth]
May  5 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24216]: Connection closed by 185.210.89.26 port 6410 [preauth]
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Failed password for root from 185.210.89.26 port 60314 ssh2
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: Failed password for invalid user nexus from 185.210.89.26 port 60676 ssh2
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24219]: Connection closed by 185.210.89.26 port 60314 [preauth]
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24221]: Connection closed by 185.210.89.26 port 60676 [preauth]
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Failed password for invalid user app from 185.210.89.26 port 32806 ssh2
May  5 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Connection closed by 185.210.89.26 port 32806 [preauth]
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: Invalid user sugi from 185.210.89.26
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: input_userauth_request: invalid user sugi [preauth]
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: Failed password for root from 185.210.89.26 port 33530 ssh2
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.210.89.26
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24225]: Connection closed by 185.210.89.26 port 33530 [preauth]
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: Failed password for root from 185.210.89.26 port 33892 ssh2
May  5 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24227]: Connection closed by 185.210.89.26 port 33892 [preauth]
May  5 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: Failed password for invalid user es from 185.210.89.26 port 34254 ssh2
May  5 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: Invalid user it from 152.42.254.23
May  5 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: input_userauth_request: invalid user it [preauth]
May  5 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24236]: Connection closed by 185.210.89.26 port 34254 [preauth]
May  5 13:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: Failed password for invalid user sugi from 185.210.89.26 port 34616 ssh2
May  5 13:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: Connection closed by 185.210.89.26 port 34616 [preauth]
May  5 13:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: Failed password for invalid user it from 152.42.254.23 port 37412 ssh2
May  5 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: Received disconnect from 152.42.254.23 port 37412:11: Bye Bye [preauth]
May  5 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24242]: Disconnected from 152.42.254.23 port 37412 [preauth]
May  5 13:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Invalid user maarch from 139.59.114.137
May  5 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: input_userauth_request: invalid user maarch [preauth]
May  5 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22279]: pam_unix(cron:session): session closed for user root
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Failed password for invalid user maarch from 139.59.114.137 port 43810 ssh2
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Received disconnect from 139.59.114.137 port 43810:11: Bye Bye [preauth]
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Disconnected from 139.59.114.137 port 43810 [preauth]
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: Invalid user lampuser from 35.222.117.243
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: input_userauth_request: invalid user lampuser [preauth]
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: Failed password for invalid user lampuser from 35.222.117.243 port 53350 ssh2
May  5 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: Received disconnect from 35.222.117.243 port 53350:11: Bye Bye [preauth]
May  5 13:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24311]: Disconnected from 35.222.117.243 port 53350 [preauth]
May  5 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: Invalid user w from 195.178.110.50
May  5 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: input_userauth_request: invalid user w [preauth]
May  5 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 13:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: Failed password for invalid user w from 195.178.110.50 port 30990 ssh2
May  5 13:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24245]: Connection closed by 195.178.110.50 port 30990 [preauth]
May  5 13:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24378]: pam_unix(cron:session): session closed for user p13x
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24448]: Successful su for rubyman by root
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24448]: + ??? root:rubyman
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334212 of user rubyman.
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24448]: pam_unix(su:session): session closed for user rubyman
May  5 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334212.
May  5 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Invalid user X from 195.178.110.50
May  5 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: input_userauth_request: invalid user X [preauth]
May  5 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Failed password for invalid user X from 195.178.110.50 port 45076 ssh2
May  5 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session closed for user root
May  5 13:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24379]: pam_unix(cron:session): session closed for user samftp
May  5 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Connection closed by 195.178.110.50 port 45076 [preauth]
May  5 13:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: Invalid user 9 from 195.178.110.50
May  5 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: input_userauth_request: invalid user 9 [preauth]
May  5 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: Failed password for invalid user 9 from 195.178.110.50 port 25654 ssh2
May  5 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24648]: Connection closed by 195.178.110.50 port 25654 [preauth]
May  5 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session closed for user root
May  5 13:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Invalid user x from 195.178.110.50
May  5 13:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: input_userauth_request: invalid user x [preauth]
May  5 13:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 13:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Failed password for invalid user x from 195.178.110.50 port 41736 ssh2
May  5 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24717]: Connection closed by 195.178.110.50 port 41736 [preauth]
May  5 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: Invalid user jiadong from 172.174.5.146
May  5 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: input_userauth_request: invalid user jiadong [preauth]
May  5 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: Failed password for invalid user jiadong from 172.174.5.146 port 46893 ssh2
May  5 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: Received disconnect from 172.174.5.146 port 46893:11: Bye Bye [preauth]
May  5 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24793]: Disconnected from 172.174.5.146 port 46893 [preauth]
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session closed for user root
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24811]: pam_unix(cron:session): session closed for user p13x
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: Successful su for rubyman by root
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: + ??? root:rubyman
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334216 of user rubyman.
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: pam_unix(su:session): session closed for user rubyman
May  5 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334216.
May  5 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Invalid user Y from 195.178.110.50
May  5 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: input_userauth_request: invalid user Y [preauth]
May  5 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session closed for user root
May  5 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session closed for user root
May  5 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Failed password for invalid user Y from 195.178.110.50 port 5978 ssh2
May  5 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24812]: pam_unix(cron:session): session closed for user samftp
May  5 13:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24784]: Connection closed by 195.178.110.50 port 5978 [preauth]
May  5 13:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119  user=root
May  5 13:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Failed password for root from 103.23.199.119 port 55920 ssh2
May  5 13:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Received disconnect from 103.23.199.119 port 55920:11: Bye Bye [preauth]
May  5 13:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25160]: Disconnected from 103.23.199.119 port 55920 [preauth]
May  5 13:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23715]: pam_unix(cron:session): session closed for user root
May  5 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25263]: pam_unix(cron:session): session closed for user p13x
May  5 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25332]: Successful su for rubyman by root
May  5 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25332]: + ??? root:rubyman
May  5 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334222 of user rubyman.
May  5 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25332]: pam_unix(su:session): session closed for user rubyman
May  5 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334222.
May  5 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21500]: pam_unix(cron:session): session closed for user root
May  5 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25264]: pam_unix(cron:session): session closed for user samftp
May  5 13:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24381]: pam_unix(cron:session): session closed for user root
May  5 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session closed for user p13x
May  5 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25737]: Successful su for rubyman by root
May  5 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25737]: + ??? root:rubyman
May  5 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334226 of user rubyman.
May  5 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25737]: pam_unix(su:session): session closed for user rubyman
May  5 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334226.
May  5 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22276]: pam_unix(cron:session): session closed for user root
May  5 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25678]: pam_unix(cron:session): session closed for user samftp
May  5 13:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Invalid user midas from 94.159.101.55
May  5 13:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: input_userauth_request: invalid user midas [preauth]
May  5 13:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.159.101.55
May  5 13:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Failed password for invalid user midas from 94.159.101.55 port 46518 ssh2
May  5 13:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Received disconnect from 94.159.101.55 port 46518:11: Bye Bye [preauth]
May  5 13:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Disconnected from 94.159.101.55 port 46518 [preauth]
May  5 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session closed for user root
May  5 13:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: Invalid user authority from 193.32.162.134
May  5 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: input_userauth_request: invalid user authority [preauth]
May  5 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: Failed password for invalid user authority from 193.32.162.134 port 49342 ssh2
May  5 13:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26018]: Connection closed by 193.32.162.134 port 49342 [preauth]
May  5 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26080]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26077]: pam_unix(cron:session): session closed for user p13x
May  5 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: Successful su for rubyman by root
May  5 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: + ??? root:rubyman
May  5 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334231 of user rubyman.
May  5 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26141]: pam_unix(su:session): session closed for user rubyman
May  5 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334231.
May  5 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session closed for user root
May  5 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26078]: pam_unix(cron:session): session closed for user samftp
May  5 13:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Invalid user es from 152.42.254.23
May  5 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: input_userauth_request: invalid user es [preauth]
May  5 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23
May  5 13:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Failed password for invalid user es from 152.42.254.23 port 47750 ssh2
May  5 13:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Received disconnect from 152.42.254.23 port 47750:11: Bye Bye [preauth]
May  5 13:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Disconnected from 152.42.254.23 port 47750 [preauth]
May  5 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session closed for user root
May  5 13:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137  user=root
May  5 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Failed password for root from 139.59.114.137 port 45782 ssh2
May  5 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Received disconnect from 139.59.114.137 port 45782:11: Bye Bye [preauth]
May  5 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26413]: Disconnected from 139.59.114.137 port 45782 [preauth]
May  5 13:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Invalid user web from 35.222.117.243
May  5 13:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: input_userauth_request: invalid user web [preauth]
May  5 13:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243
May  5 13:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.217.132  user=root
May  5 13:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for invalid user web from 35.222.117.243 port 60868 ssh2
May  5 13:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Received disconnect from 35.222.117.243 port 60868:11: Bye Bye [preauth]
May  5 13:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Disconnected from 35.222.117.243 port 60868 [preauth]
May  5 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Failed password for root from 106.54.217.132 port 40506 ssh2
May  5 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Received disconnect from 106.54.217.132 port 40506:11: Bye Bye [preauth]
May  5 13:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Disconnected from 106.54.217.132 port 40506 [preauth]
May  5 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session closed for user p13x
May  5 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: Successful su for rubyman by root
May  5 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: + ??? root:rubyman
May  5 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334236 of user rubyman.
May  5 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26623]: pam_unix(su:session): session closed for user rubyman
May  5 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334236.
May  5 13:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23714]: pam_unix(cron:session): session closed for user root
May  5 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user samftp
May  5 13:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25680]: pam_unix(cron:session): session closed for user root
May  5 13:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Failed password for root from 80.94.95.29 port 4621 ssh2
May  5 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 4621 ssh2]
May  5 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Received disconnect from 80.94.95.29 port 4621:11: Bye [preauth]
May  5 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Disconnected from 80.94.95.29 port 4621 [preauth]
May  5 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 13:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 13:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146  user=root
May  5 13:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Failed password for root from 172.174.5.146 port 65425 ssh2
May  5 13:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Received disconnect from 172.174.5.146 port 65425:11: Bye Bye [preauth]
May  5 13:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Disconnected from 172.174.5.146 port 65425 [preauth]
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session closed for user root
May  5 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26996]: pam_unix(cron:session): session closed for user p13x
May  5 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: Successful su for rubyman by root
May  5 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: + ??? root:rubyman
May  5 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334240 of user rubyman.
May  5 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session closed for user rubyman
May  5 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334240.
May  5 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session closed for user root
May  5 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24380]: pam_unix(cron:session): session closed for user root
May  5 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26997]: pam_unix(cron:session): session closed for user samftp
May  5 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26080]: pam_unix(cron:session): session closed for user root
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27513]: pam_unix(cron:session): session closed for user p13x
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27589]: Successful su for rubyman by root
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27589]: + ??? root:rubyman
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334245 of user rubyman.
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27589]: pam_unix(su:session): session closed for user rubyman
May  5 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334245.
May  5 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session closed for user root
May  5 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27514]: pam_unix(cron:session): session closed for user samftp
May  5 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26564]: pam_unix(cron:session): session closed for user root
May  5 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27929]: pam_unix(cron:session): session closed for user p13x
May  5 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27994]: Successful su for rubyman by root
May  5 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27994]: + ??? root:rubyman
May  5 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334249 of user rubyman.
May  5 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27994]: pam_unix(su:session): session closed for user rubyman
May  5 13:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334249.
May  5 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25265]: pam_unix(cron:session): session closed for user root
May  5 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session closed for user samftp
May  5 13:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Did not receive identification string from 193.32.162.185
May  5 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session closed for user root
May  5 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  5 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Failed password for root from 186.96.145.241 port 54852 ssh2
May  5 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28270]: Connection closed by 186.96.145.241 port 54852 [preauth]
May  5 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Invalid user owner from 103.23.199.119
May  5 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: input_userauth_request: invalid user owner [preauth]
May  5 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Failed password for invalid user owner from 103.23.199.119 port 38178 ssh2
May  5 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Received disconnect from 103.23.199.119 port 38178:11: Bye Bye [preauth]
May  5 13:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28272]: Disconnected from 103.23.199.119 port 38178 [preauth]
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session closed for user p13x
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28391]: Successful su for rubyman by root
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28391]: + ??? root:rubyman
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334253 of user rubyman.
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28391]: pam_unix(su:session): session closed for user rubyman
May  5 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334253.
May  5 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25679]: pam_unix(cron:session): session closed for user root
May  5 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28328]: pam_unix(cron:session): session closed for user samftp
May  5 13:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.254.23  user=root
May  5 13:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28582]: Failed password for root from 152.42.254.23 port 50820 ssh2
May  5 13:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28582]: Received disconnect from 152.42.254.23 port 50820:11: Bye Bye [preauth]
May  5 13:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28582]: Disconnected from 152.42.254.23 port 50820 [preauth]
May  5 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27516]: pam_unix(cron:session): session closed for user root
May  5 13:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Invalid user user from 80.94.95.29
May  5 13:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: input_userauth_request: invalid user user [preauth]
May  5 13:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 13:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Failed password for invalid user user from 80.94.95.29 port 50803 ssh2
May  5 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Invalid user raj from 139.59.114.137
May  5 13:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: input_userauth_request: invalid user raj [preauth]
May  5 13:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Failed password for invalid user user from 80.94.95.29 port 50803 ssh2
May  5 13:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Failed password for invalid user raj from 139.59.114.137 port 39366 ssh2
May  5 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Received disconnect from 139.59.114.137 port 39366:11: Bye Bye [preauth]
May  5 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28687]: Disconnected from 139.59.114.137 port 39366 [preauth]
May  5 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Failed password for invalid user user from 80.94.95.29 port 50803 ssh2
May  5 13:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Failed password for invalid user user from 80.94.95.29 port 50803 ssh2
May  5 13:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Failed password for invalid user user from 80.94.95.29 port 50803 ssh2
May  5 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Received disconnect from 80.94.95.29 port 50803:11: Bye [preauth]
May  5 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: Disconnected from 80.94.95.29 port 50803 [preauth]
May  5 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 13:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28676]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 13:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: Invalid user james from 193.32.162.134
May  5 13:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: input_userauth_request: invalid user james [preauth]
May  5 13:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 13:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: Failed password for invalid user james from 193.32.162.134 port 33160 ssh2
May  5 13:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28725]: Connection closed by 193.32.162.134 port 33160 [preauth]
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28730]: pam_unix(cron:session): session closed for user p13x
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28796]: Successful su for rubyman by root
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28796]: + ??? root:rubyman
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334258 of user rubyman.
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28796]: pam_unix(su:session): session closed for user rubyman
May  5 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334258.
May  5 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26079]: pam_unix(cron:session): session closed for user root
May  5 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28731]: pam_unix(cron:session): session closed for user samftp
May  5 13:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 13:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: Failed password for root from 35.222.117.243 port 40156 ssh2
May  5 13:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: Received disconnect from 35.222.117.243 port 40156:11: Bye Bye [preauth]
May  5 13:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28991]: Disconnected from 35.222.117.243 port 40156 [preauth]
May  5 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session closed for user root
May  5 13:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: Invalid user zhan from 164.68.105.9
May  5 13:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: input_userauth_request: invalid user zhan [preauth]
May  5 13:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 13:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: Failed password for invalid user zhan from 164.68.105.9 port 47666 ssh2
May  5 13:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29179]: Connection closed by 164.68.105.9 port 47666 [preauth]
May  5 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Invalid user hsj from 172.174.5.146
May  5 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: input_userauth_request: invalid user hsj [preauth]
May  5 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): check pass; user unknown
May  5 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 13:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Failed password for invalid user hsj from 172.174.5.146 port 27467 ssh2
May  5 13:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Received disconnect from 172.174.5.146 port 27467:11: Bye Bye [preauth]
May  5 13:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Disconnected from 172.174.5.146 port 27467 [preauth]
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29244]: pam_unix(cron:session): session closed for user root
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29251]: pam_unix(cron:session): session closed for user root
May  5 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29242]: pam_unix(cron:session): session closed for user p13x
May  5 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29339]: Successful su for rubyman by root
May  5 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29339]: + ??? root:rubyman
May  5 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334265 of user rubyman.
May  5 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29339]: pam_unix(su:session): session closed for user rubyman
May  5 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334265.
May  5 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29245]: pam_unix(cron:session): session closed for user root
May  5 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session closed for user root
May  5 14:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29243]: pam_unix(cron:session): session closed for user samftp
May  5 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28330]: pam_unix(cron:session): session closed for user root
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user p13x
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: Successful su for rubyman by root
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: + ??? root:rubyman
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334267 of user rubyman.
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29820]: pam_unix(su:session): session closed for user rubyman
May  5 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334267.
May  5 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session closed for user root
May  5 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29758]: pam_unix(cron:session): session closed for user samftp
May  5 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28734]: pam_unix(cron:session): session closed for user root
May  5 14:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Invalid user dev from 12.156.67.18
May  5 14:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: input_userauth_request: invalid user dev [preauth]
May  5 14:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Failed password for invalid user dev from 12.156.67.18 port 50136 ssh2
May  5 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Received disconnect from 12.156.67.18 port 50136:11: Bye Bye [preauth]
May  5 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30114]: Disconnected from 12.156.67.18 port 50136 [preauth]
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session closed for user p13x
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30229]: Successful su for rubyman by root
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30229]: + ??? root:rubyman
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334272 of user rubyman.
May  5 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30229]: pam_unix(su:session): session closed for user rubyman
May  5 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334272.
May  5 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27515]: pam_unix(cron:session): session closed for user root
May  5 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session closed for user samftp
May  5 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29249]: pam_unix(cron:session): session closed for user root
May  5 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  5 14:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: Failed password for root from 218.92.0.208 port 8142 ssh2
May  5 14:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30538]: message repeated 3 times: [ Failed password for root from 218.92.0.208 port 8142 ssh2]
May  5 14:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user p13x
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: Successful su for rubyman by root
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: + ??? root:rubyman
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334275 of user rubyman.
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30627]: pam_unix(su:session): session closed for user rubyman
May  5 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334275.
May  5 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Failed password for root from 218.92.0.179 port 60181 ssh2
May  5 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session closed for user root
May  5 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Failed password for root from 218.92.0.179 port 60181 ssh2
May  5 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session closed for user samftp
May  5 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Failed password for root from 218.92.0.179 port 60181 ssh2
May  5 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Received disconnect from 218.92.0.179 port 60181:11:  [preauth]
May  5 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: Disconnected from 218.92.0.179 port 60181 [preauth]
May  5 14:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30564]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  5 14:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30806]: Failed password for root from 218.92.0.208 port 38380 ssh2
May  5 14:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30806]: message repeated 3 times: [ Failed password for root from 218.92.0.208 port 38380 ssh2]
May  5 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29760]: pam_unix(cron:session): session closed for user root
May  5 14:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Invalid user roo from 139.59.114.137
May  5 14:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: input_userauth_request: invalid user roo [preauth]
May  5 14:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Failed password for invalid user roo from 139.59.114.137 port 51788 ssh2
May  5 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Received disconnect from 139.59.114.137 port 51788:11: Bye Bye [preauth]
May  5 14:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Disconnected from 139.59.114.137 port 51788 [preauth]
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30959]: pam_unix(cron:session): session closed for user p13x
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: Successful su for rubyman by root
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: + ??? root:rubyman
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334279 of user rubyman.
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31021]: pam_unix(su:session): session closed for user rubyman
May  5 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334279.
May  5 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28329]: pam_unix(cron:session): session closed for user root
May  5 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30960]: pam_unix(cron:session): session closed for user samftp
May  5 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session closed for user root
May  5 14:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.222.117.243  user=root
May  5 14:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Failed password for root from 35.222.117.243 port 47676 ssh2
May  5 14:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Received disconnect from 35.222.117.243 port 47676:11: Bye Bye [preauth]
May  5 14:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Disconnected from 35.222.117.243 port 47676 [preauth]
May  5 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Invalid user dolphinscheduler from 172.174.5.146
May  5 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Failed password for invalid user dolphinscheduler from 172.174.5.146 port 46009 ssh2
May  5 14:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Received disconnect from 172.174.5.146 port 46009:11: Bye Bye [preauth]
May  5 14:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Disconnected from 172.174.5.146 port 46009 [preauth]
May  5 14:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Invalid user xuhao from 103.23.199.119
May  5 14:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: input_userauth_request: invalid user xuhao [preauth]
May  5 14:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Failed password for invalid user xuhao from 103.23.199.119 port 37732 ssh2
May  5 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Received disconnect from 103.23.199.119 port 37732:11: Bye Bye [preauth]
May  5 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Disconnected from 103.23.199.119 port 37732 [preauth]
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31381]: pam_unix(cron:session): session closed for user root
May  5 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31376]: pam_unix(cron:session): session closed for user p13x
May  5 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31443]: Successful su for rubyman by root
May  5 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31443]: + ??? root:rubyman
May  5 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334283 of user rubyman.
May  5 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31443]: pam_unix(su:session): session closed for user rubyman
May  5 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334283.
May  5 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session closed for user root
May  5 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28732]: pam_unix(cron:session): session closed for user root
May  5 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31377]: pam_unix(cron:session): session closed for user samftp
May  5 14:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: User john from 193.32.162.134 not allowed because not listed in AllowUsers
May  5 14:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: input_userauth_request: invalid user john [preauth]
May  5 14:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134  user=john
May  5 14:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user john from 193.32.162.134 port 45212 ssh2
May  5 14:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Connection closed by 193.32.162.134 port 45212 [preauth]
May  5 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30570]: pam_unix(cron:session): session closed for user root
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31817]: pam_unix(cron:session): session closed for user p13x
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31887]: Successful su for rubyman by root
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31887]: + ??? root:rubyman
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334291 of user rubyman.
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31887]: pam_unix(su:session): session closed for user rubyman
May  5 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334291.
May  5 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29248]: pam_unix(cron:session): session closed for user root
May  5 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31818]: pam_unix(cron:session): session closed for user samftp
May  5 14:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30962]: pam_unix(cron:session): session closed for user root
May  5 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 14:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: Failed password for root from 12.156.67.18 port 50402 ssh2
May  5 14:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: Received disconnect from 12.156.67.18 port 50402:11: Bye Bye [preauth]
May  5 14:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32226]: Disconnected from 12.156.67.18 port 50402 [preauth]
May  5 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32237]: pam_unix(cron:session): session closed for user p13x
May  5 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32295]: Successful su for rubyman by root
May  5 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32295]: + ??? root:rubyman
May  5 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334293 of user rubyman.
May  5 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32295]: pam_unix(su:session): session closed for user rubyman
May  5 14:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334293.
May  5 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29759]: pam_unix(cron:session): session closed for user root
May  5 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32238]: pam_unix(cron:session): session closed for user samftp
May  5 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31380]: pam_unix(cron:session): session closed for user root
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user p13x
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: Successful su for rubyman by root
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: + ??? root:rubyman
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334298 of user rubyman.
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: pam_unix(su:session): session closed for user rubyman
May  5 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334298.
May  5 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session closed for user root
May  5 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user samftp
May  5 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session closed for user root
May  5 14:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Invalid user admin from 80.94.95.112
May  5 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: input_userauth_request: invalid user admin [preauth]
May  5 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 14:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for invalid user admin from 80.94.95.112 port 40405 ssh2
May  5 14:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for invalid user admin from 80.94.95.112 port 40405 ssh2
May  5 14:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for invalid user admin from 80.94.95.112 port 40405 ssh2
May  5 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for invalid user admin from 80.94.95.112 port 40405 ssh2
May  5 14:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Invalid user traccar from 139.59.114.137
May  5 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: input_userauth_request: invalid user traccar [preauth]
May  5 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 14:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Failed password for invalid user admin from 80.94.95.112 port 40405 ssh2
May  5 14:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Received disconnect from 80.94.95.112 port 40405:11: Bye [preauth]
May  5 14:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: Disconnected from 80.94.95.112 port 40405 [preauth]
May  5 14:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 14:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[690]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 14:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Failed password for invalid user traccar from 139.59.114.137 port 50328 ssh2
May  5 14:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Received disconnect from 139.59.114.137 port 50328:11: Bye Bye [preauth]
May  5 14:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[716]: Disconnected from 139.59.114.137 port 50328 [preauth]
May  5 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[729]: pam_unix(cron:session): session closed for user p13x
May  5 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[859]: Successful su for rubyman by root
May  5 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[859]: + ??? root:rubyman
May  5 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334302 of user rubyman.
May  5 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[859]: pam_unix(su:session): session closed for user rubyman
May  5 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334302.
May  5 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[727]: pam_unix(cron:session): session closed for user root
May  5 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session closed for user root
May  5 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session closed for user samftp
May  5 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session closed for user root
May  5 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Invalid user jguo from 172.174.5.146
May  5 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: input_userauth_request: invalid user jguo [preauth]
May  5 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Failed password for invalid user jguo from 172.174.5.146 port 64548 ssh2
May  5 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Received disconnect from 172.174.5.146 port 64548:11: Bye Bye [preauth]
May  5 14:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1196]: Disconnected from 172.174.5.146 port 64548 [preauth]
May  5 14:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for root from 218.92.0.179 port 17385 ssh2
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1273]: pam_unix(cron:session): session closed for user root
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for root from 218.92.0.179 port 17385 ssh2
May  5 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user p13x
May  5 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: Successful su for rubyman by root
May  5 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: + ??? root:rubyman
May  5 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334308 of user rubyman.
May  5 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1345]: pam_unix(su:session): session closed for user rubyman
May  5 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334308.
May  5 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for root from 218.92.0.179 port 17385 ssh2
May  5 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Received disconnect from 218.92.0.179 port 17385:11:  [preauth]
May  5 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Disconnected from 218.92.0.179 port 17385 [preauth]
May  5 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session closed for user root
May  5 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30961]: pam_unix(cron:session): session closed for user root
May  5 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session closed for user samftp
May  5 14:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Did not receive identification string from 193.32.162.89
May  5 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session closed for user root
May  5 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1755]: pam_unix(cron:session): session closed for user p13x
May  5 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1828]: Successful su for rubyman by root
May  5 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1828]: + ??? root:rubyman
May  5 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334312 of user rubyman.
May  5 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1828]: pam_unix(su:session): session closed for user rubyman
May  5 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334312.
May  5 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session closed for user root
May  5 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1756]: pam_unix(cron:session): session closed for user samftp
May  5 14:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.207.223.48  user=root
May  5 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2129]: Failed password for root from 45.207.223.48 port 41124 ssh2
May  5 14:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2129]: Connection closed by 45.207.223.48 port 41124 [preauth]
May  5 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Invalid user confluence from 12.156.67.18
May  5 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: input_userauth_request: invalid user confluence [preauth]
May  5 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Failed password for invalid user confluence from 12.156.67.18 port 57816 ssh2
May  5 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Received disconnect from 12.156.67.18 port 57816:11: Bye Bye [preauth]
May  5 14:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Disconnected from 12.156.67.18 port 57816 [preauth]
May  5 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session closed for user root
May  5 14:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Invalid user robert from 193.32.162.134
May  5 14:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: input_userauth_request: invalid user robert [preauth]
May  5 14:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 14:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Failed password for invalid user robert from 193.32.162.134 port 57264 ssh2
May  5 14:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2204]: Connection closed by 193.32.162.134 port 57264 [preauth]
May  5 14:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Invalid user liuyi from 103.23.199.119
May  5 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: input_userauth_request: invalid user liuyi [preauth]
May  5 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Failed password for invalid user liuyi from 103.23.199.119 port 49088 ssh2
May  5 14:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Received disconnect from 103.23.199.119 port 49088:11: Bye Bye [preauth]
May  5 14:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Disconnected from 103.23.199.119 port 49088 [preauth]
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session closed for user p13x
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2326]: Successful su for rubyman by root
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2326]: + ??? root:rubyman
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334316 of user rubyman.
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2326]: pam_unix(su:session): session closed for user rubyman
May  5 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334316.
May  5 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31819]: pam_unix(cron:session): session closed for user root
May  5 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2266]: pam_unix(cron:session): session closed for user samftp
May  5 14:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1272]: pam_unix(cron:session): session closed for user root
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2704]: pam_unix(cron:session): session closed for user p13x
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: Successful su for rubyman by root
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: + ??? root:rubyman
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334320 of user rubyman.
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session closed for user rubyman
May  5 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334320.
May  5 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32239]: pam_unix(cron:session): session closed for user root
May  5 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2705]: pam_unix(cron:session): session closed for user samftp
May  5 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1758]: pam_unix(cron:session): session closed for user root
May  5 14:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Invalid user install from 139.59.114.137
May  5 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: input_userauth_request: invalid user install [preauth]
May  5 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session closed for user p13x
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: Successful su for rubyman by root
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: + ??? root:rubyman
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334325 of user rubyman.
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: pam_unix(su:session): session closed for user rubyman
May  5 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334325.
May  5 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Failed password for invalid user install from 139.59.114.137 port 57806 ssh2
May  5 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Received disconnect from 139.59.114.137 port 57806:11: Bye Bye [preauth]
May  5 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Disconnected from 139.59.114.137 port 57806 [preauth]
May  5 14:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user root
May  5 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session closed for user samftp
May  5 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session closed for user root
May  5 14:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Invalid user sjb from 172.174.5.146
May  5 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: input_userauth_request: invalid user sjb [preauth]
May  5 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Failed password for invalid user sjb from 172.174.5.146 port 26591 ssh2
May  5 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Received disconnect from 172.174.5.146 port 26591:11: Bye Bye [preauth]
May  5 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3493]: Disconnected from 172.174.5.146 port 26591 [preauth]
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session closed for user root
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session closed for user p13x
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: Successful su for rubyman by root
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: + ??? root:rubyman
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334332 of user rubyman.
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3644]: pam_unix(su:session): session closed for user rubyman
May  5 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334332.
May  5 14:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3548]: pam_unix(cron:session): session closed for user root
May  5 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[731]: pam_unix(cron:session): session closed for user root
May  5 14:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session closed for user samftp
May  5 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Invalid user ubuntu from 80.94.95.125
May  5 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: input_userauth_request: invalid user ubuntu [preauth]
May  5 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2707]: pam_unix(cron:session): session closed for user root
May  5 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user ubuntu from 80.94.95.125 port 32940 ssh2
May  5 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user ubuntu from 80.94.95.125 port 32940 ssh2
May  5 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user ubuntu from 80.94.95.125 port 32940 ssh2
May  5 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user ubuntu from 80.94.95.125 port 32940 ssh2
May  5 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Failed password for invalid user ubuntu from 80.94.95.125 port 32940 ssh2
May  5 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Received disconnect from 80.94.95.125 port 32940:11: Bye [preauth]
May  5 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: Disconnected from 80.94.95.125 port 32940 [preauth]
May  5 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3908]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 12.156.67.18 port 53676 ssh2
May  5 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Received disconnect from 12.156.67.18 port 53676:11: Bye Bye [preauth]
May  5 14:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Disconnected from 12.156.67.18 port 53676 [preauth]
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session closed for user p13x
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: Successful su for rubyman by root
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: + ??? root:rubyman
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334334 of user rubyman.
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4103]: pam_unix(su:session): session closed for user rubyman
May  5 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334334.
May  5 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session closed for user root
May  5 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session closed for user samftp
May  5 14:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3115]: pam_unix(cron:session): session closed for user root
May  5 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 14:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4540]: Failed password for root from 46.244.96.25 port 50844 ssh2
May  5 14:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4540]: Connection closed by 46.244.96.25 port 50844 [preauth]
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session closed for user root
May  5 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user p13x
May  5 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4673]: Successful su for rubyman by root
May  5 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4673]: + ??? root:rubyman
May  5 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334340 of user rubyman.
May  5 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4673]: pam_unix(su:session): session closed for user rubyman
May  5 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334340.
May  5 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1757]: pam_unix(cron:session): session closed for user root
May  5 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session closed for user samftp
May  5 14:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session closed for user root
May  5 14:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Invalid user michael from 193.32.162.134
May  5 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: input_userauth_request: invalid user michael [preauth]
May  5 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.32.162.134
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Failed password for invalid user michael from 193.32.162.134 port 41084 ssh2
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Connection closed by 193.32.162.134 port 41084 [preauth]
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Invalid user developers from 190.103.202.7
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: input_userauth_request: invalid user developers [preauth]
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Failed password for invalid user developers from 190.103.202.7 port 32972 ssh2
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5242]: pam_unix(cron:session): session closed for user p13x
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Connection closed by 190.103.202.7 port 32972 [preauth]
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5307]: Successful su for rubyman by root
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5307]: + ??? root:rubyman
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334345 of user rubyman.
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5307]: pam_unix(su:session): session closed for user rubyman
May  5 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334345.
May  5 14:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Invalid user ubnt from 80.94.95.241
May  5 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: input_userauth_request: invalid user ubnt [preauth]
May  5 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session closed for user root
May  5 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Failed password for invalid user ubnt from 80.94.95.241 port 17467 ssh2
May  5 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5243]: pam_unix(cron:session): session closed for user samftp
May  5 14:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Failed password for invalid user ubnt from 80.94.95.241 port 17467 ssh2
May  5 14:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Failed password for invalid user ubnt from 80.94.95.241 port 17467 ssh2
May  5 14:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Failed password for invalid user ubnt from 80.94.95.241 port 17467 ssh2
May  5 14:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Failed password for invalid user ubnt from 80.94.95.241 port 17467 ssh2
May  5 14:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Received disconnect from 80.94.95.241 port 17467:11: Bye [preauth]
May  5 14:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Disconnected from 80.94.95.241 port 17467 [preauth]
May  5 14:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 14:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 14:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4039]: pam_unix(cron:session): session closed for user root
May  5 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Invalid user info from 103.23.199.119
May  5 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: input_userauth_request: invalid user info [preauth]
May  5 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Failed password for invalid user info from 103.23.199.119 port 41520 ssh2
May  5 14:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Received disconnect from 103.23.199.119 port 41520:11: Bye Bye [preauth]
May  5 14:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Disconnected from 103.23.199.119 port 41520 [preauth]
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5751]: pam_unix(cron:session): session closed for user p13x
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5895]: Successful su for rubyman by root
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5895]: + ??? root:rubyman
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334347 of user rubyman.
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5895]: pam_unix(su:session): session closed for user rubyman
May  5 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334347.
May  5 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Invalid user test from 139.59.114.137
May  5 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: input_userauth_request: invalid user test [preauth]
May  5 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2706]: pam_unix(cron:session): session closed for user root
May  5 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5752]: pam_unix(cron:session): session closed for user samftp
May  5 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Failed password for invalid user test from 139.59.114.137 port 34028 ssh2
May  5 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Received disconnect from 139.59.114.137 port 34028:11: Bye Bye [preauth]
May  5 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Disconnected from 139.59.114.137 port 34028 [preauth]
May  5 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session closed for user root
May  5 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Invalid user xjcc from 172.174.5.146
May  5 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: input_userauth_request: invalid user xjcc [preauth]
May  5 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for invalid user xjcc from 172.174.5.146 port 45131 ssh2
May  5 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Received disconnect from 172.174.5.146 port 45131:11: Bye Bye [preauth]
May  5 14:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Disconnected from 172.174.5.146 port 45131 [preauth]
May  5 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session closed for user root
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6260]: pam_unix(cron:session): session closed for user p13x
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: Successful su for rubyman by root
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: + ??? root:rubyman
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334351 of user rubyman.
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6339]: pam_unix(su:session): session closed for user rubyman
May  5 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334351.
May  5 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session closed for user root
May  5 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6262]: pam_unix(cron:session): session closed for user root
May  5 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6261]: pam_unix(cron:session): session closed for user samftp
May  5 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Invalid user soporte from 12.156.67.18
May  5 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: input_userauth_request: invalid user soporte [preauth]
May  5 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Failed password for invalid user soporte from 12.156.67.18 port 41578 ssh2
May  5 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Received disconnect from 12.156.67.18 port 41578:11: Bye Bye [preauth]
May  5 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6574]: Disconnected from 12.156.67.18 port 41578 [preauth]
May  5 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5246]: pam_unix(cron:session): session closed for user root
May  5 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Invalid user pmuser from 164.68.105.9
May  5 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: input_userauth_request: invalid user pmuser [preauth]
May  5 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 14:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Failed password for invalid user pmuser from 164.68.105.9 port 46196 ssh2
May  5 14:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6688]: Connection closed by 164.68.105.9 port 46196 [preauth]
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6706]: pam_unix(cron:session): session closed for user p13x
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6780]: Successful su for rubyman by root
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6780]: + ??? root:rubyman
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334357 of user rubyman.
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6780]: pam_unix(su:session): session closed for user rubyman
May  5 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334357.
May  5 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3549]: pam_unix(cron:session): session closed for user root
May  5 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6707]: pam_unix(cron:session): session closed for user samftp
May  5 14:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5754]: pam_unix(cron:session): session closed for user root
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7225]: pam_unix(cron:session): session closed for user p13x
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: Successful su for rubyman by root
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: + ??? root:rubyman
May  5 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334362 of user rubyman.
May  5 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7286]: pam_unix(su:session): session closed for user rubyman
May  5 14:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334362.
May  5 14:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4036]: pam_unix(cron:session): session closed for user root
May  5 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7226]: pam_unix(cron:session): session closed for user samftp
May  5 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6264]: pam_unix(cron:session): session closed for user root
May  5 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7724]: pam_unix(cron:session): session closed for user p13x
May  5 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7795]: Successful su for rubyman by root
May  5 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7795]: + ??? root:rubyman
May  5 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334366 of user rubyman.
May  5 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7795]: pam_unix(su:session): session closed for user rubyman
May  5 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334366.
May  5 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session closed for user root
May  5 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7727]: pam_unix(cron:session): session closed for user samftp
May  5 14:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6710]: pam_unix(cron:session): session closed for user root
May  5 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8162]: pam_unix(cron:session): session closed for user p13x
May  5 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8232]: Successful su for rubyman by root
May  5 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8232]: + ??? root:rubyman
May  5 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334369 of user rubyman.
May  5 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8232]: pam_unix(su:session): session closed for user rubyman
May  5 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334369.
May  5 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5244]: pam_unix(cron:session): session closed for user root
May  5 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8163]: pam_unix(cron:session): session closed for user samftp
May  5 14:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user thomas from 139.59.114.137
May  5 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user thomas [preauth]
May  5 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.114.137
May  5 14:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user thomas from 139.59.114.137 port 59648 ssh2
May  5 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Received disconnect from 139.59.114.137 port 59648:11: Bye Bye [preauth]
May  5 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Disconnected from 139.59.114.137 port 59648 [preauth]
May  5 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7228]: pam_unix(cron:session): session closed for user root
May  5 14:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Invalid user zhy from 172.174.5.146
May  5 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: input_userauth_request: invalid user zhy [preauth]
May  5 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Failed password for invalid user zhy from 172.174.5.146 port 63670 ssh2
May  5 14:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Received disconnect from 172.174.5.146 port 63670:11: Bye Bye [preauth]
May  5 14:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8522]: Disconnected from 172.174.5.146 port 63670 [preauth]
May  5 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Failed password for root from 12.156.67.18 port 48622 ssh2
May  5 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Received disconnect from 12.156.67.18 port 48622:11: Bye Bye [preauth]
May  5 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8532]: Disconnected from 12.156.67.18 port 48622 [preauth]
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8596]: pam_unix(cron:session): session closed for user root
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8589]: pam_unix(cron:session): session closed for user p13x
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: Successful su for rubyman by root
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: + ??? root:rubyman
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334377 of user rubyman.
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8663]: pam_unix(su:session): session closed for user rubyman
May  5 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334377.
May  5 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5753]: pam_unix(cron:session): session closed for user root
May  5 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8591]: pam_unix(cron:session): session closed for user root
May  5 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8590]: pam_unix(cron:session): session closed for user samftp
May  5 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7729]: pam_unix(cron:session): session closed for user root
May  5 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session closed for user p13x
May  5 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: Successful su for rubyman by root
May  5 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: + ??? root:rubyman
May  5 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334379 of user rubyman.
May  5 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9105]: pam_unix(su:session): session closed for user rubyman
May  5 14:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334379.
May  5 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6263]: pam_unix(cron:session): session closed for user root
May  5 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119  user=root
May  5 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9036]: pam_unix(cron:session): session closed for user samftp
May  5 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Failed password for root from 103.23.199.119 port 40098 ssh2
May  5 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Received disconnect from 103.23.199.119 port 40098:11: Bye Bye [preauth]
May  5 14:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9373]: Disconnected from 103.23.199.119 port 40098 [preauth]
May  5 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8165]: pam_unix(cron:session): session closed for user root
May  5 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9570]: pam_unix(cron:session): session closed for user p13x
May  5 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: Successful su for rubyman by root
May  5 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: + ??? root:rubyman
May  5 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334385 of user rubyman.
May  5 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9629]: pam_unix(su:session): session closed for user rubyman
May  5 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334385.
May  5 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6709]: pam_unix(cron:session): session closed for user root
May  5 14:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session closed for user samftp
May  5 14:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8595]: pam_unix(cron:session): session closed for user root
May  5 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9967]: pam_unix(cron:session): session closed for user p13x
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10030]: Successful su for rubyman by root
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10030]: + ??? root:rubyman
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334388 of user rubyman.
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10030]: pam_unix(su:session): session closed for user rubyman
May  5 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334388.
May  5 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7227]: pam_unix(cron:session): session closed for user root
May  5 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9968]: pam_unix(cron:session): session closed for user samftp
May  5 14:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9038]: pam_unix(cron:session): session closed for user root
May  5 14:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Failed password for root from 218.92.0.179 port 62594 ssh2
May  5 14:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62594 ssh2]
May  5 14:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Received disconnect from 218.92.0.179 port 62594:11:  [preauth]
May  5 14:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Disconnected from 218.92.0.179 port 62594 [preauth]
May  5 14:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user p13x
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10531]: Successful su for rubyman by root
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10531]: + ??? root:rubyman
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334393 of user rubyman.
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10531]: pam_unix(su:session): session closed for user rubyman
May  5 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334393.
May  5 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Invalid user shiva from 12.156.67.18
May  5 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: input_userauth_request: invalid user shiva [preauth]
May  5 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7728]: pam_unix(cron:session): session closed for user root
May  5 14:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session closed for user samftp
May  5 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Failed password for invalid user shiva from 12.156.67.18 port 41528 ssh2
May  5 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Received disconnect from 12.156.67.18 port 41528:11: Bye Bye [preauth]
May  5 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10733]: Disconnected from 12.156.67.18 port 41528 [preauth]
May  5 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session closed for user root
May  5 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146  user=root
May  5 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Failed password for root from 172.174.5.146 port 25712 ssh2
May  5 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Received disconnect from 172.174.5.146 port 25712:11: Bye Bye [preauth]
May  5 14:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10867]: Disconnected from 172.174.5.146 port 25712 [preauth]
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10942]: pam_unix(cron:session): session closed for user root
May  5 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session closed for user p13x
May  5 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: Successful su for rubyman by root
May  5 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: + ??? root:rubyman
May  5 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334395 of user rubyman.
May  5 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: pam_unix(su:session): session closed for user rubyman
May  5 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334395.
May  5 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session closed for user root
May  5 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8164]: pam_unix(cron:session): session closed for user root
May  5 14:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user samftp
May  5 14:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.58.21  user=root
May  5 14:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for root from 47.236.58.21 port 39656 ssh2
May  5 14:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for root from 47.236.58.21 port 39656 ssh2
May  5 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9970]: pam_unix(cron:session): session closed for user root
May  5 14:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for root from 47.236.58.21 port 39656 ssh2
May  5 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Failed password for root from 47.236.58.21 port 39656 ssh2
May  5 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: Disconnecting: Change of username or service not allowed: (root,ssh-connection) -> (test,ssh-connection) [preauth]
May  5 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.58.21  user=root
May  5 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11234]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 14:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Invalid user test from 47.236.58.21
May  5 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: input_userauth_request: invalid user test [preauth]
May  5 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.58.21
May  5 14:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for invalid user test from 47.236.58.21 port 57334 ssh2
May  5 14:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for invalid user test from 47.236.58.21 port 57334 ssh2
May  5 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user p13x
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: Successful su for rubyman by root
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: + ??? root:rubyman
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334402 of user rubyman.
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11424]: pam_unix(su:session): session closed for user rubyman
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334402.
May  5 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8592]: pam_unix(cron:session): session closed for user root
May  5 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Failed password for invalid user test from 47.236.58.21 port 57334 ssh2
May  5 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user samftp
May  5 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: Connection closed by 47.236.58.21 port 57334 [preauth]
May  5 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11311]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.58.21
May  5 14:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session closed for user root
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session closed for user p13x
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11830]: Successful su for rubyman by root
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11830]: + ??? root:rubyman
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334407 of user rubyman.
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11830]: pam_unix(su:session): session closed for user rubyman
May  5 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334407.
May  5 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9037]: pam_unix(cron:session): session closed for user root
May  5 14:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session closed for user samftp
May  5 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session closed for user root
May  5 14:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session closed for user p13x
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12213]: Successful su for rubyman by root
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12213]: + ??? root:rubyman
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334410 of user rubyman.
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12213]: pam_unix(su:session): session closed for user rubyman
May  5 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334410.
May  5 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for root from 218.92.0.179 port 33475 ssh2
May  5 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session closed for user root
May  5 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session closed for user samftp
May  5 14:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for root from 218.92.0.179 port 33475 ssh2
May  5 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for root from 218.92.0.179 port 33475 ssh2
May  5 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Received disconnect from 218.92.0.179 port 33475:11:  [preauth]
May  5 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Disconnected from 218.92.0.179 port 33475 [preauth]
May  5 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Invalid user longpengpeng from 103.23.199.119
May  5 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: input_userauth_request: invalid user longpengpeng [preauth]
May  5 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Failed password for invalid user longpengpeng from 103.23.199.119 port 60400 ssh2
May  5 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Received disconnect from 103.23.199.119 port 60400:11: Bye Bye [preauth]
May  5 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Disconnected from 103.23.199.119 port 60400 [preauth]
May  5 14:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Invalid user postgres from 12.156.67.18
May  5 14:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: input_userauth_request: invalid user postgres [preauth]
May  5 14:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Failed password for invalid user postgres from 12.156.67.18 port 37308 ssh2
May  5 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Received disconnect from 12.156.67.18 port 37308:11: Bye Bye [preauth]
May  5 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Disconnected from 12.156.67.18 port 37308 [preauth]
May  5 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session closed for user root
May  5 14:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12559]: pam_unix(cron:session): session closed for user p13x
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12619]: Successful su for rubyman by root
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12619]: + ??? root:rubyman
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334413 of user rubyman.
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12619]: pam_unix(su:session): session closed for user rubyman
May  5 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334413.
May  5 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9969]: pam_unix(cron:session): session closed for user root
May  5 14:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12560]: pam_unix(cron:session): session closed for user samftp
May  5 14:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11766]: pam_unix(cron:session): session closed for user root
May  5 14:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: Invalid user lab from 172.174.5.146
May  5 14:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: input_userauth_request: invalid user lab [preauth]
May  5 14:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: Failed password for invalid user lab from 172.174.5.146 port 44252 ssh2
May  5 14:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: Received disconnect from 172.174.5.146 port 44252:11: Bye Bye [preauth]
May  5 14:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12894]: Disconnected from 172.174.5.146 port 44252 [preauth]
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12947]: pam_unix(cron:session): session closed for user root
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user p13x
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13013]: Successful su for rubyman by root
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13013]: + ??? root:rubyman
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334418 of user rubyman.
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13013]: pam_unix(su:session): session closed for user rubyman
May  5 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334418.
May  5 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12944]: pam_unix(cron:session): session closed for user root
May  5 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session closed for user root
May  5 14:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user samftp
May  5 14:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session closed for user root
May  5 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session closed for user p13x
May  5 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13545]: Successful su for rubyman by root
May  5 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13545]: + ??? root:rubyman
May  5 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334423 of user rubyman.
May  5 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13545]: pam_unix(su:session): session closed for user rubyman
May  5 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334423.
May  5 14:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session closed for user root
May  5 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user samftp
May  5 14:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13784]: Did not receive identification string from 193.32.162.89
May  5 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12563]: pam_unix(cron:session): session closed for user root
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session closed for user p13x
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13953]: Successful su for rubyman by root
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13953]: + ??? root:rubyman
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334428 of user rubyman.
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13953]: pam_unix(su:session): session closed for user rubyman
May  5 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334428.
May  5 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session closed for user root
May  5 14:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session closed for user samftp
May  5 14:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12946]: pam_unix(cron:session): session closed for user root
May  5 14:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Invalid user admin from 139.19.117.131
May  5 14:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: input_userauth_request: invalid user admin [preauth]
May  5 14:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 14:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Failed password for root from 12.156.67.18 port 51200 ssh2
May  5 14:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Received disconnect from 12.156.67.18 port 51200:11: Bye Bye [preauth]
May  5 14:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Disconnected from 12.156.67.18 port 51200 [preauth]
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14298]: pam_unix(cron:session): session closed for user p13x
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: Successful su for rubyman by root
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: + ??? root:rubyman
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334431 of user rubyman.
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session closed for user rubyman
May  5 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334431.
May  5 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11764]: pam_unix(cron:session): session closed for user root
May  5 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14299]: pam_unix(cron:session): session closed for user samftp
May  5 14:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Connection closed by 139.19.117.131 port 48580 [preauth]
May  5 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user root
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14709]: pam_unix(cron:session): session closed for user p13x
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: Successful su for rubyman by root
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: + ??? root:rubyman
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334436 of user rubyman.
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: pam_unix(su:session): session closed for user rubyman
May  5 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334436.
May  5 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14707]: pam_unix(cron:session): session closed for user root
May  5 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session closed for user root
May  5 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session closed for user samftp
May  5 14:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session closed for user root
May  5 14:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Invalid user lixin from 172.174.5.146
May  5 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: input_userauth_request: invalid user lixin [preauth]
May  5 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Failed password for root from 218.92.0.179 port 57847 ssh2
May  5 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Failed password for invalid user lixin from 172.174.5.146 port 62799 ssh2
May  5 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Received disconnect from 172.174.5.146 port 62799:11: Bye Bye [preauth]
May  5 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15156]: Disconnected from 172.174.5.146 port 62799 [preauth]
May  5 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Failed password for root from 218.92.0.179 port 57847 ssh2
May  5 14:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Failed password for root from 218.92.0.179 port 57847 ssh2
May  5 14:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Received disconnect from 218.92.0.179 port 57847:11:  [preauth]
May  5 14:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Disconnected from 218.92.0.179 port 57847 [preauth]
May  5 14:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: Invalid user download from 50.235.31.47
May  5 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: input_userauth_request: invalid user download [preauth]
May  5 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 14:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: Failed password for invalid user download from 50.235.31.47 port 52036 ssh2
May  5 14:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15179]: Connection closed by 50.235.31.47 port 52036 [preauth]
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15205]: pam_unix(cron:session): session closed for user root
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user p13x
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: Successful su for rubyman by root
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: + ??? root:rubyman
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334443 of user rubyman.
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15267]: pam_unix(su:session): session closed for user rubyman
May  5 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334443.
May  5 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12561]: pam_unix(cron:session): session closed for user root
May  5 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session closed for user root
May  5 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session closed for user samftp
May  5 14:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Invalid user zxf from 103.23.199.119
May  5 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: input_userauth_request: invalid user zxf [preauth]
May  5 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Failed password for invalid user zxf from 103.23.199.119 port 40626 ssh2
May  5 14:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Received disconnect from 103.23.199.119 port 40626:11: Bye Bye [preauth]
May  5 14:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Disconnected from 103.23.199.119 port 40626 [preauth]
May  5 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14301]: pam_unix(cron:session): session closed for user root
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15629]: pam_unix(cron:session): session closed for user p13x
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15698]: Successful su for rubyman by root
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15698]: + ??? root:rubyman
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334446 of user rubyman.
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15698]: pam_unix(su:session): session closed for user rubyman
May  5 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334446.
May  5 14:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12945]: pam_unix(cron:session): session closed for user root
May  5 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session closed for user samftp
May  5 14:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14712]: pam_unix(cron:session): session closed for user root
May  5 14:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Invalid user hdestain from 193.70.84.184
May  5 14:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: input_userauth_request: invalid user hdestain [preauth]
May  5 14:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 14:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Failed password for invalid user hdestain from 193.70.84.184 port 43080 ssh2
May  5 14:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16020]: Connection closed by 193.70.84.184 port 43080 [preauth]
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16031]: pam_unix(cron:session): session closed for user p13x
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16090]: Successful su for rubyman by root
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16090]: + ??? root:rubyman
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334450 of user rubyman.
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16090]: pam_unix(su:session): session closed for user rubyman
May  5 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334450.
May  5 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session closed for user root
May  5 14:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16032]: pam_unix(cron:session): session closed for user samftp
May  5 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Failed password for root from 12.156.67.18 port 33612 ssh2
May  5 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Received disconnect from 12.156.67.18 port 33612:11: Bye Bye [preauth]
May  5 14:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16304]: Disconnected from 12.156.67.18 port 33612 [preauth]
May  5 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session closed for user root
May  5 14:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16413]: pam_unix(cron:session): session closed for user p13x
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16504]: Successful su for rubyman by root
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16504]: + ??? root:rubyman
May  5 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334454 of user rubyman.
May  5 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16504]: pam_unix(su:session): session closed for user rubyman
May  5 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334454.
May  5 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13894]: pam_unix(cron:session): session closed for user root
May  5 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: Invalid user  from 195.178.110.50
May  5 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: input_userauth_request: invalid user  [preauth]
May  5 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16414]: pam_unix(cron:session): session closed for user samftp
May  5 14:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: Failed password for invalid user  from 195.178.110.50 port 3046 ssh2
May  5 14:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16389]: Connection closed by 195.178.110.50 port 3046 [preauth]
May  5 14:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Invalid user y from 195.178.110.50
May  5 14:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: input_userauth_request: invalid user y [preauth]
May  5 14:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 14:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Failed password for invalid user y from 195.178.110.50 port 18106 ssh2
May  5 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Connection closed by 195.178.110.50 port 18106 [preauth]
May  5 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15632]: pam_unix(cron:session): session closed for user root
May  5 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Invalid user Z from 195.178.110.50
May  5 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: input_userauth_request: invalid user Z [preauth]
May  5 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 14:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Failed password for invalid user Z from 195.178.110.50 port 32400 ssh2
May  5 14:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16793]: Connection closed by 195.178.110.50 port 32400 [preauth]
May  5 14:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session closed for user p13x
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16979]: Successful su for rubyman by root
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16979]: + ??? root:rubyman
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334458 of user rubyman.
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16979]: pam_unix(su:session): session closed for user rubyman
May  5 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334458.
May  5 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14300]: pam_unix(cron:session): session closed for user root
May  5 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session closed for user samftp
May  5 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Invalid user ; from 195.178.110.50
May  5 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: input_userauth_request: invalid user ; [preauth]
May  5 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for invalid user ; from 195.178.110.50 port 30768 ssh2
May  5 14:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Connection closed by 195.178.110.50 port 30768 [preauth]
May  5 14:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Invalid user z from 195.178.110.50
May  5 14:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: input_userauth_request: invalid user z [preauth]
May  5 14:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 14:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user z from 195.178.110.50 port 44378 ssh2
May  5 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Connection closed by 195.178.110.50 port 44378 [preauth]
May  5 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16034]: pam_unix(cron:session): session closed for user root
May  5 14:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Invalid user xuqiang from 172.174.5.146
May  5 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: input_userauth_request: invalid user xuqiang [preauth]
May  5 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Failed password for invalid user xuqiang from 172.174.5.146 port 24840 ssh2
May  5 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Received disconnect from 172.174.5.146 port 24840:11: Bye Bye [preauth]
May  5 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Disconnected from 172.174.5.146 port 24840 [preauth]
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17322]: pam_unix(cron:session): session closed for user root
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user p13x
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17384]: Successful su for rubyman by root
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17384]: + ??? root:rubyman
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334462 of user rubyman.
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17384]: pam_unix(su:session): session closed for user rubyman
May  5 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334462.
May  5 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17319]: pam_unix(cron:session): session closed for user root
May  5 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14711]: pam_unix(cron:session): session closed for user root
May  5 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session closed for user samftp
May  5 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session closed for user root
May  5 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session closed for user p13x
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17781]: pam_unix(cron:session): session closed for user root
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: Successful su for rubyman by root
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: + ??? root:rubyman
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334468 of user rubyman.
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17944]: pam_unix(su:session): session closed for user rubyman
May  5 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334468.
May  5 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session closed for user root
May  5 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session closed for user samftp
May  5 14:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: Failed password for root from 218.92.0.179 port 62911 ssh2
May  5 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: Failed password for root from 218.92.0.179 port 62911 ssh2
May  5 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session closed for user root
May  5 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: Failed password for root from 218.92.0.179 port 62911 ssh2
May  5 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: Received disconnect from 218.92.0.179 port 62911:11:  [preauth]
May  5 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: Disconnected from 218.92.0.179 port 62911 [preauth]
May  5 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18201]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Invalid user activemq from 12.156.67.18
May  5 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: input_userauth_request: invalid user activemq [preauth]
May  5 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Failed password for invalid user activemq from 12.156.67.18 port 46444 ssh2
May  5 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Received disconnect from 12.156.67.18 port 46444:11: Bye Bye [preauth]
May  5 14:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18280]: Disconnected from 12.156.67.18 port 46444 [preauth]
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session closed for user p13x
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18367]: Successful su for rubyman by root
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18367]: + ??? root:rubyman
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334473 of user rubyman.
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18367]: pam_unix(su:session): session closed for user rubyman
May  5 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334473.
May  5 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session closed for user root
May  5 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18304]: pam_unix(cron:session): session closed for user samftp
May  5 14:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Invalid user jaeeun from 103.23.199.119
May  5 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: input_userauth_request: invalid user jaeeun [preauth]
May  5 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Failed password for invalid user jaeeun from 103.23.199.119 port 40066 ssh2
May  5 14:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Received disconnect from 103.23.199.119 port 40066:11: Bye Bye [preauth]
May  5 14:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Disconnected from 103.23.199.119 port 40066 [preauth]
May  5 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17321]: pam_unix(cron:session): session closed for user root
May  5 14:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Invalid user admin from 80.94.95.112
May  5 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: input_userauth_request: invalid user admin [preauth]
May  5 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 14:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for invalid user admin from 80.94.95.112 port 27314 ssh2
May  5 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for invalid user admin from 80.94.95.112 port 27314 ssh2
May  5 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for invalid user admin from 80.94.95.112 port 27314 ssh2
May  5 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for invalid user admin from 80.94.95.112 port 27314 ssh2
May  5 14:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Failed password for invalid user admin from 80.94.95.112 port 27314 ssh2
May  5 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Received disconnect from 80.94.95.112 port 27314:11: Bye [preauth]
May  5 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: Disconnected from 80.94.95.112 port 27314 [preauth]
May  5 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18659]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session closed for user p13x
May  5 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18781]: Successful su for rubyman by root
May  5 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18781]: + ??? root:rubyman
May  5 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334478 of user rubyman.
May  5 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18781]: pam_unix(su:session): session closed for user rubyman
May  5 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334478.
May  5 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16033]: pam_unix(cron:session): session closed for user root
May  5 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user samftp
May  5 14:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session closed for user root
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19120]: pam_unix(cron:session): session closed for user p13x
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: Successful su for rubyman by root
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: + ??? root:rubyman
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334482 of user rubyman.
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19179]: pam_unix(su:session): session closed for user rubyman
May  5 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334482.
May  5 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session closed for user root
May  5 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19121]: pam_unix(cron:session): session closed for user samftp
May  5 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18306]: pam_unix(cron:session): session closed for user root
May  5 14:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Invalid user default from 172.174.5.146
May  5 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: input_userauth_request: invalid user default [preauth]
May  5 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Failed password for invalid user default from 172.174.5.146 port 43379 ssh2
May  5 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Received disconnect from 172.174.5.146 port 43379:11: Bye Bye [preauth]
May  5 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Disconnected from 172.174.5.146 port 43379 [preauth]
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session closed for user root
May  5 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19531]: pam_unix(cron:session): session closed for user p13x
May  5 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: Successful su for rubyman by root
May  5 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: + ??? root:rubyman
May  5 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334489 of user rubyman.
May  5 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: pam_unix(su:session): session closed for user rubyman
May  5 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334489.
May  5 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16899]: pam_unix(cron:session): session closed for user root
May  5 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19533]: pam_unix(cron:session): session closed for user root
May  5 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19532]: pam_unix(cron:session): session closed for user samftp
May  5 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user root
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session closed for user p13x
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20057]: Successful su for rubyman by root
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20057]: + ??? root:rubyman
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334492 of user rubyman.
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20057]: pam_unix(su:session): session closed for user rubyman
May  5 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334492.
May  5 14:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17320]: pam_unix(cron:session): session closed for user root
May  5 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19984]: pam_unix(cron:session): session closed for user samftp
May  5 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Failed password for root from 12.156.67.18 port 52916 ssh2
May  5 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Received disconnect from 12.156.67.18 port 52916:11: Bye Bye [preauth]
May  5 14:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20278]: Disconnected from 12.156.67.18 port 52916 [preauth]
May  5 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session closed for user root
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20385]: pam_unix(cron:session): session closed for user p13x
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: Successful su for rubyman by root
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: + ??? root:rubyman
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334496 of user rubyman.
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20448]: pam_unix(su:session): session closed for user rubyman
May  5 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334496.
May  5 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session closed for user root
May  5 14:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20386]: pam_unix(cron:session): session closed for user samftp
May  5 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19535]: pam_unix(cron:session): session closed for user root
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user p13x
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: Successful su for rubyman by root
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: + ??? root:rubyman
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334501 of user rubyman.
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: pam_unix(su:session): session closed for user rubyman
May  5 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334501.
May  5 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18305]: pam_unix(cron:session): session closed for user root
May  5 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user samftp
May  5 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19986]: pam_unix(cron:session): session closed for user root
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session closed for user p13x
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: Successful su for rubyman by root
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: + ??? root:rubyman
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334504 of user rubyman.
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21305]: pam_unix(su:session): session closed for user rubyman
May  5 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334504.
May  5 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session closed for user root
May  5 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user samftp
May  5 14:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Invalid user contabilold from 103.23.199.119
May  5 14:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: input_userauth_request: invalid user contabilold [preauth]
May  5 14:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.23.199.119
May  5 14:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Failed password for invalid user contabilold from 103.23.199.119 port 57478 ssh2
May  5 14:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Received disconnect from 103.23.199.119 port 57478:11: Bye Bye [preauth]
May  5 14:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Disconnected from 103.23.199.119 port 57478 [preauth]
May  5 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20388]: pam_unix(cron:session): session closed for user root
May  5 14:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: Invalid user pwq from 172.174.5.146
May  5 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: input_userauth_request: invalid user pwq [preauth]
May  5 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: Failed password for invalid user pwq from 172.174.5.146 port 61921 ssh2
May  5 14:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: Received disconnect from 172.174.5.146 port 61921:11: Bye Bye [preauth]
May  5 14:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21600]: Disconnected from 172.174.5.146 port 61921 [preauth]
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21677]: pam_unix(cron:session): session closed for user root
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21671]: pam_unix(cron:session): session closed for user p13x
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21832]: Successful su for rubyman by root
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21832]: + ??? root:rubyman
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334507 of user rubyman.
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21832]: pam_unix(su:session): session closed for user rubyman
May  5 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334507.
May  5 14:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21673]: pam_unix(cron:session): session closed for user root
May  5 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19122]: pam_unix(cron:session): session closed for user root
May  5 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21672]: pam_unix(cron:session): session closed for user samftp
May  5 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20800]: pam_unix(cron:session): session closed for user root
May  5 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Invalid user dev from 12.156.67.18
May  5 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: input_userauth_request: invalid user dev [preauth]
May  5 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Failed password for invalid user dev from 12.156.67.18 port 50098 ssh2
May  5 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Received disconnect from 12.156.67.18 port 50098:11: Bye Bye [preauth]
May  5 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Disconnected from 12.156.67.18 port 50098 [preauth]
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session closed for user p13x
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: Successful su for rubyman by root
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: + ??? root:rubyman
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334515 of user rubyman.
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: pam_unix(su:session): session closed for user rubyman
May  5 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334515.
May  5 14:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19534]: pam_unix(cron:session): session closed for user root
May  5 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session closed for user samftp
May  5 14:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session closed for user root
May  5 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session closed for user p13x
May  5 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: Successful su for rubyman by root
May  5 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: + ??? root:rubyman
May  5 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334517 of user rubyman.
May  5 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23004]: pam_unix(su:session): session closed for user rubyman
May  5 14:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334517.
May  5 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session closed for user root
May  5 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session closed for user samftp
May  5 14:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21675]: pam_unix(cron:session): session closed for user root
May  5 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23449]: pam_unix(cron:session): session closed for user p13x
May  5 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: Successful su for rubyman by root
May  5 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: + ??? root:rubyman
May  5 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334522 of user rubyman.
May  5 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23513]: pam_unix(su:session): session closed for user rubyman
May  5 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334522.
May  5 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20387]: pam_unix(cron:session): session closed for user root
May  5 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23450]: pam_unix(cron:session): session closed for user samftp
May  5 14:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22464]: pam_unix(cron:session): session closed for user root
May  5 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23963]: pam_unix(cron:session): session closed for user p13x
May  5 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: Successful su for rubyman by root
May  5 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: + ??? root:rubyman
May  5 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334525 of user rubyman.
May  5 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24038]: pam_unix(su:session): session closed for user rubyman
May  5 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334525.
May  5 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
May  5 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23964]: pam_unix(cron:session): session closed for user samftp
May  5 14:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Invalid user deploy from 190.103.202.7
May  5 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: input_userauth_request: invalid user deploy [preauth]
May  5 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Failed password for invalid user deploy from 190.103.202.7 port 32932 ssh2
May  5 14:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Connection closed by 190.103.202.7 port 32932 [preauth]
May  5 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session closed for user root
May  5 14:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Invalid user hyc from 172.174.5.146
May  5 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: input_userauth_request: invalid user hyc [preauth]
May  5 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: pam_unix(sshd:auth): check pass; user unknown
May  5 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Failed password for invalid user hyc from 172.174.5.146 port 23961 ssh2
May  5 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Received disconnect from 172.174.5.146 port 23961:11: Bye Bye [preauth]
May  5 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24348]: Disconnected from 172.174.5.146 port 23961 [preauth]
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24414]: pam_unix(cron:session): session closed for user root
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24410]: pam_unix(cron:session): session closed for user root
May  5 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24408]: pam_unix(cron:session): session closed for user p13x
May  5 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24506]: Successful su for rubyman by root
May  5 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24506]: + ??? root:rubyman
May  5 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334533 of user rubyman.
May  5 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24506]: pam_unix(su:session): session closed for user rubyman
May  5 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334533.
May  5 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user root
May  5 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24411]: pam_unix(cron:session): session closed for user root
May  5 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24409]: pam_unix(cron:session): session closed for user samftp
May  5 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Failed password for root from 12.156.67.18 port 35464 ssh2
May  5 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Received disconnect from 12.156.67.18 port 35464:11: Bye Bye [preauth]
May  5 15:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Disconnected from 12.156.67.18 port 35464 [preauth]
May  5 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23452]: pam_unix(cron:session): session closed for user root
May  5 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24930]: pam_unix(cron:session): session closed for user p13x
May  5 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: Successful su for rubyman by root
May  5 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: + ??? root:rubyman
May  5 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334536 of user rubyman.
May  5 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25002]: pam_unix(su:session): session closed for user rubyman
May  5 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334536.
May  5 15:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21674]: pam_unix(cron:session): session closed for user root
May  5 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24931]: pam_unix(cron:session): session closed for user samftp
May  5 15:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: Invalid user manna from 176.31.162.135
May  5 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: input_userauth_request: invalid user manna [preauth]
May  5 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 15:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: Failed password for invalid user manna from 176.31.162.135 port 49436 ssh2
May  5 15:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25226]: Connection closed by 176.31.162.135 port 49436 [preauth]
May  5 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user root
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25355]: pam_unix(cron:session): session closed for user p13x
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: Successful su for rubyman by root
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: + ??? root:rubyman
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334542 of user rubyman.
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25421]: pam_unix(su:session): session closed for user rubyman
May  5 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334542.
May  5 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session closed for user root
May  5 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25356]: pam_unix(cron:session): session closed for user samftp
May  5 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24413]: pam_unix(cron:session): session closed for user root
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25760]: pam_unix(cron:session): session closed for user p13x
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25819]: Successful su for rubyman by root
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25819]: + ??? root:rubyman
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334544 of user rubyman.
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25819]: pam_unix(su:session): session closed for user rubyman
May  5 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334544.
May  5 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session closed for user root
May  5 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user samftp
May  5 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24934]: pam_unix(cron:session): session closed for user root
May  5 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user p13x
May  5 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26223]: Successful su for rubyman by root
May  5 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26223]: + ??? root:rubyman
May  5 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334549 of user rubyman.
May  5 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26223]: pam_unix(su:session): session closed for user rubyman
May  5 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334549.
May  5 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23451]: pam_unix(cron:session): session closed for user root
May  5 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session closed for user samftp
May  5 15:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Failed password for root from 218.92.0.179 port 41350 ssh2
May  5 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41350 ssh2]
May  5 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Received disconnect from 218.92.0.179 port 41350:11:  [preauth]
May  5 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: Disconnected from 218.92.0.179 port 41350 [preauth]
May  5 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26402]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session closed for user root
May  5 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Invalid user cool from 172.174.5.146
May  5 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: input_userauth_request: invalid user cool [preauth]
May  5 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.174.5.146
May  5 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Failed password for invalid user cool from 172.174.5.146 port 42507 ssh2
May  5 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Received disconnect from 172.174.5.146 port 42507:11: Bye Bye [preauth]
May  5 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Disconnected from 172.174.5.146 port 42507 [preauth]
May  5 15:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Failed password for root from 12.156.67.18 port 34638 ssh2
May  5 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Received disconnect from 12.156.67.18 port 34638:11: Bye Bye [preauth]
May  5 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Disconnected from 12.156.67.18 port 34638 [preauth]
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26656]: pam_unix(cron:session): session closed for user root
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session closed for user p13x
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26721]: Successful su for rubyman by root
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26721]: + ??? root:rubyman
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334552 of user rubyman.
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26721]: pam_unix(su:session): session closed for user rubyman
May  5 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334552.
May  5 15:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session closed for user root
May  5 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23965]: pam_unix(cron:session): session closed for user root
May  5 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session closed for user samftp
May  5 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user root
May  5 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27141]: pam_unix(cron:session): session closed for user p13x
May  5 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: Successful su for rubyman by root
May  5 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: + ??? root:rubyman
May  5 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334559 of user rubyman.
May  5 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27216]: pam_unix(su:session): session closed for user rubyman
May  5 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334559.
May  5 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24412]: pam_unix(cron:session): session closed for user root
May  5 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user samftp
May  5 15:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Invalid user deploy from 164.68.105.9
May  5 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: input_userauth_request: invalid user deploy [preauth]
May  5 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 15:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Failed password for invalid user deploy from 164.68.105.9 port 45684 ssh2
May  5 15:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27455]: Connection closed by 164.68.105.9 port 45684 [preauth]
May  5 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session closed for user root
May  5 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session closed for user p13x
May  5 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: Successful su for rubyman by root
May  5 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: + ??? root:rubyman
May  5 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334562 of user rubyman.
May  5 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27679]: pam_unix(su:session): session closed for user rubyman
May  5 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334562.
May  5 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session closed for user root
May  5 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27613]: pam_unix(cron:session): session closed for user samftp
May  5 15:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26655]: pam_unix(cron:session): session closed for user root
May  5 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session closed for user p13x
May  5 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: Successful su for rubyman by root
May  5 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: + ??? root:rubyman
May  5 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334566 of user rubyman.
May  5 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: pam_unix(su:session): session closed for user rubyman
May  5 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334566.
May  5 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25357]: pam_unix(cron:session): session closed for user root
May  5 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user samftp
May  5 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session closed for user root
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28411]: pam_unix(cron:session): session closed for user p13x
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28523]: Successful su for rubyman by root
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28523]: + ??? root:rubyman
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334572 of user rubyman.
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28523]: pam_unix(su:session): session closed for user rubyman
May  5 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334572.
May  5 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28409]: pam_unix(cron:session): session closed for user root
May  5 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session closed for user root
May  5 15:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28412]: pam_unix(cron:session): session closed for user samftp
May  5 15:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 15:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: Failed password for root from 12.156.67.18 port 41684 ssh2
May  5 15:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: Received disconnect from 12.156.67.18 port 41684:11: Bye Bye [preauth]
May  5 15:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28778]: Disconnected from 12.156.67.18 port 41684 [preauth]
May  5 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27615]: pam_unix(cron:session): session closed for user root
May  5 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user root
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28912]: pam_unix(cron:session): session closed for user p13x
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: Successful su for rubyman by root
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: + ??? root:rubyman
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334578 of user rubyman.
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: pam_unix(su:session): session closed for user rubyman
May  5 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334578.
May  5 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session closed for user root
May  5 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session closed for user root
May  5 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session closed for user samftp
May  5 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session closed for user root
May  5 15:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session closed for user p13x
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Invalid user uploader from 202.157.176.210
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: input_userauth_request: invalid user uploader [preauth]
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: Successful su for rubyman by root
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: + ??? root:rubyman
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334582 of user rubyman.
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29518]: pam_unix(su:session): session closed for user rubyman
May  5 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334582.
May  5 15:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Failed password for invalid user uploader from 202.157.176.210 port 50510 ssh2
May  5 15:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Received disconnect from 202.157.176.210 port 50510:11: Bye Bye [preauth]
May  5 15:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29445]: Disconnected from 202.157.176.210 port 50510 [preauth]
May  5 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session closed for user root
May  5 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session closed for user samftp
May  5 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session closed for user root
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29857]: pam_unix(cron:session): session closed for user p13x
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29920]: Successful su for rubyman by root
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29920]: + ??? root:rubyman
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334585 of user rubyman.
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29920]: pam_unix(su:session): session closed for user rubyman
May  5 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334585.
May  5 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session closed for user root
May  5 15:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29858]: pam_unix(cron:session): session closed for user samftp
May  5 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session closed for user root
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30261]: pam_unix(cron:session): session closed for user p13x
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: Successful su for rubyman by root
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: + ??? root:rubyman
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334591 of user rubyman.
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30323]: pam_unix(su:session): session closed for user rubyman
May  5 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334591.
May  5 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27614]: pam_unix(cron:session): session closed for user root
May  5 15:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30262]: pam_unix(cron:session): session closed for user samftp
May  5 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session closed for user root
May  5 15:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 15:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: Failed password for root from 46.244.96.25 port 46326 ssh2
May  5 15:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30606]: Connection closed by 46.244.96.25 port 46326 [preauth]
May  5 15:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  5 15:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Failed password for root from 12.156.67.18 port 58906 ssh2
May  5 15:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Received disconnect from 12.156.67.18 port 58906:11: Bye Bye [preauth]
May  5 15:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Disconnected from 12.156.67.18 port 58906 [preauth]
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30658]: pam_unix(cron:session): session closed for user p13x
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: Successful su for rubyman by root
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: + ??? root:rubyman
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334593 of user rubyman.
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30717]: pam_unix(su:session): session closed for user rubyman
May  5 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334593.
May  5 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28021]: pam_unix(cron:session): session closed for user root
May  5 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30659]: pam_unix(cron:session): session closed for user samftp
May  5 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29860]: pam_unix(cron:session): session closed for user root
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user root
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user p13x
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: Successful su for rubyman by root
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: + ??? root:rubyman
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334601 of user rubyman.
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31121]: pam_unix(su:session): session closed for user rubyman
May  5 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334601.
May  5 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31050]: pam_unix(cron:session): session closed for user root
May  5 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28413]: pam_unix(cron:session): session closed for user root
May  5 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session closed for user samftp
May  5 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30264]: pam_unix(cron:session): session closed for user root
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31491]: pam_unix(cron:session): session closed for user p13x
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: Successful su for rubyman by root
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: + ??? root:rubyman
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334603 of user rubyman.
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: pam_unix(su:session): session closed for user rubyman
May  5 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334603.
May  5 15:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session closed for user root
May  5 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31492]: pam_unix(cron:session): session closed for user samftp
May  5 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30661]: pam_unix(cron:session): session closed for user root
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31916]: pam_unix(cron:session): session closed for user root
May  5 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31918]: pam_unix(cron:session): session closed for user p13x
May  5 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: Successful su for rubyman by root
May  5 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: + ??? root:rubyman
May  5 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334607 of user rubyman.
May  5 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31997]: pam_unix(su:session): session closed for user rubyman
May  5 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334607.
May  5 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user root
May  5 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31919]: pam_unix(cron:session): session closed for user samftp
May  5 15:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 15:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session closed for user root
May  5 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Failed password for root from 202.157.176.210 port 35372 ssh2
May  5 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Received disconnect from 202.157.176.210 port 35372:11: Bye Bye [preauth]
May  5 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Disconnected from 202.157.176.210 port 35372 [preauth]
May  5 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session closed for user p13x
May  5 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: Successful su for rubyman by root
May  5 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: + ??? root:rubyman
May  5 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334613 of user rubyman.
May  5 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32392]: pam_unix(su:session): session closed for user rubyman
May  5 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334613.
May  5 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29859]: pam_unix(cron:session): session closed for user root
May  5 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session closed for user samftp
May  5 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Invalid user abas from 12.156.67.18
May  5 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: input_userauth_request: invalid user abas [preauth]
May  5 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Failed password for invalid user abas from 12.156.67.18 port 43448 ssh2
May  5 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Received disconnect from 12.156.67.18 port 43448:11: Bye Bye [preauth]
May  5 15:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32740]: Disconnected from 12.156.67.18 port 43448 [preauth]
May  5 15:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31494]: pam_unix(cron:session): session closed for user root
May  5 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[380]: pam_unix(cron:session): session closed for user p13x
May  5 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: Successful su for rubyman by root
May  5 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: + ??? root:rubyman
May  5 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334618 of user rubyman.
May  5 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: pam_unix(su:session): session closed for user rubyman
May  5 15:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334618.
May  5 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30263]: pam_unix(cron:session): session closed for user root
May  5 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session closed for user samftp
May  5 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31923]: pam_unix(cron:session): session closed for user root
May  5 15:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 15:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Failed password for root from 218.92.0.205 port 20946 ssh2
May  5 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[787]: Failed password for root from 218.92.0.205 port 20946 ssh2
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[838]: pam_unix(cron:session): session closed for user root
May  5 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session closed for user p13x
May  5 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: Successful su for rubyman by root
May  5 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: + ??? root:rubyman
May  5 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334621 of user rubyman.
May  5 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[907]: pam_unix(su:session): session closed for user rubyman
May  5 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334621.
May  5 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session closed for user root
May  5 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30660]: pam_unix(cron:session): session closed for user root
May  5 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session closed for user samftp
May  5 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Invalid user halo from 176.31.162.135
May  5 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: input_userauth_request: invalid user halo [preauth]
May  5 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 15:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Failed password for invalid user halo from 176.31.162.135 port 47662 ssh2
May  5 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Connection closed by 176.31.162.135 port 47662 [preauth]
May  5 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  5 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Failed password for root from 218.92.0.205 port 15370 ssh2
May  5 15:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1120]: Failed password for root from 218.92.0.205 port 15370 ssh2
May  5 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32327]: pam_unix(cron:session): session closed for user root
May  5 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1304]: pam_unix(cron:session): session closed for user p13x
May  5 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1386]: Successful su for rubyman by root
May  5 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1386]: + ??? root:rubyman
May  5 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334626 of user rubyman.
May  5 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1386]: pam_unix(su:session): session closed for user rubyman
May  5 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334626.
May  5 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31051]: pam_unix(cron:session): session closed for user root
May  5 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1305]: pam_unix(cron:session): session closed for user samftp
May  5 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session closed for user root
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session closed for user p13x
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1838]: Successful su for rubyman by root
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1838]: + ??? root:rubyman
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334631 of user rubyman.
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1838]: pam_unix(su:session): session closed for user rubyman
May  5 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334631.
May  5 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31493]: pam_unix(cron:session): session closed for user root
May  5 15:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1771]: pam_unix(cron:session): session closed for user samftp
May  5 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[837]: pam_unix(cron:session): session closed for user root
May  5 15:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Invalid user user from 80.94.95.125
May  5 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: input_userauth_request: invalid user user [preauth]
May  5 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 15:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user user from 80.94.95.125 port 48022 ssh2
May  5 15:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user user from 80.94.95.125 port 48022 ssh2
May  5 15:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Invalid user staff from 12.156.67.18
May  5 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: input_userauth_request: invalid user staff [preauth]
May  5 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 15:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user user from 80.94.95.125 port 48022 ssh2
May  5 15:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Failed password for invalid user staff from 12.156.67.18 port 57006 ssh2
May  5 15:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Received disconnect from 12.156.67.18 port 57006:11: Bye Bye [preauth]
May  5 15:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Disconnected from 12.156.67.18 port 57006 [preauth]
May  5 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user user from 80.94.95.125 port 48022 ssh2
May  5 15:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2262]: pam_unix(cron:session): session closed for user p13x
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: Successful su for rubyman by root
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: + ??? root:rubyman
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334635 of user rubyman.
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2323]: pam_unix(su:session): session closed for user rubyman
May  5 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334635.
May  5 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user user from 80.94.95.125 port 48022 ssh2
May  5 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Received disconnect from 80.94.95.125 port 48022:11: Bye [preauth]
May  5 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Disconnected from 80.94.95.125 port 48022 [preauth]
May  5 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31922]: pam_unix(cron:session): session closed for user root
May  5 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2263]: pam_unix(cron:session): session closed for user samftp
May  5 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Failed password for root from 202.157.176.210 port 45496 ssh2
May  5 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Received disconnect from 202.157.176.210 port 45496:11: Bye Bye [preauth]
May  5 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2531]: Disconnected from 202.157.176.210 port 45496 [preauth]
May  5 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1311]: pam_unix(cron:session): session closed for user root
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session closed for user p13x
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: Successful su for rubyman by root
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: + ??? root:rubyman
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334639 of user rubyman.
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2774]: pam_unix(su:session): session closed for user rubyman
May  5 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334639.
May  5 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32326]: pam_unix(cron:session): session closed for user root
May  5 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session closed for user samftp
May  5 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1774]: pam_unix(cron:session): session closed for user root
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session closed for user root
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3134]: pam_unix(cron:session): session closed for user p13x
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: Successful su for rubyman by root
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: + ??? root:rubyman
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334643 of user rubyman.
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3208]: pam_unix(su:session): session closed for user rubyman
May  5 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334643.
May  5 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3136]: pam_unix(cron:session): session closed for user root
May  5 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session closed for user root
May  5 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3135]: pam_unix(cron:session): session closed for user samftp
May  5 15:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session closed for user root
May  5 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session closed for user p13x
May  5 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: Successful su for rubyman by root
May  5 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: + ??? root:rubyman
May  5 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334648 of user rubyman.
May  5 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3687]: pam_unix(su:session): session closed for user rubyman
May  5 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334648.
May  5 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session closed for user root
May  5 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3622]: pam_unix(cron:session): session closed for user samftp
May  5 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2714]: pam_unix(cron:session): session closed for user root
May  5 15:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Invalid user ubnt from 80.94.95.241
May  5 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: input_userauth_request: invalid user ubnt [preauth]
May  5 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 15:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user ubnt from 80.94.95.241 port 18825 ssh2
May  5 15:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user ubnt from 80.94.95.241 port 18825 ssh2
May  5 15:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user ubnt from 80.94.95.241 port 18825 ssh2
May  5 15:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user ubnt from 80.94.95.241 port 18825 ssh2
May  5 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user ubnt from 80.94.95.241 port 18825 ssh2
May  5 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Received disconnect from 80.94.95.241 port 18825:11: Bye [preauth]
May  5 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Disconnected from 80.94.95.241 port 18825 [preauth]
May  5 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user p13x
May  5 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4140]: Successful su for rubyman by root
May  5 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4140]: + ??? root:rubyman
May  5 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334653 of user rubyman.
May  5 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4140]: pam_unix(su:session): session closed for user rubyman
May  5 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334653.
May  5 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1310]: pam_unix(cron:session): session closed for user root
May  5 15:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4078]: pam_unix(cron:session): session closed for user samftp
May  5 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Invalid user aovalle from 12.156.67.18
May  5 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: input_userauth_request: invalid user aovalle [preauth]
May  5 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  5 15:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Failed password for invalid user aovalle from 12.156.67.18 port 42676 ssh2
May  5 15:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Received disconnect from 12.156.67.18 port 42676:11: Bye Bye [preauth]
May  5 15:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4534]: Disconnected from 12.156.67.18 port 42676 [preauth]
May  5 15:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Failed password for root from 218.92.0.179 port 41467 ssh2
May  5 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41467 ssh2]
May  5 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Received disconnect from 218.92.0.179 port 41467:11:  [preauth]
May  5 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Disconnected from 218.92.0.179 port 41467 [preauth]
May  5 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session closed for user root
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4676]: pam_unix(cron:session): session closed for user p13x
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4740]: Successful su for rubyman by root
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4740]: + ??? root:rubyman
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334656 of user rubyman.
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4740]: pam_unix(su:session): session closed for user rubyman
May  5 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334656.
May  5 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1773]: pam_unix(cron:session): session closed for user root
May  5 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session closed for user samftp
May  5 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3624]: pam_unix(cron:session): session closed for user root
May  5 15:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 15:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Failed password for root from 202.157.176.210 port 55590 ssh2
May  5 15:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Received disconnect from 202.157.176.210 port 55590:11: Bye Bye [preauth]
May  5 15:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Disconnected from 202.157.176.210 port 55590 [preauth]
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5288]: pam_unix(cron:session): session closed for user p13x
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5350]: Successful su for rubyman by root
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5350]: + ??? root:rubyman
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334661 of user rubyman.
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5350]: pam_unix(su:session): session closed for user rubyman
May  5 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334661.
May  5 15:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2264]: pam_unix(cron:session): session closed for user root
May  5 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session closed for user samftp
May  5 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session closed for user root
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user root
May  5 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5766]: pam_unix(cron:session): session closed for user p13x
May  5 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5921]: Successful su for rubyman by root
May  5 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5921]: + ??? root:rubyman
May  5 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334665 of user rubyman.
May  5 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5921]: pam_unix(su:session): session closed for user rubyman
May  5 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334665.
May  5 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session closed for user root
May  5 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2713]: pam_unix(cron:session): session closed for user root
May  5 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5767]: pam_unix(cron:session): session closed for user samftp
May  5 15:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Invalid user admin from 80.94.95.112
May  5 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: input_userauth_request: invalid user admin [preauth]
May  5 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user admin from 80.94.95.112 port 43253 ssh2
May  5 15:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user admin from 80.94.95.112 port 43253 ssh2
May  5 15:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user admin from 80.94.95.112 port 43253 ssh2
May  5 15:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user admin from 80.94.95.112 port 43253 ssh2
May  5 15:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user admin from 80.94.95.112 port 43253 ssh2
May  5 15:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Received disconnect from 80.94.95.112 port 43253:11: Bye [preauth]
May  5 15:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Disconnected from 80.94.95.112 port 43253 [preauth]
May  5 15:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 15:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session closed for user root
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6306]: pam_unix(cron:session): session closed for user p13x
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6374]: Successful su for rubyman by root
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6374]: + ??? root:rubyman
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334672 of user rubyman.
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6374]: pam_unix(su:session): session closed for user rubyman
May  5 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334672.
May  5 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session closed for user root
May  5 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6307]: pam_unix(cron:session): session closed for user samftp
May  5 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session closed for user root
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session closed for user p13x
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6781]: Successful su for rubyman by root
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6781]: + ??? root:rubyman
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334675 of user rubyman.
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6781]: pam_unix(su:session): session closed for user rubyman
May  5 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334675.
May  5 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3623]: pam_unix(cron:session): session closed for user root
May  5 15:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6716]: pam_unix(cron:session): session closed for user samftp
May  5 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session closed for user root
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session closed for user p13x
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7296]: Successful su for rubyman by root
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7296]: + ??? root:rubyman
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334678 of user rubyman.
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7296]: pam_unix(su:session): session closed for user rubyman
May  5 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334678.
May  5 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session closed for user root
May  5 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7237]: pam_unix(cron:session): session closed for user samftp
May  5 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6310]: pam_unix(cron:session): session closed for user root
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7737]: pam_unix(cron:session): session closed for user p13x
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7807]: Successful su for rubyman by root
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7807]: + ??? root:rubyman
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334683 of user rubyman.
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7807]: pam_unix(su:session): session closed for user rubyman
May  5 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334683.
May  5 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user root
May  5 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7738]: pam_unix(cron:session): session closed for user samftp
May  5 15:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Invalid user zach from 202.157.176.210
May  5 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: input_userauth_request: invalid user zach [preauth]
May  5 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Failed password for invalid user zach from 202.157.176.210 port 37456 ssh2
May  5 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Received disconnect from 202.157.176.210 port 37456:11: Bye Bye [preauth]
May  5 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Disconnected from 202.157.176.210 port 37456 [preauth]
May  5 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session closed for user root
May  5 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  5 15:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: Failed password for root from 218.92.0.206 port 7908 ssh2
May  5 15:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8175]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 7908 ssh2]
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8217]: pam_unix(cron:session): session closed for user root
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8210]: pam_unix(cron:session): session closed for user p13x
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: Successful su for rubyman by root
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: + ??? root:rubyman
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334686 of user rubyman.
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8278]: pam_unix(su:session): session closed for user rubyman
May  5 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334686.
May  5 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8214]: pam_unix(cron:session): session closed for user root
May  5 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session closed for user root
May  5 15:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8211]: pam_unix(cron:session): session closed for user samftp
May  5 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  5 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Failed password for root from 218.92.0.206 port 58360 ssh2
May  5 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 58360 ssh2]
May  5 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Failed password for root from 218.92.0.179 port 12775 ssh2
May  5 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Failed password for root from 218.92.0.206 port 58360 ssh2
May  5 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 58360 ssh2 [preauth]
May  5 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Disconnecting: Too many authentication failures [preauth]
May  5 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  5 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Failed password for root from 218.92.0.179 port 12775 ssh2
May  5 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Failed password for root from 218.92.0.179 port 12775 ssh2
May  5 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Received disconnect from 218.92.0.179 port 12775:11:  [preauth]
May  5 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: Disconnected from 218.92.0.179 port 12775 [preauth]
May  5 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8568]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7239]: pam_unix(cron:session): session closed for user root
May  5 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8691]: pam_unix(cron:session): session closed for user p13x
May  5 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: Successful su for rubyman by root
May  5 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: + ??? root:rubyman
May  5 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334693 of user rubyman.
May  5 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8770]: pam_unix(su:session): session closed for user rubyman
May  5 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334693.
May  5 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session closed for user root
May  5 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8692]: pam_unix(cron:session): session closed for user samftp
May  5 15:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7740]: pam_unix(cron:session): session closed for user root
May  5 15:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9218]: pam_unix(cron:session): session closed for user p13x
May  5 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: Successful su for rubyman by root
May  5 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: + ??? root:rubyman
May  5 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334696 of user rubyman.
May  5 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9311]: pam_unix(su:session): session closed for user rubyman
May  5 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334696.
May  5 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6309]: pam_unix(cron:session): session closed for user root
May  5 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9219]: pam_unix(cron:session): session closed for user samftp
May  5 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Invalid user [ from 195.178.110.50
May  5 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: input_userauth_request: invalid user [ [preauth]
May  5 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Failed password for invalid user [ from 195.178.110.50 port 60838 ssh2
May  5 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Connection closed by 195.178.110.50 port 60838 [preauth]
May  5 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Invalid user < from 195.178.110.50
May  5 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: input_userauth_request: invalid user < [preauth]
May  5 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Failed password for invalid user < from 195.178.110.50 port 11366 ssh2
May  5 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Connection closed by 195.178.110.50 port 11366 [preauth]
May  5 15:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8216]: pam_unix(cron:session): session closed for user root
May  5 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Invalid user { from 195.178.110.50
May  5 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: input_userauth_request: invalid user { [preauth]
May  5 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Failed password for invalid user { from 195.178.110.50 port 46092 ssh2
May  5 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9604]: Connection closed by 195.178.110.50 port 46092 [preauth]
May  5 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Invalid user admin from 139.19.117.131
May  5 15:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: input_userauth_request: invalid user admin [preauth]
May  5 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9696]: pam_unix(cron:session): session closed for user p13x
May  5 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: Successful su for rubyman by root
May  5 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: + ??? root:rubyman
May  5 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334702 of user rubyman.
May  5 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9764]: pam_unix(su:session): session closed for user rubyman
May  5 15:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334702.
May  5 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6717]: pam_unix(cron:session): session closed for user root
May  5 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9697]: pam_unix(cron:session): session closed for user samftp
May  5 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9686]: Connection closed by 139.19.117.131 port 51928 [preauth]
May  5 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Invalid user \\ from 195.178.110.50
May  5 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: input_userauth_request: invalid user \\\\ [preauth]
May  5 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 15:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Failed password for root from 218.92.0.179 port 54351 ssh2
May  5 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Failed password for invalid user \\ from 195.178.110.50 port 59200 ssh2
May  5 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Failed password for root from 218.92.0.179 port 54351 ssh2
May  5 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: Connection closed by 195.178.110.50 port 59200 [preauth]
May  5 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Failed password for root from 218.92.0.179 port 54351 ssh2
May  5 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Received disconnect from 218.92.0.179 port 54351:11:  [preauth]
May  5 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Disconnected from 218.92.0.179 port 54351 [preauth]
May  5 15:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Invalid user = from 195.178.110.50
May  5 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: input_userauth_request: invalid user = [preauth]
May  5 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 15:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Failed password for invalid user = from 195.178.110.50 port 8092 ssh2
May  5 15:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9968]: Connection closed by 195.178.110.50 port 8092 [preauth]
May  5 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8694]: pam_unix(cron:session): session closed for user root
May  5 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session closed for user p13x
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: Successful su for rubyman by root
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: + ??? root:rubyman
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334704 of user rubyman.
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session closed for user rubyman
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334704.
May  5 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session closed for user root
May  5 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session closed for user root
May  5 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user samftp
May  5 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9222]: pam_unix(cron:session): session closed for user root
May  5 15:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Invalid user test from 202.157.176.210
May  5 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: input_userauth_request: invalid user test [preauth]
May  5 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Failed password for invalid user test from 202.157.176.210 port 47552 ssh2
May  5 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Received disconnect from 202.157.176.210 port 47552:11: Bye Bye [preauth]
May  5 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Disconnected from 202.157.176.210 port 47552 [preauth]
May  5 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10758]: Connection reset by 205.210.31.178 port 63122 [preauth]
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user root
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user p13x
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: Successful su for rubyman by root
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: + ??? root:rubyman
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334710 of user rubyman.
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10856]: pam_unix(su:session): session closed for user rubyman
May  5 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334710.
May  5 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session closed for user root
May  5 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7739]: pam_unix(cron:session): session closed for user root
May  5 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user samftp
May  5 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9699]: pam_unix(cron:session): session closed for user root
May  5 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11206]: pam_unix(cron:session): session closed for user p13x
May  5 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11280]: Successful su for rubyman by root
May  5 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11280]: + ??? root:rubyman
May  5 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334716 of user rubyman.
May  5 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11280]: pam_unix(su:session): session closed for user rubyman
May  5 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334716.
May  5 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8215]: pam_unix(cron:session): session closed for user root
May  5 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11207]: pam_unix(cron:session): session closed for user samftp
May  5 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session closed for user root
May  5 15:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11626]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.12.38 port 53472
May  5 15:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user p13x
May  5 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: Successful su for rubyman by root
May  5 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: + ??? root:rubyman
May  5 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334719 of user rubyman.
May  5 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: pam_unix(su:session): session closed for user rubyman
May  5 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334719.
May  5 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8693]: pam_unix(cron:session): session closed for user root
May  5 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session closed for user samftp
May  5 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Did not receive identification string from 165.154.12.38
May  5 15:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11909]: Connection closed by 165.154.12.38 port 40246 [preauth]
May  5 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11911]: Protocol major versions differ for 165.154.12.38: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May  5 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: Failed password for root from 218.92.0.179 port 14702 ssh2
May  5 15:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 14702 ssh2]
May  5 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: Received disconnect from 218.92.0.179 port 14702:11:  [preauth]
May  5 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: Disconnected from 218.92.0.179 port 14702 [preauth]
May  5 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11912]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session closed for user root
May  5 15:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Invalid user webdesign from 193.70.84.184
May  5 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: input_userauth_request: invalid user webdesign [preauth]
May  5 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12044]: pam_unix(cron:session): session closed for user p13x
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: Successful su for rubyman by root
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: + ??? root:rubyman
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334725 of user rubyman.
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12105]: pam_unix(su:session): session closed for user rubyman
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334725.
May  5 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Failed password for invalid user webdesign from 193.70.84.184 port 44574 ssh2
May  5 15:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: Connection closed by 193.70.84.184 port 44574 [preauth]
May  5 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9221]: pam_unix(cron:session): session closed for user root
May  5 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session closed for user samftp
May  5 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: Invalid user catadmin from 50.235.31.47
May  5 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: input_userauth_request: invalid user catadmin [preauth]
May  5 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: Failed password for invalid user catadmin from 50.235.31.47 port 32882 ssh2
May  5 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12300]: Connection closed by 50.235.31.47 port 32882 [preauth]
May  5 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11209]: pam_unix(cron:session): session closed for user root
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session closed for user p13x
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12524]: Successful su for rubyman by root
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12524]: + ??? root:rubyman
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334727 of user rubyman.
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12524]: pam_unix(su:session): session closed for user rubyman
May  5 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334727.
May  5 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9698]: pam_unix(cron:session): session closed for user root
May  5 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session closed for user samftp
May  5 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session closed for user root
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session closed for user root
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session closed for user p13x
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: Successful su for rubyman by root
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: + ??? root:rubyman
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334733 of user rubyman.
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session closed for user rubyman
May  5 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334733.
May  5 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user root
May  5 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session closed for user root
May  5 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session closed for user samftp
May  5 15:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: Invalid user admin from 202.157.176.210
May  5 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: input_userauth_request: invalid user admin [preauth]
May  5 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 15:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: Failed password for invalid user admin from 202.157.176.210 port 57616 ssh2
May  5 15:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: Received disconnect from 202.157.176.210 port 57616:11: Bye Bye [preauth]
May  5 15:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13170]: Disconnected from 202.157.176.210 port 57616 [preauth]
May  5 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12047]: pam_unix(cron:session): session closed for user root
May  5 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13321]: pam_unix(cron:session): session closed for user p13x
May  5 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13389]: Successful su for rubyman by root
May  5 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13389]: + ??? root:rubyman
May  5 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334738 of user rubyman.
May  5 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13389]: pam_unix(su:session): session closed for user rubyman
May  5 15:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334738.
May  5 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session closed for user root
May  5 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13322]: pam_unix(cron:session): session closed for user samftp
May  5 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12468]: pam_unix(cron:session): session closed for user root
May  5 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13833]: pam_unix(cron:session): session closed for user p13x
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13897]: Successful su for rubyman by root
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13897]: + ??? root:rubyman
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334742 of user rubyman.
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13897]: pam_unix(su:session): session closed for user rubyman
May  5 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334742.
May  5 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11208]: pam_unix(cron:session): session closed for user root
May  5 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13834]: pam_unix(cron:session): session closed for user samftp
May  5 15:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session closed for user root
May  5 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session closed for user p13x
May  5 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14292]: Successful su for rubyman by root
May  5 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14292]: + ??? root:rubyman
May  5 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334746 of user rubyman.
May  5 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14292]: pam_unix(su:session): session closed for user rubyman
May  5 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334746.
May  5 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session closed for user root
May  5 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session closed for user samftp
May  5 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session closed for user root
May  5 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 15:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: Failed password for root from 80.94.95.29 port 36532 ssh2
May  5 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 36532 ssh2]
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session closed for user p13x
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: Successful su for rubyman by root
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: + ??? root:rubyman
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334750 of user rubyman.
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14698]: pam_unix(su:session): session closed for user rubyman
May  5 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334750.
May  5 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: Failed password for root from 80.94.95.29 port 36532 ssh2
May  5 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: Received disconnect from 80.94.95.29 port 36532:11: Bye [preauth]
May  5 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: Disconnected from 80.94.95.29 port 36532 [preauth]
May  5 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14609]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12046]: pam_unix(cron:session): session closed for user root
May  5 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session closed for user samftp
May  5 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13836]: pam_unix(cron:session): session closed for user root
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session closed for user root
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session closed for user p13x
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15112]: Successful su for rubyman by root
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15112]: + ??? root:rubyman
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334754 of user rubyman.
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15112]: pam_unix(su:session): session closed for user rubyman
May  5 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334754.
May  5 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12467]: pam_unix(cron:session): session closed for user root
May  5 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15048]: pam_unix(cron:session): session closed for user root
May  5 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15047]: pam_unix(cron:session): session closed for user samftp
May  5 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14232]: pam_unix(cron:session): session closed for user root
May  5 15:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Invalid user es from 202.157.176.210
May  5 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: input_userauth_request: invalid user es [preauth]
May  5 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Failed password for invalid user es from 202.157.176.210 port 39474 ssh2
May  5 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Received disconnect from 202.157.176.210 port 39474:11: Bye Bye [preauth]
May  5 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15441]: Disconnected from 202.157.176.210 port 39474 [preauth]
May  5 15:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Invalid user user from 80.94.95.29
May  5 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: input_userauth_request: invalid user user [preauth]
May  5 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 15:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for invalid user user from 80.94.95.29 port 32183 ssh2
May  5 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 218.92.0.211 port 11834 ssh2
May  5 15:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for invalid user user from 80.94.95.29 port 32183 ssh2
May  5 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 218.92.0.211 port 11834 ssh2
May  5 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for invalid user user from 80.94.95.29 port 32183 ssh2
May  5 15:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for invalid user user from 80.94.95.29 port 32183 ssh2
May  5 15:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 218.92.0.211 port 11834 ssh2
May  5 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Failed password for invalid user user from 80.94.95.29 port 32183 ssh2
May  5 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Received disconnect from 80.94.95.29 port 32183:11: Bye [preauth]
May  5 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: Disconnected from 80.94.95.29 port 32183 [preauth]
May  5 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 15:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15443]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15493]: pam_unix(cron:session): session closed for user p13x
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 218.92.0.211 port 11834 ssh2
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15559]: Successful su for rubyman by root
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15559]: + ??? root:rubyman
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334760 of user rubyman.
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15559]: pam_unix(su:session): session closed for user rubyman
May  5 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334760.
May  5 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Failed password for root from 218.92.0.211 port 11834 ssh2
May  5 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 11834 ssh2 [preauth]
May  5 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: Disconnecting: Too many authentication failures [preauth]
May  5 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15452]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session closed for user root
May  5 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15494]: pam_unix(cron:session): session closed for user samftp
May  5 15:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  5 15:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Failed password for root from 218.92.0.211 port 35084 ssh2
May  5 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Received disconnect from 218.92.0.211 port 35084:11:  [preauth]
May  5 15:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15741]: Disconnected from 218.92.0.211 port 35084 [preauth]
May  5 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session closed for user root
May  5 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:161.35.105.155
May  5 15:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Failed password for root from 218.92.0.179 port 31457 ssh2
May  5 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31457 ssh2]
May  5 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Received disconnect from 218.92.0.179 port 31457:11:  [preauth]
May  5 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Disconnected from 218.92.0.179 port 31457 [preauth]
May  5 15:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15920]: pam_unix(cron:session): session closed for user p13x
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: Successful su for rubyman by root
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: + ??? root:rubyman
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334763 of user rubyman.
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15980]: pam_unix(su:session): session closed for user rubyman
May  5 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334763.
May  5 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13323]: pam_unix(cron:session): session closed for user root
May  5 15:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15922]: pam_unix(cron:session): session closed for user samftp
May  5 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15050]: pam_unix(cron:session): session closed for user root
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session closed for user p13x
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16396]: Successful su for rubyman by root
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16396]: + ??? root:rubyman
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334767 of user rubyman.
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16396]: pam_unix(su:session): session closed for user rubyman
May  5 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334767.
May  5 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13835]: pam_unix(cron:session): session closed for user root
May  5 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session closed for user samftp
May  5 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session closed for user root
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16825]: pam_unix(cron:session): session closed for user p13x
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: Successful su for rubyman by root
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: + ??? root:rubyman
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334772 of user rubyman.
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16899]: pam_unix(su:session): session closed for user rubyman
May  5 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334772.
May  5 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session closed for user root
May  5 15:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session closed for user samftp
May  5 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15926]: pam_unix(cron:session): session closed for user root
May  5 15:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Failed password for root from 218.92.0.179 port 59986 ssh2
May  5 15:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59986 ssh2]
May  5 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Received disconnect from 218.92.0.179 port 59986:11:  [preauth]
May  5 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: Disconnected from 218.92.0.179 port 59986 [preauth]
May  5 15:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17194]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user root
May  5 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17265]: pam_unix(cron:session): session closed for user p13x
May  5 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17336]: Successful su for rubyman by root
May  5 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17336]: + ??? root:rubyman
May  5 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334779 of user rubyman.
May  5 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17336]: pam_unix(su:session): session closed for user rubyman
May  5 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334779.
May  5 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session closed for user root
May  5 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17267]: pam_unix(cron:session): session closed for user root
May  5 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17266]: pam_unix(cron:session): session closed for user samftp
May  5 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17581]: Did not receive identification string from 154.81.156.51
May  5 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16342]: pam_unix(cron:session): session closed for user root
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17721]: pam_unix(cron:session): session closed for user p13x
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17895]: Successful su for rubyman by root
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17895]: + ??? root:rubyman
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334783 of user rubyman.
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17895]: pam_unix(su:session): session closed for user rubyman
May  5 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334783.
May  5 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session closed for user root
May  5 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17722]: pam_unix(cron:session): session closed for user samftp
May  5 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Invalid user gera from 202.157.176.210
May  5 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: input_userauth_request: invalid user gera [preauth]
May  5 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Failed password for invalid user gera from 202.157.176.210 port 49538 ssh2
May  5 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Received disconnect from 202.157.176.210 port 49538:11: Bye Bye [preauth]
May  5 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18130]: Disconnected from 202.157.176.210 port 49538 [preauth]
May  5 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session closed for user root
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session closed for user p13x
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: Successful su for rubyman by root
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: + ??? root:rubyman
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334786 of user rubyman.
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18311]: pam_unix(su:session): session closed for user rubyman
May  5 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334786.
May  5 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session closed for user root
May  5 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user samftp
May  5 15:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: Failed password for root from 218.92.0.179 port 12525 ssh2
May  5 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12525 ssh2]
May  5 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: Received disconnect from 218.92.0.179 port 12525:11:  [preauth]
May  5 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: Disconnected from 218.92.0.179 port 12525 [preauth]
May  5 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18537]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session closed for user root
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session closed for user p13x
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18790]: Successful su for rubyman by root
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18790]: + ??? root:rubyman
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334789 of user rubyman.
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18790]: pam_unix(su:session): session closed for user rubyman
May  5 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334789.
May  5 15:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15923]: pam_unix(cron:session): session closed for user root
May  5 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session closed for user samftp
May  5 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Invalid user ftpuser from 164.68.105.9
May  5 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: input_userauth_request: invalid user ftpuser [preauth]
May  5 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Failed password for invalid user ftpuser from 164.68.105.9 port 41776 ssh2
May  5 15:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Connection closed by 164.68.105.9 port 41776 [preauth]
May  5 15:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17724]: pam_unix(cron:session): session closed for user root
May  5 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19149]: pam_unix(cron:session): session closed for user p13x
May  5 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: Successful su for rubyman by root
May  5 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: + ??? root:rubyman
May  5 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334793 of user rubyman.
May  5 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19209]: pam_unix(su:session): session closed for user rubyman
May  5 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334793.
May  5 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session closed for user root
May  5 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19150]: pam_unix(cron:session): session closed for user samftp
May  5 15:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Invalid user username from 80.94.95.125
May  5 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: input_userauth_request: invalid user username [preauth]
May  5 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for invalid user username from 80.94.95.125 port 58673 ssh2
May  5 15:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for invalid user username from 80.94.95.125 port 58673 ssh2
May  5 15:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for invalid user username from 80.94.95.125 port 58673 ssh2
May  5 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for invalid user username from 80.94.95.125 port 58673 ssh2
May  5 15:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: pam_unix(sshd:auth): check pass; user unknown
May  5 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Failed password for invalid user username from 80.94.95.125 port 58673 ssh2
May  5 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Received disconnect from 80.94.95.125 port 58673:11: Bye [preauth]
May  5 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: Disconnected from 80.94.95.125 port 58673 [preauth]
May  5 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19431]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18250]: pam_unix(cron:session): session closed for user root
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user root
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19596]: pam_unix(cron:session): session closed for user root
May  5 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19594]: pam_unix(cron:session): session closed for user p13x
May  5 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19709]: Successful su for rubyman by root
May  5 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19709]: + ??? root:rubyman
May  5 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334803 of user rubyman.
May  5 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19709]: pam_unix(su:session): session closed for user rubyman
May  5 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334803.
May  5 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session closed for user root
May  5 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19597]: pam_unix(cron:session): session closed for user root
May  5 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19595]: pam_unix(cron:session): session closed for user samftp
May  5 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18725]: pam_unix(cron:session): session closed for user root
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20186]: pam_unix(cron:session): session closed for user p13x
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20256]: Successful su for rubyman by root
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20256]: + ??? root:rubyman
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334804 of user rubyman.
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20256]: pam_unix(su:session): session closed for user rubyman
May  5 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334804.
May  5 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session closed for user root
May  5 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20187]: pam_unix(cron:session): session closed for user samftp
May  5 16:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20504]: Did not receive identification string from 111.67.203.183
May  5 16:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19152]: pam_unix(cron:session): session closed for user root
May  5 16:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20506]: Connection closed by 111.67.203.183 port 59356 [preauth]
May  5 16:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20539]: Connection closed by 111.67.203.183 port 54416 [preauth]
May  5 16:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20563]: Connection closed by 111.67.203.183 port 34826 [preauth]
May  5 16:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 16:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Failed password for root from 202.157.176.210 port 59638 ssh2
May  5 16:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Received disconnect from 202.157.176.210 port 59638:11: Bye Bye [preauth]
May  5 16:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20609]: Disconnected from 202.157.176.210 port 59638 [preauth]
May  5 16:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session closed for user p13x
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: Successful su for rubyman by root
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: + ??? root:rubyman
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334810 of user rubyman.
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: pam_unix(su:session): session closed for user rubyman
May  5 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334810.
May  5 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Connection closed by 111.67.203.183 port 42850 [preauth]
May  5 16:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17723]: pam_unix(cron:session): session closed for user root
May  5 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20623]: pam_unix(cron:session): session closed for user samftp
May  5 16:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20619]: Connection closed by 111.67.203.183 port 56898 [preauth]
May  5 16:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: Connection reset by 111.67.203.183 port 40062 [preauth]
May  5 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20929]: Connection closed by 111.67.203.183 port 47480 [preauth]
May  5 16:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Connection closed by 111.67.203.183 port 59684 [preauth]
May  5 16:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session closed for user root
May  5 16:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Connection closed by 111.67.203.183 port 40056 [preauth]
May  5 16:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Connection closed by 111.67.203.183 port 48120 [preauth]
May  5 16:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Failed password for root from 218.92.0.179 port 42222 ssh2
May  5 16:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Failed password for root from 218.92.0.179 port 42222 ssh2
May  5 16:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Failed password for root from 218.92.0.179 port 42222 ssh2
May  5 16:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Received disconnect from 218.92.0.179 port 42222:11:  [preauth]
May  5 16:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: Disconnected from 218.92.0.179 port 42222 [preauth]
May  5 16:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21017]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Invalid user hongxuan from 176.31.162.135
May  5 16:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: input_userauth_request: invalid user hongxuan [preauth]
May  5 16:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 16:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21060]: Connection closed by 111.67.203.183 port 34460 [preauth]
May  5 16:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Failed password for invalid user hongxuan from 176.31.162.135 port 32900 ssh2
May  5 16:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Connection closed by 176.31.162.135 port 32900 [preauth]
May  5 16:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21064]: Connection closed by 111.67.203.183 port 43024 [preauth]
May  5 16:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21087]: Did not receive identification string from 154.81.156.51
May  5 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user p13x
May  5 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: Successful su for rubyman by root
May  5 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: + ??? root:rubyman
May  5 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334812 of user rubyman.
May  5 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: pam_unix(su:session): session closed for user rubyman
May  5 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334812.
May  5 16:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18249]: pam_unix(cron:session): session closed for user root
May  5 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21084]: Connection closed by 111.67.203.183 port 51770 [preauth]
May  5 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session closed for user samftp
May  5 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21395]: Connection closed by 111.67.203.183 port 33120 [preauth]
May  5 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: Connection closed by 111.67.203.183 port 46108 [preauth]
May  5 16:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Connection closed by 111.67.203.183 port 54350 [preauth]
May  5 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20189]: pam_unix(cron:session): session closed for user root
May  5 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: Connection closed by 111.67.203.183 port 35260 [preauth]
May  5 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21519]: Connection closed by 111.67.203.183 port 47338 [preauth]
May  5 16:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21590]: Connection closed by 111.67.203.183 port 55798 [preauth]
May  5 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21609]: Connection closed by 111.67.203.183 port 37156 [preauth]
May  5 16:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21629]: pam_unix(cron:session): session closed for user p13x
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21713]: Successful su for rubyman by root
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21713]: + ??? root:rubyman
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334816 of user rubyman.
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21713]: pam_unix(su:session): session closed for user rubyman
May  5 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334816.
May  5 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18724]: pam_unix(cron:session): session closed for user root
May  5 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21630]: pam_unix(cron:session): session closed for user samftp
May  5 16:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: Connection closed by 111.67.203.183 port 52084 [preauth]
May  5 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20625]: pam_unix(cron:session): session closed for user root
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22456]: pam_unix(cron:session): session closed for user root
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session closed for user p13x
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: Successful su for rubyman by root
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: + ??? root:rubyman
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334822 of user rubyman.
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22525]: pam_unix(su:session): session closed for user rubyman
May  5 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334822.
May  5 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
May  5 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19151]: pam_unix(cron:session): session closed for user root
May  5 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user samftp
May  5 16:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Invalid user ubnt from 80.94.95.241
May  5 16:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: input_userauth_request: invalid user ubnt [preauth]
May  5 16:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 16:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Failed password for invalid user ubnt from 80.94.95.241 port 34971 ssh2
May  5 16:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Failed password for invalid user ubnt from 80.94.95.241 port 34971 ssh2
May  5 16:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Failed password for invalid user ubnt from 80.94.95.241 port 34971 ssh2
May  5 16:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Failed password for invalid user ubnt from 80.94.95.241 port 34971 ssh2
May  5 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Failed password for invalid user ubnt from 80.94.95.241 port 34971 ssh2
May  5 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Received disconnect from 80.94.95.241 port 34971:11: Bye [preauth]
May  5 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: Disconnected from 80.94.95.241 port 34971 [preauth]
May  5 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22765]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session closed for user root
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22992]: pam_unix(cron:session): session closed for user p13x
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23059]: Successful su for rubyman by root
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23059]: + ??? root:rubyman
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334827 of user rubyman.
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23059]: pam_unix(su:session): session closed for user rubyman
May  5 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334827.
May  5 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: Invalid user nc from 103.190.214.241
May  5 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: input_userauth_request: invalid user nc [preauth]
May  5 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.190.214.241
May  5 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19598]: pam_unix(cron:session): session closed for user root
May  5 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22993]: pam_unix(cron:session): session closed for user samftp
May  5 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: Failed password for invalid user nc from 103.190.214.241 port 49642 ssh2
May  5 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: Received disconnect from 103.190.214.241 port 49642:11: Bye Bye [preauth]
May  5 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23142]: Disconnected from 103.190.214.241 port 49642 [preauth]
May  5 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user root
May  5 16:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 16:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: Failed password for root from 218.92.0.210 port 44046 ssh2
May  5 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 44046 ssh2]
May  5 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 44046 ssh2 [preauth]
May  5 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: Disconnecting: Too many authentication failures [preauth]
May  5 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23468]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23536]: pam_unix(cron:session): session closed for user p13x
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: Successful su for rubyman by root
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: + ??? root:rubyman
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334830 of user rubyman.
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23600]: pam_unix(su:session): session closed for user rubyman
May  5 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334830.
May  5 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20188]: pam_unix(cron:session): session closed for user root
May  5 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23537]: pam_unix(cron:session): session closed for user samftp
May  5 16:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Invalid user admin from 80.94.95.112
May  5 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: input_userauth_request: invalid user admin [preauth]
May  5 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 16:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user admin from 80.94.95.112 port 58402 ssh2
May  5 16:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user admin from 80.94.95.112 port 58402 ssh2
May  5 16:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user admin from 80.94.95.112 port 58402 ssh2
May  5 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 16:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user admin from 80.94.95.112 port 58402 ssh2
May  5 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Failed password for root from 202.157.176.210 port 41440 ssh2
May  5 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Received disconnect from 202.157.176.210 port 41440:11: Bye Bye [preauth]
May  5 16:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23932]: Disconnected from 202.157.176.210 port 41440 [preauth]
May  5 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user admin from 80.94.95.112 port 58402 ssh2
May  5 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Received disconnect from 80.94.95.112 port 58402:11: Bye [preauth]
May  5 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Disconnected from 80.94.95.112 port 58402 [preauth]
May  5 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user root
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session closed for user p13x
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24130]: Successful su for rubyman by root
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24130]: + ??? root:rubyman
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334834 of user rubyman.
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24130]: pam_unix(su:session): session closed for user rubyman
May  5 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334834.
May  5 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20624]: pam_unix(cron:session): session closed for user root
May  5 16:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session closed for user samftp
May  5 16:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session closed for user root
May  5 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24518]: pam_unix(cron:session): session closed for user p13x
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: Successful su for rubyman by root
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: + ??? root:rubyman
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334838 of user rubyman.
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24637]: pam_unix(su:session): session closed for user rubyman
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334838.
May  5 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session closed for user root
May  5 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21092]: pam_unix(cron:session): session closed for user root
May  5 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24519]: pam_unix(cron:session): session closed for user samftp
May  5 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session closed for user root
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session closed for user root
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25046]: pam_unix(cron:session): session closed for user p13x
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: Successful su for rubyman by root
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: + ??? root:rubyman
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334843 of user rubyman.
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session closed for user rubyman
May  5 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334843.
May  5 16:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session closed for user root
May  5 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21631]: pam_unix(cron:session): session closed for user root
May  5 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session closed for user samftp
May  5 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user root
May  5 16:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Failed password for root from 218.92.0.179 port 48968 ssh2
May  5 16:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 48968 ssh2]
May  5 16:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Received disconnect from 218.92.0.179 port 48968:11:  [preauth]
May  5 16:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: Disconnected from 218.92.0.179 port 48968 [preauth]
May  5 16:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25491]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25510]: pam_unix(cron:session): session closed for user p13x
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25588]: Successful su for rubyman by root
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25588]: + ??? root:rubyman
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334849 of user rubyman.
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25588]: pam_unix(su:session): session closed for user rubyman
May  5 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334849.
May  5 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
May  5 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25511]: pam_unix(cron:session): session closed for user samftp
May  5 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24523]: pam_unix(cron:session): session closed for user root
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25916]: pam_unix(cron:session): session closed for user p13x
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25978]: Successful su for rubyman by root
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25978]: + ??? root:rubyman
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334855 of user rubyman.
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25978]: pam_unix(su:session): session closed for user rubyman
May  5 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334855.
May  5 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22994]: pam_unix(cron:session): session closed for user root
May  5 16:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25917]: pam_unix(cron:session): session closed for user samftp
May  5 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session closed for user root
May  5 16:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 16:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Failed password for root from 202.157.176.210 port 51520 ssh2
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Received disconnect from 202.157.176.210 port 51520:11: Bye Bye [preauth]
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26305]: Disconnected from 202.157.176.210 port 51520 [preauth]
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session closed for user p13x
May  5 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26379]: Successful su for rubyman by root
May  5 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26379]: + ??? root:rubyman
May  5 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334857 of user rubyman.
May  5 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26379]: pam_unix(su:session): session closed for user rubyman
May  5 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334857.
May  5 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23538]: pam_unix(cron:session): session closed for user root
May  5 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session closed for user samftp
May  5 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25513]: pam_unix(cron:session): session closed for user root
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session closed for user p13x
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: Successful su for rubyman by root
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: + ??? root:rubyman
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334862 of user rubyman.
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session closed for user rubyman
May  5 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334862.
May  5 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session closed for user root
May  5 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session closed for user samftp
May  5 16:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25920]: pam_unix(cron:session): session closed for user root
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27265]: pam_unix(cron:session): session closed for user root
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27260]: pam_unix(cron:session): session closed for user p13x
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: Successful su for rubyman by root
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: + ??? root:rubyman
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334868 of user rubyman.
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27337]: pam_unix(su:session): session closed for user rubyman
May  5 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334868.
May  5 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27262]: pam_unix(cron:session): session closed for user root
May  5 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24520]: pam_unix(cron:session): session closed for user root
May  5 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27261]: pam_unix(cron:session): session closed for user samftp
May  5 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26322]: pam_unix(cron:session): session closed for user root
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session closed for user p13x
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27817]: Successful su for rubyman by root
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27817]: + ??? root:rubyman
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334872 of user rubyman.
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27817]: pam_unix(su:session): session closed for user rubyman
May  5 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334872.
May  5 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session closed for user root
May  5 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session closed for user samftp
May  5 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session closed for user root
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user root
May  5 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session closed for user p13x
May  5 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: Successful su for rubyman by root
May  5 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: + ??? root:rubyman
May  5 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334876 of user rubyman.
May  5 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28224]: pam_unix(su:session): session closed for user rubyman
May  5 16:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334876.
May  5 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25512]: pam_unix(cron:session): session closed for user root
May  5 16:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28159]: pam_unix(cron:session): session closed for user samftp
May  5 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27264]: pam_unix(cron:session): session closed for user root
May  5 16:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 16:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Failed password for root from 218.92.0.179 port 21496 ssh2
May  5 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: Failed password for root from 190.103.202.7 port 60698 ssh2
May  5 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28540]: Connection closed by 190.103.202.7 port 60698 [preauth]
May  5 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Failed password for root from 218.92.0.179 port 21496 ssh2
May  5 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Failed password for root from 218.92.0.179 port 21496 ssh2
May  5 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Received disconnect from 218.92.0.179 port 21496:11:  [preauth]
May  5 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Disconnected from 218.92.0.179 port 21496 [preauth]
May  5 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session closed for user p13x
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28621]: Successful su for rubyman by root
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28621]: + ??? root:rubyman
May  5 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334882 of user rubyman.
May  5 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28621]: pam_unix(su:session): session closed for user rubyman
May  5 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334882.
May  5 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25918]: pam_unix(cron:session): session closed for user root
May  5 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session closed for user samftp
May  5 16:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Invalid user steam from 202.157.176.210
May  5 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: input_userauth_request: invalid user steam [preauth]
May  5 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session closed for user root
May  5 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for invalid user steam from 202.157.176.210 port 33392 ssh2
May  5 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Received disconnect from 202.157.176.210 port 33392:11: Bye Bye [preauth]
May  5 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Disconnected from 202.157.176.210 port 33392 [preauth]
May  5 16:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: Invalid user status from 46.244.96.25
May  5 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: input_userauth_request: invalid user status [preauth]
May  5 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: Failed password for invalid user status from 46.244.96.25 port 50258 ssh2
May  5 16:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28949]: Connection closed by 46.244.96.25 port 50258 [preauth]
May  5 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: Did not receive identification string from 154.81.156.51
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session closed for user p13x
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29158]: Successful su for rubyman by root
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29158]: + ??? root:rubyman
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334886 of user rubyman.
May  5 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29158]: pam_unix(su:session): session closed for user rubyman
May  5 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334886.
May  5 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session closed for user root
May  5 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session closed for user samftp
May  5 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29444]: Did not receive identification string from 92.118.39.61
May  5 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28162]: pam_unix(cron:session): session closed for user root
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29540]: pam_unix(cron:session): session closed for user root
May  5 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29535]: pam_unix(cron:session): session closed for user p13x
May  5 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: Successful su for rubyman by root
May  5 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: + ??? root:rubyman
May  5 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334890 of user rubyman.
May  5 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29606]: pam_unix(su:session): session closed for user rubyman
May  5 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334890.
May  5 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29537]: pam_unix(cron:session): session closed for user root
May  5 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session closed for user root
May  5 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29536]: pam_unix(cron:session): session closed for user samftp
May  5 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28562]: pam_unix(cron:session): session closed for user root
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29970]: pam_unix(cron:session): session closed for user p13x
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30039]: Successful su for rubyman by root
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30039]: + ??? root:rubyman
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334894 of user rubyman.
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30039]: pam_unix(su:session): session closed for user rubyman
May  5 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334894.
May  5 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27263]: pam_unix(cron:session): session closed for user root
May  5 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29971]: pam_unix(cron:session): session closed for user samftp
May  5 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session closed for user root
May  5 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session closed for user p13x
May  5 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: Successful su for rubyman by root
May  5 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: + ??? root:rubyman
May  5 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334898 of user rubyman.
May  5 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: pam_unix(su:session): session closed for user rubyman
May  5 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334898.
May  5 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session closed for user root
May  5 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session closed for user samftp
May  5 16:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 16:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: Failed password for root from 218.92.0.204 port 57224 ssh2
May  5 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 57224 ssh2]
May  5 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 57224 ssh2 [preauth]
May  5 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: Disconnecting: Too many authentication failures [preauth]
May  5 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30634]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Failed password for root from 218.92.0.204 port 10168 ssh2
May  5 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29539]: pam_unix(cron:session): session closed for user root
May  5 16:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Failed password for root from 218.92.0.204 port 10168 ssh2
May  5 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 10168 ssh2]
May  5 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 10168 ssh2 [preauth]
May  5 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: Disconnecting: Too many authentication failures [preauth]
May  5 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30696]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 16:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 16:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Failed password for root from 218.92.0.204 port 53208 ssh2
May  5 16:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Received disconnect from 218.92.0.204 port 53208:11:  [preauth]
May  5 16:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Disconnected from 218.92.0.204 port 53208 [preauth]
May  5 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session closed for user p13x
May  5 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: Successful su for rubyman by root
May  5 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: + ??? root:rubyman
May  5 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334902 of user rubyman.
May  5 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: pam_unix(su:session): session closed for user rubyman
May  5 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334902.
May  5 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28161]: pam_unix(cron:session): session closed for user root
May  5 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session closed for user samftp
May  5 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29975]: pam_unix(cron:session): session closed for user root
May  5 16:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 16:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.34.132.221
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31231]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31230]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31230]: pam_unix(cron:session): session closed for user p13x
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: Successful su for rubyman by root
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: + ??? root:rubyman
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334906 of user rubyman.
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31298]: pam_unix(su:session): session closed for user rubyman
May  5 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334906.
May  5 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28561]: pam_unix(cron:session): session closed for user root
May  5 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31231]: pam_unix(cron:session): session closed for user samftp
May  5 16:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 16:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: Failed password for root from 202.157.176.210 port 43500 ssh2
May  5 16:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: Received disconnect from 202.157.176.210 port 43500:11: Bye Bye [preauth]
May  5 16:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31488]: Disconnected from 202.157.176.210 port 43500 [preauth]
May  5 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session closed for user root
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session closed for user root
May  5 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31656]: pam_unix(cron:session): session closed for user p13x
May  5 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: Successful su for rubyman by root
May  5 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: + ??? root:rubyman
May  5 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334913 of user rubyman.
May  5 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31737]: pam_unix(su:session): session closed for user rubyman
May  5 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334913.
May  5 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31658]: pam_unix(cron:session): session closed for user root
May  5 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29004]: pam_unix(cron:session): session closed for user root
May  5 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31657]: pam_unix(cron:session): session closed for user samftp
May  5 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session closed for user root
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user p13x
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: Successful su for rubyman by root
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: + ??? root:rubyman
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334918 of user rubyman.
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32182]: pam_unix(su:session): session closed for user rubyman
May  5 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334918.
May  5 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29538]: pam_unix(cron:session): session closed for user root
May  5 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session closed for user samftp
May  5 16:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31233]: pam_unix(cron:session): session closed for user root
May  5 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session closed for user p13x
May  5 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32583]: Successful su for rubyman by root
May  5 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32583]: + ??? root:rubyman
May  5 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334921 of user rubyman.
May  5 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32583]: pam_unix(su:session): session closed for user rubyman
May  5 16:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334921.
May  5 16:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29972]: pam_unix(cron:session): session closed for user root
May  5 16:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32518]: pam_unix(cron:session): session closed for user samftp
May  5 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31660]: pam_unix(cron:session): session closed for user root
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[584]: pam_unix(cron:session): session closed for user p13x
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: Successful su for rubyman by root
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: + ??? root:rubyman
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334925 of user rubyman.
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[652]: pam_unix(su:session): session closed for user rubyman
May  5 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334925.
May  5 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session closed for user root
May  5 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[585]: pam_unix(cron:session): session closed for user samftp
May  5 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32110]: pam_unix(cron:session): session closed for user root
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1026]: pam_unix(cron:session): session closed for user p13x
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1094]: Successful su for rubyman by root
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1094]: + ??? root:rubyman
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334928 of user rubyman.
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1094]: pam_unix(su:session): session closed for user rubyman
May  5 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334928.
May  5 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session closed for user root
May  5 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1027]: pam_unix(cron:session): session closed for user samftp
May  5 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session closed for user root
May  5 16:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: Did not receive identification string from 92.255.57.132
May  5 16:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 16:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Failed password for root from 202.157.176.210 port 53600 ssh2
May  5 16:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Received disconnect from 202.157.176.210 port 53600:11: Bye Bye [preauth]
May  5 16:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1533]: Disconnected from 202.157.176.210 port 53600 [preauth]
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1574]: pam_unix(cron:session): session closed for user root
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1569]: pam_unix(cron:session): session closed for user p13x
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1642]: Successful su for rubyman by root
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1642]: + ??? root:rubyman
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334932 of user rubyman.
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1642]: pam_unix(su:session): session closed for user rubyman
May  5 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334932.
May  5 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session closed for user root
May  5 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1571]: pam_unix(cron:session): session closed for user root
May  5 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1570]: pam_unix(cron:session): session closed for user samftp
May  5 16:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session closed for user root
May  5 16:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Invalid user | from 195.178.110.50
May  5 16:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: input_userauth_request: invalid user | [preauth]
May  5 16:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 16:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Failed password for invalid user | from 195.178.110.50 port 33466 ssh2
May  5 16:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2065]: Connection closed by 195.178.110.50 port 33466 [preauth]
May  5 16:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2178]: pam_unix(cron:session): session closed for user p13x
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2245]: Successful su for rubyman by root
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2245]: + ??? root:rubyman
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334938 of user rubyman.
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2245]: pam_unix(su:session): session closed for user rubyman
May  5 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334938.
May  5 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31659]: pam_unix(cron:session): session closed for user root
May  5 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2179]: pam_unix(cron:session): session closed for user samftp
May  5 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Invalid user ] from 195.178.110.50
May  5 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: input_userauth_request: invalid user ] [preauth]
May  5 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 16:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Failed password for invalid user ] from 195.178.110.50 port 20266 ssh2
May  5 16:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2158]: Connection closed by 195.178.110.50 port 20266 [preauth]
May  5 16:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Invalid user > from 195.178.110.50
May  5 16:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: input_userauth_request: invalid user > [preauth]
May  5 16:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 16:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user > from 195.178.110.50 port 34096 ssh2
May  5 16:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Connection closed by 195.178.110.50 port 34096 [preauth]
May  5 16:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1029]: pam_unix(cron:session): session closed for user root
May  5 16:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Invalid user } from 195.178.110.50
May  5 16:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: input_userauth_request: invalid user } [preauth]
May  5 16:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Failed password for invalid user } from 195.178.110.50 port 44340 ssh2
May  5 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2525]: Connection closed by 195.178.110.50 port 44340 [preauth]
May  5 16:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session closed for user p13x
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2729]: Successful su for rubyman by root
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2729]: + ??? root:rubyman
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334944 of user rubyman.
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2729]: pam_unix(su:session): session closed for user rubyman
May  5 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334944.
May  5 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session closed for user root
May  5 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2653]: pam_unix(cron:session): session closed for user samftp
May  5 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Invalid user ^ from 195.178.110.50
May  5 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: input_userauth_request: invalid user ^ [preauth]
May  5 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 16:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Failed password for invalid user ^ from 195.178.110.50 port 4596 ssh2
May  5 16:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2614]: Connection closed by 195.178.110.50 port 4596 [preauth]
May  5 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1573]: pam_unix(cron:session): session closed for user root
May  5 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user p13x
May  5 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: Successful su for rubyman by root
May  5 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: + ??? root:rubyman
May  5 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334946 of user rubyman.
May  5 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session closed for user rubyman
May  5 16:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334946.
May  5 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session closed for user root
May  5 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user samftp
May  5 16:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2181]: pam_unix(cron:session): session closed for user root
May  5 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session closed for user p13x
May  5 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3663]: Successful su for rubyman by root
May  5 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3663]: + ??? root:rubyman
May  5 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334951 of user rubyman.
May  5 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3663]: pam_unix(su:session): session closed for user rubyman
May  5 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334951.
May  5 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session closed for user root
May  5 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session closed for user samftp
May  5 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2656]: pam_unix(cron:session): session closed for user root
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4045]: pam_unix(cron:session): session closed for user root
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4040]: pam_unix(cron:session): session closed for user p13x
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: Successful su for rubyman by root
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: + ??? root:rubyman
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334959 of user rubyman.
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4110]: pam_unix(su:session): session closed for user rubyman
May  5 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334959.
May  5 16:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4042]: pam_unix(cron:session): session closed for user root
May  5 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1028]: pam_unix(cron:session): session closed for user root
May  5 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4041]: pam_unix(cron:session): session closed for user samftp
May  5 16:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Invalid user ubnt from 80.94.95.241
May  5 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: input_userauth_request: invalid user ubnt [preauth]
May  5 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for invalid user ubnt from 80.94.95.241 port 6287 ssh2
May  5 16:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for invalid user ubnt from 80.94.95.241 port 6287 ssh2
May  5 16:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for invalid user ubnt from 80.94.95.241 port 6287 ssh2
May  5 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210  user=root
May  5 16:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for invalid user ubnt from 80.94.95.241 port 6287 ssh2
May  5 16:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Failed password for root from 202.157.176.210 port 35492 ssh2
May  5 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Received disconnect from 202.157.176.210 port 35492:11: Bye Bye [preauth]
May  5 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Disconnected from 202.157.176.210 port 35492 [preauth]
May  5 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for invalid user ubnt from 80.94.95.241 port 6287 ssh2
May  5 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Received disconnect from 80.94.95.241 port 6287:11: Bye [preauth]
May  5 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Disconnected from 80.94.95.241 port 6287 [preauth]
May  5 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 16:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session closed for user root
May  5 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4674]: pam_unix(cron:session): session closed for user p13x
May  5 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: Successful su for rubyman by root
May  5 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: + ??? root:rubyman
May  5 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334960 of user rubyman.
May  5 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4744]: pam_unix(su:session): session closed for user rubyman
May  5 16:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334960.
May  5 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1572]: pam_unix(cron:session): session closed for user root
May  5 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4675]: pam_unix(cron:session): session closed for user samftp
May  5 16:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session closed for user root
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session closed for user p13x
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5353]: Successful su for rubyman by root
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5353]: + ??? root:rubyman
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334964 of user rubyman.
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5353]: pam_unix(su:session): session closed for user rubyman
May  5 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334964.
May  5 16:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2180]: pam_unix(cron:session): session closed for user root
May  5 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session closed for user samftp
May  5 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4044]: pam_unix(cron:session): session closed for user root
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user p13x
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: Successful su for rubyman by root
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: + ??? root:rubyman
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334970 of user rubyman.
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5919]: pam_unix(su:session): session closed for user rubyman
May  5 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334970.
May  5 16:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2655]: pam_unix(cron:session): session closed for user root
May  5 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session closed for user samftp
May  5 16:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 16:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Failed password for root from 218.92.0.209 port 9556 ssh2
May  5 16:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: message repeated 4 times: [ Failed password for root from 218.92.0.209 port 9556 ssh2]
May  5 16:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 9556 ssh2 [preauth]
May  5 16:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Disconnecting: Too many authentication failures [preauth]
May  5 16:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 16:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4679]: pam_unix(cron:session): session closed for user root
May  5 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6296]: pam_unix(cron:session): session closed for user p13x
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: Successful su for rubyman by root
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: + ??? root:rubyman
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334972 of user rubyman.
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: pam_unix(su:session): session closed for user rubyman
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334972.
May  5 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6294]: pam_unix(cron:session): session closed for user root
May  5 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session closed for user root
May  5 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6297]: pam_unix(cron:session): session closed for user samftp
May  5 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session closed for user root
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6796]: pam_unix(cron:session): session closed for user root
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session closed for user p13x
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6860]: Successful su for rubyman by root
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6860]: + ??? root:rubyman
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334980 of user rubyman.
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6860]: pam_unix(su:session): session closed for user rubyman
May  5 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334980.
May  5 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session closed for user root
May  5 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session closed for user root
May  5 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session closed for user samftp
May  5 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user root
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7339]: pam_unix(cron:session): session closed for user p13x
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7403]: Successful su for rubyman by root
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7403]: + ??? root:rubyman
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334984 of user rubyman.
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7403]: pam_unix(su:session): session closed for user rubyman
May  5 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334984.
May  5 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4043]: pam_unix(cron:session): session closed for user root
May  5 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session closed for user samftp
May  5 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Invalid user teamspeak from 202.157.176.210
May  5 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: input_userauth_request: invalid user teamspeak [preauth]
May  5 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Failed password for invalid user teamspeak from 202.157.176.210 port 45564 ssh2
May  5 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Received disconnect from 202.157.176.210 port 45564:11: Bye Bye [preauth]
May  5 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Disconnected from 202.157.176.210 port 45564 [preauth]
May  5 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6299]: pam_unix(cron:session): session closed for user root
May  5 16:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Invalid user albert from 164.68.105.9
May  5 16:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: input_userauth_request: invalid user albert [preauth]
May  5 16:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  5 16:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Failed password for invalid user albert from 164.68.105.9 port 55640 ssh2
May  5 16:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7813]: Connection closed by 164.68.105.9 port 55640 [preauth]
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7864]: pam_unix(cron:session): session closed for user p13x
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: Successful su for rubyman by root
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: + ??? root:rubyman
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334987 of user rubyman.
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7926]: pam_unix(su:session): session closed for user rubyman
May  5 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334987.
May  5 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4676]: pam_unix(cron:session): session closed for user root
May  5 16:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7865]: pam_unix(cron:session): session closed for user samftp
May  5 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session closed for user root
May  5 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session closed for user p13x
May  5 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: Successful su for rubyman by root
May  5 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: + ??? root:rubyman
May  5 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334991 of user rubyman.
May  5 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session closed for user rubyman
May  5 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334991.
May  5 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session closed for user root
May  5 16:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user samftp
May  5 16:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7342]: pam_unix(cron:session): session closed for user root
May  5 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8802]: pam_unix(cron:session): session closed for user p13x
May  5 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: Successful su for rubyman by root
May  5 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: + ??? root:rubyman
May  5 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 334997 of user rubyman.
May  5 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8867]: pam_unix(su:session): session closed for user rubyman
May  5 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 334997.
May  5 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session closed for user root
May  5 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8803]: pam_unix(cron:session): session closed for user samftp
May  5 16:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Invalid user admin from 80.94.95.112
May  5 16:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: input_userauth_request: invalid user admin [preauth]
May  5 16:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for invalid user admin from 80.94.95.112 port 10615 ssh2
May  5 16:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for invalid user admin from 80.94.95.112 port 10615 ssh2
May  5 16:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for invalid user admin from 80.94.95.112 port 10615 ssh2
May  5 16:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for invalid user admin from 80.94.95.112 port 10615 ssh2
May  5 16:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Failed password for invalid user admin from 80.94.95.112 port 10615 ssh2
May  5 16:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Received disconnect from 80.94.95.112 port 10615:11: Bye [preauth]
May  5 16:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: Disconnected from 80.94.95.112 port 10615 [preauth]
May  5 16:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 16:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9066]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session closed for user root
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9363]: pam_unix(cron:session): session closed for user root
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9358]: pam_unix(cron:session): session closed for user p13x
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: Successful su for rubyman by root
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: + ??? root:rubyman
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335001 of user rubyman.
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9428]: pam_unix(su:session): session closed for user rubyman
May  5 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335001.
May  5 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9360]: pam_unix(cron:session): session closed for user root
May  5 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6298]: pam_unix(cron:session): session closed for user root
May  5 16:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9359]: pam_unix(cron:session): session closed for user samftp
May  5 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user root
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session closed for user p13x
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9876]: Successful su for rubyman by root
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9876]: + ??? root:rubyman
May  5 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335005 of user rubyman.
May  5 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9876]: pam_unix(su:session): session closed for user rubyman
May  5 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335005.
May  5 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session closed for user root
May  5 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user samftp
May  5 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session closed for user root
May  5 16:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Invalid user admin from 202.157.176.210
May  5 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: input_userauth_request: invalid user admin [preauth]
May  5 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 16:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for invalid user admin from 202.157.176.210 port 55646 ssh2
May  5 16:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Received disconnect from 202.157.176.210 port 55646:11: Bye Bye [preauth]
May  5 16:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Disconnected from 202.157.176.210 port 55646 [preauth]
May  5 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session closed for user p13x
May  5 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10362]: Successful su for rubyman by root
May  5 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10362]: + ??? root:rubyman
May  5 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335011 of user rubyman.
May  5 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10362]: pam_unix(su:session): session closed for user rubyman
May  5 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335011.
May  5 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session closed for user root
May  5 16:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session closed for user samftp
May  5 16:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9362]: pam_unix(cron:session): session closed for user root
May  5 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session closed for user p13x
May  5 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: Successful su for rubyman by root
May  5 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: + ??? root:rubyman
May  5 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335015 of user rubyman.
May  5 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10840]: pam_unix(su:session): session closed for user rubyman
May  5 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335015.
May  5 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7866]: pam_unix(cron:session): session closed for user root
May  5 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user samftp
May  5 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
May  5 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11178]: pam_unix(cron:session): session closed for user p13x
May  5 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11237]: Successful su for rubyman by root
May  5 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11237]: + ??? root:rubyman
May  5 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335017 of user rubyman.
May  5 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11237]: pam_unix(su:session): session closed for user rubyman
May  5 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335017.
May  5 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user root
May  5 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11179]: pam_unix(cron:session): session closed for user samftp
May  5 16:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Failed password for root from 218.92.0.179 port 35573 ssh2
May  5 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35573 ssh2]
May  5 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Received disconnect from 218.92.0.179 port 35573:11:  [preauth]
May  5 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: Disconnected from 218.92.0.179 port 35573 [preauth]
May  5 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11391]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10301]: pam_unix(cron:session): session closed for user root
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11581]: pam_unix(cron:session): session closed for user root
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session closed for user p13x
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11644]: Successful su for rubyman by root
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11644]: + ??? root:rubyman
May  5 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335023 of user rubyman.
May  5 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11644]: pam_unix(su:session): session closed for user rubyman
May  5 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335023.
May  5 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11578]: pam_unix(cron:session): session closed for user root
May  5 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user root
May  5 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session closed for user samftp
May  5 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10782]: pam_unix(cron:session): session closed for user root
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11991]: pam_unix(cron:session): session closed for user p13x
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: Successful su for rubyman by root
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: + ??? root:rubyman
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335027 of user rubyman.
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12055]: pam_unix(su:session): session closed for user rubyman
May  5 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335027.
May  5 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9361]: pam_unix(cron:session): session closed for user root
May  5 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session closed for user samftp
May  5 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session closed for user root
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12405]: pam_unix(cron:session): session closed for user p13x
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12464]: Successful su for rubyman by root
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12464]: + ??? root:rubyman
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335033 of user rubyman.
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12464]: pam_unix(su:session): session closed for user rubyman
May  5 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335033.
May  5 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user root
May  5 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12406]: pam_unix(cron:session): session closed for user samftp
May  5 16:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Invalid user teaspeak from 202.157.176.210
May  5 16:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: input_userauth_request: invalid user teaspeak [preauth]
May  5 16:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 16:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Failed password for invalid user teaspeak from 202.157.176.210 port 37482 ssh2
May  5 16:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Received disconnect from 202.157.176.210 port 37482:11: Bye Bye [preauth]
May  5 16:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Disconnected from 202.157.176.210 port 37482 [preauth]
May  5 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11580]: pam_unix(cron:session): session closed for user root
May  5 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12785]: pam_unix(cron:session): session closed for user p13x
May  5 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12847]: Successful su for rubyman by root
May  5 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12847]: + ??? root:rubyman
May  5 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335037 of user rubyman.
May  5 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12847]: pam_unix(su:session): session closed for user rubyman
May  5 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335037.
May  5 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session closed for user root
May  5 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12786]: pam_unix(cron:session): session closed for user samftp
May  5 16:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.207.223.117  user=root
May  5 16:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: Failed password for root from 45.207.223.117 port 45974 ssh2
May  5 16:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13039]: Connection closed by 45.207.223.117 port 45974 [preauth]
May  5 16:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Failed password for root from 218.92.0.179 port 34079 ssh2
May  5 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 34079 ssh2]
May  5 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Received disconnect from 218.92.0.179 port 34079:11:  [preauth]
May  5 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: Disconnected from 218.92.0.179 port 34079 [preauth]
May  5 16:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13065]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user root
May  5 16:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13179]: pam_unix(cron:session): session closed for user p13x
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13241]: Successful su for rubyman by root
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13241]: + ??? root:rubyman
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335039 of user rubyman.
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13241]: pam_unix(su:session): session closed for user rubyman
May  5 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335039.
May  5 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session closed for user root
May  5 16:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13180]: pam_unix(cron:session): session closed for user samftp
May  5 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12408]: pam_unix(cron:session): session closed for user root
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13696]: pam_unix(cron:session): session closed for user root
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13689]: pam_unix(cron:session): session closed for user p13x
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: Successful su for rubyman by root
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: + ??? root:rubyman
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335043 of user rubyman.
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13766]: pam_unix(su:session): session closed for user rubyman
May  5 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335043.
May  5 16:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13691]: pam_unix(cron:session): session closed for user root
May  5 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11180]: pam_unix(cron:session): session closed for user root
May  5 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13690]: pam_unix(cron:session): session closed for user samftp
May  5 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12788]: pam_unix(cron:session): session closed for user root
May  5 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session closed for user p13x
May  5 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: Successful su for rubyman by root
May  5 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: + ??? root:rubyman
May  5 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335049 of user rubyman.
May  5 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: pam_unix(su:session): session closed for user rubyman
May  5 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335049.
May  5 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session closed for user root
May  5 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session closed for user samftp
May  5 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13182]: pam_unix(cron:session): session closed for user root
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14522]: pam_unix(cron:session): session closed for user p13x
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: Successful su for rubyman by root
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: + ??? root:rubyman
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335053 of user rubyman.
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14586]: pam_unix(su:session): session closed for user rubyman
May  5 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335053.
May  5 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session closed for user root
May  5 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session closed for user samftp
May  5 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13695]: pam_unix(cron:session): session closed for user root
May  5 16:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Invalid user test5 from 202.157.176.210
May  5 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: input_userauth_request: invalid user test5 [preauth]
May  5 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): check pass; user unknown
May  5 16:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.157.176.210
May  5 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Failed password for invalid user test5 from 202.157.176.210 port 47534 ssh2
May  5 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Received disconnect from 202.157.176.210 port 47534:11: Bye Bye [preauth]
May  5 16:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14872]: Disconnected from 202.157.176.210 port 47534 [preauth]
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14942]: pam_unix(cron:session): session closed for user p13x
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: Successful su for rubyman by root
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: + ??? root:rubyman
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335058 of user rubyman.
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: pam_unix(su:session): session closed for user rubyman
May  5 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335058.
May  5 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12407]: pam_unix(cron:session): session closed for user root
May  5 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session closed for user samftp
May  5 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session closed for user root
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15326]: pam_unix(cron:session): session closed for user p13x
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15388]: Successful su for rubyman by root
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15388]: + ??? root:rubyman
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335061 of user rubyman.
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15388]: pam_unix(su:session): session closed for user rubyman
May  5 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335061.
May  5 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12787]: pam_unix(cron:session): session closed for user root
May  5 16:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15327]: pam_unix(cron:session): session closed for user samftp
May  5 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session closed for user root
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15732]: pam_unix(cron:session): session closed for user root
May  5 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15727]: pam_unix(cron:session): session closed for user root
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15725]: pam_unix(cron:session): session closed for user p13x
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15816]: Successful su for rubyman by root
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15816]: + ??? root:rubyman
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335066 of user rubyman.
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15816]: pam_unix(su:session): session closed for user rubyman
May  5 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335066.
May  5 17:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13181]: pam_unix(cron:session): session closed for user root
May  5 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session closed for user root
May  5 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15726]: pam_unix(cron:session): session closed for user samftp
May  5 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session closed for user root
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session closed for user p13x
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: Successful su for rubyman by root
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: + ??? root:rubyman
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335073 of user rubyman.
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16274]: pam_unix(su:session): session closed for user rubyman
May  5 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335073.
May  5 17:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13693]: pam_unix(cron:session): session closed for user root
May  5 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session closed for user samftp
May  5 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15329]: pam_unix(cron:session): session closed for user root
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16656]: pam_unix(cron:session): session closed for user p13x
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: Successful su for rubyman by root
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: + ??? root:rubyman
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335077 of user rubyman.
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: pam_unix(su:session): session closed for user rubyman
May  5 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335077.
May  5 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session closed for user root
May  5 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user samftp
May  5 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Invalid user h from 190.103.202.7
May  5 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: input_userauth_request: invalid user h [preauth]
May  5 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 17:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Failed password for invalid user h from 190.103.202.7 port 53000 ssh2
May  5 17:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Connection closed by 190.103.202.7 port 53000 [preauth]
May  5 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15731]: pam_unix(cron:session): session closed for user root
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session closed for user p13x
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: Successful su for rubyman by root
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: + ??? root:rubyman
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335081 of user rubyman.
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17155]: pam_unix(su:session): session closed for user rubyman
May  5 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335081.
May  5 17:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session closed for user root
May  5 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session closed for user samftp
May  5 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user root
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user p13x
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: Successful su for rubyman by root
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: + ??? root:rubyman
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335085 of user rubyman.
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17564]: pam_unix(su:session): session closed for user rubyman
May  5 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335085.
May  5 17:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session closed for user root
May  5 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user samftp
May  5 17:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Failed password for root from 218.92.0.179 port 30844 ssh2
May  5 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 30844 ssh2]
May  5 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Received disconnect from 218.92.0.179 port 30844:11:  [preauth]
May  5 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: Disconnected from 218.92.0.179 port 30844 [preauth]
May  5 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17763]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Invalid user gpadmin from 91.205.219.185
May  5 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: input_userauth_request: invalid user gpadmin [preauth]
May  5 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Failed password for invalid user gpadmin from 91.205.219.185 port 46086 ssh2
May  5 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Received disconnect from 91.205.219.185 port 46086:11: Bye Bye [preauth]
May  5 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17897]: Disconnected from 91.205.219.185 port 46086 [preauth]
May  5 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user root
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session closed for user root
May  5 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18016]: pam_unix(cron:session): session closed for user p13x
May  5 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: Successful su for rubyman by root
May  5 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: + ??? root:rubyman
May  5 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335088 of user rubyman.
May  5 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18098]: pam_unix(su:session): session closed for user rubyman
May  5 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335088.
May  5 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18018]: pam_unix(cron:session): session closed for user root
May  5 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15328]: pam_unix(cron:session): session closed for user root
May  5 17:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18017]: pam_unix(cron:session): session closed for user samftp
May  5 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17094]: pam_unix(cron:session): session closed for user root
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18473]: pam_unix(cron:session): session closed for user p13x
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18542]: Successful su for rubyman by root
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18542]: + ??? root:rubyman
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335094 of user rubyman.
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18542]: pam_unix(su:session): session closed for user rubyman
May  5 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335094.
May  5 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18475]: pam_unix(cron:session): session closed for user samftp
May  5 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session closed for user root
May  5 17:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  5 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: Failed password for root from 50.235.31.47 port 55790 ssh2
May  5 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: Connection closed by 50.235.31.47 port 55790 [preauth]
May  5 17:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user root
May  5 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18887]: pam_unix(cron:session): session closed for user p13x
May  5 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: Successful su for rubyman by root
May  5 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: + ??? root:rubyman
May  5 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335099 of user rubyman.
May  5 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: pam_unix(su:session): session closed for user rubyman
May  5 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335099.
May  5 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session closed for user root
May  5 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18888]: pam_unix(cron:session): session closed for user samftp
May  5 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session closed for user root
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user p13x
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: Successful su for rubyman by root
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: + ??? root:rubyman
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335103 of user rubyman.
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19355]: pam_unix(su:session): session closed for user rubyman
May  5 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335103.
May  5 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user root
May  5 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session closed for user samftp
May  5 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18478]: pam_unix(cron:session): session closed for user root
May  5 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 17:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:137.184.214.16
May  5 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session closed for user p13x
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: Successful su for rubyman by root
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: + ??? root:rubyman
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335107 of user rubyman.
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19827]: pam_unix(su:session): session closed for user rubyman
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335107.
May  5 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19718]: pam_unix(cron:session): session closed for user root
May  5 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17093]: pam_unix(cron:session): session closed for user root
May  5 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user samftp
May  5 17:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 17:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: Failed password for root from 218.92.0.201 port 27706 ssh2
May  5 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 27706 ssh2]
May  5 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 27706 ssh2 [preauth]
May  5 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: Disconnecting: Too many authentication failures [preauth]
May  5 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 17:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20067]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 17:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18890]: pam_unix(cron:session): session closed for user root
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20220]: pam_unix(cron:session): session closed for user root
May  5 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20215]: pam_unix(cron:session): session closed for user p13x
May  5 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: Successful su for rubyman by root
May  5 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: + ??? root:rubyman
May  5 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335114 of user rubyman.
May  5 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20282]: pam_unix(su:session): session closed for user rubyman
May  5 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335114.
May  5 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20217]: pam_unix(cron:session): session closed for user root
May  5 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session closed for user root
May  5 17:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20216]: pam_unix(cron:session): session closed for user samftp
May  5 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user root
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20646]: pam_unix(cron:session): session closed for user p13x
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20715]: Successful su for rubyman by root
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20715]: + ??? root:rubyman
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335119 of user rubyman.
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20715]: pam_unix(su:session): session closed for user rubyman
May  5 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335119.
May  5 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session closed for user root
May  5 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20647]: pam_unix(cron:session): session closed for user samftp
May  5 17:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user root
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21069]: pam_unix(cron:session): session closed for user p13x
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21134]: Successful su for rubyman by root
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21134]: + ??? root:rubyman
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335122 of user rubyman.
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21134]: pam_unix(su:session): session closed for user rubyman
May  5 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335122.
May  5 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18477]: pam_unix(cron:session): session closed for user root
May  5 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21070]: pam_unix(cron:session): session closed for user samftp
May  5 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Connection closed by 172.236.228.111 port 61596 [preauth]
May  5 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Connection closed by 172.236.228.111 port 61608 [preauth]
May  5 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21392]: fatal: Unable to negotiate with 172.236.228.111 port 61612: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  5 17:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for root from 218.92.0.179 port 37615 ssh2
May  5 17:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20219]: pam_unix(cron:session): session closed for user root
May  5 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for root from 218.92.0.179 port 37615 ssh2
May  5 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Failed password for root from 218.92.0.179 port 37615 ssh2
May  5 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Received disconnect from 218.92.0.179 port 37615:11:  [preauth]
May  5 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: Disconnected from 218.92.0.179 port 37615 [preauth]
May  5 17:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21422]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session closed for user p13x
May  5 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21584]: Successful su for rubyman by root
May  5 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21584]: + ??? root:rubyman
May  5 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335125 of user rubyman.
May  5 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21584]: pam_unix(su:session): session closed for user rubyman
May  5 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335125.
May  5 17:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Invalid user meklis from 91.205.219.185
May  5 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: input_userauth_request: invalid user meklis [preauth]
May  5 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18889]: pam_unix(cron:session): session closed for user root
May  5 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session closed for user samftp
May  5 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Failed password for invalid user meklis from 91.205.219.185 port 42856 ssh2
May  5 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Received disconnect from 91.205.219.185 port 42856:11: Bye Bye [preauth]
May  5 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21678]: Disconnected from 91.205.219.185 port 42856 [preauth]
May  5 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20649]: pam_unix(cron:session): session closed for user root
May  5 17:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Received disconnect from 80.94.95.125 port 54153:11: Bye [preauth]
May  5 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Disconnected from 80.94.95.125 port 54153 [preauth]
May  5 17:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Invalid user tianyun from 46.244.96.25
May  5 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: input_userauth_request: invalid user tianyun [preauth]
May  5 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Failed password for invalid user tianyun from 46.244.96.25 port 50180 ssh2
May  5 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Connection closed by 46.244.96.25 port 50180 [preauth]
May  5 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22257]: pam_unix(cron:session): session closed for user p13x
May  5 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22337]: Successful su for rubyman by root
May  5 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22337]: + ??? root:rubyman
May  5 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335130 of user rubyman.
May  5 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22337]: pam_unix(su:session): session closed for user rubyman
May  5 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335130.
May  5 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session closed for user root
May  5 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user samftp
May  5 17:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21072]: pam_unix(cron:session): session closed for user root
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22722]: pam_unix(cron:session): session closed for user root
May  5 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22717]: pam_unix(cron:session): session closed for user p13x
May  5 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22795]: Successful su for rubyman by root
May  5 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22795]: + ??? root:rubyman
May  5 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335133 of user rubyman.
May  5 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22795]: pam_unix(su:session): session closed for user rubyman
May  5 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335133.
May  5 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22719]: pam_unix(cron:session): session closed for user root
May  5 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user root
May  5 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22718]: pam_unix(cron:session): session closed for user samftp
May  5 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session closed for user root
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23211]: pam_unix(cron:session): session closed for user p13x
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: Successful su for rubyman by root
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: + ??? root:rubyman
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335140 of user rubyman.
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23279]: pam_unix(su:session): session closed for user rubyman
May  5 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335140.
May  5 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20218]: pam_unix(cron:session): session closed for user root
May  5 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23212]: pam_unix(cron:session): session closed for user samftp
May  5 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23706]: pam_unix(cron:session): session closed for user root
May  5 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23708]: pam_unix(cron:session): session closed for user p13x
May  5 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: Successful su for rubyman by root
May  5 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: + ??? root:rubyman
May  5 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335145 of user rubyman.
May  5 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: pam_unix(su:session): session closed for user rubyman
May  5 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335145.
May  5 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20648]: pam_unix(cron:session): session closed for user root
May  5 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23709]: pam_unix(cron:session): session closed for user samftp
May  5 17:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185  user=root
May  5 17:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Failed password for root from 91.205.219.185 port 52926 ssh2
May  5 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Received disconnect from 91.205.219.185 port 52926:11: Bye Bye [preauth]
May  5 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Disconnected from 91.205.219.185 port 52926 [preauth]
May  5 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22721]: pam_unix(cron:session): session closed for user root
May  5 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24251]: pam_unix(cron:session): session closed for user p13x
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: Successful su for rubyman by root
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: + ??? root:rubyman
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335149 of user rubyman.
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24323]: pam_unix(su:session): session closed for user rubyman
May  5 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335149.
May  5 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Failed password for root from 218.92.0.179 port 16277 ssh2
May  5 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21071]: pam_unix(cron:session): session closed for user root
May  5 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Failed password for root from 218.92.0.179 port 16277 ssh2
May  5 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24252]: pam_unix(cron:session): session closed for user samftp
May  5 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Failed password for root from 218.92.0.179 port 16277 ssh2
May  5 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Received disconnect from 218.92.0.179 port 16277:11:  [preauth]
May  5 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Disconnected from 218.92.0.179 port 16277 [preauth]
May  5 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session closed for user root
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24686]: pam_unix(cron:session): session closed for user p13x
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24749]: Successful su for rubyman by root
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24749]: + ??? root:rubyman
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335153 of user rubyman.
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24749]: pam_unix(su:session): session closed for user rubyman
May  5 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335153.
May  5 17:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  5 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Failed password for root from 186.96.145.241 port 54622 ssh2
May  5 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session closed for user root
May  5 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Connection closed by 186.96.145.241 port 54622 [preauth]
May  5 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24687]: pam_unix(cron:session): session closed for user samftp
May  5 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23711]: pam_unix(cron:session): session closed for user root
May  5 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Invalid user bmuuser from 50.235.31.47
May  5 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: input_userauth_request: invalid user bmuuser [preauth]
May  5 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 17:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Failed password for invalid user bmuuser from 50.235.31.47 port 52072 ssh2
May  5 17:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25047]: Connection closed by 50.235.31.47 port 52072 [preauth]
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25108]: pam_unix(cron:session): session closed for user root
May  5 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25103]: pam_unix(cron:session): session closed for user p13x
May  5 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: Successful su for rubyman by root
May  5 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: + ??? root:rubyman
May  5 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335158 of user rubyman.
May  5 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25177]: pam_unix(su:session): session closed for user rubyman
May  5 17:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335158.
May  5 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session closed for user root
May  5 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user root
May  5 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session closed for user samftp
May  5 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24255]: pam_unix(cron:session): session closed for user root
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25549]: pam_unix(cron:session): session closed for user p13x
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: Successful su for rubyman by root
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: + ??? root:rubyman
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335162 of user rubyman.
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25619]: pam_unix(su:session): session closed for user rubyman
May  5 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335162.
May  5 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22720]: pam_unix(cron:session): session closed for user root
May  5 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25550]: pam_unix(cron:session): session closed for user samftp
May  5 17:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24690]: pam_unix(cron:session): session closed for user root
May  5 17:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Invalid user hsj from 91.205.219.185
May  5 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: input_userauth_request: invalid user hsj [preauth]
May  5 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Failed password for invalid user hsj from 91.205.219.185 port 60310 ssh2
May  5 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Received disconnect from 91.205.219.185 port 60310:11: Bye Bye [preauth]
May  5 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Disconnected from 91.205.219.185 port 60310 [preauth]
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session closed for user p13x
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: Successful su for rubyman by root
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: + ??? root:rubyman
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335166 of user rubyman.
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26013]: pam_unix(su:session): session closed for user rubyman
May  5 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335166.
May  5 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23213]: pam_unix(cron:session): session closed for user root
May  5 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session closed for user samftp
May  5 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25107]: pam_unix(cron:session): session closed for user root
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session closed for user p13x
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: Successful su for rubyman by root
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: + ??? root:rubyman
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335170 of user rubyman.
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26411]: pam_unix(su:session): session closed for user rubyman
May  5 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335170.
May  5 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23710]: pam_unix(cron:session): session closed for user root
May  5 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session closed for user samftp
May  5 17:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session closed for user root
May  5 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Failed password for root from 218.92.0.179 port 48228 ssh2
May  5 17:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Failed password for root from 218.92.0.179 port 48228 ssh2
May  5 17:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Failed password for root from 218.92.0.179 port 48228 ssh2
May  5 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Received disconnect from 218.92.0.179 port 48228:11:  [preauth]
May  5 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: Disconnected from 218.92.0.179 port 48228 [preauth]
May  5 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26776]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Invalid user ? from 195.178.110.50
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: input_userauth_request: invalid user ? [preauth]
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26834]: pam_unix(cron:session): session closed for user p13x
May  5 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26899]: Successful su for rubyman by root
May  5 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26899]: + ??? root:rubyman
May  5 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335174 of user rubyman.
May  5 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26899]: pam_unix(su:session): session closed for user rubyman
May  5 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335174.
May  5 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Failed password for invalid user ? from 195.178.110.50 port 26550 ssh2
May  5 17:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24254]: pam_unix(cron:session): session closed for user root
May  5 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session closed for user samftp
May  5 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26803]: Connection closed by 195.178.110.50 port 26550 [preauth]
May  5 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Invalid user ~ from 195.178.110.50
May  5 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: input_userauth_request: invalid user ~ [preauth]
May  5 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 17:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Failed password for invalid user ~ from 195.178.110.50 port 18742 ssh2
May  5 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27141]: Connection closed by 195.178.110.50 port 18742 [preauth]
May  5 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: Invalid user hamid from 190.103.202.7
May  5 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: input_userauth_request: invalid user hamid [preauth]
May  5 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 17:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: Failed password for invalid user hamid from 190.103.202.7 port 35498 ssh2
May  5 17:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27209]: Connection closed by 190.103.202.7 port 35498 [preauth]
May  5 17:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session closed for user root
May  5 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Invalid user _ from 195.178.110.50
May  5 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: input_userauth_request: invalid user _ [preauth]
May  5 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Failed password for invalid user _ from 195.178.110.50 port 14772 ssh2
May  5 17:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27198]: Connection closed by 195.178.110.50 port 14772 [preauth]
May  5 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Did not receive identification string from 218.92.0.215
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Invalid user @ from 195.178.110.50
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: input_userauth_request: invalid user @ [preauth]
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27318]: pam_unix(cron:session): session closed for user root
May  5 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27312]: pam_unix(cron:session): session closed for user p13x
May  5 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: Successful su for rubyman by root
May  5 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: + ??? root:rubyman
May  5 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335180 of user rubyman.
May  5 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27406]: pam_unix(su:session): session closed for user rubyman
May  5 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335180.
May  5 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Failed password for invalid user @ from 195.178.110.50 port 33046 ssh2
May  5 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27314]: pam_unix(cron:session): session closed for user root
May  5 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24688]: pam_unix(cron:session): session closed for user root
May  5 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27313]: pam_unix(cron:session): session closed for user samftp
May  5 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Connection closed by 195.178.110.50 port 33046 [preauth]
May  5 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Invalid user ! from 195.178.110.50
May  5 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: input_userauth_request: invalid user ! [preauth]
May  5 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 17:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 17:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Failed password for invalid user ! from 195.178.110.50 port 14664 ssh2
May  5 17:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 176.31.162.135 port 38206 ssh2
May  5 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Connection closed by 176.31.162.135 port 38206 [preauth]
May  5 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27645]: Connection closed by 195.178.110.50 port 14664 [preauth]
May  5 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26345]: pam_unix(cron:session): session closed for user root
May  5 17:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: Invalid user tom from 91.205.219.185
May  5 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: input_userauth_request: invalid user tom [preauth]
May  5 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: Failed password for invalid user tom from 91.205.219.185 port 49262 ssh2
May  5 17:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: Received disconnect from 91.205.219.185 port 49262:11: Bye Bye [preauth]
May  5 17:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: Disconnected from 91.205.219.185 port 49262 [preauth]
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session closed for user p13x
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27871]: Successful su for rubyman by root
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27871]: + ??? root:rubyman
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335185 of user rubyman.
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27871]: pam_unix(su:session): session closed for user rubyman
May  5 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335185.
May  5 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25106]: pam_unix(cron:session): session closed for user root
May  5 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session closed for user samftp
May  5 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26837]: pam_unix(cron:session): session closed for user root
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session closed for user p13x
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: Successful su for rubyman by root
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: + ??? root:rubyman
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335188 of user rubyman.
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: pam_unix(su:session): session closed for user rubyman
May  5 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335188.
May  5 17:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25551]: pam_unix(cron:session): session closed for user root
May  5 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:118.194.234.14
May  5 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session closed for user samftp
May  5 17:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Invalid user wzy from 117.33.249.211
May  5 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: input_userauth_request: invalid user wzy [preauth]
May  5 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.33.249.211
May  5 17:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Failed password for invalid user wzy from 117.33.249.211 port 60884 ssh2
May  5 17:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Received disconnect from 117.33.249.211 port 60884:11: Bye Bye [preauth]
May  5 17:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28538]: Disconnected from 117.33.249.211 port 60884 [preauth]
May  5 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27316]: pam_unix(cron:session): session closed for user root
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28634]: pam_unix(cron:session): session closed for user p13x
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: Successful su for rubyman by root
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: + ??? root:rubyman
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335194 of user rubyman.
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28695]: pam_unix(su:session): session closed for user rubyman
May  5 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335194.
May  5 17:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session closed for user root
May  5 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28635]: pam_unix(cron:session): session closed for user samftp
May  5 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session closed for user root
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29117]: pam_unix(cron:session): session closed for user p13x
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29195]: Successful su for rubyman by root
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29195]: + ??? root:rubyman
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335198 of user rubyman.
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29195]: pam_unix(su:session): session closed for user rubyman
May  5 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335198.
May  5 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session closed for user root
May  5 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29118]: pam_unix(cron:session): session closed for user samftp
May  5 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session closed for user root
May  5 17:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: Invalid user ubuntu from 91.205.219.185
May  5 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: input_userauth_request: invalid user ubuntu [preauth]
May  5 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: Failed password for invalid user ubuntu from 91.205.219.185 port 45564 ssh2
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: Received disconnect from 91.205.219.185 port 45564:11: Bye Bye [preauth]
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29537]: Disconnected from 91.205.219.185 port 45564 [preauth]
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29555]: pam_unix(cron:session): session closed for user root
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session closed for user p13x
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29620]: Successful su for rubyman by root
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29620]: + ??? root:rubyman
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335204 of user rubyman.
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29620]: pam_unix(su:session): session closed for user rubyman
May  5 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335204.
May  5 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29550]: pam_unix(cron:session): session closed for user root
May  5 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Invalid user admin from 80.94.95.112
May  5 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: input_userauth_request: invalid user admin [preauth]
May  5 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26836]: pam_unix(cron:session): session closed for user root
May  5 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29549]: pam_unix(cron:session): session closed for user samftp
May  5 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for invalid user admin from 80.94.95.112 port 45432 ssh2
May  5 17:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for invalid user admin from 80.94.95.112 port 45432 ssh2
May  5 17:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for invalid user admin from 80.94.95.112 port 45432 ssh2
May  5 17:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for invalid user admin from 80.94.95.112 port 45432 ssh2
May  5 17:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for invalid user admin from 80.94.95.112 port 45432 ssh2
May  5 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Received disconnect from 80.94.95.112 port 45432:11: Bye [preauth]
May  5 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Disconnected from 80.94.95.112 port 45432 [preauth]
May  5 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 17:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28637]: pam_unix(cron:session): session closed for user root
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session closed for user p13x
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30055]: Successful su for rubyman by root
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30055]: + ??? root:rubyman
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335208 of user rubyman.
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30055]: pam_unix(su:session): session closed for user rubyman
May  5 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335208.
May  5 17:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27315]: pam_unix(cron:session): session closed for user root
May  5 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session closed for user samftp
May  5 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29121]: pam_unix(cron:session): session closed for user root
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30389]: pam_unix(cron:session): session closed for user p13x
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30451]: Successful su for rubyman by root
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30451]: + ??? root:rubyman
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335210 of user rubyman.
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30451]: pam_unix(su:session): session closed for user rubyman
May  5 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335210.
May  5 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27800]: pam_unix(cron:session): session closed for user root
May  5 17:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30390]: pam_unix(cron:session): session closed for user samftp
May  5 17:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29554]: pam_unix(cron:session): session closed for user root
May  5 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30784]: pam_unix(cron:session): session closed for user p13x
May  5 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30845]: Successful su for rubyman by root
May  5 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30845]: + ??? root:rubyman
May  5 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335214 of user rubyman.
May  5 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30845]: pam_unix(su:session): session closed for user rubyman
May  5 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335214.
May  5 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user root
May  5 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30785]: pam_unix(cron:session): session closed for user samftp
May  5 17:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29991]: pam_unix(cron:session): session closed for user root
May  5 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31185]: pam_unix(cron:session): session closed for user p13x
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31243]: Successful su for rubyman by root
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31243]: + ??? root:rubyman
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335218 of user rubyman.
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31243]: pam_unix(su:session): session closed for user rubyman
May  5 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335218.
May  5 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session closed for user root
May  5 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31186]: pam_unix(cron:session): session closed for user samftp
May  5 17:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185  user=root
May  5 17:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Failed password for root from 91.205.219.185 port 41352 ssh2
May  5 17:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Received disconnect from 91.205.219.185 port 41352:11: Bye Bye [preauth]
May  5 17:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Disconnected from 91.205.219.185 port 41352 [preauth]
May  5 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user root
May  5 17:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Invalid user ubnt from 80.94.95.241
May  5 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: input_userauth_request: invalid user ubnt [preauth]
May  5 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 17:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Failed password for invalid user ubnt from 80.94.95.241 port 49112 ssh2
May  5 17:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session closed for user root
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session closed for user p13x
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31669]: Successful su for rubyman by root
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31669]: + ??? root:rubyman
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335223 of user rubyman.
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31669]: pam_unix(su:session): session closed for user rubyman
May  5 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335223.
May  5 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Failed password for invalid user ubnt from 80.94.95.241 port 49112 ssh2
May  5 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session closed for user root
May  5 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29119]: pam_unix(cron:session): session closed for user root
May  5 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Failed password for invalid user ubnt from 80.94.95.241 port 49112 ssh2
May  5 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31590]: pam_unix(cron:session): session closed for user samftp
May  5 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Failed password for invalid user ubnt from 80.94.95.241 port 49112 ssh2
May  5 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Failed password for invalid user ubnt from 80.94.95.241 port 49112 ssh2
May  5 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Received disconnect from 80.94.95.241 port 49112:11: Bye [preauth]
May  5 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: Disconnected from 80.94.95.241 port 49112 [preauth]
May  5 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 17:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31586]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 17:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session closed for user root
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32057]: pam_unix(cron:session): session closed for user p13x
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32123]: Successful su for rubyman by root
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32123]: + ??? root:rubyman
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335229 of user rubyman.
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32123]: pam_unix(su:session): session closed for user rubyman
May  5 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335229.
May  5 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29553]: pam_unix(cron:session): session closed for user root
May  5 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session closed for user samftp
May  5 17:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31916]: Connection closed by 130.195.9.155 port 42940 [preauth]
May  5 17:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user root
May  5 17:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32364]: Connection closed by 130.195.9.155 port 47986 [preauth]
May  5 17:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32435]: Connection closed by 130.195.9.155 port 43272 [preauth]
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32460]: pam_unix(cron:session): session closed for user p13x
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32523]: Successful su for rubyman by root
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32523]: + ??? root:rubyman
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335233 of user rubyman.
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32523]: pam_unix(su:session): session closed for user rubyman
May  5 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335233.
May  5 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session closed for user root
May  5 17:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32461]: pam_unix(cron:session): session closed for user samftp
May  5 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[362]: Connection closed by 130.195.9.155 port 37712 [preauth]
May  5 17:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session closed for user root
May  5 17:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[451]: Connection closed by 130.195.9.155 port 53258 [preauth]
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session closed for user p13x
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[596]: Successful su for rubyman by root
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[596]: + ??? root:rubyman
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335236 of user rubyman.
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[596]: pam_unix(su:session): session closed for user rubyman
May  5 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335236.
May  5 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session closed for user root
May  5 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session closed for user samftp
May  5 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session closed for user root
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session closed for user p13x
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1084]: Successful su for rubyman by root
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1084]: + ??? root:rubyman
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335241 of user rubyman.
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1084]: pam_unix(su:session): session closed for user rubyman
May  5 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335241.
May  5 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[972]: pam_unix(cron:session): session closed for user root
May  5 17:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30786]: pam_unix(cron:session): session closed for user root
May  5 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Invalid user informix from 91.205.219.185
May  5 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: input_userauth_request: invalid user informix [preauth]
May  5 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session closed for user samftp
May  5 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Failed password for invalid user informix from 91.205.219.185 port 50318 ssh2
May  5 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Received disconnect from 91.205.219.185 port 50318:11: Bye Bye [preauth]
May  5 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1274]: Disconnected from 91.205.219.185 port 50318 [preauth]
May  5 17:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1326]: Did not receive identification string from 130.195.9.155
May  5 17:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32463]: pam_unix(cron:session): session closed for user root
May  5 17:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Invalid user admin from 139.19.117.131
May  5 17:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: input_userauth_request: invalid user admin [preauth]
May  5 17:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1501]: Connection closed by 139.19.117.131 port 49146 [preauth]
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1535]: pam_unix(cron:session): session closed for user root
May  5 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1529]: pam_unix(cron:session): session closed for user p13x
May  5 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: Successful su for rubyman by root
May  5 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: + ??? root:rubyman
May  5 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335246 of user rubyman.
May  5 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1604]: pam_unix(su:session): session closed for user rubyman
May  5 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335246.
May  5 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1532]: pam_unix(cron:session): session closed for user root
May  5 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user root
May  5 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1530]: pam_unix(cron:session): session closed for user samftp
May  5 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[534]: pam_unix(cron:session): session closed for user root
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session closed for user p13x
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: Successful su for rubyman by root
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: + ??? root:rubyman
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335251 of user rubyman.
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: pam_unix(su:session): session closed for user rubyman
May  5 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335251.
May  5 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31592]: pam_unix(cron:session): session closed for user root
May  5 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2074]: pam_unix(cron:session): session closed for user samftp
May  5 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[977]: pam_unix(cron:session): session closed for user root
May  5 17:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Failed password for root from 218.92.0.179 port 61487 ssh2
May  5 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61487 ssh2]
May  5 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Received disconnect from 218.92.0.179 port 61487:11:  [preauth]
May  5 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: Disconnected from 218.92.0.179 port 61487 [preauth]
May  5 17:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2451]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session closed for user p13x
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: Successful su for rubyman by root
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: + ??? root:rubyman
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335255 of user rubyman.
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: pam_unix(su:session): session closed for user rubyman
May  5 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335255.
May  5 17:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session closed for user root
May  5 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user samftp
May  5 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1534]: pam_unix(cron:session): session closed for user root
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user p13x
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: Successful su for rubyman by root
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: + ??? root:rubyman
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335259 of user rubyman.
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: pam_unix(su:session): session closed for user rubyman
May  5 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335259.
May  5 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32462]: pam_unix(cron:session): session closed for user root
May  5 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user samftp
May  5 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2076]: pam_unix(cron:session): session closed for user root
May  5 17:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Invalid user dongsheng from 91.205.219.185
May  5 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: input_userauth_request: invalid user dongsheng [preauth]
May  5 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Failed password for invalid user dongsheng from 91.205.219.185 port 39904 ssh2
May  5 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Received disconnect from 91.205.219.185 port 39904:11: Bye Bye [preauth]
May  5 17:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Disconnected from 91.205.219.185 port 39904 [preauth]
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session closed for user p13x
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: Successful su for rubyman by root
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: + ??? root:rubyman
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335263 of user rubyman.
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3415]: pam_unix(su:session): session closed for user rubyman
May  5 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335263.
May  5 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[533]: pam_unix(cron:session): session closed for user root
May  5 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3342]: pam_unix(cron:session): session closed for user samftp
May  5 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user root
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session closed for user root
May  5 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3786]: pam_unix(cron:session): session closed for user p13x
May  5 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: Successful su for rubyman by root
May  5 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: + ??? root:rubyman
May  5 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335269 of user rubyman.
May  5 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3853]: pam_unix(su:session): session closed for user rubyman
May  5 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335269.
May  5 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session closed for user root
May  5 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session closed for user root
May  5 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3787]: pam_unix(cron:session): session closed for user samftp
May  5 17:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session closed for user root
May  5 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user p13x
May  5 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: Successful su for rubyman by root
May  5 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: + ??? root:rubyman
May  5 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335273 of user rubyman.
May  5 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4463]: pam_unix(su:session): session closed for user rubyman
May  5 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335273.
May  5 17:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1533]: pam_unix(cron:session): session closed for user root
May  5 17:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user samftp
May  5 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session closed for user root
May  5 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user p13x
May  5 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4898]: Successful su for rubyman by root
May  5 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4898]: + ??? root:rubyman
May  5 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335277 of user rubyman.
May  5 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4898]: pam_unix(su:session): session closed for user rubyman
May  5 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335277.
May  5 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2075]: pam_unix(cron:session): session closed for user root
May  5 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user samftp
May  5 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session closed for user root
May  5 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5434]: pam_unix(cron:session): session closed for user p13x
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: Successful su for rubyman by root
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: + ??? root:rubyman
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335282 of user rubyman.
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: pam_unix(su:session): session closed for user rubyman
May  5 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335282.
May  5 17:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user root
May  5 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5435]: pam_unix(cron:session): session closed for user samftp
May  5 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5762]: Did not receive identification string from 76.14.125.110
May  5 17:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Failed password for root from 85.18.236.229 port 49226 ssh2
May  5 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Received disconnect from 85.18.236.229 port 49226:11: Bye Bye [preauth]
May  5 17:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5772]: Disconnected from 85.18.236.229 port 49226 [preauth]
May  5 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
May  5 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-NmapNSE_1.0
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5915]: fatal: Unable to negotiate with 76.14.125.110 port 59681: no matching host key type found. Their offer: ssh-dss [preauth]
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Connection closed by 76.14.125.110 port 59686 [preauth]
May  5 17:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5928]: Connection closed by 76.14.125.110 port 59692 [preauth]
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5930]: fatal: Unable to negotiate with 76.14.125.110 port 59696: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: fatal: Unable to negotiate with 76.14.125.110 port 59700: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: fatal: Unable to negotiate with 76.14.125.110 port 59702: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  5 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session closed for user root
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6066]: pam_unix(cron:session): session closed for user p13x
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6139]: Successful su for rubyman by root
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6139]: + ??? root:rubyman
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335287 of user rubyman.
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6139]: pam_unix(su:session): session closed for user rubyman
May  5 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335287.
May  5 17:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session closed for user root
May  5 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6067]: pam_unix(cron:session): session closed for user samftp
May  5 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session closed for user root
May  5 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6478]: pam_unix(cron:session): session closed for user p13x
May  5 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: Successful su for rubyman by root
May  5 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: + ??? root:rubyman
May  5 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335292 of user rubyman.
May  5 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6543]: pam_unix(su:session): session closed for user rubyman
May  5 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335292.
May  5 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6480]: pam_unix(cron:session): session closed for user root
May  5 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user root
May  5 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6479]: pam_unix(cron:session): session closed for user samftp
May  5 17:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session closed for user root
May  5 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7003]: pam_unix(cron:session): session closed for user p13x
May  5 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: Successful su for rubyman by root
May  5 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: + ??? root:rubyman
May  5 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335296 of user rubyman.
May  5 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: pam_unix(su:session): session closed for user rubyman
May  5 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335296.
May  5 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session closed for user root
May  5 17:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7004]: pam_unix(cron:session): session closed for user samftp
May  5 17:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Failed password for root from 218.92.0.179 port 52048 ssh2
May  5 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52048 ssh2]
May  5 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Received disconnect from 218.92.0.179 port 52048:11:  [preauth]
May  5 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: Disconnected from 218.92.0.179 port 52048 [preauth]
May  5 17:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7310]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6069]: pam_unix(cron:session): session closed for user root
May  5 17:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 17:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: Failed password for root from 164.68.105.9 port 59190 ssh2
May  5 17:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7396]: Connection closed by 164.68.105.9 port 59190 [preauth]
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7423]: pam_unix(cron:session): session closed for user p13x
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: Successful su for rubyman by root
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: + ??? root:rubyman
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335300 of user rubyman.
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7491]: pam_unix(su:session): session closed for user rubyman
May  5 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335300.
May  5 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
May  5 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7424]: pam_unix(cron:session): session closed for user samftp
May  5 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6482]: pam_unix(cron:session): session closed for user root
May  5 17:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7956]: pam_unix(cron:session): session closed for user p13x
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8020]: Successful su for rubyman by root
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8020]: + ??? root:rubyman
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8020]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335303 of user rubyman.
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8020]: pam_unix(su:session): session closed for user rubyman
May  5 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335303.
May  5 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user root
May  5 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7957]: pam_unix(cron:session): session closed for user samftp
May  5 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7006]: pam_unix(cron:session): session closed for user root
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8377]: pam_unix(cron:session): session closed for user p13x
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8443]: Successful su for rubyman by root
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8443]: + ??? root:rubyman
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335308 of user rubyman.
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8443]: pam_unix(su:session): session closed for user rubyman
May  5 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335308.
May  5 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session closed for user root
May  5 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8378]: pam_unix(cron:session): session closed for user samftp
May  5 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7426]: pam_unix(cron:session): session closed for user root
May  5 17:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8793]: Failed password for root from 85.18.236.229 port 36266 ssh2
May  5 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8793]: Received disconnect from 85.18.236.229 port 36266:11: Bye Bye [preauth]
May  5 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8793]: Disconnected from 85.18.236.229 port 36266 [preauth]
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session closed for user root
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8804]: pam_unix(cron:session): session closed for user p13x
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: Successful su for rubyman by root
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: + ??? root:rubyman
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335312 of user rubyman.
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8877]: pam_unix(su:session): session closed for user rubyman
May  5 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335312.
May  5 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8806]: pam_unix(cron:session): session closed for user root
May  5 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6068]: pam_unix(cron:session): session closed for user root
May  5 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8805]: pam_unix(cron:session): session closed for user samftp
May  5 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Failed password for root from 218.92.0.179 port 63468 ssh2
May  5 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7959]: pam_unix(cron:session): session closed for user root
May  5 17:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Failed password for root from 218.92.0.179 port 63468 ssh2
May  5 17:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9242]: Failed password for root from 218.92.0.179 port 63468 ssh2
May  5 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9373]: pam_unix(cron:session): session closed for user p13x
May  5 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9441]: Successful su for rubyman by root
May  5 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9441]: + ??? root:rubyman
May  5 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335318 of user rubyman.
May  5 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9441]: pam_unix(su:session): session closed for user rubyman
May  5 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335318.
May  5 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6481]: pam_unix(cron:session): session closed for user root
May  5 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9374]: pam_unix(cron:session): session closed for user samftp
May  5 17:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8380]: pam_unix(cron:session): session closed for user root
May  5 17:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9778]: pam_unix(cron:session): session closed for user p13x
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9839]: Successful su for rubyman by root
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9839]: + ??? root:rubyman
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335321 of user rubyman.
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9839]: pam_unix(su:session): session closed for user rubyman
May  5 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335321.
May  5 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7005]: pam_unix(cron:session): session closed for user root
May  5 17:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9779]: pam_unix(cron:session): session closed for user samftp
May  5 17:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session closed for user root
May  5 17:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10170]: pam_unix(cron:session): session closed for user p13x
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: Successful su for rubyman by root
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: + ??? root:rubyman
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335328 of user rubyman.
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10317]: pam_unix(su:session): session closed for user rubyman
May  5 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335328.
May  5 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7425]: pam_unix(cron:session): session closed for user root
May  5 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10171]: pam_unix(cron:session): session closed for user samftp
May  5 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9376]: pam_unix(cron:session): session closed for user root
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user p13x
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10807]: Successful su for rubyman by root
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10807]: + ??? root:rubyman
May  5 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335330 of user rubyman.
May  5 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10807]: pam_unix(su:session): session closed for user rubyman
May  5 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335330.
May  5 17:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7958]: pam_unix(cron:session): session closed for user root
May  5 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session closed for user samftp
May  5 17:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Invalid user yusuf from 85.18.236.229
May  5 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: input_userauth_request: invalid user yusuf [preauth]
May  5 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: pam_unix(sshd:auth): check pass; user unknown
May  5 17:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 17:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9781]: pam_unix(cron:session): session closed for user root
May  5 17:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Failed password for invalid user yusuf from 85.18.236.229 port 44340 ssh2
May  5 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Received disconnect from 85.18.236.229 port 44340:11: Bye Bye [preauth]
May  5 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11043]: Disconnected from 85.18.236.229 port 44340 [preauth]
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11141]: pam_unix(cron:session): session closed for user root
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session closed for user root
May  5 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session closed for user p13x
May  5 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: Successful su for rubyman by root
May  5 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: + ??? root:rubyman
May  5 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335339 of user rubyman.
May  5 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session closed for user rubyman
May  5 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335339.
May  5 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11137]: pam_unix(cron:session): session closed for user root
May  5 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8379]: pam_unix(cron:session): session closed for user root
May  5 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11135]: pam_unix(cron:session): session closed for user samftp
May  5 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10173]: pam_unix(cron:session): session closed for user root
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session closed for user p13x
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11691]: Successful su for rubyman by root
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11691]: + ??? root:rubyman
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335342 of user rubyman.
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11691]: pam_unix(su:session): session closed for user rubyman
May  5 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335342.
May  5 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session closed for user root
May  5 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session closed for user samftp
May  5 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session closed for user root
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user p13x
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: Successful su for rubyman by root
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: + ??? root:rubyman
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335345 of user rubyman.
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12082]: pam_unix(su:session): session closed for user rubyman
May  5 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335345.
May  5 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9375]: pam_unix(cron:session): session closed for user root
May  5 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user samftp
May  5 18:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Invalid user zzx from 91.205.219.185
May  5 18:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: input_userauth_request: invalid user zzx [preauth]
May  5 18:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Failed password for invalid user zzx from 91.205.219.185 port 53372 ssh2
May  5 18:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Received disconnect from 91.205.219.185 port 53372:11: Bye Bye [preauth]
May  5 18:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Disconnected from 91.205.219.185 port 53372 [preauth]
May  5 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11140]: pam_unix(cron:session): session closed for user root
May  5 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session closed for user p13x
May  5 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: Successful su for rubyman by root
May  5 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: + ??? root:rubyman
May  5 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335348 of user rubyman.
May  5 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12485]: pam_unix(su:session): session closed for user rubyman
May  5 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335348.
May  5 18:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9780]: pam_unix(cron:session): session closed for user root
May  5 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session closed for user samftp
May  5 18:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11630]: pam_unix(cron:session): session closed for user root
May  5 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session closed for user p13x
May  5 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: Successful su for rubyman by root
May  5 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: + ??? root:rubyman
May  5 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335352 of user rubyman.
May  5 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session closed for user rubyman
May  5 18:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335352.
May  5 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10172]: pam_unix(cron:session): session closed for user root
May  5 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session closed for user samftp
May  5 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Failed password for root from 85.18.236.229 port 52414 ssh2
May  5 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Received disconnect from 85.18.236.229 port 52414:11: Bye Bye [preauth]
May  5 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13063]: Disconnected from 85.18.236.229 port 52414 [preauth]
May  5 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user root
May  5 18:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user root
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user p13x
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: Successful su for rubyman by root
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: + ??? root:rubyman
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335358 of user rubyman.
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: pam_unix(su:session): session closed for user rubyman
May  5 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335358.
May  5 18:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user root
May  5 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session closed for user root
May  5 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user samftp
May  5 18:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13189]: Connection closed by 130.195.9.155 port 58986 [preauth]
May  5 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session closed for user root
May  5 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user p13x
May  5 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: Successful su for rubyman by root
May  5 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: + ??? root:rubyman
May  5 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335362 of user rubyman.
May  5 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: pam_unix(su:session): session closed for user rubyman
May  5 18:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335362.
May  5 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11139]: pam_unix(cron:session): session closed for user root
May  5 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session closed for user samftp
May  5 18:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Invalid user admin from 80.94.95.112
May  5 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: input_userauth_request: invalid user admin [preauth]
May  5 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 18:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Failed password for invalid user admin from 80.94.95.112 port 39543 ssh2
May  5 18:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Failed password for invalid user admin from 80.94.95.112 port 39543 ssh2
May  5 18:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Failed password for invalid user admin from 80.94.95.112 port 39543 ssh2
May  5 18:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Invalid user ubnt from 80.94.95.241
May  5 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: input_userauth_request: invalid user ubnt [preauth]
May  5 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session closed for user root
May  5 18:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Failed password for invalid user admin from 80.94.95.112 port 39543 ssh2
May  5 18:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Failed password for invalid user ubnt from 80.94.95.241 port 16151 ssh2
May  5 18:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Failed password for invalid user admin from 80.94.95.112 port 39543 ssh2
May  5 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Received disconnect from 80.94.95.112 port 39543:11: Bye [preauth]
May  5 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: Disconnected from 80.94.95.112 port 39543 [preauth]
May  5 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14060]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 18:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Failed password for invalid user ubnt from 80.94.95.241 port 16151 ssh2
May  5 18:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Failed password for invalid user ubnt from 80.94.95.241 port 16151 ssh2
May  5 18:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Failed password for invalid user ubnt from 80.94.95.241 port 16151 ssh2
May  5 18:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Failed password for invalid user ubnt from 80.94.95.241 port 16151 ssh2
May  5 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Received disconnect from 80.94.95.241 port 16151:11: Bye [preauth]
May  5 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: Disconnected from 80.94.95.241 port 16151 [preauth]
May  5 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 18:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14070]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user p13x
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14220]: Successful su for rubyman by root
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14220]: + ??? root:rubyman
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335366 of user rubyman.
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14220]: pam_unix(su:session): session closed for user rubyman
May  5 18:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335366.
May  5 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session closed for user root
May  5 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session closed for user samftp
May  5 18:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Invalid user wangdui from 91.205.219.185
May  5 18:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: input_userauth_request: invalid user wangdui [preauth]
May  5 18:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Failed password for invalid user wangdui from 91.205.219.185 port 34782 ssh2
May  5 18:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Received disconnect from 91.205.219.185 port 34782:11: Bye Bye [preauth]
May  5 18:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Disconnected from 91.205.219.185 port 34782 [preauth]
May  5 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user root
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14557]: pam_unix(cron:session): session closed for user p13x
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14625]: Successful su for rubyman by root
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14625]: + ??? root:rubyman
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335372 of user rubyman.
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14625]: pam_unix(su:session): session closed for user rubyman
May  5 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335372.
May  5 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session closed for user root
May  5 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14558]: pam_unix(cron:session): session closed for user samftp
May  5 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session closed for user root
May  5 18:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Invalid user ouyang from 85.18.236.229
May  5 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: input_userauth_request: invalid user ouyang [preauth]
May  5 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Failed password for invalid user ouyang from 85.18.236.229 port 60490 ssh2
May  5 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Received disconnect from 85.18.236.229 port 60490:11: Bye Bye [preauth]
May  5 18:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14947]: Disconnected from 85.18.236.229 port 60490 [preauth]
May  5 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14968]: pam_unix(cron:session): session closed for user p13x
May  5 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15080]: Successful su for rubyman by root
May  5 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15080]: + ??? root:rubyman
May  5 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335377 of user rubyman.
May  5 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15080]: pam_unix(su:session): session closed for user rubyman
May  5 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335377.
May  5 18:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14965]: pam_unix(cron:session): session closed for user root
May  5 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session closed for user root
May  5 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14969]: pam_unix(cron:session): session closed for user samftp
May  5 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session closed for user root
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session closed for user root
May  5 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15450]: pam_unix(cron:session): session closed for user p13x
May  5 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: Successful su for rubyman by root
May  5 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: + ??? root:rubyman
May  5 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335383 of user rubyman.
May  5 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15520]: pam_unix(su:session): session closed for user rubyman
May  5 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335383.
May  5 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session closed for user root
May  5 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session closed for user root
May  5 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15451]: pam_unix(cron:session): session closed for user samftp
May  5 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14561]: pam_unix(cron:session): session closed for user root
May  5 18:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Failed password for root from 218.92.0.179 port 43057 ssh2
May  5 18:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 43057 ssh2]
May  5 18:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Received disconnect from 218.92.0.179 port 43057:11:  [preauth]
May  5 18:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Disconnected from 218.92.0.179 port 43057 [preauth]
May  5 18:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session closed for user p13x
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15946]: Successful su for rubyman by root
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15946]: + ??? root:rubyman
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335385 of user rubyman.
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15946]: pam_unix(su:session): session closed for user rubyman
May  5 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335385.
May  5 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session closed for user root
May  5 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session closed for user samftp
May  5 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14971]: pam_unix(cron:session): session closed for user root
May  5 18:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Invalid user yueli from 91.205.219.185
May  5 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: input_userauth_request: invalid user yueli [preauth]
May  5 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Failed password for invalid user yueli from 91.205.219.185 port 58078 ssh2
May  5 18:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Received disconnect from 91.205.219.185 port 58078:11: Bye Bye [preauth]
May  5 18:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16224]: Disconnected from 91.205.219.185 port 58078 [preauth]
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16265]: pam_unix(cron:session): session closed for user p13x
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16322]: Successful su for rubyman by root
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16322]: + ??? root:rubyman
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335389 of user rubyman.
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16322]: pam_unix(su:session): session closed for user rubyman
May  5 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335389.
May  5 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session closed for user root
May  5 18:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session closed for user samftp
May  5 18:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session closed for user root
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16716]: pam_unix(cron:session): session closed for user p13x
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: Successful su for rubyman by root
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: + ??? root:rubyman
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335393 of user rubyman.
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16781]: pam_unix(su:session): session closed for user rubyman
May  5 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335393.
May  5 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session closed for user root
May  5 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16718]: pam_unix(cron:session): session closed for user samftp
May  5 18:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Invalid user omar from 85.18.236.229
May  5 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: input_userauth_request: invalid user omar [preauth]
May  5 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Failed password for invalid user omar from 85.18.236.229 port 40316 ssh2
May  5 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Received disconnect from 85.18.236.229 port 40316:11: Bye Bye [preauth]
May  5 18:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Disconnected from 85.18.236.229 port 40316 [preauth]
May  5 18:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15878]: pam_unix(cron:session): session closed for user root
May  5 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17144]: pam_unix(cron:session): session closed for user p13x
May  5 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17202]: Successful su for rubyman by root
May  5 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17202]: + ??? root:rubyman
May  5 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335398 of user rubyman.
May  5 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17202]: pam_unix(su:session): session closed for user rubyman
May  5 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335398.
May  5 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14560]: pam_unix(cron:session): session closed for user root
May  5 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17145]: pam_unix(cron:session): session closed for user samftp
May  5 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16268]: pam_unix(cron:session): session closed for user root
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17556]: pam_unix(cron:session): session closed for user root
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17551]: pam_unix(cron:session): session closed for user p13x
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17620]: Successful su for rubyman by root
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17620]: + ??? root:rubyman
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335405 of user rubyman.
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17620]: pam_unix(su:session): session closed for user rubyman
May  5 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335405.
May  5 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17553]: pam_unix(cron:session): session closed for user root
May  5 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14970]: pam_unix(cron:session): session closed for user root
May  5 18:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17552]: pam_unix(cron:session): session closed for user samftp
May  5 18:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16720]: pam_unix(cron:session): session closed for user root
May  5 18:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Invalid user wallet from 91.205.219.185
May  5 18:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: input_userauth_request: invalid user wallet [preauth]
May  5 18:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Failed password for invalid user wallet from 91.205.219.185 port 58138 ssh2
May  5 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Received disconnect from 91.205.219.185 port 58138:11: Bye Bye [preauth]
May  5 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18105]: Disconnected from 91.205.219.185 port 58138 [preauth]
May  5 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18119]: pam_unix(cron:session): session closed for user p13x
May  5 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: Successful su for rubyman by root
May  5 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: + ??? root:rubyman
May  5 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335408 of user rubyman.
May  5 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18187]: pam_unix(su:session): session closed for user rubyman
May  5 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335408.
May  5 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session closed for user root
May  5 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18120]: pam_unix(cron:session): session closed for user samftp
May  5 18:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for root from 218.92.0.179 port 45516 ssh2
May  5 18:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45516 ssh2]
May  5 18:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Received disconnect from 218.92.0.179 port 45516:11:  [preauth]
May  5 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Disconnected from 218.92.0.179 port 45516 [preauth]
May  5 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17148]: pam_unix(cron:session): session closed for user root
May  5 18:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Invalid user ` from 195.178.110.50
May  5 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: input_userauth_request: invalid user ` [preauth]
May  5 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 18:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Failed password for invalid user ` from 195.178.110.50 port 49662 ssh2
May  5 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18477]: Connection closed by 195.178.110.50 port 49662 [preauth]
May  5 18:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18536]: pam_unix(cron:session): session closed for user root
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session closed for user p13x
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18601]: Successful su for rubyman by root
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18601]: + ??? root:rubyman
May  5 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335411 of user rubyman.
May  5 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18601]: pam_unix(su:session): session closed for user rubyman
May  5 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335411.
May  5 18:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session closed for user root
May  5 18:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session closed for user samftp
May  5 18:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: Invalid user A from 195.178.110.50
May  5 18:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: input_userauth_request: invalid user A [preauth]
May  5 18:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 18:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: Failed password for invalid user A from 195.178.110.50 port 53154 ssh2
May  5 18:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: Connection closed by 195.178.110.50 port 53154 [preauth]
May  5 18:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: Invalid user " from 195.178.110.50
May  5 18:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: input_userauth_request: invalid user " [preauth]
May  5 18:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 18:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: Failed password for invalid user " from 195.178.110.50 port 37408 ssh2
May  5 18:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18804]: Connection closed by 195.178.110.50 port 37408 [preauth]
May  5 18:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Failed password for root from 218.92.0.179 port 16296 ssh2
May  5 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17555]: pam_unix(cron:session): session closed for user root
May  5 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Failed password for root from 218.92.0.179 port 16296 ssh2
May  5 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Failed password for root from 218.92.0.179 port 16296 ssh2
May  5 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Received disconnect from 218.92.0.179 port 16296:11:  [preauth]
May  5 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Disconnected from 218.92.0.179 port 16296 [preauth]
May  5 18:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Invalid user user from 85.18.236.229
May  5 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: input_userauth_request: invalid user user [preauth]
May  5 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Failed password for invalid user user from 85.18.236.229 port 48376 ssh2
May  5 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Received disconnect from 85.18.236.229 port 48376:11: Bye Bye [preauth]
May  5 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Disconnected from 85.18.236.229 port 48376 [preauth]
May  5 18:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Invalid user a from 195.178.110.50
May  5 18:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: input_userauth_request: invalid user a [preauth]
May  5 18:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 18:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Failed password for invalid user a from 195.178.110.50 port 21422 ssh2
May  5 18:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Connection closed by 195.178.110.50 port 21422 [preauth]
May  5 18:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18954]: pam_unix(cron:session): session closed for user p13x
May  5 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19019]: Successful su for rubyman by root
May  5 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19019]: + ??? root:rubyman
May  5 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335416 of user rubyman.
May  5 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19019]: pam_unix(su:session): session closed for user rubyman
May  5 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335416.
May  5 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16267]: pam_unix(cron:session): session closed for user root
May  5 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session closed for user samftp
May  5 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Invalid user B from 195.178.110.50
May  5 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: input_userauth_request: invalid user B [preauth]
May  5 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 18:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for invalid user B from 195.178.110.50 port 16786 ssh2
May  5 18:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Connection closed by 195.178.110.50 port 16786 [preauth]
May  5 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18122]: pam_unix(cron:session): session closed for user root
May  5 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session closed for user p13x
May  5 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: Successful su for rubyman by root
May  5 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: + ??? root:rubyman
May  5 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335420 of user rubyman.
May  5 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19432]: pam_unix(su:session): session closed for user rubyman
May  5 18:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335420.
May  5 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16719]: pam_unix(cron:session): session closed for user root
May  5 18:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19372]: pam_unix(cron:session): session closed for user samftp
May  5 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18541]: pam_unix(cron:session): session closed for user root
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user root
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19782]: pam_unix(cron:session): session closed for user p13x
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19854]: Successful su for rubyman by root
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19854]: + ??? root:rubyman
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335426 of user rubyman.
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19854]: pam_unix(su:session): session closed for user rubyman
May  5 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335426.
May  5 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Invalid user lb from 91.205.219.185
May  5 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: input_userauth_request: invalid user lb [preauth]
May  5 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19784]: pam_unix(cron:session): session closed for user root
May  5 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Failed password for invalid user lb from 91.205.219.185 port 60966 ssh2
May  5 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17146]: pam_unix(cron:session): session closed for user root
May  5 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Received disconnect from 91.205.219.185 port 60966:11: Bye Bye [preauth]
May  5 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Disconnected from 91.205.219.185 port 60966 [preauth]
May  5 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19783]: pam_unix(cron:session): session closed for user samftp
May  5 18:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Invalid user ncadmin from 176.31.162.135
May  5 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: input_userauth_request: invalid user ncadmin [preauth]
May  5 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 18:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Failed password for invalid user ncadmin from 176.31.162.135 port 57968 ssh2
May  5 18:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Connection closed by 176.31.162.135 port 57968 [preauth]
May  5 18:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session closed for user root
May  5 18:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Invalid user postgres from 50.235.31.47
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: input_userauth_request: invalid user postgres [preauth]
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Invalid user teamcity from 46.244.96.25
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: input_userauth_request: invalid user teamcity [preauth]
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Failed password for invalid user postgres from 50.235.31.47 port 56044 ssh2
May  5 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Failed password for invalid user teamcity from 46.244.96.25 port 40192 ssh2
May  5 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Connection closed by 50.235.31.47 port 56044 [preauth]
May  5 18:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Connection closed by 46.244.96.25 port 40192 [preauth]
May  5 18:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 18:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Failed password for root from 190.103.202.7 port 53592 ssh2
May  5 18:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Connection closed by 190.103.202.7 port 53592 [preauth]
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user p13x
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: Successful su for rubyman by root
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: + ??? root:rubyman
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335430 of user rubyman.
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session closed for user rubyman
May  5 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335430.
May  5 18:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17554]: pam_unix(cron:session): session closed for user root
May  5 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session closed for user samftp
May  5 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session closed for user root
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20636]: pam_unix(cron:session): session closed for user p13x
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: Successful su for rubyman by root
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: + ??? root:rubyman
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335435 of user rubyman.
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: pam_unix(su:session): session closed for user rubyman
May  5 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335435.
May  5 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18121]: pam_unix(cron:session): session closed for user root
May  5 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20637]: pam_unix(cron:session): session closed for user samftp
May  5 18:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: Failed password for root from 85.18.236.229 port 56442 ssh2
May  5 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: Received disconnect from 85.18.236.229 port 56442:11: Bye Bye [preauth]
May  5 18:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20921]: Disconnected from 85.18.236.229 port 56442 [preauth]
May  5 18:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session closed for user root
May  5 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user p13x
May  5 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: Successful su for rubyman by root
May  5 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: + ??? root:rubyman
May  5 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335439 of user rubyman.
May  5 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: pam_unix(su:session): session closed for user rubyman
May  5 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335439.
May  5 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session closed for user root
May  5 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user samftp
May  5 18:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20231]: pam_unix(cron:session): session closed for user root
May  5 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21490]: pam_unix(cron:session): session closed for user p13x
May  5 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21556]: Successful su for rubyman by root
May  5 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21556]: + ??? root:rubyman
May  5 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335442 of user rubyman.
May  5 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21556]: pam_unix(su:session): session closed for user rubyman
May  5 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335442.
May  5 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user root
May  5 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21491]: pam_unix(cron:session): session closed for user samftp
May  5 18:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Invalid user qinyue from 91.205.219.185
May  5 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: input_userauth_request: invalid user qinyue [preauth]
May  5 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Failed password for invalid user qinyue from 91.205.219.185 port 42554 ssh2
May  5 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Received disconnect from 91.205.219.185 port 42554:11: Bye Bye [preauth]
May  5 18:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22081]: Disconnected from 91.205.219.185 port 42554 [preauth]
May  5 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session closed for user root
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22219]: pam_unix(cron:session): session closed for user root
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22214]: pam_unix(cron:session): session closed for user p13x
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22305]: Successful su for rubyman by root
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22305]: + ??? root:rubyman
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335449 of user rubyman.
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22305]: pam_unix(su:session): session closed for user rubyman
May  5 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335449.
May  5 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22216]: pam_unix(cron:session): session closed for user root
May  5 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19373]: pam_unix(cron:session): session closed for user root
May  5 18:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22215]: pam_unix(cron:session): session closed for user samftp
May  5 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user root
May  5 18:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: Failed password for root from 218.92.0.179 port 15685 ssh2
May  5 18:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 15685 ssh2]
May  5 18:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: Received disconnect from 218.92.0.179 port 15685:11:  [preauth]
May  5 18:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: Disconnected from 218.92.0.179 port 15685 [preauth]
May  5 18:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22649]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22714]: pam_unix(cron:session): session closed for user p13x
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22792]: Successful su for rubyman by root
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22792]: + ??? root:rubyman
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335453 of user rubyman.
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22792]: pam_unix(su:session): session closed for user rubyman
May  5 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335453.
May  5 18:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19786]: pam_unix(cron:session): session closed for user root
May  5 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session closed for user samftp
May  5 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21493]: pam_unix(cron:session): session closed for user root
May  5 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for root from 85.18.236.229 port 36270 ssh2
May  5 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Received disconnect from 85.18.236.229 port 36270:11: Bye Bye [preauth]
May  5 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Disconnected from 85.18.236.229 port 36270 [preauth]
May  5 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23159]: Bad protocol version identification '\026\003\001' from 3.128.24.18 port 40842
May  5 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: Bad protocol version identification '' from 3.128.24.18 port 40846
May  5 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23196]: pam_unix(cron:session): session closed for user p13x
May  5 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23261]: Successful su for rubyman by root
May  5 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23261]: + ??? root:rubyman
May  5 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335457 of user rubyman.
May  5 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23261]: pam_unix(su:session): session closed for user rubyman
May  5 18:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335457.
May  5 18:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20230]: pam_unix(cron:session): session closed for user root
May  5 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23197]: pam_unix(cron:session): session closed for user samftp
May  5 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23538]: Bad protocol version identification '\026\003\001' from 3.128.24.18 port 60226
May  5 18:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: Did not receive identification string from 3.128.24.18
May  5 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22218]: pam_unix(cron:session): session closed for user root
May  5 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23692]: pam_unix(cron:session): session closed for user p13x
May  5 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23753]: Successful su for rubyman by root
May  5 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23753]: + ??? root:rubyman
May  5 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335460 of user rubyman.
May  5 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23753]: pam_unix(su:session): session closed for user rubyman
May  5 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335460.
May  5 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20638]: pam_unix(cron:session): session closed for user root
May  5 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23693]: pam_unix(cron:session): session closed for user samftp
May  5 18:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Failed password for root from 218.92.0.179 port 28371 ssh2
May  5 18:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 28371 ssh2]
May  5 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Received disconnect from 218.92.0.179 port 28371:11:  [preauth]
May  5 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: Disconnected from 218.92.0.179 port 28371 [preauth]
May  5 18:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24089]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22718]: pam_unix(cron:session): session closed for user root
May  5 18:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Invalid user a from 91.205.219.185
May  5 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: input_userauth_request: invalid user a [preauth]
May  5 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185
May  5 18:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Failed password for invalid user a from 91.205.219.185 port 50794 ssh2
May  5 18:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Received disconnect from 91.205.219.185 port 50794:11: Bye Bye [preauth]
May  5 18:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Disconnected from 91.205.219.185 port 50794 [preauth]
May  5 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24222]: pam_unix(cron:session): session closed for user p13x
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24292]: Successful su for rubyman by root
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24292]: + ??? root:rubyman
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335466 of user rubyman.
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24292]: pam_unix(su:session): session closed for user rubyman
May  5 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335466.
May  5 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session closed for user root
May  5 18:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24223]: pam_unix(cron:session): session closed for user samftp
May  5 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session closed for user root
May  5 18:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  5 18:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24643]: Failed password for root from 193.70.84.184 port 46448 ssh2
May  5 18:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24643]: Connection closed by 193.70.84.184 port 46448 [preauth]
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24671]: pam_unix(cron:session): session closed for user root
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session closed for user p13x
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: Successful su for rubyman by root
May  5 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: + ??? root:rubyman
May  5 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335469 of user rubyman.
May  5 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24739]: pam_unix(su:session): session closed for user rubyman
May  5 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335469.
May  5 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session closed for user root
May  5 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21492]: pam_unix(cron:session): session closed for user root
May  5 18:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session closed for user samftp
May  5 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23695]: pam_unix(cron:session): session closed for user root
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25104]: pam_unix(cron:session): session closed for user p13x
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: Successful su for rubyman by root
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: + ??? root:rubyman
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335474 of user rubyman.
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25176]: pam_unix(su:session): session closed for user rubyman
May  5 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335474.
May  5 18:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22217]: pam_unix(cron:session): session closed for user root
May  5 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25105]: pam_unix(cron:session): session closed for user samftp
May  5 18:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Failed password for root from 85.18.236.229 port 44336 ssh2
May  5 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Received disconnect from 85.18.236.229 port 44336:11: Bye Bye [preauth]
May  5 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25412]: Disconnected from 85.18.236.229 port 44336 [preauth]
May  5 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user root
May  5 18:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25513]: Did not receive identification string from 76.14.125.110
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25745]: pam_unix(cron:session): session closed for user p13x
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25815]: Successful su for rubyman by root
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25815]: + ??? root:rubyman
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335478 of user rubyman.
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25815]: pam_unix(su:session): session closed for user rubyman
May  5 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335478.
May  5 18:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22717]: pam_unix(cron:session): session closed for user root
May  5 18:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25746]: pam_unix(cron:session): session closed for user samftp
May  5 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24670]: pam_unix(cron:session): session closed for user root
May  5 18:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.205.219.185  user=root
May  5 18:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: Failed password for root from 91.205.219.185 port 53134 ssh2
May  5 18:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: Received disconnect from 91.205.219.185 port 53134:11: Bye Bye [preauth]
May  5 18:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26159]: Disconnected from 91.205.219.185 port 53134 [preauth]
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26186]: pam_unix(cron:session): session closed for user p13x
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: Successful su for rubyman by root
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: + ??? root:rubyman
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335484 of user rubyman.
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26255]: pam_unix(su:session): session closed for user rubyman
May  5 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335484.
May  5 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23198]: pam_unix(cron:session): session closed for user root
May  5 18:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26187]: pam_unix(cron:session): session closed for user samftp
May  5 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25107]: pam_unix(cron:session): session closed for user root
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26674]: pam_unix(cron:session): session closed for user p13x
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: Successful su for rubyman by root
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: + ??? root:rubyman
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335486 of user rubyman.
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: pam_unix(su:session): session closed for user rubyman
May  5 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335486.
May  5 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23694]: pam_unix(cron:session): session closed for user root
May  5 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26675]: pam_unix(cron:session): session closed for user samftp
May  5 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25748]: pam_unix(cron:session): session closed for user root
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27147]: pam_unix(cron:session): session closed for user root
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27142]: pam_unix(cron:session): session closed for user p13x
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: Successful su for rubyman by root
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: + ??? root:rubyman
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335491 of user rubyman.
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27220]: pam_unix(su:session): session closed for user rubyman
May  5 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335491.
May  5 18:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session closed for user root
May  5 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27144]: pam_unix(cron:session): session closed for user root
May  5 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Invalid user admin from 139.19.117.131
May  5 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: input_userauth_request: invalid user admin [preauth]
May  5 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27143]: pam_unix(cron:session): session closed for user samftp
May  5 18:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Connection closed by 139.19.117.131 port 34972 [preauth]
May  5 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session closed for user root
May  5 18:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 18:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Failed password for root from 80.94.95.29 port 37594 ssh2
May  5 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 37594 ssh2]
May  5 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Received disconnect from 80.94.95.29 port 37594:11: Bye [preauth]
May  5 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Disconnected from 80.94.95.29 port 37594 [preauth]
May  5 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 18:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27653]: pam_unix(cron:session): session closed for user p13x
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27721]: Successful su for rubyman by root
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27721]: + ??? root:rubyman
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335496 of user rubyman.
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27721]: pam_unix(su:session): session closed for user rubyman
May  5 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335496.
May  5 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27650]: Failed password for root from 85.18.236.229 port 52400 ssh2
May  5 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27650]: Received disconnect from 85.18.236.229 port 52400:11: Bye Bye [preauth]
May  5 18:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27650]: Disconnected from 85.18.236.229 port 52400 [preauth]
May  5 18:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24669]: pam_unix(cron:session): session closed for user root
May  5 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27654]: pam_unix(cron:session): session closed for user samftp
May  5 18:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27946]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-NmapNSE_1.0
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: fatal: Unable to negotiate with 76.14.125.110 port 9872: no matching host key type found. Their offer: ssh-dss [preauth]
May  5 18:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Connection closed by 76.14.125.110 port 9878 [preauth]
May  5 18:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Connection closed by 76.14.125.110 port 9884 [preauth]
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27977]: fatal: Unable to negotiate with 76.14.125.110 port 9888: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27979]: fatal: Unable to negotiate with 76.14.125.110 port 9891: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: fatal: Unable to negotiate with 76.14.125.110 port 9893: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  5 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: Failed password for root from 218.92.0.179 port 14294 ssh2
May  5 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 14294 ssh2]
May  5 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: Received disconnect from 218.92.0.179 port 14294:11:  [preauth]
May  5 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: Disconnected from 218.92.0.179 port 14294 [preauth]
May  5 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user root
May  5 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session closed for user p13x
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28173]: Successful su for rubyman by root
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28173]: + ??? root:rubyman
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335501 of user rubyman.
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28173]: pam_unix(su:session): session closed for user rubyman
May  5 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335501.
May  5 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25106]: pam_unix(cron:session): session closed for user root
May  5 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session closed for user samftp
May  5 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27146]: pam_unix(cron:session): session closed for user root
May  5 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Invalid user user from 80.94.95.29
May  5 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: input_userauth_request: invalid user user [preauth]
May  5 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Failed password for invalid user user from 80.94.95.29 port 55212 ssh2
May  5 18:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Failed password for invalid user user from 80.94.95.29 port 55212 ssh2
May  5 18:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Failed password for invalid user user from 80.94.95.29 port 55212 ssh2
May  5 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Failed password for invalid user user from 80.94.95.29 port 55212 ssh2
May  5 18:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Failed password for invalid user user from 80.94.95.29 port 55212 ssh2
May  5 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Received disconnect from 80.94.95.29 port 55212:11: Bye [preauth]
May  5 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: Disconnected from 80.94.95.29 port 55212 [preauth]
May  5 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 18:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28499]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28548]: pam_unix(cron:session): session closed for user p13x
May  5 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28610]: Successful su for rubyman by root
May  5 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28610]: + ??? root:rubyman
May  5 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335505 of user rubyman.
May  5 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28610]: pam_unix(su:session): session closed for user rubyman
May  5 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335505.
May  5 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25747]: pam_unix(cron:session): session closed for user root
May  5 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28549]: pam_unix(cron:session): session closed for user samftp
May  5 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27656]: pam_unix(cron:session): session closed for user root
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session closed for user p13x
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: Successful su for rubyman by root
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: + ??? root:rubyman
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335509 of user rubyman.
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29155]: pam_unix(su:session): session closed for user rubyman
May  5 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335509.
May  5 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session closed for user root
May  5 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26188]: pam_unix(cron:session): session closed for user root
May  5 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28953]: pam_unix(cron:session): session closed for user samftp
May  5 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session closed for user root
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29559]: pam_unix(cron:session): session closed for user root
May  5 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29554]: pam_unix(cron:session): session closed for user p13x
May  5 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29624]: Successful su for rubyman by root
May  5 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29624]: + ??? root:rubyman
May  5 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335514 of user rubyman.
May  5 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29624]: pam_unix(su:session): session closed for user rubyman
May  5 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335514.
May  5 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29556]: pam_unix(cron:session): session closed for user root
May  5 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session closed for user root
May  5 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29555]: pam_unix(cron:session): session closed for user samftp
May  5 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28551]: pam_unix(cron:session): session closed for user root
May  5 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Invalid user test5 from 85.18.236.229
May  5 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: input_userauth_request: invalid user test5 [preauth]
May  5 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for invalid user test5 from 85.18.236.229 port 60466 ssh2
May  5 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Received disconnect from 85.18.236.229 port 60466:11: Bye Bye [preauth]
May  5 18:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Disconnected from 85.18.236.229 port 60466 [preauth]
May  5 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29992]: pam_unix(cron:session): session closed for user p13x
May  5 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: Successful su for rubyman by root
May  5 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: + ??? root:rubyman
May  5 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335519 of user rubyman.
May  5 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30059]: pam_unix(su:session): session closed for user rubyman
May  5 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335519.
May  5 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27145]: pam_unix(cron:session): session closed for user root
May  5 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29993]: pam_unix(cron:session): session closed for user samftp
May  5 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28956]: pam_unix(cron:session): session closed for user root
May  5 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user p13x
May  5 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30456]: Successful su for rubyman by root
May  5 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30456]: + ??? root:rubyman
May  5 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335523 of user rubyman.
May  5 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30456]: pam_unix(su:session): session closed for user rubyman
May  5 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335523.
May  5 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27655]: pam_unix(cron:session): session closed for user root
May  5 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session closed for user samftp
May  5 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30679]: Did not receive identification string from 76.14.125.110
May  5 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29558]: pam_unix(cron:session): session closed for user root
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31196]: pam_unix(cron:session): session closed for user p13x
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31258]: Successful su for rubyman by root
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31258]: + ??? root:rubyman
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335527 of user rubyman.
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31258]: pam_unix(su:session): session closed for user rubyman
May  5 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335527.
May  5 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user root
May  5 18:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31197]: pam_unix(cron:session): session closed for user samftp
May  5 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Did not receive identification string from 76.14.125.110
May  5 18:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Did not receive identification string from 76.14.125.110
May  5 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31692]: Did not receive identification string from 76.14.125.110
May  5 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session closed for user root
May  5 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Invalid user admin from 80.94.95.112
May  5 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: input_userauth_request: invalid user admin [preauth]
May  5 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 18:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user admin from 80.94.95.112 port 15214 ssh2
May  5 18:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user admin from 80.94.95.112 port 15214 ssh2
May  5 18:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user admin from 80.94.95.112 port 15214 ssh2
May  5 18:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user admin from 80.94.95.112 port 15214 ssh2
May  5 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Failed password for invalid user admin from 80.94.95.112 port 15214 ssh2
May  5 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Received disconnect from 80.94.95.112 port 15214:11: Bye [preauth]
May  5 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: Disconnected from 80.94.95.112 port 15214 [preauth]
May  5 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 18:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32324]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32406]: pam_unix(cron:session): session closed for user p13x
May  5 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32472]: Successful su for rubyman by root
May  5 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32472]: + ??? root:rubyman
May  5 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335532 of user rubyman.
May  5 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32472]: pam_unix(su:session): session closed for user rubyman
May  5 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335532.
May  5 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28550]: pam_unix(cron:session): session closed for user root
May  5 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32407]: pam_unix(cron:session): session closed for user samftp
May  5 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session closed for user root
May  5 18:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[535]: pam_unix(cron:session): session closed for user root
May  5 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[530]: pam_unix(cron:session): session closed for user p13x
May  5 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: Successful su for rubyman by root
May  5 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: + ??? root:rubyman
May  5 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335536 of user rubyman.
May  5 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: pam_unix(su:session): session closed for user rubyman
May  5 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335536.
May  5 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session closed for user root
May  5 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28955]: pam_unix(cron:session): session closed for user root
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[826]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-NmapNSE_1.0
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[846]: fatal: Unable to negotiate with 76.14.125.110 port 13059: no matching host key type found. Their offer: ssh-dss [preauth]
May  5 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Connection closed by 76.14.125.110 port 13067 [preauth]
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session closed for user samftp
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: Connection closed by 76.14.125.110 port 13073 [preauth]
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[877]: fatal: Unable to negotiate with 76.14.125.110 port 13082: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
May  5 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[879]: fatal: Unable to negotiate with 76.14.125.110 port 13087: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
May  5 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: fatal: Unable to negotiate with 76.14.125.110 port 13089: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  5 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Failed password for root from 85.18.236.229 port 40298 ssh2
May  5 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Received disconnect from 85.18.236.229 port 40298:11: Bye Bye [preauth]
May  5 18:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Disconnected from 85.18.236.229 port 40298 [preauth]
May  5 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31200]: pam_unix(cron:session): session closed for user root
May  5 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Invalid user ubnt from 80.94.95.241
May  5 18:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: input_userauth_request: invalid user ubnt [preauth]
May  5 18:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 18:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user ubnt from 80.94.95.241 port 65039 ssh2
May  5 18:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user ubnt from 80.94.95.241 port 65039 ssh2
May  5 18:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user ubnt from 80.94.95.241 port 65039 ssh2
May  5 18:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user ubnt from 80.94.95.241 port 65039 ssh2
May  5 18:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Failed password for invalid user ubnt from 80.94.95.241 port 65039 ssh2
May  5 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Received disconnect from 80.94.95.241 port 65039:11: Bye [preauth]
May  5 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: Disconnected from 80.94.95.241 port 65039 [preauth]
May  5 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 18:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1025]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1103]: pam_unix(cron:session): session closed for user p13x
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: Successful su for rubyman by root
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: + ??? root:rubyman
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335541 of user rubyman.
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: pam_unix(su:session): session closed for user rubyman
May  5 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335541.
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1279]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-NmapNSE_1.0
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: fatal: Unable to negotiate with 76.14.125.110 port 13267: no matching host key type found. Their offer: ssh-dss [preauth]
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Connection closed by 76.14.125.110 port 13274 [preauth]
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: Connection closed by 76.14.125.110 port 13279 [preauth]
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: fatal: Unable to negotiate with 76.14.125.110 port 13285: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
May  5 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: fatal: Unable to negotiate with 76.14.125.110 port 13286: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
May  5 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1378]: fatal: Unable to negotiate with 76.14.125.110 port 13289: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29557]: pam_unix(cron:session): session closed for user root
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-NmapNSE_1.0
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1467]: fatal: Unable to negotiate with 76.14.125.110 port 13323: no matching host key type found. Their offer: ssh-dss [preauth]
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Connection closed by 76.14.125.110 port 13327 [preauth]
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1104]: pam_unix(cron:session): session closed for user samftp
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1488]: Connection closed by 76.14.125.110 port 13333 [preauth]
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: fatal: Unable to negotiate with 76.14.125.110 port 13337: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
May  5 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1493]: fatal: Unable to negotiate with 76.14.125.110 port 13338: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1509]: fatal: Unable to negotiate with 76.14.125.110 port 13359: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1513]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-NmapNSE_1.0
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1514]: Protocol major versions differ for 76.14.125.110: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Nmap-SSH1-Hostkey
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:76.14.125.110
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1515]: fatal: Unable to negotiate with 76.14.125.110 port 13377: no matching host key type found. Their offer: ssh-dss [preauth]
May  5 18:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Connection closed by 76.14.125.110 port 13383 [preauth]
May  5 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1520]: Connection closed by 76.14.125.110 port 13387 [preauth]
May  5 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1532]: fatal: Unable to negotiate with 76.14.125.110 port 13392: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]
May  5 18:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1534]: fatal: Unable to negotiate with 76.14.125.110 port 13394: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]
May  5 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: fatal: Unable to negotiate with 76.14.125.110 port 13396: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  5 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session closed for user root
May  5 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1819]: pam_unix(cron:session): session closed for user p13x
May  5 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1885]: Successful su for rubyman by root
May  5 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1885]: + ??? root:rubyman
May  5 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335546 of user rubyman.
May  5 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1885]: pam_unix(su:session): session closed for user rubyman
May  5 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335546.
May  5 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session closed for user root
May  5 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1820]: pam_unix(cron:session): session closed for user samftp
May  5 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[534]: pam_unix(cron:session): session closed for user root
May  5 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user p13x
May  5 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: Successful su for rubyman by root
May  5 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: + ??? root:rubyman
May  5 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335552 of user rubyman.
May  5 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2370]: pam_unix(su:session): session closed for user rubyman
May  5 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335552.
May  5 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session closed for user root
May  5 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2304]: pam_unix(cron:session): session closed for user samftp
May  5 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1106]: pam_unix(cron:session): session closed for user root
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2746]: pam_unix(cron:session): session closed for user p13x
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: Successful su for rubyman by root
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: + ??? root:rubyman
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335555 of user rubyman.
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2809]: pam_unix(su:session): session closed for user rubyman
May  5 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335555.
May  5 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31198]: pam_unix(cron:session): session closed for user root
May  5 18:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user samftp
May  5 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session closed for user root
May  5 18:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 18:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Failed password for root from 85.18.236.229 port 48366 ssh2
May  5 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Received disconnect from 85.18.236.229 port 48366:11: Bye Bye [preauth]
May  5 18:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3108]: Disconnected from 85.18.236.229 port 48366 [preauth]
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3158]: pam_unix(cron:session): session closed for user root
May  5 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3152]: pam_unix(cron:session): session closed for user p13x
May  5 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3230]: Successful su for rubyman by root
May  5 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3230]: + ??? root:rubyman
May  5 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335557 of user rubyman.
May  5 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3230]: pam_unix(su:session): session closed for user rubyman
May  5 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335557.
May  5 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3155]: pam_unix(cron:session): session closed for user root
May  5 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session closed for user root
May  5 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3153]: pam_unix(cron:session): session closed for user samftp
May  5 18:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2306]: pam_unix(cron:session): session closed for user root
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3636]: pam_unix(cron:session): session closed for user p13x
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3704]: Successful su for rubyman by root
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3704]: + ??? root:rubyman
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335564 of user rubyman.
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3704]: pam_unix(su:session): session closed for user rubyman
May  5 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335564.
May  5 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[533]: pam_unix(cron:session): session closed for user root
May  5 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3637]: pam_unix(cron:session): session closed for user samftp
May  5 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user root
May  5 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for root from 164.68.105.9 port 56348 ssh2
May  5 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Connection closed by 164.68.105.9 port 56348 [preauth]
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session closed for user p13x
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4143]: Successful su for rubyman by root
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4143]: + ??? root:rubyman
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335567 of user rubyman.
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4143]: pam_unix(su:session): session closed for user rubyman
May  5 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335567.
May  5 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1105]: pam_unix(cron:session): session closed for user root
May  5 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session closed for user samftp
May  5 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3157]: pam_unix(cron:session): session closed for user root
May  5 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4641]: Did not receive identification string from 38.181.34.199
May  5 18:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Invalid user nagios from 176.31.162.135
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: input_userauth_request: invalid user nagios [preauth]
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4646]: pam_unix(cron:session): session closed for user p13x
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4709]: Successful su for rubyman by root
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4709]: + ??? root:rubyman
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335571 of user rubyman.
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4709]: pam_unix(su:session): session closed for user rubyman
May  5 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335571.
May  5 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Failed password for invalid user nagios from 176.31.162.135 port 39816 ssh2
May  5 18:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Connection closed by 176.31.162.135 port 39816 [preauth]
May  5 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session closed for user root
May  5 18:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session closed for user samftp
May  5 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3639]: pam_unix(cron:session): session closed for user root
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5254]: pam_unix(cron:session): session closed for user p13x
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5317]: Successful su for rubyman by root
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5317]: + ??? root:rubyman
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335576 of user rubyman.
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5317]: pam_unix(su:session): session closed for user rubyman
May  5 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335576.
May  5 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2305]: pam_unix(cron:session): session closed for user root
May  5 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5255]: pam_unix(cron:session): session closed for user samftp
May  5 18:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Invalid user richard from 85.18.236.229
May  5 18:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: input_userauth_request: invalid user richard [preauth]
May  5 18:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 18:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Failed password for invalid user richard from 85.18.236.229 port 56432 ssh2
May  5 18:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Received disconnect from 85.18.236.229 port 56432:11: Bye Bye [preauth]
May  5 18:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5579]: Disconnected from 85.18.236.229 port 56432 [preauth]
May  5 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session closed for user root
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5729]: pam_unix(cron:session): session closed for user root
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5723]: pam_unix(cron:session): session closed for user p13x
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: Successful su for rubyman by root
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: + ??? root:rubyman
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335581 of user rubyman.
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session closed for user rubyman
May  5 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335581.
May  5 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5726]: pam_unix(cron:session): session closed for user root
May  5 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session closed for user root
May  5 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5724]: pam_unix(cron:session): session closed for user samftp
May  5 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session closed for user root
May  5 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Failed password for root from 221.161.235.168 port 57762 ssh2
May  5 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Received disconnect from 221.161.235.168 port 57762:11: Bye Bye [preauth]
May  5 18:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6206]: Disconnected from 221.161.235.168 port 57762 [preauth]
May  5 18:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Failed password for root from 218.92.0.179 port 33657 ssh2
May  5 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 33657 ssh2]
May  5 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Received disconnect from 218.92.0.179 port 33657:11:  [preauth]
May  5 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: Disconnected from 218.92.0.179 port 33657 [preauth]
May  5 18:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6239]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: Invalid user juki from 50.235.31.47
May  5 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: input_userauth_request: invalid user juki [preauth]
May  5 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 18:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: Failed password for invalid user juki from 50.235.31.47 port 35598 ssh2
May  5 18:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6261]: Connection closed by 50.235.31.47 port 35598 [preauth]
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user p13x
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: Successful su for rubyman by root
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: + ??? root:rubyman
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335586 of user rubyman.
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session closed for user rubyman
May  5 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335586.
May  5 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3156]: pam_unix(cron:session): session closed for user root
May  5 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user samftp
May  5 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5257]: pam_unix(cron:session): session closed for user root
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6684]: pam_unix(cron:session): session closed for user p13x
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6747]: Successful su for rubyman by root
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6747]: + ??? root:rubyman
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335592 of user rubyman.
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6747]: pam_unix(su:session): session closed for user rubyman
May  5 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335592.
May  5 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3638]: pam_unix(cron:session): session closed for user root
May  5 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6686]: pam_unix(cron:session): session closed for user samftp
May  5 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: Bad protocol version identification '' from 13.59.213.240 port 43634
May  5 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5728]: pam_unix(cron:session): session closed for user root
May  5 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Bad protocol version identification 'GET / HTTP/1.1' from 13.59.213.240 port 59246
May  5 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7147]: Bad protocol version identification 'GET / HTTP/1.1' from 13.59.213.240 port 39134
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7197]: pam_unix(cron:session): session closed for user p13x
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: Successful su for rubyman by root
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: + ??? root:rubyman
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335593 of user rubyman.
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7265]: pam_unix(su:session): session closed for user rubyman
May  5 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335593.
May  5 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4083]: pam_unix(cron:session): session closed for user root
May  5 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7198]: pam_unix(cron:session): session closed for user samftp
May  5 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session closed for user root
May  5 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Invalid user ismael from 85.18.236.229
May  5 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: input_userauth_request: invalid user ismael [preauth]
May  5 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): check pass; user unknown
May  5 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 18:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Failed password for invalid user ismael from 85.18.236.229 port 36262 ssh2
May  5 18:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Received disconnect from 85.18.236.229 port 36262:11: Bye Bye [preauth]
May  5 18:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7675]: Disconnected from 85.18.236.229 port 36262 [preauth]
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7705]: pam_unix(cron:session): session closed for user p13x
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: Successful su for rubyman by root
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: + ??? root:rubyman
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335597 of user rubyman.
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7780]: pam_unix(su:session): session closed for user rubyman
May  5 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335597.
May  5 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session closed for user root
May  5 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7706]: pam_unix(cron:session): session closed for user samftp
May  5 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6689]: pam_unix(cron:session): session closed for user root
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8139]: pam_unix(cron:session): session closed for user root
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session closed for user root
May  5 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8129]: pam_unix(cron:session): session closed for user p13x
May  5 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8238]: Successful su for rubyman by root
May  5 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8238]: + ??? root:rubyman
May  5 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335602 of user rubyman.
May  5 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8238]: pam_unix(su:session): session closed for user rubyman
May  5 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335602.
May  5 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8136]: pam_unix(cron:session): session closed for user root
May  5 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5256]: pam_unix(cron:session): session closed for user root
May  5 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8133]: pam_unix(cron:session): session closed for user samftp
May  5 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7200]: pam_unix(cron:session): session closed for user root
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8660]: pam_unix(cron:session): session closed for user p13x
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: Successful su for rubyman by root
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: + ??? root:rubyman
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335609 of user rubyman.
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8740]: pam_unix(su:session): session closed for user rubyman
May  5 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335609.
May  5 19:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5727]: pam_unix(cron:session): session closed for user root
May  5 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8661]: pam_unix(cron:session): session closed for user samftp
May  5 19:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Failed password for root from 218.92.0.209 port 18876 ssh2
May  5 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: message repeated 4 times: [ Failed password for root from 218.92.0.209 port 18876 ssh2]
May  5 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 18876 ssh2 [preauth]
May  5 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: Disconnecting: Too many authentication failures [preauth]
May  5 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 19:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8870]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 19:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: Failed password for root from 218.92.0.209 port 40616 ssh2
May  5 19:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: message repeated 2 times: [ Failed password for root from 218.92.0.209 port 40616 ssh2]
May  5 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7708]: pam_unix(cron:session): session closed for user root
May  5 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: Failed password for root from 218.92.0.209 port 40616 ssh2
May  5 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: message repeated 2 times: [ Failed password for root from 218.92.0.209 port 40616 ssh2]
May  5 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 40616 ssh2 [preauth]
May  5 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: Disconnecting: Too many authentication failures [preauth]
May  5 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 19:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  5 19:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Failed password for root from 218.92.0.209 port 9250 ssh2
May  5 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Received disconnect from 218.92.0.209 port 9250:11:  [preauth]
May  5 19:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9041]: Disconnected from 218.92.0.209 port 9250 [preauth]
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session closed for user p13x
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: Successful su for rubyman by root
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: + ??? root:rubyman
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335612 of user rubyman.
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: pam_unix(su:session): session closed for user rubyman
May  5 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335612.
May  5 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session closed for user root
May  5 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9086]: pam_unix(cron:session): session closed for user samftp
May  5 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: Invalid user  from 185.186.146.131
May  5 19:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: input_userauth_request: invalid user  [preauth]
May  5 19:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: Connection closed by 185.186.146.131 port 33284 [preauth]
May  5 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session closed for user root
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9609]: pam_unix(cron:session): session closed for user p13x
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: Successful su for rubyman by root
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: + ??? root:rubyman
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335617 of user rubyman.
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9672]: pam_unix(su:session): session closed for user rubyman
May  5 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335617.
May  5 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session closed for user root
May  5 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9610]: pam_unix(cron:session): session closed for user samftp
May  5 19:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 19:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Failed password for root from 85.18.236.229 port 44318 ssh2
May  5 19:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Received disconnect from 85.18.236.229 port 44318:11: Bye Bye [preauth]
May  5 19:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Disconnected from 85.18.236.229 port 44318 [preauth]
May  5 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8663]: pam_unix(cron:session): session closed for user root
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10011]: pam_unix(cron:session): session closed for user p13x
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: Successful su for rubyman by root
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: + ??? root:rubyman
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335620 of user rubyman.
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10078]: pam_unix(su:session): session closed for user rubyman
May  5 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335620.
May  5 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session closed for user root
May  5 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10012]: pam_unix(cron:session): session closed for user samftp
May  5 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session closed for user root
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10513]: pam_unix(cron:session): session closed for user root
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10508]: pam_unix(cron:session): session closed for user p13x
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: Successful su for rubyman by root
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: + ??? root:rubyman
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335626 of user rubyman.
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10581]: pam_unix(su:session): session closed for user rubyman
May  5 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335626.
May  5 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10510]: pam_unix(cron:session): session closed for user root
May  5 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7707]: pam_unix(cron:session): session closed for user root
May  5 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10509]: pam_unix(cron:session): session closed for user samftp
May  5 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9612]: pam_unix(cron:session): session closed for user root
May  5 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Invalid user csserver from 221.161.235.168
May  5 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: input_userauth_request: invalid user csserver [preauth]
May  5 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Failed password for invalid user csserver from 221.161.235.168 port 54214 ssh2
May  5 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Received disconnect from 221.161.235.168 port 54214:11: Bye Bye [preauth]
May  5 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10938]: Disconnected from 221.161.235.168 port 54214 [preauth]
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session closed for user p13x
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11064]: Successful su for rubyman by root
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11064]: + ??? root:rubyman
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335631 of user rubyman.
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11064]: pam_unix(su:session): session closed for user rubyman
May  5 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335631.
May  5 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8137]: pam_unix(cron:session): session closed for user root
May  5 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user samftp
May  5 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10014]: pam_unix(cron:session): session closed for user root
May  5 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for root from 218.92.0.179 port 42523 ssh2
May  5 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42523 ssh2]
May  5 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Received disconnect from 218.92.0.179 port 42523:11:  [preauth]
May  5 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Disconnected from 218.92.0.179 port 42523 [preauth]
May  5 19:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session closed for user p13x
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: Successful su for rubyman by root
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: + ??? root:rubyman
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335636 of user rubyman.
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11465]: pam_unix(su:session): session closed for user rubyman
May  5 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335636.
May  5 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8662]: pam_unix(cron:session): session closed for user root
May  5 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11402]: pam_unix(cron:session): session closed for user samftp
May  5 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10512]: pam_unix(cron:session): session closed for user root
May  5 19:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: Failed password for root from 185.186.146.131 port 43664 ssh2
May  5 19:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11714]: Connection closed by 185.186.146.131 port 43664 [preauth]
May  5 19:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Invalid user pi from 185.186.146.131
May  5 19:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: input_userauth_request: invalid user pi [preauth]
May  5 19:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Failed password for invalid user pi from 185.186.146.131 port 57104 ssh2
May  5 19:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11745]: Connection closed by 185.186.146.131 port 57104 [preauth]
May  5 19:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Invalid user hive from 185.186.146.131
May  5 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: input_userauth_request: invalid user hive [preauth]
May  5 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Failed password for invalid user hive from 185.186.146.131 port 57106 ssh2
May  5 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11755]: Connection closed by 185.186.146.131 port 57106 [preauth]
May  5 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Invalid user system from 85.18.236.229
May  5 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: input_userauth_request: invalid user system [preauth]
May  5 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 19:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Failed password for invalid user system from 85.18.236.229 port 52386 ssh2
May  5 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Received disconnect from 85.18.236.229 port 52386:11: Bye Bye [preauth]
May  5 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Disconnected from 85.18.236.229 port 52386 [preauth]
May  5 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Invalid user git from 185.186.146.131
May  5 19:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: input_userauth_request: invalid user git [preauth]
May  5 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Failed password for invalid user git from 185.186.146.131 port 46798 ssh2
May  5 19:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Connection closed by 185.186.146.131 port 46798 [preauth]
May  5 19:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: Invalid user wang from 185.186.146.131
May  5 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: input_userauth_request: invalid user wang [preauth]
May  5 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: Failed password for invalid user wang from 185.186.146.131 port 46802 ssh2
May  5 19:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11791]: Connection closed by 185.186.146.131 port 46802 [preauth]
May  5 19:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: Invalid user nginx from 185.186.146.131
May  5 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: input_userauth_request: invalid user nginx [preauth]
May  5 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: Failed password for invalid user nginx from 185.186.146.131 port 52342 ssh2
May  5 19:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11803]: Connection closed by 185.186.146.131 port 52342 [preauth]
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11816]: pam_unix(cron:session): session closed for user p13x
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: Successful su for rubyman by root
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: + ??? root:rubyman
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335639 of user rubyman.
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11876]: pam_unix(su:session): session closed for user rubyman
May  5 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335639.
May  5 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Invalid user mongo from 185.186.146.131
May  5 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: input_userauth_request: invalid user mongo [preauth]
May  5 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session closed for user root
May  5 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Failed password for invalid user mongo from 185.186.146.131 port 52346 ssh2
May  5 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11940]: Connection closed by 185.186.146.131 port 52346 [preauth]
May  5 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11817]: pam_unix(cron:session): session closed for user samftp
May  5 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Invalid user user from 185.186.146.131
May  5 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: input_userauth_request: invalid user user [preauth]
May  5 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user user from 185.186.146.131 port 43286 ssh2
May  5 19:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Connection closed by 185.186.146.131 port 43286 [preauth]
May  5 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Invalid user oracle from 185.186.146.131
May  5 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: input_userauth_request: invalid user oracle [preauth]
May  5 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user oracle from 185.186.146.131 port 43290 ssh2
May  5 19:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Connection closed by 185.186.146.131 port 43290 [preauth]
May  5 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: Invalid user gpadmin from 185.186.146.131
May  5 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: input_userauth_request: invalid user gpadmin [preauth]
May  5 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: Failed password for invalid user gpadmin from 185.186.146.131 port 58106 ssh2
May  5 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12086]: Connection closed by 185.186.146.131 port 58106 [preauth]
May  5 19:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for root from 185.186.146.131 port 58118 ssh2
May  5 19:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Connection closed by 185.186.146.131 port 58118 [preauth]
May  5 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Invalid user esroot from 185.186.146.131
May  5 19:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: input_userauth_request: invalid user esroot [preauth]
May  5 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Failed password for invalid user esroot from 185.186.146.131 port 37824 ssh2
May  5 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12121]: Connection closed by 185.186.146.131 port 37824 [preauth]
May  5 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user root
May  5 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Invalid user gitlab from 185.186.146.131
May  5 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: input_userauth_request: invalid user gitlab [preauth]
May  5 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for invalid user gitlab from 185.186.146.131 port 37840 ssh2
May  5 19:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Connection closed by 185.186.146.131 port 37840 [preauth]
May  5 19:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Invalid user apache from 185.186.146.131
May  5 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: input_userauth_request: invalid user apache [preauth]
May  5 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Failed password for invalid user apache from 185.186.146.131 port 60956 ssh2
May  5 19:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Connection closed by 185.186.146.131 port 60956 [preauth]
May  5 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: Failed password for root from 185.186.146.131 port 60974 ssh2
May  5 19:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: Connection closed by 185.186.146.131 port 60974 [preauth]
May  5 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Failed password for root from 185.186.146.131 port 46766 ssh2
May  5 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12196]: Connection closed by 185.186.146.131 port 46766 [preauth]
May  5 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Invalid user user from 185.186.146.131
May  5 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: input_userauth_request: invalid user user [preauth]
May  5 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Failed password for invalid user user from 185.186.146.131 port 46774 ssh2
May  5 19:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Connection closed by 185.186.146.131 port 46774 [preauth]
May  5 19:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Invalid user lighthouse from 185.186.146.131
May  5 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: input_userauth_request: invalid user lighthouse [preauth]
May  5 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session closed for user p13x
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12359]: Successful su for rubyman by root
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12359]: + ??? root:rubyman
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335642 of user rubyman.
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12359]: pam_unix(su:session): session closed for user rubyman
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335642.
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Failed password for invalid user lighthouse from 185.186.146.131 port 35084 ssh2
May  5 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12216]: Connection closed by 185.186.146.131 port 35084 [preauth]
May  5 19:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12218]: pam_unix(cron:session): session closed for user root
May  5 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9611]: pam_unix(cron:session): session closed for user root
May  5 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Invalid user flask from 185.186.146.131
May  5 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: input_userauth_request: invalid user flask [preauth]
May  5 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12221]: pam_unix(cron:session): session closed for user samftp
May  5 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Failed password for invalid user flask from 185.186.146.131 port 35096 ssh2
May  5 19:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12538]: Connection closed by 185.186.146.131 port 35096 [preauth]
May  5 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Invalid user user1 from 185.186.146.131
May  5 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: input_userauth_request: invalid user user1 [preauth]
May  5 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Failed password for invalid user user1 from 185.186.146.131 port 33054 ssh2
May  5 19:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Connection closed by 185.186.146.131 port 33054 [preauth]
May  5 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Invalid user hadoop from 185.186.146.131
May  5 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: input_userauth_request: invalid user hadoop [preauth]
May  5 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Failed password for invalid user hadoop from 185.186.146.131 port 53676 ssh2
May  5 19:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12600]: Connection closed by 185.186.146.131 port 53676 [preauth]
May  5 19:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: Invalid user oracle from 185.186.146.131
May  5 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: input_userauth_request: invalid user oracle [preauth]
May  5 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: Failed password for invalid user oracle from 185.186.146.131 port 53686 ssh2
May  5 19:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12611]: Connection closed by 185.186.146.131 port 53686 [preauth]
May  5 19:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Invalid user test from 185.186.146.131
May  5 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: input_userauth_request: invalid user test [preauth]
May  5 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Failed password for invalid user test from 185.186.146.131 port 39660 ssh2
May  5 19:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Connection closed by 185.186.146.131 port 39660 [preauth]
May  5 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Invalid user # from 195.178.110.50
May  5 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: input_userauth_request: invalid user # [preauth]
May  5 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 19:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Failed password for invalid user # from 195.178.110.50 port 38912 ssh2
May  5 19:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11404]: pam_unix(cron:session): session closed for user root
May  5 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: Failed password for root from 185.186.146.131 port 39676 ssh2
May  5 19:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12643]: Connection closed by 185.186.146.131 port 39676 [preauth]
May  5 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Connection closed by 195.178.110.50 port 38912 [preauth]
May  5 19:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: Invalid user developer from 185.186.146.131
May  5 19:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: input_userauth_request: invalid user developer [preauth]
May  5 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: Failed password for invalid user developer from 185.186.146.131 port 57700 ssh2
May  5 19:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12674]: Connection closed by 185.186.146.131 port 57700 [preauth]
May  5 19:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for root from 185.186.146.131 port 57712 ssh2
May  5 19:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Connection closed by 185.186.146.131 port 57712 [preauth]
May  5 19:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: User mysql from 185.186.146.131 not allowed because not listed in AllowUsers
May  5 19:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user mysql [preauth]
May  5 19:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=mysql
May  5 19:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user mysql from 185.186.146.131 port 47552 ssh2
May  5 19:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Connection closed by 185.186.146.131 port 47552 [preauth]
May  5 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Invalid user b from 195.178.110.50
May  5 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: input_userauth_request: invalid user b [preauth]
May  5 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Failed password for invalid user b from 195.178.110.50 port 6766 ssh2
May  5 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Failed password for root from 185.186.146.131 port 47560 ssh2
May  5 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12722]: Connection closed by 185.186.146.131 port 47560 [preauth]
May  5 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12665]: Connection closed by 195.178.110.50 port 6766 [preauth]
May  5 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Invalid user tom from 185.186.146.131
May  5 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: input_userauth_request: invalid user tom [preauth]
May  5 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Failed password for invalid user tom from 185.186.146.131 port 44204 ssh2
May  5 19:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Connection closed by 185.186.146.131 port 44204 [preauth]
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12742]: pam_unix(cron:session): session closed for user root
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12736]: pam_unix(cron:session): session closed for user p13x
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12805]: Successful su for rubyman by root
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12805]: + ??? root:rubyman
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335649 of user rubyman.
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12805]: pam_unix(su:session): session closed for user rubyman
May  5 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335649.
May  5 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session closed for user root
May  5 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10013]: pam_unix(cron:session): session closed for user root
May  5 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12876]: Failed password for root from 185.186.146.131 port 44208 ssh2
May  5 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12876]: Connection closed by 185.186.146.131 port 44208 [preauth]
May  5 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session closed for user samftp
May  5 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Invalid user oscar from 185.186.146.131
May  5 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: input_userauth_request: invalid user oscar [preauth]
May  5 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Failed password for invalid user oscar from 185.186.146.131 port 54138 ssh2
May  5 19:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13012]: Connection closed by 185.186.146.131 port 54138 [preauth]
May  5 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Invalid user C from 195.178.110.50
May  5 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: input_userauth_request: invalid user C [preauth]
May  5 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Failed password for invalid user C from 195.178.110.50 port 55064 ssh2
May  5 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Failed password for root from 185.186.146.131 port 54154 ssh2
May  5 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Connection closed by 185.186.146.131 port 54154 [preauth]
May  5 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12734]: Connection closed by 195.178.110.50 port 55064 [preauth]
May  5 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Failed password for root from 185.186.146.131 port 59182 ssh2
May  5 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Connection closed by 185.186.146.131 port 59182 [preauth]
May  5 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Invalid user user1 from 185.186.146.131
May  5 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: input_userauth_request: invalid user user1 [preauth]
May  5 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Failed password for invalid user user1 from 185.186.146.131 port 59188 ssh2
May  5 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Connection closed by 185.186.146.131 port 59188 [preauth]
May  5 19:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Failed password for root from 185.186.146.131 port 40232 ssh2
May  5 19:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Connection closed by 185.186.146.131 port 40232 [preauth]
May  5 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11819]: pam_unix(cron:session): session closed for user root
May  5 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Invalid user $ from 195.178.110.50
May  5 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: input_userauth_request: invalid user $ [preauth]
May  5 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Invalid user flink from 185.186.146.131
May  5 19:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: input_userauth_request: invalid user flink [preauth]
May  5 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Failed password for invalid user $ from 195.178.110.50 port 4700 ssh2
May  5 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Failed password for invalid user flink from 185.186.146.131 port 40240 ssh2
May  5 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13112]: Connection closed by 185.186.146.131 port 40240 [preauth]
May  5 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Connection closed by 195.178.110.50 port 4700 [preauth]
May  5 19:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Invalid user apache from 185.186.146.131
May  5 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: input_userauth_request: invalid user apache [preauth]
May  5 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Failed password for invalid user apache from 185.186.146.131 port 35750 ssh2
May  5 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13128]: Connection closed by 185.186.146.131 port 35750 [preauth]
May  5 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13152]: Failed password for root from 185.186.146.131 port 35766 ssh2
May  5 19:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13152]: Connection closed by 185.186.146.131 port 35766 [preauth]
May  5 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Invalid user nginx from 185.186.146.131
May  5 19:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: input_userauth_request: invalid user nginx [preauth]
May  5 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Failed password for invalid user nginx from 185.186.146.131 port 41230 ssh2
May  5 19:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Connection closed by 185.186.146.131 port 41230 [preauth]
May  5 19:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Invalid user esuser from 185.186.146.131
May  5 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: input_userauth_request: invalid user esuser [preauth]
May  5 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Failed password for invalid user esuser from 185.186.146.131 port 41242 ssh2
May  5 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Connection closed by 185.186.146.131 port 41242 [preauth]
May  5 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Invalid user c from 195.178.110.50
May  5 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: input_userauth_request: invalid user c [preauth]
May  5 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Failed password for invalid user c from 195.178.110.50 port 47554 ssh2
May  5 19:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session closed for user p13x
May  5 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13261]: Successful su for rubyman by root
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13261]: + ??? root:rubyman
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335655 of user rubyman.
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13261]: pam_unix(su:session): session closed for user rubyman
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335655.
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Failed password for root from 185.186.146.131 port 58348 ssh2
May  5 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Connection closed by 185.186.146.131 port 58348 [preauth]
May  5 19:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13127]: Connection closed by 195.178.110.50 port 47554 [preauth]
May  5 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Invalid user git from 185.186.146.131
May  5 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: input_userauth_request: invalid user git [preauth]
May  5 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session closed for user root
May  5 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user samftp
May  5 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39  user=root
May  5 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Failed password for invalid user git from 185.186.146.131 port 58364 ssh2
May  5 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Connection closed by 185.186.146.131 port 58364 [preauth]
May  5 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Failed password for root from 96.78.175.39 port 48492 ssh2
May  5 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Received disconnect from 96.78.175.39 port 48492:11: Bye Bye [preauth]
May  5 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Disconnected from 96.78.175.39 port 48492 [preauth]
May  5 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Invalid user postgres from 185.186.146.131
May  5 19:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: input_userauth_request: invalid user postgres [preauth]
May  5 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Failed password for invalid user postgres from 185.186.146.131 port 33730 ssh2
May  5 19:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13549]: Connection closed by 185.186.146.131 port 33730 [preauth]
May  5 19:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Invalid user kitchen from 221.161.235.168
May  5 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: input_userauth_request: invalid user kitchen [preauth]
May  5 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Failed password for invalid user kitchen from 221.161.235.168 port 34516 ssh2
May  5 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Received disconnect from 221.161.235.168 port 34516:11: Bye Bye [preauth]
May  5 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Disconnected from 221.161.235.168 port 34516 [preauth]
May  5 19:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: Invalid user svnuser from 185.186.146.131
May  5 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: input_userauth_request: invalid user svnuser [preauth]
May  5 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: Failed password for invalid user svnuser from 185.186.146.131 port 33740 ssh2
May  5 19:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: Connection closed by 185.186.146.131 port 33740 [preauth]
May  5 19:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Invalid user dolphinscheduler from 185.186.146.131
May  5 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Failed password for invalid user dolphinscheduler from 185.186.146.131 port 57536 ssh2
May  5 19:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13590]: Connection closed by 185.186.146.131 port 57536 [preauth]
May  5 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Failed password for root from 185.186.146.131 port 57544 ssh2
May  5 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13615]: Connection closed by 185.186.146.131 port 57544 [preauth]
May  5 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Invalid user plexserver from 185.186.146.131
May  5 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: input_userauth_request: invalid user plexserver [preauth]
May  5 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user plexserver from 185.186.146.131 port 32852 ssh2
May  5 19:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Connection closed by 185.186.146.131 port 32852 [preauth]
May  5 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12223]: pam_unix(cron:session): session closed for user root
May  5 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Invalid user sonar from 185.186.146.131
May  5 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: input_userauth_request: invalid user sonar [preauth]
May  5 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Failed password for invalid user sonar from 185.186.146.131 port 60534 ssh2
May  5 19:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13658]: Connection closed by 185.186.146.131 port 60534 [preauth]
May  5 19:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Invalid user app from 185.186.146.131
May  5 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: input_userauth_request: invalid user app [preauth]
May  5 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Failed password for invalid user app from 185.186.146.131 port 60544 ssh2
May  5 19:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Connection closed by 185.186.146.131 port 60544 [preauth]
May  5 19:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Invalid user tools from 185.186.146.131
May  5 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: input_userauth_request: invalid user tools [preauth]
May  5 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Failed password for invalid user tools from 185.186.146.131 port 53730 ssh2
May  5 19:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13696]: Connection closed by 185.186.146.131 port 53730 [preauth]
May  5 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Invalid user lighthouse from 185.186.146.131
May  5 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: input_userauth_request: invalid user lighthouse [preauth]
May  5 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Failed password for invalid user lighthouse from 185.186.146.131 port 53750 ssh2
May  5 19:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Connection closed by 185.186.146.131 port 53750 [preauth]
May  5 19:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: User mysql from 185.186.146.131 not allowed because not listed in AllowUsers
May  5 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: input_userauth_request: invalid user mysql [preauth]
May  5 19:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=mysql
May  5 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Failed password for invalid user mysql from 185.186.146.131 port 58232 ssh2
May  5 19:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Connection closed by 185.186.146.131 port 58232 [preauth]
May  5 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session closed for user p13x
May  5 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: Successful su for rubyman by root
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: + ??? root:rubyman
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335657 of user rubyman.
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13798]: pam_unix(su:session): session closed for user rubyman
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335657.
May  5 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: Failed password for root from 185.186.146.131 port 58238 ssh2
May  5 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13797]: Connection closed by 185.186.146.131 port 58238 [preauth]
May  5 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session closed for user root
May  5 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session closed for user samftp
May  5 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Invalid user gpadmin from 185.186.146.131
May  5 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: input_userauth_request: invalid user gpadmin [preauth]
May  5 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Failed password for invalid user gpadmin from 185.186.146.131 port 41924 ssh2
May  5 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Connection closed by 185.186.146.131 port 41924 [preauth]
May  5 19:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Invalid user oracle from 185.186.146.131
May  5 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user oracle [preauth]
May  5 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user oracle from 185.186.146.131 port 41930 ssh2
May  5 19:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 185.186.146.131 port 41930 [preauth]
May  5 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: Failed password for root from 185.186.146.131 port 41880 ssh2
May  5 19:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14019]: Connection closed by 185.186.146.131 port 41880 [preauth]
May  5 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Invalid user www from 185.186.146.131
May  5 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: input_userauth_request: invalid user www [preauth]
May  5 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Failed password for invalid user www from 185.186.146.131 port 41890 ssh2
May  5 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14030]: Connection closed by 185.186.146.131 port 41890 [preauth]
May  5 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Invalid user jarservice from 85.18.236.229
May  5 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: input_userauth_request: invalid user jarservice [preauth]
May  5 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229
May  5 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user jarservice from 85.18.236.229 port 60458 ssh2
May  5 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Received disconnect from 85.18.236.229 port 60458:11: Bye Bye [preauth]
May  5 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Disconnected from 85.18.236.229 port 60458 [preauth]
May  5 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Failed password for root from 185.186.146.131 port 34772 ssh2
May  5 19:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14055]: Connection closed by 185.186.146.131 port 34772 [preauth]
May  5 19:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: Invalid user oscar from 185.186.146.131
May  5 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: input_userauth_request: invalid user oscar [preauth]
May  5 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session closed for user root
May  5 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: Failed password for invalid user oscar from 185.186.146.131 port 34778 ssh2
May  5 19:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14074]: Connection closed by 185.186.146.131 port 34778 [preauth]
May  5 19:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Invalid user test from 185.186.146.131
May  5 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: input_userauth_request: invalid user test [preauth]
May  5 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Failed password for invalid user test from 185.186.146.131 port 59672 ssh2
May  5 19:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Connection closed by 185.186.146.131 port 59672 [preauth]
May  5 19:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: Invalid user admin from 185.186.146.131
May  5 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: input_userauth_request: invalid user admin [preauth]
May  5 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: Failed password for invalid user admin from 185.186.146.131 port 59688 ssh2
May  5 19:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14142]: Connection closed by 185.186.146.131 port 59688 [preauth]
May  5 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: Failed password for root from 185.186.146.131 port 55532 ssh2
May  5 19:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14158]: Connection closed by 185.186.146.131 port 55532 [preauth]
May  5 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: Invalid user app from 185.186.146.131
May  5 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: input_userauth_request: invalid user app [preauth]
May  5 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: Failed password for invalid user app from 185.186.146.131 port 55548 ssh2
May  5 19:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: Connection closed by 185.186.146.131 port 55548 [preauth]
May  5 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Invalid user elastic from 185.186.146.131
May  5 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: input_userauth_request: invalid user elastic [preauth]
May  5 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Failed password for invalid user elastic from 185.186.146.131 port 42518 ssh2
May  5 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14180]: Connection closed by 185.186.146.131 port 42518 [preauth]
May  5 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session closed for user p13x
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14254]: Successful su for rubyman by root
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14254]: + ??? root:rubyman
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335664 of user rubyman.
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14254]: pam_unix(su:session): session closed for user rubyman
May  5 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335664.
May  5 19:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11403]: pam_unix(cron:session): session closed for user root
May  5 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Failed password for root from 185.186.146.131 port 42524 ssh2
May  5 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Connection closed by 185.186.146.131 port 42524 [preauth]
May  5 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14193]: pam_unix(cron:session): session closed for user samftp
May  5 19:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: Invalid user guest from 185.186.146.131
May  5 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: input_userauth_request: invalid user guest [preauth]
May  5 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: Failed password for invalid user guest from 185.186.146.131 port 57788 ssh2
May  5 19:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14440]: Connection closed by 185.186.146.131 port 57788 [preauth]
May  5 19:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14453]: Failed password for root from 185.186.146.131 port 57790 ssh2
May  5 19:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14453]: Connection closed by 185.186.146.131 port 57790 [preauth]
May  5 19:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Invalid user sonar from 185.186.146.131
May  5 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: input_userauth_request: invalid user sonar [preauth]
May  5 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Failed password for invalid user sonar from 185.186.146.131 port 39710 ssh2
May  5 19:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14474]: Connection closed by 185.186.146.131 port 39710 [preauth]
May  5 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Invalid user jumpserver from 185.186.146.131
May  5 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: input_userauth_request: invalid user jumpserver [preauth]
May  5 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Failed password for invalid user jumpserver from 185.186.146.131 port 39718 ssh2
May  5 19:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Connection closed by 185.186.146.131 port 39718 [preauth]
May  5 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: Invalid user tom from 185.186.146.131
May  5 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: input_userauth_request: invalid user tom [preauth]
May  5 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: Failed password for invalid user tom from 185.186.146.131 port 47630 ssh2
May  5 19:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14512]: Connection closed by 185.186.146.131 port 47630 [preauth]
May  5 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session closed for user root
May  5 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: Failed password for root from 185.186.146.131 port 47634 ssh2
May  5 19:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14544]: Connection closed by 185.186.146.131 port 47634 [preauth]
May  5 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: Invalid user git from 185.186.146.131
May  5 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: input_userauth_request: invalid user git [preauth]
May  5 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: Failed password for invalid user git from 185.186.146.131 port 34964 ssh2
May  5 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14570]: Connection closed by 185.186.146.131 port 34964 [preauth]
May  5 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Invalid user ranger from 185.186.146.131
May  5 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: input_userauth_request: invalid user ranger [preauth]
May  5 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Failed password for invalid user ranger from 185.186.146.131 port 34968 ssh2
May  5 19:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Connection closed by 185.186.146.131 port 34968 [preauth]
May  5 19:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: Failed password for root from 185.186.146.131 port 53334 ssh2
May  5 19:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: Connection closed by 185.186.146.131 port 53334 [preauth]
May  5 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Invalid user appuser from 185.186.146.131
May  5 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: input_userauth_request: invalid user appuser [preauth]
May  5 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Failed password for invalid user appuser from 185.186.146.131 port 53344 ssh2
May  5 19:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14622]: Connection closed by 185.186.146.131 port 53344 [preauth]
May  5 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Invalid user tom from 185.186.146.131
May  5 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: input_userauth_request: invalid user tom [preauth]
May  5 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14638]: pam_unix(cron:session): session closed for user p13x
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: Successful su for rubyman by root
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: + ??? root:rubyman
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335667 of user rubyman.
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session closed for user rubyman
May  5 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335667.
May  5 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Failed password for invalid user tom from 185.186.146.131 port 33938 ssh2
May  5 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Connection closed by 185.186.146.131 port 33938 [preauth]
May  5 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11818]: pam_unix(cron:session): session closed for user root
May  5 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session closed for user samftp
May  5 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14848]: Failed password for root from 185.186.146.131 port 33940 ssh2
May  5 19:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14848]: Connection closed by 185.186.146.131 port 33940 [preauth]
May  5 19:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Invalid user ubuntu from 185.186.146.131
May  5 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: input_userauth_request: invalid user ubuntu [preauth]
May  5 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user ubuntu from 185.186.146.131 port 56444 ssh2
May  5 19:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Connection closed by 185.186.146.131 port 56444 [preauth]
May  5 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Invalid user elsearch from 185.186.146.131
May  5 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: input_userauth_request: invalid user elsearch [preauth]
May  5 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Failed password for invalid user elsearch from 185.186.146.131 port 56460 ssh2
May  5 19:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Connection closed by 185.186.146.131 port 56460 [preauth]
May  5 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: Invalid user nginx from 185.186.146.131
May  5 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: input_userauth_request: invalid user nginx [preauth]
May  5 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: Failed password for invalid user nginx from 185.186.146.131 port 39292 ssh2
May  5 19:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14935]: Connection closed by 185.186.146.131 port 39292 [preauth]
May  5 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Invalid user rancher from 185.186.146.131
May  5 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: input_userauth_request: invalid user rancher [preauth]
May  5 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for invalid user rancher from 185.186.146.131 port 59794 ssh2
May  5 19:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 185.186.146.131 port 59794 [preauth]
May  5 19:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Failed password for root from 185.186.146.131 port 59802 ssh2
May  5 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14970]: Connection closed by 185.186.146.131 port 59802 [preauth]
May  5 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13736]: pam_unix(cron:session): session closed for user root
May  5 19:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Invalid user rancher from 185.186.146.131
May  5 19:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: input_userauth_request: invalid user rancher [preauth]
May  5 19:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Failed password for invalid user rancher from 185.186.146.131 port 60998 ssh2
May  5 19:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Connection closed by 185.186.146.131 port 60998 [preauth]
May  5 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: Invalid user es from 185.186.146.131
May  5 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: input_userauth_request: invalid user es [preauth]
May  5 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: Failed password for invalid user es from 185.186.146.131 port 32768 ssh2
May  5 19:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: Connection closed by 185.186.146.131 port 32768 [preauth]
May  5 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Failed password for root from 185.186.146.131 port 57158 ssh2
May  5 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Connection closed by 185.186.146.131 port 57158 [preauth]
May  5 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Invalid user user from 185.186.146.131
May  5 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: input_userauth_request: invalid user user [preauth]
May  5 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Failed password for invalid user user from 185.186.146.131 port 57168 ssh2
May  5 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Connection closed by 185.186.146.131 port 57168 [preauth]
May  5 19:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Invalid user fort from 103.26.136.173
May  5 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: input_userauth_request: invalid user fort [preauth]
May  5 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Failed password for invalid user fort from 103.26.136.173 port 45998 ssh2
May  5 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Failed password for root from 185.186.146.131 port 46892 ssh2
May  5 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15059]: Connection closed by 185.186.146.131 port 46892 [preauth]
May  5 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Received disconnect from 103.26.136.173 port 45998:11: Bye Bye [preauth]
May  5 19:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15049]: Disconnected from 103.26.136.173 port 45998 [preauth]
May  5 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15078]: pam_unix(cron:session): session closed for user root
May  5 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session closed for user p13x
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Invalid user uftp from 185.186.146.131
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: input_userauth_request: invalid user uftp [preauth]
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: Successful su for rubyman by root
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: + ??? root:rubyman
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335672 of user rubyman.
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15141]: pam_unix(su:session): session closed for user rubyman
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335672.
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for root from 218.92.0.179 port 32906 ssh2
May  5 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Failed password for invalid user uftp from 185.186.146.131 port 46896 ssh2
May  5 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15071]: Connection closed by 185.186.146.131 port 46896 [preauth]
May  5 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15075]: pam_unix(cron:session): session closed for user root
May  5 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for root from 218.92.0.179 port 32906 ssh2
May  5 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12222]: pam_unix(cron:session): session closed for user root
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15074]: pam_unix(cron:session): session closed for user samftp
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for root from 218.92.0.179 port 32906 ssh2
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Received disconnect from 218.92.0.179 port 32906:11:  [preauth]
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Disconnected from 218.92.0.179 port 32906 [preauth]
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: Invalid user data from 185.186.146.131
May  5 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: input_userauth_request: invalid user data [preauth]
May  5 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: Failed password for invalid user data from 185.186.146.131 port 38556 ssh2
May  5 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15348]: Connection closed by 185.186.146.131 port 38556 [preauth]
May  5 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Invalid user bigdata from 185.186.146.131
May  5 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: input_userauth_request: invalid user bigdata [preauth]
May  5 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Failed password for invalid user bigdata from 185.186.146.131 port 38562 ssh2
May  5 19:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Connection closed by 185.186.146.131 port 38562 [preauth]
May  5 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Invalid user oracle from 185.186.146.131
May  5 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: input_userauth_request: invalid user oracle [preauth]
May  5 19:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Failed password for invalid user oracle from 185.186.146.131 port 43840 ssh2
May  5 19:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Connection closed by 185.186.146.131 port 43840 [preauth]
May  5 19:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Invalid user plex from 185.186.146.131
May  5 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: input_userauth_request: invalid user plex [preauth]
May  5 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Failed password for invalid user plex from 185.186.146.131 port 43844 ssh2
May  5 19:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15390]: Connection closed by 185.186.146.131 port 43844 [preauth]
May  5 19:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Invalid user steam from 185.186.146.131
May  5 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: input_userauth_request: invalid user steam [preauth]
May  5 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Failed password for invalid user steam from 185.186.146.131 port 47892 ssh2
May  5 19:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Connection closed by 185.186.146.131 port 47892 [preauth]
May  5 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Invalid user esuser from 185.186.146.131
May  5 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: input_userauth_request: invalid user esuser [preauth]
May  5 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user root
May  5 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Failed password for invalid user esuser from 185.186.146.131 port 47902 ssh2
May  5 19:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Connection closed by 185.186.146.131 port 47902 [preauth]
May  5 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Invalid user observer from 185.186.146.131
May  5 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: input_userauth_request: invalid user observer [preauth]
May  5 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Failed password for invalid user observer from 185.186.146.131 port 42098 ssh2
May  5 19:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15447]: Connection closed by 185.186.146.131 port 42098 [preauth]
May  5 19:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Invalid user docker from 185.186.146.131
May  5 19:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: input_userauth_request: invalid user docker [preauth]
May  5 19:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Failed password for invalid user docker from 185.186.146.131 port 42108 ssh2
May  5 19:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Connection closed by 185.186.146.131 port 42108 [preauth]
May  5 19:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Invalid user user from 185.186.146.131
May  5 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: input_userauth_request: invalid user user [preauth]
May  5 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Failed password for invalid user user from 185.186.146.131 port 60186 ssh2
May  5 19:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15483]: Connection closed by 185.186.146.131 port 60186 [preauth]
May  5 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: Invalid user elastic from 185.186.146.131
May  5 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: input_userauth_request: invalid user elastic [preauth]
May  5 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: Failed password for invalid user elastic from 185.186.146.131 port 60198 ssh2
May  5 19:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15494]: Connection closed by 185.186.146.131 port 60198 [preauth]
May  5 19:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Invalid user oracle from 185.186.146.131
May  5 19:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: input_userauth_request: invalid user oracle [preauth]
May  5 19:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15517]: pam_unix(cron:session): session closed for user p13x
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: Successful su for rubyman by root
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: + ??? root:rubyman
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335676 of user rubyman.
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: pam_unix(su:session): session closed for user rubyman
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335676.
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Failed password for invalid user oracle from 185.186.146.131 port 48704 ssh2
May  5 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Connection closed by 185.186.146.131 port 48704 [preauth]
May  5 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Invalid user postgres from 185.186.146.131
May  5 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: input_userauth_request: invalid user postgres [preauth]
May  5 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session closed for user root
May  5 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15518]: pam_unix(cron:session): session closed for user samftp
May  5 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Failed password for invalid user postgres from 185.186.146.131 port 48716 ssh2
May  5 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Connection closed by 185.186.146.131 port 48716 [preauth]
May  5 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Invalid user ts from 185.186.146.131
May  5 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: input_userauth_request: invalid user ts [preauth]
May  5 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Failed password for invalid user ts from 185.186.146.131 port 43576 ssh2
May  5 19:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Connection closed by 185.186.146.131 port 43576 [preauth]
May  5 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Failed password for root from 185.186.146.131 port 43592 ssh2
May  5 19:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15794]: Connection closed by 185.186.146.131 port 43592 [preauth]
May  5 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Invalid user ftpuser from 185.186.146.131
May  5 19:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: input_userauth_request: invalid user ftpuser [preauth]
May  5 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Failed password for invalid user ftpuser from 185.186.146.131 port 48276 ssh2
May  5 19:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Connection closed by 185.186.146.131 port 48276 [preauth]
May  5 19:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 19:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Invalid user test from 185.186.146.131
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: input_userauth_request: invalid user test [preauth]
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Failed password for root from 206.189.230.76 port 33988 ssh2
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Received disconnect from 206.189.230.76 port 33988:11: Bye Bye [preauth]
May  5 19:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Disconnected from 206.189.230.76 port 33988 [preauth]
May  5 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Failed password for invalid user test from 185.186.146.131 port 48280 ssh2
May  5 19:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15830]: Connection closed by 185.186.146.131 port 48280 [preauth]
May  5 19:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Invalid user gitlab from 185.186.146.131
May  5 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: input_userauth_request: invalid user gitlab [preauth]
May  5 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for root from 218.92.0.179 port 43075 ssh2
May  5 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Failed password for invalid user gitlab from 185.186.146.131 port 49368 ssh2
May  5 19:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Connection closed by 185.186.146.131 port 49368 [preauth]
May  5 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for root from 218.92.0.179 port 43075 ssh2
May  5 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user root
May  5 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for root from 218.92.0.179 port 43075 ssh2
May  5 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Received disconnect from 218.92.0.179 port 43075:11:  [preauth]
May  5 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Disconnected from 218.92.0.179 port 43075 [preauth]
May  5 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Invalid user guest from 185.186.146.131
May  5 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: input_userauth_request: invalid user guest [preauth]
May  5 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Failed password for invalid user guest from 185.186.146.131 port 49374 ssh2
May  5 19:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Connection closed by 185.186.146.131 port 49374 [preauth]
May  5 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: Invalid user worker from 185.186.146.131
May  5 19:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: input_userauth_request: invalid user worker [preauth]
May  5 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: Failed password for invalid user worker from 185.186.146.131 port 60050 ssh2
May  5 19:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15884]: Connection closed by 185.186.146.131 port 60050 [preauth]
May  5 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Invalid user flask from 185.186.146.131
May  5 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: input_userauth_request: invalid user flask [preauth]
May  5 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Failed password for invalid user flask from 185.186.146.131 port 42592 ssh2
May  5 19:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15908]: Connection closed by 185.186.146.131 port 42592 [preauth]
May  5 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Failed password for root from 221.161.235.168 port 43016 ssh2
May  5 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Received disconnect from 221.161.235.168 port 43016:11: Bye Bye [preauth]
May  5 19:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15911]: Disconnected from 221.161.235.168 port 43016 [preauth]
May  5 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Invalid user gpuadmin from 185.186.146.131
May  5 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: input_userauth_request: invalid user gpuadmin [preauth]
May  5 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Failed password for invalid user gpuadmin from 185.186.146.131 port 42596 ssh2
May  5 19:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Connection closed by 185.186.146.131 port 42596 [preauth]
May  5 19:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Invalid user zabbix from 185.186.146.131
May  5 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: input_userauth_request: invalid user zabbix [preauth]
May  5 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Failed password for invalid user zabbix from 185.186.146.131 port 52392 ssh2
May  5 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Connection closed by 185.186.146.131 port 52392 [preauth]
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15948]: pam_unix(cron:session): session closed for user root
May  5 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15950]: pam_unix(cron:session): session closed for user p13x
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: Successful su for rubyman by root
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: + ??? root:rubyman
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335680 of user rubyman.
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session closed for user rubyman
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335680.
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.18.236.229  user=root
May  5 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: Failed password for root from 185.186.146.131 port 52404 ssh2
May  5 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15947]: Connection closed by 185.186.146.131 port 52404 [preauth]
May  5 19:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Failed password for root from 85.18.236.229 port 40292 ssh2
May  5 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Received disconnect from 85.18.236.229 port 40292:11: Bye Bye [preauth]
May  5 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15945]: Disconnected from 85.18.236.229 port 40292 [preauth]
May  5 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user root
May  5 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15951]: pam_unix(cron:session): session closed for user samftp
May  5 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Invalid user flask from 185.186.146.131
May  5 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: input_userauth_request: invalid user flask [preauth]
May  5 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Failed password for invalid user flask from 185.186.146.131 port 48222 ssh2
May  5 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16188]: Connection closed by 185.186.146.131 port 48222 [preauth]
May  5 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Invalid user gitlab from 185.186.146.131
May  5 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: input_userauth_request: invalid user gitlab [preauth]
May  5 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Failed password for invalid user gitlab from 185.186.146.131 port 48224 ssh2
May  5 19:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16199]: Connection closed by 185.186.146.131 port 48224 [preauth]
May  5 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Invalid user testuser from 185.186.146.131
May  5 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: input_userauth_request: invalid user testuser [preauth]
May  5 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Failed password for invalid user testuser from 185.186.146.131 port 53646 ssh2
May  5 19:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Connection closed by 185.186.146.131 port 53646 [preauth]
May  5 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Invalid user postgres from 185.186.146.131
May  5 19:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: input_userauth_request: invalid user postgres [preauth]
May  5 19:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Failed password for invalid user postgres from 185.186.146.131 port 53660 ssh2
May  5 19:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16233]: Connection closed by 185.186.146.131 port 53660 [preauth]
May  5 19:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Invalid user jenkins from 185.186.146.131
May  5 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: input_userauth_request: invalid user jenkins [preauth]
May  5 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Failed password for invalid user jenkins from 185.186.146.131 port 41412 ssh2
May  5 19:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16256]: Connection closed by 185.186.146.131 port 41412 [preauth]
May  5 19:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15077]: pam_unix(cron:session): session closed for user root
May  5 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Failed password for root from 185.186.146.131 port 41424 ssh2
May  5 19:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Connection closed by 185.186.146.131 port 41424 [preauth]
May  5 19:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: Invalid user admin from 185.186.146.131
May  5 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: input_userauth_request: invalid user admin [preauth]
May  5 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: Failed password for invalid user admin from 185.186.146.131 port 48266 ssh2
May  5 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16296]: Connection closed by 185.186.146.131 port 48266 [preauth]
May  5 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Invalid user weblogic from 185.186.146.131
May  5 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: input_userauth_request: invalid user weblogic [preauth]
May  5 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Failed password for invalid user weblogic from 185.186.146.131 port 48282 ssh2
May  5 19:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16313]: Connection closed by 185.186.146.131 port 48282 [preauth]
May  5 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Invalid user centos from 185.186.146.131
May  5 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: input_userauth_request: invalid user centos [preauth]
May  5 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39  user=root
May  5 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for invalid user centos from 185.186.146.131 port 47902 ssh2
May  5 19:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Connection closed by 185.186.146.131 port 47902 [preauth]
May  5 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Failed password for root from 96.78.175.39 port 34654 ssh2
May  5 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Received disconnect from 96.78.175.39 port 34654:11: Bye Bye [preauth]
May  5 19:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16330]: Disconnected from 96.78.175.39 port 34654 [preauth]
May  5 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Invalid user steam from 185.186.146.131
May  5 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: input_userauth_request: invalid user steam [preauth]
May  5 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Failed password for root from 164.68.105.9 port 58142 ssh2
May  5 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Connection closed by 164.68.105.9 port 58142 [preauth]
May  5 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Failed password for invalid user steam from 185.186.146.131 port 47918 ssh2
May  5 19:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16342]: Connection closed by 185.186.146.131 port 47918 [preauth]
May  5 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Invalid user test from 185.186.146.131
May  5 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: input_userauth_request: invalid user test [preauth]
May  5 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Failed password for invalid user test from 185.186.146.131 port 48446 ssh2
May  5 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Connection closed by 185.186.146.131 port 48446 [preauth]
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16355]: pam_unix(cron:session): session closed for user p13x
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: Successful su for rubyman by root
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: + ??? root:rubyman
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335686 of user rubyman.
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16414]: pam_unix(su:session): session closed for user rubyman
May  5 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335686.
May  5 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: Invalid user test from 185.186.146.131
May  5 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: input_userauth_request: invalid user test [preauth]
May  5 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13734]: pam_unix(cron:session): session closed for user root
May  5 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16356]: pam_unix(cron:session): session closed for user samftp
May  5 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: Failed password for invalid user test from 185.186.146.131 port 48452 ssh2
May  5 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16565]: Connection closed by 185.186.146.131 port 48452 [preauth]
May  5 19:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Failed password for root from 185.186.146.131 port 40442 ssh2
May  5 19:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16669]: Connection closed by 185.186.146.131 port 40442 [preauth]
May  5 19:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Invalid user centos from 185.186.146.131
May  5 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: input_userauth_request: invalid user centos [preauth]
May  5 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Failed password for invalid user centos from 185.186.146.131 port 40444 ssh2
May  5 19:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Connection closed by 185.186.146.131 port 40444 [preauth]
May  5 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: Invalid user tomcat from 185.186.146.131
May  5 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: input_userauth_request: invalid user tomcat [preauth]
May  5 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: Failed password for invalid user tomcat from 185.186.146.131 port 41368 ssh2
May  5 19:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16704]: Connection closed by 185.186.146.131 port 41368 [preauth]
May  5 19:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: User mysql from 185.186.146.131 not allowed because not listed in AllowUsers
May  5 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: input_userauth_request: invalid user mysql [preauth]
May  5 19:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=mysql
May  5 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Failed password for invalid user mysql from 185.186.146.131 port 41382 ssh2
May  5 19:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16729]: Connection closed by 185.186.146.131 port 41382 [preauth]
May  5 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15520]: pam_unix(cron:session): session closed for user root
May  5 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Failed password for root from 185.186.146.131 port 43184 ssh2
May  5 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16741]: Connection closed by 185.186.146.131 port 43184 [preauth]
May  5 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Failed password for root from 185.186.146.131 port 42384 ssh2
May  5 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16771]: Connection closed by 185.186.146.131 port 42384 [preauth]
May  5 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Invalid user zabbix from 185.186.146.131
May  5 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: input_userauth_request: invalid user zabbix [preauth]
May  5 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Failed password for invalid user zabbix from 185.186.146.131 port 42392 ssh2
May  5 19:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16783]: Connection closed by 185.186.146.131 port 42392 [preauth]
May  5 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Invalid user kubernetes from 185.186.146.131
May  5 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: input_userauth_request: invalid user kubernetes [preauth]
May  5 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Failed password for invalid user kubernetes from 185.186.146.131 port 40658 ssh2
May  5 19:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16806]: Connection closed by 185.186.146.131 port 40658 [preauth]
May  5 19:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: Invalid user observer from 185.186.146.131
May  5 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: input_userauth_request: invalid user observer [preauth]
May  5 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: Failed password for invalid user observer from 185.186.146.131 port 40666 ssh2
May  5 19:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: Connection closed by 185.186.146.131 port 40666 [preauth]
May  5 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Invalid user hadoop from 185.186.146.131
May  5 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: input_userauth_request: invalid user hadoop [preauth]
May  5 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Failed password for invalid user hadoop from 185.186.146.131 port 47388 ssh2
May  5 19:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16825]: Connection closed by 185.186.146.131 port 47388 [preauth]
May  5 19:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Invalid user bot from 185.186.146.131
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: input_userauth_request: invalid user bot [preauth]
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16841]: pam_unix(cron:session): session closed for user p13x
May  5 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16920]: Successful su for rubyman by root
May  5 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16920]: + ??? root:rubyman
May  5 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335690 of user rubyman.
May  5 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16920]: pam_unix(su:session): session closed for user rubyman
May  5 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335690.
May  5 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Failed password for invalid user bot from 185.186.146.131 port 47392 ssh2
May  5 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Connection closed by 185.186.146.131 port 47392 [preauth]
May  5 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user root
May  5 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Invalid user debianuser from 185.186.146.131
May  5 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: input_userauth_request: invalid user debianuser [preauth]
May  5 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16842]: pam_unix(cron:session): session closed for user samftp
May  5 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Failed password for invalid user debianuser from 185.186.146.131 port 55414 ssh2
May  5 19:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Connection closed by 185.186.146.131 port 55414 [preauth]
May  5 19:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Invalid user ranger from 185.186.146.131
May  5 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: input_userauth_request: invalid user ranger [preauth]
May  5 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Failed password for invalid user ranger from 185.186.146.131 port 55420 ssh2
May  5 19:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Connection closed by 185.186.146.131 port 55420 [preauth]
May  5 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: Invalid user oracle from 185.186.146.131
May  5 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: input_userauth_request: invalid user oracle [preauth]
May  5 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: Failed password for invalid user oracle from 185.186.146.131 port 33766 ssh2
May  5 19:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17144]: Connection closed by 185.186.146.131 port 33766 [preauth]
May  5 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: User ftp from 185.186.146.131 not allowed because not listed in AllowUsers
May  5 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: input_userauth_request: invalid user ftp [preauth]
May  5 19:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=ftp
May  5 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Failed password for invalid user ftp from 185.186.146.131 port 33770 ssh2
May  5 19:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Connection closed by 185.186.146.131 port 33770 [preauth]
May  5 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Invalid user elastic from 185.186.146.131
May  5 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: input_userauth_request: invalid user elastic [preauth]
May  5 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Failed password for invalid user elastic from 185.186.146.131 port 56346 ssh2
May  5 19:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Connection closed by 185.186.146.131 port 56346 [preauth]
May  5 19:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session closed for user root
May  5 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for root from 185.186.146.131 port 56358 ssh2
May  5 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 185.186.146.131 port 56358 [preauth]
May  5 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Invalid user admin from 185.186.146.131
May  5 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: input_userauth_request: invalid user admin [preauth]
May  5 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Failed password for invalid user admin from 185.186.146.131 port 51200 ssh2
May  5 19:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17220]: Connection closed by 185.186.146.131 port 51200 [preauth]
May  5 19:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: Invalid user default from 185.186.146.131
May  5 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: input_userauth_request: invalid user default [preauth]
May  5 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: Failed password for invalid user default from 185.186.146.131 port 51202 ssh2
May  5 19:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: Connection closed by 185.186.146.131 port 51202 [preauth]
May  5 19:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Invalid user tomcat from 185.186.146.131
May  5 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: input_userauth_request: invalid user tomcat [preauth]
May  5 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Failed password for invalid user tomcat from 185.186.146.131 port 60462 ssh2
May  5 19:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17255]: Connection closed by 185.186.146.131 port 60462 [preauth]
May  5 19:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Invalid user gitlab from 185.186.146.131
May  5 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: input_userauth_request: invalid user gitlab [preauth]
May  5 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Failed password for invalid user gitlab from 185.186.146.131 port 60466 ssh2
May  5 19:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17266]: Connection closed by 185.186.146.131 port 60466 [preauth]
May  5 19:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17278]: Failed password for root from 185.186.146.131 port 56184 ssh2
May  5 19:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17278]: Connection closed by 185.186.146.131 port 56184 [preauth]
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
May  5 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17292]: pam_unix(cron:session): session closed for user p13x
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17359]: Successful su for rubyman by root
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17359]: + ??? root:rubyman
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335694 of user rubyman.
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17359]: pam_unix(su:session): session closed for user rubyman
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335694.
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Invalid user hadoop from 185.186.146.131
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: input_userauth_request: invalid user hadoop [preauth]
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user root
May  5 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session closed for user root
May  5 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Failed password for invalid user hadoop from 185.186.146.131 port 56198 ssh2
May  5 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17371]: Connection closed by 185.186.146.131 port 56198 [preauth]
May  5 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17293]: pam_unix(cron:session): session closed for user samftp
May  5 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: Invalid user tools from 185.186.146.131
May  5 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: input_userauth_request: invalid user tools [preauth]
May  5 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: Failed password for invalid user tools from 185.186.146.131 port 54470 ssh2
May  5 19:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17584]: Connection closed by 185.186.146.131 port 54470 [preauth]
May  5 19:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Invalid user admin from 185.186.146.131
May  5 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: input_userauth_request: invalid user admin [preauth]
May  5 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Failed password for invalid user admin from 185.186.146.131 port 54478 ssh2
May  5 19:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Connection closed by 185.186.146.131 port 54478 [preauth]
May  5 19:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Invalid user www from 185.186.146.131
May  5 19:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: input_userauth_request: invalid user www [preauth]
May  5 19:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Failed password for invalid user www from 185.186.146.131 port 37632 ssh2
May  5 19:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17618]: Connection closed by 185.186.146.131 port 37632 [preauth]
May  5 19:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Failed password for root from 185.186.146.131 port 37646 ssh2
May  5 19:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17628]: Connection closed by 185.186.146.131 port 37646 [preauth]
May  5 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17656]: Failed password for root from 185.186.146.131 port 38632 ssh2
May  5 19:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17656]: Connection closed by 185.186.146.131 port 38632 [preauth]
May  5 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Invalid user es from 185.186.146.131
May  5 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: input_userauth_request: invalid user es [preauth]
May  5 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16358]: pam_unix(cron:session): session closed for user root
May  5 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Invalid user admin from 80.94.95.112
May  5 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: input_userauth_request: invalid user admin [preauth]
May  5 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Failed password for invalid user es from 185.186.146.131 port 38636 ssh2
May  5 19:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Connection closed by 185.186.146.131 port 38636 [preauth]
May  5 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Failed password for invalid user admin from 80.94.95.112 port 25968 ssh2
May  5 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Failed password for invalid user admin from 80.94.95.112 port 25968 ssh2
May  5 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: Failed password for root from 185.186.146.131 port 52438 ssh2
May  5 19:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17702]: Connection closed by 185.186.146.131 port 52438 [preauth]
May  5 19:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Failed password for invalid user admin from 80.94.95.112 port 25968 ssh2
May  5 19:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Failed password for invalid user admin from 80.94.95.112 port 25968 ssh2
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Invalid user oracle from 185.186.146.131
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: input_userauth_request: invalid user oracle [preauth]
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Failed password for invalid user admin from 80.94.95.112 port 25968 ssh2
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Received disconnect from 80.94.95.112 port 25968:11: Bye [preauth]
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: Disconnected from 80.94.95.112 port 25968 [preauth]
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17691]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: Invalid user ding from 46.244.96.25
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: input_userauth_request: invalid user ding [preauth]
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Failed password for invalid user oracle from 185.186.146.131 port 52440 ssh2
May  5 19:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Connection closed by 185.186.146.131 port 52440 [preauth]
May  5 19:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: Failed password for invalid user ding from 46.244.96.25 port 60380 ssh2
May  5 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17727]: Connection closed by 46.244.96.25 port 60380 [preauth]
May  5 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Invalid user uftp from 185.186.146.131
May  5 19:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: input_userauth_request: invalid user uftp [preauth]
May  5 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Failed password for invalid user uftp from 185.186.146.131 port 34716 ssh2
May  5 19:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17738]: Connection closed by 185.186.146.131 port 34716 [preauth]
May  5 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Invalid user flink from 185.186.146.131
May  5 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: input_userauth_request: invalid user flink [preauth]
May  5 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for invalid user flink from 185.186.146.131 port 34720 ssh2
May  5 19:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Connection closed by 185.186.146.131 port 34720 [preauth]
May  5 19:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Invalid user gitlab-runner from 185.186.146.131
May  5 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17782]: pam_unix(cron:session): session closed for user p13x
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: Successful su for rubyman by root
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: + ??? root:rubyman
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335698 of user rubyman.
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session closed for user rubyman
May  5 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335698.
May  5 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for invalid user gitlab-runner from 185.186.146.131 port 42680 ssh2
May  5 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 185.186.146.131 port 42680 [preauth]
May  5 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Invalid user es from 185.186.146.131
May  5 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: input_userauth_request: invalid user es [preauth]
May  5 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15076]: pam_unix(cron:session): session closed for user root
May  5 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session closed for user samftp
May  5 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Failed password for invalid user es from 185.186.146.131 port 42696 ssh2
May  5 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18103]: Connection closed by 185.186.146.131 port 42696 [preauth]
May  5 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: Invalid user oracle from 185.186.146.131
May  5 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: input_userauth_request: invalid user oracle [preauth]
May  5 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: Failed password for invalid user oracle from 185.186.146.131 port 55324 ssh2
May  5 19:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18153]: Connection closed by 185.186.146.131 port 55324 [preauth]
May  5 19:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: Invalid user ubnt from 185.186.146.131
May  5 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: input_userauth_request: invalid user ubnt [preauth]
May  5 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: Failed password for invalid user ubnt from 185.186.146.131 port 55340 ssh2
May  5 19:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18177]: Connection closed by 185.186.146.131 port 55340 [preauth]
May  5 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Invalid user nvidia from 185.186.146.131
May  5 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: input_userauth_request: invalid user nvidia [preauth]
May  5 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user nvidia from 185.186.146.131 port 41598 ssh2
May  5 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Connection closed by 185.186.146.131 port 41598 [preauth]
May  5 19:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: Failed password for root from 185.186.146.131 port 41610 ssh2
May  5 19:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18210]: Connection closed by 185.186.146.131 port 41610 [preauth]
May  5 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18221]: Failed password for root from 185.186.146.131 port 49826 ssh2
May  5 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18221]: Connection closed by 185.186.146.131 port 49826 [preauth]
May  5 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16844]: pam_unix(cron:session): session closed for user root
May  5 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Invalid user developer from 185.186.146.131
May  5 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: input_userauth_request: invalid user developer [preauth]
May  5 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Failed password for invalid user developer from 185.186.146.131 port 47256 ssh2
May  5 19:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Connection closed by 185.186.146.131 port 47256 [preauth]
May  5 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: Failed password for root from 185.186.146.131 port 47268 ssh2
May  5 19:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18261]: Connection closed by 185.186.146.131 port 47268 [preauth]
May  5 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: User ftp from 185.186.146.131 not allowed because not listed in AllowUsers
May  5 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: input_userauth_request: invalid user ftp [preauth]
May  5 19:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=ftp
May  5 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Failed password for invalid user ftp from 185.186.146.131 port 56010 ssh2
May  5 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Connection closed by 185.186.146.131 port 56010 [preauth]
May  5 19:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Invalid user www from 103.26.136.173
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: input_userauth_request: invalid user www [preauth]
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Invalid user mongodb from 185.186.146.131
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: input_userauth_request: invalid user mongodb [preauth]
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Failed password for invalid user www from 103.26.136.173 port 57186 ssh2
May  5 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Received disconnect from 103.26.136.173 port 57186:11: Bye Bye [preauth]
May  5 19:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Disconnected from 103.26.136.173 port 57186 [preauth]
May  5 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Failed password for invalid user mongodb from 185.186.146.131 port 56022 ssh2
May  5 19:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18302]: Connection closed by 185.186.146.131 port 56022 [preauth]
May  5 19:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: Invalid user mongodb from 185.186.146.131
May  5 19:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: input_userauth_request: invalid user mongodb [preauth]
May  5 19:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: Failed password for invalid user mongodb from 185.186.146.131 port 50836 ssh2
May  5 19:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18312]: Connection closed by 185.186.146.131 port 50836 [preauth]
May  5 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user p13x
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18393]: Successful su for rubyman by root
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18393]: + ??? root:rubyman
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335703 of user rubyman.
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18393]: pam_unix(su:session): session closed for user rubyman
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335703.
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: Invalid user app from 185.186.146.131
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: input_userauth_request: invalid user app [preauth]
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: Failed password for invalid user app from 185.186.146.131 port 50840 ssh2
May  5 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15519]: pam_unix(cron:session): session closed for user root
May  5 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18392]: Connection closed by 185.186.146.131 port 50840 [preauth]
May  5 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session closed for user samftp
May  5 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Failed password for root from 185.186.146.131 port 39856 ssh2
May  5 19:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18583]: Connection closed by 185.186.146.131 port 39856 [preauth]
May  5 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: Invalid user www from 185.186.146.131
May  5 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: input_userauth_request: invalid user www [preauth]
May  5 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: Failed password for invalid user www from 185.186.146.131 port 39870 ssh2
May  5 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18593]: Connection closed by 185.186.146.131 port 39870 [preauth]
May  5 19:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Invalid user nn from 221.161.235.168
May  5 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: input_userauth_request: invalid user nn [preauth]
May  5 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 19:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Invalid user sonar from 185.186.146.131
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: input_userauth_request: invalid user sonar [preauth]
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Failed password for invalid user nn from 221.161.235.168 port 51542 ssh2
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Received disconnect from 221.161.235.168 port 51542:11: Bye Bye [preauth]
May  5 19:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18609]: Disconnected from 221.161.235.168 port 51542 [preauth]
May  5 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Failed password for invalid user sonar from 185.186.146.131 port 58206 ssh2
May  5 19:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18611]: Connection closed by 185.186.146.131 port 58206 [preauth]
May  5 19:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183  user=root
May  5 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Invalid user elasticsearch from 185.186.146.131
May  5 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 19:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Failed password for root from 14.103.161.183 port 42420 ssh2
May  5 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Received disconnect from 14.103.161.183 port 42420:11: Bye Bye [preauth]
May  5 19:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18621]: Disconnected from 14.103.161.183 port 42420 [preauth]
May  5 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user elasticsearch from 185.186.146.131 port 58210 ssh2
May  5 19:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Connection closed by 185.186.146.131 port 58210 [preauth]
May  5 19:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Invalid user docker from 185.186.146.131
May  5 19:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: input_userauth_request: invalid user docker [preauth]
May  5 19:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Failed password for invalid user docker from 185.186.146.131 port 55060 ssh2
May  5 19:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18645]: Connection closed by 185.186.146.131 port 55060 [preauth]
May  5 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
May  5 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Failed password for root from 185.186.146.131 port 55064 ssh2
May  5 19:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Connection closed by 185.186.146.131 port 55064 [preauth]
May  5 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Invalid user postgres from 185.186.146.131
May  5 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: input_userauth_request: invalid user postgres [preauth]
May  5 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: Invalid user zhanghua from 96.78.175.39
May  5 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: input_userauth_request: invalid user zhanghua [preauth]
May  5 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 19:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Failed password for invalid user postgres from 185.186.146.131 port 57850 ssh2
May  5 19:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Connection closed by 185.186.146.131 port 57850 [preauth]
May  5 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: Failed password for invalid user zhanghua from 96.78.175.39 port 42190 ssh2
May  5 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: Received disconnect from 96.78.175.39 port 42190:11: Bye Bye [preauth]
May  5 19:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18701]: Disconnected from 96.78.175.39 port 42190 [preauth]
May  5 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: Invalid user dev from 185.186.146.131
May  5 19:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: input_userauth_request: invalid user dev [preauth]
May  5 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: Failed password for invalid user dev from 185.186.146.131 port 57866 ssh2
May  5 19:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18704]: Connection closed by 185.186.146.131 port 57866 [preauth]
May  5 19:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Invalid user guest from 185.186.146.131
May  5 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: input_userauth_request: invalid user guest [preauth]
May  5 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Failed password for invalid user guest from 185.186.146.131 port 38196 ssh2
May  5 19:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Connection closed by 185.186.146.131 port 38196 [preauth]
May  5 19:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Invalid user tomcat from 185.186.146.131
May  5 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: input_userauth_request: invalid user tomcat [preauth]
May  5 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Failed password for invalid user tomcat from 185.186.146.131 port 38214 ssh2
May  5 19:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Connection closed by 185.186.146.131 port 38214 [preauth]
May  5 19:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: Invalid user elsearch from 185.186.146.131
May  5 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: input_userauth_request: invalid user elsearch [preauth]
May  5 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18768]: pam_unix(cron:session): session closed for user p13x
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: Failed password for invalid user elsearch from 185.186.146.131 port 34892 ssh2
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18750]: Connection closed by 185.186.146.131 port 34892 [preauth]
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: Successful su for rubyman by root
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: + ??? root:rubyman
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335707 of user rubyman.
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18833]: pam_unix(su:session): session closed for user rubyman
May  5 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335707.
May  5 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Invalid user git from 185.186.146.131
May  5 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: input_userauth_request: invalid user git [preauth]
May  5 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15952]: pam_unix(cron:session): session closed for user root
May  5 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session closed for user samftp
May  5 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Failed password for invalid user git from 185.186.146.131 port 34896 ssh2
May  5 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18975]: Connection closed by 185.186.146.131 port 34896 [preauth]
May  5 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: Invalid user vagrant from 185.186.146.131
May  5 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: input_userauth_request: invalid user vagrant [preauth]
May  5 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: Failed password for invalid user vagrant from 185.186.146.131 port 37506 ssh2
May  5 19:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19017]: Connection closed by 185.186.146.131 port 37506 [preauth]
May  5 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Invalid user esuser from 185.186.146.131
May  5 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: input_userauth_request: invalid user esuser [preauth]
May  5 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Failed password for invalid user esuser from 185.186.146.131 port 37514 ssh2
May  5 19:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Connection closed by 185.186.146.131 port 37514 [preauth]
May  5 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Invalid user ftpuser from 185.186.146.131
May  5 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: input_userauth_request: invalid user ftpuser [preauth]
May  5 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Failed password for invalid user ftpuser from 185.186.146.131 port 45666 ssh2
May  5 19:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19055]: Connection closed by 185.186.146.131 port 45666 [preauth]
May  5 19:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: Invalid user esuser from 185.186.146.131
May  5 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: input_userauth_request: invalid user esuser [preauth]
May  5 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: Failed password for invalid user esuser from 185.186.146.131 port 45680 ssh2
May  5 19:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19084]: Connection closed by 185.186.146.131 port 45680 [preauth]
May  5 19:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: Invalid user user from 14.103.161.183
May  5 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: input_userauth_request: invalid user user [preauth]
May  5 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: Failed password for invalid user user from 14.103.161.183 port 32976 ssh2
May  5 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Failed password for root from 185.186.146.131 port 40594 ssh2
May  5 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19096]: Connection closed by 185.186.146.131 port 40594 [preauth]
May  5 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: Received disconnect from 14.103.161.183 port 32976:11: Bye Bye [preauth]
May  5 19:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19094]: Disconnected from 14.103.161.183 port 32976 [preauth]
May  5 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17786]: pam_unix(cron:session): session closed for user root
May  5 19:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: Invalid user worker from 185.186.146.131
May  5 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: input_userauth_request: invalid user worker [preauth]
May  5 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: Failed password for invalid user worker from 185.186.146.131 port 56366 ssh2
May  5 19:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19128]: Connection closed by 185.186.146.131 port 56366 [preauth]
May  5 19:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Invalid user ftpuser from 185.186.146.131
May  5 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: input_userauth_request: invalid user ftpuser [preauth]
May  5 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Failed password for invalid user ftpuser from 185.186.146.131 port 56378 ssh2
May  5 19:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19139]: Connection closed by 185.186.146.131 port 56378 [preauth]
May  5 19:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: Invalid user admin from 185.186.146.131
May  5 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: input_userauth_request: invalid user admin [preauth]
May  5 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: Failed password for invalid user admin from 185.186.146.131 port 55616 ssh2
May  5 19:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: Connection closed by 185.186.146.131 port 55616 [preauth]
May  5 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Invalid user steam from 185.186.146.131
May  5 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: input_userauth_request: invalid user steam [preauth]
May  5 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Failed password for invalid user steam from 185.186.146.131 port 55624 ssh2
May  5 19:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19171]: Connection closed by 185.186.146.131 port 55624 [preauth]
May  5 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Invalid user es from 185.186.146.131
May  5 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: input_userauth_request: invalid user es [preauth]
May  5 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Failed password for invalid user es from 185.186.146.131 port 33134 ssh2
May  5 19:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Connection closed by 185.186.146.131 port 33134 [preauth]
May  5 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19195]: pam_unix(cron:session): session closed for user p13x
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19267]: Successful su for rubyman by root
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19267]: + ??? root:rubyman
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335710 of user rubyman.
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19267]: pam_unix(su:session): session closed for user rubyman
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335710.
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19193]: Failed password for root from 185.186.146.131 port 33148 ssh2
May  5 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19193]: Connection closed by 185.186.146.131 port 33148 [preauth]
May  5 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16357]: pam_unix(cron:session): session closed for user root
May  5 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session closed for user samftp
May  5 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: Invalid user deploy from 185.186.146.131
May  5 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: input_userauth_request: invalid user deploy [preauth]
May  5 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: Failed password for invalid user deploy from 185.186.146.131 port 33278 ssh2
May  5 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19452]: Connection closed by 185.186.146.131 port 33278 [preauth]
May  5 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: Invalid user demo from 185.186.146.131
May  5 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: input_userauth_request: invalid user demo [preauth]
May  5 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: Failed password for invalid user demo from 185.186.146.131 port 33294 ssh2
May  5 19:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19462]: Connection closed by 185.186.146.131 port 33294 [preauth]
May  5 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Invalid user deploy from 185.186.146.131
May  5 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: input_userauth_request: invalid user deploy [preauth]
May  5 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Failed password for invalid user deploy from 185.186.146.131 port 45912 ssh2
May  5 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19487]: Connection closed by 185.186.146.131 port 45912 [preauth]
May  5 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Invalid user ubnt from 80.94.95.241
May  5 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: input_userauth_request: invalid user ubnt [preauth]
May  5 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user ubnt from 80.94.95.241 port 17315 ssh2
May  5 19:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: Invalid user dev from 185.186.146.131
May  5 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: input_userauth_request: invalid user dev [preauth]
May  5 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user ubnt from 80.94.95.241 port 17315 ssh2
May  5 19:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: Failed password for invalid user dev from 185.186.146.131 port 45924 ssh2
May  5 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19500]: Connection closed by 185.186.146.131 port 45924 [preauth]
May  5 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user ubnt from 80.94.95.241 port 17315 ssh2
May  5 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: Invalid user oscar from 185.186.146.131
May  5 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: input_userauth_request: invalid user oscar [preauth]
May  5 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user ubnt from 80.94.95.241 port 17315 ssh2
May  5 19:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: Failed password for invalid user oscar from 185.186.146.131 port 52338 ssh2
May  5 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19523]: Connection closed by 185.186.146.131 port 52338 [preauth]
May  5 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user ubnt from 80.94.95.241 port 17315 ssh2
May  5 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Received disconnect from 80.94.95.241 port 17315:11: Bye [preauth]
May  5 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Disconnected from 80.94.95.241 port 17315 [preauth]
May  5 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 19:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 19:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: Invalid user dolphinscheduler from 185.186.146.131
May  5 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18326]: pam_unix(cron:session): session closed for user root
May  5 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: Failed password for invalid user dolphinscheduler from 185.186.146.131 port 52352 ssh2
May  5 19:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19534]: Connection closed by 185.186.146.131 port 52352 [preauth]
May  5 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Invalid user pi from 185.186.146.131
May  5 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: input_userauth_request: invalid user pi [preauth]
May  5 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Failed password for invalid user pi from 185.186.146.131 port 42816 ssh2
May  5 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19567]: Connection closed by 185.186.146.131 port 42816 [preauth]
May  5 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: Invalid user kettle from 14.103.161.183
May  5 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: input_userauth_request: invalid user kettle [preauth]
May  5 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: Failed password for invalid user kettle from 14.103.161.183 port 51756 ssh2
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: Received disconnect from 14.103.161.183 port 51756:11: Bye Bye [preauth]
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19570]: Disconnected from 14.103.161.183 port 51756 [preauth]
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Invalid user dev from 185.186.146.131
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: input_userauth_request: invalid user dev [preauth]
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Failed password for invalid user dev from 185.186.146.131 port 42828 ssh2
May  5 19:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19590]: Connection closed by 185.186.146.131 port 42828 [preauth]
May  5 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: Invalid user oceanbase from 185.186.146.131
May  5 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: input_userauth_request: invalid user oceanbase [preauth]
May  5 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: Failed password for invalid user oceanbase from 185.186.146.131 port 51684 ssh2
May  5 19:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19608]: Connection closed by 185.186.146.131 port 51684 [preauth]
May  5 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: Invalid user lighthouse from 185.186.146.131
May  5 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: input_userauth_request: invalid user lighthouse [preauth]
May  5 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: Failed password for invalid user lighthouse from 185.186.146.131 port 51698 ssh2
May  5 19:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19622]: Connection closed by 185.186.146.131 port 51698 [preauth]
May  5 19:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: Failed password for root from 185.186.146.131 port 32786 ssh2
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19637]: Connection closed by 185.186.146.131 port 32786 [preauth]
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19648]: pam_unix(cron:session): session closed for user root
May  5 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19641]: pam_unix(cron:session): session closed for user p13x
May  5 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: Successful su for rubyman by root
May  5 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: + ??? root:rubyman
May  5 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335715 of user rubyman.
May  5 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: pam_unix(su:session): session closed for user rubyman
May  5 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335715.
May  5 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19643]: pam_unix(cron:session): session closed for user root
May  5 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16843]: pam_unix(cron:session): session closed for user root
May  5 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Failed password for root from 185.186.146.131 port 32790 ssh2
May  5 19:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19822]: Connection closed by 185.186.146.131 port 32790 [preauth]
May  5 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19642]: pam_unix(cron:session): session closed for user samftp
May  5 19:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19934]: Failed password for root from 185.186.146.131 port 36022 ssh2
May  5 19:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19934]: Connection closed by 185.186.146.131 port 36022 [preauth]
May  5 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Failed password for root from 185.186.146.131 port 36024 ssh2
May  5 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Connection closed by 185.186.146.131 port 36024 [preauth]
May  5 19:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: Invalid user user from 185.186.146.131
May  5 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: input_userauth_request: invalid user user [preauth]
May  5 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: Failed password for invalid user user from 185.186.146.131 port 36804 ssh2
May  5 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19969]: Connection closed by 185.186.146.131 port 36804 [preauth]
May  5 19:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Failed password for root from 185.186.146.131 port 36808 ssh2
May  5 19:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Connection closed by 185.186.146.131 port 36808 [preauth]
May  5 19:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Invalid user svnuser from 185.186.146.131
May  5 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: input_userauth_request: invalid user svnuser [preauth]
May  5 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Failed password for invalid user svnuser from 185.186.146.131 port 52546 ssh2
May  5 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20004]: Connection closed by 185.186.146.131 port 52546 [preauth]
May  5 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session closed for user root
May  5 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Invalid user ftpuser from 185.186.146.131
May  5 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: input_userauth_request: invalid user ftpuser [preauth]
May  5 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Failed password for invalid user ftpuser from 185.186.146.131 port 52548 ssh2
May  5 19:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Connection closed by 185.186.146.131 port 52548 [preauth]
May  5 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Invalid user serverpilot from 206.189.230.76
May  5 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: input_userauth_request: invalid user serverpilot [preauth]
May  5 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Invalid user ubuntu from 185.186.146.131
May  5 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: input_userauth_request: invalid user ubuntu [preauth]
May  5 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Failed password for invalid user serverpilot from 206.189.230.76 port 51704 ssh2
May  5 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Received disconnect from 206.189.230.76 port 51704:11: Bye Bye [preauth]
May  5 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20048]: Disconnected from 206.189.230.76 port 51704 [preauth]
May  5 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Failed password for invalid user ubuntu from 185.186.146.131 port 44424 ssh2
May  5 19:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20050]: Connection closed by 185.186.146.131 port 44424 [preauth]
May  5 19:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: Failed password for root from 185.186.146.131 port 60778 ssh2
May  5 19:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20077]: Connection closed by 185.186.146.131 port 60778 [preauth]
May  5 19:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Invalid user test from 14.103.161.183
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: input_userauth_request: invalid user test [preauth]
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Invalid user esadmin from 185.186.146.131
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: input_userauth_request: invalid user esadmin [preauth]
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Failed password for invalid user test from 14.103.161.183 port 42308 ssh2
May  5 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Received disconnect from 14.103.161.183 port 42308:11: Bye Bye [preauth]
May  5 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20088]: Disconnected from 14.103.161.183 port 42308 [preauth]
May  5 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user esadmin from 185.186.146.131 port 60782 ssh2
May  5 19:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Connection closed by 185.186.146.131 port 60782 [preauth]
May  5 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: Failed password for root from 185.186.146.131 port 45484 ssh2
May  5 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20105]: Connection closed by 185.186.146.131 port 45484 [preauth]
May  5 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Invalid user flask from 185.186.146.131
May  5 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: input_userauth_request: invalid user flask [preauth]
May  5 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session closed for user p13x
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20186]: Successful su for rubyman by root
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20186]: + ??? root:rubyman
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335721 of user rubyman.
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20186]: pam_unix(su:session): session closed for user rubyman
May  5 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335721.
May  5 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Failed password for invalid user flask from 185.186.146.131 port 45488 ssh2
May  5 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20115]: Connection closed by 185.186.146.131 port 45488 [preauth]
May  5 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user root
May  5 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session closed for user samftp
May  5 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: Invalid user deploy from 185.186.146.131
May  5 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: input_userauth_request: invalid user deploy [preauth]
May  5 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: Failed password for invalid user deploy from 185.186.146.131 port 47808 ssh2
May  5 19:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20364]: Connection closed by 185.186.146.131 port 47808 [preauth]
May  5 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Failed password for root from 185.186.146.131 port 47816 ssh2
May  5 19:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20375]: Connection closed by 185.186.146.131 port 47816 [preauth]
May  5 19:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Failed password for root from 185.186.146.131 port 33362 ssh2
May  5 19:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20398]: Connection closed by 185.186.146.131 port 33362 [preauth]
May  5 19:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: Invalid user oracle from 185.186.146.131
May  5 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: input_userauth_request: invalid user oracle [preauth]
May  5 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: Failed password for invalid user oracle from 185.186.146.131 port 33366 ssh2
May  5 19:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20409]: Connection closed by 185.186.146.131 port 33366 [preauth]
May  5 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Invalid user rabbitmq from 185.186.146.131
May  5 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: input_userauth_request: invalid user rabbitmq [preauth]
May  5 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Failed password for invalid user rabbitmq from 185.186.146.131 port 53384 ssh2
May  5 19:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Connection closed by 185.186.146.131 port 53384 [preauth]
May  5 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: Did not receive identification string from 92.118.39.65
May  5 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session closed for user root
May  5 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Failed password for root from 185.186.146.131 port 53402 ssh2
May  5 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Connection closed by 185.186.146.131 port 53402 [preauth]
May  5 19:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Failed password for root from 185.186.146.131 port 52448 ssh2
May  5 19:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20481]: Connection closed by 185.186.146.131 port 52448 [preauth]
May  5 19:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: Failed password for root from 185.186.146.131 port 52456 ssh2
May  5 19:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: Connection closed by 185.186.146.131 port 52456 [preauth]
May  5 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Failed password for root from 185.186.146.131 port 47830 ssh2
May  5 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Connection closed by 185.186.146.131 port 47830 [preauth]
May  5 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Invalid user wang from 185.186.146.131
May  5 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: input_userauth_request: invalid user wang [preauth]
May  5 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Failed password for invalid user wang from 185.186.146.131 port 47836 ssh2
May  5 19:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Connection closed by 185.186.146.131 port 47836 [preauth]
May  5 19:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Invalid user hadoop from 185.186.146.131
May  5 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: input_userauth_request: invalid user hadoop [preauth]
May  5 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Invalid user fort from 14.103.161.183
May  5 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: input_userauth_request: invalid user fort [preauth]
May  5 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Failed password for invalid user hadoop from 185.186.146.131 port 40812 ssh2
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Connection closed by 185.186.146.131 port 40812 [preauth]
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session closed for user p13x
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: Successful su for rubyman by root
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: + ??? root:rubyman
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335724 of user rubyman.
May  5 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20613]: pam_unix(su:session): session closed for user rubyman
May  5 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335724.
May  5 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Failed password for invalid user fort from 14.103.161.183 port 32858 ssh2
May  5 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Received disconnect from 14.103.161.183 port 32858:11: Bye Bye [preauth]
May  5 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Disconnected from 14.103.161.183 port 32858 [preauth]
May  5 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session closed for user root
May  5 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session closed for user samftp
May  5 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Failed password for root from 185.186.146.131 port 40826 ssh2
May  5 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Connection closed by 185.186.146.131 port 40826 [preauth]
May  5 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Invalid user elasticsearch from 185.186.146.131
May  5 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Failed password for invalid user elasticsearch from 185.186.146.131 port 53168 ssh2
May  5 19:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20802]: Connection closed by 185.186.146.131 port 53168 [preauth]
May  5 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: User ftp from 185.186.146.131 not allowed because not listed in AllowUsers
May  5 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: input_userauth_request: invalid user ftp [preauth]
May  5 19:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=ftp
May  5 19:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for invalid user ftp from 185.186.146.131 port 53182 ssh2
May  5 19:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Connection closed by 185.186.146.131 port 53182 [preauth]
May  5 19:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Invalid user uftp from 185.186.146.131
May  5 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: input_userauth_request: invalid user uftp [preauth]
May  5 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Failed password for invalid user uftp from 185.186.146.131 port 36218 ssh2
May  5 19:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20839]: Connection closed by 185.186.146.131 port 36218 [preauth]
May  5 19:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for root from 218.92.0.179 port 31831 ssh2
May  5 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Invalid user webusr from 103.26.136.173
May  5 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: input_userauth_request: invalid user webusr [preauth]
May  5 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: Invalid user awsgui from 185.186.146.131
May  5 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: input_userauth_request: invalid user awsgui [preauth]
May  5 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for root from 218.92.0.179 port 31831 ssh2
May  5 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Failed password for invalid user webusr from 103.26.136.173 port 36008 ssh2
May  5 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Received disconnect from 103.26.136.173 port 36008:11: Bye Bye [preauth]
May  5 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20851]: Disconnected from 103.26.136.173 port 36008 [preauth]
May  5 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: Failed password for invalid user awsgui from 185.186.146.131 port 36234 ssh2
May  5 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20871]: Connection closed by 185.186.146.131 port 36234 [preauth]
May  5 19:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Failed password for root from 218.92.0.179 port 31831 ssh2
May  5 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Received disconnect from 218.92.0.179 port 31831:11:  [preauth]
May  5 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: Disconnected from 218.92.0.179 port 31831 [preauth]
May  5 19:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20841]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: Invalid user dolphinscheduler from 185.186.146.131
May  5 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: Failed password for invalid user dolphinscheduler from 185.186.146.131 port 40208 ssh2
May  5 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20892]: Connection closed by 185.186.146.131 port 40208 [preauth]
May  5 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39  user=root
May  5 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Failed password for root from 96.78.175.39 port 49730 ssh2
May  5 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Received disconnect from 96.78.175.39 port 49730:11: Bye Bye [preauth]
May  5 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20894]: Disconnected from 96.78.175.39 port 49730 [preauth]
May  5 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19647]: pam_unix(cron:session): session closed for user root
May  5 19:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Failed password for root from 185.186.146.131 port 40214 ssh2
May  5 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Connection closed by 185.186.146.131 port 40214 [preauth]
May  5 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Invalid user yarn from 185.186.146.131
May  5 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: input_userauth_request: invalid user yarn [preauth]
May  5 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Failed password for invalid user yarn from 185.186.146.131 port 43390 ssh2
May  5 19:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20935]: Connection closed by 185.186.146.131 port 43390 [preauth]
May  5 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: Invalid user test2 from 185.186.146.131
May  5 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: input_userauth_request: invalid user test2 [preauth]
May  5 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: Failed password for invalid user test2 from 185.186.146.131 port 40498 ssh2
May  5 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: Connection closed by 185.186.146.131 port 40498 [preauth]
May  5 19:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Failed password for root from 176.31.162.135 port 41146 ssh2
May  5 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20960]: Connection closed by 176.31.162.135 port 41146 [preauth]
May  5 19:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Invalid user oracle from 185.186.146.131
May  5 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: input_userauth_request: invalid user oracle [preauth]
May  5 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Failed password for root from 221.161.235.168 port 60076 ssh2
May  5 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Received disconnect from 221.161.235.168 port 60076:11: Bye Bye [preauth]
May  5 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20970]: Disconnected from 221.161.235.168 port 60076 [preauth]
May  5 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Failed password for invalid user oracle from 185.186.146.131 port 40514 ssh2
May  5 19:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Connection closed by 185.186.146.131 port 40514 [preauth]
May  5 19:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Invalid user guest from 185.186.146.131
May  5 19:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: input_userauth_request: invalid user guest [preauth]
May  5 19:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Failed password for invalid user guest from 185.186.146.131 port 44664 ssh2
May  5 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Connection closed by 185.186.146.131 port 44664 [preauth]
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Invalid user wang from 185.186.146.131
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: input_userauth_request: invalid user wang [preauth]
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20998]: pam_unix(cron:session): session closed for user p13x
May  5 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: Successful su for rubyman by root
May  5 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: + ??? root:rubyman
May  5 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335729 of user rubyman.
May  5 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: pam_unix(su:session): session closed for user rubyman
May  5 19:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335729.
May  5 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Failed password for invalid user wang from 185.186.146.131 port 44670 ssh2
May  5 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20995]: Connection closed by 185.186.146.131 port 44670 [preauth]
May  5 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session closed for user root
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: Invalid user www from 185.186.146.131
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: input_userauth_request: invalid user www [preauth]
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Invalid user webusr from 14.103.161.183
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: input_userauth_request: invalid user webusr [preauth]
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20999]: pam_unix(cron:session): session closed for user samftp
May  5 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: Failed password for invalid user www from 185.186.146.131 port 53244 ssh2
May  5 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21260]: Connection closed by 185.186.146.131 port 53244 [preauth]
May  5 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Failed password for invalid user webusr from 14.103.161.183 port 51640 ssh2
May  5 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Received disconnect from 14.103.161.183 port 51640:11: Bye Bye [preauth]
May  5 19:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21256]: Disconnected from 14.103.161.183 port 51640 [preauth]
May  5 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21297]: Failed password for root from 185.186.146.131 port 53246 ssh2
May  5 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21297]: Connection closed by 185.186.146.131 port 53246 [preauth]
May  5 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Invalid user nexus from 185.186.146.131
May  5 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: input_userauth_request: invalid user nexus [preauth]
May  5 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Failed password for invalid user nexus from 185.186.146.131 port 34152 ssh2
May  5 19:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21324]: Connection closed by 185.186.146.131 port 34152 [preauth]
May  5 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: Invalid user app from 185.186.146.131
May  5 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: input_userauth_request: invalid user app [preauth]
May  5 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: Failed password for invalid user app from 185.186.146.131 port 34168 ssh2
May  5 19:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21335]: Connection closed by 185.186.146.131 port 34168 [preauth]
May  5 19:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Invalid user nvidia from 185.186.146.131
May  5 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: input_userauth_request: invalid user nvidia [preauth]
May  5 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Failed password for invalid user nvidia from 185.186.146.131 port 59876 ssh2
May  5 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21359]: Connection closed by 185.186.146.131 port 59876 [preauth]
May  5 19:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session closed for user root
May  5 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Failed password for root from 185.186.146.131 port 59886 ssh2
May  5 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21369]: Connection closed by 185.186.146.131 port 59886 [preauth]
May  5 19:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131  user=root
May  5 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Failed password for root from 185.186.146.131 port 34822 ssh2
May  5 19:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21399]: Connection closed by 185.186.146.131 port 34822 [preauth]
May  5 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Invalid user es from 185.186.146.131
May  5 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: input_userauth_request: invalid user es [preauth]
May  5 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for invalid user es from 185.186.146.131 port 34834 ssh2
May  5 19:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Connection closed by 185.186.146.131 port 34834 [preauth]
May  5 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: Invalid user sugi from 185.186.146.131
May  5 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: input_userauth_request: invalid user sugi [preauth]
May  5 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.186.146.131
May  5 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: Failed password for invalid user sugi from 185.186.146.131 port 41840 ssh2
May  5 19:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21431]: Connection closed by 185.186.146.131 port 41840 [preauth]
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user p13x
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: Successful su for rubyman by root
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: + ??? root:rubyman
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335734 of user rubyman.
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21515]: pam_unix(su:session): session closed for user rubyman
May  5 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335734.
May  5 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18770]: pam_unix(cron:session): session closed for user root
May  5 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21453]: pam_unix(cron:session): session closed for user samftp
May  5 19:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Invalid user zhanghua from 14.103.161.183
May  5 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: input_userauth_request: invalid user zhanghua [preauth]
May  5 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Failed password for invalid user zhanghua from 14.103.161.183 port 42192 ssh2
May  5 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Received disconnect from 14.103.161.183 port 42192:11: Bye Bye [preauth]
May  5 19:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21862]: Disconnected from 14.103.161.183 port 42192 [preauth]
May  5 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20557]: pam_unix(cron:session): session closed for user root
May  5 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Invalid user sentinel from 206.189.230.76
May  5 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: input_userauth_request: invalid user sentinel [preauth]
May  5 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Failed password for invalid user sentinel from 206.189.230.76 port 38930 ssh2
May  5 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Received disconnect from 206.189.230.76 port 38930:11: Bye Bye [preauth]
May  5 19:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22156]: Disconnected from 206.189.230.76 port 38930 [preauth]
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22192]: pam_unix(cron:session): session closed for user root
May  5 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22187]: pam_unix(cron:session): session closed for user p13x
May  5 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: Successful su for rubyman by root
May  5 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: + ??? root:rubyman
May  5 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335736 of user rubyman.
May  5 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22281]: pam_unix(su:session): session closed for user rubyman
May  5 19:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335736.
May  5 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22189]: pam_unix(cron:session): session closed for user root
May  5 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user root
May  5 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22188]: pam_unix(cron:session): session closed for user samftp
May  5 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: Invalid user uptime from 14.103.161.183
May  5 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: input_userauth_request: invalid user uptime [preauth]
May  5 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: Failed password for invalid user uptime from 14.103.161.183 port 60978 ssh2
May  5 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: Received disconnect from 14.103.161.183 port 60978:11: Bye Bye [preauth]
May  5 19:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22589]: Disconnected from 14.103.161.183 port 60978 [preauth]
May  5 19:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21001]: pam_unix(cron:session): session closed for user root
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22690]: pam_unix(cron:session): session closed for user p13x
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22766]: Successful su for rubyman by root
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22766]: + ??? root:rubyman
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335743 of user rubyman.
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22766]: pam_unix(su:session): session closed for user rubyman
May  5 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335743.
May  5 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19646]: pam_unix(cron:session): session closed for user root
May  5 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session closed for user samftp
May  5 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21455]: pam_unix(cron:session): session closed for user root
May  5 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Invalid user system from 14.103.161.183
May  5 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: input_userauth_request: invalid user system [preauth]
May  5 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Failed password for invalid user system from 14.103.161.183 port 51510 ssh2
May  5 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Received disconnect from 14.103.161.183 port 51510:11: Bye Bye [preauth]
May  5 19:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Disconnected from 14.103.161.183 port 51510 [preauth]
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session closed for user p13x
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23224]: Successful su for rubyman by root
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23224]: + ??? root:rubyman
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335747 of user rubyman.
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23224]: pam_unix(su:session): session closed for user rubyman
May  5 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335747.
May  5 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user root
May  5 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session closed for user samftp
May  5 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Invalid user beetroot from 96.78.175.39
May  5 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: input_userauth_request: invalid user beetroot [preauth]
May  5 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 19:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Failed password for invalid user beetroot from 96.78.175.39 port 57266 ssh2
May  5 19:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Received disconnect from 96.78.175.39 port 57266:11: Bye Bye [preauth]
May  5 19:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23531]: Disconnected from 96.78.175.39 port 57266 [preauth]
May  5 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22191]: pam_unix(cron:session): session closed for user root
May  5 19:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183  user=root
May  5 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Failed password for root from 14.103.161.183 port 42036 ssh2
May  5 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Received disconnect from 14.103.161.183 port 42036:11: Bye Bye [preauth]
May  5 19:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Disconnected from 14.103.161.183 port 42036 [preauth]
May  5 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
May  5 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for root from 103.26.136.173 port 43054 ssh2
May  5 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Received disconnect from 103.26.136.173 port 43054:11: Bye Bye [preauth]
May  5 19:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Disconnected from 103.26.136.173 port 43054 [preauth]
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23659]: pam_unix(cron:session): session closed for user p13x
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23720]: Successful su for rubyman by root
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23720]: + ??? root:rubyman
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335753 of user rubyman.
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23720]: pam_unix(su:session): session closed for user rubyman
May  5 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335753.
May  5 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20556]: pam_unix(cron:session): session closed for user root
May  5 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23660]: pam_unix(cron:session): session closed for user samftp
May  5 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Invalid user ubuntu from 92.118.39.65
May  5 19:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: input_userauth_request: invalid user ubuntu [preauth]
May  5 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 19:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 19:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Failed password for invalid user ubuntu from 92.118.39.65 port 55358 ssh2
May  5 19:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Connection closed by 92.118.39.65 port 55358 [preauth]
May  5 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Failed password for root from 221.161.235.168 port 40364 ssh2
May  5 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Received disconnect from 221.161.235.168 port 40364:11: Bye Bye [preauth]
May  5 19:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Disconnected from 221.161.235.168 port 40364 [preauth]
May  5 19:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session closed for user root
May  5 19:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Invalid user www from 14.103.161.183
May  5 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: input_userauth_request: invalid user www [preauth]
May  5 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Failed password for invalid user www from 14.103.161.183 port 60808 ssh2
May  5 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Received disconnect from 14.103.161.183 port 60808:11: Bye Bye [preauth]
May  5 19:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Disconnected from 14.103.161.183 port 60808 [preauth]
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24191]: pam_unix(cron:session): session closed for user p13x
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: Successful su for rubyman by root
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: + ??? root:rubyman
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335755 of user rubyman.
May  5 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: pam_unix(su:session): session closed for user rubyman
May  5 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335755.
May  5 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: Failed password for root from 206.189.230.76 port 60046 ssh2
May  5 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: Received disconnect from 206.189.230.76 port 60046:11: Bye Bye [preauth]
May  5 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: Disconnected from 206.189.230.76 port 60046 [preauth]
May  5 19:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21000]: pam_unix(cron:session): session closed for user root
May  5 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24192]: pam_unix(cron:session): session closed for user samftp
May  5 19:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Failed password for root from 218.92.0.179 port 51473 ssh2
May  5 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 51473 ssh2]
May  5 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Received disconnect from 218.92.0.179 port 51473:11:  [preauth]
May  5 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Disconnected from 218.92.0.179 port 51473 [preauth]
May  5 19:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user root
May  5 19:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Invalid user dell from 14.103.161.183
May  5 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: input_userauth_request: invalid user dell [preauth]
May  5 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.161.183
May  5 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for invalid user dell from 14.103.161.183 port 51354 ssh2
May  5 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Received disconnect from 14.103.161.183 port 51354:11: Bye Bye [preauth]
May  5 19:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Disconnected from 14.103.161.183 port 51354 [preauth]
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24642]: pam_unix(cron:session): session closed for user root
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user p13x
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: Successful su for rubyman by root
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: + ??? root:rubyman
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335758 of user rubyman.
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24715]: pam_unix(su:session): session closed for user rubyman
May  5 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335758.
May  5 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user root
May  5 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21454]: pam_unix(cron:session): session closed for user root
May  5 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Invalid user admin from 139.19.117.131
May  5 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: input_userauth_request: invalid user admin [preauth]
May  5 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24638]: pam_unix(cron:session): session closed for user samftp
May  5 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Connection closed by 139.19.117.131 port 44158 [preauth]
May  5 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23662]: pam_unix(cron:session): session closed for user root
May  5 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25080]: pam_unix(cron:session): session closed for user p13x
May  5 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25152]: Successful su for rubyman by root
May  5 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25152]: + ??? root:rubyman
May  5 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335765 of user rubyman.
May  5 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25152]: pam_unix(su:session): session closed for user rubyman
May  5 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335765.
May  5 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22190]: pam_unix(cron:session): session closed for user root
May  5 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25081]: pam_unix(cron:session): session closed for user samftp
May  5 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session closed for user root
May  5 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: Invalid user deploy from 96.78.175.39
May  5 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: input_userauth_request: invalid user deploy [preauth]
May  5 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25498]: pam_unix(cron:session): session closed for user p13x
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: Successful su for rubyman by root
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: + ??? root:rubyman
May  5 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335769 of user rubyman.
May  5 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25570]: pam_unix(su:session): session closed for user rubyman
May  5 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335769.
May  5 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: Failed password for invalid user deploy from 96.78.175.39 port 36574 ssh2
May  5 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: Received disconnect from 96.78.175.39 port 36574:11: Bye Bye [preauth]
May  5 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25495]: Disconnected from 96.78.175.39 port 36574 [preauth]
May  5 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session closed for user root
May  5 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25499]: pam_unix(cron:session): session closed for user samftp
May  5 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24641]: pam_unix(cron:session): session closed for user root
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26001]: pam_unix(cron:session): session closed for user p13x
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: Successful su for rubyman by root
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: + ??? root:rubyman
May  5 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335773 of user rubyman.
May  5 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26066]: pam_unix(su:session): session closed for user rubyman
May  5 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335773.
May  5 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session closed for user root
May  5 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26002]: pam_unix(cron:session): session closed for user samftp
May  5 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: Invalid user mz from 206.189.230.76
May  5 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: input_userauth_request: invalid user mz [preauth]
May  5 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: Failed password for invalid user mz from 206.189.230.76 port 60296 ssh2
May  5 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: Received disconnect from 206.189.230.76 port 60296:11: Bye Bye [preauth]
May  5 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26250]: Disconnected from 206.189.230.76 port 60296 [preauth]
May  5 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: Invalid user guest0 from 103.26.136.173
May  5 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: input_userauth_request: invalid user guest0 [preauth]
May  5 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: Failed password for invalid user guest0 from 103.26.136.173 port 50104 ssh2
May  5 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: Received disconnect from 103.26.136.173 port 50104:11: Bye Bye [preauth]
May  5 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26260]: Disconnected from 103.26.136.173 port 50104 [preauth]
May  5 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session closed for user root
May  5 19:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Failed password for root from 221.161.235.168 port 48886 ssh2
May  5 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Received disconnect from 221.161.235.168 port 48886:11: Bye Bye [preauth]
May  5 19:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26380]: Disconnected from 221.161.235.168 port 48886 [preauth]
May  5 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session closed for user p13x
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: Successful su for rubyman by root
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: + ??? root:rubyman
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335776 of user rubyman.
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26606]: pam_unix(su:session): session closed for user rubyman
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335776.
May  5 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session closed for user root
May  5 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23661]: pam_unix(cron:session): session closed for user root
May  5 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session closed for user samftp
May  5 19:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25501]: pam_unix(cron:session): session closed for user root
May  5 19:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Invalid user validator from 92.118.39.65
May  5 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: input_userauth_request: invalid user validator [preauth]
May  5 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Failed password for invalid user validator from 92.118.39.65 port 40110 ssh2
May  5 19:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Connection closed by 92.118.39.65 port 40110 [preauth]
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session closed for user root
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27026]: pam_unix(cron:session): session closed for user p13x
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27113]: Successful su for rubyman by root
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27113]: + ??? root:rubyman
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335781 of user rubyman.
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27113]: pam_unix(su:session): session closed for user rubyman
May  5 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335781.
May  5 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session closed for user root
May  5 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24193]: pam_unix(cron:session): session closed for user root
May  5 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27027]: pam_unix(cron:session): session closed for user samftp
May  5 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26004]: pam_unix(cron:session): session closed for user root
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session closed for user p13x
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27625]: Successful su for rubyman by root
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27625]: + ??? root:rubyman
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335789 of user rubyman.
May  5 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27625]: pam_unix(su:session): session closed for user rubyman
May  5 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335789.
May  5 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24640]: pam_unix(cron:session): session closed for user root
May  5 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27543]: pam_unix(cron:session): session closed for user samftp
May  5 19:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Invalid user webusr from 96.78.175.39
May  5 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: input_userauth_request: invalid user webusr [preauth]
May  5 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Failed password for invalid user webusr from 96.78.175.39 port 44110 ssh2
May  5 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Received disconnect from 96.78.175.39 port 44110:11: Bye Bye [preauth]
May  5 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Disconnected from 96.78.175.39 port 44110 [preauth]
May  5 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user root
May  5 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27968]: pam_unix(cron:session): session closed for user p13x
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28032]: Successful su for rubyman by root
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28032]: + ??? root:rubyman
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335793 of user rubyman.
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28032]: pam_unix(su:session): session closed for user rubyman
May  5 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335793.
May  5 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25082]: pam_unix(cron:session): session closed for user root
May  5 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27969]: pam_unix(cron:session): session closed for user samftp
May  5 19:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Invalid user rafael from 206.189.230.76
May  5 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: input_userauth_request: invalid user rafael [preauth]
May  5 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Failed password for invalid user rafael from 206.189.230.76 port 53504 ssh2
May  5 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Received disconnect from 206.189.230.76 port 53504:11: Bye Bye [preauth]
May  5 19:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28219]: Disconnected from 206.189.230.76 port 53504 [preauth]
May  5 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27033]: pam_unix(cron:session): session closed for user root
May  5 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28375]: pam_unix(cron:session): session closed for user p13x
May  5 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: Successful su for rubyman by root
May  5 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: + ??? root:rubyman
May  5 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335795 of user rubyman.
May  5 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28436]: pam_unix(su:session): session closed for user rubyman
May  5 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335795.
May  5 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25500]: pam_unix(cron:session): session closed for user root
May  5 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28376]: pam_unix(cron:session): session closed for user samftp
May  5 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27546]: pam_unix(cron:session): session closed for user root
May  5 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Invalid user test from 103.26.136.173
May  5 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: input_userauth_request: invalid user test [preauth]
May  5 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Failed password for invalid user test from 103.26.136.173 port 57154 ssh2
May  5 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Received disconnect from 103.26.136.173 port 57154:11: Bye Bye [preauth]
May  5 19:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28734]: Disconnected from 103.26.136.173 port 57154 [preauth]
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28786]: pam_unix(cron:session): session closed for user p13x
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28847]: Successful su for rubyman by root
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28847]: + ??? root:rubyman
May  5 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335800 of user rubyman.
May  5 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28847]: pam_unix(su:session): session closed for user rubyman
May  5 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335800.
May  5 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26003]: pam_unix(cron:session): session closed for user root
May  5 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28787]: pam_unix(cron:session): session closed for user samftp
May  5 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Invalid user rajeev from 221.161.235.168
May  5 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: input_userauth_request: invalid user rajeev [preauth]
May  5 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Failed password for invalid user rajeev from 221.161.235.168 port 57420 ssh2
May  5 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Received disconnect from 221.161.235.168 port 57420:11: Bye Bye [preauth]
May  5 19:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29195]: Disconnected from 221.161.235.168 port 57420 [preauth]
May  5 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session closed for user root
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29303]: pam_unix(cron:session): session closed for user root
May  5 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29298]: pam_unix(cron:session): session closed for user p13x
May  5 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29369]: Successful su for rubyman by root
May  5 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29369]: + ??? root:rubyman
May  5 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335805 of user rubyman.
May  5 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29369]: pam_unix(su:session): session closed for user rubyman
May  5 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335805.
May  5 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session closed for user root
May  5 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user root
May  5 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session closed for user samftp
May  5 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28378]: pam_unix(cron:session): session closed for user root
May  5 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session closed for user p13x
May  5 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: Successful su for rubyman by root
May  5 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: + ??? root:rubyman
May  5 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335810 of user rubyman.
May  5 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29803]: pam_unix(su:session): session closed for user rubyman
May  5 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335810.
May  5 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session closed for user root
May  5 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session closed for user samftp
May  5 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39  user=root
May  5 19:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Invalid user node from 92.118.39.65
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: input_userauth_request: invalid user node [preauth]
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Failed password for root from 96.78.175.39 port 51650 ssh2
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Received disconnect from 96.78.175.39 port 51650:11: Bye Bye [preauth]
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30017]: Disconnected from 96.78.175.39 port 51650 [preauth]
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Failed password for invalid user node from 92.118.39.65 port 53078 ssh2
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Connection closed by 92.118.39.65 port 53078 [preauth]
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Invalid user huang from 206.189.230.76
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: input_userauth_request: invalid user huang [preauth]
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Failed password for invalid user huang from 206.189.230.76 port 46996 ssh2
May  5 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Received disconnect from 206.189.230.76 port 46996:11: Bye Bye [preauth]
May  5 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Disconnected from 206.189.230.76 port 46996 [preauth]
May  5 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28789]: pam_unix(cron:session): session closed for user root
May  5 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user p13x
May  5 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: Successful su for rubyman by root
May  5 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: + ??? root:rubyman
May  5 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335813 of user rubyman.
May  5 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: pam_unix(su:session): session closed for user rubyman
May  5 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335813.
May  5 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27544]: pam_unix(cron:session): session closed for user root
May  5 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user samftp
May  5 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session closed for user root
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30543]: pam_unix(cron:session): session closed for user p13x
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: Successful su for rubyman by root
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: + ??? root:rubyman
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335819 of user rubyman.
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30602]: pam_unix(su:session): session closed for user rubyman
May  5 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335819.
May  5 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27971]: pam_unix(cron:session): session closed for user root
May  5 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30544]: pam_unix(cron:session): session closed for user samftp
May  5 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29742]: pam_unix(cron:session): session closed for user root
May  5 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31009]: pam_unix(cron:session): session closed for user p13x
May  5 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: Successful su for rubyman by root
May  5 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: + ??? root:rubyman
May  5 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335822 of user rubyman.
May  5 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31101]: pam_unix(su:session): session closed for user rubyman
May  5 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335822.
May  5 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28377]: pam_unix(cron:session): session closed for user root
May  5 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session closed for user samftp
May  5 19:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Invalid user zhouhao from 103.26.136.173
May  5 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: input_userauth_request: invalid user zhouhao [preauth]
May  5 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Failed password for invalid user zhouhao from 103.26.136.173 port 35972 ssh2
May  5 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Received disconnect from 103.26.136.173 port 35972:11: Bye Bye [preauth]
May  5 19:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31295]: Disconnected from 103.26.136.173 port 35972 [preauth]
May  5 19:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30155]: pam_unix(cron:session): session closed for user root
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session closed for user root
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31445]: pam_unix(cron:session): session closed for user p13x
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: Successful su for rubyman by root
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: + ??? root:rubyman
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335825 of user rubyman.
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31519]: pam_unix(su:session): session closed for user rubyman
May  5 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335825.
May  5 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31447]: pam_unix(cron:session): session closed for user root
May  5 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28788]: pam_unix(cron:session): session closed for user root
May  5 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31446]: pam_unix(cron:session): session closed for user samftp
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Failed password for root from 221.161.235.168 port 37720 ssh2
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Received disconnect from 221.161.235.168 port 37720:11: Bye Bye [preauth]
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31668]: Disconnected from 221.161.235.168 port 37720 [preauth]
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Invalid user lb from 213.176.73.105
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: input_userauth_request: invalid user lb [preauth]
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 19:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Failed password for invalid user lb from 213.176.73.105 port 39458 ssh2
May  5 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Received disconnect from 213.176.73.105 port 39458:11: Bye Bye [preauth]
May  5 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Disconnected from 213.176.73.105 port 39458 [preauth]
May  5 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Invalid user test from 206.189.230.76
May  5 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: input_userauth_request: invalid user test [preauth]
May  5 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Failed password for invalid user test from 206.189.230.76 port 46914 ssh2
May  5 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Received disconnect from 206.189.230.76 port 46914:11: Bye Bye [preauth]
May  5 19:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Disconnected from 206.189.230.76 port 46914 [preauth]
May  5 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30546]: pam_unix(cron:session): session closed for user root
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31939]: pam_unix(cron:session): session closed for user p13x
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32218]: Successful su for rubyman by root
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32218]: + ??? root:rubyman
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335833 of user rubyman.
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32218]: pam_unix(su:session): session closed for user rubyman
May  5 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335833.
May  5 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session closed for user root
May  5 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session closed for user samftp
May  5 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39  user=root
May  5 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Failed password for root from 96.78.175.39 port 59186 ssh2
May  5 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Received disconnect from 96.78.175.39 port 59186:11: Bye Bye [preauth]
May  5 19:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32476]: Disconnected from 96.78.175.39 port 59186 [preauth]
May  5 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Invalid user mytestuser from 50.235.31.47
May  5 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: input_userauth_request: invalid user mytestuser [preauth]
May  5 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Failed password for invalid user mytestuser from 50.235.31.47 port 52926 ssh2
May  5 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32511]: Connection closed by 50.235.31.47 port 52926 [preauth]
May  5 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31013]: pam_unix(cron:session): session closed for user root
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user p13x
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: Successful su for rubyman by root
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: + ??? root:rubyman
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335835 of user rubyman.
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: pam_unix(su:session): session closed for user rubyman
May  5 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335835.
May  5 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29740]: pam_unix(cron:session): session closed for user root
May  5 19:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user samftp
May  5 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31449]: pam_unix(cron:session): session closed for user root
May  5 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: Invalid user solana from 92.118.39.65
May  5 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: input_userauth_request: invalid user solana [preauth]
May  5 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: Failed password for invalid user solana from 92.118.39.65 port 37812 ssh2
May  5 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[756]: Connection closed by 92.118.39.65 port 37812 [preauth]
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[783]: pam_unix(cron:session): session closed for user p13x
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: Successful su for rubyman by root
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: + ??? root:rubyman
May  5 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335840 of user rubyman.
May  5 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[849]: pam_unix(su:session): session closed for user rubyman
May  5 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335840.
May  5 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session closed for user root
May  5 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session closed for user samftp
May  5 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session closed for user root
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1258]: pam_unix(cron:session): session closed for user p13x
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: Successful su for rubyman by root
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: + ??? root:rubyman
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335845 of user rubyman.
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1329]: pam_unix(su:session): session closed for user rubyman
May  5 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335845.
May  5 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30545]: pam_unix(cron:session): session closed for user root
May  5 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1259]: pam_unix(cron:session): session closed for user samftp
May  5 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Invalid user system from 103.26.136.173
May  5 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: input_userauth_request: invalid user system [preauth]
May  5 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Failed password for invalid user system from 103.26.136.173 port 43012 ssh2
May  5 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Received disconnect from 103.26.136.173 port 43012:11: Bye Bye [preauth]
May  5 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1622]: Disconnected from 103.26.136.173 port 43012 [preauth]
May  5 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user root
May  5 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Invalid user testuser from 206.189.230.76
May  5 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: input_userauth_request: invalid user testuser [preauth]
May  5 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Failed password for invalid user testuser from 206.189.230.76 port 50892 ssh2
May  5 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Received disconnect from 206.189.230.76 port 50892:11: Bye Bye [preauth]
May  5 19:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1655]: Disconnected from 206.189.230.76 port 50892 [preauth]
May  5 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Did not receive identification string from 117.66.242.217
May  5 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.66.242.217  user=root
May  5 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Failed password for root from 117.66.242.217 port 40998 ssh2
May  5 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1685]: Connection closed by 117.66.242.217 port 40998 [preauth]
May  5 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Did not receive identification string from 117.66.242.217
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1750]: pam_unix(cron:session): session closed for user root
May  5 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user p13x
May  5 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: Successful su for rubyman by root
May  5 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: + ??? root:rubyman
May  5 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335849 of user rubyman.
May  5 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1824]: pam_unix(su:session): session closed for user rubyman
May  5 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335849.
May  5 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session closed for user root
May  5 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session closed for user root
May  5 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user samftp
May  5 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105  user=root
May  5 19:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Failed password for root from 213.176.73.105 port 44692 ssh2
May  5 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Received disconnect from 213.176.73.105 port 44692:11: Bye Bye [preauth]
May  5 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2166]: Disconnected from 213.176.73.105 port 44692 [preauth]
May  5 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user root
May  5 19:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: Failed password for root from 221.161.235.168 port 46224 ssh2
May  5 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: Received disconnect from 221.161.235.168 port 46224:11: Bye Bye [preauth]
May  5 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: Disconnected from 221.161.235.168 port 46224 [preauth]
May  5 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Invalid user guest0 from 96.78.175.39
May  5 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: input_userauth_request: invalid user guest0 [preauth]
May  5 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 19:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Failed password for invalid user guest0 from 96.78.175.39 port 38490 ssh2
May  5 19:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Received disconnect from 96.78.175.39 port 38490:11: Bye Bye [preauth]
May  5 19:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2258]: Disconnected from 96.78.175.39 port 38490 [preauth]
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session closed for user p13x
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2347]: Successful su for rubyman by root
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2347]: + ??? root:rubyman
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335853 of user rubyman.
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2347]: pam_unix(su:session): session closed for user rubyman
May  5 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335853.
May  5 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31448]: pam_unix(cron:session): session closed for user root
May  5 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session closed for user samftp
May  5 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1261]: pam_unix(cron:session): session closed for user root
May  5 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.66.242.217  user=root
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2736]: pam_unix(cron:session): session closed for user p13x
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2800]: Successful su for rubyman by root
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2800]: + ??? root:rubyman
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335859 of user rubyman.
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2800]: pam_unix(su:session): session closed for user rubyman
May  5 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335859.
May  5 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session closed for user root
May  5 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2737]: pam_unix(cron:session): session closed for user samftp
May  5 19:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Failed password for root from 80.94.95.29 port 9567 ssh2
May  5 19:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 9567 ssh2]
May  5 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Received disconnect from 80.94.95.29 port 9567:11: Bye [preauth]
May  5 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Disconnected from 80.94.95.29 port 9567 [preauth]
May  5 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Invalid user admin from 80.94.95.112
May  5 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: input_userauth_request: invalid user admin [preauth]
May  5 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Failed password for invalid user admin from 80.94.95.112 port 31253 ssh2
May  5 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Failed password for invalid user admin from 80.94.95.112 port 31253 ssh2
May  5 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1749]: pam_unix(cron:session): session closed for user root
May  5 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Failed password for invalid user admin from 80.94.95.112 port 31253 ssh2
May  5 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Failed password for invalid user admin from 80.94.95.112 port 31253 ssh2
May  5 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Failed password for invalid user admin from 80.94.95.112 port 31253 ssh2
May  5 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Received disconnect from 80.94.95.112 port 31253:11: Bye [preauth]
May  5 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: Disconnected from 80.94.95.112 port 31253 [preauth]
May  5 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session closed for user p13x
May  5 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3210]: Successful su for rubyman by root
May  5 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3210]: + ??? root:rubyman
May  5 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335862 of user rubyman.
May  5 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3210]: pam_unix(su:session): session closed for user rubyman
May  5 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335862.
May  5 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session closed for user root
May  5 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3144]: pam_unix(cron:session): session closed for user samftp
May  5 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session closed for user root
May  5 19:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Failed password for root from 206.189.230.76 port 47444 ssh2
May  5 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Received disconnect from 206.189.230.76 port 47444:11: Bye Bye [preauth]
May  5 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Disconnected from 206.189.230.76 port 47444 [preauth]
May  5 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3597]: pam_unix(cron:session): session closed for user p13x
May  5 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: Successful su for rubyman by root
May  5 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: + ??? root:rubyman
May  5 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335865 of user rubyman.
May  5 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3658]: pam_unix(su:session): session closed for user rubyman
May  5 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335865.
May  5 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session closed for user root
May  5 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3598]: pam_unix(cron:session): session closed for user samftp
May  5 19:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Invalid user sol from 92.118.39.65
May  5 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: input_userauth_request: invalid user sol [preauth]
May  5 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Failed password for invalid user sol from 92.118.39.65 port 50780 ssh2
May  5 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Connection closed by 92.118.39.65 port 50780 [preauth]
May  5 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2739]: pam_unix(cron:session): session closed for user root
May  5 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Invalid user xd from 213.176.73.105
May  5 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: input_userauth_request: invalid user xd [preauth]
May  5 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Failed password for invalid user xd from 213.176.73.105 port 47456 ssh2
May  5 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Received disconnect from 213.176.73.105 port 47456:11: Bye Bye [preauth]
May  5 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4003]: Disconnected from 213.176.73.105 port 47456 [preauth]
May  5 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Invalid user deploy from 103.26.136.173
May  5 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: input_userauth_request: invalid user deploy [preauth]
May  5 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: pam_unix(sshd:auth): check pass; user unknown
May  5 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Failed password for invalid user deploy from 103.26.136.173 port 50054 ssh2
May  5 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Received disconnect from 103.26.136.173 port 50054:11: Bye Bye [preauth]
May  5 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Disconnected from 103.26.136.173 port 50054 [preauth]
May  5 19:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 19:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Did not receive identification string from 80.248.59.138
May  5 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4035]: pam_unix(cron:session): session closed for user root
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session closed for user root
May  5 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session closed for user p13x
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: Successful su for rubyman by root
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: + ??? root:rubyman
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335869 of user rubyman.
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4124]: pam_unix(su:session): session closed for user rubyman
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335869.
May  5 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138  user=root
May  5 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session closed for user root
May  5 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Failed password for root from 80.248.59.138 port 52982 ssh2
May  5 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Connection closed by 80.248.59.138 port 52982 [preauth]
May  5 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1260]: pam_unix(cron:session): session closed for user root
May  5 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: Invalid user admin from 80.248.59.138
May  5 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: input_userauth_request: invalid user admin [preauth]
May  5 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session closed for user samftp
May  5 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: Failed password for invalid user admin from 80.248.59.138 port 53712 ssh2
May  5 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: Connection closed by 80.248.59.138 port 53712 [preauth]
May  5 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Invalid user ubuntu from 80.248.59.138
May  5 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: input_userauth_request: invalid user ubuntu [preauth]
May  5 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Failed password for invalid user ubuntu from 80.248.59.138 port 55368 ssh2
May  5 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Connection closed by 80.248.59.138 port 55368 [preauth]
May  5 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138  user=root
May  5 20:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Failed password for root from 80.248.59.138 port 56790 ssh2
May  5 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Connection closed by 80.248.59.138 port 56790 [preauth]
May  5 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Invalid user postgres from 80.248.59.138
May  5 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: input_userauth_request: invalid user postgres [preauth]
May  5 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Failed password for invalid user postgres from 80.248.59.138 port 58162 ssh2
May  5 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Connection closed by 80.248.59.138 port 58162 [preauth]
May  5 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Invalid user user from 80.248.59.138
May  5 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: input_userauth_request: invalid user user [preauth]
May  5 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Failed password for invalid user user from 80.248.59.138 port 59302 ssh2
May  5 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4555]: Connection closed by 80.248.59.138 port 59302 [preauth]
May  5 20:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: Invalid user pi from 80.248.59.138
May  5 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: input_userauth_request: invalid user pi [preauth]
May  5 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: Failed password for invalid user pi from 80.248.59.138 port 60656 ssh2
May  5 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4581]: Connection closed by 80.248.59.138 port 60656 [preauth]
May  5 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: Invalid user test from 80.248.59.138
May  5 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: input_userauth_request: invalid user test [preauth]
May  5 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Invalid user presto from 176.31.162.135
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: input_userauth_request: invalid user presto [preauth]
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Invalid user user from 96.78.175.39
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: input_userauth_request: invalid user user [preauth]
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session closed for user root
May  5 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: Failed password for invalid user test from 80.248.59.138 port 33614 ssh2
May  5 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4593]: Connection closed by 80.248.59.138 port 33614 [preauth]
May  5 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Failed password for invalid user presto from 176.31.162.135 port 54368 ssh2
May  5 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Failed password for invalid user user from 96.78.175.39 port 46026 ssh2
May  5 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Received disconnect from 96.78.175.39 port 46026:11: Bye Bye [preauth]
May  5 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4634]: Disconnected from 96.78.175.39 port 46026 [preauth]
May  5 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Invalid user deploy from 80.248.59.138
May  5 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: input_userauth_request: invalid user deploy [preauth]
May  5 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Connection closed by 176.31.162.135 port 54368 [preauth]
May  5 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Failed password for invalid user deploy from 80.248.59.138 port 34758 ssh2
May  5 20:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4652]: Connection closed by 80.248.59.138 port 34758 [preauth]
May  5 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Invalid user oracle from 80.248.59.138
May  5 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: input_userauth_request: invalid user oracle [preauth]
May  5 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Failed password for invalid user oracle from 80.248.59.138 port 35760 ssh2
May  5 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Connection closed by 80.248.59.138 port 35760 [preauth]
May  5 20:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Invalid user steam from 80.248.59.138
May  5 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: input_userauth_request: invalid user steam [preauth]
May  5 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Failed password for invalid user steam from 80.248.59.138 port 36364 ssh2
May  5 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Connection closed by 80.248.59.138 port 36364 [preauth]
May  5 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: Invalid user odoo from 80.248.59.138
May  5 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: input_userauth_request: invalid user odoo [preauth]
May  5 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: Failed password for invalid user odoo from 80.248.59.138 port 36538 ssh2
May  5 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4698]: Connection closed by 80.248.59.138 port 36538 [preauth]
May  5 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: Invalid user ubuntu from 80.248.59.138
May  5 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: input_userauth_request: invalid user ubuntu [preauth]
May  5 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: Failed password for invalid user ubuntu from 80.248.59.138 port 36722 ssh2
May  5 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4700]: Connection closed by 80.248.59.138 port 36722 [preauth]
May  5 20:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Invalid user user from 80.248.59.138
May  5 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: input_userauth_request: invalid user user [preauth]
May  5 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Failed password for invalid user user from 80.248.59.138 port 36906 ssh2
May  5 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4711]: Connection closed by 80.248.59.138 port 36906 [preauth]
May  5 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: Invalid user admin from 80.248.59.138
May  5 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: input_userauth_request: invalid user admin [preauth]
May  5 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: Failed password for invalid user admin from 80.248.59.138 port 37068 ssh2
May  5 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: Connection closed by 80.248.59.138 port 37068 [preauth]
May  5 20:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Invalid user test from 80.248.59.138
May  5 20:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: input_userauth_request: invalid user test [preauth]
May  5 20:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session closed for user p13x
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: Successful su for rubyman by root
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: + ??? root:rubyman
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335877 of user rubyman.
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: pam_unix(su:session): session closed for user rubyman
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335877.
May  5 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for invalid user test from 80.248.59.138 port 37236 ssh2
May  5 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 80.248.59.138 port 37236 [preauth]
May  5 20:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Invalid user oracle from 80.248.59.138
May  5 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: input_userauth_request: invalid user oracle [preauth]
May  5 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Failed password for invalid user oracle from 80.248.59.138 port 37394 ssh2
May  5 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4871]: Connection closed by 80.248.59.138 port 37394 [preauth]
May  5 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1748]: pam_unix(cron:session): session closed for user root
May  5 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4729]: pam_unix(cron:session): session closed for user samftp
May  5 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Invalid user deploy from 80.248.59.138
May  5 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: input_userauth_request: invalid user deploy [preauth]
May  5 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Invalid user frank from 221.161.235.168
May  5 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: input_userauth_request: invalid user frank [preauth]
May  5 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for invalid user deploy from 80.248.59.138 port 37582 ssh2
May  5 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Connection closed by 80.248.59.138 port 37582 [preauth]
May  5 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Failed password for invalid user frank from 221.161.235.168 port 54746 ssh2
May  5 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Received disconnect from 221.161.235.168 port 54746:11: Bye Bye [preauth]
May  5 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Disconnected from 221.161.235.168 port 54746 [preauth]
May  5 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Invalid user cs2 from 80.248.59.138
May  5 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: input_userauth_request: invalid user cs2 [preauth]
May  5 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Failed password for invalid user cs2 from 80.248.59.138 port 37756 ssh2
May  5 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5200]: Connection closed by 80.248.59.138 port 37756 [preauth]
May  5 20:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Invalid user minecraft from 80.248.59.138
May  5 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: input_userauth_request: invalid user minecraft [preauth]
May  5 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for invalid user minecraft from 80.248.59.138 port 37944 ssh2
May  5 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Connection closed by 80.248.59.138 port 37944 [preauth]
May  5 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Invalid user steam from 80.248.59.138
May  5 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: input_userauth_request: invalid user steam [preauth]
May  5 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.248.59.138
May  5 20:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Failed password for invalid user steam from 80.248.59.138 port 38160 ssh2
May  5 20:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5232]: Connection closed by 80.248.59.138 port 38160 [preauth]
May  5 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3600]: pam_unix(cron:session): session closed for user root
May  5 20:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Invalid user ubnt from 80.94.95.241
May  5 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: input_userauth_request: invalid user ubnt [preauth]
May  5 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Failed password for invalid user ubnt from 80.94.95.241 port 51422 ssh2
May  5 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Failed password for invalid user ubnt from 80.94.95.241 port 51422 ssh2
May  5 20:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Failed password for invalid user ubnt from 80.94.95.241 port 51422 ssh2
May  5 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: Invalid user D from 195.178.110.50
May  5 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: input_userauth_request: invalid user D [preauth]
May  5 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Failed password for invalid user ubnt from 80.94.95.241 port 51422 ssh2
May  5 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5367]: pam_unix(cron:session): session closed for user p13x
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: Successful su for rubyman by root
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: + ??? root:rubyman
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335881 of user rubyman.
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5431]: pam_unix(su:session): session closed for user rubyman
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335881.
May  5 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: Failed password for invalid user D from 195.178.110.50 port 29550 ssh2
May  5 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Failed password for invalid user ubnt from 80.94.95.241 port 51422 ssh2
May  5 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Received disconnect from 80.94.95.241 port 51422:11: Bye [preauth]
May  5 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: Disconnected from 80.94.95.241 port 51422 [preauth]
May  5 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5347]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5315]: Connection closed by 195.178.110.50 port 29550 [preauth]
May  5 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2281]: pam_unix(cron:session): session closed for user root
May  5 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5368]: pam_unix(cron:session): session closed for user samftp
May  5 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Invalid user % from 195.178.110.50
May  5 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: input_userauth_request: invalid user % [preauth]
May  5 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for invalid user % from 195.178.110.50 port 19874 ssh2
May  5 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Connection closed by 195.178.110.50 port 19874 [preauth]
May  5 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session closed for user root
May  5 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Invalid user d from 195.178.110.50
May  5 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: input_userauth_request: invalid user d [preauth]
May  5 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Failed password for invalid user d from 195.178.110.50 port 38284 ssh2
May  5 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Connection closed by 195.178.110.50 port 38284 [preauth]
May  5 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Failed password for root from 206.189.230.76 port 53320 ssh2
May  5 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Received disconnect from 206.189.230.76 port 53320:11: Bye Bye [preauth]
May  5 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5899]: Disconnected from 206.189.230.76 port 53320 [preauth]
May  5 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5923]: pam_unix(cron:session): session closed for user p13x
May  5 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5986]: Successful su for rubyman by root
May  5 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5986]: + ??? root:rubyman
May  5 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335884 of user rubyman.
May  5 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5986]: pam_unix(su:session): session closed for user rubyman
May  5 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335884.
May  5 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Invalid user E from 195.178.110.50
May  5 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: input_userauth_request: invalid user E [preauth]
May  5 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2738]: pam_unix(cron:session): session closed for user root
May  5 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user E from 195.178.110.50 port 12232 ssh2
May  5 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Connection closed by 195.178.110.50 port 12232 [preauth]
May  5 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5924]: pam_unix(cron:session): session closed for user samftp
May  5 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Invalid user user from 80.94.95.29
May  5 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: input_userauth_request: invalid user user [preauth]
May  5 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for invalid user user from 80.94.95.29 port 39596 ssh2
May  5 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: Invalid user & from 195.178.110.50
May  5 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: input_userauth_request: invalid user & [preauth]
May  5 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for invalid user user from 80.94.95.29 port 39596 ssh2
May  5 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: Failed password for invalid user & from 195.178.110.50 port 26836 ssh2
May  5 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for invalid user user from 80.94.95.29 port 39596 ssh2
May  5 20:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for invalid user user from 80.94.95.29 port 39596 ssh2
May  5 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: Connection closed by 195.178.110.50 port 26836 [preauth]
May  5 20:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Failed password for invalid user user from 80.94.95.29 port 39596 ssh2
May  5 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Received disconnect from 80.94.95.29 port 39596:11: Bye [preauth]
May  5 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: Disconnected from 80.94.95.29 port 39596 [preauth]
May  5 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6223]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session closed for user root
May  5 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 20:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Failed password for root from 164.68.105.9 port 40084 ssh2
May  5 20:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6318]: Connection closed by 164.68.105.9 port 40084 [preauth]
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6348]: pam_unix(cron:session): session closed for user p13x
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: Successful su for rubyman by root
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: + ??? root:rubyman
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335889 of user rubyman.
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6409]: pam_unix(su:session): session closed for user rubyman
May  5 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335889.
May  5 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session closed for user root
May  5 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6349]: pam_unix(cron:session): session closed for user samftp
May  5 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105  user=root
May  5 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: Failed password for root from 213.176.73.105 port 59104 ssh2
May  5 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: Received disconnect from 213.176.73.105 port 59104:11: Bye Bye [preauth]
May  5 20:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6631]: Disconnected from 213.176.73.105 port 59104 [preauth]
May  5 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5370]: pam_unix(cron:session): session closed for user root
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session closed for user root
May  5 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6760]: pam_unix(cron:session): session closed for user p13x
May  5 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: Successful su for rubyman by root
May  5 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: + ??? root:rubyman
May  5 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335897 of user rubyman.
May  5 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: pam_unix(su:session): session closed for user rubyman
May  5 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335897.
May  5 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session closed for user root
May  5 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3599]: pam_unix(cron:session): session closed for user root
May  5 20:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6761]: pam_unix(cron:session): session closed for user samftp
May  5 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: Invalid user rnd from 96.78.175.39
May  5 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: input_userauth_request: invalid user rnd [preauth]
May  5 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: Failed password for invalid user rnd from 96.78.175.39 port 53562 ssh2
May  5 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: Received disconnect from 96.78.175.39 port 53562:11: Bye Bye [preauth]
May  5 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: Disconnected from 96.78.175.39 port 53562 [preauth]
May  5 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Invalid user uptime from 103.26.136.173
May  5 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: input_userauth_request: invalid user uptime [preauth]
May  5 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Failed password for invalid user uptime from 103.26.136.173 port 57104 ssh2
May  5 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Received disconnect from 103.26.136.173 port 57104:11: Bye Bye [preauth]
May  5 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7187]: Disconnected from 103.26.136.173 port 57104 [preauth]
May  5 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5926]: pam_unix(cron:session): session closed for user root
May  5 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Invalid user solx from 92.118.39.65
May  5 20:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: input_userauth_request: invalid user solx [preauth]
May  5 20:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Failed password for invalid user solx from 92.118.39.65 port 35516 ssh2
May  5 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Connection closed by 92.118.39.65 port 35516 [preauth]
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7309]: pam_unix(cron:session): session closed for user p13x
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: Successful su for rubyman by root
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: + ??? root:rubyman
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335898 of user rubyman.
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7372]: pam_unix(su:session): session closed for user rubyman
May  5 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335898.
May  5 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session closed for user root
May  5 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7310]: pam_unix(cron:session): session closed for user samftp
May  5 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6351]: pam_unix(cron:session): session closed for user root
May  5 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Invalid user bruno from 221.161.235.168
May  5 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: input_userauth_request: invalid user bruno [preauth]
May  5 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Failed password for invalid user bruno from 221.161.235.168 port 35030 ssh2
May  5 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Received disconnect from 221.161.235.168 port 35030:11: Bye Bye [preauth]
May  5 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Disconnected from 221.161.235.168 port 35030 [preauth]
May  5 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Failed password for root from 206.189.230.76 port 58150 ssh2
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Received disconnect from 206.189.230.76 port 58150:11: Bye Bye [preauth]
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7832]: Disconnected from 206.189.230.76 port 58150 [preauth]
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7835]: pam_unix(cron:session): session closed for user p13x
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7896]: Successful su for rubyman by root
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7896]: + ??? root:rubyman
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335902 of user rubyman.
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7896]: pam_unix(su:session): session closed for user rubyman
May  5 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335902.
May  5 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session closed for user root
May  5 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7836]: pam_unix(cron:session): session closed for user samftp
May  5 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session closed for user root
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8257]: pam_unix(cron:session): session closed for user p13x
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: Successful su for rubyman by root
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: + ??? root:rubyman
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335908 of user rubyman.
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8317]: pam_unix(su:session): session closed for user rubyman
May  5 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335908.
May  5 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5369]: pam_unix(cron:session): session closed for user root
May  5 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session closed for user samftp
May  5 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7312]: pam_unix(cron:session): session closed for user root
May  5 20:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105  user=root
May  5 20:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Failed password for root from 213.176.73.105 port 35352 ssh2
May  5 20:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Received disconnect from 213.176.73.105 port 35352:11: Bye Bye [preauth]
May  5 20:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8631]: Disconnected from 213.176.73.105 port 35352 [preauth]
May  5 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session closed for user p13x
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: Successful su for rubyman by root
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: + ??? root:rubyman
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335911 of user rubyman.
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: pam_unix(su:session): session closed for user rubyman
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335911.
May  5 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8683]: pam_unix(cron:session): session closed for user root
May  5 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5925]: pam_unix(cron:session): session closed for user root
May  5 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user samftp
May  5 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7838]: pam_unix(cron:session): session closed for user root
May  5 20:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Invalid user system from 96.78.175.39
May  5 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: input_userauth_request: invalid user system [preauth]
May  5 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Failed password for invalid user system from 96.78.175.39 port 32866 ssh2
May  5 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Received disconnect from 96.78.175.39 port 32866:11: Bye Bye [preauth]
May  5 20:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9257]: Disconnected from 96.78.175.39 port 32866 [preauth]
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9313]: pam_unix(cron:session): session closed for user root
May  5 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user p13x
May  5 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9381]: Successful su for rubyman by root
May  5 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9381]: + ??? root:rubyman
May  5 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335917 of user rubyman.
May  5 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9381]: pam_unix(su:session): session closed for user rubyman
May  5 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335917.
May  5 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user root
May  5 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6350]: pam_unix(cron:session): session closed for user root
May  5 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session closed for user samftp
May  5 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user root
May  5 20:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Invalid user zhanghua from 103.26.136.173
May  5 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: input_userauth_request: invalid user zhanghua [preauth]
May  5 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for invalid user zhanghua from 103.26.136.173 port 35918 ssh2
May  5 20:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Received disconnect from 103.26.136.173 port 35918:11: Bye Bye [preauth]
May  5 20:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Disconnected from 103.26.136.173 port 35918 [preauth]
May  5 20:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: Invalid user mhlee from 46.244.96.25
May  5 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: input_userauth_request: invalid user mhlee [preauth]
May  5 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 20:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: Failed password for invalid user mhlee from 46.244.96.25 port 46956 ssh2
May  5 20:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9730]: Connection closed by 46.244.96.25 port 46956 [preauth]
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9743]: pam_unix(cron:session): session closed for user p13x
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9813]: Successful su for rubyman by root
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9813]: + ??? root:rubyman
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335923 of user rubyman.
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9813]: pam_unix(su:session): session closed for user rubyman
May  5 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335923.
May  5 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6763]: pam_unix(cron:session): session closed for user root
May  5 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9744]: pam_unix(cron:session): session closed for user samftp
May  5 20:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 20:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10006]: Failed password for root from 206.189.230.76 port 37582 ssh2
May  5 20:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10006]: Received disconnect from 206.189.230.76 port 37582:11: Bye Bye [preauth]
May  5 20:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10006]: Disconnected from 206.189.230.76 port 37582 [preauth]
May  5 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session closed for user root
May  5 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10152]: pam_unix(cron:session): session closed for user p13x
May  5 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10299]: Successful su for rubyman by root
May  5 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10299]: + ??? root:rubyman
May  5 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335926 of user rubyman.
May  5 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10299]: pam_unix(su:session): session closed for user rubyman
May  5 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335926.
May  5 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7311]: pam_unix(cron:session): session closed for user root
May  5 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10153]: pam_unix(cron:session): session closed for user samftp
May  5 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Failed password for root from 221.161.235.168 port 43562 ssh2
May  5 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Received disconnect from 221.161.235.168 port 43562:11: Bye Bye [preauth]
May  5 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10457]: Disconnected from 221.161.235.168 port 43562 [preauth]
May  5 20:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Invalid user x from 92.118.39.65
May  5 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: input_userauth_request: invalid user x [preauth]
May  5 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Failed password for invalid user x from 92.118.39.65 port 48484 ssh2
May  5 20:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Connection closed by 92.118.39.65 port 48484 [preauth]
May  5 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9312]: pam_unix(cron:session): session closed for user root
May  5 20:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Failed password for root from 218.92.0.179 port 47438 ssh2
May  5 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 47438 ssh2]
May  5 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Received disconnect from 218.92.0.179 port 47438:11:  [preauth]
May  5 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: Disconnected from 218.92.0.179 port 47438 [preauth]
May  5 20:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10629]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10702]: pam_unix(cron:session): session closed for user p13x
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: Successful su for rubyman by root
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: + ??? root:rubyman
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335929 of user rubyman.
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10788]: pam_unix(su:session): session closed for user rubyman
May  5 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335929.
May  5 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7837]: pam_unix(cron:session): session closed for user root
May  5 20:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session closed for user samftp
May  5 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105  user=root
May  5 20:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Failed password for root from 213.176.73.105 port 34758 ssh2
May  5 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Received disconnect from 213.176.73.105 port 34758:11: Bye Bye [preauth]
May  5 20:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10948]: Disconnected from 213.176.73.105 port 34758 [preauth]
May  5 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9748]: pam_unix(cron:session): session closed for user root
May  5 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11115]: pam_unix(cron:session): session closed for user p13x
May  5 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: Successful su for rubyman by root
May  5 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: + ??? root:rubyman
May  5 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335934 of user rubyman.
May  5 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11178]: pam_unix(su:session): session closed for user rubyman
May  5 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335934.
May  5 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user root
May  5 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session closed for user samftp
May  5 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Invalid user zhouhao from 96.78.175.39
May  5 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: input_userauth_request: invalid user zhouhao [preauth]
May  5 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Failed password for invalid user zhouhao from 96.78.175.39 port 40402 ssh2
May  5 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Received disconnect from 96.78.175.39 port 40402:11: Bye Bye [preauth]
May  5 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11413]: Disconnected from 96.78.175.39 port 40402 [preauth]
May  5 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session closed for user root
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session closed for user root
May  5 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user p13x
May  5 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: Successful su for rubyman by root
May  5 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: + ??? root:rubyman
May  5 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335939 of user rubyman.
May  5 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11582]: pam_unix(su:session): session closed for user rubyman
May  5 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335939.
May  5 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user root
May  5 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session closed for user root
May  5 20:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user samftp
May  5 20:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: Failed password for root from 206.189.230.76 port 51324 ssh2
May  5 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: Received disconnect from 206.189.230.76 port 51324:11: Bye Bye [preauth]
May  5 20:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11825]: Disconnected from 206.189.230.76 port 51324 [preauth]
May  5 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session closed for user root
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11934]: pam_unix(cron:session): session closed for user p13x
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12005]: Successful su for rubyman by root
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12005]: + ??? root:rubyman
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335944 of user rubyman.
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12005]: pam_unix(su:session): session closed for user rubyman
May  5 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335944.
May  5 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session closed for user root
May  5 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11935]: pam_unix(cron:session): session closed for user samftp
May  5 20:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Invalid user user from 103.26.136.173
May  5 20:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: input_userauth_request: invalid user user [preauth]
May  5 20:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Failed password for invalid user user from 103.26.136.173 port 42964 ssh2
May  5 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Received disconnect from 103.26.136.173 port 42964:11: Bye Bye [preauth]
May  5 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Disconnected from 103.26.136.173 port 42964 [preauth]
May  5 20:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12185]: Connection closed by 167.94.138.198 port 38344 [preauth]
May  5 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session closed for user root
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12350]: pam_unix(cron:session): session closed for user root
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12352]: pam_unix(cron:session): session closed for user p13x
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12413]: Successful su for rubyman by root
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12413]: + ??? root:rubyman
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335949 of user rubyman.
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12413]: pam_unix(su:session): session closed for user rubyman
May  5 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335949.
May  5 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9747]: pam_unix(cron:session): session closed for user root
May  5 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12353]: pam_unix(cron:session): session closed for user samftp
May  5 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session closed for user root
May  5 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Invalid user practice from 221.161.235.168
May  5 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: input_userauth_request: invalid user practice [preauth]
May  5 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Failed password for invalid user practice from 221.161.235.168 port 52088 ssh2
May  5 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Received disconnect from 221.161.235.168 port 52088:11: Bye Bye [preauth]
May  5 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12683]: Disconnected from 221.161.235.168 port 52088 [preauth]
May  5 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Invalid user won from 213.176.73.105
May  5 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: input_userauth_request: invalid user won [preauth]
May  5 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Failed password for invalid user won from 213.176.73.105 port 46100 ssh2
May  5 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Received disconnect from 213.176.73.105 port 46100:11: Bye Bye [preauth]
May  5 20:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12685]: Disconnected from 213.176.73.105 port 46100 [preauth]
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session closed for user p13x
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: Successful su for rubyman by root
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: + ??? root:rubyman
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335953 of user rubyman.
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: pam_unix(su:session): session closed for user rubyman
May  5 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335953.
May  5 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10154]: pam_unix(cron:session): session closed for user root
May  5 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session closed for user samftp
May  5 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11937]: pam_unix(cron:session): session closed for user root
May  5 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Invalid user vali from 92.118.39.65
May  5 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: input_userauth_request: invalid user vali [preauth]
May  5 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Failed password for invalid user vali from 92.118.39.65 port 33220 ssh2
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13129]: pam_unix(cron:session): session closed for user p13x
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13126]: Connection closed by 92.118.39.65 port 33220 [preauth]
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: Successful su for rubyman by root
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: + ??? root:rubyman
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335957 of user rubyman.
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13189]: pam_unix(su:session): session closed for user rubyman
May  5 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335957.
May  5 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session closed for user root
May  5 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13130]: pam_unix(cron:session): session closed for user samftp
May  5 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: Invalid user kettle from 96.78.175.39
May  5 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: input_userauth_request: invalid user kettle [preauth]
May  5 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: Failed password for invalid user kettle from 96.78.175.39 port 47942 ssh2
May  5 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: Received disconnect from 96.78.175.39 port 47942:11: Bye Bye [preauth]
May  5 20:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13416]: Disconnected from 96.78.175.39 port 47942 [preauth]
May  5 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session closed for user root
May  5 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Invalid user alex from 206.189.230.76
May  5 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: input_userauth_request: invalid user alex [preauth]
May  5 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Failed password for invalid user alex from 206.189.230.76 port 47362 ssh2
May  5 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Received disconnect from 206.189.230.76 port 47362:11: Bye Bye [preauth]
May  5 20:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Disconnected from 206.189.230.76 port 47362 [preauth]
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13666]: pam_unix(cron:session): session closed for user root
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session closed for user p13x
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13736]: Successful su for rubyman by root
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13736]: + ??? root:rubyman
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335961 of user rubyman.
May  5 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13736]: pam_unix(su:session): session closed for user rubyman
May  5 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335961.
May  5 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session closed for user root
May  5 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session closed for user root
May  5 20:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13662]: pam_unix(cron:session): session closed for user samftp
May  5 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session closed for user root
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14103]: pam_unix(cron:session): session closed for user p13x
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: Successful su for rubyman by root
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: + ??? root:rubyman
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335967 of user rubyman.
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14173]: pam_unix(su:session): session closed for user rubyman
May  5 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335967.
May  5 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user root
May  5 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14104]: pam_unix(cron:session): session closed for user samftp
May  5 20:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Invalid user beetroot from 103.26.136.173
May  5 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: input_userauth_request: invalid user beetroot [preauth]
May  5 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Failed password for invalid user beetroot from 103.26.136.173 port 50008 ssh2
May  5 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Received disconnect from 103.26.136.173 port 50008:11: Bye Bye [preauth]
May  5 20:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Disconnected from 103.26.136.173 port 50008 [preauth]
May  5 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session closed for user root
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14509]: pam_unix(cron:session): session closed for user p13x
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: Successful su for rubyman by root
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: + ??? root:rubyman
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335971 of user rubyman.
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14572]: pam_unix(su:session): session closed for user rubyman
May  5 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335971.
May  5 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105  user=root
May  5 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11936]: pam_unix(cron:session): session closed for user root
May  5 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: Failed password for root from 213.176.73.105 port 54024 ssh2
May  5 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: Received disconnect from 213.176.73.105 port 54024:11: Bye Bye [preauth]
May  5 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14607]: Disconnected from 213.176.73.105 port 54024 [preauth]
May  5 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14510]: pam_unix(cron:session): session closed for user samftp
May  5 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13665]: pam_unix(cron:session): session closed for user root
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14922]: pam_unix(cron:session): session closed for user p13x
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: Successful su for rubyman by root
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: + ??? root:rubyman
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335975 of user rubyman.
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: pam_unix(su:session): session closed for user rubyman
May  5 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335975.
May  5 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session closed for user root
May  5 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session closed for user samftp
May  5 20:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 20:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Failed password for root from 221.161.235.168 port 60610 ssh2
May  5 20:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Received disconnect from 221.161.235.168 port 60610:11: Bye Bye [preauth]
May  5 20:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Disconnected from 221.161.235.168 port 60610 [preauth]
May  5 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14107]: pam_unix(cron:session): session closed for user root
May  5 20:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 20:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Failed password for root from 206.189.230.76 port 32810 ssh2
May  5 20:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Received disconnect from 206.189.230.76 port 32810:11: Bye Bye [preauth]
May  5 20:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15309]: Disconnected from 206.189.230.76 port 32810 [preauth]
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session closed for user p13x
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15383]: Successful su for rubyman by root
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15383]: + ??? root:rubyman
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335978 of user rubyman.
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15383]: pam_unix(su:session): session closed for user rubyman
May  5 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335978.
May  5 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session closed for user root
May  5 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session closed for user samftp
May  5 20:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Invalid user test from 96.78.175.39
May  5 20:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: input_userauth_request: invalid user test [preauth]
May  5 20:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Failed password for invalid user test from 96.78.175.39 port 55478 ssh2
May  5 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Received disconnect from 96.78.175.39 port 55478:11: Bye Bye [preauth]
May  5 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Disconnected from 96.78.175.39 port 55478 [preauth]
May  5 20:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Did not receive identification string from 196.251.114.29
May  5 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14512]: pam_unix(cron:session): session closed for user root
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15721]: pam_unix(cron:session): session closed for user root
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15715]: pam_unix(cron:session): session closed for user p13x
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15787]: Successful su for rubyman by root
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15787]: + ??? root:rubyman
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335986 of user rubyman.
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15787]: pam_unix(su:session): session closed for user rubyman
May  5 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335986.
May  5 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15717]: pam_unix(cron:session): session closed for user root
May  5 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13131]: pam_unix(cron:session): session closed for user root
May  5 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15716]: pam_unix(cron:session): session closed for user samftp
May  5 20:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Invalid user bitch from 50.235.31.47
May  5 20:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: input_userauth_request: invalid user bitch [preauth]
May  5 20:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Failed password for invalid user bitch from 50.235.31.47 port 52786 ssh2
May  5 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16049]: Connection closed by 50.235.31.47 port 52786 [preauth]
May  5 20:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Invalid user a from 92.118.39.65
May  5 20:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: input_userauth_request: invalid user a [preauth]
May  5 20:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session closed for user root
May  5 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user a from 92.118.39.65 port 46188 ssh2
May  5 20:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Connection closed by 92.118.39.65 port 46188 [preauth]
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16137]: pam_unix(cron:session): session closed for user p13x
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: Successful su for rubyman by root
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: + ??? root:rubyman
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335989 of user rubyman.
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16203]: pam_unix(su:session): session closed for user rubyman
May  5 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335989.
May  5 20:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13664]: pam_unix(cron:session): session closed for user root
May  5 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16138]: pam_unix(cron:session): session closed for user samftp
May  5 20:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Invalid user choi from 213.176.73.105
May  5 20:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: input_userauth_request: invalid user choi [preauth]
May  5 20:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Failed password for invalid user choi from 213.176.73.105 port 34530 ssh2
May  5 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Received disconnect from 213.176.73.105 port 34530:11: Bye Bye [preauth]
May  5 20:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16404]: Disconnected from 213.176.73.105 port 34530 [preauth]
May  5 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15324]: pam_unix(cron:session): session closed for user root
May  5 20:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16572]: pam_unix(cron:session): session closed for user p13x
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16656]: Successful su for rubyman by root
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16656]: + ??? root:rubyman
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335995 of user rubyman.
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16656]: pam_unix(su:session): session closed for user rubyman
May  5 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335995.
May  5 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: Failed password for root from 103.26.136.173 port 57064 ssh2
May  5 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: Received disconnect from 103.26.136.173 port 57064:11: Bye Bye [preauth]
May  5 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16566]: Disconnected from 103.26.136.173 port 57064 [preauth]
May  5 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14105]: pam_unix(cron:session): session closed for user root
May  5 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16573]: pam_unix(cron:session): session closed for user samftp
May  5 20:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15720]: pam_unix(cron:session): session closed for user root
May  5 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17021]: pam_unix(cron:session): session closed for user p13x
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: Successful su for rubyman by root
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: + ??? root:rubyman
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 335996 of user rubyman.
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17083]: pam_unix(su:session): session closed for user rubyman
May  5 20:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 335996.
May  5 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14511]: pam_unix(cron:session): session closed for user root
May  5 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session closed for user samftp
May  5 20:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Invalid user kodi from 206.189.230.76
May  5 20:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: input_userauth_request: invalid user kodi [preauth]
May  5 20:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for invalid user kodi from 206.189.230.76 port 38242 ssh2
May  5 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Received disconnect from 206.189.230.76 port 38242:11: Bye Bye [preauth]
May  5 20:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Disconnected from 206.189.230.76 port 38242 [preauth]
May  5 20:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16140]: pam_unix(cron:session): session closed for user root
May  5 20:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Invalid user tomcat from 221.161.235.168
May  5 20:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: input_userauth_request: invalid user tomcat [preauth]
May  5 20:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 20:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Failed password for invalid user tomcat from 221.161.235.168 port 40896 ssh2
May  5 20:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Received disconnect from 221.161.235.168 port 40896:11: Bye Bye [preauth]
May  5 20:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Disconnected from 221.161.235.168 port 40896 [preauth]
May  5 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Invalid user fort from 96.78.175.39
May  5 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: input_userauth_request: invalid user fort [preauth]
May  5 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user fort from 96.78.175.39 port 34782 ssh2
May  5 20:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Received disconnect from 96.78.175.39 port 34782:11: Bye Bye [preauth]
May  5 20:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Disconnected from 96.78.175.39 port 34782 [preauth]
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17467]: pam_unix(cron:session): session closed for user p13x
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17539]: Successful su for rubyman by root
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17539]: + ??? root:rubyman
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336000 of user rubyman.
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17539]: pam_unix(su:session): session closed for user rubyman
May  5 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336000.
May  5 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session closed for user root
May  5 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17468]: pam_unix(cron:session): session closed for user samftp
May  5 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16575]: pam_unix(cron:session): session closed for user root
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18000]: pam_unix(cron:session): session closed for user root
May  5 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17992]: pam_unix(cron:session): session closed for user p13x
May  5 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18072]: Successful su for rubyman by root
May  5 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18072]: + ??? root:rubyman
May  5 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336007 of user rubyman.
May  5 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18072]: pam_unix(su:session): session closed for user rubyman
May  5 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336007.
May  5 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17996]: pam_unix(cron:session): session closed for user root
May  5 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user root
May  5 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17994]: pam_unix(cron:session): session closed for user samftp
May  5 20:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session closed for user root
May  5 20:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: Invalid user serial# from 213.176.73.105
May  5 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: input_userauth_request: invalid user serial# [preauth]
May  5 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: Failed password for invalid user serial# from 213.176.73.105 port 51236 ssh2
May  5 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: Received disconnect from 213.176.73.105 port 51236:11: Bye Bye [preauth]
May  5 20:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18415]: Disconnected from 213.176.73.105 port 51236 [preauth]
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session closed for user p13x
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18516]: Successful su for rubyman by root
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18516]: + ??? root:rubyman
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18516]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336011 of user rubyman.
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18516]: pam_unix(su:session): session closed for user rubyman
May  5 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336011.
May  5 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15718]: pam_unix(cron:session): session closed for user root
May  5 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session closed for user samftp
May  5 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Invalid user admin from 80.94.95.125
May  5 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: input_userauth_request: invalid user admin [preauth]
May  5 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 20:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for invalid user admin from 80.94.95.125 port 30125 ssh2
May  5 20:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for invalid user admin from 80.94.95.125 port 30125 ssh2
May  5 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for invalid user admin from 80.94.95.125 port 30125 ssh2
May  5 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for invalid user admin from 80.94.95.125 port 30125 ssh2
May  5 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for invalid user admin from 80.94.95.125 port 30125 ssh2
May  5 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Received disconnect from 80.94.95.125 port 30125:11: Bye [preauth]
May  5 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Disconnected from 80.94.95.125 port 30125 [preauth]
May  5 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 20:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17470]: pam_unix(cron:session): session closed for user root
May  5 20:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session closed for user p13x
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Failed password for root from 218.92.0.179 port 23134 ssh2
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: Successful su for rubyman by root
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: + ??? root:rubyman
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336014 of user rubyman.
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18932]: pam_unix(su:session): session closed for user rubyman
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336014.
May  5 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Invalid user ubuntu from 92.118.39.65
May  5 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: input_userauth_request: invalid user ubuntu [preauth]
May  5 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Failed password for root from 218.92.0.179 port 23134 ssh2
May  5 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16139]: pam_unix(cron:session): session closed for user root
May  5 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Failed password for invalid user ubuntu from 92.118.39.65 port 59156 ssh2
May  5 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18952]: Connection closed by 92.118.39.65 port 59156 [preauth]
May  5 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Failed password for root from 218.92.0.179 port 23134 ssh2
May  5 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18871]: pam_unix(cron:session): session closed for user samftp
May  5 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Received disconnect from 218.92.0.179 port 23134:11:  [preauth]
May  5 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: Disconnected from 218.92.0.179 port 23134 [preauth]
May  5 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18856]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76  user=root
May  5 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Failed password for root from 206.189.230.76 port 54906 ssh2
May  5 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Received disconnect from 206.189.230.76 port 54906:11: Bye Bye [preauth]
May  5 20:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19143]: Disconnected from 206.189.230.76 port 54906 [preauth]
May  5 20:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Invalid user rnd from 103.26.136.173
May  5 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: input_userauth_request: invalid user rnd [preauth]
May  5 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Failed password for invalid user rnd from 103.26.136.173 port 35882 ssh2
May  5 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Received disconnect from 103.26.136.173 port 35882:11: Bye Bye [preauth]
May  5 20:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Disconnected from 103.26.136.173 port 35882 [preauth]
May  5 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17999]: pam_unix(cron:session): session closed for user root
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19305]: pam_unix(cron:session): session closed for user p13x
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: Successful su for rubyman by root
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: + ??? root:rubyman
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336018 of user rubyman.
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: pam_unix(su:session): session closed for user rubyman
May  5 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336018.
May  5 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16574]: pam_unix(cron:session): session closed for user root
May  5 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19306]: pam_unix(cron:session): session closed for user samftp
May  5 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: Invalid user uptime from 96.78.175.39
May  5 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: input_userauth_request: invalid user uptime [preauth]
May  5 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18450]: pam_unix(cron:session): session closed for user root
May  5 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: Failed password for invalid user uptime from 96.78.175.39 port 42320 ssh2
May  5 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: Received disconnect from 96.78.175.39 port 42320:11: Bye Bye [preauth]
May  5 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19630]: Disconnected from 96.78.175.39 port 42320 [preauth]
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19719]: pam_unix(cron:session): session closed for user p13x
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19780]: Successful su for rubyman by root
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19780]: + ??? root:rubyman
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336024 of user rubyman.
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19780]: pam_unix(su:session): session closed for user rubyman
May  5 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336024.
May  5 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session closed for user root
May  5 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session closed for user samftp
May  5 20:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Invalid user admin from 80.94.95.112
May  5 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: input_userauth_request: invalid user admin [preauth]
May  5 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Failed password for invalid user admin from 80.94.95.112 port 24180 ssh2
May  5 20:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Failed password for invalid user admin from 80.94.95.112 port 24180 ssh2
May  5 20:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Failed password for invalid user admin from 80.94.95.112 port 24180 ssh2
May  5 20:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Failed password for invalid user admin from 80.94.95.112 port 24180 ssh2
May  5 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168  user=root
May  5 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Failed password for invalid user admin from 80.94.95.112 port 24180 ssh2
May  5 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Received disconnect from 80.94.95.112 port 24180:11: Bye [preauth]
May  5 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: Disconnected from 80.94.95.112 port 24180 [preauth]
May  5 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 20:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19977]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Failed password for root from 221.161.235.168 port 49424 ssh2
May  5 20:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Received disconnect from 221.161.235.168 port 49424:11: Bye Bye [preauth]
May  5 20:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20012]: Disconnected from 221.161.235.168 port 49424 [preauth]
May  5 20:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18873]: pam_unix(cron:session): session closed for user root
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20176]: pam_unix(cron:session): session closed for user root
May  5 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20171]: pam_unix(cron:session): session closed for user p13x
May  5 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: Successful su for rubyman by root
May  5 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: + ??? root:rubyman
May  5 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336027 of user rubyman.
May  5 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20237]: pam_unix(su:session): session closed for user rubyman
May  5 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336027.
May  5 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20173]: pam_unix(cron:session): session closed for user root
May  5 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session closed for user root
May  5 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: Invalid user admin from 139.19.117.131
May  5 20:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: input_userauth_request: invalid user admin [preauth]
May  5 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20172]: pam_unix(cron:session): session closed for user samftp
May  5 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Invalid user test1 from 213.176.73.105
May  5 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: input_userauth_request: invalid user test1 [preauth]
May  5 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Failed password for invalid user test1 from 213.176.73.105 port 33994 ssh2
May  5 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Received disconnect from 213.176.73.105 port 33994:11: Bye Bye [preauth]
May  5 20:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20434]: Disconnected from 213.176.73.105 port 33994 [preauth]
May  5 20:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20419]: Connection closed by 139.19.117.131 port 58620 [preauth]
May  5 20:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  5 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session closed for user root
May  5 20:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Failed password for root from 193.70.84.184 port 50772 ssh2
May  5 20:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Connection closed by 193.70.84.184 port 50772 [preauth]
May  5 20:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: Failed password for root from 218.92.0.212 port 23230 ssh2
May  5 20:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: Failed password for root from 218.92.0.212 port 23230 ssh2
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20604]: pam_unix(cron:session): session closed for user p13x
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: Successful su for rubyman by root
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: + ??? root:rubyman
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336033 of user rubyman.
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20671]: pam_unix(su:session): session closed for user rubyman
May  5 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336033.
May  5 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: Failed password for root from 218.92.0.212 port 23230 ssh2
May  5 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17998]: pam_unix(cron:session): session closed for user root
May  5 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session closed for user samftp
May  5 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: Failed password for root from 218.92.0.212 port 23230 ssh2
May  5 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: Failed password for root from 218.92.0.212 port 23230 ssh2
May  5 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: error: maximum authentication attempts exceeded for root from 218.92.0.212 port 23230 ssh2 [preauth]
May  5 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: Disconnecting: Too many authentication failures [preauth]
May  5 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 20:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20583]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Invalid user ubuntu from 206.189.230.76
May  5 20:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: input_userauth_request: invalid user ubuntu [preauth]
May  5 20:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Failed password for invalid user ubuntu from 206.189.230.76 port 55746 ssh2
May  5 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Received disconnect from 206.189.230.76 port 55746:11: Bye Bye [preauth]
May  5 20:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: Disconnected from 206.189.230.76 port 55746 [preauth]
May  5 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user root
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21018]: pam_unix(cron:session): session closed for user p13x
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21081]: Successful su for rubyman by root
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21081]: + ??? root:rubyman
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336037 of user rubyman.
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21081]: pam_unix(su:session): session closed for user rubyman
May  5 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336037.
May  5 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18449]: pam_unix(cron:session): session closed for user root
May  5 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21019]: pam_unix(cron:session): session closed for user samftp
May  5 20:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20175]: pam_unix(cron:session): session closed for user root
May  5 20:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Failed password for root from 218.92.0.179 port 56444 ssh2
May  5 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56444 ssh2]
May  5 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Received disconnect from 218.92.0.179 port 56444:11:  [preauth]
May  5 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Disconnected from 218.92.0.179 port 56444 [preauth]
May  5 20:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: Invalid user dell from 103.26.136.173
May  5 20:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: input_userauth_request: invalid user dell [preauth]
May  5 20:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: Failed password for invalid user dell from 103.26.136.173 port 42924 ssh2
May  5 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: Received disconnect from 103.26.136.173 port 42924:11: Bye Bye [preauth]
May  5 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21443]: Disconnected from 103.26.136.173 port 42924 [preauth]
May  5 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21456]: pam_unix(cron:session): session closed for user p13x
May  5 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: Successful su for rubyman by root
May  5 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: + ??? root:rubyman
May  5 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336042 of user rubyman.
May  5 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21527]: pam_unix(su:session): session closed for user rubyman
May  5 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336042.
May  5 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18872]: pam_unix(cron:session): session closed for user root
May  5 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21457]: pam_unix(cron:session): session closed for user samftp
May  5 20:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: Invalid user dell from 96.78.175.39
May  5 20:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: input_userauth_request: invalid user dell [preauth]
May  5 20:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: Failed password for invalid user dell from 96.78.175.39 port 49856 ssh2
May  5 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: Received disconnect from 96.78.175.39 port 49856:11: Bye Bye [preauth]
May  5 20:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21869]: Disconnected from 96.78.175.39 port 49856 [preauth]
May  5 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20607]: pam_unix(cron:session): session closed for user root
May  5 20:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Invalid user ada from 92.118.39.65
May  5 20:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: input_userauth_request: invalid user ada [preauth]
May  5 20:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Failed password for invalid user ada from 92.118.39.65 port 43890 ssh2
May  5 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22119]: Connection closed by 92.118.39.65 port 43890 [preauth]
May  5 20:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 20:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Failed password for root from 218.92.0.215 port 32016 ssh2
May  5 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: message repeated 4 times: [ Failed password for root from 218.92.0.215 port 32016 ssh2]
May  5 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 32016 ssh2 [preauth]
May  5 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Disconnecting: Too many authentication failures [preauth]
May  5 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  5 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22197]: pam_unix(cron:session): session closed for user p13x
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22350]: Successful su for rubyman by root
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22350]: + ??? root:rubyman
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336044 of user rubyman.
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22350]: pam_unix(su:session): session closed for user rubyman
May  5 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336044.
May  5 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22195]: pam_unix(cron:session): session closed for user root
May  5 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19307]: pam_unix(cron:session): session closed for user root
May  5 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22198]: pam_unix(cron:session): session closed for user samftp
May  5 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Invalid user zxf from 213.176.73.105
May  5 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: input_userauth_request: invalid user zxf [preauth]
May  5 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Failed password for invalid user zxf from 213.176.73.105 port 32910 ssh2
May  5 20:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Received disconnect from 213.176.73.105 port 32910:11: Bye Bye [preauth]
May  5 20:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22653]: Disconnected from 213.176.73.105 port 32910 [preauth]
May  5 20:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21021]: pam_unix(cron:session): session closed for user root
May  5 20:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Invalid user ghazi from 221.161.235.168
May  5 20:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: input_userauth_request: invalid user ghazi [preauth]
May  5 20:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 20:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Failed password for invalid user ghazi from 221.161.235.168 port 57930 ssh2
May  5 20:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Received disconnect from 221.161.235.168 port 57930:11: Bye Bye [preauth]
May  5 20:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: Disconnected from 221.161.235.168 port 57930 [preauth]
May  5 20:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  5 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Invalid user ubnt from 80.94.95.241
May  5 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: input_userauth_request: invalid user ubnt [preauth]
May  5 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 20:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22742]: Failed password for root from 218.92.0.252 port 44122 ssh2
May  5 20:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for invalid user ubnt from 80.94.95.241 port 65361 ssh2
May  5 20:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for invalid user ubnt from 80.94.95.241 port 65361 ssh2
May  5 20:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22777]: pam_unix(cron:session): session closed for user root
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22770]: pam_unix(cron:session): session closed for user p13x
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: Successful su for rubyman by root
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: + ??? root:rubyman
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336054 of user rubyman.
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22851]: pam_unix(su:session): session closed for user rubyman
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336054.
May  5 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for invalid user ubnt from 80.94.95.241 port 65361 ssh2
May  5 20:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22772]: pam_unix(cron:session): session closed for user root
May  5 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user root
May  5 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for invalid user ubnt from 80.94.95.241 port 65361 ssh2
May  5 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for invalid user ubnt from 80.94.95.241 port 65361 ssh2
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22771]: pam_unix(cron:session): session closed for user samftp
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Received disconnect from 80.94.95.241 port 65361:11: Bye [preauth]
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Disconnected from 80.94.95.241 port 65361 [preauth]
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  5 20:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: Failed password for root from 186.96.145.241 port 54462 ssh2
May  5 20:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23160]: Connection closed by 186.96.145.241 port 54462 [preauth]
May  5 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Invalid user koumy from 206.189.230.76
May  5 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: input_userauth_request: invalid user koumy [preauth]
May  5 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.230.76
May  5 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21459]: pam_unix(cron:session): session closed for user root
May  5 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Failed password for invalid user koumy from 206.189.230.76 port 50672 ssh2
May  5 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Received disconnect from 206.189.230.76 port 50672:11: Bye Bye [preauth]
May  5 20:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Disconnected from 206.189.230.76 port 50672 [preauth]
May  5 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23265]: pam_unix(cron:session): session closed for user p13x
May  5 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23422]: Successful su for rubyman by root
May  5 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23422]: + ??? root:rubyman
May  5 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336056 of user rubyman.
May  5 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23422]: pam_unix(su:session): session closed for user rubyman
May  5 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336056.
May  5 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20174]: pam_unix(cron:session): session closed for user root
May  5 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23266]: pam_unix(cron:session): session closed for user samftp
May  5 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session closed for user root
May  5 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23850]: pam_unix(cron:session): session closed for user p13x
May  5 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: Successful su for rubyman by root
May  5 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: + ??? root:rubyman
May  5 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336059 of user rubyman.
May  5 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23932]: pam_unix(su:session): session closed for user rubyman
May  5 20:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336059.
May  5 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20606]: pam_unix(cron:session): session closed for user root
May  5 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23851]: pam_unix(cron:session): session closed for user samftp
May  5 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22775]: pam_unix(cron:session): session closed for user root
May  5 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24314]: pam_unix(cron:session): session closed for user p13x
May  5 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: Successful su for rubyman by root
May  5 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: + ??? root:rubyman
May  5 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336065 of user rubyman.
May  5 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24381]: pam_unix(su:session): session closed for user rubyman
May  5 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336065.
May  5 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21020]: pam_unix(cron:session): session closed for user root
May  5 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24315]: pam_unix(cron:session): session closed for user samftp
May  5 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Invalid user www from 96.78.175.39
May  5 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: input_userauth_request: invalid user www [preauth]
May  5 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.175.39
May  5 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Failed password for invalid user www from 96.78.175.39 port 57392 ssh2
May  5 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Received disconnect from 96.78.175.39 port 57392:11: Bye Bye [preauth]
May  5 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24584]: Disconnected from 96.78.175.39 port 57392 [preauth]
May  5 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
May  5 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Failed password for root from 103.26.136.173 port 49986 ssh2
May  5 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Received disconnect from 103.26.136.173 port 49986:11: Bye Bye [preauth]
May  5 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24641]: Disconnected from 103.26.136.173 port 49986 [preauth]
May  5 20:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23268]: pam_unix(cron:session): session closed for user root
May  5 20:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Invalid user fl from 213.176.73.105
May  5 20:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: input_userauth_request: invalid user fl [preauth]
May  5 20:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Failed password for invalid user fl from 213.176.73.105 port 55518 ssh2
May  5 20:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Received disconnect from 213.176.73.105 port 55518:11: Bye Bye [preauth]
May  5 20:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24727]: Disconnected from 213.176.73.105 port 55518 [preauth]
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24746]: pam_unix(cron:session): session closed for user p13x
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24808]: Successful su for rubyman by root
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24808]: + ??? root:rubyman
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336067 of user rubyman.
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24808]: pam_unix(su:session): session closed for user rubyman
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336067.
May  5 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21458]: pam_unix(cron:session): session closed for user root
May  5 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Invalid user test01 from 46.244.96.25
May  5 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: input_userauth_request: invalid user test01 [preauth]
May  5 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24747]: pam_unix(cron:session): session closed for user samftp
May  5 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for invalid user test01 from 46.244.96.25 port 60808 ssh2
May  5 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Connection closed by 46.244.96.25 port 60808 [preauth]
May  5 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23855]: pam_unix(cron:session): session closed for user root
May  5 20:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: Invalid user deploy from 103.133.36.6
May  5 20:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: input_userauth_request: invalid user deploy [preauth]
May  5 20:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 20:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: Failed password for invalid user deploy from 103.133.36.6 port 51814 ssh2
May  5 20:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: Received disconnect from 103.133.36.6 port 51814:11: Bye Bye [preauth]
May  5 20:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25134]: Disconnected from 103.133.36.6 port 51814 [preauth]
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25163]: pam_unix(cron:session): session closed for user root
May  5 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25158]: pam_unix(cron:session): session closed for user p13x
May  5 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25226]: Successful su for rubyman by root
May  5 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25226]: + ??? root:rubyman
May  5 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336072 of user rubyman.
May  5 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25226]: pam_unix(su:session): session closed for user rubyman
May  5 20:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336072.
May  5 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25160]: pam_unix(cron:session): session closed for user root
May  5 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session closed for user root
May  5 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25159]: pam_unix(cron:session): session closed for user samftp
May  5 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Invalid user cardano from 92.118.39.65
May  5 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: input_userauth_request: invalid user cardano [preauth]
May  5 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Failed password for invalid user cardano from 92.118.39.65 port 56858 ssh2
May  5 20:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25447]: Connection closed by 92.118.39.65 port 56858 [preauth]
May  5 20:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Invalid user testuser from 221.161.235.168
May  5 20:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: input_userauth_request: invalid user testuser [preauth]
May  5 20:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.161.235.168
May  5 20:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Failed password for invalid user testuser from 221.161.235.168 port 38226 ssh2
May  5 20:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Received disconnect from 221.161.235.168 port 38226:11: Bye Bye [preauth]
May  5 20:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Disconnected from 221.161.235.168 port 38226 [preauth]
May  5 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session closed for user root
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user p13x
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25718]: Successful su for rubyman by root
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25718]: + ??? root:rubyman
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336079 of user rubyman.
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25718]: pam_unix(su:session): session closed for user rubyman
May  5 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336079.
May  5 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22773]: pam_unix(cron:session): session closed for user root
May  5 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user samftp
May  5 20:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 20:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: Failed password for root from 218.92.0.212 port 25712 ssh2
May  5 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26011]: Failed password for root from 218.92.0.212 port 25712 ssh2
May  5 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24749]: pam_unix(cron:session): session closed for user root
May  5 20:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26114]: pam_unix(cron:session): session closed for user p13x
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: Successful su for rubyman by root
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: + ??? root:rubyman
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336081 of user rubyman.
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26175]: pam_unix(su:session): session closed for user rubyman
May  5 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336081.
May  5 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23267]: pam_unix(cron:session): session closed for user root
May  5 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26115]: pam_unix(cron:session): session closed for user samftp
May  5 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25162]: pam_unix(cron:session): session closed for user root
May  5 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26587]: pam_unix(cron:session): session closed for user p13x
May  5 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26646]: Successful su for rubyman by root
May  5 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26646]: + ??? root:rubyman
May  5 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336086 of user rubyman.
May  5 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26646]: pam_unix(su:session): session closed for user rubyman
May  5 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336086.
May  5 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23852]: pam_unix(cron:session): session closed for user root
May  5 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26588]: pam_unix(cron:session): session closed for user samftp
May  5 20:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Invalid user wuyuefan from 213.176.73.105
May  5 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: input_userauth_request: invalid user wuyuefan [preauth]
May  5 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Failed password for invalid user wuyuefan from 213.176.73.105 port 39286 ssh2
May  5 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Received disconnect from 213.176.73.105 port 39286:11: Bye Bye [preauth]
May  5 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26867]: Disconnected from 213.176.73.105 port 39286 [preauth]
May  5 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
May  5 20:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
May  5 20:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Failed password for root from 103.26.136.173 port 57038 ssh2
May  5 20:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Received disconnect from 103.26.136.173 port 57038:11: Bye Bye [preauth]
May  5 20:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Disconnected from 103.26.136.173 port 57038 [preauth]
May  5 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session closed for user p13x
May  5 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27120]: Successful su for rubyman by root
May  5 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27120]: + ??? root:rubyman
May  5 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336089 of user rubyman.
May  5 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27120]: pam_unix(su:session): session closed for user rubyman
May  5 20:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336089.
May  5 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24316]: pam_unix(cron:session): session closed for user root
May  5 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27045]: pam_unix(cron:session): session closed for user samftp
May  5 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26117]: pam_unix(cron:session): session closed for user root
May  5 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  5 20:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27415]: Failed password for root from 218.92.0.212 port 1652 ssh2
May  5 20:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Invalid user bigdata from 103.133.36.6
May  5 20:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: input_userauth_request: invalid user bigdata [preauth]
May  5 20:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 20:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for invalid user bigdata from 103.133.36.6 port 34212 ssh2
May  5 20:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Received disconnect from 103.133.36.6 port 34212:11: Bye Bye [preauth]
May  5 20:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Disconnected from 103.133.36.6 port 34212 [preauth]
May  5 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session closed for user root
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27537]: pam_unix(cron:session): session closed for user p13x
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: Successful su for rubyman by root
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: + ??? root:rubyman
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336093 of user rubyman.
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: pam_unix(su:session): session closed for user rubyman
May  5 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336093.
May  5 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24748]: pam_unix(cron:session): session closed for user root
May  5 20:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session closed for user root
May  5 20:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27538]: pam_unix(cron:session): session closed for user samftp
May  5 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26591]: pam_unix(cron:session): session closed for user root
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27979]: pam_unix(cron:session): session closed for user p13x
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28050]: Successful su for rubyman by root
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28050]: + ??? root:rubyman
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336100 of user rubyman.
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28050]: pam_unix(su:session): session closed for user rubyman
May  5 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336100.
May  5 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25161]: pam_unix(cron:session): session closed for user root
May  5 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27981]: pam_unix(cron:session): session closed for user samftp
May  5 20:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Failed password for root from 218.92.0.179 port 18835 ssh2
May  5 20:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18835 ssh2]
May  5 20:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Received disconnect from 218.92.0.179 port 18835:11:  [preauth]
May  5 20:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Disconnected from 218.92.0.179 port 18835 [preauth]
May  5 20:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27047]: pam_unix(cron:session): session closed for user root
May  5 20:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Invalid user real from 190.103.202.7
May  5 20:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: input_userauth_request: invalid user real [preauth]
May  5 20:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 20:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Invalid user ethereum from 92.118.39.65
May  5 20:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: input_userauth_request: invalid user ethereum [preauth]
May  5 20:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Failed password for invalid user real from 190.103.202.7 port 36822 ssh2
May  5 20:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28333]: Connection closed by 190.103.202.7 port 36822 [preauth]
May  5 20:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Failed password for invalid user ethereum from 92.118.39.65 port 41594 ssh2
May  5 20:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Connection closed by 92.118.39.65 port 41594 [preauth]
May  5 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session closed for user p13x
May  5 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28455]: Successful su for rubyman by root
May  5 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28455]: + ??? root:rubyman
May  5 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336105 of user rubyman.
May  5 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28455]: pam_unix(su:session): session closed for user rubyman
May  5 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336105.
May  5 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
May  5 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28395]: pam_unix(cron:session): session closed for user samftp
May  5 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session closed for user root
May  5 20:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6  user=root
May  5 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: Failed password for root from 103.133.36.6 port 50516 ssh2
May  5 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: Received disconnect from 103.133.36.6 port 50516:11: Bye Bye [preauth]
May  5 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28740]: Disconnected from 103.133.36.6 port 50516 [preauth]
May  5 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Invalid user cmaq from 213.176.73.105
May  5 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: input_userauth_request: invalid user cmaq [preauth]
May  5 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Failed password for invalid user cmaq from 213.176.73.105 port 58748 ssh2
May  5 20:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Received disconnect from 213.176.73.105 port 58748:11: Bye Bye [preauth]
May  5 20:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28742]: Disconnected from 213.176.73.105 port 58748 [preauth]
May  5 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28793]: pam_unix(cron:session): session closed for user p13x
May  5 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28855]: Successful su for rubyman by root
May  5 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28855]: + ??? root:rubyman
May  5 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336108 of user rubyman.
May  5 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28855]: pam_unix(su:session): session closed for user rubyman
May  5 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336108.
May  5 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26116]: pam_unix(cron:session): session closed for user root
May  5 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28794]: pam_unix(cron:session): session closed for user samftp
May  5 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27983]: pam_unix(cron:session): session closed for user root
May  5 20:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29299]: pam_unix(cron:session): session closed for user p13x
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29372]: Successful su for rubyman by root
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29372]: + ??? root:rubyman
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336111 of user rubyman.
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29372]: pam_unix(su:session): session closed for user rubyman
May  5 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336111.
May  5 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26590]: pam_unix(cron:session): session closed for user root
May  5 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29300]: pam_unix(cron:session): session closed for user samftp
May  5 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: Invalid user e from 195.178.110.50
May  5 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: input_userauth_request: invalid user e [preauth]
May  5 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: Failed password for invalid user e from 195.178.110.50 port 21988 ssh2
May  5 20:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: Connection closed by 195.178.110.50 port 21988 [preauth]
May  5 20:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Invalid user kettle from 103.26.136.173
May  5 20:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: input_userauth_request: invalid user kettle [preauth]
May  5 20:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173
May  5 20:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Failed password for invalid user kettle from 103.26.136.173 port 35858 ssh2
May  5 20:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Received disconnect from 103.26.136.173 port 35858:11: Bye Bye [preauth]
May  5 20:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29618]: Disconnected from 103.26.136.173 port 35858 [preauth]
May  5 20:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28397]: pam_unix(cron:session): session closed for user root
May  5 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Invalid user F from 195.178.110.50
May  5 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: input_userauth_request: invalid user F [preauth]
May  5 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Failed password for invalid user F from 195.178.110.50 port 30914 ssh2
May  5 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Connection closed by 195.178.110.50 port 30914 [preauth]
May  5 20:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Invalid user ' from 195.178.110.50
May  5 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: input_userauth_request: invalid user ' [preauth]
May  5 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 20:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Failed password for invalid user ' from 195.178.110.50 port 10352 ssh2
May  5 20:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for root from 218.92.0.210 port 40426 ssh2
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29667]: Connection closed by 195.178.110.50 port 10352 [preauth]
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session closed for user root
May  5 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session closed for user p13x
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29793]: Successful su for rubyman by root
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29793]: + ??? root:rubyman
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336116 of user rubyman.
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29793]: pam_unix(su:session): session closed for user rubyman
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336116.
May  5 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for root from 218.92.0.210 port 40426 ssh2
May  5 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session closed for user root
May  5 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27046]: pam_unix(cron:session): session closed for user root
May  5 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for root from 218.92.0.210 port 40426 ssh2
May  5 20:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session closed for user samftp
May  5 20:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for root from 218.92.0.210 port 40426 ssh2
May  5 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for root from 218.92.0.210 port 40426 ssh2
May  5 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 40426 ssh2 [preauth]
May  5 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Disconnecting: Too many authentication failures [preauth]
May  5 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 20:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 20:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Invalid user f from 195.178.110.50
May  5 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: input_userauth_request: invalid user f [preauth]
May  5 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Failed password for invalid user f from 195.178.110.50 port 20324 ssh2
May  5 20:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29721]: Connection closed by 195.178.110.50 port 20324 [preauth]
May  5 20:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6  user=root
May  5 20:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Failed password for root from 103.133.36.6 port 55354 ssh2
May  5 20:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Received disconnect from 103.133.36.6 port 55354:11: Bye Bye [preauth]
May  5 20:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Disconnected from 103.133.36.6 port 55354 [preauth]
May  5 20:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28796]: pam_unix(cron:session): session closed for user root
May  5 20:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Connection closed by 103.29.69.96 port 34096 [preauth]
May  5 20:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Invalid user G from 195.178.110.50
May  5 20:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: input_userauth_request: invalid user G [preauth]
May  5 20:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 20:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Failed password for invalid user G from 195.178.110.50 port 48602 ssh2
May  5 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30049]: Connection closed by 195.178.110.50 port 48602 [preauth]
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session closed for user p13x
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: Successful su for rubyman by root
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: + ??? root:rubyman
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336122 of user rubyman.
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30233]: pam_unix(su:session): session closed for user rubyman
May  5 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336122.
May  5 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session closed for user root
May  5 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30168]: pam_unix(cron:session): session closed for user samftp
May  5 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29302]: pam_unix(cron:session): session closed for user root
May  5 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session closed for user p13x
May  5 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: Successful su for rubyman by root
May  5 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: + ??? root:rubyman
May  5 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336125 of user rubyman.
May  5 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: pam_unix(su:session): session closed for user rubyman
May  5 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336125.
May  5 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27982]: pam_unix(cron:session): session closed for user root
May  5 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: Invalid user wl from 213.176.73.105
May  5 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: input_userauth_request: invalid user wl [preauth]
May  5 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user samftp
May  5 20:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: Failed password for invalid user wl from 213.176.73.105 port 52294 ssh2
May  5 20:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: Received disconnect from 213.176.73.105 port 52294:11: Bye Bye [preauth]
May  5 20:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30792]: Disconnected from 213.176.73.105 port 52294 [preauth]
May  5 20:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session closed for user root
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31047]: pam_unix(cron:session): session closed for user p13x
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31126]: Successful su for rubyman by root
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31126]: + ??? root:rubyman
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336130 of user rubyman.
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31126]: pam_unix(su:session): session closed for user rubyman
May  5 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336130.
May  5 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session closed for user root
May  5 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user samftp
May  5 20:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: Invalid user zjy from 103.133.36.6
May  5 20:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: input_userauth_request: invalid user zjy [preauth]
May  5 20:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: Failed password for invalid user zjy from 103.133.36.6 port 43384 ssh2
May  5 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: Received disconnect from 103.133.36.6 port 43384:11: Bye Bye [preauth]
May  5 20:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31331]: Disconnected from 103.133.36.6 port 43384 [preauth]
May  5 20:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: Invalid user eth from 92.118.39.65
May  5 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: input_userauth_request: invalid user eth [preauth]
May  5 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: pam_unix(sshd:auth): check pass; user unknown
May  5 20:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: Failed password for invalid user eth from 92.118.39.65 port 54562 ssh2
May  5 20:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31361]: Connection closed by 92.118.39.65 port 54562 [preauth]
May  5 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session closed for user root
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session closed for user p13x
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31542]: Successful su for rubyman by root
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31542]: + ??? root:rubyman
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336134 of user rubyman.
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31542]: pam_unix(su:session): session closed for user rubyman
May  5 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336134.
May  5 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28795]: pam_unix(cron:session): session closed for user root
May  5 20:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31479]: pam_unix(cron:session): session closed for user samftp
May  5 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session closed for user root
May  5 20:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 20:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.136.173  user=root
May  5 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Failed password for root from 103.26.136.173 port 42920 ssh2
May  5 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Received disconnect from 103.26.136.173 port 42920:11: Bye Bye [preauth]
May  5 20:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31918]: Disconnected from 103.26.136.173 port 42920 [preauth]
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session closed for user root
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31943]: pam_unix(cron:session): session closed for user root
May  5 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31940]: pam_unix(cron:session): session closed for user p13x
May  5 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: Successful su for rubyman by root
May  5 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: + ??? root:rubyman
May  5 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336142 of user rubyman.
May  5 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32252]: pam_unix(su:session): session closed for user rubyman
May  5 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336142.
May  5 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29301]: pam_unix(cron:session): session closed for user root
May  5 21:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31945]: pam_unix(cron:session): session closed for user root
May  5 21:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31942]: pam_unix(cron:session): session closed for user samftp
May  5 21:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 21:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Failed password for root from 164.68.105.9 port 57872 ssh2
May  5 21:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Connection closed by 164.68.105.9 port 57872 [preauth]
May  5 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session closed for user root
May  5 21:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Invalid user user from 103.133.36.6
May  5 21:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: input_userauth_request: invalid user user [preauth]
May  5 21:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for invalid user user from 103.133.36.6 port 54960 ssh2
May  5 21:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Received disconnect from 103.133.36.6 port 54960:11: Bye Bye [preauth]
May  5 21:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Disconnected from 103.133.36.6 port 54960 [preauth]
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[398]: pam_unix(cron:session): session closed for user p13x
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: Successful su for rubyman by root
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: + ??? root:rubyman
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336145 of user rubyman.
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: pam_unix(su:session): session closed for user rubyman
May  5 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336145.
May  5 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29726]: pam_unix(cron:session): session closed for user root
May  5 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[399]: pam_unix(cron:session): session closed for user samftp
May  5 21:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Invalid user info from 213.176.73.105
May  5 21:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: input_userauth_request: invalid user info [preauth]
May  5 21:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Failed password for invalid user info from 213.176.73.105 port 35502 ssh2
May  5 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Received disconnect from 213.176.73.105 port 35502:11: Bye Bye [preauth]
May  5 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[786]: Disconnected from 213.176.73.105 port 35502 [preauth]
May  5 21:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31481]: pam_unix(cron:session): session closed for user root
May  5 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session closed for user p13x
May  5 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: Successful su for rubyman by root
May  5 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: + ??? root:rubyman
May  5 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336148 of user rubyman.
May  5 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[977]: pam_unix(su:session): session closed for user rubyman
May  5 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336148.
May  5 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session closed for user root
May  5 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session closed for user samftp
May  5 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31947]: pam_unix(cron:session): session closed for user root
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user p13x
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1460]: Successful su for rubyman by root
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1460]: + ??? root:rubyman
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336153 of user rubyman.
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1460]: pam_unix(su:session): session closed for user rubyman
May  5 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336153.
May  5 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session closed for user root
May  5 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user samftp
May  5 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[404]: pam_unix(cron:session): session closed for user root
May  5 21:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6  user=root
May  5 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1808]: Failed password for root from 103.133.36.6 port 58122 ssh2
May  5 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1808]: Received disconnect from 103.133.36.6 port 58122:11: Bye Bye [preauth]
May  5 21:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1808]: Disconnected from 103.133.36.6 port 58122 [preauth]
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1875]: pam_unix(cron:session): session closed for user p13x
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: Successful su for rubyman by root
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: + ??? root:rubyman
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336156 of user rubyman.
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2021]: pam_unix(su:session): session closed for user rubyman
May  5 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336156.
May  5 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session closed for user root
May  5 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1877]: pam_unix(cron:session): session closed for user samftp
May  5 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user root
May  5 21:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Invalid user trx from 92.118.39.65
May  5 21:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: input_userauth_request: invalid user trx [preauth]
May  5 21:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 21:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user trx from 92.118.39.65 port 39302 ssh2
May  5 21:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Connection closed by 92.118.39.65 port 39302 [preauth]
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2376]: pam_unix(cron:session): session closed for user root
May  5 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2370]: pam_unix(cron:session): session closed for user p13x
May  5 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2454]: Successful su for rubyman by root
May  5 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2454]: + ??? root:rubyman
May  5 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336160 of user rubyman.
May  5 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2454]: pam_unix(su:session): session closed for user rubyman
May  5 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336160.
May  5 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31480]: pam_unix(cron:session): session closed for user root
May  5 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2373]: pam_unix(cron:session): session closed for user root
May  5 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2372]: pam_unix(cron:session): session closed for user samftp
May  5 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session closed for user root
May  5 21:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Invalid user weiwei from 213.176.73.105
May  5 21:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: input_userauth_request: invalid user weiwei [preauth]
May  5 21:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 21:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Failed password for invalid user weiwei from 213.176.73.105 port 47224 ssh2
May  5 21:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Received disconnect from 213.176.73.105 port 47224:11: Bye Bye [preauth]
May  5 21:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2836]: Disconnected from 213.176.73.105 port 47224 [preauth]
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session closed for user p13x
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2968]: Successful su for rubyman by root
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2968]: + ??? root:rubyman
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336167 of user rubyman.
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2968]: pam_unix(su:session): session closed for user rubyman
May  5 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336167.
May  5 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session closed for user samftp
May  5 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31946]: pam_unix(cron:session): session closed for user root
May  5 21:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6  user=root
May  5 21:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Failed password for root from 103.133.36.6 port 48264 ssh2
May  5 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Received disconnect from 103.133.36.6 port 48264:11: Bye Bye [preauth]
May  5 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3190]: Disconnected from 103.133.36.6 port 48264 [preauth]
May  5 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session closed for user root
May  5 21:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: Failed password for root from 218.92.0.179 port 61531 ssh2
May  5 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61531 ssh2]
May  5 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: Received disconnect from 218.92.0.179 port 61531:11:  [preauth]
May  5 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: Disconnected from 218.92.0.179 port 61531 [preauth]
May  5 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3255]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session closed for user p13x
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: Successful su for rubyman by root
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: + ??? root:rubyman
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336170 of user rubyman.
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3365]: pam_unix(su:session): session closed for user rubyman
May  5 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336170.
May  5 21:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[400]: pam_unix(cron:session): session closed for user root
May  5 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session closed for user samftp
May  5 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2375]: pam_unix(cron:session): session closed for user root
May  5 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3752]: pam_unix(cron:session): session closed for user p13x
May  5 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3815]: Successful su for rubyman by root
May  5 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3815]: + ??? root:rubyman
May  5 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336175 of user rubyman.
May  5 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3815]: pam_unix(su:session): session closed for user rubyman
May  5 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336175.
May  5 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session closed for user root
May  5 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session closed for user samftp
May  5 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session closed for user root
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session closed for user p13x
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4464]: Successful su for rubyman by root
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4464]: + ??? root:rubyman
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336178 of user rubyman.
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4464]: pam_unix(su:session): session closed for user rubyman
May  5 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336178.
May  5 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user root
May  5 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session closed for user root
May  5 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4190]: pam_unix(cron:session): session closed for user samftp
May  5 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Invalid user Apps from 103.133.36.6
May  5 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: input_userauth_request: invalid user Apps [preauth]
May  5 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Failed password for invalid user Apps from 103.133.36.6 port 37604 ssh2
May  5 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Received disconnect from 103.133.36.6 port 37604:11: Bye Bye [preauth]
May  5 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Disconnected from 103.133.36.6 port 37604 [preauth]
May  5 21:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3305]: pam_unix(cron:session): session closed for user root
May  5 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4872]: pam_unix(cron:session): session closed for user root
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4867]: pam_unix(cron:session): session closed for user p13x
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: Successful su for rubyman by root
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: + ??? root:rubyman
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336183 of user rubyman.
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4945]: pam_unix(su:session): session closed for user rubyman
May  5 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336183.
May  5 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session closed for user root
May  5 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session closed for user root
May  5 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4868]: pam_unix(cron:session): session closed for user samftp
May  5 21:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Invalid user admin from 213.176.73.105
May  5 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: input_userauth_request: invalid user admin [preauth]
May  5 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 21:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Failed password for invalid user admin from 213.176.73.105 port 37702 ssh2
May  5 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Received disconnect from 213.176.73.105 port 37702:11: Bye Bye [preauth]
May  5 21:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5349]: Disconnected from 213.176.73.105 port 37702 [preauth]
May  5 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session closed for user root
May  5 21:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Invalid user admin from 80.94.95.112
May  5 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: input_userauth_request: invalid user admin [preauth]
May  5 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 21:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for root from 218.92.0.179 port 50603 ssh2
May  5 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user admin from 80.94.95.112 port 26899 ssh2
May  5 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for root from 218.92.0.179 port 50603 ssh2
May  5 21:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user admin from 80.94.95.112 port 26899 ssh2
May  5 21:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Failed password for root from 218.92.0.179 port 50603 ssh2
May  5 21:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Received disconnect from 218.92.0.179 port 50603:11:  [preauth]
May  5 21:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: Disconnected from 218.92.0.179 port 50603 [preauth]
May  5 21:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5493]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5520]: pam_unix(cron:session): session closed for user p13x
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: Successful su for rubyman by root
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: + ??? root:rubyman
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336189 of user rubyman.
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: pam_unix(su:session): session closed for user rubyman
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336189.
May  5 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user admin from 80.94.95.112 port 26899 ssh2
May  5 21:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user admin from 80.94.95.112 port 26899 ssh2
May  5 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2374]: pam_unix(cron:session): session closed for user root
May  5 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5521]: pam_unix(cron:session): session closed for user samftp
May  5 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for invalid user admin from 80.94.95.112 port 26899 ssh2
May  5 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Received disconnect from 80.94.95.112 port 26899:11: Bye [preauth]
May  5 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Disconnected from 80.94.95.112 port 26899 [preauth]
May  5 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: Invalid user ton from 92.118.39.65
May  5 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: input_userauth_request: invalid user ton [preauth]
May  5 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  5 21:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: Failed password for invalid user ton from 92.118.39.65 port 52286 ssh2
May  5 21:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5948]: Connection closed by 92.118.39.65 port 52286 [preauth]
May  5 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4192]: pam_unix(cron:session): session closed for user root
May  5 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6071]: pam_unix(cron:session): session closed for user p13x
May  5 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: Successful su for rubyman by root
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: + ??? root:rubyman
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336194 of user rubyman.
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: pam_unix(su:session): session closed for user rubyman
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336194.
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Invalid user cut from 103.133.36.6
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: input_userauth_request: invalid user cut [preauth]
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2896]: pam_unix(cron:session): session closed for user root
May  5 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Failed password for invalid user cut from 103.133.36.6 port 60204 ssh2
May  5 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Received disconnect from 103.133.36.6 port 60204:11: Bye Bye [preauth]
May  5 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6112]: Disconnected from 103.133.36.6 port 60204 [preauth]
May  5 21:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session closed for user samftp
May  5 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user root
May  5 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user p13x
May  5 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6548]: Successful su for rubyman by root
May  5 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6548]: + ??? root:rubyman
May  5 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6548]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336199 of user rubyman.
May  5 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6548]: pam_unix(su:session): session closed for user rubyman
May  5 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336199.
May  5 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session closed for user root
May  5 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user samftp
May  5 21:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5523]: pam_unix(cron:session): session closed for user root
May  5 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6894]: pam_unix(cron:session): session closed for user p13x
May  5 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7049]: Successful su for rubyman by root
May  5 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7049]: + ??? root:rubyman
May  5 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336201 of user rubyman.
May  5 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7049]: pam_unix(su:session): session closed for user rubyman
May  5 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336201.
May  5 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session closed for user root
May  5 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session closed for user samftp
May  5 21:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.207.223.117  user=root
May  5 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Failed password for root from 45.207.223.117 port 55562 ssh2
May  5 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Connection closed by 45.207.223.117 port 55562 [preauth]
May  5 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session closed for user root
May  5 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: Invalid user es from 213.176.73.105
May  5 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: input_userauth_request: invalid user es [preauth]
May  5 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.176.73.105
May  5 21:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: Failed password for invalid user es from 213.176.73.105 port 53134 ssh2
May  5 21:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: Received disconnect from 213.176.73.105 port 53134:11: Bye Bye [preauth]
May  5 21:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7373]: Disconnected from 213.176.73.105 port 53134 [preauth]
May  5 21:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Invalid user kipt from 103.133.36.6
May  5 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: input_userauth_request: invalid user kipt [preauth]
May  5 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Failed password for invalid user kipt from 103.133.36.6 port 50390 ssh2
May  5 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Received disconnect from 103.133.36.6 port 50390:11: Bye Bye [preauth]
May  5 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7422]: Disconnected from 103.133.36.6 port 50390 [preauth]
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session closed for user root
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session closed for user p13x
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: Successful su for rubyman by root
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: + ??? root:rubyman
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336205 of user rubyman.
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7613]: pam_unix(su:session): session closed for user rubyman
May  5 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336205.
May  5 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session closed for user root
May  5 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4191]: pam_unix(cron:session): session closed for user root
May  5 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session closed for user samftp
May  5 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user root
May  5 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session closed for user p13x
May  5 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8073]: Successful su for rubyman by root
May  5 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8073]: + ??? root:rubyman
May  5 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336213 of user rubyman.
May  5 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8073]: pam_unix(su:session): session closed for user rubyman
May  5 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336213.
May  5 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session closed for user root
May  5 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user samftp
May  5 21:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: Failed password for root from 80.94.95.29 port 54511 ssh2
May  5 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session closed for user root
May  5 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: Failed password for root from 80.94.95.29 port 54511 ssh2
May  5 21:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 54511 ssh2]
May  5 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: Received disconnect from 80.94.95.29 port 54511:11: Bye [preauth]
May  5 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: Disconnected from 80.94.95.29 port 54511 [preauth]
May  5 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8340]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session closed for user root
May  5 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8442]: pam_unix(cron:session): session closed for user p13x
May  5 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8512]: Successful su for rubyman by root
May  5 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8512]: + ??? root:rubyman
May  5 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336215 of user rubyman.
May  5 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8512]: pam_unix(su:session): session closed for user rubyman
May  5 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336215.
May  5 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5522]: pam_unix(cron:session): session closed for user root
May  5 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session closed for user samftp
May  5 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Invalid user ubnt from 80.94.95.241
May  5 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: input_userauth_request: invalid user ubnt [preauth]
May  5 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for invalid user ubnt from 80.94.95.241 port 59879 ssh2
May  5 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for invalid user ubnt from 80.94.95.241 port 59879 ssh2
May  5 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for invalid user ubnt from 80.94.95.241 port 59879 ssh2
May  5 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for invalid user ubnt from 80.94.95.241 port 59879 ssh2
May  5 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Failed password for invalid user ubnt from 80.94.95.241 port 59879 ssh2
May  5 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Received disconnect from 80.94.95.241 port 59879:11: Bye [preauth]
May  5 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: Disconnected from 80.94.95.241 port 59879 [preauth]
May  5 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8719]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Invalid user tempuser from 103.133.36.6
May  5 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: input_userauth_request: invalid user tempuser [preauth]
May  5 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Failed password for invalid user tempuser from 103.133.36.6 port 46522 ssh2
May  5 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Received disconnect from 103.133.36.6 port 46522:11: Bye Bye [preauth]
May  5 21:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8773]: Disconnected from 103.133.36.6 port 46522 [preauth]
May  5 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session closed for user root
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8905]: pam_unix(cron:session): session closed for user p13x
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: Successful su for rubyman by root
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: + ??? root:rubyman
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336220 of user rubyman.
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8972]: pam_unix(su:session): session closed for user rubyman
May  5 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336220.
May  5 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session closed for user root
May  5 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8906]: pam_unix(cron:session): session closed for user samftp
May  5 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user root
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9429]: pam_unix(cron:session): session closed for user p13x
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9491]: Successful su for rubyman by root
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9491]: + ??? root:rubyman
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336224 of user rubyman.
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9491]: pam_unix(su:session): session closed for user rubyman
May  5 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336224.
May  5 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user root
May  5 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session closed for user samftp
May  5 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session closed for user root
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user root
May  5 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9834]: pam_unix(cron:session): session closed for user p13x
May  5 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9903]: Successful su for rubyman by root
May  5 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9903]: + ??? root:rubyman
May  5 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336229 of user rubyman.
May  5 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9903]: pam_unix(su:session): session closed for user rubyman
May  5 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336229.
May  5 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session closed for user root
May  5 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session closed for user root
May  5 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session closed for user samftp
May  5 21:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: Invalid user ubuntu from 103.133.36.6
May  5 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: input_userauth_request: invalid user ubuntu [preauth]
May  5 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: Failed password for invalid user ubuntu from 103.133.36.6 port 45132 ssh2
May  5 21:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: Received disconnect from 103.133.36.6 port 45132:11: Bye Bye [preauth]
May  5 21:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10124]: Disconnected from 103.133.36.6 port 45132 [preauth]
May  5 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session closed for user root
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10348]: pam_unix(cron:session): session closed for user p13x
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: Successful su for rubyman by root
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: + ??? root:rubyman
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336235 of user rubyman.
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session closed for user rubyman
May  5 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336235.
May  5 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session closed for user root
May  5 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10349]: pam_unix(cron:session): session closed for user samftp
May  5 21:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session closed for user root
May  5 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Failed password for root from 218.92.0.179 port 16954 ssh2
May  5 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 16954 ssh2]
May  5 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Received disconnect from 218.92.0.179 port 16954:11:  [preauth]
May  5 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: Disconnected from 218.92.0.179 port 16954 [preauth]
May  5 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10821]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10832]: pam_unix(cron:session): session closed for user p13x
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: Successful su for rubyman by root
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: + ??? root:rubyman
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336239 of user rubyman.
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10892]: pam_unix(su:session): session closed for user rubyman
May  5 21:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336239.
May  5 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session closed for user root
May  5 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10833]: pam_unix(cron:session): session closed for user samftp
May  5 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session closed for user root
May  5 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Invalid user ubuntu from 103.133.36.6
May  5 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: input_userauth_request: invalid user ubuntu [preauth]
May  5 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Failed password for invalid user ubuntu from 103.133.36.6 port 49334 ssh2
May  5 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Received disconnect from 103.133.36.6 port 49334:11: Bye Bye [preauth]
May  5 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Disconnected from 103.133.36.6 port 49334 [preauth]
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11223]: pam_unix(cron:session): session closed for user p13x
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: Successful su for rubyman by root
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: + ??? root:rubyman
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336243 of user rubyman.
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session closed for user rubyman
May  5 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336243.
May  5 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session closed for user root
May  5 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session closed for user samftp
May  5 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session closed for user root
May  5 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11626]: pam_unix(cron:session): session closed for user p13x
May  5 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11684]: Successful su for rubyman by root
May  5 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11684]: + ??? root:rubyman
May  5 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336248 of user rubyman.
May  5 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11684]: pam_unix(su:session): session closed for user rubyman
May  5 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336248.
May  5 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session closed for user root
May  5 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session closed for user samftp
May  5 21:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10837]: pam_unix(cron:session): session closed for user root
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12014]: pam_unix(cron:session): session closed for user root
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session closed for user p13x
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12074]: Successful su for rubyman by root
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12074]: + ??? root:rubyman
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336253 of user rubyman.
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12074]: pam_unix(su:session): session closed for user rubyman
May  5 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336253.
May  5 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session closed for user root
May  5 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session closed for user root
May  5 21:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session closed for user samftp
May  5 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session closed for user root
May  5 21:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Invalid user test1 from 103.133.36.6
May  5 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: input_userauth_request: invalid user test1 [preauth]
May  5 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Failed password for invalid user test1 from 103.133.36.6 port 39642 ssh2
May  5 21:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Received disconnect from 103.133.36.6 port 39642:11: Bye Bye [preauth]
May  5 21:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Disconnected from 103.133.36.6 port 39642 [preauth]
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session closed for user p13x
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12507]: Successful su for rubyman by root
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12507]: + ??? root:rubyman
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336257 of user rubyman.
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12507]: pam_unix(su:session): session closed for user rubyman
May  5 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336257.
May  5 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session closed for user root
May  5 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12443]: pam_unix(cron:session): session closed for user samftp
May  5 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session closed for user root
May  5 21:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Invalid user user from 80.94.95.29
May  5 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: input_userauth_request: invalid user user [preauth]
May  5 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user user from 80.94.95.29 port 62660 ssh2
May  5 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user user from 80.94.95.29 port 62660 ssh2
May  5 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user user from 80.94.95.29 port 62660 ssh2
May  5 21:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user user from 80.94.95.29 port 62660 ssh2
May  5 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Failed password for invalid user user from 80.94.95.29 port 62660 ssh2
May  5 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Received disconnect from 80.94.95.29 port 62660:11: Bye [preauth]
May  5 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: Disconnected from 80.94.95.29 port 62660 [preauth]
May  5 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12779]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12841]: pam_unix(cron:session): session closed for user p13x
May  5 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: Successful su for rubyman by root
May  5 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: + ??? root:rubyman
May  5 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336261 of user rubyman.
May  5 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12901]: pam_unix(su:session): session closed for user rubyman
May  5 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336261.
May  5 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10350]: pam_unix(cron:session): session closed for user root
May  5 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12842]: pam_unix(cron:session): session closed for user samftp
May  5 21:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session closed for user root
May  5 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13232]: pam_unix(cron:session): session closed for user p13x
May  5 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: Successful su for rubyman by root
May  5 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: + ??? root:rubyman
May  5 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336266 of user rubyman.
May  5 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13299]: pam_unix(su:session): session closed for user rubyman
May  5 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336266.
May  5 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10834]: pam_unix(cron:session): session closed for user root
May  5 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13233]: pam_unix(cron:session): session closed for user samftp
May  5 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session closed for user root
May  5 21:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6  user=root
May  5 21:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Failed password for root from 103.133.36.6 port 54762 ssh2
May  5 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Received disconnect from 103.133.36.6 port 54762:11: Bye Bye [preauth]
May  5 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13676]: Disconnected from 103.133.36.6 port 54762 [preauth]
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13742]: pam_unix(cron:session): session closed for user p13x
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13810]: Successful su for rubyman by root
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13810]: + ??? root:rubyman
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336268 of user rubyman.
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13810]: pam_unix(su:session): session closed for user rubyman
May  5 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336268.
May  5 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session closed for user root
May  5 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13743]: pam_unix(cron:session): session closed for user samftp
May  5 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12844]: pam_unix(cron:session): session closed for user root
May  5 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Invalid user jaqueline from 190.103.202.7
May  5 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: input_userauth_request: invalid user jaqueline [preauth]
May  5 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Failed password for invalid user jaqueline from 190.103.202.7 port 43168 ssh2
May  5 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Connection closed by 190.103.202.7 port 43168 [preauth]
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14160]: pam_unix(cron:session): session closed for user root
May  5 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session closed for user p13x
May  5 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: Successful su for rubyman by root
May  5 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: + ??? root:rubyman
May  5 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336277 of user rubyman.
May  5 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: pam_unix(su:session): session closed for user rubyman
May  5 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336277.
May  5 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session closed for user root
May  5 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session closed for user root
May  5 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user samftp
May  5 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13235]: pam_unix(cron:session): session closed for user root
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session closed for user p13x
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: Successful su for rubyman by root
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: + ??? root:rubyman
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336278 of user rubyman.
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: pam_unix(su:session): session closed for user rubyman
May  5 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336278.
May  5 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session closed for user root
May  5 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session closed for user samftp
May  5 21:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Invalid user ghost from 103.133.36.6
May  5 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: input_userauth_request: invalid user ghost [preauth]
May  5 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Failed password for invalid user ghost from 103.133.36.6 port 42784 ssh2
May  5 21:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Received disconnect from 103.133.36.6 port 42784:11: Bye Bye [preauth]
May  5 21:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14888]: Disconnected from 103.133.36.6 port 42784 [preauth]
May  5 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session closed for user root
May  5 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Invalid user xue from 36.41.173.185
May  5 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: input_userauth_request: invalid user xue [preauth]
May  5 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.41.173.185
May  5 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Failed password for invalid user xue from 36.41.173.185 port 41716 ssh2
May  5 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Received disconnect from 36.41.173.185 port 41716:11: Bye Bye [preauth]
May  5 21:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Disconnected from 36.41.173.185 port 41716 [preauth]
May  5 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: Invalid user user from 50.235.31.47
May  5 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: input_userauth_request: invalid user user [preauth]
May  5 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 21:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: Failed password for invalid user user from 50.235.31.47 port 37298 ssh2
May  5 21:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15001]: Connection closed by 50.235.31.47 port 37298 [preauth]
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15021]: pam_unix(cron:session): session closed for user p13x
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15079]: Successful su for rubyman by root
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15079]: + ??? root:rubyman
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336282 of user rubyman.
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15079]: pam_unix(su:session): session closed for user rubyman
May  5 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336282.
May  5 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12444]: pam_unix(cron:session): session closed for user root
May  5 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15022]: pam_unix(cron:session): session closed for user samftp
May  5 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14158]: pam_unix(cron:session): session closed for user root
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15405]: pam_unix(cron:session): session closed for user p13x
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15465]: Successful su for rubyman by root
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15465]: + ??? root:rubyman
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336287 of user rubyman.
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15465]: pam_unix(su:session): session closed for user rubyman
May  5 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336287.
May  5 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12843]: pam_unix(cron:session): session closed for user root
May  5 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session closed for user samftp
May  5 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14604]: pam_unix(cron:session): session closed for user root
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session closed for user p13x
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: Successful su for rubyman by root
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: + ??? root:rubyman
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336292 of user rubyman.
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session closed for user rubyman
May  5 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336292.
May  5 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13234]: pam_unix(cron:session): session closed for user root
May  5 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session closed for user samftp
May  5 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Invalid user tong from 103.133.36.6
May  5 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: input_userauth_request: invalid user tong [preauth]
May  5 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for invalid user tong from 103.133.36.6 port 59670 ssh2
May  5 21:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Received disconnect from 103.133.36.6 port 59670:11: Bye Bye [preauth]
May  5 21:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Disconnected from 103.133.36.6 port 59670 [preauth]
May  5 21:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Failed password for root from 218.92.0.179 port 11687 ssh2
May  5 21:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11687 ssh2]
May  5 21:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Received disconnect from 218.92.0.179 port 11687:11:  [preauth]
May  5 21:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Disconnected from 218.92.0.179 port 11687 [preauth]
May  5 21:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session closed for user root
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session closed for user root
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16192]: pam_unix(cron:session): session closed for user p13x
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: Successful su for rubyman by root
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: + ??? root:rubyman
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336295 of user rubyman.
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16260]: pam_unix(su:session): session closed for user rubyman
May  5 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336295.
May  5 21:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session closed for user root
May  5 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user root
May  5 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session closed for user samftp
May  5 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Invalid user admin from 139.19.117.131
May  5 21:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: input_userauth_request: invalid user admin [preauth]
May  5 21:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Connection closed by 139.19.117.131 port 55526 [preauth]
May  5 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session closed for user root
May  5 21:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Failed password for root from 218.92.0.179 port 31472 ssh2
May  5 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31472 ssh2]
May  5 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Received disconnect from 218.92.0.179 port 31472:11:  [preauth]
May  5 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: Disconnected from 218.92.0.179 port 31472 [preauth]
May  5 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16614]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16677]: pam_unix(cron:session): session closed for user p13x
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16748]: Successful su for rubyman by root
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16748]: + ??? root:rubyman
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336301 of user rubyman.
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16748]: pam_unix(su:session): session closed for user rubyman
May  5 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336301.
May  5 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14157]: pam_unix(cron:session): session closed for user root
May  5 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user samftp
May  5 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session closed for user root
May  5 21:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Invalid user ubuntu from 103.133.36.6
May  5 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: input_userauth_request: invalid user ubuntu [preauth]
May  5 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Failed password for invalid user ubuntu from 103.133.36.6 port 36764 ssh2
May  5 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Received disconnect from 103.133.36.6 port 36764:11: Bye Bye [preauth]
May  5 21:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17089]: Disconnected from 103.133.36.6 port 36764 [preauth]
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session closed for user p13x
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17172]: Successful su for rubyman by root
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17172]: + ??? root:rubyman
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336306 of user rubyman.
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17172]: pam_unix(su:session): session closed for user rubyman
May  5 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336306.
May  5 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user root
May  5 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session closed for user samftp
May  5 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16196]: pam_unix(cron:session): session closed for user root
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17528]: pam_unix(cron:session): session closed for user p13x
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17589]: Successful su for rubyman by root
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17589]: + ??? root:rubyman
May  5 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336308 of user rubyman.
May  5 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17589]: pam_unix(su:session): session closed for user rubyman
May  5 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336308.
May  5 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session closed for user root
May  5 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17529]: pam_unix(cron:session): session closed for user samftp
May  5 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user root
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18044]: pam_unix(cron:session): session closed for user p13x
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18174]: Successful su for rubyman by root
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18174]: + ??? root:rubyman
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336312 of user rubyman.
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18174]: pam_unix(su:session): session closed for user rubyman
May  5 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336312.
May  5 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18042]: pam_unix(cron:session): session closed for user root
May  5 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session closed for user root
May  5 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session closed for user samftp
May  5 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session closed for user root
May  5 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Invalid user rootroot from 103.133.36.6
May  5 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: input_userauth_request: invalid user rootroot [preauth]
May  5 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.133.36.6
May  5 21:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Failed password for invalid user rootroot from 103.133.36.6 port 57200 ssh2
May  5 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Received disconnect from 103.133.36.6 port 57200:11: Bye Bye [preauth]
May  5 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Disconnected from 103.133.36.6 port 57200 [preauth]
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session closed for user root
May  5 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session closed for user p13x
May  5 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: Successful su for rubyman by root
May  5 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: + ??? root:rubyman
May  5 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336318 of user rubyman.
May  5 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: pam_unix(su:session): session closed for user rubyman
May  5 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336318.
May  5 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session closed for user root
May  5 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session closed for user root
May  5 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session closed for user samftp
May  5 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session closed for user root
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session closed for user p13x
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: Successful su for rubyman by root
May  5 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: + ??? root:rubyman
May  5 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336325 of user rubyman.
May  5 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19060]: pam_unix(su:session): session closed for user rubyman
May  5 21:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336325.
May  5 21:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session closed for user root
May  5 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session closed for user samftp
May  5 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19280]: Connection reset by 205.210.31.193 port 61538 [preauth]
May  5 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18048]: pam_unix(cron:session): session closed for user root
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session closed for user p13x
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: Successful su for rubyman by root
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: + ??? root:rubyman
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336327 of user rubyman.
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: pam_unix(su:session): session closed for user rubyman
May  5 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336327.
May  5 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user root
May  5 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session closed for user samftp
May  5 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18552]: pam_unix(cron:session): session closed for user root
May  5 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session closed for user p13x
May  5 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: Successful su for rubyman by root
May  5 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: + ??? root:rubyman
May  5 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336331 of user rubyman.
May  5 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: pam_unix(su:session): session closed for user rubyman
May  5 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336331.
May  5 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17114]: pam_unix(cron:session): session closed for user root
May  5 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session closed for user samftp
May  5 21:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 21:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: Failed password for root from 218.92.0.210 port 23046 ssh2
May  5 21:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: message repeated 3 times: [ Failed password for root from 218.92.0.210 port 23046 ssh2]
May  5 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user root
May  5 21:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: Failed password for root from 218.92.0.210 port 23046 ssh2
May  5 21:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 23046 ssh2 [preauth]
May  5 21:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: Disconnecting: Too many authentication failures [preauth]
May  5 21:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  5 21:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20109]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20226]: pam_unix(cron:session): session closed for user p13x
May  5 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: Successful su for rubyman by root
May  5 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: + ??? root:rubyman
May  5 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336337 of user rubyman.
May  5 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20287]: pam_unix(su:session): session closed for user rubyman
May  5 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336337.
May  5 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17530]: pam_unix(cron:session): session closed for user root
May  5 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session closed for user samftp
May  5 21:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session closed for user root
May  5 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session closed for user root
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20627]: pam_unix(cron:session): session closed for user p13x
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: Successful su for rubyman by root
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: + ??? root:rubyman
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336340 of user rubyman.
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: pam_unix(su:session): session closed for user rubyman
May  5 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336340.
May  5 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18046]: pam_unix(cron:session): session closed for user root
May  5 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session closed for user root
May  5 21:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session closed for user samftp
May  5 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session closed for user root
May  5 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21066]: pam_unix(cron:session): session closed for user p13x
May  5 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: Successful su for rubyman by root
May  5 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: + ??? root:rubyman
May  5 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336348 of user rubyman.
May  5 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21138]: pam_unix(su:session): session closed for user rubyman
May  5 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336348.
May  5 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18551]: pam_unix(cron:session): session closed for user root
May  5 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21067]: pam_unix(cron:session): session closed for user samftp
May  5 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20229]: pam_unix(cron:session): session closed for user root
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session closed for user p13x
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21578]: Successful su for rubyman by root
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21578]: + ??? root:rubyman
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336350 of user rubyman.
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21578]: pam_unix(su:session): session closed for user rubyman
May  5 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336350.
May  5 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user root
May  5 21:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session closed for user samftp
May  5 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20632]: pam_unix(cron:session): session closed for user root
May  5 21:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Invalid user admin from 80.94.95.112
May  5 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: input_userauth_request: invalid user admin [preauth]
May  5 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 21:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for invalid user admin from 80.94.95.112 port 5396 ssh2
May  5 21:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for invalid user admin from 80.94.95.112 port 5396 ssh2
May  5 21:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for invalid user admin from 80.94.95.112 port 5396 ssh2
May  5 21:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for invalid user admin from 80.94.95.112 port 5396 ssh2
May  5 21:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for invalid user admin from 80.94.95.112 port 5396 ssh2
May  5 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Received disconnect from 80.94.95.112 port 5396:11: Bye [preauth]
May  5 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Disconnected from 80.94.95.112 port 5396 [preauth]
May  5 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 21:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user p13x
May  5 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: Successful su for rubyman by root
May  5 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: + ??? root:rubyman
May  5 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336353 of user rubyman.
May  5 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: pam_unix(su:session): session closed for user rubyman
May  5 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336353.
May  5 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19409]: pam_unix(cron:session): session closed for user root
May  5 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user samftp
May  5 21:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21070]: pam_unix(cron:session): session closed for user root
May  5 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Invalid user ( from 195.178.110.50
May  5 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: input_userauth_request: invalid user ( [preauth]
May  5 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 21:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Failed password for invalid user ( from 195.178.110.50 port 62580 ssh2
May  5 21:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22617]: Connection closed by 195.178.110.50 port 62580 [preauth]
May  5 21:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session closed for user p13x
May  5 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: Successful su for rubyman by root
May  5 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: + ??? root:rubyman
May  5 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336358 of user rubyman.
May  5 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: pam_unix(su:session): session closed for user rubyman
May  5 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336358.
May  5 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19822]: pam_unix(cron:session): session closed for user root
May  5 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session closed for user samftp
May  5 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: Invalid user g from 195.178.110.50
May  5 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: input_userauth_request: invalid user g [preauth]
May  5 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 21:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: Failed password for invalid user g from 195.178.110.50 port 4910 ssh2
May  5 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22700]: Connection closed by 195.178.110.50 port 4910 [preauth]
May  5 21:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session closed for user root
May  5 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: Invalid user H from 195.178.110.50
May  5 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: input_userauth_request: invalid user H [preauth]
May  5 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 21:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: Failed password for invalid user H from 195.178.110.50 port 3174 ssh2
May  5 21:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23075]: Connection closed by 195.178.110.50 port 3174 [preauth]
May  5 21:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session closed for user root
May  5 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session closed for user p13x
May  5 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: Successful su for rubyman by root
May  5 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: + ??? root:rubyman
May  5 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336365 of user rubyman.
May  5 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23249]: pam_unix(su:session): session closed for user rubyman
May  5 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336365.
May  5 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23171]: pam_unix(cron:session): session closed for user root
May  5 21:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user root
May  5 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Invalid user ) from 195.178.110.50
May  5 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: input_userauth_request: invalid user ) [preauth]
May  5 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23170]: pam_unix(cron:session): session closed for user samftp
May  5 21:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Failed password for invalid user ) from 195.178.110.50 port 10342 ssh2
May  5 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23147]: Connection closed by 195.178.110.50 port 10342 [preauth]
May  5 21:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: Invalid user h from 195.178.110.50
May  5 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: input_userauth_request: invalid user h [preauth]
May  5 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  5 21:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: Failed password for invalid user h from 195.178.110.50 port 36154 ssh2
May  5 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
May  5 21:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23578]: Connection closed by 195.178.110.50 port 36154 [preauth]
May  5 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23704]: pam_unix(cron:session): session closed for user p13x
May  5 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: Successful su for rubyman by root
May  5 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: + ??? root:rubyman
May  5 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336367 of user rubyman.
May  5 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23862]: pam_unix(su:session): session closed for user rubyman
May  5 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336367.
May  5 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20631]: pam_unix(cron:session): session closed for user root
May  5 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23705]: pam_unix(cron:session): session closed for user samftp
May  5 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22715]: pam_unix(cron:session): session closed for user root
May  5 21:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Invalid user  from 170.64.215.35
May  5 21:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: input_userauth_request: invalid user  [preauth]
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24246]: pam_unix(cron:session): session closed for user p13x
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24318]: Successful su for rubyman by root
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24318]: + ??? root:rubyman
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336372 of user rubyman.
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24318]: pam_unix(su:session): session closed for user rubyman
May  5 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336372.
May  5 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Connection closed by 170.64.215.35 port 33974 [preauth]
May  5 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21069]: pam_unix(cron:session): session closed for user root
May  5 21:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24247]: pam_unix(cron:session): session closed for user samftp
May  5 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session closed for user root
May  5 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Invalid user ec2-user from 170.64.215.35
May  5 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: input_userauth_request: invalid user ec2-user [preauth]
May  5 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Failed password for invalid user ec2-user from 170.64.215.35 port 33042 ssh2
May  5 21:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24630]: Connection closed by 170.64.215.35 port 33042 [preauth]
May  5 21:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Failed password for root from 170.64.215.35 port 60232 ssh2
May  5 21:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24655]: Connection closed by 170.64.215.35 port 60232 [preauth]
May  5 21:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Failed password for root from 170.64.215.35 port 60244 ssh2
May  5 21:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Connection closed by 170.64.215.35 port 60244 [preauth]
May  5 21:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Invalid user gitlab from 170.64.215.35
May  5 21:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: input_userauth_request: invalid user gitlab [preauth]
May  5 21:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Failed password for invalid user gitlab from 170.64.215.35 port 58504 ssh2
May  5 21:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Connection closed by 170.64.215.35 port 58504 [preauth]
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24694]: pam_unix(cron:session): session closed for user p13x
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24755]: Successful su for rubyman by root
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24755]: + ??? root:rubyman
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336376 of user rubyman.
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24755]: pam_unix(su:session): session closed for user rubyman
May  5 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336376.
May  5 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Invalid user username from 170.64.215.35
May  5 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: input_userauth_request: invalid user username [preauth]
May  5 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for invalid user username from 170.64.215.35 port 58512 ssh2
May  5 21:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Connection closed by 170.64.215.35 port 58512 [preauth]
May  5 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21511]: pam_unix(cron:session): session closed for user root
May  5 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24695]: pam_unix(cron:session): session closed for user samftp
May  5 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Invalid user postgres from 170.64.215.35
May  5 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: input_userauth_request: invalid user postgres [preauth]
May  5 21:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Failed password for invalid user postgres from 170.64.215.35 port 40478 ssh2
May  5 21:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24945]: Connection closed by 170.64.215.35 port 40478 [preauth]
May  5 21:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Invalid user oscar from 170.64.215.35
May  5 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: input_userauth_request: invalid user oscar [preauth]
May  5 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Failed password for invalid user oscar from 170.64.215.35 port 40484 ssh2
May  5 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Connection closed by 170.64.215.35 port 40484 [preauth]
May  5 21:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Invalid user ec2-user from 170.64.215.35
May  5 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: input_userauth_request: invalid user ec2-user [preauth]
May  5 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Failed password for invalid user ec2-user from 170.64.215.35 port 60174 ssh2
May  5 21:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24986]: Connection closed by 170.64.215.35 port 60174 [preauth]
May  5 21:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Invalid user server from 170.64.215.35
May  5 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: input_userauth_request: invalid user server [preauth]
May  5 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Failed password for invalid user server from 170.64.215.35 port 60188 ssh2
May  5 21:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Connection closed by 170.64.215.35 port 60188 [preauth]
May  5 21:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: Invalid user dolphinscheduler from 170.64.215.35
May  5 21:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 21:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: Failed password for invalid user dolphinscheduler from 170.64.215.35 port 32966 ssh2
May  5 21:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: Connection closed by 170.64.215.35 port 32966 [preauth]
May  5 21:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Invalid user tomcat from 170.64.215.35
May  5 21:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: input_userauth_request: invalid user tomcat [preauth]
May  5 21:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for invalid user tomcat from 170.64.215.35 port 32974 ssh2
May  5 21:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Connection closed by 170.64.215.35 port 32974 [preauth]
May  5 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23707]: pam_unix(cron:session): session closed for user root
May  5 21:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25054]: Failed password for root from 170.64.215.35 port 53814 ssh2
May  5 21:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25054]: Connection closed by 170.64.215.35 port 53814 [preauth]
May  5 21:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Invalid user steam from 170.64.215.35
May  5 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: input_userauth_request: invalid user steam [preauth]
May  5 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Failed password for invalid user steam from 170.64.215.35 port 53834 ssh2
May  5 21:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25064]: Connection closed by 170.64.215.35 port 53834 [preauth]
May  5 21:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: Invalid user test from 170.64.215.35
May  5 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: input_userauth_request: invalid user test [preauth]
May  5 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: Failed password for invalid user test from 170.64.215.35 port 53846 ssh2
May  5 21:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25087]: Connection closed by 170.64.215.35 port 53846 [preauth]
May  5 21:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Failed password for root from 170.64.215.35 port 60752 ssh2
May  5 21:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25097]: Connection closed by 170.64.215.35 port 60752 [preauth]
May  5 21:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: Invalid user user2 from 170.64.215.35
May  5 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: input_userauth_request: invalid user user2 [preauth]
May  5 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: Failed password for invalid user user2 from 170.64.215.35 port 60760 ssh2
May  5 21:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25108]: Connection closed by 170.64.215.35 port 60760 [preauth]
May  5 21:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Invalid user dev from 170.64.215.35
May  5 21:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: input_userauth_request: invalid user dev [preauth]
May  5 21:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Failed password for invalid user dev from 170.64.215.35 port 52664 ssh2
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25118]: Connection closed by 170.64.215.35 port 52664 [preauth]
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25121]: pam_unix(cron:session): session closed for user p13x
May  5 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25187]: Successful su for rubyman by root
May  5 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25187]: + ??? root:rubyman
May  5 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336381 of user rubyman.
May  5 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25187]: pam_unix(su:session): session closed for user rubyman
May  5 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336381.
May  5 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: Invalid user gpuadmin from 170.64.215.35
May  5 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: input_userauth_request: invalid user gpuadmin [preauth]
May  5 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
May  5 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: Failed password for invalid user gpuadmin from 170.64.215.35 port 52686 ssh2
May  5 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: Connection closed by 170.64.215.35 port 52686 [preauth]
May  5 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25122]: pam_unix(cron:session): session closed for user samftp
May  5 21:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Invalid user es from 170.64.215.35
May  5 21:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: input_userauth_request: invalid user es [preauth]
May  5 21:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Failed password for invalid user es from 170.64.215.35 port 38824 ssh2
May  5 21:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25387]: Connection closed by 170.64.215.35 port 38824 [preauth]
May  5 21:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Failed password for root from 170.64.215.35 port 38826 ssh2
May  5 21:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Connection closed by 170.64.215.35 port 38826 [preauth]
May  5 21:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: Failed password for root from 170.64.215.35 port 44408 ssh2
May  5 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25421]: Connection closed by 170.64.215.35 port 44408 [preauth]
May  5 21:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Invalid user ubnt from 80.94.95.241
May  5 21:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: input_userauth_request: invalid user ubnt [preauth]
May  5 21:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: Invalid user odoo17 from 170.64.215.35
May  5 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: input_userauth_request: invalid user odoo17 [preauth]
May  5 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Failed password for invalid user ubnt from 80.94.95.241 port 26862 ssh2
May  5 21:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: Failed password for invalid user odoo17 from 170.64.215.35 port 44412 ssh2
May  5 21:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25433]: Connection closed by 170.64.215.35 port 44412 [preauth]
May  5 21:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Failed password for invalid user ubnt from 80.94.95.241 port 26862 ssh2
May  5 21:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Invalid user user from 170.64.215.35
May  5 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: input_userauth_request: invalid user user [preauth]
May  5 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Failed password for invalid user ubnt from 80.94.95.241 port 26862 ssh2
May  5 21:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Failed password for invalid user user from 170.64.215.35 port 44548 ssh2
May  5 21:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25456]: Connection closed by 170.64.215.35 port 44548 [preauth]
May  5 21:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Failed password for invalid user ubnt from 80.94.95.241 port 26862 ssh2
May  5 21:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Failed password for invalid user ubnt from 80.94.95.241 port 26862 ssh2
May  5 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Received disconnect from 80.94.95.241 port 26862:11: Bye [preauth]
May  5 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: Disconnected from 80.94.95.241 port 26862 [preauth]
May  5 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25431]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24250]: pam_unix(cron:session): session closed for user root
May  5 21:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: Failed password for root from 170.64.215.35 port 44556 ssh2
May  5 21:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25468]: Connection closed by 170.64.215.35 port 44556 [preauth]
May  5 21:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for root from 170.64.215.35 port 53008 ssh2
May  5 21:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Connection closed by 170.64.215.35 port 53008 [preauth]
May  5 21:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Invalid user user from 170.64.215.35
May  5 21:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: input_userauth_request: invalid user user [preauth]
May  5 21:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Failed password for invalid user user from 170.64.215.35 port 53016 ssh2
May  5 21:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Connection closed by 170.64.215.35 port 53016 [preauth]
May  5 21:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Invalid user jumpserver from 170.64.215.35
May  5 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: input_userauth_request: invalid user jumpserver [preauth]
May  5 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Failed password for invalid user jumpserver from 170.64.215.35 port 35664 ssh2
May  5 21:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25540]: Connection closed by 170.64.215.35 port 35664 [preauth]
May  5 21:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Failed password for root from 170.64.215.35 port 35680 ssh2
May  5 21:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25543]: Connection closed by 170.64.215.35 port 35680 [preauth]
May  5 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Invalid user appuser from 170.64.215.35
May  5 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: input_userauth_request: invalid user appuser [preauth]
May  5 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Failed password for invalid user appuser from 170.64.215.35 port 42380 ssh2
May  5 21:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25556]: Connection closed by 170.64.215.35 port 42380 [preauth]
May  5 21:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: Invalid user user from 170.64.215.35
May  5 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: input_userauth_request: invalid user user [preauth]
May  5 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25579]: pam_unix(cron:session): session closed for user root
May  5 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25574]: pam_unix(cron:session): session closed for user p13x
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25678]: Successful su for rubyman by root
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25678]: + ??? root:rubyman
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336383 of user rubyman.
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25678]: pam_unix(su:session): session closed for user rubyman
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336383.
May  5 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: Failed password for invalid user user from 170.64.215.35 port 42386 ssh2
May  5 21:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25566]: Connection closed by 170.64.215.35 port 42386 [preauth]
May  5 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25576]: pam_unix(cron:session): session closed for user root
May  5 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22714]: pam_unix(cron:session): session closed for user root
May  5 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Invalid user stream from 170.64.215.35
May  5 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: input_userauth_request: invalid user stream [preauth]
May  5 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25575]: pam_unix(cron:session): session closed for user samftp
May  5 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Failed password for invalid user stream from 170.64.215.35 port 50540 ssh2
May  5 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25882]: Connection closed by 170.64.215.35 port 50540 [preauth]
May  5 21:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Invalid user ranger from 170.64.215.35
May  5 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: input_userauth_request: invalid user ranger [preauth]
May  5 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Failed password for invalid user ranger from 170.64.215.35 port 50566 ssh2
May  5 21:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25946]: Connection closed by 170.64.215.35 port 50566 [preauth]
May  5 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Invalid user elasticsearch from 170.64.215.35
May  5 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Failed password for invalid user elasticsearch from 170.64.215.35 port 50584 ssh2
May  5 21:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25968]: Connection closed by 170.64.215.35 port 50584 [preauth]
May  5 21:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: Invalid user plexserver from 170.64.215.35
May  5 21:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: input_userauth_request: invalid user plexserver [preauth]
May  5 21:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: Failed password for invalid user plexserver from 170.64.215.35 port 45246 ssh2
May  5 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25985]: Connection closed by 170.64.215.35 port 45246 [preauth]
May  5 21:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Invalid user jfedu1 from 170.64.215.35
May  5 21:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: input_userauth_request: invalid user jfedu1 [preauth]
May  5 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Failed password for invalid user jfedu1 from 170.64.215.35 port 45258 ssh2
May  5 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25987]: Connection closed by 170.64.215.35 port 45258 [preauth]
May  5 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Invalid user dev from 170.64.215.35
May  5 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: input_userauth_request: invalid user dev [preauth]
May  5 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Failed password for invalid user dev from 170.64.215.35 port 60242 ssh2
May  5 21:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26010]: Connection closed by 170.64.215.35 port 60242 [preauth]
May  5 21:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Invalid user kingbase from 170.64.215.35
May  5 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: input_userauth_request: invalid user kingbase [preauth]
May  5 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24698]: pam_unix(cron:session): session closed for user root
May  5 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user kingbase from 170.64.215.35 port 60264 ssh2
May  5 21:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Connection closed by 170.64.215.35 port 60264 [preauth]
May  5 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Failed password for root from 170.64.215.35 port 52608 ssh2
May  5 21:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26056]: Connection closed by 170.64.215.35 port 52608 [preauth]
May  5 21:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Invalid user g from 170.64.215.35
May  5 21:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: input_userauth_request: invalid user g [preauth]
May  5 21:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for invalid user g from 170.64.215.35 port 52618 ssh2
May  5 21:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Connection closed by 170.64.215.35 port 52618 [preauth]
May  5 21:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Invalid user minecraft from 170.64.215.35
May  5 21:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: input_userauth_request: invalid user minecraft [preauth]
May  5 21:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for invalid user minecraft from 170.64.215.35 port 37310 ssh2
May  5 21:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Connection closed by 170.64.215.35 port 37310 [preauth]
May  5 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Invalid user admin from 170.64.215.35
May  5 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: input_userauth_request: invalid user admin [preauth]
May  5 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Failed password for invalid user admin from 170.64.215.35 port 37322 ssh2
May  5 21:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26102]: Connection closed by 170.64.215.35 port 37322 [preauth]
May  5 21:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: Invalid user gitlab-runner from 170.64.215.35
May  5 21:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 21:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: Failed password for invalid user gitlab-runner from 170.64.215.35 port 42768 ssh2
May  5 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26113]: Connection closed by 170.64.215.35 port 42768 [preauth]
May  5 21:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Invalid user admin from 170.64.215.35
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: input_userauth_request: invalid user admin [preauth]
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user p13x
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26193]: Successful su for rubyman by root
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26193]: + ??? root:rubyman
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336389 of user rubyman.
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26193]: pam_unix(su:session): session closed for user rubyman
May  5 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336389.
May  5 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Failed password for invalid user admin from 170.64.215.35 port 42784 ssh2
May  5 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: Connection closed by 170.64.215.35 port 42784 [preauth]
May  5 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session closed for user root
May  5 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session closed for user samftp
May  5 21:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Failed password for root from 170.64.215.35 port 52158 ssh2
May  5 21:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Connection closed by 170.64.215.35 port 52158 [preauth]
May  5 21:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Invalid user admin from 170.64.215.35
May  5 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: input_userauth_request: invalid user admin [preauth]
May  5 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Failed password for invalid user admin from 170.64.215.35 port 52174 ssh2
May  5 21:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Connection closed by 170.64.215.35 port 52174 [preauth]
May  5 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: User ftp from 170.64.215.35 not allowed because not listed in AllowUsers
May  5 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: input_userauth_request: invalid user ftp [preauth]
May  5 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=ftp
May  5 21:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Failed password for invalid user ftp from 170.64.215.35 port 52182 ssh2
May  5 21:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Connection closed by 170.64.215.35 port 52182 [preauth]
May  5 21:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Invalid user es from 170.64.215.35
May  5 21:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: input_userauth_request: invalid user es [preauth]
May  5 21:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Failed password for invalid user es from 170.64.215.35 port 40570 ssh2
May  5 21:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Connection closed by 170.64.215.35 port 40570 [preauth]
May  5 21:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: Invalid user hadoop from 170.64.215.35
May  5 21:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: input_userauth_request: invalid user hadoop [preauth]
May  5 21:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: Failed password for invalid user hadoop from 170.64.215.35 port 40582 ssh2
May  5 21:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26434]: Connection closed by 170.64.215.35 port 40582 [preauth]
May  5 21:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26529]: Failed password for root from 170.64.215.35 port 47902 ssh2
May  5 21:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26529]: Connection closed by 170.64.215.35 port 47902 [preauth]
May  5 21:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25126]: pam_unix(cron:session): session closed for user root
May  5 21:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Failed password for root from 170.64.215.35 port 47904 ssh2
May  5 21:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26541]: Connection closed by 170.64.215.35 port 47904 [preauth]
May  5 21:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Failed password for root from 170.64.215.35 port 49490 ssh2
May  5 21:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Connection closed by 170.64.215.35 port 49490 [preauth]
May  5 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Invalid user www from 170.64.215.35
May  5 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: input_userauth_request: invalid user www [preauth]
May  5 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Failed password for invalid user www from 170.64.215.35 port 49502 ssh2
May  5 21:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26574]: Connection closed by 170.64.215.35 port 49502 [preauth]
May  5 21:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Invalid user admin from 170.64.215.35
May  5 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: input_userauth_request: invalid user admin [preauth]
May  5 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Failed password for invalid user admin from 170.64.215.35 port 59702 ssh2
May  5 21:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26598]: Connection closed by 170.64.215.35 port 59702 [preauth]
May  5 21:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Invalid user master from 170.64.215.35
May  5 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: input_userauth_request: invalid user master [preauth]
May  5 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Failed password for invalid user master from 170.64.215.35 port 59712 ssh2
May  5 21:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Connection closed by 170.64.215.35 port 59712 [preauth]
May  5 21:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Failed password for root from 170.64.215.35 port 35694 ssh2
May  5 21:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26619]: Connection closed by 170.64.215.35 port 35694 [preauth]
May  5 21:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Invalid user oracle from 170.64.215.35
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: input_userauth_request: invalid user oracle [preauth]
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26632]: pam_unix(cron:session): session closed for user p13x
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26698]: Successful su for rubyman by root
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26698]: + ??? root:rubyman
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336395 of user rubyman.
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26698]: pam_unix(su:session): session closed for user rubyman
May  5 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336395.
May  5 21:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Failed password for invalid user oracle from 170.64.215.35 port 35698 ssh2
May  5 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26629]: Connection closed by 170.64.215.35 port 35698 [preauth]
May  5 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23706]: pam_unix(cron:session): session closed for user root
May  5 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26633]: pam_unix(cron:session): session closed for user samftp
May  5 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Failed password for root from 170.64.215.35 port 58234 ssh2
May  5 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Connection closed by 170.64.215.35 port 58234 [preauth]
May  5 21:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: User mysql from 170.64.215.35 not allowed because not listed in AllowUsers
May  5 21:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: input_userauth_request: invalid user mysql [preauth]
May  5 21:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=mysql
May  5 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: Failed password for invalid user mysql from 170.64.215.35 port 58248 ssh2
May  5 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: Connection closed by 170.64.215.35 port 58248 [preauth]
May  5 21:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26918]: Failed password for root from 170.64.215.35 port 58264 ssh2
May  5 21:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26918]: Connection closed by 170.64.215.35 port 58264 [preauth]
May  5 21:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Invalid user postgres from 170.64.215.35
May  5 21:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: input_userauth_request: invalid user postgres [preauth]
May  5 21:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Failed password for invalid user postgres from 170.64.215.35 port 46590 ssh2
May  5 21:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Connection closed by 170.64.215.35 port 46590 [preauth]
May  5 21:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Invalid user opc from 170.64.215.35
May  5 21:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: input_userauth_request: invalid user opc [preauth]
May  5 21:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Failed password for invalid user opc from 170.64.215.35 port 46606 ssh2
May  5 21:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Connection closed by 170.64.215.35 port 46606 [preauth]
May  5 21:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Invalid user kingbase from 170.64.215.35
May  5 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: input_userauth_request: invalid user kingbase [preauth]
May  5 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: Failed password for root from 27.111.32.174 port 50282 ssh2
May  5 21:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Failed password for invalid user kingbase from 170.64.215.35 port 59212 ssh2
May  5 21:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: Received disconnect from 27.111.32.174 port 50282:11: Bye Bye [preauth]
May  5 21:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26993]: Disconnected from 27.111.32.174 port 50282 [preauth]
May  5 21:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Connection closed by 170.64.215.35 port 59212 [preauth]
May  5 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: Invalid user git from 170.64.215.35
May  5 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: input_userauth_request: invalid user git [preauth]
May  5 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25578]: pam_unix(cron:session): session closed for user root
May  5 21:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: Failed password for invalid user git from 170.64.215.35 port 59226 ssh2
May  5 21:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27008]: Connection closed by 170.64.215.35 port 59226 [preauth]
May  5 21:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Invalid user deploy from 170.64.215.35
May  5 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: input_userauth_request: invalid user deploy [preauth]
May  5 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Failed password for invalid user deploy from 170.64.215.35 port 48700 ssh2
May  5 21:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27054]: Connection closed by 170.64.215.35 port 48700 [preauth]
May  5 21:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Invalid user developer from 170.64.215.35
May  5 21:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: input_userauth_request: invalid user developer [preauth]
May  5 21:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Failed password for invalid user developer from 170.64.215.35 port 48702 ssh2
May  5 21:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Connection closed by 170.64.215.35 port 48702 [preauth]
May  5 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: Invalid user centos from 170.64.215.35
May  5 21:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: input_userauth_request: invalid user centos [preauth]
May  5 21:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: Failed password for invalid user centos from 170.64.215.35 port 38646 ssh2
May  5 21:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27102]: Connection closed by 170.64.215.35 port 38646 [preauth]
May  5 21:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: User backup from 170.64.215.35 not allowed because not listed in AllowUsers
May  5 21:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: input_userauth_request: invalid user backup [preauth]
May  5 21:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=backup
May  5 21:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Failed password for invalid user backup from 170.64.215.35 port 38668 ssh2
May  5 21:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27104]: Connection closed by 170.64.215.35 port 38668 [preauth]
May  5 21:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Invalid user ftpuser from 170.64.215.35
May  5 21:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: input_userauth_request: invalid user ftpuser [preauth]
May  5 21:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Failed password for invalid user ftpuser from 170.64.215.35 port 50694 ssh2
May  5 21:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27116]: Connection closed by 170.64.215.35 port 50694 [preauth]
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session closed for user p13x
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: Successful su for rubyman by root
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: + ??? root:rubyman
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336397 of user rubyman.
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: pam_unix(su:session): session closed for user rubyman
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336397.
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: User mysql from 170.64.215.35 not allowed because not listed in AllowUsers
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: input_userauth_request: invalid user mysql [preauth]
May  5 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=mysql
May  5 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24249]: pam_unix(cron:session): session closed for user root
May  5 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Failed password for invalid user mysql from 170.64.215.35 port 50708 ssh2
May  5 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Connection closed by 170.64.215.35 port 50708 [preauth]
May  5 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27133]: pam_unix(cron:session): session closed for user samftp
May  5 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Failed password for root from 170.64.215.35 port 45942 ssh2
May  5 21:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Connection closed by 170.64.215.35 port 45942 [preauth]
May  5 21:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for root from 170.64.215.35 port 45954 ssh2
May  5 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Connection closed by 170.64.215.35 port 45954 [preauth]
May  5 21:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Invalid user lsfadmin from 170.64.215.35
May  5 21:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: input_userauth_request: invalid user lsfadmin [preauth]
May  5 21:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Failed password for invalid user lsfadmin from 170.64.215.35 port 47920 ssh2
May  5 21:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27477]: Connection closed by 170.64.215.35 port 47920 [preauth]
May  5 21:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Invalid user ubuntu from 170.64.215.35
May  5 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: input_userauth_request: invalid user ubuntu [preauth]
May  5 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Failed password for invalid user ubuntu from 170.64.215.35 port 47932 ssh2
May  5 21:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27493]: Connection closed by 170.64.215.35 port 47932 [preauth]
May  5 21:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: Invalid user git from 170.64.215.35
May  5 21:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: input_userauth_request: invalid user git [preauth]
May  5 21:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: Failed password for invalid user git from 170.64.215.35 port 47936 ssh2
May  5 21:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27519]: Connection closed by 170.64.215.35 port 47936 [preauth]
May  5 21:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Invalid user nginx from 170.64.215.35
May  5 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: input_userauth_request: invalid user nginx [preauth]
May  5 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Failed password for invalid user nginx from 170.64.215.35 port 50454 ssh2
May  5 21:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27523]: Connection closed by 170.64.215.35 port 50454 [preauth]
May  5 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session closed for user root
May  5 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for root from 170.64.215.35 port 50464 ssh2
May  5 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Connection closed by 170.64.215.35 port 50464 [preauth]
May  5 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: Invalid user sonar from 170.64.215.35
May  5 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: input_userauth_request: invalid user sonar [preauth]
May  5 21:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: Failed password for invalid user sonar from 170.64.215.35 port 36808 ssh2
May  5 21:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27571]: Connection closed by 170.64.215.35 port 36808 [preauth]
May  5 21:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Invalid user demo from 170.64.215.35
May  5 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: input_userauth_request: invalid user demo [preauth]
May  5 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Failed password for invalid user demo from 170.64.215.35 port 36814 ssh2
May  5 21:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Connection closed by 170.64.215.35 port 36814 [preauth]
May  5 21:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Invalid user nvidia from 170.64.215.35
May  5 21:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: input_userauth_request: invalid user nvidia [preauth]
May  5 21:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Failed password for invalid user nvidia from 170.64.215.35 port 33442 ssh2
May  5 21:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27607]: Connection closed by 170.64.215.35 port 33442 [preauth]
May  5 21:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Invalid user gitlab from 170.64.215.35
May  5 21:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: input_userauth_request: invalid user gitlab [preauth]
May  5 21:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Failed password for invalid user gitlab from 170.64.215.35 port 33448 ssh2
May  5 21:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Connection closed by 170.64.215.35 port 33448 [preauth]
May  5 21:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Invalid user test from 170.64.215.35
May  5 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: input_userauth_request: invalid user test [preauth]
May  5 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Failed password for invalid user test from 170.64.215.35 port 34928 ssh2
May  5 21:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Connection closed by 170.64.215.35 port 34928 [preauth]
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session closed for user p13x
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: Successful su for rubyman by root
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: + ??? root:rubyman
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336403 of user rubyman.
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27708]: pam_unix(su:session): session closed for user rubyman
May  5 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336403.
May  5 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Invalid user zabbix from 170.64.215.35
May  5 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: input_userauth_request: invalid user zabbix [preauth]
May  5 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Failed password for invalid user zabbix from 170.64.215.35 port 34944 ssh2
May  5 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24696]: pam_unix(cron:session): session closed for user root
May  5 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Connection closed by 170.64.215.35 port 34944 [preauth]
May  5 21:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session closed for user samftp
May  5 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Failed password for root from 170.64.215.35 port 48620 ssh2
May  5 21:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27889]: Connection closed by 170.64.215.35 port 48620 [preauth]
May  5 21:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Invalid user uftp from 170.64.215.35
May  5 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: input_userauth_request: invalid user uftp [preauth]
May  5 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Failed password for invalid user uftp from 170.64.215.35 port 48632 ssh2
May  5 21:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Connection closed by 170.64.215.35 port 48632 [preauth]
May  5 21:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: Failed password for root from 170.64.215.35 port 38758 ssh2
May  5 21:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27923]: Connection closed by 170.64.215.35 port 38758 [preauth]
May  5 21:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Invalid user observer from 170.64.215.35
May  5 21:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: input_userauth_request: invalid user observer [preauth]
May  5 21:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Failed password for invalid user observer from 170.64.215.35 port 38772 ssh2
May  5 21:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27934]: Connection closed by 170.64.215.35 port 38772 [preauth]
May  5 21:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: Invalid user www from 170.64.215.35
May  5 21:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: input_userauth_request: invalid user www [preauth]
May  5 21:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 21:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: Failed password for invalid user www from 170.64.215.35 port 56644 ssh2
May  5 21:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Failed password for root from 164.68.105.9 port 42782 ssh2
May  5 21:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27960]: Connection closed by 170.64.215.35 port 56644 [preauth]
May  5 21:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27962]: Connection closed by 164.68.105.9 port 42782 [preauth]
May  5 21:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Failed password for root from 170.64.215.35 port 56660 ssh2
May  5 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27973]: Connection closed by 170.64.215.35 port 56660 [preauth]
May  5 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26635]: pam_unix(cron:session): session closed for user root
May  5 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: Invalid user data from 170.64.215.35
May  5 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: input_userauth_request: invalid user data [preauth]
May  5 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: Failed password for invalid user data from 170.64.215.35 port 56676 ssh2
May  5 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28001]: Connection closed by 170.64.215.35 port 56676 [preauth]
May  5 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Invalid user lighthouse from 170.64.215.35
May  5 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: input_userauth_request: invalid user lighthouse [preauth]
May  5 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Failed password for invalid user lighthouse from 170.64.215.35 port 34816 ssh2
May  5 21:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Connection closed by 170.64.215.35 port 34816 [preauth]
May  5 21:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Invalid user gitlab from 170.64.215.35
May  5 21:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: input_userauth_request: invalid user gitlab [preauth]
May  5 21:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Failed password for invalid user gitlab from 170.64.215.35 port 34832 ssh2
May  5 21:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28021]: Connection closed by 170.64.215.35 port 34832 [preauth]
May  5 21:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: Invalid user minecraft from 170.64.215.35
May  5 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: input_userauth_request: invalid user minecraft [preauth]
May  5 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: Failed password for invalid user minecraft from 170.64.215.35 port 36350 ssh2
May  5 21:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: Connection closed by 170.64.215.35 port 36350 [preauth]
May  5 21:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Invalid user system from 170.64.215.35
May  5 21:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: input_userauth_request: invalid user system [preauth]
May  5 21:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Failed password for invalid user system from 170.64.215.35 port 36354 ssh2
May  5 21:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28055]: Connection closed by 170.64.215.35 port 36354 [preauth]
May  5 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Invalid user elasticsearch from 170.64.215.35
May  5 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: input_userauth_request: invalid user elasticsearch [preauth]
May  5 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: pam_unix(sshd:auth): check pass; user unknown
May  5 21:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 21:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 21:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 21:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Failed password for invalid user elasticsearch from 170.64.215.35 port 60676 ssh2
May  5 21:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28066]: Connection closed by 170.64.215.35 port 60676 [preauth]
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28085]: pam_unix(cron:session): session closed for user root
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28081]: pam_unix(cron:session): session closed for user root
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28079]: pam_unix(cron:session): session closed for user p13x
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Failed password for root from 46.148.227.157 port 59628 ssh2
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Received disconnect from 46.148.227.157 port 59628:11: Bye Bye [preauth]
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28068]: Disconnected from 46.148.227.157 port 59628 [preauth]
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: Successful su for rubyman by root
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: + ??? root:rubyman
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336408 of user rubyman.
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: pam_unix(su:session): session closed for user rubyman
May  5 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336408.
May  5 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Invalid user jms from 170.64.215.35
May  5 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: input_userauth_request: invalid user jms [preauth]
May  5 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28082]: pam_unix(cron:session): session closed for user root
May  5 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Failed password for invalid user jms from 170.64.215.35 port 60682 ssh2
May  5 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28194]: Connection closed by 170.64.215.35 port 60682 [preauth]
May  5 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25125]: pam_unix(cron:session): session closed for user root
May  5 22:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28080]: pam_unix(cron:session): session closed for user samftp
May  5 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: Failed password for root from 170.64.215.35 port 52862 ssh2
May  5 22:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28390]: Connection closed by 170.64.215.35 port 52862 [preauth]
May  5 22:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for root from 170.64.215.35 port 52870 ssh2
May  5 22:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Connection closed by 170.64.215.35 port 52870 [preauth]
May  5 22:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: Invalid user debian from 170.64.215.35
May  5 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: input_userauth_request: invalid user debian [preauth]
May  5 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: Failed password for invalid user debian from 170.64.215.35 port 37968 ssh2
May  5 22:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28436]: Connection closed by 170.64.215.35 port 37968 [preauth]
May  5 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28445]: Failed password for root from 170.64.215.35 port 37972 ssh2
May  5 22:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28445]: Connection closed by 170.64.215.35 port 37972 [preauth]
May  5 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Invalid user user from 170.64.215.35
May  5 22:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: input_userauth_request: invalid user user [preauth]
May  5 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Failed password for invalid user user from 170.64.215.35 port 36440 ssh2
May  5 22:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Connection closed by 170.64.215.35 port 36440 [preauth]
May  5 22:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Invalid user ansible from 170.64.215.35
May  5 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: input_userauth_request: invalid user ansible [preauth]
May  5 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Failed password for invalid user ansible from 170.64.215.35 port 36450 ssh2
May  5 22:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28473]: Connection closed by 170.64.215.35 port 36450 [preauth]
May  5 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27135]: pam_unix(cron:session): session closed for user root
May  5 22:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: Invalid user uftp from 170.64.215.35
May  5 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: input_userauth_request: invalid user uftp [preauth]
May  5 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: Failed password for invalid user uftp from 170.64.215.35 port 50878 ssh2
May  5 22:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: Connection closed by 170.64.215.35 port 50878 [preauth]
May  5 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: Invalid user user1 from 170.64.215.35
May  5 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: input_userauth_request: invalid user user1 [preauth]
May  5 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: Failed password for invalid user user1 from 170.64.215.35 port 50882 ssh2
May  5 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28549]: Connection closed by 170.64.215.35 port 50882 [preauth]
May  5 22:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: Invalid user postgres from 170.64.215.35
May  5 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: input_userauth_request: invalid user postgres [preauth]
May  5 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: Failed password for invalid user postgres from 170.64.215.35 port 50888 ssh2
May  5 22:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28571]: Connection closed by 170.64.215.35 port 50888 [preauth]
May  5 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: Invalid user gitlab-runner from 170.64.215.35
May  5 22:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: input_userauth_request: invalid user gitlab-runner [preauth]
May  5 22:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: Failed password for invalid user gitlab-runner from 170.64.215.35 port 47276 ssh2
May  5 22:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28581]: Connection closed by 170.64.215.35 port 47276 [preauth]
May  5 22:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: Invalid user postgres from 170.64.215.35
May  5 22:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: input_userauth_request: invalid user postgres [preauth]
May  5 22:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: Failed password for invalid user postgres from 170.64.215.35 port 47282 ssh2
May  5 22:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28595]: Connection closed by 170.64.215.35 port 47282 [preauth]
May  5 22:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Invalid user ubnt from 170.64.215.35
May  5 22:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: input_userauth_request: invalid user ubnt [preauth]
May  5 22:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Failed password for invalid user ubnt from 170.64.215.35 port 48026 ssh2
May  5 22:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Connection closed by 170.64.215.35 port 48026 [preauth]
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28609]: pam_unix(cron:session): session closed for user p13x
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: Successful su for rubyman by root
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: + ??? root:rubyman
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336413 of user rubyman.
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: pam_unix(su:session): session closed for user rubyman
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336413.
May  5 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: Invalid user steam from 170.64.215.35
May  5 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: input_userauth_request: invalid user steam [preauth]
May  5 22:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: Failed password for invalid user steam from 170.64.215.35 port 48038 ssh2
May  5 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28697]: Connection closed by 170.64.215.35 port 48038 [preauth]
May  5 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25577]: pam_unix(cron:session): session closed for user root
May  5 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28610]: pam_unix(cron:session): session closed for user samftp
May  5 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Failed password for root from 170.64.215.35 port 46052 ssh2
May  5 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Connection closed by 170.64.215.35 port 46052 [preauth]
May  5 22:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28874]: Failed password for root from 170.64.215.35 port 46078 ssh2
May  5 22:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28874]: Connection closed by 170.64.215.35 port 46078 [preauth]
May  5 22:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Invalid user ts from 170.64.215.35
May  5 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: input_userauth_request: invalid user ts [preauth]
May  5 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Failed password for invalid user ts from 170.64.215.35 port 47946 ssh2
May  5 22:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28904]: Connection closed by 170.64.215.35 port 47946 [preauth]
May  5 22:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: Invalid user plex from 170.64.215.35
May  5 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: input_userauth_request: invalid user plex [preauth]
May  5 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: Failed password for invalid user plex from 170.64.215.35 port 47952 ssh2
May  5 22:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28914]: Connection closed by 170.64.215.35 port 47952 [preauth]
May  5 22:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Invalid user developer from 170.64.215.35
May  5 22:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: input_userauth_request: invalid user developer [preauth]
May  5 22:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for invalid user developer from 170.64.215.35 port 49812 ssh2
May  5 22:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Connection closed by 170.64.215.35 port 49812 [preauth]
May  5 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Invalid user amir from 170.64.215.35
May  5 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: input_userauth_request: invalid user amir [preauth]
May  5 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user amir from 170.64.215.35 port 49820 ssh2
May  5 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session closed for user root
May  5 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Connection closed by 170.64.215.35 port 49820 [preauth]
May  5 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: Invalid user wso2 from 170.64.215.35
May  5 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: input_userauth_request: invalid user wso2 [preauth]
May  5 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: Failed password for invalid user wso2 from 170.64.215.35 port 49832 ssh2
May  5 22:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28972]: Connection closed by 170.64.215.35 port 49832 [preauth]
May  5 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: Invalid user solr from 170.64.215.35
May  5 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: input_userauth_request: invalid user solr [preauth]
May  5 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: Failed password for invalid user solr from 170.64.215.35 port 52574 ssh2
May  5 22:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28982]: Connection closed by 170.64.215.35 port 52574 [preauth]
May  5 22:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Invalid user es from 170.64.215.35
May  5 22:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: input_userauth_request: invalid user es [preauth]
May  5 22:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Failed password for invalid user es from 170.64.215.35 port 52590 ssh2
May  5 22:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28999]: Connection closed by 170.64.215.35 port 52590 [preauth]
May  5 22:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Failed password for root from 170.64.215.35 port 40674 ssh2
May  5 22:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Connection closed by 170.64.215.35 port 40674 [preauth]
May  5 22:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Invalid user hadoop from 170.64.215.35
May  5 22:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: input_userauth_request: invalid user hadoop [preauth]
May  5 22:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Failed password for invalid user hadoop from 170.64.215.35 port 40686 ssh2
May  5 22:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Connection closed by 170.64.215.35 port 40686 [preauth]
May  5 22:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Failed password for root from 170.64.215.35 port 47420 ssh2
May  5 22:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29123]: Connection closed by 170.64.215.35 port 47420 [preauth]
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29126]: pam_unix(cron:session): session closed for user p13x
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29203]: Successful su for rubyman by root
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29203]: + ??? root:rubyman
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336417 of user rubyman.
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29203]: pam_unix(su:session): session closed for user rubyman
May  5 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336417.
May  5 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Invalid user vagrant from 170.64.215.35
May  5 22:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: input_userauth_request: invalid user vagrant [preauth]
May  5 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session closed for user root
May  5 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Failed password for invalid user vagrant from 170.64.215.35 port 47426 ssh2
May  5 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Connection closed by 170.64.215.35 port 47426 [preauth]
May  5 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29128]: pam_unix(cron:session): session closed for user samftp
May  5 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Invalid user yealink from 170.64.215.35
May  5 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: input_userauth_request: invalid user yealink [preauth]
May  5 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Failed password for invalid user yealink from 170.64.215.35 port 47396 ssh2
May  5 22:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29396]: Connection closed by 170.64.215.35 port 47396 [preauth]
May  5 22:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Invalid user odoo16 from 170.64.215.35
May  5 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: input_userauth_request: invalid user odoo16 [preauth]
May  5 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Failed password for invalid user odoo16 from 170.64.215.35 port 47402 ssh2
May  5 22:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Connection closed by 170.64.215.35 port 47402 [preauth]
May  5 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Invalid user git from 170.64.215.35
May  5 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: input_userauth_request: invalid user git [preauth]
May  5 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Failed password for invalid user git from 170.64.215.35 port 44790 ssh2
May  5 22:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29431]: Connection closed by 170.64.215.35 port 44790 [preauth]
May  5 22:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: Failed password for root from 170.64.215.35 port 44798 ssh2
May  5 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: Connection closed by 170.64.215.35 port 44798 [preauth]
May  5 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Invalid user bot from 170.64.215.35
May  5 22:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: input_userauth_request: invalid user bot [preauth]
May  5 22:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Failed password for invalid user bot from 170.64.215.35 port 58272 ssh2
May  5 22:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29467]: Connection closed by 170.64.215.35 port 58272 [preauth]
May  5 22:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Invalid user guest from 170.64.215.35
May  5 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: input_userauth_request: invalid user guest [preauth]
May  5 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Failed password for invalid user guest from 170.64.215.35 port 58294 ssh2
May  5 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29477]: Connection closed by 170.64.215.35 port 58294 [preauth]
May  5 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session closed for user root
May  5 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Invalid user pi from 170.64.215.35
May  5 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: input_userauth_request: invalid user pi [preauth]
May  5 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Failed password for invalid user pi from 170.64.215.35 port 58308 ssh2
May  5 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29508]: Connection closed by 170.64.215.35 port 58308 [preauth]
May  5 22:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Invalid user esuser from 170.64.215.35
May  5 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: input_userauth_request: invalid user esuser [preauth]
May  5 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Failed password for invalid user esuser from 170.64.215.35 port 48962 ssh2
May  5 22:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29513]: Connection closed by 170.64.215.35 port 48962 [preauth]
May  5 22:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: Invalid user centos from 170.64.215.35
May  5 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: input_userauth_request: invalid user centos [preauth]
May  5 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: Failed password for invalid user centos from 170.64.215.35 port 48974 ssh2
May  5 22:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: Connection closed by 170.64.215.35 port 48974 [preauth]
May  5 22:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: Invalid user fastuser from 170.64.215.35
May  5 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: input_userauth_request: invalid user fastuser [preauth]
May  5 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: Failed password for invalid user fastuser from 170.64.215.35 port 46162 ssh2
May  5 22:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29548]: Connection closed by 170.64.215.35 port 46162 [preauth]
May  5 22:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Invalid user mongo from 170.64.215.35
May  5 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: input_userauth_request: invalid user mongo [preauth]
May  5 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Failed password for invalid user mongo from 170.64.215.35 port 46180 ssh2
May  5 22:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29560]: Connection closed by 170.64.215.35 port 46180 [preauth]
May  5 22:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: Invalid user postgres from 170.64.215.35
May  5 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: input_userauth_request: invalid user postgres [preauth]
May  5 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: Failed password for invalid user postgres from 170.64.215.35 port 36444 ssh2
May  5 22:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29571]: Connection closed by 170.64.215.35 port 36444 [preauth]
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session closed for user p13x
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29646]: Successful su for rubyman by root
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29646]: + ??? root:rubyman
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336421 of user rubyman.
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29646]: pam_unix(su:session): session closed for user rubyman
May  5 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336421.
May  5 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Invalid user apache from 170.64.215.35
May  5 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: input_userauth_request: invalid user apache [preauth]
May  5 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26634]: pam_unix(cron:session): session closed for user root
May  5 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Failed password for invalid user apache from 170.64.215.35 port 36446 ssh2
May  5 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Connection closed by 170.64.215.35 port 36446 [preauth]
May  5 22:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user samftp
May  5 22:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Failed password for root from 170.64.215.35 port 57422 ssh2
May  5 22:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Connection closed by 170.64.215.35 port 57422 [preauth]
May  5 22:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: Failed password for root from 170.64.215.35 port 57440 ssh2
May  5 22:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29846]: Connection closed by 170.64.215.35 port 57440 [preauth]
May  5 22:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Invalid user bigdata from 170.64.215.35
May  5 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: input_userauth_request: invalid user bigdata [preauth]
May  5 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Failed password for invalid user bigdata from 170.64.215.35 port 47858 ssh2
May  5 22:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Connection closed by 170.64.215.35 port 47858 [preauth]
May  5 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Invalid user runner from 170.64.215.35
May  5 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: input_userauth_request: invalid user runner [preauth]
May  5 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Failed password for invalid user runner from 170.64.215.35 port 47870 ssh2
May  5 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29873]: Connection closed by 170.64.215.35 port 47870 [preauth]
May  5 22:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Invalid user sonar from 170.64.215.35
May  5 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: input_userauth_request: invalid user sonar [preauth]
May  5 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user sonar from 170.64.215.35 port 57114 ssh2
May  5 22:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Connection closed by 170.64.215.35 port 57114 [preauth]
May  5 22:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29908]: Failed password for root from 170.64.215.35 port 57122 ssh2
May  5 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28612]: pam_unix(cron:session): session closed for user root
May  5 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29908]: Connection closed by 170.64.215.35 port 57122 [preauth]
May  5 22:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Invalid user factorio from 170.64.215.35
May  5 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: input_userauth_request: invalid user factorio [preauth]
May  5 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Failed password for invalid user factorio from 170.64.215.35 port 45506 ssh2
May  5 22:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29941]: Connection closed by 170.64.215.35 port 45506 [preauth]
May  5 22:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Invalid user openvpn from 170.64.215.35
May  5 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: input_userauth_request: invalid user openvpn [preauth]
May  5 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Failed password for invalid user openvpn from 170.64.215.35 port 45514 ssh2
May  5 22:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29953]: Connection closed by 170.64.215.35 port 45514 [preauth]
May  5 22:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: Invalid user app from 170.64.215.35
May  5 22:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: input_userauth_request: invalid user app [preauth]
May  5 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: Failed password for invalid user app from 170.64.215.35 port 45524 ssh2
May  5 22:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29979]: Connection closed by 170.64.215.35 port 45524 [preauth]
May  5 22:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Failed password for root from 170.64.215.35 port 51898 ssh2
May  5 22:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29990]: Connection closed by 170.64.215.35 port 51898 [preauth]
May  5 22:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Invalid user oracle from 170.64.215.35
May  5 22:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: input_userauth_request: invalid user oracle [preauth]
May  5 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Failed password for invalid user oracle from 170.64.215.35 port 51910 ssh2
May  5 22:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30000]: Connection closed by 170.64.215.35 port 51910 [preauth]
May  5 22:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Invalid user debian from 170.64.215.35
May  5 22:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: input_userauth_request: invalid user debian [preauth]
May  5 22:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Failed password for invalid user debian from 170.64.215.35 port 43092 ssh2
May  5 22:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Connection closed by 170.64.215.35 port 43092 [preauth]
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30015]: pam_unix(cron:session): session closed for user p13x
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: Successful su for rubyman by root
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: + ??? root:rubyman
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336425 of user rubyman.
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: pam_unix(su:session): session closed for user rubyman
May  5 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336425.
May  5 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27134]: pam_unix(cron:session): session closed for user root
May  5 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Failed password for root from 170.64.215.35 port 43118 ssh2
May  5 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30139]: Connection closed by 170.64.215.35 port 43118 [preauth]
May  5 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user samftp
May  5 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Invalid user ftpuser from 170.64.215.35
May  5 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: input_userauth_request: invalid user ftpuser [preauth]
May  5 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Failed password for invalid user ftpuser from 170.64.215.35 port 35252 ssh2
May  5 22:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Connection closed by 170.64.215.35 port 35252 [preauth]
May  5 22:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: Invalid user administrator from 170.64.215.35
May  5 22:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: input_userauth_request: invalid user administrator [preauth]
May  5 22:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: Failed password for invalid user administrator from 170.64.215.35 port 35254 ssh2
May  5 22:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: Connection closed by 170.64.215.35 port 35254 [preauth]
May  5 22:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Invalid user apache from 170.64.215.35
May  5 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: input_userauth_request: invalid user apache [preauth]
May  5 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Failed password for invalid user apache from 170.64.215.35 port 38414 ssh2
May  5 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30298]: Connection closed by 170.64.215.35 port 38414 [preauth]
May  5 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: Failed password for root from 170.64.215.35 port 38422 ssh2
May  5 22:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30308]: Connection closed by 170.64.215.35 port 38422 [preauth]
May  5 22:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Failed password for root from 170.64.215.35 port 43056 ssh2
May  5 22:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Connection closed by 170.64.215.35 port 43056 [preauth]
May  5 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: Invalid user deployer from 170.64.215.35
May  5 22:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: input_userauth_request: invalid user deployer [preauth]
May  5 22:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: Failed password for invalid user deployer from 170.64.215.35 port 43080 ssh2
May  5 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: Connection closed by 170.64.215.35 port 43080 [preauth]
May  5 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29138]: pam_unix(cron:session): session closed for user root
May  5 22:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: Invalid user ubuntu from 170.64.215.35
May  5 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: input_userauth_request: invalid user ubuntu [preauth]
May  5 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: Failed password for invalid user ubuntu from 170.64.215.35 port 35222 ssh2
May  5 22:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30365]: Connection closed by 170.64.215.35 port 35222 [preauth]
May  5 22:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Invalid user gpadmin from 170.64.215.35
May  5 22:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: input_userauth_request: invalid user gpadmin [preauth]
May  5 22:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Failed password for invalid user gpadmin from 170.64.215.35 port 35234 ssh2
May  5 22:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30378]: Connection closed by 170.64.215.35 port 35234 [preauth]
May  5 22:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Failed password for root from 170.64.215.35 port 35250 ssh2
May  5 22:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Connection closed by 170.64.215.35 port 35250 [preauth]
May  5 22:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Failed password for root from 170.64.215.35 port 46076 ssh2
May  5 22:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Connection closed by 170.64.215.35 port 46076 [preauth]
May  5 22:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: Failed password for root from 170.64.215.35 port 46080 ssh2
May  5 22:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30422]: Connection closed by 170.64.215.35 port 46080 [preauth]
May  5 22:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Failed password for root from 170.64.215.35 port 50934 ssh2
May  5 22:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30433]: Connection closed by 170.64.215.35 port 50934 [preauth]
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user root
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session closed for user p13x
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: Successful su for rubyman by root
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: + ??? root:rubyman
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336428 of user rubyman.
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30507]: pam_unix(su:session): session closed for user rubyman
May  5 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336428.
May  5 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: Invalid user oracle from 170.64.215.35
May  5 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: input_userauth_request: invalid user oracle [preauth]
May  5 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session closed for user root
May  5 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session closed for user root
May  5 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: Failed password for invalid user oracle from 170.64.215.35 port 50944 ssh2
May  5 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: Connection closed by 170.64.215.35 port 50944 [preauth]
May  5 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session closed for user samftp
May  5 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: Invalid user steam from 170.64.215.35
May  5 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: input_userauth_request: invalid user steam [preauth]
May  5 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: Failed password for invalid user steam from 170.64.215.35 port 39424 ssh2
May  5 22:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30716]: Connection closed by 170.64.215.35 port 39424 [preauth]
May  5 22:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Invalid user elsearch from 170.64.215.35
May  5 22:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: input_userauth_request: invalid user elsearch [preauth]
May  5 22:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Failed password for invalid user elsearch from 170.64.215.35 port 39434 ssh2
May  5 22:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30726]: Connection closed by 170.64.215.35 port 39434 [preauth]
May  5 22:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Invalid user sadmin from 170.64.215.35
May  5 22:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: input_userauth_request: invalid user sadmin [preauth]
May  5 22:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for invalid user sadmin from 170.64.215.35 port 49538 ssh2
May  5 22:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Connection closed by 170.64.215.35 port 49538 [preauth]
May  5 22:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: Invalid user flink from 170.64.215.35
May  5 22:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: input_userauth_request: invalid user flink [preauth]
May  5 22:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: Failed password for invalid user flink from 170.64.215.35 port 49556 ssh2
May  5 22:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30761]: Connection closed by 170.64.215.35 port 49556 [preauth]
May  5 22:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Invalid user test2 from 170.64.215.35
May  5 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: input_userauth_request: invalid user test2 [preauth]
May  5 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Failed password for invalid user test2 from 170.64.215.35 port 32860 ssh2
May  5 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30784]: Connection closed by 170.64.215.35 port 32860 [preauth]
May  5 22:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Invalid user server from 170.64.215.35
May  5 22:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: input_userauth_request: invalid user server [preauth]
May  5 22:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29588]: pam_unix(cron:session): session closed for user root
May  5 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Failed password for invalid user server from 170.64.215.35 port 32870 ssh2
May  5 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Connection closed by 170.64.215.35 port 32870 [preauth]
May  5 22:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: User proxy from 170.64.215.35 not allowed because not listed in AllowUsers
May  5 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: input_userauth_request: invalid user proxy [preauth]
May  5 22:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=proxy
May  5 22:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: Failed password for invalid user proxy from 170.64.215.35 port 33666 ssh2
May  5 22:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30816]: Connection closed by 170.64.215.35 port 33666 [preauth]
May  5 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: Invalid user hive from 170.64.215.35
May  5 22:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: input_userauth_request: invalid user hive [preauth]
May  5 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: Failed password for invalid user hive from 170.64.215.35 port 33670 ssh2
May  5 22:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30827]: Connection closed by 170.64.215.35 port 33670 [preauth]
May  5 22:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Invalid user docker from 170.64.215.35
May  5 22:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: input_userauth_request: invalid user docker [preauth]
May  5 22:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Failed password for invalid user docker from 170.64.215.35 port 33672 ssh2
May  5 22:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Connection closed by 170.64.215.35 port 33672 [preauth]
May  5 22:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Invalid user media from 170.64.215.35
May  5 22:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: input_userauth_request: invalid user media [preauth]
May  5 22:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Failed password for invalid user media from 170.64.215.35 port 48116 ssh2
May  5 22:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Connection closed by 170.64.215.35 port 48116 [preauth]
May  5 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Invalid user test from 170.64.215.35
May  5 22:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: input_userauth_request: invalid user test [preauth]
May  5 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Failed password for invalid user test from 170.64.215.35 port 48118 ssh2
May  5 22:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30876]: Connection closed by 170.64.215.35 port 48118 [preauth]
May  5 22:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Invalid user opc from 170.64.215.35
May  5 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: input_userauth_request: invalid user opc [preauth]
May  5 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Failed password for invalid user opc from 170.64.215.35 port 35976 ssh2
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30889]: pam_unix(cron:session): session closed for user p13x
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30886]: Connection closed by 170.64.215.35 port 35976 [preauth]
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31029]: Successful su for rubyman by root
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31029]: + ??? root:rubyman
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336434 of user rubyman.
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31029]: pam_unix(su:session): session closed for user rubyman
May  5 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336434.
May  5 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: User ftp from 170.64.215.35 not allowed because not listed in AllowUsers
May  5 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: input_userauth_request: invalid user ftp [preauth]
May  5 22:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=ftp
May  5 22:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Failed password for invalid user ftp from 170.64.215.35 port 35982 ssh2
May  5 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28083]: pam_unix(cron:session): session closed for user root
May  5 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Connection closed by 170.64.215.35 port 35982 [preauth]
May  5 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30890]: pam_unix(cron:session): session closed for user samftp
May  5 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: Invalid user pi from 170.64.215.35
May  5 22:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: input_userauth_request: invalid user pi [preauth]
May  5 22:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: Failed password for invalid user pi from 170.64.215.35 port 32934 ssh2
May  5 22:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31241]: Connection closed by 170.64.215.35 port 32934 [preauth]
May  5 22:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Invalid user testuser from 170.64.215.35
May  5 22:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: input_userauth_request: invalid user testuser [preauth]
May  5 22:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Failed password for invalid user testuser from 170.64.215.35 port 32950 ssh2
May  5 22:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Connection closed by 170.64.215.35 port 32950 [preauth]
May  5 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: Invalid user tom from 170.64.215.35
May  5 22:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: input_userauth_request: invalid user tom [preauth]
May  5 22:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: Failed password for invalid user tom from 170.64.215.35 port 47074 ssh2
May  5 22:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31280]: Connection closed by 170.64.215.35 port 47074 [preauth]
May  5 22:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: Invalid user wang from 170.64.215.35
May  5 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: input_userauth_request: invalid user wang [preauth]
May  5 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: Failed password for invalid user wang from 170.64.215.35 port 47084 ssh2
May  5 22:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: Connection closed by 170.64.215.35 port 47084 [preauth]
May  5 22:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31319]: Failed password for root from 170.64.215.35 port 47380 ssh2
May  5 22:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31319]: Connection closed by 170.64.215.35 port 47380 [preauth]
May  5 22:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: Invalid user guest from 170.64.215.35
May  5 22:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: input_userauth_request: invalid user guest [preauth]
May  5 22:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: Failed password for invalid user guest from 170.64.215.35 port 47388 ssh2
May  5 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31329]: Connection closed by 170.64.215.35 port 47388 [preauth]
May  5 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
May  5 22:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Invalid user niaoyun from 170.64.215.35
May  5 22:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: input_userauth_request: invalid user niaoyun [preauth]
May  5 22:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Failed password for invalid user niaoyun from 170.64.215.35 port 39778 ssh2
May  5 22:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31363]: Connection closed by 170.64.215.35 port 39778 [preauth]
May  5 22:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: Invalid user lighthouse from 170.64.215.35
May  5 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: input_userauth_request: invalid user lighthouse [preauth]
May  5 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: Failed password for invalid user lighthouse from 170.64.215.35 port 39794 ssh2
May  5 22:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31370]: Connection closed by 170.64.215.35 port 39794 [preauth]
May  5 22:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Invalid user elastic from 170.64.215.35
May  5 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: input_userauth_request: invalid user elastic [preauth]
May  5 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Failed password for invalid user elastic from 170.64.215.35 port 39814 ssh2
May  5 22:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31380]: Connection closed by 170.64.215.35 port 39814 [preauth]
May  5 22:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Invalid user ftpuser from 170.64.215.35
May  5 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: input_userauth_request: invalid user ftpuser [preauth]
May  5 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Failed password for invalid user ftpuser from 170.64.215.35 port 42826 ssh2
May  5 22:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31397]: Connection closed by 170.64.215.35 port 42826 [preauth]
May  5 22:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: Invalid user hadoop from 170.64.215.35
May  5 22:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: input_userauth_request: invalid user hadoop [preauth]
May  5 22:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: Failed password for invalid user hadoop from 170.64.215.35 port 42836 ssh2
May  5 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31407]: Connection closed by 170.64.215.35 port 42836 [preauth]
May  5 22:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Invalid user odoo from 170.64.215.35
May  5 22:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: input_userauth_request: invalid user odoo [preauth]
May  5 22:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Failed password for invalid user odoo from 170.64.215.35 port 50194 ssh2
May  5 22:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Connection closed by 170.64.215.35 port 50194 [preauth]
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session closed for user p13x
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31500]: Successful su for rubyman by root
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31500]: + ??? root:rubyman
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336440 of user rubyman.
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31500]: pam_unix(su:session): session closed for user rubyman
May  5 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336440.
May  5 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Invalid user dev from 170.64.215.35
May  5 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: input_userauth_request: invalid user dev [preauth]
May  5 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28611]: pam_unix(cron:session): session closed for user root
May  5 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Failed password for invalid user dev from 170.64.215.35 port 50206 ssh2
May  5 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31549]: Connection closed by 170.64.215.35 port 50206 [preauth]
May  5 22:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session closed for user samftp
May  5 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: Invalid user jenkins from 170.64.215.35
May  5 22:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: input_userauth_request: invalid user jenkins [preauth]
May  5 22:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: Failed password for invalid user jenkins from 170.64.215.35 port 38562 ssh2
May  5 22:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31715]: Connection closed by 170.64.215.35 port 38562 [preauth]
May  5 22:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Failed password for root from 170.64.215.35 port 38574 ssh2
May  5 22:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Connection closed by 170.64.215.35 port 38574 [preauth]
May  5 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: Failed password for root from 170.64.215.35 port 48918 ssh2
May  5 22:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31741]: Connection closed by 170.64.215.35 port 48918 [preauth]
May  5 22:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Failed password for root from 170.64.215.35 port 48926 ssh2
May  5 22:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Connection closed by 170.64.215.35 port 48926 [preauth]
May  5 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Invalid user test from 170.64.215.35
May  5 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: input_userauth_request: invalid user test [preauth]
May  5 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Failed password for invalid user test from 170.64.215.35 port 54924 ssh2
May  5 22:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31776]: Connection closed by 170.64.215.35 port 54924 [preauth]
May  5 22:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Invalid user kubernetes from 170.64.215.35
May  5 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: input_userauth_request: invalid user kubernetes [preauth]
May  5 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Failed password for invalid user kubernetes from 170.64.215.35 port 54938 ssh2
May  5 22:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31786]: Connection closed by 170.64.215.35 port 54938 [preauth]
May  5 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session closed for user root
May  5 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Failed password for root from 170.64.215.35 port 54950 ssh2
May  5 22:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31817]: Connection closed by 170.64.215.35 port 54950 [preauth]
May  5 22:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Invalid user tom from 170.64.215.35
May  5 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: input_userauth_request: invalid user tom [preauth]
May  5 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Failed password for invalid user tom from 170.64.215.35 port 46074 ssh2
May  5 22:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31829]: Connection closed by 170.64.215.35 port 46074 [preauth]
May  5 22:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: Invalid user admin from 170.64.215.35
May  5 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: input_userauth_request: invalid user admin [preauth]
May  5 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Invalid user taller from 85.208.253.142
May  5 22:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: input_userauth_request: invalid user taller [preauth]
May  5 22:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 22:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: Failed password for invalid user admin from 170.64.215.35 port 46080 ssh2
May  5 22:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31847]: Connection closed by 170.64.215.35 port 46080 [preauth]
May  5 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Failed password for invalid user taller from 85.208.253.142 port 50068 ssh2
May  5 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Received disconnect from 85.208.253.142 port 50068:11: Bye Bye [preauth]
May  5 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31854]: Disconnected from 85.208.253.142 port 50068 [preauth]
May  5 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Invalid user rancher from 170.64.215.35
May  5 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: input_userauth_request: invalid user rancher [preauth]
May  5 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Failed password for invalid user rancher from 170.64.215.35 port 60186 ssh2
May  5 22:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31860]: Connection closed by 170.64.215.35 port 60186 [preauth]
May  5 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Invalid user elastic from 170.64.215.35
May  5 22:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: input_userauth_request: invalid user elastic [preauth]
May  5 22:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Failed password for invalid user elastic from 170.64.215.35 port 60188 ssh2
May  5 22:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Connection closed by 170.64.215.35 port 60188 [preauth]
May  5 22:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Invalid user esearch from 170.64.215.35
May  5 22:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: input_userauth_request: invalid user esearch [preauth]
May  5 22:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Failed password for invalid user esearch from 170.64.215.35 port 35556 ssh2
May  5 22:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Connection closed by 170.64.215.35 port 35556 [preauth]
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session closed for user p13x
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32057]: Successful su for rubyman by root
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32057]: + ??? root:rubyman
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336442 of user rubyman.
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32057]: pam_unix(su:session): session closed for user rubyman
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336442.
May  5 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Invalid user guest from 170.64.215.35
May  5 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: input_userauth_request: invalid user guest [preauth]
May  5 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29129]: pam_unix(cron:session): session closed for user root
May  5 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Failed password for invalid user guest from 170.64.215.35 port 35566 ssh2
May  5 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32107]: Connection closed by 170.64.215.35 port 35566 [preauth]
May  5 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session closed for user samftp
May  5 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Invalid user deploy from 170.64.215.35
May  5 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: input_userauth_request: invalid user deploy [preauth]
May  5 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Failed password for invalid user deploy from 170.64.215.35 port 57940 ssh2
May  5 22:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32446]: Connection closed by 170.64.215.35 port 57940 [preauth]
May  5 22:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: Invalid user dolphinscheduler from 170.64.215.35
May  5 22:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 22:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: Failed password for invalid user dolphinscheduler from 170.64.215.35 port 57952 ssh2
May  5 22:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Failed password for root from 46.148.227.157 port 52714 ssh2
May  5 22:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32461]: Connection closed by 170.64.215.35 port 57952 [preauth]
May  5 22:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Received disconnect from 46.148.227.157 port 52714:11: Bye Bye [preauth]
May  5 22:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32463]: Disconnected from 46.148.227.157 port 52714 [preauth]
May  5 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Invalid user user2 from 170.64.215.35
May  5 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: input_userauth_request: invalid user user2 [preauth]
May  5 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Failed password for invalid user user2 from 170.64.215.35 port 51778 ssh2
May  5 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Connection closed by 170.64.215.35 port 51778 [preauth]
May  5 22:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Invalid user user1 from 170.64.215.35
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: input_userauth_request: invalid user user1 [preauth]
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Invalid user ubuntu from 27.111.32.174
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: input_userauth_request: invalid user ubuntu [preauth]
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 22:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Failed password for invalid user user1 from 170.64.215.35 port 51796 ssh2
May  5 22:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Connection closed by 170.64.215.35 port 51796 [preauth]
May  5 22:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Failed password for invalid user ubuntu from 27.111.32.174 port 42918 ssh2
May  5 22:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Received disconnect from 27.111.32.174 port 42918:11: Bye Bye [preauth]
May  5 22:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Disconnected from 27.111.32.174 port 42918 [preauth]
May  5 22:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Failed password for root from 170.64.215.35 port 33526 ssh2
May  5 22:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32525]: Connection closed by 170.64.215.35 port 33526 [preauth]
May  5 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Invalid user ubuntu from 170.64.215.35
May  5 22:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: input_userauth_request: invalid user ubuntu [preauth]
May  5 22:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Failed password for invalid user ubuntu from 170.64.215.35 port 33542 ssh2
May  5 22:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Connection closed by 170.64.215.35 port 33542 [preauth]
May  5 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30892]: pam_unix(cron:session): session closed for user root
May  5 22:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for root from 170.64.215.35 port 33546 ssh2
May  5 22:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Connection closed by 170.64.215.35 port 33546 [preauth]
May  5 22:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Failed password for root from 170.64.215.35 port 45198 ssh2
May  5 22:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Connection closed by 170.64.215.35 port 45198 [preauth]
May  5 22:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Invalid user hadoop from 170.64.215.35
May  5 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: input_userauth_request: invalid user hadoop [preauth]
May  5 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Failed password for invalid user hadoop from 170.64.215.35 port 45212 ssh2
May  5 22:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Connection closed by 170.64.215.35 port 45212 [preauth]
May  5 22:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Failed password for root from 170.64.215.35 port 50900 ssh2
May  5 22:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Connection closed by 170.64.215.35 port 50900 [preauth]
May  5 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: Invalid user samba from 170.64.215.35
May  5 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: input_userauth_request: invalid user samba [preauth]
May  5 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: Failed password for invalid user samba from 170.64.215.35 port 50914 ssh2
May  5 22:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: Connection closed by 170.64.215.35 port 50914 [preauth]
May  5 22:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Failed password for root from 170.64.215.35 port 35586 ssh2
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Connection closed by 170.64.215.35 port 35586 [preauth]
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user p13x
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[443]: Successful su for rubyman by root
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[443]: + ??? root:rubyman
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336446 of user rubyman.
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[443]: pam_unix(su:session): session closed for user rubyman
May  5 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336446.
May  5 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user root
May  5 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Invalid user esuser from 170.64.215.35
May  5 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: input_userauth_request: invalid user esuser [preauth]
May  5 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session closed for user root
May  5 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Failed password for invalid user esuser from 170.64.215.35 port 35600 ssh2
May  5 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[543]: Connection closed by 170.64.215.35 port 35600 [preauth]
May  5 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session closed for user samftp
May  5 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Invalid user dolphinscheduler from 170.64.215.35
May  5 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  5 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Failed password for invalid user dolphinscheduler from 170.64.215.35 port 53668 ssh2
May  5 22:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[714]: Connection closed by 170.64.215.35 port 53668 [preauth]
May  5 22:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Invalid user mehdi from 170.64.215.35
May  5 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: input_userauth_request: invalid user mehdi [preauth]
May  5 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Failed password for invalid user mehdi from 170.64.215.35 port 53684 ssh2
May  5 22:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[724]: Connection closed by 170.64.215.35 port 53684 [preauth]
May  5 22:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Invalid user nginx from 170.64.215.35
May  5 22:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: input_userauth_request: invalid user nginx [preauth]
May  5 22:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Failed password for invalid user nginx from 170.64.215.35 port 46588 ssh2
May  5 22:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[751]: Connection closed by 170.64.215.35 port 46588 [preauth]
May  5 22:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Invalid user dmdba from 170.64.215.35
May  5 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: input_userauth_request: invalid user dmdba [preauth]
May  5 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Failed password for invalid user dmdba from 170.64.215.35 port 46602 ssh2
May  5 22:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[762]: Connection closed by 170.64.215.35 port 46602 [preauth]
May  5 22:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Invalid user dspace from 170.64.215.35
May  5 22:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: input_userauth_request: invalid user dspace [preauth]
May  5 22:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Failed password for invalid user dspace from 170.64.215.35 port 52064 ssh2
May  5 22:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[791]: Connection closed by 170.64.215.35 port 52064 [preauth]
May  5 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Invalid user docker from 170.64.215.35
May  5 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: input_userauth_request: invalid user docker [preauth]
May  5 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
May  5 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Failed password for invalid user docker from 170.64.215.35 port 52074 ssh2
May  5 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Connection closed by 170.64.215.35 port 52074 [preauth]
May  5 22:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: Failed password for root from 170.64.215.35 port 47632 ssh2
May  5 22:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[830]: Connection closed by 170.64.215.35 port 47632 [preauth]
May  5 22:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: Invalid user nexus from 170.64.215.35
May  5 22:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: input_userauth_request: invalid user nexus [preauth]
May  5 22:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: Failed password for invalid user nexus from 170.64.215.35 port 47636 ssh2
May  5 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[840]: Connection closed by 170.64.215.35 port 47636 [preauth]
May  5 22:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Invalid user minecraft from 170.64.215.35
May  5 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: input_userauth_request: invalid user minecraft [preauth]
May  5 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Failed password for root from 80.94.95.125 port 9911 ssh2
May  5 22:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Failed password for invalid user minecraft from 170.64.215.35 port 47650 ssh2
May  5 22:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Connection closed by 170.64.215.35 port 47650 [preauth]
May  5 22:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Failed password for root from 80.94.95.125 port 9911 ssh2
May  5 22:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: Invalid user debian from 170.64.215.35
May  5 22:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: input_userauth_request: invalid user debian [preauth]
May  5 22:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Failed password for root from 80.94.95.125 port 9911 ssh2
May  5 22:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: Failed password for invalid user debian from 170.64.215.35 port 49288 ssh2
May  5 22:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[881]: Connection closed by 170.64.215.35 port 49288 [preauth]
May  5 22:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Failed password for root from 80.94.95.125 port 9911 ssh2
May  5 22:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Failed password for root from 80.94.95.125 port 9911 ssh2
May  5 22:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Received disconnect from 80.94.95.125 port 9911:11: Bye [preauth]
May  5 22:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: Disconnected from 80.94.95.125 port 9911 [preauth]
May  5 22:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  5 22:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[868]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Failed password for root from 170.64.215.35 port 49296 ssh2
May  5 22:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Connection closed by 170.64.215.35 port 49296 [preauth]
May  5 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Failed password for root from 170.64.215.35 port 39442 ssh2
May  5 22:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Connection closed by 170.64.215.35 port 39442 [preauth]
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[918]: pam_unix(cron:session): session closed for user root
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[913]: pam_unix(cron:session): session closed for user p13x
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: Successful su for rubyman by root
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: + ??? root:rubyman
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336454 of user rubyman.
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: pam_unix(su:session): session closed for user rubyman
May  5 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336454.
May  5 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Invalid user dmdba from 170.64.215.35
May  5 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: input_userauth_request: invalid user dmdba [preauth]
May  5 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session closed for user root
May  5 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user root
May  5 22:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Failed password for invalid user dmdba from 170.64.215.35 port 39448 ssh2
May  5 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Connection closed by 170.64.215.35 port 39448 [preauth]
May  5 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[914]: pam_unix(cron:session): session closed for user samftp
May  5 22:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Invalid user weblogic from 170.64.215.35
May  5 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: input_userauth_request: invalid user weblogic [preauth]
May  5 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Failed password for invalid user weblogic from 170.64.215.35 port 43040 ssh2
May  5 22:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1261]: Connection closed by 170.64.215.35 port 43040 [preauth]
May  5 22:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Invalid user nginx from 170.64.215.35
May  5 22:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: input_userauth_request: invalid user nginx [preauth]
May  5 22:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Failed password for invalid user nginx from 170.64.215.35 port 43046 ssh2
May  5 22:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Connection closed by 170.64.215.35 port 43046 [preauth]
May  5 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35  user=root
May  5 22:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for root from 170.64.215.35 port 38484 ssh2
May  5 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Connection closed by 170.64.215.35 port 38484 [preauth]
May  5 22:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Invalid user flask from 170.64.215.35
May  5 22:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: input_userauth_request: invalid user flask [preauth]
May  5 22:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for invalid user flask from 170.64.215.35 port 38496 ssh2
May  5 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Connection closed by 170.64.215.35 port 38496 [preauth]
May  5 22:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: Invalid user testuser from 170.64.215.35
May  5 22:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: input_userauth_request: invalid user testuser [preauth]
May  5 22:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: Failed password for invalid user testuser from 170.64.215.35 port 37946 ssh2
May  5 22:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1340]: Connection closed by 170.64.215.35 port 37946 [preauth]
May  5 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Invalid user wang from 170.64.215.35
May  5 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: input_userauth_request: invalid user wang [preauth]
May  5 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session closed for user root
May  5 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Failed password for invalid user wang from 170.64.215.35 port 37958 ssh2
May  5 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1350]: Connection closed by 170.64.215.35 port 37958 [preauth]
May  5 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Invalid user user from 170.64.215.35
May  5 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: input_userauth_request: invalid user user [preauth]
May  5 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Failed password for invalid user user from 170.64.215.35 port 57160 ssh2
May  5 22:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Connection closed by 170.64.215.35 port 57160 [preauth]
May  5 22:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Invalid user tools from 170.64.215.35
May  5 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: input_userauth_request: invalid user tools [preauth]
May  5 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for invalid user tools from 170.64.215.35 port 57174 ssh2
May  5 22:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Connection closed by 170.64.215.35 port 57174 [preauth]
May  5 22:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Invalid user esroot from 170.64.215.35
May  5 22:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: input_userauth_request: invalid user esroot [preauth]
May  5 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.215.35
May  5 22:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Failed password for invalid user esroot from 170.64.215.35 port 57176 ssh2
May  5 22:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1416]: Connection closed by 170.64.215.35 port 57176 [preauth]
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1516]: pam_unix(cron:session): session closed for user p13x
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: Successful su for rubyman by root
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: + ??? root:rubyman
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336459 of user rubyman.
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1599]: pam_unix(su:session): session closed for user rubyman
May  5 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336459.
May  5 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session closed for user root
May  5 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1518]: pam_unix(cron:session): session closed for user samftp
May  5 22:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32740]: pam_unix(cron:session): session closed for user root
May  5 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session closed for user p13x
May  5 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: Successful su for rubyman by root
May  5 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: + ??? root:rubyman
May  5 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336462 of user rubyman.
May  5 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2122]: pam_unix(su:session): session closed for user rubyman
May  5 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336462.
May  5 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session closed for user root
May  5 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session closed for user samftp
May  5 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[917]: pam_unix(cron:session): session closed for user root
May  5 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session closed for user p13x
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: Successful su for rubyman by root
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: + ??? root:rubyman
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336465 of user rubyman.
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2551]: pam_unix(su:session): session closed for user rubyman
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336465.
May  5 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user root
May  5 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Failed password for root from 46.148.227.157 port 43680 ssh2
May  5 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Received disconnect from 46.148.227.157 port 43680:11: Bye Bye [preauth]
May  5 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Disconnected from 46.148.227.157 port 43680 [preauth]
May  5 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session closed for user samftp
May  5 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Failed password for root from 85.208.253.142 port 41294 ssh2
May  5 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Received disconnect from 85.208.253.142 port 41294:11: Bye Bye [preauth]
May  5 22:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2765]: Disconnected from 85.208.253.142 port 41294 [preauth]
May  5 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1520]: pam_unix(cron:session): session closed for user root
May  5 22:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 22:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Failed password for root from 27.111.32.174 port 46710 ssh2
May  5 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Received disconnect from 27.111.32.174 port 46710:11: Bye Bye [preauth]
May  5 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2895]: Disconnected from 27.111.32.174 port 46710 [preauth]
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user p13x
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: Successful su for rubyman by root
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: + ??? root:rubyman
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336470 of user rubyman.
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2987]: pam_unix(su:session): session closed for user rubyman
May  5 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336470.
May  5 22:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session closed for user root
May  5 22:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Failed password for root from 176.31.162.135 port 33156 ssh2
May  5 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Connection closed by 176.31.162.135 port 33156 [preauth]
May  5 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session closed for user samftp
May  5 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2062]: pam_unix(cron:session): session closed for user root
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3330]: pam_unix(cron:session): session closed for user root
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session closed for user p13x
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: Successful su for rubyman by root
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: + ??? root:rubyman
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336473 of user rubyman.
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session closed for user rubyman
May  5 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336473.
May  5 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session closed for user root
May  5 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user root
May  5 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session closed for user samftp
May  5 22:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session closed for user root
May  5 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: Invalid user devel from 50.235.31.47
May  5 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: input_userauth_request: invalid user devel [preauth]
May  5 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 22:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: Failed password for invalid user devel from 50.235.31.47 port 50352 ssh2
May  5 22:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3758]: Connection closed by 50.235.31.47 port 50352 [preauth]
May  5 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session closed for user p13x
May  5 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3874]: Successful su for rubyman by root
May  5 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3874]: + ??? root:rubyman
May  5 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336479 of user rubyman.
May  5 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3874]: pam_unix(su:session): session closed for user rubyman
May  5 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336479.
May  5 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session closed for user root
May  5 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3808]: pam_unix(cron:session): session closed for user samftp
May  5 22:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user root
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4269]: pam_unix(cron:session): session closed for user root
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4271]: pam_unix(cron:session): session closed for user p13x
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: Successful su for rubyman by root
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: + ??? root:rubyman
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336483 of user rubyman.
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4458]: pam_unix(su:session): session closed for user rubyman
May  5 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336483.
May  5 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1519]: pam_unix(cron:session): session closed for user root
May  5 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4272]: pam_unix(cron:session): session closed for user samftp
May  5 22:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Invalid user username from 115.231.78.11
May  5 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: input_userauth_request: invalid user username [preauth]
May  5 22:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Connection closed by 115.231.78.11 port 30000 [preauth]
May  5 22:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user root
May  5 22:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: Failed password for root from 218.92.0.179 port 31337 ssh2
May  5 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31337 ssh2]
May  5 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: Received disconnect from 218.92.0.179 port 31337:11:  [preauth]
May  5 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: Disconnected from 218.92.0.179 port 31337 [preauth]
May  5 22:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4732]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Invalid user vpn from 46.148.227.157
May  5 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: input_userauth_request: invalid user vpn [preauth]
May  5 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Failed password for invalid user vpn from 46.148.227.157 port 39016 ssh2
May  5 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Received disconnect from 46.148.227.157 port 39016:11: Bye Bye [preauth]
May  5 22:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Disconnected from 46.148.227.157 port 39016 [preauth]
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user p13x
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: Successful su for rubyman by root
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: + ??? root:rubyman
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336490 of user rubyman.
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session closed for user rubyman
May  5 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336490.
May  5 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2061]: pam_unix(cron:session): session closed for user root
May  5 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user samftp
May  5 22:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Invalid user user from 85.208.253.142
May  5 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: input_userauth_request: invalid user user [preauth]
May  5 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 22:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Failed password for invalid user user from 85.208.253.142 port 36208 ssh2
May  5 22:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Received disconnect from 85.208.253.142 port 36208:11: Bye Bye [preauth]
May  5 22:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Disconnected from 85.208.253.142 port 36208 [preauth]
May  5 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3810]: pam_unix(cron:session): session closed for user root
May  5 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user p13x
May  5 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: Successful su for rubyman by root
May  5 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: + ??? root:rubyman
May  5 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336494 of user rubyman.
May  5 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: pam_unix(su:session): session closed for user rubyman
May  5 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336494.
May  5 22:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session closed for user root
May  5 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session closed for user samftp
May  5 22:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 22:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Failed password for root from 27.111.32.174 port 60924 ssh2
May  5 22:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Received disconnect from 27.111.32.174 port 60924:11: Bye Bye [preauth]
May  5 22:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5785]: Disconnected from 27.111.32.174 port 60924 [preauth]
May  5 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user root
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user root
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user p13x
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: Successful su for rubyman by root
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: + ??? root:rubyman
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336496 of user rubyman.
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: pam_unix(su:session): session closed for user rubyman
May  5 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336496.
May  5 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
May  5 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user root
May  5 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user samftp
May  5 22:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Failed password for root from 218.92.0.179 port 18896 ssh2
May  5 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18896 ssh2]
May  5 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Received disconnect from 218.92.0.179 port 18896:11:  [preauth]
May  5 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: Disconnected from 218.92.0.179 port 18896 [preauth]
May  5 22:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6326]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4838]: pam_unix(cron:session): session closed for user root
May  5 22:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6449]: pam_unix(cron:session): session closed for user p13x
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6521]: Successful su for rubyman by root
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6521]: + ??? root:rubyman
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336503 of user rubyman.
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6521]: pam_unix(su:session): session closed for user rubyman
May  5 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336503.
May  5 22:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user root
May  5 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session closed for user samftp
May  5 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Invalid user ram from 124.198.59.254
May  5 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: input_userauth_request: invalid user ram [preauth]
May  5 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  5 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Failed password for invalid user ram from 124.198.59.254 port 46084 ssh2
May  5 22:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6441]: Connection closed by 124.198.59.254 port 46084 [preauth]
May  5 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session closed for user root
May  5 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user p13x
May  5 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: Successful su for rubyman by root
May  5 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: + ??? root:rubyman
May  5 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336507 of user rubyman.
May  5 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7016]: pam_unix(su:session): session closed for user rubyman
May  5 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336507.
May  5 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3809]: pam_unix(cron:session): session closed for user root
May  5 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session closed for user samftp
May  5 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user root
May  5 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for root from 46.148.227.157 port 56686 ssh2
May  5 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Received disconnect from 46.148.227.157 port 56686:11: Bye Bye [preauth]
May  5 22:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Disconnected from 46.148.227.157 port 56686 [preauth]
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7371]: pam_unix(cron:session): session closed for user p13x
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: Successful su for rubyman by root
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: + ??? root:rubyman
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336510 of user rubyman.
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7430]: pam_unix(su:session): session closed for user rubyman
May  5 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336510.
May  5 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4273]: pam_unix(cron:session): session closed for user root
May  5 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7372]: pam_unix(cron:session): session closed for user samftp
May  5 22:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Invalid user debian from 85.208.253.142
May  5 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: input_userauth_request: invalid user debian [preauth]
May  5 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Failed password for invalid user debian from 85.208.253.142 port 59118 ssh2
May  5 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Received disconnect from 85.208.253.142 port 59118:11: Bye Bye [preauth]
May  5 22:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Disconnected from 85.208.253.142 port 59118 [preauth]
May  5 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6452]: pam_unix(cron:session): session closed for user root
May  5 22:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Invalid user rust from 190.103.202.7
May  5 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: input_userauth_request: invalid user rust [preauth]
May  5 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  5 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user rust from 190.103.202.7 port 43716 ssh2
May  5 22:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Connection closed by 190.103.202.7 port 43716 [preauth]
May  5 22:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Invalid user wyx from 124.29.237.27
May  5 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: input_userauth_request: invalid user wyx [preauth]
May  5 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Did not receive identification string from 196.251.115.35
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7896]: pam_unix(cron:session): session closed for user p13x
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: Successful su for rubyman by root
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: + ??? root:rubyman
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336514 of user rubyman.
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: pam_unix(su:session): session closed for user rubyman
May  5 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336514.
May  5 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Failed password for invalid user wyx from 124.29.237.27 port 41296 ssh2
May  5 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Received disconnect from 124.29.237.27 port 41296:11: Bye Bye [preauth]
May  5 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Disconnected from 124.29.237.27 port 41296 [preauth]
May  5 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4837]: pam_unix(cron:session): session closed for user root
May  5 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7897]: pam_unix(cron:session): session closed for user samftp
May  5 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Invalid user admin from 80.94.95.112
May  5 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: input_userauth_request: invalid user admin [preauth]
May  5 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user admin from 80.94.95.112 port 16182 ssh2
May  5 22:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user admin from 80.94.95.112 port 16182 ssh2
May  5 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user admin from 80.94.95.112 port 16182 ssh2
May  5 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user admin from 80.94.95.112 port 16182 ssh2
May  5 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Failed password for invalid user admin from 80.94.95.112 port 16182 ssh2
May  5 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Received disconnect from 80.94.95.112 port 16182:11: Bye [preauth]
May  5 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: Disconnected from 80.94.95.112 port 16182 [preauth]
May  5 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 22:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8174]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6868]: pam_unix(cron:session): session closed for user root
May  5 22:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: Invalid user user from 27.111.32.174
May  5 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: input_userauth_request: invalid user user [preauth]
May  5 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: Failed password for invalid user user from 27.111.32.174 port 59546 ssh2
May  5 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: Received disconnect from 27.111.32.174 port 59546:11: Bye Bye [preauth]
May  5 22:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8296]: Disconnected from 27.111.32.174 port 59546 [preauth]
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user root
May  5 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user p13x
May  5 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: Successful su for rubyman by root
May  5 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: + ??? root:rubyman
May  5 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336519 of user rubyman.
May  5 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: pam_unix(su:session): session closed for user rubyman
May  5 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336519.
May  5 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user root
May  5 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user root
May  5 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user samftp
May  5 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7374]: pam_unix(cron:session): session closed for user root
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user p13x
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: Successful su for rubyman by root
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: + ??? root:rubyman
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336525 of user rubyman.
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8861]: pam_unix(su:session): session closed for user rubyman
May  5 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336525.
May  5 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user root
May  5 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user samftp
May  5 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session closed for user root
May  5 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session closed for user p13x
May  5 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9385]: Successful su for rubyman by root
May  5 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9385]: + ??? root:rubyman
May  5 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336528 of user rubyman.
May  5 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9385]: pam_unix(su:session): session closed for user rubyman
May  5 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336528.
May  5 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session closed for user root
May  5 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user samftp
May  5 22:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Failed password for root from 46.148.227.157 port 42712 ssh2
May  5 22:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Received disconnect from 46.148.227.157 port 42712:11: Bye Bye [preauth]
May  5 22:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Disconnected from 46.148.227.157 port 42712 [preauth]
May  5 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user root
May  5 22:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27  user=root
May  5 22:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9667]: Failed password for root from 124.29.237.27 port 37118 ssh2
May  5 22:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9667]: Received disconnect from 124.29.237.27 port 37118:11: Bye Bye [preauth]
May  5 22:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9667]: Disconnected from 124.29.237.27 port 37118 [preauth]
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session closed for user p13x
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: Successful su for rubyman by root
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: + ??? root:rubyman
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336532 of user rubyman.
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: pam_unix(su:session): session closed for user rubyman
May  5 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336532.
May  5 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6867]: pam_unix(cron:session): session closed for user root
May  5 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session closed for user samftp
May  5 22:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Failed password for root from 85.208.253.142 port 56538 ssh2
May  5 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Received disconnect from 85.208.253.142 port 56538:11: Bye Bye [preauth]
May  5 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10010]: Disconnected from 85.208.253.142 port 56538 [preauth]
May  5 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session closed for user root
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session closed for user p13x
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: Successful su for rubyman by root
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: + ??? root:rubyman
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336536 of user rubyman.
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10180]: pam_unix(su:session): session closed for user rubyman
May  5 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336536.
May  5 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7373]: pam_unix(cron:session): session closed for user root
May  5 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10123]: pam_unix(cron:session): session closed for user samftp
May  5 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9324]: pam_unix(cron:session): session closed for user root
May  5 22:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: Invalid user james from 124.29.237.27
May  5 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: input_userauth_request: invalid user james [preauth]
May  5 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27
May  5 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: Failed password for invalid user james from 124.29.237.27 port 45342 ssh2
May  5 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: Received disconnect from 124.29.237.27 port 45342:11: Bye Bye [preauth]
May  5 22:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: Disconnected from 124.29.237.27 port 45342 [preauth]
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session closed for user root
May  5 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session closed for user p13x
May  5 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: Successful su for rubyman by root
May  5 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: + ??? root:rubyman
May  5 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336540 of user rubyman.
May  5 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: pam_unix(su:session): session closed for user rubyman
May  5 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336540.
May  5 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session closed for user root
May  5 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session closed for user root
May  5 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session closed for user samftp
May  5 22:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Invalid user flavia from 27.111.32.174
May  5 22:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: input_userauth_request: invalid user flavia [preauth]
May  5 22:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 22:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Failed password for invalid user flavia from 27.111.32.174 port 48936 ssh2
May  5 22:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Received disconnect from 27.111.32.174 port 48936:11: Bye Bye [preauth]
May  5 22:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Disconnected from 27.111.32.174 port 48936 [preauth]
May  5 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session closed for user root
May  5 22:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Invalid user zhangtao from 176.31.162.135
May  5 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: input_userauth_request: invalid user zhangtao [preauth]
May  5 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  5 22:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Failed password for invalid user zhangtao from 176.31.162.135 port 41290 ssh2
May  5 22:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11106]: Connection closed by 176.31.162.135 port 41290 [preauth]
May  5 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session closed for user p13x
May  5 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11188]: Successful su for rubyman by root
May  5 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11188]: + ??? root:rubyman
May  5 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336546 of user rubyman.
May  5 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11188]: pam_unix(su:session): session closed for user rubyman
May  5 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336546.
May  5 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session closed for user root
May  5 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session closed for user samftp
May  5 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user root
May  5 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Invalid user ubnt from 80.94.95.241
May  5 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: input_userauth_request: invalid user ubnt [preauth]
May  5 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for invalid user ubnt from 80.94.95.241 port 18221 ssh2
May  5 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for invalid user ubnt from 80.94.95.241 port 18221 ssh2
May  5 22:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for invalid user ubnt from 80.94.95.241 port 18221 ssh2
May  5 22:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for invalid user ubnt from 80.94.95.241 port 18221 ssh2
May  5 22:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for invalid user ubnt from 80.94.95.241 port 18221 ssh2
May  5 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27  user=root
May  5 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Received disconnect from 80.94.95.241 port 18221:11: Bye [preauth]
May  5 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Disconnected from 80.94.95.241 port 18221 [preauth]
May  5 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 22:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Failed password for root from 124.29.237.27 port 53552 ssh2
May  5 22:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Received disconnect from 124.29.237.27 port 53552:11: Bye Bye [preauth]
May  5 22:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Disconnected from 124.29.237.27 port 53552 [preauth]
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11520]: pam_unix(cron:session): session closed for user p13x
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11586]: Successful su for rubyman by root
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11586]: + ??? root:rubyman
May  5 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336551 of user rubyman.
May  5 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11586]: pam_unix(su:session): session closed for user rubyman
May  5 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336551.
May  5 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user root
May  5 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Invalid user zhangqin from 46.148.227.157
May  5 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: input_userauth_request: invalid user zhangqin [preauth]
May  5 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11521]: pam_unix(cron:session): session closed for user samftp
May  5 22:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Failed password for invalid user zhangqin from 46.148.227.157 port 52270 ssh2
May  5 22:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Received disconnect from 46.148.227.157 port 52270:11: Bye Bye [preauth]
May  5 22:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11718]: Disconnected from 46.148.227.157 port 52270 [preauth]
May  5 22:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session closed for user root
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11914]: pam_unix(cron:session): session closed for user p13x
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: Successful su for rubyman by root
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: + ??? root:rubyman
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336556 of user rubyman.
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11977]: pam_unix(su:session): session closed for user rubyman
May  5 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336556.
May  5 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session closed for user root
May  5 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11915]: pam_unix(cron:session): session closed for user samftp
May  5 22:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Failed password for root from 85.208.253.142 port 52200 ssh2
May  5 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Received disconnect from 85.208.253.142 port 52200:11: Bye Bye [preauth]
May  5 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Disconnected from 85.208.253.142 port 52200 [preauth]
May  5 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11121]: pam_unix(cron:session): session closed for user root
May  5 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27  user=root
May  5 22:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12280]: Failed password for root from 124.29.237.27 port 33544 ssh2
May  5 22:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12280]: Received disconnect from 124.29.237.27 port 33544:11: Bye Bye [preauth]
May  5 22:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12280]: Disconnected from 124.29.237.27 port 33544 [preauth]
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session closed for user p13x
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12385]: Successful su for rubyman by root
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12385]: + ??? root:rubyman
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336559 of user rubyman.
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12385]: pam_unix(su:session): session closed for user rubyman
May  5 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336559.
May  5 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session closed for user root
May  5 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session closed for user samftp
May  5 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session closed for user root
May  5 22:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session closed for user root
May  5 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session closed for user p13x
May  5 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12774]: Successful su for rubyman by root
May  5 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12774]: + ??? root:rubyman
May  5 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336563 of user rubyman.
May  5 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12774]: pam_unix(su:session): session closed for user rubyman
May  5 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336563.
May  5 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12710]: pam_unix(cron:session): session closed for user root
May  5 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session closed for user root
May  5 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Failed password for root from 80.94.95.29 port 14435 ssh2
May  5 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session closed for user samftp
May  5 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Failed password for root from 80.94.95.29 port 14435 ssh2
May  5 22:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: message repeated 2 times: [ Failed password for root from 80.94.95.29 port 14435 ssh2]
May  5 22:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Invalid user admin from 139.19.117.131
May  5 22:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: input_userauth_request: invalid user admin [preauth]
May  5 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Failed password for root from 80.94.95.29 port 14435 ssh2
May  5 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Received disconnect from 80.94.95.29 port 14435:11: Bye [preauth]
May  5 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: Disconnected from 80.94.95.29 port 14435 [preauth]
May  5 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 22:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12702]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 22:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12987]: Connection closed by 139.19.117.131 port 36262 [preauth]
May  5 22:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: Invalid user zhangqin from 27.111.32.174
May  5 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: input_userauth_request: invalid user zhangqin [preauth]
May  5 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: Failed password for invalid user zhangqin from 27.111.32.174 port 53844 ssh2
May  5 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: Received disconnect from 27.111.32.174 port 53844:11: Bye Bye [preauth]
May  5 22:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13045]: Disconnected from 27.111.32.174 port 53844 [preauth]
May  5 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11917]: pam_unix(cron:session): session closed for user root
May  5 22:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Invalid user test12 from 182.184.75.7
May  5 22:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: input_userauth_request: invalid user test12 [preauth]
May  5 22:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Failed password for invalid user test12 from 182.184.75.7 port 41758 ssh2
May  5 22:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Received disconnect from 182.184.75.7 port 41758:11: Bye Bye [preauth]
May  5 22:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13106]: Disconnected from 182.184.75.7 port 41758 [preauth]
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user p13x
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13202]: Successful su for rubyman by root
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13202]: + ??? root:rubyman
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336569 of user rubyman.
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13202]: pam_unix(su:session): session closed for user rubyman
May  5 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336569.
May  5 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session closed for user root
May  5 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user samftp
May  5 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12327]: pam_unix(cron:session): session closed for user root
May  5 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Did not receive identification string from 193.32.162.132
May  5 22:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Failed password for root from 46.148.227.157 port 55108 ssh2
May  5 22:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Received disconnect from 46.148.227.157 port 55108:11: Bye Bye [preauth]
May  5 22:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13616]: Disconnected from 46.148.227.157 port 55108 [preauth]
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13647]: pam_unix(cron:session): session closed for user p13x
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: Successful su for rubyman by root
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: + ??? root:rubyman
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336572 of user rubyman.
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13714]: pam_unix(su:session): session closed for user rubyman
May  5 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336572.
May  5 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11120]: pam_unix(cron:session): session closed for user root
May  5 22:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13648]: pam_unix(cron:session): session closed for user samftp
May  5 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: Failed password for root from 218.92.0.179 port 39302 ssh2
May  5 22:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39302 ssh2]
May  5 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session closed for user root
May  5 22:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Invalid user ids from 182.184.75.7
May  5 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: input_userauth_request: invalid user ids [preauth]
May  5 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for invalid user ids from 182.184.75.7 port 49970 ssh2
May  5 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Received disconnect from 182.184.75.7 port 49970:11: Bye Bye [preauth]
May  5 22:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Disconnected from 182.184.75.7 port 49970 [preauth]
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session closed for user p13x
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: Successful su for rubyman by root
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: + ??? root:rubyman
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336578 of user rubyman.
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14116]: pam_unix(su:session): session closed for user rubyman
May  5 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336578.
May  5 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11522]: pam_unix(cron:session): session closed for user root
May  5 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session closed for user samftp
May  5 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Invalid user ander from 85.208.253.142
May  5 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: input_userauth_request: invalid user ander [preauth]
May  5 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for invalid user ander from 85.208.253.142 port 51284 ssh2
May  5 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Received disconnect from 85.208.253.142 port 51284:11: Bye Bye [preauth]
May  5 22:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Disconnected from 85.208.253.142 port 51284 [preauth]
May  5 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session closed for user root
May  5 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user p13x
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: Successful su for rubyman by root
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: + ??? root:rubyman
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336580 of user rubyman.
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14576]: pam_unix(su:session): session closed for user rubyman
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336580.
May  5 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session closed for user root
May  5 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11916]: pam_unix(cron:session): session closed for user root
May  5 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session closed for user samftp
May  5 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session closed for user root
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14957]: pam_unix(cron:session): session closed for user root
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14952]: pam_unix(cron:session): session closed for user p13x
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: Successful su for rubyman by root
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: + ??? root:rubyman
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336585 of user rubyman.
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15022]: pam_unix(su:session): session closed for user rubyman
May  5 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336585.
May  5 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14954]: pam_unix(cron:session): session closed for user root
May  5 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session closed for user root
May  5 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14953]: pam_unix(cron:session): session closed for user samftp
May  5 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14058]: pam_unix(cron:session): session closed for user root
May  5 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 22:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Failed password for root from 27.111.32.174 port 37866 ssh2
May  5 22:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Received disconnect from 27.111.32.174 port 37866:11: Bye Bye [preauth]
May  5 22:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Disconnected from 27.111.32.174 port 37866 [preauth]
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15373]: pam_unix(cron:session): session closed for user p13x
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15446]: Successful su for rubyman by root
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15446]: + ??? root:rubyman
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336592 of user rubyman.
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15446]: pam_unix(su:session): session closed for user rubyman
May  5 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336592.
May  5 22:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12711]: pam_unix(cron:session): session closed for user root
May  5 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15374]: pam_unix(cron:session): session closed for user samftp
May  5 22:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Invalid user ubuntu from 46.148.227.157
May  5 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: input_userauth_request: invalid user ubuntu [preauth]
May  5 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 22:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Failed password for invalid user ubuntu from 46.148.227.157 port 55790 ssh2
May  5 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Received disconnect from 46.148.227.157 port 55790:11: Bye Bye [preauth]
May  5 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Disconnected from 46.148.227.157 port 55790 [preauth]
May  5 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14453]: pam_unix(cron:session): session closed for user root
May  5 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Invalid user javier from 182.184.75.7
May  5 22:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: input_userauth_request: invalid user javier [preauth]
May  5 22:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Failed password for invalid user javier from 182.184.75.7 port 38160 ssh2
May  5 22:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Received disconnect from 182.184.75.7 port 38160:11: Bye Bye [preauth]
May  5 22:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15722]: Disconnected from 182.184.75.7 port 38160 [preauth]
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user p13x
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15844]: Successful su for rubyman by root
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15844]: + ??? root:rubyman
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336596 of user rubyman.
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15844]: pam_unix(su:session): session closed for user rubyman
May  5 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336596.
May  5 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session closed for user root
May  5 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user samftp
May  5 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14956]: pam_unix(cron:session): session closed for user root
May  5 22:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: Failed password for root from 218.92.0.179 port 17726 ssh2
May  5 22:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 17726 ssh2]
May  5 22:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: Received disconnect from 218.92.0.179 port 17726:11:  [preauth]
May  5 22:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: Disconnected from 218.92.0.179 port 17726 [preauth]
May  5 22:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16118]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16167]: pam_unix(cron:session): session closed for user p13x
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: Successful su for rubyman by root
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: + ??? root:rubyman
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336599 of user rubyman.
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16228]: pam_unix(su:session): session closed for user rubyman
May  5 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336599.
May  5 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session closed for user root
May  5 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16168]: pam_unix(cron:session): session closed for user samftp
May  5 22:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 22:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Failed password for root from 85.208.253.142 port 45422 ssh2
May  5 22:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Received disconnect from 85.208.253.142 port 45422:11: Bye Bye [preauth]
May  5 22:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Disconnected from 85.208.253.142 port 45422 [preauth]
May  5 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15376]: pam_unix(cron:session): session closed for user root
May  5 22:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Invalid user hduser from 124.29.237.27
May  5 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: input_userauth_request: invalid user hduser [preauth]
May  5 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27
May  5 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Failed password for invalid user hduser from 124.29.237.27 port 46372 ssh2
May  5 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Received disconnect from 124.29.237.27 port 46372:11: Bye Bye [preauth]
May  5 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16525]: Disconnected from 124.29.237.27 port 46372 [preauth]
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16601]: pam_unix(cron:session): session closed for user p13x
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: Successful su for rubyman by root
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: + ??? root:rubyman
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336603 of user rubyman.
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16672]: pam_unix(su:session): session closed for user rubyman
May  5 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336603.
May  5 22:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14057]: pam_unix(cron:session): session closed for user root
May  5 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16603]: pam_unix(cron:session): session closed for user samftp
May  5 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user root
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17040]: pam_unix(cron:session): session closed for user root
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session closed for user p13x
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17110]: Successful su for rubyman by root
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17110]: + ??? root:rubyman
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336609 of user rubyman.
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17110]: pam_unix(su:session): session closed for user rubyman
May  5 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336609.
May  5 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session closed for user root
May  5 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14452]: pam_unix(cron:session): session closed for user root
May  5 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session closed for user samftp
May  5 22:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Invalid user wartung from 182.184.75.7
May  5 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: input_userauth_request: invalid user wartung [preauth]
May  5 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16171]: pam_unix(cron:session): session closed for user root
May  5 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Failed password for invalid user wartung from 182.184.75.7 port 54582 ssh2
May  5 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Received disconnect from 182.184.75.7 port 54582:11: Bye Bye [preauth]
May  5 22:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Disconnected from 182.184.75.7 port 54582 [preauth]
May  5 22:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Invalid user taller from 46.148.227.157
May  5 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: input_userauth_request: invalid user taller [preauth]
May  5 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Failed password for invalid user taller from 46.148.227.157 port 42134 ssh2
May  5 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Received disconnect from 46.148.227.157 port 42134:11: Bye Bye [preauth]
May  5 22:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Disconnected from 46.148.227.157 port 42134 [preauth]
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session closed for user p13x
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17556]: Successful su for rubyman by root
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17556]: + ??? root:rubyman
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336613 of user rubyman.
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17556]: pam_unix(su:session): session closed for user rubyman
May  5 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336613.
May  5 22:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14955]: pam_unix(cron:session): session closed for user root
May  5 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user samftp
May  5 22:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 27.111.32.174 port 41104 ssh2
May  5 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Received disconnect from 27.111.32.174 port 41104:11: Bye Bye [preauth]
May  5 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Disconnected from 27.111.32.174 port 41104 [preauth]
May  5 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16605]: pam_unix(cron:session): session closed for user root
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user p13x
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18080]: Successful su for rubyman by root
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18080]: + ??? root:rubyman
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336618 of user rubyman.
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18080]: pam_unix(su:session): session closed for user rubyman
May  5 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336618.
May  5 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15375]: pam_unix(cron:session): session closed for user root
May  5 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18010]: pam_unix(cron:session): session closed for user samftp
May  5 22:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Invalid user zhanghao from 182.184.75.7
May  5 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: input_userauth_request: invalid user zhanghao [preauth]
May  5 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Failed password for invalid user zhanghao from 182.184.75.7 port 34560 ssh2
May  5 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Received disconnect from 182.184.75.7 port 34560:11: Bye Bye [preauth]
May  5 22:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18330]: Disconnected from 182.184.75.7 port 34560 [preauth]
May  5 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17039]: pam_unix(cron:session): session closed for user root
May  5 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18426]: pam_unix(cron:session): session closed for user p13x
May  5 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: Successful su for rubyman by root
May  5 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: + ??? root:rubyman
May  5 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336622 of user rubyman.
May  5 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18496]: pam_unix(su:session): session closed for user rubyman
May  5 22:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336622.
May  5 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user root
May  5 22:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18427]: pam_unix(cron:session): session closed for user samftp
May  5 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for root from 218.92.0.179 port 43145 ssh2
May  5 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Failed password for root from 218.92.0.179 port 43145 ssh2
May  5 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Received disconnect from 218.92.0.179 port 43145:11:  [preauth]
May  5 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: Disconnected from 218.92.0.179 port 43145 [preauth]
May  5 22:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18696]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 22:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Failed password for root from 85.208.253.142 port 50522 ssh2
May  5 22:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Received disconnect from 85.208.253.142 port 50522:11: Bye Bye [preauth]
May  5 22:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18715]: Disconnected from 85.208.253.142 port 50522 [preauth]
May  5 22:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session closed for user root
May  5 22:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Invalid user user from 80.94.95.29
May  5 22:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: input_userauth_request: invalid user user [preauth]
May  5 22:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 22:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for invalid user user from 80.94.95.29 port 63822 ssh2
May  5 22:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for invalid user user from 80.94.95.29 port 63822 ssh2
May  5 22:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for invalid user user from 80.94.95.29 port 63822 ssh2
May  5 22:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for invalid user user from 80.94.95.29 port 63822 ssh2
May  5 22:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for invalid user user from 80.94.95.29 port 63822 ssh2
May  5 22:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Received disconnect from 80.94.95.29 port 63822:11: Bye [preauth]
May  5 22:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Disconnected from 80.94.95.29 port 63822 [preauth]
May  5 22:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  5 22:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18846]: pam_unix(cron:session): session closed for user p13x
May  5 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: Successful su for rubyman by root
May  5 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: + ??? root:rubyman
May  5 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336626 of user rubyman.
May  5 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18909]: pam_unix(su:session): session closed for user rubyman
May  5 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336626.
May  5 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16170]: pam_unix(cron:session): session closed for user root
May  5 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18847]: pam_unix(cron:session): session closed for user samftp
May  5 22:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27  user=root
May  5 22:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Failed password for root from 124.29.237.27 port 42770 ssh2
May  5 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Received disconnect from 124.29.237.27 port 42770:11: Bye Bye [preauth]
May  5 22:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Disconnected from 124.29.237.27 port 42770 [preauth]
May  5 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18012]: pam_unix(cron:session): session closed for user root
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19260]: pam_unix(cron:session): session closed for user root
May  5 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session closed for user p13x
May  5 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19325]: Successful su for rubyman by root
May  5 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19325]: + ??? root:rubyman
May  5 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19325]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336631 of user rubyman.
May  5 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19325]: pam_unix(su:session): session closed for user rubyman
May  5 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336631.
May  5 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19257]: pam_unix(cron:session): session closed for user root
May  5 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16604]: pam_unix(cron:session): session closed for user root
May  5 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session closed for user samftp
May  5 22:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Invalid user user from 46.148.227.157
May  5 22:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: input_userauth_request: invalid user user [preauth]
May  5 22:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18432]: pam_unix(cron:session): session closed for user root
May  5 22:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Failed password for invalid user user from 46.148.227.157 port 57122 ssh2
May  5 22:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Received disconnect from 46.148.227.157 port 57122:11: Bye Bye [preauth]
May  5 22:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Disconnected from 46.148.227.157 port 57122 [preauth]
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session closed for user p13x
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: Successful su for rubyman by root
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: + ??? root:rubyman
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336635 of user rubyman.
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19768]: pam_unix(su:session): session closed for user rubyman
May  5 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336635.
May  5 22:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session closed for user root
May  5 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session closed for user samftp
May  5 22:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Invalid user cy from 182.184.75.7
May  5 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: input_userauth_request: invalid user cy [preauth]
May  5 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Failed password for invalid user cy from 182.184.75.7 port 50986 ssh2
May  5 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Received disconnect from 182.184.75.7 port 50986:11: Bye Bye [preauth]
May  5 22:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19997]: Disconnected from 182.184.75.7 port 50986 [preauth]
May  5 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18849]: pam_unix(cron:session): session closed for user root
May  5 22:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 22:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20063]: Failed password for root from 27.111.32.174 port 59584 ssh2
May  5 22:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20063]: Received disconnect from 27.111.32.174 port 59584:11: Bye Bye [preauth]
May  5 22:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20063]: Disconnected from 27.111.32.174 port 59584 [preauth]
May  5 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session closed for user p13x
May  5 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20185]: Successful su for rubyman by root
May  5 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20185]: + ??? root:rubyman
May  5 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336639 of user rubyman.
May  5 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20185]: pam_unix(su:session): session closed for user rubyman
May  5 22:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336639.
May  5 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session closed for user root
May  5 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20125]: pam_unix(cron:session): session closed for user samftp
May  5 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19259]: pam_unix(cron:session): session closed for user root
May  5 22:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Bad protocol version identification 'GET / HTTP/1.1' from 64.62.197.42 port 51553
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session closed for user p13x
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20579]: Successful su for rubyman by root
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20579]: + ??? root:rubyman
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336644 of user rubyman.
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20579]: pam_unix(su:session): session closed for user rubyman
May  5 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336644.
May  5 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18011]: pam_unix(cron:session): session closed for user root
May  5 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session closed for user samftp
May  5 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Invalid user agrant from 182.184.75.7
May  5 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: input_userauth_request: invalid user agrant [preauth]
May  5 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Invalid user flavia from 85.208.253.142
May  5 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: input_userauth_request: invalid user flavia [preauth]
May  5 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 22:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Failed password for invalid user agrant from 182.184.75.7 port 59202 ssh2
May  5 22:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Received disconnect from 182.184.75.7 port 59202:11: Bye Bye [preauth]
May  5 22:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20804]: Disconnected from 182.184.75.7 port 59202 [preauth]
May  5 22:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Failed password for invalid user flavia from 85.208.253.142 port 45936 ssh2
May  5 22:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Received disconnect from 85.208.253.142 port 45936:11: Bye Bye [preauth]
May  5 22:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: Disconnected from 85.208.253.142 port 45936 [preauth]
May  5 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19705]: pam_unix(cron:session): session closed for user root
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session closed for user p13x
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20990]: Successful su for rubyman by root
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20990]: + ??? root:rubyman
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336649 of user rubyman.
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20990]: pam_unix(su:session): session closed for user rubyman
May  5 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336649.
May  5 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18428]: pam_unix(cron:session): session closed for user root
May  5 22:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user samftp
May  5 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: Invalid user bind from 46.244.96.25
May  5 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: input_userauth_request: invalid user bind [preauth]
May  5 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  5 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session closed for user root
May  5 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: Failed password for invalid user bind from 46.244.96.25 port 38584 ssh2
May  5 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21281]: Connection closed by 46.244.96.25 port 38584 [preauth]
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session closed for user root
May  5 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user p13x
May  5 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21439]: Successful su for rubyman by root
May  5 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21439]: + ??? root:rubyman
May  5 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336651 of user rubyman.
May  5 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21439]: pam_unix(su:session): session closed for user rubyman
May  5 22:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336651.
May  5 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user root
May  5 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18848]: pam_unix(cron:session): session closed for user root
May  5 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session closed for user samftp
May  5 22:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Failed password for root from 46.148.227.157 port 41902 ssh2
May  5 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Received disconnect from 46.148.227.157 port 41902:11: Bye Bye [preauth]
May  5 22:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21689]: Disconnected from 46.148.227.157 port 41902 [preauth]
May  5 22:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Invalid user rubyseed from 182.184.75.7
May  5 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: input_userauth_request: invalid user rubyseed [preauth]
May  5 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Failed password for invalid user rubyseed from 182.184.75.7 port 39192 ssh2
May  5 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Received disconnect from 182.184.75.7 port 39192:11: Bye Bye [preauth]
May  5 22:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Disconnected from 182.184.75.7 port 39192 [preauth]
May  5 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session closed for user root
May  5 22:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 22:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: Failed password for root from 218.92.0.179 port 25560 ssh2
May  5 22:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22105]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 25560 ssh2]
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22127]: pam_unix(cron:session): session closed for user p13x
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22201]: Successful su for rubyman by root
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22201]: + ??? root:rubyman
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336659 of user rubyman.
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22201]: pam_unix(su:session): session closed for user rubyman
May  5 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336659.
May  5 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19258]: pam_unix(cron:session): session closed for user root
May  5 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22128]: pam_unix(cron:session): session closed for user samftp
May  5 22:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user root
May  5 22:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  5 22:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Failed password for root from 164.68.105.9 port 56672 ssh2
May  5 22:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22565]: Connection closed by 164.68.105.9 port 56672 [preauth]
May  5 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22603]: pam_unix(cron:session): session closed for user p13x
May  5 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: Successful su for rubyman by root
May  5 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: + ??? root:rubyman
May  5 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336661 of user rubyman.
May  5 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: pam_unix(su:session): session closed for user rubyman
May  5 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336661.
May  5 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19704]: pam_unix(cron:session): session closed for user root
May  5 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: Invalid user mori from 27.111.32.174
May  5 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: input_userauth_request: invalid user mori [preauth]
May  5 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: Failed password for invalid user mori from 27.111.32.174 port 44736 ssh2
May  5 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: Received disconnect from 27.111.32.174 port 44736:11: Bye Bye [preauth]
May  5 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22760]: Disconnected from 27.111.32.174 port 44736 [preauth]
May  5 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22605]: pam_unix(cron:session): session closed for user samftp
May  5 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Invalid user omnisky from 124.29.237.27
May  5 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: input_userauth_request: invalid user omnisky [preauth]
May  5 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27
May  5 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Failed password for invalid user omnisky from 124.29.237.27 port 47402 ssh2
May  5 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Received disconnect from 124.29.237.27 port 47402:11: Bye Bye [preauth]
May  5 22:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Disconnected from 124.29.237.27 port 47402 [preauth]
May  5 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session closed for user root
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23063]: pam_unix(cron:session): session closed for user p13x
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23123]: Successful su for rubyman by root
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23123]: + ??? root:rubyman
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336665 of user rubyman.
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23123]: pam_unix(su:session): session closed for user rubyman
May  5 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336665.
May  5 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session closed for user root
May  5 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23064]: pam_unix(cron:session): session closed for user samftp
May  5 22:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Invalid user mori from 85.208.253.142
May  5 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: input_userauth_request: invalid user mori [preauth]
May  5 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Failed password for invalid user mori from 85.208.253.142 port 59470 ssh2
May  5 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Received disconnect from 85.208.253.142 port 59470:11: Bye Bye [preauth]
May  5 22:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Disconnected from 85.208.253.142 port 59470 [preauth]
May  5 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22130]: pam_unix(cron:session): session closed for user root
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23570]: pam_unix(cron:session): session closed for user p13x
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: Successful su for rubyman by root
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: + ??? root:rubyman
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336671 of user rubyman.
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: pam_unix(su:session): session closed for user rubyman
May  5 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336671.
May  5 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session closed for user root
May  5 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23571]: pam_unix(cron:session): session closed for user samftp
May  5 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Invalid user ubuntu from 124.29.237.27
May  5 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: input_userauth_request: invalid user ubuntu [preauth]
May  5 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27
May  5 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Failed password for invalid user ubuntu from 124.29.237.27 port 55610 ssh2
May  5 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Received disconnect from 124.29.237.27 port 55610:11: Bye Bye [preauth]
May  5 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23950]: Disconnected from 124.29.237.27 port 55610 [preauth]
May  5 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22607]: pam_unix(cron:session): session closed for user root
May  5 22:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 22:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for root from 46.148.227.157 port 41960 ssh2
May  5 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Received disconnect from 46.148.227.157 port 41960:11: Bye Bye [preauth]
May  5 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Disconnected from 46.148.227.157 port 41960 [preauth]
May  5 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Invalid user gretchen from 199.188.103.179
May  5 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: input_userauth_request: invalid user gretchen [preauth]
May  5 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): check pass; user unknown
May  5 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179
May  5 22:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Failed password for invalid user gretchen from 199.188.103.179 port 58064 ssh2
May  5 22:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24047]: Connection closed by 199.188.103.179 port 58064 [preauth]
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24100]: pam_unix(cron:session): session closed for user root
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24104]: pam_unix(cron:session): session closed for user root
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24098]: pam_unix(cron:session): session closed for user p13x
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: Successful su for rubyman by root
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: + ??? root:rubyman
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336679 of user rubyman.
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24192]: pam_unix(su:session): session closed for user rubyman
May  5 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336679.
May  5 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user root
May  5 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24101]: pam_unix(cron:session): session closed for user root
May  5 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24099]: pam_unix(cron:session): session closed for user samftp
May  5 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: Invalid user lijian from 193.70.84.184
May  5 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: input_userauth_request: invalid user lijian [preauth]
May  5 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: Failed password for invalid user lijian from 193.70.84.184 port 53772 ssh2
May  5 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24487]: Connection closed by 193.70.84.184 port 53772 [preauth]
May  5 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Invalid user support from 80.94.95.125
May  5 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: input_userauth_request: invalid user support [preauth]
May  5 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Failed password for invalid user support from 80.94.95.125 port 13223 ssh2
May  5 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Failed password for invalid user support from 80.94.95.125 port 13223 ssh2
May  5 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session closed for user root
May  5 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Failed password for invalid user support from 80.94.95.125 port 13223 ssh2
May  5 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Failed password for invalid user support from 80.94.95.125 port 13223 ssh2
May  5 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Failed password for invalid user support from 80.94.95.125 port 13223 ssh2
May  5 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Received disconnect from 80.94.95.125 port 13223:11: Bye [preauth]
May  5 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: Disconnected from 80.94.95.125 port 13223 [preauth]
May  5 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24512]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Invalid user admin from 80.94.95.112
May  5 23:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: input_userauth_request: invalid user admin [preauth]
May  5 23:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 23:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for invalid user admin from 80.94.95.112 port 6981 ssh2
May  5 23:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for invalid user admin from 80.94.95.112 port 6981 ssh2
May  5 23:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for invalid user admin from 80.94.95.112 port 6981 ssh2
May  5 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for invalid user admin from 80.94.95.112 port 6981 ssh2
May  5 23:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Failed password for invalid user admin from 80.94.95.112 port 6981 ssh2
May  5 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Received disconnect from 80.94.95.112 port 6981:11: Bye [preauth]
May  5 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: Disconnected from 80.94.95.112 port 6981 [preauth]
May  5 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24616]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24645]: pam_unix(cron:session): session closed for user p13x
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24721]: Successful su for rubyman by root
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24721]: + ??? root:rubyman
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336681 of user rubyman.
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24721]: pam_unix(su:session): session closed for user rubyman
May  5 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336681.
May  5 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21378]: pam_unix(cron:session): session closed for user root
May  5 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24648]: pam_unix(cron:session): session closed for user samftp
May  5 23:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Invalid user notes from 182.184.75.7
May  5 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: input_userauth_request: invalid user notes [preauth]
May  5 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.75.7
May  5 23:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for invalid user notes from 182.184.75.7 port 35594 ssh2
May  5 23:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Received disconnect from 182.184.75.7 port 35594:11: Bye Bye [preauth]
May  5 23:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Disconnected from 182.184.75.7 port 35594 [preauth]
May  5 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23573]: pam_unix(cron:session): session closed for user root
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session closed for user p13x
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25122]: Successful su for rubyman by root
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25122]: + ??? root:rubyman
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336686 of user rubyman.
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25122]: pam_unix(su:session): session closed for user rubyman
May  5 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336686.
May  5 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22129]: pam_unix(cron:session): session closed for user root
May  5 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session closed for user samftp
May  5 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 23:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Failed password for root from 27.111.32.174 port 56824 ssh2
May  5 23:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Received disconnect from 27.111.32.174 port 56824:11: Bye Bye [preauth]
May  5 23:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Disconnected from 27.111.32.174 port 56824 [preauth]
May  5 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24103]: pam_unix(cron:session): session closed for user root
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session closed for user p13x
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25553]: Successful su for rubyman by root
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25553]: + ??? root:rubyman
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336690 of user rubyman.
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25553]: pam_unix(su:session): session closed for user rubyman
May  5 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336690.
May  5 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Invalid user zhangqin from 85.208.253.142
May  5 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: input_userauth_request: invalid user zhangqin [preauth]
May  5 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Failed password for invalid user zhangqin from 85.208.253.142 port 49708 ssh2
May  5 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Received disconnect from 85.208.253.142 port 49708:11: Bye Bye [preauth]
May  5 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25507]: Disconnected from 85.208.253.142 port 49708 [preauth]
May  5 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22606]: pam_unix(cron:session): session closed for user root
May  5 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session closed for user samftp
May  5 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Invalid user tom from 124.29.237.27
May  5 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: input_userauth_request: invalid user tom [preauth]
May  5 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.29.237.27
May  5 23:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Failed password for invalid user tom from 124.29.237.27 port 43814 ssh2
May  5 23:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Received disconnect from 124.29.237.27 port 43814:11: Bye Bye [preauth]
May  5 23:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25791]: Disconnected from 124.29.237.27 port 43814 [preauth]
May  5 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24651]: pam_unix(cron:session): session closed for user root
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session closed for user p13x
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26041]: Successful su for rubyman by root
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26041]: + ??? root:rubyman
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336693 of user rubyman.
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26041]: pam_unix(su:session): session closed for user rubyman
May  5 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336693.
May  5 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session closed for user root
May  5 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session closed for user samftp
May  5 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Invalid user ander from 46.148.227.157
May  5 23:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: input_userauth_request: invalid user ander [preauth]
May  5 23:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Failed password for invalid user ander from 46.148.227.157 port 33584 ssh2
May  5 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Received disconnect from 46.148.227.157 port 33584:11: Bye Bye [preauth]
May  5 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Disconnected from 46.148.227.157 port 33584 [preauth]
May  5 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25066]: pam_unix(cron:session): session closed for user root
May  5 23:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for root from 218.92.0.204 port 45134 ssh2
May  5 23:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: message repeated 3 times: [ Failed password for root from 218.92.0.204 port 45134 ssh2]
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session closed for user root
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26374]: pam_unix(cron:session): session closed for user p13x
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: Successful su for rubyman by root
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: + ??? root:rubyman
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336697 of user rubyman.
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: pam_unix(su:session): session closed for user rubyman
May  5 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336697.
May  5 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for root from 218.92.0.204 port 45134 ssh2
May  5 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 45134 ssh2 [preauth]
May  5 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Disconnecting: Too many authentication failures [preauth]
May  5 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  5 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23572]: pam_unix(cron:session): session closed for user root
May  5 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26377]: pam_unix(cron:session): session closed for user root
May  5 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session closed for user samftp
May  5 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session closed for user root
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26893]: pam_unix(cron:session): session closed for user p13x
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26994]: Successful su for rubyman by root
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26994]: + ??? root:rubyman
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336702 of user rubyman.
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26994]: pam_unix(su:session): session closed for user rubyman
May  5 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336702.
May  5 23:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session closed for user root
May  5 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session closed for user samftp
May  5 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25980]: pam_unix(cron:session): session closed for user root
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27408]: pam_unix(cron:session): session closed for user p13x
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: Successful su for rubyman by root
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: + ??? root:rubyman
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336707 of user rubyman.
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: pam_unix(su:session): session closed for user rubyman
May  5 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336707.
May  5 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session closed for user root
May  5 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27409]: pam_unix(cron:session): session closed for user samftp
May  5 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session closed for user root
May  5 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Failed password for root from 27.111.32.174 port 39216 ssh2
May  5 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Received disconnect from 27.111.32.174 port 39216:11: Bye Bye [preauth]
May  5 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27816]: Disconnected from 27.111.32.174 port 39216 [preauth]
May  5 23:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: Invalid user ubuntu from 85.208.253.142
May  5 23:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: input_userauth_request: invalid user ubuntu [preauth]
May  5 23:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: Failed password for invalid user ubuntu from 85.208.253.142 port 58030 ssh2
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: Received disconnect from 85.208.253.142 port 58030:11: Bye Bye [preauth]
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27836]: Disconnected from 85.208.253.142 port 58030 [preauth]
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session closed for user p13x
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: Successful su for rubyman by root
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: + ??? root:rubyman
May  5 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336711 of user rubyman.
May  5 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27915]: pam_unix(su:session): session closed for user rubyman
May  5 23:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336711.
May  5 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25065]: pam_unix(cron:session): session closed for user root
May  5 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session closed for user samftp
May  5 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: Invalid user svnuser from 124.198.59.254
May  5 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: input_userauth_request: invalid user svnuser [preauth]
May  5 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  5 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Failed password for root from 218.92.0.179 port 41880 ssh2
May  5 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: Failed password for invalid user svnuser from 124.198.59.254 port 38542 ssh2
May  5 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28057]: Connection closed by 124.198.59.254 port 38542 [preauth]
May  5 23:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Failed password for root from 218.92.0.179 port 41880 ssh2
May  5 23:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Failed password for root from 218.92.0.179 port 41880 ssh2
May  5 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  5 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Received disconnect from 218.92.0.179 port 41880:11:  [preauth]
May  5 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: Disconnected from 218.92.0.179 port 41880 [preauth]
May  5 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28119]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28135]: Failed password for root from 103.226.139.67 port 47024 ssh2
May  5 23:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28135]: Received disconnect from 103.226.139.67 port 47024:11: Bye Bye [preauth]
May  5 23:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28135]: Disconnected from 103.226.139.67 port 47024 [preauth]
May  5 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session closed for user root
May  5 23:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Invalid user flavia from 46.148.227.157
May  5 23:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: input_userauth_request: invalid user flavia [preauth]
May  5 23:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28262]: pam_unix(cron:session): session closed for user p13x
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: Successful su for rubyman by root
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: + ??? root:rubyman
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336716 of user rubyman.
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28389]: pam_unix(su:session): session closed for user rubyman
May  5 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336716.
May  5 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session closed for user root
May  5 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Failed password for invalid user flavia from 46.148.227.157 port 49140 ssh2
May  5 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Received disconnect from 46.148.227.157 port 49140:11: Bye Bye [preauth]
May  5 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28258]: Disconnected from 46.148.227.157 port 49140 [preauth]
May  5 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session closed for user root
May  5 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28263]: pam_unix(cron:session): session closed for user samftp
May  5 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Invalid user ubnt from 80.94.95.241
May  5 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: input_userauth_request: invalid user ubnt [preauth]
May  5 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Failed password for invalid user ubnt from 80.94.95.241 port 57713 ssh2
May  5 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Failed password for invalid user ubnt from 80.94.95.241 port 57713 ssh2
May  5 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Failed password for invalid user ubnt from 80.94.95.241 port 57713 ssh2
May  5 23:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Failed password for invalid user ubnt from 80.94.95.241 port 57713 ssh2
May  5 23:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Failed password for invalid user ubnt from 80.94.95.241 port 57713 ssh2
May  5 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Received disconnect from 80.94.95.241 port 57713:11: Bye [preauth]
May  5 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: Disconnected from 80.94.95.241 port 57713 [preauth]
May  5 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28634]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user root
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28757]: pam_unix(cron:session): session closed for user root
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28752]: pam_unix(cron:session): session closed for user p13x
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: Successful su for rubyman by root
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: + ??? root:rubyman
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336719 of user rubyman.
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28829]: pam_unix(su:session): session closed for user rubyman
May  5 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336719.
May  5 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28754]: pam_unix(cron:session): session closed for user root
May  5 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25979]: pam_unix(cron:session): session closed for user root
May  5 23:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28753]: pam_unix(cron:session): session closed for user samftp
May  5 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27850]: pam_unix(cron:session): session closed for user root
May  5 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Failed password for root from 218.92.0.179 port 36902 ssh2
May  5 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36902 ssh2]
May  5 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Received disconnect from 218.92.0.179 port 36902:11:  [preauth]
May  5 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: Disconnected from 218.92.0.179 port 36902 [preauth]
May  5 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29296]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user p13x
May  5 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: Successful su for rubyman by root
May  5 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: + ??? root:rubyman
May  5 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336725 of user rubyman.
May  5 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: pam_unix(su:session): session closed for user rubyman
May  5 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336725.
May  5 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26379]: pam_unix(cron:session): session closed for user root
May  5 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session closed for user samftp
May  5 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28266]: pam_unix(cron:session): session closed for user root
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29727]: pam_unix(cron:session): session closed for user p13x
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: Successful su for rubyman by root
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: + ??? root:rubyman
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336730 of user rubyman.
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: pam_unix(su:session): session closed for user rubyman
May  5 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336730.
May  5 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session closed for user root
May  5 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session closed for user samftp
May  5 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28756]: pam_unix(cron:session): session closed for user root
May  5 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Connection closed by 172.104.11.51 port 54282 [preauth]
May  5 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30093]: Connection closed by 172.104.11.51 port 54284 [preauth]
May  5 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: fatal: Unable to negotiate with 172.104.11.51 port 54294: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  5 23:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Invalid user emma from 212.233.136.201
May  5 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: input_userauth_request: invalid user emma [preauth]
May  5 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  5 23:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Failed password for invalid user emma from 212.233.136.201 port 48326 ssh2
May  5 23:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Received disconnect from 212.233.136.201 port 48326:11: Bye Bye [preauth]
May  5 23:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30111]: Disconnected from 212.233.136.201 port 48326 [preauth]
May  5 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 23:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Failed password for root from 85.208.253.142 port 33458 ssh2
May  5 23:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Received disconnect from 85.208.253.142 port 33458:11: Bye Bye [preauth]
May  5 23:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Disconnected from 85.208.253.142 port 33458 [preauth]
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30141]: pam_unix(cron:session): session closed for user p13x
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30202]: Successful su for rubyman by root
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30202]: + ??? root:rubyman
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336734 of user rubyman.
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30202]: pam_unix(su:session): session closed for user rubyman
May  5 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336734.
May  5 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user root
May  5 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session closed for user samftp
May  5 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Invalid user vpn from 27.111.32.174
May  5 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: input_userauth_request: invalid user vpn [preauth]
May  5 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Failed password for invalid user vpn from 27.111.32.174 port 42424 ssh2
May  5 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Received disconnect from 27.111.32.174 port 42424:11: Bye Bye [preauth]
May  5 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Disconnected from 27.111.32.174 port 42424 [preauth]
May  5 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29320]: pam_unix(cron:session): session closed for user root
May  5 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Invalid user mori from 46.148.227.157
May  5 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: input_userauth_request: invalid user mori [preauth]
May  5 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 23:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Failed password for invalid user mori from 46.148.227.157 port 51598 ssh2
May  5 23:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Received disconnect from 46.148.227.157 port 51598:11: Bye Bye [preauth]
May  5 23:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30465]: Disconnected from 46.148.227.157 port 51598 [preauth]
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session closed for user p13x
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: Successful su for rubyman by root
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: + ??? root:rubyman
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336739 of user rubyman.
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30611]: pam_unix(su:session): session closed for user rubyman
May  5 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336739.
May  5 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session closed for user root
May  5 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session closed for user samftp
May  5 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Invalid user raphael from 187.170.74.95
May  5 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: input_userauth_request: invalid user raphael [preauth]
May  5 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  5 23:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Failed password for invalid user raphael from 187.170.74.95 port 56402 ssh2
May  5 23:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Received disconnect from 187.170.74.95 port 56402:11: Bye Bye [preauth]
May  5 23:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Disconnected from 187.170.74.95 port 56402 [preauth]
May  5 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user root
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31019]: pam_unix(cron:session): session closed for user root
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31010]: pam_unix(cron:session): session closed for user p13x
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31110]: Successful su for rubyman by root
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31110]: + ??? root:rubyman
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336743 of user rubyman.
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31110]: pam_unix(su:session): session closed for user rubyman
May  5 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336743.
May  5 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31013]: pam_unix(cron:session): session closed for user root
May  5 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28264]: pam_unix(cron:session): session closed for user root
May  5 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31011]: pam_unix(cron:session): session closed for user samftp
May  5 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session closed for user root
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31477]: pam_unix(cron:session): session closed for user p13x
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31549]: Successful su for rubyman by root
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31549]: + ??? root:rubyman
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336748 of user rubyman.
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31549]: pam_unix(su:session): session closed for user rubyman
May  5 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336748.
May  5 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28755]: pam_unix(cron:session): session closed for user root
May  5 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31478]: pam_unix(cron:session): session closed for user samftp
May  5 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session closed for user root
May  5 23:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31946]: pam_unix(cron:session): session closed for user root
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31948]: pam_unix(cron:session): session closed for user p13x
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: Successful su for rubyman by root
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: + ??? root:rubyman
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336754 of user rubyman.
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: pam_unix(su:session): session closed for user rubyman
May  5 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336754.
May  5 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session closed for user root
May  5 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31957]: pam_unix(cron:session): session closed for user samftp
May  5 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31018]: pam_unix(cron:session): session closed for user root
May  5 23:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135  user=root
May  5 23:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Failed password for root from 176.31.162.135 port 39710 ssh2
May  5 23:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Connection closed by 176.31.162.135 port 39710 [preauth]
May  5 23:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Failed password for root from 218.92.0.179 port 28922 ssh2
May  5 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Failed password for root from 218.92.0.179 port 28922 ssh2
May  5 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Failed password for root from 218.92.0.179 port 28922 ssh2
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Received disconnect from 218.92.0.179 port 28922:11:  [preauth]
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: Disconnected from 218.92.0.179 port 28922 [preauth]
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32672]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: Failed password for root from 85.208.253.142 port 42222 ssh2
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: Received disconnect from 85.208.253.142 port 42222:11: Bye Bye [preauth]
May  5 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32717]: Disconnected from 85.208.253.142 port 42222 [preauth]
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32742]: pam_unix(cron:session): session closed for user p13x
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: Successful su for rubyman by root
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: + ??? root:rubyman
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336757 of user rubyman.
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[357]: pam_unix(su:session): session closed for user rubyman
May  5 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336757.
May  5 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user root
May  5 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32744]: pam_unix(cron:session): session closed for user samftp
May  5 23:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Invalid user debian from 46.148.227.157
May  5 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: input_userauth_request: invalid user debian [preauth]
May  5 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157
May  5 23:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Failed password for invalid user debian from 46.148.227.157 port 60052 ssh2
May  5 23:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Received disconnect from 46.148.227.157 port 60052:11: Bye Bye [preauth]
May  5 23:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[607]: Disconnected from 46.148.227.157 port 60052 [preauth]
May  5 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Invalid user taller from 27.111.32.174
May  5 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: input_userauth_request: invalid user taller [preauth]
May  5 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Invalid user testbed from 50.235.31.47
May  5 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: input_userauth_request: invalid user testbed [preauth]
May  5 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31480]: pam_unix(cron:session): session closed for user root
May  5 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Failed password for invalid user testbed from 50.235.31.47 port 37942 ssh2
May  5 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[691]: Connection closed by 50.235.31.47 port 37942 [preauth]
May  5 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Failed password for invalid user taller from 27.111.32.174 port 57502 ssh2
May  5 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Received disconnect from 27.111.32.174 port 57502:11: Bye Bye [preauth]
May  5 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Disconnected from 27.111.32.174 port 57502 [preauth]
May  5 23:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Invalid user genli from 212.233.136.201
May  5 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: input_userauth_request: invalid user genli [preauth]
May  5 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  5 23:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Failed password for invalid user genli from 212.233.136.201 port 49294 ssh2
May  5 23:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Received disconnect from 212.233.136.201 port 49294:11: Bye Bye [preauth]
May  5 23:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Disconnected from 212.233.136.201 port 49294 [preauth]
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[789]: pam_unix(cron:session): session closed for user p13x
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: Successful su for rubyman by root
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: + ??? root:rubyman
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336762 of user rubyman.
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: pam_unix(su:session): session closed for user rubyman
May  5 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336762.
May  5 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  5 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session closed for user root
May  5 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Failed password for root from 187.170.74.95 port 57509 ssh2
May  5 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Received disconnect from 187.170.74.95 port 57509:11: Bye Bye [preauth]
May  5 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[977]: Disconnected from 187.170.74.95 port 57509 [preauth]
May  5 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[790]: pam_unix(cron:session): session closed for user samftp
May  5 23:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  5 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Failed password for root from 190.103.202.7 port 54758 ssh2
May  5 23:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1111]: Connection closed by 190.103.202.7 port 54758 [preauth]
May  5 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31965]: pam_unix(cron:session): session closed for user root
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session closed for user root
May  5 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1275]: pam_unix(cron:session): session closed for user p13x
May  5 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: Successful su for rubyman by root
May  5 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: + ??? root:rubyman
May  5 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336768 of user rubyman.
May  5 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1354]: pam_unix(su:session): session closed for user rubyman
May  5 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336768.
May  5 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1277]: pam_unix(cron:session): session closed for user root
May  5 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session closed for user root
May  5 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1276]: pam_unix(cron:session): session closed for user samftp
May  5 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32747]: pam_unix(cron:session): session closed for user root
May  5 23:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 23:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for root from 218.92.0.201 port 40880 ssh2
May  5 23:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 40880 ssh2]
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1801]: pam_unix(cron:session): session closed for user p13x
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1878]: Successful su for rubyman by root
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1878]: + ??? root:rubyman
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336772 of user rubyman.
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1878]: pam_unix(su:session): session closed for user rubyman
May  5 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336772.
May  5 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for root from 218.92.0.201 port 40880 ssh2
May  5 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31017]: pam_unix(cron:session): session closed for user root
May  5 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1803]: pam_unix(cron:session): session closed for user samftp
May  5 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for root from 218.92.0.201 port 40880 ssh2
May  5 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 40880 ssh2 [preauth]
May  5 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Disconnecting: Too many authentication failures [preauth]
May  5 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 23:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 23:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Failed password for root from 218.92.0.201 port 42624 ssh2
May  5 23:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: message repeated 3 times: [ Failed password for root from 218.92.0.201 port 42624 ssh2]
May  5 23:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  5 23:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Failed password for root from 218.92.0.201 port 42624 ssh2
May  5 23:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Failed password for root from 103.226.139.67 port 57090 ssh2
May  5 23:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Received disconnect from 103.226.139.67 port 57090:11: Bye Bye [preauth]
May  5 23:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Disconnected from 103.226.139.67 port 57090 [preauth]
May  5 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Failed password for root from 218.92.0.201 port 42624 ssh2
May  5 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 42624 ssh2 [preauth]
May  5 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Disconnecting: Too many authentication failures [preauth]
May  5 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  5 23:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[792]: pam_unix(cron:session): session closed for user root
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2300]: pam_unix(cron:session): session closed for user p13x
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2365]: Successful su for rubyman by root
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2365]: + ??? root:rubyman
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336776 of user rubyman.
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2365]: pam_unix(su:session): session closed for user rubyman
May  5 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336776.
May  5 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31479]: pam_unix(cron:session): session closed for user root
May  5 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2301]: pam_unix(cron:session): session closed for user samftp
May  5 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1279]: pam_unix(cron:session): session closed for user root
May  5 23:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 23:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Failed password for root from 46.148.227.157 port 41740 ssh2
May  5 23:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Received disconnect from 46.148.227.157 port 41740:11: Bye Bye [preauth]
May  5 23:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2731]: Disconnected from 46.148.227.157 port 41740 [preauth]
May  5 23:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 23:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Failed password for root from 85.208.253.142 port 50164 ssh2
May  5 23:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Received disconnect from 85.208.253.142 port 50164:11: Bye Bye [preauth]
May  5 23:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Disconnected from 85.208.253.142 port 50164 [preauth]
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2747]: pam_unix(cron:session): session closed for user p13x
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2810]: Successful su for rubyman by root
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2810]: + ??? root:rubyman
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336780 of user rubyman.
May  5 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2810]: pam_unix(su:session): session closed for user rubyman
May  5 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336780.
May  5 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31958]: pam_unix(cron:session): session closed for user root
May  5 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2748]: pam_unix(cron:session): session closed for user samftp
May  5 23:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Invalid user sachin from 212.233.136.201
May  5 23:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: input_userauth_request: invalid user sachin [preauth]
May  5 23:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  5 23:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  5 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Failed password for invalid user sachin from 212.233.136.201 port 36730 ssh2
May  5 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Received disconnect from 212.233.136.201 port 36730:11: Bye Bye [preauth]
May  5 23:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3043]: Disconnected from 212.233.136.201 port 36730 [preauth]
May  5 23:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Failed password for root from 187.170.74.95 port 57494 ssh2
May  5 23:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Received disconnect from 187.170.74.95 port 57494:11: Bye Bye [preauth]
May  5 23:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3045]: Disconnected from 187.170.74.95 port 57494 [preauth]
May  5 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1805]: pam_unix(cron:session): session closed for user root
May  5 23:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Invalid user ander from 27.111.32.174
May  5 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: input_userauth_request: invalid user ander [preauth]
May  5 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 23:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Failed password for invalid user ander from 27.111.32.174 port 36684 ssh2
May  5 23:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Received disconnect from 27.111.32.174 port 36684:11: Bye Bye [preauth]
May  5 23:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Disconnected from 27.111.32.174 port 36684 [preauth]
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3166]: pam_unix(cron:session): session closed for user p13x
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: Successful su for rubyman by root
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: + ??? root:rubyman
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336782 of user rubyman.
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3232]: pam_unix(su:session): session closed for user rubyman
May  5 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336782.
May  5 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32745]: pam_unix(cron:session): session closed for user root
May  5 23:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3167]: pam_unix(cron:session): session closed for user samftp
May  5 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2303]: pam_unix(cron:session): session closed for user root
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3623]: pam_unix(cron:session): session closed for user root
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session closed for user p13x
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3686]: Successful su for rubyman by root
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3686]: + ??? root:rubyman
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336790 of user rubyman.
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3686]: pam_unix(su:session): session closed for user rubyman
May  5 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336790.
May  5 23:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[791]: pam_unix(cron:session): session closed for user root
May  5 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3620]: pam_unix(cron:session): session closed for user root
May  5 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session closed for user samftp
May  5 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2750]: pam_unix(cron:session): session closed for user root
May  5 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4072]: pam_unix(cron:session): session closed for user p13x
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: Successful su for rubyman by root
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: + ??? root:rubyman
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336793 of user rubyman.
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: pam_unix(su:session): session closed for user rubyman
May  5 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336793.
May  5 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1278]: pam_unix(cron:session): session closed for user root
May  5 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4073]: pam_unix(cron:session): session closed for user samftp
May  5 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Failed password for root from 218.92.0.179 port 34187 ssh2
May  5 23:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Failed password for root from 218.92.0.179 port 34187 ssh2
May  5 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3169]: pam_unix(cron:session): session closed for user root
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4640]: pam_unix(cron:session): session closed for user p13x
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: Successful su for rubyman by root
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: + ??? root:rubyman
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336796 of user rubyman.
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: pam_unix(su:session): session closed for user rubyman
May  5 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336796.
May  5 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1804]: pam_unix(cron:session): session closed for user root
May  5 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4641]: pam_unix(cron:session): session closed for user samftp
May  5 23:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 23:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Failed password for root from 46.148.227.157 port 42444 ssh2
May  5 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Received disconnect from 46.148.227.157 port 42444:11: Bye Bye [preauth]
May  5 23:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Disconnected from 46.148.227.157 port 42444 [preauth]
May  5 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Invalid user stefano from 187.170.74.95
May  5 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: input_userauth_request: invalid user stefano [preauth]
May  5 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  5 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3622]: pam_unix(cron:session): session closed for user root
May  5 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user stefano from 187.170.74.95 port 46724 ssh2
May  5 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Received disconnect from 187.170.74.95 port 46724:11: Bye Bye [preauth]
May  5 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Disconnected from 187.170.74.95 port 46724 [preauth]
May  5 23:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  5 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Failed password for root from 212.233.136.201 port 50836 ssh2
May  5 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Received disconnect from 212.233.136.201 port 50836:11: Bye Bye [preauth]
May  5 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Disconnected from 212.233.136.201 port 50836 [preauth]
May  5 23:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5265]: pam_unix(cron:session): session closed for user p13x
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: Successful su for rubyman by root
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: + ??? root:rubyman
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336801 of user rubyman.
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5328]: pam_unix(su:session): session closed for user rubyman
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336801.
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: Failed password for root from 85.208.253.142 port 56774 ssh2
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: Received disconnect from 85.208.253.142 port 56774:11: Bye Bye [preauth]
May  5 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: Disconnected from 85.208.253.142 port 56774 [preauth]
May  5 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2302]: pam_unix(cron:session): session closed for user root
May  5 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5266]: pam_unix(cron:session): session closed for user samftp
May  5 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  5 23:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Failed password for root from 103.226.139.67 port 52624 ssh2
May  5 23:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Received disconnect from 103.226.139.67 port 52624:11: Bye Bye [preauth]
May  5 23:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5502]: Disconnected from 103.226.139.67 port 52624 [preauth]
May  5 23:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4075]: pam_unix(cron:session): session closed for user root
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5732]: pam_unix(cron:session): session closed for user p13x
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5790]: Successful su for rubyman by root
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5790]: + ??? root:rubyman
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336805 of user rubyman.
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5790]: pam_unix(su:session): session closed for user rubyman
May  5 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336805.
May  5 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2749]: pam_unix(cron:session): session closed for user root
May  5 23:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5733]: pam_unix(cron:session): session closed for user samftp
May  5 23:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Invalid user debian from 27.111.32.174
May  5 23:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: input_userauth_request: invalid user debian [preauth]
May  5 23:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174
May  5 23:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for invalid user debian from 27.111.32.174 port 54742 ssh2
May  5 23:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Received disconnect from 27.111.32.174 port 54742:11: Bye Bye [preauth]
May  5 23:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Disconnected from 27.111.32.174 port 54742 [preauth]
May  5 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4643]: pam_unix(cron:session): session closed for user root
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session closed for user root
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6233]: pam_unix(cron:session): session closed for user p13x
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: Successful su for rubyman by root
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: + ??? root:rubyman
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336809 of user rubyman.
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: pam_unix(su:session): session closed for user rubyman
May  5 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336809.
May  5 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session closed for user root
May  5 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3168]: pam_unix(cron:session): session closed for user root
May  5 23:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6234]: pam_unix(cron:session): session closed for user samftp
May  5 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5268]: pam_unix(cron:session): session closed for user root
May  5 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session closed for user p13x
May  5 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: Successful su for rubyman by root
May  5 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: + ??? root:rubyman
May  5 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336815 of user rubyman.
May  5 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6738]: pam_unix(su:session): session closed for user rubyman
May  5 23:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336815.
May  5 23:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3621]: pam_unix(cron:session): session closed for user root
May  5 23:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session closed for user samftp
May  5 23:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5735]: pam_unix(cron:session): session closed for user root
May  5 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Invalid user llm from 187.170.74.95
May  5 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: input_userauth_request: invalid user llm [preauth]
May  5 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  5 23:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Failed password for invalid user llm from 187.170.74.95 port 58505 ssh2
May  5 23:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Received disconnect from 187.170.74.95 port 58505:11: Bye Bye [preauth]
May  5 23:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7145]: Disconnected from 187.170.74.95 port 58505 [preauth]
May  5 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7196]: pam_unix(cron:session): session closed for user p13x
May  5 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: Successful su for rubyman by root
May  5 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: + ??? root:rubyman
May  5 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336818 of user rubyman.
May  5 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7261]: pam_unix(su:session): session closed for user rubyman
May  5 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336818.
May  5 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user root
May  5 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.148.227.157  user=root
May  5 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7197]: pam_unix(cron:session): session closed for user samftp
May  5 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for root from 46.148.227.157 port 33764 ssh2
May  5 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Received disconnect from 46.148.227.157 port 33764:11: Bye Bye [preauth]
May  5 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Disconnected from 46.148.227.157 port 33764 [preauth]
May  5 23:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Invalid user himanshu from 212.233.136.201
May  5 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: input_userauth_request: invalid user himanshu [preauth]
May  5 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  5 23:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Failed password for invalid user himanshu from 212.233.136.201 port 36098 ssh2
May  5 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Received disconnect from 212.233.136.201 port 36098:11: Bye Bye [preauth]
May  5 23:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7588]: Disconnected from 212.233.136.201 port 36098 [preauth]
May  5 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session closed for user root
May  5 23:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7701]: pam_unix(cron:session): session closed for user p13x
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7776]: Successful su for rubyman by root
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7776]: + ??? root:rubyman
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336822 of user rubyman.
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7776]: pam_unix(su:session): session closed for user rubyman
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336822.
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Invalid user vpn from 85.208.253.142
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: input_userauth_request: invalid user vpn [preauth]
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142
May  5 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4642]: pam_unix(cron:session): session closed for user root
May  5 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Failed password for invalid user vpn from 85.208.253.142 port 35790 ssh2
May  5 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Received disconnect from 85.208.253.142 port 35790:11: Bye Bye [preauth]
May  5 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Disconnected from 85.208.253.142 port 35790 [preauth]
May  5 23:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7702]: pam_unix(cron:session): session closed for user samftp
May  5 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6671]: pam_unix(cron:session): session closed for user root
May  5 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Invalid user ftptest from 193.70.84.184
May  5 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: input_userauth_request: invalid user ftptest [preauth]
May  5 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  5 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Failed password for invalid user ftptest from 193.70.84.184 port 49034 ssh2
May  5 23:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8054]: Connection closed by 193.70.84.184 port 49034 [preauth]
May  5 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Invalid user ceshi1 from 49.162.227.188
May  5 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: input_userauth_request: invalid user ceshi1 [preauth]
May  5 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Failed password for invalid user ceshi1 from 49.162.227.188 port 54403 ssh2
May  5 23:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Received disconnect from 49.162.227.188 port 54403:11: Bye Bye [preauth]
May  5 23:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8101]: Disconnected from 49.162.227.188 port 54403 [preauth]
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8128]: pam_unix(cron:session): session closed for user p13x
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: Successful su for rubyman by root
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: + ??? root:rubyman
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336827 of user rubyman.
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session closed for user rubyman
May  5 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336827.
May  5 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5267]: pam_unix(cron:session): session closed for user root
May  5 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8129]: pam_unix(cron:session): session closed for user samftp
May  5 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7199]: pam_unix(cron:session): session closed for user root
May  5 23:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 23:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Failed password for root from 27.111.32.174 port 52284 ssh2
May  5 23:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Received disconnect from 27.111.32.174 port 52284:11: Bye Bye [preauth]
May  5 23:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8495]: Disconnected from 27.111.32.174 port 52284 [preauth]
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session closed for user root
May  5 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8564]: pam_unix(cron:session): session closed for user p13x
May  5 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8639]: Successful su for rubyman by root
May  5 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8639]: + ??? root:rubyman
May  5 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336834 of user rubyman.
May  5 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8639]: pam_unix(su:session): session closed for user rubyman
May  5 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336834.
May  5 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5734]: pam_unix(cron:session): session closed for user root
May  5 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8567]: pam_unix(cron:session): session closed for user root
May  5 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8566]: pam_unix(cron:session): session closed for user samftp
May  5 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  5 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: Failed password for root from 103.226.139.67 port 41952 ssh2
May  5 23:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: Received disconnect from 103.226.139.67 port 41952:11: Bye Bye [preauth]
May  5 23:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8864]: Disconnected from 103.226.139.67 port 41952 [preauth]
May  5 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7704]: pam_unix(cron:session): session closed for user root
May  5 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Invalid user khaled from 187.170.74.95
May  5 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: input_userauth_request: invalid user khaled [preauth]
May  5 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  5 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Failed password for invalid user khaled from 187.170.74.95 port 43378 ssh2
May  5 23:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Received disconnect from 187.170.74.95 port 43378:11: Bye Bye [preauth]
May  5 23:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8991]: Disconnected from 187.170.74.95 port 43378 [preauth]
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session closed for user p13x
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9089]: Successful su for rubyman by root
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9089]: + ??? root:rubyman
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336837 of user rubyman.
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9089]: pam_unix(su:session): session closed for user rubyman
May  5 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336837.
May  5 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session closed for user root
May  5 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session closed for user samftp
May  5 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8135]: pam_unix(cron:session): session closed for user root
May  5 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Invalid user dell from 49.162.227.188
May  5 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: input_userauth_request: invalid user dell [preauth]
May  5 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Failed password for invalid user dell from 49.162.227.188 port 57330 ssh2
May  5 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Received disconnect from 49.162.227.188 port 57330:11: Bye Bye [preauth]
May  5 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9469]: Disconnected from 49.162.227.188 port 57330 [preauth]
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9547]: pam_unix(cron:session): session closed for user p13x
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9605]: Successful su for rubyman by root
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9605]: + ??? root:rubyman
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336840 of user rubyman.
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9605]: pam_unix(su:session): session closed for user rubyman
May  5 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336840.
May  5 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6670]: pam_unix(cron:session): session closed for user root
May  5 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9548]: pam_unix(cron:session): session closed for user samftp
May  5 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  5 23:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Failed password for root from 212.233.136.201 port 50716 ssh2
May  5 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Received disconnect from 212.233.136.201 port 50716:11: Bye Bye [preauth]
May  5 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Disconnected from 212.233.136.201 port 50716 [preauth]
May  5 23:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Invalid user admin from 80.94.95.112
May  5 23:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: input_userauth_request: invalid user admin [preauth]
May  5 23:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 23:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user admin from 80.94.95.112 port 6413 ssh2
May  5 23:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user admin from 80.94.95.112 port 6413 ssh2
May  5 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user admin from 80.94.95.112 port 6413 ssh2
May  5 23:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user admin from 80.94.95.112 port 6413 ssh2
May  5 23:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user admin from 80.94.95.112 port 6413 ssh2
May  5 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Received disconnect from 80.94.95.112 port 6413:11: Bye [preauth]
May  5 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Disconnected from 80.94.95.112 port 6413 [preauth]
May  5 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  5 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Failed password for root from 218.92.0.179 port 61028 ssh2
May  5 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61028 ssh2]
May  5 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session closed for user root
May  5 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Received disconnect from 218.92.0.179 port 61028:11:  [preauth]
May  5 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: Disconnected from 218.92.0.179 port 61028 [preauth]
May  5 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9862]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Invalid user guillermo from 50.235.31.47
May  5 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: input_userauth_request: invalid user guillermo [preauth]
May  5 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  5 23:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Failed password for invalid user guillermo from 50.235.31.47 port 47678 ssh2
May  5 23:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9903]: Connection closed by 50.235.31.47 port 47678 [preauth]
May  5 23:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 23:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Failed password for root from 85.208.253.142 port 41740 ssh2
May  5 23:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Received disconnect from 85.208.253.142 port 41740:11: Bye Bye [preauth]
May  5 23:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Disconnected from 85.208.253.142 port 41740 [preauth]
May  5 23:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.175.165.229  user=root
May  5 23:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: Failed password for root from 98.175.165.229 port 56506 ssh2
May  5 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session closed for user p13x
May  5 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: Failed password for root from 98.175.165.229 port 56506 ssh2
May  5 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10023]: Successful su for rubyman by root
May  5 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10023]: + ??? root:rubyman
May  5 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336844 of user rubyman.
May  5 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10023]: pam_unix(su:session): session closed for user rubyman
May  5 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336844.
May  5 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7198]: pam_unix(cron:session): session closed for user root
May  5 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session closed for user samftp
May  5 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: Failed password for root from 98.175.165.229 port 56506 ssh2
May  5 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: Received disconnect from 98.175.165.229 port 56506:11: disconnected by user [preauth]
May  5 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: Disconnected from 98.175.165.229 port 56506 [preauth]
May  5 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9954]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.175.165.229  user=root
May  5 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session closed for user root
May  5 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10464]: pam_unix(cron:session): session closed for user p13x
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10597]: Successful su for rubyman by root
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10597]: + ??? root:rubyman
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336848 of user rubyman.
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10597]: pam_unix(su:session): session closed for user rubyman
May  5 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336848.
May  5 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10462]: pam_unix(cron:session): session closed for user root
May  5 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7703]: pam_unix(cron:session): session closed for user root
May  5 23:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10465]: pam_unix(cron:session): session closed for user samftp
May  5 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session closed for user root
May  5 23:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  5 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Failed password for root from 187.170.74.95 port 57559 ssh2
May  5 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Received disconnect from 187.170.74.95 port 57559:11: Bye Bye [preauth]
May  5 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Disconnected from 187.170.74.95 port 57559 [preauth]
May  5 23:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11021]: pam_unix(cron:session): session closed for user root
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11016]: pam_unix(cron:session): session closed for user p13x
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11087]: Successful su for rubyman by root
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11087]: + ??? root:rubyman
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336854 of user rubyman.
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11087]: pam_unix(su:session): session closed for user rubyman
May  5 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336854.
May  5 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Failed password for root from 27.111.32.174 port 50700 ssh2
May  5 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Received disconnect from 27.111.32.174 port 50700:11: Bye Bye [preauth]
May  5 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11012]: Disconnected from 27.111.32.174 port 50700 [preauth]
May  5 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8133]: pam_unix(cron:session): session closed for user root
May  5 23:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11018]: pam_unix(cron:session): session closed for user root
May  5 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11017]: pam_unix(cron:session): session closed for user samftp
May  5 23:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Invalid user jenkins from 49.162.227.188
May  5 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: input_userauth_request: invalid user jenkins [preauth]
May  5 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Failed password for invalid user jenkins from 49.162.227.188 port 54751 ssh2
May  5 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Received disconnect from 49.162.227.188 port 54751:11: Bye Bye [preauth]
May  5 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Disconnected from 49.162.227.188 port 54751 [preauth]
May  5 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9961]: pam_unix(cron:session): session closed for user root
May  5 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11438]: pam_unix(cron:session): session closed for user p13x
May  5 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: Successful su for rubyman by root
May  5 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: + ??? root:rubyman
May  5 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336859 of user rubyman.
May  5 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11514]: pam_unix(su:session): session closed for user rubyman
May  5 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336859.
May  5 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8568]: pam_unix(cron:session): session closed for user root
May  5 23:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11439]: pam_unix(cron:session): session closed for user samftp
May  5 23:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10467]: pam_unix(cron:session): session closed for user root
May  5 23:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  5 23:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Failed password for root from 103.226.139.67 port 58642 ssh2
May  5 23:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Received disconnect from 103.226.139.67 port 58642:11: Bye Bye [preauth]
May  5 23:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Disconnected from 103.226.139.67 port 58642 [preauth]
May  5 23:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  5 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Failed password for root from 212.233.136.201 port 38264 ssh2
May  5 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Received disconnect from 212.233.136.201 port 38264:11: Bye Bye [preauth]
May  5 23:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Disconnected from 212.233.136.201 port 38264 [preauth]
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user p13x
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: Successful su for rubyman by root
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: + ??? root:rubyman
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336864 of user rubyman.
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11909]: pam_unix(su:session): session closed for user rubyman
May  5 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336864.
May  5 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9022]: pam_unix(cron:session): session closed for user root
May  5 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user samftp
May  5 23:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188  user=root
May  5 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Failed password for root from 49.162.227.188 port 55355 ssh2
May  5 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Received disconnect from 49.162.227.188 port 55355:11: Bye Bye [preauth]
May  5 23:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12144]: Disconnected from 49.162.227.188 port 55355 [preauth]
May  5 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11020]: pam_unix(cron:session): session closed for user root
May  5 23:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.142  user=root
May  5 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for root from 85.208.253.142 port 34450 ssh2
May  5 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Received disconnect from 85.208.253.142 port 34450:11: Bye Bye [preauth]
May  5 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Disconnected from 85.208.253.142 port 34450 [preauth]
May  5 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12243]: pam_unix(cron:session): session closed for user p13x
May  5 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12314]: Successful su for rubyman by root
May  5 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12314]: + ??? root:rubyman
May  5 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336869 of user rubyman.
May  5 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12314]: pam_unix(su:session): session closed for user rubyman
May  5 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336869.
May  5 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session closed for user root
May  5 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12244]: pam_unix(cron:session): session closed for user samftp
May  5 23:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Invalid user user from 80.94.95.125
May  5 23:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: input_userauth_request: invalid user user [preauth]
May  5 23:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user user from 80.94.95.125 port 18958 ssh2
May  5 23:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user user from 80.94.95.125 port 18958 ssh2
May  5 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user user from 80.94.95.125 port 18958 ssh2
May  5 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user user from 80.94.95.125 port 18958 ssh2
May  5 23:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Failed password for invalid user user from 80.94.95.125 port 18958 ssh2
May  5 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Received disconnect from 80.94.95.125 port 18958:11: Bye [preauth]
May  5 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: Disconnected from 80.94.95.125 port 18958 [preauth]
May  5 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  5 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12526]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session closed for user root
May  5 23:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: Failed password for root from 59.31.133.238 port 60940 ssh2
May  5 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: message repeated 5 times: [ Failed password for root from 59.31.133.238 port 60940 ssh2]
May  5 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: error: maximum authentication attempts exceeded for root from 59.31.133.238 port 60940 ssh2 [preauth]
May  5 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: Disconnecting: Too many authentication failures [preauth]
May  5 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12573]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 59.31.133.238 port 34690 ssh2
May  5 23:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: message repeated 2 times: [ Failed password for root from 59.31.133.238 port 34690 ssh2]
May  5 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Invalid user dev from 187.170.74.95
May  5 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: input_userauth_request: invalid user dev [preauth]
May  5 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  5 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 59.31.133.238 port 34690 ssh2
May  5 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Failed password for invalid user dev from 187.170.74.95 port 44979 ssh2
May  5 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Received disconnect from 187.170.74.95 port 44979:11: Bye Bye [preauth]
May  5 23:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12635]: Disconnected from 187.170.74.95 port 44979 [preauth]
May  5 23:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 59.31.133.238 port 34690 ssh2
May  5 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12646]: pam_unix(cron:session): session closed for user p13x
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: Successful su for rubyman by root
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: + ??? root:rubyman
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336872 of user rubyman.
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12705]: pam_unix(su:session): session closed for user rubyman
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336872.
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 59.31.133.238 port 34690 ssh2
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: maximum authentication attempts exceeded for root from 59.31.133.238 port 34690 ssh2 [preauth]
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Disconnecting: Too many authentication failures [preauth]
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session closed for user root
May  5 23:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Failed password for root from 59.31.133.238 port 36560 ssh2
May  5 23:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12647]: pam_unix(cron:session): session closed for user samftp
May  5 23:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Failed password for root from 59.31.133.238 port 36560 ssh2
May  5 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: message repeated 4 times: [ Failed password for root from 59.31.133.238 port 36560 ssh2]
May  5 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: error: maximum authentication attempts exceeded for root from 59.31.133.238 port 36560 ssh2 [preauth]
May  5 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Disconnecting: Too many authentication failures [preauth]
May  5 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238  user=root
May  5 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Failed password for root from 59.31.133.238 port 38650 ssh2
May  5 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Received disconnect from 59.31.133.238 port 38650:11: disconnected by user [preauth]
May  5 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Disconnected from 59.31.133.238 port 38650 [preauth]
May  5 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Invalid user admin from 59.31.133.238
May  5 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: input_userauth_request: invalid user admin [preauth]
May  5 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: Invalid user public from 49.162.227.188
May  5 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: input_userauth_request: invalid user public [preauth]
May  5 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user admin from 59.31.133.238 port 39206 ssh2
May  5 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: Failed password for invalid user public from 49.162.227.188 port 58827 ssh2
May  5 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: Received disconnect from 49.162.227.188 port 58827:11: Bye Bye [preauth]
May  5 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12930]: Disconnected from 49.162.227.188 port 58827 [preauth]
May  5 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user admin from 59.31.133.238 port 39206 ssh2
May  5 23:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user admin from 59.31.133.238 port 39206 ssh2
May  5 23:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user admin from 59.31.133.238 port 39206 ssh2
May  5 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session closed for user root
May  5 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user admin from 59.31.133.238 port 39206 ssh2
May  5 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Failed password for invalid user admin from 59.31.133.238 port 39206 ssh2
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: error: maximum authentication attempts exceeded for invalid user admin from 59.31.133.238 port 39206 ssh2 [preauth]
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: Disconnecting: Too many authentication failures [preauth]
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12928]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Invalid user admin from 59.31.133.238
May  5 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: input_userauth_request: invalid user admin [preauth]
May  5 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user admin from 59.31.133.238 port 41202 ssh2
May  5 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Connection closed by 46.244.96.25 port 39738 [preauth]
May  5 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user admin from 59.31.133.238 port 41202 ssh2
May  5 23:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user admin from 59.31.133.238 port 41202 ssh2
May  5 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  5 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: Connection closed by 46.244.96.25 port 39742 [preauth]
May  5 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user admin from 59.31.133.238 port 41202 ssh2
May  5 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Failed password for root from 46.244.96.25 port 52744 ssh2
May  5 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13020]: Connection closed by 46.244.96.25 port 52744 [preauth]
May  5 23:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user admin from 59.31.133.238 port 41202 ssh2
May  5 23:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Failed password for invalid user admin from 59.31.133.238 port 41202 ssh2
May  5 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: error: maximum authentication attempts exceeded for invalid user admin from 59.31.133.238 port 41202 ssh2 [preauth]
May  5 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: Disconnecting: Too many authentication failures [preauth]
May  5 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12982]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Invalid user admin from 59.31.133.238
May  5 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: input_userauth_request: invalid user admin [preauth]
May  5 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Failed password for invalid user admin from 59.31.133.238 port 43378 ssh2
May  5 23:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Failed password for invalid user admin from 59.31.133.238 port 43378 ssh2
May  5 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Failed password for invalid user admin from 59.31.133.238 port 43378 ssh2
May  5 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13062]: pam_unix(cron:session): session closed for user root
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13055]: pam_unix(cron:session): session closed for user p13x
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Failed password for invalid user admin from 59.31.133.238 port 43378 ssh2
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Received disconnect from 59.31.133.238 port 43378:11: disconnected by user [preauth]
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: Disconnected from 59.31.133.238 port 43378 [preauth]
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13030]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13126]: Successful su for rubyman by root
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13126]: + ??? root:rubyman
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336878 of user rubyman.
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13126]: pam_unix(su:session): session closed for user rubyman
May  5 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336878.
May  5 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Invalid user oracle from 59.31.133.238
May  5 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: input_userauth_request: invalid user oracle [preauth]
May  5 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13058]: pam_unix(cron:session): session closed for user root
May  5 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10466]: pam_unix(cron:session): session closed for user root
May  5 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for invalid user oracle from 59.31.133.238 port 44796 ssh2
May  5 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13056]: pam_unix(cron:session): session closed for user samftp
May  5 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for invalid user oracle from 59.31.133.238 port 44796 ssh2
May  5 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for invalid user oracle from 59.31.133.238 port 44796 ssh2
May  5 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for invalid user oracle from 59.31.133.238 port 44796 ssh2
May  5 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for invalid user oracle from 59.31.133.238 port 44796 ssh2
May  5 23:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Failed password for invalid user oracle from 59.31.133.238 port 44796 ssh2
May  5 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: error: maximum authentication attempts exceeded for invalid user oracle from 59.31.133.238 port 44796 ssh2 [preauth]
May  5 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: Disconnecting: Too many authentication failures [preauth]
May  5 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13123]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Invalid user oracle from 59.31.133.238
May  5 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: input_userauth_request: invalid user oracle [preauth]
May  5 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.111.32.174  user=root
May  5 23:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user oracle from 59.31.133.238 port 46746 ssh2
May  5 23:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Failed password for root from 27.111.32.174 port 58456 ssh2
May  5 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Received disconnect from 27.111.32.174 port 58456:11: Bye Bye [preauth]
May  5 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13369]: Disconnected from 27.111.32.174 port 58456 [preauth]
May  5 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user oracle from 59.31.133.238 port 46746 ssh2
May  5 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user oracle from 59.31.133.238 port 46746 ssh2
May  5 23:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user oracle from 59.31.133.238 port 46746 ssh2
May  5 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user oracle from 59.31.133.238 port 46746 ssh2
May  5 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Failed password for invalid user oracle from 59.31.133.238 port 46746 ssh2
May  5 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: error: maximum authentication attempts exceeded for invalid user oracle from 59.31.133.238 port 46746 ssh2 [preauth]
May  5 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: Disconnecting: Too many authentication failures [preauth]
May  5 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12246]: pam_unix(cron:session): session closed for user root
May  5 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: Invalid user oracle from 59.31.133.238
May  5 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: input_userauth_request: invalid user oracle [preauth]
May  5 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: Failed password for invalid user oracle from 59.31.133.238 port 48748 ssh2
May  5 23:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: Failed password for invalid user oracle from 59.31.133.238 port 48748 ssh2
May  5 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: Received disconnect from 59.31.133.238 port 48748:11: disconnected by user [preauth]
May  5 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: Disconnected from 59.31.133.238 port 48748 [preauth]
May  5 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13410]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Invalid user usuario from 59.31.133.238
May  5 23:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: input_userauth_request: invalid user usuario [preauth]
May  5 23:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for invalid user usuario from 59.31.133.238 port 49628 ssh2
May  5 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for invalid user usuario from 59.31.133.238 port 49628 ssh2
May  5 23:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for invalid user usuario from 59.31.133.238 port 49628 ssh2
May  5 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for invalid user usuario from 59.31.133.238 port 49628 ssh2
May  5 23:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for invalid user usuario from 59.31.133.238 port 49628 ssh2
May  5 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Failed password for invalid user usuario from 59.31.133.238 port 49628 ssh2
May  5 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: error: maximum authentication attempts exceeded for invalid user usuario from 59.31.133.238 port 49628 ssh2 [preauth]
May  5 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: Disconnecting: Too many authentication failures [preauth]
May  5 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13441]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Invalid user usuario from 59.31.133.238
May  5 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: input_userauth_request: invalid user usuario [preauth]
May  5 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user usuario from 59.31.133.238 port 51910 ssh2
May  5 23:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session closed for user p13x
May  5 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13663]: Successful su for rubyman by root
May  5 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13663]: + ??? root:rubyman
May  5 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336881 of user rubyman.
May  5 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13663]: pam_unix(su:session): session closed for user rubyman
May  5 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336881.
May  5 23:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user usuario from 59.31.133.238 port 51910 ssh2
May  5 23:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user usuario from 59.31.133.238 port 51910 ssh2
May  5 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11019]: pam_unix(cron:session): session closed for user root
May  5 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user samftp
May  5 23:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user usuario from 59.31.133.238 port 51910 ssh2
May  5 23:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user usuario from 59.31.133.238 port 51910 ssh2
May  5 23:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user usuario from 59.31.133.238 port 51910 ssh2
May  5 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: error: maximum authentication attempts exceeded for invalid user usuario from 59.31.133.238 port 51910 ssh2 [preauth]
May  5 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Disconnecting: Too many authentication failures [preauth]
May  5 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Invalid user usuario from 59.31.133.238
May  5 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: input_userauth_request: invalid user usuario [preauth]
May  5 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Failed password for invalid user usuario from 59.31.133.238 port 54044 ssh2
May  5 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Failed password for invalid user usuario from 59.31.133.238 port 54044 ssh2
May  5 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Received disconnect from 59.31.133.238 port 54044:11: disconnected by user [preauth]
May  5 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: Disconnected from 59.31.133.238 port 54044 [preauth]
May  5 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13861]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Invalid user test from 59.31.133.238
May  5 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: input_userauth_request: invalid user test [preauth]
May  5 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user test from 59.31.133.238 port 54890 ssh2
May  5 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user test from 59.31.133.238 port 54890 ssh2
May  5 23:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Invalid user wunian from 49.162.227.188
May  5 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: input_userauth_request: invalid user wunian [preauth]
May  5 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user test from 59.31.133.238 port 54890 ssh2
May  5 23:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Failed password for invalid user wunian from 49.162.227.188 port 62469 ssh2
May  5 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Received disconnect from 49.162.227.188 port 62469:11: Bye Bye [preauth]
May  5 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13905]: Disconnected from 49.162.227.188 port 62469 [preauth]
May  5 23:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user test from 59.31.133.238 port 54890 ssh2
May  5 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user test from 59.31.133.238 port 54890 ssh2
May  5 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user test from 59.31.133.238 port 54890 ssh2
May  5 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: maximum authentication attempts exceeded for invalid user test from 59.31.133.238 port 54890 ssh2 [preauth]
May  5 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Disconnecting: Too many authentication failures [preauth]
May  5 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12649]: pam_unix(cron:session): session closed for user root
May  5 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  5 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Invalid user test from 59.31.133.238
May  5 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: input_userauth_request: invalid user test [preauth]
May  5 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Failed password for root from 212.233.136.201 port 53690 ssh2
May  5 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Received disconnect from 212.233.136.201 port 53690:11: Bye Bye [preauth]
May  5 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13933]: Disconnected from 212.233.136.201 port 53690 [preauth]
May  5 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user test from 59.31.133.238 port 56880 ssh2
May  5 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user test from 59.31.133.238 port 56880 ssh2
May  5 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user test from 59.31.133.238 port 56880 ssh2
May  5 23:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user test from 59.31.133.238 port 56880 ssh2
May  5 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Invalid user ubnt from 80.94.95.241
May  5 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: input_userauth_request: invalid user ubnt [preauth]
May  5 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user test from 59.31.133.238 port 56880 ssh2
May  5 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for invalid user ubnt from 80.94.95.241 port 5835 ssh2
May  5 23:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for invalid user test from 59.31.133.238 port 56880 ssh2
May  5 23:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: error: maximum authentication attempts exceeded for invalid user test from 59.31.133.238 port 56880 ssh2 [preauth]
May  5 23:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Disconnecting: Too many authentication failures [preauth]
May  5 23:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for invalid user ubnt from 80.94.95.241 port 5835 ssh2
May  5 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Invalid user test from 59.31.133.238
May  5 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: input_userauth_request: invalid user test [preauth]
May  5 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for invalid user ubnt from 80.94.95.241 port 5835 ssh2
May  5 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Failed password for invalid user test from 59.31.133.238 port 58844 ssh2
May  5 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for invalid user ubnt from 80.94.95.241 port 5835 ssh2
May  5 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Failed password for invalid user test from 59.31.133.238 port 58844 ssh2
May  5 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Received disconnect from 59.31.133.238 port 58844:11: disconnected by user [preauth]
May  5 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: Disconnected from 59.31.133.238 port 58844 [preauth]
May  5 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13995]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Failed password for invalid user ubnt from 80.94.95.241 port 5835 ssh2
May  5 23:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Received disconnect from 80.94.95.241 port 5835:11: Bye [preauth]
May  5 23:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: Disconnected from 80.94.95.241 port 5835 [preauth]
May  5 23:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  5 23:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13977]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Invalid user user from 59.31.133.238
May  5 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: input_userauth_request: invalid user user [preauth]
May  5 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for invalid user user from 59.31.133.238 port 59732 ssh2
May  5 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14029]: pam_unix(cron:session): session closed for user p13x
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14091]: Successful su for rubyman by root
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14091]: + ??? root:rubyman
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336885 of user rubyman.
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14091]: pam_unix(su:session): session closed for user rubyman
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336885.
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for invalid user user from 59.31.133.238 port 59732 ssh2
May  5 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for invalid user user from 59.31.133.238 port 59732 ssh2
May  5 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11440]: pam_unix(cron:session): session closed for user root
May  5 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for invalid user user from 59.31.133.238 port 59732 ssh2
May  5 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session closed for user samftp
May  5 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for invalid user user from 59.31.133.238 port 59732 ssh2
May  5 23:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Failed password for invalid user user from 59.31.133.238 port 59732 ssh2
May  5 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: error: maximum authentication attempts exceeded for invalid user user from 59.31.133.238 port 59732 ssh2 [preauth]
May  5 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: Disconnecting: Too many authentication failures [preauth]
May  5 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14009]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Invalid user user from 59.31.133.238
May  5 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: input_userauth_request: invalid user user [preauth]
May  5 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 59.31.133.238 port 33768 ssh2
May  5 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 59.31.133.238 port 33768 ssh2
May  5 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 59.31.133.238 port 33768 ssh2
May  5 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 59.31.133.238 port 33768 ssh2
May  5 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 59.31.133.238 port 33768 ssh2
May  5 23:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Failed password for invalid user user from 59.31.133.238 port 33768 ssh2
May  5 23:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: maximum authentication attempts exceeded for invalid user user from 59.31.133.238 port 33768 ssh2 [preauth]
May  5 23:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: Disconnecting: Too many authentication failures [preauth]
May  5 23:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Invalid user user from 59.31.133.238
May  5 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: input_userauth_request: invalid user user [preauth]
May  5 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user user from 59.31.133.238 port 35750 ssh2
May  5 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user user from 59.31.133.238 port 35750 ssh2
May  5 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user user from 59.31.133.238 port 35750 ssh2
May  5 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13061]: pam_unix(cron:session): session closed for user root
May  5 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user user from 59.31.133.238 port 35750 ssh2
May  5 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Received disconnect from 59.31.133.238 port 35750:11: disconnected by user [preauth]
May  5 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Disconnected from 59.31.133.238 port 35750 [preauth]
May  5 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 23:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Invalid user ftpuser from 59.31.133.238
May  5 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: input_userauth_request: invalid user ftpuser [preauth]
May  5 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ftpuser from 59.31.133.238 port 37020 ssh2
May  5 23:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ftpuser from 59.31.133.238 port 37020 ssh2
May  5 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ftpuser from 59.31.133.238 port 37020 ssh2
May  5 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ftpuser from 59.31.133.238 port 37020 ssh2
May  5 23:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ftpuser from 59.31.133.238 port 37020 ssh2
May  5 23:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ftpuser from 59.31.133.238 port 37020 ssh2
May  5 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: maximum authentication attempts exceeded for invalid user ftpuser from 59.31.133.238 port 37020 ssh2 [preauth]
May  5 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Disconnecting: Too many authentication failures [preauth]
May  5 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Invalid user ftpuser from 59.31.133.238
May  5 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: input_userauth_request: invalid user ftpuser [preauth]
May  5 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user ftpuser from 59.31.133.238 port 38894 ssh2
May  5 23:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user ftpuser from 59.31.133.238 port 38894 ssh2
May  5 23:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user ftpuser from 59.31.133.238 port 38894 ssh2
May  5 23:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user ftpuser from 59.31.133.238 port 38894 ssh2
May  5 23:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14430]: pam_unix(cron:session): session closed for user p13x
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: Successful su for rubyman by root
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: + ??? root:rubyman
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336890 of user rubyman.
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14491]: pam_unix(su:session): session closed for user rubyman
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336890.
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user ftpuser from 59.31.133.238 port 38894 ssh2
May  5 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user root
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Failed password for invalid user ftpuser from 59.31.133.238 port 38894 ssh2
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: error: maximum authentication attempts exceeded for invalid user ftpuser from 59.31.133.238 port 38894 ssh2 [preauth]
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: Disconnecting: Too many authentication failures [preauth]
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14409]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Invalid user ftpuser from 59.31.133.238
May  5 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: input_userauth_request: invalid user ftpuser [preauth]
May  5 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14431]: pam_unix(cron:session): session closed for user samftp
May  5 23:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for invalid user ftpuser from 59.31.133.238 port 40834 ssh2
May  5 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for invalid user ftpuser from 59.31.133.238 port 40834 ssh2
May  5 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  5 23:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for invalid user ftpuser from 59.31.133.238 port 40834 ssh2
May  5 23:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Failed password for root from 187.170.74.95 port 53451 ssh2
May  5 23:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for invalid user ftpuser from 59.31.133.238 port 40834 ssh2
May  5 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Received disconnect from 59.31.133.238 port 40834:11: disconnected by user [preauth]
May  5 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Disconnected from 59.31.133.238 port 40834 [preauth]
May  5 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Invalid user test1 from 59.31.133.238
May  5 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: input_userauth_request: invalid user test1 [preauth]
May  5 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Received disconnect from 187.170.74.95 port 53451:11: Bye Bye [preauth]
May  5 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14690]: Disconnected from 187.170.74.95 port 53451 [preauth]
May  5 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for invalid user test1 from 59.31.133.238 port 42078 ssh2
May  5 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for invalid user test1 from 59.31.133.238 port 42078 ssh2
May  5 23:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for invalid user test1 from 59.31.133.238 port 42078 ssh2
May  5 23:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: Invalid user pc from 103.226.139.67
May  5 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: input_userauth_request: invalid user pc [preauth]
May  5 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  5 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for invalid user test1 from 59.31.133.238 port 42078 ssh2
May  5 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: Failed password for invalid user pc from 103.226.139.67 port 37504 ssh2
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: Received disconnect from 103.226.139.67 port 37504:11: Bye Bye [preauth]
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14731]: Disconnected from 103.226.139.67 port 37504 [preauth]
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Invalid user yuan from 49.162.227.188
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: input_userauth_request: invalid user yuan [preauth]
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for invalid user test1 from 59.31.133.238 port 42078 ssh2
May  5 23:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Failed password for invalid user yuan from 49.162.227.188 port 58332 ssh2
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Received disconnect from 49.162.227.188 port 58332:11: Bye Bye [preauth]
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Disconnected from 49.162.227.188 port 58332 [preauth]
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Failed password for invalid user test1 from 59.31.133.238 port 42078 ssh2
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: error: maximum authentication attempts exceeded for invalid user test1 from 59.31.133.238 port 42078 ssh2 [preauth]
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: Disconnecting: Too many authentication failures [preauth]
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14712]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Invalid user test1 from 59.31.133.238
May  5 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: input_userauth_request: invalid user test1 [preauth]
May  5 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for invalid user test1 from 59.31.133.238 port 43890 ssh2
May  5 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for invalid user test1 from 59.31.133.238 port 43890 ssh2
May  5 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user root
May  5 23:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for invalid user test1 from 59.31.133.238 port 43890 ssh2
May  5 23:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for invalid user test1 from 59.31.133.238 port 43890 ssh2
May  5 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for invalid user test1 from 59.31.133.238 port 43890 ssh2
May  5 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Failed password for invalid user test1 from 59.31.133.238 port 43890 ssh2
May  5 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: error: maximum authentication attempts exceeded for invalid user test1 from 59.31.133.238 port 43890 ssh2 [preauth]
May  5 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: Disconnecting: Too many authentication failures [preauth]
May  5 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14758]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Invalid user test1 from 59.31.133.238
May  5 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: input_userauth_request: invalid user test1 [preauth]
May  5 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for invalid user test1 from 59.31.133.238 port 45708 ssh2
May  5 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Failed password for invalid user test1 from 59.31.133.238 port 45708 ssh2
May  5 23:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Received disconnect from 59.31.133.238 port 45708:11: disconnected by user [preauth]
May  5 23:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: Disconnected from 59.31.133.238 port 45708 [preauth]
May  5 23:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14796]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Invalid user test2 from 59.31.133.238
May  5 23:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: input_userauth_request: invalid user test2 [preauth]
May  5 23:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for invalid user test2 from 59.31.133.238 port 46556 ssh2
May  5 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for invalid user test2 from 59.31.133.238 port 46556 ssh2
May  5 23:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for invalid user test2 from 59.31.133.238 port 46556 ssh2
May  5 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for invalid user test2 from 59.31.133.238 port 46556 ssh2
May  5 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for invalid user test2 from 59.31.133.238 port 46556 ssh2
May  5 23:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for invalid user test2 from 59.31.133.238 port 46556 ssh2
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: error: maximum authentication attempts exceeded for invalid user test2 from 59.31.133.238 port 46556 ssh2 [preauth]
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Disconnecting: Too many authentication failures [preauth]
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14848]: pam_unix(cron:session): session closed for user p13x
May  5 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14922]: Successful su for rubyman by root
May  5 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14922]: + ??? root:rubyman
May  5 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336893 of user rubyman.
May  5 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14922]: pam_unix(su:session): session closed for user rubyman
May  5 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336893.
May  5 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Invalid user test2 from 59.31.133.238
May  5 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: input_userauth_request: invalid user test2 [preauth]
May  5 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12245]: pam_unix(cron:session): session closed for user root
May  5 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user test2 from 59.31.133.238 port 48426 ssh2
May  5 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session closed for user samftp
May  5 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user test2 from 59.31.133.238 port 48426 ssh2
May  5 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user test2 from 59.31.133.238 port 48426 ssh2
May  5 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user test2 from 59.31.133.238 port 48426 ssh2
May  5 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user test2 from 59.31.133.238 port 48426 ssh2
May  5 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for invalid user test2 from 59.31.133.238 port 48426 ssh2
May  5 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: maximum authentication attempts exceeded for invalid user test2 from 59.31.133.238 port 48426 ssh2 [preauth]
May  5 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Disconnecting: Too many authentication failures [preauth]
May  5 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Invalid user test2 from 59.31.133.238
May  5 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: input_userauth_request: invalid user test2 [preauth]
May  5 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Failed password for invalid user test2 from 59.31.133.238 port 50484 ssh2
May  5 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Failed password for invalid user test2 from 59.31.133.238 port 50484 ssh2
May  5 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Received disconnect from 59.31.133.238 port 50484:11: disconnected by user [preauth]
May  5 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Disconnected from 59.31.133.238 port 50484 [preauth]
May  5 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Invalid user ubuntu from 59.31.133.238
May  5 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: input_userauth_request: invalid user ubuntu [preauth]
May  5 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for invalid user ubuntu from 59.31.133.238 port 51312 ssh2
May  5 23:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for invalid user ubuntu from 59.31.133.238 port 51312 ssh2
May  5 23:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for invalid user ubuntu from 59.31.133.238 port 51312 ssh2
May  5 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session closed for user root
May  5 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for invalid user ubuntu from 59.31.133.238 port 51312 ssh2
May  5 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for invalid user ubuntu from 59.31.133.238 port 51312 ssh2
May  5 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for invalid user ubuntu from 59.31.133.238 port 51312 ssh2
May  5 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: error: maximum authentication attempts exceeded for invalid user ubuntu from 59.31.133.238 port 51312 ssh2 [preauth]
May  5 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Disconnecting: Too many authentication failures [preauth]
May  5 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Invalid user ubuntu from 59.31.133.238
May  5 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: input_userauth_request: invalid user ubuntu [preauth]
May  5 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for invalid user ubuntu from 59.31.133.238 port 53468 ssh2
May  5 23:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for invalid user ubuntu from 59.31.133.238 port 53468 ssh2
May  5 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for invalid user ubuntu from 59.31.133.238 port 53468 ssh2
May  5 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for invalid user ubuntu from 59.31.133.238 port 53468 ssh2
May  5 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for invalid user ubuntu from 59.31.133.238 port 53468 ssh2
May  5 23:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for invalid user ubuntu from 59.31.133.238 port 53468 ssh2
May  5 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: error: maximum authentication attempts exceeded for invalid user ubuntu from 59.31.133.238 port 53468 ssh2 [preauth]
May  5 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Disconnecting: Too many authentication failures [preauth]
May  5 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: PAM service(sshd) ignoring max retries; 6 > 3
May  5 23:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Invalid user ubuntu from 59.31.133.238
May  5 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: input_userauth_request: invalid user ubuntu [preauth]
May  5 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Failed password for invalid user ubuntu from 59.31.133.238 port 55344 ssh2
May  5 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Failed password for invalid user ubuntu from 59.31.133.238 port 55344 ssh2
May  5 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Failed password for invalid user ubuntu from 59.31.133.238 port 55344 ssh2
May  5 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session closed for user root
May  5 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15254]: pam_unix(cron:session): session closed for user p13x
May  5 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15327]: Successful su for rubyman by root
May  5 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15327]: + ??? root:rubyman
May  5 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336899 of user rubyman.
May  5 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15327]: pam_unix(su:session): session closed for user rubyman
May  5 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336899.
May  5 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Failed password for invalid user ubuntu from 59.31.133.238 port 55344 ssh2
May  5 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Received disconnect from 59.31.133.238 port 55344:11: disconnected by user [preauth]
May  5 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Disconnected from 59.31.133.238 port 55344 [preauth]
May  5 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15256]: pam_unix(cron:session): session closed for user root
May  5 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12648]: pam_unix(cron:session): session closed for user root
May  5 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Invalid user pi from 59.31.133.238
May  5 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: input_userauth_request: invalid user pi [preauth]
May  5 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15255]: pam_unix(cron:session): session closed for user samftp
May  5 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user pi from 59.31.133.238 port 56684 ssh2
May  5 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user pi from 59.31.133.238 port 56684 ssh2
May  5 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user pi from 59.31.133.238 port 56684 ssh2
May  5 23:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for invalid user pi from 59.31.133.238 port 56684 ssh2
May  5 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Received disconnect from 59.31.133.238 port 56684:11: disconnected by user [preauth]
May  5 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Disconnected from 59.31.133.238 port 56684 [preauth]
May  5 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: PAM service(sshd) ignoring max retries; 4 > 3
May  5 23:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Invalid user baikal from 59.31.133.238
May  5 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: input_userauth_request: invalid user baikal [preauth]
May  5 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.31.133.238
May  5 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Failed password for invalid user baikal from 59.31.133.238 port 58008 ssh2
May  5 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Received disconnect from 59.31.133.238 port 58008:11: disconnected by user [preauth]
May  5 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15549]: Disconnected from 59.31.133.238 port 58008 [preauth]
May  5 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Invalid user fengyingchao from 49.162.227.188
May  5 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: input_userauth_request: invalid user fengyingchao [preauth]
May  5 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Failed password for invalid user fengyingchao from 49.162.227.188 port 51266 ssh2
May  5 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Received disconnect from 49.162.227.188 port 51266:11: Bye Bye [preauth]
May  5 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15574]: Disconnected from 49.162.227.188 port 51266 [preauth]
May  5 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14433]: pam_unix(cron:session): session closed for user root
May  5 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15690]: pam_unix(cron:session): session closed for user p13x
May  5 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: Successful su for rubyman by root
May  5 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: + ??? root:rubyman
May  5 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336905 of user rubyman.
May  5 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15760]: pam_unix(su:session): session closed for user rubyman
May  5 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336905.
May  5 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13060]: pam_unix(cron:session): session closed for user root
May  5 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15691]: pam_unix(cron:session): session closed for user samftp
May  5 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  5 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Failed password for root from 212.233.136.201 port 40356 ssh2
May  5 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Received disconnect from 212.233.136.201 port 40356:11: Bye Bye [preauth]
May  5 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15967]: Disconnected from 212.233.136.201 port 40356 [preauth]
May  5 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14851]: pam_unix(cron:session): session closed for user root
May  5 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session closed for user p13x
May  5 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16164]: Successful su for rubyman by root
May  5 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16164]: + ??? root:rubyman
May  5 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336908 of user rubyman.
May  5 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16164]: pam_unix(su:session): session closed for user rubyman
May  5 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336908.
May  5 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user root
May  5 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session closed for user samftp
May  5 23:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: Invalid user vpn from 187.170.74.95
May  5 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: input_userauth_request: invalid user vpn [preauth]
May  5 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  5 23:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: Failed password for invalid user vpn from 187.170.74.95 port 58126 ssh2
May  5 23:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188  user=root
May  5 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: Received disconnect from 187.170.74.95 port 58126:11: Bye Bye [preauth]
May  5 23:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16367]: Disconnected from 187.170.74.95 port 58126 [preauth]
May  5 23:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Failed password for root from 49.162.227.188 port 51671 ssh2
May  5 23:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Received disconnect from 49.162.227.188 port 51671:11: Bye Bye [preauth]
May  5 23:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16377]: Disconnected from 49.162.227.188 port 51671 [preauth]
May  5 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session closed for user root
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user p13x
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: Successful su for rubyman by root
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: + ??? root:rubyman
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336912 of user rubyman.
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16594]: pam_unix(su:session): session closed for user rubyman
May  5 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336912.
May  5 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session closed for user root
May  5 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user samftp
May  5 23:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 23:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: Failed password for root from 80.94.95.29 port 43409 ssh2
May  5 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session closed for user root
May  5 23:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: Failed password for root from 80.94.95.29 port 43409 ssh2
May  5 23:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 43409 ssh2]
May  5 23:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: Received disconnect from 80.94.95.29 port 43409:11: Bye [preauth]
May  5 23:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: Disconnected from 80.94.95.29 port 43409 [preauth]
May  5 23:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  5 23:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16853]: PAM service(sshd) ignoring max retries; 5 > 3
May  5 23:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Failed password for root from 218.92.0.179 port 58292 ssh2
May  5 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 58292 ssh2]
May  5 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Received disconnect from 218.92.0.179 port 58292:11:  [preauth]
May  5 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Disconnected from 218.92.0.179 port 58292 [preauth]
May  5 23:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  5 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session closed for user p13x
May  5 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17042]: Successful su for rubyman by root
May  5 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17042]: + ??? root:rubyman
May  5 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336917 of user rubyman.
May  5 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17042]: pam_unix(su:session): session closed for user rubyman
May  5 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336917.
May  5 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14432]: pam_unix(cron:session): session closed for user root
May  5 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session closed for user samftp
May  5 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Invalid user cyrus from 49.162.227.188
May  5 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: input_userauth_request: invalid user cyrus [preauth]
May  5 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Failed password for invalid user cyrus from 49.162.227.188 port 61682 ssh2
May  5 23:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Received disconnect from 49.162.227.188 port 61682:11: Bye Bye [preauth]
May  5 23:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17261]: Disconnected from 49.162.227.188 port 61682 [preauth]
May  5 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16108]: pam_unix(cron:session): session closed for user root
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session closed for user root
May  5 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session closed for user p13x
May  5 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: Successful su for rubyman by root
May  5 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: + ??? root:rubyman
May  5 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336920 of user rubyman.
May  5 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17454]: pam_unix(su:session): session closed for user rubyman
May  5 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336920.
May  5 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session closed for user root
May  5 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14850]: pam_unix(cron:session): session closed for user root
May  5 23:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session closed for user samftp
May  5 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: Invalid user joy from 103.226.139.67
May  5 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: input_userauth_request: invalid user joy [preauth]
May  5 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  5 23:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: Failed password for invalid user joy from 103.226.139.67 port 43920 ssh2
May  5 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: Received disconnect from 103.226.139.67 port 43920:11: Bye Bye [preauth]
May  5 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17700]: Disconnected from 103.226.139.67 port 43920 [preauth]
May  5 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session closed for user root
May  5 23:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user p13x
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18011]: Successful su for rubyman by root
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18011]: + ??? root:rubyman
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336925 of user rubyman.
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18011]: pam_unix(su:session): session closed for user rubyman
May  5 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336925.
May  5 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: Failed password for root from 212.233.136.201 port 54742 ssh2
May  5 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: Received disconnect from 212.233.136.201 port 54742:11: Bye Bye [preauth]
May  5 23:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17937]: Disconnected from 212.233.136.201 port 54742 [preauth]
May  5 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session closed for user root
May  5 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user samftp
May  5 23:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  5 23:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Failed password for root from 187.170.74.95 port 56270 ssh2
May  5 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Received disconnect from 187.170.74.95 port 56270:11: Bye Bye [preauth]
May  5 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18236]: Disconnected from 187.170.74.95 port 56270 [preauth]
May  5 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  5 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Invalid user iexcel from 49.162.227.188
May  5 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: input_userauth_request: invalid user iexcel [preauth]
May  5 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): check pass; user unknown
May  5 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  5 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for invalid user iexcel from 49.162.227.188 port 49899 ssh2
May  5 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Received disconnect from 49.162.227.188 port 49899:11: Bye Bye [preauth]
May  5 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Disconnected from 49.162.227.188 port 49899 [preauth]
May  5 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session closed for user root
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18362]: pam_unix(cron:session): session closed for user p13x
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18433]: Successful su for rubyman by root
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18433]: + ??? root:rubyman
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336930 of user rubyman.
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18433]: pam_unix(su:session): session closed for user rubyman
May  5 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336930.
May  5 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user root
May  5 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18363]: pam_unix(cron:session): session closed for user samftp
May  5 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session closed for user root
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18778]: pam_unix(cron:session): session closed for user p13x
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: Successful su for rubyman by root
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: + ??? root:rubyman
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336933 of user rubyman.
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: pam_unix(su:session): session closed for user rubyman
May  5 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336933.
May  5 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session closed for user root
May  5 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18779]: pam_unix(cron:session): session closed for user samftp
May  5 23:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17943]: pam_unix(cron:session): session closed for user root
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session closed for user p13x
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19241]: Successful su for rubyman by root
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19241]: + ??? root:rubyman
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336938 of user rubyman.
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19241]: pam_unix(su:session): session closed for user rubyman
May  5 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336938.
May  5 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user root
May  5 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19180]: pam_unix(cron:session): session closed for user samftp
May  5 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18365]: pam_unix(cron:session): session closed for user root
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19591]: pam_unix(cron:session): session closed for user root
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session closed for user root
May  6 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session closed for user p13x
May  6 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19696]: Successful su for rubyman by root
May  6 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19696]: + ??? root:rubyman
May  6 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336946 of user rubyman.
May  6 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19696]: pam_unix(su:session): session closed for user rubyman
May  6 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336946.
May  6 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session closed for user root
May  6 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session closed for user root
May  6 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session closed for user samftp
May  6 00:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Invalid user postgres from 187.170.74.95
May  6 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: input_userauth_request: invalid user postgres [preauth]
May  6 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  6 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Failed password for invalid user postgres from 187.170.74.95 port 35711 ssh2
May  6 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Received disconnect from 187.170.74.95 port 35711:11: Bye Bye [preauth]
May  6 00:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19942]: Disconnected from 187.170.74.95 port 35711 [preauth]
May  6 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Invalid user chuang from 49.162.227.188
May  6 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: input_userauth_request: invalid user chuang [preauth]
May  6 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  6 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Failed password for invalid user chuang from 49.162.227.188 port 57803 ssh2
May  6 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Received disconnect from 49.162.227.188 port 57803:11: Bye Bye [preauth]
May  6 00:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19980]: Disconnected from 49.162.227.188 port 57803 [preauth]
May  6 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18781]: pam_unix(cron:session): session closed for user root
May  6 00:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Invalid user netweb from 212.233.136.201
May  6 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: input_userauth_request: invalid user netweb [preauth]
May  6 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user netweb from 212.233.136.201 port 42428 ssh2
May  6 00:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Received disconnect from 212.233.136.201 port 42428:11: Bye Bye [preauth]
May  6 00:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Disconnected from 212.233.136.201 port 42428 [preauth]
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20110]: pam_unix(cron:session): session closed for user root
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session closed for user p13x
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: Successful su for rubyman by root
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: + ??? root:rubyman
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336948 of user rubyman.
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: pam_unix(su:session): session closed for user rubyman
May  6 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336948.
May  6 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session closed for user root
May  6 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session closed for user samftp
May  6 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19182]: pam_unix(cron:session): session closed for user root
May  6 00:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  6 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Invalid user testing from 103.226.139.67
May  6 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: input_userauth_request: invalid user testing [preauth]
May  6 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  6 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Failed password for root from 218.92.0.179 port 24097 ssh2
May  6 00:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Failed password for root from 186.96.145.241 port 54180 ssh2
May  6 00:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20507]: Connection closed by 186.96.145.241 port 54180 [preauth]
May  6 00:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Failed password for invalid user testing from 103.226.139.67 port 43258 ssh2
May  6 00:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Received disconnect from 103.226.139.67 port 43258:11: Bye Bye [preauth]
May  6 00:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20505]: Disconnected from 103.226.139.67 port 43258 [preauth]
May  6 00:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Failed password for root from 218.92.0.179 port 24097 ssh2
May  6 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Failed password for root from 218.92.0.179 port 24097 ssh2
May  6 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Received disconnect from 218.92.0.179 port 24097:11:  [preauth]
May  6 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: Disconnected from 218.92.0.179 port 24097 [preauth]
May  6 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20498]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session closed for user p13x
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: Successful su for rubyman by root
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: + ??? root:rubyman
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336955 of user rubyman.
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20588]: pam_unix(su:session): session closed for user rubyman
May  6 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336955.
May  6 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user root
May  6 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session closed for user samftp
May  6 00:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188  user=root
May  6 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20829]: Failed password for root from 49.162.227.188 port 50793 ssh2
May  6 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20829]: Received disconnect from 49.162.227.188 port 50793:11: Bye Bye [preauth]
May  6 00:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20829]: Disconnected from 49.162.227.188 port 50793 [preauth]
May  6 00:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19590]: pam_unix(cron:session): session closed for user root
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session closed for user p13x
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: Successful su for rubyman by root
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: + ??? root:rubyman
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336957 of user rubyman.
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: pam_unix(su:session): session closed for user rubyman
May  6 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336957.
May  6 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18364]: pam_unix(cron:session): session closed for user root
May  6 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session closed for user samftp
May  6 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session closed for user root
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21372]: pam_unix(cron:session): session closed for user p13x
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21429]: Successful su for rubyman by root
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21429]: + ??? root:rubyman
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336961 of user rubyman.
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21429]: pam_unix(su:session): session closed for user rubyman
May  6 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336961.
May  6 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18780]: pam_unix(cron:session): session closed for user root
May  6 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21373]: pam_unix(cron:session): session closed for user samftp
May  6 00:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Invalid user user from 49.162.227.188
May  6 00:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: input_userauth_request: invalid user user [preauth]
May  6 00:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  6 00:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  6 00:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Failed password for invalid user user from 49.162.227.188 port 64910 ssh2
May  6 00:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Received disconnect from 49.162.227.188 port 64910:11: Bye Bye [preauth]
May  6 00:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Disconnected from 49.162.227.188 port 64910 [preauth]
May  6 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Failed password for root from 187.170.74.95 port 58300 ssh2
May  6 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20524]: pam_unix(cron:session): session closed for user root
May  6 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Received disconnect from 187.170.74.95 port 58300:11: Bye Bye [preauth]
May  6 00:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Disconnected from 187.170.74.95 port 58300 [preauth]
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user root
May  6 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session closed for user p13x
May  6 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: Successful su for rubyman by root
May  6 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: + ??? root:rubyman
May  6 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336969 of user rubyman.
May  6 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: pam_unix(su:session): session closed for user rubyman
May  6 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336969.
May  6 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session closed for user root
May  6 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session closed for user root
May  6 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22084]: pam_unix(cron:session): session closed for user samftp
May  6 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Invalid user bank from 212.233.136.201
May  6 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: input_userauth_request: invalid user bank [preauth]
May  6 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Failed password for invalid user bank from 212.233.136.201 port 58424 ssh2
May  6 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Received disconnect from 212.233.136.201 port 58424:11: Bye Bye [preauth]
May  6 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22491]: Disconnected from 212.233.136.201 port 58424 [preauth]
May  6 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20942]: pam_unix(cron:session): session closed for user root
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session closed for user p13x
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22661]: Successful su for rubyman by root
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22661]: + ??? root:rubyman
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336971 of user rubyman.
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22661]: pam_unix(su:session): session closed for user rubyman
May  6 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336971.
May  6 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session closed for user root
May  6 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user samftp
May  6 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188  user=root
May  6 00:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Failed password for root from 49.162.227.188 port 57753 ssh2
May  6 00:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Received disconnect from 49.162.227.188 port 57753:11: Bye Bye [preauth]
May  6 00:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Disconnected from 49.162.227.188 port 57753 [preauth]
May  6 00:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Failed password for root from 218.92.0.179 port 42531 ssh2
May  6 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user root
May  6 00:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Failed password for root from 218.92.0.179 port 42531 ssh2
May  6 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Failed password for root from 218.92.0.179 port 42531 ssh2
May  6 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Received disconnect from 218.92.0.179 port 42531:11:  [preauth]
May  6 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Disconnected from 218.92.0.179 port 42531 [preauth]
May  6 00:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session closed for user p13x
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: Successful su for rubyman by root
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: + ??? root:rubyman
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336977 of user rubyman.
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: pam_unix(su:session): session closed for user rubyman
May  6 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336977.
May  6 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20114]: pam_unix(cron:session): session closed for user root
May  6 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user samftp
May  6 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user root
May  6 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session closed for user p13x
May  6 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: Successful su for rubyman by root
May  6 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: + ??? root:rubyman
May  6 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336980 of user rubyman.
May  6 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session closed for user rubyman
May  6 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336980.
May  6 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session closed for user root
May  6 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session closed for user samftp
May  6 00:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Invalid user test from 49.162.227.188
May  6 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: input_userauth_request: invalid user test [preauth]
May  6 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188
May  6 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Failed password for invalid user test from 49.162.227.188 port 51601 ssh2
May  6 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Received disconnect from 49.162.227.188 port 51601:11: Bye Bye [preauth]
May  6 00:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23997]: Disconnected from 49.162.227.188 port 51601 [preauth]
May  6 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session closed for user root
May  6 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Failed password for root from 103.226.139.67 port 40356 ssh2
May  6 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Received disconnect from 103.226.139.67 port 40356:11: Bye Bye [preauth]
May  6 00:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23999]: Disconnected from 103.226.139.67 port 40356 [preauth]
May  6 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  6 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Failed password for root from 187.170.74.95 port 55647 ssh2
May  6 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Received disconnect from 187.170.74.95 port 55647:11: Bye Bye [preauth]
May  6 00:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24052]: Disconnected from 187.170.74.95 port 55647 [preauth]
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24091]: pam_unix(cron:session): session closed for user p13x
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: Successful su for rubyman by root
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: + ??? root:rubyman
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336983 of user rubyman.
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24223]: pam_unix(su:session): session closed for user rubyman
May  6 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336983.
May  6 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24089]: pam_unix(cron:session): session closed for user root
May  6 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session closed for user root
May  6 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24092]: pam_unix(cron:session): session closed for user samftp
May  6 00:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  6 00:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24529]: Failed password for root from 218.92.0.252 port 43112 ssh2
May  6 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session closed for user root
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24631]: pam_unix(cron:session): session closed for user root
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session closed for user p13x
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: Successful su for rubyman by root
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: + ??? root:rubyman
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336990 of user rubyman.
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: pam_unix(su:session): session closed for user rubyman
May  6 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336990.
May  6 00:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Invalid user chenzilong from 212.233.136.201
May  6 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: input_userauth_request: invalid user chenzilong [preauth]
May  6 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user root
May  6 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user root
May  6 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Failed password for invalid user chenzilong from 212.233.136.201 port 56922 ssh2
May  6 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Received disconnect from 212.233.136.201 port 56922:11: Bye Bye [preauth]
May  6 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24731]: Disconnected from 212.233.136.201 port 56922 [preauth]
May  6 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session closed for user samftp
May  6 00:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Invalid user user from 80.94.95.29
May  6 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: input_userauth_request: invalid user user [preauth]
May  6 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 00:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188  user=root
May  6 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user user from 80.94.95.29 port 51086 ssh2
May  6 00:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Failed password for root from 49.162.227.188 port 55904 ssh2
May  6 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Received disconnect from 49.162.227.188 port 55904:11: Bye Bye [preauth]
May  6 00:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24985]: Disconnected from 49.162.227.188 port 55904 [preauth]
May  6 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user user from 80.94.95.29 port 51086 ssh2
May  6 00:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session closed for user root
May  6 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user user from 80.94.95.29 port 51086 ssh2
May  6 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user user from 80.94.95.29 port 51086 ssh2
May  6 00:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Failed password for invalid user user from 80.94.95.29 port 51086 ssh2
May  6 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Received disconnect from 80.94.95.29 port 51086:11: Bye [preauth]
May  6 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: Disconnected from 80.94.95.29 port 51086 [preauth]
May  6 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 00:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24983]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25081]: pam_unix(cron:session): session closed for user p13x
May  6 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25153]: Successful su for rubyman by root
May  6 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25153]: + ??? root:rubyman
May  6 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336994 of user rubyman.
May  6 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25153]: pam_unix(su:session): session closed for user rubyman
May  6 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336994.
May  6 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session closed for user root
May  6 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25082]: pam_unix(cron:session): session closed for user samftp
May  6 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24094]: pam_unix(cron:session): session closed for user root
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25493]: pam_unix(cron:session): session closed for user p13x
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: Successful su for rubyman by root
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: + ??? root:rubyman
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 336998 of user rubyman.
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25565]: pam_unix(su:session): session closed for user rubyman
May  6 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 336998.
May  6 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user root
May  6 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25494]: pam_unix(cron:session): session closed for user samftp
May  6 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Failed password for root from 218.92.0.179 port 55899 ssh2
May  6 00:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55899 ssh2]
May  6 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Received disconnect from 218.92.0.179 port 55899:11:  [preauth]
May  6 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: Disconnected from 218.92.0.179 port 55899 [preauth]
May  6 00:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25718]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.162.227.188  user=root
May  6 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24630]: pam_unix(cron:session): session closed for user root
May  6 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Failed password for root from 49.162.227.188 port 52354 ssh2
May  6 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Received disconnect from 49.162.227.188 port 52354:11: Bye Bye [preauth]
May  6 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Disconnected from 49.162.227.188 port 52354 [preauth]
May  6 00:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Invalid user shoutcast from 187.170.74.95
May  6 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: input_userauth_request: invalid user shoutcast [preauth]
May  6 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  6 00:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Failed password for invalid user shoutcast from 187.170.74.95 port 40699 ssh2
May  6 00:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Received disconnect from 187.170.74.95 port 40699:11: Bye Bye [preauth]
May  6 00:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Disconnected from 187.170.74.95 port 40699 [preauth]
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user p13x
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26059]: Successful su for rubyman by root
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26059]: + ??? root:rubyman
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337003 of user rubyman.
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26059]: pam_unix(su:session): session closed for user rubyman
May  6 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337003.
May  6 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user root
May  6 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session closed for user samftp
May  6 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25084]: pam_unix(cron:session): session closed for user root
May  6 00:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Invalid user admin from 80.94.95.112
May  6 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: input_userauth_request: invalid user admin [preauth]
May  6 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for invalid user admin from 80.94.95.112 port 52701 ssh2
May  6 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for invalid user admin from 80.94.95.112 port 52701 ssh2
May  6 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for invalid user admin from 80.94.95.112 port 52701 ssh2
May  6 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for invalid user admin from 80.94.95.112 port 52701 ssh2
May  6 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Failed password for invalid user admin from 80.94.95.112 port 52701 ssh2
May  6 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Received disconnect from 80.94.95.112 port 52701:11: Bye [preauth]
May  6 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: Disconnected from 80.94.95.112 port 52701 [preauth]
May  6 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 00:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26347]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session closed for user p13x
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: Successful su for rubyman by root
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: + ??? root:rubyman
May  6 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337008 of user rubyman.
May  6 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: pam_unix(su:session): session closed for user rubyman
May  6 00:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337008.
May  6 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session closed for user root
May  6 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session closed for user samftp
May  6 00:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25496]: pam_unix(cron:session): session closed for user root
May  6 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Invalid user afzal from 212.233.136.201
May  6 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: input_userauth_request: invalid user afzal [preauth]
May  6 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Failed password for invalid user afzal from 212.233.136.201 port 60414 ssh2
May  6 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Received disconnect from 212.233.136.201 port 60414:11: Bye Bye [preauth]
May  6 00:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Disconnected from 212.233.136.201 port 60414 [preauth]
May  6 00:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26892]: pam_unix(cron:session): session closed for user root
May  6 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26886]: pam_unix(cron:session): session closed for user p13x
May  6 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26990]: Successful su for rubyman by root
May  6 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26990]: + ??? root:rubyman
May  6 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337010 of user rubyman.
May  6 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26990]: pam_unix(su:session): session closed for user rubyman
May  6 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337010.
May  6 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Failed password for root from 164.68.105.9 port 33256 ssh2
May  6 00:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26883]: Connection closed by 164.68.105.9 port 33256 [preauth]
May  6 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26888]: pam_unix(cron:session): session closed for user root
May  6 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session closed for user root
May  6 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26887]: pam_unix(cron:session): session closed for user samftp
May  6 00:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 00:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Failed password for root from 103.226.139.67 port 35034 ssh2
May  6 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Received disconnect from 103.226.139.67 port 35034:11: Bye Bye [preauth]
May  6 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Disconnected from 103.226.139.67 port 35034 [preauth]
May  6 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25997]: pam_unix(cron:session): session closed for user root
May  6 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Failed password for root from 218.92.0.179 port 40805 ssh2
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27432]: pam_unix(cron:session): session closed for user p13x
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Failed password for root from 218.92.0.179 port 40805 ssh2
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27523]: Successful su for rubyman by root
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27523]: + ??? root:rubyman
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337017 of user rubyman.
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27523]: pam_unix(su:session): session closed for user rubyman
May  6 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337017.
May  6 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Failed password for root from 218.92.0.179 port 40805 ssh2
May  6 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Received disconnect from 218.92.0.179 port 40805:11:  [preauth]
May  6 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Disconnected from 218.92.0.179 port 40805 [preauth]
May  6 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user root
May  6 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27433]: pam_unix(cron:session): session closed for user samftp
May  6 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session closed for user root
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27879]: pam_unix(cron:session): session closed for user root
May  6 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session closed for user p13x
May  6 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27946]: Successful su for rubyman by root
May  6 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27946]: + ??? root:rubyman
May  6 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337023 of user rubyman.
May  6 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27946]: pam_unix(su:session): session closed for user rubyman
May  6 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337023.
May  6 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session closed for user root
May  6 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  6 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27882]: pam_unix(cron:session): session closed for user samftp
May  6 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: Failed password for root from 187.170.74.95 port 58838 ssh2
May  6 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: Received disconnect from 187.170.74.95 port 58838:11: Bye Bye [preauth]
May  6 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28101]: Disconnected from 187.170.74.95 port 58838 [preauth]
May  6 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26890]: pam_unix(cron:session): session closed for user root
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28283]: pam_unix(cron:session): session closed for user p13x
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: Successful su for rubyman by root
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: + ??? root:rubyman
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337025 of user rubyman.
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28342]: pam_unix(su:session): session closed for user rubyman
May  6 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337025.
May  6 00:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25495]: pam_unix(cron:session): session closed for user root
May  6 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28284]: pam_unix(cron:session): session closed for user samftp
May  6 00:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27435]: pam_unix(cron:session): session closed for user root
May  6 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28682]: pam_unix(cron:session): session closed for user p13x
May  6 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28744]: Successful su for rubyman by root
May  6 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28744]: + ??? root:rubyman
May  6 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337030 of user rubyman.
May  6 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28744]: pam_unix(su:session): session closed for user rubyman
May  6 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337030.
May  6 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session closed for user root
May  6 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28683]: pam_unix(cron:session): session closed for user samftp
May  6 00:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201  user=root
May  6 00:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: Failed password for root from 212.233.136.201 port 38644 ssh2
May  6 00:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: Received disconnect from 212.233.136.201 port 38644:11: Bye Bye [preauth]
May  6 00:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28974]: Disconnected from 212.233.136.201 port 38644 [preauth]
May  6 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session closed for user root
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29185]: pam_unix(cron:session): session closed for user root
May  6 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session closed for user p13x
May  6 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: Successful su for rubyman by root
May  6 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: + ??? root:rubyman
May  6 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337035 of user rubyman.
May  6 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29265]: pam_unix(su:session): session closed for user rubyman
May  6 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337035.
May  6 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session closed for user root
May  6 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session closed for user root
May  6 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session closed for user samftp
May  6 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28286]: pam_unix(cron:session): session closed for user root
May  6 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user p13x
May  6 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29701]: Successful su for rubyman by root
May  6 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29701]: + ??? root:rubyman
May  6 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337039 of user rubyman.
May  6 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29701]: pam_unix(su:session): session closed for user rubyman
May  6 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337039.
May  6 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26889]: pam_unix(cron:session): session closed for user root
May  6 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user samftp
May  6 00:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95  user=root
May  6 00:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Failed password for root from 187.170.74.95 port 50311 ssh2
May  6 00:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Received disconnect from 187.170.74.95 port 50311:11: Bye Bye [preauth]
May  6 00:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Disconnected from 187.170.74.95 port 50311 [preauth]
May  6 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session closed for user root
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30042]: pam_unix(cron:session): session closed for user p13x
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: Successful su for rubyman by root
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: + ??? root:rubyman
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337044 of user rubyman.
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session closed for user rubyman
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337044.
May  6 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Invalid user dm from 103.226.139.67
May  6 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: input_userauth_request: invalid user dm [preauth]
May  6 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  6 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27434]: pam_unix(cron:session): session closed for user root
May  6 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Failed password for invalid user dm from 103.226.139.67 port 48094 ssh2
May  6 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30043]: pam_unix(cron:session): session closed for user samftp
May  6 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Received disconnect from 103.226.139.67 port 48094:11: Bye Bye [preauth]
May  6 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30128]: Disconnected from 103.226.139.67 port 48094 [preauth]
May  6 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29184]: pam_unix(cron:session): session closed for user root
May  6 00:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Failed password for root from 218.92.0.179 port 42884 ssh2
May  6 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42884 ssh2]
May  6 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Received disconnect from 218.92.0.179 port 42884:11:  [preauth]
May  6 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: Disconnected from 218.92.0.179 port 42884 [preauth]
May  6 00:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30397]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session closed for user p13x
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: Successful su for rubyman by root
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: + ??? root:rubyman
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337047 of user rubyman.
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: pam_unix(su:session): session closed for user rubyman
May  6 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337047.
May  6 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session closed for user root
May  6 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session closed for user samftp
May  6 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29635]: pam_unix(cron:session): session closed for user root
May  6 00:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Invalid user ubnt from 80.94.95.241
May  6 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: input_userauth_request: invalid user ubnt [preauth]
May  6 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 00:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user ubnt from 80.94.95.241 port 60362 ssh2
May  6 00:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user ubnt from 80.94.95.241 port 60362 ssh2
May  6 00:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user ubnt from 80.94.95.241 port 60362 ssh2
May  6 00:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user ubnt from 80.94.95.241 port 60362 ssh2
May  6 00:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Failed password for invalid user ubnt from 80.94.95.241 port 60362 ssh2
May  6 00:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Received disconnect from 80.94.95.241 port 60362:11: Bye [preauth]
May  6 00:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: Disconnected from 80.94.95.241 port 60362 [preauth]
May  6 00:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 00:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30810]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30841]: pam_unix(cron:session): session closed for user p13x
May  6 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30903]: Successful su for rubyman by root
May  6 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30903]: + ??? root:rubyman
May  6 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337051 of user rubyman.
May  6 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30903]: pam_unix(su:session): session closed for user rubyman
May  6 00:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337051.
May  6 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28285]: pam_unix(cron:session): session closed for user root
May  6 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: Invalid user miguel from 212.233.136.201
May  6 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: input_userauth_request: invalid user miguel [preauth]
May  6 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30842]: pam_unix(cron:session): session closed for user samftp
May  6 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: Failed password for invalid user miguel from 212.233.136.201 port 53094 ssh2
May  6 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: Received disconnect from 212.233.136.201 port 53094:11: Bye Bye [preauth]
May  6 00:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31160]: Disconnected from 212.233.136.201 port 53094 [preauth]
May  6 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30045]: pam_unix(cron:session): session closed for user root
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31349]: pam_unix(cron:session): session closed for user root
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user p13x
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: Successful su for rubyman by root
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: + ??? root:rubyman
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337057 of user rubyman.
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31412]: pam_unix(su:session): session closed for user rubyman
May  6 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337057.
May  6 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user root
May  6 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28684]: pam_unix(cron:session): session closed for user root
May  6 00:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user samftp
May  6 00:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: Invalid user dns2 from 176.31.162.135
May  6 00:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: input_userauth_request: invalid user dns2 [preauth]
May  6 00:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  6 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: Failed password for invalid user dns2 from 176.31.162.135 port 37152 ssh2
May  6 00:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: Connection closed by 176.31.162.135 port 37152 [preauth]
May  6 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session closed for user root
May  6 00:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Invalid user victor from 187.170.74.95
May  6 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: input_userauth_request: invalid user victor [preauth]
May  6 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  6 00:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Failed password for invalid user victor from 187.170.74.95 port 41301 ssh2
May  6 00:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Received disconnect from 187.170.74.95 port 41301:11: Bye Bye [preauth]
May  6 00:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Disconnected from 187.170.74.95 port 41301 [preauth]
May  6 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session closed for user p13x
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31882]: Successful su for rubyman by root
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31882]: + ??? root:rubyman
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337064 of user rubyman.
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31882]: pam_unix(su:session): session closed for user rubyman
May  6 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337064.
May  6 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session closed for user root
May  6 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session closed for user samftp
May  6 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30844]: pam_unix(cron:session): session closed for user root
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session closed for user p13x
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: Successful su for rubyman by root
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: + ??? root:rubyman
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337066 of user rubyman.
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session closed for user rubyman
May  6 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337066.
May  6 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
May  6 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32523]: pam_unix(cron:session): session closed for user samftp
May  6 00:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session closed for user root
May  6 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[653]: pam_unix(cron:session): session closed for user p13x
May  6 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[727]: Successful su for rubyman by root
May  6 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[727]: + ??? root:rubyman
May  6 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337070 of user rubyman.
May  6 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[727]: pam_unix(su:session): session closed for user rubyman
May  6 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337070.
May  6 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30044]: pam_unix(cron:session): session closed for user root
May  6 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[655]: pam_unix(cron:session): session closed for user samftp
May  6 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31808]: pam_unix(cron:session): session closed for user root
May  6 00:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Invalid user server from 212.233.136.201
May  6 00:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: input_userauth_request: invalid user server [preauth]
May  6 00:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Failed password for invalid user server from 212.233.136.201 port 39366 ssh2
May  6 00:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 00:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Received disconnect from 212.233.136.201 port 39366:11: Bye Bye [preauth]
May  6 00:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Disconnected from 212.233.136.201 port 39366 [preauth]
May  6 00:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Failed password for root from 103.226.139.67 port 46276 ssh2
May  6 00:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Received disconnect from 103.226.139.67 port 46276:11: Bye Bye [preauth]
May  6 00:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Disconnected from 103.226.139.67 port 46276 [preauth]
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1124]: pam_unix(cron:session): session closed for user p13x
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: Successful su for rubyman by root
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: + ??? root:rubyman
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337074 of user rubyman.
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: pam_unix(su:session): session closed for user rubyman
May  6 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337074.
May  6 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user root
May  6 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1125]: pam_unix(cron:session): session closed for user samftp
May  6 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32525]: pam_unix(cron:session): session closed for user root
May  6 00:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Invalid user user33 from 187.170.74.95
May  6 00:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: input_userauth_request: invalid user user33 [preauth]
May  6 00:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  6 00:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user user33 from 187.170.74.95 port 51317 ssh2
May  6 00:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Received disconnect from 187.170.74.95 port 51317:11: Bye Bye [preauth]
May  6 00:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Disconnected from 187.170.74.95 port 51317 [preauth]
May  6 00:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 00:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Failed password for root from 193.70.84.184 port 45964 ssh2
May  6 00:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Connection closed by 193.70.84.184 port 45964 [preauth]
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user root
May  6 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session closed for user p13x
May  6 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: Successful su for rubyman by root
May  6 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: + ??? root:rubyman
May  6 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337079 of user rubyman.
May  6 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1684]: pam_unix(su:session): session closed for user rubyman
May  6 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337079.
May  6 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1610]: pam_unix(cron:session): session closed for user root
May  6 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30843]: pam_unix(cron:session): session closed for user root
May  6 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session closed for user samftp
May  6 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[657]: pam_unix(cron:session): session closed for user root
May  6 00:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 00:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Failed password for root from 80.94.95.125 port 7432 ssh2
May  6 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 7432 ssh2]
May  6 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Received disconnect from 80.94.95.125 port 7432:11: Bye [preauth]
May  6 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Disconnected from 80.94.95.125 port 7432 [preauth]
May  6 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 00:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2184]: pam_unix(cron:session): session closed for user p13x
May  6 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2256]: Successful su for rubyman by root
May  6 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2256]: + ??? root:rubyman
May  6 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2256]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337085 of user rubyman.
May  6 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2256]: pam_unix(su:session): session closed for user rubyman
May  6 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337085.
May  6 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user root
May  6 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2185]: pam_unix(cron:session): session closed for user samftp
May  6 00:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1127]: pam_unix(cron:session): session closed for user root
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2625]: pam_unix(cron:session): session closed for user p13x
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2700]: Successful su for rubyman by root
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2700]: + ??? root:rubyman
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337087 of user rubyman.
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2700]: pam_unix(su:session): session closed for user rubyman
May  6 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337087.
May  6 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session closed for user root
May  6 00:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2626]: pam_unix(cron:session): session closed for user samftp
May  6 00:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session closed for user root
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session closed for user p13x
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: Successful su for rubyman by root
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: + ??? root:rubyman
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337091 of user rubyman.
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: pam_unix(su:session): session closed for user rubyman
May  6 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337091.
May  6 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32524]: pam_unix(cron:session): session closed for user root
May  6 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session closed for user samftp
May  6 00:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Invalid user odoo from 212.233.136.201
May  6 00:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: input_userauth_request: invalid user odoo [preauth]
May  6 00:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Failed password for invalid user odoo from 212.233.136.201 port 54370 ssh2
May  6 00:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Received disconnect from 212.233.136.201 port 54370:11: Bye Bye [preauth]
May  6 00:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Disconnected from 212.233.136.201 port 54370 [preauth]
May  6 00:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2187]: pam_unix(cron:session): session closed for user root
May  6 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Invalid user admin from 187.170.74.95
May  6 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: input_userauth_request: invalid user admin [preauth]
May  6 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.170.74.95
May  6 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Failed password for invalid user admin from 187.170.74.95 port 34526 ssh2
May  6 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Received disconnect from 187.170.74.95 port 34526:11: Bye Bye [preauth]
May  6 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Disconnected from 187.170.74.95 port 34526 [preauth]
May  6 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3475]: pam_unix(cron:session): session closed for user p13x
May  6 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3538]: Successful su for rubyman by root
May  6 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3538]: + ??? root:rubyman
May  6 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337097 of user rubyman.
May  6 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3538]: pam_unix(su:session): session closed for user rubyman
May  6 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337097.
May  6 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[656]: pam_unix(cron:session): session closed for user root
May  6 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3476]: pam_unix(cron:session): session closed for user samftp
May  6 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2628]: pam_unix(cron:session): session closed for user root
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user root
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session closed for user p13x
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4000]: Successful su for rubyman by root
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4000]: + ??? root:rubyman
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337101 of user rubyman.
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4000]: pam_unix(su:session): session closed for user rubyman
May  6 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337101.
May  6 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session closed for user root
May  6 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1126]: pam_unix(cron:session): session closed for user root
May  6 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session closed for user samftp
May  6 00:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Invalid user mwang from 46.244.96.25
May  6 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: input_userauth_request: invalid user mwang [preauth]
May  6 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 00:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Failed password for invalid user mwang from 46.244.96.25 port 47164 ssh2
May  6 00:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Connection closed by 46.244.96.25 port 47164 [preauth]
May  6 00:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Invalid user admin from 139.19.117.131
May  6 00:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: input_userauth_request: invalid user admin [preauth]
May  6 00:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3051]: pam_unix(cron:session): session closed for user root
May  6 00:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Connection closed by 139.19.117.131 port 46942 [preauth]
May  6 00:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 00:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Failed password for root from 103.226.139.67 port 59894 ssh2
May  6 00:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Received disconnect from 103.226.139.67 port 59894:11: Bye Bye [preauth]
May  6 00:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4477]: Disconnected from 103.226.139.67 port 59894 [preauth]
May  6 00:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: Failed password for root from 218.92.0.179 port 48681 ssh2
May  6 00:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: Failed password for root from 218.92.0.179 port 48681 ssh2
May  6 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4535]: pam_unix(cron:session): session closed for user p13x
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4609]: Successful su for rubyman by root
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4609]: + ??? root:rubyman
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337106 of user rubyman.
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4609]: pam_unix(su:session): session closed for user rubyman
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337106.
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: Failed password for root from 218.92.0.179 port 48681 ssh2
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: Received disconnect from 218.92.0.179 port 48681:11:  [preauth]
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: Disconnected from 218.92.0.179 port 48681 [preauth]
May  6 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4513]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1611]: pam_unix(cron:session): session closed for user root
May  6 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4536]: pam_unix(cron:session): session closed for user samftp
May  6 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session closed for user root
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4963]: pam_unix(cron:session): session closed for user p13x
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5208]: Successful su for rubyman by root
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5208]: + ??? root:rubyman
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337111 of user rubyman.
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5208]: pam_unix(su:session): session closed for user rubyman
May  6 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337111.
May  6 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2186]: pam_unix(cron:session): session closed for user root
May  6 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session closed for user samftp
May  6 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user root
May  6 00:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Invalid user rootftp from 212.233.136.201
May  6 00:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: input_userauth_request: invalid user rootftp [preauth]
May  6 00:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Failed password for invalid user rootftp from 212.233.136.201 port 40468 ssh2
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Received disconnect from 212.233.136.201 port 40468:11: Bye Bye [preauth]
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Disconnected from 212.233.136.201 port 40468 [preauth]
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session closed for user p13x
May  6 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5678]: Successful su for rubyman by root
May  6 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5678]: + ??? root:rubyman
May  6 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337114 of user rubyman.
May  6 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5678]: pam_unix(su:session): session closed for user rubyman
May  6 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337114.
May  6 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session closed for user root
May  6 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user samftp
May  6 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session closed for user root
May  6 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session closed for user p13x
May  6 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: Successful su for rubyman by root
May  6 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: + ??? root:rubyman
May  6 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337118 of user rubyman.
May  6 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6252]: pam_unix(su:session): session closed for user rubyman
May  6 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337118.
May  6 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session closed for user root
May  6 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session closed for user root
May  6 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session closed for user samftp
May  6 00:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session closed for user root
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6619]: pam_unix(cron:session): session closed for user root
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session closed for user p13x
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: Successful su for rubyman by root
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: + ??? root:rubyman
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337126 of user rubyman.
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: pam_unix(su:session): session closed for user rubyman
May  6 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337126.
May  6 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session closed for user root
May  6 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session closed for user root
May  6 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user samftp
May  6 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session closed for user root
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7165]: pam_unix(cron:session): session closed for user p13x
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: Successful su for rubyman by root
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: + ??? root:rubyman
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337130 of user rubyman.
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7238]: pam_unix(su:session): session closed for user rubyman
May  6 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337130.
May  6 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session closed for user root
May  6 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7166]: pam_unix(cron:session): session closed for user samftp
May  6 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session closed for user root
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7667]: pam_unix(cron:session): session closed for user p13x
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7738]: Successful su for rubyman by root
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7738]: + ??? root:rubyman
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337134 of user rubyman.
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7738]: pam_unix(su:session): session closed for user rubyman
May  6 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337134.
May  6 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4538]: pam_unix(cron:session): session closed for user root
May  6 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7668]: pam_unix(cron:session): session closed for user samftp
May  6 00:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Invalid user ionguest from 103.226.139.67
May  6 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: input_userauth_request: invalid user ionguest [preauth]
May  6 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  6 00:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Failed password for invalid user ionguest from 103.226.139.67 port 40536 ssh2
May  6 00:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Received disconnect from 103.226.139.67 port 40536:11: Bye Bye [preauth]
May  6 00:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7998]: Disconnected from 103.226.139.67 port 40536 [preauth]
May  6 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6618]: pam_unix(cron:session): session closed for user root
May  6 00:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Invalid user master from 212.233.136.201
May  6 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: input_userauth_request: invalid user master [preauth]
May  6 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.233.136.201
May  6 00:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Failed password for invalid user master from 212.233.136.201 port 54772 ssh2
May  6 00:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Received disconnect from 212.233.136.201 port 54772:11: Bye Bye [preauth]
May  6 00:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Disconnected from 212.233.136.201 port 54772 [preauth]
May  6 00:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: Failed password for root from 218.92.0.179 port 12686 ssh2
May  6 00:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: Failed password for root from 218.92.0.179 port 12686 ssh2
May  6 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8103]: pam_unix(cron:session): session closed for user p13x
May  6 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8181]: Successful su for rubyman by root
May  6 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8181]: + ??? root:rubyman
May  6 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337138 of user rubyman.
May  6 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8181]: pam_unix(su:session): session closed for user rubyman
May  6 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337138.
May  6 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: Failed password for root from 218.92.0.179 port 12686 ssh2
May  6 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: Received disconnect from 218.92.0.179 port 12686:11:  [preauth]
May  6 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: Disconnected from 218.92.0.179 port 12686 [preauth]
May  6 00:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8078]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session closed for user root
May  6 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8104]: pam_unix(cron:session): session closed for user samftp
May  6 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7169]: pam_unix(cron:session): session closed for user root
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8530]: pam_unix(cron:session): session closed for user p13x
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8599]: Successful su for rubyman by root
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8599]: + ??? root:rubyman
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337141 of user rubyman.
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8599]: pam_unix(su:session): session closed for user rubyman
May  6 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337141.
May  6 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session closed for user root
May  6 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user samftp
May  6 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7670]: pam_unix(cron:session): session closed for user root
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8955]: pam_unix(cron:session): session closed for user root
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8950]: pam_unix(cron:session): session closed for user p13x
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: Successful su for rubyman by root
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: + ??? root:rubyman
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337146 of user rubyman.
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9023]: pam_unix(su:session): session closed for user rubyman
May  6 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337146.
May  6 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8952]: pam_unix(cron:session): session closed for user root
May  6 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session closed for user root
May  6 00:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8951]: pam_unix(cron:session): session closed for user samftp
May  6 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session closed for user root
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user p13x
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: Successful su for rubyman by root
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: + ??? root:rubyman
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337150 of user rubyman.
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9571]: pam_unix(su:session): session closed for user rubyman
May  6 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337150.
May  6 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user root
May  6 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user samftp
May  6 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session closed for user root
May  6 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9917]: pam_unix(cron:session): session closed for user p13x
May  6 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: Successful su for rubyman by root
May  6 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: + ??? root:rubyman
May  6 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337156 of user rubyman.
May  6 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9981]: pam_unix(su:session): session closed for user rubyman
May  6 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337156.
May  6 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7167]: pam_unix(cron:session): session closed for user root
May  6 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9918]: pam_unix(cron:session): session closed for user samftp
May  6 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8954]: pam_unix(cron:session): session closed for user root
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10400]: pam_unix(cron:session): session closed for user p13x
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10474]: Successful su for rubyman by root
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10474]: + ??? root:rubyman
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337158 of user rubyman.
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10474]: pam_unix(su:session): session closed for user rubyman
May  6 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337158.
May  6 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7669]: pam_unix(cron:session): session closed for user root
May  6 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session closed for user samftp
May  6 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user root
May  6 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10873]: pam_unix(cron:session): session closed for user p13x
May  6 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10932]: Successful su for rubyman by root
May  6 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10932]: + ??? root:rubyman
May  6 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337162 of user rubyman.
May  6 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10932]: pam_unix(su:session): session closed for user rubyman
May  6 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337162.
May  6 00:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8105]: pam_unix(cron:session): session closed for user root
May  6 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Invalid user test1 from 103.226.139.67
May  6 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: input_userauth_request: invalid user test1 [preauth]
May  6 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  6 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Failed password for invalid user test1 from 103.226.139.67 port 37336 ssh2
May  6 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10874]: pam_unix(cron:session): session closed for user samftp
May  6 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Received disconnect from 103.226.139.67 port 37336:11: Bye Bye [preauth]
May  6 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10991]: Disconnected from 103.226.139.67 port 37336 [preauth]
May  6 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9920]: pam_unix(cron:session): session closed for user root
May  6 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11276]: pam_unix(cron:session): session closed for user root
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session closed for user p13x
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: Successful su for rubyman by root
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: + ??? root:rubyman
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337168 of user rubyman.
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11341]: pam_unix(su:session): session closed for user rubyman
May  6 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337168.
May  6 00:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Invalid user admin from 80.94.95.112
May  6 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: input_userauth_request: invalid user admin [preauth]
May  6 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session closed for user root
May  6 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session closed for user root
May  6 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Failed password for invalid user admin from 80.94.95.112 port 29764 ssh2
May  6 00:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Failed password for invalid user admin from 80.94.95.112 port 29764 ssh2
May  6 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session closed for user samftp
May  6 00:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Failed password for invalid user admin from 80.94.95.112 port 29764 ssh2
May  6 00:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Failed password for invalid user admin from 80.94.95.112 port 29764 ssh2
May  6 00:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: pam_unix(sshd:auth): check pass; user unknown
May  6 00:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Failed password for invalid user admin from 80.94.95.112 port 29764 ssh2
May  6 00:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Received disconnect from 80.94.95.112 port 29764:11: Bye [preauth]
May  6 00:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: Disconnected from 80.94.95.112 port 29764 [preauth]
May  6 00:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 00:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11382]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 00:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user root
May  6 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11702]: pam_unix(cron:session): session closed for user p13x
May  6 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: Successful su for rubyman by root
May  6 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: + ??? root:rubyman
May  6 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337172 of user rubyman.
May  6 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11770]: pam_unix(su:session): session closed for user rubyman
May  6 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337172.
May  6 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8953]: pam_unix(cron:session): session closed for user root
May  6 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11703]: pam_unix(cron:session): session closed for user samftp
May  6 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10876]: pam_unix(cron:session): session closed for user root
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12090]: pam_unix(cron:session): session closed for user p13x
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: Successful su for rubyman by root
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: + ??? root:rubyman
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337177 of user rubyman.
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12152]: pam_unix(su:session): session closed for user rubyman
May  6 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337177.
May  6 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
May  6 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12091]: pam_unix(cron:session): session closed for user samftp
May  6 00:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11275]: pam_unix(cron:session): session closed for user root
May  6 00:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for root from 218.92.0.179 port 11964 ssh2
May  6 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11964 ssh2]
May  6 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Received disconnect from 218.92.0.179 port 11964:11:  [preauth]
May  6 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Disconnected from 218.92.0.179 port 11964 [preauth]
May  6 00:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session closed for user p13x
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: Successful su for rubyman by root
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: + ??? root:rubyman
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337180 of user rubyman.
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12560]: pam_unix(su:session): session closed for user rubyman
May  6 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337180.
May  6 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session closed for user root
May  6 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session closed for user samftp
May  6 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11705]: pam_unix(cron:session): session closed for user root
May  6 00:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Failed password for root from 218.92.0.179 port 32437 ssh2
May  6 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32437 ssh2]
May  6 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Received disconnect from 218.92.0.179 port 32437:11:  [preauth]
May  6 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: Disconnected from 218.92.0.179 port 32437 [preauth]
May  6 00:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12856]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12885]: pam_unix(cron:session): session closed for user p13x
May  6 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12943]: Successful su for rubyman by root
May  6 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12943]: + ??? root:rubyman
May  6 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337185 of user rubyman.
May  6 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12943]: pam_unix(su:session): session closed for user rubyman
May  6 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337185.
May  6 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user root
May  6 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12886]: pam_unix(cron:session): session closed for user samftp
May  6 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12095]: pam_unix(cron:session): session closed for user root
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13284]: pam_unix(cron:session): session closed for user root
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session closed for user p13x
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: Successful su for rubyman by root
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: + ??? root:rubyman
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337192 of user rubyman.
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13348]: pam_unix(su:session): session closed for user rubyman
May  6 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337192.
May  6 00:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session closed for user root
May  6 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10875]: pam_unix(cron:session): session closed for user root
May  6 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session closed for user samftp
May  6 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12504]: pam_unix(cron:session): session closed for user root
May  6 00:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 00:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Failed password for root from 103.226.139.67 port 35410 ssh2
May  6 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Received disconnect from 103.226.139.67 port 35410:11: Bye Bye [preauth]
May  6 00:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13804]: Disconnected from 103.226.139.67 port 35410 [preauth]
May  6 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session closed for user p13x
May  6 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13893]: Successful su for rubyman by root
May  6 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13893]: + ??? root:rubyman
May  6 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337196 of user rubyman.
May  6 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13893]: pam_unix(su:session): session closed for user rubyman
May  6 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337196.
May  6 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session closed for user root
May  6 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user samftp
May  6 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12888]: pam_unix(cron:session): session closed for user root
May  6 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14224]: pam_unix(cron:session): session closed for user p13x
May  6 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: Successful su for rubyman by root
May  6 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: + ??? root:rubyman
May  6 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337199 of user rubyman.
May  6 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session closed for user rubyman
May  6 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337199.
May  6 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11704]: pam_unix(cron:session): session closed for user root
May  6 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14225]: pam_unix(cron:session): session closed for user samftp
May  6 00:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session closed for user root
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14629]: pam_unix(cron:session): session closed for user p13x
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14691]: Successful su for rubyman by root
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14691]: + ??? root:rubyman
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337204 of user rubyman.
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14691]: pam_unix(su:session): session closed for user rubyman
May  6 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337204.
May  6 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12094]: pam_unix(cron:session): session closed for user root
May  6 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14630]: pam_unix(cron:session): session closed for user samftp
May  6 00:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session closed for user root
May  6 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session closed for user p13x
May  6 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: Successful su for rubyman by root
May  6 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: + ??? root:rubyman
May  6 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337206 of user rubyman.
May  6 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: pam_unix(su:session): session closed for user rubyman
May  6 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337206.
May  6 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12503]: pam_unix(cron:session): session closed for user root
May  6 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user samftp
May  6 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session closed for user root
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15429]: pam_unix(cron:session): session closed for user root
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session closed for user root
May  6 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15422]: pam_unix(cron:session): session closed for user p13x
May  6 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: Successful su for rubyman by root
May  6 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: + ??? root:rubyman
May  6 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337214 of user rubyman.
May  6 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15519]: pam_unix(su:session): session closed for user rubyman
May  6 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337214.
May  6 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12887]: pam_unix(cron:session): session closed for user root
May  6 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session closed for user root
May  6 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15424]: pam_unix(cron:session): session closed for user samftp
May  6 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14632]: pam_unix(cron:session): session closed for user root
May  6 01:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Failed password for root from 218.92.0.179 port 29146 ssh2
May  6 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 29146 ssh2]
May  6 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Received disconnect from 218.92.0.179 port 29146:11:  [preauth]
May  6 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Disconnected from 218.92.0.179 port 29146 [preauth]
May  6 01:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session closed for user p13x
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15983]: Successful su for rubyman by root
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15983]: + ??? root:rubyman
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337218 of user rubyman.
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15983]: pam_unix(su:session): session closed for user rubyman
May  6 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337218.
May  6 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Invalid user ubnt from 80.94.95.241
May  6 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: input_userauth_request: invalid user ubnt [preauth]
May  6 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 01:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session closed for user root
May  6 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15918]: pam_unix(cron:session): session closed for user samftp
May  6 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user ubnt from 80.94.95.241 port 36115 ssh2
May  6 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user ubnt from 80.94.95.241 port 36115 ssh2
May  6 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user ubnt from 80.94.95.241 port 36115 ssh2
May  6 01:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user ubnt from 80.94.95.241 port 36115 ssh2
May  6 01:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for invalid user ubnt from 80.94.95.241 port 36115 ssh2
May  6 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Received disconnect from 80.94.95.241 port 36115:11: Bye [preauth]
May  6 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Disconnected from 80.94.95.241 port 36115 [preauth]
May  6 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 01:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session closed for user root
May  6 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user p13x
May  6 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: Successful su for rubyman by root
May  6 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: + ??? root:rubyman
May  6 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337221 of user rubyman.
May  6 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16362]: pam_unix(su:session): session closed for user rubyman
May  6 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337221.
May  6 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session closed for user root
May  6 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user samftp
May  6 01:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Invalid user help from 103.226.139.67
May  6 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: input_userauth_request: invalid user help [preauth]
May  6 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  6 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Failed password for invalid user help from 103.226.139.67 port 36150 ssh2
May  6 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Received disconnect from 103.226.139.67 port 36150:11: Bye Bye [preauth]
May  6 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Disconnected from 103.226.139.67 port 36150 [preauth]
May  6 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session closed for user root
May  6 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16760]: pam_unix(cron:session): session closed for user p13x
May  6 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16820]: Successful su for rubyman by root
May  6 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16820]: + ??? root:rubyman
May  6 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337226 of user rubyman.
May  6 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16820]: pam_unix(su:session): session closed for user rubyman
May  6 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337226.
May  6 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14226]: pam_unix(cron:session): session closed for user root
May  6 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16761]: pam_unix(cron:session): session closed for user samftp
May  6 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15920]: pam_unix(cron:session): session closed for user root
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17181]: pam_unix(cron:session): session closed for user p13x
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17244]: Successful su for rubyman by root
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17244]: + ??? root:rubyman
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337230 of user rubyman.
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17244]: pam_unix(su:session): session closed for user rubyman
May  6 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337230.
May  6 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14631]: pam_unix(cron:session): session closed for user root
May  6 01:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session closed for user samftp
May  6 01:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16305]: pam_unix(cron:session): session closed for user root
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17595]: pam_unix(cron:session): session closed for user root
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17590]: pam_unix(cron:session): session closed for user p13x
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: Successful su for rubyman by root
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: + ??? root:rubyman
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337235 of user rubyman.
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17663]: pam_unix(su:session): session closed for user rubyman
May  6 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337235.
May  6 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17592]: pam_unix(cron:session): session closed for user root
May  6 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15040]: pam_unix(cron:session): session closed for user root
May  6 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session closed for user samftp
May  6 01:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Invalid user sunwei from 50.235.31.47
May  6 01:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: input_userauth_request: invalid user sunwei [preauth]
May  6 01:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Failed password for invalid user sunwei from 50.235.31.47 port 60808 ssh2
May  6 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18064]: Connection closed by 50.235.31.47 port 60808 [preauth]
May  6 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16763]: pam_unix(cron:session): session closed for user root
May  6 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session closed for user p13x
May  6 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: Successful su for rubyman by root
May  6 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: + ??? root:rubyman
May  6 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337240 of user rubyman.
May  6 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: pam_unix(su:session): session closed for user rubyman
May  6 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337240.
May  6 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session closed for user root
May  6 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session closed for user samftp
May  6 01:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session closed for user root
May  6 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18570]: pam_unix(cron:session): session closed for user p13x
May  6 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18629]: Successful su for rubyman by root
May  6 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18629]: + ??? root:rubyman
May  6 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337243 of user rubyman.
May  6 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18629]: pam_unix(su:session): session closed for user rubyman
May  6 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337243.
May  6 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15919]: pam_unix(cron:session): session closed for user root
May  6 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18571]: pam_unix(cron:session): session closed for user samftp
May  6 01:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18865]: Did not receive identification string from 80.64.18.84
May  6 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17594]: pam_unix(cron:session): session closed for user root
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18972]: pam_unix(cron:session): session closed for user p13x
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19034]: Successful su for rubyman by root
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19034]: + ??? root:rubyman
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337247 of user rubyman.
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19034]: pam_unix(su:session): session closed for user rubyman
May  6 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337247.
May  6 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
May  6 01:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18973]: pam_unix(cron:session): session closed for user samftp
May  6 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18160]: pam_unix(cron:session): session closed for user root
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19379]: pam_unix(cron:session): session closed for user p13x
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: Successful su for rubyman by root
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: + ??? root:rubyman
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337253 of user rubyman.
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: pam_unix(su:session): session closed for user rubyman
May  6 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337253.
May  6 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19377]: pam_unix(cron:session): session closed for user root
May  6 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16762]: pam_unix(cron:session): session closed for user root
May  6 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19380]: pam_unix(cron:session): session closed for user samftp
May  6 01:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19688]: Failed password for root from 103.226.139.67 port 37148 ssh2
May  6 01:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19688]: Received disconnect from 103.226.139.67 port 37148:11: Bye Bye [preauth]
May  6 01:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19688]: Disconnected from 103.226.139.67 port 37148 [preauth]
May  6 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Invalid user  from 80.94.95.125
May  6 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: input_userauth_request: invalid user  [preauth]
May  6 01:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed none for invalid user  from 80.94.95.125 port 50495 ssh2
May  6 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user  from 80.94.95.125 port 50495 ssh2
May  6 01:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user  from 80.94.95.125 port 50495 ssh2
May  6 01:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user  from 80.94.95.125 port 50495 ssh2
May  6 01:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for invalid user  from 80.94.95.125 port 50495 ssh2
May  6 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Received disconnect from 80.94.95.125 port 50495:11: Bye [preauth]
May  6 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Disconnected from 80.94.95.125 port 50495 [preauth]
May  6 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session closed for user root
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session closed for user root
May  6 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session closed for user p13x
May  6 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: Successful su for rubyman by root
May  6 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: + ??? root:rubyman
May  6 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337257 of user rubyman.
May  6 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: pam_unix(su:session): session closed for user rubyman
May  6 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337257.
May  6 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user root
May  6 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session closed for user root
May  6 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user samftp
May  6 01:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Failed password for root from 218.92.0.179 port 11848 ssh2
May  6 01:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11848 ssh2]
May  6 01:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Received disconnect from 218.92.0.179 port 11848:11:  [preauth]
May  6 01:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Disconnected from 218.92.0.179 port 11848 [preauth]
May  6 01:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Invalid user alg from 176.31.162.135
May  6 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: input_userauth_request: invalid user alg [preauth]
May  6 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.162.135
May  6 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18975]: pam_unix(cron:session): session closed for user root
May  6 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Failed password for invalid user alg from 176.31.162.135 port 47670 ssh2
May  6 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Connection closed by 176.31.162.135 port 47670 [preauth]
May  6 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user p13x
May  6 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20396]: Successful su for rubyman by root
May  6 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20396]: + ??? root:rubyman
May  6 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337262 of user rubyman.
May  6 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20396]: pam_unix(su:session): session closed for user rubyman
May  6 01:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337262.
May  6 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17593]: pam_unix(cron:session): session closed for user root
May  6 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user samftp
May  6 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 01:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: Failed password for root from 80.94.95.29 port 47927 ssh2
May  6 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 47927 ssh2]
May  6 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19382]: pam_unix(cron:session): session closed for user root
May  6 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: Failed password for root from 80.94.95.29 port 47927 ssh2
May  6 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: Received disconnect from 80.94.95.29 port 47927:11: Bye [preauth]
May  6 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: Disconnected from 80.94.95.29 port 47927 [preauth]
May  6 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20623]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20735]: pam_unix(cron:session): session closed for user p13x
May  6 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: Successful su for rubyman by root
May  6 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: + ??? root:rubyman
May  6 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337267 of user rubyman.
May  6 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20798]: pam_unix(su:session): session closed for user rubyman
May  6 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337267.
May  6 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18159]: pam_unix(cron:session): session closed for user root
May  6 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session closed for user samftp
May  6 01:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Failed password for root from 193.70.84.184 port 51514 ssh2
May  6 01:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Connection closed by 193.70.84.184 port 51514 [preauth]
May  6 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session closed for user root
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21147]: pam_unix(cron:session): session closed for user p13x
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21226]: Successful su for rubyman by root
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21226]: + ??? root:rubyman
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337270 of user rubyman.
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21226]: pam_unix(su:session): session closed for user rubyman
May  6 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337270.
May  6 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18572]: pam_unix(cron:session): session closed for user root
May  6 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21148]: pam_unix(cron:session): session closed for user samftp
May  6 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user root
May  6 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21597]: pam_unix(cron:session): session closed for user p13x
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: Successful su for rubyman by root
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: + ??? root:rubyman
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337274 of user rubyman.
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session closed for user rubyman
May  6 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337274.
May  6 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18974]: pam_unix(cron:session): session closed for user root
May  6 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21598]: pam_unix(cron:session): session closed for user samftp
May  6 01:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  6 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Failed password for root from 218.92.0.179 port 42245 ssh2
May  6 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Failed password for root from 46.244.96.25 port 58568 ssh2
May  6 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22215]: Connection closed by 46.244.96.25 port 58568 [preauth]
May  6 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Failed password for root from 218.92.0.179 port 42245 ssh2
May  6 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Failed password for root from 218.92.0.179 port 42245 ssh2
May  6 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Received disconnect from 218.92.0.179 port 42245:11:  [preauth]
May  6 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Disconnected from 218.92.0.179 port 42245 [preauth]
May  6 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user root
May  6 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user root
May  6 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22345]: pam_unix(cron:session): session closed for user p13x
May  6 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22432]: Successful su for rubyman by root
May  6 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22432]: + ??? root:rubyman
May  6 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337281 of user rubyman.
May  6 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22432]: pam_unix(su:session): session closed for user rubyman
May  6 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337281.
May  6 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22347]: pam_unix(cron:session): session closed for user root
May  6 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19381]: pam_unix(cron:session): session closed for user root
May  6 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22346]: pam_unix(cron:session): session closed for user samftp
May  6 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21150]: pam_unix(cron:session): session closed for user root
May  6 01:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67  user=root
May  6 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: Failed password for root from 103.226.139.67 port 56456 ssh2
May  6 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: Received disconnect from 103.226.139.67 port 56456:11: Bye Bye [preauth]
May  6 01:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22820]: Disconnected from 103.226.139.67 port 56456 [preauth]
May  6 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session closed for user p13x
May  6 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: Successful su for rubyman by root
May  6 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: + ??? root:rubyman
May  6 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337284 of user rubyman.
May  6 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22911]: pam_unix(su:session): session closed for user rubyman
May  6 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337284.
May  6 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session closed for user root
May  6 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session closed for user samftp
May  6 01:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: Invalid user webmaster from 50.235.31.47
May  6 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: input_userauth_request: invalid user webmaster [preauth]
May  6 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 01:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: Failed password for invalid user webmaster from 50.235.31.47 port 36476 ssh2
May  6 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23196]: Connection closed by 50.235.31.47 port 36476 [preauth]
May  6 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21600]: pam_unix(cron:session): session closed for user root
May  6 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session closed for user p13x
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23455]: Successful su for rubyman by root
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23455]: + ??? root:rubyman
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337288 of user rubyman.
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23455]: pam_unix(su:session): session closed for user rubyman
May  6 01:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337288.
May  6 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user root
May  6 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23297]: pam_unix(cron:session): session closed for user samftp
May  6 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22350]: pam_unix(cron:session): session closed for user root
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session closed for user p13x
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23964]: Successful su for rubyman by root
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23964]: + ??? root:rubyman
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337294 of user rubyman.
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23964]: pam_unix(su:session): session closed for user rubyman
May  6 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337294.
May  6 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session closed for user root
May  6 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session closed for user samftp
May  6 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22837]: pam_unix(cron:session): session closed for user root
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24328]: pam_unix(cron:session): session closed for user p13x
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: Successful su for rubyman by root
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: + ??? root:rubyman
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337298 of user rubyman.
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24394]: pam_unix(su:session): session closed for user rubyman
May  6 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337298.
May  6 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21149]: pam_unix(cron:session): session closed for user root
May  6 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24329]: pam_unix(cron:session): session closed for user samftp
May  6 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23299]: pam_unix(cron:session): session closed for user root
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session closed for user root
May  6 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24752]: pam_unix(cron:session): session closed for user p13x
May  6 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: Successful su for rubyman by root
May  6 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: + ??? root:rubyman
May  6 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337303 of user rubyman.
May  6 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: pam_unix(su:session): session closed for user rubyman
May  6 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337303.
May  6 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21599]: pam_unix(cron:session): session closed for user root
May  6 01:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24754]: pam_unix(cron:session): session closed for user root
May  6 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24753]: pam_unix(cron:session): session closed for user samftp
May  6 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23889]: pam_unix(cron:session): session closed for user root
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session closed for user p13x
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25273]: Successful su for rubyman by root
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25273]: + ??? root:rubyman
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337307 of user rubyman.
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25273]: pam_unix(su:session): session closed for user rubyman
May  6 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337307.
May  6 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22348]: pam_unix(cron:session): session closed for user root
May  6 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session closed for user samftp
May  6 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session closed for user root
May  6 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session closed for user p13x
May  6 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25720]: Successful su for rubyman by root
May  6 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25720]: + ??? root:rubyman
May  6 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337311 of user rubyman.
May  6 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25720]: pam_unix(su:session): session closed for user rubyman
May  6 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337311.
May  6 01:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session closed for user root
May  6 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session closed for user samftp
May  6 01:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Invalid user mirjam from 103.226.139.67
May  6 01:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: input_userauth_request: invalid user mirjam [preauth]
May  6 01:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.139.67
May  6 01:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Failed password for invalid user mirjam from 103.226.139.67 port 45008 ssh2
May  6 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Received disconnect from 103.226.139.67 port 45008:11: Bye Bye [preauth]
May  6 01:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Disconnected from 103.226.139.67 port 45008 [preauth]
May  6 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24756]: pam_unix(cron:session): session closed for user root
May  6 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26109]: pam_unix(cron:session): session closed for user p13x
May  6 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26171]: Successful su for rubyman by root
May  6 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26171]: + ??? root:rubyman
May  6 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337317 of user rubyman.
May  6 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26171]: pam_unix(su:session): session closed for user rubyman
May  6 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337317.
May  6 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23298]: pam_unix(cron:session): session closed for user root
May  6 01:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26111]: pam_unix(cron:session): session closed for user samftp
May  6 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user root
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26582]: pam_unix(cron:session): session closed for user p13x
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26642]: Successful su for rubyman by root
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26642]: + ??? root:rubyman
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337320 of user rubyman.
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26642]: pam_unix(su:session): session closed for user rubyman
May  6 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337320.
May  6 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session closed for user root
May  6 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26584]: pam_unix(cron:session): session closed for user samftp
May  6 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26904]: Did not receive identification string from 41.129.33.228
May  6 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session closed for user root
May  6 01:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: Invalid user NL5xUDpV2xRa from 41.129.33.228
May  6 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: input_userauth_request: invalid user NL5xUDpV2xRa [preauth]
May  6 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26957]: fatal: ssh_packet_get_string: incomplete message [preauth]
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27044]: pam_unix(cron:session): session closed for user root
May  6 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27038]: pam_unix(cron:session): session closed for user p13x
May  6 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: Successful su for rubyman by root
May  6 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: + ??? root:rubyman
May  6 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337325 of user rubyman.
May  6 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27129]: pam_unix(su:session): session closed for user rubyman
May  6 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337325.
May  6 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27040]: pam_unix(cron:session): session closed for user root
May  6 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24330]: pam_unix(cron:session): session closed for user root
May  6 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session closed for user samftp
May  6 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26113]: pam_unix(cron:session): session closed for user root
May  6 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: Invalid user wj from 103.171.85.231
May  6 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: input_userauth_request: invalid user wj [preauth]
May  6 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.171.85.231
May  6 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: Failed password for invalid user wj from 103.171.85.231 port 44970 ssh2
May  6 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: Received disconnect from 103.171.85.231 port 44970:11: Bye Bye [preauth]
May  6 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27498]: Disconnected from 103.171.85.231 port 44970 [preauth]
May  6 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Invalid user alpha from 190.103.202.7
May  6 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: input_userauth_request: invalid user alpha [preauth]
May  6 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Failed password for invalid user alpha from 190.103.202.7 port 41144 ssh2
May  6 01:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27557]: Connection closed by 190.103.202.7 port 41144 [preauth]
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27567]: pam_unix(cron:session): session closed for user p13x
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27642]: Successful su for rubyman by root
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27642]: + ??? root:rubyman
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337329 of user rubyman.
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27642]: pam_unix(su:session): session closed for user rubyman
May  6 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337329.
May  6 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24755]: pam_unix(cron:session): session closed for user root
May  6 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user samftp
May  6 01:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Invalid user admin from 80.94.95.112
May  6 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: input_userauth_request: invalid user admin [preauth]
May  6 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Failed password for invalid user admin from 80.94.95.112 port 9884 ssh2
May  6 01:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Failed password for invalid user admin from 80.94.95.112 port 9884 ssh2
May  6 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Failed password for invalid user admin from 80.94.95.112 port 9884 ssh2
May  6 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Failed password for invalid user admin from 80.94.95.112 port 9884 ssh2
May  6 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Failed password for invalid user admin from 80.94.95.112 port 9884 ssh2
May  6 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Received disconnect from 80.94.95.112 port 9884:11: Bye [preauth]
May  6 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: Disconnected from 80.94.95.112 port 9884 [preauth]
May  6 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27825]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26586]: pam_unix(cron:session): session closed for user root
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session closed for user p13x
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: Successful su for rubyman by root
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: + ??? root:rubyman
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337334 of user rubyman.
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session closed for user rubyman
May  6 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337334.
May  6 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user root
May  6 01:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27985]: pam_unix(cron:session): session closed for user samftp
May  6 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27043]: pam_unix(cron:session): session closed for user root
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session closed for user p13x
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28446]: Successful su for rubyman by root
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28446]: + ??? root:rubyman
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337337 of user rubyman.
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28446]: pam_unix(su:session): session closed for user rubyman
May  6 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337337.
May  6 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25634]: pam_unix(cron:session): session closed for user root
May  6 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28387]: pam_unix(cron:session): session closed for user samftp
May  6 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28779]: pam_unix(cron:session): session closed for user p13x
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: Successful su for rubyman by root
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: + ??? root:rubyman
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337342 of user rubyman.
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28844]: pam_unix(su:session): session closed for user rubyman
May  6 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337342.
May  6 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26112]: pam_unix(cron:session): session closed for user root
May  6 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28780]: pam_unix(cron:session): session closed for user samftp
May  6 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session closed for user root
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29296]: pam_unix(cron:session): session closed for user root
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29290]: pam_unix(cron:session): session closed for user p13x
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: Successful su for rubyman by root
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: + ??? root:rubyman
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337347 of user rubyman.
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29362]: pam_unix(su:session): session closed for user rubyman
May  6 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337347.
May  6 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29293]: pam_unix(cron:session): session closed for user root
May  6 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26585]: pam_unix(cron:session): session closed for user root
May  6 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29292]: pam_unix(cron:session): session closed for user samftp
May  6 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28389]: pam_unix(cron:session): session closed for user root
May  6 01:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Invalid user admin from 139.19.117.131
May  6 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: input_userauth_request: invalid user admin [preauth]
May  6 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user p13x
May  6 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: Successful su for rubyman by root
May  6 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: + ??? root:rubyman
May  6 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337352 of user rubyman.
May  6 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: pam_unix(su:session): session closed for user rubyman
May  6 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337352.
May  6 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27041]: pam_unix(cron:session): session closed for user root
May  6 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user samftp
May  6 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29726]: Connection closed by 139.19.117.131 port 40508 [preauth]
May  6 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28782]: pam_unix(cron:session): session closed for user root
May  6 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Failed password for root from 218.92.0.179 port 36787 ssh2
May  6 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36787 ssh2]
May  6 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Received disconnect from 218.92.0.179 port 36787:11:  [preauth]
May  6 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Disconnected from 218.92.0.179 port 36787 [preauth]
May  6 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30140]: pam_unix(cron:session): session closed for user p13x
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30201]: Successful su for rubyman by root
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30201]: + ??? root:rubyman
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337356 of user rubyman.
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30201]: pam_unix(su:session): session closed for user rubyman
May  6 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337356.
May  6 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user root
May  6 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30141]: pam_unix(cron:session): session closed for user samftp
May  6 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29295]: pam_unix(cron:session): session closed for user root
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30532]: pam_unix(cron:session): session closed for user p13x
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: Successful su for rubyman by root
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: + ??? root:rubyman
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337359 of user rubyman.
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: pam_unix(su:session): session closed for user rubyman
May  6 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337359.
May  6 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session closed for user root
May  6 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30533]: pam_unix(cron:session): session closed for user samftp
May  6 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29732]: pam_unix(cron:session): session closed for user root
May  6 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30949]: pam_unix(cron:session): session closed for user p13x
May  6 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: Successful su for rubyman by root
May  6 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: + ??? root:rubyman
May  6 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337364 of user rubyman.
May  6 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31089]: pam_unix(su:session): session closed for user rubyman
May  6 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337364.
May  6 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session closed for user root
May  6 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30988]: pam_unix(cron:session): session closed for user samftp
May  6 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session closed for user root
May  6 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Failed password for root from 218.92.0.179 port 62350 ssh2
May  6 01:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62350 ssh2]
May  6 01:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Received disconnect from 218.92.0.179 port 62350:11:  [preauth]
May  6 01:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: Disconnected from 218.92.0.179 port 62350 [preauth]
May  6 01:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31382]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31431]: pam_unix(cron:session): session closed for user p13x
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: Successful su for rubyman by root
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: + ??? root:rubyman
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337368 of user rubyman.
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31506]: pam_unix(su:session): session closed for user rubyman
May  6 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337368.
May  6 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31433]: pam_unix(cron:session): session closed for user root
May  6 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28781]: pam_unix(cron:session): session closed for user root
May  6 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31432]: pam_unix(cron:session): session closed for user samftp
May  6 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Invalid user wangfei from 104.248.3.129
May  6 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: input_userauth_request: invalid user wangfei [preauth]
May  6 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 01:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Failed password for invalid user wangfei from 104.248.3.129 port 55166 ssh2
May  6 01:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Received disconnect from 104.248.3.129 port 55166:11: Bye Bye [preauth]
May  6 01:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31803]: Disconnected from 104.248.3.129 port 55166 [preauth]
May  6 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user root
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session closed for user p13x
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32071]: Successful su for rubyman by root
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32071]: + ??? root:rubyman
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337375 of user rubyman.
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32071]: pam_unix(su:session): session closed for user rubyman
May  6 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337375.
May  6 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29294]: pam_unix(cron:session): session closed for user root
May  6 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session closed for user samftp
May  6 01:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32489]: Failed password for root from 180.252.231.212 port 35724 ssh2
May  6 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32489]: Received disconnect from 180.252.231.212 port 35724:11: Bye Bye [preauth]
May  6 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32489]: Disconnected from 180.252.231.212 port 35724 [preauth]
May  6 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30990]: pam_unix(cron:session): session closed for user root
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32722]: pam_unix(cron:session): session closed for user p13x
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: Successful su for rubyman by root
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: + ??? root:rubyman
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337378 of user rubyman.
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[331]: pam_unix(su:session): session closed for user rubyman
May  6 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337378.
May  6 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
May  6 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32723]: pam_unix(cron:session): session closed for user samftp
May  6 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user root
May  6 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[759]: pam_unix(cron:session): session closed for user p13x
May  6 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: Successful su for rubyman by root
May  6 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: + ??? root:rubyman
May  6 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337382 of user rubyman.
May  6 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[831]: pam_unix(su:session): session closed for user rubyman
May  6 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337382.
May  6 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session closed for user root
May  6 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[760]: pam_unix(cron:session): session closed for user samftp
May  6 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session closed for user root
May  6 01:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Invalid user ubnt from 80.94.95.241
May  6 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: input_userauth_request: invalid user ubnt [preauth]
May  6 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 01:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user ubnt from 80.94.95.241 port 27646 ssh2
May  6 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user ubnt from 80.94.95.241 port 27646 ssh2
May  6 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user ubnt from 80.94.95.241 port 27646 ssh2
May  6 01:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session closed for user p13x
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: Successful su for rubyman by root
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: + ??? root:rubyman
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337385 of user rubyman.
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1375]: pam_unix(su:session): session closed for user rubyman
May  6 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337385.
May  6 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user ubnt from 80.94.95.241 port 27646 ssh2
May  6 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session closed for user root
May  6 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user ubnt from 80.94.95.241 port 27646 ssh2
May  6 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Received disconnect from 80.94.95.241 port 27646:11: Bye [preauth]
May  6 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Disconnected from 80.94.95.241 port 27646 [preauth]
May  6 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30534]: pam_unix(cron:session): session closed for user root
May  6 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session closed for user samftp
May  6 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32726]: pam_unix(cron:session): session closed for user root
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session closed for user root
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1822]: pam_unix(cron:session): session closed for user p13x
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1910]: Successful su for rubyman by root
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1910]: + ??? root:rubyman
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337390 of user rubyman.
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1910]: pam_unix(su:session): session closed for user rubyman
May  6 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337390.
May  6 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1824]: pam_unix(cron:session): session closed for user root
May  6 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30989]: pam_unix(cron:session): session closed for user root
May  6 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1823]: pam_unix(cron:session): session closed for user samftp
May  6 01:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[762]: pam_unix(cron:session): session closed for user root
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session closed for user p13x
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: Successful su for rubyman by root
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: + ??? root:rubyman
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337396 of user rubyman.
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: pam_unix(su:session): session closed for user rubyman
May  6 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337396.
May  6 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session closed for user root
May  6 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session closed for user samftp
May  6 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1241]: pam_unix(cron:session): session closed for user root
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2797]: pam_unix(cron:session): session closed for user p13x
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: Successful su for rubyman by root
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: + ??? root:rubyman
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337400 of user rubyman.
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2862]: pam_unix(su:session): session closed for user rubyman
May  6 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337400.
May  6 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session closed for user root
May  6 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2798]: pam_unix(cron:session): session closed for user samftp
May  6 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1827]: pam_unix(cron:session): session closed for user root
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3203]: pam_unix(cron:session): session closed for user p13x
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3265]: Successful su for rubyman by root
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3265]: + ??? root:rubyman
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337405 of user rubyman.
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3265]: pam_unix(su:session): session closed for user rubyman
May  6 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337405.
May  6 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32725]: pam_unix(cron:session): session closed for user root
May  6 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3204]: pam_unix(cron:session): session closed for user samftp
May  6 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session closed for user root
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user p13x
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3709]: Successful su for rubyman by root
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3709]: + ??? root:rubyman
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337410 of user rubyman.
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3709]: pam_unix(su:session): session closed for user rubyman
May  6 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337410.
May  6 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[761]: pam_unix(cron:session): session closed for user root
May  6 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session closed for user samftp
May  6 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Invalid user test1 from 104.248.3.129
May  6 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: input_userauth_request: invalid user test1 [preauth]
May  6 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 01:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user test1 from 104.248.3.129 port 58180 ssh2
May  6 01:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Received disconnect from 104.248.3.129 port 58180:11: Bye Bye [preauth]
May  6 01:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Disconnected from 104.248.3.129 port 58180 [preauth]
May  6 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2800]: pam_unix(cron:session): session closed for user root
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4090]: pam_unix(cron:session): session closed for user root
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4084]: pam_unix(cron:session): session closed for user p13x
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: Successful su for rubyman by root
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: + ??? root:rubyman
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337414 of user rubyman.
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4154]: pam_unix(su:session): session closed for user rubyman
May  6 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337414.
May  6 01:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4086]: pam_unix(cron:session): session closed for user root
May  6 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session closed for user root
May  6 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4085]: pam_unix(cron:session): session closed for user samftp
May  6 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  6 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59267 ssh2]
May  6 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Received disconnect from 218.92.0.179 port 59267:11:  [preauth]
May  6 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: Disconnected from 218.92.0.179 port 59267 [preauth]
May  6 01:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4558]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session closed for user root
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4680]: pam_unix(cron:session): session closed for user p13x
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4749]: Successful su for rubyman by root
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4749]: + ??? root:rubyman
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337418 of user rubyman.
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4749]: pam_unix(su:session): session closed for user rubyman
May  6 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337418.
May  6 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1825]: pam_unix(cron:session): session closed for user root
May  6 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4681]: pam_unix(cron:session): session closed for user samftp
May  6 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3653]: pam_unix(cron:session): session closed for user root
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session closed for user p13x
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5356]: Successful su for rubyman by root
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5356]: + ??? root:rubyman
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337425 of user rubyman.
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5356]: pam_unix(su:session): session closed for user rubyman
May  6 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337425.
May  6 01:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user root
May  6 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: Invalid user ceshi3 from 180.252.231.212
May  6 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: input_userauth_request: invalid user ceshi3 [preauth]
May  6 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5296]: pam_unix(cron:session): session closed for user samftp
May  6 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: Failed password for invalid user ceshi3 from 180.252.231.212 port 60052 ssh2
May  6 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: Received disconnect from 180.252.231.212 port 60052:11: Bye Bye [preauth]
May  6 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5466]: Disconnected from 180.252.231.212 port 60052 [preauth]
May  6 01:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  6 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Failed password for root from 218.92.0.205 port 58700 ssh2
May  6 01:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4089]: pam_unix(cron:session): session closed for user root
May  6 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5768]: pam_unix(cron:session): session closed for user p13x
May  6 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: Successful su for rubyman by root
May  6 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: + ??? root:rubyman
May  6 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337427 of user rubyman.
May  6 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5916]: pam_unix(su:session): session closed for user rubyman
May  6 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337427.
May  6 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2799]: pam_unix(cron:session): session closed for user root
May  6 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5769]: pam_unix(cron:session): session closed for user samftp
May  6 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Invalid user 1234 from 80.94.95.125
May  6 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: input_userauth_request: invalid user 1234 [preauth]
May  6 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 01:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user 1234 from 80.94.95.125 port 57812 ssh2
May  6 01:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user 1234 from 80.94.95.125 port 57812 ssh2
May  6 01:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6153]: Connection closed by 165.22.131.254 port 48778 [preauth]
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: fatal: Unable to negotiate with 165.22.131.254 port 48762: no matching host key type found. Their offer: ssh-dss [preauth]
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: Connection closed by 165.22.131.254 port 48790 [preauth]
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6155]: fatal: Unable to negotiate with 165.22.131.254 port 48804: no matching host key type found. Their offer: ssh-ed25519 [preauth]
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: fatal: Unable to negotiate with 165.22.131.254 port 48806: no matching host key type found. Their offer: sk-ecdsa-sha2-nistp256@openssh.com [preauth]
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6157]: fatal: Unable to negotiate with 165.22.131.254 port 48814: no matching host key type found. Their offer: sk-ssh-ed25519@openssh.com [preauth]
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user 1234 from 80.94.95.125 port 57812 ssh2
May  6 01:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user 1234 from 80.94.95.125 port 57812 ssh2
May  6 01:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user 1234 from 80.94.95.125 port 57812 ssh2
May  6 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Received disconnect from 80.94.95.125 port 57812:11: Bye [preauth]
May  6 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Disconnected from 80.94.95.125 port 57812 [preauth]
May  6 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 01:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4683]: pam_unix(cron:session): session closed for user root
May  6 01:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Invalid user onkar from 14.103.127.80
May  6 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: input_userauth_request: invalid user onkar [preauth]
May  6 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Failed password for invalid user onkar from 14.103.127.80 port 49340 ssh2
May  6 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Received disconnect from 14.103.127.80 port 49340:11: Bye Bye [preauth]
May  6 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Disconnected from 14.103.127.80 port 49340 [preauth]
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session closed for user p13x
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: Successful su for rubyman by root
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: + ??? root:rubyman
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337431 of user rubyman.
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6352]: pam_unix(su:session): session closed for user rubyman
May  6 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337431.
May  6 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session closed for user root
May  6 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6291]: pam_unix(cron:session): session closed for user samftp
May  6 01:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: Invalid user kspark from 104.248.3.129
May  6 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: input_userauth_request: invalid user kspark [preauth]
May  6 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 01:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: Failed password for invalid user kspark from 104.248.3.129 port 46762 ssh2
May  6 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: Received disconnect from 104.248.3.129 port 46762:11: Bye Bye [preauth]
May  6 01:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: Disconnected from 104.248.3.129 port 46762 [preauth]
May  6 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5298]: pam_unix(cron:session): session closed for user root
May  6 01:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6693]: Did not receive identification string from 198.58.109.39
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6700]: pam_unix(cron:session): session closed for user root
May  6 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6695]: pam_unix(cron:session): session closed for user p13x
May  6 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: Successful su for rubyman by root
May  6 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: + ??? root:rubyman
May  6 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337435 of user rubyman.
May  6 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: pam_unix(su:session): session closed for user rubyman
May  6 01:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337435.
May  6 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session closed for user root
May  6 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6697]: pam_unix(cron:session): session closed for user root
May  6 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.28.24.69  user=root
May  6 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6696]: pam_unix(cron:session): session closed for user samftp
May  6 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Failed password for root from 46.28.24.69 port 56160 ssh2
May  6 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Received disconnect from 46.28.24.69 port 56160:11: Bye Bye [preauth]
May  6 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Disconnected from 46.28.24.69 port 56160 [preauth]
May  6 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user root
May  6 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7242]: pam_unix(cron:session): session closed for user p13x
May  6 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: Successful su for rubyman by root
May  6 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: + ??? root:rubyman
May  6 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337440 of user rubyman.
May  6 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: pam_unix(su:session): session closed for user rubyman
May  6 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337440.
May  6 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4087]: pam_unix(cron:session): session closed for user root
May  6 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7243]: pam_unix(cron:session): session closed for user samftp
May  6 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6293]: pam_unix(cron:session): session closed for user root
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7752]: pam_unix(cron:session): session closed for user p13x
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7825]: Successful su for rubyman by root
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7825]: + ??? root:rubyman
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337445 of user rubyman.
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7825]: pam_unix(su:session): session closed for user rubyman
May  6 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337445.
May  6 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4682]: pam_unix(cron:session): session closed for user root
May  6 01:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7753]: pam_unix(cron:session): session closed for user samftp
May  6 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6699]: pam_unix(cron:session): session closed for user root
May  6 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session closed for user p13x
May  6 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8252]: Successful su for rubyman by root
May  6 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8252]: + ??? root:rubyman
May  6 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337448 of user rubyman.
May  6 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8252]: pam_unix(su:session): session closed for user rubyman
May  6 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337448.
May  6 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5297]: pam_unix(cron:session): session closed for user root
May  6 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session closed for user samftp
May  6 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8449]: Failed password for root from 180.252.231.212 port 48962 ssh2
May  6 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8449]: Received disconnect from 180.252.231.212 port 48962:11: Bye Bye [preauth]
May  6 01:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8449]: Disconnected from 180.252.231.212 port 48962 [preauth]
May  6 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session closed for user root
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session closed for user p13x
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: Successful su for rubyman by root
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: + ??? root:rubyman
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337452 of user rubyman.
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8670]: pam_unix(su:session): session closed for user rubyman
May  6 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337452.
May  6 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session closed for user root
May  6 01:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session closed for user samftp
May  6 01:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Invalid user ub from 104.248.3.129
May  6 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: input_userauth_request: invalid user ub [preauth]
May  6 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 01:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Failed password for invalid user ub from 104.248.3.129 port 34512 ssh2
May  6 01:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Received disconnect from 104.248.3.129 port 34512:11: Bye Bye [preauth]
May  6 01:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Disconnected from 104.248.3.129 port 34512 [preauth]
May  6 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session closed for user root
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9028]: pam_unix(cron:session): session closed for user root
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9023]: pam_unix(cron:session): session closed for user p13x
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: Successful su for rubyman by root
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: + ??? root:rubyman
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337457 of user rubyman.
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9093]: pam_unix(su:session): session closed for user rubyman
May  6 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337457.
May  6 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9025]: pam_unix(cron:session): session closed for user root
May  6 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6292]: pam_unix(cron:session): session closed for user root
May  6 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9024]: pam_unix(cron:session): session closed for user samftp
May  6 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session closed for user root
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session closed for user p13x
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: Successful su for rubyman by root
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: + ??? root:rubyman
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337463 of user rubyman.
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9642]: pam_unix(su:session): session closed for user rubyman
May  6 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337463.
May  6 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6698]: pam_unix(cron:session): session closed for user root
May  6 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session closed for user samftp
May  6 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8609]: pam_unix(cron:session): session closed for user root
May  6 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session closed for user p13x
May  6 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10056]: Successful su for rubyman by root
May  6 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10056]: + ??? root:rubyman
May  6 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337467 of user rubyman.
May  6 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10056]: pam_unix(su:session): session closed for user rubyman
May  6 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337467.
May  6 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7244]: pam_unix(cron:session): session closed for user root
May  6 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session closed for user samftp
May  6 01:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Bad protocol version identification 'GET / HTTP/1.1' from 148.113.210.228 port 56907
May  6 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9027]: pam_unix(cron:session): session closed for user root
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10485]: pam_unix(cron:session): session closed for user p13x
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10552]: Successful su for rubyman by root
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10552]: + ??? root:rubyman
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337470 of user rubyman.
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10552]: pam_unix(su:session): session closed for user rubyman
May  6 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337470.
May  6 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session closed for user root
May  6 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session closed for user samftp
May  6 01:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9575]: pam_unix(cron:session): session closed for user root
May  6 01:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Invalid user user from 46.28.24.69
May  6 01:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: input_userauth_request: invalid user user [preauth]
May  6 01:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.28.24.69
May  6 01:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Failed password for invalid user user from 46.28.24.69 port 51506 ssh2
May  6 01:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Received disconnect from 46.28.24.69 port 51506:11: Bye Bye [preauth]
May  6 01:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10898]: Disconnected from 46.28.24.69 port 51506 [preauth]
May  6 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10945]: pam_unix(cron:session): session closed for user p13x
May  6 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11002]: Successful su for rubyman by root
May  6 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11002]: + ??? root:rubyman
May  6 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337474 of user rubyman.
May  6 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11002]: pam_unix(su:session): session closed for user rubyman
May  6 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337474.
May  6 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session closed for user root
May  6 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10946]: pam_unix(cron:session): session closed for user samftp
May  6 01:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129  user=root
May  6 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Failed password for root from 104.248.3.129 port 59034 ssh2
May  6 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Received disconnect from 104.248.3.129 port 59034:11: Bye Bye [preauth]
May  6 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11200]: Disconnected from 104.248.3.129 port 59034 [preauth]
May  6 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Invalid user sheepdog from 180.252.231.212
May  6 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: input_userauth_request: invalid user sheepdog [preauth]
May  6 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: pam_unix(sshd:auth): check pass; user unknown
May  6 01:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Failed password for invalid user sheepdog from 180.252.231.212 port 50222 ssh2
May  6 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Received disconnect from 180.252.231.212 port 50222:11: Bye Bye [preauth]
May  6 01:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Disconnected from 180.252.231.212 port 50222 [preauth]
May  6 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session closed for user root
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session closed for user root
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11351]: pam_unix(cron:session): session closed for user root
May  6 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11349]: pam_unix(cron:session): session closed for user p13x
May  6 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11440]: Successful su for rubyman by root
May  6 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11440]: + ??? root:rubyman
May  6 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337480 of user rubyman.
May  6 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11440]: pam_unix(su:session): session closed for user rubyman
May  6 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337480.
May  6 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session closed for user root
May  6 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session closed for user root
May  6 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session closed for user samftp
May  6 02:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: Failed password for root from 218.92.0.179 port 56502 ssh2
May  6 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56502 ssh2]
May  6 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: Received disconnect from 218.92.0.179 port 56502:11:  [preauth]
May  6 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: Disconnected from 218.92.0.179 port 56502 [preauth]
May  6 02:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11696]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session closed for user root
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session closed for user p13x
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11913]: Successful su for rubyman by root
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11913]: + ??? root:rubyman
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337486 of user rubyman.
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11913]: pam_unix(su:session): session closed for user rubyman
May  6 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337486.
May  6 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9026]: pam_unix(cron:session): session closed for user root
May  6 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user samftp
May  6 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10948]: pam_unix(cron:session): session closed for user root
May  6 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12235]: pam_unix(cron:session): session closed for user p13x
May  6 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: Successful su for rubyman by root
May  6 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: + ??? root:rubyman
May  6 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337491 of user rubyman.
May  6 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12300]: pam_unix(su:session): session closed for user rubyman
May  6 02:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337491.
May  6 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9574]: pam_unix(cron:session): session closed for user root
May  6 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12236]: pam_unix(cron:session): session closed for user samftp
May  6 02:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Invalid user admin from 80.94.95.112
May  6 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: input_userauth_request: invalid user admin [preauth]
May  6 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 02:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user admin from 80.94.95.112 port 10026 ssh2
May  6 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user admin from 80.94.95.112 port 10026 ssh2
May  6 02:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user admin from 80.94.95.112 port 10026 ssh2
May  6 02:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user admin from 80.94.95.112 port 10026 ssh2
May  6 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Failed password for invalid user admin from 80.94.95.112 port 10026 ssh2
May  6 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Received disconnect from 80.94.95.112 port 10026:11: Bye [preauth]
May  6 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: Disconnected from 80.94.95.112 port 10026 [preauth]
May  6 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 02:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12509]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session closed for user root
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12634]: pam_unix(cron:session): session closed for user p13x
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12693]: Successful su for rubyman by root
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12693]: + ??? root:rubyman
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337495 of user rubyman.
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12693]: pam_unix(su:session): session closed for user rubyman
May  6 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337495.
May  6 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session closed for user root
May  6 02:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12635]: pam_unix(cron:session): session closed for user samftp
May  6 02:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user root
May  6 02:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Invalid user fubo from 104.248.3.129
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: input_userauth_request: invalid user fubo [preauth]
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session closed for user p13x
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13096]: Successful su for rubyman by root
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13096]: + ??? root:rubyman
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337498 of user rubyman.
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13096]: pam_unix(su:session): session closed for user rubyman
May  6 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337498.
May  6 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Failed password for invalid user fubo from 104.248.3.129 port 59142 ssh2
May  6 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Received disconnect from 104.248.3.129 port 59142:11: Bye Bye [preauth]
May  6 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13019]: Disconnected from 104.248.3.129 port 59142 [preauth]
May  6 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session closed for user root
May  6 02:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session closed for user samftp
May  6 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12238]: pam_unix(cron:session): session closed for user root
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session closed for user root
May  6 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session closed for user p13x
May  6 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13595]: Successful su for rubyman by root
May  6 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13595]: + ??? root:rubyman
May  6 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337503 of user rubyman.
May  6 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13595]: pam_unix(su:session): session closed for user rubyman
May  6 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337503.
May  6 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13430]: pam_unix(cron:session): session closed for user root
May  6 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10947]: pam_unix(cron:session): session closed for user root
May  6 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session closed for user samftp
May  6 02:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Failed password for root from 180.252.231.212 port 46452 ssh2
May  6 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Received disconnect from 180.252.231.212 port 46452:11: Bye Bye [preauth]
May  6 02:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13851]: Disconnected from 180.252.231.212 port 46452 [preauth]
May  6 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12637]: pam_unix(cron:session): session closed for user root
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user p13x
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: Successful su for rubyman by root
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: + ??? root:rubyman
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337510 of user rubyman.
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14034]: pam_unix(su:session): session closed for user rubyman
May  6 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337510.
May  6 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session closed for user root
May  6 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user samftp
May  6 02:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user root
May  6 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14374]: pam_unix(cron:session): session closed for user p13x
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: Successful su for rubyman by root
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: + ??? root:rubyman
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337511 of user rubyman.
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14434]: pam_unix(su:session): session closed for user rubyman
May  6 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337511.
May  6 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
May  6 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14375]: pam_unix(cron:session): session closed for user samftp
May  6 02:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13432]: pam_unix(cron:session): session closed for user root
May  6 02:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Failed password for root from 45.152.112.15 port 39892 ssh2
May  6 02:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14767]: Connection closed by 45.152.112.15 port 39892 [preauth]
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14778]: pam_unix(cron:session): session closed for user p13x
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14838]: Successful su for rubyman by root
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14838]: + ??? root:rubyman
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337515 of user rubyman.
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14838]: pam_unix(su:session): session closed for user rubyman
May  6 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337515.
May  6 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12237]: pam_unix(cron:session): session closed for user root
May  6 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14779]: pam_unix(cron:session): session closed for user samftp
May  6 02:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13967]: pam_unix(cron:session): session closed for user root
May  6 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Invalid user moussa from 14.103.127.80
May  6 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: input_userauth_request: invalid user moussa [preauth]
May  6 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Failed password for invalid user moussa from 14.103.127.80 port 39716 ssh2
May  6 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Received disconnect from 14.103.127.80 port 39716:11: Bye Bye [preauth]
May  6 02:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Disconnected from 14.103.127.80 port 39716 [preauth]
May  6 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Invalid user wangwei from 104.248.3.129
May  6 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: input_userauth_request: invalid user wangwei [preauth]
May  6 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Failed password for invalid user wangwei from 104.248.3.129 port 37956 ssh2
May  6 02:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Received disconnect from 104.248.3.129 port 37956:11: Bye Bye [preauth]
May  6 02:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15157]: Disconnected from 104.248.3.129 port 37956 [preauth]
May  6 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15178]: pam_unix(cron:session): session closed for user p13x
May  6 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: Successful su for rubyman by root
May  6 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: + ??? root:rubyman
May  6 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337519 of user rubyman.
May  6 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15296]: pam_unix(su:session): session closed for user rubyman
May  6 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337519.
May  6 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15175]: pam_unix(cron:session): session closed for user root
May  6 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12636]: pam_unix(cron:session): session closed for user root
May  6 02:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15179]: pam_unix(cron:session): session closed for user samftp
May  6 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14377]: pam_unix(cron:session): session closed for user root
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15658]: pam_unix(cron:session): session closed for user root
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session closed for user p13x
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15725]: Successful su for rubyman by root
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15725]: + ??? root:rubyman
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337526 of user rubyman.
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15725]: pam_unix(su:session): session closed for user rubyman
May  6 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337526.
May  6 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session closed for user root
May  6 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user root
May  6 02:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session closed for user samftp
May  6 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session closed for user root
May  6 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16082]: pam_unix(cron:session): session closed for user p13x
May  6 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16150]: Successful su for rubyman by root
May  6 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16150]: + ??? root:rubyman
May  6 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337531 of user rubyman.
May  6 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16150]: pam_unix(su:session): session closed for user rubyman
May  6 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337531.
May  6 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13431]: pam_unix(cron:session): session closed for user root
May  6 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16083]: pam_unix(cron:session): session closed for user samftp
May  6 02:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Failed password for root from 45.152.112.15 port 52506 ssh2
May  6 02:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Connection closed by 45.152.112.15 port 52506 [preauth]
May  6 02:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15181]: pam_unix(cron:session): session closed for user root
May  6 02:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 02:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: Failed password for root from 180.252.231.212 port 44958 ssh2
May  6 02:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: Received disconnect from 180.252.231.212 port 44958:11: Bye Bye [preauth]
May  6 02:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16415]: Disconnected from 180.252.231.212 port 44958 [preauth]
May  6 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: Invalid user pi from 45.152.112.15
May  6 02:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: input_userauth_request: invalid user pi [preauth]
May  6 02:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: Failed password for invalid user pi from 45.152.112.15 port 51072 ssh2
May  6 02:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16384]: Connection closed by 45.152.112.15 port 51072 [preauth]
May  6 02:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session closed for user p13x
May  6 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16582]: Successful su for rubyman by root
May  6 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16582]: + ??? root:rubyman
May  6 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337534 of user rubyman.
May  6 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16582]: pam_unix(su:session): session closed for user rubyman
May  6 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337534.
May  6 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session closed for user root
May  6 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user samftp
May  6 02:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Invalid user hive from 45.152.112.15
May  6 02:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: input_userauth_request: invalid user hive [preauth]
May  6 02:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Failed password for invalid user hive from 45.152.112.15 port 54178 ssh2
May  6 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Invalid user git from 45.152.112.15
May  6 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: input_userauth_request: invalid user git [preauth]
May  6 02:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15657]: pam_unix(cron:session): session closed for user root
May  6 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16472]: Connection closed by 45.152.112.15 port 54178 [preauth]
May  6 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Failed password for invalid user git from 45.152.112.15 port 54190 ssh2
May  6 02:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Connection closed by 45.152.112.15 port 54190 [preauth]
May  6 02:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Invalid user wang from 45.152.112.15
May  6 02:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: input_userauth_request: invalid user wang [preauth]
May  6 02:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: Invalid user nginx from 45.152.112.15
May  6 02:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: input_userauth_request: invalid user nginx [preauth]
May  6 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16971]: pam_unix(cron:session): session closed for user p13x
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: Successful su for rubyman by root
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: + ??? root:rubyman
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337539 of user rubyman.
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17033]: pam_unix(su:session): session closed for user rubyman
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337539.
May  6 02:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Failed password for invalid user wang from 45.152.112.15 port 39564 ssh2
May  6 02:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14376]: pam_unix(cron:session): session closed for user root
May  6 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16972]: pam_unix(cron:session): session closed for user samftp
May  6 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: Failed password for invalid user nginx from 45.152.112.15 port 40560 ssh2
May  6 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16807]: Connection closed by 45.152.112.15 port 39564 [preauth]
May  6 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Invalid user mongo from 45.152.112.15
May  6 02:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: input_userauth_request: invalid user mongo [preauth]
May  6 02:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16816]: Connection closed by 45.152.112.15 port 40560 [preauth]
May  6 02:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Failed password for invalid user mongo from 45.152.112.15 port 60034 ssh2
May  6 02:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Connection closed by 45.152.112.15 port 60034 [preauth]
May  6 02:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: Invalid user user from 45.152.112.15
May  6 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: input_userauth_request: invalid user user [preauth]
May  6 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16087]: pam_unix(cron:session): session closed for user root
May  6 02:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: Failed password for invalid user user from 45.152.112.15 port 37268 ssh2
May  6 02:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Invalid user oracle from 45.152.112.15
May  6 02:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: input_userauth_request: invalid user oracle [preauth]
May  6 02:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: Connection closed by 45.152.112.15 port 37268 [preauth]
May  6 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Failed password for invalid user oracle from 45.152.112.15 port 51476 ssh2
May  6 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129  user=root
May  6 02:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Failed password for root from 104.248.3.129 port 43452 ssh2
May  6 02:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Received disconnect from 104.248.3.129 port 43452:11: Bye Bye [preauth]
May  6 02:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Disconnected from 104.248.3.129 port 43452 [preauth]
May  6 02:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17263]: Connection closed by 45.152.112.15 port 51476 [preauth]
May  6 02:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session closed for user p13x
May  6 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: Successful su for rubyman by root
May  6 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: + ??? root:rubyman
May  6 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337543 of user rubyman.
May  6 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17451]: pam_unix(su:session): session closed for user rubyman
May  6 02:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337543.
May  6 02:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14780]: pam_unix(cron:session): session closed for user root
May  6 02:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session closed for user samftp
May  6 02:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: Invalid user gpadmin from 45.152.112.15
May  6 02:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: input_userauth_request: invalid user gpadmin [preauth]
May  6 02:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: Failed password for invalid user gpadmin from 45.152.112.15 port 39986 ssh2
May  6 02:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17358]: Connection closed by 45.152.112.15 port 39986 [preauth]
May  6 02:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Failed password for root from 45.152.112.15 port 40366 ssh2
May  6 02:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17377]: Connection closed by 45.152.112.15 port 40366 [preauth]
May  6 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user root
May  6 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Invalid user esroot from 45.152.112.15
May  6 02:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: input_userauth_request: invalid user esroot [preauth]
May  6 02:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Failed password for invalid user esroot from 45.152.112.15 port 39342 ssh2
May  6 02:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17675]: Connection closed by 45.152.112.15 port 39342 [preauth]
May  6 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Invalid user gitlab from 45.152.112.15
May  6 02:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: input_userauth_request: invalid user gitlab [preauth]
May  6 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session closed for user root
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session closed for user p13x
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17987]: Successful su for rubyman by root
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17987]: + ??? root:rubyman
May  6 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337550 of user rubyman.
May  6 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17987]: pam_unix(su:session): session closed for user rubyman
May  6 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337550.
May  6 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Failed password for invalid user gitlab from 45.152.112.15 port 35648 ssh2
May  6 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session closed for user root
May  6 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15180]: pam_unix(cron:session): session closed for user root
May  6 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17756]: Connection closed by 45.152.112.15 port 35648 [preauth]
May  6 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session closed for user samftp
May  6 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Invalid user apache from 45.152.112.15
May  6 02:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: input_userauth_request: invalid user apache [preauth]
May  6 02:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Failed password for root from 218.92.0.179 port 24633 ssh2
May  6 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Failed password for root from 218.92.0.179 port 24633 ssh2
May  6 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Failed password for root from 218.92.0.179 port 24633 ssh2
May  6 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Received disconnect from 218.92.0.179 port 24633:11:  [preauth]
May  6 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Disconnected from 218.92.0.179 port 24633 [preauth]
May  6 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Failed password for invalid user apache from 45.152.112.15 port 36822 ssh2
May  6 02:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17900]: Connection closed by 45.152.112.15 port 36822 [preauth]
May  6 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16974]: pam_unix(cron:session): session closed for user root
May  6 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18196]: Failed password for root from 45.152.112.15 port 57134 ssh2
May  6 02:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18196]: Connection closed by 45.152.112.15 port 57134 [preauth]
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18369]: pam_unix(cron:session): session closed for user p13x
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: Successful su for rubyman by root
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: + ??? root:rubyman
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337552 of user rubyman.
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18446]: pam_unix(su:session): session closed for user rubyman
May  6 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337552.
May  6 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15656]: pam_unix(cron:session): session closed for user root
May  6 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: Failed password for root from 45.152.112.15 port 52560 ssh2
May  6 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session closed for user samftp
May  6 02:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18263]: Connection closed by 45.152.112.15 port 52560 [preauth]
May  6 02:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Invalid user user from 45.152.112.15
May  6 02:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: input_userauth_request: invalid user user [preauth]
May  6 02:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Failed password for invalid user user from 45.152.112.15 port 51682 ssh2
May  6 02:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18314]: Connection closed by 45.152.112.15 port 51682 [preauth]
May  6 02:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Invalid user lighthouse from 45.152.112.15
May  6 02:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: input_userauth_request: invalid user lighthouse [preauth]
May  6 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session closed for user root
May  6 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Failed password for invalid user lighthouse from 45.152.112.15 port 59426 ssh2
May  6 02:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Invalid user ubnt from 80.94.95.241
May  6 02:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: input_userauth_request: invalid user ubnt [preauth]
May  6 02:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Failed password for invalid user ubnt from 80.94.95.241 port 34420 ssh2
May  6 02:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Failed password for invalid user ubnt from 80.94.95.241 port 34420 ssh2
May  6 02:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18657]: Connection closed by 45.152.112.15 port 59426 [preauth]
May  6 02:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Failed password for invalid user ubnt from 80.94.95.241 port 34420 ssh2
May  6 02:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Failed password for invalid user ubnt from 80.94.95.241 port 34420 ssh2
May  6 02:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Failed password for invalid user ubnt from 80.94.95.241 port 34420 ssh2
May  6 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Received disconnect from 80.94.95.241 port 34420:11: Bye [preauth]
May  6 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: Disconnected from 80.94.95.241 port 34420 [preauth]
May  6 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18729]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 02:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Invalid user flask from 45.152.112.15
May  6 02:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: input_userauth_request: invalid user flask [preauth]
May  6 02:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18790]: pam_unix(cron:session): session closed for user root
May  6 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18793]: pam_unix(cron:session): session closed for user p13x
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for invalid user flask from 45.152.112.15 port 46738 ssh2
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: Successful su for rubyman by root
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: + ??? root:rubyman
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337556 of user rubyman.
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: pam_unix(su:session): session closed for user rubyman
May  6 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337556.
May  6 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16086]: pam_unix(cron:session): session closed for user root
May  6 02:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18794]: pam_unix(cron:session): session closed for user samftp
May  6 02:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Connection closed by 45.152.112.15 port 46738 [preauth]
May  6 02:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Invalid user user1 from 45.152.112.15
May  6 02:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: input_userauth_request: invalid user user1 [preauth]
May  6 02:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for invalid user user1 from 45.152.112.15 port 50982 ssh2
May  6 02:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Connection closed by 45.152.112.15 port 50982 [preauth]
May  6 02:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Invalid user admin2 from 180.252.231.212
May  6 02:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: input_userauth_request: invalid user admin2 [preauth]
May  6 02:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 02:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user root
May  6 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user admin2 from 180.252.231.212 port 33658 ssh2
May  6 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Received disconnect from 180.252.231.212 port 33658:11: Bye Bye [preauth]
May  6 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Disconnected from 180.252.231.212 port 33658 [preauth]
May  6 02:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: Invalid user hadoop from 45.152.112.15
May  6 02:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: input_userauth_request: invalid user hadoop [preauth]
May  6 02:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: Failed password for invalid user hadoop from 45.152.112.15 port 55594 ssh2
May  6 02:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19082]: Connection closed by 45.152.112.15 port 55594 [preauth]
May  6 02:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Invalid user oracle from 45.152.112.15
May  6 02:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: input_userauth_request: invalid user oracle [preauth]
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user p13x
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19280]: Successful su for rubyman by root
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19280]: + ??? root:rubyman
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337562 of user rubyman.
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19280]: pam_unix(su:session): session closed for user rubyman
May  6 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337562.
May  6 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Failed password for invalid user oracle from 45.152.112.15 port 53260 ssh2
May  6 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user root
May  6 02:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user samftp
May  6 02:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19152]: Connection closed by 45.152.112.15 port 53260 [preauth]
May  6 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: Invalid user test from 45.152.112.15
May  6 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: input_userauth_request: invalid user test [preauth]
May  6 02:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: Failed password for invalid user test from 45.152.112.15 port 60508 ssh2
May  6 02:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19192]: Connection closed by 45.152.112.15 port 60508 [preauth]
May  6 02:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18374]: pam_unix(cron:session): session closed for user root
May  6 02:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for root from 45.152.112.15 port 46112 ssh2
May  6 02:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Connection closed by 45.152.112.15 port 46112 [preauth]
May  6 02:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: Invalid user dmsadmin from 193.70.84.184
May  6 02:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: input_userauth_request: invalid user dmsadmin [preauth]
May  6 02:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 02:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: Failed password for invalid user dmsadmin from 193.70.84.184 port 42522 ssh2
May  6 02:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19595]: Connection closed by 193.70.84.184 port 42522 [preauth]
May  6 02:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129  user=root
May  6 02:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Failed password for root from 104.248.3.129 port 38754 ssh2
May  6 02:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Received disconnect from 104.248.3.129 port 38754:11: Bye Bye [preauth]
May  6 02:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Disconnected from 104.248.3.129 port 38754 [preauth]
May  6 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session closed for user p13x
May  6 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19705]: Successful su for rubyman by root
May  6 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19705]: + ??? root:rubyman
May  6 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337565 of user rubyman.
May  6 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19705]: pam_unix(su:session): session closed for user rubyman
May  6 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337565.
May  6 02:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16973]: pam_unix(cron:session): session closed for user root
May  6 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Invalid user developer from 45.152.112.15
May  6 02:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: input_userauth_request: invalid user developer [preauth]
May  6 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19635]: pam_unix(cron:session): session closed for user samftp
May  6 02:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Failed password for invalid user developer from 45.152.112.15 port 60058 ssh2
May  6 02:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19594]: Connection closed by 45.152.112.15 port 60058 [preauth]
May  6 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session closed for user root
May  6 02:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Failed password for root from 45.152.112.15 port 38224 ssh2
May  6 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: User mysql from 45.152.112.15 not allowed because not listed in AllowUsers
May  6 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: input_userauth_request: invalid user mysql [preauth]
May  6 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Connection closed by 45.152.112.15 port 38224 [preauth]
May  6 02:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19998]: Failed password for root from 218.92.0.207 port 16910 ssh2
May  6 02:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=mysql
May  6 02:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Failed password for invalid user mysql from 45.152.112.15 port 59158 ssh2
May  6 02:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19918]: Connection closed by 45.152.112.15 port 59158 [preauth]
May  6 02:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20061]: pam_unix(cron:session): session closed for user root
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session closed for user p13x
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19929]: Failed password for root from 45.152.112.15 port 59170 ssh2
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20127]: Successful su for rubyman by root
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20127]: + ??? root:rubyman
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337570 of user rubyman.
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20127]: pam_unix(su:session): session closed for user rubyman
May  6 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337570.
May  6 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user root
May  6 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session closed for user root
May  6 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session closed for user samftp
May  6 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19929]: Connection closed by 45.152.112.15 port 59170 [preauth]
May  6 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: Invalid user tom from 45.152.112.15
May  6 02:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: input_userauth_request: invalid user tom [preauth]
May  6 02:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: Failed password for invalid user tom from 45.152.112.15 port 46458 ssh2
May  6 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session closed for user root
May  6 02:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20042]: Connection closed by 45.152.112.15 port 46458 [preauth]
May  6 02:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20485]: pam_unix(cron:session): session closed for user p13x
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20556]: Successful su for rubyman by root
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20556]: + ??? root:rubyman
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337576 of user rubyman.
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20556]: pam_unix(su:session): session closed for user rubyman
May  6 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337576.
May  6 02:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session closed for user root
May  6 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: Failed password for root from 45.152.112.15 port 46890 ssh2
May  6 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20486]: pam_unix(cron:session): session closed for user samftp
May  6 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: Connection closed by 45.152.112.15 port 46890 [preauth]
May  6 02:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Invalid user oscar from 45.152.112.15
May  6 02:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: input_userauth_request: invalid user oscar [preauth]
May  6 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19638]: pam_unix(cron:session): session closed for user root
May  6 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Failed password for invalid user oscar from 45.152.112.15 port 37036 ssh2
May  6 02:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Connection closed by 45.152.112.15 port 37036 [preauth]
May  6 02:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Failed password for root from 45.152.112.15 port 42356 ssh2
May  6 02:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Connection closed by 45.152.112.15 port 42356 [preauth]
May  6 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20914]: pam_unix(cron:session): session closed for user p13x
May  6 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20975]: Successful su for rubyman by root
May  6 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20975]: + ??? root:rubyman
May  6 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337580 of user rubyman.
May  6 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20975]: pam_unix(su:session): session closed for user rubyman
May  6 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337580.
May  6 02:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session closed for user root
May  6 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20915]: pam_unix(cron:session): session closed for user samftp
May  6 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: Failed password for root from 218.92.0.179 port 45435 ssh2
May  6 02:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45435 ssh2]
May  6 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: Received disconnect from 218.92.0.179 port 45435:11:  [preauth]
May  6 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: Disconnected from 218.92.0.179 port 45435 [preauth]
May  6 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21136]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Failed password for root from 45.152.112.15 port 56458 ssh2
May  6 02:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21030]: Connection closed by 45.152.112.15 port 56458 [preauth]
May  6 02:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session closed for user root
May  6 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Invalid user user1 from 45.152.112.15
May  6 02:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: input_userauth_request: invalid user user1 [preauth]
May  6 02:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Failed password for invalid user user1 from 45.152.112.15 port 46562 ssh2
May  6 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Connection closed by 45.152.112.15 port 46562 [preauth]
May  6 02:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session closed for user p13x
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21415]: Successful su for rubyman by root
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21415]: + ??? root:rubyman
May  6 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337584 of user rubyman.
May  6 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21415]: pam_unix(su:session): session closed for user rubyman
May  6 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337584.
May  6 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session closed for user root
May  6 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session closed for user samftp
May  6 02:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Failed password for root from 45.152.112.15 port 54744 ssh2
May  6 02:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21328]: Connection closed by 45.152.112.15 port 54744 [preauth]
May  6 02:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: Invalid user flink from 45.152.112.15
May  6 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: input_userauth_request: invalid user flink [preauth]
May  6 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for root from 218.92.0.179 port 41144 ssh2
May  6 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20490]: pam_unix(cron:session): session closed for user root
May  6 02:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for root from 218.92.0.179 port 41144 ssh2
May  6 02:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: Failed password for invalid user flink from 45.152.112.15 port 50722 ssh2
May  6 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for root from 218.92.0.179 port 41144 ssh2
May  6 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Received disconnect from 218.92.0.179 port 41144:11:  [preauth]
May  6 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Disconnected from 218.92.0.179 port 41144 [preauth]
May  6 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Invalid user test3 from 180.252.231.212
May  6 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: input_userauth_request: invalid user test3 [preauth]
May  6 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 02:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21637]: Connection closed by 45.152.112.15 port 50722 [preauth]
May  6 02:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Failed password for invalid user test3 from 180.252.231.212 port 53434 ssh2
May  6 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Received disconnect from 180.252.231.212 port 53434:11: Bye Bye [preauth]
May  6 02:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Disconnected from 180.252.231.212 port 53434 [preauth]
May  6 02:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: Invalid user db2fenc1 from 104.248.3.129
May  6 02:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: input_userauth_request: invalid user db2fenc1 [preauth]
May  6 02:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: Failed password for invalid user db2fenc1 from 104.248.3.129 port 42966 ssh2
May  6 02:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: Received disconnect from 104.248.3.129 port 42966:11: Bye Bye [preauth]
May  6 02:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21851]: Disconnected from 104.248.3.129 port 42966 [preauth]
May  6 02:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Invalid user apache from 45.152.112.15
May  6 02:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: input_userauth_request: invalid user apache [preauth]
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user p13x
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: Successful su for rubyman by root
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: + ??? root:rubyman
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337587 of user rubyman.
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22146]: pam_unix(su:session): session closed for user rubyman
May  6 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337587.
May  6 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session closed for user root
May  6 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Failed password for invalid user apache from 45.152.112.15 port 40948 ssh2
May  6 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user samftp
May  6 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Connection closed by 45.152.112.15 port 40948 [preauth]
May  6 02:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: Failed password for root from 45.152.112.15 port 60142 ssh2
May  6 02:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22230]: Connection closed by 45.152.112.15 port 60142 [preauth]
May  6 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20917]: pam_unix(cron:session): session closed for user root
May  6 02:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Invalid user nginx from 45.152.112.15
May  6 02:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: input_userauth_request: invalid user nginx [preauth]
May  6 02:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Failed password for invalid user nginx from 45.152.112.15 port 34544 ssh2
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user root
May  6 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22554]: pam_unix(cron:session): session closed for user p13x
May  6 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22625]: Successful su for rubyman by root
May  6 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22625]: + ??? root:rubyman
May  6 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337592 of user rubyman.
May  6 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22625]: pam_unix(su:session): session closed for user rubyman
May  6 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337592.
May  6 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22556]: pam_unix(cron:session): session closed for user root
May  6 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19637]: pam_unix(cron:session): session closed for user root
May  6 02:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22555]: pam_unix(cron:session): session closed for user samftp
May  6 02:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Connection closed by 45.152.112.15 port 34544 [preauth]
May  6 02:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Invalid user esuser from 45.152.112.15
May  6 02:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: input_userauth_request: invalid user esuser [preauth]
May  6 02:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Failed password for invalid user esuser from 45.152.112.15 port 52164 ssh2
May  6 02:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22545]: Connection closed by 45.152.112.15 port 52164 [preauth]
May  6 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21360]: pam_unix(cron:session): session closed for user root
May  6 02:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23046]: pam_unix(cron:session): session closed for user p13x
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23116]: Successful su for rubyman by root
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23116]: + ??? root:rubyman
May  6 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337597 of user rubyman.
May  6 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23116]: pam_unix(su:session): session closed for user rubyman
May  6 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337597.
May  6 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session closed for user root
May  6 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23047]: pam_unix(cron:session): session closed for user samftp
May  6 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23035]: Failed password for root from 45.152.112.15 port 42510 ssh2
May  6 02:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23035]: Connection closed by 45.152.112.15 port 42510 [preauth]
May  6 02:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22078]: pam_unix(cron:session): session closed for user root
May  6 02:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: Invalid user git from 45.152.112.15
May  6 02:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: input_userauth_request: invalid user git [preauth]
May  6 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: Failed password for invalid user git from 45.152.112.15 port 49840 ssh2
May  6 02:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23464]: Connection closed by 45.152.112.15 port 49840 [preauth]
May  6 02:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session closed for user p13x
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: Successful su for rubyman by root
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: + ??? root:rubyman
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337602 of user rubyman.
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: pam_unix(su:session): session closed for user rubyman
May  6 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337602.
May  6 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Invalid user postgres from 45.152.112.15
May  6 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: input_userauth_request: invalid user postgres [preauth]
May  6 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20489]: pam_unix(cron:session): session closed for user root
May  6 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session closed for user samftp
May  6 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Failed password for invalid user postgres from 45.152.112.15 port 38850 ssh2
May  6 02:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Connection closed by 45.152.112.15 port 38850 [preauth]
May  6 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Connection closed by 206.168.34.115 port 52770 [preauth]
May  6 02:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Invalid user svnuser from 45.152.112.15
May  6 02:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: input_userauth_request: invalid user svnuser [preauth]
May  6 02:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Failed password for invalid user svnuser from 45.152.112.15 port 59464 ssh2
May  6 02:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Connection closed by 45.152.112.15 port 59464 [preauth]
May  6 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session closed for user root
May  6 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Invalid user dolphinscheduler from 45.152.112.15
May  6 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 02:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Failed password for invalid user dolphinscheduler from 45.152.112.15 port 47316 ssh2
May  6 02:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23967]: Connection closed by 45.152.112.15 port 47316 [preauth]
May  6 02:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24090]: pam_unix(cron:session): session closed for user p13x
May  6 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24151]: Successful su for rubyman by root
May  6 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24151]: + ??? root:rubyman
May  6 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24151]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337607 of user rubyman.
May  6 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24151]: pam_unix(su:session): session closed for user rubyman
May  6 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337607.
May  6 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20916]: pam_unix(cron:session): session closed for user root
May  6 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Failed password for root from 45.152.112.15 port 44570 ssh2
May  6 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24091]: pam_unix(cron:session): session closed for user samftp
May  6 02:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Connection closed by 45.152.112.15 port 44570 [preauth]
May  6 02:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Invalid user plexserver from 45.152.112.15
May  6 02:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: input_userauth_request: invalid user plexserver [preauth]
May  6 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for invalid user plexserver from 45.152.112.15 port 40780 ssh2
May  6 02:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Connection closed by 45.152.112.15 port 40780 [preauth]
May  6 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Invalid user conda from 104.248.3.129
May  6 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: input_userauth_request: invalid user conda [preauth]
May  6 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Invalid user sonar from 45.152.112.15
May  6 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: input_userauth_request: invalid user sonar [preauth]
May  6 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23050]: pam_unix(cron:session): session closed for user root
May  6 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Failed password for invalid user conda from 104.248.3.129 port 35456 ssh2
May  6 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Received disconnect from 104.248.3.129 port 35456:11: Bye Bye [preauth]
May  6 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24446]: Disconnected from 104.248.3.129 port 35456 [preauth]
May  6 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Failed password for invalid user sonar from 45.152.112.15 port 43956 ssh2
May  6 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24411]: Connection closed by 45.152.112.15 port 43956 [preauth]
May  6 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: Invalid user app from 45.152.112.15
May  6 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: input_userauth_request: invalid user app [preauth]
May  6 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Invalid user adm from 80.94.95.125
May  6 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: input_userauth_request: invalid user adm [preauth]
May  6 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 02:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Failed password for invalid user adm from 80.94.95.125 port 57463 ssh2
May  6 02:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Failed password for invalid user adm from 80.94.95.125 port 57463 ssh2
May  6 02:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24539]: pam_unix(cron:session): session closed for user p13x
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: Successful su for rubyman by root
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: + ??? root:rubyman
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337610 of user rubyman.
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24607]: pam_unix(su:session): session closed for user rubyman
May  6 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337610.
May  6 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Failed password for invalid user adm from 80.94.95.125 port 57463 ssh2
May  6 02:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session closed for user root
May  6 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: Failed password for invalid user app from 45.152.112.15 port 48378 ssh2
May  6 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Failed password for invalid user adm from 80.94.95.125 port 57463 ssh2
May  6 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24540]: pam_unix(cron:session): session closed for user samftp
May  6 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  6 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Failed password for invalid user adm from 80.94.95.125 port 57463 ssh2
May  6 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Received disconnect from 80.94.95.125 port 57463:11: Bye [preauth]
May  6 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Disconnected from 80.94.95.125 port 57463 [preauth]
May  6 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 02:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 02:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Failed password for root from 190.103.202.7 port 50582 ssh2
May  6 02:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Connection closed by 190.103.202.7 port 50582 [preauth]
May  6 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Invalid user tools from 45.152.112.15
May  6 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: input_userauth_request: invalid user tools [preauth]
May  6 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24448]: Connection closed by 45.152.112.15 port 48378 [preauth]
May  6 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Failed password for invalid user tools from 45.152.112.15 port 43022 ssh2
May  6 02:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Connection closed by 45.152.112.15 port 43022 [preauth]
May  6 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Invalid user lighthouse from 45.152.112.15
May  6 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: input_userauth_request: invalid user lighthouse [preauth]
May  6 02:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Failed password for invalid user lighthouse from 45.152.112.15 port 58752 ssh2
May  6 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23567]: pam_unix(cron:session): session closed for user root
May  6 02:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Connection closed by 45.152.112.15 port 58752 [preauth]
May  6 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: User mysql from 45.152.112.15 not allowed because not listed in AllowUsers
May  6 02:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: input_userauth_request: invalid user mysql [preauth]
May  6 02:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=mysql
May  6 02:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Failed password for invalid user mysql from 45.152.112.15 port 43686 ssh2
May  6 02:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: Failed password for root from 180.252.231.212 port 42504 ssh2
May  6 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: Received disconnect from 180.252.231.212 port 42504:11: Bye Bye [preauth]
May  6 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24915]: Disconnected from 180.252.231.212 port 42504 [preauth]
May  6 02:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24863]: Connection closed by 45.152.112.15 port 43686 [preauth]
May  6 02:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Invalid user zabbix from 101.126.55.179
May  6 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: input_userauth_request: invalid user zabbix [preauth]
May  6 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.126.55.179
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24972]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24976]: pam_unix(cron:session): session closed for user root
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24971]: pam_unix(cron:session): session closed for user p13x
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25047]: Successful su for rubyman by root
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25047]: + ??? root:rubyman
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337618 of user rubyman.
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25047]: pam_unix(su:session): session closed for user rubyman
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337618.
May  6 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Failed password for root from 45.152.112.15 port 45616 ssh2
May  6 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Failed password for invalid user zabbix from 101.126.55.179 port 32772 ssh2
May  6 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Received disconnect from 101.126.55.179 port 32772:11: Bye Bye [preauth]
May  6 02:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Disconnected from 101.126.55.179 port 32772 [preauth]
May  6 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24973]: pam_unix(cron:session): session closed for user root
May  6 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
May  6 02:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24933]: Connection closed by 45.152.112.15 port 45616 [preauth]
May  6 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24972]: pam_unix(cron:session): session closed for user samftp
May  6 02:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Invalid user gpadmin from 45.152.112.15
May  6 02:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: input_userauth_request: invalid user gpadmin [preauth]
May  6 02:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Failed password for invalid user gpadmin from 45.152.112.15 port 37958 ssh2
May  6 02:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Connection closed by 45.152.112.15 port 37958 [preauth]
May  6 02:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Failed password for root from 218.92.0.179 port 11399 ssh2
May  6 02:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Failed password for root from 218.92.0.179 port 11399 ssh2
May  6 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24093]: pam_unix(cron:session): session closed for user root
May  6 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Failed password for root from 218.92.0.179 port 11399 ssh2
May  6 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Received disconnect from 218.92.0.179 port 11399:11:  [preauth]
May  6 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: Disconnected from 218.92.0.179 port 11399 [preauth]
May  6 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25321]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: Invalid user oracle from 45.152.112.15
May  6 02:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: input_userauth_request: invalid user oracle [preauth]
May  6 02:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: Failed password for invalid user oracle from 45.152.112.15 port 52142 ssh2
May  6 02:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25265]: Connection closed by 45.152.112.15 port 52142 [preauth]
May  6 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session closed for user p13x
May  6 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: Successful su for rubyman by root
May  6 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: + ??? root:rubyman
May  6 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337620 of user rubyman.
May  6 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25493]: pam_unix(su:session): session closed for user rubyman
May  6 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337620.
May  6 02:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session closed for user root
May  6 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session closed for user samftp
May  6 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: Failed password for root from 45.152.112.15 port 40472 ssh2
May  6 02:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25331]: Connection closed by 45.152.112.15 port 40472 [preauth]
May  6 02:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: Invalid user admin from 139.19.117.131
May  6 02:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: input_userauth_request: invalid user admin [preauth]
May  6 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Invalid user www from 45.152.112.15
May  6 02:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: input_userauth_request: invalid user www [preauth]
May  6 02:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Failed password for invalid user www from 45.152.112.15 port 43936 ssh2
May  6 02:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25781]: Connection closed by 139.19.117.131 port 33178 [preauth]
May  6 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session closed for user root
May  6 02:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Connection closed by 45.152.112.15 port 43936 [preauth]
May  6 02:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Connection closed by 46.244.96.25 port 43116 [preauth]
May  6 02:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  6 02:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Failed password for root from 45.152.112.15 port 44904 ssh2
May  6 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Failed password for root from 46.244.96.25 port 33826 ssh2
May  6 02:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Connection closed by 46.244.96.25 port 33826 [preauth]
May  6 02:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Connection closed by 45.152.112.15 port 44904 [preauth]
May  6 02:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Invalid user cdr from 164.68.105.9
May  6 02:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: input_userauth_request: invalid user cdr [preauth]
May  6 02:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 02:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Failed password for invalid user cdr from 164.68.105.9 port 52992 ssh2
May  6 02:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25892]: Connection closed by 164.68.105.9 port 52992 [preauth]
May  6 02:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: Invalid user oscar from 45.152.112.15
May  6 02:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: input_userauth_request: invalid user oscar [preauth]
May  6 02:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: Failed password for invalid user oscar from 45.152.112.15 port 58680 ssh2
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25935]: pam_unix(cron:session): session closed for user p13x
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25868]: Connection closed by 45.152.112.15 port 58680 [preauth]
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: Successful su for rubyman by root
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: + ??? root:rubyman
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337623 of user rubyman.
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26002]: pam_unix(su:session): session closed for user rubyman
May  6 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337623.
May  6 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23049]: pam_unix(cron:session): session closed for user root
May  6 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25936]: pam_unix(cron:session): session closed for user samftp
May  6 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: Invalid user test from 45.152.112.15
May  6 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: input_userauth_request: invalid user test [preauth]
May  6 02:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: Failed password for invalid user test from 45.152.112.15 port 55552 ssh2
May  6 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25921]: Connection closed by 45.152.112.15 port 55552 [preauth]
May  6 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Invalid user admin from 45.152.112.15
May  6 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: input_userauth_request: invalid user admin [preauth]
May  6 02:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24975]: pam_unix(cron:session): session closed for user root
May  6 02:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Failed password for invalid user admin from 45.152.112.15 port 38734 ssh2
May  6 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26189]: Connection closed by 45.152.112.15 port 38734 [preauth]
May  6 02:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Failed password for root from 45.152.112.15 port 33654 ssh2
May  6 02:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Invalid user app from 45.152.112.15
May  6 02:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: input_userauth_request: invalid user app [preauth]
May  6 02:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26252]: Connection closed by 45.152.112.15 port 33654 [preauth]
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session closed for user p13x
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: Successful su for rubyman by root
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: + ??? root:rubyman
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337630 of user rubyman.
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26402]: pam_unix(su:session): session closed for user rubyman
May  6 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337630.
May  6 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session closed for user root
May  6 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session closed for user samftp
May  6 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Failed password for invalid user app from 45.152.112.15 port 53394 ssh2
May  6 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26290]: Connection closed by 45.152.112.15 port 53394 [preauth]
May  6 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Invalid user admin from 104.248.3.129
May  6 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: input_userauth_request: invalid user admin [preauth]
May  6 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Failed password for invalid user admin from 104.248.3.129 port 39082 ssh2
May  6 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Received disconnect from 104.248.3.129 port 39082:11: Bye Bye [preauth]
May  6 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26735]: Disconnected from 104.248.3.129 port 39082 [preauth]
May  6 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Invalid user elastic from 45.152.112.15
May  6 02:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: input_userauth_request: invalid user elastic [preauth]
May  6 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session closed for user root
May  6 02:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Failed password for invalid user elastic from 45.152.112.15 port 52792 ssh2
May  6 02:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Connection closed by 45.152.112.15 port 52792 [preauth]
May  6 02:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: Failed password for root from 45.152.112.15 port 52802 ssh2
May  6 02:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26703]: Connection closed by 45.152.112.15 port 52802 [preauth]
May  6 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26839]: pam_unix(cron:session): session closed for user p13x
May  6 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26904]: Successful su for rubyman by root
May  6 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26904]: + ??? root:rubyman
May  6 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337632 of user rubyman.
May  6 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26904]: pam_unix(su:session): session closed for user rubyman
May  6 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337632.
May  6 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24092]: pam_unix(cron:session): session closed for user root
May  6 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session closed for user samftp
May  6 02:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Invalid user guest from 45.152.112.15
May  6 02:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: input_userauth_request: invalid user guest [preauth]
May  6 02:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Failed password for invalid user guest from 45.152.112.15 port 56776 ssh2
May  6 02:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Connection closed by 45.152.112.15 port 56776 [preauth]
May  6 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Failed password for root from 45.152.112.15 port 34444 ssh2
May  6 02:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26817]: Connection closed by 45.152.112.15 port 34444 [preauth]
May  6 02:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Invalid user sonar from 45.152.112.15
May  6 02:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: input_userauth_request: invalid user sonar [preauth]
May  6 02:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session closed for user root
May  6 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Failed password for invalid user sonar from 45.152.112.15 port 36662 ssh2
May  6 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27193]: Connection closed by 45.152.112.15 port 36662 [preauth]
May  6 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: Invalid user jumpserver from 45.152.112.15
May  6 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: input_userauth_request: invalid user jumpserver [preauth]
May  6 02:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: Failed password for invalid user jumpserver from 45.152.112.15 port 47584 ssh2
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session closed for user root
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session closed for user p13x
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27429]: Successful su for rubyman by root
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27429]: + ??? root:rubyman
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337636 of user rubyman.
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27429]: pam_unix(su:session): session closed for user rubyman
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337636.
May  6 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27267]: Connection closed by 45.152.112.15 port 47584 [preauth]
May  6 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27332]: pam_unix(cron:session): session closed for user root
May  6 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session closed for user root
May  6 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session closed for user samftp
May  6 02:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Invalid user tom from 45.152.112.15
May  6 02:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: input_userauth_request: invalid user tom [preauth]
May  6 02:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Failed password for invalid user tom from 45.152.112.15 port 36008 ssh2
May  6 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Invalid user zhf from 14.103.127.80
May  6 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: input_userauth_request: invalid user zhf [preauth]
May  6 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 02:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Failed password for invalid user zhf from 14.103.127.80 port 53506 ssh2
May  6 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Received disconnect from 14.103.127.80 port 53506:11: Bye Bye [preauth]
May  6 02:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27726]: Disconnected from 14.103.127.80 port 53506 [preauth]
May  6 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session closed for user root
May  6 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Connection closed by 45.152.112.15 port 36008 [preauth]
May  6 02:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Invalid user hduser from 180.252.231.212
May  6 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: input_userauth_request: invalid user hduser [preauth]
May  6 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Failed password for invalid user hduser from 180.252.231.212 port 56600 ssh2
May  6 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: Failed password for root from 45.152.112.15 port 46842 ssh2
May  6 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Received disconnect from 180.252.231.212 port 56600:11: Bye Bye [preauth]
May  6 02:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27807]: Disconnected from 180.252.231.212 port 56600 [preauth]
May  6 02:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Invalid user git from 45.152.112.15
May  6 02:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: input_userauth_request: invalid user git [preauth]
May  6 02:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27655]: Connection closed by 45.152.112.15 port 46842 [preauth]
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27830]: pam_unix(cron:session): session closed for user p13x
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: Successful su for rubyman by root
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: + ??? root:rubyman
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337643 of user rubyman.
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session closed for user rubyman
May  6 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337643.
May  6 02:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24974]: pam_unix(cron:session): session closed for user root
May  6 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27832]: pam_unix(cron:session): session closed for user samftp
May  6 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Failed password for invalid user git from 45.152.112.15 port 37806 ssh2
May  6 02:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Connection closed by 45.152.112.15 port 37806 [preauth]
May  6 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Invalid user ranger from 45.152.112.15
May  6 02:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: input_userauth_request: invalid user ranger [preauth]
May  6 02:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Failed password for invalid user ranger from 45.152.112.15 port 34082 ssh2
May  6 02:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Connection closed by 45.152.112.15 port 34082 [preauth]
May  6 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session closed for user root
May  6 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Failed password for root from 45.152.112.15 port 56322 ssh2
May  6 02:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28112]: Connection closed by 45.152.112.15 port 56322 [preauth]
May  6 02:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Invalid user appuser from 45.152.112.15
May  6 02:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: input_userauth_request: invalid user appuser [preauth]
May  6 02:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Failed password for invalid user appuser from 45.152.112.15 port 42620 ssh2
May  6 02:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28185]: Connection closed by 45.152.112.15 port 42620 [preauth]
May  6 02:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28258]: pam_unix(cron:session): session closed for user p13x
May  6 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28316]: Successful su for rubyman by root
May  6 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28316]: + ??? root:rubyman
May  6 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337647 of user rubyman.
May  6 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28316]: pam_unix(su:session): session closed for user rubyman
May  6 02:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337647.
May  6 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session closed for user root
May  6 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session closed for user samftp
May  6 02:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: Invalid user tom from 45.152.112.15
May  6 02:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: input_userauth_request: invalid user tom [preauth]
May  6 02:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: Failed password for invalid user tom from 45.152.112.15 port 40624 ssh2
May  6 02:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28236]: Connection closed by 45.152.112.15 port 40624 [preauth]
May  6 02:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Failed password for root from 45.152.112.15 port 55602 ssh2
May  6 02:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28246]: Connection closed by 45.152.112.15 port 55602 [preauth]
May  6 02:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session closed for user root
May  6 02:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: Invalid user ubuntu from 45.152.112.15
May  6 02:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: input_userauth_request: invalid user ubuntu [preauth]
May  6 02:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: Failed password for invalid user ubuntu from 45.152.112.15 port 44804 ssh2
May  6 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28550]: Connection closed by 45.152.112.15 port 44804 [preauth]
May  6 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: Invalid user elsearch from 45.152.112.15
May  6 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: input_userauth_request: invalid user elsearch [preauth]
May  6 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28663]: pam_unix(cron:session): session closed for user p13x
May  6 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28722]: Successful su for rubyman by root
May  6 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28722]: + ??? root:rubyman
May  6 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337649 of user rubyman.
May  6 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28722]: pam_unix(su:session): session closed for user rubyman
May  6 02:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337649.
May  6 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user root
May  6 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: Failed password for invalid user elsearch from 45.152.112.15 port 51404 ssh2
May  6 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28664]: pam_unix(cron:session): session closed for user samftp
May  6 02:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: Connection closed by 45.152.112.15 port 51404 [preauth]
May  6 02:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Invalid user admin from 80.94.95.112
May  6 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: input_userauth_request: invalid user admin [preauth]
May  6 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 02:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user admin from 80.94.95.112 port 14656 ssh2
May  6 02:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user admin from 80.94.95.112 port 14656 ssh2
May  6 02:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: Invalid user star from 104.248.3.129
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: input_userauth_request: invalid user star [preauth]
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user admin from 80.94.95.112 port 14656 ssh2
May  6 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: Failed password for invalid user star from 104.248.3.129 port 51672 ssh2
May  6 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: Received disconnect from 104.248.3.129 port 51672:11: Bye Bye [preauth]
May  6 02:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28961]: Disconnected from 104.248.3.129 port 51672 [preauth]
May  6 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user admin from 80.94.95.112 port 14656 ssh2
May  6 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Invalid user nginx from 45.152.112.15
May  6 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: input_userauth_request: invalid user nginx [preauth]
May  6 02:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user admin from 80.94.95.112 port 14656 ssh2
May  6 02:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Received disconnect from 80.94.95.112 port 14656:11: Bye [preauth]
May  6 02:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Disconnected from 80.94.95.112 port 14656 [preauth]
May  6 02:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 02:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 02:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27834]: pam_unix(cron:session): session closed for user root
May  6 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Failed password for invalid user nginx from 45.152.112.15 port 39308 ssh2
May  6 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Invalid user rancher from 45.152.112.15
May  6 02:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: input_userauth_request: invalid user rancher [preauth]
May  6 02:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Connection closed by 45.152.112.15 port 39308 [preauth]
May  6 02:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Failed password for invalid user rancher from 45.152.112.15 port 44290 ssh2
May  6 02:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28938]: Connection closed by 45.152.112.15 port 44290 [preauth]
May  6 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Failed password for root from 45.152.112.15 port 34962 ssh2
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29169]: pam_unix(cron:session): session closed for user p13x
May  6 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: Successful su for rubyman by root
May  6 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: + ??? root:rubyman
May  6 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337655 of user rubyman.
May  6 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29299]: pam_unix(su:session): session closed for user rubyman
May  6 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337655.
May  6 02:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session closed for user root
May  6 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session closed for user root
May  6 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Connection closed by 45.152.112.15 port 34962 [preauth]
May  6 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session closed for user samftp
May  6 02:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Invalid user rancher from 45.152.112.15
May  6 02:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: input_userauth_request: invalid user rancher [preauth]
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Invalid user nib from 96.92.63.243
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: input_userauth_request: invalid user nib [preauth]
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Failed password for invalid user nib from 96.92.63.243 port 42148 ssh2
May  6 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Failed password for invalid user rancher from 45.152.112.15 port 35478 ssh2
May  6 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Received disconnect from 96.92.63.243 port 42148:11: Bye Bye [preauth]
May  6 02:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29555]: Disconnected from 96.92.63.243 port 42148 [preauth]
May  6 02:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29154]: Connection closed by 45.152.112.15 port 35478 [preauth]
May  6 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28261]: pam_unix(cron:session): session closed for user root
May  6 02:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Invalid user es from 45.152.112.15
May  6 02:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: input_userauth_request: invalid user es [preauth]
May  6 02:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Failed password for invalid user es from 45.152.112.15 port 44854 ssh2
May  6 02:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Connection closed by 45.152.112.15 port 44854 [preauth]
May  6 02:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for root from 45.152.112.15 port 57058 ssh2
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29687]: pam_unix(cron:session): session closed for user root
May  6 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29682]: pam_unix(cron:session): session closed for user p13x
May  6 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: Successful su for rubyman by root
May  6 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: + ??? root:rubyman
May  6 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337660 of user rubyman.
May  6 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29761]: pam_unix(su:session): session closed for user rubyman
May  6 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337660.
May  6 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29684]: pam_unix(cron:session): session closed for user root
May  6 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Connection closed by 45.152.112.15 port 57058 [preauth]
May  6 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session closed for user root
May  6 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Invalid user user from 45.152.112.15
May  6 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: input_userauth_request: invalid user user [preauth]
May  6 02:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29683]: pam_unix(cron:session): session closed for user samftp
May  6 02:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Failed password for invalid user user from 45.152.112.15 port 48682 ssh2
May  6 02:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29629]: Connection closed by 45.152.112.15 port 48682 [preauth]
May  6 02:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Failed password for root from 45.152.112.15 port 39274 ssh2
May  6 02:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29669]: Connection closed by 45.152.112.15 port 39274 [preauth]
May  6 02:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28666]: pam_unix(cron:session): session closed for user root
May  6 02:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Invalid user uftp from 45.152.112.15
May  6 02:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: input_userauth_request: invalid user uftp [preauth]
May  6 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for invalid user uftp from 45.152.112.15 port 40064 ssh2
May  6 02:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Connection closed by 45.152.112.15 port 40064 [preauth]
May  6 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30129]: pam_unix(cron:session): session closed for user p13x
May  6 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: Successful su for rubyman by root
May  6 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: + ??? root:rubyman
May  6 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337664 of user rubyman.
May  6 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30197]: pam_unix(su:session): session closed for user rubyman
May  6 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337664.
May  6 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Invalid user data from 45.152.112.15
May  6 02:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: input_userauth_request: invalid user data [preauth]
May  6 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session closed for user root
May  6 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30131]: pam_unix(cron:session): session closed for user samftp
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Invalid user steam from 122.211.138.55
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: input_userauth_request: invalid user steam [preauth]
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.211.138.55
May  6 02:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for invalid user data from 45.152.112.15 port 52328 ssh2
May  6 02:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Failed password for invalid user steam from 122.211.138.55 port 54646 ssh2
May  6 02:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Received disconnect from 122.211.138.55 port 54646:11: Bye Bye [preauth]
May  6 02:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30379]: Disconnected from 122.211.138.55 port 54646 [preauth]
May  6 02:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 45.152.112.15 port 52328 [preauth]
May  6 02:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Invalid user bigdata from 45.152.112.15
May  6 02:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: input_userauth_request: invalid user bigdata [preauth]
May  6 02:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session closed for user root
May  6 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Failed password for invalid user bigdata from 45.152.112.15 port 45800 ssh2
May  6 02:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Connection closed by 45.152.112.15 port 45800 [preauth]
May  6 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Invalid user oracle from 45.152.112.15
May  6 02:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: input_userauth_request: invalid user oracle [preauth]
May  6 02:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Failed password for invalid user oracle from 45.152.112.15 port 36792 ssh2
May  6 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Invalid user dell from 180.252.231.212
May  6 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: input_userauth_request: invalid user dell [preauth]
May  6 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Failed password for invalid user dell from 180.252.231.212 port 48474 ssh2
May  6 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Received disconnect from 180.252.231.212 port 48474:11: Bye Bye [preauth]
May  6 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Disconnected from 180.252.231.212 port 48474 [preauth]
May  6 02:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Connection closed by 45.152.112.15 port 36792 [preauth]
May  6 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session closed for user p13x
May  6 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: Successful su for rubyman by root
May  6 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: + ??? root:rubyman
May  6 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337668 of user rubyman.
May  6 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30595]: pam_unix(su:session): session closed for user rubyman
May  6 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337668.
May  6 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27833]: pam_unix(cron:session): session closed for user root
May  6 02:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session closed for user samftp
May  6 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Invalid user plex from 45.152.112.15
May  6 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: input_userauth_request: invalid user plex [preauth]
May  6 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Failed password for invalid user plex from 45.152.112.15 port 55992 ssh2
May  6 02:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30515]: Connection closed by 45.152.112.15 port 55992 [preauth]
May  6 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Invalid user steam from 45.152.112.15
May  6 02:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: input_userauth_request: invalid user steam [preauth]
May  6 02:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Failed password for invalid user steam from 45.152.112.15 port 42304 ssh2
May  6 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29686]: pam_unix(cron:session): session closed for user root
May  6 02:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Connection closed by 45.152.112.15 port 42304 [preauth]
May  6 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Invalid user esuser from 45.152.112.15
May  6 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: input_userauth_request: invalid user esuser [preauth]
May  6 02:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Failed password for invalid user esuser from 45.152.112.15 port 46030 ssh2
May  6 02:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30861]: Connection closed by 45.152.112.15 port 46030 [preauth]
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30992]: pam_unix(cron:session): session closed for user p13x
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: Successful su for rubyman by root
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: + ??? root:rubyman
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337674 of user rubyman.
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31094]: pam_unix(su:session): session closed for user rubyman
May  6 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337674.
May  6 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session closed for user root
May  6 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30997]: pam_unix(cron:session): session closed for user samftp
May  6 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: Invalid user observer from 45.152.112.15
May  6 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: input_userauth_request: invalid user observer [preauth]
May  6 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: Failed password for invalid user observer from 45.152.112.15 port 56790 ssh2
May  6 02:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30939]: Connection closed by 45.152.112.15 port 56790 [preauth]
May  6 02:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129  user=root
May  6 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Failed password for root from 104.248.3.129 port 53806 ssh2
May  6 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Received disconnect from 104.248.3.129 port 53806:11: Bye Bye [preauth]
May  6 02:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Disconnected from 104.248.3.129 port 53806 [preauth]
May  6 02:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Invalid user docker from 45.152.112.15
May  6 02:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: input_userauth_request: invalid user docker [preauth]
May  6 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30133]: pam_unix(cron:session): session closed for user root
May  6 02:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Failed password for invalid user docker from 45.152.112.15 port 53108 ssh2
May  6 02:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31297]: Connection closed by 45.152.112.15 port 53108 [preauth]
May  6 02:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Invalid user user from 45.152.112.15
May  6 02:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: input_userauth_request: invalid user user [preauth]
May  6 02:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for invalid user user from 45.152.112.15 port 42690 ssh2
May  6 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Connection closed by 45.152.112.15 port 42690 [preauth]
May  6 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31451]: pam_unix(cron:session): session closed for user p13x
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: Successful su for rubyman by root
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: + ??? root:rubyman
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337676 of user rubyman.
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31518]: pam_unix(su:session): session closed for user rubyman
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337676.
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Invalid user elastic from 45.152.112.15
May  6 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: input_userauth_request: invalid user elastic [preauth]
May  6 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28665]: pam_unix(cron:session): session closed for user root
May  6 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31452]: pam_unix(cron:session): session closed for user samftp
May  6 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for invalid user elastic from 45.152.112.15 port 35972 ssh2
May  6 02:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Connection closed by 45.152.112.15 port 35972 [preauth]
May  6 02:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Invalid user oracle from 45.152.112.15
May  6 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: input_userauth_request: invalid user oracle [preauth]
May  6 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30540]: pam_unix(cron:session): session closed for user root
May  6 02:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Failed password for invalid user oracle from 45.152.112.15 port 33192 ssh2
May  6 02:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Invalid user postgres from 45.152.112.15
May  6 02:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: input_userauth_request: invalid user postgres [preauth]
May  6 02:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31731]: Connection closed by 45.152.112.15 port 33192 [preauth]
May  6 02:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Failed password for invalid user postgres from 45.152.112.15 port 56664 ssh2
May  6 02:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Connection closed by 45.152.112.15 port 56664 [preauth]
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session closed for user root
May  6 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31896]: pam_unix(cron:session): session closed for user p13x
May  6 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32059]: Successful su for rubyman by root
May  6 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32059]: + ??? root:rubyman
May  6 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337683 of user rubyman.
May  6 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32059]: pam_unix(su:session): session closed for user rubyman
May  6 02:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337683.
May  6 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31898]: pam_unix(cron:session): session closed for user root
May  6 02:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session closed for user root
May  6 02:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Invalid user ts from 45.152.112.15
May  6 02:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: input_userauth_request: invalid user ts [preauth]
May  6 02:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31897]: pam_unix(cron:session): session closed for user samftp
May  6 02:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Failed password for invalid user ts from 45.152.112.15 port 60022 ssh2
May  6 02:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31855]: Connection closed by 45.152.112.15 port 60022 [preauth]
May  6 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31001]: pam_unix(cron:session): session closed for user root
May  6 02:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Failed password for root from 45.152.112.15 port 37186 ssh2
May  6 02:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32485]: Connection closed by 45.152.112.15 port 37186 [preauth]
May  6 02:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Invalid user ftpuser from 45.152.112.15
May  6 02:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: input_userauth_request: invalid user ftpuser [preauth]
May  6 02:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Failed password for invalid user ftpuser from 45.152.112.15 port 54016 ssh2
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user p13x
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: Successful su for rubyman by root
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: + ??? root:rubyman
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337688 of user rubyman.
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: pam_unix(su:session): session closed for user rubyman
May  6 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337688.
May  6 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32623]: Connection closed by 45.152.112.15 port 54016 [preauth]
May  6 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29685]: pam_unix(cron:session): session closed for user root
May  6 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user samftp
May  6 02:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: Invalid user test from 45.152.112.15
May  6 02:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: input_userauth_request: invalid user test [preauth]
May  6 02:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: Failed password for invalid user test from 45.152.112.15 port 41286 ssh2
May  6 02:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: Connection closed by 45.152.112.15 port 41286 [preauth]
May  6 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Invalid user gitlab from 45.152.112.15
May  6 02:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: input_userauth_request: invalid user gitlab [preauth]
May  6 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31454]: pam_unix(cron:session): session closed for user root
May  6 02:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Failed password for invalid user gitlab from 45.152.112.15 port 57722 ssh2
May  6 02:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Connection closed by 45.152.112.15 port 57722 [preauth]
May  6 02:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: Invalid user guest from 45.152.112.15
May  6 02:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: input_userauth_request: invalid user guest [preauth]
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session closed for user p13x
May  6 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: Successful su for rubyman by root
May  6 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: + ??? root:rubyman
May  6 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337690 of user rubyman.
May  6 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[857]: pam_unix(su:session): session closed for user rubyman
May  6 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337690.
May  6 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: Failed password for invalid user guest from 45.152.112.15 port 41892 ssh2
May  6 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30132]: pam_unix(cron:session): session closed for user root
May  6 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user samftp
May  6 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[725]: Connection closed by 45.152.112.15 port 41892 [preauth]
May  6 02:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Invalid user worker from 45.152.112.15
May  6 02:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: input_userauth_request: invalid user worker [preauth]
May  6 02:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Failed password for invalid user worker from 45.152.112.15 port 50960 ssh2
May  6 02:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Connection closed by 45.152.112.15 port 50960 [preauth]
May  6 02:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session closed for user root
May  6 02:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: Invalid user flask from 45.152.112.15
May  6 02:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: input_userauth_request: invalid user flask [preauth]
May  6 02:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: Failed password for invalid user flask from 45.152.112.15 port 50938 ssh2
May  6 02:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1115]: Connection closed by 45.152.112.15 port 50938 [preauth]
May  6 02:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Invalid user kdf from 104.248.3.129
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: input_userauth_request: invalid user kdf [preauth]
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Invalid user nuri from 180.252.231.212
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: input_userauth_request: invalid user nuri [preauth]
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 02:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Failed password for invalid user kdf from 104.248.3.129 port 32986 ssh2
May  6 02:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Received disconnect from 104.248.3.129 port 32986:11: Bye Bye [preauth]
May  6 02:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1269]: Disconnected from 104.248.3.129 port 32986 [preauth]
May  6 02:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Failed password for invalid user nuri from 180.252.231.212 port 37280 ssh2
May  6 02:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Received disconnect from 180.252.231.212 port 37280:11: Bye Bye [preauth]
May  6 02:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1259]: Disconnected from 180.252.231.212 port 37280 [preauth]
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session closed for user p13x
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1351]: Successful su for rubyman by root
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1351]: + ??? root:rubyman
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337694 of user rubyman.
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1351]: pam_unix(su:session): session closed for user rubyman
May  6 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337694.
May  6 02:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Invalid user gpuadmin from 45.152.112.15
May  6 02:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: input_userauth_request: invalid user gpuadmin [preauth]
May  6 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30539]: pam_unix(cron:session): session closed for user root
May  6 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user samftp
May  6 02:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: Invalid user zabbix from 45.152.112.15
May  6 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: input_userauth_request: invalid user zabbix [preauth]
May  6 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Failed password for invalid user gpuadmin from 45.152.112.15 port 55240 ssh2
May  6 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Failed password for root from 218.92.0.179 port 55694 ssh2
May  6 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Failed password for root from 218.92.0.179 port 55694 ssh2
May  6 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Connection closed by 45.152.112.15 port 55240 [preauth]
May  6 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: Failed password for invalid user zabbix from 45.152.112.15 port 55248 ssh2
May  6 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Failed password for root from 218.92.0.179 port 55694 ssh2
May  6 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Received disconnect from 218.92.0.179 port 55694:11:  [preauth]
May  6 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: Disconnected from 218.92.0.179 port 55694 [preauth]
May  6 02:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1596]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 02:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: Connection closed by 45.152.112.15 port 55248 [preauth]
May  6 02:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Invalid user ramya from 96.92.63.243
May  6 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: input_userauth_request: invalid user ramya [preauth]
May  6 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user root
May  6 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Failed password for invalid user ramya from 96.92.63.243 port 39504 ssh2
May  6 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Received disconnect from 96.92.63.243 port 39504:11: Bye Bye [preauth]
May  6 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Disconnected from 96.92.63.243 port 39504 [preauth]
May  6 02:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Failed password for root from 45.152.112.15 port 58506 ssh2
May  6 02:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1580]: Connection closed by 45.152.112.15 port 58506 [preauth]
May  6 02:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Invalid user flask from 45.152.112.15
May  6 02:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: input_userauth_request: invalid user flask [preauth]
May  6 02:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Invalid user jayesh from 14.103.127.80
May  6 02:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: input_userauth_request: invalid user jayesh [preauth]
May  6 02:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 02:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Failed password for invalid user jayesh from 14.103.127.80 port 54788 ssh2
May  6 02:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Received disconnect from 14.103.127.80 port 54788:11: Bye Bye [preauth]
May  6 02:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Disconnected from 14.103.127.80 port 54788 [preauth]
May  6 02:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Invalid user gitlab from 45.152.112.15
May  6 02:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: input_userauth_request: invalid user gitlab [preauth]
May  6 02:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Failed password for invalid user flask from 45.152.112.15 port 32964 ssh2
May  6 02:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1775]: pam_unix(cron:session): session closed for user p13x
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: Successful su for rubyman by root
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: + ??? root:rubyman
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337701 of user rubyman.
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1848]: pam_unix(su:session): session closed for user rubyman
May  6 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337701.
May  6 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30999]: pam_unix(cron:session): session closed for user root
May  6 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1776]: pam_unix(cron:session): session closed for user samftp
May  6 02:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1682]: Connection closed by 45.152.112.15 port 32964 [preauth]
May  6 02:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Failed password for invalid user gitlab from 45.152.112.15 port 50228 ssh2
May  6 02:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1709]: Connection closed by 45.152.112.15 port 50228 [preauth]
May  6 02:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Invalid user testuser from 45.152.112.15
May  6 02:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: input_userauth_request: invalid user testuser [preauth]
May  6 02:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Failed password for invalid user testuser from 45.152.112.15 port 49392 ssh2
May  6 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[788]: pam_unix(cron:session): session closed for user root
May  6 02:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Connection closed by 45.152.112.15 port 49392 [preauth]
May  6 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Invalid user postgres from 45.152.112.15
May  6 02:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: input_userauth_request: invalid user postgres [preauth]
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session closed for user root
May  6 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2277]: pam_unix(cron:session): session closed for user p13x
May  6 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2346]: Successful su for rubyman by root
May  6 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2346]: + ??? root:rubyman
May  6 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337702 of user rubyman.
May  6 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2346]: pam_unix(su:session): session closed for user rubyman
May  6 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337702.
May  6 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: Invalid user jenkins from 45.152.112.15
May  6 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: input_userauth_request: invalid user jenkins [preauth]
May  6 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2279]: pam_unix(cron:session): session closed for user root
May  6 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31453]: pam_unix(cron:session): session closed for user root
May  6 02:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Failed password for invalid user postgres from 45.152.112.15 port 39536 ssh2
May  6 02:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2278]: pam_unix(cron:session): session closed for user samftp
May  6 02:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: Failed password for invalid user jenkins from 45.152.112.15 port 39550 ssh2
May  6 02:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2156]: Connection closed by 45.152.112.15 port 39536 [preauth]
May  6 02:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2178]: Connection closed by 45.152.112.15 port 39550 [preauth]
May  6 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1285]: pam_unix(cron:session): session closed for user root
May  6 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.211.138.55  user=root
May  6 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Failed password for root from 122.211.138.55 port 48596 ssh2
May  6 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Received disconnect from 122.211.138.55 port 48596:11: Bye Bye [preauth]
May  6 02:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Disconnected from 122.211.138.55 port 48596 [preauth]
May  6 02:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Invalid user admin from 45.152.112.15
May  6 02:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: input_userauth_request: invalid user admin [preauth]
May  6 02:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: Failed password for root from 45.152.112.15 port 55094 ssh2
May  6 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2226]: Connection closed by 45.152.112.15 port 55094 [preauth]
May  6 02:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Failed password for invalid user admin from 45.152.112.15 port 56652 ssh2
May  6 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Connection closed by 45.152.112.15 port 56652 [preauth]
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2756]: pam_unix(cron:session): session closed for user p13x
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: Successful su for rubyman by root
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: + ??? root:rubyman
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337709 of user rubyman.
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2827]: pam_unix(su:session): session closed for user rubyman
May  6 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337709.
May  6 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session closed for user root
May  6 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2757]: pam_unix(cron:session): session closed for user samftp
May  6 02:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Invalid user weblogic from 45.152.112.15
May  6 02:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: input_userauth_request: invalid user weblogic [preauth]
May  6 02:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Failed password for invalid user weblogic from 45.152.112.15 port 49030 ssh2
May  6 02:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2736]: Connection closed by 45.152.112.15 port 49030 [preauth]
May  6 02:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1778]: pam_unix(cron:session): session closed for user root
May  6 02:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Invalid user centos from 45.152.112.15
May  6 02:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: input_userauth_request: invalid user centos [preauth]
May  6 02:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Failed password for invalid user centos from 45.152.112.15 port 35972 ssh2
May  6 02:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3078]: Connection closed by 45.152.112.15 port 35972 [preauth]
May  6 02:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3181]: pam_unix(cron:session): session closed for user p13x
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3246]: Successful su for rubyman by root
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3246]: + ??? root:rubyman
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337712 of user rubyman.
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3246]: pam_unix(su:session): session closed for user rubyman
May  6 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337712.
May  6 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Invalid user steam from 45.152.112.15
May  6 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: input_userauth_request: invalid user steam [preauth]
May  6 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session closed for user root
May  6 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3182]: pam_unix(cron:session): session closed for user samftp
May  6 02:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Failed password for invalid user steam from 45.152.112.15 port 45418 ssh2
May  6 02:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3160]: Connection closed by 45.152.112.15 port 45418 [preauth]
May  6 02:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2281]: pam_unix(cron:session): session closed for user root
May  6 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Invalid user test from 45.152.112.15
May  6 02:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: input_userauth_request: invalid user test [preauth]
May  6 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Invalid user dingy from 104.248.3.129
May  6 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: input_userauth_request: invalid user dingy [preauth]
May  6 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Failed password for invalid user test from 45.152.112.15 port 37274 ssh2
May  6 02:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Failed password for invalid user dingy from 104.248.3.129 port 54046 ssh2
May  6 02:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Received disconnect from 104.248.3.129 port 54046:11: Bye Bye [preauth]
May  6 02:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3559]: Disconnected from 104.248.3.129 port 54046 [preauth]
May  6 02:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Connection closed by 45.152.112.15 port 37274 [preauth]
May  6 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Invalid user test from 45.152.112.15
May  6 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: input_userauth_request: invalid user test [preauth]
May  6 02:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3641]: pam_unix(cron:session): session closed for user p13x
May  6 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3700]: Successful su for rubyman by root
May  6 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3700]: + ??? root:rubyman
May  6 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337717 of user rubyman.
May  6 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3700]: pam_unix(su:session): session closed for user rubyman
May  6 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337717.
May  6 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Failed password for invalid user test from 45.152.112.15 port 50812 ssh2
May  6 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session closed for user root
May  6 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3642]: pam_unix(cron:session): session closed for user samftp
May  6 02:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3558]: Connection closed by 45.152.112.15 port 50812 [preauth]
May  6 02:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Invalid user ubnt from 80.94.95.241
May  6 02:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: input_userauth_request: invalid user ubnt [preauth]
May  6 02:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 02:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for invalid user ubnt from 80.94.95.241 port 63036 ssh2
May  6 02:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243  user=root
May  6 02:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for invalid user ubnt from 80.94.95.241 port 63036 ssh2
May  6 02:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Failed password for root from 96.92.63.243 port 48042 ssh2
May  6 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Received disconnect from 96.92.63.243 port 48042:11: Bye Bye [preauth]
May  6 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Disconnected from 96.92.63.243 port 48042 [preauth]
May  6 02:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for invalid user ubnt from 80.94.95.241 port 63036 ssh2
May  6 02:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for invalid user ubnt from 80.94.95.241 port 63036 ssh2
May  6 02:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for invalid user ubnt from 80.94.95.241 port 63036 ssh2
May  6 02:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Received disconnect from 80.94.95.241 port 63036:11: Bye [preauth]
May  6 02:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Disconnected from 80.94.95.241 port 63036 [preauth]
May  6 02:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 02:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 02:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: Failed password for root from 45.152.112.15 port 39922 ssh2
May  6 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2759]: pam_unix(cron:session): session closed for user root
May  6 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: Connection closed by 45.152.112.15 port 39922 [preauth]
May  6 02:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: Invalid user centos from 45.152.112.15
May  6 02:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: input_userauth_request: invalid user centos [preauth]
May  6 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: Failed password for invalid user centos from 45.152.112.15 port 46354 ssh2
May  6 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: Invalid user tomcat from 45.152.112.15
May  6 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: input_userauth_request: invalid user tomcat [preauth]
May  6 02:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3906]: Connection closed by 45.152.112.15 port 46354 [preauth]
May  6 02:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: Failed password for invalid user tomcat from 45.152.112.15 port 39986 ssh2
May  6 02:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Invalid user july from 180.252.231.212
May  6 02:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: input_userauth_request: invalid user july [preauth]
May  6 02:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 02:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Failed password for invalid user july from 180.252.231.212 port 39712 ssh2
May  6 02:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Received disconnect from 180.252.231.212 port 39712:11: Bye Bye [preauth]
May  6 02:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Disconnected from 180.252.231.212 port 39712 [preauth]
May  6 02:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3946]: Connection closed by 45.152.112.15 port 39986 [preauth]
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4078]: pam_unix(cron:session): session closed for user p13x
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: Successful su for rubyman by root
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: + ??? root:rubyman
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337722 of user rubyman.
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4141]: pam_unix(su:session): session closed for user rubyman
May  6 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337722.
May  6 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session closed for user root
May  6 02:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: User mysql from 45.152.112.15 not allowed because not listed in AllowUsers
May  6 02:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: input_userauth_request: invalid user mysql [preauth]
May  6 02:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session closed for user samftp
May  6 02:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=mysql
May  6 02:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for invalid user mysql from 45.152.112.15 port 59502 ssh2
May  6 02:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Connection closed by 45.152.112.15 port 59502 [preauth]
May  6 02:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3184]: pam_unix(cron:session): session closed for user root
May  6 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Failed password for root from 45.152.112.15 port 40226 ssh2
May  6 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Connection closed by 45.152.112.15 port 40226 [preauth]
May  6 02:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Failed password for root from 45.152.112.15 port 37072 ssh2
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4652]: pam_unix(cron:session): session closed for user root
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4646]: pam_unix(cron:session): session closed for user p13x
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: Successful su for rubyman by root
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: + ??? root:rubyman
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337725 of user rubyman.
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4722]: pam_unix(su:session): session closed for user rubyman
May  6 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337725.
May  6 02:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4649]: pam_unix(cron:session): session closed for user root
May  6 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1777]: pam_unix(cron:session): session closed for user root
May  6 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4647]: pam_unix(cron:session): session closed for user samftp
May  6 02:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Connection closed by 45.152.112.15 port 37072 [preauth]
May  6 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Invalid user zabbix from 45.152.112.15
May  6 02:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: input_userauth_request: invalid user zabbix [preauth]
May  6 02:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: Invalid user kubernetes from 45.152.112.15
May  6 02:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: input_userauth_request: invalid user kubernetes [preauth]
May  6 02:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Failed password for invalid user zabbix from 45.152.112.15 port 59702 ssh2
May  6 02:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session closed for user root
May  6 02:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4589]: Connection closed by 45.152.112.15 port 59702 [preauth]
May  6 02:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: Failed password for invalid user kubernetes from 45.152.112.15 port 41724 ssh2
May  6 02:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Invalid user observer from 45.152.112.15
May  6 02:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: input_userauth_request: invalid user observer [preauth]
May  6 02:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4605]: Connection closed by 45.152.112.15 port 41724 [preauth]
May  6 02:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Failed password for invalid user observer from 45.152.112.15 port 34366 ssh2
May  6 02:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4847]: Connection closed by 45.152.112.15 port 34366 [preauth]
May  6 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session closed for user p13x
May  6 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5370]: Successful su for rubyman by root
May  6 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5370]: + ??? root:rubyman
May  6 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337733 of user rubyman.
May  6 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5370]: pam_unix(su:session): session closed for user rubyman
May  6 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337733.
May  6 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2280]: pam_unix(cron:session): session closed for user root
May  6 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Invalid user hadoop from 45.152.112.15
May  6 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: input_userauth_request: invalid user hadoop [preauth]
May  6 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session closed for user samftp
May  6 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Invalid user tobias from 122.211.138.55
May  6 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: input_userauth_request: invalid user tobias [preauth]
May  6 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.211.138.55
May  6 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Failed password for invalid user tobias from 122.211.138.55 port 57572 ssh2
May  6 02:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Received disconnect from 122.211.138.55 port 57572:11: Bye Bye [preauth]
May  6 02:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5615]: Disconnected from 122.211.138.55 port 57572 [preauth]
May  6 02:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Failed password for invalid user hadoop from 45.152.112.15 port 52784 ssh2
May  6 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5283]: Connection closed by 45.152.112.15 port 52784 [preauth]
May  6 02:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Invalid user bot from 45.152.112.15
May  6 02:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: input_userauth_request: invalid user bot [preauth]
May  6 02:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Failed password for invalid user bot from 45.152.112.15 port 50292 ssh2
May  6 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4082]: pam_unix(cron:session): session closed for user root
May  6 02:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Connection closed by 45.152.112.15 port 50292 [preauth]
May  6 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Invalid user debianuser from 45.152.112.15
May  6 02:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: input_userauth_request: invalid user debianuser [preauth]
May  6 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user debianuser from 45.152.112.15 port 39038 ssh2
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5778]: pam_unix(cron:session): session closed for user p13x
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5926]: Successful su for rubyman by root
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5926]: + ??? root:rubyman
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337734 of user rubyman.
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5926]: pam_unix(su:session): session closed for user rubyman
May  6 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337734.
May  6 02:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Connection closed by 45.152.112.15 port 39038 [preauth]
May  6 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2758]: pam_unix(cron:session): session closed for user root
May  6 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5779]: pam_unix(cron:session): session closed for user samftp
May  6 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Invalid user ranger from 45.152.112.15
May  6 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: input_userauth_request: invalid user ranger [preauth]
May  6 02:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Failed password for invalid user ranger from 45.152.112.15 port 59392 ssh2
May  6 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5767]: Connection closed by 45.152.112.15 port 59392 [preauth]
May  6 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Invalid user oracle from 45.152.112.15
May  6 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: input_userauth_request: invalid user oracle [preauth]
May  6 02:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Failed password for invalid user oracle from 45.152.112.15 port 36324 ssh2
May  6 02:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4651]: pam_unix(cron:session): session closed for user root
May  6 02:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Connection closed by 45.152.112.15 port 36324 [preauth]
May  6 02:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Invalid user iexcel from 104.248.3.129
May  6 02:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: input_userauth_request: invalid user iexcel [preauth]
May  6 02:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 02:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Failed password for invalid user iexcel from 104.248.3.129 port 59288 ssh2
May  6 02:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Received disconnect from 104.248.3.129 port 59288:11: Bye Bye [preauth]
May  6 02:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6235]: Disconnected from 104.248.3.129 port 59288 [preauth]
May  6 02:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: User ftp from 45.152.112.15 not allowed because not listed in AllowUsers
May  6 02:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: input_userauth_request: invalid user ftp [preauth]
May  6 02:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=ftp
May  6 02:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: Failed password for invalid user ftp from 45.152.112.15 port 42348 ssh2
May  6 02:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: Connection closed by 45.152.112.15 port 42348 [preauth]
May  6 02:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Invalid user marko from 96.92.63.243
May  6 02:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: input_userauth_request: invalid user marko [preauth]
May  6 02:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 02:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Failed password for invalid user marko from 96.92.63.243 port 56548 ssh2
May  6 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Received disconnect from 96.92.63.243 port 56548:11: Bye Bye [preauth]
May  6 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Disconnected from 96.92.63.243 port 56548 [preauth]
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6293]: pam_unix(cron:session): session closed for user p13x
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: Successful su for rubyman by root
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: + ??? root:rubyman
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337739 of user rubyman.
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6355]: pam_unix(su:session): session closed for user rubyman
May  6 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337739.
May  6 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3183]: pam_unix(cron:session): session closed for user root
May  6 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6294]: pam_unix(cron:session): session closed for user samftp
May  6 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Invalid user elastic from 45.152.112.15
May  6 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: input_userauth_request: invalid user elastic [preauth]
May  6 02:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Failed password for invalid user elastic from 45.152.112.15 port 48648 ssh2
May  6 02:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection closed by 45.152.112.15 port 48648 [preauth]
May  6 02:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Failed password for root from 45.152.112.15 port 50724 ssh2
May  6 02:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session closed for user root
May  6 02:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Connection closed by 45.152.112.15 port 50724 [preauth]
May  6 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: Invalid user admin from 45.152.112.15
May  6 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: input_userauth_request: invalid user admin [preauth]
May  6 02:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: Failed password for invalid user admin from 45.152.112.15 port 49508 ssh2
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session closed for user p13x
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: Successful su for rubyman by root
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: + ??? root:rubyman
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337742 of user rubyman.
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6765]: pam_unix(su:session): session closed for user rubyman
May  6 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337742.
May  6 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: Connection closed by 45.152.112.15 port 49508 [preauth]
May  6 02:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session closed for user root
May  6 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6703]: pam_unix(cron:session): session closed for user samftp
May  6 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Invalid user default from 45.152.112.15
May  6 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: input_userauth_request: invalid user default [preauth]
May  6 02:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Failed password for invalid user default from 45.152.112.15 port 50540 ssh2
May  6 02:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6691]: Connection closed by 45.152.112.15 port 50540 [preauth]
May  6 02:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Invalid user tomcat from 45.152.112.15
May  6 02:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: input_userauth_request: invalid user tomcat [preauth]
May  6 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5781]: pam_unix(cron:session): session closed for user root
May  6 02:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Failed password for invalid user tomcat from 45.152.112.15 port 50902 ssh2
May  6 02:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Connection closed by 45.152.112.15 port 50902 [preauth]
May  6 02:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Invalid user gitlab from 45.152.112.15
May  6 02:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: input_userauth_request: invalid user gitlab [preauth]
May  6 02:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: pam_unix(sshd:auth): check pass; user unknown
May  6 02:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 02:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Failed password for invalid user gitlab from 45.152.112.15 port 39868 ssh2
May  6 02:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Connection closed by 45.152.112.15 port 39868 [preauth]
May  6 02:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 02:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 03:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Failed password for root from 180.252.231.212 port 34566 ssh2
May  6 03:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Received disconnect from 180.252.231.212 port 34566:11: Bye Bye [preauth]
May  6 03:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Disconnected from 180.252.231.212 port 34566 [preauth]
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7239]: pam_unix(cron:session): session closed for user root
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7235]: pam_unix(cron:session): session closed for user root
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7233]: pam_unix(cron:session): session closed for user p13x
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: Successful su for rubyman by root
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: + ??? root:rubyman
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337751 of user rubyman.
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7323]: pam_unix(su:session): session closed for user rubyman
May  6 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337751.
May  6 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session closed for user root
May  6 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4081]: pam_unix(cron:session): session closed for user root
May  6 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Failed password for root from 45.152.112.15 port 35784 ssh2
May  6 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7234]: pam_unix(cron:session): session closed for user samftp
May  6 03:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Connection closed by 45.152.112.15 port 35784 [preauth]
May  6 03:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: Invalid user hadoop from 45.152.112.15
May  6 03:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: input_userauth_request: invalid user hadoop [preauth]
May  6 03:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6296]: pam_unix(cron:session): session closed for user root
May  6 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: Failed password for invalid user hadoop from 45.152.112.15 port 32920 ssh2
May  6 03:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7385]: Connection closed by 45.152.112.15 port 32920 [preauth]
May  6 03:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Received disconnect from 41.59.82.183 port 15793:11: Bye Bye [preauth]
May  6 03:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Disconnected from 41.59.82.183 port 15793 [preauth]
May  6 03:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: Invalid user tools from 45.152.112.15
May  6 03:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: input_userauth_request: invalid user tools [preauth]
May  6 03:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: Failed password for invalid user tools from 45.152.112.15 port 34216 ssh2
May  6 03:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7781]: Connection closed by 45.152.112.15 port 34216 [preauth]
May  6 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user p13x
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: Successful su for rubyman by root
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: + ??? root:rubyman
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337754 of user rubyman.
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7919]: pam_unix(su:session): session closed for user rubyman
May  6 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337754.
May  6 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4650]: pam_unix(cron:session): session closed for user root
May  6 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user samftp
May  6 03:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Invalid user admin from 45.152.112.15
May  6 03:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: input_userauth_request: invalid user admin [preauth]
May  6 03:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Failed password for invalid user admin from 45.152.112.15 port 42778 ssh2
May  6 03:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7839]: Connection closed by 45.152.112.15 port 42778 [preauth]
May  6 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6705]: pam_unix(cron:session): session closed for user root
May  6 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Invalid user www from 45.152.112.15
May  6 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: input_userauth_request: invalid user www [preauth]
May  6 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Failed password for invalid user www from 45.152.112.15 port 37808 ssh2
May  6 03:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8165]: Connection closed by 45.152.112.15 port 37808 [preauth]
May  6 03:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session closed for user p13x
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: Successful su for rubyman by root
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: + ??? root:rubyman
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337759 of user rubyman.
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: pam_unix(su:session): session closed for user rubyman
May  6 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337759.
May  6 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Failed password for root from 45.152.112.15 port 43684 ssh2
May  6 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5306]: pam_unix(cron:session): session closed for user root
May  6 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session closed for user samftp
May  6 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Connection closed by 45.152.112.15 port 43684 [preauth]
May  6 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for root from 45.152.112.15 port 57260 ssh2
May  6 03:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Connection closed by 45.152.112.15 port 57260 [preauth]
May  6 03:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243  user=root
May  6 03:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Invalid user venus from 104.248.3.129
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: input_userauth_request: invalid user venus [preauth]
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: Failed password for root from 96.92.63.243 port 36826 ssh2
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: Received disconnect from 96.92.63.243 port 36826:11: Bye Bye [preauth]
May  6 03:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8615]: Disconnected from 96.92.63.243 port 36826 [preauth]
May  6 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Invalid user es from 45.152.112.15
May  6 03:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: input_userauth_request: invalid user es [preauth]
May  6 03:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Failed password for invalid user venus from 104.248.3.129 port 55960 ssh2
May  6 03:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Received disconnect from 104.248.3.129 port 55960:11: Bye Bye [preauth]
May  6 03:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8626]: Disconnected from 104.248.3.129 port 55960 [preauth]
May  6 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session closed for user root
May  6 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Failed password for invalid user es from 45.152.112.15 port 60646 ssh2
May  6 03:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8564]: Connection closed by 45.152.112.15 port 60646 [preauth]
May  6 03:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for root from 45.152.112.15 port 38420 ssh2
May  6 03:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Connection closed by 45.152.112.15 port 38420 [preauth]
May  6 03:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8732]: pam_unix(cron:session): session closed for user p13x
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: Successful su for rubyman by root
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: + ??? root:rubyman
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337763 of user rubyman.
May  6 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8794]: pam_unix(su:session): session closed for user rubyman
May  6 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337763.
May  6 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5780]: pam_unix(cron:session): session closed for user root
May  6 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Invalid user oracle from 45.152.112.15
May  6 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: input_userauth_request: invalid user oracle [preauth]
May  6 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session closed for user samftp
May  6 03:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Failed password for invalid user oracle from 45.152.112.15 port 50648 ssh2
May  6 03:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Invalid user uftp from 45.152.112.15
May  6 03:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: input_userauth_request: invalid user uftp [preauth]
May  6 03:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8692]: Connection closed by 45.152.112.15 port 50648 [preauth]
May  6 03:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Failed password for invalid user uftp from 45.152.112.15 port 52702 ssh2
May  6 03:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8721]: Connection closed by 45.152.112.15 port 52702 [preauth]
May  6 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user root
May  6 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Invalid user flink from 45.152.112.15
May  6 03:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: input_userauth_request: invalid user flink [preauth]
May  6 03:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Failed password for invalid user flink from 45.152.112.15 port 41488 ssh2
May  6 03:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Connection closed by 41.59.82.183 port 15794 [preauth]
May  6 03:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9009]: Connection closed by 45.152.112.15 port 41488 [preauth]
May  6 03:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Invalid user gitlab-runner from 45.152.112.15
May  6 03:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: input_userauth_request: invalid user gitlab-runner [preauth]
May  6 03:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9233]: pam_unix(cron:session): session closed for user p13x
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: Successful su for rubyman by root
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: + ??? root:rubyman
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337765 of user rubyman.
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9327]: pam_unix(su:session): session closed for user rubyman
May  6 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337765.
May  6 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Failed password for invalid user gitlab-runner from 45.152.112.15 port 39860 ssh2
May  6 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6295]: pam_unix(cron:session): session closed for user root
May  6 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9234]: pam_unix(cron:session): session closed for user samftp
May  6 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9082]: Connection closed by 45.152.112.15 port 39860 [preauth]
May  6 03:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: Invalid user es from 45.152.112.15
May  6 03:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: input_userauth_request: invalid user es [preauth]
May  6 03:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: Failed password for invalid user es from 45.152.112.15 port 44064 ssh2
May  6 03:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9231]: Connection closed by 45.152.112.15 port 44064 [preauth]
May  6 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: Invalid user oracle from 45.152.112.15
May  6 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: input_userauth_request: invalid user oracle [preauth]
May  6 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8288]: pam_unix(cron:session): session closed for user root
May  6 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: Failed password for invalid user oracle from 45.152.112.15 port 50530 ssh2
May  6 03:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9547]: Connection closed by 45.152.112.15 port 50530 [preauth]
May  6 03:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9675]: pam_unix(cron:session): session closed for user root
May  6 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9668]: pam_unix(cron:session): session closed for user p13x
May  6 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9742]: Successful su for rubyman by root
May  6 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9742]: + ??? root:rubyman
May  6 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337771 of user rubyman.
May  6 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9742]: pam_unix(su:session): session closed for user rubyman
May  6 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337771.
May  6 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9670]: pam_unix(cron:session): session closed for user root
May  6 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6704]: pam_unix(cron:session): session closed for user root
May  6 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9669]: pam_unix(cron:session): session closed for user samftp
May  6 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Invalid user ubnt from 45.152.112.15
May  6 03:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: input_userauth_request: invalid user ubnt [preauth]
May  6 03:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: Invalid user nvidia from 45.152.112.15
May  6 03:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: input_userauth_request: invalid user nvidia [preauth]
May  6 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Failed password for invalid user ubnt from 45.152.112.15 port 36086 ssh2
May  6 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: Failed password for invalid user nvidia from 45.152.112.15 port 60806 ssh2
May  6 03:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: Connection closed by 45.152.112.15 port 36086 [preauth]
May  6 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session closed for user root
May  6 03:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Failed password for root from 45.152.112.15 port 44954 ssh2
May  6 03:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9614]: Connection closed by 45.152.112.15 port 60806 [preauth]
May  6 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9656]: Connection closed by 45.152.112.15 port 44954 [preauth]
May  6 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212  user=root
May  6 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10113]: pam_unix(cron:session): session closed for user p13x
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: Successful su for rubyman by root
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: + ??? root:rubyman
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Failed password for root from 180.252.231.212 port 49190 ssh2
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337776 of user rubyman.
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session closed for user rubyman
May  6 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337776.
May  6 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Received disconnect from 180.252.231.212 port 49190:11: Bye Bye [preauth]
May  6 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Disconnected from 180.252.231.212 port 49190 [preauth]
May  6 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7237]: pam_unix(cron:session): session closed for user root
May  6 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10114]: pam_unix(cron:session): session closed for user samftp
May  6 03:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Invalid user developer from 45.152.112.15
May  6 03:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: input_userauth_request: invalid user developer [preauth]
May  6 03:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Failed password for root from 45.152.112.15 port 50126 ssh2
May  6 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9987]: Connection closed by 45.152.112.15 port 50126 [preauth]
May  6 03:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Failed password for invalid user developer from 45.152.112.15 port 52768 ssh2
May  6 03:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10061]: Connection closed by 45.152.112.15 port 52768 [preauth]
May  6 03:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9236]: pam_unix(cron:session): session closed for user root
May  6 03:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Failed password for root from 45.152.112.15 port 52744 ssh2
May  6 03:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Connection closed by 45.152.112.15 port 52744 [preauth]
May  6 03:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: User ftp from 45.152.112.15 not allowed because not listed in AllowUsers
May  6 03:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: input_userauth_request: invalid user ftp [preauth]
May  6 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Invalid user admin from 80.94.95.125
May  6 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: input_userauth_request: invalid user admin [preauth]
May  6 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Failed none for invalid user admin from 80.94.95.125 port 28805 ssh2
May  6 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 03:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Failed password for invalid user admin from 80.94.95.125 port 28805 ssh2
May  6 03:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=ftp
May  6 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243  user=root
May  6 03:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Failed password for invalid user admin from 80.94.95.125 port 28805 ssh2
May  6 03:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: Failed password for invalid user ftp from 45.152.112.15 port 49980 ssh2
May  6 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: Failed password for root from 96.92.63.243 port 45302 ssh2
May  6 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: Received disconnect from 96.92.63.243 port 45302:11: Bye Bye [preauth]
May  6 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10648]: Disconnected from 96.92.63.243 port 45302 [preauth]
May  6 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Invalid user mongodb from 45.152.112.15
May  6 03:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: input_userauth_request: invalid user mongodb [preauth]
May  6 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Failed password for invalid user admin from 80.94.95.125 port 28805 ssh2
May  6 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session closed for user p13x
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: Successful su for rubyman by root
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: + ??? root:rubyman
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337779 of user rubyman.
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10766]: pam_unix(su:session): session closed for user rubyman
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Failed password for invalid user admin from 80.94.95.125 port 28805 ssh2
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337779.
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Received disconnect from 80.94.95.125 port 28805:11: Bye [preauth]
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: Disconnected from 80.94.95.125 port 28805 [preauth]
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10638]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session closed for user root
May  6 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: Connection closed by 45.152.112.15 port 49980 [preauth]
May  6 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session closed for user samftp
May  6 03:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Failed password for invalid user mongodb from 45.152.112.15 port 39214 ssh2
May  6 03:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10567]: Connection closed by 45.152.112.15 port 39214 [preauth]
May  6 03:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: Invalid user mongodb from 45.152.112.15
May  6 03:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: input_userauth_request: invalid user mongodb [preauth]
May  6 03:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Invalid user xjy from 104.248.3.129
May  6 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: input_userauth_request: invalid user xjy [preauth]
May  6 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129
May  6 03:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Failed password for invalid user xjy from 104.248.3.129 port 37208 ssh2
May  6 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Received disconnect from 104.248.3.129 port 37208:11: Bye Bye [preauth]
May  6 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10975]: Disconnected from 104.248.3.129 port 37208 [preauth]
May  6 03:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: Failed password for invalid user mongodb from 45.152.112.15 port 58356 ssh2
May  6 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9673]: pam_unix(cron:session): session closed for user root
May  6 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10632]: Connection closed by 45.152.112.15 port 58356 [preauth]
May  6 03:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 03:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Failed password for root from 218.92.0.207 port 38258 ssh2
May  6 03:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: message repeated 2 times: [ Failed password for root from 218.92.0.207 port 38258 ssh2]
May  6 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Invalid user app from 45.152.112.15
May  6 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: input_userauth_request: invalid user app [preauth]
May  6 03:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Failed password for root from 218.92.0.207 port 38258 ssh2
May  6 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Failed password for root from 218.92.0.207 port 38258 ssh2
May  6 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 38258 ssh2 [preauth]
May  6 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Disconnecting: Too many authentication failures [preauth]
May  6 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 03:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 03:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Failed password for invalid user app from 45.152.112.15 port 42824 ssh2
May  6 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user p13x
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Failed password for root from 45.152.112.15 port 33248 ssh2
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: Successful su for rubyman by root
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: + ??? root:rubyman
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337783 of user rubyman.
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11167]: pam_unix(su:session): session closed for user rubyman
May  6 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337783.
May  6 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10964]: Connection closed by 45.152.112.15 port 42824 [preauth]
May  6 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session closed for user root
May  6 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session closed for user samftp
May  6 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Invalid user www from 45.152.112.15
May  6 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: input_userauth_request: invalid user www [preauth]
May  6 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10973]: Connection closed by 45.152.112.15 port 33248 [preauth]
May  6 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for invalid user www from 45.152.112.15 port 53930 ssh2
May  6 03:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Connection closed by 45.152.112.15 port 53930 [preauth]
May  6 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Invalid user sonar from 45.152.112.15
May  6 03:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: input_userauth_request: invalid user sonar [preauth]
May  6 03:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for invalid user sonar from 45.152.112.15 port 43136 ssh2
May  6 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10116]: pam_unix(cron:session): session closed for user root
May  6 03:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Connection closed by 45.152.112.15 port 43136 [preauth]
May  6 03:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Invalid user elasticsearch from 45.152.112.15
May  6 03:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 03:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Invalid user docker from 45.152.112.15
May  6 03:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: input_userauth_request: invalid user docker [preauth]
May  6 03:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Failed password for invalid user elasticsearch from 45.152.112.15 port 42708 ssh2
May  6 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user p13x
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: Successful su for rubyman by root
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: + ??? root:rubyman
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337787 of user rubyman.
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11634]: pam_unix(su:session): session closed for user rubyman
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337787.
May  6 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user root
May  6 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session closed for user root
May  6 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11378]: Connection closed by 45.152.112.15 port 42708 [preauth]
May  6 03:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Failed password for invalid user docker from 45.152.112.15 port 42710 ssh2
May  6 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11510]: pam_unix(cron:session): session closed for user samftp
May  6 03:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11389]: Connection closed by 45.152.112.15 port 42710 [preauth]
May  6 03:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: Failed password for root from 45.152.112.15 port 54240 ssh2
May  6 03:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11464]: Connection closed by 45.152.112.15 port 54240 [preauth]
May  6 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Invalid user postgres from 45.152.112.15
May  6 03:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: input_userauth_request: invalid user postgres [preauth]
May  6 03:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session closed for user root
May  6 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Failed password for invalid user postgres from 45.152.112.15 port 45672 ssh2
May  6 03:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11826]: Connection closed by 45.152.112.15 port 45672 [preauth]
May  6 03:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Invalid user dev from 45.152.112.15
May  6 03:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: input_userauth_request: invalid user dev [preauth]
May  6 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user dev from 45.152.112.15 port 34146 ssh2
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session closed for user root
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session closed for user p13x
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: Successful su for rubyman by root
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: + ??? root:rubyman
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337793 of user rubyman.
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12060]: pam_unix(su:session): session closed for user rubyman
May  6 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337793.
May  6 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user root
May  6 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Connection closed by 45.152.112.15 port 34146 [preauth]
May  6 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9235]: pam_unix(cron:session): session closed for user root
May  6 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Invalid user guest from 45.152.112.15
May  6 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: input_userauth_request: invalid user guest [preauth]
May  6 03:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user samftp
May  6 03:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Failed password for invalid user guest from 45.152.112.15 port 56670 ssh2
May  6 03:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Invalid user tomcat from 45.152.112.15
May  6 03:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: input_userauth_request: invalid user tomcat [preauth]
May  6 03:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11916]: Connection closed by 45.152.112.15 port 56670 [preauth]
May  6 03:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Failed password for invalid user tomcat from 45.152.112.15 port 46044 ssh2
May  6 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user root
May  6 03:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Invalid user elsearch from 45.152.112.15
May  6 03:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: input_userauth_request: invalid user elsearch [preauth]
May  6 03:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Connection closed by 45.152.112.15 port 46044 [preauth]
May  6 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Failed password for invalid user elsearch from 45.152.112.15 port 51294 ssh2
May  6 03:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12251]: Connection closed by 45.152.112.15 port 51294 [preauth]
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12431]: pam_unix(cron:session): session closed for user p13x
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12496]: Successful su for rubyman by root
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12496]: + ??? root:rubyman
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337799 of user rubyman.
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12496]: pam_unix(su:session): session closed for user rubyman
May  6 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337799.
May  6 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Invalid user git from 45.152.112.15
May  6 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: input_userauth_request: invalid user git [preauth]
May  6 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9672]: pam_unix(cron:session): session closed for user root
May  6 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Failed password for invalid user git from 45.152.112.15 port 34050 ssh2
May  6 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12432]: pam_unix(cron:session): session closed for user samftp
May  6 03:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12382]: Connection closed by 45.152.112.15 port 34050 [preauth]
May  6 03:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Invalid user vagrant from 45.152.112.15
May  6 03:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: input_userauth_request: invalid user vagrant [preauth]
May  6 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Failed password for invalid user vagrant from 45.152.112.15 port 42102 ssh2
May  6 03:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session closed for user root
May  6 03:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Connection closed by 45.152.112.15 port 42102 [preauth]
May  6 03:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Invalid user dev from 96.92.63.243
May  6 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: input_userauth_request: invalid user dev [preauth]
May  6 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Failed password for invalid user dev from 96.92.63.243 port 53842 ssh2
May  6 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Received disconnect from 96.92.63.243 port 53842:11: Bye Bye [preauth]
May  6 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Disconnected from 96.92.63.243 port 53842 [preauth]
May  6 03:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Invalid user esuser from 45.152.112.15
May  6 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: input_userauth_request: invalid user esuser [preauth]
May  6 03:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for invalid user esuser from 45.152.112.15 port 52988 ssh2
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Connection closed by 45.152.112.15 port 52988 [preauth]
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12834]: pam_unix(cron:session): session closed for user p13x
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Invalid user ftpuser from 45.152.112.15
May  6 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: input_userauth_request: invalid user ftpuser [preauth]
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: Successful su for rubyman by root
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: + ??? root:rubyman
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337804 of user rubyman.
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: pam_unix(su:session): session closed for user rubyman
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337804.
May  6 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Invalid user lys from 180.252.231.212
May  6 03:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: input_userauth_request: invalid user lys [preauth]
May  6 03:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10115]: pam_unix(cron:session): session closed for user root
May  6 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Failed password for invalid user lys from 180.252.231.212 port 46872 ssh2
May  6 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Received disconnect from 180.252.231.212 port 46872:11: Bye Bye [preauth]
May  6 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12904]: Disconnected from 180.252.231.212 port 46872 [preauth]
May  6 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Failed password for invalid user ftpuser from 45.152.112.15 port 41872 ssh2
May  6 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12835]: pam_unix(cron:session): session closed for user samftp
May  6 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.3.129  user=root
May  6 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: Failed password for root from 104.248.3.129 port 52642 ssh2
May  6 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Connection closed by 45.152.112.15 port 41872 [preauth]
May  6 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: Received disconnect from 104.248.3.129 port 52642:11: Bye Bye [preauth]
May  6 03:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13083]: Disconnected from 104.248.3.129 port 52642 [preauth]
May  6 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: Bad protocol version identification '\026\003\001' from 65.49.1.206 port 3671
May  6 03:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Invalid user esuser from 45.152.112.15
May  6 03:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: input_userauth_request: invalid user esuser [preauth]
May  6 03:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Failed password for invalid user esuser from 45.152.112.15 port 38280 ssh2
May  6 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user root
May  6 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13085]: Connection closed by 45.152.112.15 port 38280 [preauth]
May  6 03:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Failed password for root from 218.92.0.179 port 48156 ssh2
May  6 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 48156 ssh2]
May  6 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Received disconnect from 218.92.0.179 port 48156:11:  [preauth]
May  6 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Disconnected from 218.92.0.179 port 48156 [preauth]
May  6 03:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Failed password for root from 45.152.112.15 port 33422 ssh2
May  6 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Connection closed by 45.152.112.15 port 33422 [preauth]
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13236]: pam_unix(cron:session): session closed for user p13x
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13303]: Successful su for rubyman by root
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13303]: + ??? root:rubyman
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337806 of user rubyman.
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13303]: pam_unix(su:session): session closed for user rubyman
May  6 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337806.
May  6 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: Invalid user worker from 45.152.112.15
May  6 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: input_userauth_request: invalid user worker [preauth]
May  6 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session closed for user root
May  6 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13237]: pam_unix(cron:session): session closed for user samftp
May  6 03:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: Failed password for invalid user worker from 45.152.112.15 port 47568 ssh2
May  6 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13209]: Connection closed by 45.152.112.15 port 47568 [preauth]
May  6 03:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Invalid user ftpuser from 45.152.112.15
May  6 03:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: input_userauth_request: invalid user ftpuser [preauth]
May  6 03:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Failed password for invalid user ftpuser from 45.152.112.15 port 36872 ssh2
May  6 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13643]: Connection closed by 41.59.82.183 port 15797 [preauth]
May  6 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12434]: pam_unix(cron:session): session closed for user root
May  6 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Connection closed by 45.152.112.15 port 36872 [preauth]
May  6 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Invalid user admin from 45.152.112.15
May  6 03:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: input_userauth_request: invalid user admin [preauth]
May  6 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Failed password for invalid user admin from 45.152.112.15 port 60742 ssh2
May  6 03:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Connection closed by 45.152.112.15 port 60742 [preauth]
May  6 03:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Invalid user steam from 45.152.112.15
May  6 03:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: input_userauth_request: invalid user steam [preauth]
May  6 03:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Failed password for invalid user steam from 45.152.112.15 port 55374 ssh2
May  6 03:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Connection closed by 45.152.112.15 port 55374 [preauth]
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user p13x
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: Successful su for rubyman by root
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: + ??? root:rubyman
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337811 of user rubyman.
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: pam_unix(su:session): session closed for user rubyman
May  6 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337811.
May  6 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user root
May  6 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session closed for user samftp
May  6 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Invalid user es from 45.152.112.15
May  6 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: input_userauth_request: invalid user es [preauth]
May  6 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Failed password for root from 218.92.0.179 port 32906 ssh2
May  6 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Invalid user admin from 80.94.95.112
May  6 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: input_userauth_request: invalid user admin [preauth]
May  6 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Failed password for root from 218.92.0.179 port 32906 ssh2
May  6 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user admin from 80.94.95.112 port 65321 ssh2
May  6 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Failed password for root from 218.92.0.179 port 32906 ssh2
May  6 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Received disconnect from 218.92.0.179 port 32906:11:  [preauth]
May  6 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: Disconnected from 218.92.0.179 port 32906 [preauth]
May  6 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13954]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user admin from 80.94.95.112 port 65321 ssh2
May  6 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user admin from 80.94.95.112 port 65321 ssh2
May  6 03:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Failed password for invalid user es from 45.152.112.15 port 58984 ssh2
May  6 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user admin from 80.94.95.112 port 65321 ssh2
May  6 03:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Failed password for invalid user admin from 80.94.95.112 port 65321 ssh2
May  6 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Received disconnect from 80.94.95.112 port 65321:11: Bye [preauth]
May  6 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: Disconnected from 80.94.95.112 port 65321 [preauth]
May  6 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 03:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14002]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 03:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13729]: Connection closed by 45.152.112.15 port 58984 [preauth]
May  6 03:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Failed password for root from 45.152.112.15 port 33652 ssh2
May  6 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session closed for user root
May  6 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Invalid user debian from 14.103.127.80
May  6 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: input_userauth_request: invalid user debian [preauth]
May  6 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Failed password for invalid user debian from 14.103.127.80 port 51600 ssh2
May  6 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Received disconnect from 14.103.127.80 port 51600:11: Bye Bye [preauth]
May  6 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Disconnected from 14.103.127.80 port 51600 [preauth]
May  6 03:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Connection closed by 45.152.112.15 port 33652 [preauth]
May  6 03:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Invalid user deploy from 45.152.112.15
May  6 03:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: input_userauth_request: invalid user deploy [preauth]
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14176]: pam_unix(cron:session): session closed for user root
May  6 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session closed for user p13x
May  6 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14240]: Successful su for rubyman by root
May  6 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14240]: + ??? root:rubyman
May  6 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337815 of user rubyman.
May  6 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14240]: pam_unix(su:session): session closed for user rubyman
May  6 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337815.
May  6 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user root
May  6 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user root
May  6 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session closed for user samftp
May  6 03:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: Invalid user demo from 45.152.112.15
May  6 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: input_userauth_request: invalid user demo [preauth]
May  6 03:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Failed password for invalid user deploy from 45.152.112.15 port 41874 ssh2
May  6 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14046]: Connection closed by 45.152.112.15 port 41874 [preauth]
May  6 03:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: Failed password for invalid user demo from 45.152.112.15 port 51156 ssh2
May  6 03:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13239]: pam_unix(cron:session): session closed for user root
May  6 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Invalid user deploy from 45.152.112.15
May  6 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: input_userauth_request: invalid user deploy [preauth]
May  6 03:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14069]: Connection closed by 45.152.112.15 port 51156 [preauth]
May  6 03:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Invalid user dev from 45.152.112.15
May  6 03:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: input_userauth_request: invalid user dev [preauth]
May  6 03:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Failed password for invalid user deploy from 45.152.112.15 port 51430 ssh2
May  6 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Failed password for invalid user dev from 45.152.112.15 port 47368 ssh2
May  6 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14140]: Connection closed by 45.152.112.15 port 51430 [preauth]
May  6 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Invalid user oscar from 45.152.112.15
May  6 03:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: input_userauth_request: invalid user oscar [preauth]
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session closed for user p13x
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14685]: Successful su for rubyman by root
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14685]: + ??? root:rubyman
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337822 of user rubyman.
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14685]: pam_unix(su:session): session closed for user rubyman
May  6 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337822.
May  6 03:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Connection closed by 45.152.112.15 port 47368 [preauth]
May  6 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Invalid user dolphinscheduler from 45.152.112.15
May  6 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session closed for user root
May  6 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session closed for user samftp
May  6 03:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Failed password for invalid user oscar from 45.152.112.15 port 37420 ssh2
May  6 03:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Failed password for invalid user dolphinscheduler from 45.152.112.15 port 45564 ssh2
May  6 03:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14471]: Connection closed by 45.152.112.15 port 37420 [preauth]
May  6 03:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14507]: Connection closed by 45.152.112.15 port 45564 [preauth]
May  6 03:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Invalid user pi from 45.152.112.15
May  6 03:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: input_userauth_request: invalid user pi [preauth]
May  6 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Invalid user hero from 96.92.63.243
May  6 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: input_userauth_request: invalid user hero [preauth]
May  6 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Failed password for invalid user hero from 96.92.63.243 port 34130 ssh2
May  6 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Received disconnect from 96.92.63.243 port 34130:11: Bye Bye [preauth]
May  6 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14928]: Disconnected from 96.92.63.243 port 34130 [preauth]
May  6 03:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Failed password for invalid user pi from 45.152.112.15 port 53414 ssh2
May  6 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14598]: Connection closed by 45.152.112.15 port 53414 [preauth]
May  6 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14964]: Did not receive identification string from 193.32.162.84
May  6 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13756]: pam_unix(cron:session): session closed for user root
May  6 03:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Invalid user dev from 45.152.112.15
May  6 03:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: input_userauth_request: invalid user dev [preauth]
May  6 03:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Invalid user oceanbase from 45.152.112.15
May  6 03:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: input_userauth_request: invalid user oceanbase [preauth]
May  6 03:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Failed password for invalid user dev from 45.152.112.15 port 50542 ssh2
May  6 03:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14914]: Connection closed by 45.152.112.15 port 50542 [preauth]
May  6 03:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Failed password for invalid user oceanbase from 45.152.112.15 port 50550 ssh2
May  6 03:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session closed for user root
May  6 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15036]: pam_unix(cron:session): session closed for user p13x
May  6 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: Successful su for rubyman by root
May  6 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: + ??? root:rubyman
May  6 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337824 of user rubyman.
May  6 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15096]: pam_unix(su:session): session closed for user rubyman
May  6 03:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337824.
May  6 03:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Connection closed by 45.152.112.15 port 50550 [preauth]
May  6 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12433]: pam_unix(cron:session): session closed for user root
May  6 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15037]: pam_unix(cron:session): session closed for user samftp
May  6 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: Invalid user lighthouse from 45.152.112.15
May  6 03:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: input_userauth_request: invalid user lighthouse [preauth]
May  6 03:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: Failed password for invalid user lighthouse from 45.152.112.15 port 48326 ssh2
May  6 03:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Failed password for root from 45.152.112.15 port 48330 ssh2
May  6 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15014]: Connection closed by 45.152.112.15 port 48326 [preauth]
May  6 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14175]: pam_unix(cron:session): session closed for user root
May  6 03:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Connection closed by 45.152.112.15 port 48330 [preauth]
May  6 03:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15430]: pam_unix(cron:session): session closed for user p13x
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15491]: Successful su for rubyman by root
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15491]: + ??? root:rubyman
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337829 of user rubyman.
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15491]: pam_unix(su:session): session closed for user rubyman
May  6 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337829.
May  6 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session closed for user root
May  6 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15431]: pam_unix(cron:session): session closed for user samftp
May  6 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Invalid user transfer from 180.252.231.212
May  6 03:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: input_userauth_request: invalid user transfer [preauth]
May  6 03:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Failed password for invalid user transfer from 180.252.231.212 port 54332 ssh2
May  6 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Received disconnect from 180.252.231.212 port 54332:11: Bye Bye [preauth]
May  6 03:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Disconnected from 180.252.231.212 port 54332 [preauth]
May  6 03:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: Failed password for root from 45.152.112.15 port 35670 ssh2
May  6 03:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15728]: Connection closed by 41.59.82.183 port 15798 [preauth]
May  6 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14616]: pam_unix(cron:session): session closed for user root
May  6 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: Connection closed by 45.152.112.15 port 35670 [preauth]
May  6 03:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Invalid user user from 45.152.112.15
May  6 03:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: input_userauth_request: invalid user user [preauth]
May  6 03:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Failed password for root from 45.152.112.15 port 54686 ssh2
May  6 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15377]: Connection closed by 45.152.112.15 port 54686 [preauth]
May  6 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Failed password for root from 45.152.112.15 port 54700 ssh2
May  6 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Failed password for invalid user user from 45.152.112.15 port 36764 ssh2
May  6 03:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Connection closed by 45.152.112.15 port 54700 [preauth]
May  6 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15410]: Connection closed by 45.152.112.15 port 36764 [preauth]
May  6 03:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15834]: pam_unix(cron:session): session closed for user p13x
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: Successful su for rubyman by root
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: + ??? root:rubyman
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337833 of user rubyman.
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15898]: pam_unix(su:session): session closed for user rubyman
May  6 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337833.
May  6 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Failed password for root from 45.152.112.15 port 45322 ssh2
May  6 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13238]: pam_unix(cron:session): session closed for user root
May  6 03:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15835]: pam_unix(cron:session): session closed for user samftp
May  6 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Connection closed by 45.152.112.15 port 45322 [preauth]
May  6 03:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Invalid user svnuser from 45.152.112.15
May  6 03:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: input_userauth_request: invalid user svnuser [preauth]
May  6 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Failed password for invalid user svnuser from 45.152.112.15 port 37758 ssh2
May  6 03:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for root from 218.92.0.179 port 20587 ssh2
May  6 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20587 ssh2]
May  6 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Received disconnect from 218.92.0.179 port 20587:11:  [preauth]
May  6 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Disconnected from 218.92.0.179 port 20587 [preauth]
May  6 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15827]: Connection closed by 45.152.112.15 port 37758 [preauth]
May  6 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Invalid user ftpuser from 45.152.112.15
May  6 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: input_userauth_request: invalid user ftpuser [preauth]
May  6 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user root
May  6 03:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Failed password for invalid user ftpuser from 45.152.112.15 port 37766 ssh2
May  6 03:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16060]: Connection closed by 45.152.112.15 port 37766 [preauth]
May  6 03:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Invalid user ubuntu from 45.152.112.15
May  6 03:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: input_userauth_request: invalid user ubuntu [preauth]
May  6 03:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Failed password for invalid user ubuntu from 45.152.112.15 port 49292 ssh2
May  6 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Connection closed by 45.152.112.15 port 49292 [preauth]
May  6 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session closed for user root
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session closed for user p13x
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: Successful su for rubyman by root
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: + ??? root:rubyman
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337839 of user rubyman.
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16299]: pam_unix(su:session): session closed for user rubyman
May  6 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337839.
May  6 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16235]: pam_unix(cron:session): session closed for user root
May  6 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
May  6 03:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session closed for user samftp
May  6 03:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Failed password for root from 45.152.112.15 port 48410 ssh2
May  6 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Invalid user esadmin from 45.152.112.15
May  6 03:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: input_userauth_request: invalid user esadmin [preauth]
May  6 03:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16143]: Connection closed by 45.152.112.15 port 48410 [preauth]
May  6 03:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user esadmin from 45.152.112.15 port 55346 ssh2
May  6 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15433]: pam_unix(cron:session): session closed for user root
May  6 03:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Connection closed by 45.152.112.15 port 55346 [preauth]
May  6 03:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Failed password for root from 45.152.112.15 port 55188 ssh2
May  6 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Invalid user flask from 45.152.112.15
May  6 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: input_userauth_request: invalid user flask [preauth]
May  6 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16222]: Connection closed by 45.152.112.15 port 55188 [preauth]
May  6 03:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Failed password for invalid user flask from 45.152.112.15 port 39954 ssh2
May  6 03:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Invalid user yang from 193.70.84.184
May  6 03:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: input_userauth_request: invalid user yang [preauth]
May  6 03:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 03:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Failed password for invalid user yang from 193.70.84.184 port 54316 ssh2
May  6 03:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Connection closed by 193.70.84.184 port 54316 [preauth]
May  6 03:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16616]: Connection closed by 45.152.112.15 port 39954 [preauth]
May  6 03:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: Connection closed by 41.59.82.183 port 15799 [preauth]
May  6 03:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Invalid user eric from 96.92.63.243
May  6 03:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: input_userauth_request: invalid user eric [preauth]
May  6 03:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Failed password for invalid user eric from 96.92.63.243 port 42612 ssh2
May  6 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Received disconnect from 96.92.63.243 port 42612:11: Bye Bye [preauth]
May  6 03:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16708]: Disconnected from 96.92.63.243 port 42612 [preauth]
May  6 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16720]: pam_unix(cron:session): session closed for user p13x
May  6 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16791]: Successful su for rubyman by root
May  6 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16791]: + ??? root:rubyman
May  6 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337844 of user rubyman.
May  6 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16791]: pam_unix(su:session): session closed for user rubyman
May  6 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337844.
May  6 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14174]: pam_unix(cron:session): session closed for user root
May  6 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16722]: pam_unix(cron:session): session closed for user samftp
May  6 03:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: Invalid user deploy from 45.152.112.15
May  6 03:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: input_userauth_request: invalid user deploy [preauth]
May  6 03:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: Failed password for invalid user deploy from 45.152.112.15 port 52688 ssh2
May  6 03:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16684]: Connection closed by 45.152.112.15 port 52688 [preauth]
May  6 03:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Failed password for root from 45.152.112.15 port 56504 ssh2
May  6 03:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15837]: pam_unix(cron:session): session closed for user root
May  6 03:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Connection closed by 45.152.112.15 port 56504 [preauth]
May  6 03:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: Failed password for root from 45.152.112.15 port 44872 ssh2
May  6 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user p13x
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: Successful su for rubyman by root
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: + ??? root:rubyman
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337847 of user rubyman.
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: pam_unix(su:session): session closed for user rubyman
May  6 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337847.
May  6 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17079]: Connection closed by 45.152.112.15 port 44872 [preauth]
May  6 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session closed for user root
May  6 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session closed for user samftp
May  6 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Invalid user oracle from 45.152.112.15
May  6 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: input_userauth_request: invalid user oracle [preauth]
May  6 03:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Failed password for invalid user oracle from 45.152.112.15 port 41378 ssh2
May  6 03:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Connection closed by 45.152.112.15 port 41378 [preauth]
May  6 03:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Invalid user rabbitmq from 45.152.112.15
May  6 03:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: input_userauth_request: invalid user rabbitmq [preauth]
May  6 03:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Failed password for invalid user rabbitmq from 45.152.112.15 port 44170 ssh2
May  6 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session closed for user root
May  6 03:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Connection closed by 45.152.112.15 port 44170 [preauth]
May  6 03:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for root from 45.152.112.15 port 41714 ssh2
May  6 03:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Connection closed by 45.152.112.15 port 41714 [preauth]
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17588]: pam_unix(cron:session): session closed for user p13x
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: Successful su for rubyman by root
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: + ??? root:rubyman
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337853 of user rubyman.
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17653]: pam_unix(su:session): session closed for user rubyman
May  6 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337853.
May  6 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15038]: pam_unix(cron:session): session closed for user root
May  6 03:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17589]: pam_unix(cron:session): session closed for user samftp
May  6 03:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Connection reset by 218.92.0.215 port 11476 [preauth]
May  6 03:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17569]: Failed password for root from 45.152.112.15 port 58188 ssh2
May  6 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Invalid user frappe from 186.96.145.241
May  6 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: input_userauth_request: invalid user frappe [preauth]
May  6 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 03:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17569]: Connection closed by 45.152.112.15 port 58188 [preauth]
May  6 03:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user frappe from 186.96.145.241 port 53912 ssh2
May  6 03:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Connection closed by 186.96.145.241 port 53912 [preauth]
May  6 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16725]: pam_unix(cron:session): session closed for user root
May  6 03:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Failed password for root from 45.152.112.15 port 41962 ssh2
May  6 03:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17949]: Connection closed by 45.152.112.15 port 41962 [preauth]
May  6 03:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18121]: pam_unix(cron:session): session closed for user p13x
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18183]: Successful su for rubyman by root
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18183]: + ??? root:rubyman
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337856 of user rubyman.
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18183]: pam_unix(su:session): session closed for user rubyman
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337856.
May  6 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Failed password for root from 45.152.112.15 port 38640 ssh2
May  6 03:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15432]: pam_unix(cron:session): session closed for user root
May  6 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18122]: pam_unix(cron:session): session closed for user samftp
May  6 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: Invalid user null from 180.252.231.212
May  6 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: input_userauth_request: invalid user null [preauth]
May  6 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 03:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: Failed password for invalid user null from 180.252.231.212 port 55890 ssh2
May  6 03:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: Received disconnect from 180.252.231.212 port 55890:11: Bye Bye [preauth]
May  6 03:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18374]: Disconnected from 180.252.231.212 port 55890 [preauth]
May  6 03:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18065]: Connection closed by 45.152.112.15 port 38640 [preauth]
May  6 03:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Invalid user wang from 45.152.112.15
May  6 03:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: input_userauth_request: invalid user wang [preauth]
May  6 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Failed password for invalid user wang from 45.152.112.15 port 38646 ssh2
May  6 03:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18088]: Connection closed by 45.152.112.15 port 38646 [preauth]
May  6 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: Invalid user hadoop from 45.152.112.15
May  6 03:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: input_userauth_request: invalid user hadoop [preauth]
May  6 03:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: Failed password for invalid user hadoop from 45.152.112.15 port 40788 ssh2
May  6 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17167]: pam_unix(cron:session): session closed for user root
May  6 03:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18300]: Connection closed by 45.152.112.15 port 40788 [preauth]
May  6 03:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: Invalid user elasticsearch from 45.152.112.15
May  6 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 03:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18543]: pam_unix(cron:session): session closed for user root
May  6 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18538]: pam_unix(cron:session): session closed for user p13x
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: Successful su for rubyman by root
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: + ??? root:rubyman
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337862 of user rubyman.
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18607]: pam_unix(su:session): session closed for user rubyman
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337862.
May  6 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Failed password for root from 45.152.112.15 port 44570 ssh2
May  6 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18540]: pam_unix(cron:session): session closed for user root
May  6 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15836]: pam_unix(cron:session): session closed for user root
May  6 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18539]: pam_unix(cron:session): session closed for user samftp
May  6 03:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: Failed password for invalid user elasticsearch from 45.152.112.15 port 53780 ssh2
May  6 03:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Connection closed by 45.152.112.15 port 44570 [preauth]
May  6 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: User ftp from 45.152.112.15 not allowed because not listed in AllowUsers
May  6 03:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: input_userauth_request: invalid user ftp [preauth]
May  6 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18447]: Connection closed by 45.152.112.15 port 53780 [preauth]
May  6 03:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session closed for user root
May  6 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Invalid user shin from 96.92.63.243
May  6 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: input_userauth_request: invalid user shin [preauth]
May  6 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Failed password for invalid user shin from 96.92.63.243 port 51128 ssh2
May  6 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Received disconnect from 96.92.63.243 port 51128:11: Bye Bye [preauth]
May  6 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18900]: Disconnected from 96.92.63.243 port 51128 [preauth]
May  6 03:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=ftp
May  6 03:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: Failed password for invalid user ftp from 45.152.112.15 port 54648 ssh2
May  6 03:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Invalid user uftp from 45.152.112.15
May  6 03:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: input_userauth_request: invalid user uftp [preauth]
May  6 03:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18497]: Connection closed by 45.152.112.15 port 54648 [preauth]
May  6 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Invalid user awsgui from 45.152.112.15
May  6 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: input_userauth_request: invalid user awsgui [preauth]
May  6 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Failed password for invalid user uftp from 45.152.112.15 port 58136 ssh2
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session closed for user p13x
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: Successful su for rubyman by root
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: + ??? root:rubyman
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337867 of user rubyman.
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session closed for user rubyman
May  6 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337867.
May  6 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session closed for user root
May  6 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18980]: pam_unix(cron:session): session closed for user samftp
May  6 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Failed password for invalid user awsgui from 45.152.112.15 port 57554 ssh2
May  6 03:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Connection closed by 45.152.112.15 port 58136 [preauth]
May  6 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Invalid user dolphinscheduler from 45.152.112.15
May  6 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 03:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18828]: Connection closed by 45.152.112.15 port 57554 [preauth]
May  6 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Failed password for invalid user dolphinscheduler from 45.152.112.15 port 36138 ssh2
May  6 03:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Connection closed by 45.152.112.15 port 36138 [preauth]
May  6 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18124]: pam_unix(cron:session): session closed for user root
May  6 03:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session closed for user p13x
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: Successful su for rubyman by root
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: + ??? root:rubyman
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337869 of user rubyman.
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: pam_unix(su:session): session closed for user rubyman
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337869.
May  6 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: Failed password for root from 45.152.112.15 port 49586 ssh2
May  6 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Invalid user yarn from 45.152.112.15
May  6 03:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: input_userauth_request: invalid user yarn [preauth]
May  6 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16724]: pam_unix(cron:session): session closed for user root
May  6 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session closed for user samftp
May  6 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: Invalid user test2 from 45.152.112.15
May  6 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: input_userauth_request: invalid user test2 [preauth]
May  6 03:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19254]: Connection closed by 45.152.112.15 port 49586 [preauth]
May  6 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Failed password for invalid user yarn from 45.152.112.15 port 49614 ssh2
May  6 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: Failed password for invalid user test2 from 45.152.112.15 port 50114 ssh2
May  6 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Invalid user oracle from 45.152.112.15
May  6 03:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: input_userauth_request: invalid user oracle [preauth]
May  6 03:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Connection closed by 45.152.112.15 port 49614 [preauth]
May  6 03:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: Connection closed by 45.152.112.15 port 50114 [preauth]
May  6 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Failed password for invalid user oracle from 45.152.112.15 port 46586 ssh2
May  6 03:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18542]: pam_unix(cron:session): session closed for user root
May  6 03:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Connection closed by 45.152.112.15 port 46586 [preauth]
May  6 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Invalid user guest from 45.152.112.15
May  6 03:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: input_userauth_request: invalid user guest [preauth]
May  6 03:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  6 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Failed password for root from 190.103.202.7 port 54964 ssh2
May  6 03:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19802]: Connection closed by 190.103.202.7 port 54964 [preauth]
May  6 03:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Invalid user wang from 45.152.112.15
May  6 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: input_userauth_request: invalid user wang [preauth]
May  6 03:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Failed password for invalid user guest from 45.152.112.15 port 33698 ssh2
May  6 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Failed password for invalid user wang from 45.152.112.15 port 35472 ssh2
May  6 03:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Connection closed by 45.152.112.15 port 33698 [preauth]
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19834]: pam_unix(cron:session): session closed for user p13x
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: Successful su for rubyman by root
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: + ??? root:rubyman
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337874 of user rubyman.
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19895]: pam_unix(su:session): session closed for user rubyman
May  6 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337874.
May  6 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19732]: Connection closed by 45.152.112.15 port 35472 [preauth]
May  6 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session closed for user root
May  6 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19835]: pam_unix(cron:session): session closed for user samftp
May  6 03:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Invalid user www from 45.152.112.15
May  6 03:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: input_userauth_request: invalid user www [preauth]
May  6 03:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Failed password for invalid user www from 45.152.112.15 port 50356 ssh2
May  6 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20126]: Connection closed by 41.59.82.183 port 15804 [preauth]
May  6 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104  user=root
May  6 03:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19813]: Failed password for root from 23.94.179.104 port 38072 ssh2
May  6 03:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19813]: Connection closed by 23.94.179.104 port 38072 [preauth]
May  6 03:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Connection closed by 45.152.112.15 port 50356 [preauth]
May  6 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session closed for user root
May  6 03:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: Invalid user nexus from 45.152.112.15
May  6 03:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: input_userauth_request: invalid user nexus [preauth]
May  6 03:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: Failed password for root from 45.152.112.15 port 59306 ssh2
May  6 03:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: Failed password for invalid user nexus from 45.152.112.15 port 59322 ssh2
May  6 03:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20092]: Connection closed by 45.152.112.15 port 59306 [preauth]
May  6 03:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: Connection closed by 45.152.112.15 port 59322 [preauth]
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session closed for user p13x
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: Successful su for rubyman by root
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: + ??? root:rubyman
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337878 of user rubyman.
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20305]: pam_unix(su:session): session closed for user rubyman
May  6 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337878.
May  6 03:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: Invalid user app from 45.152.112.15
May  6 03:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: input_userauth_request: invalid user app [preauth]
May  6 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17590]: pam_unix(cron:session): session closed for user root
May  6 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session closed for user samftp
May  6 03:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: Failed password for invalid user app from 45.152.112.15 port 45304 ssh2
May  6 03:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20196]: Connection closed by 45.152.112.15 port 45304 [preauth]
May  6 03:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Invalid user nvidia from 45.152.112.15
May  6 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: input_userauth_request: invalid user nvidia [preauth]
May  6 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session closed for user root
May  6 03:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Failed password for invalid user nvidia from 45.152.112.15 port 44106 ssh2
May  6 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Connection closed by 45.152.112.15 port 44106 [preauth]
May  6 03:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Failed password for root from 45.152.112.15 port 44120 ssh2
May  6 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20658]: pam_unix(cron:session): session closed for user root
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20653]: pam_unix(cron:session): session closed for user p13x
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: Successful su for rubyman by root
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: + ??? root:rubyman
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337884 of user rubyman.
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20724]: pam_unix(su:session): session closed for user rubyman
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337884.
May  6 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20521]: Connection closed by 45.152.112.15 port 44120 [preauth]
May  6 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20655]: pam_unix(cron:session): session closed for user root
May  6 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18123]: pam_unix(cron:session): session closed for user root
May  6 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Invalid user chia from 180.252.231.212
May  6 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: input_userauth_request: invalid user chia [preauth]
May  6 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20654]: pam_unix(cron:session): session closed for user samftp
May  6 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Failed password for invalid user chia from 180.252.231.212 port 45982 ssh2
May  6 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Received disconnect from 180.252.231.212 port 45982:11: Bye Bye [preauth]
May  6 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20920]: Disconnected from 180.252.231.212 port 45982 [preauth]
May  6 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Invalid user mangesh from 96.92.63.243
May  6 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: input_userauth_request: invalid user mangesh [preauth]
May  6 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Failed password for invalid user mangesh from 96.92.63.243 port 59646 ssh2
May  6 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Received disconnect from 96.92.63.243 port 59646:11: Bye Bye [preauth]
May  6 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Disconnected from 96.92.63.243 port 59646 [preauth]
May  6 03:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15  user=root
May  6 03:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Failed password for root from 45.152.112.15 port 60522 ssh2
May  6 03:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20604]: Connection closed by 45.152.112.15 port 60522 [preauth]
May  6 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19837]: pam_unix(cron:session): session closed for user root
May  6 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Invalid user es from 45.152.112.15
May  6 03:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: input_userauth_request: invalid user es [preauth]
May  6 03:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Failed password for invalid user es from 45.152.112.15 port 52392 ssh2
May  6 03:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21052]: Connection closed by 41.59.82.183 port 15805 [preauth]
May  6 03:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Invalid user sugi from 45.152.112.15
May  6 03:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: input_userauth_request: invalid user sugi [preauth]
May  6 03:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20762]: Connection closed by 45.152.112.15 port 52392 [preauth]
May  6 03:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.152.112.15
May  6 03:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Failed password for invalid user sugi from 45.152.112.15 port 42362 ssh2
May  6 03:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20984]: Connection closed by 45.152.112.15 port 42362 [preauth]
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user p13x
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: Successful su for rubyman by root
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: + ??? root:rubyman
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337887 of user rubyman.
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session closed for user rubyman
May  6 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337887.
May  6 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18541]: pam_unix(cron:session): session closed for user root
May  6 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user samftp
May  6 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Invalid user admin from 139.19.117.131
May  6 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: input_userauth_request: invalid user admin [preauth]
May  6 03:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Connection closed by 139.19.117.131 port 54116 [preauth]
May  6 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session closed for user root
May  6 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Invalid user ubnt from 80.94.95.241
May  6 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: input_userauth_request: invalid user ubnt [preauth]
May  6 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user ubnt from 80.94.95.241 port 17633 ssh2
May  6 03:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user ubnt from 80.94.95.241 port 17633 ssh2
May  6 03:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user ubnt from 80.94.95.241 port 17633 ssh2
May  6 03:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user ubnt from 80.94.95.241 port 17633 ssh2
May  6 03:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user ubnt from 80.94.95.241 port 17633 ssh2
May  6 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Received disconnect from 80.94.95.241 port 17633:11: Bye [preauth]
May  6 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Disconnected from 80.94.95.241 port 17633 [preauth]
May  6 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 03:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21555]: pam_unix(cron:session): session closed for user p13x
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: Successful su for rubyman by root
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: + ??? root:rubyman
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337892 of user rubyman.
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21626]: pam_unix(su:session): session closed for user rubyman
May  6 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337892.
May  6 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18981]: pam_unix(cron:session): session closed for user root
May  6 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21556]: pam_unix(cron:session): session closed for user samftp
May  6 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20657]: pam_unix(cron:session): session closed for user root
May  6 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22295]: pam_unix(cron:session): session closed for user p13x
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22365]: Successful su for rubyman by root
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22365]: + ??? root:rubyman
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337896 of user rubyman.
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22365]: pam_unix(su:session): session closed for user rubyman
May  6 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337896.
May  6 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user root
May  6 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22296]: pam_unix(cron:session): session closed for user samftp
May  6 03:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21110]: pam_unix(cron:session): session closed for user root
May  6 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session closed for user p13x
May  6 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22828]: Successful su for rubyman by root
May  6 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22828]: + ??? root:rubyman
May  6 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337899 of user rubyman.
May  6 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22828]: pam_unix(su:session): session closed for user rubyman
May  6 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337899.
May  6 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19836]: pam_unix(cron:session): session closed for user root
May  6 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user samftp
May  6 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21558]: pam_unix(cron:session): session closed for user root
May  6 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Invalid user postgres from 96.92.63.243
May  6 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: input_userauth_request: invalid user postgres [preauth]
May  6 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Failed password for invalid user postgres from 96.92.63.243 port 39892 ssh2
May  6 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Received disconnect from 96.92.63.243 port 39892:11: Bye Bye [preauth]
May  6 03:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Disconnected from 96.92.63.243 port 39892 [preauth]
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23220]: pam_unix(cron:session): session closed for user root
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23214]: pam_unix(cron:session): session closed for user p13x
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23284]: Successful su for rubyman by root
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23284]: + ??? root:rubyman
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337905 of user rubyman.
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23284]: pam_unix(su:session): session closed for user rubyman
May  6 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337905.
May  6 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23217]: pam_unix(cron:session): session closed for user root
May  6 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session closed for user root
May  6 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23216]: pam_unix(cron:session): session closed for user samftp
May  6 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session closed for user root
May  6 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: Invalid user anonymous from 190.103.202.7
May  6 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: input_userauth_request: invalid user anonymous [preauth]
May  6 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 03:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: Failed password for invalid user anonymous from 190.103.202.7 port 53360 ssh2
May  6 03:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23717]: Connection closed by 190.103.202.7 port 53360 [preauth]
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23738]: pam_unix(cron:session): session closed for user p13x
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23908]: Successful su for rubyman by root
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23908]: + ??? root:rubyman
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337910 of user rubyman.
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23908]: pam_unix(su:session): session closed for user rubyman
May  6 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337910.
May  6 03:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Invalid user administrator from 180.252.231.212
May  6 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: input_userauth_request: invalid user administrator [preauth]
May  6 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.252.231.212
May  6 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20656]: pam_unix(cron:session): session closed for user root
May  6 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23739]: pam_unix(cron:session): session closed for user samftp
May  6 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Failed password for invalid user administrator from 180.252.231.212 port 47642 ssh2
May  6 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Received disconnect from 180.252.231.212 port 47642:11: Bye Bye [preauth]
May  6 03:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Disconnected from 180.252.231.212 port 47642 [preauth]
May  6 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user root
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24275]: pam_unix(cron:session): session closed for user p13x
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: Successful su for rubyman by root
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: + ??? root:rubyman
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337914 of user rubyman.
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24346]: pam_unix(su:session): session closed for user rubyman
May  6 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337914.
May  6 03:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21108]: pam_unix(cron:session): session closed for user root
May  6 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: Invalid user postgres from 82.207.8.218
May  6 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: input_userauth_request: invalid user postgres [preauth]
May  6 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session closed for user samftp
May  6 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: Failed password for invalid user postgres from 82.207.8.218 port 34783 ssh2
May  6 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: Received disconnect from 82.207.8.218 port 34783:11: Bye Bye [preauth]
May  6 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24523]: Disconnected from 82.207.8.218 port 34783 [preauth]
May  6 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23219]: pam_unix(cron:session): session closed for user root
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24721]: pam_unix(cron:session): session closed for user p13x
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: Successful su for rubyman by root
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: + ??? root:rubyman
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337917 of user rubyman.
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session closed for user rubyman
May  6 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337917.
May  6 03:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21557]: pam_unix(cron:session): session closed for user root
May  6 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24722]: pam_unix(cron:session): session closed for user samftp
May  6 03:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23741]: pam_unix(cron:session): session closed for user root
May  6 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80  user=root
May  6 03:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Failed password for root from 14.103.127.80 port 36024 ssh2
May  6 03:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Received disconnect from 14.103.127.80 port 36024:11: Bye Bye [preauth]
May  6 03:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Disconnected from 14.103.127.80 port 36024 [preauth]
May  6 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25127]: pam_unix(cron:session): session closed for user p13x
May  6 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: Successful su for rubyman by root
May  6 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: + ??? root:rubyman
May  6 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337921 of user rubyman.
May  6 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: pam_unix(su:session): session closed for user rubyman
May  6 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337921.
May  6 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25125]: pam_unix(cron:session): session closed for user root
May  6 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22297]: pam_unix(cron:session): session closed for user root
May  6 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25128]: pam_unix(cron:session): session closed for user samftp
May  6 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243  user=root
May  6 03:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39  user=root
May  6 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Failed password for root from 96.92.63.243 port 48422 ssh2
May  6 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Received disconnect from 96.92.63.243 port 48422:11: Bye Bye [preauth]
May  6 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25515]: Disconnected from 96.92.63.243 port 48422 [preauth]
May  6 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: Failed password for root from 181.176.62.39 port 56006 ssh2
May  6 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: Received disconnect from 181.176.62.39 port 56006:11: Bye Bye [preauth]
May  6 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: Disconnected from 181.176.62.39 port 56006 [preauth]
May  6 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24280]: pam_unix(cron:session): session closed for user root
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25675]: pam_unix(cron:session): session closed for user root
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user p13x
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25761]: Successful su for rubyman by root
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25761]: + ??? root:rubyman
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337928 of user rubyman.
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25761]: pam_unix(su:session): session closed for user rubyman
May  6 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337928.
May  6 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session closed for user root
May  6 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session closed for user root
May  6 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user samftp
May  6 03:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 03:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Failed password for root from 63.41.9.206 port 47618 ssh2
May  6 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Received disconnect from 63.41.9.206 port 47618:11: Bye Bye [preauth]
May  6 03:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26040]: Disconnected from 63.41.9.206 port 47618 [preauth]
May  6 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Failed password for root from 171.244.40.20 port 47524 ssh2
May  6 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Received disconnect from 171.244.40.20 port 47524:11: Bye Bye [preauth]
May  6 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26042]: Disconnected from 171.244.40.20 port 47524 [preauth]
May  6 03:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24724]: pam_unix(cron:session): session closed for user root
May  6 03:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Connection closed by 41.59.82.183 port 15808 [preauth]
May  6 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for root from 218.92.0.179 port 23482 ssh2
May  6 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session closed for user p13x
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26244]: Successful su for rubyman by root
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26244]: + ??? root:rubyman
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337932 of user rubyman.
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26244]: pam_unix(su:session): session closed for user rubyman
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337932.
May  6 03:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for root from 218.92.0.179 port 23482 ssh2
May  6 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23218]: pam_unix(cron:session): session closed for user root
May  6 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Failed password for root from 218.92.0.179 port 23482 ssh2
May  6 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Received disconnect from 218.92.0.179 port 23482:11:  [preauth]
May  6 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: Disconnected from 218.92.0.179 port 23482 [preauth]
May  6 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26165]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session closed for user samftp
May  6 03:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: Did not receive identification string from 64.226.104.210
May  6 03:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25130]: pam_unix(cron:session): session closed for user root
May  6 03:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26563]: Connection closed by 138.68.64.224 port 53580 [preauth]
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26657]: pam_unix(cron:session): session closed for user p13x
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26722]: Successful su for rubyman by root
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26722]: + ??? root:rubyman
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337936 of user rubyman.
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26722]: pam_unix(su:session): session closed for user rubyman
May  6 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337936.
May  6 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23740]: pam_unix(cron:session): session closed for user root
May  6 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26660]: pam_unix(cron:session): session closed for user samftp
May  6 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25674]: pam_unix(cron:session): session closed for user root
May  6 03:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27128]: pam_unix(cron:session): session closed for user p13x
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27195]: Successful su for rubyman by root
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27195]: + ??? root:rubyman
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337940 of user rubyman.
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27195]: pam_unix(su:session): session closed for user rubyman
May  6 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337940.
May  6 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session closed for user root
May  6 03:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27129]: pam_unix(cron:session): session closed for user samftp
May  6 03:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 03:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Failed password for root from 128.201.165.54 port 34648 ssh2
May  6 03:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Received disconnect from 128.201.165.54 port 34648:11: Bye Bye [preauth]
May  6 03:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27416]: Disconnected from 128.201.165.54 port 34648 [preauth]
May  6 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26179]: pam_unix(cron:session): session closed for user root
May  6 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27610]: pam_unix(cron:session): session closed for user p13x
May  6 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: Successful su for rubyman by root
May  6 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: + ??? root:rubyman
May  6 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337945 of user rubyman.
May  6 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27675]: pam_unix(su:session): session closed for user rubyman
May  6 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337945.
May  6 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24723]: pam_unix(cron:session): session closed for user root
May  6 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27611]: pam_unix(cron:session): session closed for user samftp
May  6 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Invalid user yash from 194.1.184.72
May  6 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: input_userauth_request: invalid user yash [preauth]
May  6 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Failed password for invalid user yash from 194.1.184.72 port 45738 ssh2
May  6 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Received disconnect from 194.1.184.72 port 45738:11: Bye Bye [preauth]
May  6 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27840]: Disconnected from 194.1.184.72 port 45738 [preauth]
May  6 03:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243  user=root
May  6 03:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: Failed password for root from 96.92.63.243 port 56954 ssh2
May  6 03:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: Received disconnect from 96.92.63.243 port 56954:11: Bye Bye [preauth]
May  6 03:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: Disconnected from 96.92.63.243 port 56954 [preauth]
May  6 03:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26664]: pam_unix(cron:session): session closed for user root
May  6 03:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Invalid user tg from 103.9.211.159
May  6 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: input_userauth_request: invalid user tg [preauth]
May  6 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 03:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for invalid user tg from 103.9.211.159 port 35730 ssh2
May  6 03:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Received disconnect from 103.9.211.159 port 35730:11: Bye Bye [preauth]
May  6 03:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Disconnected from 103.9.211.159 port 35730 [preauth]
May  6 03:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Invalid user vignesh from 14.103.127.80
May  6 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: input_userauth_request: invalid user vignesh [preauth]
May  6 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Failed password for invalid user vignesh from 14.103.127.80 port 49108 ssh2
May  6 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Received disconnect from 14.103.127.80 port 49108:11: Bye Bye [preauth]
May  6 03:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28012]: Disconnected from 14.103.127.80 port 49108 [preauth]
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28030]: pam_unix(cron:session): session closed for user root
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28025]: pam_unix(cron:session): session closed for user p13x
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28095]: Successful su for rubyman by root
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28095]: + ??? root:rubyman
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337950 of user rubyman.
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28095]: pam_unix(su:session): session closed for user rubyman
May  6 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337950.
May  6 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25129]: pam_unix(cron:session): session closed for user root
May  6 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session closed for user root
May  6 03:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session closed for user samftp
May  6 03:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session closed for user root
May  6 03:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: User bin from 82.207.8.218 not allowed because not listed in AllowUsers
May  6 03:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: input_userauth_request: invalid user bin [preauth]
May  6 03:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218  user=bin
May  6 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Failed password for invalid user bin from 82.207.8.218 port 59467 ssh2
May  6 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Received disconnect from 82.207.8.218 port 59467:11: Bye Bye [preauth]
May  6 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28411]: Disconnected from 82.207.8.218 port 59467 [preauth]
May  6 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28462]: pam_unix(cron:session): session closed for user p13x
May  6 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: Successful su for rubyman by root
May  6 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: + ??? root:rubyman
May  6 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337955 of user rubyman.
May  6 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28533]: pam_unix(su:session): session closed for user rubyman
May  6 03:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337955.
May  6 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25669]: pam_unix(cron:session): session closed for user root
May  6 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28463]: pam_unix(cron:session): session closed for user samftp
May  6 03:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27614]: pam_unix(cron:session): session closed for user root
May  6 03:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28785]: Connection closed by 66.240.236.109 port 49892 [preauth]
May  6 03:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Invalid user cubrid from 157.10.161.187
May  6 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: input_userauth_request: invalid user cubrid [preauth]
May  6 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Failed password for invalid user cubrid from 157.10.161.187 port 44758 ssh2
May  6 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Received disconnect from 157.10.161.187 port 44758:11: Bye Bye [preauth]
May  6 03:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Disconnected from 157.10.161.187 port 44758 [preauth]
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28867]: pam_unix(cron:session): session closed for user p13x
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28935]: Successful su for rubyman by root
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28935]: + ??? root:rubyman
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337959 of user rubyman.
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28935]: pam_unix(su:session): session closed for user rubyman
May  6 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337959.
May  6 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26178]: pam_unix(cron:session): session closed for user root
May  6 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28868]: pam_unix(cron:session): session closed for user samftp
May  6 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39  user=root
May  6 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: Failed password for root from 181.176.62.39 port 36532 ssh2
May  6 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: Received disconnect from 181.176.62.39 port 36532:11: Bye Bye [preauth]
May  6 03:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: Disconnected from 181.176.62.39 port 36532 [preauth]
May  6 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28029]: pam_unix(cron:session): session closed for user root
May  6 03:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29354]: Connection closed by 41.59.82.183 port 15811 [preauth]
May  6 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session closed for user p13x
May  6 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29448]: Successful su for rubyman by root
May  6 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29448]: + ??? root:rubyman
May  6 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337962 of user rubyman.
May  6 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29448]: pam_unix(su:session): session closed for user rubyman
May  6 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337962.
May  6 03:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26662]: pam_unix(cron:session): session closed for user root
May  6 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session closed for user samftp
May  6 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28466]: pam_unix(cron:session): session closed for user root
May  6 03:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Invalid user int from 96.92.63.243
May  6 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: input_userauth_request: invalid user int [preauth]
May  6 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Failed password for invalid user int from 96.92.63.243 port 37196 ssh2
May  6 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Received disconnect from 96.92.63.243 port 37196:11: Bye Bye [preauth]
May  6 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Disconnected from 96.92.63.243 port 37196 [preauth]
May  6 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Invalid user admin from 80.94.95.125
May  6 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: input_userauth_request: invalid user admin [preauth]
May  6 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 03:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user admin from 80.94.95.125 port 23464 ssh2
May  6 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user admin from 80.94.95.125 port 23464 ssh2
May  6 03:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user admin from 80.94.95.125 port 23464 ssh2
May  6 03:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user admin from 80.94.95.125 port 23464 ssh2
May  6 03:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user admin from 80.94.95.125 port 23464 ssh2
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session closed for user p13x
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Received disconnect from 80.94.95.125 port 23464:11: Bye [preauth]
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Disconnected from 80.94.95.125 port 23464 [preauth]
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: Successful su for rubyman by root
May  6 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: + ??? root:rubyman
May  6 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337967 of user rubyman.
May  6 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29855]: pam_unix(su:session): session closed for user rubyman
May  6 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337967.
May  6 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27131]: pam_unix(cron:session): session closed for user root
May  6 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user samftp
May  6 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Invalid user amandabackup from 63.41.9.206
May  6 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: input_userauth_request: invalid user amandabackup [preauth]
May  6 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Failed password for invalid user amandabackup from 63.41.9.206 port 43432 ssh2
May  6 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Received disconnect from 63.41.9.206 port 43432:11: Bye Bye [preauth]
May  6 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Disconnected from 63.41.9.206 port 43432 [preauth]
May  6 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28870]: pam_unix(cron:session): session closed for user root
May  6 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Invalid user admin from 80.94.95.112
May  6 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: input_userauth_request: invalid user admin [preauth]
May  6 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 03:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user admin from 80.94.95.112 port 47091 ssh2
May  6 03:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user admin from 80.94.95.112 port 47091 ssh2
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session closed for user root
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session closed for user p13x
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: Successful su for rubyman by root
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: + ??? root:rubyman
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337972 of user rubyman.
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30258]: pam_unix(su:session): session closed for user rubyman
May  6 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337972.
May  6 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user admin from 80.94.95.112 port 47091 ssh2
May  6 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session closed for user root
May  6 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27613]: pam_unix(cron:session): session closed for user root
May  6 03:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user admin from 80.94.95.112 port 47091 ssh2
May  6 03:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user admin from 80.94.95.112 port 47091 ssh2
May  6 03:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30195]: pam_unix(cron:session): session closed for user samftp
May  6 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Received disconnect from 80.94.95.112 port 47091:11: Bye [preauth]
May  6 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Disconnected from 80.94.95.112 port 47091 [preauth]
May  6 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 03:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Invalid user eumpost from 82.207.8.218
May  6 03:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: input_userauth_request: invalid user eumpost [preauth]
May  6 03:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Failed password for invalid user eumpost from 82.207.8.218 port 12374 ssh2
May  6 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Received disconnect from 82.207.8.218 port 12374:11: Bye Bye [preauth]
May  6 03:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Disconnected from 82.207.8.218 port 12374 [preauth]
May  6 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29388]: pam_unix(cron:session): session closed for user root
May  6 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Invalid user linda from 171.244.40.20
May  6 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: input_userauth_request: invalid user linda [preauth]
May  6 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for invalid user linda from 171.244.40.20 port 47628 ssh2
May  6 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Received disconnect from 171.244.40.20 port 47628:11: Bye Bye [preauth]
May  6 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Disconnected from 171.244.40.20 port 47628 [preauth]
May  6 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session closed for user p13x
May  6 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30694]: Successful su for rubyman by root
May  6 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30694]: + ??? root:rubyman
May  6 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337976 of user rubyman.
May  6 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30694]: pam_unix(su:session): session closed for user rubyman
May  6 03:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337976.
May  6 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28028]: pam_unix(cron:session): session closed for user root
May  6 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session closed for user samftp
May  6 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Invalid user cuckoo from 14.103.127.80
May  6 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: input_userauth_request: invalid user cuckoo [preauth]
May  6 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80
May  6 03:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Failed password for invalid user cuckoo from 14.103.127.80 port 39310 ssh2
May  6 03:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Received disconnect from 14.103.127.80 port 39310:11: Bye Bye [preauth]
May  6 03:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30872]: Disconnected from 14.103.127.80 port 39310 [preauth]
May  6 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session closed for user root
May  6 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: Failed password for root from 218.92.0.179 port 46334 ssh2
May  6 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 46334 ssh2]
May  6 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: Received disconnect from 218.92.0.179 port 46334:11:  [preauth]
May  6 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: Disconnected from 218.92.0.179 port 46334 [preauth]
May  6 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31075]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31128]: pam_unix(cron:session): session closed for user p13x
May  6 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: Successful su for rubyman by root
May  6 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: + ??? root:rubyman
May  6 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337981 of user rubyman.
May  6 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31195]: pam_unix(su:session): session closed for user rubyman
May  6 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337981.
May  6 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28465]: pam_unix(cron:session): session closed for user root
May  6 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31129]: pam_unix(cron:session): session closed for user samftp
May  6 03:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 03:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Failed password for root from 194.1.184.72 port 35410 ssh2
May  6 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Received disconnect from 194.1.184.72 port 35410:11: Bye Bye [preauth]
May  6 03:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31385]: Disconnected from 194.1.184.72 port 35410 [preauth]
May  6 03:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Invalid user azure from 128.201.165.54
May  6 03:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: input_userauth_request: invalid user azure [preauth]
May  6 03:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Failed password for invalid user azure from 128.201.165.54 port 32788 ssh2
May  6 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Received disconnect from 128.201.165.54 port 32788:11: Bye Bye [preauth]
May  6 03:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Disconnected from 128.201.165.54 port 32788 [preauth]
May  6 03:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user root
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31539]: pam_unix(cron:session): session closed for user p13x
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31604]: Successful su for rubyman by root
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31604]: + ??? root:rubyman
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337984 of user rubyman.
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31604]: pam_unix(su:session): session closed for user rubyman
May  6 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337984.
May  6 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session closed for user root
May  6 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31540]: pam_unix(cron:session): session closed for user samftp
May  6 03:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Failed password for root from 103.9.211.159 port 56130 ssh2
May  6 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Received disconnect from 103.9.211.159 port 56130:11: Bye Bye [preauth]
May  6 03:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31814]: Disconnected from 103.9.211.159 port 56130 [preauth]
May  6 03:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: Invalid user dev from 181.176.62.39
May  6 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: input_userauth_request: invalid user dev [preauth]
May  6 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: Failed password for invalid user dev from 181.176.62.39 port 46516 ssh2
May  6 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: Received disconnect from 181.176.62.39 port 46516:11: Bye Bye [preauth]
May  6 03:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31833]: Disconnected from 181.176.62.39 port 46516 [preauth]
May  6 03:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Invalid user haichao from 96.92.63.243
May  6 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: input_userauth_request: invalid user haichao [preauth]
May  6 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Failed password for invalid user haichao from 96.92.63.243 port 45702 ssh2
May  6 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Received disconnect from 96.92.63.243 port 45702:11: Bye Bye [preauth]
May  6 03:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31857]: Disconnected from 96.92.63.243 port 45702 [preauth]
May  6 03:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session closed for user root
May  6 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Failed password for root from 157.10.161.187 port 41694 ssh2
May  6 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Received disconnect from 157.10.161.187 port 41694:11: Bye Bye [preauth]
May  6 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31891]: Disconnected from 157.10.161.187 port 41694 [preauth]
May  6 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session closed for user p13x
May  6 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: Successful su for rubyman by root
May  6 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: + ??? root:rubyman
May  6 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337989 of user rubyman.
May  6 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: pam_unix(su:session): session closed for user rubyman
May  6 03:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337989.
May  6 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session closed for user root
May  6 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user samftp
May  6 03:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Failed password for root from 218.92.0.215 port 6248 ssh2
May  6 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31131]: pam_unix(cron:session): session closed for user root
May  6 03:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 03:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Failed password for root from 218.92.0.215 port 54010 ssh2
May  6 03:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Failed password for root from 218.92.0.215 port 54010 ssh2
May  6 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Connection reset by 218.92.0.215 port 54010 [preauth]
May  6 03:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: Invalid user hive from 201.249.87.203
May  6 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: input_userauth_request: invalid user hive [preauth]
May  6 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 03:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: Failed password for invalid user hive from 201.249.87.203 port 59350 ssh2
May  6 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: Received disconnect from 201.249.87.203 port 59350:11: Bye Bye [preauth]
May  6 03:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[328]: Disconnected from 201.249.87.203 port 59350 [preauth]
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[357]: pam_unix(cron:session): session closed for user root
May  6 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user p13x
May  6 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: Successful su for rubyman by root
May  6 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: + ??? root:rubyman
May  6 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337994 of user rubyman.
May  6 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[465]: pam_unix(su:session): session closed for user rubyman
May  6 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337994.
May  6 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user root
May  6 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29793]: pam_unix(cron:session): session closed for user root
May  6 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session closed for user samftp
May  6 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Invalid user lq from 82.207.8.218
May  6 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: input_userauth_request: invalid user lq [preauth]
May  6 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Failed password for invalid user lq from 82.207.8.218 port 29856 ssh2
May  6 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Received disconnect from 82.207.8.218 port 29856:11: Bye Bye [preauth]
May  6 03:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[713]: Disconnected from 82.207.8.218 port 29856 [preauth]
May  6 03:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Invalid user yuanenming from 63.41.9.206
May  6 03:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: input_userauth_request: invalid user yuanenming [preauth]
May  6 03:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 03:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Failed password for invalid user yuanenming from 63.41.9.206 port 33185 ssh2
May  6 03:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Received disconnect from 63.41.9.206 port 33185:11: Bye Bye [preauth]
May  6 03:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[723]: Disconnected from 63.41.9.206 port 33185 [preauth]
May  6 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31542]: pam_unix(cron:session): session closed for user root
May  6 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: Connection reset by 147.185.132.138 port 63942 [preauth]
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session closed for user p13x
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: Successful su for rubyman by root
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: + ??? root:rubyman
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 337999 of user rubyman.
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: pam_unix(su:session): session closed for user rubyman
May  6 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 337999.
May  6 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user root
May  6 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session closed for user samftp
May  6 03:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: Failed password for root from 171.244.40.20 port 34198 ssh2
May  6 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: Received disconnect from 171.244.40.20 port 34198:11: Bye Bye [preauth]
May  6 03:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1229]: Disconnected from 171.244.40.20 port 34198 [preauth]
May  6 03:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user root
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user p13x
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: Successful su for rubyman by root
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: + ??? root:rubyman
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338002 of user rubyman.
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1461]: pam_unix(su:session): session closed for user rubyman
May  6 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338002.
May  6 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session closed for user root
May  6 03:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user samftp
May  6 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.80  user=root
May  6 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Failed password for root from 14.103.127.80 port 54948 ssh2
May  6 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Received disconnect from 14.103.127.80 port 54948:11: Bye Bye [preauth]
May  6 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1677]: Disconnected from 14.103.127.80 port 54948 [preauth]
May  6 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[356]: pam_unix(cron:session): session closed for user root
May  6 03:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Invalid user ftp-test from 194.1.184.72
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: input_userauth_request: invalid user ftp-test [preauth]
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: Invalid user vijay from 96.92.63.243
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: input_userauth_request: invalid user vijay [preauth]
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Failed password for invalid user ftp-test from 194.1.184.72 port 48417 ssh2
May  6 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: Failed password for invalid user vijay from 96.92.63.243 port 54178 ssh2
May  6 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: Received disconnect from 96.92.63.243 port 54178:11: Bye Bye [preauth]
May  6 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: Disconnected from 96.92.63.243 port 54178 [preauth]
May  6 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Received disconnect from 194.1.184.72 port 48417:11: Bye Bye [preauth]
May  6 03:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1843]: Disconnected from 194.1.184.72 port 48417 [preauth]
May  6 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user p13x
May  6 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: Successful su for rubyman by root
May  6 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: + ??? root:rubyman
May  6 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338008 of user rubyman.
May  6 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2013]: pam_unix(su:session): session closed for user rubyman
May  6 03:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338008.
May  6 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31130]: pam_unix(cron:session): session closed for user root
May  6 03:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session closed for user samftp
May  6 03:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Invalid user ftp-test from 128.201.165.54
May  6 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: input_userauth_request: invalid user ftp-test [preauth]
May  6 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 03:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Failed password for invalid user ftp-test from 128.201.165.54 port 37800 ssh2
May  6 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Received disconnect from 128.201.165.54 port 37800:11: Bye Bye [preauth]
May  6 03:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Disconnected from 128.201.165.54 port 37800 [preauth]
May  6 03:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session closed for user root
May  6 03:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39  user=root
May  6 03:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Failed password for root from 181.176.62.39 port 60368 ssh2
May  6 03:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Received disconnect from 181.176.62.39 port 60368:11: Bye Bye [preauth]
May  6 03:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Disconnected from 181.176.62.39 port 60368 [preauth]
May  6 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2353]: pam_unix(cron:session): session closed for user p13x
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: Successful su for rubyman by root
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: + ??? root:rubyman
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338011 of user rubyman.
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2433]: pam_unix(su:session): session closed for user rubyman
May  6 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338011.
May  6 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31541]: pam_unix(cron:session): session closed for user root
May  6 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2354]: pam_unix(cron:session): session closed for user samftp
May  6 03:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Invalid user linda from 157.10.161.187
May  6 03:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: input_userauth_request: invalid user linda [preauth]
May  6 03:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Failed password for invalid user linda from 157.10.161.187 port 55692 ssh2
May  6 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Received disconnect from 157.10.161.187 port 55692:11: Bye Bye [preauth]
May  6 03:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Disconnected from 157.10.161.187 port 55692 [preauth]
May  6 03:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 03:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: Failed password for root from 103.9.211.159 port 34692 ssh2
May  6 03:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: Received disconnect from 103.9.211.159 port 34692:11: Bye Bye [preauth]
May  6 03:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2665]: Disconnected from 103.9.211.159 port 34692 [preauth]
May  6 03:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session closed for user root
May  6 03:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Invalid user chat from 82.207.8.218
May  6 03:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: input_userauth_request: invalid user chat [preauth]
May  6 03:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Failed password for invalid user chat from 82.207.8.218 port 47437 ssh2
May  6 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Received disconnect from 82.207.8.218 port 47437:11: Bye Bye [preauth]
May  6 03:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2741]: Disconnected from 82.207.8.218 port 47437 [preauth]
May  6 03:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2782]: Did not receive identification string from 176.66.119.172
May  6 03:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Invalid user minecraft from 176.66.119.172
May  6 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: input_userauth_request: invalid user minecraft [preauth]
May  6 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Failed password for invalid user minecraft from 176.66.119.172 port 38442 ssh2
May  6 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Connection closed by 176.66.119.172 port 38442 [preauth]
May  6 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: Invalid user a from 176.66.119.172
May  6 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: input_userauth_request: invalid user a [preauth]
May  6 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: pam_unix(sshd:auth): check pass; user unknown
May  6 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 03:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: Failed password for invalid user a from 176.66.119.172 port 38454 ssh2
May  6 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: Connection closed by 176.66.119.172 port 38454 [preauth]
May  6 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Invalid user centos from 176.66.119.172
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: input_userauth_request: invalid user centos [preauth]
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2815]: pam_unix(cron:session): session closed for user root
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2811]: pam_unix(cron:session): session closed for user root
May  6 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session closed for user p13x
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2913]: Successful su for rubyman by root
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2913]: + ??? root:rubyman
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338020 of user rubyman.
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2913]: pam_unix(su:session): session closed for user rubyman
May  6 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338020.
May  6 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Failed password for invalid user centos from 176.66.119.172 port 48676 ssh2
May  6 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2806]: Connection closed by 176.66.119.172 port 48676 [preauth]
May  6 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user root
May  6 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2812]: pam_unix(cron:session): session closed for user root
May  6 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Invalid user ansible from 176.66.119.172
May  6 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: input_userauth_request: invalid user ansible [preauth]
May  6 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2810]: pam_unix(cron:session): session closed for user samftp
May  6 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Failed password for invalid user ansible from 176.66.119.172 port 48684 ssh2
May  6 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3075]: Connection closed by 176.66.119.172 port 48684 [preauth]
May  6 04:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Invalid user admin from 176.66.119.172
May  6 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: input_userauth_request: invalid user admin [preauth]
May  6 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Failed password for invalid user admin from 176.66.119.172 port 56476 ssh2
May  6 04:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: Connection closed by 176.66.119.172 port 56476 [preauth]
May  6 04:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Invalid user csserver from 176.66.119.172
May  6 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: input_userauth_request: invalid user csserver [preauth]
May  6 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Failed password for invalid user csserver from 176.66.119.172 port 56488 ssh2
May  6 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3150]: Connection closed by 176.66.119.172 port 56488 [preauth]
May  6 04:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Invalid user user2 from 176.66.119.172
May  6 04:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: input_userauth_request: invalid user user2 [preauth]
May  6 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Failed password for invalid user user2 from 176.66.119.172 port 57368 ssh2
May  6 04:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3169]: Connection closed by 176.66.119.172 port 57368 [preauth]
May  6 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Invalid user zjw from 176.66.119.172
May  6 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: input_userauth_request: invalid user zjw [preauth]
May  6 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Failed password for invalid user zjw from 176.66.119.172 port 57372 ssh2
May  6 04:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Connection closed by 176.66.119.172 port 57372 [preauth]
May  6 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Invalid user test from 176.66.119.172
May  6 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: input_userauth_request: invalid user test [preauth]
May  6 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Failed password for invalid user test from 176.66.119.172 port 57380 ssh2
May  6 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3197]: Connection closed by 176.66.119.172 port 57380 [preauth]
May  6 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Failed password for root from 176.66.119.172 port 37666 ssh2
May  6 04:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1860]: pam_unix(cron:session): session closed for user root
May  6 04:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3210]: Connection closed by 176.66.119.172 port 37666 [preauth]
May  6 04:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Invalid user postgres from 176.66.119.172
May  6 04:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: input_userauth_request: invalid user postgres [preauth]
May  6 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Failed password for invalid user postgres from 176.66.119.172 port 37678 ssh2
May  6 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3267]: Connection closed by 176.66.119.172 port 37678 [preauth]
May  6 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Invalid user postgres from 176.66.119.172
May  6 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: input_userauth_request: invalid user postgres [preauth]
May  6 04:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Failed password for invalid user postgres from 176.66.119.172 port 55980 ssh2
May  6 04:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3282]: Connection closed by 176.66.119.172 port 55980 [preauth]
May  6 04:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Invalid user hadoop from 176.66.119.172
May  6 04:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: input_userauth_request: invalid user hadoop [preauth]
May  6 04:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Failed password for invalid user hadoop from 176.66.119.172 port 55986 ssh2
May  6 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3292]: Connection closed by 176.66.119.172 port 55986 [preauth]
May  6 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Invalid user kyt from 63.41.9.206
May  6 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: input_userauth_request: invalid user kyt [preauth]
May  6 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Failed password for invalid user kyt from 63.41.9.206 port 51164 ssh2
May  6 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Received disconnect from 63.41.9.206 port 51164:11: Bye Bye [preauth]
May  6 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Disconnected from 63.41.9.206 port 51164 [preauth]
May  6 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: Failed password for root from 176.66.119.172 port 40712 ssh2
May  6 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3306]: Connection closed by 176.66.119.172 port 40712 [preauth]
May  6 04:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Failed password for root from 176.66.119.172 port 40714 ssh2
May  6 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3319]: Connection closed by 176.66.119.172 port 40714 [preauth]
May  6 04:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Invalid user test from 176.66.119.172
May  6 04:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: input_userauth_request: invalid user test [preauth]
May  6 04:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Failed password for invalid user test from 176.66.119.172 port 40718 ssh2
May  6 04:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3331]: Connection closed by 176.66.119.172 port 40718 [preauth]
May  6 04:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session closed for user p13x
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Invalid user steam from 176.66.119.172
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: input_userauth_request: invalid user steam [preauth]
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3437]: Successful su for rubyman by root
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3437]: + ??? root:rubyman
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338023 of user rubyman.
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3437]: pam_unix(su:session): session closed for user rubyman
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338023.
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Failed password for invalid user steam from 176.66.119.172 port 34394 ssh2
May  6 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Connection closed by 176.66.119.172 port 34394 [preauth]
May  6 04:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session closed for user samftp
May  6 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user root
May  6 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Failed password for root from 176.66.119.172 port 34396 ssh2
May  6 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3605]: Connection closed by 176.66.119.172 port 34396 [preauth]
May  6 04:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Failed password for root from 176.66.119.172 port 37120 ssh2
May  6 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3656]: Connection closed by 176.66.119.172 port 37120 [preauth]
May  6 04:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Invalid user csserver from 176.66.119.172
May  6 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: input_userauth_request: invalid user csserver [preauth]
May  6 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Failed password for invalid user csserver from 176.66.119.172 port 37122 ssh2
May  6 04:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Connection closed by 176.66.119.172 port 37122 [preauth]
May  6 04:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Invalid user git from 176.66.119.172
May  6 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: input_userauth_request: invalid user git [preauth]
May  6 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Failed password for invalid user git from 176.66.119.172 port 37132 ssh2
May  6 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Connection closed by 176.66.119.172 port 37132 [preauth]
May  6 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Invalid user admin from 176.66.119.172
May  6 04:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: input_userauth_request: invalid user admin [preauth]
May  6 04:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Failed password for invalid user admin from 176.66.119.172 port 58658 ssh2
May  6 04:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3691]: Connection closed by 176.66.119.172 port 58658 [preauth]
May  6 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Invalid user minecraft from 176.66.119.172
May  6 04:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: input_userauth_request: invalid user minecraft [preauth]
May  6 04:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Failed password for invalid user minecraft from 176.66.119.172 port 58666 ssh2
May  6 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3701]: Connection closed by 176.66.119.172 port 58666 [preauth]
May  6 04:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: Failed password for root from 176.66.119.172 port 58680 ssh2
May  6 04:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3715]: Connection closed by 176.66.119.172 port 58680 [preauth]
May  6 04:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: User ftp from 176.66.119.172 not allowed because not listed in AllowUsers
May  6 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: input_userauth_request: invalid user ftp [preauth]
May  6 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=ftp
May  6 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for invalid user ftp from 176.66.119.172 port 41202 ssh2
May  6 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Connection closed by 176.66.119.172 port 41202 [preauth]
May  6 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session closed for user root
May  6 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: Failed password for root from 176.66.119.172 port 41210 ssh2
May  6 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3735]: Connection closed by 176.66.119.172 port 41210 [preauth]
May  6 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: User ftp from 176.66.119.172 not allowed because not listed in AllowUsers
May  6 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: input_userauth_request: invalid user ftp [preauth]
May  6 04:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=ftp
May  6 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Failed password for invalid user ftp from 176.66.119.172 port 41216 ssh2
May  6 04:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Connection closed by 176.66.119.172 port 41216 [preauth]
May  6 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Invalid user mc from 176.66.119.172
May  6 04:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: input_userauth_request: invalid user mc [preauth]
May  6 04:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Failed password for invalid user mc from 176.66.119.172 port 54986 ssh2
May  6 04:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3771]: Connection closed by 176.66.119.172 port 54986 [preauth]
May  6 04:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: Invalid user 1 from 176.66.119.172
May  6 04:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: input_userauth_request: invalid user 1 [preauth]
May  6 04:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: Failed password for invalid user 1 from 176.66.119.172 port 55002 ssh2
May  6 04:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3781]: Connection closed by 176.66.119.172 port 55002 [preauth]
May  6 04:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Invalid user ansible from 176.66.119.172
May  6 04:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: input_userauth_request: invalid user ansible [preauth]
May  6 04:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Failed password for invalid user ansible from 176.66.119.172 port 55004 ssh2
May  6 04:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Connection closed by 176.66.119.172 port 55004 [preauth]
May  6 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: Invalid user centos from 176.66.119.172
May  6 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: input_userauth_request: invalid user centos [preauth]
May  6 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Invalid user ftp-test from 171.244.40.20
May  6 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: input_userauth_request: invalid user ftp-test [preauth]
May  6 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: Failed password for invalid user centos from 176.66.119.172 port 50996 ssh2
May  6 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3806]: Connection closed by 176.66.119.172 port 50996 [preauth]
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Failed password for invalid user ftp-test from 171.244.40.20 port 54214 ssh2
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Received disconnect from 171.244.40.20 port 54214:11: Bye Bye [preauth]
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Disconnected from 171.244.40.20 port 54214 [preauth]
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Invalid user a from 176.66.119.172
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: input_userauth_request: invalid user a [preauth]
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Failed password for invalid user a from 176.66.119.172 port 51006 ssh2
May  6 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3810]: Connection closed by 176.66.119.172 port 51006 [preauth]
May  6 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: Invalid user user from 176.66.119.172
May  6 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: input_userauth_request: invalid user user [preauth]
May  6 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: Failed password for invalid user user from 176.66.119.172 port 51012 ssh2
May  6 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3820]: Connection closed by 176.66.119.172 port 51012 [preauth]
May  6 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: Invalid user git from 176.66.119.172
May  6 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: input_userauth_request: invalid user git [preauth]
May  6 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: Failed password for invalid user git from 176.66.119.172 port 48440 ssh2
May  6 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: Connection closed by 176.66.119.172 port 48440 [preauth]
May  6 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3843]: pam_unix(cron:session): session closed for user p13x
May  6 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3906]: Successful su for rubyman by root
May  6 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3906]: + ??? root:rubyman
May  6 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338026 of user rubyman.
May  6 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3906]: pam_unix(su:session): session closed for user rubyman
May  6 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338026.
May  6 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Failed password for root from 176.66.119.172 port 48446 ssh2
May  6 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Connection closed by 176.66.119.172 port 48446 [preauth]
May  6 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session closed for user root
May  6 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Invalid user ubuntu from 176.66.119.172
May  6 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: input_userauth_request: invalid user ubuntu [preauth]
May  6 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3844]: pam_unix(cron:session): session closed for user samftp
May  6 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Failed password for invalid user ubuntu from 176.66.119.172 port 48454 ssh2
May  6 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4025]: Connection closed by 176.66.119.172 port 48454 [preauth]
May  6 04:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Invalid user ubuntu from 176.66.119.172
May  6 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: input_userauth_request: invalid user ubuntu [preauth]
May  6 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Failed password for invalid user ubuntu from 176.66.119.172 port 57304 ssh2
May  6 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Connection closed by 176.66.119.172 port 57304 [preauth]
May  6 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Invalid user user2 from 176.66.119.172
May  6 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: input_userauth_request: invalid user user2 [preauth]
May  6 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Failed password for invalid user user2 from 176.66.119.172 port 57306 ssh2
May  6 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: Connection closed by 176.66.119.172 port 57306 [preauth]
May  6 04:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Invalid user user3 from 176.66.119.172
May  6 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: input_userauth_request: invalid user user3 [preauth]
May  6 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Failed password for invalid user user3 from 176.66.119.172 port 57308 ssh2
May  6 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4145]: Connection closed by 176.66.119.172 port 57308 [preauth]
May  6 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172  user=root
May  6 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Failed password for root from 176.66.119.172 port 46542 ssh2
May  6 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Connection closed by 176.66.119.172 port 46542 [preauth]
May  6 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Invalid user cs2server from 176.66.119.172
May  6 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: input_userauth_request: invalid user cs2server [preauth]
May  6 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.66.119.172
May  6 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Failed password for invalid user cs2server from 176.66.119.172 port 46544 ssh2
May  6 04:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Connection closed by 176.66.119.172 port 46544 [preauth]
May  6 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Invalid user steam from 96.92.63.243
May  6 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: input_userauth_request: invalid user steam [preauth]
May  6 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 04:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user steam from 96.92.63.243 port 34474 ssh2
May  6 04:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Received disconnect from 96.92.63.243 port 34474:11: Bye Bye [preauth]
May  6 04:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Disconnected from 96.92.63.243 port 34474 [preauth]
May  6 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2814]: pam_unix(cron:session): session closed for user root
May  6 04:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203  user=root
May  6 04:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for root from 201.249.87.203 port 48696 ssh2
May  6 04:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Received disconnect from 201.249.87.203 port 48696:11: Bye Bye [preauth]
May  6 04:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Disconnected from 201.249.87.203 port 48696 [preauth]
May  6 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4441]: pam_unix(cron:session): session closed for user p13x
May  6 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4513]: Successful su for rubyman by root
May  6 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4513]: + ??? root:rubyman
May  6 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338032 of user rubyman.
May  6 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4513]: pam_unix(su:session): session closed for user rubyman
May  6 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338032.
May  6 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session closed for user root
May  6 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4443]: pam_unix(cron:session): session closed for user samftp
May  6 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session closed for user root
May  6 04:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 04:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Failed password for root from 194.1.184.72 port 57066 ssh2
May  6 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Received disconnect from 194.1.184.72 port 57066:11: Bye Bye [preauth]
May  6 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Disconnected from 194.1.184.72 port 57066 [preauth]
May  6 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4868]: pam_unix(cron:session): session closed for user p13x
May  6 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4937]: Successful su for rubyman by root
May  6 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4937]: + ??? root:rubyman
May  6 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338034 of user rubyman.
May  6 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4937]: pam_unix(su:session): session closed for user rubyman
May  6 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338034.
May  6 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1859]: pam_unix(cron:session): session closed for user root
May  6 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: Invalid user user from 82.207.8.218
May  6 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: input_userauth_request: invalid user user [preauth]
May  6 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session closed for user samftp
May  6 04:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: Failed password for invalid user user from 82.207.8.218 port 64931 ssh2
May  6 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: Received disconnect from 82.207.8.218 port 64931:11: Bye Bye [preauth]
May  6 04:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5280]: Disconnected from 82.207.8.218 port 64931 [preauth]
May  6 04:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for root from 128.201.165.54 port 39290 ssh2
May  6 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Received disconnect from 128.201.165.54 port 39290:11: Bye Bye [preauth]
May  6 04:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Disconnected from 128.201.165.54 port 39290 [preauth]
May  6 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session closed for user root
May  6 04:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Invalid user jenkins from 181.176.62.39
May  6 04:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: input_userauth_request: invalid user jenkins [preauth]
May  6 04:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Failed password for invalid user jenkins from 181.176.62.39 port 49376 ssh2
May  6 04:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Received disconnect from 181.176.62.39 port 49376:11: Bye Bye [preauth]
May  6 04:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Disconnected from 181.176.62.39 port 49376 [preauth]
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5489]: pam_unix(cron:session): session closed for user root
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5482]: pam_unix(cron:session): session closed for user p13x
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5602]: Successful su for rubyman by root
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5602]: + ??? root:rubyman
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5602]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338041 of user rubyman.
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5602]: pam_unix(su:session): session closed for user rubyman
May  6 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338041.
May  6 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Invalid user yash from 157.10.161.187
May  6 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: input_userauth_request: invalid user yash [preauth]
May  6 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2355]: pam_unix(cron:session): session closed for user root
May  6 04:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5485]: pam_unix(cron:session): session closed for user root
May  6 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Failed password for invalid user yash from 157.10.161.187 port 37338 ssh2
May  6 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Received disconnect from 157.10.161.187 port 37338:11: Bye Bye [preauth]
May  6 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5603]: Disconnected from 157.10.161.187 port 37338 [preauth]
May  6 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5484]: pam_unix(cron:session): session closed for user samftp
May  6 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4445]: pam_unix(cron:session): session closed for user root
May  6 04:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Invalid user sap from 103.9.211.159
May  6 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: input_userauth_request: invalid user sap [preauth]
May  6 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 04:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Failed password for invalid user sap from 103.9.211.159 port 52246 ssh2
May  6 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Received disconnect from 103.9.211.159 port 52246:11: Bye Bye [preauth]
May  6 04:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: Disconnected from 103.9.211.159 port 52246 [preauth]
May  6 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session closed for user p13x
May  6 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: Successful su for rubyman by root
May  6 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: + ??? root:rubyman
May  6 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338044 of user rubyman.
May  6 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6149]: pam_unix(su:session): session closed for user rubyman
May  6 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338044.
May  6 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2813]: pam_unix(cron:session): session closed for user root
May  6 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session closed for user samftp
May  6 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Invalid user zhzyi from 46.244.96.25
May  6 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: input_userauth_request: invalid user zhzyi [preauth]
May  6 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Invalid user hive from 63.41.9.206
May  6 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: input_userauth_request: invalid user hive [preauth]
May  6 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Failed password for invalid user zhzyi from 46.244.96.25 port 59424 ssh2
May  6 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Connection closed by 46.244.96.25 port 59424 [preauth]
May  6 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Failed password for invalid user hive from 63.41.9.206 port 40909 ssh2
May  6 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Received disconnect from 63.41.9.206 port 40909:11: Bye Bye [preauth]
May  6 04:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Disconnected from 63.41.9.206 port 40909 [preauth]
May  6 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user root
May  6 04:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6474]: Did not receive identification string from 196.251.114.29
May  6 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user p13x
May  6 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: Successful su for rubyman by root
May  6 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: + ??? root:rubyman
May  6 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338047 of user rubyman.
May  6 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6550]: pam_unix(su:session): session closed for user rubyman
May  6 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338047.
May  6 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session closed for user root
May  6 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user samftp
May  6 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Invalid user scanner from 96.92.63.243
May  6 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: input_userauth_request: invalid user scanner [preauth]
May  6 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Failed password for invalid user scanner from 96.92.63.243 port 43008 ssh2
May  6 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Received disconnect from 96.92.63.243 port 43008:11: Bye Bye [preauth]
May  6 04:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6754]: Disconnected from 96.92.63.243 port 43008 [preauth]
May  6 04:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Invalid user tg from 171.244.40.20
May  6 04:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: input_userauth_request: invalid user tg [preauth]
May  6 04:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Failed password for invalid user tg from 171.244.40.20 port 39346 ssh2
May  6 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Received disconnect from 171.244.40.20 port 39346:11: Bye Bye [preauth]
May  6 04:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6782]: Disconnected from 171.244.40.20 port 39346 [preauth]
May  6 04:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5488]: pam_unix(cron:session): session closed for user root
May  6 04:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: Invalid user ddd from 125.88.205.54
May  6 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: input_userauth_request: invalid user ddd [preauth]
May  6 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.88.205.54
May  6 04:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: Failed password for invalid user ddd from 125.88.205.54 port 35520 ssh2
May  6 04:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6881]: Connection closed by 125.88.205.54 port 35520 [preauth]
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6902]: pam_unix(cron:session): session closed for user p13x
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: Successful su for rubyman by root
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: + ??? root:rubyman
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338051 of user rubyman.
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7060]: pam_unix(su:session): session closed for user rubyman
May  6 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338051.
May  6 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3845]: pam_unix(cron:session): session closed for user root
May  6 04:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6903]: pam_unix(cron:session): session closed for user samftp
May  6 04:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Invalid user lync from 201.249.87.203
May  6 04:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: input_userauth_request: invalid user lync [preauth]
May  6 04:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Failed password for invalid user lync from 201.249.87.203 port 57700 ssh2
May  6 04:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Received disconnect from 201.249.87.203 port 57700:11: Bye Bye [preauth]
May  6 04:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7304]: Disconnected from 201.249.87.203 port 57700 [preauth]
May  6 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6075]: pam_unix(cron:session): session closed for user root
May  6 04:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Invalid user dev from 82.207.8.218
May  6 04:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: input_userauth_request: invalid user dev [preauth]
May  6 04:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Failed password for invalid user dev from 82.207.8.218 port 17876 ssh2
May  6 04:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Received disconnect from 82.207.8.218 port 17876:11: Bye Bye [preauth]
May  6 04:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7367]: Disconnected from 82.207.8.218 port 17876 [preauth]
May  6 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7416]: pam_unix(cron:session): session closed for user p13x
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: Successful su for rubyman by root
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: + ??? root:rubyman
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338057 of user rubyman.
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: pam_unix(su:session): session closed for user rubyman
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338057.
May  6 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7414]: pam_unix(cron:session): session closed for user root
May  6 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4444]: pam_unix(cron:session): session closed for user root
May  6 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7417]: pam_unix(cron:session): session closed for user samftp
May  6 04:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Invalid user wy from 194.1.184.72
May  6 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: input_userauth_request: invalid user wy [preauth]
May  6 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 04:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Failed password for invalid user wy from 194.1.184.72 port 57792 ssh2
May  6 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Received disconnect from 194.1.184.72 port 57792:11: Bye Bye [preauth]
May  6 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Disconnected from 194.1.184.72 port 57792 [preauth]
May  6 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6496]: pam_unix(cron:session): session closed for user root
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user root
May  6 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user p13x
May  6 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: Successful su for rubyman by root
May  6 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: + ??? root:rubyman
May  6 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338060 of user rubyman.
May  6 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8107]: pam_unix(su:session): session closed for user rubyman
May  6 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338060.
May  6 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user root
May  6 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session closed for user root
May  6 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user samftp
May  6 04:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Invalid user makai from 181.176.62.39
May  6 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: input_userauth_request: invalid user makai [preauth]
May  6 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Failed password for invalid user makai from 181.176.62.39 port 42790 ssh2
May  6 04:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Received disconnect from 181.176.62.39 port 42790:11: Bye Bye [preauth]
May  6 04:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8368]: Disconnected from 181.176.62.39 port 42790 [preauth]
May  6 04:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for root from 128.201.165.54 port 56660 ssh2
May  6 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Received disconnect from 128.201.165.54 port 56660:11: Bye Bye [preauth]
May  6 04:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Disconnected from 128.201.165.54 port 56660 [preauth]
May  6 04:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Invalid user azure from 157.10.161.187
May  6 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: input_userauth_request: invalid user azure [preauth]
May  6 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6992]: pam_unix(cron:session): session closed for user root
May  6 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Failed password for invalid user azure from 157.10.161.187 port 53740 ssh2
May  6 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Received disconnect from 157.10.161.187 port 53740:11: Bye Bye [preauth]
May  6 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Disconnected from 157.10.161.187 port 53740 [preauth]
May  6 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8497]: pam_unix(cron:session): session closed for user p13x
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8576]: Successful su for rubyman by root
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8576]: + ??? root:rubyman
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338066 of user rubyman.
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8576]: pam_unix(su:session): session closed for user rubyman
May  6 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338066.
May  6 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5487]: pam_unix(cron:session): session closed for user root
May  6 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8498]: pam_unix(cron:session): session closed for user samftp
May  6 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7419]: pam_unix(cron:session): session closed for user root
May  6 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Invalid user tobias from 96.92.63.243
May  6 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: input_userauth_request: invalid user tobias [preauth]
May  6 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.92.63.243
May  6 04:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Failed password for invalid user tobias from 96.92.63.243 port 51480 ssh2
May  6 04:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Received disconnect from 96.92.63.243 port 51480:11: Bye Bye [preauth]
May  6 04:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Disconnected from 96.92.63.243 port 51480 [preauth]
May  6 04:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Invalid user cubrid from 103.9.211.159
May  6 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: input_userauth_request: invalid user cubrid [preauth]
May  6 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 04:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Failed password for invalid user cubrid from 103.9.211.159 port 35422 ssh2
May  6 04:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Received disconnect from 103.9.211.159 port 35422:11: Bye Bye [preauth]
May  6 04:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Disconnected from 103.9.211.159 port 35422 [preauth]
May  6 04:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Invalid user ubuntu from 63.41.9.206
May  6 04:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: input_userauth_request: invalid user ubuntu [preauth]
May  6 04:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Failed password for invalid user ubuntu from 63.41.9.206 port 58886 ssh2
May  6 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Received disconnect from 63.41.9.206 port 58886:11: Bye Bye [preauth]
May  6 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8912]: Disconnected from 63.41.9.206 port 58886 [preauth]
May  6 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8938]: pam_unix(cron:session): session closed for user p13x
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: Successful su for rubyman by root
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: + ??? root:rubyman
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338073 of user rubyman.
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9007]: pam_unix(su:session): session closed for user rubyman
May  6 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338073.
May  6 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session closed for user root
May  6 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8940]: pam_unix(cron:session): session closed for user samftp
May  6 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user root
May  6 04:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Invalid user sap from 171.244.40.20
May  6 04:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: input_userauth_request: invalid user sap [preauth]
May  6 04:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user sap from 171.244.40.20 port 46964 ssh2
May  6 04:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Received disconnect from 171.244.40.20 port 46964:11: Bye Bye [preauth]
May  6 04:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Disconnected from 171.244.40.20 port 46964 [preauth]
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9470]: pam_unix(cron:session): session closed for user p13x
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: Successful su for rubyman by root
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: + ??? root:rubyman
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338074 of user rubyman.
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9529]: pam_unix(su:session): session closed for user rubyman
May  6 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338074.
May  6 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6495]: pam_unix(cron:session): session closed for user root
May  6 04:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session closed for user samftp
May  6 04:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Invalid user makai from 82.207.8.218
May  6 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: input_userauth_request: invalid user makai [preauth]
May  6 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Failed password for invalid user makai from 82.207.8.218 port 35367 ssh2
May  6 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Received disconnect from 82.207.8.218 port 35367:11: Bye Bye [preauth]
May  6 04:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9747]: Disconnected from 82.207.8.218 port 35367 [preauth]
May  6 04:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8502]: pam_unix(cron:session): session closed for user root
May  6 04:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Invalid user hanul from 201.249.87.203
May  6 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: input_userauth_request: invalid user hanul [preauth]
May  6 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Failed password for invalid user hanul from 201.249.87.203 port 38456 ssh2
May  6 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Received disconnect from 201.249.87.203 port 38456:11: Bye Bye [preauth]
May  6 04:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Disconnected from 201.249.87.203 port 38456 [preauth]
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session closed for user p13x
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9931]: Successful su for rubyman by root
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9931]: + ??? root:rubyman
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338078 of user rubyman.
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9931]: pam_unix(su:session): session closed for user rubyman
May  6 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338078.
May  6 04:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6904]: pam_unix(cron:session): session closed for user root
May  6 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9871]: pam_unix(cron:session): session closed for user samftp
May  6 04:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8942]: pam_unix(cron:session): session closed for user root
May  6 04:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 04:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Failed password for root from 194.1.184.72 port 55986 ssh2
May  6 04:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Received disconnect from 194.1.184.72 port 55986:11: Bye Bye [preauth]
May  6 04:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Disconnected from 194.1.184.72 port 55986 [preauth]
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session closed for user root
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session closed for user p13x
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: Successful su for rubyman by root
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: + ??? root:rubyman
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338082 of user rubyman.
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10427]: pam_unix(su:session): session closed for user rubyman
May  6 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338082.
May  6 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user root
May  6 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7418]: pam_unix(cron:session): session closed for user root
May  6 04:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session closed for user samftp
May  6 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9473]: pam_unix(cron:session): session closed for user root
May  6 04:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: Invalid user eumpost from 181.176.62.39
May  6 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: input_userauth_request: invalid user eumpost [preauth]
May  6 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: Failed password for invalid user eumpost from 181.176.62.39 port 50166 ssh2
May  6 04:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: Received disconnect from 181.176.62.39 port 50166:11: Bye Bye [preauth]
May  6 04:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: Disconnected from 181.176.62.39 port 50166 [preauth]
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session closed for user p13x
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: Successful su for rubyman by root
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: + ??? root:rubyman
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338088 of user rubyman.
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10929]: pam_unix(su:session): session closed for user rubyman
May  6 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338088.
May  6 04:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session closed for user root
May  6 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user samftp
May  6 04:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Invalid user wy from 157.10.161.187
May  6 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: input_userauth_request: invalid user wy [preauth]
May  6 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Failed password for invalid user wy from 157.10.161.187 port 59902 ssh2
May  6 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Received disconnect from 157.10.161.187 port 59902:11: Bye Bye [preauth]
May  6 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11119]: Disconnected from 157.10.161.187 port 59902 [preauth]
May  6 04:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 04:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9873]: pam_unix(cron:session): session closed for user root
May  6 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Failed password for root from 128.201.165.54 port 10462 ssh2
May  6 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Received disconnect from 128.201.165.54 port 10462:11: Bye Bye [preauth]
May  6 04:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Disconnected from 128.201.165.54 port 10462 [preauth]
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11268]: pam_unix(cron:session): session closed for user root
May  6 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session closed for user p13x
May  6 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: Successful su for rubyman by root
May  6 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: + ??? root:rubyman
May  6 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338093 of user rubyman.
May  6 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11335]: pam_unix(su:session): session closed for user rubyman
May  6 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338093.
May  6 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8501]: pam_unix(cron:session): session closed for user root
May  6 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session closed for user samftp
May  6 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Failed password for root from 63.41.9.206 port 48637 ssh2
May  6 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Received disconnect from 63.41.9.206 port 48637:11: Bye Bye [preauth]
May  6 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Disconnected from 63.41.9.206 port 48637 [preauth]
May  6 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session closed for user root
May  6 04:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Invalid user kthrp from 82.207.8.218
May  6 04:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: input_userauth_request: invalid user kthrp [preauth]
May  6 04:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11673]: pam_unix(cron:session): session closed for user p13x
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Failed password for invalid user kthrp from 82.207.8.218 port 52807 ssh2
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Received disconnect from 82.207.8.218 port 52807:11: Bye Bye [preauth]
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Disconnected from 82.207.8.218 port 52807 [preauth]
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: Successful su for rubyman by root
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: + ??? root:rubyman
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338098 of user rubyman.
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: pam_unix(su:session): session closed for user rubyman
May  6 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338098.
May  6 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8941]: pam_unix(cron:session): session closed for user root
May  6 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Failed password for root from 103.9.211.159 port 52894 ssh2
May  6 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Received disconnect from 103.9.211.159 port 52894:11: Bye Bye [preauth]
May  6 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Disconnected from 103.9.211.159 port 52894 [preauth]
May  6 04:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11674]: pam_unix(cron:session): session closed for user samftp
May  6 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: Invalid user lord from 171.244.40.20
May  6 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: input_userauth_request: invalid user lord [preauth]
May  6 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: Failed password for invalid user lord from 171.244.40.20 port 55224 ssh2
May  6 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: Received disconnect from 171.244.40.20 port 55224:11: Bye Bye [preauth]
May  6 04:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11918]: Disconnected from 171.244.40.20 port 55224 [preauth]
May  6 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10867]: pam_unix(cron:session): session closed for user root
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session closed for user p13x
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: Successful su for rubyman by root
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: + ??? root:rubyman
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338102 of user rubyman.
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12120]: pam_unix(su:session): session closed for user rubyman
May  6 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338102.
May  6 04:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session closed for user root
May  6 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user samftp
May  6 04:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Invalid user intern1 from 201.249.87.203
May  6 04:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: input_userauth_request: invalid user intern1 [preauth]
May  6 04:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for invalid user intern1 from 201.249.87.203 port 47438 ssh2
May  6 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Received disconnect from 201.249.87.203 port 47438:11: Bye Bye [preauth]
May  6 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Disconnected from 201.249.87.203 port 47438 [preauth]
May  6 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session closed for user root
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session closed for user root
May  6 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12471]: pam_unix(cron:session): session closed for user p13x
May  6 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12537]: Successful su for rubyman by root
May  6 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12537]: + ??? root:rubyman
May  6 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338108 of user rubyman.
May  6 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12537]: pam_unix(su:session): session closed for user rubyman
May  6 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338108.
May  6 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12473]: pam_unix(cron:session): session closed for user root
May  6 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9872]: pam_unix(cron:session): session closed for user root
May  6 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12472]: pam_unix(cron:session): session closed for user samftp
May  6 04:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 04:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11676]: pam_unix(cron:session): session closed for user root
May  6 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Failed password for root from 194.1.184.72 port 37070 ssh2
May  6 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Received disconnect from 194.1.184.72 port 37070:11: Bye Bye [preauth]
May  6 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12798]: Disconnected from 194.1.184.72 port 37070 [preauth]
May  6 04:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12888]: pam_unix(cron:session): session closed for user p13x
May  6 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: Successful su for rubyman by root
May  6 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: + ??? root:rubyman
May  6 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338111 of user rubyman.
May  6 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12952]: pam_unix(su:session): session closed for user rubyman
May  6 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338111.
May  6 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session closed for user root
May  6 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12889]: pam_unix(cron:session): session closed for user samftp
May  6 04:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: Invalid user taiga from 124.198.59.254
May  6 04:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: input_userauth_request: invalid user taiga [preauth]
May  6 04:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  6 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: Failed password for invalid user taiga from 124.198.59.254 port 49660 ssh2
May  6 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12868]: Connection closed by 124.198.59.254 port 49660 [preauth]
May  6 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session closed for user root
May  6 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Invalid user kthrp from 181.176.62.39
May  6 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: input_userauth_request: invalid user kthrp [preauth]
May  6 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Failed password for invalid user kthrp from 181.176.62.39 port 43688 ssh2
May  6 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Received disconnect from 181.176.62.39 port 43688:11: Bye Bye [preauth]
May  6 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Disconnected from 181.176.62.39 port 43688 [preauth]
May  6 04:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13294]: pam_unix(cron:session): session closed for user p13x
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13355]: Successful su for rubyman by root
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13355]: + ??? root:rubyman
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13355]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338115 of user rubyman.
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13355]: pam_unix(su:session): session closed for user rubyman
May  6 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338115.
May  6 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Failed password for root from 157.10.161.187 port 38654 ssh2
May  6 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Received disconnect from 157.10.161.187 port 38654:11: Bye Bye [preauth]
May  6 04:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Disconnected from 157.10.161.187 port 38654 [preauth]
May  6 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10866]: pam_unix(cron:session): session closed for user root
May  6 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13296]: pam_unix(cron:session): session closed for user samftp
May  6 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12475]: pam_unix(cron:session): session closed for user root
May  6 04:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218  user=root
May  6 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Failed password for root from 82.207.8.218 port 5768 ssh2
May  6 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Received disconnect from 82.207.8.218 port 5768:11: Bye Bye [preauth]
May  6 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13744]: Disconnected from 82.207.8.218 port 5768 [preauth]
May  6 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Failed password for root from 128.201.165.54 port 39472 ssh2
May  6 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Received disconnect from 128.201.165.54 port 39472:11: Bye Bye [preauth]
May  6 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13746]: Disconnected from 128.201.165.54 port 39472 [preauth]
May  6 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13807]: pam_unix(cron:session): session closed for user p13x
May  6 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: Successful su for rubyman by root
May  6 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: + ??? root:rubyman
May  6 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338120 of user rubyman.
May  6 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13869]: pam_unix(su:session): session closed for user rubyman
May  6 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338120.
May  6 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session closed for user root
May  6 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13808]: pam_unix(cron:session): session closed for user samftp
May  6 04:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Failed password for root from 63.41.9.206 port 38384 ssh2
May  6 04:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Received disconnect from 63.41.9.206 port 38384:11: Bye Bye [preauth]
May  6 04:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14077]: Disconnected from 63.41.9.206 port 38384 [preauth]
May  6 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12891]: pam_unix(cron:session): session closed for user root
May  6 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for root from 171.244.40.20 port 56812 ssh2
May  6 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Received disconnect from 171.244.40.20 port 56812:11: Bye Bye [preauth]
May  6 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Disconnected from 171.244.40.20 port 56812 [preauth]
May  6 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14205]: pam_unix(cron:session): session closed for user p13x
May  6 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: Successful su for rubyman by root
May  6 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: + ??? root:rubyman
May  6 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338124 of user rubyman.
May  6 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: pam_unix(su:session): session closed for user rubyman
May  6 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338124.
May  6 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11675]: pam_unix(cron:session): session closed for user root
May  6 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14206]: pam_unix(cron:session): session closed for user samftp
May  6 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: Failed password for root from 103.9.211.159 port 48692 ssh2
May  6 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: Received disconnect from 103.9.211.159 port 48692:11: Bye Bye [preauth]
May  6 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: Disconnected from 103.9.211.159 port 48692 [preauth]
May  6 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13298]: pam_unix(cron:session): session closed for user root
May  6 04:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Invalid user ramon from 201.249.87.203
May  6 04:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: input_userauth_request: invalid user ramon [preauth]
May  6 04:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Failed password for invalid user ramon from 201.249.87.203 port 56420 ssh2
May  6 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Received disconnect from 201.249.87.203 port 56420:11: Bye Bye [preauth]
May  6 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14556]: Disconnected from 201.249.87.203 port 56420 [preauth]
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14617]: pam_unix(cron:session): session closed for user root
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user p13x
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: Successful su for rubyman by root
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: + ??? root:rubyman
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338128 of user rubyman.
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14686]: pam_unix(su:session): session closed for user rubyman
May  6 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338128.
May  6 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session closed for user root
May  6 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session closed for user root
May  6 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session closed for user samftp
May  6 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session closed for user root
May  6 04:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Invalid user admin from 80.94.95.112
May  6 04:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: input_userauth_request: invalid user admin [preauth]
May  6 04:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 04:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for invalid user admin from 80.94.95.112 port 54653 ssh2
May  6 04:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for invalid user admin from 80.94.95.112 port 54653 ssh2
May  6 04:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for invalid user admin from 80.94.95.112 port 54653 ssh2
May  6 04:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for invalid user admin from 80.94.95.112 port 54653 ssh2
May  6 04:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Failed password for invalid user admin from 80.94.95.112 port 54653 ssh2
May  6 04:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Received disconnect from 80.94.95.112 port 54653:11: Bye [preauth]
May  6 04:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Disconnected from 80.94.95.112 port 54653 [preauth]
May  6 04:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 04:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session closed for user p13x
May  6 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15115]: Successful su for rubyman by root
May  6 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15115]: + ??? root:rubyman
May  6 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338134 of user rubyman.
May  6 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15115]: pam_unix(su:session): session closed for user rubyman
May  6 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338134.
May  6 04:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12474]: pam_unix(cron:session): session closed for user root
May  6 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15050]: pam_unix(cron:session): session closed for user samftp
May  6 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Invalid user debian from 194.1.184.72
May  6 04:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: input_userauth_request: invalid user debian [preauth]
May  6 04:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 04:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Failed password for invalid user debian from 194.1.184.72 port 54796 ssh2
May  6 04:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Received disconnect from 194.1.184.72 port 54796:11: Bye Bye [preauth]
May  6 04:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15301]: Disconnected from 194.1.184.72 port 54796 [preauth]
May  6 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14208]: pam_unix(cron:session): session closed for user root
May  6 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15450]: pam_unix(cron:session): session closed for user p13x
May  6 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: Successful su for rubyman by root
May  6 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: + ??? root:rubyman
May  6 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338140 of user rubyman.
May  6 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15514]: pam_unix(su:session): session closed for user rubyman
May  6 04:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338140.
May  6 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12890]: pam_unix(cron:session): session closed for user root
May  6 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15451]: pam_unix(cron:session): session closed for user samftp
May  6 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218  user=root
May  6 04:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Failed password for root from 82.207.8.218 port 23223 ssh2
May  6 04:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Received disconnect from 82.207.8.218 port 23223:11: Bye Bye [preauth]
May  6 04:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15694]: Disconnected from 82.207.8.218 port 23223 [preauth]
May  6 04:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39  user=root
May  6 04:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Failed password for root from 181.176.62.39 port 35954 ssh2
May  6 04:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Received disconnect from 181.176.62.39 port 35954:11: Bye Bye [preauth]
May  6 04:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15720]: Disconnected from 181.176.62.39 port 35954 [preauth]
May  6 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14616]: pam_unix(cron:session): session closed for user root
May  6 04:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Invalid user sap from 157.10.161.187
May  6 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: input_userauth_request: invalid user sap [preauth]
May  6 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Failed password for invalid user sap from 157.10.161.187 port 42742 ssh2
May  6 04:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Received disconnect from 157.10.161.187 port 42742:11: Bye Bye [preauth]
May  6 04:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15800]: Disconnected from 157.10.161.187 port 42742 [preauth]
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user p13x
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15912]: Successful su for rubyman by root
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15912]: + ??? root:rubyman
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338143 of user rubyman.
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15912]: pam_unix(su:session): session closed for user rubyman
May  6 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338143.
May  6 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13297]: pam_unix(cron:session): session closed for user root
May  6 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user samftp
May  6 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session closed for user root
May  6 04:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: Invalid user hadoop from 128.201.165.54
May  6 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: input_userauth_request: invalid user hadoop [preauth]
May  6 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: Failed password for invalid user hadoop from 128.201.165.54 port 33144 ssh2
May  6 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: Received disconnect from 128.201.165.54 port 33144:11: Bye Bye [preauth]
May  6 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16193]: Disconnected from 128.201.165.54 port 33144 [preauth]
May  6 04:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Invalid user gmtelx from 63.41.9.206
May  6 04:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: input_userauth_request: invalid user gmtelx [preauth]
May  6 04:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Failed password for invalid user gmtelx from 63.41.9.206 port 56368 ssh2
May  6 04:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Received disconnect from 63.41.9.206 port 56368:11: Bye Bye [preauth]
May  6 04:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Disconnected from 63.41.9.206 port 56368 [preauth]
May  6 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session closed for user p13x
May  6 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: Successful su for rubyman by root
May  6 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: + ??? root:rubyman
May  6 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338145 of user rubyman.
May  6 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16294]: pam_unix(su:session): session closed for user rubyman
May  6 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338145.
May  6 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session closed for user root
May  6 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session closed for user samftp
May  6 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: Failed password for root from 171.244.40.20 port 44568 ssh2
May  6 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: Received disconnect from 171.244.40.20 port 44568:11: Bye Bye [preauth]
May  6 04:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16459]: Disconnected from 171.244.40.20 port 44568 [preauth]
May  6 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Invalid user admin from 80.94.95.125
May  6 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: input_userauth_request: invalid user admin [preauth]
May  6 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user admin from 80.94.95.125 port 56793 ssh2
May  6 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user admin from 80.94.95.125 port 56793 ssh2
May  6 04:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user admin from 80.94.95.125 port 56793 ssh2
May  6 04:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user admin from 80.94.95.125 port 56793 ssh2
May  6 04:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user admin from 80.94.95.125 port 56793 ssh2
May  6 04:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Received disconnect from 80.94.95.125 port 56793:11: Bye [preauth]
May  6 04:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Disconnected from 80.94.95.125 port 56793 [preauth]
May  6 04:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 04:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session closed for user root
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16695]: pam_unix(cron:session): session closed for user root
May  6 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16689]: pam_unix(cron:session): session closed for user p13x
May  6 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16761]: Successful su for rubyman by root
May  6 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16761]: + ??? root:rubyman
May  6 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338152 of user rubyman.
May  6 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16761]: pam_unix(su:session): session closed for user rubyman
May  6 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338152.
May  6 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16691]: pam_unix(cron:session): session closed for user root
May  6 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14207]: pam_unix(cron:session): session closed for user root
May  6 04:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203  user=root
May  6 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16690]: pam_unix(cron:session): session closed for user samftp
May  6 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for root from 201.249.87.203 port 37178 ssh2
May  6 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Received disconnect from 201.249.87.203 port 37178:11: Bye Bye [preauth]
May  6 04:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Disconnected from 201.249.87.203 port 37178 [preauth]
May  6 04:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Invalid user ftp-test from 103.9.211.159
May  6 04:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: input_userauth_request: invalid user ftp-test [preauth]
May  6 04:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 04:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Failed password for invalid user ftp-test from 103.9.211.159 port 43670 ssh2
May  6 04:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Received disconnect from 103.9.211.159 port 43670:11: Bye Bye [preauth]
May  6 04:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17037]: Disconnected from 103.9.211.159 port 43670 [preauth]
May  6 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session closed for user root
May  6 04:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Invalid user apagar from 46.244.96.25
May  6 04:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: input_userauth_request: invalid user apagar [preauth]
May  6 04:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 04:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Failed password for invalid user apagar from 46.244.96.25 port 33024 ssh2
May  6 04:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Connection closed by 46.244.96.25 port 33024 [preauth]
May  6 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17158]: pam_unix(cron:session): session closed for user p13x
May  6 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: Successful su for rubyman by root
May  6 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: + ??? root:rubyman
May  6 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338155 of user rubyman.
May  6 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17228]: pam_unix(su:session): session closed for user rubyman
May  6 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338155.
May  6 04:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session closed for user root
May  6 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17159]: pam_unix(cron:session): session closed for user samftp
May  6 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16239]: pam_unix(cron:session): session closed for user root
May  6 04:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218  user=root
May  6 04:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Failed password for root from 82.207.8.218 port 40758 ssh2
May  6 04:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Received disconnect from 82.207.8.218 port 40758:11: Bye Bye [preauth]
May  6 04:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17522]: Disconnected from 82.207.8.218 port 40758 [preauth]
May  6 04:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17557]: Failed password for root from 194.1.184.72 port 39890 ssh2
May  6 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17557]: Received disconnect from 194.1.184.72 port 39890:11: Bye Bye [preauth]
May  6 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17557]: Disconnected from 194.1.184.72 port 39890 [preauth]
May  6 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session closed for user p13x
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: Successful su for rubyman by root
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: + ??? root:rubyman
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338159 of user rubyman.
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17639]: pam_unix(su:session): session closed for user rubyman
May  6 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338159.
May  6 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session closed for user root
May  6 04:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17580]: pam_unix(cron:session): session closed for user samftp
May  6 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16694]: pam_unix(cron:session): session closed for user root
May  6 04:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Invalid user user from 181.176.62.39
May  6 04:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: input_userauth_request: invalid user user [preauth]
May  6 04:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Failed password for invalid user user from 181.176.62.39 port 53922 ssh2
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Received disconnect from 181.176.62.39 port 53922:11: Bye Bye [preauth]
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18095]: Disconnected from 181.176.62.39 port 53922 [preauth]
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18099]: pam_unix(cron:session): session closed for user p13x
May  6 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18164]: Successful su for rubyman by root
May  6 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18164]: + ??? root:rubyman
May  6 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338163 of user rubyman.
May  6 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18164]: pam_unix(su:session): session closed for user rubyman
May  6 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338163.
May  6 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session closed for user root
May  6 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18100]: pam_unix(cron:session): session closed for user samftp
May  6 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Invalid user hadoop from 157.10.161.187
May  6 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: input_userauth_request: invalid user hadoop [preauth]
May  6 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Failed password for invalid user hadoop from 157.10.161.187 port 51030 ssh2
May  6 04:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Received disconnect from 157.10.161.187 port 51030:11: Bye Bye [preauth]
May  6 04:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Disconnected from 157.10.161.187 port 51030 [preauth]
May  6 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user root
May  6 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session closed for user p13x
May  6 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18580]: Successful su for rubyman by root
May  6 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18580]: + ??? root:rubyman
May  6 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338169 of user rubyman.
May  6 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18580]: pam_unix(su:session): session closed for user rubyman
May  6 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338169.
May  6 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session closed for user root
May  6 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user samftp
May  6 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session closed for user root
May  6 04:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for root from 63.41.9.206 port 46117 ssh2
May  6 04:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Received disconnect from 63.41.9.206 port 46117:11: Bye Bye [preauth]
May  6 04:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Disconnected from 63.41.9.206 port 46117 [preauth]
May  6 04:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: Invalid user yash from 171.244.40.20
May  6 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: input_userauth_request: invalid user yash [preauth]
May  6 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: Failed password for invalid user yash from 171.244.40.20 port 52476 ssh2
May  6 04:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: Received disconnect from 171.244.40.20 port 52476:11: Bye Bye [preauth]
May  6 04:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18867]: Disconnected from 171.244.40.20 port 52476 [preauth]
May  6 04:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: Invalid user lord from 128.201.165.54
May  6 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: input_userauth_request: invalid user lord [preauth]
May  6 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: Failed password for invalid user lord from 128.201.165.54 port 42814 ssh2
May  6 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: Received disconnect from 128.201.165.54 port 42814:11: Bye Bye [preauth]
May  6 04:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18899]: Disconnected from 128.201.165.54 port 42814 [preauth]
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18935]: pam_unix(cron:session): session closed for user root
May  6 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18930]: pam_unix(cron:session): session closed for user p13x
May  6 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: Successful su for rubyman by root
May  6 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: + ??? root:rubyman
May  6 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338174 of user rubyman.
May  6 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18995]: pam_unix(su:session): session closed for user rubyman
May  6 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338174.
May  6 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18932]: pam_unix(cron:session): session closed for user root
May  6 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session closed for user root
May  6 04:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18931]: pam_unix(cron:session): session closed for user samftp
May  6 04:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session closed for user root
May  6 04:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Invalid user solr from 201.249.87.203
May  6 04:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: input_userauth_request: invalid user solr [preauth]
May  6 04:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Failed password for invalid user solr from 201.249.87.203 port 46180 ssh2
May  6 04:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Received disconnect from 201.249.87.203 port 46180:11: Bye Bye [preauth]
May  6 04:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Disconnected from 201.249.87.203 port 46180 [preauth]
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19368]: pam_unix(cron:session): session closed for user p13x
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: Successful su for rubyman by root
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: + ??? root:rubyman
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338177 of user rubyman.
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: pam_unix(su:session): session closed for user rubyman
May  6 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338177.
May  6 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16692]: pam_unix(cron:session): session closed for user root
May  6 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19369]: pam_unix(cron:session): session closed for user samftp
May  6 04:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Invalid user exx from 82.207.8.218
May  6 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: input_userauth_request: invalid user exx [preauth]
May  6 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Failed password for invalid user exx from 82.207.8.218 port 58225 ssh2
May  6 04:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Received disconnect from 82.207.8.218 port 58225:11: Bye Bye [preauth]
May  6 04:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19676]: Disconnected from 82.207.8.218 port 58225 [preauth]
May  6 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session closed for user root
May  6 04:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: Failed password for root from 103.9.211.159 port 49724 ssh2
May  6 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: Received disconnect from 103.9.211.159 port 49724:11: Bye Bye [preauth]
May  6 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19740]: Disconnected from 103.9.211.159 port 49724 [preauth]
May  6 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19798]: pam_unix(cron:session): session closed for user p13x
May  6 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19860]: Successful su for rubyman by root
May  6 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19860]: + ??? root:rubyman
May  6 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338181 of user rubyman.
May  6 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19860]: pam_unix(su:session): session closed for user rubyman
May  6 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338181.
May  6 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user root
May  6 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session closed for user samftp
May  6 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Invalid user cubrid from 194.1.184.72
May  6 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: input_userauth_request: invalid user cubrid [preauth]
May  6 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Failed password for invalid user cubrid from 194.1.184.72 port 57688 ssh2
May  6 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Received disconnect from 194.1.184.72 port 57688:11: Bye Bye [preauth]
May  6 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Disconnected from 194.1.184.72 port 57688 [preauth]
May  6 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18934]: pam_unix(cron:session): session closed for user root
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session closed for user p13x
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20263]: Successful su for rubyman by root
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20263]: + ??? root:rubyman
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338186 of user rubyman.
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20263]: pam_unix(su:session): session closed for user rubyman
May  6 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338186.
May  6 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17581]: pam_unix(cron:session): session closed for user root
May  6 04:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20205]: pam_unix(cron:session): session closed for user samftp
May  6 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20469]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.29.59.66 port 44404
May  6 04:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19371]: pam_unix(cron:session): session closed for user root
May  6 04:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Invalid user lq from 181.176.62.39
May  6 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: input_userauth_request: invalid user lq [preauth]
May  6 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Failed password for invalid user lq from 181.176.62.39 port 45796 ssh2
May  6 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Received disconnect from 181.176.62.39 port 45796:11: Bye Bye [preauth]
May  6 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20542]: Disconnected from 181.176.62.39 port 45796 [preauth]
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20603]: pam_unix(cron:session): session closed for user p13x
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20723]: Successful su for rubyman by root
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20723]: + ??? root:rubyman
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338191 of user rubyman.
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20723]: pam_unix(su:session): session closed for user rubyman
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338191.
May  6 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20601]: pam_unix(cron:session): session closed for user root
May  6 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Failed password for root from 157.10.161.187 port 48052 ssh2
May  6 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18101]: pam_unix(cron:session): session closed for user root
May  6 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Received disconnect from 157.10.161.187 port 48052:11: Bye Bye [preauth]
May  6 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20599]: Disconnected from 157.10.161.187 port 48052 [preauth]
May  6 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20604]: pam_unix(cron:session): session closed for user samftp
May  6 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19802]: pam_unix(cron:session): session closed for user root
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user root
May  6 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21100]: pam_unix(cron:session): session closed for user p13x
May  6 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: Successful su for rubyman by root
May  6 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: + ??? root:rubyman
May  6 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338195 of user rubyman.
May  6 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21176]: pam_unix(su:session): session closed for user rubyman
May  6 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338195.
May  6 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user root
May  6 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user root
May  6 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21102]: pam_unix(cron:session): session closed for user samftp
May  6 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: Invalid user station from 63.41.9.206
May  6 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: input_userauth_request: invalid user station [preauth]
May  6 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Invalid user sebas from 171.244.40.20
May  6 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: input_userauth_request: invalid user sebas [preauth]
May  6 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: Failed password for invalid user station from 63.41.9.206 port 35862 ssh2
May  6 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: Received disconnect from 63.41.9.206 port 35862:11: Bye Bye [preauth]
May  6 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21418]: Disconnected from 63.41.9.206 port 35862 [preauth]
May  6 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Failed password for invalid user sebas from 171.244.40.20 port 48388 ssh2
May  6 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Received disconnect from 171.244.40.20 port 48388:11: Bye Bye [preauth]
May  6 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21420]: Disconnected from 171.244.40.20 port 48388 [preauth]
May  6 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20207]: pam_unix(cron:session): session closed for user root
May  6 04:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Invalid user sebas from 128.201.165.54
May  6 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: input_userauth_request: invalid user sebas [preauth]
May  6 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 04:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Failed password for invalid user sebas from 128.201.165.54 port 36456 ssh2
May  6 04:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Received disconnect from 128.201.165.54 port 36456:11: Bye Bye [preauth]
May  6 04:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21558]: Disconnected from 128.201.165.54 port 36456 [preauth]
May  6 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Invalid user ygt from 201.249.87.203
May  6 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: input_userauth_request: invalid user ygt [preauth]
May  6 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Failed password for invalid user ygt from 201.249.87.203 port 55158 ssh2
May  6 04:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Received disconnect from 201.249.87.203 port 55158:11: Bye Bye [preauth]
May  6 04:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21580]: Disconnected from 201.249.87.203 port 55158 [preauth]
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21585]: pam_unix(cron:session): session closed for user p13x
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21681]: Successful su for rubyman by root
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21681]: + ??? root:rubyman
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338200 of user rubyman.
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21681]: pam_unix(su:session): session closed for user rubyman
May  6 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338200.
May  6 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218  user=root
May  6 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18933]: pam_unix(cron:session): session closed for user root
May  6 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session closed for user samftp
May  6 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21847]: Failed password for root from 82.207.8.218 port 11215 ssh2
May  6 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21847]: Received disconnect from 82.207.8.218 port 11215:11: Bye Bye [preauth]
May  6 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21847]: Disconnected from 82.207.8.218 port 11215 [preauth]
May  6 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20606]: pam_unix(cron:session): session closed for user root
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22346]: pam_unix(cron:session): session closed for user p13x
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22424]: Successful su for rubyman by root
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22424]: + ??? root:rubyman
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338206 of user rubyman.
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22424]: pam_unix(su:session): session closed for user rubyman
May  6 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338206.
May  6 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19370]: pam_unix(cron:session): session closed for user root
May  6 04:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22347]: pam_unix(cron:session): session closed for user samftp
May  6 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user root
May  6 04:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 04:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: Failed password for root from 103.9.211.159 port 51384 ssh2
May  6 04:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: Received disconnect from 103.9.211.159 port 51384:11: Bye Bye [preauth]
May  6 04:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22771]: Disconnected from 103.9.211.159 port 51384 [preauth]
May  6 04:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session closed for user p13x
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: Successful su for rubyman by root
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: + ??? root:rubyman
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338208 of user rubyman.
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: pam_unix(su:session): session closed for user rubyman
May  6 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338208.
May  6 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: Failed password for root from 194.1.184.72 port 45934 ssh2
May  6 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: Received disconnect from 194.1.184.72 port 45934:11: Bye Bye [preauth]
May  6 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22793]: Disconnected from 194.1.184.72 port 45934 [preauth]
May  6 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session closed for user root
May  6 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session closed for user samftp
May  6 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user root
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23249]: pam_unix(cron:session): session closed for user p13x
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23334]: Successful su for rubyman by root
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23334]: + ??? root:rubyman
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338212 of user rubyman.
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23334]: pam_unix(su:session): session closed for user rubyman
May  6 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338212.
May  6 04:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session closed for user root
May  6 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23250]: pam_unix(cron:session): session closed for user samftp
May  6 04:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: User bin from 181.176.62.39 not allowed because not listed in AllowUsers
May  6 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: input_userauth_request: invalid user bin [preauth]
May  6 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39  user=bin
May  6 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: Failed password for invalid user bin from 181.176.62.39 port 47608 ssh2
May  6 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: Received disconnect from 181.176.62.39 port 47608:11: Bye Bye [preauth]
May  6 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23595]: Disconnected from 181.176.62.39 port 47608 [preauth]
May  6 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22350]: pam_unix(cron:session): session closed for user root
May  6 04:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Invalid user tg from 157.10.161.187
May  6 04:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: input_userauth_request: invalid user tg [preauth]
May  6 04:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Failed password for invalid user tg from 157.10.161.187 port 56832 ssh2
May  6 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Received disconnect from 157.10.161.187 port 56832:11: Bye Bye [preauth]
May  6 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Disconnected from 157.10.161.187 port 56832 [preauth]
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23756]: pam_unix(cron:session): session closed for user root
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session closed for user p13x
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: Successful su for rubyman by root
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: + ??? root:rubyman
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338218 of user rubyman.
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23924]: pam_unix(su:session): session closed for user rubyman
May  6 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338218.
May  6 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23753]: pam_unix(cron:session): session closed for user root
May  6 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20605]: pam_unix(cron:session): session closed for user root
May  6 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23752]: pam_unix(cron:session): session closed for user samftp
May  6 04:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Invalid user cubrid from 171.244.40.20
May  6 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: input_userauth_request: invalid user cubrid [preauth]
May  6 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22799]: pam_unix(cron:session): session closed for user root
May  6 04:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Failed password for invalid user cubrid from 171.244.40.20 port 39826 ssh2
May  6 04:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Received disconnect from 171.244.40.20 port 39826:11: Bye Bye [preauth]
May  6 04:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Disconnected from 171.244.40.20 port 39826 [preauth]
May  6 04:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: Invalid user jenkins from 82.207.8.218
May  6 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: input_userauth_request: invalid user jenkins [preauth]
May  6 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: Failed password for invalid user jenkins from 82.207.8.218 port 28659 ssh2
May  6 04:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: Received disconnect from 82.207.8.218 port 28659:11: Bye Bye [preauth]
May  6 04:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24294]: Disconnected from 82.207.8.218 port 28659 [preauth]
May  6 04:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 04:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Failed password for root from 63.41.9.206 port 53847 ssh2
May  6 04:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Received disconnect from 63.41.9.206 port 53847:11: Bye Bye [preauth]
May  6 04:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24307]: Disconnected from 63.41.9.206 port 53847 [preauth]
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24328]: pam_unix(cron:session): session closed for user p13x
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: Successful su for rubyman by root
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: + ??? root:rubyman
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338222 of user rubyman.
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24406]: pam_unix(su:session): session closed for user rubyman
May  6 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338222.
May  6 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user root
May  6 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24329]: pam_unix(cron:session): session closed for user samftp
May  6 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Invalid user linchunli from 201.249.87.203
May  6 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: input_userauth_request: invalid user linchunli [preauth]
May  6 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user linchunli from 201.249.87.203 port 35912 ssh2
May  6 04:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Received disconnect from 201.249.87.203 port 35912:11: Bye Bye [preauth]
May  6 04:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Disconnected from 201.249.87.203 port 35912 [preauth]
May  6 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23252]: pam_unix(cron:session): session closed for user root
May  6 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Invalid user cubrid from 128.201.165.54
May  6 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: input_userauth_request: invalid user cubrid [preauth]
May  6 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 04:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Failed password for invalid user cubrid from 128.201.165.54 port 35070 ssh2
May  6 04:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Received disconnect from 128.201.165.54 port 35070:11: Bye Bye [preauth]
May  6 04:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24715]: Disconnected from 128.201.165.54 port 35070 [preauth]
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session closed for user p13x
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24824]: Successful su for rubyman by root
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24824]: + ??? root:rubyman
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338227 of user rubyman.
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24824]: pam_unix(su:session): session closed for user rubyman
May  6 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338227.
May  6 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session closed for user root
May  6 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session closed for user samftp
May  6 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23755]: pam_unix(cron:session): session closed for user root
May  6 04:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Invalid user khara from 190.103.202.7
May  6 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: input_userauth_request: invalid user khara [preauth]
May  6 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 04:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Failed password for invalid user khara from 190.103.202.7 port 32870 ssh2
May  6 04:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25116]: Connection closed by 190.103.202.7 port 32870 [preauth]
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session closed for user p13x
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25236]: Successful su for rubyman by root
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25236]: + ??? root:rubyman
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338230 of user rubyman.
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25236]: pam_unix(su:session): session closed for user rubyman
May  6 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338230.
May  6 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22348]: pam_unix(cron:session): session closed for user root
May  6 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25173]: pam_unix(cron:session): session closed for user samftp
May  6 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session closed for user root
May  6 04:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 04:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Failed password for root from 194.1.184.72 port 38804 ssh2
May  6 04:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Received disconnect from 194.1.184.72 port 38804:11: Bye Bye [preauth]
May  6 04:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Disconnected from 194.1.184.72 port 38804 [preauth]
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user p13x
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25693]: Successful su for rubyman by root
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25693]: + ??? root:rubyman
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338235 of user rubyman.
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25693]: pam_unix(su:session): session closed for user rubyman
May  6 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338235.
May  6 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22798]: pam_unix(cron:session): session closed for user root
May  6 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user samftp
May  6 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Invalid user sebas from 103.9.211.159
May  6 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: input_userauth_request: invalid user sebas [preauth]
May  6 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 04:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Failed password for invalid user sebas from 103.9.211.159 port 48780 ssh2
May  6 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Received disconnect from 103.9.211.159 port 48780:11: Bye Bye [preauth]
May  6 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25923]: Disconnected from 103.9.211.159 port 48780 [preauth]
May  6 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session closed for user root
May  6 04:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Invalid user chat from 181.176.62.39
May  6 04:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: input_userauth_request: invalid user chat [preauth]
May  6 04:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Failed password for invalid user chat from 181.176.62.39 port 35238 ssh2
May  6 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Received disconnect from 181.176.62.39 port 35238:11: Bye Bye [preauth]
May  6 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26075]: Disconnected from 181.176.62.39 port 35238 [preauth]
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26094]: pam_unix(cron:session): session closed for user root
May  6 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26087]: pam_unix(cron:session): session closed for user p13x
May  6 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26158]: Successful su for rubyman by root
May  6 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26158]: + ??? root:rubyman
May  6 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338240 of user rubyman.
May  6 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26158]: pam_unix(su:session): session closed for user rubyman
May  6 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338240.
May  6 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26089]: pam_unix(cron:session): session closed for user root
May  6 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23251]: pam_unix(cron:session): session closed for user root
May  6 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26088]: pam_unix(cron:session): session closed for user samftp
May  6 04:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Invalid user user from 82.207.8.218
May  6 04:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: input_userauth_request: invalid user user [preauth]
May  6 04:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Failed password for invalid user user from 82.207.8.218 port 46089 ssh2
May  6 04:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Received disconnect from 82.207.8.218 port 46089:11: Bye Bye [preauth]
May  6 04:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Disconnected from 82.207.8.218 port 46089 [preauth]
May  6 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session closed for user root
May  6 04:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 04:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for root from 157.10.161.187 port 45046 ssh2
May  6 04:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Received disconnect from 157.10.161.187 port 45046:11: Bye Bye [preauth]
May  6 04:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Disconnected from 157.10.161.187 port 45046 [preauth]
May  6 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 04:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Failed password for root from 171.244.40.20 port 54070 ssh2
May  6 04:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Received disconnect from 171.244.40.20 port 54070:11: Bye Bye [preauth]
May  6 04:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26587]: Disconnected from 171.244.40.20 port 54070 [preauth]
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26599]: pam_unix(cron:session): session closed for user p13x
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: Successful su for rubyman by root
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: + ??? root:rubyman
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338244 of user rubyman.
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26668]: pam_unix(su:session): session closed for user rubyman
May  6 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338244.
May  6 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23754]: pam_unix(cron:session): session closed for user root
May  6 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26600]: pam_unix(cron:session): session closed for user samftp
May  6 04:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session closed for user root
May  6 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Invalid user linchunli from 63.41.9.206
May  6 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: input_userauth_request: invalid user linchunli [preauth]
May  6 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Failed password for invalid user linchunli from 63.41.9.206 port 43594 ssh2
May  6 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Received disconnect from 63.41.9.206 port 43594:11: Bye Bye [preauth]
May  6 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26974]: Disconnected from 63.41.9.206 port 43594 [preauth]
May  6 04:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203  user=root
May  6 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session closed for user p13x
May  6 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: Successful su for rubyman by root
May  6 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: + ??? root:rubyman
May  6 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338248 of user rubyman.
May  6 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27150]: pam_unix(su:session): session closed for user rubyman
May  6 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338248.
May  6 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Failed password for root from 201.249.87.203 port 44910 ssh2
May  6 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Received disconnect from 201.249.87.203 port 44910:11: Bye Bye [preauth]
May  6 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27060]: Disconnected from 201.249.87.203 port 44910 [preauth]
May  6 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24330]: pam_unix(cron:session): session closed for user root
May  6 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session closed for user samftp
May  6 04:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Invalid user yash from 128.201.165.54
May  6 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: input_userauth_request: invalid user yash [preauth]
May  6 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26093]: pam_unix(cron:session): session closed for user root
May  6 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Failed password for invalid user yash from 128.201.165.54 port 50060 ssh2
May  6 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Received disconnect from 128.201.165.54 port 50060:11: Bye Bye [preauth]
May  6 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Disconnected from 128.201.165.54 port 50060 [preauth]
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27559]: pam_unix(cron:session): session closed for user p13x
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27624]: Successful su for rubyman by root
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27624]: + ??? root:rubyman
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338254 of user rubyman.
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27624]: pam_unix(su:session): session closed for user rubyman
May  6 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338254.
May  6 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
May  6 04:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27560]: pam_unix(cron:session): session closed for user samftp
May  6 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session closed for user root
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27964]: pam_unix(cron:session): session closed for user p13x
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28028]: Successful su for rubyman by root
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28028]: + ??? root:rubyman
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338257 of user rubyman.
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28028]: pam_unix(su:session): session closed for user rubyman
May  6 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338257.
May  6 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25174]: pam_unix(cron:session): session closed for user root
May  6 04:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27965]: pam_unix(cron:session): session closed for user samftp
May  6 04:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Invalid user sebas from 194.1.184.72
May  6 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: input_userauth_request: invalid user sebas [preauth]
May  6 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 04:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Failed password for invalid user sebas from 194.1.184.72 port 60030 ssh2
May  6 04:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Received disconnect from 194.1.184.72 port 60030:11: Bye Bye [preauth]
May  6 04:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28244]: Disconnected from 194.1.184.72 port 60030 [preauth]
May  6 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session closed for user root
May  6 04:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Invalid user iexcel from 82.207.8.218
May  6 04:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: input_userauth_request: invalid user iexcel [preauth]
May  6 04:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Failed password for invalid user iexcel from 82.207.8.218 port 63527 ssh2
May  6 04:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Received disconnect from 82.207.8.218 port 63527:11: Bye Bye [preauth]
May  6 04:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28342]: Disconnected from 82.207.8.218 port 63527 [preauth]
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session closed for user root
May  6 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28380]: pam_unix(cron:session): session closed for user p13x
May  6 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28450]: Successful su for rubyman by root
May  6 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28450]: + ??? root:rubyman
May  6 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338260 of user rubyman.
May  6 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28450]: pam_unix(su:session): session closed for user rubyman
May  6 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338260.
May  6 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28382]: pam_unix(cron:session): session closed for user root
May  6 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user root
May  6 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28381]: pam_unix(cron:session): session closed for user samftp
May  6 04:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Invalid user hadoop from 103.9.211.159
May  6 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: input_userauth_request: invalid user hadoop [preauth]
May  6 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 04:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Failed password for invalid user hadoop from 103.9.211.159 port 43796 ssh2
May  6 04:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Received disconnect from 103.9.211.159 port 43796:11: Bye Bye [preauth]
May  6 04:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28680]: Disconnected from 103.9.211.159 port 43796 [preauth]
May  6 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27562]: pam_unix(cron:session): session closed for user root
May  6 04:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Invalid user morut from 181.176.62.39
May  6 04:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: input_userauth_request: invalid user morut [preauth]
May  6 04:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 04:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Failed password for invalid user morut from 181.176.62.39 port 41300 ssh2
May  6 04:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Received disconnect from 181.176.62.39 port 41300:11: Bye Bye [preauth]
May  6 04:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Disconnected from 181.176.62.39 port 41300 [preauth]
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session closed for user p13x
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28879]: Successful su for rubyman by root
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28879]: + ??? root:rubyman
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338266 of user rubyman.
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28879]: pam_unix(su:session): session closed for user rubyman
May  6 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338266.
May  6 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26092]: pam_unix(cron:session): session closed for user root
May  6 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session closed for user samftp
May  6 04:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Invalid user debian from 157.10.161.187
May  6 04:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: input_userauth_request: invalid user debian [preauth]
May  6 04:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 04:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Failed password for invalid user debian from 157.10.161.187 port 48468 ssh2
May  6 04:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Received disconnect from 157.10.161.187 port 48468:11: Bye Bye [preauth]
May  6 04:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Disconnected from 157.10.161.187 port 48468 [preauth]
May  6 04:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Failed password for root from 171.244.40.20 port 39324 ssh2
May  6 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Received disconnect from 171.244.40.20 port 39324:11: Bye Bye [preauth]
May  6 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29206]: Disconnected from 171.244.40.20 port 39324 [preauth]
May  6 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27967]: pam_unix(cron:session): session closed for user root
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29323]: pam_unix(cron:session): session closed for user p13x
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: Successful su for rubyman by root
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: + ??? root:rubyman
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338272 of user rubyman.
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29388]: pam_unix(su:session): session closed for user rubyman
May  6 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338272.
May  6 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session closed for user root
May  6 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session closed for user samftp
May  6 04:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Invalid user land from 63.41.9.206
May  6 04:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: input_userauth_request: invalid user land [preauth]
May  6 04:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 04:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Failed password for invalid user land from 63.41.9.206 port 33343 ssh2
May  6 04:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Received disconnect from 63.41.9.206 port 33343:11: Bye Bye [preauth]
May  6 04:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Disconnected from 63.41.9.206 port 33343 [preauth]
May  6 04:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Invalid user gyx from 201.249.87.203
May  6 04:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: input_userauth_request: invalid user gyx [preauth]
May  6 04:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Failed password for invalid user gyx from 201.249.87.203 port 53904 ssh2
May  6 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Received disconnect from 201.249.87.203 port 53904:11: Bye Bye [preauth]
May  6 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Disconnected from 201.249.87.203 port 53904 [preauth]
May  6 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28385]: pam_unix(cron:session): session closed for user root
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29732]: pam_unix(cron:session): session closed for user p13x
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: Successful su for rubyman by root
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: + ??? root:rubyman
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338275 of user rubyman.
May  6 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29800]: pam_unix(su:session): session closed for user rubyman
May  6 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338275.
May  6 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session closed for user root
May  6 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29733]: pam_unix(cron:session): session closed for user samftp
May  6 04:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 04:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for root from 218.92.0.179 port 61203 ssh2
May  6 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28814]: pam_unix(cron:session): session closed for user root
May  6 04:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for root from 218.92.0.179 port 61203 ssh2
May  6 04:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Failed password for root from 128.201.165.54 port 30716 ssh2
May  6 04:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Received disconnect from 128.201.165.54 port 30716:11: Bye Bye [preauth]
May  6 04:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Disconnected from 128.201.165.54 port 30716 [preauth]
May  6 04:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for root from 218.92.0.179 port 61203 ssh2
May  6 04:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Received disconnect from 218.92.0.179 port 61203:11:  [preauth]
May  6 04:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Disconnected from 218.92.0.179 port 61203 [preauth]
May  6 04:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 04:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Invalid user main from 50.235.31.47
May  6 04:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: input_userauth_request: invalid user main [preauth]
May  6 04:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 04:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Failed password for invalid user main from 50.235.31.47 port 56076 ssh2
May  6 04:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30098]: Connection closed by 50.235.31.47 port 56076 [preauth]
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30148]: pam_unix(cron:session): session closed for user p13x
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30208]: Successful su for rubyman by root
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30208]: + ??? root:rubyman
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338279 of user rubyman.
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30208]: pam_unix(su:session): session closed for user rubyman
May  6 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338279.
May  6 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27561]: pam_unix(cron:session): session closed for user root
May  6 04:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session closed for user samftp
May  6 04:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Invalid user hzw from 82.207.8.218
May  6 04:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: input_userauth_request: invalid user hzw [preauth]
May  6 04:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 04:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Failed password for invalid user hzw from 82.207.8.218 port 16466 ssh2
May  6 04:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Received disconnect from 82.207.8.218 port 16466:11: Bye Bye [preauth]
May  6 04:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Disconnected from 82.207.8.218 port 16466 [preauth]
May  6 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session closed for user root
May  6 04:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Invalid user l from 195.178.110.50
May  6 04:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: input_userauth_request: invalid user l [preauth]
May  6 04:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 04:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Failed password for invalid user l from 195.178.110.50 port 36352 ssh2
May  6 04:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30483]: Connection closed by 195.178.110.50 port 36352 [preauth]
May  6 04:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Invalid user ] from 195.178.110.50
May  6 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: input_userauth_request: invalid user ] [preauth]
May  6 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: pam_unix(sshd:auth): check pass; user unknown
May  6 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 04:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Failed password for invalid user ] from 195.178.110.50 port 36200 ssh2
May  6 04:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30516]: Connection closed by 195.178.110.50 port 36200 [preauth]
May  6 04:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session closed for user root
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30548]: pam_unix(cron:session): session closed for user root
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30546]: pam_unix(cron:session): session closed for user p13x
May  6 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30643]: Successful su for rubyman by root
May  6 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30643]: + ??? root:rubyman
May  6 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338282 of user rubyman.
May  6 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30643]: pam_unix(su:session): session closed for user rubyman
May  6 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338282.
May  6 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Invalid user lord from 194.1.184.72
May  6 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: input_userauth_request: invalid user lord [preauth]
May  6 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27966]: pam_unix(cron:session): session closed for user root
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Invalid user N from 195.178.110.50
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: input_userauth_request: invalid user N [preauth]
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30549]: pam_unix(cron:session): session closed for user root
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Failed password for invalid user lord from 194.1.184.72 port 58576 ssh2
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Received disconnect from 194.1.184.72 port 58576:11: Bye Bye [preauth]
May  6 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30616]: Disconnected from 194.1.184.72 port 58576 [preauth]
May  6 05:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Failed password for invalid user N from 195.178.110.50 port 56424 ssh2
May  6 05:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30547]: pam_unix(cron:session): session closed for user samftp
May  6 05:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30535]: Connection closed by 195.178.110.50 port 56424 [preauth]
May  6 05:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: Invalid user ? from 195.178.110.50
May  6 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: input_userauth_request: invalid user ? [preauth]
May  6 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: Failed password for invalid user ? from 195.178.110.50 port 32554 ssh2
May  6 05:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: Connection closed by 195.178.110.50 port 32554 [preauth]
May  6 05:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Invalid user 0 from 195.178.110.50
May  6 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: input_userauth_request: invalid user 0 [preauth]
May  6 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Failed password for invalid user 0 from 195.178.110.50 port 23670 ssh2
May  6 05:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Connection closed by 195.178.110.50 port 23670 [preauth]
May  6 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29735]: pam_unix(cron:session): session closed for user root
May  6 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session closed for user p13x
May  6 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: Successful su for rubyman by root
May  6 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: + ??? root:rubyman
May  6 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338289 of user rubyman.
May  6 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31212]: pam_unix(su:session): session closed for user rubyman
May  6 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338289.
May  6 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28383]: pam_unix(cron:session): session closed for user root
May  6 05:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session closed for user samftp
May  6 05:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Invalid user hzw from 181.176.62.39
May  6 05:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: input_userauth_request: invalid user hzw [preauth]
May  6 05:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Failed password for invalid user hzw from 181.176.62.39 port 58640 ssh2
May  6 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Received disconnect from 181.176.62.39 port 58640:11: Bye Bye [preauth]
May  6 05:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: Disconnected from 181.176.62.39 port 58640 [preauth]
May  6 05:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Invalid user admin from 80.94.95.112
May  6 05:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: input_userauth_request: invalid user admin [preauth]
May  6 05:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 05:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Failed password for invalid user admin from 80.94.95.112 port 54155 ssh2
May  6 05:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Failed password for invalid user admin from 80.94.95.112 port 54155 ssh2
May  6 05:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Failed password for invalid user admin from 80.94.95.112 port 54155 ssh2
May  6 05:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: Invalid user lord from 103.9.211.159
May  6 05:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: input_userauth_request: invalid user lord [preauth]
May  6 05:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 05:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Failed password for invalid user admin from 80.94.95.112 port 54155 ssh2
May  6 05:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: Failed password for invalid user lord from 103.9.211.159 port 33844 ssh2
May  6 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: Received disconnect from 103.9.211.159 port 33844:11: Bye Bye [preauth]
May  6 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31474]: Disconnected from 103.9.211.159 port 33844 [preauth]
May  6 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user root
May  6 05:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Failed password for invalid user admin from 80.94.95.112 port 54155 ssh2
May  6 05:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Received disconnect from 80.94.95.112 port 54155:11: Bye [preauth]
May  6 05:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: Disconnected from 80.94.95.112 port 54155 [preauth]
May  6 05:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 05:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31448]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Invalid user ftp-test from 157.10.161.187
May  6 05:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: input_userauth_request: invalid user ftp-test [preauth]
May  6 05:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 05:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Failed password for invalid user ftp-test from 157.10.161.187 port 40728 ssh2
May  6 05:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Received disconnect from 157.10.161.187 port 40728:11: Bye Bye [preauth]
May  6 05:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Disconnected from 157.10.161.187 port 40728 [preauth]
May  6 05:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Invalid user azure from 171.244.40.20
May  6 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: input_userauth_request: invalid user azure [preauth]
May  6 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 05:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Failed password for invalid user azure from 171.244.40.20 port 56946 ssh2
May  6 05:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Received disconnect from 171.244.40.20 port 56946:11: Bye Bye [preauth]
May  6 05:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Disconnected from 171.244.40.20 port 56946 [preauth]
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31572]: pam_unix(cron:session): session closed for user p13x
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31634]: Successful su for rubyman by root
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31634]: + ??? root:rubyman
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338294 of user rubyman.
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31634]: pam_unix(su:session): session closed for user rubyman
May  6 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338294.
May  6 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28813]: pam_unix(cron:session): session closed for user root
May  6 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31573]: pam_unix(cron:session): session closed for user samftp
May  6 05:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Connection reset by 106.75.127.108 port 51094 [preauth]
May  6 05:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session closed for user root
May  6 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Invalid user app from 201.249.87.203
May  6 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: input_userauth_request: invalid user app [preauth]
May  6 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for root from 63.41.9.206 port 51325 ssh2
May  6 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Failed password for invalid user app from 201.249.87.203 port 34652 ssh2
May  6 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Received disconnect from 63.41.9.206 port 51325:11: Bye Bye [preauth]
May  6 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Disconnected from 63.41.9.206 port 51325 [preauth]
May  6 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Received disconnect from 201.249.87.203 port 34652:11: Bye Bye [preauth]
May  6 05:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32223]: Disconnected from 201.249.87.203 port 34652 [preauth]
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32250]: pam_unix(cron:session): session closed for user p13x
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: Successful su for rubyman by root
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: + ??? root:rubyman
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338297 of user rubyman.
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32361]: pam_unix(su:session): session closed for user rubyman
May  6 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338297.
May  6 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session closed for user root
May  6 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32251]: pam_unix(cron:session): session closed for user samftp
May  6 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session closed for user root
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[380]: pam_unix(cron:session): session closed for user p13x
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[483]: Successful su for rubyman by root
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[483]: + ??? root:rubyman
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338302 of user rubyman.
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[483]: pam_unix(su:session): session closed for user rubyman
May  6 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338302.
May  6 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session closed for user root
May  6 05:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[382]: pam_unix(cron:session): session closed for user samftp
May  6 05:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Invalid user morut from 82.207.8.218
May  6 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: input_userauth_request: invalid user morut [preauth]
May  6 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218
May  6 05:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Failed password for invalid user morut from 82.207.8.218 port 33967 ssh2
May  6 05:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Received disconnect from 82.207.8.218 port 33967:11: Bye Bye [preauth]
May  6 05:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[701]: Disconnected from 82.207.8.218 port 33967 [preauth]
May  6 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31575]: pam_unix(cron:session): session closed for user root
May  6 05:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Invalid user tg from 128.201.165.54
May  6 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: input_userauth_request: invalid user tg [preauth]
May  6 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 05:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Failed password for invalid user tg from 128.201.165.54 port 54770 ssh2
May  6 05:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Received disconnect from 128.201.165.54 port 54770:11: Bye Bye [preauth]
May  6 05:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Disconnected from 128.201.165.54 port 54770 [preauth]
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[875]: pam_unix(cron:session): session closed for user root
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[870]: pam_unix(cron:session): session closed for user p13x
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: Successful su for rubyman by root
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: + ??? root:rubyman
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338306 of user rubyman.
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[956]: pam_unix(su:session): session closed for user rubyman
May  6 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338306.
May  6 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session closed for user root
May  6 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[872]: pam_unix(cron:session): session closed for user root
May  6 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[871]: pam_unix(cron:session): session closed for user samftp
May  6 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Failed password for root from 218.92.0.179 port 16507 ssh2
May  6 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 16507 ssh2]
May  6 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Received disconnect from 218.92.0.179 port 16507:11:  [preauth]
May  6 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Disconnected from 218.92.0.179 port 16507 [preauth]
May  6 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32279]: pam_unix(cron:session): session closed for user root
May  6 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: Invalid user linda from 194.1.184.72
May  6 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: input_userauth_request: invalid user linda [preauth]
May  6 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: Failed password for invalid user linda from 194.1.184.72 port 47496 ssh2
May  6 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: Received disconnect from 194.1.184.72 port 47496:11: Bye Bye [preauth]
May  6 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1333]: Disconnected from 194.1.184.72 port 47496 [preauth]
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session closed for user p13x
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: Successful su for rubyman by root
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: + ??? root:rubyman
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338312 of user rubyman.
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1483]: pam_unix(su:session): session closed for user rubyman
May  6 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338312.
May  6 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session closed for user root
May  6 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session closed for user samftp
May  6 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[384]: pam_unix(cron:session): session closed for user root
May  6 05:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Invalid user user from 181.176.62.39
May  6 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: input_userauth_request: invalid user user [preauth]
May  6 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 05:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Failed password for invalid user user from 181.176.62.39 port 41536 ssh2
May  6 05:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Received disconnect from 181.176.62.39 port 41536:11: Bye Bye [preauth]
May  6 05:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Disconnected from 181.176.62.39 port 41536 [preauth]
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1885]: pam_unix(cron:session): session closed for user p13x
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2031]: Successful su for rubyman by root
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2031]: + ??? root:rubyman
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338316 of user rubyman.
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2031]: pam_unix(su:session): session closed for user rubyman
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338316.
May  6 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Invalid user lowpriv from 46.244.96.25
May  6 05:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: input_userauth_request: invalid user lowpriv [preauth]
May  6 05:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session closed for user root
May  6 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Failed password for invalid user lowpriv from 46.244.96.25 port 55380 ssh2
May  6 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Connection closed by 46.244.96.25 port 55380 [preauth]
May  6 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1886]: pam_unix(cron:session): session closed for user samftp
May  6 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Failed password for root from 157.10.161.187 port 33688 ssh2
May  6 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Received disconnect from 157.10.161.187 port 33688:11: Bye Bye [preauth]
May  6 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Disconnected from 157.10.161.187 port 33688 [preauth]
May  6 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Invalid user wy from 171.244.40.20
May  6 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: input_userauth_request: invalid user wy [preauth]
May  6 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for invalid user wy from 171.244.40.20 port 57364 ssh2
May  6 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Received disconnect from 171.244.40.20 port 57364:11: Bye Bye [preauth]
May  6 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Disconnected from 171.244.40.20 port 57364 [preauth]
May  6 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session closed for user root
May  6 05:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 05:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Failed password for root from 103.9.211.159 port 34754 ssh2
May  6 05:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Received disconnect from 103.9.211.159 port 34754:11: Bye Bye [preauth]
May  6 05:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2324]: Disconnected from 103.9.211.159 port 34754 [preauth]
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2378]: pam_unix(cron:session): session closed for user p13x
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: Successful su for rubyman by root
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: + ??? root:rubyman
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338320 of user rubyman.
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2453]: pam_unix(su:session): session closed for user rubyman
May  6 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338320.
May  6 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31574]: pam_unix(cron:session): session closed for user root
May  6 05:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2381]: pam_unix(cron:session): session closed for user samftp
May  6 05:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Invalid user daiquanwu from 201.249.87.203
May  6 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: input_userauth_request: invalid user daiquanwu [preauth]
May  6 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Failed password for invalid user daiquanwu from 201.249.87.203 port 43638 ssh2
May  6 05:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Received disconnect from 201.249.87.203 port 43638:11: Bye Bye [preauth]
May  6 05:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2702]: Disconnected from 201.249.87.203 port 43638 [preauth]
May  6 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session closed for user root
May  6 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Invalid user blue from 63.41.9.206
May  6 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: input_userauth_request: invalid user blue [preauth]
May  6 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Failed password for invalid user blue from 63.41.9.206 port 41074 ssh2
May  6 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Received disconnect from 63.41.9.206 port 41074:11: Bye Bye [preauth]
May  6 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2758]: Disconnected from 63.41.9.206 port 41074 [preauth]
May  6 05:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.207.8.218  user=root
May  6 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Failed password for root from 82.207.8.218 port 51651 ssh2
May  6 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Received disconnect from 82.207.8.218 port 51651:11: Bye Bye [preauth]
May  6 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Disconnected from 82.207.8.218 port 51651 [preauth]
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2822]: pam_unix(cron:session): session closed for user p13x
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: Successful su for rubyman by root
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: + ??? root:rubyman
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338324 of user rubyman.
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2954]: pam_unix(su:session): session closed for user rubyman
May  6 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338324.
May  6 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2820]: pam_unix(cron:session): session closed for user root
May  6 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32252]: pam_unix(cron:session): session closed for user root
May  6 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2823]: pam_unix(cron:session): session closed for user samftp
May  6 05:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Invalid user admin from 80.94.95.125
May  6 05:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: input_userauth_request: invalid user admin [preauth]
May  6 05:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 05:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Failed password for invalid user admin from 80.94.95.125 port 43946 ssh2
May  6 05:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user root
May  6 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Failed password for invalid user admin from 80.94.95.125 port 43946 ssh2
May  6 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Failed password for invalid user admin from 80.94.95.125 port 43946 ssh2
May  6 05:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Failed password for invalid user admin from 80.94.95.125 port 43946 ssh2
May  6 05:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Failed password for invalid user admin from 80.94.95.125 port 43946 ssh2
May  6 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Received disconnect from 80.94.95.125 port 43946:11: Bye [preauth]
May  6 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: Disconnected from 80.94.95.125 port 43946 [preauth]
May  6 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 05:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3236]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session closed for user root
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3319]: pam_unix(cron:session): session closed for user p13x
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: Successful su for rubyman by root
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: + ??? root:rubyman
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338330 of user rubyman.
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3406]: pam_unix(su:session): session closed for user rubyman
May  6 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338330.
May  6 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3321]: pam_unix(cron:session): session closed for user root
May  6 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[383]: pam_unix(cron:session): session closed for user root
May  6 05:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3320]: pam_unix(cron:session): session closed for user samftp
May  6 05:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: Connection closed by 172.236.228.208 port 7912 [preauth]
May  6 05:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Connection closed by 172.236.228.208 port 7914 [preauth]
May  6 05:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3716]: fatal: Unable to negotiate with 172.236.228.208 port 7924: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  6 05:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session closed for user root
May  6 05:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Failed password for root from 128.201.165.54 port 57502 ssh2
May  6 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Received disconnect from 128.201.165.54 port 57502:11: Bye Bye [preauth]
May  6 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Disconnected from 128.201.165.54 port 57502 [preauth]
May  6 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3814]: pam_unix(cron:session): session closed for user p13x
May  6 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3882]: Successful su for rubyman by root
May  6 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3882]: + ??? root:rubyman
May  6 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338334 of user rubyman.
May  6 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3882]: pam_unix(su:session): session closed for user rubyman
May  6 05:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338334.
May  6 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[873]: pam_unix(cron:session): session closed for user root
May  6 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3815]: pam_unix(cron:session): session closed for user samftp
May  6 05:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Invalid user tg from 194.1.184.72
May  6 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: input_userauth_request: invalid user tg [preauth]
May  6 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 05:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for invalid user tg from 194.1.184.72 port 48006 ssh2
May  6 05:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Received disconnect from 194.1.184.72 port 48006:11: Bye Bye [preauth]
May  6 05:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Disconnected from 194.1.184.72 port 48006 [preauth]
May  6 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2827]: pam_unix(cron:session): session closed for user root
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session closed for user p13x
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: Successful su for rubyman by root
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: + ??? root:rubyman
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338338 of user rubyman.
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4462]: pam_unix(su:session): session closed for user rubyman
May  6 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338338.
May  6 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session closed for user root
May  6 05:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session closed for user samftp
May  6 05:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session closed for user root
May  6 05:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Invalid user iexcel from 181.176.62.39
May  6 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: input_userauth_request: invalid user iexcel [preauth]
May  6 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 05:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Failed password for invalid user iexcel from 181.176.62.39 port 54874 ssh2
May  6 05:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Received disconnect from 181.176.62.39 port 54874:11: Bye Bye [preauth]
May  6 05:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Disconnected from 181.176.62.39 port 54874 [preauth]
May  6 05:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Invalid user debian from 171.244.40.20
May  6 05:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: input_userauth_request: invalid user debian [preauth]
May  6 05:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 05:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4825]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4825]: pam_unix(cron:session): session closed for user p13x
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4892]: Successful su for rubyman by root
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4892]: + ??? root:rubyman
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338342 of user rubyman.
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4892]: pam_unix(su:session): session closed for user rubyman
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338342.
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Failed password for invalid user debian from 171.244.40.20 port 53196 ssh2
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Received disconnect from 171.244.40.20 port 53196:11: Bye Bye [preauth]
May  6 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Disconnected from 171.244.40.20 port 53196 [preauth]
May  6 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1887]: pam_unix(cron:session): session closed for user root
May  6 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4826]: pam_unix(cron:session): session closed for user samftp
May  6 05:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 05:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Failed password for root from 157.10.161.187 port 40176 ssh2
May  6 05:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Received disconnect from 157.10.161.187 port 40176:11: Bye Bye [preauth]
May  6 05:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5287]: Disconnected from 157.10.161.187 port 40176 [preauth]
May  6 05:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3817]: pam_unix(cron:session): session closed for user root
May  6 05:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Invalid user admbackup from 201.249.87.203
May  6 05:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: input_userauth_request: invalid user admbackup [preauth]
May  6 05:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user admbackup from 201.249.87.203 port 53584 ssh2
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Received disconnect from 201.249.87.203 port 53584:11: Bye Bye [preauth]
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Disconnected from 201.249.87.203 port 53584 [preauth]
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Invalid user yash from 103.9.211.159
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: input_userauth_request: invalid user yash [preauth]
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 05:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for invalid user yash from 103.9.211.159 port 50260 ssh2
May  6 05:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Received disconnect from 103.9.211.159 port 50260:11: Bye Bye [preauth]
May  6 05:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Disconnected from 103.9.211.159 port 50260 [preauth]
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5434]: pam_unix(cron:session): session closed for user p13x
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: Successful su for rubyman by root
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: + ??? root:rubyman
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338347 of user rubyman.
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: pam_unix(su:session): session closed for user rubyman
May  6 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338347.
May  6 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session closed for user root
May  6 05:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5435]: pam_unix(cron:session): session closed for user samftp
May  6 05:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 05:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Failed password for root from 80.94.95.29 port 22937 ssh2
May  6 05:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 22937 ssh2]
May  6 05:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Invalid user iexcel001 from 63.41.9.206
May  6 05:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: input_userauth_request: invalid user iexcel001 [preauth]
May  6 05:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 05:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Failed password for root from 80.94.95.29 port 22937 ssh2
May  6 05:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Received disconnect from 80.94.95.29 port 22937:11: Bye [preauth]
May  6 05:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Disconnected from 80.94.95.29 port 22937 [preauth]
May  6 05:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 05:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Failed password for invalid user iexcel001 from 63.41.9.206 port 59058 ssh2
May  6 05:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Received disconnect from 63.41.9.206 port 59058:11: Bye Bye [preauth]
May  6 05:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5777]: Disconnected from 63.41.9.206 port 59058 [preauth]
May  6 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user root
May  6 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Failed password for root from 218.92.0.179 port 20642 ssh2
May  6 05:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20642 ssh2]
May  6 05:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Received disconnect from 218.92.0.179 port 20642:11:  [preauth]
May  6 05:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: Disconnected from 218.92.0.179 port 20642 [preauth]
May  6 05:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5903]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session closed for user root
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user p13x
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6074]: Successful su for rubyman by root
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6074]: + ??? root:rubyman
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338352 of user rubyman.
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6074]: pam_unix(su:session): session closed for user rubyman
May  6 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338352.
May  6 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5999]: pam_unix(cron:session): session closed for user root
May  6 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2824]: pam_unix(cron:session): session closed for user root
May  6 05:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user samftp
May  6 05:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user root
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session closed for user p13x
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6513]: Successful su for rubyman by root
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6513]: + ??? root:rubyman
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338357 of user rubyman.
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6513]: pam_unix(su:session): session closed for user rubyman
May  6 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338357.
May  6 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3322]: pam_unix(cron:session): session closed for user root
May  6 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6444]: pam_unix(cron:session): session closed for user samftp
May  6 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session closed for user root
May  6 05:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Invalid user wy from 128.201.165.54
May  6 05:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: input_userauth_request: invalid user wy [preauth]
May  6 05:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 05:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Failed password for invalid user wy from 128.201.165.54 port 43878 ssh2
May  6 05:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Received disconnect from 128.201.165.54 port 43878:11: Bye Bye [preauth]
May  6 05:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Disconnected from 128.201.165.54 port 43878 [preauth]
May  6 05:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user root
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session closed for user p13x
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7014]: Successful su for rubyman by root
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7014]: + ??? root:rubyman
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338361 of user rubyman.
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7014]: pam_unix(su:session): session closed for user rubyman
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338361.
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Invalid user hadoop from 194.1.184.72
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: input_userauth_request: invalid user hadoop [preauth]
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 05:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Failed password for invalid user hadoop from 194.1.184.72 port 37200 ssh2
May  6 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Received disconnect from 194.1.184.72 port 37200:11: Bye Bye [preauth]
May  6 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Disconnected from 194.1.184.72 port 37200 [preauth]
May  6 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3816]: pam_unix(cron:session): session closed for user root
May  6 05:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session closed for user samftp
May  6 05:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user root
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7374]: pam_unix(cron:session): session closed for user p13x
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7433]: Successful su for rubyman by root
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7433]: + ??? root:rubyman
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338367 of user rubyman.
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7433]: pam_unix(su:session): session closed for user rubyman
May  6 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338367.
May  6 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user root
May  6 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: Invalid user  from 196.251.84.225
May  6 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: input_userauth_request: invalid user  [preauth]
May  6 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7375]: pam_unix(cron:session): session closed for user samftp
May  6 05:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7674]: Connection closed by 196.251.84.225 port 55730 [preauth]
May  6 05:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Invalid user postgres from 181.176.62.39
May  6 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: input_userauth_request: invalid user postgres [preauth]
May  6 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 05:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Failed password for invalid user postgres from 181.176.62.39 port 49214 ssh2
May  6 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Received disconnect from 181.176.62.39 port 49214:11: Bye Bye [preauth]
May  6 05:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Disconnected from 181.176.62.39 port 49214 [preauth]
May  6 05:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 05:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Failed password for root from 171.244.40.20 port 60410 ssh2
May  6 05:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Received disconnect from 171.244.40.20 port 60410:11: Bye Bye [preauth]
May  6 05:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7808]: Disconnected from 171.244.40.20 port 60410 [preauth]
May  6 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6446]: pam_unix(cron:session): session closed for user root
May  6 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Failed password for root from 157.10.161.187 port 56846 ssh2
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Received disconnect from 157.10.161.187 port 56846:11: Bye Bye [preauth]
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Disconnected from 157.10.161.187 port 56846 [preauth]
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session closed for user p13x
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7966]: Successful su for rubyman by root
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7966]: + ??? root:rubyman
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338369 of user rubyman.
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7966]: pam_unix(su:session): session closed for user rubyman
May  6 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338369.
May  6 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session closed for user root
May  6 05:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7903]: pam_unix(cron:session): session closed for user samftp
May  6 05:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Invalid user cc from 201.249.87.203
May  6 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: input_userauth_request: invalid user cc [preauth]
May  6 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Failed password for invalid user cc from 201.249.87.203 port 34340 ssh2
May  6 05:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Received disconnect from 201.249.87.203 port 34340:11: Bye Bye [preauth]
May  6 05:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Disconnected from 201.249.87.203 port 34340 [preauth]
May  6 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session closed for user root
May  6 05:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206  user=root
May  6 05:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for root from 63.41.9.206 port 48804 ssh2
May  6 05:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Received disconnect from 63.41.9.206 port 48804:11: Bye Bye [preauth]
May  6 05:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Disconnected from 63.41.9.206 port 48804 [preauth]
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8333]: pam_unix(cron:session): session closed for user root
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user p13x
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8397]: Successful su for rubyman by root
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8397]: + ??? root:rubyman
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338373 of user rubyman.
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8397]: pam_unix(su:session): session closed for user rubyman
May  6 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338373.
May  6 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user root
May  6 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5436]: pam_unix(cron:session): session closed for user root
May  6 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user samftp
May  6 05:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Invalid user debian from 103.9.211.159
May  6 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: input_userauth_request: invalid user debian [preauth]
May  6 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 05:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Failed password for invalid user debian from 103.9.211.159 port 37450 ssh2
May  6 05:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Received disconnect from 103.9.211.159 port 37450:11: Bye Bye [preauth]
May  6 05:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8635]: Disconnected from 103.9.211.159 port 37450 [preauth]
May  6 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7377]: pam_unix(cron:session): session closed for user root
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user p13x
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: Successful su for rubyman by root
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: + ??? root:rubyman
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338380 of user rubyman.
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8860]: pam_unix(su:session): session closed for user rubyman
May  6 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338380.
May  6 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6000]: pam_unix(cron:session): session closed for user root
May  6 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user samftp
May  6 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Invalid user LLL from 137.184.114.25
May  6 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: input_userauth_request: invalid user LLL [preauth]
May  6 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Failed password for invalid user LLL from 137.184.114.25 port 34384 ssh2
May  6 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Received disconnect from 137.184.114.25 port 34384:11: Bye Bye [preauth]
May  6 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9210]: Disconnected from 137.184.114.25 port 34384 [preauth]
May  6 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Invalid user zhangxinkui from 49.36.41.76
May  6 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: input_userauth_request: invalid user zhangxinkui [preauth]
May  6 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.36.41.76
May  6 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session closed for user root
May  6 05:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Failed password for invalid user zhangxinkui from 49.36.41.76 port 48920 ssh2
May  6 05:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Received disconnect from 49.36.41.76 port 48920:11: Bye Bye [preauth]
May  6 05:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9212]: Disconnected from 49.36.41.76 port 48920 [preauth]
May  6 05:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Invalid user ubuntu from 196.251.84.225
May  6 05:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: input_userauth_request: invalid user ubuntu [preauth]
May  6 05:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for invalid user ubuntu from 196.251.84.225 port 43748 ssh2
May  6 05:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Connection closed by 196.251.84.225 port 43748 [preauth]
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9334]: pam_unix(cron:session): session closed for user p13x
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9398]: Successful su for rubyman by root
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9398]: + ??? root:rubyman
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338384 of user rubyman.
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9398]: pam_unix(su:session): session closed for user rubyman
May  6 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338384.
May  6 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6445]: pam_unix(cron:session): session closed for user root
May  6 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session closed for user samftp
May  6 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Invalid user jellyfin from 196.251.84.225
May  6 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: input_userauth_request: invalid user jellyfin [preauth]
May  6 05:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Failed password for invalid user jellyfin from 196.251.84.225 port 47352 ssh2
May  6 05:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9581]: Connection closed by 196.251.84.225 port 47352 [preauth]
May  6 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8332]: pam_unix(cron:session): session closed for user root
May  6 05:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72  user=root
May  6 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Invalid user steam from 196.251.84.225
May  6 05:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: input_userauth_request: invalid user steam [preauth]
May  6 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Failed password for root from 194.1.184.72 port 60152 ssh2
May  6 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Received disconnect from 194.1.184.72 port 60152:11: Bye Bye [preauth]
May  6 05:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9685]: Disconnected from 194.1.184.72 port 60152 [preauth]
May  6 05:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Failed password for invalid user steam from 196.251.84.225 port 40614 ssh2
May  6 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9682]: Connection closed by 196.251.84.225 port 40614 [preauth]
May  6 05:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Invalid user inspur from 46.25.236.192
May  6 05:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: input_userauth_request: invalid user inspur [preauth]
May  6 05:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 05:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Failed password for invalid user inspur from 46.25.236.192 port 59300 ssh2
May  6 05:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Received disconnect from 46.25.236.192 port 59300:11: Bye Bye [preauth]
May  6 05:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9718]: Disconnected from 46.25.236.192 port 59300 [preauth]
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9740]: pam_unix(cron:session): session closed for user p13x
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: Successful su for rubyman by root
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: + ??? root:rubyman
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338388 of user rubyman.
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: pam_unix(su:session): session closed for user rubyman
May  6 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338388.
May  6 05:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session closed for user root
May  6 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54  user=root
May  6 05:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9742]: pam_unix(cron:session): session closed for user samftp
May  6 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Failed password for root from 128.201.165.54 port 57736 ssh2
May  6 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Received disconnect from 128.201.165.54 port 57736:11: Bye Bye [preauth]
May  6 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Disconnected from 128.201.165.54 port 57736 [preauth]
May  6 05:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Invalid user app from 196.251.84.225
May  6 05:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: input_userauth_request: invalid user app [preauth]
May  6 05:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Failed password for invalid user app from 196.251.84.225 port 37074 ssh2
May  6 05:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10009]: Connection closed by 196.251.84.225 port 37074 [preauth]
May  6 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user root
May  6 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Invalid user satisfactory from 196.251.84.225
May  6 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: input_userauth_request: invalid user satisfactory [preauth]
May  6 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for invalid user satisfactory from 196.251.84.225 port 44816 ssh2
May  6 05:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Connection closed by 196.251.84.225 port 44816 [preauth]
May  6 05:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 05:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Failed password for root from 194.190.153.226 port 55280 ssh2
May  6 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Received disconnect from 194.190.153.226 port 55280:11: Bye Bye [preauth]
May  6 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10127]: Disconnected from 194.190.153.226 port 55280 [preauth]
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10147]: pam_unix(cron:session): session closed for user p13x
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10220]: Successful su for rubyman by root
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10220]: + ??? root:rubyman
May  6 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338391 of user rubyman.
May  6 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10220]: pam_unix(su:session): session closed for user rubyman
May  6 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338391.
May  6 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7376]: pam_unix(cron:session): session closed for user root
May  6 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39  user=root
May  6 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10148]: pam_unix(cron:session): session closed for user samftp
May  6 05:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Failed password for root from 181.176.62.39 port 43312 ssh2
May  6 05:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Received disconnect from 181.176.62.39 port 43312:11: Bye Bye [preauth]
May  6 05:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Disconnected from 181.176.62.39 port 43312 [preauth]
May  6 05:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: Failed password for root from 196.251.84.225 port 38008 ssh2
May  6 05:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10509]: Connection closed by 196.251.84.225 port 38008 [preauth]
May  6 05:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20  user=root
May  6 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Failed password for root from 171.244.40.20 port 39642 ssh2
May  6 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Received disconnect from 171.244.40.20 port 39642:11: Bye Bye [preauth]
May  6 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Disconnected from 171.244.40.20 port 39642 [preauth]
May  6 05:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Invalid user pilot from 50.235.31.47
May  6 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: input_userauth_request: invalid user pilot [preauth]
May  6 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Failed password for invalid user pilot from 50.235.31.47 port 32844 ssh2
May  6 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10573]: Connection closed by 50.235.31.47 port 32844 [preauth]
May  6 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session closed for user root
May  6 05:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: Failed password for root from 196.251.84.225 port 55212 ssh2
May  6 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10639]: Connection closed by 196.251.84.225 port 55212 [preauth]
May  6 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187  user=root
May  6 05:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Failed password for root from 157.10.161.187 port 51982 ssh2
May  6 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Received disconnect from 157.10.161.187 port 51982:11: Bye Bye [preauth]
May  6 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10658]: Disconnected from 157.10.161.187 port 51982 [preauth]
May  6 05:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Invalid user jhseo from 201.249.87.203
May  6 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: input_userauth_request: invalid user jhseo [preauth]
May  6 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Failed password for invalid user jhseo from 201.249.87.203 port 43324 ssh2
May  6 05:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Received disconnect from 201.249.87.203 port 43324:11: Bye Bye [preauth]
May  6 05:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10692]: Disconnected from 201.249.87.203 port 43324 [preauth]
May  6 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10714]: pam_unix(cron:session): session closed for user root
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10709]: pam_unix(cron:session): session closed for user p13x
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10805]: Successful su for rubyman by root
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10805]: + ??? root:rubyman
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338399 of user rubyman.
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10805]: pam_unix(su:session): session closed for user rubyman
May  6 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338399.
May  6 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session closed for user root
May  6 05:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10711]: pam_unix(cron:session): session closed for user root
May  6 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10710]: pam_unix(cron:session): session closed for user samftp
May  6 05:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Invalid user docker from 196.251.84.225
May  6 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: input_userauth_request: invalid user docker [preauth]
May  6 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Failed password for invalid user docker from 196.251.84.225 port 34754 ssh2
May  6 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11009]: Connection closed by 196.251.84.225 port 34754 [preauth]
May  6 05:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9744]: pam_unix(cron:session): session closed for user root
May  6 05:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Invalid user gcpda from 63.41.9.206
May  6 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: input_userauth_request: invalid user gcpda [preauth]
May  6 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Failed password for invalid user gcpda from 63.41.9.206 port 38554 ssh2
May  6 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Received disconnect from 63.41.9.206 port 38554:11: Bye Bye [preauth]
May  6 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Disconnected from 63.41.9.206 port 38554 [preauth]
May  6 05:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Failed password for root from 196.251.84.225 port 49158 ssh2
May  6 05:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11113]: Connection closed by 196.251.84.225 port 49158 [preauth]
May  6 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user p13x
May  6 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11231]: Successful su for rubyman by root
May  6 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11231]: + ??? root:rubyman
May  6 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338401 of user rubyman.
May  6 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11231]: pam_unix(su:session): session closed for user rubyman
May  6 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338401.
May  6 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session closed for user root
May  6 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user samftp
May  6 05:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Invalid user arkserver from 196.251.84.225
May  6 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: input_userauth_request: invalid user arkserver [preauth]
May  6 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Failed password for invalid user arkserver from 196.251.84.225 port 49426 ssh2
May  6 05:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11424]: Connection closed by 196.251.84.225 port 49426 [preauth]
May  6 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10150]: pam_unix(cron:session): session closed for user root
May  6 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: Invalid user linda from 103.9.211.159
May  6 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: input_userauth_request: invalid user linda [preauth]
May  6 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 05:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: Failed password for invalid user linda from 103.9.211.159 port 58530 ssh2
May  6 05:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: Received disconnect from 103.9.211.159 port 58530:11: Bye Bye [preauth]
May  6 05:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11509]: Disconnected from 103.9.211.159 port 58530 [preauth]
May  6 05:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: Failed password for root from 196.251.84.225 port 48946 ssh2
May  6 05:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11535]: Connection closed by 196.251.84.225 port 48946 [preauth]
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11576]: pam_unix(cron:session): session closed for user p13x
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: Successful su for rubyman by root
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: + ??? root:rubyman
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338407 of user rubyman.
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: pam_unix(su:session): session closed for user rubyman
May  6 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338407.
May  6 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user root
May  6 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11577]: pam_unix(cron:session): session closed for user samftp
May  6 05:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Failed password for root from 196.251.84.225 port 48870 ssh2
May  6 05:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11845]: Connection closed by 196.251.84.225 port 48870 [preauth]
May  6 05:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10713]: pam_unix(cron:session): session closed for user root
May  6 05:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11938]: Failed password for root from 196.251.84.225 port 33404 ssh2
May  6 05:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11938]: Connection closed by 196.251.84.225 port 33404 [preauth]
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11966]: pam_unix(cron:session): session closed for user p13x
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12023]: Successful su for rubyman by root
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12023]: + ??? root:rubyman
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338410 of user rubyman.
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12023]: pam_unix(su:session): session closed for user rubyman
May  6 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338410.
May  6 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9336]: pam_unix(cron:session): session closed for user root
May  6 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11967]: pam_unix(cron:session): session closed for user samftp
May  6 05:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Invalid user azure from 194.1.184.72
May  6 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: input_userauth_request: invalid user azure [preauth]
May  6 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Failed password for invalid user azure from 194.1.184.72 port 57444 ssh2
May  6 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Received disconnect from 194.1.184.72 port 57444:11: Bye Bye [preauth]
May  6 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Disconnected from 194.1.184.72 port 57444 [preauth]
May  6 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: Invalid user samba from 196.251.84.225
May  6 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: input_userauth_request: invalid user samba [preauth]
May  6 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: Failed password for invalid user samba from 196.251.84.225 port 53896 ssh2
May  6 05:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12236]: Connection closed by 196.251.84.225 port 53896 [preauth]
May  6 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Invalid user student3 from 107.175.83.197
May  6 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: input_userauth_request: invalid user student3 [preauth]
May  6 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 05:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Failed password for invalid user student3 from 107.175.83.197 port 55084 ssh2
May  6 05:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Received disconnect from 107.175.83.197 port 55084:11: Bye Bye [preauth]
May  6 05:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12267]: Disconnected from 107.175.83.197 port 55084 [preauth]
May  6 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11168]: pam_unix(cron:session): session closed for user root
May  6 05:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: Invalid user demo from 196.251.84.225
May  6 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: input_userauth_request: invalid user demo [preauth]
May  6 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: Failed password for invalid user demo from 196.251.84.225 port 43360 ssh2
May  6 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12355]: Connection closed by 196.251.84.225 port 43360 [preauth]
May  6 05:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Invalid user hxw from 43.135.173.36
May  6 05:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: input_userauth_request: invalid user hxw [preauth]
May  6 05:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 05:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Failed password for invalid user hxw from 43.135.173.36 port 54302 ssh2
May  6 05:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Received disconnect from 43.135.173.36 port 54302:11: Bye Bye [preauth]
May  6 05:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12374]: Disconnected from 43.135.173.36 port 54302 [preauth]
May  6 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session closed for user p13x
May  6 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12443]: Successful su for rubyman by root
May  6 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12443]: + ??? root:rubyman
May  6 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338413 of user rubyman.
May  6 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12443]: pam_unix(su:session): session closed for user rubyman
May  6 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338413.
May  6 05:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9743]: pam_unix(cron:session): session closed for user root
May  6 05:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session closed for user samftp
May  6 05:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: Invalid user sap from 128.201.165.54
May  6 05:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: input_userauth_request: invalid user sap [preauth]
May  6 05:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 05:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: Failed password for invalid user sap from 128.201.165.54 port 58906 ssh2
May  6 05:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: Received disconnect from 128.201.165.54 port 58906:11: Bye Bye [preauth]
May  6 05:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12626]: Disconnected from 128.201.165.54 port 58906 [preauth]
May  6 05:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: Invalid user demo from 196.251.84.225
May  6 05:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: input_userauth_request: invalid user demo [preauth]
May  6 05:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: Failed password for invalid user demo from 196.251.84.225 port 40282 ssh2
May  6 05:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12650]: Connection closed by 196.251.84.225 port 40282 [preauth]
May  6 05:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11579]: pam_unix(cron:session): session closed for user root
May  6 05:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Invalid user hadoop from 171.244.40.20
May  6 05:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: input_userauth_request: invalid user hadoop [preauth]
May  6 05:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.244.40.20
May  6 05:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for invalid user hadoop from 171.244.40.20 port 40602 ssh2
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Invalid user exx from 181.176.62.39
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: input_userauth_request: invalid user exx [preauth]
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.176.62.39
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Received disconnect from 171.244.40.20 port 40602:11: Bye Bye [preauth]
May  6 05:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Disconnected from 171.244.40.20 port 40602 [preauth]
May  6 05:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Failed password for root from 196.251.84.225 port 56110 ssh2
May  6 05:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Connection closed by 196.251.84.225 port 56110 [preauth]
May  6 05:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Failed password for invalid user exx from 181.176.62.39 port 36238 ssh2
May  6 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Received disconnect from 181.176.62.39 port 36238:11: Bye Bye [preauth]
May  6 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Disconnected from 181.176.62.39 port 36238 [preauth]
May  6 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Invalid user krishna from 137.184.114.25
May  6 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: input_userauth_request: invalid user krishna [preauth]
May  6 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Failed password for invalid user krishna from 137.184.114.25 port 55752 ssh2
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Received disconnect from 137.184.114.25 port 55752:11: Bye Bye [preauth]
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12765]: Disconnected from 137.184.114.25 port 55752 [preauth]
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12781]: pam_unix(cron:session): session closed for user root
May  6 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session closed for user p13x
May  6 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12845]: Successful su for rubyman by root
May  6 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12845]: + ??? root:rubyman
May  6 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338420 of user rubyman.
May  6 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12845]: pam_unix(su:session): session closed for user rubyman
May  6 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338420.
May  6 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12778]: pam_unix(cron:session): session closed for user root
May  6 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10149]: pam_unix(cron:session): session closed for user root
May  6 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session closed for user samftp
May  6 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Invalid user chjiang from 46.25.236.192
May  6 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: input_userauth_request: invalid user chjiang [preauth]
May  6 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 05:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Failed password for invalid user chjiang from 46.25.236.192 port 46584 ssh2
May  6 05:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Received disconnect from 46.25.236.192 port 46584:11: Bye Bye [preauth]
May  6 05:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Disconnected from 46.25.236.192 port 46584 [preauth]
May  6 05:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Failed password for root from 196.251.84.225 port 35274 ssh2
May  6 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13087]: Connection closed by 196.251.84.225 port 35274 [preauth]
May  6 05:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Invalid user xjcc from 201.249.87.203
May  6 05:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: input_userauth_request: invalid user xjcc [preauth]
May  6 05:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Failed password for invalid user xjcc from 201.249.87.203 port 52312 ssh2
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Received disconnect from 201.249.87.203 port 52312:11: Bye Bye [preauth]
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Disconnected from 201.249.87.203 port 52312 [preauth]
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: Invalid user lord from 157.10.161.187
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: input_userauth_request: invalid user lord [preauth]
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 05:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: Failed password for invalid user lord from 157.10.161.187 port 59318 ssh2
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: Received disconnect from 157.10.161.187 port 59318:11: Bye Bye [preauth]
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13120]: Disconnected from 157.10.161.187 port 59318 [preauth]
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Invalid user zhanna from 152.42.225.137
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: input_userauth_request: invalid user zhanna [preauth]
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11969]: pam_unix(cron:session): session closed for user root
May  6 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for invalid user zhanna from 152.42.225.137 port 35814 ssh2
May  6 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Received disconnect from 152.42.225.137 port 35814:11: Bye Bye [preauth]
May  6 05:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Disconnected from 152.42.225.137 port 35814 [preauth]
May  6 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Invalid user grafana from 196.251.84.225
May  6 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: input_userauth_request: invalid user grafana [preauth]
May  6 05:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Failed password for invalid user grafana from 196.251.84.225 port 60412 ssh2
May  6 05:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13190]: Connection closed by 196.251.84.225 port 60412 [preauth]
May  6 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user p13x
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: Successful su for rubyman by root
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: + ??? root:rubyman
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338424 of user rubyman.
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13282]: pam_unix(su:session): session closed for user rubyman
May  6 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338424.
May  6 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10712]: pam_unix(cron:session): session closed for user root
May  6 05:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user samftp
May  6 05:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Invalid user steam from 196.251.84.225
May  6 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: input_userauth_request: invalid user steam [preauth]
May  6 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Invalid user admin from 63.41.9.206
May  6 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: input_userauth_request: invalid user admin [preauth]
May  6 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.41.9.206
May  6 05:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Failed password for invalid user admin from 63.41.9.206 port 56535 ssh2
May  6 05:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Received disconnect from 63.41.9.206 port 56535:11: Bye Bye [preauth]
May  6 05:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13597]: Disconnected from 63.41.9.206 port 56535 [preauth]
May  6 05:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Failed password for invalid user steam from 196.251.84.225 port 36598 ssh2
May  6 05:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Connection closed by 196.251.84.225 port 36598 [preauth]
May  6 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session closed for user root
May  6 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Invalid user redis from 196.251.84.225
May  6 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: input_userauth_request: invalid user redis [preauth]
May  6 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Failed password for invalid user redis from 196.251.84.225 port 58240 ssh2
May  6 05:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13704]: Connection closed by 196.251.84.225 port 58240 [preauth]
May  6 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13725]: pam_unix(cron:session): session closed for user p13x
May  6 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: Successful su for rubyman by root
May  6 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: + ??? root:rubyman
May  6 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338427 of user rubyman.
May  6 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session closed for user rubyman
May  6 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338427.
May  6 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session closed for user root
May  6 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13726]: pam_unix(cron:session): session closed for user samftp
May  6 05:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Invalid user gmod from 196.251.84.225
May  6 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: input_userauth_request: invalid user gmod [preauth]
May  6 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Failed password for invalid user gmod from 196.251.84.225 port 37508 ssh2
May  6 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14015]: Connection closed by 196.251.84.225 port 37508 [preauth]
May  6 05:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12780]: pam_unix(cron:session): session closed for user root
May  6 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159  user=root
May  6 05:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Failed password for root from 103.9.211.159 port 40476 ssh2
May  6 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Received disconnect from 103.9.211.159 port 40476:11: Bye Bye [preauth]
May  6 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14107]: Disconnected from 103.9.211.159 port 40476 [preauth]
May  6 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Invalid user vps from 196.251.84.225
May  6 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: input_userauth_request: invalid user vps [preauth]
May  6 05:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Failed password for invalid user vps from 196.251.84.225 port 46124 ssh2
May  6 05:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14109]: Connection closed by 196.251.84.225 port 46124 [preauth]
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session closed for user p13x
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: Successful su for rubyman by root
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: + ??? root:rubyman
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338432 of user rubyman.
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14198]: pam_unix(su:session): session closed for user rubyman
May  6 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338432.
May  6 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11578]: pam_unix(cron:session): session closed for user root
May  6 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14137]: pam_unix(cron:session): session closed for user samftp
May  6 05:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Invalid user ubuntu from 194.190.153.226
May  6 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: input_userauth_request: invalid user ubuntu [preauth]
May  6 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 05:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Failed password for invalid user ubuntu from 194.190.153.226 port 58388 ssh2
May  6 05:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Received disconnect from 194.190.153.226 port 58388:11: Bye Bye [preauth]
May  6 05:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14405]: Disconnected from 194.190.153.226 port 58388 [preauth]
May  6 05:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Invalid user jito from 196.251.84.225
May  6 05:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: input_userauth_request: invalid user jito [preauth]
May  6 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user root
May  6 05:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Failed password for invalid user jito from 196.251.84.225 port 40690 ssh2
May  6 05:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Connection closed by 196.251.84.225 port 40690 [preauth]
May  6 05:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Invalid user sap from 194.1.184.72
May  6 05:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: input_userauth_request: invalid user sap [preauth]
May  6 05:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.1.184.72
May  6 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Failed password for invalid user sap from 194.1.184.72 port 58918 ssh2
May  6 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Received disconnect from 194.1.184.72 port 58918:11: Bye Bye [preauth]
May  6 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14510]: Disconnected from 194.1.184.72 port 58918 [preauth]
May  6 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: Invalid user elasticsearch from 196.251.84.225
May  6 05:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: Failed password for invalid user elasticsearch from 196.251.84.225 port 46996 ssh2
May  6 05:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14529]: Connection closed by 196.251.84.225 port 46996 [preauth]
May  6 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14542]: pam_unix(cron:session): session closed for user p13x
May  6 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14606]: Successful su for rubyman by root
May  6 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14606]: + ??? root:rubyman
May  6 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338435 of user rubyman.
May  6 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14606]: pam_unix(su:session): session closed for user rubyman
May  6 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338435.
May  6 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11968]: pam_unix(cron:session): session closed for user root
May  6 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14543]: pam_unix(cron:session): session closed for user samftp
May  6 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Invalid user ubuntu from 107.175.83.197
May  6 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: input_userauth_request: invalid user ubuntu [preauth]
May  6 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Invalid user sz from 43.135.173.36
May  6 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: input_userauth_request: invalid user sz [preauth]
May  6 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Failed password for invalid user ubuntu from 107.175.83.197 port 40116 ssh2
May  6 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Received disconnect from 107.175.83.197 port 40116:11: Bye Bye [preauth]
May  6 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Disconnected from 107.175.83.197 port 40116 [preauth]
May  6 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Failed password for invalid user sz from 43.135.173.36 port 34624 ssh2
May  6 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Received disconnect from 43.135.173.36 port 34624:11: Bye Bye [preauth]
May  6 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: Disconnected from 43.135.173.36 port 34624 [preauth]
May  6 05:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14849]: Failed password for root from 196.251.84.225 port 47172 ssh2
May  6 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14849]: Connection closed by 196.251.84.225 port 47172 [preauth]
May  6 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session closed for user root
May  6 05:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Invalid user samba from 196.251.84.225
May  6 05:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: input_userauth_request: invalid user samba [preauth]
May  6 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Invalid user admin from 80.94.95.241
May  6 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: input_userauth_request: invalid user admin [preauth]
May  6 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14967]: pam_unix(cron:session): session closed for user root
May  6 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14961]: pam_unix(cron:session): session closed for user p13x
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Failed password for invalid user admin from 80.94.95.241 port 62310 ssh2
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: Successful su for rubyman by root
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: + ??? root:rubyman
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338440 of user rubyman.
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15032]: pam_unix(su:session): session closed for user rubyman
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338440.
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Failed password for invalid user samba from 196.251.84.225 port 47866 ssh2
May  6 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Connection closed by 196.251.84.225 port 47866 [preauth]
May  6 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Failed password for invalid user admin from 80.94.95.241 port 62310 ssh2
May  6 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14963]: pam_unix(cron:session): session closed for user root
May  6 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session closed for user root
May  6 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Invalid user personal from 137.184.114.25
May  6 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: input_userauth_request: invalid user personal [preauth]
May  6 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Failed password for invalid user admin from 80.94.95.241 port 62310 ssh2
May  6 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14962]: pam_unix(cron:session): session closed for user samftp
May  6 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Failed password for invalid user personal from 137.184.114.25 port 36344 ssh2
May  6 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Received disconnect from 137.184.114.25 port 36344:11: Bye Bye [preauth]
May  6 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15171]: Disconnected from 137.184.114.25 port 36344 [preauth]
May  6 05:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Failed password for invalid user admin from 80.94.95.241 port 62310 ssh2
May  6 05:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Failed password for invalid user admin from 80.94.95.241 port 62310 ssh2
May  6 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Received disconnect from 80.94.95.241 port 62310:11: Bye [preauth]
May  6 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: Disconnected from 80.94.95.241 port 62310 [preauth]
May  6 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14958]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Invalid user debian from 128.201.165.54
May  6 05:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: input_userauth_request: invalid user debian [preauth]
May  6 05:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 05:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Failed password for invalid user debian from 128.201.165.54 port 45048 ssh2
May  6 05:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Received disconnect from 128.201.165.54 port 45048:11: Bye Bye [preauth]
May  6 05:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15243]: Disconnected from 128.201.165.54 port 45048 [preauth]
May  6 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Invalid user solana from 196.251.84.225
May  6 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: input_userauth_request: invalid user solana [preauth]
May  6 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Failed password for invalid user solana from 196.251.84.225 port 56118 ssh2
May  6 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14139]: pam_unix(cron:session): session closed for user root
May  6 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Connection closed by 196.251.84.225 port 56118 [preauth]
May  6 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: Invalid user chenchao from 46.25.236.192
May  6 05:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: input_userauth_request: invalid user chenchao [preauth]
May  6 05:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 05:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: Failed password for invalid user chenchao from 46.25.236.192 port 54724 ssh2
May  6 05:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: Received disconnect from 46.25.236.192 port 54724:11: Bye Bye [preauth]
May  6 05:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15322]: Disconnected from 46.25.236.192 port 54724 [preauth]
May  6 05:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Invalid user gpadmin from 201.249.87.203
May  6 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: input_userauth_request: invalid user gpadmin [preauth]
May  6 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Failed password for invalid user gpadmin from 201.249.87.203 port 33066 ssh2
May  6 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Invalid user esroot from 196.251.84.225
May  6 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: input_userauth_request: invalid user esroot [preauth]
May  6 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Received disconnect from 201.249.87.203 port 33066:11: Bye Bye [preauth]
May  6 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15386]: Disconnected from 201.249.87.203 port 33066 [preauth]
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session closed for user p13x
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: Successful su for rubyman by root
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: + ??? root:rubyman
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338447 of user rubyman.
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15458]: pam_unix(su:session): session closed for user rubyman
May  6 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338447.
May  6 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Failed password for invalid user esroot from 196.251.84.225 port 54516 ssh2
May  6 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15388]: Connection closed by 196.251.84.225 port 54516 [preauth]
May  6 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12779]: pam_unix(cron:session): session closed for user root
May  6 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user samftp
May  6 05:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Invalid user sebas from 157.10.161.187
May  6 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: input_userauth_request: invalid user sebas [preauth]
May  6 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.10.161.187
May  6 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Failed password for invalid user sebas from 157.10.161.187 port 50736 ssh2
May  6 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Received disconnect from 157.10.161.187 port 50736:11: Bye Bye [preauth]
May  6 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15647]: Disconnected from 157.10.161.187 port 50736 [preauth]
May  6 05:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Invalid user admin from 196.251.84.225
May  6 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: input_userauth_request: invalid user admin [preauth]
May  6 05:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session closed for user root
May  6 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Failed password for invalid user admin from 196.251.84.225 port 50736 ssh2
May  6 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Connection closed by 196.251.84.225 port 50736 [preauth]
May  6 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session closed for user p13x
May  6 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: Successful su for rubyman by root
May  6 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: + ??? root:rubyman
May  6 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338449 of user rubyman.
May  6 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: pam_unix(su:session): session closed for user rubyman
May  6 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338449.
May  6 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13213]: pam_unix(cron:session): session closed for user root
May  6 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Invalid user apache from 196.251.84.225
May  6 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: input_userauth_request: invalid user apache [preauth]
May  6 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Failed password for invalid user apache from 196.251.84.225 port 57444 ssh2
May  6 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user samftp
May  6 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Invalid user admin from 80.94.95.112
May  6 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: input_userauth_request: invalid user admin [preauth]
May  6 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 05:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15801]: Connection closed by 196.251.84.225 port 57444 [preauth]
May  6 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Failed password for invalid user admin from 80.94.95.112 port 11177 ssh2
May  6 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Invalid user web from 152.42.225.137
May  6 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: input_userauth_request: invalid user web [preauth]
May  6 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 05:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Failed password for invalid user admin from 80.94.95.112 port 11177 ssh2
May  6 05:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Failed password for invalid user web from 152.42.225.137 port 43848 ssh2
May  6 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Received disconnect from 152.42.225.137 port 43848:11: Bye Bye [preauth]
May  6 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16046]: Disconnected from 152.42.225.137 port 43848 [preauth]
May  6 05:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Failed password for invalid user admin from 80.94.95.112 port 11177 ssh2
May  6 05:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Failed password for invalid user admin from 80.94.95.112 port 11177 ssh2
May  6 05:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Failed password for invalid user admin from 80.94.95.112 port 11177 ssh2
May  6 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Received disconnect from 80.94.95.112 port 11177:11: Bye [preauth]
May  6 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: Disconnected from 80.94.95.112 port 11177 [preauth]
May  6 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16033]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Invalid user latitude from 196.251.84.225
May  6 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: input_userauth_request: invalid user latitude [preauth]
May  6 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14965]: pam_unix(cron:session): session closed for user root
May  6 05:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for invalid user latitude from 196.251.84.225 port 41532 ssh2
May  6 05:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Connection closed by 196.251.84.225 port 41532 [preauth]
May  6 05:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Invalid user weblogic from 196.251.84.225
May  6 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: input_userauth_request: invalid user weblogic [preauth]
May  6 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Failed password for invalid user weblogic from 196.251.84.225 port 57378 ssh2
May  6 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Connection closed by 196.251.84.225 port 57378 [preauth]
May  6 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session closed for user p13x
May  6 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16255]: Successful su for rubyman by root
May  6 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16255]: + ??? root:rubyman
May  6 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338453 of user rubyman.
May  6 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16255]: pam_unix(su:session): session closed for user rubyman
May  6 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338453.
May  6 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13727]: pam_unix(cron:session): session closed for user root
May  6 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16196]: pam_unix(cron:session): session closed for user samftp
May  6 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Invalid user hxw from 194.190.153.226
May  6 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: input_userauth_request: invalid user hxw [preauth]
May  6 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 05:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Failed password for invalid user hxw from 194.190.153.226 port 33914 ssh2
May  6 05:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Received disconnect from 194.190.153.226 port 33914:11: Bye Bye [preauth]
May  6 05:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Disconnected from 194.190.153.226 port 33914 [preauth]
May  6 05:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Invalid user worker from 196.251.84.225
May  6 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: input_userauth_request: invalid user worker [preauth]
May  6 05:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Failed password for invalid user worker from 196.251.84.225 port 59296 ssh2
May  6 05:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Connection closed by 196.251.84.225 port 59296 [preauth]
May  6 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15396]: pam_unix(cron:session): session closed for user root
May  6 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: Invalid user redis from 196.251.84.225
May  6 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: input_userauth_request: invalid user redis [preauth]
May  6 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: Failed password for invalid user redis from 196.251.84.225 port 59220 ssh2
May  6 05:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16626]: Connection closed by 196.251.84.225 port 59220 [preauth]
May  6 05:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Failed password for root from 218.92.0.179 port 43515 ssh2
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session closed for user p13x
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: Successful su for rubyman by root
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: + ??? root:rubyman
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338457 of user rubyman.
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16768]: pam_unix(su:session): session closed for user rubyman
May  6 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338457.
May  6 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Failed password for root from 218.92.0.179 port 43515 ssh2
May  6 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16643]: pam_unix(cron:session): session closed for user root
May  6 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Invalid user wy from 103.9.211.159
May  6 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: input_userauth_request: invalid user wy [preauth]
May  6 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14138]: pam_unix(cron:session): session closed for user root
May  6 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Failed password for root from 218.92.0.179 port 43515 ssh2
May  6 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Received disconnect from 218.92.0.179 port 43515:11:  [preauth]
May  6 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Disconnected from 218.92.0.179 port 43515 [preauth]
May  6 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Failed password for invalid user wy from 103.9.211.159 port 56808 ssh2
May  6 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Received disconnect from 103.9.211.159 port 56808:11: Bye Bye [preauth]
May  6 05:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16827]: Disconnected from 103.9.211.159 port 56808 [preauth]
May  6 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session closed for user samftp
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Invalid user hadoop from 107.175.83.197
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: input_userauth_request: invalid user hadoop [preauth]
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Failed password for root from 43.135.173.36 port 40052 ssh2
May  6 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Received disconnect from 43.135.173.36 port 40052:11: Bye Bye [preauth]
May  6 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Disconnected from 43.135.173.36 port 40052 [preauth]
May  6 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Failed password for invalid user hadoop from 107.175.83.197 port 49338 ssh2
May  6 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Received disconnect from 107.175.83.197 port 49338:11: Bye Bye [preauth]
May  6 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17042]: Disconnected from 107.175.83.197 port 49338 [preauth]
May  6 05:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Invalid user vps from 196.251.84.225
May  6 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: input_userauth_request: invalid user vps [preauth]
May  6 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Failed password for invalid user vps from 196.251.84.225 port 42604 ssh2
May  6 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Connection closed by 196.251.84.225 port 42604 [preauth]
May  6 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
May  6 05:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Invalid user nvidia from 196.251.84.225
May  6 05:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: input_userauth_request: invalid user nvidia [preauth]
May  6 05:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Failed password for invalid user nvidia from 196.251.84.225 port 49598 ssh2
May  6 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17155]: Connection closed by 196.251.84.225 port 49598 [preauth]
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session closed for user root
May  6 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session closed for user p13x
May  6 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17255]: Successful su for rubyman by root
May  6 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17255]: + ??? root:rubyman
May  6 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338463 of user rubyman.
May  6 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17255]: pam_unix(su:session): session closed for user rubyman
May  6 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338463.
May  6 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session closed for user root
May  6 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14544]: pam_unix(cron:session): session closed for user root
May  6 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session closed for user samftp
May  6 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Invalid user Data from 137.184.114.25
May  6 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: input_userauth_request: invalid user Data [preauth]
May  6 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Failed password for invalid user Data from 137.184.114.25 port 44912 ssh2
May  6 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Received disconnect from 137.184.114.25 port 44912:11: Bye Bye [preauth]
May  6 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17496]: Disconnected from 137.184.114.25 port 44912 [preauth]
May  6 05:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Failed password for root from 196.251.84.225 port 35850 ssh2
May  6 05:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17487]: Connection closed by 196.251.84.225 port 35850 [preauth]
May  6 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session closed for user root
May  6 05:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Invalid user sftp from 196.251.84.225
May  6 05:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: input_userauth_request: invalid user sftp [preauth]
May  6 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Failed password for invalid user sftp from 196.251.84.225 port 56008 ssh2
May  6 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Connection closed by 196.251.84.225 port 56008 [preauth]
May  6 05:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  6 05:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Failed password for root from 46.25.236.192 port 34640 ssh2
May  6 05:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Received disconnect from 46.25.236.192 port 34640:11: Bye Bye [preauth]
May  6 05:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17614]: Disconnected from 46.25.236.192 port 34640 [preauth]
May  6 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17634]: pam_unix(cron:session): session closed for user p13x
May  6 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17708]: Successful su for rubyman by root
May  6 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17708]: + ??? root:rubyman
May  6 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338470 of user rubyman.
May  6 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17708]: pam_unix(su:session): session closed for user rubyman
May  6 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338470.
May  6 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14964]: pam_unix(cron:session): session closed for user root
May  6 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17635]: pam_unix(cron:session): session closed for user samftp
May  6 05:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Invalid user linda from 128.201.165.54
May  6 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: input_userauth_request: invalid user linda [preauth]
May  6 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.201.165.54
May  6 05:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Invalid user dolphinscheduler from 196.251.84.225
May  6 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Failed password for invalid user linda from 128.201.165.54 port 43124 ssh2
May  6 05:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Received disconnect from 128.201.165.54 port 43124:11: Bye Bye [preauth]
May  6 05:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Disconnected from 128.201.165.54 port 43124 [preauth]
May  6 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 57622 ssh2
May  6 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18006]: Connection closed by 196.251.84.225 port 57622 [preauth]
May  6 05:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Invalid user wxh from 201.249.87.203
May  6 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: input_userauth_request: invalid user wxh [preauth]
May  6 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.249.87.203
May  6 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16650]: pam_unix(cron:session): session closed for user root
May  6 05:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Failed password for invalid user wxh from 201.249.87.203 port 42056 ssh2
May  6 05:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Received disconnect from 201.249.87.203 port 42056:11: Bye Bye [preauth]
May  6 05:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18085]: Disconnected from 201.249.87.203 port 42056 [preauth]
May  6 05:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: Failed password for root from 196.251.84.225 port 51880 ssh2
May  6 05:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18120]: Connection closed by 196.251.84.225 port 51880 [preauth]
May  6 05:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: Failed password for root from 218.92.0.179 port 63479 ssh2
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63479 ssh2]
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: Received disconnect from 218.92.0.179 port 63479:11:  [preauth]
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: Disconnected from 218.92.0.179 port 63479 [preauth]
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18161]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18174]: pam_unix(cron:session): session closed for user p13x
May  6 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: Successful su for rubyman by root
May  6 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: + ??? root:rubyman
May  6 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338473 of user rubyman.
May  6 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18233]: pam_unix(su:session): session closed for user rubyman
May  6 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338473.
May  6 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user root
May  6 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18175]: pam_unix(cron:session): session closed for user samftp
May  6 05:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Invalid user mapr from 196.251.84.225
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: input_userauth_request: invalid user mapr [preauth]
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Invalid user omnisky from 84.22.147.211
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: input_userauth_request: invalid user omnisky [preauth]
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 05:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Failed password for invalid user mapr from 196.251.84.225 port 44378 ssh2
May  6 05:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Failed password for invalid user omnisky from 84.22.147.211 port 44346 ssh2
May  6 05:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Connection closed by 196.251.84.225 port 44378 [preauth]
May  6 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Received disconnect from 84.22.147.211 port 44346:11: Bye Bye [preauth]
May  6 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Disconnected from 84.22.147.211 port 44346 [preauth]
May  6 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17187]: pam_unix(cron:session): session closed for user root
May  6 05:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Invalid user admin from 196.251.84.225
May  6 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: input_userauth_request: invalid user admin [preauth]
May  6 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Failed password for invalid user admin from 196.251.84.225 port 58200 ssh2
May  6 05:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Connection closed by 196.251.84.225 port 58200 [preauth]
May  6 05:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Failed password for root from 152.42.225.137 port 36432 ssh2
May  6 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Received disconnect from 152.42.225.137 port 36432:11: Bye Bye [preauth]
May  6 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Disconnected from 152.42.225.137 port 36432 [preauth]
May  6 05:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Invalid user zhangp from 194.190.153.226
May  6 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: input_userauth_request: invalid user zhangp [preauth]
May  6 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 05:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Failed password for invalid user zhangp from 194.190.153.226 port 35154 ssh2
May  6 05:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Received disconnect from 194.190.153.226 port 35154:11: Bye Bye [preauth]
May  6 05:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18577]: Disconnected from 194.190.153.226 port 35154 [preauth]
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session closed for user p13x
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: Successful su for rubyman by root
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: + ??? root:rubyman
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338477 of user rubyman.
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: pam_unix(su:session): session closed for user rubyman
May  6 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338477.
May  6 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session closed for user root
May  6 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session closed for user samftp
May  6 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Failed password for root from 196.251.84.225 port 42240 ssh2
May  6 05:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Connection closed by 196.251.84.225 port 42240 [preauth]
May  6 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17637]: pam_unix(cron:session): session closed for user root
May  6 05:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: Failed password for root from 196.251.84.225 port 57104 ssh2
May  6 05:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: Connection closed by 196.251.84.225 port 57104 [preauth]
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: Invalid user a1 from 43.135.173.36
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: input_userauth_request: invalid user a1 [preauth]
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session closed for user p13x
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19078]: Successful su for rubyman by root
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19078]: + ??? root:rubyman
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338481 of user rubyman.
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19078]: pam_unix(su:session): session closed for user rubyman
May  6 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338481.
May  6 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Failed password for root from 107.175.83.197 port 58568 ssh2
May  6 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Received disconnect from 107.175.83.197 port 58568:11: Bye Bye [preauth]
May  6 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18993]: Disconnected from 107.175.83.197 port 58568 [preauth]
May  6 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: Failed password for invalid user a1 from 43.135.173.36 port 48662 ssh2
May  6 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: Received disconnect from 43.135.173.36 port 48662:11: Bye Bye [preauth]
May  6 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18995]: Disconnected from 43.135.173.36 port 48662 [preauth]
May  6 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session closed for user root
May  6 05:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session closed for user samftp
May  6 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Invalid user nagios from 196.251.84.225
May  6 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: input_userauth_request: invalid user nagios [preauth]
May  6 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Failed password for invalid user nagios from 196.251.84.225 port 56106 ssh2
May  6 05:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Connection closed by 196.251.84.225 port 56106 [preauth]
May  6 05:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 05:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18177]: pam_unix(cron:session): session closed for user root
May  6 05:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for root from 218.92.0.204 port 47834 ssh2
May  6 05:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for root from 218.92.0.204 port 47834 ssh2
May  6 05:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Invalid user elsearch from 196.251.84.225
May  6 05:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: input_userauth_request: invalid user elsearch [preauth]
May  6 05:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for invalid user elsearch from 196.251.84.225 port 52322 ssh2
May  6 05:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Connection closed by 196.251.84.225 port 52322 [preauth]
May  6 05:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for root from 218.92.0.204 port 47834 ssh2
May  6 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 47834 ssh2]
May  6 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 47834 ssh2 [preauth]
May  6 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Disconnecting: Too many authentication failures [preauth]
May  6 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 05:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Failed password for root from 218.92.0.204 port 31556 ssh2
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: message repeated 3 times: [ Failed password for root from 218.92.0.204 port 31556 ssh2]
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user root
May  6 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19424]: pam_unix(cron:session): session closed for user p13x
May  6 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: Successful su for rubyman by root
May  6 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: + ??? root:rubyman
May  6 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338484 of user rubyman.
May  6 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19493]: pam_unix(su:session): session closed for user rubyman
May  6 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338484.
May  6 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session closed for user root
May  6 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Failed password for root from 218.92.0.204 port 31556 ssh2
May  6 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session closed for user root
May  6 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Failed password for root from 218.92.0.204 port 31556 ssh2
May  6 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 31556 ssh2 [preauth]
May  6 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Disconnecting: Too many authentication failures [preauth]
May  6 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session closed for user samftp
May  6 05:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Invalid user ldap from 196.251.84.225
May  6 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: input_userauth_request: invalid user ldap [preauth]
May  6 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Failed password for invalid user ldap from 196.251.84.225 port 36770 ssh2
May  6 05:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19721]: Connection closed by 196.251.84.225 port 36770 [preauth]
May  6 05:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Invalid user azure from 103.9.211.159
May  6 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: input_userauth_request: invalid user azure [preauth]
May  6 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.9.211.159
May  6 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Failed password for invalid user azure from 103.9.211.159 port 42236 ssh2
May  6 05:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Received disconnect from 103.9.211.159 port 42236:11: Bye Bye [preauth]
May  6 05:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Disconnected from 103.9.211.159 port 42236 [preauth]
May  6 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session closed for user root
May  6 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Invalid user admin from 137.184.114.25
May  6 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: input_userauth_request: invalid user admin [preauth]
May  6 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Failed password for invalid user admin from 137.184.114.25 port 53610 ssh2
May  6 05:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Received disconnect from 137.184.114.25 port 53610:11: Bye Bye [preauth]
May  6 05:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19815]: Disconnected from 137.184.114.25 port 53610 [preauth]
May  6 05:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: Invalid user sftp from 196.251.84.225
May  6 05:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: input_userauth_request: invalid user sftp [preauth]
May  6 05:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: Failed password for invalid user sftp from 196.251.84.225 port 36100 ssh2
May  6 05:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19826]: Connection closed by 196.251.84.225 port 36100 [preauth]
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session closed for user p13x
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: Successful su for rubyman by root
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: + ??? root:rubyman
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338490 of user rubyman.
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: pam_unix(su:session): session closed for user rubyman
May  6 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338490.
May  6 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17186]: pam_unix(cron:session): session closed for user root
May  6 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session closed for user samftp
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Invalid user team from 164.68.105.9
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: input_userauth_request: invalid user team [preauth]
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 05:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Invalid user admin from 46.25.236.192
May  6 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: input_userauth_request: invalid user admin [preauth]
May  6 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Failed password for invalid user team from 164.68.105.9 port 53596 ssh2
May  6 05:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20141]: Connection closed by 164.68.105.9 port 53596 [preauth]
May  6 05:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  6 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Failed password for invalid user admin from 46.25.236.192 port 42780 ssh2
May  6 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Invalid user dolphinscheduler from 196.251.84.225
May  6 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 05:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Received disconnect from 46.25.236.192 port 42780:11: Bye Bye [preauth]
May  6 05:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20147]: Disconnected from 46.25.236.192 port 42780 [preauth]
May  6 05:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  6 05:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 33792 ssh2
May  6 05:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Connection closed by 196.251.84.225 port 33792 [preauth]
May  6 05:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  6 05:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Received disconnect from 218.92.0.179 port 59267:11:  [preauth]
May  6 05:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: Disconnected from 218.92.0.179 port 59267 [preauth]
May  6 05:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20143]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19010]: pam_unix(cron:session): session closed for user root
May  6 05:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Invalid user kubernetes from 196.251.84.225
May  6 05:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: input_userauth_request: invalid user kubernetes [preauth]
May  6 05:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Failed password for invalid user kubernetes from 196.251.84.225 port 55502 ssh2
May  6 05:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20254]: Connection closed by 196.251.84.225 port 55502 [preauth]
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user p13x
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: Successful su for rubyman by root
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: + ??? root:rubyman
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338494 of user rubyman.
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20353]: pam_unix(su:session): session closed for user rubyman
May  6 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338494.
May  6 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session closed for user root
May  6 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user samftp
May  6 05:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Failed password for root from 196.251.84.225 port 39642 ssh2
May  6 05:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20582]: Connection closed by 196.251.84.225 port 39642 [preauth]
May  6 05:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Invalid user sz from 194.190.153.226
May  6 05:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: input_userauth_request: invalid user sz [preauth]
May  6 05:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 05:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Failed password for invalid user sz from 194.190.153.226 port 36596 ssh2
May  6 05:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Received disconnect from 194.190.153.226 port 36596:11: Bye Bye [preauth]
May  6 05:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Disconnected from 194.190.153.226 port 36596 [preauth]
May  6 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session closed for user root
May  6 05:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Invalid user elk from 196.251.84.225
May  6 05:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: input_userauth_request: invalid user elk [preauth]
May  6 05:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Failed password for invalid user elk from 196.251.84.225 port 39562 ssh2
May  6 05:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20667]: Connection closed by 196.251.84.225 port 39562 [preauth]
May  6 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20708]: pam_unix(cron:session): session closed for user p13x
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20769]: Successful su for rubyman by root
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20769]: + ??? root:rubyman
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338498 of user rubyman.
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20769]: pam_unix(su:session): session closed for user rubyman
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338498.
May  6 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Failed password for root from 152.42.225.137 port 48028 ssh2
May  6 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Received disconnect from 152.42.225.137 port 48028:11: Bye Bye [preauth]
May  6 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20705]: Disconnected from 152.42.225.137 port 48028 [preauth]
May  6 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18176]: pam_unix(cron:session): session closed for user root
May  6 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20709]: pam_unix(cron:session): session closed for user samftp
May  6 05:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Invalid user ftpuser from 196.251.84.225
May  6 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: input_userauth_request: invalid user ftpuser [preauth]
May  6 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user ftpuser from 196.251.84.225 port 32936 ssh2
May  6 05:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Connection closed by 196.251.84.225 port 32936 [preauth]
May  6 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session closed for user root
May  6 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 05:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Invalid user server from 107.175.83.197
May  6 05:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: input_userauth_request: invalid user server [preauth]
May  6 05:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Failed password for root from 43.135.173.36 port 38820 ssh2
May  6 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Received disconnect from 43.135.173.36 port 38820:11: Bye Bye [preauth]
May  6 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21066]: Disconnected from 43.135.173.36 port 38820 [preauth]
May  6 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Failed password for invalid user server from 107.175.83.197 port 39556 ssh2
May  6 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Received disconnect from 107.175.83.197 port 39556:11: Bye Bye [preauth]
May  6 05:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21069]: Disconnected from 107.175.83.197 port 39556 [preauth]
May  6 05:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Invalid user vagrant from 196.251.84.225
May  6 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: input_userauth_request: invalid user vagrant [preauth]
May  6 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Failed password for invalid user vagrant from 196.251.84.225 port 47032 ssh2
May  6 05:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21094]: Connection closed by 196.251.84.225 port 47032 [preauth]
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21127]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21126]: pam_unix(cron:session): session closed for user p13x
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21195]: Successful su for rubyman by root
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21195]: + ??? root:rubyman
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338503 of user rubyman.
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21195]: pam_unix(su:session): session closed for user rubyman
May  6 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338503.
May  6 05:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session closed for user root
May  6 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21127]: pam_unix(cron:session): session closed for user samftp
May  6 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Invalid user esuser from 196.251.84.225
May  6 05:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: input_userauth_request: invalid user esuser [preauth]
May  6 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for invalid user esuser from 196.251.84.225 port 36474 ssh2
May  6 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Connection closed by 196.251.84.225 port 36474 [preauth]
May  6 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session closed for user root
May  6 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Invalid user admin from 80.94.95.125
May  6 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: input_userauth_request: invalid user admin [preauth]
May  6 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for invalid user admin from 80.94.95.125 port 61361 ssh2
May  6 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for invalid user admin from 80.94.95.125 port 61361 ssh2
May  6 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for invalid user admin from 80.94.95.125 port 61361 ssh2
May  6 05:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for invalid user admin from 80.94.95.125 port 61361 ssh2
May  6 05:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Invalid user opc from 196.251.84.225
May  6 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: input_userauth_request: invalid user opc [preauth]
May  6 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for invalid user admin from 80.94.95.125 port 61361 ssh2
May  6 05:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Received disconnect from 80.94.95.125 port 61361:11: Bye [preauth]
May  6 05:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Disconnected from 80.94.95.125 port 61361 [preauth]
May  6 05:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 05:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21576]: pam_unix(cron:session): session closed for user root
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21569]: pam_unix(cron:session): session closed for user p13x
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Failed password for invalid user opc from 196.251.84.225 port 51110 ssh2
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: Successful su for rubyman by root
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: + ??? root:rubyman
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338509 of user rubyman.
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21658]: pam_unix(su:session): session closed for user rubyman
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338509.
May  6 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21549]: Connection closed by 196.251.84.225 port 51110 [preauth]
May  6 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19009]: pam_unix(cron:session): session closed for user root
May  6 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21572]: pam_unix(cron:session): session closed for user root
May  6 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21571]: pam_unix(cron:session): session closed for user samftp
May  6 05:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Invalid user lzm from 84.22.147.211
May  6 05:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: input_userauth_request: invalid user lzm [preauth]
May  6 05:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 05:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Failed password for invalid user lzm from 84.22.147.211 port 38728 ssh2
May  6 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Received disconnect from 84.22.147.211 port 38728:11: Bye Bye [preauth]
May  6 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22179]: Disconnected from 84.22.147.211 port 38728 [preauth]
May  6 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Invalid user omsagent from 196.251.84.225
May  6 05:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: input_userauth_request: invalid user omsagent [preauth]
May  6 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Failed password for invalid user omsagent from 196.251.84.225 port 59792 ssh2
May  6 05:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Connection closed by 196.251.84.225 port 59792 [preauth]
May  6 05:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20711]: pam_unix(cron:session): session closed for user root
May  6 05:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Invalid user wang from 137.184.114.25
May  6 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: input_userauth_request: invalid user wang [preauth]
May  6 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Failed password for invalid user wang from 137.184.114.25 port 34124 ssh2
May  6 05:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Received disconnect from 137.184.114.25 port 34124:11: Bye Bye [preauth]
May  6 05:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Disconnected from 137.184.114.25 port 34124 [preauth]
May  6 05:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: Failed password for root from 196.251.84.225 port 57756 ssh2
May  6 05:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: Connection closed by 196.251.84.225 port 57756 [preauth]
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22358]: pam_unix(cron:session): session closed for user p13x
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22447]: Successful su for rubyman by root
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22447]: + ??? root:rubyman
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338513 of user rubyman.
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22447]: pam_unix(su:session): session closed for user rubyman
May  6 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338513.
May  6 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user root
May  6 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22359]: pam_unix(cron:session): session closed for user samftp
May  6 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Invalid user krishna from 46.25.236.192
May  6 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: input_userauth_request: invalid user krishna [preauth]
May  6 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 05:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Failed password for invalid user krishna from 46.25.236.192 port 50912 ssh2
May  6 05:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Received disconnect from 46.25.236.192 port 50912:11: Bye Bye [preauth]
May  6 05:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22717]: Disconnected from 46.25.236.192 port 50912 [preauth]
May  6 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21129]: pam_unix(cron:session): session closed for user root
May  6 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Failed password for root from 218.92.0.179 port 32740 ssh2
May  6 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Invalid user tom from 196.251.84.225
May  6 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: input_userauth_request: invalid user tom [preauth]
May  6 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Failed password for root from 218.92.0.179 port 32740 ssh2
May  6 05:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Failed password for invalid user tom from 196.251.84.225 port 47604 ssh2
May  6 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Failed password for root from 218.92.0.179 port 32740 ssh2
May  6 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Received disconnect from 218.92.0.179 port 32740:11:  [preauth]
May  6 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: Disconnected from 218.92.0.179 port 32740 [preauth]
May  6 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22796]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Connection closed by 196.251.84.225 port 47604 [preauth]
May  6 05:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: Failed password for root from 196.251.84.225 port 55838 ssh2
May  6 05:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22808]: Connection closed by 196.251.84.225 port 55838 [preauth]
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session closed for user p13x
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22905]: Successful su for rubyman by root
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22905]: + ??? root:rubyman
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22905]: pam_unix(su:session): session closed for user rubyman
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338517 of user rubyman.
May  6 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338517.
May  6 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user root
May  6 05:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22837]: pam_unix(cron:session): session closed for user samftp
May  6 05:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Failed password for root from 194.190.153.226 port 39226 ssh2
May  6 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Received disconnect from 194.190.153.226 port 39226:11: Bye Bye [preauth]
May  6 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23119]: Disconnected from 194.190.153.226 port 39226 [preauth]
May  6 05:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: Invalid user testuser from 196.251.84.225
May  6 05:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: input_userauth_request: invalid user testuser [preauth]
May  6 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: Failed password for invalid user testuser from 196.251.84.225 port 39632 ssh2
May  6 05:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23153]: Connection closed by 196.251.84.225 port 39632 [preauth]
May  6 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21575]: pam_unix(cron:session): session closed for user root
May  6 05:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Invalid user fil from 196.251.84.225
May  6 05:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: input_userauth_request: invalid user fil [preauth]
May  6 05:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Failed password for invalid user fil from 196.251.84.225 port 50638 ssh2
May  6 05:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Connection closed by 196.251.84.225 port 50638 [preauth]
May  6 05:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session closed for user p13x
May  6 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23441]: Successful su for rubyman by root
May  6 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23441]: + ??? root:rubyman
May  6 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338520 of user rubyman.
May  6 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23441]: pam_unix(su:session): session closed for user rubyman
May  6 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338520.
May  6 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user root
May  6 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session closed for user samftp
May  6 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Invalid user ! from 195.178.110.50
May  6 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: input_userauth_request: invalid user ! [preauth]
May  6 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Failed password for invalid user ! from 195.178.110.50 port 17380 ssh2
May  6 05:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23277]: Connection closed by 195.178.110.50 port 17380 [preauth]
May  6 05:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: Invalid user zhangp from 43.135.173.36
May  6 05:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: input_userauth_request: invalid user zhangp [preauth]
May  6 05:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: Failed password for invalid user zhangp from 43.135.173.36 port 42258 ssh2
May  6 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: Received disconnect from 43.135.173.36 port 42258:11: Bye Bye [preauth]
May  6 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: Disconnected from 43.135.173.36 port 42258 [preauth]
May  6 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Invalid user scs from 152.42.225.137
May  6 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: input_userauth_request: invalid user scs [preauth]
May  6 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: Invalid user terraria from 196.251.84.225
May  6 05:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: input_userauth_request: invalid user terraria [preauth]
May  6 05:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Failed password for invalid user scs from 152.42.225.137 port 46822 ssh2
May  6 05:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Received disconnect from 152.42.225.137 port 46822:11: Bye Bye [preauth]
May  6 05:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Disconnected from 152.42.225.137 port 46822 [preauth]
May  6 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Invalid user a1 from 107.175.83.197
May  6 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: input_userauth_request: invalid user a1 [preauth]
May  6 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 05:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: Failed password for invalid user terraria from 196.251.84.225 port 45386 ssh2
May  6 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23663]: Connection closed by 196.251.84.225 port 45386 [preauth]
May  6 05:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Failed password for invalid user a1 from 107.175.83.197 port 48774 ssh2
May  6 05:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Received disconnect from 107.175.83.197 port 48774:11: Bye Bye [preauth]
May  6 05:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Disconnected from 107.175.83.197 port 48774 [preauth]
May  6 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22361]: pam_unix(cron:session): session closed for user root
May  6 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Invalid user p from 195.178.110.50
May  6 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: input_userauth_request: invalid user p [preauth]
May  6 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Failed password for invalid user p from 195.178.110.50 port 22534 ssh2
May  6 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Connection closed by 195.178.110.50 port 22534 [preauth]
May  6 05:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Invalid user harsh from 182.180.77.216
May  6 05:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: input_userauth_request: invalid user harsh [preauth]
May  6 05:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 05:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Failed password for invalid user harsh from 182.180.77.216 port 40278 ssh2
May  6 05:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Received disconnect from 182.180.77.216 port 40278:11: Bye Bye [preauth]
May  6 05:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23850]: Disconnected from 182.180.77.216 port 40278 [preauth]
May  6 05:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: Invalid user deepspeed from 196.251.84.225
May  6 05:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: input_userauth_request: invalid user deepspeed [preauth]
May  6 05:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: Failed password for invalid user deepspeed from 196.251.84.225 port 46630 ssh2
May  6 05:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23868]: Connection closed by 196.251.84.225 port 46630 [preauth]
May  6 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Invalid user a from 195.178.110.50
May  6 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: input_userauth_request: invalid user a [preauth]
May  6 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23891]: pam_unix(cron:session): session closed for user p13x
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Failed password for invalid user a from 195.178.110.50 port 7968 ssh2
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: Successful su for rubyman by root
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: + ??? root:rubyman
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338525 of user rubyman.
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session closed for user rubyman
May  6 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338525.
May  6 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20710]: pam_unix(cron:session): session closed for user root
May  6 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23893]: pam_unix(cron:session): session closed for user samftp
May  6 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Connection closed by 195.178.110.50 port 7968 [preauth]
May  6 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Invalid user zookeeper from 196.251.84.225
May  6 05:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: input_userauth_request: invalid user zookeeper [preauth]
May  6 05:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Failed password for invalid user zookeeper from 196.251.84.225 port 53000 ssh2
May  6 05:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24199]: Connection closed by 196.251.84.225 port 53000 [preauth]
May  6 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: Invalid user R from 195.178.110.50
May  6 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: input_userauth_request: invalid user R [preauth]
May  6 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: Failed password for invalid user R from 195.178.110.50 port 1082 ssh2
May  6 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24163]: Connection closed by 195.178.110.50 port 1082 [preauth]
May  6 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22839]: pam_unix(cron:session): session closed for user root
May  6 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Invalid user C from 195.178.110.50
May  6 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: input_userauth_request: invalid user C [preauth]
May  6 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 05:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Failed password for invalid user C from 195.178.110.50 port 53484 ssh2
May  6 05:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Failed password for root from 196.251.84.225 port 44618 ssh2
May  6 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Connection closed by 195.178.110.50 port 53484 [preauth]
May  6 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Connection closed by 196.251.84.225 port 44618 [preauth]
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24359]: pam_unix(cron:session): session closed for user root
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user p13x
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: Successful su for rubyman by root
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: + ??? root:rubyman
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338531 of user rubyman.
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: pam_unix(su:session): session closed for user rubyman
May  6 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338531.
May  6 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24356]: pam_unix(cron:session): session closed for user root
May  6 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21128]: pam_unix(cron:session): session closed for user root
May  6 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24353]: pam_unix(cron:session): session closed for user samftp
May  6 05:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Invalid user jumpserver from 196.251.84.225
May  6 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: input_userauth_request: invalid user jumpserver [preauth]
May  6 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Failed password for invalid user jumpserver from 196.251.84.225 port 60818 ssh2
May  6 05:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Connection closed by 196.251.84.225 port 60818 [preauth]
May  6 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user root
May  6 05:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Invalid user wind from 84.22.147.211
May  6 05:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: input_userauth_request: invalid user wind [preauth]
May  6 05:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user wind from 84.22.147.211 port 49014 ssh2
May  6 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Received disconnect from 84.22.147.211 port 49014:11: Bye Bye [preauth]
May  6 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Disconnected from 84.22.147.211 port 49014 [preauth]
May  6 05:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Invalid user chain from 196.251.84.225
May  6 05:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: input_userauth_request: invalid user chain [preauth]
May  6 05:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Failed password for invalid user chain from 196.251.84.225 port 55814 ssh2
May  6 05:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24783]: Connection closed by 196.251.84.225 port 55814 [preauth]
May  6 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24813]: pam_unix(cron:session): session closed for user p13x
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: Successful su for rubyman by root
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: + ??? root:rubyman
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338536 of user rubyman.
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24883]: pam_unix(su:session): session closed for user rubyman
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338536.
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Invalid user chosuan from 137.184.114.25
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: input_userauth_request: invalid user chosuan [preauth]
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: Invalid user user from 50.235.31.47
May  6 05:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: input_userauth_request: invalid user user [preauth]
May  6 05:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Failed password for invalid user chosuan from 137.184.114.25 port 42850 ssh2
May  6 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Received disconnect from 137.184.114.25 port 42850:11: Bye Bye [preauth]
May  6 05:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24909]: Disconnected from 137.184.114.25 port 42850 [preauth]
May  6 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: Failed password for invalid user user from 50.235.31.47 port 60082 ssh2
May  6 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21574]: pam_unix(cron:session): session closed for user root
May  6 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24960]: Connection closed by 50.235.31.47 port 60082 [preauth]
May  6 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24814]: pam_unix(cron:session): session closed for user samftp
May  6 05:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: Invalid user volvo from 164.68.105.9
May  6 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: input_userauth_request: invalid user volvo [preauth]
May  6 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 05:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: Failed password for invalid user volvo from 164.68.105.9 port 48078 ssh2
May  6 05:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25081]: Connection closed by 164.68.105.9 port 48078 [preauth]
May  6 05:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: Invalid user odoo from 196.251.84.225
May  6 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: input_userauth_request: invalid user odoo [preauth]
May  6 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: Failed password for invalid user odoo from 196.251.84.225 port 60914 ssh2
May  6 05:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25104]: Connection closed by 196.251.84.225 port 60914 [preauth]
May  6 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session closed for user root
May  6 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Invalid user leo from 46.25.236.192
May  6 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: input_userauth_request: invalid user leo [preauth]
May  6 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Invalid user redis from 196.251.84.225
May  6 05:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: input_userauth_request: invalid user redis [preauth]
May  6 05:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Failed password for invalid user leo from 46.25.236.192 port 59046 ssh2
May  6 05:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Received disconnect from 46.25.236.192 port 59046:11: Bye Bye [preauth]
May  6 05:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Disconnected from 46.25.236.192 port 59046 [preauth]
May  6 05:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user redis from 196.251.84.225 port 48050 ssh2
May  6 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Connection closed by 196.251.84.225 port 48050 [preauth]
May  6 05:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: Invalid user a1 from 194.190.153.226
May  6 05:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: input_userauth_request: invalid user a1 [preauth]
May  6 05:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 05:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: Failed password for invalid user a1 from 194.190.153.226 port 40868 ssh2
May  6 05:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: Received disconnect from 194.190.153.226 port 40868:11: Bye Bye [preauth]
May  6 05:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25228]: Disconnected from 194.190.153.226 port 40868 [preauth]
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session closed for user p13x
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25311]: Successful su for rubyman by root
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25311]: + ??? root:rubyman
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338538 of user rubyman.
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25311]: pam_unix(su:session): session closed for user rubyman
May  6 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338538.
May  6 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22360]: pam_unix(cron:session): session closed for user root
May  6 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session closed for user samftp
May  6 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: Invalid user mapr from 196.251.84.225
May  6 05:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: input_userauth_request: invalid user mapr [preauth]
May  6 05:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: Failed password for invalid user mapr from 196.251.84.225 port 33396 ssh2
May  6 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25505]: Connection closed by 196.251.84.225 port 33396 [preauth]
May  6 05:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24358]: pam_unix(cron:session): session closed for user root
May  6 05:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Invalid user elasticsearch from 196.251.84.225
May  6 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 05:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Failed password for invalid user elasticsearch from 196.251.84.225 port 47134 ssh2
May  6 05:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Connection closed by 196.251.84.225 port 47134 [preauth]
May  6 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25708]: pam_unix(cron:session): session closed for user p13x
May  6 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: Successful su for rubyman by root
May  6 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: + ??? root:rubyman
May  6 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338542 of user rubyman.
May  6 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25783]: pam_unix(su:session): session closed for user rubyman
May  6 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338542.
May  6 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22838]: pam_unix(cron:session): session closed for user root
May  6 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25709]: pam_unix(cron:session): session closed for user samftp
May  6 05:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Invalid user server from 43.135.173.36
May  6 05:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: input_userauth_request: invalid user server [preauth]
May  6 05:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 05:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Failed password for invalid user server from 43.135.173.36 port 35042 ssh2
May  6 05:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Received disconnect from 43.135.173.36 port 35042:11: Bye Bye [preauth]
May  6 05:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Disconnected from 43.135.173.36 port 35042 [preauth]
May  6 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 05:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Failed password for root from 107.175.83.197 port 58000 ssh2
May  6 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Received disconnect from 107.175.83.197 port 58000:11: Bye Bye [preauth]
May  6 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26029]: Disconnected from 107.175.83.197 port 58000 [preauth]
May  6 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Invalid user solr from 196.251.84.225
May  6 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: input_userauth_request: invalid user solr [preauth]
May  6 05:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Failed password for invalid user solr from 196.251.84.225 port 49282 ssh2
May  6 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Invalid user changshuo from 52.140.219.21
May  6 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: input_userauth_request: invalid user changshuo [preauth]
May  6 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.140.219.21
May  6 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26031]: Connection closed by 196.251.84.225 port 49282 [preauth]
May  6 05:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Failed password for invalid user changshuo from 52.140.219.21 port 34148 ssh2
May  6 05:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Received disconnect from 52.140.219.21 port 34148:11: Bye Bye [preauth]
May  6 05:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Disconnected from 52.140.219.21 port 34148 [preauth]
May  6 05:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Invalid user ubuntu from 152.42.225.137
May  6 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: input_userauth_request: invalid user ubuntu [preauth]
May  6 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Failed password for invalid user ubuntu from 152.42.225.137 port 46228 ssh2
May  6 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Received disconnect from 152.42.225.137 port 46228:11: Bye Bye [preauth]
May  6 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26077]: Disconnected from 152.42.225.137 port 46228 [preauth]
May  6 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session closed for user root
May  6 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Failed password for root from 218.92.0.179 port 62554 ssh2
May  6 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Invalid user satisfactory from 196.251.84.225
May  6 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: input_userauth_request: invalid user satisfactory [preauth]
May  6 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Failed password for root from 218.92.0.179 port 62554 ssh2
May  6 05:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Failed password for invalid user satisfactory from 196.251.84.225 port 45086 ssh2
May  6 05:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26140]: Connection closed by 196.251.84.225 port 45086 [preauth]
May  6 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Failed password for root from 218.92.0.179 port 62554 ssh2
May  6 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Received disconnect from 218.92.0.179 port 62554:11:  [preauth]
May  6 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: Disconnected from 218.92.0.179 port 62554 [preauth]
May  6 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26142]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session closed for user p13x
May  6 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: Successful su for rubyman by root
May  6 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: + ??? root:rubyman
May  6 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338546 of user rubyman.
May  6 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26231]: pam_unix(su:session): session closed for user rubyman
May  6 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338546.
May  6 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23289]: pam_unix(cron:session): session closed for user root
May  6 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session closed for user samftp
May  6 05:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Failed password for root from 196.251.84.225 port 56348 ssh2
May  6 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26526]: Connection closed by 196.251.84.225 port 56348 [preauth]
May  6 05:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Invalid user salavat from 103.195.7.51
May  6 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: input_userauth_request: invalid user salavat [preauth]
May  6 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 05:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Failed password for invalid user salavat from 103.195.7.51 port 42410 ssh2
May  6 05:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Received disconnect from 103.195.7.51 port 42410:11: Bye Bye [preauth]
May  6 05:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26560]: Disconnected from 103.195.7.51 port 42410 [preauth]
May  6 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25242]: pam_unix(cron:session): session closed for user root
May  6 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Invalid user data from 196.251.84.225
May  6 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: input_userauth_request: invalid user data [preauth]
May  6 05:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): check pass; user unknown
May  6 05:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 05:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Failed password for invalid user data from 196.251.84.225 port 36376 ssh2
May  6 05:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Connection closed by 196.251.84.225 port 36376 [preauth]
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26654]: pam_unix(cron:session): session closed for user root
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session closed for user root
May  6 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user p13x
May  6 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26746]: Successful su for rubyman by root
May  6 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26746]: + ??? root:rubyman
May  6 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338556 of user rubyman.
May  6 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26746]: pam_unix(su:session): session closed for user rubyman
May  6 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338556.
May  6 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26651]: pam_unix(cron:session): session closed for user root
May  6 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23898]: pam_unix(cron:session): session closed for user root
May  6 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user samftp
May  6 06:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: Invalid user centos from 196.251.84.225
May  6 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: input_userauth_request: invalid user centos [preauth]
May  6 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: Failed password for invalid user centos from 196.251.84.225 port 48908 ssh2
May  6 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25711]: pam_unix(cron:session): session closed for user root
May  6 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27061]: Connection closed by 196.251.84.225 port 48908 [preauth]
May  6 06:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Invalid user dolphinscheduler from 196.251.84.225
May  6 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Invalid user seller from 84.22.147.211
May  6 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: input_userauth_request: invalid user seller [preauth]
May  6 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 36886 ssh2
May  6 06:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27221]: Connection closed by 196.251.84.225 port 36886 [preauth]
May  6 06:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user seller from 84.22.147.211 port 45042 ssh2
May  6 06:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Received disconnect from 84.22.147.211 port 45042:11: Bye Bye [preauth]
May  6 06:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Disconnected from 84.22.147.211 port 45042 [preauth]
May  6 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session closed for user p13x
May  6 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27306]: Successful su for rubyman by root
May  6 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27306]: + ??? root:rubyman
May  6 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338559 of user rubyman.
May  6 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27306]: pam_unix(su:session): session closed for user rubyman
May  6 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338559.
May  6 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24357]: pam_unix(cron:session): session closed for user root
May  6 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user samftp
May  6 06:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: Invalid user huxl from 137.184.114.25
May  6 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: input_userauth_request: invalid user huxl [preauth]
May  6 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: Failed password for invalid user huxl from 137.184.114.25 port 51516 ssh2
May  6 06:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: Received disconnect from 137.184.114.25 port 51516:11: Bye Bye [preauth]
May  6 06:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27585]: Disconnected from 137.184.114.25 port 51516 [preauth]
May  6 06:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Invalid user amp from 196.251.84.225
May  6 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: input_userauth_request: invalid user amp [preauth]
May  6 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Failed password for invalid user amp from 196.251.84.225 port 51338 ssh2
May  6 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27620]: Connection closed by 196.251.84.225 port 51338 [preauth]
May  6 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session closed for user root
May  6 06:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 06:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27676]: Failed password for root from 194.190.153.226 port 35756 ssh2
May  6 06:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27676]: Received disconnect from 194.190.153.226 port 35756:11: Bye Bye [preauth]
May  6 06:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27676]: Disconnected from 194.190.153.226 port 35756 [preauth]
May  6 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Invalid user hengshi from 46.25.236.192
May  6 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: input_userauth_request: invalid user hengshi [preauth]
May  6 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user hengshi from 46.25.236.192 port 39006 ssh2
May  6 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Received disconnect from 46.25.236.192 port 39006:11: Bye Bye [preauth]
May  6 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Disconnected from 46.25.236.192 port 39006 [preauth]
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27725]: pam_unix(cron:session): session closed for user p13x
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27788]: Successful su for rubyman by root
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27788]: + ??? root:rubyman
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338562 of user rubyman.
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27788]: pam_unix(su:session): session closed for user rubyman
May  6 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338562.
May  6 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session closed for user root
May  6 06:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27726]: pam_unix(cron:session): session closed for user samftp
May  6 06:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26653]: pam_unix(cron:session): session closed for user root
May  6 06:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Invalid user nexus from 196.251.84.225
May  6 06:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: input_userauth_request: invalid user nexus [preauth]
May  6 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Failed password for invalid user nexus from 196.251.84.225 port 56044 ssh2
May  6 06:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Connection closed by 196.251.84.225 port 56044 [preauth]
May  6 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Invalid user ubuntu from 196.251.84.225
May  6 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: input_userauth_request: invalid user ubuntu [preauth]
May  6 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28128]: pam_unix(cron:session): session closed for user p13x
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: Successful su for rubyman by root
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: + ??? root:rubyman
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338565 of user rubyman.
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28193]: pam_unix(su:session): session closed for user rubyman
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Failed password for invalid user ubuntu from 196.251.84.225 port 46344 ssh2
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338565.
May  6 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25241]: pam_unix(cron:session): session closed for user root
May  6 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Connection closed by 196.251.84.225 port 46344 [preauth]
May  6 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28129]: pam_unix(cron:session): session closed for user samftp
May  6 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: Failed password for root from 196.251.84.225 port 46308 ssh2
May  6 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28214]: Connection closed by 196.251.84.225 port 46308 [preauth]
May  6 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: Failed password for root from 43.135.173.36 port 55296 ssh2
May  6 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: Received disconnect from 43.135.173.36 port 55296:11: Bye Bye [preauth]
May  6 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28387]: Disconnected from 43.135.173.36 port 55296 [preauth]
May  6 06:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Failed password for root from 218.92.0.179 port 21032 ssh2
May  6 06:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Invalid user hxw from 107.175.83.197
May  6 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: input_userauth_request: invalid user hxw [preauth]
May  6 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for invalid user hxw from 107.175.83.197 port 38996 ssh2
May  6 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Received disconnect from 107.175.83.197 port 38996:11: Bye Bye [preauth]
May  6 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Disconnected from 107.175.83.197 port 38996 [preauth]
May  6 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Failed password for root from 218.92.0.179 port 21032 ssh2
May  6 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Failed password for root from 218.92.0.179 port 21032 ssh2
May  6 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Received disconnect from 218.92.0.179 port 21032:11:  [preauth]
May  6 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Disconnected from 218.92.0.179 port 21032 [preauth]
May  6 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session closed for user root
May  6 06:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Failed password for root from 196.251.84.225 port 53214 ssh2
May  6 06:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: Connection closed by 196.251.84.225 port 53214 [preauth]
May  6 06:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Invalid user server from 152.42.225.137
May  6 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: input_userauth_request: invalid user server [preauth]
May  6 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Failed password for invalid user server from 152.42.225.137 port 36716 ssh2
May  6 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Received disconnect from 152.42.225.137 port 36716:11: Bye Bye [preauth]
May  6 06:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28527]: Disconnected from 152.42.225.137 port 36716 [preauth]
May  6 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28546]: pam_unix(cron:session): session closed for user p13x
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28608]: Successful su for rubyman by root
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28608]: + ??? root:rubyman
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338570 of user rubyman.
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28608]: pam_unix(su:session): session closed for user rubyman
May  6 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338570.
May  6 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25710]: pam_unix(cron:session): session closed for user root
May  6 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: Invalid user ranger from 196.251.84.225
May  6 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: input_userauth_request: invalid user ranger [preauth]
May  6 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28547]: pam_unix(cron:session): session closed for user samftp
May  6 06:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: Failed password for invalid user ranger from 196.251.84.225 port 49104 ssh2
May  6 06:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28709]: Connection closed by 196.251.84.225 port 49104 [preauth]
May  6 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session closed for user root
May  6 06:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Invalid user elk from 196.251.84.225
May  6 06:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: input_userauth_request: invalid user elk [preauth]
May  6 06:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Failed password for invalid user elk from 196.251.84.225 port 52674 ssh2
May  6 06:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28885]: Connection closed by 196.251.84.225 port 52674 [preauth]
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28956]: pam_unix(cron:session): session closed for user root
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28949]: pam_unix(cron:session): session closed for user p13x
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: Successful su for rubyman by root
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: + ??? root:rubyman
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338575 of user rubyman.
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29075]: pam_unix(su:session): session closed for user rubyman
May  6 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338575.
May  6 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28952]: pam_unix(cron:session): session closed for user root
May  6 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26173]: pam_unix(cron:session): session closed for user root
May  6 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Invalid user wordpress from 196.251.84.225
May  6 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: input_userauth_request: invalid user wordpress [preauth]
May  6 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28950]: pam_unix(cron:session): session closed for user samftp
May  6 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Failed password for invalid user wordpress from 196.251.84.225 port 52016 ssh2
May  6 06:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Connection closed by 196.251.84.225 port 52016 [preauth]
May  6 06:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Invalid user debianuser from 182.180.77.216
May  6 06:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: input_userauth_request: invalid user debianuser [preauth]
May  6 06:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Failed password for invalid user debianuser from 182.180.77.216 port 40644 ssh2
May  6 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28132]: pam_unix(cron:session): session closed for user root
May  6 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Received disconnect from 182.180.77.216 port 40644:11: Bye Bye [preauth]
May  6 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Disconnected from 182.180.77.216 port 40644 [preauth]
May  6 06:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Invalid user vps from 196.251.84.225
May  6 06:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: input_userauth_request: invalid user vps [preauth]
May  6 06:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Failed password for invalid user vps from 196.251.84.225 port 43078 ssh2
May  6 06:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29428]: Connection closed by 196.251.84.225 port 43078 [preauth]
May  6 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user p13x
May  6 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29569]: Successful su for rubyman by root
May  6 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29569]: + ??? root:rubyman
May  6 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338579 of user rubyman.
May  6 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29569]: pam_unix(su:session): session closed for user rubyman
May  6 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338579.
May  6 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26652]: pam_unix(cron:session): session closed for user root
May  6 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session closed for user samftp
May  6 06:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: Invalid user user from 196.251.84.225
May  6 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: input_userauth_request: invalid user user [preauth]
May  6 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: Failed password for invalid user user from 196.251.84.225 port 51520 ssh2
May  6 06:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29759]: Connection closed by 196.251.84.225 port 51520 [preauth]
May  6 06:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Invalid user qwe from 84.22.147.211
May  6 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: input_userauth_request: invalid user qwe [preauth]
May  6 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Invalid user leo from 137.184.114.25
May  6 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: input_userauth_request: invalid user leo [preauth]
May  6 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Failed password for invalid user qwe from 84.22.147.211 port 46860 ssh2
May  6 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Received disconnect from 84.22.147.211 port 46860:11: Bye Bye [preauth]
May  6 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Disconnected from 84.22.147.211 port 46860 [preauth]
May  6 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user leo from 137.184.114.25 port 60210 ssh2
May  6 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Received disconnect from 137.184.114.25 port 60210:11: Bye Bye [preauth]
May  6 06:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Disconnected from 137.184.114.25 port 60210 [preauth]
May  6 06:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Invalid user  from 43.135.184.244
May  6 06:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: input_userauth_request: invalid user  [preauth]
May  6 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28549]: pam_unix(cron:session): session closed for user root
May  6 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29821]: Connection closed by 43.135.184.244 port 35996 [preauth]
May  6 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Failed password for root from 194.190.153.226 port 40778 ssh2
May  6 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Received disconnect from 194.190.153.226 port 40778:11: Bye Bye [preauth]
May  6 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29857]: Disconnected from 194.190.153.226 port 40778 [preauth]
May  6 06:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: Failed password for root from 196.251.84.225 port 39244 ssh2
May  6 06:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: Connection closed by 196.251.84.225 port 39244 [preauth]
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29920]: pam_unix(cron:session): session closed for user p13x
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29985]: Successful su for rubyman by root
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29985]: + ??? root:rubyman
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338583 of user rubyman.
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29985]: pam_unix(su:session): session closed for user rubyman
May  6 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338583.
May  6 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session closed for user root
May  6 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29921]: pam_unix(cron:session): session closed for user samftp
May  6 06:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  6 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30168]: Failed password for root from 46.25.236.192 port 47142 ssh2
May  6 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30168]: Received disconnect from 46.25.236.192 port 47142:11: Bye Bye [preauth]
May  6 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30168]: Disconnected from 46.25.236.192 port 47142 [preauth]
May  6 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Invalid user vbox from 196.251.84.225
May  6 06:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: input_userauth_request: invalid user vbox [preauth]
May  6 06:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Failed password for invalid user vbox from 196.251.84.225 port 38508 ssh2
May  6 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Connection closed by 196.251.84.225 port 38508 [preauth]
May  6 06:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28955]: pam_unix(cron:session): session closed for user root
May  6 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Failed password for root from 218.92.0.179 port 39054 ssh2
May  6 06:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Failed password for root from 218.92.0.179 port 39054 ssh2
May  6 06:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Invalid user cdl from 103.195.7.51
May  6 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: input_userauth_request: invalid user cdl [preauth]
May  6 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Failed password for root from 218.92.0.179 port 39054 ssh2
May  6 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Received disconnect from 218.92.0.179 port 39054:11:  [preauth]
May  6 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: Disconnected from 218.92.0.179 port 39054 [preauth]
May  6 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30238]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Failed password for invalid user cdl from 103.195.7.51 port 3114 ssh2
May  6 06:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Received disconnect from 103.195.7.51 port 3114:11: Bye Bye [preauth]
May  6 06:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30268]: Disconnected from 103.195.7.51 port 3114 [preauth]
May  6 06:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Invalid user satisfactory from 196.251.84.225
May  6 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: input_userauth_request: invalid user satisfactory [preauth]
May  6 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Failed password for invalid user satisfactory from 196.251.84.225 port 36880 ssh2
May  6 06:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 06:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30285]: Connection closed by 196.251.84.225 port 36880 [preauth]
May  6 06:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Failed password for root from 43.135.173.36 port 45762 ssh2
May  6 06:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Received disconnect from 43.135.173.36 port 45762:11: Bye Bye [preauth]
May  6 06:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30312]: Disconnected from 43.135.173.36 port 45762 [preauth]
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30323]: pam_unix(cron:session): session closed for user p13x
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30387]: Successful su for rubyman by root
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30387]: + ??? root:rubyman
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338589 of user rubyman.
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30387]: pam_unix(su:session): session closed for user rubyman
May  6 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338589.
May  6 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27727]: pam_unix(cron:session): session closed for user root
May  6 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30324]: pam_unix(cron:session): session closed for user samftp
May  6 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Failed password for root from 107.175.83.197 port 48214 ssh2
May  6 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Received disconnect from 107.175.83.197 port 48214:11: Bye Bye [preauth]
May  6 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Disconnected from 107.175.83.197 port 48214 [preauth]
May  6 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: Invalid user centos from 196.251.84.225
May  6 06:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: input_userauth_request: invalid user centos [preauth]
May  6 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: Failed password for invalid user centos from 196.251.84.225 port 52736 ssh2
May  6 06:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: Connection closed by 196.251.84.225 port 52736 [preauth]
May  6 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session closed for user root
May  6 06:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Invalid user sysadmin from 196.251.84.225
May  6 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: input_userauth_request: invalid user sysadmin [preauth]
May  6 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Failed password for invalid user sysadmin from 196.251.84.225 port 48322 ssh2
May  6 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30699]: Connection closed by 196.251.84.225 port 48322 [preauth]
May  6 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30734]: pam_unix(cron:session): session closed for user p13x
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: Successful su for rubyman by root
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: + ??? root:rubyman
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338593 of user rubyman.
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30855]: pam_unix(su:session): session closed for user rubyman
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338593.
May  6 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30732]: pam_unix(cron:session): session closed for user root
May  6 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28131]: pam_unix(cron:session): session closed for user root
May  6 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session closed for user samftp
May  6 06:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Failed password for root from 152.42.225.137 port 49818 ssh2
May  6 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Received disconnect from 152.42.225.137 port 49818:11: Bye Bye [preauth]
May  6 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Disconnected from 152.42.225.137 port 49818 [preauth]
May  6 06:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Invalid user sonar from 196.251.84.225
May  6 06:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: input_userauth_request: invalid user sonar [preauth]
May  6 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Failed password for invalid user sonar from 196.251.84.225 port 54898 ssh2
May  6 06:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31194]: Connection closed by 196.251.84.225 port 54898 [preauth]
May  6 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29924]: pam_unix(cron:session): session closed for user root
May  6 06:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Invalid user postgres from 196.251.84.225
May  6 06:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: input_userauth_request: invalid user postgres [preauth]
May  6 06:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Failed password for invalid user postgres from 196.251.84.225 port 50258 ssh2
May  6 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31310]: Connection closed by 196.251.84.225 port 50258 [preauth]
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session closed for user root
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user p13x
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: Successful su for rubyman by root
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: + ??? root:rubyman
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338598 of user rubyman.
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: pam_unix(su:session): session closed for user rubyman
May  6 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338598.
May  6 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session closed for user root
May  6 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28548]: pam_unix(cron:session): session closed for user root
May  6 06:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user samftp
May  6 06:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: input_userauth_request: invalid user ftp [preauth]
May  6 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  6 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for invalid user ftp from 196.251.84.225 port 37072 ssh2
May  6 06:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Connection closed by 196.251.84.225 port 37072 [preauth]
May  6 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session closed for user root
May  6 06:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: Invalid user arkserver from 196.251.84.225
May  6 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: input_userauth_request: invalid user arkserver [preauth]
May  6 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: Failed password for invalid user arkserver from 196.251.84.225 port 48794 ssh2
May  6 06:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31772]: Connection closed by 196.251.84.225 port 48794 [preauth]
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session closed for user p13x
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31860]: Successful su for rubyman by root
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31860]: + ??? root:rubyman
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31860]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338603 of user rubyman.
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31860]: pam_unix(su:session): session closed for user rubyman
May  6 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338603.
May  6 06:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28953]: pam_unix(cron:session): session closed for user root
May  6 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31792]: pam_unix(cron:session): session closed for user samftp
May  6 06:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Invalid user lorena from 182.180.77.216
May  6 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: input_userauth_request: invalid user lorena [preauth]
May  6 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for invalid user lorena from 182.180.77.216 port 48306 ssh2
May  6 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Received disconnect from 182.180.77.216 port 48306:11: Bye Bye [preauth]
May  6 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Disconnected from 182.180.77.216 port 48306 [preauth]
May  6 06:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Invalid user test from 196.251.84.225
May  6 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: input_userauth_request: invalid user test [preauth]
May  6 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Failed password for invalid user test from 196.251.84.225 port 53260 ssh2
May  6 06:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Connection closed by 196.251.84.225 port 53260 [preauth]
May  6 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32417]: Failed password for root from 194.190.153.226 port 47620 ssh2
May  6 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32417]: Received disconnect from 194.190.153.226 port 47620:11: Bye Bye [preauth]
May  6 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32417]: Disconnected from 194.190.153.226 port 47620 [preauth]
May  6 06:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25  user=root
May  6 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Failed password for root from 137.184.114.25 port 40694 ssh2
May  6 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Received disconnect from 137.184.114.25 port 40694:11: Bye Bye [preauth]
May  6 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32419]: Disconnected from 137.184.114.25 port 40694 [preauth]
May  6 06:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user root
May  6 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211  user=root
May  6 06:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Failed password for root from 84.22.147.211 port 55466 ssh2
May  6 06:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Received disconnect from 84.22.147.211 port 55466:11: Bye Bye [preauth]
May  6 06:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32472]: Disconnected from 84.22.147.211 port 55466 [preauth]
May  6 06:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Invalid user solana from 196.251.84.225
May  6 06:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: input_userauth_request: invalid user solana [preauth]
May  6 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Failed password for invalid user solana from 196.251.84.225 port 57832 ssh2
May  6 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Connection closed by 196.251.84.225 port 57832 [preauth]
May  6 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Failed password for root from 218.92.0.179 port 21130 ssh2
May  6 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Failed password for root from 218.92.0.179 port 21130 ssh2
May  6 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session closed for user p13x
May  6 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32611]: Successful su for rubyman by root
May  6 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32611]: + ??? root:rubyman
May  6 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338607 of user rubyman.
May  6 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32611]: pam_unix(su:session): session closed for user rubyman
May  6 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338607.
May  6 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Failed password for root from 218.92.0.179 port 21130 ssh2
May  6 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Received disconnect from 218.92.0.179 port 21130:11:  [preauth]
May  6 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Disconnected from 218.92.0.179 port 21130 [preauth]
May  6 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session closed for user root
May  6 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32533]: pam_unix(cron:session): session closed for user samftp
May  6 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Invalid user storage from 46.25.236.192
May  6 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: input_userauth_request: invalid user storage [preauth]
May  6 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Invalid user sol from 196.251.84.225
May  6 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: input_userauth_request: invalid user sol [preauth]
May  6 06:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Failed password for invalid user storage from 46.25.236.192 port 55276 ssh2
May  6 06:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Received disconnect from 46.25.236.192 port 55276:11: Bye Bye [preauth]
May  6 06:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Disconnected from 46.25.236.192 port 55276 [preauth]
May  6 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Failed password for invalid user sol from 196.251.84.225 port 55728 ssh2
May  6 06:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[523]: Connection closed by 196.251.84.225 port 55728 [preauth]
May  6 06:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
May  6 06:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Invalid user hpc from 43.135.173.36
May  6 06:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: input_userauth_request: invalid user hpc [preauth]
May  6 06:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Failed password for invalid user hpc from 43.135.173.36 port 53860 ssh2
May  6 06:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Received disconnect from 43.135.173.36 port 53860:11: Bye Bye [preauth]
May  6 06:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[593]: Disconnected from 43.135.173.36 port 53860 [preauth]
May  6 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Invalid user web from 107.175.83.197
May  6 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: input_userauth_request: invalid user web [preauth]
May  6 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Invalid user admin from 80.94.95.112
May  6 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: input_userauth_request: invalid user admin [preauth]
May  6 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Failed password for invalid user web from 107.175.83.197 port 57430 ssh2
May  6 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Received disconnect from 107.175.83.197 port 57430:11: Bye Bye [preauth]
May  6 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[628]: Disconnected from 107.175.83.197 port 57430 [preauth]
May  6 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user admin from 80.94.95.112 port 9516 ssh2
May  6 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user admin from 80.94.95.112 port 9516 ssh2
May  6 06:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Invalid user ranger from 196.251.84.225
May  6 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: input_userauth_request: invalid user ranger [preauth]
May  6 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user admin from 80.94.95.112 port 9516 ssh2
May  6 06:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Failed password for invalid user ranger from 196.251.84.225 port 36176 ssh2
May  6 06:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user admin from 80.94.95.112 port 9516 ssh2
May  6 06:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[642]: Connection closed by 196.251.84.225 port 36176 [preauth]
May  6 06:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user admin from 80.94.95.112 port 9516 ssh2
May  6 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Received disconnect from 80.94.95.112 port 9516:11: Bye [preauth]
May  6 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Disconnected from 80.94.95.112 port 9516 [preauth]
May  6 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[666]: pam_unix(cron:session): session closed for user p13x
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[737]: Successful su for rubyman by root
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[737]: + ??? root:rubyman
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338610 of user rubyman.
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[737]: pam_unix(su:session): session closed for user rubyman
May  6 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338610.
May  6 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29922]: pam_unix(cron:session): session closed for user root
May  6 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[667]: pam_unix(cron:session): session closed for user samftp
May  6 06:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Invalid user changshuo from 103.195.7.51
May  6 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: input_userauth_request: invalid user changshuo [preauth]
May  6 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Failed password for invalid user changshuo from 103.195.7.51 port 54906 ssh2
May  6 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Received disconnect from 103.195.7.51 port 54906:11: Bye Bye [preauth]
May  6 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[985]: Disconnected from 103.195.7.51 port 54906 [preauth]
May  6 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Invalid user admin from 196.251.84.225
May  6 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: input_userauth_request: invalid user admin [preauth]
May  6 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user admin from 196.251.84.225 port 45254 ssh2
May  6 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Connection closed by 196.251.84.225 port 45254 [preauth]
May  6 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31794]: pam_unix(cron:session): session closed for user root
May  6 06:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Invalid user drupal from 196.251.84.225
May  6 06:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: input_userauth_request: invalid user drupal [preauth]
May  6 06:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Failed password for invalid user drupal from 196.251.84.225 port 38162 ssh2
May  6 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Connection closed by 196.251.84.225 port 38162 [preauth]
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1139]: pam_unix(cron:session): session closed for user p13x
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1214]: Successful su for rubyman by root
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1214]: + ??? root:rubyman
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338614 of user rubyman.
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1214]: pam_unix(su:session): session closed for user rubyman
May  6 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338614.
May  6 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30325]: pam_unix(cron:session): session closed for user root
May  6 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1140]: pam_unix(cron:session): session closed for user samftp
May  6 06:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Invalid user mongodb from 196.251.84.225
May  6 06:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: input_userauth_request: invalid user mongodb [preauth]
May  6 06:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Invalid user zhangp from 152.42.225.137
May  6 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: input_userauth_request: invalid user zhangp [preauth]
May  6 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Failed password for invalid user mongodb from 196.251.84.225 port 36994 ssh2
May  6 06:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Connection closed by 196.251.84.225 port 36994 [preauth]
May  6 06:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Failed password for invalid user zhangp from 152.42.225.137 port 38156 ssh2
May  6 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Received disconnect from 152.42.225.137 port 38156:11: Bye Bye [preauth]
May  6 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1519]: Disconnected from 152.42.225.137 port 38156 [preauth]
May  6 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user root
May  6 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Invalid user jack from 196.251.84.225
May  6 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: input_userauth_request: invalid user jack [preauth]
May  6 06:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Failed password for invalid user jack from 196.251.84.225 port 42436 ssh2
May  6 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Connection closed by 196.251.84.225 port 42436 [preauth]
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1642]: pam_unix(cron:session): session closed for user root
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1637]: pam_unix(cron:session): session closed for user p13x
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1726]: Successful su for rubyman by root
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1726]: + ??? root:rubyman
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338618 of user rubyman.
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1726]: pam_unix(su:session): session closed for user rubyman
May  6 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338618.
May  6 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user root
May  6 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user root
May  6 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1638]: pam_unix(cron:session): session closed for user samftp
May  6 06:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Invalid user vbox from 196.251.84.225
May  6 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: input_userauth_request: invalid user vbox [preauth]
May  6 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Failed password for invalid user vbox from 196.251.84.225 port 48118 ssh2
May  6 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2079]: Connection closed by 196.251.84.225 port 48118 [preauth]
May  6 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[669]: pam_unix(cron:session): session closed for user root
May  6 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Invalid user sonar from 196.251.84.225
May  6 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: input_userauth_request: invalid user sonar [preauth]
May  6 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Failed password for invalid user sonar from 196.251.84.225 port 48892 ssh2
May  6 06:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Connection closed by 196.251.84.225 port 48892 [preauth]
May  6 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2192]: pam_unix(cron:session): session closed for user p13x
May  6 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2261]: Successful su for rubyman by root
May  6 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2261]: + ??? root:rubyman
May  6 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338624 of user rubyman.
May  6 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2261]: pam_unix(su:session): session closed for user rubyman
May  6 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338624.
May  6 06:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user root
May  6 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2193]: pam_unix(cron:session): session closed for user samftp
May  6 06:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Invalid user hpc from 194.190.153.226
May  6 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: input_userauth_request: invalid user hpc [preauth]
May  6 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Failed password for invalid user hpc from 194.190.153.226 port 36262 ssh2
May  6 06:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Received disconnect from 194.190.153.226 port 36262:11: Bye Bye [preauth]
May  6 06:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Disconnected from 194.190.153.226 port 36262 [preauth]
May  6 06:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Failed password for root from 196.251.84.225 port 48386 ssh2
May  6 06:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2512]: Connection closed by 196.251.84.225 port 48386 [preauth]
May  6 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1142]: pam_unix(cron:session): session closed for user root
May  6 06:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Invalid user linh from 182.180.77.216
May  6 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: input_userauth_request: invalid user linh [preauth]
May  6 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Failed password for invalid user linh from 182.180.77.216 port 55968 ssh2
May  6 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Received disconnect from 182.180.77.216 port 55968:11: Bye Bye [preauth]
May  6 06:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Disconnected from 182.180.77.216 port 55968 [preauth]
May  6 06:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25  user=root
May  6 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Failed password for root from 137.184.114.25 port 49428 ssh2
May  6 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Received disconnect from 137.184.114.25 port 49428:11: Bye Bye [preauth]
May  6 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Disconnected from 137.184.114.25 port 49428 [preauth]
May  6 06:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Failed password for root from 196.251.84.225 port 42074 ssh2
May  6 06:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2621]: Connection closed by 196.251.84.225 port 42074 [preauth]
May  6 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session closed for user root
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session closed for user p13x
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: Successful su for rubyman by root
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: + ??? root:rubyman
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338631 of user rubyman.
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: pam_unix(su:session): session closed for user rubyman
May  6 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338631.
May  6 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31793]: pam_unix(cron:session): session closed for user root
May  6 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2638]: pam_unix(cron:session): session closed for user samftp
May  6 06:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211  user=root
May  6 06:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Failed password for root from 84.22.147.211 port 58992 ssh2
May  6 06:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Received disconnect from 84.22.147.211 port 58992:11: Bye Bye [preauth]
May  6 06:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Disconnected from 84.22.147.211 port 58992 [preauth]
May  6 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Invalid user hadoop from 43.135.173.36
May  6 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: input_userauth_request: invalid user hadoop [preauth]
May  6 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Failed password for invalid user hadoop from 43.135.173.36 port 59458 ssh2
May  6 06:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Received disconnect from 43.135.173.36 port 59458:11: Bye Bye [preauth]
May  6 06:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Disconnected from 43.135.173.36 port 59458 [preauth]
May  6 06:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Invalid user test from 196.251.84.225
May  6 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: input_userauth_request: invalid user test [preauth]
May  6 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session closed for user root
May  6 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 06:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Failed password for invalid user test from 196.251.84.225 port 35840 ssh2
May  6 06:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2988]: Connection closed by 196.251.84.225 port 35840 [preauth]
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Failed password for root from 107.175.83.197 port 38418 ssh2
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Received disconnect from 107.175.83.197 port 38418:11: Bye Bye [preauth]
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Disconnected from 107.175.83.197 port 38418 [preauth]
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: Invalid user personal from 46.25.236.192
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: input_userauth_request: invalid user personal [preauth]
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: Failed password for invalid user personal from 46.25.236.192 port 35178 ssh2
May  6 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: Received disconnect from 46.25.236.192 port 35178:11: Bye Bye [preauth]
May  6 06:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3021]: Disconnected from 46.25.236.192 port 35178 [preauth]
May  6 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Invalid user ldap from 196.251.84.225
May  6 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: input_userauth_request: invalid user ldap [preauth]
May  6 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session closed for user p13x
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Failed password for invalid user ldap from 196.251.84.225 port 39454 ssh2
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: Successful su for rubyman by root
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: + ??? root:rubyman
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338633 of user rubyman.
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3143]: pam_unix(su:session): session closed for user rubyman
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338633.
May  6 06:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3069]: Connection closed by 196.251.84.225 port 39454 [preauth]
May  6 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user root
May  6 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session closed for user samftp
May  6 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session closed for user root
May  6 06:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: Failed password for root from 196.251.84.225 port 57592 ssh2
May  6 06:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3404]: Connection closed by 196.251.84.225 port 57592 [preauth]
May  6 06:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Invalid user sara from 103.195.7.51
May  6 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: input_userauth_request: invalid user sara [preauth]
May  6 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Failed password for invalid user sara from 103.195.7.51 port 14594 ssh2
May  6 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Received disconnect from 103.195.7.51 port 14594:11: Bye Bye [preauth]
May  6 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3461]: Disconnected from 103.195.7.51 port 14594 [preauth]
May  6 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3506]: pam_unix(cron:session): session closed for user p13x
May  6 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: Successful su for rubyman by root
May  6 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: + ??? root:rubyman
May  6 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338637 of user rubyman.
May  6 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3600]: pam_unix(su:session): session closed for user rubyman
May  6 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338637.
May  6 06:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[668]: pam_unix(cron:session): session closed for user root
May  6 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3738]: Did not receive identification string from 193.32.162.89
May  6 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3508]: pam_unix(cron:session): session closed for user samftp
May  6 06:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Invalid user dolphinscheduler from 196.251.84.225
May  6 06:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 06:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 45366 ssh2
May  6 06:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: Connection closed by 196.251.84.225 port 45366 [preauth]
May  6 06:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Invalid user hpc from 152.42.225.137
May  6 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: input_userauth_request: invalid user hpc [preauth]
May  6 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Failed password for invalid user hpc from 152.42.225.137 port 37536 ssh2
May  6 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Received disconnect from 152.42.225.137 port 37536:11: Bye Bye [preauth]
May  6 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3842]: Disconnected from 152.42.225.137 port 37536 [preauth]
May  6 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session closed for user root
May  6 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: Failed password for root from 196.251.84.225 port 58120 ssh2
May  6 06:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3874]: Connection closed by 196.251.84.225 port 58120 [preauth]
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3945]: pam_unix(cron:session): session closed for user root
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session closed for user p13x
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: Successful su for rubyman by root
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: + ??? root:rubyman
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338643 of user rubyman.
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: pam_unix(su:session): session closed for user rubyman
May  6 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338643.
May  6 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session closed for user root
May  6 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1141]: pam_unix(cron:session): session closed for user root
May  6 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user samftp
May  6 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Invalid user vagrant from 196.251.84.225
May  6 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: input_userauth_request: invalid user vagrant [preauth]
May  6 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Failed password for invalid user vagrant from 196.251.84.225 port 60238 ssh2
May  6 06:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Connection closed by 196.251.84.225 port 60238 [preauth]
May  6 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3082]: pam_unix(cron:session): session closed for user root
May  6 06:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Invalid user awsgui from 196.251.84.225
May  6 06:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: input_userauth_request: invalid user awsgui [preauth]
May  6 06:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Failed password for invalid user awsgui from 196.251.84.225 port 44694 ssh2
May  6 06:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Connection closed by 196.251.84.225 port 44694 [preauth]
May  6 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4564]: pam_unix(cron:session): session closed for user p13x
May  6 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: Successful su for rubyman by root
May  6 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: + ??? root:rubyman
May  6 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338648 of user rubyman.
May  6 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4634]: pam_unix(su:session): session closed for user rubyman
May  6 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338648.
May  6 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1640]: pam_unix(cron:session): session closed for user root
May  6 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session closed for user samftp
May  6 06:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 06:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Failed password for root from 194.190.153.226 port 48910 ssh2
May  6 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Received disconnect from 194.190.153.226 port 48910:11: Bye Bye [preauth]
May  6 06:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Disconnected from 194.190.153.226 port 48910 [preauth]
May  6 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Invalid user postgres from 196.251.84.225
May  6 06:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: input_userauth_request: invalid user postgres [preauth]
May  6 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Failed password for invalid user postgres from 196.251.84.225 port 49848 ssh2
May  6 06:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Connection closed by 196.251.84.225 port 49848 [preauth]
May  6 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session closed for user root
May  6 06:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Invalid user dev from 196.251.84.225
May  6 06:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: input_userauth_request: invalid user dev [preauth]
May  6 06:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for invalid user dev from 196.251.84.225 port 45220 ssh2
May  6 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 196.251.84.225 port 45220 [preauth]
May  6 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session closed for user p13x
May  6 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: Successful su for rubyman by root
May  6 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: + ??? root:rubyman
May  6 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338652 of user rubyman.
May  6 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: pam_unix(su:session): session closed for user rubyman
May  6 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338652.
May  6 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2194]: pam_unix(cron:session): session closed for user root
May  6 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Invalid user zhanna from 43.135.173.36
May  6 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: input_userauth_request: invalid user zhanna [preauth]
May  6 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session closed for user samftp
May  6 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Failed password for invalid user zhanna from 43.135.173.36 port 58246 ssh2
May  6 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Received disconnect from 43.135.173.36 port 58246:11: Bye Bye [preauth]
May  6 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5424]: Disconnected from 43.135.173.36 port 58246 [preauth]
May  6 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Invalid user chenchao from 137.184.114.25
May  6 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: input_userauth_request: invalid user chenchao [preauth]
May  6 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Failed password for invalid user chenchao from 137.184.114.25 port 58104 ssh2
May  6 06:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Received disconnect from 137.184.114.25 port 58104:11: Bye Bye [preauth]
May  6 06:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5454]: Disconnected from 137.184.114.25 port 58104 [preauth]
May  6 06:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Invalid user abdullah from 182.180.77.216
May  6 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: input_userauth_request: invalid user abdullah [preauth]
May  6 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Failed password for invalid user abdullah from 182.180.77.216 port 35384 ssh2
May  6 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Received disconnect from 182.180.77.216 port 35384:11: Bye Bye [preauth]
May  6 06:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5467]: Disconnected from 182.180.77.216 port 35384 [preauth]
May  6 06:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Failed password for root from 196.251.84.225 port 44252 ssh2
May  6 06:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5484]: Connection closed by 196.251.84.225 port 44252 [preauth]
May  6 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Invalid user hpc from 107.175.83.197
May  6 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: input_userauth_request: invalid user hpc [preauth]
May  6 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Failed password for invalid user hpc from 107.175.83.197 port 47648 ssh2
May  6 06:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Received disconnect from 107.175.83.197 port 47648:11: Bye Bye [preauth]
May  6 06:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5530]: Disconnected from 107.175.83.197 port 47648 [preauth]
May  6 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session closed for user root
May  6 06:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Invalid user hik from 84.22.147.211
May  6 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: input_userauth_request: invalid user hik [preauth]
May  6 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Failed password for invalid user hik from 84.22.147.211 port 51182 ssh2
May  6 06:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Received disconnect from 84.22.147.211 port 51182:11: Bye Bye [preauth]
May  6 06:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5611]: Disconnected from 84.22.147.211 port 51182 [preauth]
May  6 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Invalid user Data from 46.25.236.192
May  6 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: input_userauth_request: invalid user Data [preauth]
May  6 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Failed password for invalid user Data from 46.25.236.192 port 43322 ssh2
May  6 06:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Received disconnect from 46.25.236.192 port 43322:11: Bye Bye [preauth]
May  6 06:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5650]: Disconnected from 46.25.236.192 port 43322 [preauth]
May  6 06:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Failed password for root from 196.251.84.225 port 33712 ssh2
May  6 06:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5653]: Connection closed by 196.251.84.225 port 33712 [preauth]
May  6 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session closed for user p13x
May  6 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5738]: Successful su for rubyman by root
May  6 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5738]: + ??? root:rubyman
May  6 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338655 of user rubyman.
May  6 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5738]: pam_unix(su:session): session closed for user rubyman
May  6 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338655.
May  6 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session closed for user root
May  6 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user samftp
May  6 06:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Invalid user test from 196.251.84.225
May  6 06:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: input_userauth_request: invalid user test [preauth]
May  6 06:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Failed password for invalid user test from 196.251.84.225 port 56070 ssh2
May  6 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6046]: Connection closed by 196.251.84.225 port 56070 [preauth]
May  6 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4568]: pam_unix(cron:session): session closed for user root
May  6 06:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Invalid user test from 196.251.84.225
May  6 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: input_userauth_request: invalid user test [preauth]
May  6 06:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Failed password for invalid user test from 196.251.84.225 port 53632 ssh2
May  6 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6180]: pam_unix(cron:session): session closed for user p13x
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6241]: Successful su for rubyman by root
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6241]: + ??? root:rubyman
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338660 of user rubyman.
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6241]: pam_unix(su:session): session closed for user rubyman
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338660.
May  6 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Connection closed by 196.251.84.225 port 53632 [preauth]
May  6 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3081]: pam_unix(cron:session): session closed for user root
May  6 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6181]: pam_unix(cron:session): session closed for user samftp
May  6 06:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: Invalid user debianuser from 103.195.7.51
May  6 06:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: input_userauth_request: invalid user debianuser [preauth]
May  6 06:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: Failed password for invalid user debianuser from 103.195.7.51 port 13890 ssh2
May  6 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: Received disconnect from 103.195.7.51 port 13890:11: Bye Bye [preauth]
May  6 06:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6454]: Disconnected from 103.195.7.51 port 13890 [preauth]
May  6 06:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Invalid user apache from 196.251.84.225
May  6 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: input_userauth_request: invalid user apache [preauth]
May  6 06:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Failed password for invalid user apache from 196.251.84.225 port 44674 ssh2
May  6 06:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6480]: Connection closed by 196.251.84.225 port 44674 [preauth]
May  6 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session closed for user root
May  6 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Invalid user sz from 152.42.225.137
May  6 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: input_userauth_request: invalid user sz [preauth]
May  6 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Failed password for invalid user sz from 152.42.225.137 port 40824 ssh2
May  6 06:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Received disconnect from 152.42.225.137 port 40824:11: Bye Bye [preauth]
May  6 06:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6554]: Disconnected from 152.42.225.137 port 40824 [preauth]
May  6 06:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Invalid user docker from 196.251.84.225
May  6 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: input_userauth_request: invalid user docker [preauth]
May  6 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for invalid user docker from 196.251.84.225 port 38708 ssh2
May  6 06:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 196.251.84.225 port 38708 [preauth]
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6607]: pam_unix(cron:session): session closed for user root
May  6 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6601]: pam_unix(cron:session): session closed for user p13x
May  6 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: Successful su for rubyman by root
May  6 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: + ??? root:rubyman
May  6 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338667 of user rubyman.
May  6 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6695]: pam_unix(su:session): session closed for user rubyman
May  6 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338667.
May  6 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6603]: pam_unix(cron:session): session closed for user root
May  6 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session closed for user root
May  6 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6599]: pam_unix(cron:session): session closed for user root
May  6 06:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6602]: pam_unix(cron:session): session closed for user samftp
May  6 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Invalid user node from 196.251.84.225
May  6 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: input_userauth_request: invalid user node [preauth]
May  6 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Failed password for invalid user node from 196.251.84.225 port 42048 ssh2
May  6 06:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Connection closed by 196.251.84.225 port 42048 [preauth]
May  6 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session closed for user root
May  6 06:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Invalid user server from 194.190.153.226
May  6 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: input_userauth_request: invalid user server [preauth]
May  6 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Failed password for invalid user server from 194.190.153.226 port 53520 ssh2
May  6 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Received disconnect from 194.190.153.226 port 53520:11: Bye Bye [preauth]
May  6 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7322]: Disconnected from 194.190.153.226 port 53520 [preauth]
May  6 06:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user wordpress from 196.251.84.225
May  6 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user wordpress [preauth]
May  6 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user wordpress from 196.251.84.225 port 54046 ssh2
May  6 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 196.251.84.225 port 54046 [preauth]
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user p13x
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: Successful su for rubyman by root
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: + ??? root:rubyman
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338673 of user rubyman.
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: pam_unix(su:session): session closed for user rubyman
May  6 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338673.
May  6 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user root
May  6 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session closed for user samftp
May  6 06:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: Invalid user centos from 196.251.84.225
May  6 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: input_userauth_request: invalid user centos [preauth]
May  6 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: Failed password for invalid user centos from 196.251.84.225 port 52414 ssh2
May  6 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7777]: Connection closed by 196.251.84.225 port 52414 [preauth]
May  6 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6183]: pam_unix(cron:session): session closed for user root
May  6 06:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  6 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for root from 46.244.96.25 port 44702 ssh2
May  6 06:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Connection closed by 46.244.96.25 port 44702 [preauth]
May  6 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Invalid user esuser from 196.251.84.225
May  6 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: input_userauth_request: invalid user esuser [preauth]
May  6 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session closed for user p13x
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Failed password for invalid user esuser from 196.251.84.225 port 47784 ssh2
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Connection closed by 196.251.84.225 port 47784 [preauth]
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7971]: Successful su for rubyman by root
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7971]: + ??? root:rubyman
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338674 of user rubyman.
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7971]: pam_unix(su:session): session closed for user rubyman
May  6 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338674.
May  6 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Failed password for root from 43.135.173.36 port 53244 ssh2
May  6 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Received disconnect from 43.135.173.36 port 53244:11: Bye Bye [preauth]
May  6 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Disconnected from 43.135.173.36 port 53244 [preauth]
May  6 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session closed for user root
May  6 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7907]: pam_unix(cron:session): session closed for user samftp
May  6 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Invalid user app from 196.251.84.225
May  6 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: input_userauth_request: invalid user app [preauth]
May  6 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: Invalid user zhanna from 107.175.83.197
May  6 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: input_userauth_request: invalid user zhanna [preauth]
May  6 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: Failed password for invalid user zhanna from 107.175.83.197 port 56864 ssh2
May  6 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: Received disconnect from 107.175.83.197 port 56864:11: Bye Bye [preauth]
May  6 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8223]: Disconnected from 107.175.83.197 port 56864 [preauth]
May  6 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Failed password for invalid user app from 196.251.84.225 port 55600 ssh2
May  6 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Invalid user hengshi from 137.184.114.25
May  6 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: input_userauth_request: invalid user hengshi [preauth]
May  6 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Connection closed by 196.251.84.225 port 55600 [preauth]
May  6 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Failed password for invalid user hengshi from 137.184.114.25 port 38616 ssh2
May  6 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Received disconnect from 137.184.114.25 port 38616:11: Bye Bye [preauth]
May  6 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Disconnected from 137.184.114.25 port 38616 [preauth]
May  6 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6606]: pam_unix(cron:session): session closed for user root
May  6 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Invalid user kobo from 182.180.77.216
May  6 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: input_userauth_request: invalid user kobo [preauth]
May  6 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Failed password for invalid user kobo from 182.180.77.216 port 43044 ssh2
May  6 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Received disconnect from 182.180.77.216 port 43044:11: Bye Bye [preauth]
May  6 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8305]: Disconnected from 182.180.77.216 port 43044 [preauth]
May  6 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Invalid user admin from 46.25.236.192
May  6 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: input_userauth_request: invalid user admin [preauth]
May  6 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8341]: pam_unix(cron:session): session closed for user p13x
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8403]: Successful su for rubyman by root
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8403]: + ??? root:rubyman
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338679 of user rubyman.
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8403]: pam_unix(su:session): session closed for user rubyman
May  6 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338679.
May  6 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for invalid user admin from 46.25.236.192 port 51460 ssh2
May  6 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Received disconnect from 46.25.236.192 port 51460:11: Bye Bye [preauth]
May  6 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Disconnected from 46.25.236.192 port 51460 [preauth]
May  6 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session closed for user root
May  6 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8342]: pam_unix(cron:session): session closed for user samftp
May  6 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Invalid user lcd from 84.22.147.211
May  6 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: input_userauth_request: invalid user lcd [preauth]
May  6 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Failed password for invalid user lcd from 84.22.147.211 port 54476 ssh2
May  6 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Received disconnect from 84.22.147.211 port 54476:11: Bye Bye [preauth]
May  6 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8621]: Disconnected from 84.22.147.211 port 54476 [preauth]
May  6 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Invalid user pal from 196.251.84.225
May  6 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: input_userauth_request: invalid user pal [preauth]
May  6 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Failed password for invalid user pal from 196.251.84.225 port 35422 ssh2
May  6 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Connection closed by 196.251.84.225 port 35422 [preauth]
May  6 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Failed password for root from 196.251.84.225 port 40748 ssh2
May  6 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8686]: Connection closed by 196.251.84.225 port 40748 [preauth]
May  6 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user root
May  6 06:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Failed password for root from 218.92.0.179 port 18814 ssh2
May  6 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Failed password for root from 218.92.0.179 port 18814 ssh2
May  6 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Failed password for root from 218.92.0.179 port 18814 ssh2
May  6 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Received disconnect from 218.92.0.179 port 18814:11:  [preauth]
May  6 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: Disconnected from 218.92.0.179 port 18814 [preauth]
May  6 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8768]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: input_userauth_request: invalid user bin [preauth]
May  6 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  6 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8790]: pam_unix(cron:session): session closed for user p13x
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8854]: Successful su for rubyman by root
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8854]: + ??? root:rubyman
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338684 of user rubyman.
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8854]: pam_unix(su:session): session closed for user rubyman
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338684.
May  6 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Failed password for invalid user bin from 196.251.84.225 port 57664 ssh2
May  6 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user root
May  6 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8778]: Connection closed by 196.251.84.225 port 57664 [preauth]
May  6 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8791]: pam_unix(cron:session): session closed for user samftp
May  6 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7909]: pam_unix(cron:session): session closed for user root
May  6 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Invalid user nft from 196.251.84.225
May  6 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: input_userauth_request: invalid user nft [preauth]
May  6 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Failed password for invalid user nft from 196.251.84.225 port 35662 ssh2
May  6 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9112]: Connection closed by 196.251.84.225 port 35662 [preauth]
May  6 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: Invalid user setup from 103.195.7.51
May  6 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: input_userauth_request: invalid user setup [preauth]
May  6 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: Failed password for invalid user setup from 103.195.7.51 port 38048 ssh2
May  6 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: Received disconnect from 103.195.7.51 port 38048:11: Bye Bye [preauth]
May  6 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9303]: Disconnected from 103.195.7.51 port 38048 [preauth]
May  6 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9324]: pam_unix(cron:session): session closed for user root
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9317]: pam_unix(cron:session): session closed for user p13x
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9393]: Successful su for rubyman by root
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9393]: + ??? root:rubyman
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338690 of user rubyman.
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9393]: pam_unix(su:session): session closed for user rubyman
May  6 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338690.
May  6 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session closed for user root
May  6 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6182]: pam_unix(cron:session): session closed for user root
May  6 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Invalid user plex from 196.251.84.225
May  6 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: input_userauth_request: invalid user plex [preauth]
May  6 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session closed for user samftp
May  6 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Invalid user hxw from 152.42.225.137
May  6 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: input_userauth_request: invalid user hxw [preauth]
May  6 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Failed password for invalid user plex from 196.251.84.225 port 51650 ssh2
May  6 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9314]: Connection closed by 196.251.84.225 port 51650 [preauth]
May  6 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for invalid user hxw from 152.42.225.137 port 58578 ssh2
May  6 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Received disconnect from 152.42.225.137 port 58578:11: Bye Bye [preauth]
May  6 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Disconnected from 152.42.225.137 port 58578 [preauth]
May  6 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session closed for user root
May  6 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Invalid user user from 194.190.153.226
May  6 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: input_userauth_request: invalid user user [preauth]
May  6 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Failed password for invalid user user from 194.190.153.226 port 48850 ssh2
May  6 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Received disconnect from 194.190.153.226 port 48850:11: Bye Bye [preauth]
May  6 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9670]: Disconnected from 194.190.153.226 port 48850 [preauth]
May  6 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Invalid user hadoop from 196.251.84.225
May  6 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: input_userauth_request: invalid user hadoop [preauth]
May  6 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Failed password for invalid user hadoop from 196.251.84.225 port 41336 ssh2
May  6 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9668]: Connection closed by 196.251.84.225 port 41336 [preauth]
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9765]: pam_unix(cron:session): session closed for user p13x
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9834]: Successful su for rubyman by root
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9834]: + ??? root:rubyman
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338693 of user rubyman.
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9834]: pam_unix(su:session): session closed for user rubyman
May  6 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338693.
May  6 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6604]: pam_unix(cron:session): session closed for user root
May  6 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9766]: pam_unix(cron:session): session closed for user samftp
May  6 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: Invalid user es from 196.251.84.225
May  6 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: input_userauth_request: invalid user es [preauth]
May  6 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: Failed password for invalid user es from 196.251.84.225 port 60638 ssh2
May  6 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10011]: Connection closed by 196.251.84.225 port 60638 [preauth]
May  6 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8793]: pam_unix(cron:session): session closed for user root
May  6 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Invalid user jack from 196.251.84.225
May  6 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: input_userauth_request: invalid user jack [preauth]
May  6 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Failed password for invalid user jack from 196.251.84.225 port 58106 ssh2
May  6 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Connection closed by 196.251.84.225 port 58106 [preauth]
May  6 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Failed password for root from 43.135.173.36 port 46940 ssh2
May  6 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Received disconnect from 43.135.173.36 port 46940:11: Bye Bye [preauth]
May  6 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10153]: Disconnected from 43.135.173.36 port 46940 [preauth]
May  6 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10172]: pam_unix(cron:session): session closed for user p13x
May  6 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: Successful su for rubyman by root
May  6 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: + ??? root:rubyman
May  6 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338698 of user rubyman.
May  6 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session closed for user rubyman
May  6 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338698.
May  6 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user root
May  6 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10173]: pam_unix(cron:session): session closed for user samftp
May  6 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Invalid user user from 107.175.83.197
May  6 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: input_userauth_request: invalid user user [preauth]
May  6 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Failed password for invalid user user from 107.175.83.197 port 37892 ssh2
May  6 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Received disconnect from 107.175.83.197 port 37892:11: Bye Bye [preauth]
May  6 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10534]: Disconnected from 107.175.83.197 port 37892 [preauth]
May  6 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Invalid user admin from 137.184.114.25
May  6 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: input_userauth_request: invalid user admin [preauth]
May  6 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Failed password for invalid user admin from 137.184.114.25 port 47292 ssh2
May  6 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Received disconnect from 137.184.114.25 port 47292:11: Bye Bye [preauth]
May  6 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Disconnected from 137.184.114.25 port 47292 [preauth]
May  6 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Failed password for root from 196.251.84.225 port 53230 ssh2
May  6 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10559]: Connection closed by 196.251.84.225 port 53230 [preauth]
May  6 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session closed for user root
May  6 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Failed password for root from 196.251.84.225 port 38504 ssh2
May  6 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10710]: Connection closed by 196.251.84.225 port 38504 [preauth]
May  6 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10751]: pam_unix(cron:session): session closed for user p13x
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10814]: Successful su for rubyman by root
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10814]: + ??? root:rubyman
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338700 of user rubyman.
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10814]: pam_unix(su:session): session closed for user rubyman
May  6 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338700.
May  6 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7908]: pam_unix(cron:session): session closed for user root
May  6 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10753]: pam_unix(cron:session): session closed for user samftp
May  6 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 218.92.0.179 port 23000 ssh2
May  6 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 218.92.0.179 port 23000 ssh2
May  6 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10990]: Failed password for root from 218.92.0.179 port 23000 ssh2
May  6 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Invalid user LLL from 46.25.236.192
May  6 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: input_userauth_request: invalid user LLL [preauth]
May  6 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Failed password for invalid user LLL from 46.25.236.192 port 59590 ssh2
May  6 06:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Received disconnect from 46.25.236.192 port 59590:11: Bye Bye [preauth]
May  6 06:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11010]: Disconnected from 46.25.236.192 port 59590 [preauth]
May  6 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Invalid user copyuser from 182.180.77.216
May  6 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: input_userauth_request: invalid user copyuser [preauth]
May  6 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Failed password for invalid user copyuser from 182.180.77.216 port 50702 ssh2
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Invalid user admin from 80.94.95.125
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: input_userauth_request: invalid user admin [preauth]
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Received disconnect from 182.180.77.216 port 50702:11: Bye Bye [preauth]
May  6 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11026]: Disconnected from 182.180.77.216 port 50702 [preauth]
May  6 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user admin from 80.94.95.125 port 28262 ssh2
May  6 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user admin from 80.94.95.125 port 28262 ssh2
May  6 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Invalid user demo from 196.251.84.225
May  6 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: input_userauth_request: invalid user demo [preauth]
May  6 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user admin from 80.94.95.125 port 28262 ssh2
May  6 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: Invalid user fcx from 84.22.147.211
May  6 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: input_userauth_request: invalid user fcx [preauth]
May  6 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Failed password for invalid user demo from 196.251.84.225 port 45296 ssh2
May  6 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user admin from 80.94.95.125 port 28262 ssh2
May  6 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: Failed password for invalid user fcx from 84.22.147.211 port 56006 ssh2
May  6 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11062]: Connection closed by 196.251.84.225 port 45296 [preauth]
May  6 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: Received disconnect from 84.22.147.211 port 56006:11: Bye Bye [preauth]
May  6 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11064]: Disconnected from 84.22.147.211 port 56006 [preauth]
May  6 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Failed password for invalid user admin from 80.94.95.125 port 28262 ssh2
May  6 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Received disconnect from 80.94.95.125 port 28262:11: Bye [preauth]
May  6 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: Disconnected from 80.94.95.125 port 28262 [preauth]
May  6 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11036]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9769]: pam_unix(cron:session): session closed for user root
May  6 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Invalid user nagios from 196.251.84.225
May  6 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: input_userauth_request: invalid user nagios [preauth]
May  6 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Failed password for invalid user nagios from 196.251.84.225 port 60024 ssh2
May  6 06:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11144]: Connection closed by 196.251.84.225 port 60024 [preauth]
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11164]: pam_unix(cron:session): session closed for user p13x
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: Successful su for rubyman by root
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: + ??? root:rubyman
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338705 of user rubyman.
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11225]: pam_unix(su:session): session closed for user rubyman
May  6 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338705.
May  6 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8344]: pam_unix(cron:session): session closed for user root
May  6 06:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11165]: pam_unix(cron:session): session closed for user samftp
May  6 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Invalid user vagrant from 196.251.84.225
May  6 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: input_userauth_request: invalid user vagrant [preauth]
May  6 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Failed password for invalid user vagrant from 196.251.84.225 port 58338 ssh2
May  6 06:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11456]: Connection closed by 196.251.84.225 port 58338 [preauth]
May  6 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10175]: pam_unix(cron:session): session closed for user root
May  6 06:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Failed password for root from 196.251.84.225 port 42704 ssh2
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11551]: Connection closed by 196.251.84.225 port 42704 [preauth]
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11573]: pam_unix(cron:session): session closed for user root
May  6 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11568]: pam_unix(cron:session): session closed for user p13x
May  6 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: Successful su for rubyman by root
May  6 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: + ??? root:rubyman
May  6 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338710 of user rubyman.
May  6 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: pam_unix(su:session): session closed for user rubyman
May  6 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338710.
May  6 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session closed for user root
May  6 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8792]: pam_unix(cron:session): session closed for user root
May  6 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session closed for user samftp
May  6 06:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user root
May  6 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Invalid user web from 194.190.153.226
May  6 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: input_userauth_request: invalid user web [preauth]
May  6 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Failed password for root from 196.251.84.225 port 45968 ssh2
May  6 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11880]: Connection closed by 196.251.84.225 port 45968 [preauth]
May  6 06:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Failed password for invalid user web from 194.190.153.226 port 46606 ssh2
May  6 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Received disconnect from 194.190.153.226 port 46606:11: Bye Bye [preauth]
May  6 06:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11910]: Disconnected from 194.190.153.226 port 46606 [preauth]
May  6 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Failed password for root from 152.42.225.137 port 37870 ssh2
May  6 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Received disconnect from 152.42.225.137 port 37870:11: Bye Bye [preauth]
May  6 06:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11919]: Disconnected from 152.42.225.137 port 37870 [preauth]
May  6 06:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Invalid user parth from 103.195.7.51
May  6 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: input_userauth_request: invalid user parth [preauth]
May  6 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Failed password for invalid user parth from 103.195.7.51 port 26918 ssh2
May  6 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Received disconnect from 103.195.7.51 port 26918:11: Bye Bye [preauth]
May  6 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11943]: Disconnected from 103.195.7.51 port 26918 [preauth]
May  6 06:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: Invalid user puppet from 196.251.84.225
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: input_userauth_request: invalid user puppet [preauth]
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session closed for user p13x
May  6 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: Successful su for rubyman by root
May  6 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: + ??? root:rubyman
May  6 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338715 of user rubyman.
May  6 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12057]: pam_unix(su:session): session closed for user rubyman
May  6 06:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338715.
May  6 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: Failed password for invalid user puppet from 196.251.84.225 port 37624 ssh2
May  6 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: Connection closed by 196.251.84.225 port 37624 [preauth]
May  6 06:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user root
May  6 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user samftp
May  6 06:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Invalid user hikvision from 196.251.84.225
May  6 06:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: input_userauth_request: invalid user hikvision [preauth]
May  6 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Failed password for invalid user hikvision from 196.251.84.225 port 54598 ssh2
May  6 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11167]: pam_unix(cron:session): session closed for user root
May  6 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Connection closed by 196.251.84.225 port 54598 [preauth]
May  6 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Invalid user ubuntu from 43.135.173.36
May  6 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: input_userauth_request: invalid user ubuntu [preauth]
May  6 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for invalid user ubuntu from 43.135.173.36 port 42130 ssh2
May  6 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Received disconnect from 43.135.173.36 port 42130:11: Bye Bye [preauth]
May  6 06:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Disconnected from 43.135.173.36 port 42130 [preauth]
May  6 06:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Failed password for root from 107.175.83.197 port 47116 ssh2
May  6 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Received disconnect from 107.175.83.197 port 47116:11: Bye Bye [preauth]
May  6 06:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12406]: Disconnected from 107.175.83.197 port 47116 [preauth]
May  6 06:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Invalid user solana from 196.251.84.225
May  6 06:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: input_userauth_request: invalid user solana [preauth]
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session closed for user p13x
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12470]: Successful su for rubyman by root
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12470]: + ??? root:rubyman
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338719 of user rubyman.
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12470]: pam_unix(su:session): session closed for user rubyman
May  6 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338719.
May  6 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Failed password for invalid user solana from 196.251.84.225 port 54956 ssh2
May  6 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9768]: pam_unix(cron:session): session closed for user root
May  6 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Connection closed by 196.251.84.225 port 54956 [preauth]
May  6 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12412]: pam_unix(cron:session): session closed for user samftp
May  6 06:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Invalid user es from 196.251.84.225
May  6 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: input_userauth_request: invalid user es [preauth]
May  6 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user root
May  6 06:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Failed password for invalid user es from 196.251.84.225 port 36592 ssh2
May  6 06:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12715]: Connection closed by 196.251.84.225 port 36592 [preauth]
May  6 06:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25  user=root
May  6 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Failed password for root from 137.184.114.25 port 56040 ssh2
May  6 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Received disconnect from 137.184.114.25 port 56040:11: Bye Bye [preauth]
May  6 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12755]: Disconnected from 137.184.114.25 port 56040 [preauth]
May  6 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12778]: Connection closed by 185.93.89.139 port 59640 [preauth]
May  6 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Invalid user x from 195.178.110.50
May  6 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: input_userauth_request: invalid user x [preauth]
May  6 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Failed password for invalid user x from 195.178.110.50 port 40826 ssh2
May  6 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Connection closed by 195.178.110.50 port 40826 [preauth]
May  6 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12811]: pam_unix(cron:session): session closed for user p13x
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: Successful su for rubyman by root
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: + ??? root:rubyman
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338723 of user rubyman.
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: pam_unix(su:session): session closed for user rubyman
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338723.
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Invalid user www from 196.251.84.225
May  6 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: input_userauth_request: invalid user www [preauth]
May  6 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10174]: pam_unix(cron:session): session closed for user root
May  6 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Failed password for invalid user www from 196.251.84.225 port 55634 ssh2
May  6 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12895]: Connection closed by 196.251.84.225 port 55634 [preauth]
May  6 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Invalid user ? from 195.178.110.50
May  6 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: input_userauth_request: invalid user ? [preauth]
May  6 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12812]: pam_unix(cron:session): session closed for user samftp
May  6 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Failed password for invalid user ? from 195.178.110.50 port 4296 ssh2
May  6 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Connection closed by 195.178.110.50 port 4296 [preauth]
May  6 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: Invalid user d from 195.178.110.50
May  6 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: input_userauth_request: invalid user d [preauth]
May  6 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 06:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: Failed password for invalid user d from 195.178.110.50 port 53660 ssh2
May  6 06:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13058]: Connection closed by 195.178.110.50 port 53660 [preauth]
May  6 06:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Invalid user chosuan from 46.25.236.192
May  6 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: input_userauth_request: invalid user chosuan [preauth]
May  6 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user root
May  6 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Failed password for invalid user chosuan from 46.25.236.192 port 39488 ssh2
May  6 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Received disconnect from 46.25.236.192 port 39488:11: Bye Bye [preauth]
May  6 06:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13121]: Disconnected from 46.25.236.192 port 39488 [preauth]
May  6 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: Invalid user jito from 196.251.84.225
May  6 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: input_userauth_request: invalid user jito [preauth]
May  6 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Invalid user + from 195.178.110.50
May  6 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: input_userauth_request: invalid user + [preauth]
May  6 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: pam_unix(sshd:auth): bad username [+]
May  6 06:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Failed password for invalid user + from 195.178.110.50 port 22428 ssh2
May  6 06:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: Failed password for invalid user jito from 196.251.84.225 port 53146 ssh2
May  6 06:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13146]: Connection closed by 196.251.84.225 port 53146 [preauth]
May  6 06:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13114]: Connection closed by 195.178.110.50 port 22428 [preauth]
May  6 06:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: Invalid user P from 195.178.110.50
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: input_userauth_request: invalid user P [preauth]
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Invalid user salavat from 182.180.77.216
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: input_userauth_request: invalid user salavat [preauth]
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: Failed password for invalid user P from 195.178.110.50 port 39892 ssh2
May  6 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Failed password for invalid user salavat from 182.180.77.216 port 58356 ssh2
May  6 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Received disconnect from 182.180.77.216 port 58356:11: Bye Bye [preauth]
May  6 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13193]: Disconnected from 182.180.77.216 port 58356 [preauth]
May  6 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: Connection closed by 195.178.110.50 port 39892 [preauth]
May  6 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Invalid user tmp from 84.22.147.211
May  6 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: input_userauth_request: invalid user tmp [preauth]
May  6 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Failed password for invalid user tmp from 84.22.147.211 port 35434 ssh2
May  6 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Received disconnect from 84.22.147.211 port 35434:11: Bye Bye [preauth]
May  6 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13196]: Disconnected from 84.22.147.211 port 35434 [preauth]
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session closed for user p13x
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: Successful su for rubyman by root
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: + ??? root:rubyman
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338727 of user rubyman.
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13342]: pam_unix(su:session): session closed for user rubyman
May  6 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338727.
May  6 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user root
May  6 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13576]: Did not receive identification string from 92.118.39.57
May  6 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session closed for user root
May  6 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Invalid user palworld from 196.251.84.225
May  6 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: input_userauth_request: invalid user palworld [preauth]
May  6 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13218]: pam_unix(cron:session): session closed for user samftp
May  6 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for invalid user palworld from 196.251.84.225 port 46296 ssh2
May  6 06:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 196.251.84.225 port 46296 [preauth]
May  6 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session closed for user root
May  6 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Invalid user jito from 196.251.84.225
May  6 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: input_userauth_request: invalid user jito [preauth]
May  6 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Failed password for invalid user jito from 196.251.84.225 port 56860 ssh2
May  6 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Connection closed by 196.251.84.225 port 56860 [preauth]
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session closed for user root
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13816]: pam_unix(cron:session): session closed for user p13x
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: Successful su for rubyman by root
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: + ??? root:rubyman
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338731 of user rubyman.
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13885]: pam_unix(su:session): session closed for user rubyman
May  6 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338731.
May  6 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13818]: pam_unix(cron:session): session closed for user root
May  6 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11166]: pam_unix(cron:session): session closed for user root
May  6 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13817]: pam_unix(cron:session): session closed for user samftp
May  6 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Invalid user user from 196.251.84.225
May  6 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: input_userauth_request: invalid user user [preauth]
May  6 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Failed password for invalid user user from 196.251.84.225 port 52640 ssh2
May  6 06:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14095]: Connection closed by 196.251.84.225 port 52640 [preauth]
May  6 06:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Invalid user student3 from 194.190.153.226
May  6 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: input_userauth_request: invalid user student3 [preauth]
May  6 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for invalid user student3 from 194.190.153.226 port 46452 ssh2
May  6 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Received disconnect from 194.190.153.226 port 46452:11: Bye Bye [preauth]
May  6 06:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Disconnected from 194.190.153.226 port 46452 [preauth]
May  6 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session closed for user root
May  6 06:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: input_userauth_request: invalid user www-data [preauth]
May  6 06:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Invalid user a1 from 152.42.225.137
May  6 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: input_userauth_request: invalid user a1 [preauth]
May  6 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Failed password for invalid user a1 from 152.42.225.137 port 49418 ssh2
May  6 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Received disconnect from 152.42.225.137 port 49418:11: Bye Bye [preauth]
May  6 06:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Disconnected from 152.42.225.137 port 49418 [preauth]
May  6 06:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for invalid user www-data from 196.251.84.225 port 58976 ssh2
May  6 06:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 196.251.84.225 port 58976 [preauth]
May  6 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session closed for user p13x
May  6 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: Successful su for rubyman by root
May  6 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: + ??? root:rubyman
May  6 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338737 of user rubyman.
May  6 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14326]: pam_unix(su:session): session closed for user rubyman
May  6 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338737.
May  6 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session closed for user root
May  6 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session closed for user samftp
May  6 06:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Invalid user julio from 103.195.7.51
May  6 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: input_userauth_request: invalid user julio [preauth]
May  6 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Failed password for invalid user julio from 103.195.7.51 port 60106 ssh2
May  6 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Received disconnect from 103.195.7.51 port 60106:11: Bye Bye [preauth]
May  6 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14536]: Disconnected from 103.195.7.51 port 60106 [preauth]
May  6 06:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: input_userauth_request: invalid user ftp [preauth]
May  6 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  6 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: Failed password for invalid user ftp from 196.251.84.225 port 35890 ssh2
May  6 06:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: Connection closed by 196.251.84.225 port 35890 [preauth]
May  6 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session closed for user root
May  6 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Invalid user student3 from 43.135.173.36
May  6 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: input_userauth_request: invalid user student3 [preauth]
May  6 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for invalid user student3 from 43.135.173.36 port 47814 ssh2
May  6 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Received disconnect from 43.135.173.36 port 47814:11: Bye Bye [preauth]
May  6 06:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Disconnected from 43.135.173.36 port 47814 [preauth]
May  6 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Invalid user admin from 80.94.95.241
May  6 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: input_userauth_request: invalid user admin [preauth]
May  6 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Failed password for invalid user admin from 80.94.95.241 port 7859 ssh2
May  6 06:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Failed password for invalid user admin from 80.94.95.241 port 7859 ssh2
May  6 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14653]: Failed password for root from 196.251.84.225 port 53594 ssh2
May  6 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14653]: Connection closed by 196.251.84.225 port 53594 [preauth]
May  6 06:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Failed password for invalid user admin from 80.94.95.241 port 7859 ssh2
May  6 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14664]: Failed password for root from 107.175.83.197 port 56356 ssh2
May  6 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14664]: Received disconnect from 107.175.83.197 port 56356:11: Bye Bye [preauth]
May  6 06:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14664]: Disconnected from 107.175.83.197 port 56356 [preauth]
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session closed for user p13x
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: Successful su for rubyman by root
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: + ??? root:rubyman
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338744 of user rubyman.
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14744]: pam_unix(su:session): session closed for user rubyman
May  6 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338744.
May  6 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session closed for user root
May  6 06:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user samftp
May  6 06:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Invalid user puppet from 196.251.84.225
May  6 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: input_userauth_request: invalid user puppet [preauth]
May  6 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Failed password for invalid user puppet from 196.251.84.225 port 42694 ssh2
May  6 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14961]: Connection closed by 196.251.84.225 port 42694 [preauth]
May  6 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user root
May  6 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Invalid user jito from 196.251.84.225
May  6 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: input_userauth_request: invalid user jito [preauth]
May  6 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Failed password for invalid user jito from 196.251.84.225 port 50374 ssh2
May  6 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Connection closed by 196.251.84.225 port 50374 [preauth]
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15088]: pam_unix(cron:session): session closed for user p13x
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: Successful su for rubyman by root
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: + ??? root:rubyman
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338745 of user rubyman.
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15148]: pam_unix(su:session): session closed for user rubyman
May  6 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338745.
May  6 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12413]: pam_unix(cron:session): session closed for user root
May  6 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session closed for user samftp
May  6 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Invalid user storage from 137.184.114.25
May  6 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: input_userauth_request: invalid user storage [preauth]
May  6 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Failed password for invalid user storage from 137.184.114.25 port 36546 ssh2
May  6 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Received disconnect from 137.184.114.25 port 36546:11: Bye Bye [preauth]
May  6 06:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15328]: Disconnected from 137.184.114.25 port 36546 [preauth]
May  6 06:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: input_userauth_request: invalid user mysql [preauth]
May  6 06:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  6 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Failed password for invalid user mysql from 196.251.84.225 port 54906 ssh2
May  6 06:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15363]: Connection closed by 196.251.84.225 port 54906 [preauth]
May  6 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15373]: Did not receive identification string from 193.32.162.185
May  6 06:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14253]: pam_unix(cron:session): session closed for user root
May  6 06:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Invalid user lishanshan from 46.25.236.192
May  6 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: input_userauth_request: invalid user lishanshan [preauth]
May  6 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Failed password for invalid user lishanshan from 46.25.236.192 port 47622 ssh2
May  6 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Received disconnect from 46.25.236.192 port 47622:11: Bye Bye [preauth]
May  6 06:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15451]: Disconnected from 46.25.236.192 port 47622 [preauth]
May  6 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Invalid user dolphin from 196.251.84.225
May  6 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: input_userauth_request: invalid user dolphin [preauth]
May  6 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Failed password for invalid user dolphin from 196.251.84.225 port 42402 ssh2
May  6 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15454]: Connection closed by 196.251.84.225 port 42402 [preauth]
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user p13x
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: Successful su for rubyman by root
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: + ??? root:rubyman
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338751 of user rubyman.
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15545]: pam_unix(su:session): session closed for user rubyman
May  6 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338751.
May  6 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session closed for user root
May  6 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session closed for user samftp
May  6 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: Invalid user cmaq from 84.22.147.211
May  6 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: input_userauth_request: invalid user cmaq [preauth]
May  6 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Invalid user bodega from 182.180.77.216
May  6 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: input_userauth_request: invalid user bodega [preauth]
May  6 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: Failed password for invalid user cmaq from 84.22.147.211 port 54530 ssh2
May  6 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: Received disconnect from 84.22.147.211 port 54530:11: Bye Bye [preauth]
May  6 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15759]: Disconnected from 84.22.147.211 port 54530 [preauth]
May  6 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for invalid user bodega from 182.180.77.216 port 37774 ssh2
May  6 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Received disconnect from 182.180.77.216 port 37774:11: Bye Bye [preauth]
May  6 06:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Disconnected from 182.180.77.216 port 37774 [preauth]
May  6 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: input_userauth_request: invalid user ftp [preauth]
May  6 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  6 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: Failed password for invalid user ftp from 196.251.84.225 port 44070 ssh2
May  6 06:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15761]: Connection closed by 196.251.84.225 port 44070 [preauth]
May  6 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session closed for user root
May  6 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Invalid user vnc from 196.251.84.225
May  6 06:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: input_userauth_request: invalid user vnc [preauth]
May  6 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Failed password for invalid user vnc from 196.251.84.225 port 47408 ssh2
May  6 06:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15862]: Connection closed by 196.251.84.225 port 47408 [preauth]
May  6 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Invalid user frappe from 186.96.145.241
May  6 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: input_userauth_request: invalid user frappe [preauth]
May  6 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for invalid user frappe from 186.96.145.241 port 53672 ssh2
May  6 06:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Connection closed by 186.96.145.241 port 53672 [preauth]
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session closed for user root
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user p13x
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15970]: Successful su for rubyman by root
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15970]: + ??? root:rubyman
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338758 of user rubyman.
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15970]: pam_unix(su:session): session closed for user rubyman
May  6 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338758.
May  6 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session closed for user root
May  6 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session closed for user root
May  6 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226  user=root
May  6 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15902]: pam_unix(cron:session): session closed for user samftp
May  6 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: Failed password for root from 194.190.153.226 port 60498 ssh2
May  6 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: Received disconnect from 194.190.153.226 port 60498:11: Bye Bye [preauth]
May  6 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16076]: Disconnected from 194.190.153.226 port 60498 [preauth]
May  6 06:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Failed password for root from 196.251.84.225 port 56190 ssh2
May  6 06:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16189]: Connection closed by 196.251.84.225 port 56190 [preauth]
May  6 06:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session closed for user root
May  6 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Invalid user user from 196.251.84.225
May  6 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: input_userauth_request: invalid user user [preauth]
May  6 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user user from 196.251.84.225 port 49950 ssh2
May  6 06:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Connection closed by 196.251.84.225 port 49950 [preauth]
May  6 06:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Invalid user gittest from 50.235.31.47
May  6 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: input_userauth_request: invalid user gittest [preauth]
May  6 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Failed password for invalid user gittest from 50.235.31.47 port 47830 ssh2
May  6 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16307]: Connection closed by 50.235.31.47 port 47830 [preauth]
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16319]: pam_unix(cron:session): session closed for user p13x
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16382]: Successful su for rubyman by root
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16382]: + ??? root:rubyman
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338759 of user rubyman.
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16382]: pam_unix(su:session): session closed for user rubyman
May  6 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338759.
May  6 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13819]: pam_unix(cron:session): session closed for user root
May  6 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16320]: pam_unix(cron:session): session closed for user samftp
May  6 06:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16622]: Failed password for root from 152.42.225.137 port 55004 ssh2
May  6 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16622]: Received disconnect from 152.42.225.137 port 55004:11: Bye Bye [preauth]
May  6 06:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16622]: Disconnected from 152.42.225.137 port 55004 [preauth]
May  6 06:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: Invalid user wordpress from 196.251.84.225
May  6 06:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: input_userauth_request: invalid user wordpress [preauth]
May  6 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: Failed password for invalid user wordpress from 196.251.84.225 port 52872 ssh2
May  6 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16658]: Connection closed by 196.251.84.225 port 52872 [preauth]
May  6 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Invalid user user from 43.135.173.36
May  6 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: input_userauth_request: invalid user user [preauth]
May  6 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Failed password for invalid user user from 43.135.173.36 port 51414 ssh2
May  6 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Received disconnect from 43.135.173.36 port 51414:11: Bye Bye [preauth]
May  6 06:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16690]: Disconnected from 43.135.173.36 port 51414 [preauth]
May  6 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15488]: pam_unix(cron:session): session closed for user root
May  6 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Invalid user scs from 107.175.83.197
May  6 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: input_userauth_request: invalid user scs [preauth]
May  6 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Failed password for invalid user scs from 107.175.83.197 port 37360 ssh2
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Received disconnect from 107.175.83.197 port 37360:11: Bye Bye [preauth]
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: Disconnected from 107.175.83.197 port 37360 [preauth]
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: Invalid user abdullah from 103.195.7.51
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: input_userauth_request: invalid user abdullah [preauth]
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: Failed password for invalid user abdullah from 103.195.7.51 port 60898 ssh2
May  6 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: Received disconnect from 103.195.7.51 port 60898:11: Bye Bye [preauth]
May  6 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16766]: Disconnected from 103.195.7.51 port 60898 [preauth]
May  6 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Failed password for root from 196.251.84.225 port 56162 ssh2
May  6 06:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16762]: Connection closed by 196.251.84.225 port 56162 [preauth]
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user p13x
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: Successful su for rubyman by root
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: + ??? root:rubyman
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338763 of user rubyman.
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16847]: pam_unix(su:session): session closed for user rubyman
May  6 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338763.
May  6 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14252]: pam_unix(cron:session): session closed for user root
May  6 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user samftp
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Connection closed by 64.23.219.56 port 53078 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Connection closed by 64.23.219.56 port 53080 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17101]: Connection closed by 64.23.219.56 port 53094 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17103]: Connection closed by 64.23.219.56 port 53098 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17105]: Connection closed by 64.23.219.56 port 53108 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Connection closed by 64.23.219.56 port 53114 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: Connection closed by 64.23.219.56 port 53122 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17111]: Connection closed by 64.23.219.56 port 53128 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: Connection closed by 64.23.219.56 port 53136 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: Connection closed by 64.23.219.56 port 53146 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: Connection closed by 64.23.219.56 port 53156 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Connection closed by 64.23.219.56 port 53160 [preauth]
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Connection closed by 64.23.219.56 port 53170 [preauth]
May  6 06:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Invalid user dolphinscheduler from 196.251.84.225
May  6 06:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 50906 ssh2
May  6 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17133]: Connection closed by 196.251.84.225 port 50906 [preauth]
May  6 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session closed for user root
May  6 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Invalid user steam from 196.251.84.225
May  6 06:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: input_userauth_request: invalid user steam [preauth]
May  6 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Failed password for invalid user steam from 196.251.84.225 port 33266 ssh2
May  6 06:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17230]: Did not receive identification string from 74.179.185.216
May  6 06:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Connection closed by 196.251.84.225 port 33266 [preauth]
May  6 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17250]: pam_unix(cron:session): session closed for user p13x
May  6 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17315]: Successful su for rubyman by root
May  6 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17315]: + ??? root:rubyman
May  6 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338768 of user rubyman.
May  6 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17315]: pam_unix(su:session): session closed for user rubyman
May  6 06:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338768.
May  6 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session closed for user root
May  6 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17251]: pam_unix(cron:session): session closed for user samftp
May  6 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Failed password for root from 218.92.0.179 port 59891 ssh2
May  6 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59891 ssh2]
May  6 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Received disconnect from 218.92.0.179 port 59891:11:  [preauth]
May  6 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: Disconnected from 218.92.0.179 port 59891 [preauth]
May  6 06:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17515]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Invalid user wordpress from 196.251.84.225
May  6 06:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: input_userauth_request: invalid user wordpress [preauth]
May  6 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Failed password for invalid user wordpress from 196.251.84.225 port 43934 ssh2
May  6 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17552]: Connection closed by 196.251.84.225 port 43934 [preauth]
May  6 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Invalid user lishanshan from 137.184.114.25
May  6 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: input_userauth_request: invalid user lishanshan [preauth]
May  6 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Failed password for invalid user lishanshan from 137.184.114.25 port 45344 ssh2
May  6 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Received disconnect from 137.184.114.25 port 45344:11: Bye Bye [preauth]
May  6 06:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Disconnected from 137.184.114.25 port 45344 [preauth]
May  6 06:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16322]: pam_unix(cron:session): session closed for user root
May  6 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Invalid user admin from 80.94.95.112
May  6 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: input_userauth_request: invalid user admin [preauth]
May  6 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 06:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user admin from 80.94.95.112 port 7841 ssh2
May  6 06:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user admin from 80.94.95.112 port 7841 ssh2
May  6 06:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user admin from 80.94.95.112 port 7841 ssh2
May  6 06:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user admin from 80.94.95.112 port 7841 ssh2
May  6 06:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user admin from 80.94.95.112 port 7841 ssh2
May  6 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Received disconnect from 80.94.95.112 port 7841:11: Bye [preauth]
May  6 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Disconnected from 80.94.95.112 port 7841 [preauth]
May  6 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 06:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: Invalid user nagios from 196.251.84.225
May  6 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: input_userauth_request: invalid user nagios [preauth]
May  6 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: Failed password for invalid user nagios from 196.251.84.225 port 53940 ssh2
May  6 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17663]: Connection closed by 196.251.84.225 port 53940 [preauth]
May  6 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Invalid user scanner from 46.25.236.192
May  6 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: input_userauth_request: invalid user scanner [preauth]
May  6 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Failed password for invalid user scanner from 46.25.236.192 port 55758 ssh2
May  6 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Received disconnect from 46.25.236.192 port 55758:11: Bye Bye [preauth]
May  6 06:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17673]: Disconnected from 46.25.236.192 port 55758 [preauth]
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session closed for user p13x
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: Successful su for rubyman by root
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: + ??? root:rubyman
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338773 of user rubyman.
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: pam_unix(su:session): session closed for user rubyman
May  6 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338773.
May  6 06:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session closed for user root
May  6 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17679]: pam_unix(cron:session): session closed for user samftp
May  6 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Failed password for root from 218.92.0.210 port 22900 ssh2
May  6 06:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 06:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Failed password for root from 164.68.105.9 port 33294 ssh2
May  6 06:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18059]: Connection closed by 164.68.105.9 port 33294 [preauth]
May  6 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Failed password for root from 196.251.84.225 port 57096 ssh2
May  6 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Connection closed by 196.251.84.225 port 57096 [preauth]
May  6 06:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 218.92.0.210 port 52514 ssh2
May  6 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session closed for user root
May  6 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 06:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18151]: Failed password for root from 218.92.0.210 port 56092 ssh2
May  6 06:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211  user=root
May  6 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: Failed password for root from 84.22.147.211 port 59406 ssh2
May  6 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: Received disconnect from 84.22.147.211 port 59406:11: Bye Bye [preauth]
May  6 06:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18171]: Disconnected from 84.22.147.211 port 59406 [preauth]
May  6 06:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Invalid user oracle from 196.251.84.225
May  6 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: input_userauth_request: invalid user oracle [preauth]
May  6 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Failed password for invalid user oracle from 196.251.84.225 port 52018 ssh2
May  6 06:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18200]: Connection closed by 196.251.84.225 port 52018 [preauth]
May  6 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: Invalid user zhanna from 194.190.153.226
May  6 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: input_userauth_request: invalid user zhanna [preauth]
May  6 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session closed for user root
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18224]: pam_unix(cron:session): session closed for user p13x
May  6 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: Failed password for invalid user zhanna from 194.190.153.226 port 33938 ssh2
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: Successful su for rubyman by root
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: + ??? root:rubyman
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338775 of user rubyman.
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18295]: pam_unix(su:session): session closed for user rubyman
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338775.
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: Received disconnect from 194.190.153.226 port 33938:11: Bye Bye [preauth]
May  6 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18213]: Disconnected from 194.190.153.226 port 33938 [preauth]
May  6 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18226]: pam_unix(cron:session): session closed for user root
May  6 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session closed for user root
May  6 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Invalid user cdl from 182.180.77.216
May  6 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: input_userauth_request: invalid user cdl [preauth]
May  6 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18225]: pam_unix(cron:session): session closed for user samftp
May  6 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Failed password for invalid user cdl from 182.180.77.216 port 45444 ssh2
May  6 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Received disconnect from 182.180.77.216 port 45444:11: Bye Bye [preauth]
May  6 06:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Disconnected from 182.180.77.216 port 45444 [preauth]
May  6 06:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: Invalid user postgres from 196.251.84.225
May  6 06:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: input_userauth_request: invalid user postgres [preauth]
May  6 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: Failed password for invalid user postgres from 196.251.84.225 port 55332 ssh2
May  6 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18547]: Connection closed by 196.251.84.225 port 55332 [preauth]
May  6 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17253]: pam_unix(cron:session): session closed for user root
May  6 06:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Invalid user solana from 196.251.84.225
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: input_userauth_request: invalid user solana [preauth]
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18668]: pam_unix(cron:session): session closed for user p13x
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18738]: Successful su for rubyman by root
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18738]: + ??? root:rubyman
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338783 of user rubyman.
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18738]: pam_unix(su:session): session closed for user rubyman
May  6 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338783.
May  6 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Failed password for invalid user solana from 196.251.84.225 port 59802 ssh2
May  6 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15904]: pam_unix(cron:session): session closed for user root
May  6 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18655]: Connection closed by 196.251.84.225 port 59802 [preauth]
May  6 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18669]: pam_unix(cron:session): session closed for user samftp
May  6 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36  user=root
May  6 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Failed password for root from 43.135.173.36 port 55120 ssh2
May  6 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Received disconnect from 43.135.173.36 port 55120:11: Bye Bye [preauth]
May  6 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Disconnected from 43.135.173.36 port 55120 [preauth]
May  6 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: Invalid user user1 from 196.251.84.225
May  6 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: input_userauth_request: invalid user user1 [preauth]
May  6 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17681]: pam_unix(cron:session): session closed for user root
May  6 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: Failed password for invalid user user1 from 196.251.84.225 port 54634 ssh2
May  6 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18992]: Connection closed by 196.251.84.225 port 54634 [preauth]
May  6 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Invalid user zhangp from 107.175.83.197
May  6 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: input_userauth_request: invalid user zhangp [preauth]
May  6 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Failed password for invalid user zhangp from 107.175.83.197 port 46602 ssh2
May  6 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Received disconnect from 107.175.83.197 port 46602:11: Bye Bye [preauth]
May  6 06:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19034]: Disconnected from 107.175.83.197 port 46602 [preauth]
May  6 06:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19094]: pam_unix(cron:session): session closed for user p13x
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19154]: Successful su for rubyman by root
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19154]: + ??? root:rubyman
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338785 of user rubyman.
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19154]: pam_unix(su:session): session closed for user rubyman
May  6 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338785.
May  6 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: Failed password for root from 196.251.84.225 port 39632 ssh2
May  6 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16321]: pam_unix(cron:session): session closed for user root
May  6 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: Invalid user user from 152.42.225.137
May  6 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: input_userauth_request: invalid user user [preauth]
May  6 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19091]: Connection closed by 196.251.84.225 port 39632 [preauth]
May  6 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19095]: pam_unix(cron:session): session closed for user samftp
May  6 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: Failed password for invalid user user from 152.42.225.137 port 44994 ssh2
May  6 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: Received disconnect from 152.42.225.137 port 44994:11: Bye Bye [preauth]
May  6 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19283]: Disconnected from 152.42.225.137 port 44994 [preauth]
May  6 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19032]: Did not receive identification string from 8.217.145.55
May  6 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: Invalid user sbbs from 103.195.7.51
May  6 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: input_userauth_request: invalid user sbbs [preauth]
May  6 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: Failed password for invalid user sbbs from 103.195.7.51 port 7066 ssh2
May  6 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: Received disconnect from 103.195.7.51 port 7066:11: Bye Bye [preauth]
May  6 06:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19386]: Disconnected from 103.195.7.51 port 7066 [preauth]
May  6 06:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session closed for user root
May  6 06:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Invalid user palworld from 196.251.84.225
May  6 06:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: input_userauth_request: invalid user palworld [preauth]
May  6 06:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Invalid user stuser from 190.103.202.7
May  6 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: input_userauth_request: invalid user stuser [preauth]
May  6 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Failed password for invalid user stuser from 190.103.202.7 port 36594 ssh2
May  6 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19489]: Connection closed by 190.103.202.7 port 36594 [preauth]
May  6 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Failed password for invalid user palworld from 196.251.84.225 port 41182 ssh2
May  6 06:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Connection closed by 196.251.84.225 port 41182 [preauth]
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19502]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19501]: pam_unix(cron:session): session closed for user p13x
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19572]: Successful su for rubyman by root
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19572]: + ??? root:rubyman
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338790 of user rubyman.
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19572]: pam_unix(su:session): session closed for user rubyman
May  6 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338790.
May  6 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16790]: pam_unix(cron:session): session closed for user root
May  6 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19502]: pam_unix(cron:session): session closed for user samftp
May  6 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Failed password for root from 196.251.84.225 port 32856 ssh2
May  6 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19777]: Received disconnect from 8.217.145.55 port 38042:11: Bye Bye [preauth]
May  6 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19777]: Disconnected from 8.217.145.55 port 38042 [preauth]
May  6 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19745]: Connection closed by 196.251.84.225 port 32856 [preauth]
May  6 06:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18671]: pam_unix(cron:session): session closed for user root
May  6 06:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: Invalid user inspur from 137.184.114.25
May  6 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: input_userauth_request: invalid user inspur [preauth]
May  6 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: Failed password for invalid user inspur from 137.184.114.25 port 54046 ssh2
May  6 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: Received disconnect from 137.184.114.25 port 54046:11: Bye Bye [preauth]
May  6 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19866]: Disconnected from 137.184.114.25 port 54046 [preauth]
May  6 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Invalid user user1 from 196.251.84.225
May  6 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: input_userauth_request: invalid user user1 [preauth]
May  6 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Failed password for invalid user user1 from 196.251.84.225 port 48270 ssh2
May  6 06:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19872]: Connection closed by 196.251.84.225 port 48270 [preauth]
May  6 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: Received disconnect from 8.217.145.55 port 35854:11: Bye Bye [preauth]
May  6 06:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: Disconnected from 8.217.145.55 port 35854 [preauth]
May  6 06:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19934]: pam_unix(cron:session): session closed for user p13x
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: Successful su for rubyman by root
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: + ??? root:rubyman
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338794 of user rubyman.
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20003]: pam_unix(su:session): session closed for user rubyman
May  6 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338794.
May  6 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17252]: pam_unix(cron:session): session closed for user root
May  6 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19935]: pam_unix(cron:session): session closed for user samftp
May  6 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192  user=root
May  6 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Failed password for root from 46.25.236.192 port 35666 ssh2
May  6 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Received disconnect from 46.25.236.192 port 35666:11: Bye Bye [preauth]
May  6 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20193]: Disconnected from 46.25.236.192 port 35666 [preauth]
May  6 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: Invalid user dolphinscheduler from 196.251.84.225
May  6 06:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 06:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 57986 ssh2
May  6 06:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20192]: Connection closed by 196.251.84.225 port 57986 [preauth]
May  6 06:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: Received disconnect from 8.217.145.55 port 44024:11: Bye Bye [preauth]
May  6 06:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19922]: Disconnected from 8.217.145.55 port 44024 [preauth]
May  6 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19097]: pam_unix(cron:session): session closed for user root
May  6 06:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Invalid user dolphin from 196.251.84.225
May  6 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: input_userauth_request: invalid user dolphin [preauth]
May  6 06:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Invalid user scs from 194.190.153.226
May  6 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: input_userauth_request: invalid user scs [preauth]
May  6 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Failed password for invalid user scs from 194.190.153.226 port 44794 ssh2
May  6 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Received disconnect from 194.190.153.226 port 44794:11: Bye Bye [preauth]
May  6 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20324]: Disconnected from 194.190.153.226 port 44794 [preauth]
May  6 06:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Failed password for invalid user dolphin from 196.251.84.225 port 54534 ssh2
May  6 06:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Connection closed by 196.251.84.225 port 54534 [preauth]
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20349]: pam_unix(cron:session): session closed for user root
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20344]: pam_unix(cron:session): session closed for user p13x
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: Successful su for rubyman by root
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: + ??? root:rubyman
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338798 of user rubyman.
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20414]: pam_unix(su:session): session closed for user rubyman
May  6 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338798.
May  6 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20346]: pam_unix(cron:session): session closed for user root
May  6 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17680]: pam_unix(cron:session): session closed for user root
May  6 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20345]: pam_unix(cron:session): session closed for user samftp
May  6 06:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: Invalid user dell from 84.22.147.211
May  6 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: input_userauth_request: invalid user dell [preauth]
May  6 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: Failed password for invalid user dell from 84.22.147.211 port 51974 ssh2
May  6 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: Received disconnect from 84.22.147.211 port 51974:11: Bye Bye [preauth]
May  6 06:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20641]: Disconnected from 84.22.147.211 port 51974 [preauth]
May  6 06:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Invalid user nagios from 196.251.84.225
May  6 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: input_userauth_request: invalid user nagios [preauth]
May  6 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Failed password for invalid user nagios from 196.251.84.225 port 53186 ssh2
May  6 06:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Connection closed by 196.251.84.225 port 53186 [preauth]
May  6 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19504]: pam_unix(cron:session): session closed for user root
May  6 06:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: Invalid user sara from 182.180.77.216
May  6 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: input_userauth_request: invalid user sara [preauth]
May  6 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 06:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: Failed password for invalid user sara from 182.180.77.216 port 53106 ssh2
May  6 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: Received disconnect from 182.180.77.216 port 53106:11: Bye Bye [preauth]
May  6 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20754]: Disconnected from 182.180.77.216 port 53106 [preauth]
May  6 06:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Invalid user ftpuser from 196.251.84.225
May  6 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: input_userauth_request: invalid user ftpuser [preauth]
May  6 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Failed password for invalid user ftpuser from 196.251.84.225 port 54158 ssh2
May  6 06:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20764]: Connection closed by 196.251.84.225 port 54158 [preauth]
May  6 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Failed password for root from 85.208.253.217 port 40436 ssh2
May  6 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Received disconnect from 85.208.253.217 port 40436:11: Bye Bye [preauth]
May  6 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Disconnected from 85.208.253.217 port 40436 [preauth]
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20787]: pam_unix(cron:session): session closed for user p13x
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: Successful su for rubyman by root
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: + ??? root:rubyman
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338804 of user rubyman.
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: pam_unix(su:session): session closed for user rubyman
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338804.
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: Invalid user web from 43.135.173.36
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: input_userauth_request: invalid user web [preauth]
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: Failed password for invalid user web from 43.135.173.36 port 34370 ssh2
May  6 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: Received disconnect from 43.135.173.36 port 34370:11: Bye Bye [preauth]
May  6 06:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: Disconnected from 43.135.173.36 port 34370 [preauth]
May  6 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18227]: pam_unix(cron:session): session closed for user root
May  6 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20789]: pam_unix(cron:session): session closed for user samftp
May  6 06:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for root from 218.92.0.179 port 33656 ssh2
May  6 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Invalid user gmodserver from 196.251.84.225
May  6 06:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: input_userauth_request: invalid user gmodserver [preauth]
May  6 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for root from 218.92.0.179 port 33656 ssh2
May  6 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21127]: Failed password for root from 107.175.83.197 port 55834 ssh2
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21127]: Received disconnect from 107.175.83.197 port 55834:11: Bye Bye [preauth]
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21127]: Disconnected from 107.175.83.197 port 55834 [preauth]
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Failed password for invalid user gmodserver from 196.251.84.225 port 40234 ssh2
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: Connection closed by 196.251.84.225 port 40234 [preauth]
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Failed password for root from 218.92.0.179 port 33656 ssh2
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19937]: pam_unix(cron:session): session closed for user root
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Received disconnect from 218.92.0.179 port 33656:11:  [preauth]
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: Disconnected from 218.92.0.179 port 33656 [preauth]
May  6 06:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21110]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 06:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.180.199.96  user=root
May  6 06:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21230]: Failed password for root from 111.180.199.96 port 40244 ssh2
May  6 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: input_userauth_request: invalid user sys [preauth]
May  6 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21250]: pam_unix(cron:session): session closed for user p13x
May  6 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: Successful su for rubyman by root
May  6 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: + ??? root:rubyman
May  6 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338807 of user rubyman.
May  6 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: pam_unix(su:session): session closed for user rubyman
May  6 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338807.
May  6 06:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  6 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18670]: pam_unix(cron:session): session closed for user root
May  6 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: Failed password for invalid user sys from 196.251.84.225 port 38846 ssh2
May  6 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21252]: pam_unix(cron:session): session closed for user samftp
May  6 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21214]: Connection closed by 196.251.84.225 port 38846 [preauth]
May  6 06:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: Invalid user dolphin from 196.251.84.225
May  6 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: input_userauth_request: invalid user dolphin [preauth]
May  6 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: Failed password for invalid user dolphin from 196.251.84.225 port 45518 ssh2
May  6 06:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21567]: Connection closed by 196.251.84.225 port 45518 [preauth]
May  6 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20348]: pam_unix(cron:session): session closed for user root
May  6 06:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Failed password for root from 152.42.225.137 port 48432 ssh2
May  6 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Received disconnect from 152.42.225.137 port 48432:11: Bye Bye [preauth]
May  6 06:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21611]: Disconnected from 152.42.225.137 port 48432 [preauth]
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21692]: pam_unix(cron:session): session closed for user p13x
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21857]: Successful su for rubyman by root
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21857]: + ??? root:rubyman
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338812 of user rubyman.
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21857]: pam_unix(su:session): session closed for user rubyman
May  6 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338812.
May  6 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Invalid user server1 from 103.195.7.51
May  6 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: input_userauth_request: invalid user server1 [preauth]
May  6 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19096]: pam_unix(cron:session): session closed for user root
May  6 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Failed password for invalid user server1 from 103.195.7.51 port 33702 ssh2
May  6 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: Failed password for root from 196.251.84.225 port 59868 ssh2
May  6 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Received disconnect from 103.195.7.51 port 33702:11: Bye Bye [preauth]
May  6 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22109]: Disconnected from 103.195.7.51 port 33702 [preauth]
May  6 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21698]: pam_unix(cron:session): session closed for user samftp
May  6 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21752]: Connection closed by 196.251.84.225 port 59868 [preauth]
May  6 06:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Invalid user admin from 196.251.84.225
May  6 06:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: input_userauth_request: invalid user admin [preauth]
May  6 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20791]: pam_unix(cron:session): session closed for user root
May  6 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Failed password for invalid user admin from 196.251.84.225 port 52160 ssh2
May  6 06:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Connection closed by 196.251.84.225 port 52160 [preauth]
May  6 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Invalid user scanner from 137.184.114.25
May  6 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: input_userauth_request: invalid user scanner [preauth]
May  6 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Failed password for invalid user scanner from 137.184.114.25 port 34536 ssh2
May  6 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Received disconnect from 137.184.114.25 port 34536:11: Bye Bye [preauth]
May  6 06:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Disconnected from 137.184.114.25 port 34536 [preauth]
May  6 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Did not receive identification string from 111.67.203.162
May  6 06:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: Invalid user admin from 111.67.203.162
May  6 06:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: input_userauth_request: invalid user admin [preauth]
May  6 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: Failed password for invalid user admin from 111.67.203.162 port 44734 ssh2
May  6 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22430]: Connection closed by 111.67.203.162 port 44734 [preauth]
May  6 06:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Invalid user vagrant from 111.67.203.162
May  6 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: input_userauth_request: invalid user vagrant [preauth]
May  6 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user p13x
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: Successful su for rubyman by root
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: + ??? root:rubyman
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338815 of user rubyman.
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22519]: pam_unix(su:session): session closed for user rubyman
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338815.
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Invalid user node from 196.251.84.225
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: input_userauth_request: invalid user node [preauth]
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Failed password for invalid user vagrant from 111.67.203.162 port 46202 ssh2
May  6 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22445]: Connection closed by 111.67.203.162 port 46202 [preauth]
May  6 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Failed password for invalid user node from 196.251.84.225 port 36046 ssh2
May  6 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19503]: pam_unix(cron:session): session closed for user root
May  6 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Invalid user user from 111.67.203.162
May  6 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: input_userauth_request: invalid user user [preauth]
May  6 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22447]: Connection closed by 196.251.84.225 port 36046 [preauth]
May  6 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Failed password for invalid user user from 111.67.203.162 port 48068 ssh2
May  6 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user samftp
May  6 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Connection closed by 111.67.203.162 port 48068 [preauth]
May  6 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Invalid user test from 111.67.203.162
May  6 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: input_userauth_request: invalid user test [preauth]
May  6 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Failed password for invalid user test from 111.67.203.162 port 49240 ssh2
May  6 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Connection closed by 111.67.203.162 port 49240 [preauth]
May  6 06:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Invalid user dspace from 111.67.203.162
May  6 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: input_userauth_request: invalid user dspace [preauth]
May  6 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Failed password for invalid user dspace from 111.67.203.162 port 50698 ssh2
May  6 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22731]: Connection closed by 111.67.203.162 port 50698 [preauth]
May  6 06:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Invalid user admin from 111.67.203.162
May  6 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: input_userauth_request: invalid user admin [preauth]
May  6 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Failed password for invalid user admin from 111.67.203.162 port 52530 ssh2
May  6 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22736]: Connection closed by 111.67.203.162 port 52530 [preauth]
May  6 06:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Invalid user dspace from 111.67.203.162
May  6 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: input_userauth_request: invalid user dspace [preauth]
May  6 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Failed password for invalid user dspace from 111.67.203.162 port 54014 ssh2
May  6 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22763]: Connection closed by 111.67.203.162 port 54014 [preauth]
May  6 06:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Invalid user oracle from 111.67.203.162
May  6 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: input_userauth_request: invalid user oracle [preauth]
May  6 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Failed password for invalid user oracle from 111.67.203.162 port 55354 ssh2
May  6 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22766]: Connection closed by 111.67.203.162 port 55354 [preauth]
May  6 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Invalid user csgo from 111.67.203.162
May  6 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: input_userauth_request: invalid user csgo [preauth]
May  6 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Failed password for invalid user csgo from 111.67.203.162 port 57276 ssh2
May  6 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Connection closed by 111.67.203.162 port 57276 [preauth]
May  6 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: Invalid user wang from 46.25.236.192
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: input_userauth_request: invalid user wang [preauth]
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Invalid user test from 111.67.203.162
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: input_userauth_request: invalid user test [preauth]
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: Failed password for invalid user wang from 46.25.236.192 port 43800 ssh2
May  6 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: Received disconnect from 46.25.236.192 port 43800:11: Bye Bye [preauth]
May  6 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22798]: Disconnected from 46.25.236.192 port 43800 [preauth]
May  6 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Failed password for invalid user test from 111.67.203.162 port 59002 ssh2
May  6 06:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22806]: Connection closed by 111.67.203.162 port 59002 [preauth]
May  6 06:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162  user=root
May  6 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Invalid user uftp from 196.251.84.225
May  6 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: input_userauth_request: invalid user uftp [preauth]
May  6 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: Failed password for root from 111.67.203.162 port 60762 ssh2
May  6 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22817]: Connection closed by 111.67.203.162 port 60762 [preauth]
May  6 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Failed password for invalid user uftp from 196.251.84.225 port 41904 ssh2
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22809]: Connection closed by 196.251.84.225 port 41904 [preauth]
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Invalid user hdoop from 95.216.80.130
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: input_userauth_request: invalid user hdoop [preauth]
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Invalid user test from 111.67.203.162
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: input_userauth_request: invalid user test [preauth]
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21254]: pam_unix(cron:session): session closed for user root
May  6 06:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Failed password for invalid user hdoop from 95.216.80.130 port 40880 ssh2
May  6 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Received disconnect from 95.216.80.130 port 40880:11: Bye Bye [preauth]
May  6 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Disconnected from 95.216.80.130 port 40880 [preauth]
May  6 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Failed password for invalid user test from 111.67.203.162 port 34278 ssh2
May  6 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22830]: Connection closed by 111.67.203.162 port 34278 [preauth]
May  6 06:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Invalid user a from 111.67.203.162
May  6 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: input_userauth_request: invalid user a [preauth]
May  6 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Failed password for invalid user a from 111.67.203.162 port 36066 ssh2
May  6 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Connection closed by 111.67.203.162 port 36066 [preauth]
May  6 06:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Invalid user postgres from 111.67.203.162
May  6 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: input_userauth_request: invalid user postgres [preauth]
May  6 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Failed password for invalid user postgres from 111.67.203.162 port 37216 ssh2
May  6 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Connection closed by 111.67.203.162 port 37216 [preauth]
May  6 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Invalid user hduser from 111.67.203.162
May  6 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: input_userauth_request: invalid user hduser [preauth]
May  6 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Failed password for invalid user hduser from 111.67.203.162 port 37992 ssh2
May  6 06:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Connection closed by 111.67.203.162 port 37992 [preauth]
May  6 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: User ftp from 111.67.203.162 not allowed because not listed in AllowUsers
May  6 06:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: input_userauth_request: invalid user ftp [preauth]
May  6 06:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162  user=ftp
May  6 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Failed password for invalid user ftp from 111.67.203.162 port 38360 ssh2
May  6 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22909]: Connection closed by 111.67.203.162 port 38360 [preauth]
May  6 06:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: Invalid user ubnt from 111.67.203.162
May  6 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: input_userauth_request: invalid user ubnt [preauth]
May  6 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: Failed password for invalid user ubnt from 111.67.203.162 port 38584 ssh2
May  6 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22911]: Connection closed by 111.67.203.162 port 38584 [preauth]
May  6 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Invalid user es from 111.67.203.162
May  6 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: input_userauth_request: invalid user es [preauth]
May  6 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: Invalid user hadoop from 194.190.153.226
May  6 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: input_userauth_request: invalid user hadoop [preauth]
May  6 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.190.153.226
May  6 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Failed password for invalid user es from 111.67.203.162 port 38780 ssh2
May  6 06:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Connection closed by 111.67.203.162 port 38780 [preauth]
May  6 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: Failed password for invalid user hadoop from 194.190.153.226 port 38266 ssh2
May  6 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Invalid user mc from 111.67.203.162
May  6 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: input_userauth_request: invalid user mc [preauth]
May  6 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: Received disconnect from 194.190.153.226 port 38266:11: Bye Bye [preauth]
May  6 06:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: Disconnected from 194.190.153.226 port 38266 [preauth]
May  6 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: pam_unix(sshd:auth): check pass; user unknown
May  6 06:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Failed password for invalid user mc from 111.67.203.162 port 38950 ssh2
May  6 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22927]: Connection closed by 111.67.203.162 port 38950 [preauth]
May  6 06:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: Invalid user ubuntu from 196.251.84.225
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Invalid user admin from 111.67.203.162
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: input_userauth_request: invalid user admin [preauth]
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: Failed password for invalid user ubuntu from 196.251.84.225 port 39480 ssh2
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22983]: pam_unix(cron:session): session closed for user root
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22988]: pam_unix(cron:session): session closed for user root
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22980]: pam_unix(cron:session): session closed for user p13x
May  6 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22961]: Connection closed by 196.251.84.225 port 39480 [preauth]
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Failed password for invalid user admin from 111.67.203.162 port 39132 ssh2
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22964]: Connection closed by 111.67.203.162 port 39132 [preauth]
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23077]: Successful su for rubyman by root
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23077]: + ??? root:rubyman
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338819 of user rubyman.
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23077]: pam_unix(su:session): session closed for user rubyman
May  6 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338819.
May  6 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: Invalid user ubuntu from 111.67.203.162
May  6 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19936]: pam_unix(cron:session): session closed for user root
May  6 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: Failed password for invalid user ubuntu from 111.67.203.162 port 39282 ssh2
May  6 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22985]: pam_unix(cron:session): session closed for user root
May  6 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23069]: Connection closed by 111.67.203.162 port 39282 [preauth]
May  6 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: Invalid user git from 111.67.203.162
May  6 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: input_userauth_request: invalid user git [preauth]
May  6 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22982]: pam_unix(cron:session): session closed for user samftp
May  6 07:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: Failed password for invalid user git from 111.67.203.162 port 39452 ssh2
May  6 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23271]: Connection closed by 111.67.203.162 port 39452 [preauth]
May  6 07:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162  user=root
May  6 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23398]: Failed password for root from 111.67.203.162 port 39620 ssh2
May  6 07:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23398]: Connection closed by 111.67.203.162 port 39620 [preauth]
May  6 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: Invalid user minecraft from 111.67.203.162
May  6 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: input_userauth_request: invalid user minecraft [preauth]
May  6 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: Failed password for invalid user minecraft from 111.67.203.162 port 39766 ssh2
May  6 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23400]: Connection closed by 111.67.203.162 port 39766 [preauth]
May  6 07:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: Invalid user debian from 111.67.203.162
May  6 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: input_userauth_request: invalid user debian [preauth]
May  6 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: Failed password for invalid user debian from 111.67.203.162 port 39932 ssh2
May  6 07:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23420]: Connection closed by 111.67.203.162 port 39932 [preauth]
May  6 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Invalid user minecraft from 111.67.203.162
May  6 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: input_userauth_request: invalid user minecraft [preauth]
May  6 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Failed password for invalid user minecraft from 111.67.203.162 port 40122 ssh2
May  6 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Connection closed by 111.67.203.162 port 40122 [preauth]
May  6 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Invalid user admin from 111.67.203.162
May  6 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: input_userauth_request: invalid user admin [preauth]
May  6 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Failed password for invalid user admin from 111.67.203.162 port 40290 ssh2
May  6 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23442]: Connection closed by 111.67.203.162 port 40290 [preauth]
May  6 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Invalid user minecraft from 111.67.203.162
May  6 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: input_userauth_request: invalid user minecraft [preauth]
May  6 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Failed password for invalid user minecraft from 111.67.203.162 port 40430 ssh2
May  6 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23454]: Connection closed by 111.67.203.162 port 40430 [preauth]
May  6 07:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Invalid user test from 111.67.203.162
May  6 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: input_userauth_request: invalid user test [preauth]
May  6 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: Invalid user bot from 196.251.84.225
May  6 07:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: input_userauth_request: invalid user bot [preauth]
May  6 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Failed password for root from 218.92.0.179 port 11633 ssh2
May  6 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Failed password for invalid user test from 111.67.203.162 port 40598 ssh2
May  6 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23473]: Connection closed by 111.67.203.162 port 40598 [preauth]
May  6 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: Failed password for invalid user bot from 196.251.84.225 port 36158 ssh2
May  6 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: Invalid user ubnt from 111.67.203.162
May  6 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: input_userauth_request: invalid user ubnt [preauth]
May  6 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Failed password for root from 218.92.0.179 port 11633 ssh2
May  6 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23480]: Connection closed by 196.251.84.225 port 36158 [preauth]
May  6 07:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21701]: pam_unix(cron:session): session closed for user root
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Failed password for root from 218.92.0.179 port 11633 ssh2
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: Failed password for invalid user ubnt from 111.67.203.162 port 40760 ssh2
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Received disconnect from 218.92.0.179 port 11633:11:  [preauth]
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: Disconnected from 218.92.0.179 port 11633 [preauth]
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23470]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23485]: Connection closed by 111.67.203.162 port 40760 [preauth]
May  6 07:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Invalid user test from 111.67.203.162
May  6 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: input_userauth_request: invalid user test [preauth]
May  6 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Failed password for invalid user test from 111.67.203.162 port 40942 ssh2
May  6 07:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23543]: Connection closed by 111.67.203.162 port 40942 [preauth]
May  6 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: Invalid user oracle from 111.67.203.162
May  6 07:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: input_userauth_request: invalid user oracle [preauth]
May  6 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: Failed password for invalid user oracle from 111.67.203.162 port 41110 ssh2
May  6 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23551]: Connection closed by 111.67.203.162 port 41110 [preauth]
May  6 07:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: Invalid user 1 from 111.67.203.162
May  6 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: input_userauth_request: invalid user 1 [preauth]
May  6 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: Failed password for invalid user 1 from 111.67.203.162 port 41310 ssh2
May  6 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23561]: Connection closed by 111.67.203.162 port 41310 [preauth]
May  6 07:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Invalid user debian from 111.67.203.162
May  6 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: input_userauth_request: invalid user debian [preauth]
May  6 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Failed password for invalid user debian from 111.67.203.162 port 41486 ssh2
May  6 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23583]: Connection closed by 111.67.203.162 port 41486 [preauth]
May  6 07:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: Invalid user oracle from 111.67.203.162
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: input_userauth_request: invalid user oracle [preauth]
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Invalid user aaaaaa from 84.22.147.211
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: input_userauth_request: invalid user aaaaaa [preauth]
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: Failed password for invalid user oracle from 111.67.203.162 port 41650 ssh2
May  6 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23589]: Connection closed by 111.67.203.162 port 41650 [preauth]
May  6 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Failed password for invalid user aaaaaa from 84.22.147.211 port 35482 ssh2
May  6 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Received disconnect from 84.22.147.211 port 35482:11: Bye Bye [preauth]
May  6 07:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23587]: Disconnected from 84.22.147.211 port 35482 [preauth]
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Invalid user steam from 111.67.203.162
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: input_userauth_request: invalid user steam [preauth]
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Invalid user scs from 43.135.173.36
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: input_userauth_request: invalid user scs [preauth]
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.135.173.36
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Failed password for invalid user scs from 43.135.173.36 port 48346 ssh2
May  6 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Received disconnect from 43.135.173.36 port 48346:11: Bye Bye [preauth]
May  6 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23604]: Disconnected from 43.135.173.36 port 48346 [preauth]
May  6 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Failed password for invalid user steam from 111.67.203.162 port 41784 ssh2
May  6 07:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23600]: Connection closed by 111.67.203.162 port 41784 [preauth]
May  6 07:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Invalid user user2 from 111.67.203.162
May  6 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: input_userauth_request: invalid user user2 [preauth]
May  6 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Failed password for invalid user user2 from 111.67.203.162 port 41926 ssh2
May  6 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Connection closed by 111.67.203.162 port 41926 [preauth]
May  6 07:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Invalid user admin from 111.67.203.162
May  6 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: input_userauth_request: invalid user admin [preauth]
May  6 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Failed password for invalid user admin from 111.67.203.162 port 42092 ssh2
May  6 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Connection closed by 111.67.203.162 port 42092 [preauth]
May  6 07:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user p13x
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Invalid user postgres from 111.67.203.162
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: input_userauth_request: invalid user postgres [preauth]
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23705]: Successful su for rubyman by root
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.67.203.162
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23705]: + ??? root:rubyman
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338827 of user rubyman.
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23705]: pam_unix(su:session): session closed for user rubyman
May  6 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338827.
May  6 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Failed password for invalid user postgres from 111.67.203.162 port 42238 ssh2
May  6 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Connection closed by 111.67.203.162 port 42238 [preauth]
May  6 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: Invalid user developer from 196.251.84.225
May  6 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: input_userauth_request: invalid user developer [preauth]
May  6 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23635]: pam_unix(cron:session): session closed for user samftp
May  6 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20347]: pam_unix(cron:session): session closed for user root
May  6 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: Failed password for invalid user developer from 196.251.84.225 port 49182 ssh2
May  6 07:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23693]: Connection closed by 196.251.84.225 port 49182 [preauth]
May  6 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Invalid user sz from 107.175.83.197
May  6 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: input_userauth_request: invalid user sz [preauth]
May  6 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Failed password for invalid user sz from 107.175.83.197 port 36836 ssh2
May  6 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Received disconnect from 107.175.83.197 port 36836:11: Bye Bye [preauth]
May  6 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24043]: Disconnected from 107.175.83.197 port 36836 [preauth]
May  6 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Failed password for root from 193.70.84.184 port 53396 ssh2
May  6 07:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24045]: Connection closed by 193.70.84.184 port 53396 [preauth]
May  6 07:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24075]: Failed password for root from 217.160.7.83 port 42662 ssh2
May  6 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24075]: Received disconnect from 217.160.7.83 port 42662:11: Bye Bye [preauth]
May  6 07:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24075]: Disconnected from 217.160.7.83 port 42662 [preauth]
May  6 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22455]: pam_unix(cron:session): session closed for user root
May  6 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Invalid user oscar from 196.251.84.225
May  6 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: input_userauth_request: invalid user oscar [preauth]
May  6 07:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Invalid user changshuo from 182.180.77.216
May  6 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: input_userauth_request: invalid user changshuo [preauth]
May  6 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Failed password for invalid user changshuo from 182.180.77.216 port 60776 ssh2
May  6 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Received disconnect from 182.180.77.216 port 60776:11: Bye Bye [preauth]
May  6 07:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Disconnected from 182.180.77.216 port 60776 [preauth]
May  6 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Failed password for invalid user oscar from 196.251.84.225 port 42500 ssh2
May  6 07:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24102]: Connection closed by 196.251.84.225 port 42500 [preauth]
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24168]: pam_unix(cron:session): session closed for user p13x
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24240]: Successful su for rubyman by root
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24240]: + ??? root:rubyman
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338830 of user rubyman.
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24240]: pam_unix(su:session): session closed for user rubyman
May  6 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338830.
May  6 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20790]: pam_unix(cron:session): session closed for user root
May  6 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24169]: pam_unix(cron:session): session closed for user samftp
May  6 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: Invalid user latitude from 196.251.84.225
May  6 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: input_userauth_request: invalid user latitude [preauth]
May  6 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: Failed password for invalid user latitude from 196.251.84.225 port 52112 ssh2
May  6 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24449]: Connection closed by 196.251.84.225 port 52112 [preauth]
May  6 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Invalid user z from 212.33.198.185
May  6 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: input_userauth_request: invalid user z [preauth]
May  6 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Failed password for invalid user z from 212.33.198.185 port 38674 ssh2
May  6 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Received disconnect from 212.33.198.185 port 38674:11: Bye Bye [preauth]
May  6 07:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24484]: Disconnected from 212.33.198.185 port 38674 [preauth]
May  6 07:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22987]: pam_unix(cron:session): session closed for user root
May  6 07:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Invalid user palworld from 196.251.84.225
May  6 07:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: input_userauth_request: invalid user palworld [preauth]
May  6 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Failed password for invalid user palworld from 196.251.84.225 port 42184 ssh2
May  6 07:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24559]: Connection closed by 196.251.84.225 port 42184 [preauth]
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24616]: pam_unix(cron:session): session closed for user p13x
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24681]: Successful su for rubyman by root
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24681]: + ??? root:rubyman
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338834 of user rubyman.
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24681]: pam_unix(su:session): session closed for user rubyman
May  6 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338834.
May  6 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21253]: pam_unix(cron:session): session closed for user root
May  6 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24617]: pam_unix(cron:session): session closed for user samftp
May  6 07:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Invalid user ethnode from 196.251.84.225
May  6 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: input_userauth_request: invalid user ethnode [preauth]
May  6 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Failed password for invalid user ethnode from 196.251.84.225 port 38308 ssh2
May  6 07:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24878]: Connection closed by 196.251.84.225 port 38308 [preauth]
May  6 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: Invalid user pdv from 103.195.7.51
May  6 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: input_userauth_request: invalid user pdv [preauth]
May  6 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23637]: pam_unix(cron:session): session closed for user root
May  6 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137  user=root
May  6 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: Failed password for invalid user pdv from 103.195.7.51 port 25668 ssh2
May  6 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: Received disconnect from 103.195.7.51 port 25668:11: Bye Bye [preauth]
May  6 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24950]: Disconnected from 103.195.7.51 port 25668 [preauth]
May  6 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Failed password for root from 152.42.225.137 port 59412 ssh2
May  6 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Received disconnect from 152.42.225.137 port 59412:11: Bye Bye [preauth]
May  6 07:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Disconnected from 152.42.225.137 port 59412 [preauth]
May  6 07:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Invalid user chjiang from 137.184.114.25
May  6 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: input_userauth_request: invalid user chjiang [preauth]
May  6 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.184.114.25
May  6 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for root from 196.251.84.225 port 44690 ssh2
May  6 07:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Connection closed by 196.251.84.225 port 44690 [preauth]
May  6 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Failed password for invalid user chjiang from 137.184.114.25 port 43254 ssh2
May  6 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Received disconnect from 137.184.114.25 port 43254:11: Bye Bye [preauth]
May  6 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25014]: Disconnected from 137.184.114.25 port 43254 [preauth]
May  6 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25046]: pam_unix(cron:session): session closed for user p13x
May  6 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: Successful su for rubyman by root
May  6 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: + ??? root:rubyman
May  6 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338838 of user rubyman.
May  6 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25105]: pam_unix(su:session): session closed for user rubyman
May  6 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338838.
May  6 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21699]: pam_unix(cron:session): session closed for user root
May  6 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session closed for user samftp
May  6 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Invalid user hadoop from 196.251.84.225
May  6 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: input_userauth_request: invalid user hadoop [preauth]
May  6 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Failed password for invalid user hadoop from 196.251.84.225 port 51986 ssh2
May  6 07:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Connection closed by 196.251.84.225 port 51986 [preauth]
May  6 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session closed for user root
May  6 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Invalid user huxl from 46.25.236.192
May  6 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: input_userauth_request: invalid user huxl [preauth]
May  6 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.25.236.192
May  6 07:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Failed password for invalid user huxl from 46.25.236.192 port 51930 ssh2
May  6 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Received disconnect from 46.25.236.192 port 51930:11: Bye Bye [preauth]
May  6 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Disconnected from 46.25.236.192 port 51930 [preauth]
May  6 07:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Invalid user admin from 196.251.84.225
May  6 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: input_userauth_request: invalid user admin [preauth]
May  6 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Failed password for invalid user admin from 196.251.84.225 port 53716 ssh2
May  6 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Connection closed by 196.251.84.225 port 53716 [preauth]
May  6 07:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25465]: pam_unix(cron:session): session closed for user root
May  6 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25458]: pam_unix(cron:session): session closed for user p13x
May  6 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: Successful su for rubyman by root
May  6 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: + ??? root:rubyman
May  6 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338846 of user rubyman.
May  6 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25535]: pam_unix(su:session): session closed for user rubyman
May  6 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338846.
May  6 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25462]: pam_unix(cron:session): session closed for user root
May  6 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22454]: pam_unix(cron:session): session closed for user root
May  6 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25461]: pam_unix(cron:session): session closed for user samftp
May  6 07:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Invalid user hadoop from 196.251.84.225
May  6 07:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: input_userauth_request: invalid user hadoop [preauth]
May  6 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Failed password for invalid user hadoop from 196.251.84.225 port 52262 ssh2
May  6 07:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25821]: Connection closed by 196.251.84.225 port 52262 [preauth]
May  6 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24620]: pam_unix(cron:session): session closed for user root
May  6 07:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 07:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Failed password for root from 95.216.80.130 port 43132 ssh2
May  6 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Received disconnect from 95.216.80.130 port 43132:11: Bye Bye [preauth]
May  6 07:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25959]: Disconnected from 95.216.80.130 port 43132 [preauth]
May  6 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Invalid user goeth from 196.251.84.225
May  6 07:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: input_userauth_request: invalid user goeth [preauth]
May  6 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Failed password for invalid user goeth from 196.251.84.225 port 56158 ssh2
May  6 07:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Connection closed by 196.251.84.225 port 56158 [preauth]
May  6 07:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.107.221  user=root
May  6 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: Failed password for root from 14.103.107.221 port 40192 ssh2
May  6 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: Received disconnect from 14.103.107.221 port 40192:11: Bye Bye [preauth]
May  6 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25980]: Disconnected from 14.103.107.221 port 40192 [preauth]
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session closed for user p13x
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26064]: Successful su for rubyman by root
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26064]: + ??? root:rubyman
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338850 of user rubyman.
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26064]: pam_unix(su:session): session closed for user rubyman
May  6 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338850.
May  6 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22986]: pam_unix(cron:session): session closed for user root
May  6 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user samftp
May  6 07:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: Invalid user samba from 196.251.84.225
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: input_userauth_request: invalid user samba [preauth]
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Invalid user crm from 84.22.147.211
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: input_userauth_request: invalid user crm [preauth]
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26280]: Failed password for root from 85.208.253.217 port 41268 ssh2
May  6 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26280]: Received disconnect from 85.208.253.217 port 41268:11: Bye Bye [preauth]
May  6 07:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26280]: Disconnected from 85.208.253.217 port 41268 [preauth]
May  6 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: Failed password for invalid user samba from 196.251.84.225 port 59416 ssh2
May  6 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Failed password for invalid user crm from 84.22.147.211 port 58680 ssh2
May  6 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Received disconnect from 84.22.147.211 port 58680:11: Bye Bye [preauth]
May  6 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Disconnected from 84.22.147.211 port 58680 [preauth]
May  6 07:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: Connection closed by 196.251.84.225 port 59416 [preauth]
May  6 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session closed for user root
May  6 07:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: Invalid user guilherme from 217.160.7.83
May  6 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: input_userauth_request: invalid user guilherme [preauth]
May  6 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: Failed password for invalid user guilherme from 217.160.7.83 port 51904 ssh2
May  6 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: Received disconnect from 217.160.7.83 port 51904:11: Bye Bye [preauth]
May  6 07:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26381]: Disconnected from 217.160.7.83 port 51904 [preauth]
May  6 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: Failed password for root from 107.175.83.197 port 35986 ssh2
May  6 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: Received disconnect from 107.175.83.197 port 35986:11: Bye Bye [preauth]
May  6 07:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26383]: Disconnected from 107.175.83.197 port 35986 [preauth]
May  6 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Invalid user admin from 196.251.84.225
May  6 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: input_userauth_request: invalid user admin [preauth]
May  6 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Failed password for invalid user admin from 196.251.84.225 port 34478 ssh2
May  6 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26394]: Connection closed by 196.251.84.225 port 34478 [preauth]
May  6 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session closed for user p13x
May  6 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: Successful su for rubyman by root
May  6 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: + ??? root:rubyman
May  6 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338853 of user rubyman.
May  6 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26561]: pam_unix(su:session): session closed for user rubyman
May  6 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338853.
May  6 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23636]: pam_unix(cron:session): session closed for user root
May  6 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session closed for user samftp
May  6 07:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Invalid user setup from 182.180.77.216
May  6 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: input_userauth_request: invalid user setup [preauth]
May  6 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Failed password for invalid user setup from 182.180.77.216 port 40210 ssh2
May  6 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: Invalid user blockchain from 196.251.84.225
May  6 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: input_userauth_request: invalid user blockchain [preauth]
May  6 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Received disconnect from 182.180.77.216 port 40210:11: Bye Bye [preauth]
May  6 07:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26773]: Disconnected from 182.180.77.216 port 40210 [preauth]
May  6 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: Failed password for invalid user blockchain from 196.251.84.225 port 37424 ssh2
May  6 07:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26783]: Connection closed by 196.251.84.225 port 37424 [preauth]
May  6 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25464]: pam_unix(cron:session): session closed for user root
May  6 07:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Invalid user amanda from 196.251.84.225
May  6 07:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: input_userauth_request: invalid user amanda [preauth]
May  6 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Failed password for invalid user amanda from 196.251.84.225 port 44142 ssh2
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session closed for user p13x
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: Successful su for rubyman by root
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: + ??? root:rubyman
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338858 of user rubyman.
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27004]: pam_unix(su:session): session closed for user rubyman
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338858.
May  6 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Connection closed by 196.251.84.225 port 44142 [preauth]
May  6 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session closed for user root
May  6 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session closed for user samftp
May  6 07:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session closed for user root
May  6 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Failed password for root from 196.251.84.225 port 36896 ssh2
May  6 07:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Connection closed by 196.251.84.225 port 36896 [preauth]
May  6 07:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Invalid user carlo from 212.33.198.185
May  6 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: input_userauth_request: invalid user carlo [preauth]
May  6 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Failed password for invalid user carlo from 212.33.198.185 port 35604 ssh2
May  6 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Received disconnect from 212.33.198.185 port 35604:11: Bye Bye [preauth]
May  6 07:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27374]: Disconnected from 212.33.198.185 port 35604 [preauth]
May  6 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Invalid user jesa from 103.195.7.51
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: input_userauth_request: invalid user jesa [preauth]
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Invalid user steam from 196.251.84.225
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: input_userauth_request: invalid user steam [preauth]
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27417]: pam_unix(cron:session): session closed for user p13x
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: Successful su for rubyman by root
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: + ??? root:rubyman
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338860 of user rubyman.
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27574]: pam_unix(su:session): session closed for user rubyman
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338860.
May  6 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
May  6 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Failed password for invalid user jesa from 103.195.7.51 port 1762 ssh2
May  6 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Received disconnect from 103.195.7.51 port 1762:11: Bye Bye [preauth]
May  6 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Disconnected from 103.195.7.51 port 1762 [preauth]
May  6 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Failed password for invalid user steam from 196.251.84.225 port 49404 ssh2
May  6 07:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27408]: Connection closed by 196.251.84.225 port 49404 [preauth]
May  6 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24618]: pam_unix(cron:session): session closed for user root
May  6 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27418]: pam_unix(cron:session): session closed for user samftp
May  6 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26430]: pam_unix(cron:session): session closed for user root
May  6 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: Invalid user samba from 196.251.84.225
May  6 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: input_userauth_request: invalid user samba [preauth]
May  6 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Invalid user hadoop from 152.42.225.137
May  6 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: input_userauth_request: invalid user hadoop [preauth]
May  6 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: Failed password for invalid user samba from 196.251.84.225 port 44364 ssh2
May  6 07:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27867]: Connection closed by 196.251.84.225 port 44364 [preauth]
May  6 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Failed password for invalid user hadoop from 152.42.225.137 port 55926 ssh2
May  6 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Received disconnect from 152.42.225.137 port 55926:11: Bye Bye [preauth]
May  6 07:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Disconnected from 152.42.225.137 port 55926 [preauth]
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27957]: pam_unix(cron:session): session closed for user root
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27952]: pam_unix(cron:session): session closed for user p13x
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: Successful su for rubyman by root
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: + ??? root:rubyman
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338868 of user rubyman.
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28024]: pam_unix(su:session): session closed for user rubyman
May  6 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338868.
May  6 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: Invalid user ftpuser from 196.251.84.225
May  6 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: input_userauth_request: invalid user ftpuser [preauth]
May  6 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27954]: pam_unix(cron:session): session closed for user root
May  6 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session closed for user root
May  6 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: Failed password for invalid user ftpuser from 196.251.84.225 port 58662 ssh2
May  6 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: Connection closed by 196.251.84.225 port 58662 [preauth]
May  6 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27953]: pam_unix(cron:session): session closed for user samftp
May  6 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session closed for user root
May  6 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: input_userauth_request: invalid user uucp [preauth]
May  6 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  6 07:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 07:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Failed password for invalid user uucp from 196.251.84.225 port 59814 ssh2
May  6 07:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28310]: Connection closed by 196.251.84.225 port 59814 [preauth]
May  6 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Failed password for root from 95.216.80.130 port 57412 ssh2
May  6 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Received disconnect from 95.216.80.130 port 57412:11: Bye Bye [preauth]
May  6 07:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28324]: Disconnected from 95.216.80.130 port 57412 [preauth]
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28393]: pam_unix(cron:session): session closed for user p13x
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28469]: Successful su for rubyman by root
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28469]: + ??? root:rubyman
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338872 of user rubyman.
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28469]: pam_unix(su:session): session closed for user rubyman
May  6 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338872.
May  6 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: input_userauth_request: invalid user www-data [preauth]
May  6 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25463]: pam_unix(cron:session): session closed for user root
May  6 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Failed password for invalid user www-data from 196.251.84.225 port 44432 ssh2
May  6 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28504]: Connection closed by 196.251.84.225 port 44432 [preauth]
May  6 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28394]: pam_unix(cron:session): session closed for user samftp
May  6 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Invalid user amp from 196.251.84.225
May  6 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: input_userauth_request: invalid user amp [preauth]
May  6 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27424]: pam_unix(cron:session): session closed for user root
May  6 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Failed password for invalid user amp from 196.251.84.225 port 35762 ssh2
May  6 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28715]: Connection closed by 196.251.84.225 port 35762 [preauth]
May  6 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Failed password for root from 85.208.253.217 port 33418 ssh2
May  6 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Received disconnect from 85.208.253.217 port 33418:11: Bye Bye [preauth]
May  6 07:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28719]: Disconnected from 85.208.253.217 port 33418 [preauth]
May  6 07:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.180.199.96  user=root
May  6 07:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Failed password for root from 111.180.199.96 port 44492 ssh2
May  6 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Received disconnect from 111.180.199.96 port 44492:11: Bye Bye [preauth]
May  6 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28781]: Disconnected from 111.180.199.96 port 44492 [preauth]
May  6 07:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Failed password for root from 217.160.7.83 port 34184 ssh2
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Received disconnect from 217.160.7.83 port 34184:11: Bye Bye [preauth]
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28791]: Disconnected from 217.160.7.83 port 34184 [preauth]
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Invalid user xwang from 84.22.147.211
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: input_userauth_request: invalid user xwang [preauth]
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Failed password for invalid user xwang from 84.22.147.211 port 53998 ssh2
May  6 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Received disconnect from 84.22.147.211 port 53998:11: Bye Bye [preauth]
May  6 07:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Disconnected from 84.22.147.211 port 53998 [preauth]
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28815]: pam_unix(cron:session): session closed for user p13x
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: Successful su for rubyman by root
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: + ??? root:rubyman
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338875 of user rubyman.
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28877]: pam_unix(su:session): session closed for user rubyman
May  6 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338875.
May  6 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session closed for user root
May  6 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Invalid user oscar from 196.251.84.225
May  6 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: input_userauth_request: invalid user oscar [preauth]
May  6 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session closed for user samftp
May  6 07:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Failed password for invalid user oscar from 196.251.84.225 port 45570 ssh2
May  6 07:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28935]: Connection closed by 196.251.84.225 port 45570 [preauth]
May  6 07:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Invalid user trump from 46.244.96.25
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: input_userauth_request: invalid user trump [preauth]
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Invalid user amandabackup from 196.251.84.225
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: input_userauth_request: invalid user amandabackup [preauth]
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27956]: pam_unix(cron:session): session closed for user root
May  6 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Failed password for invalid user trump from 46.244.96.25 port 34234 ssh2
May  6 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Connection closed by 46.244.96.25 port 34234 [preauth]
May  6 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Failed password for invalid user amandabackup from 196.251.84.225 port 58940 ssh2
May  6 07:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Connection closed by 196.251.84.225 port 58940 [preauth]
May  6 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session closed for user p13x
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29392]: Successful su for rubyman by root
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29392]: + ??? root:rubyman
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338880 of user rubyman.
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29392]: pam_unix(su:session): session closed for user rubyman
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338880.
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Invalid user ec2-user from 196.251.84.225
May  6 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: input_userauth_request: invalid user ec2-user [preauth]
May  6 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session closed for user root
May  6 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Failed password for invalid user ec2-user from 196.251.84.225 port 44584 ssh2
May  6 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29389]: Connection closed by 196.251.84.225 port 44584 [preauth]
May  6 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session closed for user samftp
May  6 07:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: Invalid user server1 from 182.180.77.216
May  6 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: input_userauth_request: invalid user server1 [preauth]
May  6 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: Failed password for invalid user server1 from 182.180.77.216 port 47884 ssh2
May  6 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: Received disconnect from 182.180.77.216 port 47884:11: Bye Bye [preauth]
May  6 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29612]: Disconnected from 182.180.77.216 port 47884 [preauth]
May  6 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29647]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29647]: input_userauth_request: invalid user mysql [preauth]
May  6 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  6 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29647]: Failed password for invalid user mysql from 196.251.84.225 port 56126 ssh2
May  6 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29647]: Connection closed by 196.251.84.225 port 56126 [preauth]
May  6 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28396]: pam_unix(cron:session): session closed for user root
May  6 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: input_userauth_request: invalid user uucp [preauth]
May  6 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  6 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Failed password for invalid user uucp from 196.251.84.225 port 35464 ssh2
May  6 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29730]: Connection closed by 196.251.84.225 port 35464 [preauth]
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session closed for user p13x
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29804]: Successful su for rubyman by root
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29804]: + ??? root:rubyman
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338883 of user rubyman.
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29804]: pam_unix(su:session): session closed for user rubyman
May  6 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338883.
May  6 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: Failed password for root from 124.198.59.254 port 50380 ssh2
May  6 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: Connection closed by 124.198.59.254 port 50380 [preauth]
May  6 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session closed for user root
May  6 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Failed password for root from 218.92.0.179 port 20922 ssh2
May  6 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29748]: pam_unix(cron:session): session closed for user samftp
May  6 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Failed password for root from 218.92.0.179 port 20922 ssh2
May  6 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Failed password for root from 218.92.0.179 port 20922 ssh2
May  6 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Received disconnect from 218.92.0.179 port 20922:11:  [preauth]
May  6 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: Disconnected from 218.92.0.179 port 20922 [preauth]
May  6 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29878]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: Failed password for root from 212.33.198.185 port 56684 ssh2
May  6 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: Received disconnect from 212.33.198.185 port 56684:11: Bye Bye [preauth]
May  6 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29998]: Disconnected from 212.33.198.185 port 56684 [preauth]
May  6 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Invalid user admin from 80.94.95.125
May  6 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: input_userauth_request: invalid user admin [preauth]
May  6 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for invalid user admin from 80.94.95.125 port 6031 ssh2
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Invalid user tom from 196.251.84.225
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: input_userauth_request: invalid user tom [preauth]
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Invalid user ict from 203.6.232.223
May  6 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: input_userauth_request: invalid user ict [preauth]
May  6 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for invalid user admin from 80.94.95.125 port 6031 ssh2
May  6 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Failed password for invalid user tom from 196.251.84.225 port 52736 ssh2
May  6 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30061]: Connection closed by 196.251.84.225 port 52736 [preauth]
May  6 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Failed password for invalid user ict from 203.6.232.223 port 52098 ssh2
May  6 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Received disconnect from 203.6.232.223 port 52098:11: Bye Bye [preauth]
May  6 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30063]: Disconnected from 203.6.232.223 port 52098 [preauth]
May  6 07:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for invalid user admin from 80.94.95.125 port 6031 ssh2
May  6 07:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for invalid user admin from 80.94.95.125 port 6031 ssh2
May  6 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Failed password for invalid user admin from 80.94.95.125 port 6031 ssh2
May  6 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Received disconnect from 80.94.95.125 port 6031:11: Bye [preauth]
May  6 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: Disconnected from 80.94.95.125 port 6031 [preauth]
May  6 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30038]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session closed for user root
May  6 07:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Invalid user copyuser from 103.195.7.51
May  6 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: input_userauth_request: invalid user copyuser [preauth]
May  6 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Failed password for invalid user copyuser from 103.195.7.51 port 60216 ssh2
May  6 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Received disconnect from 103.195.7.51 port 60216:11: Bye Bye [preauth]
May  6 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30119]: Disconnected from 103.195.7.51 port 60216 [preauth]
May  6 07:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: Invalid user ds from 196.251.84.225
May  6 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: input_userauth_request: invalid user ds [preauth]
May  6 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: Failed password for invalid user ds from 196.251.84.225 port 32852 ssh2
May  6 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30146]: Connection closed by 196.251.84.225 port 32852 [preauth]
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30170]: pam_unix(cron:session): session closed for user root
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session closed for user p13x
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: Successful su for rubyman by root
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: + ??? root:rubyman
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338892 of user rubyman.
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30232]: pam_unix(su:session): session closed for user rubyman
May  6 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338892.
May  6 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30167]: pam_unix(cron:session): session closed for user root
May  6 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27419]: pam_unix(cron:session): session closed for user root
May  6 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30166]: pam_unix(cron:session): session closed for user samftp
May  6 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Invalid user drupal from 196.251.84.225
May  6 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: input_userauth_request: invalid user drupal [preauth]
May  6 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Failed password for root from 95.216.80.130 port 35098 ssh2
May  6 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Received disconnect from 95.216.80.130 port 35098:11: Bye Bye [preauth]
May  6 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Disconnected from 95.216.80.130 port 35098 [preauth]
May  6 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Failed password for invalid user drupal from 196.251.84.225 port 32810 ssh2
May  6 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Connection closed by 196.251.84.225 port 32810 [preauth]
May  6 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29327]: pam_unix(cron:session): session closed for user root
May  6 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: Invalid user student3 from 152.42.225.137
May  6 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: input_userauth_request: invalid user student3 [preauth]
May  6 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.225.137
May  6 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: Failed password for invalid user student3 from 152.42.225.137 port 35198 ssh2
May  6 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: Received disconnect from 152.42.225.137 port 35198:11: Bye Bye [preauth]
May  6 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30540]: Disconnected from 152.42.225.137 port 35198 [preauth]
May  6 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Invalid user vsftp from 107.175.83.197
May  6 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: input_userauth_request: invalid user vsftp [preauth]
May  6 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Failed password for invalid user vsftp from 107.175.83.197 port 59682 ssh2
May  6 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Received disconnect from 107.175.83.197 port 59682:11: Bye Bye [preauth]
May  6 07:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Disconnected from 107.175.83.197 port 59682 [preauth]
May  6 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: Invalid user admin from 196.251.84.225
May  6 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: input_userauth_request: invalid user admin [preauth]
May  6 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: Failed password for invalid user admin from 196.251.84.225 port 39150 ssh2
May  6 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30593]: Connection closed by 196.251.84.225 port 39150 [preauth]
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30614]: pam_unix(cron:session): session closed for user p13x
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30681]: Successful su for rubyman by root
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30681]: + ??? root:rubyman
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338894 of user rubyman.
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30681]: pam_unix(su:session): session closed for user rubyman
May  6 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338894.
May  6 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27955]: pam_unix(cron:session): session closed for user root
May  6 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30615]: pam_unix(cron:session): session closed for user samftp
May  6 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Failed password for root from 196.251.84.225 port 53392 ssh2
May  6 07:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Connection closed by 196.251.84.225 port 53392 [preauth]
May  6 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29750]: pam_unix(cron:session): session closed for user root
May  6 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Invalid user carlo from 85.208.253.217
May  6 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: input_userauth_request: invalid user carlo [preauth]
May  6 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Failed password for invalid user carlo from 85.208.253.217 port 36372 ssh2
May  6 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Received disconnect from 85.208.253.217 port 36372:11: Bye Bye [preauth]
May  6 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Disconnected from 85.208.253.217 port 36372 [preauth]
May  6 07:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Invalid user sepehr from 217.160.7.83
May  6 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: input_userauth_request: invalid user sepehr [preauth]
May  6 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Failed password for invalid user sepehr from 217.160.7.83 port 48992 ssh2
May  6 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Received disconnect from 217.160.7.83 port 48992:11: Bye Bye [preauth]
May  6 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Disconnected from 217.160.7.83 port 48992 [preauth]
May  6 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Invalid user madsonic from 196.251.84.225
May  6 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: input_userauth_request: invalid user madsonic [preauth]
May  6 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for invalid user madsonic from 196.251.84.225 port 59772 ssh2
May  6 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Connection closed by 196.251.84.225 port 59772 [preauth]
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31118]: pam_unix(cron:session): session closed for user root
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31120]: pam_unix(cron:session): session closed for user p13x
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31189]: Successful su for rubyman by root
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31189]: + ??? root:rubyman
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338898 of user rubyman.
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31189]: pam_unix(su:session): session closed for user rubyman
May  6 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338898.
May  6 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28395]: pam_unix(cron:session): session closed for user root
May  6 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31121]: pam_unix(cron:session): session closed for user samftp
May  6 07:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Invalid user gpu02 from 84.22.147.211
May  6 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: input_userauth_request: invalid user gpu02 [preauth]
May  6 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 07:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Failed password for invalid user gpu02 from 84.22.147.211 port 50724 ssh2
May  6 07:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Received disconnect from 84.22.147.211 port 50724:11: Bye Bye [preauth]
May  6 07:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31404]: Disconnected from 84.22.147.211 port 50724 [preauth]
May  6 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Invalid user dolphinscheduler from 196.251.84.225
May  6 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 41988 ssh2
May  6 07:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31417]: Connection closed by 196.251.84.225 port 41988 [preauth]
May  6 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30169]: pam_unix(cron:session): session closed for user root
May  6 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Failed password for root from 196.251.84.225 port 36448 ssh2
May  6 07:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31515]: Connection closed by 196.251.84.225 port 36448 [preauth]
May  6 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31535]: pam_unix(cron:session): session closed for user p13x
May  6 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: Successful su for rubyman by root
May  6 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: + ??? root:rubyman
May  6 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338902 of user rubyman.
May  6 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31605]: pam_unix(su:session): session closed for user rubyman
May  6 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338902.
May  6 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session closed for user root
May  6 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31536]: pam_unix(cron:session): session closed for user samftp
May  6 07:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Invalid user arkserver from 196.251.84.225
May  6 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: input_userauth_request: invalid user arkserver [preauth]
May  6 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Failed password for invalid user arkserver from 196.251.84.225 port 59488 ssh2
May  6 07:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31842]: Connection closed by 196.251.84.225 port 59488 [preauth]
May  6 07:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30617]: pam_unix(cron:session): session closed for user root
May  6 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Invalid user tomcat from 196.251.84.225
May  6 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: input_userauth_request: invalid user tomcat [preauth]
May  6 07:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for invalid user tomcat from 196.251.84.225 port 39652 ssh2
May  6 07:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 196.251.84.225 port 39652 [preauth]
May  6 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user p13x
May  6 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: Successful su for rubyman by root
May  6 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: + ??? root:rubyman
May  6 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338906 of user rubyman.
May  6 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32317]: pam_unix(su:session): session closed for user rubyman
May  6 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338906.
May  6 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session closed for user root
May  6 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user samftp
May  6 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Invalid user palworld from 196.251.84.225
May  6 07:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: input_userauth_request: invalid user palworld [preauth]
May  6 07:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Failed password for invalid user palworld from 196.251.84.225 port 49374 ssh2
May  6 07:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: Connection closed by 196.251.84.225 port 49374 [preauth]
May  6 07:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Invalid user hdoop from 212.33.198.185
May  6 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: input_userauth_request: invalid user hdoop [preauth]
May  6 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Invalid user xwang from 182.180.77.216
May  6 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: input_userauth_request: invalid user xwang [preauth]
May  6 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Failed password for invalid user hdoop from 212.33.198.185 port 48188 ssh2
May  6 07:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Received disconnect from 212.33.198.185 port 48188:11: Bye Bye [preauth]
May  6 07:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: Disconnected from 212.33.198.185 port 48188 [preauth]
May  6 07:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Failed password for invalid user xwang from 182.180.77.216 port 55562 ssh2
May  6 07:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Received disconnect from 182.180.77.216 port 55562:11: Bye Bye [preauth]
May  6 07:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32571]: Disconnected from 182.180.77.216 port 55562 [preauth]
May  6 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31123]: pam_unix(cron:session): session closed for user root
May  6 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: Invalid user ubuntu from 196.251.84.225
May  6 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: Failed password for invalid user ubuntu from 196.251.84.225 port 45502 ssh2
May  6 07:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32742]: Connection closed by 196.251.84.225 port 45502 [preauth]
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[350]: pam_unix(cron:session): session closed for user root
May  6 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[335]: pam_unix(cron:session): session closed for user p13x
May  6 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[448]: Successful su for rubyman by root
May  6 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[448]: + ??? root:rubyman
May  6 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338914 of user rubyman.
May  6 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[448]: pam_unix(su:session): session closed for user rubyman
May  6 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338914.
May  6 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[341]: pam_unix(cron:session): session closed for user root
May  6 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29749]: pam_unix(cron:session): session closed for user root
May  6 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[337]: pam_unix(cron:session): session closed for user samftp
May  6 07:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Invalid user git from 196.251.84.225
May  6 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: input_userauth_request: invalid user git [preauth]
May  6 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Failed password for invalid user git from 196.251.84.225 port 39140 ssh2
May  6 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[715]: Connection closed by 196.251.84.225 port 39140 [preauth]
May  6 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Invalid user hy from 95.216.80.130
May  6 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: input_userauth_request: invalid user hy [preauth]
May  6 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Failed password for invalid user hy from 95.216.80.130 port 37976 ssh2
May  6 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Received disconnect from 95.216.80.130 port 37976:11: Bye Bye [preauth]
May  6 07:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[722]: Disconnected from 95.216.80.130 port 37976 [preauth]
May  6 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Invalid user kobo from 103.195.7.51
May  6 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: input_userauth_request: invalid user kobo [preauth]
May  6 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Failed password for invalid user kobo from 103.195.7.51 port 56314 ssh2
May  6 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Invalid user palworld from 107.175.83.197
May  6 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: input_userauth_request: invalid user palworld [preauth]
May  6 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Received disconnect from 103.195.7.51 port 56314:11: Bye Bye [preauth]
May  6 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[778]: Disconnected from 103.195.7.51 port 56314 [preauth]
May  6 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for invalid user palworld from 107.175.83.197 port 39426 ssh2
May  6 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Received disconnect from 107.175.83.197 port 39426:11: Bye Bye [preauth]
May  6 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Disconnected from 107.175.83.197 port 39426 [preauth]
May  6 07:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31538]: pam_unix(cron:session): session closed for user root
May  6 07:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Invalid user jito-validator from 196.251.84.225
May  6 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: input_userauth_request: invalid user jito-validator [preauth]
May  6 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for invalid user jito-validator from 196.251.84.225 port 34620 ssh2
May  6 07:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 196.251.84.225 port 34620 [preauth]
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[888]: pam_unix(cron:session): session closed for user p13x
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: Successful su for rubyman by root
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: + ??? root:rubyman
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338916 of user rubyman.
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[975]: pam_unix(su:session): session closed for user rubyman
May  6 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338916.
May  6 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30168]: pam_unix(cron:session): session closed for user root
May  6 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[889]: pam_unix(cron:session): session closed for user samftp
May  6 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Failed password for root from 196.251.84.225 port 38758 ssh2
May  6 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: Connection closed by 196.251.84.225 port 38758 [preauth]
May  6 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session closed for user root
May  6 07:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: Invalid user jack from 196.251.84.225
May  6 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: input_userauth_request: invalid user jack [preauth]
May  6 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: Failed password for invalid user jack from 196.251.84.225 port 34868 ssh2
May  6 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1319]: Connection closed by 196.251.84.225 port 34868 [preauth]
May  6 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Invalid user hy from 85.208.253.217
May  6 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: input_userauth_request: invalid user hy [preauth]
May  6 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Failed password for invalid user hy from 85.208.253.217 port 46152 ssh2
May  6 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Received disconnect from 85.208.253.217 port 46152:11: Bye Bye [preauth]
May  6 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1351]: Disconnected from 85.208.253.217 port 46152 [preauth]
May  6 07:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Failed password for root from 217.160.7.83 port 56710 ssh2
May  6 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Received disconnect from 217.160.7.83 port 56710:11: Bye Bye [preauth]
May  6 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Disconnected from 217.160.7.83 port 56710 [preauth]
May  6 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1386]: pam_unix(cron:session): session closed for user p13x
May  6 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: Successful su for rubyman by root
May  6 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: + ??? root:rubyman
May  6 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338921 of user rubyman.
May  6 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1475]: pam_unix(su:session): session closed for user rubyman
May  6 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338921.
May  6 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30616]: pam_unix(cron:session): session closed for user root
May  6 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session closed for user samftp
May  6 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Invalid user user from 196.251.84.225
May  6 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: input_userauth_request: invalid user user [preauth]
May  6 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Failed password for invalid user user from 196.251.84.225 port 45002 ssh2
May  6 07:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1680]: Connection closed by 196.251.84.225 port 45002 [preauth]
May  6 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[349]: pam_unix(cron:session): session closed for user root
May  6 07:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Invalid user sol from 196.251.84.225
May  6 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: input_userauth_request: invalid user sol [preauth]
May  6 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for invalid user sol from 196.251.84.225 port 38376 ssh2
May  6 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Connection closed by 196.251.84.225 port 38376 [preauth]
May  6 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Invalid user test3 from 84.22.147.211
May  6 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: input_userauth_request: invalid user test3 [preauth]
May  6 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 07:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Failed password for invalid user test3 from 84.22.147.211 port 54316 ssh2
May  6 07:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Received disconnect from 84.22.147.211 port 54316:11: Bye Bye [preauth]
May  6 07:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1804]: Disconnected from 84.22.147.211 port 54316 [preauth]
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1871]: pam_unix(cron:session): session closed for user p13x
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2017]: Successful su for rubyman by root
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2017]: + ??? root:rubyman
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338925 of user rubyman.
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2017]: pam_unix(su:session): session closed for user rubyman
May  6 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338925.
May  6 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31122]: pam_unix(cron:session): session closed for user root
May  6 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1872]: pam_unix(cron:session): session closed for user samftp
May  6 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Invalid user node from 196.251.84.225
May  6 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: input_userauth_request: invalid user node [preauth]
May  6 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Failed password for invalid user node from 196.251.84.225 port 33966 ssh2
May  6 07:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2202]: Connection closed by 196.251.84.225 port 33966 [preauth]
May  6 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[891]: pam_unix(cron:session): session closed for user root
May  6 07:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Invalid user guest from 196.251.84.225
May  6 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: input_userauth_request: invalid user guest [preauth]
May  6 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for invalid user guest from 196.251.84.225 port 51380 ssh2
May  6 07:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Connection closed by 196.251.84.225 port 51380 [preauth]
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2354]: pam_unix(cron:session): session closed for user p13x
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2434]: Successful su for rubyman by root
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2434]: + ??? root:rubyman
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338928 of user rubyman.
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2434]: pam_unix(su:session): session closed for user rubyman
May  6 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338928.
May  6 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31537]: pam_unix(cron:session): session closed for user root
May  6 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2355]: pam_unix(cron:session): session closed for user samftp
May  6 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Invalid user grafana from 196.251.84.225
May  6 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: input_userauth_request: invalid user grafana [preauth]
May  6 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for invalid user grafana from 196.251.84.225 port 52094 ssh2
May  6 07:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Connection closed by 196.251.84.225 port 52094 [preauth]
May  6 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Invalid user minecraft from 212.33.198.185
May  6 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: input_userauth_request: invalid user minecraft [preauth]
May  6 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Failed password for invalid user minecraft from 212.33.198.185 port 38648 ssh2
May  6 07:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Received disconnect from 212.33.198.185 port 38648:11: Bye Bye [preauth]
May  6 07:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Disconnected from 212.33.198.185 port 38648 [preauth]
May  6 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session closed for user root
May  6 07:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: Invalid user redis from 196.251.84.225
May  6 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: input_userauth_request: invalid user redis [preauth]
May  6 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: Failed password for invalid user redis from 196.251.84.225 port 50706 ssh2
May  6 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2751]: Connection closed by 196.251.84.225 port 50706 [preauth]
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2809]: pam_unix(cron:session): session closed for user root
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user p13x
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: Successful su for rubyman by root
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: + ??? root:rubyman
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338936 of user rubyman.
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2878]: pam_unix(su:session): session closed for user rubyman
May  6 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338936.
May  6 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session closed for user root
May  6 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user root
May  6 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session closed for user samftp
May  6 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Invalid user virtualbox from 196.251.84.225
May  6 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: input_userauth_request: invalid user virtualbox [preauth]
May  6 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Failed password for invalid user virtualbox from 196.251.84.225 port 52964 ssh2
May  6 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3089]: Connection closed by 196.251.84.225 port 52964 [preauth]
May  6 07:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Invalid user sbbs from 182.180.77.216
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: input_userauth_request: invalid user sbbs [preauth]
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Failed password for root from 95.216.80.130 port 42070 ssh2
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Received disconnect from 95.216.80.130 port 42070:11: Bye Bye [preauth]
May  6 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3100]: Disconnected from 95.216.80.130 port 42070 [preauth]
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Invalid user gabriel from 107.175.83.197
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: input_userauth_request: invalid user gabriel [preauth]
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Failed password for invalid user sbbs from 182.180.77.216 port 35000 ssh2
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Received disconnect from 182.180.77.216 port 35000:11: Bye Bye [preauth]
May  6 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3110]: Disconnected from 182.180.77.216 port 35000 [preauth]
May  6 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Failed password for invalid user gabriel from 107.175.83.197 port 47406 ssh2
May  6 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Received disconnect from 107.175.83.197 port 47406:11: Bye Bye [preauth]
May  6 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3129]: Disconnected from 107.175.83.197 port 47406 [preauth]
May  6 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Invalid user admin from 80.94.95.112
May  6 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: input_userauth_request: invalid user admin [preauth]
May  6 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user admin from 80.94.95.112 port 23933 ssh2
May  6 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user admin from 80.94.95.112 port 23933 ssh2
May  6 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user admin from 80.94.95.112 port 23933 ssh2
May  6 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1874]: pam_unix(cron:session): session closed for user root
May  6 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user admin from 80.94.95.112 port 23933 ssh2
May  6 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: Invalid user opc from 196.251.84.225
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: input_userauth_request: invalid user opc [preauth]
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user admin from 80.94.95.112 port 23933 ssh2
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Received disconnect from 80.94.95.112 port 23933:11: Bye [preauth]
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Disconnected from 80.94.95.112 port 23933 [preauth]
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 07:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: Failed password for invalid user opc from 196.251.84.225 port 37742 ssh2
May  6 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3194]: Connection closed by 196.251.84.225 port 37742 [preauth]
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3256]: pam_unix(cron:session): session closed for user p13x
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3320]: Successful su for rubyman by root
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3320]: + ??? root:rubyman
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338938 of user rubyman.
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3320]: pam_unix(su:session): session closed for user rubyman
May  6 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338938.
May  6 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[342]: pam_unix(cron:session): session closed for user root
May  6 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3257]: pam_unix(cron:session): session closed for user samftp
May  6 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Invalid user apache from 196.251.84.225
May  6 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: input_userauth_request: invalid user apache [preauth]
May  6 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Invalid user vps from 103.195.7.51
May  6 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: input_userauth_request: invalid user vps [preauth]
May  6 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Failed password for invalid user vps from 103.195.7.51 port 53760 ssh2
May  6 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Received disconnect from 103.195.7.51 port 53760:11: Bye Bye [preauth]
May  6 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3518]: Disconnected from 103.195.7.51 port 53760 [preauth]
May  6 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Failed password for invalid user apache from 196.251.84.225 port 42124 ssh2
May  6 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3503]: Connection closed by 196.251.84.225 port 42124 [preauth]
May  6 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2357]: pam_unix(cron:session): session closed for user root
May  6 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: Invalid user factorio from 196.251.84.225
May  6 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: input_userauth_request: invalid user factorio [preauth]
May  6 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: Failed password for invalid user factorio from 196.251.84.225 port 46176 ssh2
May  6 07:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3659]: Connection closed by 196.251.84.225 port 46176 [preauth]
May  6 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3702]: Failed password for root from 85.208.253.217 port 44444 ssh2
May  6 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3702]: Received disconnect from 85.208.253.217 port 44444:11: Bye Bye [preauth]
May  6 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3702]: Disconnected from 85.208.253.217 port 44444 [preauth]
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3722]: pam_unix(cron:session): session closed for user p13x
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3784]: Successful su for rubyman by root
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3784]: + ??? root:rubyman
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338942 of user rubyman.
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3784]: pam_unix(su:session): session closed for user rubyman
May  6 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338942.
May  6 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Invalid user zabbix from 196.251.84.225
May  6 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: input_userauth_request: invalid user zabbix [preauth]
May  6 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Invalid user zhanghaorui from 217.160.7.83
May  6 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: input_userauth_request: invalid user zhanghaorui [preauth]
May  6 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[890]: pam_unix(cron:session): session closed for user root
May  6 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user zabbix from 196.251.84.225 port 35864 ssh2
May  6 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Connection closed by 196.251.84.225 port 35864 [preauth]
May  6 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Failed password for invalid user zhanghaorui from 217.160.7.83 port 36096 ssh2
May  6 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Received disconnect from 217.160.7.83 port 36096:11: Bye Bye [preauth]
May  6 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Disconnected from 217.160.7.83 port 36096 [preauth]
May  6 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3723]: pam_unix(cron:session): session closed for user samftp
May  6 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Invalid user wang from 196.251.84.225
May  6 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: input_userauth_request: invalid user wang [preauth]
May  6 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2808]: pam_unix(cron:session): session closed for user root
May  6 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Failed password for invalid user wang from 196.251.84.225 port 46426 ssh2
May  6 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Connection closed by 196.251.84.225 port 46426 [preauth]
May  6 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Invalid user morut from 84.22.147.211
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: input_userauth_request: invalid user morut [preauth]
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.22.147.211
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Invalid user hadoop from 196.251.84.225
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: input_userauth_request: invalid user hadoop [preauth]
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Failed password for invalid user morut from 84.22.147.211 port 41862 ssh2
May  6 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session closed for user p13x
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Received disconnect from 84.22.147.211 port 41862:11: Bye Bye [preauth]
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Disconnected from 84.22.147.211 port 41862 [preauth]
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: Successful su for rubyman by root
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: + ??? root:rubyman
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338947 of user rubyman.
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: pam_unix(su:session): session closed for user rubyman
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338947.
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Failed password for invalid user hadoop from 196.251.84.225 port 46630 ssh2
May  6 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Connection closed by 196.251.84.225 port 46630 [preauth]
May  6 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session closed for user root
May  6 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session closed for user samftp
May  6 07:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Invalid user admin from 196.251.84.225
May  6 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: input_userauth_request: invalid user admin [preauth]
May  6 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Failed password for invalid user admin from 196.251.84.225 port 56180 ssh2
May  6 07:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4633]: Connection closed by 196.251.84.225 port 56180 [preauth]
May  6 07:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.107.221  user=root
May  6 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3259]: pam_unix(cron:session): session closed for user root
May  6 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Failed password for root from 14.103.107.221 port 50214 ssh2
May  6 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Received disconnect from 14.103.107.221 port 50214:11: Bye Bye [preauth]
May  6 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4643]: Disconnected from 14.103.107.221 port 50214 [preauth]
May  6 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: Invalid user hy from 212.33.198.185
May  6 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: input_userauth_request: invalid user hy [preauth]
May  6 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: Failed password for invalid user hy from 212.33.198.185 port 36102 ssh2
May  6 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: Received disconnect from 212.33.198.185 port 36102:11: Bye Bye [preauth]
May  6 07:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4706]: Disconnected from 212.33.198.185 port 36102 [preauth]
May  6 07:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Invalid user lighthouse from 196.251.84.225
May  6 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: input_userauth_request: invalid user lighthouse [preauth]
May  6 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Failed password for invalid user lighthouse from 196.251.84.225 port 41108 ssh2
May  6 07:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Connection closed by 196.251.84.225 port 41108 [preauth]
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session closed for user p13x
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: Successful su for rubyman by root
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: + ??? root:rubyman
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338951 of user rubyman.
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4793]: pam_unix(su:session): session closed for user rubyman
May  6 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338951.
May  6 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1873]: pam_unix(cron:session): session closed for user root
May  6 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session closed for user samftp
May  6 07:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Invalid user redis from 196.251.84.225
May  6 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: input_userauth_request: invalid user redis [preauth]
May  6 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Failed password for invalid user redis from 196.251.84.225 port 45984 ssh2
May  6 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Connection closed by 196.251.84.225 port 45984 [preauth]
May  6 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3725]: pam_unix(cron:session): session closed for user root
May  6 07:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Invalid user ftpuser1 from 95.216.80.130
May  6 07:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: input_userauth_request: invalid user ftpuser1 [preauth]
May  6 07:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 07:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Failed password for invalid user ftpuser1 from 95.216.80.130 port 38026 ssh2
May  6 07:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Received disconnect from 95.216.80.130 port 38026:11: Bye Bye [preauth]
May  6 07:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Disconnected from 95.216.80.130 port 38026 [preauth]
May  6 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Invalid user ds from 196.251.84.225
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: input_userauth_request: invalid user ds [preauth]
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: Failed password for root from 107.175.83.197 port 55378 ssh2
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: Received disconnect from 107.175.83.197 port 55378:11: Bye Bye [preauth]
May  6 07:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5324]: Disconnected from 107.175.83.197 port 55378 [preauth]
May  6 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Invalid user ali from 190.103.202.7
May  6 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: input_userauth_request: invalid user ali [preauth]
May  6 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Failed password for invalid user ds from 196.251.84.225 port 60556 ssh2
May  6 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Connection closed by 196.251.84.225 port 60556 [preauth]
May  6 07:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Failed password for invalid user ali from 190.103.202.7 port 34120 ssh2
May  6 07:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Connection closed by 190.103.202.7 port 34120 [preauth]
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5359]: pam_unix(cron:session): session closed for user root
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session closed for user p13x
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: Successful su for rubyman by root
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: + ??? root:rubyman
May  6 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338954 of user rubyman.
May  6 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5426]: pam_unix(su:session): session closed for user rubyman
May  6 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338954.
May  6 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5356]: pam_unix(cron:session): session closed for user root
May  6 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2356]: pam_unix(cron:session): session closed for user root
May  6 07:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5355]: pam_unix(cron:session): session closed for user samftp
May  6 07:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Invalid user hadoop from 196.251.84.225
May  6 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: input_userauth_request: invalid user hadoop [preauth]
May  6 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Failed password for invalid user hadoop from 196.251.84.225 port 42410 ssh2
May  6 07:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5736]: Connection closed by 196.251.84.225 port 42410 [preauth]
May  6 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user root
May  6 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Invalid user adrien from 182.180.77.216
May  6 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: input_userauth_request: invalid user adrien [preauth]
May  6 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Failed password for invalid user adrien from 182.180.77.216 port 42648 ssh2
May  6 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Received disconnect from 182.180.77.216 port 42648:11: Bye Bye [preauth]
May  6 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5794]: Disconnected from 182.180.77.216 port 42648 [preauth]
May  6 07:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223  user=root
May  6 07:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Failed password for root from 203.6.232.223 port 42662 ssh2
May  6 07:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Received disconnect from 203.6.232.223 port 42662:11: Bye Bye [preauth]
May  6 07:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Disconnected from 203.6.232.223 port 42662 [preauth]
May  6 07:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Invalid user solana from 196.251.84.225
May  6 07:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: input_userauth_request: invalid user solana [preauth]
May  6 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Failed password for invalid user solana from 196.251.84.225 port 37446 ssh2
May  6 07:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5916]: Connection closed by 196.251.84.225 port 37446 [preauth]
May  6 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5945]: pam_unix(cron:session): session closed for user p13x
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: Successful su for rubyman by root
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: + ??? root:rubyman
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338961 of user rubyman.
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6023]: pam_unix(su:session): session closed for user rubyman
May  6 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338961.
May  6 07:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session closed for user root
May  6 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session closed for user samftp
May  6 07:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Invalid user test from 196.251.84.225
May  6 07:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: input_userauth_request: invalid user test [preauth]
May  6 07:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Failed password for invalid user test from 196.251.84.225 port 34768 ssh2
May  6 07:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Connection closed by 196.251.84.225 port 34768 [preauth]
May  6 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4733]: pam_unix(cron:session): session closed for user root
May  6 07:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Invalid user harsh from 103.195.7.51
May  6 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: input_userauth_request: invalid user harsh [preauth]
May  6 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Failed password for invalid user harsh from 103.195.7.51 port 64820 ssh2
May  6 07:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Received disconnect from 103.195.7.51 port 64820:11: Bye Bye [preauth]
May  6 07:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Disconnected from 103.195.7.51 port 64820 [preauth]
May  6 07:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Invalid user steam from 196.251.84.225
May  6 07:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: input_userauth_request: invalid user steam [preauth]
May  6 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Invalid user ftpuser1 from 85.208.253.217
May  6 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: input_userauth_request: invalid user ftpuser1 [preauth]
May  6 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Failed password for invalid user steam from 196.251.84.225 port 35358 ssh2
May  6 07:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Connection closed by 196.251.84.225 port 35358 [preauth]
May  6 07:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Failed password for invalid user ftpuser1 from 85.208.253.217 port 43834 ssh2
May  6 07:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Received disconnect from 85.208.253.217 port 43834:11: Bye Bye [preauth]
May  6 07:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6350]: Disconnected from 85.208.253.217 port 43834 [preauth]
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6378]: pam_unix(cron:session): session closed for user p13x
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6439]: Successful su for rubyman by root
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6439]: + ??? root:rubyman
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338965 of user rubyman.
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6439]: pam_unix(su:session): session closed for user rubyman
May  6 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338965.
May  6 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3258]: pam_unix(cron:session): session closed for user root
May  6 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6379]: pam_unix(cron:session): session closed for user samftp
May  6 07:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Invalid user tom from 196.251.84.225
May  6 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: input_userauth_request: invalid user tom [preauth]
May  6 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Failed password for invalid user tom from 196.251.84.225 port 56470 ssh2
May  6 07:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6662]: Connection closed by 196.251.84.225 port 56470 [preauth]
May  6 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Invalid user ydu from 217.160.7.83
May  6 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: input_userauth_request: invalid user ydu [preauth]
May  6 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Failed password for invalid user ydu from 217.160.7.83 port 57116 ssh2
May  6 07:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Received disconnect from 217.160.7.83 port 57116:11: Bye Bye [preauth]
May  6 07:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Disconnected from 217.160.7.83 port 57116 [preauth]
May  6 07:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Invalid user ftpuser from 203.6.232.223
May  6 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: input_userauth_request: invalid user ftpuser [preauth]
May  6 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 07:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Failed password for invalid user ftpuser from 203.6.232.223 port 37780 ssh2
May  6 07:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Received disconnect from 203.6.232.223 port 37780:11: Bye Bye [preauth]
May  6 07:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Disconnected from 203.6.232.223 port 37780 [preauth]
May  6 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5358]: pam_unix(cron:session): session closed for user root
May  6 07:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Invalid user steam from 196.251.84.225
May  6 07:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: input_userauth_request: invalid user steam [preauth]
May  6 07:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Failed password for invalid user steam from 196.251.84.225 port 54672 ssh2
May  6 07:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Connection closed by 196.251.84.225 port 54672 [preauth]
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session closed for user p13x
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: Successful su for rubyman by root
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: + ??? root:rubyman
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338968 of user rubyman.
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6853]: pam_unix(su:session): session closed for user rubyman
May  6 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338968.
May  6 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Invalid user admin from 80.94.95.241
May  6 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: input_userauth_request: invalid user admin [preauth]
May  6 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3724]: pam_unix(cron:session): session closed for user root
May  6 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user admin from 80.94.95.241 port 16854 ssh2
May  6 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6793]: pam_unix(cron:session): session closed for user samftp
May  6 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user admin from 80.94.95.241 port 16854 ssh2
May  6 07:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user admin from 80.94.95.241 port 16854 ssh2
May  6 07:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: Invalid user testuser from 196.251.84.225
May  6 07:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: input_userauth_request: invalid user testuser [preauth]
May  6 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user admin from 80.94.95.241 port 16854 ssh2
May  6 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: Failed password for invalid user testuser from 196.251.84.225 port 45272 ssh2
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: Connection closed by 196.251.84.225 port 45272 [preauth]
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Failed password for invalid user admin from 80.94.95.241 port 16854 ssh2
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Received disconnect from 80.94.95.241 port 16854:11: Bye [preauth]
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: Disconnected from 80.94.95.241 port 16854 [preauth]
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6854]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 07:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Failed password for root from 218.92.0.179 port 57052 ssh2
May  6 07:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57052 ssh2]
May  6 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Received disconnect from 218.92.0.179 port 57052:11:  [preauth]
May  6 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: Disconnected from 218.92.0.179 port 57052 [preauth]
May  6 07:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7169]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5948]: pam_unix(cron:session): session closed for user root
May  6 07:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: input_userauth_request: invalid user www-data [preauth]
May  6 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Failed password for invalid user www-data from 196.251.84.225 port 41476 ssh2
May  6 07:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7264]: Connection closed by 196.251.84.225 port 41476 [preauth]
May  6 07:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 07:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for root from 212.33.198.185 port 52762 ssh2
May  6 07:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Received disconnect from 212.33.198.185 port 52762:11: Bye Bye [preauth]
May  6 07:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Disconnected from 212.33.198.185 port 52762 [preauth]
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user p13x
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: Successful su for rubyman by root
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: + ??? root:rubyman
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338972 of user rubyman.
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7380]: pam_unix(su:session): session closed for user rubyman
May  6 07:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338972.
May  6 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session closed for user root
May  6 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user samftp
May  6 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Invalid user plex from 196.251.84.225
May  6 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: input_userauth_request: invalid user plex [preauth]
May  6 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Failed password for invalid user plex from 196.251.84.225 port 44980 ssh2
May  6 07:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7670]: Connection closed by 196.251.84.225 port 44980 [preauth]
May  6 07:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Invalid user steam1 from 203.6.232.223
May  6 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: input_userauth_request: invalid user steam1 [preauth]
May  6 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Failed password for invalid user steam1 from 203.6.232.223 port 34880 ssh2
May  6 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Received disconnect from 203.6.232.223 port 34880:11: Bye Bye [preauth]
May  6 07:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Disconnected from 203.6.232.223 port 34880 [preauth]
May  6 07:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Invalid user dev from 95.216.80.130
May  6 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: input_userauth_request: invalid user dev [preauth]
May  6 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Failed password for invalid user dev from 95.216.80.130 port 58768 ssh2
May  6 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Received disconnect from 95.216.80.130 port 58768:11: Bye Bye [preauth]
May  6 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Disconnected from 95.216.80.130 port 58768 [preauth]
May  6 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 07:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Failed password for root from 107.175.83.197 port 35130 ssh2
May  6 07:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Received disconnect from 107.175.83.197 port 35130:11: Bye Bye [preauth]
May  6 07:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7751]: Disconnected from 107.175.83.197 port 35130 [preauth]
May  6 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6381]: pam_unix(cron:session): session closed for user root
May  6 07:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Invalid user www from 196.251.84.225
May  6 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: input_userauth_request: invalid user www [preauth]
May  6 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Failed password for invalid user www from 196.251.84.225 port 59404 ssh2
May  6 07:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7786]: Connection closed by 196.251.84.225 port 59404 [preauth]
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user root
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session closed for user p13x
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7918]: Successful su for rubyman by root
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7918]: + ??? root:rubyman
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338978 of user rubyman.
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7918]: pam_unix(su:session): session closed for user rubyman
May  6 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338978.
May  6 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user root
May  6 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session closed for user root
May  6 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session closed for user samftp
May  6 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: Invalid user yarn from 196.251.84.225
May  6 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: input_userauth_request: invalid user yarn [preauth]
May  6 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: Failed password for invalid user yarn from 196.251.84.225 port 59056 ssh2
May  6 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8133]: Connection closed by 196.251.84.225 port 59056 [preauth]
May  6 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6795]: pam_unix(cron:session): session closed for user root
May  6 07:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Invalid user ds from 196.251.84.225
May  6 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: input_userauth_request: invalid user ds [preauth]
May  6 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Failed password for invalid user ds from 196.251.84.225 port 35950 ssh2
May  6 07:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Connection closed by 196.251.84.225 port 35950 [preauth]
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user p13x
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8376]: Successful su for rubyman by root
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8376]: + ??? root:rubyman
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338983 of user rubyman.
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8376]: pam_unix(su:session): session closed for user rubyman
May  6 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338983.
May  6 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5357]: pam_unix(cron:session): session closed for user root
May  6 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user samftp
May  6 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Invalid user kodi from 196.251.84.225
May  6 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: input_userauth_request: invalid user kodi [preauth]
May  6 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Invalid user dev from 203.6.232.223
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: input_userauth_request: invalid user dev [preauth]
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Failed password for invalid user kodi from 196.251.84.225 port 35726 ssh2
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8579]: Connection closed by 196.251.84.225 port 35726 [preauth]
May  6 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Invalid user jesa from 182.180.77.216
May  6 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: input_userauth_request: invalid user jesa [preauth]
May  6 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Failed password for invalid user dev from 203.6.232.223 port 45694 ssh2
May  6 07:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Received disconnect from 203.6.232.223 port 45694:11: Bye Bye [preauth]
May  6 07:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8590]: Disconnected from 203.6.232.223 port 45694 [preauth]
May  6 07:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Failed password for invalid user jesa from 182.180.77.216 port 50306 ssh2
May  6 07:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Received disconnect from 182.180.77.216 port 50306:11: Bye Bye [preauth]
May  6 07:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8592]: Disconnected from 182.180.77.216 port 50306 [preauth]
May  6 07:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
May  6 07:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Invalid user amp from 196.251.84.225
May  6 07:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: input_userauth_request: invalid user amp [preauth]
May  6 07:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Failed password for invalid user amp from 196.251.84.225 port 44384 ssh2
May  6 07:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8690]: Connection closed by 196.251.84.225 port 44384 [preauth]
May  6 07:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Failed password for root from 85.208.253.217 port 37192 ssh2
May  6 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Received disconnect from 85.208.253.217 port 37192:11: Bye Bye [preauth]
May  6 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8732]: Disconnected from 85.208.253.217 port 37192 [preauth]
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8754]: pam_unix(cron:session): session closed for user p13x
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: Successful su for rubyman by root
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: + ??? root:rubyman
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338988 of user rubyman.
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: pam_unix(su:session): session closed for user rubyman
May  6 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338988.
May  6 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5947]: pam_unix(cron:session): session closed for user root
May  6 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session closed for user samftp
May  6 07:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Invalid user vagrant from 196.251.84.225
May  6 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: input_userauth_request: invalid user vagrant [preauth]
May  6 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Failed password for invalid user vagrant from 196.251.84.225 port 39190 ssh2
May  6 07:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9014]: Connection closed by 196.251.84.225 port 39190 [preauth]
May  6 07:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Failed password for root from 218.92.0.179 port 18504 ssh2
May  6 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Invalid user adrien from 103.195.7.51
May  6 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: input_userauth_request: invalid user adrien [preauth]
May  6 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Failed password for root from 218.92.0.179 port 18504 ssh2
May  6 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Failed password for invalid user adrien from 103.195.7.51 port 15292 ssh2
May  6 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Received disconnect from 103.195.7.51 port 15292:11: Bye Bye [preauth]
May  6 07:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9050]: Disconnected from 103.195.7.51 port 15292 [preauth]
May  6 07:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Failed password for root from 218.92.0.179 port 18504 ssh2
May  6 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Received disconnect from 218.92.0.179 port 18504:11:  [preauth]
May  6 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: Disconnected from 218.92.0.179 port 18504 [preauth]
May  6 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9047]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session closed for user root
May  6 07:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Invalid user season from 217.160.7.83
May  6 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: input_userauth_request: invalid user season [preauth]
May  6 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Failed password for invalid user season from 217.160.7.83 port 47956 ssh2
May  6 07:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Received disconnect from 217.160.7.83 port 47956:11: Bye Bye [preauth]
May  6 07:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Disconnected from 217.160.7.83 port 47956 [preauth]
May  6 07:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 07:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: input_userauth_request: invalid user sys [preauth]
May  6 07:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  6 07:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Invalid user u from 195.178.110.50
May  6 07:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: input_userauth_request: invalid user u [preauth]
May  6 07:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Failed password for invalid user sys from 196.251.84.225 port 53850 ssh2
May  6 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9206]: Connection closed by 196.251.84.225 port 53850 [preauth]
May  6 07:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Failed password for invalid user u from 195.178.110.50 port 45940 ssh2
May  6 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9074]: Connection closed by 195.178.110.50 port 45940 [preauth]
May  6 07:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session closed for user p13x
May  6 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9363]: Successful su for rubyman by root
May  6 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9363]: + ??? root:rubyman
May  6 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338990 of user rubyman.
May  6 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9363]: pam_unix(su:session): session closed for user rubyman
May  6 07:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338990.
May  6 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Invalid user < from 195.178.110.50
May  6 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: input_userauth_request: invalid user < [preauth]
May  6 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6380]: pam_unix(cron:session): session closed for user root
May  6 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Failed password for invalid user < from 195.178.110.50 port 25856 ssh2
May  6 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session closed for user samftp
May  6 07:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9239]: Connection closed by 195.178.110.50 port 25856 [preauth]
May  6 07:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Invalid user master from 196.251.84.225
May  6 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: input_userauth_request: invalid user master [preauth]
May  6 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Failed password for invalid user master from 196.251.84.225 port 42872 ssh2
May  6 07:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9556]: Connection closed by 196.251.84.225 port 42872 [preauth]
May  6 07:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Invalid user a from 195.178.110.50
May  6 07:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: input_userauth_request: invalid user a [preauth]
May  6 07:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 07:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Failed password for invalid user a from 195.178.110.50 port 6614 ssh2
May  6 07:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Connection closed by 195.178.110.50 port 6614 [preauth]
May  6 07:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user root
May  6 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Failed password for root from 218.92.0.179 port 56264 ssh2
May  6 07:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56264 ssh2]
May  6 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Received disconnect from 218.92.0.179 port 56264:11:  [preauth]
May  6 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: Disconnected from 218.92.0.179 port 56264 [preauth]
May  6 07:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9610]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 07:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Invalid user ( from 195.178.110.50
May  6 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: input_userauth_request: invalid user ( [preauth]
May  6 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 07:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Failed password for root from 212.33.198.185 port 54166 ssh2
May  6 07:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Failed password for invalid user ( from 195.178.110.50 port 3720 ssh2
May  6 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Received disconnect from 212.33.198.185 port 54166:11: Bye Bye [preauth]
May  6 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9651]: Disconnected from 212.33.198.185 port 54166 [preauth]
May  6 07:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Failed password for root from 196.251.84.225 port 49550 ssh2
May  6 07:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9677]: Connection closed by 196.251.84.225 port 49550 [preauth]
May  6 07:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9609]: Connection closed by 195.178.110.50 port 3720 [preauth]
May  6 07:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Invalid user ansadmin from 95.216.80.130
May  6 07:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: input_userauth_request: invalid user ansadmin [preauth]
May  6 07:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Failed password for invalid user ansadmin from 95.216.80.130 port 40558 ssh2
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9712]: pam_unix(cron:session): session closed for user p13x
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Received disconnect from 95.216.80.130 port 40558:11: Bye Bye [preauth]
May  6 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9699]: Disconnected from 95.216.80.130 port 40558 [preauth]
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9838]: Successful su for rubyman by root
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9838]: + ??? root:rubyman
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 338996 of user rubyman.
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9838]: pam_unix(su:session): session closed for user rubyman
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 338996.
May  6 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session closed for user root
May  6 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6794]: pam_unix(cron:session): session closed for user root
May  6 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9713]: pam_unix(cron:session): session closed for user samftp
May  6 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Invalid user M from 195.178.110.50
May  6 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: input_userauth_request: invalid user M [preauth]
May  6 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 07:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Failed password for invalid user M from 195.178.110.50 port 16164 ssh2
May  6 07:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Connection closed by 195.178.110.50 port 16164 [preauth]
May  6 07:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Failed password for root from 107.175.83.197 port 43098 ssh2
May  6 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Received disconnect from 107.175.83.197 port 43098:11: Bye Bye [preauth]
May  6 07:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10090]: Disconnected from 107.175.83.197 port 43098 [preauth]
May  6 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Invalid user www from 196.251.84.225
May  6 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: input_userauth_request: invalid user www [preauth]
May  6 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Failed password for invalid user www from 196.251.84.225 port 37602 ssh2
May  6 07:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10080]: Connection closed by 196.251.84.225 port 37602 [preauth]
May  6 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session closed for user root
May  6 07:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Invalid user ark from 196.251.84.225
May  6 07:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: input_userauth_request: invalid user ark [preauth]
May  6 07:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Failed password for invalid user ark from 196.251.84.225 port 48718 ssh2
May  6 07:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Connection closed by 196.251.84.225 port 48718 [preauth]
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10231]: pam_unix(cron:session): session closed for user root
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10218]: pam_unix(cron:session): session closed for user p13x
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10364]: Successful su for rubyman by root
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10364]: + ??? root:rubyman
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339000 of user rubyman.
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10364]: pam_unix(su:session): session closed for user rubyman
May  6 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339000.
May  6 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10221]: pam_unix(cron:session): session closed for user root
May  6 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user root
May  6 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10220]: pam_unix(cron:session): session closed for user samftp
May  6 07:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Invalid user grafana from 196.251.84.225
May  6 07:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: input_userauth_request: invalid user grafana [preauth]
May  6 07:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Failed password for invalid user grafana from 196.251.84.225 port 49198 ssh2
May  6 07:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Connection closed by 196.251.84.225 port 49198 [preauth]
May  6 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session closed for user root
May  6 07:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Invalid user sonar from 196.251.84.225
May  6 07:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: input_userauth_request: invalid user sonar [preauth]
May  6 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for invalid user sonar from 196.251.84.225 port 35422 ssh2
May  6 07:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Connection closed by 196.251.84.225 port 35422 [preauth]
May  6 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10810]: pam_unix(cron:session): session closed for user p13x
May  6 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10883]: Successful su for rubyman by root
May  6 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10883]: + ??? root:rubyman
May  6 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339005 of user rubyman.
May  6 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10883]: pam_unix(su:session): session closed for user rubyman
May  6 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339005.
May  6 07:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user root
May  6 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10811]: pam_unix(cron:session): session closed for user samftp
May  6 07:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Invalid user vagrant from 196.251.84.225
May  6 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: input_userauth_request: invalid user vagrant [preauth]
May  6 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Failed password for invalid user vagrant from 196.251.84.225 port 45288 ssh2
May  6 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Connection closed by 196.251.84.225 port 45288 [preauth]
May  6 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session closed for user root
May  6 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 07:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Failed password for root from 85.208.253.217 port 41222 ssh2
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Received disconnect from 85.208.253.217 port 41222:11: Bye Bye [preauth]
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Disconnected from 85.208.253.217 port 41222 [preauth]
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Invalid user parth from 182.180.77.216
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: input_userauth_request: invalid user parth [preauth]
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Failed password for invalid user parth from 182.180.77.216 port 57960 ssh2
May  6 07:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Received disconnect from 182.180.77.216 port 57960:11: Bye Bye [preauth]
May  6 07:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Disconnected from 182.180.77.216 port 57960 [preauth]
May  6 07:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11223]: pam_unix(cron:session): session closed for user p13x
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: Successful su for rubyman by root
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: + ??? root:rubyman
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339010 of user rubyman.
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11284]: pam_unix(su:session): session closed for user rubyman
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339010.
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Invalid user palworld from 196.251.84.225
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: input_userauth_request: invalid user palworld [preauth]
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session closed for user root
May  6 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Failed password for invalid user palworld from 196.251.84.225 port 36040 ssh2
May  6 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Connection closed by 196.251.84.225 port 36040 [preauth]
May  6 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session closed for user samftp
May  6 07:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11159]: Connection closed by 203.6.232.223 port 44072 [preauth]
May  6 07:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 07:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for root from 186.233.208.13 port 42184 ssh2
May  6 07:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Received disconnect from 186.233.208.13 port 42184:11: Bye Bye [preauth]
May  6 07:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Disconnected from 186.233.208.13 port 42184 [preauth]
May  6 07:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10230]: pam_unix(cron:session): session closed for user root
May  6 07:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Failed password for root from 196.251.84.225 port 36472 ssh2
May  6 07:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Connection closed by 196.251.84.225 port 36472 [preauth]
May  6 07:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Invalid user guest from 217.160.7.83
May  6 07:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: input_userauth_request: invalid user guest [preauth]
May  6 07:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Failed password for invalid user guest from 217.160.7.83 port 58992 ssh2
May  6 07:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Received disconnect from 217.160.7.83 port 58992:11: Bye Bye [preauth]
May  6 07:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11605]: Disconnected from 217.160.7.83 port 58992 [preauth]
May  6 07:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Invalid user http from 103.195.7.51
May  6 07:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: input_userauth_request: invalid user http [preauth]
May  6 07:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Failed password for invalid user http from 103.195.7.51 port 60218 ssh2
May  6 07:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Received disconnect from 103.195.7.51 port 60218:11: Bye Bye [preauth]
May  6 07:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11615]: Disconnected from 103.195.7.51 port 60218 [preauth]
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session closed for user p13x
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11685]: Successful su for rubyman by root
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11685]: + ??? root:rubyman
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339013 of user rubyman.
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11685]: pam_unix(su:session): session closed for user rubyman
May  6 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339013.
May  6 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session closed for user root
May  6 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session closed for user samftp
May  6 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Invalid user solana from 196.251.84.225
May  6 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: input_userauth_request: invalid user solana [preauth]
May  6 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Failed password for invalid user solana from 196.251.84.225 port 59690 ssh2
May  6 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11869]: Connection closed by 196.251.84.225 port 59690 [preauth]
May  6 07:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Invalid user user from 95.216.80.130
May  6 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: input_userauth_request: invalid user user [preauth]
May  6 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session closed for user root
May  6 07:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Failed password for invalid user user from 95.216.80.130 port 36946 ssh2
May  6 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Received disconnect from 95.216.80.130 port 36946:11: Bye Bye [preauth]
May  6 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11939]: Disconnected from 95.216.80.130 port 36946 [preauth]
May  6 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Failed password for root from 212.33.198.185 port 45900 ssh2
May  6 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Received disconnect from 212.33.198.185 port 45900:11: Bye Bye [preauth]
May  6 07:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11961]: Disconnected from 212.33.198.185 port 45900 [preauth]
May  6 07:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Invalid user git from 196.251.84.225
May  6 07:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: input_userauth_request: invalid user git [preauth]
May  6 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Failed password for invalid user git from 196.251.84.225 port 43120 ssh2
May  6 07:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11971]: Connection closed by 196.251.84.225 port 43120 [preauth]
May  6 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Invalid user admin from 107.175.83.197
May  6 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: input_userauth_request: invalid user admin [preauth]
May  6 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Failed password for invalid user admin from 107.175.83.197 port 51078 ssh2
May  6 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Received disconnect from 107.175.83.197 port 51078:11: Bye Bye [preauth]
May  6 07:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12009]: Disconnected from 107.175.83.197 port 51078 [preauth]
May  6 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12020]: pam_unix(cron:session): session closed for user p13x
May  6 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: Successful su for rubyman by root
May  6 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: + ??? root:rubyman
May  6 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339018 of user rubyman.
May  6 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12078]: pam_unix(su:session): session closed for user rubyman
May  6 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339018.
May  6 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session closed for user root
May  6 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12021]: pam_unix(cron:session): session closed for user samftp
May  6 07:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: Invalid user opc from 196.251.84.225
May  6 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: input_userauth_request: invalid user opc [preauth]
May  6 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: Failed password for invalid user opc from 196.251.84.225 port 36830 ssh2
May  6 07:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12296]: Connection closed by 196.251.84.225 port 36830 [preauth]
May  6 07:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session closed for user root
May  6 07:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12384]: Failed password for root from 196.251.84.225 port 47316 ssh2
May  6 07:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12384]: Connection closed by 196.251.84.225 port 47316 [preauth]
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12430]: pam_unix(cron:session): session closed for user root
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user p13x
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12494]: Successful su for rubyman by root
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12494]: + ??? root:rubyman
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339025 of user rubyman.
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12494]: pam_unix(su:session): session closed for user rubyman
May  6 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339025.
May  6 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session closed for user root
May  6 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session closed for user root
May  6 07:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user samftp
May  6 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 07:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Invalid user master from 196.251.84.225
May  6 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: input_userauth_request: invalid user master [preauth]
May  6 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Failed password for root from 186.233.208.13 port 53898 ssh2
May  6 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Received disconnect from 186.233.208.13 port 53898:11: Bye Bye [preauth]
May  6 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12699]: Disconnected from 186.233.208.13 port 53898 [preauth]
May  6 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Failed password for invalid user master from 196.251.84.225 port 46362 ssh2
May  6 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12701]: Connection closed by 196.251.84.225 port 46362 [preauth]
May  6 07:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Failed password for root from 218.92.0.179 port 38387 ssh2
May  6 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11630]: pam_unix(cron:session): session closed for user root
May  6 07:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Failed password for root from 218.92.0.179 port 38387 ssh2
May  6 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Failed password for root from 218.92.0.179 port 38387 ssh2
May  6 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Received disconnect from 218.92.0.179 port 38387:11:  [preauth]
May  6 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: Disconnected from 218.92.0.179 port 38387 [preauth]
May  6 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12756]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Invalid user admin from 196.251.84.225
May  6 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: input_userauth_request: invalid user admin [preauth]
May  6 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Failed password for invalid user admin from 196.251.84.225 port 41806 ssh2
May  6 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Connection closed by 196.251.84.225 port 41806 [preauth]
May  6 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Invalid user papa from 186.233.208.13
May  6 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: input_userauth_request: invalid user papa [preauth]
May  6 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Failed password for invalid user papa from 186.233.208.13 port 57018 ssh2
May  6 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Received disconnect from 186.233.208.13 port 57018:11: Bye Bye [preauth]
May  6 07:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Disconnected from 186.233.208.13 port 57018 [preauth]
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12854]: pam_unix(cron:session): session closed for user p13x
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12920]: Successful su for rubyman by root
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12920]: + ??? root:rubyman
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339029 of user rubyman.
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12920]: pam_unix(su:session): session closed for user rubyman
May  6 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339029.
May  6 07:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session closed for user root
May  6 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12855]: pam_unix(cron:session): session closed for user samftp
May  6 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: Failed password for root from 196.251.84.225 port 53746 ssh2
May  6 07:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13107]: Connection closed by 196.251.84.225 port 53746 [preauth]
May  6 07:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user root
May  6 07:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Invalid user z from 85.208.253.217
May  6 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: input_userauth_request: invalid user z [preauth]
May  6 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 07:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Failed password for invalid user z from 85.208.253.217 port 36432 ssh2
May  6 07:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Received disconnect from 85.208.253.217 port 36432:11: Bye Bye [preauth]
May  6 07:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Disconnected from 85.208.253.217 port 36432 [preauth]
May  6 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user redis from 196.251.84.225
May  6 07:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user redis [preauth]
May  6 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user redis from 196.251.84.225 port 50340 ssh2
May  6 07:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Connection closed by 196.251.84.225 port 50340 [preauth]
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session closed for user p13x
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13326]: Successful su for rubyman by root
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13326]: + ??? root:rubyman
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339032 of user rubyman.
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13326]: pam_unix(su:session): session closed for user rubyman
May  6 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339032.
May  6 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10812]: pam_unix(cron:session): session closed for user root
May  6 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session closed for user samftp
May  6 07:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Invalid user caddy from 196.251.84.225
May  6 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: input_userauth_request: invalid user caddy [preauth]
May  6 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Failed password for invalid user caddy from 196.251.84.225 port 60366 ssh2
May  6 07:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13609]: Connection closed by 196.251.84.225 port 60366 [preauth]
May  6 07:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Invalid user pepe from 182.180.77.216
May  6 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: input_userauth_request: invalid user pepe [preauth]
May  6 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Failed password for invalid user pepe from 182.180.77.216 port 37384 ssh2
May  6 07:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Received disconnect from 182.180.77.216 port 37384:11: Bye Bye [preauth]
May  6 07:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Disconnected from 182.180.77.216 port 37384 [preauth]
May  6 07:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Invalid user tidb from 186.233.208.13
May  6 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: input_userauth_request: invalid user tidb [preauth]
May  6 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Failed password for invalid user tidb from 186.233.208.13 port 52006 ssh2
May  6 07:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Received disconnect from 186.233.208.13 port 52006:11: Bye Bye [preauth]
May  6 07:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13653]: Disconnected from 186.233.208.13 port 52006 [preauth]
May  6 07:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session closed for user root
May  6 07:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Invalid user www from 196.251.84.225
May  6 07:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: input_userauth_request: invalid user www [preauth]
May  6 07:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Failed password for invalid user www from 196.251.84.225 port 55082 ssh2
May  6 07:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13720]: Connection closed by 196.251.84.225 port 55082 [preauth]
May  6 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session closed for user p13x
May  6 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13834]: Successful su for rubyman by root
May  6 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13834]: + ??? root:rubyman
May  6 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339035 of user rubyman.
May  6 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13834]: pam_unix(su:session): session closed for user rubyman
May  6 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339035.
May  6 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session closed for user root
May  6 07:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Failed password for root from 217.160.7.83 port 60702 ssh2
May  6 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session closed for user samftp
May  6 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Received disconnect from 217.160.7.83 port 60702:11: Bye Bye [preauth]
May  6 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13973]: Disconnected from 217.160.7.83 port 60702 [preauth]
May  6 07:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 07:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: Invalid user minecraft from 196.251.84.225
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: input_userauth_request: invalid user minecraft [preauth]
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: Failed password for root from 95.216.80.130 port 50562 ssh2
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: Received disconnect from 95.216.80.130 port 50562:11: Bye Bye [preauth]
May  6 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14032]: Disconnected from 95.216.80.130 port 50562 [preauth]
May  6 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: Failed password for invalid user minecraft from 196.251.84.225 port 58922 ssh2
May  6 07:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: Connection closed by 196.251.84.225 port 58922 [preauth]
May  6 07:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: Invalid user deb from 103.195.7.51
May  6 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: input_userauth_request: invalid user deb [preauth]
May  6 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: Failed password for invalid user deb from 103.195.7.51 port 41758 ssh2
May  6 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: Received disconnect from 103.195.7.51 port 41758:11: Bye Bye [preauth]
May  6 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14088]: Disconnected from 103.195.7.51 port 41758 [preauth]
May  6 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: Failed password for root from 212.33.198.185 port 46472 ssh2
May  6 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: Received disconnect from 212.33.198.185 port 46472:11: Bye Bye [preauth]
May  6 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14090]: Disconnected from 212.33.198.185 port 46472 [preauth]
May  6 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session closed for user root
May  6 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 07:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Failed password for root from 107.175.83.197 port 59054 ssh2
May  6 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Received disconnect from 107.175.83.197 port 59054:11: Bye Bye [preauth]
May  6 07:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14150]: Disconnected from 107.175.83.197 port 59054 [preauth]
May  6 07:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Invalid user burak from 64.227.136.250
May  6 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: input_userauth_request: invalid user burak [preauth]
May  6 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Invalid user vagrant from 196.251.84.225
May  6 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: input_userauth_request: invalid user vagrant [preauth]
May  6 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Failed password for invalid user burak from 64.227.136.250 port 34700 ssh2
May  6 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Received disconnect from 64.227.136.250 port 34700:11: Bye Bye [preauth]
May  6 07:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Disconnected from 64.227.136.250 port 34700 [preauth]
May  6 07:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Failed password for invalid user vagrant from 196.251.84.225 port 57878 ssh2
May  6 07:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14152]: Connection closed by 196.251.84.225 port 57878 [preauth]
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user p13x
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: Successful su for rubyman by root
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: + ??? root:rubyman
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339040 of user rubyman.
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14244]: pam_unix(su:session): session closed for user rubyman
May  6 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339040.
May  6 07:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Invalid user usertest from 186.233.208.13
May  6 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: input_userauth_request: invalid user usertest [preauth]
May  6 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11629]: pam_unix(cron:session): session closed for user root
May  6 07:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user samftp
May  6 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for invalid user usertest from 186.233.208.13 port 59504 ssh2
May  6 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Received disconnect from 186.233.208.13 port 59504:11: Bye Bye [preauth]
May  6 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Disconnected from 186.233.208.13 port 59504 [preauth]
May  6 07:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Invalid user ubuntu from 196.251.84.225
May  6 07:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Failed password for invalid user ubuntu from 196.251.84.225 port 53872 ssh2
May  6 07:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14461]: Connection closed by 196.251.84.225 port 53872 [preauth]
May  6 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session closed for user root
May  6 07:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Failed password for root from 196.251.84.225 port 46180 ssh2
May  6 07:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Connection closed by 196.251.84.225 port 46180 [preauth]
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14603]: pam_unix(cron:session): session closed for user root
May  6 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session closed for user p13x
May  6 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: Successful su for rubyman by root
May  6 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: + ??? root:rubyman
May  6 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339045 of user rubyman.
May  6 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: pam_unix(su:session): session closed for user rubyman
May  6 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339045.
May  6 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14599]: pam_unix(cron:session): session closed for user root
May  6 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user root
May  6 07:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14598]: pam_unix(cron:session): session closed for user samftp
May  6 07:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Invalid user deploy from 196.251.84.225
May  6 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: input_userauth_request: invalid user deploy [preauth]
May  6 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Failed password for invalid user deploy from 196.251.84.225 port 43390 ssh2
May  6 07:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Connection closed by 196.251.84.225 port 43390 [preauth]
May  6 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session closed for user root
May  6 07:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Failed password for root from 186.233.208.13 port 45050 ssh2
May  6 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Received disconnect from 186.233.208.13 port 45050:11: Bye Bye [preauth]
May  6 07:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14983]: Disconnected from 186.233.208.13 port 45050 [preauth]
May  6 07:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Invalid user drupal from 196.251.84.225
May  6 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: input_userauth_request: invalid user drupal [preauth]
May  6 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for invalid user drupal from 196.251.84.225 port 60288 ssh2
May  6 07:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Connection closed by 196.251.84.225 port 60288 [preauth]
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session closed for user p13x
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15108]: Successful su for rubyman by root
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15108]: + ??? root:rubyman
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339050 of user rubyman.
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15108]: pam_unix(su:session): session closed for user rubyman
May  6 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339050.
May  6 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session closed for user root
May  6 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15044]: pam_unix(cron:session): session closed for user samftp
May  6 07:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Invalid user ubuntu from 196.251.84.225
May  6 07:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Failed password for invalid user ubuntu from 196.251.84.225 port 55254 ssh2
May  6 07:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Connection closed by 196.251.84.225 port 55254 [preauth]
May  6 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14187]: pam_unix(cron:session): session closed for user root
May  6 07:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Invalid user dev from 85.208.253.217
May  6 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: input_userauth_request: invalid user dev [preauth]
May  6 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 07:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Failed password for invalid user dev from 85.208.253.217 port 49374 ssh2
May  6 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Received disconnect from 85.208.253.217 port 49374:11: Bye Bye [preauth]
May  6 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15387]: Disconnected from 85.208.253.217 port 49374 [preauth]
May  6 07:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Failed password for root from 196.251.84.225 port 41800 ssh2
May  6 07:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15419]: Connection closed by 196.251.84.225 port 41800 [preauth]
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15439]: pam_unix(cron:session): session closed for user p13x
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15502]: Successful su for rubyman by root
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15502]: + ??? root:rubyman
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339055 of user rubyman.
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15502]: pam_unix(su:session): session closed for user rubyman
May  6 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339055.
May  6 07:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session closed for user root
May  6 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15440]: pam_unix(cron:session): session closed for user samftp
May  6 07:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Failed password for root from 186.233.208.13 port 55686 ssh2
May  6 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Received disconnect from 186.233.208.13 port 55686:11: Bye Bye [preauth]
May  6 07:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15690]: Disconnected from 186.233.208.13 port 55686 [preauth]
May  6 07:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Invalid user oracle from 196.251.84.225
May  6 07:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: input_userauth_request: invalid user oracle [preauth]
May  6 07:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Failed password for invalid user oracle from 196.251.84.225 port 36760 ssh2
May  6 07:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Connection closed by 196.251.84.225 port 36760 [preauth]
May  6 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14601]: pam_unix(cron:session): session closed for user root
May  6 07:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Invalid user http from 182.180.77.216
May  6 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: input_userauth_request: invalid user http [preauth]
May  6 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Failed password for invalid user http from 182.180.77.216 port 45038 ssh2
May  6 07:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Received disconnect from 182.180.77.216 port 45038:11: Bye Bye [preauth]
May  6 07:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15798]: Disconnected from 182.180.77.216 port 45038 [preauth]
May  6 07:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: Invalid user elasticsearch from 196.251.84.225
May  6 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 07:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: Failed password for invalid user elasticsearch from 196.251.84.225 port 58006 ssh2
May  6 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: Connection closed by 196.251.84.225 port 58006 [preauth]
May  6 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Failed password for root from 95.216.80.130 port 56512 ssh2
May  6 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Received disconnect from 95.216.80.130 port 56512:11: Bye Bye [preauth]
May  6 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Disconnected from 95.216.80.130 port 56512 [preauth]
May  6 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15845]: pam_unix(cron:session): session closed for user p13x
May  6 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15914]: Successful su for rubyman by root
May  6 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15914]: + ??? root:rubyman
May  6 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339057 of user rubyman.
May  6 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15914]: pam_unix(su:session): session closed for user rubyman
May  6 07:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339057.
May  6 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session closed for user root
May  6 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15846]: pam_unix(cron:session): session closed for user samftp
May  6 07:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Failed password for root from 196.251.84.225 port 35036 ssh2
May  6 07:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: Invalid user tym from 217.160.7.83
May  6 07:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: input_userauth_request: invalid user tym [preauth]
May  6 07:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 07:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Connection closed by 196.251.84.225 port 35036 [preauth]
May  6 07:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: Failed password for invalid user tym from 217.160.7.83 port 33504 ssh2
May  6 07:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: Received disconnect from 217.160.7.83 port 33504:11: Bye Bye [preauth]
May  6 07:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16123]: Disconnected from 217.160.7.83 port 33504 [preauth]
May  6 07:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Invalid user dev from 212.33.198.185
May  6 07:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: input_userauth_request: invalid user dev [preauth]
May  6 07:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Failed password for invalid user dev from 212.33.198.185 port 55680 ssh2
May  6 07:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Received disconnect from 212.33.198.185 port 55680:11: Bye Bye [preauth]
May  6 07:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Disconnected from 212.33.198.185 port 55680 [preauth]
May  6 07:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Failed password for root from 107.175.83.197 port 38792 ssh2
May  6 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Received disconnect from 107.175.83.197 port 38792:11: Bye Bye [preauth]
May  6 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Disconnected from 107.175.83.197 port 38792 [preauth]
May  6 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session closed for user root
May  6 07:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 07:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Failed password for root from 186.233.208.13 port 33916 ssh2
May  6 07:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Received disconnect from 186.233.208.13 port 33916:11: Bye Bye [preauth]
May  6 07:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Disconnected from 186.233.208.13 port 33916 [preauth]
May  6 07:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Invalid user xwang from 103.195.7.51
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: input_userauth_request: invalid user xwang [preauth]
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Invalid user gitlab from 196.251.84.225
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: input_userauth_request: invalid user gitlab [preauth]
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Failed password for invalid user xwang from 103.195.7.51 port 40896 ssh2
May  6 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Received disconnect from 103.195.7.51 port 40896:11: Bye Bye [preauth]
May  6 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16230]: Disconnected from 103.195.7.51 port 40896 [preauth]
May  6 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Failed password for invalid user gitlab from 196.251.84.225 port 36762 ssh2
May  6 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Connection closed by 196.251.84.225 port 36762 [preauth]
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session closed for user p13x
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: Successful su for rubyman by root
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: + ??? root:rubyman
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339061 of user rubyman.
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16307]: pam_unix(su:session): session closed for user rubyman
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339061.
May  6 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Invalid user admin from 80.94.95.125
May  6 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: input_userauth_request: invalid user admin [preauth]
May  6 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for invalid user admin from 80.94.95.125 port 29105 ssh2
May  6 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session closed for user root
May  6 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session closed for user samftp
May  6 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for invalid user admin from 80.94.95.125 port 29105 ssh2
May  6 07:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for invalid user admin from 80.94.95.125 port 29105 ssh2
May  6 07:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for invalid user admin from 80.94.95.125 port 29105 ssh2
May  6 07:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Failed password for invalid user admin from 80.94.95.125 port 29105 ssh2
May  6 07:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Received disconnect from 80.94.95.125 port 29105:11: Bye [preauth]
May  6 07:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: Disconnected from 80.94.95.125 port 29105 [preauth]
May  6 07:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 07:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16328]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 07:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: Invalid user ubuntu from 196.251.84.225
May  6 07:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: Failed password for invalid user ubuntu from 196.251.84.225 port 52236 ssh2
May  6 07:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: Connection closed by 196.251.84.225 port 52236 [preauth]
May  6 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session closed for user root
May  6 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 07:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Failed password for root from 196.251.84.225 port 47706 ssh2
May  6 07:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Connection closed by 196.251.84.225 port 47706 [preauth]
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16704]: pam_unix(cron:session): session closed for user root
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session closed for user p13x
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: Successful su for rubyman by root
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: + ??? root:rubyman
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339069 of user rubyman.
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: pam_unix(su:session): session closed for user rubyman
May  6 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339069.
May  6 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session closed for user root
May  6 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14185]: pam_unix(cron:session): session closed for user root
May  6 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session closed for user samftp
May  6 07:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223  user=root
May  6 07:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Failed password for root from 203.6.232.223 port 35328 ssh2
May  6 07:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Received disconnect from 203.6.232.223 port 35328:11: Bye Bye [preauth]
May  6 07:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Disconnected from 203.6.232.223 port 35328 [preauth]
May  6 07:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Invalid user burak from 186.233.208.13
May  6 07:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: input_userauth_request: invalid user burak [preauth]
May  6 07:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Failed password for invalid user burak from 186.233.208.13 port 42722 ssh2
May  6 07:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Received disconnect from 186.233.208.13 port 42722:11: Bye Bye [preauth]
May  6 07:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17018]: Disconnected from 186.233.208.13 port 42722 [preauth]
May  6 07:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Invalid user ubuntu from 196.251.84.225
May  6 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: input_userauth_request: invalid user ubuntu [preauth]
May  6 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Failed password for invalid user ubuntu from 196.251.84.225 port 43600 ssh2
May  6 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17064]: Connection closed by 196.251.84.225 port 43600 [preauth]
May  6 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session closed for user root
May  6 07:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: Invalid user airflow from 196.251.84.225
May  6 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: input_userauth_request: invalid user airflow [preauth]
May  6 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: Failed password for invalid user airflow from 196.251.84.225 port 50032 ssh2
May  6 07:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17153]: Connection closed by 196.251.84.225 port 50032 [preauth]
May  6 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user p13x
May  6 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: Successful su for rubyman by root
May  6 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: + ??? root:rubyman
May  6 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339071 of user rubyman.
May  6 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17232]: pam_unix(su:session): session closed for user rubyman
May  6 07:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339071.
May  6 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14600]: pam_unix(cron:session): session closed for user root
May  6 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session closed for user samftp
May  6 07:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Failed password for root from 218.92.0.179 port 24515 ssh2
May  6 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 24515 ssh2]
May  6 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Received disconnect from 218.92.0.179 port 24515:11:  [preauth]
May  6 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Disconnected from 218.92.0.179 port 24515 [preauth]
May  6 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: Invalid user jito from 196.251.84.225
May  6 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: input_userauth_request: invalid user jito [preauth]
May  6 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: Failed password for invalid user jito from 196.251.84.225 port 38158 ssh2
May  6 07:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17486]: Connection closed by 196.251.84.225 port 38158 [preauth]
May  6 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16253]: pam_unix(cron:session): session closed for user root
May  6 07:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Failed password for root from 85.208.253.217 port 41480 ssh2
May  6 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Received disconnect from 85.208.253.217 port 41480:11: Bye Bye [preauth]
May  6 07:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17534]: Disconnected from 85.208.253.217 port 41480 [preauth]
May  6 07:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Invalid user profesor from 186.233.208.13
May  6 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: input_userauth_request: invalid user profesor [preauth]
May  6 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Failed password for invalid user profesor from 186.233.208.13 port 54476 ssh2
May  6 07:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Received disconnect from 186.233.208.13 port 54476:11: Bye Bye [preauth]
May  6 07:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Disconnected from 186.233.208.13 port 54476 [preauth]
May  6 07:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Invalid user papa from 186.233.208.13
May  6 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: input_userauth_request: invalid user papa [preauth]
May  6 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Failed password for invalid user papa from 186.233.208.13 port 33598 ssh2
May  6 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Received disconnect from 186.233.208.13 port 33598:11: Bye Bye [preauth]
May  6 07:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17578]: Disconnected from 186.233.208.13 port 33598 [preauth]
May  6 07:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Invalid user solana from 196.251.84.225
May  6 07:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: input_userauth_request: invalid user solana [preauth]
May  6 07:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Failed password for invalid user solana from 196.251.84.225 port 46080 ssh2
May  6 07:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17580]: Connection closed by 196.251.84.225 port 46080 [preauth]
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17591]: pam_unix(cron:session): session closed for user p13x
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17660]: Successful su for rubyman by root
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17660]: + ??? root:rubyman
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339075 of user rubyman.
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17660]: pam_unix(su:session): session closed for user rubyman
May  6 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339075.
May  6 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15045]: pam_unix(cron:session): session closed for user root
May  6 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17592]: pam_unix(cron:session): session closed for user samftp
May  6 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Invalid user ranger from 64.227.136.250
May  6 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: input_userauth_request: invalid user ranger [preauth]
May  6 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user ranger from 64.227.136.250 port 44080 ssh2
May  6 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Received disconnect from 64.227.136.250 port 44080:11: Bye Bye [preauth]
May  6 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Disconnected from 64.227.136.250 port 44080 [preauth]
May  6 07:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Invalid user wang from 196.251.84.225
May  6 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: input_userauth_request: invalid user wang [preauth]
May  6 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for invalid user wang from 196.251.84.225 port 53342 ssh2
May  6 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Connection closed by 196.251.84.225 port 53342 [preauth]
May  6 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16703]: pam_unix(cron:session): session closed for user root
May  6 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Invalid user carlo from 95.216.80.130
May  6 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: input_userauth_request: invalid user carlo [preauth]
May  6 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Failed password for invalid user carlo from 95.216.80.130 port 44012 ssh2
May  6 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Received disconnect from 95.216.80.130 port 44012:11: Bye Bye [preauth]
May  6 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18070]: Disconnected from 95.216.80.130 port 44012 [preauth]
May  6 07:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Invalid user mongodb from 196.251.84.225
May  6 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: input_userauth_request: invalid user mongodb [preauth]
May  6 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Failed password for invalid user mongodb from 196.251.84.225 port 44874 ssh2
May  6 07:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18124]: Connection closed by 196.251.84.225 port 44874 [preauth]
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18136]: pam_unix(cron:session): session closed for user p13x
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: Successful su for rubyman by root
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: + ??? root:rubyman
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339081 of user rubyman.
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18197]: pam_unix(su:session): session closed for user rubyman
May  6 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339081.
May  6 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session closed for user root
May  6 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session closed for user samftp
May  6 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Invalid user deb from 182.180.77.216
May  6 07:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: input_userauth_request: invalid user deb [preauth]
May  6 07:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Failed password for invalid user deb from 182.180.77.216 port 52690 ssh2
May  6 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Received disconnect from 182.180.77.216 port 52690:11: Bye Bye [preauth]
May  6 07:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18389]: Disconnected from 182.180.77.216 port 52690 [preauth]
May  6 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Invalid user jean from 107.175.83.197
May  6 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: input_userauth_request: invalid user jean [preauth]
May  6 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 07:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Invalid user user from 212.33.198.185
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: input_userauth_request: invalid user user [preauth]
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Invalid user tri from 186.233.208.13
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: input_userauth_request: invalid user tri [preauth]
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Failed password for invalid user jean from 107.175.83.197 port 46778 ssh2
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Received disconnect from 107.175.83.197 port 46778:11: Bye Bye [preauth]
May  6 07:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Disconnected from 107.175.83.197 port 46778 [preauth]
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Failed password for invalid user user from 212.33.198.185 port 34348 ssh2
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Failed password for invalid user tri from 186.233.208.13 port 46376 ssh2
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Received disconnect from 212.33.198.185 port 34348:11: Bye Bye [preauth]
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Disconnected from 212.33.198.185 port 34348 [preauth]
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Received disconnect from 186.233.208.13 port 46376:11: Bye Bye [preauth]
May  6 07:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Disconnected from 186.233.208.13 port 46376 [preauth]
May  6 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Invalid user dolphin from 196.251.84.225
May  6 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: input_userauth_request: invalid user dolphin [preauth]
May  6 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Failed password for invalid user dolphin from 196.251.84.225 port 59840 ssh2
May  6 07:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Connection closed by 196.251.84.225 port 59840 [preauth]
May  6 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17167]: pam_unix(cron:session): session closed for user root
May  6 07:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 07:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Failed password for root from 217.160.7.83 port 43618 ssh2
May  6 07:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Received disconnect from 217.160.7.83 port 43618:11: Bye Bye [preauth]
May  6 07:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18506]: Disconnected from 217.160.7.83 port 43618 [preauth]
May  6 07:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Invalid user sftpuser from 196.251.84.225
May  6 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: input_userauth_request: invalid user sftpuser [preauth]
May  6 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Failed password for invalid user sftpuser from 196.251.84.225 port 56194 ssh2
May  6 07:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18544]: Connection closed by 196.251.84.225 port 56194 [preauth]
May  6 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18556]: pam_unix(cron:session): session closed for user p13x
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: Successful su for rubyman by root
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: + ??? root:rubyman
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339083 of user rubyman.
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18617]: pam_unix(su:session): session closed for user rubyman
May  6 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339083.
May  6 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session closed for user root
May  6 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18557]: pam_unix(cron:session): session closed for user samftp
May  6 07:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Invalid user pepe from 103.195.7.51
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: input_userauth_request: invalid user pepe [preauth]
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Invalid user rancher from 196.251.84.225
May  6 07:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: input_userauth_request: invalid user rancher [preauth]
May  6 07:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Failed password for invalid user pepe from 103.195.7.51 port 56906 ssh2
May  6 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Received disconnect from 103.195.7.51 port 56906:11: Bye Bye [preauth]
May  6 07:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18874]: Disconnected from 103.195.7.51 port 56906 [preauth]
May  6 07:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Failed password for invalid user rancher from 196.251.84.225 port 38862 ssh2
May  6 07:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18876]: Connection closed by 196.251.84.225 port 38862 [preauth]
May  6 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17594]: pam_unix(cron:session): session closed for user root
May  6 07:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Invalid user sftp from 196.251.84.225
May  6 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: input_userauth_request: invalid user sftp [preauth]
May  6 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 07:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 07:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Failed password for invalid user sftp from 196.251.84.225 port 40908 ssh2
May  6 07:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Invalid user zqliu from 186.233.208.13
May  6 07:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: input_userauth_request: invalid user zqliu [preauth]
May  6 07:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: pam_unix(sshd:auth): check pass; user unknown
May  6 07:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 07:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18954]: Connection closed by 196.251.84.225 port 40908 [preauth]
May  6 08:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Failed password for invalid user zqliu from 186.233.208.13 port 41274 ssh2
May  6 08:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Received disconnect from 186.233.208.13 port 41274:11: Bye Bye [preauth]
May  6 08:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Disconnected from 186.233.208.13 port 41274 [preauth]
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18973]: pam_unix(cron:session): session closed for user root
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session closed for user root
May  6 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session closed for user p13x
May  6 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: Successful su for rubyman by root
May  6 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: + ??? root:rubyman
May  6 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339090 of user rubyman.
May  6 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: pam_unix(su:session): session closed for user rubyman
May  6 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339090.
May  6 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session closed for user root
May  6 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16252]: pam_unix(cron:session): session closed for user root
May  6 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session closed for user samftp
May  6 08:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Invalid user admin from 80.94.95.112
May  6 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: input_userauth_request: invalid user admin [preauth]
May  6 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for invalid user admin from 80.94.95.112 port 45066 ssh2
May  6 08:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for invalid user admin from 80.94.95.112 port 45066 ssh2
May  6 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for invalid user admin from 80.94.95.112 port 45066 ssh2
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Invalid user wordpress from 196.251.84.225
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: input_userauth_request: invalid user wordpress [preauth]
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 08:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for invalid user admin from 80.94.95.112 port 45066 ssh2
May  6 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Failed password for invalid user wordpress from 196.251.84.225 port 43612 ssh2
May  6 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for root from 218.92.0.179 port 43312 ssh2
May  6 08:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19347]: Connection closed by 196.251.84.225 port 43612 [preauth]
May  6 08:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Failed password for invalid user admin from 80.94.95.112 port 45066 ssh2
May  6 08:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Received disconnect from 80.94.95.112 port 45066:11: Bye [preauth]
May  6 08:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: Disconnected from 80.94.95.112 port 45066 [preauth]
May  6 08:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 08:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19331]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 08:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for root from 218.92.0.179 port 43312 ssh2
May  6 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18141]: pam_unix(cron:session): session closed for user root
May  6 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for root from 218.92.0.179 port 43312 ssh2
May  6 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Invalid user emby from 196.251.84.225
May  6 08:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: input_userauth_request: invalid user emby [preauth]
May  6 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Failed password for invalid user emby from 196.251.84.225 port 50650 ssh2
May  6 08:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19472]: Connection closed by 196.251.84.225 port 50650 [preauth]
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19484]: pam_unix(cron:session): session closed for user p13x
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: Successful su for rubyman by root
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: + ??? root:rubyman
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339095 of user rubyman.
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19553]: pam_unix(su:session): session closed for user rubyman
May  6 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339095.
May  6 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session closed for user root
May  6 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19485]: pam_unix(cron:session): session closed for user samftp
May  6 08:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: Invalid user deploy from 196.251.84.225
May  6 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: input_userauth_request: invalid user deploy [preauth]
May  6 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: Failed password for invalid user deploy from 196.251.84.225 port 45582 ssh2
May  6 08:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19794]: Connection closed by 196.251.84.225 port 45582 [preauth]
May  6 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18560]: pam_unix(cron:session): session closed for user root
May  6 08:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: Invalid user baba from 186.233.208.13
May  6 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: input_userauth_request: invalid user baba [preauth]
May  6 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: Failed password for invalid user baba from 186.233.208.13 port 55480 ssh2
May  6 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: Received disconnect from 186.233.208.13 port 55480:11: Bye Bye [preauth]
May  6 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19855]: Disconnected from 186.233.208.13 port 55480 [preauth]
May  6 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Failed password for root from 85.208.253.217 port 38054 ssh2
May  6 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Received disconnect from 85.208.253.217 port 38054:11: Bye Bye [preauth]
May  6 08:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Disconnected from 85.208.253.217 port 38054 [preauth]
May  6 08:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Failed password for root from 196.251.84.225 port 53064 ssh2
May  6 08:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Connection closed by 196.251.84.225 port 53064 [preauth]
May  6 08:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Failed password for root from 193.70.84.184 port 46282 ssh2
May  6 08:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19891]: Connection closed by 193.70.84.184 port 46282 [preauth]
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19921]: pam_unix(cron:session): session closed for user p13x
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: Successful su for rubyman by root
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: + ??? root:rubyman
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339099 of user rubyman.
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19987]: pam_unix(su:session): session closed for user rubyman
May  6 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339099.
May  6 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session closed for user root
May  6 08:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19922]: pam_unix(cron:session): session closed for user samftp
May  6 08:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Failed password for root from 196.251.84.225 port 58394 ssh2
May  6 08:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Connection closed by 196.251.84.225 port 58394 [preauth]
May  6 08:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 08:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20238]: Failed password for root from 95.216.80.130 port 41838 ssh2
May  6 08:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20238]: Received disconnect from 95.216.80.130 port 41838:11: Bye Bye [preauth]
May  6 08:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20238]: Disconnected from 95.216.80.130 port 41838 [preauth]
May  6 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18972]: pam_unix(cron:session): session closed for user root
May  6 08:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20286]: Failed password for root from 186.233.208.13 port 51576 ssh2
May  6 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20286]: Received disconnect from 186.233.208.13 port 51576:11: Bye Bye [preauth]
May  6 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20286]: Disconnected from 186.233.208.13 port 51576 [preauth]
May  6 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Invalid user master from 196.251.84.225
May  6 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: input_userauth_request: invalid user master [preauth]
May  6 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Failed password for invalid user master from 196.251.84.225 port 46542 ssh2
May  6 08:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20301]: Connection closed by 196.251.84.225 port 46542 [preauth]
May  6 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user p13x
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20391]: Successful su for rubyman by root
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20391]: + ??? root:rubyman
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339103 of user rubyman.
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20391]: pam_unix(su:session): session closed for user rubyman
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339103.
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Invalid user tri from 64.227.136.250
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: input_userauth_request: invalid user tri [preauth]
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17593]: pam_unix(cron:session): session closed for user root
May  6 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Failed password for invalid user tri from 64.227.136.250 port 44280 ssh2
May  6 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Received disconnect from 64.227.136.250 port 44280:11: Bye Bye [preauth]
May  6 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20327]: Disconnected from 64.227.136.250 port 44280 [preauth]
May  6 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user samftp
May  6 08:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Invalid user b from 107.175.83.197
May  6 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: input_userauth_request: invalid user b [preauth]
May  6 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 08:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: Failed password for root from 212.33.198.185 port 41000 ssh2
May  6 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: Received disconnect from 212.33.198.185 port 41000:11: Bye Bye [preauth]
May  6 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20590]: Disconnected from 212.33.198.185 port 41000 [preauth]
May  6 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Failed password for invalid user b from 107.175.83.197 port 54776 ssh2
May  6 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Received disconnect from 107.175.83.197 port 54776:11: Bye Bye [preauth]
May  6 08:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20592]: Disconnected from 107.175.83.197 port 54776 [preauth]
May  6 08:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Failed password for root from 186.233.208.13 port 42940 ssh2
May  6 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Received disconnect from 186.233.208.13 port 42940:11: Bye Bye [preauth]
May  6 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Disconnected from 186.233.208.13 port 42940 [preauth]
May  6 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: input_userauth_request: invalid user uucp [preauth]
May  6 08:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  6 08:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: Failed password for invalid user uucp from 196.251.84.225 port 51646 ssh2
May  6 08:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20617]: Connection closed by 196.251.84.225 port 51646 [preauth]
May  6 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19487]: pam_unix(cron:session): session closed for user root
May  6 08:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Invalid user julio from 182.180.77.216
May  6 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: input_userauth_request: invalid user julio [preauth]
May  6 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 08:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: Invalid user testuser from 196.251.84.225
May  6 08:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: input_userauth_request: invalid user testuser [preauth]
May  6 08:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Failed password for invalid user julio from 182.180.77.216 port 60346 ssh2
May  6 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Received disconnect from 182.180.77.216 port 60346:11: Bye Bye [preauth]
May  6 08:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20712]: Disconnected from 182.180.77.216 port 60346 [preauth]
May  6 08:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: Failed password for invalid user testuser from 196.251.84.225 port 48238 ssh2
May  6 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20714]: Connection closed by 196.251.84.225 port 48238 [preauth]
May  6 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Invalid user help from 164.68.105.9
May  6 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: input_userauth_request: invalid user help [preauth]
May  6 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 08:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Failed password for invalid user help from 164.68.105.9 port 50306 ssh2
May  6 08:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20725]: Connection closed by 164.68.105.9 port 50306 [preauth]
May  6 08:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Invalid user akbar from 217.160.7.83
May  6 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: input_userauth_request: invalid user akbar [preauth]
May  6 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Failed password for invalid user akbar from 217.160.7.83 port 49164 ssh2
May  6 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Received disconnect from 217.160.7.83 port 49164:11: Bye Bye [preauth]
May  6 08:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20736]: Disconnected from 217.160.7.83 port 49164 [preauth]
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session closed for user p13x
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20811]: Successful su for rubyman by root
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20811]: + ??? root:rubyman
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339106 of user rubyman.
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20811]: pam_unix(su:session): session closed for user rubyman
May  6 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339106.
May  6 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18140]: pam_unix(cron:session): session closed for user root
May  6 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session closed for user samftp
May  6 08:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: Invalid user git from 196.251.84.225
May  6 08:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: input_userauth_request: invalid user git [preauth]
May  6 08:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: Failed password for invalid user git from 196.251.84.225 port 33838 ssh2
May  6 08:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21037]: Connection closed by 196.251.84.225 port 33838 [preauth]
May  6 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19924]: pam_unix(cron:session): session closed for user root
May  6 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Invalid user airflow from 196.251.84.225
May  6 08:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: input_userauth_request: invalid user airflow [preauth]
May  6 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: Failed password for root from 186.233.208.13 port 59562 ssh2
May  6 08:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: Received disconnect from 186.233.208.13 port 59562:11: Bye Bye [preauth]
May  6 08:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21132]: Disconnected from 186.233.208.13 port 59562 [preauth]
May  6 08:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Failed password for invalid user airflow from 196.251.84.225 port 56830 ssh2
May  6 08:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21134]: Connection closed by 196.251.84.225 port 56830 [preauth]
May  6 08:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  6 08:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21153]: Failed password for root from 50.235.31.47 port 50202 ssh2
May  6 08:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21153]: Connection closed by 50.235.31.47 port 50202 [preauth]
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session closed for user root
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21166]: pam_unix(cron:session): session closed for user p13x
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: Successful su for rubyman by root
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: + ??? root:rubyman
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339110 of user rubyman.
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21270]: pam_unix(su:session): session closed for user rubyman
May  6 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339110.
May  6 08:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session closed for user root
May  6 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Invalid user bodega from 103.195.7.51
May  6 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: input_userauth_request: invalid user bodega [preauth]
May  6 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18559]: pam_unix(cron:session): session closed for user root
May  6 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Failed password for invalid user bodega from 103.195.7.51 port 23490 ssh2
May  6 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Received disconnect from 103.195.7.51 port 23490:11: Bye Bye [preauth]
May  6 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21380]: Disconnected from 103.195.7.51 port 23490 [preauth]
May  6 08:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21167]: pam_unix(cron:session): session closed for user samftp
May  6 08:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: Invalid user zabbix from 196.251.84.225
May  6 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: input_userauth_request: invalid user zabbix [preauth]
May  6 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: Failed password for invalid user zabbix from 196.251.84.225 port 52990 ssh2
May  6 08:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21494]: Connection closed by 196.251.84.225 port 52990 [preauth]
May  6 08:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20333]: pam_unix(cron:session): session closed for user root
May  6 08:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Invalid user node from 196.251.84.225
May  6 08:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: input_userauth_request: invalid user node [preauth]
May  6 08:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Failed password for invalid user node from 196.251.84.225 port 54508 ssh2
May  6 08:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21603]: Connection closed by 196.251.84.225 port 54508 [preauth]
May  6 08:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Invalid user bbx from 203.6.232.223
May  6 08:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: input_userauth_request: invalid user bbx [preauth]
May  6 08:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 08:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Failed password for invalid user bbx from 203.6.232.223 port 55002 ssh2
May  6 08:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Received disconnect from 203.6.232.223 port 55002:11: Bye Bye [preauth]
May  6 08:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Disconnected from 203.6.232.223 port 55002 [preauth]
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21677]: pam_unix(cron:session): session closed for user p13x
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: Successful su for rubyman by root
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: + ??? root:rubyman
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339118 of user rubyman.
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21834]: pam_unix(su:session): session closed for user rubyman
May  6 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339118.
May  6 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18971]: pam_unix(cron:session): session closed for user root
May  6 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21678]: pam_unix(cron:session): session closed for user samftp
May  6 08:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Invalid user user from 196.251.84.225
May  6 08:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: input_userauth_request: invalid user user [preauth]
May  6 08:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Failed password for invalid user user from 196.251.84.225 port 49464 ssh2
May  6 08:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22235]: Connection closed by 196.251.84.225 port 49464 [preauth]
May  6 08:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Invalid user zeshan from 186.233.208.13
May  6 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: input_userauth_request: invalid user zeshan [preauth]
May  6 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Failed password for invalid user zeshan from 186.233.208.13 port 45764 ssh2
May  6 08:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Received disconnect from 186.233.208.13 port 45764:11: Bye Bye [preauth]
May  6 08:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Disconnected from 186.233.208.13 port 45764 [preauth]
May  6 08:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Invalid user hdoop from 85.208.253.217
May  6 08:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: input_userauth_request: invalid user hdoop [preauth]
May  6 08:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 08:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Failed password for invalid user hdoop from 85.208.253.217 port 60462 ssh2
May  6 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Received disconnect from 85.208.253.217 port 60462:11: Bye Bye [preauth]
May  6 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22322]: Disconnected from 85.208.253.217 port 60462 [preauth]
May  6 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20751]: pam_unix(cron:session): session closed for user root
May  6 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: Invalid user testuser from 196.251.84.225
May  6 08:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: input_userauth_request: invalid user testuser [preauth]
May  6 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: Failed password for invalid user testuser from 196.251.84.225 port 33488 ssh2
May  6 08:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22356]: Connection closed by 196.251.84.225 port 33488 [preauth]
May  6 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Invalid user vbukhari from 46.244.96.25
May  6 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: input_userauth_request: invalid user vbukhari [preauth]
May  6 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Failed password for invalid user vbukhari from 46.244.96.25 port 60170 ssh2
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22422]: Connection closed by 46.244.96.25 port 60170 [preauth]
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22435]: pam_unix(cron:session): session closed for user p13x
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22506]: Successful su for rubyman by root
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22506]: + ??? root:rubyman
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339122 of user rubyman.
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22506]: pam_unix(su:session): session closed for user rubyman
May  6 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339122.
May  6 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19486]: pam_unix(cron:session): session closed for user root
May  6 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Invalid user nagios from 196.251.84.225
May  6 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: input_userauth_request: invalid user nagios [preauth]
May  6 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session closed for user samftp
May  6 08:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Invalid user z from 95.216.80.130
May  6 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: input_userauth_request: invalid user z [preauth]
May  6 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Failed password for invalid user nagios from 196.251.84.225 port 39626 ssh2
May  6 08:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22683]: Connection closed by 196.251.84.225 port 39626 [preauth]
May  6 08:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Failed password for invalid user z from 95.216.80.130 port 54312 ssh2
May  6 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Received disconnect from 95.216.80.130 port 54312:11: Bye Bye [preauth]
May  6 08:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22708]: Disconnected from 95.216.80.130 port 54312 [preauth]
May  6 08:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session closed for user root
May  6 08:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22790]: Failed password for root from 196.251.84.225 port 59278 ssh2
May  6 08:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22790]: Connection closed by 196.251.84.225 port 59278 [preauth]
May  6 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: Invalid user ranger from 186.233.208.13
May  6 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: input_userauth_request: invalid user ranger [preauth]
May  6 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22855]: Failed password for root from 107.175.83.197 port 34534 ssh2
May  6 08:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22855]: Received disconnect from 107.175.83.197 port 34534:11: Bye Bye [preauth]
May  6 08:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22855]: Disconnected from 107.175.83.197 port 34534 [preauth]
May  6 08:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: Failed password for invalid user ranger from 186.233.208.13 port 58660 ssh2
May  6 08:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: Received disconnect from 186.233.208.13 port 58660:11: Bye Bye [preauth]
May  6 08:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22852]: Disconnected from 186.233.208.13 port 58660 [preauth]
May  6 08:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: Failed password for root from 212.33.198.185 port 44008 ssh2
May  6 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: Received disconnect from 212.33.198.185 port 44008:11: Bye Bye [preauth]
May  6 08:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22877]: Disconnected from 212.33.198.185 port 44008 [preauth]
May  6 08:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user p13x
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: Invalid user puppet from 196.251.84.225
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: input_userauth_request: invalid user puppet [preauth]
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22996]: Successful su for rubyman by root
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22996]: + ??? root:rubyman
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339124 of user rubyman.
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22996]: pam_unix(su:session): session closed for user rubyman
May  6 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339124.
May  6 08:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Failed password for root from 218.92.0.206 port 30874 ssh2
May  6 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: Failed password for invalid user puppet from 196.251.84.225 port 44938 ssh2
May  6 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22894]: Connection closed by 196.251.84.225 port 44938 [preauth]
May  6 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19923]: pam_unix(cron:session): session closed for user root
May  6 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Failed password for root from 218.92.0.206 port 30874 ssh2
May  6 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user samftp
May  6 08:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Failed password for root from 218.92.0.206 port 30874 ssh2
May  6 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 30874 ssh2]
May  6 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 30874 ssh2 [preauth]
May  6 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: Disconnecting: Too many authentication failures [preauth]
May  6 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  6 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22889]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 08:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Invalid user gr from 203.6.232.223
May  6 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: input_userauth_request: invalid user gr [preauth]
May  6 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 08:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Failed password for invalid user gr from 203.6.232.223 port 42202 ssh2
May  6 08:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Invalid user subsonic from 196.251.84.225
May  6 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: input_userauth_request: invalid user subsonic [preauth]
May  6 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23250]: Failed password for root from 186.233.208.13 port 48402 ssh2
May  6 08:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23250]: Received disconnect from 186.233.208.13 port 48402:11: Bye Bye [preauth]
May  6 08:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23250]: Disconnected from 186.233.208.13 port 48402 [preauth]
May  6 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Failed password for invalid user subsonic from 196.251.84.225 port 57272 ssh2
May  6 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21680]: pam_unix(cron:session): session closed for user root
May  6 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: Connection closed by 196.251.84.225 port 57272 [preauth]
May  6 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 08:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Failed password for root from 64.227.136.250 port 52712 ssh2
May  6 08:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Received disconnect from 64.227.136.250 port 52712:11: Bye Bye [preauth]
May  6 08:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Disconnected from 64.227.136.250 port 52712 [preauth]
May  6 08:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Invalid user ubuntu from 196.251.84.225
May  6 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: input_userauth_request: invalid user ubuntu [preauth]
May  6 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Failed password for invalid user ubuntu from 196.251.84.225 port 54902 ssh2
May  6 08:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 196.251.84.225 port 54902 [preauth]
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session closed for user p13x
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23566]: Successful su for rubyman by root
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23566]: + ??? root:rubyman
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339130 of user rubyman.
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23566]: pam_unix(su:session): session closed for user rubyman
May  6 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339130.
May  6 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23441]: pam_unix(cron:session): session closed for user root
May  6 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20332]: pam_unix(cron:session): session closed for user root
May  6 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user samftp
May  6 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Invalid user brandon from 217.160.7.83
May  6 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: input_userauth_request: invalid user brandon [preauth]
May  6 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Failed password for invalid user brandon from 217.160.7.83 port 33532 ssh2
May  6 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Received disconnect from 217.160.7.83 port 33532:11: Bye Bye [preauth]
May  6 08:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23879]: Disconnected from 217.160.7.83 port 33532 [preauth]
May  6 08:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Invalid user pdv from 182.180.77.216
May  6 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: input_userauth_request: invalid user pdv [preauth]
May  6 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 08:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Failed password for invalid user pdv from 182.180.77.216 port 39768 ssh2
May  6 08:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Received disconnect from 182.180.77.216 port 39768:11: Bye Bye [preauth]
May  6 08:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Disconnected from 182.180.77.216 port 39768 [preauth]
May  6 08:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Invalid user ftpuser from 186.233.208.13
May  6 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: input_userauth_request: invalid user ftpuser [preauth]
May  6 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Failed password for invalid user ftpuser from 186.233.208.13 port 53866 ssh2
May  6 08:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Received disconnect from 186.233.208.13 port 53866:11: Bye Bye [preauth]
May  6 08:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23954]: Disconnected from 186.233.208.13 port 53866 [preauth]
May  6 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Failed password for root from 196.251.84.225 port 54032 ssh2
May  6 08:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23956]: Connection closed by 196.251.84.225 port 54032 [preauth]
May  6 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22439]: pam_unix(cron:session): session closed for user root
May  6 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Invalid user git from 196.251.84.225
May  6 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: input_userauth_request: invalid user git [preauth]
May  6 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Failed password for invalid user git from 196.251.84.225 port 43932 ssh2
May  6 08:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24048]: Connection closed by 196.251.84.225 port 43932 [preauth]
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24072]: pam_unix(cron:session): session closed for user root
May  6 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session closed for user p13x
May  6 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: Successful su for rubyman by root
May  6 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: + ??? root:rubyman
May  6 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339136 of user rubyman.
May  6 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24134]: pam_unix(su:session): session closed for user rubyman
May  6 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339136.
May  6 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session closed for user root
May  6 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session closed for user root
May  6 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session closed for user samftp
May  6 08:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24343]: Connection closed by 148.113.210.228 port 48676 [preauth]
May  6 08:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Invalid user lsb from 196.251.84.225
May  6 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: input_userauth_request: invalid user lsb [preauth]
May  6 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Failed password for invalid user lsb from 196.251.84.225 port 49648 ssh2
May  6 08:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Connection closed by 196.251.84.225 port 49648 [preauth]
May  6 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session closed for user root
May  6 08:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: Invalid user linh from 103.195.7.51
May  6 08:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: input_userauth_request: invalid user linh [preauth]
May  6 08:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: Failed password for invalid user linh from 103.195.7.51 port 16258 ssh2
May  6 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: Received disconnect from 103.195.7.51 port 16258:11: Bye Bye [preauth]
May  6 08:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24476]: Disconnected from 103.195.7.51 port 16258 [preauth]
May  6 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Invalid user temp from 203.6.232.223
May  6 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: input_userauth_request: invalid user temp [preauth]
May  6 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.6.232.223
May  6 08:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Failed password for invalid user temp from 203.6.232.223 port 46898 ssh2
May  6 08:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Received disconnect from 203.6.232.223 port 46898:11: Bye Bye [preauth]
May  6 08:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24510]: Disconnected from 203.6.232.223 port 46898 [preauth]
May  6 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Failed password for root from 196.251.84.225 port 33820 ssh2
May  6 08:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24520]: Connection closed by 196.251.84.225 port 33820 [preauth]
May  6 08:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for root from 186.233.208.13 port 42636 ssh2
May  6 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Received disconnect from 186.233.208.13 port 42636:11: Bye Bye [preauth]
May  6 08:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Disconnected from 186.233.208.13 port 42636 [preauth]
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24547]: pam_unix(cron:session): session closed for user p13x
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: Successful su for rubyman by root
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: + ??? root:rubyman
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339139 of user rubyman.
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24623]: pam_unix(su:session): session closed for user rubyman
May  6 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339139.
May  6 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21169]: pam_unix(cron:session): session closed for user root
May  6 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24548]: pam_unix(cron:session): session closed for user samftp
May  6 08:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Invalid user sol from 196.251.84.225
May  6 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: input_userauth_request: invalid user sol [preauth]
May  6 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 08:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Failed password for invalid user sol from 196.251.84.225 port 50986 ssh2
May  6 08:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24864]: Connection closed by 196.251.84.225 port 50986 [preauth]
May  6 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Failed password for root from 85.208.253.217 port 43344 ssh2
May  6 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Received disconnect from 85.208.253.217 port 43344:11: Bye Bye [preauth]
May  6 08:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Disconnected from 85.208.253.217 port 43344 [preauth]
May  6 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
May  6 08:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 08:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: Failed password for root from 95.216.80.130 port 41456 ssh2
May  6 08:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: Received disconnect from 95.216.80.130 port 41456:11: Bye Bye [preauth]
May  6 08:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24956]: Disconnected from 95.216.80.130 port 41456 [preauth]
May  6 08:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24978]: pam_unix(cron:session): session closed for user p13x
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: Successful su for rubyman by root
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: + ??? root:rubyman
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339144 of user rubyman.
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25041]: pam_unix(su:session): session closed for user rubyman
May  6 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339144.
May  6 08:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21679]: pam_unix(cron:session): session closed for user root
May  6 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Failed password for root from 196.251.84.225 port 39958 ssh2
May  6 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24966]: Connection closed by 196.251.84.225 port 39958 [preauth]
May  6 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session closed for user samftp
May  6 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Invalid user dimas from 107.175.83.197
May  6 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: input_userauth_request: invalid user dimas [preauth]
May  6 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 08:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Invalid user factorio from 196.251.84.225
May  6 08:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: input_userauth_request: invalid user factorio [preauth]
May  6 08:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Failed password for invalid user dimas from 107.175.83.197 port 42514 ssh2
May  6 08:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Received disconnect from 107.175.83.197 port 42514:11: Bye Bye [preauth]
May  6 08:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Disconnected from 107.175.83.197 port 42514 [preauth]
May  6 08:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Failed password for invalid user factorio from 196.251.84.225 port 57684 ssh2
May  6 08:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25295]: Connection closed by 196.251.84.225 port 57684 [preauth]
May  6 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24071]: pam_unix(cron:session): session closed for user root
May  6 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: Invalid user lhb from 186.233.208.13
May  6 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: input_userauth_request: invalid user lhb [preauth]
May  6 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: Failed password for invalid user lhb from 186.233.208.13 port 40572 ssh2
May  6 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: Received disconnect from 186.233.208.13 port 40572:11: Bye Bye [preauth]
May  6 08:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25324]: Disconnected from 186.233.208.13 port 40572 [preauth]
May  6 08:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 08:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25375]: Failed password for root from 212.33.198.185 port 50302 ssh2
May  6 08:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25375]: Received disconnect from 212.33.198.185 port 50302:11: Bye Bye [preauth]
May  6 08:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25375]: Disconnected from 212.33.198.185 port 50302 [preauth]
May  6 08:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Invalid user opc from 196.251.84.225
May  6 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: input_userauth_request: invalid user opc [preauth]
May  6 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Failed password for invalid user opc from 196.251.84.225 port 58428 ssh2
May  6 08:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Connection closed by 196.251.84.225 port 58428 [preauth]
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session closed for user p13x
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25469]: Successful su for rubyman by root
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25469]: + ??? root:rubyman
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339149 of user rubyman.
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25469]: pam_unix(su:session): session closed for user rubyman
May  6 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339149.
May  6 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session closed for user root
May  6 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session closed for user samftp
May  6 08:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Failed password for root from 196.251.84.225 port 46306 ssh2
May  6 08:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Connection closed by 196.251.84.225 port 46306 [preauth]
May  6 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24550]: pam_unix(cron:session): session closed for user root
May  6 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Invalid user omsagent from 196.251.84.225
May  6 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: input_userauth_request: invalid user omsagent [preauth]
May  6 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Failed password for invalid user omsagent from 196.251.84.225 port 43028 ssh2
May  6 08:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25877]: Connection closed by 196.251.84.225 port 43028 [preauth]
May  6 08:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25892]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25891]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25891]: pam_unix(cron:session): session closed for user p13x
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25970]: Successful su for rubyman by root
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25970]: + ??? root:rubyman
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339152 of user rubyman.
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25970]: pam_unix(su:session): session closed for user rubyman
May  6 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339152.
May  6 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Invalid user tidb from 64.227.136.250
May  6 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: input_userauth_request: invalid user tidb [preauth]
May  6 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Failed password for invalid user tidb from 64.227.136.250 port 47604 ssh2
May  6 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Received disconnect from 64.227.136.250 port 47604:11: Bye Bye [preauth]
May  6 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25887]: Disconnected from 64.227.136.250 port 47604 [preauth]
May  6 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session closed for user root
May  6 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25892]: pam_unix(cron:session): session closed for user samftp
May  6 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: Failed password for root from 186.233.208.13 port 57716 ssh2
May  6 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: Received disconnect from 186.233.208.13 port 57716:11: Bye Bye [preauth]
May  6 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26169]: Disconnected from 186.233.208.13 port 57716 [preauth]
May  6 08:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Failed password for root from 186.233.208.13 port 41030 ssh2
May  6 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Invalid user elastic from 196.251.84.225
May  6 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: input_userauth_request: invalid user elastic [preauth]
May  6 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Received disconnect from 186.233.208.13 port 41030:11: Bye Bye [preauth]
May  6 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Disconnected from 186.233.208.13 port 41030 [preauth]
May  6 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Failed password for invalid user elastic from 196.251.84.225 port 45504 ssh2
May  6 08:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26201]: Connection closed by 196.251.84.225 port 45504 [preauth]
May  6 08:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: Failed password for root from 217.160.7.83 port 41678 ssh2
May  6 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: Received disconnect from 217.160.7.83 port 41678:11: Bye Bye [preauth]
May  6 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26224]: Disconnected from 217.160.7.83 port 41678 [preauth]
May  6 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session closed for user root
May  6 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Invalid user vps from 182.180.77.216
May  6 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: input_userauth_request: invalid user vps [preauth]
May  6 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.180.77.216
May  6 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Failed password for invalid user vps from 182.180.77.216 port 47414 ssh2
May  6 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Received disconnect from 182.180.77.216 port 47414:11: Bye Bye [preauth]
May  6 08:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Disconnected from 182.180.77.216 port 47414 [preauth]
May  6 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: Invalid user hadoop from 196.251.84.225
May  6 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: input_userauth_request: invalid user hadoop [preauth]
May  6 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: Failed password for invalid user hadoop from 196.251.84.225 port 47446 ssh2
May  6 08:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26304]: Connection closed by 196.251.84.225 port 47446 [preauth]
May  6 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26324]: pam_unix(cron:session): session closed for user root
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26315]: pam_unix(cron:session): session closed for user p13x
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26392]: Successful su for rubyman by root
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26392]: + ??? root:rubyman
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339159 of user rubyman.
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26392]: pam_unix(su:session): session closed for user rubyman
May  6 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339159.
May  6 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user root
May  6 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26321]: pam_unix(cron:session): session closed for user root
May  6 08:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26320]: pam_unix(cron:session): session closed for user samftp
May  6 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Invalid user dstserver from 196.251.84.225
May  6 08:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: input_userauth_request: invalid user dstserver [preauth]
May  6 08:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.107.221  user=root
May  6 08:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Failed password for invalid user dstserver from 196.251.84.225 port 58724 ssh2
May  6 08:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26718]: Connection closed by 196.251.84.225 port 58724 [preauth]
May  6 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Failed password for root from 14.103.107.221 port 35684 ssh2
May  6 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Received disconnect from 14.103.107.221 port 35684:11: Bye Bye [preauth]
May  6 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Disconnected from 14.103.107.221 port 35684 [preauth]
May  6 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25412]: pam_unix(cron:session): session closed for user root
May  6 08:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26813]: Failed password for root from 196.251.84.225 port 39914 ssh2
May  6 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26813]: Connection closed by 196.251.84.225 port 39914 [preauth]
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26835]: pam_unix(cron:session): session closed for user p13x
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26907]: Successful su for rubyman by root
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26907]: + ??? root:rubyman
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339161 of user rubyman.
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26907]: pam_unix(su:session): session closed for user rubyman
May  6 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339161.
May  6 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session closed for user root
May  6 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26836]: pam_unix(cron:session): session closed for user samftp
May  6 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Invalid user lorena from 103.195.7.51
May  6 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: input_userauth_request: invalid user lorena [preauth]
May  6 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.195.7.51
May  6 08:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Failed password for invalid user lorena from 103.195.7.51 port 32170 ssh2
May  6 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Received disconnect from 103.195.7.51 port 32170:11: Bye Bye [preauth]
May  6 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27162]: Disconnected from 103.195.7.51 port 32170 [preauth]
May  6 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Invalid user gitlab-psql from 196.251.84.225
May  6 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: input_userauth_request: invalid user gitlab-psql [preauth]
May  6 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Failed password for invalid user gitlab-psql from 196.251.84.225 port 48394 ssh2
May  6 08:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27196]: Connection closed by 196.251.84.225 port 48394 [preauth]
May  6 08:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25895]: pam_unix(cron:session): session closed for user root
May  6 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217  user=root
May  6 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27242]: Failed password for root from 85.208.253.217 port 40498 ssh2
May  6 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27242]: Received disconnect from 85.208.253.217 port 40498:11: Bye Bye [preauth]
May  6 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27242]: Disconnected from 85.208.253.217 port 40498 [preauth]
May  6 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Failed password for root from 95.216.80.130 port 44570 ssh2
May  6 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Received disconnect from 95.216.80.130 port 44570:11: Bye Bye [preauth]
May  6 08:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Disconnected from 95.216.80.130 port 44570 [preauth]
May  6 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Invalid user uftp from 196.251.84.225
May  6 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: input_userauth_request: invalid user uftp [preauth]
May  6 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Failed password for invalid user uftp from 196.251.84.225 port 51182 ssh2
May  6 08:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27291]: Connection closed by 196.251.84.225 port 51182 [preauth]
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27344]: pam_unix(cron:session): session closed for user root
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user p13x
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: Successful su for rubyman by root
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: + ??? root:rubyman
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339165 of user rubyman.
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27440]: pam_unix(su:session): session closed for user rubyman
May  6 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339165.
May  6 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24549]: pam_unix(cron:session): session closed for user root
May  6 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27348]: pam_unix(cron:session): session closed for user samftp
May  6 08:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: Invalid user sol from 196.251.84.225
May  6 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: input_userauth_request: invalid user sol [preauth]
May  6 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: Failed password for invalid user sol from 196.251.84.225 port 60482 ssh2
May  6 08:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27656]: Connection closed by 196.251.84.225 port 60482 [preauth]
May  6 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: Invalid user game from 107.175.83.197
May  6 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: input_userauth_request: invalid user game [preauth]
May  6 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: Failed password for invalid user game from 107.175.83.197 port 50488 ssh2
May  6 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: Received disconnect from 107.175.83.197 port 50488:11: Bye Bye [preauth]
May  6 08:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27688]: Disconnected from 107.175.83.197 port 50488 [preauth]
May  6 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26323]: pam_unix(cron:session): session closed for user root
May  6 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Invalid user es from 196.251.84.225
May  6 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: input_userauth_request: invalid user es [preauth]
May  6 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Failed password for invalid user es from 196.251.84.225 port 58372 ssh2
May  6 08:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27749]: Connection closed by 196.251.84.225 port 58372 [preauth]
May  6 08:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Invalid user ansadmin from 212.33.198.185
May  6 08:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: input_userauth_request: invalid user ansadmin [preauth]
May  6 08:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 08:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Failed password for invalid user ansadmin from 212.33.198.185 port 35794 ssh2
May  6 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Received disconnect from 212.33.198.185 port 35794:11: Bye Bye [preauth]
May  6 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Disconnected from 212.33.198.185 port 35794 [preauth]
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27813]: pam_unix(cron:session): session closed for user p13x
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27881]: Successful su for rubyman by root
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27881]: + ??? root:rubyman
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339170 of user rubyman.
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27881]: pam_unix(su:session): session closed for user rubyman
May  6 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339170.
May  6 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Invalid user solr from 196.251.84.225
May  6 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: input_userauth_request: invalid user solr [preauth]
May  6 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24980]: pam_unix(cron:session): session closed for user root
May  6 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27814]: pam_unix(cron:session): session closed for user samftp
May  6 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Failed password for invalid user solr from 196.251.84.225 port 35316 ssh2
May  6 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28017]: Connection closed by 196.251.84.225 port 35316 [preauth]
May  6 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Invalid user plex from 196.251.84.225
May  6 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: input_userauth_request: invalid user plex [preauth]
May  6 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26838]: pam_unix(cron:session): session closed for user root
May  6 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Failed password for invalid user plex from 196.251.84.225 port 43196 ssh2
May  6 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28138]: Connection closed by 196.251.84.225 port 43196 [preauth]
May  6 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session closed for user p13x
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: Successful su for rubyman by root
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: + ??? root:rubyman
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339174 of user rubyman.
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28286]: pam_unix(su:session): session closed for user rubyman
May  6 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339174.
May  6 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Invalid user amp from 196.251.84.225
May  6 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: input_userauth_request: invalid user amp [preauth]
May  6 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25410]: pam_unix(cron:session): session closed for user root
May  6 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Failed password for invalid user amp from 196.251.84.225 port 59470 ssh2
May  6 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Connection closed by 196.251.84.225 port 59470 [preauth]
May  6 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session closed for user samftp
May  6 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: Invalid user docker from 196.251.84.225
May  6 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: input_userauth_request: invalid user docker [preauth]
May  6 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: Failed password for invalid user docker from 196.251.84.225 port 50512 ssh2
May  6 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28539]: Connection closed by 196.251.84.225 port 50512 [preauth]
May  6 08:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27350]: pam_unix(cron:session): session closed for user root
May  6 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: Invalid user user01 from 217.160.7.83
May  6 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: input_userauth_request: invalid user user01 [preauth]
May  6 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: Failed password for invalid user user01 from 217.160.7.83 port 43170 ssh2
May  6 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: Received disconnect from 217.160.7.83 port 43170:11: Bye Bye [preauth]
May  6 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28568]: Disconnected from 217.160.7.83 port 43170 [preauth]
May  6 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 08:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Failed password for root from 64.227.136.250 port 39184 ssh2
May  6 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Received disconnect from 64.227.136.250 port 39184:11: Bye Bye [preauth]
May  6 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28578]: Disconnected from 64.227.136.250 port 39184 [preauth]
May  6 08:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: Failed password for root from 196.251.84.225 port 43580 ssh2
May  6 08:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: Connection closed by 196.251.84.225 port 43580 [preauth]
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28646]: pam_unix(cron:session): session closed for user root
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28641]: pam_unix(cron:session): session closed for user p13x
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: Successful su for rubyman by root
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: + ??? root:rubyman
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339179 of user rubyman.
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28709]: pam_unix(su:session): session closed for user rubyman
May  6 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339179.
May  6 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28643]: pam_unix(cron:session): session closed for user root
May  6 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25893]: pam_unix(cron:session): session closed for user root
May  6 08:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28642]: pam_unix(cron:session): session closed for user samftp
May  6 08:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28927]: Failed password for root from 186.233.208.13 port 38166 ssh2
May  6 08:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28927]: Received disconnect from 186.233.208.13 port 38166:11: Bye Bye [preauth]
May  6 08:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28927]: Disconnected from 186.233.208.13 port 38166 [preauth]
May  6 08:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: Invalid user caddy from 196.251.84.225
May  6 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: input_userauth_request: invalid user caddy [preauth]
May  6 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: Failed password for invalid user caddy from 196.251.84.225 port 37282 ssh2
May  6 08:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28968]: Connection closed by 196.251.84.225 port 37282 [preauth]
May  6 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session closed for user root
May  6 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29163]: Invalid user  from 64.62.197.64
May  6 08:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29163]: input_userauth_request: invalid user  [preauth]
May  6 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Invalid user ds from 196.251.84.225
May  6 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: input_userauth_request: invalid user ds [preauth]
May  6 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Failed password for invalid user ds from 196.251.84.225 port 45526 ssh2
May  6 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29163]: Connection closed by 64.62.197.64 port 5249 [preauth]
May  6 08:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Connection closed by 196.251.84.225 port 45526 [preauth]
May  6 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user p13x
May  6 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: Successful su for rubyman by root
May  6 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: + ??? root:rubyman
May  6 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339185 of user rubyman.
May  6 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29248]: pam_unix(su:session): session closed for user rubyman
May  6 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339185.
May  6 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26322]: pam_unix(cron:session): session closed for user root
May  6 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session closed for user samftp
May  6 08:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Invalid user minecraft from 95.216.80.130
May  6 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: input_userauth_request: invalid user minecraft [preauth]
May  6 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130
May  6 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Failed password for invalid user minecraft from 95.216.80.130 port 42998 ssh2
May  6 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Received disconnect from 95.216.80.130 port 42998:11: Bye Bye [preauth]
May  6 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Disconnected from 95.216.80.130 port 42998 [preauth]
May  6 08:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Invalid user palworld from 196.251.84.225
May  6 08:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: input_userauth_request: invalid user palworld [preauth]
May  6 08:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Failed password for invalid user palworld from 196.251.84.225 port 42922 ssh2
May  6 08:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Connection closed by 196.251.84.225 port 42922 [preauth]
May  6 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session closed for user root
May  6 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Invalid user user from 85.208.253.217
May  6 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: input_userauth_request: invalid user user [preauth]
May  6 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Failed password for invalid user user from 85.208.253.217 port 50202 ssh2
May  6 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Received disconnect from 85.208.253.217 port 50202:11: Bye Bye [preauth]
May  6 08:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29539]: Disconnected from 85.208.253.217 port 50202 [preauth]
May  6 08:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: Invalid user mapr from 196.251.84.225
May  6 08:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: input_userauth_request: invalid user mapr [preauth]
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29602]: pam_unix(cron:session): session closed for user p13x
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29667]: Successful su for rubyman by root
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29667]: + ??? root:rubyman
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339188 of user rubyman.
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29667]: pam_unix(su:session): session closed for user rubyman
May  6 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339188.
May  6 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Invalid user hb from 107.175.83.197
May  6 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: input_userauth_request: invalid user hb [preauth]
May  6 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: Failed password for invalid user mapr from 196.251.84.225 port 54060 ssh2
May  6 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29599]: Connection closed by 196.251.84.225 port 54060 [preauth]
May  6 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26837]: pam_unix(cron:session): session closed for user root
May  6 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Failed password for invalid user hb from 107.175.83.197 port 58462 ssh2
May  6 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Received disconnect from 107.175.83.197 port 58462:11: Bye Bye [preauth]
May  6 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29722]: Disconnected from 107.175.83.197 port 58462 [preauth]
May  6 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session closed for user samftp
May  6 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Invalid user solr from 196.251.84.225
May  6 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: input_userauth_request: invalid user solr [preauth]
May  6 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Failed password for invalid user solr from 196.251.84.225 port 47010 ssh2
May  6 08:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Connection closed by 196.251.84.225 port 47010 [preauth]
May  6 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28645]: pam_unix(cron:session): session closed for user root
May  6 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: Invalid user ftpuser1 from 212.33.198.185
May  6 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: input_userauth_request: invalid user ftpuser1 [preauth]
May  6 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185
May  6 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: Failed password for invalid user ftpuser1 from 212.33.198.185 port 43610 ssh2
May  6 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: Received disconnect from 212.33.198.185 port 43610:11: Bye Bye [preauth]
May  6 08:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29962]: Disconnected from 212.33.198.185 port 43610 [preauth]
May  6 08:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: Invalid user nginx from 196.251.84.225
May  6 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: input_userauth_request: invalid user nginx [preauth]
May  6 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: Failed password for invalid user nginx from 196.251.84.225 port 39090 ssh2
May  6 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30005]: Connection closed by 196.251.84.225 port 39090 [preauth]
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user p13x
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: Successful su for rubyman by root
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: + ??? root:rubyman
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339193 of user rubyman.
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30077]: pam_unix(su:session): session closed for user rubyman
May  6 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339193.
May  6 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27349]: pam_unix(cron:session): session closed for user root
May  6 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user samftp
May  6 08:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Failed password for root from 196.251.84.225 port 41008 ssh2
May  6 08:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Connection closed by 196.251.84.225 port 41008 [preauth]
May  6 08:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  6 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Failed password for root from 218.92.0.211 port 58662 ssh2
May  6 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session closed for user root
May  6 08:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Failed password for root from 218.92.0.211 port 58662 ssh2
May  6 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: message repeated 3 times: [ Failed password for root from 218.92.0.211 port 58662 ssh2]
May  6 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 58662 ssh2 [preauth]
May  6 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Disconnecting: Too many authentication failures [preauth]
May  6 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  6 08:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 08:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  6 08:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for root from 218.92.0.211 port 39580 ssh2
May  6 08:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for root from 218.92.0.211 port 39580 ssh2
May  6 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Invalid user jaewon from 46.191.141.152
May  6 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: input_userauth_request: invalid user jaewon [preauth]
May  6 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Invalid user esuser from 196.251.84.225
May  6 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: input_userauth_request: invalid user esuser [preauth]
May  6 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Failed password for invalid user jaewon from 46.191.141.152 port 37615 ssh2
May  6 08:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Received disconnect from 46.191.141.152 port 37615:11: Bye Bye [preauth]
May  6 08:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30401]: Disconnected from 46.191.141.152 port 37615 [preauth]
May  6 08:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Failed password for invalid user esuser from 196.251.84.225 port 57070 ssh2
May  6 08:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for root from 218.92.0.211 port 39580 ssh2
May  6 08:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Connection closed by 196.251.84.225 port 57070 [preauth]
May  6 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for root from 218.92.0.211 port 39580 ssh2
May  6 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user p13x
May  6 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: Successful su for rubyman by root
May  6 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: + ??? root:rubyman
May  6 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339199 of user rubyman.
May  6 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30487]: pam_unix(su:session): session closed for user rubyman
May  6 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339199.
May  6 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27815]: pam_unix(cron:session): session closed for user root
May  6 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for root from 218.92.0.211 port 39580 ssh2
May  6 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user samftp
May  6 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Failed password for root from 218.92.0.211 port 39580 ssh2
May  6 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 39580 ssh2 [preauth]
May  6 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: Disconnecting: Too many authentication failures [preauth]
May  6 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  6 08:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30391]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session closed for user root
May  6 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Invalid user puppet from 196.251.84.225
May  6 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: input_userauth_request: invalid user puppet [preauth]
May  6 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Invalid user admin from 217.160.7.83
May  6 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: input_userauth_request: invalid user admin [preauth]
May  6 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Failed password for invalid user puppet from 196.251.84.225 port 36308 ssh2
May  6 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30711]: Connection closed by 196.251.84.225 port 36308 [preauth]
May  6 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Failed password for invalid user admin from 217.160.7.83 port 34382 ssh2
May  6 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Received disconnect from 217.160.7.83 port 34382:11: Bye Bye [preauth]
May  6 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30780]: Disconnected from 217.160.7.83 port 34382 [preauth]
May  6 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: Invalid user dev from 196.251.84.225
May  6 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: input_userauth_request: invalid user dev [preauth]
May  6 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: Failed password for invalid user dev from 196.251.84.225 port 37096 ssh2
May  6 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30802]: Connection closed by 196.251.84.225 port 37096 [preauth]
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session closed for user root
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30823]: pam_unix(cron:session): session closed for user p13x
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: Successful su for rubyman by root
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: + ??? root:rubyman
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339200 of user rubyman.
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: pam_unix(su:session): session closed for user rubyman
May  6 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339200.
May  6 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30825]: pam_unix(cron:session): session closed for user root
May  6 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user root
May  6 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30824]: pam_unix(cron:session): session closed for user samftp
May  6 08:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Invalid user lhb from 64.227.136.250
May  6 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: input_userauth_request: invalid user lhb [preauth]
May  6 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Failed password for invalid user lhb from 64.227.136.250 port 39100 ssh2
May  6 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Received disconnect from 64.227.136.250 port 39100:11: Bye Bye [preauth]
May  6 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31212]: Disconnected from 64.227.136.250 port 39100 [preauth]
May  6 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Invalid user hadoop from 196.251.84.225
May  6 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: input_userauth_request: invalid user hadoop [preauth]
May  6 08:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Failed password for invalid user hadoop from 196.251.84.225 port 45834 ssh2
May  6 08:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Connection closed by 196.251.84.225 port 45834 [preauth]
May  6 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session closed for user root
May  6 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Invalid user oscar from 196.251.84.225
May  6 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: input_userauth_request: invalid user oscar [preauth]
May  6 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Failed password for invalid user oscar from 196.251.84.225 port 42100 ssh2
May  6 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31342]: Connection closed by 196.251.84.225 port 42100 [preauth]
May  6 08:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Invalid user testftp from 50.235.31.47
May  6 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: input_userauth_request: invalid user testftp [preauth]
May  6 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.80.130  user=root
May  6 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Failed password for invalid user testftp from 50.235.31.47 port 55126 ssh2
May  6 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31358]: Connection closed by 50.235.31.47 port 55126 [preauth]
May  6 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for root from 95.216.80.130 port 50512 ssh2
May  6 08:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Received disconnect from 95.216.80.130 port 50512:11: Bye Bye [preauth]
May  6 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Disconnected from 95.216.80.130 port 50512 [preauth]
May  6 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Invalid user burak from 186.233.208.13
May  6 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: input_userauth_request: invalid user burak [preauth]
May  6 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31371]: pam_unix(cron:session): session closed for user p13x
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Failed password for invalid user burak from 186.233.208.13 port 46498 ssh2
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: Successful su for rubyman by root
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: + ??? root:rubyman
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339206 of user rubyman.
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31437]: pam_unix(su:session): session closed for user rubyman
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339206.
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Received disconnect from 186.233.208.13 port 46498:11: Bye Bye [preauth]
May  6 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31368]: Disconnected from 186.233.208.13 port 46498 [preauth]
May  6 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28644]: pam_unix(cron:session): session closed for user root
May  6 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31372]: pam_unix(cron:session): session closed for user samftp
May  6 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: Failed password for root from 196.251.84.225 port 44400 ssh2
May  6 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31691]: Connection closed by 196.251.84.225 port 44400 [preauth]
May  6 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Invalid user minecraft from 85.208.253.217
May  6 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: input_userauth_request: invalid user minecraft [preauth]
May  6 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user root
May  6 08:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Failed password for invalid user minecraft from 85.208.253.217 port 55870 ssh2
May  6 08:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Received disconnect from 85.208.253.217 port 55870:11: Bye Bye [preauth]
May  6 08:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31725]: Disconnected from 85.208.253.217 port 55870 [preauth]
May  6 08:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 08:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Failed password for root from 107.175.83.197 port 38224 ssh2
May  6 08:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Received disconnect from 107.175.83.197 port 38224:11: Bye Bye [preauth]
May  6 08:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Disconnected from 107.175.83.197 port 38224 [preauth]
May  6 08:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: Invalid user ranger from 196.251.84.225
May  6 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: input_userauth_request: invalid user ranger [preauth]
May  6 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: Failed password for invalid user ranger from 196.251.84.225 port 42492 ssh2
May  6 08:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31789]: Connection closed by 196.251.84.225 port 42492 [preauth]
May  6 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31808]: pam_unix(cron:session): session closed for user p13x
May  6 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31878]: Successful su for rubyman by root
May  6 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31878]: + ??? root:rubyman
May  6 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339211 of user rubyman.
May  6 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31878]: pam_unix(su:session): session closed for user rubyman
May  6 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339211.
May  6 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session closed for user root
May  6 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31809]: pam_unix(cron:session): session closed for user samftp
May  6 08:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: Invalid user uftp from 196.251.84.225
May  6 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: input_userauth_request: invalid user uftp [preauth]
May  6 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: Failed password for invalid user uftp from 196.251.84.225 port 34564 ssh2
May  6 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32389]: Connection closed by 196.251.84.225 port 34564 [preauth]
May  6 08:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Failed password for root from 212.33.198.185 port 58860 ssh2
May  6 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Received disconnect from 212.33.198.185 port 58860:11: Bye Bye [preauth]
May  6 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Disconnected from 212.33.198.185 port 58860 [preauth]
May  6 08:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session closed for user root
May  6 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Invalid user vagrant from 196.251.84.225
May  6 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: input_userauth_request: invalid user vagrant [preauth]
May  6 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Failed password for invalid user vagrant from 196.251.84.225 port 39024 ssh2
May  6 08:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32502]: Connection closed by 196.251.84.225 port 39024 [preauth]
May  6 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user p13x
May  6 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: Successful su for rubyman by root
May  6 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: + ??? root:rubyman
May  6 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339214 of user rubyman.
May  6 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: pam_unix(su:session): session closed for user rubyman
May  6 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339214.
May  6 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29604]: pam_unix(cron:session): session closed for user root
May  6 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session closed for user samftp
May  6 08:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Invalid user ark from 196.251.84.225
May  6 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: input_userauth_request: invalid user ark [preauth]
May  6 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Failed password for invalid user ark from 196.251.84.225 port 48334 ssh2
May  6 08:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Connection closed by 196.251.84.225 port 48334 [preauth]
May  6 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31374]: pam_unix(cron:session): session closed for user root
May  6 08:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for root from 196.251.84.225 port 55052 ssh2
May  6 08:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Connection closed by 196.251.84.225 port 55052 [preauth]
May  6 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[660]: pam_unix(cron:session): session closed for user p13x
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[732]: Successful su for rubyman by root
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[732]: + ??? root:rubyman
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339219 of user rubyman.
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[732]: pam_unix(su:session): session closed for user rubyman
May  6 08:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339219.
May  6 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
May  6 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[661]: pam_unix(cron:session): session closed for user samftp
May  6 08:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Invalid user caddy from 196.251.84.225
May  6 08:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: input_userauth_request: invalid user caddy [preauth]
May  6 08:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Failed password for invalid user caddy from 196.251.84.225 port 45754 ssh2
May  6 08:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[951]: Connection closed by 196.251.84.225 port 45754 [preauth]
May  6 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31813]: pam_unix(cron:session): session closed for user root
May  6 08:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Invalid user ds from 196.251.84.225
May  6 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: input_userauth_request: invalid user ds [preauth]
May  6 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Invalid user development from 46.191.141.152
May  6 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: input_userauth_request: invalid user development [preauth]
May  6 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 08:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Failed password for invalid user ds from 196.251.84.225 port 53964 ssh2
May  6 08:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1078]: Connection closed by 196.251.84.225 port 53964 [preauth]
May  6 08:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1064]: Failed password for invalid user development from 46.191.141.152 port 48734 ssh2
May  6 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Invalid user software from 217.160.7.83
May  6 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: input_userauth_request: invalid user software [preauth]
May  6 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1141]: pam_unix(cron:session): session closed for user root
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1135]: pam_unix(cron:session): session closed for user p13x
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1223]: Successful su for rubyman by root
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1223]: + ??? root:rubyman
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339222 of user rubyman.
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1223]: pam_unix(su:session): session closed for user rubyman
May  6 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339222.
May  6 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Failed password for invalid user software from 217.160.7.83 port 45020 ssh2
May  6 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Received disconnect from 217.160.7.83 port 45020:11: Bye Bye [preauth]
May  6 08:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1132]: Disconnected from 217.160.7.83 port 45020 [preauth]
May  6 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1138]: pam_unix(cron:session): session closed for user root
May  6 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session closed for user root
May  6 08:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: Invalid user palworld from 196.251.84.225
May  6 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: input_userauth_request: invalid user palworld [preauth]
May  6 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1137]: pam_unix(cron:session): session closed for user samftp
May  6 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: Failed password for invalid user palworld from 196.251.84.225 port 41682 ssh2
May  6 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1462]: Connection closed by 196.251.84.225 port 41682 [preauth]
May  6 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32540]: pam_unix(cron:session): session closed for user root
May  6 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Invalid user factorio from 196.251.84.225
May  6 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: input_userauth_request: invalid user factorio [preauth]
May  6 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Failed password for invalid user factorio from 196.251.84.225 port 40066 ssh2
May  6 08:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1579]: Connection closed by 196.251.84.225 port 40066 [preauth]
May  6 08:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Invalid user papa from 64.227.136.250
May  6 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: input_userauth_request: invalid user papa [preauth]
May  6 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Failed password for invalid user papa from 64.227.136.250 port 53972 ssh2
May  6 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Received disconnect from 64.227.136.250 port 53972:11: Bye Bye [preauth]
May  6 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Disconnected from 64.227.136.250 port 53972 [preauth]
May  6 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1655]: pam_unix(cron:session): session closed for user p13x
May  6 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: Successful su for rubyman by root
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: + ??? root:rubyman
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339229 of user rubyman.
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: pam_unix(su:session): session closed for user rubyman
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339229.
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Invalid user ethnode from 196.251.84.225
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: input_userauth_request: invalid user ethnode [preauth]
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Failed password for invalid user ethnode from 196.251.84.225 port 56148 ssh2
May  6 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1708]: Connection closed by 196.251.84.225 port 56148 [preauth]
May  6 08:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30826]: pam_unix(cron:session): session closed for user root
May  6 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1656]: pam_unix(cron:session): session closed for user samftp
May  6 08:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Invalid user dmdba from 107.175.83.197
May  6 08:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: input_userauth_request: invalid user dmdba [preauth]
May  6 08:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197
May  6 08:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Invalid user ansadmin from 85.208.253.217
May  6 08:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: input_userauth_request: invalid user ansadmin [preauth]
May  6 08:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.217
May  6 08:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Failed password for invalid user dmdba from 107.175.83.197 port 46220 ssh2
May  6 08:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Received disconnect from 107.175.83.197 port 46220:11: Bye Bye [preauth]
May  6 08:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2093]: Disconnected from 107.175.83.197 port 46220 [preauth]
May  6 08:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Failed password for invalid user ansadmin from 85.208.253.217 port 44376 ssh2
May  6 08:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Received disconnect from 85.208.253.217 port 44376:11: Bye Bye [preauth]
May  6 08:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Disconnected from 85.208.253.217 port 44376 [preauth]
May  6 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Invalid user gitlab from 196.251.84.225
May  6 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: input_userauth_request: invalid user gitlab [preauth]
May  6 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for invalid user gitlab from 196.251.84.225 port 43380 ssh2
May  6 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Connection closed by 196.251.84.225 port 43380 [preauth]
May  6 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[665]: pam_unix(cron:session): session closed for user root
May  6 08:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Invalid user zeshan from 186.233.208.13
May  6 08:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: input_userauth_request: invalid user zeshan [preauth]
May  6 08:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Failed password for invalid user zeshan from 186.233.208.13 port 49822 ssh2
May  6 08:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Received disconnect from 186.233.208.13 port 49822:11: Bye Bye [preauth]
May  6 08:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2148]: Disconnected from 186.233.208.13 port 49822 [preauth]
May  6 08:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Invalid user sol from 196.251.84.225
May  6 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: input_userauth_request: invalid user sol [preauth]
May  6 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Failed password for invalid user sol from 196.251.84.225 port 38988 ssh2
May  6 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2189]: Connection closed by 196.251.84.225 port 38988 [preauth]
May  6 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session closed for user p13x
May  6 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: Successful su for rubyman by root
May  6 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: + ??? root:rubyman
May  6 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339233 of user rubyman.
May  6 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2263]: pam_unix(su:session): session closed for user rubyman
May  6 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339233.
May  6 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31373]: pam_unix(cron:session): session closed for user root
May  6 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.33.198.185  user=root
May  6 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2202]: pam_unix(cron:session): session closed for user samftp
May  6 08:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2439]: Failed password for root from 212.33.198.185 port 55574 ssh2
May  6 08:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2439]: Received disconnect from 212.33.198.185 port 55574:11: Bye Bye [preauth]
May  6 08:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2439]: Disconnected from 212.33.198.185 port 55574 [preauth]
May  6 08:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 08:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: input_userauth_request: invalid user ftp [preauth]
May  6 08:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  6 08:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: Failed password for invalid user ftp from 196.251.84.225 port 42452 ssh2
May  6 08:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2524]: Connection closed by 196.251.84.225 port 42452 [preauth]
May  6 08:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1140]: pam_unix(cron:session): session closed for user root
May  6 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: Invalid user terraria from 196.251.84.225
May  6 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: input_userauth_request: invalid user terraria [preauth]
May  6 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: Failed password for invalid user terraria from 196.251.84.225 port 33380 ssh2
May  6 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2612]: Connection closed by 196.251.84.225 port 33380 [preauth]
May  6 08:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Failed password for root from 218.92.0.179 port 15874 ssh2
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 15874 ssh2]
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2634]: pam_unix(cron:session): session closed for user p13x
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Received disconnect from 218.92.0.179 port 15874:11:  [preauth]
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: Disconnected from 218.92.0.179 port 15874 [preauth]
May  6 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2623]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2709]: Successful su for rubyman by root
May  6 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2709]: + ??? root:rubyman
May  6 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339236 of user rubyman.
May  6 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2709]: pam_unix(su:session): session closed for user rubyman
May  6 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339236.
May  6 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31812]: pam_unix(cron:session): session closed for user root
May  6 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Invalid user admin1 from 80.94.95.125
May  6 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: input_userauth_request: invalid user admin1 [preauth]
May  6 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for invalid user admin1 from 80.94.95.125 port 16694 ssh2
May  6 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2635]: pam_unix(cron:session): session closed for user samftp
May  6 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for invalid user admin1 from 80.94.95.125 port 16694 ssh2
May  6 08:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for invalid user admin1 from 80.94.95.125 port 16694 ssh2
May  6 08:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for invalid user admin1 from 80.94.95.125 port 16694 ssh2
May  6 08:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for invalid user admin1 from 80.94.95.125 port 16694 ssh2
May  6 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Received disconnect from 80.94.95.125 port 16694:11: Bye [preauth]
May  6 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Disconnected from 80.94.95.125 port 16694 [preauth]
May  6 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 08:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 08:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for root from 196.251.84.225 port 50942 ssh2
May  6 08:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Connection closed by 196.251.84.225 port 50942 [preauth]
May  6 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1658]: pam_unix(cron:session): session closed for user root
May  6 08:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: Invalid user ec2-user from 196.251.84.225
May  6 08:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: input_userauth_request: invalid user ec2-user [preauth]
May  6 08:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: Failed password for invalid user ec2-user from 196.251.84.225 port 39726 ssh2
May  6 08:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3041]: Connection closed by 196.251.84.225 port 39726 [preauth]
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session closed for user p13x
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3123]: Successful su for rubyman by root
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3123]: + ??? root:rubyman
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339242 of user rubyman.
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3123]: pam_unix(su:session): session closed for user rubyman
May  6 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339242.
May  6 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32539]: pam_unix(cron:session): session closed for user root
May  6 08:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3061]: pam_unix(cron:session): session closed for user samftp
May  6 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: Invalid user ubuntu from 196.251.84.225
May  6 08:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: input_userauth_request: invalid user ubuntu [preauth]
May  6 08:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: Failed password for invalid user ubuntu from 196.251.84.225 port 45194 ssh2
May  6 08:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3338]: Connection closed by 196.251.84.225 port 45194 [preauth]
May  6 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2204]: pam_unix(cron:session): session closed for user root
May  6 08:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: input_userauth_request: invalid user www-data [preauth]
May  6 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 08:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Failed password for invalid user www-data from 196.251.84.225 port 46038 ssh2
May  6 08:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Connection closed by 196.251.84.225 port 46038 [preauth]
May  6 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: Invalid user huangjun from 190.103.202.7
May  6 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: input_userauth_request: invalid user huangjun [preauth]
May  6 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: Failed password for invalid user huangjun from 190.103.202.7 port 52158 ssh2
May  6 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3466]: Connection closed by 190.103.202.7 port 52158 [preauth]
May  6 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session closed for user root
May  6 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3498]: pam_unix(cron:session): session closed for user p13x
May  6 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3599]: Successful su for rubyman by root
May  6 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3599]: + ??? root:rubyman
May  6 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339244 of user rubyman.
May  6 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3599]: pam_unix(su:session): session closed for user rubyman
May  6 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339244.
May  6 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3500]: pam_unix(cron:session): session closed for user root
May  6 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[662]: pam_unix(cron:session): session closed for user root
May  6 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3499]: pam_unix(cron:session): session closed for user samftp
May  6 08:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Invalid user himanshu from 190.173.77.226
May  6 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: input_userauth_request: invalid user himanshu [preauth]
May  6 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Failed password for invalid user himanshu from 190.173.77.226 port 61652 ssh2
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Received disconnect from 190.173.77.226 port 61652:11: Bye Bye [preauth]
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Disconnected from 190.173.77.226 port 61652 [preauth]
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Invalid user r from 195.178.110.50
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: input_userauth_request: invalid user r [preauth]
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 08:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Failed password for invalid user r from 195.178.110.50 port 51552 ssh2
May  6 08:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3476]: Connection closed by 195.178.110.50 port 51552 [preauth]
May  6 08:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Invalid user admin from 80.94.95.112
May  6 08:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: input_userauth_request: invalid user admin [preauth]
May  6 08:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 08:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3805]: Connection closed by 46.191.141.152 port 41091 [preauth]
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: Invalid user ts from 196.251.84.225
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: input_userauth_request: invalid user ts [preauth]
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user admin from 80.94.95.112 port 48278 ssh2
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: Failed password for invalid user ts from 196.251.84.225 port 47312 ssh2
May  6 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3831]: Connection closed by 196.251.84.225 port 47312 [preauth]
May  6 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user admin from 80.94.95.112 port 48278 ssh2
May  6 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Failed password for root from 217.160.7.83 port 38680 ssh2
May  6 08:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Received disconnect from 217.160.7.83 port 38680:11: Bye Bye [preauth]
May  6 08:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3833]: Disconnected from 217.160.7.83 port 38680 [preauth]
May  6 08:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user admin from 80.94.95.112 port 48278 ssh2
May  6 08:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user admin from 80.94.95.112 port 48278 ssh2
May  6 08:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Failed password for invalid user admin from 80.94.95.112 port 48278 ssh2
May  6 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Received disconnect from 80.94.95.112 port 48278:11: Bye [preauth]
May  6 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: Disconnected from 80.94.95.112 port 48278 [preauth]
May  6 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3815]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Invalid user 9 from 195.178.110.50
May  6 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: input_userauth_request: invalid user 9 [preauth]
May  6 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 08:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for invalid user 9 from 195.178.110.50 port 51982 ssh2
May  6 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Connection closed by 195.178.110.50 port 51982 [preauth]
May  6 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2637]: pam_unix(cron:session): session closed for user root
May  6 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Invalid user ^ from 195.178.110.50
May  6 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: input_userauth_request: invalid user ^ [preauth]
May  6 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Failed password for invalid user ^ from 195.178.110.50 port 64704 ssh2
May  6 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Failed password for root from 196.251.84.225 port 54120 ssh2
May  6 08:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3942]: Connection closed by 196.251.84.225 port 54120 [preauth]
May  6 08:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Connection closed by 195.178.110.50 port 64704 [preauth]
May  6 08:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: Invalid user % from 195.178.110.50
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: input_userauth_request: invalid user % [preauth]
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user p13x
May  6 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: Successful su for rubyman by root
May  6 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: + ??? root:rubyman
May  6 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339251 of user rubyman.
May  6 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4073]: pam_unix(su:session): session closed for user rubyman
May  6 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339251.
May  6 08:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: Failed password for invalid user % from 195.178.110.50 port 6916 ssh2
May  6 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1139]: pam_unix(cron:session): session closed for user root
May  6 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3958]: Connection closed by 195.178.110.50 port 6916 [preauth]
May  6 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4005]: pam_unix(cron:session): session closed for user samftp
May  6 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4285]: Failed password for root from 107.175.83.197 port 54212 ssh2
May  6 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4285]: Received disconnect from 107.175.83.197 port 54212:11: Bye Bye [preauth]
May  6 08:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4285]: Disconnected from 107.175.83.197 port 54212 [preauth]
May  6 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Invalid user ftpuser from 64.227.136.250
May  6 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: input_userauth_request: invalid user ftpuser [preauth]
May  6 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Failed password for invalid user ftpuser from 64.227.136.250 port 40676 ssh2
May  6 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Received disconnect from 64.227.136.250 port 40676:11: Bye Bye [preauth]
May  6 08:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4375]: Disconnected from 64.227.136.250 port 40676 [preauth]
May  6 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Failed password for root from 196.251.84.225 port 34214 ssh2
May  6 08:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Connection closed by 196.251.84.225 port 34214 [preauth]
May  6 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Invalid user J from 195.178.110.50
May  6 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: input_userauth_request: invalid user J [preauth]
May  6 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 08:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Failed password for invalid user J from 195.178.110.50 port 9086 ssh2
May  6 08:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4284]: Connection closed by 195.178.110.50 port 9086 [preauth]
May  6 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3063]: pam_unix(cron:session): session closed for user root
May  6 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Invalid user jupyter from 196.251.84.225
May  6 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: input_userauth_request: invalid user jupyter [preauth]
May  6 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Failed password for invalid user jupyter from 196.251.84.225 port 41628 ssh2
May  6 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Connection closed by 196.251.84.225 port 41628 [preauth]
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session closed for user p13x
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4643]: Successful su for rubyman by root
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4643]: + ??? root:rubyman
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339255 of user rubyman.
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4643]: pam_unix(su:session): session closed for user rubyman
May  6 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339255.
May  6 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1657]: pam_unix(cron:session): session closed for user root
May  6 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session closed for user samftp
May  6 08:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Invalid user oracle from 196.251.84.225
May  6 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: input_userauth_request: invalid user oracle [preauth]
May  6 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Failed password for invalid user oracle from 196.251.84.225 port 55090 ssh2
May  6 08:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4837]: Connection closed by 196.251.84.225 port 55090 [preauth]
May  6 08:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: Invalid user baba from 186.233.208.13
May  6 08:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: input_userauth_request: invalid user baba [preauth]
May  6 08:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: Failed password for invalid user baba from 186.233.208.13 port 34496 ssh2
May  6 08:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: Received disconnect from 186.233.208.13 port 34496:11: Bye Bye [preauth]
May  6 08:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4904]: Disconnected from 186.233.208.13 port 34496 [preauth]
May  6 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session closed for user root
May  6 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: Failed password for root from 196.251.84.225 port 35346 ssh2
May  6 08:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: Connection closed by 196.251.84.225 port 35346 [preauth]
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session closed for user p13x
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: Successful su for rubyman by root
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: + ??? root:rubyman
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339258 of user rubyman.
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5257]: pam_unix(su:session): session closed for user rubyman
May  6 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339258.
May  6 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2203]: pam_unix(cron:session): session closed for user root
May  6 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5185]: pam_unix(cron:session): session closed for user samftp
May  6 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Failed password for root from 196.251.84.225 port 47356 ssh2
May  6 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Connection closed by 196.251.84.225 port 47356 [preauth]
May  6 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Invalid user shashank from 164.68.105.9
May  6 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: input_userauth_request: invalid user shashank [preauth]
May  6 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 08:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Failed password for invalid user shashank from 164.68.105.9 port 39914 ssh2
May  6 08:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5465]: Connection closed by 164.68.105.9 port 39914 [preauth]
May  6 08:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: Invalid user sftp from 196.251.84.225
May  6 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: input_userauth_request: invalid user sftp [preauth]
May  6 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4007]: pam_unix(cron:session): session closed for user root
May  6 08:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: Failed password for invalid user sftp from 196.251.84.225 port 55948 ssh2
May  6 08:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5539]: Connection closed by 196.251.84.225 port 55948 [preauth]
May  6 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Invalid user redis from 196.251.84.225
May  6 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: input_userauth_request: invalid user redis [preauth]
May  6 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user p13x
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: Successful su for rubyman by root
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: + ??? root:rubyman
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339263 of user rubyman.
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session closed for user rubyman
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339263.
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Failed password for invalid user redis from 196.251.84.225 port 37454 ssh2
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5662]: Connection closed by 196.251.84.225 port 37454 [preauth]
May  6 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user root
May  6 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2636]: pam_unix(cron:session): session closed for user root
May  6 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user samftp
May  6 08:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  6 08:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: Failed password for root from 218.92.0.208 port 45704 ssh2
May  6 08:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6126]: Failed password for root from 218.92.0.208 port 45704 ssh2
May  6 08:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: Invalid user admin from 196.251.84.225
May  6 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: input_userauth_request: invalid user admin [preauth]
May  6 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: Failed password for invalid user admin from 196.251.84.225 port 41910 ssh2
May  6 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6171]: Connection closed by 196.251.84.225 port 41910 [preauth]
May  6 08:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  6 08:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session closed for user root
May  6 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6184]: Failed password for root from 218.92.0.208 port 15760 ssh2
May  6 08:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Failed password for root from 196.251.84.225 port 33062 ssh2
May  6 08:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Connection closed by 196.251.84.225 port 33062 [preauth]
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6282]: pam_unix(cron:session): session closed for user root
May  6 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user p13x
May  6 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6349]: Successful su for rubyman by root
May  6 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6349]: + ??? root:rubyman
May  6 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339269 of user rubyman.
May  6 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6349]: pam_unix(su:session): session closed for user rubyman
May  6 08:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339269.
May  6 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user root
May  6 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3062]: pam_unix(cron:session): session closed for user root
May  6 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session closed for user samftp
May  6 08:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: Invalid user solana from 196.251.84.225
May  6 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: input_userauth_request: invalid user solana [preauth]
May  6 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: Failed password for invalid user solana from 196.251.84.225 port 46070 ssh2
May  6 08:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6591]: Connection closed by 196.251.84.225 port 46070 [preauth]
May  6 08:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.160.7.83  user=root
May  6 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: Failed password for root from 217.160.7.83 port 49154 ssh2
May  6 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: Received disconnect from 217.160.7.83 port 49154:11: Bye Bye [preauth]
May  6 08:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6617]: Disconnected from 217.160.7.83 port 49154 [preauth]
May  6 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session closed for user root
May  6 08:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Failed password for root from 196.251.84.225 port 43016 ssh2
May  6 08:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Connection closed by 196.251.84.225 port 43016 [preauth]
May  6 08:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.175.83.197  user=root
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6720]: pam_unix(cron:session): session closed for user p13x
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Failed password for root from 107.175.83.197 port 33960 ssh2
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Received disconnect from 107.175.83.197 port 33960:11: Bye Bye [preauth]
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Disconnected from 107.175.83.197 port 33960 [preauth]
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6792]: Successful su for rubyman by root
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6792]: + ??? root:rubyman
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339274 of user rubyman.
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6792]: pam_unix(su:session): session closed for user rubyman
May  6 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339274.
May  6 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session closed for user root
May  6 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6721]: pam_unix(cron:session): session closed for user samftp
May  6 08:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Invalid user test from 196.251.84.225
May  6 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: input_userauth_request: invalid user test [preauth]
May  6 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Failed password for invalid user test from 196.251.84.225 port 33166 ssh2
May  6 08:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Connection closed by 196.251.84.225 port 33166 [preauth]
May  6 08:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Invalid user erp from 46.191.141.152
May  6 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: input_userauth_request: invalid user erp [preauth]
May  6 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Failed password for invalid user erp from 46.191.141.152 port 53605 ssh2
May  6 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Received disconnect from 46.191.141.152 port 53605:11: Bye Bye [preauth]
May  6 08:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7135]: Disconnected from 46.191.141.152 port 53605 [preauth]
May  6 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5677]: pam_unix(cron:session): session closed for user root
May  6 08:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Invalid user postgres from 196.251.84.225
May  6 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: input_userauth_request: invalid user postgres [preauth]
May  6 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Failed password for invalid user postgres from 196.251.84.225 port 52052 ssh2
May  6 08:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Connection closed by 196.251.84.225 port 52052 [preauth]
May  6 08:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Invalid user zeshan from 64.227.136.250
May  6 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: input_userauth_request: invalid user zeshan [preauth]
May  6 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Failed password for invalid user zeshan from 64.227.136.250 port 35806 ssh2
May  6 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Received disconnect from 64.227.136.250 port 35806:11: Bye Bye [preauth]
May  6 08:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7242]: Disconnected from 64.227.136.250 port 35806 [preauth]
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7253]: pam_unix(cron:session): session closed for user p13x
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7313]: Successful su for rubyman by root
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7313]: + ??? root:rubyman
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339277 of user rubyman.
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7313]: pam_unix(su:session): session closed for user rubyman
May  6 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339277.
May  6 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4006]: pam_unix(cron:session): session closed for user root
May  6 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7254]: pam_unix(cron:session): session closed for user samftp
May  6 08:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Failed password for root from 196.251.84.225 port 46004 ssh2
May  6 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Connection closed by 196.251.84.225 port 46004 [preauth]
May  6 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6281]: pam_unix(cron:session): session closed for user root
May  6 08:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: Invalid user developer from 196.251.84.225
May  6 08:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: input_userauth_request: invalid user developer [preauth]
May  6 08:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: Failed password for invalid user developer from 196.251.84.225 port 49476 ssh2
May  6 08:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7710]: Connection closed by 196.251.84.225 port 49476 [preauth]
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7776]: pam_unix(cron:session): session closed for user p13x
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: Successful su for rubyman by root
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: + ??? root:rubyman
May  6 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339281 of user rubyman.
May  6 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7840]: pam_unix(su:session): session closed for user rubyman
May  6 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339281.
May  6 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4583]: pam_unix(cron:session): session closed for user root
May  6 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7777]: pam_unix(cron:session): session closed for user samftp
May  6 08:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Invalid user steam from 196.251.84.225
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: input_userauth_request: invalid user steam [preauth]
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Invalid user tri from 186.233.208.13
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: input_userauth_request: invalid user tri [preauth]
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Failed password for invalid user steam from 196.251.84.225 port 60488 ssh2
May  6 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8027]: Connection closed by 196.251.84.225 port 60488 [preauth]
May  6 08:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Failed password for invalid user tri from 186.233.208.13 port 38504 ssh2
May  6 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Received disconnect from 186.233.208.13 port 38504:11: Bye Bye [preauth]
May  6 08:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8029]: Disconnected from 186.233.208.13 port 38504 [preauth]
May  6 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6723]: pam_unix(cron:session): session closed for user root
May  6 08:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: Invalid user app from 196.251.84.225
May  6 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: input_userauth_request: invalid user app [preauth]
May  6 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: Failed password for invalid user app from 196.251.84.225 port 47028 ssh2
May  6 08:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8147]: Connection closed by 196.251.84.225 port 47028 [preauth]
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8207]: pam_unix(cron:session): session closed for user p13x
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8268]: Successful su for rubyman by root
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8268]: + ??? root:rubyman
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339286 of user rubyman.
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8268]: pam_unix(su:session): session closed for user rubyman
May  6 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339286.
May  6 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session closed for user root
May  6 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8208]: pam_unix(cron:session): session closed for user samftp
May  6 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Failed password for root from 196.251.84.225 port 33926 ssh2
May  6 08:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8460]: Connection closed by 196.251.84.225 port 33926 [preauth]
May  6 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7256]: pam_unix(cron:session): session closed for user root
May  6 08:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Invalid user sysadmin from 196.251.84.225
May  6 08:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: input_userauth_request: invalid user sysadmin [preauth]
May  6 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Failed password for invalid user sysadmin from 196.251.84.225 port 60588 ssh2
May  6 08:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8561]: Connection closed by 196.251.84.225 port 60588 [preauth]
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8631]: pam_unix(cron:session): session closed for user root
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8624]: pam_unix(cron:session): session closed for user p13x
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: Successful su for rubyman by root
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: + ??? root:rubyman
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339289 of user rubyman.
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8697]: pam_unix(su:session): session closed for user rubyman
May  6 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339289.
May  6 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8626]: pam_unix(cron:session): session closed for user root
May  6 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session closed for user root
May  6 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8625]: pam_unix(cron:session): session closed for user samftp
May  6 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Failed password for root from 196.251.84.225 port 51118 ssh2
May  6 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Connection closed by 196.251.84.225 port 51118 [preauth]
May  6 08:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: Invalid user bash from 190.173.77.226
May  6 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: input_userauth_request: invalid user bash [preauth]
May  6 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: Failed password for invalid user bash from 190.173.77.226 port 55232 ssh2
May  6 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: Received disconnect from 190.173.77.226 port 55232:11: Bye Bye [preauth]
May  6 08:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8965]: Disconnected from 190.173.77.226 port 55232 [preauth]
May  6 08:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection reset by 218.92.0.252 port 38796 [preauth]
May  6 08:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7779]: pam_unix(cron:session): session closed for user root
May  6 08:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Invalid user elastic from 196.251.84.225
May  6 08:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: input_userauth_request: invalid user elastic [preauth]
May  6 08:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Failed password for invalid user elastic from 196.251.84.225 port 59706 ssh2
May  6 08:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8998]: Connection closed by 196.251.84.225 port 59706 [preauth]
May  6 08:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Invalid user ldap from 196.251.84.225
May  6 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: input_userauth_request: invalid user ldap [preauth]
May  6 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9082]: pam_unix(cron:session): session closed for user p13x
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9247]: Successful su for rubyman by root
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9247]: + ??? root:rubyman
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339296 of user rubyman.
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9247]: pam_unix(su:session): session closed for user rubyman
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339296.
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Failed password for invalid user ldap from 196.251.84.225 port 58946 ssh2
May  6 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9078]: Connection closed by 196.251.84.225 port 58946 [preauth]
May  6 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user root
May  6 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9083]: pam_unix(cron:session): session closed for user samftp
May  6 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Invalid user worker from 196.251.84.225
May  6 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: input_userauth_request: invalid user worker [preauth]
May  6 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Failed password for invalid user worker from 196.251.84.225 port 47534 ssh2
May  6 08:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Connection closed by 196.251.84.225 port 47534 [preauth]
May  6 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8210]: pam_unix(cron:session): session closed for user root
May  6 08:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: Invalid user redis from 196.251.84.225
May  6 08:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: input_userauth_request: invalid user redis [preauth]
May  6 08:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: Failed password for invalid user redis from 196.251.84.225 port 37892 ssh2
May  6 08:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: Connection closed by 196.251.84.225 port 37892 [preauth]
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9614]: pam_unix(cron:session): session closed for user p13x
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9678]: Successful su for rubyman by root
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9678]: + ??? root:rubyman
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339301 of user rubyman.
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9678]: pam_unix(su:session): session closed for user rubyman
May  6 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339301.
May  6 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6722]: pam_unix(cron:session): session closed for user root
May  6 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9615]: pam_unix(cron:session): session closed for user samftp
May  6 08:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Invalid user nginx from 196.251.84.225
May  6 08:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: input_userauth_request: invalid user nginx [preauth]
May  6 08:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Failed password for invalid user nginx from 196.251.84.225 port 36512 ssh2
May  6 08:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9899]: Connection closed by 196.251.84.225 port 36512 [preauth]
May  6 08:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 08:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8629]: pam_unix(cron:session): session closed for user root
May  6 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Failed password for root from 64.227.136.250 port 53260 ssh2
May  6 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Received disconnect from 64.227.136.250 port 53260:11: Bye Bye [preauth]
May  6 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9931]: Disconnected from 64.227.136.250 port 53260 [preauth]
May  6 08:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Invalid user esuser from 196.251.84.225
May  6 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: input_userauth_request: invalid user esuser [preauth]
May  6 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Failed password for invalid user esuser from 196.251.84.225 port 59488 ssh2
May  6 08:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Connection closed by 196.251.84.225 port 59488 [preauth]
May  6 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10023]: pam_unix(cron:session): session closed for user p13x
May  6 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10089]: Successful su for rubyman by root
May  6 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10089]: + ??? root:rubyman
May  6 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339303 of user rubyman.
May  6 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10089]: pam_unix(su:session): session closed for user rubyman
May  6 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339303.
May  6 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7255]: pam_unix(cron:session): session closed for user root
May  6 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10024]: pam_unix(cron:session): session closed for user samftp
May  6 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Invalid user odoo from 196.251.84.225
May  6 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: input_userauth_request: invalid user odoo [preauth]
May  6 08:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Failed password for invalid user odoo from 196.251.84.225 port 38298 ssh2
May  6 08:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Connection closed by 196.251.84.225 port 38298 [preauth]
May  6 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session closed for user root
May  6 08:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: Invalid user appuser from 196.251.84.225
May  6 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: input_userauth_request: invalid user appuser [preauth]
May  6 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: Failed password for invalid user appuser from 196.251.84.225 port 35234 ssh2
May  6 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10493]: Connection closed by 196.251.84.225 port 35234 [preauth]
May  6 08:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Invalid user usertest from 186.233.208.13
May  6 08:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: input_userauth_request: invalid user usertest [preauth]
May  6 08:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 08:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Failed password for invalid user usertest from 186.233.208.13 port 51380 ssh2
May  6 08:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Received disconnect from 186.233.208.13 port 51380:11: Bye Bye [preauth]
May  6 08:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10514]: Disconnected from 186.233.208.13 port 51380 [preauth]
May  6 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10528]: pam_unix(cron:session): session closed for user p13x
May  6 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10595]: Successful su for rubyman by root
May  6 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10595]: + ??? root:rubyman
May  6 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339309 of user rubyman.
May  6 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10595]: pam_unix(su:session): session closed for user rubyman
May  6 08:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339309.
May  6 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7778]: pam_unix(cron:session): session closed for user root
May  6 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10529]: pam_unix(cron:session): session closed for user samftp
May  6 08:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Invalid user lighthouse from 196.251.84.225
May  6 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: input_userauth_request: invalid user lighthouse [preauth]
May  6 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Failed password for invalid user lighthouse from 196.251.84.225 port 58308 ssh2
May  6 08:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Connection closed by 196.251.84.225 port 58308 [preauth]
May  6 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session closed for user root
May  6 08:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Invalid user steam from 196.251.84.225
May  6 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: input_userauth_request: invalid user steam [preauth]
May  6 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Failed password for invalid user steam from 196.251.84.225 port 59206 ssh2
May  6 08:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Connection closed by 196.251.84.225 port 59206 [preauth]
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10997]: pam_unix(cron:session): session closed for user root
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10992]: pam_unix(cron:session): session closed for user p13x
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11065]: Successful su for rubyman by root
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11065]: + ??? root:rubyman
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339316 of user rubyman.
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11065]: pam_unix(su:session): session closed for user rubyman
May  6 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339316.
May  6 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10994]: pam_unix(cron:session): session closed for user root
May  6 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8209]: pam_unix(cron:session): session closed for user root
May  6 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10993]: pam_unix(cron:session): session closed for user samftp
May  6 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Failed password for root from 196.251.84.225 port 52850 ssh2
May  6 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11167]: Connection closed by 196.251.84.225 port 52850 [preauth]
May  6 08:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10027]: pam_unix(cron:session): session closed for user root
May  6 08:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Failed password for root from 196.251.84.225 port 43294 ssh2
May  6 08:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Connection closed by 196.251.84.225 port 43294 [preauth]
May  6 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: Invalid user ubuntu from 196.251.84.225
May  6 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: input_userauth_request: invalid user ubuntu [preauth]
May  6 08:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session closed for user p13x
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: Successful su for rubyman by root
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: + ??? root:rubyman
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339318 of user rubyman.
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: pam_unix(su:session): session closed for user rubyman
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339318.
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: Failed password for invalid user ubuntu from 196.251.84.225 port 44264 ssh2
May  6 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11408]: Connection closed by 196.251.84.225 port 44264 [preauth]
May  6 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8627]: pam_unix(cron:session): session closed for user root
May  6 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user samftp
May  6 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: Invalid user lsb from 196.251.84.225
May  6 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: input_userauth_request: invalid user lsb [preauth]
May  6 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: Failed password for invalid user lsb from 196.251.84.225 port 60346 ssh2
May  6 08:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11739]: Connection closed by 196.251.84.225 port 60346 [preauth]
May  6 08:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10531]: pam_unix(cron:session): session closed for user root
May  6 08:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Invalid user ssa from 190.173.77.226
May  6 08:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: input_userauth_request: invalid user ssa [preauth]
May  6 08:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 08:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Failed password for invalid user ssa from 190.173.77.226 port 36922 ssh2
May  6 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Received disconnect from 190.173.77.226 port 36922:11: Bye Bye [preauth]
May  6 08:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11788]: Disconnected from 190.173.77.226 port 36922 [preauth]
May  6 08:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Invalid user test from 196.251.84.225
May  6 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: input_userauth_request: invalid user test [preauth]
May  6 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Failed password for invalid user test from 196.251.84.225 port 40738 ssh2
May  6 08:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11820]: Connection closed by 196.251.84.225 port 40738 [preauth]
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session closed for user p13x
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11892]: Successful su for rubyman by root
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11892]: + ??? root:rubyman
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339322 of user rubyman.
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11892]: pam_unix(su:session): session closed for user rubyman
May  6 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339322.
May  6 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9084]: pam_unix(cron:session): session closed for user root
May  6 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user samftp
May  6 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Invalid user kodi from 196.251.84.225
May  6 08:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: input_userauth_request: invalid user kodi [preauth]
May  6 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Failed password for invalid user kodi from 196.251.84.225 port 45408 ssh2
May  6 08:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12106]: Connection closed by 196.251.84.225 port 45408 [preauth]
May  6 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10996]: pam_unix(cron:session): session closed for user root
May  6 08:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Invalid user caddy from 196.251.84.225
May  6 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: input_userauth_request: invalid user caddy [preauth]
May  6 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Failed password for invalid user caddy from 196.251.84.225 port 39064 ssh2
May  6 08:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12202]: Connection closed by 196.251.84.225 port 39064 [preauth]
May  6 08:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12224]: pam_unix(cron:session): session closed for user p13x
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Invalid user profesor from 64.227.136.250
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: input_userauth_request: invalid user profesor [preauth]
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12292]: Successful su for rubyman by root
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12292]: + ??? root:rubyman
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339325 of user rubyman.
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12292]: pam_unix(su:session): session closed for user rubyman
May  6 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339325.
May  6 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session closed for user root
May  6 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Failed password for invalid user profesor from 64.227.136.250 port 60700 ssh2
May  6 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Received disconnect from 64.227.136.250 port 60700:11: Bye Bye [preauth]
May  6 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12213]: Disconnected from 64.227.136.250 port 60700 [preauth]
May  6 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session closed for user samftp
May  6 08:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Invalid user ampache from 196.251.84.225
May  6 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: input_userauth_request: invalid user ampache [preauth]
May  6 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Failed password for invalid user ampache from 196.251.84.225 port 57350 ssh2
May  6 08:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12512]: Connection closed by 196.251.84.225 port 57350 [preauth]
May  6 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session closed for user root
May  6 08:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Invalid user amandabackup from 196.251.84.225
May  6 08:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: input_userauth_request: invalid user amandabackup [preauth]
May  6 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Failed password for invalid user amandabackup from 196.251.84.225 port 52206 ssh2
May  6 08:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12602]: Connection closed by 196.251.84.225 port 52206 [preauth]
May  6 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user p13x
May  6 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: Successful su for rubyman by root
May  6 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: + ??? root:rubyman
May  6 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339330 of user rubyman.
May  6 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12687]: pam_unix(su:session): session closed for user rubyman
May  6 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339330.
May  6 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10026]: pam_unix(cron:session): session closed for user root
May  6 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user samftp
May  6 08:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Invalid user ubuntu from 196.251.84.225
May  6 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: input_userauth_request: invalid user ubuntu [preauth]
May  6 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Failed password for invalid user ubuntu from 196.251.84.225 port 38298 ssh2
May  6 08:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Connection closed by 196.251.84.225 port 38298 [preauth]
May  6 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session closed for user root
May  6 08:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Invalid user test from 196.251.84.225
May  6 08:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: input_userauth_request: invalid user test [preauth]
May  6 08:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for invalid user test from 196.251.84.225 port 57844 ssh2
May  6 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Connection closed by 196.251.84.225 port 57844 [preauth]
May  6 08:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Failed password for root from 186.233.208.13 port 54962 ssh2
May  6 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Received disconnect from 186.233.208.13 port 54962:11: Bye Bye [preauth]
May  6 08:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Disconnected from 186.233.208.13 port 54962 [preauth]
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13025]: pam_unix(cron:session): session closed for user root
May  6 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session closed for user p13x
May  6 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13093]: Successful su for rubyman by root
May  6 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13093]: + ??? root:rubyman
May  6 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339336 of user rubyman.
May  6 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13093]: pam_unix(su:session): session closed for user rubyman
May  6 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339336.
May  6 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13022]: pam_unix(cron:session): session closed for user root
May  6 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10530]: pam_unix(cron:session): session closed for user root
May  6 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13021]: pam_unix(cron:session): session closed for user samftp
May  6 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: Invalid user ubuntu from 196.251.84.225
May  6 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: input_userauth_request: invalid user ubuntu [preauth]
May  6 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: Failed password for invalid user ubuntu from 196.251.84.225 port 43418 ssh2
May  6 08:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13303]: Connection closed by 196.251.84.225 port 43418 [preauth]
May  6 08:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: Failed password for root from 218.92.0.207 port 17970 ssh2
May  6 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 17970 ssh2]
May  6 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 17970 ssh2 [preauth]
May  6 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: Disconnecting: Too many authentication failures [preauth]
May  6 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13302]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 08:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session closed for user root
May  6 08:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Failed password for root from 196.251.84.225 port 56960 ssh2
May  6 08:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13397]: Connection closed by 196.251.84.225 port 56960 [preauth]
May  6 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13550]: pam_unix(cron:session): session closed for user p13x
May  6 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13623]: Successful su for rubyman by root
May  6 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13623]: + ??? root:rubyman
May  6 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339341 of user rubyman.
May  6 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13623]: pam_unix(su:session): session closed for user rubyman
May  6 08:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339341.
May  6 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10995]: pam_unix(cron:session): session closed for user root
May  6 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13551]: pam_unix(cron:session): session closed for user samftp
May  6 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Invalid user ftpuser from 196.251.84.225
May  6 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: input_userauth_request: invalid user ftpuser [preauth]
May  6 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Failed password for invalid user ftpuser from 196.251.84.225 port 39894 ssh2
May  6 08:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13805]: Connection closed by 196.251.84.225 port 39894 [preauth]
May  6 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12632]: pam_unix(cron:session): session closed for user root
May  6 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Invalid user redis from 196.251.84.225
May  6 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: input_userauth_request: invalid user redis [preauth]
May  6 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Failed password for invalid user redis from 196.251.84.225 port 35570 ssh2
May  6 08:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13887]: Connection closed by 196.251.84.225 port 35570 [preauth]
May  6 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session closed for user p13x
May  6 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14039]: Successful su for rubyman by root
May  6 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14039]: + ??? root:rubyman
May  6 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339343 of user rubyman.
May  6 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14039]: pam_unix(su:session): session closed for user rubyman
May  6 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339343.
May  6 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user root
May  6 08:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session closed for user samftp
May  6 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Invalid user wang from 196.251.84.225
May  6 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: input_userauth_request: invalid user wang [preauth]
May  6 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for invalid user wang from 196.251.84.225 port 59954 ssh2
May  6 08:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 196.251.84.225 port 59954 [preauth]
May  6 08:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Failed password for root from 193.70.84.184 port 37500 ssh2
May  6 08:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14254]: Connection closed by 193.70.84.184 port 37500 [preauth]
May  6 08:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13024]: pam_unix(cron:session): session closed for user root
May  6 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: Invalid user admin from 196.251.84.225
May  6 08:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: input_userauth_request: invalid user admin [preauth]
May  6 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: Failed password for invalid user admin from 196.251.84.225 port 58978 ssh2
May  6 08:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14288]: Connection closed by 196.251.84.225 port 58978 [preauth]
May  6 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session closed for user p13x
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Invalid user amp from 196.251.84.225
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: input_userauth_request: invalid user amp [preauth]
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14439]: Successful su for rubyman by root
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14439]: + ??? root:rubyman
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339347 of user rubyman.
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14439]: pam_unix(su:session): session closed for user rubyman
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339347.
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user root
May  6 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Failed password for invalid user amp from 196.251.84.225 port 37562 ssh2
May  6 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Connection closed by 196.251.84.225 port 37562 [preauth]
May  6 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user samftp
May  6 08:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Invalid user test4 from 190.173.77.226
May  6 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: input_userauth_request: invalid user test4 [preauth]
May  6 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Failed password for invalid user test4 from 190.173.77.226 port 51530 ssh2
May  6 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Received disconnect from 190.173.77.226 port 51530:11: Bye Bye [preauth]
May  6 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14666]: Disconnected from 190.173.77.226 port 51530 [preauth]
May  6 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Invalid user terraria from 196.251.84.225
May  6 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: input_userauth_request: invalid user terraria [preauth]
May  6 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Failed password for invalid user terraria from 196.251.84.225 port 44616 ssh2
May  6 08:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Connection closed by 196.251.84.225 port 44616 [preauth]
May  6 08:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Invalid user zqliu from 64.227.136.250
May  6 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: input_userauth_request: invalid user zqliu [preauth]
May  6 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13554]: pam_unix(cron:session): session closed for user root
May  6 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Failed password for invalid user zqliu from 64.227.136.250 port 47514 ssh2
May  6 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Received disconnect from 64.227.136.250 port 47514:11: Bye Bye [preauth]
May  6 08:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Disconnected from 64.227.136.250 port 47514 [preauth]
May  6 08:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Invalid user cadmin from 46.244.96.25
May  6 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: input_userauth_request: invalid user cadmin [preauth]
May  6 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Failed password for invalid user cadmin from 46.244.96.25 port 42752 ssh2
May  6 08:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Connection closed by 46.244.96.25 port 42752 [preauth]
May  6 08:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: Invalid user nagios from 196.251.84.225
May  6 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: input_userauth_request: invalid user nagios [preauth]
May  6 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: Failed password for invalid user nagios from 196.251.84.225 port 58960 ssh2
May  6 08:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14780]: Connection closed by 196.251.84.225 port 58960 [preauth]
May  6 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session closed for user p13x
May  6 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: Successful su for rubyman by root
May  6 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: + ??? root:rubyman
May  6 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339351 of user rubyman.
May  6 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: pam_unix(su:session): session closed for user rubyman
May  6 08:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339351.
May  6 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session closed for user root
May  6 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user samftp
May  6 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Invalid user es from 196.251.84.225
May  6 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: input_userauth_request: invalid user es [preauth]
May  6 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: pam_unix(sshd:auth): check pass; user unknown
May  6 08:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 08:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Failed password for invalid user es from 196.251.84.225 port 41136 ssh2
May  6 08:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15083]: Connection closed by 196.251.84.225 port 41136 [preauth]
May  6 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user root
May  6 08:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 08:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Failed password for root from 196.251.84.225 port 35010 ssh2
May  6 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Connection closed by 196.251.84.225 port 35010 [preauth]
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session closed for user root
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15206]: pam_unix(cron:session): session closed for user root
May  6 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user p13x
May  6 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: Successful su for rubyman by root
May  6 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: + ??? root:rubyman
May  6 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339359 of user rubyman.
May  6 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15293]: pam_unix(su:session): session closed for user rubyman
May  6 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339359.
May  6 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12631]: pam_unix(cron:session): session closed for user root
May  6 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15203]: pam_unix(cron:session): session closed for user root
May  6 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session closed for user samftp
May  6 09:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Invalid user ark from 196.251.84.225
May  6 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: input_userauth_request: invalid user ark [preauth]
May  6 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Failed password for invalid user ark from 196.251.84.225 port 59290 ssh2
May  6 09:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Connection closed by 196.251.84.225 port 59290 [preauth]
May  6 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Invalid user profesor from 186.233.208.13
May  6 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: input_userauth_request: invalid user profesor [preauth]
May  6 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Failed password for invalid user profesor from 186.233.208.13 port 43644 ssh2
May  6 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Received disconnect from 186.233.208.13 port 43644:11: Bye Bye [preauth]
May  6 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15573]: Disconnected from 186.233.208.13 port 43644 [preauth]
May  6 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14383]: pam_unix(cron:session): session closed for user root
May  6 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: Invalid user elastic from 196.251.84.225
May  6 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: input_userauth_request: invalid user elastic [preauth]
May  6 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: Failed password for invalid user elastic from 196.251.84.225 port 51330 ssh2
May  6 09:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15662]: Connection closed by 196.251.84.225 port 51330 [preauth]
May  6 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session closed for user p13x
May  6 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: Successful su for rubyman by root
May  6 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: + ??? root:rubyman
May  6 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339364 of user rubyman.
May  6 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: pam_unix(su:session): session closed for user rubyman
May  6 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339364.
May  6 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13023]: pam_unix(cron:session): session closed for user root
May  6 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session closed for user samftp
May  6 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Invalid user zookeeper from 196.251.84.225
May  6 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: input_userauth_request: invalid user zookeeper [preauth]
May  6 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Failed password for invalid user zookeeper from 196.251.84.225 port 46340 ssh2
May  6 09:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15970]: Connection closed by 196.251.84.225 port 46340 [preauth]
May  6 09:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14794]: pam_unix(cron:session): session closed for user root
May  6 09:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: Invalid user dst from 196.251.84.225
May  6 09:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: input_userauth_request: invalid user dst [preauth]
May  6 09:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: Failed password for invalid user dst from 196.251.84.225 port 47250 ssh2
May  6 09:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16057]: Connection closed by 196.251.84.225 port 47250 [preauth]
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session closed for user p13x
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16153]: Successful su for rubyman by root
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16153]: + ??? root:rubyman
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339366 of user rubyman.
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16153]: pam_unix(su:session): session closed for user rubyman
May  6 09:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339366.
May  6 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13552]: pam_unix(cron:session): session closed for user root
May  6 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session closed for user samftp
May  6 09:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Invalid user jahan from 180.253.167.74
May  6 09:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: input_userauth_request: invalid user jahan [preauth]
May  6 09:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Failed password for invalid user jahan from 180.253.167.74 port 36026 ssh2
May  6 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Received disconnect from 180.253.167.74 port 36026:11: Bye Bye [preauth]
May  6 09:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16315]: Disconnected from 180.253.167.74 port 36026 [preauth]
May  6 09:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Invalid user latitude from 196.251.84.225
May  6 09:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: input_userauth_request: invalid user latitude [preauth]
May  6 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Failed password for invalid user latitude from 196.251.84.225 port 60998 ssh2
May  6 09:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16338]: Connection closed by 196.251.84.225 port 60998 [preauth]
May  6 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15205]: pam_unix(cron:session): session closed for user root
May  6 09:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Invalid user dolphin from 196.251.84.225
May  6 09:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: input_userauth_request: invalid user dolphin [preauth]
May  6 09:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Failed password for invalid user dolphin from 196.251.84.225 port 39968 ssh2
May  6 09:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16427]: Connection closed by 196.251.84.225 port 39968 [preauth]
May  6 09:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session closed for user p13x
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: Successful su for rubyman by root
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: + ??? root:rubyman
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339371 of user rubyman.
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session closed for user rubyman
May  6 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339371.
May  6 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user root
May  6 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session closed for user samftp
May  6 09:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Invalid user sol from 196.251.84.225
May  6 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: input_userauth_request: invalid user sol [preauth]
May  6 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Failed password for invalid user sol from 196.251.84.225 port 52730 ssh2
May  6 09:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Connection closed by 196.251.84.225 port 52730 [preauth]
May  6 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15698]: pam_unix(cron:session): session closed for user root
May  6 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Invalid user vbox from 196.251.84.225
May  6 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: input_userauth_request: invalid user vbox [preauth]
May  6 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for invalid user vbox from 196.251.84.225 port 46828 ssh2
May  6 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Connection closed by 196.251.84.225 port 46828 [preauth]
May  6 09:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Failed password for root from 218.92.0.179 port 18449 ssh2
May  6 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18449 ssh2]
May  6 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Received disconnect from 218.92.0.179 port 18449:11:  [preauth]
May  6 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Disconnected from 218.92.0.179 port 18449 [preauth]
May  6 09:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session closed for user p13x
May  6 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17038]: Successful su for rubyman by root
May  6 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17038]: + ??? root:rubyman
May  6 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339374 of user rubyman.
May  6 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17038]: pam_unix(su:session): session closed for user rubyman
May  6 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339374.
May  6 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session closed for user root
May  6 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session closed for user samftp
May  6 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Failed password for root from 196.251.84.225 port 55488 ssh2
May  6 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17151]: Connection closed by 196.251.84.225 port 55488 [preauth]
May  6 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 09:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for root from 64.227.136.250 port 45464 ssh2
May  6 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Received disconnect from 64.227.136.250 port 45464:11: Bye Bye [preauth]
May  6 09:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Disconnected from 64.227.136.250 port 45464 [preauth]
May  6 09:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Invalid user jito-validator from 196.251.84.225
May  6 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: input_userauth_request: invalid user jito-validator [preauth]
May  6 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Failed password for invalid user jito-validator from 196.251.84.225 port 56458 ssh2
May  6 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session closed for user root
May  6 09:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Connection closed by 196.251.84.225 port 56458 [preauth]
May  6 09:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Invalid user danya from 190.173.77.226
May  6 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: input_userauth_request: invalid user danya [preauth]
May  6 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Failed password for invalid user danya from 190.173.77.226 port 55112 ssh2
May  6 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Received disconnect from 190.173.77.226 port 55112:11: Bye Bye [preauth]
May  6 09:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Disconnected from 190.173.77.226 port 55112 [preauth]
May  6 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Invalid user steam from 196.251.84.225
May  6 09:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: input_userauth_request: invalid user steam [preauth]
May  6 09:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for invalid user steam from 196.251.84.225 port 52454 ssh2
May  6 09:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Connection closed by 196.251.84.225 port 52454 [preauth]
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17386]: pam_unix(cron:session): session closed for user root
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session closed for user p13x
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17453]: Successful su for rubyman by root
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17453]: + ??? root:rubyman
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339382 of user rubyman.
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17453]: pam_unix(su:session): session closed for user rubyman
May  6 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339382.
May  6 09:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session closed for user root
May  6 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session closed for user root
May  6 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session closed for user samftp
May  6 09:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Failed password for root from 196.251.84.225 port 46336 ssh2
May  6 09:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Connection closed by 196.251.84.225 port 46336 [preauth]
May  6 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user root
May  6 09:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Invalid user oracle from 196.251.84.225
May  6 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: input_userauth_request: invalid user oracle [preauth]
May  6 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Failed password for invalid user oracle from 196.251.84.225 port 49888 ssh2
May  6 09:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Connection closed by 196.251.84.225 port 49888 [preauth]
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17943]: pam_unix(cron:session): session closed for user p13x
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18018]: Successful su for rubyman by root
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18018]: + ??? root:rubyman
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339385 of user rubyman.
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18018]: pam_unix(su:session): session closed for user rubyman
May  6 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339385.
May  6 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15204]: pam_unix(cron:session): session closed for user root
May  6 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session closed for user samftp
May  6 09:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Invalid user zqliu from 186.233.208.13
May  6 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: input_userauth_request: invalid user zqliu [preauth]
May  6 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Failed password for invalid user zqliu from 186.233.208.13 port 57892 ssh2
May  6 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Received disconnect from 186.233.208.13 port 57892:11: Bye Bye [preauth]
May  6 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Disconnected from 186.233.208.13 port 57892 [preauth]
May  6 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Invalid user nexus from 196.251.84.225
May  6 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: input_userauth_request: invalid user nexus [preauth]
May  6 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Failed password for invalid user nexus from 196.251.84.225 port 51930 ssh2
May  6 09:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Connection closed by 196.251.84.225 port 51930 [preauth]
May  6 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session closed for user root
May  6 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: Failed password for root from 196.251.84.225 port 44056 ssh2
May  6 09:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18348]: Connection closed by 196.251.84.225 port 44056 [preauth]
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session closed for user p13x
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: Successful su for rubyman by root
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: + ??? root:rubyman
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339388 of user rubyman.
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18442]: pam_unix(su:session): session closed for user rubyman
May  6 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339388.
May  6 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session closed for user root
May  6 09:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18374]: pam_unix(cron:session): session closed for user samftp
May  6 09:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: Failed password for root from 196.251.84.225 port 34094 ssh2
May  6 09:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18653]: Connection closed by 196.251.84.225 port 34094 [preauth]
May  6 09:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session closed for user root
May  6 09:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Invalid user ranger from 196.251.84.225
May  6 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: input_userauth_request: invalid user ranger [preauth]
May  6 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Failed password for invalid user ranger from 196.251.84.225 port 41360 ssh2
May  6 09:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Connection closed by 196.251.84.225 port 41360 [preauth]
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18793]: pam_unix(cron:session): session closed for user p13x
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18856]: Successful su for rubyman by root
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18856]: + ??? root:rubyman
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339393 of user rubyman.
May  6 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18856]: pam_unix(su:session): session closed for user rubyman
May  6 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339393.
May  6 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user root
May  6 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18794]: pam_unix(cron:session): session closed for user samftp
May  6 09:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Invalid user ubuntu from 196.251.84.225
May  6 09:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Failed password for invalid user ubuntu from 196.251.84.225 port 51472 ssh2
May  6 09:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Connection closed by 196.251.84.225 port 51472 [preauth]
May  6 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session closed for user root
May  6 09:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: Invalid user elsearch from 196.251.84.225
May  6 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: input_userauth_request: invalid user elsearch [preauth]
May  6 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: Failed password for invalid user elsearch from 196.251.84.225 port 33750 ssh2
May  6 09:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19146]: Connection closed by 196.251.84.225 port 33750 [preauth]
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session closed for user p13x
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: Successful su for rubyman by root
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: + ??? root:rubyman
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339396 of user rubyman.
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19328]: pam_unix(su:session): session closed for user rubyman
May  6 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339396.
May  6 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session closed for user root
May  6 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user root
May  6 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user samftp
May  6 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: Invalid user es from 196.251.84.225
May  6 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: input_userauth_request: invalid user es [preauth]
May  6 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: Failed password for invalid user es from 196.251.84.225 port 46608 ssh2
May  6 09:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19539]: Connection closed by 196.251.84.225 port 46608 [preauth]
May  6 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18376]: pam_unix(cron:session): session closed for user root
May  6 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: Invalid user dev from 196.251.84.225
May  6 09:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: input_userauth_request: invalid user dev [preauth]
May  6 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: Failed password for invalid user dev from 196.251.84.225 port 44814 ssh2
May  6 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19655]: Connection closed by 196.251.84.225 port 44814 [preauth]
May  6 09:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Invalid user admin from 80.94.95.112
May  6 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: input_userauth_request: invalid user admin [preauth]
May  6 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Invalid user usertest from 64.227.136.250
May  6 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: input_userauth_request: invalid user usertest [preauth]
May  6 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 09:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user admin from 80.94.95.112 port 50182 ssh2
May  6 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Failed password for invalid user usertest from 64.227.136.250 port 58366 ssh2
May  6 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Received disconnect from 64.227.136.250 port 58366:11: Bye Bye [preauth]
May  6 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19705]: Disconnected from 64.227.136.250 port 58366 [preauth]
May  6 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user admin from 80.94.95.112 port 50182 ssh2
May  6 09:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user root
May  6 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19716]: pam_unix(cron:session): session closed for user p13x
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19786]: Successful su for rubyman by root
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19786]: + ??? root:rubyman
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339403 of user rubyman.
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19786]: pam_unix(su:session): session closed for user rubyman
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339403.
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user admin from 80.94.95.112 port 50182 ssh2
May  6 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user admin from 80.94.95.112 port 50182 ssh2
May  6 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19718]: pam_unix(cron:session): session closed for user root
May  6 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session closed for user root
May  6 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for invalid user admin from 80.94.95.112 port 50182 ssh2
May  6 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19717]: pam_unix(cron:session): session closed for user samftp
May  6 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Received disconnect from 80.94.95.112 port 50182:11: Bye [preauth]
May  6 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Disconnected from 80.94.95.112 port 50182 [preauth]
May  6 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 09:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: Invalid user puppet from 196.251.84.225
May  6 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: input_userauth_request: invalid user puppet [preauth]
May  6 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: Failed password for invalid user puppet from 196.251.84.225 port 33922 ssh2
May  6 09:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20007]: Connection closed by 196.251.84.225 port 33922 [preauth]
May  6 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Invalid user hussain from 180.253.167.74
May  6 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: input_userauth_request: invalid user hussain [preauth]
May  6 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Failed password for invalid user hussain from 180.253.167.74 port 59269 ssh2
May  6 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Received disconnect from 180.253.167.74 port 59269:11: Bye Bye [preauth]
May  6 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20043]: Disconnected from 180.253.167.74 port 59269 [preauth]
May  6 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session closed for user root
May  6 09:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Invalid user azureuser from 196.251.84.225
May  6 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: input_userauth_request: invalid user azureuser [preauth]
May  6 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Failed password for invalid user azureuser from 196.251.84.225 port 54856 ssh2
May  6 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Connection closed by 196.251.84.225 port 54856 [preauth]
May  6 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20160]: pam_unix(cron:session): session closed for user p13x
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: Successful su for rubyman by root
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: + ??? root:rubyman
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339408 of user rubyman.
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20228]: pam_unix(su:session): session closed for user rubyman
May  6 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339408.
May  6 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session closed for user root
May  6 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20161]: pam_unix(cron:session): session closed for user samftp
May  6 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Invalid user gitlab from 196.251.84.225
May  6 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: input_userauth_request: invalid user gitlab [preauth]
May  6 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Failed password for invalid user gitlab from 196.251.84.225 port 45474 ssh2
May  6 09:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20406]: Connection closed by 196.251.84.225 port 45474 [preauth]
May  6 09:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Invalid user zone from 190.173.77.226
May  6 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: input_userauth_request: invalid user zone [preauth]
May  6 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Failed password for invalid user zone from 190.173.77.226 port 51722 ssh2
May  6 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Received disconnect from 190.173.77.226 port 51722:11: Bye Bye [preauth]
May  6 09:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20474]: Disconnected from 190.173.77.226 port 51722 [preauth]
May  6 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session closed for user root
May  6 09:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Invalid user gitlab-psql from 196.251.84.225
May  6 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: input_userauth_request: invalid user gitlab-psql [preauth]
May  6 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Failed password for invalid user gitlab-psql from 196.251.84.225 port 58724 ssh2
May  6 09:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20516]: Connection closed by 196.251.84.225 port 58724 [preauth]
May  6 09:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Invalid user administrator from 80.94.95.125
May  6 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: input_userauth_request: invalid user administrator [preauth]
May  6 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 09:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for invalid user administrator from 80.94.95.125 port 48857 ssh2
May  6 09:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for invalid user administrator from 80.94.95.125 port 48857 ssh2
May  6 09:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Invalid user lhb from 186.233.208.13
May  6 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: input_userauth_request: invalid user lhb [preauth]
May  6 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for invalid user administrator from 80.94.95.125 port 48857 ssh2
May  6 09:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for invalid user lhb from 186.233.208.13 port 41098 ssh2
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Received disconnect from 186.233.208.13 port 41098:11: Bye Bye [preauth]
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Disconnected from 186.233.208.13 port 41098 [preauth]
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for invalid user administrator from 80.94.95.125 port 48857 ssh2
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20579]: pam_unix(cron:session): session closed for user p13x
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: Successful su for rubyman by root
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: + ??? root:rubyman
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339412 of user rubyman.
May  6 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20639]: pam_unix(su:session): session closed for user rubyman
May  6 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339412.
May  6 09:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Failed password for invalid user administrator from 80.94.95.125 port 48857 ssh2
May  6 09:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Received disconnect from 80.94.95.125 port 48857:11: Bye [preauth]
May  6 09:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: Disconnected from 80.94.95.125 port 48857 [preauth]
May  6 09:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 09:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20549]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session closed for user root
May  6 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20580]: pam_unix(cron:session): session closed for user samftp
May  6 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: Invalid user sol from 196.251.84.225
May  6 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: input_userauth_request: invalid user sol [preauth]
May  6 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: Failed password for invalid user sol from 196.251.84.225 port 41532 ssh2
May  6 09:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: Connection closed by 196.251.84.225 port 41532 [preauth]
May  6 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19720]: pam_unix(cron:session): session closed for user root
May  6 09:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Invalid user palworld from 196.251.84.225
May  6 09:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: input_userauth_request: invalid user palworld [preauth]
May  6 09:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Failed password for invalid user palworld from 196.251.84.225 port 36582 ssh2
May  6 09:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20936]: Connection closed by 196.251.84.225 port 36582 [preauth]
May  6 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session closed for user p13x
May  6 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21052]: Successful su for rubyman by root
May  6 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21052]: + ??? root:rubyman
May  6 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339416 of user rubyman.
May  6 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21052]: pam_unix(su:session): session closed for user rubyman
May  6 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339416.
May  6 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18375]: pam_unix(cron:session): session closed for user root
May  6 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session closed for user samftp
May  6 09:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Invalid user steam from 196.251.84.225
May  6 09:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: input_userauth_request: invalid user steam [preauth]
May  6 09:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Failed password for invalid user steam from 196.251.84.225 port 44848 ssh2
May  6 09:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21255]: Connection closed by 196.251.84.225 port 44848 [preauth]
May  6 09:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: Failed password for root from 218.92.0.179 port 37810 ssh2
May  6 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37810 ssh2]
May  6 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: Received disconnect from 218.92.0.179 port 37810:11:  [preauth]
May  6 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: Disconnected from 218.92.0.179 port 37810 [preauth]
May  6 09:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21311]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20163]: pam_unix(cron:session): session closed for user root
May  6 09:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Failed password for root from 196.251.84.225 port 34798 ssh2
May  6 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21383]: Connection closed by 196.251.84.225 port 34798 [preauth]
May  6 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21430]: pam_unix(cron:session): session closed for user p13x
May  6 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21495]: Successful su for rubyman by root
May  6 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21495]: + ??? root:rubyman
May  6 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339420 of user rubyman.
May  6 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21495]: pam_unix(su:session): session closed for user rubyman
May  6 09:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339420.
May  6 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session closed for user root
May  6 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21431]: pam_unix(cron:session): session closed for user samftp
May  6 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Invalid user kodi from 196.251.84.225
May  6 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: input_userauth_request: invalid user kodi [preauth]
May  6 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Failed password for invalid user kodi from 196.251.84.225 port 60528 ssh2
May  6 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21716]: Connection closed by 196.251.84.225 port 60528 [preauth]
May  6 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20582]: pam_unix(cron:session): session closed for user root
May  6 09:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Invalid user node from 196.251.84.225
May  6 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: input_userauth_request: invalid user node [preauth]
May  6 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Failed password for invalid user node from 196.251.84.225 port 42464 ssh2
May  6 09:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22088]: Connection closed by 196.251.84.225 port 42464 [preauth]
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session closed for user root
May  6 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22155]: pam_unix(cron:session): session closed for user p13x
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: Successful su for rubyman by root
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: + ??? root:rubyman
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339423 of user rubyman.
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: pam_unix(su:session): session closed for user rubyman
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339423.
May  6 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Invalid user opc from 196.251.84.225
May  6 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: input_userauth_request: invalid user opc [preauth]
May  6 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22157]: pam_unix(cron:session): session closed for user root
May  6 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session closed for user root
May  6 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Failed password for invalid user opc from 196.251.84.225 port 56878 ssh2
May  6 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22297]: Connection closed by 196.251.84.225 port 56878 [preauth]
May  6 09:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session closed for user samftp
May  6 09:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Invalid user sol from 196.251.84.225
May  6 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: input_userauth_request: invalid user sol [preauth]
May  6 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user sol from 196.251.84.225 port 56708 ssh2
May  6 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Failed password for root from 64.227.136.250 port 43926 ssh2
May  6 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Received disconnect from 64.227.136.250 port 43926:11: Bye Bye [preauth]
May  6 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22579]: Disconnected from 64.227.136.250 port 43926 [preauth]
May  6 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Connection closed by 196.251.84.225 port 56708 [preauth]
May  6 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20995]: pam_unix(cron:session): session closed for user root
May  6 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: Invalid user ubuntu from 196.251.84.225
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22672]: pam_unix(cron:session): session closed for user p13x
May  6 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22745]: Successful su for rubyman by root
May  6 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22745]: + ??? root:rubyman
May  6 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339430 of user rubyman.
May  6 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22745]: pam_unix(su:session): session closed for user rubyman
May  6 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339430.
May  6 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: Failed password for invalid user ubuntu from 196.251.84.225 port 56340 ssh2
May  6 09:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22658]: Connection closed by 196.251.84.225 port 56340 [preauth]
May  6 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19719]: pam_unix(cron:session): session closed for user root
May  6 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22674]: pam_unix(cron:session): session closed for user samftp
May  6 09:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Invalid user nginx from 196.251.84.225
May  6 09:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: input_userauth_request: invalid user nginx [preauth]
May  6 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21433]: pam_unix(cron:session): session closed for user root
May  6 09:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Invalid user hugo from 180.253.167.74
May  6 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: input_userauth_request: invalid user hugo [preauth]
May  6 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Failed password for invalid user nginx from 196.251.84.225 port 54398 ssh2
May  6 09:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Connection closed by 196.251.84.225 port 54398 [preauth]
May  6 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Failed password for invalid user hugo from 180.253.167.74 port 39052 ssh2
May  6 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Received disconnect from 180.253.167.74 port 39052:11: Bye Bye [preauth]
May  6 09:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Disconnected from 180.253.167.74 port 39052 [preauth]
May  6 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: Invalid user dolphinscheduler from 196.251.84.225
May  6 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 43854 ssh2
May  6 09:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23125]: Connection closed by 196.251.84.225 port 43854 [preauth]
May  6 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23137]: pam_unix(cron:session): session closed for user root
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session closed for user p13x
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23217]: Successful su for rubyman by root
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23217]: + ??? root:rubyman
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339435 of user rubyman.
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23217]: pam_unix(su:session): session closed for user rubyman
May  6 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339435.
May  6 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20162]: pam_unix(cron:session): session closed for user root
May  6 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session closed for user samftp
May  6 09:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Invalid user samba from 196.251.84.225
May  6 09:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: input_userauth_request: invalid user samba [preauth]
May  6 09:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Failed password for invalid user samba from 196.251.84.225 port 54900 ssh2
May  6 09:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23534]: Connection closed by 196.251.84.225 port 54900 [preauth]
May  6 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session closed for user root
May  6 09:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Failed password for root from 186.233.208.13 port 59342 ssh2
May  6 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Received disconnect from 186.233.208.13 port 59342:11: Bye Bye [preauth]
May  6 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23592]: Disconnected from 186.233.208.13 port 59342 [preauth]
May  6 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Invalid user ubuntu from 196.251.84.225
May  6 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Failed password for invalid user ubuntu from 196.251.84.225 port 48506 ssh2
May  6 09:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Connection closed by 196.251.84.225 port 48506 [preauth]
May  6 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Invalid user mantenimiento from 190.173.77.226
May  6 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: input_userauth_request: invalid user mantenimiento [preauth]
May  6 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23653]: pam_unix(cron:session): session closed for user p13x
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23714]: Successful su for rubyman by root
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23714]: + ??? root:rubyman
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339439 of user rubyman.
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23714]: pam_unix(su:session): session closed for user rubyman
May  6 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339439.
May  6 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Failed password for invalid user mantenimiento from 190.173.77.226 port 50570 ssh2
May  6 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Received disconnect from 190.173.77.226 port 50570:11: Bye Bye [preauth]
May  6 09:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Disconnected from 190.173.77.226 port 50570 [preauth]
May  6 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20581]: pam_unix(cron:session): session closed for user root
May  6 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23654]: pam_unix(cron:session): session closed for user samftp
May  6 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Invalid user flussonic from 196.251.84.225
May  6 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: input_userauth_request: invalid user flussonic [preauth]
May  6 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Failed password for invalid user flussonic from 196.251.84.225 port 52708 ssh2
May  6 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Connection closed by 196.251.84.225 port 52708 [preauth]
May  6 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22676]: pam_unix(cron:session): session closed for user root
May  6 09:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Invalid user yarn from 196.251.84.225
May  6 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: input_userauth_request: invalid user yarn [preauth]
May  6 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Failed password for invalid user yarn from 196.251.84.225 port 59720 ssh2
May  6 09:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24150]: Connection closed by 196.251.84.225 port 59720 [preauth]
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24181]: pam_unix(cron:session): session closed for user p13x
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24254]: Successful su for rubyman by root
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24254]: + ??? root:rubyman
May  6 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339443 of user rubyman.
May  6 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24254]: pam_unix(su:session): session closed for user rubyman
May  6 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339443.
May  6 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session closed for user root
May  6 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24182]: pam_unix(cron:session): session closed for user samftp
May  6 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Invalid user steam from 196.251.84.225
May  6 09:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: input_userauth_request: invalid user steam [preauth]
May  6 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Invalid user guest from 190.103.202.7
May  6 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: input_userauth_request: invalid user guest [preauth]
May  6 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 09:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Failed password for invalid user steam from 196.251.84.225 port 48888 ssh2
May  6 09:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24493]: Connection closed by 196.251.84.225 port 48888 [preauth]
May  6 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Failed password for invalid user guest from 190.103.202.7 port 45004 ssh2
May  6 09:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24495]: Connection closed by 190.103.202.7 port 45004 [preauth]
May  6 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23144]: pam_unix(cron:session): session closed for user root
May  6 09:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Invalid user omsagent from 196.251.84.225
May  6 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: input_userauth_request: invalid user omsagent [preauth]
May  6 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Failed password for invalid user omsagent from 196.251.84.225 port 41480 ssh2
May  6 09:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Connection closed by 196.251.84.225 port 41480 [preauth]
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session closed for user root
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user p13x
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: Successful su for rubyman by root
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: + ??? root:rubyman
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339448 of user rubyman.
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: pam_unix(su:session): session closed for user rubyman
May  6 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339448.
May  6 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24631]: pam_unix(cron:session): session closed for user root
May  6 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session closed for user root
May  6 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24630]: pam_unix(cron:session): session closed for user samftp
May  6 09:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Invalid user nagios from 196.251.84.225
May  6 09:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: input_userauth_request: invalid user nagios [preauth]
May  6 09:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Failed password for invalid user nagios from 196.251.84.225 port 49696 ssh2
May  6 09:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Connection closed by 196.251.84.225 port 49696 [preauth]
May  6 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23657]: pam_unix(cron:session): session closed for user root
May  6 09:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Invalid user test from 196.251.84.225
May  6 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: input_userauth_request: invalid user test [preauth]
May  6 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Failed password for invalid user test from 196.251.84.225 port 56918 ssh2
May  6 09:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Connection closed by 196.251.84.225 port 56918 [preauth]
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25074]: pam_unix(cron:session): session closed for user p13x
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: Successful su for rubyman by root
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: + ??? root:rubyman
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339452 of user rubyman.
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25143]: pam_unix(su:session): session closed for user rubyman
May  6 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339452.
May  6 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22158]: pam_unix(cron:session): session closed for user root
May  6 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25075]: pam_unix(cron:session): session closed for user samftp
May  6 09:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Failed password for root from 64.227.136.250 port 41482 ssh2
May  6 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Received disconnect from 64.227.136.250 port 41482:11: Bye Bye [preauth]
May  6 09:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Disconnected from 64.227.136.250 port 41482 [preauth]
May  6 09:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Invalid user dst from 196.251.84.225
May  6 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: input_userauth_request: invalid user dst [preauth]
May  6 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Failed password for invalid user dst from 196.251.84.225 port 52782 ssh2
May  6 09:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Connection closed by 196.251.84.225 port 52782 [preauth]
May  6 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24187]: pam_unix(cron:session): session closed for user root
May  6 09:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Invalid user vps from 196.251.84.225
May  6 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: input_userauth_request: invalid user vps [preauth]
May  6 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Failed password for invalid user vps from 196.251.84.225 port 35194 ssh2
May  6 09:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25451]: Connection closed by 196.251.84.225 port 35194 [preauth]
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25492]: pam_unix(cron:session): session closed for user p13x
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: Successful su for rubyman by root
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: + ??? root:rubyman
May  6 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339458 of user rubyman.
May  6 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: pam_unix(su:session): session closed for user rubyman
May  6 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339458.
May  6 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22675]: pam_unix(cron:session): session closed for user root
May  6 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25493]: pam_unix(cron:session): session closed for user samftp
May  6 09:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Invalid user puppet from 196.251.84.225
May  6 09:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: input_userauth_request: invalid user puppet [preauth]
May  6 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Failed password for invalid user puppet from 196.251.84.225 port 48660 ssh2
May  6 09:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Connection closed by 196.251.84.225 port 48660 [preauth]
May  6 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Did not receive identification string from 111.67.194.231
May  6 09:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Connection closed by 111.67.194.231 port 43604 [preauth]
May  6 09:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session closed for user root
May  6 09:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: Invalid user admin from 196.251.84.225
May  6 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: input_userauth_request: invalid user admin [preauth]
May  6 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25888]: Connection closed by 111.67.194.231 port 49360 [preauth]
May  6 09:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: Failed password for invalid user admin from 196.251.84.225 port 48664 ssh2
May  6 09:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25941]: Connection closed by 196.251.84.225 port 48664 [preauth]
May  6 09:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: Invalid user kartika from 180.253.167.74
May  6 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: input_userauth_request: invalid user kartika [preauth]
May  6 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: Failed password for invalid user kartika from 180.253.167.74 port 62547 ssh2
May  6 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: Received disconnect from 180.253.167.74 port 62547:11: Bye Bye [preauth]
May  6 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25967]: Disconnected from 180.253.167.74 port 62547 [preauth]
May  6 09:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25944]: Connection closed by 111.67.194.231 port 56086 [preauth]
May  6 09:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25984]: Connection closed by 111.67.194.231 port 34170 [preauth]
May  6 09:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26015]: pam_unix(cron:session): session closed for user p13x
May  6 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: Successful su for rubyman by root
May  6 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: + ??? root:rubyman
May  6 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339463 of user rubyman.
May  6 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26079]: pam_unix(su:session): session closed for user rubyman
May  6 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339463.
May  6 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: input_userauth_request: invalid user www-data [preauth]
May  6 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23143]: pam_unix(cron:session): session closed for user root
May  6 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26002]: Connection closed by 111.67.194.231 port 44214 [preauth]
May  6 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Failed password for invalid user www-data from 196.251.84.225 port 47550 ssh2
May  6 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session closed for user samftp
May  6 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Connection closed by 196.251.84.225 port 47550 [preauth]
May  6 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26254]: Connection closed by 111.67.194.231 port 49252 [preauth]
May  6 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26287]: Connection closed by 111.67.194.231 port 54820 [preauth]
May  6 09:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Invalid user tidb from 186.233.208.13
May  6 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: input_userauth_request: invalid user tidb [preauth]
May  6 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 09:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Failed password for invalid user tidb from 186.233.208.13 port 41710 ssh2
May  6 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Received disconnect from 186.233.208.13 port 41710:11: Bye Bye [preauth]
May  6 09:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26331]: Disconnected from 186.233.208.13 port 41710 [preauth]
May  6 09:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25077]: pam_unix(cron:session): session closed for user root
May  6 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: input_userauth_request: invalid user sys [preauth]
May  6 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  6 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26321]: Connection closed by 111.67.194.231 port 59752 [preauth]
May  6 09:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: Failed password for invalid user sys from 196.251.84.225 port 53490 ssh2
May  6 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: Connection closed by 196.251.84.225 port 53490 [preauth]
May  6 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26357]: Connection closed by 111.67.194.231 port 36964 [preauth]
May  6 09:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Connection closed by 111.67.194.231 port 42800 [preauth]
May  6 09:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26438]: pam_unix(cron:session): session closed for user p13x
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26572]: Successful su for rubyman by root
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26572]: + ??? root:rubyman
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339464 of user rubyman.
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26572]: pam_unix(su:session): session closed for user rubyman
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339464.
May  6 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26407]: Connection closed by 111.67.194.231 port 48828 [preauth]
May  6 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23656]: pam_unix(cron:session): session closed for user root
May  6 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26439]: pam_unix(cron:session): session closed for user samftp
May  6 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: Invalid user elasticsearch from 196.251.84.225
May  6 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: Failed password for invalid user elasticsearch from 196.251.84.225 port 36168 ssh2
May  6 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: Connection closed by 196.251.84.225 port 36168 [preauth]
May  6 09:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26617]: Connection closed by 111.67.194.231 port 54868 [preauth]
May  6 09:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26767]: Connection closed by 46.244.96.25 port 33628 [preauth]
May  6 09:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26778]: Connection closed by 46.244.96.25 port 46132 [preauth]
May  6 09:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  6 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: Connection closed by 111.67.194.231 port 34994 [preauth]
May  6 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Invalid user tata from 46.244.96.25
May  6 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: input_userauth_request: invalid user tata [preauth]
May  6 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 09:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Failed password for root from 50.235.31.47 port 59844 ssh2
May  6 09:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26810]: Connection closed by 50.235.31.47 port 59844 [preauth]
May  6 09:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Failed password for invalid user tata from 46.244.96.25 port 46148 ssh2
May  6 09:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26812]: Connection closed by 46.244.96.25 port 46148 [preauth]
May  6 09:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26799]: Connection closed by 46.244.96.25 port 46142 [preauth]
May  6 09:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Invalid user sd from 190.173.77.226
May  6 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: input_userauth_request: invalid user sd [preauth]
May  6 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: Connection closed by 111.67.194.231 port 40754 [preauth]
May  6 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25495]: pam_unix(cron:session): session closed for user root
May  6 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Failed password for invalid user sd from 190.173.77.226 port 53016 ssh2
May  6 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Received disconnect from 190.173.77.226 port 53016:11: Bye Bye [preauth]
May  6 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Disconnected from 190.173.77.226 port 53016 [preauth]
May  6 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Invalid user jito from 196.251.84.225
May  6 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: input_userauth_request: invalid user jito [preauth]
May  6 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Failed password for invalid user jito from 196.251.84.225 port 37108 ssh2
May  6 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26872]: Connection closed by 196.251.84.225 port 37108 [preauth]
May  6 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26865]: Connection closed by 111.67.194.231 port 47910 [preauth]
May  6 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26896]: Connection closed by 111.67.194.231 port 52928 [preauth]
May  6 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26974]: pam_unix(cron:session): session closed for user root
May  6 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session closed for user p13x
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: Successful su for rubyman by root
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: + ??? root:rubyman
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339471 of user rubyman.
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27062]: pam_unix(su:session): session closed for user rubyman
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339471.
May  6 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Connection closed by 111.67.194.231 port 57372 [preauth]
May  6 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26970]: pam_unix(cron:session): session closed for user root
May  6 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session closed for user root
May  6 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: input_userauth_request: invalid user bin [preauth]
May  6 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26969]: pam_unix(cron:session): session closed for user samftp
May  6 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  6 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Failed password for invalid user bin from 196.251.84.225 port 57796 ssh2
May  6 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27280]: Connection closed by 196.251.84.225 port 57796 [preauth]
May  6 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27145]: Connection closed by 111.67.194.231 port 34800 [preauth]
May  6 09:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Connection closed by 111.67.194.231 port 40826 [preauth]
May  6 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27352]: Connection closed by 111.67.194.231 port 46750 [preauth]
May  6 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26018]: pam_unix(cron:session): session closed for user root
May  6 09:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: input_userauth_request: invalid user uucp [preauth]
May  6 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  6 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: Failed password for invalid user uucp from 196.251.84.225 port 51966 ssh2
May  6 09:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: Connection closed by 196.251.84.225 port 51966 [preauth]
May  6 09:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Connection closed by 111.67.194.231 port 54506 [preauth]
May  6 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27471]: Connection closed by 111.67.194.231 port 59274 [preauth]
May  6 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27507]: Connection closed by 111.67.194.231 port 38862 [preauth]
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27522]: pam_unix(cron:session): session closed for user p13x
May  6 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27599]: Successful su for rubyman by root
May  6 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27599]: + ??? root:rubyman
May  6 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339477 of user rubyman.
May  6 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27599]: pam_unix(su:session): session closed for user rubyman
May  6 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339477.
May  6 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Invalid user latitude from 196.251.84.225
May  6 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: input_userauth_request: invalid user latitude [preauth]
May  6 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session closed for user root
May  6 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Failed password for invalid user latitude from 196.251.84.225 port 47610 ssh2
May  6 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27664]: Connection closed by 196.251.84.225 port 47610 [preauth]
May  6 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27523]: pam_unix(cron:session): session closed for user samftp
May  6 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Connection closed by 111.67.194.231 port 44544 [preauth]
May  6 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: Connection closed by 111.67.194.231 port 50384 [preauth]
May  6 09:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27821]: Connection closed by 111.67.194.231 port 57242 [preauth]
May  6 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27860]: Connection closed by 111.67.194.231 port 36348 [preauth]
May  6 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26441]: pam_unix(cron:session): session closed for user root
May  6 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Invalid user hadoop from 196.251.84.225
May  6 09:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: input_userauth_request: invalid user hadoop [preauth]
May  6 09:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Failed password for invalid user hadoop from 196.251.84.225 port 53144 ssh2
May  6 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Connection closed by 196.251.84.225 port 53144 [preauth]
May  6 09:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27872]: Connection closed by 111.67.194.231 port 39924 [preauth]
May  6 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 09:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27914]: Connection closed by 111.67.194.231 port 45630 [preauth]
May  6 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Failed password for root from 64.227.136.250 port 59182 ssh2
May  6 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Received disconnect from 64.227.136.250 port 59182:11: Bye Bye [preauth]
May  6 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27929]: Disconnected from 64.227.136.250 port 59182 [preauth]
May  6 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27939]: Connection closed by 111.67.194.231 port 51522 [preauth]
May  6 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27972]: pam_unix(cron:session): session closed for user p13x
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28036]: Successful su for rubyman by root
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28036]: + ??? root:rubyman
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339479 of user rubyman.
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28036]: pam_unix(su:session): session closed for user rubyman
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339479.
May  6 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Invalid user caddy from 196.251.84.225
May  6 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: input_userauth_request: invalid user caddy [preauth]
May  6 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27961]: Connection closed by 111.67.194.231 port 57328 [preauth]
May  6 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25076]: pam_unix(cron:session): session closed for user root
May  6 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Failed password for invalid user caddy from 196.251.84.225 port 56940 ssh2
May  6 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28040]: Connection closed by 196.251.84.225 port 56940 [preauth]
May  6 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27973]: pam_unix(cron:session): session closed for user samftp
May  6 09:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28171]: Connection closed by 111.67.194.231 port 34822 [preauth]
May  6 09:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28235]: Connection closed by 111.67.194.231 port 40558 [preauth]
May  6 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28260]: Connection closed by 111.67.194.231 port 46514 [preauth]
May  6 09:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Invalid user drupal from 196.251.84.225
May  6 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: input_userauth_request: invalid user drupal [preauth]
May  6 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28283]: Connection closed by 111.67.194.231 port 52458 [preauth]
May  6 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Failed password for invalid user drupal from 196.251.84.225 port 49028 ssh2
May  6 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28293]: Connection closed by 196.251.84.225 port 49028 [preauth]
May  6 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26973]: pam_unix(cron:session): session closed for user root
May  6 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28322]: Connection closed by 111.67.194.231 port 58472 [preauth]
May  6 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Connection closed by 111.67.194.231 port 36256 [preauth]
May  6 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: Connection closed by 111.67.194.231 port 42300 [preauth]
May  6 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Invalid user rancher from 196.251.84.225
May  6 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: input_userauth_request: invalid user rancher [preauth]
May  6 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28399]: pam_unix(cron:session): session closed for user p13x
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Failed password for invalid user rancher from 196.251.84.225 port 35802 ssh2
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28461]: Successful su for rubyman by root
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28461]: + ??? root:rubyman
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339483 of user rubyman.
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28461]: pam_unix(su:session): session closed for user rubyman
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339483.
May  6 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28395]: Connection closed by 196.251.84.225 port 35802 [preauth]
May  6 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Connection closed by 111.67.194.231 port 48410 [preauth]
May  6 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25494]: pam_unix(cron:session): session closed for user root
May  6 09:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session closed for user samftp
May  6 09:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Invalid user user2 from 111.67.194.231
May  6 09:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: input_userauth_request: invalid user user2 [preauth]
May  6 09:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Connection closed by 111.67.194.231 port 33628 [preauth]
May  6 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: Invalid user esadmin from 196.251.84.225
May  6 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: input_userauth_request: invalid user esadmin [preauth]
May  6 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: Failed password for invalid user esadmin from 196.251.84.225 port 41838 ssh2
May  6 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28708]: Connection closed by 196.251.84.225 port 41838 [preauth]
May  6 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27525]: pam_unix(cron:session): session closed for user root
May  6 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Invalid user xiaobin from 180.253.167.74
May  6 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: input_userauth_request: invalid user xiaobin [preauth]
May  6 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Failed password for invalid user xiaobin from 180.253.167.74 port 65274 ssh2
May  6 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Received disconnect from 180.253.167.74 port 65274:11: Bye Bye [preauth]
May  6 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Disconnected from 180.253.167.74 port 65274 [preauth]
May  6 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Invalid user mapr from 196.251.84.225
May  6 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: input_userauth_request: invalid user mapr [preauth]
May  6 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Failed password for invalid user mapr from 196.251.84.225 port 45226 ssh2
May  6 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28794]: Connection closed by 196.251.84.225 port 45226 [preauth]
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session closed for user p13x
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: Successful su for rubyman by root
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: + ??? root:rubyman
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339488 of user rubyman.
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28865]: pam_unix(su:session): session closed for user rubyman
May  6 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339488.
May  6 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user root
May  6 09:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28804]: pam_unix(cron:session): session closed for user samftp
May  6 09:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Invalid user ranger from 186.233.208.13
May  6 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: input_userauth_request: invalid user ranger [preauth]
May  6 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Failed password for invalid user ranger from 186.233.208.13 port 33022 ssh2
May  6 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Received disconnect from 186.233.208.13 port 33022:11: Bye Bye [preauth]
May  6 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29155]: Disconnected from 186.233.208.13 port 33022 [preauth]
May  6 09:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Failed password for root from 167.172.247.164 port 55610 ssh2
May  6 09:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29183]: Connection closed by 167.172.247.164 port 55610 [preauth]
May  6 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Invalid user lighthouse from 196.251.84.225
May  6 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: input_userauth_request: invalid user lighthouse [preauth]
May  6 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Failed password for invalid user lighthouse from 196.251.84.225 port 32800 ssh2
May  6 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Connection closed by 196.251.84.225 port 32800 [preauth]
May  6 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27976]: pam_unix(cron:session): session closed for user root
May  6 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Failed password for root from 196.251.84.225 port 47038 ssh2
May  6 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Connection closed by 196.251.84.225 port 47038 [preauth]
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session closed for user root
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session closed for user p13x
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29389]: Successful su for rubyman by root
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29389]: + ??? root:rubyman
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339491 of user rubyman.
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29389]: pam_unix(su:session): session closed for user rubyman
May  6 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339491.
May  6 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user root
May  6 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26440]: pam_unix(cron:session): session closed for user root
May  6 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session closed for user samftp
May  6 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Invalid user jupyter from 196.251.84.225
May  6 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: input_userauth_request: invalid user jupyter [preauth]
May  6 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Failed password for invalid user jupyter from 196.251.84.225 port 41962 ssh2
May  6 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29665]: Connection closed by 196.251.84.225 port 41962 [preauth]
May  6 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user root
May  6 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Invalid user oracle from 196.251.84.225
May  6 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: input_userauth_request: invalid user oracle [preauth]
May  6 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Failed password for invalid user oracle from 196.251.84.225 port 54974 ssh2
May  6 09:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29750]: Connection closed by 196.251.84.225 port 54974 [preauth]
May  6 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29769]: pam_unix(cron:session): session closed for user p13x
May  6 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: Successful su for rubyman by root
May  6 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: + ??? root:rubyman
May  6 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339498 of user rubyman.
May  6 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: pam_unix(su:session): session closed for user rubyman
May  6 09:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339498.
May  6 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26972]: pam_unix(cron:session): session closed for user root
May  6 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29770]: pam_unix(cron:session): session closed for user samftp
May  6 09:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: Invalid user labadmin from 190.173.77.226
May  6 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: input_userauth_request: invalid user labadmin [preauth]
May  6 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: Failed password for invalid user labadmin from 190.173.77.226 port 40184 ssh2
May  6 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: Received disconnect from 190.173.77.226 port 40184:11: Bye Bye [preauth]
May  6 09:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: Disconnected from 190.173.77.226 port 40184 [preauth]
May  6 09:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: input_userauth_request: invalid user mysql [preauth]
May  6 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  6 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Failed password for invalid user mysql from 196.251.84.225 port 40278 ssh2
May  6 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30066]: Connection closed by 196.251.84.225 port 40278 [preauth]
May  6 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28806]: pam_unix(cron:session): session closed for user root
May  6 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Invalid user o from 195.178.110.50
May  6 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: input_userauth_request: invalid user o [preauth]
May  6 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 09:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Failed password for invalid user o from 195.178.110.50 port 5570 ssh2
May  6 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Connection closed by 195.178.110.50 port 5570 [preauth]
May  6 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: Failed password for root from 167.172.247.164 port 59620 ssh2
May  6 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30155]: Connection closed by 167.172.247.164 port 59620 [preauth]
May  6 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Invalid user shiv from 196.92.7.246
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: input_userauth_request: invalid user shiv [preauth]
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.246
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Invalid user pi from 167.172.247.164
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: input_userauth_request: invalid user pi [preauth]
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Invalid user hive from 167.172.247.164
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: input_userauth_request: invalid user hive [preauth]
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Failed password for invalid user shiv from 196.92.7.246 port 40824 ssh2
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Failed password for invalid user pi from 167.172.247.164 port 59622 ssh2
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Connection closed by 167.172.247.164 port 59622 [preauth]
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Received disconnect from 196.92.7.246 port 40824:11: Bye Bye [preauth]
May  6 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30157]: Disconnected from 196.92.7.246 port 40824 [preauth]
May  6 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Invalid user 6 from 195.178.110.50
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: input_userauth_request: invalid user 6 [preauth]
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Failed password for invalid user hive from 167.172.247.164 port 40416 ssh2
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Invalid user git from 167.172.247.164
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: input_userauth_request: invalid user git [preauth]
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30169]: Connection closed by 167.172.247.164 port 40416 [preauth]
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: Failed password for root from 196.251.84.225 port 34666 ssh2
May  6 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30171]: Connection closed by 196.251.84.225 port 34666 [preauth]
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Failed password for invalid user 6 from 195.178.110.50 port 38556 ssh2
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Failed password for invalid user git from 167.172.247.164 port 40428 ssh2
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Invalid user wang from 167.172.247.164
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: input_userauth_request: invalid user wang [preauth]
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Connection closed by 167.172.247.164 port 40428 [preauth]
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Connection closed by 195.178.110.50 port 38556 [preauth]
May  6 09:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Failed password for invalid user wang from 167.172.247.164 port 40438 ssh2
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Connection closed by 167.172.247.164 port 40438 [preauth]
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: Invalid user nginx from 167.172.247.164
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: input_userauth_request: invalid user nginx [preauth]
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: Failed password for invalid user nginx from 167.172.247.164 port 40448 ssh2
May  6 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30186]: Connection closed by 167.172.247.164 port 40448 [preauth]
May  6 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Invalid user mongo from 167.172.247.164
May  6 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: input_userauth_request: invalid user mongo [preauth]
May  6 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30202]: pam_unix(cron:session): session closed for user p13x
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: Successful su for rubyman by root
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: + ??? root:rubyman
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339501 of user rubyman.
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session closed for user rubyman
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339501.
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: Invalid user user from 167.172.247.164
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: input_userauth_request: invalid user user [preauth]
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Failed password for invalid user mongo from 167.172.247.164 port 40462 ssh2
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30197]: Connection closed by 167.172.247.164 port 40462 [preauth]
May  6 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27524]: pam_unix(cron:session): session closed for user root
May  6 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Invalid user oracle from 167.172.247.164
May  6 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: input_userauth_request: invalid user oracle [preauth]
May  6 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: Failed password for invalid user user from 167.172.247.164 port 58508 ssh2
May  6 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30250]: Connection closed by 167.172.247.164 port 58508 [preauth]
May  6 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30203]: pam_unix(cron:session): session closed for user samftp
May  6 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Failed password for invalid user oracle from 167.172.247.164 port 58512 ssh2
May  6 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30403]: Connection closed by 167.172.247.164 port 58512 [preauth]
May  6 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Invalid user gpadmin from 167.172.247.164
May  6 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: input_userauth_request: invalid user gpadmin [preauth]
May  6 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Failed password for invalid user gpadmin from 167.172.247.164 port 58516 ssh2
May  6 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30450]: Connection closed by 167.172.247.164 port 58516 [preauth]
May  6 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30453]: Failed password for root from 167.172.247.164 port 58520 ssh2
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30453]: Connection closed by 167.172.247.164 port 58520 [preauth]
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: Invalid user [ from 195.178.110.50
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: input_userauth_request: invalid user [ [preauth]
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Invalid user esroot from 167.172.247.164
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: input_userauth_request: invalid user esroot [preauth]
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: Failed password for invalid user [ from 195.178.110.50 port 55936 ssh2
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: Invalid user gitlab from 167.172.247.164
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: input_userauth_request: invalid user gitlab [preauth]
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30452]: Connection reset by 198.235.24.237 port 63312 [preauth]
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Failed password for invalid user esroot from 167.172.247.164 port 39904 ssh2
May  6 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Connection closed by 167.172.247.164 port 39904 [preauth]
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Invalid user apache from 167.172.247.164
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: input_userauth_request: invalid user apache [preauth]
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: Failed password for invalid user gitlab from 167.172.247.164 port 39918 ssh2
May  6 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30469]: Connection closed by 167.172.247.164 port 39918 [preauth]
May  6 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30185]: Connection closed by 195.178.110.50 port 55936 [preauth]
May  6 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Failed password for invalid user apache from 167.172.247.164 port 39922 ssh2
May  6 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30491]: Connection closed by 167.172.247.164 port 39922 [preauth]
May  6 09:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30494]: Failed password for root from 167.172.247.164 port 39928 ssh2
May  6 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30494]: Connection closed by 167.172.247.164 port 39928 [preauth]
May  6 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: Invalid user red5 from 196.251.84.225
May  6 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: input_userauth_request: invalid user red5 [preauth]
May  6 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Failed password for root from 167.172.247.164 port 52872 ssh2
May  6 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Connection closed by 167.172.247.164 port 52872 [preauth]
May  6 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: Failed password for invalid user red5 from 196.251.84.225 port 57418 ssh2
May  6 09:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30497]: Connection closed by 196.251.84.225 port 57418 [preauth]
May  6 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Invalid user user from 167.172.247.164
May  6 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: input_userauth_request: invalid user user [preauth]
May  6 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250  user=root
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Failed password for invalid user user from 167.172.247.164 port 52880 ssh2
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30512]: Connection closed by 167.172.247.164 port 52880 [preauth]
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Invalid user lighthouse from 167.172.247.164
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: input_userauth_request: invalid user lighthouse [preauth]
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Failed password for root from 64.227.136.250 port 53072 ssh2
May  6 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Received disconnect from 64.227.136.250 port 53072:11: Bye Bye [preauth]
May  6 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Disconnected from 64.227.136.250 port 53072 [preauth]
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Failed password for invalid user lighthouse from 167.172.247.164 port 52894 ssh2
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Connection closed by 167.172.247.164 port 52894 [preauth]
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Invalid user flask from 167.172.247.164
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: input_userauth_request: invalid user flask [preauth]
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Failed password for invalid user flask from 167.172.247.164 port 52904 ssh2
May  6 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Connection closed by 167.172.247.164 port 52904 [preauth]
May  6 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: Invalid user user1 from 167.172.247.164
May  6 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: input_userauth_request: invalid user user1 [preauth]
May  6 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: Failed password for invalid user user1 from 167.172.247.164 port 56410 ssh2
May  6 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: Connection closed by 167.172.247.164 port 56410 [preauth]
May  6 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Invalid user hadoop from 167.172.247.164
May  6 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: input_userauth_request: invalid user hadoop [preauth]
May  6 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session closed for user root
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: Invalid user depot from 46.191.141.152
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: input_userauth_request: invalid user depot [preauth]
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Invalid user " from 195.178.110.50
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: input_userauth_request: invalid user " [preauth]
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Failed password for invalid user hadoop from 167.172.247.164 port 56422 ssh2
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30558]: Connection closed by 167.172.247.164 port 56422 [preauth]
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Invalid user oracle from 167.172.247.164
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: input_userauth_request: invalid user oracle [preauth]
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30551]: Failed password for invalid user depot from 46.191.141.152 port 59949 ssh2
May  6 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Failed password for invalid user " from 195.178.110.50 port 19032 ssh2
May  6 09:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for invalid user oracle from 167.172.247.164 port 56430 ssh2
May  6 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Invalid user test from 167.172.247.164
May  6 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: input_userauth_request: invalid user test [preauth]
May  6 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Connection closed by 167.172.247.164 port 56430 [preauth]
May  6 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Failed password for invalid user test from 167.172.247.164 port 56434 ssh2
May  6 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Connection closed by 167.172.247.164 port 56434 [preauth]
May  6 09:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Connection closed by 195.178.110.50 port 19032 [preauth]
May  6 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Failed password for root from 167.172.247.164 port 35908 ssh2
May  6 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30586]: Connection closed by 167.172.247.164 port 35908 [preauth]
May  6 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Invalid user developer from 167.172.247.164
May  6 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: input_userauth_request: invalid user developer [preauth]
May  6 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Failed password for invalid user developer from 167.172.247.164 port 35912 ssh2
May  6 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Connection closed by 167.172.247.164 port 35912 [preauth]
May  6 09:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: Failed password for root from 167.172.247.164 port 35924 ssh2
May  6 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: User mysql from 167.172.247.164 not allowed because not listed in AllowUsers
May  6 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: input_userauth_request: invalid user mysql [preauth]
May  6 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30614]: Connection closed by 167.172.247.164 port 35924 [preauth]
May  6 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=mysql
May  6 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Invalid user caddy from 196.251.84.225
May  6 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: input_userauth_request: invalid user caddy [preauth]
May  6 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: Failed password for invalid user mysql from 167.172.247.164 port 35940 ssh2
May  6 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30619]: Connection closed by 167.172.247.164 port 35940 [preauth]
May  6 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Failed password for invalid user caddy from 196.251.84.225 port 45522 ssh2
May  6 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Failed password for root from 167.172.247.164 port 35948 ssh2
May  6 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30628]: Connection closed by 167.172.247.164 port 35948 [preauth]
May  6 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Connection closed by 196.251.84.225 port 45522 [preauth]
May  6 09:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Invalid user tom from 167.172.247.164
May  6 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: input_userauth_request: invalid user tom [preauth]
May  6 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Failed password for invalid user tom from 167.172.247.164 port 60818 ssh2
May  6 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Connection closed by 167.172.247.164 port 60818 [preauth]
May  6 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Failed password for root from 167.172.247.164 port 60832 ssh2
May  6 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Connection closed by 167.172.247.164 port 60832 [preauth]
May  6 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Invalid user oscar from 167.172.247.164
May  6 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: input_userauth_request: invalid user oscar [preauth]
May  6 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user oscar from 167.172.247.164 port 60840 ssh2
May  6 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Connection closed by 167.172.247.164 port 60840 [preauth]
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30659]: pam_unix(cron:session): session closed for user p13x
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30724]: Successful su for rubyman by root
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30724]: + ??? root:rubyman
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339504 of user rubyman.
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30724]: pam_unix(su:session): session closed for user rubyman
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339504.
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: Failed password for root from 167.172.247.164 port 60850 ssh2
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30656]: Connection closed by 167.172.247.164 port 60850 [preauth]
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Invalid user G from 195.178.110.50
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: input_userauth_request: invalid user G [preauth]
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Failed password for invalid user G from 195.178.110.50 port 44498 ssh2
May  6 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Failed password for root from 167.172.247.164 port 55076 ssh2
May  6 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30722]: Connection closed by 167.172.247.164 port 55076 [preauth]
May  6 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Connection closed by 195.178.110.50 port 44498 [preauth]
May  6 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: Invalid user user1 from 167.172.247.164
May  6 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: input_userauth_request: invalid user user1 [preauth]
May  6 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27975]: pam_unix(cron:session): session closed for user root
May  6 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30660]: pam_unix(cron:session): session closed for user samftp
May  6 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: Failed password for invalid user user1 from 167.172.247.164 port 55090 ssh2
May  6 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30836]: Connection closed by 167.172.247.164 port 55090 [preauth]
May  6 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: Failed password for root from 167.172.247.164 port 55106 ssh2
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30917]: Connection closed by 167.172.247.164 port 55106 [preauth]
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Invalid user flink from 167.172.247.164
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: input_userauth_request: invalid user flink [preauth]
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Failed password for invalid user flink from 167.172.247.164 port 55110 ssh2
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30919]: Connection closed by 167.172.247.164 port 55110 [preauth]
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Invalid user apache from 167.172.247.164
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: input_userauth_request: invalid user apache [preauth]
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Failed password for invalid user apache from 167.172.247.164 port 46414 ssh2
May  6 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30938]: Connection closed by 167.172.247.164 port 46414 [preauth]
May  6 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: Failed password for root from 167.172.247.164 port 46416 ssh2
May  6 09:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: Connection closed by 167.172.247.164 port 46416 [preauth]
May  6 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Invalid user nginx from 167.172.247.164
May  6 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: input_userauth_request: invalid user nginx [preauth]
May  6 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Invalid user sysadmin from 196.251.84.225
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: input_userauth_request: invalid user sysadmin [preauth]
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Failed password for invalid user nginx from 167.172.247.164 port 46420 ssh2
May  6 09:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31018]: Connection closed by 167.172.247.164 port 46420 [preauth]
May  6 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: Invalid user esuser from 167.172.247.164
May  6 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: input_userauth_request: invalid user esuser [preauth]
May  6 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Failed password for invalid user sysadmin from 196.251.84.225 port 54852 ssh2
May  6 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Connection closed by 196.251.84.225 port 54852 [preauth]
May  6 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: Failed password for invalid user esuser from 167.172.247.164 port 46422 ssh2
May  6 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31025]: Connection closed by 167.172.247.164 port 46422 [preauth]
May  6 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Failed password for root from 167.172.247.164 port 46428 ssh2
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31045]: Connection closed by 167.172.247.164 port 46428 [preauth]
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: Invalid user git from 167.172.247.164
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: input_userauth_request: invalid user git [preauth]
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: Failed password for invalid user git from 167.172.247.164 port 44298 ssh2
May  6 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31047]: Connection closed by 167.172.247.164 port 44298 [preauth]
May  6 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Invalid user postgres from 167.172.247.164
May  6 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: input_userauth_request: invalid user postgres [preauth]
May  6 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Failed password for invalid user postgres from 167.172.247.164 port 44308 ssh2
May  6 09:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31086]: Connection closed by 167.172.247.164 port 44308 [preauth]
May  6 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Invalid user svnuser from 167.172.247.164
May  6 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: input_userauth_request: invalid user svnuser [preauth]
May  6 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Failed password for invalid user svnuser from 167.172.247.164 port 44322 ssh2
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31089]: Connection closed by 167.172.247.164 port 44322 [preauth]
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: Invalid user dolphinscheduler from 167.172.247.164
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: Failed password for invalid user dolphinscheduler from 167.172.247.164 port 44326 ssh2
May  6 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31091]: Connection closed by 167.172.247.164 port 44326 [preauth]
May  6 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user root
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Failed password for root from 167.172.247.164 port 49238 ssh2
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31101]: Connection closed by 167.172.247.164 port 49238 [preauth]
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Invalid user plexserver from 167.172.247.164
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: input_userauth_request: invalid user plexserver [preauth]
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Failed password for invalid user plexserver from 167.172.247.164 port 49246 ssh2
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31124]: Connection closed by 167.172.247.164 port 49246 [preauth]
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Invalid user sonar from 167.172.247.164
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: input_userauth_request: invalid user sonar [preauth]
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Failed password for invalid user sonar from 167.172.247.164 port 49260 ssh2
May  6 09:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31136]: Connection closed by 167.172.247.164 port 49260 [preauth]
May  6 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Invalid user app from 167.172.247.164
May  6 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: input_userauth_request: invalid user app [preauth]
May  6 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Failed password for invalid user app from 167.172.247.164 port 49272 ssh2
May  6 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31138]: Connection closed by 167.172.247.164 port 49272 [preauth]
May  6 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Invalid user tools from 167.172.247.164
May  6 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: input_userauth_request: invalid user tools [preauth]
May  6 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Failed password for invalid user tools from 167.172.247.164 port 54126 ssh2
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Connection closed by 167.172.247.164 port 54126 [preauth]
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: Invalid user lighthouse from 167.172.247.164
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: input_userauth_request: invalid user lighthouse [preauth]
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Invalid user satisfactory from 196.251.84.225
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: input_userauth_request: invalid user satisfactory [preauth]
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: Failed password for invalid user lighthouse from 167.172.247.164 port 54140 ssh2
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31154]: Connection closed by 167.172.247.164 port 54140 [preauth]
May  6 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: User mysql from 167.172.247.164 not allowed because not listed in AllowUsers
May  6 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: input_userauth_request: invalid user mysql [preauth]
May  6 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=mysql
May  6 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Failed password for invalid user satisfactory from 196.251.84.225 port 35156 ssh2
May  6 09:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31169]: Connection closed by 196.251.84.225 port 35156 [preauth]
May  6 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: Failed password for invalid user mysql from 167.172.247.164 port 54144 ssh2
May  6 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31180]: Connection closed by 167.172.247.164 port 54144 [preauth]
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Failed password for root from 167.172.247.164 port 54150 ssh2
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Connection closed by 167.172.247.164 port 54150 [preauth]
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: Invalid user gpadmin from 167.172.247.164
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: input_userauth_request: invalid user gpadmin [preauth]
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: Failed password for invalid user gpadmin from 167.172.247.164 port 35206 ssh2
May  6 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31185]: Connection closed by 167.172.247.164 port 35206 [preauth]
May  6 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: Invalid user oracle from 167.172.247.164
May  6 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: input_userauth_request: invalid user oracle [preauth]
May  6 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: Failed password for invalid user oracle from 167.172.247.164 port 35208 ssh2
May  6 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31196]: Connection closed by 167.172.247.164 port 35208 [preauth]
May  6 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: Failed password for root from 167.172.247.164 port 35220 ssh2
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31198]: Connection closed by 167.172.247.164 port 35220 [preauth]
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Invalid user www from 167.172.247.164
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: input_userauth_request: invalid user www [preauth]
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Failed password for invalid user www from 167.172.247.164 port 35232 ssh2
May  6 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31209]: Connection closed by 167.172.247.164 port 35232 [preauth]
May  6 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session closed for user p13x
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Failed password for root from 167.172.247.164 port 35236 ssh2
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Connection closed by 167.172.247.164 port 35236 [preauth]
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31289]: Successful su for rubyman by root
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31289]: + ??? root:rubyman
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339509 of user rubyman.
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31289]: pam_unix(su:session): session closed for user rubyman
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339509.
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Invalid user oscar from 167.172.247.164
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: input_userauth_request: invalid user oscar [preauth]
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Failed password for invalid user oscar from 167.172.247.164 port 38000 ssh2
May  6 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Connection closed by 167.172.247.164 port 38000 [preauth]
May  6 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user root
May  6 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: Invalid user test from 167.172.247.164
May  6 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: input_userauth_request: invalid user test [preauth]
May  6 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session closed for user samftp
May  6 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: Failed password for invalid user test from 167.172.247.164 port 38004 ssh2
May  6 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31435]: Connection closed by 167.172.247.164 port 38004 [preauth]
May  6 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Invalid user admin from 167.172.247.164
May  6 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: input_userauth_request: invalid user admin [preauth]
May  6 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Failed password for invalid user admin from 167.172.247.164 port 38012 ssh2
May  6 09:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31479]: Connection closed by 167.172.247.164 port 38012 [preauth]
May  6 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Failed password for root from 167.172.247.164 port 38024 ssh2
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: Invalid user app from 167.172.247.164
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: input_userauth_request: invalid user app [preauth]
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31482]: Connection closed by 167.172.247.164 port 38024 [preauth]
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Invalid user tomcat from 196.251.84.225
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: input_userauth_request: invalid user tomcat [preauth]
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: Failed password for invalid user app from 167.172.247.164 port 60866 ssh2
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31484]: Connection closed by 167.172.247.164 port 60866 [preauth]
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Invalid user elastic from 167.172.247.164
May  6 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: input_userauth_request: invalid user elastic [preauth]
May  6 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Failed password for invalid user tomcat from 196.251.84.225 port 44302 ssh2
May  6 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31499]: Connection closed by 196.251.84.225 port 44302 [preauth]
May  6 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Failed password for invalid user elastic from 167.172.247.164 port 60868 ssh2
May  6 09:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31503]: Connection closed by 167.172.247.164 port 60868 [preauth]
May  6 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: Failed password for root from 167.172.247.164 port 60872 ssh2
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31516]: Connection closed by 167.172.247.164 port 60872 [preauth]
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: Invalid user guest from 167.172.247.164
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: input_userauth_request: invalid user guest [preauth]
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: Failed password for invalid user guest from 167.172.247.164 port 60876 ssh2
May  6 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: Connection closed by 167.172.247.164 port 60876 [preauth]
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31529]: Failed password for root from 167.172.247.164 port 39118 ssh2
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31529]: Connection closed by 167.172.247.164 port 39118 [preauth]
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: Invalid user sonar from 167.172.247.164
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: input_userauth_request: invalid user sonar [preauth]
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: Failed password for invalid user sonar from 167.172.247.164 port 39122 ssh2
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31539]: Connection closed by 167.172.247.164 port 39122 [preauth]
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Invalid user jumpserver from 167.172.247.164
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: input_userauth_request: invalid user jumpserver [preauth]
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Failed password for invalid user jumpserver from 167.172.247.164 port 39132 ssh2
May  6 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Connection closed by 167.172.247.164 port 39132 [preauth]
May  6 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: Invalid user tom from 167.172.247.164
May  6 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: input_userauth_request: invalid user tom [preauth]
May  6 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: Failed password for invalid user tom from 167.172.247.164 port 39146 ssh2
May  6 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31557]: Connection closed by 167.172.247.164 port 39146 [preauth]
May  6 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: Failed password for root from 167.172.247.164 port 47430 ssh2
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: Connection closed by 167.172.247.164 port 47430 [preauth]
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Invalid user git from 167.172.247.164
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: input_userauth_request: invalid user git [preauth]
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30205]: pam_unix(cron:session): session closed for user root
May  6 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Failed password for invalid user git from 167.172.247.164 port 47436 ssh2
May  6 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31572]: Connection closed by 167.172.247.164 port 47436 [preauth]
May  6 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Invalid user ranger from 167.172.247.164
May  6 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: input_userauth_request: invalid user ranger [preauth]
May  6 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Failed password for invalid user ranger from 167.172.247.164 port 47438 ssh2
May  6 09:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Connection closed by 167.172.247.164 port 47438 [preauth]
May  6 09:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: Failed password for root from 167.172.247.164 port 47440 ssh2
May  6 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31606]: Connection closed by 167.172.247.164 port 47440 [preauth]
May  6 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Invalid user appuser from 167.172.247.164
May  6 09:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: input_userauth_request: invalid user appuser [preauth]
May  6 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Invalid user hadoop from 196.251.84.225
May  6 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: input_userauth_request: invalid user hadoop [preauth]
May  6 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: Invalid user tom from 167.172.247.164
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: input_userauth_request: invalid user tom [preauth]
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Failed password for invalid user appuser from 167.172.247.164 port 47456 ssh2
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31616]: Connection closed by 167.172.247.164 port 47456 [preauth]
May  6 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Failed password for invalid user hadoop from 196.251.84.225 port 51792 ssh2
May  6 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Connection closed by 196.251.84.225 port 51792 [preauth]
May  6 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: Failed password for invalid user tom from 167.172.247.164 port 60990 ssh2
May  6 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: Connection closed by 167.172.247.164 port 60990 [preauth]
May  6 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for root from 167.172.247.164 port 60994 ssh2
May  6 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Connection closed by 167.172.247.164 port 60994 [preauth]
May  6 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Invalid user ubuntu from 167.172.247.164
May  6 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Failed password for invalid user ubuntu from 167.172.247.164 port 60998 ssh2
May  6 09:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31658]: Connection closed by 167.172.247.164 port 60998 [preauth]
May  6 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Invalid user elsearch from 167.172.247.164
May  6 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: input_userauth_request: invalid user elsearch [preauth]
May  6 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Failed password for invalid user elsearch from 167.172.247.164 port 32770 ssh2
May  6 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Connection closed by 167.172.247.164 port 32770 [preauth]
May  6 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Invalid user nginx from 167.172.247.164
May  6 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: input_userauth_request: invalid user nginx [preauth]
May  6 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Invalid user rancher from 167.172.247.164
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: input_userauth_request: invalid user rancher [preauth]
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Failed password for invalid user nginx from 167.172.247.164 port 35834 ssh2
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31674]: Connection closed by 167.172.247.164 port 35834 [preauth]
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Invalid user java from 180.253.167.74
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: input_userauth_request: invalid user java [preauth]
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Failed password for invalid user rancher from 167.172.247.164 port 35836 ssh2
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Connection closed by 167.172.247.164 port 35836 [preauth]
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Failed password for invalid user java from 180.253.167.74 port 58467 ssh2
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Received disconnect from 180.253.167.74 port 58467:11: Bye Bye [preauth]
May  6 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Disconnected from 180.253.167.74 port 58467 [preauth]
May  6 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Failed password for root from 186.233.208.13 port 40626 ssh2
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Received disconnect from 186.233.208.13 port 40626:11: Bye Bye [preauth]
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Disconnected from 186.233.208.13 port 40626 [preauth]
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: Failed password for root from 167.172.247.164 port 35846 ssh2
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31705]: Connection closed by 167.172.247.164 port 35846 [preauth]
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Invalid user rancher from 167.172.247.164
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: input_userauth_request: invalid user rancher [preauth]
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Failed password for invalid user rancher from 167.172.247.164 port 35860 ssh2
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Connection closed by 167.172.247.164 port 35860 [preauth]
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user root
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Invalid user es from 167.172.247.164
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: input_userauth_request: invalid user es [preauth]
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31720]: pam_unix(cron:session): session closed for user p13x
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31789]: Successful su for rubyman by root
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31789]: + ??? root:rubyman
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339514 of user rubyman.
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31789]: pam_unix(su:session): session closed for user rubyman
May  6 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339514.
May  6 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Failed password for invalid user es from 167.172.247.164 port 49364 ssh2
May  6 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31717]: Connection closed by 167.172.247.164 port 49364 [preauth]
May  6 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31722]: pam_unix(cron:session): session closed for user root
May  6 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28805]: pam_unix(cron:session): session closed for user root
May  6 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Failed password for root from 167.172.247.164 port 49370 ssh2
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: Invalid user user from 167.172.247.164
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: input_userauth_request: invalid user user [preauth]
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31888]: Connection closed by 167.172.247.164 port 49370 [preauth]
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session closed for user samftp
May  6 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Invalid user airflow from 196.251.84.225
May  6 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: input_userauth_request: invalid user airflow [preauth]
May  6 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: Failed password for invalid user user from 167.172.247.164 port 49378 ssh2
May  6 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32222]: Connection closed by 167.172.247.164 port 49378 [preauth]
May  6 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Failed password for invalid user airflow from 196.251.84.225 port 50738 ssh2
May  6 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32235]: Connection closed by 196.251.84.225 port 50738 [preauth]
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Failed password for root from 167.172.247.164 port 49386 ssh2
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Connection closed by 167.172.247.164 port 49386 [preauth]
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Invalid user uftp from 167.172.247.164
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: input_userauth_request: invalid user uftp [preauth]
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Failed password for invalid user uftp from 167.172.247.164 port 60538 ssh2
May  6 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Invalid user data from 167.172.247.164
May  6 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: input_userauth_request: invalid user data [preauth]
May  6 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Connection closed by 167.172.247.164 port 60538 [preauth]
May  6 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Failed password for invalid user data from 167.172.247.164 port 60548 ssh2
May  6 09:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Connection closed by 167.172.247.164 port 60548 [preauth]
May  6 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: Invalid user bigdata from 167.172.247.164
May  6 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: input_userauth_request: invalid user bigdata [preauth]
May  6 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: Failed password for invalid user bigdata from 167.172.247.164 port 60556 ssh2
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Invalid user oracle from 167.172.247.164
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: input_userauth_request: invalid user oracle [preauth]
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32317]: Connection closed by 167.172.247.164 port 60556 [preauth]
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Invalid user plex from 167.172.247.164
May  6 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: input_userauth_request: invalid user plex [preauth]
May  6 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Failed password for invalid user oracle from 167.172.247.164 port 60570 ssh2
May  6 09:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32331]: Connection closed by 167.172.247.164 port 60570 [preauth]
May  6 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Failed password for invalid user plex from 167.172.247.164 port 60586 ssh2
May  6 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32333]: Connection closed by 167.172.247.164 port 60586 [preauth]
May  6 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Invalid user steam from 167.172.247.164
May  6 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: input_userauth_request: invalid user steam [preauth]
May  6 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Failed password for invalid user steam from 167.172.247.164 port 33956 ssh2
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: Invalid user esuser from 167.172.247.164
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: input_userauth_request: invalid user esuser [preauth]
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Connection closed by 167.172.247.164 port 33956 [preauth]
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: Failed password for invalid user esuser from 167.172.247.164 port 33972 ssh2
May  6 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32371]: Connection closed by 167.172.247.164 port 33972 [preauth]
May  6 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Invalid user observer from 167.172.247.164
May  6 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: input_userauth_request: invalid user observer [preauth]
May  6 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Failed password for invalid user observer from 167.172.247.164 port 33978 ssh2
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32386]: Connection closed by 167.172.247.164 port 33978 [preauth]
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Invalid user docker from 167.172.247.164
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: input_userauth_request: invalid user docker [preauth]
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Invalid user user from 167.172.247.164
May  6 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: input_userauth_request: invalid user user [preauth]
May  6 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Failed password for invalid user docker from 167.172.247.164 port 33984 ssh2
May  6 09:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32388]: Connection closed by 167.172.247.164 port 33984 [preauth]
May  6 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30662]: pam_unix(cron:session): session closed for user root
May  6 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Failed password for invalid user user from 167.172.247.164 port 57714 ssh2
May  6 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Connection closed by 167.172.247.164 port 57714 [preauth]
May  6 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Invalid user elastic from 167.172.247.164
May  6 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: input_userauth_request: invalid user elastic [preauth]
May  6 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: input_userauth_request: invalid user www-data [preauth]
May  6 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Failed password for invalid user elastic from 167.172.247.164 port 57730 ssh2
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Invalid user oracle from 167.172.247.164
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: input_userauth_request: invalid user oracle [preauth]
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32421]: Connection closed by 167.172.247.164 port 57730 [preauth]
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Failed password for invalid user www-data from 196.251.84.225 port 51236 ssh2
May  6 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32429]: Connection closed by 196.251.84.225 port 51236 [preauth]
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Failed password for invalid user oracle from 167.172.247.164 port 57736 ssh2
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Connection closed by 167.172.247.164 port 57736 [preauth]
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Invalid user postgres from 167.172.247.164
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: input_userauth_request: invalid user postgres [preauth]
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Failed password for invalid user postgres from 167.172.247.164 port 57740 ssh2
May  6 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32442]: Connection closed by 167.172.247.164 port 57740 [preauth]
May  6 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Invalid user ts from 167.172.247.164
May  6 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: input_userauth_request: invalid user ts [preauth]
May  6 09:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Failed password for invalid user ts from 167.172.247.164 port 37992 ssh2
May  6 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Connection closed by 167.172.247.164 port 37992 [preauth]
May  6 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Failed password for root from 167.172.247.164 port 37996 ssh2
May  6 09:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Connection closed by 167.172.247.164 port 37996 [preauth]
May  6 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Invalid user ftpuser from 167.172.247.164
May  6 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: input_userauth_request: invalid user ftpuser [preauth]
May  6 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Failed password for invalid user ftpuser from 167.172.247.164 port 38010 ssh2
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32474]: Connection closed by 167.172.247.164 port 38010 [preauth]
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Invalid user test from 167.172.247.164
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: input_userauth_request: invalid user test [preauth]
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Failed password for invalid user test from 167.172.247.164 port 38018 ssh2
May  6 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Invalid user gitlab from 167.172.247.164
May  6 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: input_userauth_request: invalid user gitlab [preauth]
May  6 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Connection closed by 167.172.247.164 port 38018 [preauth]
May  6 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Failed password for invalid user gitlab from 167.172.247.164 port 38032 ssh2
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Connection closed by 167.172.247.164 port 38032 [preauth]
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Invalid user guest from 167.172.247.164
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: input_userauth_request: invalid user guest [preauth]
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Invalid user worker from 167.172.247.164
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: input_userauth_request: invalid user worker [preauth]
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Failed password for invalid user guest from 167.172.247.164 port 58574 ssh2
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Connection closed by 167.172.247.164 port 58574 [preauth]
May  6 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Failed password for invalid user worker from 167.172.247.164 port 58588 ssh2
May  6 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Invalid user flask from 167.172.247.164
May  6 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: input_userauth_request: invalid user flask [preauth]
May  6 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32501]: Connection closed by 167.172.247.164 port 58588 [preauth]
May  6 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: Invalid user gpuadmin from 167.172.247.164
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: input_userauth_request: invalid user gpuadmin [preauth]
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Failed password for invalid user flask from 167.172.247.164 port 58594 ssh2
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32503]: Connection closed by 167.172.247.164 port 58594 [preauth]
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32519]: pam_unix(cron:session): session closed for user p13x
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: Successful su for rubyman by root
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: + ??? root:rubyman
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339518 of user rubyman.
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32594]: pam_unix(su:session): session closed for user rubyman
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339518.
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: Failed password for invalid user gpuadmin from 167.172.247.164 port 58598 ssh2
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32516]: Connection closed by 167.172.247.164 port 58598 [preauth]
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Invalid user zabbix from 167.172.247.164
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: input_userauth_request: invalid user zabbix [preauth]
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Invalid user omsagent from 196.251.84.225
May  6 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: input_userauth_request: invalid user omsagent [preauth]
May  6 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Failed password for invalid user zabbix from 167.172.247.164 port 59008 ssh2
May  6 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32676]: Connection closed by 167.172.247.164 port 59008 [preauth]
May  6 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Failed password for invalid user omsagent from 196.251.84.225 port 56526 ssh2
May  6 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Connection closed by 196.251.84.225 port 56526 [preauth]
May  6 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
May  6 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32520]: pam_unix(cron:session): session closed for user samftp
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for root from 167.172.247.164 port 59014 ssh2
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: Invalid user flask from 167.172.247.164
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: input_userauth_request: invalid user flask [preauth]
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Connection closed by 167.172.247.164 port 59014 [preauth]
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Invalid user bmuuser from 164.68.105.9
May  6 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: input_userauth_request: invalid user bmuuser [preauth]
May  6 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Failed password for invalid user bmuuser from 164.68.105.9 port 58454 ssh2
May  6 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[483]: Connection closed by 164.68.105.9 port 58454 [preauth]
May  6 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: Failed password for invalid user flask from 167.172.247.164 port 59022 ssh2
May  6 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[484]: Connection closed by 167.172.247.164 port 59022 [preauth]
May  6 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: Invalid user gitlab from 167.172.247.164
May  6 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: input_userauth_request: invalid user gitlab [preauth]
May  6 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Invalid user testuser from 167.172.247.164
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: input_userauth_request: invalid user testuser [preauth]
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: Failed password for invalid user gitlab from 167.172.247.164 port 59026 ssh2
May  6 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[490]: Connection closed by 167.172.247.164 port 59026 [preauth]
May  6 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Invalid user postgres from 167.172.247.164
May  6 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: input_userauth_request: invalid user postgres [preauth]
May  6 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Failed password for invalid user testuser from 167.172.247.164 port 53058 ssh2
May  6 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[506]: Connection closed by 167.172.247.164 port 53058 [preauth]
May  6 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Failed password for invalid user postgres from 167.172.247.164 port 53064 ssh2
May  6 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Connection closed by 167.172.247.164 port 53064 [preauth]
May  6 09:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Invalid user jenkins from 167.172.247.164
May  6 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: input_userauth_request: invalid user jenkins [preauth]
May  6 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Failed password for invalid user jenkins from 167.172.247.164 port 53074 ssh2
May  6 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Connection closed by 167.172.247.164 port 53074 [preauth]
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: Failed password for root from 167.172.247.164 port 53088 ssh2
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: Connection closed by 167.172.247.164 port 53088 [preauth]
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Invalid user admin from 167.172.247.164
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: input_userauth_request: invalid user admin [preauth]
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Failed password for invalid user admin from 167.172.247.164 port 39578 ssh2
May  6 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Connection closed by 167.172.247.164 port 39578 [preauth]
May  6 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: Invalid user weblogic from 167.172.247.164
May  6 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: input_userauth_request: invalid user weblogic [preauth]
May  6 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Invalid user centos from 167.172.247.164
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: input_userauth_request: invalid user centos [preauth]
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: Failed password for invalid user weblogic from 167.172.247.164 port 39592 ssh2
May  6 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[554]: Connection closed by 167.172.247.164 port 39592 [preauth]
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Failed password for invalid user centos from 167.172.247.164 port 39596 ssh2
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[578]: Connection closed by 167.172.247.164 port 39596 [preauth]
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: Invalid user steam from 167.172.247.164
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: input_userauth_request: invalid user steam [preauth]
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Invalid user centos from 196.251.84.225
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: input_userauth_request: invalid user centos [preauth]
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: Failed password for invalid user steam from 167.172.247.164 port 39598 ssh2
May  6 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[581]: Connection closed by 167.172.247.164 port 39598 [preauth]
May  6 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Invalid user test from 167.172.247.164
May  6 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: input_userauth_request: invalid user test [preauth]
May  6 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Failed password for invalid user centos from 196.251.84.225 port 54464 ssh2
May  6 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[584]: Connection closed by 196.251.84.225 port 54464 [preauth]
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: Invalid user test from 167.172.247.164
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: input_userauth_request: invalid user test [preauth]
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Failed password for invalid user test from 167.172.247.164 port 39602 ssh2
May  6 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Connection closed by 167.172.247.164 port 39602 [preauth]
May  6 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user root
May  6 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: Failed password for invalid user test from 167.172.247.164 port 39360 ssh2
May  6 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[599]: Connection closed by 167.172.247.164 port 39360 [preauth]
May  6 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[621]: Failed password for root from 167.172.247.164 port 39368 ssh2
May  6 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[621]: Connection closed by 167.172.247.164 port 39368 [preauth]
May  6 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: Invalid user centos from 167.172.247.164
May  6 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: input_userauth_request: invalid user centos [preauth]
May  6 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: Failed password for invalid user centos from 167.172.247.164 port 39380 ssh2
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[635]: Connection closed by 167.172.247.164 port 39380 [preauth]
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Invalid user tomcat from 167.172.247.164
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: input_userauth_request: invalid user tomcat [preauth]
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Failed password for invalid user tomcat from 167.172.247.164 port 39386 ssh2
May  6 09:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[637]: Connection closed by 167.172.247.164 port 39386 [preauth]
May  6 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: User mysql from 167.172.247.164 not allowed because not listed in AllowUsers
May  6 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: input_userauth_request: invalid user mysql [preauth]
May  6 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=mysql
May  6 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Failed password for invalid user mysql from 167.172.247.164 port 48830 ssh2
May  6 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Connection closed by 167.172.247.164 port 48830 [preauth]
May  6 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Failed password for root from 167.172.247.164 port 48840 ssh2
May  6 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[667]: Connection closed by 167.172.247.164 port 48840 [preauth]
May  6 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Invalid user zabbix from 167.172.247.164
May  6 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: input_userauth_request: invalid user zabbix [preauth]
May  6 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Failed password for root from 167.172.247.164 port 48848 ssh2
May  6 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: Connection closed by 167.172.247.164 port 48848 [preauth]
May  6 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Failed password for invalid user zabbix from 167.172.247.164 port 48854 ssh2
May  6 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[683]: Connection closed by 167.172.247.164 port 48854 [preauth]
May  6 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Invalid user kubernetes from 167.172.247.164
May  6 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: input_userauth_request: invalid user kubernetes [preauth]
May  6 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Failed password for invalid user kubernetes from 167.172.247.164 port 59444 ssh2
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[685]: Connection closed by 167.172.247.164 port 59444 [preauth]
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: Invalid user observer from 167.172.247.164
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: input_userauth_request: invalid user observer [preauth]
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Invalid user hadoop from 167.172.247.164
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: input_userauth_request: invalid user hadoop [preauth]
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: Failed password for invalid user observer from 167.172.247.164 port 59448 ssh2
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[702]: Connection closed by 167.172.247.164 port 59448 [preauth]
May  6 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Failed password for invalid user hadoop from 167.172.247.164 port 59456 ssh2
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[706]: Connection closed by 167.172.247.164 port 59456 [preauth]
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: Failed password for root from 196.251.84.225 port 44372 ssh2
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Invalid user bot from 167.172.247.164
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: input_userauth_request: invalid user bot [preauth]
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: Connection closed by 196.251.84.225 port 44372 [preauth]
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Invalid user debianuser from 167.172.247.164
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: input_userauth_request: invalid user debianuser [preauth]
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Failed password for invalid user bot from 167.172.247.164 port 59460 ssh2
May  6 09:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[718]: Connection closed by 167.172.247.164 port 59460 [preauth]
May  6 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session closed for user p13x
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: Successful su for rubyman by root
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: + ??? root:rubyman
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339522 of user rubyman.
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[804]: pam_unix(su:session): session closed for user rubyman
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339522.
May  6 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Invalid user ranger from 167.172.247.164
May  6 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: input_userauth_request: invalid user ranger [preauth]
May  6 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for invalid user debianuser from 167.172.247.164 port 36984 ssh2
May  6 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 167.172.247.164 port 36984 [preauth]
May  6 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session closed for user root
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Failed password for invalid user ranger from 167.172.247.164 port 36990 ssh2
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[842]: Connection closed by 167.172.247.164 port 36990 [preauth]
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Invalid user oracle from 167.172.247.164
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: input_userauth_request: invalid user oracle [preauth]
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[731]: pam_unix(cron:session): session closed for user samftp
May  6 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: User ftp from 167.172.247.164 not allowed because not listed in AllowUsers
May  6 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: input_userauth_request: invalid user ftp [preauth]
May  6 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=ftp
May  6 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Failed password for invalid user oracle from 167.172.247.164 port 36992 ssh2
May  6 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[986]: Connection closed by 167.172.247.164 port 36992 [preauth]
May  6 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Failed password for invalid user ftp from 167.172.247.164 port 36996 ssh2
May  6 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Connection closed by 167.172.247.164 port 36996 [preauth]
May  6 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Invalid user elastic from 167.172.247.164
May  6 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: input_userauth_request: invalid user elastic [preauth]
May  6 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Failed password for invalid user elastic from 167.172.247.164 port 37008 ssh2
May  6 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Connection closed by 167.172.247.164 port 37008 [preauth]
May  6 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Invalid user admin from 167.172.247.164
May  6 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: input_userauth_request: invalid user admin [preauth]
May  6 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1034]: Failed password for root from 167.172.247.164 port 42876 ssh2
May  6 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1034]: Connection closed by 167.172.247.164 port 42876 [preauth]
May  6 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Failed password for invalid user admin from 167.172.247.164 port 42886 ssh2
May  6 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1068]: Connection closed by 167.172.247.164 port 42886 [preauth]
May  6 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Invalid user default from 167.172.247.164
May  6 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: input_userauth_request: invalid user default [preauth]
May  6 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Invalid user tomcat from 167.172.247.164
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: input_userauth_request: invalid user tomcat [preauth]
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Failed password for invalid user default from 167.172.247.164 port 42890 ssh2
May  6 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Connection closed by 167.172.247.164 port 42890 [preauth]
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Failed password for invalid user tomcat from 167.172.247.164 port 42898 ssh2
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Connection closed by 167.172.247.164 port 42898 [preauth]
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Invalid user gitlab from 167.172.247.164
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: input_userauth_request: invalid user gitlab [preauth]
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: Invalid user steam from 196.251.84.225
May  6 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: input_userauth_request: invalid user steam [preauth]
May  6 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for invalid user gitlab from 167.172.247.164 port 34944 ssh2
May  6 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Connection closed by 167.172.247.164 port 34944 [preauth]
May  6 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: Failed password for invalid user steam from 196.251.84.225 port 35888 ssh2
May  6 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1085]: Connection closed by 196.251.84.225 port 35888 [preauth]
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Invalid user hadoop from 167.172.247.164
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: input_userauth_request: invalid user hadoop [preauth]
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Failed password for root from 167.172.247.164 port 34946 ssh2
May  6 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Connection closed by 167.172.247.164 port 34946 [preauth]
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Failed password for invalid user hadoop from 167.172.247.164 port 34962 ssh2
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Invalid user tools from 167.172.247.164
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: input_userauth_request: invalid user tools [preauth]
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1114]: Connection closed by 167.172.247.164 port 34962 [preauth]
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Failed password for invalid user tools from 167.172.247.164 port 34970 ssh2
May  6 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: Connection closed by 167.172.247.164 port 34970 [preauth]
May  6 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Invalid user admin from 167.172.247.164
May  6 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: input_userauth_request: invalid user admin [preauth]
May  6 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Failed password for invalid user admin from 167.172.247.164 port 41734 ssh2
May  6 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1127]: Connection closed by 167.172.247.164 port 41734 [preauth]
May  6 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Invalid user www from 167.172.247.164
May  6 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: input_userauth_request: invalid user www [preauth]
May  6 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31724]: pam_unix(cron:session): session closed for user root
May  6 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Failed password for invalid user www from 167.172.247.164 port 41738 ssh2
May  6 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1131]: Connection closed by 167.172.247.164 port 41738 [preauth]
May  6 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for root from 167.172.247.164 port 41750 ssh2
May  6 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Connection closed by 167.172.247.164 port 41750 [preauth]
May  6 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Failed password for root from 167.172.247.164 port 41760 ssh2
May  6 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Invalid user es from 167.172.247.164
May  6 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: input_userauth_request: invalid user es [preauth]
May  6 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1169]: Connection closed by 167.172.247.164 port 41760 [preauth]
May  6 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Failed password for invalid user es from 167.172.247.164 port 41768 ssh2
May  6 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1185]: Connection closed by 167.172.247.164 port 41768 [preauth]
May  6 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Invalid user siva from 190.173.77.226
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: input_userauth_request: invalid user siva [preauth]
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Invalid user oracle from 167.172.247.164
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: input_userauth_request: invalid user oracle [preauth]
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Failed password for root from 167.172.247.164 port 38924 ssh2
May  6 09:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Connection closed by 167.172.247.164 port 38924 [preauth]
May  6 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Failed password for invalid user siva from 190.173.77.226 port 47562 ssh2
May  6 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Received disconnect from 190.173.77.226 port 47562:11: Bye Bye [preauth]
May  6 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Disconnected from 190.173.77.226 port 47562 [preauth]
May  6 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Failed password for invalid user oracle from 167.172.247.164 port 38940 ssh2
May  6 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Connection closed by 167.172.247.164 port 38940 [preauth]
May  6 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Invalid user uftp from 167.172.247.164
May  6 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: input_userauth_request: invalid user uftp [preauth]
May  6 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Failed password for invalid user uftp from 167.172.247.164 port 38950 ssh2
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1223]: Connection closed by 167.172.247.164 port 38950 [preauth]
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Invalid user flink from 167.172.247.164
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: input_userauth_request: invalid user flink [preauth]
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Invalid user oracle from 196.251.84.225
May  6 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: input_userauth_request: invalid user oracle [preauth]
May  6 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Failed password for invalid user flink from 167.172.247.164 port 38962 ssh2
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Connection closed by 167.172.247.164 port 38962 [preauth]
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Invalid user gitlab-runner from 167.172.247.164
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: input_userauth_request: invalid user gitlab-runner [preauth]
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Failed password for invalid user oracle from 196.251.84.225 port 38208 ssh2
May  6 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1227]: Connection closed by 196.251.84.225 port 38208 [preauth]
May  6 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Failed password for invalid user gitlab-runner from 167.172.247.164 port 43870 ssh2
May  6 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1244]: Connection closed by 167.172.247.164 port 43870 [preauth]
May  6 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Invalid user es from 167.172.247.164
May  6 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: input_userauth_request: invalid user es [preauth]
May  6 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: Invalid user oracle from 167.172.247.164
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: input_userauth_request: invalid user oracle [preauth]
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Failed password for invalid user es from 167.172.247.164 port 43878 ssh2
May  6 09:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Connection closed by 167.172.247.164 port 43878 [preauth]
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: Failed password for invalid user oracle from 167.172.247.164 port 43890 ssh2
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1263]: Connection closed by 167.172.247.164 port 43890 [preauth]
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Invalid user ubnt from 167.172.247.164
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: input_userauth_request: invalid user ubnt [preauth]
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Failed password for invalid user ubnt from 167.172.247.164 port 43906 ssh2
May  6 09:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Connection closed by 167.172.247.164 port 43906 [preauth]
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Invalid user nvidia from 167.172.247.164
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: input_userauth_request: invalid user nvidia [preauth]
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1280]: pam_unix(cron:session): session closed for user p13x
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1350]: Successful su for rubyman by root
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1350]: + ??? root:rubyman
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339526 of user rubyman.
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1350]: pam_unix(su:session): session closed for user rubyman
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339526.
May  6 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Failed password for invalid user nvidia from 167.172.247.164 port 40778 ssh2
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Invalid user baba from 64.227.136.250
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: input_userauth_request: invalid user baba [preauth]
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.136.250
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1277]: Connection closed by 167.172.247.164 port 40778 [preauth]
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30204]: pam_unix(cron:session): session closed for user root
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Failed password for invalid user baba from 64.227.136.250 port 60468 ssh2
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Received disconnect from 64.227.136.250 port 60468:11: Bye Bye [preauth]
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1374]: Disconnected from 64.227.136.250 port 60468 [preauth]
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Failed password for root from 167.172.247.164 port 40780 ssh2
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1471]: Connection closed by 167.172.247.164 port 40780 [preauth]
May  6 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1282]: pam_unix(cron:session): session closed for user samftp
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Invalid user developer from 167.172.247.164
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: input_userauth_request: invalid user developer [preauth]
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for root from 167.172.247.164 port 40790 ssh2
May  6 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Connection closed by 167.172.247.164 port 40790 [preauth]
May  6 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for invalid user developer from 167.172.247.164 port 40800 ssh2
May  6 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Connection closed by 167.172.247.164 port 40800 [preauth]
May  6 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: Failed password for root from 167.172.247.164 port 60264 ssh2
May  6 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: Connection closed by 167.172.247.164 port 60264 [preauth]
May  6 09:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: User ftp from 167.172.247.164 not allowed because not listed in AllowUsers
May  6 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: input_userauth_request: invalid user ftp [preauth]
May  6 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=ftp
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Failed password for invalid user ftp from 167.172.247.164 port 60272 ssh2
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1598]: Connection closed by 167.172.247.164 port 60272 [preauth]
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: Invalid user mongodb from 167.172.247.164
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: input_userauth_request: invalid user mongodb [preauth]
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: Failed password for invalid user mongodb from 167.172.247.164 port 60280 ssh2
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: Invalid user mongodb from 167.172.247.164
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: input_userauth_request: invalid user mongodb [preauth]
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1613]: Connection closed by 167.172.247.164 port 60280 [preauth]
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: Invalid user guest from 196.251.84.225
May  6 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: input_userauth_request: invalid user guest [preauth]
May  6 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: Failed password for invalid user mongodb from 167.172.247.164 port 60284 ssh2
May  6 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Invalid user app from 167.172.247.164
May  6 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: input_userauth_request: invalid user app [preauth]
May  6 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1631]: Connection closed by 167.172.247.164 port 60284 [preauth]
May  6 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: Failed password for invalid user guest from 196.251.84.225 port 50930 ssh2
May  6 09:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1629]: Connection closed by 196.251.84.225 port 50930 [preauth]
May  6 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Failed password for invalid user app from 167.172.247.164 port 60286 ssh2
May  6 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1633]: Connection closed by 167.172.247.164 port 60286 [preauth]
May  6 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1643]: Failed password for root from 167.172.247.164 port 33316 ssh2
May  6 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1643]: Connection closed by 167.172.247.164 port 33316 [preauth]
May  6 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Invalid user www from 167.172.247.164
May  6 09:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: input_userauth_request: invalid user www [preauth]
May  6 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Failed password for invalid user www from 167.172.247.164 port 33332 ssh2
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1659]: Connection closed by 167.172.247.164 port 33332 [preauth]
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Invalid user sonar from 167.172.247.164
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: input_userauth_request: invalid user sonar [preauth]
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Invalid user elasticsearch from 167.172.247.164
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Failed password for invalid user sonar from 167.172.247.164 port 33340 ssh2
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1669]: Connection closed by 167.172.247.164 port 33340 [preauth]
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for invalid user elasticsearch from 167.172.247.164 port 33354 ssh2
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Invalid user docker from 167.172.247.164
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: input_userauth_request: invalid user docker [preauth]
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Connection closed by 167.172.247.164 port 33354 [preauth]
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32522]: pam_unix(cron:session): session closed for user root
May  6 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Failed password for invalid user docker from 167.172.247.164 port 57816 ssh2
May  6 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1676]: Connection closed by 167.172.247.164 port 57816 [preauth]
May  6 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: Failed password for root from 167.172.247.164 port 57824 ssh2
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: Connection closed by 167.172.247.164 port 57824 [preauth]
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Invalid user postgres from 167.172.247.164
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: input_userauth_request: invalid user postgres [preauth]
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Invalid user dev from 167.172.247.164
May  6 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: input_userauth_request: invalid user dev [preauth]
May  6 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Failed password for invalid user postgres from 167.172.247.164 port 57838 ssh2
May  6 09:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Connection closed by 167.172.247.164 port 57838 [preauth]
May  6 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Failed password for invalid user dev from 167.172.247.164 port 57842 ssh2
May  6 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Connection closed by 167.172.247.164 port 57842 [preauth]
May  6 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: Invalid user guest from 167.172.247.164
May  6 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: input_userauth_request: invalid user guest [preauth]
May  6 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: Failed password for invalid user guest from 167.172.247.164 port 57814 ssh2
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Invalid user tomcat from 167.172.247.164
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: input_userauth_request: invalid user tomcat [preauth]
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1746]: Connection closed by 167.172.247.164 port 57814 [preauth]
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Failed password for invalid user tomcat from 167.172.247.164 port 57822 ssh2
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1762]: Connection closed by 167.172.247.164 port 57822 [preauth]
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: input_userauth_request: invalid user www-data [preauth]
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Invalid user elsearch from 167.172.247.164
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: input_userauth_request: invalid user elsearch [preauth]
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Failed password for invalid user www-data from 196.251.84.225 port 33510 ssh2
May  6 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Connection closed by 196.251.84.225 port 33510 [preauth]
May  6 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for invalid user elsearch from 167.172.247.164 port 57834 ssh2
May  6 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Connection closed by 167.172.247.164 port 57834 [preauth]
May  6 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: Invalid user git from 167.172.247.164
May  6 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: input_userauth_request: invalid user git [preauth]
May  6 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Invalid user vagrant from 167.172.247.164
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: input_userauth_request: invalid user vagrant [preauth]
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: Failed password for invalid user git from 167.172.247.164 port 57846 ssh2
May  6 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1776]: Connection closed by 167.172.247.164 port 57846 [preauth]
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Failed password for invalid user vagrant from 167.172.247.164 port 57860 ssh2
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Connection closed by 167.172.247.164 port 57860 [preauth]
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Invalid user esuser from 167.172.247.164
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: input_userauth_request: invalid user esuser [preauth]
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Failed password for invalid user esuser from 167.172.247.164 port 54490 ssh2
May  6 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1796]: Connection closed by 167.172.247.164 port 54490 [preauth]
May  6 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Invalid user ftpuser from 167.172.247.164
May  6 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: input_userauth_request: invalid user ftpuser [preauth]
May  6 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Failed password for invalid user ftpuser from 167.172.247.164 port 54494 ssh2
May  6 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1807]: Connection closed by 167.172.247.164 port 54494 [preauth]
May  6 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Invalid user esuser from 167.172.247.164
May  6 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: input_userauth_request: invalid user esuser [preauth]
May  6 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Failed password for invalid user esuser from 167.172.247.164 port 54496 ssh2
May  6 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1810]: Connection closed by 167.172.247.164 port 54496 [preauth]
May  6 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Failed password for root from 167.172.247.164 port 54508 ssh2
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1823]: Connection closed by 167.172.247.164 port 54508 [preauth]
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user p13x
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Invalid user worker from 167.172.247.164
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: input_userauth_request: invalid user worker [preauth]
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2039]: Successful su for rubyman by root
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2039]: + ??? root:rubyman
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339530 of user rubyman.
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2039]: pam_unix(su:session): session closed for user rubyman
May  6 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339530.
May  6 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1828]: pam_unix(cron:session): session closed for user root
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Failed password for invalid user worker from 167.172.247.164 port 32880 ssh2
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1825]: Connection closed by 167.172.247.164 port 32880 [preauth]
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Invalid user ftpuser from 167.172.247.164
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: input_userauth_request: invalid user ftpuser [preauth]
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30661]: pam_unix(cron:session): session closed for user root
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Failed password for invalid user ftpuser from 167.172.247.164 port 32884 ssh2
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2175]: Connection closed by 167.172.247.164 port 32884 [preauth]
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Invalid user admin from 167.172.247.164
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: input_userauth_request: invalid user admin [preauth]
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session closed for user samftp
May  6 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Failed password for invalid user admin from 167.172.247.164 port 32894 ssh2
May  6 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2237]: Connection closed by 167.172.247.164 port 32894 [preauth]
May  6 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Invalid user steam from 167.172.247.164
May  6 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: input_userauth_request: invalid user steam [preauth]
May  6 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Failed password for invalid user steam from 167.172.247.164 port 32906 ssh2
May  6 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2259]: Connection closed by 167.172.247.164 port 32906 [preauth]
May  6 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: Invalid user es from 167.172.247.164
May  6 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: input_userauth_request: invalid user es [preauth]
May  6 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: Failed password for invalid user es from 167.172.247.164 port 51218 ssh2
May  6 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2271]: Connection closed by 167.172.247.164 port 51218 [preauth]
May  6 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Invalid user deploy from 167.172.247.164
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: input_userauth_request: invalid user deploy [preauth]
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for root from 167.172.247.164 port 51234 ssh2
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Connection closed by 167.172.247.164 port 51234 [preauth]
May  6 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Failed password for invalid user deploy from 167.172.247.164 port 51246 ssh2
May  6 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2296]: Connection closed by 167.172.247.164 port 51246 [preauth]
May  6 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Invalid user demo from 167.172.247.164
May  6 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: input_userauth_request: invalid user demo [preauth]
May  6 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Invalid user elasticsearch from 196.251.84.225
May  6 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Failed password for invalid user demo from 167.172.247.164 port 51248 ssh2
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Connection closed by 167.172.247.164 port 51248 [preauth]
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Invalid user deploy from 167.172.247.164
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: input_userauth_request: invalid user deploy [preauth]
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Failed password for invalid user elasticsearch from 196.251.84.225 port 32804 ssh2
May  6 09:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Connection closed by 196.251.84.225 port 32804 [preauth]
May  6 09:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Failed password for invalid user deploy from 167.172.247.164 port 36546 ssh2
May  6 09:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2302]: Connection closed by 167.172.247.164 port 36546 [preauth]
May  6 09:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Invalid user dev from 167.172.247.164
May  6 09:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: input_userauth_request: invalid user dev [preauth]
May  6 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Invalid user oscar from 167.172.247.164
May  6 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: input_userauth_request: invalid user oscar [preauth]
May  6 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Failed password for invalid user dev from 167.172.247.164 port 36554 ssh2
May  6 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Connection closed by 167.172.247.164 port 36554 [preauth]
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Failed password for invalid user oscar from 167.172.247.164 port 36556 ssh2
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2328]: Connection closed by 167.172.247.164 port 36556 [preauth]
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: Invalid user dolphinscheduler from 167.172.247.164
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: Failed password for invalid user dolphinscheduler from 167.172.247.164 port 36568 ssh2
May  6 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2339]: Connection closed by 167.172.247.164 port 36568 [preauth]
May  6 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Invalid user pi from 167.172.247.164
May  6 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: input_userauth_request: invalid user pi [preauth]
May  6 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Failed password for invalid user pi from 167.172.247.164 port 36584 ssh2
May  6 09:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Connection closed by 167.172.247.164 port 36584 [preauth]
May  6 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: Invalid user dev from 167.172.247.164
May  6 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: input_userauth_request: invalid user dev [preauth]
May  6 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: Failed password for invalid user dev from 167.172.247.164 port 38550 ssh2
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2353]: Connection closed by 167.172.247.164 port 38550 [preauth]
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session closed for user root
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Invalid user oceanbase from 167.172.247.164
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: input_userauth_request: invalid user oceanbase [preauth]
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Failed password for invalid user oceanbase from 167.172.247.164 port 38564 ssh2
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2370]: Connection closed by 167.172.247.164 port 38564 [preauth]
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: Invalid user lighthouse from 167.172.247.164
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: input_userauth_request: invalid user lighthouse [preauth]
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: Failed password for invalid user lighthouse from 167.172.247.164 port 38580 ssh2
May  6 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2396]: Connection closed by 167.172.247.164 port 38580 [preauth]
May  6 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Failed password for root from 167.172.247.164 port 38594 ssh2
May  6 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Connection closed by 167.172.247.164 port 38594 [preauth]
May  6 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: Failed password for root from 167.172.247.164 port 32914 ssh2
May  6 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: Connection closed by 167.172.247.164 port 32914 [preauth]
May  6 09:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Failed password for root from 167.172.247.164 port 32928 ssh2
May  6 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2419]: Connection closed by 167.172.247.164 port 32928 [preauth]
May  6 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Invalid user tomcat from 196.251.84.225
May  6 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: input_userauth_request: invalid user tomcat [preauth]
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Failed password for root from 167.172.247.164 port 32942 ssh2
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2437]: Connection closed by 167.172.247.164 port 32942 [preauth]
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Invalid user user from 167.172.247.164
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: input_userauth_request: invalid user user [preauth]
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Failed password for invalid user user from 167.172.247.164 port 32948 ssh2
May  6 09:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2448]: Connection closed by 167.172.247.164 port 32948 [preauth]
May  6 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2450]: Failed password for root from 167.172.247.164 port 54196 ssh2
May  6 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2450]: Connection closed by 167.172.247.164 port 54196 [preauth]
May  6 09:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Invalid user svnuser from 167.172.247.164
May  6 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: input_userauth_request: invalid user svnuser [preauth]
May  6 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Failed password for invalid user tomcat from 196.251.84.225 port 36124 ssh2
May  6 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Connection closed by 196.251.84.225 port 36124 [preauth]
May  6 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Failed password for invalid user svnuser from 167.172.247.164 port 54206 ssh2
May  6 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2461]: Connection closed by 167.172.247.164 port 54206 [preauth]
May  6 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: Invalid user ftpuser from 167.172.247.164
May  6 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: input_userauth_request: invalid user ftpuser [preauth]
May  6 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: Failed password for invalid user ftpuser from 167.172.247.164 port 54222 ssh2
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2464]: Connection closed by 167.172.247.164 port 54222 [preauth]
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Invalid user ubuntu from 167.172.247.164
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for invalid user ubuntu from 167.172.247.164 port 54234 ssh2
May  6 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Connection closed by 167.172.247.164 port 54234 [preauth]
May  6 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2488]: pam_unix(cron:session): session closed for user root
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session closed for user p13x
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: Successful su for rubyman by root
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: + ??? root:rubyman
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339536 of user rubyman.
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2553]: pam_unix(su:session): session closed for user rubyman
May  6 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339536.
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Failed password for root from 167.172.247.164 port 54250 ssh2
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Invalid user esadmin from 167.172.247.164
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: input_userauth_request: invalid user esadmin [preauth]
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2478]: Connection closed by 167.172.247.164 port 54250 [preauth]
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session closed for user root
May  6 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Failed password for invalid user esadmin from 167.172.247.164 port 47636 ssh2
May  6 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Connection closed by 167.172.247.164 port 47636 [preauth]
May  6 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session closed for user root
May  6 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Failed password for root from 167.172.247.164 port 47640 ssh2
May  6 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2750]: Connection closed by 167.172.247.164 port 47640 [preauth]
May  6 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2483]: pam_unix(cron:session): session closed for user samftp
May  6 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Invalid user flask from 167.172.247.164
May  6 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: input_userauth_request: invalid user flask [preauth]
May  6 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Failed password for invalid user flask from 167.172.247.164 port 47654 ssh2
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2792]: Connection closed by 167.172.247.164 port 47654 [preauth]
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Invalid user deploy from 167.172.247.164
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: input_userauth_request: invalid user deploy [preauth]
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Failed password for invalid user deploy from 167.172.247.164 port 47666 ssh2
May  6 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2807]: Connection closed by 167.172.247.164 port 47666 [preauth]
May  6 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Failed password for root from 218.92.0.179 port 59643 ssh2
May  6 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Failed password for root from 167.172.247.164 port 52060 ssh2
May  6 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Connection closed by 167.172.247.164 port 52060 [preauth]
May  6 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Failed password for root from 218.92.0.179 port 59643 ssh2
May  6 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Failed password for root from 167.172.247.164 port 52062 ssh2
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Connection closed by 167.172.247.164 port 52062 [preauth]
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Failed password for root from 218.92.0.179 port 59643 ssh2
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Received disconnect from 218.92.0.179 port 59643:11:  [preauth]
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: Disconnected from 218.92.0.179 port 59643 [preauth]
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2801]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Invalid user oracle from 167.172.247.164
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: input_userauth_request: invalid user oracle [preauth]
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for invalid user oracle from 167.172.247.164 port 52072 ssh2
May  6 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Connection closed by 167.172.247.164 port 52072 [preauth]
May  6 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Invalid user rabbitmq from 167.172.247.164
May  6 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: input_userauth_request: invalid user rabbitmq [preauth]
May  6 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Failed password for invalid user rabbitmq from 167.172.247.164 port 52076 ssh2
May  6 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Connection closed by 167.172.247.164 port 52076 [preauth]
May  6 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Invalid user jenkins from 196.251.84.225
May  6 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: input_userauth_request: invalid user jenkins [preauth]
May  6 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Failed password for root from 167.172.247.164 port 40304 ssh2
May  6 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2853]: Connection closed by 167.172.247.164 port 40304 [preauth]
May  6 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Failed password for invalid user jenkins from 196.251.84.225 port 60696 ssh2
May  6 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2840]: Connection closed by 196.251.84.225 port 60696 [preauth]
May  6 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2855]: Failed password for root from 167.172.247.164 port 40306 ssh2
May  6 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2855]: Connection closed by 167.172.247.164 port 40306 [preauth]
May  6 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Failed password for root from 167.172.247.164 port 40322 ssh2
May  6 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2881]: Connection closed by 167.172.247.164 port 40322 [preauth]
May  6 09:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Failed password for root from 167.172.247.164 port 40332 ssh2
May  6 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2884]: Connection closed by 167.172.247.164 port 40332 [preauth]
May  6 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Invalid user wang from 167.172.247.164
May  6 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: input_userauth_request: invalid user wang [preauth]
May  6 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Failed password for invalid user wang from 167.172.247.164 port 47772 ssh2
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Invalid user hadoop from 167.172.247.164
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: input_userauth_request: invalid user hadoop [preauth]
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Connection closed by 167.172.247.164 port 47772 [preauth]
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1284]: pam_unix(cron:session): session closed for user root
May  6 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Failed password for invalid user hadoop from 167.172.247.164 port 47782 ssh2
May  6 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Connection closed by 167.172.247.164 port 47782 [preauth]
May  6 09:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for root from 167.172.247.164 port 47792 ssh2
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 167.172.247.164 port 47792 [preauth]
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Invalid user elasticsearch from 167.172.247.164
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Failed password for invalid user elasticsearch from 167.172.247.164 port 47796 ssh2
May  6 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Connection closed by 167.172.247.164 port 47796 [preauth]
May  6 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: User ftp from 167.172.247.164 not allowed because not listed in AllowUsers
May  6 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: input_userauth_request: invalid user ftp [preauth]
May  6 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=ftp
May  6 09:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Invalid user ftpuser from 186.233.208.13
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: input_userauth_request: invalid user ftpuser [preauth]
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Failed password for invalid user ftp from 167.172.247.164 port 47798 ssh2
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Connection closed by 167.172.247.164 port 47798 [preauth]
May  6 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Invalid user uftp from 167.172.247.164
May  6 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: input_userauth_request: invalid user uftp [preauth]
May  6 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Failed password for invalid user ftpuser from 186.233.208.13 port 36920 ssh2
May  6 09:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Received disconnect from 186.233.208.13 port 36920:11: Bye Bye [preauth]
May  6 09:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2940]: Disconnected from 186.233.208.13 port 36920 [preauth]
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Failed password for invalid user uftp from 167.172.247.164 port 59968 ssh2
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Connection closed by 167.172.247.164 port 59968 [preauth]
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Invalid user awsgui from 167.172.247.164
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: input_userauth_request: invalid user awsgui [preauth]
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Failed password for invalid user awsgui from 167.172.247.164 port 59972 ssh2
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Connection closed by 167.172.247.164 port 59972 [preauth]
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Invalid user dolphinscheduler from 167.172.247.164
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Failed password for invalid user dolphinscheduler from 167.172.247.164 port 59980 ssh2
May  6 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2977]: Connection closed by 167.172.247.164 port 59980 [preauth]
May  6 09:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for root from 167.172.247.164 port 59982 ssh2
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Connection closed by 167.172.247.164 port 59982 [preauth]
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Invalid user dstserver from 196.251.84.225
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: input_userauth_request: invalid user dstserver [preauth]
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: Invalid user yarn from 167.172.247.164
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: input_userauth_request: invalid user yarn [preauth]
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: Failed password for invalid user yarn from 167.172.247.164 port 56394 ssh2
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Failed password for invalid user dstserver from 196.251.84.225 port 52934 ssh2
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2983]: Connection closed by 167.172.247.164 port 56394 [preauth]
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Connection closed by 196.251.84.225 port 52934 [preauth]
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Invalid user test2 from 167.172.247.164
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: input_userauth_request: invalid user test2 [preauth]
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Failed password for invalid user test2 from 167.172.247.164 port 56410 ssh2
May  6 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2993]: Connection closed by 167.172.247.164 port 56410 [preauth]
May  6 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Invalid user oracle from 167.172.247.164
May  6 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: input_userauth_request: invalid user oracle [preauth]
May  6 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Failed password for invalid user oracle from 167.172.247.164 port 56426 ssh2
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2995]: Connection closed by 167.172.247.164 port 56426 [preauth]
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: Invalid user guest from 167.172.247.164
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: input_userauth_request: invalid user guest [preauth]
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: Failed password for invalid user guest from 167.172.247.164 port 56438 ssh2
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3005]: Connection closed by 167.172.247.164 port 56438 [preauth]
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Invalid user wang from 167.172.247.164
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: input_userauth_request: invalid user wang [preauth]
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Invalid user test123 from 180.253.167.74
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: input_userauth_request: invalid user test123 [preauth]
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3012]: pam_unix(cron:session): session closed for user p13x
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: Successful su for rubyman by root
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: + ??? root:rubyman
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339543 of user rubyman.
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3087]: pam_unix(su:session): session closed for user rubyman
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339543.
May  6 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Failed password for invalid user test123 from 180.253.167.74 port 6499 ssh2
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for invalid user wang from 167.172.247.164 port 36760 ssh2
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Connection closed by 167.172.247.164 port 36760 [preauth]
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Received disconnect from 180.253.167.74 port 6499:11: Bye Bye [preauth]
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Disconnected from 180.253.167.74 port 6499 [preauth]
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Invalid user www from 167.172.247.164
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: input_userauth_request: invalid user www [preauth]
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session closed for user root
May  6 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Failed password for invalid user www from 167.172.247.164 port 36770 ssh2
May  6 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3123]: Connection closed by 167.172.247.164 port 36770 [preauth]
May  6 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3013]: pam_unix(cron:session): session closed for user samftp
May  6 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3254]: Failed password for root from 167.172.247.164 port 36784 ssh2
May  6 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3254]: Connection closed by 167.172.247.164 port 36784 [preauth]
May  6 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Invalid user nexus from 167.172.247.164
May  6 09:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: input_userauth_request: invalid user nexus [preauth]
May  6 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Failed password for invalid user nexus from 167.172.247.164 port 36794 ssh2
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Connection closed by 167.172.247.164 port 36794 [preauth]
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: Invalid user app from 167.172.247.164
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: input_userauth_request: invalid user app [preauth]
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: Failed password for invalid user app from 167.172.247.164 port 36802 ssh2
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3283]: Connection closed by 167.172.247.164 port 36802 [preauth]
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Invalid user nvidia from 167.172.247.164
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: input_userauth_request: invalid user nvidia [preauth]
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Failed password for invalid user nvidia from 167.172.247.164 port 37168 ssh2
May  6 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3285]: Connection closed by 167.172.247.164 port 37168 [preauth]
May  6 09:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Failed password for root from 167.172.247.164 port 37176 ssh2
May  6 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Connection closed by 167.172.247.164 port 37176 [preauth]
May  6 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164  user=root
May  6 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  6 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: input_userauth_request: invalid user bin [preauth]
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 167.172.247.164 port 37192 ssh2
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Invalid user es from 167.172.247.164
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: input_userauth_request: invalid user es [preauth]
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Connection closed by 167.172.247.164 port 37192 [preauth]
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Failed password for invalid user bin from 196.251.84.225 port 50674 ssh2
May  6 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Connection closed by 196.251.84.225 port 50674 [preauth]
May  6 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Invalid user sugi from 167.172.247.164
May  6 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: input_userauth_request: invalid user sugi [preauth]
May  6 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.247.164
May  6 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Failed password for invalid user es from 167.172.247.164 port 37202 ssh2
May  6 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3322]: Connection closed by 167.172.247.164 port 37202 [preauth]
May  6 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Failed password for invalid user sugi from 167.172.247.164 port 42692 ssh2
May  6 09:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3326]: Connection closed by 167.172.247.164 port 42692 [preauth]
May  6 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session closed for user root
May  6 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Invalid user drupal from 196.251.84.225
May  6 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: input_userauth_request: invalid user drupal [preauth]
May  6 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Failed password for invalid user drupal from 196.251.84.225 port 59398 ssh2
May  6 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3441]: Connection closed by 196.251.84.225 port 59398 [preauth]
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3471]: pam_unix(cron:session): session closed for user p13x
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: Successful su for rubyman by root
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: + ??? root:rubyman
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339545 of user rubyman.
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3534]: pam_unix(su:session): session closed for user rubyman
May  6 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339545.
May  6 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32521]: pam_unix(cron:session): session closed for user root
May  6 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3472]: pam_unix(cron:session): session closed for user samftp
May  6 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: Invalid user satisfactory from 196.251.84.225
May  6 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: input_userauth_request: invalid user satisfactory [preauth]
May  6 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: Failed password for invalid user satisfactory from 196.251.84.225 port 51502 ssh2
May  6 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3768]: Connection closed by 196.251.84.225 port 51502 [preauth]
May  6 09:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.192.138.65  user=root
May  6 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2487]: pam_unix(cron:session): session closed for user root
May  6 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Failed password for root from 81.192.138.65 port 50450 ssh2
May  6 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Received disconnect from 81.192.138.65 port 50450:11: Bye Bye [preauth]
May  6 09:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3816]: Disconnected from 81.192.138.65 port 50450 [preauth]
May  6 09:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Invalid user centos from 196.251.84.225
May  6 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: input_userauth_request: invalid user centos [preauth]
May  6 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Failed password for invalid user centos from 196.251.84.225 port 60182 ssh2
May  6 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3868]: Connection closed by 196.251.84.225 port 60182 [preauth]
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session closed for user p13x
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: Successful su for rubyman by root
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: + ??? root:rubyman
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339550 of user rubyman.
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3996]: pam_unix(su:session): session closed for user rubyman
May  6 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339550.
May  6 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session closed for user root
May  6 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user samftp
May  6 09:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Invalid user test from 196.251.84.225
May  6 09:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: input_userauth_request: invalid user test [preauth]
May  6 09:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Failed password for invalid user test from 196.251.84.225 port 59822 ssh2
May  6 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4208]: Connection closed by 196.251.84.225 port 59822 [preauth]
May  6 09:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3015]: pam_unix(cron:session): session closed for user root
May  6 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: Failed password for root from 196.251.84.225 port 57282 ssh2
May  6 09:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4439]: Connection closed by 196.251.84.225 port 57282 [preauth]
May  6 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4484]: pam_unix(cron:session): session closed for user p13x
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: Successful su for rubyman by root
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: + ??? root:rubyman
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339554 of user rubyman.
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: pam_unix(su:session): session closed for user rubyman
May  6 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339554.
May  6 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for root from 218.92.0.179 port 32129 ssh2
May  6 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1283]: pam_unix(cron:session): session closed for user root
May  6 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for root from 218.92.0.179 port 32129 ssh2
May  6 09:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4485]: pam_unix(cron:session): session closed for user samftp
May  6 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for root from 218.92.0.179 port 32129 ssh2
May  6 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Received disconnect from 218.92.0.179 port 32129:11:  [preauth]
May  6 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Disconnected from 218.92.0.179 port 32129 [preauth]
May  6 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 09:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Invalid user sftp from 196.251.84.225
May  6 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: input_userauth_request: invalid user sftp [preauth]
May  6 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Failed password for invalid user sftp from 196.251.84.225 port 47892 ssh2
May  6 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Connection closed by 196.251.84.225 port 47892 [preauth]
May  6 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Invalid user vpn1 from 190.173.77.226
May  6 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: input_userauth_request: invalid user vpn1 [preauth]
May  6 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Failed password for invalid user vpn1 from 190.173.77.226 port 45584 ssh2
May  6 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Received disconnect from 190.173.77.226 port 45584:11: Bye Bye [preauth]
May  6 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4780]: Disconnected from 190.173.77.226 port 45584 [preauth]
May  6 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3474]: pam_unix(cron:session): session closed for user root
May  6 09:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: Invalid user jack from 196.251.84.225
May  6 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: input_userauth_request: invalid user jack [preauth]
May  6 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Invalid user admin from 80.94.95.112
May  6 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: input_userauth_request: invalid user admin [preauth]
May  6 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: Failed password for invalid user jack from 196.251.84.225 port 35734 ssh2
May  6 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4862]: Connection closed by 196.251.84.225 port 35734 [preauth]
May  6 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Failed password for invalid user admin from 80.94.95.112 port 6646 ssh2
May  6 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Failed password for invalid user admin from 80.94.95.112 port 6646 ssh2
May  6 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Failed password for invalid user admin from 80.94.95.112 port 6646 ssh2
May  6 09:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Failed password for invalid user admin from 80.94.95.112 port 6646 ssh2
May  6 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Failed password for invalid user admin from 80.94.95.112 port 6646 ssh2
May  6 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Received disconnect from 80.94.95.112 port 6646:11: Bye [preauth]
May  6 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: Disconnected from 80.94.95.112 port 6646 [preauth]
May  6 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4937]: pam_unix(cron:session): session closed for user root
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4930]: pam_unix(cron:session): session closed for user p13x
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: Successful su for rubyman by root
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: + ??? root:rubyman
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339560 of user rubyman.
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5183]: pam_unix(su:session): session closed for user rubyman
May  6 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339560.
May  6 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4932]: pam_unix(cron:session): session closed for user root
May  6 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session closed for user root
May  6 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4931]: pam_unix(cron:session): session closed for user samftp
May  6 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: Invalid user jito from 196.251.84.225
May  6 09:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: input_userauth_request: invalid user jito [preauth]
May  6 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: Failed password for invalid user jito from 196.251.84.225 port 55656 ssh2
May  6 09:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5386]: Connection closed by 196.251.84.225 port 55656 [preauth]
May  6 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session closed for user root
May  6 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Invalid user deploy from 196.251.84.225
May  6 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: input_userauth_request: invalid user deploy [preauth]
May  6 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Failed password for invalid user deploy from 196.251.84.225 port 56494 ssh2
May  6 09:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5514]: Connection closed by 196.251.84.225 port 56494 [preauth]
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session closed for user p13x
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: Successful su for rubyman by root
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: + ??? root:rubyman
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339563 of user rubyman.
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5690]: pam_unix(su:session): session closed for user rubyman
May  6 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339563.
May  6 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session closed for user root
May  6 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5617]: pam_unix(cron:session): session closed for user samftp
May  6 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Invalid user terraria from 196.251.84.225
May  6 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: input_userauth_request: invalid user terraria [preauth]
May  6 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Failed password for invalid user terraria from 196.251.84.225 port 49614 ssh2
May  6 09:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5951]: Connection closed by 196.251.84.225 port 49614 [preauth]
May  6 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4487]: pam_unix(cron:session): session closed for user root
May  6 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Invalid user steam from 196.251.84.225
May  6 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: input_userauth_request: invalid user steam [preauth]
May  6 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Failed password for invalid user steam from 196.251.84.225 port 38992 ssh2
May  6 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: Connection closed by 196.251.84.225 port 38992 [preauth]
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user p13x
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: Successful su for rubyman by root
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: + ??? root:rubyman
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339567 of user rubyman.
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6200]: pam_unix(su:session): session closed for user rubyman
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339567.
May  6 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Failed password for root from 196.251.84.225 port 58522 ssh2
May  6 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Connection closed by 196.251.84.225 port 58522 [preauth]
May  6 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3014]: pam_unix(cron:session): session closed for user root
May  6 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user samftp
May  6 09:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: Invalid user m1 from 180.253.167.74
May  6 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: input_userauth_request: invalid user m1 [preauth]
May  6 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: Failed password for invalid user m1 from 180.253.167.74 port 47067 ssh2
May  6 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: Received disconnect from 180.253.167.74 port 47067:11: Bye Bye [preauth]
May  6 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6394]: Disconnected from 180.253.167.74 port 47067 [preauth]
May  6 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Invalid user gmod from 196.251.84.225
May  6 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: input_userauth_request: invalid user gmod [preauth]
May  6 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Failed password for invalid user gmod from 196.251.84.225 port 33094 ssh2
May  6 09:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Connection closed by 196.251.84.225 port 33094 [preauth]
May  6 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4935]: pam_unix(cron:session): session closed for user root
May  6 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: Invalid user partimag from 196.92.7.249
May  6 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: input_userauth_request: invalid user partimag [preauth]
May  6 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: Failed password for invalid user partimag from 196.92.7.249 port 50038 ssh2
May  6 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: Received disconnect from 196.92.7.249 port 50038:11: Bye Bye [preauth]
May  6 09:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6492]: Disconnected from 196.92.7.249 port 50038 [preauth]
May  6 09:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Failed password for root from 196.251.84.225 port 52216 ssh2
May  6 09:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Connection closed by 196.251.84.225 port 52216 [preauth]
May  6 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6549]: pam_unix(cron:session): session closed for user p13x
May  6 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6612]: Successful su for rubyman by root
May  6 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6612]: + ??? root:rubyman
May  6 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339572 of user rubyman.
May  6 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6612]: pam_unix(su:session): session closed for user rubyman
May  6 09:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339572.
May  6 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3473]: pam_unix(cron:session): session closed for user root
May  6 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6550]: pam_unix(cron:session): session closed for user samftp
May  6 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Invalid user gerbera from 196.251.84.225
May  6 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: input_userauth_request: invalid user gerbera [preauth]
May  6 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Failed password for invalid user gerbera from 196.251.84.225 port 53524 ssh2
May  6 09:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Connection closed by 196.251.84.225 port 53524 [preauth]
May  6 09:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5619]: pam_unix(cron:session): session closed for user root
May  6 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Invalid user goga from 46.191.141.152
May  6 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: input_userauth_request: invalid user goga [preauth]
May  6 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 09:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6997]: Failed password for invalid user goga from 46.191.141.152 port 43871 ssh2
May  6 09:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for root from 196.251.84.225 port 35624 ssh2
May  6 09:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Connection closed by 196.251.84.225 port 35624 [preauth]
May  6 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7059]: pam_unix(cron:session): session closed for user p13x
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7141]: Successful su for rubyman by root
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7141]: + ??? root:rubyman
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339577 of user rubyman.
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7141]: pam_unix(su:session): session closed for user rubyman
May  6 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339577.
May  6 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user root
May  6 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session closed for user samftp
May  6 09:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Invalid user gitlab-runner from 196.251.84.225
May  6 09:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: input_userauth_request: invalid user gitlab-runner [preauth]
May  6 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Failed password for invalid user gitlab-runner from 196.251.84.225 port 58910 ssh2
May  6 09:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7354]: Connection closed by 196.251.84.225 port 58910 [preauth]
May  6 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user root
May  6 09:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Failed password for root from 196.251.84.225 port 47786 ssh2
May  6 09:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Connection closed by 196.251.84.225 port 47786 [preauth]
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user root
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7474]: pam_unix(cron:session): session closed for user p13x
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7646]: Successful su for rubyman by root
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7646]: + ??? root:rubyman
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339580 of user rubyman.
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7646]: pam_unix(su:session): session closed for user rubyman
May  6 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339580.
May  6 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session closed for user root
May  6 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session closed for user root
May  6 09:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session closed for user samftp
May  6 09:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Invalid user pal from 196.251.84.225
May  6 09:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: input_userauth_request: invalid user pal [preauth]
May  6 09:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Failed password for invalid user pal from 196.251.84.225 port 37958 ssh2
May  6 09:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7886]: Connection closed by 196.251.84.225 port 37958 [preauth]
May  6 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: User daemon from 80.94.95.125 not allowed because not listed in AllowUsers
May  6 09:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: input_userauth_request: invalid user daemon [preauth]
May  6 09:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=daemon
May  6 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Failed password for invalid user daemon from 80.94.95.125 port 38111 ssh2
May  6 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: message repeated 4 times: [ Failed password for invalid user daemon from 80.94.95.125 port 38111 ssh2]
May  6 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Received disconnect from 80.94.95.125 port 38111:11: Bye [preauth]
May  6 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: Disconnected from 80.94.95.125 port 38111 [preauth]
May  6 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=daemon
May  6 09:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7911]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 09:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6552]: pam_unix(cron:session): session closed for user root
May  6 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Invalid user omsagent from 196.251.84.225
May  6 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: input_userauth_request: invalid user omsagent [preauth]
May  6 09:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Failed password for invalid user omsagent from 196.251.84.225 port 58576 ssh2
May  6 09:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7986]: Connection closed by 196.251.84.225 port 58576 [preauth]
May  6 09:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: Invalid user systems from 190.173.77.226
May  6 09:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: input_userauth_request: invalid user systems [preauth]
May  6 09:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: Failed password for invalid user systems from 190.173.77.226 port 39376 ssh2
May  6 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: Received disconnect from 190.173.77.226 port 39376:11: Bye Bye [preauth]
May  6 09:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8017]: Disconnected from 190.173.77.226 port 39376 [preauth]
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user p13x
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8112]: Successful su for rubyman by root
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8112]: + ??? root:rubyman
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339585 of user rubyman.
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8112]: pam_unix(su:session): session closed for user rubyman
May  6 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339585.
May  6 09:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4933]: pam_unix(cron:session): session closed for user root
May  6 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user samftp
May  6 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Invalid user nvidia from 196.251.84.225
May  6 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: input_userauth_request: invalid user nvidia [preauth]
May  6 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for invalid user nvidia from 196.251.84.225 port 56964 ssh2
May  6 09:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Connection closed by 196.251.84.225 port 56964 [preauth]
May  6 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session closed for user root
May  6 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 09:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Failed password for root from 196.251.84.225 port 39072 ssh2
May  6 09:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8409]: Connection closed by 196.251.84.225 port 39072 [preauth]
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session closed for user p13x
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: Successful su for rubyman by root
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: + ??? root:rubyman
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339591 of user rubyman.
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8556]: pam_unix(su:session): session closed for user rubyman
May  6 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339591.
May  6 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Invalid user oracle from 196.251.84.225
May  6 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: input_userauth_request: invalid user oracle [preauth]
May  6 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5618]: pam_unix(cron:session): session closed for user root
May  6 09:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Failed password for invalid user oracle from 196.251.84.225 port 51080 ssh2
May  6 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8554]: Connection closed by 196.251.84.225 port 51080 [preauth]
May  6 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8484]: pam_unix(cron:session): session closed for user samftp
May  6 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Did not receive identification string from 80.94.95.117
May  6 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Invalid user solana from 196.251.84.225
May  6 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: input_userauth_request: invalid user solana [preauth]
May  6 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session closed for user root
May  6 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Failed password for invalid user solana from 196.251.84.225 port 55314 ssh2
May  6 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8818]: Connection closed by 196.251.84.225 port 55314 [preauth]
May  6 09:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Invalid user mariusz from 196.92.7.247
May  6 09:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: input_userauth_request: invalid user mariusz [preauth]
May  6 09:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.247
May  6 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for invalid user mariusz from 196.92.7.247 port 45324 ssh2
May  6 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Received disconnect from 196.92.7.247 port 45324:11: Bye Bye [preauth]
May  6 09:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Disconnected from 196.92.7.247 port 45324 [preauth]
May  6 09:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Invalid user airflow from 61.219.17.187
May  6 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: input_userauth_request: invalid user airflow [preauth]
May  6 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.17.187
May  6 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Failed password for invalid user airflow from 61.219.17.187 port 38222 ssh2
May  6 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Received disconnect from 61.219.17.187 port 38222:11: Bye Bye [preauth]
May  6 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8904]: Disconnected from 61.219.17.187 port 38222 [preauth]
May  6 09:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Invalid user oracle from 196.251.84.225
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: input_userauth_request: invalid user oracle [preauth]
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session closed for user p13x
May  6 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8985]: Successful su for rubyman by root
May  6 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8985]: + ??? root:rubyman
May  6 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339594 of user rubyman.
May  6 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8985]: pam_unix(su:session): session closed for user rubyman
May  6 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339594.
May  6 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Failed password for invalid user oracle from 196.251.84.225 port 51248 ssh2
May  6 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8913]: Connection closed by 196.251.84.225 port 51248 [preauth]
May  6 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
May  6 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session closed for user samftp
May  6 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Invalid user uno85 from 124.198.59.254
May  6 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: input_userauth_request: invalid user uno85 [preauth]
May  6 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  6 09:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user uno85 from 124.198.59.254 port 57852 ssh2
May  6 09:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Connection closed by 124.198.59.254 port 57852 [preauth]
May  6 09:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Invalid user geek from 180.253.167.74
May  6 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: input_userauth_request: invalid user geek [preauth]
May  6 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Failed password for invalid user geek from 180.253.167.74 port 26264 ssh2
May  6 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Received disconnect from 180.253.167.74 port 26264:11: Bye Bye [preauth]
May  6 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9282]: Disconnected from 180.253.167.74 port 26264 [preauth]
May  6 09:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Invalid user www from 196.251.84.225
May  6 09:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: input_userauth_request: invalid user www [preauth]
May  6 09:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session closed for user root
May  6 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Failed password for invalid user www from 196.251.84.225 port 34702 ssh2
May  6 09:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Connection closed by 196.251.84.225 port 34702 [preauth]
May  6 09:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session closed for user p13x
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: Successful su for rubyman by root
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: + ??? root:rubyman
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339597 of user rubyman.
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: pam_unix(su:session): session closed for user rubyman
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339597.
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Did not receive identification string from 92.118.39.65
May  6 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Invalid user app from 196.251.84.225
May  6 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: input_userauth_request: invalid user app [preauth]
May  6 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Failed password for invalid user app from 196.251.84.225 port 58706 ssh2
May  6 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Connection closed by 196.251.84.225 port 58706 [preauth]
May  6 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6551]: pam_unix(cron:session): session closed for user root
May  6 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session closed for user samftp
May  6 09:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Invalid user taibabi from 46.191.141.152
May  6 09:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: input_userauth_request: invalid user taibabi [preauth]
May  6 09:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 09:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Failed password for invalid user taibabi from 46.191.141.152 port 52996 ssh2
May  6 09:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Received disconnect from 46.191.141.152 port 52996:11: Bye Bye [preauth]
May  6 09:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Disconnected from 46.191.141.152 port 52996 [preauth]
May  6 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session closed for user root
May  6 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Invalid user virtualbox from 196.251.84.225
May  6 09:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: input_userauth_request: invalid user virtualbox [preauth]
May  6 09:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Failed password for invalid user virtualbox from 196.251.84.225 port 40114 ssh2
May  6 09:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Connection closed by 196.251.84.225 port 40114 [preauth]
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session closed for user root
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9858]: pam_unix(cron:session): session closed for user p13x
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: Successful su for rubyman by root
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: + ??? root:rubyman
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339605 of user rubyman.
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: pam_unix(su:session): session closed for user rubyman
May  6 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339605.
May  6 09:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user root
May  6 09:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9860]: pam_unix(cron:session): session closed for user root
May  6 09:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9859]: pam_unix(cron:session): session closed for user samftp
May  6 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Invalid user steam from 196.251.84.225
May  6 09:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: input_userauth_request: invalid user steam [preauth]
May  6 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Failed password for invalid user steam from 196.251.84.225 port 48934 ssh2
May  6 09:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Connection closed by 196.251.84.225 port 48934 [preauth]
May  6 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8923]: pam_unix(cron:session): session closed for user root
May  6 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: Invalid user redis from 196.251.84.225
May  6 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: input_userauth_request: invalid user redis [preauth]
May  6 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: Failed password for invalid user redis from 196.251.84.225 port 38858 ssh2
May  6 09:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10298]: Connection closed by 196.251.84.225 port 38858 [preauth]
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10375]: pam_unix(cron:session): session closed for user p13x
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: Successful su for rubyman by root
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: + ??? root:rubyman
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339608 of user rubyman.
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: pam_unix(su:session): session closed for user rubyman
May  6 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339608.
May  6 09:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session closed for user root
May  6 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10376]: pam_unix(cron:session): session closed for user samftp
May  6 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Invalid user ubuntu from 196.251.84.225
May  6 09:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Failed password for invalid user ubuntu from 196.251.84.225 port 58254 ssh2
May  6 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Connection closed by 196.251.84.225 port 58254 [preauth]
May  6 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9451]: pam_unix(cron:session): session closed for user root
May  6 09:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: Invalid user www from 196.251.84.225
May  6 09:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: input_userauth_request: invalid user www [preauth]
May  6 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: Failed password for invalid user www from 196.251.84.225 port 56862 ssh2
May  6 09:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10815]: Connection closed by 196.251.84.225 port 56862 [preauth]
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user p13x
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10924]: Successful su for rubyman by root
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10924]: + ??? root:rubyman
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339612 of user rubyman.
May  6 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10924]: pam_unix(su:session): session closed for user rubyman
May  6 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339612.
May  6 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session closed for user root
May  6 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10866]: pam_unix(cron:session): session closed for user samftp
May  6 09:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Invalid user ubuntu from 196.251.84.225
May  6 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: input_userauth_request: invalid user ubuntu [preauth]
May  6 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user ubuntu from 196.251.84.225 port 35870 ssh2
May  6 09:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Connection closed by 196.251.84.225 port 35870 [preauth]
May  6 09:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Invalid user atul from 190.173.77.226
May  6 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: input_userauth_request: invalid user atul [preauth]
May  6 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 09:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Failed password for invalid user atul from 190.173.77.226 port 49548 ssh2
May  6 09:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Received disconnect from 190.173.77.226 port 49548:11: Bye Bye [preauth]
May  6 09:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11172]: Disconnected from 190.173.77.226 port 49548 [preauth]
May  6 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user root
May  6 09:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Invalid user demo from 196.251.84.225
May  6 09:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: input_userauth_request: invalid user demo [preauth]
May  6 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Failed password for invalid user demo from 196.251.84.225 port 55776 ssh2
May  6 09:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11210]: Connection closed by 196.251.84.225 port 55776 [preauth]
May  6 09:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Invalid user uat from 196.92.7.249
May  6 09:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: input_userauth_request: invalid user uat [preauth]
May  6 09:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 09:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for invalid user uat from 196.92.7.249 port 53940 ssh2
May  6 09:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Received disconnect from 196.92.7.249 port 53940:11: Bye Bye [preauth]
May  6 09:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Disconnected from 196.92.7.249 port 53940 [preauth]
May  6 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session closed for user p13x
May  6 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: Successful su for rubyman by root
May  6 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: + ??? root:rubyman
May  6 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339615 of user rubyman.
May  6 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11326]: pam_unix(su:session): session closed for user rubyman
May  6 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339615.
May  6 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8485]: pam_unix(cron:session): session closed for user root
May  6 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11263]: pam_unix(cron:session): session closed for user samftp
May  6 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Invalid user wordpress from 196.251.84.225
May  6 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: input_userauth_request: invalid user wordpress [preauth]
May  6 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Failed password for invalid user wordpress from 196.251.84.225 port 47906 ssh2
May  6 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11507]: Connection closed by 196.251.84.225 port 47906 [preauth]
May  6 09:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: Failed password for root from 218.92.0.210 port 63930 ssh2
May  6 09:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11540]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 63930 ssh2]
May  6 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10379]: pam_unix(cron:session): session closed for user root
May  6 09:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: Invalid user gbase from 196.251.84.225
May  6 09:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: input_userauth_request: invalid user gbase [preauth]
May  6 09:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: Failed password for invalid user gbase from 196.251.84.225 port 50438 ssh2
May  6 09:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11613]: Connection closed by 196.251.84.225 port 50438 [preauth]
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11670]: pam_unix(cron:session): session closed for user p13x
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11732]: Successful su for rubyman by root
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11732]: + ??? root:rubyman
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339621 of user rubyman.
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11732]: pam_unix(su:session): session closed for user rubyman
May  6 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339621.
May  6 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session closed for user root
May  6 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11671]: pam_unix(cron:session): session closed for user samftp
May  6 09:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Invalid user grafana from 196.251.84.225
May  6 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: input_userauth_request: invalid user grafana [preauth]
May  6 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Failed password for invalid user grafana from 196.251.84.225 port 39884 ssh2
May  6 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11905]: Connection closed by 196.251.84.225 port 39884 [preauth]
May  6 09:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Invalid user aidan from 180.253.167.74
May  6 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: input_userauth_request: invalid user aidan [preauth]
May  6 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 09:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Failed password for invalid user aidan from 180.253.167.74 port 19554 ssh2
May  6 09:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Received disconnect from 180.253.167.74 port 19554:11: Bye Bye [preauth]
May  6 09:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11946]: Disconnected from 180.253.167.74 port 19554 [preauth]
May  6 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10868]: pam_unix(cron:session): session closed for user root
May  6 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Invalid user bigdata from 196.251.84.225
May  6 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: input_userauth_request: invalid user bigdata [preauth]
May  6 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
May  6 09:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user bigdata from 196.251.84.225 port 38354 ssh2
May  6 09:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Connection closed by 196.251.84.225 port 38354 [preauth]
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session closed for user root
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12062]: pam_unix(cron:session): session closed for user root
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session closed for user p13x
May  6 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12156]: Successful su for rubyman by root
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12156]: + ??? root:rubyman
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339625 of user rubyman.
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12156]: pam_unix(su:session): session closed for user rubyman
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339625.
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Invalid user fil from 196.251.84.225
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: input_userauth_request: invalid user fil [preauth]
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Invalid user vhost from 164.68.105.9
May  6 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: input_userauth_request: invalid user vhost [preauth]
May  6 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for invalid user fil from 196.251.84.225 port 42030 ssh2
May  6 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session closed for user root
May  6 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Connection closed by 196.251.84.225 port 42030 [preauth]
May  6 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12063]: pam_unix(cron:session): session closed for user root
May  6 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Failed password for invalid user vhost from 164.68.105.9 port 60968 ssh2
May  6 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12168]: Connection closed by 164.68.105.9 port 60968 [preauth]
May  6 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user samftp
May  6 10:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Invalid user gpadmin from 196.251.84.225
May  6 10:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: input_userauth_request: invalid user gpadmin [preauth]
May  6 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Failed password for invalid user gpadmin from 196.251.84.225 port 41378 ssh2
May  6 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11265]: pam_unix(cron:session): session closed for user root
May  6 10:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12446]: Connection closed by 196.251.84.225 port 41378 [preauth]
May  6 10:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: Invalid user hive from 196.251.84.225
May  6 10:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: input_userauth_request: invalid user hive [preauth]
May  6 10:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12565]: pam_unix(cron:session): session closed for user p13x
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: Successful su for rubyman by root
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: + ??? root:rubyman
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339631 of user rubyman.
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12630]: pam_unix(su:session): session closed for user rubyman
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339631.
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: Failed password for invalid user hive from 196.251.84.225 port 48262 ssh2
May  6 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12561]: Connection closed by 196.251.84.225 port 48262 [preauth]
May  6 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9861]: pam_unix(cron:session): session closed for user root
May  6 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12566]: pam_unix(cron:session): session closed for user samftp
May  6 10:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Failed password for root from 218.92.0.179 port 64892 ssh2
May  6 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Invalid user joe from 40.83.182.122
May  6 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: input_userauth_request: invalid user joe [preauth]
May  6 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Failed password for root from 218.92.0.179 port 64892 ssh2
May  6 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Failed password for invalid user joe from 40.83.182.122 port 53326 ssh2
May  6 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Received disconnect from 40.83.182.122 port 53326:11: Bye Bye [preauth]
May  6 10:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Disconnected from 40.83.182.122 port 53326 [preauth]
May  6 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Failed password for root from 218.92.0.179 port 64892 ssh2
May  6 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Received disconnect from 218.92.0.179 port 64892:11:  [preauth]
May  6 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: Disconnected from 218.92.0.179 port 64892 [preauth]
May  6 10:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12848]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: Invalid user odoo from 196.251.84.225
May  6 10:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: input_userauth_request: invalid user odoo [preauth]
May  6 10:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 10:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11673]: pam_unix(cron:session): session closed for user root
May  6 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: Failed password for invalid user odoo from 196.251.84.225 port 46900 ssh2
May  6 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: Connection closed by 196.251.84.225 port 46900 [preauth]
May  6 10:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Invalid user elasticsearch from 196.251.84.225
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session closed for user p13x
May  6 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: Successful su for rubyman by root
May  6 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: + ??? root:rubyman
May  6 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339635 of user rubyman.
May  6 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13030]: pam_unix(su:session): session closed for user rubyman
May  6 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339635.
May  6 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Failed password for invalid user elasticsearch from 196.251.84.225 port 47422 ssh2
May  6 10:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12956]: Connection closed by 196.251.84.225 port 47422 [preauth]
May  6 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10377]: pam_unix(cron:session): session closed for user root
May  6 10:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session closed for user samftp
May  6 10:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  6 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Failed password for root from 196.251.84.225 port 42866 ssh2
May  6 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session closed for user root
May  6 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13278]: Connection closed by 196.251.84.225 port 42866 [preauth]
May  6 10:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Invalid user ftpuser1 from 196.92.7.249
May  6 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: input_userauth_request: invalid user ftpuser1 [preauth]
May  6 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 10:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Failed password for invalid user ftpuser1 from 196.92.7.249 port 48850 ssh2
May  6 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Received disconnect from 196.92.7.249 port 48850:11: Bye Bye [preauth]
May  6 10:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13335]: Disconnected from 196.92.7.249 port 48850 [preauth]
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13371]: pam_unix(cron:session): session closed for user p13x
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: Successful su for rubyman by root
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: + ??? root:rubyman
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339638 of user rubyman.
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13434]: pam_unix(su:session): session closed for user rubyman
May  6 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339638.
May  6 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.17.187  user=root
May  6 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Invalid user guest from 196.251.84.225
May  6 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: input_userauth_request: invalid user guest [preauth]
May  6 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10867]: pam_unix(cron:session): session closed for user root
May  6 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  6 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session closed for user samftp
May  6 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for root from 61.219.17.187 port 33320 ssh2
May  6 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Received disconnect from 61.219.17.187 port 33320:11: Bye Bye [preauth]
May  6 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Disconnected from 61.219.17.187 port 33320 [preauth]
May  6 10:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for invalid user guest from 196.251.84.225 port 33134 ssh2
May  6 10:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 196.251.84.225 port 33134 [preauth]
May  6 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13730]: Did not receive identification string from 168.167.72.228
May  6 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Invalid user apagar from 36.255.8.54
May  6 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: input_userauth_request: invalid user apagar [preauth]
May  6 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 10:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user apagar from 36.255.8.54 port 50496 ssh2
May  6 10:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Received disconnect from 36.255.8.54 port 50496:11: Bye Bye [preauth]
May  6 10:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Disconnected from 36.255.8.54 port 50496 [preauth]
May  6 10:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Invalid user tomcat from 168.167.72.228
May  6 10:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: input_userauth_request: invalid user tomcat [preauth]
May  6 10:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Failed password for invalid user tomcat from 168.167.72.228 port 33344 ssh2
May  6 10:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13740]: Connection closed by 168.167.72.228 port 33344 [preauth]
May  6 10:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Invalid user db from 168.167.72.228
May  6 10:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: input_userauth_request: invalid user db [preauth]
May  6 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Failed password for invalid user db from 168.167.72.228 port 33345 ssh2
May  6 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13768]: Connection closed by 168.167.72.228 port 33345 [preauth]
May  6 10:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Invalid user es from 168.167.72.228
May  6 10:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: input_userauth_request: invalid user es [preauth]
May  6 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Connection closed by 168.167.72.228 port 33346 [preauth]
May  6 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12568]: pam_unix(cron:session): session closed for user root
May  6 10:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Invalid user git from 168.167.72.228
May  6 10:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: input_userauth_request: invalid user git [preauth]
May  6 10:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Failed password for invalid user git from 168.167.72.228 port 33347 ssh2
May  6 10:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13817]: Connection closed by 168.167.72.228 port 33347 [preauth]
May  6 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: Invalid user steam from 168.167.72.228
May  6 10:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: input_userauth_request: invalid user steam [preauth]
May  6 10:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: Failed password for invalid user steam from 168.167.72.228 port 33348 ssh2
May  6 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13840]: Connection closed by 168.167.72.228 port 33348 [preauth]
May  6 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: Invalid user admin from 168.167.72.228
May  6 10:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: input_userauth_request: invalid user admin [preauth]
May  6 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: Failed password for invalid user admin from 168.167.72.228 port 33349 ssh2
May  6 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13874]: Connection closed by 168.167.72.228 port 33349 [preauth]
May  6 10:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Invalid user vinod from 190.173.77.226
May  6 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: input_userauth_request: invalid user vinod [preauth]
May  6 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user vinod from 190.173.77.226 port 50050 ssh2
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Received disconnect from 190.173.77.226 port 50050:11: Bye Bye [preauth]
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Disconnected from 190.173.77.226 port 50050 [preauth]
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session closed for user p13x
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13959]: Successful su for rubyman by root
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13959]: + ??? root:rubyman
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339643 of user rubyman.
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13959]: pam_unix(su:session): session closed for user rubyman
May  6 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339643.
May  6 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11264]: pam_unix(cron:session): session closed for user root
May  6 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Failed password for root from 168.167.72.228 port 33350 ssh2
May  6 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13884]: Connection closed by 168.167.72.228 port 33350 [preauth]
May  6 10:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13899]: pam_unix(cron:session): session closed for user samftp
May  6 10:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: Invalid user oracle from 168.167.72.228
May  6 10:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: input_userauth_request: invalid user oracle [preauth]
May  6 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: Failed password for invalid user oracle from 168.167.72.228 port 33351 ssh2
May  6 10:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: Connection closed by 168.167.72.228 port 33351 [preauth]
May  6 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: Invalid user oracle from 168.167.72.228
May  6 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: input_userauth_request: invalid user oracle [preauth]
May  6 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: Failed password for invalid user oracle from 168.167.72.228 port 33352 ssh2
May  6 10:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14154]: Connection closed by 168.167.72.228 port 33352 [preauth]
May  6 10:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Invalid user test from 168.167.72.228
May  6 10:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: input_userauth_request: invalid user test [preauth]
May  6 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Failed password for invalid user test from 168.167.72.228 port 33353 ssh2
May  6 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Connection closed by 168.167.72.228 port 33353 [preauth]
May  6 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Invalid user csgo from 168.167.72.228
May  6 10:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: input_userauth_request: invalid user csgo [preauth]
May  6 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12963]: pam_unix(cron:session): session closed for user root
May  6 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for invalid user csgo from 168.167.72.228 port 33354 ssh2
May  6 10:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Connection closed by 168.167.72.228 port 33354 [preauth]
May  6 10:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Invalid user mc from 168.167.72.228
May  6 10:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: input_userauth_request: invalid user mc [preauth]
May  6 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Failed password for invalid user mc from 168.167.72.228 port 33355 ssh2
May  6 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14241]: Connection closed by 168.167.72.228 port 33355 [preauth]
May  6 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Invalid user apollo from 46.244.96.25
May  6 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: input_userauth_request: invalid user apollo [preauth]
May  6 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Invalid user postgres from 168.167.72.228
May  6 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: input_userauth_request: invalid user postgres [preauth]
May  6 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Failed password for invalid user apollo from 46.244.96.25 port 34594 ssh2
May  6 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14277]: Connection closed by 46.244.96.25 port 34594 [preauth]
May  6 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Failed password for invalid user postgres from 168.167.72.228 port 33356 ssh2
May  6 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Connection closed by 168.167.72.228 port 33356 [preauth]
May  6 10:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Invalid user admin from 168.167.72.228
May  6 10:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: input_userauth_request: invalid user admin [preauth]
May  6 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Failed password for invalid user admin from 168.167.72.228 port 33357 ssh2
May  6 10:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14289]: Connection closed by 168.167.72.228 port 33357 [preauth]
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user root
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14310]: pam_unix(cron:session): session closed for user p13x
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14382]: Successful su for rubyman by root
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14382]: + ??? root:rubyman
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339648 of user rubyman.
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14382]: pam_unix(su:session): session closed for user rubyman
May  6 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339648.
May  6 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Invalid user dspace from 168.167.72.228
May  6 10:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: input_userauth_request: invalid user dspace [preauth]
May  6 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11672]: pam_unix(cron:session): session closed for user root
May  6 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14312]: pam_unix(cron:session): session closed for user root
May  6 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14311]: pam_unix(cron:session): session closed for user samftp
May  6 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Failed password for invalid user dspace from 168.167.72.228 port 33420 ssh2
May  6 10:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Connection closed by 168.167.72.228 port 33420 [preauth]
May  6 10:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Failed password for root from 168.167.72.228 port 33421 ssh2
May  6 10:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14578]: Connection closed by 168.167.72.228 port 33421 [preauth]
May  6 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Invalid user test from 168.167.72.228
May  6 10:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: input_userauth_request: invalid user test [preauth]
May  6 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Failed password for invalid user test from 168.167.72.228 port 33422 ssh2
May  6 10:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14605]: Connection closed by 168.167.72.228 port 33422 [preauth]
May  6 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: Failed password for root from 168.167.72.228 port 33423 ssh2
May  6 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14644]: Connection closed by 168.167.72.228 port 33423 [preauth]
May  6 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Invalid user dorian from 180.253.167.74
May  6 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: input_userauth_request: invalid user dorian [preauth]
May  6 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Failed password for invalid user dorian from 180.253.167.74 port 35421 ssh2
May  6 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Received disconnect from 180.253.167.74 port 35421:11: Bye Bye [preauth]
May  6 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14670]: Disconnected from 180.253.167.74 port 35421 [preauth]
May  6 10:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session closed for user root
May  6 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: Invalid user zjw from 168.167.72.228
May  6 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: input_userauth_request: invalid user zjw [preauth]
May  6 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: Failed password for invalid user zjw from 168.167.72.228 port 33424 ssh2
May  6 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14669]: Connection closed by 168.167.72.228 port 33424 [preauth]
May  6 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: Failed password for root from 168.167.72.228 port 33425 ssh2
May  6 10:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14709]: Connection closed by 168.167.72.228 port 33425 [preauth]
May  6 10:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Invalid user zjw from 168.167.72.228
May  6 10:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: input_userauth_request: invalid user zjw [preauth]
May  6 10:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Failed password for invalid user zjw from 168.167.72.228 port 33426 ssh2
May  6 10:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14734]: Connection closed by 168.167.72.228 port 33426 [preauth]
May  6 10:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: Invalid user test from 168.167.72.228
May  6 10:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: input_userauth_request: invalid user test [preauth]
May  6 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: Failed password for invalid user test from 168.167.72.228 port 33427 ssh2
May  6 10:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14752]: Connection closed by 168.167.72.228 port 33427 [preauth]
May  6 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session closed for user p13x
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14840]: Successful su for rubyman by root
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14840]: + ??? root:rubyman
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339653 of user rubyman.
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14840]: pam_unix(su:session): session closed for user rubyman
May  6 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339653.
May  6 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12064]: pam_unix(cron:session): session closed for user root
May  6 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session closed for user samftp
May  6 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: Failed password for root from 168.167.72.228 port 33428 ssh2
May  6 10:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14764]: Connection closed by 168.167.72.228 port 33428 [preauth]
May  6 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Invalid user minecraft from 168.167.72.228
May  6 10:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: input_userauth_request: invalid user minecraft [preauth]
May  6 10:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Failed password for invalid user minecraft from 168.167.72.228 port 33429 ssh2
May  6 10:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15028]: Connection closed by 168.167.72.228 port 33429 [preauth]
May  6 10:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Invalid user hduser from 168.167.72.228
May  6 10:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: input_userauth_request: invalid user hduser [preauth]
May  6 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Failed password for invalid user hduser from 168.167.72.228 port 33430 ssh2
May  6 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Connection closed by 168.167.72.228 port 33430 [preauth]
May  6 10:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: Invalid user frappe from 186.96.145.241
May  6 10:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: input_userauth_request: invalid user frappe [preauth]
May  6 10:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: Failed password for invalid user frappe from 186.96.145.241 port 53460 ssh2
May  6 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15069]: Connection closed by 186.96.145.241 port 53460 [preauth]
May  6 10:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Invalid user user from 168.167.72.228
May  6 10:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: input_userauth_request: invalid user user [preauth]
May  6 10:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Failed password for invalid user user from 168.167.72.228 port 33431 ssh2
May  6 10:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15068]: Connection closed by 168.167.72.228 port 33431 [preauth]
May  6 10:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13901]: pam_unix(cron:session): session closed for user root
May  6 10:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: Failed password for root from 168.167.72.228 port 33432 ssh2
May  6 10:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: Connection closed by 168.167.72.228 port 33432 [preauth]
May  6 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15132]: Failed password for root from 168.167.72.228 port 33433 ssh2
May  6 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15132]: Connection closed by 168.167.72.228 port 33433 [preauth]
May  6 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: User mysql from 168.167.72.228 not allowed because not listed in AllowUsers
May  6 10:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: input_userauth_request: invalid user mysql [preauth]
May  6 10:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=mysql
May  6 10:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Failed password for invalid user mysql from 168.167.72.228 port 33434 ssh2
May  6 10:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15162]: Connection closed by 168.167.72.228 port 33434 [preauth]
May  6 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Invalid user steam from 168.167.72.228
May  6 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: input_userauth_request: invalid user steam [preauth]
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user p13x
May  6 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: Successful su for rubyman by root
May  6 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: + ??? root:rubyman
May  6 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339657 of user rubyman.
May  6 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session closed for user rubyman
May  6 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339657.
May  6 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Failed password for invalid user steam from 168.167.72.228 port 33435 ssh2
May  6 10:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15172]: Connection closed by 168.167.72.228 port 33435 [preauth]
May  6 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12567]: pam_unix(cron:session): session closed for user root
May  6 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user samftp
May  6 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Invalid user steam from 168.167.72.228
May  6 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: input_userauth_request: invalid user steam [preauth]
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Invalid user henry from 40.83.182.122
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: input_userauth_request: invalid user henry [preauth]
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Failed password for invalid user steam from 168.167.72.228 port 33436 ssh2
May  6 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15191]: Connection closed by 168.167.72.228 port 33436 [preauth]
May  6 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for invalid user henry from 40.83.182.122 port 49594 ssh2
May  6 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Received disconnect from 40.83.182.122 port 49594:11: Bye Bye [preauth]
May  6 10:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Disconnected from 40.83.182.122 port 49594 [preauth]
May  6 10:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Failed password for root from 168.167.72.228 port 33437 ssh2
May  6 10:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15440]: Connection closed by 168.167.72.228 port 33437 [preauth]
May  6 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Invalid user guest from 168.167.72.228
May  6 10:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: input_userauth_request: invalid user guest [preauth]
May  6 10:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Failed password for invalid user guest from 168.167.72.228 port 33438 ssh2
May  6 10:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Connection closed by 168.167.72.228 port 33438 [preauth]
May  6 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Invalid user test from 168.167.72.228
May  6 10:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: input_userauth_request: invalid user test [preauth]
May  6 10:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14314]: pam_unix(cron:session): session closed for user root
May  6 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Failed password for invalid user test from 168.167.72.228 port 33439 ssh2
May  6 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15497]: Connection closed by 168.167.72.228 port 33439 [preauth]
May  6 10:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Invalid user airflow from 196.92.7.247
May  6 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: input_userauth_request: invalid user airflow [preauth]
May  6 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.247
May  6 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Invalid user test from 168.167.72.228
May  6 10:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: input_userauth_request: invalid user test [preauth]
May  6 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Failed password for invalid user airflow from 196.92.7.247 port 47218 ssh2
May  6 10:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Received disconnect from 196.92.7.247 port 47218:11: Bye Bye [preauth]
May  6 10:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15545]: Disconnected from 196.92.7.247 port 47218 [preauth]
May  6 10:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Failed password for invalid user test from 168.167.72.228 port 33440 ssh2
May  6 10:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Connection closed by 168.167.72.228 port 33440 [preauth]
May  6 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Invalid user odoo from 168.167.72.228
May  6 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: input_userauth_request: invalid user odoo [preauth]
May  6 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Failed password for invalid user odoo from 168.167.72.228 port 33441 ssh2
May  6 10:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15548]: Connection closed by 168.167.72.228 port 33441 [preauth]
May  6 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Invalid user oracle from 168.167.72.228
May  6 10:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: input_userauth_request: invalid user oracle [preauth]
May  6 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Failed password for invalid user oracle from 168.167.72.228 port 33442 ssh2
May  6 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15581]: Connection closed by 168.167.72.228 port 33442 [preauth]
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session closed for user p13x
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: Successful su for rubyman by root
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: + ??? root:rubyman
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339662 of user rubyman.
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: pam_unix(su:session): session closed for user rubyman
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339662.
May  6 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Invalid user db from 168.167.72.228
May  6 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: input_userauth_request: invalid user db [preauth]
May  6 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Failed password for root from 218.92.0.179 port 40844 ssh2
May  6 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session closed for user root
May  6 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Failed password for invalid user db from 168.167.72.228 port 33443 ssh2
May  6 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Connection closed by 168.167.72.228 port 33443 [preauth]
May  6 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15604]: pam_unix(cron:session): session closed for user samftp
May  6 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Failed password for root from 218.92.0.179 port 40844 ssh2
May  6 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Failed password for root from 218.92.0.179 port 40844 ssh2
May  6 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Received disconnect from 218.92.0.179 port 40844:11:  [preauth]
May  6 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Disconnected from 218.92.0.179 port 40844 [preauth]
May  6 10:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: Invalid user debian from 168.167.72.228
May  6 10:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: input_userauth_request: invalid user debian [preauth]
May  6 10:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228
May  6 10:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: Failed password for invalid user debian from 168.167.72.228 port 33444 ssh2
May  6 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15822]: Connection closed by 168.167.72.228 port 33444 [preauth]
May  6 10:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.167.72.228  user=root
May  6 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: Failed password for root from 168.167.72.228 port 33445 ssh2
May  6 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15863]: Connection closed by 168.167.72.228 port 33445 [preauth]
May  6 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14773]: pam_unix(cron:session): session closed for user root
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session closed for user p13x
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: Successful su for rubyman by root
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: + ??? root:rubyman
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339666 of user rubyman.
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16118]: pam_unix(su:session): session closed for user rubyman
May  6 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339666.
May  6 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session closed for user root
May  6 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session closed for user root
May  6 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session closed for user samftp
May  6 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Invalid user tidb from 36.255.8.54
May  6 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: input_userauth_request: invalid user tidb [preauth]
May  6 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 10:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Failed password for invalid user tidb from 36.255.8.54 port 43702 ssh2
May  6 10:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Received disconnect from 36.255.8.54 port 43702:11: Bye Bye [preauth]
May  6 10:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Disconnected from 36.255.8.54 port 43702 [preauth]
May  6 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user root
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session closed for user root
May  6 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16490]: pam_unix(cron:session): session closed for user p13x
May  6 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: Successful su for rubyman by root
May  6 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: + ??? root:rubyman
May  6 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339669 of user rubyman.
May  6 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: pam_unix(su:session): session closed for user rubyman
May  6 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339669.
May  6 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13900]: pam_unix(cron:session): session closed for user root
May  6 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16499]: pam_unix(cron:session): session closed for user root
May  6 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16498]: pam_unix(cron:session): session closed for user samftp
May  6 10:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Connection closed by 46.191.141.152 port 43139 [preauth]
May  6 10:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Invalid user shiv from 61.219.17.187
May  6 10:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: input_userauth_request: invalid user shiv [preauth]
May  6 10:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.17.187
May  6 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Failed password for invalid user shiv from 61.219.17.187 port 34204 ssh2
May  6 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Received disconnect from 61.219.17.187 port 34204:11: Bye Bye [preauth]
May  6 10:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Disconnected from 61.219.17.187 port 34204 [preauth]
May  6 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Invalid user acs from 190.173.77.226
May  6 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: input_userauth_request: invalid user acs [preauth]
May  6 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for invalid user acs from 190.173.77.226 port 44016 ssh2
May  6 10:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Received disconnect from 190.173.77.226 port 44016:11: Bye Bye [preauth]
May  6 10:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Disconnected from 190.173.77.226 port 44016 [preauth]
May  6 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15606]: pam_unix(cron:session): session closed for user root
May  6 10:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: Failed password for root from 218.92.0.179 port 31995 ssh2
May  6 10:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31995 ssh2]
May  6 10:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: Received disconnect from 218.92.0.179 port 31995:11:  [preauth]
May  6 10:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: Disconnected from 218.92.0.179 port 31995 [preauth]
May  6 10:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16963]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session closed for user p13x
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17068]: Successful su for rubyman by root
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17068]: + ??? root:rubyman
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339676 of user rubyman.
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17068]: pam_unix(su:session): session closed for user rubyman
May  6 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339676.
May  6 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14313]: pam_unix(cron:session): session closed for user root
May  6 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user samftp
May  6 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user root
May  6 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: Invalid user mahendra from 180.253.167.74
May  6 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: input_userauth_request: invalid user mahendra [preauth]
May  6 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: Failed password for invalid user mahendra from 180.253.167.74 port 12494 ssh2
May  6 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: Received disconnect from 180.253.167.74 port 12494:11: Bye Bye [preauth]
May  6 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17346]: Disconnected from 180.253.167.74 port 12494 [preauth]
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session closed for user p13x
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17469]: Successful su for rubyman by root
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17469]: + ??? root:rubyman
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339680 of user rubyman.
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17469]: pam_unix(su:session): session closed for user rubyman
May  6 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339680.
May  6 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session closed for user root
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17406]: pam_unix(cron:session): session closed for user samftp
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: Invalid user tomcat from 40.83.182.122
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: input_userauth_request: invalid user tomcat [preauth]
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Failed password for root from 218.92.0.179 port 21046 ssh2
May  6 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: Failed password for invalid user tomcat from 40.83.182.122 port 36248 ssh2
May  6 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: Received disconnect from 40.83.182.122 port 36248:11: Bye Bye [preauth]
May  6 10:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17669]: Disconnected from 40.83.182.122 port 36248 [preauth]
May  6 10:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Failed password for root from 218.92.0.179 port 21046 ssh2
May  6 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Failed password for root from 218.92.0.179 port 21046 ssh2
May  6 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Received disconnect from 218.92.0.179 port 21046:11:  [preauth]
May  6 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: Disconnected from 218.92.0.179 port 21046 [preauth]
May  6 10:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17667]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session closed for user root
May  6 10:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Invalid user librenms from 196.92.7.249
May  6 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: input_userauth_request: invalid user librenms [preauth]
May  6 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Failed password for invalid user librenms from 196.92.7.249 port 34494 ssh2
May  6 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Received disconnect from 196.92.7.249 port 34494:11: Bye Bye [preauth]
May  6 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17792]: Disconnected from 196.92.7.249 port 34494 [preauth]
May  6 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17935]: pam_unix(cron:session): session closed for user p13x
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18001]: Successful su for rubyman by root
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18001]: + ??? root:rubyman
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339686 of user rubyman.
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18001]: pam_unix(su:session): session closed for user rubyman
May  6 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339686.
May  6 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session closed for user root
May  6 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17936]: pam_unix(cron:session): session closed for user samftp
May  6 10:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 10:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: Failed password for root from 218.92.0.204 port 41952 ssh2
May  6 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session closed for user root
May  6 10:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: Failed password for root from 218.92.0.204 port 41952 ssh2
May  6 10:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: message repeated 3 times: [ Failed password for root from 218.92.0.204 port 41952 ssh2]
May  6 10:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 41952 ssh2 [preauth]
May  6 10:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: Disconnecting: Too many authentication failures [preauth]
May  6 10:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 10:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18256]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 10:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user p13x
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: Successful su for rubyman by root
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: + ??? root:rubyman
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339688 of user rubyman.
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: pam_unix(su:session): session closed for user rubyman
May  6 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339688.
May  6 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15605]: pam_unix(cron:session): session closed for user root
May  6 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session closed for user samftp
May  6 10:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Invalid user uap from 36.255.8.54
May  6 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: input_userauth_request: invalid user uap [preauth]
May  6 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 10:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Failed password for invalid user uap from 36.255.8.54 port 40554 ssh2
May  6 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Received disconnect from 36.255.8.54 port 40554:11: Bye Bye [preauth]
May  6 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18674]: Disconnected from 36.255.8.54 port 40554 [preauth]
May  6 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17408]: pam_unix(cron:session): session closed for user root
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18777]: pam_unix(cron:session): session closed for user root
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18772]: pam_unix(cron:session): session closed for user p13x
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: Successful su for rubyman by root
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: + ??? root:rubyman
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339693 of user rubyman.
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18844]: pam_unix(su:session): session closed for user rubyman
May  6 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339693.
May  6 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session closed for user root
May  6 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session closed for user root
May  6 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session closed for user samftp
May  6 10:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17938]: pam_unix(cron:session): session closed for user root
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user p13x
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: Successful su for rubyman by root
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: + ??? root:rubyman
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339697 of user rubyman.
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session closed for user rubyman
May  6 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339697.
May  6 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session closed for user root
May  6 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user samftp
May  6 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: Invalid user gbasedbt from 46.191.141.152
May  6 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: input_userauth_request: invalid user gbasedbt [preauth]
May  6 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Failed password for root from 218.92.0.179 port 40629 ssh2
May  6 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: Failed password for invalid user gbasedbt from 46.191.141.152 port 54429 ssh2
May  6 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: Received disconnect from 46.191.141.152 port 54429:11: Bye Bye [preauth]
May  6 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19435]: Disconnected from 46.191.141.152 port 54429 [preauth]
May  6 10:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Failed password for root from 218.92.0.179 port 40629 ssh2
May  6 10:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Failed password for root from 218.92.0.179 port 40629 ssh2
May  6 10:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Received disconnect from 218.92.0.179 port 40629:11:  [preauth]
May  6 10:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: Disconnected from 218.92.0.179 port 40629 [preauth]
May  6 10:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19474]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session closed for user root
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19627]: pam_unix(cron:session): session closed for user root
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session closed for user p13x
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: Successful su for rubyman by root
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: + ??? root:rubyman
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339705 of user rubyman.
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19704]: pam_unix(su:session): session closed for user rubyman
May  6 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339705.
May  6 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Invalid user vr from 190.173.77.226
May  6 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: input_userauth_request: invalid user vr [preauth]
May  6 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session closed for user root
May  6 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Failed password for invalid user vr from 190.173.77.226 port 52200 ssh2
May  6 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Received disconnect from 190.173.77.226 port 52200:11: Bye Bye [preauth]
May  6 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Disconnected from 190.173.77.226 port 52200 [preauth]
May  6 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user samftp
May  6 10:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Invalid user adminadmin from 40.83.182.122
May  6 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: input_userauth_request: invalid user adminadmin [preauth]
May  6 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Failed password for invalid user adminadmin from 40.83.182.122 port 51312 ssh2
May  6 10:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Received disconnect from 40.83.182.122 port 51312:11: Bye Bye [preauth]
May  6 10:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19893]: Disconnected from 40.83.182.122 port 51312 [preauth]
May  6 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session closed for user root
May  6 10:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Invalid user paul from 180.253.167.74
May  6 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: input_userauth_request: invalid user paul [preauth]
May  6 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Failed password for invalid user paul from 180.253.167.74 port 51762 ssh2
May  6 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Received disconnect from 180.253.167.74 port 51762:11: Bye Bye [preauth]
May  6 10:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Disconnected from 180.253.167.74 port 51762 [preauth]
May  6 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: Invalid user user04 from 196.92.7.249
May  6 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: input_userauth_request: invalid user user04 [preauth]
May  6 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 10:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: Failed password for invalid user user04 from 196.92.7.249 port 51266 ssh2
May  6 10:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: Received disconnect from 196.92.7.249 port 51266:11: Bye Bye [preauth]
May  6 10:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19993]: Disconnected from 196.92.7.249 port 51266 [preauth]
May  6 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user p13x
May  6 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20122]: Successful su for rubyman by root
May  6 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20122]: + ??? root:rubyman
May  6 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339706 of user rubyman.
May  6 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20122]: pam_unix(su:session): session closed for user rubyman
May  6 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339706.
May  6 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17407]: pam_unix(cron:session): session closed for user root
May  6 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session closed for user samftp
May  6 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session closed for user root
May  6 10:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session closed for user p13x
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20517]: Successful su for rubyman by root
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20517]: + ??? root:rubyman
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339712 of user rubyman.
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20517]: pam_unix(su:session): session closed for user rubyman
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339712.
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Invalid user kocom from 188.138.28.121
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: input_userauth_request: invalid user kocom [preauth]
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Failed password for invalid user kocom from 188.138.28.121 port 41868 ssh2
May  6 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Received disconnect from 188.138.28.121 port 41868:11: Bye Bye [preauth]
May  6 10:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20446]: Disconnected from 188.138.28.121 port 41868 [preauth]
May  6 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17937]: pam_unix(cron:session): session closed for user root
May  6 10:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session closed for user samftp
May  6 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Invalid user admin from 80.94.95.112
May  6 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: input_userauth_request: invalid user admin [preauth]
May  6 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 10:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user admin from 80.94.95.112 port 50637 ssh2
May  6 10:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user admin from 80.94.95.112 port 50637 ssh2
May  6 10:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user admin from 80.94.95.112 port 50637 ssh2
May  6 10:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user admin from 80.94.95.112 port 50637 ssh2
May  6 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user admin from 80.94.95.112 port 50637 ssh2
May  6 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Received disconnect from 80.94.95.112 port 50637:11: Bye [preauth]
May  6 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Disconnected from 80.94.95.112 port 50637 [preauth]
May  6 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session closed for user root
May  6 10:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Invalid user bvb from 123.252.238.214
May  6 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: input_userauth_request: invalid user bvb [preauth]
May  6 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 10:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Failed password for invalid user bvb from 123.252.238.214 port 34026 ssh2
May  6 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Received disconnect from 123.252.238.214 port 34026:11: Bye Bye [preauth]
May  6 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20828]: Disconnected from 123.252.238.214 port 34026 [preauth]
May  6 10:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Failed password for root from 218.92.0.179 port 45170 ssh2
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20869]: pam_unix(cron:session): session closed for user root
May  6 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user p13x
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20942]: Successful su for rubyman by root
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20942]: + ??? root:rubyman
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339718 of user rubyman.
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20942]: pam_unix(su:session): session closed for user rubyman
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339718.
May  6 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Failed password for root from 218.92.0.179 port 45170 ssh2
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session closed for user root
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Failed password for root from 218.92.0.179 port 45170 ssh2
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18352]: pam_unix(cron:session): session closed for user root
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Received disconnect from 218.92.0.179 port 45170:11:  [preauth]
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: Disconnected from 218.92.0.179 port 45170 [preauth]
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20847]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Invalid user tkj from 83.168.108.5
May  6 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: input_userauth_request: invalid user tkj [preauth]
May  6 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session closed for user samftp
May  6 10:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Failed password for invalid user tkj from 83.168.108.5 port 51940 ssh2
May  6 10:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Received disconnect from 83.168.108.5 port 51940:11: Bye Bye [preauth]
May  6 10:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21118]: Disconnected from 83.168.108.5 port 51940 [preauth]
May  6 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20061]: pam_unix(cron:session): session closed for user root
May  6 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21340]: pam_unix(cron:session): session closed for user p13x
May  6 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: Successful su for rubyman by root
May  6 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: + ??? root:rubyman
May  6 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339720 of user rubyman.
May  6 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21406]: pam_unix(su:session): session closed for user rubyman
May  6 10:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339720.
May  6 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session closed for user root
May  6 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session closed for user samftp
May  6 10:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session closed for user root
May  6 10:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Invalid user abi from 46.191.141.152
May  6 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: input_userauth_request: invalid user abi [preauth]
May  6 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.191.141.152
May  6 10:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Failed password for invalid user abi from 46.191.141.152 port 45741 ssh2
May  6 10:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Received disconnect from 46.191.141.152 port 45741:11: Bye Bye [preauth]
May  6 10:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21742]: Disconnected from 46.191.141.152 port 45741 [preauth]
May  6 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session closed for user p13x
May  6 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: Successful su for rubyman by root
May  6 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: + ??? root:rubyman
May  6 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339725 of user rubyman.
May  6 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: pam_unix(su:session): session closed for user rubyman
May  6 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339725.
May  6 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session closed for user root
May  6 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session closed for user samftp
May  6 10:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: Invalid user marc from 40.83.182.122
May  6 10:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: input_userauth_request: invalid user marc [preauth]
May  6 10:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: Failed password for invalid user marc from 40.83.182.122 port 57634 ssh2
May  6 10:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: Received disconnect from 40.83.182.122 port 57634:11: Bye Bye [preauth]
May  6 10:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22377]: Disconnected from 40.83.182.122 port 57634 [preauth]
May  6 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20868]: pam_unix(cron:session): session closed for user root
May  6 10:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249  user=root
May  6 10:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Failed password for root from 196.92.7.249 port 56734 ssh2
May  6 10:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Received disconnect from 196.92.7.249 port 56734:11: Bye Bye [preauth]
May  6 10:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22470]: Disconnected from 196.92.7.249 port 56734 [preauth]
May  6 10:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Invalid user paras from 190.103.202.7
May  6 10:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: input_userauth_request: invalid user paras [preauth]
May  6 10:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 10:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Failed password for invalid user paras from 190.103.202.7 port 56032 ssh2
May  6 10:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22515]: Connection closed by 190.103.202.7 port 56032 [preauth]
May  6 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session closed for user p13x
May  6 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: Successful su for rubyman by root
May  6 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: + ??? root:rubyman
May  6 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339728 of user rubyman.
May  6 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: pam_unix(su:session): session closed for user rubyman
May  6 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339728.
May  6 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session closed for user root
May  6 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session closed for user samftp
May  6 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21344]: pam_unix(cron:session): session closed for user root
May  6 10:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Invalid user shweta from 190.173.77.226
May  6 10:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: input_userauth_request: invalid user shweta [preauth]
May  6 10:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Failed password for invalid user shweta from 190.173.77.226 port 55692 ssh2
May  6 10:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Received disconnect from 190.173.77.226 port 55692:11: Bye Bye [preauth]
May  6 10:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22923]: Disconnected from 190.173.77.226 port 55692 [preauth]
May  6 10:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Invalid user report from 180.253.167.74
May  6 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: input_userauth_request: invalid user report [preauth]
May  6 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Failed password for invalid user report from 180.253.167.74 port 35332 ssh2
May  6 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Received disconnect from 180.253.167.74 port 35332:11: Bye Bye [preauth]
May  6 10:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22974]: Disconnected from 180.253.167.74 port 35332 [preauth]
May  6 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session closed for user p13x
May  6 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23066]: Successful su for rubyman by root
May  6 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23066]: + ??? root:rubyman
May  6 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339733 of user rubyman.
May  6 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23066]: pam_unix(su:session): session closed for user rubyman
May  6 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339733.
May  6 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session closed for user root
May  6 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user samftp
May  6 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session closed for user root
May  6 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23507]: pam_unix(cron:session): session closed for user root
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23502]: pam_unix(cron:session): session closed for user p13x
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23570]: Successful su for rubyman by root
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23570]: + ??? root:rubyman
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339738 of user rubyman.
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23570]: pam_unix(su:session): session closed for user rubyman
May  6 10:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339738.
May  6 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session closed for user root
May  6 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23504]: pam_unix(cron:session): session closed for user root
May  6 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23503]: pam_unix(cron:session): session closed for user samftp
May  6 10:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Invalid user shilei from 123.252.238.214
May  6 10:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: input_userauth_request: invalid user shilei [preauth]
May  6 10:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 10:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Failed password for invalid user shilei from 123.252.238.214 port 53440 ssh2
May  6 10:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Received disconnect from 123.252.238.214 port 53440:11: Bye Bye [preauth]
May  6 10:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Disconnected from 123.252.238.214 port 53440 [preauth]
May  6 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session closed for user root
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: Invalid user  from 47.236.194.116
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: input_userauth_request: invalid user  [preauth]
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24059]: pam_unix(cron:session): session closed for user p13x
May  6 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: Successful su for rubyman by root
May  6 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: + ??? root:rubyman
May  6 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339742 of user rubyman.
May  6 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: pam_unix(su:session): session closed for user rubyman
May  6 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339742.
May  6 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20867]: pam_unix(cron:session): session closed for user root
May  6 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24060]: pam_unix(cron:session): session closed for user samftp
May  6 10:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24056]: Connection closed by 47.236.194.116 port 52474 [preauth]
May  6 10:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user root
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session closed for user p13x
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: Successful su for rubyman by root
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: + ??? root:rubyman
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339748 of user rubyman.
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24573]: pam_unix(su:session): session closed for user rubyman
May  6 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339748.
May  6 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session closed for user root
May  6 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session closed for user samftp
May  6 10:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Invalid user elaine from 40.83.182.122
May  6 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: input_userauth_request: invalid user elaine [preauth]
May  6 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  6 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Failed password for invalid user elaine from 40.83.182.122 port 53186 ssh2
May  6 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Received disconnect from 40.83.182.122 port 53186:11: Bye Bye [preauth]
May  6 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Disconnected from 40.83.182.122 port 53186 [preauth]
May  6 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Failed password for root from 50.235.31.47 port 40432 ssh2
May  6 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Connection closed by 50.235.31.47 port 40432 [preauth]
May  6 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23506]: pam_unix(cron:session): session closed for user root
May  6 10:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249  user=root
May  6 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: Failed password for root from 196.92.7.249 port 48884 ssh2
May  6 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: Received disconnect from 196.92.7.249 port 48884:11: Bye Bye [preauth]
May  6 10:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24858]: Disconnected from 196.92.7.249 port 48884 [preauth]
May  6 10:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: Invalid user kapsch from 188.138.28.121
May  6 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: input_userauth_request: invalid user kapsch [preauth]
May  6 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: Failed password for invalid user kapsch from 188.138.28.121 port 47110 ssh2
May  6 10:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: Received disconnect from 188.138.28.121 port 47110:11: Bye Bye [preauth]
May  6 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24908]: Disconnected from 188.138.28.121 port 47110 [preauth]
May  6 10:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5  user=root
May  6 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for root from 83.168.108.5 port 53694 ssh2
May  6 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Received disconnect from 83.168.108.5 port 53694:11: Bye Bye [preauth]
May  6 10:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Disconnected from 83.168.108.5 port 53694 [preauth]
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24933]: pam_unix(cron:session): session closed for user p13x
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: Successful su for rubyman by root
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: + ??? root:rubyman
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339752 of user rubyman.
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: pam_unix(su:session): session closed for user rubyman
May  6 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339752.
May  6 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session closed for user root
May  6 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24934]: pam_unix(cron:session): session closed for user samftp
May  6 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24062]: pam_unix(cron:session): session closed for user root
May  6 10:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Invalid user default from 80.94.95.125
May  6 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: input_userauth_request: invalid user default [preauth]
May  6 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 10:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Failed password for invalid user default from 80.94.95.125 port 52500 ssh2
May  6 10:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Failed password for invalid user default from 80.94.95.125 port 52500 ssh2
May  6 10:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Failed password for invalid user default from 80.94.95.125 port 52500 ssh2
May  6 10:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Failed password for invalid user default from 80.94.95.125 port 52500 ssh2
May  6 10:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Failed password for invalid user default from 80.94.95.125 port 52500 ssh2
May  6 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Received disconnect from 80.94.95.125 port 52500:11: Bye [preauth]
May  6 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: Disconnected from 80.94.95.125 port 52500 [preauth]
May  6 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25289]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25350]: pam_unix(cron:session): session closed for user p13x
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: Successful su for rubyman by root
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: + ??? root:rubyman
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339755 of user rubyman.
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25416]: pam_unix(su:session): session closed for user rubyman
May  6 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339755.
May  6 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session closed for user root
May  6 10:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25351]: pam_unix(cron:session): session closed for user samftp
May  6 10:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Invalid user smbuser from 193.70.84.184
May  6 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: input_userauth_request: invalid user smbuser [preauth]
May  6 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Failed password for invalid user smbuser from 193.70.84.184 port 38898 ssh2
May  6 10:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25664]: Connection closed by 193.70.84.184 port 38898 [preauth]
May  6 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session closed for user root
May  6 10:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: Invalid user paulina from 180.253.167.74
May  6 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: input_userauth_request: invalid user paulina [preauth]
May  6 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user root
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25821]: pam_unix(cron:session): session closed for user p13x
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: Failed password for invalid user paulina from 180.253.167.74 port 57387 ssh2
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: Received disconnect from 180.253.167.74 port 57387:11: Bye Bye [preauth]
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25817]: Disconnected from 180.253.167.74 port 57387 [preauth]
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25910]: Successful su for rubyman by root
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25910]: + ??? root:rubyman
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339758 of user rubyman.
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25910]: pam_unix(su:session): session closed for user rubyman
May  6 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339758.
May  6 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session closed for user root
May  6 10:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user root
May  6 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25822]: pam_unix(cron:session): session closed for user samftp
May  6 10:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Invalid user s from 190.173.77.226
May  6 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: input_userauth_request: invalid user s [preauth]
May  6 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Failed password for invalid user s from 190.173.77.226 port 61912 ssh2
May  6 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Received disconnect from 190.173.77.226 port 61912:11: Bye Bye [preauth]
May  6 10:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26143]: Disconnected from 190.173.77.226 port 61912 [preauth]
May  6 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: Invalid user l from 195.178.110.50
May  6 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: input_userauth_request: invalid user l [preauth]
May  6 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 10:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: Failed password for invalid user l from 195.178.110.50 port 49842 ssh2
May  6 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25816]: Connection closed by 195.178.110.50 port 49842 [preauth]
May  6 10:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24937]: pam_unix(cron:session): session closed for user root
May  6 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Invalid user 3 from 195.178.110.50
May  6 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: input_userauth_request: invalid user 3 [preauth]
May  6 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 10:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Failed password for invalid user 3 from 195.178.110.50 port 15380 ssh2
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: Invalid user super from 123.252.238.214
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: input_userauth_request: invalid user super [preauth]
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26175]: Connection closed by 195.178.110.50 port 15380 [preauth]
May  6 10:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: Failed password for invalid user super from 123.252.238.214 port 37140 ssh2
May  6 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: Received disconnect from 123.252.238.214 port 37140:11: Bye Bye [preauth]
May  6 10:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26229]: Disconnected from 123.252.238.214 port 37140 [preauth]
May  6 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: Invalid user X from 195.178.110.50
May  6 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: input_userauth_request: invalid user X [preauth]
May  6 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 10:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: Failed password for invalid user X from 195.178.110.50 port 47200 ssh2
May  6 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26238]: Connection closed by 195.178.110.50 port 47200 [preauth]
May  6 10:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session closed for user p13x
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26361]: Successful su for rubyman by root
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26361]: + ??? root:rubyman
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339766 of user rubyman.
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26361]: pam_unix(su:session): session closed for user rubyman
May  6 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339766.
May  6 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23505]: pam_unix(cron:session): session closed for user root
May  6 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26290]: pam_unix(cron:session): session closed for user samftp
May  6 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Invalid user } from 195.178.110.50
May  6 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: input_userauth_request: invalid user } [preauth]
May  6 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 10:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Failed password for invalid user } from 195.178.110.50 port 35344 ssh2
May  6 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26277]: Connection closed by 195.178.110.50 port 35344 [preauth]
May  6 10:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Failed password for root from 47.236.194.116 port 38840 ssh2
May  6 10:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26653]: Connection closed by 47.236.194.116 port 38840 [preauth]
May  6 10:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Invalid user pi from 47.236.194.116
May  6 10:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: input_userauth_request: invalid user pi [preauth]
May  6 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Failed password for invalid user pi from 47.236.194.116 port 49694 ssh2
May  6 10:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26668]: Connection closed by 47.236.194.116 port 49694 [preauth]
May  6 10:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Invalid user hive from 47.236.194.116
May  6 10:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: input_userauth_request: invalid user hive [preauth]
May  6 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: Invalid user D from 195.178.110.50
May  6 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: input_userauth_request: invalid user D [preauth]
May  6 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: Failed password for invalid user D from 195.178.110.50 port 41618 ssh2
May  6 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Failed password for invalid user hive from 47.236.194.116 port 49724 ssh2
May  6 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26679]: Connection closed by 47.236.194.116 port 49724 [preauth]
May  6 10:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: Invalid user git from 47.236.194.116
May  6 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: input_userauth_request: invalid user git [preauth]
May  6 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26631]: Connection closed by 195.178.110.50 port 41618 [preauth]
May  6 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: Failed password for invalid user git from 47.236.194.116 port 50910 ssh2
May  6 10:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: Connection closed by 47.236.194.116 port 50910 [preauth]
May  6 10:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: Invalid user wang from 47.236.194.116
May  6 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: input_userauth_request: invalid user wang [preauth]
May  6 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25353]: pam_unix(cron:session): session closed for user root
May  6 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: Failed password for invalid user wang from 47.236.194.116 port 50940 ssh2
May  6 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26712]: Connection closed by 47.236.194.116 port 50940 [preauth]
May  6 10:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: Invalid user nginx from 47.236.194.116
May  6 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: input_userauth_request: invalid user nginx [preauth]
May  6 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: Failed password for invalid user nginx from 47.236.194.116 port 50970 ssh2
May  6 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26742]: Connection closed by 47.236.194.116 port 50970 [preauth]
May  6 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: Invalid user mongo from 47.236.194.116
May  6 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: input_userauth_request: invalid user mongo [preauth]
May  6 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: Failed password for invalid user mongo from 47.236.194.116 port 48952 ssh2
May  6 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26752]: Connection closed by 47.236.194.116 port 48952 [preauth]
May  6 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: Invalid user user from 47.236.194.116
May  6 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: input_userauth_request: invalid user user [preauth]
May  6 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: Failed password for invalid user user from 47.236.194.116 port 48974 ssh2
May  6 10:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26760]: Connection closed by 47.236.194.116 port 48974 [preauth]
May  6 10:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Invalid user oracle from 47.236.194.116
May  6 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: input_userauth_request: invalid user oracle [preauth]
May  6 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.17.187  user=root
May  6 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Failed password for invalid user oracle from 47.236.194.116 port 42290 ssh2
May  6 10:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Connection closed by 47.236.194.116 port 42290 [preauth]
May  6 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26779]: Failed password for root from 61.219.17.187 port 44222 ssh2
May  6 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26779]: Received disconnect from 61.219.17.187 port 44222:11: Bye Bye [preauth]
May  6 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26779]: Disconnected from 61.219.17.187 port 44222 [preauth]
May  6 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Invalid user gpadmin from 47.236.194.116
May  6 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: input_userauth_request: invalid user gpadmin [preauth]
May  6 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Failed password for invalid user gpadmin from 47.236.194.116 port 42320 ssh2
May  6 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Connection closed by 47.236.194.116 port 42320 [preauth]
May  6 10:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Failed password for root from 47.236.194.116 port 42350 ssh2
May  6 10:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Connection closed by 47.236.194.116 port 42350 [preauth]
May  6 10:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Invalid user esroot from 47.236.194.116
May  6 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: input_userauth_request: invalid user esroot [preauth]
May  6 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26818]: pam_unix(cron:session): session closed for user p13x
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26885]: Successful su for rubyman by root
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26885]: + ??? root:rubyman
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339768 of user rubyman.
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26885]: pam_unix(su:session): session closed for user rubyman
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339768.
May  6 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Failed password for invalid user esroot from 47.236.194.116 port 51982 ssh2
May  6 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Connection closed by 47.236.194.116 port 51982 [preauth]
May  6 10:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Invalid user gitlab from 47.236.194.116
May  6 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: input_userauth_request: invalid user gitlab [preauth]
May  6 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24061]: pam_unix(cron:session): session closed for user root
May  6 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26820]: pam_unix(cron:session): session closed for user samftp
May  6 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Failed password for invalid user gitlab from 47.236.194.116 port 52010 ssh2
May  6 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Connection closed by 47.236.194.116 port 52010 [preauth]
May  6 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: Invalid user apache from 47.236.194.116
May  6 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: input_userauth_request: invalid user apache [preauth]
May  6 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: Failed password for invalid user apache from 47.236.194.116 port 35864 ssh2
May  6 10:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27142]: Connection closed by 47.236.194.116 port 35864 [preauth]
May  6 10:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Failed password for root from 47.236.194.116 port 35896 ssh2
May  6 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Connection closed by 47.236.194.116 port 35896 [preauth]
May  6 10:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Invalid user scanner from 40.83.182.122
May  6 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: input_userauth_request: invalid user scanner [preauth]
May  6 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: Failed password for root from 47.236.194.116 port 35928 ssh2
May  6 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Failed password for invalid user scanner from 40.83.182.122 port 54242 ssh2
May  6 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27169]: Connection closed by 47.236.194.116 port 35928 [preauth]
May  6 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Received disconnect from 40.83.182.122 port 54242:11: Bye Bye [preauth]
May  6 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27183]: Disconnected from 40.83.182.122 port 54242 [preauth]
May  6 10:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Invalid user user from 47.236.194.116
May  6 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: input_userauth_request: invalid user user [preauth]
May  6 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Failed password for invalid user user from 47.236.194.116 port 50932 ssh2
May  6 10:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27185]: Connection closed by 47.236.194.116 port 50932 [preauth]
May  6 10:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: Invalid user lighthouse from 47.236.194.116
May  6 10:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: input_userauth_request: invalid user lighthouse [preauth]
May  6 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: Failed password for invalid user lighthouse from 47.236.194.116 port 50960 ssh2
May  6 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: Connection closed by 47.236.194.116 port 50960 [preauth]
May  6 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Invalid user flask from 47.236.194.116
May  6 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: input_userauth_request: invalid user flask [preauth]
May  6 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Failed password for invalid user flask from 47.236.194.116 port 53148 ssh2
May  6 10:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27224]: Connection closed by 47.236.194.116 port 53148 [preauth]
May  6 10:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Invalid user user1 from 47.236.194.116
May  6 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: input_userauth_request: invalid user user1 [preauth]
May  6 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Failed password for invalid user user1 from 47.236.194.116 port 53184 ssh2
May  6 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.246  user=root
May  6 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27227]: Connection closed by 47.236.194.116 port 53184 [preauth]
May  6 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user root
May  6 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Failed password for root from 196.92.7.246 port 40442 ssh2
May  6 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Received disconnect from 196.92.7.246 port 40442:11: Bye Bye [preauth]
May  6 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Disconnected from 196.92.7.246 port 40442 [preauth]
May  6 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: Invalid user hadoop from 47.236.194.116
May  6 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: input_userauth_request: invalid user hadoop [preauth]
May  6 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: Failed password for invalid user hadoop from 47.236.194.116 port 53220 ssh2
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27261]: Connection closed by 47.236.194.116 port 53220 [preauth]
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Invalid user linda from 83.168.108.5
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: input_userauth_request: invalid user linda [preauth]
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Invalid user oracle from 47.236.194.116
May  6 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: input_userauth_request: invalid user oracle [preauth]
May  6 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Invalid user kafka from 188.138.28.121
May  6 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: input_userauth_request: invalid user kafka [preauth]
May  6 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Failed password for invalid user linda from 83.168.108.5 port 58160 ssh2
May  6 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Received disconnect from 83.168.108.5 port 58160:11: Bye Bye [preauth]
May  6 10:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27271]: Disconnected from 83.168.108.5 port 58160 [preauth]
May  6 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Failed password for invalid user kafka from 188.138.28.121 port 43100 ssh2
May  6 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Failed password for invalid user oracle from 47.236.194.116 port 42226 ssh2
May  6 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Received disconnect from 188.138.28.121 port 43100:11: Bye Bye [preauth]
May  6 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27277]: Disconnected from 188.138.28.121 port 43100 [preauth]
May  6 10:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27273]: Connection closed by 47.236.194.116 port 42226 [preauth]
May  6 10:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Invalid user test from 47.236.194.116
May  6 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: input_userauth_request: invalid user test [preauth]
May  6 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Failed password for invalid user test from 47.236.194.116 port 42246 ssh2
May  6 10:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27295]: Connection closed by 47.236.194.116 port 42246 [preauth]
May  6 10:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Failed password for root from 47.236.194.116 port 51932 ssh2
May  6 10:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Connection closed by 47.236.194.116 port 51932 [preauth]
May  6 10:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: Invalid user developer from 47.236.194.116
May  6 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: input_userauth_request: invalid user developer [preauth]
May  6 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: Failed password for invalid user developer from 47.236.194.116 port 51948 ssh2
May  6 10:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27318]: Connection closed by 47.236.194.116 port 51948 [preauth]
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27343]: pam_unix(cron:session): session closed for user p13x
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27433]: Successful su for rubyman by root
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27433]: + ??? root:rubyman
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339772 of user rubyman.
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27433]: pam_unix(su:session): session closed for user rubyman
May  6 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339772.
May  6 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session closed for user root
May  6 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27344]: pam_unix(cron:session): session closed for user samftp
May  6 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: Invalid user tom from 47.236.194.116
May  6 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: input_userauth_request: invalid user tom [preauth]
May  6 10:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: Failed password for invalid user tom from 47.236.194.116 port 57436 ssh2
May  6 10:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27651]: Connection closed by 47.236.194.116 port 57436 [preauth]
May  6 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27663]: Failed password for root from 47.236.194.116 port 58324 ssh2
May  6 10:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27663]: Connection closed by 47.236.194.116 port 58324 [preauth]
May  6 10:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Failed password for root from 47.236.194.116 port 53674 ssh2
May  6 10:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Connection closed by 47.236.194.116 port 53674 [preauth]
May  6 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: Invalid user oscar from 47.236.194.116
May  6 10:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: input_userauth_request: invalid user oscar [preauth]
May  6 10:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: Failed password for invalid user oscar from 47.236.194.116 port 53652 ssh2
May  6 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27718]: Connection closed by 47.236.194.116 port 53652 [preauth]
May  6 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Invalid user user1 from 47.236.194.116
May  6 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: input_userauth_request: invalid user user1 [preauth]
May  6 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26292]: pam_unix(cron:session): session closed for user root
May  6 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Failed password for invalid user user1 from 47.236.194.116 port 37326 ssh2
May  6 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27729]: Connection closed by 47.236.194.116 port 37326 [preauth]
May  6 10:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: Failed password for root from 47.236.194.116 port 37294 ssh2
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Invalid user apache from 47.236.194.116
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: input_userauth_request: invalid user apache [preauth]
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: Connection closed by 47.236.194.116 port 37294 [preauth]
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27770]: Failed password for root from 47.236.194.116 port 37358 ssh2
May  6 10:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27770]: Connection closed by 47.236.194.116 port 37358 [preauth]
May  6 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: Invalid user flink from 47.236.194.116
May  6 10:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: input_userauth_request: invalid user flink [preauth]
May  6 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user apache from 47.236.194.116 port 50562 ssh2
May  6 10:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Connection closed by 47.236.194.116 port 50562 [preauth]
May  6 10:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: Failed password for invalid user flink from 47.236.194.116 port 50532 ssh2
May  6 10:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27789]: Connection closed by 47.236.194.116 port 50532 [preauth]
May  6 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Failed password for root from 47.236.194.116 port 35794 ssh2
May  6 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27799]: Connection closed by 47.236.194.116 port 35794 [preauth]
May  6 10:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Invalid user nginx from 47.236.194.116
May  6 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: input_userauth_request: invalid user nginx [preauth]
May  6 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Failed password for invalid user nginx from 47.236.194.116 port 35818 ssh2
May  6 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27801]: Connection closed by 47.236.194.116 port 35818 [preauth]
May  6 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: Invalid user esuser from 47.236.194.116
May  6 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: input_userauth_request: invalid user esuser [preauth]
May  6 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: Failed password for invalid user esuser from 47.236.194.116 port 35842 ssh2
May  6 10:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27812]: Connection closed by 47.236.194.116 port 35842 [preauth]
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27823]: pam_unix(cron:session): session closed for user p13x
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27891]: Successful su for rubyman by root
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27891]: + ??? root:rubyman
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339776 of user rubyman.
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27891]: pam_unix(su:session): session closed for user rubyman
May  6 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339776.
May  6 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24935]: pam_unix(cron:session): session closed for user root
May  6 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: Invalid user git from 47.236.194.116
May  6 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: input_userauth_request: invalid user git [preauth]
May  6 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27931]: Failed password for root from 47.236.194.116 port 56448 ssh2
May  6 10:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27931]: Connection closed by 47.236.194.116 port 56448 [preauth]
May  6 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27824]: pam_unix(cron:session): session closed for user samftp
May  6 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: Failed password for invalid user git from 47.236.194.116 port 56470 ssh2
May  6 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: Connection closed by 47.236.194.116 port 56470 [preauth]
May  6 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: Invalid user postgres from 47.236.194.116
May  6 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: input_userauth_request: invalid user postgres [preauth]
May  6 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: Failed password for invalid user postgres from 47.236.194.116 port 34162 ssh2
May  6 10:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28083]: Connection closed by 47.236.194.116 port 34162 [preauth]
May  6 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Invalid user svnuser from 47.236.194.116
May  6 10:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: input_userauth_request: invalid user svnuser [preauth]
May  6 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Failed password for invalid user svnuser from 47.236.194.116 port 34184 ssh2
May  6 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28094]: Connection closed by 47.236.194.116 port 34184 [preauth]
May  6 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Failed password for root from 47.236.194.116 port 55694 ssh2
May  6 10:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28123]: Connection closed by 47.236.194.116 port 55694 [preauth]
May  6 10:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Invalid user plexserver from 47.236.194.116
May  6 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: input_userauth_request: invalid user plexserver [preauth]
May  6 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Failed password for invalid user plexserver from 47.236.194.116 port 55728 ssh2
May  6 10:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28139]: Connection closed by 47.236.194.116 port 55728 [preauth]
May  6 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Invalid user app from 47.236.194.116
May  6 10:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: input_userauth_request: invalid user app [preauth]
May  6 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26822]: pam_unix(cron:session): session closed for user root
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Failed password for invalid user app from 47.236.194.116 port 35314 ssh2
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28161]: Connection closed by 47.236.194.116 port 35314 [preauth]
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Invalid user sonar from 47.236.194.116
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: input_userauth_request: invalid user sonar [preauth]
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: Invalid user tools from 47.236.194.116
May  6 10:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: input_userauth_request: invalid user tools [preauth]
May  6 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Failed password for invalid user sonar from 47.236.194.116 port 55762 ssh2
May  6 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28184]: Connection closed by 47.236.194.116 port 55762 [preauth]
May  6 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: Failed password for invalid user tools from 47.236.194.116 port 35352 ssh2
May  6 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28193]: Connection closed by 47.236.194.116 port 35352 [preauth]
May  6 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: User mysql from 47.236.194.116 not allowed because not listed in AllowUsers
May  6 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: input_userauth_request: invalid user mysql [preauth]
May  6 10:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=mysql
May  6 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: Failed password for invalid user mysql from 47.236.194.116 port 52294 ssh2
May  6 10:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28212]: Connection closed by 47.236.194.116 port 52294 [preauth]
May  6 10:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Failed password for root from 47.236.194.116 port 52308 ssh2
May  6 10:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Connection closed by 47.236.194.116 port 52308 [preauth]
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28273]: pam_unix(cron:session): session closed for user root
May  6 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session closed for user p13x
May  6 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28335]: Successful su for rubyman by root
May  6 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28335]: + ??? root:rubyman
May  6 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339781 of user rubyman.
May  6 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28335]: pam_unix(su:session): session closed for user rubyman
May  6 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339781.
May  6 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28270]: pam_unix(cron:session): session closed for user root
May  6 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25352]: pam_unix(cron:session): session closed for user root
May  6 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28269]: pam_unix(cron:session): session closed for user samftp
May  6 10:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: Invalid user oscar from 47.236.194.116
May  6 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: input_userauth_request: invalid user oscar [preauth]
May  6 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: Failed password for invalid user oscar from 47.236.194.116 port 54866 ssh2
May  6 10:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28552]: Connection closed by 47.236.194.116 port 54866 [preauth]
May  6 10:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Invalid user www from 47.236.194.116
May  6 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: input_userauth_request: invalid user www [preauth]
May  6 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Failed password for invalid user www from 47.236.194.116 port 38196 ssh2
May  6 10:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Connection closed by 47.236.194.116 port 38196 [preauth]
May  6 10:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Failed password for root from 47.236.194.116 port 33294 ssh2
May  6 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Connection closed by 47.236.194.116 port 33294 [preauth]
May  6 10:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Invalid user app from 47.236.194.116
May  6 10:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: input_userauth_request: invalid user app [preauth]
May  6 10:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Failed password for invalid user app from 47.236.194.116 port 33318 ssh2
May  6 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28611]: Connection closed by 47.236.194.116 port 33318 [preauth]
May  6 10:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: Invalid user elastic from 47.236.194.116
May  6 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: input_userauth_request: invalid user elastic [preauth]
May  6 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: Failed password for invalid user elastic from 47.236.194.116 port 34700 ssh2
May  6 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28621]: Connection closed by 47.236.194.116 port 34700 [preauth]
May  6 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27347]: pam_unix(cron:session): session closed for user root
May  6 10:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Failed password for root from 47.236.194.116 port 34734 ssh2
May  6 10:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28652]: Connection closed by 47.236.194.116 port 34734 [preauth]
May  6 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: Invalid user guest from 47.236.194.116
May  6 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: input_userauth_request: invalid user guest [preauth]
May  6 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: Failed password for invalid user guest from 47.236.194.116 port 59062 ssh2
May  6 10:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28661]: Connection closed by 47.236.194.116 port 59062 [preauth]
May  6 10:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28666]: Failed password for root from 47.236.194.116 port 59098 ssh2
May  6 10:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28666]: Connection closed by 47.236.194.116 port 59098 [preauth]
May  6 10:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Invalid user sonar from 47.236.194.116
May  6 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: input_userauth_request: invalid user sonar [preauth]
May  6 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Failed password for invalid user sonar from 47.236.194.116 port 59134 ssh2
May  6 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28689]: Connection closed by 47.236.194.116 port 59134 [preauth]
May  6 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Invalid user jumpserver from 47.236.194.116
May  6 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: input_userauth_request: invalid user jumpserver [preauth]
May  6 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Failed password for invalid user jumpserver from 47.236.194.116 port 54698 ssh2
May  6 10:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28699]: Connection closed by 47.236.194.116 port 54698 [preauth]
May  6 10:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Invalid user tom from 47.236.194.116
May  6 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: input_userauth_request: invalid user tom [preauth]
May  6 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Failed password for invalid user tom from 47.236.194.116 port 54724 ssh2
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: Invalid user jago from 123.252.238.214
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: input_userauth_request: invalid user jago [preauth]
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 10:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28701]: Connection closed by 47.236.194.116 port 54724 [preauth]
May  6 10:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: Failed password for invalid user jago from 123.252.238.214 port 40042 ssh2
May  6 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: Received disconnect from 123.252.238.214 port 40042:11: Bye Bye [preauth]
May  6 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: Disconnected from 123.252.238.214 port 40042 [preauth]
May  6 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: Failed password for root from 47.236.194.116 port 54750 ssh2
May  6 10:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: Connection closed by 47.236.194.116 port 54750 [preauth]
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user p13x
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: Successful su for rubyman by root
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: + ??? root:rubyman
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339786 of user rubyman.
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28795]: pam_unix(su:session): session closed for user rubyman
May  6 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339786.
May  6 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Invalid user git from 47.236.194.116
May  6 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: input_userauth_request: invalid user git [preauth]
May  6 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session closed for user root
May  6 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: Invalid user ranger from 47.236.194.116
May  6 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: input_userauth_request: invalid user ranger [preauth]
May  6 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Failed password for invalid user git from 47.236.194.116 port 51004 ssh2
May  6 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28871]: Connection closed by 47.236.194.116 port 51004 [preauth]
May  6 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session closed for user samftp
May  6 10:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: Failed password for invalid user ranger from 47.236.194.116 port 51038 ssh2
May  6 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Invalid user drew from 180.253.167.74
May  6 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: input_userauth_request: invalid user drew [preauth]
May  6 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28959]: Connection closed by 47.236.194.116 port 51038 [preauth]
May  6 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Failed password for invalid user drew from 180.253.167.74 port 46508 ssh2
May  6 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Received disconnect from 180.253.167.74 port 46508:11: Bye Bye [preauth]
May  6 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28989]: Disconnected from 180.253.167.74 port 46508 [preauth]
May  6 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Invalid user appuser from 47.236.194.116
May  6 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: input_userauth_request: invalid user appuser [preauth]
May  6 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Failed password for root from 47.236.194.116 port 52594 ssh2
May  6 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29000]: Connection closed by 47.236.194.116 port 52594 [preauth]
May  6 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Failed password for invalid user appuser from 47.236.194.116 port 52618 ssh2
May  6 10:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29003]: Connection closed by 47.236.194.116 port 52618 [preauth]
May  6 10:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Invalid user tom from 47.236.194.116
May  6 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: input_userauth_request: invalid user tom [preauth]
May  6 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Failed password for invalid user tom from 47.236.194.116 port 52642 ssh2
May  6 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29119]: Connection closed by 47.236.194.116 port 52642 [preauth]
May  6 10:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Failed password for root from 47.236.194.116 port 38800 ssh2
May  6 10:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Connection closed by 47.236.194.116 port 38800 [preauth]
May  6 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Invalid user ubuntu from 47.236.194.116
May  6 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: input_userauth_request: invalid user ubuntu [preauth]
May  6 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Failed password for invalid user ubuntu from 47.236.194.116 port 38838 ssh2
May  6 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Connection closed by 47.236.194.116 port 38838 [preauth]
May  6 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27826]: pam_unix(cron:session): session closed for user root
May  6 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Invalid user rancher from 47.236.194.116
May  6 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: input_userauth_request: invalid user rancher [preauth]
May  6 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Failed password for invalid user rancher from 47.236.194.116 port 38832 ssh2
May  6 10:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29189]: Connection closed by 47.236.194.116 port 38832 [preauth]
May  6 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Invalid user es from 47.236.194.116
May  6 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: input_userauth_request: invalid user es [preauth]
May  6 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Invalid user nginx from 47.236.194.116
May  6 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: input_userauth_request: invalid user nginx [preauth]
May  6 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Failed password for invalid user es from 47.236.194.116 port 39486 ssh2
May  6 10:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29213]: Connection closed by 47.236.194.116 port 39486 [preauth]
May  6 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Failed password for invalid user nginx from 47.236.194.116 port 38812 ssh2
May  6 10:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29217]: Connection closed by 47.236.194.116 port 38812 [preauth]
May  6 10:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Invalid user glassfish from 190.173.77.226
May  6 10:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: input_userauth_request: invalid user glassfish [preauth]
May  6 10:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Failed password for invalid user glassfish from 190.173.77.226 port 33970 ssh2
May  6 10:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Received disconnect from 190.173.77.226 port 33970:11: Bye Bye [preauth]
May  6 10:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29225]: Disconnected from 190.173.77.226 port 33970 [preauth]
May  6 10:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Invalid user user from 47.236.194.116
May  6 10:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: input_userauth_request: invalid user user [preauth]
May  6 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Failed password for invalid user user from 47.236.194.116 port 39236 ssh2
May  6 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29237]: Connection closed by 47.236.194.116 port 39236 [preauth]
May  6 10:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Failed password for root from 47.236.194.116 port 38852 ssh2
May  6 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29249]: Connection closed by 47.236.194.116 port 38852 [preauth]
May  6 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Failed password for root from 47.236.194.116 port 39256 ssh2
May  6 10:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29252]: Connection closed by 47.236.194.116 port 39256 [preauth]
May  6 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Invalid user uftp from 47.236.194.116
May  6 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: input_userauth_request: invalid user uftp [preauth]
May  6 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29270]: pam_unix(cron:session): session closed for user p13x
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: Successful su for rubyman by root
May  6 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: + ??? root:rubyman
May  6 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339791 of user rubyman.
May  6 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29332]: pam_unix(su:session): session closed for user rubyman
May  6 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339791.
May  6 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Failed password for invalid user uftp from 47.236.194.116 port 47890 ssh2
May  6 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29267]: Connection closed by 47.236.194.116 port 47890 [preauth]
May  6 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26291]: pam_unix(cron:session): session closed for user root
May  6 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29271]: pam_unix(cron:session): session closed for user samftp
May  6 10:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: Invalid user oracle from 47.236.194.116
May  6 10:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: input_userauth_request: invalid user oracle [preauth]
May  6 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: Failed password for invalid user oracle from 47.236.194.116 port 35560 ssh2
May  6 10:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29532]: Connection closed by 47.236.194.116 port 35560 [preauth]
May  6 10:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Invalid user plex from 47.236.194.116
May  6 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: input_userauth_request: invalid user plex [preauth]
May  6 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user plex from 47.236.194.116 port 35586 ssh2
May  6 10:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Connection closed by 47.236.194.116 port 35586 [preauth]
May  6 10:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: Invalid user steam from 47.236.194.116
May  6 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: input_userauth_request: invalid user steam [preauth]
May  6 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: Failed password for invalid user steam from 47.236.194.116 port 49658 ssh2
May  6 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29559]: Connection closed by 47.236.194.116 port 49658 [preauth]
May  6 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: Invalid user alex from 83.168.108.5
May  6 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: input_userauth_request: invalid user alex [preauth]
May  6 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Invalid user jp from 40.83.182.122
May  6 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: input_userauth_request: invalid user jp [preauth]
May  6 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: Failed password for invalid user alex from 83.168.108.5 port 49156 ssh2
May  6 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: Received disconnect from 83.168.108.5 port 49156:11: Bye Bye [preauth]
May  6 10:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29593]: Disconnected from 83.168.108.5 port 49156 [preauth]
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Failed password for invalid user jp from 40.83.182.122 port 38618 ssh2
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Received disconnect from 40.83.182.122 port 38618:11: Bye Bye [preauth]
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29595]: Disconnected from 40.83.182.122 port 38618 [preauth]
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: Invalid user esuser from 47.236.194.116
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: input_userauth_request: invalid user esuser [preauth]
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: Invalid user observer from 47.236.194.116
May  6 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: input_userauth_request: invalid user observer [preauth]
May  6 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: Failed password for invalid user esuser from 47.236.194.116 port 49692 ssh2
May  6 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29605]: Connection closed by 47.236.194.116 port 49692 [preauth]
May  6 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28272]: pam_unix(cron:session): session closed for user root
May  6 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: Failed password for invalid user observer from 47.236.194.116 port 32802 ssh2
May  6 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: Connection closed by 47.236.194.116 port 32802 [preauth]
May  6 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121  user=root
May  6 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Failed password for root from 188.138.28.121 port 45926 ssh2
May  6 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Received disconnect from 188.138.28.121 port 45926:11: Bye Bye [preauth]
May  6 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29634]: Disconnected from 188.138.28.121 port 45926 [preauth]
May  6 10:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.247  user=root
May  6 10:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: Invalid user elastic from 47.236.194.116
May  6 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: input_userauth_request: invalid user elastic [preauth]
May  6 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 196.92.7.247 port 33070 ssh2
May  6 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Received disconnect from 196.92.7.247 port 33070:11: Bye Bye [preauth]
May  6 10:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Disconnected from 196.92.7.247 port 33070 [preauth]
May  6 10:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: Failed password for invalid user elastic from 47.236.194.116 port 49048 ssh2
May  6 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29655]: Connection closed by 47.236.194.116 port 49048 [preauth]
May  6 10:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Invalid user postgres from 47.236.194.116
May  6 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: input_userauth_request: invalid user postgres [preauth]
May  6 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Failed password for invalid user postgres from 47.236.194.116 port 49120 ssh2
May  6 10:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29673]: Connection closed by 47.236.194.116 port 49120 [preauth]
May  6 10:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Invalid user oracle from 47.236.194.116
May  6 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: input_userauth_request: invalid user oracle [preauth]
May  6 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Failed password for invalid user oracle from 47.236.194.116 port 49084 ssh2
May  6 10:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29682]: Connection closed by 47.236.194.116 port 49084 [preauth]
May  6 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Invalid user ts from 47.236.194.116
May  6 10:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: input_userauth_request: invalid user ts [preauth]
May  6 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Failed password for invalid user ts from 47.236.194.116 port 49470 ssh2
May  6 10:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Connection closed by 47.236.194.116 port 49470 [preauth]
May  6 10:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Failed password for root from 47.236.194.116 port 49498 ssh2
May  6 10:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Connection closed by 47.236.194.116 port 49498 [preauth]
May  6 10:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: Invalid user test from 47.236.194.116
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: input_userauth_request: invalid user test [preauth]
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29711]: pam_unix(cron:session): session closed for user p13x
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29776]: Successful su for rubyman by root
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29776]: + ??? root:rubyman
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339794 of user rubyman.
May  6 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29776]: pam_unix(su:session): session closed for user rubyman
May  6 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339794.
May  6 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: Failed password for invalid user test from 47.236.194.116 port 44048 ssh2
May  6 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29706]: Connection closed by 47.236.194.116 port 44048 [preauth]
May  6 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26821]: pam_unix(cron:session): session closed for user root
May  6 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Invalid user gitlab from 47.236.194.116
May  6 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: input_userauth_request: invalid user gitlab [preauth]
May  6 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29713]: pam_unix(cron:session): session closed for user samftp
May  6 10:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Failed password for invalid user gitlab from 47.236.194.116 port 44074 ssh2
May  6 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29929]: Connection closed by 47.236.194.116 port 44074 [preauth]
May  6 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Invalid user ftpuser from 47.236.194.116
May  6 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: input_userauth_request: invalid user ftpuser [preauth]
May  6 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Invalid user guest from 47.236.194.116
May  6 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: input_userauth_request: invalid user guest [preauth]
May  6 10:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Failed password for invalid user ftpuser from 47.236.194.116 port 44022 ssh2
May  6 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Connection closed by 47.236.194.116 port 44022 [preauth]
May  6 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Failed password for invalid user guest from 47.236.194.116 port 43910 ssh2
May  6 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Connection closed by 47.236.194.116 port 43910 [preauth]
May  6 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Invalid user flask from 47.236.194.116
May  6 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: input_userauth_request: invalid user flask [preauth]
May  6 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Failed password for invalid user flask from 47.236.194.116 port 43970 ssh2
May  6 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Connection closed by 47.236.194.116 port 43970 [preauth]
May  6 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: Invalid user gpuadmin from 47.236.194.116
May  6 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: input_userauth_request: invalid user gpuadmin [preauth]
May  6 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: Failed password for invalid user gpuadmin from 47.236.194.116 port 36616 ssh2
May  6 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30013]: Connection closed by 47.236.194.116 port 36616 [preauth]
May  6 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Invalid user zabbix from 47.236.194.116
May  6 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: input_userauth_request: invalid user zabbix [preauth]
May  6 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Failed password for invalid user zabbix from 47.236.194.116 port 36644 ssh2
May  6 10:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: Connection closed by 47.236.194.116 port 36644 [preauth]
May  6 10:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: Failed password for root from 47.236.194.116 port 36672 ssh2
May  6 10:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30044]: Connection closed by 47.236.194.116 port 36672 [preauth]
May  6 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28728]: pam_unix(cron:session): session closed for user root
May  6 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Invalid user gitlab from 47.236.194.116
May  6 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: input_userauth_request: invalid user gitlab [preauth]
May  6 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Failed password for invalid user gitlab from 47.236.194.116 port 42864 ssh2
May  6 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30057]: Connection closed by 47.236.194.116 port 42864 [preauth]
May  6 10:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Invalid user postgres from 47.236.194.116
May  6 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: input_userauth_request: invalid user postgres [preauth]
May  6 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: Invalid user flask from 47.236.194.116
May  6 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: input_userauth_request: invalid user flask [preauth]
May  6 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Failed password for invalid user postgres from 47.236.194.116 port 50038 ssh2
May  6 10:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Connection closed by 47.236.194.116 port 50038 [preauth]
May  6 10:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: Failed password for invalid user flask from 47.236.194.116 port 42826 ssh2
May  6 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30112]: Connection closed by 47.236.194.116 port 42826 [preauth]
May  6 10:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Invalid user admin from 47.236.194.116
May  6 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: input_userauth_request: invalid user admin [preauth]
May  6 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Failed password for invalid user admin from 47.236.194.116 port 45668 ssh2
May  6 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30123]: Connection closed by 47.236.194.116 port 45668 [preauth]
May  6 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.17.187  user=root
May  6 10:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: Failed password for root from 47.236.194.116 port 45638 ssh2
May  6 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30127]: Connection closed by 47.236.194.116 port 45638 [preauth]
May  6 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Failed password for root from 61.219.17.187 port 48618 ssh2
May  6 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Received disconnect from 61.219.17.187 port 48618:11: Bye Bye [preauth]
May  6 10:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30125]: Disconnected from 61.219.17.187 port 48618 [preauth]
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30149]: pam_unix(cron:session): session closed for user p13x
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: Successful su for rubyman by root
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: + ??? root:rubyman
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339800 of user rubyman.
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: pam_unix(su:session): session closed for user rubyman
May  6 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339800.
May  6 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30147]: pam_unix(cron:session): session closed for user root
May  6 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27346]: pam_unix(cron:session): session closed for user root
May  6 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30151]: pam_unix(cron:session): session closed for user samftp
May  6 10:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Invalid user test from 47.236.194.116
May  6 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: input_userauth_request: invalid user test [preauth]
May  6 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Failed password for invalid user test from 47.236.194.116 port 40740 ssh2
May  6 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Connection closed by 47.236.194.116 port 40740 [preauth]
May  6 10:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Invalid user steam from 47.236.194.116
May  6 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: input_userauth_request: invalid user steam [preauth]
May  6 10:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30506]: Failed password for root from 47.236.194.116 port 40754 ssh2
May  6 10:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30506]: Connection closed by 47.236.194.116 port 40754 [preauth]
May  6 10:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Invalid user centos from 47.236.194.116
May  6 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: input_userauth_request: invalid user centos [preauth]
May  6 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Failed password for invalid user steam from 47.236.194.116 port 44726 ssh2
May  6 10:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Connection closed by 47.236.194.116 port 44726 [preauth]
May  6 10:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Failed password for invalid user centos from 47.236.194.116 port 39406 ssh2
May  6 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Invalid user test from 47.236.194.116
May  6 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: input_userauth_request: invalid user test [preauth]
May  6 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30519]: Connection closed by 47.236.194.116 port 39406 [preauth]
May  6 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Failed password for invalid user test from 47.236.194.116 port 44756 ssh2
May  6 10:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Connection closed by 47.236.194.116 port 44756 [preauth]
May  6 10:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: Invalid user user10 from 164.68.105.9
May  6 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: input_userauth_request: invalid user user10 [preauth]
May  6 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: Failed password for invalid user user10 from 164.68.105.9 port 33746 ssh2
May  6 10:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30552]: Connection closed by 164.68.105.9 port 33746 [preauth]
May  6 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29273]: pam_unix(cron:session): session closed for user root
May  6 10:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: User mysql from 47.236.194.116 not allowed because not listed in AllowUsers
May  6 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: input_userauth_request: invalid user mysql [preauth]
May  6 10:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=mysql
May  6 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Failed password for invalid user mysql from 47.236.194.116 port 38194 ssh2
May  6 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30583]: Connection closed by 47.236.194.116 port 38194 [preauth]
May  6 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Failed password for root from 47.236.194.116 port 38258 ssh2
May  6 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30581]: Connection closed by 47.236.194.116 port 38258 [preauth]
May  6 10:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Failed password for root from 47.236.194.116 port 38226 ssh2
May  6 10:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Connection closed by 47.236.194.116 port 38226 [preauth]
May  6 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Invalid user kubernetes from 47.236.194.116
May  6 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: input_userauth_request: invalid user kubernetes [preauth]
May  6 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Invalid user zabbix from 47.236.194.116
May  6 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: input_userauth_request: invalid user zabbix [preauth]
May  6 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Failed password for invalid user kubernetes from 47.236.194.116 port 49690 ssh2
May  6 10:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30596]: Connection closed by 47.236.194.116 port 49690 [preauth]
May  6 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Failed password for invalid user zabbix from 47.236.194.116 port 49658 ssh2
May  6 10:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30598]: Connection closed by 47.236.194.116 port 49658 [preauth]
May  6 10:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Invalid user observer from 47.236.194.116
May  6 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: input_userauth_request: invalid user observer [preauth]
May  6 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Failed password for invalid user observer from 47.236.194.116 port 49722 ssh2
May  6 10:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Connection closed by 47.236.194.116 port 49722 [preauth]
May  6 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Invalid user bot from 47.236.194.116
May  6 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: input_userauth_request: invalid user bot [preauth]
May  6 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Failed password for invalid user bot from 47.236.194.116 port 59924 ssh2
May  6 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30632]: Connection closed by 47.236.194.116 port 59924 [preauth]
May  6 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Invalid user debianuser from 47.236.194.116
May  6 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: input_userauth_request: invalid user debianuser [preauth]
May  6 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Invalid user ranger from 47.236.194.116
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: input_userauth_request: invalid user ranger [preauth]
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30663]: pam_unix(cron:session): session closed for user root
May  6 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30658]: pam_unix(cron:session): session closed for user p13x
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30729]: Successful su for rubyman by root
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30729]: + ??? root:rubyman
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339805 of user rubyman.
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30729]: pam_unix(su:session): session closed for user rubyman
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339805.
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Failed password for invalid user debianuser from 47.236.194.116 port 59960 ssh2
May  6 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30653]: Connection closed by 47.236.194.116 port 59960 [preauth]
May  6 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Failed password for invalid user ranger from 47.236.194.116 port 45690 ssh2
May  6 10:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: Connection closed by 47.236.194.116 port 45690 [preauth]
May  6 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30660]: pam_unix(cron:session): session closed for user root
May  6 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27825]: pam_unix(cron:session): session closed for user root
May  6 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30659]: pam_unix(cron:session): session closed for user samftp
May  6 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Invalid user oracle from 47.236.194.116
May  6 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: input_userauth_request: invalid user oracle [preauth]
May  6 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Failed password for invalid user oracle from 47.236.194.116 port 45706 ssh2
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: Connection closed by 47.236.194.116 port 45706 [preauth]
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Invalid user elastic from 47.236.194.116
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: input_userauth_request: invalid user elastic [preauth]
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: User ftp from 47.236.194.116 not allowed because not listed in AllowUsers
May  6 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: input_userauth_request: invalid user ftp [preauth]
May  6 10:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=ftp
May  6 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Failed password for invalid user elastic from 47.236.194.116 port 40780 ssh2
May  6 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31017]: Connection closed by 47.236.194.116 port 40780 [preauth]
May  6 10:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for invalid user ftp from 47.236.194.116 port 40756 ssh2
May  6 10:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Connection closed by 47.236.194.116 port 40756 [preauth]
May  6 10:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Invalid user admin from 47.236.194.116
May  6 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: input_userauth_request: invalid user admin [preauth]
May  6 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Failed password for root from 47.236.194.116 port 40804 ssh2
May  6 10:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Connection closed by 47.236.194.116 port 40804 [preauth]
May  6 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Failed password for invalid user admin from 47.236.194.116 port 33840 ssh2
May  6 10:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Connection closed by 47.236.194.116 port 33840 [preauth]
May  6 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Invalid user default from 47.236.194.116
May  6 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: input_userauth_request: invalid user default [preauth]
May  6 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Failed password for invalid user default from 47.236.194.116 port 33876 ssh2
May  6 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Connection closed by 47.236.194.116 port 33876 [preauth]
May  6 10:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Invalid user tomcat from 47.236.194.116
May  6 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: input_userauth_request: invalid user tomcat [preauth]
May  6 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Failed password for invalid user tomcat from 47.236.194.116 port 33912 ssh2
May  6 10:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31107]: Connection closed by 47.236.194.116 port 33912 [preauth]
May  6 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29715]: pam_unix(cron:session): session closed for user root
May  6 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Invalid user gitlab from 47.236.194.116
May  6 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: input_userauth_request: invalid user gitlab [preauth]
May  6 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Failed password for invalid user gitlab from 47.236.194.116 port 42628 ssh2
May  6 10:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31151]: Connection closed by 47.236.194.116 port 42628 [preauth]
May  6 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Failed password for root from 47.236.194.116 port 44184 ssh2
May  6 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Connection closed by 47.236.194.116 port 44184 [preauth]
May  6 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Invalid user tools from 47.236.194.116
May  6 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: input_userauth_request: invalid user tools [preauth]
May  6 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Invalid user www from 47.236.194.116
May  6 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: input_userauth_request: invalid user www [preauth]
May  6 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Failed password for invalid user tools from 47.236.194.116 port 40134 ssh2
May  6 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Connection closed by 47.236.194.116 port 40134 [preauth]
May  6 10:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Failed password for invalid user www from 47.236.194.116 port 44160 ssh2
May  6 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31197]: Connection closed by 47.236.194.116 port 44160 [preauth]
May  6 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31213]: pam_unix(cron:session): session closed for user p13x
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Failed password for root from 47.236.194.116 port 44208 ssh2
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31210]: Connection closed by 47.236.194.116 port 44208 [preauth]
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31284]: Successful su for rubyman by root
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31284]: + ??? root:rubyman
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339809 of user rubyman.
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31284]: pam_unix(su:session): session closed for user rubyman
May  6 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339809.
May  6 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28271]: pam_unix(cron:session): session closed for user root
May  6 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31214]: pam_unix(cron:session): session closed for user samftp
May  6 10:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: Invalid user uftp from 47.236.194.116
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: input_userauth_request: invalid user uftp [preauth]
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: Invalid user oracle from 47.236.194.116
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: input_userauth_request: invalid user oracle [preauth]
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Invalid user xiangyu from 36.255.8.54
May  6 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: input_userauth_request: invalid user xiangyu [preauth]
May  6 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: Failed password for invalid user uftp from 47.236.194.116 port 55456 ssh2
May  6 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: Failed password for invalid user oracle from 47.236.194.116 port 42868 ssh2
May  6 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31480]: Connection closed by 47.236.194.116 port 55456 [preauth]
May  6 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31481]: Connection closed by 47.236.194.116 port 42868 [preauth]
May  6 10:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Failed password for invalid user xiangyu from 36.255.8.54 port 35176 ssh2
May  6 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Received disconnect from 36.255.8.54 port 35176:11: Bye Bye [preauth]
May  6 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Disconnected from 36.255.8.54 port 35176 [preauth]
May  6 10:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Failed password for root from 47.236.194.116 port 42834 ssh2
May  6 10:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31512]: Connection closed by 47.236.194.116 port 42834 [preauth]
May  6 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Invalid user gitlab-runner from 47.236.194.116
May  6 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: input_userauth_request: invalid user gitlab-runner [preauth]
May  6 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Invalid user flink from 47.236.194.116
May  6 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: input_userauth_request: invalid user flink [preauth]
May  6 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Failed password for invalid user gitlab-runner from 47.236.194.116 port 60862 ssh2
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: Invalid user es from 47.236.194.116
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: input_userauth_request: invalid user es [preauth]
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Connection closed by 47.236.194.116 port 60862 [preauth]
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Failed password for invalid user flink from 47.236.194.116 port 55488 ssh2
May  6 10:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31525]: Connection closed by 47.236.194.116 port 55488 [preauth]
May  6 10:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: Failed password for invalid user es from 47.236.194.116 port 60902 ssh2
May  6 10:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31527]: Connection closed by 47.236.194.116 port 60902 [preauth]
May  6 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Invalid user ubnt from 47.236.194.116
May  6 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: input_userauth_request: invalid user ubnt [preauth]
May  6 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Failed password for invalid user ubnt from 47.236.194.116 port 34260 ssh2
May  6 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31559]: Connection closed by 47.236.194.116 port 34260 [preauth]
May  6 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user root
May  6 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: Invalid user nvidia from 47.236.194.116
May  6 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: input_userauth_request: invalid user nvidia [preauth]
May  6 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: Failed password for invalid user nvidia from 47.236.194.116 port 34288 ssh2
May  6 10:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31593]: Connection closed by 47.236.194.116 port 34288 [preauth]
May  6 10:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Failed password for root from 47.236.194.116 port 37200 ssh2
May  6 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31604]: Connection closed by 47.236.194.116 port 37200 [preauth]
May  6 10:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Invalid user developer from 47.236.194.116
May  6 10:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: input_userauth_request: invalid user developer [preauth]
May  6 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Failed password for root from 47.236.194.116 port 37166 ssh2
May  6 10:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31618]: Connection closed by 47.236.194.116 port 37166 [preauth]
May  6 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Failed password for invalid user developer from 47.236.194.116 port 37234 ssh2
May  6 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31628]: Connection closed by 47.236.194.116 port 37234 [preauth]
May  6 10:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: User ftp from 47.236.194.116 not allowed because not listed in AllowUsers
May  6 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: input_userauth_request: invalid user ftp [preauth]
May  6 10:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=ftp
May  6 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Failed password for invalid user ftp from 47.236.194.116 port 40052 ssh2
May  6 10:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31652]: Connection closed by 47.236.194.116 port 40052 [preauth]
May  6 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: Invalid user mongodb from 47.236.194.116
May  6 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: input_userauth_request: invalid user mongodb [preauth]
May  6 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user p13x
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: Successful su for rubyman by root
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: + ??? root:rubyman
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339814 of user rubyman.
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31745]: pam_unix(su:session): session closed for user rubyman
May  6 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339814.
May  6 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: Invalid user artem from 83.168.108.5
May  6 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: input_userauth_request: invalid user artem [preauth]
May  6 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: Failed password for invalid user mongodb from 47.236.194.116 port 40080 ssh2
May  6 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: Connection closed by 47.236.194.116 port 40080 [preauth]
May  6 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Invalid user mongodb from 47.236.194.116
May  6 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: input_userauth_request: invalid user mongodb [preauth]
May  6 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: Invalid user app from 47.236.194.116
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: input_userauth_request: invalid user app [preauth]
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session closed for user root
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: Failed password for invalid user artem from 83.168.108.5 port 60204 ssh2
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: Received disconnect from 83.168.108.5 port 60204:11: Bye Bye [preauth]
May  6 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31743]: Disconnected from 83.168.108.5 port 60204 [preauth]
May  6 10:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Failed password for invalid user mongodb from 47.236.194.116 port 53742 ssh2
May  6 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31800]: Connection closed by 47.236.194.116 port 53742 [preauth]
May  6 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user samftp
May  6 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: Failed password for invalid user app from 47.236.194.116 port 53754 ssh2
May  6 10:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31831]: Connection closed by 47.236.194.116 port 53754 [preauth]
May  6 10:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Failed password for root from 47.236.194.116 port 46638 ssh2
May  6 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32040]: Connection closed by 47.236.194.116 port 46638 [preauth]
May  6 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Invalid user guilherme from 180.253.167.74
May  6 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: input_userauth_request: invalid user guilherme [preauth]
May  6 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Failed password for invalid user guilherme from 180.253.167.74 port 64004 ssh2
May  6 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Received disconnect from 180.253.167.74 port 64004:11: Bye Bye [preauth]
May  6 10:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32042]: Disconnected from 180.253.167.74 port 64004 [preauth]
May  6 10:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121  user=root
May  6 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Failed password for root from 188.138.28.121 port 55380 ssh2
May  6 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Received disconnect from 188.138.28.121 port 55380:11: Bye Bye [preauth]
May  6 10:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Disconnected from 188.138.28.121 port 55380 [preauth]
May  6 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Invalid user docker from 47.236.194.116
May  6 10:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: input_userauth_request: invalid user docker [preauth]
May  6 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user docker from 47.236.194.116 port 50882 ssh2
May  6 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Connection closed by 47.236.194.116 port 50882 [preauth]
May  6 10:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Invalid user gabriel from 40.83.182.122
May  6 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: input_userauth_request: invalid user gabriel [preauth]
May  6 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30662]: pam_unix(cron:session): session closed for user root
May  6 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Failed password for root from 47.236.194.116 port 50912 ssh2
May  6 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Connection closed by 47.236.194.116 port 50912 [preauth]
May  6 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Failed password for invalid user gabriel from 40.83.182.122 port 56146 ssh2
May  6 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Received disconnect from 40.83.182.122 port 56146:11: Bye Bye [preauth]
May  6 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Disconnected from 40.83.182.122 port 56146 [preauth]
May  6 10:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: Invalid user postgres from 47.236.194.116
May  6 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: input_userauth_request: invalid user postgres [preauth]
May  6 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: Failed password for invalid user postgres from 47.236.194.116 port 36206 ssh2
May  6 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32332]: Connection closed by 47.236.194.116 port 36206 [preauth]
May  6 10:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Invalid user ftpuser from 196.92.7.247
May  6 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: input_userauth_request: invalid user ftpuser [preauth]
May  6 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.247
May  6 10:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Invalid user tomcat from 47.236.194.116
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: input_userauth_request: invalid user tomcat [preauth]
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Failed password for invalid user ftpuser from 196.92.7.247 port 51786 ssh2
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Received disconnect from 196.92.7.247 port 51786:11: Bye Bye [preauth]
May  6 10:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Disconnected from 196.92.7.247 port 51786 [preauth]
May  6 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Failed password for invalid user tomcat from 47.236.194.116 port 56648 ssh2
May  6 10:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32350]: Connection closed by 47.236.194.116 port 56648 [preauth]
May  6 10:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Invalid user elsearch from 47.236.194.116
May  6 10:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: input_userauth_request: invalid user elsearch [preauth]
May  6 10:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Failed password for invalid user elsearch from 47.236.194.116 port 56684 ssh2
May  6 10:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32385]: Connection closed by 47.236.194.116 port 56684 [preauth]
May  6 10:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: Invalid user guest from 47.236.194.116
May  6 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: input_userauth_request: invalid user guest [preauth]
May  6 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: Failed password for invalid user guest from 47.236.194.116 port 36242 ssh2
May  6 10:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32399]: Connection closed by 47.236.194.116 port 36242 [preauth]
May  6 10:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Invalid user ftpuser from 47.236.194.116
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: input_userauth_request: invalid user ftpuser [preauth]
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session closed for user p13x
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: Successful su for rubyman by root
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: + ??? root:rubyman
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339817 of user rubyman.
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: pam_unix(su:session): session closed for user rubyman
May  6 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339817.
May  6 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Failed password for invalid user ftpuser from 47.236.194.116 port 59892 ssh2
May  6 10:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32411]: Connection closed by 47.236.194.116 port 59892 [preauth]
May  6 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29272]: pam_unix(cron:session): session closed for user root
May  6 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session closed for user samftp
May  6 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: Failed password for root from 47.236.194.116 port 59980 ssh2
May  6 10:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32758]: Connection closed by 47.236.194.116 port 59980 [preauth]
May  6 10:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Invalid user ftpuser from 47.236.194.116
May  6 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: input_userauth_request: invalid user ftpuser [preauth]
May  6 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Failed password for invalid user ftpuser from 47.236.194.116 port 46308 ssh2
May  6 10:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Connection closed by 47.236.194.116 port 46308 [preauth]
May  6 10:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Invalid user tg from 190.173.77.226
May  6 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: input_userauth_request: invalid user tg [preauth]
May  6 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Invalid user admin from 47.236.194.116
May  6 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: input_userauth_request: invalid user admin [preauth]
May  6 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Invalid user steam from 47.236.194.116
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: input_userauth_request: invalid user steam [preauth]
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Failed password for invalid user tg from 190.173.77.226 port 38946 ssh2
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Received disconnect from 190.173.77.226 port 38946:11: Bye Bye [preauth]
May  6 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[374]: Disconnected from 190.173.77.226 port 38946 [preauth]
May  6 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Failed password for invalid user admin from 47.236.194.116 port 52678 ssh2
May  6 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[376]: Connection closed by 47.236.194.116 port 52678 [preauth]
May  6 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: Invalid user worker from 47.236.194.116
May  6 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: input_userauth_request: invalid user worker [preauth]
May  6 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user steam from 47.236.194.116 port 52692 ssh2
May  6 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Connection closed by 47.236.194.116 port 52692 [preauth]
May  6 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: Failed password for invalid user worker from 47.236.194.116 port 46280 ssh2
May  6 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[417]: Connection closed by 47.236.194.116 port 46280 [preauth]
May  6 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Invalid user es from 47.236.194.116
May  6 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: input_userauth_request: invalid user es [preauth]
May  6 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Failed password for invalid user es from 47.236.194.116 port 52706 ssh2
May  6 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[420]: Connection closed by 47.236.194.116 port 52706 [preauth]
May  6 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: Failed password for root from 47.236.194.116 port 59002 ssh2
May  6 10:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: Connection closed by 47.236.194.116 port 59002 [preauth]
May  6 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31216]: pam_unix(cron:session): session closed for user root
May  6 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: Invalid user deploy from 47.236.194.116
May  6 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: input_userauth_request: invalid user deploy [preauth]
May  6 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: Failed password for invalid user deploy from 47.236.194.116 port 59034 ssh2
May  6 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[476]: Connection closed by 47.236.194.116 port 59034 [preauth]
May  6 10:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: Invalid user deploy from 47.236.194.116
May  6 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: input_userauth_request: invalid user deploy [preauth]
May  6 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: Failed password for invalid user deploy from 47.236.194.116 port 56986 ssh2
May  6 10:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[507]: Connection closed by 47.236.194.116 port 56986 [preauth]
May  6 10:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Invalid user dev from 47.236.194.116
May  6 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: input_userauth_request: invalid user dev [preauth]
May  6 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Failed password for invalid user dev from 47.236.194.116 port 57012 ssh2
May  6 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[537]: Connection closed by 47.236.194.116 port 57012 [preauth]
May  6 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: Invalid user oscar from 47.236.194.116
May  6 10:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: input_userauth_request: invalid user oscar [preauth]
May  6 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: Failed password for invalid user oscar from 47.236.194.116 port 38742 ssh2
May  6 10:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[540]: Connection closed by 47.236.194.116 port 38742 [preauth]
May  6 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Invalid user dolphinscheduler from 47.236.194.116
May  6 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Failed password for invalid user dolphinscheduler from 47.236.194.116 port 38774 ssh2
May  6 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Connection closed by 47.236.194.116 port 38774 [preauth]
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session closed for user p13x
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: Successful su for rubyman by root
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: + ??? root:rubyman
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339823 of user rubyman.
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[639]: pam_unix(su:session): session closed for user rubyman
May  6 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339823.
May  6 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Invalid user pi from 47.236.194.116
May  6 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: input_userauth_request: invalid user pi [preauth]
May  6 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29714]: pam_unix(cron:session): session closed for user root
May  6 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Failed password for invalid user pi from 47.236.194.116 port 38806 ssh2
May  6 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[720]: Connection closed by 47.236.194.116 port 38806 [preauth]
May  6 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session closed for user samftp
May  6 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Invalid user dev from 47.236.194.116
May  6 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: input_userauth_request: invalid user dev [preauth]
May  6 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Invalid user lighthouse from 47.236.194.116
May  6 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: input_userauth_request: invalid user lighthouse [preauth]
May  6 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Failed password for invalid user dev from 47.236.194.116 port 43048 ssh2
May  6 10:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[855]: Connection closed by 47.236.194.116 port 43048 [preauth]
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Failed password for invalid user lighthouse from 47.236.194.116 port 43108 ssh2
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Connection closed by 47.236.194.116 port 43108 [preauth]
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Invalid user oceanbase from 47.236.194.116
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: input_userauth_request: invalid user oceanbase [preauth]
May  6 10:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: Failed password for root from 47.236.194.116 port 48216 ssh2
May  6 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[867]: Connection closed by 47.236.194.116 port 48216 [preauth]
May  6 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Failed password for invalid user oceanbase from 47.236.194.116 port 43078 ssh2
May  6 10:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Connection closed by 47.236.194.116 port 43078 [preauth]
May  6 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: Failed password for root from 47.236.194.116 port 48250 ssh2
May  6 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: Failed password for root from 47.236.194.116 port 55200 ssh2
May  6 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: Connection closed by 47.236.194.116 port 48250 [preauth]
May  6 10:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[914]: Connection closed by 47.236.194.116 port 55200 [preauth]
May  6 10:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: Invalid user user from 47.236.194.116
May  6 10:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: input_userauth_request: invalid user user [preauth]
May  6 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: Failed password for root from 47.236.194.116 port 58834 ssh2
May  6 10:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[948]: Connection closed by 47.236.194.116 port 58834 [preauth]
May  6 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: Failed password for invalid user user from 47.236.194.116 port 55234 ssh2
May  6 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[950]: Connection closed by 47.236.194.116 port 55234 [preauth]
May  6 10:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user root
May  6 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: Failed password for root from 47.236.194.116 port 55166 ssh2
May  6 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[964]: Connection closed by 47.236.194.116 port 55166 [preauth]
May  6 10:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: Invalid user ftpuser from 47.236.194.116
May  6 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: input_userauth_request: invalid user ftpuser [preauth]
May  6 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: Failed password for invalid user ftpuser from 47.236.194.116 port 58902 ssh2
May  6 10:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[991]: Connection closed by 47.236.194.116 port 58902 [preauth]
May  6 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Invalid user ubuntu from 47.236.194.116
May  6 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: input_userauth_request: invalid user ubuntu [preauth]
May  6 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Failed password for invalid user ubuntu from 47.236.194.116 port 43668 ssh2
May  6 10:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1028]: Connection closed by 47.236.194.116 port 43668 [preauth]
May  6 10:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for root from 47.236.194.116 port 43704 ssh2
May  6 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Connection closed by 47.236.194.116 port 43704 [preauth]
May  6 10:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Invalid user esadmin from 47.236.194.116
May  6 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: input_userauth_request: invalid user esadmin [preauth]
May  6 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Invalid user flask from 47.236.194.116
May  6 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: input_userauth_request: invalid user flask [preauth]
May  6 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Failed password for invalid user esadmin from 47.236.194.116 port 43740 ssh2
May  6 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1060]: Connection closed by 47.236.194.116 port 43740 [preauth]
May  6 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for invalid user flask from 47.236.194.116 port 60678 ssh2
May  6 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Connection closed by 47.236.194.116 port 60678 [preauth]
May  6 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1058]: Failed password for root from 47.236.194.116 port 60650 ssh2
May  6 10:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1058]: Connection closed by 47.236.194.116 port 60650 [preauth]
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1080]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1083]: pam_unix(cron:session): session closed for user root
May  6 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session closed for user p13x
May  6 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: Successful su for rubyman by root
May  6 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: + ??? root:rubyman
May  6 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339825 of user rubyman.
May  6 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1152]: pam_unix(su:session): session closed for user rubyman
May  6 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339825.
May  6 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1080]: pam_unix(cron:session): session closed for user root
May  6 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user root
May  6 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session closed for user samftp
May  6 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Failed password for root from 47.236.194.116 port 51574 ssh2
May  6 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1459]: Connection closed by 47.236.194.116 port 51574 [preauth]
May  6 10:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Invalid user rabbitmq from 47.236.194.116
May  6 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: input_userauth_request: invalid user rabbitmq [preauth]
May  6 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Failed password for invalid user rabbitmq from 47.236.194.116 port 52664 ssh2
May  6 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1470]: Connection closed by 47.236.194.116 port 52664 [preauth]
May  6 10:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: Failed password for root from 47.236.194.116 port 51592 ssh2
May  6 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1472]: Connection closed by 47.236.194.116 port 51592 [preauth]
May  6 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1474]: Failed password for root from 47.236.194.116 port 60630 ssh2
May  6 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1474]: Connection closed by 47.236.194.116 port 60630 [preauth]
May  6 10:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Invalid user oracle from 47.236.194.116
May  6 10:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: input_userauth_request: invalid user oracle [preauth]
May  6 10:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: Failed password for root from 47.236.194.116 port 60660 ssh2
May  6 10:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1476]: Connection closed by 47.236.194.116 port 60660 [preauth]
May  6 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Failed password for invalid user oracle from 47.236.194.116 port 52630 ssh2
May  6 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1478]: Connection closed by 47.236.194.116 port 52630 [preauth]
May  6 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Failed password for root from 47.236.194.116 port 60690 ssh2
May  6 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1502]: Connection closed by 47.236.194.116 port 60690 [preauth]
May  6 10:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: Failed password for root from 47.236.194.116 port 36348 ssh2
May  6 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1511]: Connection closed by 47.236.194.116 port 36348 [preauth]
May  6 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session closed for user root
May  6 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Invalid user wang from 47.236.194.116
May  6 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: input_userauth_request: invalid user wang [preauth]
May  6 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Failed password for invalid user wang from 47.236.194.116 port 36390 ssh2
May  6 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Connection closed by 47.236.194.116 port 36390 [preauth]
May  6 10:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Invalid user hadoop from 47.236.194.116
May  6 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: input_userauth_request: invalid user hadoop [preauth]
May  6 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Failed password for invalid user hadoop from 47.236.194.116 port 34888 ssh2
May  6 10:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1554]: Connection closed by 47.236.194.116 port 34888 [preauth]
May  6 10:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: Failed password for root from 47.236.194.116 port 34920 ssh2
May  6 10:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1568]: Connection closed by 47.236.194.116 port 34920 [preauth]
May  6 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: Invalid user elasticsearch from 47.236.194.116
May  6 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: Failed password for invalid user elasticsearch from 47.236.194.116 port 34952 ssh2
May  6 10:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1583]: Connection closed by 47.236.194.116 port 34952 [preauth]
May  6 10:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1597]: User ftp from 47.236.194.116 not allowed because not listed in AllowUsers
May  6 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1597]: input_userauth_request: invalid user ftp [preauth]
May  6 10:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=ftp
May  6 10:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1597]: Failed password for invalid user ftp from 47.236.194.116 port 57520 ssh2
May  6 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1597]: Connection closed by 47.236.194.116 port 57520 [preauth]
May  6 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Invalid user uftp from 47.236.194.116
May  6 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: input_userauth_request: invalid user uftp [preauth]
May  6 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Failed password for invalid user uftp from 47.236.194.116 port 57558 ssh2
May  6 10:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1607]: Connection closed by 47.236.194.116 port 57558 [preauth]
May  6 10:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Invalid user awsgui from 47.236.194.116
May  6 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: input_userauth_request: invalid user awsgui [preauth]
May  6 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Failed password for invalid user awsgui from 47.236.194.116 port 57596 ssh2
May  6 10:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1610]: Connection closed by 47.236.194.116 port 57596 [preauth]
May  6 10:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Invalid user dolphinscheduler from 47.236.194.116
May  6 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1631]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1631]: pam_unix(cron:session): session closed for user p13x
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1712]: Successful su for rubyman by root
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1712]: + ??? root:rubyman
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339832 of user rubyman.
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1712]: pam_unix(su:session): session closed for user rubyman
May  6 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339832.
May  6 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Failed password for invalid user dolphinscheduler from 47.236.194.116 port 48382 ssh2
May  6 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1626]: Connection closed by 47.236.194.116 port 48382 [preauth]
May  6 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Invalid user partimag from 61.219.17.187
May  6 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: input_userauth_request: invalid user partimag [preauth]
May  6 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.219.17.187
May  6 10:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Failed password for invalid user partimag from 61.219.17.187 port 52500 ssh2
May  6 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30661]: pam_unix(cron:session): session closed for user root
May  6 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Received disconnect from 61.219.17.187 port 52500:11: Bye Bye [preauth]
May  6 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1628]: Disconnected from 61.219.17.187 port 52500 [preauth]
May  6 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Failed password for root from 47.236.194.116 port 48416 ssh2
May  6 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session closed for user samftp
May  6 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1816]: Connection closed by 47.236.194.116 port 48416 [preauth]
May  6 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Invalid user yarn from 47.236.194.116
May  6 10:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: input_userauth_request: invalid user yarn [preauth]
May  6 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user yarn from 47.236.194.116 port 36690 ssh2
May  6 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Connection closed by 47.236.194.116 port 36690 [preauth]
May  6 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Invalid user oracle from 47.236.194.116
May  6 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: input_userauth_request: invalid user oracle [preauth]
May  6 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Failed password for invalid user oracle from 47.236.194.116 port 36766 ssh2
May  6 10:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2041]: Connection closed by 47.236.194.116 port 36766 [preauth]
May  6 10:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Invalid user bi from 36.255.8.54
May  6 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: input_userauth_request: invalid user bi [preauth]
May  6 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 10:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Failed password for root from 47.236.194.116 port 43774 ssh2
May  6 10:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2074]: Connection closed by 47.236.194.116 port 43774 [preauth]
May  6 10:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Invalid user guest from 47.236.194.116
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: input_userauth_request: invalid user guest [preauth]
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[575]: pam_unix(cron:session): session closed for user root
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Failed password for invalid user bi from 36.255.8.54 port 55612 ssh2
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Received disconnect from 36.255.8.54 port 55612:11: Bye Bye [preauth]
May  6 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2085]: Disconnected from 36.255.8.54 port 55612 [preauth]
May  6 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Invalid user nexus from 47.236.194.116
May  6 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: input_userauth_request: invalid user nexus [preauth]
May  6 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Failed password for invalid user guest from 47.236.194.116 port 49594 ssh2
May  6 10:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2087]: Connection closed by 47.236.194.116 port 49594 [preauth]
May  6 10:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Failed password for invalid user nexus from 47.236.194.116 port 43804 ssh2
May  6 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2108]: Connection closed by 47.236.194.116 port 43804 [preauth]
May  6 10:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5  user=root
May  6 10:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Failed password for root from 83.168.108.5 port 46018 ssh2
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: Invalid user app from 47.236.194.116
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: input_userauth_request: invalid user app [preauth]
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Received disconnect from 83.168.108.5 port 46018:11: Bye Bye [preauth]
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Disconnected from 83.168.108.5 port 46018 [preauth]
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: Failed password for invalid user app from 47.236.194.116 port 43834 ssh2
May  6 10:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2121]: Connection closed by 47.236.194.116 port 43834 [preauth]
May  6 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2159]: Failed password for root from 47.236.194.116 port 56282 ssh2
May  6 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2159]: Connection closed by 47.236.194.116 port 56282 [preauth]
May  6 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Invalid user es from 47.236.194.116
May  6 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: input_userauth_request: invalid user es [preauth]
May  6 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2188]: pam_unix(cron:session): session closed for user p13x
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2249]: Successful su for rubyman by root
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2249]: + ??? root:rubyman
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339836 of user rubyman.
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2249]: pam_unix(su:session): session closed for user rubyman
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339836.
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Invalid user sugi from 47.236.194.116
May  6 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: input_userauth_request: invalid user sugi [preauth]
May  6 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116
May  6 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.194.116  user=root
May  6 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for invalid user es from 47.236.194.116 port 56306 ssh2
May  6 10:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 47.236.194.116 port 56306 [preauth]
May  6 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Failed password for invalid user sugi from 47.236.194.116 port 56330 ssh2
May  6 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Failed password for root from 47.236.194.116 port 32838 ssh2
May  6 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Connection closed by 47.236.194.116 port 56330 [preauth]
May  6 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2285]: Connection closed by 47.236.194.116 port 32838 [preauth]
May  6 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31215]: pam_unix(cron:session): session closed for user root
May  6 10:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2189]: pam_unix(cron:session): session closed for user samftp
May  6 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: Invalid user tkj from 188.138.28.121
May  6 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: input_userauth_request: invalid user tkj [preauth]
May  6 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: Failed password for invalid user tkj from 188.138.28.121 port 54736 ssh2
May  6 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: Received disconnect from 188.138.28.121 port 54736:11: Bye Bye [preauth]
May  6 10:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2457]: Disconnected from 188.138.28.121 port 54736 [preauth]
May  6 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1082]: pam_unix(cron:session): session closed for user root
May  6 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: Invalid user wm from 40.83.182.122
May  6 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: input_userauth_request: invalid user wm [preauth]
May  6 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: Invalid user test from 196.92.7.249
May  6 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: input_userauth_request: invalid user test [preauth]
May  6 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: Failed password for invalid user wm from 40.83.182.122 port 43626 ssh2
May  6 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: Received disconnect from 40.83.182.122 port 43626:11: Bye Bye [preauth]
May  6 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2555]: Disconnected from 40.83.182.122 port 43626 [preauth]
May  6 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: Failed password for invalid user test from 196.92.7.249 port 37422 ssh2
May  6 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: Received disconnect from 196.92.7.249 port 37422:11: Bye Bye [preauth]
May  6 10:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2553]: Disconnected from 196.92.7.249 port 37422 [preauth]
May  6 10:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39  user=root
May  6 10:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Failed password for root from 185.255.91.39 port 49700 ssh2
May  6 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Received disconnect from 185.255.91.39 port 49700:11: Bye Bye [preauth]
May  6 10:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2605]: Disconnected from 185.255.91.39 port 49700 [preauth]
May  6 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2626]: pam_unix(cron:session): session closed for user p13x
May  6 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2701]: Successful su for rubyman by root
May  6 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2701]: + ??? root:rubyman
May  6 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339841 of user rubyman.
May  6 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2701]: pam_unix(su:session): session closed for user rubyman
May  6 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339841.
May  6 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user root
May  6 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2627]: pam_unix(cron:session): session closed for user samftp
May  6 10:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Invalid user apps from 180.253.167.74
May  6 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: input_userauth_request: invalid user apps [preauth]
May  6 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Failed password for invalid user apps from 180.253.167.74 port 13242 ssh2
May  6 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Received disconnect from 180.253.167.74 port 13242:11: Bye Bye [preauth]
May  6 10:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2927]: Disconnected from 180.253.167.74 port 13242 [preauth]
May  6 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1634]: pam_unix(cron:session): session closed for user root
May  6 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3048]: pam_unix(cron:session): session closed for user p13x
May  6 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: Successful su for rubyman by root
May  6 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: + ??? root:rubyman
May  6 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339845 of user rubyman.
May  6 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3108]: pam_unix(su:session): session closed for user rubyman
May  6 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339845.
May  6 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32426]: pam_unix(cron:session): session closed for user root
May  6 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3049]: pam_unix(cron:session): session closed for user samftp
May  6 10:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2191]: pam_unix(cron:session): session closed for user root
May  6 10:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: Invalid user ab from 190.173.77.226
May  6 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: input_userauth_request: invalid user ab [preauth]
May  6 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: Failed password for invalid user ab from 190.173.77.226 port 54320 ssh2
May  6 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: Received disconnect from 190.173.77.226 port 54320:11: Bye Bye [preauth]
May  6 10:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3459]: Disconnected from 190.173.77.226 port 54320 [preauth]
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3484]: pam_unix(cron:session): session closed for user root
May  6 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session closed for user p13x
May  6 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: Successful su for rubyman by root
May  6 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: + ??? root:rubyman
May  6 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339850 of user rubyman.
May  6 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: pam_unix(su:session): session closed for user rubyman
May  6 10:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339850.
May  6 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session closed for user root
May  6 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session closed for user root
May  6 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session closed for user samftp
May  6 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2629]: pam_unix(cron:session): session closed for user root
May  6 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Failed password for root from 218.92.0.179 port 53324 ssh2
May  6 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user p13x
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: Successful su for rubyman by root
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: + ??? root:rubyman
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339853 of user rubyman.
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4040]: pam_unix(su:session): session closed for user rubyman
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339853.
May  6 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Failed password for root from 218.92.0.179 port 53324 ssh2
May  6 10:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Failed password for root from 218.92.0.179 port 53324 ssh2
May  6 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Received disconnect from 218.92.0.179 port 53324:11:  [preauth]
May  6 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: Disconnected from 218.92.0.179 port 53324 [preauth]
May  6 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3926]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1081]: pam_unix(cron:session): session closed for user root
May  6 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session closed for user samftp
May  6 10:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Invalid user user1 from 83.168.108.5
May  6 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: input_userauth_request: invalid user user1 [preauth]
May  6 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Failed password for invalid user user1 from 83.168.108.5 port 34800 ssh2
May  6 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Received disconnect from 83.168.108.5 port 34800:11: Bye Bye [preauth]
May  6 10:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Disconnected from 83.168.108.5 port 34800 [preauth]
May  6 10:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3051]: pam_unix(cron:session): session closed for user root
May  6 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.108.182.211  user=root
May  6 10:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Failed password for root from 41.108.182.211 port 43252 ssh2
May  6 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: message repeated 2 times: [ Failed password for root from 41.108.182.211 port 43252 ssh2]
May  6 10:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Invalid user openeuler from 36.255.8.54
May  6 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: input_userauth_request: invalid user openeuler [preauth]
May  6 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4540]: pam_unix(cron:session): session closed for user p13x
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4606]: Successful su for rubyman by root
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4606]: + ??? root:rubyman
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339859 of user rubyman.
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4606]: pam_unix(su:session): session closed for user rubyman
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339859.
May  6 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Failed password for root from 41.108.182.211 port 43252 ssh2
May  6 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Failed password for invalid user openeuler from 36.255.8.54 port 56934 ssh2
May  6 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Failed password for root from 41.108.182.211 port 43252 ssh2
May  6 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Received disconnect from 36.255.8.54 port 56934:11: Bye Bye [preauth]
May  6 10:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4535]: Disconnected from 36.255.8.54 port 56934 [preauth]
May  6 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session closed for user root
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Failed password for root from 41.108.182.211 port 43252 ssh2
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: error: maximum authentication attempts exceeded for root from 41.108.182.211 port 43252 ssh2 [preauth]
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Disconnecting: Too many authentication failures [preauth]
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.108.182.211  user=root
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4541]: pam_unix(cron:session): session closed for user samftp
May  6 10:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Invalid user lft from 188.138.28.121
May  6 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: input_userauth_request: invalid user lft [preauth]
May  6 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Failed password for invalid user lft from 188.138.28.121 port 57452 ssh2
May  6 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Received disconnect from 188.138.28.121 port 57452:11: Bye Bye [preauth]
May  6 10:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Disconnected from 188.138.28.121 port 57452 [preauth]
May  6 10:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4790]: Connection closed by 41.108.182.211 port 43276 [preauth]
May  6 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3483]: pam_unix(cron:session): session closed for user root
May  6 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: Invalid user howard from 40.83.182.122
May  6 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: input_userauth_request: invalid user howard [preauth]
May  6 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Invalid user pandora from 196.92.7.246
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: input_userauth_request: invalid user pandora [preauth]
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.246
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: Failed password for invalid user howard from 40.83.182.122 port 57102 ssh2
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: Received disconnect from 40.83.182.122 port 57102:11: Bye Bye [preauth]
May  6 10:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4906]: Disconnected from 40.83.182.122 port 57102 [preauth]
May  6 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Failed password for invalid user pandora from 196.92.7.246 port 45966 ssh2
May  6 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Received disconnect from 196.92.7.246 port 45966:11: Bye Bye [preauth]
May  6 10:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Disconnected from 196.92.7.246 port 45966 [preauth]
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4969]: pam_unix(cron:session): session closed for user p13x
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5216]: Successful su for rubyman by root
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5216]: + ??? root:rubyman
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339861 of user rubyman.
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5216]: pam_unix(su:session): session closed for user rubyman
May  6 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339861.
May  6 10:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2190]: pam_unix(cron:session): session closed for user root
May  6 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4970]: pam_unix(cron:session): session closed for user samftp
May  6 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3944]: pam_unix(cron:session): session closed for user root
May  6 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Invalid user admin from 80.94.95.112
May  6 10:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: input_userauth_request: invalid user admin [preauth]
May  6 10:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for invalid user admin from 80.94.95.112 port 37381 ssh2
May  6 10:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for invalid user admin from 80.94.95.112 port 37381 ssh2
May  6 10:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for invalid user admin from 80.94.95.112 port 37381 ssh2
May  6 10:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for invalid user admin from 80.94.95.112 port 37381 ssh2
May  6 10:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Failed password for invalid user admin from 80.94.95.112 port 37381 ssh2
May  6 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Received disconnect from 80.94.95.112 port 37381:11: Bye [preauth]
May  6 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: Disconnected from 80.94.95.112 port 37381 [preauth]
May  6 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5589]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5626]: pam_unix(cron:session): session closed for user p13x
May  6 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5694]: Successful su for rubyman by root
May  6 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5694]: + ??? root:rubyman
May  6 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339865 of user rubyman.
May  6 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5694]: pam_unix(su:session): session closed for user rubyman
May  6 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339865.
May  6 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2628]: pam_unix(cron:session): session closed for user root
May  6 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5627]: pam_unix(cron:session): session closed for user samftp
May  6 10:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Invalid user abc from 180.253.167.74
May  6 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: input_userauth_request: invalid user abc [preauth]
May  6 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 10:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for invalid user abc from 180.253.167.74 port 28381 ssh2
May  6 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Received disconnect from 180.253.167.74 port 28381:11: Bye Bye [preauth]
May  6 10:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Disconnected from 180.253.167.74 port 28381 [preauth]
May  6 10:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4543]: pam_unix(cron:session): session closed for user root
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6142]: pam_unix(cron:session): session closed for user root
May  6 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user p13x
May  6 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6207]: Successful su for rubyman by root
May  6 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6207]: + ??? root:rubyman
May  6 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339873 of user rubyman.
May  6 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6207]: pam_unix(su:session): session closed for user rubyman
May  6 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339873.
May  6 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3050]: pam_unix(cron:session): session closed for user root
May  6 10:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
May  6 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user samftp
May  6 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Failed password for root from 218.92.0.179 port 63444 ssh2
May  6 10:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63444 ssh2]
May  6 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Received disconnect from 218.92.0.179 port 63444:11:  [preauth]
May  6 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Disconnected from 218.92.0.179 port 63444 [preauth]
May  6 10:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 10:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Invalid user ma from 185.255.91.39
May  6 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: input_userauth_request: invalid user ma [preauth]
May  6 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Failed password for invalid user ma from 185.255.91.39 port 40578 ssh2
May  6 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Received disconnect from 185.255.91.39 port 40578:11: Bye Bye [preauth]
May  6 10:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6484]: Disconnected from 185.255.91.39 port 40578 [preauth]
May  6 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4972]: pam_unix(cron:session): session closed for user root
May  6 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session closed for user p13x
May  6 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: Successful su for rubyman by root
May  6 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: + ??? root:rubyman
May  6 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339876 of user rubyman.
May  6 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6640]: pam_unix(su:session): session closed for user rubyman
May  6 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339876.
May  6 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session closed for user root
May  6 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6568]: pam_unix(cron:session): session closed for user samftp
May  6 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5  user=root
May  6 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Failed password for root from 83.168.108.5 port 51834 ssh2
May  6 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Received disconnect from 83.168.108.5 port 51834:11: Bye Bye [preauth]
May  6 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Disconnected from 83.168.108.5 port 51834 [preauth]
May  6 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5631]: pam_unix(cron:session): session closed for user root
May  6 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Invalid user random from 190.173.77.226
May  6 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: input_userauth_request: invalid user random [preauth]
May  6 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 10:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Failed password for invalid user random from 190.173.77.226 port 49658 ssh2
May  6 10:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Received disconnect from 190.173.77.226 port 49658:11: Bye Bye [preauth]
May  6 10:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Disconnected from 190.173.77.226 port 49658 [preauth]
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7091]: pam_unix(cron:session): session closed for user p13x
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7174]: Successful su for rubyman by root
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7174]: + ??? root:rubyman
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339880 of user rubyman.
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7174]: pam_unix(su:session): session closed for user rubyman
May  6 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339880.
May  6 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user root
May  6 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7092]: pam_unix(cron:session): session closed for user samftp
May  6 10:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Invalid user alex from 188.138.28.121
May  6 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: input_userauth_request: invalid user alex [preauth]
May  6 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 10:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Failed password for invalid user alex from 188.138.28.121 port 34994 ssh2
May  6 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Received disconnect from 188.138.28.121 port 34994:11: Bye Bye [preauth]
May  6 10:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Disconnected from 188.138.28.121 port 34994 [preauth]
May  6 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Invalid user jona from 123.252.238.214
May  6 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: input_userauth_request: invalid user jona [preauth]
May  6 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Failed password for invalid user jona from 123.252.238.214 port 57952 ssh2
May  6 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Received disconnect from 123.252.238.214 port 57952:11: Bye Bye [preauth]
May  6 10:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7378]: Disconnected from 123.252.238.214 port 57952 [preauth]
May  6 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6141]: pam_unix(cron:session): session closed for user root
May  6 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249  user=root
May  6 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Failed password for root from 196.92.7.249 port 37888 ssh2
May  6 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Received disconnect from 196.92.7.249 port 37888:11: Bye Bye [preauth]
May  6 10:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7448]: Disconnected from 196.92.7.249 port 37888 [preauth]
May  6 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Invalid user summer from 40.83.182.122
May  6 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: input_userauth_request: invalid user summer [preauth]
May  6 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Failed password for invalid user summer from 40.83.182.122 port 54026 ssh2
May  6 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Received disconnect from 40.83.182.122 port 54026:11: Bye Bye [preauth]
May  6 10:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7484]: Disconnected from 40.83.182.122 port 54026 [preauth]
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7609]: pam_unix(cron:session): session closed for user p13x
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7681]: Successful su for rubyman by root
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7681]: + ??? root:rubyman
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339883 of user rubyman.
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7681]: pam_unix(su:session): session closed for user rubyman
May  6 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339883.
May  6 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4542]: pam_unix(cron:session): session closed for user root
May  6 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7610]: pam_unix(cron:session): session closed for user samftp
May  6 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user root
May  6 10:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Invalid user xbmc from 193.70.84.184
May  6 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: input_userauth_request: invalid user xbmc [preauth]
May  6 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: pam_unix(sshd:auth): check pass; user unknown
May  6 10:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 10:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Failed password for invalid user xbmc from 193.70.84.184 port 57946 ssh2
May  6 10:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Connection closed by 193.70.84.184 port 57946 [preauth]
May  6 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user p13x
May  6 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: Successful su for rubyman by root
May  6 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: + ??? root:rubyman
May  6 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339887 of user rubyman.
May  6 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8102]: pam_unix(su:session): session closed for user rubyman
May  6 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339887.
May  6 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4971]: pam_unix(cron:session): session closed for user root
May  6 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session closed for user samftp
May  6 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7095]: pam_unix(cron:session): session closed for user root
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user root
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8463]: pam_unix(cron:session): session closed for user root
May  6 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8461]: pam_unix(cron:session): session closed for user p13x
May  6 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: Successful su for rubyman by root
May  6 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: + ??? root:rubyman
May  6 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339891 of user rubyman.
May  6 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8573]: pam_unix(su:session): session closed for user rubyman
May  6 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339891.
May  6 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session closed for user root
May  6 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session closed for user root
May  6 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8462]: pam_unix(cron:session): session closed for user samftp
May  6 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Invalid user farhad from 185.255.91.39
May  6 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: input_userauth_request: invalid user farhad [preauth]
May  6 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7612]: pam_unix(cron:session): session closed for user root
May  6 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Invalid user lisa from 180.253.167.74
May  6 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: input_userauth_request: invalid user lisa [preauth]
May  6 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Failed password for invalid user farhad from 185.255.91.39 port 57412 ssh2
May  6 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Received disconnect from 185.255.91.39 port 57412:11: Bye Bye [preauth]
May  6 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Disconnected from 185.255.91.39 port 57412 [preauth]
May  6 11:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Failed password for invalid user lisa from 180.253.167.74 port 34701 ssh2
May  6 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Received disconnect from 180.253.167.74 port 34701:11: Bye Bye [preauth]
May  6 11:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Disconnected from 180.253.167.74 port 34701 [preauth]
May  6 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5  user=root
May  6 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: Failed password for root from 83.168.108.5 port 40904 ssh2
May  6 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: Received disconnect from 83.168.108.5 port 40904:11: Bye Bye [preauth]
May  6 11:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8973]: Disconnected from 83.168.108.5 port 40904 [preauth]
May  6 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8994]: pam_unix(cron:session): session closed for user p13x
May  6 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: Successful su for rubyman by root
May  6 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: + ??? root:rubyman
May  6 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339898 of user rubyman.
May  6 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9071]: pam_unix(su:session): session closed for user rubyman
May  6 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339898.
May  6 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user root
May  6 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8995]: pam_unix(cron:session): session closed for user samftp
May  6 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user root
May  6 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: Invalid user linda from 188.138.28.121
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: input_userauth_request: invalid user linda [preauth]
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9529]: pam_unix(cron:session): session closed for user p13x
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: Successful su for rubyman by root
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: + ??? root:rubyman
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339902 of user rubyman.
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9588]: pam_unix(su:session): session closed for user rubyman
May  6 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339902.
May  6 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: Failed password for invalid user linda from 188.138.28.121 port 50514 ssh2
May  6 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: Received disconnect from 188.138.28.121 port 50514:11: Bye Bye [preauth]
May  6 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9518]: Disconnected from 188.138.28.121 port 50514 [preauth]
May  6 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6569]: pam_unix(cron:session): session closed for user root
May  6 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9530]: pam_unix(cron:session): session closed for user samftp
May  6 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user root
May  6 11:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Invalid user accounting from 36.255.8.54
May  6 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: input_userauth_request: invalid user accounting [preauth]
May  6 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Failed password for invalid user accounting from 36.255.8.54 port 43694 ssh2
May  6 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Received disconnect from 36.255.8.54 port 43694:11: Bye Bye [preauth]
May  6 11:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9870]: Disconnected from 36.255.8.54 port 43694 [preauth]
May  6 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Invalid user test from 196.92.7.249
May  6 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: input_userauth_request: invalid user test [preauth]
May  6 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249
May  6 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Failed password for invalid user test from 196.92.7.249 port 45676 ssh2
May  6 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Received disconnect from 196.92.7.249 port 45676:11: Bye Bye [preauth]
May  6 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Disconnected from 196.92.7.249 port 45676 [preauth]
May  6 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Invalid user soporte from 40.83.182.122
May  6 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: input_userauth_request: invalid user soporte [preauth]
May  6 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Failed password for invalid user soporte from 40.83.182.122 port 51162 ssh2
May  6 11:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Received disconnect from 40.83.182.122 port 51162:11: Bye Bye [preauth]
May  6 11:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9913]: Disconnected from 40.83.182.122 port 51162 [preauth]
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9935]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9933]: pam_unix(cron:session): session closed for user p13x
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9997]: Successful su for rubyman by root
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9997]: + ??? root:rubyman
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339907 of user rubyman.
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9997]: pam_unix(su:session): session closed for user rubyman
May  6 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339907.
May  6 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7093]: pam_unix(cron:session): session closed for user root
May  6 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Invalid user invoices from 190.173.77.226
May  6 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: input_userauth_request: invalid user invoices [preauth]
May  6 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9935]: pam_unix(cron:session): session closed for user samftp
May  6 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Failed password for invalid user invoices from 190.173.77.226 port 59976 ssh2
May  6 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Received disconnect from 190.173.77.226 port 59976:11: Bye Bye [preauth]
May  6 11:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10140]: Disconnected from 190.173.77.226 port 59976 [preauth]
May  6 11:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8997]: pam_unix(cron:session): session closed for user root
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10422]: pam_unix(cron:session): session closed for user p13x
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10493]: Successful su for rubyman by root
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10493]: + ??? root:rubyman
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339910 of user rubyman.
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10493]: pam_unix(su:session): session closed for user rubyman
May  6 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339910.
May  6 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7611]: pam_unix(cron:session): session closed for user root
May  6 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10423]: pam_unix(cron:session): session closed for user samftp
May  6 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9532]: pam_unix(cron:session): session closed for user root
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10906]: pam_unix(cron:session): session closed for user root
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10901]: pam_unix(cron:session): session closed for user p13x
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10966]: Successful su for rubyman by root
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10966]: + ??? root:rubyman
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339914 of user rubyman.
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10966]: pam_unix(su:session): session closed for user rubyman
May  6 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339914.
May  6 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10903]: pam_unix(cron:session): session closed for user root
May  6 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user root
May  6 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10902]: pam_unix(cron:session): session closed for user samftp
May  6 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9937]: pam_unix(cron:session): session closed for user root
May  6 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Invalid user user from 185.255.91.39
May  6 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: input_userauth_request: invalid user user [preauth]
May  6 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Failed password for invalid user user from 185.255.91.39 port 45776 ssh2
May  6 11:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Received disconnect from 185.255.91.39 port 45776:11: Bye Bye [preauth]
May  6 11:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Disconnected from 185.255.91.39 port 45776 [preauth]
May  6 11:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Invalid user kafka from 83.168.108.5
May  6 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: input_userauth_request: invalid user kafka [preauth]
May  6 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Failed password for invalid user kafka from 83.168.108.5 port 52538 ssh2
May  6 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Received disconnect from 83.168.108.5 port 52538:11: Bye Bye [preauth]
May  6 11:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Disconnected from 83.168.108.5 port 52538 [preauth]
May  6 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session closed for user p13x
May  6 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: Successful su for rubyman by root
May  6 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: + ??? root:rubyman
May  6 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339920 of user rubyman.
May  6 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11389]: pam_unix(su:session): session closed for user rubyman
May  6 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339920.
May  6 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session closed for user root
May  6 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session closed for user samftp
May  6 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user root
May  6 11:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Invalid user chenzilong from 180.253.167.74
May  6 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: input_userauth_request: invalid user chenzilong [preauth]
May  6 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Failed password for invalid user chenzilong from 180.253.167.74 port 27645 ssh2
May  6 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Received disconnect from 180.253.167.74 port 27645:11: Bye Bye [preauth]
May  6 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Disconnected from 180.253.167.74 port 27645 [preauth]
May  6 11:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: Invalid user wangj from 188.138.28.121
May  6 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: input_userauth_request: invalid user wangj [preauth]
May  6 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: Failed password for invalid user wangj from 188.138.28.121 port 57166 ssh2
May  6 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: Received disconnect from 188.138.28.121 port 57166:11: Bye Bye [preauth]
May  6 11:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11701]: Disconnected from 188.138.28.121 port 57166 [preauth]
May  6 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: User ftp from 80.94.95.125 not allowed because not listed in AllowUsers
May  6 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: input_userauth_request: invalid user ftp [preauth]
May  6 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=ftp
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11733]: pam_unix(cron:session): session closed for user p13x
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11792]: Successful su for rubyman by root
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11792]: + ??? root:rubyman
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339925 of user rubyman.
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11792]: pam_unix(su:session): session closed for user rubyman
May  6 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339925.
May  6 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: Failed password for invalid user ftp from 80.94.95.125 port 16764 ssh2
May  6 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: Failed password for invalid user ftp from 80.94.95.125 port 16764 ssh2
May  6 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session closed for user root
May  6 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11734]: pam_unix(cron:session): session closed for user samftp
May  6 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: Failed password for invalid user ftp from 80.94.95.125 port 16764 ssh2
May  6 11:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: message repeated 2 times: [ Failed password for invalid user ftp from 80.94.95.125 port 16764 ssh2]
May  6 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: Received disconnect from 80.94.95.125 port 16764:11: Bye [preauth]
May  6 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: Disconnected from 80.94.95.125 port 16764 [preauth]
May  6 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=ftp
May  6 11:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11730]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10905]: pam_unix(cron:session): session closed for user root
May  6 11:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.249  user=root
May  6 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Failed password for root from 196.92.7.249 port 34696 ssh2
May  6 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Received disconnect from 196.92.7.249 port 34696:11: Bye Bye [preauth]
May  6 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12067]: Disconnected from 196.92.7.249 port 34696 [preauth]
May  6 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Invalid user egarcia from 40.83.182.122
May  6 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: input_userauth_request: invalid user egarcia [preauth]
May  6 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Invalid user ash from 36.255.8.54
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: input_userauth_request: invalid user ash [preauth]
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Failed password for invalid user egarcia from 40.83.182.122 port 58224 ssh2
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Received disconnect from 40.83.182.122 port 58224:11: Bye Bye [preauth]
May  6 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Disconnected from 40.83.182.122 port 58224 [preauth]
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session closed for user p13x
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: Successful su for rubyman by root
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for invalid user ash from 36.255.8.54 port 54782 ssh2
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: + ??? root:rubyman
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339930 of user rubyman.
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: pam_unix(su:session): session closed for user rubyman
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339930.
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Received disconnect from 36.255.8.54 port 54782:11: Bye Bye [preauth]
May  6 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Disconnected from 36.255.8.54 port 54782 [preauth]
May  6 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9531]: pam_unix(cron:session): session closed for user root
May  6 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session closed for user samftp
May  6 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session closed for user root
May  6 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session closed for user p13x
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12648]: Successful su for rubyman by root
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12648]: + ??? root:rubyman
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339932 of user rubyman.
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12648]: pam_unix(su:session): session closed for user rubyman
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339932.
May  6 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session closed for user root
May  6 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9936]: pam_unix(cron:session): session closed for user root
May  6 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session closed for user samftp
May  6 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11736]: pam_unix(cron:session): session closed for user root
May  6 11:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Invalid user pq from 190.173.77.226
May  6 11:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: input_userauth_request: invalid user pq [preauth]
May  6 11:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Failed password for invalid user pq from 190.173.77.226 port 58602 ssh2
May  6 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Received disconnect from 190.173.77.226 port 58602:11: Bye Bye [preauth]
May  6 11:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12952]: Disconnected from 190.173.77.226 port 58602 [preauth]
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13011]: pam_unix(cron:session): session closed for user root
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13006]: pam_unix(cron:session): session closed for user p13x
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13079]: Successful su for rubyman by root
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13079]: + ??? root:rubyman
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339937 of user rubyman.
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13079]: pam_unix(su:session): session closed for user rubyman
May  6 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339937.
May  6 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13008]: pam_unix(cron:session): session closed for user root
May  6 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10424]: pam_unix(cron:session): session closed for user root
May  6 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13007]: pam_unix(cron:session): session closed for user samftp
May  6 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: Invalid user dragon from 185.255.91.39
May  6 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: input_userauth_request: invalid user dragon [preauth]
May  6 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: Failed password for invalid user dragon from 185.255.91.39 port 57398 ssh2
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Invalid user wangj from 83.168.108.5
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: input_userauth_request: invalid user wangj [preauth]
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: Received disconnect from 185.255.91.39 port 57398:11: Bye Bye [preauth]
May  6 11:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13346]: Disconnected from 185.255.91.39 port 57398 [preauth]
May  6 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Failed password for invalid user wangj from 83.168.108.5 port 56314 ssh2
May  6 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Received disconnect from 83.168.108.5 port 56314:11: Bye Bye [preauth]
May  6 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13349]: Disconnected from 83.168.108.5 port 56314 [preauth]
May  6 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12124]: pam_unix(cron:session): session closed for user root
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session closed for user p13x
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: Successful su for rubyman by root
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: + ??? root:rubyman
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339944 of user rubyman.
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13606]: pam_unix(su:session): session closed for user rubyman
May  6 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339944.
May  6 11:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10904]: pam_unix(cron:session): session closed for user root
May  6 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13439]: pam_unix(cron:session): session closed for user samftp
May  6 11:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Invalid user asd from 188.138.28.121
May  6 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: input_userauth_request: invalid user asd [preauth]
May  6 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Failed password for invalid user asd from 188.138.28.121 port 39220 ssh2
May  6 11:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Received disconnect from 188.138.28.121 port 39220:11: Bye Bye [preauth]
May  6 11:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Disconnected from 188.138.28.121 port 39220 [preauth]
May  6 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12535]: pam_unix(cron:session): session closed for user root
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session closed for user p13x
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14015]: Successful su for rubyman by root
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14015]: + ??? root:rubyman
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339947 of user rubyman.
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14015]: pam_unix(su:session): session closed for user rubyman
May  6 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339947.
May  6 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session closed for user root
May  6 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user samftp
May  6 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13010]: pam_unix(cron:session): session closed for user root
May  6 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.92.7.247  user=root
May  6 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: Failed password for root from 196.92.7.247 port 57148 ssh2
May  6 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: Received disconnect from 196.92.7.247 port 57148:11: Bye Bye [preauth]
May  6 11:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14270]: Disconnected from 196.92.7.247 port 57148 [preauth]
May  6 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Invalid user dinesh from 180.253.167.74
May  6 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: input_userauth_request: invalid user dinesh [preauth]
May  6 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Failed password for invalid user dinesh from 180.253.167.74 port 64871 ssh2
May  6 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Received disconnect from 180.253.167.74 port 64871:11: Bye Bye [preauth]
May  6 11:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14294]: Disconnected from 180.253.167.74 port 64871 [preauth]
May  6 11:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Invalid user jc from 40.83.182.122
May  6 11:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: input_userauth_request: invalid user jc [preauth]
May  6 11:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Failed password for invalid user jc from 40.83.182.122 port 54650 ssh2
May  6 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Received disconnect from 40.83.182.122 port 54650:11: Bye Bye [preauth]
May  6 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14335]: Disconnected from 40.83.182.122 port 54650 [preauth]
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14356]: pam_unix(cron:session): session closed for user p13x
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: Successful su for rubyman by root
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: + ??? root:rubyman
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339951 of user rubyman.
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: pam_unix(su:session): session closed for user rubyman
May  6 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339951.
May  6 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11735]: pam_unix(cron:session): session closed for user root
May  6 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14357]: pam_unix(cron:session): session closed for user samftp
May  6 11:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Invalid user harry from 36.255.8.54
May  6 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: input_userauth_request: invalid user harry [preauth]
May  6 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: Connection closed by 172.104.11.4 port 52904 [preauth]
May  6 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Failed password for invalid user harry from 36.255.8.54 port 35516 ssh2
May  6 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Received disconnect from 36.255.8.54 port 35516:11: Bye Bye [preauth]
May  6 11:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14643]: Disconnected from 36.255.8.54 port 35516 [preauth]
May  6 11:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14657]: Connection closed by 172.104.11.4 port 52918 [preauth]
May  6 11:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: fatal: Unable to negotiate with 172.104.11.4 port 52920: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  6 11:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14683]: Did not receive identification string from 205.210.31.86
May  6 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13441]: pam_unix(cron:session): session closed for user root
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14769]: pam_unix(cron:session): session closed for user p13x
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14829]: Successful su for rubyman by root
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14829]: + ??? root:rubyman
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339957 of user rubyman.
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14829]: pam_unix(su:session): session closed for user rubyman
May  6 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339957.
May  6 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12123]: pam_unix(cron:session): session closed for user root
May  6 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session closed for user samftp
May  6 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session closed for user root
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15169]: pam_unix(cron:session): session closed for user root
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session closed for user p13x
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: Successful su for rubyman by root
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: + ??? root:rubyman
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339960 of user rubyman.
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15232]: pam_unix(su:session): session closed for user rubyman
May  6 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339960.
May  6 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user root
May  6 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12534]: pam_unix(cron:session): session closed for user root
May  6 11:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user samftp
May  6 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Invalid user asd from 83.168.108.5
May  6 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: input_userauth_request: invalid user asd [preauth]
May  6 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for invalid user asd from 83.168.108.5 port 38542 ssh2
May  6 11:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Received disconnect from 83.168.108.5 port 38542:11: Bye Bye [preauth]
May  6 11:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Disconnected from 83.168.108.5 port 38542 [preauth]
May  6 11:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Invalid user jenkins from 185.255.91.39
May  6 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: input_userauth_request: invalid user jenkins [preauth]
May  6 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Failed password for invalid user jenkins from 185.255.91.39 port 55888 ssh2
May  6 11:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Received disconnect from 185.255.91.39 port 55888:11: Bye Bye [preauth]
May  6 11:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15479]: Disconnected from 185.255.91.39 port 55888 [preauth]
May  6 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14359]: pam_unix(cron:session): session closed for user root
May  6 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session closed for user p13x
May  6 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: Successful su for rubyman by root
May  6 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: + ??? root:rubyman
May  6 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339966 of user rubyman.
May  6 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15661]: pam_unix(su:session): session closed for user rubyman
May  6 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339966.
May  6 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13009]: pam_unix(cron:session): session closed for user root
May  6 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session closed for user samftp
May  6 11:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Invalid user debianuser from 190.173.77.226
May  6 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: input_userauth_request: invalid user debianuser [preauth]
May  6 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.77.226
May  6 11:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45  user=root
May  6 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Failed password for invalid user debianuser from 190.173.77.226 port 59974 ssh2
May  6 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Received disconnect from 190.173.77.226 port 59974:11: Bye Bye [preauth]
May  6 11:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Disconnected from 190.173.77.226 port 59974 [preauth]
May  6 11:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Failed password for root from 47.237.165.45 port 60692 ssh2
May  6 11:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15882]: Connection closed by 47.237.165.45 port 60692 [preauth]
May  6 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Invalid user user1 from 188.138.28.121
May  6 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: input_userauth_request: invalid user user1 [preauth]
May  6 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Failed password for invalid user user1 from 188.138.28.121 port 54382 ssh2
May  6 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Received disconnect from 188.138.28.121 port 54382:11: Bye Bye [preauth]
May  6 11:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Disconnected from 188.138.28.121 port 54382 [preauth]
May  6 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session closed for user root
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session closed for user root
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session closed for user p13x
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16062]: Successful su for rubyman by root
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16062]: + ??? root:rubyman
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339969 of user rubyman.
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16062]: pam_unix(su:session): session closed for user rubyman
May  6 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339969.
May  6 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session closed for user root
May  6 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session closed for user samftp
May  6 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15168]: pam_unix(cron:session): session closed for user root
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session closed for user p13x
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: Invalid user frappe from 40.83.182.122
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: input_userauth_request: invalid user frappe [preauth]
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16454]: Successful su for rubyman by root
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16454]: + ??? root:rubyman
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339974 of user rubyman.
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16454]: pam_unix(su:session): session closed for user rubyman
May  6 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339974.
May  6 11:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: Failed password for invalid user frappe from 40.83.182.122 port 58080 ssh2
May  6 11:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: Received disconnect from 40.83.182.122 port 58080:11: Bye Bye [preauth]
May  6 11:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16437]: Disconnected from 40.83.182.122 port 58080 [preauth]
May  6 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session closed for user root
May  6 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session closed for user samftp
May  6 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15600]: pam_unix(cron:session): session closed for user root
May  6 11:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Invalid user wordpress from 36.255.8.54
May  6 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: input_userauth_request: invalid user wordpress [preauth]
May  6 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Failed password for invalid user wordpress from 36.255.8.54 port 55636 ssh2
May  6 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Received disconnect from 36.255.8.54 port 55636:11: Bye Bye [preauth]
May  6 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16786]: Disconnected from 36.255.8.54 port 55636 [preauth]
May  6 11:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Invalid user u2 from 180.253.167.74
May  6 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: input_userauth_request: invalid user u2 [preauth]
May  6 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 11:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Failed password for invalid user u2 from 180.253.167.74 port 29444 ssh2
May  6 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Received disconnect from 180.253.167.74 port 29444:11: Bye Bye [preauth]
May  6 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16808]: Disconnected from 180.253.167.74 port 29444 [preauth]
May  6 11:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45  user=root
May  6 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Failed password for root from 47.237.165.45 port 50348 ssh2
May  6 11:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16818]: Connection closed by 47.237.165.45 port 50348 [preauth]
May  6 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Invalid user pi from 47.237.165.45
May  6 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: input_userauth_request: invalid user pi [preauth]
May  6 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Failed password for invalid user pi from 47.237.165.45 port 35784 ssh2
May  6 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16828]: Connection closed by 47.237.165.45 port 35784 [preauth]
May  6 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Invalid user hive from 47.237.165.45
May  6 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: input_userauth_request: invalid user hive [preauth]
May  6 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for invalid user hive from 47.237.165.45 port 35806 ssh2
May  6 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16856]: pam_unix(cron:session): session closed for user p13x
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: Invalid user git from 47.237.165.45
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: input_userauth_request: invalid user git [preauth]
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16941]: Successful su for rubyman by root
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16941]: + ??? root:rubyman
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339980 of user rubyman.
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16941]: pam_unix(su:session): session closed for user rubyman
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339980.
May  6 11:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 47.237.165.45 port 35806 [preauth]
May  6 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14358]: pam_unix(cron:session): session closed for user root
May  6 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Invalid user wang from 47.237.165.45
May  6 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: input_userauth_request: invalid user wang [preauth]
May  6 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: Failed password for invalid user git from 47.237.165.45 port 35828 ssh2
May  6 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: Connection closed by 47.237.165.45 port 35828 [preauth]
May  6 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session closed for user samftp
May  6 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Failed password for invalid user wang from 47.237.165.45 port 53690 ssh2
May  6 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Invalid user nginx from 47.237.165.45
May  6 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: input_userauth_request: invalid user nginx [preauth]
May  6 11:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Connection closed by 47.237.165.45 port 53690 [preauth]
May  6 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Invalid user mongo from 47.237.165.45
May  6 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: input_userauth_request: invalid user mongo [preauth]
May  6 11:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Failed password for invalid user nginx from 47.237.165.45 port 53720 ssh2
May  6 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Connection closed by 47.237.165.45 port 53720 [preauth]
May  6 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Failed password for invalid user mongo from 47.237.165.45 port 53750 ssh2
May  6 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: Invalid user user from 47.237.165.45
May  6 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: input_userauth_request: invalid user user [preauth]
May  6 11:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17135]: Connection closed by 47.237.165.45 port 53750 [preauth]
May  6 11:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Invalid user oracle from 47.237.165.45
May  6 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: input_userauth_request: invalid user oracle [preauth]
May  6 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: Failed password for invalid user user from 47.237.165.45 port 43106 ssh2
May  6 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17138]: Connection closed by 47.237.165.45 port 43106 [preauth]
May  6 11:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Invalid user gpadmin from 47.237.165.45
May  6 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: input_userauth_request: invalid user gpadmin [preauth]
May  6 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for invalid user oracle from 47.237.165.45 port 43124 ssh2
May  6 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Connection closed by 47.237.165.45 port 43124 [preauth]
May  6 11:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Failed password for invalid user gpadmin from 47.237.165.45 port 43142 ssh2
May  6 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17171]: Connection closed by 47.237.165.45 port 43142 [preauth]
May  6 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45  user=root
May  6 11:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: Failed password for root from 47.237.165.45 port 56386 ssh2
May  6 11:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17181]: Connection closed by 47.237.165.45 port 56386 [preauth]
May  6 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Invalid user gitlab from 47.237.165.45
May  6 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: input_userauth_request: invalid user gitlab [preauth]
May  6 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.237.165.45
May  6 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Failed password for invalid user gitlab from 47.237.165.45 port 56446 ssh2
May  6 11:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17202]: Connection closed by 47.237.165.45 port 56446 [preauth]
May  6 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user root
May  6 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 11:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Failed password for root from 218.92.0.179 port 41741 ssh2
May  6 11:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41741 ssh2]
May  6 11:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Received disconnect from 218.92.0.179 port 41741:11:  [preauth]
May  6 11:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: Disconnected from 218.92.0.179 port 41741 [preauth]
May  6 11:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17225]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 11:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5  user=root
May  6 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Failed password for root from 83.168.108.5 port 56138 ssh2
May  6 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Received disconnect from 83.168.108.5 port 56138:11: Bye Bye [preauth]
May  6 11:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17291]: Disconnected from 83.168.108.5 port 56138 [preauth]
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session closed for user root
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17303]: pam_unix(cron:session): session closed for user p13x
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: Successful su for rubyman by root
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: + ??? root:rubyman
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339984 of user rubyman.
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17370]: pam_unix(su:session): session closed for user rubyman
May  6 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339984.
May  6 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17305]: pam_unix(cron:session): session closed for user root
May  6 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session closed for user root
May  6 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17304]: pam_unix(cron:session): session closed for user samftp
May  6 11:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Invalid user testing from 185.255.91.39
May  6 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: input_userauth_request: invalid user testing [preauth]
May  6 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for invalid user testing from 185.255.91.39 port 54064 ssh2
May  6 11:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  6 11:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:98.80.4.55
May  6 11:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Received disconnect from 185.255.91.39 port 54064:11: Bye Bye [preauth]
May  6 11:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Disconnected from 185.255.91.39 port 54064 [preauth]
May  6 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session closed for user root
May  6 11:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17708]: Did not receive identification string from 114.98.227.116
May  6 11:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.227.116  user=root
May  6 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: Failed password for root from 114.98.227.116 port 38236 ssh2
May  6 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: Connection closed by 114.98.227.116 port 38236 [preauth]
May  6 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.227.116  user=root
May  6 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Failed password for root from 114.98.227.116 port 39608 ssh2
May  6 11:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: Invalid user password from 164.68.105.9
May  6 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: input_userauth_request: invalid user password [preauth]
May  6 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 11:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: Failed password for invalid user password from 164.68.105.9 port 51532 ssh2
May  6 11:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17753]: Connection closed by 164.68.105.9 port 51532 [preauth]
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17783]: pam_unix(cron:session): session closed for user p13x
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: Successful su for rubyman by root
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: + ??? root:rubyman
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339989 of user rubyman.
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session closed for user rubyman
May  6 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339989.
May  6 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15167]: pam_unix(cron:session): session closed for user root
May  6 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17784]: pam_unix(cron:session): session closed for user samftp
May  6 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121  user=root
May  6 11:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.227.116  user=root
May  6 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Failed password for root from 188.138.28.121 port 54288 ssh2
May  6 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Received disconnect from 188.138.28.121 port 54288:11: Bye Bye [preauth]
May  6 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Disconnected from 188.138.28.121 port 54288 [preauth]
May  6 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Failed password for root from 114.98.227.116 port 43244 ssh2
May  6 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Connection closed by 114.98.227.116 port 43244 [preauth]
May  6 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.227.116  user=root
May  6 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17719]: Connection closed by 114.98.227.116 port 39608 [preauth]
May  6 11:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session closed for user root
May  6 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Failed password for root from 114.98.227.116 port 46974 ssh2
May  6 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Connection closed by 114.98.227.116 port 46974 [preauth]
May  6 11:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.227.116  user=root
May  6 11:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for root from 114.98.227.116 port 47312 ssh2
May  6 11:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Connection closed by 114.98.227.116 port 47312 [preauth]
May  6 11:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.98.227.116  user=root
May  6 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Failed password for root from 114.98.227.116 port 48122 ssh2
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session closed for user p13x
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18371]: Successful su for rubyman by root
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18371]: + ??? root:rubyman
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339994 of user rubyman.
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18371]: pam_unix(su:session): session closed for user rubyman
May  6 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339994.
May  6 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session closed for user root
May  6 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18304]: pam_unix(cron:session): session closed for user samftp
May  6 11:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18249]: Connection closed by 114.98.227.116 port 48122 [preauth]
May  6 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17307]: pam_unix(cron:session): session closed for user root
May  6 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user p13x
May  6 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18784]: Successful su for rubyman by root
May  6 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18784]: + ??? root:rubyman
May  6 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 339997 of user rubyman.
May  6 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18784]: pam_unix(su:session): session closed for user rubyman
May  6 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 339997.
May  6 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session closed for user root
May  6 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: Invalid user sosemaloku from 40.83.182.122
May  6 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: input_userauth_request: invalid user sosemaloku [preauth]
May  6 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session closed for user samftp
May  6 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: Failed password for invalid user sosemaloku from 40.83.182.122 port 47900 ssh2
May  6 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: Received disconnect from 40.83.182.122 port 47900:11: Bye Bye [preauth]
May  6 11:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18957]: Disconnected from 40.83.182.122 port 47900 [preauth]
May  6 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17786]: pam_unix(cron:session): session closed for user root
May  6 11:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Invalid user sosemaloku from 123.252.238.214
May  6 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: input_userauth_request: invalid user sosemaloku [preauth]
May  6 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Failed password for invalid user sosemaloku from 123.252.238.214 port 53960 ssh2
May  6 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Received disconnect from 123.252.238.214 port 53960:11: Bye Bye [preauth]
May  6 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19116]: Disconnected from 123.252.238.214 port 53960 [preauth]
May  6 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19128]: pam_unix(cron:session): session closed for user p13x
May  6 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19186]: Successful su for rubyman by root
May  6 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19186]: + ??? root:rubyman
May  6 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340001 of user rubyman.
May  6 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19186]: pam_unix(su:session): session closed for user rubyman
May  6 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340001.
May  6 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session closed for user root
May  6 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19129]: pam_unix(cron:session): session closed for user samftp
May  6 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18306]: pam_unix(cron:session): session closed for user root
May  6 11:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Invalid user kocom from 83.168.108.5
May  6 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: input_userauth_request: invalid user kocom [preauth]
May  6 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Failed password for invalid user kocom from 83.168.108.5 port 42568 ssh2
May  6 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Received disconnect from 83.168.108.5 port 42568:11: Bye Bye [preauth]
May  6 11:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19478]: Disconnected from 83.168.108.5 port 42568 [preauth]
May  6 11:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: Invalid user test036 from 180.253.167.74
May  6 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: input_userauth_request: invalid user test036 [preauth]
May  6 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 11:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: Failed password for invalid user test036 from 180.253.167.74 port 25671 ssh2
May  6 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: Received disconnect from 180.253.167.74 port 25671:11: Bye Bye [preauth]
May  6 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19510]: Disconnected from 180.253.167.74 port 25671 [preauth]
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session closed for user root
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19531]: pam_unix(cron:session): session closed for user p13x
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: Successful su for rubyman by root
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: + ??? root:rubyman
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340005 of user rubyman.
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19607]: pam_unix(su:session): session closed for user rubyman
May  6 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340005.
May  6 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19533]: pam_unix(cron:session): session closed for user root
May  6 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16859]: pam_unix(cron:session): session closed for user root
May  6 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19532]: pam_unix(cron:session): session closed for user samftp
May  6 11:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39  user=root
May  6 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Failed password for root from 185.255.91.39 port 49538 ssh2
May  6 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Received disconnect from 185.255.91.39 port 49538:11: Bye Bye [preauth]
May  6 11:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19859]: Disconnected from 185.255.91.39 port 49538 [preauth]
May  6 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session closed for user root
May  6 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19982]: pam_unix(cron:session): session closed for user p13x
May  6 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: Successful su for rubyman by root
May  6 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: + ??? root:rubyman
May  6 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340012 of user rubyman.
May  6 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20056]: pam_unix(su:session): session closed for user rubyman
May  6 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340012.
May  6 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17306]: pam_unix(cron:session): session closed for user root
May  6 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19983]: pam_unix(cron:session): session closed for user samftp
May  6 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: Invalid user olivia from 188.138.28.121
May  6 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: input_userauth_request: invalid user olivia [preauth]
May  6 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: Failed password for invalid user olivia from 188.138.28.121 port 60664 ssh2
May  6 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: Received disconnect from 188.138.28.121 port 60664:11: Bye Bye [preauth]
May  6 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20291]: Disconnected from 188.138.28.121 port 60664 [preauth]
May  6 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19132]: pam_unix(cron:session): session closed for user root
May  6 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session closed for user p13x
May  6 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20458]: Successful su for rubyman by root
May  6 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20458]: + ??? root:rubyman
May  6 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340016 of user rubyman.
May  6 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20458]: pam_unix(su:session): session closed for user rubyman
May  6 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340016.
May  6 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17785]: pam_unix(cron:session): session closed for user root
May  6 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20395]: pam_unix(cron:session): session closed for user samftp
May  6 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19535]: pam_unix(cron:session): session closed for user root
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20795]: pam_unix(cron:session): session closed for user p13x
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: Successful su for rubyman by root
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: + ??? root:rubyman
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340018 of user rubyman.
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20865]: pam_unix(su:session): session closed for user rubyman
May  6 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340018.
May  6 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18305]: pam_unix(cron:session): session closed for user root
May  6 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user samftp
May  6 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Invalid user sakurai from 40.83.182.122
May  6 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: input_userauth_request: invalid user sakurai [preauth]
May  6 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Failed password for invalid user sakurai from 40.83.182.122 port 35904 ssh2
May  6 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Received disconnect from 40.83.182.122 port 35904:11: Bye Bye [preauth]
May  6 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Disconnected from 40.83.182.122 port 35904 [preauth]
May  6 11:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Invalid user admin from 80.94.95.112
May  6 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: input_userauth_request: invalid user admin [preauth]
May  6 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Failed password for invalid user admin from 80.94.95.112 port 30986 ssh2
May  6 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Failed password for invalid user admin from 80.94.95.112 port 30986 ssh2
May  6 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Failed password for invalid user admin from 80.94.95.112 port 30986 ssh2
May  6 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Failed password for invalid user admin from 80.94.95.112 port 30986 ssh2
May  6 11:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Failed password for invalid user admin from 80.94.95.112 port 30986 ssh2
May  6 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Received disconnect from 80.94.95.112 port 30986:11: Bye [preauth]
May  6 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: Disconnected from 80.94.95.112 port 30986 [preauth]
May  6 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21076]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 11:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19985]: pam_unix(cron:session): session closed for user root
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user p13x
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21308]: Successful su for rubyman by root
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21308]: + ??? root:rubyman
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340022 of user rubyman.
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21308]: pam_unix(su:session): session closed for user rubyman
May  6 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340022.
May  6 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user root
May  6 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session closed for user samftp
May  6 11:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Invalid user fts from 123.252.238.214
May  6 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: input_userauth_request: invalid user fts [preauth]
May  6 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Failed password for invalid user fts from 123.252.238.214 port 51088 ssh2
May  6 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Received disconnect from 123.252.238.214 port 51088:11: Bye Bye [preauth]
May  6 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21531]: Disconnected from 123.252.238.214 port 51088 [preauth]
May  6 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5  user=root
May  6 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Failed password for root from 83.168.108.5 port 50964 ssh2
May  6 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Received disconnect from 83.168.108.5 port 50964:11: Bye Bye [preauth]
May  6 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Disconnected from 83.168.108.5 port 50964 [preauth]
May  6 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20397]: pam_unix(cron:session): session closed for user root
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21687]: pam_unix(cron:session): session closed for user root
May  6 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21681]: pam_unix(cron:session): session closed for user p13x
May  6 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21851]: Successful su for rubyman by root
May  6 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21851]: + ??? root:rubyman
May  6 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340028 of user rubyman.
May  6 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21851]: pam_unix(su:session): session closed for user rubyman
May  6 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340028.
May  6 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21683]: pam_unix(cron:session): session closed for user root
May  6 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19130]: pam_unix(cron:session): session closed for user root
May  6 11:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21682]: pam_unix(cron:session): session closed for user samftp
May  6 11:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Invalid user jalal from 190.103.202.7
May  6 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: input_userauth_request: invalid user jalal [preauth]
May  6 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Failed password for invalid user jalal from 190.103.202.7 port 36948 ssh2
May  6 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Connection closed by 190.103.202.7 port 36948 [preauth]
May  6 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39  user=root
May  6 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: Failed password for root from 185.255.91.39 port 35588 ssh2
May  6 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: Received disconnect from 185.255.91.39 port 35588:11: Bye Bye [preauth]
May  6 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22318]: Disconnected from 185.255.91.39 port 35588 [preauth]
May  6 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
May  6 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  6 11:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for root from 218.92.0.203 port 5524 ssh2
May  6 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for root from 218.92.0.203 port 5524 ssh2
May  6 11:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for root from 218.92.0.203 port 5524 ssh2
May  6 11:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Invalid user nginx from 180.253.167.74
May  6 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: input_userauth_request: invalid user nginx [preauth]
May  6 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.167.74
May  6 11:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for root from 218.92.0.203 port 5524 ssh2
May  6 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for invalid user nginx from 180.253.167.74 port 40784 ssh2
May  6 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Received disconnect from 180.253.167.74 port 40784:11: Bye Bye [preauth]
May  6 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Disconnected from 180.253.167.74 port 40784 [preauth]
May  6 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Failed password for root from 218.92.0.203 port 5524 ssh2
May  6 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 5524 ssh2 [preauth]
May  6 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: Disconnecting: Too many authentication failures [preauth]
May  6 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  6 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22393]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 11:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  6 11:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Failed password for root from 218.92.0.203 port 21276 ssh2
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22476]: pam_unix(cron:session): session closed for user p13x
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22555]: Successful su for rubyman by root
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22555]: + ??? root:rubyman
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340032 of user rubyman.
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22555]: pam_unix(su:session): session closed for user rubyman
May  6 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340032.
May  6 11:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Failed password for root from 218.92.0.203 port 21276 ssh2
May  6 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Invalid user artem from 188.138.28.121
May  6 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: input_userauth_request: invalid user artem [preauth]
May  6 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19534]: pam_unix(cron:session): session closed for user root
May  6 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session closed for user samftp
May  6 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Failed password for root from 218.92.0.203 port 21276 ssh2
May  6 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user artem from 188.138.28.121 port 55478 ssh2
May  6 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Received disconnect from 188.138.28.121 port 55478:11: Bye Bye [preauth]
May  6 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Disconnected from 188.138.28.121 port 55478 [preauth]
May  6 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Failed password for root from 218.92.0.203 port 21276 ssh2
May  6 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: message repeated 2 times: [ Failed password for root from 218.92.0.203 port 21276 ssh2]
May  6 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 21276 ssh2 [preauth]
May  6 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: Disconnecting: Too many authentication failures [preauth]
May  6 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  6 11:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22461]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 11:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  6 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22788]: Failed password for root from 218.92.0.203 port 60376 ssh2
May  6 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22788]: Received disconnect from 218.92.0.203 port 60376:11:  [preauth]
May  6 11:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22788]: Disconnected from 218.92.0.203 port 60376 [preauth]
May  6 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Invalid user jfunk from 23.94.179.104
May  6 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: input_userauth_request: invalid user jfunk [preauth]
May  6 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  6 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Failed password for invalid user jfunk from 23.94.179.104 port 46636 ssh2
May  6 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22434]: Connection closed by 23.94.179.104 port 46636 [preauth]
May  6 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21228]: pam_unix(cron:session): session closed for user root
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22925]: pam_unix(cron:session): session closed for user p13x
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: Successful su for rubyman by root
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: + ??? root:rubyman
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340036 of user rubyman.
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23017]: pam_unix(su:session): session closed for user rubyman
May  6 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340036.
May  6 11:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19984]: pam_unix(cron:session): session closed for user root
May  6 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session closed for user samftp
May  6 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21686]: pam_unix(cron:session): session closed for user root
May  6 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23452]: pam_unix(cron:session): session closed for user p13x
May  6 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: Successful su for rubyman by root
May  6 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: + ??? root:rubyman
May  6 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340040 of user rubyman.
May  6 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23515]: pam_unix(su:session): session closed for user rubyman
May  6 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340040.
May  6 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20396]: pam_unix(cron:session): session closed for user root
May  6 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23454]: pam_unix(cron:session): session closed for user samftp
May  6 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Invalid user willem from 40.83.182.122
May  6 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: input_userauth_request: invalid user willem [preauth]
May  6 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Failed password for invalid user willem from 40.83.182.122 port 53812 ssh2
May  6 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Received disconnect from 40.83.182.122 port 53812:11: Bye Bye [preauth]
May  6 11:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23732]: Disconnected from 40.83.182.122 port 53812 [preauth]
May  6 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: Failed password for root from 14.103.114.194 port 38800 ssh2
May  6 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: Received disconnect from 14.103.114.194 port 38800:11: Bye Bye [preauth]
May  6 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: Disconnected from 14.103.114.194 port 38800 [preauth]
May  6 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session closed for user root
May  6 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Did not receive identification string from 154.81.156.51
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user p13x
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24048]: Successful su for rubyman by root
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24048]: + ??? root:rubyman
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340046 of user rubyman.
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24048]: pam_unix(su:session): session closed for user rubyman
May  6 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340046.
May  6 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user root
May  6 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session closed for user samftp
May  6 11:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Invalid user u1 from 83.168.108.5
May  6 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: input_userauth_request: invalid user u1 [preauth]
May  6 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Failed password for invalid user u1 from 83.168.108.5 port 39232 ssh2
May  6 11:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Received disconnect from 83.168.108.5 port 39232:11: Bye Bye [preauth]
May  6 11:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24286]: Disconnected from 83.168.108.5 port 39232 [preauth]
May  6 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22928]: pam_unix(cron:session): session closed for user root
May  6 11:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Invalid user imran from 123.252.238.214
May  6 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: input_userauth_request: invalid user imran [preauth]
May  6 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 11:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Failed password for invalid user imran from 123.252.238.214 port 54284 ssh2
May  6 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Received disconnect from 123.252.238.214 port 54284:11: Bye Bye [preauth]
May  6 11:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Disconnected from 123.252.238.214 port 54284 [preauth]
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24421]: pam_unix(cron:session): session closed for user root
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24415]: pam_unix(cron:session): session closed for user p13x
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24489]: Successful su for rubyman by root
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24489]: + ??? root:rubyman
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340050 of user rubyman.
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24489]: pam_unix(su:session): session closed for user rubyman
May  6 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340050.
May  6 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24418]: pam_unix(cron:session): session closed for user root
May  6 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session closed for user root
May  6 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24417]: pam_unix(cron:session): session closed for user samftp
May  6 11:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Invalid user perforce from 185.255.91.39
May  6 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: input_userauth_request: invalid user perforce [preauth]
May  6 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Failed password for invalid user perforce from 185.255.91.39 port 39144 ssh2
May  6 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Received disconnect from 185.255.91.39 port 39144:11: Bye Bye [preauth]
May  6 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Disconnected from 185.255.91.39 port 39144 [preauth]
May  6 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session closed for user root
May  6 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Invalid user u1 from 188.138.28.121
May  6 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: input_userauth_request: invalid user u1 [preauth]
May  6 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Failed password for invalid user u1 from 188.138.28.121 port 39282 ssh2
May  6 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Received disconnect from 188.138.28.121 port 39282:11: Bye Bye [preauth]
May  6 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24844]: Disconnected from 188.138.28.121 port 39282 [preauth]
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24869]: pam_unix(cron:session): session closed for user p13x
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: Successful su for rubyman by root
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: + ??? root:rubyman
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340055 of user rubyman.
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24945]: pam_unix(su:session): session closed for user rubyman
May  6 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340055.
May  6 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21684]: pam_unix(cron:session): session closed for user root
May  6 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24870]: pam_unix(cron:session): session closed for user samftp
May  6 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25285]: pam_unix(cron:session): session closed for user p13x
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25350]: Successful su for rubyman by root
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25350]: + ??? root:rubyman
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340059 of user rubyman.
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25350]: pam_unix(su:session): session closed for user rubyman
May  6 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340059.
May  6 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session closed for user root
May  6 11:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25286]: pam_unix(cron:session): session closed for user samftp
May  6 11:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24420]: pam_unix(cron:session): session closed for user root
May  6 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25753]: pam_unix(cron:session): session closed for user p13x
May  6 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: Successful su for rubyman by root
May  6 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: + ??? root:rubyman
May  6 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340063 of user rubyman.
May  6 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25823]: pam_unix(su:session): session closed for user rubyman
May  6 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340063.
May  6 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22927]: pam_unix(cron:session): session closed for user root
May  6 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25754]: pam_unix(cron:session): session closed for user samftp
May  6 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Invalid user julie from 40.83.182.122
May  6 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: input_userauth_request: invalid user julie [preauth]
May  6 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Failed password for invalid user julie from 40.83.182.122 port 53708 ssh2
May  6 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Received disconnect from 40.83.182.122 port 53708:11: Bye Bye [preauth]
May  6 11:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26072]: Disconnected from 40.83.182.122 port 53708 [preauth]
May  6 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session closed for user root
May  6 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26191]: pam_unix(cron:session): session closed for user p13x
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: Successful su for rubyman by root
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: + ??? root:rubyman
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340066 of user rubyman.
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26309]: pam_unix(su:session): session closed for user rubyman
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340066.
May  6 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26189]: pam_unix(cron:session): session closed for user root
May  6 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23455]: pam_unix(cron:session): session closed for user root
May  6 11:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Invalid user user3 from 83.168.108.5
May  6 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: input_userauth_request: invalid user user3 [preauth]
May  6 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26192]: pam_unix(cron:session): session closed for user samftp
May  6 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Failed password for invalid user user3 from 83.168.108.5 port 53108 ssh2
May  6 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Received disconnect from 83.168.108.5 port 53108:11: Bye Bye [preauth]
May  6 11:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Disconnected from 83.168.108.5 port 53108 [preauth]
May  6 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25288]: pam_unix(cron:session): session closed for user root
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26762]: pam_unix(cron:session): session closed for user root
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26757]: pam_unix(cron:session): session closed for user p13x
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: Successful su for rubyman by root
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: + ??? root:rubyman
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340071 of user rubyman.
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26830]: pam_unix(su:session): session closed for user rubyman
May  6 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340071.
May  6 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26759]: pam_unix(cron:session): session closed for user root
May  6 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user root
May  6 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Invalid user emily from 123.252.238.214
May  6 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: input_userauth_request: invalid user emily [preauth]
May  6 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.238.214
May  6 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26758]: pam_unix(cron:session): session closed for user samftp
May  6 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Failed password for invalid user emily from 123.252.238.214 port 50712 ssh2
May  6 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Received disconnect from 123.252.238.214 port 50712:11: Bye Bye [preauth]
May  6 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Disconnected from 123.252.238.214 port 50712 [preauth]
May  6 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25756]: pam_unix(cron:session): session closed for user root
May  6 11:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: Invalid user jenkins from 185.255.91.39
May  6 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: input_userauth_request: invalid user jenkins [preauth]
May  6 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: Failed password for invalid user jenkins from 185.255.91.39 port 53562 ssh2
May  6 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121  user=root
May  6 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: Received disconnect from 185.255.91.39 port 53562:11: Bye Bye [preauth]
May  6 11:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27252]: Disconnected from 185.255.91.39 port 53562 [preauth]
May  6 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: Failed password for root from 188.138.28.121 port 50272 ssh2
May  6 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: Received disconnect from 188.138.28.121 port 50272:11: Bye Bye [preauth]
May  6 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27254]: Disconnected from 188.138.28.121 port 50272 [preauth]
May  6 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27273]: pam_unix(cron:session): session closed for user p13x
May  6 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27363]: Successful su for rubyman by root
May  6 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27363]: + ??? root:rubyman
May  6 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340077 of user rubyman.
May  6 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27363]: pam_unix(su:session): session closed for user rubyman
May  6 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340077.
May  6 11:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24419]: pam_unix(cron:session): session closed for user root
May  6 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27275]: pam_unix(cron:session): session closed for user samftp
May  6 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26194]: pam_unix(cron:session): session closed for user root
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27752]: pam_unix(cron:session): session closed for user p13x
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27815]: Successful su for rubyman by root
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27815]: + ??? root:rubyman
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340083 of user rubyman.
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27815]: pam_unix(su:session): session closed for user rubyman
May  6 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340083.
May  6 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24871]: pam_unix(cron:session): session closed for user root
May  6 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27753]: pam_unix(cron:session): session closed for user samftp
May  6 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26761]: pam_unix(cron:session): session closed for user root
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session closed for user p13x
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: Successful su for rubyman by root
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: + ??? root:rubyman
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340085 of user rubyman.
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: pam_unix(su:session): session closed for user rubyman
May  6 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340085.
May  6 11:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25287]: pam_unix(cron:session): session closed for user root
May  6 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: Invalid user guest from 194.0.234.19
May  6 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: input_userauth_request: invalid user guest [preauth]
May  6 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user samftp
May  6 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: Failed password for invalid user guest from 194.0.234.19 port 30224 ssh2
May  6 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28339]: Connection closed by 194.0.234.19 port 30224 [preauth]
May  6 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: Invalid user rsyncuser from 40.83.182.122
May  6 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: input_userauth_request: invalid user rsyncuser [preauth]
May  6 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: Failed password for invalid user rsyncuser from 40.83.182.122 port 42496 ssh2
May  6 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: Received disconnect from 40.83.182.122 port 42496:11: Bye Bye [preauth]
May  6 11:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28472]: Disconnected from 40.83.182.122 port 42496 [preauth]
May  6 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27278]: pam_unix(cron:session): session closed for user root
May  6 11:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: Invalid user olivia from 83.168.108.5
May  6 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: input_userauth_request: invalid user olivia [preauth]
May  6 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: Failed password for invalid user olivia from 83.168.108.5 port 52462 ssh2
May  6 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: Received disconnect from 83.168.108.5 port 52462:11: Bye Bye [preauth]
May  6 11:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28536]: Disconnected from 83.168.108.5 port 52462 [preauth]
May  6 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28563]: pam_unix(cron:session): session closed for user p13x
May  6 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28625]: Successful su for rubyman by root
May  6 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28625]: + ??? root:rubyman
May  6 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340090 of user rubyman.
May  6 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28625]: pam_unix(su:session): session closed for user rubyman
May  6 11:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340090.
May  6 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25755]: pam_unix(cron:session): session closed for user root
May  6 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28564]: pam_unix(cron:session): session closed for user samftp
May  6 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27756]: pam_unix(cron:session): session closed for user root
May  6 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: Invalid user public from 14.103.114.194
May  6 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: input_userauth_request: invalid user public [preauth]
May  6 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: Failed password for invalid user public from 14.103.114.194 port 35268 ssh2
May  6 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: Received disconnect from 14.103.114.194 port 35268:11: Bye Bye [preauth]
May  6 11:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28925]: Disconnected from 14.103.114.194 port 35268 [preauth]
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session closed for user root
May  6 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session closed for user p13x
May  6 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: Successful su for rubyman by root
May  6 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: + ??? root:rubyman
May  6 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340098 of user rubyman.
May  6 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29129]: pam_unix(su:session): session closed for user rubyman
May  6 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340098.
May  6 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28977]: pam_unix(cron:session): session closed for user root
May  6 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26193]: pam_unix(cron:session): session closed for user root
May  6 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28976]: pam_unix(cron:session): session closed for user samftp
May  6 11:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Invalid user ftpuser from 80.94.95.125
May  6 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: input_userauth_request: invalid user ftpuser [preauth]
May  6 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Failed password for invalid user ftpuser from 80.94.95.125 port 56691 ssh2
May  6 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Failed password for invalid user ftpuser from 80.94.95.125 port 56691 ssh2
May  6 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Failed password for invalid user ftpuser from 80.94.95.125 port 56691 ssh2
May  6 11:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Failed password for invalid user ftpuser from 80.94.95.125 port 56691 ssh2
May  6 11:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Failed password for invalid user ftpuser from 80.94.95.125 port 56691 ssh2
May  6 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Received disconnect from 80.94.95.125 port 56691:11: Bye [preauth]
May  6 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: Disconnected from 80.94.95.125 port 56691 [preauth]
May  6 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 11:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29357]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Invalid user erwin from 36.255.8.54
May  6 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: input_userauth_request: invalid user erwin [preauth]
May  6 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Failed password for invalid user erwin from 36.255.8.54 port 58300 ssh2
May  6 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Received disconnect from 36.255.8.54 port 58300:11: Bye Bye [preauth]
May  6 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Disconnected from 36.255.8.54 port 58300 [preauth]
May  6 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session closed for user root
May  6 11:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 11:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: Failed password for root from 218.92.0.215 port 59970 ssh2
May  6 11:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: message repeated 2 times: [ Failed password for root from 218.92.0.215 port 59970 ssh2]
May  6 11:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: Failed password for root from 218.92.0.215 port 59970 ssh2
May  6 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Invalid user user3 from 188.138.28.121
May  6 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: input_userauth_request: invalid user user3 [preauth]
May  6 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121
May  6 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Failed password for invalid user user3 from 188.138.28.121 port 52164 ssh2
May  6 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Received disconnect from 188.138.28.121 port 52164:11: Bye Bye [preauth]
May  6 11:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29498]: Disconnected from 188.138.28.121 port 52164 [preauth]
May  6 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: Failed password for root from 218.92.0.215 port 59970 ssh2
May  6 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 59970 ssh2 [preauth]
May  6 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: Disconnecting: Too many authentication failures [preauth]
May  6 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 11:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29463]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 11:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 11:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Failed password for root from 218.92.0.215 port 11660 ssh2
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29521]: pam_unix(cron:session): session closed for user p13x
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29592]: Successful su for rubyman by root
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29592]: + ??? root:rubyman
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340101 of user rubyman.
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29592]: pam_unix(su:session): session closed for user rubyman
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340101.
May  6 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39  user=root
May  6 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Failed password for root from 218.92.0.215 port 11660 ssh2
May  6 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Failed password for root from 185.255.91.39 port 43748 ssh2
May  6 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26760]: pam_unix(cron:session): session closed for user root
May  6 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Received disconnect from 185.255.91.39 port 43748:11: Bye Bye [preauth]
May  6 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Disconnected from 185.255.91.39 port 43748 [preauth]
May  6 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29522]: pam_unix(cron:session): session closed for user samftp
May  6 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Failed password for root from 218.92.0.215 port 11660 ssh2
May  6 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: message repeated 3 times: [ Failed password for root from 218.92.0.215 port 11660 ssh2]
May  6 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 11660 ssh2 [preauth]
May  6 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: Disconnecting: Too many authentication failures [preauth]
May  6 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29509]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 11:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 11:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Failed password for root from 218.92.0.215 port 45424 ssh2
May  6 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Received disconnect from 218.92.0.215 port 45424:11:  [preauth]
May  6 11:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Disconnected from 218.92.0.215 port 45424 [preauth]
May  6 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28566]: pam_unix(cron:session): session closed for user root
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29937]: pam_unix(cron:session): session closed for user p13x
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30002]: Successful su for rubyman by root
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30002]: + ??? root:rubyman
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340104 of user rubyman.
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30002]: pam_unix(su:session): session closed for user rubyman
May  6 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340104.
May  6 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session closed for user root
May  6 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29938]: pam_unix(cron:session): session closed for user samftp
May  6 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session closed for user root
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30326]: pam_unix(cron:session): session closed for user p13x
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30395]: Successful su for rubyman by root
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30395]: + ??? root:rubyman
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340110 of user rubyman.
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30395]: pam_unix(su:session): session closed for user rubyman
May  6 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340110.
May  6 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27755]: pam_unix(cron:session): session closed for user root
May  6 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session closed for user samftp
May  6 11:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Invalid user kapsch from 83.168.108.5
May  6 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: input_userauth_request: invalid user kapsch [preauth]
May  6 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Failed password for invalid user kapsch from 83.168.108.5 port 52370 ssh2
May  6 11:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Received disconnect from 83.168.108.5 port 52370:11: Bye Bye [preauth]
May  6 11:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Disconnected from 83.168.108.5 port 52370 [preauth]
May  6 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Invalid user wangjing from 50.235.31.47
May  6 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: input_userauth_request: invalid user wangjing [preauth]
May  6 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Invalid user tes from 40.83.182.122
May  6 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: input_userauth_request: invalid user tes [preauth]
May  6 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user root
May  6 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Failed password for invalid user tes from 40.83.182.122 port 54518 ssh2
May  6 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Failed password for invalid user wangjing from 50.235.31.47 port 45480 ssh2
May  6 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Received disconnect from 40.83.182.122 port 54518:11: Bye Bye [preauth]
May  6 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30645]: Disconnected from 40.83.182.122 port 54518 [preauth]
May  6 11:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30643]: Connection closed by 50.235.31.47 port 45480 [preauth]
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session closed for user p13x
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: Successful su for rubyman by root
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: + ??? root:rubyman
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340112 of user rubyman.
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: pam_unix(su:session): session closed for user rubyman
May  6 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340112.
May  6 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28157]: pam_unix(cron:session): session closed for user root
May  6 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user samftp
May  6 11:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29940]: pam_unix(cron:session): session closed for user root
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session closed for user root
May  6 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user p13x
May  6 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31321]: Successful su for rubyman by root
May  6 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31321]: + ??? root:rubyman
May  6 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340116 of user rubyman.
May  6 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31321]: pam_unix(su:session): session closed for user rubyman
May  6 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340116.
May  6 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28565]: pam_unix(cron:session): session closed for user root
May  6 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session closed for user root
May  6 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session closed for user samftp
May  6 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Invalid user jesa from 14.103.114.194
May  6 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: input_userauth_request: invalid user jesa [preauth]
May  6 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 11:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Failed password for invalid user jesa from 14.103.114.194 port 20788 ssh2
May  6 11:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Received disconnect from 14.103.114.194 port 20788:11: Bye Bye [preauth]
May  6 11:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31534]: Disconnected from 14.103.114.194 port 20788 [preauth]
May  6 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30329]: pam_unix(cron:session): session closed for user root
May  6 11:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Invalid user boom from 36.255.8.54
May  6 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: input_userauth_request: invalid user boom [preauth]
May  6 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Failed password for invalid user boom from 36.255.8.54 port 44406 ssh2
May  6 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Received disconnect from 36.255.8.54 port 44406:11: Bye Bye [preauth]
May  6 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31640]: Disconnected from 36.255.8.54 port 44406 [preauth]
May  6 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121  user=root
May  6 11:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Failed password for root from 188.138.28.121 port 44890 ssh2
May  6 11:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Received disconnect from 188.138.28.121 port 44890:11: Bye Bye [preauth]
May  6 11:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31651]: Disconnected from 188.138.28.121 port 44890 [preauth]
May  6 11:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31719]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31720]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31719]: pam_unix(cron:session): session closed for user p13x
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: Successful su for rubyman by root
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: + ??? root:rubyman
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340124 of user rubyman.
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31787]: pam_unix(su:session): session closed for user rubyman
May  6 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340124.
May  6 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Invalid user ruiyang from 185.255.91.39
May  6 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: input_userauth_request: invalid user ruiyang [preauth]
May  6 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Failed password for invalid user ruiyang from 185.255.91.39 port 37270 ssh2
May  6 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Received disconnect from 185.255.91.39 port 37270:11: Bye Bye [preauth]
May  6 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31716]: Disconnected from 185.255.91.39 port 37270 [preauth]
May  6 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session closed for user root
May  6 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31720]: pam_unix(cron:session): session closed for user samftp
May  6 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session closed for user root
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session closed for user p13x
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: Successful su for rubyman by root
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: + ??? root:rubyman
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340125 of user rubyman.
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: pam_unix(su:session): session closed for user rubyman
May  6 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340125.
May  6 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session closed for user root
May  6 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session closed for user samftp
May  6 11:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user root
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[555]: pam_unix(cron:session): session closed for user p13x
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: Successful su for rubyman by root
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: + ??? root:rubyman
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340129 of user rubyman.
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: pam_unix(su:session): session closed for user rubyman
May  6 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340129.
May  6 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session closed for user root
May  6 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[556]: pam_unix(cron:session): session closed for user samftp
May  6 11:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Invalid user lft from 83.168.108.5
May  6 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: input_userauth_request: invalid user lft [preauth]
May  6 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.168.108.5
May  6 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Failed password for invalid user lft from 83.168.108.5 port 59640 ssh2
May  6 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Received disconnect from 83.168.108.5 port 59640:11: Bye Bye [preauth]
May  6 11:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[858]: Disconnected from 83.168.108.5 port 59640 [preauth]
May  6 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31722]: pam_unix(cron:session): session closed for user root
May  6 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Invalid user testuser2 from 40.83.182.122
May  6 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: input_userauth_request: invalid user testuser2 [preauth]
May  6 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Failed password for invalid user testuser2 from 40.83.182.122 port 59792 ssh2
May  6 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Received disconnect from 40.83.182.122 port 59792:11: Bye Bye [preauth]
May  6 11:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[956]: Disconnected from 40.83.182.122 port 59792 [preauth]
May  6 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1018]: pam_unix(cron:session): session closed for user p13x
May  6 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: Successful su for rubyman by root
May  6 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: + ??? root:rubyman
May  6 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340134 of user rubyman.
May  6 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1096]: pam_unix(su:session): session closed for user rubyman
May  6 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340134.
May  6 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session closed for user root
May  6 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1020]: pam_unix(cron:session): session closed for user samftp
May  6 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session closed for user root
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session closed for user root
May  6 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session closed for user p13x
May  6 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: Successful su for rubyman by root
May  6 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: + ??? root:rubyman
May  6 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340139 of user rubyman.
May  6 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session closed for user rubyman
May  6 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340139.
May  6 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user root
May  6 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user root
May  6 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user samftp
May  6 11:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[558]: pam_unix(cron:session): session closed for user root
May  6 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.138.28.121  user=root
May  6 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Failed password for root from 188.138.28.121 port 41776 ssh2
May  6 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Received disconnect from 188.138.28.121 port 41776:11: Bye Bye [preauth]
May  6 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1912]: Disconnected from 188.138.28.121 port 41776 [preauth]
May  6 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Invalid user sol from 14.103.114.194
May  6 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: input_userauth_request: invalid user sol [preauth]
May  6 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Failed password for invalid user sol from 14.103.114.194 port 13526 ssh2
May  6 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Received disconnect from 14.103.114.194 port 13526:11: Bye Bye [preauth]
May  6 11:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Disconnected from 14.103.114.194 port 13526 [preauth]
May  6 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: Invalid user marcel from 36.255.8.54
May  6 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: input_userauth_request: invalid user marcel [preauth]
May  6 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session closed for user p13x
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2135]: Successful su for rubyman by root
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2135]: + ??? root:rubyman
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340145 of user rubyman.
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2135]: pam_unix(su:session): session closed for user rubyman
May  6 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340145.
May  6 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: Failed password for invalid user marcel from 36.255.8.54 port 44876 ssh2
May  6 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: Received disconnect from 36.255.8.54 port 44876:11: Bye Bye [preauth]
May  6 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2066]: Disconnected from 36.255.8.54 port 44876 [preauth]
May  6 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user root
May  6 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2071]: pam_unix(cron:session): session closed for user samftp
May  6 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Invalid user neolinux from 185.255.91.39
May  6 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: input_userauth_request: invalid user neolinux [preauth]
May  6 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 11:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Failed password for invalid user neolinux from 185.255.91.39 port 54312 ssh2
May  6 11:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Received disconnect from 185.255.91.39 port 54312:11: Bye Bye [preauth]
May  6 11:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2300]: Disconnected from 185.255.91.39 port 54312 [preauth]
May  6 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user root
May  6 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session closed for user p13x
May  6 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2566]: Successful su for rubyman by root
May  6 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2566]: + ??? root:rubyman
May  6 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340148 of user rubyman.
May  6 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2566]: pam_unix(su:session): session closed for user rubyman
May  6 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340148.
May  6 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session closed for user root
May  6 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user samftp
May  6 11:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Failed password for root from 218.92.0.179 port 44154 ssh2
May  6 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 44154 ssh2]
May  6 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Received disconnect from 218.92.0.179 port 44154:11:  [preauth]
May  6 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: Disconnected from 218.92.0.179 port 44154 [preauth]
May  6 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2797]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user root
May  6 11:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 11:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: Failed password for root from 164.68.105.9 port 43252 ssh2
May  6 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2904]: Connection closed by 164.68.105.9 port 43252 [preauth]
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user p13x
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: Successful su for rubyman by root
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: + ??? root:rubyman
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340151 of user rubyman.
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: pam_unix(su:session): session closed for user rubyman
May  6 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340151.
May  6 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session closed for user root
May  6 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2939]: pam_unix(cron:session): session closed for user samftp
May  6 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2073]: pam_unix(cron:session): session closed for user root
May  6 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Invalid user diquest from 40.83.182.122
May  6 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: input_userauth_request: invalid user diquest [preauth]
May  6 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): check pass; user unknown
May  6 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Failed password for invalid user diquest from 40.83.182.122 port 50460 ssh2
May  6 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Received disconnect from 40.83.182.122 port 50460:11: Bye Bye [preauth]
May  6 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3311]: Disconnected from 40.83.182.122 port 50460 [preauth]
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3333]: pam_unix(cron:session): session closed for user p13x
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: Successful su for rubyman by root
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: + ??? root:rubyman
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340155 of user rubyman.
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3408]: pam_unix(su:session): session closed for user rubyman
May  6 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340155.
May  6 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[557]: pam_unix(cron:session): session closed for user root
May  6 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session closed for user samftp
May  6 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user root
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3794]: pam_unix(cron:session): session closed for user root
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session closed for user root
May  6 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session closed for user p13x
May  6 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3883]: Successful su for rubyman by root
May  6 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3883]: + ??? root:rubyman
May  6 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340161 of user rubyman.
May  6 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3883]: pam_unix(su:session): session closed for user rubyman
May  6 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340161.
May  6 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user root
May  6 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3791]: pam_unix(cron:session): session closed for user root
May  6 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session closed for user samftp
May  6 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2941]: pam_unix(cron:session): session closed for user root
May  6 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4473]: pam_unix(cron:session): session closed for user p13x
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: Invalid user qq from 14.103.114.194
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: input_userauth_request: invalid user qq [preauth]
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: Successful su for rubyman by root
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: + ??? root:rubyman
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340167 of user rubyman.
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4556]: pam_unix(su:session): session closed for user rubyman
May  6 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340167.
May  6 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: Failed password for invalid user qq from 14.103.114.194 port 34162 ssh2
May  6 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: Received disconnect from 14.103.114.194 port 34162:11: Bye Bye [preauth]
May  6 12:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4470]: Disconnected from 14.103.114.194 port 34162 [preauth]
May  6 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Invalid user hjwang from 185.255.91.39
May  6 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: input_userauth_request: invalid user hjwang [preauth]
May  6 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
May  6 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Failed password for invalid user hjwang from 185.255.91.39 port 57684 ssh2
May  6 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Received disconnect from 185.255.91.39 port 57684:11: Bye Bye [preauth]
May  6 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4624]: Disconnected from 185.255.91.39 port 57684 [preauth]
May  6 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session closed for user samftp
May  6 12:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: Invalid user darren from 36.255.8.54
May  6 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: input_userauth_request: invalid user darren [preauth]
May  6 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: Failed password for invalid user darren from 36.255.8.54 port 47608 ssh2
May  6 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: Received disconnect from 36.255.8.54 port 47608:11: Bye Bye [preauth]
May  6 12:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4777]: Disconnected from 36.255.8.54 port 47608 [preauth]
May  6 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: Failed password for root from 218.92.0.179 port 51570 ssh2
May  6 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 51570 ssh2]
May  6 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: Received disconnect from 218.92.0.179 port 51570:11:  [preauth]
May  6 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: Disconnected from 218.92.0.179 port 51570 [preauth]
May  6 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4787]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session closed for user root
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user p13x
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4982]: Successful su for rubyman by root
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4982]: + ??? root:rubyman
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340171 of user rubyman.
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4982]: pam_unix(su:session): session closed for user rubyman
May  6 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340171.
May  6 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2072]: pam_unix(cron:session): session closed for user root
May  6 12:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4914]: pam_unix(cron:session): session closed for user samftp
May  6 12:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Invalid user admin from 80.94.95.112
May  6 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: input_userauth_request: invalid user admin [preauth]
May  6 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 12:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for invalid user admin from 80.94.95.112 port 22699 ssh2
May  6 12:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for invalid user admin from 80.94.95.112 port 22699 ssh2
May  6 12:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3793]: pam_unix(cron:session): session closed for user root
May  6 12:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for invalid user admin from 80.94.95.112 port 22699 ssh2
May  6 12:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for invalid user admin from 80.94.95.112 port 22699 ssh2
May  6 12:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for invalid user admin from 80.94.95.112 port 22699 ssh2
May  6 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Received disconnect from 80.94.95.112 port 22699:11: Bye [preauth]
May  6 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Disconnected from 80.94.95.112 port 22699 [preauth]
May  6 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 12:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5526]: pam_unix(cron:session): session closed for user p13x
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: Successful su for rubyman by root
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: + ??? root:rubyman
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340174 of user rubyman.
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5632]: pam_unix(su:session): session closed for user rubyman
May  6 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340174.
May  6 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session closed for user root
May  6 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session closed for user samftp
May  6 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user root
May  6 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Invalid user lruiz from 40.83.182.122
May  6 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: input_userauth_request: invalid user lruiz [preauth]
May  6 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.83.182.122
May  6 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Failed password for invalid user lruiz from 40.83.182.122 port 45984 ssh2
May  6 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Received disconnect from 40.83.182.122 port 45984:11: Bye Bye [preauth]
May  6 12:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Disconnected from 40.83.182.122 port 45984 [preauth]
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6079]: pam_unix(cron:session): session closed for user p13x
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: Successful su for rubyman by root
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: + ??? root:rubyman
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340180 of user rubyman.
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6150]: pam_unix(su:session): session closed for user rubyman
May  6 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340180.
May  6 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session closed for user root
May  6 12:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6080]: pam_unix(cron:session): session closed for user samftp
May  6 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session closed for user root
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user root
May  6 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session closed for user p13x
May  6 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: Successful su for rubyman by root
May  6 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: + ??? root:rubyman
May  6 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340183 of user rubyman.
May  6 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: pam_unix(su:session): session closed for user rubyman
May  6 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340183.
May  6 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user root
May  6 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3335]: pam_unix(cron:session): session closed for user root
May  6 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user samftp
May  6 12:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: Invalid user shareuser from 46.244.96.25
May  6 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: input_userauth_request: invalid user shareuser [preauth]
May  6 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 12:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: Failed password for invalid user shareuser from 46.244.96.25 port 47160 ssh2
May  6 12:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: Connection closed by 46.244.96.25 port 47160 [preauth]
May  6 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5530]: pam_unix(cron:session): session closed for user root
May  6 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Invalid user qw from 185.255.91.39
May  6 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: input_userauth_request: invalid user qw [preauth]
May  6 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7017]: pam_unix(cron:session): session closed for user p13x
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7101]: Successful su for rubyman by root
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7101]: + ??? root:rubyman
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340188 of user rubyman.
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7101]: pam_unix(su:session): session closed for user rubyman
May  6 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340188.
May  6 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for invalid user qw from 185.255.91.39 port 51370 ssh2
May  6 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Received disconnect from 185.255.91.39 port 51370:11: Bye Bye [preauth]
May  6 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Disconnected from 185.255.91.39 port 51370 [preauth]
May  6 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3792]: pam_unix(cron:session): session closed for user root
May  6 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session closed for user samftp
May  6 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Failed password for root from 14.103.114.194 port 42306 ssh2
May  6 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Received disconnect from 14.103.114.194 port 42306:11: Bye Bye [preauth]
May  6 12:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7333]: Disconnected from 14.103.114.194 port 42306 [preauth]
May  6 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session closed for user root
May  6 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Invalid user feelware from 36.255.8.54
May  6 12:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: input_userauth_request: invalid user feelware [preauth]
May  6 12:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 12:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Failed password for invalid user feelware from 36.255.8.54 port 46668 ssh2
May  6 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Received disconnect from 36.255.8.54 port 46668:11: Bye Bye [preauth]
May  6 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7390]: Disconnected from 36.255.8.54 port 46668 [preauth]
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7439]: pam_unix(cron:session): session closed for user p13x
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7610]: Successful su for rubyman by root
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7610]: + ??? root:rubyman
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340192 of user rubyman.
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7610]: pam_unix(su:session): session closed for user rubyman
May  6 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340192.
May  6 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session closed for user root
May  6 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7440]: pam_unix(cron:session): session closed for user samftp
May  6 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user root
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7989]: pam_unix(cron:session): session closed for user p13x
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: Successful su for rubyman by root
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: + ??? root:rubyman
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340196 of user rubyman.
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session closed for user rubyman
May  6 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340196.
May  6 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4915]: pam_unix(cron:session): session closed for user root
May  6 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7990]: pam_unix(cron:session): session closed for user samftp
May  6 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8410]: pam_unix(cron:session): session closed for user p13x
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8539]: Successful su for rubyman by root
May  6 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8539]: + ??? root:rubyman
May  6 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340201 of user rubyman.
May  6 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8539]: pam_unix(su:session): session closed for user rubyman
May  6 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340201.
May  6 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
May  6 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5529]: pam_unix(cron:session): session closed for user root
May  6 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session closed for user samftp
May  6 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session closed for user root
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8933]: pam_unix(cron:session): session closed for user root
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8928]: pam_unix(cron:session): session closed for user p13x
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9001]: Successful su for rubyman by root
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9001]: + ??? root:rubyman
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340205 of user rubyman.
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9001]: pam_unix(su:session): session closed for user rubyman
May  6 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340205.
May  6 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session closed for user root
May  6 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6082]: pam_unix(cron:session): session closed for user root
May  6 12:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session closed for user samftp
May  6 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7992]: pam_unix(cron:session): session closed for user root
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9483]: pam_unix(cron:session): session closed for user p13x
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9553]: Successful su for rubyman by root
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9553]: + ??? root:rubyman
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340211 of user rubyman.
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9553]: pam_unix(su:session): session closed for user rubyman
May  6 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340211.
May  6 12:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user root
May  6 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39  user=root
May  6 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9484]: pam_unix(cron:session): session closed for user samftp
May  6 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: Failed password for root from 185.255.91.39 port 47316 ssh2
May  6 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: Received disconnect from 185.255.91.39 port 47316:11: Bye Bye [preauth]
May  6 12:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9690]: Disconnected from 185.255.91.39 port 47316 [preauth]
May  6 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8414]: pam_unix(cron:session): session closed for user root
May  6 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Failed password for root from 14.103.114.194 port 53454 ssh2
May  6 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Received disconnect from 14.103.114.194 port 53454:11: Bye Bye [preauth]
May  6 12:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Disconnected from 14.103.114.194 port 53454 [preauth]
May  6 12:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Invalid user sbbs from 36.255.8.54
May  6 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: input_userauth_request: invalid user sbbs [preauth]
May  6 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.8.54
May  6 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Failed password for invalid user sbbs from 36.255.8.54 port 56862 ssh2
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Received disconnect from 36.255.8.54 port 56862:11: Bye Bye [preauth]
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9888]: Disconnected from 36.255.8.54 port 56862 [preauth]
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9902]: pam_unix(cron:session): session closed for user p13x
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9963]: Successful su for rubyman by root
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9963]: + ??? root:rubyman
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9963]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340216 of user rubyman.
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9963]: pam_unix(su:session): session closed for user rubyman
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340216.
May  6 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for root from 218.92.0.179 port 14189 ssh2
May  6 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session closed for user root
May  6 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for root from 218.92.0.179 port 14189 ssh2
May  6 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Failed password for root from 218.92.0.179 port 14189 ssh2
May  6 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9903]: pam_unix(cron:session): session closed for user samftp
May  6 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Received disconnect from 218.92.0.179 port 14189:11:  [preauth]
May  6 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: Disconnected from 218.92.0.179 port 14189 [preauth]
May  6 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9890]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8932]: pam_unix(cron:session): session closed for user root
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10382]: pam_unix(cron:session): session closed for user p13x
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: Successful su for rubyman by root
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: + ??? root:rubyman
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340221 of user rubyman.
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10458]: pam_unix(su:session): session closed for user rubyman
May  6 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340221.
May  6 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7441]: pam_unix(cron:session): session closed for user root
May  6 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10383]: pam_unix(cron:session): session closed for user samftp
May  6 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9486]: pam_unix(cron:session): session closed for user root
May  6 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  6 12:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:165.154.128.199
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10885]: pam_unix(cron:session): session closed for user p13x
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10944]: Successful su for rubyman by root
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10944]: + ??? root:rubyman
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340223 of user rubyman.
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10944]: pam_unix(su:session): session closed for user rubyman
May  6 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340223.
May  6 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7991]: pam_unix(cron:session): session closed for user root
May  6 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10886]: pam_unix(cron:session): session closed for user samftp
May  6 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9905]: pam_unix(cron:session): session closed for user root
May  6 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user root
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11284]: pam_unix(cron:session): session closed for user p13x
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: Successful su for rubyman by root
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: + ??? root:rubyman
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340227 of user rubyman.
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11349]: pam_unix(su:session): session closed for user rubyman
May  6 12:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340227.
May  6 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8412]: pam_unix(cron:session): session closed for user root
May  6 12:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11286]: pam_unix(cron:session): session closed for user root
May  6 12:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11285]: pam_unix(cron:session): session closed for user samftp
May  6 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10385]: pam_unix(cron:session): session closed for user root
May  6 12:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Invalid user kafka from 185.255.91.39
May  6 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: input_userauth_request: invalid user kafka [preauth]
May  6 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11710]: pam_unix(cron:session): session closed for user p13x
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: Successful su for rubyman by root
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: + ??? root:rubyman
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340235 of user rubyman.
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11778]: pam_unix(su:session): session closed for user rubyman
May  6 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340235.
May  6 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Failed password for invalid user kafka from 185.255.91.39 port 36848 ssh2
May  6 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Received disconnect from 185.255.91.39 port 36848:11: Bye Bye [preauth]
May  6 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Disconnected from 185.255.91.39 port 36848 [preauth]
May  6 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8931]: pam_unix(cron:session): session closed for user root
May  6 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11711]: pam_unix(cron:session): session closed for user samftp
May  6 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Failed password for root from 218.92.0.204 port 11520 ssh2
May  6 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 11520 ssh2]
May  6 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 11520 ssh2 [preauth]
May  6 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: Disconnecting: Too many authentication failures [preauth]
May  6 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 12:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11884]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10888]: pam_unix(cron:session): session closed for user root
May  6 12:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 12:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: Failed password for root from 218.92.0.204 port 8158 ssh2
May  6 12:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 8158 ssh2]
May  6 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Invalid user annonymous from 50.235.31.47
May  6 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: input_userauth_request: invalid user annonymous [preauth]
May  6 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: Failed password for root from 218.92.0.204 port 8158 ssh2
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 8158 ssh2 [preauth]
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: Disconnecting: Too many authentication failures [preauth]
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Failed password for invalid user annonymous from 50.235.31.47 port 55508 ssh2
May  6 12:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12088]: Connection closed by 50.235.31.47 port 55508 [preauth]
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12105]: pam_unix(cron:session): session closed for user root
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12107]: pam_unix(cron:session): session closed for user p13x
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12170]: Successful su for rubyman by root
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12170]: + ??? root:rubyman
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340237 of user rubyman.
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12170]: pam_unix(su:session): session closed for user rubyman
May  6 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340237.
May  6 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9485]: pam_unix(cron:session): session closed for user root
May  6 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12108]: pam_unix(cron:session): session closed for user samftp
May  6 12:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Invalid user clover from 14.103.114.194
May  6 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: input_userauth_request: invalid user clover [preauth]
May  6 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Failed password for invalid user clover from 14.103.114.194 port 62110 ssh2
May  6 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Received disconnect from 14.103.114.194 port 62110:11: Bye Bye [preauth]
May  6 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Disconnected from 14.103.114.194 port 62110 [preauth]
May  6 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user root
May  6 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12512]: pam_unix(cron:session): session closed for user p13x
May  6 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: Successful su for rubyman by root
May  6 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: + ??? root:rubyman
May  6 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340242 of user rubyman.
May  6 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12576]: pam_unix(su:session): session closed for user rubyman
May  6 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340242.
May  6 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9904]: pam_unix(cron:session): session closed for user root
May  6 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12513]: pam_unix(cron:session): session closed for user samftp
May  6 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11714]: pam_unix(cron:session): session closed for user root
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12902]: pam_unix(cron:session): session closed for user p13x
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12960]: Successful su for rubyman by root
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12960]: + ??? root:rubyman
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340246 of user rubyman.
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12960]: pam_unix(su:session): session closed for user rubyman
May  6 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340246.
May  6 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10384]: pam_unix(cron:session): session closed for user root
May  6 12:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12903]: pam_unix(cron:session): session closed for user samftp
May  6 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12110]: pam_unix(cron:session): session closed for user root
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13303]: pam_unix(cron:session): session closed for user root
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13298]: pam_unix(cron:session): session closed for user p13x
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: Successful su for rubyman by root
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: + ??? root:rubyman
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340254 of user rubyman.
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13367]: pam_unix(su:session): session closed for user rubyman
May  6 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340254.
May  6 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13300]: pam_unix(cron:session): session closed for user root
May  6 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10887]: pam_unix(cron:session): session closed for user root
May  6 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13299]: pam_unix(cron:session): session closed for user samftp
May  6 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13687]: Did not receive identification string from 45.119.212.196
May  6 12:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: Invalid user centos from 45.119.212.196
May  6 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: input_userauth_request: invalid user centos [preauth]
May  6 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: Failed password for invalid user centos from 45.119.212.196 port 51898 ssh2
May  6 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13688]: Connection closed by 45.119.212.196 port 51898 [preauth]
May  6 12:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Invalid user mcserver from 45.119.212.196
May  6 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: input_userauth_request: invalid user mcserver [preauth]
May  6 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Failed password for invalid user mcserver from 45.119.212.196 port 57450 ssh2
May  6 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Connection closed by 45.119.212.196 port 57450 [preauth]
May  6 12:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Failed password for root from 45.119.212.196 port 57454 ssh2
May  6 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13717]: Connection closed by 45.119.212.196 port 57454 [preauth]
May  6 12:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Invalid user admin from 45.119.212.196
May  6 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: input_userauth_request: invalid user admin [preauth]
May  6 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user admin from 45.119.212.196 port 37426 ssh2
May  6 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Connection closed by 45.119.212.196 port 37426 [preauth]
May  6 12:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Invalid user admin from 45.119.212.196
May  6 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: input_userauth_request: invalid user admin [preauth]
May  6 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Failed password for invalid user admin from 45.119.212.196 port 37436 ssh2
May  6 12:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13751]: Connection closed by 45.119.212.196 port 37436 [preauth]
May  6 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Invalid user a from 45.119.212.196
May  6 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: input_userauth_request: invalid user a [preauth]
May  6 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Failed password for invalid user a from 45.119.212.196 port 37444 ssh2
May  6 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13757]: Connection closed by 45.119.212.196 port 37444 [preauth]
May  6 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: Invalid user vagrant from 45.119.212.196
May  6 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: input_userauth_request: invalid user vagrant [preauth]
May  6 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12515]: pam_unix(cron:session): session closed for user root
May  6 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: Failed password for invalid user vagrant from 45.119.212.196 port 45168 ssh2
May  6 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13769]: Connection closed by 45.119.212.196 port 45168 [preauth]
May  6 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Invalid user minecraft from 45.119.212.196
May  6 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: input_userauth_request: invalid user minecraft [preauth]
May  6 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Failed password for invalid user minecraft from 45.119.212.196 port 45174 ssh2
May  6 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Connection closed by 45.119.212.196 port 45174 [preauth]
May  6 12:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Invalid user zjw from 45.119.212.196
May  6 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: input_userauth_request: invalid user zjw [preauth]
May  6 12:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Failed password for invalid user zjw from 45.119.212.196 port 45182 ssh2
May  6 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13803]: Connection closed by 45.119.212.196 port 45182 [preauth]
May  6 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Invalid user db from 45.119.212.196
May  6 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: input_userauth_request: invalid user db [preauth]
May  6 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Failed password for invalid user db from 45.119.212.196 port 41452 ssh2
May  6 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13820]: Connection closed by 45.119.212.196 port 41452 [preauth]
May  6 12:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: Failed password for root from 45.119.212.196 port 41460 ssh2
May  6 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13827]: Connection closed by 45.119.212.196 port 41460 [preauth]
May  6 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Failed password for root from 45.119.212.196 port 41472 ssh2
May  6 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13838]: Connection closed by 45.119.212.196 port 41472 [preauth]
May  6 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Invalid user recepcao from 185.255.91.39
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: input_userauth_request: invalid user recepcao [preauth]
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Failed password for root from 45.119.212.196 port 42824 ssh2
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13848]: Connection closed by 45.119.212.196 port 42824 [preauth]
May  6 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Invalid user steam from 45.119.212.196
May  6 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: input_userauth_request: invalid user steam [preauth]
May  6 12:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Failed password for invalid user recepcao from 185.255.91.39 port 52404 ssh2
May  6 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Received disconnect from 185.255.91.39 port 52404:11: Bye Bye [preauth]
May  6 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Disconnected from 185.255.91.39 port 52404 [preauth]
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session closed for user p13x
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Failed password for invalid user steam from 45.119.212.196 port 42840 ssh2
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: Successful su for rubyman by root
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: + ??? root:rubyman
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340258 of user rubyman.
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13934]: pam_unix(su:session): session closed for user rubyman
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340258.
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Connection closed by 45.119.212.196 port 42840 [preauth]
May  6 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Failed password for root from 45.119.212.196 port 42844 ssh2
May  6 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13966]: Connection closed by 45.119.212.196 port 42844 [preauth]
May  6 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user root
May  6 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13867]: pam_unix(cron:session): session closed for user samftp
May  6 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Invalid user test from 45.119.212.196
May  6 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: input_userauth_request: invalid user test [preauth]
May  6 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Failed password for invalid user test from 45.119.212.196 port 50702 ssh2
May  6 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14099]: Connection closed by 45.119.212.196 port 50702 [preauth]
May  6 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Failed password for root from 45.119.212.196 port 50706 ssh2
May  6 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14130]: Connection closed by 45.119.212.196 port 50706 [preauth]
May  6 12:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: User ftp from 45.119.212.196 not allowed because not listed in AllowUsers
May  6 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: input_userauth_request: invalid user ftp [preauth]
May  6 12:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=ftp
May  6 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for invalid user ftp from 45.119.212.196 port 60960 ssh2
May  6 12:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Connection closed by 45.119.212.196 port 60960 [preauth]
May  6 12:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: Invalid user test from 45.119.212.196
May  6 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: input_userauth_request: invalid user test [preauth]
May  6 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: Failed password for invalid user test from 45.119.212.196 port 60968 ssh2
May  6 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14156]: Connection closed by 45.119.212.196 port 60968 [preauth]
May  6 12:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: Failed password for root from 45.119.212.196 port 60972 ssh2
May  6 12:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14167]: Connection closed by 45.119.212.196 port 60972 [preauth]
May  6 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Invalid user csgo from 45.119.212.196
May  6 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: input_userauth_request: invalid user csgo [preauth]
May  6 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Failed password for invalid user csgo from 45.119.212.196 port 33054 ssh2
May  6 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14182]: Connection closed by 45.119.212.196 port 33054 [preauth]
May  6 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: Invalid user admin from 45.119.212.196
May  6 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: input_userauth_request: invalid user admin [preauth]
May  6 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: Failed password for invalid user admin from 45.119.212.196 port 33062 ssh2
May  6 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14193]: Connection closed by 45.119.212.196 port 33062 [preauth]
May  6 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: Invalid user a from 45.119.212.196
May  6 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: input_userauth_request: invalid user a [preauth]
May  6 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12905]: pam_unix(cron:session): session closed for user root
May  6 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: Failed password for invalid user a from 45.119.212.196 port 33074 ssh2
May  6 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: Connection closed by 45.119.212.196 port 33074 [preauth]
May  6 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Invalid user ubuntu from 45.119.212.196
May  6 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: input_userauth_request: invalid user ubuntu [preauth]
May  6 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Failed password for invalid user ubuntu from 45.119.212.196 port 41870 ssh2
May  6 12:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14227]: Connection closed by 45.119.212.196 port 41870 [preauth]
May  6 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: Invalid user minecraft from 45.119.212.196
May  6 12:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: input_userauth_request: invalid user minecraft [preauth]
May  6 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: Failed password for invalid user minecraft from 45.119.212.196 port 41880 ssh2
May  6 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14237]: Connection closed by 45.119.212.196 port 41880 [preauth]
May  6 12:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Invalid user debian from 45.119.212.196
May  6 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: input_userauth_request: invalid user debian [preauth]
May  6 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Failed password for invalid user debian from 45.119.212.196 port 41886 ssh2
May  6 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14248]: Connection closed by 45.119.212.196 port 41886 [preauth]
May  6 12:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Invalid user admin from 45.119.212.196
May  6 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: input_userauth_request: invalid user admin [preauth]
May  6 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Failed password for invalid user admin from 45.119.212.196 port 42360 ssh2
May  6 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14264]: Connection closed by 45.119.212.196 port 42360 [preauth]
May  6 12:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Invalid user minecraft from 45.119.212.196
May  6 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: input_userauth_request: invalid user minecraft [preauth]
May  6 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Failed password for invalid user minecraft from 45.119.212.196 port 42372 ssh2
May  6 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14275]: Connection closed by 45.119.212.196 port 42372 [preauth]
May  6 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Invalid user ansible from 45.119.212.196
May  6 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: input_userauth_request: invalid user ansible [preauth]
May  6 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Failed password for invalid user ansible from 45.119.212.196 port 46702 ssh2
May  6 12:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Connection closed by 45.119.212.196 port 46702 [preauth]
May  6 12:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Invalid user odoo from 45.119.212.196
May  6 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: input_userauth_request: invalid user odoo [preauth]
May  6 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Failed password for invalid user odoo from 45.119.212.196 port 46714 ssh2
May  6 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Connection closed by 45.119.212.196 port 46714 [preauth]
May  6 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14302]: pam_unix(cron:session): session closed for user p13x
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Invalid user minecraft from 45.119.212.196
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: input_userauth_request: invalid user minecraft [preauth]
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14365]: Successful su for rubyman by root
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14365]: + ??? root:rubyman
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340261 of user rubyman.
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14365]: pam_unix(su:session): session closed for user rubyman
May  6 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340261.
May  6 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Failed password for invalid user minecraft from 45.119.212.196 port 46726 ssh2
May  6 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14299]: Connection closed by 45.119.212.196 port 46726 [preauth]
May  6 12:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11713]: pam_unix(cron:session): session closed for user root
May  6 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14303]: pam_unix(cron:session): session closed for user samftp
May  6 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: Failed password for root from 45.119.212.196 port 43300 ssh2
May  6 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14515]: Connection closed by 45.119.212.196 port 43300 [preauth]
May  6 12:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Invalid user user1 from 45.119.212.196
May  6 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: input_userauth_request: invalid user user1 [preauth]
May  6 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Failed password for invalid user user1 from 45.119.212.196 port 43312 ssh2
May  6 12:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Connection closed by 45.119.212.196 port 43312 [preauth]
May  6 12:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: Invalid user test from 45.119.212.196
May  6 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: input_userauth_request: invalid user test [preauth]
May  6 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: Failed password for invalid user test from 45.119.212.196 port 43316 ssh2
May  6 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14565]: Connection closed by 45.119.212.196 port 43316 [preauth]
May  6 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196  user=root
May  6 12:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Failed password for root from 45.119.212.196 port 35940 ssh2
May  6 12:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14590]: Connection closed by 45.119.212.196 port 35940 [preauth]
May  6 12:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Invalid user hduser from 45.119.212.196
May  6 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: input_userauth_request: invalid user hduser [preauth]
May  6 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Failed password for invalid user hduser from 45.119.212.196 port 35950 ssh2
May  6 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Connection closed by 45.119.212.196 port 35950 [preauth]
May  6 12:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Invalid user test from 45.119.212.196
May  6 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: input_userauth_request: invalid user test [preauth]
May  6 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Failed password for invalid user test from 45.119.212.196 port 35516 ssh2
May  6 12:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14604]: Connection closed by 45.119.212.196 port 35516 [preauth]
May  6 12:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Invalid user user3 from 45.119.212.196
May  6 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: input_userauth_request: invalid user user3 [preauth]
May  6 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Failed password for invalid user user3 from 45.119.212.196 port 35528 ssh2
May  6 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Connection closed by 45.119.212.196 port 35528 [preauth]
May  6 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: Invalid user db from 45.119.212.196
May  6 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: input_userauth_request: invalid user db [preauth]
May  6 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.119.212.196
May  6 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13302]: pam_unix(cron:session): session closed for user root
May  6 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: Failed password for invalid user db from 45.119.212.196 port 35536 ssh2
May  6 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14646]: Connection closed by 45.119.212.196 port 35536 [preauth]
May  6 12:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: Invalid user vpn from 14.103.114.194
May  6 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: input_userauth_request: invalid user vpn [preauth]
May  6 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 12:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for root from 218.92.0.179 port 62006 ssh2
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Invalid user git from 200.189.192.3
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: input_userauth_request: invalid user git [preauth]
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: Failed password for invalid user vpn from 14.103.114.194 port 54062 ssh2
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: Received disconnect from 14.103.114.194 port 54062:11: Bye Bye [preauth]
May  6 12:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14682]: Disconnected from 14.103.114.194 port 54062 [preauth]
May  6 12:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for root from 218.92.0.179 port 62006 ssh2
May  6 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Failed password for invalid user git from 200.189.192.3 port 59813 ssh2
May  6 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Received disconnect from 200.189.192.3 port 59813:11: Bye Bye [preauth]
May  6 12:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14680]: Disconnected from 200.189.192.3 port 59813 [preauth]
May  6 12:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Failed password for root from 218.92.0.179 port 62006 ssh2
May  6 12:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Received disconnect from 218.92.0.179 port 62006:11:  [preauth]
May  6 12:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: Disconnected from 218.92.0.179 port 62006 [preauth]
May  6 12:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14678]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14740]: pam_unix(cron:session): session closed for user p13x
May  6 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: Successful su for rubyman by root
May  6 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: + ??? root:rubyman
May  6 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340264 of user rubyman.
May  6 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: pam_unix(su:session): session closed for user rubyman
May  6 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340264.
May  6 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12109]: pam_unix(cron:session): session closed for user root
May  6 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14741]: pam_unix(cron:session): session closed for user samftp
May  6 12:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Invalid user guest from 80.94.95.125
May  6 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: input_userauth_request: invalid user guest [preauth]
May  6 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 12:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user guest from 80.94.95.125 port 64905 ssh2
May  6 12:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user guest from 80.94.95.125 port 64905 ssh2
May  6 12:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user guest from 80.94.95.125 port 64905 ssh2
May  6 12:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user guest from 80.94.95.125 port 64905 ssh2
May  6 12:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user guest from 80.94.95.125 port 64905 ssh2
May  6 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Received disconnect from 80.94.95.125 port 64905:11: Bye [preauth]
May  6 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Disconnected from 80.94.95.125 port 64905 [preauth]
May  6 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 12:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13869]: pam_unix(cron:session): session closed for user root
May  6 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15138]: pam_unix(cron:session): session closed for user p13x
May  6 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15196]: Successful su for rubyman by root
May  6 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15196]: + ??? root:rubyman
May  6 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340268 of user rubyman.
May  6 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15196]: pam_unix(su:session): session closed for user rubyman
May  6 12:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340268.
May  6 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session closed for user root
May  6 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15139]: pam_unix(cron:session): session closed for user samftp
May  6 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Invalid user exportuser from 164.68.105.9
May  6 12:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: input_userauth_request: invalid user exportuser [preauth]
May  6 12:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Failed password for invalid user exportuser from 164.68.105.9 port 38450 ssh2
May  6 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15408]: Connection closed by 164.68.105.9 port 38450 [preauth]
May  6 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14305]: pam_unix(cron:session): session closed for user root
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user root
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15526]: pam_unix(cron:session): session closed for user p13x
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: Successful su for rubyman by root
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: + ??? root:rubyman
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340275 of user rubyman.
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15593]: pam_unix(su:session): session closed for user rubyman
May  6 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340275.
May  6 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15528]: pam_unix(cron:session): session closed for user root
May  6 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12904]: pam_unix(cron:session): session closed for user root
May  6 12:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15527]: pam_unix(cron:session): session closed for user samftp
May  6 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session closed for user root
May  6 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Invalid user dock from 185.255.91.39
May  6 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: input_userauth_request: invalid user dock [preauth]
May  6 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.255.91.39
May  6 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Failed password for invalid user dock from 185.255.91.39 port 53866 ssh2
May  6 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Received disconnect from 185.255.91.39 port 53866:11: Bye Bye [preauth]
May  6 12:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15942]: Disconnected from 185.255.91.39 port 53866 [preauth]
May  6 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session closed for user p13x
May  6 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16022]: Successful su for rubyman by root
May  6 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16022]: + ??? root:rubyman
May  6 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340278 of user rubyman.
May  6 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16022]: pam_unix(su:session): session closed for user rubyman
May  6 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340278.
May  6 12:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13301]: pam_unix(cron:session): session closed for user root
May  6 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user samftp
May  6 12:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15141]: pam_unix(cron:session): session closed for user root
May  6 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16342]: pam_unix(cron:session): session closed for user p13x
May  6 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: Successful su for rubyman by root
May  6 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: + ??? root:rubyman
May  6 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340284 of user rubyman.
May  6 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16399]: pam_unix(su:session): session closed for user rubyman
May  6 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340284.
May  6 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13868]: pam_unix(cron:session): session closed for user root
May  6 12:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16343]: pam_unix(cron:session): session closed for user samftp
May  6 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user root
May  6 12:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Failed password for root from 14.103.114.194 port 22556 ssh2
May  6 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Received disconnect from 14.103.114.194 port 22556:11: Bye Bye [preauth]
May  6 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16785]: Disconnected from 14.103.114.194 port 22556 [preauth]
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session closed for user p13x
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: Successful su for rubyman by root
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: + ??? root:rubyman
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340287 of user rubyman.
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16856]: pam_unix(su:session): session closed for user rubyman
May  6 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340287.
May  6 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14304]: pam_unix(cron:session): session closed for user root
May  6 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user samftp
May  6 12:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session closed for user p13x
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17283]: Successful su for rubyman by root
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17283]: + ??? root:rubyman
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340290 of user rubyman.
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17283]: pam_unix(su:session): session closed for user rubyman
May  6 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340290.
May  6 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14742]: pam_unix(cron:session): session closed for user root
May  6 12:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17219]: pam_unix(cron:session): session closed for user samftp
May  6 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16345]: pam_unix(cron:session): session closed for user root
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session closed for user root
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17625]: pam_unix(cron:session): session closed for user p13x
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17707]: Successful su for rubyman by root
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17707]: + ??? root:rubyman
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340294 of user rubyman.
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17707]: pam_unix(su:session): session closed for user rubyman
May  6 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340294.
May  6 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user root
May  6 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session closed for user root
May  6 12:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user samftp
May  6 12:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 12:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 218.92.0.215 port 49272 ssh2
May  6 12:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 218.92.0.215 port 49272 ssh2
May  6 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16799]: pam_unix(cron:session): session closed for user root
May  6 12:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 218.92.0.215 port 49272 ssh2
May  6 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 218.92.0.215 port 49272 ssh2
May  6 12:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Failed password for root from 218.92.0.215 port 49272 ssh2
May  6 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 49272 ssh2 [preauth]
May  6 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: Disconnecting: Too many authentication failures [preauth]
May  6 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18094]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for root from 218.92.0.179 port 51776 ssh2
May  6 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for root from 218.92.0.179 port 51776 ssh2
May  6 12:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 12:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Failed password for root from 218.92.0.215 port 22322 ssh2
May  6 12:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Failed password for root from 218.92.0.179 port 51776 ssh2
May  6 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Received disconnect from 218.92.0.179 port 51776:11:  [preauth]
May  6 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Disconnected from 218.92.0.179 port 51776 [preauth]
May  6 12:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Failed password for root from 218.92.0.215 port 22322 ssh2
May  6 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: message repeated 4 times: [ Failed password for root from 218.92.0.215 port 22322 ssh2]
May  6 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 22322 ssh2 [preauth]
May  6 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Disconnecting: Too many authentication failures [preauth]
May  6 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 12:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18198]: pam_unix(cron:session): session closed for user p13x
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: Successful su for rubyman by root
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: + ??? root:rubyman
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340301 of user rubyman.
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18265]: pam_unix(su:session): session closed for user rubyman
May  6 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340301.
May  6 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 12:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user root
May  6 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18199]: pam_unix(cron:session): session closed for user samftp
May  6 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18377]: Failed password for root from 218.92.0.215 port 51428 ssh2
May  6 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18377]: Received disconnect from 218.92.0.215 port 51428:11:  [preauth]
May  6 12:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18377]: Disconnected from 218.92.0.215 port 51428 [preauth]
May  6 12:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Invalid user ny from 46.244.96.25
May  6 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: input_userauth_request: invalid user ny [preauth]
May  6 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session closed for user root
May  6 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Failed password for invalid user ny from 46.244.96.25 port 52570 ssh2
May  6 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18527]: Connection closed by 46.244.96.25 port 52570 [preauth]
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18614]: pam_unix(cron:session): session closed for user p13x
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: Successful su for rubyman by root
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: + ??? root:rubyman
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340305 of user rubyman.
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18675]: pam_unix(su:session): session closed for user rubyman
May  6 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340305.
May  6 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user root
May  6 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18615]: pam_unix(cron:session): session closed for user samftp
May  6 12:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user root
May  6 12:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3  user=root
May  6 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Failed password for root from 200.189.192.3 port 50108 ssh2
May  6 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Received disconnect from 200.189.192.3 port 50108:11: Bye Bye [preauth]
May  6 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18939]: Disconnected from 200.189.192.3 port 50108 [preauth]
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19019]: pam_unix(cron:session): session closed for user p13x
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: Successful su for rubyman by root
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: + ??? root:rubyman
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340309 of user rubyman.
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19089]: pam_unix(su:session): session closed for user rubyman
May  6 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340309.
May  6 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16344]: pam_unix(cron:session): session closed for user root
May  6 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19020]: pam_unix(cron:session): session closed for user samftp
May  6 12:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: Failed password for root from 14.103.114.194 port 21684 ssh2
May  6 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: Received disconnect from 14.103.114.194 port 21684:11: Bye Bye [preauth]
May  6 12:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19319]: Disconnected from 14.103.114.194 port 21684 [preauth]
May  6 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18201]: pam_unix(cron:session): session closed for user root
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19435]: pam_unix(cron:session): session closed for user p13x
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: Successful su for rubyman by root
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: + ??? root:rubyman
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340312 of user rubyman.
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19497]: pam_unix(su:session): session closed for user rubyman
May  6 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340312.
May  6 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16798]: pam_unix(cron:session): session closed for user root
May  6 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19436]: pam_unix(cron:session): session closed for user samftp
May  6 12:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18617]: pam_unix(cron:session): session closed for user root
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19854]: pam_unix(cron:session): session closed for user root
May  6 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user p13x
May  6 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19915]: Successful su for rubyman by root
May  6 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19915]: + ??? root:rubyman
May  6 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340317 of user rubyman.
May  6 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19915]: pam_unix(su:session): session closed for user rubyman
May  6 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340317.
May  6 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17220]: pam_unix(cron:session): session closed for user root
May  6 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session closed for user root
May  6 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user samftp
May  6 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19022]: pam_unix(cron:session): session closed for user root
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20281]: pam_unix(cron:session): session closed for user p13x
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20346]: Successful su for rubyman by root
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20346]: + ??? root:rubyman
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340322 of user rubyman.
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20346]: pam_unix(su:session): session closed for user rubyman
May  6 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340322.
May  6 12:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user root
May  6 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20282]: pam_unix(cron:session): session closed for user samftp
May  6 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user root
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20684]: pam_unix(cron:session): session closed for user p13x
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: Successful su for rubyman by root
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: + ??? root:rubyman
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340326 of user rubyman.
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20746]: pam_unix(su:session): session closed for user rubyman
May  6 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340326.
May  6 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18200]: pam_unix(cron:session): session closed for user root
May  6 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Invalid user admin from 80.94.95.112
May  6 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: input_userauth_request: invalid user admin [preauth]
May  6 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session closed for user samftp
May  6 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for invalid user admin from 80.94.95.112 port 40879 ssh2
May  6 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for invalid user admin from 80.94.95.112 port 40879 ssh2
May  6 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for invalid user admin from 80.94.95.112 port 40879 ssh2
May  6 12:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for invalid user admin from 80.94.95.112 port 40879 ssh2
May  6 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for invalid user admin from 80.94.95.112 port 40879 ssh2
May  6 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Received disconnect from 80.94.95.112 port 40879:11: Bye [preauth]
May  6 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Disconnected from 80.94.95.112 port 40879 [preauth]
May  6 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 12:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19853]: pam_unix(cron:session): session closed for user root
May  6 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21104]: pam_unix(cron:session): session closed for user p13x
May  6 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21167]: Successful su for rubyman by root
May  6 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21167]: + ??? root:rubyman
May  6 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340330 of user rubyman.
May  6 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21167]: pam_unix(su:session): session closed for user rubyman
May  6 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340330.
May  6 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18616]: pam_unix(cron:session): session closed for user root
May  6 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21105]: pam_unix(cron:session): session closed for user samftp
May  6 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session closed for user root
May  6 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Failed password for root from 14.103.114.194 port 33530 ssh2
May  6 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Received disconnect from 14.103.114.194 port 33530:11: Bye Bye [preauth]
May  6 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21518]: Disconnected from 14.103.114.194 port 33530 [preauth]
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session closed for user p13x
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21698]: Successful su for rubyman by root
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21698]: + ??? root:rubyman
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340335 of user rubyman.
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21698]: pam_unix(su:session): session closed for user rubyman
May  6 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340335.
May  6 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session closed for user root
May  6 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19021]: pam_unix(cron:session): session closed for user root
May  6 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21548]: pam_unix(cron:session): session closed for user samftp
May  6 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20687]: pam_unix(cron:session): session closed for user root
May  6 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3  user=root
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22394]: pam_unix(cron:session): session closed for user root
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session closed for user p13x
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22481]: Successful su for rubyman by root
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22481]: + ??? root:rubyman
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340340 of user rubyman.
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22481]: pam_unix(su:session): session closed for user rubyman
May  6 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340340.
May  6 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Failed password for root from 200.189.192.3 port 36562 ssh2
May  6 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Received disconnect from 200.189.192.3 port 36562:11: Bye Bye [preauth]
May  6 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Disconnected from 200.189.192.3 port 36562 [preauth]
May  6 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19437]: pam_unix(cron:session): session closed for user root
May  6 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
May  6 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user samftp
May  6 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21107]: pam_unix(cron:session): session closed for user root
May  6 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session closed for user p13x
May  6 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22989]: Successful su for rubyman by root
May  6 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22989]: + ??? root:rubyman
May  6 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340347 of user rubyman.
May  6 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22989]: pam_unix(su:session): session closed for user rubyman
May  6 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340347.
May  6 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session closed for user root
May  6 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session closed for user samftp
May  6 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Failed password for root from 218.92.0.179 port 21648 ssh2
May  6 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21550]: pam_unix(cron:session): session closed for user root
May  6 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Failed password for root from 218.92.0.179 port 21648 ssh2
May  6 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Failed password for root from 218.92.0.179 port 21648 ssh2
May  6 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Received disconnect from 218.92.0.179 port 21648:11:  [preauth]
May  6 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Disconnected from 218.92.0.179 port 21648 [preauth]
May  6 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23421]: pam_unix(cron:session): session closed for user p13x
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23488]: Successful su for rubyman by root
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23488]: + ??? root:rubyman
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340349 of user rubyman.
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23488]: pam_unix(su:session): session closed for user rubyman
May  6 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340349.
May  6 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session closed for user root
May  6 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23422]: pam_unix(cron:session): session closed for user samftp
May  6 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22393]: pam_unix(cron:session): session closed for user root
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session closed for user p13x
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: Successful su for rubyman by root
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: + ??? root:rubyman
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340353 of user rubyman.
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24009]: pam_unix(su:session): session closed for user rubyman
May  6 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340353.
May  6 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session closed for user root
May  6 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user samftp
May  6 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22888]: pam_unix(cron:session): session closed for user root
May  6 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session closed for user p13x
May  6 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: Successful su for rubyman by root
May  6 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: + ??? root:rubyman
May  6 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340358 of user rubyman.
May  6 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24442]: pam_unix(su:session): session closed for user rubyman
May  6 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340358.
May  6 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21106]: pam_unix(cron:session): session closed for user root
May  6 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24365]: pam_unix(cron:session): session closed for user samftp
May  6 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Invalid user bacon from 14.103.114.194
May  6 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: input_userauth_request: invalid user bacon [preauth]
May  6 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 12:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Failed password for invalid user bacon from 14.103.114.194 port 31996 ssh2
May  6 12:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Received disconnect from 14.103.114.194 port 31996:11: Bye Bye [preauth]
May  6 12:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Disconnected from 14.103.114.194 port 31996 [preauth]
May  6 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23426]: pam_unix(cron:session): session closed for user root
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user root
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24794]: pam_unix(cron:session): session closed for user p13x
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: Successful su for rubyman by root
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: + ??? root:rubyman
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340366 of user rubyman.
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24866]: pam_unix(su:session): session closed for user rubyman
May  6 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340366.
May  6 12:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24798]: pam_unix(cron:session): session closed for user root
May  6 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session closed for user root
May  6 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24795]: pam_unix(cron:session): session closed for user samftp
May  6 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23930]: pam_unix(cron:session): session closed for user root
May  6 12:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Failed password for root from 218.92.0.179 port 47838 ssh2
May  6 12:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 47838 ssh2]
May  6 12:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Received disconnect from 218.92.0.179 port 47838:11:  [preauth]
May  6 12:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Disconnected from 218.92.0.179 port 47838 [preauth]
May  6 12:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25234]: pam_unix(cron:session): session closed for user p13x
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25312]: Successful su for rubyman by root
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25312]: + ??? root:rubyman
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340369 of user rubyman.
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25312]: pam_unix(su:session): session closed for user rubyman
May  6 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340369.
May  6 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22392]: pam_unix(cron:session): session closed for user root
May  6 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25235]: pam_unix(cron:session): session closed for user samftp
May  6 12:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session closed for user root
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session closed for user p13x
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: Successful su for rubyman by root
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: + ??? root:rubyman
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340373 of user rubyman.
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: pam_unix(su:session): session closed for user rubyman
May  6 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340373.
May  6 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session closed for user root
May  6 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25694]: pam_unix(cron:session): session closed for user samftp
May  6 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: Invalid user kafka from 200.189.192.3
May  6 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: input_userauth_request: invalid user kafka [preauth]
May  6 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: Failed password for invalid user kafka from 200.189.192.3 port 50473 ssh2
May  6 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: Received disconnect from 200.189.192.3 port 50473:11: Bye Bye [preauth]
May  6 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26033]: Disconnected from 200.189.192.3 port 50473 [preauth]
May  6 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24800]: pam_unix(cron:session): session closed for user root
May  6 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26157]: pam_unix(cron:session): session closed for user p13x
May  6 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: Successful su for rubyman by root
May  6 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: + ??? root:rubyman
May  6 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340377 of user rubyman.
May  6 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26215]: pam_unix(su:session): session closed for user rubyman
May  6 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340377.
May  6 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23425]: pam_unix(cron:session): session closed for user root
May  6 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session closed for user samftp
May  6 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session closed for user root
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26627]: pam_unix(cron:session): session closed for user p13x
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: Successful su for rubyman by root
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: + ??? root:rubyman
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340379 of user rubyman.
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26693]: pam_unix(su:session): session closed for user rubyman
May  6 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340379.
May  6 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23929]: pam_unix(cron:session): session closed for user root
May  6 12:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26628]: pam_unix(cron:session): session closed for user samftp
May  6 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session closed for user root
May  6 12:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Invalid user wfp from 14.103.114.194
May  6 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: input_userauth_request: invalid user wfp [preauth]
May  6 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Failed password for invalid user wfp from 14.103.114.194 port 41986 ssh2
May  6 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Received disconnect from 14.103.114.194 port 41986:11: Bye Bye [preauth]
May  6 12:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27062]: Disconnected from 14.103.114.194 port 41986 [preauth]
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27101]: pam_unix(cron:session): session closed for user root
May  6 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session closed for user p13x
May  6 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: Successful su for rubyman by root
May  6 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: + ??? root:rubyman
May  6 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340385 of user rubyman.
May  6 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27170]: pam_unix(su:session): session closed for user rubyman
May  6 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340385.
May  6 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27098]: pam_unix(cron:session): session closed for user root
May  6 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user root
May  6 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27097]: pam_unix(cron:session): session closed for user samftp
May  6 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user root
May  6 12:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: Failed password for root from 218.92.0.179 port 32478 ssh2
May  6 12:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32478 ssh2]
May  6 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: Received disconnect from 218.92.0.179 port 32478:11:  [preauth]
May  6 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: Disconnected from 218.92.0.179 port 32478 [preauth]
May  6 12:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27609]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session closed for user p13x
May  6 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: Successful su for rubyman by root
May  6 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: + ??? root:rubyman
May  6 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340389 of user rubyman.
May  6 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: pam_unix(su:session): session closed for user rubyman
May  6 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340389.
May  6 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24799]: pam_unix(cron:session): session closed for user root
May  6 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session closed for user samftp
May  6 12:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26630]: pam_unix(cron:session): session closed for user root
May  6 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28040]: pam_unix(cron:session): session closed for user p13x
May  6 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28102]: Successful su for rubyman by root
May  6 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28102]: + ??? root:rubyman
May  6 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340395 of user rubyman.
May  6 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28102]: pam_unix(su:session): session closed for user rubyman
May  6 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340395.
May  6 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25236]: pam_unix(cron:session): session closed for user root
May  6 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28041]: pam_unix(cron:session): session closed for user samftp
May  6 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27100]: pam_unix(cron:session): session closed for user root
May  6 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28441]: pam_unix(cron:session): session closed for user p13x
May  6 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28506]: Successful su for rubyman by root
May  6 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28506]: + ??? root:rubyman
May  6 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340397 of user rubyman.
May  6 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28506]: pam_unix(su:session): session closed for user rubyman
May  6 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340397.
May  6 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session closed for user root
May  6 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session closed for user samftp
May  6 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session closed for user root
May  6 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Invalid user clinton from 193.70.84.184
May  6 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: input_userauth_request: invalid user clinton [preauth]
May  6 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 12:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Failed password for invalid user clinton from 193.70.84.184 port 37152 ssh2
May  6 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28810]: Connection closed by 193.70.84.184 port 37152 [preauth]
May  6 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28839]: pam_unix(cron:session): session closed for user p13x
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: Successful su for rubyman by root
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: + ??? root:rubyman
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340401 of user rubyman.
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: pam_unix(su:session): session closed for user rubyman
May  6 12:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340401.
May  6 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session closed for user root
May  6 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28840]: pam_unix(cron:session): session closed for user samftp
May  6 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user root
May  6 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Invalid user infra from 200.189.192.3
May  6 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: input_userauth_request: invalid user infra [preauth]
May  6 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 12:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Failed password for invalid user infra from 200.189.192.3 port 37241 ssh2
May  6 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Received disconnect from 200.189.192.3 port 37241:11: Bye Bye [preauth]
May  6 12:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29312]: Disconnected from 200.189.192.3 port 37241 [preauth]
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29357]: pam_unix(cron:session): session closed for user root
May  6 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29352]: pam_unix(cron:session): session closed for user p13x
May  6 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29424]: Successful su for rubyman by root
May  6 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29424]: + ??? root:rubyman
May  6 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340407 of user rubyman.
May  6 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29424]: pam_unix(su:session): session closed for user rubyman
May  6 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340407.
May  6 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session closed for user root
May  6 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26629]: pam_unix(cron:session): session closed for user root
May  6 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session closed for user samftp
May  6 12:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Invalid user dima from 14.103.114.194
May  6 12:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: input_userauth_request: invalid user dima [preauth]
May  6 12:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): check pass; user unknown
May  6 12:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 12:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Failed password for invalid user dima from 14.103.114.194 port 20680 ssh2
May  6 12:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Received disconnect from 14.103.114.194 port 20680:11: Bye Bye [preauth]
May  6 12:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29646]: Disconnected from 14.103.114.194 port 20680 [preauth]
May  6 12:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session closed for user root
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user p13x
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: Successful su for rubyman by root
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: + ??? root:rubyman
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340411 of user rubyman.
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29862]: pam_unix(su:session): session closed for user rubyman
May  6 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340411.
May  6 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27099]: pam_unix(cron:session): session closed for user root
May  6 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29793]: pam_unix(cron:session): session closed for user samftp
May  6 12:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28842]: pam_unix(cron:session): session closed for user root
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30204]: pam_unix(cron:session): session closed for user p13x
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: Successful su for rubyman by root
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: + ??? root:rubyman
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340415 of user rubyman.
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session closed for user rubyman
May  6 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340415.
May  6 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27624]: pam_unix(cron:session): session closed for user root
May  6 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30205]: pam_unix(cron:session): session closed for user samftp
May  6 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session closed for user root
May  6 12:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Failed password for root from 218.92.0.179 port 32219 ssh2
May  6 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32219 ssh2]
May  6 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Received disconnect from 218.92.0.179 port 32219:11:  [preauth]
May  6 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Disconnected from 218.92.0.179 port 32219 [preauth]
May  6 12:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30594]: pam_unix(cron:session): session closed for user p13x
May  6 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: Successful su for rubyman by root
May  6 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: + ??? root:rubyman
May  6 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340419 of user rubyman.
May  6 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30663]: pam_unix(su:session): session closed for user rubyman
May  6 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340419.
May  6 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28042]: pam_unix(cron:session): session closed for user root
May  6 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30595]: pam_unix(cron:session): session closed for user samftp
May  6 12:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29795]: pam_unix(cron:session): session closed for user root
May  6 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31093]: pam_unix(cron:session): session closed for user p13x
May  6 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: Successful su for rubyman by root
May  6 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: + ??? root:rubyman
May  6 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340425 of user rubyman.
May  6 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: pam_unix(su:session): session closed for user rubyman
May  6 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340425.
May  6 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session closed for user root
May  6 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31094]: pam_unix(cron:session): session closed for user samftp
May  6 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session closed for user root
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31506]: pam_unix(cron:session): session closed for user root
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31502]: pam_unix(cron:session): session closed for user root
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session closed for user p13x
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31599]: Successful su for rubyman by root
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31599]: + ??? root:rubyman
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340430 of user rubyman.
May  6 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31599]: pam_unix(su:session): session closed for user rubyman
May  6 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340430.
May  6 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31503]: pam_unix(cron:session): session closed for user root
May  6 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28841]: pam_unix(cron:session): session closed for user root
May  6 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31501]: pam_unix(cron:session): session closed for user samftp
May  6 13:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for root from 218.92.0.210 port 4194 ssh2
May  6 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: message repeated 3 times: [ Failed password for root from 218.92.0.210 port 4194 ssh2]
May  6 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session closed for user root
May  6 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for root from 218.92.0.210 port 4194 ssh2
May  6 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 4194 ssh2 [preauth]
May  6 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Disconnecting: Too many authentication failures [preauth]
May  6 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: Failed password for root from 14.103.114.194 port 18924 ssh2
May  6 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: Received disconnect from 14.103.114.194 port 18924:11: Bye Bye [preauth]
May  6 13:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: Disconnected from 14.103.114.194 port 18924 [preauth]
May  6 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 13:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Failed password for root from 218.92.0.210 port 58876 ssh2
May  6 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: message repeated 5 times: [ Failed password for root from 218.92.0.210 port 58876 ssh2]
May  6 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 58876 ssh2 [preauth]
May  6 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: Disconnecting: Too many authentication failures [preauth]
May  6 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 13:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32217]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session closed for user p13x
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: Successful su for rubyman by root
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: + ??? root:rubyman
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340435 of user rubyman.
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32408]: pam_unix(su:session): session closed for user rubyman
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340435.
May  6 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Failed password for root from 218.92.0.210 port 19822 ssh2
May  6 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session closed for user root
May  6 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Received disconnect from 218.92.0.210 port 19822:11:  [preauth]
May  6 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32313]: Disconnected from 218.92.0.210 port 19822 [preauth]
May  6 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session closed for user samftp
May  6 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31096]: pam_unix(cron:session): session closed for user root
May  6 13:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Invalid user moth3r from 80.94.95.125
May  6 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: input_userauth_request: invalid user moth3r [preauth]
May  6 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 13:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for invalid user moth3r from 80.94.95.125 port 51614 ssh2
May  6 13:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for invalid user moth3r from 80.94.95.125 port 51614 ssh2
May  6 13:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for invalid user moth3r from 80.94.95.125 port 51614 ssh2
May  6 13:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for invalid user moth3r from 80.94.95.125 port 51614 ssh2
May  6 13:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[447]: pam_unix(cron:session): session closed for user p13x
May  6 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[538]: Successful su for rubyman by root
May  6 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[538]: + ??? root:rubyman
May  6 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340440 of user rubyman.
May  6 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[538]: pam_unix(su:session): session closed for user rubyman
May  6 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340440.
May  6 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for invalid user moth3r from 80.94.95.125 port 51614 ssh2
May  6 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Received disconnect from 80.94.95.125 port 51614:11: Bye [preauth]
May  6 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Disconnected from 80.94.95.125 port 51614 [preauth]
May  6 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29794]: pam_unix(cron:session): session closed for user root
May  6 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session closed for user samftp
May  6 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31505]: pam_unix(cron:session): session closed for user root
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[915]: pam_unix(cron:session): session closed for user p13x
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[994]: Successful su for rubyman by root
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[994]: + ??? root:rubyman
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340442 of user rubyman.
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[994]: pam_unix(su:session): session closed for user rubyman
May  6 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340442.
May  6 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30206]: pam_unix(cron:session): session closed for user root
May  6 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[916]: pam_unix(cron:session): session closed for user samftp
May  6 13:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: Connection closed by 200.189.192.3 port 54506 [preauth]
May  6 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session closed for user root
May  6 13:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session closed for user p13x
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1479]: Successful su for rubyman by root
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1479]: + ??? root:rubyman
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340446 of user rubyman.
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1479]: pam_unix(su:session): session closed for user rubyman
May  6 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340446.
May  6 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session closed for user root
May  6 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session closed for user samftp
May  6 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[451]: pam_unix(cron:session): session closed for user root
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session closed for user root
May  6 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1877]: pam_unix(cron:session): session closed for user p13x
May  6 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: Successful su for rubyman by root
May  6 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: + ??? root:rubyman
May  6 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340451 of user rubyman.
May  6 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2030]: pam_unix(su:session): session closed for user rubyman
May  6 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340451.
May  6 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session closed for user root
May  6 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session closed for user root
May  6 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1878]: pam_unix(cron:session): session closed for user samftp
May  6 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[918]: pam_unix(cron:session): session closed for user root
May  6 13:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Invalid user admin from 80.94.95.241
May  6 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: input_userauth_request: invalid user admin [preauth]
May  6 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 13:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user admin from 80.94.95.241 port 57968 ssh2
May  6 13:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user admin from 80.94.95.241 port 57968 ssh2
May  6 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user admin from 80.94.95.241 port 57968 ssh2
May  6 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user admin from 80.94.95.241 port 57968 ssh2
May  6 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for invalid user admin from 80.94.95.241 port 57968 ssh2
May  6 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Received disconnect from 80.94.95.241 port 57968:11: Bye [preauth]
May  6 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Disconnected from 80.94.95.241 port 57968 [preauth]
May  6 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Failed password for root from 218.92.0.179 port 10658 ssh2
May  6 13:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10658 ssh2]
May  6 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Received disconnect from 218.92.0.179 port 10658:11:  [preauth]
May  6 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Disconnected from 218.92.0.179 port 10658 [preauth]
May  6 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session closed for user p13x
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: Successful su for rubyman by root
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: + ??? root:rubyman
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340456 of user rubyman.
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2479]: pam_unix(su:session): session closed for user rubyman
May  6 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340456.
May  6 13:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31504]: pam_unix(cron:session): session closed for user root
May  6 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: Invalid user cache from 14.103.114.194
May  6 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: input_userauth_request: invalid user cache [preauth]
May  6 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session closed for user samftp
May  6 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: Failed password for invalid user cache from 14.103.114.194 port 64288 ssh2
May  6 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: Received disconnect from 14.103.114.194 port 64288:11: Bye Bye [preauth]
May  6 13:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: Disconnected from 14.103.114.194 port 64288 [preauth]
May  6 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1394]: pam_unix(cron:session): session closed for user root
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session closed for user p13x
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: Successful su for rubyman by root
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: + ??? root:rubyman
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340461 of user rubyman.
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2910]: pam_unix(su:session): session closed for user rubyman
May  6 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340461.
May  6 13:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session closed for user root
May  6 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session closed for user samftp
May  6 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session closed for user root
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3248]: pam_unix(cron:session): session closed for user p13x
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: Successful su for rubyman by root
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: + ??? root:rubyman
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340466 of user rubyman.
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3310]: pam_unix(su:session): session closed for user rubyman
May  6 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340466.
May  6 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[449]: pam_unix(cron:session): session closed for user root
May  6 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user samftp
May  6 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session closed for user root
May  6 13:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Failed password for root from 218.92.0.179 port 57279 ssh2
May  6 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57279 ssh2]
May  6 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Received disconnect from 218.92.0.179 port 57279:11:  [preauth]
May  6 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: Disconnected from 218.92.0.179 port 57279 [preauth]
May  6 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3655]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3704]: pam_unix(cron:session): session closed for user p13x
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: Successful su for rubyman by root
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: + ??? root:rubyman
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340468 of user rubyman.
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session closed for user rubyman
May  6 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340468.
May  6 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3702]: pam_unix(cron:session): session closed for user root
May  6 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[917]: pam_unix(cron:session): session closed for user root
May  6 13:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3705]: pam_unix(cron:session): session closed for user samftp
May  6 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session closed for user root
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4228]: pam_unix(cron:session): session closed for user root
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4223]: pam_unix(cron:session): session closed for user p13x
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: Successful su for rubyman by root
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: + ??? root:rubyman
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340476 of user rubyman.
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4444]: pam_unix(su:session): session closed for user rubyman
May  6 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340476.
May  6 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4225]: pam_unix(cron:session): session closed for user root
May  6 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session closed for user root
May  6 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4224]: pam_unix(cron:session): session closed for user samftp
May  6 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user root
May  6 13:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4815]: Failed password for root from 164.68.105.9 port 60304 ssh2
May  6 13:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4815]: Connection closed by 164.68.105.9 port 60304 [preauth]
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4827]: pam_unix(cron:session): session closed for user p13x
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: Successful su for rubyman by root
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: + ??? root:rubyman
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340481 of user rubyman.
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4901]: pam_unix(su:session): session closed for user rubyman
May  6 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340481.
May  6 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1880]: pam_unix(cron:session): session closed for user root
May  6 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4829]: pam_unix(cron:session): session closed for user samftp
May  6 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: Invalid user becky from 14.103.114.194
May  6 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: input_userauth_request: invalid user becky [preauth]
May  6 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: Failed password for invalid user becky from 14.103.114.194 port 61842 ssh2
May  6 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: Received disconnect from 14.103.114.194 port 61842:11: Bye Bye [preauth]
May  6 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5353]: Disconnected from 14.103.114.194 port 61842 [preauth]
May  6 13:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3707]: pam_unix(cron:session): session closed for user root
May  6 13:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Invalid user admin from 80.94.95.112
May  6 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: input_userauth_request: invalid user admin [preauth]
May  6 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 13:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user admin from 80.94.95.112 port 33914 ssh2
May  6 13:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user admin from 80.94.95.112 port 33914 ssh2
May  6 13:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user admin from 80.94.95.112 port 33914 ssh2
May  6 13:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user admin from 80.94.95.112 port 33914 ssh2
May  6 13:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user p13x
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: Successful su for rubyman by root
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: + ??? root:rubyman
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340483 of user rubyman.
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5518]: pam_unix(su:session): session closed for user rubyman
May  6 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340483.
May  6 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user admin from 80.94.95.112 port 33914 ssh2
May  6 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Received disconnect from 80.94.95.112 port 33914:11: Bye [preauth]
May  6 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Disconnected from 80.94.95.112 port 33914 [preauth]
May  6 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 13:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session closed for user root
May  6 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session closed for user samftp
May  6 13:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Did not receive identification string from 103.137.199.20
May  6 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4227]: pam_unix(cron:session): session closed for user root
May  6 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6002]: pam_unix(cron:session): session closed for user p13x
May  6 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6070]: Successful su for rubyman by root
May  6 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6070]: + ??? root:rubyman
May  6 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340490 of user rubyman.
May  6 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6070]: pam_unix(su:session): session closed for user rubyman
May  6 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340490.
May  6 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user root
May  6 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session closed for user samftp
May  6 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user root
May  6 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user p13x
May  6 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6479]: Successful su for rubyman by root
May  6 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6479]: + ??? root:rubyman
May  6 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340493 of user rubyman.
May  6 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6479]: pam_unix(su:session): session closed for user rubyman
May  6 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340493.
May  6 13:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3250]: pam_unix(cron:session): session closed for user root
May  6 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user samftp
May  6 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5448]: pam_unix(cron:session): session closed for user root
May  6 13:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6826]: pam_unix(cron:session): session closed for user root
May  6 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user p13x
May  6 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: Successful su for rubyman by root
May  6 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: + ??? root:rubyman
May  6 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340497 of user rubyman.
May  6 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6893]: pam_unix(su:session): session closed for user rubyman
May  6 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340497.
May  6 13:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  6 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user root
May  6 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3706]: pam_unix(cron:session): session closed for user root
May  6 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for root from 218.92.0.208 port 32926 ssh2
May  6 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user samftp
May  6 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for root from 218.92.0.208 port 32926 ssh2
May  6 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: message repeated 3 times: [ Failed password for root from 218.92.0.208 port 32926 ssh2]
May  6 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: maximum authentication attempts exceeded for root from 218.92.0.208 port 32926 ssh2 [preauth]
May  6 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Disconnecting: Too many authentication failures [preauth]
May  6 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  6 13:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  6 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Failed password for root from 50.235.31.47 port 52466 ssh2
May  6 13:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7281]: Connection closed by 50.235.31.47 port 52466 [preauth]
May  6 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6005]: pam_unix(cron:session): session closed for user root
May  6 13:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user p13x
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: Successful su for rubyman by root
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: + ??? root:rubyman
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340502 of user rubyman.
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7438]: pam_unix(su:session): session closed for user rubyman
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340502.
May  6 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Invalid user raj from 200.189.192.3
May  6 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: input_userauth_request: invalid user raj [preauth]
May  6 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4226]: pam_unix(cron:session): session closed for user root
May  6 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user samftp
May  6 13:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Failed password for invalid user raj from 200.189.192.3 port 39533 ssh2
May  6 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Invalid user k from 195.178.110.50
May  6 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: input_userauth_request: invalid user k [preauth]
May  6 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 13:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Failed password for invalid user k from 195.178.110.50 port 34146 ssh2
May  6 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Received disconnect from 200.189.192.3 port 39533:11: Bye Bye [preauth]
May  6 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Disconnected from 200.189.192.3 port 39533 [preauth]
May  6 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Connection closed by 195.178.110.50 port 34146 [preauth]
May  6 13:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Invalid user x from 195.178.110.50
May  6 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: input_userauth_request: invalid user x [preauth]
May  6 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for invalid user x from 195.178.110.50 port 42874 ssh2
May  6 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Connection closed by 195.178.110.50 port 42874 [preauth]
May  6 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Invalid user ' from 195.178.110.50
May  6 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: input_userauth_request: invalid user ' [preauth]
May  6 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session closed for user root
May  6 13:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Failed password for invalid user ' from 195.178.110.50 port 20532 ssh2
May  6 13:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7807]: Connection closed by 195.178.110.50 port 20532 [preauth]
May  6 13:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Invalid user 4 from 195.178.110.50
May  6 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: input_userauth_request: invalid user 4 [preauth]
May  6 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 13:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Failed password for invalid user 4 from 195.178.110.50 port 2438 ssh2
May  6 13:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Connection closed by 195.178.110.50 port 2438 [preauth]
May  6 13:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Invalid user A from 195.178.110.50
May  6 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: input_userauth_request: invalid user A [preauth]
May  6 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 13:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Failed password for invalid user A from 195.178.110.50 port 7628 ssh2
May  6 13:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Connection closed by 195.178.110.50 port 7628 [preauth]
May  6 13:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7912]: pam_unix(cron:session): session closed for user root
May  6 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7914]: pam_unix(cron:session): session closed for user p13x
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7984]: Successful su for rubyman by root
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7984]: + ??? root:rubyman
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340505 of user rubyman.
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7984]: pam_unix(su:session): session closed for user rubyman
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340505.
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Failed password for root from 14.103.114.194 port 59352 ssh2
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Received disconnect from 14.103.114.194 port 59352:11: Bye Bye [preauth]
May  6 13:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7900]: Disconnected from 14.103.114.194 port 59352 [preauth]
May  6 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4831]: pam_unix(cron:session): session closed for user root
May  6 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7915]: pam_unix(cron:session): session closed for user samftp
May  6 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6825]: pam_unix(cron:session): session closed for user root
May  6 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8340]: pam_unix(cron:session): session closed for user p13x
May  6 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8401]: Successful su for rubyman by root
May  6 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8401]: + ??? root:rubyman
May  6 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340513 of user rubyman.
May  6 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8401]: pam_unix(su:session): session closed for user rubyman
May  6 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340513.
May  6 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5447]: pam_unix(cron:session): session closed for user root
May  6 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8341]: pam_unix(cron:session): session closed for user samftp
May  6 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session closed for user root
May  6 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8766]: pam_unix(cron:session): session closed for user p13x
May  6 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8825]: Successful su for rubyman by root
May  6 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8825]: + ??? root:rubyman
May  6 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8825]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340516 of user rubyman.
May  6 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8825]: pam_unix(su:session): session closed for user rubyman
May  6 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340516.
May  6 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session closed for user root
May  6 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8767]: pam_unix(cron:session): session closed for user samftp
May  6 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7917]: pam_unix(cron:session): session closed for user root
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9298]: pam_unix(cron:session): session closed for user root
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session closed for user p13x
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9368]: Successful su for rubyman by root
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9368]: + ??? root:rubyman
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340518 of user rubyman.
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9368]: pam_unix(su:session): session closed for user rubyman
May  6 13:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340518.
May  6 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user root
May  6 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session closed for user root
May  6 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session closed for user samftp
May  6 13:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8344]: pam_unix(cron:session): session closed for user root
May  6 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9726]: pam_unix(cron:session): session closed for user p13x
May  6 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: Successful su for rubyman by root
May  6 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: + ??? root:rubyman
May  6 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340524 of user rubyman.
May  6 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9799]: pam_unix(su:session): session closed for user rubyman
May  6 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340524.
May  6 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session closed for user root
May  6 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9728]: pam_unix(cron:session): session closed for user samftp
May  6 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8769]: pam_unix(cron:session): session closed for user root
May  6 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user p13x
May  6 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: Successful su for rubyman by root
May  6 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: + ??? root:rubyman
May  6 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340528 of user rubyman.
May  6 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: pam_unix(su:session): session closed for user rubyman
May  6 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340528.
May  6 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session closed for user root
May  6 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user samftp
May  6 13:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Invalid user avatar from 14.103.114.194
May  6 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: input_userauth_request: invalid user avatar [preauth]
May  6 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Failed password for invalid user avatar from 14.103.114.194 port 37374 ssh2
May  6 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Received disconnect from 14.103.114.194 port 37374:11: Bye Bye [preauth]
May  6 13:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10517]: Disconnected from 14.103.114.194 port 37374 [preauth]
May  6 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9282]: pam_unix(cron:session): session closed for user root
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session closed for user p13x
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10761]: Successful su for rubyman by root
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10761]: + ??? root:rubyman
May  6 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340533 of user rubyman.
May  6 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10761]: pam_unix(su:session): session closed for user rubyman
May  6 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340533.
May  6 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7916]: pam_unix(cron:session): session closed for user root
May  6 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session closed for user samftp
May  6 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9730]: pam_unix(cron:session): session closed for user root
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session closed for user p13x
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11156]: Successful su for rubyman by root
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11156]: + ??? root:rubyman
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340537 of user rubyman.
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11156]: pam_unix(su:session): session closed for user rubyman
May  6 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340537.
May  6 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8342]: pam_unix(cron:session): session closed for user root
May  6 13:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11095]: pam_unix(cron:session): session closed for user samftp
May  6 13:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user root
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11485]: pam_unix(cron:session): session closed for user root
May  6 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11480]: pam_unix(cron:session): session closed for user p13x
May  6 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11560]: Successful su for rubyman by root
May  6 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11560]: + ??? root:rubyman
May  6 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340543 of user rubyman.
May  6 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11560]: pam_unix(su:session): session closed for user rubyman
May  6 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340543.
May  6 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11482]: pam_unix(cron:session): session closed for user root
May  6 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8768]: pam_unix(cron:session): session closed for user root
May  6 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11481]: pam_unix(cron:session): session closed for user samftp
May  6 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session closed for user root
May  6 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11908]: pam_unix(cron:session): session closed for user p13x
May  6 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11974]: Successful su for rubyman by root
May  6 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11974]: + ??? root:rubyman
May  6 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340546 of user rubyman.
May  6 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11974]: pam_unix(su:session): session closed for user rubyman
May  6 13:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340546.
May  6 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9280]: pam_unix(cron:session): session closed for user root
May  6 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11909]: pam_unix(cron:session): session closed for user samftp
May  6 13:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Failed password for root from 218.92.0.179 port 18814 ssh2
May  6 13:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Failed password for root from 218.92.0.179 port 18814 ssh2
May  6 13:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3  user=root
May  6 13:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Failed password for root from 218.92.0.179 port 18814 ssh2
May  6 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Received disconnect from 218.92.0.179 port 18814:11:  [preauth]
May  6 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: Disconnected from 218.92.0.179 port 18814 [preauth]
May  6 13:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12163]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Failed password for root from 200.189.192.3 port 54884 ssh2
May  6 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Received disconnect from 200.189.192.3 port 54884:11: Bye Bye [preauth]
May  6 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Disconnected from 200.189.192.3 port 54884 [preauth]
May  6 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session closed for user root
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12313]: pam_unix(cron:session): session closed for user p13x
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: Successful su for rubyman by root
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: + ??? root:rubyman
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340550 of user rubyman.
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12380]: pam_unix(su:session): session closed for user rubyman
May  6 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340550.
May  6 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9729]: pam_unix(cron:session): session closed for user root
May  6 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12314]: pam_unix(cron:session): session closed for user samftp
May  6 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11484]: pam_unix(cron:session): session closed for user root
May  6 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Invalid user emo from 14.103.114.194
May  6 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: input_userauth_request: invalid user emo [preauth]
May  6 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Failed password for invalid user emo from 14.103.114.194 port 45850 ssh2
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Received disconnect from 14.103.114.194 port 45850:11: Bye Bye [preauth]
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12679]: Disconnected from 14.103.114.194 port 45850 [preauth]
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: Invalid user frappe from 186.96.145.241
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: input_userauth_request: invalid user frappe [preauth]
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: Failed password for invalid user frappe from 186.96.145.241 port 53536 ssh2
May  6 13:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12690]: Connection closed by 186.96.145.241 port 53536 [preauth]
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session closed for user p13x
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: Successful su for rubyman by root
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: + ??? root:rubyman
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340555 of user rubyman.
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12771]: pam_unix(su:session): session closed for user rubyman
May  6 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340555.
May  6 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session closed for user root
May  6 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session closed for user samftp
May  6 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11911]: pam_unix(cron:session): session closed for user root
May  6 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13101]: pam_unix(cron:session): session closed for user p13x
May  6 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: Successful su for rubyman by root
May  6 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: + ??? root:rubyman
May  6 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340559 of user rubyman.
May  6 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13160]: pam_unix(su:session): session closed for user rubyman
May  6 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340559.
May  6 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session closed for user root
May  6 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session closed for user samftp
May  6 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12316]: pam_unix(cron:session): session closed for user root
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13598]: pam_unix(cron:session): session closed for user root
May  6 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session closed for user p13x
May  6 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13664]: Successful su for rubyman by root
May  6 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13664]: + ??? root:rubyman
May  6 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340564 of user rubyman.
May  6 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13664]: pam_unix(su:session): session closed for user rubyman
May  6 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340564.
May  6 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13594]: pam_unix(cron:session): session closed for user root
May  6 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session closed for user root
May  6 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13593]: pam_unix(cron:session): session closed for user samftp
May  6 13:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 13:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Failed password for root from 218.92.0.215 port 50254 ssh2
May  6 13:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: message repeated 4 times: [ Failed password for root from 218.92.0.215 port 50254 ssh2]
May  6 13:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 50254 ssh2 [preauth]
May  6 13:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: Disconnecting: Too many authentication failures [preauth]
May  6 13:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 13:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13910]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12715]: pam_unix(cron:session): session closed for user root
May  6 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: Failed password for root from 218.92.0.215 port 36296 ssh2
May  6 13:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: message repeated 5 times: [ Failed password for root from 218.92.0.215 port 36296 ssh2]
May  6 13:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 36296 ssh2 [preauth]
May  6 13:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: Disconnecting: Too many authentication failures [preauth]
May  6 13:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 13:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13965]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 13:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  6 13:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Failed password for root from 218.92.0.215 port 55384 ssh2
May  6 13:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Received disconnect from 218.92.0.215 port 55384:11:  [preauth]
May  6 13:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Disconnected from 218.92.0.215 port 55384 [preauth]
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session closed for user p13x
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14104]: Successful su for rubyman by root
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14104]: + ??? root:rubyman
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340568 of user rubyman.
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14104]: pam_unix(su:session): session closed for user rubyman
May  6 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340568.
May  6 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11483]: pam_unix(cron:session): session closed for user root
May  6 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session closed for user samftp
May  6 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session closed for user root
May  6 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14442]: pam_unix(cron:session): session closed for user p13x
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14507]: Successful su for rubyman by root
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14507]: + ??? root:rubyman
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340573 of user rubyman.
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14507]: pam_unix(su:session): session closed for user rubyman
May  6 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340573.
May  6 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11910]: pam_unix(cron:session): session closed for user root
May  6 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session closed for user samftp
May  6 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13597]: pam_unix(cron:session): session closed for user root
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session closed for user p13x
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: Successful su for rubyman by root
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: + ??? root:rubyman
May  6 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340576 of user rubyman.
May  6 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: pam_unix(su:session): session closed for user rubyman
May  6 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340576.
May  6 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12315]: pam_unix(cron:session): session closed for user root
May  6 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14847]: pam_unix(cron:session): session closed for user samftp
May  6 13:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Invalid user rana from 14.103.114.194
May  6 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: input_userauth_request: invalid user rana [preauth]
May  6 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Failed password for invalid user rana from 14.103.114.194 port 58954 ssh2
May  6 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Received disconnect from 14.103.114.194 port 58954:11: Bye Bye [preauth]
May  6 13:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15129]: Disconnected from 14.103.114.194 port 58954 [preauth]
May  6 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14039]: pam_unix(cron:session): session closed for user root
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15243]: pam_unix(cron:session): session closed for user p13x
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15303]: Successful su for rubyman by root
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15303]: + ??? root:rubyman
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340581 of user rubyman.
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15303]: pam_unix(su:session): session closed for user rubyman
May  6 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340581.
May  6 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12714]: pam_unix(cron:session): session closed for user root
May  6 13:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15244]: pam_unix(cron:session): session closed for user samftp
May  6 13:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14445]: pam_unix(cron:session): session closed for user root
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15635]: pam_unix(cron:session): session closed for user root
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15630]: pam_unix(cron:session): session closed for user p13x
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15703]: Successful su for rubyman by root
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15703]: + ??? root:rubyman
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340584 of user rubyman.
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15703]: pam_unix(su:session): session closed for user rubyman
May  6 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340584.
May  6 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15632]: pam_unix(cron:session): session closed for user root
May  6 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session closed for user root
May  6 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15631]: pam_unix(cron:session): session closed for user samftp
May  6 13:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15913]: Did not receive identification string from 80.94.95.117
May  6 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session closed for user root
May  6 13:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 218.92.0.179 port 62732 ssh2
May  6 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62732 ssh2]
May  6 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Received disconnect from 218.92.0.179 port 62732:11:  [preauth]
May  6 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Disconnected from 218.92.0.179 port 62732 [preauth]
May  6 13:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session closed for user p13x
May  6 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: Successful su for rubyman by root
May  6 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: + ??? root:rubyman
May  6 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340592 of user rubyman.
May  6 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: pam_unix(su:session): session closed for user rubyman
May  6 13:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340592.
May  6 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13595]: pam_unix(cron:session): session closed for user root
May  6 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session closed for user samftp
May  6 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15246]: pam_unix(cron:session): session closed for user root
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16460]: pam_unix(cron:session): session closed for user p13x
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: Successful su for rubyman by root
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: + ??? root:rubyman
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340595 of user rubyman.
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: pam_unix(su:session): session closed for user rubyman
May  6 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340595.
May  6 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14038]: pam_unix(cron:session): session closed for user root
May  6 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16461]: pam_unix(cron:session): session closed for user samftp
May  6 13:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Invalid user acitoolkit from 80.94.95.29
May  6 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: input_userauth_request: invalid user acitoolkit [preauth]
May  6 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 13:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Failed password for invalid user acitoolkit from 80.94.95.29 port 56046 ssh2
May  6 13:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Failed password for invalid user acitoolkit from 80.94.95.29 port 56046 ssh2
May  6 13:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15634]: pam_unix(cron:session): session closed for user root
May  6 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Failed password for invalid user acitoolkit from 80.94.95.29 port 56046 ssh2
May  6 13:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Failed password for invalid user acitoolkit from 80.94.95.29 port 56046 ssh2
May  6 13:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Failed password for invalid user acitoolkit from 80.94.95.29 port 56046 ssh2
May  6 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Received disconnect from 80.94.95.29 port 56046:11: Bye [preauth]
May  6 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: Disconnected from 80.94.95.29 port 56046 [preauth]
May  6 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 13:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16814]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session closed for user p13x
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16998]: Successful su for rubyman by root
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16998]: + ??? root:rubyman
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340598 of user rubyman.
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16998]: pam_unix(su:session): session closed for user rubyman
May  6 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340598.
May  6 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14444]: pam_unix(cron:session): session closed for user root
May  6 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session closed for user samftp
May  6 13:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Invalid user demo from 200.189.192.3
May  6 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: input_userauth_request: invalid user demo [preauth]
May  6 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 13:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Failed password for invalid user demo from 200.189.192.3 port 34937 ssh2
May  6 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Received disconnect from 200.189.192.3 port 34937:11: Bye Bye [preauth]
May  6 13:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Disconnected from 200.189.192.3 port 34937 [preauth]
May  6 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session closed for user root
May  6 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Invalid user oussama from 14.103.114.194
May  6 13:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: input_userauth_request: invalid user oussama [preauth]
May  6 13:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Failed password for invalid user oussama from 14.103.114.194 port 39848 ssh2
May  6 13:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Received disconnect from 14.103.114.194 port 39848:11: Bye Bye [preauth]
May  6 13:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Disconnected from 14.103.114.194 port 39848 [preauth]
May  6 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17345]: pam_unix(cron:session): session closed for user p13x
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17468]: Successful su for rubyman by root
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17468]: + ??? root:rubyman
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340603 of user rubyman.
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17468]: pam_unix(su:session): session closed for user rubyman
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340603.
May  6 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17343]: pam_unix(cron:session): session closed for user root
May  6 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14848]: pam_unix(cron:session): session closed for user root
May  6 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17346]: pam_unix(cron:session): session closed for user samftp
May  6 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16467]: pam_unix(cron:session): session closed for user root
May  6 13:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  6 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Failed password for root from 194.0.234.19 port 53842 ssh2
May  6 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17939]: Connection closed by 194.0.234.19 port 53842 [preauth]
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session closed for user root
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17960]: pam_unix(cron:session): session closed for user p13x
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18039]: Successful su for rubyman by root
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18039]: + ??? root:rubyman
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340610 of user rubyman.
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18039]: pam_unix(su:session): session closed for user rubyman
May  6 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340610.
May  6 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17962]: pam_unix(cron:session): session closed for user root
May  6 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15245]: pam_unix(cron:session): session closed for user root
May  6 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17961]: pam_unix(cron:session): session closed for user samftp
May  6 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16931]: pam_unix(cron:session): session closed for user root
May  6 13:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Invalid user nexus from 80.94.95.125
May  6 13:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: input_userauth_request: invalid user nexus [preauth]
May  6 13:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 13:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Failed password for invalid user nexus from 80.94.95.125 port 36201 ssh2
May  6 13:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Failed password for invalid user nexus from 80.94.95.125 port 36201 ssh2
May  6 13:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Failed password for invalid user nexus from 80.94.95.125 port 36201 ssh2
May  6 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Failed password for invalid user nexus from 80.94.95.125 port 36201 ssh2
May  6 13:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Failed password for invalid user nexus from 80.94.95.125 port 36201 ssh2
May  6 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Received disconnect from 80.94.95.125 port 36201:11: Bye [preauth]
May  6 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: Disconnected from 80.94.95.125 port 36201 [preauth]
May  6 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 13:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18354]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18413]: pam_unix(cron:session): session closed for user p13x
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: Successful su for rubyman by root
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: + ??? root:rubyman
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340613 of user rubyman.
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: pam_unix(su:session): session closed for user rubyman
May  6 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340613.
May  6 13:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15633]: pam_unix(cron:session): session closed for user root
May  6 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18415]: pam_unix(cron:session): session closed for user samftp
May  6 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session closed for user root
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18826]: pam_unix(cron:session): session closed for user p13x
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: Successful su for rubyman by root
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: + ??? root:rubyman
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340618 of user rubyman.
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18887]: pam_unix(su:session): session closed for user rubyman
May  6 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340618.
May  6 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session closed for user root
May  6 13:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18827]: pam_unix(cron:session): session closed for user samftp
May  6 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session closed for user root
May  6 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19229]: pam_unix(cron:session): session closed for user p13x
May  6 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: Successful su for rubyman by root
May  6 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: + ??? root:rubyman
May  6 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340621 of user rubyman.
May  6 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19301]: pam_unix(su:session): session closed for user rubyman
May  6 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340621.
May  6 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16466]: pam_unix(cron:session): session closed for user root
May  6 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19230]: pam_unix(cron:session): session closed for user samftp
May  6 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 13:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 80.94.95.29 port 63038 ssh2
May  6 13:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 80.94.95.29 port 63038 ssh2
May  6 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18417]: pam_unix(cron:session): session closed for user root
May  6 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 80.94.95.29 port 63038 ssh2
May  6 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: message repeated 2 times: [ Failed password for root from 80.94.95.29 port 63038 ssh2]
May  6 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Received disconnect from 80.94.95.29 port 63038:11: Bye [preauth]
May  6 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Disconnected from 80.94.95.29 port 63038 [preauth]
May  6 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194  user=root
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19650]: pam_unix(cron:session): session closed for user p13x
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: Failed password for root from 14.103.114.194 port 33972 ssh2
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: Successful su for rubyman by root
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: + ??? root:rubyman
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340627 of user rubyman.
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: pam_unix(su:session): session closed for user rubyman
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340627.
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: Received disconnect from 14.103.114.194 port 33972:11: Bye Bye [preauth]
May  6 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: Disconnected from 14.103.114.194 port 33972 [preauth]
May  6 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16930]: pam_unix(cron:session): session closed for user root
May  6 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19651]: pam_unix(cron:session): session closed for user samftp
May  6 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Invalid user admin from 80.94.95.241
May  6 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: input_userauth_request: invalid user admin [preauth]
May  6 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 13:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for invalid user admin from 80.94.95.241 port 47426 ssh2
May  6 13:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for invalid user admin from 80.94.95.241 port 47426 ssh2
May  6 13:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for invalid user admin from 80.94.95.241 port 47426 ssh2
May  6 13:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for invalid user admin from 80.94.95.241 port 47426 ssh2
May  6 13:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for invalid user admin from 80.94.95.241 port 47426 ssh2
May  6 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Received disconnect from 80.94.95.241 port 47426:11: Bye [preauth]
May  6 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Disconnected from 80.94.95.241 port 47426 [preauth]
May  6 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 13:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18829]: pam_unix(cron:session): session closed for user root
May  6 13:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 218.92.0.201 port 10822 ssh2
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session closed for user root
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session closed for user p13x
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: Successful su for rubyman by root
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: + ??? root:rubyman
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340632 of user rubyman.
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20133]: pam_unix(su:session): session closed for user rubyman
May  6 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340632.
May  6 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 218.92.0.201 port 10822 ssh2
May  6 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session closed for user root
May  6 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session closed for user root
May  6 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session closed for user samftp
May  6 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Failed password for root from 218.92.0.201 port 10822 ssh2
May  6 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 10822 ssh2]
May  6 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 10822 ssh2 [preauth]
May  6 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: Disconnecting: Too many authentication failures [preauth]
May  6 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 13:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20056]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 13:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 218.92.0.201 port 38522 ssh2
May  6 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 38522 ssh2]
May  6 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19233]: pam_unix(cron:session): session closed for user root
May  6 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 218.92.0.201 port 38522 ssh2
May  6 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 38522 ssh2 [preauth]
May  6 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Disconnecting: Too many authentication failures [preauth]
May  6 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 13:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 13:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Failed password for root from 218.92.0.201 port 49460 ssh2
May  6 13:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Received disconnect from 218.92.0.201 port 49460:11:  [preauth]
May  6 13:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20438]: Disconnected from 218.92.0.201 port 49460 [preauth]
May  6 13:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20492]: Did not receive identification string from 196.251.114.29
May  6 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20495]: pam_unix(cron:session): session closed for user p13x
May  6 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20568]: Successful su for rubyman by root
May  6 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20568]: + ??? root:rubyman
May  6 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340635 of user rubyman.
May  6 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20568]: pam_unix(su:session): session closed for user rubyman
May  6 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340635.
May  6 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17963]: pam_unix(cron:session): session closed for user root
May  6 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20496]: pam_unix(cron:session): session closed for user samftp
May  6 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19653]: pam_unix(cron:session): session closed for user root
May  6 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Invalid user admin from 80.94.95.112
May  6 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: input_userauth_request: invalid user admin [preauth]
May  6 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user admin from 80.94.95.112 port 57953 ssh2
May  6 13:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session closed for user p13x
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user admin from 80.94.95.112 port 57953 ssh2
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: Successful su for rubyman by root
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: + ??? root:rubyman
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340640 of user rubyman.
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20981]: pam_unix(su:session): session closed for user rubyman
May  6 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340640.
May  6 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user admin from 80.94.95.112 port 57953 ssh2
May  6 13:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18416]: pam_unix(cron:session): session closed for user root
May  6 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user admin from 80.94.95.112 port 57953 ssh2
May  6 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20922]: pam_unix(cron:session): session closed for user samftp
May  6 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Failed password for invalid user admin from 80.94.95.112 port 57953 ssh2
May  6 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Received disconnect from 80.94.95.112 port 57953:11: Bye [preauth]
May  6 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: Disconnected from 80.94.95.112 port 57953 [preauth]
May  6 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 13:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20911]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session closed for user root
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session closed for user p13x
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21414]: Successful su for rubyman by root
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21414]: + ??? root:rubyman
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340643 of user rubyman.
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21414]: pam_unix(su:session): session closed for user rubyman
May  6 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340643.
May  6 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18828]: pam_unix(cron:session): session closed for user root
May  6 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Failed password for root from 218.92.0.179 port 19834 ssh2
May  6 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21356]: pam_unix(cron:session): session closed for user samftp
May  6 13:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Failed password for root from 218.92.0.179 port 19834 ssh2
May  6 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Failed password for root from 218.92.0.179 port 19834 ssh2
May  6 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Received disconnect from 218.92.0.179 port 19834:11:  [preauth]
May  6 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: Disconnected from 218.92.0.179 port 19834 [preauth]
May  6 13:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21455]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user root
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session closed for user p13x
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: Successful su for rubyman by root
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: + ??? root:rubyman
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340648 of user rubyman.
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22133]: pam_unix(su:session): session closed for user rubyman
May  6 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340648.
May  6 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19232]: pam_unix(cron:session): session closed for user root
May  6 13:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session closed for user samftp
May  6 13:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Failed password for root from 218.92.0.179 port 28357 ssh2
May  6 13:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 28357 ssh2]
May  6 13:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Received disconnect from 218.92.0.179 port 28357:11:  [preauth]
May  6 13:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: Disconnected from 218.92.0.179 port 28357 [preauth]
May  6 13:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22387]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Invalid user osboxes from 14.103.114.194
May  6 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: input_userauth_request: invalid user osboxes [preauth]
May  6 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.194
May  6 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Failed password for invalid user osboxes from 14.103.114.194 port 45306 ssh2
May  6 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Received disconnect from 14.103.114.194 port 45306:11: Bye Bye [preauth]
May  6 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22399]: Disconnected from 14.103.114.194 port 45306 [preauth]
May  6 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20926]: pam_unix(cron:session): session closed for user root
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session closed for user root
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session closed for user p13x
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22616]: Successful su for rubyman by root
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22616]: + ??? root:rubyman
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340655 of user rubyman.
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22616]: pam_unix(su:session): session closed for user rubyman
May  6 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340655.
May  6 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session closed for user root
May  6 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19652]: pam_unix(cron:session): session closed for user root
May  6 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22541]: pam_unix(cron:session): session closed for user samftp
May  6 13:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21359]: pam_unix(cron:session): session closed for user root
May  6 13:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22925]: Connection reset by 200.189.192.3 port 46314 [preauth]
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23043]: pam_unix(cron:session): session closed for user p13x
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23109]: Successful su for rubyman by root
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23109]: + ??? root:rubyman
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340658 of user rubyman.
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23109]: pam_unix(su:session): session closed for user rubyman
May  6 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340658.
May  6 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20068]: pam_unix(cron:session): session closed for user root
May  6 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23044]: pam_unix(cron:session): session closed for user samftp
May  6 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session closed for user root
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23547]: pam_unix(cron:session): session closed for user p13x
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: Successful su for rubyman by root
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: + ??? root:rubyman
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340662 of user rubyman.
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23614]: pam_unix(su:session): session closed for user rubyman
May  6 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340662.
May  6 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20497]: pam_unix(cron:session): session closed for user root
May  6 13:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23548]: pam_unix(cron:session): session closed for user samftp
May  6 13:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session closed for user root
May  6 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24057]: Did not receive identification string from 193.200.78.72
May  6 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24067]: pam_unix(cron:session): session closed for user p13x
May  6 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: Successful su for rubyman by root
May  6 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: + ??? root:rubyman
May  6 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340665 of user rubyman.
May  6 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24132]: pam_unix(su:session): session closed for user rubyman
May  6 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340665.
May  6 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20924]: pam_unix(cron:session): session closed for user root
May  6 13:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24068]: pam_unix(cron:session): session closed for user samftp
May  6 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23046]: pam_unix(cron:session): session closed for user root
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session closed for user p13x
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24574]: Successful su for rubyman by root
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24574]: + ??? root:rubyman
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340669 of user rubyman.
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24574]: pam_unix(su:session): session closed for user rubyman
May  6 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340669.
May  6 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21358]: pam_unix(cron:session): session closed for user root
May  6 13:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session closed for user samftp
May  6 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23550]: pam_unix(cron:session): session closed for user root
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session closed for user root
May  6 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24920]: pam_unix(cron:session): session closed for user p13x
May  6 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24995]: Successful su for rubyman by root
May  6 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24995]: + ??? root:rubyman
May  6 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340674 of user rubyman.
May  6 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24995]: pam_unix(su:session): session closed for user rubyman
May  6 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340674.
May  6 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session closed for user root
May  6 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24923]: pam_unix(cron:session): session closed for user root
May  6 13:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24921]: pam_unix(cron:session): session closed for user samftp
May  6 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24070]: pam_unix(cron:session): session closed for user root
May  6 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25368]: pam_unix(cron:session): session closed for user p13x
May  6 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: Successful su for rubyman by root
May  6 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: + ??? root:rubyman
May  6 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340680 of user rubyman.
May  6 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25434]: pam_unix(su:session): session closed for user rubyman
May  6 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340680.
May  6 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session closed for user root
May  6 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25369]: pam_unix(cron:session): session closed for user samftp
May  6 13:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Failed password for root from 218.92.0.179 port 44451 ssh2
May  6 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 44451 ssh2]
May  6 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Received disconnect from 218.92.0.179 port 44451:11:  [preauth]
May  6 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: Disconnected from 218.92.0.179 port 44451 [preauth]
May  6 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25693]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session closed for user root
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25842]: pam_unix(cron:session): session closed for user p13x
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25921]: Successful su for rubyman by root
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25921]: + ??? root:rubyman
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340684 of user rubyman.
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25921]: pam_unix(su:session): session closed for user rubyman
May  6 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340684.
May  6 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23045]: pam_unix(cron:session): session closed for user root
May  6 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25852]: pam_unix(cron:session): session closed for user samftp
May  6 13:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user root
May  6 13:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Invalid user abc from 23.94.179.104
May  6 13:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: input_userauth_request: invalid user abc [preauth]
May  6 13:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  6 13:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Failed password for invalid user abc from 23.94.179.104 port 57876 ssh2
May  6 13:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26157]: Connection closed by 23.94.179.104 port 57876 [preauth]
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26272]: pam_unix(cron:session): session closed for user p13x
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: Successful su for rubyman by root
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: + ??? root:rubyman
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340688 of user rubyman.
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26334]: pam_unix(su:session): session closed for user rubyman
May  6 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340688.
May  6 13:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23549]: pam_unix(cron:session): session closed for user root
May  6 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26273]: pam_unix(cron:session): session closed for user samftp
May  6 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25371]: pam_unix(cron:session): session closed for user root
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26747]: pam_unix(cron:session): session closed for user p13x
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: Successful su for rubyman by root
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: + ??? root:rubyman
May  6 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340691 of user rubyman.
May  6 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: pam_unix(su:session): session closed for user rubyman
May  6 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340691.
May  6 13:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24069]: pam_unix(cron:session): session closed for user root
May  6 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session closed for user samftp
May  6 13:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 13:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Invalid user python from 164.68.105.9
May  6 13:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: input_userauth_request: invalid user python [preauth]
May  6 13:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: pam_unix(sshd:auth): check pass; user unknown
May  6 13:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25854]: pam_unix(cron:session): session closed for user root
May  6 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Failed password for invalid user python from 164.68.105.9 port 57664 ssh2
May  6 13:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27138]: Connection closed by 164.68.105.9 port 57664 [preauth]
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27229]: pam_unix(cron:session): session closed for user root
May  6 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session closed for user p13x
May  6 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: Successful su for rubyman by root
May  6 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: + ??? root:rubyman
May  6 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340698 of user rubyman.
May  6 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: pam_unix(su:session): session closed for user rubyman
May  6 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340698.
May  6 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session closed for user root
May  6 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24498]: pam_unix(cron:session): session closed for user root
May  6 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session closed for user samftp
May  6 14:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26275]: pam_unix(cron:session): session closed for user root
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27793]: pam_unix(cron:session): session closed for user p13x
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27866]: Successful su for rubyman by root
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27866]: + ??? root:rubyman
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340703 of user rubyman.
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27866]: pam_unix(su:session): session closed for user rubyman
May  6 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340703.
May  6 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24924]: pam_unix(cron:session): session closed for user root
May  6 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27794]: pam_unix(cron:session): session closed for user samftp
May  6 14:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session closed for user root
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28211]: pam_unix(cron:session): session closed for user p13x
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28275]: Successful su for rubyman by root
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28275]: + ??? root:rubyman
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340706 of user rubyman.
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28275]: pam_unix(su:session): session closed for user rubyman
May  6 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340706.
May  6 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25370]: pam_unix(cron:session): session closed for user root
May  6 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28212]: pam_unix(cron:session): session closed for user samftp
May  6 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user root
May  6 14:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Failed password for root from 218.92.0.179 port 33120 ssh2
May  6 14:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 33120 ssh2]
May  6 14:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Received disconnect from 218.92.0.179 port 33120:11:  [preauth]
May  6 14:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: Disconnected from 218.92.0.179 port 33120 [preauth]
May  6 14:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28596]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28616]: pam_unix(cron:session): session closed for user p13x
May  6 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28677]: Successful su for rubyman by root
May  6 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28677]: + ??? root:rubyman
May  6 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340710 of user rubyman.
May  6 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28677]: pam_unix(su:session): session closed for user rubyman
May  6 14:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340710.
May  6 14:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25853]: pam_unix(cron:session): session closed for user root
May  6 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  6 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for root from 190.103.202.7 port 36486 ssh2
May  6 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28617]: pam_unix(cron:session): session closed for user samftp
May  6 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Connection closed by 190.103.202.7 port 36486 [preauth]
May  6 14:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27796]: pam_unix(cron:session): session closed for user root
May  6 14:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Invalid user N from 195.178.110.50
May  6 14:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: input_userauth_request: invalid user N [preauth]
May  6 14:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Failed password for invalid user N from 195.178.110.50 port 51642 ssh2
May  6 14:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28970]: Connection closed by 195.178.110.50 port 51642 [preauth]
May  6 14:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29082]: pam_unix(cron:session): session closed for user p13x
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29180]: Successful su for rubyman by root
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29180]: + ??? root:rubyman
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340714 of user rubyman.
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29180]: pam_unix(su:session): session closed for user rubyman
May  6 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340714.
May  6 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26274]: pam_unix(cron:session): session closed for user root
May  6 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3  user=root
May  6 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29108]: pam_unix(cron:session): session closed for user samftp
May  6 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Failed password for root from 200.189.192.3 port 39985 ssh2
May  6 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Received disconnect from 200.189.192.3 port 39985:11: Bye Bye [preauth]
May  6 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29010]: Disconnected from 200.189.192.3 port 39985 [preauth]
May  6 14:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Invalid user [ from 195.178.110.50
May  6 14:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: input_userauth_request: invalid user [ [preauth]
May  6 14:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Failed password for invalid user [ from 195.178.110.50 port 64916 ssh2
May  6 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29075]: Connection closed by 195.178.110.50 port 64916 [preauth]
May  6 14:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Invalid user h from 195.178.110.50
May  6 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: input_userauth_request: invalid user h [preauth]
May  6 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Failed password for invalid user h from 195.178.110.50 port 24830 ssh2
May  6 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28214]: pam_unix(cron:session): session closed for user root
May  6 14:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29406]: Connection closed by 195.178.110.50 port 24830 [preauth]
May  6 14:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Invalid user u from 195.178.110.50
May  6 14:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: input_userauth_request: invalid user u [preauth]
May  6 14:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Failed password for invalid user u from 195.178.110.50 port 10826 ssh2
May  6 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29470]: Connection closed by 195.178.110.50 port 10826 [preauth]
May  6 14:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29548]: pam_unix(cron:session): session closed for user root
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29543]: pam_unix(cron:session): session closed for user p13x
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29614]: Successful su for rubyman by root
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29614]: + ??? root:rubyman
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340718 of user rubyman.
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29614]: pam_unix(su:session): session closed for user rubyman
May  6 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340718.
May  6 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: Invalid user $ from 195.178.110.50
May  6 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: input_userauth_request: invalid user $ [preauth]
May  6 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session closed for user root
May  6 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session closed for user root
May  6 14:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: Failed password for invalid user $ from 195.178.110.50 port 56952 ssh2
May  6 14:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session closed for user samftp
May  6 14:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29518]: Connection closed by 195.178.110.50 port 56952 [preauth]
May  6 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28619]: pam_unix(cron:session): session closed for user root
May  6 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Invalid user fuser1 from 50.235.31.47
May  6 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: input_userauth_request: invalid user fuser1 [preauth]
May  6 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 14:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Failed password for invalid user fuser1 from 50.235.31.47 port 58198 ssh2
May  6 14:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Connection closed by 50.235.31.47 port 58198 [preauth]
May  6 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session closed for user p13x
May  6 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30049]: Successful su for rubyman by root
May  6 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30049]: + ??? root:rubyman
May  6 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340724 of user rubyman.
May  6 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30049]: pam_unix(su:session): session closed for user rubyman
May  6 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340724.
May  6 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user root
May  6 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session closed for user samftp
May  6 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29110]: pam_unix(cron:session): session closed for user root
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30380]: pam_unix(cron:session): session closed for user p13x
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: Successful su for rubyman by root
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: + ??? root:rubyman
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340730 of user rubyman.
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30441]: pam_unix(su:session): session closed for user rubyman
May  6 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340730.
May  6 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27795]: pam_unix(cron:session): session closed for user root
May  6 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30381]: pam_unix(cron:session): session closed for user samftp
May  6 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session closed for user root
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30770]: pam_unix(cron:session): session closed for user p13x
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30830]: Successful su for rubyman by root
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30830]: + ??? root:rubyman
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340734 of user rubyman.
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30830]: pam_unix(su:session): session closed for user rubyman
May  6 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340734.
May  6 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28213]: pam_unix(cron:session): session closed for user root
May  6 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30772]: pam_unix(cron:session): session closed for user samftp
May  6 14:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session closed for user root
May  6 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31275]: pam_unix(cron:session): session closed for user p13x
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31400]: Successful su for rubyman by root
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31400]: + ??? root:rubyman
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340736 of user rubyman.
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31400]: pam_unix(su:session): session closed for user rubyman
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340736.
May  6 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session closed for user root
May  6 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28618]: pam_unix(cron:session): session closed for user root
May  6 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31277]: pam_unix(cron:session): session closed for user samftp
May  6 14:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31629]: Failed password for root from 193.70.84.184 port 52822 ssh2
May  6 14:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31629]: Connection closed by 193.70.84.184 port 52822 [preauth]
May  6 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session closed for user root
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31802]: pam_unix(cron:session): session closed for user root
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31797]: pam_unix(cron:session): session closed for user p13x
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31870]: Successful su for rubyman by root
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31870]: + ??? root:rubyman
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340744 of user rubyman.
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31870]: pam_unix(su:session): session closed for user rubyman
May  6 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340744.
May  6 14:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31799]: pam_unix(cron:session): session closed for user root
May  6 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29109]: pam_unix(cron:session): session closed for user root
May  6 14:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31798]: pam_unix(cron:session): session closed for user samftp
May  6 14:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35  user=root
May  6 14:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Failed password for root from 161.97.155.35 port 51270 ssh2
May  6 14:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Received disconnect from 161.97.155.35 port 51270:11: Bye Bye [preauth]
May  6 14:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32425]: Disconnected from 161.97.155.35 port 51270 [preauth]
May  6 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Invalid user test from 194.0.234.19
May  6 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: input_userauth_request: invalid user test [preauth]
May  6 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 14:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Failed password for invalid user test from 194.0.234.19 port 39360 ssh2
May  6 14:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Connection closed by 194.0.234.19 port 39360 [preauth]
May  6 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30774]: pam_unix(cron:session): session closed for user root
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32548]: pam_unix(cron:session): session closed for user p13x
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: Successful su for rubyman by root
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: + ??? root:rubyman
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340747 of user rubyman.
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32688]: pam_unix(su:session): session closed for user rubyman
May  6 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340747.
May  6 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session closed for user root
May  6 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32549]: pam_unix(cron:session): session closed for user samftp
May  6 14:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31279]: pam_unix(cron:session): session closed for user root
May  6 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[685]: pam_unix(cron:session): session closed for user p13x
May  6 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: Successful su for rubyman by root
May  6 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: + ??? root:rubyman
May  6 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340752 of user rubyman.
May  6 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session closed for user rubyman
May  6 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340752.
May  6 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session closed for user root
May  6 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user samftp
May  6 14:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: Failed password for root from 218.92.0.179 port 10961 ssh2
May  6 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10961 ssh2]
May  6 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: Received disconnect from 218.92.0.179 port 10961:11:  [preauth]
May  6 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: Disconnected from 218.92.0.179 port 10961 [preauth]
May  6 14:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1011]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31801]: pam_unix(cron:session): session closed for user root
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1150]: pam_unix(cron:session): session closed for user p13x
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1230]: Successful su for rubyman by root
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1230]: + ??? root:rubyman
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340756 of user rubyman.
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1230]: pam_unix(su:session): session closed for user rubyman
May  6 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340756.
May  6 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30382]: pam_unix(cron:session): session closed for user root
May  6 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1152]: pam_unix(cron:session): session closed for user samftp
May  6 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session closed for user root
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1630]: pam_unix(cron:session): session closed for user p13x
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: Successful su for rubyman by root
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: + ??? root:rubyman
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340760 of user rubyman.
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1704]: pam_unix(su:session): session closed for user rubyman
May  6 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340760.
May  6 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30773]: pam_unix(cron:session): session closed for user root
May  6 14:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1631]: pam_unix(cron:session): session closed for user samftp
May  6 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user root
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2162]: pam_unix(cron:session): session closed for user root
May  6 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2157]: pam_unix(cron:session): session closed for user p13x
May  6 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2224]: Successful su for rubyman by root
May  6 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2224]: + ??? root:rubyman
May  6 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340764 of user rubyman.
May  6 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2224]: pam_unix(su:session): session closed for user rubyman
May  6 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340764.
May  6 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2159]: pam_unix(cron:session): session closed for user root
May  6 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31278]: pam_unix(cron:session): session closed for user root
May  6 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2158]: pam_unix(cron:session): session closed for user samftp
May  6 14:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1156]: pam_unix(cron:session): session closed for user root
May  6 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Invalid user dean from 200.189.192.3
May  6 14:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: input_userauth_request: invalid user dean [preauth]
May  6 14:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 14:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Failed password for invalid user dean from 200.189.192.3 port 40394 ssh2
May  6 14:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Received disconnect from 200.189.192.3 port 40394:11: Bye Bye [preauth]
May  6 14:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2556]: Disconnected from 200.189.192.3 port 40394 [preauth]
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2614]: pam_unix(cron:session): session closed for user p13x
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2696]: Successful su for rubyman by root
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2696]: + ??? root:rubyman
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340770 of user rubyman.
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2696]: pam_unix(su:session): session closed for user rubyman
May  6 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340770.
May  6 14:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31800]: pam_unix(cron:session): session closed for user root
May  6 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2615]: pam_unix(cron:session): session closed for user samftp
May  6 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1633]: pam_unix(cron:session): session closed for user root
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session closed for user root
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session closed for user p13x
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: Successful su for rubyman by root
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: + ??? root:rubyman
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340774 of user rubyman.
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: pam_unix(su:session): session closed for user rubyman
May  6 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340774.
May  6 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32550]: pam_unix(cron:session): session closed for user root
May  6 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user samftp
May  6 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2161]: pam_unix(cron:session): session closed for user root
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session closed for user p13x
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: Successful su for rubyman by root
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: + ??? root:rubyman
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340778 of user rubyman.
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3528]: pam_unix(su:session): session closed for user rubyman
May  6 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340778.
May  6 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[687]: pam_unix(cron:session): session closed for user root
May  6 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session closed for user samftp
May  6 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2617]: pam_unix(cron:session): session closed for user root
May  6 14:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Invalid user pritchard from 80.94.95.125
May  6 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: input_userauth_request: invalid user pritchard [preauth]
May  6 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 14:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user pritchard from 80.94.95.125 port 33683 ssh2
May  6 14:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user pritchard from 80.94.95.125 port 33683 ssh2
May  6 14:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user pritchard from 80.94.95.125 port 33683 ssh2
May  6 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user pritchard from 80.94.95.125 port 33683 ssh2
May  6 14:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for invalid user pritchard from 80.94.95.125 port 33683 ssh2
May  6 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Received disconnect from 80.94.95.125 port 33683:11: Bye [preauth]
May  6 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Disconnected from 80.94.95.125 port 33683 [preauth]
May  6 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 14:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3894]: pam_unix(cron:session): session closed for user p13x
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3990]: Successful su for rubyman by root
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3990]: + ??? root:rubyman
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340782 of user rubyman.
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3990]: pam_unix(su:session): session closed for user rubyman
May  6 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340782.
May  6 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1153]: pam_unix(cron:session): session closed for user root
May  6 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session closed for user samftp
May  6 14:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3044]: pam_unix(cron:session): session closed for user root
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4482]: pam_unix(cron:session): session closed for user root
May  6 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session closed for user p13x
May  6 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: Successful su for rubyman by root
May  6 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: + ??? root:rubyman
May  6 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340786 of user rubyman.
May  6 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4560]: pam_unix(su:session): session closed for user rubyman
May  6 14:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340786.
May  6 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1632]: pam_unix(cron:session): session closed for user root
May  6 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4477]: pam_unix(cron:session): session closed for user root
May  6 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user samftp
May  6 14:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Invalid user couchdb from 161.97.155.35
May  6 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: input_userauth_request: invalid user couchdb [preauth]
May  6 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Failed password for invalid user couchdb from 161.97.155.35 port 51562 ssh2
May  6 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Received disconnect from 161.97.155.35 port 51562:11: Bye Bye [preauth]
May  6 14:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4771]: Disconnected from 161.97.155.35 port 51562 [preauth]
May  6 14:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for root from 218.92.0.179 port 21046 ssh2
May  6 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 21046 ssh2]
May  6 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Received disconnect from 218.92.0.179 port 21046:11:  [preauth]
May  6 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Disconnected from 218.92.0.179 port 21046 [preauth]
May  6 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3465]: pam_unix(cron:session): session closed for user root
May  6 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session closed for user p13x
May  6 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5195]: Successful su for rubyman by root
May  6 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5195]: + ??? root:rubyman
May  6 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340792 of user rubyman.
May  6 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5195]: pam_unix(su:session): session closed for user rubyman
May  6 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340792.
May  6 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2160]: pam_unix(cron:session): session closed for user root
May  6 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4946]: pam_unix(cron:session): session closed for user samftp
May  6 14:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Invalid user admin from 80.94.95.112
May  6 14:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: input_userauth_request: invalid user admin [preauth]
May  6 14:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 14:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user admin from 80.94.95.112 port 32148 ssh2
May  6 14:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user admin from 80.94.95.112 port 32148 ssh2
May  6 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3898]: pam_unix(cron:session): session closed for user root
May  6 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user admin from 80.94.95.112 port 32148 ssh2
May  6 14:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user admin from 80.94.95.112 port 32148 ssh2
May  6 14:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Invalid user admin from 80.94.95.241
May  6 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: input_userauth_request: invalid user admin [preauth]
May  6 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Failed password for invalid user admin from 80.94.95.112 port 32148 ssh2
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user admin from 80.94.95.241 port 10348 ssh2
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Received disconnect from 80.94.95.112 port 32148:11: Bye [preauth]
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: Disconnected from 80.94.95.112 port 32148 [preauth]
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5463]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user admin from 80.94.95.241 port 10348 ssh2
May  6 14:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user admin from 80.94.95.241 port 10348 ssh2
May  6 14:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user admin from 80.94.95.241 port 10348 ssh2
May  6 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Failed password for invalid user admin from 80.94.95.241 port 10348 ssh2
May  6 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Received disconnect from 80.94.95.241 port 10348:11: Bye [preauth]
May  6 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: Disconnected from 80.94.95.241 port 10348 [preauth]
May  6 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5507]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user p13x
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5671]: Successful su for rubyman by root
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5671]: + ??? root:rubyman
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340798 of user rubyman.
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5671]: pam_unix(su:session): session closed for user rubyman
May  6 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340798.
May  6 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2616]: pam_unix(cron:session): session closed for user root
May  6 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user samftp
May  6 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4479]: pam_unix(cron:session): session closed for user root
May  6 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session closed for user p13x
May  6 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: Successful su for rubyman by root
May  6 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: + ??? root:rubyman
May  6 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340801 of user rubyman.
May  6 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6184]: pam_unix(su:session): session closed for user rubyman
May  6 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340801.
May  6 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3043]: pam_unix(cron:session): session closed for user root
May  6 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session closed for user samftp
May  6 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session closed for user root
May  6 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6518]: pam_unix(cron:session): session closed for user p13x
May  6 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: Successful su for rubyman by root
May  6 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: + ??? root:rubyman
May  6 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340805 of user rubyman.
May  6 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6576]: pam_unix(su:session): session closed for user rubyman
May  6 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340805.
May  6 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3463]: pam_unix(cron:session): session closed for user root
May  6 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6519]: pam_unix(cron:session): session closed for user samftp
May  6 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Failed password for root from 218.92.0.179 port 35015 ssh2
May  6 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35015 ssh2]
May  6 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Received disconnect from 218.92.0.179 port 35015:11:  [preauth]
May  6 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: Disconnected from 218.92.0.179 port 35015 [preauth]
May  6 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6792]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5599]: pam_unix(cron:session): session closed for user root
May  6 14:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Invalid user sharepoint from 161.97.155.35
May  6 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: input_userauth_request: invalid user sharepoint [preauth]
May  6 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Failed password for invalid user sharepoint from 161.97.155.35 port 51748 ssh2
May  6 14:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Received disconnect from 161.97.155.35 port 51748:11: Bye Bye [preauth]
May  6 14:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Disconnected from 161.97.155.35 port 51748 [preauth]
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7024]: pam_unix(cron:session): session closed for user root
May  6 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session closed for user p13x
May  6 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: Successful su for rubyman by root
May  6 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: + ??? root:rubyman
May  6 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340808 of user rubyman.
May  6 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: pam_unix(su:session): session closed for user rubyman
May  6 14:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340808.
May  6 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
May  6 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3896]: pam_unix(cron:session): session closed for user root
May  6 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session closed for user samftp
May  6 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6124]: pam_unix(cron:session): session closed for user root
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session closed for user p13x
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7636]: Successful su for rubyman by root
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7636]: + ??? root:rubyman
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340814 of user rubyman.
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7636]: pam_unix(su:session): session closed for user rubyman
May  6 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340814.
May  6 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session closed for user root
May  6 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session closed for user samftp
May  6 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6521]: pam_unix(cron:session): session closed for user root
May  6 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8005]: pam_unix(cron:session): session closed for user p13x
May  6 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8063]: Successful su for rubyman by root
May  6 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8063]: + ??? root:rubyman
May  6 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340818 of user rubyman.
May  6 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8063]: pam_unix(su:session): session closed for user rubyman
May  6 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340818.
May  6 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session closed for user root
May  6 14:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session closed for user samftp
May  6 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session closed for user root
May  6 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8425]: pam_unix(cron:session): session closed for user p13x
May  6 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8491]: Successful su for rubyman by root
May  6 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8491]: + ??? root:rubyman
May  6 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340822 of user rubyman.
May  6 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8491]: pam_unix(su:session): session closed for user rubyman
May  6 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340822.
May  6 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user root
May  6 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8427]: pam_unix(cron:session): session closed for user samftp
May  6 14:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8691]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.168.125.82 port 43630
May  6 14:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Invalid user parvin from 200.189.192.3
May  6 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: input_userauth_request: invalid user parvin [preauth]
May  6 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session closed for user root
May  6 14:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user parvin from 200.189.192.3 port 49836 ssh2
May  6 14:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Received disconnect from 200.189.192.3 port 49836:11: Bye Bye [preauth]
May  6 14:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Disconnected from 200.189.192.3 port 49836 [preauth]
May  6 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session closed for user p13x
May  6 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8916]: Successful su for rubyman by root
May  6 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8916]: + ??? root:rubyman
May  6 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340826 of user rubyman.
May  6 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8916]: pam_unix(su:session): session closed for user rubyman
May  6 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340826.
May  6 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session closed for user root
May  6 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session closed for user samftp
May  6 14:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35  user=root
May  6 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: Failed password for root from 161.97.155.35 port 51918 ssh2
May  6 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: Received disconnect from 161.97.155.35 port 51918:11: Bye Bye [preauth]
May  6 14:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: Disconnected from 161.97.155.35 port 51918 [preauth]
May  6 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session closed for user root
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9384]: pam_unix(cron:session): session closed for user root
May  6 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session closed for user p13x
May  6 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: Successful su for rubyman by root
May  6 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: + ??? root:rubyman
May  6 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340833 of user rubyman.
May  6 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9456]: pam_unix(su:session): session closed for user rubyman
May  6 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340833.
May  6 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user root
May  6 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session closed for user root
May  6 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session closed for user samftp
May  6 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8429]: pam_unix(cron:session): session closed for user root
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user p13x
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: Successful su for rubyman by root
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: + ??? root:rubyman
May  6 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340836 of user rubyman.
May  6 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9889]: pam_unix(su:session): session closed for user rubyman
May  6 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340836.
May  6 14:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for root from 218.92.0.179 port 58659 ssh2
May  6 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session closed for user root
May  6 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user samftp
May  6 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for root from 218.92.0.179 port 58659 ssh2
May  6 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for root from 218.92.0.179 port 58659 ssh2
May  6 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Received disconnect from 218.92.0.179 port 58659:11:  [preauth]
May  6 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Disconnected from 218.92.0.179 port 58659 [preauth]
May  6 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user root
May  6 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10305]: pam_unix(cron:session): session closed for user p13x
May  6 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: Successful su for rubyman by root
May  6 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: + ??? root:rubyman
May  6 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340840 of user rubyman.
May  6 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10369]: pam_unix(su:session): session closed for user rubyman
May  6 14:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340840.
May  6 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session closed for user root
May  6 14:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user samftp
May  6 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session closed for user root
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user p13x
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10848]: Successful su for rubyman by root
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10848]: + ??? root:rubyman
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340844 of user rubyman.
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10848]: pam_unix(su:session): session closed for user rubyman
May  6 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340844.
May  6 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session closed for user root
May  6 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user samftp
May  6 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9824]: pam_unix(cron:session): session closed for user root
May  6 14:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35  user=root
May  6 14:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Failed password for root from 161.97.155.35 port 52094 ssh2
May  6 14:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Received disconnect from 161.97.155.35 port 52094:11: Bye Bye [preauth]
May  6 14:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Disconnected from 161.97.155.35 port 52094 [preauth]
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11178]: pam_unix(cron:session): session closed for user p13x
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: Successful su for rubyman by root
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: + ??? root:rubyman
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340849 of user rubyman.
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11242]: pam_unix(su:session): session closed for user rubyman
May  6 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340849.
May  6 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8428]: pam_unix(cron:session): session closed for user root
May  6 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11179]: pam_unix(cron:session): session closed for user samftp
May  6 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session closed for user root
May  6 14:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Failed password for root from 218.92.0.179 port 18171 ssh2
May  6 14:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18171 ssh2]
May  6 14:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Received disconnect from 218.92.0.179 port 18171:11:  [preauth]
May  6 14:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: Disconnected from 218.92.0.179 port 18171 [preauth]
May  6 14:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11550]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11589]: pam_unix(cron:session): session closed for user root
May  6 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11583]: pam_unix(cron:session): session closed for user p13x
May  6 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: Successful su for rubyman by root
May  6 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: + ??? root:rubyman
May  6 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340856 of user rubyman.
May  6 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11650]: pam_unix(su:session): session closed for user rubyman
May  6 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340856.
May  6 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session closed for user root
May  6 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user root
May  6 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11584]: pam_unix(cron:session): session closed for user samftp
May  6 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session closed for user root
May  6 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11998]: pam_unix(cron:session): session closed for user p13x
May  6 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: Successful su for rubyman by root
May  6 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: + ??? root:rubyman
May  6 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340860 of user rubyman.
May  6 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12062]: pam_unix(su:session): session closed for user rubyman
May  6 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340860.
May  6 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session closed for user root
May  6 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11999]: pam_unix(cron:session): session closed for user samftp
May  6 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11181]: pam_unix(cron:session): session closed for user root
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12410]: pam_unix(cron:session): session closed for user p13x
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12469]: Successful su for rubyman by root
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12469]: + ??? root:rubyman
May  6 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340862 of user rubyman.
May  6 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12469]: pam_unix(su:session): session closed for user rubyman
May  6 14:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340862.
May  6 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
May  6 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12411]: pam_unix(cron:session): session closed for user samftp
May  6 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11588]: pam_unix(cron:session): session closed for user root
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12788]: pam_unix(cron:session): session closed for user p13x
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12853]: Successful su for rubyman by root
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12853]: + ??? root:rubyman
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340866 of user rubyman.
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12853]: pam_unix(su:session): session closed for user rubyman
May  6 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340866.
May  6 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10307]: pam_unix(cron:session): session closed for user root
May  6 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12790]: pam_unix(cron:session): session closed for user samftp
May  6 14:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Invalid user adnan from 161.97.155.35
May  6 14:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: input_userauth_request: invalid user adnan [preauth]
May  6 14:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Failed password for invalid user adnan from 161.97.155.35 port 52278 ssh2
May  6 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Received disconnect from 161.97.155.35 port 52278:11: Bye Bye [preauth]
May  6 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Disconnected from 161.97.155.35 port 52278 [preauth]
May  6 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12001]: pam_unix(cron:session): session closed for user root
May  6 14:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Invalid user jenkins from 50.235.31.47
May  6 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: input_userauth_request: invalid user jenkins [preauth]
May  6 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 14:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Failed password for root from 218.92.0.179 port 10334 ssh2
May  6 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Failed password for invalid user jenkins from 50.235.31.47 port 57970 ssh2
May  6 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13172]: Connection closed by 50.235.31.47 port 57970 [preauth]
May  6 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Failed password for root from 218.92.0.179 port 10334 ssh2
May  6 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Failed password for root from 218.92.0.179 port 10334 ssh2
May  6 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Received disconnect from 218.92.0.179 port 10334:11:  [preauth]
May  6 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: Disconnected from 218.92.0.179 port 10334 [preauth]
May  6 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13162]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user p13x
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13319]: Successful su for rubyman by root
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13319]: + ??? root:rubyman
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340870 of user rubyman.
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13319]: pam_unix(su:session): session closed for user rubyman
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340870.
May  6 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session closed for user root
May  6 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10790]: pam_unix(cron:session): session closed for user root
May  6 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13196]: pam_unix(cron:session): session closed for user samftp
May  6 14:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13664]: Connection closed by 200.189.192.3 port 44694 [preauth]
May  6 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12413]: pam_unix(cron:session): session closed for user root
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user root
May  6 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13791]: pam_unix(cron:session): session closed for user p13x
May  6 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: Successful su for rubyman by root
May  6 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: + ??? root:rubyman
May  6 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340878 of user rubyman.
May  6 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13859]: pam_unix(su:session): session closed for user rubyman
May  6 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340878.
May  6 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13794]: pam_unix(cron:session): session closed for user root
May  6 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11180]: pam_unix(cron:session): session closed for user root
May  6 14:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13793]: pam_unix(cron:session): session closed for user samftp
May  6 14:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Failed password for root from 218.92.0.179 port 35402 ssh2
May  6 14:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35402 ssh2]
May  6 14:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Received disconnect from 218.92.0.179 port 35402:11:  [preauth]
May  6 14:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: Disconnected from 218.92.0.179 port 35402 [preauth]
May  6 14:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14071]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user root
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session closed for user p13x
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: Successful su for rubyman by root
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: + ??? root:rubyman
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340882 of user rubyman.
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14289]: pam_unix(su:session): session closed for user rubyman
May  6 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340882.
May  6 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11586]: pam_unix(cron:session): session closed for user root
May  6 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session closed for user samftp
May  6 14:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13198]: pam_unix(cron:session): session closed for user root
May  6 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user p13x
May  6 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: Successful su for rubyman by root
May  6 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: + ??? root:rubyman
May  6 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340887 of user rubyman.
May  6 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14702]: pam_unix(su:session): session closed for user rubyman
May  6 14:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340887.
May  6 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12000]: pam_unix(cron:session): session closed for user root
May  6 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session closed for user samftp
May  6 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session closed for user root
May  6 14:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Invalid user hyper from 161.97.155.35
May  6 14:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: input_userauth_request: invalid user hyper [preauth]
May  6 14:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Failed password for invalid user hyper from 161.97.155.35 port 52460 ssh2
May  6 14:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Received disconnect from 161.97.155.35 port 52460:11: Bye Bye [preauth]
May  6 14:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14994]: Disconnected from 161.97.155.35 port 52460 [preauth]
May  6 14:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: Failed password for root from 188.235.150.5 port 40266 ssh2
May  6 14:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15035]: Connection closed by 188.235.150.5 port 40266 [preauth]
May  6 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15046]: pam_unix(cron:session): session closed for user p13x
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15105]: Successful su for rubyman by root
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15105]: + ??? root:rubyman
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340889 of user rubyman.
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15105]: pam_unix(su:session): session closed for user rubyman
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340889.
May  6 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12412]: pam_unix(cron:session): session closed for user root
May  6 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15047]: pam_unix(cron:session): session closed for user samftp
May  6 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Failed password for root from 188.235.150.5 port 43553 ssh2
May  6 14:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15126]: Connection closed by 188.235.150.5 port 43553 [preauth]
May  6 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Failed password for root from 188.235.150.5 port 46305 ssh2
May  6 14:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15291]: Connection closed by 188.235.150.5 port 46305 [preauth]
May  6 14:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Failed password for root from 188.235.150.5 port 50233 ssh2
May  6 14:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15317]: Connection closed by 188.235.150.5 port 50233 [preauth]
May  6 14:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session closed for user root
May  6 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: Failed password for root from 188.235.150.5 port 55477 ssh2
May  6 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15352]: Connection closed by 188.235.150.5 port 55477 [preauth]
May  6 14:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: Failed password for root from 188.235.150.5 port 58049 ssh2
May  6 14:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15381]: Connection closed by 188.235.150.5 port 58049 [preauth]
May  6 14:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Failed password for root from 188.235.150.5 port 36433 ssh2
May  6 14:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15420]: Connection closed by 188.235.150.5 port 36433 [preauth]
May  6 14:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session closed for user p13x
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15505]: Successful su for rubyman by root
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15505]: + ??? root:rubyman
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340894 of user rubyman.
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15505]: pam_unix(su:session): session closed for user rubyman
May  6 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340894.
May  6 14:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user root
May  6 14:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Failed password for root from 188.235.150.5 port 39965 ssh2
May  6 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15438]: Connection closed by 188.235.150.5 port 39965 [preauth]
May  6 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session closed for user samftp
May  6 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Failed password for root from 188.235.150.5 port 43629 ssh2
May  6 14:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15685]: Connection closed by 188.235.150.5 port 43629 [preauth]
May  6 14:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Failed password for root from 188.235.150.5 port 47361 ssh2
May  6 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15718]: Connection closed by 188.235.150.5 port 47361 [preauth]
May  6 14:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Failed password for root from 188.235.150.5 port 50878 ssh2
May  6 14:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15751]: Connection closed by 188.235.150.5 port 50878 [preauth]
May  6 14:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14644]: pam_unix(cron:session): session closed for user root
May  6 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Failed password for root from 188.235.150.5 port 54129 ssh2
May  6 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15762]: Connection closed by 188.235.150.5 port 54129 [preauth]
May  6 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Invalid user seafile from 164.68.105.9
May  6 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: input_userauth_request: invalid user seafile [preauth]
May  6 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Failed password for invalid user seafile from 164.68.105.9 port 48626 ssh2
May  6 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15795]: Connection closed by 164.68.105.9 port 48626 [preauth]
May  6 14:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15797]: Failed password for root from 188.235.150.5 port 56660 ssh2
May  6 14:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15797]: Connection closed by 188.235.150.5 port 56660 [preauth]
May  6 14:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15828]: Failed password for root from 188.235.150.5 port 34602 ssh2
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user root
May  6 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session closed for user p13x
May  6 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: Successful su for rubyman by root
May  6 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: + ??? root:rubyman
May  6 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340900 of user rubyman.
May  6 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: pam_unix(su:session): session closed for user rubyman
May  6 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340900.
May  6 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15851]: pam_unix(cron:session): session closed for user root
May  6 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13197]: pam_unix(cron:session): session closed for user root
May  6 14:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user samftp
May  6 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: Failed password for root from 188.235.150.5 port 37378 ssh2
May  6 14:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16023]: Connection closed by 188.235.150.5 port 37378 [preauth]
May  6 14:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Failed password for root from 188.235.150.5 port 42739 ssh2
May  6 14:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16130]: Connection closed by 188.235.150.5 port 42739 [preauth]
May  6 14:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15828]: Connection closed by 188.235.150.5 port 34602 [preauth]
May  6 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15049]: pam_unix(cron:session): session closed for user root
May  6 14:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Failed password for root from 188.235.150.5 port 49511 ssh2
May  6 14:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Connection closed by 188.235.150.5 port 49511 [preauth]
May  6 14:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Failed password for root from 188.235.150.5 port 55476 ssh2
May  6 14:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Connection closed by 188.235.150.5 port 55476 [preauth]
May  6 14:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Failed password for root from 188.235.150.5 port 59325 ssh2
May  6 14:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16253]: Connection closed by 188.235.150.5 port 59325 [preauth]
May  6 14:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16282]: pam_unix(cron:session): session closed for user p13x
May  6 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16285]: pam_unix(cron:session): session closed for user root
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: Successful su for rubyman by root
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: + ??? root:rubyman
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340903 of user rubyman.
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16349]: pam_unix(su:session): session closed for user rubyman
May  6 14:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340903.
May  6 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Failed password for root from 188.235.150.5 port 34719 ssh2
May  6 14:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16263]: Connection closed by 188.235.150.5 port 34719 [preauth]
May  6 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13795]: pam_unix(cron:session): session closed for user root
May  6 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16283]: pam_unix(cron:session): session closed for user samftp
May  6 14:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Failed password for root from 188.235.150.5 port 38766 ssh2
May  6 14:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Failed password for root from 188.235.150.5 port 42441 ssh2
May  6 14:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16601]: Connection closed by 188.235.150.5 port 42441 [preauth]
May  6 14:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16520]: Connection closed by 188.235.150.5 port 38766 [preauth]
May  6 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Failed password for root from 188.235.150.5 port 45877 ssh2
May  6 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16623]: Connection closed by 188.235.150.5 port 45877 [preauth]
May  6 14:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session closed for user root
May  6 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Failed password for root from 188.235.150.5 port 50564 ssh2
May  6 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16659]: Connection closed by 188.235.150.5 port 50564 [preauth]
May  6 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16724]: Did not receive identification string from 193.32.162.185
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16752]: pam_unix(cron:session): session closed for user p13x
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16813]: Successful su for rubyman by root
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16813]: + ??? root:rubyman
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340908 of user rubyman.
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16813]: pam_unix(su:session): session closed for user rubyman
May  6 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340908.
May  6 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Invalid user farmacia from 161.97.155.35
May  6 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: input_userauth_request: invalid user farmacia [preauth]
May  6 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session closed for user root
May  6 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Failed password for invalid user farmacia from 161.97.155.35 port 52632 ssh2
May  6 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Received disconnect from 161.97.155.35 port 52632:11: Bye Bye [preauth]
May  6 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16876]: Disconnected from 161.97.155.35 port 52632 [preauth]
May  6 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session closed for user samftp
May  6 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 14:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 218.92.0.210 port 46798 ssh2
May  6 14:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 46798 ssh2]
May  6 14:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 218.92.0.210 port 46798 ssh2
May  6 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: Invalid user sftpuser from 200.189.192.3
May  6 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: input_userauth_request: invalid user sftpuser [preauth]
May  6 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: Failed password for invalid user sftpuser from 200.189.192.3 port 36301 ssh2
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: Received disconnect from 200.189.192.3 port 36301:11: Bye Bye [preauth]
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: Disconnected from 200.189.192.3 port 36301 [preauth]
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 218.92.0.210 port 46798 ssh2
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 46798 ssh2 [preauth]
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Disconnecting: Too many authentication failures [preauth]
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 14:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 14:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Failed password for root from 218.92.0.210 port 60816 ssh2
May  6 14:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Failed password for root from 218.92.0.210 port 60816 ssh2
May  6 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15853]: pam_unix(cron:session): session closed for user root
May  6 14:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Failed password for root from 218.92.0.210 port 60816 ssh2
May  6 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: message repeated 3 times: [ Failed password for root from 218.92.0.210 port 60816 ssh2]
May  6 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 60816 ssh2 [preauth]
May  6 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: Disconnecting: Too many authentication failures [preauth]
May  6 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 14:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17093]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 14:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 14:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: Failed password for root from 218.92.0.210 port 18720 ssh2
May  6 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: Received disconnect from 218.92.0.210 port 18720:11:  [preauth]
May  6 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17165]: Disconnected from 218.92.0.210 port 18720 [preauth]
May  6 14:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session closed for user p13x
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17249]: Successful su for rubyman by root
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17249]: + ??? root:rubyman
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340914 of user rubyman.
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17249]: pam_unix(su:session): session closed for user rubyman
May  6 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340914.
May  6 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14643]: pam_unix(cron:session): session closed for user root
May  6 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17186]: pam_unix(cron:session): session closed for user samftp
May  6 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session closed for user root
May  6 14:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Invalid user lighthouse from 190.103.202.7
May  6 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: input_userauth_request: invalid user lighthouse [preauth]
May  6 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Failed password for invalid user lighthouse from 190.103.202.7 port 38614 ssh2
May  6 14:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17594]: Connection closed by 190.103.202.7 port 38614 [preauth]
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user p13x
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17671]: Successful su for rubyman by root
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17671]: + ??? root:rubyman
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340917 of user rubyman.
May  6 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17671]: pam_unix(su:session): session closed for user rubyman
May  6 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340917.
May  6 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15048]: pam_unix(cron:session): session closed for user root
May  6 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session closed for user samftp
May  6 14:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Invalid user 1 from 195.178.110.50
May  6 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: input_userauth_request: invalid user 1 [preauth]
May  6 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Failed password for invalid user 1 from 195.178.110.50 port 37030 ssh2
May  6 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Connection closed by 195.178.110.50 port 37030 [preauth]
May  6 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session closed for user root
May  6 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Failed password for root from 218.92.0.179 port 50727 ssh2
May  6 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Invalid user > from 195.178.110.50
May  6 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: input_userauth_request: invalid user > [preauth]
May  6 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Failed password for root from 218.92.0.179 port 50727 ssh2
May  6 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Failed password for invalid user > from 195.178.110.50 port 3266 ssh2
May  6 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Failed password for root from 218.92.0.179 port 50727 ssh2
May  6 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Received disconnect from 218.92.0.179 port 50727:11:  [preauth]
May  6 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: Disconnected from 218.92.0.179 port 50727 [preauth]
May  6 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18076]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18041]: Connection closed by 195.178.110.50 port 3266 [preauth]
May  6 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Invalid user K from 195.178.110.50
May  6 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: input_userauth_request: invalid user K [preauth]
May  6 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Failed password for invalid user K from 195.178.110.50 port 5948 ssh2
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session closed for user root
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18142]: pam_unix(cron:session): session closed for user p13x
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18209]: Successful su for rubyman by root
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18209]: + ??? root:rubyman
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340922 of user rubyman.
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18209]: pam_unix(su:session): session closed for user rubyman
May  6 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340922.
May  6 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18109]: Connection closed by 195.178.110.50 port 5948 [preauth]
May  6 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session closed for user root
May  6 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session closed for user root
May  6 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18143]: pam_unix(cron:session): session closed for user samftp
May  6 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Invalid user X from 195.178.110.50
May  6 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: input_userauth_request: invalid user X [preauth]
May  6 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Failed password for invalid user X from 195.178.110.50 port 7484 ssh2
May  6 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18290]: Connection closed by 195.178.110.50 port 7484 [preauth]
May  6 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17188]: pam_unix(cron:session): session closed for user root
May  6 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: Invalid user e from 195.178.110.50
May  6 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: input_userauth_request: invalid user e [preauth]
May  6 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 14:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: Failed password for invalid user e from 195.178.110.50 port 30752 ssh2
May  6 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18472]: Connection closed by 195.178.110.50 port 30752 [preauth]
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user p13x
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: Successful su for rubyman by root
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: + ??? root:rubyman
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340926 of user rubyman.
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18647]: pam_unix(su:session): session closed for user rubyman
May  6 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340926.
May  6 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15852]: pam_unix(cron:session): session closed for user root
May  6 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18583]: pam_unix(cron:session): session closed for user samftp
May  6 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Invalid user youssef from 161.97.155.35
May  6 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: input_userauth_request: invalid user youssef [preauth]
May  6 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Failed password for invalid user youssef from 161.97.155.35 port 52802 ssh2
May  6 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Received disconnect from 161.97.155.35 port 52802:11: Bye Bye [preauth]
May  6 14:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Disconnected from 161.97.155.35 port 52802 [preauth]
May  6 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session closed for user root
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session closed for user p13x
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: Successful su for rubyman by root
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: + ??? root:rubyman
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340931 of user rubyman.
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19066]: pam_unix(su:session): session closed for user rubyman
May  6 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340931.
May  6 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16284]: pam_unix(cron:session): session closed for user root
May  6 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session closed for user samftp
May  6 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session closed for user root
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19407]: pam_unix(cron:session): session closed for user p13x
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: Successful su for rubyman by root
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: + ??? root:rubyman
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340935 of user rubyman.
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19468]: pam_unix(su:session): session closed for user rubyman
May  6 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340935.
May  6 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session closed for user root
May  6 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19408]: pam_unix(cron:session): session closed for user samftp
May  6 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18586]: pam_unix(cron:session): session closed for user root
May  6 14:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 14:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Failed password for root from 80.94.95.125 port 39420 ssh2
May  6 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 39420 ssh2]
May  6 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Received disconnect from 80.94.95.125 port 39420:11: Bye [preauth]
May  6 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: Disconnected from 80.94.95.125 port 39420 [preauth]
May  6 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19770]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 14:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Failed password for root from 188.235.150.5 port 43389 ssh2
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19823]: pam_unix(cron:session): session closed for user p13x
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: Successful su for rubyman by root
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: + ??? root:rubyman
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340939 of user rubyman.
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: pam_unix(su:session): session closed for user rubyman
May  6 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340939.
May  6 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19803]: Connection closed by 188.235.150.5 port 43389 [preauth]
May  6 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17187]: pam_unix(cron:session): session closed for user root
May  6 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session closed for user samftp
May  6 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Failed password for root from 188.235.150.5 port 46639 ssh2
May  6 14:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20081]: Connection closed by 188.235.150.5 port 46639 [preauth]
May  6 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Failed password for root from 188.235.150.5 port 52808 ssh2
May  6 14:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20094]: Connection closed by 188.235.150.5 port 52808 [preauth]
May  6 14:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Failed password for root from 188.235.150.5 port 56108 ssh2
May  6 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20125]: Connection closed by 188.235.150.5 port 56108 [preauth]
May  6 14:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session closed for user root
May  6 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: Failed password for root from 188.235.150.5 port 59159 ssh2
May  6 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20150]: Connection closed by 188.235.150.5 port 59159 [preauth]
May  6 14:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Failed password for root from 188.235.150.5 port 33583 ssh2
May  6 14:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Connection closed by 188.235.150.5 port 33583 [preauth]
May  6 14:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3  user=root
May  6 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Failed password for root from 188.235.150.5 port 36631 ssh2
May  6 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: Failed password for root from 200.189.192.3 port 52352 ssh2
May  6 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20211]: Connection closed by 188.235.150.5 port 36631 [preauth]
May  6 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: Received disconnect from 200.189.192.3 port 52352:11: Bye Bye [preauth]
May  6 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: Disconnected from 200.189.192.3 port 52352 [preauth]
May  6 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20247]: pam_unix(cron:session): session closed for user root
May  6 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20242]: pam_unix(cron:session): session closed for user p13x
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20310]: Successful su for rubyman by root
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20310]: + ??? root:rubyman
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340947 of user rubyman.
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20310]: pam_unix(su:session): session closed for user rubyman
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340947.
May  6 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20244]: pam_unix(cron:session): session closed for user root
May  6 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Failed password for root from 188.235.150.5 port 43551 ssh2
May  6 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session closed for user root
May  6 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Connection closed by 188.235.150.5 port 43551 [preauth]
May  6 14:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20243]: pam_unix(cron:session): session closed for user samftp
May  6 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Failed password for root from 188.235.150.5 port 46405 ssh2
May  6 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20503]: Connection closed by 188.235.150.5 port 46405 [preauth]
May  6 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session closed for user root
May  6 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Failed password for root from 188.235.150.5 port 52116 ssh2
May  6 14:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20565]: Connection closed by 188.235.150.5 port 52116 [preauth]
May  6 14:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Invalid user admin from 80.94.95.112
May  6 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: input_userauth_request: invalid user admin [preauth]
May  6 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 14:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Failed password for invalid user admin from 80.94.95.112 port 57889 ssh2
May  6 14:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Failed password for root from 188.235.150.5 port 58032 ssh2
May  6 14:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20616]: Connection closed by 188.235.150.5 port 58032 [preauth]
May  6 14:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Failed password for invalid user admin from 80.94.95.112 port 57889 ssh2
May  6 14:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Failed password for invalid user admin from 80.94.95.112 port 57889 ssh2
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Invalid user sendmail from 161.97.155.35
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: input_userauth_request: invalid user sendmail [preauth]
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Failed password for invalid user sendmail from 161.97.155.35 port 52972 ssh2
May  6 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Failed password for invalid user admin from 80.94.95.112 port 57889 ssh2
May  6 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Received disconnect from 161.97.155.35 port 52972:11: Bye Bye [preauth]
May  6 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20663]: Disconnected from 161.97.155.35 port 52972 [preauth]
May  6 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Failed password for root from 188.235.150.5 port 34811 ssh2
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20660]: Connection closed by 188.235.150.5 port 34811 [preauth]
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Failed password for invalid user admin from 80.94.95.112 port 57889 ssh2
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Received disconnect from 80.94.95.112 port 57889:11: Bye [preauth]
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: Disconnected from 80.94.95.112 port 57889 [preauth]
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20634]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 14:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Failed password for root from 188.235.150.5 port 37871 ssh2
May  6 14:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20674]: Connection closed by 188.235.150.5 port 37871 [preauth]
May  6 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20696]: pam_unix(cron:session): session closed for user p13x
May  6 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: Successful su for rubyman by root
May  6 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: + ??? root:rubyman
May  6 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340949 of user rubyman.
May  6 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20764]: pam_unix(su:session): session closed for user rubyman
May  6 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340949.
May  6 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session closed for user root
May  6 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session closed for user samftp
May  6 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user root
May  6 14:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 14:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Failed password for root from 188.235.150.5 port 40930 ssh2
May  6 14:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20685]: Connection closed by 188.235.150.5 port 40930 [preauth]
May  6 14:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21117]: pam_unix(cron:session): session closed for user p13x
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: Successful su for rubyman by root
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: + ??? root:rubyman
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340953 of user rubyman.
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21178]: pam_unix(su:session): session closed for user rubyman
May  6 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340953.
May  6 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18584]: pam_unix(cron:session): session closed for user root
May  6 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21118]: pam_unix(cron:session): session closed for user samftp
May  6 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20246]: pam_unix(cron:session): session closed for user root
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21553]: pam_unix(cron:session): session closed for user p13x
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: Successful su for rubyman by root
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: + ??? root:rubyman
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340957 of user rubyman.
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21618]: pam_unix(su:session): session closed for user rubyman
May  6 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340957.
May  6 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session closed for user root
May  6 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21554]: pam_unix(cron:session): session closed for user samftp
May  6 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user root
May  6 14:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Invalid user admin from 80.94.95.241
May  6 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: input_userauth_request: invalid user admin [preauth]
May  6 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user admin from 80.94.95.241 port 11128 ssh2
May  6 14:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user admin from 80.94.95.241 port 11128 ssh2
May  6 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user admin from 80.94.95.241 port 11128 ssh2
May  6 14:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user admin from 80.94.95.241 port 11128 ssh2
May  6 14:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Failed password for invalid user admin from 80.94.95.241 port 11128 ssh2
May  6 14:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Received disconnect from 80.94.95.241 port 11128:11: Bye [preauth]
May  6 14:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: Disconnected from 80.94.95.241 port 11128 [preauth]
May  6 14:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 14:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22272]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session closed for user p13x
May  6 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22372]: Successful su for rubyman by root
May  6 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22372]: + ??? root:rubyman
May  6 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340960 of user rubyman.
May  6 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22372]: pam_unix(su:session): session closed for user rubyman
May  6 14:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340960.
May  6 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19409]: pam_unix(cron:session): session closed for user root
May  6 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session closed for user samftp
May  6 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21120]: pam_unix(cron:session): session closed for user root
May  6 14:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Invalid user lsfadmin from 46.244.96.25
May  6 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: input_userauth_request: invalid user lsfadmin [preauth]
May  6 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): check pass; user unknown
May  6 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 14:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Failed password for invalid user lsfadmin from 46.244.96.25 port 51792 ssh2
May  6 14:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22721]: Connection closed by 46.244.96.25 port 51792 [preauth]
May  6 14:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22723]: Connection closed by 20.163.15.206 port 52846 [preauth]
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22765]: pam_unix(cron:session): session closed for user root
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session closed for user root
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session closed for user p13x
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: Successful su for rubyman by root
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: + ??? root:rubyman
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340964 of user rubyman.
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22869]: pam_unix(su:session): session closed for user rubyman
May  6 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340964.
May  6 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session closed for user root
May  6 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19825]: pam_unix(cron:session): session closed for user root
May  6 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user samftp
May  6 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Invalid user novinhost from 161.97.155.35
May  6 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: input_userauth_request: invalid user novinhost [preauth]
May  6 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.97.155.35
May  6 15:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Failed password for invalid user novinhost from 161.97.155.35 port 53144 ssh2
May  6 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Received disconnect from 161.97.155.35 port 53144:11: Bye Bye [preauth]
May  6 15:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23120]: Disconnected from 161.97.155.35 port 53144 [preauth]
May  6 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21556]: pam_unix(cron:session): session closed for user root
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session closed for user p13x
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23478]: Successful su for rubyman by root
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23478]: + ??? root:rubyman
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340972 of user rubyman.
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23478]: pam_unix(su:session): session closed for user rubyman
May  6 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340972.
May  6 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20245]: pam_unix(cron:session): session closed for user root
May  6 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session closed for user samftp
May  6 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22305]: pam_unix(cron:session): session closed for user root
May  6 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session closed for user p13x
May  6 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: Successful su for rubyman by root
May  6 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: + ??? root:rubyman
May  6 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340975 of user rubyman.
May  6 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: pam_unix(su:session): session closed for user rubyman
May  6 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340975.
May  6 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user root
May  6 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session closed for user samftp
May  6 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22763]: pam_unix(cron:session): session closed for user root
May  6 15:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 15:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: Failed password for root from 218.92.0.207 port 49570 ssh2
May  6 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 49570 ssh2]
May  6 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 49570 ssh2 [preauth]
May  6 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: Disconnecting: Too many authentication failures [preauth]
May  6 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 15:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24308]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 15:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for root from 218.92.0.207 port 42314 ssh2
May  6 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user p13x
May  6 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24437]: Successful su for rubyman by root
May  6 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24437]: + ??? root:rubyman
May  6 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340979 of user rubyman.
May  6 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24437]: pam_unix(su:session): session closed for user rubyman
May  6 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340979.
May  6 15:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for root from 218.92.0.207 port 42314 ssh2
May  6 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21119]: pam_unix(cron:session): session closed for user root
May  6 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24367]: pam_unix(cron:session): session closed for user samftp
May  6 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for root from 218.92.0.207 port 42314 ssh2
May  6 15:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: message repeated 2 times: [ Failed password for root from 218.92.0.207 port 42314 ssh2]
May  6 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for root from 218.92.0.207 port 42314 ssh2
May  6 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 42314 ssh2 [preauth]
May  6 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Disconnecting: Too many authentication failures [preauth]
May  6 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 15:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 15:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 15:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: Failed password for root from 218.92.0.207 port 49880 ssh2
May  6 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: Received disconnect from 218.92.0.207 port 49880:11:  [preauth]
May  6 15:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24668]: Disconnected from 218.92.0.207 port 49880 [preauth]
May  6 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Invalid user admin from 200.189.192.3
May  6 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: input_userauth_request: invalid user admin [preauth]
May  6 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.189.192.3
May  6 15:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Failed password for invalid user admin from 200.189.192.3 port 49579 ssh2
May  6 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Received disconnect from 200.189.192.3 port 49579:11: Bye Bye [preauth]
May  6 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24666]: Disconnected from 200.189.192.3 port 49579 [preauth]
May  6 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session closed for user root
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session closed for user p13x
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: Successful su for rubyman by root
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: + ??? root:rubyman
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340984 of user rubyman.
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24852]: pam_unix(su:session): session closed for user rubyman
May  6 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340984.
May  6 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21555]: pam_unix(cron:session): session closed for user root
May  6 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session closed for user samftp
May  6 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user root
May  6 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25208]: pam_unix(cron:session): session closed for user root
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user p13x
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25281]: Successful su for rubyman by root
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25281]: + ??? root:rubyman
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340990 of user rubyman.
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25281]: pam_unix(su:session): session closed for user rubyman
May  6 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340990.
May  6 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22304]: pam_unix(cron:session): session closed for user root
May  6 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session closed for user root
May  6 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user samftp
May  6 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24369]: pam_unix(cron:session): session closed for user root
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session closed for user p13x
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25773]: Successful su for rubyman by root
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25773]: + ??? root:rubyman
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340993 of user rubyman.
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25773]: pam_unix(su:session): session closed for user rubyman
May  6 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340993.
May  6 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session closed for user root
May  6 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session closed for user samftp
May  6 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24792]: pam_unix(cron:session): session closed for user root
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session closed for user p13x
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: Successful su for rubyman by root
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: + ??? root:rubyman
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 340998 of user rubyman.
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26206]: pam_unix(su:session): session closed for user rubyman
May  6 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 340998.
May  6 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session closed for user root
May  6 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user samftp
May  6 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25207]: pam_unix(cron:session): session closed for user root
May  6 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session closed for user p13x
May  6 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: Successful su for rubyman by root
May  6 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: + ??? root:rubyman
May  6 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341001 of user rubyman.
May  6 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: pam_unix(su:session): session closed for user rubyman
May  6 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341001.
May  6 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session closed for user root
May  6 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session closed for user samftp
May  6 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25691]: pam_unix(cron:session): session closed for user root
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27092]: pam_unix(cron:session): session closed for user p13x
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27226]: Successful su for rubyman by root
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27226]: + ??? root:rubyman
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341008 of user rubyman.
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27226]: pam_unix(su:session): session closed for user rubyman
May  6 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341008.
May  6 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27089]: pam_unix(cron:session): session closed for user root
May  6 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24368]: pam_unix(cron:session): session closed for user root
May  6 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session closed for user samftp
May  6 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user root
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session closed for user root
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session closed for user p13x
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27730]: Successful su for rubyman by root
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27730]: + ??? root:rubyman
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341011 of user rubyman.
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27730]: pam_unix(su:session): session closed for user rubyman
May  6 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341011.
May  6 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session closed for user root
May  6 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session closed for user root
May  6 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27663]: pam_unix(cron:session): session closed for user samftp
May  6 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26621]: pam_unix(cron:session): session closed for user root
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session closed for user p13x
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: Successful su for rubyman by root
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: + ??? root:rubyman
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341017 of user rubyman.
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: pam_unix(su:session): session closed for user rubyman
May  6 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341017.
May  6 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25206]: pam_unix(cron:session): session closed for user root
May  6 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session closed for user samftp
May  6 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session closed for user root
May  6 15:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28468]: Bad protocol version identification '\026\003\001\001\027\001' from 152.32.156.50 port 52900
May  6 15:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28454]: Connection reset by 205.210.31.57 port 62824 [preauth]
May  6 15:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Failed password for root from 188.235.150.5 port 59293 ssh2
May  6 15:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28466]: Connection closed by 188.235.150.5 port 59293 [preauth]
May  6 15:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28469]: Did not receive identification string from 152.32.156.50
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user p13x
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28579]: Successful su for rubyman by root
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28579]: + ??? root:rubyman
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341021 of user rubyman.
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28579]: pam_unix(su:session): session closed for user rubyman
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341021.
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28514]: Connection closed by 152.32.156.50 port 53834 [preauth]
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28619]: Protocol major versions differ for 152.32.156.50: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May  6 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session closed for user root
May  6 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user samftp
May  6 15:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 15:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Failed password for root from 218.92.0.179 port 31745 ssh2
May  6 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31745 ssh2]
May  6 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Received disconnect from 218.92.0.179 port 31745:11:  [preauth]
May  6 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: Disconnected from 218.92.0.179 port 31745 [preauth]
May  6 15:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28802]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session closed for user root
May  6 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28930]: pam_unix(cron:session): session closed for user p13x
May  6 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28990]: Successful su for rubyman by root
May  6 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28990]: + ??? root:rubyman
May  6 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341024 of user rubyman.
May  6 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28990]: pam_unix(su:session): session closed for user rubyman
May  6 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341024.
May  6 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
May  6 15:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session closed for user samftp
May  6 15:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user root
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session closed for user p13x
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: Successful su for rubyman by root
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: + ??? root:rubyman
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341028 of user rubyman.
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session closed for user rubyman
May  6 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341028.
May  6 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session closed for user root
May  6 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user samftp
May  6 15:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Failed password for root from 188.235.150.5 port 40910 ssh2
May  6 15:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29723]: Connection closed by 188.235.150.5 port 40910 [preauth]
May  6 15:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user root
May  6 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: Failed password for root from 188.235.150.5 port 43329 ssh2
May  6 15:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29751]: Connection closed by 188.235.150.5 port 43329 [preauth]
May  6 15:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29788]: Failed password for root from 188.235.150.5 port 46304 ssh2
May  6 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29788]: Connection closed by 188.235.150.5 port 46304 [preauth]
May  6 15:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for root from 188.235.150.5 port 50541 ssh2
May  6 15:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Connection closed by 188.235.150.5 port 50541 [preauth]
May  6 15:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29832]: Failed password for root from 188.235.150.5 port 53798 ssh2
May  6 15:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29832]: Connection closed by 188.235.150.5 port 53798 [preauth]
May  6 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session closed for user root
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session closed for user p13x
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29919]: Successful su for rubyman by root
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29919]: + ??? root:rubyman
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341034 of user rubyman.
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29919]: pam_unix(su:session): session closed for user rubyman
May  6 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341034.
May  6 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29848]: pam_unix(cron:session): session closed for user root
May  6 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session closed for user root
May  6 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29843]: Failed password for root from 188.235.150.5 port 56364 ssh2
May  6 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29847]: pam_unix(cron:session): session closed for user samftp
May  6 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29843]: Connection closed by 188.235.150.5 port 56364 [preauth]
May  6 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Failed password for root from 188.235.150.5 port 59532 ssh2
May  6 15:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Connection closed by 188.235.150.5 port 59532 [preauth]
May  6 15:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Failed password for root from 188.235.150.5 port 33549 ssh2
May  6 15:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30151]: Connection closed by 188.235.150.5 port 33549 [preauth]
May  6 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Failed password for root from 188.235.150.5 port 36678 ssh2
May  6 15:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Connection closed by 188.235.150.5 port 36678 [preauth]
May  6 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28933]: pam_unix(cron:session): session closed for user root
May  6 15:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Failed password for root from 188.235.150.5 port 41431 ssh2
May  6 15:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30204]: Connection closed by 188.235.150.5 port 41431 [preauth]
May  6 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Failed password for root from 188.235.150.5 port 47262 ssh2
May  6 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30261]: Connection closed by 188.235.150.5 port 47262 [preauth]
May  6 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: Failed password for root from 188.235.150.5 port 50579 ssh2
May  6 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user p13x
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30272]: Connection closed by 188.235.150.5 port 50579 [preauth]
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30361]: Successful su for rubyman by root
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30361]: + ??? root:rubyman
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341038 of user rubyman.
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30361]: pam_unix(su:session): session closed for user rubyman
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341038.
May  6 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session closed for user root
May  6 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session closed for user samftp
May  6 15:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Failed password for root from 188.235.150.5 port 53520 ssh2
May  6 15:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30385]: Connection closed by 188.235.150.5 port 53520 [preauth]
May  6 15:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Failed password for root from 188.235.150.5 port 56425 ssh2
May  6 15:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Connection closed by 188.235.150.5 port 56425 [preauth]
May  6 15:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Failed password for root from 188.235.150.5 port 58962 ssh2
May  6 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Connection closed by 188.235.150.5 port 58962 [preauth]
May  6 15:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Failed password for root from 188.235.150.5 port 33749 ssh2
May  6 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session closed for user root
May  6 15:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: Failed password for root from 188.235.150.5 port 36193 ssh2
May  6 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30615]: Connection closed by 188.235.150.5 port 36193 [preauth]
May  6 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30582]: Connection closed by 188.235.150.5 port 33749 [preauth]
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30706]: pam_unix(cron:session): session closed for user root
May  6 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30708]: pam_unix(cron:session): session closed for user p13x
May  6 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: Successful su for rubyman by root
May  6 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: + ??? root:rubyman
May  6 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341045 of user rubyman.
May  6 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30772]: pam_unix(su:session): session closed for user rubyman
May  6 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341045.
May  6 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session closed for user root
May  6 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30710]: pam_unix(cron:session): session closed for user samftp
May  6 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29851]: pam_unix(cron:session): session closed for user root
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31204]: pam_unix(cron:session): session closed for user p13x
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: Successful su for rubyman by root
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: + ??? root:rubyman
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341047 of user rubyman.
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31267]: pam_unix(su:session): session closed for user rubyman
May  6 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341047.
May  6 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session closed for user root
May  6 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31205]: pam_unix(cron:session): session closed for user samftp
May  6 15:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session closed for user root
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31608]: pam_unix(cron:session): session closed for user p13x
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: Successful su for rubyman by root
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: + ??? root:rubyman
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341052 of user rubyman.
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: pam_unix(su:session): session closed for user rubyman
May  6 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341052.
May  6 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28932]: pam_unix(cron:session): session closed for user root
May  6 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31609]: pam_unix(cron:session): session closed for user samftp
May  6 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user root
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32329]: pam_unix(cron:session): session closed for user root
May  6 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32321]: pam_unix(cron:session): session closed for user p13x
May  6 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: Successful su for rubyman by root
May  6 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: + ??? root:rubyman
May  6 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341058 of user rubyman.
May  6 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: pam_unix(su:session): session closed for user rubyman
May  6 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341058.
May  6 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session closed for user root
May  6 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session closed for user root
May  6 15:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session closed for user samftp
May  6 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Invalid user admin from 80.94.95.29
May  6 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: input_userauth_request: invalid user admin [preauth]
May  6 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user admin from 80.94.95.29 port 53172 ssh2
May  6 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user admin from 80.94.95.29 port 53172 ssh2
May  6 15:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user admin from 80.94.95.29 port 53172 ssh2
May  6 15:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user admin from 80.94.95.29 port 53172 ssh2
May  6 15:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session closed for user root
May  6 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user admin from 80.94.95.29 port 53172 ssh2
May  6 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Received disconnect from 80.94.95.29 port 53172:11: Bye [preauth]
May  6 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Disconnected from 80.94.95.29 port 53172 [preauth]
May  6 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  6 15:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: Failed password for root from 46.244.96.25 port 44936 ssh2
May  6 15:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[442]: Connection closed by 46.244.96.25 port 44936 [preauth]
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session closed for user p13x
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[569]: Successful su for rubyman by root
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[569]: + ??? root:rubyman
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341061 of user rubyman.
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[569]: pam_unix(su:session): session closed for user rubyman
May  6 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341061.
May  6 15:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29850]: pam_unix(cron:session): session closed for user root
May  6 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session closed for user samftp
May  6 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31611]: pam_unix(cron:session): session closed for user root
May  6 15:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Invalid user  from 107.151.201.176
May  6 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: input_userauth_request: invalid user  [preauth]
May  6 15:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[910]: Connection closed by 107.151.201.176 port 42872 [preauth]
May  6 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Invalid user ftp_test from 193.70.84.184
May  6 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: input_userauth_request: invalid user ftp_test [preauth]
May  6 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Failed password for invalid user ftp_test from 193.70.84.184 port 40078 ssh2
May  6 15:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Connection closed by 193.70.84.184 port 40078 [preauth]
May  6 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session closed for user p13x
May  6 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: Successful su for rubyman by root
May  6 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: + ??? root:rubyman
May  6 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341065 of user rubyman.
May  6 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: pam_unix(su:session): session closed for user rubyman
May  6 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341065.
May  6 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session closed for user root
May  6 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session closed for user samftp
May  6 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32328]: pam_unix(cron:session): session closed for user root
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session closed for user p13x
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: Successful su for rubyman by root
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: + ??? root:rubyman
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341070 of user rubyman.
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: pam_unix(su:session): session closed for user rubyman
May  6 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341070.
May  6 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30711]: pam_unix(cron:session): session closed for user root
May  6 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user samftp
May  6 15:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session closed for user root
May  6 15:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 15:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Failed password for root from 80.94.95.29 port 31825 ssh2
May  6 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 31825 ssh2]
May  6 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Received disconnect from 80.94.95.29 port 31825:11: Bye [preauth]
May  6 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Disconnected from 80.94.95.29 port 31825 [preauth]
May  6 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session closed for user p13x
May  6 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: Successful su for rubyman by root
May  6 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: + ??? root:rubyman
May  6 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341073 of user rubyman.
May  6 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2056]: pam_unix(su:session): session closed for user rubyman
May  6 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341073.
May  6 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31206]: pam_unix(cron:session): session closed for user root
May  6 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session closed for user samftp
May  6 15:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[965]: pam_unix(cron:session): session closed for user root
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session closed for user root
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2400]: pam_unix(cron:session): session closed for user p13x
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2478]: Successful su for rubyman by root
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2478]: + ??? root:rubyman
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341077 of user rubyman.
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2478]: pam_unix(su:session): session closed for user rubyman
May  6 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341077.
May  6 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session closed for user root
May  6 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31610]: pam_unix(cron:session): session closed for user root
May  6 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session closed for user samftp
May  6 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1439]: pam_unix(cron:session): session closed for user root
May  6 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2865]: pam_unix(cron:session): session closed for user p13x
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: Successful su for rubyman by root
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: + ??? root:rubyman
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341084 of user rubyman.
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2941]: pam_unix(su:session): session closed for user rubyman
May  6 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341084.
May  6 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32325]: pam_unix(cron:session): session closed for user root
May  6 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session closed for user samftp
May  6 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session closed for user root
May  6 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3274]: pam_unix(cron:session): session closed for user p13x
May  6 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: Successful su for rubyman by root
May  6 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: + ??? root:rubyman
May  6 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341088 of user rubyman.
May  6 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3339]: pam_unix(su:session): session closed for user rubyman
May  6 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341088.
May  6 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[491]: pam_unix(cron:session): session closed for user root
May  6 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session closed for user samftp
May  6 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 15:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Failed password for root from 218.92.0.179 port 40139 ssh2
May  6 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40139 ssh2]
May  6 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Received disconnect from 218.92.0.179 port 40139:11:  [preauth]
May  6 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: Disconnected from 218.92.0.179 port 40139 [preauth]
May  6 15:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3555]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session closed for user root
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3727]: pam_unix(cron:session): session closed for user p13x
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3790]: Successful su for rubyman by root
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3790]: + ??? root:rubyman
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341092 of user rubyman.
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3790]: pam_unix(su:session): session closed for user rubyman
May  6 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341092.
May  6 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session closed for user root
May  6 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3728]: pam_unix(cron:session): session closed for user samftp
May  6 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user root
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4158]: pam_unix(cron:session): session closed for user p13x
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4222]: Successful su for rubyman by root
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4222]: + ??? root:rubyman
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341096 of user rubyman.
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4222]: pam_unix(su:session): session closed for user rubyman
May  6 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341096.
May  6 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1427]: pam_unix(cron:session): session closed for user root
May  6 15:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4159]: pam_unix(cron:session): session closed for user samftp
May  6 15:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Failed password for root from 80.94.95.125 port 60148 ssh2
May  6 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 60148 ssh2]
May  6 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Received disconnect from 80.94.95.125 port 60148:11: Bye [preauth]
May  6 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Disconnected from 80.94.95.125 port 60148 [preauth]
May  6 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session closed for user root
May  6 15:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Invalid user admin from 80.94.95.112
May  6 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: input_userauth_request: invalid user admin [preauth]
May  6 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 15:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for invalid user admin from 80.94.95.112 port 23546 ssh2
May  6 15:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for invalid user admin from 80.94.95.112 port 23546 ssh2
May  6 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for invalid user admin from 80.94.95.112 port 23546 ssh2
May  6 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for invalid user admin from 80.94.95.112 port 23546 ssh2
May  6 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for invalid user admin from 80.94.95.112 port 23546 ssh2
May  6 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Received disconnect from 80.94.95.112 port 23546:11: Bye [preauth]
May  6 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Disconnected from 80.94.95.112 port 23546 [preauth]
May  6 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 15:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session closed for user root
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session closed for user p13x
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: Successful su for rubyman by root
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: + ??? root:rubyman
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341099 of user rubyman.
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: pam_unix(su:session): session closed for user rubyman
May  6 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341099.
May  6 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4729]: pam_unix(cron:session): session closed for user root
May  6 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session closed for user root
May  6 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session closed for user samftp
May  6 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session closed for user root
May  6 15:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: User nobody from 194.0.234.19 not allowed because not listed in AllowUsers
May  6 15:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: input_userauth_request: invalid user nobody [preauth]
May  6 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Failed none for invalid user nobody from 194.0.234.19 port 21158 ssh2
May  6 15:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5341]: Connection closed by 194.0.234.19 port 21158 [preauth]
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5368]: pam_unix(cron:session): session closed for user p13x
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5443]: Successful su for rubyman by root
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5443]: + ??? root:rubyman
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341106 of user rubyman.
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5443]: pam_unix(su:session): session closed for user rubyman
May  6 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341106.
May  6 15:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session closed for user root
May  6 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5369]: pam_unix(cron:session): session closed for user samftp
May  6 15:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session closed for user root
May  6 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session closed for user p13x
May  6 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: Successful su for rubyman by root
May  6 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: + ??? root:rubyman
May  6 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341109 of user rubyman.
May  6 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5998]: pam_unix(su:session): session closed for user rubyman
May  6 15:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341109.
May  6 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session closed for user root
May  6 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5932]: pam_unix(cron:session): session closed for user samftp
May  6 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session closed for user root
May  6 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6353]: pam_unix(cron:session): session closed for user p13x
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6414]: Successful su for rubyman by root
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6414]: + ??? root:rubyman
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341113 of user rubyman.
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6414]: pam_unix(su:session): session closed for user rubyman
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341113.
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Failed password for root from 157.230.88.184 port 45612 ssh2
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Received disconnect from 157.230.88.184 port 45612:11: Bye Bye [preauth]
May  6 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6342]: Disconnected from 157.230.88.184 port 45612 [preauth]
May  6 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session closed for user root
May  6 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6354]: pam_unix(cron:session): session closed for user samftp
May  6 15:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Failed password for root from 188.235.150.5 port 40892 ssh2
May  6 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session closed for user root
May  6 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6665]: Connection closed by 188.235.150.5 port 40892 [preauth]
May  6 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 15:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 218.92.0.201 port 45104 ssh2
May  6 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 218.92.0.201 port 45104 ssh2
May  6 15:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Failed password for root from 188.235.150.5 port 43033 ssh2
May  6 15:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 218.92.0.201 port 45104 ssh2
May  6 15:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Connection closed by 188.235.150.5 port 43033 [preauth]
May  6 15:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 218.92.0.201 port 45104 ssh2
May  6 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Failed password for root from 218.92.0.201 port 45104 ssh2
May  6 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 45104 ssh2 [preauth]
May  6 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: Disconnecting: Too many authentication failures [preauth]
May  6 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 15:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6700]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 15:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 218.92.0.201 port 5392 ssh2
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 218.92.0.201 port 5392 ssh2
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session closed for user p13x
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: Successful su for rubyman by root
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: + ??? root:rubyman
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341117 of user rubyman.
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session closed for user rubyman
May  6 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341117.
May  6 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 218.92.0.201 port 5392 ssh2
May  6 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3729]: pam_unix(cron:session): session closed for user root
May  6 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session closed for user samftp
May  6 15:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 218.92.0.201 port 5392 ssh2
May  6 15:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 218.92.0.201 port 5392 ssh2
May  6 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Failed password for root from 218.92.0.201 port 5392 ssh2
May  6 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 5392 ssh2 [preauth]
May  6 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: Disconnecting: Too many authentication failures [preauth]
May  6 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 15:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6752]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 15:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 15:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: Failed password for root from 218.92.0.201 port 26244 ssh2
May  6 15:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: Received disconnect from 218.92.0.201 port 26244:11:  [preauth]
May  6 15:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: Disconnected from 218.92.0.201 port 26244 [preauth]
May  6 15:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Invalid user r from 195.178.110.50
May  6 15:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: input_userauth_request: invalid user r [preauth]
May  6 15:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 15:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Failed password for invalid user r from 195.178.110.50 port 43628 ssh2
May  6 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7137]: Connection closed by 195.178.110.50 port 43628 [preauth]
May  6 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6  user=root
May  6 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5934]: pam_unix(cron:session): session closed for user root
May  6 15:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: Failed password for root from 111.238.174.6 port 43320 ssh2
May  6 15:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: Received disconnect from 111.238.174.6 port 43320:11: Bye Bye [preauth]
May  6 15:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7201]: Disconnected from 111.238.174.6 port 43320 [preauth]
May  6 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Invalid user ! from 195.178.110.50
May  6 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: input_userauth_request: invalid user ! [preauth]
May  6 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Failed password for invalid user ! from 195.178.110.50 port 45406 ssh2
May  6 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7200]: Connection closed by 195.178.110.50 port 45406 [preauth]
May  6 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Invalid user . from 195.178.110.50
May  6 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: input_userauth_request: invalid user . [preauth]
May  6 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Invalid user superadmin from 164.68.105.9
May  6 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: input_userauth_request: invalid user superadmin [preauth]
May  6 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Failed password for invalid user . from 195.178.110.50 port 53346 ssh2
May  6 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Failed password for invalid user superadmin from 164.68.105.9 port 55310 ssh2
May  6 15:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Connection closed by 164.68.105.9 port 55310 [preauth]
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7259]: Connection closed by 195.178.110.50 port 53346 [preauth]
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session closed for user root
May  6 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7290]: pam_unix(cron:session): session closed for user p13x
May  6 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: Successful su for rubyman by root
May  6 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: + ??? root:rubyman
May  6 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341124 of user rubyman.
May  6 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7362]: pam_unix(su:session): session closed for user rubyman
May  6 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341124.
May  6 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session closed for user root
May  6 15:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7292]: pam_unix(cron:session): session closed for user root
May  6 15:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7291]: pam_unix(cron:session): session closed for user samftp
May  6 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Invalid user ; from 195.178.110.50
May  6 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: input_userauth_request: invalid user ; [preauth]
May  6 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Failed password for invalid user ; from 195.178.110.50 port 61916 ssh2
May  6 15:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Connection closed by 195.178.110.50 port 61916 [preauth]
May  6 15:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Invalid user H from 195.178.110.50
May  6 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: input_userauth_request: invalid user H [preauth]
May  6 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  6 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Failed password for invalid user H from 195.178.110.50 port 43128 ssh2
May  6 15:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7705]: Connection closed by 195.178.110.50 port 43128 [preauth]
May  6 15:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session closed for user root
May  6 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Invalid user admin from 80.94.95.241
May  6 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: input_userauth_request: invalid user admin [preauth]
May  6 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user admin from 80.94.95.241 port 43686 ssh2
May  6 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user admin from 80.94.95.241 port 43686 ssh2
May  6 15:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7729]: Connection reset by 107.151.201.176 port 36780 [preauth]
May  6 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user admin from 80.94.95.241 port 43686 ssh2
May  6 15:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user admin from 80.94.95.241 port 43686 ssh2
May  6 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Failed password for invalid user admin from 80.94.95.241 port 43686 ssh2
May  6 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Received disconnect from 80.94.95.241 port 43686:11: Bye [preauth]
May  6 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: Disconnected from 80.94.95.241 port 43686 [preauth]
May  6 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7762]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7848]: pam_unix(cron:session): session closed for user p13x
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: Successful su for rubyman by root
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: + ??? root:rubyman
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341129 of user rubyman.
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7922]: pam_unix(su:session): session closed for user rubyman
May  6 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341129.
May  6 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session closed for user root
May  6 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7849]: pam_unix(cron:session): session closed for user samftp
May  6 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session closed for user root
May  6 15:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 15:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Failed password for root from 112.196.28.139 port 39408 ssh2
May  6 15:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Received disconnect from 112.196.28.139 port 39408:11: Bye Bye [preauth]
May  6 15:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8273]: Disconnected from 112.196.28.139 port 39408 [preauth]
May  6 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8285]: pam_unix(cron:session): session closed for user p13x
May  6 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: Successful su for rubyman by root
May  6 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: + ??? root:rubyman
May  6 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341132 of user rubyman.
May  6 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8349]: pam_unix(su:session): session closed for user rubyman
May  6 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341132.
May  6 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5370]: pam_unix(cron:session): session closed for user root
May  6 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8286]: pam_unix(cron:session): session closed for user samftp
May  6 15:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7295]: pam_unix(cron:session): session closed for user root
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8709]: pam_unix(cron:session): session closed for user p13x
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8774]: Successful su for rubyman by root
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8774]: + ??? root:rubyman
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341135 of user rubyman.
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8774]: pam_unix(su:session): session closed for user rubyman
May  6 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341135.
May  6 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5933]: pam_unix(cron:session): session closed for user root
May  6 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8711]: pam_unix(cron:session): session closed for user samftp
May  6 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Invalid user github from 111.238.174.6
May  6 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: input_userauth_request: invalid user github [preauth]
May  6 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Failed password for invalid user github from 111.238.174.6 port 39752 ssh2
May  6 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Received disconnect from 111.238.174.6 port 39752:11: Bye Bye [preauth]
May  6 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8950]: Disconnected from 111.238.174.6 port 39752 [preauth]
May  6 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user root
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session closed for user p13x
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: Successful su for rubyman by root
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: + ??? root:rubyman
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341141 of user rubyman.
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: pam_unix(su:session): session closed for user rubyman
May  6 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341141.
May  6 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session closed for user root
May  6 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session closed for user root
May  6 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session closed for user samftp
May  6 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8288]: pam_unix(cron:session): session closed for user root
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9737]: pam_unix(cron:session): session closed for user root
May  6 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9732]: pam_unix(cron:session): session closed for user p13x
May  6 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: Successful su for rubyman by root
May  6 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: + ??? root:rubyman
May  6 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341144 of user rubyman.
May  6 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9805]: pam_unix(su:session): session closed for user rubyman
May  6 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341144.
May  6 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9734]: pam_unix(cron:session): session closed for user root
May  6 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session closed for user root
May  6 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9733]: pam_unix(cron:session): session closed for user samftp
May  6 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Invalid user gitea from 111.238.174.6
May  6 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: input_userauth_request: invalid user gitea [preauth]
May  6 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Failed password for invalid user gitea from 111.238.174.6 port 47882 ssh2
May  6 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Received disconnect from 111.238.174.6 port 47882:11: Bye Bye [preauth]
May  6 15:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10045]: Disconnected from 111.238.174.6 port 47882 [preauth]
May  6 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8715]: pam_unix(cron:session): session closed for user root
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session closed for user p13x
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: Successful su for rubyman by root
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: + ??? root:rubyman
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341151 of user rubyman.
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10316]: pam_unix(su:session): session closed for user rubyman
May  6 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341151.
May  6 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7293]: pam_unix(cron:session): session closed for user root
May  6 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session closed for user samftp
May  6 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session closed for user root
May  6 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10729]: pam_unix(cron:session): session closed for user p13x
May  6 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10798]: Successful su for rubyman by root
May  6 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10798]: + ??? root:rubyman
May  6 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341154 of user rubyman.
May  6 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10798]: pam_unix(su:session): session closed for user rubyman
May  6 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341154.
May  6 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7850]: pam_unix(cron:session): session closed for user root
May  6 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10730]: pam_unix(cron:session): session closed for user samftp
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Invalid user faisal from 111.238.174.6
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: input_userauth_request: invalid user faisal [preauth]
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Invalid user ftpuser from 14.103.123.50
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: input_userauth_request: invalid user ftpuser [preauth]
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Failed password for invalid user faisal from 111.238.174.6 port 55992 ssh2
May  6 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Received disconnect from 111.238.174.6 port 55992:11: Bye Bye [preauth]
May  6 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11038]: Disconnected from 111.238.174.6 port 55992 [preauth]
May  6 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Failed password for invalid user ftpuser from 14.103.123.50 port 59074 ssh2
May  6 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Received disconnect from 14.103.123.50 port 59074:11: Bye Bye [preauth]
May  6 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11040]: Disconnected from 14.103.123.50 port 59074 [preauth]
May  6 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9736]: pam_unix(cron:session): session closed for user root
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11130]: pam_unix(cron:session): session closed for user p13x
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: Successful su for rubyman by root
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: + ??? root:rubyman
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341158 of user rubyman.
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11193]: pam_unix(su:session): session closed for user rubyman
May  6 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341158.
May  6 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8287]: pam_unix(cron:session): session closed for user root
May  6 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11131]: pam_unix(cron:session): session closed for user samftp
May  6 15:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Invalid user work from 157.230.88.184
May  6 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: input_userauth_request: invalid user work [preauth]
May  6 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184
May  6 15:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Failed password for invalid user work from 157.230.88.184 port 48836 ssh2
May  6 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Received disconnect from 157.230.88.184 port 48836:11: Bye Bye [preauth]
May  6 15:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11377]: Disconnected from 157.230.88.184 port 48836 [preauth]
May  6 15:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session closed for user root
May  6 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session closed for user p13x
May  6 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: Successful su for rubyman by root
May  6 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: + ??? root:rubyman
May  6 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341164 of user rubyman.
May  6 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11598]: pam_unix(su:session): session closed for user rubyman
May  6 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341164.
May  6 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8714]: pam_unix(cron:session): session closed for user root
May  6 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11534]: pam_unix(cron:session): session closed for user samftp
May  6 15:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: User postfix from 111.238.174.6 not allowed because not listed in AllowUsers
May  6 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: input_userauth_request: invalid user postfix [preauth]
May  6 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6  user=postfix
May  6 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: Failed password for invalid user postfix from 111.238.174.6 port 35866 ssh2
May  6 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: Received disconnect from 111.238.174.6 port 35866:11: Bye Bye [preauth]
May  6 15:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11830]: Disconnected from 111.238.174.6 port 35866 [preauth]
May  6 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10732]: pam_unix(cron:session): session closed for user root
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session closed for user root
May  6 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session closed for user p13x
May  6 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11991]: Successful su for rubyman by root
May  6 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11991]: + ??? root:rubyman
May  6 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341167 of user rubyman.
May  6 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11991]: pam_unix(su:session): session closed for user rubyman
May  6 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341167.
May  6 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session closed for user root
May  6 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session closed for user root
May  6 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session closed for user samftp
May  6 15:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  6 15:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: Failed password for root from 50.235.31.47 port 44934 ssh2
May  6 15:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12221]: Connection closed by 50.235.31.47 port 44934 [preauth]
May  6 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session closed for user root
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12358]: pam_unix(cron:session): session closed for user p13x
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: Successful su for rubyman by root
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: + ??? root:rubyman
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341173 of user rubyman.
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12425]: pam_unix(su:session): session closed for user rubyman
May  6 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341173.
May  6 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9735]: pam_unix(cron:session): session closed for user root
May  6 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12359]: pam_unix(cron:session): session closed for user samftp
May  6 15:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 15:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Failed password for root from 218.92.0.179 port 57629 ssh2
May  6 15:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 15:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Failed password for root from 218.92.0.179 port 57629 ssh2
May  6 15:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: Failed password for root from 112.196.28.139 port 60016 ssh2
May  6 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: Received disconnect from 112.196.28.139 port 60016:11: Bye Bye [preauth]
May  6 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12661]: Disconnected from 112.196.28.139 port 60016 [preauth]
May  6 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Invalid user oracle from 111.238.174.6
May  6 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: input_userauth_request: invalid user oracle [preauth]
May  6 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Failed password for root from 218.92.0.179 port 57629 ssh2
May  6 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Received disconnect from 218.92.0.179 port 57629:11:  [preauth]
May  6 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: Disconnected from 218.92.0.179 port 57629 [preauth]
May  6 15:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12659]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11536]: pam_unix(cron:session): session closed for user root
May  6 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Failed password for invalid user oracle from 111.238.174.6 port 43978 ssh2
May  6 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Received disconnect from 111.238.174.6 port 43978:11: Bye Bye [preauth]
May  6 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Disconnected from 111.238.174.6 port 43978 [preauth]
May  6 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12759]: pam_unix(cron:session): session closed for user p13x
May  6 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12821]: Successful su for rubyman by root
May  6 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12821]: + ??? root:rubyman
May  6 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341177 of user rubyman.
May  6 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12821]: pam_unix(su:session): session closed for user rubyman
May  6 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341177.
May  6 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session closed for user root
May  6 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12760]: pam_unix(cron:session): session closed for user samftp
May  6 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11929]: pam_unix(cron:session): session closed for user root
May  6 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: Failed password for root from 157.230.88.184 port 37496 ssh2
May  6 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: Received disconnect from 157.230.88.184 port 37496:11: Bye Bye [preauth]
May  6 15:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13102]: Disconnected from 157.230.88.184 port 37496 [preauth]
May  6 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13151]: pam_unix(cron:session): session closed for user p13x
May  6 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: Successful su for rubyman by root
May  6 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: + ??? root:rubyman
May  6 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341180 of user rubyman.
May  6 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13212]: pam_unix(su:session): session closed for user rubyman
May  6 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341180.
May  6 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10731]: pam_unix(cron:session): session closed for user root
May  6 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13152]: pam_unix(cron:session): session closed for user samftp
May  6 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12361]: pam_unix(cron:session): session closed for user root
May  6 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Invalid user lenovo from 111.238.174.6
May  6 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: input_userauth_request: invalid user lenovo [preauth]
May  6 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Failed password for invalid user lenovo from 111.238.174.6 port 52086 ssh2
May  6 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Received disconnect from 111.238.174.6 port 52086:11: Bye Bye [preauth]
May  6 15:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: Disconnected from 111.238.174.6 port 52086 [preauth]
May  6 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 218.92.0.210 port 30510 ssh2
May  6 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 218.92.0.210 port 30510 ssh2
May  6 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session closed for user p13x
May  6 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13720]: Successful su for rubyman by root
May  6 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13720]: + ??? root:rubyman
May  6 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341187 of user rubyman.
May  6 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13720]: pam_unix(su:session): session closed for user rubyman
May  6 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341187.
May  6 15:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 218.92.0.210 port 30510 ssh2
May  6 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11132]: pam_unix(cron:session): session closed for user root
May  6 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 218.92.0.210 port 30510 ssh2
May  6 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user samftp
May  6 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Failed password for root from 218.92.0.210 port 30510 ssh2
May  6 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 30510 ssh2 [preauth]
May  6 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: Disconnecting: Too many authentication failures [preauth]
May  6 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13639]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 15:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Failed password for root from 218.92.0.210 port 41480 ssh2
May  6 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: message repeated 5 times: [ Failed password for root from 218.92.0.210 port 41480 ssh2]
May  6 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 41480 ssh2 [preauth]
May  6 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Disconnecting: Too many authentication failures [preauth]
May  6 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12762]: pam_unix(cron:session): session closed for user root
May  6 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 15:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14027]: Failed password for root from 218.92.0.210 port 21624 ssh2
May  6 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14069]: pam_unix(cron:session): session closed for user root
May  6 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session closed for user p13x
May  6 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14135]: Successful su for rubyman by root
May  6 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14135]: + ??? root:rubyman
May  6 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341189 of user rubyman.
May  6 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14135]: pam_unix(su:session): session closed for user rubyman
May  6 15:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341189.
May  6 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Failed password for root from 194.0.234.19 port 41578 ssh2
May  6 15:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14061]: Connection closed by 194.0.234.19 port 41578 [preauth]
May  6 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session closed for user root
May  6 15:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11535]: pam_unix(cron:session): session closed for user root
May  6 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session closed for user samftp
May  6 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13154]: pam_unix(cron:session): session closed for user root
May  6 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Invalid user hamed from 111.238.174.6
May  6 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: input_userauth_request: invalid user hamed [preauth]
May  6 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Failed password for invalid user hamed from 111.238.174.6 port 60204 ssh2
May  6 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Received disconnect from 111.238.174.6 port 60204:11: Bye Bye [preauth]
May  6 15:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14441]: Disconnected from 111.238.174.6 port 60204 [preauth]
May  6 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session closed for user p13x
May  6 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14574]: Successful su for rubyman by root
May  6 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14574]: + ??? root:rubyman
May  6 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341195 of user rubyman.
May  6 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14574]: pam_unix(su:session): session closed for user rubyman
May  6 15:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341195.
May  6 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session closed for user root
May  6 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session closed for user samftp
May  6 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session closed for user root
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14922]: pam_unix(cron:session): session closed for user p13x
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: Successful su for rubyman by root
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: + ??? root:rubyman
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341198 of user rubyman.
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14986]: pam_unix(su:session): session closed for user rubyman
May  6 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341198.
May  6 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12360]: pam_unix(cron:session): session closed for user root
May  6 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session closed for user samftp
May  6 15:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Failed password for root from 157.230.88.184 port 59806 ssh2
May  6 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Received disconnect from 157.230.88.184 port 59806:11: Bye Bye [preauth]
May  6 15:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15165]: Disconnected from 157.230.88.184 port 59806 [preauth]
May  6 15:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Invalid user srs from 112.196.28.139
May  6 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: input_userauth_request: invalid user srs [preauth]
May  6 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for invalid user srs from 112.196.28.139 port 59500 ssh2
May  6 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Received disconnect from 112.196.28.139 port 59500:11: Bye Bye [preauth]
May  6 15:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Disconnected from 112.196.28.139 port 59500 [preauth]
May  6 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14068]: pam_unix(cron:session): session closed for user root
May  6 15:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: Invalid user ee from 111.238.174.6
May  6 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: input_userauth_request: invalid user ee [preauth]
May  6 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: Failed password for invalid user ee from 111.238.174.6 port 40078 ssh2
May  6 15:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: Received disconnect from 111.238.174.6 port 40078:11: Bye Bye [preauth]
May  6 15:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15264]: Disconnected from 111.238.174.6 port 40078 [preauth]
May  6 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15316]: pam_unix(cron:session): session closed for user p13x
May  6 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: Successful su for rubyman by root
May  6 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: + ??? root:rubyman
May  6 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341204 of user rubyman.
May  6 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: pam_unix(su:session): session closed for user rubyman
May  6 15:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341204.
May  6 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12761]: pam_unix(cron:session): session closed for user root
May  6 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15317]: pam_unix(cron:session): session closed for user samftp
May  6 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14499]: pam_unix(cron:session): session closed for user root
May  6 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Failed password for root from 103.145.63.220 port 47652 ssh2
May  6 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Received disconnect from 103.145.63.220 port 47652:11: Bye Bye [preauth]
May  6 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15633]: Disconnected from 103.145.63.220 port 47652 [preauth]
May  6 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user p13x
May  6 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15768]: Successful su for rubyman by root
May  6 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15768]: + ??? root:rubyman
May  6 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341206 of user rubyman.
May  6 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15768]: pam_unix(su:session): session closed for user rubyman
May  6 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341206.
May  6 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13153]: pam_unix(cron:session): session closed for user root
May  6 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session closed for user samftp
May  6 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session closed for user root
May  6 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6  user=root
May  6 15:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Failed password for root from 111.238.174.6 port 48186 ssh2
May  6 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Received disconnect from 111.238.174.6 port 48186:11: Bye Bye [preauth]
May  6 15:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Disconnected from 111.238.174.6 port 48186 [preauth]
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user root
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user p13x
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16170]: Successful su for rubyman by root
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16170]: + ??? root:rubyman
May  6 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341210 of user rubyman.
May  6 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16170]: pam_unix(su:session): session closed for user rubyman
May  6 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341210.
May  6 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16098]: pam_unix(cron:session): session closed for user root
May  6 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session closed for user root
May  6 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session closed for user samftp
May  6 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15319]: pam_unix(cron:session): session closed for user root
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16558]: pam_unix(cron:session): session closed for user p13x
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16643]: Successful su for rubyman by root
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16643]: + ??? root:rubyman
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341218 of user rubyman.
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16643]: pam_unix(su:session): session closed for user rubyman
May  6 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341218.
May  6 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14067]: pam_unix(cron:session): session closed for user root
May  6 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16559]: pam_unix(cron:session): session closed for user samftp
May  6 15:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Failed password for root from 188.235.150.5 port 51510 ssh2
May  6 15:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16849]: Connection closed by 188.235.150.5 port 51510 [preauth]
May  6 15:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Failed password for root from 188.235.150.5 port 53485 ssh2
May  6 15:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16861]: Connection closed by 188.235.150.5 port 53485 [preauth]
May  6 15:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Failed password for root from 188.235.150.5 port 55490 ssh2
May  6 15:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16896]: Connection closed by 188.235.150.5 port 55490 [preauth]
May  6 15:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15710]: pam_unix(cron:session): session closed for user root
May  6 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Failed password for root from 157.230.88.184 port 45314 ssh2
May  6 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Received disconnect from 157.230.88.184 port 45314:11: Bye Bye [preauth]
May  6 15:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Disconnected from 157.230.88.184 port 45314 [preauth]
May  6 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Invalid user build from 102.210.80.6
May  6 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: input_userauth_request: invalid user build [preauth]
May  6 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: Failed password for root from 188.235.150.5 port 58047 ssh2
May  6 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Failed password for invalid user build from 102.210.80.6 port 59111 ssh2
May  6 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Received disconnect from 102.210.80.6 port 59111:11: Bye Bye [preauth]
May  6 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Disconnected from 102.210.80.6 port 59111 [preauth]
May  6 15:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16927]: Connection closed by 188.235.150.5 port 58047 [preauth]
May  6 15:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: Failed password for root from 188.235.150.5 port 60893 ssh2
May  6 15:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: Connection closed by 188.235.150.5 port 60893 [preauth]
May  6 15:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6  user=root
May  6 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: Failed password for root from 111.238.174.6 port 56284 ssh2
May  6 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: Received disconnect from 111.238.174.6 port 56284:11: Bye Bye [preauth]
May  6 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17005]: Disconnected from 111.238.174.6 port 56284 [preauth]
May  6 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Failed password for root from 188.235.150.5 port 34887 ssh2
May  6 15:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16995]: Connection closed by 188.235.150.5 port 34887 [preauth]
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17027]: pam_unix(cron:session): session closed for user p13x
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: Successful su for rubyman by root
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: + ??? root:rubyman
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341221 of user rubyman.
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17088]: pam_unix(su:session): session closed for user rubyman
May  6 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341221.
May  6 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Failed password for root from 188.235.150.5 port 39177 ssh2
May  6 15:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17015]: Connection closed by 188.235.150.5 port 39177 [preauth]
May  6 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14497]: pam_unix(cron:session): session closed for user root
May  6 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17028]: pam_unix(cron:session): session closed for user samftp
May  6 15:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: Failed password for root from 188.235.150.5 port 41791 ssh2
May  6 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: Connection closed by 188.235.150.5 port 41791 [preauth]
May  6 15:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Failed password for root from 188.235.150.5 port 44610 ssh2
May  6 15:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17288]: Connection closed by 188.235.150.5 port 44610 [preauth]
May  6 15:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.235.150.5  user=root
May  6 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17319]: Failed password for root from 188.235.150.5 port 48496 ssh2
May  6 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17319]: Connection closed by 188.235.150.5 port 48496 [preauth]
May  6 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user root
May  6 15:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Invalid user felipe from 112.196.28.139
May  6 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: input_userauth_request: invalid user felipe [preauth]
May  6 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Failed password for invalid user felipe from 112.196.28.139 port 38634 ssh2
May  6 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Received disconnect from 112.196.28.139 port 38634:11: Bye Bye [preauth]
May  6 15:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Disconnected from 112.196.28.139 port 38634 [preauth]
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17432]: pam_unix(cron:session): session closed for user p13x
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17499]: Successful su for rubyman by root
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17499]: + ??? root:rubyman
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341225 of user rubyman.
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17499]: pam_unix(su:session): session closed for user rubyman
May  6 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341225.
May  6 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session closed for user root
May  6 15:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17433]: pam_unix(cron:session): session closed for user samftp
May  6 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user root
May  6 15:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Invalid user erp from 111.238.174.6
May  6 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: input_userauth_request: invalid user erp [preauth]
May  6 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): check pass; user unknown
May  6 15:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Failed password for invalid user erp from 111.238.174.6 port 36150 ssh2
May  6 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Received disconnect from 111.238.174.6 port 36150:11: Bye Bye [preauth]
May  6 15:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17944]: Disconnected from 111.238.174.6 port 36150 [preauth]
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17964]: pam_unix(cron:session): session closed for user p13x
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18036]: Successful su for rubyman by root
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18036]: + ??? root:rubyman
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341229 of user rubyman.
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18036]: pam_unix(su:session): session closed for user rubyman
May  6 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341229.
May  6 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15318]: pam_unix(cron:session): session closed for user root
May  6 15:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17965]: pam_unix(cron:session): session closed for user samftp
May  6 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17031]: pam_unix(cron:session): session closed for user root
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18383]: pam_unix(cron:session): session closed for user root
May  6 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18388]: pam_unix(cron:session): session closed for user root
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18380]: pam_unix(cron:session): session closed for user p13x
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: Successful su for rubyman by root
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: + ??? root:rubyman
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341232 of user rubyman.
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18482]: pam_unix(su:session): session closed for user rubyman
May  6 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341232.
May  6 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15709]: pam_unix(cron:session): session closed for user root
May  6 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18384]: pam_unix(cron:session): session closed for user root
May  6 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18381]: pam_unix(cron:session): session closed for user samftp
May  6 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: Failed password for root from 218.92.0.179 port 48582 ssh2
May  6 16:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 48582 ssh2]
May  6 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: Received disconnect from 218.92.0.179 port 48582:11:  [preauth]
May  6 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: Disconnected from 218.92.0.179 port 48582 [preauth]
May  6 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18731]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17435]: pam_unix(cron:session): session closed for user root
May  6 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6  user=root
May  6 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Failed password for root from 111.238.174.6 port 44280 ssh2
May  6 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Received disconnect from 111.238.174.6 port 44280:11: Bye Bye [preauth]
May  6 16:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Disconnected from 111.238.174.6 port 44280 [preauth]
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18893]: pam_unix(cron:session): session closed for user p13x
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: Successful su for rubyman by root
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: + ??? root:rubyman
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341239 of user rubyman.
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18961]: pam_unix(su:session): session closed for user rubyman
May  6 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341239.
May  6 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user root
May  6 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18894]: pam_unix(cron:session): session closed for user samftp
May  6 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Invalid user srs from 157.230.88.184
May  6 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: input_userauth_request: invalid user srs [preauth]
May  6 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184
May  6 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Failed password for invalid user srs from 157.230.88.184 port 55338 ssh2
May  6 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Received disconnect from 157.230.88.184 port 55338:11: Bye Bye [preauth]
May  6 16:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19150]: Disconnected from 157.230.88.184 port 55338 [preauth]
May  6 16:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Failed password for root from 14.103.123.50 port 45212 ssh2
May  6 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Received disconnect from 14.103.123.50 port 45212:11: Bye Bye [preauth]
May  6 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19212]: Disconnected from 14.103.123.50 port 45212 [preauth]
May  6 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17968]: pam_unix(cron:session): session closed for user root
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session closed for user p13x
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: Successful su for rubyman by root
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: + ??? root:rubyman
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341244 of user rubyman.
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19371]: pam_unix(su:session): session closed for user rubyman
May  6 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341244.
May  6 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session closed for user root
May  6 16:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user samftp
May  6 16:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session closed for user root
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19730]: pam_unix(cron:session): session closed for user p13x
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: Successful su for rubyman by root
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: + ??? root:rubyman
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341249 of user rubyman.
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19791]: pam_unix(su:session): session closed for user rubyman
May  6 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341249.
May  6 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17029]: pam_unix(cron:session): session closed for user root
May  6 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19731]: pam_unix(cron:session): session closed for user samftp
May  6 16:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Invalid user admin from 80.94.95.112
May  6 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: input_userauth_request: invalid user admin [preauth]
May  6 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 16:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Failed password for invalid user admin from 80.94.95.112 port 10320 ssh2
May  6 16:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Failed password for invalid user admin from 80.94.95.112 port 10320 ssh2
May  6 16:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Failed password for invalid user admin from 80.94.95.112 port 10320 ssh2
May  6 16:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Failed password for invalid user admin from 80.94.95.112 port 10320 ssh2
May  6 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18897]: pam_unix(cron:session): session closed for user root
May  6 16:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Failed password for invalid user admin from 80.94.95.112 port 10320 ssh2
May  6 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Received disconnect from 80.94.95.112 port 10320:11: Bye [preauth]
May  6 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: Disconnected from 80.94.95.112 port 10320 [preauth]
May  6 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20019]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Failed password for root from 112.196.28.139 port 46268 ssh2
May  6 16:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Received disconnect from 112.196.28.139 port 46268:11: Bye Bye [preauth]
May  6 16:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20078]: Disconnected from 112.196.28.139 port 46268 [preauth]
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20137]: pam_unix(cron:session): session closed for user p13x
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20198]: Successful su for rubyman by root
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20198]: + ??? root:rubyman
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341252 of user rubyman.
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20198]: pam_unix(su:session): session closed for user rubyman
May  6 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341252.
May  6 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17434]: pam_unix(cron:session): session closed for user root
May  6 16:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20139]: pam_unix(cron:session): session closed for user samftp
May  6 16:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Failed password for root from 14.103.123.50 port 42038 ssh2
May  6 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Received disconnect from 14.103.123.50 port 42038:11: Bye Bye [preauth]
May  6 16:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20408]: Disconnected from 14.103.123.50 port 42038 [preauth]
May  6 16:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 16:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for root from 103.145.63.220 port 48386 ssh2
May  6 16:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Received disconnect from 103.145.63.220 port 48386:11: Bye Bye [preauth]
May  6 16:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Disconnected from 103.145.63.220 port 48386 [preauth]
May  6 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19314]: pam_unix(cron:session): session closed for user root
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user root
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20537]: pam_unix(cron:session): session closed for user p13x
May  6 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: Successful su for rubyman by root
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: + ??? root:rubyman
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341258 of user rubyman.
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: pam_unix(su:session): session closed for user rubyman
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341258.
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Invalid user max from 111.238.174.6
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: input_userauth_request: invalid user max [preauth]
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20539]: pam_unix(cron:session): session closed for user root
May  6 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17967]: pam_unix(cron:session): session closed for user root
May  6 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Failed password for invalid user max from 111.238.174.6 port 60482 ssh2
May  6 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Received disconnect from 111.238.174.6 port 60482:11: Bye Bye [preauth]
May  6 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20595]: Disconnected from 111.238.174.6 port 60482 [preauth]
May  6 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20538]: pam_unix(cron:session): session closed for user samftp
May  6 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session closed for user root
May  6 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Failed password for root from 157.230.88.184 port 37008 ssh2
May  6 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Received disconnect from 157.230.88.184 port 37008:11: Bye Bye [preauth]
May  6 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20916]: Disconnected from 157.230.88.184 port 37008 [preauth]
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20981]: pam_unix(cron:session): session closed for user p13x
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21050]: Successful su for rubyman by root
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21050]: + ??? root:rubyman
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341261 of user rubyman.
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21050]: pam_unix(su:session): session closed for user rubyman
May  6 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341261.
May  6 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session closed for user root
May  6 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20982]: pam_unix(cron:session): session closed for user samftp
May  6 16:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: Invalid user test from 102.210.80.6
May  6 16:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: input_userauth_request: invalid user test [preauth]
May  6 16:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 16:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: Failed password for invalid user test from 102.210.80.6 port 45721 ssh2
May  6 16:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: Received disconnect from 102.210.80.6 port 45721:11: Bye Bye [preauth]
May  6 16:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21304]: Disconnected from 102.210.80.6 port 45721 [preauth]
May  6 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session closed for user root
May  6 16:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 16:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for root from 80.94.95.125 port 36814 ssh2
May  6 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 36814 ssh2]
May  6 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Received disconnect from 80.94.95.125 port 36814:11: Bye [preauth]
May  6 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Disconnected from 80.94.95.125 port 36814 [preauth]
May  6 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 16:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session closed for user p13x
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: Successful su for rubyman by root
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: + ??? root:rubyman
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341266 of user rubyman.
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: pam_unix(su:session): session closed for user rubyman
May  6 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341266.
May  6 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18896]: pam_unix(cron:session): session closed for user root
May  6 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21433]: pam_unix(cron:session): session closed for user samftp
May  6 16:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Invalid user sammy from 111.238.174.6
May  6 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: input_userauth_request: invalid user sammy [preauth]
May  6 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Failed password for invalid user sammy from 111.238.174.6 port 40356 ssh2
May  6 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Received disconnect from 111.238.174.6 port 40356:11: Bye Bye [preauth]
May  6 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21718]: Disconnected from 111.238.174.6 port 40356 [preauth]
May  6 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Failed password for root from 14.103.123.50 port 57920 ssh2
May  6 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Received disconnect from 14.103.123.50 port 57920:11: Bye Bye [preauth]
May  6 16:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Disconnected from 14.103.123.50 port 57920 [preauth]
May  6 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session closed for user root
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22157]: pam_unix(cron:session): session closed for user p13x
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22227]: Successful su for rubyman by root
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22227]: + ??? root:rubyman
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341269 of user rubyman.
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22227]: pam_unix(su:session): session closed for user rubyman
May  6 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341269.
May  6 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
May  6 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22158]: pam_unix(cron:session): session closed for user samftp
May  6 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20984]: pam_unix(cron:session): session closed for user root
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session closed for user p13x
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: Successful su for rubyman by root
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: + ??? root:rubyman
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341275 of user rubyman.
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: pam_unix(su:session): session closed for user rubyman
May  6 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341275.
May  6 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22622]: pam_unix(cron:session): session closed for user root
May  6 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19732]: pam_unix(cron:session): session closed for user root
May  6 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user samftp
May  6 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: Invalid user postgres from 111.238.174.6
May  6 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: input_userauth_request: invalid user postgres [preauth]
May  6 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 16:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: Failed password for invalid user postgres from 111.238.174.6 port 48460 ssh2
May  6 16:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: Received disconnect from 111.238.174.6 port 48460:11: Bye Bye [preauth]
May  6 16:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23031]: Disconnected from 111.238.174.6 port 48460 [preauth]
May  6 16:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: Failed password for root from 112.196.28.139 port 56862 ssh2
May  6 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: Received disconnect from 112.196.28.139 port 56862:11: Bye Bye [preauth]
May  6 16:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23054]: Disconnected from 112.196.28.139 port 56862 [preauth]
May  6 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session closed for user root
May  6 16:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Failed password for root from 157.230.88.184 port 39396 ssh2
May  6 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Received disconnect from 157.230.88.184 port 39396:11: Bye Bye [preauth]
May  6 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23162]: Disconnected from 157.230.88.184 port 39396 [preauth]
May  6 16:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for root from 14.103.123.50 port 51146 ssh2
May  6 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Received disconnect from 14.103.123.50 port 51146:11: Bye Bye [preauth]
May  6 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Disconnected from 14.103.123.50 port 51146 [preauth]
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23190]: pam_unix(cron:session): session closed for user root
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23184]: pam_unix(cron:session): session closed for user p13x
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23262]: Successful su for rubyman by root
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23262]: + ??? root:rubyman
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341279 of user rubyman.
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23262]: pam_unix(su:session): session closed for user rubyman
May  6 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341279.
May  6 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23187]: pam_unix(cron:session): session closed for user root
May  6 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20140]: pam_unix(cron:session): session closed for user root
May  6 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23185]: pam_unix(cron:session): session closed for user samftp
May  6 16:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Invalid user admin from 103.145.63.220
May  6 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: input_userauth_request: invalid user admin [preauth]
May  6 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Failed password for invalid user admin from 103.145.63.220 port 40544 ssh2
May  6 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Received disconnect from 103.145.63.220 port 40544:11: Bye Bye [preauth]
May  6 16:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23626]: Disconnected from 103.145.63.220 port 40544 [preauth]
May  6 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22160]: pam_unix(cron:session): session closed for user root
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23723]: pam_unix(cron:session): session closed for user p13x
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23886]: Successful su for rubyman by root
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23886]: + ??? root:rubyman
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341284 of user rubyman.
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23886]: pam_unix(su:session): session closed for user rubyman
May  6 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341284.
May  6 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session closed for user root
May  6 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23724]: pam_unix(cron:session): session closed for user samftp
May  6 16:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Invalid user elearn from 111.238.174.6
May  6 16:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: input_userauth_request: invalid user elearn [preauth]
May  6 16:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 16:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Failed password for invalid user elearn from 111.238.174.6 port 56576 ssh2
May  6 16:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Received disconnect from 111.238.174.6 port 56576:11: Bye Bye [preauth]
May  6 16:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24117]: Disconnected from 111.238.174.6 port 56576 [preauth]
May  6 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22628]: pam_unix(cron:session): session closed for user root
May  6 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Failed password for root from 102.210.80.6 port 49180 ssh2
May  6 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Received disconnect from 102.210.80.6 port 49180:11: Bye Bye [preauth]
May  6 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24238]: Disconnected from 102.210.80.6 port 49180 [preauth]
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24261]: pam_unix(cron:session): session closed for user p13x
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24333]: Successful su for rubyman by root
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24333]: + ??? root:rubyman
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341288 of user rubyman.
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24333]: pam_unix(su:session): session closed for user rubyman
May  6 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341288.
May  6 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20983]: pam_unix(cron:session): session closed for user root
May  6 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24262]: pam_unix(cron:session): session closed for user samftp
May  6 16:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Invalid user admin from 80.94.95.241
May  6 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: input_userauth_request: invalid user admin [preauth]
May  6 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 16:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user admin from 80.94.95.241 port 59077 ssh2
May  6 16:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user admin from 80.94.95.241 port 59077 ssh2
May  6 16:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user admin from 80.94.95.241 port 59077 ssh2
May  6 16:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user admin from 80.94.95.241 port 59077 ssh2
May  6 16:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user admin from 80.94.95.241 port 59077 ssh2
May  6 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Received disconnect from 80.94.95.241 port 59077:11: Bye [preauth]
May  6 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Disconnected from 80.94.95.241 port 59077 [preauth]
May  6 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23189]: pam_unix(cron:session): session closed for user root
May  6 16:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Invalid user oracle from 14.103.123.50
May  6 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: input_userauth_request: invalid user oracle [preauth]
May  6 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Failed password for invalid user oracle from 14.103.123.50 port 33888 ssh2
May  6 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Received disconnect from 14.103.123.50 port 33888:11: Bye Bye [preauth]
May  6 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24672]: Disconnected from 14.103.123.50 port 33888 [preauth]
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24702]: pam_unix(cron:session): session closed for user p13x
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: Successful su for rubyman by root
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: + ??? root:rubyman
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341292 of user rubyman.
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24761]: pam_unix(su:session): session closed for user rubyman
May  6 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341292.
May  6 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session closed for user root
May  6 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24703]: pam_unix(cron:session): session closed for user samftp
May  6 16:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6  user=root
May  6 16:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Failed password for root from 111.238.174.6 port 36446 ssh2
May  6 16:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Received disconnect from 111.238.174.6 port 36446:11: Bye Bye [preauth]
May  6 16:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24995]: Disconnected from 111.238.174.6 port 36446 [preauth]
May  6 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23726]: pam_unix(cron:session): session closed for user root
May  6 16:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16  user=root
May  6 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Failed password for root from 194.0.234.16 port 15064 ssh2
May  6 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Connection closed by 194.0.234.16 port 15064 [preauth]
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25114]: pam_unix(cron:session): session closed for user p13x
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25180]: Successful su for rubyman by root
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25180]: + ??? root:rubyman
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341297 of user rubyman.
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25180]: pam_unix(su:session): session closed for user rubyman
May  6 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341297.
May  6 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session closed for user root
May  6 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25115]: pam_unix(cron:session): session closed for user samftp
May  6 16:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Failed password for root from 157.230.88.184 port 46628 ssh2
May  6 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Received disconnect from 157.230.88.184 port 46628:11: Bye Bye [preauth]
May  6 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Disconnected from 157.230.88.184 port 46628 [preauth]
May  6 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24264]: pam_unix(cron:session): session closed for user root
May  6 16:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Invalid user work from 112.196.28.139
May  6 16:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: input_userauth_request: invalid user work [preauth]
May  6 16:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 16:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Failed password for invalid user work from 112.196.28.139 port 45428 ssh2
May  6 16:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Received disconnect from 112.196.28.139 port 45428:11: Bye Bye [preauth]
May  6 16:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25512]: Disconnected from 112.196.28.139 port 45428 [preauth]
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25535]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25540]: pam_unix(cron:session): session closed for user root
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25534]: pam_unix(cron:session): session closed for user p13x
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: Successful su for rubyman by root
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: + ??? root:rubyman
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341300 of user rubyman.
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25608]: pam_unix(su:session): session closed for user rubyman
May  6 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341300.
May  6 16:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25536]: pam_unix(cron:session): session closed for user root
May  6 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22627]: pam_unix(cron:session): session closed for user root
May  6 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25535]: pam_unix(cron:session): session closed for user samftp
May  6 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Invalid user andres from 111.238.174.6
May  6 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: input_userauth_request: invalid user andres [preauth]
May  6 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.238.174.6
May  6 16:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Failed password for invalid user andres from 111.238.174.6 port 44546 ssh2
May  6 16:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Received disconnect from 111.238.174.6 port 44546:11: Bye Bye [preauth]
May  6 16:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25929]: Disconnected from 111.238.174.6 port 44546 [preauth]
May  6 16:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24705]: pam_unix(cron:session): session closed for user root
May  6 16:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Failed password for root from 14.103.123.50 port 45878 ssh2
May  6 16:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Received disconnect from 14.103.123.50 port 45878:11: Bye Bye [preauth]
May  6 16:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25976]: Disconnected from 14.103.123.50 port 45878 [preauth]
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26060]: pam_unix(cron:session): session closed for user p13x
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26130]: Successful su for rubyman by root
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26130]: + ??? root:rubyman
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341307 of user rubyman.
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26130]: pam_unix(su:session): session closed for user rubyman
May  6 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341307.
May  6 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23188]: pam_unix(cron:session): session closed for user root
May  6 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26061]: pam_unix(cron:session): session closed for user samftp
May  6 16:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 16:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Failed password for root from 103.145.63.220 port 42270 ssh2
May  6 16:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Received disconnect from 103.145.63.220 port 42270:11: Bye Bye [preauth]
May  6 16:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26349]: Disconnected from 103.145.63.220 port 42270 [preauth]
May  6 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25117]: pam_unix(cron:session): session closed for user root
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26550]: pam_unix(cron:session): session closed for user root
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26553]: pam_unix(cron:session): session closed for user p13x
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26615]: Successful su for rubyman by root
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26615]: + ??? root:rubyman
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341310 of user rubyman.
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26615]: pam_unix(su:session): session closed for user rubyman
May  6 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341310.
May  6 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23725]: pam_unix(cron:session): session closed for user root
May  6 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26554]: pam_unix(cron:session): session closed for user samftp
May  6 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Invalid user admin from 102.210.80.6
May  6 16:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: input_userauth_request: invalid user admin [preauth]
May  6 16:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 16:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Failed password for invalid user admin from 102.210.80.6 port 34702 ssh2
May  6 16:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Received disconnect from 102.210.80.6 port 34702:11: Bye Bye [preauth]
May  6 16:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Disconnected from 102.210.80.6 port 34702 [preauth]
May  6 16:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25539]: pam_unix(cron:session): session closed for user root
May  6 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user p13x
May  6 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: Successful su for rubyman by root
May  6 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: + ??? root:rubyman
May  6 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341315 of user rubyman.
May  6 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27072]: pam_unix(su:session): session closed for user rubyman
May  6 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341315.
May  6 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24263]: pam_unix(cron:session): session closed for user root
May  6 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session closed for user samftp
May  6 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Failed password for root from 14.103.123.50 port 47666 ssh2
May  6 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Received disconnect from 14.103.123.50 port 47666:11: Bye Bye [preauth]
May  6 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27315]: Disconnected from 14.103.123.50 port 47666 [preauth]
May  6 16:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27330]: Bad protocol version identification 'GET / HTTP/1.1' from 148.113.210.228 port 50880
May  6 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26063]: pam_unix(cron:session): session closed for user root
May  6 16:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Invalid user krodriguez from 157.230.88.184
May  6 16:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: input_userauth_request: invalid user krodriguez [preauth]
May  6 16:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184
May  6 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Failed password for invalid user krodriguez from 157.230.88.184 port 56300 ssh2
May  6 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Received disconnect from 157.230.88.184 port 56300:11: Bye Bye [preauth]
May  6 16:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27450]: Disconnected from 157.230.88.184 port 56300 [preauth]
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session closed for user p13x
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27561]: Successful su for rubyman by root
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27561]: + ??? root:rubyman
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341319 of user rubyman.
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27561]: pam_unix(su:session): session closed for user rubyman
May  6 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341319.
May  6 16:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24704]: pam_unix(cron:session): session closed for user root
May  6 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session closed for user samftp
May  6 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Failed password for root from 218.92.0.207 port 32540 ssh2
May  6 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26556]: pam_unix(cron:session): session closed for user root
May  6 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Failed password for root from 218.92.0.207 port 32540 ssh2
May  6 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 32540 ssh2]
May  6 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 32540 ssh2 [preauth]
May  6 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: Disconnecting: Too many authentication failures [preauth]
May  6 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27817]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Failed password for root from 218.92.0.207 port 3070 ssh2
May  6 16:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 3070 ssh2]
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session closed for user root
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user p13x
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: Successful su for rubyman by root
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: + ??? root:rubyman
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341325 of user rubyman.
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27986]: pam_unix(su:session): session closed for user rubyman
May  6 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341325.
May  6 16:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Failed password for root from 218.92.0.207 port 3070 ssh2
May  6 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session closed for user root
May  6 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25116]: pam_unix(cron:session): session closed for user root
May  6 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Failed password for root from 218.92.0.207 port 3070 ssh2
May  6 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 3070 ssh2 [preauth]
May  6 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: Disconnecting: Too many authentication failures [preauth]
May  6 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27885]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session closed for user samftp
May  6 16:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Failed password for root from 218.92.0.207 port 60420 ssh2
May  6 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Received disconnect from 218.92.0.207 port 60420:11:  [preauth]
May  6 16:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28197]: Disconnected from 218.92.0.207 port 60420 [preauth]
May  6 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26993]: pam_unix(cron:session): session closed for user root
May  6 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Failed password for root from 112.196.28.139 port 35968 ssh2
May  6 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Received disconnect from 112.196.28.139 port 35968:11: Bye Bye [preauth]
May  6 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Disconnected from 112.196.28.139 port 35968 [preauth]
May  6 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28359]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28358]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28358]: pam_unix(cron:session): session closed for user p13x
May  6 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28431]: Successful su for rubyman by root
May  6 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28431]: + ??? root:rubyman
May  6 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341331 of user rubyman.
May  6 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28431]: pam_unix(su:session): session closed for user rubyman
May  6 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341331.
May  6 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Invalid user sdtdserver from 14.103.123.50
May  6 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: input_userauth_request: invalid user sdtdserver [preauth]
May  6 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25537]: pam_unix(cron:session): session closed for user root
May  6 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28359]: pam_unix(cron:session): session closed for user samftp
May  6 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Failed password for invalid user sdtdserver from 14.103.123.50 port 44436 ssh2
May  6 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Received disconnect from 14.103.123.50 port 44436:11: Bye Bye [preauth]
May  6 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28562]: Disconnected from 14.103.123.50 port 44436 [preauth]
May  6 16:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session closed for user root
May  6 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28768]: pam_unix(cron:session): session closed for user p13x
May  6 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28831]: Successful su for rubyman by root
May  6 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28831]: + ??? root:rubyman
May  6 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341336 of user rubyman.
May  6 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28831]: pam_unix(su:session): session closed for user rubyman
May  6 16:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341336.
May  6 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26062]: pam_unix(cron:session): session closed for user root
May  6 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28769]: pam_unix(cron:session): session closed for user samftp
May  6 16:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Invalid user actions from 103.145.63.220
May  6 16:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: input_userauth_request: invalid user actions [preauth]
May  6 16:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 16:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Failed password for invalid user actions from 103.145.63.220 port 46744 ssh2
May  6 16:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Received disconnect from 103.145.63.220 port 46744:11: Bye Bye [preauth]
May  6 16:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29145]: Disconnected from 103.145.63.220 port 46744 [preauth]
May  6 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27918]: pam_unix(cron:session): session closed for user root
May  6 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Failed password for root from 102.210.80.6 port 32987 ssh2
May  6 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Received disconnect from 102.210.80.6 port 32987:11: Bye Bye [preauth]
May  6 16:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29241]: Disconnected from 102.210.80.6 port 32987 [preauth]
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29276]: pam_unix(cron:session): session closed for user p13x
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: Successful su for rubyman by root
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: + ??? root:rubyman
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341337 of user rubyman.
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29338]: pam_unix(su:session): session closed for user rubyman
May  6 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341337.
May  6 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26555]: pam_unix(cron:session): session closed for user root
May  6 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29278]: pam_unix(cron:session): session closed for user samftp
May  6 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Failed password for root from 157.230.88.184 port 55116 ssh2
May  6 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Received disconnect from 157.230.88.184 port 55116:11: Bye Bye [preauth]
May  6 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29489]: Disconnected from 157.230.88.184 port 55116 [preauth]
May  6 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session closed for user root
May  6 16:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Invalid user ubuntu from 14.103.123.50
May  6 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: input_userauth_request: invalid user ubuntu [preauth]
May  6 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Failed password for invalid user ubuntu from 14.103.123.50 port 57114 ssh2
May  6 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Received disconnect from 14.103.123.50 port 57114:11: Bye Bye [preauth]
May  6 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29664]: Disconnected from 14.103.123.50 port 57114 [preauth]
May  6 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29693]: pam_unix(cron:session): session closed for user p13x
May  6 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29759]: Successful su for rubyman by root
May  6 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29759]: + ??? root:rubyman
May  6 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341341 of user rubyman.
May  6 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29759]: pam_unix(su:session): session closed for user rubyman
May  6 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341341.
May  6 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26992]: pam_unix(cron:session): session closed for user root
May  6 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29694]: pam_unix(cron:session): session closed for user samftp
May  6 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28773]: pam_unix(cron:session): session closed for user root
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30101]: pam_unix(cron:session): session closed for user root
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30096]: pam_unix(cron:session): session closed for user p13x
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: Successful su for rubyman by root
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: + ??? root:rubyman
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341347 of user rubyman.
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30165]: pam_unix(su:session): session closed for user rubyman
May  6 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341347.
May  6 16:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30098]: pam_unix(cron:session): session closed for user root
May  6 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27491]: pam_unix(cron:session): session closed for user root
May  6 16:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30097]: pam_unix(cron:session): session closed for user samftp
May  6 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29280]: pam_unix(cron:session): session closed for user root
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30518]: pam_unix(cron:session): session closed for user p13x
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30582]: Successful su for rubyman by root
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30582]: + ??? root:rubyman
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341352 of user rubyman.
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30582]: pam_unix(su:session): session closed for user rubyman
May  6 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341352.
May  6 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user root
May  6 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30519]: pam_unix(cron:session): session closed for user samftp
May  6 16:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Failed password for root from 112.196.28.139 port 46472 ssh2
May  6 16:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Received disconnect from 112.196.28.139 port 46472:11: Bye Bye [preauth]
May  6 16:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Disconnected from 112.196.28.139 port 46472 [preauth]
May  6 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29696]: pam_unix(cron:session): session closed for user root
May  6 16:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: Failed password for root from 14.103.123.50 port 56484 ssh2
May  6 16:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: Received disconnect from 14.103.123.50 port 56484:11: Bye Bye [preauth]
May  6 16:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30867]: Disconnected from 14.103.123.50 port 56484 [preauth]
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30930]: pam_unix(cron:session): session closed for user p13x
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31074]: Successful su for rubyman by root
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31074]: + ??? root:rubyman
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341355 of user rubyman.
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31074]: pam_unix(su:session): session closed for user rubyman
May  6 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341355.
May  6 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session closed for user root
May  6 16:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session closed for user samftp
May  6 16:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: Invalid user pelias from 157.230.88.184
May  6 16:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: input_userauth_request: invalid user pelias [preauth]
May  6 16:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184
May  6 16:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: Failed password for invalid user pelias from 157.230.88.184 port 38232 ssh2
May  6 16:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: Received disconnect from 157.230.88.184 port 38232:11: Bye Bye [preauth]
May  6 16:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31332]: Disconnected from 157.230.88.184 port 38232 [preauth]
May  6 16:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30100]: pam_unix(cron:session): session closed for user root
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31428]: pam_unix(cron:session): session closed for user p13x
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31496]: Successful su for rubyman by root
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31496]: + ??? root:rubyman
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341360 of user rubyman.
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31496]: pam_unix(su:session): session closed for user rubyman
May  6 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341360.
May  6 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28770]: pam_unix(cron:session): session closed for user root
May  6 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31429]: pam_unix(cron:session): session closed for user samftp
May  6 16:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Invalid user plexuser from 102.210.80.6
May  6 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: input_userauth_request: invalid user plexuser [preauth]
May  6 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 16:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Failed password for invalid user plexuser from 102.210.80.6 port 60584 ssh2
May  6 16:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Received disconnect from 102.210.80.6 port 60584:11: Bye Bye [preauth]
May  6 16:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Disconnected from 102.210.80.6 port 60584 [preauth]
May  6 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 16:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for root from 103.145.63.220 port 54252 ssh2
May  6 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Received disconnect from 103.145.63.220 port 54252:11: Bye Bye [preauth]
May  6 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Disconnected from 103.145.63.220 port 54252 [preauth]
May  6 16:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Invalid user pascal from 50.235.31.47
May  6 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: input_userauth_request: invalid user pascal [preauth]
May  6 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Failed password for invalid user pascal from 50.235.31.47 port 45160 ssh2
May  6 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31764]: Connection closed by 50.235.31.47 port 45160 [preauth]
May  6 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30521]: pam_unix(cron:session): session closed for user root
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31862]: pam_unix(cron:session): session closed for user p13x
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31966]: Successful su for rubyman by root
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31966]: + ??? root:rubyman
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341364 of user rubyman.
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31966]: pam_unix(su:session): session closed for user rubyman
May  6 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341364.
May  6 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29279]: pam_unix(cron:session): session closed for user root
May  6 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31863]: pam_unix(cron:session): session closed for user samftp
May  6 16:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Invalid user huy from 14.103.123.50
May  6 16:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: input_userauth_request: invalid user huy [preauth]
May  6 16:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Failed password for invalid user huy from 14.103.123.50 port 33488 ssh2
May  6 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30937]: pam_unix(cron:session): session closed for user root
May  6 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Received disconnect from 14.103.123.50 port 33488:11: Bye Bye [preauth]
May  6 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Disconnected from 14.103.123.50 port 33488 [preauth]
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32583]: pam_unix(cron:session): session closed for user root
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32578]: pam_unix(cron:session): session closed for user p13x
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: Successful su for rubyman by root
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: + ??? root:rubyman
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341371 of user rubyman.
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32747]: pam_unix(su:session): session closed for user rubyman
May  6 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341371.
May  6 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32580]: pam_unix(cron:session): session closed for user root
May  6 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29695]: pam_unix(cron:session): session closed for user root
May  6 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32579]: pam_unix(cron:session): session closed for user samftp
May  6 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for root from 218.92.0.179 port 56728 ssh2
May  6 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56728 ssh2]
May  6 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Received disconnect from 218.92.0.179 port 56728:11:  [preauth]
May  6 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Disconnected from 218.92.0.179 port 56728 [preauth]
May  6 16:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31431]: pam_unix(cron:session): session closed for user root
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session closed for user p13x
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: Successful su for rubyman by root
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: + ??? root:rubyman
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341373 of user rubyman.
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[821]: pam_unix(su:session): session closed for user rubyman
May  6 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341373.
May  6 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30099]: pam_unix(cron:session): session closed for user root
May  6 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session closed for user samftp
May  6 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31865]: pam_unix(cron:session): session closed for user root
May  6 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for root from 157.230.88.184 port 58886 ssh2
May  6 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Received disconnect from 157.230.88.184 port 58886:11: Bye Bye [preauth]
May  6 16:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Disconnected from 157.230.88.184 port 58886 [preauth]
May  6 16:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Invalid user postgres from 112.196.28.139
May  6 16:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: input_userauth_request: invalid user postgres [preauth]
May  6 16:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 16:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Failed password for invalid user postgres from 112.196.28.139 port 50336 ssh2
May  6 16:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Received disconnect from 112.196.28.139 port 50336:11: Bye Bye [preauth]
May  6 16:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1216]: Disconnected from 112.196.28.139 port 50336 [preauth]
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1231]: pam_unix(cron:session): session closed for user p13x
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1312]: Successful su for rubyman by root
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1312]: + ??? root:rubyman
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341377 of user rubyman.
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1312]: pam_unix(su:session): session closed for user rubyman
May  6 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341377.
May  6 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30520]: pam_unix(cron:session): session closed for user root
May  6 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1238]: pam_unix(cron:session): session closed for user samftp
May  6 16:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Invalid user user1 from 14.103.123.50
May  6 16:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: input_userauth_request: invalid user user1 [preauth]
May  6 16:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Failed password for invalid user user1 from 14.103.123.50 port 42802 ssh2
May  6 16:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Received disconnect from 14.103.123.50 port 42802:11: Bye Bye [preauth]
May  6 16:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1569]: Disconnected from 14.103.123.50 port 42802 [preauth]
May  6 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32582]: pam_unix(cron:session): session closed for user root
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session closed for user p13x
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: Successful su for rubyman by root
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: + ??? root:rubyman
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341383 of user rubyman.
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1787]: pam_unix(su:session): session closed for user rubyman
May  6 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341383.
May  6 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session closed for user root
May  6 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1710]: pam_unix(cron:session): session closed for user samftp
May  6 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[744]: pam_unix(cron:session): session closed for user root
May  6 16:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 16:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Failed password for root from 102.210.80.6 port 41265 ssh2
May  6 16:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Received disconnect from 102.210.80.6 port 41265:11: Bye Bye [preauth]
May  6 16:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2186]: Disconnected from 102.210.80.6 port 41265 [preauth]
May  6 16:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2216]: pam_unix(cron:session): session closed for user p13x
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2278]: Successful su for rubyman by root
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2278]: + ??? root:rubyman
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341386 of user rubyman.
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2278]: pam_unix(su:session): session closed for user rubyman
May  6 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341386.
May  6 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31430]: pam_unix(cron:session): session closed for user root
May  6 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2218]: pam_unix(cron:session): session closed for user samftp
May  6 16:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Invalid user dockeradmin from 103.145.63.220
May  6 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: input_userauth_request: invalid user dockeradmin [preauth]
May  6 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Failed password for invalid user dockeradmin from 103.145.63.220 port 45484 ssh2
May  6 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Received disconnect from 103.145.63.220 port 45484:11: Bye Bye [preauth]
May  6 16:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Disconnected from 103.145.63.220 port 45484 [preauth]
May  6 16:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Failed password for root from 218.92.0.179 port 31513 ssh2
May  6 16:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Failed password for root from 218.92.0.179 port 31513 ssh2
May  6 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1240]: pam_unix(cron:session): session closed for user root
May  6 16:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Failed password for root from 218.92.0.179 port 31513 ssh2
May  6 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Received disconnect from 218.92.0.179 port 31513:11:  [preauth]
May  6 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: Disconnected from 218.92.0.179 port 31513 [preauth]
May  6 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2547]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session closed for user root
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session closed for user p13x
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2732]: Successful su for rubyman by root
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2732]: + ??? root:rubyman
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341392 of user rubyman.
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2732]: pam_unix(su:session): session closed for user rubyman
May  6 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341392.
May  6 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user root
May  6 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31864]: pam_unix(cron:session): session closed for user root
May  6 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session closed for user samftp
May  6 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Invalid user zimblyeat from 14.103.123.50
May  6 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: input_userauth_request: invalid user zimblyeat [preauth]
May  6 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Failed password for invalid user zimblyeat from 14.103.123.50 port 43046 ssh2
May  6 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Received disconnect from 14.103.123.50 port 43046:11: Bye Bye [preauth]
May  6 16:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2950]: Disconnected from 14.103.123.50 port 43046 [preauth]
May  6 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1712]: pam_unix(cron:session): session closed for user root
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3105]: pam_unix(cron:session): session closed for user p13x
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3177]: Successful su for rubyman by root
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3177]: + ??? root:rubyman
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341395 of user rubyman.
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3177]: pam_unix(su:session): session closed for user rubyman
May  6 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341395.
May  6 16:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32581]: pam_unix(cron:session): session closed for user root
May  6 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3107]: pam_unix(cron:session): session closed for user samftp
May  6 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Invalid user felipe from 157.230.88.184
May  6 16:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: input_userauth_request: invalid user felipe [preauth]
May  6 16:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184
May  6 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Failed password for invalid user felipe from 157.230.88.184 port 34986 ssh2
May  6 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Received disconnect from 157.230.88.184 port 34986:11: Bye Bye [preauth]
May  6 16:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Disconnected from 157.230.88.184 port 34986 [preauth]
May  6 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2220]: pam_unix(cron:session): session closed for user root
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3536]: pam_unix(cron:session): session closed for user p13x
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: Successful su for rubyman by root
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: + ??? root:rubyman
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341400 of user rubyman.
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3629]: pam_unix(su:session): session closed for user rubyman
May  6 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341400.
May  6 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[743]: pam_unix(cron:session): session closed for user root
May  6 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3537]: pam_unix(cron:session): session closed for user samftp
May  6 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Invalid user admin from 80.94.95.112
May  6 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: input_userauth_request: invalid user admin [preauth]
May  6 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 16:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for invalid user admin from 80.94.95.112 port 34519 ssh2
May  6 16:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for invalid user admin from 80.94.95.112 port 34519 ssh2
May  6 16:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for invalid user admin from 80.94.95.112 port 34519 ssh2
May  6 16:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for invalid user admin from 80.94.95.112 port 34519 ssh2
May  6 16:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Failed password for invalid user admin from 80.94.95.112 port 34519 ssh2
May  6 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Received disconnect from 80.94.95.112 port 34519:11: Bye [preauth]
May  6 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: Disconnected from 80.94.95.112 port 34519 [preauth]
May  6 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 16:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3829]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user root
May  6 16:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Failed password for root from 112.196.28.139 port 40822 ssh2
May  6 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Received disconnect from 112.196.28.139 port 40822:11: Bye Bye [preauth]
May  6 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Disconnected from 112.196.28.139 port 40822 [preauth]
May  6 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Failed password for root from 14.103.123.50 port 54402 ssh2
May  6 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Received disconnect from 14.103.123.50 port 54402:11: Bye Bye [preauth]
May  6 16:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3960]: Disconnected from 14.103.123.50 port 54402 [preauth]
May  6 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3998]: pam_unix(cron:session): session closed for user p13x
May  6 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: Successful su for rubyman by root
May  6 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: + ??? root:rubyman
May  6 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341404 of user rubyman.
May  6 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4060]: pam_unix(su:session): session closed for user rubyman
May  6 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341404.
May  6 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1239]: pam_unix(cron:session): session closed for user root
May  6 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session closed for user samftp
May  6 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3109]: pam_unix(cron:session): session closed for user root
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4560]: pam_unix(cron:session): session closed for user p13x
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4690]: Successful su for rubyman by root
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4690]: + ??? root:rubyman
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341407 of user rubyman.
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4690]: pam_unix(su:session): session closed for user rubyman
May  6 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341407.
May  6 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4558]: pam_unix(cron:session): session closed for user root
May  6 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1711]: pam_unix(cron:session): session closed for user root
May  6 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4561]: pam_unix(cron:session): session closed for user samftp
May  6 16:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Invalid user harry from 102.210.80.6
May  6 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: input_userauth_request: invalid user harry [preauth]
May  6 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 16:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Failed password for invalid user harry from 102.210.80.6 port 53730 ssh2
May  6 16:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Received disconnect from 102.210.80.6 port 53730:11: Bye Bye [preauth]
May  6 16:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Disconnected from 102.210.80.6 port 53730 [preauth]
May  6 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session closed for user root
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5279]: pam_unix(cron:session): session closed for user root
May  6 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5273]: pam_unix(cron:session): session closed for user p13x
May  6 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: Successful su for rubyman by root
May  6 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: + ??? root:rubyman
May  6 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341413 of user rubyman.
May  6 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5343]: pam_unix(su:session): session closed for user rubyman
May  6 16:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341413.
May  6 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5276]: pam_unix(cron:session): session closed for user root
May  6 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session closed for user root
May  6 16:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5274]: pam_unix(cron:session): session closed for user samftp
May  6 16:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Invalid user yuhao from 103.145.63.220
May  6 16:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: input_userauth_request: invalid user yuhao [preauth]
May  6 16:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 16:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Failed password for invalid user yuhao from 103.145.63.220 port 38546 ssh2
May  6 16:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Received disconnect from 103.145.63.220 port 38546:11: Bye Bye [preauth]
May  6 16:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Disconnected from 103.145.63.220 port 38546 [preauth]
May  6 16:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: Failed password for root from 157.230.88.184 port 36570 ssh2
May  6 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: Received disconnect from 157.230.88.184 port 36570:11: Bye Bye [preauth]
May  6 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5680]: Disconnected from 157.230.88.184 port 36570 [preauth]
May  6 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session closed for user root
May  6 16:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Invalid user usuario from 14.103.123.50
May  6 16:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: input_userauth_request: invalid user usuario [preauth]
May  6 16:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Failed password for invalid user usuario from 14.103.123.50 port 45078 ssh2
May  6 16:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Received disconnect from 14.103.123.50 port 45078:11: Bye Bye [preauth]
May  6 16:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Disconnected from 14.103.123.50 port 45078 [preauth]
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session closed for user p13x
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: Successful su for rubyman by root
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: + ??? root:rubyman
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341420 of user rubyman.
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: pam_unix(su:session): session closed for user rubyman
May  6 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341420.
May  6 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user root
May  6 16:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user samftp
May  6 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session closed for user root
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6283]: pam_unix(cron:session): session closed for user p13x
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: Successful su for rubyman by root
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: + ??? root:rubyman
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341423 of user rubyman.
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6347]: pam_unix(su:session): session closed for user rubyman
May  6 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341423.
May  6 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3108]: pam_unix(cron:session): session closed for user root
May  6 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6285]: pam_unix(cron:session): session closed for user samftp
May  6 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5278]: pam_unix(cron:session): session closed for user root
May  6 16:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Failed password for root from 218.92.0.179 port 64112 ssh2
May  6 16:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 64112 ssh2]
May  6 16:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Received disconnect from 218.92.0.179 port 64112:11:  [preauth]
May  6 16:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: Disconnected from 218.92.0.179 port 64112 [preauth]
May  6 16:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6655]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6688]: pam_unix(cron:session): session closed for user p13x
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: Successful su for rubyman by root
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: + ??? root:rubyman
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341427 of user rubyman.
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6749]: pam_unix(su:session): session closed for user rubyman
May  6 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341427.
May  6 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3538]: pam_unix(cron:session): session closed for user root
May  6 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6689]: pam_unix(cron:session): session closed for user samftp
May  6 16:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Invalid user jhlee from 112.196.28.139
May  6 16:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: input_userauth_request: invalid user jhlee [preauth]
May  6 16:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Failed password for invalid user jhlee from 112.196.28.139 port 59242 ssh2
May  6 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Received disconnect from 112.196.28.139 port 59242:11: Bye Bye [preauth]
May  6 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7061]: Disconnected from 112.196.28.139 port 59242 [preauth]
May  6 16:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: Invalid user gu from 14.103.123.50
May  6 16:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: input_userauth_request: invalid user gu [preauth]
May  6 16:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50
May  6 16:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: Failed password for invalid user gu from 14.103.123.50 port 34628 ssh2
May  6 16:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: Received disconnect from 14.103.123.50 port 34628:11: Bye Bye [preauth]
May  6 16:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7103]: Disconnected from 14.103.123.50 port 34628 [preauth]
May  6 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5776]: pam_unix(cron:session): session closed for user root
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7209]: pam_unix(cron:session): session closed for user p13x
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7273]: Successful su for rubyman by root
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7273]: + ??? root:rubyman
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341430 of user rubyman.
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7273]: pam_unix(su:session): session closed for user rubyman
May  6 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341430.
May  6 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4000]: pam_unix(cron:session): session closed for user root
May  6 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7212]: pam_unix(cron:session): session closed for user samftp
May  6 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6288]: pam_unix(cron:session): session closed for user root
May  6 16:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 16:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Failed password for root from 102.210.80.6 port 52957 ssh2
May  6 16:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Received disconnect from 102.210.80.6 port 52957:11: Bye Bye [preauth]
May  6 16:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Disconnected from 102.210.80.6 port 52957 [preauth]
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7718]: pam_unix(cron:session): session closed for user root
May  6 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7709]: pam_unix(cron:session): session closed for user p13x
May  6 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: Successful su for rubyman by root
May  6 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: + ??? root:rubyman
May  6 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341435 of user rubyman.
May  6 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7793]: pam_unix(su:session): session closed for user rubyman
May  6 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341435.
May  6 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7714]: pam_unix(cron:session): session closed for user root
May  6 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4562]: pam_unix(cron:session): session closed for user root
May  6 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7710]: pam_unix(cron:session): session closed for user samftp
May  6 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7981]: Failed password for root from 157.230.88.184 port 45774 ssh2
May  6 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7981]: Received disconnect from 157.230.88.184 port 45774:11: Bye Bye [preauth]
May  6 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7981]: Disconnected from 157.230.88.184 port 45774 [preauth]
May  6 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6691]: pam_unix(cron:session): session closed for user root
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8181]: pam_unix(cron:session): session closed for user p13x
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8254]: Successful su for rubyman by root
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8254]: + ??? root:rubyman
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341442 of user rubyman.
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8254]: pam_unix(su:session): session closed for user rubyman
May  6 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341442.
May  6 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5277]: pam_unix(cron:session): session closed for user root
May  6 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8182]: pam_unix(cron:session): session closed for user samftp
May  6 16:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.123.50  user=root
May  6 16:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 16:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: Failed password for root from 14.103.123.50 port 59350 ssh2
May  6 16:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: Received disconnect from 14.103.123.50 port 59350:11: Bye Bye [preauth]
May  6 16:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8477]: Disconnected from 14.103.123.50 port 59350 [preauth]
May  6 16:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: Failed password for root from 103.145.63.220 port 43792 ssh2
May  6 16:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: Received disconnect from 103.145.63.220 port 43792:11: Bye Bye [preauth]
May  6 16:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: Disconnected from 103.145.63.220 port 43792 [preauth]
May  6 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7214]: pam_unix(cron:session): session closed for user root
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8609]: pam_unix(cron:session): session closed for user p13x
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: Successful su for rubyman by root
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: + ??? root:rubyman
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341444 of user rubyman.
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8678]: pam_unix(su:session): session closed for user rubyman
May  6 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341444.
May  6 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session closed for user root
May  6 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8610]: pam_unix(cron:session): session closed for user samftp
May  6 16:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 16:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for root from 80.94.95.125 port 20168 ssh2
May  6 16:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 20168 ssh2]
May  6 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7717]: pam_unix(cron:session): session closed for user root
May  6 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for root from 80.94.95.125 port 20168 ssh2
May  6 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Received disconnect from 80.94.95.125 port 20168:11: Bye [preauth]
May  6 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Disconnected from 80.94.95.125 port 20168 [preauth]
May  6 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 16:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9032]: pam_unix(cron:session): session closed for user p13x
May  6 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9096]: Successful su for rubyman by root
May  6 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9096]: + ??? root:rubyman
May  6 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341448 of user rubyman.
May  6 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9096]: pam_unix(su:session): session closed for user rubyman
May  6 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341448.
May  6 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6286]: pam_unix(cron:session): session closed for user root
May  6 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9033]: pam_unix(cron:session): session closed for user samftp
May  6 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session closed for user root
May  6 16:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Invalid user admin from 80.94.95.241
May  6 16:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: input_userauth_request: invalid user admin [preauth]
May  6 16:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 16:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Failed password for invalid user admin from 80.94.95.241 port 50846 ssh2
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9555]: pam_unix(cron:session): session closed for user p13x
May  6 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: Successful su for rubyman by root
May  6 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: + ??? root:rubyman
May  6 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341452 of user rubyman.
May  6 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session closed for user rubyman
May  6 16:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341452.
May  6 16:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: Failed password for root from 112.196.28.139 port 41296 ssh2
May  6 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Failed password for invalid user admin from 80.94.95.241 port 50846 ssh2
May  6 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: Received disconnect from 112.196.28.139 port 41296:11: Bye Bye [preauth]
May  6 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9552]: Disconnected from 112.196.28.139 port 41296 [preauth]
May  6 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6690]: pam_unix(cron:session): session closed for user root
May  6 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Failed password for invalid user admin from 80.94.95.241 port 50846 ssh2
May  6 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9556]: pam_unix(cron:session): session closed for user samftp
May  6 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Failed password for invalid user admin from 80.94.95.241 port 50846 ssh2
May  6 16:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Failed password for invalid user admin from 80.94.95.241 port 50846 ssh2
May  6 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Received disconnect from 80.94.95.241 port 50846:11: Bye [preauth]
May  6 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: Disconnected from 80.94.95.241 port 50846 [preauth]
May  6 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 16:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9550]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Invalid user frappe from 186.96.145.241
May  6 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: input_userauth_request: invalid user frappe [preauth]
May  6 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 16:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Failed password for invalid user frappe from 186.96.145.241 port 53880 ssh2
May  6 16:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9835]: Connection closed by 186.96.145.241 port 53880 [preauth]
May  6 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8612]: pam_unix(cron:session): session closed for user root
May  6 16:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Failed password for root from 157.230.88.184 port 45580 ssh2
May  6 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Received disconnect from 157.230.88.184 port 45580:11: Bye Bye [preauth]
May  6 16:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9897]: Disconnected from 157.230.88.184 port 45580 [preauth]
May  6 16:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Failed password for root from 218.92.0.179 port 12140 ssh2
May  6 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12140 ssh2]
May  6 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Received disconnect from 218.92.0.179 port 12140:11:  [preauth]
May  6 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Disconnected from 218.92.0.179 port 12140 [preauth]
May  6 16:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9963]: pam_unix(cron:session): session closed for user root
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9958]: pam_unix(cron:session): session closed for user p13x
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: Successful su for rubyman by root
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: + ??? root:rubyman
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341458 of user rubyman.
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: pam_unix(su:session): session closed for user rubyman
May  6 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341458.
May  6 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session closed for user root
May  6 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7213]: pam_unix(cron:session): session closed for user root
May  6 16:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session closed for user samftp
May  6 16:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 16:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Failed password for root from 102.210.80.6 port 50756 ssh2
May  6 16:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Received disconnect from 102.210.80.6 port 50756:11: Bye Bye [preauth]
May  6 16:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10353]: Disconnected from 102.210.80.6 port 50756 [preauth]
May  6 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session closed for user root
May  6 16:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  6 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 58328 ssh2]
May  6 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 58328 ssh2 [preauth]
May  6 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: Disconnecting: Too many authentication failures [preauth]
May  6 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10446]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10501]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10501]: pam_unix(cron:session): session closed for user p13x
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10575]: Successful su for rubyman by root
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10575]: + ??? root:rubyman
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341462 of user rubyman.
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10575]: pam_unix(su:session): session closed for user rubyman
May  6 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341462.
May  6 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: Failed password for root from 218.92.0.207 port 19048 ssh2
May  6 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7715]: pam_unix(cron:session): session closed for user root
May  6 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10504]: pam_unix(cron:session): session closed for user samftp
May  6 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: Failed password for root from 218.92.0.207 port 19048 ssh2
May  6 16:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 19048 ssh2]
May  6 16:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 19048 ssh2 [preauth]
May  6 16:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: Disconnecting: Too many authentication failures [preauth]
May  6 16:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10494]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 16:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 16:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Failed password for root from 218.92.0.207 port 33724 ssh2
May  6 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Received disconnect from 218.92.0.207 port 33724:11:  [preauth]
May  6 16:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10862]: Disconnected from 218.92.0.207 port 33724 [preauth]
May  6 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9558]: pam_unix(cron:session): session closed for user root
May  6 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session closed for user p13x
May  6 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: Successful su for rubyman by root
May  6 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: + ??? root:rubyman
May  6 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341468 of user rubyman.
May  6 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: pam_unix(su:session): session closed for user rubyman
May  6 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341468.
May  6 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session closed for user root
May  6 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10967]: pam_unix(cron:session): session closed for user samftp
May  6 16:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for root from 103.145.63.220 port 38680 ssh2
May  6 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Received disconnect from 103.145.63.220 port 38680:11: Bye Bye [preauth]
May  6 16:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Disconnected from 103.145.63.220 port 38680 [preauth]
May  6 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session closed for user root
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session closed for user p13x
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: Successful su for rubyman by root
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: + ??? root:rubyman
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341472 of user rubyman.
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: pam_unix(su:session): session closed for user rubyman
May  6 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341472.
May  6 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8611]: pam_unix(cron:session): session closed for user root
May  6 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session closed for user samftp
May  6 16:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11676]: Did not receive identification string from 154.81.156.51
May  6 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10506]: pam_unix(cron:session): session closed for user root
May  6 16:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Invalid user vip1 from 190.103.202.7
May  6 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: input_userauth_request: invalid user vip1 [preauth]
May  6 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 16:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Failed password for invalid user vip1 from 190.103.202.7 port 46000 ssh2
May  6 16:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11737]: Connection closed by 190.103.202.7 port 46000 [preauth]
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session closed for user p13x
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11826]: Successful su for rubyman by root
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11826]: + ??? root:rubyman
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341475 of user rubyman.
May  6 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11826]: pam_unix(su:session): session closed for user rubyman
May  6 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341475.
May  6 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9034]: pam_unix(cron:session): session closed for user root
May  6 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session closed for user samftp
May  6 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Invalid user postgres from 157.230.88.184
May  6 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: input_userauth_request: invalid user postgres [preauth]
May  6 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184
May  6 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Failed password for invalid user postgres from 157.230.88.184 port 50480 ssh2
May  6 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Received disconnect from 157.230.88.184 port 50480:11: Bye Bye [preauth]
May  6 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12005]: Disconnected from 157.230.88.184 port 50480 [preauth]
May  6 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session closed for user root
May  6 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Failed password for root from 112.196.28.139 port 53550 ssh2
May  6 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Received disconnect from 112.196.28.139 port 53550:11: Bye Bye [preauth]
May  6 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Disconnected from 112.196.28.139 port 53550 [preauth]
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12158]: pam_unix(cron:session): session closed for user root
May  6 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session closed for user p13x
May  6 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: Successful su for rubyman by root
May  6 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: + ??? root:rubyman
May  6 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341483 of user rubyman.
May  6 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12218]: pam_unix(su:session): session closed for user rubyman
May  6 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341483.
May  6 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session closed for user root
May  6 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9557]: pam_unix(cron:session): session closed for user root
May  6 16:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session closed for user samftp
May  6 16:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user root
May  6 16:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Failed password for root from 102.210.80.6 port 42176 ssh2
May  6 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Received disconnect from 102.210.80.6 port 42176:11: Bye Bye [preauth]
May  6 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Disconnected from 102.210.80.6 port 42176 [preauth]
May  6 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user p13x
May  6 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12650]: Successful su for rubyman by root
May  6 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12650]: + ??? root:rubyman
May  6 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341484 of user rubyman.
May  6 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12650]: pam_unix(su:session): session closed for user rubyman
May  6 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341484.
May  6 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9961]: pam_unix(cron:session): session closed for user root
May  6 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12587]: pam_unix(cron:session): session closed for user samftp
May  6 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11763]: pam_unix(cron:session): session closed for user root
May  6 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12972]: pam_unix(cron:session): session closed for user p13x
May  6 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13039]: Successful su for rubyman by root
May  6 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13039]: + ??? root:rubyman
May  6 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341490 of user rubyman.
May  6 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13039]: pam_unix(su:session): session closed for user rubyman
May  6 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341490.
May  6 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10505]: pam_unix(cron:session): session closed for user root
May  6 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12973]: pam_unix(cron:session): session closed for user samftp
May  6 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12157]: pam_unix(cron:session): session closed for user root
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13378]: pam_unix(cron:session): session closed for user p13x
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: Successful su for rubyman by root
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: + ??? root:rubyman
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341494 of user rubyman.
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13441]: pam_unix(su:session): session closed for user rubyman
May  6 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341494.
May  6 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session closed for user root
May  6 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13379]: pam_unix(cron:session): session closed for user samftp
May  6 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12589]: pam_unix(cron:session): session closed for user root
May  6 16:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Invalid user harry from 103.145.63.220
May  6 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: input_userauth_request: invalid user harry [preauth]
May  6 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: pam_unix(sshd:auth): check pass; user unknown
May  6 16:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Failed password for invalid user harry from 103.145.63.220 port 40768 ssh2
May  6 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Received disconnect from 103.145.63.220 port 40768:11: Bye Bye [preauth]
May  6 16:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Disconnected from 103.145.63.220 port 40768 [preauth]
May  6 16:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.88.184  user=root
May  6 16:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Failed password for root from 157.230.88.184 port 56932 ssh2
May  6 16:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Received disconnect from 157.230.88.184 port 56932:11: Bye Bye [preauth]
May  6 16:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: Disconnected from 157.230.88.184 port 56932 [preauth]
May  6 16:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 16:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for root from 80.94.95.29 port 35507 ssh2
May  6 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for root from 80.94.95.29 port 35507 ssh2
May  6 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13889]: pam_unix(cron:session): session closed for user p13x
May  6 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13951]: Successful su for rubyman by root
May  6 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13951]: + ??? root:rubyman
May  6 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341497 of user rubyman.
May  6 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13951]: pam_unix(su:session): session closed for user rubyman
May  6 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341497.
May  6 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for root from 80.94.95.29 port 35507 ssh2
May  6 16:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user root
May  6 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for root from 80.94.95.29 port 35507 ssh2
May  6 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13890]: pam_unix(cron:session): session closed for user samftp
May  6 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Failed password for root from 80.94.95.29 port 35507 ssh2
May  6 16:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Received disconnect from 80.94.95.29 port 35507:11: Bye [preauth]
May  6 16:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: Disconnected from 80.94.95.29 port 35507 [preauth]
May  6 16:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 16:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13878]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12975]: pam_unix(cron:session): session closed for user root
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14287]: pam_unix(cron:session): session closed for user root
May  6 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14291]: pam_unix(cron:session): session closed for user root
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14285]: pam_unix(cron:session): session closed for user p13x
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: Successful su for rubyman by root
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: + ??? root:rubyman
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341503 of user rubyman.
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: pam_unix(su:session): session closed for user rubyman
May  6 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341503.
May  6 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session closed for user root
May  6 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14288]: pam_unix(cron:session): session closed for user root
May  6 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14286]: pam_unix(cron:session): session closed for user samftp
May  6 17:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 17:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Failed password for root from 112.196.28.139 port 40234 ssh2
May  6 17:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Received disconnect from 112.196.28.139 port 40234:11: Bye Bye [preauth]
May  6 17:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14663]: Disconnected from 112.196.28.139 port 40234 [preauth]
May  6 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user root
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14789]: pam_unix(cron:session): session closed for user p13x
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14855]: Successful su for rubyman by root
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14855]: + ??? root:rubyman
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341507 of user rubyman.
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14855]: pam_unix(su:session): session closed for user rubyman
May  6 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341507.
May  6 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session closed for user root
May  6 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14790]: pam_unix(cron:session): session closed for user samftp
May  6 17:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: Invalid user eco from 102.210.80.6
May  6 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: input_userauth_request: invalid user eco [preauth]
May  6 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: Failed password for invalid user eco from 102.210.80.6 port 45025 ssh2
May  6 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: Received disconnect from 102.210.80.6 port 45025:11: Bye Bye [preauth]
May  6 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15087]: Disconnected from 102.210.80.6 port 45025 [preauth]
May  6 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session closed for user root
May  6 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user p13x
May  6 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: Successful su for rubyman by root
May  6 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: + ??? root:rubyman
May  6 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341512 of user rubyman.
May  6 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session closed for user rubyman
May  6 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341512.
May  6 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12588]: pam_unix(cron:session): session closed for user root
May  6 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user samftp
May  6 17:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for root from 218.92.0.179 port 20686 ssh2
May  6 17:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for root from 218.92.0.179 port 20686 ssh2
May  6 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for root from 218.92.0.179 port 20686 ssh2
May  6 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Received disconnect from 218.92.0.179 port 20686:11:  [preauth]
May  6 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Disconnected from 218.92.0.179 port 20686 [preauth]
May  6 17:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 17:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Invalid user admin from 80.94.95.29
May  6 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: input_userauth_request: invalid user admin [preauth]
May  6 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for invalid user admin from 80.94.95.29 port 61280 ssh2
May  6 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for invalid user admin from 80.94.95.29 port 61280 ssh2
May  6 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14290]: pam_unix(cron:session): session closed for user root
May  6 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for invalid user admin from 80.94.95.29 port 61280 ssh2
May  6 17:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for invalid user admin from 80.94.95.29 port 61280 ssh2
May  6 17:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Failed password for invalid user admin from 80.94.95.29 port 61280 ssh2
May  6 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Received disconnect from 80.94.95.29 port 61280:11: Bye [preauth]
May  6 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: Disconnected from 80.94.95.29 port 61280 [preauth]
May  6 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 17:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15501]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session closed for user p13x
May  6 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: Successful su for rubyman by root
May  6 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: + ??? root:rubyman
May  6 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341517 of user rubyman.
May  6 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15654]: pam_unix(su:session): session closed for user rubyman
May  6 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341517.
May  6 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12974]: pam_unix(cron:session): session closed for user root
May  6 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session closed for user samftp
May  6 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user root
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user p13x
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: Successful su for rubyman by root
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: + ??? root:rubyman
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341520 of user rubyman.
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16046]: pam_unix(su:session): session closed for user rubyman
May  6 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341520.
May  6 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13380]: pam_unix(cron:session): session closed for user root
May  6 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user samftp
May  6 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user root
May  6 17:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16337]: Failed password for root from 103.145.63.220 port 56724 ssh2
May  6 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16337]: Received disconnect from 103.145.63.220 port 56724:11: Bye Bye [preauth]
May  6 17:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16337]: Disconnected from 103.145.63.220 port 56724 [preauth]
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16369]: pam_unix(cron:session): session closed for user root
May  6 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16364]: pam_unix(cron:session): session closed for user p13x
May  6 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16432]: Successful su for rubyman by root
May  6 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16432]: + ??? root:rubyman
May  6 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16432]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341527 of user rubyman.
May  6 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16432]: pam_unix(su:session): session closed for user rubyman
May  6 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341527.
May  6 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16366]: pam_unix(cron:session): session closed for user root
May  6 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session closed for user root
May  6 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16365]: pam_unix(cron:session): session closed for user samftp
May  6 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15599]: pam_unix(cron:session): session closed for user root
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user p13x
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16938]: Successful su for rubyman by root
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16938]: + ??? root:rubyman
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341529 of user rubyman.
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16938]: pam_unix(su:session): session closed for user rubyman
May  6 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341529.
May  6 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16848]: pam_unix(cron:session): session closed for user samftp
May  6 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14289]: pam_unix(cron:session): session closed for user root
May  6 17:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 17:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: Failed password for root from 112.196.28.139 port 46898 ssh2
May  6 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: Received disconnect from 112.196.28.139 port 46898:11: Bye Bye [preauth]
May  6 17:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17156]: Disconnected from 112.196.28.139 port 46898 [preauth]
May  6 17:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15992]: pam_unix(cron:session): session closed for user root
May  6 17:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17294]: pam_unix(cron:session): session closed for user p13x
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17354]: Successful su for rubyman by root
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17354]: + ??? root:rubyman
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341533 of user rubyman.
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17354]: pam_unix(su:session): session closed for user rubyman
May  6 17:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341533.
May  6 17:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session closed for user root
May  6 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: Invalid user yuhao from 102.210.80.6
May  6 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: input_userauth_request: invalid user yuhao [preauth]
May  6 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: Failed password for invalid user yuhao from 102.210.80.6 port 58107 ssh2
May  6 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: Received disconnect from 102.210.80.6 port 58107:11: Bye Bye [preauth]
May  6 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17407]: Disconnected from 102.210.80.6 port 58107 [preauth]
May  6 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17295]: pam_unix(cron:session): session closed for user samftp
May  6 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16368]: pam_unix(cron:session): session closed for user root
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17707]: pam_unix(cron:session): session closed for user p13x
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: Successful su for rubyman by root
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: + ??? root:rubyman
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341537 of user rubyman.
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17787]: pam_unix(su:session): session closed for user rubyman
May  6 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341537.
May  6 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session closed for user root
May  6 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17708]: pam_unix(cron:session): session closed for user samftp
May  6 17:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: Connection closed by 172.105.128.12 port 51938 [preauth]
May  6 17:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: Connection closed by 172.105.128.12 port 51940 [preauth]
May  6 17:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18112]: fatal: Unable to negotiate with 172.105.128.12 port 51942: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  6 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session closed for user root
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session closed for user p13x
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18356]: Successful su for rubyman by root
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18356]: + ??? root:rubyman
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341543 of user rubyman.
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18356]: pam_unix(su:session): session closed for user rubyman
May  6 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341543.
May  6 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session closed for user root
May  6 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session closed for user root
May  6 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session closed for user samftp
May  6 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17297]: pam_unix(cron:session): session closed for user root
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session closed for user root
May  6 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session closed for user p13x
May  6 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18817]: Successful su for rubyman by root
May  6 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18817]: + ??? root:rubyman
May  6 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341548 of user rubyman.
May  6 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18817]: pam_unix(su:session): session closed for user rubyman
May  6 17:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341548.
May  6 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session closed for user root
May  6 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15991]: pam_unix(cron:session): session closed for user root
May  6 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session closed for user samftp
May  6 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17710]: pam_unix(cron:session): session closed for user root
May  6 17:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Invalid user build from 103.145.63.220
May  6 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: input_userauth_request: invalid user build [preauth]
May  6 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Failed password for invalid user build from 103.145.63.220 port 58704 ssh2
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Received disconnect from 103.145.63.220 port 58704:11: Bye Bye [preauth]
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19167]: Disconnected from 103.145.63.220 port 58704 [preauth]
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19178]: pam_unix(cron:session): session closed for user p13x
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19257]: Successful su for rubyman by root
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19257]: + ??? root:rubyman
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341552 of user rubyman.
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19257]: pam_unix(su:session): session closed for user rubyman
May  6 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341552.
May  6 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16367]: pam_unix(cron:session): session closed for user root
May  6 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19179]: pam_unix(cron:session): session closed for user samftp
May  6 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Invalid user admin from 80.94.95.112
May  6 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: input_userauth_request: invalid user admin [preauth]
May  6 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user admin from 80.94.95.112 port 39071 ssh2
May  6 17:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user admin from 80.94.95.112 port 39071 ssh2
May  6 17:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user admin from 80.94.95.112 port 39071 ssh2
May  6 17:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user admin from 80.94.95.112 port 39071 ssh2
May  6 17:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Failed password for invalid user admin from 80.94.95.112 port 39071 ssh2
May  6 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Received disconnect from 80.94.95.112 port 39071:11: Bye [preauth]
May  6 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: Disconnected from 80.94.95.112 port 39071 [preauth]
May  6 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 17:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19439]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18235]: pam_unix(cron:session): session closed for user root
May  6 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19594]: pam_unix(cron:session): session closed for user p13x
May  6 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19669]: Successful su for rubyman by root
May  6 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19669]: + ??? root:rubyman
May  6 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341556 of user rubyman.
May  6 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19669]: pam_unix(su:session): session closed for user rubyman
May  6 17:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341556.
May  6 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16849]: pam_unix(cron:session): session closed for user root
May  6 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19595]: pam_unix(cron:session): session closed for user samftp
May  6 17:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Invalid user krodriguez from 112.196.28.139
May  6 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: input_userauth_request: invalid user krodriguez [preauth]
May  6 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Failed password for invalid user krodriguez from 112.196.28.139 port 36398 ssh2
May  6 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Received disconnect from 112.196.28.139 port 36398:11: Bye Bye [preauth]
May  6 17:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Disconnected from 112.196.28.139 port 36398 [preauth]
May  6 17:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Invalid user steam from 164.68.105.9
May  6 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: input_userauth_request: invalid user steam [preauth]
May  6 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 17:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Failed password for invalid user steam from 164.68.105.9 port 44008 ssh2
May  6 17:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19884]: Connection closed by 164.68.105.9 port 44008 [preauth]
May  6 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session closed for user root
May  6 17:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Invalid user bi from 102.210.80.6
May  6 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: input_userauth_request: invalid user bi [preauth]
May  6 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Failed password for invalid user bi from 102.210.80.6 port 54385 ssh2
May  6 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Received disconnect from 102.210.80.6 port 54385:11: Bye Bye [preauth]
May  6 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Disconnected from 102.210.80.6 port 54385 [preauth]
May  6 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20013]: pam_unix(cron:session): session closed for user p13x
May  6 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20080]: Successful su for rubyman by root
May  6 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20080]: + ??? root:rubyman
May  6 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341562 of user rubyman.
May  6 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20080]: pam_unix(su:session): session closed for user rubyman
May  6 17:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341562.
May  6 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17296]: pam_unix(cron:session): session closed for user root
May  6 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20014]: pam_unix(cron:session): session closed for user samftp
May  6 17:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19181]: pam_unix(cron:session): session closed for user root
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user p13x
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: Successful su for rubyman by root
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: + ??? root:rubyman
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341565 of user rubyman.
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: pam_unix(su:session): session closed for user rubyman
May  6 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341565.
May  6 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17709]: pam_unix(cron:session): session closed for user root
May  6 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session closed for user samftp
May  6 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19597]: pam_unix(cron:session): session closed for user root
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session closed for user root
May  6 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user p13x
May  6 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20904]: Successful su for rubyman by root
May  6 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20904]: + ??? root:rubyman
May  6 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341568 of user rubyman.
May  6 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20904]: pam_unix(su:session): session closed for user rubyman
May  6 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341568.
May  6 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
May  6 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18234]: pam_unix(cron:session): session closed for user root
May  6 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user samftp
May  6 17:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: Invalid user kwx from 46.244.96.25
May  6 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: input_userauth_request: invalid user kwx [preauth]
May  6 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session closed for user root
May  6 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: Failed password for invalid user kwx from 46.244.96.25 port 36724 ssh2
May  6 17:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21176]: Connection closed by 46.244.96.25 port 36724 [preauth]
May  6 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21302]: pam_unix(cron:session): session closed for user p13x
May  6 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: Successful su for rubyman by root
May  6 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: + ??? root:rubyman
May  6 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341576 of user rubyman.
May  6 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: pam_unix(su:session): session closed for user rubyman
May  6 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341576.
May  6 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18742]: pam_unix(cron:session): session closed for user root
May  6 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21303]: pam_unix(cron:session): session closed for user samftp
May  6 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20416]: pam_unix(cron:session): session closed for user root
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21740]: pam_unix(cron:session): session closed for user root
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21742]: pam_unix(cron:session): session closed for user p13x
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22083]: Successful su for rubyman by root
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22083]: + ??? root:rubyman
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341578 of user rubyman.
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22083]: pam_unix(su:session): session closed for user rubyman
May  6 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341578.
May  6 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19180]: pam_unix(cron:session): session closed for user root
May  6 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Invalid user test from 103.145.63.220
May  6 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: input_userauth_request: invalid user test [preauth]
May  6 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session closed for user samftp
May  6 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Failed password for invalid user test from 103.145.63.220 port 52696 ssh2
May  6 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Received disconnect from 103.145.63.220 port 52696:11: Bye Bye [preauth]
May  6 17:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22285]: Disconnected from 103.145.63.220 port 52696 [preauth]
May  6 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
May  6 17:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: Invalid user pelias from 112.196.28.139
May  6 17:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: input_userauth_request: invalid user pelias [preauth]
May  6 17:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139
May  6 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: Failed password for invalid user pelias from 112.196.28.139 port 53904 ssh2
May  6 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: Received disconnect from 112.196.28.139 port 53904:11: Bye Bye [preauth]
May  6 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22476]: Disconnected from 112.196.28.139 port 53904 [preauth]
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22497]: pam_unix(cron:session): session closed for user p13x
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: Successful su for rubyman by root
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: + ??? root:rubyman
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341585 of user rubyman.
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22570]: pam_unix(su:session): session closed for user rubyman
May  6 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341585.
May  6 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19596]: pam_unix(cron:session): session closed for user root
May  6 17:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22498]: pam_unix(cron:session): session closed for user samftp
May  6 17:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21305]: pam_unix(cron:session): session closed for user root
May  6 17:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: Invalid user localhost from 102.210.80.6
May  6 17:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: input_userauth_request: invalid user localhost [preauth]
May  6 17:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 17:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: Failed password for invalid user localhost from 102.210.80.6 port 49195 ssh2
May  6 17:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: Received disconnect from 102.210.80.6 port 49195:11: Bye Bye [preauth]
May  6 17:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22850]: Disconnected from 102.210.80.6 port 49195 [preauth]
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22960]: pam_unix(cron:session): session closed for user p13x
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: Successful su for rubyman by root
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: + ??? root:rubyman
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341588 of user rubyman.
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23028]: pam_unix(su:session): session closed for user rubyman
May  6 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341588.
May  6 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session closed for user root
May  6 17:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session closed for user samftp
May  6 17:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: Invalid user processing from 193.70.84.184
May  6 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: input_userauth_request: invalid user processing [preauth]
May  6 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: Failed password for invalid user processing from 193.70.84.184 port 55580 ssh2
May  6 17:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23284]: Connection closed by 193.70.84.184 port 55580 [preauth]
May  6 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session closed for user root
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session closed for user root
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23467]: pam_unix(cron:session): session closed for user p13x
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23536]: Successful su for rubyman by root
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23536]: + ??? root:rubyman
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341593 of user rubyman.
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23536]: pam_unix(su:session): session closed for user rubyman
May  6 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341593.
May  6 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session closed for user root
May  6 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23469]: pam_unix(cron:session): session closed for user root
May  6 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23468]: pam_unix(cron:session): session closed for user samftp
May  6 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22500]: pam_unix(cron:session): session closed for user root
May  6 17:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24029]: pam_unix(cron:session): session closed for user p13x
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24094]: Successful su for rubyman by root
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24094]: + ??? root:rubyman
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341598 of user rubyman.
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24094]: pam_unix(su:session): session closed for user rubyman
May  6 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341598.
May  6 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user root
May  6 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24030]: pam_unix(cron:session): session closed for user samftp
May  6 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24358]: Bad protocol version identification 'GET / HTTP/1.1' from 159.223.27.77 port 47170
May  6 17:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session closed for user root
May  6 17:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session closed for user p13x
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24532]: Successful su for rubyman by root
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24532]: + ??? root:rubyman
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341602 of user rubyman.
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24532]: pam_unix(su:session): session closed for user rubyman
May  6 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341602.
May  6 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21304]: pam_unix(cron:session): session closed for user root
May  6 17:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session closed for user samftp
May  6 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session closed for user root
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session closed for user p13x
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24948]: Successful su for rubyman by root
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24948]: + ??? root:rubyman
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341607 of user rubyman.
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24948]: pam_unix(su:session): session closed for user rubyman
May  6 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341607.
May  6 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session closed for user root
May  6 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session closed for user samftp
May  6 17:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 17:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: Failed password for root from 103.145.63.220 port 46334 ssh2
May  6 17:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: Received disconnect from 103.145.63.220 port 46334:11: Bye Bye [preauth]
May  6 17:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25165]: Disconnected from 103.145.63.220 port 46334 [preauth]
May  6 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session closed for user root
May  6 17:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Failed password for root from 112.196.28.139 port 46454 ssh2
May  6 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Received disconnect from 112.196.28.139 port 46454:11: Bye Bye [preauth]
May  6 17:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25233]: Disconnected from 112.196.28.139 port 46454 [preauth]
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25293]: pam_unix(cron:session): session closed for user p13x
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25356]: Successful su for rubyman by root
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25356]: + ??? root:rubyman
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341610 of user rubyman.
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25356]: pam_unix(su:session): session closed for user rubyman
May  6 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341610.
May  6 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22499]: pam_unix(cron:session): session closed for user root
May  6 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25295]: pam_unix(cron:session): session closed for user samftp
May  6 17:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: Invalid user actions from 102.210.80.6
May  6 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: input_userauth_request: invalid user actions [preauth]
May  6 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: Failed password for invalid user actions from 102.210.80.6 port 50981 ssh2
May  6 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24470]: pam_unix(cron:session): session closed for user root
May  6 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: Received disconnect from 102.210.80.6 port 50981:11: Bye Bye [preauth]
May  6 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25634]: Disconnected from 102.210.80.6 port 50981 [preauth]
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25768]: pam_unix(cron:session): session closed for user root
May  6 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session closed for user p13x
May  6 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25854]: Successful su for rubyman by root
May  6 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25854]: + ??? root:rubyman
May  6 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341616 of user rubyman.
May  6 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25854]: pam_unix(su:session): session closed for user rubyman
May  6 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341616.
May  6 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session closed for user root
May  6 17:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user root
May  6 17:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user samftp
May  6 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user root
May  6 17:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Invalid user admin from 80.94.95.241
May  6 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: input_userauth_request: invalid user admin [preauth]
May  6 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 17:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Failed password for invalid user admin from 80.94.95.241 port 12197 ssh2
May  6 17:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Failed password for invalid user admin from 80.94.95.241 port 12197 ssh2
May  6 17:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Failed password for invalid user admin from 80.94.95.241 port 12197 ssh2
May  6 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Failed password for invalid user admin from 80.94.95.241 port 12197 ssh2
May  6 17:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Failed password for invalid user admin from 80.94.95.241 port 12197 ssh2
May  6 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Received disconnect from 80.94.95.241 port 12197:11: Bye [preauth]
May  6 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: Disconnected from 80.94.95.241 port 12197 [preauth]
May  6 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 17:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26173]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26231]: pam_unix(cron:session): session closed for user p13x
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26297]: Successful su for rubyman by root
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26297]: + ??? root:rubyman
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341619 of user rubyman.
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26297]: pam_unix(su:session): session closed for user rubyman
May  6 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341619.
May  6 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23470]: pam_unix(cron:session): session closed for user root
May  6 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session closed for user samftp
May  6 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25297]: pam_unix(cron:session): session closed for user root
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26713]: pam_unix(cron:session): session closed for user p13x
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: Successful su for rubyman by root
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: + ??? root:rubyman
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341624 of user rubyman.
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26772]: pam_unix(su:session): session closed for user rubyman
May  6 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341624.
May  6 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24031]: pam_unix(cron:session): session closed for user root
May  6 17:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session closed for user samftp
May  6 17:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session closed for user root
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27186]: pam_unix(cron:session): session closed for user p13x
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: Successful su for rubyman by root
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: + ??? root:rubyman
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341627 of user rubyman.
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27258]: pam_unix(su:session): session closed for user rubyman
May  6 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341627.
May  6 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session closed for user root
May  6 17:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Failed password for root from 80.94.95.125 port 61061 ssh2
May  6 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session closed for user samftp
May  6 17:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Failed password for root from 80.94.95.125 port 61061 ssh2
May  6 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 61061 ssh2]
May  6 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Received disconnect from 80.94.95.125 port 61061:11: Bye [preauth]
May  6 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: Disconnected from 80.94.95.125 port 61061 [preauth]
May  6 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 17:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27282]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session closed for user root
May  6 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session closed for user p13x
May  6 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: Successful su for rubyman by root
May  6 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: + ??? root:rubyman
May  6 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341632 of user rubyman.
May  6 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27727]: pam_unix(su:session): session closed for user rubyman
May  6 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341632.
May  6 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session closed for user root
May  6 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27668]: pam_unix(cron:session): session closed for user samftp
May  6 17:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.28.139  user=root
May  6 17:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Failed password for root from 112.196.28.139 port 56732 ssh2
May  6 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220  user=root
May  6 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Received disconnect from 112.196.28.139 port 56732:11: Bye Bye [preauth]
May  6 17:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27950]: Disconnected from 112.196.28.139 port 56732 [preauth]
May  6 17:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27952]: Failed password for root from 103.145.63.220 port 52632 ssh2
May  6 17:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27952]: Received disconnect from 103.145.63.220 port 52632:11: Bye Bye [preauth]
May  6 17:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27952]: Disconnected from 103.145.63.220 port 52632 [preauth]
May  6 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26716]: pam_unix(cron:session): session closed for user root
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28078]: pam_unix(cron:session): session closed for user root
May  6 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28073]: pam_unix(cron:session): session closed for user p13x
May  6 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: Successful su for rubyman by root
May  6 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: + ??? root:rubyman
May  6 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341640 of user rubyman.
May  6 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28140]: pam_unix(su:session): session closed for user rubyman
May  6 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341640.
May  6 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28075]: pam_unix(cron:session): session closed for user root
May  6 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session closed for user root
May  6 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28074]: pam_unix(cron:session): session closed for user samftp
May  6 17:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Invalid user dockeradmin from 102.210.80.6
May  6 17:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: input_userauth_request: invalid user dockeradmin [preauth]
May  6 17:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6
May  6 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Failed password for invalid user dockeradmin from 102.210.80.6 port 57012 ssh2
May  6 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Received disconnect from 102.210.80.6 port 57012:11: Bye Bye [preauth]
May  6 17:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Disconnected from 102.210.80.6 port 57012 [preauth]
May  6 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user root
May  6 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28510]: pam_unix(cron:session): session closed for user p13x
May  6 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28576]: Successful su for rubyman by root
May  6 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28576]: + ??? root:rubyman
May  6 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341641 of user rubyman.
May  6 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28576]: pam_unix(su:session): session closed for user rubyman
May  6 17:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341641.
May  6 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user root
May  6 17:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28511]: pam_unix(cron:session): session closed for user samftp
May  6 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27670]: pam_unix(cron:session): session closed for user root
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user p13x
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28982]: Successful su for rubyman by root
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28982]: + ??? root:rubyman
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341645 of user rubyman.
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28982]: pam_unix(su:session): session closed for user rubyman
May  6 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341645.
May  6 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session closed for user root
May  6 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user samftp
May  6 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28077]: pam_unix(cron:session): session closed for user root
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user p13x
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29490]: Successful su for rubyman by root
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29490]: + ??? root:rubyman
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341649 of user rubyman.
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29490]: pam_unix(su:session): session closed for user rubyman
May  6 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341649.
May  6 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26715]: pam_unix(cron:session): session closed for user root
May  6 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session closed for user samftp
May  6 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28514]: pam_unix(cron:session): session closed for user root
May  6 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29830]: pam_unix(cron:session): session closed for user p13x
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29893]: Successful su for rubyman by root
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29893]: + ??? root:rubyman
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341654 of user rubyman.
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29893]: pam_unix(su:session): session closed for user rubyman
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341654.
May  6 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user root
May  6 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Failed password for root from 218.92.0.179 port 47450 ssh2
May  6 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29831]: pam_unix(cron:session): session closed for user samftp
May  6 17:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Failed password for root from 218.92.0.179 port 47450 ssh2
May  6 17:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Failed password for root from 218.92.0.179 port 47450 ssh2
May  6 17:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Received disconnect from 218.92.0.179 port 47450:11:  [preauth]
May  6 17:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Disconnected from 218.92.0.179 port 47450 [preauth]
May  6 17:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user root
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30232]: pam_unix(cron:session): session closed for user root
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30227]: pam_unix(cron:session): session closed for user p13x
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: Successful su for rubyman by root
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: + ??? root:rubyman
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341662 of user rubyman.
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30293]: pam_unix(su:session): session closed for user rubyman
May  6 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341662.
May  6 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30229]: pam_unix(cron:session): session closed for user root
May  6 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27669]: pam_unix(cron:session): session closed for user root
May  6 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30228]: pam_unix(cron:session): session closed for user samftp
May  6 17:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session closed for user root
May  6 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Invalid user localhost from 103.145.63.220
May  6 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: input_userauth_request: invalid user localhost [preauth]
May  6 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Failed password for invalid user localhost from 103.145.63.220 port 48496 ssh2
May  6 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Received disconnect from 103.145.63.220 port 48496:11: Bye Bye [preauth]
May  6 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Disconnected from 103.145.63.220 port 48496 [preauth]
May  6 17:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 17:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Failed password for root from 102.210.80.6 port 46624 ssh2
May  6 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Received disconnect from 102.210.80.6 port 46624:11: Bye Bye [preauth]
May  6 17:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30641]: Disconnected from 102.210.80.6 port 46624 [preauth]
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user p13x
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30726]: Successful su for rubyman by root
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30726]: + ??? root:rubyman
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341666 of user rubyman.
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30726]: pam_unix(su:session): session closed for user rubyman
May  6 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341666.
May  6 17:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28076]: pam_unix(cron:session): session closed for user root
May  6 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session closed for user samftp
May  6 17:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31011]: fatal: monitor_read: unpermitted request 6
May  6 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29834]: pam_unix(cron:session): session closed for user root
May  6 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31164]: pam_unix(cron:session): session closed for user p13x
May  6 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: Successful su for rubyman by root
May  6 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: + ??? root:rubyman
May  6 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341668 of user rubyman.
May  6 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31226]: pam_unix(su:session): session closed for user rubyman
May  6 17:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341668.
May  6 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28512]: pam_unix(cron:session): session closed for user root
May  6 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31165]: pam_unix(cron:session): session closed for user samftp
May  6 17:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30231]: pam_unix(cron:session): session closed for user root
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session closed for user p13x
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: Successful su for rubyman by root
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: + ??? root:rubyman
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341671 of user rubyman.
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: pam_unix(su:session): session closed for user rubyman
May  6 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341671.
May  6 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session closed for user root
May  6 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session closed for user samftp
May  6 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30657]: pam_unix(cron:session): session closed for user root
May  6 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Invalid user 12345 from 194.0.234.19
May  6 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: input_userauth_request: invalid user 12345 [preauth]
May  6 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Failed password for invalid user 12345 from 194.0.234.19 port 62106 ssh2
May  6 17:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Connection closed by 194.0.234.19 port 62106 [preauth]
May  6 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32242]: pam_unix(cron:session): session closed for user p13x
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: Successful su for rubyman by root
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: + ??? root:rubyman
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341676 of user rubyman.
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32430]: pam_unix(su:session): session closed for user rubyman
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341676.
May  6 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32240]: pam_unix(cron:session): session closed for user root
May  6 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session closed for user root
May  6 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32243]: pam_unix(cron:session): session closed for user samftp
May  6 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31168]: pam_unix(cron:session): session closed for user root
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[545]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session closed for user root
May  6 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[545]: pam_unix(cron:session): session closed for user p13x
May  6 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: Successful su for rubyman by root
May  6 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: + ??? root:rubyman
May  6 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341682 of user rubyman.
May  6 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[618]: pam_unix(su:session): session closed for user rubyman
May  6 17:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341682.
May  6 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session closed for user root
May  6 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29832]: pam_unix(cron:session): session closed for user root
May  6 17:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session closed for user samftp
May  6 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session closed for user root
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1039]: pam_unix(cron:session): session closed for user p13x
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1119]: Successful su for rubyman by root
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1119]: + ??? root:rubyman
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341686 of user rubyman.
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1119]: pam_unix(su:session): session closed for user rubyman
May  6 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341686.
May  6 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30230]: pam_unix(cron:session): session closed for user root
May  6 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1040]: pam_unix(cron:session): session closed for user samftp
May  6 17:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: Failed password for root from 102.210.80.6 port 37431 ssh2
May  6 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: Received disconnect from 102.210.80.6 port 37431:11: Bye Bye [preauth]
May  6 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: Disconnected from 102.210.80.6 port 37431 [preauth]
May  6 17:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32248]: pam_unix(cron:session): session closed for user root
May  6 17:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Invalid user eco from 103.145.63.220
May  6 17:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: input_userauth_request: invalid user eco [preauth]
May  6 17:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 17:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Failed password for invalid user eco from 103.145.63.220 port 58452 ssh2
May  6 17:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Received disconnect from 103.145.63.220 port 58452:11: Bye Bye [preauth]
May  6 17:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1496]: Disconnected from 103.145.63.220 port 58452 [preauth]
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1525]: pam_unix(cron:session): session closed for user p13x
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: Successful su for rubyman by root
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: + ??? root:rubyman
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341691 of user rubyman.
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1600]: pam_unix(su:session): session closed for user rubyman
May  6 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341691.
May  6 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30656]: pam_unix(cron:session): session closed for user root
May  6 17:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1526]: pam_unix(cron:session): session closed for user samftp
May  6 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session closed for user root
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session closed for user p13x
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: Successful su for rubyman by root
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: + ??? root:rubyman
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341695 of user rubyman.
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: pam_unix(su:session): session closed for user rubyman
May  6 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341695.
May  6 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31166]: pam_unix(cron:session): session closed for user root
May  6 17:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session closed for user samftp
May  6 17:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1042]: pam_unix(cron:session): session closed for user root
May  6 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session closed for user p13x
May  6 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: Successful su for rubyman by root
May  6 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: + ??? root:rubyman
May  6 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341698 of user rubyman.
May  6 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2545]: pam_unix(su:session): session closed for user rubyman
May  6 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341698.
May  6 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session closed for user root
May  6 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2483]: pam_unix(cron:session): session closed for user samftp
May  6 17:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Invalid user admin from 80.94.95.112
May  6 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: input_userauth_request: invalid user admin [preauth]
May  6 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Failed password for invalid user admin from 80.94.95.112 port 42481 ssh2
May  6 17:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Failed password for invalid user admin from 80.94.95.112 port 42481 ssh2
May  6 17:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1528]: pam_unix(cron:session): session closed for user root
May  6 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Failed password for invalid user admin from 80.94.95.112 port 42481 ssh2
May  6 17:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Failed password for invalid user admin from 80.94.95.112 port 42481 ssh2
May  6 17:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Failed password for invalid user admin from 80.94.95.112 port 42481 ssh2
May  6 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Received disconnect from 80.94.95.112 port 42481:11: Bye [preauth]
May  6 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Disconnected from 80.94.95.112 port 42481 [preauth]
May  6 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 17:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session closed for user root
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2913]: pam_unix(cron:session): session closed for user p13x
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: Successful su for rubyman by root
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: + ??? root:rubyman
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341704 of user rubyman.
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2985]: pam_unix(su:session): session closed for user rubyman
May  6 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341704.
May  6 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2915]: pam_unix(cron:session): session closed for user root
May  6 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32244]: pam_unix(cron:session): session closed for user root
May  6 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2914]: pam_unix(cron:session): session closed for user samftp
May  6 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2062]: pam_unix(cron:session): session closed for user root
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3342]: pam_unix(cron:session): session closed for user p13x
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: Successful su for rubyman by root
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: + ??? root:rubyman
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341710 of user rubyman.
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3424]: pam_unix(su:session): session closed for user rubyman
May  6 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341710.
May  6 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[548]: pam_unix(cron:session): session closed for user root
May  6 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user samftp
May  6 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2485]: pam_unix(cron:session): session closed for user root
May  6 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session closed for user p13x
May  6 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3861]: Successful su for rubyman by root
May  6 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3861]: + ??? root:rubyman
May  6 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341712 of user rubyman.
May  6 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3861]: pam_unix(su:session): session closed for user rubyman
May  6 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341712.
May  6 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1041]: pam_unix(cron:session): session closed for user root
May  6 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session closed for user samftp
May  6 17:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.210.80.6  user=root
May  6 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Failed password for root from 102.210.80.6 port 37281 ssh2
May  6 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Received disconnect from 102.210.80.6 port 37281:11: Bye Bye [preauth]
May  6 17:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4122]: Disconnected from 102.210.80.6 port 37281 [preauth]
May  6 17:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user root
May  6 17:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Invalid user plexuser from 103.145.63.220
May  6 17:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: input_userauth_request: invalid user plexuser [preauth]
May  6 17:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session closed for user p13x
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4449]: Successful su for rubyman by root
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4449]: + ??? root:rubyman
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341718 of user rubyman.
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4449]: pam_unix(su:session): session closed for user rubyman
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341718.
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Failed password for invalid user plexuser from 103.145.63.220 port 60360 ssh2
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Received disconnect from 103.145.63.220 port 60360:11: Bye Bye [preauth]
May  6 17:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4224]: Disconnected from 103.145.63.220 port 60360 [preauth]
May  6 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1527]: pam_unix(cron:session): session closed for user root
May  6 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session closed for user samftp
May  6 17:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session closed for user root
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session closed for user p13x
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: Successful su for rubyman by root
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: + ??? root:rubyman
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341721 of user rubyman.
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4872]: pam_unix(su:session): session closed for user rubyman
May  6 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341721.
May  6 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2061]: pam_unix(cron:session): session closed for user root
May  6 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session closed for user samftp
May  6 17:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session closed for user root
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user root
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5408]: pam_unix(cron:session): session closed for user p13x
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5492]: Successful su for rubyman by root
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5492]: + ??? root:rubyman
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341728 of user rubyman.
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5492]: pam_unix(su:session): session closed for user rubyman
May  6 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341728.
May  6 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user root
May  6 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2484]: pam_unix(cron:session): session closed for user root
May  6 17:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session closed for user samftp
May  6 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session closed for user root
May  6 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6010]: pam_unix(cron:session): session closed for user p13x
May  6 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: Successful su for rubyman by root
May  6 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: + ??? root:rubyman
May  6 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341731 of user rubyman.
May  6 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: pam_unix(su:session): session closed for user rubyman
May  6 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341731.
May  6 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2916]: pam_unix(cron:session): session closed for user root
May  6 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6011]: pam_unix(cron:session): session closed for user samftp
May  6 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4806]: pam_unix(cron:session): session closed for user root
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6426]: pam_unix(cron:session): session closed for user p13x
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6490]: Successful su for rubyman by root
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6490]: + ??? root:rubyman
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341734 of user rubyman.
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6490]: pam_unix(su:session): session closed for user rubyman
May  6 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341734.
May  6 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session closed for user root
May  6 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6427]: pam_unix(cron:session): session closed for user samftp
May  6 17:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Failed password for root from 164.68.105.9 port 52964 ssh2
May  6 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Connection closed by 164.68.105.9 port 52964 [preauth]
May  6 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user root
May  6 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.123.98  user=root
May  6 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Failed password for root from 146.190.123.98 port 57486 ssh2
May  6 17:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6774]: Connection closed by 146.190.123.98 port 57486 [preauth]
May  6 17:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  6 17:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6823]: Failed password for root from 218.92.0.205 port 44778 ssh2
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user p13x
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6897]: Successful su for rubyman by root
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6897]: + ??? root:rubyman
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341739 of user rubyman.
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6897]: pam_unix(su:session): session closed for user rubyman
May  6 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341739.
May  6 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session closed for user root
May  6 17:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user samftp
May  6 17:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6013]: pam_unix(cron:session): session closed for user root
May  6 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session closed for user p13x
May  6 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: Successful su for rubyman by root
May  6 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: + ??? root:rubyman
May  6 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341744 of user rubyman.
May  6 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7408]: pam_unix(su:session): session closed for user rubyman
May  6 17:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341744.
May  6 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session closed for user root
May  6 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session closed for user samftp
May  6 17:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Invalid user bi from 103.145.63.220
May  6 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: input_userauth_request: invalid user bi [preauth]
May  6 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.145.63.220
May  6 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Failed password for invalid user bi from 103.145.63.220 port 37710 ssh2
May  6 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Received disconnect from 103.145.63.220 port 37710:11: Bye Bye [preauth]
May  6 17:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Disconnected from 103.145.63.220 port 37710 [preauth]
May  6 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Invalid user sean from 50.235.31.47
May  6 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: input_userauth_request: invalid user sean [preauth]
May  6 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): check pass; user unknown
May  6 17:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 17:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Failed password for invalid user sean from 50.235.31.47 port 41014 ssh2
May  6 17:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7780]: Connection closed by 50.235.31.47 port 41014 [preauth]
May  6 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session closed for user root
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user root
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session closed for user p13x
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7942]: Successful su for rubyman by root
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7942]: + ??? root:rubyman
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341748 of user rubyman.
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7942]: pam_unix(su:session): session closed for user rubyman
May  6 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341748.
May  6 17:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7872]: pam_unix(cron:session): session closed for user root
May  6 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session closed for user root
May  6 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session closed for user samftp
May  6 17:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6838]: pam_unix(cron:session): session closed for user root
May  6 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8328]: pam_unix(cron:session): session closed for user p13x
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: Successful su for rubyman by root
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: + ??? root:rubyman
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341752 of user rubyman.
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8396]: pam_unix(su:session): session closed for user rubyman
May  6 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341752.
May  6 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user root
May  6 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8329]: pam_unix(cron:session): session closed for user samftp
May  6 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 17:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: Failed password for root from 218.92.0.179 port 62700 ssh2
May  6 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62700 ssh2]
May  6 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: Received disconnect from 218.92.0.179 port 62700:11:  [preauth]
May  6 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: Disconnected from 218.92.0.179 port 62700 [preauth]
May  6 17:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8609]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session closed for user root
May  6 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8772]: pam_unix(cron:session): session closed for user p13x
May  6 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: Successful su for rubyman by root
May  6 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: + ??? root:rubyman
May  6 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341758 of user rubyman.
May  6 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: pam_unix(su:session): session closed for user rubyman
May  6 17:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341758.
May  6 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6012]: pam_unix(cron:session): session closed for user root
May  6 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8773]: pam_unix(cron:session): session closed for user samftp
May  6 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user root
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9275]: pam_unix(cron:session): session closed for user p13x
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9358]: Successful su for rubyman by root
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9358]: + ??? root:rubyman
May  6 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341762 of user rubyman.
May  6 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9358]: pam_unix(su:session): session closed for user rubyman
May  6 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341762.
May  6 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session closed for user root
May  6 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9276]: pam_unix(cron:session): session closed for user samftp
May  6 17:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Invalid user anonymous from 194.0.234.16
May  6 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: input_userauth_request: invalid user anonymous [preauth]
May  6 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Failed none for invalid user anonymous from 194.0.234.16 port 63234 ssh2
May  6 17:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Connection closed by 194.0.234.16 port 63234 [preauth]
May  6 17:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8331]: pam_unix(cron:session): session closed for user root
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session closed for user p13x
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9757]: Successful su for rubyman by root
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9757]: + ??? root:rubyman
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341766 of user rubyman.
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9757]: pam_unix(su:session): session closed for user rubyman
May  6 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341766.
May  6 17:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session closed for user root
May  6 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session closed for user samftp
May  6 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session closed for user root
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10105]: pam_unix(cron:session): session closed for user root
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10101]: pam_unix(cron:session): session closed for user root
May  6 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10099]: pam_unix(cron:session): session closed for user p13x
May  6 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10189]: Successful su for rubyman by root
May  6 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10189]: + ??? root:rubyman
May  6 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341772 of user rubyman.
May  6 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10189]: pam_unix(su:session): session closed for user rubyman
May  6 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341772.
May  6 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session closed for user root
May  6 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10102]: pam_unix(cron:session): session closed for user root
May  6 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10100]: pam_unix(cron:session): session closed for user samftp
May  6 18:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session closed for user root
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10777]: pam_unix(cron:session): session closed for user p13x
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: Successful su for rubyman by root
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: + ??? root:rubyman
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341775 of user rubyman.
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10844]: pam_unix(su:session): session closed for user rubyman
May  6 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341775.
May  6 18:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7873]: pam_unix(cron:session): session closed for user root
May  6 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session closed for user samftp
May  6 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9694]: pam_unix(cron:session): session closed for user root
May  6 18:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Invalid user admin from 80.94.95.241
May  6 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: input_userauth_request: invalid user admin [preauth]
May  6 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 18:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for invalid user admin from 80.94.95.241 port 26739 ssh2
May  6 18:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for invalid user admin from 80.94.95.241 port 26739 ssh2
May  6 18:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for invalid user admin from 80.94.95.241 port 26739 ssh2
May  6 18:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for invalid user admin from 80.94.95.241 port 26739 ssh2
May  6 18:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Failed password for invalid user admin from 80.94.95.241 port 26739 ssh2
May  6 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Received disconnect from 80.94.95.241 port 26739:11: Bye [preauth]
May  6 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: Disconnected from 80.94.95.241 port 26739 [preauth]
May  6 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 18:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11120]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11173]: pam_unix(cron:session): session closed for user p13x
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: Successful su for rubyman by root
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: + ??? root:rubyman
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341779 of user rubyman.
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11232]: pam_unix(su:session): session closed for user rubyman
May  6 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341779.
May  6 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8330]: pam_unix(cron:session): session closed for user root
May  6 18:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session closed for user samftp
May  6 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10104]: pam_unix(cron:session): session closed for user root
May  6 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11569]: pam_unix(cron:session): session closed for user p13x
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: Successful su for rubyman by root
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: + ??? root:rubyman
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341785 of user rubyman.
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11636]: pam_unix(su:session): session closed for user rubyman
May  6 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341785.
May  6 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session closed for user root
May  6 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11570]: pam_unix(cron:session): session closed for user samftp
May  6 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user root
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11961]: pam_unix(cron:session): session closed for user p13x
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: Successful su for rubyman by root
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: + ??? root:rubyman
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341789 of user rubyman.
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12019]: pam_unix(su:session): session closed for user rubyman
May  6 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341789.
May  6 18:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session closed for user root
May  6 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11962]: pam_unix(cron:session): session closed for user samftp
May  6 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session closed for user root
May  6 18:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 18:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Failed password for root from 80.94.95.125 port 29710 ssh2
May  6 18:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 29710 ssh2]
May  6 18:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Received disconnect from 80.94.95.125 port 29710:11: Bye [preauth]
May  6 18:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Disconnected from 80.94.95.125 port 29710 [preauth]
May  6 18:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 18:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12369]: pam_unix(cron:session): session closed for user root
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12364]: pam_unix(cron:session): session closed for user p13x
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12431]: Successful su for rubyman by root
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12431]: + ??? root:rubyman
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341792 of user rubyman.
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12431]: pam_unix(su:session): session closed for user rubyman
May  6 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341792.
May  6 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12366]: pam_unix(cron:session): session closed for user root
May  6 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session closed for user root
May  6 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12365]: pam_unix(cron:session): session closed for user samftp
May  6 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11572]: pam_unix(cron:session): session closed for user root
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12774]: pam_unix(cron:session): session closed for user p13x
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: Successful su for rubyman by root
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: + ??? root:rubyman
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341799 of user rubyman.
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12842]: pam_unix(su:session): session closed for user rubyman
May  6 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341799.
May  6 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10103]: pam_unix(cron:session): session closed for user root
May  6 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12775]: pam_unix(cron:session): session closed for user samftp
May  6 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11964]: pam_unix(cron:session): session closed for user root
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13169]: pam_unix(cron:session): session closed for user p13x
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13230]: Successful su for rubyman by root
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13230]: + ??? root:rubyman
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341801 of user rubyman.
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13230]: pam_unix(su:session): session closed for user rubyman
May  6 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341801.
May  6 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session closed for user root
May  6 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13170]: pam_unix(cron:session): session closed for user samftp
May  6 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Failed password for root from 218.92.0.179 port 56734 ssh2
May  6 18:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56734 ssh2]
May  6 18:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Received disconnect from 218.92.0.179 port 56734:11:  [preauth]
May  6 18:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Disconnected from 218.92.0.179 port 56734 [preauth]
May  6 18:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12368]: pam_unix(cron:session): session closed for user root
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13679]: pam_unix(cron:session): session closed for user p13x
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13744]: Successful su for rubyman by root
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13744]: + ??? root:rubyman
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341806 of user rubyman.
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13744]: pam_unix(su:session): session closed for user rubyman
May  6 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341806.
May  6 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session closed for user root
May  6 18:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13680]: pam_unix(cron:session): session closed for user samftp
May  6 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session closed for user root
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14080]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14082]: pam_unix(cron:session): session closed for user p13x
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: Successful su for rubyman by root
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: + ??? root:rubyman
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341809 of user rubyman.
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14202]: pam_unix(su:session): session closed for user rubyman
May  6 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341809.
May  6 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14080]: pam_unix(cron:session): session closed for user root
May  6 18:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11571]: pam_unix(cron:session): session closed for user root
May  6 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14083]: pam_unix(cron:session): session closed for user samftp
May  6 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13172]: pam_unix(cron:session): session closed for user root
May  6 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Invalid user griffin from 46.244.96.25
May  6 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: input_userauth_request: invalid user griffin [preauth]
May  6 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Failed password for invalid user griffin from 46.244.96.25 port 57104 ssh2
May  6 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14485]: Connection closed by 46.244.96.25 port 57104 [preauth]
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session closed for user root
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user p13x
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14649]: Successful su for rubyman by root
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14649]: + ??? root:rubyman
May  6 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341816 of user rubyman.
May  6 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14649]: pam_unix(su:session): session closed for user rubyman
May  6 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341816.
May  6 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session closed for user root
May  6 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11963]: pam_unix(cron:session): session closed for user root
May  6 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user samftp
May  6 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13682]: pam_unix(cron:session): session closed for user root
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session closed for user p13x
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: Successful su for rubyman by root
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: + ??? root:rubyman
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341821 of user rubyman.
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15081]: pam_unix(su:session): session closed for user rubyman
May  6 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341821.
May  6 18:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12367]: pam_unix(cron:session): session closed for user root
May  6 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user samftp
May  6 18:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14086]: pam_unix(cron:session): session closed for user root
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session closed for user p13x
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: Successful su for rubyman by root
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: + ??? root:rubyman
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341825 of user rubyman.
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session closed for user rubyman
May  6 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341825.
May  6 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session closed for user root
May  6 18:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15412]: pam_unix(cron:session): session closed for user samftp
May  6 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14576]: pam_unix(cron:session): session closed for user root
May  6 18:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Failed password for root from 218.92.0.179 port 56160 ssh2
May  6 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56160 ssh2]
May  6 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Received disconnect from 218.92.0.179 port 56160:11:  [preauth]
May  6 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: Disconnected from 218.92.0.179 port 56160 [preauth]
May  6 18:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15743]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user p13x
May  6 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: Successful su for rubyman by root
May  6 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: + ??? root:rubyman
May  6 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341828 of user rubyman.
May  6 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: pam_unix(su:session): session closed for user rubyman
May  6 18:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341828.
May  6 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13171]: pam_unix(cron:session): session closed for user root
May  6 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session closed for user samftp
May  6 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session closed for user root
May  6 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16187]: pam_unix(cron:session): session closed for user p13x
May  6 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: Successful su for rubyman by root
May  6 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: + ??? root:rubyman
May  6 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341833 of user rubyman.
May  6 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16246]: pam_unix(su:session): session closed for user rubyman
May  6 18:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341833.
May  6 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13681]: pam_unix(cron:session): session closed for user root
May  6 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session closed for user samftp
May  6 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15414]: pam_unix(cron:session): session closed for user root
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16640]: pam_unix(cron:session): session closed for user root
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session closed for user p13x
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16705]: Successful su for rubyman by root
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16705]: + ??? root:rubyman
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341836 of user rubyman.
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16705]: pam_unix(su:session): session closed for user rubyman
May  6 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341836.
May  6 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16637]: pam_unix(cron:session): session closed for user root
May  6 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14085]: pam_unix(cron:session): session closed for user root
May  6 18:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16636]: pam_unix(cron:session): session closed for user samftp
May  6 18:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Failed password for root from 218.92.0.179 port 53912 ssh2
May  6 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Failed password for root from 218.92.0.179 port 53912 ssh2
May  6 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session closed for user root
May  6 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Failed password for root from 218.92.0.179 port 53912 ssh2
May  6 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Received disconnect from 218.92.0.179 port 53912:11:  [preauth]
May  6 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: Disconnected from 218.92.0.179 port 53912 [preauth]
May  6 18:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17093]: pam_unix(cron:session): session closed for user p13x
May  6 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17163]: Successful su for rubyman by root
May  6 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17163]: + ??? root:rubyman
May  6 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341843 of user rubyman.
May  6 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17163]: pam_unix(su:session): session closed for user rubyman
May  6 18:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341843.
May  6 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14575]: pam_unix(cron:session): session closed for user root
May  6 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17094]: pam_unix(cron:session): session closed for user samftp
May  6 18:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session closed for user root
May  6 18:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Failed password for root from 218.92.0.179 port 42461 ssh2
May  6 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42461 ssh2]
May  6 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Received disconnect from 218.92.0.179 port 42461:11:  [preauth]
May  6 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: Disconnected from 218.92.0.179 port 42461 [preauth]
May  6 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17483]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17504]: pam_unix(cron:session): session closed for user root
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17506]: pam_unix(cron:session): session closed for user p13x
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17577]: Successful su for rubyman by root
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17577]: + ??? root:rubyman
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341846 of user rubyman.
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17577]: pam_unix(su:session): session closed for user rubyman
May  6 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341846.
May  6 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session closed for user root
May  6 18:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17508]: pam_unix(cron:session): session closed for user samftp
May  6 18:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16639]: pam_unix(cron:session): session closed for user root
May  6 18:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Invalid user admin from 80.94.95.112
May  6 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: input_userauth_request: invalid user admin [preauth]
May  6 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 18:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user admin from 80.94.95.112 port 64478 ssh2
May  6 18:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user admin from 80.94.95.112 port 64478 ssh2
May  6 18:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user admin from 80.94.95.112 port 64478 ssh2
May  6 18:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user admin from 80.94.95.112 port 64478 ssh2
May  6 18:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Failed password for invalid user admin from 80.94.95.112 port 64478 ssh2
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Received disconnect from 80.94.95.112 port 64478:11: Bye [preauth]
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: Disconnected from 80.94.95.112 port 64478 [preauth]
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18008]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18043]: pam_unix(cron:session): session closed for user p13x
May  6 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: Successful su for rubyman by root
May  6 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: + ??? root:rubyman
May  6 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341851 of user rubyman.
May  6 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18110]: pam_unix(su:session): session closed for user rubyman
May  6 18:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341851.
May  6 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15413]: pam_unix(cron:session): session closed for user root
May  6 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18044]: pam_unix(cron:session): session closed for user samftp
May  6 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17099]: pam_unix(cron:session): session closed for user root
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18457]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18457]: pam_unix(cron:session): session closed for user p13x
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18519]: Successful su for rubyman by root
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18519]: + ??? root:rubyman
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341855 of user rubyman.
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18519]: pam_unix(su:session): session closed for user rubyman
May  6 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341855.
May  6 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
May  6 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18458]: pam_unix(cron:session): session closed for user samftp
May  6 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session closed for user root
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18865]: pam_unix(cron:session): session closed for user root
May  6 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user p13x
May  6 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18930]: Successful su for rubyman by root
May  6 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18930]: + ??? root:rubyman
May  6 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341863 of user rubyman.
May  6 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18930]: pam_unix(su:session): session closed for user rubyman
May  6 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341863.
May  6 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18860]: pam_unix(cron:session): session closed for user root
May  6 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session closed for user root
May  6 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18859]: pam_unix(cron:session): session closed for user samftp
May  6 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18046]: pam_unix(cron:session): session closed for user root
May  6 18:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19299]: pam_unix(cron:session): session closed for user p13x
May  6 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: Successful su for rubyman by root
May  6 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: + ??? root:rubyman
May  6 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341867 of user rubyman.
May  6 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19367]: pam_unix(su:session): session closed for user rubyman
May  6 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341867.
May  6 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16638]: pam_unix(cron:session): session closed for user root
May  6 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session closed for user samftp
May  6 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18460]: pam_unix(cron:session): session closed for user root
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user p13x
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19787]: Successful su for rubyman by root
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19787]: + ??? root:rubyman
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341869 of user rubyman.
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19787]: pam_unix(su:session): session closed for user rubyman
May  6 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341869.
May  6 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17095]: pam_unix(cron:session): session closed for user root
May  6 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19726]: pam_unix(cron:session): session closed for user samftp
May  6 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18864]: pam_unix(cron:session): session closed for user root
May  6 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session closed for user p13x
May  6 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: Successful su for rubyman by root
May  6 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: + ??? root:rubyman
May  6 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341874 of user rubyman.
May  6 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20190]: pam_unix(su:session): session closed for user rubyman
May  6 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341874.
May  6 18:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17510]: pam_unix(cron:session): session closed for user root
May  6 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20130]: pam_unix(cron:session): session closed for user samftp
May  6 18:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19302]: pam_unix(cron:session): session closed for user root
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20522]: pam_unix(cron:session): session closed for user p13x
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20582]: Successful su for rubyman by root
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20582]: + ??? root:rubyman
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341879 of user rubyman.
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20582]: pam_unix(su:session): session closed for user rubyman
May  6 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341879.
May  6 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18045]: pam_unix(cron:session): session closed for user root
May  6 18:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20524]: pam_unix(cron:session): session closed for user samftp
May  6 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19728]: pam_unix(cron:session): session closed for user root
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session closed for user root
May  6 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user p13x
May  6 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21005]: Successful su for rubyman by root
May  6 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21005]: + ??? root:rubyman
May  6 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341881 of user rubyman.
May  6 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21005]: pam_unix(su:session): session closed for user rubyman
May  6 18:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341881.
May  6 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user root
May  6 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18459]: pam_unix(cron:session): session closed for user root
May  6 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user samftp
May  6 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20132]: pam_unix(cron:session): session closed for user root
May  6 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21406]: pam_unix(cron:session): session closed for user p13x
May  6 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21475]: Successful su for rubyman by root
May  6 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21475]: + ??? root:rubyman
May  6 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341888 of user rubyman.
May  6 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21475]: pam_unix(su:session): session closed for user rubyman
May  6 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341888.
May  6 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18861]: pam_unix(cron:session): session closed for user root
May  6 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21407]: pam_unix(cron:session): session closed for user samftp
May  6 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session closed for user root
May  6 18:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Failed password for root from 218.92.0.179 port 20742 ssh2
May  6 18:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20742 ssh2]
May  6 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Received disconnect from 218.92.0.179 port 20742:11:  [preauth]
May  6 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: Disconnected from 218.92.0.179 port 20742 [preauth]
May  6 18:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21898]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22131]: pam_unix(cron:session): session closed for user p13x
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22199]: Successful su for rubyman by root
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22199]: + ??? root:rubyman
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341893 of user rubyman.
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22199]: pam_unix(su:session): session closed for user rubyman
May  6 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341893.
May  6 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session closed for user root
May  6 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22133]: pam_unix(cron:session): session closed for user samftp
May  6 18:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20937]: pam_unix(cron:session): session closed for user root
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session closed for user p13x
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: Successful su for rubyman by root
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: + ??? root:rubyman
May  6 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341896 of user rubyman.
May  6 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22662]: pam_unix(su:session): session closed for user rubyman
May  6 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341896.
May  6 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19727]: pam_unix(cron:session): session closed for user root
May  6 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22600]: pam_unix(cron:session): session closed for user samftp
May  6 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21409]: pam_unix(cron:session): session closed for user root
May  6 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23062]: pam_unix(cron:session): session closed for user p13x
May  6 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23122]: Successful su for rubyman by root
May  6 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23122]: + ??? root:rubyman
May  6 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341899 of user rubyman.
May  6 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23122]: pam_unix(su:session): session closed for user rubyman
May  6 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341899.
May  6 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20131]: pam_unix(cron:session): session closed for user root
May  6 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23063]: pam_unix(cron:session): session closed for user samftp
May  6 18:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22136]: pam_unix(cron:session): session closed for user root
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session closed for user root
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session closed for user p13x
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23635]: Successful su for rubyman by root
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23635]: + ??? root:rubyman
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341903 of user rubyman.
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23635]: pam_unix(su:session): session closed for user rubyman
May  6 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341903.
May  6 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23562]: pam_unix(cron:session): session closed for user root
May  6 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session closed for user root
May  6 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session closed for user samftp
May  6 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22602]: pam_unix(cron:session): session closed for user root
May  6 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session closed for user p13x
May  6 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24181]: Successful su for rubyman by root
May  6 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24181]: + ??? root:rubyman
May  6 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341911 of user rubyman.
May  6 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24181]: pam_unix(su:session): session closed for user rubyman
May  6 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341911.
May  6 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session closed for user root
May  6 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session closed for user samftp
May  6 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session closed for user root
May  6 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session closed for user p13x
May  6 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24626]: Successful su for rubyman by root
May  6 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24626]: + ??? root:rubyman
May  6 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341914 of user rubyman.
May  6 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24626]: pam_unix(su:session): session closed for user rubyman
May  6 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341914.
May  6 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21408]: pam_unix(cron:session): session closed for user root
May  6 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user samftp
May  6 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session closed for user root
May  6 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24979]: pam_unix(cron:session): session closed for user p13x
May  6 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25042]: Successful su for rubyman by root
May  6 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25042]: + ??? root:rubyman
May  6 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341918 of user rubyman.
May  6 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25042]: pam_unix(su:session): session closed for user rubyman
May  6 18:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341918.
May  6 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22135]: pam_unix(cron:session): session closed for user root
May  6 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24980]: pam_unix(cron:session): session closed for user samftp
May  6 18:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 18:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: Failed password for root from 80.94.95.29 port 18878 ssh2
May  6 18:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 18878 ssh2]
May  6 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: Received disconnect from 80.94.95.29 port 18878:11: Bye [preauth]
May  6 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: Disconnected from 80.94.95.29 port 18878 [preauth]
May  6 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 18:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25246]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session closed for user root
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25389]: pam_unix(cron:session): session closed for user p13x
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: Successful su for rubyman by root
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: + ??? root:rubyman
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341921 of user rubyman.
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: pam_unix(su:session): session closed for user rubyman
May  6 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341921.
May  6 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22601]: pam_unix(cron:session): session closed for user root
May  6 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25390]: pam_unix(cron:session): session closed for user samftp
May  6 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session closed for user root
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25868]: pam_unix(cron:session): session closed for user root
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25863]: pam_unix(cron:session): session closed for user p13x
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: Successful su for rubyman by root
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: + ??? root:rubyman
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341930 of user rubyman.
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25946]: pam_unix(su:session): session closed for user rubyman
May  6 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341930.
May  6 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25865]: pam_unix(cron:session): session closed for user root
May  6 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23064]: pam_unix(cron:session): session closed for user root
May  6 18:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25864]: pam_unix(cron:session): session closed for user samftp
May  6 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24983]: pam_unix(cron:session): session closed for user root
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session closed for user p13x
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: Successful su for rubyman by root
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: + ??? root:rubyman
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341932 of user rubyman.
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26374]: pam_unix(su:session): session closed for user rubyman
May  6 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341932.
May  6 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23563]: pam_unix(cron:session): session closed for user root
May  6 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session closed for user samftp
May  6 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25392]: pam_unix(cron:session): session closed for user root
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26801]: pam_unix(cron:session): session closed for user p13x
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: Successful su for rubyman by root
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: + ??? root:rubyman
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341935 of user rubyman.
May  6 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26865]: pam_unix(su:session): session closed for user rubyman
May  6 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341935.
May  6 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session closed for user root
May  6 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26802]: pam_unix(cron:session): session closed for user samftp
May  6 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25867]: pam_unix(cron:session): session closed for user root
May  6 18:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Invalid user admin from 80.94.95.241
May  6 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: input_userauth_request: invalid user admin [preauth]
May  6 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user admin from 80.94.95.241 port 51141 ssh2
May  6 18:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user admin from 80.94.95.241 port 51141 ssh2
May  6 18:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user admin from 80.94.95.241 port 51141 ssh2
May  6 18:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user admin from 80.94.95.241 port 51141 ssh2
May  6 18:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user admin from 80.94.95.241 port 51141 ssh2
May  6 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Received disconnect from 80.94.95.241 port 51141:11: Bye [preauth]
May  6 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Disconnected from 80.94.95.241 port 51141 [preauth]
May  6 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 18:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27281]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27280]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27280]: pam_unix(cron:session): session closed for user p13x
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27351]: Successful su for rubyman by root
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27351]: + ??? root:rubyman
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341939 of user rubyman.
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27351]: pam_unix(su:session): session closed for user rubyman
May  6 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341939.
May  6 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24556]: pam_unix(cron:session): session closed for user root
May  6 18:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27281]: pam_unix(cron:session): session closed for user samftp
May  6 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user root
May  6 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27745]: pam_unix(cron:session): session closed for user p13x
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27874]: Successful su for rubyman by root
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27874]: + ??? root:rubyman
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341943 of user rubyman.
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27874]: pam_unix(su:session): session closed for user rubyman
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341943.
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session closed for user root
May  6 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Invalid user admin from 194.0.234.19
May  6 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: input_userauth_request: invalid user admin [preauth]
May  6 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24982]: pam_unix(cron:session): session closed for user root
May  6 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Failed password for invalid user admin from 194.0.234.19 port 53386 ssh2
May  6 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27927]: Connection closed by 194.0.234.19 port 53386 [preauth]
May  6 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27746]: pam_unix(cron:session): session closed for user samftp
May  6 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26804]: pam_unix(cron:session): session closed for user root
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28257]: pam_unix(cron:session): session closed for user root
May  6 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session closed for user p13x
May  6 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: Successful su for rubyman by root
May  6 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: + ??? root:rubyman
May  6 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341952 of user rubyman.
May  6 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28317]: pam_unix(su:session): session closed for user rubyman
May  6 18:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341952.
May  6 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28252]: pam_unix(cron:session): session closed for user root
May  6 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25391]: pam_unix(cron:session): session closed for user root
May  6 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28251]: pam_unix(cron:session): session closed for user samftp
May  6 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27283]: pam_unix(cron:session): session closed for user root
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28685]: pam_unix(cron:session): session closed for user p13x
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: Successful su for rubyman by root
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: + ??? root:rubyman
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341954 of user rubyman.
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28753]: pam_unix(su:session): session closed for user rubyman
May  6 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341954.
May  6 18:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25866]: pam_unix(cron:session): session closed for user root
May  6 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28687]: pam_unix(cron:session): session closed for user samftp
May  6 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 18:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Failed password for root from 80.94.95.125 port 35551 ssh2
May  6 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 35551 ssh2]
May  6 18:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session closed for user root
May  6 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Failed password for root from 80.94.95.125 port 35551 ssh2
May  6 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Received disconnect from 80.94.95.125 port 35551:11: Bye [preauth]
May  6 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: Disconnected from 80.94.95.125 port 35551 [preauth]
May  6 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  6 18:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28998]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Failed password for root from 218.92.0.179 port 42080 ssh2
May  6 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42080 ssh2]
May  6 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Received disconnect from 218.92.0.179 port 42080:11:  [preauth]
May  6 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: Disconnected from 218.92.0.179 port 42080 [preauth]
May  6 18:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29166]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29193]: pam_unix(cron:session): session closed for user p13x
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29257]: Successful su for rubyman by root
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29257]: + ??? root:rubyman
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341958 of user rubyman.
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29257]: pam_unix(su:session): session closed for user rubyman
May  6 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341958.
May  6 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user root
May  6 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29195]: pam_unix(cron:session): session closed for user samftp
May  6 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28255]: pam_unix(cron:session): session closed for user root
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29602]: pam_unix(cron:session): session closed for user p13x
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: Successful su for rubyman by root
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: + ??? root:rubyman
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341962 of user rubyman.
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29664]: pam_unix(su:session): session closed for user rubyman
May  6 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341962.
May  6 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26803]: pam_unix(cron:session): session closed for user root
May  6 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29603]: pam_unix(cron:session): session closed for user samftp
May  6 18:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28689]: pam_unix(cron:session): session closed for user root
May  6 18:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Invalid user admin from 80.94.95.29
May  6 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: input_userauth_request: invalid user admin [preauth]
May  6 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Failed password for invalid user admin from 80.94.95.29 port 31556 ssh2
May  6 18:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Failed password for invalid user admin from 80.94.95.29 port 31556 ssh2
May  6 18:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Failed password for invalid user admin from 80.94.95.29 port 31556 ssh2
May  6 18:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Failed password for invalid user admin from 80.94.95.29 port 31556 ssh2
May  6 18:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Failed password for invalid user admin from 80.94.95.29 port 31556 ssh2
May  6 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Received disconnect from 80.94.95.29 port 31556:11: Bye [preauth]
May  6 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: Disconnected from 80.94.95.29 port 31556 [preauth]
May  6 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 18:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29978]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30016]: pam_unix(cron:session): session closed for user p13x
May  6 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: Successful su for rubyman by root
May  6 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: + ??? root:rubyman
May  6 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341968 of user rubyman.
May  6 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session closed for user rubyman
May  6 18:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341968.
May  6 18:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27282]: pam_unix(cron:session): session closed for user root
May  6 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30017]: pam_unix(cron:session): session closed for user samftp
May  6 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29197]: pam_unix(cron:session): session closed for user root
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session closed for user root
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30404]: pam_unix(cron:session): session closed for user p13x
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: Successful su for rubyman by root
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: + ??? root:rubyman
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341971 of user rubyman.
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30476]: pam_unix(su:session): session closed for user rubyman
May  6 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341971.
May  6 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30406]: pam_unix(cron:session): session closed for user root
May  6 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session closed for user root
May  6 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30405]: pam_unix(cron:session): session closed for user samftp
May  6 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29605]: pam_unix(cron:session): session closed for user root
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30827]: pam_unix(cron:session): session closed for user p13x
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: Successful su for rubyman by root
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: + ??? root:rubyman
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341976 of user rubyman.
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: pam_unix(su:session): session closed for user rubyman
May  6 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341976.
May  6 18:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28253]: pam_unix(cron:session): session closed for user root
May  6 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30828]: pam_unix(cron:session): session closed for user samftp
May  6 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user root
May  6 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user p13x
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31404]: Successful su for rubyman by root
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31404]: + ??? root:rubyman
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341982 of user rubyman.
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31404]: pam_unix(su:session): session closed for user rubyman
May  6 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341982.
May  6 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28688]: pam_unix(cron:session): session closed for user root
May  6 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user samftp
May  6 18:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30409]: pam_unix(cron:session): session closed for user root
May  6 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31769]: pam_unix(cron:session): session closed for user p13x
May  6 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31831]: Successful su for rubyman by root
May  6 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31831]: + ??? root:rubyman
May  6 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341986 of user rubyman.
May  6 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31831]: pam_unix(su:session): session closed for user rubyman
May  6 18:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341986.
May  6 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29196]: pam_unix(cron:session): session closed for user root
May  6 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session closed for user samftp
May  6 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30830]: pam_unix(cron:session): session closed for user root
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session closed for user p13x
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: Successful su for rubyman by root
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: + ??? root:rubyman
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341988 of user rubyman.
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: pam_unix(su:session): session closed for user rubyman
May  6 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341988.
May  6 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29604]: pam_unix(cron:session): session closed for user root
May  6 18:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session closed for user samftp
May  6 18:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user root
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[603]: pam_unix(cron:session): session closed for user root
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[597]: pam_unix(cron:session): session closed for user p13x
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: Successful su for rubyman by root
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: + ??? root:rubyman
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341994 of user rubyman.
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[686]: pam_unix(su:session): session closed for user rubyman
May  6 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341994.
May  6 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[600]: pam_unix(cron:session): session closed for user root
May  6 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: Failed password for root from 218.92.0.179 port 39335 ssh2
May  6 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30018]: pam_unix(cron:session): session closed for user root
May  6 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[599]: pam_unix(cron:session): session closed for user samftp
May  6 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: Failed password for root from 218.92.0.179 port 39335 ssh2
May  6 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: Failed password for root from 218.92.0.179 port 39335 ssh2
May  6 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: Received disconnect from 218.92.0.179 port 39335:11:  [preauth]
May  6 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: Disconnected from 218.92.0.179 port 39335 [preauth]
May  6 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[684]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session closed for user root
May  6 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session closed for user p13x
May  6 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: Successful su for rubyman by root
May  6 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: + ??? root:rubyman
May  6 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 341999 of user rubyman.
May  6 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: pam_unix(su:session): session closed for user rubyman
May  6 18:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 341999.
May  6 18:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30407]: pam_unix(cron:session): session closed for user root
May  6 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Invalid user admin from 80.94.95.112
May  6 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: input_userauth_request: invalid user admin [preauth]
May  6 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1114]: pam_unix(cron:session): session closed for user samftp
May  6 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for invalid user admin from 80.94.95.112 port 34281 ssh2
May  6 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for invalid user admin from 80.94.95.112 port 34281 ssh2
May  6 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for invalid user admin from 80.94.95.112 port 34281 ssh2
May  6 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for invalid user admin from 80.94.95.112 port 34281 ssh2
May  6 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for invalid user admin from 80.94.95.112 port 34281 ssh2
May  6 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Received disconnect from 80.94.95.112 port 34281:11: Bye [preauth]
May  6 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Disconnected from 80.94.95.112 port 34281 [preauth]
May  6 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session closed for user root
May  6 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: Invalid user ible from 193.70.84.184
May  6 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: input_userauth_request: invalid user ible [preauth]
May  6 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Connection closed by 46.244.96.25 port 52728 [preauth]
May  6 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: Failed password for invalid user ible from 193.70.84.184 port 57798 ssh2
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1588]: Connection closed by 193.70.84.184 port 57798 [preauth]
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Invalid user zb from 46.244.96.25
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: input_userauth_request: invalid user zb [preauth]
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session closed for user p13x
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: Successful su for rubyman by root
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: + ??? root:rubyman
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342003 of user rubyman.
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1671]: pam_unix(su:session): session closed for user rubyman
May  6 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342003.
May  6 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Failed password for invalid user zb from 46.244.96.25 port 52736 ssh2
May  6 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: Connection closed by 46.244.96.25 port 52736 [preauth]
May  6 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30829]: pam_unix(cron:session): session closed for user root
May  6 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session closed for user samftp
May  6 18:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[602]: pam_unix(cron:session): session closed for user root
May  6 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2123]: pam_unix(cron:session): session closed for user p13x
May  6 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2187]: Successful su for rubyman by root
May  6 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2187]: + ??? root:rubyman
May  6 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342009 of user rubyman.
May  6 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2187]: pam_unix(su:session): session closed for user rubyman
May  6 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342009.
May  6 18:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user root
May  6 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2124]: pam_unix(cron:session): session closed for user samftp
May  6 18:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Invalid user pascal from 50.235.31.47
May  6 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: input_userauth_request: invalid user pascal [preauth]
May  6 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Failed password for invalid user pascal from 50.235.31.47 port 36286 ssh2
May  6 18:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2428]: Connection closed by 50.235.31.47 port 36286 [preauth]
May  6 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1116]: pam_unix(cron:session): session closed for user root
May  6 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user p13x
May  6 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: Successful su for rubyman by root
May  6 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: + ??? root:rubyman
May  6 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342010 of user rubyman.
May  6 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2623]: pam_unix(su:session): session closed for user rubyman
May  6 18:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342010.
May  6 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session closed for user root
May  6 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2553]: pam_unix(cron:session): session closed for user samftp
May  6 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session closed for user root
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user root
May  6 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2981]: pam_unix(cron:session): session closed for user p13x
May  6 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: Successful su for rubyman by root
May  6 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: + ??? root:rubyman
May  6 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342014 of user rubyman.
May  6 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3050]: pam_unix(su:session): session closed for user rubyman
May  6 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342014.
May  6 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2983]: pam_unix(cron:session): session closed for user root
May  6 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32476]: pam_unix(cron:session): session closed for user root
May  6 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2982]: pam_unix(cron:session): session closed for user samftp
May  6 18:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Failed password for root from 218.92.0.210 port 15788 ssh2
May  6 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 15788 ssh2]
May  6 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 15788 ssh2 [preauth]
May  6 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: Disconnecting: Too many authentication failures [preauth]
May  6 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 18:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3291]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2126]: pam_unix(cron:session): session closed for user root
May  6 18:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 18:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3352]: Failed password for root from 218.92.0.210 port 9892 ssh2
May  6 18:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3352]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 9892 ssh2]
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session closed for user p13x
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3505]: Successful su for rubyman by root
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3505]: + ??? root:rubyman
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342020 of user rubyman.
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3505]: pam_unix(su:session): session closed for user rubyman
May  6 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342020.
May  6 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[601]: pam_unix(cron:session): session closed for user root
May  6 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session closed for user samftp
May  6 18:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 18:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 218.92.0.210 port 31100 ssh2
May  6 18:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Received disconnect from 218.92.0.210 port 31100:11:  [preauth]
May  6 18:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Disconnected from 218.92.0.210 port 31100 [preauth]
May  6 18:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session closed for user root
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3864]: pam_unix(cron:session): session closed for user p13x
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: Successful su for rubyman by root
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: + ??? root:rubyman
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342024 of user rubyman.
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: pam_unix(su:session): session closed for user rubyman
May  6 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342024.
May  6 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1115]: pam_unix(cron:session): session closed for user root
May  6 18:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3865]: pam_unix(cron:session): session closed for user samftp
May  6 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user root
May  6 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user p13x
May  6 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4528]: Successful su for rubyman by root
May  6 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4528]: + ??? root:rubyman
May  6 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342029 of user rubyman.
May  6 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4528]: pam_unix(su:session): session closed for user rubyman
May  6 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342029.
May  6 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session closed for user root
May  6 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session closed for user samftp
May  6 18:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  6 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: Failed password for root from 190.103.202.7 port 49556 ssh2
May  6 18:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4750]: Connection closed by 190.103.202.7 port 49556 [preauth]
May  6 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session closed for user root
May  6 18:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 18:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Invalid user ubnt from 194.0.234.19
May  6 18:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: input_userauth_request: invalid user ubnt [preauth]
May  6 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): check pass; user unknown
May  6 18:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for invalid user ubnt from 194.0.234.19 port 40504 ssh2
May  6 18:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Connection closed by 194.0.234.19 port 40504 [preauth]
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4883]: pam_unix(cron:session): session closed for user p13x
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4954]: Successful su for rubyman by root
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4954]: + ??? root:rubyman
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4954]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342034 of user rubyman.
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4954]: pam_unix(su:session): session closed for user rubyman
May  6 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342034.
May  6 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2125]: pam_unix(cron:session): session closed for user root
May  6 18:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4884]: pam_unix(cron:session): session closed for user samftp
May  6 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session closed for user root
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5494]: pam_unix(cron:session): session closed for user root
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5498]: pam_unix(cron:session): session closed for user root
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5492]: pam_unix(cron:session): session closed for user p13x
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5637]: Successful su for rubyman by root
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5637]: + ??? root:rubyman
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342036 of user rubyman.
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5637]: pam_unix(su:session): session closed for user rubyman
May  6 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342036.
May  6 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5495]: pam_unix(cron:session): session closed for user root
May  6 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session closed for user root
May  6 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5493]: pam_unix(cron:session): session closed for user samftp
May  6 19:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Invalid user spooler from 157.245.99.182
May  6 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: input_userauth_request: invalid user spooler [preauth]
May  6 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Failed password for invalid user spooler from 157.245.99.182 port 46014 ssh2
May  6 19:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Received disconnect from 157.245.99.182 port 46014:11: Bye Bye [preauth]
May  6 19:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5946]: Disconnected from 157.245.99.182 port 46014 [preauth]
May  6 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session closed for user root
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session closed for user p13x
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6219]: Successful su for rubyman by root
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6219]: + ??? root:rubyman
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342043 of user rubyman.
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6219]: pam_unix(su:session): session closed for user rubyman
May  6 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342043.
May  6 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user root
May  6 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6149]: pam_unix(cron:session): session closed for user samftp
May  6 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4887]: pam_unix(cron:session): session closed for user root
May  6 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6559]: pam_unix(cron:session): session closed for user p13x
May  6 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: Successful su for rubyman by root
May  6 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: + ??? root:rubyman
May  6 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342047 of user rubyman.
May  6 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6623]: pam_unix(su:session): session closed for user rubyman
May  6 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342047.
May  6 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user root
May  6 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6560]: pam_unix(cron:session): session closed for user samftp
May  6 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5497]: pam_unix(cron:session): session closed for user root
May  6 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user p13x
May  6 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: Successful su for rubyman by root
May  6 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: + ??? root:rubyman
May  6 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342052 of user rubyman.
May  6 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: pam_unix(su:session): session closed for user rubyman
May  6 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342052.
May  6 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3866]: pam_unix(cron:session): session closed for user root
May  6 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session closed for user samftp
May  6 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session closed for user root
May  6 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session closed for user p13x
May  6 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: Successful su for rubyman by root
May  6 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: + ??? root:rubyman
May  6 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342056 of user rubyman.
May  6 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session closed for user rubyman
May  6 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342056.
May  6 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session closed for user root
May  6 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7469]: pam_unix(cron:session): session closed for user samftp
May  6 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6562]: pam_unix(cron:session): session closed for user root
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session closed for user root
May  6 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session closed for user p13x
May  6 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: Successful su for rubyman by root
May  6 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: + ??? root:rubyman
May  6 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342060 of user rubyman.
May  6 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8065]: pam_unix(su:session): session closed for user rubyman
May  6 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342060.
May  6 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7999]: pam_unix(cron:session): session closed for user root
May  6 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4886]: pam_unix(cron:session): session closed for user root
May  6 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session closed for user samftp
May  6 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Failed password for root from 218.92.0.179 port 49656 ssh2
May  6 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49656 ssh2]
May  6 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Received disconnect from 218.92.0.179 port 49656:11:  [preauth]
May  6 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: Disconnected from 218.92.0.179 port 49656 [preauth]
May  6 19:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8268]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7065]: pam_unix(cron:session): session closed for user root
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8479]: pam_unix(cron:session): session closed for user p13x
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: Successful su for rubyman by root
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: + ??? root:rubyman
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342066 of user rubyman.
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: pam_unix(su:session): session closed for user rubyman
May  6 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342066.
May  6 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5496]: pam_unix(cron:session): session closed for user root
May  6 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8480]: pam_unix(cron:session): session closed for user samftp
May  6 19:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7471]: pam_unix(cron:session): session closed for user root
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8918]: pam_unix(cron:session): session closed for user p13x
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8983]: Successful su for rubyman by root
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8983]: + ??? root:rubyman
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342070 of user rubyman.
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8983]: pam_unix(su:session): session closed for user rubyman
May  6 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342070.
May  6 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6150]: pam_unix(cron:session): session closed for user root
May  6 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8919]: pam_unix(cron:session): session closed for user samftp
May  6 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user root
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9441]: pam_unix(cron:session): session closed for user p13x
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: Successful su for rubyman by root
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: + ??? root:rubyman
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342073 of user rubyman.
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9503]: pam_unix(su:session): session closed for user rubyman
May  6 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342073.
May  6 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6561]: pam_unix(cron:session): session closed for user root
May  6 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9442]: pam_unix(cron:session): session closed for user samftp
May  6 19:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Invalid user bkd from 157.245.99.182
May  6 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: input_userauth_request: invalid user bkd [preauth]
May  6 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Failed password for invalid user bkd from 157.245.99.182 port 44220 ssh2
May  6 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Received disconnect from 157.245.99.182 port 44220:11: Bye Bye [preauth]
May  6 19:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9758]: Disconnected from 157.245.99.182 port 44220 [preauth]
May  6 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8483]: pam_unix(cron:session): session closed for user root
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9853]: pam_unix(cron:session): session closed for user p13x
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9978]: Successful su for rubyman by root
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9978]: + ??? root:rubyman
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342077 of user rubyman.
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9978]: pam_unix(su:session): session closed for user rubyman
May  6 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342077.
May  6 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user root
May  6 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session closed for user root
May  6 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session closed for user samftp
May  6 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8922]: pam_unix(cron:session): session closed for user root
May  6 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Invalid user sama from 164.68.105.9
May  6 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: input_userauth_request: invalid user sama [preauth]
May  6 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  6 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Failed password for invalid user sama from 164.68.105.9 port 43422 ssh2
May  6 19:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10422]: Connection closed by 164.68.105.9 port 43422 [preauth]
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10447]: pam_unix(cron:session): session closed for user root
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10442]: pam_unix(cron:session): session closed for user p13x
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10514]: Successful su for rubyman by root
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10514]: + ??? root:rubyman
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342082 of user rubyman.
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10514]: pam_unix(su:session): session closed for user rubyman
May  6 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342082.
May  6 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10444]: pam_unix(cron:session): session closed for user root
May  6 19:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7470]: pam_unix(cron:session): session closed for user root
May  6 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10443]: pam_unix(cron:session): session closed for user samftp
May  6 19:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 19:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.207 port 30694 ssh2
May  6 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.207 port 30694 ssh2
May  6 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9444]: pam_unix(cron:session): session closed for user root
May  6 19:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.207 port 30694 ssh2
May  6 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: message repeated 2 times: [ Failed password for root from 218.92.0.207 port 30694 ssh2]
May  6 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 30694 ssh2 [preauth]
May  6 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Disconnecting: Too many authentication failures [preauth]
May  6 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 19:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 19:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Failed password for root from 218.92.0.207 port 62898 ssh2
May  6 19:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 62898 ssh2]
May  6 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user p13x
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: Successful su for rubyman by root
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: + ??? root:rubyman
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342088 of user rubyman.
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11001]: pam_unix(su:session): session closed for user rubyman
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342088.
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Failed password for root from 218.92.0.207 port 62898 ssh2
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 62898 ssh2 [preauth]
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: Disconnecting: Too many authentication failures [preauth]
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10911]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session closed for user root
May  6 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  6 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session closed for user samftp
May  6 19:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.207 port 35676 ssh2
May  6 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Received disconnect from 218.92.0.207 port 35676:11:  [preauth]
May  6 19:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Disconnected from 218.92.0.207 port 35676 [preauth]
May  6 19:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9856]: pam_unix(cron:session): session closed for user root
May  6 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11334]: pam_unix(cron:session): session closed for user p13x
May  6 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: Successful su for rubyman by root
May  6 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: + ??? root:rubyman
May  6 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342093 of user rubyman.
May  6 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11392]: pam_unix(su:session): session closed for user rubyman
May  6 19:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342093.
May  6 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8481]: pam_unix(cron:session): session closed for user root
May  6 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11335]: pam_unix(cron:session): session closed for user samftp
May  6 19:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10446]: pam_unix(cron:session): session closed for user root
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11738]: pam_unix(cron:session): session closed for user p13x
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11799]: Successful su for rubyman by root
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11799]: + ??? root:rubyman
May  6 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342098 of user rubyman.
May  6 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11799]: pam_unix(su:session): session closed for user rubyman
May  6 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342098.
May  6 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8920]: pam_unix(cron:session): session closed for user root
May  6 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11739]: pam_unix(cron:session): session closed for user samftp
May  6 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session closed for user root
May  6 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Invalid user admin from 80.94.95.241
May  6 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: input_userauth_request: invalid user admin [preauth]
May  6 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user admin from 80.94.95.241 port 53294 ssh2
May  6 19:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user admin from 80.94.95.241 port 53294 ssh2
May  6 19:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user admin from 80.94.95.241 port 53294 ssh2
May  6 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user admin from 80.94.95.241 port 53294 ssh2
May  6 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Invalid user pi from 194.0.234.19
May  6 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: input_userauth_request: invalid user pi [preauth]
May  6 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user admin from 80.94.95.241 port 53294 ssh2
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Received disconnect from 80.94.95.241 port 53294:11: Bye [preauth]
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Disconnected from 80.94.95.241 port 53294 [preauth]
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Failed password for invalid user pi from 194.0.234.19 port 17364 ssh2
May  6 19:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Connection closed by 194.0.234.19 port 17364 [preauth]
May  6 19:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Invalid user tip from 157.245.99.182
May  6 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: input_userauth_request: invalid user tip [preauth]
May  6 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for invalid user tip from 157.245.99.182 port 50896 ssh2
May  6 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Received disconnect from 157.245.99.182 port 50896:11: Bye Bye [preauth]
May  6 19:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Disconnected from 157.245.99.182 port 50896 [preauth]
May  6 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12126]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12126]: pam_unix(cron:session): session closed for user p13x
May  6 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: Successful su for rubyman by root
May  6 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: + ??? root:rubyman
May  6 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342101 of user rubyman.
May  6 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: pam_unix(su:session): session closed for user rubyman
May  6 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342101.
May  6 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9443]: pam_unix(cron:session): session closed for user root
May  6 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session closed for user samftp
May  6 19:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user root
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session closed for user root
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12528]: pam_unix(cron:session): session closed for user p13x
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12596]: Successful su for rubyman by root
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12596]: + ??? root:rubyman
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342107 of user rubyman.
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12596]: pam_unix(su:session): session closed for user rubyman
May  6 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342107.
May  6 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session closed for user root
May  6 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session closed for user root
May  6 19:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12529]: pam_unix(cron:session): session closed for user samftp
May  6 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session closed for user root
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user p13x
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: Successful su for rubyman by root
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: + ??? root:rubyman
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342111 of user rubyman.
May  6 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session closed for user rubyman
May  6 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342111.
May  6 19:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10445]: pam_unix(cron:session): session closed for user root
May  6 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session closed for user samftp
May  6 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user root
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13350]: pam_unix(cron:session): session closed for user root
May  6 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13352]: pam_unix(cron:session): session closed for user p13x
May  6 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: Successful su for rubyman by root
May  6 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: + ??? root:rubyman
May  6 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342117 of user rubyman.
May  6 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13418]: pam_unix(su:session): session closed for user rubyman
May  6 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342117.
May  6 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session closed for user root
May  6 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13353]: pam_unix(cron:session): session closed for user samftp
May  6 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13707]: Did not receive identification string from 80.64.18.84
May  6 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session closed for user root
May  6 19:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Invalid user service from 80.94.95.125
May  6 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: input_userauth_request: invalid user service [preauth]
May  6 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for invalid user service from 80.94.95.125 port 50973 ssh2
May  6 19:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for invalid user service from 80.94.95.125 port 50973 ssh2
May  6 19:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for invalid user service from 80.94.95.125 port 50973 ssh2
May  6 19:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13859]: pam_unix(cron:session): session closed for user p13x
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: Successful su for rubyman by root
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: + ??? root:rubyman
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342119 of user rubyman.
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13921]: pam_unix(su:session): session closed for user rubyman
May  6 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342119.
May  6 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for invalid user service from 80.94.95.125 port 50973 ssh2
May  6 19:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session closed for user root
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for invalid user service from 80.94.95.125 port 50973 ssh2
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13860]: pam_unix(cron:session): session closed for user samftp
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Received disconnect from 80.94.95.125 port 50973:11: Bye [preauth]
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Disconnected from 80.94.95.125 port 50973 [preauth]
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 19:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12943]: pam_unix(cron:session): session closed for user root
May  6 19:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  6 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: Failed password for root from 190.103.202.7 port 46416 ssh2
May  6 19:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14197]: Connection closed by 190.103.202.7 port 46416 [preauth]
May  6 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: Invalid user cloudftp from 157.245.99.182
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: input_userauth_request: invalid user cloudftp [preauth]
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14259]: pam_unix(cron:session): session closed for user p13x
May  6 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14322]: Successful su for rubyman by root
May  6 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14322]: + ??? root:rubyman
May  6 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342125 of user rubyman.
May  6 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14322]: pam_unix(su:session): session closed for user rubyman
May  6 19:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342125.
May  6 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: Failed password for invalid user cloudftp from 157.245.99.182 port 59192 ssh2
May  6 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: Received disconnect from 157.245.99.182 port 59192:11: Bye Bye [preauth]
May  6 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14256]: Disconnected from 157.245.99.182 port 59192 [preauth]
May  6 19:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session closed for user root
May  6 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14260]: pam_unix(cron:session): session closed for user samftp
May  6 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13355]: pam_unix(cron:session): session closed for user root
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14674]: pam_unix(cron:session): session closed for user root
May  6 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14668]: pam_unix(cron:session): session closed for user p13x
May  6 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14739]: Successful su for rubyman by root
May  6 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14739]: + ??? root:rubyman
May  6 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342131 of user rubyman.
May  6 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14739]: pam_unix(su:session): session closed for user rubyman
May  6 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342131.
May  6 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14670]: pam_unix(cron:session): session closed for user root
May  6 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user root
May  6 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14669]: pam_unix(cron:session): session closed for user samftp
May  6 19:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session closed for user root
May  6 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15106]: pam_unix(cron:session): session closed for user p13x
May  6 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15171]: Successful su for rubyman by root
May  6 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15171]: + ??? root:rubyman
May  6 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342133 of user rubyman.
May  6 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15171]: pam_unix(su:session): session closed for user rubyman
May  6 19:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342133.
May  6 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12531]: pam_unix(cron:session): session closed for user root
May  6 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15107]: pam_unix(cron:session): session closed for user samftp
May  6 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14263]: pam_unix(cron:session): session closed for user root
May  6 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session closed for user p13x
May  6 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: Successful su for rubyman by root
May  6 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: + ??? root:rubyman
May  6 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342137 of user rubyman.
May  6 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15558]: pam_unix(su:session): session closed for user rubyman
May  6 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342137.
May  6 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user root
May  6 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15500]: pam_unix(cron:session): session closed for user samftp
May  6 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14673]: pam_unix(cron:session): session closed for user root
May  6 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15888]: pam_unix(cron:session): session closed for user p13x
May  6 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: Successful su for rubyman by root
May  6 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: + ??? root:rubyman
May  6 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342141 of user rubyman.
May  6 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15952]: pam_unix(su:session): session closed for user rubyman
May  6 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342141.
May  6 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13354]: pam_unix(cron:session): session closed for user root
May  6 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15889]: pam_unix(cron:session): session closed for user samftp
May  6 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15109]: pam_unix(cron:session): session closed for user root
May  6 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16269]: pam_unix(cron:session): session closed for user p13x
May  6 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: Successful su for rubyman by root
May  6 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: + ??? root:rubyman
May  6 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342146 of user rubyman.
May  6 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16331]: pam_unix(su:session): session closed for user rubyman
May  6 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342146.
May  6 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session closed for user root
May  6 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16270]: pam_unix(cron:session): session closed for user samftp
May  6 19:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Invalid user ac from 157.245.99.182
May  6 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: input_userauth_request: invalid user ac [preauth]
May  6 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Failed password for invalid user ac from 157.245.99.182 port 40034 ssh2
May  6 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Received disconnect from 157.245.99.182 port 40034:11: Bye Bye [preauth]
May  6 19:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16557]: Disconnected from 157.245.99.182 port 40034 [preauth]
May  6 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Invalid user admin from 80.94.95.112
May  6 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: input_userauth_request: invalid user admin [preauth]
May  6 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Failed password for invalid user admin from 80.94.95.112 port 9222 ssh2
May  6 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Failed password for invalid user admin from 80.94.95.112 port 9222 ssh2
May  6 19:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Failed password for invalid user admin from 80.94.95.112 port 9222 ssh2
May  6 19:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Failed password for invalid user admin from 80.94.95.112 port 9222 ssh2
May  6 19:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Failed password for invalid user admin from 80.94.95.112 port 9222 ssh2
May  6 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Received disconnect from 80.94.95.112 port 9222:11: Bye [preauth]
May  6 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: Disconnected from 80.94.95.112 port 9222 [preauth]
May  6 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 19:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16588]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15502]: pam_unix(cron:session): session closed for user root
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user root
May  6 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user p13x
May  6 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: Successful su for rubyman by root
May  6 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: + ??? root:rubyman
May  6 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342153 of user rubyman.
May  6 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: pam_unix(su:session): session closed for user rubyman
May  6 19:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342153.
May  6 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session closed for user root
May  6 19:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14261]: pam_unix(cron:session): session closed for user root
May  6 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session closed for user samftp
May  6 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  6 19:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:94.102.49.155
May  6 19:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15891]: pam_unix(cron:session): session closed for user root
May  6 19:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  6 19:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Failed password for root from 218.92.0.210 port 50104 ssh2
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session closed for user p13x
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17266]: Successful su for rubyman by root
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17266]: + ??? root:rubyman
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342156 of user rubyman.
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17266]: pam_unix(su:session): session closed for user rubyman
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342156.
May  6 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17184]: Failed password for root from 218.92.0.210 port 50104 ssh2
May  6 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14671]: pam_unix(cron:session): session closed for user root
May  6 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17196]: pam_unix(cron:session): session closed for user samftp
May  6 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16272]: pam_unix(cron:session): session closed for user root
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session closed for user p13x
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: Successful su for rubyman by root
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: + ??? root:rubyman
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342159 of user rubyman.
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: pam_unix(su:session): session closed for user rubyman
May  6 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342159.
May  6 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15108]: pam_unix(cron:session): session closed for user root
May  6 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17613]: pam_unix(cron:session): session closed for user samftp
May  6 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session closed for user root
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18139]: pam_unix(cron:session): session closed for user p13x
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: Successful su for rubyman by root
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: + ??? root:rubyman
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342163 of user rubyman.
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18198]: pam_unix(su:session): session closed for user rubyman
May  6 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342163.
May  6 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15501]: pam_unix(cron:session): session closed for user root
May  6 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18140]: pam_unix(cron:session): session closed for user samftp
May  6 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session closed for user root
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18550]: pam_unix(cron:session): session closed for user p13x
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18612]: Successful su for rubyman by root
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18612]: + ??? root:rubyman
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342167 of user rubyman.
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18612]: pam_unix(su:session): session closed for user rubyman
May  6 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342167.
May  6 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15890]: pam_unix(cron:session): session closed for user root
May  6 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18551]: pam_unix(cron:session): session closed for user samftp
May  6 19:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Invalid user sachin from 157.245.99.182
May  6 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: input_userauth_request: invalid user sachin [preauth]
May  6 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Failed password for invalid user sachin from 157.245.99.182 port 52656 ssh2
May  6 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Received disconnect from 157.245.99.182 port 52656:11: Bye Bye [preauth]
May  6 19:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18837]: Disconnected from 157.245.99.182 port 52656 [preauth]
May  6 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session closed for user root
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session closed for user root
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user p13x
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: Successful su for rubyman by root
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: + ??? root:rubyman
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342173 of user rubyman.
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: pam_unix(su:session): session closed for user rubyman
May  6 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342173.
May  6 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18958]: pam_unix(cron:session): session closed for user root
May  6 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16271]: pam_unix(cron:session): session closed for user root
May  6 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18957]: pam_unix(cron:session): session closed for user samftp
May  6 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18142]: pam_unix(cron:session): session closed for user root
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19393]: pam_unix(cron:session): session closed for user p13x
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19461]: Successful su for rubyman by root
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19461]: + ??? root:rubyman
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342177 of user rubyman.
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19461]: pam_unix(su:session): session closed for user rubyman
May  6 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342177.
May  6 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user root
May  6 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19395]: pam_unix(cron:session): session closed for user samftp
May  6 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18553]: pam_unix(cron:session): session closed for user root
May  6 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19817]: pam_unix(cron:session): session closed for user p13x
May  6 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: Successful su for rubyman by root
May  6 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: + ??? root:rubyman
May  6 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342183 of user rubyman.
May  6 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19880]: pam_unix(su:session): session closed for user rubyman
May  6 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342183.
May  6 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17197]: pam_unix(cron:session): session closed for user root
May  6 19:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19818]: pam_unix(cron:session): session closed for user samftp
May  6 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: Invalid user lixiuzhen from 46.244.96.25
May  6 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: input_userauth_request: invalid user lixiuzhen [preauth]
May  6 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 19:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: Failed password for invalid user lixiuzhen from 46.244.96.25 port 40850 ssh2
May  6 19:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20130]: Connection closed by 46.244.96.25 port 40850 [preauth]
May  6 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session closed for user root
May  6 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20225]: pam_unix(cron:session): session closed for user p13x
May  6 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20286]: Successful su for rubyman by root
May  6 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20286]: + ??? root:rubyman
May  6 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342185 of user rubyman.
May  6 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20286]: pam_unix(su:session): session closed for user rubyman
May  6 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342185.
May  6 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user root
May  6 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20226]: pam_unix(cron:session): session closed for user samftp
May  6 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Invalid user ubnt from 194.0.234.19
May  6 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: input_userauth_request: invalid user ubnt [preauth]
May  6 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Failed password for invalid user ubnt from 194.0.234.19 port 18790 ssh2
May  6 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Connection closed by 194.0.234.19 port 18790 [preauth]
May  6 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session closed for user root
May  6 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20623]: pam_unix(cron:session): session closed for user p13x
May  6 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20687]: Successful su for rubyman by root
May  6 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20687]: + ??? root:rubyman
May  6 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342189 of user rubyman.
May  6 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20687]: pam_unix(su:session): session closed for user rubyman
May  6 19:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342189.
May  6 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18141]: pam_unix(cron:session): session closed for user root
May  6 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20624]: pam_unix(cron:session): session closed for user samftp
May  6 19:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session closed for user root
May  6 19:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: Invalid user jhernandez from 157.245.99.182
May  6 19:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: input_userauth_request: invalid user jhernandez [preauth]
May  6 19:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: Failed password for invalid user jhernandez from 157.245.99.182 port 51198 ssh2
May  6 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: Received disconnect from 157.245.99.182 port 51198:11: Bye Bye [preauth]
May  6 19:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20985]: Disconnected from 157.245.99.182 port 51198 [preauth]
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session closed for user root
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21036]: pam_unix(cron:session): session closed for user p13x
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21108]: Successful su for rubyman by root
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21108]: + ??? root:rubyman
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342193 of user rubyman.
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21108]: pam_unix(su:session): session closed for user rubyman
May  6 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342193.
May  6 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21038]: pam_unix(cron:session): session closed for user root
May  6 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18552]: pam_unix(cron:session): session closed for user root
May  6 19:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21037]: pam_unix(cron:session): session closed for user samftp
May  6 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20228]: pam_unix(cron:session): session closed for user root
May  6 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21512]: pam_unix(cron:session): session closed for user p13x
May  6 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21590]: Successful su for rubyman by root
May  6 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21590]: + ??? root:rubyman
May  6 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342199 of user rubyman.
May  6 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21590]: pam_unix(su:session): session closed for user rubyman
May  6 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342199.
May  6 19:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18959]: pam_unix(cron:session): session closed for user root
May  6 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session closed for user samftp
May  6 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20626]: pam_unix(cron:session): session closed for user root
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user p13x
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: Successful su for rubyman by root
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: + ??? root:rubyman
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342204 of user rubyman.
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22331]: pam_unix(su:session): session closed for user rubyman
May  6 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342204.
May  6 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19396]: pam_unix(cron:session): session closed for user root
May  6 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user samftp
May  6 19:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21040]: pam_unix(cron:session): session closed for user root
May  6 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22708]: pam_unix(cron:session): session closed for user p13x
May  6 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22781]: Successful su for rubyman by root
May  6 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22781]: + ??? root:rubyman
May  6 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342207 of user rubyman.
May  6 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22781]: pam_unix(su:session): session closed for user rubyman
May  6 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342207.
May  6 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session closed for user root
May  6 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user samftp
May  6 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session closed for user root
May  6 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23160]: pam_unix(cron:session): session closed for user p13x
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23299]: Successful su for rubyman by root
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23299]: + ??? root:rubyman
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342213 of user rubyman.
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23299]: pam_unix(su:session): session closed for user rubyman
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342213.
May  6 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23158]: pam_unix(cron:session): session closed for user root
May  6 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20227]: pam_unix(cron:session): session closed for user root
May  6 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23161]: pam_unix(cron:session): session closed for user samftp
May  6 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
May  6 19:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Invalid user redis from 157.245.99.182
May  6 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: input_userauth_request: invalid user redis [preauth]
May  6 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Failed password for invalid user redis from 157.245.99.182 port 47350 ssh2
May  6 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Received disconnect from 157.245.99.182 port 47350:11: Bye Bye [preauth]
May  6 19:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23741]: Disconnected from 157.245.99.182 port 47350 [preauth]
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23857]: pam_unix(cron:session): session closed for user root
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23849]: pam_unix(cron:session): session closed for user p13x
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: Successful su for rubyman by root
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: + ??? root:rubyman
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342217 of user rubyman.
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23935]: pam_unix(su:session): session closed for user rubyman
May  6 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342217.
May  6 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23851]: pam_unix(cron:session): session closed for user root
May  6 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20625]: pam_unix(cron:session): session closed for user root
May  6 19:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23850]: pam_unix(cron:session): session closed for user samftp
May  6 19:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Failed password for root from 66.69.45.127 port 53320 ssh2
May  6 19:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: message repeated 2 times: [ Failed password for root from 66.69.45.127 port 53320 ssh2]
May  6 19:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 19:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Failed password for root from 66.69.45.127 port 53320 ssh2
May  6 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: Failed password for root from 94.141.103.179 port 47492 ssh2
May  6 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: Received disconnect from 94.141.103.179 port 47492:11: Bye Bye [preauth]
May  6 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24206]: Disconnected from 94.141.103.179 port 47492 [preauth]
May  6 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Failed password for root from 66.69.45.127 port 53320 ssh2
May  6 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Failed password for root from 66.69.45.127 port 53320 ssh2
May  6 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: error: maximum authentication attempts exceeded for root from 66.69.45.127 port 53320 ssh2 [preauth]
May  6 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: Disconnecting: Too many authentication failures [preauth]
May  6 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24187]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Failed password for root from 66.69.45.127 port 56832 ssh2
May  6 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Failed password for root from 66.69.45.127 port 56832 ssh2
May  6 19:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session closed for user root
May  6 19:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Failed password for root from 66.69.45.127 port 56832 ssh2
May  6 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: message repeated 3 times: [ Failed password for root from 66.69.45.127 port 56832 ssh2]
May  6 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: error: maximum authentication attempts exceeded for root from 66.69.45.127 port 56832 ssh2 [preauth]
May  6 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: Disconnecting: Too many authentication failures [preauth]
May  6 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24235]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Failed password for root from 66.69.45.127 port 60598 ssh2
May  6 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: message repeated 5 times: [ Failed password for root from 66.69.45.127 port 60598 ssh2]
May  6 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: error: maximum authentication attempts exceeded for root from 66.69.45.127 port 60598 ssh2 [preauth]
May  6 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Disconnecting: Too many authentication failures [preauth]
May  6 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127  user=root
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Failed password for root from 66.69.45.127 port 35544 ssh2
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Received disconnect from 66.69.45.127 port 35544:11: disconnected by user [preauth]
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24321]: Disconnected from 66.69.45.127 port 35544 [preauth]
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Invalid user admin from 66.69.45.127
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: input_userauth_request: invalid user admin [preauth]
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for invalid user admin from 66.69.45.127 port 36248 ssh2
May  6 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session closed for user p13x
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24426]: Successful su for rubyman by root
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24426]: + ??? root:rubyman
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342222 of user rubyman.
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24426]: pam_unix(su:session): session closed for user rubyman
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342222.
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for invalid user admin from 66.69.45.127 port 36248 ssh2
May  6 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 218.92.0.201 port 17666 ssh2
May  6 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for invalid user admin from 66.69.45.127 port 36248 ssh2
May  6 19:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21039]: pam_unix(cron:session): session closed for user root
May  6 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for invalid user admin from 66.69.45.127 port 36248 ssh2
May  6 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session closed for user samftp
May  6 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 218.92.0.201 port 17666 ssh2
May  6 19:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for invalid user admin from 66.69.45.127 port 36248 ssh2
May  6 19:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Failed password for invalid user admin from 66.69.45.127 port 36248 ssh2
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: error: maximum authentication attempts exceeded for invalid user admin from 66.69.45.127 port 36248 ssh2 [preauth]
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: Disconnecting: Too many authentication failures [preauth]
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24333]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 218.92.0.201 port 17666 ssh2
May  6 19:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Invalid user admin from 66.69.45.127
May  6 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: input_userauth_request: invalid user admin [preauth]
May  6 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Failed password for invalid user admin from 66.69.45.127 port 39438 ssh2
May  6 19:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 218.92.0.201 port 17666 ssh2
May  6 19:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Failed password for invalid user admin from 66.69.45.127 port 39438 ssh2
May  6 19:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Failed password for invalid user admin from 66.69.45.127 port 39438 ssh2
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Failed password for root from 218.92.0.201 port 17666 ssh2
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 17666 ssh2 [preauth]
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: Disconnecting: Too many authentication failures [preauth]
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24344]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Failed password for invalid user admin from 66.69.45.127 port 39438 ssh2
May  6 19:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Failed password for invalid user admin from 66.69.45.127 port 39438 ssh2
May  6 19:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 218.92.0.201 port 27720 ssh2
May  6 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Failed password for invalid user admin from 66.69.45.127 port 39438 ssh2
May  6 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: error: maximum authentication attempts exceeded for invalid user admin from 66.69.45.127 port 39438 ssh2 [preauth]
May  6 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: Disconnecting: Too many authentication failures [preauth]
May  6 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24626]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Invalid user admin from 66.69.45.127
May  6 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: input_userauth_request: invalid user admin [preauth]
May  6 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 218.92.0.201 port 27720 ssh2
May  6 19:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Failed password for invalid user admin from 66.69.45.127 port 42932 ssh2
May  6 19:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Failed password for invalid user admin from 66.69.45.127 port 42932 ssh2
May  6 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 218.92.0.201 port 27720 ssh2
May  6 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Failed password for invalid user admin from 66.69.45.127 port 42932 ssh2
May  6 19:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Failed password for root from 218.92.0.201 port 27720 ssh2
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Failed password for invalid user admin from 66.69.45.127 port 42932 ssh2
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Received disconnect from 66.69.45.127 port 42932:11: disconnected by user [preauth]
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: Disconnected from 66.69.45.127 port 42932 [preauth]
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24670]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 19:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23165]: pam_unix(cron:session): session closed for user root
May  6 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Invalid user oracle from 66.69.45.127
May  6 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: input_userauth_request: invalid user oracle [preauth]
May  6 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for invalid user oracle from 66.69.45.127 port 45056 ssh2
May  6 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for invalid user oracle from 66.69.45.127 port 45056 ssh2
May  6 19:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Received disconnect from 218.92.0.201 port 27720:11:  [preauth]
May  6 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: Disconnected from 218.92.0.201 port 27720 [preauth]
May  6 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  6 19:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24660]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for invalid user oracle from 66.69.45.127 port 45056 ssh2
May  6 19:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for invalid user oracle from 66.69.45.127 port 45056 ssh2
May  6 19:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for invalid user oracle from 66.69.45.127 port 45056 ssh2
May  6 19:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for invalid user oracle from 66.69.45.127 port 45056 ssh2
May  6 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: error: maximum authentication attempts exceeded for invalid user oracle from 66.69.45.127 port 45056 ssh2 [preauth]
May  6 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Disconnecting: Too many authentication failures [preauth]
May  6 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Invalid user oracle from 66.69.45.127
May  6 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: input_userauth_request: invalid user oracle [preauth]
May  6 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user oracle from 66.69.45.127 port 48806 ssh2
May  6 19:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user oracle from 66.69.45.127 port 48806 ssh2
May  6 19:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user oracle from 66.69.45.127 port 48806 ssh2
May  6 19:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user oracle from 66.69.45.127 port 48806 ssh2
May  6 19:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user oracle from 66.69.45.127 port 48806 ssh2
May  6 19:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session closed for user p13x
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24849]: Successful su for rubyman by root
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24849]: + ??? root:rubyman
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342226 of user rubyman.
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24849]: pam_unix(su:session): session closed for user rubyman
May  6 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342226.
May  6 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Failed password for invalid user oracle from 66.69.45.127 port 48806 ssh2
May  6 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: error: maximum authentication attempts exceeded for invalid user oracle from 66.69.45.127 port 48806 ssh2 [preauth]
May  6 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: Disconnecting: Too many authentication failures [preauth]
May  6 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24767]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session closed for user root
May  6 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Invalid user oracle from 66.69.45.127
May  6 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: input_userauth_request: invalid user oracle [preauth]
May  6 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user samftp
May  6 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Failed password for invalid user oracle from 66.69.45.127 port 52518 ssh2
May  6 19:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Failed password for invalid user oracle from 66.69.45.127 port 52518 ssh2
May  6 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Received disconnect from 66.69.45.127 port 52518:11: disconnected by user [preauth]
May  6 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Disconnected from 66.69.45.127 port 52518 [preauth]
May  6 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Invalid user usuario from 66.69.45.127
May  6 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: input_userauth_request: invalid user usuario [preauth]
May  6 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user usuario from 66.69.45.127 port 53984 ssh2
May  6 19:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user usuario from 66.69.45.127 port 53984 ssh2
May  6 19:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user usuario from 66.69.45.127 port 53984 ssh2
May  6 19:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user usuario from 66.69.45.127 port 53984 ssh2
May  6 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user usuario from 66.69.45.127 port 53984 ssh2
May  6 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.119.194  user=root
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Failed password for invalid user usuario from 66.69.45.127 port 53984 ssh2
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: error: maximum authentication attempts exceeded for invalid user usuario from 66.69.45.127 port 53984 ssh2 [preauth]
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: Disconnecting: Too many authentication failures [preauth]
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25057]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25088]: Failed password for root from 186.233.119.194 port 43660 ssh2
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25088]: Received disconnect from 186.233.119.194 port 43660:11: Bye Bye [preauth]
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25088]: Disconnected from 186.233.119.194 port 43660 [preauth]
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Invalid user usuario from 66.69.45.127
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: input_userauth_request: invalid user usuario [preauth]
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for invalid user usuario from 66.69.45.127 port 57544 ssh2
May  6 19:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for invalid user usuario from 66.69.45.127 port 57544 ssh2
May  6 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for invalid user usuario from 66.69.45.127 port 57544 ssh2
May  6 19:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for invalid user usuario from 66.69.45.127 port 57544 ssh2
May  6 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23855]: pam_unix(cron:session): session closed for user root
May  6 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for invalid user usuario from 66.69.45.127 port 57544 ssh2
May  6 19:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Failed password for invalid user usuario from 66.69.45.127 port 57544 ssh2
May  6 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: error: maximum authentication attempts exceeded for invalid user usuario from 66.69.45.127 port 57544 ssh2 [preauth]
May  6 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: Disconnecting: Too many authentication failures [preauth]
May  6 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25103]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Invalid user usuario from 66.69.45.127
May  6 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: input_userauth_request: invalid user usuario [preauth]
May  6 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Failed password for invalid user usuario from 66.69.45.127 port 60820 ssh2
May  6 19:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Failed password for invalid user usuario from 66.69.45.127 port 60820 ssh2
May  6 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Received disconnect from 66.69.45.127 port 60820:11: disconnected by user [preauth]
May  6 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: Disconnected from 66.69.45.127 port 60820 [preauth]
May  6 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25156]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Invalid user test from 66.69.45.127
May  6 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: input_userauth_request: invalid user test [preauth]
May  6 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user test from 66.69.45.127 port 33960 ssh2
May  6 19:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user test from 66.69.45.127 port 33960 ssh2
May  6 19:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user test from 66.69.45.127 port 33960 ssh2
May  6 19:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user test from 66.69.45.127 port 33960 ssh2
May  6 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user test from 66.69.45.127 port 33960 ssh2
May  6 19:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for invalid user test from 66.69.45.127 port 33960 ssh2
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: maximum authentication attempts exceeded for invalid user test from 66.69.45.127 port 33960 ssh2 [preauth]
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Disconnecting: Too many authentication failures [preauth]
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session closed for user p13x
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: Successful su for rubyman by root
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: + ??? root:rubyman
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342232 of user rubyman.
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: pam_unix(su:session): session closed for user rubyman
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342232.
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Invalid user test from 66.69.45.127
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: input_userauth_request: invalid user test [preauth]
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
May  6 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Failed password for invalid user test from 66.69.45.127 port 37976 ssh2
May  6 19:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user samftp
May  6 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Failed password for invalid user test from 66.69.45.127 port 37976 ssh2
May  6 19:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Failed password for invalid user test from 66.69.45.127 port 37976 ssh2
May  6 19:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Failed password for invalid user test from 66.69.45.127 port 37976 ssh2
May  6 19:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Failed password for invalid user test from 66.69.45.127 port 37976 ssh2
May  6 19:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Failed password for invalid user test from 66.69.45.127 port 37976 ssh2
May  6 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: error: maximum authentication attempts exceeded for invalid user test from 66.69.45.127 port 37976 ssh2 [preauth]
May  6 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: Disconnecting: Too many authentication failures [preauth]
May  6 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25205]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Invalid user test from 66.69.45.127
May  6 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: input_userauth_request: invalid user test [preauth]
May  6 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Failed password for invalid user test from 66.69.45.127 port 41788 ssh2
May  6 19:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Failed password for invalid user test from 66.69.45.127 port 41788 ssh2
May  6 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Received disconnect from 66.69.45.127 port 41788:11: disconnected by user [preauth]
May  6 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: Disconnected from 66.69.45.127 port 41788 [preauth]
May  6 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25496]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Invalid user user from 66.69.45.127
May  6 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: input_userauth_request: invalid user user [preauth]
May  6 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 66.69.45.127 port 43074 ssh2
May  6 19:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 66.69.45.127 port 43074 ssh2
May  6 19:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 66.69.45.127 port 43074 ssh2
May  6 19:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 66.69.45.127 port 43074 ssh2
May  6 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 66.69.45.127 port 43074 ssh2
May  6 19:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user root
May  6 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 66.69.45.127 port 43074 ssh2
May  6 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: error: maximum authentication attempts exceeded for invalid user user from 66.69.45.127 port 43074 ssh2 [preauth]
May  6 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Disconnecting: Too many authentication failures [preauth]
May  6 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Invalid user user from 66.69.45.127
May  6 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: input_userauth_request: invalid user user [preauth]
May  6 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Failed password for invalid user user from 66.69.45.127 port 46512 ssh2
May  6 19:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Failed password for invalid user user from 66.69.45.127 port 46512 ssh2
May  6 19:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Failed password for invalid user user from 66.69.45.127 port 46512 ssh2
May  6 19:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Failed password for invalid user user from 66.69.45.127 port 46512 ssh2
May  6 19:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Failed password for invalid user user from 66.69.45.127 port 46512 ssh2
May  6 19:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Failed password for invalid user user from 66.69.45.127 port 46512 ssh2
May  6 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: error: maximum authentication attempts exceeded for invalid user user from 66.69.45.127 port 46512 ssh2 [preauth]
May  6 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: Disconnecting: Too many authentication failures [preauth]
May  6 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25578]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Invalid user user from 66.69.45.127
May  6 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: input_userauth_request: invalid user user [preauth]
May  6 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Failed password for invalid user user from 66.69.45.127 port 49936 ssh2
May  6 19:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Failed password for invalid user user from 66.69.45.127 port 49936 ssh2
May  6 19:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Failed password for invalid user user from 66.69.45.127 port 49936 ssh2
May  6 19:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Failed password for invalid user user from 66.69.45.127 port 49936 ssh2
May  6 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Received disconnect from 66.69.45.127 port 49936:11: disconnected by user [preauth]
May  6 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: Disconnected from 66.69.45.127 port 49936 [preauth]
May  6 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25617]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 19:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Invalid user ftpuser from 66.69.45.127
May  6 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: input_userauth_request: invalid user ftpuser [preauth]
May  6 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ftpuser from 66.69.45.127 port 51854 ssh2
May  6 19:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25674]: pam_unix(cron:session): session closed for user p13x
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25757]: Successful su for rubyman by root
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25757]: + ??? root:rubyman
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342234 of user rubyman.
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25757]: pam_unix(su:session): session closed for user rubyman
May  6 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342234.
May  6 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ftpuser from 66.69.45.127 port 51854 ssh2
May  6 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ftpuser from 66.69.45.127 port 51854 ssh2
May  6 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22710]: pam_unix(cron:session): session closed for user root
May  6 19:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25675]: pam_unix(cron:session): session closed for user samftp
May  6 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ftpuser from 66.69.45.127 port 51854 ssh2
May  6 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ftpuser from 66.69.45.127 port 51854 ssh2
May  6 19:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Failed password for invalid user ftpuser from 66.69.45.127 port 51854 ssh2
May  6 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: error: maximum authentication attempts exceeded for invalid user ftpuser from 66.69.45.127 port 51854 ssh2 [preauth]
May  6 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Disconnecting: Too many authentication failures [preauth]
May  6 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Invalid user ftpuser from 66.69.45.127
May  6 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: input_userauth_request: invalid user ftpuser [preauth]
May  6 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user ftpuser from 66.69.45.127 port 55406 ssh2
May  6 19:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user ftpuser from 66.69.45.127 port 55406 ssh2
May  6 19:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user ftpuser from 66.69.45.127 port 55406 ssh2
May  6 19:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user ftpuser from 66.69.45.127 port 55406 ssh2
May  6 19:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user ftpuser from 66.69.45.127 port 55406 ssh2
May  6 19:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user ftpuser from 66.69.45.127 port 55406 ssh2
May  6 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: error: maximum authentication attempts exceeded for invalid user ftpuser from 66.69.45.127 port 55406 ssh2 [preauth]
May  6 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Disconnecting: Too many authentication failures [preauth]
May  6 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Invalid user ftpuser from 66.69.45.127
May  6 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: input_userauth_request: invalid user ftpuser [preauth]
May  6 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user ftpuser from 66.69.45.127 port 58914 ssh2
May  6 19:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user ftpuser from 66.69.45.127 port 58914 ssh2
May  6 19:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user ftpuser from 66.69.45.127 port 58914 ssh2
May  6 19:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Failed password for invalid user ftpuser from 66.69.45.127 port 58914 ssh2
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Received disconnect from 66.69.45.127 port 58914:11: disconnected by user [preauth]
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: Disconnected from 66.69.45.127 port 58914 [preauth]
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26022]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Invalid user test1 from 66.69.45.127
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: input_userauth_request: invalid user test1 [preauth]
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session closed for user root
May  6 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user test1 from 66.69.45.127 port 32850 ssh2
May  6 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user test1 from 66.69.45.127 port 32850 ssh2
May  6 19:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user test1 from 66.69.45.127 port 32850 ssh2
May  6 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user test1 from 66.69.45.127 port 32850 ssh2
May  6 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user test1 from 66.69.45.127 port 32850 ssh2
May  6 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Invalid user support from 182.156.80.11
May  6 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: input_userauth_request: invalid user support [preauth]
May  6 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.156.80.11
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Failed password for invalid user test1 from 66.69.45.127 port 32850 ssh2
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: error: maximum authentication attempts exceeded for invalid user test1 from 66.69.45.127 port 32850 ssh2 [preauth]
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: Disconnecting: Too many authentication failures [preauth]
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26049]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Failed password for invalid user support from 182.156.80.11 port 32808 ssh2
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Invalid user test1 from 66.69.45.127
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: input_userauth_request: invalid user test1 [preauth]
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26088]: Connection closed by 182.156.80.11 port 32808 [preauth]
May  6 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test1 from 66.69.45.127 port 35902 ssh2
May  6 19:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test1 from 66.69.45.127 port 35902 ssh2
May  6 19:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test1 from 66.69.45.127 port 35902 ssh2
May  6 19:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test1 from 66.69.45.127 port 35902 ssh2
May  6 19:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test1 from 66.69.45.127 port 35902 ssh2
May  6 19:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user test1 from 66.69.45.127 port 35902 ssh2
May  6 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: maximum authentication attempts exceeded for invalid user test1 from 66.69.45.127 port 35902 ssh2 [preauth]
May  6 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Disconnecting: Too many authentication failures [preauth]
May  6 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Invalid user test1 from 66.69.45.127
May  6 19:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: input_userauth_request: invalid user test1 [preauth]
May  6 19:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Failed password for invalid user test1 from 66.69.45.127 port 39260 ssh2
May  6 19:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user root
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26144]: pam_unix(cron:session): session closed for user p13x
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Failed password for invalid user test1 from 66.69.45.127 port 39260 ssh2
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Received disconnect from 66.69.45.127 port 39260:11: disconnected by user [preauth]
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: Disconnected from 66.69.45.127 port 39260 [preauth]
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26133]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: Successful su for rubyman by root
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: + ??? root:rubyman
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342242 of user rubyman.
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26213]: pam_unix(su:session): session closed for user rubyman
May  6 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342242.
May  6 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Invalid user test2 from 66.69.45.127
May  6 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: input_userauth_request: invalid user test2 [preauth]
May  6 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session closed for user root
May  6 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Failed password for invalid user test2 from 66.69.45.127 port 40764 ssh2
May  6 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23162]: pam_unix(cron:session): session closed for user root
May  6 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Invalid user demo1 from 157.245.99.182
May  6 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: input_userauth_request: invalid user demo1 [preauth]
May  6 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Failed password for invalid user test2 from 66.69.45.127 port 40764 ssh2
May  6 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session closed for user samftp
May  6 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for invalid user demo1 from 157.245.99.182 port 52648 ssh2
May  6 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Received disconnect from 157.245.99.182 port 52648:11: Bye Bye [preauth]
May  6 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Disconnected from 157.245.99.182 port 52648 [preauth]
May  6 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Failed password for invalid user test2 from 66.69.45.127 port 40764 ssh2
May  6 19:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Failed password for invalid user test2 from 66.69.45.127 port 40764 ssh2
May  6 19:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Failed password for invalid user test2 from 66.69.45.127 port 40764 ssh2
May  6 19:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Failed password for invalid user test2 from 66.69.45.127 port 40764 ssh2
May  6 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: error: maximum authentication attempts exceeded for invalid user test2 from 66.69.45.127 port 40764 ssh2 [preauth]
May  6 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: Disconnecting: Too many authentication failures [preauth]
May  6 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26211]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Invalid user test2 from 66.69.45.127
May  6 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: input_userauth_request: invalid user test2 [preauth]
May  6 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user test2 from 66.69.45.127 port 43846 ssh2
May  6 19:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user test2 from 66.69.45.127 port 43846 ssh2
May  6 19:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user test2 from 66.69.45.127 port 43846 ssh2
May  6 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user test2 from 66.69.45.127 port 43846 ssh2
May  6 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user test2 from 66.69.45.127 port 43846 ssh2
May  6 19:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user test2 from 66.69.45.127 port 43846 ssh2
May  6 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: error: maximum authentication attempts exceeded for invalid user test2 from 66.69.45.127 port 43846 ssh2 [preauth]
May  6 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Disconnecting: Too many authentication failures [preauth]
May  6 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Invalid user test2 from 66.69.45.127
May  6 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: input_userauth_request: invalid user test2 [preauth]
May  6 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 218.92.0.179 port 55970 ssh2
May  6 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user test2 from 66.69.45.127 port 47462 ssh2
May  6 19:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 218.92.0.179 port 55970 ssh2
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Failed password for invalid user test2 from 66.69.45.127 port 47462 ssh2
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Received disconnect from 66.69.45.127 port 47462:11: disconnected by user [preauth]
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: Disconnected from 66.69.45.127 port 47462 [preauth]
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26571]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25220]: pam_unix(cron:session): session closed for user root
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Invalid user ubuntu from 66.69.45.127
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: input_userauth_request: invalid user ubuntu [preauth]
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 218.92.0.179 port 55970 ssh2
May  6 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Received disconnect from 218.92.0.179 port 55970:11:  [preauth]
May  6 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Disconnected from 218.92.0.179 port 55970 [preauth]
May  6 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for invalid user ubuntu from 66.69.45.127 port 48816 ssh2
May  6 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for invalid user ubuntu from 66.69.45.127 port 48816 ssh2
May  6 19:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for invalid user ubuntu from 66.69.45.127 port 48816 ssh2
May  6 19:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for invalid user ubuntu from 66.69.45.127 port 48816 ssh2
May  6 19:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for invalid user ubuntu from 66.69.45.127 port 48816 ssh2
May  6 19:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for invalid user ubuntu from 66.69.45.127 port 48816 ssh2
May  6 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: error: maximum authentication attempts exceeded for invalid user ubuntu from 66.69.45.127 port 48816 ssh2 [preauth]
May  6 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Disconnecting: Too many authentication failures [preauth]
May  6 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Invalid user ubuntu from 66.69.45.127
May  6 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: input_userauth_request: invalid user ubuntu [preauth]
May  6 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user ubuntu from 66.69.45.127 port 52086 ssh2
May  6 19:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user ubuntu from 66.69.45.127 port 52086 ssh2
May  6 19:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user ubuntu from 66.69.45.127 port 52086 ssh2
May  6 19:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user ubuntu from 66.69.45.127 port 52086 ssh2
May  6 19:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user ubuntu from 66.69.45.127 port 52086 ssh2
May  6 19:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Failed password for invalid user ubuntu from 66.69.45.127 port 52086 ssh2
May  6 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: error: maximum authentication attempts exceeded for invalid user ubuntu from 66.69.45.127 port 52086 ssh2 [preauth]
May  6 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: Disconnecting: Too many authentication failures [preauth]
May  6 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26633]: PAM service(sshd) ignoring max retries; 6 > 3
May  6 19:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Invalid user ubuntu from 66.69.45.127
May  6 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: input_userauth_request: invalid user ubuntu [preauth]
May  6 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26667]: pam_unix(cron:session): session closed for user p13x
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: Successful su for rubyman by root
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: + ??? root:rubyman
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342244 of user rubyman.
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26735]: pam_unix(su:session): session closed for user rubyman
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342244.
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Failed password for invalid user ubuntu from 66.69.45.127 port 55372 ssh2
May  6 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Failed password for invalid user ubuntu from 66.69.45.127 port 55372 ssh2
May  6 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23852]: pam_unix(cron:session): session closed for user root
May  6 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session closed for user samftp
May  6 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Failed password for invalid user ubuntu from 66.69.45.127 port 55372 ssh2
May  6 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Failed password for invalid user ubuntu from 66.69.45.127 port 55372 ssh2
May  6 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Received disconnect from 66.69.45.127 port 55372:11: disconnected by user [preauth]
May  6 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: Disconnected from 66.69.45.127 port 55372 [preauth]
May  6 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26664]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Invalid user pi from 66.69.45.127
May  6 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: input_userauth_request: invalid user pi [preauth]
May  6 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Failed password for invalid user pi from 66.69.45.127 port 57960 ssh2
May  6 19:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Failed password for invalid user pi from 66.69.45.127 port 57960 ssh2
May  6 19:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Failed password for invalid user pi from 66.69.45.127 port 57960 ssh2
May  6 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Failed password for invalid user pi from 66.69.45.127 port 57960 ssh2
May  6 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Received disconnect from 66.69.45.127 port 57960:11: disconnected by user [preauth]
May  6 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: Disconnected from 66.69.45.127 port 57960 [preauth]
May  6 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: PAM service(sshd) ignoring max retries; 4 > 3
May  6 19:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Invalid user baikal from 66.69.45.127
May  6 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: input_userauth_request: invalid user baikal [preauth]
May  6 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.69.45.127
May  6 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Failed password for invalid user baikal from 66.69.45.127 port 60462 ssh2
May  6 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Received disconnect from 66.69.45.127 port 60462:11: disconnected by user [preauth]
May  6 19:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26991]: Disconnected from 66.69.45.127 port 60462 [preauth]
May  6 19:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25677]: pam_unix(cron:session): session closed for user root
May  6 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27156]: pam_unix(cron:session): session closed for user p13x
May  6 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27225]: Successful su for rubyman by root
May  6 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27225]: + ??? root:rubyman
May  6 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342248 of user rubyman.
May  6 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27225]: pam_unix(su:session): session closed for user rubyman
May  6 19:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342248.
May  6 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user root
May  6 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27157]: pam_unix(cron:session): session closed for user samftp
May  6 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session closed for user p13x
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: Successful su for rubyman by root
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: + ??? root:rubyman
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342253 of user rubyman.
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: pam_unix(su:session): session closed for user rubyman
May  6 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342253.
May  6 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session closed for user root
May  6 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Failed password for root from 193.70.84.184 port 47664 ssh2
May  6 19:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27689]: Connection closed by 193.70.84.184 port 47664 [preauth]
May  6 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27627]: pam_unix(cron:session): session closed for user samftp
May  6 19:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26670]: pam_unix(cron:session): session closed for user root
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28032]: pam_unix(cron:session): session closed for user p13x
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: Successful su for rubyman by root
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: + ??? root:rubyman
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342258 of user rubyman.
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28094]: pam_unix(su:session): session closed for user rubyman
May  6 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342258.
May  6 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session closed for user root
May  6 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28033]: pam_unix(cron:session): session closed for user samftp
May  6 19:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Invalid user admin from 80.94.95.241
May  6 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: input_userauth_request: invalid user admin [preauth]
May  6 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 19:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for invalid user admin from 80.94.95.241 port 31645 ssh2
May  6 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for invalid user admin from 80.94.95.241 port 31645 ssh2
May  6 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for invalid user admin from 80.94.95.241 port 31645 ssh2
May  6 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session closed for user root
May  6 19:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Failed password for root from 218.92.0.179 port 45865 ssh2
May  6 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for invalid user admin from 80.94.95.241 port 31645 ssh2
May  6 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Failed password for root from 218.92.0.179 port 45865 ssh2
May  6 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Failed password for invalid user admin from 80.94.95.241 port 31645 ssh2
May  6 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Received disconnect from 80.94.95.241 port 31645:11: Bye [preauth]
May  6 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: Disconnected from 80.94.95.241 port 31645 [preauth]
May  6 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28338]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Failed password for root from 218.92.0.179 port 45865 ssh2
May  6 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Received disconnect from 218.92.0.179 port 45865:11:  [preauth]
May  6 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: Disconnected from 218.92.0.179 port 45865 [preauth]
May  6 19:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28351]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session closed for user root
May  6 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user p13x
May  6 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: Successful su for rubyman by root
May  6 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: + ??? root:rubyman
May  6 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342263 of user rubyman.
May  6 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: pam_unix(su:session): session closed for user rubyman
May  6 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342263.
May  6 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session closed for user root
May  6 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25676]: pam_unix(cron:session): session closed for user root
May  6 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session closed for user samftp
May  6 19:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Invalid user mariadb from 157.245.99.182
May  6 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: input_userauth_request: invalid user mariadb [preauth]
May  6 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Failed password for invalid user mariadb from 157.245.99.182 port 37992 ssh2
May  6 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Received disconnect from 157.245.99.182 port 37992:11: Bye Bye [preauth]
May  6 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28779]: Disconnected from 157.245.99.182 port 37992 [preauth]
May  6 19:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Invalid user test from 94.141.103.179
May  6 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: input_userauth_request: invalid user test [preauth]
May  6 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Failed password for invalid user test from 94.141.103.179 port 60242 ssh2
May  6 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Received disconnect from 94.141.103.179 port 60242:11: Bye Bye [preauth]
May  6 19:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28790]: Disconnected from 94.141.103.179 port 60242 [preauth]
May  6 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27629]: pam_unix(cron:session): session closed for user root
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28882]: pam_unix(cron:session): session closed for user p13x
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: Successful su for rubyman by root
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: + ??? root:rubyman
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342267 of user rubyman.
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: pam_unix(su:session): session closed for user rubyman
May  6 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342267.
May  6 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user root
May  6 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28883]: pam_unix(cron:session): session closed for user samftp
May  6 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28035]: pam_unix(cron:session): session closed for user root
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29392]: pam_unix(cron:session): session closed for user p13x
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29455]: Successful su for rubyman by root
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29455]: + ??? root:rubyman
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342271 of user rubyman.
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29455]: pam_unix(su:session): session closed for user rubyman
May  6 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342271.
May  6 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26669]: pam_unix(cron:session): session closed for user root
May  6 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29393]: pam_unix(cron:session): session closed for user samftp
May  6 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.119.194  user=root
May  6 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29705]: Failed password for root from 186.233.119.194 port 39596 ssh2
May  6 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29705]: Received disconnect from 186.233.119.194 port 39596:11: Bye Bye [preauth]
May  6 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29705]: Disconnected from 186.233.119.194 port 39596 [preauth]
May  6 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28450]: pam_unix(cron:session): session closed for user root
May  6 19:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session closed for user p13x
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Invalid user operator from 194.0.234.19
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: input_userauth_request: invalid user operator [preauth]
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: Successful su for rubyman by root
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: + ??? root:rubyman
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342274 of user rubyman.
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29869]: pam_unix(su:session): session closed for user rubyman
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342274.
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27158]: pam_unix(cron:session): session closed for user root
May  6 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Failed password for invalid user operator from 194.0.234.19 port 32832 ssh2
May  6 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Connection closed by 194.0.234.19 port 32832 [preauth]
May  6 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session closed for user samftp
May  6 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session closed for user root
May  6 19:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Failed password for root from 218.92.0.179 port 57467 ssh2
May  6 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57467 ssh2]
May  6 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Received disconnect from 218.92.0.179 port 57467:11:  [preauth]
May  6 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Disconnected from 218.92.0.179 port 57467 [preauth]
May  6 19:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session closed for user p13x
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: Successful su for rubyman by root
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: + ??? root:rubyman
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342279 of user rubyman.
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: pam_unix(su:session): session closed for user rubyman
May  6 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342279.
May  6 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27628]: pam_unix(cron:session): session closed for user root
May  6 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30208]: pam_unix(cron:session): session closed for user samftp
May  6 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Invalid user squid from 80.94.95.125
May  6 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: input_userauth_request: invalid user squid [preauth]
May  6 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Failed password for invalid user squid from 80.94.95.125 port 44734 ssh2
May  6 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Failed password for invalid user squid from 80.94.95.125 port 44734 ssh2
May  6 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Failed password for invalid user squid from 80.94.95.125 port 44734 ssh2
May  6 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Failed password for invalid user squid from 80.94.95.125 port 44734 ssh2
May  6 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Failed password for invalid user squid from 80.94.95.125 port 44734 ssh2
May  6 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Received disconnect from 80.94.95.125 port 44734:11: Bye [preauth]
May  6 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: Disconnected from 80.94.95.125 port 44734 [preauth]
May  6 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30451]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29395]: pam_unix(cron:session): session closed for user root
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30603]: pam_unix(cron:session): session closed for user root
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session closed for user p13x
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30667]: Successful su for rubyman by root
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30667]: + ??? root:rubyman
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342282 of user rubyman.
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30667]: pam_unix(su:session): session closed for user rubyman
May  6 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342282.
May  6 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30600]: pam_unix(cron:session): session closed for user root
May  6 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28034]: pam_unix(cron:session): session closed for user root
May  6 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session closed for user samftp
May  6 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Invalid user mahmoud from 94.141.103.179
May  6 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: input_userauth_request: invalid user mahmoud [preauth]
May  6 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Failed password for invalid user mahmoud from 94.141.103.179 port 40884 ssh2
May  6 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Received disconnect from 94.141.103.179 port 40884:11: Bye Bye [preauth]
May  6 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: Disconnected from 94.141.103.179 port 40884 [preauth]
May  6 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session closed for user root
May  6 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Invalid user scan from 157.245.99.182
May  6 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: input_userauth_request: invalid user scan [preauth]
May  6 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Failed password for invalid user scan from 157.245.99.182 port 43604 ssh2
May  6 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Received disconnect from 157.245.99.182 port 43604:11: Bye Bye [preauth]
May  6 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31083]: Disconnected from 157.245.99.182 port 43604 [preauth]
May  6 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31124]: pam_unix(cron:session): session closed for user p13x
May  6 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: Successful su for rubyman by root
May  6 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: + ??? root:rubyman
May  6 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342290 of user rubyman.
May  6 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: pam_unix(su:session): session closed for user rubyman
May  6 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342290.
May  6 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session closed for user root
May  6 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31125]: pam_unix(cron:session): session closed for user samftp
May  6 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session closed for user root
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session closed for user p13x
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31610]: Successful su for rubyman by root
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31610]: + ??? root:rubyman
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342293 of user rubyman.
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31610]: pam_unix(su:session): session closed for user rubyman
May  6 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342293.
May  6 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28884]: pam_unix(cron:session): session closed for user root
May  6 19:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session closed for user samftp
May  6 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Invalid user admin from 80.94.95.112
May  6 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: input_userauth_request: invalid user admin [preauth]
May  6 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for invalid user admin from 80.94.95.112 port 32166 ssh2
May  6 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for invalid user admin from 80.94.95.112 port 32166 ssh2
May  6 19:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for invalid user admin from 80.94.95.112 port 32166 ssh2
May  6 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for invalid user admin from 80.94.95.112 port 32166 ssh2
May  6 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30602]: pam_unix(cron:session): session closed for user root
May  6 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Failed password for invalid user admin from 80.94.95.112 port 32166 ssh2
May  6 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Received disconnect from 80.94.95.112 port 32166:11: Bye [preauth]
May  6 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: Disconnected from 80.94.95.112 port 32166 [preauth]
May  6 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31879]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32093]: pam_unix(cron:session): session closed for user p13x
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: Successful su for rubyman by root
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: + ??? root:rubyman
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342297 of user rubyman.
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32316]: pam_unix(su:session): session closed for user rubyman
May  6 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342297.
May  6 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29394]: pam_unix(cron:session): session closed for user root
May  6 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32105]: pam_unix(cron:session): session closed for user samftp
May  6 19:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Invalid user ts3server from 186.233.119.194
May  6 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: input_userauth_request: invalid user ts3server [preauth]
May  6 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): check pass; user unknown
May  6 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.119.194
May  6 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Failed password for invalid user ts3server from 186.233.119.194 port 48148 ssh2
May  6 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Received disconnect from 186.233.119.194 port 48148:11: Bye Bye [preauth]
May  6 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Disconnected from 186.233.119.194 port 48148 [preauth]
May  6 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31127]: pam_unix(cron:session): session closed for user root
May  6 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session closed for user p13x
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[429]: Successful su for rubyman by root
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[429]: + ??? root:rubyman
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342300 of user rubyman.
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[429]: pam_unix(su:session): session closed for user rubyman
May  6 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342300.
May  6 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29804]: pam_unix(cron:session): session closed for user root
May  6 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[328]: pam_unix(cron:session): session closed for user samftp
May  6 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session closed for user root
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session closed for user root
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[842]: pam_unix(cron:session): session closed for user root
May  6 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[840]: pam_unix(cron:session): session closed for user p13x
May  6 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: Successful su for rubyman by root
May  6 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: + ??? root:rubyman
May  6 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342308 of user rubyman.
May  6 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[959]: pam_unix(su:session): session closed for user rubyman
May  6 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342308.
May  6 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session closed for user root
May  6 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[844]: pam_unix(cron:session): session closed for user root
May  6 20:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Invalid user sanjeev from 94.141.103.179
May  6 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: input_userauth_request: invalid user sanjeev [preauth]
May  6 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[841]: pam_unix(cron:session): session closed for user samftp
May  6 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Failed password for invalid user sanjeev from 94.141.103.179 port 54012 ssh2
May  6 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Received disconnect from 94.141.103.179 port 54012:11: Bye Bye [preauth]
May  6 20:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1199]: Disconnected from 94.141.103.179 port 54012 [preauth]
May  6 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32107]: pam_unix(cron:session): session closed for user root
May  6 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Invalid user fin from 157.245.99.182
May  6 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: input_userauth_request: invalid user fin [preauth]
May  6 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Failed password for invalid user fin from 157.245.99.182 port 58866 ssh2
May  6 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Received disconnect from 157.245.99.182 port 58866:11: Bye Bye [preauth]
May  6 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1413]: Disconnected from 157.245.99.182 port 58866 [preauth]
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1455]: pam_unix(cron:session): session closed for user p13x
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: Successful su for rubyman by root
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: + ??? root:rubyman
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342314 of user rubyman.
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: pam_unix(su:session): session closed for user rubyman
May  6 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342314.
May  6 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session closed for user root
May  6 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1457]: pam_unix(cron:session): session closed for user samftp
May  6 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[334]: pam_unix(cron:session): session closed for user root
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session closed for user p13x
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: Successful su for rubyman by root
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: + ??? root:rubyman
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342315 of user rubyman.
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: pam_unix(su:session): session closed for user rubyman
May  6 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342315.
May  6 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31126]: pam_unix(cron:session): session closed for user root
May  6 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session closed for user samftp
May  6 20:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session closed for user root
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2405]: pam_unix(cron:session): session closed for user p13x
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2471]: Successful su for rubyman by root
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2471]: + ??? root:rubyman
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342321 of user rubyman.
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2471]: pam_unix(su:session): session closed for user rubyman
May  6 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342321.
May  6 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session closed for user root
May  6 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session closed for user samftp
May  6 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session closed for user root
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session closed for user p13x
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2908]: Successful su for rubyman by root
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2908]: + ??? root:rubyman
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342324 of user rubyman.
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2908]: pam_unix(su:session): session closed for user rubyman
May  6 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342324.
May  6 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32106]: pam_unix(cron:session): session closed for user root
May  6 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session closed for user samftp
May  6 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1971]: pam_unix(cron:session): session closed for user root
May  6 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: Failed password for root from 94.141.103.179 port 40940 ssh2
May  6 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: Received disconnect from 94.141.103.179 port 40940:11: Bye Bye [preauth]
May  6 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: Disconnected from 94.141.103.179 port 40940 [preauth]
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3250]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3254]: pam_unix(cron:session): session closed for user root
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3249]: pam_unix(cron:session): session closed for user p13x
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: Successful su for rubyman by root
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: + ??? root:rubyman
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342330 of user rubyman.
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3313]: pam_unix(su:session): session closed for user rubyman
May  6 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342330.
May  6 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3251]: pam_unix(cron:session): session closed for user root
May  6 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[333]: pam_unix(cron:session): session closed for user root
May  6 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3250]: pam_unix(cron:session): session closed for user samftp
May  6 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session closed for user root
May  6 20:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3728]: pam_unix(cron:session): session closed for user p13x
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: Successful su for rubyman by root
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: + ??? root:rubyman
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342335 of user rubyman.
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3796]: pam_unix(su:session): session closed for user rubyman
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342335.
May  6 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 80.94.95.29 port 47684 ssh2
May  6 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 80.94.95.29 port 47684 ssh2
May  6 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[845]: pam_unix(cron:session): session closed for user root
May  6 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3729]: pam_unix(cron:session): session closed for user samftp
May  6 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Invalid user autologin from 157.245.99.182
May  6 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: input_userauth_request: invalid user autologin [preauth]
May  6 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 80.94.95.29 port 47684 ssh2
May  6 20:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Failed password for invalid user autologin from 157.245.99.182 port 43198 ssh2
May  6 20:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Received disconnect from 157.245.99.182 port 43198:11: Bye Bye [preauth]
May  6 20:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: Disconnected from 157.245.99.182 port 43198 [preauth]
May  6 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 80.94.95.29 port 47684 ssh2
May  6 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 80.94.95.29 port 47684 ssh2
May  6 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Received disconnect from 80.94.95.29 port 47684:11: Bye [preauth]
May  6 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Disconnected from 80.94.95.29 port 47684 [preauth]
May  6 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user root
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4175]: pam_unix(cron:session): session closed for user p13x
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: Successful su for rubyman by root
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: + ??? root:rubyman
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342338 of user rubyman.
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: pam_unix(su:session): session closed for user rubyman
May  6 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342338.
May  6 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session closed for user root
May  6 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user samftp
May  6 20:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3253]: pam_unix(cron:session): session closed for user root
May  6 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4738]: pam_unix(cron:session): session closed for user p13x
May  6 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4800]: Successful su for rubyman by root
May  6 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4800]: + ??? root:rubyman
May  6 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342342 of user rubyman.
May  6 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4800]: pam_unix(su:session): session closed for user rubyman
May  6 20:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342342.
May  6 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session closed for user root
May  6 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4739]: pam_unix(cron:session): session closed for user samftp
May  6 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session closed for user root
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user p13x
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: Successful su for rubyman by root
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: + ??? root:rubyman
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342348 of user rubyman.
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5480]: pam_unix(su:session): session closed for user rubyman
May  6 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342348.
May  6 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session closed for user root
May  6 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session closed for user root
May  6 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user samftp
May  6 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session closed for user root
May  6 20:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Failed password for root from 94.141.103.179 port 34110 ssh2
May  6 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Received disconnect from 94.141.103.179 port 34110:11: Bye Bye [preauth]
May  6 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5905]: Disconnected from 94.141.103.179 port 34110 [preauth]
May  6 20:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: Invalid user develop from 50.235.31.47
May  6 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: input_userauth_request: invalid user develop [preauth]
May  6 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 20:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: Failed password for invalid user develop from 50.235.31.47 port 54926 ssh2
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5987]: Connection closed by 50.235.31.47 port 54926 [preauth]
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user root
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5990]: pam_unix(cron:session): session closed for user p13x
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6069]: Successful su for rubyman by root
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6069]: + ??? root:rubyman
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342350 of user rubyman.
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6069]: pam_unix(su:session): session closed for user rubyman
May  6 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342350.
May  6 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user root
May  6 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session closed for user root
May  6 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user samftp
May  6 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4741]: pam_unix(cron:session): session closed for user root
May  6 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Invalid user mok from 186.96.145.241
May  6 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: input_userauth_request: invalid user mok [preauth]
May  6 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 20:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Failed password for invalid user mok from 186.96.145.241 port 53636 ssh2
May  6 20:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Connection closed by 186.96.145.241 port 53636 [preauth]
May  6 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6450]: pam_unix(cron:session): session closed for user p13x
May  6 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6518]: Successful su for rubyman by root
May  6 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6518]: + ??? root:rubyman
May  6 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342356 of user rubyman.
May  6 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6518]: pam_unix(su:session): session closed for user rubyman
May  6 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342356.
May  6 20:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3252]: pam_unix(cron:session): session closed for user root
May  6 20:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6451]: pam_unix(cron:session): session closed for user samftp
May  6 20:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Invalid user librenms from 157.245.99.182
May  6 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: input_userauth_request: invalid user librenms [preauth]
May  6 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Failed password for invalid user librenms from 157.245.99.182 port 55204 ssh2
May  6 20:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Received disconnect from 157.245.99.182 port 55204:11: Bye Bye [preauth]
May  6 20:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6763]: Disconnected from 157.245.99.182 port 55204 [preauth]
May  6 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session closed for user root
May  6 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6863]: pam_unix(cron:session): session closed for user p13x
May  6 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: Successful su for rubyman by root
May  6 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: + ??? root:rubyman
May  6 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342361 of user rubyman.
May  6 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7013]: pam_unix(su:session): session closed for user rubyman
May  6 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342361.
May  6 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session closed for user root
May  6 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6864]: pam_unix(cron:session): session closed for user samftp
May  6 20:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
May  6 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user p13x
May  6 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: Successful su for rubyman by root
May  6 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: + ??? root:rubyman
May  6 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342365 of user rubyman.
May  6 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7423]: pam_unix(su:session): session closed for user rubyman
May  6 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342365.
May  6 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user root
May  6 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user samftp
May  6 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6453]: pam_unix(cron:session): session closed for user root
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7883]: pam_unix(cron:session): session closed for user p13x
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7947]: Successful su for rubyman by root
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7947]: + ??? root:rubyman
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342369 of user rubyman.
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7947]: pam_unix(su:session): session closed for user rubyman
May  6 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342369.
May  6 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4740]: pam_unix(cron:session): session closed for user root
May  6 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session closed for user samftp
May  6 20:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Invalid user wd from 94.141.103.179
May  6 20:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: input_userauth_request: invalid user wd [preauth]
May  6 20:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 20:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Failed password for invalid user wd from 94.141.103.179 port 59312 ssh2
May  6 20:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Received disconnect from 94.141.103.179 port 59312:11: Bye Bye [preauth]
May  6 20:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8185]: Disconnected from 94.141.103.179 port 59312 [preauth]
May  6 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6866]: pam_unix(cron:session): session closed for user root
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user root
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user p13x
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: Successful su for rubyman by root
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: + ??? root:rubyman
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342374 of user rubyman.
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8388]: pam_unix(su:session): session closed for user rubyman
May  6 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342374.
May  6 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8318]: pam_unix(cron:session): session closed for user root
May  6 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user root
May  6 20:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session closed for user samftp
May  6 20:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session closed for user root
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session closed for user p13x
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: Successful su for rubyman by root
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: + ??? root:rubyman
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342379 of user rubyman.
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: pam_unix(su:session): session closed for user rubyman
May  6 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342379.
May  6 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user root
May  6 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session closed for user samftp
May  6 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7886]: pam_unix(cron:session): session closed for user root
May  6 20:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Invalid user render from 157.245.99.182
May  6 20:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: input_userauth_request: invalid user render [preauth]
May  6 20:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for invalid user render from 157.245.99.182 port 39816 ssh2
May  6 20:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Received disconnect from 157.245.99.182 port 39816:11: Bye Bye [preauth]
May  6 20:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Disconnected from 157.245.99.182 port 39816 [preauth]
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user root
May  6 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session closed for user p13x
May  6 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: Successful su for rubyman by root
May  6 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: + ??? root:rubyman
May  6 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342382 of user rubyman.
May  6 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9374]: pam_unix(su:session): session closed for user rubyman
May  6 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342382.
May  6 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6452]: pam_unix(cron:session): session closed for user root
May  6 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user samftp
May  6 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user root
May  6 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9708]: pam_unix(cron:session): session closed for user p13x
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: Successful su for rubyman by root
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: + ??? root:rubyman
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342388 of user rubyman.
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9782]: pam_unix(su:session): session closed for user rubyman
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342388.
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Invalid user 1234 from 194.0.234.19
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: input_userauth_request: invalid user 1234 [preauth]
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Failed password for invalid user 1234 from 194.0.234.19 port 39994 ssh2
May  6 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9705]: Connection closed by 194.0.234.19 port 39994 [preauth]
May  6 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6865]: pam_unix(cron:session): session closed for user root
May  6 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9709]: pam_unix(cron:session): session closed for user samftp
May  6 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8779]: pam_unix(cron:session): session closed for user root
May  6 20:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Bad protocol version identification '\026\003\001' from 184.105.247.196 port 61088
May  6 20:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10119]: pam_unix(cron:session): session closed for user p13x
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Failed password for root from 94.141.103.179 port 59122 ssh2
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Received disconnect from 94.141.103.179 port 59122:11: Bye Bye [preauth]
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10108]: Disconnected from 94.141.103.179 port 59122 [preauth]
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: Successful su for rubyman by root
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: + ??? root:rubyman
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342393 of user rubyman.
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10177]: pam_unix(su:session): session closed for user rubyman
May  6 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342393.
May  6 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user root
May  6 20:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10120]: pam_unix(cron:session): session closed for user samftp
May  6 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10463]: Invalid user  from 83.222.191.218
May  6 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10463]: input_userauth_request: invalid user  [preauth]
May  6 20:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10463]: Connection closed by 83.222.191.218 port 46704 [preauth]
May  6 20:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user root
May  6 20:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.159.119  user=root
May  6 20:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: Failed password for root from 103.146.159.119 port 34592 ssh2
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10497]: Connection closed by 103.146.159.119 port 34592 [preauth]
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user root
May  6 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session closed for user p13x
May  6 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10758]: Successful su for rubyman by root
May  6 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10758]: + ??? root:rubyman
May  6 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342400 of user rubyman.
May  6 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10758]: pam_unix(su:session): session closed for user rubyman
May  6 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342400.
May  6 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10645]: pam_unix(cron:session): session closed for user root
May  6 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7885]: pam_unix(cron:session): session closed for user root
May  6 20:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session closed for user samftp
May  6 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9711]: pam_unix(cron:session): session closed for user root
May  6 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session closed for user p13x
May  6 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: Successful su for rubyman by root
May  6 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: + ??? root:rubyman
May  6 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342403 of user rubyman.
May  6 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11175]: pam_unix(su:session): session closed for user rubyman
May  6 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342403.
May  6 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session closed for user root
May  6 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user samftp
May  6 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10122]: pam_unix(cron:session): session closed for user root
May  6 20:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user p13x
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11578]: Successful su for rubyman by root
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11578]: + ??? root:rubyman
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342405 of user rubyman.
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11578]: pam_unix(su:session): session closed for user rubyman
May  6 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342405.
May  6 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session closed for user root
May  6 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session closed for user samftp
May  6 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Invalid user profe from 157.245.99.182
May  6 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: input_userauth_request: invalid user profe [preauth]
May  6 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Failed password for invalid user profe from 157.245.99.182 port 46840 ssh2
May  6 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Received disconnect from 157.245.99.182 port 46840:11: Bye Bye [preauth]
May  6 20:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11742]: Disconnected from 157.245.99.182 port 46840 [preauth]
May  6 20:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Invalid user user from 103.146.159.119
May  6 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: input_userauth_request: invalid user user [preauth]
May  6 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.159.119
May  6 20:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Failed password for invalid user user from 103.146.159.119 port 57292 ssh2
May  6 20:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11792]: Connection closed by 103.146.159.119 port 57292 [preauth]
May  6 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session closed for user root
May  6 20:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Invalid user gitlab from 103.146.159.119
May  6 20:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: input_userauth_request: invalid user gitlab [preauth]
May  6 20:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.159.119
May  6 20:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Failed password for invalid user gitlab from 103.146.159.119 port 56970 ssh2
May  6 20:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Connection closed by 103.146.159.119 port 56970 [preauth]
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11923]: pam_unix(cron:session): session closed for user p13x
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11983]: Successful su for rubyman by root
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11983]: + ??? root:rubyman
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342409 of user rubyman.
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11983]: pam_unix(su:session): session closed for user rubyman
May  6 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342409.
May  6 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session closed for user root
May  6 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session closed for user samftp
May  6 20:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Invalid user administrator from 80.94.95.29
May  6 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: input_userauth_request: invalid user administrator [preauth]
May  6 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 20:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for invalid user administrator from 80.94.95.29 port 49861 ssh2
May  6 20:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Invalid user pi from 103.146.159.119
May  6 20:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: input_userauth_request: invalid user pi [preauth]
May  6 20:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.159.119
May  6 20:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for invalid user administrator from 80.94.95.29 port 49861 ssh2
May  6 20:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Failed password for invalid user pi from 103.146.159.119 port 52214 ssh2
May  6 20:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11491]: Connection closed by 103.146.159.119 port 52214 [preauth]
May  6 20:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for invalid user administrator from 80.94.95.29 port 49861 ssh2
May  6 20:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for invalid user administrator from 80.94.95.29 port 49861 ssh2
May  6 20:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Failed password for invalid user administrator from 80.94.95.29 port 49861 ssh2
May  6 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Received disconnect from 80.94.95.29 port 49861:11: Bye [preauth]
May  6 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: Disconnected from 80.94.95.29 port 49861 [preauth]
May  6 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12191]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11109]: pam_unix(cron:session): session closed for user root
May  6 20:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Invalid user esroot from 103.146.159.119
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: input_userauth_request: invalid user esroot [preauth]
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.159.119
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Invalid user ljh from 94.141.103.179
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: input_userauth_request: invalid user ljh [preauth]
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Failed password for invalid user esroot from 103.146.159.119 port 56958 ssh2
May  6 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Failed password for invalid user ljh from 94.141.103.179 port 40938 ssh2
May  6 20:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Connection closed by 103.146.159.119 port 56958 [preauth]
May  6 20:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Received disconnect from 94.141.103.179 port 40938:11: Bye Bye [preauth]
May  6 20:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12283]: Disconnected from 94.141.103.179 port 40938 [preauth]
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12327]: pam_unix(cron:session): session closed for user p13x
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: Successful su for rubyman by root
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: + ??? root:rubyman
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342415 of user rubyman.
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12389]: pam_unix(su:session): session closed for user rubyman
May  6 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342415.
May  6 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9710]: pam_unix(cron:session): session closed for user root
May  6 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session closed for user samftp
May  6 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session closed for user root
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12714]: pam_unix(cron:session): session closed for user root
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session closed for user p13x
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: Successful su for rubyman by root
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: + ??? root:rubyman
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342418 of user rubyman.
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: pam_unix(su:session): session closed for user rubyman
May  6 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342418.
May  6 20:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10121]: pam_unix(cron:session): session closed for user root
May  6 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12711]: pam_unix(cron:session): session closed for user root
May  6 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Invalid user admin from 80.94.95.241
May  6 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: input_userauth_request: invalid user admin [preauth]
May  6 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user admin from 80.94.95.241 port 39453 ssh2
May  6 20:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12710]: pam_unix(cron:session): session closed for user samftp
May  6 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user admin from 80.94.95.241 port 39453 ssh2
May  6 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user admin from 80.94.95.241 port 39453 ssh2
May  6 20:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user admin from 80.94.95.241 port 39453 ssh2
May  6 20:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Failed password for invalid user admin from 80.94.95.241 port 39453 ssh2
May  6 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Received disconnect from 80.94.95.241 port 39453:11: Bye [preauth]
May  6 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: Disconnected from 80.94.95.241 port 39453 [preauth]
May  6 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12897]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session closed for user root
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13131]: pam_unix(cron:session): session closed for user p13x
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: Successful su for rubyman by root
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: + ??? root:rubyman
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342425 of user rubyman.
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13198]: pam_unix(su:session): session closed for user rubyman
May  6 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342425.
May  6 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10646]: pam_unix(cron:session): session closed for user root
May  6 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session closed for user samftp
May  6 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12330]: pam_unix(cron:session): session closed for user root
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13639]: pam_unix(cron:session): session closed for user p13x
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: Successful su for rubyman by root
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: + ??? root:rubyman
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342428 of user rubyman.
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13707]: pam_unix(su:session): session closed for user rubyman
May  6 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342428.
May  6 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11107]: pam_unix(cron:session): session closed for user root
May  6 20:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13640]: pam_unix(cron:session): session closed for user samftp
May  6 20:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Invalid user ekp from 157.245.99.182
May  6 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: input_userauth_request: invalid user ekp [preauth]
May  6 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Failed password for invalid user ekp from 157.245.99.182 port 43234 ssh2
May  6 20:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Received disconnect from 157.245.99.182 port 43234:11: Bye Bye [preauth]
May  6 20:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Disconnected from 157.245.99.182 port 43234 [preauth]
May  6 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session closed for user root
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14046]: pam_unix(cron:session): session closed for user p13x
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14108]: Successful su for rubyman by root
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14108]: + ??? root:rubyman
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342431 of user rubyman.
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14108]: pam_unix(su:session): session closed for user rubyman
May  6 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342431.
May  6 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session closed for user root
May  6 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14047]: pam_unix(cron:session): session closed for user samftp
May  6 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user root
May  6 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Failed password for root from 94.141.103.179 port 51490 ssh2
May  6 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Received disconnect from 94.141.103.179 port 51490:11: Bye Bye [preauth]
May  6 20:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Disconnected from 94.141.103.179 port 51490 [preauth]
May  6 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14440]: pam_unix(cron:session): session closed for user p13x
May  6 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14505]: Successful su for rubyman by root
May  6 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14505]: + ??? root:rubyman
May  6 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342437 of user rubyman.
May  6 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14505]: pam_unix(su:session): session closed for user rubyman
May  6 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342437.
May  6 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session closed for user root
May  6 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session closed for user samftp
May  6 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13643]: pam_unix(cron:session): session closed for user root
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14849]: pam_unix(cron:session): session closed for user root
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14844]: pam_unix(cron:session): session closed for user p13x
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: Successful su for rubyman by root
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: + ??? root:rubyman
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342440 of user rubyman.
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14923]: pam_unix(su:session): session closed for user rubyman
May  6 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342440.
May  6 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14846]: pam_unix(cron:session): session closed for user root
May  6 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session closed for user root
May  6 20:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14845]: pam_unix(cron:session): session closed for user samftp
May  6 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Invalid user telecomadmin from 80.94.95.125
May  6 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: input_userauth_request: invalid user telecomadmin [preauth]
May  6 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for invalid user telecomadmin from 80.94.95.125 port 41834 ssh2
May  6 20:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Invalid user admin from 80.94.95.112
May  6 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: input_userauth_request: invalid user admin [preauth]
May  6 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for invalid user telecomadmin from 80.94.95.125 port 41834 ssh2
May  6 20:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for invalid user admin from 80.94.95.112 port 51465 ssh2
May  6 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for invalid user telecomadmin from 80.94.95.125 port 41834 ssh2
May  6 20:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for invalid user admin from 80.94.95.112 port 51465 ssh2
May  6 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for invalid user telecomadmin from 80.94.95.125 port 41834 ssh2
May  6 20:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for invalid user admin from 80.94.95.112 port 51465 ssh2
May  6 20:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Failed password for invalid user telecomadmin from 80.94.95.125 port 41834 ssh2
May  6 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Received disconnect from 80.94.95.125 port 41834:11: Bye [preauth]
May  6 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: Disconnected from 80.94.95.125 port 41834 [preauth]
May  6 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 20:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15168]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for invalid user admin from 80.94.95.112 port 51465 ssh2
May  6 20:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14049]: pam_unix(cron:session): session closed for user root
May  6 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Failed password for invalid user admin from 80.94.95.112 port 51465 ssh2
May  6 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Received disconnect from 80.94.95.112 port 51465:11: Bye [preauth]
May  6 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: Disconnected from 80.94.95.112 port 51465 [preauth]
May  6 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15175]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15290]: pam_unix(cron:session): session closed for user p13x
May  6 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15362]: Successful su for rubyman by root
May  6 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15362]: + ??? root:rubyman
May  6 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342447 of user rubyman.
May  6 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15362]: pam_unix(su:session): session closed for user rubyman
May  6 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342447.
May  6 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session closed for user root
May  6 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15291]: pam_unix(cron:session): session closed for user samftp
May  6 20:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session closed for user root
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15686]: pam_unix(cron:session): session closed for user p13x
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: Successful su for rubyman by root
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: + ??? root:rubyman
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342449 of user rubyman.
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15748]: pam_unix(su:session): session closed for user rubyman
May  6 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342449.
May  6 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session closed for user root
May  6 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15687]: pam_unix(cron:session): session closed for user samftp
May  6 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14848]: pam_unix(cron:session): session closed for user root
May  6 20:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Invalid user payment from 157.245.99.182
May  6 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: input_userauth_request: invalid user payment [preauth]
May  6 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Failed password for invalid user payment from 157.245.99.182 port 38450 ssh2
May  6 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Received disconnect from 157.245.99.182 port 38450:11: Bye Bye [preauth]
May  6 20:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Disconnected from 157.245.99.182 port 38450 [preauth]
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16075]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16075]: pam_unix(cron:session): session closed for user p13x
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: Successful su for rubyman by root
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: + ??? root:rubyman
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342455 of user rubyman.
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: pam_unix(su:session): session closed for user rubyman
May  6 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342455.
May  6 20:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13641]: pam_unix(cron:session): session closed for user root
May  6 20:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session closed for user samftp
May  6 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Failed password for root from 94.141.103.179 port 56692 ssh2
May  6 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Received disconnect from 94.141.103.179 port 56692:11: Bye Bye [preauth]
May  6 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Disconnected from 94.141.103.179 port 56692 [preauth]
May  6 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15293]: pam_unix(cron:session): session closed for user root
May  6 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session closed for user p13x
May  6 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16568]: Successful su for rubyman by root
May  6 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16568]: + ??? root:rubyman
May  6 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342457 of user rubyman.
May  6 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16568]: pam_unix(su:session): session closed for user rubyman
May  6 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342457.
May  6 20:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14048]: pam_unix(cron:session): session closed for user root
May  6 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16485]: pam_unix(cron:session): session closed for user samftp
May  6 20:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15689]: pam_unix(cron:session): session closed for user root
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16946]: pam_unix(cron:session): session closed for user root
May  6 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user p13x
May  6 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: Successful su for rubyman by root
May  6 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: + ??? root:rubyman
May  6 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342461 of user rubyman.
May  6 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17016]: pam_unix(su:session): session closed for user rubyman
May  6 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342461.
May  6 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16942]: pam_unix(cron:session): session closed for user root
May  6 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14442]: pam_unix(cron:session): session closed for user root
May  6 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session closed for user samftp
May  6 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16078]: pam_unix(cron:session): session closed for user root
May  6 20:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Invalid user administrator from 190.103.202.7
May  6 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: input_userauth_request: invalid user administrator [preauth]
May  6 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user p13x
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: Successful su for rubyman by root
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: + ??? root:rubyman
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342467 of user rubyman.
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: pam_unix(su:session): session closed for user rubyman
May  6 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342467.
May  6 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Failed password for invalid user administrator from 190.103.202.7 port 37760 ssh2
May  6 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17374]: Connection closed by 190.103.202.7 port 37760 [preauth]
May  6 20:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14847]: pam_unix(cron:session): session closed for user root
May  6 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session closed for user samftp
May  6 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16488]: pam_unix(cron:session): session closed for user root
May  6 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17909]: pam_unix(cron:session): session closed for user p13x
May  6 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: Successful su for rubyman by root
May  6 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: + ??? root:rubyman
May  6 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342473 of user rubyman.
May  6 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: pam_unix(su:session): session closed for user rubyman
May  6 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342473.
May  6 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15292]: pam_unix(cron:session): session closed for user root
May  6 20:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session closed for user samftp
May  6 20:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16945]: pam_unix(cron:session): session closed for user root
May  6 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Failed password for root from 94.141.103.179 port 51026 ssh2
May  6 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Received disconnect from 94.141.103.179 port 51026:11: Bye Bye [preauth]
May  6 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18307]: Disconnected from 94.141.103.179 port 51026 [preauth]
May  6 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: Invalid user erika from 157.245.99.182
May  6 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: input_userauth_request: invalid user erika [preauth]
May  6 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  6 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: Failed password for invalid user erika from 157.245.99.182 port 38572 ssh2
May  6 20:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: Received disconnect from 157.245.99.182 port 38572:11: Bye Bye [preauth]
May  6 20:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18317]: Disconnected from 157.245.99.182 port 38572 [preauth]
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18319]: Failed password for root from 194.0.234.19 port 25582 ssh2
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18319]: Connection closed by 194.0.234.19 port 25582 [preauth]
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session closed for user p13x
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: Successful su for rubyman by root
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: + ??? root:rubyman
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342476 of user rubyman.
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18400]: pam_unix(su:session): session closed for user rubyman
May  6 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342476.
May  6 20:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15688]: pam_unix(cron:session): session closed for user root
May  6 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session closed for user samftp
May  6 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session closed for user root
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18738]: pam_unix(cron:session): session closed for user p13x
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18869]: Successful su for rubyman by root
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18869]: + ??? root:rubyman
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342481 of user rubyman.
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18869]: pam_unix(su:session): session closed for user rubyman
May  6 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342481.
May  6 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session closed for user root
May  6 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session closed for user root
May  6 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session closed for user samftp
May  6 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session closed for user root
May  6 20:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 20:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Failed password for root from 218.92.0.179 port 54458 ssh2
May  6 20:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54458 ssh2]
May  6 20:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Received disconnect from 218.92.0.179 port 54458:11:  [preauth]
May  6 20:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Disconnected from 218.92.0.179 port 54458 [preauth]
May  6 20:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19258]: pam_unix(cron:session): session closed for user root
May  6 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session closed for user p13x
May  6 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19324]: Successful su for rubyman by root
May  6 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19324]: + ??? root:rubyman
May  6 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342488 of user rubyman.
May  6 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19324]: pam_unix(su:session): session closed for user rubyman
May  6 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342488.
May  6 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session closed for user root
May  6 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16486]: pam_unix(cron:session): session closed for user root
May  6 20:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19253]: pam_unix(cron:session): session closed for user samftp
May  6 20:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 20:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Failed password for root from 164.68.105.9 port 35424 ssh2
May  6 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Connection closed by 164.68.105.9 port 35424 [preauth]
May  6 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session closed for user root
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19701]: pam_unix(cron:session): session closed for user p13x
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: Successful su for rubyman by root
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: + ??? root:rubyman
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342492 of user rubyman.
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19767]: pam_unix(su:session): session closed for user rubyman
May  6 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342492.
May  6 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session closed for user root
May  6 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session closed for user samftp
May  6 20:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session closed for user root
May  6 20:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Invalid user db2inst2 from 46.244.96.25
May  6 20:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: input_userauth_request: invalid user db2inst2 [preauth]
May  6 20:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Failed password for invalid user db2inst2 from 46.244.96.25 port 60610 ssh2
May  6 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20089]: Connection closed by 46.244.96.25 port 60610 [preauth]
May  6 20:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Connection closed by 46.244.96.25 port 35912 [preauth]
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session closed for user p13x
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: Successful su for rubyman by root
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: + ??? root:rubyman
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342495 of user rubyman.
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: pam_unix(su:session): session closed for user rubyman
May  6 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342495.
May  6 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session closed for user root
May  6 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user samftp
May  6 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19257]: pam_unix(cron:session): session closed for user root
May  6 20:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Invalid user mostafa from 94.141.103.179
May  6 20:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: input_userauth_request: invalid user mostafa [preauth]
May  6 20:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 20:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Failed password for invalid user mostafa from 94.141.103.179 port 40352 ssh2
May  6 20:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Received disconnect from 94.141.103.179 port 40352:11: Bye Bye [preauth]
May  6 20:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20483]: Disconnected from 94.141.103.179 port 40352 [preauth]
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20515]: pam_unix(cron:session): session closed for user p13x
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: Successful su for rubyman by root
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: + ??? root:rubyman
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342498 of user rubyman.
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20575]: pam_unix(su:session): session closed for user rubyman
May  6 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342498.
May  6 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session closed for user root
May  6 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20516]: pam_unix(cron:session): session closed for user samftp
May  6 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  6 20:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Failed password for root from 218.92.0.206 port 20510 ssh2
May  6 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Failed password for root from 218.92.0.206 port 20510 ssh2
May  6 20:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Failed password for root from 218.92.0.206 port 20510 ssh2
May  6 20:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Invalid user rmsadm from 157.245.99.182
May  6 20:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: input_userauth_request: invalid user rmsadm [preauth]
May  6 20:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Failed password for invalid user rmsadm from 157.245.99.182 port 40464 ssh2
May  6 20:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Received disconnect from 157.245.99.182 port 40464:11: Bye Bye [preauth]
May  6 20:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20794]: Disconnected from 157.245.99.182 port 40464 [preauth]
May  6 20:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Failed password for root from 218.92.0.206 port 20510 ssh2
May  6 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Failed password for root from 218.92.0.206 port 20510 ssh2
May  6 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 20510 ssh2 [preauth]
May  6 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: Disconnecting: Too many authentication failures [preauth]
May  6 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  6 20:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20740]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19704]: pam_unix(cron:session): session closed for user root
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session closed for user p13x
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: Successful su for rubyman by root
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: + ??? root:rubyman
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342502 of user rubyman.
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20997]: pam_unix(su:session): session closed for user rubyman
May  6 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342502.
May  6 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session closed for user root
May  6 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20932]: pam_unix(cron:session): session closed for user samftp
May  6 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user root
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21379]: pam_unix(cron:session): session closed for user root
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21374]: pam_unix(cron:session): session closed for user p13x
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21438]: Successful su for rubyman by root
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21438]: + ??? root:rubyman
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342510 of user rubyman.
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21438]: pam_unix(su:session): session closed for user rubyman
May  6 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342510.
May  6 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21376]: pam_unix(cron:session): session closed for user root
May  6 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session closed for user root
May  6 20:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21375]: pam_unix(cron:session): session closed for user samftp
May  6 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session closed for user root
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22118]: pam_unix(cron:session): session closed for user p13x
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22193]: Successful su for rubyman by root
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22193]: + ??? root:rubyman
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342512 of user rubyman.
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22193]: pam_unix(su:session): session closed for user rubyman
May  6 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342512.
May  6 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19255]: pam_unix(cron:session): session closed for user root
May  6 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22119]: pam_unix(cron:session): session closed for user samftp
May  6 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20934]: pam_unix(cron:session): session closed for user root
May  6 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22594]: pam_unix(cron:session): session closed for user p13x
May  6 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: Successful su for rubyman by root
May  6 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: + ??? root:rubyman
May  6 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342516 of user rubyman.
May  6 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22656]: pam_unix(su:session): session closed for user rubyman
May  6 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342516.
May  6 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session closed for user root
May  6 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22595]: pam_unix(cron:session): session closed for user samftp
May  6 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21378]: pam_unix(cron:session): session closed for user root
May  6 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Invalid user ts3server from 94.141.103.179
May  6 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: input_userauth_request: invalid user ts3server [preauth]
May  6 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for invalid user ts3server from 94.141.103.179 port 44782 ssh2
May  6 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Received disconnect from 94.141.103.179 port 44782:11: Bye Bye [preauth]
May  6 20:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Disconnected from 94.141.103.179 port 44782 [preauth]
May  6 20:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: Invalid user gitlab from 46.244.96.25
May  6 20:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: input_userauth_request: invalid user gitlab [preauth]
May  6 20:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 20:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 20:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: Failed password for invalid user gitlab from 46.244.96.25 port 33890 ssh2
May  6 20:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23013]: Connection closed by 46.244.96.25 port 33890 [preauth]
May  6 20:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Failed password for root from 218.92.0.179 port 60939 ssh2
May  6 20:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 60939 ssh2]
May  6 20:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Received disconnect from 218.92.0.179 port 60939:11:  [preauth]
May  6 20:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: Disconnected from 218.92.0.179 port 60939 [preauth]
May  6 20:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23016]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23065]: pam_unix(cron:session): session closed for user p13x
May  6 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23125]: Successful su for rubyman by root
May  6 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23125]: + ??? root:rubyman
May  6 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342520 of user rubyman.
May  6 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23125]: pam_unix(su:session): session closed for user rubyman
May  6 20:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342520.
May  6 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session closed for user root
May  6 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session closed for user samftp
May  6 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Invalid user puneet from 157.245.99.182
May  6 20:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: input_userauth_request: invalid user puneet [preauth]
May  6 20:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Failed password for invalid user puneet from 157.245.99.182 port 34108 ssh2
May  6 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Received disconnect from 157.245.99.182 port 34108:11: Bye Bye [preauth]
May  6 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Disconnected from 157.245.99.182 port 34108 [preauth]
May  6 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22121]: pam_unix(cron:session): session closed for user root
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23564]: pam_unix(cron:session): session closed for user p13x
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: Successful su for rubyman by root
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: + ??? root:rubyman
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342524 of user rubyman.
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23631]: pam_unix(su:session): session closed for user rubyman
May  6 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342524.
May  6 20:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20517]: pam_unix(cron:session): session closed for user root
May  6 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23565]: pam_unix(cron:session): session closed for user samftp
May  6 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22597]: pam_unix(cron:session): session closed for user root
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24089]: pam_unix(cron:session): session closed for user root
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24084]: pam_unix(cron:session): session closed for user p13x
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: Successful su for rubyman by root
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: + ??? root:rubyman
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342531 of user rubyman.
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24152]: pam_unix(su:session): session closed for user rubyman
May  6 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342531.
May  6 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20933]: pam_unix(cron:session): session closed for user root
May  6 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24086]: pam_unix(cron:session): session closed for user root
May  6 20:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24085]: pam_unix(cron:session): session closed for user samftp
May  6 20:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user root
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24552]: pam_unix(cron:session): session closed for user p13x
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: Successful su for rubyman by root
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: + ??? root:rubyman
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342534 of user rubyman.
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24627]: pam_unix(su:session): session closed for user rubyman
May  6 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342534.
May  6 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21377]: pam_unix(cron:session): session closed for user root
May  6 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24553]: pam_unix(cron:session): session closed for user samftp
May  6 20:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Invalid user admin from 80.94.95.112
May  6 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: input_userauth_request: invalid user admin [preauth]
May  6 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  6 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23567]: pam_unix(cron:session): session closed for user root
May  6 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Failed password for invalid user admin from 80.94.95.112 port 40070 ssh2
May  6 20:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Disconnecting: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24986]: pam_unix(cron:session): session closed for user p13x
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25048]: Successful su for rubyman by root
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25048]: + ??? root:rubyman
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342540 of user rubyman.
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25048]: pam_unix(su:session): session closed for user rubyman
May  6 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342540.
May  6 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22120]: pam_unix(cron:session): session closed for user root
May  6 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24987]: pam_unix(cron:session): session closed for user samftp
May  6 20:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25270]: Failed password for root from 94.141.103.179 port 34890 ssh2
May  6 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25270]: Received disconnect from 94.141.103.179 port 34890:11: Bye Bye [preauth]
May  6 20:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25270]: Disconnected from 94.141.103.179 port 34890 [preauth]
May  6 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24088]: pam_unix(cron:session): session closed for user root
May  6 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session closed for user p13x
May  6 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: Successful su for rubyman by root
May  6 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: + ??? root:rubyman
May  6 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342544 of user rubyman.
May  6 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25456]: pam_unix(su:session): session closed for user rubyman
May  6 20:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342544.
May  6 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22596]: pam_unix(cron:session): session closed for user root
May  6 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session closed for user samftp
May  6 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24555]: pam_unix(cron:session): session closed for user root
May  6 20:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Invalid user kurosawa from 157.245.99.182
May  6 20:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: input_userauth_request: invalid user kurosawa [preauth]
May  6 20:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Failed password for invalid user kurosawa from 157.245.99.182 port 46850 ssh2
May  6 20:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Received disconnect from 157.245.99.182 port 46850:11: Bye Bye [preauth]
May  6 20:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25808]: Disconnected from 157.245.99.182 port 46850 [preauth]
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25874]: pam_unix(cron:session): session closed for user p13x
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: Successful su for rubyman by root
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: + ??? root:rubyman
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342548 of user rubyman.
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25953]: pam_unix(su:session): session closed for user rubyman
May  6 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342548.
May  6 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user root
May  6 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25875]: pam_unix(cron:session): session closed for user samftp
May  6 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session closed for user root
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26298]: pam_unix(cron:session): session closed for user root
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26293]: pam_unix(cron:session): session closed for user p13x
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26362]: Successful su for rubyman by root
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26362]: + ??? root:rubyman
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342550 of user rubyman.
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26362]: pam_unix(su:session): session closed for user rubyman
May  6 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342550.
May  6 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26295]: pam_unix(cron:session): session closed for user root
May  6 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session closed for user root
May  6 20:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26294]: pam_unix(cron:session): session closed for user samftp
May  6 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session closed for user root
May  6 20:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 20:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Failed password for root from 218.92.0.179 port 47909 ssh2
May  6 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26806]: pam_unix(cron:session): session closed for user p13x
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Failed password for root from 218.92.0.179 port 47909 ssh2
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: Successful su for rubyman by root
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: + ??? root:rubyman
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342557 of user rubyman.
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26875]: pam_unix(su:session): session closed for user rubyman
May  6 20:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342557.
May  6 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Failed password for root from 218.92.0.179 port 47909 ssh2
May  6 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Received disconnect from 218.92.0.179 port 47909:11:  [preauth]
May  6 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: Disconnected from 218.92.0.179 port 47909 [preauth]
May  6 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26793]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24087]: pam_unix(cron:session): session closed for user root
May  6 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26807]: pam_unix(cron:session): session closed for user samftp
May  6 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Invalid user jakob from 104.131.199.149
May  6 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: input_userauth_request: invalid user jakob [preauth]
May  6 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 20:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Failed password for invalid user jakob from 104.131.199.149 port 39489 ssh2
May  6 20:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Received disconnect from 104.131.199.149 port 39489:11: Bye Bye [preauth]
May  6 20:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27154]: Disconnected from 104.131.199.149 port 39489 [preauth]
May  6 20:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session closed for user root
May  6 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Failed password for root from 94.141.103.179 port 35584 ssh2
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Received disconnect from 94.141.103.179 port 35584:11: Bye Bye [preauth]
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Disconnected from 94.141.103.179 port 35584 [preauth]
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27293]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27293]: pam_unix(cron:session): session closed for user p13x
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27369]: Successful su for rubyman by root
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27369]: + ??? root:rubyman
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342562 of user rubyman.
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27369]: pam_unix(su:session): session closed for user rubyman
May  6 20:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342562.
May  6 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24554]: pam_unix(cron:session): session closed for user root
May  6 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27294]: pam_unix(cron:session): session closed for user samftp
May  6 20:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26297]: pam_unix(cron:session): session closed for user root
May  6 20:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  6 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for root from 218.92.0.211 port 41418 ssh2
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27758]: pam_unix(cron:session): session closed for user p13x
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27820]: Successful su for rubyman by root
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27820]: + ??? root:rubyman
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342565 of user rubyman.
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27820]: pam_unix(su:session): session closed for user rubyman
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342565.
May  6 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for root from 218.92.0.211 port 41418 ssh2
May  6 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session closed for user root
May  6 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for root from 218.92.0.211 port 41418 ssh2
May  6 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27759]: pam_unix(cron:session): session closed for user samftp
May  6 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for root from 218.92.0.211 port 41418 ssh2
May  6 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Failed password for root from 218.92.0.211 port 41418 ssh2
May  6 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 41418 ssh2 [preauth]
May  6 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: Disconnecting: Too many authentication failures [preauth]
May  6 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  6 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27746]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 20:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26809]: pam_unix(cron:session): session closed for user root
May  6 20:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Invalid user sandeep from 157.245.99.182
May  6 20:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: input_userauth_request: invalid user sandeep [preauth]
May  6 20:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): check pass; user unknown
May  6 20:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Failed password for invalid user sandeep from 157.245.99.182 port 58296 ssh2
May  6 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Received disconnect from 157.245.99.182 port 58296:11: Bye Bye [preauth]
May  6 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28153]: Disconnected from 157.245.99.182 port 58296 [preauth]
May  6 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28175]: pam_unix(cron:session): session closed for user p13x
May  6 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: Successful su for rubyman by root
May  6 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: + ??? root:rubyman
May  6 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342569 of user rubyman.
May  6 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: pam_unix(su:session): session closed for user rubyman
May  6 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342569.
May  6 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session closed for user root
May  6 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28176]: pam_unix(cron:session): session closed for user samftp
May  6 20:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27296]: pam_unix(cron:session): session closed for user root
May  6 20:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 20:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 20:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28551]: Failed password for root from 104.131.199.149 port 39978 ssh2
May  6 20:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28551]: Received disconnect from 104.131.199.149 port 39978:11: Bye Bye [preauth]
May  6 20:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28551]: Disconnected from 104.131.199.149 port 39978 [preauth]
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28580]: pam_unix(cron:session): session closed for user root
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28588]: pam_unix(cron:session): session closed for user root
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28578]: pam_unix(cron:session): session closed for user p13x
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: Successful su for rubyman by root
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: + ??? root:rubyman
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342574 of user rubyman.
May  6 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28676]: pam_unix(su:session): session closed for user rubyman
May  6 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342574.
May  6 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28581]: pam_unix(cron:session): session closed for user root
May  6 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session closed for user root
May  6 21:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28579]: pam_unix(cron:session): session closed for user samftp
May  6 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27761]: pam_unix(cron:session): session closed for user root
May  6 21:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Invalid user admin from 80.94.95.241
May  6 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: input_userauth_request: invalid user admin [preauth]
May  6 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 21:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Failed password for invalid user admin from 80.94.95.241 port 64577 ssh2
May  6 21:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Failed password for invalid user admin from 80.94.95.241 port 64577 ssh2
May  6 21:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Failed password for invalid user admin from 80.94.95.241 port 64577 ssh2
May  6 21:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Failed password for invalid user admin from 80.94.95.241 port 64577 ssh2
May  6 21:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Failed password for invalid user admin from 80.94.95.241 port 64577 ssh2
May  6 21:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Received disconnect from 80.94.95.241 port 64577:11: Bye [preauth]
May  6 21:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: Disconnected from 80.94.95.241 port 64577 [preauth]
May  6 21:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 21:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29116]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session closed for user p13x
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: Successful su for rubyman by root
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: + ??? root:rubyman
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342580 of user rubyman.
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: pam_unix(su:session): session closed for user rubyman
May  6 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342580.
May  6 21:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26296]: pam_unix(cron:session): session closed for user root
May  6 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session closed for user samftp
May  6 21:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: Invalid user axway from 104.131.199.149
May  6 21:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: input_userauth_request: invalid user axway [preauth]
May  6 21:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: Failed password for invalid user axway from 104.131.199.149 port 58560 ssh2
May  6 21:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: Received disconnect from 104.131.199.149 port 58560:11: Bye Bye [preauth]
May  6 21:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: Disconnected from 104.131.199.149 port 58560 [preauth]
May  6 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Invalid user postgres from 72.167.140.185
May  6 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: input_userauth_request: invalid user postgres [preauth]
May  6 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Failed password for invalid user postgres from 72.167.140.185 port 48674 ssh2
May  6 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Received disconnect from 72.167.140.185 port 48674:11: Bye Bye [preauth]
May  6 21:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29516]: Disconnected from 72.167.140.185 port 48674 [preauth]
May  6 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28178]: pam_unix(cron:session): session closed for user root
May  6 21:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: Failed password for root from 218.92.0.179 port 16669 ssh2
May  6 21:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 16669 ssh2]
May  6 21:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: Received disconnect from 218.92.0.179 port 16669:11:  [preauth]
May  6 21:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: Disconnected from 218.92.0.179 port 16669 [preauth]
May  6 21:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29540]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 21:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: Failed password for root from 94.141.103.179 port 47656 ssh2
May  6 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: Received disconnect from 94.141.103.179 port 47656:11: Bye Bye [preauth]
May  6 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: Disconnected from 94.141.103.179 port 47656 [preauth]
May  6 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session closed for user p13x
May  6 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: Successful su for rubyman by root
May  6 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: + ??? root:rubyman
May  6 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342583 of user rubyman.
May  6 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session closed for user rubyman
May  6 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342583.
May  6 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26808]: pam_unix(cron:session): session closed for user root
May  6 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session closed for user samftp
May  6 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28586]: pam_unix(cron:session): session closed for user root
May  6 21:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Failed password for root from 104.131.199.149 port 48907 ssh2
May  6 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Received disconnect from 104.131.199.149 port 48907:11: Bye Bye [preauth]
May  6 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29995]: Disconnected from 104.131.199.149 port 48907 [preauth]
May  6 21:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Failed password for root from 218.92.0.179 port 38861 ssh2
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Failed password for root from 218.92.0.179 port 38861 ssh2
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30019]: pam_unix(cron:session): session closed for user p13x
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: Successful su for rubyman by root
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: + ??? root:rubyman
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342589 of user rubyman.
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30080]: pam_unix(su:session): session closed for user rubyman
May  6 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342589.
May  6 21:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Failed password for root from 218.92.0.179 port 38861 ssh2
May  6 21:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Received disconnect from 218.92.0.179 port 38861:11:  [preauth]
May  6 21:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: Disconnected from 218.92.0.179 port 38861 [preauth]
May  6 21:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30008]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27295]: pam_unix(cron:session): session closed for user root
May  6 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30020]: pam_unix(cron:session): session closed for user samftp
May  6 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session closed for user root
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30406]: pam_unix(cron:session): session closed for user p13x
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: Successful su for rubyman by root
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: + ??? root:rubyman
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342591 of user rubyman.
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30471]: pam_unix(su:session): session closed for user rubyman
May  6 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342591.
May  6 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27760]: pam_unix(cron:session): session closed for user root
May  6 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Invalid user wizard from 157.245.99.182
May  6 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: input_userauth_request: invalid user wizard [preauth]
May  6 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30407]: pam_unix(cron:session): session closed for user samftp
May  6 21:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Failed password for invalid user wizard from 157.245.99.182 port 60464 ssh2
May  6 21:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Received disconnect from 157.245.99.182 port 60464:11: Bye Bye [preauth]
May  6 21:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30626]: Disconnected from 157.245.99.182 port 60464 [preauth]
May  6 21:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Failed password for root from 104.131.199.149 port 39265 ssh2
May  6 21:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Received disconnect from 104.131.199.149 port 39265:11: Bye Bye [preauth]
May  6 21:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30682]: Disconnected from 104.131.199.149 port 39265 [preauth]
May  6 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29615]: pam_unix(cron:session): session closed for user root
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30806]: pam_unix(cron:session): session closed for user root
May  6 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30801]: pam_unix(cron:session): session closed for user p13x
May  6 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30879]: Successful su for rubyman by root
May  6 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30879]: + ??? root:rubyman
May  6 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342595 of user rubyman.
May  6 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30879]: pam_unix(su:session): session closed for user rubyman
May  6 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342595.
May  6 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session closed for user root
May  6 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28177]: pam_unix(cron:session): session closed for user root
May  6 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session closed for user samftp
May  6 21:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Invalid user work from 14.103.111.16
May  6 21:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: input_userauth_request: invalid user work [preauth]
May  6 21:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for invalid user work from 14.103.111.16 port 57298 ssh2
May  6 21:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Received disconnect from 14.103.111.16 port 57298:11: Bye Bye [preauth]
May  6 21:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Disconnected from 14.103.111.16 port 57298 [preauth]
May  6 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30022]: pam_unix(cron:session): session closed for user root
May  6 21:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: Invalid user deployment from 104.131.199.149
May  6 21:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: input_userauth_request: invalid user deployment [preauth]
May  6 21:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: Failed password for invalid user deployment from 104.131.199.149 port 57856 ssh2
May  6 21:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: Received disconnect from 104.131.199.149 port 57856:11: Bye Bye [preauth]
May  6 21:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31328]: Disconnected from 104.131.199.149 port 57856 [preauth]
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31348]: pam_unix(cron:session): session closed for user p13x
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: Successful su for rubyman by root
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: + ??? root:rubyman
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342601 of user rubyman.
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31415]: pam_unix(su:session): session closed for user rubyman
May  6 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342601.
May  6 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28582]: pam_unix(cron:session): session closed for user root
May  6 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31349]: pam_unix(cron:session): session closed for user samftp
May  6 21:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Invalid user machine from 212.227.230.32
May  6 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: input_userauth_request: invalid user machine [preauth]
May  6 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 21:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Invalid user telnet from 80.94.95.125
May  6 21:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: input_userauth_request: invalid user telnet [preauth]
May  6 21:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Failed password for invalid user machine from 212.227.230.32 port 58808 ssh2
May  6 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Received disconnect from 212.227.230.32 port 58808:11: Bye Bye [preauth]
May  6 21:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31673]: Disconnected from 212.227.230.32 port 58808 [preauth]
May  6 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user telnet from 80.94.95.125 port 26043 ssh2
May  6 21:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30410]: pam_unix(cron:session): session closed for user root
May  6 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user telnet from 80.94.95.125 port 26043 ssh2
May  6 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user telnet from 80.94.95.125 port 26043 ssh2
May  6 21:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user telnet from 80.94.95.125 port 26043 ssh2
May  6 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Failed password for invalid user telnet from 80.94.95.125 port 26043 ssh2
May  6 21:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Received disconnect from 80.94.95.125 port 26043:11: Bye [preauth]
May  6 21:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: Disconnected from 80.94.95.125 port 26043 [preauth]
May  6 21:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 21:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31694]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 21:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: Invalid user dmp from 94.141.103.179
May  6 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: input_userauth_request: invalid user dmp [preauth]
May  6 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: Failed password for invalid user dmp from 94.141.103.179 port 42706 ssh2
May  6 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: Received disconnect from 94.141.103.179 port 42706:11: Bye Bye [preauth]
May  6 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31750]: Disconnected from 94.141.103.179 port 42706 [preauth]
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session closed for user p13x
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31849]: Successful su for rubyman by root
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31849]: + ??? root:rubyman
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342606 of user rubyman.
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31849]: pam_unix(su:session): session closed for user rubyman
May  6 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342606.
May  6 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session closed for user root
May  6 21:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session closed for user samftp
May  6 21:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Invalid user ansible from 189.165.102.111
May  6 21:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: input_userauth_request: invalid user ansible [preauth]
May  6 21:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Failed password for invalid user ansible from 189.165.102.111 port 53696 ssh2
May  6 21:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Received disconnect from 189.165.102.111 port 53696:11: Bye Bye [preauth]
May  6 21:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Disconnected from 189.165.102.111 port 53696 [preauth]
May  6 21:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Invalid user simone from 104.131.199.149
May  6 21:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: input_userauth_request: invalid user simone [preauth]
May  6 21:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Failed password for invalid user simone from 104.131.199.149 port 48209 ssh2
May  6 21:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Received disconnect from 104.131.199.149 port 48209:11: Bye Bye [preauth]
May  6 21:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Disconnected from 104.131.199.149 port 48209 [preauth]
May  6 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session closed for user root
May  6 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32499]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32498]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32498]: pam_unix(cron:session): session closed for user p13x
May  6 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: Successful su for rubyman by root
May  6 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: + ??? root:rubyman
May  6 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342610 of user rubyman.
May  6 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32566]: pam_unix(su:session): session closed for user rubyman
May  6 21:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342610.
May  6 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29614]: pam_unix(cron:session): session closed for user root
May  6 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32499]: pam_unix(cron:session): session closed for user samftp
May  6 21:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Invalid user machine from 151.95.9.145
May  6 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: input_userauth_request: invalid user machine [preauth]
May  6 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Failed password for invalid user machine from 151.95.9.145 port 55156 ssh2
May  6 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Received disconnect from 151.95.9.145 port 55156:11: Bye Bye [preauth]
May  6 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[437]: Disconnected from 151.95.9.145 port 55156 [preauth]
May  6 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session closed for user root
May  6 21:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for root from 104.131.199.149 port 38558 ssh2
May  6 21:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Received disconnect from 104.131.199.149 port 38558:11: Bye Bye [preauth]
May  6 21:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Disconnected from 104.131.199.149 port 38558 [preauth]
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[625]: pam_unix(cron:session): session closed for user p13x
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: Successful su for rubyman by root
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: + ??? root:rubyman
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342615 of user rubyman.
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[770]: pam_unix(su:session): session closed for user rubyman
May  6 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342615.
May  6 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[623]: pam_unix(cron:session): session closed for user root
May  6 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30021]: pam_unix(cron:session): session closed for user root
May  6 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[627]: pam_unix(cron:session): session closed for user samftp
May  6 21:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Invalid user gino from 157.245.99.182
May  6 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: input_userauth_request: invalid user gino [preauth]
May  6 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.99.182
May  6 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for invalid user gino from 157.245.99.182 port 46288 ssh2
May  6 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Received disconnect from 157.245.99.182 port 46288:11: Bye Bye [preauth]
May  6 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Disconnected from 157.245.99.182 port 46288 [preauth]
May  6 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Failed password for root from 72.167.140.185 port 44260 ssh2
May  6 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Received disconnect from 72.167.140.185 port 44260:11: Bye Bye [preauth]
May  6 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Disconnected from 72.167.140.185 port 44260 [preauth]
May  6 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Invalid user  from 80.94.95.112
May  6 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: input_userauth_request: invalid user  [preauth]
May  6 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Failed none for invalid user  from 80.94.95.112 port 56584 ssh2
May  6 21:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Failed password for invalid user  from 80.94.95.112 port 56584 ssh2
May  6 21:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: message repeated 3 times: [ Failed password for invalid user  from 80.94.95.112 port 56584 ssh2]
May  6 21:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Received disconnect from 80.94.95.112 port 56584:11: Bye [preauth]
May  6 21:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1069]: Disconnected from 80.94.95.112 port 56584 [preauth]
May  6 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session closed for user root
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1214]: pam_unix(cron:session): session closed for user root
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1208]: pam_unix(cron:session): session closed for user p13x
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1305]: Successful su for rubyman by root
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1305]: + ??? root:rubyman
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342621 of user rubyman.
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1305]: pam_unix(su:session): session closed for user rubyman
May  6 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342621.
May  6 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1211]: pam_unix(cron:session): session closed for user root
May  6 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30409]: pam_unix(cron:session): session closed for user root
May  6 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session closed for user samftp
May  6 21:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Failed password for root from 104.131.199.149 port 57147 ssh2
May  6 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Received disconnect from 104.131.199.149 port 57147:11: Bye Bye [preauth]
May  6 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1581]: Disconnected from 104.131.199.149 port 57147 [preauth]
May  6 21:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32501]: pam_unix(cron:session): session closed for user root
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1743]: pam_unix(cron:session): session closed for user p13x
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: Successful su for rubyman by root
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: + ??? root:rubyman
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342625 of user rubyman.
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1820]: pam_unix(su:session): session closed for user rubyman
May  6 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342625.
May  6 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session closed for user root
May  6 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1744]: pam_unix(cron:session): session closed for user samftp
May  6 21:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 21:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: Failed password for root from 212.227.230.32 port 54658 ssh2
May  6 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: Received disconnect from 212.227.230.32 port 54658:11: Bye Bye [preauth]
May  6 21:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: Disconnected from 212.227.230.32 port 54658 [preauth]
May  6 21:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Invalid user student1 from 94.141.103.179
May  6 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: input_userauth_request: invalid user student1 [preauth]
May  6 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179
May  6 21:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[629]: pam_unix(cron:session): session closed for user root
May  6 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Failed password for invalid user student1 from 94.141.103.179 port 55538 ssh2
May  6 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Received disconnect from 94.141.103.179 port 55538:11: Bye Bye [preauth]
May  6 21:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Disconnected from 94.141.103.179 port 55538 [preauth]
May  6 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Invalid user teste from 104.131.199.149
May  6 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: input_userauth_request: invalid user teste [preauth]
May  6 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Failed password for invalid user teste from 104.131.199.149 port 47502 ssh2
May  6 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Received disconnect from 104.131.199.149 port 47502:11: Bye Bye [preauth]
May  6 21:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2219]: Disconnected from 104.131.199.149 port 47502 [preauth]
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2247]: pam_unix(cron:session): session closed for user p13x
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2308]: Successful su for rubyman by root
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2308]: + ??? root:rubyman
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342629 of user rubyman.
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2308]: pam_unix(su:session): session closed for user rubyman
May  6 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342629.
May  6 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31351]: pam_unix(cron:session): session closed for user root
May  6 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2248]: pam_unix(cron:session): session closed for user samftp
May  6 21:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Invalid user ftpuser2 from 193.70.84.184
May  6 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: input_userauth_request: invalid user ftpuser2 [preauth]
May  6 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  6 21:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Failed password for invalid user ftpuser2 from 193.70.84.184 port 45532 ssh2
May  6 21:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2543]: Connection closed by 193.70.84.184 port 45532 [preauth]
May  6 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Invalid user teste from 189.165.102.111
May  6 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: input_userauth_request: invalid user teste [preauth]
May  6 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Failed password for invalid user teste from 189.165.102.111 port 34300 ssh2
May  6 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Received disconnect from 189.165.102.111 port 34300:11: Bye Bye [preauth]
May  6 21:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2579]: Disconnected from 189.165.102.111 port 34300 [preauth]
May  6 21:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1213]: pam_unix(cron:session): session closed for user root
May  6 21:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  6 21:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Failed password for root from 218.92.0.208 port 59386 ssh2
May  6 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2628]: Failed password for root from 218.92.0.208 port 59386 ssh2
May  6 21:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Invalid user alvin from 14.103.111.16
May  6 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: input_userauth_request: invalid user alvin [preauth]
May  6 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Failed password for invalid user alvin from 14.103.111.16 port 58560 ssh2
May  6 21:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Received disconnect from 14.103.111.16 port 58560:11: Bye Bye [preauth]
May  6 21:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2663]: Disconnected from 14.103.111.16 port 58560 [preauth]
May  6 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2695]: pam_unix(cron:session): session closed for user p13x
May  6 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2763]: Successful su for rubyman by root
May  6 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2763]: + ??? root:rubyman
May  6 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342632 of user rubyman.
May  6 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2763]: pam_unix(su:session): session closed for user rubyman
May  6 21:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342632.
May  6 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session closed for user root
May  6 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session closed for user samftp
May  6 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Invalid user machine from 104.131.199.149
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: input_userauth_request: invalid user machine [preauth]
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Invalid user deployment from 151.95.9.145
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: input_userauth_request: invalid user deployment [preauth]
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Failed password for invalid user machine from 104.131.199.149 port 37853 ssh2
May  6 21:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Received disconnect from 104.131.199.149 port 37853:11: Bye Bye [preauth]
May  6 21:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2984]: Disconnected from 104.131.199.149 port 37853 [preauth]
May  6 21:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Failed password for invalid user deployment from 151.95.9.145 port 60470 ssh2
May  6 21:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Received disconnect from 151.95.9.145 port 60470:11: Bye Bye [preauth]
May  6 21:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Disconnected from 151.95.9.145 port 60470 [preauth]
May  6 21:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user root
May  6 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3111]: pam_unix(cron:session): session closed for user p13x
May  6 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: Successful su for rubyman by root
May  6 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: + ??? root:rubyman
May  6 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342637 of user rubyman.
May  6 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3176]: pam_unix(su:session): session closed for user rubyman
May  6 21:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342637.
May  6 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Invalid user ansible from 72.167.140.185
May  6 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: input_userauth_request: invalid user ansible [preauth]
May  6 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32500]: pam_unix(cron:session): session closed for user root
May  6 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Failed password for invalid user ansible from 72.167.140.185 port 60038 ssh2
May  6 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Received disconnect from 72.167.140.185 port 60038:11: Bye Bye [preauth]
May  6 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Disconnected from 72.167.140.185 port 60038 [preauth]
May  6 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session closed for user samftp
May  6 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2250]: pam_unix(cron:session): session closed for user root
May  6 21:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Failed password for root from 104.131.199.149 port 56435 ssh2
May  6 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Received disconnect from 104.131.199.149 port 56435:11: Bye Bye [preauth]
May  6 21:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Disconnected from 104.131.199.149 port 56435 [preauth]
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3547]: pam_unix(cron:session): session closed for user root
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3539]: pam_unix(cron:session): session closed for user p13x
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3641]: Successful su for rubyman by root
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3641]: + ??? root:rubyman
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342642 of user rubyman.
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3641]: pam_unix(su:session): session closed for user rubyman
May  6 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342642.
May  6 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3541]: pam_unix(cron:session): session closed for user root
May  6 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[628]: pam_unix(cron:session): session closed for user root
May  6 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3540]: pam_unix(cron:session): session closed for user samftp
May  6 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2698]: pam_unix(cron:session): session closed for user root
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4026]: pam_unix(cron:session): session closed for user p13x
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: Successful su for rubyman by root
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: + ??? root:rubyman
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342647 of user rubyman.
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: pam_unix(su:session): session closed for user rubyman
May  6 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342647.
May  6 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1212]: pam_unix(cron:session): session closed for user root
May  6 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4027]: pam_unix(cron:session): session closed for user samftp
May  6 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 21:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Failed password for root from 218.92.0.216 port 31224 ssh2
May  6 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Failed password for root from 212.227.230.32 port 35426 ssh2
May  6 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Received disconnect from 212.227.230.32 port 35426:11: Bye Bye [preauth]
May  6 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4443]: Disconnected from 212.227.230.32 port 35426 [preauth]
May  6 21:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Failed password for root from 218.92.0.216 port 31224 ssh2
May  6 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Failed password for root from 218.92.0.216 port 31224 ssh2
May  6 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Received disconnect from 218.92.0.216 port 31224:11:  [preauth]
May  6 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Disconnected from 218.92.0.216 port 31224 [preauth]
May  6 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 21:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.141.103.179  user=root
May  6 21:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Failed password for root from 94.141.103.179 port 46566 ssh2
May  6 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Received disconnect from 94.141.103.179 port 46566:11: Bye Bye [preauth]
May  6 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4465]: Disconnected from 94.141.103.179 port 46566 [preauth]
May  6 21:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Invalid user username from 104.131.199.149
May  6 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: input_userauth_request: invalid user username [preauth]
May  6 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Failed password for invalid user username from 104.131.199.149 port 46797 ssh2
May  6 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Received disconnect from 104.131.199.149 port 46797:11: Bye Bye [preauth]
May  6 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4518]: Disconnected from 104.131.199.149 port 46797 [preauth]
May  6 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3115]: pam_unix(cron:session): session closed for user root
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4612]: pam_unix(cron:session): session closed for user root
May  6 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4614]: pam_unix(cron:session): session closed for user p13x
May  6 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4679]: Successful su for rubyman by root
May  6 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4679]: + ??? root:rubyman
May  6 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342650 of user rubyman.
May  6 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4679]: pam_unix(su:session): session closed for user rubyman
May  6 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342650.
May  6 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user root
May  6 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4615]: pam_unix(cron:session): session closed for user samftp
May  6 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: Invalid user pedro from 14.103.111.16
May  6 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: input_userauth_request: invalid user pedro [preauth]
May  6 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: Failed password for invalid user pedro from 14.103.111.16 port 35484 ssh2
May  6 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: Received disconnect from 14.103.111.16 port 35484:11: Bye Bye [preauth]
May  6 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4868]: Disconnected from 14.103.111.16 port 35484 [preauth]
May  6 21:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  6 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Failed password for root from 190.103.202.7 port 37672 ssh2
May  6 21:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Connection closed by 190.103.202.7 port 37672 [preauth]
May  6 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3546]: pam_unix(cron:session): session closed for user root
May  6 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Invalid user prometheus from 189.165.102.111
May  6 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: input_userauth_request: invalid user prometheus [preauth]
May  6 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Failed password for invalid user prometheus from 189.165.102.111 port 42928 ssh2
May  6 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Received disconnect from 189.165.102.111 port 42928:11: Bye Bye [preauth]
May  6 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4981]: Disconnected from 189.165.102.111 port 42928 [preauth]
May  6 21:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: Invalid user simone from 151.95.9.145
May  6 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: input_userauth_request: invalid user simone [preauth]
May  6 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session closed for user p13x
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: Successful su for rubyman by root
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: + ??? root:rubyman
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342655 of user rubyman.
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5297]: pam_unix(su:session): session closed for user rubyman
May  6 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342655.
May  6 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: Failed password for invalid user simone from 151.95.9.145 port 55836 ssh2
May  6 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: Received disconnect from 151.95.9.145 port 55836:11: Bye Bye [preauth]
May  6 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: Disconnected from 151.95.9.145 port 55836 [preauth]
May  6 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2249]: pam_unix(cron:session): session closed for user root
May  6 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Failed password for root from 104.131.199.149 port 37148 ssh2
May  6 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Received disconnect from 104.131.199.149 port 37148:11: Bye Bye [preauth]
May  6 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5330]: Disconnected from 104.131.199.149 port 37148 [preauth]
May  6 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session closed for user samftp
May  6 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session closed for user root
May  6 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Failed password for root from 72.167.140.185 port 55938 ssh2
May  6 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Received disconnect from 72.167.140.185 port 55938:11: Bye Bye [preauth]
May  6 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5678]: Disconnected from 72.167.140.185 port 55938 [preauth]
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session closed for user p13x
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: Successful su for rubyman by root
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: + ??? root:rubyman
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342659 of user rubyman.
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5763]: pam_unix(su:session): session closed for user rubyman
May  6 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342659.
May  6 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2697]: pam_unix(cron:session): session closed for user root
May  6 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session closed for user samftp
May  6 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Invalid user postgres from 104.131.199.149
May  6 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: input_userauth_request: invalid user postgres [preauth]
May  6 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Failed password for invalid user postgres from 104.131.199.149 port 55741 ssh2
May  6 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Received disconnect from 104.131.199.149 port 55741:11: Bye Bye [preauth]
May  6 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: Disconnected from 104.131.199.149 port 55741 [preauth]
May  6 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4617]: pam_unix(cron:session): session closed for user root
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6211]: pam_unix(cron:session): session closed for user root
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user p13x
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: Successful su for rubyman by root
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: + ??? root:rubyman
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342667 of user rubyman.
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6275]: pam_unix(su:session): session closed for user rubyman
May  6 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342667.
May  6 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session closed for user root
May  6 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session closed for user root
May  6 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session closed for user samftp
May  6 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5234]: pam_unix(cron:session): session closed for user root
May  6 21:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Invalid user jakob from 212.227.230.32
May  6 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: input_userauth_request: invalid user jakob [preauth]
May  6 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Failed password for invalid user jakob from 212.227.230.32 port 35112 ssh2
May  6 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Received disconnect from 212.227.230.32 port 35112:11: Bye Bye [preauth]
May  6 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6621]: Disconnected from 212.227.230.32 port 35112 [preauth]
May  6 21:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: Invalid user admin from 194.0.234.16
May  6 21:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: input_userauth_request: invalid user admin [preauth]
May  6 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  6 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: Failed password for invalid user admin from 194.0.234.16 port 51414 ssh2
May  6 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: Connection closed by 194.0.234.16 port 51414 [preauth]
May  6 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Failed password for root from 104.131.199.149 port 46090 ssh2
May  6 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Received disconnect from 104.131.199.149 port 46090:11: Bye Bye [preauth]
May  6 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Disconnected from 104.131.199.149 port 46090 [preauth]
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6650]: pam_unix(cron:session): session closed for user p13x
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: Successful su for rubyman by root
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: + ??? root:rubyman
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342671 of user rubyman.
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6723]: pam_unix(su:session): session closed for user rubyman
May  6 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342671.
May  6 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3543]: pam_unix(cron:session): session closed for user root
May  6 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6651]: pam_unix(cron:session): session closed for user samftp
May  6 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45  user=root
May  6 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7003]: Failed password for root from 41.80.35.45 port 53330 ssh2
May  6 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7003]: Received disconnect from 41.80.35.45 port 53330:11: Bye Bye [preauth]
May  6 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7003]: Disconnected from 41.80.35.45 port 53330 [preauth]
May  6 21:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Invalid user praveen from 14.103.111.16
May  6 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: input_userauth_request: invalid user praveen [preauth]
May  6 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  6 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Failed password for invalid user praveen from 14.103.111.16 port 36654 ssh2
May  6 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Received disconnect from 14.103.111.16 port 36654:11: Bye Bye [preauth]
May  6 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7036]: Disconnected from 14.103.111.16 port 36654 [preauth]
May  6 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for root from 218.92.0.223 port 46814 ssh2
May  6 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: message repeated 2 times: [ Failed password for root from 218.92.0.223 port 46814 ssh2]
May  6 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Received disconnect from 218.92.0.223 port 46814:11:  [preauth]
May  6 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Disconnected from 218.92.0.223 port 46814 [preauth]
May  6 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  6 21:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  6 21:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.223 port 25902 ssh2
May  6 21:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.223 port 25902 ssh2
May  6 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5705]: pam_unix(cron:session): session closed for user root
May  6 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Failed password for root from 218.92.0.223 port 25902 ssh2
May  6 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Received disconnect from 218.92.0.223 port 25902:11:  [preauth]
May  6 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: Disconnected from 218.92.0.223 port 25902 [preauth]
May  6 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7065]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  6 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  6 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Failed password for root from 218.92.0.223 port 25914 ssh2
May  6 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  6 21:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Failed password for root from 218.92.0.223 port 25914 ssh2
May  6 21:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: Failed password for root from 218.92.0.111 port 64260 ssh2
May  6 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Failed password for root from 218.92.0.223 port 25914 ssh2
May  6 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Received disconnect from 218.92.0.223 port 25914:11:  [preauth]
May  6 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: Disconnected from 218.92.0.223 port 25914 [preauth]
May  6 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7119]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  6 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: Failed password for root from 218.92.0.111 port 64260 ssh2
May  6 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: Failed password for root from 218.92.0.111 port 64260 ssh2
May  6 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: Received disconnect from 218.92.0.111 port 64260:11:  [preauth]
May  6 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: Disconnected from 218.92.0.111 port 64260 [preauth]
May  6 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7122]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  6 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  6 21:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Failed password for root from 218.92.0.111 port 64274 ssh2
May  6 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 64274 ssh2]
May  6 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Received disconnect from 218.92.0.111 port 64274:11:  [preauth]
May  6 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: Disconnected from 218.92.0.111 port 64274 [preauth]
May  6 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7156]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  6 21:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  6 21:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: Failed password for root from 218.92.0.111 port 33648 ssh2
May  6 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 33648 ssh2]
May  6 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: Received disconnect from 218.92.0.111 port 33648:11:  [preauth]
May  6 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: Disconnected from 218.92.0.111 port 33648 [preauth]
May  6 21:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7166]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7188]: pam_unix(cron:session): session closed for user p13x
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7252]: Successful su for rubyman by root
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7252]: + ??? root:rubyman
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342673 of user rubyman.
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7252]: pam_unix(su:session): session closed for user rubyman
May  6 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342673.
May  6 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4028]: pam_unix(cron:session): session closed for user root
May  6 21:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7189]: pam_unix(cron:session): session closed for user samftp
May  6 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Invalid user prometheus from 104.131.199.149
May  6 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: input_userauth_request: invalid user prometheus [preauth]
May  6 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for root from 151.95.9.145 port 57986 ssh2
May  6 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Failed password for invalid user prometheus from 104.131.199.149 port 36444 ssh2
May  6 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Received disconnect from 104.131.199.149 port 36444:11: Bye Bye [preauth]
May  6 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7471]: Disconnected from 104.131.199.149 port 36444 [preauth]
May  6 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Received disconnect from 151.95.9.145 port 57986:11: Bye Bye [preauth]
May  6 21:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Disconnected from 151.95.9.145 port 57986 [preauth]
May  6 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6210]: pam_unix(cron:session): session closed for user root
May  6 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Failed password for root from 189.165.102.111 port 51552 ssh2
May  6 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Received disconnect from 189.165.102.111 port 51552:11: Bye Bye [preauth]
May  6 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Disconnected from 189.165.102.111 port 51552 [preauth]
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7691]: pam_unix(cron:session): session closed for user p13x
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7768]: Successful su for rubyman by root
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7768]: + ??? root:rubyman
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342678 of user rubyman.
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7768]: pam_unix(su:session): session closed for user rubyman
May  6 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342678.
May  6 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4616]: pam_unix(cron:session): session closed for user root
May  6 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7692]: pam_unix(cron:session): session closed for user samftp
May  6 21:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Invalid user simone from 72.167.140.185
May  6 21:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: input_userauth_request: invalid user simone [preauth]
May  6 21:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Failed password for invalid user simone from 72.167.140.185 port 55060 ssh2
May  6 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Received disconnect from 72.167.140.185 port 55060:11: Bye Bye [preauth]
May  6 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Disconnected from 72.167.140.185 port 55060 [preauth]
May  6 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6655]: pam_unix(cron:session): session closed for user root
May  6 21:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user p13x
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: Successful su for rubyman by root
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: + ??? root:rubyman
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342683 of user rubyman.
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session closed for user rubyman
May  6 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342683.
May  6 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: Failed password for root from 104.131.199.149 port 55029 ssh2
May  6 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: Received disconnect from 104.131.199.149 port 55029:11: Bye Bye [preauth]
May  6 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8115]: Disconnected from 104.131.199.149 port 55029 [preauth]
May  6 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5233]: pam_unix(cron:session): session closed for user root
May  6 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session closed for user samftp
May  6 21:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7191]: pam_unix(cron:session): session closed for user root
May  6 21:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8563]: pam_unix(cron:session): session closed for user root
May  6 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user p13x
May  6 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: Successful su for rubyman by root
May  6 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: + ??? root:rubyman
May  6 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342687 of user rubyman.
May  6 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8632]: pam_unix(su:session): session closed for user rubyman
May  6 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342687.
May  6 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session closed for user root
May  6 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session closed for user root
May  6 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user samftp
May  6 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Invalid user cui from 14.103.111.16
May  6 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: input_userauth_request: invalid user cui [preauth]
May  6 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Failed password for invalid user cui from 14.103.111.16 port 36340 ssh2
May  6 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Received disconnect from 14.103.111.16 port 36340:11: Bye Bye [preauth]
May  6 21:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8894]: Disconnected from 14.103.111.16 port 36340 [preauth]
May  6 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Invalid user ansible from 104.131.199.149
May  6 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: input_userauth_request: invalid user ansible [preauth]
May  6 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149
May  6 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for invalid user ansible from 104.131.199.149 port 45390 ssh2
May  6 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Received disconnect from 104.131.199.149 port 45390:11: Bye Bye [preauth]
May  6 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Disconnected from 104.131.199.149 port 45390 [preauth]
May  6 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7694]: pam_unix(cron:session): session closed for user root
May  6 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Invalid user axway from 212.227.230.32
May  6 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: input_userauth_request: invalid user axway [preauth]
May  6 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Failed password for invalid user axway from 212.227.230.32 port 54596 ssh2
May  6 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Received disconnect from 212.227.230.32 port 54596:11: Bye Bye [preauth]
May  6 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8943]: Disconnected from 212.227.230.32 port 54596 [preauth]
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9013]: pam_unix(cron:session): session closed for user p13x
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: Successful su for rubyman by root
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: + ??? root:rubyman
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342692 of user rubyman.
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9083]: pam_unix(su:session): session closed for user rubyman
May  6 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342692.
May  6 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6207]: pam_unix(cron:session): session closed for user root
May  6 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9014]: pam_unix(cron:session): session closed for user samftp
May  6 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session closed for user root
May  6 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Failed password for root from 151.95.9.145 port 42960 ssh2
May  6 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Received disconnect from 151.95.9.145 port 42960:11: Bye Bye [preauth]
May  6 21:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9528]: Disconnected from 151.95.9.145 port 42960 [preauth]
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9540]: pam_unix(cron:session): session closed for user p13x
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: Successful su for rubyman by root
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: + ??? root:rubyman
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342696 of user rubyman.
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9598]: pam_unix(su:session): session closed for user rubyman
May  6 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342696.
May  6 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6652]: pam_unix(cron:session): session closed for user root
May  6 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.199.149  user=root
May  6 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9541]: pam_unix(cron:session): session closed for user samftp
May  6 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Failed password for root from 104.131.199.149 port 35746 ssh2
May  6 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Received disconnect from 104.131.199.149 port 35746:11: Bye Bye [preauth]
May  6 21:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Disconnected from 104.131.199.149 port 35746 [preauth]
May  6 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8562]: pam_unix(cron:session): session closed for user root
May  6 21:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Invalid user qemu from 85.208.253.189
May  6 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: input_userauth_request: invalid user qemu [preauth]
May  6 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Invalid user deployment from 189.165.102.111
May  6 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: input_userauth_request: invalid user deployment [preauth]
May  6 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Failed password for invalid user qemu from 85.208.253.189 port 48560 ssh2
May  6 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Received disconnect from 85.208.253.189 port 48560:11: Bye Bye [preauth]
May  6 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9902]: Disconnected from 85.208.253.189 port 48560 [preauth]
May  6 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Failed password for invalid user deployment from 189.165.102.111 port 60182 ssh2
May  6 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Received disconnect from 189.165.102.111 port 60182:11: Bye Bye [preauth]
May  6 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Disconnected from 189.165.102.111 port 60182 [preauth]
May  6 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Invalid user prometheus from 72.167.140.185
May  6 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: input_userauth_request: invalid user prometheus [preauth]
May  6 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Failed password for invalid user prometheus from 72.167.140.185 port 45882 ssh2
May  6 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Received disconnect from 72.167.140.185 port 45882:11: Bye Bye [preauth]
May  6 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9945]: Disconnected from 72.167.140.185 port 45882 [preauth]
May  6 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session closed for user p13x
May  6 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: Successful su for rubyman by root
May  6 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: + ??? root:rubyman
May  6 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342699 of user rubyman.
May  6 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10015]: pam_unix(su:session): session closed for user rubyman
May  6 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342699.
May  6 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7190]: pam_unix(cron:session): session closed for user root
May  6 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9949]: pam_unix(cron:session): session closed for user samftp
May  6 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9016]: pam_unix(cron:session): session closed for user root
May  6 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session closed for user p13x
May  6 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: Successful su for rubyman by root
May  6 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: + ??? root:rubyman
May  6 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342703 of user rubyman.
May  6 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: pam_unix(su:session): session closed for user rubyman
May  6 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342703.
May  6 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7693]: pam_unix(cron:session): session closed for user root
May  6 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session closed for user samftp
May  6 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Invalid user area from 14.103.111.16
May  6 21:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: input_userauth_request: invalid user area [preauth]
May  6 21:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Failed password for invalid user area from 14.103.111.16 port 43408 ssh2
May  6 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Received disconnect from 14.103.111.16 port 43408:11: Bye Bye [preauth]
May  6 21:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10820]: Disconnected from 14.103.111.16 port 43408 [preauth]
May  6 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9544]: pam_unix(cron:session): session closed for user root
May  6 21:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Connection reset by 198.235.24.39 port 61624 [preauth]
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10922]: pam_unix(cron:session): session closed for user root
May  6 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session closed for user p13x
May  6 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10981]: Successful su for rubyman by root
May  6 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10981]: + ??? root:rubyman
May  6 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342707 of user rubyman.
May  6 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10981]: pam_unix(su:session): session closed for user rubyman
May  6 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342707.
May  6 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session closed for user root
May  6 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session closed for user root
May  6 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session closed for user samftp
May  6 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for root from 212.227.230.32 port 49482 ssh2
May  6 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Received disconnect from 212.227.230.32 port 49482:11: Bye Bye [preauth]
May  6 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Disconnected from 212.227.230.32 port 49482 [preauth]
May  6 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9951]: pam_unix(cron:session): session closed for user root
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user p13x
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: Successful su for rubyman by root
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: + ??? root:rubyman
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342713 of user rubyman.
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session closed for user rubyman
May  6 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342713.
May  6 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session closed for user root
May  6 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session closed for user samftp
May  6 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Invalid user ec2-user from 190.103.202.7
May  6 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: input_userauth_request: invalid user ec2-user [preauth]
May  6 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  6 21:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Failed password for invalid user ec2-user from 190.103.202.7 port 45552 ssh2
May  6 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Connection closed by 190.103.202.7 port 45552 [preauth]
May  6 21:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Invalid user deployer from 41.80.35.45
May  6 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: input_userauth_request: invalid user deployer [preauth]
May  6 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 21:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for invalid user deployer from 41.80.35.45 port 45890 ssh2
May  6 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Received disconnect from 41.80.35.45 port 45890:11: Bye Bye [preauth]
May  6 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Disconnected from 41.80.35.45 port 45890 [preauth]
May  6 21:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: Failed password for root from 218.92.0.179 port 36003 ssh2
May  6 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: Failed password for root from 218.92.0.179 port 36003 ssh2
May  6 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user root
May  6 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: Failed password for root from 218.92.0.179 port 36003 ssh2
May  6 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: Received disconnect from 218.92.0.179 port 36003:11:  [preauth]
May  6 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: Disconnected from 218.92.0.179 port 36003 [preauth]
May  6 21:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11658]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Invalid user dd from 91.107.164.250
May  6 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: input_userauth_request: invalid user dd [preauth]
May  6 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 21:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Failed password for root from 151.95.9.145 port 37304 ssh2
May  6 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Received disconnect from 151.95.9.145 port 37304:11: Bye Bye [preauth]
May  6 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Disconnected from 151.95.9.145 port 37304 [preauth]
May  6 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Failed password for invalid user dd from 91.107.164.250 port 56792 ssh2
May  6 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Received disconnect from 91.107.164.250 port 56792:11: Bye Bye [preauth]
May  6 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Disconnected from 91.107.164.250 port 56792 [preauth]
May  6 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11757]: pam_unix(cron:session): session closed for user p13x
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11820]: Successful su for rubyman by root
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11820]: + ??? root:rubyman
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342720 of user rubyman.
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11820]: pam_unix(su:session): session closed for user rubyman
May  6 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342720.
May  6 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9015]: pam_unix(cron:session): session closed for user root
May  6 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session closed for user samftp
May  6 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10921]: pam_unix(cron:session): session closed for user root
May  6 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Failed password for root from 72.167.140.185 port 38234 ssh2
May  6 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Received disconnect from 72.167.140.185 port 38234:11: Bye Bye [preauth]
May  6 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: Disconnected from 72.167.140.185 port 38234 [preauth]
May  6 21:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Invalid user username from 189.165.102.111
May  6 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: input_userauth_request: invalid user username [preauth]
May  6 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Failed password for invalid user username from 189.165.102.111 port 40580 ssh2
May  6 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Received disconnect from 189.165.102.111 port 40580:11: Bye Bye [preauth]
May  6 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12123]: Disconnected from 189.165.102.111 port 40580 [preauth]
May  6 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12144]: pam_unix(cron:session): session closed for user p13x
May  6 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12203]: Successful su for rubyman by root
May  6 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12203]: + ??? root:rubyman
May  6 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342723 of user rubyman.
May  6 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12203]: pam_unix(su:session): session closed for user rubyman
May  6 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342723.
May  6 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9543]: pam_unix(cron:session): session closed for user root
May  6 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12145]: pam_unix(cron:session): session closed for user samftp
May  6 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user root
May  6 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: Invalid user ho from 14.103.111.16
May  6 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: input_userauth_request: invalid user ho [preauth]
May  6 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: Failed password for invalid user ho from 14.103.111.16 port 52982 ssh2
May  6 21:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: Received disconnect from 14.103.111.16 port 52982:11: Bye Bye [preauth]
May  6 21:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: Disconnected from 14.103.111.16 port 52982 [preauth]
May  6 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12544]: pam_unix(cron:session): session closed for user p13x
May  6 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: Successful su for rubyman by root
May  6 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: + ??? root:rubyman
May  6 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342728 of user rubyman.
May  6 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12605]: pam_unix(su:session): session closed for user rubyman
May  6 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342728.
May  6 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9950]: pam_unix(cron:session): session closed for user root
May  6 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12545]: pam_unix(cron:session): session closed for user samftp
May  6 21:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  6 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Failed password for root from 46.244.96.25 port 55194 ssh2
May  6 21:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12845]: Connection closed by 46.244.96.25 port 55194 [preauth]
May  6 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session closed for user root
May  6 21:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Invalid user ansible from 212.227.230.32
May  6 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: input_userauth_request: invalid user ansible [preauth]
May  6 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 21:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Failed password for invalid user ansible from 212.227.230.32 port 50878 ssh2
May  6 21:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Received disconnect from 212.227.230.32 port 50878:11: Bye Bye [preauth]
May  6 21:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12892]: Disconnected from 212.227.230.32 port 50878 [preauth]
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12942]: pam_unix(cron:session): session closed for user root
May  6 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12937]: pam_unix(cron:session): session closed for user p13x
May  6 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: Successful su for rubyman by root
May  6 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: + ??? root:rubyman
May  6 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342733 of user rubyman.
May  6 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13010]: pam_unix(su:session): session closed for user rubyman
May  6 21:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342733.
May  6 21:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session closed for user root
May  6 21:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12939]: pam_unix(cron:session): session closed for user root
May  6 21:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12938]: pam_unix(cron:session): session closed for user samftp
May  6 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12147]: pam_unix(cron:session): session closed for user root
May  6 21:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12686]: Connection reset by 218.92.0.220 port 61610 [preauth]
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13371]: pam_unix(cron:session): session closed for user p13x
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13439]: Successful su for rubyman by root
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13439]: + ??? root:rubyman
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342736 of user rubyman.
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13439]: pam_unix(su:session): session closed for user rubyman
May  6 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342736.
May  6 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session closed for user root
May  6 21:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13372]: pam_unix(cron:session): session closed for user samftp
May  6 21:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Invalid user admin from 80.94.95.241
May  6 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: input_userauth_request: invalid user admin [preauth]
May  6 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 21:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  6 21:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  6 21:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Invalid user prometheus from 151.95.9.145
May  6 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: input_userauth_request: invalid user prometheus [preauth]
May  6 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  6 21:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  6 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Failed password for invalid user prometheus from 151.95.9.145 port 34442 ssh2
May  6 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Received disconnect from 151.95.9.145 port 34442:11: Bye Bye [preauth]
May  6 21:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13754]: Disconnected from 151.95.9.145 port 34442 [preauth]
May  6 21:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  6 21:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Received disconnect from 80.94.95.241 port 59391:11: Bye [preauth]
May  6 21:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Disconnected from 80.94.95.241 port 59391 [preauth]
May  6 21:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 21:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 21:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12547]: pam_unix(cron:session): session closed for user root
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13883]: pam_unix(cron:session): session closed for user p13x
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: Successful su for rubyman by root
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: + ??? root:rubyman
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342741 of user rubyman.
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13944]: pam_unix(su:session): session closed for user rubyman
May  6 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342741.
May  6 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session closed for user root
May  6 21:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13884]: pam_unix(cron:session): session closed for user samftp
May  6 21:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.6.245  user=root
May  6 21:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Failed password for root from 159.223.6.245 port 49878 ssh2
May  6 21:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Connection closed by 159.223.6.245 port 49878 [preauth]
May  6 21:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45  user=root
May  6 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Failed password for root from 41.80.35.45 port 38376 ssh2
May  6 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Received disconnect from 41.80.35.45 port 38376:11: Bye Bye [preauth]
May  6 21:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14170]: Disconnected from 41.80.35.45 port 38376 [preauth]
May  6 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12941]: pam_unix(cron:session): session closed for user root
May  6 21:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Failed password for root from 72.167.140.185 port 41240 ssh2
May  6 21:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Received disconnect from 72.167.140.185 port 41240:11: Bye Bye [preauth]
May  6 21:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14210]: Disconnected from 72.167.140.185 port 41240 [preauth]
May  6 21:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Invalid user simone from 189.165.102.111
May  6 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: input_userauth_request: invalid user simone [preauth]
May  6 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Failed password for invalid user simone from 189.165.102.111 port 49212 ssh2
May  6 21:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Received disconnect from 189.165.102.111 port 49212:11: Bye Bye [preauth]
May  6 21:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14286]: Disconnected from 189.165.102.111 port 49212 [preauth]
May  6 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14289]: pam_unix(cron:session): session closed for user p13x
May  6 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: Successful su for rubyman by root
May  6 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: + ??? root:rubyman
May  6 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342744 of user rubyman.
May  6 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14350]: pam_unix(su:session): session closed for user rubyman
May  6 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342744.
May  6 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session closed for user root
May  6 21:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Invalid user nr from 14.103.111.16
May  6 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: input_userauth_request: invalid user nr [preauth]
May  6 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14290]: pam_unix(cron:session): session closed for user samftp
May  6 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Failed password for invalid user nr from 14.103.111.16 port 50016 ssh2
May  6 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Received disconnect from 14.103.111.16 port 50016:11: Bye Bye [preauth]
May  6 21:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Disconnected from 14.103.111.16 port 50016 [preauth]
May  6 21:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13374]: pam_unix(cron:session): session closed for user root
May  6 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 21:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Failed password for root from 80.94.95.29 port 48215 ssh2
May  6 21:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: message repeated 3 times: [ Failed password for root from 80.94.95.29 port 48215 ssh2]
May  6 21:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Failed password for root from 80.94.95.29 port 48215 ssh2
May  6 21:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Received disconnect from 80.94.95.29 port 48215:11: Bye [preauth]
May  6 21:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: Disconnected from 80.94.95.29 port 48215 [preauth]
May  6 21:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 21:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14615]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 21:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 21:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: Failed password for root from 218.92.0.216 port 34792 ssh2
May  6 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 34792 ssh2]
May  6 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: Received disconnect from 218.92.0.216 port 34792:11:  [preauth]
May  6 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: Disconnected from 218.92.0.216 port 34792 [preauth]
May  6 21:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14673]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 21:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  6 21:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Failed password for root from 218.92.0.227 port 11368 ssh2
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Failed password for root from 218.92.0.227 port 11368 ssh2
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14703]: pam_unix(cron:session): session closed for user p13x
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14830]: Successful su for rubyman by root
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14830]: + ??? root:rubyman
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342748 of user rubyman.
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14830]: pam_unix(su:session): session closed for user rubyman
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342748.
May  6 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14701]: pam_unix(cron:session): session closed for user root
May  6 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Failed password for root from 218.92.0.227 port 11368 ssh2
May  6 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Received disconnect from 218.92.0.227 port 11368:11:  [preauth]
May  6 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: Disconnected from 218.92.0.227 port 11368 [preauth]
May  6 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14691]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  6 21:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12146]: pam_unix(cron:session): session closed for user root
May  6 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14704]: pam_unix(cron:session): session closed for user samftp
May  6 21:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  6 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 21:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Failed password for root from 218.92.0.227 port 37040 ssh2
May  6 21:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15111]: Failed password for root from 212.227.230.32 port 48638 ssh2
May  6 21:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15111]: Received disconnect from 212.227.230.32 port 48638:11: Bye Bye [preauth]
May  6 21:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15111]: Disconnected from 212.227.230.32 port 48638 [preauth]
May  6 21:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Failed password for root from 218.92.0.227 port 37040 ssh2
May  6 21:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13886]: pam_unix(cron:session): session closed for user root
May  6 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Failed password for root from 218.92.0.227 port 37040 ssh2
May  6 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Received disconnect from 218.92.0.227 port 37040:11:  [preauth]
May  6 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: Disconnected from 218.92.0.227 port 37040 [preauth]
May  6 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15109]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  6 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  6 21:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Failed password for root from 218.92.0.227 port 37062 ssh2
May  6 21:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 37062 ssh2]
May  6 21:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Received disconnect from 218.92.0.227 port 37062:11:  [preauth]
May  6 21:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: Disconnected from 218.92.0.227 port 37062 [preauth]
May  6 21:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15134]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  6 21:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.6.245  user=root
May  6 21:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Failed password for root from 159.223.6.245 port 36760 ssh2
May  6 21:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Connection closed by 159.223.6.245 port 36760 [preauth]
May  6 21:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Invalid user pi from 159.223.6.245
May  6 21:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: input_userauth_request: invalid user pi [preauth]
May  6 21:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.223.6.245
May  6 21:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Failed password for invalid user pi from 159.223.6.245 port 36770 ssh2
May  6 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Invalid user myuser from 85.208.253.189
May  6 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: input_userauth_request: invalid user myuser [preauth]
May  6 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Failed password for invalid user myuser from 85.208.253.189 port 59054 ssh2
May  6 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Received disconnect from 85.208.253.189 port 59054:11: Bye Bye [preauth]
May  6 21:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Disconnected from 85.208.253.189 port 59054 [preauth]
May  6 21:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Connection closed by 159.223.6.245 port 36770 [preauth]
May  6 21:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Invalid user hive from 159.223.6.245
May  6 21:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: input_userauth_request: invalid user hive [preauth]
May  6 21:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15208]: Connection reset by 159.223.6.245 port 43882 [preauth]
May  6 21:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15194]: Connection reset by 159.223.6.245 port 43870 [preauth]
May  6 21:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15209]: Did not receive identification string from 159.223.6.245
May  6 21:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Connection reset by 159.223.6.245 port 36778 [preauth]
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15225]: pam_unix(cron:session): session closed for user root
May  6 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15220]: pam_unix(cron:session): session closed for user p13x
May  6 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15288]: Successful su for rubyman by root
May  6 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15288]: + ??? root:rubyman
May  6 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342756 of user rubyman.
May  6 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15288]: pam_unix(su:session): session closed for user rubyman
May  6 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342756.
May  6 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15222]: pam_unix(cron:session): session closed for user root
May  6 21:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12546]: pam_unix(cron:session): session closed for user root
May  6 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15221]: pam_unix(cron:session): session closed for user samftp
May  6 21:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14292]: pam_unix(cron:session): session closed for user root
May  6 21:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Invalid user ftpuser from 91.107.164.250
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: input_userauth_request: invalid user ftpuser [preauth]
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: User sshd from 194.0.234.19 not allowed because not listed in AllowUsers
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: input_userauth_request: invalid user sshd [preauth]
May  6 21:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=sshd
May  6 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Failed password for invalid user ftpuser from 91.107.164.250 port 39350 ssh2
May  6 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Received disconnect from 91.107.164.250 port 39350:11: Bye Bye [preauth]
May  6 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15593]: Disconnected from 91.107.164.250 port 39350 [preauth]
May  6 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Failed password for invalid user sshd from 194.0.234.19 port 37640 ssh2
May  6 21:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15591]: Connection closed by 194.0.234.19 port 37640 [preauth]
May  6 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: Invalid user postgres from 151.95.9.145
May  6 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: input_userauth_request: invalid user postgres [preauth]
May  6 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: Failed password for invalid user postgres from 151.95.9.145 port 47656 ssh2
May  6 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: Received disconnect from 151.95.9.145 port 47656:11: Bye Bye [preauth]
May  6 21:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15626]: Disconnected from 151.95.9.145 port 47656 [preauth]
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15645]: pam_unix(cron:session): session closed for user p13x
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: Successful su for rubyman by root
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: + ??? root:rubyman
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342759 of user rubyman.
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: pam_unix(su:session): session closed for user rubyman
May  6 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342759.
May  6 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12940]: pam_unix(cron:session): session closed for user root
May  6 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15646]: pam_unix(cron:session): session closed for user samftp
May  6 21:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Failed password for root from 218.92.0.179 port 37736 ssh2
May  6 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37736 ssh2]
May  6 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Received disconnect from 218.92.0.179 port 37736:11:  [preauth]
May  6 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Disconnected from 218.92.0.179 port 37736 [preauth]
May  6 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14706]: pam_unix(cron:session): session closed for user root
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16045]: pam_unix(cron:session): session closed for user p13x
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16105]: Successful su for rubyman by root
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16105]: + ??? root:rubyman
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342763 of user rubyman.
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16105]: pam_unix(su:session): session closed for user rubyman
May  6 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342763.
May  6 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13373]: pam_unix(cron:session): session closed for user root
May  6 21:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16046]: pam_unix(cron:session): session closed for user samftp
May  6 21:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Invalid user machine from 72.167.140.185
May  6 21:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: input_userauth_request: invalid user machine [preauth]
May  6 21:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user machine from 72.167.140.185 port 54352 ssh2
May  6 21:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Received disconnect from 72.167.140.185 port 54352:11: Bye Bye [preauth]
May  6 21:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Disconnected from 72.167.140.185 port 54352 [preauth]
May  6 21:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  6 21:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Failed password for root from 218.92.0.203 port 48756 ssh2
May  6 21:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Invalid user server from 14.103.111.16
May  6 21:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: input_userauth_request: invalid user server [preauth]
May  6 21:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Failed password for invalid user server from 14.103.111.16 port 32794 ssh2
May  6 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Received disconnect from 14.103.111.16 port 32794:11: Bye Bye [preauth]
May  6 21:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16324]: Disconnected from 14.103.111.16 port 32794 [preauth]
May  6 21:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Invalid user test from 80.94.95.125
May  6 21:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: input_userauth_request: invalid user test [preauth]
May  6 21:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for invalid user test from 80.94.95.125 port 15889 ssh2
May  6 21:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for invalid user test from 80.94.95.125 port 15889 ssh2
May  6 21:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15224]: pam_unix(cron:session): session closed for user root
May  6 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for invalid user test from 80.94.95.125 port 15889 ssh2
May  6 21:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for invalid user test from 80.94.95.125 port 15889 ssh2
May  6 21:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Failed password for invalid user test from 80.94.95.125 port 15889 ssh2
May  6 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Received disconnect from 80.94.95.125 port 15889:11: Bye [preauth]
May  6 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: Disconnected from 80.94.95.125 port 15889 [preauth]
May  6 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 21:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16344]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 21:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16444]: pam_unix(cron:session): session closed for user p13x
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Failed password for root from 189.165.102.111 port 57838 ssh2
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Received disconnect from 189.165.102.111 port 57838:11: Bye Bye [preauth]
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16430]: Disconnected from 189.165.102.111 port 57838 [preauth]
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16540]: Successful su for rubyman by root
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16540]: + ??? root:rubyman
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342766 of user rubyman.
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16540]: pam_unix(su:session): session closed for user rubyman
May  6 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342766.
May  6 21:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13885]: pam_unix(cron:session): session closed for user root
May  6 21:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16454]: pam_unix(cron:session): session closed for user samftp
May  6 21:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Invalid user ubuntu from 41.80.35.45
May  6 21:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: input_userauth_request: invalid user ubuntu [preauth]
May  6 21:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 21:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Failed password for invalid user ubuntu from 41.80.35.45 port 57310 ssh2
May  6 21:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Received disconnect from 41.80.35.45 port 57310:11: Bye Bye [preauth]
May  6 21:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16800]: Disconnected from 41.80.35.45 port 57310 [preauth]
May  6 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15648]: pam_unix(cron:session): session closed for user root
May  6 21:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  6 21:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: Failed password for root from 218.92.0.218 port 53932 ssh2
May  6 21:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 53932 ssh2]
May  6 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: Received disconnect from 218.92.0.218 port 53932:11:  [preauth]
May  6 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: Disconnected from 218.92.0.218 port 53932 [preauth]
May  6 21:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16872]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16916]: pam_unix(cron:session): session closed for user p13x
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: Successful su for rubyman by root
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: + ??? root:rubyman
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342771 of user rubyman.
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16992]: pam_unix(su:session): session closed for user rubyman
May  6 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342771.
May  6 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14291]: pam_unix(cron:session): session closed for user root
May  6 21:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16917]: pam_unix(cron:session): session closed for user samftp
May  6 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Invalid user lchang from 57.128.190.44
May  6 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: input_userauth_request: invalid user lchang [preauth]
May  6 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Failed password for invalid user lchang from 57.128.190.44 port 52926 ssh2
May  6 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Received disconnect from 57.128.190.44 port 52926:11: Bye Bye [preauth]
May  6 21:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17174]: Disconnected from 57.128.190.44 port 52926 [preauth]
May  6 21:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Invalid user prometheus from 212.227.230.32
May  6 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: input_userauth_request: invalid user prometheus [preauth]
May  6 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 21:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Invalid user jenkins from 196.250.208.207
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: input_userauth_request: invalid user jenkins [preauth]
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for invalid user prometheus from 212.227.230.32 port 36774 ssh2
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Received disconnect from 212.227.230.32 port 36774:11: Bye Bye [preauth]
May  6 21:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Disconnected from 212.227.230.32 port 36774 [preauth]
May  6 21:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Failed password for invalid user jenkins from 196.250.208.207 port 60154 ssh2
May  6 21:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Received disconnect from 196.250.208.207 port 60154:11: Bye Bye [preauth]
May  6 21:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17218]: Disconnected from 196.250.208.207 port 60154 [preauth]
May  6 21:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16048]: pam_unix(cron:session): session closed for user root
May  6 21:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 21:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Failed password for root from 91.107.164.250 port 52480 ssh2
May  6 21:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Received disconnect from 91.107.164.250 port 52480:11: Bye Bye [preauth]
May  6 21:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Disconnected from 91.107.164.250 port 52480 [preauth]
May  6 21:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Failed password for root from 85.208.253.189 port 47172 ssh2
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Received disconnect from 85.208.253.189 port 47172:11: Bye Bye [preauth]
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17332]: Disconnected from 85.208.253.189 port 47172 [preauth]
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17340]: pam_unix(cron:session): session closed for user root
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17335]: pam_unix(cron:session): session closed for user p13x
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17404]: Successful su for rubyman by root
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17404]: + ??? root:rubyman
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342776 of user rubyman.
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17404]: pam_unix(su:session): session closed for user rubyman
May  6 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342776.
May  6 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17337]: pam_unix(cron:session): session closed for user root
May  6 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14705]: pam_unix(cron:session): session closed for user root
May  6 21:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17336]: pam_unix(cron:session): session closed for user samftp
May  6 21:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: Invalid user ansible from 151.95.9.145
May  6 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: input_userauth_request: invalid user ansible [preauth]
May  6 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: Failed password for invalid user ansible from 151.95.9.145 port 33794 ssh2
May  6 21:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: Received disconnect from 151.95.9.145 port 33794:11: Bye Bye [preauth]
May  6 21:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17668]: Disconnected from 151.95.9.145 port 33794 [preauth]
May  6 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16456]: pam_unix(cron:session): session closed for user root
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17824]: pam_unix(cron:session): session closed for user p13x
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: Successful su for rubyman by root
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: + ??? root:rubyman
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342782 of user rubyman.
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17960]: pam_unix(su:session): session closed for user rubyman
May  6 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342782.
May  6 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15223]: pam_unix(cron:session): session closed for user root
May  6 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17888]: pam_unix(cron:session): session closed for user samftp
May  6 21:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Failed password for root from 218.92.0.179 port 15814 ssh2
May  6 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Failed password for root from 218.92.0.179 port 15814 ssh2
May  6 21:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16919]: pam_unix(cron:session): session closed for user root
May  6 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Failed password for root from 218.92.0.179 port 15814 ssh2
May  6 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Received disconnect from 218.92.0.179 port 15814:11:  [preauth]
May  6 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: Disconnected from 218.92.0.179 port 15814 [preauth]
May  6 21:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18220]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 21:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Invalid user shiva from 14.103.111.16
May  6 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: input_userauth_request: invalid user shiva [preauth]
May  6 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Failed password for invalid user shiva from 14.103.111.16 port 53736 ssh2
May  6 21:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Received disconnect from 14.103.111.16 port 53736:11: Bye Bye [preauth]
May  6 21:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Disconnected from 14.103.111.16 port 53736 [preauth]
May  6 21:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for root from 72.167.140.185 port 45046 ssh2
May  6 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Received disconnect from 72.167.140.185 port 45046:11: Bye Bye [preauth]
May  6 21:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Disconnected from 72.167.140.185 port 45046 [preauth]
May  6 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user p13x
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18391]: Successful su for rubyman by root
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18391]: + ??? root:rubyman
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342785 of user rubyman.
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18391]: pam_unix(su:session): session closed for user rubyman
May  6 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342785.
May  6 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15647]: pam_unix(cron:session): session closed for user root
May  6 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session closed for user samftp
May  6 21:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session closed for user root
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18730]: pam_unix(cron:session): session closed for user p13x
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: Successful su for rubyman by root
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: + ??? root:rubyman
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342789 of user rubyman.
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18800]: pam_unix(su:session): session closed for user rubyman
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342789.
May  6 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Invalid user ftpuser from 185.193.89.77
May  6 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: input_userauth_request: invalid user ftpuser [preauth]
May  6 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Invalid user jakob from 189.165.102.111
May  6 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: input_userauth_request: invalid user jakob [preauth]
May  6 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16047]: pam_unix(cron:session): session closed for user root
May  6 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Failed password for invalid user ftpuser from 185.193.89.77 port 41500 ssh2
May  6 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Received disconnect from 185.193.89.77 port 41500:11: Bye Bye [preauth]
May  6 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18823]: Disconnected from 185.193.89.77 port 41500 [preauth]
May  6 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Failed password for invalid user jakob from 189.165.102.111 port 38234 ssh2
May  6 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Received disconnect from 189.165.102.111 port 38234:11: Bye Bye [preauth]
May  6 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18910]: Disconnected from 189.165.102.111 port 38234 [preauth]
May  6 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18731]: pam_unix(cron:session): session closed for user samftp
May  6 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17890]: pam_unix(cron:session): session closed for user root
May  6 21:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Invalid user dev from 91.107.164.250
May  6 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: input_userauth_request: invalid user dev [preauth]
May  6 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 21:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Failed password for invalid user dev from 91.107.164.250 port 50278 ssh2
May  6 21:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Received disconnect from 91.107.164.250 port 50278:11: Bye Bye [preauth]
May  6 21:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19114]: Disconnected from 91.107.164.250 port 50278 [preauth]
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session closed for user p13x
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19202]: Successful su for rubyman by root
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19202]: + ??? root:rubyman
May  6 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342794 of user rubyman.
May  6 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19202]: pam_unix(su:session): session closed for user rubyman
May  6 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342794.
May  6 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16455]: pam_unix(cron:session): session closed for user root
May  6 21:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user samftp
May  6 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: Failed password for root from 212.227.230.32 port 43380 ssh2
May  6 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: Received disconnect from 212.227.230.32 port 43380:11: Bye Bye [preauth]
May  6 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19367]: Disconnected from 212.227.230.32 port 43380 [preauth]
May  6 21:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: Invalid user nima from 41.80.35.45
May  6 21:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: input_userauth_request: invalid user nima [preauth]
May  6 21:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: Failed password for invalid user nima from 41.80.35.45 port 46224 ssh2
May  6 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: Received disconnect from 41.80.35.45 port 46224:11: Bye Bye [preauth]
May  6 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19457]: Disconnected from 41.80.35.45 port 46224 [preauth]
May  6 21:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18326]: pam_unix(cron:session): session closed for user root
May  6 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: Invalid user jakob from 151.95.9.145
May  6 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: input_userauth_request: invalid user jakob [preauth]
May  6 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 21:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: Failed password for invalid user jakob from 151.95.9.145 port 42306 ssh2
May  6 21:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: Received disconnect from 151.95.9.145 port 42306:11: Bye Bye [preauth]
May  6 21:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19528]: Disconnected from 151.95.9.145 port 42306 [preauth]
May  6 21:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Invalid user ctf from 85.208.253.189
May  6 21:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: input_userauth_request: invalid user ctf [preauth]
May  6 21:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 21:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Failed password for invalid user ctf from 85.208.253.189 port 46880 ssh2
May  6 21:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Received disconnect from 85.208.253.189 port 46880:11: Bye Bye [preauth]
May  6 21:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Disconnected from 85.208.253.189 port 46880 [preauth]
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19560]: pam_unix(cron:session): session closed for user root
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19554]: pam_unix(cron:session): session closed for user p13x
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19633]: Successful su for rubyman by root
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19633]: + ??? root:rubyman
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342799 of user rubyman.
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19633]: pam_unix(su:session): session closed for user rubyman
May  6 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342799.
May  6 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19556]: pam_unix(cron:session): session closed for user root
May  6 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16918]: pam_unix(cron:session): session closed for user root
May  6 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session closed for user samftp
May  6 21:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  6 21:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Failed password for root from 50.235.31.47 port 56466 ssh2
May  6 21:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19908]: Connection closed by 50.235.31.47 port 56466 [preauth]
May  6 21:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18733]: pam_unix(cron:session): session closed for user root
May  6 21:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: Invalid user web1 from 14.103.111.16
May  6 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: input_userauth_request: invalid user web1 [preauth]
May  6 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: Failed password for invalid user web1 from 14.103.111.16 port 53086 ssh2
May  6 21:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: Received disconnect from 14.103.111.16 port 53086:11: Bye Bye [preauth]
May  6 21:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19996]: Disconnected from 14.103.111.16 port 53086 [preauth]
May  6 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session closed for user p13x
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20090]: Successful su for rubyman by root
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20090]: + ??? root:rubyman
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342802 of user rubyman.
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20090]: pam_unix(su:session): session closed for user rubyman
May  6 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342802.
May  6 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session closed for user root
May  6 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session closed for user samftp
May  6 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session closed for user root
May  6 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Invalid user teste from 72.167.140.185
May  6 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: input_userauth_request: invalid user teste [preauth]
May  6 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Failed password for invalid user teste from 72.167.140.185 port 51632 ssh2
May  6 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Received disconnect from 72.167.140.185 port 51632:11: Bye Bye [preauth]
May  6 21:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20357]: Disconnected from 72.167.140.185 port 51632 [preauth]
May  6 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20417]: pam_unix(cron:session): session closed for user p13x
May  6 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: Successful su for rubyman by root
May  6 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: + ??? root:rubyman
May  6 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342806 of user rubyman.
May  6 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20483]: pam_unix(su:session): session closed for user rubyman
May  6 21:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342806.
May  6 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17889]: pam_unix(cron:session): session closed for user root
May  6 21:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session closed for user samftp
May  6 21:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: Invalid user mg from 91.107.164.250
May  6 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: input_userauth_request: invalid user mg [preauth]
May  6 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19558]: pam_unix(cron:session): session closed for user root
May  6 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: Failed password for invalid user mg from 91.107.164.250 port 45272 ssh2
May  6 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: Received disconnect from 91.107.164.250 port 45272:11: Bye Bye [preauth]
May  6 21:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20739]: Disconnected from 91.107.164.250 port 45272 [preauth]
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user p13x
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: Successful su for rubyman by root
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: + ??? root:rubyman
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342812 of user rubyman.
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20900]: pam_unix(su:session): session closed for user rubyman
May  6 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342812.
May  6 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session closed for user root
May  6 21:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20824]: pam_unix(cron:session): session closed for user samftp
May  6 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: Failed password for root from 189.165.102.111 port 46864 ssh2
May  6 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: Received disconnect from 189.165.102.111 port 46864:11: Bye Bye [preauth]
May  6 21:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21092]: Disconnected from 189.165.102.111 port 46864 [preauth]
May  6 21:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session closed for user root
May  6 21:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Invalid user wireguard from 57.128.190.44
May  6 21:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: input_userauth_request: invalid user wireguard [preauth]
May  6 21:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Failed password for invalid user wireguard from 57.128.190.44 port 39564 ssh2
May  6 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Received disconnect from 57.128.190.44 port 39564:11: Bye Bye [preauth]
May  6 21:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21206]: Disconnected from 57.128.190.44 port 39564 [preauth]
May  6 21:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 21:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Failed password for root from 212.227.230.32 port 35164 ssh2
May  6 21:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Received disconnect from 212.227.230.32 port 35164:11: Bye Bye [preauth]
May  6 21:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21228]: Disconnected from 212.227.230.32 port 35164 [preauth]
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user p13x
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: Successful su for rubyman by root
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: + ??? root:rubyman
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342815 of user rubyman.
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21348]: pam_unix(su:session): session closed for user rubyman
May  6 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342815.
May  6 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18732]: pam_unix(cron:session): session closed for user root
May  6 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session closed for user samftp
May  6 21:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Invalid user mycat from 181.55.188.218
May  6 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: input_userauth_request: invalid user mycat [preauth]
May  6 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.55.188.218
May  6 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Failed password for invalid user mycat from 181.55.188.218 port 34152 ssh2
May  6 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Received disconnect from 181.55.188.218 port 34152:11: Bye Bye [preauth]
May  6 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Disconnected from 181.55.188.218 port 34152 [preauth]
May  6 21:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 21:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for root from 151.95.9.145 port 51366 ssh2
May  6 21:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Received disconnect from 151.95.9.145 port 51366:11: Bye Bye [preauth]
May  6 21:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Disconnected from 151.95.9.145 port 51366 [preauth]
May  6 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20420]: pam_unix(cron:session): session closed for user root
May  6 21:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: Invalid user mary from 85.208.253.189
May  6 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: input_userauth_request: invalid user mary [preauth]
May  6 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 21:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  6 21:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: Failed password for invalid user mary from 85.208.253.189 port 50092 ssh2
May  6 21:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: Received disconnect from 85.208.253.189 port 50092:11: Bye Bye [preauth]
May  6 21:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: Disconnected from 85.208.253.189 port 50092 [preauth]
May  6 21:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Failed password for root from 218.92.0.229 port 23988 ssh2
May  6 21:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 23988 ssh2]
May  6 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Received disconnect from 218.92.0.229 port 23988:11:  [preauth]
May  6 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Disconnected from 218.92.0.229 port 23988 [preauth]
May  6 21:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session closed for user root
May  6 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user p13x
May  6 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: Successful su for rubyman by root
May  6 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: + ??? root:rubyman
May  6 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342823 of user rubyman.
May  6 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22076]: pam_unix(su:session): session closed for user rubyman
May  6 21:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342823.
May  6 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user root
May  6 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session closed for user root
May  6 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session closed for user samftp
May  6 21:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Invalid user kocom from 14.103.111.16
May  6 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: input_userauth_request: invalid user kocom [preauth]
May  6 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  6 21:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Failed password for invalid user kocom from 14.103.111.16 port 39596 ssh2
May  6 21:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Failed password for root from 218.92.0.229 port 36644 ssh2
May  6 21:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Received disconnect from 14.103.111.16 port 39596:11: Bye Bye [preauth]
May  6 21:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22337]: Disconnected from 14.103.111.16 port 39596 [preauth]
May  6 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Failed password for root from 218.92.0.229 port 36644 ssh2
May  6 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Failed password for root from 218.92.0.229 port 36644 ssh2
May  6 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Received disconnect from 218.92.0.229 port 36644:11:  [preauth]
May  6 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: Disconnected from 218.92.0.229 port 36644 [preauth]
May  6 21:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22335]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  6 21:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session closed for user root
May  6 21:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: Invalid user student from 41.80.35.45
May  6 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: input_userauth_request: invalid user student [preauth]
May  6 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 21:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: Failed password for invalid user student from 41.80.35.45 port 43038 ssh2
May  6 21:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: Received disconnect from 41.80.35.45 port 43038:11: Bye Bye [preauth]
May  6 21:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22466]: Disconnected from 41.80.35.45 port 43038 [preauth]
May  6 21:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Failed password for root from 185.193.89.77 port 39874 ssh2
May  6 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Received disconnect from 185.193.89.77 port 39874:11: Bye Bye [preauth]
May  6 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Disconnected from 185.193.89.77 port 39874 [preauth]
May  6 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22538]: pam_unix(cron:session): session closed for user p13x
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22610]: Successful su for rubyman by root
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22610]: + ??? root:rubyman
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342826 of user rubyman.
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22610]: pam_unix(su:session): session closed for user rubyman
May  6 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342826.
May  6 21:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19557]: pam_unix(cron:session): session closed for user root
May  6 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22539]: pam_unix(cron:session): session closed for user samftp
May  6 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Invalid user username from 72.167.140.185
May  6 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: input_userauth_request: invalid user username [preauth]
May  6 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 21:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Failed password for invalid user username from 72.167.140.185 port 37118 ssh2
May  6 21:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Received disconnect from 72.167.140.185 port 37118:11: Bye Bye [preauth]
May  6 21:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22824]: Disconnected from 72.167.140.185 port 37118 [preauth]
May  6 21:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Invalid user hp from 91.107.164.250
May  6 21:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: input_userauth_request: invalid user hp [preauth]
May  6 21:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 21:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Failed password for invalid user hp from 91.107.164.250 port 58658 ssh2
May  6 21:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Received disconnect from 91.107.164.250 port 58658:11: Bye Bye [preauth]
May  6 21:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: Disconnected from 91.107.164.250 port 58658 [preauth]
May  6 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21271]: pam_unix(cron:session): session closed for user root
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session closed for user p13x
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23070]: Successful su for rubyman by root
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23070]: + ??? root:rubyman
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342828 of user rubyman.
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23070]: pam_unix(su:session): session closed for user rubyman
May  6 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342828.
May  6 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20018]: pam_unix(cron:session): session closed for user root
May  6 21:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23012]: pam_unix(cron:session): session closed for user samftp
May  6 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Invalid user foe from 196.250.208.207
May  6 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: input_userauth_request: invalid user foe [preauth]
May  6 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 21:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Failed password for invalid user foe from 196.250.208.207 port 33910 ssh2
May  6 21:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Received disconnect from 196.250.208.207 port 33910:11: Bye Bye [preauth]
May  6 21:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Disconnected from 196.250.208.207 port 33910 [preauth]
May  6 21:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session closed for user root
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session closed for user p13x
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23577]: Successful su for rubyman by root
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23577]: + ??? root:rubyman
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342834 of user rubyman.
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23577]: pam_unix(su:session): session closed for user rubyman
May  6 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342834.
May  6 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20419]: pam_unix(cron:session): session closed for user root
May  6 21:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session closed for user samftp
May  6 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Invalid user daf from 57.128.190.44
May  6 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: input_userauth_request: invalid user daf [preauth]
May  6 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 21:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Failed password for invalid user daf from 57.128.190.44 port 48852 ssh2
May  6 21:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Received disconnect from 57.128.190.44 port 48852:11: Bye Bye [preauth]
May  6 21:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23759]: Disconnected from 57.128.190.44 port 48852 [preauth]
May  6 21:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 21:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Failed password for root from 189.165.102.111 port 55494 ssh2
May  6 21:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Received disconnect from 189.165.102.111 port 55494:11: Bye Bye [preauth]
May  6 21:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23926]: Disconnected from 189.165.102.111 port 55494 [preauth]
May  6 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22541]: pam_unix(cron:session): session closed for user root
May  6 21:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: Invalid user postgres from 212.227.230.32
May  6 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: input_userauth_request: invalid user postgres [preauth]
May  6 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: Failed password for invalid user postgres from 212.227.230.32 port 50544 ssh2
May  6 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: Received disconnect from 212.227.230.32 port 50544:11: Bye Bye [preauth]
May  6 21:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23973]: Disconnected from 212.227.230.32 port 50544 [preauth]
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24046]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24046]: pam_unix(cron:session): session closed for user p13x
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: Successful su for rubyman by root
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: + ??? root:rubyman
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342836 of user rubyman.
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24105]: pam_unix(su:session): session closed for user rubyman
May  6 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342836.
May  6 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20826]: pam_unix(cron:session): session closed for user root
May  6 21:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24047]: pam_unix(cron:session): session closed for user samftp
May  6 21:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Failed password for root from 151.95.9.145 port 41914 ssh2
May  6 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Received disconnect from 151.95.9.145 port 41914:11: Bye Bye [preauth]
May  6 21:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24312]: Disconnected from 151.95.9.145 port 41914 [preauth]
May  6 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session closed for user root
May  6 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 21:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Invalid user hundsun from 14.103.111.16
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: input_userauth_request: invalid user hundsun [preauth]
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): check pass; user unknown
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Failed password for root from 85.208.253.189 port 41530 ssh2
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Received disconnect from 85.208.253.189 port 41530:11: Bye Bye [preauth]
May  6 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24415]: Disconnected from 85.208.253.189 port 41530 [preauth]
May  6 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Failed password for invalid user hundsun from 14.103.111.16 port 33764 ssh2
May  6 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Received disconnect from 14.103.111.16 port 33764:11: Bye Bye [preauth]
May  6 21:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Disconnected from 14.103.111.16 port 33764 [preauth]
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24501]: pam_unix(cron:session): session closed for user root
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24508]: pam_unix(cron:session): session closed for user root
May  6 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24499]: pam_unix(cron:session): session closed for user p13x
May  6 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24606]: Successful su for rubyman by root
May  6 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24606]: + ??? root:rubyman
May  6 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342843 of user rubyman.
May  6 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24606]: pam_unix(su:session): session closed for user rubyman
May  6 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342843.
May  6 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24502]: pam_unix(cron:session): session closed for user root
May  6 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session closed for user root
May  6 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24500]: pam_unix(cron:session): session closed for user samftp
May  6 22:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Invalid user ftpuser from 91.107.164.250
May  6 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: input_userauth_request: invalid user ftpuser [preauth]
May  6 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Failed password for invalid user ftpuser from 91.107.164.250 port 34146 ssh2
May  6 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Received disconnect from 91.107.164.250 port 34146:11: Bye Bye [preauth]
May  6 22:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24860]: Disconnected from 91.107.164.250 port 34146 [preauth]
May  6 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23522]: pam_unix(cron:session): session closed for user root
May  6 22:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Failed password for root from 185.193.89.77 port 38660 ssh2
May  6 22:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Received disconnect from 185.193.89.77 port 38660:11: Bye Bye [preauth]
May  6 22:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24974]: Disconnected from 185.193.89.77 port 38660 [preauth]
May  6 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Failed password for root from 72.167.140.185 port 33988 ssh2
May  6 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Received disconnect from 72.167.140.185 port 33988:11: Bye Bye [preauth]
May  6 22:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Disconnected from 72.167.140.185 port 33988 [preauth]
May  6 22:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session closed for user p13x
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: Successful su for rubyman by root
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: + ??? root:rubyman
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342848 of user rubyman.
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: pam_unix(su:session): session closed for user rubyman
May  6 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342848.
May  6 22:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Failed password for root from 218.92.0.216 port 39160 ssh2
May  6 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session closed for user root
May  6 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session closed for user samftp
May  6 22:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Failed password for root from 218.92.0.216 port 39160 ssh2
May  6 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Failed password for root from 218.92.0.216 port 39160 ssh2
May  6 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Received disconnect from 218.92.0.216 port 39160:11:  [preauth]
May  6 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: Disconnected from 218.92.0.216 port 39160 [preauth]
May  6 22:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25038]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 22:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Invalid user bitnami from 41.80.35.45
May  6 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: input_userauth_request: invalid user bitnami [preauth]
May  6 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Failed password for invalid user bitnami from 41.80.35.45 port 38230 ssh2
May  6 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Received disconnect from 41.80.35.45 port 38230:11: Bye Bye [preauth]
May  6 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Disconnected from 41.80.35.45 port 38230 [preauth]
May  6 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24049]: pam_unix(cron:session): session closed for user root
May  6 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Invalid user RPM from 194.0.234.16
May  6 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: input_userauth_request: invalid user RPM [preauth]
May  6 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  6 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Failed password for invalid user RPM from 194.0.234.16 port 47042 ssh2
May  6 22:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Connection closed by 194.0.234.16 port 47042 [preauth]
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session closed for user p13x
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: Successful su for rubyman by root
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: + ??? root:rubyman
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342852 of user rubyman.
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: pam_unix(su:session): session closed for user rubyman
May  6 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342852.
May  6 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22540]: pam_unix(cron:session): session closed for user root
May  6 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25485]: pam_unix(cron:session): session closed for user samftp
May  6 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  6 22:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Failed password for root from 57.128.190.44 port 35454 ssh2
May  6 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Received disconnect from 57.128.190.44 port 35454:11: Bye Bye [preauth]
May  6 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25865]: Disconnected from 57.128.190.44 port 35454 [preauth]
May  6 22:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: Failed password for root from 218.92.0.221 port 53942 ssh2
May  6 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 53942 ssh2]
May  6 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: Received disconnect from 218.92.0.221 port 53942:11:  [preauth]
May  6 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: Disconnected from 218.92.0.221 port 53942 [preauth]
May  6 22:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  6 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24507]: pam_unix(cron:session): session closed for user root
May  6 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Invalid user Administrator from 80.94.95.29
May  6 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: input_userauth_request: invalid user Administrator [preauth]
May  6 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for invalid user Administrator from 80.94.95.29 port 32191 ssh2
May  6 22:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for invalid user Administrator from 80.94.95.29 port 32191 ssh2
May  6 22:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for invalid user Administrator from 80.94.95.29 port 32191 ssh2
May  6 22:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for invalid user Administrator from 80.94.95.29 port 32191 ssh2
May  6 22:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Failed password for invalid user Administrator from 80.94.95.29 port 32191 ssh2
May  6 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Received disconnect from 80.94.95.29 port 32191:11: Bye [preauth]
May  6 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: Disconnected from 80.94.95.29 port 32191 [preauth]
May  6 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 22:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25915]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session closed for user p13x
May  6 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26058]: Successful su for rubyman by root
May  6 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26058]: + ??? root:rubyman
May  6 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342855 of user rubyman.
May  6 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26058]: pam_unix(su:session): session closed for user rubyman
May  6 22:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342855.
May  6 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session closed for user root
May  6 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user samftp
May  6 22:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: Invalid user teste from 212.227.230.32
May  6 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: input_userauth_request: invalid user teste [preauth]
May  6 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: Failed password for invalid user teste from 212.227.230.32 port 53396 ssh2
May  6 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: Received disconnect from 212.227.230.32 port 53396:11: Bye Bye [preauth]
May  6 22:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26279]: Disconnected from 212.227.230.32 port 53396 [preauth]
May  6 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session closed for user root
May  6 22:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Failed password for root from 189.165.102.111 port 35894 ssh2
May  6 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Received disconnect from 189.165.102.111 port 35894:11: Bye Bye [preauth]
May  6 22:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26340]: Disconnected from 189.165.102.111 port 35894 [preauth]
May  6 22:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Failed password for root from 151.95.9.145 port 38180 ssh2
May  6 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Received disconnect from 151.95.9.145 port 38180:11: Bye Bye [preauth]
May  6 22:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26370]: Disconnected from 151.95.9.145 port 38180 [preauth]
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26392]: pam_unix(cron:session): session closed for user p13x
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: Successful su for rubyman by root
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: + ??? root:rubyman
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342859 of user rubyman.
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26537]: pam_unix(su:session): session closed for user rubyman
May  6 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342859.
May  6 22:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Invalid user satisfactory from 14.103.111.16
May  6 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: input_userauth_request: invalid user satisfactory [preauth]
May  6 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23521]: pam_unix(cron:session): session closed for user root
May  6 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Failed password for invalid user satisfactory from 14.103.111.16 port 39086 ssh2
May  6 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Received disconnect from 14.103.111.16 port 39086:11: Bye Bye [preauth]
May  6 22:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Disconnected from 14.103.111.16 port 39086 [preauth]
May  6 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26393]: pam_unix(cron:session): session closed for user samftp
May  6 22:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 22:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: Failed password for root from 91.107.164.250 port 39090 ssh2
May  6 22:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: Received disconnect from 91.107.164.250 port 39090:11: Bye Bye [preauth]
May  6 22:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: Disconnected from 91.107.164.250 port 39090 [preauth]
May  6 22:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Failed password for root from 85.208.253.189 port 36186 ssh2
May  6 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Received disconnect from 85.208.253.189 port 36186:11: Bye Bye [preauth]
May  6 22:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Disconnected from 85.208.253.189 port 36186 [preauth]
May  6 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25487]: pam_unix(cron:session): session closed for user root
May  6 22:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Invalid user jessica from 196.250.208.207
May  6 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: input_userauth_request: invalid user jessica [preauth]
May  6 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 22:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Failed password for invalid user jessica from 196.250.208.207 port 42366 ssh2
May  6 22:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Received disconnect from 196.250.208.207 port 42366:11: Bye Bye [preauth]
May  6 22:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26847]: Disconnected from 196.250.208.207 port 42366 [preauth]
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26908]: pam_unix(cron:session): session closed for user root
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26902]: pam_unix(cron:session): session closed for user p13x
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: Successful su for rubyman by root
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: + ??? root:rubyman
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342866 of user rubyman.
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27011]: pam_unix(su:session): session closed for user rubyman
May  6 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342866.
May  6 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session closed for user root
May  6 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24048]: pam_unix(cron:session): session closed for user root
May  6 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session closed for user samftp
May  6 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 22:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Invalid user ubuntu from 185.193.89.77
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: input_userauth_request: invalid user ubuntu [preauth]
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Failed password for root from 72.167.140.185 port 42408 ssh2
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Received disconnect from 72.167.140.185 port 42408:11: Bye Bye [preauth]
May  6 22:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Disconnected from 72.167.140.185 port 42408 [preauth]
May  6 22:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Failed password for invalid user ubuntu from 185.193.89.77 port 33914 ssh2
May  6 22:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Received disconnect from 185.193.89.77 port 33914:11: Bye Bye [preauth]
May  6 22:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27331]: Disconnected from 185.193.89.77 port 33914 [preauth]
May  6 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session closed for user root
May  6 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27472]: pam_unix(cron:session): session closed for user p13x
May  6 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: Successful su for rubyman by root
May  6 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: + ??? root:rubyman
May  6 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342869 of user rubyman.
May  6 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27552]: pam_unix(su:session): session closed for user rubyman
May  6 22:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342869.
May  6 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24506]: pam_unix(cron:session): session closed for user root
May  6 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27473]: pam_unix(cron:session): session closed for user samftp
May  6 22:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Invalid user rush from 57.128.190.44
May  6 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: input_userauth_request: invalid user rush [preauth]
May  6 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26395]: pam_unix(cron:session): session closed for user root
May  6 22:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Failed password for invalid user rush from 57.128.190.44 port 38620 ssh2
May  6 22:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Received disconnect from 57.128.190.44 port 38620:11: Bye Bye [preauth]
May  6 22:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Disconnected from 57.128.190.44 port 38620 [preauth]
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27900]: pam_unix(cron:session): session closed for user p13x
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27962]: Successful su for rubyman by root
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27962]: + ??? root:rubyman
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342874 of user rubyman.
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27962]: pam_unix(su:session): session closed for user rubyman
May  6 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342874.
May  6 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session closed for user root
May  6 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27901]: pam_unix(cron:session): session closed for user samftp
May  6 22:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: Invalid user whatsapp from 41.80.35.45
May  6 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: input_userauth_request: invalid user whatsapp [preauth]
May  6 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: Failed password for invalid user whatsapp from 41.80.35.45 port 59210 ssh2
May  6 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: Received disconnect from 41.80.35.45 port 59210:11: Bye Bye [preauth]
May  6 22:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28209]: Disconnected from 41.80.35.45 port 59210 [preauth]
May  6 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session closed for user root
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user p13x
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: Successful su for rubyman by root
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: + ??? root:rubyman
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342877 of user rubyman.
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28362]: pam_unix(su:session): session closed for user rubyman
May  6 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342877.
May  6 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25486]: pam_unix(cron:session): session closed for user root
May  6 22:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user samftp
May  6 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 22:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: Failed password for root from 212.227.230.32 port 50240 ssh2
May  6 22:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: Received disconnect from 212.227.230.32 port 50240:11: Bye Bye [preauth]
May  6 22:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28557]: Disconnected from 212.227.230.32 port 50240 [preauth]
May  6 22:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: Invalid user di from 14.103.111.16
May  6 22:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: input_userauth_request: invalid user di [preauth]
May  6 22:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: Failed password for invalid user di from 14.103.111.16 port 58984 ssh2
May  6 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: Received disconnect from 14.103.111.16 port 58984:11: Bye Bye [preauth]
May  6 22:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28591]: Disconnected from 14.103.111.16 port 58984 [preauth]
May  6 22:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Invalid user ctf from 91.107.164.250
May  6 22:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: input_userauth_request: invalid user ctf [preauth]
May  6 22:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Failed password for invalid user ctf from 91.107.164.250 port 43290 ssh2
May  6 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Received disconnect from 91.107.164.250 port 43290:11: Bye Bye [preauth]
May  6 22:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Disconnected from 91.107.164.250 port 43290 [preauth]
May  6 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27475]: pam_unix(cron:session): session closed for user root
May  6 22:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Invalid user username from 151.95.9.145
May  6 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: input_userauth_request: invalid user username [preauth]
May  6 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Failed password for invalid user username from 151.95.9.145 port 36486 ssh2
May  6 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Received disconnect from 151.95.9.145 port 36486:11: Bye Bye [preauth]
May  6 22:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28664]: Disconnected from 151.95.9.145 port 36486 [preauth]
May  6 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Invalid user postgres from 189.165.102.111
May  6 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: input_userauth_request: invalid user postgres [preauth]
May  6 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Failed password for invalid user postgres from 189.165.102.111 port 44524 ssh2
May  6 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Received disconnect from 189.165.102.111 port 44524:11: Bye Bye [preauth]
May  6 22:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28695]: Disconnected from 189.165.102.111 port 44524 [preauth]
May  6 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session closed for user p13x
May  6 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: Successful su for rubyman by root
May  6 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: + ??? root:rubyman
May  6 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342881 of user rubyman.
May  6 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28848]: pam_unix(su:session): session closed for user rubyman
May  6 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342881.
May  6 22:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user root
May  6 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session closed for user root
May  6 22:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user samftp
May  6 22:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: Invalid user mg from 85.208.253.189
May  6 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: input_userauth_request: invalid user mg [preauth]
May  6 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: Failed password for invalid user mg from 85.208.253.189 port 50926 ssh2
May  6 22:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: Received disconnect from 85.208.253.189 port 50926:11: Bye Bye [preauth]
May  6 22:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29197]: Disconnected from 85.208.253.189 port 50926 [preauth]
May  6 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27903]: pam_unix(cron:session): session closed for user root
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29327]: pam_unix(cron:session): session closed for user root
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29322]: pam_unix(cron:session): session closed for user p13x
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: Successful su for rubyman by root
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: + ??? root:rubyman
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342886 of user rubyman.
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29395]: pam_unix(su:session): session closed for user rubyman
May  6 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342886.
May  6 22:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29324]: pam_unix(cron:session): session closed for user root
May  6 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26394]: pam_unix(cron:session): session closed for user root
May  6 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29323]: pam_unix(cron:session): session closed for user samftp
May  6 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 22:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29640]: Failed password for root from 72.167.140.185 port 60330 ssh2
May  6 22:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29640]: Received disconnect from 72.167.140.185 port 60330:11: Bye Bye [preauth]
May  6 22:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29640]: Disconnected from 72.167.140.185 port 60330 [preauth]
May  6 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Failed password for root from 185.193.89.77 port 40498 ssh2
May  6 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Received disconnect from 185.193.89.77 port 40498:11: Bye Bye [preauth]
May  6 22:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29643]: Disconnected from 185.193.89.77 port 40498 [preauth]
May  6 22:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Received disconnect from 218.92.0.179 port 19598:11:  [preauth]
May  6 22:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29674]: Disconnected from 218.92.0.179 port 19598 [preauth]
May  6 22:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user root
May  6 22:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Failed password for root from 57.128.190.44 port 42864 ssh2
May  6 22:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Received disconnect from 57.128.190.44 port 42864:11: Bye Bye [preauth]
May  6 22:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29776]: Disconnected from 57.128.190.44 port 42864 [preauth]
May  6 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session closed for user p13x
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: Successful su for rubyman by root
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: + ??? root:rubyman
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342894 of user rubyman.
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29857]: pam_unix(su:session): session closed for user rubyman
May  6 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342894.
May  6 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session closed for user root
May  6 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29788]: pam_unix(cron:session): session closed for user samftp
May  6 22:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Invalid user test02 from 196.250.208.207
May  6 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: input_userauth_request: invalid user test02 [preauth]
May  6 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 22:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Failed password for invalid user test02 from 196.250.208.207 port 50806 ssh2
May  6 22:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Received disconnect from 196.250.208.207 port 50806:11: Bye Bye [preauth]
May  6 22:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30084]: Disconnected from 196.250.208.207 port 50806 [preauth]
May  6 22:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28727]: pam_unix(cron:session): session closed for user root
May  6 22:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Invalid user admin from 80.94.95.241
May  6 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: input_userauth_request: invalid user admin [preauth]
May  6 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 22:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for invalid user admin from 80.94.95.241 port 64375 ssh2
May  6 22:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for invalid user admin from 80.94.95.241 port 64375 ssh2
May  6 22:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for invalid user admin from 80.94.95.241 port 64375 ssh2
May  6 22:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for invalid user admin from 80.94.95.241 port 64375 ssh2
May  6 22:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for invalid user admin from 80.94.95.241 port 64375 ssh2
May  6 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Received disconnect from 80.94.95.241 port 64375:11: Bye [preauth]
May  6 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Disconnected from 80.94.95.241 port 64375 [preauth]
May  6 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 22:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user p13x
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30271]: Successful su for rubyman by root
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30271]: + ??? root:rubyman
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342897 of user rubyman.
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30271]: pam_unix(su:session): session closed for user rubyman
May  6 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342897.
May  6 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27474]: pam_unix(cron:session): session closed for user root
May  6 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session closed for user samftp
May  6 22:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Failed password for root from 91.107.164.250 port 49950 ssh2
May  6 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Received disconnect from 91.107.164.250 port 49950:11: Bye Bye [preauth]
May  6 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Disconnected from 91.107.164.250 port 49950 [preauth]
May  6 22:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Invalid user ldap from 14.103.111.16
May  6 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: input_userauth_request: invalid user ldap [preauth]
May  6 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Failed password for invalid user ldap from 14.103.111.16 port 51558 ssh2
May  6 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Received disconnect from 14.103.111.16 port 51558:11: Bye Bye [preauth]
May  6 22:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30522]: Disconnected from 14.103.111.16 port 51558 [preauth]
May  6 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29326]: pam_unix(cron:session): session closed for user root
May  6 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Invalid user simone from 212.227.230.32
May  6 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: input_userauth_request: invalid user simone [preauth]
May  6 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 22:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Failed password for invalid user simone from 212.227.230.32 port 51254 ssh2
May  6 22:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Received disconnect from 212.227.230.32 port 51254:11: Bye Bye [preauth]
May  6 22:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Disconnected from 212.227.230.32 port 51254 [preauth]
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30618]: pam_unix(cron:session): session closed for user p13x
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30679]: Successful su for rubyman by root
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30679]: + ??? root:rubyman
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342902 of user rubyman.
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30679]: pam_unix(su:session): session closed for user rubyman
May  6 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342902.
May  6 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27902]: pam_unix(cron:session): session closed for user root
May  6 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30619]: pam_unix(cron:session): session closed for user samftp
May  6 22:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  6 22:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Failed password for root from 218.92.0.218 port 38272 ssh2
May  6 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 38272 ssh2]
May  6 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Received disconnect from 218.92.0.218 port 38272:11:  [preauth]
May  6 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: Disconnected from 218.92.0.218 port 38272 [preauth]
May  6 22:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30874]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  6 22:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Failed password for root from 151.95.9.145 port 52810 ssh2
May  6 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Received disconnect from 151.95.9.145 port 52810:11: Bye Bye [preauth]
May  6 22:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30897]: Disconnected from 151.95.9.145 port 52810 [preauth]
May  6 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: Invalid user sol from 41.80.35.45
May  6 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: input_userauth_request: invalid user sol [preauth]
May  6 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: Failed password for invalid user sol from 41.80.35.45 port 49658 ssh2
May  6 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: Received disconnect from 41.80.35.45 port 49658:11: Bye Bye [preauth]
May  6 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30936]: Disconnected from 41.80.35.45 port 49658 [preauth]
May  6 22:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  6 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session closed for user root
May  6 22:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: Failed password for root from 218.92.0.230 port 10752 ssh2
May  6 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 10752 ssh2]
May  6 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: Received disconnect from 218.92.0.230 port 10752:11:  [preauth]
May  6 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: Disconnected from 218.92.0.230 port 10752 [preauth]
May  6 22:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30988]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  6 22:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: Invalid user machine from 189.165.102.111
May  6 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: input_userauth_request: invalid user machine [preauth]
May  6 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 22:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for root from 218.92.0.179 port 51777 ssh2
May  6 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: Failed password for invalid user machine from 189.165.102.111 port 53204 ssh2
May  6 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: Received disconnect from 189.165.102.111 port 53204:11: Bye Bye [preauth]
May  6 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: Disconnected from 189.165.102.111 port 53204 [preauth]
May  6 22:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for root from 218.92.0.179 port 51777 ssh2
May  6 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Failed password for root from 218.92.0.179 port 51777 ssh2
May  6 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Received disconnect from 218.92.0.179 port 51777:11:  [preauth]
May  6 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: Disconnected from 218.92.0.179 port 51777 [preauth]
May  6 22:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31098]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31121]: pam_unix(cron:session): session closed for user p13x
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31188]: Successful su for rubyman by root
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31188]: + ??? root:rubyman
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342906 of user rubyman.
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31188]: pam_unix(su:session): session closed for user rubyman
May  6 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342906.
May  6 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user root
May  6 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31122]: pam_unix(cron:session): session closed for user samftp
May  6 22:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Invalid user ftpuser from 85.208.253.189
May  6 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: input_userauth_request: invalid user ftpuser [preauth]
May  6 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Failed password for invalid user ftpuser from 85.208.253.189 port 58670 ssh2
May  6 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Received disconnect from 85.208.253.189 port 58670:11: Bye Bye [preauth]
May  6 22:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31387]: Disconnected from 85.208.253.189 port 58670 [preauth]
May  6 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30216]: pam_unix(cron:session): session closed for user root
May  6 22:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: Invalid user deployment from 72.167.140.185
May  6 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: input_userauth_request: invalid user deployment [preauth]
May  6 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 22:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31568]: Connection closed by 63.149.121.82 port 9194 [preauth]
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session closed for user root
May  6 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31574]: pam_unix(cron:session): session closed for user p13x
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: Successful su for rubyman by root
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: + ??? root:rubyman
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342909 of user rubyman.
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31655]: pam_unix(su:session): session closed for user rubyman
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342909.
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: Failed password for invalid user deployment from 72.167.140.185 port 60128 ssh2
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: Received disconnect from 72.167.140.185 port 60128:11: Bye Bye [preauth]
May  6 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31570]: Disconnected from 72.167.140.185 port 60128 [preauth]
May  6 22:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Invalid user test from 185.193.89.77
May  6 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: input_userauth_request: invalid user test [preauth]
May  6 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31576]: pam_unix(cron:session): session closed for user root
May  6 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28726]: pam_unix(cron:session): session closed for user root
May  6 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Failed password for invalid user test from 185.193.89.77 port 42838 ssh2
May  6 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Received disconnect from 185.193.89.77 port 42838:11: Bye Bye [preauth]
May  6 22:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31751]: Disconnected from 185.193.89.77 port 42838 [preauth]
May  6 22:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31575]: pam_unix(cron:session): session closed for user samftp
May  6 22:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Failed password for root from 57.128.190.44 port 41888 ssh2
May  6 22:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Received disconnect from 57.128.190.44 port 41888:11: Bye Bye [preauth]
May  6 22:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Disconnected from 57.128.190.44 port 41888 [preauth]
May  6 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30621]: pam_unix(cron:session): session closed for user root
May  6 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session closed for user p13x
May  6 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32407]: Successful su for rubyman by root
May  6 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32407]: + ??? root:rubyman
May  6 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342914 of user rubyman.
May  6 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32407]: pam_unix(su:session): session closed for user rubyman
May  6 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342914.
May  6 22:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29325]: pam_unix(cron:session): session closed for user root
May  6 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session closed for user samftp
May  6 22:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: Failed password for root from 91.107.164.250 port 60862 ssh2
May  6 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: Received disconnect from 91.107.164.250 port 60862:11: Bye Bye [preauth]
May  6 22:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32731]: Disconnected from 91.107.164.250 port 60862 [preauth]
May  6 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31124]: pam_unix(cron:session): session closed for user root
May  6 22:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Invalid user parth from 14.103.111.16
May  6 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: input_userauth_request: invalid user parth [preauth]
May  6 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user parth from 14.103.111.16 port 51158 ssh2
May  6 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Received disconnect from 14.103.111.16 port 51158:11: Bye Bye [preauth]
May  6 22:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Disconnected from 14.103.111.16 port 51158 [preauth]
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[443]: pam_unix(cron:session): session closed for user root
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session closed for user p13x
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: Successful su for rubyman by root
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: + ??? root:rubyman
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342918 of user rubyman.
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: pam_unix(su:session): session closed for user rubyman
May  6 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342918.
May  6 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session closed for user root
May  6 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[447]: pam_unix(cron:session): session closed for user samftp
May  6 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session closed for user root
May  6 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 22:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: Failed password for root from 212.227.230.32 port 60500 ssh2
May  6 22:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: Received disconnect from 212.227.230.32 port 60500:11: Bye Bye [preauth]
May  6 22:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[856]: Disconnected from 212.227.230.32 port 60500 [preauth]
May  6 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session closed for user p13x
May  6 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: Successful su for rubyman by root
May  6 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: + ??? root:rubyman
May  6 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342924 of user rubyman.
May  6 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1004]: pam_unix(su:session): session closed for user rubyman
May  6 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342924.
May  6 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session closed for user root
May  6 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 22:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[925]: pam_unix(cron:session): session closed for user samftp
May  6 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for root from 151.95.9.145 port 38356 ssh2
May  6 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Received disconnect from 151.95.9.145 port 38356:11: Bye Bye [preauth]
May  6 22:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Disconnected from 151.95.9.145 port 38356 [preauth]
May  6 22:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: Failed password for root from 218.92.0.179 port 40571 ssh2
May  6 22:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40571 ssh2]
May  6 22:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: Received disconnect from 218.92.0.179 port 40571:11:  [preauth]
May  6 22:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: Disconnected from 218.92.0.179 port 40571 [preauth]
May  6 22:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1230]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Invalid user ubnt from 80.94.95.125
May  6 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: input_userauth_request: invalid user ubnt [preauth]
May  6 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 22:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Failed password for invalid user ubnt from 80.94.95.125 port 56298 ssh2
May  6 22:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32318]: pam_unix(cron:session): session closed for user root
May  6 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Failed password for invalid user ubnt from 80.94.95.125 port 56298 ssh2
May  6 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Failed password for invalid user ubnt from 80.94.95.125 port 56298 ssh2
May  6 22:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Failed password for invalid user ubnt from 80.94.95.125 port 56298 ssh2
May  6 22:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Failed password for invalid user ubnt from 80.94.95.125 port 56298 ssh2
May  6 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Received disconnect from 80.94.95.125 port 56298:11: Bye [preauth]
May  6 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: Disconnected from 80.94.95.125 port 56298 [preauth]
May  6 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 22:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 22:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Failed password for root from 189.165.102.111 port 33598 ssh2
May  6 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Received disconnect from 189.165.102.111 port 33598:11: Bye Bye [preauth]
May  6 22:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1395]: Disconnected from 189.165.102.111 port 33598 [preauth]
May  6 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1409]: pam_unix(cron:session): session closed for user p13x
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1496]: Successful su for rubyman by root
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1496]: + ??? root:rubyman
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342928 of user rubyman.
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1496]: pam_unix(su:session): session closed for user rubyman
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342928.
May  6 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: Invalid user user3 from 85.208.253.189
May  6 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: input_userauth_request: invalid user user3 [preauth]
May  6 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30620]: pam_unix(cron:session): session closed for user root
May  6 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: Failed password for invalid user user3 from 85.208.253.189 port 37856 ssh2
May  6 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: Received disconnect from 85.208.253.189 port 37856:11: Bye Bye [preauth]
May  6 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1555]: Disconnected from 85.208.253.189 port 37856 [preauth]
May  6 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1410]: pam_unix(cron:session): session closed for user samftp
May  6 22:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Invalid user solar from 41.80.35.45
May  6 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: input_userauth_request: invalid user solar [preauth]
May  6 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Failed password for invalid user solar from 41.80.35.45 port 58758 ssh2
May  6 22:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Received disconnect from 41.80.35.45 port 58758:11: Bye Bye [preauth]
May  6 22:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Disconnected from 41.80.35.45 port 58758 [preauth]
May  6 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[449]: pam_unix(cron:session): session closed for user root
May  6 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Failed password for root from 57.128.190.44 port 36086 ssh2
May  6 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Received disconnect from 57.128.190.44 port 36086:11: Bye Bye [preauth]
May  6 22:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1828]: Disconnected from 57.128.190.44 port 36086 [preauth]
May  6 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Failed password for root from 185.193.89.77 port 58594 ssh2
May  6 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Received disconnect from 185.193.89.77 port 58594:11: Bye Bye [preauth]
May  6 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1839]: Disconnected from 185.193.89.77 port 58594 [preauth]
May  6 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Invalid user config from 194.0.234.19
May  6 22:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: input_userauth_request: invalid user config [preauth]
May  6 22:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Failed password for root from 72.167.140.185 port 37780 ssh2
May  6 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Received disconnect from 72.167.140.185 port 37780:11: Bye Bye [preauth]
May  6 22:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1853]: Disconnected from 72.167.140.185 port 37780 [preauth]
May  6 22:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Failed password for invalid user config from 194.0.234.19 port 18108 ssh2
May  6 22:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Connection closed by 194.0.234.19 port 18108 [preauth]
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1944]: pam_unix(cron:session): session closed for user root
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session closed for user p13x
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: Successful su for rubyman by root
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: + ??? root:rubyman
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342931 of user rubyman.
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2052]: pam_unix(su:session): session closed for user rubyman
May  6 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342931.
May  6 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session closed for user root
May  6 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31123]: pam_unix(cron:session): session closed for user root
May  6 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1910]: pam_unix(cron:session): session closed for user samftp
May  6 22:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Invalid user qemu from 91.107.164.250
May  6 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: input_userauth_request: invalid user qemu [preauth]
May  6 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Failed password for invalid user qemu from 91.107.164.250 port 44730 ssh2
May  6 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Received disconnect from 91.107.164.250 port 44730:11: Bye Bye [preauth]
May  6 22:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2270]: Disconnected from 91.107.164.250 port 44730 [preauth]
May  6 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[930]: pam_unix(cron:session): session closed for user root
May  6 22:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Invalid user sto from 196.250.208.207
May  6 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: input_userauth_request: invalid user sto [preauth]
May  6 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Failed password for invalid user sto from 196.250.208.207 port 59260 ssh2
May  6 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Received disconnect from 196.250.208.207 port 59260:11: Bye Bye [preauth]
May  6 22:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Disconnected from 196.250.208.207 port 59260 [preauth]
May  6 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session closed for user p13x
May  6 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: Successful su for rubyman by root
May  6 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: + ??? root:rubyman
May  6 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342938 of user rubyman.
May  6 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: pam_unix(su:session): session closed for user rubyman
May  6 22:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342938.
May  6 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session closed for user root
May  6 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session closed for user samftp
May  6 22:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Invalid user seafile from 14.103.111.16
May  6 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: input_userauth_request: invalid user seafile [preauth]
May  6 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for invalid user seafile from 14.103.111.16 port 58990 ssh2
May  6 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Received disconnect from 14.103.111.16 port 58990:11: Bye Bye [preauth]
May  6 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Disconnected from 14.103.111.16 port 58990 [preauth]
May  6 22:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1412]: pam_unix(cron:session): session closed for user root
May  6 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2878]: pam_unix(cron:session): session closed for user p13x
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: Successful su for rubyman by root
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: + ??? root:rubyman
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342942 of user rubyman.
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2945]: pam_unix(su:session): session closed for user rubyman
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342942.
May  6 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session closed for user root
May  6 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for root from 218.92.0.179 port 12525 ssh2
May  6 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2879]: pam_unix(cron:session): session closed for user samftp
May  6 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for root from 218.92.0.179 port 12525 ssh2
May  6 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Failed password for root from 218.92.0.179 port 12525 ssh2
May  6 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Received disconnect from 218.92.0.179 port 12525:11:  [preauth]
May  6 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: Disconnected from 218.92.0.179 port 12525 [preauth]
May  6 22:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  6 22:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Failed password for root from 218.92.0.237 port 53632 ssh2
May  6 22:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 53632 ssh2]
May  6 22:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Received disconnect from 218.92.0.237 port 53632:11:  [preauth]
May  6 22:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Disconnected from 218.92.0.237 port 53632 [preauth]
May  6 22:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  6 22:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Invalid user deployment from 212.227.230.32
May  6 22:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: input_userauth_request: invalid user deployment [preauth]
May  6 22:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Failed password for invalid user deployment from 212.227.230.32 port 42598 ssh2
May  6 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Received disconnect from 212.227.230.32 port 42598:11: Bye Bye [preauth]
May  6 22:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3193]: Disconnected from 212.227.230.32 port 42598 [preauth]
May  6 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session closed for user root
May  6 22:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Invalid user teste from 151.95.9.145
May  6 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: input_userauth_request: invalid user teste [preauth]
May  6 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Failed password for invalid user teste from 151.95.9.145 port 46492 ssh2
May  6 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Received disconnect from 151.95.9.145 port 46492:11: Bye Bye [preauth]
May  6 22:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3273]: Disconnected from 151.95.9.145 port 46492 [preauth]
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session closed for user p13x
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: Successful su for rubyman by root
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: + ??? root:rubyman
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342945 of user rubyman.
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: pam_unix(su:session): session closed for user rubyman
May  6 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342945.
May  6 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session closed for user root
May  6 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user samftp
May  6 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2441]: pam_unix(cron:session): session closed for user root
May  6 22:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: Failed password for root from 85.208.253.189 port 51702 ssh2
May  6 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: Received disconnect from 85.208.253.189 port 51702:11: Bye Bye [preauth]
May  6 22:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3719]: Disconnected from 85.208.253.189 port 51702 [preauth]
May  6 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session closed for user p13x
May  6 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3797]: Successful su for rubyman by root
May  6 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3797]: + ??? root:rubyman
May  6 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342950 of user rubyman.
May  6 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3797]: pam_unix(su:session): session closed for user rubyman
May  6 22:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342950.
May  6 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[929]: pam_unix(cron:session): session closed for user root
May  6 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session closed for user samftp
May  6 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Failed password for root from 57.128.190.44 port 34872 ssh2
May  6 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Received disconnect from 57.128.190.44 port 34872:11: Bye Bye [preauth]
May  6 22:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4011]: Disconnected from 57.128.190.44 port 34872 [preauth]
May  6 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Failed password for root from 189.165.102.111 port 42230 ssh2
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Received disconnect from 189.165.102.111 port 42230:11: Bye Bye [preauth]
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4022]: Disconnected from 189.165.102.111 port 42230 [preauth]
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Invalid user sandy from 91.107.164.250
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: input_userauth_request: invalid user sandy [preauth]
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Failed password for invalid user sandy from 91.107.164.250 port 55364 ssh2
May  6 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Received disconnect from 91.107.164.250 port 55364:11: Bye Bye [preauth]
May  6 22:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4024]: Disconnected from 91.107.164.250 port 55364 [preauth]
May  6 22:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Failed password for root from 185.193.89.77 port 53144 ssh2
May  6 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Received disconnect from 185.193.89.77 port 53144:11: Bye Bye [preauth]
May  6 22:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4049]: Disconnected from 185.193.89.77 port 53144 [preauth]
May  6 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185  user=root
May  6 22:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Failed password for root from 72.167.140.185 port 48862 ssh2
May  6 22:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Received disconnect from 72.167.140.185 port 48862:11: Bye Bye [preauth]
May  6 22:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4081]: Disconnected from 72.167.140.185 port 48862 [preauth]
May  6 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2881]: pam_unix(cron:session): session closed for user root
May  6 22:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user root
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4183]: pam_unix(cron:session): session closed for user p13x
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: Successful su for rubyman by root
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: + ??? root:rubyman
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342954 of user rubyman.
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4281]: pam_unix(su:session): session closed for user rubyman
May  6 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342954.
May  6 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4185]: pam_unix(cron:session): session closed for user root
May  6 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1411]: pam_unix(cron:session): session closed for user root
May  6 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4184]: pam_unix(cron:session): session closed for user samftp
May  6 22:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45  user=root
May  6 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: Failed password for root from 41.80.35.45 port 52992 ssh2
May  6 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: Received disconnect from 41.80.35.45 port 52992:11: Bye Bye [preauth]
May  6 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4690]: Disconnected from 41.80.35.45 port 52992 [preauth]
May  6 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user root
May  6 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Invalid user luna from 14.103.111.16
May  6 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: input_userauth_request: invalid user luna [preauth]
May  6 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Failed password for invalid user luna from 14.103.111.16 port 37672 ssh2
May  6 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Received disconnect from 14.103.111.16 port 37672:11: Bye Bye [preauth]
May  6 22:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4717]: Disconnected from 14.103.111.16 port 37672 [preauth]
May  6 22:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  6 22:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Failed password for root from 218.92.0.219 port 39490 ssh2
May  6 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 39490 ssh2]
May  6 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Received disconnect from 218.92.0.219 port 39490:11:  [preauth]
May  6 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: Disconnected from 218.92.0.219 port 39490 [preauth]
May  6 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4755]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  6 22:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4786]: pam_unix(cron:session): session closed for user p13x
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: Successful su for rubyman by root
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: + ??? root:rubyman
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342961 of user rubyman.
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: pam_unix(su:session): session closed for user rubyman
May  6 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342961.
May  6 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user root
May  6 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4787]: pam_unix(cron:session): session closed for user samftp
May  6 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  6 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Failed password for root from 218.92.0.219 port 29184 ssh2
May  6 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3733]: pam_unix(cron:session): session closed for user root
May  6 22:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Failed password for root from 218.92.0.219 port 29184 ssh2
May  6 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Failed password for root from 218.92.0.219 port 29184 ssh2
May  6 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Received disconnect from 218.92.0.219 port 29184:11:  [preauth]
May  6 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: Disconnected from 218.92.0.219 port 29184 [preauth]
May  6 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5318]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  6 22:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  6 22:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Failed password for root from 218.92.0.219 port 44784 ssh2
May  6 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 44784 ssh2]
May  6 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Received disconnect from 218.92.0.219 port 44784:11:  [preauth]
May  6 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Disconnected from 218.92.0.219 port 44784 [preauth]
May  6 22:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  6 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user p13x
May  6 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: Successful su for rubyman by root
May  6 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: + ??? root:rubyman
May  6 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342963 of user rubyman.
May  6 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5484]: pam_unix(su:session): session closed for user rubyman
May  6 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342963.
May  6 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session closed for user root
May  6 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user samftp
May  6 22:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 22:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: Failed password for root from 212.227.230.32 port 35532 ssh2
May  6 22:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: Received disconnect from 212.227.230.32 port 35532:11: Bye Bye [preauth]
May  6 22:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: Disconnected from 212.227.230.32 port 35532 [preauth]
May  6 22:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 22:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Connection reset by 218.92.0.205 port 65288 [preauth]
May  6 22:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Failed password for root from 151.95.9.145 port 48968 ssh2
May  6 22:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Received disconnect from 151.95.9.145 port 48968:11: Bye Bye [preauth]
May  6 22:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5787]: Disconnected from 151.95.9.145 port 48968 [preauth]
May  6 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user root
May  6 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5963]: pam_unix(cron:session): session closed for user p13x
May  6 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: Successful su for rubyman by root
May  6 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: + ??? root:rubyman
May  6 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342969 of user rubyman.
May  6 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6041]: pam_unix(su:session): session closed for user rubyman
May  6 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342969.
May  6 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2880]: pam_unix(cron:session): session closed for user root
May  6 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Connection reset by 218.92.0.219 port 22458 [preauth]
May  6 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5964]: pam_unix(cron:session): session closed for user samftp
May  6 22:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Invalid user user3 from 91.107.164.250
May  6 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: input_userauth_request: invalid user user3 [preauth]
May  6 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Failed password for invalid user user3 from 91.107.164.250 port 40356 ssh2
May  6 22:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Received disconnect from 91.107.164.250 port 40356:11: Bye Bye [preauth]
May  6 22:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6240]: Disconnected from 91.107.164.250 port 40356 [preauth]
May  6 22:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207  user=root
May  6 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Failed password for root from 196.250.208.207 port 39440 ssh2
May  6 22:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Received disconnect from 196.250.208.207 port 39440:11: Bye Bye [preauth]
May  6 22:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Disconnected from 196.250.208.207 port 39440 [preauth]
May  6 22:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4789]: pam_unix(cron:session): session closed for user root
May  6 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Invalid user test from 57.128.190.44
May  6 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: input_userauth_request: invalid user test [preauth]
May  6 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 22:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Failed password for invalid user test from 57.128.190.44 port 48796 ssh2
May  6 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Received disconnect from 57.128.190.44 port 48796:11: Bye Bye [preauth]
May  6 22:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Disconnected from 57.128.190.44 port 48796 [preauth]
May  6 22:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Invalid user hp from 85.208.253.189
May  6 22:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: input_userauth_request: invalid user hp [preauth]
May  6 22:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Failed password for invalid user hp from 85.208.253.189 port 53146 ssh2
May  6 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Received disconnect from 85.208.253.189 port 53146:11: Bye Bye [preauth]
May  6 22:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Disconnected from 85.208.253.189 port 53146 [preauth]
May  6 22:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for root from 185.193.89.77 port 45328 ssh2
May  6 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session closed for user p13x
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Received disconnect from 185.193.89.77 port 45328:11: Bye Bye [preauth]
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Disconnected from 185.193.89.77 port 45328 [preauth]
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: Successful su for rubyman by root
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: + ??? root:rubyman
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342972 of user rubyman.
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: pam_unix(su:session): session closed for user rubyman
May  6 22:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342972.
May  6 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user root
May  6 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user samftp
May  6 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Invalid user axway from 72.167.140.185
May  6 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: input_userauth_request: invalid user axway [preauth]
May  6 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Failed password for invalid user axway from 72.167.140.185 port 44728 ssh2
May  6 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Received disconnect from 72.167.140.185 port 44728:11: Bye Bye [preauth]
May  6 22:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6664]: Disconnected from 72.167.140.185 port 44728 [preauth]
May  6 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Failed password for root from 189.165.102.111 port 50860 ssh2
May  6 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Received disconnect from 189.165.102.111 port 50860:11: Bye Bye [preauth]
May  6 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6697]: Disconnected from 189.165.102.111 port 50860 [preauth]
May  6 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session closed for user root
May  6 22:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Invalid user haichao from 14.103.111.16
May  6 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: input_userauth_request: invalid user haichao [preauth]
May  6 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Failed password for invalid user haichao from 14.103.111.16 port 59572 ssh2
May  6 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Received disconnect from 14.103.111.16 port 59572:11: Bye Bye [preauth]
May  6 22:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6793]: Disconnected from 14.103.111.16 port 59572 [preauth]
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session closed for user root
May  6 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session closed for user p13x
May  6 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: Successful su for rubyman by root
May  6 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: + ??? root:rubyman
May  6 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342978 of user rubyman.
May  6 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: pam_unix(su:session): session closed for user rubyman
May  6 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342978.
May  6 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6814]: pam_unix(cron:session): session closed for user root
May  6 22:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session closed for user root
May  6 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session closed for user samftp
May  6 22:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7275]: Did not receive identification string from 87.236.176.234
May  6 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session closed for user root
May  6 22:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7277]: Connection closed by 87.236.176.234 port 36991 [preauth]
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session closed for user p13x
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7416]: Successful su for rubyman by root
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7416]: + ??? root:rubyman
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342981 of user rubyman.
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7416]: pam_unix(su:session): session closed for user rubyman
May  6 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342981.
May  6 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user root
May  6 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session closed for user samftp
May  6 22:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  6 22:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Failed password for root from 218.92.0.231 port 52268 ssh2
May  6 22:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 52268 ssh2]
May  6 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Received disconnect from 218.92.0.231 port 52268:11:  [preauth]
May  6 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: Disconnected from 218.92.0.231 port 52268 [preauth]
May  6 22:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7734]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  6 22:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Invalid user tqc from 41.80.35.45
May  6 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: input_userauth_request: invalid user tqc [preauth]
May  6 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Failed password for invalid user tqc from 41.80.35.45 port 58816 ssh2
May  6 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Received disconnect from 41.80.35.45 port 58816:11: Bye Bye [preauth]
May  6 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Disconnected from 41.80.35.45 port 58816 [preauth]
May  6 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user root
May  6 22:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32  user=root
May  6 22:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for root from 212.227.230.32 port 50928 ssh2
May  6 22:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Received disconnect from 212.227.230.32 port 50928:11: Bye Bye [preauth]
May  6 22:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Disconnected from 212.227.230.32 port 50928 [preauth]
May  6 22:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Invalid user myuser from 91.107.164.250
May  6 22:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: input_userauth_request: invalid user myuser [preauth]
May  6 22:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Failed password for invalid user myuser from 91.107.164.250 port 48136 ssh2
May  6 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Received disconnect from 91.107.164.250 port 48136:11: Bye Bye [preauth]
May  6 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7882]: Disconnected from 91.107.164.250 port 48136 [preauth]
May  6 22:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7895]: pam_unix(cron:session): session closed for user p13x
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: Invalid user axway from 151.95.9.145
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: input_userauth_request: invalid user axway [preauth]
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145
May  6 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: Successful su for rubyman by root
May  6 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: + ??? root:rubyman
May  6 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342986 of user rubyman.
May  6 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: pam_unix(su:session): session closed for user rubyman
May  6 22:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342986.
May  6 22:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4788]: pam_unix(cron:session): session closed for user root
May  6 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: Failed password for invalid user axway from 151.95.9.145 port 60400 ssh2
May  6 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: Received disconnect from 151.95.9.145 port 60400:11: Bye Bye [preauth]
May  6 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7884]: Disconnected from 151.95.9.145 port 60400 [preauth]
May  6 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7896]: pam_unix(cron:session): session closed for user samftp
May  6 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session closed for user root
May  6 22:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for root from 57.128.190.44 port 60234 ssh2
May  6 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Received disconnect from 57.128.190.44 port 60234:11: Bye Bye [preauth]
May  6 22:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Disconnected from 57.128.190.44 port 60234 [preauth]
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user p13x
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: Successful su for rubyman by root
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: + ??? root:rubyman
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342989 of user rubyman.
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8385]: pam_unix(su:session): session closed for user rubyman
May  6 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342989.
May  6 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user root
May  6 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user samftp
May  6 22:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: Invalid user dd from 85.208.253.189
May  6 22:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: input_userauth_request: invalid user dd [preauth]
May  6 22:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: Failed password for invalid user dd from 85.208.253.189 port 51946 ssh2
May  6 22:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: Received disconnect from 85.208.253.189 port 51946:11: Bye Bye [preauth]
May  6 22:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8640]: Disconnected from 85.208.253.189 port 51946 [preauth]
May  6 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session closed for user root
May  6 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Invalid user lchang from 185.193.89.77
May  6 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: input_userauth_request: invalid user lchang [preauth]
May  6 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 22:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Failed password for invalid user lchang from 185.193.89.77 port 46264 ssh2
May  6 22:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Received disconnect from 185.193.89.77 port 46264:11: Bye Bye [preauth]
May  6 22:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Disconnected from 185.193.89.77 port 46264 [preauth]
May  6 22:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Invalid user jakob from 72.167.140.185
May  6 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: input_userauth_request: invalid user jakob [preauth]
May  6 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.167.140.185
May  6 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Failed password for invalid user jakob from 72.167.140.185 port 34462 ssh2
May  6 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Received disconnect from 72.167.140.185 port 34462:11: Bye Bye [preauth]
May  6 22:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8734]: Disconnected from 72.167.140.185 port 34462 [preauth]
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8755]: pam_unix(cron:session): session closed for user p13x
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: Successful su for rubyman by root
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: + ??? root:rubyman
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 342993 of user rubyman.
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8815]: pam_unix(su:session): session closed for user rubyman
May  6 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 342993.
May  6 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5966]: pam_unix(cron:session): session closed for user root
May  6 22:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8756]: pam_unix(cron:session): session closed for user samftp
May  6 22:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Invalid user moein from 14.103.111.16
May  6 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: input_userauth_request: invalid user moein [preauth]
May  6 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Failed password for invalid user moein from 14.103.111.16 port 35984 ssh2
May  6 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Received disconnect from 14.103.111.16 port 35984:11: Bye Bye [preauth]
May  6 22:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Disconnected from 14.103.111.16 port 35984 [preauth]
May  6 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session closed for user root
May  6 22:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Failed password for root from 189.165.102.111 port 59492 ssh2
May  6 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Received disconnect from 189.165.102.111 port 59492:11: Bye Bye [preauth]
May  6 22:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9108]: Disconnected from 189.165.102.111 port 59492 [preauth]
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9257]: pam_unix(cron:session): session closed for user root
May  6 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9251]: pam_unix(cron:session): session closed for user p13x
May  6 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: Successful su for rubyman by root
May  6 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: + ??? root:rubyman
May  6 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343001 of user rubyman.
May  6 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9361]: pam_unix(su:session): session closed for user rubyman
May  6 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343001.
May  6 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Invalid user node-root from 196.250.208.207
May  6 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: input_userauth_request: invalid user node-root [preauth]
May  6 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9254]: pam_unix(cron:session): session closed for user root
May  6 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user root
May  6 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Failed password for invalid user node-root from 196.250.208.207 port 47904 ssh2
May  6 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Received disconnect from 196.250.208.207 port 47904:11: Bye Bye [preauth]
May  6 22:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9248]: Disconnected from 196.250.208.207 port 47904 [preauth]
May  6 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9252]: pam_unix(cron:session): session closed for user samftp
May  6 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user root
May  6 22:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Invalid user mary from 91.107.164.250
May  6 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: input_userauth_request: invalid user mary [preauth]
May  6 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Failed password for invalid user mary from 91.107.164.250 port 60884 ssh2
May  6 22:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Received disconnect from 91.107.164.250 port 60884:11: Bye Bye [preauth]
May  6 22:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9701]: Disconnected from 91.107.164.250 port 60884 [preauth]
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session closed for user p13x
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9795]: Successful su for rubyman by root
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9795]: + ??? root:rubyman
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343003 of user rubyman.
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9795]: pam_unix(su:session): session closed for user rubyman
May  6 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343003.
May  6 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6815]: pam_unix(cron:session): session closed for user root
May  6 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session closed for user samftp
May  6 22:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8758]: pam_unix(cron:session): session closed for user root
May  6 22:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.95.9.145  user=root
May  6 22:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Failed password for root from 151.95.9.145 port 46024 ssh2
May  6 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Received disconnect from 151.95.9.145 port 46024:11: Bye Bye [preauth]
May  6 22:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Disconnected from 151.95.9.145 port 46024 [preauth]
May  6 22:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Invalid user username from 212.227.230.32
May  6 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: input_userauth_request: invalid user username [preauth]
May  6 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.227.230.32
May  6 22:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for invalid user username from 212.227.230.32 port 33486 ssh2
May  6 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Received disconnect from 212.227.230.32 port 33486:11: Bye Bye [preauth]
May  6 22:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Disconnected from 212.227.230.32 port 33486 [preauth]
May  6 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10132]: pam_unix(cron:session): session closed for user p13x
May  6 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: Successful su for rubyman by root
May  6 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: + ??? root:rubyman
May  6 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343009 of user rubyman.
May  6 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10190]: pam_unix(su:session): session closed for user rubyman
May  6 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343009.
May  6 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session closed for user root
May  6 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user samftp
May  6 22:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Failed password for root from 57.128.190.44 port 39384 ssh2
May  6 22:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Received disconnect from 57.128.190.44 port 39384:11: Bye Bye [preauth]
May  6 22:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10535]: Disconnected from 57.128.190.44 port 39384 [preauth]
May  6 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9256]: pam_unix(cron:session): session closed for user root
May  6 22:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Invalid user test from 41.80.35.45
May  6 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: input_userauth_request: invalid user test [preauth]
May  6 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Failed password for invalid user test from 41.80.35.45 port 37070 ssh2
May  6 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Received disconnect from 41.80.35.45 port 37070:11: Bye Bye [preauth]
May  6 22:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Disconnected from 41.80.35.45 port 37070 [preauth]
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10661]: pam_unix(cron:session): session closed for user p13x
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: Successful su for rubyman by root
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: + ??? root:rubyman
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343013 of user rubyman.
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: pam_unix(su:session): session closed for user rubyman
May  6 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343013.
May  6 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7897]: pam_unix(cron:session): session closed for user root
May  6 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10670]: pam_unix(cron:session): session closed for user samftp
May  6 22:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Failed password for root from 85.208.253.189 port 42324 ssh2
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Received disconnect from 85.208.253.189 port 42324:11: Bye Bye [preauth]
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10978]: Disconnected from 85.208.253.189 port 42324 [preauth]
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: Invalid user wireguard from 185.193.89.77
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: input_userauth_request: invalid user wireguard [preauth]
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: Failed password for invalid user wireguard from 185.193.89.77 port 40848 ssh2
May  6 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: Received disconnect from 185.193.89.77 port 40848:11: Bye Bye [preauth]
May  6 22:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11000]: Disconnected from 185.193.89.77 port 40848 [preauth]
May  6 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session closed for user root
May  6 22:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Invalid user luka from 14.103.111.16
May  6 22:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: input_userauth_request: invalid user luka [preauth]
May  6 22:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Failed password for invalid user luka from 14.103.111.16 port 50736 ssh2
May  6 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Received disconnect from 14.103.111.16 port 50736:11: Bye Bye [preauth]
May  6 22:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11084]: Disconnected from 14.103.111.16 port 50736 [preauth]
May  6 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11096]: pam_unix(cron:session): session closed for user p13x
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: Successful su for rubyman by root
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: + ??? root:rubyman
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343016 of user rubyman.
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11219]: pam_unix(su:session): session closed for user rubyman
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343016.
May  6 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11094]: pam_unix(cron:session): session closed for user root
May  6 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user root
May  6 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11097]: pam_unix(cron:session): session closed for user samftp
May  6 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session closed for user root
May  6 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 22:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111  user=root
May  6 22:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Failed password for root from 91.107.164.250 port 47012 ssh2
May  6 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Received disconnect from 91.107.164.250 port 47012:11: Bye Bye [preauth]
May  6 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11564]: Disconnected from 91.107.164.250 port 47012 [preauth]
May  6 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for root from 189.165.102.111 port 39890 ssh2
May  6 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Received disconnect from 189.165.102.111 port 39890:11: Bye Bye [preauth]
May  6 22:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Disconnected from 189.165.102.111 port 39890 [preauth]
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11599]: pam_unix(cron:session): session closed for user root
May  6 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user p13x
May  6 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11661]: Successful su for rubyman by root
May  6 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11661]: + ??? root:rubyman
May  6 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343023 of user rubyman.
May  6 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11661]: pam_unix(su:session): session closed for user rubyman
May  6 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343023.
May  6 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session closed for user root
May  6 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8757]: pam_unix(cron:session): session closed for user root
May  6 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user samftp
May  6 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session closed for user root
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session closed for user p13x
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12072]: Successful su for rubyman by root
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12072]: + ??? root:rubyman
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343028 of user rubyman.
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12072]: pam_unix(su:session): session closed for user rubyman
May  6 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343028.
May  6 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9255]: pam_unix(cron:session): session closed for user root
May  6 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session closed for user samftp
May  6 22:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Invalid user git from 196.250.208.207
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: input_userauth_request: invalid user git [preauth]
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.250.208.207
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11099]: pam_unix(cron:session): session closed for user root
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Invalid user jiayu from 50.235.31.47
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: input_userauth_request: invalid user jiayu [preauth]
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Failed password for invalid user git from 196.250.208.207 port 56368 ssh2
May  6 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Received disconnect from 196.250.208.207 port 56368:11: Bye Bye [preauth]
May  6 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12337]: Disconnected from 196.250.208.207 port 56368 [preauth]
May  6 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Failed password for invalid user jiayu from 50.235.31.47 port 42288 ssh2
May  6 22:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Connection closed by 50.235.31.47 port 42288 [preauth]
May  6 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Invalid user edvaldo from 46.244.96.25
May  6 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: input_userauth_request: invalid user edvaldo [preauth]
May  6 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 22:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Failed password for invalid user edvaldo from 46.244.96.25 port 55742 ssh2
May  6 22:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12392]: Connection closed by 46.244.96.25 port 55742 [preauth]
May  6 22:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Invalid user ftpuser from 57.128.190.44
May  6 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: input_userauth_request: invalid user ftpuser [preauth]
May  6 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Failed password for invalid user ftpuser from 57.128.190.44 port 54594 ssh2
May  6 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Received disconnect from 57.128.190.44 port 54594:11: Bye Bye [preauth]
May  6 22:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Disconnected from 57.128.190.44 port 54594 [preauth]
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12423]: pam_unix(cron:session): session closed for user p13x
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12481]: Successful su for rubyman by root
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12481]: + ??? root:rubyman
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343031 of user rubyman.
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12481]: pam_unix(su:session): session closed for user rubyman
May  6 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343031.
May  6 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session closed for user root
May  6 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session closed for user samftp
May  6 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11598]: pam_unix(cron:session): session closed for user root
May  6 22:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session closed for user p13x
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12873]: Successful su for rubyman by root
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12873]: + ??? root:rubyman
May  6 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343035 of user rubyman.
May  6 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12873]: pam_unix(su:session): session closed for user rubyman
May  6 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343035.
May  6 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session closed for user root
May  6 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12815]: pam_unix(cron:session): session closed for user samftp
May  6 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Failed password for root from 185.193.89.77 port 59210 ssh2
May  6 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Received disconnect from 185.193.89.77 port 59210:11: Bye Bye [preauth]
May  6 22:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Disconnected from 185.193.89.77 port 59210 [preauth]
May  6 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Invalid user mahmoud from 14.103.111.16
May  6 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: input_userauth_request: invalid user mahmoud [preauth]
May  6 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Failed password for invalid user mahmoud from 14.103.111.16 port 42518 ssh2
May  6 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Received disconnect from 14.103.111.16 port 42518:11: Bye Bye [preauth]
May  6 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13084]: Disconnected from 14.103.111.16 port 42518 [preauth]
May  6 22:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 22:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Failed password for root from 85.208.253.189 port 52600 ssh2
May  6 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Received disconnect from 85.208.253.189 port 52600:11: Bye Bye [preauth]
May  6 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13094]: Disconnected from 85.208.253.189 port 52600 [preauth]
May  6 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session closed for user root
May  6 22:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Invalid user sftp from 41.80.35.45
May  6 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: input_userauth_request: invalid user sftp [preauth]
May  6 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Failed password for invalid user sftp from 41.80.35.45 port 60648 ssh2
May  6 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Received disconnect from 41.80.35.45 port 60648:11: Bye Bye [preauth]
May  6 22:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13153]: Disconnected from 41.80.35.45 port 60648 [preauth]
May  6 22:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Failed password for root from 91.107.164.250 port 60838 ssh2
May  6 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Received disconnect from 91.107.164.250 port 60838:11: Bye Bye [preauth]
May  6 22:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13183]: Disconnected from 91.107.164.250 port 60838 [preauth]
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13214]: pam_unix(cron:session): session closed for user p13x
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: Successful su for rubyman by root
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: + ??? root:rubyman
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343038 of user rubyman.
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: pam_unix(su:session): session closed for user rubyman
May  6 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343038.
May  6 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session closed for user root
May  6 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13215]: pam_unix(cron:session): session closed for user samftp
May  6 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user root
May  6 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Invalid user axway from 189.165.102.111
May  6 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: input_userauth_request: invalid user axway [preauth]
May  6 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.165.102.111
May  6 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Failed password for invalid user axway from 189.165.102.111 port 48520 ssh2
May  6 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Received disconnect from 189.165.102.111 port 48520:11: Bye Bye [preauth]
May  6 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13706]: Disconnected from 189.165.102.111 port 48520 [preauth]
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session closed for user root
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13717]: pam_unix(cron:session): session closed for user p13x
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: Successful su for rubyman by root
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: + ??? root:rubyman
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343046 of user rubyman.
May  6 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13790]: pam_unix(su:session): session closed for user rubyman
May  6 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343046.
May  6 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session closed for user root
May  6 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11098]: pam_unix(cron:session): session closed for user root
May  6 22:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session closed for user samftp
May  6 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session closed for user root
May  6 22:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session closed for user p13x
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: Successful su for rubyman by root
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: + ??? root:rubyman
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343049 of user rubyman.
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14217]: pam_unix(su:session): session closed for user rubyman
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343049.
May  6 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for root from 218.92.0.228 port 52196 ssh2
May  6 22:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for root from 218.92.0.228 port 52196 ssh2
May  6 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session closed for user root
May  6 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14150]: pam_unix(cron:session): session closed for user samftp
May  6 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for root from 218.92.0.228 port 52196 ssh2
May  6 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Received disconnect from 218.92.0.228 port 52196:11:  [preauth]
May  6 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Disconnected from 218.92.0.228 port 52196 [preauth]
May  6 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  6 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  6 22:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 218.92.0.228 port 10506 ssh2
May  6 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 10506 ssh2]
May  6 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Received disconnect from 218.92.0.228 port 10506:11:  [preauth]
May  6 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Disconnected from 218.92.0.228 port 10506 [preauth]
May  6 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  6 22:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  6 22:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Failed password for root from 218.92.0.228 port 11474 ssh2
May  6 22:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Invalid user ubuntu from 57.128.190.44
May  6 22:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: input_userauth_request: invalid user ubuntu [preauth]
May  6 22:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44
May  6 22:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Failed password for root from 218.92.0.228 port 11474 ssh2
May  6 22:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Failed password for invalid user ubuntu from 57.128.190.44 port 49002 ssh2
May  6 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Received disconnect from 57.128.190.44 port 49002:11: Bye Bye [preauth]
May  6 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14436]: Disconnected from 57.128.190.44 port 49002 [preauth]
May  6 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Failed password for root from 218.92.0.228 port 11474 ssh2
May  6 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Received disconnect from 218.92.0.228 port 11474:11:  [preauth]
May  6 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: Disconnected from 218.92.0.228 port 11474 [preauth]
May  6 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14434]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  6 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13217]: pam_unix(cron:session): session closed for user root
May  6 22:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14562]: pam_unix(cron:session): session closed for user p13x
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: Successful su for rubyman by root
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: + ??? root:rubyman
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343053 of user rubyman.
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14635]: pam_unix(su:session): session closed for user rubyman
May  6 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343053.
May  6 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session closed for user root
May  6 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14563]: pam_unix(cron:session): session closed for user samftp
May  6 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Invalid user admin from 80.94.95.241
May  6 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: input_userauth_request: invalid user admin [preauth]
May  6 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Failed password for invalid user admin from 80.94.95.241 port 59215 ssh2
May  6 22:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Failed password for invalid user admin from 80.94.95.241 port 59215 ssh2
May  6 22:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Failed password for invalid user admin from 80.94.95.241 port 59215 ssh2
May  6 22:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Failed password for invalid user admin from 80.94.95.241 port 59215 ssh2
May  6 22:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Failed password for invalid user admin from 80.94.95.241 port 59215 ssh2
May  6 22:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Received disconnect from 80.94.95.241 port 59215:11: Bye [preauth]
May  6 22:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: Disconnected from 80.94.95.241 port 59215 [preauth]
May  6 22:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 22:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14805]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session closed for user root
May  6 22:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Invalid user daf from 185.193.89.77
May  6 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: input_userauth_request: invalid user daf [preauth]
May  6 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Failed password for invalid user daf from 185.193.89.77 port 51360 ssh2
May  6 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Received disconnect from 185.193.89.77 port 51360:11: Bye Bye [preauth]
May  6 22:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: Disconnected from 185.193.89.77 port 51360 [preauth]
May  6 22:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Invalid user liu from 14.103.111.16
May  6 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: input_userauth_request: invalid user liu [preauth]
May  6 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Failed password for invalid user liu from 14.103.111.16 port 48536 ssh2
May  6 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Received disconnect from 14.103.111.16 port 48536:11: Bye Bye [preauth]
May  6 22:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14965]: Disconnected from 14.103.111.16 port 48536 [preauth]
May  6 22:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Invalid user ftpuser from 91.107.164.250
May  6 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: input_userauth_request: invalid user ftpuser [preauth]
May  6 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250
May  6 22:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Failed password for invalid user ftpuser from 91.107.164.250 port 34270 ssh2
May  6 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Received disconnect from 91.107.164.250 port 34270:11: Bye Bye [preauth]
May  6 22:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14978]: Disconnected from 91.107.164.250 port 34270 [preauth]
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session closed for user p13x
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: Successful su for rubyman by root
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: + ??? root:rubyman
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343056 of user rubyman.
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session closed for user rubyman
May  6 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343056.
May  6 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user root
May  6 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14991]: pam_unix(cron:session): session closed for user samftp
May  6 22:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: Invalid user dev from 85.208.253.189
May  6 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: input_userauth_request: invalid user dev [preauth]
May  6 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: Failed password for invalid user dev from 85.208.253.189 port 49044 ssh2
May  6 22:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: Received disconnect from 85.208.253.189 port 49044:11: Bye Bye [preauth]
May  6 22:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15237]: Disconnected from 85.208.253.189 port 49044 [preauth]
May  6 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14152]: pam_unix(cron:session): session closed for user root
May  6 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15377]: pam_unix(cron:session): session closed for user p13x
May  6 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15436]: Successful su for rubyman by root
May  6 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15436]: + ??? root:rubyman
May  6 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343062 of user rubyman.
May  6 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15436]: pam_unix(su:session): session closed for user rubyman
May  6 22:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343062.
May  6 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session closed for user root
May  6 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15378]: pam_unix(cron:session): session closed for user samftp
May  6 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14565]: pam_unix(cron:session): session closed for user root
May  6 22:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Invalid user vitor from 41.80.35.45
May  6 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: input_userauth_request: invalid user vitor [preauth]
May  6 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Failed password for invalid user vitor from 41.80.35.45 port 40244 ssh2
May  6 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Received disconnect from 41.80.35.45 port 40244:11: Bye Bye [preauth]
May  6 22:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15725]: Disconnected from 41.80.35.45 port 40244 [preauth]
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session closed for user root
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15767]: pam_unix(cron:session): session closed for user p13x
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15838]: Successful su for rubyman by root
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15838]: + ??? root:rubyman
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15838]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343064 of user rubyman.
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15838]: pam_unix(su:session): session closed for user rubyman
May  6 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343064.
May  6 22:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15769]: pam_unix(cron:session): session closed for user root
May  6 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13216]: pam_unix(cron:session): session closed for user root
May  6 22:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15768]: pam_unix(cron:session): session closed for user samftp
May  6 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user root
May  6 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Failed password for root from 57.128.190.44 port 59210 ssh2
May  6 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Received disconnect from 57.128.190.44 port 59210:11: Bye Bye [preauth]
May  6 22:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16146]: Disconnected from 57.128.190.44 port 59210 [preauth]
May  6 22:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15926]: Connection reset by 218.92.0.217 port 23276 [preauth]
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16188]: pam_unix(cron:session): session closed for user p13x
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16254]: Successful su for rubyman by root
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16254]: + ??? root:rubyman
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343070 of user rubyman.
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16254]: pam_unix(su:session): session closed for user rubyman
May  6 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343070.
May  6 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user root
May  6 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16189]: pam_unix(cron:session): session closed for user samftp
May  6 22:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15380]: pam_unix(cron:session): session closed for user root
May  6 22:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.107.164.250  user=root
May  6 22:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Failed password for root from 91.107.164.250 port 55164 ssh2
May  6 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Received disconnect from 91.107.164.250 port 55164:11: Bye Bye [preauth]
May  6 22:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Disconnected from 91.107.164.250 port 55164 [preauth]
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16644]: pam_unix(cron:session): session closed for user p13x
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16706]: Successful su for rubyman by root
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16706]: + ??? root:rubyman
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343074 of user rubyman.
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16706]: pam_unix(su:session): session closed for user rubyman
May  6 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343074.
May  6 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14151]: pam_unix(cron:session): session closed for user root
May  6 22:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16647]: pam_unix(cron:session): session closed for user samftp
May  6 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Failed password for root from 185.193.89.77 port 59142 ssh2
May  6 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Received disconnect from 185.193.89.77 port 59142:11: Bye Bye [preauth]
May  6 22:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Disconnected from 185.193.89.77 port 59142 [preauth]
May  6 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Invalid user user002 from 14.103.111.16
May  6 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: input_userauth_request: invalid user user002 [preauth]
May  6 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.111.16
May  6 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session closed for user root
May  6 22:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Failed password for invalid user user002 from 14.103.111.16 port 58336 ssh2
May  6 22:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Received disconnect from 14.103.111.16 port 58336:11: Bye Bye [preauth]
May  6 22:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16984]: Disconnected from 14.103.111.16 port 58336 [preauth]
May  6 22:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Invalid user sandy from 85.208.253.189
May  6 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: input_userauth_request: invalid user sandy [preauth]
May  6 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17074]: pam_unix(cron:session): session closed for user p13x
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: Successful su for rubyman by root
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: + ??? root:rubyman
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343080 of user rubyman.
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17138]: pam_unix(su:session): session closed for user rubyman
May  6 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343080.
May  6 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Failed password for invalid user sandy from 85.208.253.189 port 56842 ssh2
May  6 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Received disconnect from 85.208.253.189 port 56842:11: Bye Bye [preauth]
May  6 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Disconnected from 85.208.253.189 port 56842 [preauth]
May  6 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14564]: pam_unix(cron:session): session closed for user root
May  6 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17075]: pam_unix(cron:session): session closed for user samftp
May  6 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16191]: pam_unix(cron:session): session closed for user root
May  6 22:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  6 22:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Failed password for root from 164.68.105.9 port 57080 ssh2
May  6 22:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17423]: Connection closed by 164.68.105.9 port 57080 [preauth]
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17474]: pam_unix(cron:session): session closed for user p13x
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: Successful su for rubyman by root
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: + ??? root:rubyman
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343083 of user rubyman.
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17546]: pam_unix(su:session): session closed for user rubyman
May  6 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343083.
May  6 22:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14992]: pam_unix(cron:session): session closed for user root
May  6 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17478]: pam_unix(cron:session): session closed for user samftp
May  6 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Invalid user ubnt from 80.94.95.125
May  6 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: input_userauth_request: invalid user ubnt [preauth]
May  6 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for invalid user ubnt from 80.94.95.125 port 53004 ssh2
May  6 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16649]: pam_unix(cron:session): session closed for user root
May  6 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for invalid user ubnt from 80.94.95.125 port 53004 ssh2
May  6 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for invalid user ubnt from 80.94.95.125 port 53004 ssh2
May  6 22:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for invalid user ubnt from 80.94.95.125 port 53004 ssh2
May  6 22:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Failed password for invalid user ubnt from 80.94.95.125 port 53004 ssh2
May  6 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Received disconnect from 80.94.95.125 port 53004:11: Bye [preauth]
May  6 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: Disconnected from 80.94.95.125 port 53004 [preauth]
May  6 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 22:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17904]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session closed for user root
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session closed for user p13x
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: Successful su for rubyman by root
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: + ??? root:rubyman
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343089 of user rubyman.
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18085]: pam_unix(su:session): session closed for user rubyman
May  6 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343089.
May  6 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session closed for user root
May  6 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15379]: pam_unix(cron:session): session closed for user root
May  6 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18002]: pam_unix(cron:session): session closed for user samftp
May  6 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Failed password for root from 57.128.190.44 port 39124 ssh2
May  6 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Received disconnect from 57.128.190.44 port 39124:11: Bye Bye [preauth]
May  6 22:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Disconnected from 57.128.190.44 port 39124 [preauth]
May  6 22:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17077]: pam_unix(cron:session): session closed for user root
May  6 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Invalid user docker from 41.80.35.45
May  6 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: input_userauth_request: invalid user docker [preauth]
May  6 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.80.35.45
May  6 22:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for invalid user docker from 41.80.35.45 port 32840 ssh2
May  6 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Received disconnect from 41.80.35.45 port 32840:11: Bye Bye [preauth]
May  6 22:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Disconnected from 41.80.35.45 port 32840 [preauth]
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session closed for user p13x
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18533]: Successful su for rubyman by root
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18533]: + ??? root:rubyman
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343094 of user rubyman.
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18533]: pam_unix(su:session): session closed for user rubyman
May  6 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343094.
May  6 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session closed for user root
May  6 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18466]: pam_unix(cron:session): session closed for user samftp
May  6 22:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Invalid user admin from 194.0.234.19
May  6 22:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: input_userauth_request: invalid user admin [preauth]
May  6 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Failed password for invalid user admin from 194.0.234.19 port 20452 ssh2
May  6 22:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18739]: Connection closed by 194.0.234.19 port 20452 [preauth]
May  6 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session closed for user root
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18877]: pam_unix(cron:session): session closed for user p13x
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18939]: Successful su for rubyman by root
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18939]: + ??? root:rubyman
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343098 of user rubyman.
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18939]: pam_unix(su:session): session closed for user rubyman
May  6 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343098.
May  6 22:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16190]: pam_unix(cron:session): session closed for user root
May  6 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Failed password for root from 185.193.89.77 port 46174 ssh2
May  6 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Received disconnect from 185.193.89.77 port 46174:11: Bye Bye [preauth]
May  6 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18959]: Disconnected from 185.193.89.77 port 46174 [preauth]
May  6 22:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18878]: pam_unix(cron:session): session closed for user samftp
May  6 22:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Failed password for root from 218.92.0.179 port 42761 ssh2
May  6 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42761 ssh2]
May  6 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Received disconnect from 218.92.0.179 port 42761:11:  [preauth]
May  6 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: Disconnected from 218.92.0.179 port 42761 [preauth]
May  6 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19137]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18005]: pam_unix(cron:session): session closed for user root
May  6 22:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Invalid user ftpuser from 85.208.253.189
May  6 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: input_userauth_request: invalid user ftpuser [preauth]
May  6 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: pam_unix(sshd:auth): check pass; user unknown
May  6 22:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Failed password for invalid user ftpuser from 85.208.253.189 port 46470 ssh2
May  6 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Received disconnect from 85.208.253.189 port 46470:11: Bye Bye [preauth]
May  6 22:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19278]: Disconnected from 85.208.253.189 port 46470 [preauth]
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19290]: pam_unix(cron:session): session closed for user p13x
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19353]: Successful su for rubyman by root
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19353]: + ??? root:rubyman
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343101 of user rubyman.
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19353]: pam_unix(su:session): session closed for user rubyman
May  6 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343101.
May  6 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16648]: pam_unix(cron:session): session closed for user root
May  6 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19291]: pam_unix(cron:session): session closed for user samftp
May  6 22:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session closed for user root
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session closed for user p13x
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: Successful su for rubyman by root
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: + ??? root:rubyman
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343107 of user rubyman.
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: pam_unix(su:session): session closed for user rubyman
May  6 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343107.
May  6 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17076]: pam_unix(cron:session): session closed for user root
May  6 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session closed for user samftp
May  6 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user root
May  6 22:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Failed password for root from 57.128.190.44 port 39870 ssh2
May  6 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Received disconnect from 57.128.190.44 port 39870:11: Bye Bye [preauth]
May  6 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20057]: Disconnected from 57.128.190.44 port 39870 [preauth]
May  6 22:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session closed for user root
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20125]: pam_unix(cron:session): session closed for user root
May  6 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user p13x
May  6 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20213]: Successful su for rubyman by root
May  6 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20213]: + ??? root:rubyman
May  6 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343112 of user rubyman.
May  6 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20213]: pam_unix(su:session): session closed for user rubyman
May  6 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343112.
May  6 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20126]: pam_unix(cron:session): session closed for user root
May  6 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17479]: pam_unix(cron:session): session closed for user root
May  6 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session closed for user samftp
May  6 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19293]: pam_unix(cron:session): session closed for user root
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20614]: pam_unix(cron:session): session closed for user p13x
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: Successful su for rubyman by root
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: + ??? root:rubyman
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343115 of user rubyman.
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: pam_unix(su:session): session closed for user rubyman
May  6 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343115.
May  6 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session closed for user root
May  6 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20615]: pam_unix(cron:session): session closed for user samftp
May  6 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session closed for user root
May  6 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 23:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Failed password for root from 185.193.89.77 port 42772 ssh2
May  6 23:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Received disconnect from 185.193.89.77 port 42772:11: Bye Bye [preauth]
May  6 23:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21011]: Disconnected from 185.193.89.77 port 42772 [preauth]
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session closed for user p13x
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21095]: Successful su for rubyman by root
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21095]: + ??? root:rubyman
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343119 of user rubyman.
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21095]: pam_unix(su:session): session closed for user rubyman
May  6 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343119.
May  6 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18467]: pam_unix(cron:session): session closed for user root
May  6 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session closed for user samftp
May  6 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20128]: pam_unix(cron:session): session closed for user root
May  6 23:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Invalid user ftpuser from 85.208.253.189
May  6 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: input_userauth_request: invalid user ftpuser [preauth]
May  6 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189
May  6 23:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Failed password for invalid user ftpuser from 85.208.253.189 port 47812 ssh2
May  6 23:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Received disconnect from 85.208.253.189 port 47812:11: Bye Bye [preauth]
May  6 23:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21456]: Disconnected from 85.208.253.189 port 47812 [preauth]
May  6 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21479]: pam_unix(cron:session): session closed for user p13x
May  6 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: Successful su for rubyman by root
May  6 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: + ??? root:rubyman
May  6 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343123 of user rubyman.
May  6 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21547]: pam_unix(su:session): session closed for user rubyman
May  6 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343123.
May  6 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18879]: pam_unix(cron:session): session closed for user root
May  6 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21481]: pam_unix(cron:session): session closed for user samftp
May  6 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session closed for user root
May  6 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  6 23:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: Failed password for root from 218.92.0.198 port 23762 ssh2
May  6 23:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 23762 ssh2]
May  6 23:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: Received disconnect from 218.92.0.198 port 23762:11:  [preauth]
May  6 23:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: Disconnected from 218.92.0.198 port 23762 [preauth]
May  6 23:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22131]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  6 23:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22205]: pam_unix(cron:session): session closed for user p13x
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22290]: Successful su for rubyman by root
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22290]: + ??? root:rubyman
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343127 of user rubyman.
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22290]: pam_unix(su:session): session closed for user rubyman
May  6 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343127.
May  6 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19292]: pam_unix(cron:session): session closed for user root
May  6 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session closed for user samftp
May  6 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  6 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Failed password for root from 57.128.190.44 port 42214 ssh2
May  6 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Received disconnect from 57.128.190.44 port 42214:11: Bye Bye [preauth]
May  6 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22436]: Disconnected from 57.128.190.44 port 42214 [preauth]
May  6 23:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: Failed password for root from 218.92.0.198 port 34028 ssh2
May  6 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 34028 ssh2]
May  6 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: Received disconnect from 218.92.0.198 port 34028:11:  [preauth]
May  6 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: Disconnected from 218.92.0.198 port 34028 [preauth]
May  6 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22469]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  6 23:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  6 23:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for root from 218.92.0.198 port 56876 ssh2
May  6 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for root from 218.92.0.198 port 56876 ssh2
May  6 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21036]: pam_unix(cron:session): session closed for user root
May  6 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Failed password for root from 218.92.0.198 port 56876 ssh2
May  6 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Received disconnect from 218.92.0.198 port 56876:11:  [preauth]
May  6 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: Disconnected from 218.92.0.198 port 56876 [preauth]
May  6 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22580]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22685]: pam_unix(cron:session): session closed for user root
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session closed for user p13x
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: Successful su for rubyman by root
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: + ??? root:rubyman
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343132 of user rubyman.
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22756]: pam_unix(su:session): session closed for user rubyman
May  6 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343132.
May  6 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session closed for user root
May  6 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session closed for user root
May  6 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session closed for user samftp
May  6 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session closed for user root
May  6 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session closed for user p13x
May  6 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: Successful su for rubyman by root
May  6 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: + ??? root:rubyman
May  6 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343140 of user rubyman.
May  6 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: pam_unix(su:session): session closed for user rubyman
May  6 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343140.
May  6 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session closed for user root
May  6 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session closed for user samftp
May  6 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session closed for user root
May  6 23:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Invalid user rush from 185.193.89.77
May  6 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: input_userauth_request: invalid user rush [preauth]
May  6 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77
May  6 23:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Failed password for invalid user rush from 185.193.89.77 port 58062 ssh2
May  6 23:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Received disconnect from 185.193.89.77 port 58062:11: Bye Bye [preauth]
May  6 23:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23625]: Disconnected from 185.193.89.77 port 58062 [preauth]
May  6 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23683]: pam_unix(cron:session): session closed for user p13x
May  6 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: Successful su for rubyman by root
May  6 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: + ??? root:rubyman
May  6 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343141 of user rubyman.
May  6 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23745]: pam_unix(su:session): session closed for user rubyman
May  6 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343141.
May  6 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20616]: pam_unix(cron:session): session closed for user root
May  6 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session closed for user samftp
May  6 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  6 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22684]: pam_unix(cron:session): session closed for user root
May  6 23:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Failed password for root from 193.70.84.184 port 36326 ssh2
May  6 23:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24112]: Connection closed by 193.70.84.184 port 36326 [preauth]
May  6 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Invalid user admin from 194.0.234.19
May  6 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: input_userauth_request: invalid user admin [preauth]
May  6 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Failed password for invalid user admin from 194.0.234.19 port 17338 ssh2
May  6 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24151]: Connection closed by 194.0.234.19 port 17338 [preauth]
May  6 23:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.253.189  user=root
May  6 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: Failed password for root from 85.208.253.189 port 52090 ssh2
May  6 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: Received disconnect from 85.208.253.189 port 52090:11: Bye Bye [preauth]
May  6 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24188]: Disconnected from 85.208.253.189 port 52090 [preauth]
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24212]: pam_unix(cron:session): session closed for user p13x
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: Successful su for rubyman by root
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: + ??? root:rubyman
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343145 of user rubyman.
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: pam_unix(su:session): session closed for user rubyman
May  6 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343145.
May  6 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session closed for user root
May  6 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24216]: pam_unix(cron:session): session closed for user samftp
May  6 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session closed for user root
May  6 23:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Failed password for root from 57.128.190.44 port 51286 ssh2
May  6 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Received disconnect from 57.128.190.44 port 51286:11: Bye Bye [preauth]
May  6 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24596]: Disconnected from 57.128.190.44 port 51286 [preauth]
May  6 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24652]: pam_unix(cron:session): session closed for user p13x
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: Successful su for rubyman by root
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: + ??? root:rubyman
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343150 of user rubyman.
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24779]: pam_unix(su:session): session closed for user rubyman
May  6 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343150.
May  6 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24649]: pam_unix(cron:session): session closed for user root
May  6 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  6 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21482]: pam_unix(cron:session): session closed for user root
May  6 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: Failed password for root from 218.92.0.103 port 25154 ssh2
May  6 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24653]: pam_unix(cron:session): session closed for user samftp
May  6 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: Failed password for root from 218.92.0.103 port 25154 ssh2
May  6 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  6 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Failed password for root from 218.92.0.221 port 49730 ssh2
May  6 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: Failed password for root from 218.92.0.103 port 25154 ssh2
May  6 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: Received disconnect from 218.92.0.103 port 25154:11:  [preauth]
May  6 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: Disconnected from 218.92.0.103 port 25154 [preauth]
May  6 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24723]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  6 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Failed password for root from 218.92.0.221 port 49730 ssh2
May  6 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Failed password for root from 218.92.0.221 port 49730 ssh2
May  6 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Received disconnect from 218.92.0.221 port 49730:11:  [preauth]
May  6 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: Disconnected from 218.92.0.221 port 49730 [preauth]
May  6 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  6 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session closed for user root
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session closed for user root
May  6 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25164]: pam_unix(cron:session): session closed for user p13x
May  6 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25231]: Successful su for rubyman by root
May  6 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25231]: + ??? root:rubyman
May  6 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343154 of user rubyman.
May  6 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25231]: pam_unix(su:session): session closed for user rubyman
May  6 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343154.
May  6 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25166]: pam_unix(cron:session): session closed for user root
May  6 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session closed for user root
May  6 23:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25165]: pam_unix(cron:session): session closed for user samftp
May  6 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24219]: pam_unix(cron:session): session closed for user root
May  6 23:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Connection closed by 172.236.228.229 port 40396 [preauth]
May  6 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Connection closed by 172.236.228.229 port 40406 [preauth]
May  6 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25608]: fatal: Unable to negotiate with 172.236.228.229 port 33380: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25627]: pam_unix(cron:session): session closed for user p13x
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: Successful su for rubyman by root
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: + ??? root:rubyman
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343160 of user rubyman.
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: pam_unix(su:session): session closed for user rubyman
May  6 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343160.
May  6 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session closed for user root
May  6 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for root from 80.94.95.29 port 25885 ssh2
May  6 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25628]: pam_unix(cron:session): session closed for user samftp
May  6 23:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for root from 80.94.95.29 port 25885 ssh2
May  6 23:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for root from 80.94.95.29 port 25885 ssh2
May  6 23:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Failed password for root from 218.92.0.179 port 63468 ssh2
May  6 23:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for root from 80.94.95.29 port 25885 ssh2
May  6 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Failed password for root from 218.92.0.179 port 63468 ssh2
May  6 23:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Failed password for root from 80.94.95.29 port 25885 ssh2
May  6 23:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Received disconnect from 80.94.95.29 port 25885:11: Bye [preauth]
May  6 23:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: Disconnected from 80.94.95.29 port 25885 [preauth]
May  6 23:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  6 23:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25759]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Failed password for root from 218.92.0.179 port 63468 ssh2
May  6 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Received disconnect from 218.92.0.179 port 63468:11:  [preauth]
May  6 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: Disconnected from 218.92.0.179 port 63468 [preauth]
May  6 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25962]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 23:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Failed password for root from 185.193.89.77 port 57728 ssh2
May  6 23:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Received disconnect from 185.193.89.77 port 57728:11: Bye Bye [preauth]
May  6 23:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Disconnected from 185.193.89.77 port 57728 [preauth]
May  6 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session closed for user root
May  6 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26118]: pam_unix(cron:session): session closed for user p13x
May  6 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26179]: Successful su for rubyman by root
May  6 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26179]: + ??? root:rubyman
May  6 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343164 of user rubyman.
May  6 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26179]: pam_unix(su:session): session closed for user rubyman
May  6 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343164.
May  6 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session closed for user root
May  6 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user samftp
May  6 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25169]: pam_unix(cron:session): session closed for user root
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26593]: pam_unix(cron:session): session closed for user p13x
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: Successful su for rubyman by root
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: + ??? root:rubyman
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343169 of user rubyman.
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26652]: pam_unix(su:session): session closed for user rubyman
May  6 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343169.
May  6 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session closed for user root
May  6 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26594]: pam_unix(cron:session): session closed for user samftp
May  6 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=57.128.190.44  user=root
May  6 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Failed password for root from 57.128.190.44 port 44910 ssh2
May  6 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Received disconnect from 57.128.190.44 port 44910:11: Bye Bye [preauth]
May  6 23:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Disconnected from 57.128.190.44 port 44910 [preauth]
May  6 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25630]: pam_unix(cron:session): session closed for user root
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user p13x
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: Successful su for rubyman by root
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: + ??? root:rubyman
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343172 of user rubyman.
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: pam_unix(su:session): session closed for user rubyman
May  6 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343172.
May  6 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24218]: pam_unix(cron:session): session closed for user root
May  6 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user samftp
May  6 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user root
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session closed for user root
May  6 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27537]: pam_unix(cron:session): session closed for user p13x
May  6 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: Successful su for rubyman by root
May  6 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: + ??? root:rubyman
May  6 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343180 of user rubyman.
May  6 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27613]: pam_unix(su:session): session closed for user rubyman
May  6 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343180.
May  6 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session closed for user root
May  6 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24654]: pam_unix(cron:session): session closed for user root
May  6 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27538]: pam_unix(cron:session): session closed for user samftp
May  6 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Failed password for root from 218.92.0.179 port 16495 ssh2
May  6 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26596]: pam_unix(cron:session): session closed for user root
May  6 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Failed password for root from 218.92.0.179 port 16495 ssh2
May  6 23:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27890]: Failed password for root from 218.92.0.179 port 16495 ssh2
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27984]: pam_unix(cron:session): session closed for user p13x
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: Successful su for rubyman by root
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: + ??? root:rubyman
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343182 of user rubyman.
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28054]: pam_unix(su:session): session closed for user rubyman
May  6 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343182.
May  6 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: Failed password for root from 185.193.89.77 port 52376 ssh2
May  6 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: Received disconnect from 185.193.89.77 port 52376:11: Bye Bye [preauth]
May  6 23:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27981]: Disconnected from 185.193.89.77 port 52376 [preauth]
May  6 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25167]: pam_unix(cron:session): session closed for user root
May  6 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27985]: pam_unix(cron:session): session closed for user samftp
May  6 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session closed for user root
May  6 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  6 23:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Failed password for root from 218.92.0.233 port 41754 ssh2
May  6 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 41754 ssh2]
May  6 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Received disconnect from 218.92.0.233 port 41754:11:  [preauth]
May  6 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Disconnected from 218.92.0.233 port 41754 [preauth]
May  6 23:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  6 23:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  6 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Failed password for root from 218.92.0.233 port 49522 ssh2
May  6 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 49522 ssh2]
May  6 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Received disconnect from 218.92.0.233 port 49522:11:  [preauth]
May  6 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Disconnected from 218.92.0.233 port 49522 [preauth]
May  6 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  6 23:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  6 23:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Failed password for root from 218.92.0.233 port 56618 ssh2
May  6 23:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 56618 ssh2]
May  6 23:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Received disconnect from 218.92.0.233 port 56618:11:  [preauth]
May  6 23:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: Disconnected from 218.92.0.233 port 56618 [preauth]
May  6 23:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28388]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28398]: pam_unix(cron:session): session closed for user root
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28400]: pam_unix(cron:session): session closed for user p13x
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28465]: Successful su for rubyman by root
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28465]: + ??? root:rubyman
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343186 of user rubyman.
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28465]: pam_unix(su:session): session closed for user rubyman
May  6 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343186.
May  6 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25629]: pam_unix(cron:session): session closed for user root
May  6 23:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28401]: pam_unix(cron:session): session closed for user samftp
May  6 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session closed for user root
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28809]: pam_unix(cron:session): session closed for user p13x
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28871]: Successful su for rubyman by root
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28871]: + ??? root:rubyman
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343193 of user rubyman.
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28871]: pam_unix(su:session): session closed for user rubyman
May  6 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343193.
May  6 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user root
May  6 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28810]: pam_unix(cron:session): session closed for user samftp
May  6 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27988]: pam_unix(cron:session): session closed for user root
May  6 23:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  6 23:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: Failed password for root from 218.92.0.217 port 51528 ssh2
May  6 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 51528 ssh2]
May  6 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: Received disconnect from 218.92.0.217 port 51528:11:  [preauth]
May  6 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: Disconnected from 218.92.0.217 port 51528 [preauth]
May  6 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29265]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user p13x
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29380]: Successful su for rubyman by root
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29380]: + ??? root:rubyman
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343195 of user rubyman.
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29380]: pam_unix(su:session): session closed for user rubyman
May  6 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343195.
May  6 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26595]: pam_unix(cron:session): session closed for user root
May  6 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user samftp
May  6 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28403]: pam_unix(cron:session): session closed for user root
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29725]: pam_unix(cron:session): session closed for user root
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29720]: pam_unix(cron:session): session closed for user p13x
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: Successful su for rubyman by root
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: + ??? root:rubyman
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343202 of user rubyman.
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29790]: pam_unix(su:session): session closed for user rubyman
May  6 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343202.
May  6 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user root
May  6 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29722]: pam_unix(cron:session): session closed for user root
May  6 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29721]: pam_unix(cron:session): session closed for user samftp
May  6 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28812]: pam_unix(cron:session): session closed for user root
May  6 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Failed password for root from 218.92.0.179 port 25357 ssh2
May  6 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 25357 ssh2]
May  6 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Received disconnect from 218.92.0.179 port 25357:11:  [preauth]
May  6 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Disconnected from 218.92.0.179 port 25357 [preauth]
May  6 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.193.89.77  user=root
May  6 23:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Failed password for root from 185.193.89.77 port 48114 ssh2
May  6 23:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Received disconnect from 185.193.89.77 port 48114:11: Bye Bye [preauth]
May  6 23:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Disconnected from 185.193.89.77 port 48114 [preauth]
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30159]: pam_unix(cron:session): session closed for user p13x
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30224]: Successful su for rubyman by root
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30224]: + ??? root:rubyman
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343205 of user rubyman.
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30224]: pam_unix(su:session): session closed for user rubyman
May  6 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343205.
May  6 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session closed for user root
May  6 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30160]: pam_unix(cron:session): session closed for user samftp
May  6 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  6 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Failed password for root from 64.227.102.153 port 34962 ssh2
May  6 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Received disconnect from 64.227.102.153 port 34962:11: Bye Bye [preauth]
May  6 23:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30440]: Disconnected from 64.227.102.153 port 34962 [preauth]
May  6 23:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29319]: pam_unix(cron:session): session closed for user root
May  6 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session closed for user p13x
May  6 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: Successful su for rubyman by root
May  6 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: + ??? root:rubyman
May  6 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343209 of user rubyman.
May  6 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: pam_unix(su:session): session closed for user rubyman
May  6 23:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343209.
May  6 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27986]: pam_unix(cron:session): session closed for user root
May  6 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30567]: pam_unix(cron:session): session closed for user samftp
May  6 23:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  6 23:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Failed password for root from 152.32.158.35 port 57066 ssh2
May  6 23:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Received disconnect from 152.32.158.35 port 57066:11: Bye Bye [preauth]
May  6 23:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Disconnected from 152.32.158.35 port 57066 [preauth]
May  6 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29724]: pam_unix(cron:session): session closed for user root
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31037]: pam_unix(cron:session): session closed for user p13x
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: Successful su for rubyman by root
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: + ??? root:rubyman
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343215 of user rubyman.
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31119]: pam_unix(su:session): session closed for user rubyman
May  6 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343215.
May  6 23:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30406]: Connection reset by 218.92.0.111 port 43858 [preauth]
May  6 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28402]: pam_unix(cron:session): session closed for user root
May  6 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31038]: pam_unix(cron:session): session closed for user samftp
May  6 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session closed for user root
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session closed for user p13x
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31526]: Successful su for rubyman by root
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31526]: + ??? root:rubyman
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343219 of user rubyman.
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31526]: pam_unix(su:session): session closed for user rubyman
May  6 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343219.
May  6 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28811]: pam_unix(cron:session): session closed for user root
May  6 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31461]: pam_unix(cron:session): session closed for user samftp
May  6 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session closed for user root
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session closed for user root
May  6 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31898]: pam_unix(cron:session): session closed for user p13x
May  6 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32082]: Successful su for rubyman by root
May  6 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32082]: + ??? root:rubyman
May  6 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343222 of user rubyman.
May  6 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 su[32082]: pam_unix(su:session): session closed for user rubyman
May  6 23:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343222.
May  6 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29318]: pam_unix(cron:session): session closed for user root
May  6 23:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31902]: pam_unix(cron:session): session closed for user root
May  6 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31901]: pam_unix(cron:session): session closed for user samftp
May  6 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session closed for user root
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32730]: pam_unix(cron:session): session closed for user p13x
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: Successful su for rubyman by root
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: + ??? root:rubyman
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343229 of user rubyman.
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[356]: pam_unix(su:session): session closed for user rubyman
May  6 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343229.
May  6 23:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29723]: pam_unix(cron:session): session closed for user root
May  6 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32731]: pam_unix(cron:session): session closed for user samftp
May  6 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31463]: pam_unix(cron:session): session closed for user root
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session closed for user p13x
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: Successful su for rubyman by root
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: + ??? root:rubyman
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343233 of user rubyman.
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: pam_unix(su:session): session closed for user rubyman
May  6 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343233.
May  6 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30161]: pam_unix(cron:session): session closed for user root
May  6 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session closed for user samftp
May  6 23:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session closed for user root
May  6 23:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1267]: pam_unix(cron:session): session closed for user p13x
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1338]: Successful su for rubyman by root
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1338]: + ??? root:rubyman
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343236 of user rubyman.
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1338]: pam_unix(su:session): session closed for user rubyman
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343236.
May  6 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for root from 218.92.0.237 port 48754 ssh2
May  6 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for root from 218.92.0.237 port 48754 ssh2
May  6 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session closed for user root
May  6 23:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session closed for user samftp
May  6 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for root from 218.92.0.237 port 48754 ssh2
May  6 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Received disconnect from 218.92.0.237 port 48754:11:  [preauth]
May  6 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Disconnected from 218.92.0.237 port 48754 [preauth]
May  6 23:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  6 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user root
May  6 23:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Invalid user ubnt from 194.0.234.19
May  6 23:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: input_userauth_request: invalid user ubnt [preauth]
May  6 23:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  6 23:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Failed password for invalid user ubnt from 194.0.234.19 port 35664 ssh2
May  6 23:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Connection closed by 194.0.234.19 port 35664 [preauth]
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1745]: pam_unix(cron:session): session closed for user p13x
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: Successful su for rubyman by root
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: + ??? root:rubyman
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343239 of user rubyman.
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1814]: pam_unix(su:session): session closed for user rubyman
May  6 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343239.
May  6 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31039]: pam_unix(cron:session): session closed for user root
May  6 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1746]: pam_unix(cron:session): session closed for user samftp
May  6 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user root
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2241]: pam_unix(cron:session): session closed for user root
May  6 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2235]: pam_unix(cron:session): session closed for user p13x
May  6 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: Successful su for rubyman by root
May  6 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: + ??? root:rubyman
May  6 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343245 of user rubyman.
May  6 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2304]: pam_unix(su:session): session closed for user rubyman
May  6 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343245.
May  6 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2237]: pam_unix(cron:session): session closed for user root
May  6 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31462]: pam_unix(cron:session): session closed for user root
May  6 23:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2236]: pam_unix(cron:session): session closed for user samftp
May  6 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  6 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Failed password for root from 64.227.102.153 port 49214 ssh2
May  6 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Received disconnect from 64.227.102.153 port 49214:11: Bye Bye [preauth]
May  6 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2577]: Disconnected from 64.227.102.153 port 49214 [preauth]
May  6 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session closed for user root
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2709]: pam_unix(cron:session): session closed for user p13x
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2779]: Successful su for rubyman by root
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2779]: + ??? root:rubyman
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343250 of user rubyman.
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2779]: pam_unix(su:session): session closed for user rubyman
May  6 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343250.
May  6 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2710]: pam_unix(cron:session): session closed for user samftp
May  6 23:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31905]: pam_unix(cron:session): session closed for user root
May  6 23:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  6 23:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Failed password for root from 46.244.96.25 port 37440 ssh2
May  6 23:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2986]: Connection closed by 46.244.96.25 port 37440 [preauth]
May  6 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1748]: pam_unix(cron:session): session closed for user root
May  6 23:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  6 23:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Failed password for root from 152.32.158.35 port 51574 ssh2
May  6 23:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Received disconnect from 152.32.158.35 port 51574:11: Bye Bye [preauth]
May  6 23:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3115]: Disconnected from 152.32.158.35 port 51574 [preauth]
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3137]: pam_unix(cron:session): session closed for user p13x
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3202]: Successful su for rubyman by root
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3202]: + ??? root:rubyman
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343253 of user rubyman.
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3202]: pam_unix(su:session): session closed for user rubyman
May  6 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343253.
May  6 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Invalid user  from 170.64.205.18
May  6 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: input_userauth_request: invalid user  [preauth]
May  6 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32734]: pam_unix(cron:session): session closed for user root
May  6 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3138]: pam_unix(cron:session): session closed for user samftp
May  6 23:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3238]: Connection closed by 170.64.205.18 port 44310 [preauth]
May  6 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Invalid user odoo14 from 186.96.145.241
May  6 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: input_userauth_request: invalid user odoo14 [preauth]
May  6 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  6 23:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Failed password for invalid user odoo14 from 186.96.145.241 port 53886 ssh2
May  6 23:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3440]: Connection closed by 186.96.145.241 port 53886 [preauth]
May  6 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2240]: pam_unix(cron:session): session closed for user root
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3592]: pam_unix(cron:session): session closed for user p13x
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: Successful su for rubyman by root
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: + ??? root:rubyman
May  6 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343259 of user rubyman.
May  6 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3653]: pam_unix(su:session): session closed for user rubyman
May  6 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343259.
May  6 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session closed for user root
May  6 23:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3593]: pam_unix(cron:session): session closed for user samftp
May  6 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2713]: pam_unix(cron:session): session closed for user root
May  6 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Invalid user tom from 170.64.205.18
May  6 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: input_userauth_request: invalid user tom [preauth]
May  6 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Failed password for invalid user tom from 170.64.205.18 port 48812 ssh2
May  6 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Connection closed by 170.64.205.18 port 48812 [preauth]
May  6 23:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Invalid user flink from 170.64.205.18
May  6 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: input_userauth_request: invalid user flink [preauth]
May  6 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Failed password for invalid user flink from 170.64.205.18 port 44564 ssh2
May  6 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Connection closed by 170.64.205.18 port 44564 [preauth]
May  6 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  6 23:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: Failed password for root from 170.64.205.18 port 44570 ssh2
May  6 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3992]: Connection closed by 170.64.205.18 port 44570 [preauth]
May  6 23:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Failed password for root from 218.92.0.225 port 57242 ssh2
May  6 23:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Failed password for root from 218.92.0.225 port 57242 ssh2
May  6 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Invalid user media from 170.64.205.18
May  6 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: input_userauth_request: invalid user media [preauth]
May  6 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Failed password for root from 218.92.0.225 port 57242 ssh2
May  6 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Received disconnect from 218.92.0.225 port 57242:11:  [preauth]
May  6 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: Disconnected from 218.92.0.225 port 57242 [preauth]
May  6 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3995]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  6 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Failed password for invalid user media from 170.64.205.18 port 33960 ssh2
May  6 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4005]: Connection closed by 170.64.205.18 port 33960 [preauth]
May  6 23:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4018]: Failed password for root from 170.64.205.18 port 33964 ssh2
May  6 23:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4018]: Connection closed by 170.64.205.18 port 33964 [preauth]
May  6 23:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: Invalid user esearch from 170.64.205.18
May  6 23:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: input_userauth_request: invalid user esearch [preauth]
May  6 23:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: Failed password for invalid user esearch from 170.64.205.18 port 52522 ssh2
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session closed for user p13x
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: Connection closed by 170.64.205.18 port 52522 [preauth]
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: Successful su for rubyman by root
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: + ??? root:rubyman
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343262 of user rubyman.
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4095]: pam_unix(su:session): session closed for user rubyman
May  6 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343262.
May  6 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  6 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Invalid user deploy from 170.64.205.18
May  6 23:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: input_userauth_request: invalid user deploy [preauth]
May  6 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session closed for user root
May  6 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Failed password for root from 218.92.0.225 port 12984 ssh2
May  6 23:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4032]: pam_unix(cron:session): session closed for user samftp
May  6 23:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Failed password for invalid user deploy from 170.64.205.18 port 52536 ssh2
May  6 23:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4201]: Connection closed by 170.64.205.18 port 52536 [preauth]
May  6 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Invalid user postgres from 170.64.205.18
May  6 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: input_userauth_request: invalid user postgres [preauth]
May  6 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for invalid user postgres from 170.64.205.18 port 33856 ssh2
May  6 23:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Connection closed by 170.64.205.18 port 33856 [preauth]
May  6 23:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Invalid user debian from 170.64.205.18
May  6 23:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: input_userauth_request: invalid user debian [preauth]
May  6 23:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Failed password for invalid user debian from 170.64.205.18 port 33864 ssh2
May  6 23:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Connection closed by 170.64.205.18 port 33864 [preauth]
May  6 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Invalid user user from 170.64.205.18
May  6 23:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: input_userauth_request: invalid user user [preauth]
May  6 23:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Failed password for invalid user user from 170.64.205.18 port 48002 ssh2
May  6 23:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Connection closed by 170.64.205.18 port 48002 [preauth]
May  6 23:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Failed password for root from 170.64.205.18 port 48008 ssh2
May  6 23:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4479]: Connection closed by 170.64.205.18 port 48008 [preauth]
May  6 23:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Failed password for root from 170.64.205.18 port 47934 ssh2
May  6 23:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4514]: Connection closed by 170.64.205.18 port 47934 [preauth]
May  6 23:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Invalid user developer from 170.64.205.18
May  6 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: input_userauth_request: invalid user developer [preauth]
May  6 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3140]: pam_unix(cron:session): session closed for user root
May  6 23:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Failed password for invalid user developer from 170.64.205.18 port 47940 ssh2
May  6 23:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4525]: Connection closed by 170.64.205.18 port 47940 [preauth]
May  6 23:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Invalid user docker from 170.64.205.18
May  6 23:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: input_userauth_request: invalid user docker [preauth]
May  6 23:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Failed password for invalid user docker from 170.64.205.18 port 50920 ssh2
May  6 23:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4561]: Connection closed by 170.64.205.18 port 50920 [preauth]
May  6 23:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Invalid user centos from 170.64.205.18
May  6 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: input_userauth_request: invalid user centos [preauth]
May  6 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Invalid user ubnt from 80.94.95.125
May  6 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: input_userauth_request: invalid user ubnt [preauth]
May  6 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 23:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for invalid user centos from 170.64.205.18 port 50932 ssh2
May  6 23:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 170.64.205.18 port 50932 [preauth]
May  6 23:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for invalid user ubnt from 80.94.95.125 port 51091 ssh2
May  6 23:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for invalid user ubnt from 80.94.95.125 port 51091 ssh2
May  6 23:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: Invalid user weblogic from 170.64.205.18
May  6 23:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: input_userauth_request: invalid user weblogic [preauth]
May  6 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for invalid user ubnt from 80.94.95.125 port 51091 ssh2
May  6 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: Failed password for invalid user weblogic from 170.64.205.18 port 35386 ssh2
May  6 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4601]: Connection closed by 170.64.205.18 port 35386 [preauth]
May  6 23:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for invalid user ubnt from 80.94.95.125 port 51091 ssh2
May  6 23:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Failed password for invalid user ubnt from 80.94.95.125 port 51091 ssh2
May  6 23:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Received disconnect from 80.94.95.125 port 51091:11: Bye [preauth]
May  6 23:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: Disconnected from 80.94.95.125 port 51091 [preauth]
May  6 23:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  6 23:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4574]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Invalid user guest from 170.64.205.18
May  6 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: input_userauth_request: invalid user guest [preauth]
May  6 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Failed password for invalid user guest from 170.64.205.18 port 35406 ssh2
May  6 23:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4612]: Connection closed by 170.64.205.18 port 35406 [preauth]
May  6 23:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: Invalid user opc from 170.64.205.18
May  6 23:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: input_userauth_request: invalid user opc [preauth]
May  6 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4633]: pam_unix(cron:session): session closed for user root
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4628]: pam_unix(cron:session): session closed for user p13x
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: Failed password for invalid user opc from 170.64.205.18 port 48308 ssh2
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4622]: Connection closed by 170.64.205.18 port 48308 [preauth]
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: Successful su for rubyman by root
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: + ??? root:rubyman
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343265 of user rubyman.
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4702]: pam_unix(su:session): session closed for user rubyman
May  6 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343265.
May  6 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4630]: pam_unix(cron:session): session closed for user root
May  6 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1747]: pam_unix(cron:session): session closed for user root
May  6 23:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4629]: pam_unix(cron:session): session closed for user samftp
May  6 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Failed password for root from 170.64.205.18 port 42530 ssh2
May  6 23:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4898]: Connection closed by 170.64.205.18 port 42530 [preauth]
May  6 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4933]: Failed password for root from 170.64.205.18 port 42536 ssh2
May  6 23:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4933]: Connection closed by 170.64.205.18 port 42536 [preauth]
May  6 23:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Invalid user kubernetes from 170.64.205.18
May  6 23:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: input_userauth_request: invalid user kubernetes [preauth]
May  6 23:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Failed password for invalid user kubernetes from 170.64.205.18 port 39130 ssh2
May  6 23:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Connection closed by 170.64.205.18 port 39130 [preauth]
May  6 23:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: Failed password for root from 170.64.205.18 port 39136 ssh2
May  6 23:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4972]: Connection closed by 170.64.205.18 port 39136 [preauth]
May  6 23:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Invalid user gitlab-runner from 170.64.205.18
May  6 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: input_userauth_request: invalid user gitlab-runner [preauth]
May  6 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for invalid user gitlab-runner from 170.64.205.18 port 46062 ssh2
May  6 23:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Connection closed by 170.64.205.18 port 46062 [preauth]
May  6 23:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Invalid user ftpuser from 170.64.205.18
May  6 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: input_userauth_request: invalid user ftpuser [preauth]
May  6 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3595]: pam_unix(cron:session): session closed for user root
May  6 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Invalid user mark from 64.227.102.153
May  6 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: input_userauth_request: invalid user mark [preauth]
May  6 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  6 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Failed password for invalid user ftpuser from 170.64.205.18 port 46066 ssh2
May  6 23:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5187]: Connection closed by 170.64.205.18 port 46066 [preauth]
May  6 23:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Failed password for invalid user mark from 64.227.102.153 port 41938 ssh2
May  6 23:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Received disconnect from 64.227.102.153 port 41938:11: Bye Bye [preauth]
May  6 23:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Disconnected from 64.227.102.153 port 41938 [preauth]
May  6 23:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Failed password for root from 170.64.205.18 port 54122 ssh2
May  6 23:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Connection closed by 170.64.205.18 port 54122 [preauth]
May  6 23:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Failed password for root from 170.64.205.18 port 33454 ssh2
May  6 23:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Connection closed by 170.64.205.18 port 33454 [preauth]
May  6 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Invalid user odoo17 from 170.64.205.18
May  6 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: input_userauth_request: invalid user odoo17 [preauth]
May  6 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Failed password for invalid user odoo17 from 170.64.205.18 port 33462 ssh2
May  6 23:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Connection closed by 170.64.205.18 port 33462 [preauth]
May  6 23:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Invalid user hadoop from 170.64.205.18
May  6 23:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: input_userauth_request: invalid user hadoop [preauth]
May  6 23:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Failed password for invalid user hadoop from 170.64.205.18 port 50120 ssh2
May  6 23:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5286]: Connection closed by 170.64.205.18 port 50120 [preauth]
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5301]: pam_unix(cron:session): session closed for user p13x
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Invalid user opc from 170.64.205.18
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: input_userauth_request: invalid user opc [preauth]
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5368]: Successful su for rubyman by root
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5368]: + ??? root:rubyman
May  6 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343271 of user rubyman.
May  6 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5368]: pam_unix(su:session): session closed for user rubyman
May  6 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343271.
May  6 23:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Failed password for invalid user opc from 170.64.205.18 port 50144 ssh2
May  6 23:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5298]: Connection closed by 170.64.205.18 port 50144 [preauth]
May  6 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2238]: pam_unix(cron:session): session closed for user root
May  6 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5302]: pam_unix(cron:session): session closed for user samftp
May  6 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Invalid user dev from 170.64.205.18
May  6 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: input_userauth_request: invalid user dev [preauth]
May  6 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user dev from 170.64.205.18 port 40846 ssh2
May  6 23:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Connection closed by 170.64.205.18 port 40846 [preauth]
May  6 23:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: User backup from 170.64.205.18 not allowed because not listed in AllowUsers
May  6 23:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: input_userauth_request: invalid user backup [preauth]
May  6 23:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=backup
May  6 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Failed password for invalid user backup from 170.64.205.18 port 40858 ssh2
May  6 23:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5625]: Connection closed by 170.64.205.18 port 40858 [preauth]
May  6 23:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 170.64.205.18 port 54552 ssh2
May  6 23:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Connection closed by 170.64.205.18 port 54552 [preauth]
May  6 23:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 170.64.205.18 port 36328 ssh2
May  6 23:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Connection closed by 170.64.205.18 port 36328 [preauth]
May  6 23:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: Invalid user tomcat from 170.64.205.18
May  6 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: input_userauth_request: invalid user tomcat [preauth]
May  6 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: Failed password for invalid user tomcat from 170.64.205.18 port 36336 ssh2
May  6 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4034]: pam_unix(cron:session): session closed for user root
May  6 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5690]: Connection closed by 170.64.205.18 port 36336 [preauth]
May  6 23:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Invalid user administrator from 50.235.31.47
May  6 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: input_userauth_request: invalid user administrator [preauth]
May  6 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  6 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Invalid user testuser from 170.64.205.18
May  6 23:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: input_userauth_request: invalid user testuser [preauth]
May  6 23:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Failed password for invalid user administrator from 50.235.31.47 port 34872 ssh2
May  6 23:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5724]: Connection closed by 50.235.31.47 port 34872 [preauth]
May  6 23:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Failed password for invalid user testuser from 170.64.205.18 port 48078 ssh2
May  6 23:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Connection closed by 170.64.205.18 port 48078 [preauth]
May  6 23:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Invalid user git from 170.64.205.18
May  6 23:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: input_userauth_request: invalid user git [preauth]
May  6 23:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Failed password for invalid user git from 170.64.205.18 port 48086 ssh2
May  6 23:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Connection closed by 170.64.205.18 port 48086 [preauth]
May  6 23:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5761]: Failed password for root from 170.64.205.18 port 48874 ssh2
May  6 23:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5761]: Connection closed by 170.64.205.18 port 48874 [preauth]
May  6 23:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Failed password for root from 170.64.205.18 port 48888 ssh2
May  6 23:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5778]: Connection closed by 170.64.205.18 port 48888 [preauth]
May  6 23:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Invalid user slam from 152.32.158.35
May  6 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: input_userauth_request: invalid user slam [preauth]
May  6 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  6 23:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Invalid user odoo from 170.64.205.18
May  6 23:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: input_userauth_request: invalid user odoo [preauth]
May  6 23:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user p13x
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5944]: Successful su for rubyman by root
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5944]: + ??? root:rubyman
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343276 of user rubyman.
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5944]: pam_unix(su:session): session closed for user rubyman
May  6 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343276.
May  6 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Failed password for invalid user slam from 152.32.158.35 port 58420 ssh2
May  6 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Received disconnect from 152.32.158.35 port 58420:11: Bye Bye [preauth]
May  6 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Disconnected from 152.32.158.35 port 58420 [preauth]
May  6 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Failed password for invalid user odoo from 170.64.205.18 port 57772 ssh2
May  6 23:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5791]: Connection closed by 170.64.205.18 port 57772 [preauth]
May  6 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2712]: pam_unix(cron:session): session closed for user root
May  6 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5795]: pam_unix(cron:session): session closed for user samftp
May  6 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Failed password for root from 170.64.205.18 port 44536 ssh2
May  6 23:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6136]: Connection closed by 170.64.205.18 port 44536 [preauth]
May  6 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Invalid user ts from 170.64.205.18
May  6 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: input_userauth_request: invalid user ts [preauth]
May  6 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Failed password for invalid user ts from 170.64.205.18 port 44542 ssh2
May  6 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Connection closed by 170.64.205.18 port 44542 [preauth]
May  6 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: Invalid user admin from 170.64.205.18
May  6 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: input_userauth_request: invalid user admin [preauth]
May  6 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: Failed password for invalid user admin from 170.64.205.18 port 37926 ssh2
May  6 23:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: Connection closed by 170.64.205.18 port 37926 [preauth]
May  6 23:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6195]: Failed password for root from 170.64.205.18 port 37942 ssh2
May  6 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6195]: Connection closed by 170.64.205.18 port 37942 [preauth]
May  6 23:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Invalid user nginx from 170.64.205.18
May  6 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: input_userauth_request: invalid user nginx [preauth]
May  6 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  6 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Failed password for invalid user nginx from 170.64.205.18 port 57642 ssh2
May  6 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Failed password for root from 218.92.0.221 port 38000 ssh2
May  6 23:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6221]: Connection closed by 170.64.205.18 port 57642 [preauth]
May  6 23:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Failed password for root from 218.92.0.221 port 38000 ssh2
May  6 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4632]: pam_unix(cron:session): session closed for user root
May  6 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Invalid user gitlab from 170.64.205.18
May  6 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: input_userauth_request: invalid user gitlab [preauth]
May  6 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Failed password for root from 218.92.0.221 port 38000 ssh2
May  6 23:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Received disconnect from 218.92.0.221 port 38000:11:  [preauth]
May  6 23:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Disconnected from 218.92.0.221 port 38000 [preauth]
May  6 23:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  6 23:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Failed password for invalid user gitlab from 170.64.205.18 port 55118 ssh2
May  6 23:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Connection closed by 170.64.205.18 port 55118 [preauth]
May  6 23:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Failed password for root from 170.64.205.18 port 55130 ssh2
May  6 23:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Connection closed by 170.64.205.18 port 55130 [preauth]
May  6 23:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: Failed password for root from 170.64.205.18 port 60316 ssh2
May  6 23:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6291]: Connection closed by 170.64.205.18 port 60316 [preauth]
May  6 23:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Invalid user kingbase from 170.64.205.18
May  6 23:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: input_userauth_request: invalid user kingbase [preauth]
May  6 23:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Failed password for invalid user kingbase from 170.64.205.18 port 60320 ssh2
May  6 23:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6309]: Connection closed by 170.64.205.18 port 60320 [preauth]
May  6 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Invalid user user from 170.64.205.18
May  6 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: input_userauth_request: invalid user user [preauth]
May  6 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6326]: pam_unix(cron:session): session closed for user p13x
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6385]: Successful su for rubyman by root
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6385]: + ??? root:rubyman
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343280 of user rubyman.
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6385]: pam_unix(su:session): session closed for user rubyman
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343280.
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Failed password for invalid user user from 170.64.205.18 port 35024 ssh2
May  6 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6322]: Connection closed by 170.64.205.18 port 35024 [preauth]
May  6 23:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3139]: pam_unix(cron:session): session closed for user root
May  6 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Invalid user test from 170.64.205.18
May  6 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: input_userauth_request: invalid user test [preauth]
May  6 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6327]: pam_unix(cron:session): session closed for user samftp
May  6 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Failed password for invalid user test from 170.64.205.18 port 35034 ssh2
May  6 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6506]: Connection closed by 170.64.205.18 port 35034 [preauth]
May  6 23:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Invalid user runner from 170.64.205.18
May  6 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: input_userauth_request: invalid user runner [preauth]
May  6 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for invalid user runner from 170.64.205.18 port 59448 ssh2
May  6 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Connection closed by 170.64.205.18 port 59448 [preauth]
May  6 23:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Failed password for root from 170.64.205.18 port 59456 ssh2
May  6 23:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6593]: Connection closed by 170.64.205.18 port 59456 [preauth]
May  6 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: Invalid user openvpn from 170.64.205.18
May  6 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: input_userauth_request: invalid user openvpn [preauth]
May  6 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: Failed password for invalid user openvpn from 170.64.205.18 port 52536 ssh2
May  6 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: Connection closed by 170.64.205.18 port 52536 [preauth]
May  6 23:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6616]: Failed password for root from 170.64.205.18 port 52542 ssh2
May  6 23:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6616]: Connection closed by 170.64.205.18 port 52542 [preauth]
May  6 23:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: Invalid user centos from 170.64.205.18
May  6 23:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: input_userauth_request: invalid user centos [preauth]
May  6 23:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: Failed password for invalid user centos from 170.64.205.18 port 53234 ssh2
May  6 23:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6642]: Connection closed by 170.64.205.18 port 53234 [preauth]
May  6 23:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: Invalid user pi from 170.64.205.18
May  6 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: input_userauth_request: invalid user pi [preauth]
May  6 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session closed for user root
May  6 23:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: Failed password for invalid user pi from 170.64.205.18 port 53244 ssh2
May  6 23:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6657]: Connection closed by 170.64.205.18 port 53244 [preauth]
May  6 23:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Invalid user uftp from 170.64.205.18
May  6 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: input_userauth_request: invalid user uftp [preauth]
May  6 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Failed password for invalid user uftp from 170.64.205.18 port 35622 ssh2
May  6 23:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Connection closed by 170.64.205.18 port 35622 [preauth]
May  6 23:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6703]: Failed password for root from 170.64.205.18 port 35648 ssh2
May  6 23:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6703]: Connection closed by 170.64.205.18 port 35648 [preauth]
May  6 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Invalid user oracle from 170.64.205.18
May  6 23:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: input_userauth_request: invalid user oracle [preauth]
May  6 23:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Failed password for invalid user oracle from 170.64.205.18 port 50864 ssh2
May  6 23:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6727]: Connection closed by 170.64.205.18 port 50864 [preauth]
May  6 23:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Invalid user ec2-user from 170.64.205.18
May  6 23:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: input_userauth_request: invalid user ec2-user [preauth]
May  6 23:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Failed password for invalid user ec2-user from 170.64.205.18 port 50870 ssh2
May  6 23:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6729]: Connection closed by 170.64.205.18 port 50870 [preauth]
May  6 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Invalid user kingbase from 170.64.205.18
May  6 23:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: input_userauth_request: invalid user kingbase [preauth]
May  6 23:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Failed password for invalid user kingbase from 170.64.205.18 port 49104 ssh2
May  6 23:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Connection closed by 170.64.205.18 port 49104 [preauth]
May  6 23:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Invalid user nginx from 170.64.205.18
May  6 23:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: input_userauth_request: invalid user nginx [preauth]
May  6 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for invalid user nginx from 170.64.205.18 port 49120 ssh2
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session closed for user p13x
May  6 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Connection closed by 170.64.205.18 port 49120 [preauth]
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: Successful su for rubyman by root
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: + ??? root:rubyman
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343284 of user rubyman.
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6887]: pam_unix(su:session): session closed for user rubyman
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343284.
May  6 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session closed for user root
May  6 23:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3594]: pam_unix(cron:session): session closed for user root
May  6 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: Invalid user hadoop from 170.64.205.18
May  6 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: input_userauth_request: invalid user hadoop [preauth]
May  6 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: Failed password for invalid user hadoop from 170.64.205.18 port 49124 ssh2
May  6 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session closed for user samftp
May  6 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7142]: Connection closed by 170.64.205.18 port 49124 [preauth]
May  6 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Invalid user plexserver from 170.64.205.18
May  6 23:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: input_userauth_request: invalid user plexserver [preauth]
May  6 23:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Failed password for invalid user plexserver from 170.64.205.18 port 38642 ssh2
May  6 23:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7220]: Connection closed by 170.64.205.18 port 38642 [preauth]
May  6 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Invalid user postgres from 170.64.205.18
May  6 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: input_userauth_request: invalid user postgres [preauth]
May  6 23:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Failed password for invalid user postgres from 170.64.205.18 port 38654 ssh2
May  6 23:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7231]: Connection closed by 170.64.205.18 port 38654 [preauth]
May  6 23:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Invalid user test2 from 170.64.205.18
May  6 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: input_userauth_request: invalid user test2 [preauth]
May  6 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Failed password for invalid user test2 from 170.64.205.18 port 55350 ssh2
May  6 23:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7254]: Connection closed by 170.64.205.18 port 55350 [preauth]
May  6 23:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Failed password for root from 170.64.205.18 port 55356 ssh2
May  6 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7256]: Connection closed by 170.64.205.18 port 55356 [preauth]
May  6 23:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Invalid user ansible from 170.64.205.18
May  6 23:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: input_userauth_request: invalid user ansible [preauth]
May  6 23:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Failed password for invalid user ansible from 170.64.205.18 port 42308 ssh2
May  6 23:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7280]: Connection closed by 170.64.205.18 port 42308 [preauth]
May  6 23:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Invalid user uftp from 170.64.205.18
May  6 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: input_userauth_request: invalid user uftp [preauth]
May  6 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5797]: pam_unix(cron:session): session closed for user root
May  6 23:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Failed password for invalid user uftp from 170.64.205.18 port 42310 ssh2
May  6 23:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7290]: Connection closed by 170.64.205.18 port 42310 [preauth]
May  6 23:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: Failed password for root from 170.64.205.18 port 47094 ssh2
May  6 23:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7320]: Connection closed by 170.64.205.18 port 47094 [preauth]
May  6 23:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Failed password for root from 170.64.205.18 port 47108 ssh2
May  6 23:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Connection closed by 170.64.205.18 port 47108 [preauth]
May  6 23:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user deployer from 170.64.205.18
May  6 23:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user deployer [preauth]
May  6 23:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user deployer from 170.64.205.18 port 46072 ssh2
May  6 23:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 170.64.205.18 port 46072 [preauth]
May  6 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Invalid user oscar from 170.64.205.18
May  6 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: input_userauth_request: invalid user oscar [preauth]
May  6 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Failed password for invalid user oscar from 170.64.205.18 port 46100 ssh2
May  6 23:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Connection closed by 170.64.205.18 port 46100 [preauth]
May  6 23:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Invalid user bigdata from 170.64.205.18
May  6 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: input_userauth_request: invalid user bigdata [preauth]
May  6 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Failed password for invalid user bigdata from 170.64.205.18 port 51006 ssh2
May  6 23:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7372]: Connection closed by 170.64.205.18 port 51006 [preauth]
May  6 23:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Invalid user www from 170.64.205.18
May  6 23:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: input_userauth_request: invalid user www [preauth]
May  6 23:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7390]: pam_unix(cron:session): session closed for user root
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7385]: pam_unix(cron:session): session closed for user p13x
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: Successful su for rubyman by root
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: + ??? root:rubyman
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343289 of user rubyman.
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7454]: pam_unix(su:session): session closed for user rubyman
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343289.
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Failed password for invalid user www from 170.64.205.18 port 51010 ssh2
May  6 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7374]: Connection closed by 170.64.205.18 port 51010 [preauth]
May  6 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7387]: pam_unix(cron:session): session closed for user root
May  6 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4033]: pam_unix(cron:session): session closed for user root
May  6 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7386]: pam_unix(cron:session): session closed for user samftp
May  6 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7693]: Failed password for root from 170.64.205.18 port 51012 ssh2
May  6 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7693]: Connection closed by 170.64.205.18 port 51012 [preauth]
May  6 23:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Invalid user gitlab-runner from 170.64.205.18
May  6 23:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: input_userauth_request: invalid user gitlab-runner [preauth]
May  6 23:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Failed password for invalid user gitlab-runner from 170.64.205.18 port 60936 ssh2
May  6 23:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Connection closed by 170.64.205.18 port 60936 [preauth]
May  6 23:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Failed password for root from 170.64.205.18 port 60946 ssh2
May  6 23:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7800]: Connection closed by 170.64.205.18 port 60946 [preauth]
May  6 23:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Failed password for root from 170.64.205.18 port 56076 ssh2
May  6 23:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7828]: Connection closed by 170.64.205.18 port 56076 [preauth]
May  6 23:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Invalid user user from 170.64.205.18
May  6 23:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: input_userauth_request: invalid user user [preauth]
May  6 23:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Failed password for invalid user user from 170.64.205.18 port 56082 ssh2
May  6 23:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7838]: Connection closed by 170.64.205.18 port 56082 [preauth]
May  6 23:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Invalid user yealink from 170.64.205.18
May  6 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: input_userauth_request: invalid user yealink [preauth]
May  6 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Failed password for invalid user yealink from 170.64.205.18 port 60740 ssh2
May  6 23:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7860]: Connection closed by 170.64.205.18 port 60740 [preauth]
May  6 23:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: Invalid user plex from 170.64.205.18
May  6 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: input_userauth_request: invalid user plex [preauth]
May  6 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session closed for user root
May  6 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: Failed password for invalid user plex from 170.64.205.18 port 60752 ssh2
May  6 23:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: Connection closed by 170.64.205.18 port 60752 [preauth]
May  6 23:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Invalid user ec2-user from 170.64.205.18
May  6 23:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: input_userauth_request: invalid user ec2-user [preauth]
May  6 23:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Failed password for invalid user ec2-user from 170.64.205.18 port 56592 ssh2
May  6 23:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Connection closed by 170.64.205.18 port 56592 [preauth]
May  6 23:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7907]: User proxy from 170.64.205.18 not allowed because not listed in AllowUsers
May  6 23:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7907]: input_userauth_request: invalid user proxy [preauth]
May  6 23:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=proxy
May  6 23:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7907]: Failed password for invalid user proxy from 170.64.205.18 port 56598 ssh2
May  6 23:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7907]: Connection closed by 170.64.205.18 port 56598 [preauth]
May  6 23:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Invalid user whj from 64.227.102.153
May  6 23:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: input_userauth_request: invalid user whj [preauth]
May  6 23:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  6 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Failed password for invalid user whj from 64.227.102.153 port 57312 ssh2
May  6 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Received disconnect from 64.227.102.153 port 57312:11: Bye Bye [preauth]
May  6 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7923]: Disconnected from 64.227.102.153 port 57312 [preauth]
May  6 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Invalid user es from 170.64.205.18
May  6 23:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: input_userauth_request: invalid user es [preauth]
May  6 23:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Failed password for invalid user es from 170.64.205.18 port 54358 ssh2
May  6 23:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Connection closed by 170.64.205.18 port 54358 [preauth]
May  6 23:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Invalid user git from 170.64.205.18
May  6 23:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: input_userauth_request: invalid user git [preauth]
May  6 23:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Failed password for invalid user git from 170.64.205.18 port 54360 ssh2
May  6 23:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7945]: Connection closed by 170.64.205.18 port 54360 [preauth]
May  6 23:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Failed password for root from 170.64.205.18 port 43026 ssh2
May  6 23:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Connection closed by 170.64.205.18 port 43026 [preauth]
May  6 23:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Invalid user sadmin from 170.64.205.18
May  6 23:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: input_userauth_request: invalid user sadmin [preauth]
May  6 23:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7973]: pam_unix(cron:session): session closed for user p13x
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Failed password for invalid user sadmin from 170.64.205.18 port 43028 ssh2
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: Successful su for rubyman by root
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: + ??? root:rubyman
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343294 of user rubyman.
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8039]: pam_unix(su:session): session closed for user rubyman
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343294.
May  6 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Connection closed by 170.64.205.18 port 43028 [preauth]
May  6 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Invalid user lighthouse from 170.64.205.18
May  6 23:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: input_userauth_request: invalid user lighthouse [preauth]
May  6 23:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4631]: pam_unix(cron:session): session closed for user root
May  6 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7974]: pam_unix(cron:session): session closed for user samftp
May  6 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Failed password for invalid user lighthouse from 170.64.205.18 port 43044 ssh2
May  6 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8184]: Connection closed by 170.64.205.18 port 43044 [preauth]
May  6 23:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: Invalid user tom from 170.64.205.18
May  6 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: input_userauth_request: invalid user tom [preauth]
May  6 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: Failed password for invalid user tom from 170.64.205.18 port 60206 ssh2
May  6 23:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8253]: Connection closed by 170.64.205.18 port 60206 [preauth]
May  6 23:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Invalid user jenkins from 170.64.205.18
May  6 23:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: input_userauth_request: invalid user jenkins [preauth]
May  6 23:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Failed password for invalid user jenkins from 170.64.205.18 port 60222 ssh2
May  6 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8263]: Connection closed by 170.64.205.18 port 60222 [preauth]
May  6 23:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Invalid user username from 170.64.205.18
May  6 23:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: input_userauth_request: invalid user username [preauth]
May  6 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Invalid user administrator from 80.94.95.29
May  6 23:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: input_userauth_request: invalid user administrator [preauth]
May  6 23:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 23:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Failed password for invalid user username from 170.64.205.18 port 34372 ssh2
May  6 23:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8286]: Connection closed by 170.64.205.18 port 34372 [preauth]
May  6 23:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for invalid user administrator from 80.94.95.29 port 30849 ssh2
May  6 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Invalid user hadoop from 170.64.205.18
May  6 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: input_userauth_request: invalid user hadoop [preauth]
May  6 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for invalid user administrator from 80.94.95.29 port 30849 ssh2
May  6 23:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Failed password for invalid user hadoop from 170.64.205.18 port 34386 ssh2
May  6 23:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8299]: Connection closed by 170.64.205.18 port 34386 [preauth]
May  6 23:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for invalid user administrator from 80.94.95.29 port 30849 ssh2
May  6 23:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Invalid user developer from 170.64.205.18
May  6 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: input_userauth_request: invalid user developer [preauth]
May  6 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for invalid user administrator from 80.94.95.29 port 30849 ssh2
May  6 23:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for invalid user developer from 170.64.205.18 port 34874 ssh2
May  6 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Connection closed by 170.64.205.18 port 34874 [preauth]
May  6 23:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Failed password for invalid user administrator from 80.94.95.29 port 30849 ssh2
May  6 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Received disconnect from 80.94.95.29 port 30849:11: Bye [preauth]
May  6 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: Disconnected from 80.94.95.29 port 30849 [preauth]
May  6 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  6 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8288]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 23:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Invalid user user2 from 170.64.205.18
May  6 23:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: input_userauth_request: invalid user user2 [preauth]
May  6 23:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Failed password for invalid user user2 from 170.64.205.18 port 34880 ssh2
May  6 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8336]: Connection closed by 170.64.205.18 port 34880 [preauth]
May  6 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session closed for user root
May  6 23:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Invalid user server from 170.64.205.18
May  6 23:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: input_userauth_request: invalid user server [preauth]
May  6 23:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Failed password for invalid user server from 170.64.205.18 port 45434 ssh2
May  6 23:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Connection closed by 170.64.205.18 port 45434 [preauth]
May  6 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Invalid user amir from 170.64.205.18
May  6 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: input_userauth_request: invalid user amir [preauth]
May  6 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Failed password for invalid user amir from 170.64.205.18 port 45444 ssh2
May  6 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8369]: Connection closed by 170.64.205.18 port 45444 [preauth]
May  6 23:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Invalid user ubnt from 170.64.205.18
May  6 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: input_userauth_request: invalid user ubnt [preauth]
May  6 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Failed password for invalid user ubnt from 170.64.205.18 port 58118 ssh2
May  6 23:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8393]: Connection closed by 170.64.205.18 port 58118 [preauth]
May  6 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Invalid user vagrant from 170.64.205.18
May  6 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: input_userauth_request: invalid user vagrant [preauth]
May  6 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Failed password for invalid user vagrant from 170.64.205.18 port 58134 ssh2
May  6 23:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8404]: Connection closed by 170.64.205.18 port 58134 [preauth]
May  6 23:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Invalid user jms from 170.64.205.18
May  6 23:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: input_userauth_request: invalid user jms [preauth]
May  6 23:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Failed password for invalid user jms from 170.64.205.18 port 58146 ssh2
May  6 23:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8416]: Connection closed by 170.64.205.18 port 58146 [preauth]
May  6 23:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: User ftp from 170.64.205.18 not allowed because not listed in AllowUsers
May  6 23:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: input_userauth_request: invalid user ftp [preauth]
May  6 23:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=ftp
May  6 23:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8434]: pam_unix(cron:session): session closed for user p13x
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: Failed password for invalid user ftp from 170.64.205.18 port 43958 ssh2
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8503]: Successful su for rubyman by root
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8503]: + ??? root:rubyman
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343299 of user rubyman.
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8503]: pam_unix(su:session): session closed for user rubyman
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343299.
May  6 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8428]: Connection closed by 170.64.205.18 port 43958 [preauth]
May  6 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Failed password for root from 218.92.0.216 port 46946 ssh2
May  6 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Invalid user niaoyun from 170.64.205.18
May  6 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: input_userauth_request: invalid user niaoyun [preauth]
May  6 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session closed for user root
May  6 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Failed password for root from 218.92.0.216 port 46946 ssh2
May  6 23:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user samftp
May  6 23:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Failed password for invalid user niaoyun from 170.64.205.18 port 43970 ssh2
May  6 23:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8569]: Connection closed by 170.64.205.18 port 43970 [preauth]
May  6 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: Invalid user dspace from 170.64.205.18
May  6 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: input_userauth_request: invalid user dspace [preauth]
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Failed password for root from 218.92.0.216 port 46946 ssh2
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Received disconnect from 218.92.0.216 port 46946:11:  [preauth]
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: Disconnected from 218.92.0.216 port 46946 [preauth]
May  6 23:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8430]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  6 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Invalid user m from 152.32.158.35
May  6 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: input_userauth_request: invalid user m [preauth]
May  6 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  6 23:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: Failed password for invalid user dspace from 170.64.205.18 port 39468 ssh2
May  6 23:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8709]: Connection closed by 170.64.205.18 port 39468 [preauth]
May  6 23:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Failed password for invalid user m from 152.32.158.35 port 37062 ssh2
May  6 23:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Received disconnect from 152.32.158.35 port 37062:11: Bye Bye [preauth]
May  6 23:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8724]: Disconnected from 152.32.158.35 port 37062 [preauth]
May  6 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Invalid user minecraft from 170.64.205.18
May  6 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: input_userauth_request: invalid user minecraft [preauth]
May  6 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Failed password for invalid user minecraft from 170.64.205.18 port 39480 ssh2
May  6 23:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8728]: Connection closed by 170.64.205.18 port 39480 [preauth]
May  6 23:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: Invalid user postgres from 170.64.205.18
May  6 23:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: input_userauth_request: invalid user postgres [preauth]
May  6 23:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: Failed password for invalid user postgres from 170.64.205.18 port 51332 ssh2
May  6 23:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8752]: Connection closed by 170.64.205.18 port 51332 [preauth]
May  6 23:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8762]: Failed password for root from 170.64.205.18 port 51348 ssh2
May  6 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8762]: Connection closed by 170.64.205.18 port 51348 [preauth]
May  6 23:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Failed password for root from 170.64.205.18 port 43342 ssh2
May  6 23:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Connection closed by 170.64.205.18 port 43342 [preauth]
May  6 23:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: Invalid user tools from 170.64.205.18
May  6 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: input_userauth_request: invalid user tools [preauth]
May  6 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: Failed password for invalid user tools from 170.64.205.18 port 43354 ssh2
May  6 23:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8796]: Connection closed by 170.64.205.18 port 43354 [preauth]
May  6 23:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7389]: pam_unix(cron:session): session closed for user root
May  6 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Failed password for root from 170.64.205.18 port 47732 ssh2
May  6 23:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Connection closed by 170.64.205.18 port 47732 [preauth]
May  6 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Invalid user dolphinscheduler from 170.64.205.18
May  6 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Failed password for invalid user dolphinscheduler from 170.64.205.18 port 47746 ssh2
May  6 23:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Connection closed by 170.64.205.18 port 47746 [preauth]
May  6 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Invalid user elasticsearch from 170.64.205.18
May  6 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Failed password for invalid user elasticsearch from 170.64.205.18 port 47762 ssh2
May  6 23:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Connection closed by 170.64.205.18 port 47762 [preauth]
May  6 23:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Invalid user elsearch from 170.64.205.18
May  6 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: input_userauth_request: invalid user elsearch [preauth]
May  6 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Failed password for invalid user elsearch from 170.64.205.18 port 43346 ssh2
May  6 23:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Connection closed by 170.64.205.18 port 43346 [preauth]
May  6 23:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: Invalid user git from 170.64.205.18
May  6 23:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: input_userauth_request: invalid user git [preauth]
May  6 23:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: Failed password for invalid user git from 170.64.205.18 port 43354 ssh2
May  6 23:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8878]: Connection closed by 170.64.205.18 port 43354 [preauth]
May  6 23:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Invalid user ftpuser from 170.64.205.18
May  6 23:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: input_userauth_request: invalid user ftpuser [preauth]
May  6 23:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Failed password for invalid user ftpuser from 170.64.205.18 port 45928 ssh2
May  6 23:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8888]: Connection closed by 170.64.205.18 port 45928 [preauth]
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8900]: pam_unix(cron:session): session closed for user p13x
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8966]: Successful su for rubyman by root
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8966]: + ??? root:rubyman
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343302 of user rubyman.
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8966]: pam_unix(su:session): session closed for user rubyman
May  6 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343302.
May  6 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Invalid user deploy from 170.64.205.18
May  6 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: input_userauth_request: invalid user deploy [preauth]
May  6 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5796]: pam_unix(cron:session): session closed for user root
May  6 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Failed password for invalid user deploy from 170.64.205.18 port 45942 ssh2
May  6 23:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8989]: Connection closed by 170.64.205.18 port 45942 [preauth]
May  6 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8901]: pam_unix(cron:session): session closed for user samftp
May  6 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Invalid user elastic from 170.64.205.18
May  6 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: input_userauth_request: invalid user elastic [preauth]
May  6 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Failed password for invalid user elastic from 170.64.205.18 port 38058 ssh2
May  6 23:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9244]: Connection closed by 170.64.205.18 port 38058 [preauth]
May  6 23:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9246]: Failed password for root from 170.64.205.18 port 38062 ssh2
May  6 23:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9246]: Connection closed by 170.64.205.18 port 38062 [preauth]
May  6 23:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Invalid user debian from 170.64.205.18
May  6 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: input_userauth_request: invalid user debian [preauth]
May  6 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Failed password for invalid user debian from 170.64.205.18 port 49028 ssh2
May  6 23:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Connection closed by 170.64.205.18 port 49028 [preauth]
May  6 23:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Invalid user pi from 170.64.205.18
May  6 23:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: input_userauth_request: invalid user pi [preauth]
May  6 23:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Failed password for invalid user pi from 170.64.205.18 port 49056 ssh2
May  6 23:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Connection closed by 170.64.205.18 port 49056 [preauth]
May  6 23:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Failed password for root from 170.64.205.18 port 57534 ssh2
May  6 23:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: Connection closed by 170.64.205.18 port 57534 [preauth]
May  6 23:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Invalid user nginx from 170.64.205.18
May  6 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: input_userauth_request: invalid user nginx [preauth]
May  6 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for invalid user nginx from 170.64.205.18 port 57548 ssh2
May  6 23:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Connection closed by 170.64.205.18 port 57548 [preauth]
May  6 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7977]: pam_unix(cron:session): session closed for user root
May  6 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: Invalid user rancher from 170.64.205.18
May  6 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: input_userauth_request: invalid user rancher [preauth]
May  6 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: Failed password for invalid user rancher from 170.64.205.18 port 57556 ssh2
May  6 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9381]: Connection closed by 170.64.205.18 port 57556 [preauth]
May  6 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Failed password for root from 170.64.205.18 port 34932 ssh2
May  6 23:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9391]: Connection closed by 170.64.205.18 port 34932 [preauth]
May  6 23:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Invalid user testuser from 170.64.205.18
May  6 23:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: input_userauth_request: invalid user testuser [preauth]
May  6 23:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Failed password for invalid user testuser from 170.64.205.18 port 34950 ssh2
May  6 23:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9407]: Connection closed by 170.64.205.18 port 34950 [preauth]
May  6 23:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Failed password for root from 170.64.205.18 port 48592 ssh2
May  6 23:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9418]: Connection closed by 170.64.205.18 port 48592 [preauth]
May  6 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Invalid user es from 170.64.205.18
May  6 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: input_userauth_request: invalid user es [preauth]
May  6 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Failed password for invalid user es from 170.64.205.18 port 48602 ssh2
May  6 23:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9429]: Connection closed by 170.64.205.18 port 48602 [preauth]
May  6 23:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Invalid user steam from 170.64.205.18
May  6 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: input_userauth_request: invalid user steam [preauth]
May  6 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9451]: pam_unix(cron:session): session closed for user p13x
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Failed password for invalid user steam from 170.64.205.18 port 40968 ssh2
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: Successful su for rubyman by root
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: + ??? root:rubyman
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343308 of user rubyman.
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9514]: pam_unix(su:session): session closed for user rubyman
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343308.
May  6 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Connection closed by 170.64.205.18 port 40968 [preauth]
May  6 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: Invalid user master from 170.64.205.18
May  6 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: input_userauth_request: invalid user master [preauth]
May  6 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6328]: pam_unix(cron:session): session closed for user root
May  6 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: Failed password for invalid user master from 170.64.205.18 port 40980 ssh2
May  6 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9576]: Connection closed by 170.64.205.18 port 40980 [preauth]
May  6 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9452]: pam_unix(cron:session): session closed for user samftp
May  6 23:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Invalid user wso2 from 170.64.205.18
May  6 23:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: input_userauth_request: invalid user wso2 [preauth]
May  6 23:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Failed password for invalid user wso2 from 170.64.205.18 port 46722 ssh2
May  6 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Connection closed by 170.64.205.18 port 46722 [preauth]
May  6 23:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Invalid user dolphinscheduler from 170.64.205.18
May  6 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Failed password for invalid user dolphinscheduler from 170.64.205.18 port 46732 ssh2
May  6 23:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9709]: Connection closed by 170.64.205.18 port 46732 [preauth]
May  6 23:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Invalid user wang from 170.64.205.18
May  6 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: input_userauth_request: invalid user wang [preauth]
May  6 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Failed password for invalid user wang from 170.64.205.18 port 49744 ssh2
May  6 23:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9734]: Connection closed by 170.64.205.18 port 49744 [preauth]
May  6 23:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: Invalid user sonar from 170.64.205.18
May  6 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: input_userauth_request: invalid user sonar [preauth]
May  6 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: Failed password for invalid user sonar from 170.64.205.18 port 49748 ssh2
May  6 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9748]: Connection closed by 170.64.205.18 port 49748 [preauth]
May  6 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Invalid user apache from 170.64.205.18
May  6 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: input_userauth_request: invalid user apache [preauth]
May  6 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Failed password for invalid user apache from 170.64.205.18 port 54234 ssh2
May  6 23:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9771]: Connection closed by 170.64.205.18 port 54234 [preauth]
May  6 23:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: Invalid user flask from 170.64.205.18
May  6 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: input_userauth_request: invalid user flask [preauth]
May  6 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: Failed password for invalid user flask from 170.64.205.18 port 54246 ssh2
May  6 23:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9775]: Connection closed by 170.64.205.18 port 54246 [preauth]
May  6 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session closed for user root
May  6 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Failed password for root from 170.64.205.18 port 48620 ssh2
May  6 23:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9806]: Connection closed by 170.64.205.18 port 48620 [preauth]
May  6 23:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Invalid user admin from 170.64.205.18
May  6 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: input_userauth_request: invalid user admin [preauth]
May  6 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Failed password for invalid user admin from 170.64.205.18 port 48640 ssh2
May  6 23:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9816]: Connection closed by 170.64.205.18 port 48640 [preauth]
May  6 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Invalid user debian from 170.64.205.18
May  6 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: input_userauth_request: invalid user debian [preauth]
May  6 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Failed password for invalid user debian from 170.64.205.18 port 48664 ssh2
May  6 23:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Connection closed by 170.64.205.18 port 48664 [preauth]
May  6 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Invalid user guest from 170.64.205.18
May  6 23:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: input_userauth_request: invalid user guest [preauth]
May  6 23:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Failed password for invalid user guest from 170.64.205.18 port 47892 ssh2
May  6 23:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Connection closed by 170.64.205.18 port 47892 [preauth]
May  6 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Invalid user hadoop from 170.64.205.18
May  6 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: input_userauth_request: invalid user hadoop [preauth]
May  6 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Failed password for invalid user hadoop from 170.64.205.18 port 47906 ssh2
May  6 23:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Connection closed by 170.64.205.18 port 47906 [preauth]
May  6 23:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: User ftp from 170.64.205.18 not allowed because not listed in AllowUsers
May  6 23:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: input_userauth_request: invalid user ftp [preauth]
May  6 23:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=ftp
May  6 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Failed password for invalid user ftp from 170.64.205.18 port 33542 ssh2
May  6 23:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Connection closed by 170.64.205.18 port 33542 [preauth]
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9882]: pam_unix(cron:session): session closed for user root
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user p13x
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9945]: Successful su for rubyman by root
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9945]: + ??? root:rubyman
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343312 of user rubyman.
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9945]: pam_unix(su:session): session closed for user rubyman
May  6 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343312.
May  6 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: User mysql from 170.64.205.18 not allowed because not listed in AllowUsers
May  6 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: input_userauth_request: invalid user mysql [preauth]
May  6 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=mysql
May  6 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user root
May  6 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session closed for user root
May  6 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Failed password for invalid user mysql from 170.64.205.18 port 33556 ssh2
May  6 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9967]: Connection closed by 170.64.205.18 port 33556 [preauth]
May  6 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user samftp
May  6 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Invalid user esuser from 170.64.205.18
May  6 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: input_userauth_request: invalid user esuser [preauth]
May  6 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for invalid user esuser from 170.64.205.18 port 57094 ssh2
May  6 23:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Connection closed by 170.64.205.18 port 57094 [preauth]
May  6 23:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Failed password for root from 170.64.205.18 port 57110 ssh2
May  6 23:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Connection closed by 170.64.205.18 port 57110 [preauth]
May  6 23:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Invalid user zabbix from 170.64.205.18
May  6 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: input_userauth_request: invalid user zabbix [preauth]
May  6 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Failed password for invalid user zabbix from 170.64.205.18 port 41314 ssh2
May  6 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10188]: Connection closed by 170.64.205.18 port 41314 [preauth]
May  6 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10198]: Failed password for root from 170.64.205.18 port 41316 ssh2
May  6 23:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10198]: Connection closed by 170.64.205.18 port 41316 [preauth]
May  6 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Invalid user dmdba from 170.64.205.18
May  6 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: input_userauth_request: invalid user dmdba [preauth]
May  6 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Failed password for invalid user dmdba from 170.64.205.18 port 39566 ssh2
May  6 23:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Connection closed by 170.64.205.18 port 39566 [preauth]
May  6 23:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: Invalid user esuser from 170.64.205.18
May  6 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: input_userauth_request: invalid user esuser [preauth]
May  6 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: Failed password for invalid user esuser from 170.64.205.18 port 39570 ssh2
May  6 23:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10311]: Connection closed by 170.64.205.18 port 39570 [preauth]
May  6 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8903]: pam_unix(cron:session): session closed for user root
May  6 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: Invalid user steam from 170.64.205.18
May  6 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: input_userauth_request: invalid user steam [preauth]
May  6 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: Failed password for invalid user steam from 170.64.205.18 port 39586 ssh2
May  6 23:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10339]: Connection closed by 170.64.205.18 port 39586 [preauth]
May  6 23:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Invalid user hive from 170.64.205.18
May  6 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: input_userauth_request: invalid user hive [preauth]
May  6 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Failed password for invalid user hive from 170.64.205.18 port 54108 ssh2
May  6 23:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10356]: Connection closed by 170.64.205.18 port 54108 [preauth]
May  6 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Invalid user docker from 170.64.205.18
May  6 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: input_userauth_request: invalid user docker [preauth]
May  6 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Failed password for invalid user docker from 170.64.205.18 port 54138 ssh2
May  6 23:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10374]: Connection closed by 170.64.205.18 port 54138 [preauth]
May  6 23:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Invalid user user1 from 170.64.205.18
May  6 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: input_userauth_request: invalid user user1 [preauth]
May  6 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Failed password for invalid user user1 from 170.64.205.18 port 56052 ssh2
May  6 23:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10394]: Connection closed by 170.64.205.18 port 56052 [preauth]
May  6 23:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  6 23:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: Invalid user dmdba from 170.64.205.18
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: input_userauth_request: invalid user dmdba [preauth]
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Failed password for root from 64.227.102.153 port 43536 ssh2
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Received disconnect from 64.227.102.153 port 43536:11: Bye Bye [preauth]
May  6 23:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10405]: Disconnected from 64.227.102.153 port 43536 [preauth]
May  6 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: Failed password for invalid user dmdba from 170.64.205.18 port 56064 ssh2
May  6 23:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: Connection closed by 170.64.205.18 port 56064 [preauth]
May  6 23:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Invalid user elasticsearch from 170.64.205.18
May  6 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: input_userauth_request: invalid user elasticsearch [preauth]
May  6 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Failed password for invalid user elasticsearch from 170.64.205.18 port 53046 ssh2
May  6 23:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Connection closed by 170.64.205.18 port 53046 [preauth]
May  6 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session closed for user p13x
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10511]: Successful su for rubyman by root
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10511]: + ??? root:rubyman
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343316 of user rubyman.
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10511]: pam_unix(su:session): session closed for user rubyman
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343316.
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Invalid user jumpserver from 170.64.205.18
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: input_userauth_request: invalid user jumpserver [preauth]
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Failed password for invalid user jumpserver from 170.64.205.18 port 53050 ssh2
May  6 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10423]: Connection closed by 170.64.205.18 port 53050 [preauth]
May  6 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7388]: pam_unix(cron:session): session closed for user root
May  6 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session closed for user samftp
May  6 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for root from 170.64.205.18 port 40780 ssh2
May  6 23:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Connection closed by 170.64.205.18 port 40780 [preauth]
May  6 23:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Invalid user user1 from 170.64.205.18
May  6 23:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: input_userauth_request: invalid user user1 [preauth]
May  6 23:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for invalid user user1 from 170.64.205.18 port 40782 ssh2
May  6 23:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 170.64.205.18 port 40782 [preauth]
May  6 23:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Invalid user lighthouse from 170.64.205.18
May  6 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: input_userauth_request: invalid user lighthouse [preauth]
May  6 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Failed password for invalid user lighthouse from 170.64.205.18 port 43742 ssh2
May  6 23:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10792]: Connection closed by 170.64.205.18 port 43742 [preauth]
May  6 23:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Invalid user nvidia from 170.64.205.18
May  6 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: input_userauth_request: invalid user nvidia [preauth]
May  6 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Failed password for invalid user nvidia from 170.64.205.18 port 43768 ssh2
May  6 23:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Connection closed by 170.64.205.18 port 43768 [preauth]
May  6 23:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Invalid user gitlab from 170.64.205.18
May  6 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: input_userauth_request: invalid user gitlab [preauth]
May  6 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Failed password for invalid user gitlab from 170.64.205.18 port 36064 ssh2
May  6 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Connection closed by 170.64.205.18 port 36064 [preauth]
May  6 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Invalid user factorio from 170.64.205.18
May  6 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: input_userauth_request: invalid user factorio [preauth]
May  6 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Failed password for invalid user factorio from 170.64.205.18 port 36072 ssh2
May  6 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Connection closed by 170.64.205.18 port 36072 [preauth]
May  6 23:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9455]: pam_unix(cron:session): session closed for user root
May  6 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Invalid user admin from 170.64.205.18
May  6 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: input_userauth_request: invalid user admin [preauth]
May  6 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Failed password for invalid user admin from 170.64.205.18 port 36088 ssh2
May  6 23:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10846]: Connection closed by 170.64.205.18 port 36088 [preauth]
May  6 23:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Invalid user es from 170.64.205.18
May  6 23:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: input_userauth_request: invalid user es [preauth]
May  6 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Failed password for invalid user es from 170.64.205.18 port 45168 ssh2
May  6 23:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10869]: Connection closed by 170.64.205.18 port 45168 [preauth]
May  6 23:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Invalid user minecraft from 170.64.205.18
May  6 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: input_userauth_request: invalid user minecraft [preauth]
May  6 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10886]: Did not receive identification string from 80.64.18.84
May  6 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Failed password for invalid user minecraft from 170.64.205.18 port 45172 ssh2
May  6 23:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Connection closed by 170.64.205.18 port 45172 [preauth]
May  6 23:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Failed password for root from 170.64.205.18 port 35260 ssh2
May  6 23:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Connection closed by 170.64.205.18 port 35260 [preauth]
May  6 23:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Invalid user gitlab from 170.64.205.18
May  6 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: input_userauth_request: invalid user gitlab [preauth]
May  6 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  6 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Failed password for invalid user gitlab from 170.64.205.18 port 35266 ssh2
May  6 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Failed password for root from 218.92.0.217 port 16592 ssh2
May  6 23:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10914]: Connection closed by 170.64.205.18 port 35266 [preauth]
May  6 23:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Failed password for root from 218.92.0.217 port 16592 ssh2
May  6 23:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Failed password for root from 218.92.0.217 port 16592 ssh2
May  6 23:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Received disconnect from 218.92.0.217 port 16592:11:  [preauth]
May  6 23:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: Disconnected from 218.92.0.217 port 16592 [preauth]
May  6 23:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10916]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  6 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Failed password for root from 170.64.205.18 port 36140 ssh2
May  6 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Connection closed by 170.64.205.18 port 36140 [preauth]
May  6 23:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: Invalid user steam from 170.64.205.18
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: input_userauth_request: invalid user steam [preauth]
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session closed for user p13x
May  6 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10996]: Successful su for rubyman by root
May  6 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10996]: + ??? root:rubyman
May  6 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343320 of user rubyman.
May  6 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10996]: pam_unix(su:session): session closed for user rubyman
May  6 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343320.
May  6 23:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: Failed password for invalid user steam from 170.64.205.18 port 36166 ssh2
May  6 23:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10933]: Connection closed by 170.64.205.18 port 36166 [preauth]
May  6 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7976]: pam_unix(cron:session): session closed for user root
May  6 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session closed for user samftp
May  6 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Failed password for root from 170.64.205.18 port 57966 ssh2
May  6 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11161]: Connection closed by 170.64.205.18 port 57966 [preauth]
May  6 23:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: Invalid user data from 170.64.205.18
May  6 23:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: input_userauth_request: invalid user data [preauth]
May  6 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Invalid user newuser from 152.32.158.35
May  6 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: input_userauth_request: invalid user newuser [preauth]
May  6 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  6 23:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: Failed password for invalid user data from 170.64.205.18 port 57982 ssh2
May  6 23:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11188]: Connection closed by 170.64.205.18 port 57982 [preauth]
May  6 23:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Failed password for invalid user newuser from 152.32.158.35 port 43914 ssh2
May  6 23:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Received disconnect from 152.32.158.35 port 43914:11: Bye Bye [preauth]
May  6 23:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Disconnected from 152.32.158.35 port 43914 [preauth]
May  6 23:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: Invalid user odoo16 from 170.64.205.18
May  6 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: input_userauth_request: invalid user odoo16 [preauth]
May  6 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: Failed password for invalid user odoo16 from 170.64.205.18 port 54970 ssh2
May  6 23:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11212]: Connection closed by 170.64.205.18 port 54970 [preauth]
May  6 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Invalid user test from 170.64.205.18
May  6 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: input_userauth_request: invalid user test [preauth]
May  6 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Failed password for invalid user test from 170.64.205.18 port 54976 ssh2
May  6 23:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Connection closed by 170.64.205.18 port 54976 [preauth]
May  6 23:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Invalid user user2 from 170.64.205.18
May  6 23:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: input_userauth_request: invalid user user2 [preauth]
May  6 23:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Failed password for invalid user user2 from 170.64.205.18 port 54978 ssh2
May  6 23:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Connection closed by 170.64.205.18 port 54978 [preauth]
May  6 23:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Invalid user esroot from 170.64.205.18
May  6 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: input_userauth_request: invalid user esroot [preauth]
May  6 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for invalid user esroot from 170.64.205.18 port 39834 ssh2
May  6 23:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Connection closed by 170.64.205.18 port 39834 [preauth]
May  6 23:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9881]: pam_unix(cron:session): session closed for user root
May  6 23:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for root from 170.64.205.18 port 39852 ssh2
May  6 23:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 170.64.205.18 port 39852 [preauth]
May  6 23:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: Invalid user admin from 170.64.205.18
May  6 23:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: input_userauth_request: invalid user admin [preauth]
May  6 23:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: Failed password for invalid user admin from 170.64.205.18 port 37022 ssh2
May  6 23:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: Connection closed by 170.64.205.18 port 37022 [preauth]
May  6 23:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: Failed password for root from 170.64.205.18 port 37030 ssh2
May  6 23:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11301]: Connection closed by 170.64.205.18 port 37030 [preauth]
May  6 23:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11323]: Failed password for root from 170.64.205.18 port 49014 ssh2
May  6 23:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11323]: Connection closed by 170.64.205.18 port 49014 [preauth]
May  6 23:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: User mysql from 170.64.205.18 not allowed because not listed in AllowUsers
May  6 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: input_userauth_request: invalid user mysql [preauth]
May  6 23:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=mysql
May  6 23:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Failed password for invalid user mysql from 170.64.205.18 port 49038 ssh2
May  6 23:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11334]: Connection closed by 170.64.205.18 port 49038 [preauth]
May  6 23:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Invalid user dev from 170.64.205.18
May  6 23:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: input_userauth_request: invalid user dev [preauth]
May  6 23:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Failed password for invalid user dev from 170.64.205.18 port 36264 ssh2
May  6 23:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11344]: Connection closed by 170.64.205.18 port 36264 [preauth]
May  6 23:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Invalid user system from 170.64.205.18
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: input_userauth_request: invalid user system [preauth]
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session closed for user p13x
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: Successful su for rubyman by root
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: + ??? root:rubyman
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343326 of user rubyman.
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11416]: pam_unix(su:session): session closed for user rubyman
May  6 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343326.
May  6 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Failed password for invalid user system from 170.64.205.18 port 36270 ssh2
May  6 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11354]: Connection closed by 170.64.205.18 port 36270 [preauth]
May  6 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session closed for user root
May  6 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session closed for user samftp
May  6 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Failed password for root from 170.64.205.18 port 47612 ssh2
May  6 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Connection closed by 170.64.205.18 port 47612 [preauth]
May  6 23:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Invalid user mongo from 170.64.205.18
May  6 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: input_userauth_request: invalid user mongo [preauth]
May  6 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Failed password for invalid user mongo from 170.64.205.18 port 47638 ssh2
May  6 23:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Connection closed by 170.64.205.18 port 47638 [preauth]
May  6 23:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Invalid user www from 170.64.205.18
May  6 23:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: input_userauth_request: invalid user www [preauth]
May  6 23:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Failed password for invalid user www from 170.64.205.18 port 36298 ssh2
May  6 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Connection closed by 170.64.205.18 port 36298 [preauth]
May  6 23:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Failed password for root from 170.64.205.18 port 36304 ssh2
May  6 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 170.64.205.18 port 36304 [preauth]
May  6 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Invalid user dev from 170.64.205.18
May  6 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: input_userauth_request: invalid user dev [preauth]
May  6 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Failed password for invalid user dev from 170.64.205.18 port 36320 ssh2
May  6 23:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11656]: Connection closed by 170.64.205.18 port 36320 [preauth]
May  6 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: Failed password for root from 170.64.205.18 port 51538 ssh2
May  6 23:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11678]: Connection closed by 170.64.205.18 port 51538 [preauth]
May  6 23:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Invalid user bot from 170.64.205.18
May  6 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: input_userauth_request: invalid user bot [preauth]
May  6 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10430]: pam_unix(cron:session): session closed for user root
May  6 23:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user bot from 170.64.205.18 port 51550 ssh2
May  6 23:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Connection closed by 170.64.205.18 port 51550 [preauth]
May  6 23:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Invalid user postgres from 170.64.205.18
May  6 23:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: input_userauth_request: invalid user postgres [preauth]
May  6 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Failed password for invalid user postgres from 170.64.205.18 port 32782 ssh2
May  6 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Connection closed by 170.64.205.18 port 32782 [preauth]
May  6 23:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Invalid user oracle from 170.64.205.18
May  6 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: input_userauth_request: invalid user oracle [preauth]
May  6 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Failed password for invalid user oracle from 170.64.205.18 port 32792 ssh2
May  6 23:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11725]: Connection closed by 170.64.205.18 port 32792 [preauth]
May  6 23:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Invalid user guest from 170.64.205.18
May  6 23:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: input_userauth_request: invalid user guest [preauth]
May  6 23:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Failed password for invalid user guest from 170.64.205.18 port 35864 ssh2
May  6 23:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Connection closed by 170.64.205.18 port 35864 [preauth]
May  6 23:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Invalid user oracle from 170.64.205.18
May  6 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: input_userauth_request: invalid user oracle [preauth]
May  6 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Failed password for invalid user oracle from 170.64.205.18 port 35878 ssh2
May  6 23:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Connection closed by 170.64.205.18 port 35878 [preauth]
May  6 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Invalid user ubuntu from 170.64.205.18
May  6 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: input_userauth_request: invalid user ubuntu [preauth]
May  6 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Failed password for invalid user ubuntu from 170.64.205.18 port 44214 ssh2
May  6 23:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Connection closed by 170.64.205.18 port 44214 [preauth]
May  6 23:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Invalid user observer from 170.64.205.18
May  6 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: input_userauth_request: invalid user observer [preauth]
May  6 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Failed password for invalid user observer from 170.64.205.18 port 44244 ssh2
May  6 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11782]: pam_unix(cron:session): session closed for user p13x
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11779]: Connection closed by 170.64.205.18 port 44244 [preauth]
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11845]: Successful su for rubyman by root
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11845]: + ??? root:rubyman
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343328 of user rubyman.
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11845]: pam_unix(su:session): session closed for user rubyman
May  6 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343328.
May  6 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8902]: pam_unix(cron:session): session closed for user root
May  6 23:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11783]: pam_unix(cron:session): session closed for user samftp
May  6 23:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Failed password for root from 170.64.205.18 port 44262 ssh2
May  6 23:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11951]: Connection closed by 170.64.205.18 port 44262 [preauth]
May  6 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Failed password for root from 170.64.205.18 port 45102 ssh2
May  6 23:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Connection closed by 170.64.205.18 port 45102 [preauth]
May  6 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Invalid user ranger from 170.64.205.18
May  6 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: input_userauth_request: invalid user ranger [preauth]
May  6 23:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Failed password for invalid user ranger from 170.64.205.18 port 45114 ssh2
May  6 23:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12033]: Connection closed by 170.64.205.18 port 45114 [preauth]
May  6 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Invalid user app from 170.64.205.18
May  6 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: input_userauth_request: invalid user app [preauth]
May  6 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Failed password for invalid user app from 170.64.205.18 port 55536 ssh2
May  6 23:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Connection closed by 170.64.205.18 port 55536 [preauth]
May  6 23:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Invalid user wang from 170.64.205.18
May  6 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: input_userauth_request: invalid user wang [preauth]
May  6 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Failed password for invalid user wang from 170.64.205.18 port 55540 ssh2
May  6 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12066]: Connection closed by 170.64.205.18 port 55540 [preauth]
May  6 23:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: Invalid user user from 170.64.205.18
May  6 23:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: input_userauth_request: invalid user user [preauth]
May  6 23:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: Failed password for invalid user user from 170.64.205.18 port 48572 ssh2
May  6 23:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: Connection closed by 170.64.205.18 port 48572 [preauth]
May  6 23:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10942]: pam_unix(cron:session): session closed for user root
May  6 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12101]: Failed password for root from 170.64.205.18 port 48588 ssh2
May  6 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12101]: Connection closed by 170.64.205.18 port 48588 [preauth]
May  6 23:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: Invalid user gpadmin from 170.64.205.18
May  6 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: input_userauth_request: invalid user gpadmin [preauth]
May  6 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: Failed password for invalid user gpadmin from 170.64.205.18 port 59182 ssh2
May  6 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12130]: Connection closed by 170.64.205.18 port 59182 [preauth]
May  6 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Invalid user minecraft from 170.64.205.18
May  6 23:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: input_userauth_request: invalid user minecraft [preauth]
May  6 23:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Failed password for invalid user minecraft from 170.64.205.18 port 59194 ssh2
May  6 23:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12133]: Connection closed by 170.64.205.18 port 59194 [preauth]
May  6 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Invalid user appuser from 170.64.205.18
May  6 23:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: input_userauth_request: invalid user appuser [preauth]
May  6 23:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Failed password for invalid user appuser from 170.64.205.18 port 54066 ssh2
May  6 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12157]: Connection closed by 170.64.205.18 port 54066 [preauth]
May  6 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Failed password for root from 218.92.0.179 port 41539 ssh2
May  6 23:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Failed password for root from 218.92.0.179 port 41539 ssh2
May  6 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Failed password for root from 170.64.205.18 port 54076 ssh2
May  6 23:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12169]: Connection closed by 170.64.205.18 port 54076 [preauth]
May  6 23:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Failed password for root from 218.92.0.179 port 41539 ssh2
May  6 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Received disconnect from 218.92.0.179 port 41539:11:  [preauth]
May  6 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: Disconnected from 218.92.0.179 port 41539 [preauth]
May  6 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12159]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Failed password for root from 170.64.205.18 port 54090 ssh2
May  6 23:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Connection closed by 170.64.205.18 port 54090 [preauth]
May  6 23:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Invalid user nexus from 170.64.205.18
May  6 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: input_userauth_request: invalid user nexus [preauth]
May  6 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Failed password for invalid user nexus from 170.64.205.18 port 55850 ssh2
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Connection closed by 170.64.205.18 port 55850 [preauth]
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session closed for user root
May  6 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user p13x
May  6 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: Successful su for rubyman by root
May  6 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: + ??? root:rubyman
May  6 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343335 of user rubyman.
May  6 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: pam_unix(su:session): session closed for user rubyman
May  6 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343335.
May  6 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Invalid user demo from 170.64.205.18
May  6 23:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: input_userauth_request: invalid user demo [preauth]
May  6 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9453]: pam_unix(cron:session): session closed for user root
May  6 23:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12198]: pam_unix(cron:session): session closed for user root
May  6 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for invalid user demo from 170.64.205.18 port 55858 ssh2
May  6 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Connection closed by 170.64.205.18 port 55858 [preauth]
May  6 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12197]: pam_unix(cron:session): session closed for user samftp
May  6 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Invalid user ftpuser from 170.64.205.18
May  6 23:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: input_userauth_request: invalid user ftpuser [preauth]
May  6 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Failed password for invalid user ftpuser from 170.64.205.18 port 50306 ssh2
May  6 23:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Connection closed by 170.64.205.18 port 50306 [preauth]
May  6 23:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Failed password for root from 170.64.205.18 port 50328 ssh2
May  6 23:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12494]: Connection closed by 170.64.205.18 port 50328 [preauth]
May  6 23:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: Failed password for root from 170.64.205.18 port 36460 ssh2
May  6 23:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12516]: Connection closed by 170.64.205.18 port 36460 [preauth]
May  6 23:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Invalid user lsfadmin from 170.64.205.18
May  6 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: input_userauth_request: invalid user lsfadmin [preauth]
May  6 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Failed password for invalid user lsfadmin from 170.64.205.18 port 36476 ssh2
May  6 23:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12527]: Connection closed by 170.64.205.18 port 36476 [preauth]
May  6 23:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Invalid user fastuser from 170.64.205.18
May  6 23:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: input_userauth_request: invalid user fastuser [preauth]
May  6 23:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Failed password for invalid user fastuser from 170.64.205.18 port 35992 ssh2
May  6 23:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12549]: Connection closed by 170.64.205.18 port 35992 [preauth]
May  6 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Invalid user admin from 170.64.205.18
May  6 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: input_userauth_request: invalid user admin [preauth]
May  6 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user root
May  6 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Failed password for invalid user admin from 170.64.205.18 port 36020 ssh2
May  6 23:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12560]: Connection closed by 170.64.205.18 port 36020 [preauth]
May  6 23:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Invalid user apache from 170.64.205.18
May  6 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: input_userauth_request: invalid user apache [preauth]
May  6 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Failed password for invalid user apache from 170.64.205.18 port 44088 ssh2
May  6 23:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12591]: Connection closed by 170.64.205.18 port 44088 [preauth]
May  6 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Invalid user ubuntu from 170.64.205.18
May  6 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: input_userauth_request: invalid user ubuntu [preauth]
May  6 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Failed password for invalid user ubuntu from 170.64.205.18 port 44100 ssh2
May  6 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12599]: Connection closed by 170.64.205.18 port 44100 [preauth]
May  6 23:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Invalid user test from 170.64.205.18
May  6 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: input_userauth_request: invalid user test [preauth]
May  6 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for invalid user test from 170.64.205.18 port 58742 ssh2
May  6 23:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Connection closed by 170.64.205.18 port 58742 [preauth]
May  6 23:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Invalid user postgres from 170.64.205.18
May  6 23:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: input_userauth_request: invalid user postgres [preauth]
May  6 23:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  6 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Failed password for invalid user postgres from 170.64.205.18 port 58750 ssh2
May  6 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12630]: Connection closed by 170.64.205.18 port 58750 [preauth]
May  6 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Failed password for root from 218.92.0.179 port 20413 ssh2
May  6 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Failed password for root from 64.227.102.153 port 53020 ssh2
May  6 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Received disconnect from 64.227.102.153 port 53020:11: Bye Bye [preauth]
May  6 23:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12640]: Disconnected from 64.227.102.153 port 53020 [preauth]
May  6 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: Invalid user solr from 170.64.205.18
May  6 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: input_userauth_request: invalid user solr [preauth]
May  6 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Failed password for root from 218.92.0.179 port 20413 ssh2
May  6 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: Failed password for invalid user solr from 170.64.205.18 port 58766 ssh2
May  6 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12642]: Connection closed by 170.64.205.18 port 58766 [preauth]
May  6 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Failed password for root from 218.92.0.179 port 20413 ssh2
May  6 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Received disconnect from 218.92.0.179 port 20413:11:  [preauth]
May  6 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Disconnected from 218.92.0.179 port 20413 [preauth]
May  6 23:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  6 23:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Invalid user test from 170.64.205.18
May  6 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: input_userauth_request: invalid user test [preauth]
May  6 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Failed password for invalid user test from 170.64.205.18 port 37508 ssh2
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12652]: Connection closed by 170.64.205.18 port 37508 [preauth]
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session closed for user p13x
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12732]: Successful su for rubyman by root
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12732]: + ??? root:rubyman
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343338 of user rubyman.
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12732]: pam_unix(su:session): session closed for user rubyman
May  6 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343338.
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Invalid user elastic from 170.64.205.18
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: input_userauth_request: invalid user elastic [preauth]
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Invalid user admin from 80.94.95.241
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: input_userauth_request: invalid user admin [preauth]
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session closed for user root
May  6 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session closed for user samftp
May  6 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Failed password for invalid user elastic from 170.64.205.18 port 37522 ssh2
May  6 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user admin from 80.94.95.241 port 21420 ssh2
May  6 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12811]: Connection closed by 170.64.205.18 port 37522 [preauth]
May  6 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: Invalid user samba from 170.64.205.18
May  6 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: input_userauth_request: invalid user samba [preauth]
May  6 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user admin from 80.94.95.241 port 21420 ssh2
May  6 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: Failed password for invalid user samba from 170.64.205.18 port 47636 ssh2
May  6 23:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12914]: Connection closed by 170.64.205.18 port 47636 [preauth]
May  6 23:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user admin from 80.94.95.241 port 21420 ssh2
May  6 23:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user admin from 80.94.95.241 port 21420 ssh2
May  6 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Invalid user jfedu1 from 170.64.205.18
May  6 23:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: input_userauth_request: invalid user jfedu1 [preauth]
May  6 23:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Failed password for invalid user admin from 80.94.95.241 port 21420 ssh2
May  6 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Received disconnect from 80.94.95.241 port 21420:11: Bye [preauth]
May  6 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: Disconnected from 80.94.95.241 port 21420 [preauth]
May  6 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  6 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12814]: PAM service(sshd) ignoring max retries; 5 > 3
May  6 23:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Failed password for invalid user jfedu1 from 170.64.205.18 port 47652 ssh2
May  6 23:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Connection closed by 170.64.205.18 port 47652 [preauth]
May  6 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Invalid user sonar from 170.64.205.18
May  6 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: input_userauth_request: invalid user sonar [preauth]
May  6 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Failed password for invalid user sonar from 170.64.205.18 port 33242 ssh2
May  6 23:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Connection closed by 170.64.205.18 port 33242 [preauth]
May  6 23:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: Invalid user gpuadmin from 170.64.205.18
May  6 23:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: input_userauth_request: invalid user gpuadmin [preauth]
May  6 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: Failed password for invalid user gpuadmin from 170.64.205.18 port 33254 ssh2
May  6 23:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12949]: Connection closed by 170.64.205.18 port 33254 [preauth]
May  6 23:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Invalid user ubuntu from 170.64.205.18
May  6 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: input_userauth_request: invalid user ubuntu [preauth]
May  6 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Failed password for invalid user ubuntu from 170.64.205.18 port 46950 ssh2
May  6 23:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12972]: Connection closed by 170.64.205.18 port 46950 [preauth]
May  6 23:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Invalid user dolphinscheduler from 170.64.205.18
May  6 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  6 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Failed password for invalid user dolphinscheduler from 170.64.205.18 port 46966 ssh2
May  6 23:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12985]: Connection closed by 170.64.205.18 port 46966 [preauth]
May  6 23:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11785]: pam_unix(cron:session): session closed for user root
May  6 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: Invalid user server from 170.64.205.18
May  6 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: input_userauth_request: invalid user server [preauth]
May  6 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: Failed password for invalid user server from 170.64.205.18 port 33858 ssh2
May  6 23:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13017]: Connection closed by 170.64.205.18 port 33858 [preauth]
May  6 23:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Failed password for root from 170.64.205.18 port 33880 ssh2
May  6 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13027]: Connection closed by 170.64.205.18 port 33880 [preauth]
May  6 23:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18  user=root
May  6 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Failed password for root from 170.64.205.18 port 36406 ssh2
May  6 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13041]: Connection closed by 170.64.205.18 port 36406 [preauth]
May  6 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: Invalid user stream from 170.64.205.18
May  6 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: input_userauth_request: invalid user stream [preauth]
May  6 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: Failed password for invalid user stream from 170.64.205.18 port 36410 ssh2
May  6 23:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13067]: Connection closed by 170.64.205.18 port 36410 [preauth]
May  6 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Invalid user mehdi from 170.64.205.18
May  6 23:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: input_userauth_request: invalid user mehdi [preauth]
May  6 23:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Failed password for invalid user mehdi from 170.64.205.18 port 36418 ssh2
May  6 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13069]: Connection closed by 170.64.205.18 port 36418 [preauth]
May  6 23:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Invalid user g from 170.64.205.18
May  6 23:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: input_userauth_request: invalid user g [preauth]
May  6 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session closed for user p13x
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Failed password for invalid user g from 170.64.205.18 port 38144 ssh2
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13150]: Successful su for rubyman by root
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13150]: + ??? root:rubyman
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343342 of user rubyman.
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13150]: pam_unix(su:session): session closed for user rubyman
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343342.
May  6 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13080]: Connection closed by 170.64.205.18 port 38144 [preauth]
May  6 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Invalid user user from 170.64.205.18
May  6 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: input_userauth_request: invalid user user [preauth]
May  6 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session closed for user root
May  6 23:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Failed password for invalid user user from 170.64.205.18 port 38146 ssh2
May  6 23:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Connection closed by 170.64.205.18 port 38146 [preauth]
May  6 23:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13092]: pam_unix(cron:session): session closed for user samftp
May  6 23:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  6 23:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Invalid user administrator from 170.64.205.18
May  6 23:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: input_userauth_request: invalid user administrator [preauth]
May  6 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.205.18
May  6 23:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Failed password for root from 152.32.158.35 port 50758 ssh2
May  6 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Received disconnect from 152.32.158.35 port 50758:11: Bye Bye [preauth]
May  6 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13331]: Disconnected from 152.32.158.35 port 50758 [preauth]
May  6 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Failed password for invalid user administrator from 170.64.205.18 port 37904 ssh2
May  6 23:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13341]: Connection closed by 170.64.205.18 port 37904 [preauth]
May  6 23:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session closed for user root
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session closed for user p13x
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: Successful su for rubyman by root
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: + ??? root:rubyman
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343346 of user rubyman.
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13652]: pam_unix(su:session): session closed for user rubyman
May  6 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343346.
May  6 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session closed for user root
May  6 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user samftp
May  6 23:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session closed for user root
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session closed for user p13x
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: Successful su for rubyman by root
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: + ??? root:rubyman
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343350 of user rubyman.
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: pam_unix(su:session): session closed for user rubyman
May  6 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343350.
May  6 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user root
May  6 23:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session closed for user samftp
May  6 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13094]: pam_unix(cron:session): session closed for user root
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14406]: pam_unix(cron:session): session closed for user root
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session closed for user p13x
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14468]: Successful su for rubyman by root
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14468]: + ??? root:rubyman
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343355 of user rubyman.
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14468]: pam_unix(su:session): session closed for user rubyman
May  6 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343355.
May  6 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14403]: pam_unix(cron:session): session closed for user root
May  6 23:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session closed for user root
May  6 23:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session closed for user samftp
May  6 23:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user root
May  6 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  6 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Failed password for root from 64.227.102.153 port 33766 ssh2
May  6 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Received disconnect from 64.227.102.153 port 33766:11: Bye Bye [preauth]
May  6 23:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14828]: Disconnected from 64.227.102.153 port 33766 [preauth]
May  6 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14840]: pam_unix(cron:session): session closed for user p13x
May  6 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: Successful su for rubyman by root
May  6 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: + ??? root:rubyman
May  6 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343360 of user rubyman.
May  6 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14918]: pam_unix(su:session): session closed for user rubyman
May  6 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343360.
May  6 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session closed for user root
May  6 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14841]: pam_unix(cron:session): session closed for user samftp
May  6 23:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  6 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Failed password for root from 218.92.0.237 port 43650 ssh2
May  6 23:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 43650 ssh2]
May  6 23:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Received disconnect from 218.92.0.237 port 43650:11:  [preauth]
May  6 23:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: Disconnected from 218.92.0.237 port 43650 [preauth]
May  6 23:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15138]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  6 23:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session closed for user root
May  6 23:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Invalid user user from 152.32.158.35
May  6 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: input_userauth_request: invalid user user [preauth]
May  6 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15247]: pam_unix(cron:session): session closed for user p13x
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: Successful su for rubyman by root
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: + ??? root:rubyman
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343367 of user rubyman.
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15308]: pam_unix(su:session): session closed for user rubyman
May  6 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343367.
May  6 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Failed password for invalid user user from 152.32.158.35 port 57592 ssh2
May  6 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Received disconnect from 152.32.158.35 port 57592:11: Bye Bye [preauth]
May  6 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Disconnected from 152.32.158.35 port 57592 [preauth]
May  6 23:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session closed for user root
May  6 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15248]: pam_unix(cron:session): session closed for user samftp
May  6 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Invalid user admin from 46.244.96.25
May  6 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: input_userauth_request: invalid user admin [preauth]
May  6 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: pam_unix(sshd:auth): check pass; user unknown
May  6 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  6 23:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Failed password for invalid user admin from 46.244.96.25 port 39972 ssh2
May  6 23:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: Connection closed by 46.244.96.25 port 39972 [preauth]
May  6 23:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  6 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  6 23:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15533]: Failed password for root from 218.92.0.205 port 14898 ssh2
May  6 23:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session closed for user root
May  6 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15648]: pam_unix(cron:session): session closed for user p13x
May  6 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: Successful su for rubyman by root
May  6 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: + ??? root:rubyman
May  6 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343368 of user rubyman.
May  6 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15712]: pam_unix(su:session): session closed for user rubyman
May  6 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343368.
May  6 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13093]: pam_unix(cron:session): session closed for user root
May  6 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15649]: pam_unix(cron:session): session closed for user samftp
May  6 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14843]: pam_unix(cron:session): session closed for user root
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16040]: pam_unix(cron:session): session closed for user p13x
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16100]: Successful su for rubyman by root
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16100]: + ??? root:rubyman
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343373 of user rubyman.
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16100]: pam_unix(su:session): session closed for user rubyman
May  6 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343373.
May  6 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user root
May  6 23:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16041]: pam_unix(cron:session): session closed for user samftp
May  6 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15250]: pam_unix(cron:session): session closed for user root
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session closed for user root
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16422]: pam_unix(cron:session): session closed for user root
May  7 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session closed for user p13x
May  7 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16554]: Successful su for rubyman by root
May  7 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16554]: + ??? root:rubyman
May  7 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343378 of user rubyman.
May  7 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16554]: pam_unix(su:session): session closed for user rubyman
May  7 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343378.
May  7 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session closed for user root
May  7 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session closed for user root
May  7 00:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session closed for user samftp
May  7 00:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15651]: pam_unix(cron:session): session closed for user root
May  7 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: Invalid user isis from 64.227.102.153
May  7 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: input_userauth_request: invalid user isis [preauth]
May  7 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: Failed password for invalid user isis from 64.227.102.153 port 37294 ssh2
May  7 00:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: Received disconnect from 64.227.102.153 port 37294:11: Bye Bye [preauth]
May  7 00:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16991]: Disconnected from 64.227.102.153 port 37294 [preauth]
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session closed for user root
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session closed for user p13x
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: Successful su for rubyman by root
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: + ??? root:rubyman
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343383 of user rubyman.
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17072]: pam_unix(su:session): session closed for user rubyman
May  7 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343383.
May  7 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session closed for user root
May  7 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user samftp
May  7 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16043]: pam_unix(cron:session): session closed for user root
May  7 00:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Invalid user kd from 152.32.158.35
May  7 00:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: input_userauth_request: invalid user kd [preauth]
May  7 00:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Failed password for invalid user kd from 152.32.158.35 port 36198 ssh2
May  7 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Received disconnect from 152.32.158.35 port 36198:11: Bye Bye [preauth]
May  7 00:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Disconnected from 152.32.158.35 port 36198 [preauth]
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session closed for user p13x
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17483]: Successful su for rubyman by root
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17483]: + ??? root:rubyman
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343388 of user rubyman.
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17483]: pam_unix(su:session): session closed for user rubyman
May  7 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343388.
May  7 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14842]: pam_unix(cron:session): session closed for user root
May  7 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session closed for user samftp
May  7 00:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16421]: pam_unix(cron:session): session closed for user root
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session closed for user p13x
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: Successful su for rubyman by root
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: + ??? root:rubyman
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343392 of user rubyman.
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: pam_unix(su:session): session closed for user rubyman
May  7 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343392.
May  7 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15249]: pam_unix(cron:session): session closed for user root
May  7 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user samftp
May  7 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17006]: pam_unix(cron:session): session closed for user root
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user p13x
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: Successful su for rubyman by root
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: + ??? root:rubyman
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343397 of user rubyman.
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18420]: pam_unix(su:session): session closed for user rubyman
May  7 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343397.
May  7 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15650]: pam_unix(cron:session): session closed for user root
May  7 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session closed for user samftp
May  7 00:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17421]: pam_unix(cron:session): session closed for user root
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18769]: pam_unix(cron:session): session closed for user root
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session closed for user p13x
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: Successful su for rubyman by root
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: + ??? root:rubyman
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343400 of user rubyman.
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: pam_unix(su:session): session closed for user rubyman
May  7 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343400.
May  7 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18763]: pam_unix(cron:session): session closed for user root
May  7 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16042]: pam_unix(cron:session): session closed for user root
May  7 00:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session closed for user samftp
May  7 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user root
May  7 00:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: Invalid user scan from 64.227.102.153
May  7 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: input_userauth_request: invalid user scan [preauth]
May  7 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: Failed password for invalid user scan from 64.227.102.153 port 39438 ssh2
May  7 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: Received disconnect from 64.227.102.153 port 39438:11: Bye Bye [preauth]
May  7 00:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19195]: Disconnected from 64.227.102.153 port 39438 [preauth]
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session closed for user p13x
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19285]: Successful su for rubyman by root
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19285]: + ??? root:rubyman
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343407 of user rubyman.
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19285]: pam_unix(su:session): session closed for user rubyman
May  7 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343407.
May  7 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session closed for user samftp
May  7 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16420]: pam_unix(cron:session): session closed for user root
May  7 00:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18353]: pam_unix(cron:session): session closed for user root
May  7 00:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Invalid user mtvps1 from 152.32.158.35
May  7 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: input_userauth_request: invalid user mtvps1 [preauth]
May  7 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user mtvps1 from 152.32.158.35 port 43044 ssh2
May  7 00:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Received disconnect from 152.32.158.35 port 43044:11: Bye Bye [preauth]
May  7 00:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Disconnected from 152.32.158.35 port 43044 [preauth]
May  7 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19628]: pam_unix(cron:session): session closed for user p13x
May  7 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19698]: Successful su for rubyman by root
May  7 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19698]: + ??? root:rubyman
May  7 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343410 of user rubyman.
May  7 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19698]: pam_unix(su:session): session closed for user rubyman
May  7 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343410.
May  7 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17005]: pam_unix(cron:session): session closed for user root
May  7 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session closed for user samftp
May  7 00:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18768]: pam_unix(cron:session): session closed for user root
May  7 00:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Invalid user admin from 80.94.95.112
May  7 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: input_userauth_request: invalid user admin [preauth]
May  7 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 00:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for invalid user admin from 80.94.95.112 port 18406 ssh2
May  7 00:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for invalid user admin from 80.94.95.112 port 18406 ssh2
May  7 00:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for invalid user admin from 80.94.95.112 port 18406 ssh2
May  7 00:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for invalid user admin from 80.94.95.112 port 18406 ssh2
May  7 00:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Failed password for invalid user admin from 80.94.95.112 port 18406 ssh2
May  7 00:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Received disconnect from 80.94.95.112 port 18406:11: Bye [preauth]
May  7 00:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: Disconnected from 80.94.95.112 port 18406 [preauth]
May  7 00:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 00:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20003]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20057]: pam_unix(cron:session): session closed for user p13x
May  7 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20121]: Successful su for rubyman by root
May  7 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20121]: + ??? root:rubyman
May  7 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343415 of user rubyman.
May  7 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20121]: pam_unix(su:session): session closed for user rubyman
May  7 00:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343415.
May  7 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user root
May  7 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20058]: pam_unix(cron:session): session closed for user samftp
May  7 00:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19209]: pam_unix(cron:session): session closed for user root
May  7 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 00:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: Failed password for root from 50.235.31.47 port 38800 ssh2
May  7 00:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20445]: Connection closed by 50.235.31.47 port 38800 [preauth]
May  7 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session closed for user p13x
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20583]: Successful su for rubyman by root
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20583]: + ??? root:rubyman
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343418 of user rubyman.
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20583]: pam_unix(su:session): session closed for user rubyman
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343418.
May  7 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session closed for user root
May  7 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user root
May  7 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session closed for user samftp
May  7 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session closed for user root
May  7 00:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Invalid user vpn from 190.103.202.7
May  7 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: input_userauth_request: invalid user vpn [preauth]
May  7 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 00:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Failed password for invalid user vpn from 190.103.202.7 port 53870 ssh2
May  7 00:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20938]: Connection closed by 190.103.202.7 port 53870 [preauth]
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user root
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20966]: pam_unix(cron:session): session closed for user p13x
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: Successful su for rubyman by root
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: + ??? root:rubyman
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343423 of user rubyman.
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: pam_unix(su:session): session closed for user rubyman
May  7 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343423.
May  7 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user root
May  7 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18352]: pam_unix(cron:session): session closed for user root
May  7 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20967]: pam_unix(cron:session): session closed for user samftp
May  7 00:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20060]: pam_unix(cron:session): session closed for user root
May  7 00:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Invalid user ubuntu from 80.94.95.125
May  7 00:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: input_userauth_request: invalid user ubuntu [preauth]
May  7 00:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user ubuntu from 80.94.95.125 port 53607 ssh2
May  7 00:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user ubuntu from 80.94.95.125 port 53607 ssh2
May  7 00:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user ubuntu from 80.94.95.125 port 53607 ssh2
May  7 00:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user ubuntu from 80.94.95.125 port 53607 ssh2
May  7 00:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Failed password for invalid user ubuntu from 80.94.95.125 port 53607 ssh2
May  7 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Received disconnect from 80.94.95.125 port 53607:11: Bye [preauth]
May  7 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: Disconnected from 80.94.95.125 port 53607 [preauth]
May  7 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 00:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21377]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 00:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  7 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: Failed password for root from 64.227.102.153 port 53208 ssh2
May  7 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: Received disconnect from 64.227.102.153 port 53208:11: Bye Bye [preauth]
May  7 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21423]: Disconnected from 64.227.102.153 port 53208 [preauth]
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session closed for user p13x
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21505]: Successful su for rubyman by root
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21505]: + ??? root:rubyman
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343429 of user rubyman.
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21505]: pam_unix(su:session): session closed for user rubyman
May  7 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343429.
May  7 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session closed for user root
May  7 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session closed for user samftp
May  7 00:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20463]: pam_unix(cron:session): session closed for user root
May  7 00:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  7 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Failed password for root from 152.32.158.35 port 49894 ssh2
May  7 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Received disconnect from 152.32.158.35 port 49894:11: Bye Bye [preauth]
May  7 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22152]: Disconnected from 152.32.158.35 port 49894 [preauth]
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session closed for user p13x
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: Successful su for rubyman by root
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: + ??? root:rubyman
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343433 of user rubyman.
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: pam_unix(su:session): session closed for user rubyman
May  7 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343433.
May  7 00:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19208]: pam_unix(cron:session): session closed for user root
May  7 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session closed for user samftp
May  7 00:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 00:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Failed password for root from 218.92.0.208 port 27586 ssh2
May  7 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user root
May  7 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Connection reset by 218.92.0.208 port 27586 [preauth]
May  7 00:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session closed for user p13x
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: Successful su for rubyman by root
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: + ??? root:rubyman
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343438 of user rubyman.
May  7 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22707]: pam_unix(su:session): session closed for user rubyman
May  7 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343438.
May  7 00:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user root
May  7 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session closed for user samftp
May  7 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21437]: pam_unix(cron:session): session closed for user root
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user p13x
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23158]: Successful su for rubyman by root
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23158]: + ??? root:rubyman
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343443 of user rubyman.
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23158]: pam_unix(su:session): session closed for user rubyman
May  7 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343443.
May  7 00:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20059]: pam_unix(cron:session): session closed for user root
May  7 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session closed for user samftp
May  7 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session closed for user root
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23598]: pam_unix(cron:session): session closed for user root
May  7 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23592]: pam_unix(cron:session): session closed for user p13x
May  7 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23667]: Successful su for rubyman by root
May  7 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23667]: + ??? root:rubyman
May  7 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343447 of user rubyman.
May  7 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23667]: pam_unix(su:session): session closed for user rubyman
May  7 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343447.
May  7 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23595]: pam_unix(cron:session): session closed for user root
May  7 00:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20462]: pam_unix(cron:session): session closed for user root
May  7 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23594]: pam_unix(cron:session): session closed for user samftp
May  7 00:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session closed for user root
May  7 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Invalid user weblogic from 64.227.102.153
May  7 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: input_userauth_request: invalid user weblogic [preauth]
May  7 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Failed password for invalid user weblogic from 64.227.102.153 port 44762 ssh2
May  7 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Received disconnect from 64.227.102.153 port 44762:11: Bye Bye [preauth]
May  7 00:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24136]: Disconnected from 64.227.102.153 port 44762 [preauth]
May  7 00:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 00:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Failed password for root from 218.92.0.217 port 21218 ssh2
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user p13x
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24238]: Successful su for rubyman by root
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24238]: + ??? root:rubyman
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343451 of user rubyman.
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24238]: pam_unix(su:session): session closed for user rubyman
May  7 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343451.
May  7 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Failed password for root from 218.92.0.217 port 21218 ssh2
May  7 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Failed password for root from 218.92.0.217 port 21218 ssh2
May  7 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Received disconnect from 218.92.0.217 port 21218:11:  [preauth]
May  7 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Disconnected from 218.92.0.217 port 21218 [preauth]
May  7 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 00:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session closed for user root
May  7 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24161]: pam_unix(cron:session): session closed for user samftp
May  7 00:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Failed password for root from 218.92.0.179 port 52552 ssh2
May  7 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23097]: pam_unix(cron:session): session closed for user root
May  7 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Failed password for root from 218.92.0.179 port 52552 ssh2
May  7 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Failed password for root from 218.92.0.179 port 52552 ssh2
May  7 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Received disconnect from 218.92.0.179 port 52552:11:  [preauth]
May  7 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Disconnected from 218.92.0.179 port 52552 [preauth]
May  7 00:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Invalid user school from 152.32.158.35
May  7 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: input_userauth_request: invalid user school [preauth]
May  7 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Failed password for invalid user school from 152.32.158.35 port 56732 ssh2
May  7 00:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Received disconnect from 152.32.158.35 port 56732:11: Bye Bye [preauth]
May  7 00:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24598]: Disconnected from 152.32.158.35 port 56732 [preauth]
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24620]: pam_unix(cron:session): session closed for user root
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24623]: pam_unix(cron:session): session closed for user p13x
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24690]: Successful su for rubyman by root
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24690]: + ??? root:rubyman
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343456 of user rubyman.
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24690]: pam_unix(su:session): session closed for user rubyman
May  7 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343456.
May  7 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21436]: pam_unix(cron:session): session closed for user root
May  7 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24624]: pam_unix(cron:session): session closed for user samftp
May  7 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23597]: pam_unix(cron:session): session closed for user root
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25035]: pam_unix(cron:session): session closed for user p13x
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: Successful su for rubyman by root
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: + ??? root:rubyman
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343462 of user rubyman.
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25093]: pam_unix(su:session): session closed for user rubyman
May  7 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343462.
May  7 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22165]: pam_unix(cron:session): session closed for user root
May  7 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25036]: pam_unix(cron:session): session closed for user samftp
May  7 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24163]: pam_unix(cron:session): session closed for user root
May  7 00:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Invalid user telecomadmin from 194.0.234.16
May  7 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: input_userauth_request: invalid user telecomadmin [preauth]
May  7 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  7 00:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for invalid user telecomadmin from 194.0.234.16 port 56756 ssh2
May  7 00:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Connection closed by 194.0.234.16 port 56756 [preauth]
May  7 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session closed for user p13x
May  7 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: Successful su for rubyman by root
May  7 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: + ??? root:rubyman
May  7 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343465 of user rubyman.
May  7 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: pam_unix(su:session): session closed for user rubyman
May  7 00:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343465.
May  7 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session closed for user root
May  7 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user samftp
May  7 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session closed for user root
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25934]: pam_unix(cron:session): session closed for user root
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25927]: pam_unix(cron:session): session closed for user p13x
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26006]: Successful su for rubyman by root
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26006]: + ??? root:rubyman
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343469 of user rubyman.
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26006]: pam_unix(su:session): session closed for user rubyman
May  7 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343469.
May  7 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25931]: pam_unix(cron:session): session closed for user root
May  7 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23096]: pam_unix(cron:session): session closed for user root
May  7 00:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25929]: pam_unix(cron:session): session closed for user samftp
May  7 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25038]: pam_unix(cron:session): session closed for user root
May  7 00:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 00:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Failed password for root from 218.92.0.219 port 56116 ssh2
May  7 00:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 56116 ssh2]
May  7 00:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Received disconnect from 218.92.0.219 port 56116:11:  [preauth]
May  7 00:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: Disconnected from 218.92.0.219 port 56116 [preauth]
May  7 00:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26310]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 00:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Invalid user desenvolvimento from 64.227.102.153
May  7 00:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: input_userauth_request: invalid user desenvolvimento [preauth]
May  7 00:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Failed password for invalid user desenvolvimento from 64.227.102.153 port 53424 ssh2
May  7 00:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Received disconnect from 64.227.102.153 port 53424:11: Bye Bye [preauth]
May  7 00:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26333]: Disconnected from 64.227.102.153 port 53424 [preauth]
May  7 00:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26376]: pam_unix(cron:session): session closed for user p13x
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: Successful su for rubyman by root
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: + ??? root:rubyman
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343474 of user rubyman.
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26528]: pam_unix(su:session): session closed for user rubyman
May  7 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343474.
May  7 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23596]: pam_unix(cron:session): session closed for user root
May  7 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26377]: pam_unix(cron:session): session closed for user samftp
May  7 00:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 00:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: Failed password for root from 218.92.0.219 port 40784 ssh2
May  7 00:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 40784 ssh2]
May  7 00:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: Received disconnect from 218.92.0.219 port 40784:11:  [preauth]
May  7 00:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: Disconnected from 218.92.0.219 port 40784 [preauth]
May  7 00:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26698]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 00:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 00:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Failed password for root from 218.92.0.219 port 14960 ssh2
May  7 00:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 14960 ssh2]
May  7 00:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Received disconnect from 218.92.0.219 port 14960:11:  [preauth]
May  7 00:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: Disconnected from 218.92.0.219 port 14960 [preauth]
May  7 00:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26738]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 00:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session closed for user root
May  7 00:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Failed password for root from 218.92.0.179 port 63882 ssh2
May  7 00:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63882 ssh2]
May  7 00:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Received disconnect from 218.92.0.179 port 63882:11:  [preauth]
May  7 00:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: Disconnected from 218.92.0.179 port 63882 [preauth]
May  7 00:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26777]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Invalid user graham from 152.32.158.35
May  7 00:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: input_userauth_request: invalid user graham [preauth]
May  7 00:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Failed password for invalid user graham from 152.32.158.35 port 35338 ssh2
May  7 00:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Received disconnect from 152.32.158.35 port 35338:11: Bye Bye [preauth]
May  7 00:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26821]: Disconnected from 152.32.158.35 port 35338 [preauth]
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user p13x
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26966]: Successful su for rubyman by root
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26966]: + ??? root:rubyman
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343479 of user rubyman.
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26966]: pam_unix(su:session): session closed for user rubyman
May  7 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343479.
May  7 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24162]: pam_unix(cron:session): session closed for user root
May  7 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session closed for user samftp
May  7 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25933]: pam_unix(cron:session): session closed for user root
May  7 00:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Failed password for root from 218.92.0.179 port 24823 ssh2
May  7 00:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 24823 ssh2]
May  7 00:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Received disconnect from 218.92.0.179 port 24823:11:  [preauth]
May  7 00:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Disconnected from 218.92.0.179 port 24823 [preauth]
May  7 00:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27363]: pam_unix(cron:session): session closed for user p13x
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27463]: Successful su for rubyman by root
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27463]: + ??? root:rubyman
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343483 of user rubyman.
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27463]: pam_unix(su:session): session closed for user rubyman
May  7 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343483.
May  7 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24625]: pam_unix(cron:session): session closed for user root
May  7 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27365]: pam_unix(cron:session): session closed for user samftp
May  7 00:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26380]: pam_unix(cron:session): session closed for user root
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27821]: pam_unix(cron:session): session closed for user p13x
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: Successful su for rubyman by root
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: + ??? root:rubyman
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343487 of user rubyman.
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27890]: pam_unix(su:session): session closed for user rubyman
May  7 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343487.
May  7 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25037]: pam_unix(cron:session): session closed for user root
May  7 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27822]: pam_unix(cron:session): session closed for user samftp
May  7 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session closed for user root
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28233]: pam_unix(cron:session): session closed for user root
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user p13x
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28295]: Successful su for rubyman by root
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28295]: + ??? root:rubyman
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343495 of user rubyman.
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28295]: pam_unix(su:session): session closed for user rubyman
May  7 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343495.
May  7 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
May  7 00:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28230]: pam_unix(cron:session): session closed for user root
May  7 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28229]: pam_unix(cron:session): session closed for user samftp
May  7 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27368]: pam_unix(cron:session): session closed for user root
May  7 00:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  7 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Failed password for root from 64.227.102.153 port 55398 ssh2
May  7 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Received disconnect from 64.227.102.153 port 55398:11: Bye Bye [preauth]
May  7 00:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28613]: Disconnected from 64.227.102.153 port 55398 [preauth]
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28667]: pam_unix(cron:session): session closed for user p13x
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: Successful su for rubyman by root
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: + ??? root:rubyman
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343497 of user rubyman.
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: pam_unix(su:session): session closed for user rubyman
May  7 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343497.
May  7 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25932]: pam_unix(cron:session): session closed for user root
May  7 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28668]: pam_unix(cron:session): session closed for user samftp
May  7 00:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Invalid user admin from 80.94.95.241
May  7 00:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: input_userauth_request: invalid user admin [preauth]
May  7 00:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 00:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Failed password for invalid user admin from 80.94.95.241 port 5614 ssh2
May  7 00:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Failed password for invalid user admin from 80.94.95.241 port 5614 ssh2
May  7 00:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Failed password for invalid user admin from 80.94.95.241 port 5614 ssh2
May  7 00:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Failed password for invalid user admin from 80.94.95.241 port 5614 ssh2
May  7 00:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Failed password for invalid user admin from 80.94.95.241 port 5614 ssh2
May  7 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Received disconnect from 80.94.95.241 port 5614:11: Bye [preauth]
May  7 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: Disconnected from 80.94.95.241 port 5614 [preauth]
May  7 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 00:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28967]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27824]: pam_unix(cron:session): session closed for user root
May  7 00:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Invalid user roots from 152.32.158.35
May  7 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: input_userauth_request: invalid user roots [preauth]
May  7 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Failed password for invalid user roots from 152.32.158.35 port 42180 ssh2
May  7 00:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Received disconnect from 152.32.158.35 port 42180:11: Bye Bye [preauth]
May  7 00:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29111]: Disconnected from 152.32.158.35 port 42180 [preauth]
May  7 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user p13x
May  7 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: Successful su for rubyman by root
May  7 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: + ??? root:rubyman
May  7 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343500 of user rubyman.
May  7 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29239]: pam_unix(su:session): session closed for user rubyman
May  7 00:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343500.
May  7 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26379]: pam_unix(cron:session): session closed for user root
May  7 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session closed for user samftp
May  7 00:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 00:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Failed password for root from 218.92.0.236 port 35592 ssh2
May  7 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 35592 ssh2]
May  7 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Received disconnect from 218.92.0.236 port 35592:11:  [preauth]
May  7 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Disconnected from 218.92.0.236 port 35592 [preauth]
May  7 00:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28232]: pam_unix(cron:session): session closed for user root
May  7 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session closed for user p13x
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29660]: Successful su for rubyman by root
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29660]: + ??? root:rubyman
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343504 of user rubyman.
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29660]: pam_unix(su:session): session closed for user rubyman
May  7 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343504.
May  7 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session closed for user root
May  7 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session closed for user samftp
May  7 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: Failed password for root from 218.92.0.179 port 61203 ssh2
May  7 00:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61203 ssh2]
May  7 00:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: Received disconnect from 218.92.0.179 port 61203:11:  [preauth]
May  7 00:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: Disconnected from 218.92.0.179 port 61203 [preauth]
May  7 00:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29901]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28670]: pam_unix(cron:session): session closed for user root
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30003]: pam_unix(cron:session): session closed for user p13x
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: Successful su for rubyman by root
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: + ??? root:rubyman
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343510 of user rubyman.
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30062]: pam_unix(su:session): session closed for user rubyman
May  7 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343510.
May  7 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27367]: pam_unix(cron:session): session closed for user root
May  7 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session closed for user samftp
May  7 00:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session closed for user root
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30396]: pam_unix(cron:session): session closed for user root
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30391]: pam_unix(cron:session): session closed for user p13x
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30464]: Successful su for rubyman by root
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30464]: + ??? root:rubyman
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343512 of user rubyman.
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30464]: pam_unix(su:session): session closed for user rubyman
May  7 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343512.
May  7 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30393]: pam_unix(cron:session): session closed for user root
May  7 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27823]: pam_unix(cron:session): session closed for user root
May  7 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30392]: pam_unix(cron:session): session closed for user samftp
May  7 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29601]: pam_unix(cron:session): session closed for user root
May  7 00:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Invalid user metabase from 64.227.102.153
May  7 00:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: input_userauth_request: invalid user metabase [preauth]
May  7 00:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Failed password for invalid user metabase from 64.227.102.153 port 50262 ssh2
May  7 00:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Received disconnect from 64.227.102.153 port 50262:11: Bye Bye [preauth]
May  7 00:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30787]: Disconnected from 64.227.102.153 port 50262 [preauth]
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session closed for user p13x
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30893]: Successful su for rubyman by root
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30893]: + ??? root:rubyman
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343518 of user rubyman.
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30893]: pam_unix(su:session): session closed for user rubyman
May  7 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343518.
May  7 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28231]: pam_unix(cron:session): session closed for user root
May  7 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session closed for user samftp
May  7 00:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session closed for user root
May  7 00:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Invalid user vignesh from 152.32.158.35
May  7 00:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: input_userauth_request: invalid user vignesh [preauth]
May  7 00:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Failed password for invalid user vignesh from 152.32.158.35 port 49026 ssh2
May  7 00:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Received disconnect from 152.32.158.35 port 49026:11: Bye Bye [preauth]
May  7 00:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31288]: Disconnected from 152.32.158.35 port 49026 [preauth]
May  7 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session closed for user p13x
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31396]: Successful su for rubyman by root
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31396]: + ??? root:rubyman
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343522 of user rubyman.
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31396]: pam_unix(su:session): session closed for user rubyman
May  7 00:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343522.
May  7 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28669]: pam_unix(cron:session): session closed for user root
May  7 00:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session closed for user samftp
May  7 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session closed for user root
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31763]: pam_unix(cron:session): session closed for user p13x
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: Successful su for rubyman by root
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: + ??? root:rubyman
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343528 of user rubyman.
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31826]: pam_unix(su:session): session closed for user rubyman
May  7 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343528.
May  7 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user root
May  7 00:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31764]: pam_unix(cron:session): session closed for user samftp
May  7 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30822]: pam_unix(cron:session): session closed for user root
May  7 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Invalid user webadmin from 164.68.105.9
May  7 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: input_userauth_request: invalid user webadmin [preauth]
May  7 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 00:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Failed password for invalid user webadmin from 164.68.105.9 port 48632 ssh2
May  7 00:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32390]: Connection closed by 164.68.105.9 port 48632 [preauth]
May  7 00:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Failed password for root from 218.92.0.179 port 11081 ssh2
May  7 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11081 ssh2]
May  7 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Received disconnect from 218.92.0.179 port 11081:11:  [preauth]
May  7 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: Disconnected from 218.92.0.179 port 11081 [preauth]
May  7 00:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32453]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session closed for user p13x
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: Successful su for rubyman by root
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: + ??? root:rubyman
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343531 of user rubyman.
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32542]: pam_unix(su:session): session closed for user rubyman
May  7 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343531.
May  7 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29600]: pam_unix(cron:session): session closed for user root
May  7 00:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session closed for user samftp
May  7 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session closed for user root
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[610]: pam_unix(cron:session): session closed for user root
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session closed for user p13x
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[684]: Successful su for rubyman by root
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[684]: + ??? root:rubyman
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343536 of user rubyman.
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[684]: pam_unix(su:session): session closed for user rubyman
May  7 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343536.
May  7 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session closed for user root
May  7 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30005]: pam_unix(cron:session): session closed for user root
May  7 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Invalid user anything from 64.227.130.206
May  7 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: input_userauth_request: invalid user anything [preauth]
May  7 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 00:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session closed for user samftp
May  7 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Failed password for invalid user anything from 64.227.130.206 port 33220 ssh2
May  7 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Received disconnect from 64.227.130.206 port 33220:11: Bye Bye [preauth]
May  7 00:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[878]: Disconnected from 64.227.130.206 port 33220 [preauth]
May  7 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31767]: pam_unix(cron:session): session closed for user root
May  7 00:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  7 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: Failed password for root from 64.227.102.153 port 52644 ssh2
May  7 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: Received disconnect from 64.227.102.153 port 52644:11: Bye Bye [preauth]
May  7 00:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1052]: Disconnected from 64.227.102.153 port 52644 [preauth]
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1113]: pam_unix(cron:session): session closed for user p13x
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: Successful su for rubyman by root
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: + ??? root:rubyman
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343540 of user rubyman.
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: pam_unix(su:session): session closed for user rubyman
May  7 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343540.
May  7 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session closed for user root
May  7 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1114]: pam_unix(cron:session): session closed for user samftp
May  7 00:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 00:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: Failed password for root from 218.92.0.218 port 14284 ssh2
May  7 00:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 14284 ssh2]
May  7 00:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: Received disconnect from 218.92.0.218 port 14284:11:  [preauth]
May  7 00:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: Disconnected from 218.92.0.218 port 14284 [preauth]
May  7 00:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1457]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 00:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session closed for user root
May  7 00:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: Invalid user eder from 154.221.25.33
May  7 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: input_userauth_request: invalid user eder [preauth]
May  7 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 00:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: Failed password for invalid user eder from 154.221.25.33 port 57330 ssh2
May  7 00:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: Received disconnect from 154.221.25.33 port 57330:11: Bye Bye [preauth]
May  7 00:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1536]: Disconnected from 154.221.25.33 port 57330 [preauth]
May  7 00:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  7 00:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 152.32.158.35 port 55872 ssh2
May  7 00:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Received disconnect from 152.32.158.35 port 55872:11: Bye Bye [preauth]
May  7 00:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Disconnected from 152.32.158.35 port 55872 [preauth]
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1602]: pam_unix(cron:session): session closed for user p13x
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1669]: Successful su for rubyman by root
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1669]: + ??? root:rubyman
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343546 of user rubyman.
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1669]: pam_unix(su:session): session closed for user rubyman
May  7 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343546.
May  7 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session closed for user root
May  7 00:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1603]: pam_unix(cron:session): session closed for user samftp
May  7 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[609]: pam_unix(cron:session): session closed for user root
May  7 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2129]: pam_unix(cron:session): session closed for user p13x
May  7 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: Successful su for rubyman by root
May  7 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: + ??? root:rubyman
May  7 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343549 of user rubyman.
May  7 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2195]: pam_unix(su:session): session closed for user rubyman
May  7 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343549.
May  7 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session closed for user root
May  7 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2130]: pam_unix(cron:session): session closed for user samftp
May  7 00:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Failed password for root from 121.204.165.232 port 38964 ssh2
May  7 00:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Connection closed by 121.204.165.232 port 38964 [preauth]
May  7 00:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1116]: pam_unix(cron:session): session closed for user root
May  7 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for root from 121.204.165.232 port 45900 ssh2
May  7 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Connection closed by 121.204.165.232 port 45900 [preauth]
May  7 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Failed password for root from 121.204.165.232 port 54220 ssh2
May  7 00:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Connection closed by 121.204.165.232 port 54220 [preauth]
May  7 00:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Failed password for root from 121.204.165.232 port 63580 ssh2
May  7 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Connection closed by 121.204.165.232 port 63580 [preauth]
May  7 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: Failed password for root from 121.204.165.232 port 7739 ssh2
May  7 00:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2515]: Connection closed by 121.204.165.232 port 7739 [preauth]
May  7 00:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Failed password for root from 121.204.165.232 port 18287 ssh2
May  7 00:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2538]: Connection closed by 121.204.165.232 port 18287 [preauth]
May  7 00:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Failed password for root from 121.204.165.232 port 29079 ssh2
May  7 00:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Connection closed by 121.204.165.232 port 29079 [preauth]
May  7 00:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: Failed password for root from 121.204.165.232 port 42061 ssh2
May  7 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2554]: Connection closed by 121.204.165.232 port 42061 [preauth]
May  7 00:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Invalid user admin from 85.208.84.4
May  7 00:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: input_userauth_request: invalid user admin [preauth]
May  7 00:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Failed password for root from 121.204.165.232 port 48399 ssh2
May  7 00:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Connection closed by 121.204.165.232 port 48399 [preauth]
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session closed for user p13x
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: Successful su for rubyman by root
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: + ??? root:rubyman
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343552 of user rubyman.
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: pam_unix(su:session): session closed for user rubyman
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343552.
May  7 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Failed password for invalid user admin from 85.208.84.4 port 63234 ssh2
May  7 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Connection closed by 85.208.84.4 port 63234 [preauth]
May  7 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session closed for user root
May  7 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31765]: pam_unix(cron:session): session closed for user root
May  7 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Failed password for root from 121.204.165.232 port 57435 ssh2
May  7 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Connection closed by 121.204.165.232 port 57435 [preauth]
May  7 00:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session closed for user samftp
May  7 00:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Failed password for root from 121.204.165.232 port 3212 ssh2
May  7 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Connection closed by 121.204.165.232 port 3212 [preauth]
May  7 00:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Failed password for root from 121.204.165.232 port 14798 ssh2
May  7 00:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2959]: Connection closed by 121.204.165.232 port 14798 [preauth]
May  7 00:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: Failed password for root from 121.204.165.232 port 22254 ssh2
May  7 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2972]: Connection closed by 121.204.165.232 port 22254 [preauth]
May  7 00:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Failed password for root from 121.204.165.232 port 28850 ssh2
May  7 00:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Connection closed by 121.204.165.232 port 28850 [preauth]
May  7 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Failed password for root from 121.204.165.232 port 38306 ssh2
May  7 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2997]: Connection closed by 121.204.165.232 port 38306 [preauth]
May  7 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.204.165.232  user=root
May  7 00:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Failed password for root from 121.204.165.232 port 49938 ssh2
May  7 00:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Connection closed by 121.204.165.232 port 49938 [preauth]
May  7 00:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session closed for user root
May  7 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Invalid user gadmin from 124.198.59.254
May  7 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: input_userauth_request: invalid user gadmin [preauth]
May  7 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  7 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Failed password for invalid user gadmin from 124.198.59.254 port 59762 ssh2
May  7 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3007]: Connection closed by 124.198.59.254 port 59762 [preauth]
May  7 00:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2122]: Connection reset by 218.92.0.225 port 27414 [preauth]
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3132]: pam_unix(cron:session): session closed for user root
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3127]: pam_unix(cron:session): session closed for user p13x
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3200]: Successful su for rubyman by root
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3200]: + ??? root:rubyman
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343557 of user rubyman.
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3200]: pam_unix(su:session): session closed for user rubyman
May  7 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343557.
May  7 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3129]: pam_unix(cron:session): session closed for user root
May  7 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32476]: pam_unix(cron:session): session closed for user root
May  7 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3128]: pam_unix(cron:session): session closed for user samftp
May  7 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Failed password for root from 218.92.0.179 port 45130 ssh2
May  7 00:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45130 ssh2]
May  7 00:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Received disconnect from 218.92.0.179 port 45130:11:  [preauth]
May  7 00:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: Disconnected from 218.92.0.179 port 45130 [preauth]
May  7 00:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3421]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Invalid user vpn from 64.227.102.153
May  7 00:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: input_userauth_request: invalid user vpn [preauth]
May  7 00:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Failed password for invalid user vpn from 64.227.102.153 port 45390 ssh2
May  7 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Received disconnect from 64.227.102.153 port 45390:11: Bye Bye [preauth]
May  7 00:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3498]: Disconnected from 64.227.102.153 port 45390 [preauth]
May  7 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2132]: pam_unix(cron:session): session closed for user root
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3616]: pam_unix(cron:session): session closed for user p13x
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: Successful su for rubyman by root
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: + ??? root:rubyman
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343564 of user rubyman.
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3682]: pam_unix(su:session): session closed for user rubyman
May  7 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343564.
May  7 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session closed for user root
May  7 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3617]: pam_unix(cron:session): session closed for user samftp
May  7 00:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session closed for user root
May  7 00:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Invalid user grafana from 152.32.158.35
May  7 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: input_userauth_request: invalid user grafana [preauth]
May  7 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Failed password for invalid user grafana from 152.32.158.35 port 34476 ssh2
May  7 00:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Received disconnect from 152.32.158.35 port 34476:11: Bye Bye [preauth]
May  7 00:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Disconnected from 152.32.158.35 port 34476 [preauth]
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4049]: pam_unix(cron:session): session closed for user p13x
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: Successful su for rubyman by root
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: + ??? root:rubyman
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343568 of user rubyman.
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4116]: pam_unix(su:session): session closed for user rubyman
May  7 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343568.
May  7 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1115]: pam_unix(cron:session): session closed for user root
May  7 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4050]: pam_unix(cron:session): session closed for user samftp
May  7 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3131]: pam_unix(cron:session): session closed for user root
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4619]: pam_unix(cron:session): session closed for user p13x
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4681]: Successful su for rubyman by root
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4681]: + ??? root:rubyman
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343571 of user rubyman.
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4681]: pam_unix(su:session): session closed for user rubyman
May  7 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343571.
May  7 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session closed for user root
May  7 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4620]: pam_unix(cron:session): session closed for user samftp
May  7 00:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Connection reset by 218.92.0.208 port 47720 [preauth]
May  7 00:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 00:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Failed password for root from 80.94.95.29 port 40932 ssh2
May  7 00:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: message repeated 2 times: [ Failed password for root from 80.94.95.29 port 40932 ssh2]
May  7 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3619]: pam_unix(cron:session): session closed for user root
May  7 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Failed password for root from 80.94.95.29 port 40932 ssh2
May  7 00:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Failed password for root from 80.94.95.29 port 40932 ssh2
May  7 00:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Received disconnect from 80.94.95.29 port 40932:11: Bye [preauth]
May  7 00:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: Disconnected from 80.94.95.29 port 40932 [preauth]
May  7 00:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 00:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 00:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Invalid user admin from 80.94.95.112
May  7 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: input_userauth_request: invalid user admin [preauth]
May  7 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 00:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user admin from 80.94.95.112 port 13198 ssh2
May  7 00:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user admin from 80.94.95.112 port 13198 ssh2
May  7 00:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user admin from 80.94.95.112 port 13198 ssh2
May  7 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user admin from 80.94.95.112 port 13198 ssh2
May  7 00:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user admin from 80.94.95.112 port 13198 ssh2
May  7 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Received disconnect from 80.94.95.112 port 13198:11: Bye [preauth]
May  7 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Disconnected from 80.94.95.112 port 13198 [preauth]
May  7 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 00:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5228]: pam_unix(cron:session): session closed for user p13x
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5296]: Successful su for rubyman by root
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5296]: + ??? root:rubyman
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343575 of user rubyman.
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5296]: pam_unix(su:session): session closed for user rubyman
May  7 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343575.
May  7 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2131]: pam_unix(cron:session): session closed for user root
May  7 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5229]: pam_unix(cron:session): session closed for user samftp
May  7 00:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Invalid user e from 130.195.9.205
May  7 00:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: input_userauth_request: invalid user e [preauth]
May  7 00:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 00:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Failed password for invalid user e from 130.195.9.205 port 48372 ssh2
May  7 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4052]: pam_unix(cron:session): session closed for user root
May  7 00:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5592]: Connection closed by 130.195.9.205 port 48372 [preauth]
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5704]: pam_unix(cron:session): session closed for user root
May  7 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session closed for user p13x
May  7 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5767]: Successful su for rubyman by root
May  7 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5767]: + ??? root:rubyman
May  7 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343580 of user rubyman.
May  7 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5767]: pam_unix(su:session): session closed for user rubyman
May  7 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343580.
May  7 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5700]: pam_unix(cron:session): session closed for user root
May  7 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session closed for user root
May  7 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5699]: pam_unix(cron:session): session closed for user samftp
May  7 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Invalid user ftpuser from 64.227.102.153
May  7 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: input_userauth_request: invalid user ftpuser [preauth]
May  7 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Failed password for invalid user ftpuser from 64.227.102.153 port 58886 ssh2
May  7 00:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Received disconnect from 64.227.102.153 port 58886:11: Bye Bye [preauth]
May  7 00:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Disconnected from 64.227.102.153 port 58886 [preauth]
May  7 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4622]: pam_unix(cron:session): session closed for user root
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session closed for user p13x
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6311]: Successful su for rubyman by root
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6311]: + ??? root:rubyman
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343586 of user rubyman.
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6311]: pam_unix(su:session): session closed for user rubyman
May  7 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343586.
May  7 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3130]: pam_unix(cron:session): session closed for user root
May  7 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session closed for user samftp
May  7 00:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Invalid user crap from 64.227.130.206
May  7 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: input_userauth_request: invalid user crap [preauth]
May  7 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 00:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Failed password for invalid user crap from 64.227.130.206 port 44056 ssh2
May  7 00:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Received disconnect from 64.227.130.206 port 44056:11: Bye Bye [preauth]
May  7 00:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6520]: Disconnected from 64.227.130.206 port 44056 [preauth]
May  7 00:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Invalid user user from 80.94.95.125
May  7 00:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: input_userauth_request: invalid user user [preauth]
May  7 00:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 00:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Failed password for invalid user user from 80.94.95.125 port 12702 ssh2
May  7 00:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Failed password for invalid user user from 80.94.95.125 port 12702 ssh2
May  7 00:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Failed password for invalid user user from 80.94.95.125 port 12702 ssh2
May  7 00:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Failed password for invalid user user from 80.94.95.125 port 12702 ssh2
May  7 00:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5233]: pam_unix(cron:session): session closed for user root
May  7 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Failed password for invalid user user from 80.94.95.125 port 12702 ssh2
May  7 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Received disconnect from 80.94.95.125 port 12702:11: Bye [preauth]
May  7 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: Disconnected from 80.94.95.125 port 12702 [preauth]
May  7 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6530]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 00:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Invalid user dci from 152.32.158.35
May  7 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: input_userauth_request: invalid user dci [preauth]
May  7 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35
May  7 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Failed password for invalid user dci from 152.32.158.35 port 41316 ssh2
May  7 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Received disconnect from 152.32.158.35 port 41316:11: Bye Bye [preauth]
May  7 00:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6589]: Disconnected from 152.32.158.35 port 41316 [preauth]
May  7 00:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 00:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: Failed password for root from 218.92.0.218 port 61872 ssh2
May  7 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Invalid user neolinux from 154.221.25.33
May  7 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: input_userauth_request: invalid user neolinux [preauth]
May  7 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 00:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Failed password for invalid user neolinux from 154.221.25.33 port 34346 ssh2
May  7 00:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Received disconnect from 154.221.25.33 port 34346:11: Bye Bye [preauth]
May  7 00:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Disconnected from 154.221.25.33 port 34346 [preauth]
May  7 00:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: Received disconnect from 218.92.0.218 port 61872:11:  [preauth]
May  7 00:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6602]: Disconnected from 218.92.0.218 port 61872 [preauth]
May  7 00:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6650]: Failed password for root from 218.92.0.218 port 41340 ssh2
May  7 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6665]: pam_unix(cron:session): session closed for user p13x
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: Successful su for rubyman by root
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: + ??? root:rubyman
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343591 of user rubyman.
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: pam_unix(su:session): session closed for user rubyman
May  7 00:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343591.
May  7 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3618]: pam_unix(cron:session): session closed for user root
May  7 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6666]: pam_unix(cron:session): session closed for user samftp
May  7 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5703]: pam_unix(cron:session): session closed for user root
May  7 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7176]: pam_unix(cron:session): session closed for user p13x
May  7 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7241]: Successful su for rubyman by root
May  7 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7241]: + ??? root:rubyman
May  7 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343594 of user rubyman.
May  7 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7241]: pam_unix(su:session): session closed for user rubyman
May  7 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343594.
May  7 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4051]: pam_unix(cron:session): session closed for user root
May  7 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7177]: pam_unix(cron:session): session closed for user samftp
May  7 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session closed for user root
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7670]: pam_unix(cron:session): session closed for user p13x
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: Successful su for rubyman by root
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: + ??? root:rubyman
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343598 of user rubyman.
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7742]: pam_unix(su:session): session closed for user rubyman
May  7 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343598.
May  7 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4621]: pam_unix(cron:session): session closed for user root
May  7 00:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session closed for user samftp
May  7 00:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session closed for user root
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8101]: pam_unix(cron:session): session closed for user root
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session closed for user p13x
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: Successful su for rubyman by root
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: + ??? root:rubyman
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343603 of user rubyman.
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: pam_unix(su:session): session closed for user rubyman
May  7 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343603.
May  7 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session closed for user root
May  7 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5232]: pam_unix(cron:session): session closed for user root
May  7 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session closed for user samftp
May  7 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Invalid user office from 64.227.102.153
May  7 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: input_userauth_request: invalid user office [preauth]
May  7 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153
May  7 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Failed password for invalid user office from 64.227.102.153 port 46300 ssh2
May  7 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Received disconnect from 64.227.102.153 port 46300:11: Bye Bye [preauth]
May  7 00:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8467]: Disconnected from 64.227.102.153 port 46300 [preauth]
May  7 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7179]: pam_unix(cron:session): session closed for user root
May  7 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8569]: pam_unix(cron:session): session closed for user p13x
May  7 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8641]: Successful su for rubyman by root
May  7 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8641]: + ??? root:rubyman
May  7 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8641]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343608 of user rubyman.
May  7 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8641]: pam_unix(su:session): session closed for user rubyman
May  7 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343608.
May  7 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5701]: pam_unix(cron:session): session closed for user root
May  7 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8570]: pam_unix(cron:session): session closed for user samftp
May  7 00:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 00:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for root from 218.92.0.236 port 18766 ssh2
May  7 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session closed for user root
May  7 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Invalid user e from 130.195.9.205
May  7 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: input_userauth_request: invalid user e [preauth]
May  7 00:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for root from 218.92.0.236 port 18766 ssh2
May  7 00:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 00:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  7 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Failed password for invalid user e from 130.195.9.205 port 45010 ssh2
May  7 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for root from 218.92.0.236 port 18766 ssh2
May  7 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Received disconnect from 218.92.0.236 port 18766:11:  [preauth]
May  7 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Disconnected from 218.92.0.236 port 18766 [preauth]
May  7 00:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: Failed password for root from 152.32.158.35 port 48162 ssh2
May  7 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: Received disconnect from 152.32.158.35 port 48162:11: Bye Bye [preauth]
May  7 00:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8936]: Disconnected from 152.32.158.35 port 48162 [preauth]
May  7 00:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8910]: Connection closed by 130.195.9.205 port 45010 [preauth]
May  7 00:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: User mysql from 64.227.130.206 not allowed because not listed in AllowUsers
May  7 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: input_userauth_request: invalid user mysql [preauth]
May  7 00:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206  user=mysql
May  7 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: Failed password for invalid user mysql from 64.227.130.206 port 58310 ssh2
May  7 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: Received disconnect from 64.227.130.206 port 58310:11: Bye Bye [preauth]
May  7 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8990]: Disconnected from 64.227.130.206 port 58310 [preauth]
May  7 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9001]: pam_unix(cron:session): session closed for user p13x
May  7 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: Successful su for rubyman by root
May  7 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: + ??? root:rubyman
May  7 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343612 of user rubyman.
May  7 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9064]: pam_unix(su:session): session closed for user rubyman
May  7 00:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343612.
May  7 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session closed for user root
May  7 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9002]: pam_unix(cron:session): session closed for user samftp
May  7 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: User mysql from 154.221.25.33 not allowed because not listed in AllowUsers
May  7 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: input_userauth_request: invalid user mysql [preauth]
May  7 00:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33  user=mysql
May  7 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Failed password for invalid user mysql from 154.221.25.33 port 34490 ssh2
May  7 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Received disconnect from 154.221.25.33 port 34490:11: Bye Bye [preauth]
May  7 00:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Disconnected from 154.221.25.33 port 34490 [preauth]
May  7 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8098]: pam_unix(cron:session): session closed for user root
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9522]: pam_unix(cron:session): session closed for user p13x
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: Successful su for rubyman by root
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: + ??? root:rubyman
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343615 of user rubyman.
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9581]: pam_unix(su:session): session closed for user rubyman
May  7 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343615.
May  7 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6667]: pam_unix(cron:session): session closed for user root
May  7 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9523]: pam_unix(cron:session): session closed for user samftp
May  7 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session closed for user root
May  7 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9926]: pam_unix(cron:session): session closed for user p13x
May  7 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9990]: Successful su for rubyman by root
May  7 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9990]: + ??? root:rubyman
May  7 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343619 of user rubyman.
May  7 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9990]: pam_unix(su:session): session closed for user rubyman
May  7 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343619.
May  7 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7178]: pam_unix(cron:session): session closed for user root
May  7 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9927]: pam_unix(cron:session): session closed for user samftp
May  7 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9004]: pam_unix(cron:session): session closed for user root
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10417]: pam_unix(cron:session): session closed for user root
May  7 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10411]: pam_unix(cron:session): session closed for user p13x
May  7 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: Successful su for rubyman by root
May  7 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: + ??? root:rubyman
May  7 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343627 of user rubyman.
May  7 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10491]: pam_unix(su:session): session closed for user rubyman
May  7 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343627.
May  7 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10414]: pam_unix(cron:session): session closed for user root
May  7 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session closed for user root
May  7 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10412]: pam_unix(cron:session): session closed for user samftp
May  7 00:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  7 00:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for root from 64.227.102.153 port 40082 ssh2
May  7 00:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Received disconnect from 64.227.102.153 port 40082:11: Bye Bye [preauth]
May  7 00:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Disconnected from 64.227.102.153 port 40082 [preauth]
May  7 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9525]: pam_unix(cron:session): session closed for user root
May  7 00:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10917]: pam_unix(cron:session): session closed for user p13x
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10980]: Successful su for rubyman by root
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10980]: + ??? root:rubyman
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343629 of user rubyman.
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10980]: pam_unix(su:session): session closed for user rubyman
May  7 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343629.
May  7 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session closed for user root
May  7 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10918]: pam_unix(cron:session): session closed for user samftp
May  7 00:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: User sshd from 85.208.84.5 not allowed because not listed in AllowUsers
May  7 00:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: input_userauth_request: invalid user sshd [preauth]
May  7 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=sshd
May  7 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Failed password for invalid user sshd from 85.208.84.5 port 46664 ssh2
May  7 00:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11205]: Connection closed by 85.208.84.5 port 46664 [preauth]
May  7 00:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Invalid user ethos from 50.235.31.47
May  7 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: input_userauth_request: invalid user ethos [preauth]
May  7 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 00:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for invalid user ethos from 50.235.31.47 port 39882 ssh2
May  7 00:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Connection closed by 50.235.31.47 port 39882 [preauth]
May  7 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9930]: pam_unix(cron:session): session closed for user root
May  7 00:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  7 00:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Failed password for root from 152.32.158.35 port 55004 ssh2
May  7 00:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Received disconnect from 152.32.158.35 port 55004:11: Bye Bye [preauth]
May  7 00:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11268]: Disconnected from 152.32.158.35 port 55004 [preauth]
May  7 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session closed for user p13x
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11382]: Successful su for rubyman by root
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11382]: + ??? root:rubyman
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343634 of user rubyman.
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11382]: pam_unix(su:session): session closed for user rubyman
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343634.
May  7 00:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session closed for user root
May  7 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Failed password for root from 218.92.0.237 port 25286 ssh2
May  7 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session closed for user samftp
May  7 00:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Failed password for root from 218.92.0.237 port 25286 ssh2
May  7 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Failed password for root from 218.92.0.237 port 25286 ssh2
May  7 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Received disconnect from 218.92.0.237 port 25286:11:  [preauth]
May  7 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: Disconnected from 218.92.0.237 port 25286 [preauth]
May  7 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11394]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 00:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Invalid user student4 from 154.221.25.33
May  7 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: input_userauth_request: invalid user student4 [preauth]
May  7 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 00:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Failed password for invalid user student4 from 154.221.25.33 port 40110 ssh2
May  7 00:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Received disconnect from 154.221.25.33 port 40110:11: Bye Bye [preauth]
May  7 00:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11632]: Disconnected from 154.221.25.33 port 40110 [preauth]
May  7 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: Invalid user brs from 64.227.130.206
May  7 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: input_userauth_request: invalid user brs [preauth]
May  7 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: Failed password for invalid user brs from 64.227.130.206 port 34006 ssh2
May  7 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: Received disconnect from 64.227.130.206 port 34006:11: Bye Bye [preauth]
May  7 00:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11642]: Disconnected from 64.227.130.206 port 34006 [preauth]
May  7 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10416]: pam_unix(cron:session): session closed for user root
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11729]: pam_unix(cron:session): session closed for user p13x
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: Successful su for rubyman by root
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: + ??? root:rubyman
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343637 of user rubyman.
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11788]: pam_unix(su:session): session closed for user rubyman
May  7 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343637.
May  7 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9003]: pam_unix(cron:session): session closed for user root
May  7 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11730]: pam_unix(cron:session): session closed for user samftp
May  7 00:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Invalid user rr from 130.195.9.205
May  7 00:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: input_userauth_request: invalid user rr [preauth]
May  7 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: pam_unix(sshd:auth): check pass; user unknown
May  7 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 00:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Failed password for invalid user rr from 130.195.9.205 port 34392 ssh2
May  7 00:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11998]: Connection closed by 130.195.9.205 port 34392 [preauth]
May  7 00:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10920]: pam_unix(cron:session): session closed for user root
May  7 00:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session closed for user p13x
May  7 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12173]: Successful su for rubyman by root
May  7 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12173]: + ??? root:rubyman
May  7 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343641 of user rubyman.
May  7 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12173]: pam_unix(su:session): session closed for user rubyman
May  7 00:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343641.
May  7 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9524]: pam_unix(cron:session): session closed for user root
May  7 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12114]: pam_unix(cron:session): session closed for user samftp
May  7 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 00:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 00:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Failed password for root from 218.92.0.179 port 42517 ssh2
May  7 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Failed password for root from 218.92.0.179 port 42517 ssh2
May  7 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session closed for user root
May  7 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Failed password for root from 218.92.0.179 port 42517 ssh2
May  7 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Received disconnect from 218.92.0.179 port 42517:11:  [preauth]
May  7 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: Disconnected from 218.92.0.179 port 42517 [preauth]
May  7 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12430]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12520]: pam_unix(cron:session): session closed for user root
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12516]: pam_unix(cron:session): session closed for user root
May  7 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12514]: pam_unix(cron:session): session closed for user p13x
May  7 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12610]: Successful su for rubyman by root
May  7 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12610]: + ??? root:rubyman
May  7 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343645 of user rubyman.
May  7 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12610]: pam_unix(su:session): session closed for user rubyman
May  7 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343645.
May  7 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9929]: pam_unix(cron:session): session closed for user root
May  7 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12517]: pam_unix(cron:session): session closed for user root
May  7 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12515]: pam_unix(cron:session): session closed for user samftp
May  7 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.102.153  user=root
May  7 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12864]: Failed password for root from 64.227.102.153 port 42244 ssh2
May  7 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12864]: Received disconnect from 64.227.102.153 port 42244:11: Bye Bye [preauth]
May  7 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12864]: Disconnected from 64.227.102.153 port 42244 [preauth]
May  7 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11732]: pam_unix(cron:session): session closed for user root
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user p13x
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: Successful su for rubyman by root
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: + ??? root:rubyman
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343652 of user rubyman.
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13075]: pam_unix(su:session): session closed for user rubyman
May  7 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343652.
May  7 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10415]: pam_unix(cron:session): session closed for user root
May  7 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session closed for user samftp
May  7 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12116]: pam_unix(cron:session): session closed for user root
May  7 01:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Invalid user admin from 80.94.95.241
May  7 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: input_userauth_request: invalid user admin [preauth]
May  7 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for invalid user admin from 80.94.95.241 port 57474 ssh2
May  7 01:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for invalid user admin from 80.94.95.241 port 57474 ssh2
May  7 01:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for invalid user admin from 80.94.95.241 port 57474 ssh2
May  7 01:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.158.35  user=root
May  7 01:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for invalid user admin from 80.94.95.241 port 57474 ssh2
May  7 01:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: Failed password for root from 152.32.158.35 port 33622 ssh2
May  7 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: Received disconnect from 152.32.158.35 port 33622:11: Bye Bye [preauth]
May  7 01:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13391]: Disconnected from 152.32.158.35 port 33622 [preauth]
May  7 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Failed password for invalid user admin from 80.94.95.241 port 57474 ssh2
May  7 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Received disconnect from 80.94.95.241 port 57474:11: Bye [preauth]
May  7 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: Disconnected from 80.94.95.241 port 57474 [preauth]
May  7 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 01:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13365]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session closed for user p13x
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: Successful su for rubyman by root
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: + ??? root:rubyman
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343656 of user rubyman.
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13569]: pam_unix(su:session): session closed for user rubyman
May  7 01:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343656.
May  7 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10919]: pam_unix(cron:session): session closed for user root
May  7 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session closed for user samftp
May  7 01:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12519]: pam_unix(cron:session): session closed for user root
May  7 01:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Invalid user smart from 154.221.25.33
May  7 01:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: input_userauth_request: invalid user smart [preauth]
May  7 01:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Failed password for invalid user smart from 154.221.25.33 port 46276 ssh2
May  7 01:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Received disconnect from 154.221.25.33 port 46276:11: Bye Bye [preauth]
May  7 01:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13865]: Disconnected from 154.221.25.33 port 46276 [preauth]
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13915]: pam_unix(cron:session): session closed for user p13x
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13977]: Successful su for rubyman by root
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13977]: + ??? root:rubyman
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343660 of user rubyman.
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13977]: pam_unix(su:session): session closed for user rubyman
May  7 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343660.
May  7 01:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Invalid user nodered from 64.227.130.206
May  7 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: input_userauth_request: invalid user nodered [preauth]
May  7 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session closed for user root
May  7 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13916]: pam_unix(cron:session): session closed for user samftp
May  7 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Failed password for invalid user nodered from 64.227.130.206 port 49416 ssh2
May  7 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Received disconnect from 64.227.130.206 port 49416:11: Bye Bye [preauth]
May  7 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14085]: Disconnected from 64.227.130.206 port 49416 [preauth]
May  7 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Failed password for root from 218.92.0.179 port 20698 ssh2
May  7 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20698 ssh2]
May  7 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Received disconnect from 218.92.0.179 port 20698:11:  [preauth]
May  7 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: Disconnected from 218.92.0.179 port 20698 [preauth]
May  7 01:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14220]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session closed for user root
May  7 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user p13x
May  7 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14380]: Successful su for rubyman by root
May  7 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14380]: + ??? root:rubyman
May  7 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343664 of user rubyman.
May  7 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14380]: pam_unix(su:session): session closed for user rubyman
May  7 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343664.
May  7 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11731]: pam_unix(cron:session): session closed for user root
May  7 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user samftp
May  7 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session closed for user root
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session closed for user root
May  7 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14730]: pam_unix(cron:session): session closed for user p13x
May  7 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: Successful su for rubyman by root
May  7 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: + ??? root:rubyman
May  7 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343673 of user rubyman.
May  7 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14799]: pam_unix(su:session): session closed for user rubyman
May  7 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343673.
May  7 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14733]: pam_unix(cron:session): session closed for user root
May  7 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12115]: pam_unix(cron:session): session closed for user root
May  7 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14731]: pam_unix(cron:session): session closed for user samftp
May  7 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13919]: pam_unix(cron:session): session closed for user root
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15160]: pam_unix(cron:session): session closed for user p13x
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15225]: Successful su for rubyman by root
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15225]: + ??? root:rubyman
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343674 of user rubyman.
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15225]: pam_unix(su:session): session closed for user rubyman
May  7 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343674.
May  7 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12518]: pam_unix(cron:session): session closed for user root
May  7 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session closed for user samftp
May  7 01:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14321]: pam_unix(cron:session): session closed for user root
May  7 01:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for root from 218.92.0.179 port 56502 ssh2
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user p13x
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: Successful su for rubyman by root
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: + ??? root:rubyman
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343678 of user rubyman.
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15614]: pam_unix(su:session): session closed for user rubyman
May  7 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343678.
May  7 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for root from 218.92.0.179 port 56502 ssh2
May  7 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for root from 218.92.0.179 port 56502 ssh2
May  7 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Received disconnect from 218.92.0.179 port 56502:11:  [preauth]
May  7 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Disconnected from 218.92.0.179 port 56502 [preauth]
May  7 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session closed for user root
May  7 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user samftp
May  7 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 01:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Failed password for root from 218.92.0.227 port 54718 ssh2
May  7 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 54718 ssh2]
May  7 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Received disconnect from 218.92.0.227 port 54718:11:  [preauth]
May  7 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: Disconnected from 218.92.0.227 port 54718 [preauth]
May  7 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15799]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Failed password for root from 218.92.0.227 port 29432 ssh2
May  7 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 29432 ssh2]
May  7 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Received disconnect from 218.92.0.227 port 29432:11:  [preauth]
May  7 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: Disconnected from 218.92.0.227 port 29432 [preauth]
May  7 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15833]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14735]: pam_unix(cron:session): session closed for user root
May  7 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Failed password for root from 218.92.0.227 port 46526 ssh2
May  7 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179  user=root
May  7 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Failed password for root from 218.92.0.227 port 46526 ssh2
May  7 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Failed password for root from 199.188.103.179 port 45460 ssh2
May  7 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15895]: Connection closed by 199.188.103.179 port 45460 [preauth]
May  7 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Failed password for root from 218.92.0.227 port 46526 ssh2
May  7 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Received disconnect from 218.92.0.227 port 46526:11:  [preauth]
May  7 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: Disconnected from 218.92.0.227 port 46526 [preauth]
May  7 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15932]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 01:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Invalid user mohamed from 154.221.25.33
May  7 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: input_userauth_request: invalid user mohamed [preauth]
May  7 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Failed password for invalid user mohamed from 154.221.25.33 port 51330 ssh2
May  7 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Received disconnect from 154.221.25.33 port 51330:11: Bye Bye [preauth]
May  7 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Disconnected from 154.221.25.33 port 51330 [preauth]
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user p13x
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: Successful su for rubyman by root
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: + ??? root:rubyman
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343684 of user rubyman.
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16019]: pam_unix(su:session): session closed for user rubyman
May  7 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343684.
May  7 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session closed for user root
May  7 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user samftp
May  7 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user root
May  7 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Invalid user student4 from 64.227.130.206
May  7 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: input_userauth_request: invalid user student4 [preauth]
May  7 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for invalid user student4 from 64.227.130.206 port 38820 ssh2
May  7 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Received disconnect from 64.227.130.206 port 38820:11: Bye Bye [preauth]
May  7 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Disconnected from 64.227.130.206 port 38820 [preauth]
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16338]: pam_unix(cron:session): session closed for user p13x
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16482]: Successful su for rubyman by root
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16482]: + ??? root:rubyman
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343687 of user rubyman.
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16482]: pam_unix(su:session): session closed for user rubyman
May  7 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343687.
May  7 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16336]: pam_unix(cron:session): session closed for user root
May  7 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13917]: pam_unix(cron:session): session closed for user root
May  7 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session closed for user samftp
May  7 01:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15851]: Connection reset by 218.92.0.227 port 29436 [preauth]
May  7 01:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15557]: pam_unix(cron:session): session closed for user root
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16901]: pam_unix(cron:session): session closed for user root
May  7 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session closed for user p13x
May  7 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16985]: Successful su for rubyman by root
May  7 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16985]: + ??? root:rubyman
May  7 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343694 of user rubyman.
May  7 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16985]: pam_unix(su:session): session closed for user rubyman
May  7 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343694.
May  7 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session closed for user root
May  7 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session closed for user root
May  7 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session closed for user samftp
May  7 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Invalid user  from 217.154.13.145
May  7 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: input_userauth_request: invalid user  [preauth]
May  7 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15964]: pam_unix(cron:session): session closed for user root
May  7 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Connection closed by 217.154.13.145 port 56746 [preauth]
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17346]: pam_unix(cron:session): session closed for user p13x
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17414]: Successful su for rubyman by root
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17414]: + ??? root:rubyman
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343699 of user rubyman.
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17414]: pam_unix(su:session): session closed for user rubyman
May  7 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343699.
May  7 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14734]: pam_unix(cron:session): session closed for user root
May  7 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17347]: pam_unix(cron:session): session closed for user samftp
May  7 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17653]: Did not receive identification string from 117.239.143.114
May  7 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16341]: pam_unix(cron:session): session closed for user root
May  7 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17687]: Invalid user NL5xUDpV2xRa from 117.239.143.114
May  7 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17687]: input_userauth_request: invalid user NL5xUDpV2xRa [preauth]
May  7 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17687]: fatal: ssh_packet_get_string: incomplete message [preauth]
May  7 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17786]: pam_unix(cron:session): session closed for user p13x
May  7 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: Successful su for rubyman by root
May  7 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: + ??? root:rubyman
May  7 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343703 of user rubyman.
May  7 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17942]: pam_unix(su:session): session closed for user rubyman
May  7 01:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343703.
May  7 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user root
May  7 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17787]: pam_unix(cron:session): session closed for user samftp
May  7 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16900]: pam_unix(cron:session): session closed for user root
May  7 01:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Failed password for root from 218.92.0.233 port 16012 ssh2
May  7 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 16012 ssh2]
May  7 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Received disconnect from 218.92.0.233 port 16012:11:  [preauth]
May  7 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: Disconnected from 218.92.0.233 port 16012 [preauth]
May  7 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18266]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Failed password for root from 218.92.0.233 port 18750 ssh2
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18301]: pam_unix(cron:session): session closed for user p13x
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18364]: Successful su for rubyman by root
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18364]: + ??? root:rubyman
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343705 of user rubyman.
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18364]: pam_unix(su:session): session closed for user rubyman
May  7 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343705.
May  7 01:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Failed password for root from 218.92.0.233 port 18750 ssh2
May  7 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session closed for user root
May  7 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Failed password for root from 218.92.0.233 port 18750 ssh2
May  7 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Received disconnect from 218.92.0.233 port 18750:11:  [preauth]
May  7 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: Disconnected from 218.92.0.233 port 18750 [preauth]
May  7 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18287]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18302]: pam_unix(cron:session): session closed for user samftp
May  7 01:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Failed password for root from 218.92.0.233 port 15020 ssh2
May  7 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 15020 ssh2]
May  7 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Received disconnect from 218.92.0.233 port 15020:11:  [preauth]
May  7 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Disconnected from 218.92.0.233 port 15020 [preauth]
May  7 01:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Invalid user royal from 154.221.25.33
May  7 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: input_userauth_request: invalid user royal [preauth]
May  7 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Failed password for invalid user royal from 154.221.25.33 port 56576 ssh2
May  7 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Received disconnect from 154.221.25.33 port 56576:11: Bye Bye [preauth]
May  7 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18581]: Disconnected from 154.221.25.33 port 56576 [preauth]
May  7 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17349]: pam_unix(cron:session): session closed for user root
May  7 01:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  7 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18658]: Failed password for root from 218.92.0.252 port 36768 ssh2
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18711]: pam_unix(cron:session): session closed for user p13x
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: Successful su for rubyman by root
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: + ??? root:rubyman
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343711 of user rubyman.
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18780]: pam_unix(su:session): session closed for user rubyman
May  7 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343711.
May  7 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session closed for user root
May  7 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18712]: pam_unix(cron:session): session closed for user samftp
May  7 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: Invalid user ian from 64.227.130.206
May  7 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: input_userauth_request: invalid user ian [preauth]
May  7 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: Failed password for invalid user ian from 64.227.130.206 port 35898 ssh2
May  7 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: Received disconnect from 64.227.130.206 port 35898:11: Bye Bye [preauth]
May  7 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18988]: Disconnected from 64.227.130.206 port 35898 [preauth]
May  7 01:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Invalid user admin from 194.0.234.16
May  7 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: input_userauth_request: invalid user admin [preauth]
May  7 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  7 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Failed password for invalid user admin from 194.0.234.16 port 22038 ssh2
May  7 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18998]: Connection closed by 194.0.234.16 port 22038 [preauth]
May  7 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17789]: pam_unix(cron:session): session closed for user root
May  7 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Invalid user e from 130.195.9.205
May  7 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: input_userauth_request: invalid user e [preauth]
May  7 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Failed password for invalid user e from 130.195.9.205 port 42126 ssh2
May  7 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Connection closed by 130.195.9.205 port 42126 [preauth]
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19130]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19129]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19135]: pam_unix(cron:session): session closed for user root
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19129]: pam_unix(cron:session): session closed for user p13x
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: Successful su for rubyman by root
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: + ??? root:rubyman
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343713 of user rubyman.
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19196]: pam_unix(su:session): session closed for user rubyman
May  7 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343713.
May  7 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19132]: pam_unix(cron:session): session closed for user root
May  7 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session closed for user root
May  7 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19130]: pam_unix(cron:session): session closed for user samftp
May  7 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18304]: pam_unix(cron:session): session closed for user root
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19562]: pam_unix(cron:session): session closed for user p13x
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19642]: Successful su for rubyman by root
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19642]: + ??? root:rubyman
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343719 of user rubyman.
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19642]: pam_unix(su:session): session closed for user rubyman
May  7 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343719.
May  7 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16899]: pam_unix(cron:session): session closed for user root
May  7 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19563]: pam_unix(cron:session): session closed for user samftp
May  7 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session closed for user root
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19991]: pam_unix(cron:session): session closed for user root
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19993]: pam_unix(cron:session): session closed for user p13x
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: Successful su for rubyman by root
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: + ??? root:rubyman
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343724 of user rubyman.
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20063]: pam_unix(su:session): session closed for user rubyman
May  7 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343724.
May  7 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17348]: pam_unix(cron:session): session closed for user root
May  7 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19996]: pam_unix(cron:session): session closed for user samftp
May  7 01:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 01:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20252]: Failed password for root from 193.70.84.184 port 39122 ssh2
May  7 01:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20252]: Connection closed by 193.70.84.184 port 39122 [preauth]
May  7 01:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19134]: pam_unix(cron:session): session closed for user root
May  7 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20392]: pam_unix(cron:session): session closed for user p13x
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20457]: Successful su for rubyman by root
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20457]: + ??? root:rubyman
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343729 of user rubyman.
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20457]: pam_unix(su:session): session closed for user rubyman
May  7 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343729.
May  7 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17788]: pam_unix(cron:session): session closed for user root
May  7 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20393]: pam_unix(cron:session): session closed for user samftp
May  7 01:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Invalid user userroot from 154.221.25.33
May  7 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: input_userauth_request: invalid user userroot [preauth]
May  7 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19565]: pam_unix(cron:session): session closed for user root
May  7 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Failed password for invalid user userroot from 154.221.25.33 port 39246 ssh2
May  7 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Received disconnect from 154.221.25.33 port 39246:11: Bye Bye [preauth]
May  7 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20715]: Disconnected from 154.221.25.33 port 39246 [preauth]
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20796]: pam_unix(cron:session): session closed for user p13x
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: Successful su for rubyman by root
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: + ??? root:rubyman
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343734 of user rubyman.
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20866]: pam_unix(su:session): session closed for user rubyman
May  7 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343734.
May  7 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18303]: pam_unix(cron:session): session closed for user root
May  7 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20798]: pam_unix(cron:session): session closed for user samftp
May  7 01:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Invalid user admin from 80.94.95.112
May  7 01:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: input_userauth_request: invalid user admin [preauth]
May  7 01:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 01:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Failed password for invalid user admin from 80.94.95.112 port 10825 ssh2
May  7 01:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Failed password for invalid user admin from 80.94.95.112 port 10825 ssh2
May  7 01:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19998]: pam_unix(cron:session): session closed for user root
May  7 01:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Failed password for invalid user admin from 80.94.95.112 port 10825 ssh2
May  7 01:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Failed password for invalid user admin from 80.94.95.112 port 10825 ssh2
May  7 01:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Failed password for invalid user admin from 80.94.95.112 port 10825 ssh2
May  7 01:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Received disconnect from 80.94.95.112 port 10825:11: Bye [preauth]
May  7 01:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: Disconnected from 80.94.95.112 port 10825 [preauth]
May  7 01:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 01:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21119]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Invalid user royal from 64.227.130.206
May  7 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: input_userauth_request: invalid user royal [preauth]
May  7 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Failed password for invalid user royal from 64.227.130.206 port 43744 ssh2
May  7 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Received disconnect from 64.227.130.206 port 43744:11: Bye Bye [preauth]
May  7 01:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21208]: Disconnected from 64.227.130.206 port 43744 [preauth]
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21247]: pam_unix(cron:session): session closed for user root
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session closed for user p13x
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: Successful su for rubyman by root
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: + ??? root:rubyman
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343739 of user rubyman.
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21328]: pam_unix(su:session): session closed for user rubyman
May  7 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343739.
May  7 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session closed for user root
May  7 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user root
May  7 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session closed for user samftp
May  7 01:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Invalid user Administrator from 80.94.95.29
May  7 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: input_userauth_request: invalid user Administrator [preauth]
May  7 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 01:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Failed password for invalid user Administrator from 80.94.95.29 port 44926 ssh2
May  7 01:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Failed password for invalid user Administrator from 80.94.95.29 port 44926 ssh2
May  7 01:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Failed password for invalid user Administrator from 80.94.95.29 port 44926 ssh2
May  7 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Failed password for invalid user Administrator from 80.94.95.29 port 44926 ssh2
May  7 01:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Failed password for invalid user Administrator from 80.94.95.29 port 44926 ssh2
May  7 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Received disconnect from 80.94.95.29 port 44926:11: Bye [preauth]
May  7 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Disconnected from 80.94.95.29 port 44926 [preauth]
May  7 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 01:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20396]: pam_unix(cron:session): session closed for user root
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21722]: pam_unix(cron:session): session closed for user p13x
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22048]: Successful su for rubyman by root
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22048]: + ??? root:rubyman
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343742 of user rubyman.
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22048]: pam_unix(su:session): session closed for user rubyman
May  7 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343742.
May  7 01:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19133]: pam_unix(cron:session): session closed for user root
May  7 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21723]: pam_unix(cron:session): session closed for user samftp
May  7 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20800]: pam_unix(cron:session): session closed for user root
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22468]: pam_unix(cron:session): session closed for user p13x
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: Successful su for rubyman by root
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: + ??? root:rubyman
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343747 of user rubyman.
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22540]: pam_unix(su:session): session closed for user rubyman
May  7 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343747.
May  7 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Invalid user username from 80.94.95.125
May  7 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: input_userauth_request: invalid user username [preauth]
May  7 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19564]: pam_unix(cron:session): session closed for user root
May  7 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user username from 80.94.95.125 port 30369 ssh2
May  7 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22469]: pam_unix(cron:session): session closed for user samftp
May  7 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user username from 80.94.95.125 port 30369 ssh2
May  7 01:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user username from 80.94.95.125 port 30369 ssh2
May  7 01:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user username from 80.94.95.125 port 30369 ssh2
May  7 01:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user username from 80.94.95.125 port 30369 ssh2
May  7 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Received disconnect from 80.94.95.125 port 30369:11: Bye [preauth]
May  7 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Disconnected from 80.94.95.125 port 30369 [preauth]
May  7 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 01:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21246]: pam_unix(cron:session): session closed for user root
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22909]: pam_unix(cron:session): session closed for user p13x
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23001]: Successful su for rubyman by root
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23001]: + ??? root:rubyman
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343752 of user rubyman.
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23001]: pam_unix(su:session): session closed for user rubyman
May  7 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343752.
May  7 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19997]: pam_unix(cron:session): session closed for user root
May  7 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22910]: pam_unix(cron:session): session closed for user samftp
May  7 01:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23193]: Bad protocol version identification '\026\003\001' from 3.149.242.40 port 59818
May  7 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23207]: Bad protocol version identification '' from 3.149.242.40 port 44264
May  7 01:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23238]: Bad protocol version identification 'GET / HTTP/1.1' from 3.149.242.40 port 56504
May  7 01:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21725]: pam_unix(cron:session): session closed for user root
May  7 01:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Invalid user huake from 154.221.25.33
May  7 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: input_userauth_request: invalid user huake [preauth]
May  7 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Invalid user test from 190.103.202.7
May  7 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: input_userauth_request: invalid user test [preauth]
May  7 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Failed password for invalid user huake from 154.221.25.33 port 56088 ssh2
May  7 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Received disconnect from 154.221.25.33 port 56088:11: Bye Bye [preauth]
May  7 01:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23417]: Disconnected from 154.221.25.33 port 56088 [preauth]
May  7 01:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Failed password for invalid user test from 190.103.202.7 port 49860 ssh2
May  7 01:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23419]: Connection closed by 190.103.202.7 port 49860 [preauth]
May  7 01:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23455]: pam_unix(cron:session): session closed for user p13x
May  7 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23518]: Successful su for rubyman by root
May  7 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23518]: + ??? root:rubyman
May  7 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343755 of user rubyman.
May  7 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23518]: pam_unix(su:session): session closed for user rubyman
May  7 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343755.
May  7 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23432]: Connection closed by 3.149.242.40 port 37306 [preauth]
May  7 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20395]: pam_unix(cron:session): session closed for user root
May  7 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23456]: pam_unix(cron:session): session closed for user samftp
May  7 01:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: Failed password for root from 217.154.13.145 port 41848 ssh2
May  7 01:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23743]: Connection closed by 217.154.13.145 port 41848 [preauth]
May  7 01:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Invalid user pi from 217.154.13.145
May  7 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: input_userauth_request: invalid user pi [preauth]
May  7 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Failed password for invalid user pi from 217.154.13.145 port 54680 ssh2
May  7 01:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23758]: Connection closed by 217.154.13.145 port 54680 [preauth]
May  7 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Invalid user hive from 217.154.13.145
May  7 01:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: input_userauth_request: invalid user hive [preauth]
May  7 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22472]: pam_unix(cron:session): session closed for user root
May  7 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Failed password for invalid user hive from 217.154.13.145 port 54690 ssh2
May  7 01:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23859]: Connection closed by 217.154.13.145 port 54690 [preauth]
May  7 01:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: Invalid user git from 217.154.13.145
May  7 01:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: input_userauth_request: invalid user git [preauth]
May  7 01:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: Failed password for invalid user git from 217.154.13.145 port 40374 ssh2
May  7 01:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23902]: Connection closed by 217.154.13.145 port 40374 [preauth]
May  7 01:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Invalid user wang from 217.154.13.145
May  7 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: input_userauth_request: invalid user wang [preauth]
May  7 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Failed password for invalid user wang from 217.154.13.145 port 40376 ssh2
May  7 01:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23915]: Connection closed by 217.154.13.145 port 40376 [preauth]
May  7 01:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Invalid user nginx from 217.154.13.145
May  7 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: input_userauth_request: invalid user nginx [preauth]
May  7 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for invalid user nginx from 217.154.13.145 port 40392 ssh2
May  7 01:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Connection closed by 217.154.13.145 port 40392 [preauth]
May  7 01:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Invalid user mongo from 217.154.13.145
May  7 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: input_userauth_request: invalid user mongo [preauth]
May  7 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user mongo from 217.154.13.145 port 57434 ssh2
May  7 01:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Connection closed by 217.154.13.145 port 57434 [preauth]
May  7 01:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Invalid user user from 217.154.13.145
May  7 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: input_userauth_request: invalid user user [preauth]
May  7 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Failed password for invalid user user from 217.154.13.145 port 57446 ssh2
May  7 01:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23960]: Connection closed by 217.154.13.145 port 57446 [preauth]
May  7 01:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Failed password for root from 218.92.0.232 port 13080 ssh2
May  7 01:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: Invalid user oracle from 217.154.13.145
May  7 01:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: input_userauth_request: invalid user oracle [preauth]
May  7 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Failed password for root from 218.92.0.232 port 13080 ssh2
May  7 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: Failed password for invalid user oracle from 217.154.13.145 port 53640 ssh2
May  7 01:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23972]: Connection closed by 217.154.13.145 port 53640 [preauth]
May  7 01:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Failed password for root from 218.92.0.232 port 13080 ssh2
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Received disconnect from 218.92.0.232 port 13080:11:  [preauth]
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: Disconnected from 218.92.0.232 port 13080 [preauth]
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23962]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Invalid user gpadmin from 217.154.13.145
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: input_userauth_request: invalid user gpadmin [preauth]
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session closed for user root
May  7 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23998]: pam_unix(cron:session): session closed for user p13x
May  7 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24068]: Successful su for rubyman by root
May  7 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24068]: + ??? root:rubyman
May  7 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343759 of user rubyman.
May  7 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24068]: pam_unix(su:session): session closed for user rubyman
May  7 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343759.
May  7 01:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Failed password for invalid user gpadmin from 217.154.13.145 port 53648 ssh2
May  7 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24000]: pam_unix(cron:session): session closed for user root
May  7 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23984]: Connection closed by 217.154.13.145 port 53648 [preauth]
May  7 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20799]: pam_unix(cron:session): session closed for user root
May  7 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Failed password for root from 218.92.0.232 port 59298 ssh2
May  7 01:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session closed for user samftp
May  7 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Failed password for root from 218.92.0.232 port 59298 ssh2
May  7 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Failed password for root from 217.154.13.145 port 60160 ssh2
May  7 01:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24263]: Connection closed by 217.154.13.145 port 60160 [preauth]
May  7 01:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Failed password for root from 218.92.0.232 port 59298 ssh2
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Received disconnect from 218.92.0.232 port 59298:11:  [preauth]
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: Disconnected from 218.92.0.232 port 59298 [preauth]
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23986]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Invalid user esroot from 217.154.13.145
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: input_userauth_request: invalid user esroot [preauth]
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Failed password for invalid user esroot from 217.154.13.145 port 60176 ssh2
May  7 01:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Connection closed by 217.154.13.145 port 60176 [preauth]
May  7 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Invalid user gitlab from 217.154.13.145
May  7 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: input_userauth_request: invalid user gitlab [preauth]
May  7 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Failed password for invalid user gitlab from 217.154.13.145 port 33678 ssh2
May  7 01:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24319]: Connection closed by 217.154.13.145 port 33678 [preauth]
May  7 01:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Invalid user apache from 217.154.13.145
May  7 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: input_userauth_request: invalid user apache [preauth]
May  7 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Failed password for invalid user apache from 217.154.13.145 port 33690 ssh2
May  7 01:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Connection closed by 217.154.13.145 port 33690 [preauth]
May  7 01:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for root from 217.154.13.145 port 33702 ssh2
May  7 01:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Connection closed by 217.154.13.145 port 33702 [preauth]
May  7 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Invalid user nessus from 64.227.130.206
May  7 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: input_userauth_request: invalid user nessus [preauth]
May  7 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Failed password for invalid user nessus from 64.227.130.206 port 44238 ssh2
May  7 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Received disconnect from 64.227.130.206 port 44238:11: Bye Bye [preauth]
May  7 01:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Disconnected from 64.227.130.206 port 44238 [preauth]
May  7 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Failed password for root from 217.154.13.145 port 36484 ssh2
May  7 01:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: Connection closed by 217.154.13.145 port 36484 [preauth]
May  7 01:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Invalid user user from 217.154.13.145
May  7 01:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: input_userauth_request: invalid user user [preauth]
May  7 01:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session closed for user root
May  7 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Failed password for invalid user user from 217.154.13.145 port 36512 ssh2
May  7 01:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24382]: Connection closed by 217.154.13.145 port 36512 [preauth]
May  7 01:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: Invalid user lighthouse from 217.154.13.145
May  7 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: input_userauth_request: invalid user lighthouse [preauth]
May  7 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: Failed password for invalid user lighthouse from 217.154.13.145 port 37380 ssh2
May  7 01:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24420]: Connection closed by 217.154.13.145 port 37380 [preauth]
May  7 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: Invalid user flask from 217.154.13.145
May  7 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: input_userauth_request: invalid user flask [preauth]
May  7 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: Failed password for invalid user flask from 217.154.13.145 port 37386 ssh2
May  7 01:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24434]: Connection closed by 217.154.13.145 port 37386 [preauth]
May  7 01:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Invalid user user1 from 217.154.13.145
May  7 01:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: input_userauth_request: invalid user user1 [preauth]
May  7 01:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Failed password for invalid user user1 from 217.154.13.145 port 42914 ssh2
May  7 01:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24456]: Connection closed by 217.154.13.145 port 42914 [preauth]
May  7 01:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Invalid user hadoop from 217.154.13.145
May  7 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: input_userauth_request: invalid user hadoop [preauth]
May  7 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Failed password for invalid user hadoop from 217.154.13.145 port 42930 ssh2
May  7 01:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24470]: Connection closed by 217.154.13.145 port 42930 [preauth]
May  7 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Invalid user oracle from 217.154.13.145
May  7 01:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: input_userauth_request: invalid user oracle [preauth]
May  7 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Failed password for invalid user oracle from 217.154.13.145 port 42944 ssh2
May  7 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24479]: Connection closed by 217.154.13.145 port 42944 [preauth]
May  7 01:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Invalid user test from 217.154.13.145
May  7 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: input_userauth_request: invalid user test [preauth]
May  7 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Failed password for invalid user test from 217.154.13.145 port 34758 ssh2
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24482]: Connection closed by 217.154.13.145 port 34758 [preauth]
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24494]: pam_unix(cron:session): session closed for user p13x
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24570]: Successful su for rubyman by root
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24570]: + ??? root:rubyman
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343764 of user rubyman.
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24570]: pam_unix(su:session): session closed for user rubyman
May  7 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343764.
May  7 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Failed password for root from 217.154.13.145 port 34766 ssh2
May  7 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session closed for user root
May  7 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Connection closed by 217.154.13.145 port 34766 [preauth]
May  7 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24495]: pam_unix(cron:session): session closed for user samftp
May  7 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Invalid user developer from 217.154.13.145
May  7 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: input_userauth_request: invalid user developer [preauth]
May  7 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Failed password for invalid user developer from 217.154.13.145 port 40522 ssh2
May  7 01:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24766]: Connection closed by 217.154.13.145 port 40522 [preauth]
May  7 01:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: Failed password for root from 217.154.13.145 port 40524 ssh2
May  7 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24776]: Connection closed by 217.154.13.145 port 40524 [preauth]
May  7 01:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 01:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: User mysql from 217.154.13.145 not allowed because not listed in AllowUsers
May  7 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: input_userauth_request: invalid user mysql [preauth]
May  7 01:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=mysql
May  7 01:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Failed password for root from 218.92.0.226 port 25462 ssh2
May  7 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: Failed password for invalid user mysql from 217.154.13.145 port 40892 ssh2
May  7 01:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24803]: Connection closed by 217.154.13.145 port 40892 [preauth]
May  7 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Failed password for root from 218.92.0.226 port 25462 ssh2
May  7 01:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Failed password for root from 218.92.0.226 port 25462 ssh2
May  7 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Received disconnect from 218.92.0.226 port 25462:11:  [preauth]
May  7 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: Disconnected from 218.92.0.226 port 25462 [preauth]
May  7 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24780]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Failed password for root from 217.154.13.145 port 40896 ssh2
May  7 01:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24813]: Connection closed by 217.154.13.145 port 40896 [preauth]
May  7 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Invalid user tom from 217.154.13.145
May  7 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: input_userauth_request: invalid user tom [preauth]
May  7 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Failed password for invalid user tom from 217.154.13.145 port 53658 ssh2
May  7 01:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24828]: Connection closed by 217.154.13.145 port 53658 [preauth]
May  7 01:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: Failed password for root from 217.154.13.145 port 53660 ssh2
May  7 01:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24839]: Connection closed by 217.154.13.145 port 53660 [preauth]
May  7 01:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Invalid user oscar from 217.154.13.145
May  7 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: input_userauth_request: invalid user oscar [preauth]
May  7 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23458]: pam_unix(cron:session): session closed for user root
May  7 01:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Failed password for invalid user oscar from 217.154.13.145 port 53672 ssh2
May  7 01:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24851]: Connection closed by 217.154.13.145 port 53672 [preauth]
May  7 01:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Failed password for root from 217.154.13.145 port 55426 ssh2
May  7 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24884]: Connection closed by 217.154.13.145 port 55426 [preauth]
May  7 01:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Failed password for root from 217.154.13.145 port 55436 ssh2
May  7 01:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Connection closed by 217.154.13.145 port 55436 [preauth]
May  7 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Invalid user user1 from 217.154.13.145
May  7 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: input_userauth_request: invalid user user1 [preauth]
May  7 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for invalid user user1 from 217.154.13.145 port 35820 ssh2
May  7 01:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Connection closed by 217.154.13.145 port 35820 [preauth]
May  7 01:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Failed password for root from 217.154.13.145 port 35822 ssh2
May  7 01:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Connection closed by 217.154.13.145 port 35822 [preauth]
May  7 01:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Invalid user flink from 217.154.13.145
May  7 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: input_userauth_request: invalid user flink [preauth]
May  7 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Failed password for invalid user flink from 217.154.13.145 port 34146 ssh2
May  7 01:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24938]: Connection closed by 217.154.13.145 port 34146 [preauth]
May  7 01:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Invalid user apache from 217.154.13.145
May  7 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: input_userauth_request: invalid user apache [preauth]
May  7 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24956]: pam_unix(cron:session): session closed for user p13x
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25023]: Successful su for rubyman by root
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25023]: + ??? root:rubyman
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343769 of user rubyman.
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25023]: pam_unix(su:session): session closed for user rubyman
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343769.
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Failed password for invalid user apache from 217.154.13.145 port 34152 ssh2
May  7 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24953]: Connection closed by 217.154.13.145 port 34152 [preauth]
May  7 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21724]: pam_unix(cron:session): session closed for user root
May  7 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24957]: pam_unix(cron:session): session closed for user samftp
May  7 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25127]: Failed password for root from 217.154.13.145 port 48986 ssh2
May  7 01:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25127]: Connection closed by 217.154.13.145 port 48986 [preauth]
May  7 01:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Invalid user nginx from 217.154.13.145
May  7 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: input_userauth_request: invalid user nginx [preauth]
May  7 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for invalid user nginx from 217.154.13.145 port 48998 ssh2
May  7 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Connection closed by 217.154.13.145 port 48998 [preauth]
May  7 01:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Invalid user esuser from 217.154.13.145
May  7 01:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: input_userauth_request: invalid user esuser [preauth]
May  7 01:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Failed password for root from 218.92.0.179 port 50496 ssh2
May  7 01:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Failed password for invalid user esuser from 217.154.13.145 port 49000 ssh2
May  7 01:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Connection closed by 217.154.13.145 port 49000 [preauth]
May  7 01:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Failed password for root from 218.92.0.179 port 50496 ssh2
May  7 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Failed password for root from 218.92.0.179 port 50496 ssh2
May  7 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Received disconnect from 218.92.0.179 port 50496:11:  [preauth]
May  7 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Disconnected from 218.92.0.179 port 50496 [preauth]
May  7 01:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25239]: Failed password for root from 217.154.13.145 port 33382 ssh2
May  7 01:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25239]: Connection closed by 217.154.13.145 port 33382 [preauth]
May  7 01:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Invalid user git from 217.154.13.145
May  7 01:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: input_userauth_request: invalid user git [preauth]
May  7 01:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Failed password for invalid user git from 217.154.13.145 port 33394 ssh2
May  7 01:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25251]: Connection closed by 217.154.13.145 port 33394 [preauth]
May  7 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Invalid user postgres from 217.154.13.145
May  7 01:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: input_userauth_request: invalid user postgres [preauth]
May  7 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 01:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Failed password for invalid user postgres from 217.154.13.145 port 52168 ssh2
May  7 01:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25283]: Connection closed by 217.154.13.145 port 52168 [preauth]
May  7 01:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Failed password for root from 218.92.0.220 port 33866 ssh2
May  7 01:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Invalid user svnuser from 217.154.13.145
May  7 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: input_userauth_request: invalid user svnuser [preauth]
May  7 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Failed password for root from 218.92.0.220 port 33866 ssh2
May  7 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Failed password for invalid user svnuser from 217.154.13.145 port 52174 ssh2
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Failed password for root from 218.92.0.220 port 33866 ssh2
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Connection closed by 217.154.13.145 port 52174 [preauth]
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Received disconnect from 218.92.0.220 port 33866:11:  [preauth]
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: Disconnected from 218.92.0.220 port 33866 [preauth]
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25285]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session closed for user root
May  7 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: Invalid user dolphinscheduler from 217.154.13.145
May  7 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: Failed password for invalid user dolphinscheduler from 217.154.13.145 port 49942 ssh2
May  7 01:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25328]: Connection closed by 217.154.13.145 port 49942 [preauth]
May  7 01:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Failed password for root from 217.154.13.145 port 49956 ssh2
May  7 01:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25330]: Connection closed by 217.154.13.145 port 49956 [preauth]
May  7 01:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Invalid user plexserver from 217.154.13.145
May  7 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: input_userauth_request: invalid user plexserver [preauth]
May  7 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Failed password for invalid user plexserver from 217.154.13.145 port 59904 ssh2
May  7 01:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Connection closed by 217.154.13.145 port 59904 [preauth]
May  7 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Invalid user sonar from 217.154.13.145
May  7 01:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: input_userauth_request: invalid user sonar [preauth]
May  7 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Failed password for invalid user sonar from 217.154.13.145 port 59916 ssh2
May  7 01:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25371]: Connection closed by 217.154.13.145 port 59916 [preauth]
May  7 01:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: Invalid user app from 217.154.13.145
May  7 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: input_userauth_request: invalid user app [preauth]
May  7 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: Failed password for invalid user app from 217.154.13.145 port 59930 ssh2
May  7 01:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25381]: Connection closed by 217.154.13.145 port 59930 [preauth]
May  7 01:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Invalid user tools from 217.154.13.145
May  7 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: input_userauth_request: invalid user tools [preauth]
May  7 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for invalid user tools from 217.154.13.145 port 44864 ssh2
May  7 01:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Connection closed by 217.154.13.145 port 44864 [preauth]
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25406]: pam_unix(cron:session): session closed for user p13x
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25468]: Successful su for rubyman by root
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25468]: + ??? root:rubyman
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343773 of user rubyman.
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25468]: pam_unix(su:session): session closed for user rubyman
May  7 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343773.
May  7 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Invalid user lighthouse from 217.154.13.145
May  7 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: input_userauth_request: invalid user lighthouse [preauth]
May  7 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Failed password for invalid user lighthouse from 217.154.13.145 port 44880 ssh2
May  7 01:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Connection closed by 217.154.13.145 port 44880 [preauth]
May  7 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22470]: pam_unix(cron:session): session closed for user root
May  7 01:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25407]: pam_unix(cron:session): session closed for user samftp
May  7 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: User mysql from 217.154.13.145 not allowed because not listed in AllowUsers
May  7 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: input_userauth_request: invalid user mysql [preauth]
May  7 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=mysql
May  7 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: Failed password for invalid user mysql from 217.154.13.145 port 36464 ssh2
May  7 01:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25675]: Connection closed by 217.154.13.145 port 36464 [preauth]
May  7 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Failed password for root from 217.154.13.145 port 36472 ssh2
May  7 01:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25704]: Connection closed by 217.154.13.145 port 36472 [preauth]
May  7 01:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Invalid user gpadmin from 217.154.13.145
May  7 01:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: input_userauth_request: invalid user gpadmin [preauth]
May  7 01:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Failed password for invalid user gpadmin from 217.154.13.145 port 37262 ssh2
May  7 01:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25726]: Connection closed by 217.154.13.145 port 37262 [preauth]
May  7 01:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Invalid user oracle from 217.154.13.145
May  7 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: input_userauth_request: invalid user oracle [preauth]
May  7 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Failed password for invalid user oracle from 217.154.13.145 port 37274 ssh2
May  7 01:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25751]: Connection closed by 217.154.13.145 port 37274 [preauth]
May  7 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: Failed password for root from 217.154.13.145 port 37278 ssh2
May  7 01:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25761]: Connection closed by 217.154.13.145 port 37278 [preauth]
May  7 01:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Invalid user www from 217.154.13.145
May  7 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: input_userauth_request: invalid user www [preauth]
May  7 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Failed password for invalid user www from 217.154.13.145 port 47896 ssh2
May  7 01:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25786]: Connection closed by 217.154.13.145 port 47896 [preauth]
May  7 01:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24497]: pam_unix(cron:session): session closed for user root
May  7 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25789]: Failed password for root from 217.154.13.145 port 47904 ssh2
May  7 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25789]: Connection closed by 217.154.13.145 port 47904 [preauth]
May  7 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Invalid user oscar from 217.154.13.145
May  7 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: input_userauth_request: invalid user oscar [preauth]
May  7 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Failed password for invalid user oscar from 217.154.13.145 port 60866 ssh2
May  7 01:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Connection closed by 217.154.13.145 port 60866 [preauth]
May  7 01:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Invalid user test from 217.154.13.145
May  7 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: input_userauth_request: invalid user test [preauth]
May  7 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Failed password for invalid user test from 217.154.13.145 port 60872 ssh2
May  7 01:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Connection closed by 217.154.13.145 port 60872 [preauth]
May  7 01:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Invalid user admin from 217.154.13.145
May  7 01:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: input_userauth_request: invalid user admin [preauth]
May  7 01:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Failed password for invalid user admin from 217.154.13.145 port 37472 ssh2
May  7 01:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Connection closed by 217.154.13.145 port 37472 [preauth]
May  7 01:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: Failed password for root from 217.154.13.145 port 37484 ssh2
May  7 01:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: Connection closed by 217.154.13.145 port 37484 [preauth]
May  7 01:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Invalid user app from 217.154.13.145
May  7 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: input_userauth_request: invalid user app [preauth]
May  7 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Failed password for invalid user app from 217.154.13.145 port 37490 ssh2
May  7 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Connection closed by 217.154.13.145 port 37490 [preauth]
May  7 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Invalid user alberto from 154.221.25.33
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: input_userauth_request: invalid user alberto [preauth]
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: Invalid user elastic from 217.154.13.145
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: input_userauth_request: invalid user elastic [preauth]
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Failed password for invalid user alberto from 154.221.25.33 port 41934 ssh2
May  7 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Received disconnect from 154.221.25.33 port 41934:11: Bye Bye [preauth]
May  7 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Disconnected from 154.221.25.33 port 41934 [preauth]
May  7 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: Failed password for invalid user elastic from 217.154.13.145 port 44656 ssh2
May  7 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25904]: Connection closed by 217.154.13.145 port 44656 [preauth]
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25921]: pam_unix(cron:session): session closed for user p13x
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: Successful su for rubyman by root
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: + ??? root:rubyman
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343776 of user rubyman.
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25991]: pam_unix(su:session): session closed for user rubyman
May  7 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343776.
May  7 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22911]: pam_unix(cron:session): session closed for user root
May  7 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Failed password for root from 217.154.13.145 port 44660 ssh2
May  7 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Connection closed by 217.154.13.145 port 44660 [preauth]
May  7 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25922]: pam_unix(cron:session): session closed for user samftp
May  7 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Invalid user guest from 217.154.13.145
May  7 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: input_userauth_request: invalid user guest [preauth]
May  7 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Failed password for invalid user guest from 217.154.13.145 port 50132 ssh2
May  7 01:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Connection closed by 217.154.13.145 port 50132 [preauth]
May  7 01:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 217.154.13.145 port 50138 ssh2
May  7 01:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Connection closed by 217.154.13.145 port 50138 [preauth]
May  7 01:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Invalid user sonar from 217.154.13.145
May  7 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: input_userauth_request: invalid user sonar [preauth]
May  7 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Failed password for invalid user sonar from 217.154.13.145 port 35438 ssh2
May  7 01:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26213]: Connection closed by 217.154.13.145 port 35438 [preauth]
May  7 01:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: Invalid user jumpserver from 217.154.13.145
May  7 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: input_userauth_request: invalid user jumpserver [preauth]
May  7 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: Failed password for invalid user jumpserver from 217.154.13.145 port 35444 ssh2
May  7 01:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26222]: Connection closed by 217.154.13.145 port 35444 [preauth]
May  7 01:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Invalid user tom from 217.154.13.145
May  7 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: input_userauth_request: invalid user tom [preauth]
May  7 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Failed password for invalid user tom from 217.154.13.145 port 44900 ssh2
May  7 01:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26240]: Connection closed by 217.154.13.145 port 44900 [preauth]
May  7 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: Failed password for root from 217.154.13.145 port 44914 ssh2
May  7 01:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26251]: Connection closed by 217.154.13.145 port 44914 [preauth]
May  7 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: Invalid user git from 217.154.13.145
May  7 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: input_userauth_request: invalid user git [preauth]
May  7 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24959]: pam_unix(cron:session): session closed for user root
May  7 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: Failed password for invalid user git from 217.154.13.145 port 44916 ssh2
May  7 01:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: Connection closed by 217.154.13.145 port 44916 [preauth]
May  7 01:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Invalid user ranger from 217.154.13.145
May  7 01:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: input_userauth_request: invalid user ranger [preauth]
May  7 01:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Failed password for invalid user ranger from 217.154.13.145 port 42850 ssh2
May  7 01:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Connection closed by 217.154.13.145 port 42850 [preauth]
May  7 01:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Failed password for root from 217.154.13.145 port 42852 ssh2
May  7 01:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Connection closed by 217.154.13.145 port 42852 [preauth]
May  7 01:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Invalid user appuser from 217.154.13.145
May  7 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: input_userauth_request: invalid user appuser [preauth]
May  7 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Failed password for invalid user appuser from 217.154.13.145 port 57444 ssh2
May  7 01:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26315]: Connection closed by 217.154.13.145 port 57444 [preauth]
May  7 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: Invalid user tom from 217.154.13.145
May  7 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: input_userauth_request: invalid user tom [preauth]
May  7 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: Failed password for invalid user tom from 217.154.13.145 port 57448 ssh2
May  7 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26329]: Connection closed by 217.154.13.145 port 57448 [preauth]
May  7 01:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: Failed password for root from 217.154.13.145 port 60712 ssh2
May  7 01:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26341]: Connection closed by 217.154.13.145 port 60712 [preauth]
May  7 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Invalid user ubuntu from 217.154.13.145
May  7 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: input_userauth_request: invalid user ubuntu [preauth]
May  7 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26359]: pam_unix(cron:session): session closed for user root
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session closed for user p13x
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: Successful su for rubyman by root
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: + ??? root:rubyman
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343781 of user rubyman.
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: pam_unix(su:session): session closed for user rubyman
May  7 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343781.
May  7 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Failed password for invalid user ubuntu from 217.154.13.145 port 60716 ssh2
May  7 01:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26351]: Connection closed by 217.154.13.145 port 60716 [preauth]
May  7 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session closed for user root
May  7 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23457]: pam_unix(cron:session): session closed for user root
May  7 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: Invalid user elsearch from 217.154.13.145
May  7 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: input_userauth_request: invalid user elsearch [preauth]
May  7 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user samftp
May  7 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: Failed password for invalid user elsearch from 217.154.13.145 port 60192 ssh2
May  7 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26670]: Connection closed by 217.154.13.145 port 60192 [preauth]
May  7 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: Invalid user nginx from 217.154.13.145
May  7 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: input_userauth_request: invalid user nginx [preauth]
May  7 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: Failed password for invalid user nginx from 217.154.13.145 port 60196 ssh2
May  7 01:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26723]: Connection closed by 217.154.13.145 port 60196 [preauth]
May  7 01:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Invalid user rancher from 217.154.13.145
May  7 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: input_userauth_request: invalid user rancher [preauth]
May  7 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Failed password for invalid user rancher from 217.154.13.145 port 60202 ssh2
May  7 01:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26739]: Connection closed by 217.154.13.145 port 60202 [preauth]
May  7 01:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Failed password for root from 217.154.13.145 port 43598 ssh2
May  7 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Connection closed by 217.154.13.145 port 43598 [preauth]
May  7 01:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Failed password for root from 218.92.0.225 port 36798 ssh2
May  7 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Invalid user rancher from 217.154.13.145
May  7 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: input_userauth_request: invalid user rancher [preauth]
May  7 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Failed password for invalid user rancher from 217.154.13.145 port 43610 ssh2
May  7 01:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26769]: Connection closed by 217.154.13.145 port 43610 [preauth]
May  7 01:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Invalid user es from 217.154.13.145
May  7 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: input_userauth_request: invalid user es [preauth]
May  7 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Failed password for invalid user es from 217.154.13.145 port 41672 ssh2
May  7 01:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26795]: Connection closed by 217.154.13.145 port 41672 [preauth]
May  7 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25409]: pam_unix(cron:session): session closed for user root
May  7 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Failed password for root from 217.154.13.145 port 41680 ssh2
May  7 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Connection closed by 217.154.13.145 port 41680 [preauth]
May  7 01:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Invalid user user from 217.154.13.145
May  7 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: input_userauth_request: invalid user user [preauth]
May  7 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Failed password for invalid user user from 217.154.13.145 port 55514 ssh2
May  7 01:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26831]: Connection closed by 217.154.13.145 port 55514 [preauth]
May  7 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Invalid user d from 130.195.9.205
May  7 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: input_userauth_request: invalid user d [preauth]
May  7 01:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 01:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26841]: Failed password for invalid user d from 130.195.9.205 port 50678 ssh2
May  7 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Failed password for root from 217.154.13.145 port 55524 ssh2
May  7 01:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26843]: Connection closed by 217.154.13.145 port 55524 [preauth]
May  7 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Invalid user uftp from 217.154.13.145
May  7 01:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: input_userauth_request: invalid user uftp [preauth]
May  7 01:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Failed password for invalid user uftp from 217.154.13.145 port 34134 ssh2
May  7 01:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26868]: Connection closed by 217.154.13.145 port 34134 [preauth]
May  7 01:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Invalid user huake from 64.227.130.206
May  7 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: input_userauth_request: invalid user huake [preauth]
May  7 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: Invalid user data from 217.154.13.145
May  7 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: input_userauth_request: invalid user data [preauth]
May  7 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Failed password for invalid user huake from 64.227.130.206 port 51516 ssh2
May  7 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Received disconnect from 64.227.130.206 port 51516:11: Bye Bye [preauth]
May  7 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Disconnected from 64.227.130.206 port 51516 [preauth]
May  7 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: Failed password for invalid user data from 217.154.13.145 port 34138 ssh2
May  7 01:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26884]: Connection closed by 217.154.13.145 port 34138 [preauth]
May  7 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Invalid user bigdata from 217.154.13.145
May  7 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: input_userauth_request: invalid user bigdata [preauth]
May  7 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Failed password for invalid user bigdata from 217.154.13.145 port 34154 ssh2
May  7 01:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Connection closed by 217.154.13.145 port 34154 [preauth]
May  7 01:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Invalid user oracle from 217.154.13.145
May  7 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: input_userauth_request: invalid user oracle [preauth]
May  7 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Failed password for invalid user oracle from 217.154.13.145 port 38664 ssh2
May  7 01:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26905]: Connection closed by 217.154.13.145 port 38664 [preauth]
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26917]: pam_unix(cron:session): session closed for user p13x
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27036]: Successful su for rubyman by root
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27036]: + ??? root:rubyman
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27036]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343788 of user rubyman.
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27036]: pam_unix(su:session): session closed for user rubyman
May  7 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343788.
May  7 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Invalid user plex from 217.154.13.145
May  7 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: input_userauth_request: invalid user plex [preauth]
May  7 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Failed password for invalid user plex from 217.154.13.145 port 38674 ssh2
May  7 01:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27029]: Connection closed by 217.154.13.145 port 38674 [preauth]
May  7 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user root
May  7 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session closed for user samftp
May  7 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Invalid user steam from 217.154.13.145
May  7 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: input_userauth_request: invalid user steam [preauth]
May  7 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.111  user=root
May  7 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Failed password for invalid user steam from 217.154.13.145 port 57036 ssh2
May  7 01:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Connection closed by 217.154.13.145 port 57036 [preauth]
May  7 01:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Invalid user esuser from 217.154.13.145
May  7 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: input_userauth_request: invalid user esuser [preauth]
May  7 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Failed password for root from 103.103.245.111 port 49658 ssh2
May  7 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Connection closed by 103.103.245.111 port 49658 [preauth]
May  7 01:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Failed password for invalid user esuser from 217.154.13.145 port 57046 ssh2
May  7 01:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27255]: Connection closed by 217.154.13.145 port 57046 [preauth]
May  7 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Invalid user observer from 217.154.13.145
May  7 01:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: input_userauth_request: invalid user observer [preauth]
May  7 01:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Failed password for invalid user observer from 217.154.13.145 port 45710 ssh2
May  7 01:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Connection closed by 217.154.13.145 port 45710 [preauth]
May  7 01:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Invalid user docker from 217.154.13.145
May  7 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: input_userauth_request: invalid user docker [preauth]
May  7 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Failed password for invalid user docker from 217.154.13.145 port 45724 ssh2
May  7 01:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27290]: Connection closed by 217.154.13.145 port 45724 [preauth]
May  7 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Invalid user user from 217.154.13.145
May  7 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: input_userauth_request: invalid user user [preauth]
May  7 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Failed password for invalid user user from 217.154.13.145 port 36640 ssh2
May  7 01:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27304]: Connection closed by 217.154.13.145 port 36640 [preauth]
May  7 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Invalid user elastic from 217.154.13.145
May  7 01:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: input_userauth_request: invalid user elastic [preauth]
May  7 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Failed password for invalid user elastic from 217.154.13.145 port 36644 ssh2
May  7 01:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27321]: Connection closed by 217.154.13.145 port 36644 [preauth]
May  7 01:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25924]: pam_unix(cron:session): session closed for user root
May  7 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Invalid user oracle from 217.154.13.145
May  7 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: input_userauth_request: invalid user oracle [preauth]
May  7 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user oracle from 217.154.13.145 port 36654 ssh2
May  7 01:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Connection closed by 217.154.13.145 port 36654 [preauth]
May  7 01:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: Invalid user postgres from 217.154.13.145
May  7 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: input_userauth_request: invalid user postgres [preauth]
May  7 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: Failed password for invalid user postgres from 217.154.13.145 port 56936 ssh2
May  7 01:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27372]: Connection closed by 217.154.13.145 port 56936 [preauth]
May  7 01:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Invalid user ts from 217.154.13.145
May  7 01:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: input_userauth_request: invalid user ts [preauth]
May  7 01:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Failed password for invalid user ts from 217.154.13.145 port 56946 ssh2
May  7 01:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27395]: Connection closed by 217.154.13.145 port 56946 [preauth]
May  7 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27429]: Failed password for root from 217.154.13.145 port 45158 ssh2
May  7 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27429]: Connection closed by 217.154.13.145 port 45158 [preauth]
May  7 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Invalid user ftpuser from 217.154.13.145
May  7 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: input_userauth_request: invalid user ftpuser [preauth]
May  7 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for invalid user ftpuser from 217.154.13.145 port 45168 ssh2
May  7 01:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Connection closed by 217.154.13.145 port 45168 [preauth]
May  7 01:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: Invalid user test from 217.154.13.145
May  7 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: input_userauth_request: invalid user test [preauth]
May  7 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: Failed password for invalid user test from 217.154.13.145 port 53688 ssh2
May  7 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27451]: Connection closed by 217.154.13.145 port 53688 [preauth]
May  7 01:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27468]: Did not receive identification string from 92.118.39.68
May  7 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Invalid user gitlab from 217.154.13.145
May  7 01:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: input_userauth_request: invalid user gitlab [preauth]
May  7 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27480]: pam_unix(cron:session): session closed for user p13x
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: Successful su for rubyman by root
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: + ??? root:rubyman
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343791 of user rubyman.
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27557]: pam_unix(su:session): session closed for user rubyman
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343791.
May  7 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Failed password for invalid user gitlab from 217.154.13.145 port 53694 ssh2
May  7 01:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27469]: Connection closed by 217.154.13.145 port 53694 [preauth]
May  7 01:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Invalid user guest from 217.154.13.145
May  7 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: input_userauth_request: invalid user guest [preauth]
May  7 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24496]: pam_unix(cron:session): session closed for user root
May  7 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session closed for user samftp
May  7 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Failed password for invalid user guest from 217.154.13.145 port 53700 ssh2
May  7 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Connection closed by 217.154.13.145 port 53700 [preauth]
May  7 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Invalid user worker from 217.154.13.145
May  7 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: input_userauth_request: invalid user worker [preauth]
May  7 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Failed password for invalid user worker from 217.154.13.145 port 43782 ssh2
May  7 01:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27748]: Connection closed by 217.154.13.145 port 43782 [preauth]
May  7 01:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: Invalid user flask from 217.154.13.145
May  7 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: input_userauth_request: invalid user flask [preauth]
May  7 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: Failed password for invalid user flask from 217.154.13.145 port 43792 ssh2
May  7 01:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27759]: Connection closed by 217.154.13.145 port 43792 [preauth]
May  7 01:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Invalid user gpuadmin from 217.154.13.145
May  7 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: input_userauth_request: invalid user gpuadmin [preauth]
May  7 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Failed password for invalid user gpuadmin from 217.154.13.145 port 53254 ssh2
May  7 01:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27783]: Connection closed by 217.154.13.145 port 53254 [preauth]
May  7 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Invalid user zabbix from 217.154.13.145
May  7 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: input_userauth_request: invalid user zabbix [preauth]
May  7 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user zabbix from 217.154.13.145 port 53258 ssh2
May  7 01:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Connection closed by 217.154.13.145 port 53258 [preauth]
May  7 01:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Failed password for root from 217.154.13.145 port 53816 ssh2
May  7 01:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27809]: Connection closed by 217.154.13.145 port 53816 [preauth]
May  7 01:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: Invalid user flask from 217.154.13.145
May  7 01:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: input_userauth_request: invalid user flask [preauth]
May  7 01:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: Failed password for invalid user flask from 217.154.13.145 port 53818 ssh2
May  7 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: Connection closed by 217.154.13.145 port 53818 [preauth]
May  7 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user root
May  7 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: Invalid user gitlab from 217.154.13.145
May  7 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: input_userauth_request: invalid user gitlab [preauth]
May  7 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: Failed password for invalid user gitlab from 217.154.13.145 port 38768 ssh2
May  7 01:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27853]: Connection closed by 217.154.13.145 port 38768 [preauth]
May  7 01:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: Invalid user testuser from 217.154.13.145
May  7 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: input_userauth_request: invalid user testuser [preauth]
May  7 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: Failed password for invalid user testuser from 217.154.13.145 port 38776 ssh2
May  7 01:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27869]: Connection closed by 217.154.13.145 port 38776 [preauth]
May  7 01:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Invalid user postgres from 217.154.13.145
May  7 01:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: input_userauth_request: invalid user postgres [preauth]
May  7 01:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Failed password for invalid user postgres from 217.154.13.145 port 38788 ssh2
May  7 01:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27879]: Connection closed by 217.154.13.145 port 38788 [preauth]
May  7 01:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Invalid user jenkins from 217.154.13.145
May  7 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: input_userauth_request: invalid user jenkins [preauth]
May  7 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Failed password for invalid user jenkins from 217.154.13.145 port 44406 ssh2
May  7 01:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27894]: Connection closed by 217.154.13.145 port 44406 [preauth]
May  7 01:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Failed password for root from 217.154.13.145 port 44418 ssh2
May  7 01:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27906]: Connection closed by 217.154.13.145 port 44418 [preauth]
May  7 01:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Invalid user admin from 217.154.13.145
May  7 01:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: input_userauth_request: invalid user admin [preauth]
May  7 01:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Failed password for invalid user admin from 217.154.13.145 port 37670 ssh2
May  7 01:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27916]: Connection closed by 217.154.13.145 port 37670 [preauth]
May  7 01:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Invalid user weblogic from 217.154.13.145
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: input_userauth_request: invalid user weblogic [preauth]
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27930]: pam_unix(cron:session): session closed for user p13x
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: Successful su for rubyman by root
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: + ??? root:rubyman
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343795 of user rubyman.
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27995]: pam_unix(su:session): session closed for user rubyman
May  7 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343795.
May  7 01:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Failed password for invalid user weblogic from 217.154.13.145 port 37686 ssh2
May  7 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27926]: Connection closed by 217.154.13.145 port 37686 [preauth]
May  7 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24958]: pam_unix(cron:session): session closed for user root
May  7 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Invalid user centos from 217.154.13.145
May  7 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: input_userauth_request: invalid user centos [preauth]
May  7 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27931]: pam_unix(cron:session): session closed for user samftp
May  7 01:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Failed password for invalid user centos from 217.154.13.145 port 52116 ssh2
May  7 01:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28165]: Connection closed by 217.154.13.145 port 52116 [preauth]
May  7 01:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Invalid user steam from 217.154.13.145
May  7 01:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: input_userauth_request: invalid user steam [preauth]
May  7 01:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Failed password for invalid user steam from 217.154.13.145 port 52130 ssh2
May  7 01:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Connection closed by 217.154.13.145 port 52130 [preauth]
May  7 01:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Invalid user test from 217.154.13.145
May  7 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: input_userauth_request: invalid user test [preauth]
May  7 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for invalid user test from 217.154.13.145 port 38218 ssh2
May  7 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Connection closed by 217.154.13.145 port 38218 [preauth]
May  7 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: Invalid user test from 217.154.13.145
May  7 01:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: input_userauth_request: invalid user test [preauth]
May  7 01:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: Failed password for invalid user test from 217.154.13.145 port 38234 ssh2
May  7 01:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28218]: Connection closed by 217.154.13.145 port 38234 [preauth]
May  7 01:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Failed password for root from 217.154.13.145 port 38246 ssh2
May  7 01:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28230]: Connection closed by 217.154.13.145 port 38246 [preauth]
May  7 01:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Invalid user centos from 217.154.13.145
May  7 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: input_userauth_request: invalid user centos [preauth]
May  7 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Failed password for invalid user centos from 217.154.13.145 port 38766 ssh2
May  7 01:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28252]: Connection closed by 217.154.13.145 port 38766 [preauth]
May  7 01:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Invalid user tomcat from 217.154.13.145
May  7 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: input_userauth_request: invalid user tomcat [preauth]
May  7 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26922]: pam_unix(cron:session): session closed for user root
May  7 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Failed password for invalid user tomcat from 217.154.13.145 port 38778 ssh2
May  7 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Connection closed by 217.154.13.145 port 38778 [preauth]
May  7 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: User mysql from 217.154.13.145 not allowed because not listed in AllowUsers
May  7 01:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: input_userauth_request: invalid user mysql [preauth]
May  7 01:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=mysql
May  7 01:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Failed password for invalid user mysql from 217.154.13.145 port 35298 ssh2
May  7 01:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28286]: Connection closed by 217.154.13.145 port 35298 [preauth]
May  7 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Failed password for root from 217.154.13.145 port 35312 ssh2
May  7 01:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28297]: Connection closed by 217.154.13.145 port 35312 [preauth]
May  7 01:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Failed password for root from 217.154.13.145 port 36948 ssh2
May  7 01:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28319]: Connection closed by 217.154.13.145 port 36948 [preauth]
May  7 01:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Invalid user zabbix from 217.154.13.145
May  7 01:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: input_userauth_request: invalid user zabbix [preauth]
May  7 01:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Failed password for invalid user zabbix from 217.154.13.145 port 36964 ssh2
May  7 01:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28331]: Connection closed by 217.154.13.145 port 36964 [preauth]
May  7 01:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Invalid user kubernetes from 217.154.13.145
May  7 01:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: input_userauth_request: invalid user kubernetes [preauth]
May  7 01:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user kubernetes from 217.154.13.145 port 36970 ssh2
May  7 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Connection closed by 217.154.13.145 port 36970 [preauth]
May  7 01:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Invalid user observer from 217.154.13.145
May  7 01:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: input_userauth_request: invalid user observer [preauth]
May  7 01:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Failed password for invalid user observer from 217.154.13.145 port 51126 ssh2
May  7 01:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28354]: Connection closed by 217.154.13.145 port 51126 [preauth]
May  7 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28359]: pam_unix(cron:session): session closed for user p13x
May  7 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: Successful su for rubyman by root
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: + ??? root:rubyman
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343799 of user rubyman.
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28428]: pam_unix(su:session): session closed for user rubyman
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343799.
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Invalid user hadoop from 217.154.13.145
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: input_userauth_request: invalid user hadoop [preauth]
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25408]: pam_unix(cron:session): session closed for user root
May  7 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Failed password for invalid user hadoop from 217.154.13.145 port 51128 ssh2
May  7 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28402]: Connection closed by 217.154.13.145 port 51128 [preauth]
May  7 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28360]: pam_unix(cron:session): session closed for user samftp
May  7 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: Invalid user bot from 217.154.13.145
May  7 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: input_userauth_request: invalid user bot [preauth]
May  7 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: Failed password for invalid user bot from 217.154.13.145 port 54390 ssh2
May  7 01:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28610]: Connection closed by 217.154.13.145 port 54390 [preauth]
May  7 01:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Invalid user debianuser from 217.154.13.145
May  7 01:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: input_userauth_request: invalid user debianuser [preauth]
May  7 01:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Failed password for invalid user debianuser from 217.154.13.145 port 54402 ssh2
May  7 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28625]: Connection closed by 217.154.13.145 port 54402 [preauth]
May  7 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: Invalid user ranger from 217.154.13.145
May  7 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: input_userauth_request: invalid user ranger [preauth]
May  7 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: Failed password for invalid user ranger from 217.154.13.145 port 60538 ssh2
May  7 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28648]: Connection closed by 217.154.13.145 port 60538 [preauth]
May  7 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: Invalid user zxc from 154.221.25.33
May  7 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: input_userauth_request: invalid user zxc [preauth]
May  7 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: Invalid user oracle from 217.154.13.145
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: input_userauth_request: invalid user oracle [preauth]
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: Failed password for invalid user zxc from 154.221.25.33 port 39504 ssh2
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: Received disconnect from 154.221.25.33 port 39504:11: Bye Bye [preauth]
May  7 01:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28650]: Disconnected from 154.221.25.33 port 39504 [preauth]
May  7 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: Failed password for invalid user oracle from 217.154.13.145 port 60550 ssh2
May  7 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28663]: Connection closed by 217.154.13.145 port 60550 [preauth]
May  7 01:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: User ftp from 217.154.13.145 not allowed because not listed in AllowUsers
May  7 01:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: input_userauth_request: invalid user ftp [preauth]
May  7 01:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=ftp
May  7 01:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: Failed password for invalid user ftp from 217.154.13.145 port 39276 ssh2
May  7 01:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: Connection closed by 217.154.13.145 port 39276 [preauth]
May  7 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Invalid user elastic from 217.154.13.145
May  7 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: input_userauth_request: invalid user elastic [preauth]
May  7 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Failed password for invalid user elastic from 217.154.13.145 port 39280 ssh2
May  7 01:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28690]: Connection closed by 217.154.13.145 port 39280 [preauth]
May  7 01:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27488]: pam_unix(cron:session): session closed for user root
May  7 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: Failed password for root from 217.154.13.145 port 39290 ssh2
May  7 01:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28700]: Connection closed by 217.154.13.145 port 39290 [preauth]
May  7 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: Invalid user admin from 217.154.13.145
May  7 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: input_userauth_request: invalid user admin [preauth]
May  7 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: Failed password for invalid user admin from 217.154.13.145 port 38482 ssh2
May  7 01:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28732]: Connection closed by 217.154.13.145 port 38482 [preauth]
May  7 01:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Invalid user default from 217.154.13.145
May  7 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: input_userauth_request: invalid user default [preauth]
May  7 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Failed password for invalid user default from 217.154.13.145 port 38490 ssh2
May  7 01:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28745]: Connection closed by 217.154.13.145 port 38490 [preauth]
May  7 01:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Invalid user tomcat from 217.154.13.145
May  7 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: input_userauth_request: invalid user tomcat [preauth]
May  7 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Failed password for invalid user tomcat from 217.154.13.145 port 49412 ssh2
May  7 01:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Connection closed by 217.154.13.145 port 49412 [preauth]
May  7 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Invalid user gitlab from 217.154.13.145
May  7 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: input_userauth_request: invalid user gitlab [preauth]
May  7 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Failed password for invalid user gitlab from 217.154.13.145 port 49414 ssh2
May  7 01:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Connection closed by 217.154.13.145 port 49414 [preauth]
May  7 01:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Failed password for root from 217.154.13.145 port 48604 ssh2
May  7 01:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28782]: Connection closed by 217.154.13.145 port 48604 [preauth]
May  7 01:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Invalid user hadoop from 217.154.13.145
May  7 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: input_userauth_request: invalid user hadoop [preauth]
May  7 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28803]: pam_unix(cron:session): session closed for user root
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28797]: pam_unix(cron:session): session closed for user p13x
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Failed password for invalid user hadoop from 217.154.13.145 port 48610 ssh2
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28793]: Connection closed by 217.154.13.145 port 48610 [preauth]
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: Successful su for rubyman by root
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: + ??? root:rubyman
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343804 of user rubyman.
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28875]: pam_unix(su:session): session closed for user rubyman
May  7 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343804.
May  7 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: Invalid user tools from 217.154.13.145
May  7 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: input_userauth_request: invalid user tools [preauth]
May  7 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28799]: pam_unix(cron:session): session closed for user root
May  7 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25923]: pam_unix(cron:session): session closed for user root
May  7 01:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: Failed password for invalid user tools from 217.154.13.145 port 48626 ssh2
May  7 01:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28947]: Connection closed by 217.154.13.145 port 48626 [preauth]
May  7 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28798]: pam_unix(cron:session): session closed for user samftp
May  7 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Invalid user admin from 217.154.13.145
May  7 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: input_userauth_request: invalid user admin [preauth]
May  7 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Failed password for invalid user admin from 217.154.13.145 port 46120 ssh2
May  7 01:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29180]: Connection closed by 217.154.13.145 port 46120 [preauth]
May  7 01:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: Invalid user www from 217.154.13.145
May  7 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: input_userauth_request: invalid user www [preauth]
May  7 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: Failed password for invalid user www from 217.154.13.145 port 46130 ssh2
May  7 01:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29192]: Connection closed by 217.154.13.145 port 46130 [preauth]
May  7 01:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Failed password for root from 217.154.13.145 port 39574 ssh2
May  7 01:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29215]: Connection closed by 217.154.13.145 port 39574 [preauth]
May  7 01:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Failed password for root from 217.154.13.145 port 39580 ssh2
May  7 01:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29226]: Connection closed by 217.154.13.145 port 39580 [preauth]
May  7 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Invalid user es from 217.154.13.145
May  7 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: input_userauth_request: invalid user es [preauth]
May  7 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Failed password for invalid user es from 217.154.13.145 port 34144 ssh2
May  7 01:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Connection closed by 217.154.13.145 port 34144 [preauth]
May  7 01:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Failed password for root from 217.154.13.145 port 34154 ssh2
May  7 01:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Connection closed by 217.154.13.145 port 34154 [preauth]
May  7 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27933]: pam_unix(cron:session): session closed for user root
May  7 01:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: Invalid user oracle from 217.154.13.145
May  7 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: input_userauth_request: invalid user oracle [preauth]
May  7 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: Failed password for invalid user oracle from 217.154.13.145 port 53980 ssh2
May  7 01:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29285]: Connection closed by 217.154.13.145 port 53980 [preauth]
May  7 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Invalid user uftp from 217.154.13.145
May  7 01:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: input_userauth_request: invalid user uftp [preauth]
May  7 01:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Failed password for invalid user uftp from 217.154.13.145 port 53994 ssh2
May  7 01:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29301]: Connection closed by 217.154.13.145 port 53994 [preauth]
May  7 01:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Invalid user flink from 217.154.13.145
May  7 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: input_userauth_request: invalid user flink [preauth]
May  7 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Failed password for invalid user flink from 217.154.13.145 port 54002 ssh2
May  7 01:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29311]: Connection closed by 217.154.13.145 port 54002 [preauth]
May  7 01:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: Invalid user gitlab-runner from 217.154.13.145
May  7 01:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: input_userauth_request: invalid user gitlab-runner [preauth]
May  7 01:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: Failed password for invalid user gitlab-runner from 217.154.13.145 port 54532 ssh2
May  7 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29336]: Connection closed by 217.154.13.145 port 54532 [preauth]
May  7 01:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.111  user=root
May  7 01:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Invalid user es from 217.154.13.145
May  7 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: input_userauth_request: invalid user es [preauth]
May  7 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Failed password for root from 103.103.245.111 port 52396 ssh2
May  7 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Failed password for invalid user es from 217.154.13.145 port 54544 ssh2
May  7 01:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29348]: Connection closed by 217.154.13.145 port 54544 [preauth]
May  7 01:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Invalid user pi from 103.103.245.111
May  7 01:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: input_userauth_request: invalid user pi [preauth]
May  7 01:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Invalid user oracle from 217.154.13.145
May  7 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: input_userauth_request: invalid user oracle [preauth]
May  7 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Failed password for invalid user oracle from 217.154.13.145 port 40956 ssh2
May  7 01:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29360]: Connection closed by 217.154.13.145 port 40956 [preauth]
May  7 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Invalid user ubnt from 217.154.13.145
May  7 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: input_userauth_request: invalid user ubnt [preauth]
May  7 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28665]: Connection closed by 103.103.245.111 port 52396 [preauth]
May  7 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session closed for user p13x
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: Successful su for rubyman by root
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: + ??? root:rubyman
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343809 of user rubyman.
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29445]: pam_unix(su:session): session closed for user rubyman
May  7 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343809.
May  7 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for invalid user ubnt from 217.154.13.145 port 40966 ssh2
May  7 01:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Connection closed by 217.154.13.145 port 40966 [preauth]
May  7 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user root
May  7 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: Invalid user nvidia from 217.154.13.145
May  7 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: input_userauth_request: invalid user nvidia [preauth]
May  7 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29375]: pam_unix(cron:session): session closed for user samftp
May  7 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.103.245.111
May  7 01:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: Failed password for invalid user nvidia from 217.154.13.145 port 38156 ssh2
May  7 01:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29598]: Connection closed by 217.154.13.145 port 38156 [preauth]
May  7 01:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Failed password for invalid user pi from 103.103.245.111 port 59932 ssh2
May  7 01:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Connection reset by 103.103.245.111 port 59932 [preauth]
May  7 01:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Failed password for root from 217.154.13.145 port 38160 ssh2
May  7 01:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Connection closed by 217.154.13.145 port 38160 [preauth]
May  7 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: Failed password for root from 217.154.13.145 port 38174 ssh2
May  7 01:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29660]: Connection closed by 217.154.13.145 port 38174 [preauth]
May  7 01:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Invalid user developer from 217.154.13.145
May  7 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: input_userauth_request: invalid user developer [preauth]
May  7 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Failed password for invalid user developer from 217.154.13.145 port 34868 ssh2
May  7 01:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Connection closed by 217.154.13.145 port 34868 [preauth]
May  7 01:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Invalid user alberto from 64.227.130.206
May  7 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: input_userauth_request: invalid user alberto [preauth]
May  7 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Failed password for root from 217.154.13.145 port 34876 ssh2
May  7 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Failed password for invalid user alberto from 64.227.130.206 port 33328 ssh2
May  7 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29684]: Connection closed by 217.154.13.145 port 34876 [preauth]
May  7 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Received disconnect from 64.227.130.206 port 33328:11: Bye Bye [preauth]
May  7 01:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Disconnected from 64.227.130.206 port 33328 [preauth]
May  7 01:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29700]: User ftp from 217.154.13.145 not allowed because not listed in AllowUsers
May  7 01:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29700]: input_userauth_request: invalid user ftp [preauth]
May  7 01:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=ftp
May  7 01:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29700]: Failed password for invalid user ftp from 217.154.13.145 port 58834 ssh2
May  7 01:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29700]: Connection closed by 217.154.13.145 port 58834 [preauth]
May  7 01:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: Invalid user mongodb from 217.154.13.145
May  7 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: input_userauth_request: invalid user mongodb [preauth]
May  7 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: Failed password for invalid user mongodb from 217.154.13.145 port 58850 ssh2
May  7 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: Connection closed by 217.154.13.145 port 58850 [preauth]
May  7 01:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28362]: pam_unix(cron:session): session closed for user root
May  7 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: Invalid user mongodb from 217.154.13.145
May  7 01:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: input_userauth_request: invalid user mongodb [preauth]
May  7 01:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: Failed password for invalid user mongodb from 217.154.13.145 port 45740 ssh2
May  7 01:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29747]: Connection closed by 217.154.13.145 port 45740 [preauth]
May  7 01:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Invalid user app from 217.154.13.145
May  7 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: input_userauth_request: invalid user app [preauth]
May  7 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Failed password for invalid user app from 217.154.13.145 port 45756 ssh2
May  7 01:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Connection closed by 217.154.13.145 port 45756 [preauth]
May  7 01:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Failed password for root from 217.154.13.145 port 40402 ssh2
May  7 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Connection closed by 217.154.13.145 port 40402 [preauth]
May  7 01:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Invalid user www from 217.154.13.145
May  7 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: input_userauth_request: invalid user www [preauth]
May  7 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Invalid user admin from 80.94.95.241
May  7 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: input_userauth_request: invalid user admin [preauth]
May  7 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for invalid user www from 217.154.13.145 port 40418 ssh2
May  7 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 217.154.13.145 port 40418 [preauth]
May  7 01:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user admin from 80.94.95.241 port 40061 ssh2
May  7 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Invalid user sonar from 217.154.13.145
May  7 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: input_userauth_request: invalid user sonar [preauth]
May  7 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user admin from 80.94.95.241 port 40061 ssh2
May  7 01:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Failed password for invalid user sonar from 217.154.13.145 port 40420 ssh2
May  7 01:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29793]: Connection closed by 217.154.13.145 port 40420 [preauth]
May  7 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user admin from 80.94.95.241 port 40061 ssh2
May  7 01:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Invalid user elasticsearch from 217.154.13.145
May  7 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user admin from 80.94.95.241 port 40061 ssh2
May  7 01:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Failed password for invalid user elasticsearch from 217.154.13.145 port 35232 ssh2
May  7 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Connection closed by 217.154.13.145 port 35232 [preauth]
May  7 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user admin from 80.94.95.241 port 40061 ssh2
May  7 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Received disconnect from 80.94.95.241 port 40061:11: Bye [preauth]
May  7 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Disconnected from 80.94.95.241 port 40061 [preauth]
May  7 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 01:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29814]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29815]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29814]: pam_unix(cron:session): session closed for user p13x
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29879]: Successful su for rubyman by root
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29879]: + ??? root:rubyman
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343812 of user rubyman.
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29879]: pam_unix(su:session): session closed for user rubyman
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343812.
May  7 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Invalid user docker from 217.154.13.145
May  7 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: input_userauth_request: invalid user docker [preauth]
May  7 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Failed password for invalid user docker from 217.154.13.145 port 35236 ssh2
May  7 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29902]: Connection closed by 217.154.13.145 port 35236 [preauth]
May  7 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user root
May  7 01:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29815]: pam_unix(cron:session): session closed for user samftp
May  7 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: Failed password for root from 217.154.13.145 port 53370 ssh2
May  7 01:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30068]: Connection closed by 217.154.13.145 port 53370 [preauth]
May  7 01:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Invalid user postgres from 217.154.13.145
May  7 01:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: input_userauth_request: invalid user postgres [preauth]
May  7 01:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Failed password for invalid user postgres from 217.154.13.145 port 53372 ssh2
May  7 01:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Connection closed by 217.154.13.145 port 53372 [preauth]
May  7 01:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Invalid user dev from 217.154.13.145
May  7 01:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: input_userauth_request: invalid user dev [preauth]
May  7 01:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Failed password for invalid user dev from 217.154.13.145 port 59352 ssh2
May  7 01:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30104]: Connection closed by 217.154.13.145 port 59352 [preauth]
May  7 01:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Invalid user guest from 217.154.13.145
May  7 01:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: input_userauth_request: invalid user guest [preauth]
May  7 01:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Failed password for invalid user guest from 217.154.13.145 port 59362 ssh2
May  7 01:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30108]: Connection closed by 217.154.13.145 port 59362 [preauth]
May  7 01:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Invalid user tomcat from 217.154.13.145
May  7 01:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: input_userauth_request: invalid user tomcat [preauth]
May  7 01:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Failed password for invalid user tomcat from 217.154.13.145 port 59374 ssh2
May  7 01:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Connection closed by 217.154.13.145 port 59374 [preauth]
May  7 01:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Invalid user elsearch from 217.154.13.145
May  7 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: input_userauth_request: invalid user elsearch [preauth]
May  7 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Failed password for invalid user elsearch from 217.154.13.145 port 34320 ssh2
May  7 01:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Connection closed by 217.154.13.145 port 34320 [preauth]
May  7 01:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Invalid user git from 217.154.13.145
May  7 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: input_userauth_request: invalid user git [preauth]
May  7 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28802]: pam_unix(cron:session): session closed for user root
May  7 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Failed password for invalid user git from 217.154.13.145 port 34330 ssh2
May  7 01:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30153]: Connection closed by 217.154.13.145 port 34330 [preauth]
May  7 01:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Invalid user vagrant from 217.154.13.145
May  7 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: input_userauth_request: invalid user vagrant [preauth]
May  7 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Failed password for invalid user vagrant from 217.154.13.145 port 53300 ssh2
May  7 01:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: Connection closed by 217.154.13.145 port 53300 [preauth]
May  7 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Invalid user esuser from 217.154.13.145
May  7 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: input_userauth_request: invalid user esuser [preauth]
May  7 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Failed password for invalid user esuser from 217.154.13.145 port 53308 ssh2
May  7 01:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30193]: Connection closed by 217.154.13.145 port 53308 [preauth]
May  7 01:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Invalid user ftpuser from 217.154.13.145
May  7 01:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: input_userauth_request: invalid user ftpuser [preauth]
May  7 01:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Failed password for invalid user ftpuser from 217.154.13.145 port 35234 ssh2
May  7 01:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Connection closed by 217.154.13.145 port 35234 [preauth]
May  7 01:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: Invalid user esuser from 217.154.13.145
May  7 01:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: input_userauth_request: invalid user esuser [preauth]
May  7 01:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: Failed password for invalid user esuser from 217.154.13.145 port 35250 ssh2
May  7 01:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30218]: Connection closed by 217.154.13.145 port 35250 [preauth]
May  7 01:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Failed password for root from 217.154.13.145 port 55778 ssh2
May  7 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30228]: Connection closed by 217.154.13.145 port 55778 [preauth]
May  7 01:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 01:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: Invalid user worker from 217.154.13.145
May  7 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: input_userauth_request: invalid user worker [preauth]
May  7 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for root from 218.92.0.221 port 46566 ssh2
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: Failed password for invalid user worker from 217.154.13.145 port 55790 ssh2
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30240]: Connection closed by 217.154.13.145 port 55790 [preauth]
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30243]: pam_unix(cron:session): session closed for user p13x
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for root from 218.92.0.221 port 46566 ssh2
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30308]: Successful su for rubyman by root
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30308]: + ??? root:rubyman
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343817 of user rubyman.
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30308]: pam_unix(su:session): session closed for user rubyman
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343817.
May  7 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Invalid user ftpuser from 217.154.13.145
May  7 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: input_userauth_request: invalid user ftpuser [preauth]
May  7 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27487]: pam_unix(cron:session): session closed for user root
May  7 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Failed password for root from 218.92.0.221 port 46566 ssh2
May  7 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Received disconnect from 218.92.0.221 port 46566:11:  [preauth]
May  7 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: Disconnected from 218.92.0.221 port 46566 [preauth]
May  7 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30230]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Failed password for invalid user ftpuser from 217.154.13.145 port 55792 ssh2
May  7 01:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Connection closed by 217.154.13.145 port 55792 [preauth]
May  7 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30244]: pam_unix(cron:session): session closed for user samftp
May  7 01:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Invalid user admin from 217.154.13.145
May  7 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: input_userauth_request: invalid user admin [preauth]
May  7 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Failed password for invalid user admin from 217.154.13.145 port 41748 ssh2
May  7 01:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Connection closed by 217.154.13.145 port 41748 [preauth]
May  7 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Invalid user steam from 217.154.13.145
May  7 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: input_userauth_request: invalid user steam [preauth]
May  7 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Failed password for invalid user steam from 217.154.13.145 port 41758 ssh2
May  7 01:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30505]: Connection closed by 217.154.13.145 port 41758 [preauth]
May  7 01:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Invalid user es from 217.154.13.145
May  7 01:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: input_userauth_request: invalid user es [preauth]
May  7 01:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Failed password for invalid user es from 217.154.13.145 port 49186 ssh2
May  7 01:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30528]: Connection closed by 217.154.13.145 port 49186 [preauth]
May  7 01:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Failed password for root from 217.154.13.145 port 49192 ssh2
May  7 01:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Connection closed by 217.154.13.145 port 49192 [preauth]
May  7 01:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  7 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Invalid user deploy from 217.154.13.145
May  7 01:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: input_userauth_request: invalid user deploy [preauth]
May  7 01:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30541]: Failed password for root from 218.92.0.230 port 31314 ssh2
May  7 01:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for invalid user deploy from 217.154.13.145 port 37938 ssh2
May  7 01:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Connection closed by 217.154.13.145 port 37938 [preauth]
May  7 01:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Invalid user demo from 217.154.13.145
May  7 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: input_userauth_request: invalid user demo [preauth]
May  7 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Failed password for invalid user demo from 217.154.13.145 port 37942 ssh2
May  7 01:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30572]: Connection closed by 217.154.13.145 port 37942 [preauth]
May  7 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29378]: pam_unix(cron:session): session closed for user root
May  7 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Invalid user deploy from 217.154.13.145
May  7 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: input_userauth_request: invalid user deploy [preauth]
May  7 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Failed password for invalid user deploy from 217.154.13.145 port 49210 ssh2
May  7 01:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30587]: Connection closed by 217.154.13.145 port 49210 [preauth]
May  7 01:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Invalid user dev from 217.154.13.145
May  7 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: input_userauth_request: invalid user dev [preauth]
May  7 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Failed password for invalid user dev from 217.154.13.145 port 49222 ssh2
May  7 01:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30607]: Connection closed by 217.154.13.145 port 49222 [preauth]
May  7 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Invalid user oscar from 217.154.13.145
May  7 01:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: input_userauth_request: invalid user oscar [preauth]
May  7 01:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Failed password for invalid user oscar from 217.154.13.145 port 49226 ssh2
May  7 01:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30629]: Connection closed by 217.154.13.145 port 49226 [preauth]
May  7 01:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Invalid user dolphinscheduler from 217.154.13.145
May  7 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Failed password for invalid user dolphinscheduler from 217.154.13.145 port 50164 ssh2
May  7 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Connection closed by 217.154.13.145 port 50164 [preauth]
May  7 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Invalid user pi from 217.154.13.145
May  7 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: input_userauth_request: invalid user pi [preauth]
May  7 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Failed password for invalid user pi from 217.154.13.145 port 50168 ssh2
May  7 01:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Connection closed by 217.154.13.145 port 50168 [preauth]
May  7 01:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Invalid user dev from 217.154.13.145
May  7 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: input_userauth_request: invalid user dev [preauth]
May  7 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Failed password for invalid user dev from 217.154.13.145 port 43748 ssh2
May  7 01:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Connection closed by 217.154.13.145 port 43748 [preauth]
May  7 01:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session closed for user p13x
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: Invalid user oceanbase from 217.154.13.145
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: input_userauth_request: invalid user oceanbase [preauth]
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: Successful su for rubyman by root
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: + ??? root:rubyman
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343822 of user rubyman.
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30798]: pam_unix(su:session): session closed for user rubyman
May  7 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343822.
May  7 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session closed for user root
May  7 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: Failed password for invalid user oceanbase from 217.154.13.145 port 43762 ssh2
May  7 01:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30664]: Connection closed by 217.154.13.145 port 43762 [preauth]
May  7 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27932]: pam_unix(cron:session): session closed for user root
May  7 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Invalid user lighthouse from 217.154.13.145
May  7 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: input_userauth_request: invalid user lighthouse [preauth]
May  7 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session closed for user samftp
May  7 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Failed password for invalid user lighthouse from 217.154.13.145 port 56054 ssh2
May  7 01:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Connection closed by 217.154.13.145 port 56054 [preauth]
May  7 01:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Failed password for root from 217.154.13.145 port 56060 ssh2
May  7 01:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Connection closed by 217.154.13.145 port 56060 [preauth]
May  7 01:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Failed password for root from 217.154.13.145 port 48718 ssh2
May  7 01:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31137]: Connection closed by 217.154.13.145 port 48718 [preauth]
May  7 01:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Failed password for root from 217.154.13.145 port 48734 ssh2
May  7 01:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: Connection closed by 217.154.13.145 port 48734 [preauth]
May  7 01:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: Failed password for root from 217.154.13.145 port 48746 ssh2
May  7 01:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31152]: Connection closed by 217.154.13.145 port 48746 [preauth]
May  7 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Invalid user user from 217.154.13.145
May  7 01:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: input_userauth_request: invalid user user [preauth]
May  7 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Failed password for invalid user user from 217.154.13.145 port 36684 ssh2
May  7 01:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31178]: Connection closed by 217.154.13.145 port 36684 [preauth]
May  7 01:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29817]: pam_unix(cron:session): session closed for user root
May  7 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Failed password for root from 217.154.13.145 port 36696 ssh2
May  7 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Connection closed by 217.154.13.145 port 36696 [preauth]
May  7 01:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Invalid user svnuser from 217.154.13.145
May  7 01:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: input_userauth_request: invalid user svnuser [preauth]
May  7 01:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Failed password for invalid user svnuser from 217.154.13.145 port 41358 ssh2
May  7 01:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31219]: Connection closed by 217.154.13.145 port 41358 [preauth]
May  7 01:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Invalid user ftpuser from 217.154.13.145
May  7 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: input_userauth_request: invalid user ftpuser [preauth]
May  7 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Invalid user solr from 154.221.25.33
May  7 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: input_userauth_request: invalid user solr [preauth]
May  7 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Failed password for invalid user ftpuser from 217.154.13.145 port 41360 ssh2
May  7 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Connection closed by 217.154.13.145 port 41360 [preauth]
May  7 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Failed password for invalid user solr from 154.221.25.33 port 50570 ssh2
May  7 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Received disconnect from 154.221.25.33 port 50570:11: Bye Bye [preauth]
May  7 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Disconnected from 154.221.25.33 port 50570 [preauth]
May  7 01:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Invalid user ubuntu from 217.154.13.145
May  7 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: input_userauth_request: invalid user ubuntu [preauth]
May  7 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Failed password for invalid user ubuntu from 217.154.13.145 port 55170 ssh2
May  7 01:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31256]: Connection closed by 217.154.13.145 port 55170 [preauth]
May  7 01:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31259]: Failed password for root from 217.154.13.145 port 55184 ssh2
May  7 01:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31259]: Connection closed by 217.154.13.145 port 55184 [preauth]
May  7 01:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Invalid user esadmin from 217.154.13.145
May  7 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: input_userauth_request: invalid user esadmin [preauth]
May  7 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Failed password for invalid user esadmin from 217.154.13.145 port 55200 ssh2
May  7 01:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Connection closed by 217.154.13.145 port 55200 [preauth]
May  7 01:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: Failed password for root from 217.154.13.145 port 52496 ssh2
May  7 01:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31283]: Connection closed by 217.154.13.145 port 52496 [preauth]
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31303]: pam_unix(cron:session): session closed for user root
May  7 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31298]: pam_unix(cron:session): session closed for user p13x
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31369]: Successful su for rubyman by root
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31369]: + ??? root:rubyman
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343829 of user rubyman.
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31369]: pam_unix(su:session): session closed for user rubyman
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343829.
May  7 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Invalid user flask from 217.154.13.145
May  7 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: input_userauth_request: invalid user flask [preauth]
May  7 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31300]: pam_unix(cron:session): session closed for user root
May  7 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28361]: pam_unix(cron:session): session closed for user root
May  7 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Failed password for invalid user flask from 217.154.13.145 port 52508 ssh2
May  7 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31390]: Connection closed by 217.154.13.145 port 52508 [preauth]
May  7 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31299]: pam_unix(cron:session): session closed for user samftp
May  7 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Invalid user deploy from 217.154.13.145
May  7 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: input_userauth_request: invalid user deploy [preauth]
May  7 01:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Failed password for invalid user deploy from 217.154.13.145 port 58460 ssh2
May  7 01:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31579]: Connection closed by 217.154.13.145 port 58460 [preauth]
May  7 01:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Failed password for root from 217.154.13.145 port 58474 ssh2
May  7 01:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Connection closed by 217.154.13.145 port 58474 [preauth]
May  7 01:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: Failed password for root from 217.154.13.145 port 56878 ssh2
May  7 01:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31610]: Connection closed by 217.154.13.145 port 56878 [preauth]
May  7 01:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: Invalid user oracle from 217.154.13.145
May  7 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: input_userauth_request: invalid user oracle [preauth]
May  7 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: Failed password for invalid user oracle from 217.154.13.145 port 56882 ssh2
May  7 01:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31620]: Connection closed by 217.154.13.145 port 56882 [preauth]
May  7 01:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Invalid user rabbitmq from 217.154.13.145
May  7 01:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: input_userauth_request: invalid user rabbitmq [preauth]
May  7 01:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Failed password for invalid user rabbitmq from 217.154.13.145 port 44602 ssh2
May  7 01:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31656]: Connection closed by 217.154.13.145 port 44602 [preauth]
May  7 01:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Failed password for root from 217.154.13.145 port 44612 ssh2
May  7 01:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31670]: Connection closed by 217.154.13.145 port 44612 [preauth]
May  7 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session closed for user root
May  7 01:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for root from 217.154.13.145 port 55816 ssh2
May  7 01:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Connection closed by 217.154.13.145 port 55816 [preauth]
May  7 01:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: Failed password for root from 217.154.13.145 port 55824 ssh2
May  7 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31724]: Connection closed by 217.154.13.145 port 55824 [preauth]
May  7 01:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Failed password for root from 218.92.0.179 port 58680 ssh2
May  7 01:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Failed password for root from 218.92.0.179 port 58680 ssh2
May  7 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for root from 217.154.13.145 port 55834 ssh2
May  7 01:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 217.154.13.145 port 55834 [preauth]
May  7 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Failed password for root from 218.92.0.179 port 58680 ssh2
May  7 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Received disconnect from 218.92.0.179 port 58680:11:  [preauth]
May  7 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: Disconnected from 218.92.0.179 port 58680 [preauth]
May  7 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31726]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: Invalid user wang from 217.154.13.145
May  7 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: input_userauth_request: invalid user wang [preauth]
May  7 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: Failed password for invalid user wang from 217.154.13.145 port 50738 ssh2
May  7 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31752]: Connection closed by 217.154.13.145 port 50738 [preauth]
May  7 01:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Invalid user hadoop from 217.154.13.145
May  7 01:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: input_userauth_request: invalid user hadoop [preauth]
May  7 01:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Failed password for invalid user hadoop from 217.154.13.145 port 50744 ssh2
May  7 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31763]: Connection closed by 217.154.13.145 port 50744 [preauth]
May  7 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Failed password for root from 217.154.13.145 port 58912 ssh2
May  7 01:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Connection closed by 217.154.13.145 port 58912 [preauth]
May  7 01:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: Invalid user elasticsearch from 217.154.13.145
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session closed for user p13x
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: Successful su for rubyman by root
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: + ??? root:rubyman
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343831 of user rubyman.
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31856]: pam_unix(su:session): session closed for user rubyman
May  7 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343831.
May  7 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: Failed password for invalid user elasticsearch from 217.154.13.145 port 58916 ssh2
May  7 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31785]: Connection closed by 217.154.13.145 port 58916 [preauth]
May  7 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28800]: pam_unix(cron:session): session closed for user root
May  7 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: User ftp from 217.154.13.145 not allowed because not listed in AllowUsers
May  7 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: input_userauth_request: invalid user ftp [preauth]
May  7 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=ftp
May  7 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session closed for user samftp
May  7 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Failed password for invalid user ftp from 217.154.13.145 port 46728 ssh2
May  7 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32309]: Connection closed by 217.154.13.145 port 46728 [preauth]
May  7 01:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Invalid user uftp from 217.154.13.145
May  7 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: input_userauth_request: invalid user uftp [preauth]
May  7 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Failed password for invalid user uftp from 217.154.13.145 port 46732 ssh2
May  7 01:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Connection closed by 217.154.13.145 port 46732 [preauth]
May  7 01:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: Invalid user awsgui from 217.154.13.145
May  7 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: input_userauth_request: invalid user awsgui [preauth]
May  7 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: Failed password for invalid user awsgui from 217.154.13.145 port 48568 ssh2
May  7 01:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32359]: Connection closed by 217.154.13.145 port 48568 [preauth]
May  7 01:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Invalid user dolphinscheduler from 217.154.13.145
May  7 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Failed password for invalid user dolphinscheduler from 217.154.13.145 port 48584 ssh2
May  7 01:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32376]: Connection closed by 217.154.13.145 port 48584 [preauth]
May  7 01:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Failed password for root from 217.154.13.145 port 48594 ssh2
May  7 01:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32395]: Connection closed by 217.154.13.145 port 48594 [preauth]
May  7 01:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Invalid user yarn from 217.154.13.145
May  7 01:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: input_userauth_request: invalid user yarn [preauth]
May  7 01:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Failed password for invalid user yarn from 217.154.13.145 port 59370 ssh2
May  7 01:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Connection closed by 217.154.13.145 port 59370 [preauth]
May  7 01:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Invalid user test2 from 217.154.13.145
May  7 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: input_userauth_request: invalid user test2 [preauth]
May  7 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session closed for user root
May  7 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Failed password for invalid user test2 from 217.154.13.145 port 59372 ssh2
May  7 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Connection closed by 217.154.13.145 port 59372 [preauth]
May  7 01:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Invalid user oracle from 217.154.13.145
May  7 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: input_userauth_request: invalid user oracle [preauth]
May  7 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Failed password for invalid user oracle from 217.154.13.145 port 44696 ssh2
May  7 01:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32465]: Connection closed by 217.154.13.145 port 44696 [preauth]
May  7 01:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Invalid user guest from 217.154.13.145
May  7 01:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: input_userauth_request: invalid user guest [preauth]
May  7 01:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Failed password for invalid user guest from 217.154.13.145 port 44708 ssh2
May  7 01:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32469]: Connection closed by 217.154.13.145 port 44708 [preauth]
May  7 01:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Invalid user wang from 217.154.13.145
May  7 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: input_userauth_request: invalid user wang [preauth]
May  7 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Failed password for invalid user wang from 217.154.13.145 port 33096 ssh2
May  7 01:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32493]: Connection closed by 217.154.13.145 port 33096 [preauth]
May  7 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: Invalid user www from 217.154.13.145
May  7 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: input_userauth_request: invalid user www [preauth]
May  7 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: Failed password for invalid user www from 217.154.13.145 port 33124 ssh2
May  7 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32504]: Connection closed by 217.154.13.145 port 33124 [preauth]
May  7 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Failed password for root from 217.154.13.145 port 33134 ssh2
May  7 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32517]: Connection closed by 217.154.13.145 port 33134 [preauth]
May  7 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Invalid user nexus from 217.154.13.145
May  7 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: input_userauth_request: invalid user nexus [preauth]
May  7 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Failed password for invalid user nexus from 217.154.13.145 port 46954 ssh2
May  7 01:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32529]: Connection closed by 217.154.13.145 port 46954 [preauth]
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32537]: pam_unix(cron:session): session closed for user p13x
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Invalid user geoeast from 64.227.130.206
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: input_userauth_request: invalid user geoeast [preauth]
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: Successful su for rubyman by root
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: + ??? root:rubyman
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343836 of user rubyman.
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32614]: pam_unix(su:session): session closed for user rubyman
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343836.
May  7 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Invalid user app from 217.154.13.145
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: input_userauth_request: invalid user app [preauth]
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Failed password for invalid user geoeast from 64.227.130.206 port 46904 ssh2
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Received disconnect from 64.227.130.206 port 46904:11: Bye Bye [preauth]
May  7 01:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32532]: Disconnected from 64.227.130.206 port 46904 [preauth]
May  7 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29376]: pam_unix(cron:session): session closed for user root
May  7 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Failed password for invalid user app from 217.154.13.145 port 46966 ssh2
May  7 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32723]: Connection closed by 217.154.13.145 port 46966 [preauth]
May  7 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32538]: pam_unix(cron:session): session closed for user samftp
May  7 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: Invalid user nvidia from 217.154.13.145
May  7 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: input_userauth_request: invalid user nvidia [preauth]
May  7 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: Failed password for invalid user nvidia from 217.154.13.145 port 41474 ssh2
May  7 01:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[492]: Connection closed by 217.154.13.145 port 41474 [preauth]
May  7 01:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Failed password for root from 217.154.13.145 port 41490 ssh2
May  7 01:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[508]: Connection closed by 217.154.13.145 port 41490 [preauth]
May  7 01:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145  user=root
May  7 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Failed password for root from 217.154.13.145 port 44240 ssh2
May  7 01:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Connection closed by 217.154.13.145 port 44240 [preauth]
May  7 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: Invalid user es from 217.154.13.145
May  7 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: input_userauth_request: invalid user es [preauth]
May  7 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: Failed password for invalid user es from 217.154.13.145 port 44256 ssh2
May  7 01:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[550]: Connection closed by 217.154.13.145 port 44256 [preauth]
May  7 01:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Invalid user sugi from 217.154.13.145
May  7 01:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: input_userauth_request: invalid user sugi [preauth]
May  7 01:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.154.13.145
May  7 01:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Failed password for invalid user sugi from 217.154.13.145 port 50800 ssh2
May  7 01:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[572]: Connection closed by 217.154.13.145 port 50800 [preauth]
May  7 01:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31302]: pam_unix(cron:session): session closed for user root
May  7 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Failed password for root from 218.92.0.111 port 42298 ssh2
May  7 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 42298 ssh2]
May  7 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Received disconnect from 218.92.0.111 port 42298:11:  [preauth]
May  7 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: Disconnected from 218.92.0.111 port 42298 [preauth]
May  7 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[586]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Failed password for root from 218.92.0.111 port 55586 ssh2
May  7 01:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 55586 ssh2]
May  7 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Received disconnect from 218.92.0.111 port 55586:11:  [preauth]
May  7 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Disconnected from 218.92.0.111 port 55586 [preauth]
May  7 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session closed for user p13x
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[764]: Successful su for rubyman by root
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[764]: + ??? root:rubyman
May  7 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343839 of user rubyman.
May  7 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[764]: pam_unix(su:session): session closed for user rubyman
May  7 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343839.
May  7 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29816]: pam_unix(cron:session): session closed for user root
May  7 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session closed for user samftp
May  7 01:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 01:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Failed password for root from 218.92.0.111 port 47630 ssh2
May  7 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 47630 ssh2]
May  7 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Received disconnect from 218.92.0.111 port 47630:11:  [preauth]
May  7 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Disconnected from 218.92.0.111 port 47630 [preauth]
May  7 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session closed for user root
May  7 01:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Invalid user ddd from 130.195.9.205
May  7 01:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: input_userauth_request: invalid user ddd [preauth]
May  7 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 01:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Failed password for invalid user ddd from 130.195.9.205 port 46122 ssh2
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session closed for user p13x
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1246]: Successful su for rubyman by root
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1246]: + ??? root:rubyman
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343843 of user rubyman.
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1246]: pam_unix(su:session): session closed for user rubyman
May  7 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343843.
May  7 01:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session closed for user root
May  7 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session closed for user samftp
May  7 01:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Connection closed by 130.195.9.205 port 46122 [preauth]
May  7 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[619]: Connection reset by 218.92.0.111 port 60836 [preauth]
May  7 01:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32540]: pam_unix(cron:session): session closed for user root
May  7 01:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1584]: Failed password for root from 218.92.0.205 port 18940 ssh2
May  7 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Invalid user paulo from 154.221.25.33
May  7 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: input_userauth_request: invalid user paulo [preauth]
May  7 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Failed password for invalid user paulo from 154.221.25.33 port 45848 ssh2
May  7 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Received disconnect from 154.221.25.33 port 45848:11: Bye Bye [preauth]
May  7 01:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1623]: Disconnected from 154.221.25.33 port 45848 [preauth]
May  7 01:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1651]: pam_unix(cron:session): session closed for user root
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1645]: pam_unix(cron:session): session closed for user p13x
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: Successful su for rubyman by root
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: + ??? root:rubyman
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343850 of user rubyman.
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1739]: pam_unix(su:session): session closed for user rubyman
May  7 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343850.
May  7 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1647]: pam_unix(cron:session): session closed for user root
May  7 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session closed for user root
May  7 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1646]: pam_unix(cron:session): session closed for user samftp
May  7 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[701]: pam_unix(cron:session): session closed for user root
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session closed for user p13x
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: Successful su for rubyman by root
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: + ??? root:rubyman
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343853 of user rubyman.
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: pam_unix(su:session): session closed for user rubyman
May  7 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343853.
May  7 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31301]: pam_unix(cron:session): session closed for user root
May  7 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2197]: pam_unix(cron:session): session closed for user samftp
May  7 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session closed for user root
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2643]: pam_unix(cron:session): session closed for user p13x
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2718]: Successful su for rubyman by root
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2718]: + ??? root:rubyman
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343857 of user rubyman.
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2718]: pam_unix(su:session): session closed for user rubyman
May  7 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343857.
May  7 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session closed for user root
May  7 01:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2644]: pam_unix(cron:session): session closed for user samftp
May  7 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179  user=root
May  7 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: Failed password for root from 199.188.103.179 port 59284 ssh2
May  7 01:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2923]: Connection closed by 199.188.103.179 port 59284 [preauth]
May  7 01:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Invalid user smart from 64.227.130.206
May  7 01:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: input_userauth_request: invalid user smart [preauth]
May  7 01:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1649]: pam_unix(cron:session): session closed for user root
May  7 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Failed password for invalid user smart from 64.227.130.206 port 52404 ssh2
May  7 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Received disconnect from 64.227.130.206 port 52404:11: Bye Bye [preauth]
May  7 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2982]: Disconnected from 64.227.130.206 port 52404 [preauth]
May  7 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Failed password for root from 218.92.0.233 port 36702 ssh2
May  7 01:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 36702 ssh2]
May  7 01:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Received disconnect from 218.92.0.233 port 36702:11:  [preauth]
May  7 01:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: Disconnected from 218.92.0.233 port 36702 [preauth]
May  7 01:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3038]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Failed password for root from 218.92.0.233 port 29666 ssh2
May  7 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 29666 ssh2]
May  7 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Received disconnect from 218.92.0.233 port 29666:11:  [preauth]
May  7 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: Disconnected from 218.92.0.233 port 29666 [preauth]
May  7 01:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session closed for user p13x
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: Successful su for rubyman by root
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: + ??? root:rubyman
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343862 of user rubyman.
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3142]: pam_unix(su:session): session closed for user rubyman
May  7 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343862.
May  7 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Failed password for root from 218.92.0.233 port 29680 ssh2
May  7 01:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Failed password for root from 218.92.0.233 port 29680 ssh2
May  7 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32539]: pam_unix(cron:session): session closed for user root
May  7 01:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session closed for user samftp
May  7 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Failed password for root from 218.92.0.233 port 29680 ssh2
May  7 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Received disconnect from 218.92.0.233 port 29680:11:  [preauth]
May  7 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Disconnected from 218.92.0.233 port 29680 [preauth]
May  7 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session closed for user root
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3509]: pam_unix(cron:session): session closed for user p13x
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3603]: Successful su for rubyman by root
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3603]: + ??? root:rubyman
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343866 of user rubyman.
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3603]: pam_unix(su:session): session closed for user rubyman
May  7 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343866.
May  7 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session closed for user root
May  7 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3510]: pam_unix(cron:session): session closed for user samftp
May  7 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session closed for user root
May  7 01:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Invalid user xiaoming from 193.70.84.184
May  7 01:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: input_userauth_request: invalid user xiaoming [preauth]
May  7 01:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  7 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Failed password for invalid user xiaoming from 193.70.84.184 port 44180 ssh2
May  7 01:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3933]: Connection closed by 193.70.84.184 port 44180 [preauth]
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3943]: pam_unix(cron:session): session closed for user root
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3937]: pam_unix(cron:session): session closed for user p13x
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4041]: Successful su for rubyman by root
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4041]: + ??? root:rubyman
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343871 of user rubyman.
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4041]: pam_unix(su:session): session closed for user rubyman
May  7 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343871.
May  7 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3939]: pam_unix(cron:session): session closed for user root
May  7 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Invalid user grace from 154.221.25.33
May  7 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: input_userauth_request: invalid user grace [preauth]
May  7 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session closed for user root
May  7 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Failed password for invalid user grace from 154.221.25.33 port 57100 ssh2
May  7 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3938]: pam_unix(cron:session): session closed for user samftp
May  7 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Received disconnect from 154.221.25.33 port 57100:11: Bye Bye [preauth]
May  7 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4142]: Disconnected from 154.221.25.33 port 57100 [preauth]
May  7 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3080]: pam_unix(cron:session): session closed for user root
May  7 01:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: Failed password for root from 194.0.234.19 port 51928 ssh2
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4564]: Connection closed by 194.0.234.19 port 51928 [preauth]
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session closed for user p13x
May  7 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: Successful su for rubyman by root
May  7 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: + ??? root:rubyman
May  7 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343876 of user rubyman.
May  7 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: pam_unix(su:session): session closed for user rubyman
May  7 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343876.
May  7 01:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1648]: pam_unix(cron:session): session closed for user root
May  7 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session closed for user samftp
May  7 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session closed for user root
May  7 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session closed for user p13x
May  7 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: Successful su for rubyman by root
May  7 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: + ??? root:rubyman
May  7 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343881 of user rubyman.
May  7 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5254]: pam_unix(su:session): session closed for user rubyman
May  7 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343881.
May  7 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session closed for user root
May  7 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5182]: pam_unix(cron:session): session closed for user samftp
May  7 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3942]: pam_unix(cron:session): session closed for user root
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5654]: pam_unix(cron:session): session closed for user p13x
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5717]: Successful su for rubyman by root
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5717]: + ??? root:rubyman
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343883 of user rubyman.
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5717]: pam_unix(su:session): session closed for user rubyman
May  7 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343883.
May  7 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2645]: pam_unix(cron:session): session closed for user root
May  7 01:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5655]: pam_unix(cron:session): session closed for user samftp
May  7 01:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Invalid user neolinux from 64.227.130.206
May  7 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: input_userauth_request: invalid user neolinux [preauth]
May  7 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Failed password for invalid user neolinux from 64.227.130.206 port 34542 ssh2
May  7 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Received disconnect from 64.227.130.206 port 34542:11: Bye Bye [preauth]
May  7 01:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Disconnected from 64.227.130.206 port 34542 [preauth]
May  7 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session closed for user root
May  7 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6164]: pam_unix(cron:session): session closed for user p13x
May  7 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6229]: Successful su for rubyman by root
May  7 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6229]: + ??? root:rubyman
May  7 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343889 of user rubyman.
May  7 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6229]: pam_unix(su:session): session closed for user rubyman
May  7 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343889.
May  7 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session closed for user root
May  7 01:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6165]: pam_unix(cron:session): session closed for user samftp
May  7 01:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Failed password for root from 218.92.0.179 port 64677 ssh2
May  7 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 64677 ssh2]
May  7 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Received disconnect from 218.92.0.179 port 64677:11:  [preauth]
May  7 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Disconnected from 218.92.0.179 port 64677 [preauth]
May  7 01:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session closed for user root
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6567]: pam_unix(cron:session): session closed for user root
May  7 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6562]: pam_unix(cron:session): session closed for user p13x
May  7 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: Successful su for rubyman by root
May  7 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: + ??? root:rubyman
May  7 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343892 of user rubyman.
May  7 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: pam_unix(su:session): session closed for user rubyman
May  7 01:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343892.
May  7 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6564]: pam_unix(cron:session): session closed for user root
May  7 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session closed for user root
May  7 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6563]: pam_unix(cron:session): session closed for user samftp
May  7 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Invalid user admin from 80.94.95.112
May  7 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: input_userauth_request: invalid user admin [preauth]
May  7 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user admin from 80.94.95.112 port 55177 ssh2
May  7 01:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user admin from 80.94.95.112 port 55177 ssh2
May  7 01:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user admin from 80.94.95.112 port 55177 ssh2
May  7 01:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user admin from 80.94.95.112 port 55177 ssh2
May  7 01:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user admin from 80.94.95.112 port 55177 ssh2
May  7 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Received disconnect from 80.94.95.112 port 55177:11: Bye [preauth]
May  7 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Disconnected from 80.94.95.112 port 55177 [preauth]
May  7 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 01:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: Invalid user superuser from 154.221.25.33
May  7 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: input_userauth_request: invalid user superuser [preauth]
May  7 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 01:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: Failed password for invalid user superuser from 154.221.25.33 port 49894 ssh2
May  7 01:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: Received disconnect from 154.221.25.33 port 49894:11: Bye Bye [preauth]
May  7 01:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6996]: Disconnected from 154.221.25.33 port 49894 [preauth]
May  7 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5657]: pam_unix(cron:session): session closed for user root
May  7 01:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Invalid user sebastian from 190.103.202.7
May  7 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: input_userauth_request: invalid user sebastian [preauth]
May  7 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Failed password for invalid user sebastian from 190.103.202.7 port 41276 ssh2
May  7 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7041]: Connection closed by 190.103.202.7 port 41276 [preauth]
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session closed for user p13x
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7190]: Successful su for rubyman by root
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7190]: + ??? root:rubyman
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343899 of user rubyman.
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7190]: pam_unix(su:session): session closed for user rubyman
May  7 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343899.
May  7 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3941]: pam_unix(cron:session): session closed for user root
May  7 01:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user samftp
May  7 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6167]: pam_unix(cron:session): session closed for user root
May  7 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7628]: pam_unix(cron:session): session closed for user p13x
May  7 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7698]: Successful su for rubyman by root
May  7 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7698]: + ??? root:rubyman
May  7 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343901 of user rubyman.
May  7 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7698]: pam_unix(su:session): session closed for user rubyman
May  7 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343901.
May  7 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session closed for user root
May  7 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7631]: pam_unix(cron:session): session closed for user samftp
May  7 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Invalid user usuario from 80.94.95.125
May  7 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: input_userauth_request: invalid user usuario [preauth]
May  7 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for invalid user usuario from 80.94.95.125 port 20436 ssh2
May  7 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6566]: pam_unix(cron:session): session closed for user root
May  7 01:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for invalid user usuario from 80.94.95.125 port 20436 ssh2
May  7 01:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for invalid user usuario from 80.94.95.125 port 20436 ssh2
May  7 01:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for invalid user usuario from 80.94.95.125 port 20436 ssh2
May  7 01:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Failed password for invalid user usuario from 80.94.95.125 port 20436 ssh2
May  7 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Received disconnect from 80.94.95.125 port 20436:11: Bye [preauth]
May  7 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: Disconnected from 80.94.95.125 port 20436 [preauth]
May  7 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 01:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7961]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8051]: pam_unix(cron:session): session closed for user p13x
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8125]: Successful su for rubyman by root
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8125]: + ??? root:rubyman
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343907 of user rubyman.
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8125]: pam_unix(su:session): session closed for user rubyman
May  7 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343907.
May  7 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5183]: pam_unix(cron:session): session closed for user root
May  7 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session closed for user samftp
May  7 01:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Failed password for root from 218.92.0.220 port 55300 ssh2
May  7 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 55300 ssh2]
May  7 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Received disconnect from 218.92.0.220 port 55300:11:  [preauth]
May  7 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: Disconnected from 218.92.0.220 port 55300 [preauth]
May  7 01:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8276]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 01:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7123]: pam_unix(cron:session): session closed for user root
May  7 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Invalid user paulo from 64.227.130.206
May  7 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: input_userauth_request: invalid user paulo [preauth]
May  7 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Failed password for invalid user paulo from 64.227.130.206 port 55304 ssh2
May  7 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Received disconnect from 64.227.130.206 port 55304:11: Bye Bye [preauth]
May  7 01:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8450]: Disconnected from 64.227.130.206 port 55304 [preauth]
May  7 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Did not receive identification string from 2.57.122.57
May  7 01:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8486]: pam_unix(cron:session): session closed for user p13x
May  7 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: Successful su for rubyman by root
May  7 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: + ??? root:rubyman
May  7 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343910 of user rubyman.
May  7 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8557]: pam_unix(su:session): session closed for user rubyman
May  7 01:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343910.
May  7 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Invalid user ggg from 130.195.9.205
May  7 01:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: input_userauth_request: invalid user ggg [preauth]
May  7 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5656]: pam_unix(cron:session): session closed for user root
May  7 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): check pass; user unknown
May  7 01:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.9.205
May  7 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8487]: pam_unix(cron:session): session closed for user samftp
May  7 01:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Failed password for invalid user ggg from 130.195.9.205 port 42566 ssh2
May  7 01:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Connection closed by 130.195.9.205 port 42566 [preauth]
May  7 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7633]: pam_unix(cron:session): session closed for user root
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session closed for user root
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session closed for user root
May  7 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8906]: pam_unix(cron:session): session closed for user p13x
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9012]: Successful su for rubyman by root
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9012]: + ??? root:rubyman
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343915 of user rubyman.
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9012]: pam_unix(su:session): session closed for user rubyman
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343915.
May  7 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6166]: pam_unix(cron:session): session closed for user root
May  7 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session closed for user root
May  7 02:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Failed password for root from 218.92.0.111 port 12076 ssh2
May  7 02:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session closed for user samftp
May  7 02:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Failed password for root from 218.92.0.111 port 12076 ssh2
May  7 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Failed password for root from 218.92.0.111 port 12076 ssh2
May  7 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Received disconnect from 218.92.0.111 port 12076:11:  [preauth]
May  7 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: Disconnected from 218.92.0.111 port 12076 [preauth]
May  7 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9045]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9360]: Failed password for root from 218.92.0.111 port 32372 ssh2
May  7 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session closed for user root
May  7 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: Invalid user crap from 154.221.25.33
May  7 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: input_userauth_request: invalid user crap [preauth]
May  7 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: Failed password for invalid user crap from 154.221.25.33 port 34344 ssh2
May  7 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: Received disconnect from 154.221.25.33 port 34344:11: Bye Bye [preauth]
May  7 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9494]: Disconnected from 154.221.25.33 port 34344 [preauth]
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9536]: pam_unix(cron:session): session closed for user p13x
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: Successful su for rubyman by root
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: + ??? root:rubyman
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343920 of user rubyman.
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9600]: pam_unix(su:session): session closed for user rubyman
May  7 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343920.
May  7 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6565]: pam_unix(cron:session): session closed for user root
May  7 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9537]: pam_unix(cron:session): session closed for user samftp
May  7 02:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8489]: pam_unix(cron:session): session closed for user root
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9947]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9947]: pam_unix(cron:session): session closed for user p13x
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10009]: Successful su for rubyman by root
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10009]: + ??? root:rubyman
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343924 of user rubyman.
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10009]: pam_unix(su:session): session closed for user rubyman
May  7 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343924.
May  7 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7122]: pam_unix(cron:session): session closed for user root
May  7 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9948]: pam_unix(cron:session): session closed for user samftp
May  7 02:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 02:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Failed password for root from 218.92.0.226 port 24606 ssh2
May  7 02:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10301]: Failed password for root from 164.68.105.9 port 38264 ssh2
May  7 02:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10301]: Connection closed by 164.68.105.9 port 38264 [preauth]
May  7 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Received disconnect from 218.92.0.226 port 24606:11:  [preauth]
May  7 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10191]: Disconnected from 218.92.0.226 port 24606 [preauth]
May  7 02:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session closed for user root
May  7 02:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10450]: pam_unix(cron:session): session closed for user p13x
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: Successful su for rubyman by root
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: + ??? root:rubyman
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343930 of user rubyman.
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10515]: pam_unix(su:session): session closed for user rubyman
May  7 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343930.
May  7 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7632]: pam_unix(cron:session): session closed for user root
May  7 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10451]: pam_unix(cron:session): session closed for user samftp
May  7 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9539]: pam_unix(cron:session): session closed for user root
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10911]: pam_unix(cron:session): session closed for user p13x
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10968]: Successful su for rubyman by root
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10968]: + ??? root:rubyman
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343932 of user rubyman.
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10968]: pam_unix(su:session): session closed for user rubyman
May  7 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343932.
May  7 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session closed for user root
May  7 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10912]: pam_unix(cron:session): session closed for user samftp
May  7 02:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Invalid user superuser from 64.227.130.206
May  7 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: input_userauth_request: invalid user superuser [preauth]
May  7 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for invalid user superuser from 64.227.130.206 port 59582 ssh2
May  7 02:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Received disconnect from 64.227.130.206 port 59582:11: Bye Bye [preauth]
May  7 02:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Disconnected from 64.227.130.206 port 59582 [preauth]
May  7 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9950]: pam_unix(cron:session): session closed for user root
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user root
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11308]: pam_unix(cron:session): session closed for user p13x
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: Successful su for rubyman by root
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: + ??? root:rubyman
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343941 of user rubyman.
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11374]: pam_unix(su:session): session closed for user rubyman
May  7 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343941.
May  7 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11310]: pam_unix(cron:session): session closed for user root
May  7 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8488]: pam_unix(cron:session): session closed for user root
May  7 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11309]: pam_unix(cron:session): session closed for user samftp
May  7 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Failed password for root from 218.92.0.179 port 32437 ssh2
May  7 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32437 ssh2]
May  7 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Received disconnect from 218.92.0.179 port 32437:11:  [preauth]
May  7 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Disconnected from 218.92.0.179 port 32437 [preauth]
May  7 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10453]: pam_unix(cron:session): session closed for user root
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11738]: pam_unix(cron:session): session closed for user p13x
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: Successful su for rubyman by root
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: + ??? root:rubyman
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343943 of user rubyman.
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11805]: pam_unix(su:session): session closed for user rubyman
May  7 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343943.
May  7 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session closed for user root
May  7 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11739]: pam_unix(cron:session): session closed for user samftp
May  7 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Invalid user ken from 154.221.25.33
May  7 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: input_userauth_request: invalid user ken [preauth]
May  7 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Failed password for invalid user ken from 154.221.25.33 port 35406 ssh2
May  7 02:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Received disconnect from 154.221.25.33 port 35406:11: Bye Bye [preauth]
May  7 02:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11985]: Disconnected from 154.221.25.33 port 35406 [preauth]
May  7 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10914]: pam_unix(cron:session): session closed for user root
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12128]: pam_unix(cron:session): session closed for user p13x
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: Successful su for rubyman by root
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: + ??? root:rubyman
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343947 of user rubyman.
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12187]: pam_unix(su:session): session closed for user rubyman
May  7 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343947.
May  7 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9538]: pam_unix(cron:session): session closed for user root
May  7 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12129]: pam_unix(cron:session): session closed for user samftp
May  7 02:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user root
May  7 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12527]: pam_unix(cron:session): session closed for user p13x
May  7 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12595]: Successful su for rubyman by root
May  7 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12595]: + ??? root:rubyman
May  7 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343951 of user rubyman.
May  7 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12595]: pam_unix(su:session): session closed for user rubyman
May  7 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343951.
May  7 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9949]: pam_unix(cron:session): session closed for user root
May  7 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12528]: pam_unix(cron:session): session closed for user samftp
May  7 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: Did not receive identification string from 111.91.19.227
May  7 02:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 02:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Failed password for root from 218.92.0.231 port 64560 ssh2
May  7 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session closed for user root
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12920]: pam_unix(cron:session): session closed for user p13x
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: Successful su for rubyman by root
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: + ??? root:rubyman
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343954 of user rubyman.
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: pam_unix(su:session): session closed for user rubyman
May  7 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343954.
May  7 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12918]: pam_unix(cron:session): session closed for user root
May  7 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10452]: pam_unix(cron:session): session closed for user root
May  7 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12921]: pam_unix(cron:session): session closed for user samftp
May  7 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12131]: pam_unix(cron:session): session closed for user root
May  7 02:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Invalid user grace from 64.227.130.206
May  7 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: input_userauth_request: invalid user grace [preauth]
May  7 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Failed password for invalid user grace from 64.227.130.206 port 38586 ssh2
May  7 02:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Received disconnect from 64.227.130.206 port 38586:11: Bye Bye [preauth]
May  7 02:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Disconnected from 64.227.130.206 port 38586 [preauth]
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13417]: pam_unix(cron:session): session closed for user root
May  7 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13411]: pam_unix(cron:session): session closed for user p13x
May  7 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13576]: Successful su for rubyman by root
May  7 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13576]: + ??? root:rubyman
May  7 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343960 of user rubyman.
May  7 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13576]: pam_unix(su:session): session closed for user rubyman
May  7 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343960.
May  7 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13414]: pam_unix(cron:session): session closed for user root
May  7 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10913]: pam_unix(cron:session): session closed for user root
May  7 02:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13412]: pam_unix(cron:session): session closed for user samftp
May  7 02:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session closed for user root
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user p13x
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: Successful su for rubyman by root
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: + ??? root:rubyman
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343967 of user rubyman.
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14014]: pam_unix(su:session): session closed for user rubyman
May  7 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343967.
May  7 02:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11311]: pam_unix(cron:session): session closed for user root
May  7 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13945]: pam_unix(cron:session): session closed for user samftp
May  7 02:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Invalid user nodered from 154.221.25.33
May  7 02:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: input_userauth_request: invalid user nodered [preauth]
May  7 02:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Failed password for invalid user nodered from 154.221.25.33 port 43114 ssh2
May  7 02:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Received disconnect from 154.221.25.33 port 43114:11: Bye Bye [preauth]
May  7 02:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14258]: Disconnected from 154.221.25.33 port 43114 [preauth]
May  7 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12923]: pam_unix(cron:session): session closed for user root
May  7 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Invalid user admin from 80.94.95.241
May  7 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: input_userauth_request: invalid user admin [preauth]
May  7 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session closed for user p13x
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: Successful su for rubyman by root
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: + ??? root:rubyman
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343970 of user rubyman.
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14417]: pam_unix(su:session): session closed for user rubyman
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343970.
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user admin from 80.94.95.241 port 61958 ssh2
May  7 02:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11740]: pam_unix(cron:session): session closed for user root
May  7 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user admin from 80.94.95.241 port 61958 ssh2
May  7 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user admin from 80.94.95.241 port 61958 ssh2
May  7 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session closed for user samftp
May  7 02:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user admin from 80.94.95.241 port 61958 ssh2
May  7 02:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user admin from 80.94.95.241 port 61958 ssh2
May  7 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Received disconnect from 80.94.95.241 port 61958:11: Bye [preauth]
May  7 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Disconnected from 80.94.95.241 port 61958 [preauth]
May  7 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 02:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Invalid user username from 194.0.234.19
May  7 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: input_userauth_request: invalid user username [preauth]
May  7 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 02:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Failed password for invalid user username from 194.0.234.19 port 47386 ssh2
May  7 02:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14648]: Connection closed by 194.0.234.19 port 47386 [preauth]
May  7 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session closed for user root
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14766]: pam_unix(cron:session): session closed for user p13x
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14826]: Successful su for rubyman by root
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14826]: + ??? root:rubyman
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343975 of user rubyman.
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14826]: pam_unix(su:session): session closed for user rubyman
May  7 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343975.
May  7 02:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12130]: pam_unix(cron:session): session closed for user root
May  7 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14767]: pam_unix(cron:session): session closed for user samftp
May  7 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user root
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user p13x
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: Successful su for rubyman by root
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: + ??? root:rubyman
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343978 of user rubyman.
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: pam_unix(su:session): session closed for user rubyman
May  7 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343978.
May  7 02:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12529]: pam_unix(cron:session): session closed for user root
May  7 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user samftp
May  7 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user root
May  7 02:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session closed for user root
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user p13x
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15623]: Successful su for rubyman by root
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15623]: + ??? root:rubyman
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343981 of user rubyman.
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15623]: pam_unix(su:session): session closed for user rubyman
May  7 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343981.
May  7 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12922]: pam_unix(cron:session): session closed for user root
May  7 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session closed for user root
May  7 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session closed for user samftp
May  7 02:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Invalid user ken from 64.227.130.206
May  7 02:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: input_userauth_request: invalid user ken [preauth]
May  7 02:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user ken from 64.227.130.206 port 48570 ssh2
May  7 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Received disconnect from 64.227.130.206 port 48570:11: Bye Bye [preauth]
May  7 02:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Disconnected from 64.227.130.206 port 48570 [preauth]
May  7 02:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14769]: pam_unix(cron:session): session closed for user root
May  7 02:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Failed password for root from 218.92.0.207 port 52764 ssh2
May  7 02:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 52764 ssh2]
May  7 02:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 52764 ssh2 [preauth]
May  7 02:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: Disconnecting: Too many authentication failures [preauth]
May  7 02:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 02:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15897]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 02:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 218.92.0.207 port 17398 ssh2
May  7 02:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 02:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 218.92.0.207 port 17398 ssh2
May  7 02:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for root from 80.94.95.29 port 26253 ssh2
May  7 02:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for root from 80.94.95.29 port 26253 ssh2
May  7 02:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 218.92.0.207 port 17398 ssh2
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15982]: pam_unix(cron:session): session closed for user p13x
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for root from 80.94.95.29 port 26253 ssh2
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: Successful su for rubyman by root
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: + ??? root:rubyman
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343988 of user rubyman.
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: pam_unix(su:session): session closed for user rubyman
May  7 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343988.
May  7 02:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 218.92.0.207 port 17398 ssh2
May  7 02:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for root from 80.94.95.29 port 26253 ssh2
May  7 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session closed for user root
May  7 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 218.92.0.207 port 17398 ssh2
May  7 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15983]: pam_unix(cron:session): session closed for user samftp
May  7 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Failed password for root from 80.94.95.29 port 26253 ssh2
May  7 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Received disconnect from 80.94.95.29 port 26253:11: Bye [preauth]
May  7 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: Disconnected from 80.94.95.29 port 26253 [preauth]
May  7 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15971]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Failed password for root from 218.92.0.207 port 17398 ssh2
May  7 02:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 17398 ssh2 [preauth]
May  7 02:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: Disconnecting: Too many authentication failures [preauth]
May  7 02:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 02:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15961]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 02:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 02:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Failed password for root from 218.92.0.207 port 13280 ssh2
May  7 02:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Received disconnect from 218.92.0.207 port 13280:11:  [preauth]
May  7 02:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16232]: Disconnected from 218.92.0.207 port 13280 [preauth]
May  7 02:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
May  7 02:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Invalid user magazyn from 154.221.25.33
May  7 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: input_userauth_request: invalid user magazyn [preauth]
May  7 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Failed password for invalid user magazyn from 154.221.25.33 port 59456 ssh2
May  7 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Received disconnect from 154.221.25.33 port 59456:11: Bye Bye [preauth]
May  7 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16326]: Disconnected from 154.221.25.33 port 59456 [preauth]
May  7 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user root
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user p13x
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16440]: Successful su for rubyman by root
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16440]: + ??? root:rubyman
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343991 of user rubyman.
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16440]: pam_unix(su:session): session closed for user rubyman
May  7 02:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343991.
May  7 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session closed for user root
May  7 02:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user samftp
May  7 02:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user root
May  7 02:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for root from 218.92.0.235 port 11154 ssh2
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session closed for user p13x
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: Successful su for rubyman by root
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: + ??? root:rubyman
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 343997 of user rubyman.
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16902]: pam_unix(su:session): session closed for user rubyman
May  7 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 343997.
May  7 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for root from 218.92.0.235 port 11154 ssh2
May  7 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session closed for user root
May  7 02:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16817]: Failed password for root from 218.92.0.235 port 11154 ssh2
May  7 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session closed for user samftp
May  7 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15985]: pam_unix(cron:session): session closed for user root
May  7 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17254]: pam_unix(cron:session): session closed for user p13x
May  7 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17318]: Successful su for rubyman by root
May  7 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17318]: + ??? root:rubyman
May  7 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17318]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344000 of user rubyman.
May  7 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17318]: pam_unix(su:session): session closed for user rubyman
May  7 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344000.
May  7 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14768]: pam_unix(cron:session): session closed for user root
May  7 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17255]: pam_unix(cron:session): session closed for user samftp
May  7 02:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session closed for user root
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session closed for user root
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17670]: pam_unix(cron:session): session closed for user p13x
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: Successful su for rubyman by root
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: + ??? root:rubyman
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344008 of user rubyman.
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17745]: pam_unix(su:session): session closed for user rubyman
May  7 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344008.
May  7 02:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17673]: pam_unix(cron:session): session closed for user root
May  7 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session closed for user root
May  7 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17671]: pam_unix(cron:session): session closed for user samftp
May  7 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session closed for user root
May  7 02:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Invalid user magazyn from 64.227.130.206
May  7 02:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: input_userauth_request: invalid user magazyn [preauth]
May  7 02:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18228]: pam_unix(cron:session): session closed for user p13x
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Failed password for invalid user magazyn from 64.227.130.206 port 53636 ssh2
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Received disconnect from 64.227.130.206 port 53636:11: Bye Bye [preauth]
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18217]: Disconnected from 64.227.130.206 port 53636 [preauth]
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: Successful su for rubyman by root
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: + ??? root:rubyman
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344011 of user rubyman.
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18299]: pam_unix(su:session): session closed for user rubyman
May  7 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344011.
May  7 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user root
May  7 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18229]: pam_unix(cron:session): session closed for user samftp
May  7 02:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17257]: pam_unix(cron:session): session closed for user root
May  7 02:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: Invalid user geoeast from 154.221.25.33
May  7 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: input_userauth_request: invalid user geoeast [preauth]
May  7 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18640]: pam_unix(cron:session): session closed for user p13x
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: Successful su for rubyman by root
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: + ??? root:rubyman
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344014 of user rubyman.
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18704]: pam_unix(su:session): session closed for user rubyman
May  7 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344014.
May  7 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: Failed password for invalid user geoeast from 154.221.25.33 port 53838 ssh2
May  7 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: Received disconnect from 154.221.25.33 port 53838:11: Bye Bye [preauth]
May  7 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18637]: Disconnected from 154.221.25.33 port 53838 [preauth]
May  7 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15984]: pam_unix(cron:session): session closed for user root
May  7 02:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18641]: pam_unix(cron:session): session closed for user samftp
May  7 02:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Failed password for root from 218.92.0.222 port 29948 ssh2
May  7 02:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 29948 ssh2]
May  7 02:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Received disconnect from 218.92.0.222 port 29948:11:  [preauth]
May  7 02:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: Disconnected from 218.92.0.222 port 29948 [preauth]
May  7 02:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18858]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 02:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 02:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Failed password for root from 218.92.0.222 port 64480 ssh2
May  7 02:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Invalid user admin from 80.94.95.115
May  7 02:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: input_userauth_request: invalid user admin [preauth]
May  7 02:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 02:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Failed password for root from 218.92.0.222 port 64480 ssh2
May  7 02:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Failed password for invalid user admin from 80.94.95.115 port 62074 ssh2
May  7 02:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18943]: Connection closed by 80.94.95.115 port 62074 [preauth]
May  7 02:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Failed password for root from 218.92.0.222 port 64480 ssh2
May  7 02:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Received disconnect from 218.92.0.222 port 64480:11:  [preauth]
May  7 02:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Disconnected from 218.92.0.222 port 64480 [preauth]
May  7 02:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 02:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 02:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Failed password for root from 218.92.0.222 port 54046 ssh2
May  7 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session closed for user root
May  7 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Failed password for root from 218.92.0.222 port 54046 ssh2
May  7 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Failed password for root from 218.92.0.222 port 54046 ssh2
May  7 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Received disconnect from 218.92.0.222 port 54046:11:  [preauth]
May  7 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Disconnected from 218.92.0.222 port 54046 [preauth]
May  7 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session closed for user p13x
May  7 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: Successful su for rubyman by root
May  7 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: + ??? root:rubyman
May  7 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344018 of user rubyman.
May  7 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19121]: pam_unix(su:session): session closed for user rubyman
May  7 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344018.
May  7 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session closed for user root
May  7 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session closed for user samftp
May  7 02:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session closed for user root
May  7 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19467]: pam_unix(cron:session): session closed for user p13x
May  7 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: Successful su for rubyman by root
May  7 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: + ??? root:rubyman
May  7 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344022 of user rubyman.
May  7 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: pam_unix(su:session): session closed for user rubyman
May  7 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344022.
May  7 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session closed for user root
May  7 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19468]: pam_unix(cron:session): session closed for user samftp
May  7 02:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18643]: pam_unix(cron:session): session closed for user root
May  7 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session closed for user root
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user p13x
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: Successful su for rubyman by root
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: + ??? root:rubyman
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344026 of user rubyman.
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session closed for user rubyman
May  7 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344026.
May  7 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19880]: pam_unix(cron:session): session closed for user root
May  7 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17256]: pam_unix(cron:session): session closed for user root
May  7 02:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19879]: pam_unix(cron:session): session closed for user samftp
May  7 02:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session closed for user root
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20312]: pam_unix(cron:session): session closed for user p13x
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20379]: Successful su for rubyman by root
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20379]: + ??? root:rubyman
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344032 of user rubyman.
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20379]: pam_unix(su:session): session closed for user rubyman
May  7 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344032.
May  7 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session closed for user root
May  7 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20313]: pam_unix(cron:session): session closed for user samftp
May  7 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19471]: pam_unix(cron:session): session closed for user root
May  7 02:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: Invalid user eder from 64.227.130.206
May  7 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: input_userauth_request: invalid user eder [preauth]
May  7 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: Failed password for invalid user eder from 64.227.130.206 port 45654 ssh2
May  7 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: Received disconnect from 64.227.130.206 port 45654:11: Bye Bye [preauth]
May  7 02:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20668]: Disconnected from 64.227.130.206 port 45654 [preauth]
May  7 02:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20722]: pam_unix(cron:session): session closed for user p13x
May  7 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20791]: Successful su for rubyman by root
May  7 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20791]: + ??? root:rubyman
May  7 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344036 of user rubyman.
May  7 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20791]: pam_unix(su:session): session closed for user rubyman
May  7 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344036.
May  7 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18230]: pam_unix(cron:session): session closed for user root
May  7 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20723]: pam_unix(cron:session): session closed for user samftp
May  7 02:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: Invalid user nessus from 154.221.25.33
May  7 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: input_userauth_request: invalid user nessus [preauth]
May  7 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: Failed password for invalid user nessus from 154.221.25.33 port 37922 ssh2
May  7 02:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: Received disconnect from 154.221.25.33 port 37922:11: Bye Bye [preauth]
May  7 02:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21010]: Disconnected from 154.221.25.33 port 37922 [preauth]
May  7 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session closed for user root
May  7 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session closed for user p13x
May  7 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21215]: Successful su for rubyman by root
May  7 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21215]: + ??? root:rubyman
May  7 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344040 of user rubyman.
May  7 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21215]: pam_unix(su:session): session closed for user rubyman
May  7 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344040.
May  7 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18642]: pam_unix(cron:session): session closed for user root
May  7 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21142]: pam_unix(cron:session): session closed for user samftp
May  7 02:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Failed password for root from 158.51.96.38 port 44308 ssh2
May  7 02:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21424]: Connection closed by 158.51.96.38 port 44308 [preauth]
May  7 02:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Failed password for root from 158.51.96.38 port 44324 ssh2
May  7 02:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Connection closed by 158.51.96.38 port 44324 [preauth]
May  7 02:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Failed password for root from 158.51.96.38 port 44328 ssh2
May  7 02:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21437]: Connection closed by 158.51.96.38 port 44328 [preauth]
May  7 02:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: Failed password for root from 158.51.96.38 port 44342 ssh2
May  7 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21452]: Connection closed by 158.51.96.38 port 44342 [preauth]
May  7 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Failed password for root from 158.51.96.38 port 14960 ssh2
May  7 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21463]: Connection closed by 158.51.96.38 port 14960 [preauth]
May  7 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Failed password for root from 158.51.96.38 port 14964 ssh2
May  7 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21465]: Connection closed by 158.51.96.38 port 14964 [preauth]
May  7 02:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Failed password for root from 158.51.96.38 port 14972 ssh2
May  7 02:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21467]: Connection closed by 158.51.96.38 port 14972 [preauth]
May  7 02:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: Failed password for root from 158.51.96.38 port 14984 ssh2
May  7 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21481]: Connection closed by 158.51.96.38 port 14984 [preauth]
May  7 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Failed password for root from 158.51.96.38 port 14990 ssh2
May  7 02:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21496]: Connection closed by 158.51.96.38 port 14990 [preauth]
May  7 02:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Failed password for root from 158.51.96.38 port 2844 ssh2
May  7 02:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Connection closed by 158.51.96.38 port 2844 [preauth]
May  7 02:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20315]: pam_unix(cron:session): session closed for user root
May  7 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Failed password for root from 158.51.96.38 port 2850 ssh2
May  7 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21508]: Connection closed by 158.51.96.38 port 2850 [preauth]
May  7 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: Failed password for root from 158.51.96.38 port 2856 ssh2
May  7 02:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21526]: Connection closed by 158.51.96.38 port 2856 [preauth]
May  7 02:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Failed password for root from 158.51.96.38 port 2858 ssh2
May  7 02:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Connection closed by 158.51.96.38 port 2858 [preauth]
May  7 02:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: Failed password for root from 158.51.96.38 port 2868 ssh2
May  7 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21550]: Connection closed by 158.51.96.38 port 2868 [preauth]
May  7 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Failed password for root from 158.51.96.38 port 40234 ssh2
May  7 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Connection closed by 158.51.96.38 port 40234 [preauth]
May  7 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Failed password for root from 158.51.96.38 port 40246 ssh2
May  7 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21563]: Connection closed by 158.51.96.38 port 40246 [preauth]
May  7 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Failed password for root from 158.51.96.38 port 40254 ssh2
May  7 02:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Connection closed by 158.51.96.38 port 40254 [preauth]
May  7 02:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Failed password for root from 158.51.96.38 port 40258 ssh2
May  7 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21592]: Connection closed by 158.51.96.38 port 40258 [preauth]
May  7 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: Failed password for root from 158.51.96.38 port 52632 ssh2
May  7 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21602]: Connection closed by 158.51.96.38 port 52632 [preauth]
May  7 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Failed password for root from 158.51.96.38 port 52636 ssh2
May  7 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Connection closed by 158.51.96.38 port 52636 [preauth]
May  7 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21607]: Failed password for root from 158.51.96.38 port 52650 ssh2
May  7 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21607]: Connection closed by 158.51.96.38 port 52650 [preauth]
May  7 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Failed password for root from 158.51.96.38 port 52654 ssh2
May  7 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21618]: Connection closed by 158.51.96.38 port 52654 [preauth]
May  7 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: Failed password for root from 158.51.96.38 port 56910 ssh2
May  7 02:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21626]: Connection closed by 158.51.96.38 port 56910 [preauth]
May  7 02:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21640]: pam_unix(cron:session): session closed for user p13x
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21724]: Successful su for rubyman by root
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21724]: + ??? root:rubyman
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344045 of user rubyman.
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21724]: pam_unix(su:session): session closed for user rubyman
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344045.
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Failed password for root from 158.51.96.38 port 56912 ssh2
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21636]: Connection closed by 158.51.96.38 port 56912 [preauth]
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Failed password for root from 158.51.96.38 port 56926 ssh2
May  7 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Connection closed by 158.51.96.38 port 56926 [preauth]
May  7 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user root
May  7 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21642]: pam_unix(cron:session): session closed for user samftp
May  7 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Failed password for root from 158.51.96.38 port 56942 ssh2
May  7 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22148]: Connection closed by 158.51.96.38 port 56942 [preauth]
May  7 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Failed password for root from 158.51.96.38 port 56950 ssh2
May  7 02:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22203]: Connection closed by 158.51.96.38 port 56950 [preauth]
May  7 02:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Failed password for root from 158.51.96.38 port 29566 ssh2
May  7 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22205]: Connection closed by 158.51.96.38 port 29566 [preauth]
May  7 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Failed password for root from 158.51.96.38 port 29568 ssh2
May  7 02:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22218]: Connection closed by 158.51.96.38 port 29568 [preauth]
May  7 02:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 02:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: Failed password for root from 158.51.96.38 port 29578 ssh2
May  7 02:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22223]: Connection closed by 158.51.96.38 port 29578 [preauth]
May  7 02:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session closed for user root
May  7 02:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session closed for user root
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session closed for user p13x
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: Successful su for rubyman by root
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: + ??? root:rubyman
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344050 of user rubyman.
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22488]: pam_unix(su:session): session closed for user rubyman
May  7 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344050.
May  7 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22399]: pam_unix(cron:session): session closed for user root
May  7 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19469]: pam_unix(cron:session): session closed for user root
May  7 02:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22398]: pam_unix(cron:session): session closed for user samftp
May  7 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user root
May  7 02:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Invalid user admin from 80.94.95.112
May  7 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: input_userauth_request: invalid user admin [preauth]
May  7 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 02:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for invalid user admin from 80.94.95.112 port 30990 ssh2
May  7 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Failed password for root from 218.92.0.179 port 10927 ssh2
May  7 02:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for invalid user admin from 80.94.95.112 port 30990 ssh2
May  7 02:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Failed password for root from 218.92.0.179 port 10927 ssh2
May  7 02:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for invalid user admin from 80.94.95.112 port 30990 ssh2
May  7 02:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Failed password for root from 218.92.0.179 port 10927 ssh2
May  7 02:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Received disconnect from 218.92.0.179 port 10927:11:  [preauth]
May  7 02:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: Disconnected from 218.92.0.179 port 10927 [preauth]
May  7 02:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22866]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for invalid user admin from 80.94.95.112 port 30990 ssh2
May  7 02:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Failed password for invalid user admin from 80.94.95.112 port 30990 ssh2
May  7 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Received disconnect from 80.94.95.112 port 30990:11: Bye [preauth]
May  7 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: Disconnected from 80.94.95.112 port 30990 [preauth]
May  7 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 02:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22864]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22889]: pam_unix(cron:session): session closed for user p13x
May  7 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: Successful su for rubyman by root
May  7 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: + ??? root:rubyman
May  7 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344054 of user rubyman.
May  7 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: pam_unix(su:session): session closed for user rubyman
May  7 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344054.
May  7 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19881]: pam_unix(cron:session): session closed for user root
May  7 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user samftp
May  7 02:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user root
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23435]: pam_unix(cron:session): session closed for user p13x
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23499]: Successful su for rubyman by root
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23499]: + ??? root:rubyman
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344058 of user rubyman.
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23499]: pam_unix(su:session): session closed for user rubyman
May  7 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344058.
May  7 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20314]: pam_unix(cron:session): session closed for user root
May  7 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23437]: pam_unix(cron:session): session closed for user samftp
May  7 02:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Invalid user mohamed from 64.227.130.206
May  7 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: input_userauth_request: invalid user mohamed [preauth]
May  7 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Failed password for invalid user mohamed from 64.227.130.206 port 59990 ssh2
May  7 02:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Received disconnect from 64.227.130.206 port 59990:11: Bye Bye [preauth]
May  7 02:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Disconnected from 64.227.130.206 port 59990 [preauth]
May  7 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Invalid user brs from 154.221.25.33
May  7 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: input_userauth_request: invalid user brs [preauth]
May  7 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Failed password for invalid user brs from 154.221.25.33 port 39936 ssh2
May  7 02:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Received disconnect from 154.221.25.33 port 39936:11: Bye Bye [preauth]
May  7 02:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Disconnected from 154.221.25.33 port 39936 [preauth]
May  7 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22410]: pam_unix(cron:session): session closed for user root
May  7 02:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Invalid user vpn from 80.94.95.125
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: input_userauth_request: invalid user vpn [preauth]
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session closed for user p13x
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24027]: Successful su for rubyman by root
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24027]: + ??? root:rubyman
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344064 of user rubyman.
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24027]: pam_unix(su:session): session closed for user rubyman
May  7 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344064.
May  7 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user vpn from 80.94.95.125 port 30348 ssh2
May  7 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user vpn from 80.94.95.125 port 30348 ssh2
May  7 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20724]: pam_unix(cron:session): session closed for user root
May  7 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23953]: pam_unix(cron:session): session closed for user samftp
May  7 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user vpn from 80.94.95.125 port 30348 ssh2
May  7 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user vpn from 80.94.95.125 port 30348 ssh2
May  7 02:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Failed password for invalid user vpn from 80.94.95.125 port 30348 ssh2
May  7 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Received disconnect from 80.94.95.125 port 30348:11: Bye [preauth]
May  7 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: Disconnected from 80.94.95.125 port 30348 [preauth]
May  7 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 02:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23949]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: Invalid user admin from 85.208.84.5
May  7 02:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: input_userauth_request: invalid user admin [preauth]
May  7 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 02:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: Failed password for invalid user admin from 85.208.84.5 port 41546 ssh2
May  7 02:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: Connection closed by 85.208.84.5 port 41546 [preauth]
May  7 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22895]: pam_unix(cron:session): session closed for user root
May  7 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24384]: pam_unix(cron:session): session closed for user p13x
May  7 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24454]: Successful su for rubyman by root
May  7 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24454]: + ??? root:rubyman
May  7 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344067 of user rubyman.
May  7 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24454]: pam_unix(su:session): session closed for user rubyman
May  7 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344067.
May  7 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session closed for user root
May  7 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session closed for user samftp
May  7 02:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23439]: pam_unix(cron:session): session closed for user root
May  7 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Failed password for root from 218.92.0.179 port 27980 ssh2
May  7 02:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 27980 ssh2]
May  7 02:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Received disconnect from 218.92.0.179 port 27980:11:  [preauth]
May  7 02:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: Disconnected from 218.92.0.179 port 27980 [preauth]
May  7 02:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24755]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session closed for user root
May  7 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24815]: pam_unix(cron:session): session closed for user p13x
May  7 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: Successful su for rubyman by root
May  7 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: + ??? root:rubyman
May  7 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344072 of user rubyman.
May  7 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24886]: pam_unix(su:session): session closed for user rubyman
May  7 02:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344072.
May  7 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session closed for user root
May  7 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session closed for user root
May  7 02:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24816]: pam_unix(cron:session): session closed for user samftp
May  7 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session closed for user root
May  7 02:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 02:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Failed password for root from 218.92.0.227 port 14540 ssh2
May  7 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 14540 ssh2]
May  7 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Received disconnect from 218.92.0.227 port 14540:11:  [preauth]
May  7 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Disconnected from 218.92.0.227 port 14540 [preauth]
May  7 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 02:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 02:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Failed password for root from 218.92.0.227 port 27854 ssh2
May  7 02:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 27854 ssh2]
May  7 02:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Received disconnect from 218.92.0.227 port 27854:11:  [preauth]
May  7 02:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Disconnected from 218.92.0.227 port 27854 [preauth]
May  7 02:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 02:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25266]: pam_unix(cron:session): session closed for user p13x
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: Successful su for rubyman by root
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: + ??? root:rubyman
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344077 of user rubyman.
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25335]: pam_unix(su:session): session closed for user rubyman
May  7 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344077.
May  7 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22404]: pam_unix(cron:session): session closed for user root
May  7 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25267]: pam_unix(cron:session): session closed for user samftp
May  7 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Failed password for root from 218.92.0.227 port 16644 ssh2
May  7 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 16644 ssh2]
May  7 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Received disconnect from 218.92.0.227 port 16644:11:  [preauth]
May  7 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: Disconnected from 218.92.0.227 port 16644 [preauth]
May  7 02:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25508]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session closed for user root
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user p13x
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: Successful su for rubyman by root
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: + ??? root:rubyman
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344081 of user rubyman.
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: pam_unix(su:session): session closed for user rubyman
May  7 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344081.
May  7 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user root
May  7 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user samftp
May  7 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session closed for user root
May  7 02:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Invalid user anything from 154.221.25.33
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: input_userauth_request: invalid user anything [preauth]
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Invalid user userroot from 64.227.130.206
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: input_userauth_request: invalid user userroot [preauth]
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Failed password for invalid user anything from 154.221.25.33 port 39014 ssh2
May  7 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Received disconnect from 154.221.25.33 port 39014:11: Bye Bye [preauth]
May  7 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26155]: Disconnected from 154.221.25.33 port 39014 [preauth]
May  7 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Failed password for invalid user userroot from 64.227.130.206 port 39906 ssh2
May  7 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Received disconnect from 64.227.130.206 port 39906:11: Bye Bye [preauth]
May  7 02:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26153]: Disconnected from 64.227.130.206 port 39906 [preauth]
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26174]: pam_unix(cron:session): session closed for user p13x
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: Successful su for rubyman by root
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: + ??? root:rubyman
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344084 of user rubyman.
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26238]: pam_unix(su:session): session closed for user rubyman
May  7 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344084.
May  7 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23438]: pam_unix(cron:session): session closed for user root
May  7 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26175]: pam_unix(cron:session): session closed for user samftp
May  7 02:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 02:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Failed password for root from 218.92.0.112 port 44834 ssh2
May  7 02:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Failed password for root from 218.92.0.112 port 44834 ssh2
May  7 02:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session closed for user root
May  7 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Failed password for root from 218.92.0.112 port 44834 ssh2
May  7 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Received disconnect from 218.92.0.112 port 44834:11:  [preauth]
May  7 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: Disconnected from 218.92.0.112 port 44834 [preauth]
May  7 02:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26564]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 02:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26666]: pam_unix(cron:session): session closed for user p13x
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26788]: Successful su for rubyman by root
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26788]: + ??? root:rubyman
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344088 of user rubyman.
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26788]: pam_unix(su:session): session closed for user rubyman
May  7 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344088.
May  7 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26664]: pam_unix(cron:session): session closed for user root
May  7 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23954]: pam_unix(cron:session): session closed for user root
May  7 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26667]: pam_unix(cron:session): session closed for user samftp
May  7 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user root
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27240]: pam_unix(cron:session): session closed for user root
May  7 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27234]: pam_unix(cron:session): session closed for user p13x
May  7 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: Successful su for rubyman by root
May  7 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: + ??? root:rubyman
May  7 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344093 of user rubyman.
May  7 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session closed for user rubyman
May  7 02:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344093.
May  7 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session closed for user root
May  7 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user root
May  7 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user samftp
May  7 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session closed for user root
May  7 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session closed for user p13x
May  7 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: Successful su for rubyman by root
May  7 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: + ??? root:rubyman
May  7 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344101 of user rubyman.
May  7 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27802]: pam_unix(su:session): session closed for user rubyman
May  7 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344101.
May  7 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session closed for user root
May  7 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user samftp
May  7 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26669]: pam_unix(cron:session): session closed for user root
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28153]: pam_unix(cron:session): session closed for user p13x
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: Successful su for rubyman by root
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: + ??? root:rubyman
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344103 of user rubyman.
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28218]: pam_unix(su:session): session closed for user rubyman
May  7 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344103.
May  7 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session closed for user root
May  7 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28154]: pam_unix(cron:session): session closed for user samftp
May  7 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session closed for user root
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28558]: pam_unix(cron:session): session closed for user p13x
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: Successful su for rubyman by root
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: + ??? root:rubyman
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344107 of user rubyman.
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: pam_unix(su:session): session closed for user rubyman
May  7 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344107.
May  7 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user root
May  7 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28559]: pam_unix(cron:session): session closed for user samftp
May  7 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: Invalid user ian from 154.221.25.33
May  7 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: input_userauth_request: invalid user ian [preauth]
May  7 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: Failed password for invalid user ian from 154.221.25.33 port 34944 ssh2
May  7 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: Received disconnect from 154.221.25.33 port 34944:11: Bye Bye [preauth]
May  7 02:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28806]: Disconnected from 154.221.25.33 port 34944 [preauth]
May  7 02:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Invalid user zxc from 64.227.130.206
May  7 02:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: input_userauth_request: invalid user zxc [preauth]
May  7 02:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Failed password for invalid user zxc from 64.227.130.206 port 60484 ssh2
May  7 02:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Received disconnect from 64.227.130.206 port 60484:11: Bye Bye [preauth]
May  7 02:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28869]: Disconnected from 64.227.130.206 port 60484 [preauth]
May  7 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
May  7 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session closed for user p13x
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: Successful su for rubyman by root
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: + ??? root:rubyman
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344113 of user rubyman.
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: pam_unix(su:session): session closed for user rubyman
May  7 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344113.
May  7 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26176]: pam_unix(cron:session): session closed for user root
May  7 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session closed for user samftp
May  7 02:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user root
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29474]: pam_unix(cron:session): session closed for user root
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session closed for user p13x
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: Successful su for rubyman by root
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: + ??? root:rubyman
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344117 of user rubyman.
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: pam_unix(su:session): session closed for user rubyman
May  7 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344117.
May  7 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29471]: pam_unix(cron:session): session closed for user root
May  7 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26668]: pam_unix(cron:session): session closed for user root
May  7 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Invalid user admin from 85.208.84.4
May  7 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: input_userauth_request: invalid user admin [preauth]
May  7 02:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Failed none for invalid user admin from 85.208.84.4 port 42802 ssh2
May  7 02:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29644]: Connection closed by 85.208.84.4 port 42802 [preauth]
May  7 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session closed for user samftp
May  7 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28561]: pam_unix(cron:session): session closed for user root
May  7 02:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session closed for user p13x
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: Successful su for rubyman by root
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: + ??? root:rubyman
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344121 of user rubyman.
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: pam_unix(su:session): session closed for user rubyman
May  7 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344121.
May  7 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session closed for user root
May  7 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session closed for user samftp
May  7 02:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28968]: pam_unix(cron:session): session closed for user root
May  7 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Invalid user admin from 80.94.95.241
May  7 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: input_userauth_request: invalid user admin [preauth]
May  7 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for invalid user admin from 80.94.95.241 port 28180 ssh2
May  7 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Invalid user zhangliang from 50.235.31.47
May  7 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: input_userauth_request: invalid user zhangliang [preauth]
May  7 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for invalid user admin from 80.94.95.241 port 28180 ssh2
May  7 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30319]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session closed for user p13x
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Failed password for invalid user zhangliang from 50.235.31.47 port 51238 ssh2
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: Successful su for rubyman by root
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: + ??? root:rubyman
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344126 of user rubyman.
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30382]: pam_unix(su:session): session closed for user rubyman
May  7 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344126.
May  7 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30307]: Connection closed by 50.235.31.47 port 51238 [preauth]
May  7 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for invalid user admin from 80.94.95.241 port 28180 ssh2
May  7 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for invalid user admin from 80.94.95.241 port 28180 ssh2
May  7 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session closed for user root
May  7 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30319]: pam_unix(cron:session): session closed for user samftp
May  7 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Failed password for invalid user admin from 80.94.95.241 port 28180 ssh2
May  7 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Received disconnect from 80.94.95.241 port 28180:11: Bye [preauth]
May  7 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: Disconnected from 80.94.95.241 port 28180 [preauth]
May  7 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30305]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29473]: pam_unix(cron:session): session closed for user root
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30712]: pam_unix(cron:session): session closed for user p13x
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: Successful su for rubyman by root
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: + ??? root:rubyman
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344129 of user rubyman.
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30773]: pam_unix(su:session): session closed for user rubyman
May  7 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344129.
May  7 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session closed for user root
May  7 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30713]: pam_unix(cron:session): session closed for user samftp
May  7 02:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Invalid user autobuild from 154.221.25.33
May  7 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: input_userauth_request: invalid user autobuild [preauth]
May  7 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.221.25.33
May  7 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Failed password for invalid user autobuild from 154.221.25.33 port 56688 ssh2
May  7 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Received disconnect from 154.221.25.33 port 56688:11: Bye Bye [preauth]
May  7 02:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31084]: Disconnected from 154.221.25.33 port 56688 [preauth]
May  7 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session closed for user root
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31207]: pam_unix(cron:session): session closed for user p13x
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31270]: Successful su for rubyman by root
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31270]: + ??? root:rubyman
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344135 of user rubyman.
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31270]: pam_unix(su:session): session closed for user rubyman
May  7 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344135.
May  7 02:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28560]: pam_unix(cron:session): session closed for user root
May  7 02:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31208]: pam_unix(cron:session): session closed for user samftp
May  7 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: Invalid user autobuild from 64.227.130.206
May  7 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: input_userauth_request: invalid user autobuild [preauth]
May  7 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: Failed password for invalid user autobuild from 64.227.130.206 port 49428 ssh2
May  7 02:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: Received disconnect from 64.227.130.206 port 49428:11: Bye Bye [preauth]
May  7 02:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31443]: Disconnected from 64.227.130.206 port 49428 [preauth]
May  7 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30321]: pam_unix(cron:session): session closed for user root
May  7 02:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31629]: pam_unix(cron:session): session closed for user root
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31623]: pam_unix(cron:session): session closed for user p13x
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: Successful su for rubyman by root
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: + ??? root:rubyman
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344142 of user rubyman.
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31721]: pam_unix(su:session): session closed for user rubyman
May  7 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344142.
May  7 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31625]: pam_unix(cron:session): session closed for user root
May  7 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Failed password for root from 218.92.0.220 port 22366 ssh2
May  7 02:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28967]: pam_unix(cron:session): session closed for user root
May  7 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Failed password for root from 218.92.0.220 port 22366 ssh2
May  7 02:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31624]: pam_unix(cron:session): session closed for user samftp
May  7 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Failed password for root from 218.92.0.220 port 22366 ssh2
May  7 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Received disconnect from 218.92.0.220 port 22366:11:  [preauth]
May  7 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: Disconnected from 218.92.0.220 port 22366 [preauth]
May  7 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31613]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 02:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Failed password for root from 218.92.0.236 port 22328 ssh2
May  7 02:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 22328 ssh2]
May  7 02:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Received disconnect from 218.92.0.236 port 22328:11:  [preauth]
May  7 02:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Disconnected from 218.92.0.236 port 22328 [preauth]
May  7 02:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30715]: pam_unix(cron:session): session closed for user root
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32383]: pam_unix(cron:session): session closed for user p13x
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32460]: Successful su for rubyman by root
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32460]: + ??? root:rubyman
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344143 of user rubyman.
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32460]: pam_unix(su:session): session closed for user rubyman
May  7 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344143.
May  7 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29472]: pam_unix(cron:session): session closed for user root
May  7 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user samftp
May  7 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31210]: pam_unix(cron:session): session closed for user root
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[509]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[508]: pam_unix(cron:session): session closed for user p13x
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: Successful su for rubyman by root
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: + ??? root:rubyman
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344147 of user rubyman.
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[577]: pam_unix(su:session): session closed for user rubyman
May  7 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344147.
May  7 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session closed for user root
May  7 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[509]: pam_unix(cron:session): session closed for user samftp
May  7 02:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31628]: pam_unix(cron:session): session closed for user root
May  7 02:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[912]: Failed password for root from 218.92.0.111 port 40280 ssh2
May  7 02:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[970]: pam_unix(cron:session): session closed for user p13x
May  7 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: Successful su for rubyman by root
May  7 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: + ??? root:rubyman
May  7 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344152 of user rubyman.
May  7 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1053]: pam_unix(su:session): session closed for user rubyman
May  7 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344152.
May  7 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30320]: pam_unix(cron:session): session closed for user root
May  7 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[974]: pam_unix(cron:session): session closed for user samftp
May  7 02:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Failed password for root from 218.92.0.111 port 20842 ssh2
May  7 02:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 20842 ssh2]
May  7 02:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Received disconnect from 218.92.0.111 port 20842:11:  [preauth]
May  7 02:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: Disconnected from 218.92.0.111 port 20842 [preauth]
May  7 02:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1304]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user root
May  7 02:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: Failed password for root from 218.92.0.111 port 41584 ssh2
May  7 02:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Invalid user test from 186.96.145.241
May  7 02:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: input_userauth_request: invalid user test [preauth]
May  7 02:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241
May  7 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: Failed password for root from 218.92.0.111 port 41584 ssh2
May  7 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for invalid user test from 186.96.145.241 port 53646 ssh2
May  7 02:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Connection closed by 186.96.145.241 port 53646 [preauth]
May  7 02:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: Failed password for root from 218.92.0.111 port 41584 ssh2
May  7 02:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: Received disconnect from 218.92.0.111 port 41584:11:  [preauth]
May  7 02:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: Disconnected from 218.92.0.111 port 41584 [preauth]
May  7 02:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1394]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1476]: pam_unix(cron:session): session closed for user p13x
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: Successful su for rubyman by root
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: + ??? root:rubyman
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344156 of user rubyman.
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1538]: pam_unix(su:session): session closed for user rubyman
May  7 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344156.
May  7 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30714]: pam_unix(cron:session): session closed for user root
May  7 02:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session closed for user samftp
May  7 02:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 02:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Failed password for root from 218.92.0.111 port 22464 ssh2
May  7 02:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Received disconnect from 218.92.0.111 port 22464:11:  [preauth]
May  7 02:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1765]: Disconnected from 218.92.0.111 port 22464 [preauth]
May  7 02:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Invalid user solr from 64.227.130.206
May  7 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: input_userauth_request: invalid user solr [preauth]
May  7 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.130.206
May  7 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session closed for user root
May  7 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user solr from 64.227.130.206 port 47242 ssh2
May  7 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Received disconnect from 64.227.130.206 port 47242:11: Bye Bye [preauth]
May  7 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Disconnected from 64.227.130.206 port 47242 [preauth]
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2020]: pam_unix(cron:session): session closed for user root
May  7 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2014]: pam_unix(cron:session): session closed for user p13x
May  7 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2085]: Successful su for rubyman by root
May  7 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2085]: + ??? root:rubyman
May  7 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344161 of user rubyman.
May  7 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2085]: pam_unix(su:session): session closed for user rubyman
May  7 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344161.
May  7 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2017]: pam_unix(cron:session): session closed for user root
May  7 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31209]: pam_unix(cron:session): session closed for user root
May  7 02:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2016]: pam_unix(cron:session): session closed for user samftp
May  7 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Failed password for root from 218.92.0.179 port 25248 ssh2
May  7 02:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 25248 ssh2]
May  7 02:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Received disconnect from 218.92.0.179 port 25248:11:  [preauth]
May  7 02:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: Disconnected from 218.92.0.179 port 25248 [preauth]
May  7 02:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2236]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 02:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session closed for user root
May  7 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2470]: pam_unix(cron:session): session closed for user p13x
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2542]: Successful su for rubyman by root
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2542]: + ??? root:rubyman
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344166 of user rubyman.
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2542]: pam_unix(su:session): session closed for user rubyman
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344166.
May  7 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for root from 218.92.0.223 port 28174 ssh2
May  7 02:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for root from 218.92.0.223 port 28174 ssh2
May  7 02:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31626]: pam_unix(cron:session): session closed for user root
May  7 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2471]: pam_unix(cron:session): session closed for user samftp
May  7 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Failed password for root from 218.92.0.223 port 28174 ssh2
May  7 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Received disconnect from 218.92.0.223 port 28174:11:  [preauth]
May  7 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: Disconnected from 218.92.0.223 port 28174 [preauth]
May  7 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2467]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  7 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  7 02:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Failed password for root from 218.92.0.223 port 28176 ssh2
May  7 02:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2753]: Failed password for root from 218.92.0.223 port 28176 ssh2
May  7 02:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1479]: pam_unix(cron:session): session closed for user root
May  7 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session closed for user p13x
May  7 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: Successful su for rubyman by root
May  7 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: + ??? root:rubyman
May  7 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344170 of user rubyman.
May  7 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2988]: pam_unix(su:session): session closed for user rubyman
May  7 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344170.
May  7 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user root
May  7 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session closed for user samftp
May  7 02:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2019]: pam_unix(cron:session): session closed for user root
May  7 02:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: Invalid user prueba from 85.208.84.5
May  7 02:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: input_userauth_request: invalid user prueba [preauth]
May  7 02:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: Failed password for invalid user prueba from 85.208.84.5 port 60414 ssh2
May  7 02:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3275]: Connection closed by 85.208.84.5 port 60414 [preauth]
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3323]: pam_unix(cron:session): session closed for user p13x
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3399]: Successful su for rubyman by root
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3399]: + ??? root:rubyman
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344175 of user rubyman.
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3399]: pam_unix(su:session): session closed for user rubyman
May  7 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344175.
May  7 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[510]: pam_unix(cron:session): session closed for user root
May  7 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session closed for user samftp
May  7 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2473]: pam_unix(cron:session): session closed for user root
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3773]: pam_unix(cron:session): session closed for user p13x
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3833]: Successful su for rubyman by root
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3833]: + ??? root:rubyman
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344177 of user rubyman.
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3833]: pam_unix(su:session): session closed for user rubyman
May  7 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344177.
May  7 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Invalid user amx from 80.94.95.29
May  7 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: input_userauth_request: invalid user amx [preauth]
May  7 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 02:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for invalid user amx from 80.94.95.29 port 23864 ssh2
May  7 02:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session closed for user root
May  7 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3774]: pam_unix(cron:session): session closed for user samftp
May  7 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for invalid user amx from 80.94.95.29 port 23864 ssh2
May  7 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for invalid user amx from 80.94.95.29 port 23864 ssh2
May  7 02:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for invalid user amx from 80.94.95.29 port 23864 ssh2
May  7 02:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: pam_unix(sshd:auth): check pass; user unknown
May  7 02:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Failed password for invalid user amx from 80.94.95.29 port 23864 ssh2
May  7 02:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Received disconnect from 80.94.95.29 port 23864:11: Bye [preauth]
May  7 02:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: Disconnected from 80.94.95.29 port 23864 [preauth]
May  7 02:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 02:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3854]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 02:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2925]: pam_unix(cron:session): session closed for user root
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4285]: pam_unix(cron:session): session closed for user root
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user root
May  7 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session closed for user p13x
May  7 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: Successful su for rubyman by root
May  7 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: + ??? root:rubyman
May  7 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344184 of user rubyman.
May  7 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4507]: pam_unix(su:session): session closed for user rubyman
May  7 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344184.
May  7 03:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4659]: Did not receive identification string from 34.73.160.83
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1478]: pam_unix(cron:session): session closed for user root
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4673]: Bad protocol version identification '{"id": 1, "method": "mining.subscribe", "params": []}' from 34.73.160.83 port 36394
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Bad protocol version identification '\026\003\001' from 34.73.160.83 port 36410
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Bad protocol version identification '\026\003\001\005\250\001' from 34.73.160.83 port 36440
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4675]: Bad protocol version identification 'GET / HTTP/1.1' from 34.73.160.83 port 36456
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4671]: Did not receive identification string from 34.73.160.83
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user root
May  7 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4697]: Bad protocol version identification '\026\003\001' from 34.73.160.83 port 36460
May  7 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Did not receive identification string from 34.73.160.83
May  7 03:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4713]: Did not receive identification string from 34.73.160.83
May  7 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Invalid user  from 80.94.95.125
May  7 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: input_userauth_request: invalid user  [preauth]
May  7 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed none for invalid user  from 80.94.95.125 port 53339 ssh2
May  7 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user  from 80.94.95.125 port 53339 ssh2
May  7 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session closed for user samftp
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user  from 80.94.95.125 port 53339 ssh2
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4744]: Bad protocol version identification 'PING b1fef6fa-e5c8-461f-8993-361d0483d320' from 34.73.160.83 port 36384
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user  from 80.94.95.125 port 53339 ssh2
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user  from 80.94.95.125 port 53339 ssh2
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Received disconnect from 80.94.95.125 port 53339:11: Bye [preauth]
May  7 03:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Disconnected from 80.94.95.125 port 53339 [preauth]
May  7 03:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user root
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4949]: pam_unix(cron:session): session closed for user p13x
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5201]: Successful su for rubyman by root
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5201]: + ??? root:rubyman
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344189 of user rubyman.
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5201]: pam_unix(su:session): session closed for user rubyman
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344189.
May  7 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Failed password for root from 218.92.0.179 port 37880 ssh2
May  7 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2018]: pam_unix(cron:session): session closed for user root
May  7 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4950]: pam_unix(cron:session): session closed for user samftp
May  7 03:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Failed password for root from 218.92.0.179 port 37880 ssh2
May  7 03:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Failed password for root from 218.92.0.179 port 37880 ssh2
May  7 03:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Received disconnect from 218.92.0.179 port 37880:11:  [preauth]
May  7 03:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: Disconnected from 218.92.0.179 port 37880 [preauth]
May  7 03:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5228]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  7 03:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for root from 218.92.0.209 port 32518 ssh2
May  7 03:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: message repeated 2 times: [ Failed password for root from 218.92.0.209 port 32518 ssh2]
May  7 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session closed for user root
May  7 03:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for root from 218.92.0.209 port 32518 ssh2
May  7 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Failed password for root from 218.92.0.209 port 32518 ssh2
May  7 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 32518 ssh2 [preauth]
May  7 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: Disconnecting: Too many authentication failures [preauth]
May  7 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  7 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5430]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session closed for user p13x
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5677]: Successful su for rubyman by root
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5677]: + ??? root:rubyman
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344193 of user rubyman.
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5677]: pam_unix(su:session): session closed for user rubyman
May  7 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344193.
May  7 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Invalid user adminpass from 50.235.31.47
May  7 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: input_userauth_request: invalid user adminpass [preauth]
May  7 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2472]: pam_unix(cron:session): session closed for user root
May  7 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Failed password for invalid user adminpass from 50.235.31.47 port 38352 ssh2
May  7 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Connection closed by 50.235.31.47 port 38352 [preauth]
May  7 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session closed for user samftp
May  7 03:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4284]: pam_unix(cron:session): session closed for user root
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session closed for user p13x
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6183]: Successful su for rubyman by root
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6183]: + ??? root:rubyman
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344196 of user rubyman.
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6183]: pam_unix(su:session): session closed for user rubyman
May  7 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344196.
May  7 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2924]: pam_unix(cron:session): session closed for user root
May  7 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6121]: pam_unix(cron:session): session closed for user samftp
May  7 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4952]: pam_unix(cron:session): session closed for user root
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6517]: pam_unix(cron:session): session closed for user p13x
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6575]: Successful su for rubyman by root
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6575]: + ??? root:rubyman
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344200 of user rubyman.
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6575]: pam_unix(su:session): session closed for user rubyman
May  7 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344200.
May  7 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session closed for user root
May  7 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6518]: pam_unix(cron:session): session closed for user samftp
May  7 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user root
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7024]: pam_unix(cron:session): session closed for user root
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session closed for user p13x
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: Successful su for rubyman by root
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: + ??? root:rubyman
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344207 of user rubyman.
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7104]: pam_unix(su:session): session closed for user rubyman
May  7 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344207.
May  7 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
May  7 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3775]: pam_unix(cron:session): session closed for user root
May  7 03:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session closed for user samftp
May  7 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6123]: pam_unix(cron:session): session closed for user root
May  7 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user p13x
May  7 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: Successful su for rubyman by root
May  7 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: + ??? root:rubyman
May  7 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344210 of user rubyman.
May  7 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7635]: pam_unix(su:session): session closed for user rubyman
May  7 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344210.
May  7 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session closed for user root
May  7 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7465]: pam_unix(cron:session): session closed for user samftp
May  7 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Invalid user admin from 80.94.95.112
May  7 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: input_userauth_request: invalid user admin [preauth]
May  7 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 03:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user admin from 80.94.95.112 port 5281 ssh2
May  7 03:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user admin from 80.94.95.112 port 5281 ssh2
May  7 03:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user admin from 80.94.95.112 port 5281 ssh2
May  7 03:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user admin from 80.94.95.112 port 5281 ssh2
May  7 03:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Failed password for invalid user admin from 80.94.95.112 port 5281 ssh2
May  7 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Received disconnect from 80.94.95.112 port 5281:11: Bye [preauth]
May  7 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: Disconnected from 80.94.95.112 port 5281 [preauth]
May  7 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 03:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7842]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session closed for user root
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7997]: pam_unix(cron:session): session closed for user p13x
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: Successful su for rubyman by root
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: + ??? root:rubyman
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344215 of user rubyman.
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8056]: pam_unix(su:session): session closed for user rubyman
May  7 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344215.
May  7 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4951]: pam_unix(cron:session): session closed for user root
May  7 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7998]: pam_unix(cron:session): session closed for user samftp
May  7 03:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Failed password for root from 218.92.0.179 port 31277 ssh2
May  7 03:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 31277 ssh2]
May  7 03:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Received disconnect from 218.92.0.179 port 31277:11:  [preauth]
May  7 03:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: Disconnected from 218.92.0.179 port 31277 [preauth]
May  7 03:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session closed for user root
May  7 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8430]: pam_unix(cron:session): session closed for user p13x
May  7 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8495]: Successful su for rubyman by root
May  7 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8495]: + ??? root:rubyman
May  7 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344218 of user rubyman.
May  7 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8495]: pam_unix(su:session): session closed for user rubyman
May  7 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344218.
May  7 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session closed for user root
May  7 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8432]: pam_unix(cron:session): session closed for user samftp
May  7 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7468]: pam_unix(cron:session): session closed for user root
May  7 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user p13x
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: Successful su for rubyman by root
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: + ??? root:rubyman
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344223 of user rubyman.
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8981]: pam_unix(su:session): session closed for user rubyman
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344223.
May  7 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session closed for user root
May  7 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6122]: pam_unix(cron:session): session closed for user root
May  7 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user samftp
May  7 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session closed for user root
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9476]: pam_unix(cron:session): session closed for user root
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session closed for user p13x
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: Successful su for rubyman by root
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: + ??? root:rubyman
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344228 of user rubyman.
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9538]: pam_unix(su:session): session closed for user rubyman
May  7 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344228.
May  7 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9473]: pam_unix(cron:session): session closed for user root
May  7 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6519]: pam_unix(cron:session): session closed for user root
May  7 03:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session closed for user samftp
May  7 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8434]: pam_unix(cron:session): session closed for user root
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9898]: pam_unix(cron:session): session closed for user p13x
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9970]: Successful su for rubyman by root
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9970]: + ??? root:rubyman
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344233 of user rubyman.
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9970]: pam_unix(su:session): session closed for user rubyman
May  7 03:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344233.
May  7 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session closed for user root
May  7 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9899]: pam_unix(cron:session): session closed for user samftp
May  7 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session closed for user root
May  7 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10395]: pam_unix(cron:session): session closed for user p13x
May  7 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: Successful su for rubyman by root
May  7 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: + ??? root:rubyman
May  7 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344237 of user rubyman.
May  7 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10467]: pam_unix(su:session): session closed for user rubyman
May  7 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344237.
May  7 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7466]: pam_unix(cron:session): session closed for user root
May  7 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10396]: pam_unix(cron:session): session closed for user samftp
May  7 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9475]: pam_unix(cron:session): session closed for user root
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10869]: pam_unix(cron:session): session closed for user p13x
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: Successful su for rubyman by root
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: + ??? root:rubyman
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344241 of user rubyman.
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: pam_unix(su:session): session closed for user rubyman
May  7 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344241.
May  7 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7999]: pam_unix(cron:session): session closed for user root
May  7 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10870]: pam_unix(cron:session): session closed for user samftp
May  7 03:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9901]: pam_unix(cron:session): session closed for user root
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11255]: pam_unix(cron:session): session closed for user p13x
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11316]: Successful su for rubyman by root
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11316]: + ??? root:rubyman
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344245 of user rubyman.
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11316]: pam_unix(su:session): session closed for user rubyman
May  7 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344245.
May  7 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8433]: pam_unix(cron:session): session closed for user root
May  7 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user samftp
May  7 03:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session closed for user root
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11651]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11656]: pam_unix(cron:session): session closed for user root
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11651]: pam_unix(cron:session): session closed for user p13x
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11723]: Successful su for rubyman by root
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11723]: + ??? root:rubyman
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344250 of user rubyman.
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11723]: pam_unix(su:session): session closed for user rubyman
May  7 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344250.
May  7 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user root
May  7 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session closed for user root
May  7 03:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session closed for user samftp
May  7 03:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10872]: pam_unix(cron:session): session closed for user root
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12072]: pam_unix(cron:session): session closed for user p13x
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12140]: Successful su for rubyman by root
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12140]: + ??? root:rubyman
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344256 of user rubyman.
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12140]: pam_unix(su:session): session closed for user rubyman
May  7 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344256.
May  7 03:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9474]: pam_unix(cron:session): session closed for user root
May  7 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12073]: pam_unix(cron:session): session closed for user samftp
May  7 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session closed for user root
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12478]: pam_unix(cron:session): session closed for user root
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12480]: pam_unix(cron:session): session closed for user p13x
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: Successful su for rubyman by root
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: + ??? root:rubyman
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344259 of user rubyman.
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: pam_unix(su:session): session closed for user rubyman
May  7 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344259.
May  7 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9900]: pam_unix(cron:session): session closed for user root
May  7 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12481]: pam_unix(cron:session): session closed for user samftp
May  7 03:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session closed for user root
May  7 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12864]: pam_unix(cron:session): session closed for user p13x
May  7 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: Successful su for rubyman by root
May  7 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: + ??? root:rubyman
May  7 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344266 of user rubyman.
May  7 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12922]: pam_unix(su:session): session closed for user rubyman
May  7 03:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344266.
May  7 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10397]: pam_unix(cron:session): session closed for user root
May  7 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12865]: pam_unix(cron:session): session closed for user samftp
May  7 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12075]: pam_unix(cron:session): session closed for user root
May  7 03:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session closed for user p13x
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: Successful su for rubyman by root
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: + ??? root:rubyman
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344268 of user rubyman.
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13330]: pam_unix(su:session): session closed for user rubyman
May  7 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344268.
May  7 03:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for root from 218.92.0.179 port 23294 ssh2
May  7 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10871]: pam_unix(cron:session): session closed for user root
May  7 03:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for root from 218.92.0.179 port 23294 ssh2
May  7 03:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session closed for user samftp
May  7 03:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for root from 218.92.0.179 port 23294 ssh2
May  7 03:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Received disconnect from 218.92.0.179 port 23294:11:  [preauth]
May  7 03:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Disconnected from 218.92.0.179 port 23294 [preauth]
May  7 03:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session closed for user root
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session closed for user root
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session closed for user p13x
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: Successful su for rubyman by root
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: + ??? root:rubyman
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344274 of user rubyman.
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13841]: pam_unix(su:session): session closed for user rubyman
May  7 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344274.
May  7 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session closed for user root
May  7 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session closed for user root
May  7 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session closed for user samftp
May  7 03:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12867]: pam_unix(cron:session): session closed for user root
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14198]: pam_unix(cron:session): session closed for user p13x
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: Successful su for rubyman by root
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: + ??? root:rubyman
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344279 of user rubyman.
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14268]: pam_unix(su:session): session closed for user rubyman
May  7 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344279.
May  7 03:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
May  7 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14199]: pam_unix(cron:session): session closed for user samftp
May  7 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session closed for user root
May  7 03:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Invalid user admin from 80.94.95.241
May  7 03:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: input_userauth_request: invalid user admin [preauth]
May  7 03:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 03:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Failed password for invalid user admin from 80.94.95.241 port 45976 ssh2
May  7 03:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Failed password for invalid user admin from 80.94.95.241 port 45976 ssh2
May  7 03:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Failed password for invalid user admin from 80.94.95.241 port 45976 ssh2
May  7 03:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Failed password for invalid user admin from 80.94.95.241 port 45976 ssh2
May  7 03:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Failed password for invalid user admin from 80.94.95.241 port 45976 ssh2
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Received disconnect from 80.94.95.241 port 45976:11: Bye [preauth]
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: Disconnected from 80.94.95.241 port 45976 [preauth]
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14586]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session closed for user p13x
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: Successful su for rubyman by root
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: + ??? root:rubyman
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344283 of user rubyman.
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14677]: pam_unix(su:session): session closed for user rubyman
May  7 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344283.
May  7 03:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session closed for user root
May  7 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user samftp
May  7 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session closed for user root
May  7 03:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15023]: pam_unix(cron:session): session closed for user p13x
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: Successful su for rubyman by root
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: + ??? root:rubyman
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344286 of user rubyman.
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15083]: pam_unix(su:session): session closed for user rubyman
May  7 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344286.
May  7 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12482]: pam_unix(cron:session): session closed for user root
May  7 03:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for root from 218.92.0.179 port 11757 ssh2
May  7 03:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15024]: pam_unix(cron:session): session closed for user samftp
May  7 03:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for root from 218.92.0.179 port 11757 ssh2
May  7 03:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for root from 218.92.0.179 port 11757 ssh2
May  7 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Received disconnect from 218.92.0.179 port 11757:11:  [preauth]
May  7 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Disconnected from 218.92.0.179 port 11757 [preauth]
May  7 03:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14202]: pam_unix(cron:session): session closed for user root
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15409]: pam_unix(cron:session): session closed for user p13x
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15469]: Successful su for rubyman by root
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15469]: + ??? root:rubyman
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344292 of user rubyman.
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15469]: pam_unix(su:session): session closed for user rubyman
May  7 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344292.
May  7 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12866]: pam_unix(cron:session): session closed for user root
May  7 03:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15410]: pam_unix(cron:session): session closed for user samftp
May  7 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session closed for user root
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user root
May  7 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15799]: pam_unix(cron:session): session closed for user p13x
May  7 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: Successful su for rubyman by root
May  7 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: + ??? root:rubyman
May  7 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344299 of user rubyman.
May  7 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15868]: pam_unix(su:session): session closed for user rubyman
May  7 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344299.
May  7 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session closed for user root
May  7 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session closed for user root
May  7 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session closed for user samftp
May  7 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15026]: pam_unix(cron:session): session closed for user root
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session closed for user p13x
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: Successful su for rubyman by root
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: + ??? root:rubyman
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344300 of user rubyman.
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: pam_unix(su:session): session closed for user rubyman
May  7 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344300.
May  7 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session closed for user root
May  7 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session closed for user samftp
May  7 03:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15412]: pam_unix(cron:session): session closed for user root
May  7 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16666]: pam_unix(cron:session): session closed for user p13x
May  7 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: Successful su for rubyman by root
May  7 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: + ??? root:rubyman
May  7 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344305 of user rubyman.
May  7 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16729]: pam_unix(su:session): session closed for user rubyman
May  7 03:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344305.
May  7 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14200]: pam_unix(cron:session): session closed for user root
May  7 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16667]: pam_unix(cron:session): session closed for user samftp
May  7 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session closed for user root
May  7 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17089]: pam_unix(cron:session): session closed for user p13x
May  7 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: Successful su for rubyman by root
May  7 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: + ??? root:rubyman
May  7 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344309 of user rubyman.
May  7 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17153]: pam_unix(su:session): session closed for user rubyman
May  7 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344309.
May  7 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session closed for user root
May  7 03:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17090]: pam_unix(cron:session): session closed for user samftp
May  7 03:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16215]: pam_unix(cron:session): session closed for user root
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session closed for user p13x
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: Successful su for rubyman by root
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: + ??? root:rubyman
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344313 of user rubyman.
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session closed for user rubyman
May  7 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344313.
May  7 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15025]: pam_unix(cron:session): session closed for user root
May  7 03:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session closed for user samftp
May  7 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16669]: pam_unix(cron:session): session closed for user root
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18023]: pam_unix(cron:session): session closed for user root
May  7 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18016]: pam_unix(cron:session): session closed for user p13x
May  7 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18094]: Successful su for rubyman by root
May  7 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18094]: + ??? root:rubyman
May  7 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344320 of user rubyman.
May  7 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18094]: pam_unix(su:session): session closed for user rubyman
May  7 03:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344320.
May  7 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15411]: pam_unix(cron:session): session closed for user root
May  7 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18018]: pam_unix(cron:session): session closed for user root
May  7 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18017]: pam_unix(cron:session): session closed for user samftp
May  7 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17092]: pam_unix(cron:session): session closed for user root
May  7 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18467]: pam_unix(cron:session): session closed for user p13x
May  7 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18535]: Successful su for rubyman by root
May  7 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18535]: + ??? root:rubyman
May  7 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344324 of user rubyman.
May  7 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18535]: pam_unix(su:session): session closed for user rubyman
May  7 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344324.
May  7 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session closed for user root
May  7 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18468]: pam_unix(cron:session): session closed for user samftp
May  7 03:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user root
May  7 03:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18880]: pam_unix(cron:session): session closed for user p13x
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Invalid user msf from 14.103.112.108
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: input_userauth_request: invalid user msf [preauth]
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.108
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: Successful su for rubyman by root
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: + ??? root:rubyman
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344327 of user rubyman.
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18942]: pam_unix(su:session): session closed for user rubyman
May  7 03:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344327.
May  7 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session closed for user root
May  7 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Failed password for invalid user msf from 14.103.112.108 port 59726 ssh2
May  7 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Received disconnect from 14.103.112.108 port 59726:11: Bye Bye [preauth]
May  7 03:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18877]: Disconnected from 14.103.112.108 port 59726 [preauth]
May  7 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18881]: pam_unix(cron:session): session closed for user samftp
May  7 03:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18022]: pam_unix(cron:session): session closed for user root
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19285]: pam_unix(cron:session): session closed for user p13x
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19347]: Successful su for rubyman by root
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19347]: + ??? root:rubyman
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344330 of user rubyman.
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19347]: pam_unix(su:session): session closed for user rubyman
May  7 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344330.
May  7 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16668]: pam_unix(cron:session): session closed for user root
May  7 03:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19286]: pam_unix(cron:session): session closed for user samftp
May  7 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18470]: pam_unix(cron:session): session closed for user root
May  7 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19706]: pam_unix(cron:session): session closed for user p13x
May  7 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19766]: Successful su for rubyman by root
May  7 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19766]: + ??? root:rubyman
May  7 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344334 of user rubyman.
May  7 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19766]: pam_unix(su:session): session closed for user rubyman
May  7 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344334.
May  7 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17091]: pam_unix(cron:session): session closed for user root
May  7 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19707]: pam_unix(cron:session): session closed for user samftp
May  7 03:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Invalid user admin from 80.94.95.125
May  7 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: input_userauth_request: invalid user admin [preauth]
May  7 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
May  7 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.125 port 9060 ssh2
May  7 03:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.125 port 9060 ssh2
May  7 03:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.125 port 9060 ssh2
May  7 03:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.125 port 9060 ssh2
May  7 03:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.125 port 9060 ssh2
May  7 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Received disconnect from 80.94.95.125 port 9060:11: Bye [preauth]
May  7 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Disconnected from 80.94.95.125 port 9060 [preauth]
May  7 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 03:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session closed for user root
May  7 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20111]: pam_unix(cron:session): session closed for user p13x
May  7 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: Successful su for rubyman by root
May  7 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: + ??? root:rubyman
May  7 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344340 of user rubyman.
May  7 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20181]: pam_unix(su:session): session closed for user rubyman
May  7 03:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344340.
May  7 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20113]: pam_unix(cron:session): session closed for user root
May  7 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user root
May  7 03:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20112]: pam_unix(cron:session): session closed for user samftp
May  7 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19288]: pam_unix(cron:session): session closed for user root
May  7 03:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Invalid user dexter from 193.70.84.184
May  7 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: input_userauth_request: invalid user dexter [preauth]
May  7 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  7 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Failed password for invalid user dexter from 193.70.84.184 port 34376 ssh2
May  7 03:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20527]: Connection closed by 193.70.84.184 port 34376 [preauth]
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20539]: pam_unix(cron:session): session closed for user p13x
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20605]: Successful su for rubyman by root
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20605]: + ??? root:rubyman
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344345 of user rubyman.
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20605]: pam_unix(su:session): session closed for user rubyman
May  7 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344345.
May  7 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18021]: pam_unix(cron:session): session closed for user root
May  7 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session closed for user samftp
May  7 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19709]: pam_unix(cron:session): session closed for user root
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session closed for user p13x
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21016]: Successful su for rubyman by root
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21016]: + ??? root:rubyman
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344348 of user rubyman.
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21016]: pam_unix(su:session): session closed for user rubyman
May  7 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344348.
May  7 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18469]: pam_unix(cron:session): session closed for user root
May  7 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session closed for user samftp
May  7 03:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Invalid user dev from 203.194.114.144
May  7 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: input_userauth_request: invalid user dev [preauth]
May  7 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 03:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Failed password for invalid user dev from 203.194.114.144 port 49756 ssh2
May  7 03:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Received disconnect from 203.194.114.144 port 49756:11: Bye Bye [preauth]
May  7 03:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21257]: Disconnected from 203.194.114.144 port 49756 [preauth]
May  7 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20115]: pam_unix(cron:session): session closed for user root
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session closed for user p13x
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: Successful su for rubyman by root
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: + ??? root:rubyman
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344352 of user rubyman.
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21457]: pam_unix(su:session): session closed for user rubyman
May  7 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344352.
May  7 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session closed for user root
May  7 03:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21399]: pam_unix(cron:session): session closed for user samftp
May  7 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user root
May  7 03:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Invalid user www from 190.103.202.7
May  7 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: input_userauth_request: invalid user www [preauth]
May  7 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Failed password for invalid user www from 190.103.202.7 port 53074 ssh2
May  7 03:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22091]: Connection closed by 190.103.202.7 port 53074 [preauth]
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session closed for user p13x
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: Successful su for rubyman by root
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: + ??? root:rubyman
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344356 of user rubyman.
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22264]: pam_unix(su:session): session closed for user rubyman
May  7 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344356.
May  7 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22113]: pam_unix(cron:session): session closed for user root
May  7 03:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19287]: pam_unix(cron:session): session closed for user root
May  7 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session closed for user samftp
May  7 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20959]: pam_unix(cron:session): session closed for user root
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22683]: pam_unix(cron:session): session closed for user root
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22678]: pam_unix(cron:session): session closed for user p13x
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: Successful su for rubyman by root
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: + ??? root:rubyman
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344364 of user rubyman.
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22755]: pam_unix(su:session): session closed for user rubyman
May  7 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344364.
May  7 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session closed for user root
May  7 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19708]: pam_unix(cron:session): session closed for user root
May  7 03:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22679]: pam_unix(cron:session): session closed for user samftp
May  7 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21401]: pam_unix(cron:session): session closed for user root
May  7 03:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222  user=root
May  7 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Failed password for root from 181.228.68.222 port 50640 ssh2
May  7 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Received disconnect from 181.228.68.222 port 50640:11: Bye Bye [preauth]
May  7 03:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Disconnected from 181.228.68.222 port 50640 [preauth]
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session closed for user p13x
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: Successful su for rubyman by root
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: + ??? root:rubyman
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344367 of user rubyman.
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: pam_unix(su:session): session closed for user rubyman
May  7 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344367.
May  7 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20114]: pam_unix(cron:session): session closed for user root
May  7 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session closed for user samftp
May  7 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22118]: pam_unix(cron:session): session closed for user root
May  7 03:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Invalid user admin from 80.94.95.112
May  7 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: input_userauth_request: invalid user admin [preauth]
May  7 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user admin from 80.94.95.112 port 16919 ssh2
May  7 03:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user admin from 80.94.95.112 port 16919 ssh2
May  7 03:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user admin from 80.94.95.112 port 16919 ssh2
May  7 03:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user admin from 80.94.95.112 port 16919 ssh2
May  7 03:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Failed password for invalid user admin from 80.94.95.112 port 16919 ssh2
May  7 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Received disconnect from 80.94.95.112 port 16919:11: Bye [preauth]
May  7 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: Disconnected from 80.94.95.112 port 16919 [preauth]
May  7 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23624]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: Invalid user devtest from 186.233.208.13
May  7 03:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: input_userauth_request: invalid user devtest [preauth]
May  7 03:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 03:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: Failed password for invalid user devtest from 186.233.208.13 port 50800 ssh2
May  7 03:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: Received disconnect from 186.233.208.13 port 50800:11: Bye Bye [preauth]
May  7 03:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23657]: Disconnected from 186.233.208.13 port 50800 [preauth]
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23684]: pam_unix(cron:session): session closed for user p13x
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23746]: Successful su for rubyman by root
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23746]: + ??? root:rubyman
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344372 of user rubyman.
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23746]: pam_unix(su:session): session closed for user rubyman
May  7 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344372.
May  7 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session closed for user root
May  7 03:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23687]: pam_unix(cron:session): session closed for user samftp
May  7 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22682]: pam_unix(cron:session): session closed for user root
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24204]: pam_unix(cron:session): session closed for user p13x
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: Successful su for rubyman by root
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: + ??? root:rubyman
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344375 of user rubyman.
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24278]: pam_unix(su:session): session closed for user rubyman
May  7 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344375.
May  7 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20958]: pam_unix(cron:session): session closed for user root
May  7 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24206]: pam_unix(cron:session): session closed for user samftp
May  7 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24526]: Did not receive identification string from 196.251.114.29
May  7 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23169]: pam_unix(cron:session): session closed for user root
May  7 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24643]: pam_unix(cron:session): session closed for user p13x
May  7 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24713]: Successful su for rubyman by root
May  7 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24713]: + ??? root:rubyman
May  7 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24713]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344379 of user rubyman.
May  7 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24713]: pam_unix(su:session): session closed for user rubyman
May  7 03:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344379.
May  7 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21400]: pam_unix(cron:session): session closed for user root
May  7 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24644]: pam_unix(cron:session): session closed for user samftp
May  7 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23689]: pam_unix(cron:session): session closed for user root
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25065]: pam_unix(cron:session): session closed for user root
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session closed for user p13x
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25128]: Successful su for rubyman by root
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25128]: + ??? root:rubyman
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344387 of user rubyman.
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25128]: pam_unix(su:session): session closed for user rubyman
May  7 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344387.
May  7 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session closed for user root
May  7 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session closed for user root
May  7 03:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session closed for user samftp
May  7 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24211]: pam_unix(cron:session): session closed for user root
May  7 03:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25500]: pam_unix(cron:session): session closed for user p13x
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Invalid user mohammad from 203.194.114.144
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: input_userauth_request: invalid user mohammad [preauth]
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: Successful su for rubyman by root
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: + ??? root:rubyman
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344389 of user rubyman.
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25578]: pam_unix(su:session): session closed for user rubyman
May  7 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344389.
May  7 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Failed password for invalid user mohammad from 203.194.114.144 port 41600 ssh2
May  7 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Received disconnect from 203.194.114.144 port 41600:11: Bye Bye [preauth]
May  7 03:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25497]: Disconnected from 203.194.114.144 port 41600 [preauth]
May  7 03:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22681]: pam_unix(cron:session): session closed for user root
May  7 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25501]: pam_unix(cron:session): session closed for user samftp
May  7 03:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: Invalid user geoeast from 119.96.221.127
May  7 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: input_userauth_request: invalid user geoeast [preauth]
May  7 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.96.221.127
May  7 03:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: Failed password for invalid user geoeast from 119.96.221.127 port 45672 ssh2
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: Received disconnect from 119.96.221.127 port 45672:11: Bye Bye [preauth]
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25826]: Disconnected from 119.96.221.127 port 45672 [preauth]
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: Invalid user amit from 164.68.105.9
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: input_userauth_request: invalid user amit [preauth]
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: Failed password for invalid user amit from 164.68.105.9 port 40932 ssh2
May  7 03:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25829]: Connection closed by 164.68.105.9 port 40932 [preauth]
May  7 03:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24648]: pam_unix(cron:session): session closed for user root
May  7 03:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: Failed password for root from 218.92.0.203 port 63742 ssh2
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26006]: pam_unix(cron:session): session closed for user p13x
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26072]: Successful su for rubyman by root
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26072]: + ??? root:rubyman
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344395 of user rubyman.
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26072]: pam_unix(su:session): session closed for user rubyman
May  7 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344395.
May  7 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session closed for user root
May  7 03:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26007]: pam_unix(cron:session): session closed for user samftp
May  7 03:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session closed for user root
May  7 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 03:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: Failed password for root from 80.94.95.29 port 47667 ssh2
May  7 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 47667 ssh2]
May  7 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: Received disconnect from 80.94.95.29 port 47667:11: Bye [preauth]
May  7 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: Disconnected from 80.94.95.29 port 47667 [preauth]
May  7 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26412]: pam_unix(cron:session): session closed for user p13x
May  7 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26560]: Successful su for rubyman by root
May  7 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26560]: + ??? root:rubyman
May  7 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344398 of user rubyman.
May  7 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26560]: pam_unix(su:session): session closed for user rubyman
May  7 03:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344398.
May  7 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23688]: pam_unix(cron:session): session closed for user root
May  7 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26413]: pam_unix(cron:session): session closed for user samftp
May  7 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26727]: Connection closed by 14.103.112.108 port 41952 [preauth]
May  7 03:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25503]: pam_unix(cron:session): session closed for user root
May  7 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26903]: pam_unix(cron:session): session closed for user p13x
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26998]: Successful su for rubyman by root
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26998]: + ??? root:rubyman
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344402 of user rubyman.
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26998]: pam_unix(su:session): session closed for user rubyman
May  7 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344402.
May  7 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24210]: pam_unix(cron:session): session closed for user root
May  7 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26904]: pam_unix(cron:session): session closed for user samftp
May  7 03:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26010]: pam_unix(cron:session): session closed for user root
May  7 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Invalid user nmc from 106.51.92.114
May  7 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: input_userauth_request: invalid user nmc [preauth]
May  7 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Failed password for invalid user nmc from 106.51.92.114 port 58273 ssh2
May  7 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Received disconnect from 106.51.92.114 port 58273:11: Bye Bye [preauth]
May  7 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27289]: Disconnected from 106.51.92.114 port 58273 [preauth]
May  7 03:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Invalid user trans from 181.228.68.222
May  7 03:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: input_userauth_request: invalid user trans [preauth]
May  7 03:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Failed password for invalid user trans from 181.228.68.222 port 41640 ssh2
May  7 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Received disconnect from 181.228.68.222 port 41640:11: Bye Bye [preauth]
May  7 03:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27373]: Disconnected from 181.228.68.222 port 41640 [preauth]
May  7 03:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Invalid user zbx from 14.103.112.108
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: input_userauth_request: invalid user zbx [preauth]
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.108
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27418]: pam_unix(cron:session): session closed for user root
May  7 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user p13x
May  7 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: Successful su for rubyman by root
May  7 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: + ??? root:rubyman
May  7 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344405 of user rubyman.
May  7 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27508]: pam_unix(su:session): session closed for user rubyman
May  7 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344405.
May  7 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Failed password for invalid user zbx from 14.103.112.108 port 59938 ssh2
May  7 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Received disconnect from 14.103.112.108 port 59938:11: Bye Bye [preauth]
May  7 03:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27407]: Disconnected from 14.103.112.108 port 59938 [preauth]
May  7 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
May  7 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24645]: pam_unix(cron:session): session closed for user root
May  7 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user samftp
May  7 03:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session closed for user root
May  7 03:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  7 03:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: Failed password for root from 186.233.208.13 port 47604 ssh2
May  7 03:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: Received disconnect from 186.233.208.13 port 47604:11: Bye Bye [preauth]
May  7 03:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27820]: Disconnected from 186.233.208.13 port 47604 [preauth]
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user p13x
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: Successful su for rubyman by root
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: + ??? root:rubyman
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344412 of user rubyman.
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27956]: pam_unix(su:session): session closed for user rubyman
May  7 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344412.
May  7 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session closed for user root
May  7 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27887]: pam_unix(cron:session): session closed for user samftp
May  7 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26907]: pam_unix(cron:session): session closed for user root
May  7 03:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Invalid user burak from 203.194.114.144
May  7 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: input_userauth_request: invalid user burak [preauth]
May  7 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Failed password for invalid user burak from 203.194.114.144 port 51120 ssh2
May  7 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Received disconnect from 203.194.114.144 port 51120:11: Bye Bye [preauth]
May  7 03:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28281]: Disconnected from 203.194.114.144 port 51120 [preauth]
May  7 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user p13x
May  7 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: Successful su for rubyman by root
May  7 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: + ??? root:rubyman
May  7 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344416 of user rubyman.
May  7 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: pam_unix(su:session): session closed for user rubyman
May  7 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344416.
May  7 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session closed for user root
May  7 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user samftp
May  7 03:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27417]: pam_unix(cron:session): session closed for user root
May  7 03:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Failed password for root from 218.92.0.179 port 32709 ssh2
May  7 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32709 ssh2]
May  7 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Received disconnect from 218.92.0.179 port 32709:11:  [preauth]
May  7 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: Disconnected from 218.92.0.179 port 32709 [preauth]
May  7 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28670]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28704]: pam_unix(cron:session): session closed for user p13x
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28767]: Successful su for rubyman by root
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28767]: + ??? root:rubyman
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344419 of user rubyman.
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28767]: pam_unix(su:session): session closed for user rubyman
May  7 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344419.
May  7 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26009]: pam_unix(cron:session): session closed for user root
May  7 03:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28705]: pam_unix(cron:session): session closed for user samftp
May  7 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27889]: pam_unix(cron:session): session closed for user root
May  7 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Invalid user administrador from 162.254.32.62
May  7 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: input_userauth_request: invalid user administrador [preauth]
May  7 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Failed password for invalid user administrador from 162.254.32.62 port 36806 ssh2
May  7 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Received disconnect from 162.254.32.62 port 36806:11: Bye Bye [preauth]
May  7 03:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29128]: Disconnected from 162.254.32.62 port 36806 [preauth]
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29205]: pam_unix(cron:session): session closed for user p13x
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29273]: Successful su for rubyman by root
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29273]: + ??? root:rubyman
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344425 of user rubyman.
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29273]: pam_unix(su:session): session closed for user rubyman
May  7 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344425.
May  7 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session closed for user root
May  7 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29206]: pam_unix(cron:session): session closed for user samftp
May  7 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session closed for user root
May  7 03:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Failed password for root from 188.166.217.79 port 37900 ssh2
May  7 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Received disconnect from 188.166.217.79 port 37900:11: Bye Bye [preauth]
May  7 03:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Disconnected from 188.166.217.79 port 37900 [preauth]
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29634]: pam_unix(cron:session): session closed for user root
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29629]: pam_unix(cron:session): session closed for user p13x
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: Successful su for rubyman by root
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: + ??? root:rubyman
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344432 of user rubyman.
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29699]: pam_unix(su:session): session closed for user rubyman
May  7 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344432.
May  7 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29631]: pam_unix(cron:session): session closed for user root
May  7 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26905]: pam_unix(cron:session): session closed for user root
May  7 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29630]: pam_unix(cron:session): session closed for user samftp
May  7 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: Invalid user autrede from 187.134.39.177
May  7 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: input_userauth_request: invalid user autrede [preauth]
May  7 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: Failed password for invalid user autrede from 187.134.39.177 port 59114 ssh2
May  7 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: Received disconnect from 187.134.39.177 port 59114:11: Bye Bye [preauth]
May  7 03:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29944]: Disconnected from 187.134.39.177 port 59114 [preauth]
May  7 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session closed for user root
May  7 03:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Invalid user fleek from 181.228.68.222
May  7 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: input_userauth_request: invalid user fleek [preauth]
May  7 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 03:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for invalid user fleek from 181.228.68.222 port 49956 ssh2
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Received disconnect from 181.228.68.222 port 49956:11: Bye Bye [preauth]
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Disconnected from 181.228.68.222 port 49956 [preauth]
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30067]: pam_unix(cron:session): session closed for user p13x
May  7 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: Successful su for rubyman by root
May  7 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: + ??? root:rubyman
May  7 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344433 of user rubyman.
May  7 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30137]: pam_unix(su:session): session closed for user rubyman
May  7 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344433.
May  7 03:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for root from 218.92.0.179 port 40101 ssh2
May  7 03:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for root from 218.92.0.179 port 40101 ssh2
May  7 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session closed for user root
May  7 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30068]: pam_unix(cron:session): session closed for user samftp
May  7 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Failed password for root from 218.92.0.179 port 40101 ssh2
May  7 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Received disconnect from 218.92.0.179 port 40101:11:  [preauth]
May  7 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: Disconnected from 218.92.0.179 port 40101 [preauth]
May  7 03:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Invalid user alireza from 186.233.208.13
May  7 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: input_userauth_request: invalid user alireza [preauth]
May  7 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 03:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Failed password for invalid user alireza from 186.233.208.13 port 38098 ssh2
May  7 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Received disconnect from 186.233.208.13 port 38098:11: Bye Bye [preauth]
May  7 03:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30370]: Disconnected from 186.233.208.13 port 38098 [preauth]
May  7 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29208]: pam_unix(cron:session): session closed for user root
May  7 03:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Invalid user admin from 80.94.95.241
May  7 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: input_userauth_request: invalid user admin [preauth]
May  7 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 03:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for invalid user admin from 80.94.95.241 port 30293 ssh2
May  7 03:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for invalid user admin from 80.94.95.241 port 30293 ssh2
May  7 03:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for invalid user admin from 80.94.95.241 port 30293 ssh2
May  7 03:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for invalid user admin from 80.94.95.241 port 30293 ssh2
May  7 03:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for invalid user admin from 80.94.95.241 port 30293 ssh2
May  7 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Received disconnect from 80.94.95.241 port 30293:11: Bye [preauth]
May  7 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Disconnected from 80.94.95.241 port 30293 [preauth]
May  7 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 03:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session closed for user p13x
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: Successful su for rubyman by root
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: + ??? root:rubyman
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344437 of user rubyman.
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: pam_unix(su:session): session closed for user rubyman
May  7 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344437.
May  7 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27888]: pam_unix(cron:session): session closed for user root
May  7 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session closed for user samftp
May  7 03:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29633]: pam_unix(cron:session): session closed for user root
May  7 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144  user=root
May  7 03:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Failed password for root from 203.194.114.144 port 60648 ssh2
May  7 03:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Received disconnect from 203.194.114.144 port 60648:11: Bye Bye [preauth]
May  7 03:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30794]: Disconnected from 203.194.114.144 port 60648 [preauth]
May  7 03:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Invalid user uzivatel from 187.134.39.177
May  7 03:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: input_userauth_request: invalid user uzivatel [preauth]
May  7 03:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: pam_unix(sshd:auth): check pass; user unknown
May  7 03:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 03:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Failed password for invalid user uzivatel from 187.134.39.177 port 61657 ssh2
May  7 03:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Received disconnect from 187.134.39.177 port 61657:11: Bye Bye [preauth]
May  7 03:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Disconnected from 187.134.39.177 port 61657 [preauth]
May  7 03:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30855]: Connection reset by 147.185.132.207 port 58270 [preauth]
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30866]: pam_unix(cron:session): session closed for user p13x
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30990]: Successful su for rubyman by root
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30990]: + ??? root:rubyman
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344442 of user rubyman.
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30990]: pam_unix(su:session): session closed for user rubyman
May  7 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344442.
May  7 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session closed for user root
May  7 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session closed for user samftp
May  7 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30072]: pam_unix(cron:session): session closed for user root
May  7 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31376]: pam_unix(cron:session): session closed for user p13x
May  7 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31436]: Successful su for rubyman by root
May  7 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31436]: + ??? root:rubyman
May  7 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344445 of user rubyman.
May  7 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31436]: pam_unix(su:session): session closed for user rubyman
May  7 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344445.
May  7 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user root
May  7 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31377]: pam_unix(cron:session): session closed for user samftp
May  7 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session closed for user root
May  7 03:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Did not receive identification string from 182.227.208.83
May  7 03:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 03:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Failed password for root from 218.92.0.179 port 42545 ssh2
May  7 04:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Failed password for root from 218.92.0.179 port 42545 ssh2
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31805]: pam_unix(cron:session): session closed for user root
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31809]: pam_unix(cron:session): session closed for user root
May  7 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31803]: pam_unix(cron:session): session closed for user p13x
May  7 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: Successful su for rubyman by root
May  7 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: + ??? root:rubyman
May  7 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344453 of user rubyman.
May  7 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31917]: pam_unix(su:session): session closed for user rubyman
May  7 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344453.
May  7 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Failed password for root from 218.92.0.179 port 42545 ssh2
May  7 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Received disconnect from 218.92.0.179 port 42545:11:  [preauth]
May  7 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Disconnected from 218.92.0.179 port 42545 [preauth]
May  7 04:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31806]: pam_unix(cron:session): session closed for user root
May  7 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29207]: pam_unix(cron:session): session closed for user root
May  7 04:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31804]: pam_unix(cron:session): session closed for user samftp
May  7 04:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Invalid user ke from 187.134.39.177
May  7 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: input_userauth_request: invalid user ke [preauth]
May  7 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Failed password for invalid user ke from 187.134.39.177 port 8474 ssh2
May  7 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Received disconnect from 187.134.39.177 port 8474:11: Bye Bye [preauth]
May  7 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32439]: Disconnected from 187.134.39.177 port 8474 [preauth]
May  7 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30869]: pam_unix(cron:session): session closed for user root
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32715]: pam_unix(cron:session): session closed for user p13x
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: Successful su for rubyman by root
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: + ??? root:rubyman
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344457 of user rubyman.
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[329]: pam_unix(su:session): session closed for user rubyman
May  7 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344457.
May  7 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29632]: pam_unix(cron:session): session closed for user root
May  7 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32716]: pam_unix(cron:session): session closed for user samftp
May  7 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Invalid user supos from 106.51.92.114
May  7 04:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: input_userauth_request: invalid user supos [preauth]
May  7 04:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Failed password for invalid user supos from 106.51.92.114 port 60098 ssh2
May  7 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Received disconnect from 106.51.92.114 port 60098:11: Bye Bye [preauth]
May  7 04:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[657]: Disconnected from 106.51.92.114 port 60098 [preauth]
May  7 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31379]: pam_unix(cron:session): session closed for user root
May  7 04:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: Invalid user shop from 14.103.112.108
May  7 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: input_userauth_request: invalid user shop [preauth]
May  7 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.108
May  7 04:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: Failed password for invalid user shop from 14.103.112.108 port 33062 ssh2
May  7 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: Received disconnect from 14.103.112.108 port 33062:11: Bye Bye [preauth]
May  7 04:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[740]: Disconnected from 14.103.112.108 port 33062 [preauth]
May  7 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Invalid user alireza from 181.228.68.222
May  7 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: input_userauth_request: invalid user alireza [preauth]
May  7 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Failed password for root from 162.254.32.62 port 34324 ssh2
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Received disconnect from 162.254.32.62 port 34324:11: Bye Bye [preauth]
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[764]: Disconnected from 162.254.32.62 port 34324 [preauth]
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[784]: pam_unix(cron:session): session closed for user p13x
May  7 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[853]: Successful su for rubyman by root
May  7 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[853]: + ??? root:rubyman
May  7 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344462 of user rubyman.
May  7 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[853]: pam_unix(su:session): session closed for user rubyman
May  7 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344462.
May  7 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Failed password for invalid user alireza from 181.228.68.222 port 58272 ssh2
May  7 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Received disconnect from 181.228.68.222 port 58272:11: Bye Bye [preauth]
May  7 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Disconnected from 181.228.68.222 port 58272 [preauth]
May  7 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30071]: pam_unix(cron:session): session closed for user root
May  7 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[785]: pam_unix(cron:session): session closed for user samftp
May  7 04:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[771]: Connection closed by 27.252.144.74 port 63169 [preauth]
May  7 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1081]: Failed password for root from 218.92.0.210 port 21348 ssh2
May  7 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Invalid user guest from 186.233.208.13
May  7 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: input_userauth_request: invalid user guest [preauth]
May  7 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Failed password for invalid user guest from 186.233.208.13 port 55394 ssh2
May  7 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Received disconnect from 186.233.208.13 port 55394:11: Bye Bye [preauth]
May  7 04:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Disconnected from 186.233.208.13 port 55394 [preauth]
May  7 04:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Invalid user farid from 187.134.39.177
May  7 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: input_userauth_request: invalid user farid [preauth]
May  7 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Failed password for invalid user farid from 187.134.39.177 port 46235 ssh2
May  7 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Received disconnect from 187.134.39.177 port 46235:11: Bye Bye [preauth]
May  7 04:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Disconnected from 187.134.39.177 port 46235 [preauth]
May  7 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31808]: pam_unix(cron:session): session closed for user root
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1268]: pam_unix(cron:session): session closed for user p13x
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1339]: Successful su for rubyman by root
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1339]: + ??? root:rubyman
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344465 of user rubyman.
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1339]: pam_unix(su:session): session closed for user rubyman
May  7 04:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344465.
May  7 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session closed for user root
May  7 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1269]: pam_unix(cron:session): session closed for user samftp
May  7 04:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Invalid user nick from 203.194.114.144
May  7 04:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: input_userauth_request: invalid user nick [preauth]
May  7 04:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Failed password for invalid user nick from 203.194.114.144 port 41934 ssh2
May  7 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Received disconnect from 203.194.114.144 port 41934:11: Bye Bye [preauth]
May  7 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1602]: Disconnected from 203.194.114.144 port 41934 [preauth]
May  7 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32718]: pam_unix(cron:session): session closed for user root
May  7 04:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Invalid user scheduler from 14.103.112.108
May  7 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: input_userauth_request: invalid user scheduler [preauth]
May  7 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.108
May  7 04:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Failed password for invalid user scheduler from 14.103.112.108 port 45216 ssh2
May  7 04:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Received disconnect from 14.103.112.108 port 45216:11: Bye Bye [preauth]
May  7 04:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: Disconnected from 14.103.112.108 port 45216 [preauth]
May  7 04:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Invalid user deploy from 188.166.217.79
May  7 04:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: input_userauth_request: invalid user deploy [preauth]
May  7 04:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Failed password for invalid user deploy from 188.166.217.79 port 41434 ssh2
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Received disconnect from 188.166.217.79 port 41434:11: Bye Bye [preauth]
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1763]: Disconnected from 188.166.217.79 port 41434 [preauth]
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session closed for user p13x
May  7 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: Successful su for rubyman by root
May  7 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: + ??? root:rubyman
May  7 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344470 of user rubyman.
May  7 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: pam_unix(su:session): session closed for user rubyman
May  7 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344470.
May  7 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session closed for user root
May  7 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session closed for user samftp
May  7 04:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Invalid user ha from 27.252.144.74
May  7 04:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: input_userauth_request: invalid user ha [preauth]
May  7 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  7 04:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2154]: Failed password for invalid user ha from 27.252.144.74 port 63229 ssh2
May  7 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[787]: pam_unix(cron:session): session closed for user root
May  7 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: Invalid user ruben from 187.134.39.177
May  7 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: input_userauth_request: invalid user ruben [preauth]
May  7 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: Failed password for invalid user ruben from 187.134.39.177 port 54478 ssh2
May  7 04:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: Received disconnect from 187.134.39.177 port 54478:11: Bye Bye [preauth]
May  7 04:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2235]: Disconnected from 187.134.39.177 port 54478 [preauth]
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2271]: pam_unix(cron:session): session closed for user root
May  7 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2265]: pam_unix(cron:session): session closed for user p13x
May  7 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2339]: Successful su for rubyman by root
May  7 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2339]: + ??? root:rubyman
May  7 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344473 of user rubyman.
May  7 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2339]: pam_unix(su:session): session closed for user rubyman
May  7 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344473.
May  7 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2267]: pam_unix(cron:session): session closed for user root
May  7 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31378]: pam_unix(cron:session): session closed for user root
May  7 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2266]: pam_unix(cron:session): session closed for user samftp
May  7 04:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1272]: pam_unix(cron:session): session closed for user root
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user p13x
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: Successful su for rubyman by root
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: + ??? root:rubyman
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344479 of user rubyman.
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: pam_unix(su:session): session closed for user rubyman
May  7 04:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344479.
May  7 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31807]: pam_unix(cron:session): session closed for user root
May  7 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session closed for user samftp
May  7 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session closed for user root
May  7 04:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Invalid user nr from 187.134.39.177
May  7 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: input_userauth_request: invalid user nr [preauth]
May  7 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Failed password for invalid user nr from 187.134.39.177 port 20018 ssh2
May  7 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Received disconnect from 187.134.39.177 port 20018:11: Bye Bye [preauth]
May  7 04:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3178]: Disconnected from 187.134.39.177 port 20018 [preauth]
May  7 04:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114  user=root
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Invalid user deploy from 162.254.32.62
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: input_userauth_request: invalid user deploy [preauth]
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user p13x
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3259]: Successful su for rubyman by root
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3259]: + ??? root:rubyman
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344484 of user rubyman.
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3259]: pam_unix(su:session): session closed for user rubyman
May  7 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344484.
May  7 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Failed password for root from 106.51.92.114 port 50081 ssh2
May  7 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Received disconnect from 106.51.92.114 port 50081:11: Bye Bye [preauth]
May  7 04:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3188]: Disconnected from 106.51.92.114 port 50081 [preauth]
May  7 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Failed password for invalid user deploy from 162.254.32.62 port 33046 ssh2
May  7 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Received disconnect from 162.254.32.62 port 33046:11: Bye Bye [preauth]
May  7 04:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3192]: Disconnected from 162.254.32.62 port 33046 [preauth]
May  7 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session closed for user root
May  7 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user samftp
May  7 04:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2270]: pam_unix(cron:session): session closed for user root
May  7 04:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Invalid user doc from 186.233.208.13
May  7 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: input_userauth_request: invalid user doc [preauth]
May  7 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Failed password for invalid user doc from 186.233.208.13 port 42748 ssh2
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Invalid user prueba from 181.228.68.222
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: input_userauth_request: invalid user prueba [preauth]
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Received disconnect from 186.233.208.13 port 42748:11: Bye Bye [preauth]
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Disconnected from 186.233.208.13 port 42748 [preauth]
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3666]: pam_unix(cron:session): session closed for user p13x
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: Successful su for rubyman by root
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: + ??? root:rubyman
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344486 of user rubyman.
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3724]: pam_unix(su:session): session closed for user rubyman
May  7 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344486.
May  7 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Failed password for invalid user prueba from 181.228.68.222 port 38354 ssh2
May  7 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Received disconnect from 181.228.68.222 port 38354:11: Bye Bye [preauth]
May  7 04:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3663]: Disconnected from 181.228.68.222 port 38354 [preauth]
May  7 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[786]: pam_unix(cron:session): session closed for user root
May  7 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3667]: pam_unix(cron:session): session closed for user samftp
May  7 04:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session closed for user root
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4093]: pam_unix(cron:session): session closed for user p13x
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4218]: Successful su for rubyman by root
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4218]: + ??? root:rubyman
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344492 of user rubyman.
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4218]: pam_unix(su:session): session closed for user rubyman
May  7 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344492.
May  7 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4091]: pam_unix(cron:session): session closed for user root
May  7 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1271]: pam_unix(cron:session): session closed for user root
May  7 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4094]: pam_unix(cron:session): session closed for user samftp
May  7 04:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Invalid user zgh from 203.194.114.144
May  7 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: input_userauth_request: invalid user zgh [preauth]
May  7 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Failed password for invalid user zgh from 203.194.114.144 port 51446 ssh2
May  7 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Received disconnect from 203.194.114.144 port 51446:11: Bye Bye [preauth]
May  7 04:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4598]: Disconnected from 203.194.114.144 port 51446 [preauth]
May  7 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Invalid user niko from 188.166.217.79
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: input_userauth_request: invalid user niko [preauth]
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Invalid user delme from 187.134.39.177
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: input_userauth_request: invalid user delme [preauth]
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for invalid user niko from 188.166.217.79 port 38616 ssh2
May  7 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Received disconnect from 188.166.217.79 port 38616:11: Bye Bye [preauth]
May  7 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Disconnected from 188.166.217.79 port 38616 [preauth]
May  7 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Failed password for invalid user delme from 187.134.39.177 port 34518 ssh2
May  7 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Received disconnect from 187.134.39.177 port 34518:11: Bye Bye [preauth]
May  7 04:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Disconnected from 187.134.39.177 port 34518 [preauth]
May  7 04:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Invalid user admin from 80.94.95.125
May  7 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: input_userauth_request: invalid user admin [preauth]
May  7 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3200]: pam_unix(cron:session): session closed for user root
May  7 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for root from 218.92.0.179 port 53893 ssh2
May  7 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for invalid user admin from 80.94.95.125 port 49443 ssh2
May  7 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for root from 218.92.0.179 port 53893 ssh2
May  7 04:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Connection closed by 2.54.3.29 port 6644 [preauth]
May  7 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for invalid user admin from 80.94.95.125 port 49443 ssh2
May  7 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for root from 218.92.0.179 port 53893 ssh2
May  7 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Received disconnect from 218.92.0.179 port 53893:11:  [preauth]
May  7 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Disconnected from 218.92.0.179 port 53893 [preauth]
May  7 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for invalid user admin from 80.94.95.125 port 49443 ssh2
May  7 04:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for invalid user admin from 80.94.95.125 port 49443 ssh2
May  7 04:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for invalid user admin from 80.94.95.125 port 49443 ssh2
May  7 04:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Received disconnect from 80.94.95.125 port 49443:11: Bye [preauth]
May  7 04:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Disconnected from 80.94.95.125 port 49443 [preauth]
May  7 04:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 04:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user root
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session closed for user p13x
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: Successful su for rubyman by root
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: + ??? root:rubyman
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344498 of user rubyman.
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4847]: pam_unix(su:session): session closed for user rubyman
May  7 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344498.
May  7 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4768]: pam_unix(cron:session): session closed for user root
May  7 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session closed for user root
May  7 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4767]: pam_unix(cron:session): session closed for user samftp
May  7 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3670]: pam_unix(cron:session): session closed for user root
May  7 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5409]: pam_unix(cron:session): session closed for user p13x
May  7 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: Successful su for rubyman by root
May  7 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: + ??? root:rubyman
May  7 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344502 of user rubyman.
May  7 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5489]: pam_unix(su:session): session closed for user rubyman
May  7 04:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344502.
May  7 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2268]: pam_unix(cron:session): session closed for user root
May  7 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user samftp
May  7 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4096]: pam_unix(cron:session): session closed for user root
May  7 04:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Invalid user h from 187.134.39.177
May  7 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: input_userauth_request: invalid user h [preauth]
May  7 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Failed password for invalid user h from 187.134.39.177 port 35012 ssh2
May  7 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Received disconnect from 187.134.39.177 port 35012:11: Bye Bye [preauth]
May  7 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Disconnected from 187.134.39.177 port 35012 [preauth]
May  7 04:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Failed password for root from 162.254.32.62 port 58932 ssh2
May  7 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Received disconnect from 162.254.32.62 port 58932:11: Bye Bye [preauth]
May  7 04:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5955]: Disconnected from 162.254.32.62 port 58932 [preauth]
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5967]: pam_unix(cron:session): session closed for user p13x
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: Successful su for rubyman by root
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: + ??? root:rubyman
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344506 of user rubyman.
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: pam_unix(su:session): session closed for user rubyman
May  7 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344506.
May  7 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session closed for user root
May  7 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5968]: pam_unix(cron:session): session closed for user samftp
May  7 04:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: Invalid user ptc from 106.51.92.114
May  7 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: input_userauth_request: invalid user ptc [preauth]
May  7 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: Failed password for invalid user ptc from 106.51.92.114 port 40059 ssh2
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: Received disconnect from 106.51.92.114 port 40059:11: Bye Bye [preauth]
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6275]: Disconnected from 106.51.92.114 port 40059 [preauth]
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Invalid user myuser from 190.103.202.7
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: input_userauth_request: invalid user myuser [preauth]
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 04:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Failed password for invalid user myuser from 190.103.202.7 port 55576 ssh2
May  7 04:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Connection closed by 190.103.202.7 port 55576 [preauth]
May  7 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session closed for user root
May  7 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session closed for user p13x
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6463]: Successful su for rubyman by root
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6463]: + ??? root:rubyman
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344511 of user rubyman.
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6463]: pam_unix(su:session): session closed for user rubyman
May  7 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344511.
May  7 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session closed for user root
May  7 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session closed for user samftp
May  7 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user root
May  7 04:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Invalid user sysop from 186.233.208.13
May  7 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: input_userauth_request: invalid user sysop [preauth]
May  7 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Failed password for invalid user sysop from 186.233.208.13 port 58722 ssh2
May  7 04:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Received disconnect from 186.233.208.13 port 58722:11: Bye Bye [preauth]
May  7 04:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Disconnected from 186.233.208.13 port 58722 [preauth]
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6804]: pam_unix(cron:session): session closed for user p13x
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6866]: Successful su for rubyman by root
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6866]: + ??? root:rubyman
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344514 of user rubyman.
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6866]: pam_unix(su:session): session closed for user rubyman
May  7 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344514.
May  7 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: Invalid user ryan from 187.134.39.177
May  7 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: input_userauth_request: invalid user ryan [preauth]
May  7 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Invalid user xxt from 181.228.68.222
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: input_userauth_request: invalid user xxt [preauth]
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3668]: pam_unix(cron:session): session closed for user root
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: Failed password for invalid user ryan from 187.134.39.177 port 52173 ssh2
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: Received disconnect from 187.134.39.177 port 52173:11: Bye Bye [preauth]
May  7 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6892]: Disconnected from 187.134.39.177 port 52173 [preauth]
May  7 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Failed password for invalid user xxt from 181.228.68.222 port 46668 ssh2
May  7 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Received disconnect from 181.228.68.222 port 46668:11: Bye Bye [preauth]
May  7 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Disconnected from 181.228.68.222 port 46668 [preauth]
May  7 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6805]: pam_unix(cron:session): session closed for user samftp
May  7 04:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Invalid user astra from 14.103.112.108
May  7 04:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: input_userauth_request: invalid user astra [preauth]
May  7 04:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.108
May  7 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Failed password for invalid user astra from 14.103.112.108 port 56122 ssh2
May  7 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Received disconnect from 14.103.112.108 port 56122:11: Bye Bye [preauth]
May  7 04:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7197]: Disconnected from 14.103.112.108 port 56122 [preauth]
May  7 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5970]: pam_unix(cron:session): session closed for user root
May  7 04:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Invalid user cc from 188.166.217.79
May  7 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: input_userauth_request: invalid user cc [preauth]
May  7 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 04:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Failed password for invalid user cc from 188.166.217.79 port 38144 ssh2
May  7 04:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Received disconnect from 188.166.217.79 port 38144:11: Bye Bye [preauth]
May  7 04:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7270]: Disconnected from 188.166.217.79 port 38144 [preauth]
May  7 04:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Invalid user esunny from 203.194.114.144
May  7 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: input_userauth_request: invalid user esunny [preauth]
May  7 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for invalid user esunny from 203.194.114.144 port 60966 ssh2
May  7 04:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Received disconnect from 203.194.114.144 port 60966:11: Bye Bye [preauth]
May  7 04:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Disconnected from 203.194.114.144 port 60966 [preauth]
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
May  7 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7321]: pam_unix(cron:session): session closed for user p13x
May  7 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: Successful su for rubyman by root
May  7 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: + ??? root:rubyman
May  7 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344519 of user rubyman.
May  7 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7385]: pam_unix(su:session): session closed for user rubyman
May  7 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344519.
May  7 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7323]: pam_unix(cron:session): session closed for user root
May  7 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4095]: pam_unix(cron:session): session closed for user root
May  7 04:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7322]: pam_unix(cron:session): session closed for user samftp
May  7 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user root
May  7 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7867]: pam_unix(cron:session): session closed for user p13x
May  7 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7941]: Successful su for rubyman by root
May  7 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7941]: + ??? root:rubyman
May  7 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7941]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344525 of user rubyman.
May  7 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7941]: pam_unix(su:session): session closed for user rubyman
May  7 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344525.
May  7 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4769]: pam_unix(cron:session): session closed for user root
May  7 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session closed for user samftp
May  7 04:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Invalid user zomboid from 187.134.39.177
May  7 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: input_userauth_request: invalid user zomboid [preauth]
May  7 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Failed password for invalid user zomboid from 187.134.39.177 port 56853 ssh2
May  7 04:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Received disconnect from 187.134.39.177 port 56853:11: Bye Bye [preauth]
May  7 04:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8152]: Disconnected from 187.134.39.177 port 56853 [preauth]
May  7 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user root
May  7 04:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Failed password for root from 162.254.32.62 port 45518 ssh2
May  7 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Received disconnect from 162.254.32.62 port 45518:11: Bye Bye [preauth]
May  7 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8260]: Disconnected from 162.254.32.62 port 45518 [preauth]
May  7 04:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Invalid user admin from 80.94.95.112
May  7 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: input_userauth_request: invalid user admin [preauth]
May  7 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 04:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for invalid user admin from 80.94.95.112 port 53411 ssh2
May  7 04:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user root
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session closed for user p13x
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8378]: Successful su for rubyman by root
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8378]: + ??? root:rubyman
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344527 of user rubyman.
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8378]: pam_unix(su:session): session closed for user rubyman
May  7 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344527.
May  7 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for invalid user admin from 80.94.95.112 port 53411 ssh2
May  7 04:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user root
May  7 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for invalid user admin from 80.94.95.112 port 53411 ssh2
May  7 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user samftp
May  7 04:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for invalid user admin from 80.94.95.112 port 53411 ssh2
May  7 04:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Failed password for invalid user admin from 80.94.95.112 port 53411 ssh2
May  7 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Received disconnect from 80.94.95.112 port 53411:11: Bye [preauth]
May  7 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Disconnected from 80.94.95.112 port 53411 [preauth]
May  7 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 04:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user root
May  7 04:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Invalid user misp from 106.51.92.114
May  7 04:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: input_userauth_request: invalid user misp [preauth]
May  7 04:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Failed password for invalid user misp from 106.51.92.114 port 58272 ssh2
May  7 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Received disconnect from 106.51.92.114 port 58272:11: Bye Bye [preauth]
May  7 04:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8685]: Disconnected from 106.51.92.114 port 58272 [preauth]
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user p13x
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8806]: Successful su for rubyman by root
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8806]: + ??? root:rubyman
May  7 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344533 of user rubyman.
May  7 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8806]: pam_unix(su:session): session closed for user rubyman
May  7 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344533.
May  7 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5969]: pam_unix(cron:session): session closed for user root
May  7 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session closed for user samftp
May  7 04:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: Invalid user qsj from 187.134.39.177
May  7 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: input_userauth_request: invalid user qsj [preauth]
May  7 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: Failed password for invalid user qsj from 187.134.39.177 port 14682 ssh2
May  7 04:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: Received disconnect from 187.134.39.177 port 14682:11: Bye Bye [preauth]
May  7 04:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9060]: Disconnected from 187.134.39.177 port 14682 [preauth]
May  7 04:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session closed for user root
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9239]: pam_unix(cron:session): session closed for user p13x
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: Successful su for rubyman by root
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: + ??? root:rubyman
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344537 of user rubyman.
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: pam_unix(su:session): session closed for user rubyman
May  7 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344537.
May  7 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session closed for user root
May  7 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9240]: pam_unix(cron:session): session closed for user samftp
May  7 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Did not receive identification string from 64.226.100.253
May  7 04:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Invalid user tata from 119.96.221.127
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: input_userauth_request: invalid user tata [preauth]
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.96.221.127
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Invalid user eric from 186.233.208.13
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: input_userauth_request: invalid user eric [preauth]
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
May  7 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Failed password for root from 218.92.0.179 port 18930 ssh2
May  7 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Failed password for invalid user tata from 119.96.221.127 port 43638 ssh2
May  7 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Failed password for invalid user eric from 186.233.208.13 port 59884 ssh2
May  7 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Received disconnect from 186.233.208.13 port 59884:11: Bye Bye [preauth]
May  7 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9589]: Disconnected from 186.233.208.13 port 59884 [preauth]
May  7 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Received disconnect from 119.96.221.127 port 43638:11: Bye Bye [preauth]
May  7 04:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9591]: Disconnected from 119.96.221.127 port 43638 [preauth]
May  7 04:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Failed password for root from 218.92.0.179 port 18930 ssh2
May  7 04:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9587]: Failed password for root from 218.92.0.179 port 18930 ssh2
May  7 04:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 04:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Failed password for root from 188.166.217.79 port 44832 ssh2
May  7 04:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Received disconnect from 188.166.217.79 port 44832:11: Bye Bye [preauth]
May  7 04:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9660]: Disconnected from 188.166.217.79 port 44832 [preauth]
May  7 04:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Invalid user sysop from 181.228.68.222
May  7 04:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: input_userauth_request: invalid user sysop [preauth]
May  7 04:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session closed for user root
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session closed for user p13x
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: Successful su for rubyman by root
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: + ??? root:rubyman
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344544 of user rubyman.
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9761]: pam_unix(su:session): session closed for user rubyman
May  7 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344544.
May  7 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Failed password for invalid user sysop from 181.228.68.222 port 54976 ssh2
May  7 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Received disconnect from 181.228.68.222 port 54976:11: Bye Bye [preauth]
May  7 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9673]: Disconnected from 181.228.68.222 port 54976 [preauth]
May  7 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9686]: pam_unix(cron:session): session closed for user root
May  7 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user root
May  7 04:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9685]: pam_unix(cron:session): session closed for user samftp
May  7 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session closed for user root
May  7 04:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Invalid user firewall from 203.194.114.144
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: input_userauth_request: invalid user firewall [preauth]
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Invalid user manu from 187.134.39.177
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: input_userauth_request: invalid user manu [preauth]
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Failed password for invalid user firewall from 203.194.114.144 port 42756 ssh2
May  7 04:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Received disconnect from 203.194.114.144 port 42756:11: Bye Bye [preauth]
May  7 04:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10095]: Disconnected from 203.194.114.144 port 42756 [preauth]
May  7 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Failed password for invalid user manu from 187.134.39.177 port 49860 ssh2
May  7 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Received disconnect from 187.134.39.177 port 49860:11: Bye Bye [preauth]
May  7 04:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10097]: Disconnected from 187.134.39.177 port 49860 [preauth]
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10124]: pam_unix(cron:session): session closed for user p13x
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: Successful su for rubyman by root
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: + ??? root:rubyman
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344547 of user rubyman.
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10188]: pam_unix(su:session): session closed for user rubyman
May  7 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344547.
May  7 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user root
May  7 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user samftp
May  7 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session closed for user root
May  7 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Invalid user mma from 162.254.32.62
May  7 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: input_userauth_request: invalid user mma [preauth]
May  7 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Failed password for invalid user mma from 162.254.32.62 port 53938 ssh2
May  7 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Received disconnect from 162.254.32.62 port 53938:11: Bye Bye [preauth]
May  7 04:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10563]: Disconnected from 162.254.32.62 port 53938 [preauth]
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session closed for user p13x
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10759]: Successful su for rubyman by root
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10759]: + ??? root:rubyman
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344550 of user rubyman.
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10759]: pam_unix(su:session): session closed for user rubyman
May  7 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344550.
May  7 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session closed for user root
May  7 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session closed for user samftp
May  7 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9688]: pam_unix(cron:session): session closed for user root
May  7 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Invalid user tonmx from 106.51.92.114
May  7 04:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: input_userauth_request: invalid user tonmx [preauth]
May  7 04:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Failed password for invalid user tonmx from 106.51.92.114 port 48245 ssh2
May  7 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Received disconnect from 106.51.92.114 port 48245:11: Bye Bye [preauth]
May  7 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11063]: Disconnected from 106.51.92.114 port 48245 [preauth]
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11085]: pam_unix(cron:session): session closed for user p13x
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11146]: Successful su for rubyman by root
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11146]: + ??? root:rubyman
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11146]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344555 of user rubyman.
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11146]: pam_unix(su:session): session closed for user rubyman
May  7 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344555.
May  7 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Invalid user dmdba from 187.134.39.177
May  7 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: input_userauth_request: invalid user dmdba [preauth]
May  7 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user root
May  7 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Failed password for invalid user dmdba from 187.134.39.177 port 4092 ssh2
May  7 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Received disconnect from 187.134.39.177 port 4092:11: Bye Bye [preauth]
May  7 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11202]: Disconnected from 187.134.39.177 port 4092 [preauth]
May  7 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11086]: pam_unix(cron:session): session closed for user samftp
May  7 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session closed for user root
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11483]: pam_unix(cron:session): session closed for user p13x
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: Successful su for rubyman by root
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: + ??? root:rubyman
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344558 of user rubyman.
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11550]: pam_unix(su:session): session closed for user rubyman
May  7 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344558.
May  7 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session closed for user root
May  7 04:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11484]: pam_unix(cron:session): session closed for user samftp
May  7 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: Invalid user ssh from 14.103.112.108
May  7 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: input_userauth_request: invalid user ssh [preauth]
May  7 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.108
May  7 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: Failed password for invalid user ssh from 14.103.112.108 port 60444 ssh2
May  7 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: Received disconnect from 14.103.112.108 port 60444:11: Bye Bye [preauth]
May  7 04:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11749]: Disconnected from 14.103.112.108 port 60444 [preauth]
May  7 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10660]: pam_unix(cron:session): session closed for user root
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11886]: pam_unix(cron:session): session closed for user root
May  7 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session closed for user p13x
May  7 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11951]: Successful su for rubyman by root
May  7 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11951]: + ??? root:rubyman
May  7 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344565 of user rubyman.
May  7 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11951]: pam_unix(su:session): session closed for user rubyman
May  7 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344565.
May  7 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session closed for user root
May  7 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11883]: pam_unix(cron:session): session closed for user root
May  7 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session closed for user samftp
May  7 04:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12150]: Did not receive identification string from 154.81.156.51
May  7 04:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Invalid user aanantha from 64.226.100.253
May  7 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: input_userauth_request: invalid user aanantha [preauth]
May  7 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 04:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: Invalid user mma from 188.166.217.79
May  7 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: input_userauth_request: invalid user mma [preauth]
May  7 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 04:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Failed password for invalid user aanantha from 64.226.100.253 port 49686 ssh2
May  7 04:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12151]: Connection closed by 64.226.100.253 port 49686 [preauth]
May  7 04:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: Failed password for invalid user mma from 188.166.217.79 port 52104 ssh2
May  7 04:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: Received disconnect from 188.166.217.79 port 52104:11: Bye Bye [preauth]
May  7 04:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12160]: Disconnected from 188.166.217.79 port 52104 [preauth]
May  7 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Invalid user prueba from 186.233.208.13
May  7 04:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: input_userauth_request: invalid user prueba [preauth]
May  7 04:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Failed password for invalid user prueba from 186.233.208.13 port 54566 ssh2
May  7 04:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Received disconnect from 186.233.208.13 port 54566:11: Bye Bye [preauth]
May  7 04:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12183]: Disconnected from 186.233.208.13 port 54566 [preauth]
May  7 04:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Invalid user pasha from 187.134.39.177
May  7 04:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: input_userauth_request: invalid user pasha [preauth]
May  7 04:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Failed password for invalid user pasha from 187.134.39.177 port 37633 ssh2
May  7 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Received disconnect from 187.134.39.177 port 37633:11: Bye Bye [preauth]
May  7 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12206]: Disconnected from 187.134.39.177 port 37633 [preauth]
May  7 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11088]: pam_unix(cron:session): session closed for user root
May  7 04:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Invalid user admin from 154.81.156.51
May  7 04:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: input_userauth_request: invalid user admin [preauth]
May  7 04:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.81.156.51
May  7 04:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Failed password for invalid user admin from 154.81.156.51 port 39488 ssh2
May  7 04:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Connection closed by 154.81.156.51 port 39488 [preauth]
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12317]: pam_unix(cron:session): session closed for user p13x
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: Successful su for rubyman by root
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: + ??? root:rubyman
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344569 of user rubyman.
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12391]: pam_unix(su:session): session closed for user rubyman
May  7 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344569.
May  7 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Invalid user test from 181.228.68.222
May  7 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: input_userauth_request: invalid user test [preauth]
May  7 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Failed password for invalid user test from 181.228.68.222 port 35080 ssh2
May  7 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Received disconnect from 181.228.68.222 port 35080:11: Bye Bye [preauth]
May  7 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Disconnected from 181.228.68.222 port 35080 [preauth]
May  7 04:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9687]: pam_unix(cron:session): session closed for user root
May  7 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12321]: pam_unix(cron:session): session closed for user samftp
May  7 04:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Failed password for root from 218.92.0.179 port 49720 ssh2
May  7 04:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49720 ssh2]
May  7 04:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Received disconnect from 218.92.0.179 port 49720:11:  [preauth]
May  7 04:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: Disconnected from 218.92.0.179 port 49720 [preauth]
May  7 04:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12568]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Invalid user sysadm from 162.254.32.62
May  7 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: input_userauth_request: invalid user sysadm [preauth]
May  7 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 04:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Failed password for invalid user sysadm from 162.254.32.62 port 50662 ssh2
May  7 04:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Received disconnect from 162.254.32.62 port 50662:11: Bye Bye [preauth]
May  7 04:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12628]: Disconnected from 162.254.32.62 port 50662 [preauth]
May  7 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11487]: pam_unix(cron:session): session closed for user root
May  7 04:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Invalid user nikhil from 203.194.114.144
May  7 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: input_userauth_request: invalid user nikhil [preauth]
May  7 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Failed password for invalid user nikhil from 203.194.114.144 port 52274 ssh2
May  7 04:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Received disconnect from 203.194.114.144 port 52274:11: Bye Bye [preauth]
May  7 04:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12666]: Disconnected from 203.194.114.144 port 52274 [preauth]
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12718]: pam_unix(cron:session): session closed for user p13x
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12776]: Successful su for rubyman by root
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12776]: + ??? root:rubyman
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12776]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12776]: pam_unix(su:session): session closed for user rubyman
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344573 of user rubyman.
May  7 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344573.
May  7 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session closed for user root
May  7 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12719]: pam_unix(cron:session): session closed for user samftp
May  7 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Invalid user openvpn from 187.134.39.177
May  7 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: input_userauth_request: invalid user openvpn [preauth]
May  7 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Failed password for invalid user openvpn from 187.134.39.177 port 11685 ssh2
May  7 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Received disconnect from 187.134.39.177 port 11685:11: Bye Bye [preauth]
May  7 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Disconnected from 187.134.39.177 port 11685 [preauth]
May  7 04:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11885]: pam_unix(cron:session): session closed for user root
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session closed for user p13x
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13176]: Successful su for rubyman by root
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13176]: + ??? root:rubyman
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13176]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344577 of user rubyman.
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13176]: pam_unix(su:session): session closed for user rubyman
May  7 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344577.
May  7 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session closed for user root
May  7 04:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session closed for user samftp
May  7 04:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Invalid user ray from 106.51.92.114
May  7 04:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: input_userauth_request: invalid user ray [preauth]
May  7 04:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Failed password for invalid user ray from 106.51.92.114 port 38223 ssh2
May  7 04:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Received disconnect from 106.51.92.114 port 38223:11: Bye Bye [preauth]
May  7 04:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Disconnected from 106.51.92.114 port 38223 [preauth]
May  7 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session closed for user root
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13615]: pam_unix(cron:session): session closed for user p13x
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: Successful su for rubyman by root
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: + ??? root:rubyman
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344580 of user rubyman.
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13680]: pam_unix(su:session): session closed for user rubyman
May  7 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344580.
May  7 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11087]: pam_unix(cron:session): session closed for user root
May  7 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session closed for user samftp
May  7 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12721]: pam_unix(cron:session): session closed for user root
May  7 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Invalid user satisfactory from 187.134.39.177
May  7 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: input_userauth_request: invalid user satisfactory [preauth]
May  7 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Failed password for invalid user satisfactory from 187.134.39.177 port 13406 ssh2
May  7 04:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Received disconnect from 187.134.39.177 port 13406:11: Bye Bye [preauth]
May  7 04:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13998]: Disconnected from 187.134.39.177 port 13406 [preauth]
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14027]: pam_unix(cron:session): session closed for user root
May  7 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14021]: pam_unix(cron:session): session closed for user p13x
May  7 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14092]: Successful su for rubyman by root
May  7 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14092]: + ??? root:rubyman
May  7 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344585 of user rubyman.
May  7 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14092]: pam_unix(su:session): session closed for user rubyman
May  7 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344585.
May  7 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14023]: pam_unix(cron:session): session closed for user root
May  7 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11485]: pam_unix(cron:session): session closed for user root
May  7 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14022]: pam_unix(cron:session): session closed for user samftp
May  7 04:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: Failed password for root from 188.166.217.79 port 60188 ssh2
May  7 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: Received disconnect from 188.166.217.79 port 60188:11: Bye Bye [preauth]
May  7 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14360]: Disconnected from 188.166.217.79 port 60188 [preauth]
May  7 04:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13121]: pam_unix(cron:session): session closed for user root
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14448]: pam_unix(cron:session): session closed for user p13x
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: Successful su for rubyman by root
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: + ??? root:rubyman
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344590 of user rubyman.
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: pam_unix(su:session): session closed for user rubyman
May  7 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344590.
May  7 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11884]: pam_unix(cron:session): session closed for user root
May  7 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14449]: pam_unix(cron:session): session closed for user samftp
May  7 04:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Invalid user herb from 186.233.208.13
May  7 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: input_userauth_request: invalid user herb [preauth]
May  7 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Failed password for invalid user herb from 186.233.208.13 port 57452 ssh2
May  7 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Received disconnect from 186.233.208.13 port 57452:11: Bye Bye [preauth]
May  7 04:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14722]: Disconnected from 186.233.208.13 port 57452 [preauth]
May  7 04:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 04:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: Failed password for root from 162.254.32.62 port 52550 ssh2
May  7 04:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: Received disconnect from 162.254.32.62 port 52550:11: Bye Bye [preauth]
May  7 04:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14753]: Disconnected from 162.254.32.62 port 52550 [preauth]
May  7 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session closed for user root
May  7 04:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Invalid user admin from 80.94.95.241
May  7 04:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: input_userauth_request: invalid user admin [preauth]
May  7 04:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 04:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user admin from 80.94.95.241 port 36844 ssh2
May  7 04:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user admin from 80.94.95.241 port 36844 ssh2
May  7 04:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user admin from 80.94.95.241 port 36844 ssh2
May  7 04:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user admin from 80.94.95.241 port 36844 ssh2
May  7 04:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Failed password for invalid user admin from 80.94.95.241 port 36844 ssh2
May  7 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Received disconnect from 80.94.95.241 port 36844:11: Bye [preauth]
May  7 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: Disconnected from 80.94.95.241 port 36844 [preauth]
May  7 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 04:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14815]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: Invalid user aboediha from 64.226.100.253
May  7 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: input_userauth_request: invalid user aboediha [preauth]
May  7 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 04:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: Failed password for invalid user aboediha from 64.226.100.253 port 34026 ssh2
May  7 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Invalid user doc from 181.228.68.222
May  7 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: input_userauth_request: invalid user doc [preauth]
May  7 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: Connection closed by 64.226.100.253 port 34026 [preauth]
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Failed password for invalid user doc from 181.228.68.222 port 43386 ssh2
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14876]: pam_unix(cron:session): session closed for user p13x
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Received disconnect from 181.228.68.222 port 43386:11: Bye Bye [preauth]
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Disconnected from 181.228.68.222 port 43386 [preauth]
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: Successful su for rubyman by root
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: + ??? root:rubyman
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344595 of user rubyman.
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14950]: pam_unix(su:session): session closed for user rubyman
May  7 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344595.
May  7 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Invalid user ssm from 187.134.39.177
May  7 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: input_userauth_request: invalid user ssm [preauth]
May  7 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session closed for user root
May  7 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14877]: pam_unix(cron:session): session closed for user samftp
May  7 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Failed password for invalid user ssm from 187.134.39.177 port 56968 ssh2
May  7 04:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Received disconnect from 187.134.39.177 port 56968:11: Bye Bye [preauth]
May  7 04:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15062]: Disconnected from 187.134.39.177 port 56968 [preauth]
May  7 04:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: Invalid user ftpadmin from 203.194.114.144
May  7 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: input_userauth_request: invalid user ftpadmin [preauth]
May  7 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: Failed password for invalid user ftpadmin from 203.194.114.144 port 33560 ssh2
May  7 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: Received disconnect from 203.194.114.144 port 33560:11: Bye Bye [preauth]
May  7 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15181]: Disconnected from 203.194.114.144 port 33560 [preauth]
May  7 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14026]: pam_unix(cron:session): session closed for user root
May  7 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15276]: pam_unix(cron:session): session closed for user p13x
May  7 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: Successful su for rubyman by root
May  7 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: + ??? root:rubyman
May  7 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344598 of user rubyman.
May  7 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: pam_unix(su:session): session closed for user rubyman
May  7 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344598.
May  7 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12720]: pam_unix(cron:session): session closed for user root
May  7 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15277]: pam_unix(cron:session): session closed for user samftp
May  7 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14451]: pam_unix(cron:session): session closed for user root
May  7 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Invalid user pepe from 106.51.92.114
May  7 04:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: input_userauth_request: invalid user pepe [preauth]
May  7 04:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Failed password for invalid user pepe from 106.51.92.114 port 56434 ssh2
May  7 04:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Received disconnect from 106.51.92.114 port 56434:11: Bye Bye [preauth]
May  7 04:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15594]: Disconnected from 106.51.92.114 port 56434 [preauth]
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user p13x
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: Successful su for rubyman by root
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: + ??? root:rubyman
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344602 of user rubyman.
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: pam_unix(su:session): session closed for user rubyman
May  7 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344602.
May  7 04:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13120]: pam_unix(cron:session): session closed for user root
May  7 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: Invalid user webadmin from 46.244.96.25
May  7 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: input_userauth_request: invalid user webadmin [preauth]
May  7 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user samftp
May  7 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: Failed password for invalid user webadmin from 46.244.96.25 port 55136 ssh2
May  7 04:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15859]: Connection closed by 46.244.96.25 port 55136 [preauth]
May  7 04:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Invalid user es_user from 187.134.39.177
May  7 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: input_userauth_request: invalid user es_user [preauth]
May  7 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Failed password for invalid user es_user from 187.134.39.177 port 36164 ssh2
May  7 04:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Received disconnect from 187.134.39.177 port 36164:11: Bye Bye [preauth]
May  7 04:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15955]: Disconnected from 187.134.39.177 port 36164 [preauth]
May  7 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session closed for user root
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session closed for user root
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16061]: pam_unix(cron:session): session closed for user p13x
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16133]: Successful su for rubyman by root
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16133]: + ??? root:rubyman
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344607 of user rubyman.
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16133]: pam_unix(su:session): session closed for user rubyman
May  7 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344607.
May  7 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16063]: pam_unix(cron:session): session closed for user root
May  7 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13617]: pam_unix(cron:session): session closed for user root
May  7 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16062]: pam_unix(cron:session): session closed for user samftp
May  7 04:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Invalid user  from 134.199.149.11
May  7 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: input_userauth_request: invalid user  [preauth]
May  7 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15279]: pam_unix(cron:session): session closed for user root
May  7 04:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 218.92.0.179 port 38504 ssh2
May  7 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Connection closed by 134.199.149.11 port 54120 [preauth]
May  7 04:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 218.92.0.179 port 38504 ssh2
May  7 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 218.92.0.179 port 38504 ssh2
May  7 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Received disconnect from 218.92.0.179 port 38504:11:  [preauth]
May  7 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Disconnected from 218.92.0.179 port 38504 [preauth]
May  7 04:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  7 04:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 04:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Failed password for root from 124.198.59.254 port 57048 ssh2
May  7 04:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Connection closed by 124.198.59.254 port 57048 [preauth]
May  7 04:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: Failed password for root from 188.166.217.79 port 54112 ssh2
May  7 04:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: Received disconnect from 188.166.217.79 port 54112:11: Bye Bye [preauth]
May  7 04:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16470]: Disconnected from 188.166.217.79 port 54112 [preauth]
May  7 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user p13x
May  7 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: Successful su for rubyman by root
May  7 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: + ??? root:rubyman
May  7 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344614 of user rubyman.
May  7 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session closed for user rubyman
May  7 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344614.
May  7 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14024]: pam_unix(cron:session): session closed for user root
May  7 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user samftp
May  7 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Invalid user vps from 162.254.32.62
May  7 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: input_userauth_request: invalid user vps [preauth]
May  7 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 04:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Failed password for invalid user vps from 162.254.32.62 port 41464 ssh2
May  7 04:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Received disconnect from 162.254.32.62 port 41464:11: Bye Bye [preauth]
May  7 04:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Disconnected from 162.254.32.62 port 41464 [preauth]
May  7 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Invalid user vladimir from 187.134.39.177
May  7 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: input_userauth_request: invalid user vladimir [preauth]
May  7 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session closed for user root
May  7 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user vladimir from 187.134.39.177 port 15552 ssh2
May  7 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Received disconnect from 187.134.39.177 port 15552:11: Bye Bye [preauth]
May  7 04:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Disconnected from 187.134.39.177 port 15552 [preauth]
May  7 04:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Invalid user bot from 134.199.149.11
May  7 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: input_userauth_request: invalid user bot [preauth]
May  7 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for invalid user bot from 134.199.149.11 port 54298 ssh2
May  7 04:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Connection closed by 134.199.149.11 port 54298 [preauth]
May  7 04:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Invalid user developer from 134.199.149.11
May  7 04:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: input_userauth_request: invalid user developer [preauth]
May  7 04:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Failed password for invalid user developer from 134.199.149.11 port 54300 ssh2
May  7 04:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16945]: Connection closed by 134.199.149.11 port 54300 [preauth]
May  7 04:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Failed password for root from 134.199.149.11 port 47276 ssh2
May  7 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16962]: Connection closed by 134.199.149.11 port 47276 [preauth]
May  7 04:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Invalid user services from 186.233.208.13
May  7 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: input_userauth_request: invalid user services [preauth]
May  7 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: Invalid user bigdata from 134.199.149.11
May  7 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: input_userauth_request: invalid user bigdata [preauth]
May  7 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Failed password for invalid user services from 186.233.208.13 port 42874 ssh2
May  7 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Received disconnect from 186.233.208.13 port 42874:11: Bye Bye [preauth]
May  7 04:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16965]: Disconnected from 186.233.208.13 port 42874 [preauth]
May  7 04:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: Failed password for invalid user bigdata from 134.199.149.11 port 47278 ssh2
May  7 04:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16975]: Connection closed by 134.199.149.11 port 47278 [preauth]
May  7 04:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Invalid user factorio from 134.199.149.11
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: input_userauth_request: invalid user factorio [preauth]
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16991]: pam_unix(cron:session): session closed for user p13x
May  7 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17050]: Successful su for rubyman by root
May  7 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17050]: + ??? root:rubyman
May  7 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344616 of user rubyman.
May  7 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17050]: pam_unix(su:session): session closed for user rubyman
May  7 04:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344616.
May  7 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Failed password for invalid user factorio from 134.199.149.11 port 47856 ssh2
May  7 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16986]: Connection closed by 134.199.149.11 port 47856 [preauth]
May  7 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14450]: pam_unix(cron:session): session closed for user root
May  7 04:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Invalid user niaoyun from 134.199.149.11
May  7 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: input_userauth_request: invalid user niaoyun [preauth]
May  7 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session closed for user samftp
May  7 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Failed password for invalid user niaoyun from 134.199.149.11 port 47882 ssh2
May  7 04:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17219]: Connection closed by 134.199.149.11 port 47882 [preauth]
May  7 04:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Invalid user hadoop from 134.199.149.11
May  7 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: input_userauth_request: invalid user hadoop [preauth]
May  7 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Failed password for invalid user hadoop from 134.199.149.11 port 36326 ssh2
May  7 04:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17247]: Connection closed by 134.199.149.11 port 36326 [preauth]
May  7 04:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Invalid user admin from 134.199.149.11
May  7 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: input_userauth_request: invalid user admin [preauth]
May  7 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Failed password for invalid user admin from 134.199.149.11 port 36348 ssh2
May  7 04:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Connection closed by 134.199.149.11 port 36348 [preauth]
May  7 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Invalid user apc from 80.94.95.29
May  7 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: input_userauth_request: invalid user apc [preauth]
May  7 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: User mysql from 134.199.149.11 not allowed because not listed in AllowUsers
May  7 04:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: input_userauth_request: invalid user mysql [preauth]
May  7 04:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=mysql
May  7 04:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for invalid user apc from 80.94.95.29 port 27324 ssh2
May  7 04:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Failed password for invalid user mysql from 134.199.149.11 port 34594 ssh2
May  7 04:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17286]: Connection closed by 134.199.149.11 port 34594 [preauth]
May  7 04:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for invalid user apc from 80.94.95.29 port 27324 ssh2
May  7 04:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Invalid user esuser from 134.199.149.11
May  7 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: input_userauth_request: invalid user esuser [preauth]
May  7 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for invalid user apc from 80.94.95.29 port 27324 ssh2
May  7 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Failed password for invalid user esuser from 134.199.149.11 port 34606 ssh2
May  7 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17310]: Connection closed by 134.199.149.11 port 34606 [preauth]
May  7 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for invalid user apc from 80.94.95.29 port 27324 ssh2
May  7 04:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Invalid user amir from 134.199.149.11
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: input_userauth_request: invalid user amir [preauth]
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for invalid user apc from 80.94.95.29 port 27324 ssh2
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Received disconnect from 80.94.95.29 port 27324:11: Bye [preauth]
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Disconnected from 80.94.95.29 port 27324 [preauth]
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session closed for user root
May  7 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Failed password for invalid user amir from 134.199.149.11 port 59980 ssh2
May  7 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17312]: Connection closed by 134.199.149.11 port 59980 [preauth]
May  7 04:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: Invalid user elasticsearch from 134.199.149.11
May  7 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: Failed password for invalid user elasticsearch from 134.199.149.11 port 59986 ssh2
May  7 04:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17343]: Connection closed by 134.199.149.11 port 59986 [preauth]
May  7 04:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Failed password for root from 134.199.149.11 port 49238 ssh2
May  7 04:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17353]: Connection closed by 134.199.149.11 port 49238 [preauth]
May  7 04:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: Invalid user debian from 134.199.149.11
May  7 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: input_userauth_request: invalid user debian [preauth]
May  7 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: Failed password for invalid user debian from 134.199.149.11 port 49254 ssh2
May  7 04:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17376]: Connection closed by 134.199.149.11 port 49254 [preauth]
May  7 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Failed password for root from 134.199.149.11 port 56030 ssh2
May  7 04:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17386]: Connection closed by 134.199.149.11 port 56030 [preauth]
May  7 04:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Invalid user lighthouse from 134.199.149.11
May  7 04:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: input_userauth_request: invalid user lighthouse [preauth]
May  7 04:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Failed password for invalid user lighthouse from 134.199.149.11 port 56040 ssh2
May  7 04:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17399]: Connection closed by 134.199.149.11 port 56040 [preauth]
May  7 04:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Invalid user user from 181.228.68.222
May  7 04:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: input_userauth_request: invalid user user [preauth]
May  7 04:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Invalid user admin from 134.199.149.11
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: input_userauth_request: invalid user admin [preauth]
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17415]: pam_unix(cron:session): session closed for user p13x
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: Successful su for rubyman by root
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: + ??? root:rubyman
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344620 of user rubyman.
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17485]: pam_unix(su:session): session closed for user rubyman
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344620.
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Failed password for invalid user user from 181.228.68.222 port 51698 ssh2
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Received disconnect from 181.228.68.222 port 51698:11: Bye Bye [preauth]
May  7 04:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Disconnected from 181.228.68.222 port 51698 [preauth]
May  7 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Failed password for invalid user admin from 134.199.149.11 port 51248 ssh2
May  7 04:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17412]: Connection closed by 134.199.149.11 port 51248 [preauth]
May  7 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14879]: pam_unix(cron:session): session closed for user root
May  7 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Invalid user test from 134.199.149.11
May  7 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: input_userauth_request: invalid user test [preauth]
May  7 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17416]: pam_unix(cron:session): session closed for user samftp
May  7 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Failed password for invalid user test from 134.199.149.11 port 51262 ssh2
May  7 04:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17664]: Connection closed by 134.199.149.11 port 51262 [preauth]
May  7 04:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Invalid user test from 134.199.149.11
May  7 04:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: input_userauth_request: invalid user test [preauth]
May  7 04:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Failed password for invalid user test from 134.199.149.11 port 39328 ssh2
May  7 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17689]: Connection closed by 134.199.149.11 port 39328 [preauth]
May  7 04:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Invalid user user1 from 134.199.149.11
May  7 04:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: input_userauth_request: invalid user user1 [preauth]
May  7 04:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Failed password for invalid user user1 from 134.199.149.11 port 39330 ssh2
May  7 04:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17713]: Connection closed by 134.199.149.11 port 39330 [preauth]
May  7 04:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Invalid user xh from 203.194.114.144
May  7 04:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: input_userauth_request: invalid user xh [preauth]
May  7 04:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Failed password for invalid user xh from 203.194.114.144 port 43078 ssh2
May  7 04:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Received disconnect from 203.194.114.144 port 43078:11: Bye Bye [preauth]
May  7 04:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Disconnected from 203.194.114.144 port 43078 [preauth]
May  7 04:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for root from 134.199.149.11 port 36688 ssh2
May  7 04:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Connection closed by 134.199.149.11 port 36688 [preauth]
May  7 04:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Invalid user hive from 134.199.149.11
May  7 04:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: input_userauth_request: invalid user hive [preauth]
May  7 04:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Failed password for invalid user hive from 134.199.149.11 port 36720 ssh2
May  7 04:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17749]: Connection closed by 134.199.149.11 port 36720 [preauth]
May  7 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Invalid user odoo from 134.199.149.11
May  7 04:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: input_userauth_request: invalid user odoo [preauth]
May  7 04:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Failed password for invalid user odoo from 134.199.149.11 port 47042 ssh2
May  7 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17779]: Connection closed by 134.199.149.11 port 47042 [preauth]
May  7 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user root
May  7 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Invalid user demo from 134.199.149.11
May  7 04:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: input_userauth_request: invalid user demo [preauth]
May  7 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for invalid user demo from 134.199.149.11 port 47054 ssh2
May  7 04:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Connection closed by 134.199.149.11 port 47054 [preauth]
May  7 04:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: Invalid user odoo17 from 134.199.149.11
May  7 04:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: input_userauth_request: invalid user odoo17 [preauth]
May  7 04:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: Invalid user aconnors from 64.226.100.253
May  7 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: input_userauth_request: invalid user aconnors [preauth]
May  7 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 04:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: Failed password for invalid user odoo17 from 134.199.149.11 port 45126 ssh2
May  7 04:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17907]: Connection closed by 134.199.149.11 port 45126 [preauth]
May  7 04:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: Failed password for invalid user aconnors from 64.226.100.253 port 48692 ssh2
May  7 04:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17909]: Connection closed by 64.226.100.253 port 48692 [preauth]
May  7 04:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: Invalid user username from 134.199.149.11
May  7 04:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: input_userauth_request: invalid user username [preauth]
May  7 04:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: Failed password for invalid user username from 134.199.149.11 port 45140 ssh2
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17938]: Connection closed by 134.199.149.11 port 45140 [preauth]
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Invalid user radu from 187.134.39.177
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: input_userauth_request: invalid user radu [preauth]
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Failed password for invalid user radu from 187.134.39.177 port 26374 ssh2
May  7 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Received disconnect from 187.134.39.177 port 26374:11: Bye Bye [preauth]
May  7 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17940]: Disconnected from 187.134.39.177 port 26374 [preauth]
May  7 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Invalid user tom from 134.199.149.11
May  7 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: input_userauth_request: invalid user tom [preauth]
May  7 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Failed password for invalid user tom from 134.199.149.11 port 59846 ssh2
May  7 04:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17951]: Connection closed by 134.199.149.11 port 59846 [preauth]
May  7 04:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: Invalid user kingbase from 134.199.149.11
May  7 04:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: input_userauth_request: invalid user kingbase [preauth]
May  7 04:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Invalid user docker from 106.51.92.114
May  7 04:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: input_userauth_request: invalid user docker [preauth]
May  7 04:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: Failed password for invalid user kingbase from 134.199.149.11 port 59854 ssh2
May  7 04:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17962]: Connection closed by 134.199.149.11 port 59854 [preauth]
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Failed password for invalid user docker from 106.51.92.114 port 46415 ssh2
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Received disconnect from 106.51.92.114 port 46415:11: Bye Bye [preauth]
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17964]: Disconnected from 106.51.92.114 port 46415 [preauth]
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17980]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17980]: pam_unix(cron:session): session closed for user p13x
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Invalid user docker from 134.199.149.11
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: input_userauth_request: invalid user docker [preauth]
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18115]: Successful su for rubyman by root
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18115]: + ??? root:rubyman
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18115]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344625 of user rubyman.
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18115]: pam_unix(su:session): session closed for user rubyman
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344625.
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17978]: pam_unix(cron:session): session closed for user root
May  7 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Failed password for invalid user docker from 134.199.149.11 port 35084 ssh2
May  7 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Connection closed by 134.199.149.11 port 35084 [preauth]
May  7 04:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15278]: pam_unix(cron:session): session closed for user root
May  7 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17982]: pam_unix(cron:session): session closed for user samftp
May  7 04:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Failed password for root from 134.199.149.11 port 35102 ssh2
May  7 04:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18311]: Connection closed by 134.199.149.11 port 35102 [preauth]
May  7 04:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Invalid user git from 134.199.149.11
May  7 04:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: input_userauth_request: invalid user git [preauth]
May  7 04:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Failed password for invalid user git from 134.199.149.11 port 42876 ssh2
May  7 04:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18333]: Connection closed by 134.199.149.11 port 42876 [preauth]
May  7 04:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Failed password for root from 134.199.149.11 port 42890 ssh2
May  7 04:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Connection closed by 134.199.149.11 port 42890 [preauth]
May  7 04:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: Failed password for root from 134.199.149.11 port 59202 ssh2
May  7 04:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18370]: Connection closed by 134.199.149.11 port 59202 [preauth]
May  7 04:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: Failed password for root from 134.199.149.11 port 59214 ssh2
May  7 04:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: Connection closed by 134.199.149.11 port 59214 [preauth]
May  7 04:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: Invalid user ubuntu from 134.199.149.11
May  7 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: input_userauth_request: invalid user ubuntu [preauth]
May  7 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: Failed password for invalid user ubuntu from 134.199.149.11 port 53064 ssh2
May  7 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session closed for user root
May  7 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18410]: Connection closed by 134.199.149.11 port 53064 [preauth]
May  7 04:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: Failed password for root from 134.199.149.11 port 53066 ssh2
May  7 04:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18445]: Connection closed by 134.199.149.11 port 53066 [preauth]
May  7 04:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Invalid user minecraft from 50.235.31.47
May  7 04:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: input_userauth_request: invalid user minecraft [preauth]
May  7 04:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 04:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: Invalid user user from 134.199.149.11
May  7 04:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: input_userauth_request: invalid user user [preauth]
May  7 04:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Failed password for invalid user minecraft from 50.235.31.47 port 42554 ssh2
May  7 04:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Connection closed by 50.235.31.47 port 42554 [preauth]
May  7 04:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: Failed password for invalid user user from 134.199.149.11 port 42954 ssh2
May  7 04:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18458]: Connection closed by 134.199.149.11 port 42954 [preauth]
May  7 04:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Invalid user test2 from 134.199.149.11
May  7 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: input_userauth_request: invalid user test2 [preauth]
May  7 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Failed password for invalid user test2 from 134.199.149.11 port 42964 ssh2
May  7 04:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Connection closed by 134.199.149.11 port 42964 [preauth]
May  7 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: Invalid user debian from 134.199.149.11
May  7 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: input_userauth_request: invalid user debian [preauth]
May  7 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: Failed password for invalid user debian from 134.199.149.11 port 46970 ssh2
May  7 04:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18493]: Connection closed by 134.199.149.11 port 46970 [preauth]
May  7 04:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for root from 134.199.149.11 port 46986 ssh2
May  7 04:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Connection closed by 134.199.149.11 port 46986 [preauth]
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Invalid user pi from 134.199.149.11
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: input_userauth_request: invalid user pi [preauth]
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session closed for user root
May  7 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user p13x
May  7 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: Successful su for rubyman by root
May  7 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: + ??? root:rubyman
May  7 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344630 of user rubyman.
May  7 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: pam_unix(su:session): session closed for user rubyman
May  7 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344630.
May  7 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Failed password for invalid user pi from 134.199.149.11 port 39032 ssh2
May  7 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Connection closed by 134.199.149.11 port 39032 [preauth]
May  7 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session closed for user root
May  7 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session closed for user root
May  7 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Invalid user master from 134.199.149.11
May  7 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: input_userauth_request: invalid user master [preauth]
May  7 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session closed for user samftp
May  7 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user master from 134.199.149.11 port 39058 ssh2
May  7 04:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Connection closed by 134.199.149.11 port 39058 [preauth]
May  7 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Invalid user elastic from 134.199.149.11
May  7 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: input_userauth_request: invalid user elastic [preauth]
May  7 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Failed password for invalid user elastic from 134.199.149.11 port 33880 ssh2
May  7 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Connection closed by 134.199.149.11 port 33880 [preauth]
May  7 04:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Failed password for root from 218.92.0.179 port 19993 ssh2
May  7 04:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Invalid user ftpuser from 134.199.149.11
May  7 04:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: input_userauth_request: invalid user ftpuser [preauth]
May  7 04:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Failed password for root from 218.92.0.179 port 19993 ssh2
May  7 04:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Failed password for invalid user ftpuser from 134.199.149.11 port 33886 ssh2
May  7 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Failed password for root from 218.92.0.179 port 19993 ssh2
May  7 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Connection closed by 134.199.149.11 port 33886 [preauth]
May  7 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Received disconnect from 218.92.0.179 port 19993:11:  [preauth]
May  7 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: Disconnected from 218.92.0.179 port 19993 [preauth]
May  7 04:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18816]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Failed password for root from 134.199.149.11 port 38044 ssh2
May  7 04:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Connection closed by 134.199.149.11 port 38044 [preauth]
May  7 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Invalid user minecraft from 134.199.149.11
May  7 04:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: input_userauth_request: invalid user minecraft [preauth]
May  7 04:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Failed password for invalid user minecraft from 134.199.149.11 port 38050 ssh2
May  7 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18870]: Connection closed by 134.199.149.11 port 38050 [preauth]
May  7 04:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Invalid user weblogic from 134.199.149.11
May  7 04:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: input_userauth_request: invalid user weblogic [preauth]
May  7 04:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Failed password for invalid user weblogic from 134.199.149.11 port 49372 ssh2
May  7 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18880]: Connection closed by 134.199.149.11 port 49372 [preauth]
May  7 04:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17420]: pam_unix(cron:session): session closed for user root
May  7 04:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Invalid user ubuntu from 134.199.149.11
May  7 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: input_userauth_request: invalid user ubuntu [preauth]
May  7 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Failed password for invalid user ubuntu from 134.199.149.11 port 49384 ssh2
May  7 04:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Connection closed by 134.199.149.11 port 49384 [preauth]
May  7 04:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Invalid user g from 134.199.149.11
May  7 04:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: input_userauth_request: invalid user g [preauth]
May  7 04:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Failed password for invalid user g from 134.199.149.11 port 58578 ssh2
May  7 04:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18922]: Connection closed by 134.199.149.11 port 58578 [preauth]
May  7 04:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: Invalid user sadmin from 134.199.149.11
May  7 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: input_userauth_request: invalid user sadmin [preauth]
May  7 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: Failed password for invalid user sadmin from 134.199.149.11 port 58584 ssh2
May  7 04:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18946]: Connection closed by 134.199.149.11 port 58584 [preauth]
May  7 04:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Invalid user user2 from 134.199.149.11
May  7 04:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: input_userauth_request: invalid user user2 [preauth]
May  7 04:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Failed password for invalid user user2 from 134.199.149.11 port 40674 ssh2
May  7 04:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Connection closed by 134.199.149.11 port 40674 [preauth]
May  7 04:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: Invalid user gitlab from 134.199.149.11
May  7 04:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: input_userauth_request: invalid user gitlab [preauth]
May  7 04:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: Failed password for invalid user gitlab from 134.199.149.11 port 40688 ssh2
May  7 04:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18966]: Connection closed by 134.199.149.11 port 40688 [preauth]
May  7 04:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18979]: pam_unix(cron:session): session closed for user p13x
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: Successful su for rubyman by root
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: + ??? root:rubyman
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344637 of user rubyman.
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19050]: pam_unix(su:session): session closed for user rubyman
May  7 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344637.
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: Failed password for root from 134.199.149.11 port 53130 ssh2
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18976]: Connection closed by 134.199.149.11 port 53130 [preauth]
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Invalid user cc from 162.254.32.62
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: input_userauth_request: invalid user cc [preauth]
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Failed password for invalid user cc from 162.254.32.62 port 34552 ssh2
May  7 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Received disconnect from 162.254.32.62 port 34552:11: Bye Bye [preauth]
May  7 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Disconnected from 162.254.32.62 port 34552 [preauth]
May  7 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session closed for user root
May  7 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18980]: pam_unix(cron:session): session closed for user samftp
May  7 04:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Invalid user smkim from 187.134.39.177
May  7 04:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: input_userauth_request: invalid user smkim [preauth]
May  7 04:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Failed password for root from 134.199.149.11 port 53146 ssh2
May  7 04:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Connection closed by 134.199.149.11 port 53146 [preauth]
May  7 04:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Failed password for invalid user smkim from 187.134.39.177 port 26271 ssh2
May  7 04:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Received disconnect from 187.134.39.177 port 26271:11: Bye Bye [preauth]
May  7 04:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19240]: Disconnected from 187.134.39.177 port 26271 [preauth]
May  7 04:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 04:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19261]: Failed password for root from 134.199.149.11 port 41896 ssh2
May  7 04:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19261]: Connection closed by 134.199.149.11 port 41896 [preauth]
May  7 04:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Failed password for root from 188.166.217.79 port 54298 ssh2
May  7 04:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Received disconnect from 188.166.217.79 port 54298:11: Bye Bye [preauth]
May  7 04:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19263]: Disconnected from 188.166.217.79 port 54298 [preauth]
May  7 04:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Invalid user sonar from 134.199.149.11
May  7 04:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: input_userauth_request: invalid user sonar [preauth]
May  7 04:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Failed password for invalid user sonar from 134.199.149.11 port 41914 ssh2
May  7 04:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19287]: Connection closed by 134.199.149.11 port 41914 [preauth]
May  7 04:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Failed password for root from 134.199.149.11 port 37870 ssh2
May  7 04:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19298]: Connection closed by 134.199.149.11 port 37870 [preauth]
May  7 04:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Invalid user mehdi from 134.199.149.11
May  7 04:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: input_userauth_request: invalid user mehdi [preauth]
May  7 04:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Failed password for invalid user mehdi from 134.199.149.11 port 37882 ssh2
May  7 04:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Connection closed by 134.199.149.11 port 37882 [preauth]
May  7 04:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: Invalid user admin from 134.199.149.11
May  7 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: input_userauth_request: invalid user admin [preauth]
May  7 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: Failed password for invalid user admin from 134.199.149.11 port 33436 ssh2
May  7 04:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19325]: Connection closed by 134.199.149.11 port 33436 [preauth]
May  7 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17984]: pam_unix(cron:session): session closed for user root
May  7 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Invalid user plex from 134.199.149.11
May  7 04:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: input_userauth_request: invalid user plex [preauth]
May  7 04:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Failed password for invalid user plex from 134.199.149.11 port 33442 ssh2
May  7 04:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19356]: Connection closed by 134.199.149.11 port 33442 [preauth]
May  7 04:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Invalid user rancher from 134.199.149.11
May  7 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: input_userauth_request: invalid user rancher [preauth]
May  7 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Failed password for invalid user rancher from 134.199.149.11 port 57398 ssh2
May  7 04:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Connection closed by 134.199.149.11 port 57398 [preauth]
May  7 04:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Invalid user media from 134.199.149.11
May  7 04:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: input_userauth_request: invalid user media [preauth]
May  7 04:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Failed password for invalid user media from 134.199.149.11 port 57414 ssh2
May  7 04:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19388]: Connection closed by 134.199.149.11 port 57414 [preauth]
May  7 04:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Failed password for root from 134.199.149.11 port 44600 ssh2
May  7 04:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19399]: Connection closed by 134.199.149.11 port 44600 [preauth]
May  7 04:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Failed password for root from 134.199.149.11 port 44604 ssh2
May  7 04:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19410]: Connection closed by 134.199.149.11 port 44604 [preauth]
May  7 04:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Invalid user deploy from 134.199.149.11
May  7 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: input_userauth_request: invalid user deploy [preauth]
May  7 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session closed for user p13x
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19486]: Successful su for rubyman by root
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19486]: + ??? root:rubyman
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344640 of user rubyman.
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19486]: pam_unix(su:session): session closed for user rubyman
May  7 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344640.
May  7 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Failed password for invalid user deploy from 134.199.149.11 port 40676 ssh2
May  7 04:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19421]: Connection closed by 134.199.149.11 port 40676 [preauth]
May  7 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May  7 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: Invalid user wang from 134.199.149.11
May  7 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: input_userauth_request: invalid user wang [preauth]
May  7 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session closed for user samftp
May  7 04:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: Failed password for invalid user wang from 134.199.149.11 port 40692 ssh2
May  7 04:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: Connection closed by 134.199.149.11 port 40692 [preauth]
May  7 04:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Invalid user es from 134.199.149.11
May  7 04:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: input_userauth_request: invalid user es [preauth]
May  7 04:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Failed password for invalid user es from 134.199.149.11 port 51212 ssh2
May  7 04:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Connection closed by 134.199.149.11 port 51212 [preauth]
May  7 04:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Invalid user gpadmin from 134.199.149.11
May  7 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: input_userauth_request: invalid user gpadmin [preauth]
May  7 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Failed password for invalid user gpadmin from 134.199.149.11 port 51214 ssh2
May  7 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19725]: Connection closed by 134.199.149.11 port 51214 [preauth]
May  7 04:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: Invalid user developer from 134.199.149.11
May  7 04:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: input_userauth_request: invalid user developer [preauth]
May  7 04:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: Failed password for invalid user developer from 134.199.149.11 port 46584 ssh2
May  7 04:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19736]: Connection closed by 134.199.149.11 port 46584 [preauth]
May  7 04:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: Invalid user www from 134.199.149.11
May  7 04:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: input_userauth_request: invalid user www [preauth]
May  7 04:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: Failed password for invalid user www from 134.199.149.11 port 46590 ssh2
May  7 04:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19747]: Connection closed by 134.199.149.11 port 46590 [preauth]
May  7 04:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: Invalid user ec2-user from 134.199.149.11
May  7 04:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: input_userauth_request: invalid user ec2-user [preauth]
May  7 04:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: Failed password for invalid user ec2-user from 134.199.149.11 port 42752 ssh2
May  7 04:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19769]: Connection closed by 134.199.149.11 port 42752 [preauth]
May  7 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user root
May  7 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Invalid user guest from 134.199.149.11
May  7 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: input_userauth_request: invalid user guest [preauth]
May  7 04:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Failed password for invalid user guest from 134.199.149.11 port 42754 ssh2
May  7 04:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19793]: Connection closed by 134.199.149.11 port 42754 [preauth]
May  7 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Invalid user system from 134.199.149.11
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: input_userauth_request: invalid user system [preauth]
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: Invalid user karol from 186.233.208.13
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: input_userauth_request: invalid user karol [preauth]
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Failed password for invalid user system from 134.199.149.11 port 57432 ssh2
May  7 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: Failed password for invalid user karol from 186.233.208.13 port 54492 ssh2
May  7 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19812]: Connection closed by 134.199.149.11 port 57432 [preauth]
May  7 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: Received disconnect from 186.233.208.13 port 54492:11: Bye Bye [preauth]
May  7 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19806]: Disconnected from 186.233.208.13 port 54492 [preauth]
May  7 04:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: Invalid user tom from 134.199.149.11
May  7 04:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: input_userauth_request: invalid user tom [preauth]
May  7 04:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: Failed password for invalid user tom from 134.199.149.11 port 57440 ssh2
May  7 04:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19823]: Connection closed by 134.199.149.11 port 57440 [preauth]
May  7 04:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: Invalid user gitlab-runner from 134.199.149.11
May  7 04:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: input_userauth_request: invalid user gitlab-runner [preauth]
May  7 04:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: Failed password for invalid user gitlab-runner from 134.199.149.11 port 55142 ssh2
May  7 04:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19838]: Connection closed by 134.199.149.11 port 55142 [preauth]
May  7 04:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Invalid user flask from 134.199.149.11
May  7 04:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: input_userauth_request: invalid user flask [preauth]
May  7 04:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Failed password for invalid user flask from 134.199.149.11 port 55156 ssh2
May  7 04:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19851]: Connection closed by 134.199.149.11 port 55156 [preauth]
May  7 04:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Invalid user ftpuser from 134.199.149.11
May  7 04:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: input_userauth_request: invalid user ftpuser [preauth]
May  7 04:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19872]: pam_unix(cron:session): session closed for user p13x
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: Successful su for rubyman by root
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: + ??? root:rubyman
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344644 of user rubyman.
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19934]: pam_unix(su:session): session closed for user rubyman
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344644.
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for invalid user ftpuser from 134.199.149.11 port 55930 ssh2
May  7 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Connection closed by 134.199.149.11 port 55930 [preauth]
May  7 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session closed for user root
May  7 04:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19873]: pam_unix(cron:session): session closed for user samftp
May  7 04:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for root from 134.199.149.11 port 55936 ssh2
May  7 04:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Connection closed by 134.199.149.11 port 55936 [preauth]
May  7 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Invalid user gitlab from 134.199.149.11
May  7 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: input_userauth_request: invalid user gitlab [preauth]
May  7 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Failed password for invalid user gitlab from 134.199.149.11 port 49580 ssh2
May  7 04:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20132]: Connection closed by 134.199.149.11 port 49580 [preauth]
May  7 04:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Invalid user user2 from 134.199.149.11
May  7 04:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: input_userauth_request: invalid user user2 [preauth]
May  7 04:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Failed password for invalid user user2 from 134.199.149.11 port 49594 ssh2
May  7 04:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20157]: Connection closed by 134.199.149.11 port 49594 [preauth]
May  7 04:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Invalid user friedrich from 187.134.39.177
May  7 04:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: input_userauth_request: invalid user friedrich [preauth]
May  7 04:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Invalid user dmdba from 134.199.149.11
May  7 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: input_userauth_request: invalid user dmdba [preauth]
May  7 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Failed password for invalid user friedrich from 187.134.39.177 port 57958 ssh2
May  7 04:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Received disconnect from 187.134.39.177 port 57958:11: Bye Bye [preauth]
May  7 04:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20168]: Disconnected from 187.134.39.177 port 57958 [preauth]
May  7 04:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Failed password for invalid user dmdba from 134.199.149.11 port 56080 ssh2
May  7 04:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20170]: Connection closed by 134.199.149.11 port 56080 [preauth]
May  7 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Invalid user guest from 134.199.149.11
May  7 04:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: input_userauth_request: invalid user guest [preauth]
May  7 04:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Failed password for invalid user guest from 134.199.149.11 port 56084 ssh2
May  7 04:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20180]: Connection closed by 134.199.149.11 port 56084 [preauth]
May  7 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Invalid user samba from 134.199.149.11
May  7 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: input_userauth_request: invalid user samba [preauth]
May  7 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Failed password for invalid user samba from 134.199.149.11 port 51246 ssh2
May  7 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Connection closed by 134.199.149.11 port 51246 [preauth]
May  7 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session closed for user root
May  7 04:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Invalid user zabbix from 134.199.149.11
May  7 04:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: input_userauth_request: invalid user zabbix [preauth]
May  7 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Failed password for invalid user zabbix from 134.199.149.11 port 51260 ssh2
May  7 04:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Connection closed by 134.199.149.11 port 51260 [preauth]
May  7 04:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Invalid user nginx from 134.199.149.11
May  7 04:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: input_userauth_request: invalid user nginx [preauth]
May  7 04:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Failed password for invalid user nginx from 134.199.149.11 port 45112 ssh2
May  7 04:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20242]: Connection closed by 134.199.149.11 port 45112 [preauth]
May  7 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: Invalid user oscar from 134.199.149.11
May  7 04:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: input_userauth_request: invalid user oscar [preauth]
May  7 04:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: Failed password for invalid user oscar from 134.199.149.11 port 45114 ssh2
May  7 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20267]: Connection closed by 134.199.149.11 port 45114 [preauth]
May  7 04:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Invalid user pi from 134.199.149.11
May  7 04:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: input_userauth_request: invalid user pi [preauth]
May  7 04:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for root from 218.92.0.179 port 26850 ssh2
May  7 04:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for root from 218.92.0.179 port 26850 ssh2
May  7 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Failed password for invalid user pi from 134.199.149.11 port 52224 ssh2
May  7 04:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20279]: Connection closed by 134.199.149.11 port 52224 [preauth]
May  7 04:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Failed password for root from 218.92.0.179 port 26850 ssh2
May  7 04:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Received disconnect from 218.92.0.179 port 26850:11:  [preauth]
May  7 04:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: Disconnected from 218.92.0.179 port 26850 [preauth]
May  7 04:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20269]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Invalid user wso2 from 134.199.149.11
May  7 04:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: input_userauth_request: invalid user wso2 [preauth]
May  7 04:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Failed password for invalid user wso2 from 134.199.149.11 port 52232 ssh2
May  7 04:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20290]: Connection closed by 134.199.149.11 port 52232 [preauth]
May  7 04:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Invalid user kubernetes from 134.199.149.11
May  7 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: input_userauth_request: invalid user kubernetes [preauth]
May  7 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Invalid user services from 181.228.68.222
May  7 04:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: input_userauth_request: invalid user services [preauth]
May  7 04:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20305]: pam_unix(cron:session): session closed for user p13x
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Failed password for invalid user kubernetes from 134.199.149.11 port 37144 ssh2
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20365]: Successful su for rubyman by root
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20365]: + ??? root:rubyman
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344648 of user rubyman.
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20365]: pam_unix(su:session): session closed for user rubyman
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344648.
May  7 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20299]: Connection closed by 134.199.149.11 port 37144 [preauth]
May  7 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Failed password for invalid user services from 181.228.68.222 port 60004 ssh2
May  7 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Received disconnect from 181.228.68.222 port 60004:11: Bye Bye [preauth]
May  7 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20302]: Disconnected from 181.228.68.222 port 60004 [preauth]
May  7 04:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17417]: pam_unix(cron:session): session closed for user root
May  7 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20306]: pam_unix(cron:session): session closed for user samftp
May  7 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: Failed password for root from 134.199.149.11 port 37164 ssh2
May  7 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20494]: Connection closed by 134.199.149.11 port 37164 [preauth]
May  7 04:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: User vncuser from 203.194.114.144 not allowed because not listed in AllowUsers
May  7 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: input_userauth_request: invalid user vncuser [preauth]
May  7 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144  user=vncuser
May  7 04:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for invalid user vncuser from 203.194.114.144 port 52592 ssh2
May  7 04:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Received disconnect from 203.194.114.144 port 52592:11: Bye Bye [preauth]
May  7 04:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Disconnected from 203.194.114.144 port 52592 [preauth]
May  7 04:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Failed password for root from 134.199.149.11 port 54764 ssh2
May  7 04:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20560]: Connection closed by 134.199.149.11 port 54764 [preauth]
May  7 04:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Invalid user esearch from 106.51.92.114
May  7 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: input_userauth_request: invalid user esearch [preauth]
May  7 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Invalid user dev from 134.199.149.11
May  7 04:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: input_userauth_request: invalid user dev [preauth]
May  7 04:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for invalid user esearch from 106.51.92.114 port 36391 ssh2
May  7 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Received disconnect from 106.51.92.114 port 36391:11: Bye Bye [preauth]
May  7 04:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Disconnected from 106.51.92.114 port 36391 [preauth]
May  7 04:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Failed password for invalid user dev from 134.199.149.11 port 54768 ssh2
May  7 04:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20579]: Connection closed by 134.199.149.11 port 54768 [preauth]
May  7 04:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Invalid user runner from 134.199.149.11
May  7 04:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: input_userauth_request: invalid user runner [preauth]
May  7 04:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Failed password for invalid user runner from 134.199.149.11 port 52950 ssh2
May  7 04:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Connection closed by 134.199.149.11 port 52950 [preauth]
May  7 04:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Failed password for root from 134.199.149.11 port 52958 ssh2
May  7 04:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20606]: Connection closed by 134.199.149.11 port 52958 [preauth]
May  7 04:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Invalid user user from 134.199.149.11
May  7 04:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: input_userauth_request: invalid user user [preauth]
May  7 04:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Failed password for invalid user user from 134.199.149.11 port 57862 ssh2
May  7 04:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20628]: Connection closed by 134.199.149.11 port 57862 [preauth]
May  7 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session closed for user root
May  7 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: Invalid user guest from 134.199.149.11
May  7 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: input_userauth_request: invalid user guest [preauth]
May  7 04:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: Failed password for invalid user guest from 134.199.149.11 port 57876 ssh2
May  7 04:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20646]: Connection closed by 134.199.149.11 port 57876 [preauth]
May  7 04:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Invalid user admin from 80.94.95.125
May  7 04:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: input_userauth_request: invalid user admin [preauth]
May  7 04:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 04:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Failed password for invalid user admin from 80.94.95.125 port 24855 ssh2
May  7 04:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Failed password for root from 134.199.149.11 port 58768 ssh2
May  7 04:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Connection closed by 134.199.149.11 port 58768 [preauth]
May  7 04:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Failed password for invalid user admin from 80.94.95.125 port 24855 ssh2
May  7 04:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Failed password for invalid user admin from 80.94.95.125 port 24855 ssh2
May  7 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Invalid user user1 from 134.199.149.11
May  7 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: input_userauth_request: invalid user user1 [preauth]
May  7 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Failed password for invalid user user1 from 134.199.149.11 port 58774 ssh2
May  7 04:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Connection closed by 134.199.149.11 port 58774 [preauth]
May  7 04:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Failed password for invalid user admin from 80.94.95.125 port 24855 ssh2
May  7 04:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Failed password for invalid user admin from 80.94.95.125 port 24855 ssh2
May  7 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Received disconnect from 80.94.95.125 port 24855:11: Bye [preauth]
May  7 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: Disconnected from 80.94.95.125 port 24855 [preauth]
May  7 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 04:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20673]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Failed password for root from 134.199.149.11 port 44056 ssh2
May  7 04:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20711]: Connection closed by 134.199.149.11 port 44056 [preauth]
May  7 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: Invalid user nginx from 134.199.149.11
May  7 04:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: input_userauth_request: invalid user nginx [preauth]
May  7 04:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: Failed password for invalid user nginx from 134.199.149.11 port 44072 ssh2
May  7 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20722]: Connection closed by 134.199.149.11 port 44072 [preauth]
May  7 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: Invalid user apache from 134.199.149.11
May  7 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: input_userauth_request: invalid user apache [preauth]
May  7 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: Failed password for invalid user apache from 134.199.149.11 port 44242 ssh2
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20733]: Connection closed by 134.199.149.11 port 44242 [preauth]
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20741]: pam_unix(cron:session): session closed for user root
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20736]: pam_unix(cron:session): session closed for user p13x
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: Successful su for rubyman by root
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: + ??? root:rubyman
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344652 of user rubyman.
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20807]: pam_unix(su:session): session closed for user rubyman
May  7 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344652.
May  7 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: User mysql from 134.199.149.11 not allowed because not listed in AllowUsers
May  7 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: input_userauth_request: invalid user mysql [preauth]
May  7 04:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=mysql
May  7 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20738]: pam_unix(cron:session): session closed for user root
May  7 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17983]: pam_unix(cron:session): session closed for user root
May  7 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Failed password for invalid user mysql from 134.199.149.11 port 44260 ssh2
May  7 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Connection closed by 134.199.149.11 port 44260 [preauth]
May  7 04:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20737]: pam_unix(cron:session): session closed for user samftp
May  7 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: User ftp from 134.199.149.11 not allowed because not listed in AllowUsers
May  7 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: input_userauth_request: invalid user ftp [preauth]
May  7 04:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=ftp
May  7 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: Failed password for invalid user ftp from 134.199.149.11 port 34264 ssh2
May  7 04:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: Connection closed by 134.199.149.11 port 34264 [preauth]
May  7 04:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Invalid user user from 134.199.149.11
May  7 04:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: input_userauth_request: invalid user user [preauth]
May  7 04:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Failed password for invalid user user from 134.199.149.11 port 34276 ssh2
May  7 04:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Connection closed by 134.199.149.11 port 34276 [preauth]
May  7 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Invalid user elastic from 134.199.149.11
May  7 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: input_userauth_request: invalid user elastic [preauth]
May  7 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Failed password for invalid user elastic from 134.199.149.11 port 57814 ssh2
May  7 04:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21063]: Connection closed by 134.199.149.11 port 57814 [preauth]
May  7 04:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Failed password for root from 134.199.149.11 port 57816 ssh2
May  7 04:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Connection closed by 134.199.149.11 port 57816 [preauth]
May  7 04:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: Failed password for root from 134.199.149.11 port 50784 ssh2
May  7 04:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: Invalid user aeiger from 64.226.100.253
May  7 04:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: input_userauth_request: invalid user aeiger [preauth]
May  7 04:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 04:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21099]: Connection closed by 134.199.149.11 port 50784 [preauth]
May  7 04:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: Failed password for invalid user aeiger from 64.226.100.253 port 37368 ssh2
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Invalid user solr from 134.199.149.11
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: input_userauth_request: invalid user solr [preauth]
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21112]: Connection closed by 64.226.100.253 port 37368 [preauth]
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session closed for user root
May  7 04:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Failed password for invalid user solr from 134.199.149.11 port 50792 ssh2
May  7 04:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21114]: Connection closed by 134.199.149.11 port 50792 [preauth]
May  7 04:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Invalid user server from 134.199.149.11
May  7 04:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: input_userauth_request: invalid user server [preauth]
May  7 04:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Failed password for invalid user server from 134.199.149.11 port 37958 ssh2
May  7 04:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21145]: Connection closed by 134.199.149.11 port 37958 [preauth]
May  7 04:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Invalid user ec2-user from 187.134.39.177
May  7 04:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: input_userauth_request: invalid user ec2-user [preauth]
May  7 04:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: Invalid user postgres from 134.199.149.11
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: input_userauth_request: invalid user postgres [preauth]
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Failed password for invalid user ec2-user from 187.134.39.177 port 55888 ssh2
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Received disconnect from 187.134.39.177 port 55888:11: Bye Bye [preauth]
May  7 04:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21156]: Disconnected from 187.134.39.177 port 55888 [preauth]
May  7 04:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: Failed password for invalid user postgres from 134.199.149.11 port 37962 ssh2
May  7 04:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: Connection closed by 134.199.149.11 port 37962 [preauth]
May  7 04:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Invalid user apache from 134.199.149.11
May  7 04:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: input_userauth_request: invalid user apache [preauth]
May  7 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Failed password for invalid user apache from 134.199.149.11 port 55698 ssh2
May  7 04:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21191]: Connection closed by 134.199.149.11 port 55698 [preauth]
May  7 04:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Invalid user git from 134.199.149.11
May  7 04:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: input_userauth_request: invalid user git [preauth]
May  7 04:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for invalid user git from 134.199.149.11 port 55708 ssh2
May  7 04:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Connection closed by 134.199.149.11 port 55708 [preauth]
May  7 04:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 04:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Failed password for root from 134.199.149.11 port 59988 ssh2
May  7 04:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Connection closed by 134.199.149.11 port 59988 [preauth]
May  7 04:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Failed password for root from 162.254.32.62 port 60062 ssh2
May  7 04:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Received disconnect from 162.254.32.62 port 60062:11: Bye Bye [preauth]
May  7 04:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21224]: Disconnected from 162.254.32.62 port 60062 [preauth]
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session closed for user p13x
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: Successful su for rubyman by root
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: + ??? root:rubyman
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344657 of user rubyman.
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21321]: pam_unix(su:session): session closed for user rubyman
May  7 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344657.
May  7 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Invalid user vagrant from 134.199.149.11
May  7 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: input_userauth_request: invalid user vagrant [preauth]
May  7 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Failed password for invalid user vagrant from 134.199.149.11 port 59998 ssh2
May  7 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21347]: Connection closed by 134.199.149.11 port 59998 [preauth]
May  7 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user root
May  7 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21228]: pam_unix(cron:session): session closed for user samftp
May  7 04:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Failed password for root from 134.199.149.11 port 33878 ssh2
May  7 04:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Connection closed by 134.199.149.11 port 33878 [preauth]
May  7 04:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Invalid user deploy from 134.199.149.11
May  7 04:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: input_userauth_request: invalid user deploy [preauth]
May  7 04:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Failed password for invalid user deploy from 134.199.149.11 port 33890 ssh2
May  7 04:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21514]: Connection closed by 134.199.149.11 port 33890 [preauth]
May  7 04:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: Failed password for root from 134.199.149.11 port 37336 ssh2
May  7 04:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21544]: Connection closed by 134.199.149.11 port 37336 [preauth]
May  7 04:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: Failed password for root from 134.199.149.11 port 37344 ssh2
May  7 04:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21555]: Connection closed by 134.199.149.11 port 37344 [preauth]
May  7 04:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Invalid user nexus from 134.199.149.11
May  7 04:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: input_userauth_request: invalid user nexus [preauth]
May  7 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Invalid user sysadm from 188.166.217.79
May  7 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: input_userauth_request: invalid user sysadm [preauth]
May  7 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Failed password for invalid user nexus from 134.199.149.11 port 49518 ssh2
May  7 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Failed password for invalid user sysadm from 188.166.217.79 port 42728 ssh2
May  7 04:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Connection closed by 134.199.149.11 port 49518 [preauth]
May  7 04:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Received disconnect from 188.166.217.79 port 42728:11: Bye Bye [preauth]
May  7 04:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21585]: Disconnected from 188.166.217.79 port 42728 [preauth]
May  7 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Invalid user dev from 134.199.149.11
May  7 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: input_userauth_request: invalid user dev [preauth]
May  7 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20308]: pam_unix(cron:session): session closed for user root
May  7 04:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Failed password for invalid user dev from 134.199.149.11 port 49524 ssh2
May  7 04:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21596]: Connection closed by 134.199.149.11 port 49524 [preauth]
May  7 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Invalid user tools from 134.199.149.11
May  7 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: input_userauth_request: invalid user tools [preauth]
May  7 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Failed password for invalid user tools from 134.199.149.11 port 43608 ssh2
May  7 04:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Connection closed by 134.199.149.11 port 43608 [preauth]
May  7 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Invalid user testuser from 134.199.149.11
May  7 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: input_userauth_request: invalid user testuser [preauth]
May  7 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Failed password for invalid user testuser from 134.199.149.11 port 43612 ssh2
May  7 04:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21660]: Connection closed by 134.199.149.11 port 43612 [preauth]
May  7 04:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Failed password for root from 134.199.149.11 port 59220 ssh2
May  7 04:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21691]: Connection closed by 134.199.149.11 port 59220 [preauth]
May  7 04:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Failed password for root from 134.199.149.11 port 59222 ssh2
May  7 04:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21708]: Connection closed by 134.199.149.11 port 59222 [preauth]
May  7 04:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: Failed password for root from 134.199.149.11 port 42520 ssh2
May  7 04:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21719]: Connection closed by 134.199.149.11 port 42520 [preauth]
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21741]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21740]: pam_unix(cron:session): session closed for user p13x
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22078]: Successful su for rubyman by root
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22078]: + ??? root:rubyman
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344662 of user rubyman.
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22078]: pam_unix(su:session): session closed for user rubyman
May  7 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344662.
May  7 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: Invalid user testuser from 134.199.149.11
May  7 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: input_userauth_request: invalid user testuser [preauth]
May  7 04:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18981]: pam_unix(cron:session): session closed for user root
May  7 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: Failed password for invalid user testuser from 134.199.149.11 port 42534 ssh2
May  7 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22136]: Connection closed by 134.199.149.11 port 42534 [preauth]
May  7 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21741]: pam_unix(cron:session): session closed for user samftp
May  7 04:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Invalid user hadoop from 134.199.149.11
May  7 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: input_userauth_request: invalid user hadoop [preauth]
May  7 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Failed password for invalid user hadoop from 134.199.149.11 port 55720 ssh2
May  7 04:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Connection closed by 134.199.149.11 port 55720 [preauth]
May  7 04:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Failed password for root from 134.199.149.11 port 55736 ssh2
May  7 04:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22315]: Connection closed by 134.199.149.11 port 55736 [preauth]
May  7 04:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Invalid user hadoop from 134.199.149.11
May  7 04:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: input_userauth_request: invalid user hadoop [preauth]
May  7 04:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Failed password for invalid user hadoop from 134.199.149.11 port 49008 ssh2
May  7 04:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22343]: Connection closed by 134.199.149.11 port 49008 [preauth]
May  7 04:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Invalid user oracle from 134.199.149.11
May  7 04:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: input_userauth_request: invalid user oracle [preauth]
May  7 04:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Failed password for invalid user oracle from 134.199.149.11 port 49020 ssh2
May  7 04:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Connection closed by 134.199.149.11 port 49020 [preauth]
May  7 04:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Invalid user elasticsearch from 134.199.149.11
May  7 04:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 04:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Failed password for invalid user elasticsearch from 134.199.149.11 port 51912 ssh2
May  7 04:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22379]: Connection closed by 134.199.149.11 port 51912 [preauth]
May  7 04:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Invalid user git from 134.199.149.11
May  7 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: input_userauth_request: invalid user git [preauth]
May  7 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20740]: pam_unix(cron:session): session closed for user root
May  7 04:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Failed password for invalid user git from 134.199.149.11 port 51924 ssh2
May  7 04:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22392]: Connection closed by 134.199.149.11 port 51924 [preauth]
May  7 04:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Invalid user dolphinscheduler from 134.199.149.11
May  7 04:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 04:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Failed password for invalid user dolphinscheduler from 134.199.149.11 port 47564 ssh2
May  7 04:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22429]: Connection closed by 134.199.149.11 port 47564 [preauth]
May  7 04:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Invalid user ftpuser from 134.199.149.11
May  7 04:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: input_userauth_request: invalid user ftpuser [preauth]
May  7 04:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Failed password for invalid user ftpuser from 134.199.149.11 port 47566 ssh2
May  7 04:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22444]: Connection closed by 134.199.149.11 port 47566 [preauth]
May  7 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: Invalid user siesa from 187.134.39.177
May  7 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: input_userauth_request: invalid user siesa [preauth]
May  7 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: Failed password for invalid user siesa from 187.134.39.177 port 22593 ssh2
May  7 04:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: Received disconnect from 187.134.39.177 port 22593:11: Bye Bye [preauth]
May  7 04:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22472]: Disconnected from 187.134.39.177 port 22593 [preauth]
May  7 04:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Failed password for root from 134.199.149.11 port 40946 ssh2
May  7 04:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Connection closed by 134.199.149.11 port 40946 [preauth]
May  7 04:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: User ftp from 134.199.149.11 not allowed because not listed in AllowUsers
May  7 04:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: input_userauth_request: invalid user ftp [preauth]
May  7 04:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=ftp
May  7 04:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: Failed password for invalid user ftp from 134.199.149.11 port 40950 ssh2
May  7 04:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22485]: Connection closed by 134.199.149.11 port 40950 [preauth]
May  7 04:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Invalid user admin from 134.199.149.11
May  7 04:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: input_userauth_request: invalid user admin [preauth]
May  7 04:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Failed password for invalid user admin from 134.199.149.11 port 46038 ssh2
May  7 04:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22497]: Connection closed by 134.199.149.11 port 46038 [preauth]
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session closed for user p13x
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: Successful su for rubyman by root
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: + ??? root:rubyman
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344666 of user rubyman.
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22583]: pam_unix(su:session): session closed for user rubyman
May  7 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344666.
May  7 04:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Invalid user deployer from 134.199.149.11
May  7 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: input_userauth_request: invalid user deployer [preauth]
May  7 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user root
May  7 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Failed password for invalid user deployer from 134.199.149.11 port 46050 ssh2
May  7 04:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22621]: Connection closed by 134.199.149.11 port 46050 [preauth]
May  7 04:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22510]: pam_unix(cron:session): session closed for user samftp
May  7 04:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Invalid user nginx from 134.199.149.11
May  7 04:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: input_userauth_request: invalid user nginx [preauth]
May  7 04:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Failed password for invalid user nginx from 134.199.149.11 port 54040 ssh2
May  7 04:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22784]: Connection closed by 134.199.149.11 port 54040 [preauth]
May  7 04:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: Invalid user minecraft from 134.199.149.11
May  7 04:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: input_userauth_request: invalid user minecraft [preauth]
May  7 04:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: Failed password for invalid user minecraft from 134.199.149.11 port 54056 ssh2
May  7 04:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22794]: Connection closed by 134.199.149.11 port 54056 [preauth]
May  7 04:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Invalid user test from 134.199.149.11
May  7 04:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: input_userauth_request: invalid user test [preauth]
May  7 04:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for root from 218.92.0.179 port 36645 ssh2
May  7 04:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Failed password for invalid user test from 134.199.149.11 port 39768 ssh2
May  7 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for root from 218.92.0.179 port 36645 ssh2
May  7 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Connection closed by 134.199.149.11 port 39768 [preauth]
May  7 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.80.167  user=root
May  7 04:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Failed password for root from 218.92.0.179 port 36645 ssh2
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Received disconnect from 218.92.0.179 port 36645:11:  [preauth]
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: Disconnected from 218.92.0.179 port 36645 [preauth]
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22816]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: Invalid user steam from 134.199.149.11
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: input_userauth_request: invalid user steam [preauth]
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for root from 47.243.80.167 port 37908 ssh2
May  7 04:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: Failed password for invalid user steam from 134.199.149.11 port 39776 ssh2
May  7 04:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22841]: Connection closed by 134.199.149.11 port 39776 [preauth]
May  7 04:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Invalid user repo from 186.233.208.13
May  7 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: input_userauth_request: invalid user repo [preauth]
May  7 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Failed password for invalid user repo from 186.233.208.13 port 36252 ssh2
May  7 04:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Received disconnect from 186.233.208.13 port 36252:11: Bye Bye [preauth]
May  7 04:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22868]: Disconnected from 186.233.208.13 port 36252 [preauth]
May  7 04:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: Failed password for root from 134.199.149.11 port 57554 ssh2
May  7 04:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22871]: Connection closed by 134.199.149.11 port 57554 [preauth]
May  7 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: Invalid user data from 134.199.149.11
May  7 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: input_userauth_request: invalid user data [preauth]
May  7 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21230]: pam_unix(cron:session): session closed for user root
May  7 04:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: Failed password for invalid user data from 134.199.149.11 port 57556 ssh2
May  7 04:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22884]: Connection closed by 134.199.149.11 port 57556 [preauth]
May  7 04:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Failed password for root from 134.199.149.11 port 42774 ssh2
May  7 04:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22920]: Connection closed by 134.199.149.11 port 42774 [preauth]
May  7 04:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: Invalid user postgres from 134.199.149.11
May  7 04:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: input_userauth_request: invalid user postgres [preauth]
May  7 04:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for root from 47.243.80.167 port 37908 ssh2
May  7 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: Failed password for invalid user postgres from 134.199.149.11 port 42788 ssh2
May  7 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22930]: Connection closed by 134.199.149.11 port 42788 [preauth]
May  7 04:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Invalid user kingbase from 134.199.149.11
May  7 04:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: input_userauth_request: invalid user kingbase [preauth]
May  7 04:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Failed password for invalid user kingbase from 134.199.149.11 port 55534 ssh2
May  7 04:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Connection closed by 134.199.149.11 port 55534 [preauth]
May  7 04:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Bad protocol version identification 'GET / HTTP/1.1' from 65.49.1.224 port 35699
May  7 04:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Invalid user administrator from 134.199.149.11
May  7 04:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: input_userauth_request: invalid user administrator [preauth]
May  7 04:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Failed password for invalid user administrator from 134.199.149.11 port 55548 ssh2
May  7 04:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22995]: Connection closed by 134.199.149.11 port 55548 [preauth]
May  7 04:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for root from 47.243.80.167 port 37908 ssh2
May  7 04:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Failed password for root from 134.199.149.11 port 40606 ssh2
May  7 04:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22998]: Connection closed by 134.199.149.11 port 40606 [preauth]
May  7 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session closed for user p13x
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: Successful su for rubyman by root
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: + ??? root:rubyman
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344670 of user rubyman.
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session closed for user rubyman
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344670.
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Invalid user minecraft from 134.199.149.11
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: input_userauth_request: invalid user minecraft [preauth]
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19874]: pam_unix(cron:session): session closed for user root
May  7 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Failed password for invalid user minecraft from 134.199.149.11 port 40622 ssh2
May  7 04:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23009]: Connection closed by 134.199.149.11 port 40622 [preauth]
May  7 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session closed for user samftp
May  7 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: Invalid user wang from 134.199.149.11
May  7 04:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: input_userauth_request: invalid user wang [preauth]
May  7 04:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for root from 47.243.80.167 port 37908 ssh2
May  7 04:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: Failed password for invalid user wang from 134.199.149.11 port 47676 ssh2
May  7 04:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23268]: Connection closed by 134.199.149.11 port 47676 [preauth]
May  7 04:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for root from 47.243.80.167 port 37908 ssh2
May  7 04:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Connection closed by 47.243.80.167 port 37908 [preauth]
May  7 04:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.243.80.167  user=root
May  7 04:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for root from 134.199.149.11 port 47692 ssh2
May  7 04:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Connection closed by 134.199.149.11 port 47692 [preauth]
May  7 04:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Invalid user ec2-user from 134.199.149.11
May  7 04:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: input_userauth_request: invalid user ec2-user [preauth]
May  7 04:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Failed password for invalid user ec2-user from 134.199.149.11 port 47708 ssh2
May  7 04:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23302]: Connection closed by 134.199.149.11 port 47708 [preauth]
May  7 04:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Invalid user dev from 134.199.149.11
May  7 04:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: input_userauth_request: invalid user dev [preauth]
May  7 04:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Failed password for invalid user dev from 134.199.149.11 port 47670 ssh2
May  7 04:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23401]: Connection closed by 134.199.149.11 port 47670 [preauth]
May  7 04:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Failed password for root from 134.199.149.11 port 47686 ssh2
May  7 04:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Connection closed by 134.199.149.11 port 47686 [preauth]
May  7 04:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114  user=root
May  7 04:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Invalid user openvpn from 134.199.149.11
May  7 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: input_userauth_request: invalid user openvpn [preauth]
May  7 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session closed for user root
May  7 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Failed password for root from 106.51.92.114 port 54600 ssh2
May  7 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Received disconnect from 106.51.92.114 port 54600:11: Bye Bye [preauth]
May  7 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23439]: Disconnected from 106.51.92.114 port 54600 [preauth]
May  7 04:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Failed password for invalid user openvpn from 134.199.149.11 port 46864 ssh2
May  7 04:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Connection closed by 134.199.149.11 port 46864 [preauth]
May  7 04:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Invalid user centos from 134.199.149.11
May  7 04:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: input_userauth_request: invalid user centos [preauth]
May  7 04:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Failed password for invalid user centos from 134.199.149.11 port 46868 ssh2
May  7 04:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23477]: Connection closed by 134.199.149.11 port 46868 [preauth]
May  7 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Invalid user tomcat from 134.199.149.11
May  7 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: input_userauth_request: invalid user tomcat [preauth]
May  7 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Failed password for invalid user tomcat from 134.199.149.11 port 60504 ssh2
May  7 04:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23487]: Connection closed by 134.199.149.11 port 60504 [preauth]
May  7 04:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: Failed password for root from 134.199.149.11 port 60514 ssh2
May  7 04:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23510]: Connection closed by 134.199.149.11 port 60514 [preauth]
May  7 04:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Invalid user opc from 134.199.149.11
May  7 04:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: input_userauth_request: invalid user opc [preauth]
May  7 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Failed password for invalid user opc from 134.199.149.11 port 36318 ssh2
May  7 04:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23519]: Connection closed by 134.199.149.11 port 36318 [preauth]
May  7 04:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144  user=root
May  7 04:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Failed password for root from 203.194.114.144 port 33878 ssh2
May  7 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Received disconnect from 203.194.114.144 port 33878:11: Bye Bye [preauth]
May  7 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Disconnected from 203.194.114.144 port 33878 [preauth]
May  7 04:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Failed password for root from 134.199.149.11 port 36320 ssh2
May  7 04:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23526]: Connection closed by 134.199.149.11 port 36320 [preauth]
May  7 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23544]: pam_unix(cron:session): session closed for user root
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session closed for user p13x
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: Invalid user lsfadmin from 134.199.149.11
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: input_userauth_request: invalid user lsfadmin [preauth]
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23617]: Successful su for rubyman by root
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23617]: + ??? root:rubyman
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344673 of user rubyman.
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23617]: pam_unix(su:session): session closed for user rubyman
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344673.
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222  user=root
May  7 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session closed for user root
May  7 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: Failed password for invalid user lsfadmin from 134.199.149.11 port 60202 ssh2
May  7 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23536]: Connection closed by 134.199.149.11 port 60202 [preauth]
May  7 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20307]: pam_unix(cron:session): session closed for user root
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23628]: Failed password for root from 181.228.68.222 port 40084 ssh2
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23628]: Received disconnect from 181.228.68.222 port 40084:11: Bye Bye [preauth]
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23628]: Disconnected from 181.228.68.222 port 40084 [preauth]
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Invalid user sonia from 187.134.39.177
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: input_userauth_request: invalid user sonia [preauth]
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.134.39.177
May  7 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23540]: pam_unix(cron:session): session closed for user samftp
May  7 04:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Failed password for invalid user sonia from 187.134.39.177 port 55090 ssh2
May  7 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Received disconnect from 187.134.39.177 port 55090:11: Bye Bye [preauth]
May  7 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23908]: Disconnected from 187.134.39.177 port 55090 [preauth]
May  7 04:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Failed password for root from 134.199.149.11 port 60214 ssh2
May  7 04:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23916]: Connection closed by 134.199.149.11 port 60214 [preauth]
May  7 04:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Invalid user postgres from 134.199.149.11
May  7 04:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: input_userauth_request: invalid user postgres [preauth]
May  7 04:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Failed password for invalid user postgres from 134.199.149.11 port 50288 ssh2
May  7 04:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Connection closed by 134.199.149.11 port 50288 [preauth]
May  7 04:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Failed password for root from 134.199.149.11 port 50300 ssh2
May  7 04:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23971]: Connection closed by 134.199.149.11 port 50300 [preauth]
May  7 04:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Invalid user dolphinscheduler from 134.199.149.11
May  7 04:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 04:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Failed password for invalid user dolphinscheduler from 134.199.149.11 port 45546 ssh2
May  7 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23982]: Connection closed by 134.199.149.11 port 45546 [preauth]
May  7 04:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Invalid user jenkins from 134.199.149.11
May  7 04:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: input_userauth_request: invalid user jenkins [preauth]
May  7 04:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Failed password for invalid user jenkins from 134.199.149.11 port 45548 ssh2
May  7 04:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24019]: Connection closed by 134.199.149.11 port 45548 [preauth]
May  7 04:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22513]: pam_unix(cron:session): session closed for user root
May  7 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Failed password for root from 134.199.149.11 port 55402 ssh2
May  7 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24030]: Connection closed by 134.199.149.11 port 55402 [preauth]
May  7 04:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Invalid user plexserver from 134.199.149.11
May  7 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: input_userauth_request: invalid user plexserver [preauth]
May  7 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Failed password for invalid user plexserver from 134.199.149.11 port 55418 ssh2
May  7 04:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24060]: Connection closed by 134.199.149.11 port 55418 [preauth]
May  7 04:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Invalid user uftp from 134.199.149.11
May  7 04:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: input_userauth_request: invalid user uftp [preauth]
May  7 04:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Failed password for invalid user uftp from 134.199.149.11 port 46492 ssh2
May  7 04:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24070]: Connection closed by 134.199.149.11 port 46492 [preauth]
May  7 04:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Invalid user debian from 134.199.149.11
May  7 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: input_userauth_request: invalid user debian [preauth]
May  7 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Failed password for invalid user debian from 134.199.149.11 port 46496 ssh2
May  7 04:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24093]: Connection closed by 134.199.149.11 port 46496 [preauth]
May  7 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: Invalid user dolphinscheduler from 134.199.149.11
May  7 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: Failed password for invalid user dolphinscheduler from 134.199.149.11 port 60354 ssh2
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24096]: Connection closed by 134.199.149.11 port 60354 [preauth]
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Invalid user remoto from 162.254.32.62
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: input_userauth_request: invalid user remoto [preauth]
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Failed password for invalid user remoto from 162.254.32.62 port 50010 ssh2
May  7 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Received disconnect from 162.254.32.62 port 50010:11: Bye Bye [preauth]
May  7 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24106]: Disconnected from 162.254.32.62 port 50010 [preauth]
May  7 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Invalid user www from 134.199.149.11
May  7 04:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: input_userauth_request: invalid user www [preauth]
May  7 04:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Failed password for invalid user www from 134.199.149.11 port 60368 ssh2
May  7 04:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24108]: Connection closed by 134.199.149.11 port 60368 [preauth]
May  7 04:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Invalid user postgres from 134.199.149.11
May  7 04:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: input_userauth_request: invalid user postgres [preauth]
May  7 04:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user p13x
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: Successful su for rubyman by root
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: + ??? root:rubyman
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344680 of user rubyman.
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: pam_unix(su:session): session closed for user rubyman
May  7 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344680.
May  7 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Failed password for invalid user postgres from 134.199.149.11 port 33562 ssh2
May  7 04:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24118]: Connection closed by 134.199.149.11 port 33562 [preauth]
May  7 04:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20739]: pam_unix(cron:session): session closed for user root
May  7 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Invalid user test from 134.199.149.11
May  7 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: input_userauth_request: invalid user test [preauth]
May  7 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user samftp
May  7 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Failed password for invalid user test from 134.199.149.11 port 33564 ssh2
May  7 04:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24378]: Connection closed by 134.199.149.11 port 33564 [preauth]
May  7 04:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Invalid user server from 134.199.149.11
May  7 04:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: input_userauth_request: invalid user server [preauth]
May  7 04:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Failed password for invalid user server from 134.199.149.11 port 37744 ssh2
May  7 04:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Connection closed by 134.199.149.11 port 37744 [preauth]
May  7 04:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Invalid user ansible from 134.199.149.11
May  7 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: input_userauth_request: invalid user ansible [preauth]
May  7 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Failed password for invalid user ansible from 134.199.149.11 port 37756 ssh2
May  7 04:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24445]: Connection closed by 134.199.149.11 port 37756 [preauth]
May  7 04:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Failed password for root from 134.199.149.11 port 45096 ssh2
May  7 04:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24455]: Connection closed by 134.199.149.11 port 45096 [preauth]
May  7 04:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Invalid user flink from 134.199.149.11
May  7 04:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: input_userauth_request: invalid user flink [preauth]
May  7 04:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Failed password for invalid user flink from 134.199.149.11 port 45108 ssh2
May  7 04:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24481]: Connection closed by 134.199.149.11 port 45108 [preauth]
May  7 04:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Invalid user ubuntu from 134.199.149.11
May  7 04:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: input_userauth_request: invalid user ubuntu [preauth]
May  7 04:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for invalid user ubuntu from 134.199.149.11 port 45710 ssh2
May  7 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Connection closed by 134.199.149.11 port 45710 [preauth]
May  7 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23016]: pam_unix(cron:session): session closed for user root
May  7 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: User backup from 134.199.149.11 not allowed because not listed in AllowUsers
May  7 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: input_userauth_request: invalid user backup [preauth]
May  7 04:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=backup
May  7 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Invalid user freelancer from 119.96.221.127
May  7 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: input_userauth_request: invalid user freelancer [preauth]
May  7 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.96.221.127
May  7 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Failed password for invalid user backup from 134.199.149.11 port 45722 ssh2
May  7 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24528]: Connection closed by 134.199.149.11 port 45722 [preauth]
May  7 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Failed password for invalid user freelancer from 119.96.221.127 port 43218 ssh2
May  7 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Received disconnect from 119.96.221.127 port 43218:11: Bye Bye [preauth]
May  7 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24530]: Disconnected from 119.96.221.127 port 43218 [preauth]
May  7 04:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Invalid user centos from 134.199.149.11
May  7 04:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: input_userauth_request: invalid user centos [preauth]
May  7 04:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Failed password for invalid user centos from 134.199.149.11 port 60442 ssh2
May  7 04:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24541]: Connection closed by 134.199.149.11 port 60442 [preauth]
May  7 04:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 04:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Invalid user ts from 134.199.149.11
May  7 04:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: input_userauth_request: invalid user ts [preauth]
May  7 04:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Failed password for root from 188.166.217.79 port 37928 ssh2
May  7 04:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Received disconnect from 188.166.217.79 port 37928:11: Bye Bye [preauth]
May  7 04:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Disconnected from 188.166.217.79 port 37928 [preauth]
May  7 04:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Failed password for invalid user ts from 134.199.149.11 port 60446 ssh2
May  7 04:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Connection closed by 134.199.149.11 port 60446 [preauth]
May  7 04:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Invalid user jumpserver from 134.199.149.11
May  7 04:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: input_userauth_request: invalid user jumpserver [preauth]
May  7 04:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Failed password for invalid user jumpserver from 134.199.149.11 port 56830 ssh2
May  7 04:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Connection closed by 134.199.149.11 port 56830 [preauth]
May  7 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Invalid user hadoop from 134.199.149.11
May  7 04:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: input_userauth_request: invalid user hadoop [preauth]
May  7 04:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Failed password for invalid user hadoop from 134.199.149.11 port 56832 ssh2
May  7 04:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24593]: Connection closed by 134.199.149.11 port 56832 [preauth]
May  7 04:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Invalid user gitlab-runner from 134.199.149.11
May  7 04:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: input_userauth_request: invalid user gitlab-runner [preauth]
May  7 04:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24609]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24609]: pam_unix(cron:session): session closed for user p13x
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Failed password for invalid user gitlab-runner from 134.199.149.11 port 38902 ssh2
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24600]: Connection closed by 134.199.149.11 port 38902 [preauth]
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: Successful su for rubyman by root
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: + ??? root:rubyman
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344685 of user rubyman.
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: pam_unix(su:session): session closed for user rubyman
May  7 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344685.
May  7 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Invalid user steam from 134.199.149.11
May  7 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: input_userauth_request: invalid user steam [preauth]
May  7 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21229]: pam_unix(cron:session): session closed for user root
May  7 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24610]: pam_unix(cron:session): session closed for user samftp
May  7 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Failed password for invalid user steam from 134.199.149.11 port 38916 ssh2
May  7 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24812]: Connection closed by 134.199.149.11 port 38916 [preauth]
May  7 04:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Invalid user uftp from 134.199.149.11
May  7 04:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: input_userauth_request: invalid user uftp [preauth]
May  7 04:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Failed password for invalid user uftp from 134.199.149.11 port 50248 ssh2
May  7 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24865]: Connection closed by 134.199.149.11 port 50248 [preauth]
May  7 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: Invalid user ahalim from 64.226.100.253
May  7 04:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: input_userauth_request: invalid user ahalim [preauth]
May  7 04:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: Failed password for invalid user ahalim from 64.226.100.253 port 37478 ssh2
May  7 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24877]: Connection closed by 64.226.100.253 port 37478 [preauth]
May  7 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Invalid user esroot from 134.199.149.11
May  7 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: input_userauth_request: invalid user esroot [preauth]
May  7 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Failed password for invalid user esroot from 134.199.149.11 port 50250 ssh2
May  7 04:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24891]: Connection closed by 134.199.149.11 port 50250 [preauth]
May  7 04:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Failed password for root from 134.199.149.11 port 46302 ssh2
May  7 04:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24905]: Connection closed by 134.199.149.11 port 46302 [preauth]
May  7 04:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Invalid user admin from 80.94.95.112
May  7 04:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: input_userauth_request: invalid user admin [preauth]
May  7 04:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 04:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for invalid user admin from 80.94.95.112 port 28252 ssh2
May  7 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Invalid user postgres from 134.199.149.11
May  7 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: input_userauth_request: invalid user postgres [preauth]
May  7 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for invalid user admin from 80.94.95.112 port 28252 ssh2
May  7 04:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for invalid user postgres from 134.199.149.11 port 46308 ssh2
May  7 04:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Connection closed by 134.199.149.11 port 46308 [preauth]
May  7 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Invalid user sysadmin from 190.103.202.7
May  7 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: input_userauth_request: invalid user sysadmin [preauth]
May  7 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 04:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for invalid user admin from 80.94.95.112 port 28252 ssh2
May  7 04:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Failed password for invalid user sysadmin from 190.103.202.7 port 46462 ssh2
May  7 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24947]: Connection closed by 190.103.202.7 port 46462 [preauth]
May  7 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Invalid user oracle from 134.199.149.11
May  7 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: input_userauth_request: invalid user oracle [preauth]
May  7 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for invalid user admin from 80.94.95.112 port 28252 ssh2
May  7 04:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Failed password for invalid user oracle from 134.199.149.11 port 41960 ssh2
May  7 04:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24952]: Connection closed by 134.199.149.11 port 41960 [preauth]
May  7 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Failed password for invalid user admin from 80.94.95.112 port 28252 ssh2
May  7 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Received disconnect from 80.94.95.112 port 28252:11: Bye [preauth]
May  7 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: Disconnected from 80.94.95.112 port 28252 [preauth]
May  7 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 04:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24916]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 04:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23543]: pam_unix(cron:session): session closed for user root
May  7 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Failed password for root from 134.199.149.11 port 41962 ssh2
May  7 04:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24970]: Connection closed by 134.199.149.11 port 41962 [preauth]
May  7 04:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Invalid user sonar from 134.199.149.11
May  7 04:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: input_userauth_request: invalid user sonar [preauth]
May  7 04:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Failed password for invalid user sonar from 134.199.149.11 port 39694 ssh2
May  7 04:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24993]: Connection closed by 134.199.149.11 port 39694 [preauth]
May  7 04:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Invalid user es from 134.199.149.11
May  7 04:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: input_userauth_request: invalid user es [preauth]
May  7 04:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Failed password for invalid user es from 134.199.149.11 port 39704 ssh2
May  7 04:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25007]: Connection closed by 134.199.149.11 port 39704 [preauth]
May  7 04:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Invalid user admin from 134.199.149.11
May  7 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: input_userauth_request: invalid user admin [preauth]
May  7 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Failed password for invalid user admin from 134.199.149.11 port 49872 ssh2
May  7 04:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25030]: Connection closed by 134.199.149.11 port 49872 [preauth]
May  7 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Invalid user app from 134.199.149.11
May  7 04:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: input_userauth_request: invalid user app [preauth]
May  7 04:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Failed password for invalid user app from 134.199.149.11 port 49878 ssh2
May  7 04:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25040]: Connection closed by 134.199.149.11 port 49878 [preauth]
May  7 04:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: Invalid user es from 134.199.149.11
May  7 04:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: input_userauth_request: invalid user es [preauth]
May  7 04:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: Failed password for invalid user es from 134.199.149.11 port 59202 ssh2
May  7 04:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25050]: Connection closed by 134.199.149.11 port 59202 [preauth]
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25053]: pam_unix(cron:session): session closed for user p13x
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: Successful su for rubyman by root
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: + ??? root:rubyman
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344688 of user rubyman.
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25112]: pam_unix(su:session): session closed for user rubyman
May  7 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344688.
May  7 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Invalid user gpuadmin from 134.199.149.11
May  7 04:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: input_userauth_request: invalid user gpuadmin [preauth]
May  7 04:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21742]: pam_unix(cron:session): session closed for user root
May  7 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Failed password for invalid user gpuadmin from 134.199.149.11 port 59218 ssh2
May  7 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25198]: Connection closed by 134.199.149.11 port 59218 [preauth]
May  7 04:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25054]: pam_unix(cron:session): session closed for user samftp
May  7 04:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: Invalid user dmdba from 134.199.149.11
May  7 04:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: input_userauth_request: invalid user dmdba [preauth]
May  7 04:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: Failed password for invalid user dmdba from 134.199.149.11 port 49500 ssh2
May  7 04:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25309]: Connection closed by 134.199.149.11 port 49500 [preauth]
May  7 04:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Invalid user esearch from 134.199.149.11
May  7 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: input_userauth_request: invalid user esearch [preauth]
May  7 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Failed password for invalid user esearch from 134.199.149.11 port 49506 ssh2
May  7 04:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Connection closed by 134.199.149.11 port 49506 [preauth]
May  7 04:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Invalid user gitlab from 134.199.149.11
May  7 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: input_userauth_request: invalid user gitlab [preauth]
May  7 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Failed password for invalid user gitlab from 134.199.149.11 port 53716 ssh2
May  7 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Connection closed by 134.199.149.11 port 53716 [preauth]
May  7 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25356]: Failed password for root from 134.199.149.11 port 53732 ssh2
May  7 04:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25356]: Connection closed by 134.199.149.11 port 53732 [preauth]
May  7 04:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Invalid user jms from 134.199.149.11
May  7 04:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: input_userauth_request: invalid user jms [preauth]
May  7 04:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Failed password for invalid user jms from 134.199.149.11 port 44244 ssh2
May  7 04:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25385]: Connection closed by 134.199.149.11 port 44244 [preauth]
May  7 04:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user root
May  7 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Failed password for root from 134.199.149.11 port 44262 ssh2
May  7 04:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25395]: Connection closed by 134.199.149.11 port 44262 [preauth]
May  7 04:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Invalid user stream from 134.199.149.11
May  7 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: input_userauth_request: invalid user stream [preauth]
May  7 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Failed password for invalid user stream from 134.199.149.11 port 51378 ssh2
May  7 04:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Connection closed by 134.199.149.11 port 51378 [preauth]
May  7 04:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: Failed password for root from 134.199.149.11 port 51394 ssh2
May  7 04:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: Connection closed by 134.199.149.11 port 51394 [preauth]
May  7 04:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Invalid user ranger from 134.199.149.11
May  7 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: input_userauth_request: invalid user ranger [preauth]
May  7 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Failed password for invalid user ranger from 134.199.149.11 port 52308 ssh2
May  7 04:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Connection closed by 134.199.149.11 port 52308 [preauth]
May  7 04:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: Invalid user elsearch from 134.199.149.11
May  7 04:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: input_userauth_request: invalid user elsearch [preauth]
May  7 04:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: Failed password for invalid user elsearch from 134.199.149.11 port 52338 ssh2
May  7 04:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25471]: Connection closed by 134.199.149.11 port 52338 [preauth]
May  7 04:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Invalid user dspace from 134.199.149.11
May  7 04:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: input_userauth_request: invalid user dspace [preauth]
May  7 04:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Failed password for invalid user dspace from 134.199.149.11 port 54918 ssh2
May  7 04:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25481]: Connection closed by 134.199.149.11 port 54918 [preauth]
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session closed for user p13x
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: Successful su for rubyman by root
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: + ??? root:rubyman
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344692 of user rubyman.
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25559]: pam_unix(su:session): session closed for user rubyman
May  7 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344692.
May  7 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22511]: pam_unix(cron:session): session closed for user root
May  7 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Failed password for root from 134.199.149.11 port 54950 ssh2
May  7 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Connection closed by 134.199.149.11 port 54950 [preauth]
May  7 04:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25485]: pam_unix(cron:session): session closed for user samftp
May  7 04:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Invalid user yealink from 134.199.149.11
May  7 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: input_userauth_request: invalid user yealink [preauth]
May  7 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Failed password for invalid user yealink from 134.199.149.11 port 58582 ssh2
May  7 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25795]: Connection closed by 134.199.149.11 port 58582 [preauth]
May  7 04:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Invalid user lighthouse from 134.199.149.11
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: input_userauth_request: invalid user lighthouse [preauth]
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Invalid user sshuser from 186.233.208.13
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: input_userauth_request: invalid user sshuser [preauth]
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 04:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Failed password for invalid user lighthouse from 134.199.149.11 port 58586 ssh2
May  7 04:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Connection closed by 134.199.149.11 port 58586 [preauth]
May  7 04:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Failed password for invalid user sshuser from 186.233.208.13 port 46822 ssh2
May  7 04:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Received disconnect from 186.233.208.13 port 46822:11: Bye Bye [preauth]
May  7 04:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25818]: Disconnected from 186.233.208.13 port 46822 [preauth]
May  7 04:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25853]: Failed password for root from 134.199.149.11 port 48818 ssh2
May  7 04:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25853]: Connection closed by 134.199.149.11 port 48818 [preauth]
May  7 04:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: Invalid user fastuser from 134.199.149.11
May  7 04:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: input_userauth_request: invalid user fastuser [preauth]
May  7 04:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: Failed password for invalid user fastuser from 134.199.149.11 port 48832 ssh2
May  7 04:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25863]: Connection closed by 134.199.149.11 port 48832 [preauth]
May  7 04:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: Invalid user oracle from 134.199.149.11
May  7 04:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: input_userauth_request: invalid user oracle [preauth]
May  7 04:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: Failed password for invalid user oracle from 134.199.149.11 port 58318 ssh2
May  7 04:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25886]: Connection closed by 134.199.149.11 port 58318 [preauth]
May  7 04:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25897]: User proxy from 134.199.149.11 not allowed because not listed in AllowUsers
May  7 04:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25897]: input_userauth_request: invalid user proxy [preauth]
May  7 04:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=proxy
May  7 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24613]: pam_unix(cron:session): session closed for user root
May  7 04:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25897]: Failed password for invalid user proxy from 134.199.149.11 port 58324 ssh2
May  7 04:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25897]: Connection closed by 134.199.149.11 port 58324 [preauth]
May  7 04:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Invalid user jfedu1 from 134.199.149.11
May  7 04:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: input_userauth_request: invalid user jfedu1 [preauth]
May  7 04:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Failed password for invalid user jfedu1 from 134.199.149.11 port 39336 ssh2
May  7 04:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25939]: Connection closed by 134.199.149.11 port 39336 [preauth]
May  7 04:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: Invalid user nvidia from 134.199.149.11
May  7 04:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: input_userauth_request: invalid user nvidia [preauth]
May  7 04:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: Failed password for invalid user nvidia from 134.199.149.11 port 39364 ssh2
May  7 04:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25956]: Connection closed by 134.199.149.11 port 39364 [preauth]
May  7 04:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Invalid user docker from 134.199.149.11
May  7 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: input_userauth_request: invalid user docker [preauth]
May  7 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Failed password for invalid user docker from 134.199.149.11 port 41434 ssh2
May  7 04:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: Connection closed by 134.199.149.11 port 41434 [preauth]
May  7 04:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Failed password for root from 134.199.149.11 port 41454 ssh2
May  7 04:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Connection closed by 134.199.149.11 port 41454 [preauth]
May  7 04:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: Invalid user steam from 134.199.149.11
May  7 04:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: input_userauth_request: invalid user steam [preauth]
May  7 04:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Invalid user tianyu from 106.51.92.114
May  7 04:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: input_userauth_request: invalid user tianyu [preauth]
May  7 04:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 04:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: Failed password for invalid user steam from 134.199.149.11 port 43440 ssh2
May  7 04:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26001]: Connection closed by 134.199.149.11 port 43440 [preauth]
May  7 04:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Failed password for invalid user tianyu from 106.51.92.114 port 44581 ssh2
May  7 04:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Received disconnect from 106.51.92.114 port 44581:11: Bye Bye [preauth]
May  7 04:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26003]: Disconnected from 106.51.92.114 port 44581 [preauth]
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session closed for user root
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26016]: pam_unix(cron:session): session closed for user p13x
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: Successful su for rubyman by root
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: + ??? root:rubyman
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344696 of user rubyman.
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26089]: pam_unix(su:session): session closed for user rubyman
May  7 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344696.
May  7 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26018]: pam_unix(cron:session): session closed for user root
May  7 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Failed password for root from 134.199.149.11 port 43456 ssh2
May  7 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26092]: Connection closed by 134.199.149.11 port 43456 [preauth]
May  7 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session closed for user root
May  7 04:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26017]: pam_unix(cron:session): session closed for user samftp
May  7 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Failed password for root from 134.199.149.11 port 43472 ssh2
May  7 04:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26296]: Connection closed by 134.199.149.11 port 43472 [preauth]
May  7 04:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: Invalid user appuser from 134.199.149.11
May  7 04:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: input_userauth_request: invalid user appuser [preauth]
May  7 04:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: Failed password for invalid user appuser from 134.199.149.11 port 40604 ssh2
May  7 04:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26306]: Connection closed by 134.199.149.11 port 40604 [preauth]
May  7 04:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: Invalid user opc from 134.199.149.11
May  7 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: input_userauth_request: invalid user opc [preauth]
May  7 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: Failed password for invalid user opc from 134.199.149.11 port 40620 ssh2
May  7 04:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26324]: Connection closed by 134.199.149.11 port 40620 [preauth]
May  7 04:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Invalid user esuser from 134.199.149.11
May  7 04:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: input_userauth_request: invalid user esuser [preauth]
May  7 04:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Failed password for invalid user esuser from 134.199.149.11 port 32810 ssh2
May  7 04:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Connection closed by 134.199.149.11 port 32810 [preauth]
May  7 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: Invalid user ubnt from 134.199.149.11
May  7 04:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: input_userauth_request: invalid user ubnt [preauth]
May  7 04:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: Failed password for invalid user ubnt from 134.199.149.11 port 32822 ssh2
May  7 04:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26356]: Connection closed by 134.199.149.11 port 32822 [preauth]
May  7 04:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Invalid user user from 134.199.149.11
May  7 04:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: input_userauth_request: invalid user user [preauth]
May  7 04:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25056]: pam_unix(cron:session): session closed for user root
May  7 04:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Failed password for invalid user user from 134.199.149.11 port 53972 ssh2
May  7 04:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Connection closed by 134.199.149.11 port 53972 [preauth]
May  7 04:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Invalid user user from 134.199.149.11
May  7 04:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: input_userauth_request: invalid user user [preauth]
May  7 04:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Failed password for invalid user user from 134.199.149.11 port 53980 ssh2
May  7 04:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26401]: Connection closed by 134.199.149.11 port 53980 [preauth]
May  7 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Invalid user odoo16 from 134.199.149.11
May  7 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: input_userauth_request: invalid user odoo16 [preauth]
May  7 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Failed password for invalid user odoo16 from 134.199.149.11 port 56274 ssh2
May  7 04:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26412]: Connection closed by 134.199.149.11 port 56274 [preauth]
May  7 04:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Invalid user mongo from 134.199.149.11
May  7 04:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: input_userauth_request: invalid user mongo [preauth]
May  7 04:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Failed password for invalid user mongo from 134.199.149.11 port 56282 ssh2
May  7 04:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Connection closed by 134.199.149.11 port 56282 [preauth]
May  7 04:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 04:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Invalid user observer from 134.199.149.11
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: input_userauth_request: invalid user observer [preauth]
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26530]: Failed password for root from 162.254.32.62 port 34300 ssh2
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26530]: Received disconnect from 162.254.32.62 port 34300:11: Bye Bye [preauth]
May  7 04:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26530]: Disconnected from 162.254.32.62 port 34300 [preauth]
May  7 04:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Failed password for invalid user observer from 134.199.149.11 port 50352 ssh2
May  7 04:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Connection closed by 134.199.149.11 port 50352 [preauth]
May  7 04:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.149.11  user=root
May  7 04:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Invalid user mcc from 203.194.114.144
May  7 04:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: input_userauth_request: invalid user mcc [preauth]
May  7 04:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Failed password for root from 134.199.149.11 port 50368 ssh2
May  7 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Connection closed by 134.199.149.11 port 50368 [preauth]
May  7 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Failed password for invalid user mcc from 203.194.114.144 port 43402 ssh2
May  7 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Received disconnect from 203.194.114.144 port 43402:11: Bye Bye [preauth]
May  7 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Disconnected from 203.194.114.144 port 43402 [preauth]
May  7 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26559]: pam_unix(cron:session): session closed for user p13x
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26625]: Successful su for rubyman by root
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26625]: + ??? root:rubyman
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344701 of user rubyman.
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26625]: pam_unix(su:session): session closed for user rubyman
May  7 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344701.
May  7 04:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23542]: pam_unix(cron:session): session closed for user root
May  7 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26560]: pam_unix(cron:session): session closed for user samftp
May  7 04:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Invalid user eric from 181.228.68.222
May  7 04:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: input_userauth_request: invalid user eric [preauth]
May  7 04:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 04:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Failed password for invalid user eric from 181.228.68.222 port 48400 ssh2
May  7 04:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Received disconnect from 181.228.68.222 port 48400:11: Bye Bye [preauth]
May  7 04:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26815]: Disconnected from 181.228.68.222 port 48400 [preauth]
May  7 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25487]: pam_unix(cron:session): session closed for user root
May  7 04:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Invalid user myappuser from 188.166.217.79
May  7 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: input_userauth_request: invalid user myappuser [preauth]
May  7 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 04:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Failed password for invalid user myappuser from 188.166.217.79 port 33046 ssh2
May  7 04:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Received disconnect from 188.166.217.79 port 33046:11: Bye Bye [preauth]
May  7 04:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27006]: Disconnected from 188.166.217.79 port 33046 [preauth]
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27010]: pam_unix(cron:session): session closed for user p13x
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: Successful su for rubyman by root
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: + ??? root:rubyman
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344705 of user rubyman.
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27099]: pam_unix(su:session): session closed for user rubyman
May  7 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344705.
May  7 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
May  7 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27011]: pam_unix(cron:session): session closed for user samftp
May  7 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user root
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27510]: pam_unix(cron:session): session closed for user p13x
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27580]: Successful su for rubyman by root
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27580]: + ??? root:rubyman
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344710 of user rubyman.
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27580]: pam_unix(su:session): session closed for user rubyman
May  7 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344710.
May  7 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24612]: pam_unix(cron:session): session closed for user root
May  7 04:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27511]: pam_unix(cron:session): session closed for user samftp
May  7 04:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user root
May  7 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Invalid user ahuma from 64.226.100.253
May  7 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: input_userauth_request: invalid user ahuma [preauth]
May  7 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: pam_unix(sshd:auth): check pass; user unknown
May  7 04:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 04:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Failed password for invalid user ahuma from 64.226.100.253 port 48976 ssh2
May  7 04:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Connection closed by 64.226.100.253 port 48976 [preauth]
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27924]: pam_unix(cron:session): session closed for user p13x
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27990]: Successful su for rubyman by root
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27990]: + ??? root:rubyman
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27990]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344713 of user rubyman.
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27990]: pam_unix(su:session): session closed for user rubyman
May  7 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344713.
May  7 04:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25055]: pam_unix(cron:session): session closed for user root
May  7 04:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27925]: pam_unix(cron:session): session closed for user samftp
May  7 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27023]: pam_unix(cron:session): session closed for user root
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28328]: pam_unix(cron:session): session closed for user root
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session closed for user root
May  7 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session closed for user p13x
May  7 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28426]: Successful su for rubyman by root
May  7 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28426]: + ??? root:rubyman
May  7 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344717 of user rubyman.
May  7 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28426]: pam_unix(su:session): session closed for user rubyman
May  7 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344717.
May  7 05:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25486]: pam_unix(cron:session): session closed for user root
May  7 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session closed for user root
May  7 05:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session closed for user samftp
May  7 05:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: Invalid user fleek from 186.233.208.13
May  7 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: input_userauth_request: invalid user fleek [preauth]
May  7 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: Failed password for invalid user fleek from 186.233.208.13 port 51504 ssh2
May  7 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: Received disconnect from 186.233.208.13 port 51504:11: Bye Bye [preauth]
May  7 05:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28644]: Disconnected from 186.233.208.13 port 51504 [preauth]
May  7 05:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Invalid user halo from 106.51.92.114
May  7 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: input_userauth_request: invalid user halo [preauth]
May  7 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 05:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Failed password for invalid user halo from 106.51.92.114 port 34558 ssh2
May  7 05:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Received disconnect from 106.51.92.114 port 34558:11: Bye Bye [preauth]
May  7 05:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28677]: Disconnected from 106.51.92.114 port 34558 [preauth]
May  7 05:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27513]: pam_unix(cron:session): session closed for user root
May  7 05:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 05:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Failed password for root from 162.254.32.62 port 34208 ssh2
May  7 05:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Received disconnect from 162.254.32.62 port 34208:11: Bye Bye [preauth]
May  7 05:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Disconnected from 162.254.32.62 port 34208 [preauth]
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session closed for user p13x
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: Successful su for rubyman by root
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: + ??? root:rubyman
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344724 of user rubyman.
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28907]: pam_unix(su:session): session closed for user rubyman
May  7 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344724.
May  7 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26019]: pam_unix(cron:session): session closed for user root
May  7 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Invalid user rmartinez from 119.96.221.127
May  7 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: input_userauth_request: invalid user rmartinez [preauth]
May  7 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.96.221.127
May  7 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user samftp
May  7 05:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Failed password for invalid user rmartinez from 119.96.221.127 port 55180 ssh2
May  7 05:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Received disconnect from 119.96.221.127 port 55180:11: Bye Bye [preauth]
May  7 05:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29162]: Disconnected from 119.96.221.127 port 55180 [preauth]
May  7 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27927]: pam_unix(cron:session): session closed for user root
May  7 05:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Invalid user akash from 203.194.114.144
May  7 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: input_userauth_request: invalid user akash [preauth]
May  7 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 05:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Failed password for invalid user akash from 203.194.114.144 port 52922 ssh2
May  7 05:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Received disconnect from 203.194.114.144 port 52922:11: Bye Bye [preauth]
May  7 05:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29334]: Disconnected from 203.194.114.144 port 52922 [preauth]
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29360]: pam_unix(cron:session): session closed for user p13x
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: Successful su for rubyman by root
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: + ??? root:rubyman
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29425]: pam_unix(su:session): session closed for user rubyman
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344731 of user rubyman.
May  7 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344731.
May  7 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26561]: pam_unix(cron:session): session closed for user root
May  7 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29361]: pam_unix(cron:session): session closed for user samftp
May  7 05:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 05:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Invalid user sshuser from 181.228.68.222
May  7 05:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: input_userauth_request: invalid user sshuser [preauth]
May  7 05:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 05:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29637]: Failed password for root from 188.166.217.79 port 38340 ssh2
May  7 05:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29637]: Received disconnect from 188.166.217.79 port 38340:11: Bye Bye [preauth]
May  7 05:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29637]: Disconnected from 188.166.217.79 port 38340 [preauth]
May  7 05:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Failed password for invalid user sshuser from 181.228.68.222 port 56716 ssh2
May  7 05:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Received disconnect from 181.228.68.222 port 56716:11: Bye Bye [preauth]
May  7 05:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29639]: Disconnected from 181.228.68.222 port 56716 [preauth]
May  7 05:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 05:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Failed password for root from 218.92.0.207 port 45916 ssh2
May  7 05:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session closed for user root
May  7 05:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Failed password for root from 218.92.0.207 port 45916 ssh2
May  7 05:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Failed password for root from 218.92.0.207 port 45916 ssh2
May  7 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Failed password for root from 218.92.0.207 port 45916 ssh2
May  7 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Invalid user metro from 46.244.96.25
May  7 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: input_userauth_request: invalid user metro [preauth]
May  7 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 05:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Failed password for invalid user metro from 46.244.96.25 port 42680 ssh2
May  7 05:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29742]: Connection closed by 46.244.96.25 port 42680 [preauth]
May  7 05:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: Connection reset by 218.92.0.207 port 45916 [preauth]
May  7 05:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 05:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29681]: PAM service(sshd) ignoring max retries; 4 > 3
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29775]: pam_unix(cron:session): session closed for user p13x
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: Successful su for rubyman by root
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: + ??? root:rubyman
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344733 of user rubyman.
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29837]: pam_unix(su:session): session closed for user rubyman
May  7 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344733.
May  7 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27012]: pam_unix(cron:session): session closed for user root
May  7 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29776]: pam_unix(cron:session): session closed for user samftp
May  7 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: Failed password for root from 218.92.0.207 port 18862 ssh2
May  7 05:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 18862 ssh2]
May  7 05:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: Connection reset by 218.92.0.207 port 18862 [preauth]
May  7 05:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 05:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30026]: PAM service(sshd) ignoring max retries; 4 > 3
May  7 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May  7 05:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 05:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Failed password for root from 218.92.0.207 port 30698 ssh2
May  7 05:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 30698 ssh2]
May  7 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30176]: pam_unix(cron:session): session closed for user p13x
May  7 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30235]: Successful su for rubyman by root
May  7 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30235]: + ??? root:rubyman
May  7 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344736 of user rubyman.
May  7 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30235]: pam_unix(su:session): session closed for user rubyman
May  7 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344736.
May  7 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27512]: pam_unix(cron:session): session closed for user root
May  7 05:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30177]: pam_unix(cron:session): session closed for user samftp
May  7 05:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Failed password for root from 218.92.0.179 port 21687 ssh2
May  7 05:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Failed password for root from 218.92.0.179 port 21687 ssh2
May  7 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user root
May  7 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Failed password for root from 218.92.0.179 port 21687 ssh2
May  7 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Received disconnect from 218.92.0.179 port 21687:11:  [preauth]
May  7 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: Disconnected from 218.92.0.179 port 21687 [preauth]
May  7 05:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30482]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30573]: pam_unix(cron:session): session closed for user root
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30568]: pam_unix(cron:session): session closed for user p13x
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30640]: Successful su for rubyman by root
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30640]: + ??? root:rubyman
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344740 of user rubyman.
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30640]: pam_unix(su:session): session closed for user rubyman
May  7 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344740.
May  7 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30570]: pam_unix(cron:session): session closed for user root
May  7 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27926]: pam_unix(cron:session): session closed for user root
May  7 05:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30569]: pam_unix(cron:session): session closed for user samftp
May  7 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29778]: pam_unix(cron:session): session closed for user root
May  7 05:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Invalid user liqi from 106.51.92.114
May  7 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: input_userauth_request: invalid user liqi [preauth]
May  7 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: Invalid user alexc92 from 64.226.100.253
May  7 05:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: input_userauth_request: invalid user alexc92 [preauth]
May  7 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Failed password for invalid user liqi from 106.51.92.114 port 52767 ssh2
May  7 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Received disconnect from 106.51.92.114 port 52767:11: Bye Bye [preauth]
May  7 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31010]: Disconnected from 106.51.92.114 port 52767 [preauth]
May  7 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: Failed password for invalid user alexc92 from 64.226.100.253 port 37008 ssh2
May  7 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31013]: Connection closed by 64.226.100.253 port 37008 [preauth]
May  7 05:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Invalid user server from 162.254.32.62
May  7 05:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: input_userauth_request: invalid user server [preauth]
May  7 05:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 05:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Failed password for invalid user server from 162.254.32.62 port 50432 ssh2
May  7 05:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Received disconnect from 162.254.32.62 port 50432:11: Bye Bye [preauth]
May  7 05:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31085]: Disconnected from 162.254.32.62 port 50432 [preauth]
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31105]: pam_unix(cron:session): session closed for user p13x
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31178]: Successful su for rubyman by root
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31178]: + ??? root:rubyman
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344747 of user rubyman.
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31178]: pam_unix(su:session): session closed for user rubyman
May  7 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344747.
May  7 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session closed for user samftp
May  7 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session closed for user root
May  7 05:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  7 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Failed password for root from 186.233.208.13 port 60552 ssh2
May  7 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Received disconnect from 186.233.208.13 port 60552:11: Bye Bye [preauth]
May  7 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Disconnected from 186.233.208.13 port 60552 [preauth]
May  7 05:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Invalid user admin from 80.94.95.241
May  7 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: input_userauth_request: invalid user admin [preauth]
May  7 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 05:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for invalid user admin from 80.94.95.241 port 50538 ssh2
May  7 05:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for invalid user admin from 80.94.95.241 port 50538 ssh2
May  7 05:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for invalid user admin from 80.94.95.241 port 50538 ssh2
May  7 05:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for invalid user admin from 80.94.95.241 port 50538 ssh2
May  7 05:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for invalid user admin from 80.94.95.241 port 50538 ssh2
May  7 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Received disconnect from 80.94.95.241 port 50538:11: Bye [preauth]
May  7 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Disconnected from 80.94.95.241 port 50538 [preauth]
May  7 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30179]: pam_unix(cron:session): session closed for user root
May  7 05:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31470]: Did not receive identification string from 92.118.39.65
May  7 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session closed for user p13x
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31588]: Successful su for rubyman by root
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31588]: + ??? root:rubyman
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344750 of user rubyman.
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31588]: pam_unix(su:session): session closed for user rubyman
May  7 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344750.
May  7 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user root
May  7 05:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session closed for user samftp
May  7 05:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Failed password for root from 218.92.0.179 port 13160 ssh2
May  7 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 13160 ssh2]
May  7 05:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session closed for user root
May  7 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Invalid user administrador from 188.166.217.79
May  7 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: input_userauth_request: invalid user administrador [preauth]
May  7 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 05:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Failed password for invalid user administrador from 188.166.217.79 port 54794 ssh2
May  7 05:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Received disconnect from 188.166.217.79 port 54794:11: Bye Bye [preauth]
May  7 05:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31872]: Disconnected from 188.166.217.79 port 54794 [preauth]
May  7 05:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: Invalid user toor from 203.194.114.144
May  7 05:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: input_userauth_request: invalid user toor [preauth]
May  7 05:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 05:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: Failed password for invalid user toor from 203.194.114.144 port 34208 ssh2
May  7 05:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: Received disconnect from 203.194.114.144 port 34208:11: Bye Bye [preauth]
May  7 05:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31935]: Disconnected from 203.194.114.144 port 34208 [preauth]
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32057]: pam_unix(cron:session): session closed for user p13x
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32285]: Successful su for rubyman by root
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32285]: + ??? root:rubyman
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344757 of user rubyman.
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32285]: pam_unix(su:session): session closed for user rubyman
May  7 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344757.
May  7 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user root
May  7 05:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32058]: pam_unix(cron:session): session closed for user samftp
May  7 05:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222  user=root
May  7 05:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Failed password for root from 181.228.68.222 port 36804 ssh2
May  7 05:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Received disconnect from 181.228.68.222 port 36804:11: Bye Bye [preauth]
May  7 05:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Disconnected from 181.228.68.222 port 36804 [preauth]
May  7 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user root
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[315]: pam_unix(cron:session): session closed for user p13x
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: Successful su for rubyman by root
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: + ??? root:rubyman
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344761 of user rubyman.
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[506]: pam_unix(su:session): session closed for user rubyman
May  7 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344761.
May  7 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[311]: pam_unix(cron:session): session closed for user root
May  7 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29777]: pam_unix(cron:session): session closed for user root
May  7 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[316]: pam_unix(cron:session): session closed for user samftp
May  7 05:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31527]: pam_unix(cron:session): session closed for user root
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session closed for user root
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[919]: pam_unix(cron:session): session closed for user p13x
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1008]: Successful su for rubyman by root
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1008]: + ??? root:rubyman
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344764 of user rubyman.
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1008]: pam_unix(su:session): session closed for user rubyman
May  7 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344764.
May  7 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30178]: pam_unix(cron:session): session closed for user root
May  7 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[921]: pam_unix(cron:session): session closed for user root
May  7 05:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[920]: pam_unix(cron:session): session closed for user samftp
May  7 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session closed for user root
May  7 05:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1455]: pam_unix(cron:session): session closed for user p13x
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: Successful su for rubyman by root
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: + ??? root:rubyman
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344769 of user rubyman.
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1524]: pam_unix(su:session): session closed for user rubyman
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344769.
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Failed password for root from 162.254.32.62 port 42654 ssh2
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Received disconnect from 162.254.32.62 port 42654:11: Bye Bye [preauth]
May  7 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Disconnected from 162.254.32.62 port 42654 [preauth]
May  7 05:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Invalid user shashank from 106.51.92.114
May  7 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: input_userauth_request: invalid user shashank [preauth]
May  7 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30571]: pam_unix(cron:session): session closed for user root
May  7 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1457]: pam_unix(cron:session): session closed for user samftp
May  7 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1740]: Connection closed by 192.155.90.118 port 29196 [preauth]
May  7 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Failed password for invalid user shashank from 106.51.92.114 port 42747 ssh2
May  7 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Received disconnect from 106.51.92.114 port 42747:11: Bye Bye [preauth]
May  7 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1673]: Disconnected from 106.51.92.114 port 42747 [preauth]
May  7 05:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: Connection closed by 192.155.90.118 port 29212 [preauth]
May  7 05:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: fatal: Unable to negotiate with 192.155.90.118 port 29218: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  7 05:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[319]: pam_unix(cron:session): session closed for user root
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2006]: pam_unix(cron:session): session closed for user p13x
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2068]: Successful su for rubyman by root
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2068]: + ??? root:rubyman
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344774 of user rubyman.
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2068]: pam_unix(su:session): session closed for user rubyman
May  7 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344774.
May  7 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: Invalid user user from 186.233.208.13
May  7 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: input_userauth_request: invalid user user [preauth]
May  7 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user root
May  7 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: Failed password for invalid user user from 186.233.208.13 port 52054 ssh2
May  7 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: Received disconnect from 186.233.208.13 port 52054:11: Bye Bye [preauth]
May  7 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1982]: Disconnected from 186.233.208.13 port 52054 [preauth]
May  7 05:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2007]: pam_unix(cron:session): session closed for user samftp
May  7 05:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Invalid user alfadda from 64.226.100.253
May  7 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: input_userauth_request: invalid user alfadda [preauth]
May  7 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Failed password for invalid user alfadda from 64.226.100.253 port 60816 ssh2
May  7 05:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2294]: Connection closed by 64.226.100.253 port 60816 [preauth]
May  7 05:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[923]: pam_unix(cron:session): session closed for user root
May  7 05:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: Invalid user ubuntu from 164.68.105.9
May  7 05:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: input_userauth_request: invalid user ubuntu [preauth]
May  7 05:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: Failed password for invalid user ubuntu from 164.68.105.9 port 37518 ssh2
May  7 05:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: Connection closed by 164.68.105.9 port 37518 [preauth]
May  7 05:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: Invalid user vps from 188.166.217.79
May  7 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: input_userauth_request: invalid user vps [preauth]
May  7 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: Failed password for invalid user vps from 188.166.217.79 port 43282 ssh2
May  7 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: Received disconnect from 188.166.217.79 port 43282:11: Bye Bye [preauth]
May  7 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2406]: Disconnected from 188.166.217.79 port 43282 [preauth]
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session closed for user p13x
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2505]: Successful su for rubyman by root
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2505]: + ??? root:rubyman
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344777 of user rubyman.
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2505]: pam_unix(su:session): session closed for user rubyman
May  7 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344777.
May  7 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session closed for user root
May  7 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2439]: pam_unix(cron:session): session closed for user samftp
May  7 05:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: Invalid user fev from 203.194.114.144
May  7 05:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: input_userauth_request: invalid user fev [preauth]
May  7 05:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 05:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session closed for user root
May  7 05:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: Failed password for invalid user fev from 203.194.114.144 port 43726 ssh2
May  7 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: Received disconnect from 203.194.114.144 port 43726:11: Bye Bye [preauth]
May  7 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2775]: Disconnected from 203.194.114.144 port 43726 [preauth]
May  7 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user p13x
May  7 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: Successful su for rubyman by root
May  7 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: + ??? root:rubyman
May  7 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344782 of user rubyman.
May  7 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2940]: pam_unix(su:session): session closed for user rubyman
May  7 05:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344782.
May  7 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session closed for user root
May  7 05:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user samftp
May  7 05:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Invalid user karol from 181.228.68.222
May  7 05:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: input_userauth_request: invalid user karol [preauth]
May  7 05:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 05:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Failed password for invalid user karol from 181.228.68.222 port 45116 ssh2
May  7 05:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Received disconnect from 181.228.68.222 port 45116:11: Bye Bye [preauth]
May  7 05:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3187]: Disconnected from 181.228.68.222 port 45116 [preauth]
May  7 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session closed for user root
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session closed for user root
May  7 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session closed for user p13x
May  7 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: Successful su for rubyman by root
May  7 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: + ??? root:rubyman
May  7 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344788 of user rubyman.
May  7 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: pam_unix(su:session): session closed for user rubyman
May  7 05:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344788.
May  7 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session closed for user root
May  7 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[317]: pam_unix(cron:session): session closed for user root
May  7 05:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3278]: pam_unix(cron:session): session closed for user samftp
May  7 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2441]: pam_unix(cron:session): session closed for user root
May  7 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Invalid user myappuser from 162.254.32.62
May  7 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: input_userauth_request: invalid user myappuser [preauth]
May  7 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Failed password for invalid user myappuser from 162.254.32.62 port 35854 ssh2
May  7 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Received disconnect from 162.254.32.62 port 35854:11: Bye Bye [preauth]
May  7 05:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Disconnected from 162.254.32.62 port 35854 [preauth]
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session closed for user p13x
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3832]: Successful su for rubyman by root
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3832]: + ??? root:rubyman
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344791 of user rubyman.
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3832]: pam_unix(su:session): session closed for user rubyman
May  7 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344791.
May  7 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[922]: pam_unix(cron:session): session closed for user root
May  7 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session closed for user samftp
May  7 05:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Invalid user lora from 106.51.92.114
May  7 05:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: input_userauth_request: invalid user lora [preauth]
May  7 05:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 05:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Failed password for invalid user lora from 106.51.92.114 port 60960 ssh2
May  7 05:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Received disconnect from 106.51.92.114 port 60960:11: Bye Bye [preauth]
May  7 05:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4106]: Disconnected from 106.51.92.114 port 60960 [preauth]
May  7 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2874]: pam_unix(cron:session): session closed for user root
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session closed for user root
May  7 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user p13x
May  7 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: Successful su for rubyman by root
May  7 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: + ??? root:rubyman
May  7 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344798 of user rubyman.
May  7 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: pam_unix(su:session): session closed for user rubyman
May  7 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344798.
May  7 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1458]: pam_unix(cron:session): session closed for user root
May  7 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user samftp
May  7 05:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3281]: pam_unix(cron:session): session closed for user root
May  7 05:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  7 05:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: Failed password for root from 186.233.208.13 port 38740 ssh2
May  7 05:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: Received disconnect from 186.233.208.13 port 38740:11: Bye Bye [preauth]
May  7 05:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4742]: Disconnected from 186.233.208.13 port 38740 [preauth]
May  7 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4770]: pam_unix(cron:session): session closed for user p13x
May  7 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4841]: Successful su for rubyman by root
May  7 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4841]: + ??? root:rubyman
May  7 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344800 of user rubyman.
May  7 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4841]: pam_unix(su:session): session closed for user rubyman
May  7 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344800.
May  7 05:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Invalid user remoto from 188.166.217.79
May  7 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: input_userauth_request: invalid user remoto [preauth]
May  7 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user root
May  7 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Failed password for invalid user remoto from 188.166.217.79 port 34306 ssh2
May  7 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Received disconnect from 188.166.217.79 port 34306:11: Bye Bye [preauth]
May  7 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4913]: Disconnected from 188.166.217.79 port 34306 [preauth]
May  7 05:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4771]: pam_unix(cron:session): session closed for user samftp
May  7 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session closed for user root
May  7 05:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Failed password for root from 218.92.0.179 port 10093 ssh2
May  7 05:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10093 ssh2]
May  7 05:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Received disconnect from 218.92.0.179 port 10093:11:  [preauth]
May  7 05:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: Disconnected from 218.92.0.179 port 10093 [preauth]
May  7 05:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5342]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session closed for user p13x
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5454]: Successful su for rubyman by root
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5454]: + ??? root:rubyman
May  7 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344804 of user rubyman.
May  7 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5454]: pam_unix(su:session): session closed for user rubyman
May  7 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344804.
May  7 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2440]: pam_unix(cron:session): session closed for user root
May  7 05:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5384]: pam_unix(cron:session): session closed for user samftp
May  7 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Invalid user alihs from 64.226.100.253
May  7 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: input_userauth_request: invalid user alihs [preauth]
May  7 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Failed password for invalid user alihs from 64.226.100.253 port 49604 ssh2
May  7 05:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Connection closed by 64.226.100.253 port 49604 [preauth]
May  7 05:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 05:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Failed password for root from 80.94.95.29 port 55427 ssh2
May  7 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: message repeated 2 times: [ Failed password for root from 80.94.95.29 port 55427 ssh2]
May  7 05:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144  user=root
May  7 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Failed password for root from 80.94.95.29 port 55427 ssh2
May  7 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: Failed password for root from 203.194.114.144 port 53250 ssh2
May  7 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: Received disconnect from 203.194.114.144 port 53250:11: Bye Bye [preauth]
May  7 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5763]: Disconnected from 203.194.114.144 port 53250 [preauth]
May  7 05:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Failed password for root from 80.94.95.29 port 55427 ssh2
May  7 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Received disconnect from 80.94.95.29 port 55427:11: Bye [preauth]
May  7 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: Disconnected from 80.94.95.29 port 55427 [preauth]
May  7 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 05:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5732]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 05:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Invalid user admin from 80.94.95.125
May  7 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: input_userauth_request: invalid user admin [preauth]
May  7 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session closed for user root
May  7 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Failed password for invalid user admin from 80.94.95.125 port 45035 ssh2
May  7 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Failed password for invalid user admin from 80.94.95.125 port 45035 ssh2
May  7 05:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Failed password for invalid user admin from 80.94.95.125 port 45035 ssh2
May  7 05:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Failed password for invalid user admin from 80.94.95.125 port 45035 ssh2
May  7 05:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Failed password for invalid user admin from 80.94.95.125 port 45035 ssh2
May  7 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Received disconnect from 80.94.95.125 port 45035:11: Bye [preauth]
May  7 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: Disconnected from 80.94.95.125 port 45035 [preauth]
May  7 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 05:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5773]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 05:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session closed for user root
May  7 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session closed for user p13x
May  7 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6031]: Successful su for rubyman by root
May  7 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6031]: + ??? root:rubyman
May  7 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344811 of user rubyman.
May  7 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6031]: pam_unix(su:session): session closed for user rubyman
May  7 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344811.
May  7 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Invalid user fail from 27.252.144.74
May  7 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: input_userauth_request: invalid user fail [preauth]
May  7 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user root
May  7 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session closed for user root
May  7 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  7 05:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session closed for user samftp
May  7 05:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Failed password for invalid user fail from 27.252.144.74 port 49633 ssh2
May  7 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4773]: pam_unix(cron:session): session closed for user root
May  7 05:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Invalid user repo from 181.228.68.222
May  7 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: input_userauth_request: invalid user repo [preauth]
May  7 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 05:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Failed password for invalid user repo from 181.228.68.222 port 53432 ssh2
May  7 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Received disconnect from 181.228.68.222 port 53432:11: Bye Bye [preauth]
May  7 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Disconnected from 181.228.68.222 port 53432 [preauth]
May  7 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Invalid user niko from 162.254.32.62
May  7 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: input_userauth_request: invalid user niko [preauth]
May  7 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62
May  7 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Failed password for invalid user niko from 162.254.32.62 port 52418 ssh2
May  7 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Received disconnect from 162.254.32.62 port 52418:11: Bye Bye [preauth]
May  7 05:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Disconnected from 162.254.32.62 port 52418 [preauth]
May  7 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user p13x
May  7 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: Successful su for rubyman by root
May  7 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: + ??? root:rubyman
May  7 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344814 of user rubyman.
May  7 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: pam_unix(su:session): session closed for user rubyman
May  7 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344814.
May  7 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session closed for user root
May  7 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user samftp
May  7 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5386]: pam_unix(cron:session): session closed for user root
May  7 05:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114  user=root
May  7 05:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Failed password for root from 106.51.92.114 port 50940 ssh2
May  7 05:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Received disconnect from 106.51.92.114 port 50940:11: Bye Bye [preauth]
May  7 05:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Disconnected from 106.51.92.114 port 50940 [preauth]
May  7 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6816]: pam_unix(cron:session): session closed for user p13x
May  7 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: Successful su for rubyman by root
May  7 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: + ??? root:rubyman
May  7 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344819 of user rubyman.
May  7 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6878]: pam_unix(su:session): session closed for user rubyman
May  7 05:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344819.
May  7 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3760]: pam_unix(cron:session): session closed for user root
May  7 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6817]: pam_unix(cron:session): session closed for user samftp
May  7 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session closed for user root
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user p13x
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: Successful su for rubyman by root
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: + ??? root:rubyman
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344822 of user rubyman.
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7381]: pam_unix(su:session): session closed for user rubyman
May  7 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344822.
May  7 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user root
May  7 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user samftp
May  7 05:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Invalid user server from 188.166.217.79
May  7 05:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: input_userauth_request: invalid user server [preauth]
May  7 05:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79
May  7 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Failed password for invalid user server from 188.166.217.79 port 40196 ssh2
May  7 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Received disconnect from 188.166.217.79 port 40196:11: Bye Bye [preauth]
May  7 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7742]: Disconnected from 188.166.217.79 port 40196 [preauth]
May  7 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user root
May  7 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Invalid user xxt from 186.233.208.13
May  7 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: input_userauth_request: invalid user xxt [preauth]
May  7 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 05:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Failed password for invalid user xxt from 186.233.208.13 port 38470 ssh2
May  7 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Received disconnect from 186.233.208.13 port 38470:11: Bye Bye [preauth]
May  7 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7789]: Disconnected from 186.233.208.13 port 38470 [preauth]
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7851]: pam_unix(cron:session): session closed for user p13x
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7914]: Successful su for rubyman by root
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7914]: + ??? root:rubyman
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344828 of user rubyman.
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7914]: pam_unix(su:session): session closed for user rubyman
May  7 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344828.
May  7 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4772]: pam_unix(cron:session): session closed for user root
May  7 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7852]: pam_unix(cron:session): session closed for user samftp
May  7 05:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Failed password for root from 218.92.0.179 port 57095 ssh2
May  7 05:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57095 ssh2]
May  7 05:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Received disconnect from 218.92.0.179 port 57095:11:  [preauth]
May  7 05:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Disconnected from 218.92.0.179 port 57095 [preauth]
May  7 05:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6819]: pam_unix(cron:session): session closed for user root
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8282]: pam_unix(cron:session): session closed for user root
May  7 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8276]: pam_unix(cron:session): session closed for user p13x
May  7 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8348]: Successful su for rubyman by root
May  7 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8348]: + ??? root:rubyman
May  7 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344831 of user rubyman.
May  7 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8348]: pam_unix(su:session): session closed for user rubyman
May  7 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344831.
May  7 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8278]: pam_unix(cron:session): session closed for user root
May  7 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5385]: pam_unix(cron:session): session closed for user root
May  7 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8277]: pam_unix(cron:session): session closed for user samftp
May  7 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Invalid user untu from 203.194.114.144
May  7 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: input_userauth_request: invalid user untu [preauth]
May  7 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for invalid user untu from 203.194.114.144 port 34540 ssh2
May  7 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Received disconnect from 203.194.114.144 port 34540:11: Bye Bye [preauth]
May  7 05:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Disconnected from 203.194.114.144 port 34540 [preauth]
May  7 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session closed for user root
May  7 05:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Failed password for root from 162.254.32.62 port 55104 ssh2
May  7 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Received disconnect from 162.254.32.62 port 55104:11: Bye Bye [preauth]
May  7 05:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8708]: Disconnected from 162.254.32.62 port 55104 [preauth]
May  7 05:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Invalid user amoini from 64.226.100.253
May  7 05:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: input_userauth_request: invalid user amoini [preauth]
May  7 05:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Failed password for invalid user amoini from 64.226.100.253 port 39586 ssh2
May  7 05:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Connection closed by 64.226.100.253 port 39586 [preauth]
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8743]: pam_unix(cron:session): session closed for user p13x
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: Successful su for rubyman by root
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: + ??? root:rubyman
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344836 of user rubyman.
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8810]: pam_unix(su:session): session closed for user rubyman
May  7 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344836.
May  7 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session closed for user root
May  7 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8744]: pam_unix(cron:session): session closed for user samftp
May  7 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7854]: pam_unix(cron:session): session closed for user root
May  7 05:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Invalid user devtest from 181.228.68.222
May  7 05:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: input_userauth_request: invalid user devtest [preauth]
May  7 05:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 05:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Failed password for invalid user devtest from 181.228.68.222 port 33544 ssh2
May  7 05:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Received disconnect from 181.228.68.222 port 33544:11: Bye Bye [preauth]
May  7 05:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Disconnected from 181.228.68.222 port 33544 [preauth]
May  7 05:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user p13x
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: Successful su for rubyman by root
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: + ??? root:rubyman
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344841 of user rubyman.
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: pam_unix(su:session): session closed for user rubyman
May  7 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344841.
May  7 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user root
May  7 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session closed for user samftp
May  7 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114  user=root
May  7 05:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Failed password for root from 106.51.92.114 port 40918 ssh2
May  7 05:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Received disconnect from 106.51.92.114 port 40918:11: Bye Bye [preauth]
May  7 05:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9601]: Disconnected from 106.51.92.114 port 40918 [preauth]
May  7 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8281]: pam_unix(cron:session): session closed for user root
May  7 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Invalid user admin from 80.94.95.112
May  7 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: input_userauth_request: invalid user admin [preauth]
May  7 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 05:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user admin from 80.94.95.112 port 60993 ssh2
May  7 05:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user admin from 80.94.95.112 port 60993 ssh2
May  7 05:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user admin from 80.94.95.112 port 60993 ssh2
May  7 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user admin from 80.94.95.112 port 60993 ssh2
May  7 05:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Failed password for invalid user admin from 80.94.95.112 port 60993 ssh2
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Received disconnect from 80.94.95.112 port 60993:11: Bye [preauth]
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: Disconnected from 80.94.95.112 port 60993 [preauth]
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 05:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9723]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 05:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session closed for user p13x
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: Successful su for rubyman by root
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: + ??? root:rubyman
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344844 of user rubyman.
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: pam_unix(su:session): session closed for user rubyman
May  7 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344844.
May  7 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6818]: pam_unix(cron:session): session closed for user root
May  7 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session closed for user samftp
May  7 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 05:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Failed password for root from 50.235.31.47 port 57734 ssh2
May  7 05:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10050]: Connection closed by 50.235.31.47 port 57734 [preauth]
May  7 05:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Invalid user cock from 27.252.144.74
May  7 05:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: input_userauth_request: invalid user cock [preauth]
May  7 05:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  7 05:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10076]: Failed password for invalid user cock from 27.252.144.74 port 49840 ssh2
May  7 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user root
May  7 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 05:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Failed password for root from 188.166.217.79 port 38196 ssh2
May  7 05:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Received disconnect from 188.166.217.79 port 38196:11: Bye Bye [preauth]
May  7 05:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10341]: Disconnected from 188.166.217.79 port 38196 [preauth]
May  7 05:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10398]: pam_unix(cron:session): session closed for user p13x
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10472]: Successful su for rubyman by root
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10472]: + ??? root:rubyman
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344849 of user rubyman.
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10472]: pam_unix(su:session): session closed for user rubyman
May  7 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344849.
May  7 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
May  7 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10399]: pam_unix(cron:session): session closed for user samftp
May  7 05:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Invalid user test from 186.233.208.13
May  7 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: input_userauth_request: invalid user test [preauth]
May  7 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Failed password for invalid user test from 186.233.208.13 port 38710 ssh2
May  7 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Received disconnect from 186.233.208.13 port 38710:11: Bye Bye [preauth]
May  7 05:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10797]: Disconnected from 186.233.208.13 port 38710 [preauth]
May  7 05:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user root
May  7 05:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session closed for user root
May  7 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10965]: pam_unix(cron:session): session closed for user p13x
May  7 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11033]: Successful su for rubyman by root
May  7 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11033]: + ??? root:rubyman
May  7 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344856 of user rubyman.
May  7 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11033]: pam_unix(su:session): session closed for user rubyman
May  7 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344856.
May  7 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10967]: pam_unix(cron:session): session closed for user root
May  7 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7853]: pam_unix(cron:session): session closed for user root
May  7 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10966]: pam_unix(cron:session): session closed for user samftp
May  7 05:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session closed for user root
May  7 05:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.254.32.62  user=root
May  7 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for root from 162.254.32.62 port 53316 ssh2
May  7 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Received disconnect from 162.254.32.62 port 53316:11: Bye Bye [preauth]
May  7 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Disconnected from 162.254.32.62 port 53316 [preauth]
May  7 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www rhost=::ffff:113.22.9.113
May  7 05:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11488]: pam_unix(cron:session): session closed for user p13x
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11569]: Successful su for rubyman by root
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11569]: + ??? root:rubyman
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344858 of user rubyman.
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11569]: pam_unix(su:session): session closed for user rubyman
May  7 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344858.
May  7 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Failed password for root from 218.92.0.179 port 38903 ssh2
May  7 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Failed password for root from 218.92.0.179 port 38903 ssh2
May  7 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8279]: pam_unix(cron:session): session closed for user root
May  7 05:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11489]: pam_unix(cron:session): session closed for user samftp
May  7 05:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Failed password for root from 218.92.0.179 port 38903 ssh2
May  7 05:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Received disconnect from 218.92.0.179 port 38903:11:  [preauth]
May  7 05:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Disconnected from 218.92.0.179 port 38903 [preauth]
May  7 05:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Invalid user popuser from 203.194.114.144
May  7 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: input_userauth_request: invalid user popuser [preauth]
May  7 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Failed password for invalid user popuser from 203.194.114.144 port 44054 ssh2
May  7 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Received disconnect from 203.194.114.144 port 44054:11: Bye Bye [preauth]
May  7 05:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11782]: Disconnected from 203.194.114.144 port 44054 [preauth]
May  7 05:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10403]: pam_unix(cron:session): session closed for user root
May  7 05:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user p13x
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12052]: Successful su for rubyman by root
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12052]: + ??? root:rubyman
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344862 of user rubyman.
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12052]: pam_unix(su:session): session closed for user rubyman
May  7 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344862.
May  7 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8746]: pam_unix(cron:session): session closed for user root
May  7 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session closed for user samftp
May  7 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Failed password for root from 218.92.0.179 port 63644 ssh2
May  7 05:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Failed password for root from 218.92.0.179 port 63644 ssh2
May  7 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Failed password for root from 218.92.0.179 port 63644 ssh2
May  7 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Received disconnect from 218.92.0.179 port 63644:11:  [preauth]
May  7 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: Disconnected from 218.92.0.179 port 63644 [preauth]
May  7 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12273]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: Invalid user wqmarlduiqkmgs from 118.77.133.75
May  7 05:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: input_userauth_request: invalid user wqmarlduiqkmgs [preauth]
May  7 05:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12350]: fatal: ssh_packet_get_string: incomplete message [preauth]
May  7 05:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Invalid user amrita from 64.226.100.253
May  7 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: input_userauth_request: invalid user amrita [preauth]
May  7 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session closed for user root
May  7 05:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Failed password for invalid user amrita from 64.226.100.253 port 42838 ssh2
May  7 05:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Connection closed by 64.226.100.253 port 42838 [preauth]
May  7 05:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114  user=root
May  7 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Failed password for root from 106.51.92.114 port 59129 ssh2
May  7 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Received disconnect from 106.51.92.114 port 59129:11: Bye Bye [preauth]
May  7 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12409]: Disconnected from 106.51.92.114 port 59129 [preauth]
May  7 05:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Invalid user guest from 181.228.68.222
May  7 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: input_userauth_request: invalid user guest [preauth]
May  7 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Failed password for invalid user guest from 181.228.68.222 port 41860 ssh2
May  7 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Received disconnect from 181.228.68.222 port 41860:11: Bye Bye [preauth]
May  7 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Disconnected from 181.228.68.222 port 41860 [preauth]
May  7 05:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session closed for user p13x
May  7 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12556]: Successful su for rubyman by root
May  7 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12556]: + ??? root:rubyman
May  7 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344866 of user rubyman.
May  7 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12556]: pam_unix(su:session): session closed for user rubyman
May  7 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344866.
May  7 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session closed for user root
May  7 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user samftp
May  7 05:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 05:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Failed password for root from 218.92.0.203 port 25838 ssh2
May  7 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11491]: pam_unix(cron:session): session closed for user root
May  7 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Received disconnect from 218.92.0.203 port 25838:11:  [preauth]
May  7 05:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12806]: Disconnected from 218.92.0.203 port 25838 [preauth]
May  7 05:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 05:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12905]: Failed password for root from 218.92.0.203 port 56734 ssh2
May  7 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12977]: pam_unix(cron:session): session closed for user p13x
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: Successful su for rubyman by root
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: + ??? root:rubyman
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344870 of user rubyman.
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13045]: pam_unix(su:session): session closed for user rubyman
May  7 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344870.
May  7 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session closed for user root
May  7 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12978]: pam_unix(cron:session): session closed for user samftp
May  7 05:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Failed password for root from 188.166.217.79 port 37352 ssh2
May  7 05:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Received disconnect from 188.166.217.79 port 37352:11: Bye Bye [preauth]
May  7 05:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Disconnected from 188.166.217.79 port 37352 [preauth]
May  7 05:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user root
May  7 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user root
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session closed for user p13x
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: Successful su for rubyman by root
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: + ??? root:rubyman
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344878 of user rubyman.
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session closed for user rubyman
May  7 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344878.
May  7 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13585]: pam_unix(cron:session): session closed for user root
May  7 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10400]: pam_unix(cron:session): session closed for user root
May  7 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:113.22.9.113
May  7 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session closed for user samftp
May  7 05:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Invalid user trans from 186.233.208.13
May  7 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: input_userauth_request: invalid user trans [preauth]
May  7 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  7 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Failed password for invalid user trans from 186.233.208.13 port 60988 ssh2
May  7 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Received disconnect from 186.233.208.13 port 60988:11: Bye Bye [preauth]
May  7 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13885]: Disconnected from 186.233.208.13 port 60988 [preauth]
May  7 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user root
May  7 05:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14120]: pam_unix(cron:session): session closed for user p13x
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: Successful su for rubyman by root
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: + ??? root:rubyman
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344880 of user rubyman.
May  7 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14188]: pam_unix(su:session): session closed for user rubyman
May  7 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344880.
May  7 05:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10968]: pam_unix(cron:session): session closed for user root
May  7 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14121]: pam_unix(cron:session): session closed for user samftp
May  7 05:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12982]: pam_unix(cron:session): session closed for user root
May  7 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14639]: pam_unix(cron:session): session closed for user p13x
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14700]: Successful su for rubyman by root
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14700]: + ??? root:rubyman
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344884 of user rubyman.
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14700]: pam_unix(su:session): session closed for user rubyman
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344884.
May  7 05:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144  user=root
May  7 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11490]: pam_unix(cron:session): session closed for user root
May  7 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Failed password for root from 203.194.114.144 port 53574 ssh2
May  7 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Received disconnect from 203.194.114.144 port 53574:11: Bye Bye [preauth]
May  7 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14635]: Disconnected from 203.194.114.144 port 53574 [preauth]
May  7 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14640]: pam_unix(cron:session): session closed for user samftp
May  7 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session closed for user root
May  7 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: Invalid user oneadmin from 46.244.96.25
May  7 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: input_userauth_request: invalid user oneadmin [preauth]
May  7 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: Failed password for invalid user oneadmin from 46.244.96.25 port 44978 ssh2
May  7 05:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15081]: Connection closed by 46.244.96.25 port 44978 [preauth]
May  7 05:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15138]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session closed for user p13x
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: Successful su for rubyman by root
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: + ??? root:rubyman
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344888 of user rubyman.
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15204]: pam_unix(su:session): session closed for user rubyman
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344888.
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user root
May  7 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Invalid user nmr from 106.51.92.114
May  7 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: input_userauth_request: invalid user nmr [preauth]
May  7 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.92.114
May  7 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15138]: pam_unix(cron:session): session closed for user samftp
May  7 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Failed password for invalid user nmr from 106.51.92.114 port 49109 ssh2
May  7 05:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Received disconnect from 106.51.92.114 port 49109:11: Bye Bye [preauth]
May  7 05:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15303]: Disconnected from 106.51.92.114 port 49109 [preauth]
May  7 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14123]: pam_unix(cron:session): session closed for user root
May  7 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Invalid user herb from 181.228.68.222
May  7 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: input_userauth_request: invalid user herb [preauth]
May  7 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.228.68.222
May  7 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Failed password for invalid user herb from 181.228.68.222 port 50172 ssh2
May  7 05:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Received disconnect from 181.228.68.222 port 50172:11: Bye Bye [preauth]
May  7 05:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Disconnected from 181.228.68.222 port 50172 [preauth]
May  7 05:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15635]: pam_unix(cron:session): session closed for user p13x
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15757]: Successful su for rubyman by root
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15757]: + ??? root:rubyman
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344894 of user rubyman.
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15757]: pam_unix(su:session): session closed for user rubyman
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344894.
May  7 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15633]: pam_unix(cron:session): session closed for user root
May  7 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user root
May  7 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:113.22.9.113
May  7 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15636]: pam_unix(cron:session): session closed for user samftp
May  7 05:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.217.79  user=root
May  7 05:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Invalid user anjentai from 64.226.100.253
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: input_userauth_request: invalid user anjentai [preauth]
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Failed password for root from 188.166.217.79 port 50670 ssh2
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Received disconnect from 188.166.217.79 port 50670:11: Bye Bye [preauth]
May  7 05:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16005]: Disconnected from 188.166.217.79 port 50670 [preauth]
May  7 05:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Failed password for invalid user anjentai from 64.226.100.253 port 41242 ssh2
May  7 05:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16012]: Connection closed by 64.226.100.253 port 41242 [preauth]
May  7 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Invalid user support from 85.208.84.5
May  7 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: input_userauth_request: invalid user support [preauth]
May  7 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 05:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Failed password for invalid user support from 85.208.84.5 port 54332 ssh2
May  7 05:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16034]: Connection closed by 85.208.84.5 port 54332 [preauth]
May  7 05:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14642]: pam_unix(cron:session): session closed for user root
May  7 05:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16216]: pam_unix(cron:session): session closed for user root
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user p13x
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16278]: Successful su for rubyman by root
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16278]: + ??? root:rubyman
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344898 of user rubyman.
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16278]: pam_unix(su:session): session closed for user rubyman
May  7 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344898.
May  7 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16213]: pam_unix(cron:session): session closed for user root
May  7 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12979]: pam_unix(cron:session): session closed for user root
May  7 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16212]: pam_unix(cron:session): session closed for user samftp
May  7 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15140]: pam_unix(cron:session): session closed for user root
May  7 05:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16783]: pam_unix(cron:session): session closed for user p13x
May  7 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16849]: Successful su for rubyman by root
May  7 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16849]: + ??? root:rubyman
May  7 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344905 of user rubyman.
May  7 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16849]: pam_unix(su:session): session closed for user rubyman
May  7 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344905.
May  7 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13586]: pam_unix(cron:session): session closed for user root
May  7 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16785]: pam_unix(cron:session): session closed for user samftp
May  7 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Invalid user admin from 80.94.95.241
May  7 05:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: input_userauth_request: invalid user admin [preauth]
May  7 05:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 05:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Failed password for invalid user admin from 80.94.95.241 port 19279 ssh2
May  7 05:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Failed password for invalid user admin from 80.94.95.241 port 19279 ssh2
May  7 05:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Failed password for invalid user admin from 80.94.95.241 port 19279 ssh2
May  7 05:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Failed password for invalid user admin from 80.94.95.241 port 19279 ssh2
May  7 05:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Failed password for invalid user admin from 80.94.95.241 port 19279 ssh2
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Received disconnect from 80.94.95.241 port 19279:11: Bye [preauth]
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: Disconnected from 80.94.95.241 port 19279 [preauth]
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 05:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17084]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15638]: pam_unix(cron:session): session closed for user root
May  7 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session closed for user p13x
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: Successful su for rubyman by root
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: + ??? root:rubyman
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344908 of user rubyman.
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17381]: pam_unix(su:session): session closed for user rubyman
May  7 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344908.
May  7 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14122]: pam_unix(cron:session): session closed for user root
May  7 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session closed for user samftp
May  7 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16215]: pam_unix(cron:session): session closed for user root
May  7 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Invalid user domain from 203.194.114.144
May  7 05:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: input_userauth_request: invalid user domain [preauth]
May  7 05:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144
May  7 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Failed password for invalid user domain from 203.194.114.144 port 34864 ssh2
May  7 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Received disconnect from 203.194.114.144 port 34864:11: Bye Bye [preauth]
May  7 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17903]: Disconnected from 203.194.114.144 port 34864 [preauth]
May  7 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user p13x
May  7 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18006]: Successful su for rubyman by root
May  7 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18006]: + ??? root:rubyman
May  7 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344913 of user rubyman.
May  7 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18006]: pam_unix(su:session): session closed for user rubyman
May  7 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344913.
May  7 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14641]: pam_unix(cron:session): session closed for user root
May  7 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user samftp
May  7 05:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Admin rhost=::ffff:113.22.9.113
May  7 05:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session closed for user root
May  7 05:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18459]: pam_unix(cron:session): session closed for user p13x
May  7 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: Successful su for rubyman by root
May  7 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: + ??? root:rubyman
May  7 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344917 of user rubyman.
May  7 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18521]: pam_unix(su:session): session closed for user rubyman
May  7 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344917.
May  7 05:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15139]: pam_unix(cron:session): session closed for user root
May  7 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18460]: pam_unix(cron:session): session closed for user samftp
May  7 05:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user root
May  7 05:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Failed password for root from 218.92.0.179 port 27871 ssh2
May  7 05:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Failed password for root from 218.92.0.179 port 27871 ssh2
May  7 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Failed password for root from 218.92.0.179 port 27871 ssh2
May  7 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Received disconnect from 218.92.0.179 port 27871:11:  [preauth]
May  7 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: Disconnected from 218.92.0.179 port 27871 [preauth]
May  7 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18921]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session closed for user root
May  7 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18960]: pam_unix(cron:session): session closed for user p13x
May  7 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19027]: Successful su for rubyman by root
May  7 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19027]: + ??? root:rubyman
May  7 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344921 of user rubyman.
May  7 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19027]: pam_unix(su:session): session closed for user rubyman
May  7 05:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344921.
May  7 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15637]: pam_unix(cron:session): session closed for user root
May  7 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18962]: pam_unix(cron:session): session closed for user root
May  7 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18961]: pam_unix(cron:session): session closed for user samftp
May  7 05:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: Invalid user lol from 27.252.144.74
May  7 05:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: input_userauth_request: invalid user lol [preauth]
May  7 05:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  7 05:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19307]: Failed password for invalid user lol from 27.252.144.74 port 50341 ssh2
May  7 05:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session closed for user root
May  7 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: Failed password for root from 218.92.0.179 port 12056 ssh2
May  7 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19493]: pam_unix(cron:session): session closed for user p13x
May  7 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19567]: Successful su for rubyman by root
May  7 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19567]: + ??? root:rubyman
May  7 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344926 of user rubyman.
May  7 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19567]: pam_unix(su:session): session closed for user rubyman
May  7 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344926.
May  7 05:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: Failed password for root from 218.92.0.179 port 12056 ssh2
May  7 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16214]: pam_unix(cron:session): session closed for user root
May  7 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: Failed password for root from 218.92.0.179 port 12056 ssh2
May  7 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: Received disconnect from 218.92.0.179 port 12056:11:  [preauth]
May  7 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: Disconnected from 218.92.0.179 port 12056 [preauth]
May  7 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19483]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19494]: pam_unix(cron:session): session closed for user samftp
May  7 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Invalid user anjentai from 64.226.100.253
May  7 05:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: input_userauth_request: invalid user anjentai [preauth]
May  7 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Failed password for invalid user anjentai from 64.226.100.253 port 45274 ssh2
May  7 05:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19787]: Connection closed by 64.226.100.253 port 45274 [preauth]
May  7 05:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session closed for user root
May  7 05:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20019]: pam_unix(cron:session): session closed for user p13x
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20087]: Successful su for rubyman by root
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20087]: + ??? root:rubyman
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344930 of user rubyman.
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20087]: pam_unix(su:session): session closed for user rubyman
May  7 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344930.
May  7 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session closed for user root
May  7 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20021]: pam_unix(cron:session): session closed for user samftp
May  7 05:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_listfile(vsftpd:auth): Refused user root for service vsftpd
May  7 05:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=root rhost=::ffff:113.22.9.113  user=root
May  7 05:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18964]: pam_unix(cron:session): session closed for user root
May  7 05:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20516]: pam_unix(cron:session): session closed for user p13x
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: Successful su for rubyman by root
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: + ??? root:rubyman
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344935 of user rubyman.
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20576]: pam_unix(su:session): session closed for user rubyman
May  7 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344935.
May  7 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session closed for user root
May  7 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20517]: pam_unix(cron:session): session closed for user samftp
May  7 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Invalid user admin from 80.94.95.116
May  7 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: input_userauth_request: invalid user admin [preauth]
May  7 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Failed password for invalid user admin from 80.94.95.116 port 15338 ssh2
May  7 05:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20790]: Connection closed by 80.94.95.116 port 15338 [preauth]
May  7 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19496]: pam_unix(cron:session): session closed for user root
May  7 05:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.194.114.144  user=root
May  7 05:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: Failed password for root from 203.194.114.144 port 44396 ssh2
May  7 05:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: Received disconnect from 203.194.114.144 port 44396:11: Bye Bye [preauth]
May  7 05:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20992]: Disconnected from 203.194.114.144 port 44396 [preauth]
May  7 05:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session closed for user p13x
May  7 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21094]: Successful su for rubyman by root
May  7 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21094]: + ??? root:rubyman
May  7 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344938 of user rubyman.
May  7 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21094]: pam_unix(su:session): session closed for user rubyman
May  7 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344938.
May  7 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17943]: pam_unix(cron:session): session closed for user root
May  7 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session closed for user samftp
May  7 05:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20023]: pam_unix(cron:session): session closed for user root
May  7 05:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21594]: pam_unix(cron:session): session closed for user root
May  7 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user p13x
May  7 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: Successful su for rubyman by root
May  7 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: + ??? root:rubyman
May  7 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344945 of user rubyman.
May  7 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21679]: pam_unix(su:session): session closed for user rubyman
May  7 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344945.
May  7 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21590]: pam_unix(cron:session): session closed for user root
May  7 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18461]: pam_unix(cron:session): session closed for user root
May  7 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21589]: pam_unix(cron:session): session closed for user samftp
May  7 05:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session closed for user root
May  7 05:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22486]: pam_unix(cron:session): session closed for user p13x
May  7 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: Successful su for rubyman by root
May  7 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: + ??? root:rubyman
May  7 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344947 of user rubyman.
May  7 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: pam_unix(su:session): session closed for user rubyman
May  7 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344947.
May  7 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session closed for user root
May  7 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22488]: pam_unix(cron:session): session closed for user samftp
May  7 05:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=db rhost=::ffff:113.22.9.113
May  7 05:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21033]: pam_unix(cron:session): session closed for user root
May  7 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Failed password for root from 218.92.0.179 port 31814 ssh2
May  7 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Failed password for root from 218.92.0.179 port 31814 ssh2
May  7 05:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Failed password for root from 218.92.0.179 port 31814 ssh2
May  7 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Received disconnect from 218.92.0.179 port 31814:11:  [preauth]
May  7 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Disconnected from 218.92.0.179 port 31814 [preauth]
May  7 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23066]: pam_unix(cron:session): session closed for user p13x
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: Successful su for rubyman by root
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: + ??? root:rubyman
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344952 of user rubyman.
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23127]: pam_unix(su:session): session closed for user rubyman
May  7 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344952.
May  7 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19495]: pam_unix(cron:session): session closed for user root
May  7 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23067]: pam_unix(cron:session): session closed for user samftp
May  7 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21592]: pam_unix(cron:session): session closed for user root
May  7 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: Invalid user backupadmin from 164.68.105.9
May  7 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: input_userauth_request: invalid user backupadmin [preauth]
May  7 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 05:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: Failed password for invalid user backupadmin from 164.68.105.9 port 59110 ssh2
May  7 05:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23573]: Connection closed by 164.68.105.9 port 59110 [preauth]
May  7 05:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23663]: pam_unix(cron:session): session closed for user p13x
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23726]: Successful su for rubyman by root
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23726]: + ??? root:rubyman
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344957 of user rubyman.
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23726]: pam_unix(su:session): session closed for user rubyman
May  7 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344957.
May  7 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20022]: pam_unix(cron:session): session closed for user root
May  7 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Invalid user anukrati from 64.226.100.253
May  7 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: input_userauth_request: invalid user anukrati [preauth]
May  7 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23664]: pam_unix(cron:session): session closed for user samftp
May  7 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Failed password for invalid user anukrati from 64.226.100.253 port 37414 ssh2
May  7 05:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Connection closed by 64.226.100.253 port 37414 [preauth]
May  7 05:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22490]: pam_unix(cron:session): session closed for user root
May  7 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24307]: pam_unix(cron:session): session closed for user p13x
May  7 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: Successful su for rubyman by root
May  7 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: + ??? root:rubyman
May  7 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344960 of user rubyman.
May  7 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24373]: pam_unix(su:session): session closed for user rubyman
May  7 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344960.
May  7 05:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session closed for user root
May  7 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24308]: pam_unix(cron:session): session closed for user samftp
May  7 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Invalid user admin from 80.94.95.125
May  7 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: input_userauth_request: invalid user admin [preauth]
May  7 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for invalid user admin from 80.94.95.125 port 50301 ssh2
May  7 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session closed for user root
May  7 05:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for invalid user admin from 80.94.95.125 port 50301 ssh2
May  7 05:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for invalid user admin from 80.94.95.125 port 50301 ssh2
May  7 05:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for invalid user admin from 80.94.95.125 port 50301 ssh2
May  7 05:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for invalid user admin from 80.94.95.125 port 50301 ssh2
May  7 05:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Received disconnect from 80.94.95.125 port 50301:11: Bye [preauth]
May  7 05:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Disconnected from 80.94.95.125 port 50301 [preauth]
May  7 05:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 05:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 05:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session closed for user root
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24830]: pam_unix(cron:session): session closed for user p13x
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24907]: Successful su for rubyman by root
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24907]: + ??? root:rubyman
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344965 of user rubyman.
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24907]: pam_unix(su:session): session closed for user rubyman
May  7 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344965.
May  7 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24833]: pam_unix(cron:session): session closed for user root
May  7 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session closed for user root
May  7 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24832]: pam_unix(cron:session): session closed for user samftp
May  7 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23666]: pam_unix(cron:session): session closed for user root
May  7 05:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=wwwroot rhost=::ffff:113.22.9.113
May  7 05:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25383]: pam_unix(cron:session): session closed for user p13x
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: Successful su for rubyman by root
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: + ??? root:rubyman
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344969 of user rubyman.
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25453]: pam_unix(su:session): session closed for user rubyman
May  7 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344969.
May  7 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21591]: pam_unix(cron:session): session closed for user root
May  7 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25384]: pam_unix(cron:session): session closed for user samftp
May  7 05:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24310]: pam_unix(cron:session): session closed for user root
May  7 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25989]: pam_unix(cron:session): session closed for user p13x
May  7 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26055]: Successful su for rubyman by root
May  7 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26055]: + ??? root:rubyman
May  7 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344974 of user rubyman.
May  7 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26055]: pam_unix(su:session): session closed for user rubyman
May  7 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344974.
May  7 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22489]: pam_unix(cron:session): session closed for user root
May  7 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25990]: pam_unix(cron:session): session closed for user samftp
May  7 05:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session closed for user root
May  7 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Invalid user lol from 27.252.144.74
May  7 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: input_userauth_request: invalid user lol [preauth]
May  7 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  7 05:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Failed password for invalid user lol from 27.252.144.74 port 50637 ssh2
May  7 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26562]: pam_unix(cron:session): session closed for user p13x
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26624]: Successful su for rubyman by root
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26624]: + ??? root:rubyman
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344977 of user rubyman.
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26624]: pam_unix(su:session): session closed for user rubyman
May  7 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344977.
May  7 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user root
May  7 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26563]: pam_unix(cron:session): session closed for user samftp
May  7 05:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26342]: Connection closed by 27.252.144.74 port 50637 [preauth]
May  7 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session closed for user root
May  7 05:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Invalid user lol from 27.252.144.74
May  7 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: input_userauth_request: invalid user lol [preauth]
May  7 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  7 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27030]: Failed password for invalid user lol from 27.252.144.74 port 50665 ssh2
May  7 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27132]: pam_unix(cron:session): session closed for user p13x
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: Successful su for rubyman by root
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: + ??? root:rubyman
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344981 of user rubyman.
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27198]: pam_unix(su:session): session closed for user rubyman
May  7 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344981.
May  7 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23665]: pam_unix(cron:session): session closed for user root
May  7 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27133]: pam_unix(cron:session): session closed for user samftp
May  7 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25992]: pam_unix(cron:session): session closed for user root
May  7 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=data rhost=::ffff:113.22.9.113
May  7 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 05:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 05:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: Invalid user aphan from 64.226.100.253
May  7 05:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: input_userauth_request: invalid user aphan [preauth]
May  7 05:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: pam_unix(sshd:auth): check pass; user unknown
May  7 05:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: Failed password for invalid user aphan from 64.226.100.253 port 36202 ssh2
May  7 05:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27675]: Connection closed by 64.226.100.253 port 36202 [preauth]
May  7 05:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 05:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session closed for user root
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27706]: pam_unix(cron:session): session closed for user root
May  7 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session closed for user p13x
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: Successful su for rubyman by root
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: + ??? root:rubyman
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344986 of user rubyman.
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: pam_unix(su:session): session closed for user rubyman
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344986.
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24309]: pam_unix(cron:session): session closed for user root
May  7 06:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session closed for user root
May  7 06:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27700]: pam_unix(cron:session): session closed for user samftp
May  7 06:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Invalid user support from 194.0.234.19
May  7 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: input_userauth_request: invalid user support [preauth]
May  7 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 06:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Failed password for invalid user support from 194.0.234.19 port 29444 ssh2
May  7 06:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28078]: Connection closed by 194.0.234.19 port 29444 [preauth]
May  7 06:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26565]: pam_unix(cron:session): session closed for user root
May  7 06:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user p13x
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: Successful su for rubyman by root
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: + ??? root:rubyman
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344993 of user rubyman.
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28388]: pam_unix(su:session): session closed for user rubyman
May  7 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344993.
May  7 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session closed for user root
May  7 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session closed for user samftp
May  7 06:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27135]: pam_unix(cron:session): session closed for user root
May  7 06:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28824]: pam_unix(cron:session): session closed for user p13x
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28892]: Successful su for rubyman by root
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28892]: + ??? root:rubyman
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 344998 of user rubyman.
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28892]: pam_unix(su:session): session closed for user rubyman
May  7 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 344998.
May  7 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25385]: pam_unix(cron:session): session closed for user root
May  7 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28825]: pam_unix(cron:session): session closed for user samftp
May  7 06:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session closed for user root
May  7 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Invalid user admin from 80.94.95.112
May  7 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: input_userauth_request: invalid user admin [preauth]
May  7 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Failed password for invalid user admin from 80.94.95.112 port 36830 ssh2
May  7 06:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29443]: pam_unix(cron:session): session closed for user p13x
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29507]: Successful su for rubyman by root
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29507]: + ??? root:rubyman
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345001 of user rubyman.
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29507]: pam_unix(su:session): session closed for user rubyman
May  7 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345001.
May  7 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Failed password for invalid user admin from 80.94.95.112 port 36830 ssh2
May  7 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25991]: pam_unix(cron:session): session closed for user root
May  7 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Failed password for invalid user admin from 80.94.95.112 port 36830 ssh2
May  7 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29444]: pam_unix(cron:session): session closed for user samftp
May  7 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Failed password for invalid user admin from 80.94.95.112 port 36830 ssh2
May  7 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Failed password for invalid user admin from 80.94.95.112 port 36830 ssh2
May  7 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Received disconnect from 80.94.95.112 port 36830:11: Bye [preauth]
May  7 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: Disconnected from 80.94.95.112 port 36830 [preauth]
May  7 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29424]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 06:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28309]: pam_unix(cron:session): session closed for user root
May  7 06:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=web rhost=::ffff:113.22.9.113
May  7 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29948]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29946]: pam_unix(cron:session): session closed for user p13x
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: Successful su for rubyman by root
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: + ??? root:rubyman
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345005 of user rubyman.
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30011]: pam_unix(su:session): session closed for user rubyman
May  7 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345005.
May  7 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26564]: pam_unix(cron:session): session closed for user root
May  7 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29948]: pam_unix(cron:session): session closed for user samftp
May  7 06:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28827]: pam_unix(cron:session): session closed for user root
May  7 06:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session closed for user root
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session closed for user p13x
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: Successful su for rubyman by root
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: + ??? root:rubyman
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345012 of user rubyman.
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30515]: pam_unix(su:session): session closed for user rubyman
May  7 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345012.
May  7 06:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session closed for user root
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: Invalid user oracle from 193.70.84.184
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: input_userauth_request: invalid user oracle [preauth]
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27134]: pam_unix(cron:session): session closed for user root
May  7 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: Failed password for invalid user oracle from 193.70.84.184 port 38516 ssh2
May  7 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30602]: Connection closed by 193.70.84.184 port 38516 [preauth]
May  7 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session closed for user samftp
May  7 06:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29446]: pam_unix(cron:session): session closed for user root
May  7 06:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user p13x
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31131]: Successful su for rubyman by root
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31131]: + ??? root:rubyman
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345015 of user rubyman.
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31131]: pam_unix(su:session): session closed for user rubyman
May  7 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345015.
May  7 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session closed for user root
May  7 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31049]: pam_unix(cron:session): session closed for user samftp
May  7 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 5 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Invalid user wyse from 112.217.207.28
May  7 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: input_userauth_request: invalid user wyse [preauth]
May  7 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Failed password for invalid user wyse from 112.217.207.28 port 59554 ssh2
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Received disconnect from 112.217.207.28 port 59554:11: Bye Bye [preauth]
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31431]: Disconnected from 112.217.207.28 port 59554 [preauth]
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: Invalid user ardeshpa from 64.226.100.253
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: input_userauth_request: invalid user ardeshpa [preauth]
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29950]: pam_unix(cron:session): session closed for user root
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: Failed password for invalid user ardeshpa from 64.226.100.253 port 45906 ssh2
May  7 06:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31442]: Connection closed by 64.226.100.253 port 45906 [preauth]
May  7 06:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session closed for user p13x
May  7 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: Successful su for rubyman by root
May  7 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: + ??? root:rubyman
May  7 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345020 of user rubyman.
May  7 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31654]: pam_unix(su:session): session closed for user rubyman
May  7 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345020.
May  7 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28308]: pam_unix(cron:session): session closed for user root
May  7 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31582]: pam_unix(cron:session): session closed for user samftp
May  7 06:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 06:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: Failed password for root from 80.94.95.115 port 30690 ssh2
May  7 06:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31844]: Connection closed by 80.94.95.115 port 30690 [preauth]
May  7 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 5 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session closed for user root
May  7 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp
May  7 06:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 5 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftp rhost=::ffff:113.22.9.113  user=ftp]
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32408]: pam_unix(cron:session): session closed for user p13x
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32474]: Successful su for rubyman by root
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32474]: + ??? root:rubyman
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345022 of user rubyman.
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32474]: pam_unix(su:session): session closed for user rubyman
May  7 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345022.
May  7 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28826]: pam_unix(cron:session): session closed for user root
May  7 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32409]: pam_unix(cron:session): session closed for user samftp
May  7 06:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31054]: pam_unix(cron:session): session closed for user root
May  7 06:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session closed for user p13x
May  7 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: Successful su for rubyman by root
May  7 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: + ??? root:rubyman
May  7 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345027 of user rubyman.
May  7 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[788]: pam_unix(su:session): session closed for user rubyman
May  7 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345027.
May  7 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session closed for user root
May  7 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29445]: pam_unix(cron:session): session closed for user root
May  7 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session closed for user samftp
May  7 06:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Connection closed by 167.94.138.112 port 33738 [preauth]
May  7 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31584]: pam_unix(cron:session): session closed for user root
May  7 06:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  7 06:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Failed password for root from 124.198.59.254 port 59076 ssh2
May  7 06:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1125]: Connection closed by 124.198.59.254 port 59076 [preauth]
May  7 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1353]: pam_unix(cron:session): session closed for user root
May  7 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1348]: pam_unix(cron:session): session closed for user p13x
May  7 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: Successful su for rubyman by root
May  7 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: + ??? root:rubyman
May  7 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345035 of user rubyman.
May  7 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1423]: pam_unix(su:session): session closed for user rubyman
May  7 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345035.
May  7 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1350]: pam_unix(cron:session): session closed for user root
May  7 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29949]: pam_unix(cron:session): session closed for user root
May  7 06:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session closed for user samftp
May  7 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32411]: pam_unix(cron:session): session closed for user root
May  7 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2039]: pam_unix(cron:session): session closed for user p13x
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: Successful su for rubyman by root
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: + ??? root:rubyman
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345039 of user rubyman.
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: pam_unix(su:session): session closed for user rubyman
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345039.
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user root
May  7 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2040]: pam_unix(cron:session): session closed for user samftp
May  7 06:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[646]: pam_unix(cron:session): session closed for user root
May  7 06:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Failed password for root from 218.92.0.179 port 36363 ssh2
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2574]: pam_unix(cron:session): session closed for user p13x
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2645]: Successful su for rubyman by root
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2645]: + ??? root:rubyman
May  7 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345041 of user rubyman.
May  7 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2645]: pam_unix(su:session): session closed for user rubyman
May  7 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345041.
May  7 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Failed password for root from 218.92.0.179 port 36363 ssh2
May  7 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31052]: pam_unix(cron:session): session closed for user root
May  7 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:113.22.9.113
May  7 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Failed password for root from 218.92.0.179 port 36363 ssh2
May  7 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Received disconnect from 218.92.0.179 port 36363:11:  [preauth]
May  7 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: Disconnected from 218.92.0.179 port 36363 [preauth]
May  7 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2557]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session closed for user samftp
May  7 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1352]: pam_unix(cron:session): session closed for user root
May  7 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session closed for user p13x
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: Successful su for rubyman by root
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: + ??? root:rubyman
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345045 of user rubyman.
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3160]: pam_unix(su:session): session closed for user rubyman
May  7 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345045.
May  7 06:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31583]: pam_unix(cron:session): session closed for user root
May  7 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user samftp
May  7 06:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Invalid user arman1 from 64.226.100.253
May  7 06:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: input_userauth_request: invalid user arman1 [preauth]
May  7 06:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Failed password for invalid user arman1 from 64.226.100.253 port 40310 ssh2
May  7 06:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Connection closed by 64.226.100.253 port 40310 [preauth]
May  7 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session closed for user root
May  7 06:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3649]: pam_unix(cron:session): session closed for user p13x
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3708]: Successful su for rubyman by root
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3708]: + ??? root:rubyman
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345050 of user rubyman.
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3708]: pam_unix(su:session): session closed for user rubyman
May  7 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345050.
May  7 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session closed for user root
May  7 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3650]: pam_unix(cron:session): session closed for user samftp
May  7 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2578]: pam_unix(cron:session): session closed for user root
May  7 06:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Invalid user swadmin from 112.217.207.28
May  7 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: input_userauth_request: invalid user swadmin [preauth]
May  7 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Failed password for invalid user swadmin from 112.217.207.28 port 52704 ssh2
May  7 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Received disconnect from 112.217.207.28 port 52704:11: Bye Bye [preauth]
May  7 06:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4135]: Disconnected from 112.217.207.28 port 52704 [preauth]
May  7 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Invalid user fptuser from 50.235.31.47
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: input_userauth_request: invalid user fptuser [preauth]
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Failed password for invalid user fptuser from 50.235.31.47 port 51156 ssh2
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4182]: pam_unix(cron:session): session closed for user root
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4176]: pam_unix(cron:session): session closed for user p13x
May  7 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4168]: Connection closed by 50.235.31.47 port 51156 [preauth]
May  7 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4273]: Successful su for rubyman by root
May  7 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4273]: + ??? root:rubyman
May  7 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345053 of user rubyman.
May  7 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4273]: pam_unix(su:session): session closed for user rubyman
May  7 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345053.
May  7 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4179]: pam_unix(cron:session): session closed for user root
May  7 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[645]: pam_unix(cron:session): session closed for user root
May  7 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Invalid user c-comatic from 80.94.95.29
May  7 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: input_userauth_request: invalid user c-comatic [preauth]
May  7 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Failed password for invalid user c-comatic from 80.94.95.29 port 52628 ssh2
May  7 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4177]: pam_unix(cron:session): session closed for user samftp
May  7 06:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  7 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Failed password for invalid user c-comatic from 80.94.95.29 port 52628 ssh2
May  7 06:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for root from 186.96.145.241 port 53392 ssh2
May  7 06:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 186.96.145.241 port 53392 [preauth]
May  7 06:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Failed password for invalid user c-comatic from 80.94.95.29 port 52628 ssh2
May  7 06:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Failed password for invalid user c-comatic from 80.94.95.29 port 52628 ssh2
May  7 06:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Failed password for invalid user c-comatic from 80.94.95.29 port 52628 ssh2
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Received disconnect from 80.94.95.29 port 52628:11: Bye [preauth]
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: Disconnected from 80.94.95.29 port 52628 [preauth]
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 06:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4560]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user root
May  7 06:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Invalid user admin from 80.94.95.241
May  7 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: input_userauth_request: invalid user admin [preauth]
May  7 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user admin from 80.94.95.241 port 65416 ssh2
May  7 06:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user admin from 80.94.95.241 port 65416 ssh2
May  7 06:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user admin from 80.94.95.241 port 65416 ssh2
May  7 06:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user admin from 80.94.95.241 port 65416 ssh2
May  7 06:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Failed password for invalid user admin from 80.94.95.241 port 65416 ssh2
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session closed for user p13x
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Received disconnect from 80.94.95.241 port 65416:11: Bye [preauth]
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: Disconnected from 80.94.95.241 port 65416 [preauth]
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4846]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4976]: Successful su for rubyman by root
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4976]: + ??? root:rubyman
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345060 of user rubyman.
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4976]: pam_unix(su:session): session closed for user rubyman
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345060.
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1351]: pam_unix(cron:session): session closed for user root
May  7 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4890]: pam_unix(cron:session): session closed for user samftp
May  7 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user rhost=::ffff:113.22.9.113
May  7 06:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3652]: pam_unix(cron:session): session closed for user root
May  7 06:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  7 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Failed password for root from 80.94.95.116 port 28864 ssh2
May  7 06:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Connection closed by 80.94.95.116 port 28864 [preauth]
May  7 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5670]: pam_unix(cron:session): session closed for user root
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user p13x
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: Successful su for rubyman by root
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: + ??? root:rubyman
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345064 of user rubyman.
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5739]: pam_unix(su:session): session closed for user rubyman
May  7 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345064.
May  7 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session closed for user root
May  7 06:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5673]: pam_unix(cron:session): session closed for user samftp
May  7 06:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4181]: pam_unix(cron:session): session closed for user root
May  7 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user p13x
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: Successful su for rubyman by root
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: + ??? root:rubyman
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345068 of user rubyman.
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6341]: pam_unix(su:session): session closed for user rubyman
May  7 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345068.
May  7 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session closed for user root
May  7 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6277]: pam_unix(cron:session): session closed for user samftp
May  7 06:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4892]: pam_unix(cron:session): session closed for user root
May  7 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for root from 218.92.0.206 port 22510 ssh2
May  7 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for root from 218.92.0.206 port 22510 ssh2
May  7 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6774]: pam_unix(cron:session): session closed for user p13x
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6835]: Successful su for rubyman by root
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6835]: + ??? root:rubyman
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345074 of user rubyman.
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6835]: pam_unix(su:session): session closed for user rubyman
May  7 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345074.
May  7 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user root
May  7 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6775]: pam_unix(cron:session): session closed for user samftp
May  7 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user root
May  7 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7397]: pam_unix(cron:session): session closed for user root
May  7 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7391]: pam_unix(cron:session): session closed for user p13x
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Invalid user ash from 64.226.100.253
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: input_userauth_request: invalid user ash [preauth]
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7462]: Successful su for rubyman by root
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7462]: + ??? root:rubyman
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345081 of user rubyman.
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7462]: pam_unix(su:session): session closed for user rubyman
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345081.
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7393]: pam_unix(cron:session): session closed for user root
May  7 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3651]: pam_unix(cron:session): session closed for user root
May  7 06:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Failed password for invalid user ash from 64.226.100.253 port 37560 ssh2
May  7 06:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7388]: Connection closed by 64.226.100.253 port 37560 [preauth]
May  7 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7392]: pam_unix(cron:session): session closed for user samftp
May  7 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=user123 rhost=::ffff:113.22.9.113
May  7 06:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Failed password for root from 218.92.0.179 port 42572 ssh2
May  7 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Failed password for root from 218.92.0.179 port 42572 ssh2
May  7 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6280]: pam_unix(cron:session): session closed for user root
May  7 06:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Failed password for root from 218.92.0.179 port 42572 ssh2
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Invalid user multi from 112.217.207.28
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: input_userauth_request: invalid user multi [preauth]
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Received disconnect from 218.92.0.179 port 42572:11:  [preauth]
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: Disconnected from 218.92.0.179 port 42572 [preauth]
May  7 06:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7904]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Failed password for invalid user multi from 112.217.207.28 port 56420 ssh2
May  7 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Received disconnect from 112.217.207.28 port 56420:11: Bye Bye [preauth]
May  7 06:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7942]: Disconnected from 112.217.207.28 port 56420 [preauth]
May  7 06:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8055]: pam_unix(cron:session): session closed for user p13x
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: Successful su for rubyman by root
May  7 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: + ??? root:rubyman
May  7 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345084 of user rubyman.
May  7 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8139]: pam_unix(su:session): session closed for user rubyman
May  7 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345084.
May  7 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4180]: pam_unix(cron:session): session closed for user root
May  7 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session closed for user samftp
May  7 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6779]: pam_unix(cron:session): session closed for user root
May  7 06:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Did not receive identification string from 64.23.161.151
May  7 06:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8600]: pam_unix(cron:session): session closed for user p13x
May  7 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8664]: Successful su for rubyman by root
May  7 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8664]: + ??? root:rubyman
May  7 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345087 of user rubyman.
May  7 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8664]: pam_unix(su:session): session closed for user rubyman
May  7 06:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345087.
May  7 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session closed for user root
May  7 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8601]: pam_unix(cron:session): session closed for user samftp
May  7 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7396]: pam_unix(cron:session): session closed for user root
May  7 06:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9205]: pam_unix(cron:session): session closed for user p13x
May  7 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: Successful su for rubyman by root
May  7 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: + ??? root:rubyman
May  7 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345090 of user rubyman.
May  7 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9280]: pam_unix(su:session): session closed for user rubyman
May  7 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345090.
May  7 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user root
May  7 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session closed for user samftp
May  7 06:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8058]: pam_unix(cron:session): session closed for user root
May  7 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9736]: pam_unix(cron:session): session closed for user p13x
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9806]: Successful su for rubyman by root
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9806]: + ??? root:rubyman
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345096 of user rubyman.
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9806]: pam_unix(su:session): session closed for user rubyman
May  7 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345096.
May  7 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6279]: pam_unix(cron:session): session closed for user root
May  7 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9737]: pam_unix(cron:session): session closed for user samftp
May  7 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 06:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=::ffff:113.22.9.113
May  7 06:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8604]: pam_unix(cron:session): session closed for user root
May  7 06:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 5 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user root
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user p13x
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: Successful su for rubyman by root
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: + ??? root:rubyman
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345099 of user rubyman.
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10400]: pam_unix(su:session): session closed for user rubyman
May  7 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345099.
May  7 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user root
May  7 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6778]: pam_unix(cron:session): session closed for user root
May  7 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session closed for user samftp
May  7 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session closed for user root
May  7 06:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10931]: pam_unix(cron:session): session closed for user p13x
May  7 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: Successful su for rubyman by root
May  7 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: + ??? root:rubyman
May  7 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345106 of user rubyman.
May  7 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: pam_unix(su:session): session closed for user rubyman
May  7 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345106.
May  7 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7394]: pam_unix(cron:session): session closed for user root
May  7 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10932]: pam_unix(cron:session): session closed for user samftp
May  7 06:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Invalid user develop from 112.217.207.28
May  7 06:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: input_userauth_request: invalid user develop [preauth]
May  7 06:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Failed password for invalid user develop from 112.217.207.28 port 45356 ssh2
May  7 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Received disconnect from 112.217.207.28 port 45356:11: Bye Bye [preauth]
May  7 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11236]: Disconnected from 112.217.207.28 port 45356 [preauth]
May  7 06:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9740]: pam_unix(cron:session): session closed for user root
May  7 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Invalid user ubuntu from 64.23.161.151
May  7 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: input_userauth_request: invalid user ubuntu [preauth]
May  7 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 06:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Failed password for invalid user ubuntu from 64.23.161.151 port 59756 ssh2
May  7 06:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Connection closed by 64.23.161.151 port 59756 [preauth]
May  7 06:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Invalid user ashima87 from 64.226.100.253
May  7 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: input_userauth_request: invalid user ashima87 [preauth]
May  7 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Failed password for invalid user ashima87 from 64.226.100.253 port 35144 ssh2
May  7 06:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11381]: Connection closed by 64.226.100.253 port 35144 [preauth]
May  7 06:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user p13x
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11489]: Successful su for rubyman by root
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11489]: + ??? root:rubyman
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345109 of user rubyman.
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11489]: pam_unix(su:session): session closed for user rubyman
May  7 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345109.
May  7 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8057]: pam_unix(cron:session): session closed for user root
May  7 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user samftp
May  7 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Failed password for root from 218.92.0.179 port 19176 ssh2
May  7 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Failed password for root from 218.92.0.179 port 19176 ssh2
May  7 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Failed password for root from 218.92.0.179 port 19176 ssh2
May  7 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Received disconnect from 218.92.0.179 port 19176:11:  [preauth]
May  7 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: Disconnected from 218.92.0.179 port 19176 [preauth]
May  7 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11699]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 2 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user root
May  7 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11929]: pam_unix(cron:session): session closed for user p13x
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11989]: Successful su for rubyman by root
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11989]: + ??? root:rubyman
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345113 of user rubyman.
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11989]: pam_unix(su:session): session closed for user rubyman
May  7 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345113.
May  7 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8603]: pam_unix(cron:session): session closed for user root
May  7 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session closed for user samftp
May  7 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: Failed password for root from 46.244.96.25 port 52678 ssh2
May  7 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12136]: Connection closed by 46.244.96.25 port 52678 [preauth]
May  7 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: message repeated 6 times: [ pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data]
May  7 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10934]: pam_unix(cron:session): session closed for user root
May  7 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=www-data rhost=::ffff:113.22.9.113  user=www-data
May  7 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12391]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12390]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12390]: pam_unix(cron:session): session closed for user p13x
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12449]: Successful su for rubyman by root
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12449]: + ??? root:rubyman
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345117 of user rubyman.
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12449]: pam_unix(su:session): session closed for user rubyman
May  7 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345117.
May  7 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session closed for user root
May  7 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12391]: pam_unix(cron:session): session closed for user samftp
May  7 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Invalid user user from 194.0.234.19
May  7 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: input_userauth_request: invalid user user [preauth]
May  7 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Failed password for invalid user user from 194.0.234.19 port 25142 ssh2
May  7 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12662]: Connection closed by 194.0.234.19 port 25142 [preauth]
May  7 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11423]: pam_unix(cron:session): session closed for user root
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12777]: pam_unix(cron:session): session closed for user root
May  7 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12772]: pam_unix(cron:session): session closed for user p13x
May  7 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12841]: Successful su for rubyman by root
May  7 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12841]: + ??? root:rubyman
May  7 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345122 of user rubyman.
May  7 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12841]: pam_unix(su:session): session closed for user rubyman
May  7 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345122.
May  7 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12774]: pam_unix(cron:session): session closed for user root
May  7 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9739]: pam_unix(cron:session): session closed for user root
May  7 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12773]: pam_unix(cron:session): session closed for user samftp
May  7 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11933]: pam_unix(cron:session): session closed for user root
May  7 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Failed password for root from 218.92.0.179 port 21193 ssh2
May  7 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Failed password for root from 218.92.0.179 port 21193 ssh2
May  7 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Failed password for root from 218.92.0.179 port 21193 ssh2
May  7 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Received disconnect from 218.92.0.179 port 21193:11:  [preauth]
May  7 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: Disconnected from 218.92.0.179 port 21193 [preauth]
May  7 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13175]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13199]: pam_unix(cron:session): session closed for user p13x
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13265]: Successful su for rubyman by root
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13265]: + ??? root:rubyman
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345129 of user rubyman.
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13265]: pam_unix(su:session): session closed for user rubyman
May  7 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345129.
May  7 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Invalid user j from 195.178.110.50
May  7 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: input_userauth_request: invalid user j [preauth]
May  7 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
May  7 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Failed password for invalid user j from 195.178.110.50 port 21384 ssh2
May  7 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13200]: pam_unix(cron:session): session closed for user samftp
May  7 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13186]: Connection closed by 195.178.110.50 port 21384 [preauth]
May  7 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Invalid user w from 195.178.110.50
May  7 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: input_userauth_request: invalid user w [preauth]
May  7 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Failed password for invalid user w from 195.178.110.50 port 45788 ssh2
May  7 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13548]: Connection closed by 195.178.110.50 port 45788 [preauth]
May  7 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Invalid user & from 195.178.110.50
May  7 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: input_userauth_request: invalid user & [preauth]
May  7 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Failed password for invalid user & from 195.178.110.50 port 26358 ssh2
May  7 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13593]: Connection closed by 195.178.110.50 port 26358 [preauth]
May  7 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12393]: pam_unix(cron:session): session closed for user root
May  7 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Invalid user 3 from 195.178.110.50
May  7 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: input_userauth_request: invalid user 3 [preauth]
May  7 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Failed password for invalid user 3 from 195.178.110.50 port 55396 ssh2
May  7 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13627]: Connection closed by 195.178.110.50 port 55396 [preauth]
May  7 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Invalid user platform from 112.217.207.28
May  7 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: input_userauth_request: invalid user platform [preauth]
May  7 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Failed password for invalid user platform from 112.217.207.28 port 38124 ssh2
May  7 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Received disconnect from 112.217.207.28 port 38124:11: Bye Bye [preauth]
May  7 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13669]: Disconnected from 112.217.207.28 port 38124 [preauth]
May  7 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Invalid user @ from 195.178.110.50
May  7 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: input_userauth_request: invalid user @ [preauth]
May  7 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Failed password for invalid user @ from 195.178.110.50 port 6432 ssh2
May  7 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13668]: Connection closed by 195.178.110.50 port 6432 [preauth]
May  7 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13726]: pam_unix(cron:session): session closed for user p13x
May  7 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13791]: Successful su for rubyman by root
May  7 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13791]: + ??? root:rubyman
May  7 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345131 of user rubyman.
May  7 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13791]: pam_unix(su:session): session closed for user rubyman
May  7 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345131.
May  7 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10933]: pam_unix(cron:session): session closed for user root
May  7 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13727]: pam_unix(cron:session): session closed for user samftp
May  7 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12776]: pam_unix(cron:session): session closed for user root
May  7 06:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: Failed password for root from 164.68.105.9 port 42372 ssh2
May  7 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14097]: Connection closed by 164.68.105.9 port 42372 [preauth]
May  7 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14125]: pam_unix(cron:session): session closed for user p13x
May  7 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14187]: Successful su for rubyman by root
May  7 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14187]: + ??? root:rubyman
May  7 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345136 of user rubyman.
May  7 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14187]: pam_unix(su:session): session closed for user rubyman
May  7 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345136.
May  7 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session closed for user root
May  7 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14126]: pam_unix(cron:session): session closed for user samftp
May  7 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: Invalid user ashok from 64.226.100.253
May  7 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: input_userauth_request: invalid user ashok [preauth]
May  7 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: Failed password for invalid user ashok from 64.226.100.253 port 40644 ssh2
May  7 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14432]: Connection closed by 64.226.100.253 port 40644 [preauth]
May  7 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13203]: pam_unix(cron:session): session closed for user root
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14523]: pam_unix(cron:session): session closed for user p13x
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: Successful su for rubyman by root
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: + ??? root:rubyman
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345140 of user rubyman.
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14588]: pam_unix(su:session): session closed for user rubyman
May  7 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345140.
May  7 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11932]: pam_unix(cron:session): session closed for user root
May  7 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14524]: pam_unix(cron:session): session closed for user samftp
May  7 06:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user root
May  7 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Invalid user sol from 64.23.161.151
May  7 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: input_userauth_request: invalid user sol [preauth]
May  7 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 06:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Failed password for invalid user sol from 64.23.161.151 port 40336 ssh2
May  7 06:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15020]: Connection closed by 64.23.161.151 port 40336 [preauth]
May  7 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13729]: pam_unix(cron:session): session closed for user root
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15138]: pam_unix(cron:session): session closed for user root
May  7 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15133]: pam_unix(cron:session): session closed for user p13x
May  7 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: Successful su for rubyman by root
May  7 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: + ??? root:rubyman
May  7 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345143 of user rubyman.
May  7 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15200]: pam_unix(su:session): session closed for user rubyman
May  7 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345143.
May  7 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15135]: pam_unix(cron:session): session closed for user root
May  7 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12392]: pam_unix(cron:session): session closed for user root
May  7 06:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session closed for user samftp
May  7 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14128]: pam_unix(cron:session): session closed for user root
May  7 06:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user p13x
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for root from 218.92.0.179 port 27470 ssh2
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: Successful su for rubyman by root
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: + ??? root:rubyman
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345150 of user rubyman.
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15621]: pam_unix(su:session): session closed for user rubyman
May  7 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345150.
May  7 06:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for root from 218.92.0.179 port 27470 ssh2
May  7 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12775]: pam_unix(cron:session): session closed for user root
May  7 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Failed password for root from 218.92.0.179 port 27470 ssh2
May  7 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user samftp
May  7 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Received disconnect from 218.92.0.179 port 27470:11:  [preauth]
May  7 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: Disconnected from 218.92.0.179 port 27470 [preauth]
May  7 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15542]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14526]: pam_unix(cron:session): session closed for user root
May  7 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15953]: pam_unix(cron:session): session closed for user p13x
May  7 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: Successful su for rubyman by root
May  7 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: + ??? root:rubyman
May  7 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345153 of user rubyman.
May  7 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session closed for user rubyman
May  7 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345153.
May  7 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13202]: pam_unix(cron:session): session closed for user root
May  7 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user samftp
May  7 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Invalid user jramirez from 112.217.207.28
May  7 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: input_userauth_request: invalid user jramirez [preauth]
May  7 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Failed password for invalid user jramirez from 112.217.207.28 port 57634 ssh2
May  7 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Received disconnect from 112.217.207.28 port 57634:11: Bye Bye [preauth]
May  7 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16196]: Disconnected from 112.217.207.28 port 57634 [preauth]
May  7 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15137]: pam_unix(cron:session): session closed for user root
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16328]: pam_unix(cron:session): session closed for user p13x
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: Successful su for rubyman by root
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: + ??? root:rubyman
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345159 of user rubyman.
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16385]: pam_unix(su:session): session closed for user rubyman
May  7 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345159.
May  7 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13728]: pam_unix(cron:session): session closed for user root
May  7 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16329]: pam_unix(cron:session): session closed for user samftp
May  7 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Invalid user admin from 80.94.95.112
May  7 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: input_userauth_request: invalid user admin [preauth]
May  7 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user admin from 80.94.95.112 port 57497 ssh2
May  7 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user admin from 80.94.95.112 port 57497 ssh2
May  7 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user admin from 80.94.95.112 port 57497 ssh2
May  7 06:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user admin from 80.94.95.112 port 57497 ssh2
May  7 06:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Failed password for invalid user admin from 80.94.95.112 port 57497 ssh2
May  7 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Received disconnect from 80.94.95.112 port 57497:11: Bye [preauth]
May  7 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: Disconnected from 80.94.95.112 port 57497 [preauth]
May  7 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16624]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 06:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15557]: pam_unix(cron:session): session closed for user root
May  7 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Invalid user ocadmin from 23.94.179.104
May  7 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: input_userauth_request: invalid user ocadmin [preauth]
May  7 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  7 06:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Failed password for invalid user ocadmin from 23.94.179.104 port 42356 ssh2
May  7 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Connection closed by 23.94.179.104 port 42356 [preauth]
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16791]: pam_unix(cron:session): session closed for user p13x
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16933]: Successful su for rubyman by root
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16933]: + ??? root:rubyman
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16933]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345163 of user rubyman.
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16933]: pam_unix(su:session): session closed for user rubyman
May  7 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345163.
May  7 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user root
May  7 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14127]: pam_unix(cron:session): session closed for user root
May  7 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16792]: pam_unix(cron:session): session closed for user samftp
May  7 06:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Invalid user telecomadmin from 80.94.95.116
May  7 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: input_userauth_request: invalid user telecomadmin [preauth]
May  7 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for invalid user telecomadmin from 80.94.95.116 port 45556 ssh2
May  7 06:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Connection closed by 80.94.95.116 port 45556 [preauth]
May  7 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17313]: pam_unix(cron:session): session closed for user root
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17308]: pam_unix(cron:session): session closed for user p13x
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: Successful su for rubyman by root
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: + ??? root:rubyman
May  7 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345168 of user rubyman.
May  7 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17375]: pam_unix(su:session): session closed for user rubyman
May  7 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345168.
May  7 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17310]: pam_unix(cron:session): session closed for user root
May  7 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14525]: pam_unix(cron:session): session closed for user root
May  7 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17309]: pam_unix(cron:session): session closed for user samftp
May  7 06:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Invalid user ashokja from 64.226.100.253
May  7 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: input_userauth_request: invalid user ashokja [preauth]
May  7 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Failed password for invalid user ashokja from 64.226.100.253 port 40864 ssh2
May  7 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17606]: Connection closed by 64.226.100.253 port 40864 [preauth]
May  7 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16331]: pam_unix(cron:session): session closed for user root
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17755]: pam_unix(cron:session): session closed for user p13x
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: Successful su for rubyman by root
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: + ??? root:rubyman
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345172 of user rubyman.
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17931]: pam_unix(su:session): session closed for user rubyman
May  7 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345172.
May  7 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15136]: pam_unix(cron:session): session closed for user root
May  7 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17756]: pam_unix(cron:session): session closed for user samftp
May  7 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session closed for user root
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18283]: pam_unix(cron:session): session closed for user p13x
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: Successful su for rubyman by root
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: + ??? root:rubyman
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345177 of user rubyman.
May  7 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: pam_unix(su:session): session closed for user rubyman
May  7 06:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345177.
May  7 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session closed for user root
May  7 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18284]: pam_unix(cron:session): session closed for user samftp
May  7 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Invalid user solana from 64.23.161.151
May  7 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: input_userauth_request: invalid user solana [preauth]
May  7 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Failed password for invalid user solana from 64.23.161.151 port 40270 ssh2
May  7 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Connection closed by 64.23.161.151 port 40270 [preauth]
May  7 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17312]: pam_unix(cron:session): session closed for user root
May  7 06:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Invalid user lukas from 112.217.207.28
May  7 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: input_userauth_request: invalid user lukas [preauth]
May  7 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Failed password for invalid user lukas from 112.217.207.28 port 56786 ssh2
May  7 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Received disconnect from 112.217.207.28 port 56786:11: Bye Bye [preauth]
May  7 06:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18632]: Disconnected from 112.217.207.28 port 56786 [preauth]
May  7 06:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Failed password for root from 218.92.0.179 port 53139 ssh2
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session closed for user p13x
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: Successful su for rubyman by root
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: + ??? root:rubyman
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345182 of user rubyman.
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18759]: pam_unix(su:session): session closed for user rubyman
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345182.
May  7 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Failed password for root from 218.92.0.179 port 53139 ssh2
May  7 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Failed password for root from 218.92.0.179 port 53139 ssh2
May  7 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Received disconnect from 218.92.0.179 port 53139:11:  [preauth]
May  7 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: Disconnected from 218.92.0.179 port 53139 [preauth]
May  7 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18682]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user root
May  7 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session closed for user samftp
May  7 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session closed for user root
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19104]: pam_unix(cron:session): session closed for user p13x
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19164]: Successful su for rubyman by root
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19164]: + ??? root:rubyman
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345186 of user rubyman.
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19164]: pam_unix(su:session): session closed for user rubyman
May  7 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345186.
May  7 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16330]: pam_unix(cron:session): session closed for user root
May  7 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19105]: pam_unix(cron:session): session closed for user samftp
May  7 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18287]: pam_unix(cron:session): session closed for user root
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19516]: pam_unix(cron:session): session closed for user root
May  7 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19510]: pam_unix(cron:session): session closed for user p13x
May  7 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: Successful su for rubyman by root
May  7 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: + ??? root:rubyman
May  7 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345193 of user rubyman.
May  7 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19582]: pam_unix(su:session): session closed for user rubyman
May  7 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345193.
May  7 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19512]: pam_unix(cron:session): session closed for user root
May  7 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16793]: pam_unix(cron:session): session closed for user root
May  7 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19511]: pam_unix(cron:session): session closed for user samftp
May  7 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18698]: pam_unix(cron:session): session closed for user root
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19955]: pam_unix(cron:session): session closed for user p13x
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: Successful su for rubyman by root
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: + ??? root:rubyman
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345194 of user rubyman.
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: pam_unix(su:session): session closed for user rubyman
May  7 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345194.
May  7 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17311]: pam_unix(cron:session): session closed for user root
May  7 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session closed for user samftp
May  7 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19107]: pam_unix(cron:session): session closed for user root
May  7 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: Invalid user victor from 14.103.127.58
May  7 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: input_userauth_request: invalid user victor [preauth]
May  7 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58
May  7 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20334]: Failed password for invalid user victor from 14.103.127.58 port 42436 ssh2
May  7 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Invalid user ashwinik from 64.226.100.253
May  7 06:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: input_userauth_request: invalid user ashwinik [preauth]
May  7 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Failed password for invalid user ashwinik from 64.226.100.253 port 44760 ssh2
May  7 06:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20353]: Connection closed by 64.226.100.253 port 44760 [preauth]
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session closed for user p13x
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: Successful su for rubyman by root
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: + ??? root:rubyman
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345198 of user rubyman.
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20429]: pam_unix(su:session): session closed for user rubyman
May  7 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345198.
May  7 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17758]: pam_unix(cron:session): session closed for user root
May  7 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20367]: pam_unix(cron:session): session closed for user samftp
May  7 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19514]: pam_unix(cron:session): session closed for user root
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20766]: pam_unix(cron:session): session closed for user p13x
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: Successful su for rubyman by root
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: + ??? root:rubyman
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345203 of user rubyman.
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20832]: pam_unix(su:session): session closed for user rubyman
May  7 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345203.
May  7 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18286]: pam_unix(cron:session): session closed for user root
May  7 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20767]: pam_unix(cron:session): session closed for user samftp
May  7 06:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Invalid user php from 112.217.207.28
May  7 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: input_userauth_request: invalid user php [preauth]
May  7 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Failed password for invalid user php from 112.217.207.28 port 52436 ssh2
May  7 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Received disconnect from 112.217.207.28 port 52436:11: Bye Bye [preauth]
May  7 06:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Disconnected from 112.217.207.28 port 52436 [preauth]
May  7 06:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Failed password for root from 218.92.0.179 port 55499 ssh2
May  7 06:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55499 ssh2]
May  7 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Received disconnect from 218.92.0.179 port 55499:11:  [preauth]
May  7 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Disconnected from 218.92.0.179 port 55499 [preauth]
May  7 06:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session closed for user root
May  7 06:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Invalid user dante from 223.68.169.181
May  7 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: input_userauth_request: invalid user dante [preauth]
May  7 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181
May  7 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Failed password for invalid user dante from 223.68.169.181 port 37016 ssh2
May  7 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Received disconnect from 223.68.169.181 port 37016:11: Bye Bye [preauth]
May  7 06:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21172]: Disconnected from 223.68.169.181 port 37016 [preauth]
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21191]: pam_unix(cron:session): session closed for user p13x
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: Successful su for rubyman by root
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: + ??? root:rubyman
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345206 of user rubyman.
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21290]: pam_unix(su:session): session closed for user rubyman
May  7 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345206.
May  7 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18696]: pam_unix(cron:session): session closed for user root
May  7 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session closed for user samftp
May  7 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: Connection closed by 80.94.95.116 port 37736 [preauth]
May  7 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20369]: pam_unix(cron:session): session closed for user root
May  7 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Invalid user validator from 64.23.161.151
May  7 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: input_userauth_request: invalid user validator [preauth]
May  7 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Failed password for invalid user validator from 64.23.161.151 port 40914 ssh2
May  7 06:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21616]: Connection closed by 64.23.161.151 port 40914 [preauth]
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21657]: pam_unix(cron:session): session closed for user root
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21643]: pam_unix(cron:session): session closed for user p13x
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21734]: Successful su for rubyman by root
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21734]: + ??? root:rubyman
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345213 of user rubyman.
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21734]: pam_unix(su:session): session closed for user rubyman
May  7 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345213.
May  7 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21645]: pam_unix(cron:session): session closed for user root
May  7 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19106]: pam_unix(cron:session): session closed for user root
May  7 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21644]: pam_unix(cron:session): session closed for user samftp
May  7 06:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 06:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Failed password for root from 80.94.95.29 port 18891 ssh2
May  7 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 18891 ssh2]
May  7 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Received disconnect from 80.94.95.29 port 18891:11: Bye [preauth]
May  7 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Disconnected from 80.94.95.29 port 18891 [preauth]
May  7 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 06:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Invalid user admin from 80.94.95.241
May  7 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: input_userauth_request: invalid user admin [preauth]
May  7 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20769]: pam_unix(cron:session): session closed for user root
May  7 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 80.94.95.241 port 19889 ssh2
May  7 06:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 80.94.95.241 port 19889 ssh2
May  7 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 80.94.95.241 port 19889 ssh2
May  7 06:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 80.94.95.241 port 19889 ssh2
May  7 06:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Failed password for invalid user admin from 80.94.95.241 port 19889 ssh2
May  7 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Received disconnect from 80.94.95.241 port 19889:11: Bye [preauth]
May  7 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: Disconnected from 80.94.95.241 port 19889 [preauth]
May  7 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 06:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22325]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22434]: pam_unix(cron:session): session closed for user p13x
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22511]: Successful su for rubyman by root
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22511]: + ??? root:rubyman
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345216 of user rubyman.
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22511]: pam_unix(su:session): session closed for user rubyman
May  7 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345216.
May  7 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19513]: pam_unix(cron:session): session closed for user root
May  7 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22435]: pam_unix(cron:session): session closed for user samftp
May  7 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21194]: pam_unix(cron:session): session closed for user root
May  7 06:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Invalid user sebastian from 190.103.202.7
May  7 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: input_userauth_request: invalid user sebastian [preauth]
May  7 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for invalid user sebastian from 190.103.202.7 port 37404 ssh2
May  7 06:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Connection closed by 190.103.202.7 port 37404 [preauth]
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22903]: pam_unix(cron:session): session closed for user p13x
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: Successful su for rubyman by root
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: + ??? root:rubyman
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345220 of user rubyman.
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22997]: pam_unix(su:session): session closed for user rubyman
May  7 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345220.
May  7 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session closed for user root
May  7 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22904]: pam_unix(cron:session): session closed for user samftp
May  7 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21656]: pam_unix(cron:session): session closed for user root
May  7 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: Invalid user cse from 14.103.127.58
May  7 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: input_userauth_request: invalid user cse [preauth]
May  7 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58
May  7 06:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: Failed password for invalid user cse from 14.103.127.58 port 51028 ssh2
May  7 06:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: Received disconnect from 14.103.127.58 port 51028:11: Bye Bye [preauth]
May  7 06:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: Disconnected from 14.103.127.58 port 51028 [preauth]
May  7 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23442]: pam_unix(cron:session): session closed for user p13x
May  7 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23504]: Successful su for rubyman by root
May  7 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23504]: + ??? root:rubyman
May  7 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345226 of user rubyman.
May  7 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23504]: pam_unix(su:session): session closed for user rubyman
May  7 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345226.
May  7 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20368]: pam_unix(cron:session): session closed for user root
May  7 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23443]: pam_unix(cron:session): session closed for user samftp
May  7 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22438]: pam_unix(cron:session): session closed for user root
May  7 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: Invalid user abubakari from 112.217.207.28
May  7 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: input_userauth_request: invalid user abubakari [preauth]
May  7 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: Failed password for invalid user abubakari from 112.217.207.28 port 46352 ssh2
May  7 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: Received disconnect from 112.217.207.28 port 46352:11: Bye Bye [preauth]
May  7 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23876]: Disconnected from 112.217.207.28 port 46352 [preauth]
May  7 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Invalid user asingh1 from 64.226.100.253
May  7 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: input_userauth_request: invalid user asingh1 [preauth]
May  7 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Failed password for invalid user asingh1 from 64.226.100.253 port 50914 ssh2
May  7 06:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23888]: Connection closed by 64.226.100.253 port 50914 [preauth]
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23956]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23955]: pam_unix(cron:session): session closed for user p13x
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24030]: Successful su for rubyman by root
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24030]: + ??? root:rubyman
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345229 of user rubyman.
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24030]: pam_unix(su:session): session closed for user rubyman
May  7 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345229.
May  7 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20768]: pam_unix(cron:session): session closed for user root
May  7 06:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23956]: pam_unix(cron:session): session closed for user samftp
May  7 06:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22908]: pam_unix(cron:session): session closed for user root
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24390]: pam_unix(cron:session): session closed for user root
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24385]: pam_unix(cron:session): session closed for user p13x
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24466]: Successful su for rubyman by root
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24466]: + ??? root:rubyman
May  7 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345233 of user rubyman.
May  7 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24466]: pam_unix(su:session): session closed for user rubyman
May  7 06:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345233.
May  7 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session closed for user root
May  7 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21193]: pam_unix(cron:session): session closed for user root
May  7 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user samftp
May  7 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user root
May  7 06:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Failed password for root from 218.92.0.179 port 18253 ssh2
May  7 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18253 ssh2]
May  7 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Received disconnect from 218.92.0.179 port 18253:11:  [preauth]
May  7 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: Disconnected from 218.92.0.179 port 18253 [preauth]
May  7 06:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24788]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Invalid user oracle from 50.235.31.47
May  7 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: input_userauth_request: invalid user oracle [preauth]
May  7 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24841]: pam_unix(cron:session): session closed for user p13x
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Failed password for invalid user oracle from 50.235.31.47 port 34926 ssh2
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24921]: Successful su for rubyman by root
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24921]: + ??? root:rubyman
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345239 of user rubyman.
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24921]: pam_unix(su:session): session closed for user rubyman
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345239.
May  7 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Connection closed by 50.235.31.47 port 34926 [preauth]
May  7 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21646]: pam_unix(cron:session): session closed for user root
May  7 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24842]: pam_unix(cron:session): session closed for user samftp
May  7 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23958]: pam_unix(cron:session): session closed for user root
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session closed for user p13x
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: Successful su for rubyman by root
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: + ??? root:rubyman
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345245 of user rubyman.
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25331]: pam_unix(su:session): session closed for user rubyman
May  7 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345245.
May  7 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22436]: pam_unix(cron:session): session closed for user root
May  7 06:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session closed for user samftp
May  7 06:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user root
May  7 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Invalid user node from 64.23.161.151
May  7 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: input_userauth_request: invalid user node [preauth]
May  7 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for invalid user node from 64.23.161.151 port 50234 ssh2
May  7 06:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Connection closed by 64.23.161.151 port 50234 [preauth]
May  7 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25721]: pam_unix(cron:session): session closed for user p13x
May  7 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: Successful su for rubyman by root
May  7 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: + ??? root:rubyman
May  7 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345247 of user rubyman.
May  7 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25798]: pam_unix(su:session): session closed for user rubyman
May  7 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345247.
May  7 06:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22905]: pam_unix(cron:session): session closed for user root
May  7 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25722]: pam_unix(cron:session): session closed for user samftp
May  7 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24844]: pam_unix(cron:session): session closed for user root
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26169]: pam_unix(cron:session): session closed for user p13x
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26228]: Successful su for rubyman by root
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26228]: + ??? root:rubyman
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345250 of user rubyman.
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26228]: pam_unix(su:session): session closed for user rubyman
May  7 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345250.
May  7 06:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Invalid user xt from 112.217.207.28
May  7 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: input_userauth_request: invalid user xt [preauth]
May  7 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: pam_unix(sshd:auth): check pass; user unknown
May  7 06:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user root
May  7 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Failed password for invalid user xt from 112.217.207.28 port 51494 ssh2
May  7 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Received disconnect from 112.217.207.28 port 51494:11: Bye Bye [preauth]
May  7 06:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Disconnected from 112.217.207.28 port 51494 [preauth]
May  7 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26170]: pam_unix(cron:session): session closed for user samftp
May  7 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25272]: pam_unix(cron:session): session closed for user root
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26650]: pam_unix(cron:session): session closed for user root
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user root
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26643]: pam_unix(cron:session): session closed for user p13x
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: Successful su for rubyman by root
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: + ??? root:rubyman
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345254 of user rubyman.
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26747]: pam_unix(su:session): session closed for user rubyman
May  7 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345254.
May  7 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user root
May  7 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23957]: pam_unix(cron:session): session closed for user root
May  7 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26644]: pam_unix(cron:session): session closed for user samftp
May  7 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: Invalid user asrahma1 from 64.226.100.253
May  7 07:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: input_userauth_request: invalid user asrahma1 [preauth]
May  7 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: Failed password for invalid user asrahma1 from 64.226.100.253 port 58440 ssh2
May  7 07:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27059]: Connection closed by 64.226.100.253 port 58440 [preauth]
May  7 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25724]: pam_unix(cron:session): session closed for user root
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27235]: pam_unix(cron:session): session closed for user p13x
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: Successful su for rubyman by root
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: + ??? root:rubyman
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345262 of user rubyman.
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27307]: pam_unix(su:session): session closed for user rubyman
May  7 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345262.
May  7 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Invalid user admin from 80.94.95.125
May  7 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: input_userauth_request: invalid user admin [preauth]
May  7 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user root
May  7 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user admin from 80.94.95.125 port 27766 ssh2
May  7 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session closed for user samftp
May  7 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user admin from 80.94.95.125 port 27766 ssh2
May  7 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user admin from 80.94.95.125 port 27766 ssh2
May  7 07:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user admin from 80.94.95.125 port 27766 ssh2
May  7 07:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Failed password for invalid user admin from 80.94.95.125 port 27766 ssh2
May  7 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Received disconnect from 80.94.95.125 port 27766:11: Bye [preauth]
May  7 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: Disconnected from 80.94.95.125 port 27766 [preauth]
May  7 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 07:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27334]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.72.52.28  user=root
May  7 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Failed password for root from 117.72.52.28 port 31836 ssh2
May  7 07:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27588]: Connection closed by 117.72.52.28 port 31836 [preauth]
May  7 07:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: Invalid user test from 85.208.84.4
May  7 07:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: input_userauth_request: invalid user test [preauth]
May  7 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: Failed password for invalid user test from 85.208.84.4 port 56432 ssh2
May  7 07:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27601]: Connection closed by 85.208.84.4 port 56432 [preauth]
May  7 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26172]: pam_unix(cron:session): session closed for user root
May  7 07:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: Invalid user christine from 103.189.208.13
May  7 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: input_userauth_request: invalid user christine [preauth]
May  7 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: Failed password for invalid user christine from 103.189.208.13 port 43406 ssh2
May  7 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: Received disconnect from 103.189.208.13 port 43406:11: Bye Bye [preauth]
May  7 07:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27686]: Disconnected from 103.189.208.13 port 43406 [preauth]
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27715]: pam_unix(cron:session): session closed for user p13x
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27777]: Successful su for rubyman by root
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27777]: + ??? root:rubyman
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345266 of user rubyman.
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27777]: pam_unix(su:session): session closed for user rubyman
May  7 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345266.
May  7 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24843]: pam_unix(cron:session): session closed for user root
May  7 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27716]: pam_unix(cron:session): session closed for user samftp
May  7 07:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Invalid user asad from 14.103.127.58
May  7 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: input_userauth_request: invalid user asad [preauth]
May  7 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58
May  7 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Failed password for invalid user asad from 14.103.127.58 port 55574 ssh2
May  7 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Received disconnect from 14.103.127.58 port 55574:11: Bye Bye [preauth]
May  7 07:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Disconnected from 14.103.127.58 port 55574 [preauth]
May  7 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user root
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session closed for user p13x
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: Successful su for rubyman by root
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: + ??? root:rubyman
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345272 of user rubyman.
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28183]: pam_unix(su:session): session closed for user rubyman
May  7 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345272.
May  7 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session closed for user root
May  7 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28119]: pam_unix(cron:session): session closed for user samftp
May  7 07:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: Invalid user testuser1 from 14.103.127.58
May  7 07:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: input_userauth_request: invalid user testuser1 [preauth]
May  7 07:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58
May  7 07:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: Failed password for invalid user testuser1 from 14.103.127.58 port 53238 ssh2
May  7 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: Received disconnect from 14.103.127.58 port 53238:11: Bye Bye [preauth]
May  7 07:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28435]: Disconnected from 14.103.127.58 port 53238 [preauth]
May  7 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session closed for user root
May  7 07:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: Invalid user hive from 117.72.52.28
May  7 07:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: input_userauth_request: invalid user hive [preauth]
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.72.52.28
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28538]: pam_unix(cron:session): session closed for user p13x
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28599]: Successful su for rubyman by root
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28599]: + ??? root:rubyman
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345274 of user rubyman.
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28599]: pam_unix(su:session): session closed for user rubyman
May  7 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345274.
May  7 07:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: Failed password for invalid user hive from 117.72.52.28 port 37848 ssh2
May  7 07:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28522]: Connection closed by 117.72.52.28 port 37848 [preauth]
May  7 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25723]: pam_unix(cron:session): session closed for user root
May  7 07:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28539]: pam_unix(cron:session): session closed for user samftp
May  7 07:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: Invalid user esroot from 117.72.52.28
May  7 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: input_userauth_request: invalid user esroot [preauth]
May  7 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.72.52.28
May  7 07:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: Failed password for invalid user esroot from 117.72.52.28 port 20010 ssh2
May  7 07:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28796]: Connection closed by 117.72.52.28 port 20010 [preauth]
May  7 07:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Invalid user user from 117.72.52.28
May  7 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: input_userauth_request: invalid user user [preauth]
May  7 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.72.52.28
May  7 07:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Failed password for invalid user user from 117.72.52.28 port 15952 ssh2
May  7 07:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28838]: Connection closed by 117.72.52.28 port 15952 [preauth]
May  7 07:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Invalid user hadoop from 117.72.52.28
May  7 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: input_userauth_request: invalid user hadoop [preauth]
May  7 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.72.52.28
May  7 07:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27719]: pam_unix(cron:session): session closed for user root
May  7 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for invalid user hadoop from 117.72.52.28 port 40832 ssh2
May  7 07:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Connection closed by 117.72.52.28 port 40832 [preauth]
May  7 07:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28510]: Connection closed by 117.72.52.28 port 37832 [preauth]
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Invalid user dodo from 14.103.127.58
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: input_userauth_request: invalid user dodo [preauth]
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28866]: Connection closed by 117.72.52.28 port 40822 [preauth]
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28840]: Connection closed by 117.72.52.28 port 15968 [preauth]
May  7 07:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28879]: Connection closed by 117.72.52.28 port 40834 [preauth]
May  7 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Failed password for invalid user dodo from 14.103.127.58 port 33364 ssh2
May  7 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Received disconnect from 14.103.127.58 port 33364:11: Bye Bye [preauth]
May  7 07:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Disconnected from 14.103.127.58 port 33364 [preauth]
May  7 07:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Invalid user amax from 112.217.207.28
May  7 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: input_userauth_request: invalid user amax [preauth]
May  7 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Failed password for invalid user amax from 112.217.207.28 port 54568 ssh2
May  7 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Received disconnect from 112.217.207.28 port 54568:11: Bye Bye [preauth]
May  7 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28919]: Disconnected from 112.217.207.28 port 54568 [preauth]
May  7 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28764]: Connection closed by 117.72.52.28 port 19986 [preauth]
May  7 07:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28659]: Connection closed by 117.72.52.28 port 28162 [preauth]
May  7 07:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28795]: Connection closed by 117.72.52.28 port 20006 [preauth]
May  7 07:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28798]: Connection closed by 117.72.52.28 port 20022 [preauth]
May  7 07:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28786]: Connection closed by 117.72.52.28 port 19998 [preauth]
May  7 07:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28823]: Connection closed by 117.72.52.28 port 15916 [preauth]
May  7 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28836]: Connection closed by 117.72.52.28 port 15948 [preauth]
May  7 07:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28825]: Connection closed by 117.72.52.28 port 15932 [preauth]
May  7 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28864]: Connection closed by 117.72.52.28 port 40808 [preauth]
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28986]: pam_unix(cron:session): session closed for user root
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session closed for user p13x
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: Successful su for rubyman by root
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: + ??? root:rubyman
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345277 of user rubyman.
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29145]: pam_unix(su:session): session closed for user rubyman
May  7 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345277.
May  7 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28983]: pam_unix(cron:session): session closed for user root
May  7 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26171]: pam_unix(cron:session): session closed for user root
May  7 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session closed for user samftp
May  7 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151  user=root
May  7 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29429]: Failed password for root from 64.23.161.151 port 35326 ssh2
May  7 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29429]: Connection closed by 64.23.161.151 port 35326 [preauth]
May  7 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28121]: pam_unix(cron:session): session closed for user root
May  7 07:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58  user=root
May  7 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Failed password for root from 14.103.127.58 port 48840 ssh2
May  7 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Received disconnect from 14.103.127.58 port 48840:11: Bye Bye [preauth]
May  7 07:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29494]: Disconnected from 14.103.127.58 port 48840 [preauth]
May  7 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29523]: pam_unix(cron:session): session closed for user p13x
May  7 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29594]: Successful su for rubyman by root
May  7 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29594]: + ??? root:rubyman
May  7 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345284 of user rubyman.
May  7 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29594]: pam_unix(su:session): session closed for user rubyman
May  7 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345284.
May  7 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user root
May  7 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29524]: pam_unix(cron:session): session closed for user samftp
May  7 07:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for root from 218.92.0.179 port 56108 ssh2
May  7 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28541]: pam_unix(cron:session): session closed for user root
May  7 07:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for root from 218.92.0.179 port 56108 ssh2
May  7 07:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for root from 218.92.0.179 port 56108 ssh2
May  7 07:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29936]: pam_unix(cron:session): session closed for user p13x
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30001]: Successful su for rubyman by root
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30001]: + ??? root:rubyman
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345288 of user rubyman.
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30001]: pam_unix(su:session): session closed for user rubyman
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345288.
May  7 07:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29931]: Connection closed by 14.103.127.58 port 53622 [preauth]
May  7 07:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session closed for user root
May  7 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Invalid user asrahma1 from 64.226.100.253
May  7 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: input_userauth_request: invalid user asrahma1 [preauth]
May  7 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Failed password for invalid user asrahma1 from 64.226.100.253 port 60698 ssh2
May  7 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29937]: pam_unix(cron:session): session closed for user samftp
May  7 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30121]: Connection closed by 64.226.100.253 port 60698 [preauth]
May  7 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28985]: pam_unix(cron:session): session closed for user root
May  7 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30327]: pam_unix(cron:session): session closed for user p13x
May  7 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30391]: Successful su for rubyman by root
May  7 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30391]: + ??? root:rubyman
May  7 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345291 of user rubyman.
May  7 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30391]: pam_unix(su:session): session closed for user rubyman
May  7 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345291.
May  7 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27718]: pam_unix(cron:session): session closed for user root
May  7 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30328]: pam_unix(cron:session): session closed for user samftp
May  7 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Connection closed by 14.103.127.58 port 37512 [preauth]
May  7 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29526]: pam_unix(cron:session): session closed for user root
May  7 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30733]: pam_unix(cron:session): session closed for user p13x
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30850]: Successful su for rubyman by root
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30850]: + ??? root:rubyman
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345295 of user rubyman.
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30850]: pam_unix(su:session): session closed for user rubyman
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345295.
May  7 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session closed for user root
May  7 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28120]: pam_unix(cron:session): session closed for user root
May  7 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30734]: pam_unix(cron:session): session closed for user samftp
May  7 07:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58  user=root
May  7 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for root from 14.103.127.58 port 47096 ssh2
May  7 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Received disconnect from 14.103.127.58 port 47096:11: Bye Bye [preauth]
May  7 07:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Disconnected from 14.103.127.58 port 47096 [preauth]
May  7 07:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29939]: pam_unix(cron:session): session closed for user root
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user root
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31325]: pam_unix(cron:session): session closed for user p13x
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31394]: Successful su for rubyman by root
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31394]: + ??? root:rubyman
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345303 of user rubyman.
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31394]: pam_unix(su:session): session closed for user rubyman
May  7 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345303.
May  7 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user root
May  7 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28540]: pam_unix(cron:session): session closed for user root
May  7 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Invalid user cubrid from 112.217.207.28
May  7 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: input_userauth_request: invalid user cubrid [preauth]
May  7 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session closed for user samftp
May  7 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Failed password for invalid user cubrid from 112.217.207.28 port 37490 ssh2
May  7 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Received disconnect from 112.217.207.28 port 37490:11: Bye Bye [preauth]
May  7 07:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31595]: Disconnected from 112.217.207.28 port 37490 [preauth]
May  7 07:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user ansible from 14.103.127.58
May  7 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user ansible [preauth]
May  7 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.58
May  7 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user ansible from 14.103.127.58 port 37934 ssh2
May  7 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Received disconnect from 14.103.127.58 port 37934:11: Bye Bye [preauth]
May  7 07:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Disconnected from 14.103.127.58 port 37934 [preauth]
May  7 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session closed for user root
May  7 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session closed for user p13x
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31855]: Successful su for rubyman by root
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31855]: + ??? root:rubyman
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345306 of user rubyman.
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31855]: pam_unix(su:session): session closed for user rubyman
May  7 07:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345306.
May  7 07:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28984]: pam_unix(cron:session): session closed for user root
May  7 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session closed for user samftp
May  7 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user root
May  7 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32503]: pam_unix(cron:session): session closed for user p13x
May  7 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: Successful su for rubyman by root
May  7 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: + ??? root:rubyman
May  7 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345311 of user rubyman.
May  7 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32575]: pam_unix(su:session): session closed for user rubyman
May  7 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345311.
May  7 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29525]: pam_unix(cron:session): session closed for user root
May  7 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32504]: pam_unix(cron:session): session closed for user samftp
May  7 07:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Invalid user ubnt from 80.94.95.116
May  7 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: input_userauth_request: invalid user ubnt [preauth]
May  7 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Failed password for invalid user ubnt from 80.94.95.116 port 23366 ssh2
May  7 07:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Connection closed by 80.94.95.116 port 23366 [preauth]
May  7 07:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Invalid user caja from 103.189.208.13
May  7 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: input_userauth_request: invalid user caja [preauth]
May  7 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Failed password for invalid user caja from 103.189.208.13 port 50002 ssh2
May  7 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Received disconnect from 103.189.208.13 port 50002:11: Bye Bye [preauth]
May  7 07:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Disconnected from 103.189.208.13 port 50002 [preauth]
May  7 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user root
May  7 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[632]: pam_unix(cron:session): session closed for user p13x
May  7 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[710]: Successful su for rubyman by root
May  7 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[710]: + ??? root:rubyman
May  7 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[710]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345315 of user rubyman.
May  7 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[710]: pam_unix(su:session): session closed for user rubyman
May  7 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345315.
May  7 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29938]: pam_unix(cron:session): session closed for user root
May  7 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[635]: pam_unix(cron:session): session closed for user samftp
May  7 07:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Invalid user admin from 80.94.95.112
May  7 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: input_userauth_request: invalid user admin [preauth]
May  7 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for invalid user admin from 80.94.95.112 port 12246 ssh2
May  7 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for invalid user admin from 80.94.95.112 port 12246 ssh2
May  7 07:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for invalid user admin from 80.94.95.112 port 12246 ssh2
May  7 07:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for invalid user admin from 80.94.95.112 port 12246 ssh2
May  7 07:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: Invalid user ps from 64.23.161.151
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: input_userauth_request: invalid user ps [preauth]
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Failed password for invalid user admin from 80.94.95.112 port 12246 ssh2
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Received disconnect from 80.94.95.112 port 12246:11: Bye [preauth]
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: Disconnected from 80.94.95.112 port 12246 [preauth]
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 07:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[917]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: Failed password for invalid user ps from 64.23.161.151 port 38888 ssh2
May  7 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[962]: Connection closed by 64.23.161.151 port 38888 [preauth]
May  7 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session closed for user root
May  7 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Invalid user asrahma1 from 64.226.100.253
May  7 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: input_userauth_request: invalid user asrahma1 [preauth]
May  7 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Failed password for invalid user asrahma1 from 64.226.100.253 port 45366 ssh2
May  7 07:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1097]: Connection closed by 64.226.100.253 port 45366 [preauth]
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1109]: pam_unix(cron:session): session closed for user p13x
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: Successful su for rubyman by root
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: + ??? root:rubyman
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345318 of user rubyman.
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1177]: pam_unix(su:session): session closed for user rubyman
May  7 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345318.
May  7 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30329]: pam_unix(cron:session): session closed for user root
May  7 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1110]: pam_unix(cron:session): session closed for user samftp
May  7 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32507]: pam_unix(cron:session): session closed for user root
May  7 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Invalid user myftp from 223.68.169.181
May  7 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: input_userauth_request: invalid user myftp [preauth]
May  7 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181
May  7 07:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Failed password for invalid user myftp from 223.68.169.181 port 55878 ssh2
May  7 07:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Received disconnect from 223.68.169.181 port 55878:11: Bye Bye [preauth]
May  7 07:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1572]: Disconnected from 223.68.169.181 port 55878 [preauth]
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1590]: pam_unix(cron:session): session closed for user root
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1584]: pam_unix(cron:session): session closed for user p13x
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: Successful su for rubyman by root
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: + ??? root:rubyman
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345324 of user rubyman.
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1662]: pam_unix(su:session): session closed for user rubyman
May  7 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345324.
May  7 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session closed for user root
May  7 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1587]: pam_unix(cron:session): session closed for user root
May  7 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1586]: pam_unix(cron:session): session closed for user samftp
May  7 07:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Failed password for root from 218.92.0.179 port 52502 ssh2
May  7 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Failed password for root from 218.92.0.179 port 52502 ssh2
May  7 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Invalid user bitnami from 112.217.207.28
May  7 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: input_userauth_request: invalid user bitnami [preauth]
May  7 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Failed password for root from 218.92.0.179 port 52502 ssh2
May  7 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Received disconnect from 218.92.0.179 port 52502:11:  [preauth]
May  7 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: Disconnected from 218.92.0.179 port 52502 [preauth]
May  7 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1981]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Failed password for invalid user bitnami from 112.217.207.28 port 51670 ssh2
May  7 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Received disconnect from 112.217.207.28 port 51670:11: Bye Bye [preauth]
May  7 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2035]: Disconnected from 112.217.207.28 port 51670 [preauth]
May  7 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[637]: pam_unix(cron:session): session closed for user root
May  7 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session closed for user p13x
May  7 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2220]: Successful su for rubyman by root
May  7 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2220]: + ??? root:rubyman
May  7 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345331 of user rubyman.
May  7 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2220]: pam_unix(su:session): session closed for user rubyman
May  7 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345331.
May  7 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31328]: pam_unix(cron:session): session closed for user root
May  7 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session closed for user samftp
May  7 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1112]: pam_unix(cron:session): session closed for user root
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session closed for user root
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2595]: pam_unix(cron:session): session closed for user p13x
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2659]: Successful su for rubyman by root
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2659]: + ??? root:rubyman
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345333 of user rubyman.
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2659]: pam_unix(su:session): session closed for user rubyman
May  7 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345333.
May  7 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session closed for user root
May  7 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2596]: pam_unix(cron:session): session closed for user samftp
May  7 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1589]: pam_unix(cron:session): session closed for user root
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3017]: pam_unix(cron:session): session closed for user p13x
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3096]: Successful su for rubyman by root
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3096]: + ??? root:rubyman
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345338 of user rubyman.
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3096]: pam_unix(su:session): session closed for user rubyman
May  7 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345338.
May  7 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32505]: pam_unix(cron:session): session closed for user root
May  7 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3020]: pam_unix(cron:session): session closed for user samftp
May  7 07:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13  user=root
May  7 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Failed password for root from 103.189.208.13 port 40242 ssh2
May  7 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Received disconnect from 103.189.208.13 port 40242:11: Bye Bye [preauth]
May  7 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3284]: Disconnected from 103.189.208.13 port 40242 [preauth]
May  7 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2151]: pam_unix(cron:session): session closed for user root
May  7 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  7 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Failed password for root from 218.92.0.211 port 55270 ssh2
May  7 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session closed for user p13x
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: Successful su for rubyman by root
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: + ??? root:rubyman
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345342 of user rubyman.
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: pam_unix(su:session): session closed for user rubyman
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345342.
May  7 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Failed password for root from 218.92.0.211 port 55270 ssh2
May  7 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[636]: pam_unix(cron:session): session closed for user root
May  7 07:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Failed password for root from 218.92.0.211 port 55270 ssh2
May  7 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3459]: pam_unix(cron:session): session closed for user samftp
May  7 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Failed password for root from 218.92.0.211 port 55270 ssh2
May  7 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Failed password for root from 218.92.0.211 port 55270 ssh2
May  7 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 55270 ssh2 [preauth]
May  7 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Disconnecting: Too many authentication failures [preauth]
May  7 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  7 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  7 07:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Failed password for root from 218.92.0.211 port 63984 ssh2
May  7 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: message repeated 4 times: [ Failed password for root from 218.92.0.211 port 63984 ssh2]
May  7 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2598]: pam_unix(cron:session): session closed for user root
May  7 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Failed password for root from 218.92.0.211 port 63984 ssh2
May  7 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 63984 ssh2 [preauth]
May  7 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: Disconnecting: Too many authentication failures [preauth]
May  7 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  7 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3760]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 07:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3895]: pam_unix(cron:session): session closed for user root
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3890]: pam_unix(cron:session): session closed for user p13x
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3999]: Successful su for rubyman by root
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3999]: + ??? root:rubyman
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345348 of user rubyman.
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3999]: pam_unix(su:session): session closed for user rubyman
May  7 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345348.
May  7 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3892]: pam_unix(cron:session): session closed for user root
May  7 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1111]: pam_unix(cron:session): session closed for user root
May  7 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: Invalid user M from 195.178.110.50
May  7 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: input_userauth_request: invalid user M [preauth]
May  7 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3891]: pam_unix(cron:session): session closed for user samftp
May  7 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: Failed password for invalid user M from 195.178.110.50 port 33222 ssh2
May  7 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3865]: Connection closed by 195.178.110.50 port 33222 [preauth]
May  7 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Invalid user Z from 195.178.110.50
May  7 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: input_userauth_request: invalid user Z [preauth]
May  7 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Failed password for invalid user Z from 195.178.110.50 port 17602 ssh2
May  7 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4207]: Connection closed by 195.178.110.50 port 17602 [preauth]
May  7 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session closed for user root
May  7 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Invalid user asunkara from 64.226.100.253
May  7 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: input_userauth_request: invalid user asunkara [preauth]
May  7 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Invalid user g from 195.178.110.50
May  7 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: input_userauth_request: invalid user g [preauth]
May  7 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Failed password for invalid user asunkara from 64.226.100.253 port 36260 ssh2
May  7 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Connection closed by 64.226.100.253 port 36260 [preauth]
May  7 07:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Failed password for invalid user g from 195.178.110.50 port 45570 ssh2
May  7 07:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4418]: Connection closed by 195.178.110.50 port 45570 [preauth]
May  7 07:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Invalid user oriol from 112.217.207.28
May  7 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: input_userauth_request: invalid user oriol [preauth]
May  7 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Failed password for invalid user oriol from 112.217.207.28 port 58244 ssh2
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4528]: pam_unix(cron:session): session closed for user p13x
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Received disconnect from 112.217.207.28 port 58244:11: Bye Bye [preauth]
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4515]: Disconnected from 112.217.207.28 port 58244 [preauth]
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: Successful su for rubyman by root
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: + ??? root:rubyman
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345351 of user rubyman.
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4603]: pam_unix(su:session): session closed for user rubyman
May  7 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345351.
May  7 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4529]: pam_unix(cron:session): session closed for user samftp
May  7 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1588]: pam_unix(cron:session): session closed for user root
May  7 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Invalid user t from 195.178.110.50
May  7 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: input_userauth_request: invalid user t [preauth]
May  7 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151  user=root
May  7 07:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Failed password for invalid user t from 195.178.110.50 port 46702 ssh2
May  7 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Failed password for root from 64.23.161.151 port 46238 ssh2
May  7 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4788]: Connection closed by 64.23.161.151 port 46238 [preauth]
May  7 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4500]: Connection closed by 195.178.110.50 port 46702 [preauth]
May  7 07:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Invalid user # from 195.178.110.50
May  7 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: input_userauth_request: invalid user # [preauth]
May  7 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 07:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Failed password for invalid user # from 195.178.110.50 port 14662 ssh2
May  7 07:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3461]: pam_unix(cron:session): session closed for user root
May  7 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4819]: Connection closed by 195.178.110.50 port 14662 [preauth]
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4963]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session closed for user p13x
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5207]: Successful su for rubyman by root
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5207]: + ??? root:rubyman
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345356 of user rubyman.
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5207]: pam_unix(su:session): session closed for user rubyman
May  7 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345356.
May  7 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2150]: pam_unix(cron:session): session closed for user root
May  7 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4963]: pam_unix(cron:session): session closed for user samftp
May  7 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Failed password for root from 218.92.0.179 port 53005 ssh2
May  7 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 53005 ssh2]
May  7 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Received disconnect from 218.92.0.179 port 53005:11:  [preauth]
May  7 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Disconnected from 218.92.0.179 port 53005 [preauth]
May  7 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: Invalid user admin from 80.94.95.116
May  7 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: input_userauth_request: invalid user admin [preauth]
May  7 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: Failed password for invalid user admin from 80.94.95.116 port 21534 ssh2
May  7 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5435]: Connection closed by 80.94.95.116 port 21534 [preauth]
May  7 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3894]: pam_unix(cron:session): session closed for user root
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user p13x
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: Successful su for rubyman by root
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: + ??? root:rubyman
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345359 of user rubyman.
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: pam_unix(su:session): session closed for user rubyman
May  7 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345359.
May  7 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2597]: pam_unix(cron:session): session closed for user root
May  7 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session closed for user samftp
May  7 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4532]: pam_unix(cron:session): session closed for user root
May  7 07:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Invalid user sasaki from 103.189.208.13
May  7 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: input_userauth_request: invalid user sasaki [preauth]
May  7 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Failed password for invalid user sasaki from 103.189.208.13 port 47894 ssh2
May  7 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Received disconnect from 103.189.208.13 port 47894:11: Bye Bye [preauth]
May  7 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6094]: Disconnected from 103.189.208.13 port 47894 [preauth]
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6132]: pam_unix(cron:session): session closed for user p13x
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: Successful su for rubyman by root
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: + ??? root:rubyman
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345364 of user rubyman.
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6194]: pam_unix(su:session): session closed for user rubyman
May  7 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345364.
May  7 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3021]: pam_unix(cron:session): session closed for user root
May  7 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session closed for user samftp
May  7 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session closed for user root
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6528]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session closed for user root
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6528]: pam_unix(cron:session): session closed for user p13x
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6595]: Successful su for rubyman by root
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6595]: + ??? root:rubyman
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345371 of user rubyman.
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6595]: pam_unix(su:session): session closed for user rubyman
May  7 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345371.
May  7 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6530]: pam_unix(cron:session): session closed for user root
May  7 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3460]: pam_unix(cron:session): session closed for user root
May  7 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6529]: pam_unix(cron:session): session closed for user samftp
May  7 07:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Invalid user admin from 80.94.95.241
May  7 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: input_userauth_request: invalid user admin [preauth]
May  7 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for invalid user admin from 80.94.95.241 port 54894 ssh2
May  7 07:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for invalid user admin from 80.94.95.241 port 54894 ssh2
May  7 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for invalid user admin from 80.94.95.241 port 54894 ssh2
May  7 07:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for invalid user admin from 80.94.95.241 port 54894 ssh2
May  7 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Failed password for invalid user admin from 80.94.95.241 port 54894 ssh2
May  7 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Received disconnect from 80.94.95.241 port 54894:11: Bye [preauth]
May  7 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: Disconnected from 80.94.95.241 port 54894 [preauth]
May  7 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6825]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5615]: pam_unix(cron:session): session closed for user root
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session closed for user p13x
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: Successful su for rubyman by root
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: + ??? root:rubyman
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345375 of user rubyman.
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7148]: pam_unix(su:session): session closed for user rubyman
May  7 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345375.
May  7 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3893]: pam_unix(cron:session): session closed for user root
May  7 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7065]: pam_unix(cron:session): session closed for user samftp
May  7 07:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Invalid user riccardo from 112.217.207.28
May  7 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: input_userauth_request: invalid user riccardo [preauth]
May  7 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Failed password for invalid user riccardo from 112.217.207.28 port 36458 ssh2
May  7 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session closed for user root
May  7 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Received disconnect from 112.217.207.28 port 36458:11: Bye Bye [preauth]
May  7 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Disconnected from 112.217.207.28 port 36458 [preauth]
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session closed for user p13x
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: Successful su for rubyman by root
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: + ??? root:rubyman
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345377 of user rubyman.
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7643]: pam_unix(su:session): session closed for user rubyman
May  7 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345377.
May  7 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4531]: pam_unix(cron:session): session closed for user root
May  7 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user samftp
May  7 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7888]: Connection closed by 46.244.96.25 port 36182 [preauth]
May  7 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7913]: Connection closed by 46.244.96.25 port 37320 [preauth]
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Invalid user oraprod from 46.244.96.25
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: input_userauth_request: invalid user oraprod [preauth]
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: Invalid user baofenye from 64.226.100.253
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: input_userauth_request: invalid user baofenye [preauth]
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user root
May  7 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Failed password for invalid user oraprod from 46.244.96.25 port 37324 ssh2
May  7 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: Connection closed by 46.244.96.25 port 37324 [preauth]
May  7 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: Failed password for invalid user baofenye from 64.226.100.253 port 53700 ssh2
May  7 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7926]: Connection closed by 64.226.100.253 port 53700 [preauth]
May  7 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181  user=root
May  7 07:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Failed password for root from 223.68.169.181 port 56564 ssh2
May  7 07:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Received disconnect from 223.68.169.181 port 56564:11: Bye Bye [preauth]
May  7 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7959]: Disconnected from 223.68.169.181 port 56564 [preauth]
May  7 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8021]: pam_unix(cron:session): session closed for user p13x
May  7 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8085]: Successful su for rubyman by root
May  7 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8085]: + ??? root:rubyman
May  7 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345382 of user rubyman.
May  7 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8085]: pam_unix(su:session): session closed for user rubyman
May  7 07:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345382.
May  7 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session closed for user root
May  7 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session closed for user samftp
May  7 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7068]: pam_unix(cron:session): session closed for user root
May  7 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: Invalid user aaron from 64.23.161.151
May  7 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: input_userauth_request: invalid user aaron [preauth]
May  7 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: Failed password for invalid user aaron from 64.23.161.151 port 45722 ssh2
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8434]: Connection closed by 64.23.161.151 port 45722 [preauth]
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session closed for user p13x
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8515]: Successful su for rubyman by root
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8515]: + ??? root:rubyman
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345386 of user rubyman.
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8515]: pam_unix(su:session): session closed for user rubyman
May  7 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345386.
May  7 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session closed for user root
May  7 07:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session closed for user samftp
May  7 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Invalid user marketing from 103.189.208.13
May  7 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: input_userauth_request: invalid user marketing [preauth]
May  7 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Failed password for invalid user marketing from 103.189.208.13 port 54790 ssh2
May  7 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Received disconnect from 103.189.208.13 port 54790:11: Bye Bye [preauth]
May  7 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8774]: Disconnected from 103.189.208.13 port 54790 [preauth]
May  7 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7484]: pam_unix(cron:session): session closed for user root
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session closed for user root
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session closed for user p13x
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: Successful su for rubyman by root
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: + ??? root:rubyman
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345393 of user rubyman.
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: pam_unix(su:session): session closed for user rubyman
May  7 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345393.
May  7 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session closed for user root
May  7 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user root
May  7 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session closed for user samftp
May  7 07:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session closed for user root
May  7 07:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Failed password for root from 218.92.0.179 port 56889 ssh2
May  7 07:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9310]: Connection closed by 162.142.125.36 port 60964 [preauth]
May  7 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Failed password for root from 218.92.0.179 port 56889 ssh2
May  7 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Received disconnect from 218.92.0.179 port 56889:11:  [preauth]
May  7 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: Disconnected from 218.92.0.179 port 56889 [preauth]
May  7 07:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9353]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9435]: pam_unix(cron:session): session closed for user p13x
May  7 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9513]: Successful su for rubyman by root
May  7 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9513]: + ??? root:rubyman
May  7 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345397 of user rubyman.
May  7 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9513]: pam_unix(su:session): session closed for user rubyman
May  7 07:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345397.
May  7 07:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6531]: pam_unix(cron:session): session closed for user root
May  7 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session closed for user samftp
May  7 07:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session closed for user root
May  7 07:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Invalid user happy from 112.217.207.28
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: input_userauth_request: invalid user happy [preauth]
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9849]: pam_unix(cron:session): session closed for user p13x
May  7 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: Successful su for rubyman by root
May  7 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: + ??? root:rubyman
May  7 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345399 of user rubyman.
May  7 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9912]: pam_unix(su:session): session closed for user rubyman
May  7 07:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345399.
May  7 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Failed password for invalid user happy from 112.217.207.28 port 43184 ssh2
May  7 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Received disconnect from 112.217.207.28 port 43184:11: Bye Bye [preauth]
May  7 07:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Disconnected from 112.217.207.28 port 43184 [preauth]
May  7 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7066]: pam_unix(cron:session): session closed for user root
May  7 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9850]: pam_unix(cron:session): session closed for user samftp
May  7 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: Failed password for root from 218.92.0.179 port 61028 ssh2
May  7 07:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61028 ssh2]
May  7 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: Received disconnect from 218.92.0.179 port 61028:11:  [preauth]
May  7 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: Disconnected from 218.92.0.179 port 61028 [preauth]
May  7 07:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user root
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10331]: pam_unix(cron:session): session closed for user p13x
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10396]: Successful su for rubyman by root
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10396]: + ??? root:rubyman
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345403 of user rubyman.
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10396]: pam_unix(su:session): session closed for user rubyman
May  7 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345403.
May  7 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session closed for user root
May  7 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10333]: pam_unix(cron:session): session closed for user samftp
May  7 07:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9438]: pam_unix(cron:session): session closed for user root
May  7 07:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  7 07:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Failed password for root from 85.208.84.4 port 18030 ssh2
May  7 07:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10803]: Connection closed by 85.208.84.4 port 18030 [preauth]
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session closed for user p13x
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10875]: Successful su for rubyman by root
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10875]: + ??? root:rubyman
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345407 of user rubyman.
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10875]: pam_unix(su:session): session closed for user rubyman
May  7 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345407.
May  7 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session closed for user root
May  7 07:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session closed for user samftp
May  7 07:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: Failed password for root from 218.92.0.206 port 13330 ssh2
May  7 07:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 13330 ssh2]
May  7 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: Failed password for root from 218.92.0.206 port 13330 ssh2
May  7 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: Invalid user bavanick from 64.226.100.253
May  7 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: input_userauth_request: invalid user bavanick [preauth]
May  7 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: Failed password for invalid user bavanick from 64.226.100.253 port 34468 ssh2
May  7 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11089]: Connection closed by 64.226.100.253 port 34468 [preauth]
May  7 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: Failed password for root from 218.92.0.206 port 13330 ssh2
May  7 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 13330 ssh2 [preauth]
May  7 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: Disconnecting: Too many authentication failures [preauth]
May  7 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 07:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11008]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9853]: pam_unix(cron:session): session closed for user root
May  7 07:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Invalid user shilei from 103.189.208.13
May  7 07:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: input_userauth_request: invalid user shilei [preauth]
May  7 07:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Failed password for invalid user shilei from 103.189.208.13 port 35596 ssh2
May  7 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Received disconnect from 103.189.208.13 port 35596:11: Bye Bye [preauth]
May  7 07:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Disconnected from 103.189.208.13 port 35596 [preauth]
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11215]: pam_unix(cron:session): session closed for user root
May  7 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11210]: pam_unix(cron:session): session closed for user p13x
May  7 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11286]: Successful su for rubyman by root
May  7 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11286]: + ??? root:rubyman
May  7 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345413 of user rubyman.
May  7 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11286]: pam_unix(su:session): session closed for user rubyman
May  7 07:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345413.
May  7 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11212]: pam_unix(cron:session): session closed for user root
May  7 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user root
May  7 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11211]: pam_unix(cron:session): session closed for user samftp
May  7 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Invalid user isadmin from 164.68.105.9
May  7 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: input_userauth_request: invalid user isadmin [preauth]
May  7 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Failed password for invalid user isadmin from 164.68.105.9 port 33942 ssh2
May  7 07:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Connection closed by 164.68.105.9 port 33942 [preauth]
May  7 07:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Invalid user username from 115.231.78.11
May  7 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: input_userauth_request: invalid user username [preauth]
May  7 07:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Connection closed by 115.231.78.11 port 30000 [preauth]
May  7 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10335]: pam_unix(cron:session): session closed for user root
May  7 07:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11652]: pam_unix(cron:session): session closed for user p13x
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Invalid user admin from 80.94.95.125
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: input_userauth_request: invalid user admin [preauth]
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11719]: Successful su for rubyman by root
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11719]: + ??? root:rubyman
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345417 of user rubyman.
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11719]: pam_unix(su:session): session closed for user rubyman
May  7 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345417.
May  7 07:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user admin from 80.94.95.125 port 42071 ssh2
May  7 07:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user admin from 80.94.95.125 port 42071 ssh2
May  7 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user root
May  7 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11653]: pam_unix(cron:session): session closed for user samftp
May  7 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user admin from 80.94.95.125 port 42071 ssh2
May  7 07:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user admin from 80.94.95.125 port 42071 ssh2
May  7 07:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Failed password for invalid user admin from 80.94.95.125 port 42071 ssh2
May  7 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Received disconnect from 80.94.95.125 port 42071:11: Bye [preauth]
May  7 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: Disconnected from 80.94.95.125 port 42071 [preauth]
May  7 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 07:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11641]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10818]: pam_unix(cron:session): session closed for user root
May  7 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Invalid user adlt from 64.23.161.151
May  7 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: input_userauth_request: invalid user adlt [preauth]
May  7 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Failed password for invalid user adlt from 64.23.161.151 port 60084 ssh2
May  7 07:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12023]: Connection closed by 64.23.161.151 port 60084 [preauth]
May  7 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user p13x
May  7 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: Successful su for rubyman by root
May  7 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: + ??? root:rubyman
May  7 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345421 of user rubyman.
May  7 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12103]: pam_unix(su:session): session closed for user rubyman
May  7 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345421.
May  7 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session closed for user root
May  7 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session closed for user samftp
May  7 07:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Invalid user juan from 112.217.207.28
May  7 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: input_userauth_request: invalid user juan [preauth]
May  7 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Failed password for invalid user juan from 112.217.207.28 port 55846 ssh2
May  7 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Received disconnect from 112.217.207.28 port 55846:11: Bye Bye [preauth]
May  7 07:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12360]: Disconnected from 112.217.207.28 port 55846 [preauth]
May  7 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11214]: pam_unix(cron:session): session closed for user root
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session closed for user p13x
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: Successful su for rubyman by root
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: + ??? root:rubyman
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345427 of user rubyman.
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12504]: pam_unix(su:session): session closed for user rubyman
May  7 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345427.
May  7 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9852]: pam_unix(cron:session): session closed for user root
May  7 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session closed for user samftp
May  7 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11655]: pam_unix(cron:session): session closed for user root
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session closed for user p13x
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12950]: Successful su for rubyman by root
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12950]: + ??? root:rubyman
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345431 of user rubyman.
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12950]: pam_unix(su:session): session closed for user rubyman
May  7 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345431.
May  7 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12826]: pam_unix(cron:session): session closed for user root
May  7 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10334]: pam_unix(cron:session): session closed for user root
May  7 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session closed for user samftp
May  7 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12045]: pam_unix(cron:session): session closed for user root
May  7 07:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: Failed password for root from 190.103.202.7 port 54658 ssh2
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: Connection closed by 190.103.202.7 port 54658 [preauth]
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13330]: pam_unix(cron:session): session closed for user root
May  7 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13323]: pam_unix(cron:session): session closed for user p13x
May  7 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: Successful su for rubyman by root
May  7 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: + ??? root:rubyman
May  7 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345436 of user rubyman.
May  7 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: pam_unix(su:session): session closed for user rubyman
May  7 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345436.
May  7 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session closed for user root
May  7 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10817]: pam_unix(cron:session): session closed for user root
May  7 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session closed for user samftp
May  7 07:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181  user=root
May  7 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Failed password for root from 223.68.169.181 port 57206 ssh2
May  7 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Received disconnect from 223.68.169.181 port 57206:11: Bye Bye [preauth]
May  7 07:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13728]: Disconnected from 223.68.169.181 port 57206 [preauth]
May  7 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Invalid user admin from 103.189.208.13
May  7 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: input_userauth_request: invalid user admin [preauth]
May  7 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Failed password for invalid user admin from 103.189.208.13 port 53782 ssh2
May  7 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Received disconnect from 103.189.208.13 port 53782:11: Bye Bye [preauth]
May  7 07:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Disconnected from 103.189.208.13 port 53782 [preauth]
May  7 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user root
May  7 07:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Invalid user bcnguyen from 64.226.100.253
May  7 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: input_userauth_request: invalid user bcnguyen [preauth]
May  7 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Failed password for invalid user bcnguyen from 64.226.100.253 port 38484 ssh2
May  7 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Connection closed by 64.226.100.253 port 38484 [preauth]
May  7 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session closed for user p13x
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13932]: Successful su for rubyman by root
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13932]: + ??? root:rubyman
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345440 of user rubyman.
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13932]: pam_unix(su:session): session closed for user rubyman
May  7 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345440.
May  7 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11213]: pam_unix(cron:session): session closed for user root
May  7 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13863]: pam_unix(cron:session): session closed for user samftp
May  7 07:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session closed for user root
May  7 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session closed for user p13x
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: Successful su for rubyman by root
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: + ??? root:rubyman
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345444 of user rubyman.
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14328]: pam_unix(su:session): session closed for user rubyman
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345444.
May  7 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11654]: pam_unix(cron:session): session closed for user root
May  7 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Failed password for root from 218.92.0.179 port 49697 ssh2
May  7 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session closed for user samftp
May  7 07:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Failed password for root from 218.92.0.179 port 49697 ssh2
May  7 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Failed password for root from 218.92.0.179 port 49697 ssh2
May  7 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Received disconnect from 218.92.0.179 port 49697:11:  [preauth]
May  7 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Disconnected from 218.92.0.179 port 49697 [preauth]
May  7 07:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13329]: pam_unix(cron:session): session closed for user root
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14673]: pam_unix(cron:session): session closed for user p13x
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14733]: Successful su for rubyman by root
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14733]: + ??? root:rubyman
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14733]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345449 of user rubyman.
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14733]: pam_unix(su:session): session closed for user rubyman
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345449.
May  7 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Invalid user nishi from 112.217.207.28
May  7 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: input_userauth_request: invalid user nishi [preauth]
May  7 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Failed password for invalid user nishi from 112.217.207.28 port 45792 ssh2
May  7 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Received disconnect from 112.217.207.28 port 45792:11: Bye Bye [preauth]
May  7 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14759]: Disconnected from 112.217.207.28 port 45792 [preauth]
May  7 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12044]: pam_unix(cron:session): session closed for user root
May  7 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14674]: pam_unix(cron:session): session closed for user samftp
May  7 07:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Invalid user postgres from 14.103.114.20
May  7 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: input_userauth_request: invalid user postgres [preauth]
May  7 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13867]: pam_unix(cron:session): session closed for user root
May  7 07:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15003]: Failed password for invalid user postgres from 14.103.114.20 port 39966 ssh2
May  7 07:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15089]: pam_unix(cron:session): session closed for user p13x
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15149]: Successful su for rubyman by root
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15149]: + ??? root:rubyman
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345453 of user rubyman.
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15149]: pam_unix(su:session): session closed for user rubyman
May  7 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345453.
May  7 07:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session closed for user root
May  7 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15091]: pam_unix(cron:session): session closed for user samftp
May  7 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session closed for user root
May  7 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: Invalid user alex from 64.23.161.151
May  7 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: input_userauth_request: invalid user alex [preauth]
May  7 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: Failed password for invalid user alex from 64.23.161.151 port 38962 ssh2
May  7 07:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15432]: Connection closed by 64.23.161.151 port 38962 [preauth]
May  7 07:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  7 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Failed password for root from 80.94.95.116 port 31798 ssh2
May  7 07:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15463]: Connection closed by 80.94.95.116 port 31798 [preauth]
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15489]: pam_unix(cron:session): session closed for user root
May  7 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15484]: pam_unix(cron:session): session closed for user p13x
May  7 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: Successful su for rubyman by root
May  7 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: + ??? root:rubyman
May  7 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345457 of user rubyman.
May  7 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15552]: pam_unix(su:session): session closed for user rubyman
May  7 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345457.
May  7 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session closed for user root
May  7 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session closed for user root
May  7 07:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user samftp
May  7 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14676]: pam_unix(cron:session): session closed for user root
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session closed for user p13x
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15975]: Successful su for rubyman by root
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15975]: + ??? root:rubyman
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345463 of user rubyman.
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15975]: pam_unix(su:session): session closed for user rubyman
May  7 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345463.
May  7 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13327]: pam_unix(cron:session): session closed for user root
May  7 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15908]: pam_unix(cron:session): session closed for user samftp
May  7 07:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13  user=root
May  7 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Failed password for root from 103.189.208.13 port 58044 ssh2
May  7 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Received disconnect from 103.189.208.13 port 58044:11: Bye Bye [preauth]
May  7 07:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16151]: Disconnected from 103.189.208.13 port 58044 [preauth]
May  7 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15093]: pam_unix(cron:session): session closed for user root
May  7 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session closed for user p13x
May  7 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: Successful su for rubyman by root
May  7 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: + ??? root:rubyman
May  7 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345466 of user rubyman.
May  7 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16358]: pam_unix(su:session): session closed for user rubyman
May  7 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345466.
May  7 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session closed for user root
May  7 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16302]: pam_unix(cron:session): session closed for user samftp
May  7 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15488]: pam_unix(cron:session): session closed for user root
May  7 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: Invalid user bensonchang from 64.226.100.253
May  7 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: input_userauth_request: invalid user bensonchang [preauth]
May  7 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: Failed password for invalid user bensonchang from 64.226.100.253 port 53312 ssh2
May  7 07:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16688]: Connection closed by 64.226.100.253 port 53312 [preauth]
May  7 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16749]: pam_unix(cron:session): session closed for user p13x
May  7 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: Successful su for rubyman by root
May  7 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: + ??? root:rubyman
May  7 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345471 of user rubyman.
May  7 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: pam_unix(su:session): session closed for user rubyman
May  7 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345471.
May  7 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session closed for user root
May  7 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16750]: pam_unix(cron:session): session closed for user samftp
May  7 07:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Invalid user admin from 80.94.95.112
May  7 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: input_userauth_request: invalid user admin [preauth]
May  7 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user admin from 80.94.95.112 port 37716 ssh2
May  7 07:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user admin from 80.94.95.112 port 37716 ssh2
May  7 07:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user admin from 80.94.95.112 port 37716 ssh2
May  7 07:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user admin from 80.94.95.112 port 37716 ssh2
May  7 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Invalid user vera from 112.217.207.28
May  7 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: input_userauth_request: invalid user vera [preauth]
May  7 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Failed password for invalid user admin from 80.94.95.112 port 37716 ssh2
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Received disconnect from 80.94.95.112 port 37716:11: Bye [preauth]
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: Disconnected from 80.94.95.112 port 37716 [preauth]
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17054]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Failed password for invalid user vera from 112.217.207.28 port 49868 ssh2
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Received disconnect from 112.217.207.28 port 49868:11: Bye Bye [preauth]
May  7 07:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17086]: Disconnected from 112.217.207.28 port 49868 [preauth]
May  7 07:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15911]: pam_unix(cron:session): session closed for user root
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17175]: pam_unix(cron:session): session closed for user p13x
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17238]: Successful su for rubyman by root
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17238]: + ??? root:rubyman
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345474 of user rubyman.
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17238]: pam_unix(su:session): session closed for user rubyman
May  7 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345474.
May  7 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14675]: pam_unix(cron:session): session closed for user root
May  7 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17176]: pam_unix(cron:session): session closed for user samftp
May  7 07:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  7 07:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Failed password for root from 218.92.0.211 port 21694 ssh2
May  7 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: message repeated 4 times: [ Failed password for root from 218.92.0.211 port 21694 ssh2]
May  7 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 21694 ssh2 [preauth]
May  7 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: Disconnecting: Too many authentication failures [preauth]
May  7 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  7 07:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17455]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16304]: pam_unix(cron:session): session closed for user root
May  7 07:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user root
May  7 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17600]: pam_unix(cron:session): session closed for user p13x
May  7 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17676]: Successful su for rubyman by root
May  7 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17676]: + ??? root:rubyman
May  7 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345483 of user rubyman.
May  7 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17676]: pam_unix(su:session): session closed for user rubyman
May  7 07:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345483.
May  7 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17602]: pam_unix(cron:session): session closed for user root
May  7 07:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15092]: pam_unix(cron:session): session closed for user root
May  7 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17601]: pam_unix(cron:session): session closed for user samftp
May  7 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16752]: pam_unix(cron:session): session closed for user root
May  7 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session closed for user p13x
May  7 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: Successful su for rubyman by root
May  7 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: + ??? root:rubyman
May  7 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345484 of user rubyman.
May  7 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18223]: pam_unix(su:session): session closed for user rubyman
May  7 07:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345484.
May  7 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15487]: pam_unix(cron:session): session closed for user root
May  7 07:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session closed for user samftp
May  7 07:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: Invalid user web-user from 190.103.202.7
May  7 07:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: input_userauth_request: invalid user web-user [preauth]
May  7 07:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 07:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: Failed password for invalid user web-user from 190.103.202.7 port 47594 ssh2
May  7 07:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18473]: Connection closed by 190.103.202.7 port 47594 [preauth]
May  7 07:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17178]: pam_unix(cron:session): session closed for user root
May  7 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Failed password for root from 218.92.0.179 port 46334 ssh2
May  7 07:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 46334 ssh2]
May  7 07:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Received disconnect from 218.92.0.179 port 46334:11:  [preauth]
May  7 07:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: Disconnected from 218.92.0.179 port 46334 [preauth]
May  7 07:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18485]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Invalid user june from 103.189.208.13
May  7 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: input_userauth_request: invalid user june [preauth]
May  7 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Failed password for invalid user june from 103.189.208.13 port 58288 ssh2
May  7 07:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Received disconnect from 103.189.208.13 port 58288:11: Bye Bye [preauth]
May  7 07:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18538]: Disconnected from 103.189.208.13 port 58288 [preauth]
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user p13x
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18634]: Successful su for rubyman by root
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18634]: + ??? root:rubyman
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345488 of user rubyman.
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18634]: pam_unix(su:session): session closed for user rubyman
May  7 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345488.
May  7 07:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15909]: pam_unix(cron:session): session closed for user root
May  7 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user samftp
May  7 07:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Invalid user centos from 80.94.95.29
May  7 07:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: input_userauth_request: invalid user centos [preauth]
May  7 07:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 07:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Failed password for invalid user centos from 80.94.95.29 port 32590 ssh2
May  7 07:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Invalid user allecia from 64.23.161.151
May  7 07:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: input_userauth_request: invalid user allecia [preauth]
May  7 07:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Failed password for invalid user centos from 80.94.95.29 port 32590 ssh2
May  7 07:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Failed password for invalid user allecia from 64.23.161.151 port 58968 ssh2
May  7 07:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18893]: Connection closed by 64.23.161.151 port 58968 [preauth]
May  7 07:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Failed password for invalid user centos from 80.94.95.29 port 32590 ssh2
May  7 07:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Failed password for invalid user centos from 80.94.95.29 port 32590 ssh2
May  7 07:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session closed for user root
May  7 07:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Failed password for invalid user centos from 80.94.95.29 port 32590 ssh2
May  7 07:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Received disconnect from 80.94.95.29 port 32590:11: Bye [preauth]
May  7 07:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: Disconnected from 80.94.95.29 port 32590 [preauth]
May  7 07:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 07:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18871]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181  user=root
May  7 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Failed password for root from 223.68.169.181 port 57858 ssh2
May  7 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Received disconnect from 223.68.169.181 port 57858:11: Bye Bye [preauth]
May  7 07:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18971]: Disconnected from 223.68.169.181 port 57858 [preauth]
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18982]: pam_unix(cron:session): session closed for user p13x
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19047]: Successful su for rubyman by root
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19047]: + ??? root:rubyman
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345493 of user rubyman.
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19047]: pam_unix(su:session): session closed for user rubyman
May  7 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345493.
May  7 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16303]: pam_unix(cron:session): session closed for user root
May  7 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18983]: pam_unix(cron:session): session closed for user samftp
May  7 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18160]: pam_unix(cron:session): session closed for user root
May  7 07:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Invalid user safeuser from 112.217.207.28
May  7 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: input_userauth_request: invalid user safeuser [preauth]
May  7 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Failed password for invalid user safeuser from 112.217.207.28 port 42844 ssh2
May  7 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Received disconnect from 112.217.207.28 port 42844:11: Bye Bye [preauth]
May  7 07:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Disconnected from 112.217.207.28 port 42844 [preauth]
May  7 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session closed for user p13x
May  7 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19460]: Successful su for rubyman by root
May  7 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19460]: + ??? root:rubyman
May  7 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345496 of user rubyman.
May  7 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19460]: pam_unix(su:session): session closed for user rubyman
May  7 07:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345496.
May  7 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16751]: pam_unix(cron:session): session closed for user root
May  7 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session closed for user samftp
May  7 07:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: Invalid user bhartman from 64.226.100.253
May  7 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: input_userauth_request: invalid user bhartman [preauth]
May  7 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 07:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: Failed password for invalid user bhartman from 64.226.100.253 port 54380 ssh2
May  7 07:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19687]: Connection closed by 64.226.100.253 port 54380 [preauth]
May  7 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session closed for user root
May  7 07:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Failed password for root from 218.92.0.179 port 36333 ssh2
May  7 07:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Failed password for root from 218.92.0.179 port 36333 ssh2
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19815]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19820]: pam_unix(cron:session): session closed for user root
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19815]: pam_unix(cron:session): session closed for user p13x
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: Successful su for rubyman by root
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: + ??? root:rubyman
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345502 of user rubyman.
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19883]: pam_unix(su:session): session closed for user rubyman
May  7 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345502.
May  7 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Failed password for root from 218.92.0.179 port 36333 ssh2
May  7 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Received disconnect from 218.92.0.179 port 36333:11:  [preauth]
May  7 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: Disconnected from 218.92.0.179 port 36333 [preauth]
May  7 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19804]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19817]: pam_unix(cron:session): session closed for user root
May  7 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17177]: pam_unix(cron:session): session closed for user root
May  7 07:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19816]: pam_unix(cron:session): session closed for user samftp
May  7 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user root
May  7 07:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  7 07:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20202]: Failed password for root from 218.92.0.252 port 11980 ssh2
May  7 07:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Failed password for root from 218.92.0.179 port 19798 ssh2
May  7 07:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 19798 ssh2]
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Received disconnect from 218.92.0.179 port 19798:11:  [preauth]
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Disconnected from 218.92.0.179 port 19798 [preauth]
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20254]: pam_unix(cron:session): session closed for user p13x
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20319]: Successful su for rubyman by root
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20319]: + ??? root:rubyman
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345508 of user rubyman.
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20319]: pam_unix(su:session): session closed for user rubyman
May  7 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345508.
May  7 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17603]: pam_unix(cron:session): session closed for user root
May  7 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20255]: pam_unix(cron:session): session closed for user samftp
May  7 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  7 07:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20518]: Failed password for root from 218.92.0.252 port 29488 ssh2
May  7 07:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Invalid user admin from 194.0.234.19
May  7 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: input_userauth_request: invalid user admin [preauth]
May  7 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Failed password for invalid user admin from 194.0.234.19 port 18682 ssh2
May  7 07:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20571]: Connection closed by 194.0.234.19 port 18682 [preauth]
May  7 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19403]: pam_unix(cron:session): session closed for user root
May  7 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session closed for user p13x
May  7 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20732]: Successful su for rubyman by root
May  7 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20732]: + ??? root:rubyman
May  7 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345512 of user rubyman.
May  7 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20732]: pam_unix(su:session): session closed for user rubyman
May  7 07:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345512.
May  7 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18159]: pam_unix(cron:session): session closed for user root
May  7 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session closed for user samftp
May  7 07:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Invalid user wwww from 103.189.208.13
May  7 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: input_userauth_request: invalid user wwww [preauth]
May  7 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Failed password for invalid user wwww from 103.189.208.13 port 50340 ssh2
May  7 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Received disconnect from 103.189.208.13 port 50340:11: Bye Bye [preauth]
May  7 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20955]: Disconnected from 103.189.208.13 port 50340 [preauth]
May  7 07:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19819]: pam_unix(cron:session): session closed for user root
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21079]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21079]: pam_unix(cron:session): session closed for user p13x
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21143]: Successful su for rubyman by root
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21143]: + ??? root:rubyman
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345514 of user rubyman.
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21143]: pam_unix(su:session): session closed for user rubyman
May  7 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345514.
May  7 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user root
May  7 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21080]: pam_unix(cron:session): session closed for user samftp
May  7 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20257]: pam_unix(cron:session): session closed for user root
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21513]: pam_unix(cron:session): session closed for user p13x
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: Successful su for rubyman by root
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: + ??? root:rubyman
May  7 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345519 of user rubyman.
May  7 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21585]: pam_unix(su:session): session closed for user rubyman
May  7 07:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345519.
May  7 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session closed for user root
May  7 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21514]: pam_unix(cron:session): session closed for user samftp
May  7 07:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Invalid user maks from 112.217.207.28
May  7 07:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: input_userauth_request: invalid user maks [preauth]
May  7 07:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 07:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user maks from 112.217.207.28 port 53406 ssh2
May  7 07:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Received disconnect from 112.217.207.28 port 53406:11: Bye Bye [preauth]
May  7 07:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Disconnected from 112.217.207.28 port 53406 [preauth]
May  7 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user root
May  7 07:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 07:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Invalid user admin from 80.94.95.241
May  7 07:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: input_userauth_request: invalid user admin [preauth]
May  7 07:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 07:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Failed password for invalid user admin from 80.94.95.241 port 23759 ssh2
May  7 07:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Failed password for invalid user admin from 80.94.95.241 port 23759 ssh2
May  7 07:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Failed password for invalid user admin from 80.94.95.241 port 23759 ssh2
May  7 07:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Failed password for invalid user admin from 80.94.95.241 port 23759 ssh2
May  7 07:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): check pass; user unknown
May  7 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Failed password for invalid user admin from 80.94.95.241 port 23759 ssh2
May  7 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Received disconnect from 80.94.95.241 port 23759:11: Bye [preauth]
May  7 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Disconnected from 80.94.95.241 port 23759 [preauth]
May  7 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 07:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session closed for user root
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user root
May  7 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22256]: pam_unix(cron:session): session closed for user p13x
May  7 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: Successful su for rubyman by root
May  7 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: + ??? root:rubyman
May  7 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345525 of user rubyman.
May  7 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: pam_unix(su:session): session closed for user rubyman
May  7 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345525.
May  7 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19401]: pam_unix(cron:session): session closed for user root
May  7 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user root
May  7 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22257]: pam_unix(cron:session): session closed for user samftp
May  7 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Invalid user david from 64.23.161.151
May  7 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: input_userauth_request: invalid user david [preauth]
May  7 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Failed password for invalid user david from 64.23.161.151 port 43208 ssh2
May  7 08:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Connection closed by 64.23.161.151 port 43208 [preauth]
May  7 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session closed for user root
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22826]: pam_unix(cron:session): session closed for user p13x
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: Successful su for rubyman by root
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: + ??? root:rubyman
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345530 of user rubyman.
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22908]: pam_unix(su:session): session closed for user rubyman
May  7 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345530.
May  7 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19818]: pam_unix(cron:session): session closed for user root
May  7 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Invalid user lyy from 103.160.148.170
May  7 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: input_userauth_request: invalid user lyy [preauth]
May  7 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22827]: pam_unix(cron:session): session closed for user samftp
May  7 08:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Failed password for invalid user lyy from 103.160.148.170 port 53362 ssh2
May  7 08:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Received disconnect from 103.160.148.170 port 53362:11: Bye Bye [preauth]
May  7 08:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23076]: Disconnected from 103.160.148.170 port 53362 [preauth]
May  7 08:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Invalid user bherald from 64.226.100.253
May  7 08:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: input_userauth_request: invalid user bherald [preauth]
May  7 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Failed password for invalid user bherald from 64.226.100.253 port 52976 ssh2
May  7 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23128]: Connection closed by 64.226.100.253 port 52976 [preauth]
May  7 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21516]: pam_unix(cron:session): session closed for user root
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23290]: pam_unix(cron:session): session closed for user p13x
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23445]: Successful su for rubyman by root
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23445]: + ??? root:rubyman
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345533 of user rubyman.
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23445]: pam_unix(su:session): session closed for user rubyman
May  7 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345533.
May  7 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20256]: pam_unix(cron:session): session closed for user root
May  7 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23291]: pam_unix(cron:session): session closed for user samftp
May  7 08:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Failed password for root from 14.103.114.20 port 51624 ssh2
May  7 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Received disconnect from 14.103.114.20 port 51624:11: Bye Bye [preauth]
May  7 08:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Disconnected from 14.103.114.20 port 51624 [preauth]
May  7 08:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
May  7 08:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Invalid user rizzo from 103.189.208.13
May  7 08:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: input_userauth_request: invalid user rizzo [preauth]
May  7 08:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Failed password for invalid user rizzo from 103.189.208.13 port 36056 ssh2
May  7 08:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Received disconnect from 103.189.208.13 port 36056:11: Bye Bye [preauth]
May  7 08:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Disconnected from 103.189.208.13 port 36056 [preauth]
May  7 08:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Failed password for root from 218.92.0.179 port 18519 ssh2
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23882]: pam_unix(cron:session): session closed for user p13x
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: Successful su for rubyman by root
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: + ??? root:rubyman
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345537 of user rubyman.
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: pam_unix(su:session): session closed for user rubyman
May  7 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345537.
May  7 08:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Failed password for root from 218.92.0.179 port 18519 ssh2
May  7 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
May  7 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Failed password for root from 218.92.0.179 port 18519 ssh2
May  7 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Received disconnect from 218.92.0.179 port 18519:11:  [preauth]
May  7 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Disconnected from 218.92.0.179 port 18519 [preauth]
May  7 08:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23884]: pam_unix(cron:session): session closed for user samftp
May  7 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22829]: pam_unix(cron:session): session closed for user root
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24326]: pam_unix(cron:session): session closed for user p13x
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24391]: Successful su for rubyman by root
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24391]: + ??? root:rubyman
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345543 of user rubyman.
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24391]: pam_unix(su:session): session closed for user rubyman
May  7 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345543.
May  7 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21081]: pam_unix(cron:session): session closed for user root
May  7 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24327]: pam_unix(cron:session): session closed for user samftp
May  7 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user root
May  7 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Invalid user wjx from 112.217.207.28
May  7 08:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: input_userauth_request: invalid user wjx [preauth]
May  7 08:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 08:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Failed password for invalid user wjx from 112.217.207.28 port 60028 ssh2
May  7 08:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Received disconnect from 112.217.207.28 port 60028:11: Bye Bye [preauth]
May  7 08:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24713]: Disconnected from 112.217.207.28 port 60028 [preauth]
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session closed for user root
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user p13x
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: Successful su for rubyman by root
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: + ??? root:rubyman
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345545 of user rubyman.
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24829]: pam_unix(su:session): session closed for user rubyman
May  7 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345545.
May  7 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session closed for user root
May  7 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21515]: pam_unix(cron:session): session closed for user root
May  7 08:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24762]: pam_unix(cron:session): session closed for user samftp
May  7 08:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Invalid user lima from 14.103.114.20
May  7 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: input_userauth_request: invalid user lima [preauth]
May  7 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Failed password for invalid user lima from 14.103.114.20 port 50350 ssh2
May  7 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Received disconnect from 14.103.114.20 port 50350:11: Bye Bye [preauth]
May  7 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25109]: Disconnected from 14.103.114.20 port 50350 [preauth]
May  7 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session closed for user root
May  7 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181  user=root
May  7 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Failed password for root from 223.68.169.181 port 58536 ssh2
May  7 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Received disconnect from 223.68.169.181 port 58536:11: Bye Bye [preauth]
May  7 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Disconnected from 223.68.169.181 port 58536 [preauth]
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session closed for user p13x
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: Successful su for rubyman by root
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: + ??? root:rubyman
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345552 of user rubyman.
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25279]: pam_unix(su:session): session closed for user rubyman
May  7 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345552.
May  7 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
May  7 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user samftp
May  7 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24329]: pam_unix(cron:session): session closed for user root
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session closed for user p13x
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: Successful su for rubyman by root
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: + ??? root:rubyman
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345557 of user rubyman.
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25724]: pam_unix(su:session): session closed for user rubyman
May  7 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345557.
May  7 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22828]: pam_unix(cron:session): session closed for user root
May  7 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session closed for user samftp
May  7 08:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
May  7 08:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26093]: Did not receive identification string from 47.254.192.213
May  7 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Invalid user  from 47.254.192.213
May  7 08:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: input_userauth_request: invalid user  [preauth]
May  7 08:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26094]: Connection closed by 47.254.192.213 port 48952 [preauth]
May  7 08:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Invalid user bingwang from 64.226.100.253
May  7 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: input_userauth_request: invalid user bingwang [preauth]
May  7 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Failed password for invalid user bingwang from 64.226.100.253 port 48620 ssh2
May  7 08:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26104]: Connection closed by 64.226.100.253 port 48620 [preauth]
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user p13x
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: Successful su for rubyman by root
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: + ??? root:rubyman
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345561 of user rubyman.
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26184]: pam_unix(su:session): session closed for user rubyman
May  7 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345561.
May  7 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session closed for user root
May  7 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session closed for user samftp
May  7 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: Invalid user delta from 64.23.161.151
May  7 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: input_userauth_request: invalid user delta [preauth]
May  7 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: Failed password for invalid user delta from 64.23.161.151 port 56162 ssh2
May  7 08:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26359]: Connection closed by 64.23.161.151 port 56162 [preauth]
May  7 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Failed password for root from 164.68.105.9 port 56462 ssh2
May  7 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26392]: Connection closed by 164.68.105.9 port 56462 [preauth]
May  7 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session closed for user root
May  7 08:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Invalid user sentry from 103.189.208.13
May  7 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: input_userauth_request: invalid user sentry [preauth]
May  7 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Failed password for invalid user sentry from 103.189.208.13 port 59078 ssh2
May  7 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Received disconnect from 103.189.208.13 port 59078:11: Bye Bye [preauth]
May  7 08:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Disconnected from 103.189.208.13 port 59078 [preauth]
May  7 08:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Failed password for root from 218.92.0.179 port 60914 ssh2
May  7 08:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 60914 ssh2]
May  7 08:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Received disconnect from 218.92.0.179 port 60914:11:  [preauth]
May  7 08:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Disconnected from 218.92.0.179 port 60914 [preauth]
May  7 08:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Invalid user css from 14.103.114.20
May  7 08:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: input_userauth_request: invalid user css [preauth]
May  7 08:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Failed password for invalid user css from 14.103.114.20 port 51710 ssh2
May  7 08:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Received disconnect from 14.103.114.20 port 51710:11: Bye Bye [preauth]
May  7 08:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26580]: Disconnected from 14.103.114.20 port 51710 [preauth]
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26611]: pam_unix(cron:session): session closed for user p13x
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: Successful su for rubyman by root
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: + ??? root:rubyman
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345565 of user rubyman.
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: pam_unix(su:session): session closed for user rubyman
May  7 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345565.
May  7 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session closed for user root
May  7 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session closed for user root
May  7 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26612]: pam_unix(cron:session): session closed for user samftp
May  7 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25645]: pam_unix(cron:session): session closed for user root
May  7 08:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27182]: pam_unix(cron:session): session closed for user root
May  7 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27173]: pam_unix(cron:session): session closed for user p13x
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27251]: Successful su for rubyman by root
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27251]: + ??? root:rubyman
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345568 of user rubyman.
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27251]: pam_unix(su:session): session closed for user rubyman
May  7 08:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345568.
May  7 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27175]: pam_unix(cron:session): session closed for user root
May  7 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Failed password for root from 103.160.148.170 port 39494 ssh2
May  7 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24328]: pam_unix(cron:session): session closed for user root
May  7 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Received disconnect from 103.160.148.170 port 39494:11: Bye Bye [preauth]
May  7 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27170]: Disconnected from 103.160.148.170 port 39494 [preauth]
May  7 08:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session closed for user samftp
May  7 08:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Invalid user librenms from 112.217.207.28
May  7 08:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: input_userauth_request: invalid user librenms [preauth]
May  7 08:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Failed password for invalid user librenms from 112.217.207.28 port 37786 ssh2
May  7 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Received disconnect from 112.217.207.28 port 37786:11: Bye Bye [preauth]
May  7 08:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Disconnected from 112.217.207.28 port 37786 [preauth]
May  7 08:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user root
May  7 08:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Invalid user admin from 80.94.95.125
May  7 08:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: input_userauth_request: invalid user admin [preauth]
May  7 08:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 08:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Failed password for invalid user admin from 80.94.95.125 port 61645 ssh2
May  7 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Failed password for invalid user admin from 80.94.95.125 port 61645 ssh2
May  7 08:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Failed password for invalid user admin from 80.94.95.125 port 61645 ssh2
May  7 08:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Failed password for invalid user admin from 80.94.95.125 port 61645 ssh2
May  7 08:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Failed password for invalid user admin from 80.94.95.125 port 61645 ssh2
May  7 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Received disconnect from 80.94.95.125 port 61645:11: Bye [preauth]
May  7 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: Disconnected from 80.94.95.125 port 61645 [preauth]
May  7 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 08:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27629]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27685]: pam_unix(cron:session): session closed for user p13x
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: Successful su for rubyman by root
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: + ??? root:rubyman
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345574 of user rubyman.
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27752]: pam_unix(su:session): session closed for user rubyman
May  7 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345574.
May  7 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session closed for user root
May  7 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session closed for user samftp
May  7 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Invalid user 0 from 195.178.110.50
May  7 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: input_userauth_request: invalid user 0 [preauth]
May  7 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 08:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Failed password for invalid user 0 from 195.178.110.50 port 8970 ssh2
May  7 08:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27683]: Connection closed by 195.178.110.50 port 8970 [preauth]
May  7 08:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26614]: pam_unix(cron:session): session closed for user root
May  7 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Invalid user = from 195.178.110.50
May  7 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: input_userauth_request: invalid user = [preauth]
May  7 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 08:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Failed password for invalid user = from 195.178.110.50 port 53782 ssh2
May  7 08:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27978]: Connection closed by 195.178.110.50 port 53782 [preauth]
May  7 08:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: Invalid user solar from 14.103.114.20
May  7 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: input_userauth_request: invalid user solar [preauth]
May  7 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: Failed password for invalid user solar from 14.103.114.20 port 52574 ssh2
May  7 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: Received disconnect from 14.103.114.20 port 52574:11: Bye Bye [preauth]
May  7 08:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28062]: Disconnected from 14.103.114.20 port 52574 [preauth]
May  7 08:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Invalid user J from 195.178.110.50
May  7 08:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: input_userauth_request: invalid user J [preauth]
May  7 08:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 08:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Failed password for invalid user J from 195.178.110.50 port 27330 ssh2
May  7 08:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Connection closed by 195.178.110.50 port 27330 [preauth]
May  7 08:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user p13x
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: Successful su for rubyman by root
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: + ??? root:rubyman
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345581 of user rubyman.
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28175]: pam_unix(su:session): session closed for user rubyman
May  7 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345581.
May  7 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user root
May  7 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session closed for user samftp
May  7 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: Invalid user W from 195.178.110.50
May  7 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: input_userauth_request: invalid user W [preauth]
May  7 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 08:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: Failed password for invalid user W from 195.178.110.50 port 29116 ssh2
May  7 08:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28100]: Connection closed by 195.178.110.50 port 29116 [preauth]
May  7 08:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Invalid user d from 195.178.110.50
May  7 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: input_userauth_request: invalid user d [preauth]
May  7 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 08:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Failed password for invalid user d from 195.178.110.50 port 26904 ssh2
May  7 08:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28362]: Connection closed by 195.178.110.50 port 26904 [preauth]
May  7 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27181]: pam_unix(cron:session): session closed for user root
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user p13x
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: Successful su for rubyman by root
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: + ??? root:rubyman
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345584 of user rubyman.
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: pam_unix(su:session): session closed for user rubyman
May  7 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345584.
May  7 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user root
May  7 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session closed for user samftp
May  7 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27688]: pam_unix(cron:session): session closed for user root
May  7 08:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user p13x
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: Successful su for rubyman by root
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: + ??? root:rubyman
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345588 of user rubyman.
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28979]: pam_unix(su:session): session closed for user rubyman
May  7 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345588.
May  7 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session closed for user root
May  7 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user samftp
May  7 08:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Invalid user sfserver from 103.189.208.13
May  7 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: input_userauth_request: invalid user sfserver [preauth]
May  7 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Failed password for invalid user sfserver from 103.189.208.13 port 49852 ssh2
May  7 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Received disconnect from 103.189.208.13 port 49852:11: Bye Bye [preauth]
May  7 08:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29275]: Disconnected from 103.189.208.13 port 49852 [preauth]
May  7 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28114]: pam_unix(cron:session): session closed for user root
May  7 08:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Invalid user bkirank from 64.226.100.253
May  7 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: input_userauth_request: invalid user bkirank [preauth]
May  7 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Failed password for invalid user bkirank from 64.226.100.253 port 53154 ssh2
May  7 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29369]: Connection closed by 64.226.100.253 port 53154 [preauth]
May  7 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Invalid user deploy from 14.103.114.20
May  7 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: input_userauth_request: invalid user deploy [preauth]
May  7 08:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Failed password for invalid user deploy from 14.103.114.20 port 36512 ssh2
May  7 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Received disconnect from 14.103.114.20 port 36512:11: Bye Bye [preauth]
May  7 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29381]: Disconnected from 14.103.114.20 port 36512 [preauth]
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session closed for user root
May  7 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user p13x
May  7 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29500]: Successful su for rubyman by root
May  7 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29500]: + ??? root:rubyman
May  7 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345594 of user rubyman.
May  7 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29500]: pam_unix(su:session): session closed for user rubyman
May  7 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345594.
May  7 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session closed for user root
May  7 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26613]: pam_unix(cron:session): session closed for user root
May  7 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user samftp
May  7 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user root
May  7 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Invalid user admin from 194.0.234.19
May  7 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: input_userauth_request: invalid user admin [preauth]
May  7 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Failed password for invalid user admin from 194.0.234.19 port 15270 ssh2
May  7 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29781]: Connection closed by 194.0.234.19 port 15270 [preauth]
May  7 08:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Invalid user precio01 from 112.217.207.28
May  7 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: input_userauth_request: invalid user precio01 [preauth]
May  7 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 08:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Failed password for invalid user precio01 from 112.217.207.28 port 53868 ssh2
May  7 08:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Received disconnect from 112.217.207.28 port 53868:11: Bye Bye [preauth]
May  7 08:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29810]: Disconnected from 112.217.207.28 port 53868 [preauth]
May  7 08:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Invalid user installer from 103.160.148.170
May  7 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: input_userauth_request: invalid user installer [preauth]
May  7 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Failed password for invalid user installer from 103.160.148.170 port 43360 ssh2
May  7 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Received disconnect from 103.160.148.170 port 43360:11: Bye Bye [preauth]
May  7 08:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29855]: Disconnected from 103.160.148.170 port 43360 [preauth]
May  7 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Invalid user liam from 64.23.161.151
May  7 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: input_userauth_request: invalid user liam [preauth]
May  7 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Failed password for invalid user liam from 64.23.161.151 port 56782 ssh2
May  7 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29866]: Connection closed by 64.23.161.151 port 56782 [preauth]
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session closed for user p13x
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: Successful su for rubyman by root
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: + ??? root:rubyman
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345596 of user rubyman.
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: pam_unix(su:session): session closed for user rubyman
May  7 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345596.
May  7 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27176]: pam_unix(cron:session): session closed for user root
May  7 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user samftp
May  7 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user root
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30274]: pam_unix(cron:session): session closed for user root
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30276]: pam_unix(cron:session): session closed for user p13x
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: Successful su for rubyman by root
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: + ??? root:rubyman
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345601 of user rubyman.
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30342]: pam_unix(su:session): session closed for user rubyman
May  7 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345601.
May  7 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27687]: pam_unix(cron:session): session closed for user root
May  7 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30277]: pam_unix(cron:session): session closed for user samftp
May  7 08:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Failed password for root from 14.103.114.20 port 56178 ssh2
May  7 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Received disconnect from 14.103.114.20 port 56178:11: Bye Bye [preauth]
May  7 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30576]: Disconnected from 14.103.114.20 port 56178 [preauth]
May  7 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session closed for user root
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30673]: pam_unix(cron:session): session closed for user p13x
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30736]: Successful su for rubyman by root
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30736]: + ??? root:rubyman
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345605 of user rubyman.
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30736]: pam_unix(su:session): session closed for user rubyman
May  7 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345605.
May  7 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user root
May  7 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30674]: pam_unix(cron:session): session closed for user samftp
May  7 08:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181  user=root
May  7 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: Failed password for root from 223.68.169.181 port 59150 ssh2
May  7 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Invalid user  from 64.62.156.86
May  7 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: input_userauth_request: invalid user  [preauth]
May  7 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: Received disconnect from 223.68.169.181 port 59150:11: Bye Bye [preauth]
May  7 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: Disconnected from 223.68.169.181 port 59150 [preauth]
May  7 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Connection closed by 64.62.156.86 port 47923 [preauth]
May  7 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session closed for user root
May  7 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31172]: pam_unix(cron:session): session closed for user p13x
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31233]: Successful su for rubyman by root
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31233]: + ??? root:rubyman
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345609 of user rubyman.
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31233]: pam_unix(su:session): session closed for user rubyman
May  7 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345609.
May  7 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user root
May  7 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31173]: pam_unix(cron:session): session closed for user samftp
May  7 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user root
May  7 08:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13  user=root
May  7 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: Failed password for root from 103.189.208.13 port 50536 ssh2
May  7 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: Received disconnect from 103.189.208.13 port 50536:11: Bye Bye [preauth]
May  7 08:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31535]: Disconnected from 103.189.208.13 port 50536 [preauth]
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session closed for user root
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31589]: pam_unix(cron:session): session closed for user p13x
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31672]: Successful su for rubyman by root
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31672]: + ??? root:rubyman
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345615 of user rubyman.
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31672]: pam_unix(su:session): session closed for user rubyman
May  7 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345615.
May  7 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session closed for user root
May  7 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session closed for user root
May  7 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31590]: pam_unix(cron:session): session closed for user samftp
May  7 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Invalid user ts3server from 50.235.31.47
May  7 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: input_userauth_request: invalid user ts3server [preauth]
May  7 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Failed password for invalid user ts3server from 50.235.31.47 port 54352 ssh2
May  7 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Connection closed by 50.235.31.47 port 54352 [preauth]
May  7 08:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: Invalid user ubuntu from 14.103.114.20
May  7 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: input_userauth_request: invalid user ubuntu [preauth]
May  7 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: Failed password for invalid user ubuntu from 14.103.114.20 port 41570 ssh2
May  7 08:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: Received disconnect from 14.103.114.20 port 41570:11: Bye Bye [preauth]
May  7 08:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31970]: Disconnected from 14.103.114.20 port 41570 [preauth]
May  7 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session closed for user root
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session closed for user p13x
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32423]: Successful su for rubyman by root
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32423]: + ??? root:rubyman
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345621 of user rubyman.
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32423]: pam_unix(su:session): session closed for user rubyman
May  7 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345621.
May  7 08:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Invalid user sk from 112.217.207.28
May  7 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: input_userauth_request: invalid user sk [preauth]
May  7 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.217.207.28
May  7 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session closed for user root
May  7 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Failed password for invalid user sk from 112.217.207.28 port 32774 ssh2
May  7 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Received disconnect from 112.217.207.28 port 32774:11: Bye Bye [preauth]
May  7 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32491]: Disconnected from 112.217.207.28 port 32774 [preauth]
May  7 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session closed for user samftp
May  7 08:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: Failed password for root from 80.94.95.29 port 21100 ssh2
May  7 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 21100 ssh2]
May  7 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: Received disconnect from 80.94.95.29 port 21100:11: Bye [preauth]
May  7 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: Disconnected from 80.94.95.29 port 21100 [preauth]
May  7 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32590]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Invalid user boby from 64.226.100.253
May  7 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: input_userauth_request: invalid user boby [preauth]
May  7 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Failed password for invalid user boby from 64.226.100.253 port 54914 ssh2
May  7 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32755]: Connection closed by 64.226.100.253 port 54914 [preauth]
May  7 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session closed for user root
May  7 08:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Invalid user alin from 103.160.148.170
May  7 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: input_userauth_request: invalid user alin [preauth]
May  7 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Failed password for invalid user alin from 103.160.148.170 port 52206 ssh2
May  7 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Received disconnect from 103.160.148.170 port 52206:11: Bye Bye [preauth]
May  7 08:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[373]: Disconnected from 103.160.148.170 port 52206 [preauth]
May  7 08:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  7 08:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[404]: Failed password for root from 218.92.0.212 port 18888 ssh2
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[477]: pam_unix(cron:session): session closed for user p13x
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[553]: Successful su for rubyman by root
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[553]: + ??? root:rubyman
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345625 of user rubyman.
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[553]: pam_unix(su:session): session closed for user rubyman
May  7 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345625.
May  7 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29871]: pam_unix(cron:session): session closed for user root
May  7 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[478]: pam_unix(cron:session): session closed for user samftp
May  7 08:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session closed for user root
May  7 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[944]: pam_unix(cron:session): session closed for user p13x
May  7 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1021]: Successful su for rubyman by root
May  7 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1021]: + ??? root:rubyman
May  7 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345629 of user rubyman.
May  7 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1021]: pam_unix(su:session): session closed for user rubyman
May  7 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345629.
May  7 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user root
May  7 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[945]: pam_unix(cron:session): session closed for user samftp
May  7 08:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Invalid user solr from 14.103.114.20
May  7 08:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: input_userauth_request: invalid user solr [preauth]
May  7 08:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user solr from 14.103.114.20 port 51534 ssh2
May  7 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Received disconnect from 14.103.114.20 port 51534:11: Bye Bye [preauth]
May  7 08:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Disconnected from 14.103.114.20 port 51534 [preauth]
May  7 08:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Invalid user admin from 80.94.95.112
May  7 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: input_userauth_request: invalid user admin [preauth]
May  7 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Failed password for invalid user admin from 80.94.95.112 port 19920 ssh2
May  7 08:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Failed password for invalid user admin from 80.94.95.112 port 19920 ssh2
May  7 08:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Failed password for invalid user admin from 80.94.95.112 port 19920 ssh2
May  7 08:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Failed password for invalid user admin from 80.94.95.112 port 19920 ssh2
May  7 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Failed password for invalid user admin from 80.94.95.112 port 19920 ssh2
May  7 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Received disconnect from 80.94.95.112 port 19920:11: Bye [preauth]
May  7 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: Disconnected from 80.94.95.112 port 19920 [preauth]
May  7 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1275]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32341]: pam_unix(cron:session): session closed for user root
May  7 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Invalid user shared from 64.23.161.151
May  7 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: input_userauth_request: invalid user shared [preauth]
May  7 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Failed password for invalid user shared from 64.23.161.151 port 36614 ssh2
May  7 08:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1387]: Connection closed by 64.23.161.151 port 36614 [preauth]
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1418]: pam_unix(cron:session): session closed for user p13x
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1505]: Successful su for rubyman by root
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1505]: + ??? root:rubyman
May  7 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345631 of user rubyman.
May  7 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1505]: pam_unix(su:session): session closed for user rubyman
May  7 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345631.
May  7 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30675]: pam_unix(cron:session): session closed for user root
May  7 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session closed for user samftp
May  7 08:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Invalid user sshadmin from 80.94.95.115
May  7 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: input_userauth_request: invalid user sshadmin [preauth]
May  7 08:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Failed password for invalid user sshadmin from 80.94.95.115 port 60958 ssh2
May  7 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Connection closed by 80.94.95.115 port 60958 [preauth]
May  7 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session closed for user root
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user root
May  7 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user p13x
May  7 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: Successful su for rubyman by root
May  7 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: + ??? root:rubyman
May  7 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345638 of user rubyman.
May  7 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: pam_unix(su:session): session closed for user rubyman
May  7 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345638.
May  7 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session closed for user root
May  7 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session closed for user root
May  7 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session closed for user samftp
May  7 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Invalid user student5 from 103.189.208.13
May  7 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: input_userauth_request: invalid user student5 [preauth]
May  7 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Failed password for invalid user student5 from 103.189.208.13 port 51224 ssh2
May  7 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Received disconnect from 103.189.208.13 port 51224:11: Bye Bye [preauth]
May  7 08:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Disconnected from 103.189.208.13 port 51224 [preauth]
May  7 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user root
May  7 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session closed for user p13x
May  7 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: Successful su for rubyman by root
May  7 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: + ??? root:rubyman
May  7 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345641 of user rubyman.
May  7 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2504]: pam_unix(su:session): session closed for user rubyman
May  7 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345641.
May  7 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31592]: pam_unix(cron:session): session closed for user root
May  7 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session closed for user samftp
May  7 08:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Invalid user boss from 14.103.114.20
May  7 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: input_userauth_request: invalid user boss [preauth]
May  7 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Failed password for invalid user boss from 14.103.114.20 port 38186 ssh2
May  7 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Received disconnect from 14.103.114.20 port 38186:11: Bye Bye [preauth]
May  7 08:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Disconnected from 14.103.114.20 port 38186 [preauth]
May  7 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user root
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user p13x
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: Successful su for rubyman by root
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: + ??? root:rubyman
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345647 of user rubyman.
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2943]: pam_unix(su:session): session closed for user rubyman
May  7 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345647.
May  7 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32335]: pam_unix(cron:session): session closed for user root
May  7 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user samftp
May  7 08:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Invalid user ftptest from 103.160.148.170
May  7 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: input_userauth_request: invalid user ftptest [preauth]
May  7 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Failed password for invalid user ftptest from 103.160.148.170 port 46584 ssh2
May  7 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Received disconnect from 103.160.148.170 port 46584:11: Bye Bye [preauth]
May  7 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Disconnected from 103.160.148.170 port 46584 [preauth]
May  7 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session closed for user root
May  7 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Invalid user bohner from 64.226.100.253
May  7 08:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: input_userauth_request: invalid user bohner [preauth]
May  7 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Failed password for invalid user bohner from 64.226.100.253 port 46620 ssh2
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Connection closed by 64.226.100.253 port 46620 [preauth]
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user p13x
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3348]: Successful su for rubyman by root
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3348]: + ??? root:rubyman
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345650 of user rubyman.
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3348]: pam_unix(su:session): session closed for user rubyman
May  7 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345650.
May  7 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session closed for user root
May  7 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user samftp
May  7 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session closed for user root
May  7 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Failed password for root from 218.92.0.179 port 35767 ssh2
May  7 08:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35767 ssh2]
May  7 08:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Received disconnect from 218.92.0.179 port 35767:11:  [preauth]
May  7 08:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Disconnected from 218.92.0.179 port 35767 [preauth]
May  7 08:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for root from 14.103.114.20 port 35380 ssh2
May  7 08:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Received disconnect from 14.103.114.20 port 35380:11: Bye Bye [preauth]
May  7 08:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Disconnected from 14.103.114.20 port 35380 [preauth]
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session closed for user p13x
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: Successful su for rubyman by root
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: + ??? root:rubyman
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345653 of user rubyman.
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: pam_unix(su:session): session closed for user rubyman
May  7 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345653.
May  7 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session closed for user root
May  7 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user samftp
May  7 08:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2874]: pam_unix(cron:session): session closed for user root
May  7 08:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4058]: Connection closed by 167.94.145.101 port 47778 [preauth]
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4173]: pam_unix(cron:session): session closed for user root
May  7 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4168]: pam_unix(cron:session): session closed for user p13x
May  7 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: Successful su for rubyman by root
May  7 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: + ??? root:rubyman
May  7 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345661 of user rubyman.
May  7 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4264]: pam_unix(su:session): session closed for user rubyman
May  7 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345661.
May  7 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4170]: pam_unix(cron:session): session closed for user root
May  7 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session closed for user root
May  7 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4169]: pam_unix(cron:session): session closed for user samftp
May  7 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3290]: pam_unix(cron:session): session closed for user root
May  7 08:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: Invalid user admin from 103.189.208.13
May  7 08:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: input_userauth_request: invalid user admin [preauth]
May  7 08:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4763]: pam_unix(cron:session): session closed for user p13x
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4849]: Successful su for rubyman by root
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4849]: + ??? root:rubyman
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345664 of user rubyman.
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4849]: pam_unix(su:session): session closed for user rubyman
May  7 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345664.
May  7 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: Failed password for invalid user admin from 103.189.208.13 port 53316 ssh2
May  7 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: Received disconnect from 103.189.208.13 port 53316:11: Bye Bye [preauth]
May  7 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4760]: Disconnected from 103.189.208.13 port 53316 [preauth]
May  7 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1910]: pam_unix(cron:session): session closed for user root
May  7 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4764]: pam_unix(cron:session): session closed for user samftp
May  7 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181  user=root
May  7 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5235]: Failed password for root from 223.68.169.181 port 59798 ssh2
May  7 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5235]: Received disconnect from 223.68.169.181 port 59798:11: Bye Bye [preauth]
May  7 08:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5235]: Disconnected from 223.68.169.181 port 59798 [preauth]
May  7 08:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 08:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: Failed password for root from 193.70.84.184 port 35902 ssh2
May  7 08:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5261]: Connection closed by 193.70.84.184 port 35902 [preauth]
May  7 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user root
May  7 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Invalid user teddy from 64.23.161.151
May  7 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: input_userauth_request: invalid user teddy [preauth]
May  7 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user teddy from 64.23.161.151 port 40192 ssh2
May  7 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Connection closed by 64.23.161.151 port 40192 [preauth]
May  7 08:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5336]: Failed password for root from 14.103.114.20 port 35982 ssh2
May  7 08:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5336]: Received disconnect from 14.103.114.20 port 35982:11: Bye Bye [preauth]
May  7 08:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5336]: Disconnected from 14.103.114.20 port 35982 [preauth]
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user p13x
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: Successful su for rubyman by root
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: + ??? root:rubyman
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345668 of user rubyman.
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5468]: pam_unix(su:session): session closed for user rubyman
May  7 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345668.
May  7 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session closed for user root
May  7 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user samftp
May  7 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4172]: pam_unix(cron:session): session closed for user root
May  7 08:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Invalid user www from 103.160.148.170
May  7 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: input_userauth_request: invalid user www [preauth]
May  7 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Failed password for invalid user www from 103.160.148.170 port 39200 ssh2
May  7 08:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Received disconnect from 103.160.148.170 port 39200:11: Bye Bye [preauth]
May  7 08:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Disconnected from 103.160.148.170 port 39200 [preauth]
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session closed for user p13x
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6016]: Successful su for rubyman by root
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6016]: + ??? root:rubyman
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345672 of user rubyman.
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6016]: pam_unix(su:session): session closed for user rubyman
May  7 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345672.
May  7 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2873]: pam_unix(cron:session): session closed for user root
May  7 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5947]: pam_unix(cron:session): session closed for user samftp
May  7 08:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Failed password for root from 218.92.0.179 port 48571 ssh2
May  7 08:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 48571 ssh2]
May  7 08:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Received disconnect from 218.92.0.179 port 48571:11:  [preauth]
May  7 08:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: Disconnected from 218.92.0.179 port 48571 [preauth]
May  7 08:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6256]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4766]: pam_unix(cron:session): session closed for user root
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6366]: pam_unix(cron:session): session closed for user p13x
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6428]: Successful su for rubyman by root
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6428]: + ??? root:rubyman
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345676 of user rubyman.
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6428]: pam_unix(su:session): session closed for user rubyman
May  7 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345676.
May  7 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session closed for user root
May  7 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6367]: pam_unix(cron:session): session closed for user samftp
May  7 08:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Invalid user admin from 80.94.95.241
May  7 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: input_userauth_request: invalid user admin [preauth]
May  7 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 08:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for invalid user admin from 80.94.95.241 port 59785 ssh2
May  7 08:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for invalid user admin from 80.94.95.241 port 59785 ssh2
May  7 08:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for invalid user admin from 80.94.95.241 port 59785 ssh2
May  7 08:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for invalid user admin from 80.94.95.241 port 59785 ssh2
May  7 08:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for invalid user admin from 80.94.95.241 port 59785 ssh2
May  7 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Received disconnect from 80.94.95.241 port 59785:11: Bye [preauth]
May  7 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Disconnected from 80.94.95.241 port 59785 [preauth]
May  7 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 08:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session closed for user root
May  7 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6699]: Failed password for root from 14.103.114.20 port 38678 ssh2
May  7 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6699]: Received disconnect from 14.103.114.20 port 38678:11: Bye Bye [preauth]
May  7 08:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6699]: Disconnected from 14.103.114.20 port 38678 [preauth]
May  7 08:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Invalid user bohner from 64.226.100.253
May  7 08:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: input_userauth_request: invalid user bohner [preauth]
May  7 08:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Failed password for invalid user bohner from 64.226.100.253 port 35878 ssh2
May  7 08:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6746]: Connection closed by 64.226.100.253 port 35878 [preauth]
May  7 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6792]: pam_unix(cron:session): session closed for user root
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6787]: pam_unix(cron:session): session closed for user p13x
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6856]: Successful su for rubyman by root
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6856]: + ??? root:rubyman
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345684 of user rubyman.
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6856]: pam_unix(su:session): session closed for user rubyman
May  7 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345684.
May  7 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6789]: pam_unix(cron:session): session closed for user root
May  7 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session closed for user root
May  7 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6788]: pam_unix(cron:session): session closed for user samftp
May  7 08:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7207]: Failed password for root from 218.23.170.184 port 53383 ssh2
May  7 08:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7207]: Connection closed by 218.23.170.184 port 53383 [preauth]
May  7 08:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Failed password for root from 218.23.170.184 port 56327 ssh2
May  7 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Connection closed by 218.23.170.184 port 56327 [preauth]
May  7 08:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Failed password for root from 218.23.170.184 port 40674 ssh2
May  7 08:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7223]: Connection closed by 218.23.170.184 port 40674 [preauth]
May  7 08:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: Failed password for root from 218.23.170.184 port 44546 ssh2
May  7 08:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7247]: Connection closed by 218.23.170.184 port 44546 [preauth]
May  7 08:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Failed password for root from 218.23.170.184 port 47068 ssh2
May  7 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Connection closed by 218.23.170.184 port 47068 [preauth]
May  7 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5950]: pam_unix(cron:session): session closed for user root
May  7 08:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for root from 218.23.170.184 port 49858 ssh2
May  7 08:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Connection closed by 218.23.170.184 port 49858 [preauth]
May  7 08:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Failed password for root from 218.23.170.184 port 52844 ssh2
May  7 08:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7282]: Connection closed by 218.23.170.184 port 52844 [preauth]
May  7 08:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7292]: Failed password for root from 218.23.170.184 port 55784 ssh2
May  7 08:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7292]: Connection closed by 218.23.170.184 port 55784 [preauth]
May  7 08:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Failed password for root from 218.23.170.184 port 59240 ssh2
May  7 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Connection closed by 218.23.170.184 port 59240 [preauth]
May  7 08:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for root from 218.23.170.184 port 42095 ssh2
May  7 08:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Connection closed by 218.23.170.184 port 42095 [preauth]
May  7 08:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7327]: Failed password for root from 218.23.170.184 port 45093 ssh2
May  7 08:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7327]: Connection closed by 218.23.170.184 port 45093 [preauth]
May  7 08:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Invalid user mhattawy from 164.68.105.9
May  7 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: input_userauth_request: invalid user mhattawy [preauth]
May  7 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 08:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Failed password for invalid user mhattawy from 164.68.105.9 port 36582 ssh2
May  7 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Connection closed by 164.68.105.9 port 36582 [preauth]
May  7 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: Failed password for root from 218.23.170.184 port 48053 ssh2
May  7 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7331]: Connection closed by 218.23.170.184 port 48053 [preauth]
May  7 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: Failed password for root from 218.23.170.184 port 51433 ssh2
May  7 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7341]: Connection closed by 218.23.170.184 port 51433 [preauth]
May  7 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session closed for user p13x
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Failed password for root from 218.23.170.184 port 54529 ssh2
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: Successful su for rubyman by root
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: + ??? root:rubyman
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345685 of user rubyman.
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7418]: pam_unix(su:session): session closed for user rubyman
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7343]: Connection closed by 218.23.170.184 port 54529 [preauth]
May  7 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345685.
May  7 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Failed password for root from 218.23.170.184 port 57785 ssh2
May  7 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Connection closed by 218.23.170.184 port 57785 [preauth]
May  7 08:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4171]: pam_unix(cron:session): session closed for user root
May  7 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session closed for user samftp
May  7 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Failed password for root from 218.23.170.184 port 40652 ssh2
May  7 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7684]: Connection closed by 218.23.170.184 port 40652 [preauth]
May  7 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: Invalid user username from 85.208.84.4
May  7 08:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: input_userauth_request: invalid user username [preauth]
May  7 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Failed password for root from 218.23.170.184 port 43370 ssh2
May  7 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: Failed password for invalid user username from 85.208.84.4 port 31494 ssh2
May  7 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7724]: Connection closed by 218.23.170.184 port 43370 [preauth]
May  7 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7721]: Connection closed by 85.208.84.4 port 31494 [preauth]
May  7 08:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Failed password for root from 218.23.170.184 port 46268 ssh2
May  7 08:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Connection closed by 218.23.170.184 port 46268 [preauth]
May  7 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Failed password for root from 218.23.170.184 port 48728 ssh2
May  7 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7739]: Connection closed by 218.23.170.184 port 48728 [preauth]
May  7 08:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Failed password for root from 218.23.170.184 port 51890 ssh2
May  7 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7770]: Connection closed by 218.23.170.184 port 51890 [preauth]
May  7 08:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.23.170.184  user=root
May  7 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: Failed password for root from 218.23.170.184 port 55202 ssh2
May  7 08:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: Connection closed by 218.23.170.184 port 55202 [preauth]
May  7 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6369]: pam_unix(cron:session): session closed for user root
May  7 08:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13  user=root
May  7 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Failed password for root from 103.189.208.13 port 44056 ssh2
May  7 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Received disconnect from 103.189.208.13 port 44056:11: Bye Bye [preauth]
May  7 08:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Disconnected from 103.189.208.13 port 44056 [preauth]
May  7 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7896]: pam_unix(cron:session): session closed for user p13x
May  7 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: Successful su for rubyman by root
May  7 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: + ??? root:rubyman
May  7 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345689 of user rubyman.
May  7 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7960]: pam_unix(su:session): session closed for user rubyman
May  7 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345689.
May  7 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4765]: pam_unix(cron:session): session closed for user root
May  7 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7897]: pam_unix(cron:session): session closed for user samftp
May  7 08:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Failed password for root from 14.103.114.20 port 45212 ssh2
May  7 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Received disconnect from 14.103.114.20 port 45212:11: Bye Bye [preauth]
May  7 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Disconnected from 14.103.114.20 port 45212 [preauth]
May  7 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6791]: pam_unix(cron:session): session closed for user root
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user p13x
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8386]: Successful su for rubyman by root
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8386]: + ??? root:rubyman
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345694 of user rubyman.
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8386]: pam_unix(su:session): session closed for user rubyman
May  7 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345694.
May  7 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user root
May  7 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user samftp
May  7 08:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: Invalid user dino from 103.160.148.170
May  7 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: input_userauth_request: invalid user dino [preauth]
May  7 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7357]: pam_unix(cron:session): session closed for user root
May  7 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: Failed password for invalid user dino from 103.160.148.170 port 39896 ssh2
May  7 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: Received disconnect from 103.160.148.170 port 39896:11: Bye Bye [preauth]
May  7 08:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8660]: Disconnected from 103.160.148.170 port 39896 [preauth]
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8761]: pam_unix(cron:session): session closed for user p13x
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: Successful su for rubyman by root
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: + ??? root:rubyman
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345697 of user rubyman.
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8883]: pam_unix(su:session): session closed for user rubyman
May  7 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345697.
May  7 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8759]: pam_unix(cron:session): session closed for user root
May  7 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5948]: pam_unix(cron:session): session closed for user root
May  7 08:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8762]: pam_unix(cron:session): session closed for user samftp
May  7 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Invalid user tyler from 64.23.161.151
May  7 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: input_userauth_request: invalid user tyler [preauth]
May  7 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Failed password for invalid user tyler from 64.23.161.151 port 55068 ssh2
May  7 08:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9247]: Connection closed by 64.23.161.151 port 55068 [preauth]
May  7 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session closed for user root
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9384]: pam_unix(cron:session): session closed for user root
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session closed for user p13x
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: Successful su for rubyman by root
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: + ??? root:rubyman
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345705 of user rubyman.
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9449]: pam_unix(su:session): session closed for user rubyman
May  7 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345705.
May  7 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user root
May  7 08:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6368]: pam_unix(cron:session): session closed for user root
May  7 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session closed for user samftp
May  7 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8327]: pam_unix(cron:session): session closed for user root
May  7 08:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20  user=root
May  7 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: Failed password for root from 14.103.114.20 port 44028 ssh2
May  7 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: Received disconnect from 14.103.114.20 port 44028:11: Bye Bye [preauth]
May  7 08:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9761]: Disconnected from 14.103.114.20 port 44028 [preauth]
May  7 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session closed for user p13x
May  7 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: Successful su for rubyman by root
May  7 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: + ??? root:rubyman
May  7 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345709 of user rubyman.
May  7 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9881]: pam_unix(su:session): session closed for user rubyman
May  7 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345709.
May  7 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6790]: pam_unix(cron:session): session closed for user root
May  7 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session closed for user samftp
May  7 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: Invalid user brianpm from 64.226.100.253
May  7 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: input_userauth_request: invalid user brianpm [preauth]
May  7 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: Failed password for invalid user brianpm from 64.226.100.253 port 59978 ssh2
May  7 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10126]: Connection closed by 64.226.100.253 port 59978 [preauth]
May  7 08:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8764]: pam_unix(cron:session): session closed for user root
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10237]: pam_unix(cron:session): session closed for user p13x
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: Successful su for rubyman by root
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: + ??? root:rubyman
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345714 of user rubyman.
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: pam_unix(su:session): session closed for user rubyman
May  7 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345714.
May  7 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session closed for user root
May  7 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session closed for user samftp
May  7 08:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Invalid user grid from 103.189.208.13
May  7 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: input_userauth_request: invalid user grid [preauth]
May  7 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user grid from 103.189.208.13 port 33894 ssh2
May  7 08:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Received disconnect from 103.189.208.13 port 33894:11: Bye Bye [preauth]
May  7 08:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Disconnected from 103.189.208.13 port 33894 [preauth]
May  7 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9383]: pam_unix(cron:session): session closed for user root
May  7 08:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 08:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Failed password for root from 80.94.95.125 port 26858 ssh2
May  7 08:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 26858 ssh2]
May  7 08:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Received disconnect from 80.94.95.125 port 26858:11: Bye [preauth]
May  7 08:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Disconnected from 80.94.95.125 port 26858 [preauth]
May  7 08:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 08:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10792]: pam_unix(cron:session): session closed for user p13x
May  7 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10853]: Successful su for rubyman by root
May  7 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10853]: + ??? root:rubyman
May  7 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345716 of user rubyman.
May  7 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10853]: pam_unix(su:session): session closed for user rubyman
May  7 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345716.
May  7 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session closed for user root
May  7 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10793]: pam_unix(cron:session): session closed for user samftp
May  7 08:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9815]: pam_unix(cron:session): session closed for user root
May  7 08:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Failed password for root from 218.92.0.179 port 45623 ssh2
May  7 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45623 ssh2]
May  7 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Received disconnect from 218.92.0.179 port 45623:11:  [preauth]
May  7 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Disconnected from 218.92.0.179 port 45623 [preauth]
May  7 08:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Invalid user user11 from 223.68.169.181
May  7 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: input_userauth_request: invalid user user11 [preauth]
May  7 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181
May  7 08:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Failed password for invalid user user11 from 223.68.169.181 port 60442 ssh2
May  7 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Received disconnect from 223.68.169.181 port 60442:11: Bye Bye [preauth]
May  7 08:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11155]: Disconnected from 223.68.169.181 port 60442 [preauth]
May  7 08:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Invalid user dylan from 14.103.114.20
May  7 08:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: input_userauth_request: invalid user dylan [preauth]
May  7 08:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user dylan from 14.103.114.20 port 40274 ssh2
May  7 08:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Received disconnect from 14.103.114.20 port 40274:11: Bye Bye [preauth]
May  7 08:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Disconnected from 14.103.114.20 port 40274 [preauth]
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11193]: pam_unix(cron:session): session closed for user p13x
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: Successful su for rubyman by root
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: + ??? root:rubyman
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345722 of user rubyman.
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: pam_unix(su:session): session closed for user rubyman
May  7 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345722.
May  7 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8326]: pam_unix(cron:session): session closed for user root
May  7 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11194]: pam_unix(cron:session): session closed for user samftp
May  7 08:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Invalid user user from 103.160.148.170
May  7 08:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: input_userauth_request: invalid user user [preauth]
May  7 08:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Failed password for invalid user user from 103.160.148.170 port 47974 ssh2
May  7 08:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Received disconnect from 103.160.148.170 port 47974:11: Bye Bye [preauth]
May  7 08:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11463]: Disconnected from 103.160.148.170 port 47974 [preauth]
May  7 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session closed for user root
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11597]: pam_unix(cron:session): session closed for user root
May  7 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11592]: pam_unix(cron:session): session closed for user p13x
May  7 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11658]: Successful su for rubyman by root
May  7 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11658]: + ??? root:rubyman
May  7 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345725 of user rubyman.
May  7 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11658]: pam_unix(su:session): session closed for user rubyman
May  7 08:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345725.
May  7 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11594]: pam_unix(cron:session): session closed for user root
May  7 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8763]: pam_unix(cron:session): session closed for user root
May  7 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11593]: pam_unix(cron:session): session closed for user samftp
May  7 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10795]: pam_unix(cron:session): session closed for user root
May  7 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12006]: pam_unix(cron:session): session closed for user p13x
May  7 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: Successful su for rubyman by root
May  7 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: + ??? root:rubyman
May  7 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345732 of user rubyman.
May  7 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: pam_unix(su:session): session closed for user rubyman
May  7 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345732.
May  7 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9382]: pam_unix(cron:session): session closed for user root
May  7 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12007]: pam_unix(cron:session): session closed for user samftp
May  7 08:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Failed password for root from 218.92.0.179 port 13071 ssh2
May  7 08:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 13071 ssh2]
May  7 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Received disconnect from 218.92.0.179 port 13071:11:  [preauth]
May  7 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: Disconnected from 218.92.0.179 port 13071 [preauth]
May  7 08:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12260]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user root
May  7 08:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Invalid user temp from 14.103.114.20
May  7 08:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: input_userauth_request: invalid user temp [preauth]
May  7 08:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12424]: pam_unix(cron:session): session closed for user p13x
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: Successful su for rubyman by root
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: + ??? root:rubyman
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345734 of user rubyman.
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12483]: pam_unix(su:session): session closed for user rubyman
May  7 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345734.
May  7 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Failed password for invalid user temp from 14.103.114.20 port 46788 ssh2
May  7 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Received disconnect from 14.103.114.20 port 46788:11: Bye Bye [preauth]
May  7 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Disconnected from 14.103.114.20 port 46788 [preauth]
May  7 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9814]: pam_unix(cron:session): session closed for user root
May  7 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12425]: pam_unix(cron:session): session closed for user samftp
May  7 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Invalid user aaron from 64.23.161.151
May  7 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: input_userauth_request: invalid user aaron [preauth]
May  7 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Failed password for invalid user aaron from 64.23.161.151 port 35064 ssh2
May  7 08:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Connection closed by 64.23.161.151 port 35064 [preauth]
May  7 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11596]: pam_unix(cron:session): session closed for user root
May  7 08:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Invalid user taba from 103.189.208.13
May  7 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: input_userauth_request: invalid user taba [preauth]
May  7 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Failed password for invalid user taba from 103.189.208.13 port 48298 ssh2
May  7 08:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Received disconnect from 103.189.208.13 port 48298:11: Bye Bye [preauth]
May  7 08:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Disconnected from 103.189.208.13 port 48298 [preauth]
May  7 08:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12813]: pam_unix(cron:session): session closed for user p13x
May  7 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12872]: Successful su for rubyman by root
May  7 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12872]: + ??? root:rubyman
May  7 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345738 of user rubyman.
May  7 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12872]: pam_unix(su:session): session closed for user rubyman
May  7 08:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345738.
May  7 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Failed password for root from 46.244.96.25 port 45338 ssh2
May  7 08:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12809]: Connection closed by 46.244.96.25 port 45338 [preauth]
May  7 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10299]: pam_unix(cron:session): session closed for user root
May  7 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12814]: pam_unix(cron:session): session closed for user samftp
May  7 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Invalid user guest from 194.0.234.19
May  7 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: input_userauth_request: invalid user guest [preauth]
May  7 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 08:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Failed password for invalid user guest from 194.0.234.19 port 51636 ssh2
May  7 08:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13053]: Connection closed by 194.0.234.19 port 51636 [preauth]
May  7 08:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Invalid user brownad from 64.226.100.253
May  7 08:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: input_userauth_request: invalid user brownad [preauth]
May  7 08:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Failed password for invalid user brownad from 64.226.100.253 port 50714 ssh2
May  7 08:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13071]: Connection closed by 64.226.100.253 port 50714 [preauth]
May  7 08:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Invalid user intell from 161.35.52.212
May  7 08:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: input_userauth_request: invalid user intell [preauth]
May  7 08:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Failed password for invalid user intell from 161.35.52.212 port 37656 ssh2
May  7 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Received disconnect from 161.35.52.212 port 37656:11: Bye Bye [preauth]
May  7 08:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13122]: Disconnected from 161.35.52.212 port 37656 [preauth]
May  7 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session closed for user root
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session closed for user p13x
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: Successful su for rubyman by root
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: + ??? root:rubyman
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345743 of user rubyman.
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13270]: pam_unix(su:session): session closed for user rubyman
May  7 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345743.
May  7 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10794]: pam_unix(cron:session): session closed for user root
May  7 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user samftp
May  7 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session closed for user root
May  7 08:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Invalid user pon from 14.103.114.20
May  7 08:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: input_userauth_request: invalid user pon [preauth]
May  7 08:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Invalid user sabina from 103.160.148.170
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: input_userauth_request: invalid user sabina [preauth]
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Failed password for invalid user pon from 14.103.114.20 port 37682 ssh2
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Received disconnect from 14.103.114.20 port 37682:11: Bye Bye [preauth]
May  7 08:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Disconnected from 14.103.114.20 port 37682 [preauth]
May  7 08:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Failed password for invalid user sabina from 103.160.148.170 port 40238 ssh2
May  7 08:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Received disconnect from 103.160.148.170 port 40238:11: Bye Bye [preauth]
May  7 08:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13703]: Disconnected from 103.160.148.170 port 40238 [preauth]
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user root
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13715]: pam_unix(cron:session): session closed for user p13x
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13797]: Successful su for rubyman by root
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13797]: + ??? root:rubyman
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345750 of user rubyman.
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13797]: pam_unix(su:session): session closed for user rubyman
May  7 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345750.
May  7 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13717]: pam_unix(cron:session): session closed for user root
May  7 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11195]: pam_unix(cron:session): session closed for user root
May  7 08:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13716]: pam_unix(cron:session): session closed for user samftp
May  7 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session closed for user root
May  7 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14153]: pam_unix(cron:session): session closed for user p13x
May  7 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: Successful su for rubyman by root
May  7 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: + ??? root:rubyman
May  7 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345754 of user rubyman.
May  7 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14222]: pam_unix(su:session): session closed for user rubyman
May  7 08:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345754.
May  7 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11595]: pam_unix(cron:session): session closed for user root
May  7 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14154]: pam_unix(cron:session): session closed for user samftp
May  7 08:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user root
May  7 08:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 08:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.22.151.137
May  7 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14570]: pam_unix(cron:session): session closed for user p13x
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14640]: Successful su for rubyman by root
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14640]: + ??? root:rubyman
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345756 of user rubyman.
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14640]: pam_unix(su:session): session closed for user rubyman
May  7 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345756.
May  7 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12008]: pam_unix(cron:session): session closed for user root
May  7 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14571]: pam_unix(cron:session): session closed for user samftp
May  7 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13720]: pam_unix(cron:session): session closed for user root
May  7 08:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Invalid user sharath from 14.103.114.20
May  7 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: input_userauth_request: invalid user sharath [preauth]
May  7 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.20
May  7 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Failed password for invalid user sharath from 14.103.114.20 port 34226 ssh2
May  7 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Received disconnect from 14.103.114.20 port 34226:11: Bye Bye [preauth]
May  7 08:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14923]: Disconnected from 14.103.114.20 port 34226 [preauth]
May  7 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14987]: pam_unix(cron:session): session closed for user p13x
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: Successful su for rubyman by root
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: + ??? root:rubyman
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345760 of user rubyman.
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15050]: pam_unix(su:session): session closed for user rubyman
May  7 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345760.
May  7 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user root
May  7 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14988]: pam_unix(cron:session): session closed for user samftp
May  7 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13  user=root
May  7 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14156]: pam_unix(cron:session): session closed for user root
May  7 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Failed password for root from 103.189.208.13 port 56078 ssh2
May  7 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Received disconnect from 103.189.208.13 port 56078:11: Bye Bye [preauth]
May  7 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15295]: Disconnected from 103.189.208.13 port 56078 [preauth]
May  7 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15385]: pam_unix(cron:session): session closed for user p13x
May  7 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: Successful su for rubyman by root
May  7 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: + ??? root:rubyman
May  7 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345765 of user rubyman.
May  7 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15444]: pam_unix(su:session): session closed for user rubyman
May  7 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345765.
May  7 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12815]: pam_unix(cron:session): session closed for user root
May  7 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15386]: pam_unix(cron:session): session closed for user samftp
May  7 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14574]: pam_unix(cron:session): session closed for user root
May  7 08:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: Failed password for root from 218.92.0.179 port 33601 ssh2
May  7 08:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 33601 ssh2]
May  7 08:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: Received disconnect from 218.92.0.179 port 33601:11:  [preauth]
May  7 08:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: Disconnected from 218.92.0.179 port 33601 [preauth]
May  7 08:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15715]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Invalid user catchruk from 64.226.100.253
May  7 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: input_userauth_request: invalid user catchruk [preauth]
May  7 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 08:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Failed password for invalid user catchruk from 64.226.100.253 port 52316 ssh2
May  7 08:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Connection closed by 64.226.100.253 port 52316 [preauth]
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user root
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15779]: pam_unix(cron:session): session closed for user p13x
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: Successful su for rubyman by root
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: + ??? root:rubyman
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345770 of user rubyman.
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15847]: pam_unix(su:session): session closed for user rubyman
May  7 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345770.
May  7 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15781]: pam_unix(cron:session): session closed for user root
May  7 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user root
May  7 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Invalid user adlt from 64.23.161.151
May  7 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: input_userauth_request: invalid user adlt [preauth]
May  7 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 08:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15780]: pam_unix(cron:session): session closed for user samftp
May  7 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Failed password for invalid user adlt from 64.23.161.151 port 40866 ssh2
May  7 08:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Connection closed by 64.23.161.151 port 40866 [preauth]
May  7 08:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Invalid user rocky from 161.35.52.212
May  7 08:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: input_userauth_request: invalid user rocky [preauth]
May  7 08:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 08:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Failed password for invalid user rocky from 161.35.52.212 port 49036 ssh2
May  7 08:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Received disconnect from 161.35.52.212 port 49036:11: Bye Bye [preauth]
May  7 08:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16103]: Disconnected from 161.35.52.212 port 49036 [preauth]
May  7 08:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Invalid user maurice from 103.160.148.170
May  7 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: input_userauth_request: invalid user maurice [preauth]
May  7 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 08:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Failed password for invalid user maurice from 103.160.148.170 port 35110 ssh2
May  7 08:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Received disconnect from 103.160.148.170 port 35110:11: Bye Bye [preauth]
May  7 08:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16113]: Disconnected from 103.160.148.170 port 35110 [preauth]
May  7 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14990]: pam_unix(cron:session): session closed for user root
May  7 08:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Failed password for root from 218.92.0.179 port 37450 ssh2
May  7 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37450 ssh2]
May  7 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Received disconnect from 218.92.0.179 port 37450:11:  [preauth]
May  7 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Disconnected from 218.92.0.179 port 37450 [preauth]
May  7 08:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16201]: pam_unix(cron:session): session closed for user p13x
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: Successful su for rubyman by root
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: + ??? root:rubyman
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345775 of user rubyman.
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16266]: pam_unix(su:session): session closed for user rubyman
May  7 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345775.
May  7 08:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session closed for user root
May  7 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session closed for user samftp
May  7 08:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: Invalid user milad from 223.68.169.181
May  7 08:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: input_userauth_request: invalid user milad [preauth]
May  7 08:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.181
May  7 08:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: Failed password for invalid user milad from 223.68.169.181 port 33082 ssh2
May  7 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: Received disconnect from 223.68.169.181 port 33082:11: Bye Bye [preauth]
May  7 08:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16510]: Disconnected from 223.68.169.181 port 33082 [preauth]
May  7 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15388]: pam_unix(cron:session): session closed for user root
May  7 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16657]: pam_unix(cron:session): session closed for user p13x
May  7 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: Successful su for rubyman by root
May  7 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: + ??? root:rubyman
May  7 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345779 of user rubyman.
May  7 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16718]: pam_unix(su:session): session closed for user rubyman
May  7 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345779.
May  7 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14155]: pam_unix(cron:session): session closed for user root
May  7 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user samftp
May  7 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Invalid user admin from 80.94.95.115
May  7 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: input_userauth_request: invalid user admin [preauth]
May  7 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Failed password for invalid user admin from 80.94.95.115 port 16754 ssh2
May  7 08:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16920]: Connection closed by 80.94.95.115 port 16754 [preauth]
May  7 08:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user root
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17082]: pam_unix(cron:session): session closed for user p13x
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: Successful su for rubyman by root
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: + ??? root:rubyman
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345783 of user rubyman.
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17145]: pam_unix(su:session): session closed for user rubyman
May  7 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345783.
May  7 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14572]: pam_unix(cron:session): session closed for user root
May  7 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17083]: pam_unix(cron:session): session closed for user samftp
May  7 08:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Invalid user admin from 80.94.95.112
May  7 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: input_userauth_request: invalid user admin [preauth]
May  7 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user admin from 80.94.95.112 port 64492 ssh2
May  7 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user admin from 80.94.95.112 port 64492 ssh2
May  7 08:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user admin from 80.94.95.112 port 64492 ssh2
May  7 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user admin from 80.94.95.112 port 64492 ssh2
May  7 08:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user admin from 80.94.95.112 port 64492 ssh2
May  7 08:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Received disconnect from 80.94.95.112 port 64492:11: Bye [preauth]
May  7 08:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Disconnected from 80.94.95.112 port 64492 [preauth]
May  7 08:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 08:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session closed for user root
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17489]: pam_unix(cron:session): session closed for user p13x
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: Successful su for rubyman by root
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: + ??? root:rubyman
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345789 of user rubyman.
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17562]: pam_unix(su:session): session closed for user rubyman
May  7 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345789.
May  7 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14989]: pam_unix(cron:session): session closed for user root
May  7 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17490]: pam_unix(cron:session): session closed for user samftp
May  7 08:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: Invalid user ay from 103.189.208.13
May  7 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: input_userauth_request: invalid user ay [preauth]
May  7 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: Failed password for invalid user ay from 103.189.208.13 port 42144 ssh2
May  7 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: Received disconnect from 103.189.208.13 port 42144:11: Bye Bye [preauth]
May  7 08:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17760]: Disconnected from 103.189.208.13 port 42144 [preauth]
May  7 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session closed for user root
May  7 08:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Invalid user linh from 161.35.52.212
May  7 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: input_userauth_request: invalid user linh [preauth]
May  7 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): check pass; user unknown
May  7 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Failed password for invalid user linh from 161.35.52.212 port 58462 ssh2
May  7 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Received disconnect from 161.35.52.212 port 58462:11: Bye Bye [preauth]
May  7 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18009]: Disconnected from 161.35.52.212 port 58462 [preauth]
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18026]: pam_unix(cron:session): session closed for user root
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18032]: pam_unix(cron:session): session closed for user root
May  7 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18024]: pam_unix(cron:session): session closed for user p13x
May  7 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18130]: Successful su for rubyman by root
May  7 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18130]: + ??? root:rubyman
May  7 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345795 of user rubyman.
May  7 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18130]: pam_unix(su:session): session closed for user rubyman
May  7 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345795.
May  7 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15387]: pam_unix(cron:session): session closed for user root
May  7 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18027]: pam_unix(cron:session): session closed for user root
May  7 09:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18025]: pam_unix(cron:session): session closed for user samftp
May  7 09:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18011]: Connection closed by 167.94.146.51 port 43248 [preauth]
May  7 09:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Invalid user q from 195.178.110.50
May  7 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: input_userauth_request: invalid user q [preauth]
May  7 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session closed for user root
May  7 09:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Failed password for invalid user q from 195.178.110.50 port 32846 ssh2
May  7 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18385]: Connection closed by 195.178.110.50 port 32846 [preauth]
May  7 09:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Invalid user ~ from 195.178.110.50
May  7 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: input_userauth_request: invalid user ~ [preauth]
May  7 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Failed password for invalid user ~ from 195.178.110.50 port 26032 ssh2
May  7 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18486]: Connection closed by 195.178.110.50 port 26032 [preauth]
May  7 09:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18546]: pam_unix(cron:session): session closed for user p13x
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18614]: Successful su for rubyman by root
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18614]: + ??? root:rubyman
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345799 of user rubyman.
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18614]: pam_unix(su:session): session closed for user rubyman
May  7 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345799.
May  7 09:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15783]: pam_unix(cron:session): session closed for user root
May  7 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18547]: pam_unix(cron:session): session closed for user samftp
May  7 09:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Invalid user - from 195.178.110.50
May  7 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: input_userauth_request: invalid user - [preauth]
May  7 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: pam_unix(sshd:auth): bad username [-]
May  7 09:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Failed password for invalid user - from 195.178.110.50 port 24784 ssh2
May  7 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for root from 218.92.0.179 port 44267 ssh2
May  7 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18534]: Connection closed by 195.178.110.50 port 24784 [preauth]
May  7 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for root from 218.92.0.179 port 44267 ssh2
May  7 09:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Invalid user xue from 103.160.148.170
May  7 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: input_userauth_request: invalid user xue [preauth]
May  7 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for root from 218.92.0.179 port 44267 ssh2
May  7 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Received disconnect from 218.92.0.179 port 44267:11:  [preauth]
May  7 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Disconnected from 218.92.0.179 port 44267 [preauth]
May  7 09:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Failed password for invalid user xue from 103.160.148.170 port 50028 ssh2
May  7 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Received disconnect from 103.160.148.170 port 50028:11: Bye Bye [preauth]
May  7 09:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Disconnected from 103.160.148.170 port 50028 [preauth]
May  7 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Invalid user  from 195.178.110.50
May  7 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: input_userauth_request: invalid user  [preauth]
May  7 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Failed password for invalid user  from 195.178.110.50 port 22912 ssh2
May  7 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18820]: Connection closed by 195.178.110.50 port 22912 [preauth]
May  7 09:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session closed for user root
May  7 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: Invalid user catchruk from 64.226.100.253
May  7 09:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: input_userauth_request: invalid user catchruk [preauth]
May  7 09:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.226.100.253
May  7 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: Failed password for invalid user catchruk from 64.226.100.253 port 59400 ssh2
May  7 09:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18906]: Connection closed by 64.226.100.253 port 59400 [preauth]
May  7 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Invalid user G from 195.178.110.50
May  7 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: input_userauth_request: invalid user G [preauth]
May  7 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Failed password for invalid user G from 195.178.110.50 port 64786 ssh2
May  7 09:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18885]: Connection closed by 195.178.110.50 port 64786 [preauth]
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session closed for user p13x
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: Successful su for rubyman by root
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: + ??? root:rubyman
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345804 of user rubyman.
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19026]: pam_unix(su:session): session closed for user rubyman
May  7 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345804.
May  7 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session closed for user root
May  7 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session closed for user samftp
May  7 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18031]: pam_unix(cron:session): session closed for user root
May  7 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Invalid user alex from 64.23.161.151
May  7 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: input_userauth_request: invalid user alex [preauth]
May  7 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Failed password for invalid user alex from 64.23.161.151 port 48628 ssh2
May  7 09:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19363]: Connection closed by 64.23.161.151 port 48628 [preauth]
May  7 09:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Did not receive identification string from 64.23.184.246
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19375]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19375]: pam_unix(cron:session): session closed for user p13x
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19436]: Successful su for rubyman by root
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19436]: + ??? root:rubyman
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345805 of user rubyman.
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19436]: pam_unix(su:session): session closed for user rubyman
May  7 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345805.
May  7 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user root
May  7 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session closed for user samftp
May  7 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18549]: pam_unix(cron:session): session closed for user root
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19787]: pam_unix(cron:session): session closed for user p13x
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: Successful su for rubyman by root
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: + ??? root:rubyman
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345810 of user rubyman.
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19856]: pam_unix(su:session): session closed for user rubyman
May  7 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345810.
May  7 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session closed for user root
May  7 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user samftp
May  7 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Invalid user bacon from 161.35.52.212
May  7 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: input_userauth_request: invalid user bacon [preauth]
May  7 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Failed password for invalid user bacon from 161.35.52.212 port 51844 ssh2
May  7 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Received disconnect from 161.35.52.212 port 51844:11: Bye Bye [preauth]
May  7 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Disconnected from 161.35.52.212 port 51844 [preauth]
May  7 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session closed for user root
May  7 09:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: Invalid user user from 103.189.208.13
May  7 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: input_userauth_request: invalid user user [preauth]
May  7 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 09:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: Failed password for invalid user user from 103.189.208.13 port 43876 ssh2
May  7 09:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: Received disconnect from 103.189.208.13 port 43876:11: Bye Bye [preauth]
May  7 09:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20166]: Disconnected from 103.189.208.13 port 43876 [preauth]
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20208]: pam_unix(cron:session): session closed for user root
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20202]: pam_unix(cron:session): session closed for user p13x
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: Successful su for rubyman by root
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: + ??? root:rubyman
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345814 of user rubyman.
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20270]: pam_unix(su:session): session closed for user rubyman
May  7 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345814.
May  7 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20205]: pam_unix(cron:session): session closed for user root
May  7 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17492]: pam_unix(cron:session): session closed for user root
May  7 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20203]: pam_unix(cron:session): session closed for user samftp
May  7 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19378]: pam_unix(cron:session): session closed for user root
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20626]: pam_unix(cron:session): session closed for user p13x
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: Successful su for rubyman by root
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: + ??? root:rubyman
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345820 of user rubyman.
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: pam_unix(su:session): session closed for user rubyman
May  7 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345820.
May  7 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18028]: pam_unix(cron:session): session closed for user root
May  7 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20627]: pam_unix(cron:session): session closed for user samftp
May  7 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session closed for user root
May  7 09:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user p13x
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: Successful su for rubyman by root
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: + ??? root:rubyman
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345824 of user rubyman.
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21110]: pam_unix(su:session): session closed for user rubyman
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345824.
May  7 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: Failed password for root from 103.160.148.170 port 37516 ssh2
May  7 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: Received disconnect from 103.160.148.170 port 37516:11: Bye Bye [preauth]
May  7 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21042]: Disconnected from 103.160.148.170 port 37516 [preauth]
May  7 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18548]: pam_unix(cron:session): session closed for user root
May  7 09:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user samftp
May  7 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20207]: pam_unix(cron:session): session closed for user root
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21495]: pam_unix(cron:session): session closed for user p13x
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: Successful su for rubyman by root
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: + ??? root:rubyman
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345828 of user rubyman.
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21562]: pam_unix(su:session): session closed for user rubyman
May  7 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345828.
May  7 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session closed for user root
May  7 09:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session closed for user samftp
May  7 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20630]: pam_unix(cron:session): session closed for user root
May  7 09:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Invalid user ircd from 161.35.52.212
May  7 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: input_userauth_request: invalid user ircd [preauth]
May  7 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Failed password for invalid user ircd from 161.35.52.212 port 35600 ssh2
May  7 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Received disconnect from 161.35.52.212 port 35600:11: Bye Bye [preauth]
May  7 09:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22164]: Disconnected from 161.35.52.212 port 35600 [preauth]
May  7 09:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Invalid user admin from 80.94.95.241
May  7 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: input_userauth_request: invalid user admin [preauth]
May  7 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22227]: pam_unix(cron:session): session closed for user p13x
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22375]: Successful su for rubyman by root
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22375]: + ??? root:rubyman
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345833 of user rubyman.
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22375]: pam_unix(su:session): session closed for user rubyman
May  7 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345833.
May  7 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user admin from 80.94.95.241 port 19913 ssh2
May  7 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22222]: pam_unix(cron:session): session closed for user root
May  7 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19377]: pam_unix(cron:session): session closed for user root
May  7 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user admin from 80.94.95.241 port 19913 ssh2
May  7 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22228]: pam_unix(cron:session): session closed for user samftp
May  7 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user admin from 80.94.95.241 port 19913 ssh2
May  7 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user admin from 80.94.95.241 port 19913 ssh2
May  7 09:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user admin from 80.94.95.241 port 19913 ssh2
May  7 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Received disconnect from 80.94.95.241 port 19913:11: Bye [preauth]
May  7 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Disconnected from 80.94.95.241 port 19913 [preauth]
May  7 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 09:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21048]: pam_unix(cron:session): session closed for user root
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session closed for user root
May  7 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22790]: pam_unix(cron:session): session closed for user p13x
May  7 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22871]: Successful su for rubyman by root
May  7 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22871]: + ??? root:rubyman
May  7 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345837 of user rubyman.
May  7 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22871]: pam_unix(su:session): session closed for user rubyman
May  7 09:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345837.
May  7 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22792]: pam_unix(cron:session): session closed for user root
May  7 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session closed for user root
May  7 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22791]: pam_unix(cron:session): session closed for user samftp
May  7 09:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Invalid user fmanager from 103.189.208.13
May  7 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: input_userauth_request: invalid user fmanager [preauth]
May  7 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Failed password for invalid user fmanager from 103.189.208.13 port 48472 ssh2
May  7 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Received disconnect from 103.189.208.13 port 48472:11: Bye Bye [preauth]
May  7 09:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Disconnected from 103.189.208.13 port 48472 [preauth]
May  7 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Invalid user 12345 from 85.208.84.5
May  7 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: input_userauth_request: invalid user 12345 [preauth]
May  7 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 09:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Failed password for invalid user 12345 from 85.208.84.5 port 19784 ssh2
May  7 09:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23157]: Connection closed by 85.208.84.5 port 19784 [preauth]
May  7 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user root
May  7 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Invalid user allecia from 64.23.161.151
May  7 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: input_userauth_request: invalid user allecia [preauth]
May  7 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Failed password for invalid user allecia from 64.23.161.151 port 36088 ssh2
May  7 09:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: Connection closed by 64.23.161.151 port 36088 [preauth]
May  7 09:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23282]: pam_unix(cron:session): session closed for user p13x
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23443]: Successful su for rubyman by root
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23443]: + ??? root:rubyman
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345844 of user rubyman.
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23443]: pam_unix(su:session): session closed for user rubyman
May  7 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345844.
May  7 09:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for root from 218.92.0.220 port 42836 ssh2
May  7 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20206]: pam_unix(cron:session): session closed for user root
May  7 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23283]: pam_unix(cron:session): session closed for user samftp
May  7 09:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for root from 218.92.0.220 port 42836 ssh2
May  7 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Failed password for root from 218.92.0.220 port 42836 ssh2
May  7 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Received disconnect from 218.92.0.220 port 42836:11:  [preauth]
May  7 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: Disconnected from 218.92.0.220 port 42836 [preauth]
May  7 09:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23280]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22231]: pam_unix(cron:session): session closed for user root
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23882]: pam_unix(cron:session): session closed for user p13x
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: Successful su for rubyman by root
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: + ??? root:rubyman
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345846 of user rubyman.
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23961]: pam_unix(su:session): session closed for user rubyman
May  7 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345846.
May  7 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20628]: pam_unix(cron:session): session closed for user root
May  7 09:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  7 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23884]: pam_unix(cron:session): session closed for user samftp
May  7 09:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24119]: Failed password for root from 218.92.0.230 port 11642 ssh2
May  7 09:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24192]: Did not receive identification string from 152.42.140.238
May  7 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session closed for user root
May  7 09:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Invalid user tob from 103.160.148.170
May  7 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: input_userauth_request: invalid user tob [preauth]
May  7 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Failed password for invalid user tob from 103.160.148.170 port 46902 ssh2
May  7 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Received disconnect from 103.160.148.170 port 46902:11: Bye Bye [preauth]
May  7 09:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24299]: Disconnected from 103.160.148.170 port 46902 [preauth]
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session closed for user p13x
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: Successful su for rubyman by root
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: + ??? root:rubyman
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345851 of user rubyman.
May  7 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24397]: pam_unix(su:session): session closed for user rubyman
May  7 09:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345851.
May  7 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21047]: pam_unix(cron:session): session closed for user root
May  7 09:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24333]: pam_unix(cron:session): session closed for user samftp
May  7 09:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Invalid user user8 from 161.35.52.212
May  7 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: input_userauth_request: invalid user user8 [preauth]
May  7 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Failed password for invalid user user8 from 161.35.52.212 port 52776 ssh2
May  7 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Received disconnect from 161.35.52.212 port 52776:11: Bye Bye [preauth]
May  7 09:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Disconnected from 161.35.52.212 port 52776 [preauth]
May  7 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user root
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24757]: pam_unix(cron:session): session closed for user p13x
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24819]: Successful su for rubyman by root
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24819]: + ??? root:rubyman
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24819]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345854 of user rubyman.
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24819]: pam_unix(su:session): session closed for user rubyman
May  7 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345854.
May  7 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user root
May  7 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24758]: pam_unix(cron:session): session closed for user samftp
May  7 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session closed for user root
May  7 09:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 09:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: Failed password for root from 218.92.0.228 port 59744 ssh2
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 59744 ssh2]
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: Received disconnect from 218.92.0.228 port 59744:11:  [preauth]
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: Disconnected from 218.92.0.228 port 59744 [preauth]
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25155]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25172]: pam_unix(cron:session): session closed for user root
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25166]: pam_unix(cron:session): session closed for user p13x
May  7 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: Successful su for rubyman by root
May  7 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: + ??? root:rubyman
May  7 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345859 of user rubyman.
May  7 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25242]: pam_unix(su:session): session closed for user rubyman
May  7 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345859.
May  7 09:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25169]: pam_unix(cron:session): session closed for user root
May  7 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22230]: pam_unix(cron:session): session closed for user root
May  7 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Failed password for root from 218.92.0.228 port 59752 ssh2
May  7 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Failed password for root from 218.92.0.228 port 59752 ssh2
May  7 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25167]: pam_unix(cron:session): session closed for user samftp
May  7 09:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Failed password for root from 218.92.0.228 port 59752 ssh2
May  7 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Received disconnect from 218.92.0.228 port 59752:11:  [preauth]
May  7 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: Disconnected from 218.92.0.228 port 59752 [preauth]
May  7 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25185]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 09:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 09:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Failed password for root from 218.92.0.228 port 52066 ssh2
May  7 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 52066 ssh2]
May  7 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Received disconnect from 218.92.0.228 port 52066:11:  [preauth]
May  7 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: Disconnected from 218.92.0.228 port 52066 [preauth]
May  7 09:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25467]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session closed for user root
May  7 09:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Failed password for root from 218.92.0.179 port 37227 ssh2
May  7 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37227 ssh2]
May  7 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Received disconnect from 218.92.0.179 port 37227:11:  [preauth]
May  7 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Disconnected from 218.92.0.179 port 37227 [preauth]
May  7 09:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Invalid user sofia from 103.189.208.13
May  7 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: input_userauth_request: invalid user sofia [preauth]
May  7 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 09:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Failed password for invalid user sofia from 103.189.208.13 port 40794 ssh2
May  7 09:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Received disconnect from 103.189.208.13 port 40794:11: Bye Bye [preauth]
May  7 09:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25611]: Disconnected from 103.189.208.13 port 40794 [preauth]
May  7 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25647]: pam_unix(cron:session): session closed for user p13x
May  7 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25750]: Successful su for rubyman by root
May  7 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25750]: + ??? root:rubyman
May  7 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345864 of user rubyman.
May  7 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25750]: pam_unix(su:session): session closed for user rubyman
May  7 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345864.
May  7 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session closed for user root
May  7 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25648]: pam_unix(cron:session): session closed for user samftp
May  7 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24761]: pam_unix(cron:session): session closed for user root
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user root
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user p13x
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: Successful su for rubyman by root
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: + ??? root:rubyman
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345870 of user rubyman.
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26187]: pam_unix(su:session): session closed for user rubyman
May  7 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345870.
May  7 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23284]: pam_unix(cron:session): session closed for user root
May  7 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26125]: pam_unix(cron:session): session closed for user samftp
May  7 09:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Invalid user cisco from 152.42.140.238
May  7 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: input_userauth_request: invalid user cisco [preauth]
May  7 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.140.238
May  7 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25171]: pam_unix(cron:session): session closed for user root
May  7 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Failed password for invalid user cisco from 152.42.140.238 port 53874 ssh2
May  7 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26449]: Connection closed by 152.42.140.238 port 53874 [preauth]
May  7 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Invalid user asta from 161.35.52.212
May  7 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: input_userauth_request: invalid user asta [preauth]
May  7 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Failed password for invalid user asta from 161.35.52.212 port 35380 ssh2
May  7 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Received disconnect from 161.35.52.212 port 35380:11: Bye Bye [preauth]
May  7 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26582]: Disconnected from 161.35.52.212 port 35380 [preauth]
May  7 09:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 09:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: Failed password for root from 80.94.95.125 port 51436 ssh2
May  7 09:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 51436 ssh2]
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26606]: pam_unix(cron:session): session closed for user p13x
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: Failed password for root from 80.94.95.125 port 51436 ssh2
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26669]: Successful su for rubyman by root
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26669]: + ??? root:rubyman
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345875 of user rubyman.
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26669]: pam_unix(su:session): session closed for user rubyman
May  7 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345875.
May  7 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: Failed password for root from 80.94.95.125 port 51436 ssh2
May  7 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: Received disconnect from 80.94.95.125 port 51436:11: Bye [preauth]
May  7 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: Disconnected from 80.94.95.125 port 51436 [preauth]
May  7 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 09:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26586]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session closed for user root
May  7 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26607]: pam_unix(cron:session): session closed for user samftp
May  7 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 09:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Failed password for root from 103.160.148.170 port 46070 ssh2
May  7 09:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Received disconnect from 103.160.148.170 port 46070:11: Bye Bye [preauth]
May  7 09:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Disconnected from 103.160.148.170 port 46070 [preauth]
May  7 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session closed for user root
May  7 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Invalid user david from 64.23.161.151
May  7 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: input_userauth_request: invalid user david [preauth]
May  7 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Failed password for invalid user david from 64.23.161.151 port 53382 ssh2
May  7 09:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Connection closed by 64.23.161.151 port 53382 [preauth]
May  7 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27073]: pam_unix(cron:session): session closed for user p13x
May  7 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: Successful su for rubyman by root
May  7 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: + ??? root:rubyman
May  7 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345877 of user rubyman.
May  7 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27152]: pam_unix(su:session): session closed for user rubyman
May  7 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345877.
May  7 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session closed for user root
May  7 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27084]: pam_unix(cron:session): session closed for user samftp
May  7 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user root
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27563]: pam_unix(cron:session): session closed for user root
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27558]: pam_unix(cron:session): session closed for user p13x
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: Successful su for rubyman by root
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: + ??? root:rubyman
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345883 of user rubyman.
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: pam_unix(su:session): session closed for user rubyman
May  7 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345883.
May  7 09:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27560]: pam_unix(cron:session): session closed for user root
May  7 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24759]: pam_unix(cron:session): session closed for user root
May  7 09:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27559]: pam_unix(cron:session): session closed for user samftp
May  7 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26610]: pam_unix(cron:session): session closed for user root
May  7 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27999]: pam_unix(cron:session): session closed for user p13x
May  7 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: Successful su for rubyman by root
May  7 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: + ??? root:rubyman
May  7 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345889 of user rubyman.
May  7 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28069]: pam_unix(su:session): session closed for user rubyman
May  7 09:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345889.
May  7 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25170]: pam_unix(cron:session): session closed for user root
May  7 09:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28000]: pam_unix(cron:session): session closed for user samftp
May  7 09:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Invalid user srv from 103.189.208.13
May  7 09:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: input_userauth_request: invalid user srv [preauth]
May  7 09:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.189.208.13
May  7 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Failed password for invalid user srv from 103.189.208.13 port 49226 ssh2
May  7 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Received disconnect from 103.189.208.13 port 49226:11: Bye Bye [preauth]
May  7 09:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28312]: Disconnected from 103.189.208.13 port 49226 [preauth]
May  7 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27086]: pam_unix(cron:session): session closed for user root
May  7 09:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16  user=root
May  7 09:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Failed password for root from 194.0.234.16 port 21384 ssh2
May  7 09:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28399]: Connection closed by 194.0.234.16 port 21384 [preauth]
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28411]: pam_unix(cron:session): session closed for user p13x
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28473]: Successful su for rubyman by root
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28473]: + ??? root:rubyman
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345891 of user rubyman.
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28473]: pam_unix(su:session): session closed for user rubyman
May  7 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345891.
May  7 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25649]: pam_unix(cron:session): session closed for user root
May  7 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28412]: pam_unix(cron:session): session closed for user samftp
May  7 09:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: Invalid user adv from 161.35.52.212
May  7 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: input_userauth_request: invalid user adv [preauth]
May  7 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: Failed password for invalid user adv from 161.35.52.212 port 43222 ssh2
May  7 09:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: Received disconnect from 161.35.52.212 port 43222:11: Bye Bye [preauth]
May  7 09:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28667]: Disconnected from 161.35.52.212 port 43222 [preauth]
May  7 09:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27562]: pam_unix(cron:session): session closed for user root
May  7 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session closed for user p13x
May  7 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28878]: Successful su for rubyman by root
May  7 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28878]: + ??? root:rubyman
May  7 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28878]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345897 of user rubyman.
May  7 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28878]: pam_unix(su:session): session closed for user rubyman
May  7 09:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345897.
May  7 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26126]: pam_unix(cron:session): session closed for user root
May  7 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session closed for user samftp
May  7 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28003]: pam_unix(cron:session): session closed for user root
May  7 09:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Invalid user cisco from 152.42.140.238
May  7 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: input_userauth_request: invalid user cisco [preauth]
May  7 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.140.238
May  7 09:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Failed password for invalid user cisco from 152.42.140.238 port 51222 ssh2
May  7 09:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29290]: Connection closed by 152.42.140.238 port 51222 [preauth]
May  7 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29320]: pam_unix(cron:session): session closed for user p13x
May  7 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: Successful su for rubyman by root
May  7 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: + ??? root:rubyman
May  7 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345900 of user rubyman.
May  7 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: pam_unix(su:session): session closed for user rubyman
May  7 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345900.
May  7 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session closed for user root
May  7 09:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: Invalid user smbuser from 103.160.148.170
May  7 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: input_userauth_request: invalid user smbuser [preauth]
May  7 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 09:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29321]: pam_unix(cron:session): session closed for user samftp
May  7 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: Failed password for invalid user smbuser from 103.160.148.170 port 43570 ssh2
May  7 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: Received disconnect from 103.160.148.170 port 43570:11: Bye Bye [preauth]
May  7 09:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29554]: Disconnected from 103.160.148.170 port 43570 [preauth]
May  7 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28414]: pam_unix(cron:session): session closed for user root
May  7 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29734]: pam_unix(cron:session): session closed for user root
May  7 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user p13x
May  7 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29799]: Successful su for rubyman by root
May  7 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29799]: + ??? root:rubyman
May  7 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345903 of user rubyman.
May  7 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29799]: pam_unix(su:session): session closed for user rubyman
May  7 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345903.
May  7 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
May  7 09:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27085]: pam_unix(cron:session): session closed for user root
May  7 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user samftp
May  7 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28819]: pam_unix(cron:session): session closed for user root
May  7 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30162]: pam_unix(cron:session): session closed for user p13x
May  7 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: Successful su for rubyman by root
May  7 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: + ??? root:rubyman
May  7 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345909 of user rubyman.
May  7 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30227]: pam_unix(su:session): session closed for user rubyman
May  7 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345909.
May  7 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27561]: pam_unix(cron:session): session closed for user root
May  7 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30163]: pam_unix(cron:session): session closed for user samftp
May  7 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Invalid user delta from 64.23.161.151
May  7 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: input_userauth_request: invalid user delta [preauth]
May  7 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Failed password for invalid user delta from 64.23.161.151 port 35948 ssh2
May  7 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30473]: Connection closed by 64.23.161.151 port 35948 [preauth]
May  7 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29323]: pam_unix(cron:session): session closed for user root
May  7 09:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212  user=root
May  7 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Failed password for root from 161.35.52.212 port 45948 ssh2
May  7 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Received disconnect from 161.35.52.212 port 45948:11: Bye Bye [preauth]
May  7 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30521]: Disconnected from 161.35.52.212 port 45948 [preauth]
May  7 09:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Failed password for root from 218.92.0.179 port 20108 ssh2
May  7 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20108 ssh2]
May  7 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Received disconnect from 218.92.0.179 port 20108:11:  [preauth]
May  7 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: Disconnected from 218.92.0.179 port 20108 [preauth]
May  7 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30544]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30563]: pam_unix(cron:session): session closed for user p13x
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: Successful su for rubyman by root
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: + ??? root:rubyman
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345913 of user rubyman.
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30626]: pam_unix(su:session): session closed for user rubyman
May  7 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345913.
May  7 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28001]: pam_unix(cron:session): session closed for user root
May  7 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30564]: pam_unix(cron:session): session closed for user samftp
May  7 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29733]: pam_unix(cron:session): session closed for user root
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31046]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31045]: pam_unix(cron:session): session closed for user p13x
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31122]: Successful su for rubyman by root
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31122]: + ??? root:rubyman
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345917 of user rubyman.
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31122]: pam_unix(su:session): session closed for user rubyman
May  7 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345917.
May  7 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28413]: pam_unix(cron:session): session closed for user root
May  7 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31046]: pam_unix(cron:session): session closed for user samftp
May  7 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30165]: pam_unix(cron:session): session closed for user root
May  7 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31463]: pam_unix(cron:session): session closed for user p13x
May  7 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31529]: Successful su for rubyman by root
May  7 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31529]: + ??? root:rubyman
May  7 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345921 of user rubyman.
May  7 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31529]: pam_unix(su:session): session closed for user rubyman
May  7 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345921.
May  7 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session closed for user root
May  7 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31464]: pam_unix(cron:session): session closed for user samftp
May  7 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30566]: pam_unix(cron:session): session closed for user root
May  7 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 09:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Failed password for root from 103.160.148.170 port 38038 ssh2
May  7 09:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Received disconnect from 103.160.148.170 port 38038:11: Bye Bye [preauth]
May  7 09:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31873]: Disconnected from 103.160.148.170 port 38038 [preauth]
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session closed for user root
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31906]: pam_unix(cron:session): session closed for user p13x
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: Successful su for rubyman by root
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: + ??? root:rubyman
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345929 of user rubyman.
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32070]: pam_unix(su:session): session closed for user rubyman
May  7 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345929.
May  7 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Invalid user admin from 152.42.140.238
May  7 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: input_userauth_request: invalid user admin [preauth]
May  7 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.42.140.238
May  7 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session closed for user root
May  7 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for invalid user admin from 152.42.140.238 port 47982 ssh2
May  7 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29322]: pam_unix(cron:session): session closed for user root
May  7 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Connection closed by 152.42.140.238 port 47982 [preauth]
May  7 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31908]: pam_unix(cron:session): session closed for user samftp
May  7 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Invalid user cirros from 80.94.95.29
May  7 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: input_userauth_request: invalid user cirros [preauth]
May  7 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Failed password for invalid user cirros from 80.94.95.29 port 27618 ssh2
May  7 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Failed password for invalid user cirros from 80.94.95.29 port 27618 ssh2
May  7 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Failed password for invalid user cirros from 80.94.95.29 port 27618 ssh2
May  7 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31048]: pam_unix(cron:session): session closed for user root
May  7 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Failed password for invalid user cirros from 80.94.95.29 port 27618 ssh2
May  7 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Failed password for invalid user cirros from 80.94.95.29 port 27618 ssh2
May  7 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Received disconnect from 80.94.95.29 port 27618:11: Bye [preauth]
May  7 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: Disconnected from 80.94.95.29 port 27618 [preauth]
May  7 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32552]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Invalid user admin from 85.208.84.5
May  7 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: input_userauth_request: invalid user admin [preauth]
May  7 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Failed password for invalid user admin from 85.208.84.5 port 39766 ssh2
May  7 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Connection closed by 85.208.84.5 port 39766 [preauth]
May  7 09:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Failed password for root from 218.92.0.179 port 56467 ssh2
May  7 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Failed password for root from 218.92.0.179 port 56467 ssh2
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32747]: pam_unix(cron:session): session closed for user p13x
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: Successful su for rubyman by root
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: + ??? root:rubyman
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345931 of user rubyman.
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[373]: pam_unix(su:session): session closed for user rubyman
May  7 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345931.
May  7 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Failed password for root from 218.92.0.179 port 56467 ssh2
May  7 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Received disconnect from 218.92.0.179 port 56467:11:  [preauth]
May  7 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: Disconnected from 218.92.0.179 port 56467 [preauth]
May  7 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32734]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29732]: pam_unix(cron:session): session closed for user root
May  7 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32748]: pam_unix(cron:session): session closed for user samftp
May  7 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Invalid user monit from 161.35.52.212
May  7 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: input_userauth_request: invalid user monit [preauth]
May  7 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for invalid user monit from 161.35.52.212 port 34546 ssh2
May  7 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Received disconnect from 161.35.52.212 port 34546:11: Bye Bye [preauth]
May  7 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Disconnected from 161.35.52.212 port 34546 [preauth]
May  7 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31466]: pam_unix(cron:session): session closed for user root
May  7 09:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: Failed password for root from 50.235.31.47 port 39116 ssh2
May  7 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[744]: Connection closed by 50.235.31.47 port 39116 [preauth]
May  7 09:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session closed for user p13x
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[874]: Successful su for rubyman by root
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[874]: + ??? root:rubyman
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345936 of user rubyman.
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[874]: pam_unix(su:session): session closed for user rubyman
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345936.
May  7 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: Failed password for root from 218.92.0.237 port 45860 ssh2
May  7 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30164]: pam_unix(cron:session): session closed for user root
May  7 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: Failed password for root from 218.92.0.237 port 45860 ssh2
May  7 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: Failed password for root from 218.92.0.237 port 45860 ssh2
May  7 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: Received disconnect from 218.92.0.237 port 45860:11:  [preauth]
May  7 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: Disconnected from 218.92.0.237 port 45860 [preauth]
May  7 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[792]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[807]: pam_unix(cron:session): session closed for user samftp
May  7 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session closed for user root
May  7 09:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1291]: pam_unix(cron:session): session closed for user p13x
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1360]: Successful su for rubyman by root
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1360]: + ??? root:rubyman
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345940 of user rubyman.
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1360]: pam_unix(su:session): session closed for user rubyman
May  7 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345940.
May  7 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30565]: pam_unix(cron:session): session closed for user root
May  7 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1292]: pam_unix(cron:session): session closed for user samftp
May  7 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Invalid user admin from 80.94.95.112
May  7 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: input_userauth_request: invalid user admin [preauth]
May  7 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32750]: pam_unix(cron:session): session closed for user root
May  7 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for invalid user admin from 80.94.95.112 port 55399 ssh2
May  7 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for invalid user admin from 80.94.95.112 port 55399 ssh2
May  7 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for invalid user admin from 80.94.95.112 port 55399 ssh2
May  7 09:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for invalid user admin from 80.94.95.112 port 55399 ssh2
May  7 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for invalid user admin from 80.94.95.112 port 55399 ssh2
May  7 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Received disconnect from 80.94.95.112 port 55399:11: Bye [preauth]
May  7 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Disconnected from 80.94.95.112 port 55399 [preauth]
May  7 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1767]: pam_unix(cron:session): session closed for user p13x
May  7 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: Successful su for rubyman by root
May  7 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: + ??? root:rubyman
May  7 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345943 of user rubyman.
May  7 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1839]: pam_unix(su:session): session closed for user rubyman
May  7 09:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345943.
May  7 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31047]: pam_unix(cron:session): session closed for user root
May  7 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1768]: pam_unix(cron:session): session closed for user samftp
May  7 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Failed password for root from 218.92.0.179 port 50303 ssh2
May  7 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Failed password for root from 218.92.0.179 port 50303 ssh2
May  7 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Invalid user liam from 64.23.161.151
May  7 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: input_userauth_request: invalid user liam [preauth]
May  7 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Failed password for root from 218.92.0.179 port 50303 ssh2
May  7 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Failed password for invalid user liam from 64.23.161.151 port 39540 ssh2
May  7 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2142]: Connection closed by 64.23.161.151 port 39540 [preauth]
May  7 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Received disconnect from 218.92.0.179 port 50303:11:  [preauth]
May  7 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: Disconnected from 218.92.0.179 port 50303 [preauth]
May  7 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2119]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[812]: pam_unix(cron:session): session closed for user root
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2288]: pam_unix(cron:session): session closed for user root
May  7 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2282]: pam_unix(cron:session): session closed for user p13x
May  7 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2352]: Successful su for rubyman by root
May  7 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2352]: + ??? root:rubyman
May  7 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345950 of user rubyman.
May  7 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2352]: pam_unix(su:session): session closed for user rubyman
May  7 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345950.
May  7 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2285]: pam_unix(cron:session): session closed for user root
May  7 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31465]: pam_unix(cron:session): session closed for user root
May  7 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2283]: pam_unix(cron:session): session closed for user samftp
May  7 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1294]: pam_unix(cron:session): session closed for user root
May  7 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Invalid user radarr from 161.35.52.212
May  7 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: input_userauth_request: invalid user radarr [preauth]
May  7 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Failed password for root from 103.160.148.170 port 41246 ssh2
May  7 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Received disconnect from 103.160.148.170 port 41246:11: Bye Bye [preauth]
May  7 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2696]: Disconnected from 103.160.148.170 port 41246 [preauth]
May  7 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Failed password for invalid user radarr from 161.35.52.212 port 55296 ssh2
May  7 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Received disconnect from 161.35.52.212 port 55296:11: Bye Bye [preauth]
May  7 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2703]: Disconnected from 161.35.52.212 port 55296 [preauth]
May  7 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 09:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Failed password for root from 218.92.0.103 port 37382 ssh2
May  7 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: message repeated 2 times: [ Failed password for root from 218.92.0.103 port 37382 ssh2]
May  7 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Received disconnect from 218.92.0.103 port 37382:11:  [preauth]
May  7 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Disconnected from 218.92.0.103 port 37382 [preauth]
May  7 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2770]: pam_unix(cron:session): session closed for user p13x
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: Successful su for rubyman by root
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: + ??? root:rubyman
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345954 of user rubyman.
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2841]: pam_unix(su:session): session closed for user rubyman
May  7 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345954.
May  7 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session closed for user root
May  7 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2771]: pam_unix(cron:session): session closed for user samftp
May  7 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Failed password for root from 190.103.202.7 port 55140 ssh2
May  7 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3077]: Connection closed by 190.103.202.7 port 55140 [preauth]
May  7 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1770]: pam_unix(cron:session): session closed for user root
May  7 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  7 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Failed password for root from 186.96.145.241 port 53416 ssh2
May  7 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3141]: Connection closed by 186.96.145.241 port 53416 [preauth]
May  7 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user p13x
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3258]: Successful su for rubyman by root
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3258]: + ??? root:rubyman
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345957 of user rubyman.
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3258]: pam_unix(su:session): session closed for user rubyman
May  7 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345957.
May  7 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32749]: pam_unix(cron:session): session closed for user root
May  7 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user samftp
May  7 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2287]: pam_unix(cron:session): session closed for user root
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3643]: pam_unix(cron:session): session closed for user p13x
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3702]: Successful su for rubyman by root
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3702]: + ??? root:rubyman
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345963 of user rubyman.
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3702]: pam_unix(su:session): session closed for user rubyman
May  7 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345963.
May  7 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[810]: pam_unix(cron:session): session closed for user root
May  7 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3644]: pam_unix(cron:session): session closed for user samftp
May  7 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2773]: pam_unix(cron:session): session closed for user root
May  7 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4076]: pam_unix(cron:session): session closed for user p13x
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: Successful su for rubyman by root
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: + ??? root:rubyman
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345966 of user rubyman.
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4196]: pam_unix(su:session): session closed for user rubyman
May  7 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345966.
May  7 09:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4074]: pam_unix(cron:session): session closed for user root
May  7 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1293]: pam_unix(cron:session): session closed for user root
May  7 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4077]: pam_unix(cron:session): session closed for user samftp
May  7 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session closed for user root
May  7 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4736]: pam_unix(cron:session): session closed for user root
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4731]: pam_unix(cron:session): session closed for user p13x
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Invalid user ljsoft from 161.35.52.212
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: input_userauth_request: invalid user ljsoft [preauth]
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4801]: Successful su for rubyman by root
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4801]: + ??? root:rubyman
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4801]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345973 of user rubyman.
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4801]: pam_unix(su:session): session closed for user rubyman
May  7 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345973.
May  7 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Failed password for invalid user ljsoft from 161.35.52.212 port 41864 ssh2
May  7 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Received disconnect from 161.35.52.212 port 41864:11: Bye Bye [preauth]
May  7 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4728]: Disconnected from 161.35.52.212 port 41864 [preauth]
May  7 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4733]: pam_unix(cron:session): session closed for user root
May  7 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1769]: pam_unix(cron:session): session closed for user root
May  7 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4732]: pam_unix(cron:session): session closed for user samftp
May  7 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3646]: pam_unix(cron:session): session closed for user root
May  7 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 80.246.130.145 port 32623 [preauth]
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5370]: pam_unix(cron:session): session closed for user p13x
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: Successful su for rubyman by root
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: + ??? root:rubyman
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345976 of user rubyman.
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: pam_unix(su:session): session closed for user rubyman
May  7 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345976.
May  7 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2286]: pam_unix(cron:session): session closed for user root
May  7 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5371]: pam_unix(cron:session): session closed for user samftp
May  7 09:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Invalid user ubuntu from 103.160.148.170
May  7 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: input_userauth_request: invalid user ubuntu [preauth]
May  7 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Failed password for invalid user ubuntu from 103.160.148.170 port 57630 ssh2
May  7 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Received disconnect from 103.160.148.170 port 57630:11: Bye Bye [preauth]
May  7 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5723]: Disconnected from 103.160.148.170 port 57630 [preauth]
May  7 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4079]: pam_unix(cron:session): session closed for user root
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5927]: pam_unix(cron:session): session closed for user p13x
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: Successful su for rubyman by root
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: + ??? root:rubyman
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345981 of user rubyman.
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: pam_unix(su:session): session closed for user rubyman
May  7 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345981.
May  7 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2772]: pam_unix(cron:session): session closed for user root
May  7 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5928]: pam_unix(cron:session): session closed for user samftp
May  7 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Invalid user shared from 64.23.161.151
May  7 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: input_userauth_request: invalid user shared [preauth]
May  7 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for invalid user shared from 64.23.161.151 port 47206 ssh2
May  7 09:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 64.23.161.151 port 47206 [preauth]
May  7 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4735]: pam_unix(cron:session): session closed for user root
May  7 09:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: User sshd from 194.0.234.19 not allowed because not listed in AllowUsers
May  7 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: input_userauth_request: invalid user sshd [preauth]
May  7 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=sshd
May  7 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Failed password for invalid user sshd from 194.0.234.19 port 27202 ssh2
May  7 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6325]: Connection closed by 194.0.234.19 port 27202 [preauth]
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6361]: pam_unix(cron:session): session closed for user p13x
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6422]: Successful su for rubyman by root
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6422]: + ??? root:rubyman
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345986 of user rubyman.
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6422]: pam_unix(su:session): session closed for user rubyman
May  7 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345986.
May  7 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user root
May  7 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6362]: pam_unix(cron:session): session closed for user samftp
May  7 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5373]: pam_unix(cron:session): session closed for user root
May  7 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Invalid user admin from 80.94.95.241
May  7 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: input_userauth_request: invalid user admin [preauth]
May  7 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 09:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Failed password for invalid user admin from 80.94.95.241 port 8616 ssh2
May  7 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Failed password for invalid user admin from 80.94.95.241 port 8616 ssh2
May  7 09:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Failed password for invalid user admin from 80.94.95.241 port 8616 ssh2
May  7 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6765]: pam_unix(cron:session): session closed for user p13x
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: Successful su for rubyman by root
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: + ??? root:rubyman
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345988 of user rubyman.
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6827]: pam_unix(su:session): session closed for user rubyman
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345988.
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Failed password for invalid user admin from 80.94.95.241 port 8616 ssh2
May  7 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3645]: pam_unix(cron:session): session closed for user root
May  7 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Failed password for invalid user admin from 80.94.95.241 port 8616 ssh2
May  7 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Received disconnect from 80.94.95.241 port 8616:11: Bye [preauth]
May  7 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: Disconnected from 80.94.95.241 port 8616 [preauth]
May  7 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6768]: pam_unix(cron:session): session closed for user samftp
May  7 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session closed for user root
May  7 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Invalid user ubadmin from 161.35.52.212
May  7 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: input_userauth_request: invalid user ubadmin [preauth]
May  7 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Failed password for invalid user ubadmin from 161.35.52.212 port 35378 ssh2
May  7 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Received disconnect from 161.35.52.212 port 35378:11: Bye Bye [preauth]
May  7 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Disconnected from 161.35.52.212 port 35378 [preauth]
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7281]: pam_unix(cron:session): session closed for user root
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7276]: pam_unix(cron:session): session closed for user p13x
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7341]: Successful su for rubyman by root
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7341]: + ??? root:rubyman
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7341]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345992 of user rubyman.
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7341]: pam_unix(su:session): session closed for user rubyman
May  7 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345992.
May  7 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7278]: pam_unix(cron:session): session closed for user root
May  7 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4078]: pam_unix(cron:session): session closed for user root
May  7 09:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7277]: pam_unix(cron:session): session closed for user samftp
May  7 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6364]: pam_unix(cron:session): session closed for user root
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7820]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7819]: pam_unix(cron:session): session closed for user p13x
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7887]: Successful su for rubyman by root
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7887]: + ??? root:rubyman
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 345999 of user rubyman.
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7887]: pam_unix(su:session): session closed for user rubyman
May  7 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 345999.
May  7 09:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4734]: pam_unix(cron:session): session closed for user root
May  7 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7820]: pam_unix(cron:session): session closed for user samftp
May  7 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6770]: pam_unix(cron:session): session closed for user root
May  7 09:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Failed password for root from 103.160.148.170 port 39668 ssh2
May  7 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Received disconnect from 103.160.148.170 port 39668:11: Bye Bye [preauth]
May  7 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8249]: Disconnected from 103.160.148.170 port 39668 [preauth]
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user p13x
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: Successful su for rubyman by root
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: + ??? root:rubyman
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346003 of user rubyman.
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8321]: pam_unix(su:session): session closed for user rubyman
May  7 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346003.
May  7 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5372]: pam_unix(cron:session): session closed for user root
May  7 09:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user samftp
May  7 09:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Connection reset by 147.185.132.168 port 59620 [preauth]
May  7 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7280]: pam_unix(cron:session): session closed for user root
May  7 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8683]: pam_unix(cron:session): session closed for user p13x
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8755]: Successful su for rubyman by root
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8755]: + ??? root:rubyman
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346006 of user rubyman.
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8755]: pam_unix(su:session): session closed for user rubyman
May  7 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346006.
May  7 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session closed for user root
May  7 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session closed for user samftp
May  7 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7824]: pam_unix(cron:session): session closed for user root
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session closed for user p13x
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9248]: Successful su for rubyman by root
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9248]: + ??? root:rubyman
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346011 of user rubyman.
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9248]: pam_unix(su:session): session closed for user rubyman
May  7 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346011.
May  7 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6363]: pam_unix(cron:session): session closed for user root
May  7 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session closed for user samftp
May  7 09:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Invalid user finance from 161.35.52.212
May  7 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: input_userauth_request: invalid user finance [preauth]
May  7 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Failed password for invalid user finance from 161.35.52.212 port 38786 ssh2
May  7 09:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Received disconnect from 161.35.52.212 port 38786:11: Bye Bye [preauth]
May  7 09:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9478]: Disconnected from 161.35.52.212 port 38786 [preauth]
May  7 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8263]: pam_unix(cron:session): session closed for user root
May  7 09:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Invalid user teddy from 64.23.161.151
May  7 09:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: input_userauth_request: invalid user teddy [preauth]
May  7 09:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Failed password for invalid user teddy from 64.23.161.151 port 34276 ssh2
May  7 09:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Connection closed by 64.23.161.151 port 34276 [preauth]
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session closed for user root
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session closed for user p13x
May  7 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9699]: Successful su for rubyman by root
May  7 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9699]: + ??? root:rubyman
May  7 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346016 of user rubyman.
May  7 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9699]: pam_unix(su:session): session closed for user rubyman
May  7 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346016.
May  7 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session closed for user root
May  7 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6769]: pam_unix(cron:session): session closed for user root
May  7 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session closed for user samftp
May  7 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Invalid user T from 195.178.110.50
May  7 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: input_userauth_request: invalid user T [preauth]
May  7 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Failed password for invalid user T from 195.178.110.50 port 28474 ssh2
May  7 09:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9679]: Connection closed by 195.178.110.50 port 28474 [preauth]
May  7 09:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user root
May  7 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Invalid user a from 195.178.110.50
May  7 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: input_userauth_request: invalid user a [preauth]
May  7 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Failed password for invalid user a from 195.178.110.50 port 38110 ssh2
May  7 09:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9944]: Connection closed by 195.178.110.50 port 38110 [preauth]
May  7 09:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10072]: pam_unix(cron:session): session closed for user p13x
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: Successful su for rubyman by root
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: + ??? root:rubyman
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346020 of user rubyman.
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10136]: pam_unix(su:session): session closed for user rubyman
May  7 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346020.
May  7 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7279]: pam_unix(cron:session): session closed for user root
May  7 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Invalid user n from 195.178.110.50
May  7 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: input_userauth_request: invalid user n [preauth]
May  7 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10073]: pam_unix(cron:session): session closed for user samftp
May  7 09:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Failed password for invalid user n from 195.178.110.50 port 8820 ssh2
May  7 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Connection closed by 195.178.110.50 port 8820 [preauth]
May  7 09:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Invalid user { from 195.178.110.50
May  7 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: input_userauth_request: invalid user { [preauth]
May  7 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Failed password for invalid user { from 195.178.110.50 port 59370 ssh2
May  7 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10411]: Connection closed by 195.178.110.50 port 59370 [preauth]
May  7 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session closed for user root
May  7 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Invalid user * from 195.178.110.50
May  7 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: input_userauth_request: invalid user * [preauth]
May  7 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 09:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Failed password for invalid user * from 195.178.110.50 port 45066 ssh2
May  7 09:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10501]: Connection closed by 195.178.110.50 port 45066 [preauth]
May  7 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10582]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10581]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10581]: pam_unix(cron:session): session closed for user p13x
May  7 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: Successful su for rubyman by root
May  7 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: + ??? root:rubyman
May  7 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346025 of user rubyman.
May  7 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10675]: pam_unix(su:session): session closed for user rubyman
May  7 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346025.
May  7 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7823]: pam_unix(cron:session): session closed for user root
May  7 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10582]: pam_unix(cron:session): session closed for user samftp
May  7 09:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Failed password for root from 218.92.0.179 port 12775 ssh2
May  7 09:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12775 ssh2]
May  7 09:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Received disconnect from 218.92.0.179 port 12775:11:  [preauth]
May  7 09:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: Disconnected from 218.92.0.179 port 12775 [preauth]
May  7 09:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10873]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9966]: Connection reset by 218.92.0.111 port 59800 [preauth]
May  7 09:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 09:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Failed password for root from 80.94.95.29 port 59723 ssh2
May  7 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: message repeated 2 times: [ Failed password for root from 80.94.95.29 port 59723 ssh2]
May  7 09:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 09:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Failed password for root from 80.94.95.29 port 59723 ssh2
May  7 09:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 80.94.95.125 port 56581 ssh2
May  7 09:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Failed password for root from 80.94.95.29 port 59723 ssh2
May  7 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Received disconnect from 80.94.95.29 port 59723:11: Bye [preauth]
May  7 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: Disconnected from 80.94.95.29 port 59723 [preauth]
May  7 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10928]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9621]: pam_unix(cron:session): session closed for user root
May  7 09:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 218.92.0.221 port 27438 ssh2
May  7 09:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 80.94.95.125 port 56581 ssh2
May  7 09:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 218.92.0.221 port 27438 ssh2
May  7 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Invalid user noreply from 103.160.148.170
May  7 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: input_userauth_request: invalid user noreply [preauth]
May  7 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 09:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 80.94.95.125 port 56581 ssh2
May  7 09:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Failed password for invalid user noreply from 103.160.148.170 port 43456 ssh2
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Received disconnect from 103.160.148.170 port 43456:11: Bye Bye [preauth]
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10981]: Disconnected from 103.160.148.170 port 43456 [preauth]
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 80.94.95.125 port 56581 ssh2
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for root from 218.92.0.221 port 27438 ssh2
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Received disconnect from 218.92.0.221 port 27438:11:  [preauth]
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Disconnected from 218.92.0.221 port 27438 [preauth]
May  7 09:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Failed password for root from 80.94.95.125 port 56581 ssh2
May  7 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Received disconnect from 80.94.95.125 port 56581:11: Bye [preauth]
May  7 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: Disconnected from 80.94.95.125 port 56581 [preauth]
May  7 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 09:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10950]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11041]: pam_unix(cron:session): session closed for user p13x
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: Successful su for rubyman by root
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: + ??? root:rubyman
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346030 of user rubyman.
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11104]: pam_unix(su:session): session closed for user rubyman
May  7 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346030.
May  7 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session closed for user root
May  7 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11042]: pam_unix(cron:session): session closed for user samftp
May  7 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10075]: pam_unix(cron:session): session closed for user root
May  7 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Invalid user oracle from 161.35.52.212
May  7 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: input_userauth_request: invalid user oracle [preauth]
May  7 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Failed password for invalid user oracle from 161.35.52.212 port 55646 ssh2
May  7 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Received disconnect from 161.35.52.212 port 55646:11: Bye Bye [preauth]
May  7 09:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Disconnected from 161.35.52.212 port 55646 [preauth]
May  7 09:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=root
May  7 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: Failed password for root from 85.208.84.5 port 26678 ssh2
May  7 09:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11404]: Connection closed by 85.208.84.5 port 26678 [preauth]
May  7 09:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11441]: pam_unix(cron:session): session closed for user p13x
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: Successful su for rubyman by root
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: + ??? root:rubyman
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346033 of user rubyman.
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11511]: pam_unix(su:session): session closed for user rubyman
May  7 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346033.
May  7 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session closed for user root
May  7 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11442]: pam_unix(cron:session): session closed for user samftp
May  7 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session closed for user root
May  7 09:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session closed for user root
May  7 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11847]: pam_unix(cron:session): session closed for user p13x
May  7 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11915]: Successful su for rubyman by root
May  7 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11915]: + ??? root:rubyman
May  7 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346036 of user rubyman.
May  7 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11915]: pam_unix(su:session): session closed for user rubyman
May  7 09:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346036.
May  7 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user root
May  7 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session closed for user root
May  7 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11848]: pam_unix(cron:session): session closed for user samftp
May  7 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session closed for user root
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12259]: pam_unix(cron:session): session closed for user p13x
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: Successful su for rubyman by root
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: + ??? root:rubyman
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346042 of user rubyman.
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: pam_unix(su:session): session closed for user rubyman
May  7 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346042.
May  7 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session closed for user root
May  7 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12260]: pam_unix(cron:session): session closed for user samftp
May  7 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: Failed password for root from 218.92.0.179 port 36677 ssh2
May  7 09:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36677 ssh2]
May  7 09:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: Received disconnect from 218.92.0.179 port 36677:11:  [preauth]
May  7 09:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: Disconnected from 218.92.0.179 port 36677 [preauth]
May  7 09:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12519]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session closed for user root
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12662]: pam_unix(cron:session): session closed for user p13x
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: Successful su for rubyman by root
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: + ??? root:rubyman
May  7 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346046 of user rubyman.
May  7 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: pam_unix(su:session): session closed for user rubyman
May  7 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346046.
May  7 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10074]: pam_unix(cron:session): session closed for user root
May  7 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session closed for user samftp
May  7 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user root
May  7 09:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Failed password for root from 218.92.0.179 port 19097 ssh2
May  7 09:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 19097 ssh2]
May  7 09:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Received disconnect from 218.92.0.179 port 19097:11:  [preauth]
May  7 09:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Disconnected from 218.92.0.179 port 19097 [preauth]
May  7 09:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 09:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Invalid user tyler from 64.23.161.151
May  7 09:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: input_userauth_request: invalid user tyler [preauth]
May  7 09:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 09:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Failed password for invalid user tyler from 64.23.161.151 port 41714 ssh2
May  7 09:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Connection closed by 64.23.161.151 port 41714 [preauth]
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13069]: pam_unix(cron:session): session closed for user p13x
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13128]: Successful su for rubyman by root
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13128]: + ??? root:rubyman
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346051 of user rubyman.
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13128]: pam_unix(su:session): session closed for user rubyman
May  7 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346051.
May  7 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session closed for user root
May  7 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: Invalid user readarr from 161.35.52.212
May  7 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: input_userauth_request: invalid user readarr [preauth]
May  7 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13071]: pam_unix(cron:session): session closed for user samftp
May  7 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: Failed password for invalid user readarr from 161.35.52.212 port 38002 ssh2
May  7 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: Received disconnect from 161.35.52.212 port 38002:11: Bye Bye [preauth]
May  7 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13286]: Disconnected from 161.35.52.212 port 38002 [preauth]
May  7 09:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Invalid user moderator from 103.160.148.170
May  7 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: input_userauth_request: invalid user moderator [preauth]
May  7 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: pam_unix(sshd:auth): check pass; user unknown
May  7 09:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 09:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Failed password for invalid user moderator from 103.160.148.170 port 38200 ssh2
May  7 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Received disconnect from 103.160.148.170 port 38200:11: Bye Bye [preauth]
May  7 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Disconnected from 103.160.148.170 port 38200 [preauth]
May  7 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12263]: pam_unix(cron:session): session closed for user root
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session closed for user p13x
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: Successful su for rubyman by root
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: + ??? root:rubyman
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346056 of user rubyman.
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13626]: pam_unix(su:session): session closed for user rubyman
May  7 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346056.
May  7 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session closed for user root
May  7 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13562]: pam_unix(cron:session): session closed for user samftp
May  7 09:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12666]: pam_unix(cron:session): session closed for user root
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13974]: pam_unix(cron:session): session closed for user root
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13970]: pam_unix(cron:session): session closed for user root
May  7 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session closed for user p13x
May  7 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: Successful su for rubyman by root
May  7 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: + ??? root:rubyman
May  7 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346064 of user rubyman.
May  7 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14069]: pam_unix(su:session): session closed for user rubyman
May  7 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346064.
May  7 10:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session closed for user root
May  7 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session closed for user root
May  7 10:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session closed for user samftp
May  7 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13073]: pam_unix(cron:session): session closed for user root
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session closed for user p13x
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14535]: Successful su for rubyman by root
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14535]: + ??? root:rubyman
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346066 of user rubyman.
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14535]: pam_unix(su:session): session closed for user rubyman
May  7 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346066.
May  7 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user root
May  7 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session closed for user samftp
May  7 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13564]: pam_unix(cron:session): session closed for user root
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14880]: pam_unix(cron:session): session closed for user p13x
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14956]: Successful su for rubyman by root
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14956]: + ??? root:rubyman
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346070 of user rubyman.
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14956]: pam_unix(su:session): session closed for user rubyman
May  7 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346070.
May  7 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12262]: pam_unix(cron:session): session closed for user root
May  7 10:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14882]: pam_unix(cron:session): session closed for user samftp
May  7 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user root
May  7 10:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: Invalid user ict from 161.35.52.212
May  7 10:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: input_userauth_request: invalid user ict [preauth]
May  7 10:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: Failed password for invalid user ict from 161.35.52.212 port 39156 ssh2
May  7 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: Received disconnect from 161.35.52.212 port 39156:11: Bye Bye [preauth]
May  7 10:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15224]: Disconnected from 161.35.52.212 port 39156 [preauth]
May  7 10:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 10:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Failed password for root from 218.92.0.217 port 46314 ssh2
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15285]: pam_unix(cron:session): session closed for user p13x
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15352]: Successful su for rubyman by root
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15352]: + ??? root:rubyman
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346073 of user rubyman.
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15352]: pam_unix(su:session): session closed for user rubyman
May  7 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346073.
May  7 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Failed password for root from 218.92.0.217 port 46314 ssh2
May  7 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Failed password for root from 218.92.0.217 port 46314 ssh2
May  7 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Received disconnect from 218.92.0.217 port 46314:11:  [preauth]
May  7 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: Disconnected from 218.92.0.217 port 46314 [preauth]
May  7 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15273]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session closed for user root
May  7 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15287]: pam_unix(cron:session): session closed for user samftp
May  7 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user root
May  7 10:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Invalid user arnaldo from 103.160.148.170
May  7 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: input_userauth_request: invalid user arnaldo [preauth]
May  7 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15673]: pam_unix(cron:session): session closed for user p13x
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: Successful su for rubyman by root
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: + ??? root:rubyman
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346077 of user rubyman.
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15738]: pam_unix(su:session): session closed for user rubyman
May  7 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346077.
May  7 10:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Failed password for invalid user arnaldo from 103.160.148.170 port 60678 ssh2
May  7 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Received disconnect from 103.160.148.170 port 60678:11: Bye Bye [preauth]
May  7 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Disconnected from 103.160.148.170 port 60678 [preauth]
May  7 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13072]: pam_unix(cron:session): session closed for user root
May  7 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15674]: pam_unix(cron:session): session closed for user samftp
May  7 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14884]: pam_unix(cron:session): session closed for user root
May  7 10:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16069]: pam_unix(cron:session): session closed for user root
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session closed for user p13x
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: Successful su for rubyman by root
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: + ??? root:rubyman
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346082 of user rubyman.
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16136]: pam_unix(su:session): session closed for user rubyman
May  7 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346082.
May  7 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session closed for user root
May  7 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13563]: pam_unix(cron:session): session closed for user root
May  7 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session closed for user samftp
May  7 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15289]: pam_unix(cron:session): session closed for user root
May  7 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Invalid user aaron from 64.23.161.151
May  7 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: input_userauth_request: invalid user aaron [preauth]
May  7 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Failed password for invalid user aaron from 64.23.161.151 port 43402 ssh2
May  7 10:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16424]: Connection closed by 64.23.161.151 port 43402 [preauth]
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user p13x
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: Successful su for rubyman by root
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: + ??? root:rubyman
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346088 of user rubyman.
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session closed for user rubyman
May  7 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346088.
May  7 10:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13972]: pam_unix(cron:session): session closed for user root
May  7 10:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user samftp
May  7 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session closed for user root
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16973]: pam_unix(cron:session): session closed for user p13x
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17035]: Successful su for rubyman by root
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17035]: + ??? root:rubyman
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346091 of user rubyman.
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17035]: pam_unix(su:session): session closed for user rubyman
May  7 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346091.
May  7 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session closed for user root
May  7 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16974]: pam_unix(cron:session): session closed for user samftp
May  7 10:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Invalid user kjs from 161.35.52.212
May  7 10:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: input_userauth_request: invalid user kjs [preauth]
May  7 10:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Failed password for invalid user kjs from 161.35.52.212 port 48104 ssh2
May  7 10:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Received disconnect from 161.35.52.212 port 48104:11: Bye Bye [preauth]
May  7 10:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17228]: Disconnected from 161.35.52.212 port 48104 [preauth]
May  7 10:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16068]: pam_unix(cron:session): session closed for user root
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session closed for user p13x
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17433]: Successful su for rubyman by root
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17433]: + ??? root:rubyman
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17433]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346095 of user rubyman.
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17433]: pam_unix(su:session): session closed for user rubyman
May  7 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346095.
May  7 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14883]: pam_unix(cron:session): session closed for user root
May  7 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session closed for user samftp
May  7 10:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 10:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Failed password for root from 218.92.0.232 port 15080 ssh2
May  7 10:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Failed password for root from 218.92.0.232 port 15080 ssh2
May  7 10:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Invalid user admin from 80.94.95.112
May  7 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: input_userauth_request: invalid user admin [preauth]
May  7 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 10:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Failed password for root from 218.92.0.232 port 15080 ssh2
May  7 10:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Received disconnect from 218.92.0.232 port 15080:11:  [preauth]
May  7 10:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: Disconnected from 218.92.0.232 port 15080 [preauth]
May  7 10:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17642]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 10:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for invalid user admin from 80.94.95.112 port 56963 ssh2
May  7 10:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 10:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for invalid user admin from 80.94.95.112 port 56963 ssh2
May  7 10:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Failed password for root from 218.92.0.232 port 11002 ssh2
May  7 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for invalid user admin from 80.94.95.112 port 56963 ssh2
May  7 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Failed password for root from 218.92.0.232 port 11002 ssh2
May  7 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for invalid user admin from 80.94.95.112 port 56963 ssh2
May  7 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Failed password for root from 218.92.0.232 port 11002 ssh2
May  7 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Received disconnect from 218.92.0.232 port 11002:11:  [preauth]
May  7 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Disconnected from 218.92.0.232 port 11002 [preauth]
May  7 10:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for invalid user admin from 80.94.95.112 port 56963 ssh2
May  7 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Received disconnect from 80.94.95.112 port 56963:11: Bye [preauth]
May  7 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Disconnected from 80.94.95.112 port 56963 [preauth]
May  7 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 10:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 10:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user root
May  7 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Failed password for root from 194.0.234.19 port 22922 ssh2
May  7 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17715]: Connection closed by 194.0.234.19 port 22922 [preauth]
May  7 10:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 10:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 218.92.0.232 port 51086 ssh2
May  7 10:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 218.92.0.232 port 51086 ssh2
May  7 10:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 218.92.0.232 port 51086 ssh2
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Received disconnect from 218.92.0.232 port 51086:11:  [preauth]
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Disconnected from 218.92.0.232 port 51086 [preauth]
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Invalid user julian from 164.68.105.9
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: input_userauth_request: invalid user julian [preauth]
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Failed password for invalid user julian from 164.68.105.9 port 34812 ssh2
May  7 10:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Connection closed by 164.68.105.9 port 34812 [preauth]
May  7 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session closed for user p13x
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18046]: Successful su for rubyman by root
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18046]: + ??? root:rubyman
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346100 of user rubyman.
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18046]: pam_unix(su:session): session closed for user rubyman
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346100.
May  7 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session closed for user root
May  7 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15288]: pam_unix(cron:session): session closed for user root
May  7 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session closed for user samftp
May  7 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session closed for user root
May  7 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  7 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 103.160.148.170 port 59238 ssh2
May  7 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Received disconnect from 103.160.148.170 port 59238:11: Bye Bye [preauth]
May  7 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Disconnected from 103.160.148.170 port 59238 [preauth]
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18418]: Did not receive identification string from 196.251.83.136
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Invalid user user from 196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: input_userauth_request: invalid user user [preauth]
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: Invalid user usario from 196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: input_userauth_request: invalid user usario [preauth]
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Invalid user support from 196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: input_userauth_request: invalid user support [preauth]
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Invalid user ubnt from 196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: input_userauth_request: invalid user ubnt [preauth]
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: Invalid user admin from 196.251.83.136
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: input_userauth_request: invalid user admin [preauth]
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.83.136
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session closed for user root
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18443]: pam_unix(cron:session): session closed for user p13x
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: Successful su for rubyman by root
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: + ??? root:rubyman
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346104 of user rubyman.
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: pam_unix(su:session): session closed for user rubyman
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346104.
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Failed password for invalid user user from 196.251.83.136 port 10016 ssh2
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Failed password for invalid user support from 196.251.83.136 port 10034 ssh2
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: Failed password for invalid user usario from 196.251.83.136 port 10052 ssh2
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Failed password for invalid user ubnt from 196.251.83.136 port 10050 ssh2
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: Failed password for invalid user admin from 196.251.83.136 port 10026 ssh2
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Received disconnect from 196.251.83.136 port 10016:11: Bye Bye [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Disconnected from 196.251.83.136 port 10016 [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Received disconnect from 196.251.83.136 port 10034:11: Bye Bye [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18421]: Disconnected from 196.251.83.136 port 10034 [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: Received disconnect from 196.251.83.136 port 10052:11: Bye Bye [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18422]: Disconnected from 196.251.83.136 port 10052 [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Received disconnect from 196.251.83.136 port 10050:11: Bye Bye [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18426]: Disconnected from 196.251.83.136 port 10050 [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: Received disconnect from 196.251.83.136 port 10026:11: Bye Bye [preauth]
May  7 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: Disconnected from 196.251.83.136 port 10026 [preauth]
May  7 10:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session closed for user root
May  7 10:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session closed for user root
May  7 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18444]: pam_unix(cron:session): session closed for user samftp
May  7 10:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 10:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: Failed password for root from 218.92.0.112 port 59216 ssh2
May  7 10:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17373]: pam_unix(cron:session): session closed for user root
May  7 10:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 10:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18844]: Failed password for root from 218.92.0.112 port 48696 ssh2
May  7 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session closed for user p13x
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18950]: Successful su for rubyman by root
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18950]: + ??? root:rubyman
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346112 of user rubyman.
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18950]: pam_unix(su:session): session closed for user rubyman
May  7 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346112.
May  7 10:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session closed for user root
May  7 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user samftp
May  7 10:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17917]: pam_unix(cron:session): session closed for user root
May  7 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Failed password for root from 218.92.0.179 port 29955 ssh2
May  7 10:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Invalid user privacy from 161.35.52.212
May  7 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: input_userauth_request: invalid user privacy [preauth]
May  7 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Failed password for root from 218.92.0.179 port 29955 ssh2
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Failed password for invalid user privacy from 161.35.52.212 port 37664 ssh2
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Received disconnect from 161.35.52.212 port 37664:11: Bye Bye [preauth]
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19238]: Disconnected from 161.35.52.212 port 37664 [preauth]
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Failed password for root from 218.92.0.179 port 29955 ssh2
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Received disconnect from 218.92.0.179 port 29955:11:  [preauth]
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: Disconnected from 218.92.0.179 port 29955 [preauth]
May  7 10:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19206]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19299]: pam_unix(cron:session): session closed for user p13x
May  7 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19368]: Successful su for rubyman by root
May  7 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19368]: + ??? root:rubyman
May  7 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19368]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346115 of user rubyman.
May  7 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19368]: pam_unix(su:session): session closed for user rubyman
May  7 10:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346115.
May  7 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May  7 10:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19300]: pam_unix(cron:session): session closed for user samftp
May  7 10:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session closed for user root
May  7 10:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 10:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: Failed password for root from 218.92.0.217 port 45328 ssh2
May  7 10:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 45328 ssh2]
May  7 10:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: Received disconnect from 218.92.0.217 port 45328:11:  [preauth]
May  7 10:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: Disconnected from 218.92.0.217 port 45328 [preauth]
May  7 10:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19669]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user p13x
May  7 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19782]: Successful su for rubyman by root
May  7 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19782]: + ??? root:rubyman
May  7 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346118 of user rubyman.
May  7 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19782]: pam_unix(su:session): session closed for user rubyman
May  7 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346118.
May  7 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session closed for user root
May  7 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user samftp
May  7 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Invalid user adlt from 64.23.161.151
May  7 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: input_userauth_request: invalid user adlt [preauth]
May  7 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Failed password for invalid user adlt from 64.23.161.151 port 52226 ssh2
May  7 10:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20035]: Connection closed by 64.23.161.151 port 52226 [preauth]
May  7 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18885]: pam_unix(cron:session): session closed for user root
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20127]: pam_unix(cron:session): session closed for user p13x
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20188]: Successful su for rubyman by root
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20188]: + ??? root:rubyman
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346123 of user rubyman.
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20188]: pam_unix(su:session): session closed for user rubyman
May  7 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346123.
May  7 10:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Invalid user ca from 14.103.140.196
May  7 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: input_userauth_request: invalid user ca [preauth]
May  7 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17372]: pam_unix(cron:session): session closed for user root
May  7 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20273]: Failed password for invalid user ca from 14.103.140.196 port 45598 ssh2
May  7 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20128]: pam_unix(cron:session): session closed for user samftp
May  7 10:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19302]: pam_unix(cron:session): session closed for user root
May  7 10:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Invalid user tom from 46.244.96.25
May  7 10:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: input_userauth_request: invalid user tom [preauth]
May  7 10:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Failed password for invalid user tom from 46.244.96.25 port 59316 ssh2
May  7 10:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20495]: Connection closed by 46.244.96.25 port 59316 [preauth]
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session closed for user root
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session closed for user p13x
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20592]: Successful su for rubyman by root
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20592]: + ??? root:rubyman
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346127 of user rubyman.
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20592]: pam_unix(su:session): session closed for user rubyman
May  7 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346127.
May  7 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session closed for user root
May  7 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user root
May  7 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session closed for user samftp
May  7 10:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Invalid user usertest from 103.160.148.170
May  7 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: input_userauth_request: invalid user usertest [preauth]
May  7 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 10:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Failed password for invalid user usertest from 103.160.148.170 port 49164 ssh2
May  7 10:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Received disconnect from 103.160.148.170 port 49164:11: Bye Bye [preauth]
May  7 10:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20818]: Disconnected from 103.160.148.170 port 49164 [preauth]
May  7 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user root
May  7 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Invalid user maria from 161.35.52.212
May  7 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: input_userauth_request: invalid user maria [preauth]
May  7 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Failed password for invalid user maria from 161.35.52.212 port 34466 ssh2
May  7 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Received disconnect from 161.35.52.212 port 34466:11: Bye Bye [preauth]
May  7 10:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20967]: Disconnected from 161.35.52.212 port 34466 [preauth]
May  7 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user p13x
May  7 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: Successful su for rubyman by root
May  7 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: + ??? root:rubyman
May  7 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346135 of user rubyman.
May  7 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21041]: pam_unix(su:session): session closed for user rubyman
May  7 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346135.
May  7 10:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18446]: pam_unix(cron:session): session closed for user root
May  7 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user samftp
May  7 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20130]: pam_unix(cron:session): session closed for user root
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session closed for user root
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user p13x
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21483]: Successful su for rubyman by root
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21483]: + ??? root:rubyman
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346137 of user rubyman.
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21483]: pam_unix(su:session): session closed for user rubyman
May  7 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346137.
May  7 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session closed for user root
May  7 10:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session closed for user samftp
May  7 10:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: Failed password for root from 218.92.0.233 port 55162 ssh2
May  7 10:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 55162 ssh2]
May  7 10:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: Received disconnect from 218.92.0.233 port 55162:11:  [preauth]
May  7 10:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: Disconnected from 218.92.0.233 port 55162 [preauth]
May  7 10:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21735]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: Failed password for root from 218.92.0.233 port 42564 ssh2
May  7 10:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 42564 ssh2]
May  7 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: Received disconnect from 218.92.0.233 port 42564:11:  [preauth]
May  7 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: Disconnected from 218.92.0.233 port 42564 [preauth]
May  7 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21857]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session closed for user root
May  7 10:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Failed password for root from 218.92.0.233 port 56446 ssh2
May  7 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 56446 ssh2]
May  7 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Received disconnect from 218.92.0.233 port 56446:11:  [preauth]
May  7 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: Disconnected from 218.92.0.233 port 56446 [preauth]
May  7 10:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Invalid user admin from 80.94.95.241
May  7 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: input_userauth_request: invalid user admin [preauth]
May  7 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user p13x
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: Successful su for rubyman by root
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: + ??? root:rubyman
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346142 of user rubyman.
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22215]: pam_unix(su:session): session closed for user rubyman
May  7 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346142.
May  7 10:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user admin from 80.94.95.241 port 22436 ssh2
May  7 10:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19301]: pam_unix(cron:session): session closed for user root
May  7 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user admin from 80.94.95.241 port 22436 ssh2
May  7 10:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user samftp
May  7 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user admin from 80.94.95.241 port 22436 ssh2
May  7 10:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user admin from 80.94.95.241 port 22436 ssh2
May  7 10:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user admin from 80.94.95.241 port 22436 ssh2
May  7 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Received disconnect from 80.94.95.241 port 22436:11: Bye [preauth]
May  7 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Disconnected from 80.94.95.241 port 22436 [preauth]
May  7 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 10:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20973]: pam_unix(cron:session): session closed for user root
May  7 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user p13x
May  7 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: Successful su for rubyman by root
May  7 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: + ??? root:rubyman
May  7 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346145 of user rubyman.
May  7 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: pam_unix(su:session): session closed for user rubyman
May  7 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346145.
May  7 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user root
May  7 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22615]: pam_unix(cron:session): session closed for user samftp
May  7 10:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Failed password for root from 218.92.0.179 port 37774 ssh2
May  7 10:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 37774 ssh2]
May  7 10:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Received disconnect from 218.92.0.179 port 37774:11:  [preauth]
May  7 10:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: Disconnected from 218.92.0.179 port 37774 [preauth]
May  7 10:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22900]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21420]: pam_unix(cron:session): session closed for user root
May  7 10:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23070]: Failed password for root from 50.235.31.47 port 50684 ssh2
May  7 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23070]: Connection closed by 50.235.31.47 port 50684 [preauth]
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23086]: pam_unix(cron:session): session closed for user root
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23081]: pam_unix(cron:session): session closed for user p13x
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: Successful su for rubyman by root
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: + ??? root:rubyman
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346151 of user rubyman.
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23152]: pam_unix(su:session): session closed for user rubyman
May  7 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346151.
May  7 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23083]: pam_unix(cron:session): session closed for user root
May  7 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20129]: pam_unix(cron:session): session closed for user root
May  7 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23082]: pam_unix(cron:session): session closed for user samftp
May  7 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Invalid user fff from 161.35.52.212
May  7 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: input_userauth_request: invalid user fff [preauth]
May  7 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Failed password for invalid user fff from 161.35.52.212 port 42846 ssh2
May  7 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Received disconnect from 161.35.52.212 port 42846:11: Bye Bye [preauth]
May  7 10:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23504]: Disconnected from 161.35.52.212 port 42846 [preauth]
May  7 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22152]: pam_unix(cron:session): session closed for user root
May  7 10:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: Invalid user admin from 194.0.234.19
May  7 10:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: input_userauth_request: invalid user admin [preauth]
May  7 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 10:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: Failed password for invalid user admin from 194.0.234.19 port 58120 ssh2
May  7 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23596]: Connection closed by 194.0.234.19 port 58120 [preauth]
May  7 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Invalid user user1 from 103.160.148.170
May  7 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: input_userauth_request: invalid user user1 [preauth]
May  7 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  7 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Failed password for invalid user user1 from 103.160.148.170 port 34072 ssh2
May  7 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Received disconnect from 103.160.148.170 port 34072:11: Bye Bye [preauth]
May  7 10:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23613]: Disconnected from 103.160.148.170 port 34072 [preauth]
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session closed for user p13x
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: Successful su for rubyman by root
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: + ??? root:rubyman
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346155 of user rubyman.
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23694]: pam_unix(su:session): session closed for user rubyman
May  7 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346155.
May  7 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session closed for user root
May  7 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session closed for user samftp
May  7 10:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: Invalid user alex from 64.23.161.151
May  7 10:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: input_userauth_request: invalid user alex [preauth]
May  7 10:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: Failed password for invalid user alex from 64.23.161.151 port 60344 ssh2
May  7 10:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24032]: Connection closed by 64.23.161.151 port 60344 [preauth]
May  7 10:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session closed for user root
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user p13x
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: Successful su for rubyman by root
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: + ??? root:rubyman
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346161 of user rubyman.
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: pam_unix(su:session): session closed for user rubyman
May  7 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346161.
May  7 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20972]: pam_unix(cron:session): session closed for user root
May  7 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user samftp
May  7 10:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23085]: pam_unix(cron:session): session closed for user root
May  7 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24600]: pam_unix(cron:session): session closed for user p13x
May  7 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24665]: Successful su for rubyman by root
May  7 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24665]: + ??? root:rubyman
May  7 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346164 of user rubyman.
May  7 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24665]: pam_unix(su:session): session closed for user rubyman
May  7 10:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346164.
May  7 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session closed for user root
May  7 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24601]: pam_unix(cron:session): session closed for user samftp
May  7 10:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user root
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25012]: pam_unix(cron:session): session closed for user p13x
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25075]: Successful su for rubyman by root
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25075]: + ??? root:rubyman
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346170 of user rubyman.
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25075]: pam_unix(su:session): session closed for user rubyman
May  7 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346170.
May  7 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session closed for user root
May  7 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session closed for user samftp
May  7 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
May  7 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Invalid user shanta from 161.35.52.212
May  7 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: input_userauth_request: invalid user shanta [preauth]
May  7 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Failed password for invalid user shanta from 161.35.52.212 port 49970 ssh2
May  7 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Received disconnect from 161.35.52.212 port 49970:11: Bye Bye [preauth]
May  7 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25403]: Disconnected from 161.35.52.212 port 49970 [preauth]
May  7 10:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: Failed password for root from 218.92.0.179 port 21687 ssh2
May  7 10:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: Failed password for root from 218.92.0.179 port 21687 ssh2
May  7 10:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 10:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Failed password for root from 218.92.0.227 port 38134 ssh2
May  7 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: Failed password for root from 218.92.0.179 port 21687 ssh2
May  7 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: Received disconnect from 218.92.0.179 port 21687:11:  [preauth]
May  7 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: Disconnected from 218.92.0.179 port 21687 [preauth]
May  7 10:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25405]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session closed for user root
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session closed for user p13x
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Failed password for root from 218.92.0.227 port 38134 ssh2
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25495]: Successful su for rubyman by root
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25495]: + ??? root:rubyman
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346171 of user rubyman.
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25495]: pam_unix(su:session): session closed for user rubyman
May  7 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346171.
May  7 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Failed password for root from 218.92.0.227 port 38134 ssh2
May  7 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Received disconnect from 218.92.0.227 port 38134:11:  [preauth]
May  7 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: Disconnected from 218.92.0.227 port 38134 [preauth]
May  7 10:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25416]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session closed for user root
May  7 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22616]: pam_unix(cron:session): session closed for user root
May  7 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session closed for user samftp
May  7 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Failed password for root from 218.92.0.227 port 38144 ssh2
May  7 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 38144 ssh2]
May  7 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Received disconnect from 218.92.0.227 port 38144:11:  [preauth]
May  7 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: Disconnected from 218.92.0.227 port 38144 [preauth]
May  7 10:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25676]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 10:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 10:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: Failed password for root from 218.92.0.227 port 30490 ssh2
May  7 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: message repeated 2 times: [ Failed password for root from 218.92.0.227 port 30490 ssh2]
May  7 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: Received disconnect from 218.92.0.227 port 30490:11:  [preauth]
May  7 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: Disconnected from 218.92.0.227 port 30490 [preauth]
May  7 10:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25778]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  7 10:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session closed for user root
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25956]: pam_unix(cron:session): session closed for user p13x
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: Successful su for rubyman by root
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: + ??? root:rubyman
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346178 of user rubyman.
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26025]: pam_unix(su:session): session closed for user rubyman
May  7 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346178.
May  7 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23084]: pam_unix(cron:session): session closed for user root
May  7 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25957]: pam_unix(cron:session): session closed for user samftp
May  7 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user p13x
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26417]: Successful su for rubyman by root
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26417]: + ??? root:rubyman
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346183 of user rubyman.
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26417]: pam_unix(su:session): session closed for user rubyman
May  7 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346183.
May  7 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user root
May  7 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session closed for user samftp
May  7 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 10:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Failed password for root from 80.94.95.125 port 41539 ssh2
May  7 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 41539 ssh2]
May  7 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Received disconnect from 80.94.95.125 port 41539:11: Bye [preauth]
May  7 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: Disconnected from 80.94.95.125 port 41539 [preauth]
May  7 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 10:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26687]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 10:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25431]: pam_unix(cron:session): session closed for user root
May  7 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26845]: pam_unix(cron:session): session closed for user p13x
May  7 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26917]: Successful su for rubyman by root
May  7 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26917]: + ??? root:rubyman
May  7 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346186 of user rubyman.
May  7 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26917]: pam_unix(su:session): session closed for user rubyman
May  7 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346186.
May  7 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user root
May  7 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26846]: pam_unix(cron:session): session closed for user samftp
May  7 10:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25959]: pam_unix(cron:session): session closed for user root
May  7 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Failed password for root from 218.92.0.179 port 23928 ssh2
May  7 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23928 ssh2]
May  7 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Received disconnect from 218.92.0.179 port 23928:11:  [preauth]
May  7 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: Disconnected from 218.92.0.179 port 23928 [preauth]
May  7 10:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27306]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27332]: pam_unix(cron:session): session closed for user p13x
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27417]: Successful su for rubyman by root
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27417]: + ??? root:rubyman
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346191 of user rubyman.
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27417]: pam_unix(su:session): session closed for user rubyman
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346191.
May  7 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session closed for user root
May  7 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  7 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27333]: pam_unix(cron:session): session closed for user samftp
May  7 10:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: Failed password for root from 80.94.95.116 port 63768 ssh2
May  7 10:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27434]: Connection closed by 80.94.95.116 port 63768 [preauth]
May  7 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Invalid user allecia from 64.23.161.151
May  7 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: input_userauth_request: invalid user allecia [preauth]
May  7 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Failed password for invalid user allecia from 64.23.161.151 port 45002 ssh2
May  7 10:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Connection closed by 64.23.161.151 port 45002 [preauth]
May  7 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: Invalid user fin from 161.35.52.212
May  7 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: input_userauth_request: invalid user fin [preauth]
May  7 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: Failed password for invalid user fin from 161.35.52.212 port 38142 ssh2
May  7 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: Received disconnect from 161.35.52.212 port 38142:11: Bye Bye [preauth]
May  7 10:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27684]: Disconnected from 161.35.52.212 port 38142 [preauth]
May  7 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user root
May  7 10:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27803]: pam_unix(cron:session): session closed for user root
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27798]: pam_unix(cron:session): session closed for user p13x
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Invalid user krzysiu from 190.103.202.7
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: input_userauth_request: invalid user krzysiu [preauth]
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27875]: Successful su for rubyman by root
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27875]: + ??? root:rubyman
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346195 of user rubyman.
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27875]: pam_unix(su:session): session closed for user rubyman
May  7 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346195.
May  7 10:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Failed password for invalid user krzysiu from 190.103.202.7 port 53392 ssh2
May  7 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27795]: Connection closed by 190.103.202.7 port 53392 [preauth]
May  7 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27800]: pam_unix(cron:session): session closed for user root
May  7 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user root
May  7 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27799]: pam_unix(cron:session): session closed for user samftp
May  7 10:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: Invalid user atest from 164.68.105.9
May  7 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: input_userauth_request: invalid user atest [preauth]
May  7 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: Failed password for invalid user atest from 164.68.105.9 port 49830 ssh2
May  7 10:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28146]: Connection closed by 164.68.105.9 port 49830 [preauth]
May  7 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26848]: pam_unix(cron:session): session closed for user root
May  7 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28237]: pam_unix(cron:session): session closed for user p13x
May  7 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28310]: Successful su for rubyman by root
May  7 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28310]: + ??? root:rubyman
May  7 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346199 of user rubyman.
May  7 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28310]: pam_unix(su:session): session closed for user rubyman
May  7 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346199.
May  7 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25430]: pam_unix(cron:session): session closed for user root
May  7 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28238]: pam_unix(cron:session): session closed for user samftp
May  7 10:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27335]: pam_unix(cron:session): session closed for user root
May  7 10:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 10:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Failed password for root from 218.92.0.179 port 44117 ssh2
May  7 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28599]: Failed password for root from 218.92.0.103 port 31948 ssh2
May  7 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Failed password for root from 218.92.0.179 port 44117 ssh2
May  7 10:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28599]: Failed password for root from 218.92.0.103 port 31948 ssh2
May  7 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Failed password for root from 218.92.0.179 port 44117 ssh2
May  7 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Received disconnect from 218.92.0.179 port 44117:11:  [preauth]
May  7 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: Disconnected from 218.92.0.179 port 44117 [preauth]
May  7 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28597]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28599]: Failed password for root from 218.92.0.103 port 31948 ssh2
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session closed for user p13x
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28717]: Successful su for rubyman by root
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28717]: + ??? root:rubyman
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346204 of user rubyman.
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28717]: pam_unix(su:session): session closed for user rubyman
May  7 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346204.
May  7 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25958]: pam_unix(cron:session): session closed for user root
May  7 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session closed for user samftp
May  7 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Invalid user imran from 14.103.140.196
May  7 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: input_userauth_request: invalid user imran [preauth]
May  7 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Failed password for invalid user imran from 14.103.140.196 port 43162 ssh2
May  7 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Received disconnect from 14.103.140.196 port 43162:11: Bye Bye [preauth]
May  7 10:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28910]: Disconnected from 14.103.140.196 port 43162 [preauth]
May  7 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27802]: pam_unix(cron:session): session closed for user root
May  7 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29151]: pam_unix(cron:session): session closed for user p13x
May  7 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: Successful su for rubyman by root
May  7 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: + ??? root:rubyman
May  7 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346207 of user rubyman.
May  7 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29216]: pam_unix(su:session): session closed for user rubyman
May  7 10:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346207.
May  7 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user root
May  7 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29152]: pam_unix(cron:session): session closed for user samftp
May  7 10:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28521]: Connection reset by 218.92.0.218 port 63180 [preauth]
May  7 10:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28240]: pam_unix(cron:session): session closed for user root
May  7 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: Invalid user hdfs from 161.35.52.212
May  7 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: input_userauth_request: invalid user hdfs [preauth]
May  7 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: Failed password for invalid user hdfs from 161.35.52.212 port 48522 ssh2
May  7 10:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: Received disconnect from 161.35.52.212 port 48522:11: Bye Bye [preauth]
May  7 10:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29544]: Disconnected from 161.35.52.212 port 48522 [preauth]
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session closed for user p13x
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29629]: Successful su for rubyman by root
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29629]: + ??? root:rubyman
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346212 of user rubyman.
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29629]: pam_unix(su:session): session closed for user rubyman
May  7 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346212.
May  7 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26847]: pam_unix(cron:session): session closed for user root
May  7 10:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29567]: pam_unix(cron:session): session closed for user samftp
May  7 10:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28662]: pam_unix(cron:session): session closed for user root
May  7 10:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196  user=root
May  7 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Failed password for root from 14.103.140.196 port 55876 ssh2
May  7 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Received disconnect from 14.103.140.196 port 55876:11: Bye Bye [preauth]
May  7 10:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29959]: Disconnected from 14.103.140.196 port 55876 [preauth]
May  7 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session closed for user root
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29981]: pam_unix(cron:session): session closed for user p13x
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30048]: Successful su for rubyman by root
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30048]: + ??? root:rubyman
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346219 of user rubyman.
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30048]: pam_unix(su:session): session closed for user rubyman
May  7 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346219.
May  7 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29983]: pam_unix(cron:session): session closed for user root
May  7 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27334]: pam_unix(cron:session): session closed for user root
May  7 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29982]: pam_unix(cron:session): session closed for user samftp
May  7 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29154]: pam_unix(cron:session): session closed for user root
May  7 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30401]: pam_unix(cron:session): session closed for user p13x
May  7 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: Successful su for rubyman by root
May  7 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: + ??? root:rubyman
May  7 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346221 of user rubyman.
May  7 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30472]: pam_unix(su:session): session closed for user rubyman
May  7 10:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346221.
May  7 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27801]: pam_unix(cron:session): session closed for user root
May  7 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30402]: pam_unix(cron:session): session closed for user samftp
May  7 10:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Invalid user mini from 14.103.140.196
May  7 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: input_userauth_request: invalid user mini [preauth]
May  7 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Failed password for invalid user mini from 14.103.140.196 port 60398 ssh2
May  7 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Received disconnect from 14.103.140.196 port 60398:11: Bye Bye [preauth]
May  7 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30652]: Disconnected from 14.103.140.196 port 60398 [preauth]
May  7 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29569]: pam_unix(cron:session): session closed for user root
May  7 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Invalid user david from 64.23.161.151
May  7 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: input_userauth_request: invalid user david [preauth]
May  7 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Failed password for invalid user david from 64.23.161.151 port 58158 ssh2
May  7 10:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30799]: Connection closed by 64.23.161.151 port 58158 [preauth]
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30802]: pam_unix(cron:session): session closed for user p13x
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: Successful su for rubyman by root
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: + ??? root:rubyman
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346225 of user rubyman.
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30865]: pam_unix(su:session): session closed for user rubyman
May  7 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346225.
May  7 10:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28239]: pam_unix(cron:session): session closed for user root
May  7 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30803]: pam_unix(cron:session): session closed for user samftp
May  7 10:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 218.92.0.233 port 26864 ssh2
May  7 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Invalid user ymoreno from 14.103.140.196
May  7 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: input_userauth_request: invalid user ymoreno [preauth]
May  7 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 218.92.0.233 port 26864 ssh2
May  7 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Failed password for invalid user ymoreno from 14.103.140.196 port 46988 ssh2
May  7 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Received disconnect from 14.103.140.196 port 46988:11: Bye Bye [preauth]
May  7 10:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31192]: Disconnected from 14.103.140.196 port 46988 [preauth]
May  7 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Failed password for root from 218.92.0.233 port 26864 ssh2
May  7 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Received disconnect from 218.92.0.233 port 26864:11:  [preauth]
May  7 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: Disconnected from 218.92.0.233 port 26864 [preauth]
May  7 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Failed password for root from 218.92.0.233 port 26890 ssh2
May  7 10:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Failed password for root from 218.92.0.233 port 26890 ssh2
May  7 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session closed for user root
May  7 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Failed password for root from 218.92.0.233 port 26890 ssh2
May  7 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Received disconnect from 218.92.0.233 port 26890:11:  [preauth]
May  7 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: Disconnected from 218.92.0.233 port 26890 [preauth]
May  7 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31215]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Failed password for root from 218.92.0.233 port 51840 ssh2
May  7 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 51840 ssh2]
May  7 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Received disconnect from 218.92.0.233 port 51840:11:  [preauth]
May  7 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Disconnected from 218.92.0.233 port 51840 [preauth]
May  7 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31313]: pam_unix(cron:session): session closed for user p13x
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31378]: Successful su for rubyman by root
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31378]: + ??? root:rubyman
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346232 of user rubyman.
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31378]: pam_unix(su:session): session closed for user rubyman
May  7 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346232.
May  7 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session closed for user root
May  7 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session closed for user samftp
May  7 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: Invalid user admin1234 from 161.35.52.212
May  7 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: input_userauth_request: invalid user admin1234 [preauth]
May  7 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.52.212
May  7 10:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: Failed password for invalid user admin1234 from 161.35.52.212 port 59308 ssh2
May  7 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: Received disconnect from 161.35.52.212 port 59308:11: Bye Bye [preauth]
May  7 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31571]: Disconnected from 161.35.52.212 port 59308 [preauth]
May  7 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30404]: pam_unix(cron:session): session closed for user root
May  7 10:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Invalid user eduard from 14.103.140.196
May  7 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: input_userauth_request: invalid user eduard [preauth]
May  7 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Failed password for invalid user eduard from 14.103.140.196 port 48646 ssh2
May  7 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Received disconnect from 14.103.140.196 port 48646:11: Bye Bye [preauth]
May  7 10:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31689]: Disconnected from 14.103.140.196 port 48646 [preauth]
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31751]: pam_unix(cron:session): session closed for user p13x
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: Successful su for rubyman by root
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: + ??? root:rubyman
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346235 of user rubyman.
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31879]: pam_unix(su:session): session closed for user rubyman
May  7 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346235.
May  7 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31749]: pam_unix(cron:session): session closed for user root
May  7 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29153]: pam_unix(cron:session): session closed for user root
May  7 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session closed for user samftp
May  7 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30805]: pam_unix(cron:session): session closed for user root
May  7 10:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Invalid user ftpuser from 14.103.140.196
May  7 10:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: input_userauth_request: invalid user ftpuser [preauth]
May  7 10:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Invalid user 7 from 195.178.110.50
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: input_userauth_request: invalid user 7 [preauth]
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Failed password for invalid user ftpuser from 14.103.140.196 port 52562 ssh2
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Received disconnect from 14.103.140.196 port 52562:11: Bye Bye [preauth]
May  7 10:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32537]: Disconnected from 14.103.140.196 port 52562 [preauth]
May  7 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Failed password for invalid user 7 from 195.178.110.50 port 17100 ssh2
May  7 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32499]: Connection closed by 195.178.110.50 port 17100 [preauth]
May  7 10:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32565]: pam_unix(cron:session): session closed for user root
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32560]: pam_unix(cron:session): session closed for user p13x
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32727]: Successful su for rubyman by root
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32727]: + ??? root:rubyman
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346243 of user rubyman.
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32727]: pam_unix(su:session): session closed for user rubyman
May  7 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346243.
May  7 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32562]: pam_unix(cron:session): session closed for user root
May  7 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29568]: pam_unix(cron:session): session closed for user root
May  7 10:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32561]: pam_unix(cron:session): session closed for user samftp
May  7 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Invalid user D from 195.178.110.50
May  7 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: input_userauth_request: invalid user D [preauth]
May  7 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 10:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Failed password for invalid user D from 195.178.110.50 port 20782 ssh2
May  7 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32557]: Connection closed by 195.178.110.50 port 20782 [preauth]
May  7 10:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 10:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Failed password for root from 218.92.0.217 port 25114 ssh2
May  7 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Invalid user Q from 195.178.110.50
May  7 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: input_userauth_request: invalid user Q [preauth]
May  7 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 10:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Failed password for root from 218.92.0.217 port 25114 ssh2
May  7 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Failed password for invalid user Q from 195.178.110.50 port 31898 ssh2
May  7 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[587]: Connection closed by 195.178.110.50 port 31898 [preauth]
May  7 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session closed for user root
May  7 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Failed password for root from 218.92.0.217 port 25114 ssh2
May  7 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Received disconnect from 218.92.0.217 port 25114:11:  [preauth]
May  7 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Disconnected from 218.92.0.217 port 25114 [preauth]
May  7 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: Invalid user ^ from 195.178.110.50
May  7 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: input_userauth_request: invalid user ^ [preauth]
May  7 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 10:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: Failed password for invalid user ^ from 195.178.110.50 port 36198 ssh2
May  7 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: Connection closed by 195.178.110.50 port 36198 [preauth]
May  7 10:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[730]: pam_unix(cron:session): session closed for user p13x
May  7 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[812]: Successful su for rubyman by root
May  7 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[812]: + ??? root:rubyman
May  7 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346246 of user rubyman.
May  7 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[812]: pam_unix(su:session): session closed for user rubyman
May  7 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346246.
May  7 10:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196  user=root
May  7 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29984]: pam_unix(cron:session): session closed for user root
May  7 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[731]: pam_unix(cron:session): session closed for user samftp
May  7 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Failed password for root from 14.103.140.196 port 55220 ssh2
May  7 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Received disconnect from 14.103.140.196 port 55220:11: Bye Bye [preauth]
May  7 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[922]: Disconnected from 14.103.140.196 port 55220 [preauth]
May  7 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Invalid user k from 195.178.110.50
May  7 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: input_userauth_request: invalid user k [preauth]
May  7 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 10:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for invalid user k from 195.178.110.50 port 52788 ssh2
May  7 10:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 195.178.110.50 port 52788 [preauth]
May  7 10:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Invalid user ubnt from 194.0.234.19
May  7 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: input_userauth_request: invalid user ubnt [preauth]
May  7 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Failed password for invalid user ubnt from 194.0.234.19 port 56090 ssh2
May  7 10:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Connection closed by 194.0.234.19 port 56090 [preauth]
May  7 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session closed for user root
May  7 10:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session closed for user p13x
May  7 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: Successful su for rubyman by root
May  7 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: + ??? root:rubyman
May  7 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346250 of user rubyman.
May  7 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1303]: pam_unix(su:session): session closed for user rubyman
May  7 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346250.
May  7 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30403]: pam_unix(cron:session): session closed for user root
May  7 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session closed for user samftp
May  7 10:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Invalid user ftpuser from 14.103.140.196
May  7 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: input_userauth_request: invalid user ftpuser [preauth]
May  7 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Failed password for invalid user ftpuser from 14.103.140.196 port 36108 ssh2
May  7 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Received disconnect from 14.103.140.196 port 36108:11: Bye Bye [preauth]
May  7 10:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Disconnected from 14.103.140.196 port 36108 [preauth]
May  7 10:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32564]: pam_unix(cron:session): session closed for user root
May  7 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session closed for user p13x
May  7 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: Successful su for rubyman by root
May  7 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: + ??? root:rubyman
May  7 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346253 of user rubyman.
May  7 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: pam_unix(su:session): session closed for user rubyman
May  7 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346253.
May  7 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30804]: pam_unix(cron:session): session closed for user root
May  7 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1707]: pam_unix(cron:session): session closed for user samftp
May  7 10:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Invalid user admin from 80.94.95.112
May  7 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: input_userauth_request: invalid user admin [preauth]
May  7 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196  user=root
May  7 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Failed password for invalid user admin from 80.94.95.112 port 64808 ssh2
May  7 10:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Failed password for root from 14.103.140.196 port 48872 ssh2
May  7 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Received disconnect from 14.103.140.196 port 48872:11: Bye Bye [preauth]
May  7 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2114]: Disconnected from 14.103.140.196 port 48872 [preauth]
May  7 10:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Failed password for invalid user admin from 80.94.95.112 port 64808 ssh2
May  7 10:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Failed password for invalid user admin from 80.94.95.112 port 64808 ssh2
May  7 10:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Failed password for invalid user admin from 80.94.95.112 port 64808 ssh2
May  7 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session closed for user root
May  7 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Failed password for invalid user admin from 80.94.95.112 port 64808 ssh2
May  7 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Received disconnect from 80.94.95.112 port 64808:11: Bye [preauth]
May  7 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: Disconnected from 80.94.95.112 port 64808 [preauth]
May  7 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 10:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2099]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2227]: pam_unix(cron:session): session closed for user p13x
May  7 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2289]: Successful su for rubyman by root
May  7 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2289]: + ??? root:rubyman
May  7 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346258 of user rubyman.
May  7 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2289]: pam_unix(su:session): session closed for user rubyman
May  7 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346258.
May  7 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 10:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.149.206
May  7 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user root
May  7 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2228]: pam_unix(cron:session): session closed for user samftp
May  7 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session closed for user root
May  7 10:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Invalid user alex from 14.103.140.196
May  7 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: input_userauth_request: invalid user alex [preauth]
May  7 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Failed password for invalid user alex from 14.103.140.196 port 44834 ssh2
May  7 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Received disconnect from 14.103.140.196 port 44834:11: Bye Bye [preauth]
May  7 10:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2632]: Disconnected from 14.103.140.196 port 44834 [preauth]
May  7 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Invalid user delta from 64.23.161.151
May  7 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: input_userauth_request: invalid user delta [preauth]
May  7 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Failed password for invalid user delta from 64.23.161.151 port 48678 ssh2
May  7 10:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2656]: Connection closed by 64.23.161.151 port 48678 [preauth]
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2696]: pam_unix(cron:session): session closed for user root
May  7 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2691]: pam_unix(cron:session): session closed for user p13x
May  7 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: Successful su for rubyman by root
May  7 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: + ??? root:rubyman
May  7 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346260 of user rubyman.
May  7 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2768]: pam_unix(su:session): session closed for user rubyman
May  7 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346260.
May  7 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2693]: pam_unix(cron:session): session closed for user root
May  7 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user root
May  7 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2692]: pam_unix(cron:session): session closed for user samftp
May  7 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session closed for user root
May  7 10:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196  user=root
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 14.103.140.196 port 48842 ssh2
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Received disconnect from 14.103.140.196 port 48842:11: Bye Bye [preauth]
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Disconnected from 14.103.140.196 port 48842 [preauth]
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3143]: pam_unix(cron:session): session closed for user p13x
May  7 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3218]: Successful su for rubyman by root
May  7 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3218]: + ??? root:rubyman
May  7 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346266 of user rubyman.
May  7 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3218]: pam_unix(su:session): session closed for user rubyman
May  7 10:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346266.
May  7 10:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32563]: pam_unix(cron:session): session closed for user root
May  7 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3144]: pam_unix(cron:session): session closed for user samftp
May  7 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2230]: pam_unix(cron:session): session closed for user root
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3602]: pam_unix(cron:session): session closed for user p13x
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: Successful su for rubyman by root
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: + ??? root:rubyman
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346272 of user rubyman.
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3662]: pam_unix(su:session): session closed for user rubyman
May  7 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346272.
May  7 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[732]: pam_unix(cron:session): session closed for user root
May  7 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3603]: pam_unix(cron:session): session closed for user samftp
May  7 10:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Invalid user mh from 14.103.140.196
May  7 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: input_userauth_request: invalid user mh [preauth]
May  7 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Failed password for invalid user mh from 14.103.140.196 port 39696 ssh2
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Invalid user rise from 123.140.114.196
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: input_userauth_request: invalid user rise [preauth]
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Received disconnect from 14.103.140.196 port 39696:11: Bye Bye [preauth]
May  7 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3840]: Disconnected from 14.103.140.196 port 39696 [preauth]
May  7 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Failed password for invalid user rise from 123.140.114.196 port 40440 ssh2
May  7 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Received disconnect from 123.140.114.196 port 40440:11: Bye Bye [preauth]
May  7 10:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3850]: Disconnected from 123.140.114.196 port 40440 [preauth]
May  7 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2695]: pam_unix(cron:session): session closed for user root
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4028]: pam_unix(cron:session): session closed for user p13x
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: Successful su for rubyman by root
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: + ??? root:rubyman
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346275 of user rubyman.
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4091]: pam_unix(su:session): session closed for user rubyman
May  7 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346275.
May  7 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1229]: pam_unix(cron:session): session closed for user root
May  7 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4029]: pam_unix(cron:session): session closed for user samftp
May  7 10:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Invalid user tiptop from 14.103.140.196
May  7 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: input_userauth_request: invalid user tiptop [preauth]
May  7 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Failed password for invalid user tiptop from 14.103.140.196 port 57710 ssh2
May  7 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Received disconnect from 14.103.140.196 port 57710:11: Bye Bye [preauth]
May  7 10:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4462]: Disconnected from 14.103.140.196 port 57710 [preauth]
May  7 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3146]: pam_unix(cron:session): session closed for user root
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session closed for user p13x
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4660]: Successful su for rubyman by root
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4660]: + ??? root:rubyman
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346278 of user rubyman.
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4660]: pam_unix(su:session): session closed for user rubyman
May  7 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346278.
May  7 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
May  7 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4601]: pam_unix(cron:session): session closed for user samftp
May  7 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Failed password for root from 218.92.0.179 port 64444 ssh2
May  7 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 64444 ssh2]
May  7 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Received disconnect from 218.92.0.179 port 64444:11:  [preauth]
May  7 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: Disconnected from 218.92.0.179 port 64444 [preauth]
May  7 10:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4889]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3605]: pam_unix(cron:session): session closed for user root
May  7 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Invalid user bkp from 14.103.140.196
May  7 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: input_userauth_request: invalid user bkp [preauth]
May  7 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196
May  7 10:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Failed password for invalid user bkp from 14.103.140.196 port 43650 ssh2
May  7 10:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Received disconnect from 14.103.140.196 port 43650:11: Bye Bye [preauth]
May  7 10:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4961]: Disconnected from 14.103.140.196 port 43650 [preauth]
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session closed for user root
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session closed for user p13x
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5284]: Successful su for rubyman by root
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5284]: + ??? root:rubyman
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346286 of user rubyman.
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5284]: pam_unix(su:session): session closed for user rubyman
May  7 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346286.
May  7 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session closed for user root
May  7 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2229]: pam_unix(cron:session): session closed for user root
May  7 10:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5205]: pam_unix(cron:session): session closed for user samftp
May  7 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4031]: pam_unix(cron:session): session closed for user root
May  7 10:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.140.196  user=root
May  7 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for root from 14.103.140.196 port 32980 ssh2
May  7 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Received disconnect from 14.103.140.196 port 32980:11: Bye Bye [preauth]
May  7 10:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Disconnected from 14.103.140.196 port 32980 [preauth]
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5711]: pam_unix(cron:session): session closed for user p13x
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5778]: Successful su for rubyman by root
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5778]: + ??? root:rubyman
May  7 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346288 of user rubyman.
May  7 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5778]: pam_unix(su:session): session closed for user rubyman
May  7 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346288.
May  7 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2694]: pam_unix(cron:session): session closed for user root
May  7 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5712]: pam_unix(cron:session): session closed for user samftp
May  7 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session closed for user root
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6220]: pam_unix(cron:session): session closed for user p13x
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6283]: Successful su for rubyman by root
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6283]: + ??? root:rubyman
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346293 of user rubyman.
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6283]: pam_unix(su:session): session closed for user rubyman
May  7 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346293.
May  7 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3145]: pam_unix(cron:session): session closed for user root
May  7 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6221]: pam_unix(cron:session): session closed for user samftp
May  7 10:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: Invalid user ubnt from 85.208.84.5
May  7 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: input_userauth_request: invalid user ubnt [preauth]
May  7 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 10:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: Failed password for invalid user ubnt from 85.208.84.5 port 30130 ssh2
May  7 10:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6528]: Connection closed by 85.208.84.5 port 30130 [preauth]
May  7 10:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session closed for user root
May  7 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Invalid user liam from 64.23.161.151
May  7 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: input_userauth_request: invalid user liam [preauth]
May  7 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Failed password for invalid user liam from 64.23.161.151 port 44692 ssh2
May  7 10:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6565]: Connection closed by 64.23.161.151 port 44692 [preauth]
May  7 10:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6630]: pam_unix(cron:session): session closed for user p13x
May  7 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6700]: Successful su for rubyman by root
May  7 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6700]: + ??? root:rubyman
May  7 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346297 of user rubyman.
May  7 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6700]: pam_unix(su:session): session closed for user rubyman
May  7 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346297.
May  7 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3604]: pam_unix(cron:session): session closed for user root
May  7 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6631]: pam_unix(cron:session): session closed for user samftp
May  7 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5714]: pam_unix(cron:session): session closed for user root
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session closed for user p13x
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7207]: Successful su for rubyman by root
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7207]: + ??? root:rubyman
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346301 of user rubyman.
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7207]: pam_unix(su:session): session closed for user rubyman
May  7 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346301.
May  7 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4030]: pam_unix(cron:session): session closed for user root
May  7 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7146]: pam_unix(cron:session): session closed for user samftp
May  7 10:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Invalid user admin from 80.94.95.241
May  7 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: input_userauth_request: invalid user admin [preauth]
May  7 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for invalid user admin from 80.94.95.241 port 52727 ssh2
May  7 10:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for invalid user admin from 80.94.95.241 port 52727 ssh2
May  7 10:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for invalid user admin from 80.94.95.241 port 52727 ssh2
May  7 10:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for invalid user admin from 80.94.95.241 port 52727 ssh2
May  7 10:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Failed password for invalid user admin from 80.94.95.241 port 52727 ssh2
May  7 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Received disconnect from 80.94.95.241 port 52727:11: Bye [preauth]
May  7 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: Disconnected from 80.94.95.241 port 52727 [preauth]
May  7 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 10:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7386]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6223]: pam_unix(cron:session): session closed for user root
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7645]: pam_unix(cron:session): session closed for user root
May  7 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session closed for user p13x
May  7 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7719]: Successful su for rubyman by root
May  7 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7719]: + ??? root:rubyman
May  7 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346306 of user rubyman.
May  7 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7719]: pam_unix(su:session): session closed for user rubyman
May  7 10:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346306.
May  7 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7642]: pam_unix(cron:session): session closed for user root
May  7 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4602]: pam_unix(cron:session): session closed for user root
May  7 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session closed for user samftp
May  7 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6634]: pam_unix(cron:session): session closed for user root
May  7 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session closed for user p13x
May  7 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: Successful su for rubyman by root
May  7 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: + ??? root:rubyman
May  7 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346310 of user rubyman.
May  7 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8187]: pam_unix(su:session): session closed for user rubyman
May  7 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346310.
May  7 10:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5208]: pam_unix(cron:session): session closed for user root
May  7 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8096]: pam_unix(cron:session): session closed for user samftp
May  7 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7148]: pam_unix(cron:session): session closed for user root
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session closed for user p13x
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: Successful su for rubyman by root
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: + ??? root:rubyman
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346315 of user rubyman.
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: pam_unix(su:session): session closed for user rubyman
May  7 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346315.
May  7 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5713]: pam_unix(cron:session): session closed for user root
May  7 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session closed for user samftp
May  7 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Invalid user  from 196.251.84.225
May  7 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: input_userauth_request: invalid user  [preauth]
May  7 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8786]: Connection closed by 196.251.84.225 port 56956 [preauth]
May  7 10:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for root from 218.92.0.233 port 49850 ssh2
May  7 10:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for root from 218.92.0.233 port 49850 ssh2
May  7 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7644]: pam_unix(cron:session): session closed for user root
May  7 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for root from 218.92.0.233 port 49850 ssh2
May  7 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Received disconnect from 218.92.0.233 port 49850:11:  [preauth]
May  7 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Disconnected from 218.92.0.233 port 49850 [preauth]
May  7 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for root from 218.92.0.233 port 39824 ssh2
May  7 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 39824 ssh2]
May  7 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Received disconnect from 218.92.0.233 port 39824:11:  [preauth]
May  7 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Disconnected from 218.92.0.233 port 39824 [preauth]
May  7 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Failed password for root from 218.92.0.233 port 13012 ssh2
May  7 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 13012 ssh2]
May  7 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Received disconnect from 218.92.0.233 port 13012:11:  [preauth]
May  7 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: Disconnected from 218.92.0.233 port 13012 [preauth]
May  7 10:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8922]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session closed for user p13x
May  7 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: Successful su for rubyman by root
May  7 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: + ??? root:rubyman
May  7 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346320 of user rubyman.
May  7 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9030]: pam_unix(su:session): session closed for user rubyman
May  7 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346320.
May  7 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6222]: pam_unix(cron:session): session closed for user root
May  7 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session closed for user samftp
May  7 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Invalid user git from 123.140.114.196
May  7 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: input_userauth_request: invalid user git [preauth]
May  7 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): check pass; user unknown
May  7 10:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196
May  7 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Failed password for invalid user git from 123.140.114.196 port 34900 ssh2
May  7 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Received disconnect from 123.140.114.196 port 34900:11: Bye Bye [preauth]
May  7 10:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9346]: Disconnected from 123.140.114.196 port 34900 [preauth]
May  7 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8098]: pam_unix(cron:session): session closed for user root
May  7 10:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9496]: pam_unix(cron:session): session closed for user p13x
May  7 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: Successful su for rubyman by root
May  7 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: + ??? root:rubyman
May  7 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346324 of user rubyman.
May  7 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: pam_unix(su:session): session closed for user rubyman
May  7 10:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346324.
May  7 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6633]: pam_unix(cron:session): session closed for user root
May  7 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9497]: pam_unix(cron:session): session closed for user samftp
May  7 10:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Did not receive identification string from 42.51.13.138
May  7 10:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8544]: pam_unix(cron:session): session closed for user root
May  7 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 10:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: Failed password for root from 42.51.13.138 port 53988 ssh2
May  7 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9809]: Connection closed by 42.51.13.138 port 53988 [preauth]
May  7 10:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 10:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Failed password for root from 42.51.13.138 port 34548 ssh2
May  7 10:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Connection closed by 42.51.13.138 port 34548 [preauth]
May  7 10:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 10:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 10:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: Failed password for root from 42.51.13.138 port 40326 ssh2
May  7 10:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9882]: Connection closed by 42.51.13.138 port 40326 [preauth]
May  7 10:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session closed for user root
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9915]: pam_unix(cron:session): session closed for user root
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9913]: pam_unix(cron:session): session closed for user p13x
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10008]: Successful su for rubyman by root
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10008]: + ??? root:rubyman
May  7 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346329 of user rubyman.
May  7 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10008]: pam_unix(su:session): session closed for user rubyman
May  7 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346329.
May  7 11:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9916]: pam_unix(cron:session): session closed for user root
May  7 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7147]: pam_unix(cron:session): session closed for user root
May  7 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Failed password for root from 42.51.13.138 port 46784 ssh2
May  7 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9914]: pam_unix(cron:session): session closed for user samftp
May  7 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9900]: Connection closed by 42.51.13.138 port 46784 [preauth]
May  7 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: Failed password for root from 42.51.13.138 port 54058 ssh2
May  7 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10309]: Connection closed by 42.51.13.138 port 54058 [preauth]
May  7 11:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9467]: Connection reset by 218.92.0.220 port 25502 [preauth]
May  7 11:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10345]: Failed password for root from 42.51.13.138 port 33992 ssh2
May  7 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: Invalid user shared from 64.23.161.151
May  7 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: input_userauth_request: invalid user shared [preauth]
May  7 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Invalid user yanghua from 164.68.105.9
May  7 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: input_userauth_request: invalid user yanghua [preauth]
May  7 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: Failed password for invalid user shared from 64.23.161.151 port 36888 ssh2
May  7 11:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10381]: Connection closed by 64.23.161.151 port 36888 [preauth]
May  7 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10345]: Connection closed by 42.51.13.138 port 33992 [preauth]
May  7 11:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for invalid user yanghua from 164.68.105.9 port 46406 ssh2
May  7 11:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Connection closed by 164.68.105.9 port 46406 [preauth]
May  7 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session closed for user root
May  7 11:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Failed password for root from 42.51.13.138 port 40858 ssh2
May  7 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10385]: Connection closed by 42.51.13.138 port 40858 [preauth]
May  7 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Failed password for root from 42.51.13.138 port 45020 ssh2
May  7 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10473]: Connection closed by 42.51.13.138 port 45020 [preauth]
May  7 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: Failed password for root from 42.51.13.138 port 49582 ssh2
May  7 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10539]: pam_unix(cron:session): session closed for user p13x
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10626]: Successful su for rubyman by root
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10626]: + ??? root:rubyman
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346333 of user rubyman.
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10626]: pam_unix(su:session): session closed for user rubyman
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346333.
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: Connection closed by 42.51.13.138 port 49582 [preauth]
May  7 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7643]: pam_unix(cron:session): session closed for user root
May  7 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10540]: pam_unix(cron:session): session closed for user samftp
May  7 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Failed password for root from 42.51.13.138 port 53870 ssh2
May  7 11:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Connection closed by 42.51.13.138 port 53870 [preauth]
May  7 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Failed password for root from 42.51.13.138 port 59084 ssh2
May  7 11:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10879]: Connection closed by 42.51.13.138 port 59084 [preauth]
May  7 11:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9499]: pam_unix(cron:session): session closed for user root
May  7 11:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Failed password for root from 42.51.13.138 port 35662 ssh2
May  7 11:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10919]: Connection closed by 42.51.13.138 port 35662 [preauth]
May  7 11:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: Failed password for root from 42.51.13.138 port 39200 ssh2
May  7 11:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10956]: Connection closed by 42.51.13.138 port 39200 [preauth]
May  7 11:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11010]: pam_unix(cron:session): session closed for user p13x
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11074]: Successful su for rubyman by root
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11074]: + ??? root:rubyman
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346338 of user rubyman.
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11074]: pam_unix(su:session): session closed for user rubyman
May  7 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346338.
May  7 11:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for root from 80.94.95.125 port 60374 ssh2
May  7 11:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Failed password for root from 42.51.13.138 port 43362 ssh2
May  7 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for root from 80.94.95.125 port 60374 ssh2
May  7 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8097]: pam_unix(cron:session): session closed for user root
May  7 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11011]: pam_unix(cron:session): session closed for user samftp
May  7 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for root from 80.94.95.125 port 60374 ssh2
May  7 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10994]: Connection closed by 42.51.13.138 port 43362 [preauth]
May  7 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for root from 80.94.95.125 port 60374 ssh2
May  7 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for root from 80.94.95.125 port 60374 ssh2
May  7 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Received disconnect from 80.94.95.125 port 60374:11: Bye [preauth]
May  7 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Disconnected from 80.94.95.125 port 60374 [preauth]
May  7 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 11:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Invalid user user from 80.94.95.115
May  7 11:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: input_userauth_request: invalid user user [preauth]
May  7 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Failed password for invalid user user from 80.94.95.115 port 15976 ssh2
May  7 11:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Connection closed by 80.94.95.115 port 15976 [preauth]
May  7 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for root from 42.51.13.138 port 47408 ssh2
May  7 11:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Connection closed by 42.51.13.138 port 47408 [preauth]
May  7 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: Failed password for root from 42.51.13.138 port 51430 ssh2
May  7 11:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11291]: Connection closed by 42.51.13.138 port 51430 [preauth]
May  7 11:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9918]: pam_unix(cron:session): session closed for user root
May  7 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.13.138  user=root
May  7 11:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11321]: Failed password for root from 42.51.13.138 port 56478 ssh2
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11406]: pam_unix(cron:session): session closed for user p13x
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11478]: Successful su for rubyman by root
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11478]: + ??? root:rubyman
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346342 of user rubyman.
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11478]: pam_unix(su:session): session closed for user rubyman
May  7 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346342.
May  7 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session closed for user root
May  7 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11407]: pam_unix(cron:session): session closed for user samftp
May  7 11:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Invalid user ubuntu from 196.251.84.225
May  7 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: input_userauth_request: invalid user ubuntu [preauth]
May  7 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Failed password for invalid user ubuntu from 196.251.84.225 port 41888 ssh2
May  7 11:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Connection closed by 196.251.84.225 port 41888 [preauth]
May  7 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10543]: pam_unix(cron:session): session closed for user root
May  7 11:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Invalid user jellyfin from 196.251.84.225
May  7 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: input_userauth_request: invalid user jellyfin [preauth]
May  7 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Failed password for invalid user jellyfin from 196.251.84.225 port 55054 ssh2
May  7 11:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Connection closed by 196.251.84.225 port 55054 [preauth]
May  7 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11823]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11822]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11822]: pam_unix(cron:session): session closed for user p13x
May  7 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: Successful su for rubyman by root
May  7 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: + ??? root:rubyman
May  7 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346345 of user rubyman.
May  7 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11882]: pam_unix(su:session): session closed for user rubyman
May  7 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346345.
May  7 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session closed for user root
May  7 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11823]: pam_unix(cron:session): session closed for user samftp
May  7 11:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Invalid user user from 194.0.234.19
May  7 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: input_userauth_request: invalid user user [preauth]
May  7 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 11:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Failed password for invalid user user from 194.0.234.19 port 39314 ssh2
May  7 11:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12078]: Connection closed by 194.0.234.19 port 39314 [preauth]
May  7 11:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: Invalid user steam from 196.251.84.225
May  7 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: input_userauth_request: invalid user steam [preauth]
May  7 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Invalid user ftpu from 190.103.202.7
May  7 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: input_userauth_request: invalid user ftpu [preauth]
May  7 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 11:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for root from 218.92.0.179 port 63013 ssh2
May  7 11:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: Failed password for invalid user steam from 196.251.84.225 port 49874 ssh2
May  7 11:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12089]: Connection closed by 196.251.84.225 port 49874 [preauth]
May  7 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user ftpu from 190.103.202.7 port 34444 ssh2
May  7 11:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Connection closed by 190.103.202.7 port 34444 [preauth]
May  7 11:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for root from 218.92.0.179 port 63013 ssh2
May  7 11:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Failed password for root from 218.92.0.179 port 63013 ssh2
May  7 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Received disconnect from 218.92.0.179 port 63013:11:  [preauth]
May  7 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: Disconnected from 218.92.0.179 port 63013 [preauth]
May  7 11:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12091]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11013]: pam_unix(cron:session): session closed for user root
May  7 11:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Invalid user app from 196.251.84.225
May  7 11:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: input_userauth_request: invalid user app [preauth]
May  7 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 218.92.0.210 port 47782 ssh2
May  7 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Failed password for invalid user app from 196.251.84.225 port 47460 ssh2
May  7 11:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12194]: Connection closed by 196.251.84.225 port 47460 [preauth]
May  7 11:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 218.92.0.210 port 47782 ssh2
May  7 11:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 218.92.0.210 port 47782 ssh2
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12218]: pam_unix(cron:session): session closed for user root
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session closed for user p13x
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12287]: Successful su for rubyman by root
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12287]: + ??? root:rubyman
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346350 of user rubyman.
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12287]: pam_unix(su:session): session closed for user rubyman
May  7 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346350.
May  7 11:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 218.92.0.210 port 47782 ssh2
May  7 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12215]: pam_unix(cron:session): session closed for user root
May  7 11:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9498]: pam_unix(cron:session): session closed for user root
May  7 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Failed password for root from 218.92.0.210 port 47782 ssh2
May  7 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 47782 ssh2 [preauth]
May  7 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: Disconnecting: Too many authentication failures [preauth]
May  7 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 11:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12214]: pam_unix(cron:session): session closed for user samftp
May  7 11:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 11:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Failed password for root from 218.92.0.210 port 41716 ssh2
May  7 11:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 41716 ssh2]
May  7 11:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Failed password for root from 218.92.0.210 port 41716 ssh2
May  7 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 41716 ssh2 [preauth]
May  7 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: Disconnecting: Too many authentication failures [preauth]
May  7 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 11:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12502]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 11:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Invalid user satisfactory from 196.251.84.225
May  7 11:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: input_userauth_request: invalid user satisfactory [preauth]
May  7 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Failed password for invalid user satisfactory from 196.251.84.225 port 51658 ssh2
May  7 11:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12557]: Connection closed by 196.251.84.225 port 51658 [preauth]
May  7 11:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session closed for user root
May  7 11:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12650]: pam_unix(cron:session): session closed for user p13x
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: Successful su for rubyman by root
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: + ??? root:rubyman
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346356 of user rubyman.
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12719]: pam_unix(su:session): session closed for user rubyman
May  7 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346356.
May  7 11:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: Failed password for root from 196.251.84.225 port 42492 ssh2
May  7 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9917]: pam_unix(cron:session): session closed for user root
May  7 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12647]: Connection closed by 196.251.84.225 port 42492 [preauth]
May  7 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12651]: pam_unix(cron:session): session closed for user samftp
May  7 11:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11825]: pam_unix(cron:session): session closed for user root
May  7 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for root from 196.251.84.225 port 60206 ssh2
May  7 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Connection closed by 196.251.84.225 port 60206 [preauth]
May  7 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Invalid user docker from 196.251.84.225
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: input_userauth_request: invalid user docker [preauth]
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13063]: pam_unix(cron:session): session closed for user p13x
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13122]: Successful su for rubyman by root
May  7 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13122]: + ??? root:rubyman
May  7 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346360 of user rubyman.
May  7 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13122]: pam_unix(su:session): session closed for user rubyman
May  7 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346360.
May  7 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Failed password for invalid user docker from 196.251.84.225 port 48110 ssh2
May  7 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: Connection closed by 196.251.84.225 port 48110 [preauth]
May  7 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10541]: pam_unix(cron:session): session closed for user root
May  7 11:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session closed for user samftp
May  7 11:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Failed password for root from 193.70.84.184 port 54128 ssh2
May  7 11:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Connection closed by 193.70.84.184 port 54128 [preauth]
May  7 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Failed password for root from 196.251.84.225 port 47510 ssh2
May  7 11:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13370]: Connection closed by 196.251.84.225 port 47510 [preauth]
May  7 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12217]: pam_unix(cron:session): session closed for user root
May  7 11:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Invalid user arkserver from 196.251.84.225
May  7 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: input_userauth_request: invalid user arkserver [preauth]
May  7 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Failed password for invalid user arkserver from 196.251.84.225 port 56340 ssh2
May  7 11:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13535]: Connection closed by 196.251.84.225 port 56340 [preauth]
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13557]: pam_unix(cron:session): session closed for user p13x
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: Successful su for rubyman by root
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: + ??? root:rubyman
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346364 of user rubyman.
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13622]: pam_unix(su:session): session closed for user rubyman
May  7 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346364.
May  7 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11012]: pam_unix(cron:session): session closed for user root
May  7 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13559]: pam_unix(cron:session): session closed for user samftp
May  7 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: Invalid user teddy from 64.23.161.151
May  7 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: input_userauth_request: invalid user teddy [preauth]
May  7 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: Failed password for invalid user teddy from 64.23.161.151 port 36676 ssh2
May  7 11:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13846]: Connection closed by 64.23.161.151 port 36676 [preauth]
May  7 11:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Invalid user cisco from 80.94.95.29
May  7 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: input_userauth_request: invalid user cisco [preauth]
May  7 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 11:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for root from 196.251.84.225 port 34784 ssh2
May  7 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Connection closed by 196.251.84.225 port 34784 [preauth]
May  7 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user cisco from 80.94.95.29 port 28049 ssh2
May  7 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12653]: pam_unix(cron:session): session closed for user root
May  7 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user cisco from 80.94.95.29 port 28049 ssh2
May  7 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user cisco from 80.94.95.29 port 28049 ssh2
May  7 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user cisco from 80.94.95.29 port 28049 ssh2
May  7 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for invalid user cisco from 80.94.95.29 port 28049 ssh2
May  7 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Received disconnect from 80.94.95.29 port 28049:11: Bye [preauth]
May  7 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Disconnected from 80.94.95.29 port 28049 [preauth]
May  7 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Failed password for root from 196.251.84.225 port 55876 ssh2
May  7 11:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Connection closed by 196.251.84.225 port 55876 [preauth]
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13974]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13973]: pam_unix(cron:session): session closed for user p13x
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: Successful su for rubyman by root
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: + ??? root:rubyman
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346367 of user rubyman.
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: pam_unix(su:session): session closed for user rubyman
May  7 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346367.
May  7 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13971]: pam_unix(cron:session): session closed for user root
May  7 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11408]: pam_unix(cron:session): session closed for user root
May  7 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13974]: pam_unix(cron:session): session closed for user samftp
May  7 11:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Failed password for root from 196.251.84.225 port 32872 ssh2
May  7 11:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14374]: Connection closed by 196.251.84.225 port 32872 [preauth]
May  7 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session closed for user root
May  7 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Invalid user samba from 196.251.84.225
May  7 11:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: input_userauth_request: invalid user samba [preauth]
May  7 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Failed password for invalid user samba from 196.251.84.225 port 50758 ssh2
May  7 11:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14451]: Connection closed by 196.251.84.225 port 50758 [preauth]
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user root
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14462]: pam_unix(cron:session): session closed for user p13x
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: Successful su for rubyman by root
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: + ??? root:rubyman
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346373 of user rubyman.
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14536]: pam_unix(su:session): session closed for user rubyman
May  7 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346373.
May  7 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14464]: pam_unix(cron:session): session closed for user root
May  7 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11824]: pam_unix(cron:session): session closed for user root
May  7 11:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14463]: pam_unix(cron:session): session closed for user samftp
May  7 11:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Failed password for root from 123.140.114.196 port 39044 ssh2
May  7 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Received disconnect from 123.140.114.196 port 39044:11: Bye Bye [preauth]
May  7 11:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14762]: Disconnected from 123.140.114.196 port 39044 [preauth]
May  7 11:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Invalid user demo from 196.251.84.225
May  7 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: input_userauth_request: invalid user demo [preauth]
May  7 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Failed password for invalid user demo from 196.251.84.225 port 50710 ssh2
May  7 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Connection closed by 196.251.84.225 port 50710 [preauth]
May  7 11:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13561]: pam_unix(cron:session): session closed for user root
May  7 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Failed password for root from 218.92.0.179 port 22831 ssh2
May  7 11:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 22831 ssh2]
May  7 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Received disconnect from 218.92.0.179 port 22831:11:  [preauth]
May  7 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: Disconnected from 218.92.0.179 port 22831 [preauth]
May  7 11:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14825]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14862]: Connection closed by 45.79.181.104 port 9368 [preauth]
May  7 11:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14865]: Connection closed by 45.79.181.104 port 9374 [preauth]
May  7 11:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: fatal: Unable to negotiate with 45.79.181.104 port 9388: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  7 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: Invalid user demo from 196.251.84.225
May  7 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: input_userauth_request: invalid user demo [preauth]
May  7 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: Failed password for invalid user demo from 196.251.84.225 port 35792 ssh2
May  7 11:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: Connection closed by 196.251.84.225 port 35792 [preauth]
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14931]: pam_unix(cron:session): session closed for user p13x
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: Successful su for rubyman by root
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: + ??? root:rubyman
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346380 of user rubyman.
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15005]: pam_unix(su:session): session closed for user rubyman
May  7 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346380.
May  7 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12216]: pam_unix(cron:session): session closed for user root
May  7 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14932]: pam_unix(cron:session): session closed for user samftp
May  7 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Failed password for root from 196.251.84.225 port 39686 ssh2
May  7 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15205]: Connection closed by 196.251.84.225 port 39686 [preauth]
May  7 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session closed for user root
May  7 11:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Failed password for root from 196.251.84.225 port 56346 ssh2
May  7 11:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Connection closed by 196.251.84.225 port 56346 [preauth]
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15337]: pam_unix(cron:session): session closed for user p13x
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15397]: Successful su for rubyman by root
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15397]: + ??? root:rubyman
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346385 of user rubyman.
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15397]: pam_unix(su:session): session closed for user rubyman
May  7 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346385.
May  7 11:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12652]: pam_unix(cron:session): session closed for user root
May  7 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15338]: pam_unix(cron:session): session closed for user samftp
May  7 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Invalid user grafana from 196.251.84.225
May  7 11:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: input_userauth_request: invalid user grafana [preauth]
May  7 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Failed password for invalid user grafana from 196.251.84.225 port 38038 ssh2
May  7 11:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15606]: Connection closed by 196.251.84.225 port 38038 [preauth]
May  7 11:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user root
May  7 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Invalid user steam from 196.251.84.225
May  7 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: input_userauth_request: invalid user steam [preauth]
May  7 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Failed password for invalid user steam from 196.251.84.225 port 54418 ssh2
May  7 11:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Connection closed by 196.251.84.225 port 54418 [preauth]
May  7 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15726]: pam_unix(cron:session): session closed for user p13x
May  7 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15790]: Successful su for rubyman by root
May  7 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15790]: + ??? root:rubyman
May  7 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346386 of user rubyman.
May  7 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15790]: pam_unix(su:session): session closed for user rubyman
May  7 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346386.
May  7 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user root
May  7 11:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15727]: pam_unix(cron:session): session closed for user samftp
May  7 11:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: Invalid user redis from 196.251.84.225
May  7 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: input_userauth_request: invalid user redis [preauth]
May  7 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: Failed password for invalid user redis from 196.251.84.225 port 56824 ssh2
May  7 11:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15980]: Connection closed by 196.251.84.225 port 56824 [preauth]
May  7 11:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14934]: pam_unix(cron:session): session closed for user root
May  7 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: Invalid user gmod from 196.251.84.225
May  7 11:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: input_userauth_request: invalid user gmod [preauth]
May  7 11:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: Failed password for invalid user gmod from 196.251.84.225 port 33066 ssh2
May  7 11:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16066]: Connection closed by 196.251.84.225 port 33066 [preauth]
May  7 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16116]: pam_unix(cron:session): session closed for user p13x
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: Successful su for rubyman by root
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: + ??? root:rubyman
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346390 of user rubyman.
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16184]: pam_unix(su:session): session closed for user rubyman
May  7 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346390.
May  7 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13560]: pam_unix(cron:session): session closed for user root
May  7 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16117]: pam_unix(cron:session): session closed for user samftp
May  7 11:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16323]: Failed password for root from 218.92.0.103 port 63584 ssh2
May  7 11:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Invalid user vps from 196.251.84.225
May  7 11:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: input_userauth_request: invalid user vps [preauth]
May  7 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Failed password for invalid user vps from 196.251.84.225 port 57292 ssh2
May  7 11:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Connection closed by 196.251.84.225 port 57292 [preauth]
May  7 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15340]: pam_unix(cron:session): session closed for user root
May  7 11:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Invalid user jito from 196.251.84.225
May  7 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: input_userauth_request: invalid user jito [preauth]
May  7 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Failed password for invalid user jito from 196.251.84.225 port 34986 ssh2
May  7 11:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16468]: Connection closed by 196.251.84.225 port 34986 [preauth]
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16558]: pam_unix(cron:session): session closed for user root
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16547]: pam_unix(cron:session): session closed for user p13x
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: Successful su for rubyman by root
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: + ??? root:rubyman
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346398 of user rubyman.
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16640]: pam_unix(su:session): session closed for user rubyman
May  7 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346398.
May  7 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16555]: pam_unix(cron:session): session closed for user root
May  7 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13975]: pam_unix(cron:session): session closed for user root
May  7 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16554]: pam_unix(cron:session): session closed for user samftp
May  7 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Invalid user elasticsearch from 196.251.84.225
May  7 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Failed password for invalid user elasticsearch from 196.251.84.225 port 59970 ssh2
May  7 11:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16848]: Connection closed by 196.251.84.225 port 59970 [preauth]
May  7 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: Failed password for root from 218.92.0.179 port 42461 ssh2
May  7 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42461 ssh2]
May  7 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: Received disconnect from 218.92.0.179 port 42461:11:  [preauth]
May  7 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: Disconnected from 218.92.0.179 port 42461 [preauth]
May  7 11:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16892]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15729]: pam_unix(cron:session): session closed for user root
May  7 11:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for root from 196.251.84.225 port 55280 ssh2
May  7 11:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Connection closed by 196.251.84.225 port 55280 [preauth]
May  7 11:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session closed for user p13x
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17104]: Successful su for rubyman by root
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17104]: + ??? root:rubyman
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346400 of user rubyman.
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17104]: pam_unix(su:session): session closed for user rubyman
May  7 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346400.
May  7 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user root
May  7 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: Invalid user samba from 196.251.84.225
May  7 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: input_userauth_request: invalid user samba [preauth]
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session closed for user samftp
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Invalid user steam from 123.140.114.196
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: input_userauth_request: invalid user steam [preauth]
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196
May  7 11:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: Failed password for invalid user samba from 196.251.84.225 port 59392 ssh2
May  7 11:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17268]: Connection closed by 196.251.84.225 port 59392 [preauth]
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for invalid user steam from 123.140.114.196 port 35820 ssh2
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Received disconnect from 123.140.114.196 port 35820:11: Bye Bye [preauth]
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Disconnected from 123.140.114.196 port 35820 [preauth]
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Invalid user tyler from 64.23.161.151
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: input_userauth_request: invalid user tyler [preauth]
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for invalid user tyler from 64.23.161.151 port 53494 ssh2
May  7 11:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Connection closed by 64.23.161.151 port 53494 [preauth]
May  7 11:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Invalid user teste from 85.208.84.4
May  7 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: input_userauth_request: invalid user teste [preauth]
May  7 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 11:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Failed password for invalid user teste from 85.208.84.4 port 61256 ssh2
May  7 11:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17348]: Connection closed by 85.208.84.4 port 61256 [preauth]
May  7 11:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: Invalid user solana from 196.251.84.225
May  7 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: input_userauth_request: invalid user solana [preauth]
May  7 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16119]: pam_unix(cron:session): session closed for user root
May  7 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: Failed password for invalid user solana from 196.251.84.225 port 49692 ssh2
May  7 11:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: Connection closed by 196.251.84.225 port 49692 [preauth]
May  7 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: Invalid user esroot from 196.251.84.225
May  7 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: input_userauth_request: invalid user esroot [preauth]
May  7 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17450]: pam_unix(cron:session): session closed for user root
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17452]: pam_unix(cron:session): session closed for user p13x
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17533]: Successful su for rubyman by root
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17533]: + ??? root:rubyman
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346406 of user rubyman.
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17533]: pam_unix(su:session): session closed for user rubyman
May  7 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346406.
May  7 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: Failed password for invalid user esroot from 196.251.84.225 port 47404 ssh2
May  7 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17447]: Connection closed by 196.251.84.225 port 47404 [preauth]
May  7 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14933]: pam_unix(cron:session): session closed for user root
May  7 11:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17453]: pam_unix(cron:session): session closed for user samftp
May  7 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Invalid user admin from 196.251.84.225
May  7 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: input_userauth_request: invalid user admin [preauth]
May  7 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Failed password for invalid user admin from 196.251.84.225 port 41302 ssh2
May  7 11:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Connection closed by 196.251.84.225 port 41302 [preauth]
May  7 11:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Failed password for root from 218.92.0.221 port 11454 ssh2
May  7 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16557]: pam_unix(cron:session): session closed for user root
May  7 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Failed password for root from 218.92.0.221 port 11454 ssh2
May  7 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Failed password for root from 218.92.0.221 port 11454 ssh2
May  7 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Received disconnect from 218.92.0.221 port 11454:11:  [preauth]
May  7 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: Disconnected from 218.92.0.221 port 11454 [preauth]
May  7 11:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17889]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 11:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Invalid user apache from 196.251.84.225
May  7 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: input_userauth_request: invalid user apache [preauth]
May  7 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Failed password for invalid user apache from 196.251.84.225 port 43442 ssh2
May  7 11:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Connection closed by 196.251.84.225 port 43442 [preauth]
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17986]: pam_unix(cron:session): session closed for user p13x
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18056]: Successful su for rubyman by root
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18056]: + ??? root:rubyman
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346410 of user rubyman.
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18056]: pam_unix(su:session): session closed for user rubyman
May  7 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346410.
May  7 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15339]: pam_unix(cron:session): session closed for user root
May  7 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17987]: pam_unix(cron:session): session closed for user samftp
May  7 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Invalid user latitude from 196.251.84.225
May  7 11:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: input_userauth_request: invalid user latitude [preauth]
May  7 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Failed password for invalid user latitude from 196.251.84.225 port 48308 ssh2
May  7 11:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18282]: Connection closed by 196.251.84.225 port 48308 [preauth]
May  7 11:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session closed for user root
May  7 11:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Invalid user admin from 80.94.95.112
May  7 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: input_userauth_request: invalid user admin [preauth]
May  7 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 11:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Failed password for invalid user admin from 80.94.95.112 port 38675 ssh2
May  7 11:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Failed password for invalid user admin from 80.94.95.112 port 38675 ssh2
May  7 11:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Failed password for invalid user admin from 80.94.95.112 port 38675 ssh2
May  7 11:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Failed password for invalid user admin from 80.94.95.112 port 38675 ssh2
May  7 11:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Failed password for invalid user admin from 80.94.95.112 port 38675 ssh2
May  7 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Received disconnect from 80.94.95.112 port 38675:11: Bye [preauth]
May  7 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: Disconnected from 80.94.95.112 port 38675 [preauth]
May  7 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 11:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18356]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: Invalid user weblogic from 196.251.84.225
May  7 11:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: input_userauth_request: invalid user weblogic [preauth]
May  7 11:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: Failed password for invalid user weblogic from 196.251.84.225 port 37688 ssh2
May  7 11:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18395]: Connection closed by 196.251.84.225 port 37688 [preauth]
May  7 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179  user=root
May  7 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: Failed password for root from 199.188.103.179 port 47518 ssh2
May  7 11:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18316]: Connection closed by 199.188.103.179 port 47518 [preauth]
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18419]: pam_unix(cron:session): session closed for user p13x
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: Successful su for rubyman by root
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: + ??? root:rubyman
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346413 of user rubyman.
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18484]: pam_unix(su:session): session closed for user rubyman
May  7 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346413.
May  7 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15728]: pam_unix(cron:session): session closed for user root
May  7 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18420]: pam_unix(cron:session): session closed for user samftp
May  7 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: Invalid user worker from 196.251.84.225
May  7 11:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: input_userauth_request: invalid user worker [preauth]
May  7 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: Failed password for invalid user worker from 196.251.84.225 port 34936 ssh2
May  7 11:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18695]: Connection closed by 196.251.84.225 port 34936 [preauth]
May  7 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17455]: pam_unix(cron:session): session closed for user root
May  7 11:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  7 11:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: Failed password for root from 218.92.0.223 port 63194 ssh2
May  7 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: message repeated 2 times: [ Failed password for root from 218.92.0.223 port 63194 ssh2]
May  7 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: Received disconnect from 218.92.0.223 port 63194:11:  [preauth]
May  7 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: Disconnected from 218.92.0.223 port 63194 [preauth]
May  7 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18763]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  7 11:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: Invalid user redis from 196.251.84.225
May  7 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: input_userauth_request: invalid user redis [preauth]
May  7 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: Failed password for invalid user redis from 196.251.84.225 port 37538 ssh2
May  7 11:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18803]: Connection closed by 196.251.84.225 port 37538 [preauth]
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18838]: pam_unix(cron:session): session closed for user root
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session closed for user p13x
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18902]: Successful su for rubyman by root
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18902]: + ??? root:rubyman
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346419 of user rubyman.
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18902]: pam_unix(su:session): session closed for user rubyman
May  7 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346419.
May  7 11:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18835]: pam_unix(cron:session): session closed for user root
May  7 11:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16118]: pam_unix(cron:session): session closed for user root
May  7 11:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18834]: pam_unix(cron:session): session closed for user samftp
May  7 11:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: Invalid user vps from 196.251.84.225
May  7 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: input_userauth_request: invalid user vps [preauth]
May  7 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: Failed password for invalid user vps from 196.251.84.225 port 54876 ssh2
May  7 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19147]: Connection closed by 196.251.84.225 port 54876 [preauth]
May  7 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17989]: pam_unix(cron:session): session closed for user root
May  7 11:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Invalid user nvidia from 196.251.84.225
May  7 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: input_userauth_request: invalid user nvidia [preauth]
May  7 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Failed password for invalid user nvidia from 196.251.84.225 port 45790 ssh2
May  7 11:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19225]: Connection closed by 196.251.84.225 port 45790 [preauth]
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19277]: pam_unix(cron:session): session closed for user p13x
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19346]: Successful su for rubyman by root
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19346]: + ??? root:rubyman
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19346]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346423 of user rubyman.
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19346]: pam_unix(su:session): session closed for user rubyman
May  7 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346423.
May  7 11:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16556]: pam_unix(cron:session): session closed for user root
May  7 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19278]: pam_unix(cron:session): session closed for user samftp
May  7 11:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19536]: Failed password for root from 196.251.84.225 port 57984 ssh2
May  7 11:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19536]: Connection closed by 196.251.84.225 port 57984 [preauth]
May  7 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18422]: pam_unix(cron:session): session closed for user root
May  7 11:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: Invalid user sftp from 196.251.84.225
May  7 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: input_userauth_request: invalid user sftp [preauth]
May  7 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: Failed password for invalid user sftp from 196.251.84.225 port 49970 ssh2
May  7 11:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19651]: Connection closed by 196.251.84.225 port 49970 [preauth]
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19709]: pam_unix(cron:session): session closed for user p13x
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19769]: Successful su for rubyman by root
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19769]: + ??? root:rubyman
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346428 of user rubyman.
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19769]: pam_unix(su:session): session closed for user rubyman
May  7 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346428.
May  7 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session closed for user root
May  7 11:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19710]: pam_unix(cron:session): session closed for user samftp
May  7 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Invalid user dolphinscheduler from 196.251.84.225
May  7 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 56608 ssh2
May  7 11:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19952]: Connection closed by 196.251.84.225 port 56608 [preauth]
May  7 11:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18837]: pam_unix(cron:session): session closed for user root
May  7 11:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Failed password for root from 196.251.84.225 port 59070 ssh2
May  7 11:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20055]: Connection closed by 196.251.84.225 port 59070 [preauth]
May  7 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20116]: pam_unix(cron:session): session closed for user p13x
May  7 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: Successful su for rubyman by root
May  7 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: + ??? root:rubyman
May  7 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346432 of user rubyman.
May  7 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20178]: pam_unix(su:session): session closed for user rubyman
May  7 11:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346432.
May  7 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17454]: pam_unix(cron:session): session closed for user root
May  7 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Invalid user mapr from 196.251.84.225
May  7 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: input_userauth_request: invalid user mapr [preauth]
May  7 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20118]: pam_unix(cron:session): session closed for user samftp
May  7 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Failed password for invalid user mapr from 196.251.84.225 port 51482 ssh2
May  7 11:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Connection closed by 196.251.84.225 port 51482 [preauth]
May  7 11:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Invalid user admin from 196.251.84.225
May  7 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: input_userauth_request: invalid user admin [preauth]
May  7 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19280]: pam_unix(cron:session): session closed for user root
May  7 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Failed password for invalid user admin from 196.251.84.225 port 36386 ssh2
May  7 11:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20428]: Connection closed by 196.251.84.225 port 36386 [preauth]
May  7 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Invalid user ankur from 64.23.161.151
May  7 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: input_userauth_request: invalid user ankur [preauth]
May  7 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Failed password for invalid user ankur from 64.23.161.151 port 45274 ssh2
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20512]: Connection closed by 64.23.161.151 port 45274 [preauth]
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20518]: pam_unix(cron:session): session closed for user p13x
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: Successful su for rubyman by root
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: + ??? root:rubyman
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346436 of user rubyman.
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20578]: pam_unix(su:session): session closed for user rubyman
May  7 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346436.
May  7 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Failed password for root from 196.251.84.225 port 60096 ssh2
May  7 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20515]: Connection closed by 196.251.84.225 port 60096 [preauth]
May  7 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17988]: pam_unix(cron:session): session closed for user root
May  7 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20519]: pam_unix(cron:session): session closed for user samftp
May  7 11:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 11:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Failed password for root from 80.94.95.29 port 3781 ssh2
May  7 11:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: message repeated 4 times: [ Failed password for root from 80.94.95.29 port 3781 ssh2]
May  7 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Received disconnect from 80.94.95.29 port 3781:11: Bye [preauth]
May  7 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Disconnected from 80.94.95.29 port 3781 [preauth]
May  7 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29  user=root
May  7 11:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Failed password for root from 196.251.84.225 port 59236 ssh2
May  7 11:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20831]: Connection closed by 196.251.84.225 port 59236 [preauth]
May  7 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session closed for user root
May  7 11:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Invalid user nagios from 196.251.84.225
May  7 11:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: input_userauth_request: invalid user nagios [preauth]
May  7 11:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Failed password for invalid user nagios from 196.251.84.225 port 59730 ssh2
May  7 11:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Connection closed by 196.251.84.225 port 59730 [preauth]
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session closed for user root
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20935]: pam_unix(cron:session): session closed for user p13x
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21001]: Successful su for rubyman by root
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21001]: + ??? root:rubyman
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346443 of user rubyman.
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21001]: pam_unix(su:session): session closed for user rubyman
May  7 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346443.
May  7 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20937]: pam_unix(cron:session): session closed for user root
May  7 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18421]: pam_unix(cron:session): session closed for user root
May  7 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20936]: pam_unix(cron:session): session closed for user samftp
May  7 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 11:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Failed password for root from 218.92.0.103 port 18484 ssh2
May  7 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: message repeated 2 times: [ Failed password for root from 218.92.0.103 port 18484 ssh2]
May  7 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Received disconnect from 218.92.0.103 port 18484:11:  [preauth]
May  7 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: Disconnected from 218.92.0.103 port 18484 [preauth]
May  7 11:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21210]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 11:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Invalid user elsearch from 196.251.84.225
May  7 11:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: input_userauth_request: invalid user elsearch [preauth]
May  7 11:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Failed password for invalid user elsearch from 196.251.84.225 port 45874 ssh2
May  7 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21313]: Connection closed by 196.251.84.225 port 45874 [preauth]
May  7 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session closed for user root
May  7 11:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Invalid user ldap from 196.251.84.225
May  7 11:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: input_userauth_request: invalid user ldap [preauth]
May  7 11:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: Invalid user teste from 194.0.234.19
May  7 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: input_userauth_request: invalid user teste [preauth]
May  7 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Failed password for invalid user ldap from 196.251.84.225 port 46596 ssh2
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session closed for user p13x
May  7 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21401]: Connection closed by 196.251.84.225 port 46596 [preauth]
May  7 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: Successful su for rubyman by root
May  7 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: + ??? root:rubyman
May  7 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346445 of user rubyman.
May  7 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21485]: pam_unix(su:session): session closed for user rubyman
May  7 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346445.
May  7 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: Failed password for invalid user teste from 194.0.234.19 port 39860 ssh2
May  7 11:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21403]: Connection closed by 194.0.234.19 port 39860 [preauth]
May  7 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18836]: pam_unix(cron:session): session closed for user root
May  7 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session closed for user samftp
May  7 11:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Invalid user sftp from 196.251.84.225
May  7 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: input_userauth_request: invalid user sftp [preauth]
May  7 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Failed password for invalid user sftp from 196.251.84.225 port 59668 ssh2
May  7 11:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21850]: Connection closed by 196.251.84.225 port 59668 [preauth]
May  7 11:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20521]: pam_unix(cron:session): session closed for user root
May  7 11:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: Invalid user dolphinscheduler from 196.251.84.225
May  7 11:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 11:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22147]: pam_unix(cron:session): session closed for user p13x
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22214]: Successful su for rubyman by root
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22214]: + ??? root:rubyman
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346452 of user rubyman.
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22214]: pam_unix(su:session): session closed for user rubyman
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346452.
May  7 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 49624 ssh2
May  7 11:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22133]: Connection closed by 196.251.84.225 port 49624 [preauth]
May  7 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19279]: pam_unix(cron:session): session closed for user root
May  7 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22148]: pam_unix(cron:session): session closed for user samftp
May  7 11:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Invalid user kubernetes from 196.251.84.225
May  7 11:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: input_userauth_request: invalid user kubernetes [preauth]
May  7 11:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Failed password for invalid user kubernetes from 196.251.84.225 port 54304 ssh2
May  7 11:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22516]: Connection closed by 196.251.84.225 port 54304 [preauth]
May  7 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session closed for user root
May  7 11:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: Failed password for root from 196.251.84.225 port 44056 ssh2
May  7 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22605]: Connection closed by 196.251.84.225 port 44056 [preauth]
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22617]: pam_unix(cron:session): session closed for user p13x
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: Successful su for rubyman by root
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: + ??? root:rubyman
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346454 of user rubyman.
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22682]: pam_unix(su:session): session closed for user rubyman
May  7 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346454.
May  7 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19711]: pam_unix(cron:session): session closed for user root
May  7 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22619]: pam_unix(cron:session): session closed for user samftp
May  7 11:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Invalid user admin from 80.94.95.241
May  7 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: input_userauth_request: invalid user admin [preauth]
May  7 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 11:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Failed password for invalid user admin from 80.94.95.241 port 35519 ssh2
May  7 11:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Failed password for invalid user admin from 80.94.95.241 port 35519 ssh2
May  7 11:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Failed password for invalid user admin from 80.94.95.241 port 35519 ssh2
May  7 11:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Failed password for invalid user admin from 80.94.95.241 port 35519 ssh2
May  7 11:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Failed password for invalid user admin from 80.94.95.241 port 35519 ssh2
May  7 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Received disconnect from 80.94.95.241 port 35519:11: Bye [preauth]
May  7 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: Disconnected from 80.94.95.241 port 35519 [preauth]
May  7 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22902]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Invalid user elk from 196.251.84.225
May  7 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: input_userauth_request: invalid user elk [preauth]
May  7 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Failed password for invalid user elk from 196.251.84.225 port 41326 ssh2
May  7 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22978]: Connection closed by 196.251.84.225 port 41326 [preauth]
May  7 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user root
May  7 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Failed password for root from 123.140.114.196 port 57136 ssh2
May  7 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Received disconnect from 123.140.114.196 port 57136:11: Bye Bye [preauth]
May  7 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22999]: Disconnected from 123.140.114.196 port 57136 [preauth]
May  7 11:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Invalid user x from 195.178.110.50
May  7 11:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: input_userauth_request: invalid user x [preauth]
May  7 11:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Failed password for invalid user x from 195.178.110.50 port 25100 ssh2
May  7 11:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Invalid user ftpuser from 196.251.84.225
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: input_userauth_request: invalid user ftpuser [preauth]
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23039]: Connection closed by 195.178.110.50 port 25100 [preauth]
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session closed for user p13x
May  7 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23155]: Successful su for rubyman by root
May  7 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23155]: + ??? root:rubyman
May  7 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346459 of user rubyman.
May  7 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23155]: pam_unix(su:session): session closed for user rubyman
May  7 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346459.
May  7 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Failed password for invalid user ftpuser from 196.251.84.225 port 42420 ssh2
May  7 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23078]: Connection closed by 196.251.84.225 port 42420 [preauth]
May  7 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session closed for user root
May  7 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user samftp
May  7 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Invalid user ' from 195.178.110.50
May  7 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: input_userauth_request: invalid user ' [preauth]
May  7 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 11:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Failed password for invalid user ' from 195.178.110.50 port 5630 ssh2
May  7 11:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23083]: Connection closed by 195.178.110.50 port 5630 [preauth]
May  7 11:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: Invalid user vagrant from 196.251.84.225
May  7 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: input_userauth_request: invalid user vagrant [preauth]
May  7 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: Failed password for invalid user vagrant from 196.251.84.225 port 50904 ssh2
May  7 11:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23497]: Connection closed by 196.251.84.225 port 50904 [preauth]
May  7 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22150]: pam_unix(cron:session): session closed for user root
May  7 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 11:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:91.196.152.105
May  7 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Invalid user 4 from 195.178.110.50
May  7 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: input_userauth_request: invalid user 4 [preauth]
May  7 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 11:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Failed password for invalid user 4 from 195.178.110.50 port 4014 ssh2
May  7 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Connection closed by 195.178.110.50 port 4014 [preauth]
May  7 11:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Invalid user esuser from 196.251.84.225
May  7 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: input_userauth_request: invalid user esuser [preauth]
May  7 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Failed password for invalid user esuser from 196.251.84.225 port 43654 ssh2
May  7 11:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23590]: Connection closed by 196.251.84.225 port 43654 [preauth]
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23623]: pam_unix(cron:session): session closed for user root
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23618]: pam_unix(cron:session): session closed for user p13x
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: Successful su for rubyman by root
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: + ??? root:rubyman
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346462 of user rubyman.
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23688]: pam_unix(su:session): session closed for user rubyman
May  7 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346462.
May  7 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23620]: pam_unix(cron:session): session closed for user root
May  7 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Invalid user A from 195.178.110.50
May  7 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: input_userauth_request: invalid user A [preauth]
May  7 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20520]: pam_unix(cron:session): session closed for user root
May  7 11:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Failed password for invalid user A from 195.178.110.50 port 48624 ssh2
May  7 11:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23619]: pam_unix(cron:session): session closed for user samftp
May  7 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23579]: Connection closed by 195.178.110.50 port 48624 [preauth]
May  7 11:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Invalid user opc from 196.251.84.225
May  7 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: input_userauth_request: invalid user opc [preauth]
May  7 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Invalid user N from 195.178.110.50
May  7 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: input_userauth_request: invalid user N [preauth]
May  7 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Failed password for invalid user opc from 196.251.84.225 port 43098 ssh2
May  7 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Connection closed by 196.251.84.225 port 43098 [preauth]
May  7 11:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Failed password for invalid user N from 195.178.110.50 port 45694 ssh2
May  7 11:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24027]: Connection closed by 195.178.110.50 port 45694 [preauth]
May  7 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22621]: pam_unix(cron:session): session closed for user root
May  7 11:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Invalid user omsagent from 196.251.84.225
May  7 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: input_userauth_request: invalid user omsagent [preauth]
May  7 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Failed password for invalid user omsagent from 196.251.84.225 port 45376 ssh2
May  7 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Connection closed by 196.251.84.225 port 45376 [preauth]
May  7 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24170]: pam_unix(cron:session): session closed for user p13x
May  7 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24251]: Successful su for rubyman by root
May  7 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24251]: + ??? root:rubyman
May  7 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346468 of user rubyman.
May  7 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24251]: pam_unix(su:session): session closed for user rubyman
May  7 11:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346468.
May  7 11:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session closed for user root
May  7 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24171]: pam_unix(cron:session): session closed for user samftp
May  7 11:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Failed password for root from 196.251.84.225 port 38480 ssh2
May  7 11:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24491]: Connection closed by 196.251.84.225 port 38480 [preauth]
May  7 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
May  7 11:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Invalid user tom from 196.251.84.225
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: input_userauth_request: invalid user tom [preauth]
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: Invalid user btbtc21100 from 64.23.161.151
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: input_userauth_request: invalid user btbtc21100 [preauth]
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: Failed password for invalid user btbtc21100 from 64.23.161.151 port 36868 ssh2
May  7 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24605]: Connection closed by 64.23.161.151 port 36868 [preauth]
May  7 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Failed password for invalid user tom from 196.251.84.225 port 50434 ssh2
May  7 11:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24602]: Connection closed by 196.251.84.225 port 50434 [preauth]
May  7 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session closed for user p13x
May  7 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24703]: Successful su for rubyman by root
May  7 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24703]: + ??? root:rubyman
May  7 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346474 of user rubyman.
May  7 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24703]: pam_unix(su:session): session closed for user rubyman
May  7 11:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346474.
May  7 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session closed for user root
May  7 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session closed for user samftp
May  7 11:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: Failed password for root from 196.251.84.225 port 45438 ssh2
May  7 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24913]: Connection closed by 196.251.84.225 port 45438 [preauth]
May  7 11:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23622]: pam_unix(cron:session): session closed for user root
May  7 11:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Invalid user testuser from 196.251.84.225
May  7 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: input_userauth_request: invalid user testuser [preauth]
May  7 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Failed password for invalid user testuser from 196.251.84.225 port 41990 ssh2
May  7 11:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Connection closed by 196.251.84.225 port 41990 [preauth]
May  7 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: Invalid user albert123 from 50.235.31.47
May  7 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: input_userauth_request: invalid user albert123 [preauth]
May  7 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 11:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: Failed password for invalid user albert123 from 50.235.31.47 port 37414 ssh2
May  7 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25035]: Connection closed by 50.235.31.47 port 37414 [preauth]
May  7 11:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Failed password for root from 218.92.0.228 port 64926 ssh2
May  7 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 64926 ssh2]
May  7 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Received disconnect from 218.92.0.228 port 64926:11:  [preauth]
May  7 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: Disconnected from 218.92.0.228 port 64926 [preauth]
May  7 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25033]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25057]: pam_unix(cron:session): session closed for user p13x
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Failed password for root from 218.92.0.228 port 10966 ssh2
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: Successful su for rubyman by root
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: + ??? root:rubyman
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346477 of user rubyman.
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25116]: pam_unix(su:session): session closed for user rubyman
May  7 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346477.
May  7 11:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Failed password for root from 218.92.0.228 port 10966 ssh2
May  7 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22149]: pam_unix(cron:session): session closed for user root
May  7 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Failed password for root from 218.92.0.228 port 10966 ssh2
May  7 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Received disconnect from 218.92.0.228 port 10966:11:  [preauth]
May  7 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Disconnected from 218.92.0.228 port 10966 [preauth]
May  7 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25058]: pam_unix(cron:session): session closed for user samftp
May  7 11:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Failed password for root from 218.92.0.228 port 58876 ssh2
May  7 11:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Invalid user fil from 196.251.84.225
May  7 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: input_userauth_request: invalid user fil [preauth]
May  7 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Failed password for root from 218.92.0.228 port 58876 ssh2
May  7 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for invalid user fil from 196.251.84.225 port 45862 ssh2
May  7 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Failed password for root from 218.92.0.228 port 58876 ssh2
May  7 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 196.251.84.225 port 45862 [preauth]
May  7 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Received disconnect from 218.92.0.228 port 58876:11:  [preauth]
May  7 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: Disconnected from 218.92.0.228 port 58876 [preauth]
May  7 11:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25302]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24174]: pam_unix(cron:session): session closed for user root
May  7 11:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Invalid user terraria from 196.251.84.225
May  7 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: input_userauth_request: invalid user terraria [preauth]
May  7 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Failed password for invalid user terraria from 196.251.84.225 port 43388 ssh2
May  7 11:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Connection closed by 196.251.84.225 port 43388 [preauth]
May  7 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25478]: pam_unix(cron:session): session closed for user p13x
May  7 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25549]: Successful su for rubyman by root
May  7 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25549]: + ??? root:rubyman
May  7 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346480 of user rubyman.
May  7 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25549]: pam_unix(su:session): session closed for user rubyman
May  7 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346480.
May  7 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22620]: pam_unix(cron:session): session closed for user root
May  7 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Invalid user deepspeed from 196.251.84.225
May  7 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: input_userauth_request: invalid user deepspeed [preauth]
May  7 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25479]: pam_unix(cron:session): session closed for user samftp
May  7 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for invalid user deepspeed from 196.251.84.225 port 43126 ssh2
May  7 11:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Connection closed by 196.251.84.225 port 43126 [preauth]
May  7 11:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89  user=root
May  7 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Failed password for root from 189.3.191.89 port 57412 ssh2
May  7 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Received disconnect from 189.3.191.89 port 57412:11: Bye Bye [preauth]
May  7 11:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25812]: Disconnected from 189.3.191.89 port 57412 [preauth]
May  7 11:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: Invalid user zookeeper from 196.251.84.225
May  7 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: input_userauth_request: invalid user zookeeper [preauth]
May  7 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user root
May  7 11:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: Failed password for invalid user zookeeper from 196.251.84.225 port 41086 ssh2
May  7 11:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25885]: Connection closed by 196.251.84.225 port 41086 [preauth]
May  7 11:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session closed for user root
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user p13x
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26070]: Successful su for rubyman by root
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26070]: + ??? root:rubyman
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346484 of user rubyman.
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26070]: pam_unix(su:session): session closed for user rubyman
May  7 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346484.
May  7 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Failed password for root from 196.251.84.225 port 45196 ssh2
May  7 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
May  7 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session closed for user root
May  7 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Connection closed by 196.251.84.225 port 45196 [preauth]
May  7 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session closed for user samftp
May  7 11:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 11:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: Failed password for root from 218.92.0.201 port 51668 ssh2
May  7 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 51668 ssh2]
May  7 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 51668 ssh2 [preauth]
May  7 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: Disconnecting: Too many authentication failures [preauth]
May  7 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26282]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: Invalid user jumpserver from 196.251.84.225
May  7 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: input_userauth_request: invalid user jumpserver [preauth]
May  7 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25060]: pam_unix(cron:session): session closed for user root
May  7 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for root from 218.92.0.201 port 22798 ssh2
May  7 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: Failed password for invalid user jumpserver from 196.251.84.225 port 35886 ssh2
May  7 11:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for root from 218.92.0.201 port 22798 ssh2
May  7 11:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26344]: Connection closed by 196.251.84.225 port 35886 [preauth]
May  7 11:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Failed password for root from 218.92.0.201 port 22798 ssh2
May  7 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: message repeated 3 times: [ Failed password for root from 218.92.0.201 port 22798 ssh2]
May  7 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 22798 ssh2 [preauth]
May  7 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: Disconnecting: Too many authentication failures [preauth]
May  7 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 11:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 11:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 11:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: Failed password for root from 218.92.0.201 port 6100 ssh2
May  7 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: Received disconnect from 218.92.0.201 port 6100:11:  [preauth]
May  7 11:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26416]: Disconnected from 218.92.0.201 port 6100 [preauth]
May  7 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26443]: pam_unix(cron:session): session closed for user p13x
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: Successful su for rubyman by root
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: + ??? root:rubyman
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Invalid user chain from 196.251.84.225
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: input_userauth_request: invalid user chain [preauth]
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346489 of user rubyman.
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26590]: pam_unix(su:session): session closed for user rubyman
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346489.
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Failed password for root from 218.92.0.231 port 23796 ssh2
May  7 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Failed password for invalid user chain from 196.251.84.225 port 43330 ssh2
May  7 11:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26440]: Connection closed by 196.251.84.225 port 43330 [preauth]
May  7 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23621]: pam_unix(cron:session): session closed for user root
May  7 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Failed password for root from 218.92.0.231 port 23796 ssh2
May  7 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26444]: pam_unix(cron:session): session closed for user samftp
May  7 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Failed password for root from 218.92.0.231 port 23796 ssh2
May  7 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Received disconnect from 218.92.0.231 port 23796:11:  [preauth]
May  7 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Disconnected from 218.92.0.231 port 23796 [preauth]
May  7 11:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26833]: Did not receive identification string from 34.148.59.82
May  7 11:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: Invalid user admin from 194.0.234.16
May  7 11:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: input_userauth_request: invalid user admin [preauth]
May  7 11:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: Failed none for invalid user admin from 194.0.234.16 port 41004 ssh2
May  7 11:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26832]: Connection closed by 194.0.234.16 port 41004 [preauth]
May  7 11:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: Invalid user odoo from 196.251.84.225
May  7 11:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: input_userauth_request: invalid user odoo [preauth]
May  7 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session closed for user root
May  7 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: Failed password for invalid user odoo from 196.251.84.225 port 38422 ssh2
May  7 11:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26845]: Connection closed by 196.251.84.225 port 38422 [preauth]
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26937]: Did not receive identification string from 196.251.69.116
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Invalid user admin from 196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: input_userauth_request: invalid user admin [preauth]
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Invalid user ubnt from 196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: input_userauth_request: invalid user ubnt [preauth]
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: Invalid user support from 196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: input_userauth_request: invalid user support [preauth]
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Invalid user usario from 196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: input_userauth_request: invalid user usario [preauth]
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Invalid user user from 196.251.69.116
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: input_userauth_request: invalid user user [preauth]
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Failed password for invalid user admin from 196.251.69.116 port 32918 ssh2
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Failed password for invalid user ubnt from 196.251.69.116 port 32944 ssh2
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: Failed password for invalid user support from 196.251.69.116 port 32930 ssh2
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Failed password for invalid user usario from 196.251.69.116 port 32962 ssh2
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Failed password for invalid user user from 196.251.69.116 port 32948 ssh2
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Received disconnect from 196.251.69.116 port 32918:11: Bye Bye [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26938]: Disconnected from 196.251.69.116 port 32918 [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Received disconnect from 196.251.69.116 port 32944:11: Bye Bye [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Disconnected from 196.251.69.116 port 32944 [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: Received disconnect from 196.251.69.116 port 32930:11: Bye Bye [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26940]: Disconnected from 196.251.69.116 port 32930 [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Received disconnect from 196.251.69.116 port 32962:11: Bye Bye [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26945]: Disconnected from 196.251.69.116 port 32962 [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Received disconnect from 196.251.69.116 port 32948:11: Bye Bye [preauth]
May  7 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26943]: Disconnected from 196.251.69.116 port 32948 [preauth]
May  7 11:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 11:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Failed password for root from 80.94.95.125 port 27688 ssh2
May  7 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26987]: pam_unix(cron:session): session closed for user p13x
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27070]: Successful su for rubyman by root
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27070]: + ??? root:rubyman
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346493 of user rubyman.
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27070]: pam_unix(su:session): session closed for user rubyman
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346493.
May  7 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Failed password for root from 80.94.95.125 port 27688 ssh2
May  7 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: Invalid user redis from 196.251.84.225
May  7 11:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: input_userauth_request: invalid user redis [preauth]
May  7 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24172]: pam_unix(cron:session): session closed for user root
May  7 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Failed password for root from 80.94.95.125 port 27688 ssh2
May  7 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26989]: pam_unix(cron:session): session closed for user samftp
May  7 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Failed password for root from 80.94.95.125 port 27688 ssh2
May  7 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: Failed password for invalid user redis from 196.251.84.225 port 60840 ssh2
May  7 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: Connection closed by 196.251.84.225 port 60840 [preauth]
May  7 11:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Failed password for root from 80.94.95.125 port 27688 ssh2
May  7 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Received disconnect from 80.94.95.125 port 27688:11: Bye [preauth]
May  7 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: Disconnected from 80.94.95.125 port 27688 [preauth]
May  7 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26968]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session closed for user root
May  7 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: Invalid user mapr from 196.251.84.225
May  7 11:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: input_userauth_request: invalid user mapr [preauth]
May  7 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: Failed password for invalid user mapr from 196.251.84.225 port 53976 ssh2
May  7 11:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27379]: Connection closed by 196.251.84.225 port 53976 [preauth]
May  7 11:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 11:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Failed password for root from 218.92.0.222 port 43578 ssh2
May  7 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 43578 ssh2]
May  7 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Received disconnect from 218.92.0.222 port 43578:11:  [preauth]
May  7 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: Disconnected from 218.92.0.222 port 43578 [preauth]
May  7 11:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27440]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 11:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27490]: pam_unix(cron:session): session closed for user p13x
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Invalid user elasticsearch from 196.251.84.225
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27562]: Successful su for rubyman by root
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27562]: + ??? root:rubyman
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346497 of user rubyman.
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27562]: pam_unix(su:session): session closed for user rubyman
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346497.
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Failed password for invalid user elasticsearch from 196.251.84.225 port 56350 ssh2
May  7 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Connection closed by 196.251.84.225 port 56350 [preauth]
May  7 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user root
May  7 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27491]: pam_unix(cron:session): session closed for user samftp
May  7 11:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Invalid user solr from 196.251.84.225
May  7 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: input_userauth_request: invalid user solr [preauth]
May  7 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26446]: pam_unix(cron:session): session closed for user root
May  7 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Failed password for invalid user solr from 196.251.84.225 port 49162 ssh2
May  7 11:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Connection closed by 196.251.84.225 port 49162 [preauth]
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27921]: pam_unix(cron:session): session closed for user p13x
May  7 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: Successful su for rubyman by root
May  7 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: + ??? root:rubyman
May  7 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346502 of user rubyman.
May  7 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28047]: pam_unix(su:session): session closed for user rubyman
May  7 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346502.
May  7 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27919]: pam_unix(cron:session): session closed for user root
May  7 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Invalid user satisfactory from 196.251.84.225
May  7 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: input_userauth_request: invalid user satisfactory [preauth]
May  7 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25059]: pam_unix(cron:session): session closed for user root
May  7 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Failed password for invalid user satisfactory from 196.251.84.225 port 36684 ssh2
May  7 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27917]: Connection closed by 196.251.84.225 port 36684 [preauth]
May  7 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27922]: pam_unix(cron:session): session closed for user samftp
May  7 11:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Failed password for root from 196.251.84.225 port 53478 ssh2
May  7 11:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Connection closed by 196.251.84.225 port 53478 [preauth]
May  7 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26991]: pam_unix(cron:session): session closed for user root
May  7 11:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Invalid user btbts22120 from 64.23.161.151
May  7 11:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: input_userauth_request: invalid user btbts22120 [preauth]
May  7 11:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Failed password for invalid user btbts22120 from 64.23.161.151 port 50828 ssh2
May  7 11:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28385]: Connection closed by 64.23.161.151 port 50828 [preauth]
May  7 11:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Invalid user data from 196.251.84.225
May  7 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: input_userauth_request: invalid user data [preauth]
May  7 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Failed password for invalid user data from 196.251.84.225 port 43890 ssh2
May  7 11:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28429]: Connection closed by 196.251.84.225 port 43890 [preauth]
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session closed for user root
May  7 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28441]: pam_unix(cron:session): session closed for user p13x
May  7 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: Successful su for rubyman by root
May  7 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: + ??? root:rubyman
May  7 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346508 of user rubyman.
May  7 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28521]: pam_unix(su:session): session closed for user rubyman
May  7 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346508.
May  7 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session closed for user root
May  7 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25480]: pam_unix(cron:session): session closed for user root
May  7 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28442]: pam_unix(cron:session): session closed for user samftp
May  7 11:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Invalid user centos from 196.251.84.225
May  7 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: input_userauth_request: invalid user centos [preauth]
May  7 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Failed password for invalid user centos from 196.251.84.225 port 37640 ssh2
May  7 11:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Connection closed by 196.251.84.225 port 37640 [preauth]
May  7 11:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27494]: pam_unix(cron:session): session closed for user root
May  7 11:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 11:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: Failed password for root from 193.70.84.184 port 52160 ssh2
May  7 11:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: Connection closed by 193.70.84.184 port 52160 [preauth]
May  7 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Invalid user dolphinscheduler from 196.251.84.225
May  7 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 51450 ssh2
May  7 11:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28862]: Connection closed by 196.251.84.225 port 51450 [preauth]
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28882]: pam_unix(cron:session): session closed for user p13x
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: Successful su for rubyman by root
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: + ??? root:rubyman
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346513 of user rubyman.
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: pam_unix(su:session): session closed for user rubyman
May  7 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346513.
May  7 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Failed password for root from 123.140.114.196 port 34078 ssh2
May  7 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Received disconnect from 123.140.114.196 port 34078:11: Bye Bye [preauth]
May  7 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29079]: Disconnected from 123.140.114.196 port 34078 [preauth]
May  7 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25997]: pam_unix(cron:session): session closed for user root
May  7 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28883]: pam_unix(cron:session): session closed for user samftp
May  7 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29244]: Did not receive identification string from 154.81.156.51
May  7 11:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: Invalid user amp from 196.251.84.225
May  7 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: input_userauth_request: invalid user amp [preauth]
May  7 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: Failed password for invalid user amp from 196.251.84.225 port 50068 ssh2
May  7 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29282]: Connection closed by 196.251.84.225 port 50068 [preauth]
May  7 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27924]: pam_unix(cron:session): session closed for user root
May  7 11:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Invalid user nexus from 196.251.84.225
May  7 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: input_userauth_request: invalid user nexus [preauth]
May  7 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Failed password for invalid user nexus from 196.251.84.225 port 34418 ssh2
May  7 11:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29385]: Connection closed by 196.251.84.225 port 34418 [preauth]
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session closed for user p13x
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29473]: Successful su for rubyman by root
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29473]: + ??? root:rubyman
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346517 of user rubyman.
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29473]: pam_unix(su:session): session closed for user rubyman
May  7 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346517.
May  7 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26445]: pam_unix(cron:session): session closed for user root
May  7 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session closed for user samftp
May  7 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Invalid user ubuntu from 196.251.84.225
May  7 11:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: input_userauth_request: invalid user ubuntu [preauth]
May  7 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Failed password for invalid user ubuntu from 196.251.84.225 port 40972 ssh2
May  7 11:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29693]: Connection closed by 196.251.84.225 port 40972 [preauth]
May  7 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user root
May  7 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Failed password for root from 143.198.153.43 port 50852 ssh2
May  7 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Received disconnect from 143.198.153.43 port 50852:11: Bye Bye [preauth]
May  7 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29733]: Disconnected from 143.198.153.43 port 50852 [preauth]
May  7 11:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Failed password for root from 196.251.84.225 port 42454 ssh2
May  7 11:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29789]: Connection closed by 196.251.84.225 port 42454 [preauth]
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29816]: pam_unix(cron:session): session closed for user p13x
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: Successful su for rubyman by root
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: + ??? root:rubyman
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346521 of user rubyman.
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29881]: pam_unix(su:session): session closed for user rubyman
May  7 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346521.
May  7 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26990]: pam_unix(cron:session): session closed for user root
May  7 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29817]: pam_unix(cron:session): session closed for user samftp
May  7 11:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Failed password for root from 196.251.84.225 port 35896 ssh2
May  7 11:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30086]: Connection closed by 196.251.84.225 port 35896 [preauth]
May  7 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session closed for user root
May  7 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Invalid user ranger from 196.251.84.225
May  7 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: input_userauth_request: invalid user ranger [preauth]
May  7 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Failed password for invalid user ranger from 196.251.84.225 port 53744 ssh2
May  7 11:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Connection closed by 196.251.84.225 port 53744 [preauth]
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30219]: pam_unix(cron:session): session closed for user p13x
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: Successful su for rubyman by root
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: + ??? root:rubyman
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346525 of user rubyman.
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: pam_unix(su:session): session closed for user rubyman
May  7 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346525.
May  7 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session closed for user root
May  7 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30220]: pam_unix(cron:session): session closed for user samftp
May  7 11:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Invalid user sky from 189.3.191.89
May  7 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: input_userauth_request: invalid user sky [preauth]
May  7 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Failed password for invalid user sky from 189.3.191.89 port 51452 ssh2
May  7 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Received disconnect from 189.3.191.89 port 51452:11: Bye Bye [preauth]
May  7 11:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30467]: Disconnected from 189.3.191.89 port 51452 [preauth]
May  7 11:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Invalid user elk from 196.251.84.225
May  7 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: input_userauth_request: invalid user elk [preauth]
May  7 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Failed password for invalid user elk from 196.251.84.225 port 40624 ssh2
May  7 11:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30477]: Connection closed by 196.251.84.225 port 40624 [preauth]
May  7 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29412]: pam_unix(cron:session): session closed for user root
May  7 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Invalid user wordpress from 196.251.84.225
May  7 11:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: input_userauth_request: invalid user wordpress [preauth]
May  7 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for invalid user wordpress from 196.251.84.225 port 35442 ssh2
May  7 11:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Connection closed by 196.251.84.225 port 35442 [preauth]
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30625]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30624]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30629]: pam_unix(cron:session): session closed for user root
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30624]: pam_unix(cron:session): session closed for user p13x
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30696]: Successful su for rubyman by root
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30696]: + ??? root:rubyman
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346530 of user rubyman.
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30696]: pam_unix(su:session): session closed for user rubyman
May  7 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346530.
May  7 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30626]: pam_unix(cron:session): session closed for user root
May  7 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27923]: pam_unix(cron:session): session closed for user root
May  7 11:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30625]: pam_unix(cron:session): session closed for user samftp
May  7 11:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Invalid user vps from 196.251.84.225
May  7 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: input_userauth_request: invalid user vps [preauth]
May  7 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Failed password for invalid user vps from 196.251.84.225 port 38908 ssh2
May  7 11:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30903]: Connection closed by 196.251.84.225 port 38908 [preauth]
May  7 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29819]: pam_unix(cron:session): session closed for user root
May  7 11:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: Invalid user user from 196.251.84.225
May  7 11:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: input_userauth_request: invalid user user [preauth]
May  7 11:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: Failed password for invalid user user from 196.251.84.225 port 58202 ssh2
May  7 11:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31102]: Connection closed by 196.251.84.225 port 58202 [preauth]
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31157]: pam_unix(cron:session): session closed for user p13x
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: Successful su for rubyman by root
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: + ??? root:rubyman
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346536 of user rubyman.
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31225]: pam_unix(su:session): session closed for user rubyman
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346536.
May  7 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Invalid user geonode from 190.103.202.7
May  7 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: input_userauth_request: invalid user geonode [preauth]
May  7 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Failed password for invalid user geonode from 190.103.202.7 port 36816 ssh2
May  7 11:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31235]: Connection closed by 190.103.202.7 port 36816 [preauth]
May  7 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28444]: pam_unix(cron:session): session closed for user root
May  7 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31158]: pam_unix(cron:session): session closed for user samftp
May  7 11:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: Failed password for root from 196.251.84.225 port 45066 ssh2
May  7 11:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31426]: Connection closed by 196.251.84.225 port 45066 [preauth]
May  7 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30222]: pam_unix(cron:session): session closed for user root
May  7 11:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Invalid user vbox from 196.251.84.225
May  7 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: input_userauth_request: invalid user vbox [preauth]
May  7 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Failed password for invalid user vbox from 196.251.84.225 port 51274 ssh2
May  7 11:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Connection closed by 196.251.84.225 port 51274 [preauth]
May  7 11:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  7 11:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Failed password for root from 218.92.0.216 port 55888 ssh2
May  7 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 55888 ssh2]
May  7 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Received disconnect from 218.92.0.216 port 55888:11:  [preauth]
May  7 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Disconnected from 218.92.0.216 port 55888 [preauth]
May  7 11:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31578]: pam_unix(cron:session): session closed for user p13x
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: Successful su for rubyman by root
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: + ??? root:rubyman
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346538 of user rubyman.
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31651]: pam_unix(su:session): session closed for user rubyman
May  7 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346538.
May  7 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28884]: pam_unix(cron:session): session closed for user root
May  7 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31579]: pam_unix(cron:session): session closed for user samftp
May  7 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: Invalid user config from 80.94.95.115
May  7 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: input_userauth_request: invalid user config [preauth]
May  7 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: Failed password for invalid user config from 80.94.95.115 port 26996 ssh2
May  7 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31839]: Connection closed by 80.94.95.115 port 26996 [preauth]
May  7 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: Invalid user satisfactory from 196.251.84.225
May  7 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: input_userauth_request: invalid user satisfactory [preauth]
May  7 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: Failed password for invalid user satisfactory from 196.251.84.225 port 51452 ssh2
May  7 11:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31852]: Connection closed by 196.251.84.225 port 51452 [preauth]
May  7 11:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Failed password for root from 123.140.114.196 port 57808 ssh2
May  7 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Received disconnect from 123.140.114.196 port 57808:11: Bye Bye [preauth]
May  7 11:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Disconnected from 123.140.114.196 port 57808 [preauth]
May  7 11:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Invalid user csd117 from 64.23.161.151
May  7 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: input_userauth_request: invalid user csd117 [preauth]
May  7 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Failed password for invalid user csd117 from 64.23.161.151 port 38318 ssh2
May  7 11:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31947]: Connection closed by 64.23.161.151 port 38318 [preauth]
May  7 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30628]: pam_unix(cron:session): session closed for user root
May  7 11:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Invalid user centos from 196.251.84.225
May  7 11:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: input_userauth_request: invalid user centos [preauth]
May  7 11:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Failed password for invalid user centos from 196.251.84.225 port 57666 ssh2
May  7 11:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32066]: Connection closed by 196.251.84.225 port 57666 [preauth]
May  7 11:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for root from 218.92.0.179 port 25806 ssh2
May  7 11:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for root from 218.92.0.179 port 25806 ssh2
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32281]: pam_unix(cron:session): session closed for user p13x
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32372]: Successful su for rubyman by root
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32372]: + ??? root:rubyman
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346543 of user rubyman.
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32372]: pam_unix(su:session): session closed for user rubyman
May  7 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346543.
May  7 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Failed password for root from 218.92.0.179 port 25806 ssh2
May  7 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Received disconnect from 218.92.0.179 port 25806:11:  [preauth]
May  7 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: Disconnected from 218.92.0.179 port 25806 [preauth]
May  7 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32241]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29411]: pam_unix(cron:session): session closed for user root
May  7 11:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32284]: pam_unix(cron:session): session closed for user samftp
May  7 11:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Invalid user sysadmin from 196.251.84.225
May  7 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: input_userauth_request: invalid user sysadmin [preauth]
May  7 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Failed password for invalid user sysadmin from 196.251.84.225 port 46238 ssh2
May  7 11:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32578]: Connection closed by 196.251.84.225 port 46238 [preauth]
May  7 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31160]: pam_unix(cron:session): session closed for user root
May  7 11:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Invalid user sonar from 196.251.84.225
May  7 11:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: input_userauth_request: invalid user sonar [preauth]
May  7 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Failed password for invalid user sonar from 196.251.84.225 port 44606 ssh2
May  7 11:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[317]: Connection closed by 196.251.84.225 port 44606 [preauth]
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[410]: pam_unix(cron:session): session closed for user p13x
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[507]: Successful su for rubyman by root
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[507]: + ??? root:rubyman
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346549 of user rubyman.
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[507]: pam_unix(su:session): session closed for user rubyman
May  7 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346549.
May  7 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29818]: pam_unix(cron:session): session closed for user root
May  7 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[411]: pam_unix(cron:session): session closed for user samftp
May  7 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Invalid user postgres from 196.251.84.225
May  7 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: input_userauth_request: invalid user postgres [preauth]
May  7 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Failed password for invalid user postgres from 196.251.84.225 port 57696 ssh2
May  7 11:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[693]: Connection closed by 196.251.84.225 port 57696 [preauth]
May  7 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31581]: pam_unix(cron:session): session closed for user root
May  7 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: input_userauth_request: invalid user ftp [preauth]
May  7 11:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  7 11:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Failed password for invalid user ftp from 196.251.84.225 port 58900 ssh2
May  7 11:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[818]: Connection closed by 196.251.84.225 port 58900 [preauth]
May  7 11:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Invalid user mps from 189.3.191.89
May  7 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: input_userauth_request: invalid user mps [preauth]
May  7 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Failed password for invalid user mps from 189.3.191.89 port 35478 ssh2
May  7 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Received disconnect from 189.3.191.89 port 35478:11: Bye Bye [preauth]
May  7 11:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[857]: Disconnected from 189.3.191.89 port 35478 [preauth]
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[900]: pam_unix(cron:session): session closed for user root
May  7 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[893]: pam_unix(cron:session): session closed for user p13x
May  7 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: Successful su for rubyman by root
May  7 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: + ??? root:rubyman
May  7 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346552 of user rubyman.
May  7 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: pam_unix(su:session): session closed for user rubyman
May  7 11:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346552.
May  7 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Invalid user arkserver from 196.251.84.225
May  7 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: input_userauth_request: invalid user arkserver [preauth]
May  7 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[895]: pam_unix(cron:session): session closed for user root
May  7 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30221]: pam_unix(cron:session): session closed for user root
May  7 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Failed password for invalid user arkserver from 196.251.84.225 port 55390 ssh2
May  7 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1079]: Connection closed by 196.251.84.225 port 55390 [preauth]
May  7 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[894]: pam_unix(cron:session): session closed for user samftp
May  7 11:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Failed password for root from 218.92.0.228 port 37766 ssh2
May  7 11:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 37766 ssh2]
May  7 11:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Received disconnect from 218.92.0.228 port 37766:11:  [preauth]
May  7 11:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: Disconnected from 218.92.0.228 port 37766 [preauth]
May  7 11:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1240]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: Failed password for root from 218.92.0.228 port 39996 ssh2
May  7 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 39996 ssh2]
May  7 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: Received disconnect from 218.92.0.228 port 39996:11:  [preauth]
May  7 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: Disconnected from 218.92.0.228 port 39996 [preauth]
May  7 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Failed password for root from 218.92.0.228 port 12548 ssh2
May  7 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 12548 ssh2]
May  7 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Received disconnect from 218.92.0.228 port 12548:11:  [preauth]
May  7 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: Disconnected from 218.92.0.228 port 12548 [preauth]
May  7 11:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1292]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Invalid user test from 196.251.84.225
May  7 11:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: input_userauth_request: invalid user test [preauth]
May  7 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32287]: pam_unix(cron:session): session closed for user root
May  7 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Failed password for invalid user test from 196.251.84.225 port 34858 ssh2
May  7 11:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Connection closed by 196.251.84.225 port 34858 [preauth]
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1418]: pam_unix(cron:session): session closed for user p13x
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: Successful su for rubyman by root
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: + ??? root:rubyman
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346558 of user rubyman.
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1511]: pam_unix(su:session): session closed for user rubyman
May  7 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346558.
May  7 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Invalid user solana from 196.251.84.225
May  7 11:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: input_userauth_request: invalid user solana [preauth]
May  7 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30627]: pam_unix(cron:session): session closed for user root
May  7 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session closed for user samftp
May  7 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Failed password for invalid user solana from 196.251.84.225 port 43782 ssh2
May  7 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1635]: Connection closed by 196.251.84.225 port 43782 [preauth]
May  7 11:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user sol from 196.251.84.225
May  7 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user sol [preauth]
May  7 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[414]: pam_unix(cron:session): session closed for user root
May  7 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user sol from 196.251.84.225 port 44988 ssh2
May  7 11:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 196.251.84.225 port 44988 [preauth]
May  7 11:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: Failed password for root from 218.92.0.179 port 11446 ssh2
May  7 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11446 ssh2]
May  7 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: Received disconnect from 218.92.0.179 port 11446:11:  [preauth]
May  7 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: Disconnected from 218.92.0.179 port 11446 [preauth]
May  7 11:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1878]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1954]: pam_unix(cron:session): session closed for user p13x
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: Successful su for rubyman by root
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: + ??? root:rubyman
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346561 of user rubyman.
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2057]: pam_unix(su:session): session closed for user rubyman
May  7 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346561.
May  7 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Invalid user ranger from 196.251.84.225
May  7 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: input_userauth_request: invalid user ranger [preauth]
May  7 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31159]: pam_unix(cron:session): session closed for user root
May  7 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Failed password for invalid user ranger from 196.251.84.225 port 55344 ssh2
May  7 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Connection closed by 196.251.84.225 port 55344 [preauth]
May  7 11:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1955]: pam_unix(cron:session): session closed for user samftp
May  7 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[899]: pam_unix(cron:session): session closed for user root
May  7 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Invalid user admin from 196.251.84.225
May  7 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: input_userauth_request: invalid user admin [preauth]
May  7 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Failed password for invalid user admin from 196.251.84.225 port 36380 ssh2
May  7 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Invalid user sandra from 143.198.153.43
May  7 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: input_userauth_request: invalid user sandra [preauth]
May  7 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 11:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2333]: Connection closed by 196.251.84.225 port 36380 [preauth]
May  7 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Failed password for invalid user sandra from 143.198.153.43 port 53008 ssh2
May  7 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Received disconnect from 143.198.153.43 port 53008:11: Bye Bye [preauth]
May  7 11:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2342]: Disconnected from 143.198.153.43 port 53008 [preauth]
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2423]: pam_unix(cron:session): session closed for user p13x
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2490]: Successful su for rubyman by root
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2490]: + ??? root:rubyman
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346565 of user rubyman.
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2490]: pam_unix(su:session): session closed for user rubyman
May  7 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346565.
May  7 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Invalid user drupal from 196.251.84.225
May  7 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: input_userauth_request: invalid user drupal [preauth]
May  7 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31580]: pam_unix(cron:session): session closed for user root
May  7 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Failed password for invalid user drupal from 196.251.84.225 port 34848 ssh2
May  7 11:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2477]: Connection closed by 196.251.84.225 port 34848 [preauth]
May  7 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2424]: pam_unix(cron:session): session closed for user samftp
May  7 11:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user root
May  7 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Invalid user mongodb from 196.251.84.225
May  7 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: input_userauth_request: invalid user mongodb [preauth]
May  7 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Failed password for invalid user mongodb from 196.251.84.225 port 48910 ssh2
May  7 11:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Connection closed by 196.251.84.225 port 48910 [preauth]
May  7 11:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Invalid user admin from 80.94.95.112
May  7 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: input_userauth_request: invalid user admin [preauth]
May  7 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 11:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user admin from 80.94.95.112 port 45216 ssh2
May  7 11:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user admin from 80.94.95.112 port 45216 ssh2
May  7 11:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user admin from 80.94.95.112 port 45216 ssh2
May  7 11:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user admin from 80.94.95.112 port 45216 ssh2
May  7 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user admin from 80.94.95.112 port 45216 ssh2
May  7 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Received disconnect from 80.94.95.112 port 45216:11: Bye [preauth]
May  7 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Disconnected from 80.94.95.112 port 45216 [preauth]
May  7 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2860]: pam_unix(cron:session): session closed for user p13x
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2928]: Successful su for rubyman by root
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2928]: + ??? root:rubyman
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346569 of user rubyman.
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2928]: pam_unix(su:session): session closed for user rubyman
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346569.
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Invalid user jack from 196.251.84.225
May  7 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: input_userauth_request: invalid user jack [preauth]
May  7 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Failed password for invalid user jack from 196.251.84.225 port 50076 ssh2
May  7 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32285]: pam_unix(cron:session): session closed for user root
May  7 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Connection closed by 196.251.84.225 port 50076 [preauth]
May  7 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2862]: pam_unix(cron:session): session closed for user samftp
May  7 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Invalid user vbox from 196.251.84.225
May  7 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: input_userauth_request: invalid user vbox [preauth]
May  7 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session closed for user root
May  7 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Failed password for invalid user vbox from 196.251.84.225 port 42264 ssh2
May  7 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3186]: Connection closed by 196.251.84.225 port 42264 [preauth]
May  7 11:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: Invalid user sonar from 196.251.84.225
May  7 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: input_userauth_request: invalid user sonar [preauth]
May  7 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for root from 218.92.0.179 port 35741 ssh2
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3280]: pam_unix(cron:session): session closed for user root
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session closed for user p13x
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3343]: Successful su for rubyman by root
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3343]: + ??? root:rubyman
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346572 of user rubyman.
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3343]: pam_unix(su:session): session closed for user rubyman
May  7 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346572.
May  7 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: Failed password for invalid user sonar from 196.251.84.225 port 46390 ssh2
May  7 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3272]: Connection closed by 196.251.84.225 port 46390 [preauth]
May  7 11:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for root from 218.92.0.179 port 35741 ssh2
May  7 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session closed for user root
May  7 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3277]: pam_unix(cron:session): session closed for user root
May  7 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Failed password for root from 218.92.0.179 port 35741 ssh2
May  7 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Received disconnect from 218.92.0.179 port 35741:11:  [preauth]
May  7 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: Disconnected from 218.92.0.179 port 35741 [preauth]
May  7 11:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3270]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3276]: pam_unix(cron:session): session closed for user samftp
May  7 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: Invalid user dada from 64.23.161.151
May  7 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: input_userauth_request: invalid user dada [preauth]
May  7 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: Failed password for invalid user dada from 64.23.161.151 port 55432 ssh2
May  7 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3639]: Connection closed by 64.23.161.151 port 55432 [preauth]
May  7 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: Invalid user en from 189.3.191.89
May  7 11:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: input_userauth_request: invalid user en [preauth]
May  7 11:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 11:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: Failed password for invalid user en from 189.3.191.89 port 33890 ssh2
May  7 11:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: Received disconnect from 189.3.191.89 port 33890:11: Bye Bye [preauth]
May  7 11:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3649]: Disconnected from 189.3.191.89 port 33890 [preauth]
May  7 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Failed password for root from 196.251.84.225 port 58696 ssh2
May  7 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3673]: Connection closed by 196.251.84.225 port 58696 [preauth]
May  7 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2426]: pam_unix(cron:session): session closed for user root
May  7 11:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: Failed password for root from 196.251.84.225 port 33200 ssh2
May  7 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: Connection closed by 196.251.84.225 port 33200 [preauth]
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session closed for user p13x
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3826]: Successful su for rubyman by root
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3826]: + ??? root:rubyman
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346579 of user rubyman.
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3826]: pam_unix(su:session): session closed for user rubyman
May  7 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346579.
May  7 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[897]: pam_unix(cron:session): session closed for user root
May  7 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3762]: pam_unix(cron:session): session closed for user samftp
May  7 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Invalid user test from 196.251.84.225
May  7 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: input_userauth_request: invalid user test [preauth]
May  7 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Failed password for invalid user test from 196.251.84.225 port 36760 ssh2
May  7 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4108]: Connection closed by 196.251.84.225 port 36760 [preauth]
May  7 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2864]: pam_unix(cron:session): session closed for user root
May  7 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3252]: Connection reset by 218.92.0.220 port 21274 [preauth]
May  7 11:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Invalid user ldap from 196.251.84.225
May  7 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: input_userauth_request: invalid user ldap [preauth]
May  7 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Failed password for invalid user ldap from 196.251.84.225 port 38742 ssh2
May  7 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4195]: Connection closed by 196.251.84.225 port 38742 [preauth]
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user p13x
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: Successful su for rubyman by root
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: + ??? root:rubyman
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346582 of user rubyman.
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4377]: pam_unix(su:session): session closed for user rubyman
May  7 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346582.
May  7 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session closed for user root
May  7 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session closed for user samftp
May  7 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Failed password for root from 196.251.84.225 port 52390 ssh2
May  7 11:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4672]: Connection closed by 196.251.84.225 port 52390 [preauth]
May  7 11:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 11:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: Failed password for root from 143.198.153.43 port 41584 ssh2
May  7 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: Received disconnect from 143.198.153.43 port 41584:11: Bye Bye [preauth]
May  7 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4687]: Disconnected from 143.198.153.43 port 41584 [preauth]
May  7 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3279]: pam_unix(cron:session): session closed for user root
May  7 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Failed password for root from 218.92.0.236 port 59394 ssh2
May  7 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 59394 ssh2]
May  7 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Received disconnect from 218.92.0.236 port 59394:11:  [preauth]
May  7 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Disconnected from 218.92.0.236 port 59394 [preauth]
May  7 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 11:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Invalid user dolphinscheduler from 196.251.84.225
May  7 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 46604 ssh2
May  7 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Connection closed by 196.251.84.225 port 46604 [preauth]
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session closed for user p13x
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4851]: Successful su for rubyman by root
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4851]: + ??? root:rubyman
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346586 of user rubyman.
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4851]: pam_unix(su:session): session closed for user rubyman
May  7 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346586.
May  7 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session closed for user root
May  7 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session closed for user samftp
May  7 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Failed password for root from 196.251.84.225 port 35482 ssh2
May  7 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5300]: Connection closed by 196.251.84.225 port 35482 [preauth]
May  7 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3764]: pam_unix(cron:session): session closed for user root
May  7 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5350]: Invalid user anonymous from 85.208.84.5
May  7 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5350]: input_userauth_request: invalid user anonymous [preauth]
May  7 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5350]: Failed none for invalid user anonymous from 85.208.84.5 port 60444 ssh2
May  7 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5350]: Connection closed by 85.208.84.5 port 60444 [preauth]
May  7 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Invalid user vagrant from 196.251.84.225
May  7 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: input_userauth_request: invalid user vagrant [preauth]
May  7 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Failed password for invalid user vagrant from 196.251.84.225 port 58426 ssh2
May  7 11:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Connection closed by 196.251.84.225 port 58426 [preauth]
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5397]: pam_unix(cron:session): session closed for user p13x
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5467]: Successful su for rubyman by root
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5467]: + ??? root:rubyman
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346591 of user rubyman.
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5467]: pam_unix(su:session): session closed for user rubyman
May  7 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346591.
May  7 11:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2425]: pam_unix(cron:session): session closed for user root
May  7 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5398]: pam_unix(cron:session): session closed for user samftp
May  7 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Invalid user awsgui from 196.251.84.225
May  7 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: input_userauth_request: invalid user awsgui [preauth]
May  7 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for invalid user awsgui from 196.251.84.225 port 50918 ssh2
May  7 11:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection closed by 196.251.84.225 port 50918 [preauth]
May  7 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user root
May  7 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Invalid user postgres from 196.251.84.225
May  7 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: input_userauth_request: invalid user postgres [preauth]
May  7 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: pam_unix(sshd:auth): check pass; user unknown
May  7 11:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Failed password for invalid user postgres from 196.251.84.225 port 42294 ssh2
May  7 11:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: Connection closed by 196.251.84.225 port 42294 [preauth]
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user root
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5948]: pam_unix(cron:session): session closed for user root
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5946]: pam_unix(cron:session): session closed for user p13x
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: Successful su for rubyman by root
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: + ??? root:rubyman
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346594 of user rubyman.
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6058]: pam_unix(su:session): session closed for user rubyman
May  7 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346594.
May  7 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5950]: pam_unix(cron:session): session closed for user root
May  7 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session closed for user root
May  7 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5947]: pam_unix(cron:session): session closed for user samftp
May  7 12:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Failed password for root from 123.140.114.196 port 53320 ssh2
May  7 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Received disconnect from 123.140.114.196 port 53320:11: Bye Bye [preauth]
May  7 12:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Disconnected from 123.140.114.196 port 53320 [preauth]
May  7 12:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Invalid user dev from 196.251.84.225
May  7 12:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: input_userauth_request: invalid user dev [preauth]
May  7 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Failed password for invalid user dev from 196.251.84.225 port 54374 ssh2
May  7 12:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6348]: Connection closed by 196.251.84.225 port 54374 [preauth]
May  7 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4783]: pam_unix(cron:session): session closed for user root
May  7 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Invalid user loki from 189.3.191.89
May  7 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: input_userauth_request: invalid user loki [preauth]
May  7 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Failed password for invalid user loki from 189.3.191.89 port 34668 ssh2
May  7 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Received disconnect from 189.3.191.89 port 34668:11: Bye Bye [preauth]
May  7 12:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6462]: Disconnected from 189.3.191.89 port 34668 [preauth]
May  7 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Failed password for root from 196.251.84.225 port 46274 ssh2
May  7 12:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Connection closed by 196.251.84.225 port 46274 [preauth]
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6483]: pam_unix(cron:session): session closed for user p13x
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: Successful su for rubyman by root
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: + ??? root:rubyman
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346602 of user rubyman.
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6547]: pam_unix(su:session): session closed for user rubyman
May  7 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346602.
May  7 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3278]: pam_unix(cron:session): session closed for user root
May  7 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6484]: pam_unix(cron:session): session closed for user samftp
May  7 12:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Failed password for root from 196.251.84.225 port 40590 ssh2
May  7 12:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Connection closed by 196.251.84.225 port 40590 [preauth]
May  7 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user root
May  7 12:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Invalid user test from 196.251.84.225
May  7 12:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: input_userauth_request: invalid user test [preauth]
May  7 12:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Failed password for invalid user test from 196.251.84.225 port 56550 ssh2
May  7 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6874]: Connection closed by 196.251.84.225 port 56550 [preauth]
May  7 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6895]: pam_unix(cron:session): session closed for user p13x
May  7 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7050]: Successful su for rubyman by root
May  7 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7050]: + ??? root:rubyman
May  7 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346605 of user rubyman.
May  7 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7050]: pam_unix(su:session): session closed for user rubyman
May  7 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346605.
May  7 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3763]: pam_unix(cron:session): session closed for user root
May  7 12:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6896]: pam_unix(cron:session): session closed for user samftp
May  7 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Invalid user admin from 80.94.95.241
May  7 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: input_userauth_request: invalid user admin [preauth]
May  7 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for invalid user admin from 80.94.95.241 port 7549 ssh2
May  7 12:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for invalid user admin from 80.94.95.241 port 7549 ssh2
May  7 12:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for invalid user admin from 80.94.95.241 port 7549 ssh2
May  7 12:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Invalid user tejas from 143.198.153.43
May  7 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: input_userauth_request: invalid user tejas [preauth]
May  7 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for invalid user admin from 80.94.95.241 port 7549 ssh2
May  7 12:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Failed password for invalid user tejas from 143.198.153.43 port 33448 ssh2
May  7 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Received disconnect from 143.198.153.43 port 33448:11: Bye Bye [preauth]
May  7 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7293]: Disconnected from 143.198.153.43 port 33448 [preauth]
May  7 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Invalid user test from 196.251.84.225
May  7 12:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: input_userauth_request: invalid user test [preauth]
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Failed password for invalid user admin from 80.94.95.241 port 7549 ssh2
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Received disconnect from 80.94.95.241 port 7549:11: Bye [preauth]
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: Disconnected from 80.94.95.241 port 7549 [preauth]
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 12:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7265]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user test from 196.251.84.225 port 46320 ssh2
May  7 12:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Connection closed by 196.251.84.225 port 46320 [preauth]
May  7 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5952]: pam_unix(cron:session): session closed for user root
May  7 12:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: Invalid user apache from 196.251.84.225
May  7 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: input_userauth_request: invalid user apache [preauth]
May  7 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: Failed password for invalid user apache from 196.251.84.225 port 49362 ssh2
May  7 12:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7392]: Connection closed by 196.251.84.225 port 49362 [preauth]
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7404]: pam_unix(cron:session): session closed for user p13x
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7468]: Successful su for rubyman by root
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7468]: + ??? root:rubyman
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346609 of user rubyman.
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7468]: pam_unix(su:session): session closed for user rubyman
May  7 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346609.
May  7 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user root
May  7 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7405]: pam_unix(cron:session): session closed for user samftp
May  7 12:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Invalid user jnishi from 64.23.161.151
May  7 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: input_userauth_request: invalid user jnishi [preauth]
May  7 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Failed password for invalid user jnishi from 64.23.161.151 port 48794 ssh2
May  7 12:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7779]: Connection closed by 64.23.161.151 port 48794 [preauth]
May  7 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Invalid user woaiqian from 124.198.59.254
May  7 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: input_userauth_request: invalid user woaiqian [preauth]
May  7 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  7 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Failed password for invalid user woaiqian from 124.198.59.254 port 41014 ssh2
May  7 12:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7774]: Connection closed by 124.198.59.254 port 41014 [preauth]
May  7 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Invalid user docker from 196.251.84.225
May  7 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: input_userauth_request: invalid user docker [preauth]
May  7 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Failed password for invalid user docker from 196.251.84.225 port 38232 ssh2
May  7 12:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7819]: Connection closed by 196.251.84.225 port 38232 [preauth]
May  7 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6486]: pam_unix(cron:session): session closed for user root
May  7 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Invalid user node from 196.251.84.225
May  7 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: input_userauth_request: invalid user node [preauth]
May  7 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Failed password for invalid user node from 196.251.84.225 port 38064 ssh2
May  7 12:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7912]: Connection closed by 196.251.84.225 port 38064 [preauth]
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7941]: pam_unix(cron:session): session closed for user p13x
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: Successful su for rubyman by root
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: + ??? root:rubyman
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346614 of user rubyman.
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8007]: pam_unix(su:session): session closed for user rubyman
May  7 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346614.
May  7 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session closed for user root
May  7 12:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7942]: pam_unix(cron:session): session closed for user samftp
May  7 12:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Failed password for root from 218.92.0.237 port 30004 ssh2
May  7 12:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Failed password for root from 218.92.0.237 port 30004 ssh2
May  7 12:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Invalid user wordpress from 196.251.84.225
May  7 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: input_userauth_request: invalid user wordpress [preauth]
May  7 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Failed password for root from 218.92.0.237 port 30004 ssh2
May  7 12:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Received disconnect from 218.92.0.237 port 30004:11:  [preauth]
May  7 12:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: Disconnected from 218.92.0.237 port 30004 [preauth]
May  7 12:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8218]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 12:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Failed password for invalid user wordpress from 196.251.84.225 port 33158 ssh2
May  7 12:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Connection closed by 196.251.84.225 port 33158 [preauth]
May  7 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6898]: pam_unix(cron:session): session closed for user root
May  7 12:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: Invalid user centos from 196.251.84.225
May  7 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: input_userauth_request: invalid user centos [preauth]
May  7 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: Failed password for invalid user centos from 196.251.84.225 port 45890 ssh2
May  7 12:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8318]: Connection closed by 196.251.84.225 port 45890 [preauth]
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8376]: pam_unix(cron:session): session closed for user root
May  7 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session closed for user p13x
May  7 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: Successful su for rubyman by root
May  7 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: + ??? root:rubyman
May  7 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346620 of user rubyman.
May  7 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8445]: pam_unix(su:session): session closed for user rubyman
May  7 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346620.
May  7 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8373]: pam_unix(cron:session): session closed for user root
May  7 12:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user root
May  7 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session closed for user samftp
May  7 12:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Invalid user esuser from 196.251.84.225
May  7 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: input_userauth_request: invalid user esuser [preauth]
May  7 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Failed password for root from 218.92.0.203 port 5824 ssh2
May  7 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Failed password for invalid user esuser from 196.251.84.225 port 43512 ssh2
May  7 12:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8674]: Connection closed by 196.251.84.225 port 43512 [preauth]
May  7 12:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Failed password for root from 218.92.0.203 port 5824 ssh2
May  7 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: message repeated 3 times: [ Failed password for root from 218.92.0.203 port 5824 ssh2]
May  7 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 5824 ssh2 [preauth]
May  7 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: Disconnecting: Too many authentication failures [preauth]
May  7 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 12:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8671]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Invalid user tys from 50.235.31.47
May  7 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: input_userauth_request: invalid user tys [preauth]
May  7 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 12:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Failed password for invalid user tys from 50.235.31.47 port 51182 ssh2
May  7 12:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8738]: Connection closed by 50.235.31.47 port 51182 [preauth]
May  7 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7407]: pam_unix(cron:session): session closed for user root
May  7 12:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Invalid user app from 196.251.84.225
May  7 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: input_userauth_request: invalid user app [preauth]
May  7 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Failed password for invalid user app from 196.251.84.225 port 38556 ssh2
May  7 12:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Connection closed by 196.251.84.225 port 38556 [preauth]
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session closed for user p13x
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: Successful su for rubyman by root
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: + ??? root:rubyman
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346624 of user rubyman.
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8908]: pam_unix(su:session): session closed for user rubyman
May  7 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346624.
May  7 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5951]: pam_unix(cron:session): session closed for user root
May  7 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session closed for user samftp
May  7 12:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: Invalid user pal from 196.251.84.225
May  7 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: input_userauth_request: invalid user pal [preauth]
May  7 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: Failed password for invalid user pal from 196.251.84.225 port 36746 ssh2
May  7 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: Connection closed by 196.251.84.225 port 36746 [preauth]
May  7 12:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89  user=root
May  7 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9252]: Failed password for root from 189.3.191.89 port 46036 ssh2
May  7 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9252]: Received disconnect from 189.3.191.89 port 46036:11: Bye Bye [preauth]
May  7 12:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9252]: Disconnected from 189.3.191.89 port 46036 [preauth]
May  7 12:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7945]: pam_unix(cron:session): session closed for user root
May  7 12:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: Failed password for root from 196.251.84.225 port 55880 ssh2
May  7 12:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9324]: Connection closed by 196.251.84.225 port 55880 [preauth]
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9377]: pam_unix(cron:session): session closed for user p13x
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: Successful su for rubyman by root
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: + ??? root:rubyman
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346627 of user rubyman.
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9440]: pam_unix(su:session): session closed for user rubyman
May  7 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346627.
May  7 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6485]: pam_unix(cron:session): session closed for user root
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Failed password for root from 143.198.153.43 port 44758 ssh2
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Received disconnect from 143.198.153.43 port 44758:11: Bye Bye [preauth]
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9507]: Disconnected from 143.198.153.43 port 44758 [preauth]
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: input_userauth_request: invalid user bin [preauth]
May  7 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  7 12:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9378]: pam_unix(cron:session): session closed for user samftp
May  7 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Failed password for invalid user bin from 196.251.84.225 port 59640 ssh2
May  7 12:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9590]: Connection closed by 196.251.84.225 port 59640 [preauth]
May  7 12:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Invalid user nft from 196.251.84.225
May  7 12:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: input_userauth_request: invalid user nft [preauth]
May  7 12:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8375]: pam_unix(cron:session): session closed for user root
May  7 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Failed password for invalid user nft from 196.251.84.225 port 37274 ssh2
May  7 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9703]: Connection closed by 196.251.84.225 port 37274 [preauth]
May  7 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9801]: pam_unix(cron:session): session closed for user p13x
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: Successful su for rubyman by root
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: + ??? root:rubyman
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346632 of user rubyman.
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9861]: pam_unix(su:session): session closed for user rubyman
May  7 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346632.
May  7 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Invalid user plex from 196.251.84.225
May  7 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: input_userauth_request: invalid user plex [preauth]
May  7 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6897]: pam_unix(cron:session): session closed for user root
May  7 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Failed password for invalid user plex from 196.251.84.225 port 58818 ssh2
May  7 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9789]: Connection closed by 196.251.84.225 port 58818 [preauth]
May  7 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user samftp
May  7 12:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: Invalid user hadoop from 196.251.84.225
May  7 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: input_userauth_request: invalid user hadoop [preauth]
May  7 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: Failed password for invalid user hadoop from 196.251.84.225 port 54544 ssh2
May  7 12:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10110]: Connection closed by 196.251.84.225 port 54544 [preauth]
May  7 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user root
May  7 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Invalid user es from 196.251.84.225
May  7 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: input_userauth_request: invalid user es [preauth]
May  7 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session closed for user p13x
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: Successful su for rubyman by root
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: + ??? root:rubyman
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346636 of user rubyman.
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: pam_unix(su:session): session closed for user rubyman
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346636.
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Failed password for invalid user es from 196.251.84.225 port 38780 ssh2
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session closed for user root
May  7 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10184]: Connection closed by 196.251.84.225 port 38780 [preauth]
May  7 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7406]: pam_unix(cron:session): session closed for user root
May  7 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user samftp
May  7 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: Invalid user jack from 196.251.84.225
May  7 12:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: input_userauth_request: invalid user jack [preauth]
May  7 12:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  7 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: Failed password for invalid user jack from 196.251.84.225 port 42980 ssh2
May  7 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10760]: Connection closed by 196.251.84.225 port 42980 [preauth]
May  7 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for root from 85.208.84.4 port 57088 ssh2
May  7 12:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 85.208.84.4 port 57088 [preauth]
May  7 12:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9381]: pam_unix(cron:session): session closed for user root
May  7 12:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: Failed password for root from 218.92.0.179 port 52815 ssh2
May  7 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52815 ssh2]
May  7 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: Received disconnect from 218.92.0.179 port 52815:11:  [preauth]
May  7 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: Disconnected from 218.92.0.179 port 52815 [preauth]
May  7 12:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Failed password for root from 196.251.84.225 port 34040 ssh2
May  7 12:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Connection closed by 196.251.84.225 port 34040 [preauth]
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10866]: pam_unix(cron:session): session closed for user root
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session closed for user p13x
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: Successful su for rubyman by root
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: + ??? root:rubyman
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346644 of user rubyman.
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10928]: pam_unix(su:session): session closed for user rubyman
May  7 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346644.
May  7 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session closed for user root
May  7 12:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7943]: pam_unix(cron:session): session closed for user root
May  7 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user samftp
May  7 12:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Failed password for root from 196.251.84.225 port 33680 ssh2
May  7 12:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11174]: Connection closed by 196.251.84.225 port 33680 [preauth]
May  7 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
May  7 12:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Invalid user demo from 196.251.84.225
May  7 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: input_userauth_request: invalid user demo [preauth]
May  7 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for invalid user demo from 196.251.84.225 port 44038 ssh2
May  7 12:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Connection closed by 196.251.84.225 port 44038 [preauth]
May  7 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Invalid user nishitj from 64.23.161.151
May  7 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: input_userauth_request: invalid user nishitj [preauth]
May  7 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Failed password for invalid user nishitj from 64.23.161.151 port 35962 ssh2
May  7 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Connection closed by 64.23.161.151 port 35962 [preauth]
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11287]: pam_unix(cron:session): session closed for user p13x
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: Successful su for rubyman by root
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: + ??? root:rubyman
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346646 of user rubyman.
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11351]: pam_unix(su:session): session closed for user rubyman
May  7 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346646.
May  7 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8374]: pam_unix(cron:session): session closed for user root
May  7 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11288]: pam_unix(cron:session): session closed for user samftp
May  7 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Invalid user comp from 46.244.96.25
May  7 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: input_userauth_request: invalid user comp [preauth]
May  7 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 12:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Failed password for invalid user comp from 46.244.96.25 port 50450 ssh2
May  7 12:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11575]: Connection closed by 46.244.96.25 port 50450 [preauth]
May  7 12:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Invalid user nagios from 196.251.84.225
May  7 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: input_userauth_request: invalid user nagios [preauth]
May  7 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Failed password for invalid user nagios from 196.251.84.225 port 58722 ssh2
May  7 12:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11585]: Connection closed by 196.251.84.225 port 58722 [preauth]
May  7 12:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10199]: pam_unix(cron:session): session closed for user root
May  7 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: Failed password for root from 143.198.153.43 port 34922 ssh2
May  7 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: Received disconnect from 143.198.153.43 port 34922:11: Bye Bye [preauth]
May  7 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11673]: Disconnected from 143.198.153.43 port 34922 [preauth]
May  7 12:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Invalid user vagrant from 196.251.84.225
May  7 12:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: input_userauth_request: invalid user vagrant [preauth]
May  7 12:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 12:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Failed password for invalid user vagrant from 196.251.84.225 port 37300 ssh2
May  7 12:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11683]: Connection closed by 196.251.84.225 port 37300 [preauth]
May  7 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for root from 80.94.95.125 port 21090 ssh2
May  7 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Invalid user csgoserver from 189.3.191.89
May  7 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: input_userauth_request: invalid user csgoserver [preauth]
May  7 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for root from 80.94.95.125 port 21090 ssh2
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11707]: pam_unix(cron:session): session closed for user p13x
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11769]: Successful su for rubyman by root
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11769]: + ??? root:rubyman
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346650 of user rubyman.
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11769]: pam_unix(su:session): session closed for user rubyman
May  7 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346650.
May  7 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Failed password for invalid user csgoserver from 189.3.191.89 port 44138 ssh2
May  7 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Received disconnect from 189.3.191.89 port 44138:11: Bye Bye [preauth]
May  7 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Disconnected from 189.3.191.89 port 44138 [preauth]
May  7 12:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for root from 80.94.95.125 port 21090 ssh2
May  7 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session closed for user root
May  7 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for root from 80.94.95.125 port 21090 ssh2
May  7 12:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11708]: pam_unix(cron:session): session closed for user samftp
May  7 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Failed password for root from 80.94.95.125 port 21090 ssh2
May  7 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Received disconnect from 80.94.95.125 port 21090:11: Bye [preauth]
May  7 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: Disconnected from 80.94.95.125 port 21090 [preauth]
May  7 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 12:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11693]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Failed password for root from 196.251.84.225 port 52958 ssh2
May  7 12:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12000]: Connection closed by 196.251.84.225 port 52958 [preauth]
May  7 12:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Failed password for root from 218.92.0.179 port 62671 ssh2
May  7 12:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 62671 ssh2]
May  7 12:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Received disconnect from 218.92.0.179 port 62671:11:  [preauth]
May  7 12:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Disconnected from 218.92.0.179 port 62671 [preauth]
May  7 12:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user root
May  7 12:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12098]: pam_unix(cron:session): session closed for user p13x
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12158]: Successful su for rubyman by root
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12158]: + ??? root:rubyman
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346655 of user rubyman.
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12158]: pam_unix(su:session): session closed for user rubyman
May  7 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346655.
May  7 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Failed password for root from 196.251.84.225 port 50454 ssh2
May  7 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12084]: Connection closed by 196.251.84.225 port 50454 [preauth]
May  7 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9379]: pam_unix(cron:session): session closed for user root
May  7 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12099]: pam_unix(cron:session): session closed for user samftp
May  7 12:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Invalid user puppet from 196.251.84.225
May  7 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: input_userauth_request: invalid user puppet [preauth]
May  7 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 12:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Failed password for root from 218.92.0.218 port 46008 ssh2
May  7 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Failed password for invalid user puppet from 196.251.84.225 port 36602 ssh2
May  7 12:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12394]: Connection closed by 196.251.84.225 port 36602 [preauth]
May  7 12:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Failed password for root from 218.92.0.218 port 46008 ssh2
May  7 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Failed password for root from 218.92.0.218 port 46008 ssh2
May  7 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Received disconnect from 218.92.0.218 port 46008:11:  [preauth]
May  7 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Disconnected from 218.92.0.218 port 46008 [preauth]
May  7 12:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11290]: pam_unix(cron:session): session closed for user root
May  7 12:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Failed password for root from 123.140.114.196 port 52208 ssh2
May  7 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Received disconnect from 123.140.114.196 port 52208:11: Bye Bye [preauth]
May  7 12:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12428]: Disconnected from 123.140.114.196 port 52208 [preauth]
May  7 12:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: Invalid user hikvision from 196.251.84.225
May  7 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: input_userauth_request: invalid user hikvision [preauth]
May  7 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: Failed password for invalid user hikvision from 196.251.84.225 port 55936 ssh2
May  7 12:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12486]: Connection closed by 196.251.84.225 port 55936 [preauth]
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12506]: pam_unix(cron:session): session closed for user p13x
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12566]: Successful su for rubyman by root
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12566]: + ??? root:rubyman
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346659 of user rubyman.
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12566]: pam_unix(su:session): session closed for user rubyman
May  7 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346659.
May  7 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user root
May  7 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12507]: pam_unix(cron:session): session closed for user samftp
May  7 12:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Invalid user solana from 196.251.84.225
May  7 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: input_userauth_request: invalid user solana [preauth]
May  7 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Failed password for invalid user solana from 196.251.84.225 port 42252 ssh2
May  7 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12781]: Connection closed by 196.251.84.225 port 42252 [preauth]
May  7 12:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11710]: pam_unix(cron:session): session closed for user root
May  7 12:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: User vncuser from 115.78.4.182 not allowed because not listed in AllowUsers
May  7 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: input_userauth_request: invalid user vncuser [preauth]
May  7 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=vncuser
May  7 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for invalid user vncuser from 115.78.4.182 port 35344 ssh2
May  7 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Received disconnect from 115.78.4.182 port 35344:11: Bye Bye [preauth]
May  7 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Disconnected from 115.78.4.182 port 35344 [preauth]
May  7 12:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Invalid user es from 196.251.84.225
May  7 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: input_userauth_request: invalid user es [preauth]
May  7 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Failed password for invalid user es from 196.251.84.225 port 44402 ssh2
May  7 12:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12875]: Connection closed by 196.251.84.225 port 44402 [preauth]
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12900]: pam_unix(cron:session): session closed for user root
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12895]: pam_unix(cron:session): session closed for user p13x
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12965]: Successful su for rubyman by root
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12965]: + ??? root:rubyman
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346663 of user rubyman.
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12965]: pam_unix(su:session): session closed for user rubyman
May  7 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346663.
May  7 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session closed for user root
May  7 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10198]: pam_unix(cron:session): session closed for user root
May  7 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12896]: pam_unix(cron:session): session closed for user samftp
May  7 12:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Invalid user www from 196.251.84.225
May  7 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: input_userauth_request: invalid user www [preauth]
May  7 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Failed password for invalid user www from 196.251.84.225 port 46656 ssh2
May  7 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13204]: Connection closed by 196.251.84.225 port 46656 [preauth]
May  7 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12101]: pam_unix(cron:session): session closed for user root
May  7 12:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Invalid user jito from 196.251.84.225
May  7 12:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: input_userauth_request: invalid user jito [preauth]
May  7 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Failed password for invalid user jito from 196.251.84.225 port 44436 ssh2
May  7 12:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13308]: Connection closed by 196.251.84.225 port 44436 [preauth]
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13337]: pam_unix(cron:session): session closed for user p13x
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13404]: Successful su for rubyman by root
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13404]: + ??? root:rubyman
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346670 of user rubyman.
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13404]: pam_unix(su:session): session closed for user rubyman
May  7 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346670.
May  7 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session closed for user root
May  7 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13338]: pam_unix(cron:session): session closed for user samftp
May  7 12:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Invalid user palworld from 196.251.84.225
May  7 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: input_userauth_request: invalid user palworld [preauth]
May  7 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Failed password for invalid user palworld from 196.251.84.225 port 47670 ssh2
May  7 12:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13715]: Connection closed by 196.251.84.225 port 47670 [preauth]
May  7 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12509]: pam_unix(cron:session): session closed for user root
May  7 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Invalid user gerrit from 143.198.153.43
May  7 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: input_userauth_request: invalid user gerrit [preauth]
May  7 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Failed password for invalid user gerrit from 143.198.153.43 port 59312 ssh2
May  7 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Received disconnect from 143.198.153.43 port 59312:11: Bye Bye [preauth]
May  7 12:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13798]: Disconnected from 143.198.153.43 port 59312 [preauth]
May  7 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: Invalid user jito from 196.251.84.225
May  7 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: input_userauth_request: invalid user jito [preauth]
May  7 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: Failed password for invalid user jito from 196.251.84.225 port 44990 ssh2
May  7 12:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13800]: Connection closed by 196.251.84.225 port 44990 [preauth]
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13848]: pam_unix(cron:session): session closed for user root
May  7 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13850]: pam_unix(cron:session): session closed for user p13x
May  7 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13914]: Successful su for rubyman by root
May  7 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13914]: + ??? root:rubyman
May  7 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346672 of user rubyman.
May  7 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13914]: pam_unix(su:session): session closed for user rubyman
May  7 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346672.
May  7 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11289]: pam_unix(cron:session): session closed for user root
May  7 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13851]: pam_unix(cron:session): session closed for user samftp
May  7 12:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Invalid user user from 196.251.84.225
May  7 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: input_userauth_request: invalid user user [preauth]
May  7 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Failed password for invalid user user from 196.251.84.225 port 40630 ssh2
May  7 12:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14135]: Connection closed by 196.251.84.225 port 40630 [preauth]
May  7 12:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12899]: pam_unix(cron:session): session closed for user root
May  7 12:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89  user=root
May  7 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Invalid user [ from 195.178.110.50
May  7 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: input_userauth_request: invalid user [ [preauth]
May  7 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: Failed password for root from 189.3.191.89 port 56384 ssh2
May  7 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: Received disconnect from 189.3.191.89 port 56384:11: Bye Bye [preauth]
May  7 12:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14209]: Disconnected from 189.3.191.89 port 56384 [preauth]
May  7 12:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Failed password for invalid user [ from 195.178.110.50 port 57358 ssh2
May  7 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: input_userauth_request: invalid user www-data [preauth]
May  7 12:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Connection closed by 195.178.110.50 port 57358 [preauth]
May  7 12:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Failed password for invalid user www-data from 196.251.84.225 port 51634 ssh2
May  7 12:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14221]: Connection closed by 196.251.84.225 port 51634 [preauth]
May  7 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Invalid user h from 195.178.110.50
May  7 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: input_userauth_request: invalid user h [preauth]
May  7 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 12:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Failed password for invalid user h from 195.178.110.50 port 43482 ssh2
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14265]: pam_unix(cron:session): session closed for user p13x
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14327]: Successful su for rubyman by root
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14327]: + ??? root:rubyman
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346677 of user rubyman.
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14327]: pam_unix(su:session): session closed for user rubyman
May  7 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346677.
May  7 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Connection closed by 195.178.110.50 port 43482 [preauth]
May  7 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11709]: pam_unix(cron:session): session closed for user root
May  7 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Failed password for root from 218.92.0.179 port 60000 ssh2
May  7 12:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session closed for user samftp
May  7 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Failed password for root from 218.92.0.179 port 60000 ssh2
May  7 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Failed password for root from 218.92.0.179 port 60000 ssh2
May  7 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Received disconnect from 218.92.0.179 port 60000:11:  [preauth]
May  7 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: Disconnected from 218.92.0.179 port 60000 [preauth]
May  7 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14395]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: input_userauth_request: invalid user ftp [preauth]
May  7 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  7 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Invalid user u from 195.178.110.50
May  7 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: input_userauth_request: invalid user u [preauth]
May  7 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: Failed password for invalid user ftp from 196.251.84.225 port 49906 ssh2
May  7 12:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14526]: Connection closed by 196.251.84.225 port 49906 [preauth]
May  7 12:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Failed password for invalid user u from 195.178.110.50 port 30400 ssh2
May  7 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14394]: Connection closed by 195.178.110.50 port 30400 [preauth]
May  7 12:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: Invalid user $ from 195.178.110.50
May  7 12:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: input_userauth_request: invalid user $ [preauth]
May  7 12:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13340]: pam_unix(cron:session): session closed for user root
May  7 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: Failed password for invalid user $ from 195.178.110.50 port 45108 ssh2
May  7 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14551]: Connection closed by 195.178.110.50 port 45108 [preauth]
May  7 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Failed password for root from 196.251.84.225 port 34566 ssh2
May  7 12:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Failed password for root from 218.92.0.226 port 14054 ssh2
May  7 12:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14641]: Connection closed by 196.251.84.225 port 34566 [preauth]
May  7 12:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Failed password for root from 218.92.0.226 port 14054 ssh2
May  7 12:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Failed password for root from 218.92.0.226 port 14054 ssh2
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Received disconnect from 218.92.0.226 port 14054:11:  [preauth]
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: Disconnected from 218.92.0.226 port 14054 [preauth]
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14631]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Invalid user server from 64.23.161.151
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: input_userauth_request: invalid user server [preauth]
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Failed password for invalid user server from 64.23.161.151 port 38762 ssh2
May  7 12:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14668]: Connection closed by 64.23.161.151 port 38762 [preauth]
May  7 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: Invalid user 1 from 195.178.110.50
May  7 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: input_userauth_request: invalid user 1 [preauth]
May  7 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: Failed password for invalid user 1 from 195.178.110.50 port 9500 ssh2
May  7 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14630]: Connection closed by 195.178.110.50 port 9500 [preauth]
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14695]: pam_unix(cron:session): session closed for user p13x
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: Successful su for rubyman by root
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: + ??? root:rubyman
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346681 of user rubyman.
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14756]: pam_unix(su:session): session closed for user rubyman
May  7 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346681.
May  7 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12100]: pam_unix(cron:session): session closed for user root
May  7 12:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14696]: pam_unix(cron:session): session closed for user samftp
May  7 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Invalid user puppet from 196.251.84.225
May  7 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: input_userauth_request: invalid user puppet [preauth]
May  7 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Failed password for invalid user puppet from 196.251.84.225 port 49496 ssh2
May  7 12:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14951]: Connection closed by 196.251.84.225 port 49496 [preauth]
May  7 12:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 12:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Failed password for root from 218.92.0.225 port 38710 ssh2
May  7 12:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 38710 ssh2]
May  7 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Received disconnect from 218.92.0.225 port 38710:11:  [preauth]
May  7 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: Disconnected from 218.92.0.225 port 38710 [preauth]
May  7 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14985]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13853]: pam_unix(cron:session): session closed for user root
May  7 12:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Invalid user jito from 196.251.84.225
May  7 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: input_userauth_request: invalid user jito [preauth]
May  7 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 12:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Failed password for invalid user jito from 196.251.84.225 port 54074 ssh2
May  7 12:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Connection closed by 196.251.84.225 port 54074 [preauth]
May  7 12:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: Failed password for root from 218.92.0.225 port 50082 ssh2
May  7 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 50082 ssh2]
May  7 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: Received disconnect from 218.92.0.225 port 50082:11:  [preauth]
May  7 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: Disconnected from 218.92.0.225 port 50082 [preauth]
May  7 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15056]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 12:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: Failed password for root from 218.92.0.225 port 15630 ssh2
May  7 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 15630 ssh2]
May  7 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: Received disconnect from 218.92.0.225 port 15630:11:  [preauth]
May  7 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: Disconnected from 218.92.0.225 port 15630 [preauth]
May  7 12:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15079]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15115]: pam_unix(cron:session): session closed for user root
May  7 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15110]: pam_unix(cron:session): session closed for user p13x
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15178]: Successful su for rubyman by root
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15178]: + ??? root:rubyman
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15178]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346688 of user rubyman.
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15178]: pam_unix(su:session): session closed for user rubyman
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346688.
May  7 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15112]: pam_unix(cron:session): session closed for user root
May  7 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Failed password for root from 218.92.0.205 port 37618 ssh2
May  7 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12508]: pam_unix(cron:session): session closed for user root
May  7 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: input_userauth_request: invalid user mysql [preauth]
May  7 12:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  7 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15111]: pam_unix(cron:session): session closed for user samftp
May  7 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Failed password for root from 218.92.0.205 port 37618 ssh2
May  7 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: Failed password for invalid user mysql from 196.251.84.225 port 42132 ssh2
May  7 12:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15361]: Connection closed by 196.251.84.225 port 42132 [preauth]
May  7 12:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Failed password for root from 218.92.0.205 port 37618 ssh2
May  7 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 37618 ssh2]
May  7 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 37618 ssh2 [preauth]
May  7 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: Disconnecting: Too many authentication failures [preauth]
May  7 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 12:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15108]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 12:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session closed for user root
May  7 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Invalid user dolphin from 196.251.84.225
May  7 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: input_userauth_request: invalid user dolphin [preauth]
May  7 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Failed password for root from 123.140.114.196 port 49810 ssh2
May  7 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Received disconnect from 123.140.114.196 port 49810:11: Bye Bye [preauth]
May  7 12:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15453]: Disconnected from 123.140.114.196 port 49810 [preauth]
May  7 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Failed password for invalid user dolphin from 196.251.84.225 port 43066 ssh2
May  7 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Connection closed by 196.251.84.225 port 43066 [preauth]
May  7 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Invalid user test from 164.68.105.9
May  7 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: input_userauth_request: invalid user test [preauth]
May  7 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Failed password for invalid user test from 164.68.105.9 port 41156 ssh2
May  7 12:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15530]: Connection closed by 164.68.105.9 port 41156 [preauth]
May  7 12:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15543]: pam_unix(cron:session): session closed for user p13x
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: input_userauth_request: invalid user ftp [preauth]
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: Successful su for rubyman by root
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: + ??? root:rubyman
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346691 of user rubyman.
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15610]: pam_unix(su:session): session closed for user rubyman
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346691.
May  7 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  7 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Failed password for invalid user ftp from 196.251.84.225 port 51480 ssh2
May  7 12:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15540]: Connection closed by 196.251.84.225 port 51480 [preauth]
May  7 12:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session closed for user root
May  7 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15544]: pam_unix(cron:session): session closed for user samftp
May  7 12:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15008]: Connection reset by 218.92.0.225 port 61724 [preauth]
May  7 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Invalid user nasrin from 143.198.153.43
May  7 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: input_userauth_request: invalid user nasrin [preauth]
May  7 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Failed password for invalid user nasrin from 143.198.153.43 port 39666 ssh2
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Received disconnect from 143.198.153.43 port 39666:11: Bye Bye [preauth]
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15854]: Disconnected from 143.198.153.43 port 39666 [preauth]
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: Invalid user vnc from 196.251.84.225
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: input_userauth_request: invalid user vnc [preauth]
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: Failed password for invalid user vnc from 196.251.84.225 port 57270 ssh2
May  7 12:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15856]: Connection closed by 196.251.84.225 port 57270 [preauth]
May  7 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14698]: pam_unix(cron:session): session closed for user root
May  7 12:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Invalid user operator from 85.208.84.4
May  7 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: input_userauth_request: invalid user operator [preauth]
May  7 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Failed password for invalid user operator from 85.208.84.4 port 60550 ssh2
May  7 12:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15919]: Connection closed by 85.208.84.4 port 60550 [preauth]
May  7 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15954]: pam_unix(cron:session): session closed for user p13x
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Failed password for root from 196.251.84.225 port 52982 ssh2
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16016]: Successful su for rubyman by root
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16016]: + ??? root:rubyman
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346695 of user rubyman.
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16016]: pam_unix(su:session): session closed for user rubyman
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346695.
May  7 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15948]: Connection closed by 196.251.84.225 port 52982 [preauth]
May  7 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13339]: pam_unix(cron:session): session closed for user root
May  7 12:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15955]: pam_unix(cron:session): session closed for user samftp
May  7 12:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Invalid user user from 196.251.84.225
May  7 12:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: input_userauth_request: invalid user user [preauth]
May  7 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Failed password for invalid user user from 196.251.84.225 port 47496 ssh2
May  7 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15114]: pam_unix(cron:session): session closed for user root
May  7 12:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16251]: Connection closed by 196.251.84.225 port 47496 [preauth]
May  7 12:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Invalid user wordpress from 196.251.84.225
May  7 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: input_userauth_request: invalid user wordpress [preauth]
May  7 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16337]: pam_unix(cron:session): session closed for user p13x
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16394]: Successful su for rubyman by root
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16394]: + ??? root:rubyman
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346700 of user rubyman.
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16394]: pam_unix(su:session): session closed for user rubyman
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346700.
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Failed password for invalid user wordpress from 196.251.84.225 port 55004 ssh2
May  7 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16325]: Connection closed by 196.251.84.225 port 55004 [preauth]
May  7 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13852]: pam_unix(cron:session): session closed for user root
May  7 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 218.92.0.237 port 42276 ssh2
May  7 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16338]: pam_unix(cron:session): session closed for user samftp
May  7 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 218.92.0.237 port 42276 ssh2
May  7 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Failed password for root from 218.92.0.237 port 42276 ssh2
May  7 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Received disconnect from 218.92.0.237 port 42276:11:  [preauth]
May  7 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: Disconnected from 218.92.0.237 port 42276 [preauth]
May  7 12:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16335]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 12:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Invalid user auto from 189.3.191.89
May  7 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: input_userauth_request: invalid user auto [preauth]
May  7 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Failed password for invalid user auto from 189.3.191.89 port 48510 ssh2
May  7 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Received disconnect from 189.3.191.89 port 48510:11: Bye Bye [preauth]
May  7 12:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16668]: Disconnected from 189.3.191.89 port 48510 [preauth]
May  7 12:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15546]: pam_unix(cron:session): session closed for user root
May  7 12:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Failed password for root from 196.251.84.225 port 57566 ssh2
May  7 12:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16701]: Connection closed by 196.251.84.225 port 57566 [preauth]
May  7 12:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Invalid user dolphinscheduler from 196.251.84.225
May  7 12:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 37204 ssh2
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16794]: pam_unix(cron:session): session closed for user p13x
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16853]: Successful su for rubyman by root
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16853]: + ??? root:rubyman
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346703 of user rubyman.
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16853]: pam_unix(su:session): session closed for user rubyman
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346703.
May  7 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16782]: Connection closed by 196.251.84.225 port 37204 [preauth]
May  7 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session closed for user root
May  7 12:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16795]: pam_unix(cron:session): session closed for user samftp
May  7 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: Invalid user steam from 196.251.84.225
May  7 12:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: input_userauth_request: invalid user steam [preauth]
May  7 12:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: Failed password for invalid user steam from 196.251.84.225 port 40236 ssh2
May  7 12:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17130]: Connection closed by 196.251.84.225 port 40236 [preauth]
May  7 12:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15957]: pam_unix(cron:session): session closed for user root
May  7 12:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Invalid user wordpress from 196.251.84.225
May  7 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: input_userauth_request: invalid user wordpress [preauth]
May  7 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Failed password for invalid user wordpress from 196.251.84.225 port 36754 ssh2
May  7 12:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17207]: Connection closed by 196.251.84.225 port 36754 [preauth]
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session closed for user root
May  7 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session closed for user p13x
May  7 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: Successful su for rubyman by root
May  7 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: + ??? root:rubyman
May  7 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346707 of user rubyman.
May  7 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17296]: pam_unix(su:session): session closed for user rubyman
May  7 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346707.
May  7 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17225]: pam_unix(cron:session): session closed for user root
May  7 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14697]: pam_unix(cron:session): session closed for user root
May  7 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17224]: pam_unix(cron:session): session closed for user samftp
May  7 12:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Invalid user nagios from 196.251.84.225
May  7 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: input_userauth_request: invalid user nagios [preauth]
May  7 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Failed password for invalid user nagios from 196.251.84.225 port 52524 ssh2
May  7 12:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Connection closed by 196.251.84.225 port 52524 [preauth]
May  7 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16340]: pam_unix(cron:session): session closed for user root
May  7 12:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17660]: Failed password for root from 196.251.84.225 port 57670 ssh2
May  7 12:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17660]: Connection closed by 196.251.84.225 port 57670 [preauth]
May  7 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Failed password for root from 143.198.153.43 port 50652 ssh2
May  7 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Received disconnect from 143.198.153.43 port 50652:11: Bye Bye [preauth]
May  7 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17670]: Disconnected from 143.198.153.43 port 50652 [preauth]
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17675]: pam_unix(cron:session): session closed for user p13x
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17743]: Successful su for rubyman by root
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17743]: + ??? root:rubyman
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346713 of user rubyman.
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17743]: pam_unix(su:session): session closed for user rubyman
May  7 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346713.
May  7 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15113]: pam_unix(cron:session): session closed for user root
May  7 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17676]: pam_unix(cron:session): session closed for user samftp
May  7 12:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: Invalid user oracle from 196.251.84.225
May  7 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: input_userauth_request: invalid user oracle [preauth]
May  7 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: Failed password for invalid user oracle from 196.251.84.225 port 52168 ssh2
May  7 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Invalid user syp from 115.78.4.182
May  7 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: input_userauth_request: invalid user syp [preauth]
May  7 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 12:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18086]: Connection closed by 196.251.84.225 port 52168 [preauth]
May  7 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Failed password for invalid user syp from 115.78.4.182 port 37072 ssh2
May  7 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Received disconnect from 115.78.4.182 port 37072:11: Bye Bye [preauth]
May  7 12:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18108]: Disconnected from 115.78.4.182 port 37072 [preauth]
May  7 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16797]: pam_unix(cron:session): session closed for user root
May  7 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: Invalid user meta from 64.23.161.151
May  7 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: input_userauth_request: invalid user meta [preauth]
May  7 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: Failed password for invalid user meta from 64.23.161.151 port 48218 ssh2
May  7 12:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: Connection closed by 64.23.161.151 port 48218 [preauth]
May  7 12:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: Invalid user postgres from 196.251.84.225
May  7 12:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: input_userauth_request: invalid user postgres [preauth]
May  7 12:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: Failed password for invalid user postgres from 196.251.84.225 port 35336 ssh2
May  7 12:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18194]: Connection closed by 196.251.84.225 port 35336 [preauth]
May  7 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18215]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18216]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18215]: pam_unix(cron:session): session closed for user p13x
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: Successful su for rubyman by root
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: + ??? root:rubyman
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346718 of user rubyman.
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18275]: pam_unix(su:session): session closed for user rubyman
May  7 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346718.
May  7 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15545]: pam_unix(cron:session): session closed for user root
May  7 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18216]: pam_unix(cron:session): session closed for user samftp
May  7 12:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Invalid user paul from 123.140.114.196
May  7 12:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: input_userauth_request: invalid user paul [preauth]
May  7 12:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196
May  7 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for invalid user paul from 123.140.114.196 port 51938 ssh2
May  7 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Received disconnect from 123.140.114.196 port 51938:11: Bye Bye [preauth]
May  7 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Disconnected from 123.140.114.196 port 51938 [preauth]
May  7 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: Invalid user solana from 196.251.84.225
May  7 12:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: input_userauth_request: invalid user solana [preauth]
May  7 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: Failed password for invalid user solana from 196.251.84.225 port 39612 ssh2
May  7 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18508]: Connection closed by 196.251.84.225 port 39612 [preauth]
May  7 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17227]: pam_unix(cron:session): session closed for user root
May  7 12:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Invalid user user1 from 196.251.84.225
May  7 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: input_userauth_request: invalid user user1 [preauth]
May  7 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Failed password for invalid user user1 from 196.251.84.225 port 56374 ssh2
May  7 12:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18605]: Connection closed by 196.251.84.225 port 56374 [preauth]
May  7 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18625]: pam_unix(cron:session): session closed for user p13x
May  7 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: Successful su for rubyman by root
May  7 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: + ??? root:rubyman
May  7 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346722 of user rubyman.
May  7 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18686]: pam_unix(su:session): session closed for user rubyman
May  7 12:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346722.
May  7 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15956]: pam_unix(cron:session): session closed for user root
May  7 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18626]: pam_unix(cron:session): session closed for user samftp
May  7 12:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18913]: Failed password for root from 196.251.84.225 port 33318 ssh2
May  7 12:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18913]: Connection closed by 196.251.84.225 port 33318 [preauth]
May  7 12:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17678]: pam_unix(cron:session): session closed for user root
May  7 12:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Invalid user palworld from 196.251.84.225
May  7 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: input_userauth_request: invalid user palworld [preauth]
May  7 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Failed password for invalid user palworld from 196.251.84.225 port 51096 ssh2
May  7 12:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19002]: Connection closed by 196.251.84.225 port 51096 [preauth]
May  7 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Invalid user lena from 189.3.191.89
May  7 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: input_userauth_request: invalid user lena [preauth]
May  7 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Failed password for invalid user lena from 189.3.191.89 port 51946 ssh2
May  7 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Received disconnect from 189.3.191.89 port 51946:11: Bye Bye [preauth]
May  7 12:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Disconnected from 189.3.191.89 port 51946 [preauth]
May  7 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19035]: pam_unix(cron:session): session closed for user p13x
May  7 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19103]: Successful su for rubyman by root
May  7 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19103]: + ??? root:rubyman
May  7 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346726 of user rubyman.
May  7 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19103]: pam_unix(su:session): session closed for user rubyman
May  7 12:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346726.
May  7 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16339]: pam_unix(cron:session): session closed for user root
May  7 12:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19038]: pam_unix(cron:session): session closed for user samftp
May  7 12:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Invalid user admin from 80.94.95.112
May  7 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: input_userauth_request: invalid user admin [preauth]
May  7 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Failed password for invalid user admin from 80.94.95.112 port 14902 ssh2
May  7 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Failed password for invalid user admin from 80.94.95.112 port 14902 ssh2
May  7 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Failed password for root from 196.251.84.225 port 50784 ssh2
May  7 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19328]: Connection closed by 196.251.84.225 port 50784 [preauth]
May  7 12:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Failed password for invalid user admin from 80.94.95.112 port 14902 ssh2
May  7 12:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Failed password for invalid user admin from 80.94.95.112 port 14902 ssh2
May  7 12:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Failed password for invalid user admin from 80.94.95.112 port 14902 ssh2
May  7 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Received disconnect from 80.94.95.112 port 14902:11: Bye [preauth]
May  7 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: Disconnected from 80.94.95.112 port 14902 [preauth]
May  7 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 12:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19303]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18218]: pam_unix(cron:session): session closed for user root
May  7 12:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: Invalid user user1 from 196.251.84.225
May  7 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: input_userauth_request: invalid user user1 [preauth]
May  7 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: Failed password for invalid user user1 from 196.251.84.225 port 33774 ssh2
May  7 12:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: Connection closed by 196.251.84.225 port 33774 [preauth]
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session closed for user root
May  7 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19448]: pam_unix(cron:session): session closed for user p13x
May  7 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19525]: Successful su for rubyman by root
May  7 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19525]: + ??? root:rubyman
May  7 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346730 of user rubyman.
May  7 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19525]: pam_unix(su:session): session closed for user rubyman
May  7 12:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346730.
May  7 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16796]: pam_unix(cron:session): session closed for user root
May  7 12:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19450]: pam_unix(cron:session): session closed for user root
May  7 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19449]: pam_unix(cron:session): session closed for user samftp
May  7 12:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Invalid user dolphinscheduler from 196.251.84.225
May  7 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 36856 ssh2
May  7 12:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19756]: Connection closed by 196.251.84.225 port 36856 [preauth]
May  7 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session closed for user root
May  7 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 12:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Invalid user dolphin from 196.251.84.225
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: input_userauth_request: invalid user dolphin [preauth]
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19856]: Failed password for root from 143.198.153.43 port 35892 ssh2
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19856]: Received disconnect from 143.198.153.43 port 35892:11: Bye Bye [preauth]
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19856]: Disconnected from 143.198.153.43 port 35892 [preauth]
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Failed password for invalid user dolphin from 196.251.84.225 port 35148 ssh2
May  7 12:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19858]: Connection closed by 196.251.84.225 port 35148 [preauth]
May  7 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19906]: pam_unix(cron:session): session closed for user p13x
May  7 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: Successful su for rubyman by root
May  7 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: + ??? root:rubyman
May  7 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346737 of user rubyman.
May  7 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19981]: pam_unix(su:session): session closed for user rubyman
May  7 12:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346737.
May  7 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17226]: pam_unix(cron:session): session closed for user root
May  7 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19907]: pam_unix(cron:session): session closed for user samftp
May  7 12:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Invalid user nagios from 196.251.84.225
May  7 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: input_userauth_request: invalid user nagios [preauth]
May  7 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Invalid user zhangxiufang from 164.68.105.9
May  7 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: input_userauth_request: invalid user zhangxiufang [preauth]
May  7 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Failed password for invalid user nagios from 196.251.84.225 port 38002 ssh2
May  7 12:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Connection closed by 196.251.84.225 port 38002 [preauth]
May  7 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Failed password for invalid user zhangxiufang from 164.68.105.9 port 35544 ssh2
May  7 12:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20176]: Connection closed by 164.68.105.9 port 35544 [preauth]
May  7 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19041]: pam_unix(cron:session): session closed for user root
May  7 12:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Invalid user ftpuser from 196.251.84.225
May  7 12:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: input_userauth_request: invalid user ftpuser [preauth]
May  7 12:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Failed password for invalid user ftpuser from 196.251.84.225 port 51948 ssh2
May  7 12:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20265]: Connection closed by 196.251.84.225 port 51948 [preauth]
May  7 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20321]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20321]: pam_unix(cron:session): session closed for user p13x
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20382]: Successful su for rubyman by root
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20382]: + ??? root:rubyman
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346739 of user rubyman.
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20382]: pam_unix(su:session): session closed for user rubyman
May  7 12:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346739.
May  7 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17677]: pam_unix(cron:session): session closed for user root
May  7 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Invalid user receive from 115.78.4.182
May  7 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: input_userauth_request: invalid user receive [preauth]
May  7 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 12:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session closed for user samftp
May  7 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Invalid user gmodserver from 196.251.84.225
May  7 12:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: input_userauth_request: invalid user gmodserver [preauth]
May  7 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Failed password for invalid user receive from 115.78.4.182 port 45116 ssh2
May  7 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Received disconnect from 115.78.4.182 port 45116:11: Bye Bye [preauth]
May  7 12:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20559]: Disconnected from 115.78.4.182 port 45116 [preauth]
May  7 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Failed password for invalid user gmodserver from 196.251.84.225 port 35272 ssh2
May  7 12:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20554]: Connection closed by 196.251.84.225 port 35272 [preauth]
May  7 12:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19452]: pam_unix(cron:session): session closed for user root
May  7 12:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: input_userauth_request: invalid user sys [preauth]
May  7 12:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  7 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Failed password for invalid user sys from 196.251.84.225 port 59078 ssh2
May  7 12:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Connection closed by 196.251.84.225 port 59078 [preauth]
May  7 12:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 12:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Failed password for root from 218.92.0.231 port 49564 ssh2
May  7 12:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 49564 ssh2]
May  7 12:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Received disconnect from 218.92.0.231 port 49564:11:  [preauth]
May  7 12:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: Disconnected from 218.92.0.231 port 49564 [preauth]
May  7 12:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20680]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 12:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20720]: Did not receive identification string from 154.81.156.51
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20731]: pam_unix(cron:session): session closed for user p13x
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20793]: Successful su for rubyman by root
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20793]: + ??? root:rubyman
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346743 of user rubyman.
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20793]: pam_unix(su:session): session closed for user rubyman
May  7 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346743.
May  7 12:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18217]: pam_unix(cron:session): session closed for user root
May  7 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20732]: pam_unix(cron:session): session closed for user samftp
May  7 12:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Invalid user admin from 194.0.234.19
May  7 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: input_userauth_request: invalid user admin [preauth]
May  7 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Failed password for invalid user admin from 194.0.234.19 port 36122 ssh2
May  7 12:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20990]: Connection closed by 194.0.234.19 port 36122 [preauth]
May  7 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Invalid user dolphin from 196.251.84.225
May  7 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: input_userauth_request: invalid user dolphin [preauth]
May  7 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Failed password for invalid user dolphin from 196.251.84.225 port 49090 ssh2
May  7 12:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20991]: Connection closed by 196.251.84.225 port 49090 [preauth]
May  7 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19910]: pam_unix(cron:session): session closed for user root
May  7 12:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for root from 196.251.84.225 port 32808 ssh2
May  7 12:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Connection closed by 196.251.84.225 port 32808 [preauth]
May  7 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21154]: pam_unix(cron:session): session closed for user p13x
May  7 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: Successful su for rubyman by root
May  7 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: + ??? root:rubyman
May  7 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346748 of user rubyman.
May  7 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21241]: pam_unix(su:session): session closed for user rubyman
May  7 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346748.
May  7 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18627]: pam_unix(cron:session): session closed for user root
May  7 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21155]: pam_unix(cron:session): session closed for user samftp
May  7 12:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Invalid user admin from 196.251.84.225
May  7 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: input_userauth_request: invalid user admin [preauth]
May  7 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Failed password for invalid user admin from 196.251.84.225 port 39776 ssh2
May  7 12:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21436]: Connection closed by 196.251.84.225 port 39776 [preauth]
May  7 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Invalid user gary from 64.23.161.151
May  7 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: input_userauth_request: invalid user gary [preauth]
May  7 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Invalid user marty from 189.3.191.89
May  7 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: input_userauth_request: invalid user marty [preauth]
May  7 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Failed password for invalid user gary from 64.23.161.151 port 39774 ssh2
May  7 12:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Connection closed by 64.23.161.151 port 39774 [preauth]
May  7 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Failed password for invalid user marty from 189.3.191.89 port 55828 ssh2
May  7 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Received disconnect from 189.3.191.89 port 55828:11: Bye Bye [preauth]
May  7 12:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21504]: Disconnected from 189.3.191.89 port 55828 [preauth]
May  7 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user root
May  7 12:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Invalid user node from 196.251.84.225
May  7 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: input_userauth_request: invalid user node [preauth]
May  7 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Failed password for invalid user node from 196.251.84.225 port 50214 ssh2
May  7 12:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21536]: Connection closed by 196.251.84.225 port 50214 [preauth]
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user root
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21604]: pam_unix(cron:session): session closed for user p13x
May  7 12:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21702]: Successful su for rubyman by root
May  7 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21702]: + ??? root:rubyman
May  7 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346755 of user rubyman.
May  7 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21702]: pam_unix(su:session): session closed for user rubyman
May  7 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346755.
May  7 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  7 12:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session closed for user root
May  7 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19039]: pam_unix(cron:session): session closed for user root
May  7 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Invalid user uftp from 196.251.84.225
May  7 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: input_userauth_request: invalid user uftp [preauth]
May  7 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21644]: Failed password for root from 218.92.0.209 port 39568 ssh2
May  7 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Failed password for invalid user uftp from 196.251.84.225 port 38152 ssh2
May  7 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22077]: Connection closed by 196.251.84.225 port 38152 [preauth]
May  7 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21605]: pam_unix(cron:session): session closed for user samftp
May  7 12:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Invalid user dispatch from 143.198.153.43
May  7 12:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: input_userauth_request: invalid user dispatch [preauth]
May  7 12:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Failed password for invalid user dispatch from 143.198.153.43 port 44356 ssh2
May  7 12:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Received disconnect from 143.198.153.43 port 44356:11: Bye Bye [preauth]
May  7 12:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22281]: Disconnected from 143.198.153.43 port 44356 [preauth]
May  7 12:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20734]: pam_unix(cron:session): session closed for user root
May  7 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Invalid user ubuntu from 196.251.84.225
May  7 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: input_userauth_request: invalid user ubuntu [preauth]
May  7 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Failed password for invalid user ubuntu from 196.251.84.225 port 38098 ssh2
May  7 12:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Connection closed by 196.251.84.225 port 38098 [preauth]
May  7 12:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: Invalid user bot from 196.251.84.225
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: input_userauth_request: invalid user bot [preauth]
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22394]: pam_unix(cron:session): session closed for user p13x
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22484]: Successful su for rubyman by root
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22484]: + ??? root:rubyman
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346760 of user rubyman.
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22484]: pam_unix(su:session): session closed for user rubyman
May  7 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346760.
May  7 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: Failed password for invalid user bot from 196.251.84.225 port 58612 ssh2
May  7 12:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22391]: Connection closed by 196.251.84.225 port 58612 [preauth]
May  7 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19451]: pam_unix(cron:session): session closed for user root
May  7 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22396]: pam_unix(cron:session): session closed for user samftp
May  7 12:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 12:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Failed password for root from 218.92.0.233 port 23786 ssh2
May  7 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Failed password for root from 218.92.0.233 port 23786 ssh2
May  7 12:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Invalid user admin from 80.94.95.241
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: input_userauth_request: invalid user admin [preauth]
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Failed password for root from 218.92.0.233 port 23786 ssh2
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Received disconnect from 218.92.0.233 port 23786:11:  [preauth]
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: Disconnected from 218.92.0.233 port 23786 [preauth]
May  7 12:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22725]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Failed password for invalid user admin from 80.94.95.241 port 31596 ssh2
May  7 12:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for root from 218.92.0.233 port 23800 ssh2
May  7 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Invalid user developer from 196.251.84.225
May  7 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: input_userauth_request: invalid user developer [preauth]
May  7 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Failed password for invalid user admin from 80.94.95.241 port 31596 ssh2
May  7 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for root from 218.92.0.233 port 23800 ssh2
May  7 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Failed password for invalid user developer from 196.251.84.225 port 32958 ssh2
May  7 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22759]: Connection closed by 196.251.84.225 port 32958 [preauth]
May  7 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Failed password for invalid user admin from 80.94.95.241 port 31596 ssh2
May  7 12:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for root from 218.92.0.233 port 23800 ssh2
May  7 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Received disconnect from 218.92.0.233 port 23800:11:  [preauth]
May  7 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Disconnected from 218.92.0.233 port 23800 [preauth]
May  7 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21157]: pam_unix(cron:session): session closed for user root
May  7 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Failed password for invalid user admin from 80.94.95.241 port 31596 ssh2
May  7 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 12:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Failed password for root from 218.92.0.233 port 61738 ssh2
May  7 12:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Failed password for invalid user admin from 80.94.95.241 port 31596 ssh2
May  7 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Received disconnect from 80.94.95.241 port 31596:11: Bye [preauth]
May  7 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: Disconnected from 80.94.95.241 port 31596 [preauth]
May  7 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 12:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22752]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Failed password for root from 218.92.0.233 port 61738 ssh2
May  7 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Failed password for root from 218.92.0.233 port 61738 ssh2
May  7 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Received disconnect from 218.92.0.233 port 61738:11:  [preauth]
May  7 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: Disconnected from 218.92.0.233 port 61738 [preauth]
May  7 12:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22787]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 12:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Failed password for root from 42.51.3.33 port 30022 ssh2
May  7 12:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Connection closed by 42.51.3.33 port 30022 [preauth]
May  7 12:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Failed password for root from 42.51.3.33 port 30023 ssh2
May  7 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: Connection closed by 42.51.3.33 port 30023 [preauth]
May  7 12:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Failed password for root from 42.51.3.33 port 30024 ssh2
May  7 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22858]: Connection closed by 42.51.3.33 port 30024 [preauth]
May  7 12:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: Invalid user oscar from 196.251.84.225
May  7 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: input_userauth_request: invalid user oscar [preauth]
May  7 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Failed password for root from 42.51.3.33 port 30025 ssh2
May  7 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Connection closed by 42.51.3.33 port 30025 [preauth]
May  7 12:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: Failed password for invalid user oscar from 196.251.84.225 port 56696 ssh2
May  7 12:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22872]: Connection closed by 196.251.84.225 port 56696 [preauth]
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22876]: Failed password for root from 42.51.3.33 port 30026 ssh2
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22876]: Connection closed by 42.51.3.33 port 30026 [preauth]
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22893]: pam_unix(cron:session): session closed for user p13x
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: Successful su for rubyman by root
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: + ??? root:rubyman
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346762 of user rubyman.
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22987]: pam_unix(su:session): session closed for user rubyman
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346762.
May  7 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: Failed password for root from 42.51.3.33 port 30027 ssh2
May  7 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22878]: Connection closed by 42.51.3.33 port 30027 [preauth]
May  7 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19908]: pam_unix(cron:session): session closed for user root
May  7 12:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22894]: pam_unix(cron:session): session closed for user samftp
May  7 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Failed password for root from 42.51.3.33 port 30028 ssh2
May  7 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Connection closed by 42.51.3.33 port 30028 [preauth]
May  7 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for root from 42.51.3.33 port 30029 ssh2
May  7 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Connection closed by 42.51.3.33 port 30029 [preauth]
May  7 12:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Failed password for root from 42.51.3.33 port 30030 ssh2
May  7 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23183]: Connection closed by 42.51.3.33 port 30030 [preauth]
May  7 12:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: Failed password for root from 42.51.3.33 port 30031 ssh2
May  7 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23201]: Connection closed by 42.51.3.33 port 30031 [preauth]
May  7 12:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: Failed password for root from 42.51.3.33 port 30032 ssh2
May  7 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23214]: Connection closed by 42.51.3.33 port 30032 [preauth]
May  7 12:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23225]: Failed password for root from 42.51.3.33 port 30033 ssh2
May  7 12:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23225]: Connection closed by 42.51.3.33 port 30033 [preauth]
May  7 12:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: Failed password for root from 42.51.3.33 port 30034 ssh2
May  7 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: Connection closed by 42.51.3.33 port 30034 [preauth]
May  7 12:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Invalid user latitude from 196.251.84.225
May  7 12:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: input_userauth_request: invalid user latitude [preauth]
May  7 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Failed password for root from 42.51.3.33 port 30035 ssh2
May  7 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: Connection closed by 42.51.3.33 port 30035 [preauth]
May  7 12:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Failed password for invalid user latitude from 196.251.84.225 port 36824 ssh2
May  7 12:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23253]: Connection closed by 196.251.84.225 port 36824 [preauth]
May  7 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Failed password for root from 42.51.3.33 port 30036 ssh2
May  7 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23262]: Connection closed by 42.51.3.33 port 30036 [preauth]
May  7 12:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Failed password for root from 42.51.3.33 port 30037 ssh2
May  7 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session closed for user root
May  7 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23265]: Connection closed by 42.51.3.33 port 30037 [preauth]
May  7 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23296]: Failed password for root from 42.51.3.33 port 30039 ssh2
May  7 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23296]: Connection closed by 42.51.3.33 port 30039 [preauth]
May  7 12:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Invalid user ubuntu from 115.78.4.182
May  7 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: input_userauth_request: invalid user ubuntu [preauth]
May  7 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for root from 42.51.3.33 port 30040 ssh2
May  7 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Connection closed by 42.51.3.33 port 30040 [preauth]
May  7 12:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Failed password for invalid user ubuntu from 115.78.4.182 port 53170 ssh2
May  7 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Received disconnect from 115.78.4.182 port 53170:11: Bye Bye [preauth]
May  7 12:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Disconnected from 115.78.4.182 port 53170 [preauth]
May  7 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: Failed password for root from 42.51.3.33 port 30041 ssh2
May  7 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23399]: Connection closed by 42.51.3.33 port 30041 [preauth]
May  7 12:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: Failed password for root from 42.51.3.33 port 30042 ssh2
May  7 12:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23409]: Connection closed by 42.51.3.33 port 30042 [preauth]
May  7 12:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Failed password for root from 42.51.3.33 port 30043 ssh2
May  7 12:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23428]: Connection closed by 42.51.3.33 port 30043 [preauth]
May  7 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Failed password for root from 42.51.3.33 port 30044 ssh2
May  7 12:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23431]: Connection closed by 42.51.3.33 port 30044 [preauth]
May  7 12:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Failed password for root from 42.51.3.33 port 30045 ssh2
May  7 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23443]: Connection closed by 42.51.3.33 port 30045 [preauth]
May  7 12:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Invalid user palworld from 196.251.84.225
May  7 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: input_userauth_request: invalid user palworld [preauth]
May  7 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Failed password for invalid user palworld from 196.251.84.225 port 55258 ssh2
May  7 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Failed password for root from 42.51.3.33 port 30046 ssh2
May  7 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23446]: Connection closed by 196.251.84.225 port 55258 [preauth]
May  7 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23448]: Connection closed by 42.51.3.33 port 30046 [preauth]
May  7 12:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 42.51.3.33 port 30047 ssh2
May  7 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Connection closed by 42.51.3.33 port 30047 [preauth]
May  7 12:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user p13x
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23535]: Successful su for rubyman by root
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23535]: + ??? root:rubyman
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346766 of user rubyman.
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23535]: pam_unix(su:session): session closed for user rubyman
May  7 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346766.
May  7 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Failed password for root from 42.51.3.33 port 30048 ssh2
May  7 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23472]: Connection closed by 42.51.3.33 port 30048 [preauth]
May  7 12:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session closed for user root
May  7 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session closed for user samftp
May  7 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: Failed password for root from 42.51.3.33 port 30049 ssh2
May  7 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23664]: Connection closed by 42.51.3.33 port 30049 [preauth]
May  7 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: Failed password for root from 42.51.3.33 port 30050 ssh2
May  7 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: Connection closed by 42.51.3.33 port 30050 [preauth]
May  7 12:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: Failed password for root from 42.51.3.33 port 30051 ssh2
May  7 12:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: Connection closed by 42.51.3.33 port 30051 [preauth]
May  7 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: Failed password for root from 42.51.3.33 port 30052 ssh2
May  7 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: Connection closed by 42.51.3.33 port 30052 [preauth]
May  7 12:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for root from 42.51.3.33 port 30053 ssh2
May  7 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Connection closed by 42.51.3.33 port 30053 [preauth]
May  7 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Invalid user ethnode from 196.251.84.225
May  7 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: input_userauth_request: invalid user ethnode [preauth]
May  7 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: Failed password for root from 42.51.3.33 port 30054 ssh2
May  7 12:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23851]: Connection closed by 42.51.3.33 port 30054 [preauth]
May  7 12:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Failed password for invalid user ethnode from 196.251.84.225 port 50452 ssh2
May  7 12:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23865]: Connection closed by 196.251.84.225 port 50452 [preauth]
May  7 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: Failed password for root from 42.51.3.33 port 30055 ssh2
May  7 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23870]: Connection closed by 42.51.3.33 port 30055 [preauth]
May  7 12:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23887]: Failed password for root from 42.51.3.33 port 30056 ssh2
May  7 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23887]: Connection closed by 42.51.3.33 port 30056 [preauth]
May  7 12:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Failed password for root from 42.51.3.33 port 30057 ssh2
May  7 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23904]: Connection closed by 42.51.3.33 port 30057 [preauth]
May  7 12:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22398]: pam_unix(cron:session): session closed for user root
May  7 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Failed password for root from 42.51.3.33 port 30058 ssh2
May  7 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23907]: Connection closed by 42.51.3.33 port 30058 [preauth]
May  7 12:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Failed password for root from 42.51.3.33 port 30059 ssh2
May  7 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23940]: Connection closed by 42.51.3.33 port 30059 [preauth]
May  7 12:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Failed password for root from 42.51.3.33 port 30060 ssh2
May  7 12:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23957]: Connection closed by 42.51.3.33 port 30060 [preauth]
May  7 12:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Failed password for root from 42.51.3.33 port 30061 ssh2
May  7 12:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23961]: Connection closed by 42.51.3.33 port 30061 [preauth]
May  7 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23985]: Failed password for root from 42.51.3.33 port 30062 ssh2
May  7 12:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23985]: Connection closed by 42.51.3.33 port 30062 [preauth]
May  7 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Failed password for root from 42.51.3.33 port 30063 ssh2
May  7 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24002]: Connection closed by 42.51.3.33 port 30063 [preauth]
May  7 12:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: Failed password for root from 196.251.84.225 port 44278 ssh2
May  7 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24011]: Connection closed by 196.251.84.225 port 44278 [preauth]
May  7 12:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Failed password for root from 42.51.3.33 port 30064 ssh2
May  7 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24013]: Connection closed by 42.51.3.33 port 30064 [preauth]
May  7 12:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: Failed password for root from 42.51.3.33 port 30065 ssh2
May  7 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24023]: Connection closed by 42.51.3.33 port 30065 [preauth]
May  7 12:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: Failed password for root from 42.51.3.33 port 30066 ssh2
May  7 12:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: Connection closed by 42.51.3.33 port 30066 [preauth]
May  7 12:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24041]: pam_unix(cron:session): session closed for user p13x
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: Successful su for rubyman by root
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: + ??? root:rubyman
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346771 of user rubyman.
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24160]: pam_unix(su:session): session closed for user rubyman
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346771.
May  7 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24039]: pam_unix(cron:session): session closed for user root
May  7 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Failed password for root from 42.51.3.33 port 30067 ssh2
May  7 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24037]: Connection closed by 42.51.3.33 port 30067 [preauth]
May  7 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20733]: pam_unix(cron:session): session closed for user root
May  7 12:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24042]: pam_unix(cron:session): session closed for user samftp
May  7 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Failed password for root from 42.51.3.33 port 30068 ssh2
May  7 12:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24337]: Connection closed by 42.51.3.33 port 30068 [preauth]
May  7 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: Failed password for root from 193.70.84.184 port 52830 ssh2
May  7 12:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: Connection closed by 193.70.84.184 port 52830 [preauth]
May  7 12:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: Failed password for root from 42.51.3.33 port 30069 ssh2
May  7 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: Connection closed by 42.51.3.33 port 30069 [preauth]
May  7 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Failed password for root from 42.51.3.33 port 30070 ssh2
May  7 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24423]: Connection closed by 42.51.3.33 port 30070 [preauth]
May  7 12:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: Failed password for root from 42.51.3.33 port 30071 ssh2
May  7 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24436]: Connection closed by 42.51.3.33 port 30071 [preauth]
May  7 12:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: Invalid user hadoop from 196.251.84.225
May  7 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: input_userauth_request: invalid user hadoop [preauth]
May  7 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: Failed password for invalid user hadoop from 196.251.84.225 port 42186 ssh2
May  7 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: Failed password for root from 42.51.3.33 port 30072 ssh2
May  7 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24451]: Connection closed by 196.251.84.225 port 42186 [preauth]
May  7 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24453]: Connection closed by 42.51.3.33 port 30072 [preauth]
May  7 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Failed password for root from 42.51.3.33 port 30073 ssh2
May  7 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24467]: Connection closed by 42.51.3.33 port 30073 [preauth]
May  7 12:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: Failed password for root from 42.51.3.33 port 30074 ssh2
May  7 12:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24469]: Connection closed by 42.51.3.33 port 30074 [preauth]
May  7 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Failed password for root from 42.51.3.33 port 30075 ssh2
May  7 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24492]: Connection closed by 42.51.3.33 port 30075 [preauth]
May  7 12:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Failed password for root from 42.51.3.33 port 30076 ssh2
May  7 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24494]: Connection closed by 42.51.3.33 port 30076 [preauth]
May  7 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user root
May  7 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Failed password for root from 42.51.3.33 port 30077 ssh2
May  7 12:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24519]: Connection closed by 42.51.3.33 port 30077 [preauth]
May  7 12:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Failed password for root from 42.51.3.33 port 30078 ssh2
May  7 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24549]: Connection closed by 42.51.3.33 port 30078 [preauth]
May  7 12:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Failed password for root from 42.51.3.33 port 30079 ssh2
May  7 12:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24552]: Connection closed by 42.51.3.33 port 30079 [preauth]
May  7 12:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: Invalid user admin from 196.251.84.225
May  7 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: input_userauth_request: invalid user admin [preauth]
May  7 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24578]: Failed password for root from 42.51.3.33 port 30080 ssh2
May  7 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24578]: Connection closed by 42.51.3.33 port 30080 [preauth]
May  7 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: Failed password for invalid user admin from 196.251.84.225 port 59974 ssh2
May  7 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24580]: Connection closed by 196.251.84.225 port 59974 [preauth]
May  7 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Failed password for root from 42.51.3.33 port 30081 ssh2
May  7 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24592]: Connection closed by 42.51.3.33 port 30081 [preauth]
May  7 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Failed password for root from 42.51.3.33 port 30082 ssh2
May  7 12:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24595]: Connection closed by 42.51.3.33 port 30082 [preauth]
May  7 12:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Failed password for root from 42.51.3.33 port 30083 ssh2
May  7 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24607]: Connection closed by 42.51.3.33 port 30083 [preauth]
May  7 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Failed password for root from 42.51.3.33 port 30084 ssh2
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24618]: Connection closed by 42.51.3.33 port 30084 [preauth]
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user root
May  7 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24623]: pam_unix(cron:session): session closed for user p13x
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: Successful su for rubyman by root
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: + ??? root:rubyman
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346774 of user rubyman.
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24696]: pam_unix(su:session): session closed for user rubyman
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346774.
May  7 12:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24625]: pam_unix(cron:session): session closed for user root
May  7 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21156]: pam_unix(cron:session): session closed for user root
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Failed password for root from 42.51.3.33 port 30085 ssh2
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24726]: Connection closed by 42.51.3.33 port 30085 [preauth]
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Invalid user myuser from 143.198.153.43
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: input_userauth_request: invalid user myuser [preauth]
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Invalid user ec2-user from 189.3.191.89
May  7 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: input_userauth_request: invalid user ec2-user [preauth]
May  7 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24624]: pam_unix(cron:session): session closed for user samftp
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Failed password for invalid user myuser from 143.198.153.43 port 60720 ssh2
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Failed password for root from 42.51.3.33 port 30086 ssh2
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Received disconnect from 143.198.153.43 port 60720:11: Bye Bye [preauth]
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24890]: Disconnected from 143.198.153.43 port 60720 [preauth]
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24887]: Connection closed by 42.51.3.33 port 30086 [preauth]
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Failed password for invalid user ec2-user from 189.3.191.89 port 47812 ssh2
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Received disconnect from 189.3.191.89 port 47812:11: Bye Bye [preauth]
May  7 12:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24894]: Disconnected from 189.3.191.89 port 47812 [preauth]
May  7 12:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Failed password for root from 42.51.3.33 port 30087 ssh2
May  7 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24919]: Connection closed by 42.51.3.33 port 30087 [preauth]
May  7 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Invalid user hadoop from 196.251.84.225
May  7 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: input_userauth_request: invalid user hadoop [preauth]
May  7 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Failed password for invalid user hadoop from 196.251.84.225 port 59284 ssh2
May  7 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24931]: Connection closed by 196.251.84.225 port 59284 [preauth]
May  7 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: Failed password for root from 42.51.3.33 port 30088 ssh2
May  7 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24934]: Connection closed by 42.51.3.33 port 30088 [preauth]
May  7 12:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Failed password for root from 42.51.3.33 port 30089 ssh2
May  7 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24962]: Connection closed by 42.51.3.33 port 30089 [preauth]
May  7 12:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Failed password for root from 42.51.3.33 port 30090 ssh2
May  7 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24964]: Connection closed by 42.51.3.33 port 30090 [preauth]
May  7 12:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Failed password for root from 42.51.3.33 port 30091 ssh2
May  7 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24975]: Connection closed by 42.51.3.33 port 30091 [preauth]
May  7 12:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Failed password for root from 42.51.3.33 port 30092 ssh2
May  7 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24998]: Connection closed by 42.51.3.33 port 30092 [preauth]
May  7 12:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Failed password for root from 42.51.3.33 port 30093 ssh2
May  7 12:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25000]: Connection closed by 42.51.3.33 port 30093 [preauth]
May  7 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23478]: pam_unix(cron:session): session closed for user root
May  7 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: Failed password for root from 42.51.3.33 port 30094 ssh2
May  7 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: Connection closed by 42.51.3.33 port 30094 [preauth]
May  7 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Failed password for root from 42.51.3.33 port 30095 ssh2
May  7 12:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25044]: Connection closed by 42.51.3.33 port 30095 [preauth]
May  7 12:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Invalid user goeth from 196.251.84.225
May  7 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: input_userauth_request: invalid user goeth [preauth]
May  7 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Failed password for root from 42.51.3.33 port 30096 ssh2
May  7 12:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25046]: Connection closed by 42.51.3.33 port 30096 [preauth]
May  7 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Failed password for invalid user goeth from 196.251.84.225 port 48258 ssh2
May  7 12:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25048]: Connection closed by 196.251.84.225 port 48258 [preauth]
May  7 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Failed password for root from 42.51.3.33 port 30097 ssh2
May  7 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25058]: Connection closed by 42.51.3.33 port 30097 [preauth]
May  7 12:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: Failed password for root from 42.51.3.33 port 30098 ssh2
May  7 12:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25073]: Connection closed by 42.51.3.33 port 30098 [preauth]
May  7 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for root from 42.51.3.33 port 30099 ssh2
May  7 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Connection closed by 42.51.3.33 port 30099 [preauth]
May  7 12:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Failed password for root from 42.51.3.33 port 30100 ssh2
May  7 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Connection closed by 42.51.3.33 port 30100 [preauth]
May  7 12:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Failed password for root from 42.51.3.33 port 30101 ssh2
May  7 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25095]: Connection closed by 42.51.3.33 port 30101 [preauth]
May  7 12:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25109]: pam_unix(cron:session): session closed for user p13x
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Failed password for root from 42.51.3.33 port 30102 ssh2
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Connection closed by 42.51.3.33 port 30102 [preauth]
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: Successful su for rubyman by root
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: + ??? root:rubyman
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346780 of user rubyman.
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25185]: pam_unix(su:session): session closed for user rubyman
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346780.
May  7 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Failed password for root from 42.51.3.33 port 30103 ssh2
May  7 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Connection closed by 42.51.3.33 port 30103 [preauth]
May  7 12:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session closed for user root
May  7 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33  user=root
May  7 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25110]: pam_unix(cron:session): session closed for user samftp
May  7 12:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Invalid user samba from 196.251.84.225
May  7 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: input_userauth_request: invalid user samba [preauth]
May  7 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Failed password for root from 42.51.3.33 port 30104 ssh2
May  7 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Connection closed by 42.51.3.33 port 30104 [preauth]
May  7 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Invalid user user from 42.51.3.33
May  7 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: input_userauth_request: invalid user user [preauth]
May  7 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Failed password for invalid user samba from 196.251.84.225 port 45256 ssh2
May  7 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25386]: Connection closed by 196.251.84.225 port 45256 [preauth]
May  7 12:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Failed password for invalid user user from 42.51.3.33 port 30105 ssh2
May  7 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25396]: Connection closed by 42.51.3.33 port 30105 [preauth]
May  7 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Invalid user user from 42.51.3.33
May  7 12:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: input_userauth_request: invalid user user [preauth]
May  7 12:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Failed password for invalid user user from 42.51.3.33 port 30106 ssh2
May  7 12:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25398]: Connection closed by 42.51.3.33 port 30106 [preauth]
May  7 12:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Invalid user user from 42.51.3.33
May  7 12:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: input_userauth_request: invalid user user [preauth]
May  7 12:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Failed password for invalid user user from 42.51.3.33 port 30107 ssh2
May  7 12:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25422]: Connection closed by 42.51.3.33 port 30107 [preauth]
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Invalid user user from 42.51.3.33
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: input_userauth_request: invalid user user [preauth]
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Invalid user user from 123.140.114.196
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: input_userauth_request: invalid user user [preauth]
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196
May  7 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Failed password for invalid user user from 42.51.3.33 port 30108 ssh2
May  7 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Failed password for invalid user user from 123.140.114.196 port 37894 ssh2
May  7 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25424]: Connection closed by 42.51.3.33 port 30108 [preauth]
May  7 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Received disconnect from 123.140.114.196 port 37894:11: Bye Bye [preauth]
May  7 12:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25426]: Disconnected from 123.140.114.196 port 37894 [preauth]
May  7 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: Invalid user user from 42.51.3.33
May  7 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: input_userauth_request: invalid user user [preauth]
May  7 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: Failed password for invalid user user from 42.51.3.33 port 30109 ssh2
May  7 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25436]: Connection closed by 42.51.3.33 port 30109 [preauth]
May  7 12:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Invalid user user from 42.51.3.33
May  7 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: input_userauth_request: invalid user user [preauth]
May  7 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Failed password for invalid user user from 42.51.3.33 port 30110 ssh2
May  7 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25461]: Connection closed by 42.51.3.33 port 30110 [preauth]
May  7 12:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: Invalid user user from 42.51.3.33
May  7 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: input_userauth_request: invalid user user [preauth]
May  7 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: Failed password for invalid user user from 42.51.3.33 port 30111 ssh2
May  7 12:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25463]: Connection closed by 42.51.3.33 port 30111 [preauth]
May  7 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: Invalid user user from 42.51.3.33
May  7 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: input_userauth_request: invalid user user [preauth]
May  7 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: Failed password for invalid user user from 42.51.3.33 port 30112 ssh2
May  7 12:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25473]: Connection closed by 42.51.3.33 port 30112 [preauth]
May  7 12:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24044]: pam_unix(cron:session): session closed for user root
May  7 12:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: Invalid user admin from 196.251.84.225
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: input_userauth_request: invalid user admin [preauth]
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: Invalid user user from 42.51.3.33
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: input_userauth_request: invalid user user [preauth]
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: Failed password for invalid user admin from 196.251.84.225 port 55248 ssh2
May  7 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: Failed password for invalid user user from 42.51.3.33 port 30113 ssh2
May  7 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25502]: Connection closed by 196.251.84.225 port 55248 [preauth]
May  7 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: Connection closed by 42.51.3.33 port 30113 [preauth]
May  7 12:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Invalid user user from 42.51.3.33
May  7 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: input_userauth_request: invalid user user [preauth]
May  7 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Failed password for invalid user user from 42.51.3.33 port 30114 ssh2
May  7 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25506]: Connection closed by 42.51.3.33 port 30114 [preauth]
May  7 12:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Invalid user user from 42.51.3.33
May  7 12:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: input_userauth_request: invalid user user [preauth]
May  7 12:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Failed password for invalid user user from 42.51.3.33 port 30115 ssh2
May  7 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25517]: Connection closed by 42.51.3.33 port 30115 [preauth]
May  7 12:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: Invalid user user from 42.51.3.33
May  7 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: input_userauth_request: invalid user user [preauth]
May  7 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: Failed password for invalid user user from 42.51.3.33 port 30116 ssh2
May  7 12:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25536]: Connection closed by 42.51.3.33 port 30116 [preauth]
May  7 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Invalid user user from 42.51.3.33
May  7 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: input_userauth_request: invalid user user [preauth]
May  7 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Failed password for invalid user user from 42.51.3.33 port 30117 ssh2
May  7 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25555]: Connection closed by 42.51.3.33 port 30117 [preauth]
May  7 12:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Invalid user user from 42.51.3.33
May  7 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: input_userauth_request: invalid user user [preauth]
May  7 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Failed password for invalid user user from 42.51.3.33 port 30118 ssh2
May  7 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25565]: Connection closed by 42.51.3.33 port 30118 [preauth]
May  7 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Invalid user user from 42.51.3.33
May  7 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: input_userauth_request: invalid user user [preauth]
May  7 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Failed password for invalid user user from 42.51.3.33 port 30119 ssh2
May  7 12:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25567]: Connection closed by 42.51.3.33 port 30119 [preauth]
May  7 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Invalid user user from 42.51.3.33
May  7 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: input_userauth_request: invalid user user [preauth]
May  7 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Failed password for invalid user user from 42.51.3.33 port 30120 ssh2
May  7 12:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25577]: Connection closed by 42.51.3.33 port 30120 [preauth]
May  7 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: Invalid user user from 42.51.3.33
May  7 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: input_userauth_request: invalid user user [preauth]
May  7 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user p13x
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25692]: Successful su for rubyman by root
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25692]: + ??? root:rubyman
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346786 of user rubyman.
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25692]: pam_unix(su:session): session closed for user rubyman
May  7 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346786.
May  7 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: Failed password for invalid user user from 42.51.3.33 port 30121 ssh2
May  7 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25580]: Connection closed by 42.51.3.33 port 30121 [preauth]
May  7 12:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Invalid user user from 42.51.3.33
May  7 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: input_userauth_request: invalid user user [preauth]
May  7 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22397]: pam_unix(cron:session): session closed for user root
May  7 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user samftp
May  7 12:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Failed password for invalid user user from 42.51.3.33 port 30122 ssh2
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25811]: Connection closed by 42.51.3.33 port 30122 [preauth]
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Invalid user blockchain from 196.251.84.225
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: input_userauth_request: invalid user blockchain [preauth]
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Invalid user user from 42.51.3.33
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: input_userauth_request: invalid user user [preauth]
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Failed password for invalid user blockchain from 196.251.84.225 port 55328 ssh2
May  7 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25891]: Connection closed by 196.251.84.225 port 55328 [preauth]
May  7 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Failed password for invalid user user from 42.51.3.33 port 30123 ssh2
May  7 12:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25925]: Connection closed by 42.51.3.33 port 30123 [preauth]
May  7 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: Invalid user user from 42.51.3.33
May  7 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: input_userauth_request: invalid user user [preauth]
May  7 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: Failed password for invalid user user from 42.51.3.33 port 30124 ssh2
May  7 12:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: Connection closed by 42.51.3.33 port 30124 [preauth]
May  7 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Invalid user user from 42.51.3.33
May  7 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: input_userauth_request: invalid user user [preauth]
May  7 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Failed password for invalid user user from 42.51.3.33 port 30125 ssh2
May  7 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Connection closed by 42.51.3.33 port 30125 [preauth]
May  7 12:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: Invalid user user from 42.51.3.33
May  7 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: input_userauth_request: invalid user user [preauth]
May  7 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: Failed password for invalid user user from 42.51.3.33 port 30126 ssh2
May  7 12:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25963]: Connection closed by 42.51.3.33 port 30126 [preauth]
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Invalid user user from 42.51.3.33
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: input_userauth_request: invalid user user [preauth]
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Invalid user cloud from 64.23.161.151
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: input_userauth_request: invalid user cloud [preauth]
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Failed password for invalid user cloud from 64.23.161.151 port 59006 ssh2
May  7 12:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Connection closed by 64.23.161.151 port 59006 [preauth]
May  7 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Failed password for invalid user user from 42.51.3.33 port 30127 ssh2
May  7 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25973]: Connection closed by 42.51.3.33 port 30127 [preauth]
May  7 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: Invalid user user from 42.51.3.33
May  7 12:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: input_userauth_request: invalid user user [preauth]
May  7 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: Failed password for invalid user user from 42.51.3.33 port 30128 ssh2
May  7 12:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25977]: Connection closed by 42.51.3.33 port 30128 [preauth]
May  7 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: Invalid user user from 42.51.3.33
May  7 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: input_userauth_request: invalid user user [preauth]
May  7 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: Failed password for invalid user user from 42.51.3.33 port 30129 ssh2
May  7 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25989]: Connection closed by 42.51.3.33 port 30129 [preauth]
May  7 12:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: Invalid user user from 42.51.3.33
May  7 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: input_userauth_request: invalid user user [preauth]
May  7 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Failed password for root from 218.92.0.221 port 43010 ssh2
May  7 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: Failed password for invalid user user from 42.51.3.33 port 30130 ssh2
May  7 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26005]: Connection closed by 42.51.3.33 port 30130 [preauth]
May  7 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Failed password for root from 218.92.0.221 port 43010 ssh2
May  7 12:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Invalid user user from 42.51.3.33
May  7 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: input_userauth_request: invalid user user [preauth]
May  7 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Failed password for root from 218.92.0.221 port 43010 ssh2
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Received disconnect from 218.92.0.221 port 43010:11:  [preauth]
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: Disconnected from 218.92.0.221 port 43010 [preauth]
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25991]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Failed password for invalid user user from 42.51.3.33 port 30131 ssh2
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26017]: Connection closed by 42.51.3.33 port 30131 [preauth]
May  7 12:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: Invalid user amanda from 196.251.84.225
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: input_userauth_request: invalid user amanda [preauth]
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Invalid user user from 42.51.3.33
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: input_userauth_request: invalid user user [preauth]
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Invalid user prueba from 80.94.95.115
May  7 12:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: input_userauth_request: invalid user prueba [preauth]
May  7 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session closed for user root
May  7 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: Failed password for invalid user amanda from 196.251.84.225 port 37432 ssh2
May  7 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26026]: Connection closed by 196.251.84.225 port 37432 [preauth]
May  7 12:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Failed password for invalid user user from 42.51.3.33 port 30132 ssh2
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26032]: Connection closed by 42.51.3.33 port 30132 [preauth]
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Failed password for invalid user prueba from 80.94.95.115 port 26774 ssh2
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Connection closed by 80.94.95.115 port 26774 [preauth]
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Invalid user user from 42.51.3.33
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: input_userauth_request: invalid user user [preauth]
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Failed password for invalid user user from 42.51.3.33 port 30133 ssh2
May  7 12:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26058]: Connection closed by 42.51.3.33 port 30133 [preauth]
May  7 12:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Invalid user user from 42.51.3.33
May  7 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: input_userauth_request: invalid user user [preauth]
May  7 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Failed password for invalid user user from 42.51.3.33 port 30134 ssh2
May  7 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26069]: Connection closed by 42.51.3.33 port 30134 [preauth]
May  7 12:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: Invalid user user from 42.51.3.33
May  7 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: input_userauth_request: invalid user user [preauth]
May  7 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: Failed password for invalid user user from 42.51.3.33 port 30135 ssh2
May  7 12:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26071]: Connection closed by 42.51.3.33 port 30135 [preauth]
May  7 12:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Invalid user user from 42.51.3.33
May  7 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: input_userauth_request: invalid user user [preauth]
May  7 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Failed password for invalid user user from 42.51.3.33 port 30136 ssh2
May  7 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26096]: Connection closed by 42.51.3.33 port 30136 [preauth]
May  7 12:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Invalid user user from 42.51.3.33
May  7 12:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: input_userauth_request: invalid user user [preauth]
May  7 12:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Failed password for invalid user user from 42.51.3.33 port 30137 ssh2
May  7 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26106]: Connection closed by 42.51.3.33 port 30137 [preauth]
May  7 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Invalid user user from 42.51.3.33
May  7 12:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: input_userauth_request: invalid user user [preauth]
May  7 12:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Failed password for invalid user user from 42.51.3.33 port 30138 ssh2
May  7 12:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Connection closed by 42.51.3.33 port 30138 [preauth]
May  7 12:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Invalid user user from 42.51.3.33
May  7 12:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: input_userauth_request: invalid user user [preauth]
May  7 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Failed password for invalid user user from 42.51.3.33 port 30139 ssh2
May  7 12:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26119]: Connection closed by 42.51.3.33 port 30139 [preauth]
May  7 12:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Invalid user user from 42.51.3.33
May  7 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: input_userauth_request: invalid user user [preauth]
May  7 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Failed password for invalid user user from 42.51.3.33 port 30140 ssh2
May  7 12:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26121]: Connection closed by 42.51.3.33 port 30140 [preauth]
May  7 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Invalid user user from 42.51.3.33
May  7 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: input_userauth_request: invalid user user [preauth]
May  7 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Failed password for root from 196.251.84.225 port 50606 ssh2
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26138]: pam_unix(cron:session): session closed for user p13x
May  7 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26132]: Connection closed by 196.251.84.225 port 50606 [preauth]
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: Successful su for rubyman by root
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: + ??? root:rubyman
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346790 of user rubyman.
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26197]: pam_unix(su:session): session closed for user rubyman
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346790.
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Failed password for invalid user user from 42.51.3.33 port 30141 ssh2
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26135]: Connection closed by 42.51.3.33 port 30141 [preauth]
May  7 12:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Invalid user user from 42.51.3.33
May  7 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: input_userauth_request: invalid user user [preauth]
May  7 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22895]: pam_unix(cron:session): session closed for user root
May  7 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Failed password for invalid user user from 42.51.3.33 port 30142 ssh2
May  7 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26233]: Connection closed by 42.51.3.33 port 30142 [preauth]
May  7 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: Invalid user user from 42.51.3.33
May  7 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: input_userauth_request: invalid user user [preauth]
May  7 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26139]: pam_unix(cron:session): session closed for user samftp
May  7 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: Failed password for invalid user user from 42.51.3.33 port 30143 ssh2
May  7 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26366]: Connection closed by 42.51.3.33 port 30143 [preauth]
May  7 12:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Invalid user user from 42.51.3.33
May  7 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: input_userauth_request: invalid user user [preauth]
May  7 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for invalid user user from 42.51.3.33 port 30144 ssh2
May  7 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Connection closed by 42.51.3.33 port 30144 [preauth]
May  7 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Invalid user user from 42.51.3.33
May  7 12:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: input_userauth_request: invalid user user [preauth]
May  7 12:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Failed password for invalid user user from 42.51.3.33 port 30145 ssh2
May  7 12:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26395]: Connection closed by 42.51.3.33 port 30145 [preauth]
May  7 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: Invalid user user from 42.51.3.33
May  7 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: input_userauth_request: invalid user user [preauth]
May  7 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: Failed password for invalid user user from 42.51.3.33 port 30146 ssh2
May  7 12:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26411]: Connection closed by 42.51.3.33 port 30146 [preauth]
May  7 12:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: Invalid user user from 42.51.3.33
May  7 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: input_userauth_request: invalid user user [preauth]
May  7 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: Failed password for invalid user user from 42.51.3.33 port 30147 ssh2
May  7 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26433]: Connection closed by 42.51.3.33 port 30147 [preauth]
May  7 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: Invalid user user from 42.51.3.33
May  7 12:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: input_userauth_request: invalid user user [preauth]
May  7 12:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: Failed password for invalid user user from 42.51.3.33 port 30148 ssh2
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26442]: Connection closed by 42.51.3.33 port 30148 [preauth]
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Invalid user user from 42.51.3.33
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: input_userauth_request: invalid user user [preauth]
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Failed password for root from 115.78.4.182 port 32948 ssh2
May  7 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Received disconnect from 115.78.4.182 port 32948:11: Bye Bye [preauth]
May  7 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Disconnected from 115.78.4.182 port 32948 [preauth]
May  7 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Failed password for invalid user user from 42.51.3.33 port 30149 ssh2
May  7 12:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26447]: Connection closed by 42.51.3.33 port 30149 [preauth]
May  7 12:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Invalid user user from 42.51.3.33
May  7 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: input_userauth_request: invalid user user [preauth]
May  7 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Invalid user steam from 196.251.84.225
May  7 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: input_userauth_request: invalid user steam [preauth]
May  7 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Failed password for invalid user steam from 196.251.84.225 port 38948 ssh2
May  7 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26545]: Connection closed by 196.251.84.225 port 38948 [preauth]
May  7 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Failed password for invalid user user from 42.51.3.33 port 30150 ssh2
May  7 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26547]: Connection closed by 42.51.3.33 port 30150 [preauth]
May  7 12:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Invalid user user from 42.51.3.33
May  7 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: input_userauth_request: invalid user user [preauth]
May  7 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25112]: pam_unix(cron:session): session closed for user root
May  7 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Failed password for invalid user user from 42.51.3.33 port 30151 ssh2
May  7 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26558]: Connection closed by 42.51.3.33 port 30151 [preauth]
May  7 12:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Invalid user user from 42.51.3.33
May  7 12:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: input_userauth_request: invalid user user [preauth]
May  7 12:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Failed password for invalid user user from 42.51.3.33 port 30152 ssh2
May  7 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26579]: Connection closed by 42.51.3.33 port 30152 [preauth]
May  7 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: Invalid user user from 42.51.3.33
May  7 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: input_userauth_request: invalid user user [preauth]
May  7 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: Failed password for invalid user user from 42.51.3.33 port 30153 ssh2
May  7 12:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26591]: Connection closed by 42.51.3.33 port 30153 [preauth]
May  7 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: Invalid user user from 42.51.3.33
May  7 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: input_userauth_request: invalid user user [preauth]
May  7 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: Failed password for invalid user user from 42.51.3.33 port 30154 ssh2
May  7 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26601]: Connection closed by 42.51.3.33 port 30154 [preauth]
May  7 12:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Invalid user user from 42.51.3.33
May  7 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: input_userauth_request: invalid user user [preauth]
May  7 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.3.33
May  7 12:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Failed password for invalid user user from 42.51.3.33 port 30155 ssh2
May  7 12:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26616]: Connection closed by 42.51.3.33 port 30155 [preauth]
May  7 12:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: Invalid user samba from 196.251.84.225
May  7 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: input_userauth_request: invalid user samba [preauth]
May  7 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: Failed password for invalid user samba from 196.251.84.225 port 38664 ssh2
May  7 12:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26634]: Connection closed by 196.251.84.225 port 38664 [preauth]
May  7 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26645]: pam_unix(cron:session): session closed for user p13x
May  7 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26711]: Successful su for rubyman by root
May  7 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26711]: + ??? root:rubyman
May  7 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346793 of user rubyman.
May  7 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26711]: pam_unix(su:session): session closed for user rubyman
May  7 12:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346793.
May  7 12:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session closed for user root
May  7 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26646]: pam_unix(cron:session): session closed for user samftp
May  7 12:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Invalid user ftpuser from 196.251.84.225
May  7 12:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: input_userauth_request: invalid user ftpuser [preauth]
May  7 12:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Failed password for invalid user ftpuser from 196.251.84.225 port 56892 ssh2
May  7 12:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26994]: Connection closed by 196.251.84.225 port 56892 [preauth]
May  7 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user root
May  7 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Invalid user maksym from 143.198.153.43
May  7 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: input_userauth_request: invalid user maksym [preauth]
May  7 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Failed password for invalid user maksym from 143.198.153.43 port 52668 ssh2
May  7 12:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Received disconnect from 143.198.153.43 port 52668:11: Bye Bye [preauth]
May  7 12:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27105]: Disconnected from 143.198.153.43 port 52668 [preauth]
May  7 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: input_userauth_request: invalid user uucp [preauth]
May  7 12:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27127]: pam_unix(cron:session): session closed for user root
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27122]: pam_unix(cron:session): session closed for user p13x
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27199]: Successful su for rubyman by root
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27199]: + ??? root:rubyman
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346799 of user rubyman.
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27199]: pam_unix(su:session): session closed for user rubyman
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346799.
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Failed password for invalid user uucp from 196.251.84.225 port 47262 ssh2
May  7 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27118]: Connection closed by 196.251.84.225 port 47262 [preauth]
May  7 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27124]: pam_unix(cron:session): session closed for user root
May  7 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24043]: pam_unix(cron:session): session closed for user root
May  7 12:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27123]: pam_unix(cron:session): session closed for user samftp
May  7 12:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: input_userauth_request: invalid user www-data [preauth]
May  7 12:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Failed password for invalid user www-data from 196.251.84.225 port 42900 ssh2
May  7 12:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Connection closed by 196.251.84.225 port 42900 [preauth]
May  7 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26141]: pam_unix(cron:session): session closed for user root
May  7 12:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Invalid user sd from 189.3.191.89
May  7 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: input_userauth_request: invalid user sd [preauth]
May  7 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Failed password for invalid user sd from 189.3.191.89 port 38388 ssh2
May  7 12:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Received disconnect from 189.3.191.89 port 38388:11: Bye Bye [preauth]
May  7 12:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Disconnected from 189.3.191.89 port 38388 [preauth]
May  7 12:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Invalid user amp from 196.251.84.225
May  7 12:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: input_userauth_request: invalid user amp [preauth]
May  7 12:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Failed password for invalid user amp from 196.251.84.225 port 33668 ssh2
May  7 12:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Connection closed by 196.251.84.225 port 33668 [preauth]
May  7 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session closed for user p13x
May  7 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: Successful su for rubyman by root
May  7 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: + ??? root:rubyman
May  7 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346802 of user rubyman.
May  7 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27712]: pam_unix(su:session): session closed for user rubyman
May  7 12:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346802.
May  7 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session closed for user root
May  7 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session closed for user samftp
May  7 12:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: Invalid user oscar from 196.251.84.225
May  7 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: input_userauth_request: invalid user oscar [preauth]
May  7 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27959]: Connection closed by 47.236.102.233 port 53834 [preauth]
May  7 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: Failed password for invalid user oscar from 196.251.84.225 port 51476 ssh2
May  7 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27957]: Connection closed by 196.251.84.225 port 51476 [preauth]
May  7 12:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26648]: pam_unix(cron:session): session closed for user root
May  7 12:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28000]: Did not receive identification string from 80.64.18.84
May  7 12:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Invalid user amandabackup from 196.251.84.225
May  7 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: input_userauth_request: invalid user amandabackup [preauth]
May  7 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Failed password for invalid user amandabackup from 196.251.84.225 port 39324 ssh2
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28063]: pam_unix(cron:session): session closed for user p13x
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: Successful su for rubyman by root
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: + ??? root:rubyman
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346806 of user rubyman.
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28121]: pam_unix(su:session): session closed for user rubyman
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346806.
May  7 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28051]: Connection closed by 196.251.84.225 port 39324 [preauth]
May  7 12:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25111]: pam_unix(cron:session): session closed for user root
May  7 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28064]: pam_unix(cron:session): session closed for user samftp
May  7 12:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 12:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Failed password for root from 80.94.95.125 port 47971 ssh2
May  7 12:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Failed password for root from 80.94.95.125 port 47971 ssh2
May  7 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Failed password for root from 80.94.95.125 port 47971 ssh2
May  7 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Invalid user cloudera from 80.94.95.29
May  7 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: input_userauth_request: invalid user cloudera [preauth]
May  7 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Failed password for root from 80.94.95.125 port 47971 ssh2
May  7 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user cloudera from 80.94.95.29 port 63829 ssh2
May  7 12:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Failed password for root from 80.94.95.125 port 47971 ssh2
May  7 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Received disconnect from 80.94.95.125 port 47971:11: Bye [preauth]
May  7 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: Disconnected from 80.94.95.125 port 47971 [preauth]
May  7 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 12:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28317]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user cloudera from 80.94.95.29 port 63829 ssh2
May  7 12:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Invalid user ec2-user from 196.251.84.225
May  7 12:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: input_userauth_request: invalid user ec2-user [preauth]
May  7 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user cloudera from 80.94.95.29 port 63829 ssh2
May  7 12:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for invalid user ec2-user from 196.251.84.225 port 49012 ssh2
May  7 12:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Connection closed by 196.251.84.225 port 49012 [preauth]
May  7 12:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user cloudera from 80.94.95.29 port 63829 ssh2
May  7 12:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Failed password for invalid user cloudera from 80.94.95.29 port 63829 ssh2
May  7 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Received disconnect from 80.94.95.29 port 63829:11: Bye [preauth]
May  7 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: Disconnected from 80.94.95.29 port 63829 [preauth]
May  7 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.29
May  7 12:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28341]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 12:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27126]: pam_unix(cron:session): session closed for user root
May  7 12:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: input_userauth_request: invalid user mysql [preauth]
May  7 12:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  7 12:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: Failed password for invalid user mysql from 196.251.84.225 port 37288 ssh2
May  7 12:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28456]: Connection closed by 196.251.84.225 port 37288 [preauth]
May  7 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28477]: pam_unix(cron:session): session closed for user p13x
May  7 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28541]: Successful su for rubyman by root
May  7 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28541]: + ??? root:rubyman
May  7 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346812 of user rubyman.
May  7 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28541]: pam_unix(su:session): session closed for user rubyman
May  7 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346812.
May  7 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user root
May  7 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28478]: pam_unix(cron:session): session closed for user samftp
May  7 12:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: input_userauth_request: invalid user uucp [preauth]
May  7 12:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  7 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Failed password for invalid user uucp from 196.251.84.225 port 36830 ssh2
May  7 12:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28756]: Connection closed by 196.251.84.225 port 36830 [preauth]
May  7 12:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 12:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Failed password for root from 123.140.114.196 port 39594 ssh2
May  7 12:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Received disconnect from 123.140.114.196 port 39594:11: Bye Bye [preauth]
May  7 12:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28767]: Disconnected from 123.140.114.196 port 39594 [preauth]
May  7 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session closed for user root
May  7 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Invalid user tom from 196.251.84.225
May  7 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: input_userauth_request: invalid user tom [preauth]
May  7 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Failed password for invalid user tom from 196.251.84.225 port 49328 ssh2
May  7 12:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28860]: Connection closed by 196.251.84.225 port 49328 [preauth]
May  7 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28892]: pam_unix(cron:session): session closed for user p13x
May  7 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: Successful su for rubyman by root
May  7 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: + ??? root:rubyman
May  7 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346814 of user rubyman.
May  7 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28958]: pam_unix(su:session): session closed for user rubyman
May  7 12:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346814.
May  7 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26140]: pam_unix(cron:session): session closed for user root
May  7 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28893]: pam_unix(cron:session): session closed for user samftp
May  7 12:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Invalid user sftpuser from 115.78.4.182
May  7 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: input_userauth_request: invalid user sftpuser [preauth]
May  7 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 12:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Failed password for invalid user sftpuser from 115.78.4.182 port 41000 ssh2
May  7 12:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Received disconnect from 115.78.4.182 port 41000:11: Bye Bye [preauth]
May  7 12:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29238]: Disconnected from 115.78.4.182 port 41000 [preauth]
May  7 12:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Invalid user ds from 196.251.84.225
May  7 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: input_userauth_request: invalid user ds [preauth]
May  7 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Failed password for invalid user ds from 196.251.84.225 port 45688 ssh2
May  7 12:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29268]: Connection closed by 196.251.84.225 port 45688 [preauth]
May  7 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28066]: pam_unix(cron:session): session closed for user root
May  7 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Invalid user sheller from 143.198.153.43
May  7 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: input_userauth_request: invalid user sheller [preauth]
May  7 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Failed password for invalid user sheller from 143.198.153.43 port 41132 ssh2
May  7 12:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Received disconnect from 143.198.153.43 port 41132:11: Bye Bye [preauth]
May  7 12:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29338]: Disconnected from 143.198.153.43 port 41132 [preauth]
May  7 12:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Invalid user drupal from 196.251.84.225
May  7 12:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: input_userauth_request: invalid user drupal [preauth]
May  7 12:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Failed password for invalid user drupal from 196.251.84.225 port 60878 ssh2
May  7 12:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29351]: Connection closed by 196.251.84.225 port 60878 [preauth]
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29410]: pam_unix(cron:session): session closed for user root
May  7 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session closed for user p13x
May  7 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29476]: Successful su for rubyman by root
May  7 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29476]: + ??? root:rubyman
May  7 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346820 of user rubyman.
May  7 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29476]: pam_unix(su:session): session closed for user rubyman
May  7 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346820.
May  7 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29407]: pam_unix(cron:session): session closed for user root
May  7 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26647]: pam_unix(cron:session): session closed for user root
May  7 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session closed for user samftp
May  7 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Invalid user ctrltech from 64.23.161.151
May  7 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: input_userauth_request: invalid user ctrltech [preauth]
May  7 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 12:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Failed password for invalid user ctrltech from 64.23.161.151 port 44006 ssh2
May  7 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29692]: Connection closed by 64.23.161.151 port 44006 [preauth]
May  7 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Invalid user admin from 196.251.84.225
May  7 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: input_userauth_request: invalid user admin [preauth]
May  7 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Failed password for root from 218.92.0.210 port 65108 ssh2
May  7 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Failed password for invalid user admin from 196.251.84.225 port 39116 ssh2
May  7 12:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29695]: Connection closed by 196.251.84.225 port 39116 [preauth]
May  7 12:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29691]: Failed password for root from 218.92.0.210 port 65108 ssh2
May  7 12:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 12:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Failed password for root from 218.92.0.210 port 15490 ssh2
May  7 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Failed password for root from 218.92.0.210 port 15490 ssh2
May  7 12:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28481]: pam_unix(cron:session): session closed for user root
May  7 12:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for root from 196.251.84.225 port 36526 ssh2
May  7 12:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Connection closed by 196.251.84.225 port 36526 [preauth]
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29852]: pam_unix(cron:session): session closed for user p13x
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: Successful su for rubyman by root
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: + ??? root:rubyman
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346825 of user rubyman.
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29922]: pam_unix(su:session): session closed for user rubyman
May  7 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346825.
May  7 12:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Invalid user madsonic from 196.251.84.225
May  7 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: input_userauth_request: invalid user madsonic [preauth]
May  7 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27125]: pam_unix(cron:session): session closed for user root
May  7 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29853]: pam_unix(cron:session): session closed for user samftp
May  7 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Failed password for invalid user madsonic from 196.251.84.225 port 49830 ssh2
May  7 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30030]: Connection closed by 196.251.84.225 port 49830 [preauth]
May  7 12:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Invalid user habib from 189.3.191.89
May  7 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: input_userauth_request: invalid user habib [preauth]
May  7 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Failed password for invalid user habib from 189.3.191.89 port 42294 ssh2
May  7 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Received disconnect from 189.3.191.89 port 42294:11: Bye Bye [preauth]
May  7 12:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30141]: Disconnected from 189.3.191.89 port 42294 [preauth]
May  7 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Invalid user dolphinscheduler from 196.251.84.225
May  7 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 51556 ssh2
May  7 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28896]: pam_unix(cron:session): session closed for user root
May  7 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30181]: Connection closed by 196.251.84.225 port 51556 [preauth]
May  7 12:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30259]: pam_unix(cron:session): session closed for user p13x
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: Successful su for rubyman by root
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: + ??? root:rubyman
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346830 of user rubyman.
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30321]: pam_unix(su:session): session closed for user rubyman
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346830.
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Failed password for root from 196.251.84.225 port 41582 ssh2
May  7 12:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Connection closed by 196.251.84.225 port 41582 [preauth]
May  7 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session closed for user root
May  7 12:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30260]: pam_unix(cron:session): session closed for user samftp
May  7 12:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 12:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Failed password for root from 218.92.0.220 port 39526 ssh2
May  7 12:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Invalid user RPM from 194.0.234.16
May  7 12:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: input_userauth_request: invalid user RPM [preauth]
May  7 12:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Failed password for root from 218.92.0.220 port 39526 ssh2
May  7 12:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  7 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Failed password for root from 218.92.0.220 port 39526 ssh2
May  7 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Received disconnect from 218.92.0.220 port 39526:11:  [preauth]
May  7 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: Disconnected from 218.92.0.220 port 39526 [preauth]
May  7 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30517]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Failed password for invalid user RPM from 194.0.234.16 port 16766 ssh2
May  7 12:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30526]: Connection closed by 194.0.234.16 port 16766 [preauth]
May  7 12:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: Invalid user arkserver from 196.251.84.225
May  7 12:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: input_userauth_request: invalid user arkserver [preauth]
May  7 12:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: Failed password for invalid user arkserver from 196.251.84.225 port 32868 ssh2
May  7 12:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30570]: Connection closed by 196.251.84.225 port 32868 [preauth]
May  7 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29409]: pam_unix(cron:session): session closed for user root
May  7 12:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 12:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: Failed password for root from 218.92.0.226 port 12398 ssh2
May  7 12:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 12398 ssh2]
May  7 12:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: Received disconnect from 218.92.0.226 port 12398:11:  [preauth]
May  7 12:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: Disconnected from 218.92.0.226 port 12398 [preauth]
May  7 12:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30610]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 12:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Invalid user tomcat from 196.251.84.225
May  7 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: input_userauth_request: invalid user tomcat [preauth]
May  7 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Failed password for invalid user tomcat from 196.251.84.225 port 50680 ssh2
May  7 12:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30650]: Connection closed by 196.251.84.225 port 50680 [preauth]
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session closed for user p13x
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30734]: Successful su for rubyman by root
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30734]: + ??? root:rubyman
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346832 of user rubyman.
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30734]: pam_unix(su:session): session closed for user rubyman
May  7 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346832.
May  7 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28065]: pam_unix(cron:session): session closed for user root
May  7 12:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session closed for user samftp
May  7 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 12:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for root from 218.92.0.219 port 34960 ssh2
May  7 12:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 34960 ssh2]
May  7 12:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Received disconnect from 218.92.0.219 port 34960:11:  [preauth]
May  7 12:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Disconnected from 218.92.0.219 port 34960 [preauth]
May  7 12:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 12:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 12:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: Failed password for root from 218.92.0.219 port 34968 ssh2
May  7 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 34968 ssh2]
May  7 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: Received disconnect from 218.92.0.219 port 34968:11:  [preauth]
May  7 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: Disconnected from 218.92.0.219 port 34968 [preauth]
May  7 12:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Invalid user palworld from 196.251.84.225
May  7 12:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: input_userauth_request: invalid user palworld [preauth]
May  7 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Failed password for invalid user palworld from 196.251.84.225 port 59082 ssh2
May  7 12:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31036]: Connection closed by 196.251.84.225 port 59082 [preauth]
May  7 12:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for root from 218.92.0.219 port 10666 ssh2
May  7 12:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 10666 ssh2]
May  7 12:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Received disconnect from 218.92.0.219 port 10666:11:  [preauth]
May  7 12:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Disconnected from 218.92.0.219 port 10666 [preauth]
May  7 12:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 12:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29856]: pam_unix(cron:session): session closed for user root
May  7 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Invalid user ubuntu from 196.251.84.225
May  7 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: input_userauth_request: invalid user ubuntu [preauth]
May  7 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for invalid user ubuntu from 196.251.84.225 port 38804 ssh2
May  7 12:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Connection closed by 196.251.84.225 port 38804 [preauth]
May  7 12:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Failed password for root from 218.92.0.179 port 61755 ssh2
May  7 12:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61755 ssh2]
May  7 12:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Received disconnect from 218.92.0.179 port 61755:11:  [preauth]
May  7 12:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: Disconnected from 218.92.0.179 port 61755 [preauth]
May  7 12:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31157]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user p13x
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31239]: Successful su for rubyman by root
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31239]: + ??? root:rubyman
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346836 of user rubyman.
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31239]: pam_unix(su:session): session closed for user rubyman
May  7 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346836.
May  7 12:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28479]: pam_unix(cron:session): session closed for user root
May  7 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31181]: pam_unix(cron:session): session closed for user samftp
May  7 12:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Invalid user git from 196.251.84.225
May  7 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: input_userauth_request: invalid user git [preauth]
May  7 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Failed password for invalid user git from 196.251.84.225 port 42532 ssh2
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Invalid user kube from 143.198.153.43
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: input_userauth_request: invalid user kube [preauth]
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31462]: Connection closed by 196.251.84.225 port 42532 [preauth]
May  7 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Failed password for invalid user kube from 143.198.153.43 port 36648 ssh2
May  7 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Received disconnect from 143.198.153.43 port 36648:11: Bye Bye [preauth]
May  7 12:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31464]: Disconnected from 143.198.153.43 port 36648 [preauth]
May  7 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30262]: pam_unix(cron:session): session closed for user root
May  7 12:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Invalid user jito-validator from 196.251.84.225
May  7 12:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: input_userauth_request: invalid user jito-validator [preauth]
May  7 12:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Failed password for invalid user jito-validator from 196.251.84.225 port 60640 ssh2
May  7 12:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31561]: Connection closed by 196.251.84.225 port 60640 [preauth]
May  7 12:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Failed password for root from 115.78.4.182 port 49040 ssh2
May  7 12:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Received disconnect from 115.78.4.182 port 49040:11: Bye Bye [preauth]
May  7 12:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: Disconnected from 115.78.4.182 port 49040 [preauth]
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31600]: pam_unix(cron:session): session closed for user root
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session closed for user p13x
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: Successful su for rubyman by root
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: + ??? root:rubyman
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346842 of user rubyman.
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: pam_unix(su:session): session closed for user rubyman
May  7 12:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346842.
May  7 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28895]: pam_unix(cron:session): session closed for user root
May  7 12:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session closed for user root
May  7 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session closed for user samftp
May  7 12:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 12:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: Failed password for root from 196.251.84.225 port 57612 ssh2
May  7 12:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31945]: Connection closed by 196.251.84.225 port 57612 [preauth]
May  7 12:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.140.114.196  user=root
May  7 12:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Failed password for root from 123.140.114.196 port 45610 ssh2
May  7 12:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Received disconnect from 123.140.114.196 port 45610:11: Bye Bye [preauth]
May  7 12:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32036]: Disconnected from 123.140.114.196 port 45610 [preauth]
May  7 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30674]: pam_unix(cron:session): session closed for user root
May  7 12:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for root from 218.92.0.179 port 17384 ssh2
May  7 12:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for root from 218.92.0.179 port 17384 ssh2
May  7 12:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Failed password for root from 218.92.0.179 port 17384 ssh2
May  7 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Received disconnect from 218.92.0.179 port 17384:11:  [preauth]
May  7 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: Disconnected from 218.92.0.179 port 17384 [preauth]
May  7 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32243]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: Invalid user jack from 196.251.84.225
May  7 12:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: input_userauth_request: invalid user jack [preauth]
May  7 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: Failed password for invalid user jack from 196.251.84.225 port 33946 ssh2
May  7 12:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32284]: Connection closed by 196.251.84.225 port 33946 [preauth]
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user p13x
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32431]: Successful su for rubyman by root
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32431]: + ??? root:rubyman
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346846 of user rubyman.
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32431]: pam_unix(su:session): session closed for user rubyman
May  7 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346846.
May  7 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29408]: pam_unix(cron:session): session closed for user root
May  7 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user samftp
May  7 12:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: Invalid user user from 196.251.84.225
May  7 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: input_userauth_request: invalid user user [preauth]
May  7 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: Failed password for invalid user user from 196.251.84.225 port 54480 ssh2
May  7 12:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32745]: Connection closed by 196.251.84.225 port 54480 [preauth]
May  7 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31183]: pam_unix(cron:session): session closed for user root
May  7 12:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Invalid user sol from 196.251.84.225
May  7 12:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: input_userauth_request: invalid user sol [preauth]
May  7 12:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Failed password for invalid user sol from 196.251.84.225 port 50862 ssh2
May  7 12:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[415]: Connection closed by 196.251.84.225 port 50862 [preauth]
May  7 12:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Invalid user hang from 189.3.191.89
May  7 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: input_userauth_request: invalid user hang [preauth]
May  7 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Failed password for invalid user hang from 189.3.191.89 port 48084 ssh2
May  7 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Received disconnect from 189.3.191.89 port 48084:11: Bye Bye [preauth]
May  7 12:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[465]: Disconnected from 189.3.191.89 port 48084 [preauth]
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session closed for user p13x
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: Successful su for rubyman by root
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: + ??? root:rubyman
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346850 of user rubyman.
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: pam_unix(su:session): session closed for user rubyman
May  7 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346850.
May  7 12:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29855]: pam_unix(cron:session): session closed for user root
May  7 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[493]: pam_unix(cron:session): session closed for user samftp
May  7 12:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: Invalid user node from 196.251.84.225
May  7 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: input_userauth_request: invalid user node [preauth]
May  7 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: Failed password for invalid user node from 196.251.84.225 port 51950 ssh2
May  7 12:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[796]: Connection closed by 196.251.84.225 port 51950 [preauth]
May  7 12:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session closed for user root
May  7 12:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Invalid user guest from 196.251.84.225
May  7 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: input_userauth_request: invalid user guest [preauth]
May  7 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Failed password for invalid user guest from 196.251.84.225 port 36732 ssh2
May  7 12:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[892]: Connection closed by 196.251.84.225 port 36732 [preauth]
May  7 12:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Invalid user farshad from 64.23.161.151
May  7 12:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: input_userauth_request: invalid user farshad [preauth]
May  7 12:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 12:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Failed password for invalid user farshad from 64.23.161.151 port 37810 ssh2
May  7 12:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[944]: Connection closed by 64.23.161.151 port 37810 [preauth]
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[959]: pam_unix(cron:session): session closed for user p13x
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: Successful su for rubyman by root
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: + ??? root:rubyman
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346854 of user rubyman.
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1034]: pam_unix(su:session): session closed for user rubyman
May  7 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346854.
May  7 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  7 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Failed password for root from 186.96.145.241 port 53834 ssh2
May  7 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1100]: Connection closed by 186.96.145.241 port 53834 [preauth]
May  7 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30261]: pam_unix(cron:session): session closed for user root
May  7 12:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session closed for user samftp
May  7 12:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Invalid user grafana from 196.251.84.225
May  7 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: input_userauth_request: invalid user grafana [preauth]
May  7 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Invalid user clovis from 50.235.31.47
May  7 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: input_userauth_request: invalid user clovis [preauth]
May  7 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 12:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Failed password for invalid user grafana from 196.251.84.225 port 45860 ssh2
May  7 12:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1273]: Connection closed by 196.251.84.225 port 45860 [preauth]
May  7 12:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Failed password for invalid user clovis from 50.235.31.47 port 59402 ssh2
May  7 12:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Connection closed by 50.235.31.47 port 59402 [preauth]
May  7 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32350]: pam_unix(cron:session): session closed for user root
May  7 12:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Invalid user redis from 196.251.84.225
May  7 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: input_userauth_request: invalid user redis [preauth]
May  7 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Failed password for invalid user redis from 196.251.84.225 port 53846 ssh2
May  7 12:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Connection closed by 196.251.84.225 port 53846 [preauth]
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Invalid user t1 from 143.198.153.43
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: input_userauth_request: invalid user t1 [preauth]
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1460]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1459]: pam_unix(cron:session): session closed for user p13x
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: Successful su for rubyman by root
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: + ??? root:rubyman
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346859 of user rubyman.
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1520]: pam_unix(su:session): session closed for user rubyman
May  7 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346859.
May  7 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Failed password for invalid user t1 from 143.198.153.43 port 54284 ssh2
May  7 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Received disconnect from 143.198.153.43 port 54284:11: Bye Bye [preauth]
May  7 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Disconnected from 143.198.153.43 port 54284 [preauth]
May  7 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30673]: pam_unix(cron:session): session closed for user root
May  7 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1460]: pam_unix(cron:session): session closed for user samftp
May  7 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: Invalid user virtualbox from 196.251.84.225
May  7 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: input_userauth_request: invalid user virtualbox [preauth]
May  7 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: Failed password for invalid user virtualbox from 196.251.84.225 port 60260 ssh2
May  7 12:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: Connection closed by 196.251.84.225 port 60260 [preauth]
May  7 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[495]: pam_unix(cron:session): session closed for user root
May  7 12:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 12:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Invalid user opc from 196.251.84.225
May  7 12:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: input_userauth_request: invalid user opc [preauth]
May  7 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): check pass; user unknown
May  7 12:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Failed password for invalid user opc from 196.251.84.225 port 53890 ssh2
May  7 12:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Connection closed by 196.251.84.225 port 53890 [preauth]
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1971]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1985]: pam_unix(cron:session): session closed for user root
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1979]: pam_unix(cron:session): session closed for user root
May  7 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1971]: pam_unix(cron:session): session closed for user p13x
May  7 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: Successful su for rubyman by root
May  7 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: + ??? root:rubyman
May  7 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346866 of user rubyman.
May  7 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2102]: pam_unix(su:session): session closed for user rubyman
May  7 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346866.
May  7 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1981]: pam_unix(cron:session): session closed for user root
May  7 13:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31182]: pam_unix(cron:session): session closed for user root
May  7 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1973]: pam_unix(cron:session): session closed for user samftp
May  7 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Invalid user apache from 196.251.84.225
May  7 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: input_userauth_request: invalid user apache [preauth]
May  7 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Failed password for invalid user apache from 196.251.84.225 port 38042 ssh2
May  7 13:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Connection closed by 196.251.84.225 port 38042 [preauth]
May  7 13:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Invalid user kapil from 115.78.4.182
May  7 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: input_userauth_request: invalid user kapil [preauth]
May  7 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Failed password for invalid user kapil from 115.78.4.182 port 57100 ssh2
May  7 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Received disconnect from 115.78.4.182 port 57100:11: Bye Bye [preauth]
May  7 13:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2358]: Disconnected from 115.78.4.182 port 57100 [preauth]
May  7 13:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session closed for user root
May  7 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Invalid user factorio from 196.251.84.225
May  7 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: input_userauth_request: invalid user factorio [preauth]
May  7 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Failed password for invalid user factorio from 196.251.84.225 port 53334 ssh2
May  7 13:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2474]: Connection closed by 196.251.84.225 port 53334 [preauth]
May  7 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2537]: pam_unix(cron:session): session closed for user p13x
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: Successful su for rubyman by root
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: + ??? root:rubyman
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346869 of user rubyman.
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2617]: pam_unix(su:session): session closed for user rubyman
May  7 13:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346869.
May  7 13:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session closed for user root
May  7 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Invalid user zabbix from 196.251.84.225
May  7 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: input_userauth_request: invalid user zabbix [preauth]
May  7 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2538]: pam_unix(cron:session): session closed for user samftp
May  7 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Failed password for invalid user zabbix from 196.251.84.225 port 42038 ssh2
May  7 13:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2774]: Connection closed by 196.251.84.225 port 42038 [preauth]
May  7 13:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1462]: pam_unix(cron:session): session closed for user root
May  7 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: Invalid user wang from 196.251.84.225
May  7 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: input_userauth_request: invalid user wang [preauth]
May  7 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: Failed password for invalid user wang from 196.251.84.225 port 60208 ssh2
May  7 13:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2888]: Connection closed by 196.251.84.225 port 60208 [preauth]
May  7 13:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Invalid user hadoop from 196.251.84.225
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: input_userauth_request: invalid user hadoop [preauth]
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user p13x
May  7 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: Successful su for rubyman by root
May  7 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: + ??? root:rubyman
May  7 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346875 of user rubyman.
May  7 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3046]: pam_unix(su:session): session closed for user rubyman
May  7 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346875.
May  7 13:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Failed password for invalid user hadoop from 196.251.84.225 port 53718 ssh2
May  7 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Connection closed by 196.251.84.225 port 53718 [preauth]
May  7 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32349]: pam_unix(cron:session): session closed for user root
May  7 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user samftp
May  7 13:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 13:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: Failed password for root from 218.92.0.221 port 33938 ssh2
May  7 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 33938 ssh2]
May  7 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: Received disconnect from 218.92.0.221 port 33938:11:  [preauth]
May  7 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: Disconnected from 218.92.0.221 port 33938 [preauth]
May  7 13:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3244]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 13:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Invalid user admin from 196.251.84.225
May  7 13:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: input_userauth_request: invalid user admin [preauth]
May  7 13:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Failed password for invalid user admin from 196.251.84.225 port 53844 ssh2
May  7 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: Invalid user reelforge from 189.3.191.89
May  7 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: input_userauth_request: invalid user reelforge [preauth]
May  7 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3294]: Connection closed by 196.251.84.225 port 53844 [preauth]
May  7 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: Failed password for invalid user reelforge from 189.3.191.89 port 42648 ssh2
May  7 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: Received disconnect from 189.3.191.89 port 42648:11: Bye Bye [preauth]
May  7 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3304]: Disconnected from 189.3.191.89 port 42648 [preauth]
May  7 13:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1983]: pam_unix(cron:session): session closed for user root
May  7 13:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Invalid user lighthouse from 196.251.84.225
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: input_userauth_request: invalid user lighthouse [preauth]
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3401]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3401]: pam_unix(cron:session): session closed for user p13x
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3473]: Successful su for rubyman by root
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3473]: + ??? root:rubyman
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346877 of user rubyman.
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3473]: pam_unix(su:session): session closed for user rubyman
May  7 13:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346877.
May  7 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Failed password for invalid user lighthouse from 196.251.84.225 port 54344 ssh2
May  7 13:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3397]: Connection closed by 196.251.84.225 port 54344 [preauth]
May  7 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[494]: pam_unix(cron:session): session closed for user root
May  7 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session closed for user samftp
May  7 13:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: Invalid user redis from 196.251.84.225
May  7 13:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: input_userauth_request: invalid user redis [preauth]
May  7 13:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: Failed password for invalid user redis from 196.251.84.225 port 57714 ssh2
May  7 13:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3744]: Connection closed by 196.251.84.225 port 57714 [preauth]
May  7 13:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2541]: pam_unix(cron:session): session closed for user root
May  7 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Invalid user star from 143.198.153.43
May  7 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: input_userauth_request: invalid user star [preauth]
May  7 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 13:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Failed password for invalid user star from 143.198.153.43 port 51508 ssh2
May  7 13:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Received disconnect from 143.198.153.43 port 51508:11: Bye Bye [preauth]
May  7 13:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Disconnected from 143.198.153.43 port 51508 [preauth]
May  7 13:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Invalid user ds from 196.251.84.225
May  7 13:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: input_userauth_request: invalid user ds [preauth]
May  7 13:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Failed password for invalid user ds from 196.251.84.225 port 55204 ssh2
May  7 13:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3825]: Connection closed by 196.251.84.225 port 55204 [preauth]
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session closed for user p13x
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3900]: Successful su for rubyman by root
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3900]: + ??? root:rubyman
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346881 of user rubyman.
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3900]: pam_unix(su:session): session closed for user rubyman
May  7 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346881.
May  7 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session closed for user root
May  7 13:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session closed for user samftp
May  7 13:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 13:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: Failed password for root from 218.92.0.236 port 64776 ssh2
May  7 13:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 64776 ssh2]
May  7 13:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: Received disconnect from 218.92.0.236 port 64776:11:  [preauth]
May  7 13:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: Disconnected from 218.92.0.236 port 64776 [preauth]
May  7 13:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4118]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 13:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Invalid user hadoop from 196.251.84.225
May  7 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: input_userauth_request: invalid user hadoop [preauth]
May  7 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Failed password for invalid user hadoop from 196.251.84.225 port 52844 ssh2
May  7 13:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4182]: Connection closed by 196.251.84.225 port 52844 [preauth]
May  7 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Invalid user admin from 80.94.95.112
May  7 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: input_userauth_request: invalid user admin [preauth]
May  7 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user admin from 80.94.95.112 port 38027 ssh2
May  7 13:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user admin from 80.94.95.112 port 38027 ssh2
May  7 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user root
May  7 13:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user admin from 80.94.95.112 port 38027 ssh2
May  7 13:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user admin from 80.94.95.112 port 38027 ssh2
May  7 13:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Failed password for invalid user admin from 80.94.95.112 port 38027 ssh2
May  7 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Received disconnect from 80.94.95.112 port 38027:11: Bye [preauth]
May  7 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: Disconnected from 80.94.95.112 port 38027 [preauth]
May  7 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 13:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4184]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Invalid user solana from 196.251.84.225
May  7 13:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: input_userauth_request: invalid user solana [preauth]
May  7 13:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Failed password for invalid user solana from 196.251.84.225 port 40552 ssh2
May  7 13:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4292]: Connection closed by 196.251.84.225 port 40552 [preauth]
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4439]: pam_unix(cron:session): session closed for user root
May  7 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4429]: pam_unix(cron:session): session closed for user p13x
May  7 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: Successful su for rubyman by root
May  7 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: + ??? root:rubyman
May  7 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346886 of user rubyman.
May  7 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4514]: pam_unix(su:session): session closed for user rubyman
May  7 13:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346886.
May  7 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4432]: pam_unix(cron:session): session closed for user root
May  7 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1461]: pam_unix(cron:session): session closed for user root
May  7 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Invalid user  from 8.219.94.178
May  7 13:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: input_userauth_request: invalid user  [preauth]
May  7 13:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4430]: pam_unix(cron:session): session closed for user samftp
May  7 13:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Connection closed by 8.219.94.178 port 48550 [preauth]
May  7 13:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Invalid user test from 196.251.84.225
May  7 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: input_userauth_request: invalid user test [preauth]
May  7 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Failed password for invalid user test from 196.251.84.225 port 51658 ssh2
May  7 13:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4770]: Connection closed by 196.251.84.225 port 51658 [preauth]
May  7 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: Invalid user night from 46.244.96.25
May  7 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: input_userauth_request: invalid user night [preauth]
May  7 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 13:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session closed for user root
May  7 13:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: Failed password for invalid user night from 46.244.96.25 port 34870 ssh2
May  7 13:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4796]: Connection closed by 46.244.96.25 port 34870 [preauth]
May  7 13:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Invalid user keyvan from 64.23.161.151
May  7 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: input_userauth_request: invalid user keyvan [preauth]
May  7 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Failed password for invalid user keyvan from 64.23.161.151 port 38584 ssh2
May  7 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4872]: Connection closed by 64.23.161.151 port 38584 [preauth]
May  7 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for root from 190.103.202.7 port 43672 ssh2
May  7 13:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Connection closed by 190.103.202.7 port 43672 [preauth]
May  7 13:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 13:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: Failed password for root from 115.78.4.182 port 36912 ssh2
May  7 13:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: Received disconnect from 115.78.4.182 port 36912:11: Bye Bye [preauth]
May  7 13:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4884]: Disconnected from 115.78.4.182 port 36912 [preauth]
May  7 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: Invalid user steam from 196.251.84.225
May  7 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: input_userauth_request: invalid user steam [preauth]
May  7 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: Failed password for invalid user steam from 196.251.84.225 port 56708 ssh2
May  7 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Invalid user > from 195.178.110.50
May  7 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: input_userauth_request: invalid user > [preauth]
May  7 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4896]: Connection closed by 196.251.84.225 port 56708 [preauth]
May  7 13:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Failed password for invalid user > from 195.178.110.50 port 43064 ssh2
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session closed for user p13x
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4985]: Successful su for rubyman by root
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4985]: + ??? root:rubyman
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346893 of user rubyman.
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4985]: pam_unix(su:session): session closed for user rubyman
May  7 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346893.
May  7 13:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Connection closed by 195.178.110.50 port 43064 [preauth]
May  7 13:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1982]: pam_unix(cron:session): session closed for user root
May  7 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4909]: pam_unix(cron:session): session closed for user samftp
May  7 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Invalid user K from 195.178.110.50
May  7 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: input_userauth_request: invalid user K [preauth]
May  7 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Failed password for invalid user K from 195.178.110.50 port 56834 ssh2
May  7 13:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5284]: Connection closed by 195.178.110.50 port 56834 [preauth]
May  7 13:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Invalid user tom from 196.251.84.225
May  7 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: input_userauth_request: invalid user tom [preauth]
May  7 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Failed password for invalid user tom from 196.251.84.225 port 37254 ssh2
May  7 13:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: Connection closed by 196.251.84.225 port 37254 [preauth]
May  7 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: Invalid user X from 195.178.110.50
May  7 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: input_userauth_request: invalid user X [preauth]
May  7 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session closed for user root
May  7 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: Failed password for invalid user X from 195.178.110.50 port 44292 ssh2
May  7 13:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5398]: Connection closed by 195.178.110.50 port 44292 [preauth]
May  7 13:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Invalid user e from 195.178.110.50
May  7 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: input_userauth_request: invalid user e [preauth]
May  7 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Invalid user steam from 196.251.84.225
May  7 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: input_userauth_request: invalid user steam [preauth]
May  7 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Failed password for invalid user e from 195.178.110.50 port 2112 ssh2
May  7 13:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Failed password for invalid user steam from 196.251.84.225 port 38148 ssh2
May  7 13:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5518]: Connection closed by 196.251.84.225 port 38148 [preauth]
May  7 13:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Connection closed by 195.178.110.50 port 2112 [preauth]
May  7 13:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5554]: pam_unix(cron:session): session closed for user p13x
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: Successful su for rubyman by root
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: + ??? root:rubyman
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346897 of user rubyman.
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5652]: pam_unix(su:session): session closed for user rubyman
May  7 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346897.
May  7 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2539]: pam_unix(cron:session): session closed for user root
May  7 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5556]: pam_unix(cron:session): session closed for user samftp
May  7 13:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Invalid user r from 195.178.110.50
May  7 13:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: input_userauth_request: invalid user r [preauth]
May  7 13:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user r from 195.178.110.50 port 6676 ssh2
May  7 13:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Connection closed by 195.178.110.50 port 6676 [preauth]
May  7 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Invalid user testuser from 196.251.84.225
May  7 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: input_userauth_request: invalid user testuser [preauth]
May  7 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Failed password for invalid user testuser from 196.251.84.225 port 54772 ssh2
May  7 13:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5961]: Connection closed by 196.251.84.225 port 54772 [preauth]
May  7 13:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4438]: pam_unix(cron:session): session closed for user root
May  7 13:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 13:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: input_userauth_request: invalid user www-data [preauth]
May  7 13:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: Failed password for invalid user www-data from 196.251.84.225 port 54640 ssh2
May  7 13:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6066]: Connection closed by 196.251.84.225 port 54640 [preauth]
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session closed for user p13x
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: Successful su for rubyman by root
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: + ??? root:rubyman
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346900 of user rubyman.
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6163]: pam_unix(su:session): session closed for user rubyman
May  7 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346900.
May  7 13:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user root
May  7 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6092]: pam_unix(cron:session): session closed for user samftp
May  7 13:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Invalid user suser from 189.3.191.89
May  7 13:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: input_userauth_request: invalid user suser [preauth]
May  7 13:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Failed password for invalid user suser from 189.3.191.89 port 60694 ssh2
May  7 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Received disconnect from 189.3.191.89 port 60694:11: Bye Bye [preauth]
May  7 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6355]: Disconnected from 189.3.191.89 port 60694 [preauth]
May  7 13:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Invalid user plex from 196.251.84.225
May  7 13:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: input_userauth_request: invalid user plex [preauth]
May  7 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Failed password for invalid user plex from 196.251.84.225 port 42800 ssh2
May  7 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6378]: Connection closed by 196.251.84.225 port 42800 [preauth]
May  7 13:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4913]: pam_unix(cron:session): session closed for user root
May  7 13:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Failed password for root from 143.198.153.43 port 55640 ssh2
May  7 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Received disconnect from 143.198.153.43 port 55640:11: Bye Bye [preauth]
May  7 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6449]: Disconnected from 143.198.153.43 port 55640 [preauth]
May  7 13:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: User nobody from 194.0.234.19 not allowed because not listed in AllowUsers
May  7 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: input_userauth_request: invalid user nobody [preauth]
May  7 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Failed none for invalid user nobody from 194.0.234.19 port 18338 ssh2
May  7 13:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6451]: Connection closed by 194.0.234.19 port 18338 [preauth]
May  7 13:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: Invalid user www from 196.251.84.225
May  7 13:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: input_userauth_request: invalid user www [preauth]
May  7 13:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: Failed password for invalid user www from 196.251.84.225 port 39110 ssh2
May  7 13:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6485]: Connection closed by 196.251.84.225 port 39110 [preauth]
May  7 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session closed for user p13x
May  7 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: Successful su for rubyman by root
May  7 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: + ??? root:rubyman
May  7 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346903 of user rubyman.
May  7 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: pam_unix(su:session): session closed for user rubyman
May  7 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346903.
May  7 13:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session closed for user root
May  7 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session closed for user root
May  7 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session closed for user samftp
May  7 13:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Invalid user yarn from 196.251.84.225
May  7 13:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: input_userauth_request: invalid user yarn [preauth]
May  7 13:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Failed password for invalid user yarn from 196.251.84.225 port 49894 ssh2
May  7 13:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6885]: Connection closed by 196.251.84.225 port 49894 [preauth]
May  7 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5566]: pam_unix(cron:session): session closed for user root
May  7 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Invalid user ds from 196.251.84.225
May  7 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: input_userauth_request: invalid user ds [preauth]
May  7 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Failed password for invalid user ds from 196.251.84.225 port 36586 ssh2
May  7 13:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7083]: Connection closed by 196.251.84.225 port 36586 [preauth]
May  7 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Did not receive identification string from 205.210.31.166
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7130]: pam_unix(cron:session): session closed for user root
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7125]: pam_unix(cron:session): session closed for user p13x
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: Successful su for rubyman by root
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: + ??? root:rubyman
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346912 of user rubyman.
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7196]: pam_unix(su:session): session closed for user rubyman
May  7 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346912.
May  7 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7127]: pam_unix(cron:session): session closed for user root
May  7 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session closed for user root
May  7 13:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7126]: pam_unix(cron:session): session closed for user samftp
May  7 13:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Invalid user kodi from 196.251.84.225
May  7 13:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: input_userauth_request: invalid user kodi [preauth]
May  7 13:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Failed password for invalid user kodi from 196.251.84.225 port 50786 ssh2
May  7 13:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Connection closed by 196.251.84.225 port 50786 [preauth]
May  7 13:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Failed password for root from 218.92.0.225 port 61322 ssh2
May  7 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 61322 ssh2]
May  7 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Received disconnect from 218.92.0.225 port 61322:11:  [preauth]
May  7 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Disconnected from 218.92.0.225 port 61322 [preauth]
May  7 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 13:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Invalid user admin from 80.94.95.241
May  7 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: input_userauth_request: invalid user admin [preauth]
May  7 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 13:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for invalid user admin from 80.94.95.241 port 34062 ssh2
May  7 13:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for invalid user admin from 80.94.95.241 port 34062 ssh2
May  7 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session closed for user root
May  7 13:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for invalid user admin from 80.94.95.241 port 34062 ssh2
May  7 13:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 13:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for invalid user admin from 80.94.95.241 port 34062 ssh2
May  7 13:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 218.92.0.225 port 32428 ssh2
May  7 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Failed password for invalid user admin from 80.94.95.241 port 34062 ssh2
May  7 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Received disconnect from 80.94.95.241 port 34062:11: Bye [preauth]
May  7 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: Disconnected from 80.94.95.241 port 34062 [preauth]
May  7 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 13:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7469]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 218.92.0.225 port 32428 ssh2
May  7 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Invalid user amp from 196.251.84.225
May  7 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: input_userauth_request: invalid user amp [preauth]
May  7 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Failed password for root from 218.92.0.225 port 32428 ssh2
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Received disconnect from 218.92.0.225 port 32428:11:  [preauth]
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: Disconnected from 218.92.0.225 port 32428 [preauth]
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7595]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Failed password for invalid user amp from 196.251.84.225 port 60728 ssh2
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7609]: Connection closed by 196.251.84.225 port 60728 [preauth]
May  7 13:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session closed for user p13x
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: Successful su for rubyman by root
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: + ??? root:rubyman
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346915 of user rubyman.
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: pam_unix(su:session): session closed for user rubyman
May  7 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346915.
May  7 13:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Failed password for root from 218.92.0.225 port 12190 ssh2
May  7 13:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Failed password for root from 218.92.0.225 port 12190 ssh2
May  7 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4434]: pam_unix(cron:session): session closed for user root
May  7 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session closed for user samftp
May  7 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Failed password for root from 218.92.0.225 port 12190 ssh2
May  7 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Received disconnect from 218.92.0.225 port 12190:11:  [preauth]
May  7 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: Disconnected from 218.92.0.225 port 12190 [preauth]
May  7 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7668]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 13:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Invalid user vagrant from 196.251.84.225
May  7 13:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: input_userauth_request: invalid user vagrant [preauth]
May  7 13:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Failed password for invalid user vagrant from 196.251.84.225 port 51862 ssh2
May  7 13:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7954]: Connection closed by 196.251.84.225 port 51862 [preauth]
May  7 13:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Invalid user ahmad from 115.78.4.182
May  7 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: input_userauth_request: invalid user ahmad [preauth]
May  7 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Failed password for invalid user ahmad from 115.78.4.182 port 44942 ssh2
May  7 13:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Received disconnect from 115.78.4.182 port 44942:11: Bye Bye [preauth]
May  7 13:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Disconnected from 115.78.4.182 port 44942 [preauth]
May  7 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6517]: pam_unix(cron:session): session closed for user root
May  7 13:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 13:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: input_userauth_request: invalid user sys [preauth]
May  7 13:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  7 13:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: Failed password for invalid user sys from 196.251.84.225 port 36924 ssh2
May  7 13:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8049]: Connection closed by 196.251.84.225 port 36924 [preauth]
May  7 13:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7621]: Connection reset by 218.92.0.225 port 46100 [preauth]
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session closed for user p13x
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8194]: Successful su for rubyman by root
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8194]: + ??? root:rubyman
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346918 of user rubyman.
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8194]: pam_unix(su:session): session closed for user rubyman
May  7 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346918.
May  7 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4911]: pam_unix(cron:session): session closed for user root
May  7 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: Invalid user master from 196.251.84.225
May  7 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: input_userauth_request: invalid user master [preauth]
May  7 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user samftp
May  7 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: Failed password for invalid user master from 196.251.84.225 port 49016 ssh2
May  7 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8307]: Connection closed by 196.251.84.225 port 49016 [preauth]
May  7 13:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7129]: pam_unix(cron:session): session closed for user root
May  7 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Failed password for root from 196.251.84.225 port 38490 ssh2
May  7 13:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Connection closed by 196.251.84.225 port 38490 [preauth]
May  7 13:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Invalid user www from 196.251.84.225
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: input_userauth_request: invalid user www [preauth]
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session closed for user p13x
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: Successful su for rubyman by root
May  7 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: + ??? root:rubyman
May  7 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346924 of user rubyman.
May  7 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8620]: pam_unix(su:session): session closed for user rubyman
May  7 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346924.
May  7 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Failed password for invalid user www from 196.251.84.225 port 34244 ssh2
May  7 13:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Connection closed by 196.251.84.225 port 34244 [preauth]
May  7 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5557]: pam_unix(cron:session): session closed for user root
May  7 13:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session closed for user samftp
May  7 13:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 13:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: Failed password for root from 218.92.0.179 port 18930 ssh2
May  7 13:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18930 ssh2]
May  7 13:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: Received disconnect from 218.92.0.179 port 18930:11:  [preauth]
May  7 13:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: Disconnected from 218.92.0.179 port 18930 [preauth]
May  7 13:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8816]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43  user=root
May  7 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Failed password for root from 143.198.153.43 port 40604 ssh2
May  7 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Received disconnect from 143.198.153.43 port 40604:11: Bye Bye [preauth]
May  7 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Disconnected from 143.198.153.43 port 40604 [preauth]
May  7 13:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.159.189.193  user=root
May  7 13:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Invalid user ark from 196.251.84.225
May  7 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: input_userauth_request: invalid user ark [preauth]
May  7 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Failed password for root from 45.159.189.193 port 55526 ssh2
May  7 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Connection closed by 45.159.189.193 port 55526 [preauth]
May  7 13:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Failed password for invalid user ark from 196.251.84.225 port 41404 ssh2
May  7 13:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Connection closed by 196.251.84.225 port 41404 [preauth]
May  7 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session closed for user root
May  7 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Invalid user mohsen from 64.23.161.151
May  7 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: input_userauth_request: invalid user mohsen [preauth]
May  7 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for invalid user mohsen from 64.23.161.151 port 56320 ssh2
May  7 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Connection closed by 64.23.161.151 port 56320 [preauth]
May  7 13:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: Invalid user reelforge from 189.3.191.89
May  7 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: input_userauth_request: invalid user reelforge [preauth]
May  7 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: Failed password for invalid user reelforge from 189.3.191.89 port 60626 ssh2
May  7 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: Received disconnect from 189.3.191.89 port 60626:11: Bye Bye [preauth]
May  7 13:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8963]: Disconnected from 189.3.191.89 port 60626 [preauth]
May  7 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: Invalid user grafana from 196.251.84.225
May  7 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: input_userauth_request: invalid user grafana [preauth]
May  7 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8987]: pam_unix(cron:session): session closed for user p13x
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: Failed password for invalid user grafana from 196.251.84.225 port 59564 ssh2
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8982]: Connection closed by 196.251.84.225 port 59564 [preauth]
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: Successful su for rubyman by root
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: + ??? root:rubyman
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346926 of user rubyman.
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9048]: pam_unix(su:session): session closed for user rubyman
May  7 13:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346926.
May  7 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session closed for user root
May  7 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8988]: pam_unix(cron:session): session closed for user samftp
May  7 13:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Invalid user sonar from 196.251.84.225
May  7 13:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: input_userauth_request: invalid user sonar [preauth]
May  7 13:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Failed password for invalid user sonar from 196.251.84.225 port 49032 ssh2
May  7 13:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9421]: Connection closed by 196.251.84.225 port 49032 [preauth]
May  7 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session closed for user root
May  7 13:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: Invalid user vagrant from 196.251.84.225
May  7 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: input_userauth_request: invalid user vagrant [preauth]
May  7 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: Failed password for invalid user vagrant from 196.251.84.225 port 52022 ssh2
May  7 13:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9500]: Connection closed by 196.251.84.225 port 52022 [preauth]
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9519]: pam_unix(cron:session): session closed for user root
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session closed for user p13x
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9584]: Successful su for rubyman by root
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9584]: + ??? root:rubyman
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346932 of user rubyman.
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9584]: pam_unix(su:session): session closed for user rubyman
May  7 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346932.
May  7 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9516]: pam_unix(cron:session): session closed for user root
May  7 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6516]: pam_unix(cron:session): session closed for user root
May  7 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9515]: pam_unix(cron:session): session closed for user samftp
May  7 13:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Invalid user palworld from 196.251.84.225
May  7 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: input_userauth_request: invalid user palworld [preauth]
May  7 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Failed password for invalid user palworld from 196.251.84.225 port 35208 ssh2
May  7 13:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9838]: Connection closed by 196.251.84.225 port 35208 [preauth]
May  7 13:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user root
May  7 13:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Failed password for root from 196.251.84.225 port 47580 ssh2
May  7 13:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Connection closed by 196.251.84.225 port 47580 [preauth]
May  7 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9959]: pam_unix(cron:session): session closed for user p13x
May  7 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: Successful su for rubyman by root
May  7 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: + ??? root:rubyman
May  7 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346937 of user rubyman.
May  7 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10028]: pam_unix(su:session): session closed for user rubyman
May  7 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346937.
May  7 13:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7128]: pam_unix(cron:session): session closed for user root
May  7 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9960]: pam_unix(cron:session): session closed for user samftp
May  7 13:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Invalid user solana from 196.251.84.225
May  7 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: input_userauth_request: invalid user solana [preauth]
May  7 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Failed password for invalid user solana from 196.251.84.225 port 43378 ssh2
May  7 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10358]: Connection closed by 196.251.84.225 port 43378 [preauth]
May  7 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.159.189.193  user=root
May  7 13:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Failed password for root from 45.159.189.193 port 39116 ssh2
May  7 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user root
May  7 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Invalid user pi from 45.159.189.193
May  7 13:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: input_userauth_request: invalid user pi [preauth]
May  7 13:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10141]: Connection closed by 45.159.189.193 port 39116 [preauth]
May  7 13:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 13:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Failed password for root from 115.78.4.182 port 52978 ssh2
May  7 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Received disconnect from 115.78.4.182 port 52978:11: Bye Bye [preauth]
May  7 13:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10452]: Disconnected from 115.78.4.182 port 52978 [preauth]
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10419]: Did not receive identification string from 45.159.189.193
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10370]: Connection reset by 45.159.189.193 port 56756 [preauth]
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10345]: Connection reset by 45.159.189.193 port 56754 [preauth]
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10334]: Connection reset by 45.159.189.193 port 50348 [preauth]
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10237]: Connection reset by 45.159.189.193 port 39120 [preauth]
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Did not receive identification string from 45.159.189.193
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10393]: Connection reset by 45.159.189.193 port 37130 [preauth]
May  7 13:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10308]: Connection reset by 45.159.189.193 port 50342 [preauth]
May  7 13:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Invalid user git from 196.251.84.225
May  7 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: input_userauth_request: invalid user git [preauth]
May  7 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Failed password for invalid user git from 196.251.84.225 port 42080 ssh2
May  7 13:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10474]: Connection closed by 196.251.84.225 port 42080 [preauth]
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10484]: pam_unix(cron:session): session closed for user root
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10487]: pam_unix(cron:session): session closed for user p13x
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: Successful su for rubyman by root
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: + ??? root:rubyman
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346941 of user rubyman.
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10556]: pam_unix(su:session): session closed for user rubyman
May  7 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346941.
May  7 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session closed for user root
May  7 13:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10488]: pam_unix(cron:session): session closed for user samftp
May  7 13:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Invalid user opc from 196.251.84.225
May  7 13:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: input_userauth_request: invalid user opc [preauth]
May  7 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Failed password for invalid user opc from 196.251.84.225 port 41094 ssh2
May  7 13:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10856]: Connection closed by 196.251.84.225 port 41094 [preauth]
May  7 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9518]: pam_unix(cron:session): session closed for user root
May  7 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Failed password for root from 196.251.84.225 port 47896 ssh2
May  7 13:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Connection closed by 196.251.84.225 port 47896 [preauth]
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session closed for user p13x
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11010]: Successful su for rubyman by root
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11010]: + ??? root:rubyman
May  7 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346946 of user rubyman.
May  7 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11010]: pam_unix(su:session): session closed for user rubyman
May  7 13:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346946.
May  7 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user root
May  7 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Invalid user its from 143.198.153.43
May  7 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: input_userauth_request: invalid user its [preauth]
May  7 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.198.153.43
May  7 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session closed for user samftp
May  7 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Failed password for invalid user its from 143.198.153.43 port 34050 ssh2
May  7 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Received disconnect from 143.198.153.43 port 34050:11: Bye Bye [preauth]
May  7 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Disconnected from 143.198.153.43 port 34050 [preauth]
May  7 13:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.219.94.178  user=root
May  7 13:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Connection reset by 218.92.0.232 port 39754 [preauth]
May  7 13:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: Failed password for root from 8.219.94.178 port 46206 ssh2
May  7 13:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11214]: Connection closed by 8.219.94.178 port 46206 [preauth]
May  7 13:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Invalid user pi from 8.219.94.178
May  7 13:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: input_userauth_request: invalid user pi [preauth]
May  7 13:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=8.219.94.178
May  7 13:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Invalid user master from 196.251.84.225
May  7 13:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: input_userauth_request: invalid user master [preauth]
May  7 13:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Failed password for invalid user pi from 8.219.94.178 port 46216 ssh2
May  7 13:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11239]: Connection closed by 8.219.94.178 port 46216 [preauth]
May  7 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Failed password for invalid user master from 196.251.84.225 port 37876 ssh2
May  7 13:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11241]: Connection closed by 196.251.84.225 port 37876 [preauth]
May  7 13:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: User mysql from 194.0.234.19 not allowed because not listed in AllowUsers
May  7 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: input_userauth_request: invalid user mysql [preauth]
May  7 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: Failed none for invalid user mysql from 194.0.234.19 port 60424 ssh2
May  7 13:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: Connection closed by 194.0.234.19 port 60424 [preauth]
May  7 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9962]: pam_unix(cron:session): session closed for user root
May  7 13:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Invalid user admin from 196.251.84.225
May  7 13:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: input_userauth_request: invalid user admin [preauth]
May  7 13:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Failed password for invalid user admin from 196.251.84.225 port 42254 ssh2
May  7 13:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Connection closed by 196.251.84.225 port 42254 [preauth]
May  7 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session closed for user p13x
May  7 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: Successful su for rubyman by root
May  7 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: + ??? root:rubyman
May  7 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346949 of user rubyman.
May  7 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: pam_unix(su:session): session closed for user rubyman
May  7 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346949.
May  7 13:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session closed for user root
May  7 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session closed for user samftp
May  7 13:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Invalid user jet from 189.3.191.89
May  7 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: input_userauth_request: invalid user jet [preauth]
May  7 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Failed password for invalid user jet from 189.3.191.89 port 53290 ssh2
May  7 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Received disconnect from 189.3.191.89 port 53290:11: Bye Bye [preauth]
May  7 13:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11636]: Disconnected from 189.3.191.89 port 53290 [preauth]
May  7 13:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Failed password for root from 196.251.84.225 port 54444 ssh2
May  7 13:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 196.251.84.225 port 54444 [preauth]
May  7 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10491]: pam_unix(cron:session): session closed for user root
May  7 13:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Invalid user redis from 196.251.84.225
May  7 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: input_userauth_request: invalid user redis [preauth]
May  7 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Failed password for invalid user redis from 196.251.84.225 port 48698 ssh2
May  7 13:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Connection closed by 196.251.84.225 port 48698 [preauth]
May  7 13:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11775]: pam_unix(cron:session): session closed for user root
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11770]: pam_unix(cron:session): session closed for user p13x
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Failed password for root from 218.92.0.205 port 14346 ssh2
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11840]: Successful su for rubyman by root
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11840]: + ??? root:rubyman
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346956 of user rubyman.
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11840]: pam_unix(su:session): session closed for user rubyman
May  7 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346956.
May  7 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11772]: pam_unix(cron:session): session closed for user root
May  7 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Failed password for root from 218.92.0.205 port 14346 ssh2
May  7 13:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user root
May  7 13:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11771]: pam_unix(cron:session): session closed for user samftp
May  7 13:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Failed password for root from 218.92.0.205 port 14346 ssh2
May  7 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 14346 ssh2]
May  7 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 14346 ssh2 [preauth]
May  7 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Disconnecting: Too many authentication failures [preauth]
May  7 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 13:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Invalid user caddy from 196.251.84.225
May  7 13:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: input_userauth_request: invalid user caddy [preauth]
May  7 13:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Failed password for invalid user caddy from 196.251.84.225 port 33414 ssh2
May  7 13:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12060]: Connection closed by 196.251.84.225 port 33414 [preauth]
May  7 13:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 13:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Failed password for root from 218.92.0.205 port 53820 ssh2
May  7 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: message repeated 4 times: [ Failed password for root from 218.92.0.205 port 53820 ssh2]
May  7 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10953]: pam_unix(cron:session): session closed for user root
May  7 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Failed password for root from 218.92.0.205 port 53820 ssh2
May  7 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 53820 ssh2 [preauth]
May  7 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: Disconnecting: Too many authentication failures [preauth]
May  7 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 13:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12070]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 13:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 13:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Failed password for root from 218.92.0.205 port 33414 ssh2
May  7 13:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Received disconnect from 218.92.0.205 port 33414:11:  [preauth]
May  7 13:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Disconnected from 218.92.0.205 port 33414 [preauth]
May  7 13:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Invalid user www from 196.251.84.225
May  7 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: input_userauth_request: invalid user www [preauth]
May  7 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Failed password for invalid user www from 196.251.84.225 port 55276 ssh2
May  7 13:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Connection closed by 196.251.84.225 port 55276 [preauth]
May  7 13:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12193]: pam_unix(cron:session): session closed for user p13x
May  7 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: Successful su for rubyman by root
May  7 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: + ??? root:rubyman
May  7 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346960 of user rubyman.
May  7 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12262]: pam_unix(su:session): session closed for user rubyman
May  7 13:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346960.
May  7 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9517]: pam_unix(cron:session): session closed for user root
May  7 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12194]: pam_unix(cron:session): session closed for user samftp
May  7 13:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Invalid user minecraft from 196.251.84.225
May  7 13:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: input_userauth_request: invalid user minecraft [preauth]
May  7 13:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Failed password for invalid user minecraft from 196.251.84.225 port 57246 ssh2
May  7 13:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12465]: Connection closed by 196.251.84.225 port 57246 [preauth]
May  7 13:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12181]: Connection closed by 206.168.34.74 port 48286 [preauth]
May  7 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Invalid user mostafa from 64.23.161.151
May  7 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: input_userauth_request: invalid user mostafa [preauth]
May  7 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Failed password for invalid user mostafa from 64.23.161.151 port 48416 ssh2
May  7 13:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12515]: Connection closed by 64.23.161.151 port 48416 [preauth]
May  7 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session closed for user root
May  7 13:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Invalid user vagrant from 196.251.84.225
May  7 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: input_userauth_request: invalid user vagrant [preauth]
May  7 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Failed password for invalid user vagrant from 196.251.84.225 port 55296 ssh2
May  7 13:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12555]: Connection closed by 196.251.84.225 port 55296 [preauth]
May  7 13:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 13:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for root from 80.94.95.125 port 37313 ssh2
May  7 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 37313 ssh2]
May  7 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12607]: pam_unix(cron:session): session closed for user p13x
May  7 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12665]: Successful su for rubyman by root
May  7 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12665]: + ??? root:rubyman
May  7 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346963 of user rubyman.
May  7 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12665]: pam_unix(su:session): session closed for user rubyman
May  7 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346963.
May  7 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Failed password for root from 80.94.95.125 port 37313 ssh2
May  7 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Received disconnect from 80.94.95.125 port 37313:11: Bye [preauth]
May  7 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: Disconnected from 80.94.95.125 port 37313 [preauth]
May  7 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 13:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12596]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9961]: pam_unix(cron:session): session closed for user root
May  7 13:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12608]: pam_unix(cron:session): session closed for user samftp
May  7 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: Invalid user ubuntu from 196.251.84.225
May  7 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: input_userauth_request: invalid user ubuntu [preauth]
May  7 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: Failed password for invalid user ubuntu from 196.251.84.225 port 52330 ssh2
May  7 13:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12839]: Connection closed by 196.251.84.225 port 52330 [preauth]
May  7 13:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Failed password for root from 218.92.0.221 port 49140 ssh2
May  7 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 49140 ssh2]
May  7 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Received disconnect from 218.92.0.221 port 49140:11:  [preauth]
May  7 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: Disconnected from 218.92.0.221 port 49140 [preauth]
May  7 13:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 13:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Failed password for root from 115.78.4.182 port 32804 ssh2
May  7 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Received disconnect from 115.78.4.182 port 32804:11: Bye Bye [preauth]
May  7 13:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12909]: Disconnected from 115.78.4.182 port 32804 [preauth]
May  7 13:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11774]: pam_unix(cron:session): session closed for user root
May  7 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: Failed password for root from 196.251.84.225 port 49148 ssh2
May  7 13:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12919]: Connection closed by 196.251.84.225 port 49148 [preauth]
May  7 13:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 13:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for root from 193.70.84.184 port 43580 ssh2
May  7 13:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Connection closed by 193.70.84.184 port 43580 [preauth]
May  7 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Invalid user deploy from 196.251.84.225
May  7 13:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: input_userauth_request: invalid user deploy [preauth]
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13014]: pam_unix(cron:session): session closed for user p13x
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: Successful su for rubyman by root
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: + ??? root:rubyman
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346968 of user rubyman.
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13080]: pam_unix(su:session): session closed for user rubyman
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346968.
May  7 13:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Failed password for invalid user deploy from 196.251.84.225 port 60772 ssh2
May  7 13:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Connection closed by 196.251.84.225 port 60772 [preauth]
May  7 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10490]: pam_unix(cron:session): session closed for user root
May  7 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13015]: pam_unix(cron:session): session closed for user samftp
May  7 13:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Invalid user drupal from 196.251.84.225
May  7 13:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: input_userauth_request: invalid user drupal [preauth]
May  7 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Failed password for invalid user drupal from 196.251.84.225 port 36232 ssh2
May  7 13:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13323]: Connection closed by 196.251.84.225 port 36232 [preauth]
May  7 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12196]: pam_unix(cron:session): session closed for user root
May  7 13:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Invalid user ubuntu from 196.251.84.225
May  7 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: input_userauth_request: invalid user ubuntu [preauth]
May  7 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Failed password for invalid user ubuntu from 196.251.84.225 port 48492 ssh2
May  7 13:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13402]: Connection closed by 196.251.84.225 port 48492 [preauth]
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13415]: pam_unix(cron:session): session closed for user p13x
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: Successful su for rubyman by root
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: + ??? root:rubyman
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346971 of user rubyman.
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13571]: pam_unix(su:session): session closed for user rubyman
May  7 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346971.
May  7 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10952]: pam_unix(cron:session): session closed for user root
May  7 13:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13416]: pam_unix(cron:session): session closed for user samftp
May  7 13:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Failed password for root from 164.68.105.9 port 44266 ssh2
May  7 13:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13791]: Connection closed by 164.68.105.9 port 44266 [preauth]
May  7 13:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13811]: Failed password for root from 196.251.84.225 port 45080 ssh2
May  7 13:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13811]: Connection closed by 196.251.84.225 port 45080 [preauth]
May  7 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12610]: pam_unix(cron:session): session closed for user root
May  7 13:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: Invalid user oracle from 196.251.84.225
May  7 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: input_userauth_request: invalid user oracle [preauth]
May  7 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: Failed password for invalid user oracle from 196.251.84.225 port 44554 ssh2
May  7 13:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13902]: Connection closed by 196.251.84.225 port 44554 [preauth]
May  7 13:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89  user=root
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session closed for user root
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13927]: pam_unix(cron:session): session closed for user p13x
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Failed password for root from 189.3.191.89 port 44918 ssh2
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Received disconnect from 189.3.191.89 port 44918:11: Bye Bye [preauth]
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13915]: Disconnected from 189.3.191.89 port 44918 [preauth]
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: Successful su for rubyman by root
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: + ??? root:rubyman
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346975 of user rubyman.
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13998]: pam_unix(su:session): session closed for user rubyman
May  7 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346975.
May  7 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session closed for user root
May  7 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session closed for user root
May  7 13:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13928]: pam_unix(cron:session): session closed for user samftp
May  7 13:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Invalid user elasticsearch from 196.251.84.225
May  7 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Failed password for invalid user elasticsearch from 196.251.84.225 port 48302 ssh2
May  7 13:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14240]: Connection closed by 196.251.84.225 port 48302 [preauth]
May  7 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user root
May  7 13:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Failed password for root from 196.251.84.225 port 49340 ssh2
May  7 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14342]: Connection closed by 196.251.84.225 port 49340 [preauth]
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14364]: pam_unix(cron:session): session closed for user p13x
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: Successful su for rubyman by root
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: + ??? root:rubyman
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346981 of user rubyman.
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14431]: pam_unix(su:session): session closed for user rubyman
May  7 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346981.
May  7 13:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session closed for user root
May  7 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14365]: pam_unix(cron:session): session closed for user samftp
May  7 13:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Invalid user gitlab from 196.251.84.225
May  7 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: input_userauth_request: invalid user gitlab [preauth]
May  7 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for invalid user gitlab from 196.251.84.225 port 34602 ssh2
May  7 13:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Connection closed by 196.251.84.225 port 34602 [preauth]
May  7 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13418]: pam_unix(cron:session): session closed for user root
May  7 13:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 13:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Failed password for root from 218.92.0.103 port 16202 ssh2
May  7 13:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: message repeated 2 times: [ Failed password for root from 218.92.0.103 port 16202 ssh2]
May  7 13:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Received disconnect from 218.92.0.103 port 16202:11:  [preauth]
May  7 13:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: Disconnected from 218.92.0.103 port 16202 [preauth]
May  7 13:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14698]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 13:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Invalid user ubuntu from 196.251.84.225
May  7 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: input_userauth_request: invalid user ubuntu [preauth]
May  7 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Failed password for invalid user ubuntu from 196.251.84.225 port 54034 ssh2
May  7 13:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Connection closed by 196.251.84.225 port 54034 [preauth]
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14780]: pam_unix(cron:session): session closed for user p13x
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: Successful su for rubyman by root
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: + ??? root:rubyman
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346987 of user rubyman.
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14847]: pam_unix(su:session): session closed for user rubyman
May  7 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346987.
May  7 13:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12195]: pam_unix(cron:session): session closed for user root
May  7 13:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Failed password for root from 218.92.0.233 port 34830 ssh2
May  7 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14781]: pam_unix(cron:session): session closed for user samftp
May  7 13:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Failed password for root from 218.92.0.233 port 34830 ssh2
May  7 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Failed password for root from 218.92.0.233 port 34830 ssh2
May  7 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Received disconnect from 218.92.0.233 port 34830:11:  [preauth]
May  7 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: Disconnected from 218.92.0.233 port 34830 [preauth]
May  7 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14778]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 13:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 13:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Failed password for root from 218.92.0.233 port 34834 ssh2
May  7 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Failed password for root from 196.251.84.225 port 43854 ssh2
May  7 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15047]: Connection closed by 196.251.84.225 port 43854 [preauth]
May  7 13:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Failed password for root from 218.92.0.233 port 34834 ssh2
May  7 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Failed password for root from 218.92.0.233 port 34834 ssh2
May  7 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Received disconnect from 218.92.0.233 port 34834:11:  [preauth]
May  7 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: Disconnected from 218.92.0.233 port 34834 [preauth]
May  7 13:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15045]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 13:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 13:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: Failed password for root from 218.92.0.233 port 61108 ssh2
May  7 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 61108 ssh2]
May  7 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: Received disconnect from 218.92.0.233 port 61108:11:  [preauth]
May  7 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: Disconnected from 218.92.0.233 port 61108 [preauth]
May  7 13:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15077]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  7 13:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session closed for user root
May  7 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Invalid user ubuntu from 196.251.84.225
May  7 13:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: input_userauth_request: invalid user ubuntu [preauth]
May  7 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Failed password for invalid user ubuntu from 196.251.84.225 port 41256 ssh2
May  7 13:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15146]: Connection closed by 196.251.84.225 port 41256 [preauth]
May  7 13:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: Invalid user chen from 115.78.4.182
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: input_userauth_request: invalid user chen [preauth]
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session closed for user p13x
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: Successful su for rubyman by root
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: + ??? root:rubyman
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346990 of user rubyman.
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15258]: pam_unix(su:session): session closed for user rubyman
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346990.
May  7 13:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: Failed password for invalid user chen from 115.78.4.182 port 40858 ssh2
May  7 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: Received disconnect from 115.78.4.182 port 40858:11: Bye Bye [preauth]
May  7 13:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15193]: Disconnected from 115.78.4.182 port 40858 [preauth]
May  7 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15400]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.138.34 port 49796
May  7 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12609]: pam_unix(cron:session): session closed for user root
May  7 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user samftp
May  7 13:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Invalid user airflow from 196.251.84.225
May  7 13:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: input_userauth_request: invalid user airflow [preauth]
May  7 13:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Failed password for invalid user airflow from 196.251.84.225 port 33702 ssh2
May  7 13:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15444]: Connection closed by 196.251.84.225 port 33702 [preauth]
May  7 13:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15407]: Did not receive identification string from 165.154.138.34
May  7 13:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15486]: Connection closed by 165.154.138.34 port 46228 [preauth]
May  7 13:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15488]: Protocol major versions differ for 165.154.138.34: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May  7 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14367]: pam_unix(cron:session): session closed for user root
May  7 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Invalid user jito from 196.251.84.225
May  7 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: input_userauth_request: invalid user jito [preauth]
May  7 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Failed password for invalid user jito from 196.251.84.225 port 41988 ssh2
May  7 13:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15541]: Connection closed by 196.251.84.225 port 41988 [preauth]
May  7 13:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15539]: Connection closed by 20.221.58.154 port 58438 [preauth]
May  7 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15600]: pam_unix(cron:session): session closed for user p13x
May  7 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15658]: Successful su for rubyman by root
May  7 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15658]: + ??? root:rubyman
May  7 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346993 of user rubyman.
May  7 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15658]: pam_unix(su:session): session closed for user rubyman
May  7 13:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346993.
May  7 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user root
May  7 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Invalid user solana from 196.251.84.225
May  7 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: input_userauth_request: invalid user solana [preauth]
May  7 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15601]: pam_unix(cron:session): session closed for user samftp
May  7 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Failed password for invalid user solana from 196.251.84.225 port 50380 ssh2
May  7 13:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Connection closed by 196.251.84.225 port 50380 [preauth]
May  7 13:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Failed password for root from 80.94.95.115 port 62368 ssh2
May  7 13:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Connection closed by 80.94.95.115 port 62368 [preauth]
May  7 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: Invalid user shahrzad from 64.23.161.151
May  7 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: input_userauth_request: invalid user shahrzad [preauth]
May  7 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: Failed password for invalid user shahrzad from 64.23.161.151 port 51816 ssh2
May  7 13:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15877]: Connection closed by 64.23.161.151 port 51816 [preauth]
May  7 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session closed for user root
May  7 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Invalid user wang from 196.251.84.225
May  7 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: input_userauth_request: invalid user wang [preauth]
May  7 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Failed password for invalid user wang from 196.251.84.225 port 55286 ssh2
May  7 13:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15922]: Connection closed by 196.251.84.225 port 55286 [preauth]
May  7 13:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user root
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16001]: pam_unix(cron:session): session closed for user p13x
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Invalid user mongodb from 196.251.84.225
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: input_userauth_request: invalid user mongodb [preauth]
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: Successful su for rubyman by root
May  7 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: + ??? root:rubyman
May  7 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 346999 of user rubyman.
May  7 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: pam_unix(su:session): session closed for user rubyman
May  7 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 346999.
May  7 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Failed password for invalid user mongodb from 196.251.84.225 port 32910 ssh2
May  7 13:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15998]: Connection closed by 196.251.84.225 port 32910 [preauth]
May  7 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session closed for user root
May  7 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13417]: pam_unix(cron:session): session closed for user root
May  7 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16002]: pam_unix(cron:session): session closed for user samftp
May  7 13:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: Invalid user dolphin from 196.251.84.225
May  7 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: input_userauth_request: invalid user dolphin [preauth]
May  7 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15202]: pam_unix(cron:session): session closed for user root
May  7 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Invalid user db2fenc1 from 189.3.191.89
May  7 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: input_userauth_request: invalid user db2fenc1 [preauth]
May  7 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: Failed password for invalid user dolphin from 196.251.84.225 port 49040 ssh2
May  7 13:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16332]: Connection closed by 196.251.84.225 port 49040 [preauth]
May  7 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Failed password for invalid user db2fenc1 from 189.3.191.89 port 46190 ssh2
May  7 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Received disconnect from 189.3.191.89 port 46190:11: Bye Bye [preauth]
May  7 13:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Disconnected from 189.3.191.89 port 46190 [preauth]
May  7 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16415]: pam_unix(cron:session): session closed for user p13x
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16517]: Successful su for rubyman by root
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16517]: + ??? root:rubyman
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347003 of user rubyman.
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16517]: pam_unix(su:session): session closed for user rubyman
May  7 13:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347003.
May  7 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Invalid user sftpuser from 196.251.84.225
May  7 13:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: input_userauth_request: invalid user sftpuser [preauth]
May  7 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session closed for user root
May  7 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16416]: pam_unix(cron:session): session closed for user samftp
May  7 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Failed password for invalid user sftpuser from 196.251.84.225 port 37286 ssh2
May  7 13:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16516]: Connection closed by 196.251.84.225 port 37286 [preauth]
May  7 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15603]: pam_unix(cron:session): session closed for user root
May  7 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Invalid user rancher from 196.251.84.225
May  7 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: input_userauth_request: invalid user rancher [preauth]
May  7 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Failed password for invalid user rancher from 196.251.84.225 port 36524 ssh2
May  7 13:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: Connection closed by 196.251.84.225 port 36524 [preauth]
May  7 13:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16895]: pam_unix(cron:session): session closed for user p13x
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16975]: Successful su for rubyman by root
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16975]: + ??? root:rubyman
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347008 of user rubyman.
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16975]: pam_unix(su:session): session closed for user rubyman
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347008.
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for root from 218.92.0.220 port 62566 ssh2
May  7 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14366]: pam_unix(cron:session): session closed for user root
May  7 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Invalid user sftp from 196.251.84.225
May  7 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: input_userauth_request: invalid user sftp [preauth]
May  7 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for root from 218.92.0.220 port 62566 ssh2
May  7 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16896]: pam_unix(cron:session): session closed for user samftp
May  7 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Failed password for invalid user sftp from 196.251.84.225 port 39538 ssh2
May  7 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for root from 218.92.0.220 port 62566 ssh2
May  7 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Received disconnect from 218.92.0.220 port 62566:11:  [preauth]
May  7 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Disconnected from 218.92.0.220 port 62566 [preauth]
May  7 13:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 13:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17028]: Connection closed by 196.251.84.225 port 39538 [preauth]
May  7 13:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session closed for user root
May  7 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Invalid user wordpress from 196.251.84.225
May  7 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: input_userauth_request: invalid user wordpress [preauth]
May  7 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Failed password for invalid user wordpress from 196.251.84.225 port 47340 ssh2
May  7 13:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17233]: Connection closed by 196.251.84.225 port 47340 [preauth]
May  7 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user p13x
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: Successful su for rubyman by root
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: + ??? root:rubyman
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347011 of user rubyman.
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: pam_unix(su:session): session closed for user rubyman
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347011.
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Invalid user emby from 196.251.84.225
May  7 13:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: input_userauth_request: invalid user emby [preauth]
May  7 13:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session closed for user root
May  7 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Failed password for invalid user emby from 196.251.84.225 port 46528 ssh2
May  7 13:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17395]: Connection closed by 196.251.84.225 port 46528 [preauth]
May  7 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user samftp
May  7 13:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Invalid user deploy from 196.251.84.225
May  7 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: input_userauth_request: invalid user deploy [preauth]
May  7 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Failed password for invalid user deploy from 196.251.84.225 port 42906 ssh2
May  7 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Connection closed by 196.251.84.225 port 42906 [preauth]
May  7 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16418]: pam_unix(cron:session): session closed for user root
May  7 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: Invalid user manager from 115.78.4.182
May  7 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: input_userauth_request: invalid user manager [preauth]
May  7 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: Failed password for invalid user manager from 115.78.4.182 port 48906 ssh2
May  7 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: Received disconnect from 115.78.4.182 port 48906:11: Bye Bye [preauth]
May  7 13:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17644]: Disconnected from 115.78.4.182 port 48906 [preauth]
May  7 13:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 13:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Failed password for root from 218.92.0.111 port 29896 ssh2
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Failed password for root from 196.251.84.225 port 41908 ssh2
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session closed for user p13x
May  7 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17731]: Connection closed by 196.251.84.225 port 41908 [preauth]
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: Successful su for rubyman by root
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: + ??? root:rubyman
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347015 of user rubyman.
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17904]: pam_unix(su:session): session closed for user rubyman
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347015.
May  7 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Failed password for root from 218.92.0.111 port 29896 ssh2
May  7 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15200]: pam_unix(cron:session): session closed for user root
May  7 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Failed password for root from 218.92.0.111 port 29896 ssh2
May  7 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Received disconnect from 218.92.0.111 port 29896:11:  [preauth]
May  7 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: Disconnected from 218.92.0.111 port 29896 [preauth]
May  7 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17720]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 13:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17738]: pam_unix(cron:session): session closed for user samftp
May  7 13:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 13:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Failed password for root from 218.92.0.111 port 21824 ssh2
May  7 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 21824 ssh2]
May  7 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Received disconnect from 218.92.0.111 port 21824:11:  [preauth]
May  7 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: Disconnected from 218.92.0.111 port 21824 [preauth]
May  7 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18149]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 13:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Failed password for root from 218.92.0.111 port 59766 ssh2
May  7 13:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Failed password for root from 196.251.84.225 port 50342 ssh2
May  7 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18173]: Connection closed by 196.251.84.225 port 50342 [preauth]
May  7 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Failed password for root from 218.92.0.111 port 59766 ssh2
May  7 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16898]: pam_unix(cron:session): session closed for user root
May  7 13:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Failed password for root from 218.92.0.111 port 59766 ssh2
May  7 13:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Received disconnect from 218.92.0.111 port 59766:11:  [preauth]
May  7 13:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: Disconnected from 218.92.0.111 port 59766 [preauth]
May  7 13:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18175]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 13:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Invalid user master from 196.251.84.225
May  7 13:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: input_userauth_request: invalid user master [preauth]
May  7 13:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Failed password for invalid user master from 196.251.84.225 port 57888 ssh2
May  7 13:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18251]: Connection closed by 196.251.84.225 port 57888 [preauth]
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session closed for user root
May  7 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18269]: pam_unix(cron:session): session closed for user p13x
May  7 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18345]: Successful su for rubyman by root
May  7 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18345]: + ??? root:rubyman
May  7 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347020 of user rubyman.
May  7 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18345]: pam_unix(su:session): session closed for user rubyman
May  7 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347020.
May  7 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session closed for user root
May  7 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15602]: pam_unix(cron:session): session closed for user root
May  7 13:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18270]: pam_unix(cron:session): session closed for user samftp
May  7 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18594]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18594]: input_userauth_request: invalid user uucp [preauth]
May  7 13:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  7 13:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18594]: Failed password for invalid user uucp from 196.251.84.225 port 50712 ssh2
May  7 13:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18594]: Connection closed by 196.251.84.225 port 50712 [preauth]
May  7 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user root
May  7 13:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Invalid user testuser from 196.251.84.225
May  7 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: input_userauth_request: invalid user testuser [preauth]
May  7 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Failed password for invalid user testuser from 196.251.84.225 port 46530 ssh2
May  7 13:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18684]: Connection closed by 196.251.84.225 port 46530 [preauth]
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user p13x
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18792]: Successful su for rubyman by root
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18792]: + ??? root:rubyman
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347026 of user rubyman.
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18792]: pam_unix(su:session): session closed for user rubyman
May  7 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347026.
May  7 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session closed for user root
May  7 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session closed for user samftp
May  7 13:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: Invalid user network3 from 189.3.191.89
May  7 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: input_userauth_request: invalid user network3 [preauth]
May  7 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: Failed password for invalid user network3 from 189.3.191.89 port 50510 ssh2
May  7 13:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: Received disconnect from 189.3.191.89 port 50510:11: Bye Bye [preauth]
May  7 13:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18977]: Disconnected from 189.3.191.89 port 50510 [preauth]
May  7 13:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: Invalid user git from 196.251.84.225
May  7 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: input_userauth_request: invalid user git [preauth]
May  7 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: Failed password for invalid user git from 196.251.84.225 port 49230 ssh2
May  7 13:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19009]: Connection closed by 196.251.84.225 port 49230 [preauth]
May  7 13:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17740]: pam_unix(cron:session): session closed for user root
May  7 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: Invalid user airflow from 196.251.84.225
May  7 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: input_userauth_request: invalid user airflow [preauth]
May  7 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: Failed password for invalid user airflow from 196.251.84.225 port 39266 ssh2
May  7 13:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: Connection closed by 196.251.84.225 port 39266 [preauth]
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19138]: pam_unix(cron:session): session closed for user p13x
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: Successful su for rubyman by root
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: + ??? root:rubyman
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347029 of user rubyman.
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19197]: pam_unix(su:session): session closed for user rubyman
May  7 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347029.
May  7 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16417]: pam_unix(cron:session): session closed for user root
May  7 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Invalid user shapour from 64.23.161.151
May  7 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: input_userauth_request: invalid user shapour [preauth]
May  7 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19139]: pam_unix(cron:session): session closed for user samftp
May  7 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for invalid user shapour from 64.23.161.151 port 50072 ssh2
May  7 13:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Connection closed by 64.23.161.151 port 50072 [preauth]
May  7 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Invalid user zabbix from 196.251.84.225
May  7 13:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: input_userauth_request: invalid user zabbix [preauth]
May  7 13:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Failed password for invalid user zabbix from 196.251.84.225 port 35338 ssh2
May  7 13:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Connection closed by 196.251.84.225 port 35338 [preauth]
May  7 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session closed for user root
May  7 13:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: Invalid user node from 196.251.84.225
May  7 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: input_userauth_request: invalid user node [preauth]
May  7 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: Failed password for invalid user node from 196.251.84.225 port 58712 ssh2
May  7 13:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19501]: Connection closed by 196.251.84.225 port 58712 [preauth]
May  7 13:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 13:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19524]: Failed password for root from 193.70.84.184 port 41608 ssh2
May  7 13:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19524]: Connection closed by 193.70.84.184 port 41608 [preauth]
May  7 13:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 13:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 218.92.0.103 port 58610 ssh2
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19548]: pam_unix(cron:session): session closed for user p13x
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19615]: Successful su for rubyman by root
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19615]: + ??? root:rubyman
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347033 of user rubyman.
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19615]: pam_unix(su:session): session closed for user rubyman
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347033.
May  7 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 218.92.0.103 port 58610 ssh2
May  7 13:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 218.92.0.103 port 58610 ssh2
May  7 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Received disconnect from 218.92.0.103 port 58610:11:  [preauth]
May  7 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Disconnected from 218.92.0.103 port 58610 [preauth]
May  7 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16897]: pam_unix(cron:session): session closed for user root
May  7 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19549]: pam_unix(cron:session): session closed for user samftp
May  7 13:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Invalid user user from 196.251.84.225
May  7 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: input_userauth_request: invalid user user [preauth]
May  7 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Failed password for invalid user user from 196.251.84.225 port 56508 ssh2
May  7 13:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Connection closed by 196.251.84.225 port 56508 [preauth]
May  7 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session closed for user root
May  7 13:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Invalid user testuser from 196.251.84.225
May  7 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: input_userauth_request: invalid user testuser [preauth]
May  7 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Failed password for invalid user testuser from 196.251.84.225 port 49500 ssh2
May  7 13:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19911]: Connection closed by 196.251.84.225 port 49500 [preauth]
May  7 13:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19976]: pam_unix(cron:session): session closed for user p13x
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: Invalid user fiscal from 115.78.4.182
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: input_userauth_request: invalid user fiscal [preauth]
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20108]: Successful su for rubyman by root
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20108]: + ??? root:rubyman
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347039 of user rubyman.
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20108]: pam_unix(su:session): session closed for user rubyman
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347039.
May  7 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19974]: pam_unix(cron:session): session closed for user root
May  7 13:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: Failed password for invalid user fiscal from 115.78.4.182 port 56932 ssh2
May  7 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: Received disconnect from 115.78.4.182 port 56932:11: Bye Bye [preauth]
May  7 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19964]: Disconnected from 115.78.4.182 port 56932 [preauth]
May  7 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user root
May  7 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session closed for user samftp
May  7 13:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Invalid user nagios from 196.251.84.225
May  7 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: input_userauth_request: invalid user nagios [preauth]
May  7 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Failed password for invalid user nagios from 196.251.84.225 port 50424 ssh2
May  7 13:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20309]: Connection closed by 196.251.84.225 port 50424 [preauth]
May  7 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19141]: pam_unix(cron:session): session closed for user root
May  7 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Failed password for root from 196.251.84.225 port 46220 ssh2
May  7 13:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20386]: Connection closed by 196.251.84.225 port 46220 [preauth]
May  7 13:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Invalid user admin from 80.94.95.112
May  7 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: input_userauth_request: invalid user admin [preauth]
May  7 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 13:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for invalid user admin from 80.94.95.112 port 8483 ssh2
May  7 13:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for invalid user admin from 80.94.95.112 port 8483 ssh2
May  7 13:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for invalid user admin from 80.94.95.112 port 8483 ssh2
May  7 13:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for invalid user admin from 80.94.95.112 port 8483 ssh2
May  7 13:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Failed password for invalid user admin from 80.94.95.112 port 8483 ssh2
May  7 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Received disconnect from 80.94.95.112 port 8483:11: Bye [preauth]
May  7 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: Disconnected from 80.94.95.112 port 8483 [preauth]
May  7 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 13:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20442]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session closed for user root
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session closed for user p13x
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: Successful su for rubyman by root
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: + ??? root:rubyman
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347043 of user rubyman.
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20546]: pam_unix(su:session): session closed for user rubyman
May  7 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347043.
May  7 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: Invalid user puppet from 196.251.84.225
May  7 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: input_userauth_request: invalid user puppet [preauth]
May  7 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20477]: pam_unix(cron:session): session closed for user root
May  7 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17739]: pam_unix(cron:session): session closed for user root
May  7 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: Failed password for invalid user puppet from 196.251.84.225 port 56596 ssh2
May  7 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20615]: Connection closed by 196.251.84.225 port 56596 [preauth]
May  7 13:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user samftp
May  7 13:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: Invalid user subsonic from 196.251.84.225
May  7 13:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: input_userauth_request: invalid user subsonic [preauth]
May  7 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19552]: pam_unix(cron:session): session closed for user root
May  7 13:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: Failed password for invalid user subsonic from 196.251.84.225 port 40082 ssh2
May  7 13:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20822]: Connection closed by 196.251.84.225 port 40082 [preauth]
May  7 13:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Invalid user ubuntu from 196.251.84.225
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: input_userauth_request: invalid user ubuntu [preauth]
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20927]: pam_unix(cron:session): session closed for user p13x
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: Successful su for rubyman by root
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: + ??? root:rubyman
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347049 of user rubyman.
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session closed for user rubyman
May  7 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347049.
May  7 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Failed password for invalid user ubuntu from 196.251.84.225 port 54566 ssh2
May  7 13:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20922]: Connection closed by 196.251.84.225 port 54566 [preauth]
May  7 13:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session closed for user root
May  7 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20928]: pam_unix(cron:session): session closed for user samftp
May  7 13:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: Invalid user squid from 194.0.234.19
May  7 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: input_userauth_request: invalid user squid [preauth]
May  7 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: Failed password for invalid user squid from 194.0.234.19 port 19514 ssh2
May  7 13:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21248]: Connection closed by 194.0.234.19 port 19514 [preauth]
May  7 13:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19980]: pam_unix(cron:session): session closed for user root
May  7 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21293]: Failed password for root from 196.251.84.225 port 36000 ssh2
May  7 13:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21293]: Connection closed by 196.251.84.225 port 36000 [preauth]
May  7 13:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Invalid user csgoserver from 189.3.191.89
May  7 13:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: input_userauth_request: invalid user csgoserver [preauth]
May  7 13:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Failed password for invalid user csgoserver from 189.3.191.89 port 56848 ssh2
May  7 13:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Received disconnect from 189.3.191.89 port 56848:11: Bye Bye [preauth]
May  7 13:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21336]: Disconnected from 189.3.191.89 port 56848 [preauth]
May  7 13:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 13:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for root from 218.92.0.217 port 36002 ssh2
May  7 13:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for root from 218.92.0.217 port 36002 ssh2
May  7 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session closed for user p13x
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Failed password for root from 218.92.0.217 port 36002 ssh2
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21442]: Successful su for rubyman by root
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21442]: + ??? root:rubyman
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347053 of user rubyman.
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21442]: pam_unix(su:session): session closed for user rubyman
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347053.
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Received disconnect from 218.92.0.217 port 36002:11:  [preauth]
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: Disconnected from 218.92.0.217 port 36002 [preauth]
May  7 13:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21368]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user root
May  7 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21383]: pam_unix(cron:session): session closed for user samftp
May  7 13:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: Invalid user git from 196.251.84.225
May  7 13:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: input_userauth_request: invalid user git [preauth]
May  7 13:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: Failed password for invalid user git from 196.251.84.225 port 50196 ssh2
May  7 13:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21379]: Connection closed by 196.251.84.225 port 50196 [preauth]
May  7 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session closed for user root
May  7 13:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Invalid user lsb from 196.251.84.225
May  7 13:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: input_userauth_request: invalid user lsb [preauth]
May  7 13:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Failed password for invalid user lsb from 196.251.84.225 port 48970 ssh2
May  7 13:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21743]: Connection closed by 196.251.84.225 port 48970 [preauth]
May  7 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22106]: pam_unix(cron:session): session closed for user p13x
May  7 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: Successful su for rubyman by root
May  7 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: + ??? root:rubyman
May  7 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347056 of user rubyman.
May  7 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22174]: pam_unix(su:session): session closed for user rubyman
May  7 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347056.
May  7 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19140]: pam_unix(cron:session): session closed for user root
May  7 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22107]: pam_unix(cron:session): session closed for user samftp
May  7 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Failed password for root from 196.251.84.225 port 38546 ssh2
May  7 13:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22383]: Connection closed by 196.251.84.225 port 38546 [preauth]
May  7 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session closed for user root
May  7 13:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Invalid user sol from 196.251.84.225
May  7 13:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: input_userauth_request: invalid user sol [preauth]
May  7 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Failed password for invalid user sol from 196.251.84.225 port 35802 ssh2
May  7 13:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22509]: Connection closed by 196.251.84.225 port 35802 [preauth]
May  7 13:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 13:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Failed password for root from 218.92.0.222 port 17354 ssh2
May  7 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 17354 ssh2]
May  7 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Received disconnect from 218.92.0.222 port 17354:11:  [preauth]
May  7 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: Disconnected from 218.92.0.222 port 17354 [preauth]
May  7 13:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22521]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 13:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: Invalid user panda from 123.59.50.202
May  7 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: input_userauth_request: invalid user panda [preauth]
May  7 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22587]: pam_unix(cron:session): session closed for user p13x
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22648]: Successful su for rubyman by root
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22648]: + ??? root:rubyman
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347061 of user rubyman.
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22648]: pam_unix(su:session): session closed for user rubyman
May  7 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347061.
May  7 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: Failed password for invalid user panda from 123.59.50.202 port 63354 ssh2
May  7 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: Received disconnect from 123.59.50.202 port 63354:11: Bye Bye [preauth]
May  7 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22574]: Disconnected from 123.59.50.202 port 63354 [preauth]
May  7 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19551]: pam_unix(cron:session): session closed for user root
May  7 13:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22588]: pam_unix(cron:session): session closed for user samftp
May  7 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: Failed password for root from 196.251.84.225 port 43088 ssh2
May  7 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: Connection closed by 196.251.84.225 port 43088 [preauth]
May  7 13:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Failed password for root from 218.92.0.222 port 31942 ssh2
May  7 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 31942 ssh2]
May  7 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Received disconnect from 218.92.0.222 port 31942:11:  [preauth]
May  7 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: Disconnected from 218.92.0.222 port 31942 [preauth]
May  7 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22853]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 13:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 13:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: Failed password for root from 218.92.0.179 port 21017 ssh2
May  7 13:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 21017 ssh2]
May  7 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: Received disconnect from 218.92.0.179 port 21017:11:  [preauth]
May  7 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: Disconnected from 218.92.0.179 port 21017 [preauth]
May  7 13:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22910]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 13:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Invalid user rahim from 115.78.4.182
May  7 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: input_userauth_request: invalid user rahim [preauth]
May  7 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Failed password for invalid user rahim from 115.78.4.182 port 36744 ssh2
May  7 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21385]: pam_unix(cron:session): session closed for user root
May  7 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Received disconnect from 115.78.4.182 port 36744:11: Bye Bye [preauth]
May  7 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Disconnected from 115.78.4.182 port 36744 [preauth]
May  7 13:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Failed password for root from 218.92.0.222 port 28666 ssh2
May  7 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.168.121.141 port 40180
May  7 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Invalid user factorio from 196.251.84.225
May  7 13:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: input_userauth_request: invalid user factorio [preauth]
May  7 13:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Failed password for root from 218.92.0.222 port 28666 ssh2
May  7 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Failed password for root from 218.92.0.222 port 28666 ssh2
May  7 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Received disconnect from 218.92.0.222 port 28666:11:  [preauth]
May  7 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: Disconnected from 218.92.0.222 port 28666 [preauth]
May  7 13:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22960]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  7 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Failed password for invalid user factorio from 196.251.84.225 port 35850 ssh2
May  7 13:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Connection closed by 196.251.84.225 port 35850 [preauth]
May  7 13:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Invalid user admin from 80.94.95.241
May  7 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: input_userauth_request: invalid user admin [preauth]
May  7 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 13:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user admin from 80.94.95.241 port 57929 ssh2
May  7 13:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user admin from 80.94.95.241 port 57929 ssh2
May  7 13:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user admin from 80.94.95.241 port 57929 ssh2
May  7 13:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user admin from 80.94.95.241 port 57929 ssh2
May  7 13:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user admin from 80.94.95.241 port 57929 ssh2
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Received disconnect from 80.94.95.241 port 57929:11: Bye [preauth]
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Disconnected from 80.94.95.241 port 57929 [preauth]
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Invalid user sina from 64.23.161.151
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: input_userauth_request: invalid user sina [preauth]
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Failed password for invalid user sina from 64.23.161.151 port 54074 ssh2
May  7 13:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23051]: Connection closed by 64.23.161.151 port 54074 [preauth]
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session closed for user root
May  7 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23068]: pam_unix(cron:session): session closed for user p13x
May  7 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23140]: Successful su for rubyman by root
May  7 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23140]: + ??? root:rubyman
May  7 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347064 of user rubyman.
May  7 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23140]: pam_unix(su:session): session closed for user rubyman
May  7 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347064.
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session closed for user root
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: Invalid user opc from 196.251.84.225
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: input_userauth_request: invalid user opc [preauth]
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19979]: pam_unix(cron:session): session closed for user root
May  7 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: Failed password for invalid user opc from 196.251.84.225 port 53956 ssh2
May  7 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: Connection closed by 196.251.84.225 port 53956 [preauth]
May  7 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23069]: pam_unix(cron:session): session closed for user samftp
May  7 13:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22109]: pam_unix(cron:session): session closed for user root
May  7 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Failed password for root from 196.251.84.225 port 55846 ssh2
May  7 13:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23524]: Connection closed by 196.251.84.225 port 55846 [preauth]
May  7 13:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: Invalid user omsagent from 196.251.84.225
May  7 13:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: input_userauth_request: invalid user omsagent [preauth]
May  7 13:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23607]: pam_unix(cron:session): session closed for user p13x
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23677]: Successful su for rubyman by root
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23677]: + ??? root:rubyman
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347071 of user rubyman.
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23677]: pam_unix(su:session): session closed for user rubyman
May  7 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347071.
May  7 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: Failed password for invalid user omsagent from 196.251.84.225 port 34310 ssh2
May  7 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23601]: Connection closed by 196.251.84.225 port 34310 [preauth]
May  7 13:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20478]: pam_unix(cron:session): session closed for user root
May  7 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23612]: pam_unix(cron:session): session closed for user samftp
May  7 13:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Invalid user elastic from 196.251.84.225
May  7 13:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: input_userauth_request: invalid user elastic [preauth]
May  7 13:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Invalid user lol from 190.103.202.7
May  7 13:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: input_userauth_request: invalid user lol [preauth]
May  7 13:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session closed for user root
May  7 13:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Failed password for invalid user elastic from 196.251.84.225 port 58202 ssh2
May  7 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 196.251.84.225 port 58202 [preauth]
May  7 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Failed password for invalid user lol from 190.103.202.7 port 40716 ssh2
May  7 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24059]: Connection closed by 190.103.202.7 port 40716 [preauth]
May  7 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Invalid user hadoop from 196.251.84.225
May  7 13:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: input_userauth_request: invalid user hadoop [preauth]
May  7 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Failed password for invalid user hadoop from 196.251.84.225 port 40614 ssh2
May  7 13:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24135]: Connection closed by 196.251.84.225 port 40614 [preauth]
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24148]: pam_unix(cron:session): session closed for user p13x
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: Successful su for rubyman by root
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: + ??? root:rubyman
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347075 of user rubyman.
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24221]: pam_unix(su:session): session closed for user rubyman
May  7 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347075.
May  7 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20929]: pam_unix(cron:session): session closed for user root
May  7 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user samftp
May  7 13:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89  user=root
May  7 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: Failed password for root from 189.3.191.89 port 58834 ssh2
May  7 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: Received disconnect from 189.3.191.89 port 58834:11: Bye Bye [preauth]
May  7 13:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24463]: Disconnected from 189.3.191.89 port 58834 [preauth]
May  7 13:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: Invalid user dstserver from 196.251.84.225
May  7 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: input_userauth_request: invalid user dstserver [preauth]
May  7 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: Failed password for invalid user dstserver from 196.251.84.225 port 51704 ssh2
May  7 13:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24473]: Connection closed by 196.251.84.225 port 51704 [preauth]
May  7 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session closed for user root
May  7 13:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: Failed password for root from 196.251.84.225 port 37370 ssh2
May  7 13:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24573]: Connection closed by 196.251.84.225 port 37370 [preauth]
May  7 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24599]: pam_unix(cron:session): session closed for user p13x
May  7 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24664]: Successful su for rubyman by root
May  7 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24664]: + ??? root:rubyman
May  7 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347078 of user rubyman.
May  7 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24664]: pam_unix(su:session): session closed for user rubyman
May  7 13:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347078.
May  7 13:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21384]: pam_unix(cron:session): session closed for user root
May  7 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24600]: pam_unix(cron:session): session closed for user samftp
May  7 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Invalid user gitlab-psql from 196.251.84.225
May  7 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: input_userauth_request: invalid user gitlab-psql [preauth]
May  7 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Failed password for invalid user gitlab-psql from 196.251.84.225 port 33882 ssh2
May  7 13:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24896]: Connection closed by 196.251.84.225 port 33882 [preauth]
May  7 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23614]: pam_unix(cron:session): session closed for user root
May  7 13:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Invalid user uftp from 196.251.84.225
May  7 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: input_userauth_request: invalid user uftp [preauth]
May  7 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Failed password for invalid user uftp from 196.251.84.225 port 47428 ssh2
May  7 13:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25008]: Connection closed by 196.251.84.225 port 47428 [preauth]
May  7 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25020]: pam_unix(cron:session): session closed for user p13x
May  7 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: Successful su for rubyman by root
May  7 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: + ??? root:rubyman
May  7 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347082 of user rubyman.
May  7 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: pam_unix(su:session): session closed for user rubyman
May  7 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347082.
May  7 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22108]: pam_unix(cron:session): session closed for user root
May  7 13:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25021]: pam_unix(cron:session): session closed for user samftp
May  7 13:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: Invalid user sol from 196.251.84.225
May  7 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: input_userauth_request: invalid user sol [preauth]
May  7 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: Failed password for invalid user sol from 196.251.84.225 port 58268 ssh2
May  7 13:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25318]: Connection closed by 196.251.84.225 port 58268 [preauth]
May  7 13:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
May  7 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May  7 13:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: Failed password for root from 104.244.77.50 port 33392 ssh2
May  7 13:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25388]: Connection closed by 104.244.77.50 port 33392 [preauth]
May  7 13:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: Invalid user es from 196.251.84.225
May  7 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: input_userauth_request: invalid user es [preauth]
May  7 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: Failed password for invalid user es from 196.251.84.225 port 55886 ssh2
May  7 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25420]: Connection closed by 196.251.84.225 port 55886 [preauth]
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session closed for user root
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session closed for user p13x
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25511]: Successful su for rubyman by root
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25511]: + ??? root:rubyman
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347088 of user rubyman.
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25511]: pam_unix(su:session): session closed for user rubyman
May  7 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347088.
May  7 13:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session closed for user root
May  7 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22589]: pam_unix(cron:session): session closed for user root
May  7 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Invalid user sakurai from 115.78.4.182
May  7 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: input_userauth_request: invalid user sakurai [preauth]
May  7 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session closed for user samftp
May  7 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Failed password for invalid user sakurai from 115.78.4.182 port 44792 ssh2
May  7 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Received disconnect from 115.78.4.182 port 44792:11: Bye Bye [preauth]
May  7 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25628]: Disconnected from 115.78.4.182 port 44792 [preauth]
May  7 13:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Invalid user solr from 196.251.84.225
May  7 13:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: input_userauth_request: invalid user solr [preauth]
May  7 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Failed password for invalid user solr from 196.251.84.225 port 45048 ssh2
May  7 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25819]: Connection closed by 196.251.84.225 port 45048 [preauth]
May  7 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 13:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Failed password for root from 218.92.0.179 port 44692 ssh2
May  7 13:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 44692 ssh2]
May  7 13:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Received disconnect from 218.92.0.179 port 44692:11:  [preauth]
May  7 13:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: Disconnected from 218.92.0.179 port 44692 [preauth]
May  7 13:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session closed for user root
May  7 13:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 13:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Invalid user plex from 196.251.84.225
May  7 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: input_userauth_request: invalid user plex [preauth]
May  7 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 218.92.0.206 port 16172 ssh2
May  7 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Failed password for invalid user plex from 196.251.84.225 port 38950 ssh2
May  7 13:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25954]: Connection closed by 196.251.84.225 port 38950 [preauth]
May  7 13:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 218.92.0.206 port 16172 ssh2
May  7 13:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 218.92.0.206 port 16172 ssh2
May  7 13:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: Invalid user know from 50.235.31.47
May  7 13:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: input_userauth_request: invalid user know [preauth]
May  7 13:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 13:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: Failed password for invalid user know from 50.235.31.47 port 60504 ssh2
May  7 13:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25965]: Connection closed by 50.235.31.47 port 60504 [preauth]
May  7 13:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 218.92.0.206 port 16172 ssh2
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session closed for user p13x
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Failed password for root from 218.92.0.206 port 16172 ssh2
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 16172 ssh2 [preauth]
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: Disconnecting: Too many authentication failures [preauth]
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25951]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: Successful su for rubyman by root
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: + ??? root:rubyman
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347093 of user rubyman.
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: pam_unix(su:session): session closed for user rubyman
May  7 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347093.
May  7 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session closed for user root
May  7 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session closed for user samftp
May  7 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 218.92.0.206 port 8586 ssh2
May  7 13:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: Invalid user admin from 80.94.95.116
May  7 13:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: input_userauth_request: invalid user admin [preauth]
May  7 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 218.92.0.206 port 8586 ssh2
May  7 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: Failed password for invalid user admin from 80.94.95.116 port 48644 ssh2
May  7 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 218.92.0.206 port 8586 ssh2
May  7 13:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26243]: Connection closed by 80.94.95.116 port 48644 [preauth]
May  7 13:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 218.92.0.206 port 8586 ssh2
May  7 13:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Invalid user amp from 196.251.84.225
May  7 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: input_userauth_request: invalid user amp [preauth]
May  7 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 218.92.0.206 port 8586 ssh2
May  7 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Failed password for invalid user amp from 196.251.84.225 port 35496 ssh2
May  7 13:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26274]: Connection closed by 196.251.84.225 port 35496 [preauth]
May  7 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Failed password for root from 218.92.0.206 port 8586 ssh2
May  7 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 8586 ssh2 [preauth]
May  7 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: Disconnecting: Too many authentication failures [preauth]
May  7 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 13:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26190]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 13:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 13:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: Failed password for root from 218.92.0.206 port 61114 ssh2
May  7 13:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: Received disconnect from 218.92.0.206 port 61114:11:  [preauth]
May  7 13:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26297]: Disconnected from 218.92.0.206 port 61114 [preauth]
May  7 13:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25023]: pam_unix(cron:session): session closed for user root
May  7 13:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Invalid user docker from 196.251.84.225
May  7 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: input_userauth_request: invalid user docker [preauth]
May  7 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Failed password for invalid user docker from 196.251.84.225 port 52570 ssh2
May  7 13:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26368]: Connection closed by 196.251.84.225 port 52570 [preauth]
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session closed for user p13x
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: Successful su for rubyman by root
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: + ??? root:rubyman
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347096 of user rubyman.
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26545]: pam_unix(su:session): session closed for user rubyman
May  7 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347096.
May  7 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23613]: pam_unix(cron:session): session closed for user root
May  7 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session closed for user samftp
May  7 13:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Failed password for root from 196.251.84.225 port 57210 ssh2
May  7 13:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Connection closed by 196.251.84.225 port 57210 [preauth]
May  7 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
May  7 13:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: Invalid user caddy from 196.251.84.225
May  7 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: input_userauth_request: invalid user caddy [preauth]
May  7 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: Failed password for invalid user caddy from 196.251.84.225 port 55690 ssh2
May  7 13:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26835]: Connection closed by 196.251.84.225 port 55690 [preauth]
May  7 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Invalid user ubuntu from 64.23.161.151
May  7 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: input_userauth_request: invalid user ubuntu [preauth]
May  7 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Failed password for invalid user ubuntu from 64.23.161.151 port 45560 ssh2
May  7 13:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26859]: Connection closed by 64.23.161.151 port 45560 [preauth]
May  7 13:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Invalid user manuel from 189.3.191.89
May  7 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: input_userauth_request: invalid user manuel [preauth]
May  7 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.3.191.89
May  7 13:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Failed password for invalid user manuel from 189.3.191.89 port 54408 ssh2
May  7 13:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Received disconnect from 189.3.191.89 port 54408:11: Bye Bye [preauth]
May  7 13:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Disconnected from 189.3.191.89 port 54408 [preauth]
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26894]: pam_unix(cron:session): session closed for user p13x
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: Successful su for rubyman by root
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: + ??? root:rubyman
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347100 of user rubyman.
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26989]: pam_unix(su:session): session closed for user rubyman
May  7 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347100.
May  7 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user root
May  7 13:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26895]: pam_unix(cron:session): session closed for user samftp
May  7 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for root from 46.244.96.25 port 36008 ssh2
May  7 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Connection closed by 46.244.96.25 port 36008 [preauth]
May  7 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Invalid user ds from 196.251.84.225
May  7 13:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: input_userauth_request: invalid user ds [preauth]
May  7 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for invalid user ds from 196.251.84.225 port 51164 ssh2
May  7 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Connection closed by 196.251.84.225 port 51164 [preauth]
May  7 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25989]: pam_unix(cron:session): session closed for user root
May  7 13:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Invalid user palworld from 196.251.84.225
May  7 13:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: input_userauth_request: invalid user palworld [preauth]
May  7 13:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Failed password for invalid user palworld from 196.251.84.225 port 44252 ssh2
May  7 13:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27327]: Connection closed by 196.251.84.225 port 44252 [preauth]
May  7 13:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27410]: pam_unix(cron:session): session closed for user p13x
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: Successful su for rubyman by root
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: + ??? root:rubyman
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347104 of user rubyman.
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27502]: pam_unix(su:session): session closed for user rubyman
May  7 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347104.
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Invalid user mapr from 196.251.84.225
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: input_userauth_request: invalid user mapr [preauth]
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24601]: pam_unix(cron:session): session closed for user root
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Invalid user ! from 195.178.110.50
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: input_userauth_request: invalid user ! [preauth]
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27413]: pam_unix(cron:session): session closed for user samftp
May  7 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Failed password for invalid user ! from 195.178.110.50 port 47430 ssh2
May  7 13:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Failed password for invalid user mapr from 196.251.84.225 port 46192 ssh2
May  7 13:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27637]: Connection closed by 196.251.84.225 port 46192 [preauth]
May  7 13:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27358]: Connection closed by 195.178.110.50 port 47430 [preauth]
May  7 13:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Invalid user . from 195.178.110.50
May  7 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: input_userauth_request: invalid user . [preauth]
May  7 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Failed password for invalid user . from 195.178.110.50 port 61370 ssh2
May  7 13:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Invalid user solr from 196.251.84.225
May  7 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: input_userauth_request: invalid user solr [preauth]
May  7 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session closed for user root
May  7 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27702]: Connection closed by 195.178.110.50 port 61370 [preauth]
May  7 13:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Failed password for invalid user solr from 196.251.84.225 port 59484 ssh2
May  7 13:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27765]: Connection closed by 196.251.84.225 port 59484 [preauth]
May  7 13:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: Invalid user ; from 195.178.110.50
May  7 13:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: input_userauth_request: invalid user ; [preauth]
May  7 13:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: Failed password for invalid user ; from 195.178.110.50 port 45810 ssh2
May  7 13:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27798]: Connection closed by 195.178.110.50 port 45810 [preauth]
May  7 13:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Invalid user nginx from 196.251.84.225
May  7 13:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: input_userauth_request: invalid user nginx [preauth]
May  7 13:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27874]: pam_unix(cron:session): session closed for user root
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27867]: pam_unix(cron:session): session closed for user p13x
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27937]: Successful su for rubyman by root
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27937]: + ??? root:rubyman
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347110 of user rubyman.
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27937]: pam_unix(su:session): session closed for user rubyman
May  7 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347110.
May  7 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Failed password for invalid user nginx from 196.251.84.225 port 36242 ssh2
May  7 13:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27848]: Connection closed by 196.251.84.225 port 36242 [preauth]
May  7 13:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27870]: pam_unix(cron:session): session closed for user root
May  7 13:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25022]: pam_unix(cron:session): session closed for user root
May  7 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27869]: pam_unix(cron:session): session closed for user samftp
May  7 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: Invalid user H from 195.178.110.50
May  7 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: input_userauth_request: invalid user H [preauth]
May  7 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: Failed password for invalid user H from 195.178.110.50 port 36582 ssh2
May  7 13:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27847]: Connection closed by 195.178.110.50 port 36582 [preauth]
May  7 13:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Failed password for root from 196.251.84.225 port 47518 ssh2
May  7 13:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Connection closed by 196.251.84.225 port 47518 [preauth]
May  7 13:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Invalid user U from 195.178.110.50
May  7 13:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: input_userauth_request: invalid user U [preauth]
May  7 13:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 13:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Failed password for invalid user U from 195.178.110.50 port 22888 ssh2
May  7 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26897]: pam_unix(cron:session): session closed for user root
May  7 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28172]: Connection closed by 195.178.110.50 port 22888 [preauth]
May  7 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Invalid user wordpress from 115.78.4.182
May  7 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: input_userauth_request: invalid user wordpress [preauth]
May  7 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Failed password for invalid user wordpress from 115.78.4.182 port 52834 ssh2
May  7 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Received disconnect from 115.78.4.182 port 52834:11: Bye Bye [preauth]
May  7 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28238]: Disconnected from 115.78.4.182 port 52834 [preauth]
May  7 13:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Invalid user esuser from 196.251.84.225
May  7 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: input_userauth_request: invalid user esuser [preauth]
May  7 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Failed password for invalid user esuser from 196.251.84.225 port 42586 ssh2
May  7 13:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Connection closed by 196.251.84.225 port 42586 [preauth]
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28306]: pam_unix(cron:session): session closed for user p13x
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28382]: Successful su for rubyman by root
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28382]: + ??? root:rubyman
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347115 of user rubyman.
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28382]: pam_unix(su:session): session closed for user rubyman
May  7 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347115.
May  7 13:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user root
May  7 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28307]: pam_unix(cron:session): session closed for user samftp
May  7 13:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: Invalid user puppet from 196.251.84.225
May  7 13:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: input_userauth_request: invalid user puppet [preauth]
May  7 13:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: Failed password for invalid user puppet from 196.251.84.225 port 49284 ssh2
May  7 13:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28629]: Connection closed by 196.251.84.225 port 49284 [preauth]
May  7 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27416]: pam_unix(cron:session): session closed for user root
May  7 13:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Invalid user dev from 196.251.84.225
May  7 13:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: input_userauth_request: invalid user dev [preauth]
May  7 13:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Failed password for invalid user dev from 196.251.84.225 port 58140 ssh2
May  7 13:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28710]: Connection closed by 196.251.84.225 port 58140 [preauth]
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28722]: pam_unix(cron:session): session closed for user p13x
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: Successful su for rubyman by root
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: + ??? root:rubyman
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347120 of user rubyman.
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28786]: pam_unix(su:session): session closed for user rubyman
May  7 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347120.
May  7 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session closed for user root
May  7 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28723]: pam_unix(cron:session): session closed for user samftp
May  7 13:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 13:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: Failed password for root from 80.94.95.125 port 49156 ssh2
May  7 13:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 49156 ssh2]
May  7 13:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Invalid user hadoop from 196.251.84.225
May  7 13:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: input_userauth_request: invalid user hadoop [preauth]
May  7 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: Failed password for root from 80.94.95.125 port 49156 ssh2
May  7 13:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: Received disconnect from 80.94.95.125 port 49156:11: Bye [preauth]
May  7 13:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: Disconnected from 80.94.95.125 port 49156 [preauth]
May  7 13:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 13:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28984]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Failed password for invalid user hadoop from 196.251.84.225 port 59648 ssh2
May  7 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29071]: Connection closed by 196.251.84.225 port 59648 [preauth]
May  7 13:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27872]: pam_unix(cron:session): session closed for user root
May  7 13:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: Invalid user oscar from 196.251.84.225
May  7 13:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: input_userauth_request: invalid user oscar [preauth]
May  7 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: Failed password for invalid user oscar from 196.251.84.225 port 39532 ssh2
May  7 13:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29205]: Connection closed by 196.251.84.225 port 39532 [preauth]
May  7 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29233]: pam_unix(cron:session): session closed for user p13x
May  7 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: Successful su for rubyman by root
May  7 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: + ??? root:rubyman
May  7 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347123 of user rubyman.
May  7 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29302]: pam_unix(su:session): session closed for user rubyman
May  7 13:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347123.
May  7 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session closed for user root
May  7 13:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session closed for user samftp
May  7 13:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 13:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Failed password for root from 196.251.84.225 port 49242 ssh2
May  7 13:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Connection closed by 196.251.84.225 port 49242 [preauth]
May  7 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28309]: pam_unix(cron:session): session closed for user root
May  7 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Invalid user ranger from 196.251.84.225
May  7 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: input_userauth_request: invalid user ranger [preauth]
May  7 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Failed password for invalid user ranger from 196.251.84.225 port 53084 ssh2
May  7 13:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29624]: Connection closed by 196.251.84.225 port 53084 [preauth]
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29653]: pam_unix(cron:session): session closed for user p13x
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: Successful su for rubyman by root
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: + ??? root:rubyman
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347126 of user rubyman.
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29716]: pam_unix(su:session): session closed for user rubyman
May  7 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347126.
May  7 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26896]: pam_unix(cron:session): session closed for user root
May  7 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session closed for user samftp
May  7 13:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Invalid user uftp from 196.251.84.225
May  7 13:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: input_userauth_request: invalid user uftp [preauth]
May  7 13:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Failed password for invalid user uftp from 196.251.84.225 port 55196 ssh2
May  7 13:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29927]: Connection closed by 196.251.84.225 port 55196 [preauth]
May  7 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28725]: pam_unix(cron:session): session closed for user root
May  7 13:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 13:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Failed password for root from 190.103.202.7 port 45588 ssh2
May  7 13:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Connection closed by 190.103.202.7 port 45588 [preauth]
May  7 13:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 13:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Invalid user vagrant from 196.251.84.225
May  7 13:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: input_userauth_request: invalid user vagrant [preauth]
May  7 13:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): check pass; user unknown
May  7 13:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 13:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Failed password for invalid user vagrant from 196.251.84.225 port 35482 ssh2
May  7 13:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30027]: Connection closed by 196.251.84.225 port 35482 [preauth]
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30062]: pam_unix(cron:session): session closed for user root
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30066]: pam_unix(cron:session): session closed for user root
May  7 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session closed for user p13x
May  7 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: Successful su for rubyman by root
May  7 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: + ??? root:rubyman
May  7 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347131 of user rubyman.
May  7 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30157]: pam_unix(su:session): session closed for user rubyman
May  7 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347131.
May  7 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27415]: pam_unix(cron:session): session closed for user root
May  7 14:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30063]: pam_unix(cron:session): session closed for user root
May  7 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30061]: pam_unix(cron:session): session closed for user samftp
May  7 14:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Invalid user ark from 196.251.84.225
May  7 14:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: input_userauth_request: invalid user ark [preauth]
May  7 14:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Failed password for invalid user ark from 196.251.84.225 port 40992 ssh2
May  7 14:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30386]: Connection closed by 196.251.84.225 port 40992 [preauth]
May  7 14:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Failed password for root from 218.92.0.229 port 11384 ssh2
May  7 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 11384 ssh2]
May  7 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Received disconnect from 218.92.0.229 port 11384:11:  [preauth]
May  7 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: Disconnected from 218.92.0.229 port 11384 [preauth]
May  7 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30412]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session closed for user root
May  7 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Invalid user adib from 64.23.161.151
May  7 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: input_userauth_request: invalid user adib [preauth]
May  7 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Failed password for invalid user adib from 64.23.161.151 port 39528 ssh2
May  7 14:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30493]: Connection closed by 64.23.161.151 port 39528 [preauth]
May  7 14:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Failed password for root from 196.251.84.225 port 55188 ssh2
May  7 14:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30524]: Connection closed by 196.251.84.225 port 55188 [preauth]
May  7 14:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 14:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30557]: Failed password for root from 218.92.0.112 port 39752 ssh2
May  7 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Failed password for root from 115.78.4.182 port 60858 ssh2
May  7 14:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Received disconnect from 115.78.4.182 port 60858:11: Bye Bye [preauth]
May  7 14:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Disconnected from 115.78.4.182 port 60858 [preauth]
May  7 14:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Failed password for root from 218.92.0.229 port 23306 ssh2
May  7 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30572]: pam_unix(cron:session): session closed for user p13x
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: Successful su for rubyman by root
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: + ??? root:rubyman
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347137 of user rubyman.
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: pam_unix(su:session): session closed for user rubyman
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347137.
May  7 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Failed password for root from 218.92.0.229 port 23306 ssh2
May  7 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Failed password for root from 218.92.0.229 port 23306 ssh2
May  7 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Received disconnect from 218.92.0.229 port 23306:11:  [preauth]
May  7 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: Disconnected from 218.92.0.229 port 23306 [preauth]
May  7 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30569]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27871]: pam_unix(cron:session): session closed for user root
May  7 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30573]: pam_unix(cron:session): session closed for user samftp
May  7 14:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Failed password for root from 218.92.0.229 port 23322 ssh2
May  7 14:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Failed password for root from 218.92.0.229 port 23322 ssh2
May  7 14:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Invalid user caddy from 196.251.84.225
May  7 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: input_userauth_request: invalid user caddy [preauth]
May  7 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Failed password for root from 218.92.0.229 port 23322 ssh2
May  7 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Received disconnect from 218.92.0.229 port 23322:11:  [preauth]
May  7 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: Disconnected from 218.92.0.229 port 23322 [preauth]
May  7 14:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30783]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Failed password for invalid user caddy from 196.251.84.225 port 50564 ssh2
May  7 14:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30833]: Connection closed by 196.251.84.225 port 50564 [preauth]
May  7 14:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session closed for user root
May  7 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Invalid user useradmin from 123.59.50.202
May  7 14:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: input_userauth_request: invalid user useradmin [preauth]
May  7 14:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: Invalid user ds from 196.251.84.225
May  7 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: input_userauth_request: invalid user ds [preauth]
May  7 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Failed password for invalid user useradmin from 123.59.50.202 port 29004 ssh2
May  7 14:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Received disconnect from 123.59.50.202 port 29004:11: Bye Bye [preauth]
May  7 14:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30999]: Disconnected from 123.59.50.202 port 29004 [preauth]
May  7 14:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: Failed password for invalid user ds from 196.251.84.225 port 48828 ssh2
May  7 14:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30992]: Connection closed by 196.251.84.225 port 48828 [preauth]
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user p13x
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31150]: Successful su for rubyman by root
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31150]: + ??? root:rubyman
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347141 of user rubyman.
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31150]: pam_unix(su:session): session closed for user rubyman
May  7 14:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347141.
May  7 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28308]: pam_unix(cron:session): session closed for user root
May  7 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user samftp
May  7 14:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: Invalid user palworld from 196.251.84.225
May  7 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: input_userauth_request: invalid user palworld [preauth]
May  7 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: Failed password for invalid user palworld from 196.251.84.225 port 57842 ssh2
May  7 14:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31351]: Connection closed by 196.251.84.225 port 57842 [preauth]
May  7 14:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30437]: Connection reset by 218.92.0.229 port 31312 [preauth]
May  7 14:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Connection reset by 218.92.0.229 port 16250 [preauth]
May  7 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30065]: pam_unix(cron:session): session closed for user root
May  7 14:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: Invalid user factorio from 196.251.84.225
May  7 14:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: input_userauth_request: invalid user factorio [preauth]
May  7 14:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: Failed password for invalid user factorio from 196.251.84.225 port 54586 ssh2
May  7 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31441]: Connection closed by 196.251.84.225 port 54586 [preauth]
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31497]: pam_unix(cron:session): session closed for user p13x
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: Successful su for rubyman by root
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: + ??? root:rubyman
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347145 of user rubyman.
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31559]: pam_unix(su:session): session closed for user rubyman
May  7 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347145.
May  7 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28724]: pam_unix(cron:session): session closed for user root
May  7 14:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31498]: pam_unix(cron:session): session closed for user samftp
May  7 14:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: Invalid user ethnode from 196.251.84.225
May  7 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: input_userauth_request: invalid user ethnode [preauth]
May  7 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: Failed password for invalid user ethnode from 196.251.84.225 port 53348 ssh2
May  7 14:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31780]: Connection closed by 196.251.84.225 port 53348 [preauth]
May  7 14:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30575]: pam_unix(cron:session): session closed for user root
May  7 14:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Invalid user gitlab from 196.251.84.225
May  7 14:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: input_userauth_request: invalid user gitlab [preauth]
May  7 14:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Failed password for invalid user gitlab from 196.251.84.225 port 50234 ssh2
May  7 14:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31890]: Connection closed by 196.251.84.225 port 50234 [preauth]
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31965]: pam_unix(cron:session): session closed for user p13x
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: Successful su for rubyman by root
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: + ??? root:rubyman
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347149 of user rubyman.
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32223]: pam_unix(su:session): session closed for user rubyman
May  7 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347149.
May  7 14:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session closed for user root
May  7 14:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31966]: pam_unix(cron:session): session closed for user samftp
May  7 14:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Invalid user dq from 123.59.50.202
May  7 14:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: input_userauth_request: invalid user dq [preauth]
May  7 14:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Invalid user sol from 196.251.84.225
May  7 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: input_userauth_request: invalid user sol [preauth]
May  7 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Failed password for invalid user dq from 123.59.50.202 port 36949 ssh2
May  7 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Received disconnect from 123.59.50.202 port 36949:11: Bye Bye [preauth]
May  7 14:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32490]: Disconnected from 123.59.50.202 port 36949 [preauth]
May  7 14:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for invalid user sol from 196.251.84.225 port 36758 ssh2
May  7 14:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 196.251.84.225 port 36758 [preauth]
May  7 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session closed for user root
May  7 14:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 14:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: input_userauth_request: invalid user ftp [preauth]
May  7 14:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  7 14:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Failed password for invalid user ftp from 196.251.84.225 port 55918 ssh2
May  7 14:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Connection closed by 196.251.84.225 port 55918 [preauth]
May  7 14:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 14:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Failed password for root from 80.94.95.115 port 52296 ssh2
May  7 14:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Connection closed by 80.94.95.115 port 52296 [preauth]
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32760]: pam_unix(cron:session): session closed for user root
May  7 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32755]: pam_unix(cron:session): session closed for user p13x
May  7 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[382]: Successful su for rubyman by root
May  7 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[382]: + ??? root:rubyman
May  7 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347158 of user rubyman.
May  7 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[382]: pam_unix(su:session): session closed for user rubyman
May  7 14:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347158.
May  7 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user root
May  7 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session closed for user root
May  7 14:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session closed for user samftp
May  7 14:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Invalid user terraria from 196.251.84.225
May  7 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: input_userauth_request: invalid user terraria [preauth]
May  7 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Failed password for invalid user terraria from 196.251.84.225 port 43056 ssh2
May  7 14:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[655]: Connection closed by 196.251.84.225 port 43056 [preauth]
May  7 14:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31500]: pam_unix(cron:session): session closed for user root
May  7 14:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 196.251.84.225 port 49498 ssh2
May  7 14:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Connection closed by 196.251.84.225 port 49498 [preauth]
May  7 14:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: Failed password for root from 218.92.0.205 port 64478 ssh2
May  7 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: message repeated 4 times: [ Failed password for root from 218.92.0.205 port 64478 ssh2]
May  7 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 64478 ssh2 [preauth]
May  7 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: Disconnecting: Too many authentication failures [preauth]
May  7 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[790]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session closed for user p13x
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: Successful su for rubyman by root
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: + ??? root:rubyman
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347160 of user rubyman.
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[913]: pam_unix(su:session): session closed for user rubyman
May  7 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347160.
May  7 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Failed password for root from 218.92.0.205 port 21172 ssh2
May  7 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session closed for user samftp
May  7 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30064]: pam_unix(cron:session): session closed for user root
May  7 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Failed password for root from 218.92.0.205 port 21172 ssh2
May  7 14:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Invalid user ec2-user from 196.251.84.225
May  7 14:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: input_userauth_request: invalid user ec2-user [preauth]
May  7 14:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Failed password for invalid user ec2-user from 196.251.84.225 port 37150 ssh2
May  7 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1145]: Connection closed by 196.251.84.225 port 37150 [preauth]
May  7 14:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Failed password for root from 218.92.0.205 port 21172 ssh2
May  7 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 21172 ssh2]
May  7 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 21172 ssh2 [preauth]
May  7 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: Disconnecting: Too many authentication failures [preauth]
May  7 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[837]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 14:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Failed password for root from 218.92.0.205 port 5308 ssh2
May  7 14:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Received disconnect from 218.92.0.205 port 5308:11:  [preauth]
May  7 14:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Disconnected from 218.92.0.205 port 5308 [preauth]
May  7 14:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31968]: pam_unix(cron:session): session closed for user root
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Invalid user pal from 123.59.50.202
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: input_userauth_request: invalid user pal [preauth]
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Invalid user odoo from 115.78.4.182
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: input_userauth_request: invalid user odoo [preauth]
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Failed password for invalid user pal from 123.59.50.202 port 44860 ssh2
May  7 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Received disconnect from 123.59.50.202 port 44860:11: Bye Bye [preauth]
May  7 14:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Disconnected from 123.59.50.202 port 44860 [preauth]
May  7 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Failed password for invalid user odoo from 115.78.4.182 port 40682 ssh2
May  7 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Received disconnect from 115.78.4.182 port 40682:11: Bye Bye [preauth]
May  7 14:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1247]: Disconnected from 115.78.4.182 port 40682 [preauth]
May  7 14:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: Invalid user ubuntu from 196.251.84.225
May  7 14:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: Failed password for invalid user ubuntu from 196.251.84.225 port 46250 ssh2
May  7 14:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1282]: Connection closed by 196.251.84.225 port 46250 [preauth]
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1341]: pam_unix(cron:session): session closed for user p13x
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: Successful su for rubyman by root
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: + ??? root:rubyman
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347163 of user rubyman.
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1408]: pam_unix(su:session): session closed for user rubyman
May  7 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347163.
May  7 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30574]: pam_unix(cron:session): session closed for user root
May  7 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1342]: pam_unix(cron:session): session closed for user samftp
May  7 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: input_userauth_request: invalid user www-data [preauth]
May  7 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 14:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: Failed password for invalid user www-data from 196.251.84.225 port 47142 ssh2
May  7 14:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: Connection closed by 196.251.84.225 port 47142 [preauth]
May  7 14:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session closed for user root
May  7 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: Invalid user ts from 196.251.84.225
May  7 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: input_userauth_request: invalid user ts [preauth]
May  7 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: Failed password for invalid user ts from 196.251.84.225 port 38778 ssh2
May  7 14:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1748]: Connection closed by 196.251.84.225 port 38778 [preauth]
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session closed for user p13x
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: Successful su for rubyman by root
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: + ??? root:rubyman
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347168 of user rubyman.
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: pam_unix(su:session): session closed for user rubyman
May  7 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347168.
May  7 14:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: Failed password for root from 196.251.84.225 port 42294 ssh2
May  7 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user root
May  7 14:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1888]: Connection closed by 196.251.84.225 port 42294 [preauth]
May  7 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session closed for user samftp
May  7 14:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 14:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Failed password for root from 218.92.0.228 port 22312 ssh2
May  7 14:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Failed password for root from 218.92.0.228 port 22312 ssh2
May  7 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Invalid user andrew from 64.23.161.151
May  7 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: input_userauth_request: invalid user andrew [preauth]
May  7 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Failed password for invalid user andrew from 64.23.161.151 port 37332 ssh2
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2227]: Connection closed by 64.23.161.151 port 37332 [preauth]
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Failed password for root from 218.92.0.228 port 22312 ssh2
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Received disconnect from 218.92.0.228 port 22312:11:  [preauth]
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: Disconnected from 218.92.0.228 port 22312 [preauth]
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2199]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 14:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 14:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for root from 218.92.0.228 port 49032 ssh2
May  7 14:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for root from 218.92.0.228 port 49032 ssh2
May  7 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session closed for user root
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Failed password for root from 196.251.84.225 port 52482 ssh2
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for root from 218.92.0.228 port 49032 ssh2
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Received disconnect from 218.92.0.228 port 49032:11:  [preauth]
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Disconnected from 218.92.0.228 port 49032 [preauth]
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2240]: Connection closed by 196.251.84.225 port 52482 [preauth]
May  7 14:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 14:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Failed password for root from 218.92.0.228 port 27384 ssh2
May  7 14:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Failed password for root from 218.92.0.228 port 27384 ssh2
May  7 14:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Invalid user yaya from 123.59.50.202
May  7 14:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: input_userauth_request: invalid user yaya [preauth]
May  7 14:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Failed password for root from 218.92.0.228 port 27384 ssh2
May  7 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Received disconnect from 218.92.0.228 port 27384:11:  [preauth]
May  7 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: Disconnected from 218.92.0.228 port 27384 [preauth]
May  7 14:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2303]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 14:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Failed password for invalid user yaya from 123.59.50.202 port 52803 ssh2
May  7 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Received disconnect from 123.59.50.202 port 52803:11: Bye Bye [preauth]
May  7 14:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2314]: Disconnected from 123.59.50.202 port 52803 [preauth]
May  7 14:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Invalid user jupyter from 196.251.84.225
May  7 14:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: input_userauth_request: invalid user jupyter [preauth]
May  7 14:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2338]: pam_unix(cron:session): session closed for user p13x
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Failed password for invalid user jupyter from 196.251.84.225 port 47304 ssh2
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2483]: Successful su for rubyman by root
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2483]: + ??? root:rubyman
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2483]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347172 of user rubyman.
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2483]: pam_unix(su:session): session closed for user rubyman
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347172.
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2325]: Connection closed by 196.251.84.225 port 47304 [preauth]
May  7 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2336]: pam_unix(cron:session): session closed for user root
May  7 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31499]: pam_unix(cron:session): session closed for user root
May  7 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2339]: pam_unix(cron:session): session closed for user samftp
May  7 14:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Invalid user oracle from 196.251.84.225
May  7 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: input_userauth_request: invalid user oracle [preauth]
May  7 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Failed password for invalid user oracle from 196.251.84.225 port 50778 ssh2
May  7 14:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Connection closed by 196.251.84.225 port 50778 [preauth]
May  7 14:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1344]: pam_unix(cron:session): session closed for user root
May  7 14:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Failed password for root from 196.251.84.225 port 40348 ssh2
May  7 14:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Connection closed by 196.251.84.225 port 40348 [preauth]
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2892]: pam_unix(cron:session): session closed for user root
May  7 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2887]: pam_unix(cron:session): session closed for user p13x
May  7 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: Successful su for rubyman by root
May  7 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: + ??? root:rubyman
May  7 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347180 of user rubyman.
May  7 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2959]: pam_unix(su:session): session closed for user rubyman
May  7 14:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347180.
May  7 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2889]: pam_unix(cron:session): session closed for user root
May  7 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31967]: pam_unix(cron:session): session closed for user root
May  7 14:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2888]: pam_unix(cron:session): session closed for user samftp
May  7 14:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Failed password for root from 196.251.84.225 port 34334 ssh2
May  7 14:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3216]: Connection closed by 196.251.84.225 port 34334 [preauth]
May  7 14:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2272]: Connection reset by 218.92.0.228 port 59954 [preauth]
May  7 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session closed for user root
May  7 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Invalid user sftp from 196.251.84.225
May  7 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: input_userauth_request: invalid user sftp [preauth]
May  7 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Failed password for invalid user sftp from 196.251.84.225 port 32930 ssh2
May  7 14:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Connection closed by 196.251.84.225 port 32930 [preauth]
May  7 14:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 14:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Failed password for root from 218.92.0.220 port 27598 ssh2
May  7 14:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Failed password for root from 218.92.0.220 port 27598 ssh2
May  7 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session closed for user p13x
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: Successful su for rubyman by root
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: + ??? root:rubyman
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347182 of user rubyman.
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3407]: pam_unix(su:session): session closed for user rubyman
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347182.
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Failed password for root from 218.92.0.220 port 27598 ssh2
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Received disconnect from 218.92.0.220 port 27598:11:  [preauth]
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Disconnected from 218.92.0.220 port 27598 [preauth]
May  7 14:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session closed for user root
May  7 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session closed for user samftp
May  7 14:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 14:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 218.92.0.226 port 58274 ssh2
May  7 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Invalid user wireguard from 123.59.50.202
May  7 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: input_userauth_request: invalid user wireguard [preauth]
May  7 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 218.92.0.226 port 58274 ssh2
May  7 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Failed password for invalid user wireguard from 123.59.50.202 port 60735 ssh2
May  7 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Received disconnect from 123.59.50.202 port 60735:11: Bye Bye [preauth]
May  7 14:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3646]: Disconnected from 123.59.50.202 port 60735 [preauth]
May  7 14:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for root from 218.92.0.226 port 58274 ssh2
May  7 14:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Received disconnect from 218.92.0.226 port 58274:11:  [preauth]
May  7 14:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Disconnected from 218.92.0.226 port 58274 [preauth]
May  7 14:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Invalid user redis from 196.251.84.225
May  7 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: input_userauth_request: invalid user redis [preauth]
May  7 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Failed password for invalid user redis from 196.251.84.225 port 51606 ssh2
May  7 14:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3670]: Connection closed by 196.251.84.225 port 51606 [preauth]
May  7 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2341]: pam_unix(cron:session): session closed for user root
May  7 14:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Invalid user admin from 196.251.84.225
May  7 14:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: input_userauth_request: invalid user admin [preauth]
May  7 14:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Failed password for invalid user admin from 196.251.84.225 port 40128 ssh2
May  7 14:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Connection closed by 196.251.84.225 port 40128 [preauth]
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3787]: pam_unix(cron:session): session closed for user p13x
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3846]: Successful su for rubyman by root
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3846]: + ??? root:rubyman
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347188 of user rubyman.
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3846]: pam_unix(su:session): session closed for user rubyman
May  7 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347188.
May  7 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session closed for user root
May  7 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3788]: pam_unix(cron:session): session closed for user samftp
May  7 14:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 14:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Failed password for root from 115.78.4.182 port 48732 ssh2
May  7 14:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Received disconnect from 115.78.4.182 port 48732:11: Bye Bye [preauth]
May  7 14:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4075]: Disconnected from 115.78.4.182 port 48732 [preauth]
May  7 14:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Failed password for root from 196.251.84.225 port 54292 ssh2
May  7 14:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4100]: Connection closed by 196.251.84.225 port 54292 [preauth]
May  7 14:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2891]: pam_unix(cron:session): session closed for user root
May  7 14:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Invalid user solana from 196.251.84.225
May  7 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: input_userauth_request: invalid user solana [preauth]
May  7 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Failed password for invalid user solana from 196.251.84.225 port 37644 ssh2
May  7 14:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Connection closed by 196.251.84.225 port 37644 [preauth]
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4228]: pam_unix(cron:session): session closed for user p13x
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: Successful su for rubyman by root
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: + ??? root:rubyman
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347190 of user rubyman.
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: pam_unix(su:session): session closed for user rubyman
May  7 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347190.
May  7 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1343]: pam_unix(cron:session): session closed for user root
May  7 14:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4229]: pam_unix(cron:session): session closed for user samftp
May  7 14:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Failed password for root from 196.251.84.225 port 57142 ssh2
May  7 14:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4651]: Connection closed by 196.251.84.225 port 57142 [preauth]
May  7 14:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Invalid user invoices from 123.59.50.202
May  7 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: input_userauth_request: invalid user invoices [preauth]
May  7 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Failed password for invalid user invoices from 123.59.50.202 port 4146 ssh2
May  7 14:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Received disconnect from 123.59.50.202 port 4146:11: Bye Bye [preauth]
May  7 14:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: Disconnected from 123.59.50.202 port 4146 [preauth]
May  7 14:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user root
May  7 14:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: Invalid user test from 196.251.84.225
May  7 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: input_userauth_request: invalid user test [preauth]
May  7 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: Failed password for invalid user test from 196.251.84.225 port 41470 ssh2
May  7 14:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4747]: Connection closed by 196.251.84.225 port 41470 [preauth]
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session closed for user p13x
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4871]: Successful su for rubyman by root
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4871]: + ??? root:rubyman
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347194 of user rubyman.
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4871]: pam_unix(su:session): session closed for user rubyman
May  7 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347194.
May  7 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session closed for user root
May  7 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session closed for user samftp
May  7 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: Invalid user postgres from 196.251.84.225
May  7 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: input_userauth_request: invalid user postgres [preauth]
May  7 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: Failed password for invalid user postgres from 196.251.84.225 port 41526 ssh2
May  7 14:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5265]: Connection closed by 196.251.84.225 port 41526 [preauth]
May  7 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3790]: pam_unix(cron:session): session closed for user root
May  7 14:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Failed password for root from 196.251.84.225 port 41006 ssh2
May  7 14:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Connection closed by 196.251.84.225 port 41006 [preauth]
May  7 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Invalid user admin from 80.94.95.115
May  7 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: input_userauth_request: invalid user admin [preauth]
May  7 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 14:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Failed password for invalid user admin from 80.94.95.115 port 62276 ssh2
May  7 14:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Connection closed by 80.94.95.115 port 62276 [preauth]
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5418]: pam_unix(cron:session): session closed for user root
May  7 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user p13x
May  7 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5494]: Successful su for rubyman by root
May  7 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5494]: + ??? root:rubyman
May  7 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347199 of user rubyman.
May  7 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5494]: pam_unix(su:session): session closed for user rubyman
May  7 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347199.
May  7 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5415]: pam_unix(cron:session): session closed for user root
May  7 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2340]: pam_unix(cron:session): session closed for user root
May  7 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5414]: pam_unix(cron:session): session closed for user samftp
May  7 14:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Invalid user developer from 196.251.84.225
May  7 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: input_userauth_request: invalid user developer [preauth]
May  7 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Failed password for invalid user developer from 196.251.84.225 port 59286 ssh2
May  7 14:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Connection closed by 196.251.84.225 port 59286 [preauth]
May  7 14:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Invalid user admin from 80.94.95.112
May  7 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: input_userauth_request: invalid user admin [preauth]
May  7 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 14:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Failed password for invalid user admin from 80.94.95.112 port 12807 ssh2
May  7 14:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Failed password for invalid user admin from 80.94.95.112 port 12807 ssh2
May  7 14:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Failed password for invalid user admin from 80.94.95.112 port 12807 ssh2
May  7 14:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user root
May  7 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Failed password for invalid user admin from 80.94.95.112 port 12807 ssh2
May  7 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Failed password for invalid user admin from 80.94.95.112 port 12807 ssh2
May  7 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Received disconnect from 80.94.95.112 port 12807:11: Bye [preauth]
May  7 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: Disconnected from 80.94.95.112 port 12807 [preauth]
May  7 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 14:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5797]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Invalid user steam from 196.251.84.225
May  7 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: input_userauth_request: invalid user steam [preauth]
May  7 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Failed password for invalid user steam from 196.251.84.225 port 50610 ssh2
May  7 14:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5947]: Connection closed by 196.251.84.225 port 50610 [preauth]
May  7 14:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Invalid user hh from 123.59.50.202
May  7 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: input_userauth_request: invalid user hh [preauth]
May  7 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for invalid user hh from 123.59.50.202 port 12067 ssh2
May  7 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Received disconnect from 123.59.50.202 port 12067:11: Bye Bye [preauth]
May  7 14:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Disconnected from 123.59.50.202 port 12067 [preauth]
May  7 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6019]: pam_unix(cron:session): session closed for user p13x
May  7 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: Successful su for rubyman by root
May  7 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: + ??? root:rubyman
May  7 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347205 of user rubyman.
May  7 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6090]: pam_unix(su:session): session closed for user rubyman
May  7 14:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347205.
May  7 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Invalid user app from 196.251.84.225
May  7 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: input_userauth_request: invalid user app [preauth]
May  7 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2890]: pam_unix(cron:session): session closed for user root
May  7 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session closed for user samftp
May  7 14:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Failed password for invalid user app from 196.251.84.225 port 33680 ssh2
May  7 14:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Connection closed by 196.251.84.225 port 33680 [preauth]
May  7 14:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Invalid user erfan from 64.23.161.151
May  7 14:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: input_userauth_request: invalid user erfan [preauth]
May  7 14:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Failed password for invalid user erfan from 64.23.161.151 port 43308 ssh2
May  7 14:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Connection closed by 64.23.161.151 port 43308 [preauth]
May  7 14:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4801]: pam_unix(cron:session): session closed for user root
May  7 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Failed password for root from 196.251.84.225 port 33802 ssh2
May  7 14:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Connection closed by 196.251.84.225 port 33802 [preauth]
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session closed for user root
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user p13x
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6506]: Successful su for rubyman by root
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6506]: + ??? root:rubyman
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347209 of user rubyman.
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6506]: pam_unix(su:session): session closed for user rubyman
May  7 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347209.
May  7 14:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Invalid user sysadmin from 196.251.84.225
May  7 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: input_userauth_request: invalid user sysadmin [preauth]
May  7 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user root
May  7 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Failed password for invalid user sysadmin from 196.251.84.225 port 43702 ssh2
May  7 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6538]: Connection closed by 196.251.84.225 port 43702 [preauth]
May  7 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session closed for user samftp
May  7 14:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Failed password for root from 196.251.84.225 port 44448 ssh2
May  7 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6761]: Connection closed by 196.251.84.225 port 44448 [preauth]
May  7 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5417]: pam_unix(cron:session): session closed for user root
May  7 14:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Invalid user zone from 115.78.4.182
May  7 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: input_userauth_request: invalid user zone [preauth]
May  7 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 14:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Failed password for invalid user zone from 115.78.4.182 port 56782 ssh2
May  7 14:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Received disconnect from 115.78.4.182 port 56782:11: Bye Bye [preauth]
May  7 14:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6824]: Disconnected from 115.78.4.182 port 56782 [preauth]
May  7 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Invalid user team1 from 123.59.50.202
May  7 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: input_userauth_request: invalid user team1 [preauth]
May  7 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Invalid user elastic from 196.251.84.225
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: input_userauth_request: invalid user elastic [preauth]
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Failed password for invalid user team1 from 123.59.50.202 port 19993 ssh2
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Received disconnect from 123.59.50.202 port 19993:11: Bye Bye [preauth]
May  7 14:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6843]: Disconnected from 123.59.50.202 port 19993 [preauth]
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6859]: pam_unix(cron:session): session closed for user p13x
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7009]: Successful su for rubyman by root
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7009]: + ??? root:rubyman
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347213 of user rubyman.
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7009]: pam_unix(su:session): session closed for user rubyman
May  7 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347213.
May  7 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for invalid user elastic from 196.251.84.225 port 53894 ssh2
May  7 14:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Connection closed by 196.251.84.225 port 53894 [preauth]
May  7 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3789]: pam_unix(cron:session): session closed for user root
May  7 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6860]: pam_unix(cron:session): session closed for user samftp
May  7 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Invalid user ldap from 196.251.84.225
May  7 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: input_userauth_request: invalid user ldap [preauth]
May  7 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Failed password for invalid user ldap from 196.251.84.225 port 50464 ssh2
May  7 14:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7279]: Connection closed by 196.251.84.225 port 50464 [preauth]
May  7 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session closed for user root
May  7 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Invalid user worker from 196.251.84.225
May  7 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: input_userauth_request: invalid user worker [preauth]
May  7 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Failed password for invalid user worker from 196.251.84.225 port 42090 ssh2
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7353]: Connection closed by 196.251.84.225 port 42090 [preauth]
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7364]: pam_unix(cron:session): session closed for user p13x
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: Successful su for rubyman by root
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: + ??? root:rubyman
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347219 of user rubyman.
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7428]: pam_unix(su:session): session closed for user rubyman
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347219.
May  7 14:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4230]: pam_unix(cron:session): session closed for user root
May  7 14:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 218.92.0.179 port 20457 ssh2
May  7 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user samftp
May  7 14:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 218.92.0.179 port 20457 ssh2
May  7 14:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 218.92.0.179 port 20457 ssh2
May  7 14:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Received disconnect from 218.92.0.179 port 20457:11:  [preauth]
May  7 14:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Disconnected from 218.92.0.179 port 20457 [preauth]
May  7 14:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Invalid user admin from 80.94.95.241
May  7 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: input_userauth_request: invalid user admin [preauth]
May  7 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 14:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Failed password for invalid user admin from 80.94.95.241 port 29163 ssh2
May  7 14:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Failed password for invalid user admin from 80.94.95.241 port 29163 ssh2
May  7 14:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Failed password for invalid user admin from 80.94.95.241 port 29163 ssh2
May  7 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Failed password for invalid user admin from 80.94.95.241 port 29163 ssh2
May  7 14:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Invalid user redis from 196.251.84.225
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: input_userauth_request: invalid user redis [preauth]
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Failed password for invalid user admin from 80.94.95.241 port 29163 ssh2
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Received disconnect from 80.94.95.241 port 29163:11: Bye [preauth]
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: Disconnected from 80.94.95.241 port 29163 [preauth]
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7749]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Failed password for invalid user redis from 196.251.84.225 port 54530 ssh2
May  7 14:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7796]: Connection closed by 196.251.84.225 port 54530 [preauth]
May  7 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session closed for user root
May  7 14:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Invalid user nginx from 196.251.84.225
May  7 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: input_userauth_request: invalid user nginx [preauth]
May  7 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Failed password for invalid user nginx from 196.251.84.225 port 32772 ssh2
May  7 14:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Connection closed by 196.251.84.225 port 32772 [preauth]
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session closed for user root
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7898]: pam_unix(cron:session): session closed for user p13x
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7973]: Successful su for rubyman by root
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7973]: + ??? root:rubyman
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347226 of user rubyman.
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7973]: pam_unix(su:session): session closed for user rubyman
May  7 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347226.
May  7 14:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7900]: pam_unix(cron:session): session closed for user root
May  7 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session closed for user root
May  7 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7899]: pam_unix(cron:session): session closed for user samftp
May  7 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 14:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: Failed password for root from 218.92.0.231 port 27622 ssh2
May  7 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 27622 ssh2]
May  7 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: Received disconnect from 218.92.0.231 port 27622:11:  [preauth]
May  7 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: Disconnected from 218.92.0.231 port 27622 [preauth]
May  7 14:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8187]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 14:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Invalid user bob from 123.59.50.202
May  7 14:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: input_userauth_request: invalid user bob [preauth]
May  7 14:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Failed password for invalid user bob from 123.59.50.202 port 27900 ssh2
May  7 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Received disconnect from 123.59.50.202 port 27900:11: Bye Bye [preauth]
May  7 14:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8241]: Disconnected from 123.59.50.202 port 27900 [preauth]
May  7 14:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Invalid user esuser from 196.251.84.225
May  7 14:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: input_userauth_request: invalid user esuser [preauth]
May  7 14:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Failed password for root from 218.92.0.205 port 31782 ssh2
May  7 14:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Failed password for invalid user esuser from 196.251.84.225 port 39078 ssh2
May  7 14:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8248]: Connection closed by 196.251.84.225 port 39078 [preauth]
May  7 14:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Failed password for root from 218.92.0.205 port 31782 ssh2
May  7 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 31782 ssh2]
May  7 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6862]: pam_unix(cron:session): session closed for user root
May  7 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Failed password for root from 218.92.0.205 port 31782 ssh2
May  7 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 31782 ssh2 [preauth]
May  7 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: Disconnecting: Too many authentication failures [preauth]
May  7 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8243]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Failed password for root from 218.92.0.205 port 41546 ssh2
May  7 14:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 41546 ssh2]
May  7 14:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Invalid user odoo from 196.251.84.225
May  7 14:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: input_userauth_request: invalid user odoo [preauth]
May  7 14:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Failed password for root from 218.92.0.205 port 41546 ssh2
May  7 14:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Failed password for invalid user odoo from 196.251.84.225 port 60306 ssh2
May  7 14:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8348]: Connection closed by 196.251.84.225 port 60306 [preauth]
May  7 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Failed password for root from 218.92.0.205 port 41546 ssh2
May  7 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 41546 ssh2 [preauth]
May  7 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Disconnecting: Too many authentication failures [preauth]
May  7 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8369]: pam_unix(cron:session): session closed for user p13x
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: Successful su for rubyman by root
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: + ??? root:rubyman
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347227 of user rubyman.
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8441]: pam_unix(su:session): session closed for user rubyman
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347227.
May  7 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Failed password for root from 218.92.0.205 port 37704 ssh2
May  7 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5416]: pam_unix(cron:session): session closed for user root
May  7 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Received disconnect from 218.92.0.205 port 37704:11:  [preauth]
May  7 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8366]: Disconnected from 218.92.0.205 port 37704 [preauth]
May  7 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8370]: pam_unix(cron:session): session closed for user samftp
May  7 14:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Invalid user appuser from 196.251.84.225
May  7 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: input_userauth_request: invalid user appuser [preauth]
May  7 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Failed password for invalid user appuser from 196.251.84.225 port 58004 ssh2
May  7 14:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Connection closed by 196.251.84.225 port 58004 [preauth]
May  7 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user root
May  7 14:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 14:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Failed password for root from 218.92.0.226 port 44016 ssh2
May  7 14:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 44016 ssh2]
May  7 14:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Received disconnect from 218.92.0.226 port 44016:11:  [preauth]
May  7 14:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: Disconnected from 218.92.0.226 port 44016 [preauth]
May  7 14:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8748]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  7 14:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Invalid user lighthouse from 196.251.84.225
May  7 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: input_userauth_request: invalid user lighthouse [preauth]
May  7 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Failed password for invalid user lighthouse from 196.251.84.225 port 53416 ssh2
May  7 14:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8788]: Connection closed by 196.251.84.225 port 53416 [preauth]
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8807]: pam_unix(cron:session): session closed for user p13x
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: Successful su for rubyman by root
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: + ??? root:rubyman
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347231 of user rubyman.
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8873]: pam_unix(su:session): session closed for user rubyman
May  7 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347231.
May  7 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session closed for user root
May  7 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8809]: pam_unix(cron:session): session closed for user samftp
May  7 14:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Invalid user steam from 196.251.84.225
May  7 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: input_userauth_request: invalid user steam [preauth]
May  7 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Failed password for invalid user steam from 196.251.84.225 port 35120 ssh2
May  7 14:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9092]: Connection closed by 196.251.84.225 port 35120 [preauth]
May  7 14:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session closed for user root
May  7 14:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Invalid user gerard from 123.59.50.202
May  7 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: input_userauth_request: invalid user gerard [preauth]
May  7 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Failed password for invalid user gerard from 123.59.50.202 port 35815 ssh2
May  7 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Received disconnect from 123.59.50.202 port 35815:11: Bye Bye [preauth]
May  7 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9275]: Disconnected from 123.59.50.202 port 35815 [preauth]
May  7 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: Failed password for root from 196.251.84.225 port 49356 ssh2
May  7 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9307]: Connection closed by 196.251.84.225 port 49356 [preauth]
May  7 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9346]: pam_unix(cron:session): session closed for user p13x
May  7 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: Successful su for rubyman by root
May  7 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: + ??? root:rubyman
May  7 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347235 of user rubyman.
May  7 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9414]: pam_unix(su:session): session closed for user rubyman
May  7 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347235.
May  7 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session closed for user root
May  7 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9347]: pam_unix(cron:session): session closed for user samftp
May  7 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Failed password for root from 196.251.84.225 port 52208 ssh2
May  7 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182  user=root
May  7 14:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9613]: Connection closed by 196.251.84.225 port 52208 [preauth]
May  7 14:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Failed password for root from 115.78.4.182 port 36578 ssh2
May  7 14:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Received disconnect from 115.78.4.182 port 36578:11: Bye Bye [preauth]
May  7 14:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Disconnected from 115.78.4.182 port 36578 [preauth]
May  7 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8372]: pam_unix(cron:session): session closed for user root
May  7 14:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: Invalid user ubuntu from 196.251.84.225
May  7 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: Failed password for invalid user ubuntu from 196.251.84.225 port 38104 ssh2
May  7 14:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9704]: Connection closed by 196.251.84.225 port 38104 [preauth]
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session closed for user p13x
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: Successful su for rubyman by root
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: + ??? root:rubyman
May  7 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347240 of user rubyman.
May  7 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9821]: pam_unix(su:session): session closed for user rubyman
May  7 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347240.
May  7 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: Invalid user ermia from 64.23.161.151
May  7 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: input_userauth_request: invalid user ermia [preauth]
May  7 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6861]: pam_unix(cron:session): session closed for user root
May  7 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: Failed password for invalid user ermia from 64.23.161.151 port 52776 ssh2
May  7 14:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9887]: Connection closed by 64.23.161.151 port 52776 [preauth]
May  7 14:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session closed for user samftp
May  7 14:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: Invalid user lsb from 196.251.84.225
May  7 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: input_userauth_request: invalid user lsb [preauth]
May  7 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: Failed password for invalid user lsb from 196.251.84.225 port 36238 ssh2
May  7 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10023]: Connection closed by 196.251.84.225 port 36238 [preauth]
May  7 14:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: Failed password for root from 218.92.0.179 port 45226 ssh2
May  7 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45226 ssh2]
May  7 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: Received disconnect from 218.92.0.179 port 45226:11:  [preauth]
May  7 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: Disconnected from 218.92.0.179 port 45226 [preauth]
May  7 14:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10052]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8811]: pam_unix(cron:session): session closed for user root
May  7 14:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Invalid user test from 196.251.84.225
May  7 14:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: input_userauth_request: invalid user test [preauth]
May  7 14:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Failed password for invalid user test from 196.251.84.225 port 50806 ssh2
May  7 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Connection closed by 196.251.84.225 port 50806 [preauth]
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10166]: pam_unix(cron:session): session closed for user root
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10161]: pam_unix(cron:session): session closed for user p13x
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10315]: Successful su for rubyman by root
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10315]: + ??? root:rubyman
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347245 of user rubyman.
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10315]: pam_unix(su:session): session closed for user rubyman
May  7 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347245.
May  7 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session closed for user root
May  7 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user root
May  7 14:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: Invalid user mmd from 123.59.50.202
May  7 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: input_userauth_request: invalid user mmd [preauth]
May  7 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user samftp
May  7 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Invalid user kodi from 196.251.84.225
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: input_userauth_request: invalid user kodi [preauth]
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: Failed password for invalid user mmd from 123.59.50.202 port 43747 ssh2
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: Received disconnect from 123.59.50.202 port 43747:11: Bye Bye [preauth]
May  7 14:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10526]: Disconnected from 123.59.50.202 port 43747 [preauth]
May  7 14:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Failed password for invalid user kodi from 196.251.84.225 port 32938 ssh2
May  7 14:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 196.251.84.225 port 32938 [preauth]
May  7 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9351]: pam_unix(cron:session): session closed for user root
May  7 14:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Invalid user caddy from 196.251.84.225
May  7 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: input_userauth_request: invalid user caddy [preauth]
May  7 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Failed password for invalid user caddy from 196.251.84.225 port 55512 ssh2
May  7 14:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10675]: Connection closed by 196.251.84.225 port 55512 [preauth]
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10768]: pam_unix(cron:session): session closed for user p13x
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: Successful su for rubyman by root
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: + ??? root:rubyman
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347249 of user rubyman.
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: pam_unix(su:session): session closed for user rubyman
May  7 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347249.
May  7 14:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Invalid user ampache from 196.251.84.225
May  7 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: input_userauth_request: invalid user ampache [preauth]
May  7 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7903]: pam_unix(cron:session): session closed for user root
May  7 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Failed password for invalid user ampache from 196.251.84.225 port 46866 ssh2
May  7 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10926]: Connection closed by 196.251.84.225 port 46866 [preauth]
May  7 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10769]: pam_unix(cron:session): session closed for user samftp
May  7 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9762]: pam_unix(cron:session): session closed for user root
May  7 14:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Invalid user amandabackup from 196.251.84.225
May  7 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: input_userauth_request: invalid user amandabackup [preauth]
May  7 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Failed password for invalid user amandabackup from 196.251.84.225 port 33940 ssh2
May  7 14:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11104]: Connection closed by 196.251.84.225 port 33940 [preauth]
May  7 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11174]: pam_unix(cron:session): session closed for user p13x
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: Successful su for rubyman by root
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: + ??? root:rubyman
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347254 of user rubyman.
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11234]: pam_unix(su:session): session closed for user rubyman
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347254.
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Invalid user ubuntu from 196.251.84.225
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Failed password for invalid user ubuntu from 196.251.84.225 port 37504 ssh2
May  7 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8371]: pam_unix(cron:session): session closed for user root
May  7 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11246]: Connection closed by 196.251.84.225 port 37504 [preauth]
May  7 14:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11175]: pam_unix(cron:session): session closed for user samftp
May  7 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Invalid user abcdefg from 123.59.50.202
May  7 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: input_userauth_request: invalid user abcdefg [preauth]
May  7 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Invalid user admin from 194.0.234.19
May  7 14:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: input_userauth_request: invalid user admin [preauth]
May  7 14:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 14:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Failed password for invalid user abcdefg from 123.59.50.202 port 51649 ssh2
May  7 14:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Received disconnect from 123.59.50.202 port 51649:11: Bye Bye [preauth]
May  7 14:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11443]: Disconnected from 123.59.50.202 port 51649 [preauth]
May  7 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Failed password for invalid user admin from 194.0.234.19 port 30676 ssh2
May  7 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11445]: Connection closed by 194.0.234.19 port 30676 [preauth]
May  7 14:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10674]: Connection reset by 218.92.0.111 port 43652 [preauth]
May  7 14:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Invalid user test from 196.251.84.225
May  7 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: input_userauth_request: invalid user test [preauth]
May  7 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Failed password for invalid user test from 196.251.84.225 port 50354 ssh2
May  7 14:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11482]: Connection closed by 196.251.84.225 port 50354 [preauth]
May  7 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session closed for user root
May  7 14:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Invalid user ubuntu from 196.251.84.225
May  7 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11582]: pam_unix(cron:session): session closed for user p13x
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11642]: Successful su for rubyman by root
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11642]: + ??? root:rubyman
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347257 of user rubyman.
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11642]: pam_unix(su:session): session closed for user rubyman
May  7 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347257.
May  7 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Failed password for invalid user ubuntu from 196.251.84.225 port 57472 ssh2
May  7 14:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Connection closed by 196.251.84.225 port 57472 [preauth]
May  7 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8810]: pam_unix(cron:session): session closed for user root
May  7 14:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11583]: pam_unix(cron:session): session closed for user samftp
May  7 14:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Failed password for root from 196.251.84.225 port 49740 ssh2
May  7 14:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11875]: Connection closed by 196.251.84.225 port 49740 [preauth]
May  7 14:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 218.92.0.179 port 10213 ssh2
May  7 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10771]: pam_unix(cron:session): session closed for user root
May  7 14:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 218.92.0.179 port 10213 ssh2
May  7 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Failed password for root from 218.92.0.179 port 10213 ssh2
May  7 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Received disconnect from 218.92.0.179 port 10213:11:  [preauth]
May  7 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: Disconnected from 218.92.0.179 port 10213 [preauth]
May  7 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11885]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: Invalid user debian from 115.78.4.182
May  7 14:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: input_userauth_request: invalid user debian [preauth]
May  7 14:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 14:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: Failed password for invalid user debian from 115.78.4.182 port 44634 ssh2
May  7 14:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: Received disconnect from 115.78.4.182 port 44634:11: Bye Bye [preauth]
May  7 14:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11947]: Disconnected from 115.78.4.182 port 44634 [preauth]
May  7 14:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Invalid user ftpuser from 196.251.84.225
May  7 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: input_userauth_request: invalid user ftpuser [preauth]
May  7 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Failed password for invalid user ftpuser from 196.251.84.225 port 51706 ssh2
May  7 14:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Connection closed by 196.251.84.225 port 51706 [preauth]
May  7 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11976]: pam_unix(cron:session): session closed for user p13x
May  7 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12033]: Successful su for rubyman by root
May  7 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12033]: + ??? root:rubyman
May  7 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347261 of user rubyman.
May  7 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12033]: pam_unix(su:session): session closed for user rubyman
May  7 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347261.
May  7 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9349]: pam_unix(cron:session): session closed for user root
May  7 14:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11977]: pam_unix(cron:session): session closed for user samftp
May  7 14:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Invalid user redis from 196.251.84.225
May  7 14:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: input_userauth_request: invalid user redis [preauth]
May  7 14:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Failed password for invalid user redis from 196.251.84.225 port 56560 ssh2
May  7 14:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12253]: Connection closed by 196.251.84.225 port 56560 [preauth]
May  7 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11177]: pam_unix(cron:session): session closed for user root
May  7 14:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 14:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Failed password for root from 218.92.0.218 port 43272 ssh2
May  7 14:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 43272 ssh2]
May  7 14:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Received disconnect from 218.92.0.218 port 43272:11:  [preauth]
May  7 14:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: Disconnected from 218.92.0.218 port 43272 [preauth]
May  7 14:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12287]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 14:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Invalid user control from 123.59.50.202
May  7 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: input_userauth_request: invalid user control [preauth]
May  7 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Failed password for invalid user control from 123.59.50.202 port 59556 ssh2
May  7 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Received disconnect from 123.59.50.202 port 59556:11: Bye Bye [preauth]
May  7 14:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12342]: Disconnected from 123.59.50.202 port 59556 [preauth]
May  7 14:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: Invalid user wang from 196.251.84.225
May  7 14:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: input_userauth_request: invalid user wang [preauth]
May  7 14:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: Failed password for invalid user wang from 196.251.84.225 port 33256 ssh2
May  7 14:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12373]: Connection closed by 196.251.84.225 port 33256 [preauth]
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12389]: pam_unix(cron:session): session closed for user root
May  7 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12384]: pam_unix(cron:session): session closed for user p13x
May  7 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12454]: Successful su for rubyman by root
May  7 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12454]: + ??? root:rubyman
May  7 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347268 of user rubyman.
May  7 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12454]: pam_unix(su:session): session closed for user rubyman
May  7 14:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347268.
May  7 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12386]: pam_unix(cron:session): session closed for user root
May  7 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session closed for user root
May  7 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12385]: pam_unix(cron:session): session closed for user samftp
May  7 14:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Invalid user admin from 196.251.84.225
May  7 14:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user admin [preauth]
May  7 14:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user admin from 196.251.84.225 port 58844 ssh2
May  7 14:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Connection closed by 196.251.84.225 port 58844 [preauth]
May  7 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11585]: pam_unix(cron:session): session closed for user root
May  7 14:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: Invalid user amp from 196.251.84.225
May  7 14:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: input_userauth_request: invalid user amp [preauth]
May  7 14:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: Failed password for invalid user amp from 196.251.84.225 port 39262 ssh2
May  7 14:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12787]: Connection closed by 196.251.84.225 port 39262 [preauth]
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12802]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12800]: pam_unix(cron:session): session closed for user p13x
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: Successful su for rubyman by root
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: + ??? root:rubyman
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347271 of user rubyman.
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12870]: pam_unix(su:session): session closed for user rubyman
May  7 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347271.
May  7 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session closed for user root
May  7 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12802]: pam_unix(cron:session): session closed for user samftp
May  7 14:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Invalid user terraria from 196.251.84.225
May  7 14:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: input_userauth_request: invalid user terraria [preauth]
May  7 14:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Failed password for invalid user terraria from 196.251.84.225 port 46758 ssh2
May  7 14:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13095]: Connection closed by 196.251.84.225 port 46758 [preauth]
May  7 14:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Failed password for root from 218.92.0.179 port 47326 ssh2
May  7 14:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Failed password for root from 218.92.0.179 port 47326 ssh2
May  7 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11979]: pam_unix(cron:session): session closed for user root
May  7 14:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Failed password for root from 218.92.0.179 port 47326 ssh2
May  7 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Received disconnect from 218.92.0.179 port 47326:11:  [preauth]
May  7 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: Disconnected from 218.92.0.179 port 47326 [preauth]
May  7 14:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13118]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Invalid user exx from 64.23.161.151
May  7 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: input_userauth_request: invalid user exx [preauth]
May  7 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Invalid user nagios from 196.251.84.225
May  7 14:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: input_userauth_request: invalid user nagios [preauth]
May  7 14:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Failed password for invalid user exx from 64.23.161.151 port 32938 ssh2
May  7 14:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Connection closed by 64.23.161.151 port 32938 [preauth]
May  7 14:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Failed password for invalid user nagios from 196.251.84.225 port 49840 ssh2
May  7 14:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Connection closed by 196.251.84.225 port 49840 [preauth]
May  7 14:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user baidu from 123.59.50.202
May  7 14:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user baidu [preauth]
May  7 14:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user baidu from 123.59.50.202 port 2950 ssh2
May  7 14:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Received disconnect from 123.59.50.202 port 2950:11: Bye Bye [preauth]
May  7 14:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Disconnected from 123.59.50.202 port 2950 [preauth]
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13219]: pam_unix(cron:session): session closed for user p13x
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: Successful su for rubyman by root
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: + ??? root:rubyman
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347277 of user rubyman.
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13284]: pam_unix(su:session): session closed for user rubyman
May  7 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347277.
May  7 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10770]: pam_unix(cron:session): session closed for user root
May  7 14:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13220]: pam_unix(cron:session): session closed for user samftp
May  7 14:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Invalid user es from 196.251.84.225
May  7 14:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: input_userauth_request: invalid user es [preauth]
May  7 14:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Failed password for invalid user es from 196.251.84.225 port 51520 ssh2
May  7 14:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13601]: Connection closed by 196.251.84.225 port 51520 [preauth]
May  7 14:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 14:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Failed password for root from 80.94.95.125 port 10664 ssh2
May  7 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12388]: pam_unix(cron:session): session closed for user root
May  7 14:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Failed password for root from 80.94.95.125 port 10664 ssh2
May  7 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 10664 ssh2]
May  7 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Received disconnect from 80.94.95.125 port 10664:11: Bye [preauth]
May  7 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: Disconnected from 80.94.95.125 port 10664 [preauth]
May  7 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 14:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13632]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13708]: Failed password for root from 196.251.84.225 port 49718 ssh2
May  7 14:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13708]: Connection closed by 196.251.84.225 port 49718 [preauth]
May  7 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13729]: pam_unix(cron:session): session closed for user p13x
May  7 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: Successful su for rubyman by root
May  7 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: + ??? root:rubyman
May  7 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347280 of user rubyman.
May  7 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13795]: pam_unix(su:session): session closed for user rubyman
May  7 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347280.
May  7 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11176]: pam_unix(cron:session): session closed for user root
May  7 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13730]: pam_unix(cron:session): session closed for user samftp
May  7 14:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Failed password for root from 218.92.0.179 port 27779 ssh2
May  7 14:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: Invalid user ark from 196.251.84.225
May  7 14:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: input_userauth_request: invalid user ark [preauth]
May  7 14:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Failed password for root from 218.92.0.179 port 27779 ssh2
May  7 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: Failed password for invalid user ark from 196.251.84.225 port 35026 ssh2
May  7 14:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14012]: Connection closed by 196.251.84.225 port 35026 [preauth]
May  7 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Failed password for root from 218.92.0.179 port 27779 ssh2
May  7 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Received disconnect from 218.92.0.179 port 27779:11:  [preauth]
May  7 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Disconnected from 218.92.0.179 port 27779 [preauth]
May  7 14:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12804]: pam_unix(cron:session): session closed for user root
May  7 14:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Invalid user elastic from 196.251.84.225
May  7 14:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: input_userauth_request: invalid user elastic [preauth]
May  7 14:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Failed password for invalid user elastic from 196.251.84.225 port 53738 ssh2
May  7 14:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Connection closed by 196.251.84.225 port 53738 [preauth]
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14132]: pam_unix(cron:session): session closed for user p13x
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14194]: Successful su for rubyman by root
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14194]: + ??? root:rubyman
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347283 of user rubyman.
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14194]: pam_unix(su:session): session closed for user rubyman
May  7 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347283.
May  7 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11584]: pam_unix(cron:session): session closed for user root
May  7 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14134]: pam_unix(cron:session): session closed for user samftp
May  7 14:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Invalid user di from 115.78.4.182
May  7 14:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: input_userauth_request: invalid user di [preauth]
May  7 14:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.78.4.182
May  7 14:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Invalid user sun from 123.59.50.202
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: input_userauth_request: invalid user sun [preauth]
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Failed password for invalid user di from 115.78.4.182 port 52654 ssh2
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Received disconnect from 115.78.4.182 port 52654:11: Bye Bye [preauth]
May  7 14:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14389]: Disconnected from 115.78.4.182 port 52654 [preauth]
May  7 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Failed password for invalid user sun from 123.59.50.202 port 10875 ssh2
May  7 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Received disconnect from 123.59.50.202 port 10875:11: Bye Bye [preauth]
May  7 14:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14393]: Disconnected from 123.59.50.202 port 10875 [preauth]
May  7 14:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Invalid user zookeeper from 196.251.84.225
May  7 14:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: input_userauth_request: invalid user zookeeper [preauth]
May  7 14:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Failed password for invalid user zookeeper from 196.251.84.225 port 60730 ssh2
May  7 14:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14414]: Connection closed by 196.251.84.225 port 60730 [preauth]
May  7 14:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13222]: pam_unix(cron:session): session closed for user root
May  7 14:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: Invalid user dst from 196.251.84.225
May  7 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: input_userauth_request: invalid user dst [preauth]
May  7 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: Failed password for invalid user dst from 196.251.84.225 port 59266 ssh2
May  7 14:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14508]: Connection closed by 196.251.84.225 port 59266 [preauth]
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14552]: pam_unix(cron:session): session closed for user root
May  7 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session closed for user p13x
May  7 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14624]: Successful su for rubyman by root
May  7 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14624]: + ??? root:rubyman
May  7 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347288 of user rubyman.
May  7 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14624]: pam_unix(su:session): session closed for user rubyman
May  7 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347288.
May  7 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14549]: pam_unix(cron:session): session closed for user root
May  7 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11978]: pam_unix(cron:session): session closed for user root
May  7 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session closed for user samftp
May  7 14:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: Invalid user latitude from 196.251.84.225
May  7 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: input_userauth_request: invalid user latitude [preauth]
May  7 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: Failed password for invalid user latitude from 196.251.84.225 port 49896 ssh2
May  7 14:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14852]: Connection closed by 196.251.84.225 port 49896 [preauth]
May  7 14:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13733]: pam_unix(cron:session): session closed for user root
May  7 14:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Invalid user lixiao from 50.235.31.47
May  7 14:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: input_userauth_request: invalid user lixiao [preauth]
May  7 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 14:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Failed password for invalid user lixiao from 50.235.31.47 port 45160 ssh2
May  7 14:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14936]: Connection closed by 50.235.31.47 port 45160 [preauth]
May  7 14:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: Invalid user dolphin from 196.251.84.225
May  7 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: input_userauth_request: invalid user dolphin [preauth]
May  7 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: Failed password for invalid user dolphin from 196.251.84.225 port 41382 ssh2
May  7 14:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14963]: Connection closed by 196.251.84.225 port 41382 [preauth]
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15000]: pam_unix(cron:session): session closed for user p13x
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15065]: Successful su for rubyman by root
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15065]: + ??? root:rubyman
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347293 of user rubyman.
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15065]: pam_unix(su:session): session closed for user rubyman
May  7 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347293.
May  7 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12387]: pam_unix(cron:session): session closed for user root
May  7 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15001]: pam_unix(cron:session): session closed for user samftp
May  7 14:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Failed password for root from 164.68.105.9 port 48654 ssh2
May  7 14:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Connection closed by 164.68.105.9 port 48654 [preauth]
May  7 14:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Invalid user sol from 196.251.84.225
May  7 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: input_userauth_request: invalid user sol [preauth]
May  7 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Failed password for invalid user sol from 196.251.84.225 port 38388 ssh2
May  7 14:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15267]: Connection closed by 196.251.84.225 port 38388 [preauth]
May  7 14:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14136]: pam_unix(cron:session): session closed for user root
May  7 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Invalid user elearning from 123.59.50.202
May  7 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: input_userauth_request: invalid user elearning [preauth]
May  7 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Failed password for invalid user elearning from 123.59.50.202 port 18809 ssh2
May  7 14:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Received disconnect from 123.59.50.202 port 18809:11: Bye Bye [preauth]
May  7 14:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Disconnected from 123.59.50.202 port 18809 [preauth]
May  7 14:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Invalid user vbox from 196.251.84.225
May  7 14:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: input_userauth_request: invalid user vbox [preauth]
May  7 14:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Failed password for invalid user vbox from 196.251.84.225 port 33298 ssh2
May  7 14:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15367]: Connection closed by 196.251.84.225 port 33298 [preauth]
May  7 14:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for root from 218.92.0.179 port 51969 ssh2
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15404]: pam_unix(cron:session): session closed for user p13x
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for root from 218.92.0.179 port 51969 ssh2
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15463]: Successful su for rubyman by root
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15463]: + ??? root:rubyman
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347297 of user rubyman.
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15463]: pam_unix(su:session): session closed for user rubyman
May  7 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347297.
May  7 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Failed password for root from 218.92.0.179 port 51969 ssh2
May  7 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Received disconnect from 218.92.0.179 port 51969:11:  [preauth]
May  7 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: Disconnected from 218.92.0.179 port 51969 [preauth]
May  7 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12803]: pam_unix(cron:session): session closed for user root
May  7 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15405]: pam_unix(cron:session): session closed for user samftp
May  7 14:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Failed password for root from 196.251.84.225 port 55752 ssh2
May  7 14:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15652]: Connection closed by 196.251.84.225 port 55752 [preauth]
May  7 14:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: Invalid user 1234 from 80.94.95.115
May  7 14:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: input_userauth_request: invalid user 1234 [preauth]
May  7 14:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: Failed password for invalid user 1234 from 80.94.95.115 port 48118 ssh2
May  7 14:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15674]: Connection closed by 80.94.95.115 port 48118 [preauth]
May  7 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14551]: pam_unix(cron:session): session closed for user root
May  7 14:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Invalid user jito-validator from 196.251.84.225
May  7 14:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: input_userauth_request: invalid user jito-validator [preauth]
May  7 14:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Failed password for invalid user jito-validator from 196.251.84.225 port 33446 ssh2
May  7 14:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15747]: Connection closed by 196.251.84.225 port 33446 [preauth]
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15800]: pam_unix(cron:session): session closed for user p13x
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: Successful su for rubyman by root
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: + ??? root:rubyman
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347302 of user rubyman.
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15864]: pam_unix(su:session): session closed for user rubyman
May  7 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347302.
May  7 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13221]: pam_unix(cron:session): session closed for user root
May  7 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15801]: pam_unix(cron:session): session closed for user samftp
May  7 14:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Invalid user steam from 196.251.84.225
May  7 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: input_userauth_request: invalid user steam [preauth]
May  7 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Failed password for invalid user steam from 196.251.84.225 port 44214 ssh2
May  7 14:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16048]: Connection closed by 196.251.84.225 port 44214 [preauth]
May  7 14:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for root from 218.92.0.179 port 26741 ssh2
May  7 14:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for root from 218.92.0.179 port 26741 ssh2
May  7 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Failed password for root from 218.92.0.179 port 26741 ssh2
May  7 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Received disconnect from 218.92.0.179 port 26741:11:  [preauth]
May  7 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: Disconnected from 218.92.0.179 port 26741 [preauth]
May  7 14:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16078]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15003]: pam_unix(cron:session): session closed for user root
May  7 14:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Failed password for root from 196.251.84.225 port 43208 ssh2
May  7 14:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16141]: Connection closed by 196.251.84.225 port 43208 [preauth]
May  7 14:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Invalid user anthony from 123.59.50.202
May  7 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: input_userauth_request: invalid user anthony [preauth]
May  7 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Failed password for invalid user anthony from 123.59.50.202 port 26720 ssh2
May  7 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Received disconnect from 123.59.50.202 port 26720:11: Bye Bye [preauth]
May  7 14:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16182]: Disconnected from 123.59.50.202 port 26720 [preauth]
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16201]: pam_unix(cron:session): session closed for user p13x
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16316]: Successful su for rubyman by root
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16316]: + ??? root:rubyman
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347305 of user rubyman.
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16316]: pam_unix(su:session): session closed for user rubyman
May  7 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347305.
May  7 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16199]: pam_unix(cron:session): session closed for user root
May  7 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13732]: pam_unix(cron:session): session closed for user root
May  7 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: Invalid user oracle from 196.251.84.225
May  7 14:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: input_userauth_request: invalid user oracle [preauth]
May  7 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16202]: pam_unix(cron:session): session closed for user samftp
May  7 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: Failed password for invalid user oracle from 196.251.84.225 port 44558 ssh2
May  7 14:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16535]: Connection closed by 196.251.84.225 port 44558 [preauth]
May  7 14:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Connection reset by 218.92.0.231 port 60936 [preauth]
May  7 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session closed for user root
May  7 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Invalid user nexus from 196.251.84.225
May  7 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: input_userauth_request: invalid user nexus [preauth]
May  7 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for invalid user nexus from 196.251.84.225 port 39440 ssh2
May  7 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Connection closed by 196.251.84.225 port 39440 [preauth]
May  7 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: Invalid user javad from 64.23.161.151
May  7 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: input_userauth_request: invalid user javad [preauth]
May  7 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: Failed password for invalid user javad from 64.23.161.151 port 49092 ssh2
May  7 14:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16685]: Connection closed by 64.23.161.151 port 49092 [preauth]
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16746]: pam_unix(cron:session): session closed for user root
May  7 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16741]: pam_unix(cron:session): session closed for user p13x
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: Successful su for rubyman by root
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: + ??? root:rubyman
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347314 of user rubyman.
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16810]: pam_unix(su:session): session closed for user rubyman
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347314.
May  7 14:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Failed password for root from 196.251.84.225 port 60594 ssh2
May  7 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16743]: pam_unix(cron:session): session closed for user root
May  7 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16737]: Connection closed by 196.251.84.225 port 60594 [preauth]
May  7 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14135]: pam_unix(cron:session): session closed for user root
May  7 14:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16742]: pam_unix(cron:session): session closed for user samftp
May  7 14:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: Failed password for root from 196.251.84.225 port 50896 ssh2
May  7 14:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: Connection closed by 196.251.84.225 port 50896 [preauth]
May  7 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15803]: pam_unix(cron:session): session closed for user root
May  7 14:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Invalid user ranger from 196.251.84.225
May  7 14:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: input_userauth_request: invalid user ranger [preauth]
May  7 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Failed password for invalid user ranger from 196.251.84.225 port 54842 ssh2
May  7 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17187]: Connection closed by 196.251.84.225 port 54842 [preauth]
May  7 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17198]: pam_unix(cron:session): session closed for user p13x
May  7 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17270]: Successful su for rubyman by root
May  7 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17270]: + ??? root:rubyman
May  7 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347316 of user rubyman.
May  7 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17270]: pam_unix(su:session): session closed for user rubyman
May  7 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347316.
May  7 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14550]: pam_unix(cron:session): session closed for user root
May  7 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17199]: pam_unix(cron:session): session closed for user samftp
May  7 14:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Invalid user goga from 123.59.50.202
May  7 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: input_userauth_request: invalid user goga [preauth]
May  7 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Failed password for invalid user goga from 123.59.50.202 port 34632 ssh2
May  7 14:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Received disconnect from 123.59.50.202 port 34632:11: Bye Bye [preauth]
May  7 14:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17505]: Disconnected from 123.59.50.202 port 34632 [preauth]
May  7 14:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Invalid user ubuntu from 196.251.84.225
May  7 14:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Failed password for invalid user ubuntu from 196.251.84.225 port 43640 ssh2
May  7 14:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17512]: Connection closed by 196.251.84.225 port 43640 [preauth]
May  7 14:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16204]: pam_unix(cron:session): session closed for user root
May  7 14:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: Invalid user elsearch from 196.251.84.225
May  7 14:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: input_userauth_request: invalid user elsearch [preauth]
May  7 14:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: Failed password for invalid user elsearch from 196.251.84.225 port 60196 ssh2
May  7 14:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17605]: Connection closed by 196.251.84.225 port 60196 [preauth]
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17627]: pam_unix(cron:session): session closed for user p13x
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17698]: Successful su for rubyman by root
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17698]: + ??? root:rubyman
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347320 of user rubyman.
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17698]: pam_unix(su:session): session closed for user rubyman
May  7 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347320.
May  7 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15002]: pam_unix(cron:session): session closed for user root
May  7 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user samftp
May  7 14:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Invalid user es from 196.251.84.225
May  7 14:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: input_userauth_request: invalid user es [preauth]
May  7 14:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Failed password for invalid user es from 196.251.84.225 port 42780 ssh2
May  7 14:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18023]: Connection closed by 196.251.84.225 port 42780 [preauth]
May  7 14:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16745]: pam_unix(cron:session): session closed for user root
May  7 14:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  7 14:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: Failed password for root from 218.92.0.230 port 47528 ssh2
May  7 14:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 47528 ssh2]
May  7 14:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: Received disconnect from 218.92.0.230 port 47528:11:  [preauth]
May  7 14:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: Disconnected from 218.92.0.230 port 47528 [preauth]
May  7 14:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18100]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  7 14:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: Invalid user dev from 196.251.84.225
May  7 14:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: input_userauth_request: invalid user dev [preauth]
May  7 14:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: Failed password for invalid user dev from 196.251.84.225 port 56788 ssh2
May  7 14:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18135]: Connection closed by 196.251.84.225 port 56788 [preauth]
May  7 14:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user p13x
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18227]: Successful su for rubyman by root
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18227]: + ??? root:rubyman
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347324 of user rubyman.
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18227]: pam_unix(su:session): session closed for user rubyman
May  7 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347324.
May  7 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session closed for user root
May  7 14:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session closed for user samftp
May  7 14:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Invalid user puppet from 196.251.84.225
May  7 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: input_userauth_request: invalid user puppet [preauth]
May  7 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Failed password for invalid user puppet from 196.251.84.225 port 44928 ssh2
May  7 14:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Connection closed by 196.251.84.225 port 44928 [preauth]
May  7 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17201]: pam_unix(cron:session): session closed for user root
May  7 14:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Invalid user xiaolin from 123.59.50.202
May  7 14:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: input_userauth_request: invalid user xiaolin [preauth]
May  7 14:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Failed password for invalid user xiaolin from 123.59.50.202 port 42537 ssh2
May  7 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Received disconnect from 123.59.50.202 port 42537:11: Bye Bye [preauth]
May  7 14:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18518]: Disconnected from 123.59.50.202 port 42537 [preauth]
May  7 14:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: Invalid user azureuser from 196.251.84.225
May  7 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: input_userauth_request: invalid user azureuser [preauth]
May  7 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: Failed password for invalid user azureuser from 196.251.84.225 port 34402 ssh2
May  7 14:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18528]: Connection closed by 196.251.84.225 port 34402 [preauth]
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18578]: pam_unix(cron:session): session closed for user p13x
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18637]: Successful su for rubyman by root
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18637]: + ??? root:rubyman
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347329 of user rubyman.
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18637]: pam_unix(su:session): session closed for user rubyman
May  7 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347329.
May  7 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15802]: pam_unix(cron:session): session closed for user root
May  7 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user samftp
May  7 14:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Invalid user gitlab from 196.251.84.225
May  7 14:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: input_userauth_request: invalid user gitlab [preauth]
May  7 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Failed password for invalid user gitlab from 196.251.84.225 port 35980 ssh2
May  7 14:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18834]: Connection closed by 196.251.84.225 port 35980 [preauth]
May  7 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session closed for user root
May  7 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: Invalid user gitlab-psql from 196.251.84.225
May  7 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: input_userauth_request: invalid user gitlab-psql [preauth]
May  7 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: Failed password for invalid user gitlab-psql from 196.251.84.225 port 45944 ssh2
May  7 14:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18936]: Connection closed by 196.251.84.225 port 45944 [preauth]
May  7 14:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18139]: Connection reset by 218.92.0.111 port 30168 [preauth]
May  7 14:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session closed for user root
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user p13x
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: Invalid user b from 195.178.110.50
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: input_userauth_request: invalid user b [preauth]
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19058]: Successful su for rubyman by root
May  7 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19058]: + ??? root:rubyman
May  7 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347332 of user rubyman.
May  7 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19058]: pam_unix(su:session): session closed for user rubyman
May  7 14:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347332.
May  7 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: Failed password for invalid user b from 195.178.110.50 port 36112 ssh2
May  7 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18958]: Connection closed by 195.178.110.50 port 36112 [preauth]
May  7 14:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session closed for user root
May  7 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16203]: pam_unix(cron:session): session closed for user root
May  7 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user samftp
May  7 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: Invalid user sol from 196.251.84.225
May  7 14:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: input_userauth_request: invalid user sol [preauth]
May  7 14:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: Failed password for invalid user sol from 196.251.84.225 port 35386 ssh2
May  7 14:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19279]: Connection closed by 196.251.84.225 port 35386 [preauth]
May  7 14:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: Invalid user o from 195.178.110.50
May  7 14:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: input_userauth_request: invalid user o [preauth]
May  7 14:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 14:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: Failed password for invalid user o from 195.178.110.50 port 28510 ssh2
May  7 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19161]: Connection closed by 195.178.110.50 port 28510 [preauth]
May  7 14:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18171]: pam_unix(cron:session): session closed for user root
May  7 14:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: Invalid user palworld from 196.251.84.225
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: input_userauth_request: invalid user palworld [preauth]
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: Invalid user | from 195.178.110.50
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: input_userauth_request: invalid user | [preauth]
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 14:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: Failed password for invalid user palworld from 196.251.84.225 port 39462 ssh2
May  7 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19383]: Connection closed by 196.251.84.225 port 39462 [preauth]
May  7 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: Failed password for invalid user | from 195.178.110.50 port 18342 ssh2
May  7 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19345]: Connection closed by 195.178.110.50 port 18342 [preauth]
May  7 14:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Invalid user validation from 123.59.50.202
May  7 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: input_userauth_request: invalid user validation [preauth]
May  7 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Failed password for invalid user validation from 123.59.50.202 port 50443 ssh2
May  7 14:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Received disconnect from 123.59.50.202 port 50443:11: Bye Bye [preauth]
May  7 14:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Disconnected from 123.59.50.202 port 50443 [preauth]
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19438]: pam_unix(cron:session): session closed for user p13x
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19441]: pam_unix(cron:session): session closed for user root
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19510]: Successful su for rubyman by root
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19510]: + ??? root:rubyman
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347338 of user rubyman.
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19510]: pam_unix(su:session): session closed for user rubyman
May  7 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347338.
May  7 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16744]: pam_unix(cron:session): session closed for user root
May  7 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19439]: pam_unix(cron:session): session closed for user samftp
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Invalid user + from 195.178.110.50
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: input_userauth_request: invalid user + [preauth]
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: pam_unix(sshd:auth): bad username [+]
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Failed password for invalid user + from 195.178.110.50 port 55226 ssh2
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: Invalid user steam from 196.251.84.225
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: input_userauth_request: invalid user steam [preauth]
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: Failed password for invalid user steam from 196.251.84.225 port 48724 ssh2
May  7 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19717]: Connection closed by 196.251.84.225 port 48724 [preauth]
May  7 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19407]: Connection closed by 195.178.110.50 port 55226 [preauth]
May  7 14:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  7 14:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 218.92.0.212 port 58908 ssh2
May  7 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: Invalid user 8 from 195.178.110.50
May  7 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: input_userauth_request: invalid user 8 [preauth]
May  7 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 218.92.0.212 port 58908 ssh2
May  7 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: Failed password for invalid user 8 from 195.178.110.50 port 54306 ssh2
May  7 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: Connection closed by 195.178.110.50 port 54306 [preauth]
May  7 14:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user root
May  7 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 218.92.0.212 port 58908 ssh2
May  7 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 218.92.0.212 port 58908 ssh2
May  7 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Failed password for root from 196.251.84.225 port 54670 ssh2
May  7 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Failed password for root from 218.92.0.212 port 58908 ssh2
May  7 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: error: maximum authentication attempts exceeded for root from 218.92.0.212 port 58908 ssh2 [preauth]
May  7 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: Disconnecting: Too many authentication failures [preauth]
May  7 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  7 14:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19781]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19820]: Connection closed by 196.251.84.225 port 54670 [preauth]
May  7 14:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Invalid user ubnt from 80.94.95.115
May  7 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: input_userauth_request: invalid user ubnt [preauth]
May  7 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 14:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Failed password for invalid user ubnt from 80.94.95.115 port 49244 ssh2
May  7 14:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Connection closed by 80.94.95.115 port 49244 [preauth]
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19882]: pam_unix(cron:session): session closed for user p13x
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: Successful su for rubyman by root
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: + ??? root:rubyman
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347345 of user rubyman.
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19944]: pam_unix(su:session): session closed for user rubyman
May  7 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347345.
May  7 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17200]: pam_unix(cron:session): session closed for user root
May  7 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19883]: pam_unix(cron:session): session closed for user samftp
May  7 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: Invalid user kodi from 196.251.84.225
May  7 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: input_userauth_request: invalid user kodi [preauth]
May  7 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: Failed password for invalid user kodi from 196.251.84.225 port 35558 ssh2
May  7 14:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20133]: Connection closed by 196.251.84.225 port 35558 [preauth]
May  7 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: Invalid user ml_group from 64.23.161.151
May  7 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: input_userauth_request: invalid user ml_group [preauth]
May  7 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: Failed password for invalid user ml_group from 64.23.161.151 port 52630 ssh2
May  7 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20203]: Connection closed by 64.23.161.151 port 52630 [preauth]
May  7 14:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18990]: pam_unix(cron:session): session closed for user root
May  7 14:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Invalid user node from 196.251.84.225
May  7 14:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: input_userauth_request: invalid user node [preauth]
May  7 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Failed password for invalid user node from 196.251.84.225 port 55906 ssh2
May  7 14:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Connection closed by 196.251.84.225 port 55906 [preauth]
May  7 14:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 14:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Failed password for root from 218.92.0.221 port 24422 ssh2
May  7 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 24422 ssh2]
May  7 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Received disconnect from 218.92.0.221 port 24422:11:  [preauth]
May  7 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Disconnected from 218.92.0.221 port 24422 [preauth]
May  7 14:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20294]: pam_unix(cron:session): session closed for user p13x
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: Successful su for rubyman by root
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: + ??? root:rubyman
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347348 of user rubyman.
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20352]: pam_unix(su:session): session closed for user rubyman
May  7 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347348.
May  7 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user root
May  7 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20295]: pam_unix(cron:session): session closed for user samftp
May  7 14:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Invalid user jose from 123.59.50.202
May  7 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: input_userauth_request: invalid user jose [preauth]
May  7 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Failed password for invalid user jose from 123.59.50.202 port 58348 ssh2
May  7 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Received disconnect from 123.59.50.202 port 58348:11: Bye Bye [preauth]
May  7 14:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20544]: Disconnected from 123.59.50.202 port 58348 [preauth]
May  7 14:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Invalid user opc from 196.251.84.225
May  7 14:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: input_userauth_request: invalid user opc [preauth]
May  7 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Failed password for invalid user opc from 196.251.84.225 port 36550 ssh2
May  7 14:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Connection closed by 196.251.84.225 port 36550 [preauth]
May  7 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19442]: pam_unix(cron:session): session closed for user root
May  7 14:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Invalid user sol from 196.251.84.225
May  7 14:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: input_userauth_request: invalid user sol [preauth]
May  7 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Failed password for invalid user sol from 196.251.84.225 port 40872 ssh2
May  7 14:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20645]: Connection closed by 196.251.84.225 port 40872 [preauth]
May  7 14:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user p13x
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20763]: Successful su for rubyman by root
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20763]: + ??? root:rubyman
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347351 of user rubyman.
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20763]: pam_unix(su:session): session closed for user rubyman
May  7 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347351.
May  7 14:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session closed for user root
May  7 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user samftp
May  7 14:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Invalid user ubuntu from 196.251.84.225
May  7 14:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Failed password for invalid user ubuntu from 196.251.84.225 port 41192 ssh2
May  7 14:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20972]: Connection closed by 196.251.84.225 port 41192 [preauth]
May  7 14:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Failed password for root from 218.92.0.229 port 54370 ssh2
May  7 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Failed password for root from 218.92.0.229 port 54370 ssh2
May  7 14:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19885]: pam_unix(cron:session): session closed for user root
May  7 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Failed password for root from 218.92.0.229 port 54370 ssh2
May  7 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Received disconnect from 218.92.0.229 port 54370:11:  [preauth]
May  7 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: Disconnected from 218.92.0.229 port 54370 [preauth]
May  7 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21022]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Failed password for root from 218.92.0.229 port 26346 ssh2
May  7 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 26346 ssh2]
May  7 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Received disconnect from 218.92.0.229 port 26346:11:  [preauth]
May  7 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: Disconnected from 218.92.0.229 port 26346 [preauth]
May  7 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21054]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Failed password for root from 218.92.0.229 port 57840 ssh2
May  7 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 57840 ssh2]
May  7 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Received disconnect from 218.92.0.229 port 57840:11:  [preauth]
May  7 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Disconnected from 218.92.0.229 port 57840 [preauth]
May  7 14:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Invalid user nginx from 196.251.84.225
May  7 14:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: input_userauth_request: invalid user nginx [preauth]
May  7 14:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Failed password for invalid user nginx from 196.251.84.225 port 48844 ssh2
May  7 14:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21091]: Connection closed by 196.251.84.225 port 48844 [preauth]
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21137]: pam_unix(cron:session): session closed for user root
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session closed for user p13x
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: Successful su for rubyman by root
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: + ??? root:rubyman
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347360 of user rubyman.
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21213]: pam_unix(su:session): session closed for user rubyman
May  7 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347360.
May  7 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21134]: pam_unix(cron:session): session closed for user root
May  7 14:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user root
May  7 14:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user samftp
May  7 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: Invalid user dolphinscheduler from 196.251.84.225
May  7 14:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 48674 ssh2
May  7 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21471]: Connection closed by 196.251.84.225 port 48674 [preauth]
May  7 14:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Invalid user mahsa from 123.59.50.202
May  7 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: input_userauth_request: invalid user mahsa [preauth]
May  7 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Failed password for invalid user mahsa from 123.59.50.202 port 1734 ssh2
May  7 14:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Received disconnect from 123.59.50.202 port 1734:11: Bye Bye [preauth]
May  7 14:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21491]: Disconnected from 123.59.50.202 port 1734 [preauth]
May  7 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user root
May  7 14:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Invalid user samba from 196.251.84.225
May  7 14:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: input_userauth_request: invalid user samba [preauth]
May  7 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Failed password for invalid user samba from 196.251.84.225 port 34890 ssh2
May  7 14:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Connection closed by 196.251.84.225 port 34890 [preauth]
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21612]: pam_unix(cron:session): session closed for user p13x
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21708]: Successful su for rubyman by root
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21708]: + ??? root:rubyman
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347362 of user rubyman.
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21708]: pam_unix(su:session): session closed for user rubyman
May  7 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347362.
May  7 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18989]: pam_unix(cron:session): session closed for user root
May  7 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21613]: pam_unix(cron:session): session closed for user samftp
May  7 14:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22158]: Connection closed by 148.113.210.228 port 54622 [preauth]
May  7 14:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Invalid user ubuntu from 196.251.84.225
May  7 14:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: input_userauth_request: invalid user ubuntu [preauth]
May  7 14:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Failed password for invalid user ubuntu from 196.251.84.225 port 57862 ssh2
May  7 14:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Connection closed by 196.251.84.225 port 57862 [preauth]
May  7 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20706]: pam_unix(cron:session): session closed for user root
May  7 14:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: Invalid user flussonic from 196.251.84.225
May  7 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: input_userauth_request: invalid user flussonic [preauth]
May  7 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: Failed password for invalid user flussonic from 196.251.84.225 port 42240 ssh2
May  7 14:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22347]: Connection closed by 196.251.84.225 port 42240 [preauth]
May  7 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session closed for user p13x
May  7 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22452]: Successful su for rubyman by root
May  7 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22452]: + ??? root:rubyman
May  7 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347365 of user rubyman.
May  7 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22452]: pam_unix(su:session): session closed for user rubyman
May  7 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347365.
May  7 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19440]: pam_unix(cron:session): session closed for user root
May  7 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22368]: pam_unix(cron:session): session closed for user samftp
May  7 14:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Invalid user yarn from 196.251.84.225
May  7 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: input_userauth_request: invalid user yarn [preauth]
May  7 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Failed password for invalid user yarn from 196.251.84.225 port 38966 ssh2
May  7 14:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22696]: Connection closed by 196.251.84.225 port 38966 [preauth]
May  7 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21136]: pam_unix(cron:session): session closed for user root
May  7 14:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: Invalid user code from 123.59.50.202
May  7 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: input_userauth_request: invalid user code [preauth]
May  7 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Invalid user admin from 80.94.95.241
May  7 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: input_userauth_request: invalid user admin [preauth]
May  7 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: Failed password for invalid user code from 123.59.50.202 port 9645 ssh2
May  7 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: Received disconnect from 123.59.50.202 port 9645:11: Bye Bye [preauth]
May  7 14:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22797]: Disconnected from 123.59.50.202 port 9645 [preauth]
May  7 14:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for invalid user admin from 80.94.95.241 port 13007 ssh2
May  7 14:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for invalid user admin from 80.94.95.241 port 13007 ssh2
May  7 14:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for invalid user admin from 80.94.95.241 port 13007 ssh2
May  7 14:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for invalid user admin from 80.94.95.241 port 13007 ssh2
May  7 14:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Invalid user steam from 196.251.84.225
May  7 14:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: input_userauth_request: invalid user steam [preauth]
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for invalid user admin from 80.94.95.241 port 13007 ssh2
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Received disconnect from 80.94.95.241 port 13007:11: Bye [preauth]
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Disconnected from 80.94.95.241 port 13007 [preauth]
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22830]: pam_unix(cron:session): session closed for user p13x
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22901]: Successful su for rubyman by root
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22901]: + ??? root:rubyman
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347369 of user rubyman.
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22901]: pam_unix(su:session): session closed for user rubyman
May  7 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347369.
May  7 14:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Failed password for invalid user steam from 196.251.84.225 port 54004 ssh2
May  7 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19884]: pam_unix(cron:session): session closed for user root
May  7 14:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22827]: Connection closed by 196.251.84.225 port 54004 [preauth]
May  7 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22831]: pam_unix(cron:session): session closed for user samftp
May  7 14:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 14:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Failed password for root from 218.92.0.112 port 46108 ssh2
May  7 14:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 46108 ssh2]
May  7 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Received disconnect from 218.92.0.112 port 46108:11:  [preauth]
May  7 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: Disconnected from 218.92.0.112 port 46108 [preauth]
May  7 14:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23123]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  7 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Invalid user omsagent from 196.251.84.225
May  7 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: input_userauth_request: invalid user omsagent [preauth]
May  7 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Failed password for invalid user omsagent from 196.251.84.225 port 36540 ssh2
May  7 14:53:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23166]: Connection closed by 196.251.84.225 port 36540 [preauth]
May  7 14:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user root
May  7 14:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Invalid user nagios from 196.251.84.225
May  7 14:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: input_userauth_request: invalid user nagios [preauth]
May  7 14:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Failed password for invalid user nagios from 196.251.84.225 port 50960 ssh2
May  7 14:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Connection closed by 196.251.84.225 port 50960 [preauth]
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23291]: pam_unix(cron:session): session closed for user p13x
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: Successful su for rubyman by root
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: + ??? root:rubyman
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347373 of user rubyman.
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: pam_unix(su:session): session closed for user rubyman
May  7 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347373.
May  7 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Invalid user scptest from 164.68.105.9
May  7 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: input_userauth_request: invalid user scptest [preauth]
May  7 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user root
May  7 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Failed password for invalid user scptest from 164.68.105.9 port 40424 ssh2
May  7 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Connection closed by 164.68.105.9 port 40424 [preauth]
May  7 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session closed for user samftp
May  7 14:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Invalid user test from 196.251.84.225
May  7 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: input_userauth_request: invalid user test [preauth]
May  7 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Failed password for invalid user test from 196.251.84.225 port 54716 ssh2
May  7 14:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Connection closed by 196.251.84.225 port 54716 [preauth]
May  7 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22371]: pam_unix(cron:session): session closed for user root
May  7 14:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Invalid user dst from 196.251.84.225
May  7 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: input_userauth_request: invalid user dst [preauth]
May  7 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Failed password for invalid user dst from 196.251.84.225 port 36076 ssh2
May  7 14:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23869]: Connection closed by 196.251.84.225 port 36076 [preauth]
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23888]: pam_unix(cron:session): session closed for user root
May  7 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23882]: pam_unix(cron:session): session closed for user p13x
May  7 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: Successful su for rubyman by root
May  7 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: + ??? root:rubyman
May  7 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347379 of user rubyman.
May  7 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23968]: pam_unix(su:session): session closed for user rubyman
May  7 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347379.
May  7 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23885]: pam_unix(cron:session): session closed for user root
May  7 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20705]: pam_unix(cron:session): session closed for user root
May  7 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23884]: pam_unix(cron:session): session closed for user samftp
May  7 14:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Invalid user filter from 123.59.50.202
May  7 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: input_userauth_request: invalid user filter [preauth]
May  7 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.59.50.202
May  7 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Failed password for invalid user filter from 123.59.50.202 port 17560 ssh2
May  7 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Received disconnect from 123.59.50.202 port 17560:11: Bye Bye [preauth]
May  7 14:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24200]: Disconnected from 123.59.50.202 port 17560 [preauth]
May  7 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: Invalid user mohammad from 64.23.161.151
May  7 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: input_userauth_request: invalid user mohammad [preauth]
May  7 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: Failed password for invalid user mohammad from 64.23.161.151 port 41418 ssh2
May  7 14:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: Connection closed by 64.23.161.151 port 41418 [preauth]
May  7 14:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: Invalid user vps from 196.251.84.225
May  7 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: input_userauth_request: invalid user vps [preauth]
May  7 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: Failed password for invalid user vps from 196.251.84.225 port 58780 ssh2
May  7 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24265]: Connection closed by 196.251.84.225 port 58780 [preauth]
May  7 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session closed for user root
May  7 14:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Invalid user puppet from 196.251.84.225
May  7 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: input_userauth_request: invalid user puppet [preauth]
May  7 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Failed password for invalid user puppet from 196.251.84.225 port 46688 ssh2
May  7 14:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24361]: Connection closed by 196.251.84.225 port 46688 [preauth]
May  7 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session closed for user p13x
May  7 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: Successful su for rubyman by root
May  7 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: + ??? root:rubyman
May  7 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347384 of user rubyman.
May  7 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24450]: pam_unix(su:session): session closed for user rubyman
May  7 14:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347384.
May  7 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21135]: pam_unix(cron:session): session closed for user root
May  7 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session closed for user samftp
May  7 14:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Invalid user admin from 196.251.84.225
May  7 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: input_userauth_request: invalid user admin [preauth]
May  7 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Failed password for invalid user admin from 196.251.84.225 port 59688 ssh2
May  7 14:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24692]: Connection closed by 196.251.84.225 port 59688 [preauth]
May  7 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
May  7 14:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: input_userauth_request: invalid user www-data [preauth]
May  7 14:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Failed password for invalid user www-data from 196.251.84.225 port 55606 ssh2
May  7 14:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24786]: Connection closed by 196.251.84.225 port 55606 [preauth]
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user p13x
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: Successful su for rubyman by root
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: + ??? root:rubyman
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347389 of user rubyman.
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24869]: pam_unix(su:session): session closed for user rubyman
May  7 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347389.
May  7 14:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21614]: pam_unix(cron:session): session closed for user root
May  7 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user samftp
May  7 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 14:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Failed password for root from 218.92.0.218 port 31606 ssh2
May  7 14:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 31606 ssh2]
May  7 14:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Received disconnect from 218.92.0.218 port 31606:11:  [preauth]
May  7 14:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Disconnected from 218.92.0.218 port 31606 [preauth]
May  7 14:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 14:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 14:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: input_userauth_request: invalid user sys [preauth]
May  7 14:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  7 14:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Failed password for invalid user sys from 196.251.84.225 port 57172 ssh2
May  7 14:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25094]: Connection closed by 196.251.84.225 port 57172 [preauth]
May  7 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23887]: pam_unix(cron:session): session closed for user root
May  7 14:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Invalid user elasticsearch from 196.251.84.225
May  7 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Failed password for invalid user elasticsearch from 196.251.84.225 port 38058 ssh2
May  7 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25197]: Connection closed by 196.251.84.225 port 38058 [preauth]
May  7 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25227]: pam_unix(cron:session): session closed for user p13x
May  7 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: Successful su for rubyman by root
May  7 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: + ??? root:rubyman
May  7 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347392 of user rubyman.
May  7 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25298]: pam_unix(su:session): session closed for user rubyman
May  7 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347392.
May  7 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22369]: pam_unix(cron:session): session closed for user root
May  7 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25228]: pam_unix(cron:session): session closed for user samftp
May  7 14:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Invalid user jito from 196.251.84.225
May  7 14:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: input_userauth_request: invalid user jito [preauth]
May  7 14:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Failed password for invalid user jito from 196.251.84.225 port 55848 ssh2
May  7 14:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25534]: Connection closed by 196.251.84.225 port 55848 [preauth]
May  7 14:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session closed for user root
May  7 14:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: input_userauth_request: invalid user bin [preauth]
May  7 14:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  7 14:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: Failed password for invalid user bin from 196.251.84.225 port 46512 ssh2
May  7 14:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25629]: Connection closed by 196.251.84.225 port 46512 [preauth]
May  7 14:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for root from 218.92.0.179 port 25615 ssh2
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25683]: pam_unix(cron:session): session closed for user p13x
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for root from 218.92.0.179 port 25615 ssh2
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: Successful su for rubyman by root
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: + ??? root:rubyman
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347395 of user rubyman.
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25764]: pam_unix(su:session): session closed for user rubyman
May  7 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347395.
May  7 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for root from 218.92.0.179 port 25615 ssh2
May  7 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Received disconnect from 218.92.0.179 port 25615:11:  [preauth]
May  7 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Disconnected from 218.92.0.179 port 25615 [preauth]
May  7 14:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session closed for user root
May  7 14:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session closed for user samftp
May  7 14:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 14:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: input_userauth_request: invalid user uucp [preauth]
May  7 14:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  7 14:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Failed password for invalid user uucp from 196.251.84.225 port 40944 ssh2
May  7 14:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26027]: Connection closed by 196.251.84.225 port 40944 [preauth]
May  7 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user root
May  7 14:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: Invalid user test from 85.208.84.4
May  7 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: input_userauth_request: invalid user test [preauth]
May  7 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: Failed password for invalid user test from 85.208.84.4 port 54392 ssh2
May  7 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26083]: Connection closed by 85.208.84.4 port 54392 [preauth]
May  7 14:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Invalid user latitude from 196.251.84.225
May  7 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: input_userauth_request: invalid user latitude [preauth]
May  7 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): check pass; user unknown
May  7 14:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 14:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Failed password for invalid user latitude from 196.251.84.225 port 60792 ssh2
May  7 14:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: Connection closed by 196.251.84.225 port 60792 [preauth]
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user root
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26153]: pam_unix(cron:session): session closed for user root
May  7 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session closed for user p13x
May  7 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: Successful su for rubyman by root
May  7 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: + ??? root:rubyman
May  7 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347404 of user rubyman.
May  7 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26240]: pam_unix(su:session): session closed for user rubyman
May  7 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347404.
May  7 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
May  7 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user root
May  7 15:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session closed for user samftp
May  7 15:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: Invalid user hadoop from 196.251.84.225
May  7 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: input_userauth_request: invalid user hadoop [preauth]
May  7 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: Failed password for invalid user hadoop from 196.251.84.225 port 41558 ssh2
May  7 15:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: Connection closed by 196.251.84.225 port 41558 [preauth]
May  7 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25230]: pam_unix(cron:session): session closed for user root
May  7 15:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: Invalid user caddy from 196.251.84.225
May  7 15:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: input_userauth_request: invalid user caddy [preauth]
May  7 15:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: Failed password for invalid user caddy from 196.251.84.225 port 43942 ssh2
May  7 15:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26704]: Connection closed by 196.251.84.225 port 43942 [preauth]
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session closed for user p13x
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: Successful su for rubyman by root
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: + ??? root:rubyman
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347407 of user rubyman.
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: pam_unix(su:session): session closed for user rubyman
May  7 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347407.
May  7 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23886]: pam_unix(cron:session): session closed for user root
May  7 15:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session closed for user samftp
May  7 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Invalid user drupal from 196.251.84.225
May  7 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: input_userauth_request: invalid user drupal [preauth]
May  7 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Failed password for invalid user drupal from 196.251.84.225 port 53130 ssh2
May  7 15:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Connection closed by 196.251.84.225 port 53130 [preauth]
May  7 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25690]: pam_unix(cron:session): session closed for user root
May  7 15:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: Invalid user rancher from 196.251.84.225
May  7 15:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: input_userauth_request: invalid user rancher [preauth]
May  7 15:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: Failed password for invalid user rancher from 196.251.84.225 port 53322 ssh2
May  7 15:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27195]: Connection closed by 196.251.84.225 port 53322 [preauth]
May  7 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session closed for user p13x
May  7 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27283]: Successful su for rubyman by root
May  7 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27283]: + ??? root:rubyman
May  7 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347411 of user rubyman.
May  7 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27283]: pam_unix(su:session): session closed for user rubyman
May  7 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347411.
May  7 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session closed for user root
May  7 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session closed for user samftp
May  7 15:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: Invalid user esadmin from 196.251.84.225
May  7 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: input_userauth_request: invalid user esadmin [preauth]
May  7 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: Failed password for invalid user esadmin from 196.251.84.225 port 38474 ssh2
May  7 15:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27586]: Connection closed by 196.251.84.225 port 38474 [preauth]
May  7 15:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26152]: pam_unix(cron:session): session closed for user root
May  7 15:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Invalid user mapr from 196.251.84.225
May  7 15:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: input_userauth_request: invalid user mapr [preauth]
May  7 15:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27690]: pam_unix(cron:session): session closed for user p13x
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27751]: Successful su for rubyman by root
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27751]: + ??? root:rubyman
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347417 of user rubyman.
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27751]: pam_unix(su:session): session closed for user rubyman
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347417.
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Failed password for invalid user mapr from 196.251.84.225 port 53154 ssh2
May  7 15:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27679]: Connection closed by 196.251.84.225 port 53154 [preauth]
May  7 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session closed for user root
May  7 15:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27691]: pam_unix(cron:session): session closed for user samftp
May  7 15:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Invalid user mohsen from 64.23.161.151
May  7 15:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: input_userauth_request: invalid user mohsen [preauth]
May  7 15:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Failed password for invalid user mohsen from 64.23.161.151 port 46538 ssh2
May  7 15:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Connection closed by 64.23.161.151 port 46538 [preauth]
May  7 15:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: Invalid user lighthouse from 196.251.84.225
May  7 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: input_userauth_request: invalid user lighthouse [preauth]
May  7 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session closed for user root
May  7 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: Failed password for invalid user lighthouse from 196.251.84.225 port 42124 ssh2
May  7 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28010]: Connection closed by 196.251.84.225 port 42124 [preauth]
May  7 15:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session closed for user p13x
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: Successful su for rubyman by root
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: + ??? root:rubyman
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347418 of user rubyman.
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: pam_unix(su:session): session closed for user rubyman
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347418.
May  7 15:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25229]: pam_unix(cron:session): session closed for user root
May  7 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Failed password for root from 196.251.84.225 port 45602 ssh2
May  7 15:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session closed for user samftp
May  7 15:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28198]: Connection closed by 196.251.84.225 port 45602 [preauth]
May  7 15:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: Invalid user pandey from 46.244.96.25
May  7 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: input_userauth_request: invalid user pandey [preauth]
May  7 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 15:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: Failed password for invalid user pandey from 46.244.96.25 port 39926 ssh2
May  7 15:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28375]: Connection closed by 46.244.96.25 port 39926 [preauth]
May  7 15:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user root
May  7 15:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Did not receive identification string from 218.92.0.203
May  7 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Invalid user jupyter from 196.251.84.225
May  7 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: input_userauth_request: invalid user jupyter [preauth]
May  7 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Invalid user user02 from 23.94.179.104
May  7 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: input_userauth_request: invalid user user02 [preauth]
May  7 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  7 15:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Failed password for invalid user jupyter from 196.251.84.225 port 50630 ssh2
May  7 15:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28453]: Connection closed by 196.251.84.225 port 50630 [preauth]
May  7 15:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Failed password for invalid user user02 from 23.94.179.104 port 49822 ssh2
May  7 15:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28090]: Connection closed by 23.94.179.104 port 49822 [preauth]
May  7 15:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: Invalid user test from 194.0.234.19
May  7 15:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: input_userauth_request: invalid user test [preauth]
May  7 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 15:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: Failed password for invalid user test from 194.0.234.19 port 57880 ssh2
May  7 15:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28489]: Connection closed by 194.0.234.19 port 57880 [preauth]
May  7 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session closed for user root
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user p13x
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28596]: Successful su for rubyman by root
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28596]: + ??? root:rubyman
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347422 of user rubyman.
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28596]: pam_unix(su:session): session closed for user rubyman
May  7 15:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347422.
May  7 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: Invalid user oracle from 196.251.84.225
May  7 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: input_userauth_request: invalid user oracle [preauth]
May  7 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session closed for user root
May  7 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28521]: pam_unix(cron:session): session closed for user root
May  7 15:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: Failed password for invalid user oracle from 196.251.84.225 port 57346 ssh2
May  7 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28592]: Connection closed by 196.251.84.225 port 57346 [preauth]
May  7 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user samftp
May  7 15:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: input_userauth_request: invalid user mysql [preauth]
May  7 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  7 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session closed for user root
May  7 15:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Failed password for invalid user mysql from 196.251.84.225 port 43710 ssh2
May  7 15:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28867]: Connection closed by 196.251.84.225 port 43710 [preauth]
May  7 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28963]: pam_unix(cron:session): session closed for user p13x
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29113]: Successful su for rubyman by root
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29113]: + ??? root:rubyman
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347428 of user rubyman.
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29113]: pam_unix(su:session): session closed for user rubyman
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347428.
May  7 15:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user root
May  7 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28964]: pam_unix(cron:session): session closed for user samftp
May  7 15:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29144]: Failed password for root from 196.251.84.225 port 47038 ssh2
May  7 15:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29144]: Connection closed by 196.251.84.225 port 47038 [preauth]
May  7 15:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Invalid user red5 from 196.251.84.225
May  7 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: input_userauth_request: invalid user red5 [preauth]
May  7 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session closed for user root
May  7 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Failed password for invalid user red5 from 196.251.84.225 port 34354 ssh2
May  7 15:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29382]: Connection closed by 196.251.84.225 port 34354 [preauth]
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29475]: pam_unix(cron:session): session closed for user p13x
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: Successful su for rubyman by root
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: + ??? root:rubyman
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347434 of user rubyman.
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29541]: pam_unix(su:session): session closed for user rubyman
May  7 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347434.
May  7 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: Invalid user caddy from 196.251.84.225
May  7 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: input_userauth_request: invalid user caddy [preauth]
May  7 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session closed for user root
May  7 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: Failed password for invalid user caddy from 196.251.84.225 port 46994 ssh2
May  7 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29535]: Connection closed by 196.251.84.225 port 46994 [preauth]
May  7 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29476]: pam_unix(cron:session): session closed for user samftp
May  7 15:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: Invalid user sysadmin from 196.251.84.225
May  7 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: input_userauth_request: invalid user sysadmin [preauth]
May  7 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user root
May  7 15:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: Failed password for invalid user sysadmin from 196.251.84.225 port 39468 ssh2
May  7 15:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29799]: Connection closed by 196.251.84.225 port 39468 [preauth]
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session closed for user p13x
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: Successful su for rubyman by root
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: + ??? root:rubyman
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347436 of user rubyman.
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29951]: pam_unix(su:session): session closed for user rubyman
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347436.
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: Invalid user satisfactory from 196.251.84.225
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: input_userauth_request: invalid user satisfactory [preauth]
May  7 15:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112  user=root
May  7 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Failed password for root from 80.94.95.112 port 63538 ssh2
May  7 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session closed for user root
May  7 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: Failed password for invalid user satisfactory from 196.251.84.225 port 54004 ssh2
May  7 15:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29880]: Connection closed by 196.251.84.225 port 54004 [preauth]
May  7 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Failed password for root from 80.94.95.112 port 63538 ssh2
May  7 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session closed for user samftp
May  7 15:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Failed password for root from 80.94.95.112 port 63538 ssh2
May  7 15:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: message repeated 2 times: [ Failed password for root from 80.94.95.112 port 63538 ssh2]
May  7 15:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Received disconnect from 80.94.95.112 port 63538:11: Bye [preauth]
May  7 15:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: Disconnected from 80.94.95.112 port 63538 [preauth]
May  7 15:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112  user=root
May  7 15:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29883]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Invalid user tomcat from 196.251.84.225
May  7 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: input_userauth_request: invalid user tomcat [preauth]
May  7 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Failed password for invalid user tomcat from 196.251.84.225 port 46806 ssh2
May  7 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30203]: Connection closed by 196.251.84.225 port 46806 [preauth]
May  7 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session closed for user root
May  7 15:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Invalid user hadoop from 196.251.84.225
May  7 15:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: input_userauth_request: invalid user hadoop [preauth]
May  7 15:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30285]: pam_unix(cron:session): session closed for user p13x
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Failed password for invalid user hadoop from 196.251.84.225 port 44792 ssh2
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30413]: Successful su for rubyman by root
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30413]: + ??? root:rubyman
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30413]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347442 of user rubyman.
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30413]: pam_unix(su:session): session closed for user rubyman
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30278]: Connection closed by 196.251.84.225 port 44792 [preauth]
May  7 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347442.
May  7 15:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user root
May  7 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27692]: pam_unix(cron:session): session closed for user root
May  7 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session closed for user samftp
May  7 15:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Invalid user airflow from 196.251.84.225
May  7 15:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: input_userauth_request: invalid user airflow [preauth]
May  7 15:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Failed password for invalid user airflow from 196.251.84.225 port 33744 ssh2
May  7 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29478]: pam_unix(cron:session): session closed for user root
May  7 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30690]: Connection closed by 196.251.84.225 port 33744 [preauth]
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30782]: pam_unix(cron:session): session closed for user root
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30777]: pam_unix(cron:session): session closed for user p13x
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30849]: Successful su for rubyman by root
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30849]: + ??? root:rubyman
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347445 of user rubyman.
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30849]: pam_unix(su:session): session closed for user rubyman
May  7 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347445.
May  7 15:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30779]: pam_unix(cron:session): session closed for user root
May  7 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30825]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30825]: input_userauth_request: invalid user www-data [preauth]
May  7 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session closed for user root
May  7 15:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 15:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30778]: pam_unix(cron:session): session closed for user samftp
May  7 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30825]: Failed password for invalid user www-data from 196.251.84.225 port 50044 ssh2
May  7 15:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30825]: Connection closed by 196.251.84.225 port 50044 [preauth]
May  7 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session closed for user root
May  7 15:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: Invalid user omsagent from 196.251.84.225
May  7 15:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: input_userauth_request: invalid user omsagent [preauth]
May  7 15:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: Failed password for invalid user omsagent from 196.251.84.225 port 46986 ssh2
May  7 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31238]: Connection closed by 196.251.84.225 port 46986 [preauth]
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31314]: pam_unix(cron:session): session closed for user p13x
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: Successful su for rubyman by root
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: + ??? root:rubyman
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347451 of user rubyman.
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31382]: pam_unix(su:session): session closed for user rubyman
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347451.
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Invalid user nya from 64.23.161.151
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: input_userauth_request: invalid user nya [preauth]
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for invalid user nya from 64.23.161.151 port 60992 ssh2
May  7 15:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Connection closed by 64.23.161.151 port 60992 [preauth]
May  7 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Invalid user centos from 196.251.84.225
May  7 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: input_userauth_request: invalid user centos [preauth]
May  7 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user root
May  7 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31315]: pam_unix(cron:session): session closed for user samftp
May  7 15:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Failed password for invalid user centos from 196.251.84.225 port 59970 ssh2
May  7 15:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Connection closed by 196.251.84.225 port 59970 [preauth]
May  7 15:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user root
May  7 15:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Failed password for root from 196.251.84.225 port 47364 ssh2
May  7 15:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31703]: Connection closed by 196.251.84.225 port 47364 [preauth]
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31752]: pam_unix(cron:session): session closed for user p13x
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31814]: Successful su for rubyman by root
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31814]: + ??? root:rubyman
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347456 of user rubyman.
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31814]: pam_unix(su:session): session closed for user rubyman
May  7 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347456.
May  7 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: Failed password for root from 218.92.0.179 port 64874 ssh2
May  7 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session closed for user root
May  7 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31753]: pam_unix(cron:session): session closed for user samftp
May  7 15:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: Failed password for root from 218.92.0.179 port 64874 ssh2
May  7 15:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Invalid user steam from 196.251.84.225
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: input_userauth_request: invalid user steam [preauth]
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: Failed password for root from 218.92.0.179 port 64874 ssh2
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: Received disconnect from 218.92.0.179 port 64874:11:  [preauth]
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: Disconnected from 218.92.0.179 port 64874 [preauth]
May  7 15:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31848]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user steam from 196.251.84.225 port 59698 ssh2
May  7 15:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Connection closed by 196.251.84.225 port 59698 [preauth]
May  7 15:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30781]: pam_unix(cron:session): session closed for user root
May  7 15:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: Invalid user oracle from 196.251.84.225
May  7 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: input_userauth_request: invalid user oracle [preauth]
May  7 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: Failed password for invalid user oracle from 196.251.84.225 port 56476 ssh2
May  7 15:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32409]: Connection closed by 196.251.84.225 port 56476 [preauth]
May  7 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session closed for user p13x
May  7 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: Successful su for rubyman by root
May  7 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: + ??? root:rubyman
May  7 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347461 of user rubyman.
May  7 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32543]: pam_unix(su:session): session closed for user rubyman
May  7 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347461.
May  7 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29477]: pam_unix(cron:session): session closed for user root
May  7 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32472]: pam_unix(cron:session): session closed for user samftp
May  7 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: Invalid user guest from 196.251.84.225
May  7 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: input_userauth_request: invalid user guest [preauth]
May  7 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: Failed password for invalid user guest from 196.251.84.225 port 33848 ssh2
May  7 15:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[380]: Connection closed by 196.251.84.225 port 33848 [preauth]
May  7 15:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: Failed password for root from 218.92.0.179 port 30322 ssh2
May  7 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31317]: pam_unix(cron:session): session closed for user root
May  7 15:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: Failed password for root from 218.92.0.179 port 30322 ssh2
May  7 15:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: Failed password for root from 218.92.0.179 port 30322 ssh2
May  7 15:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: Received disconnect from 218.92.0.179 port 30322:11:  [preauth]
May  7 15:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: Disconnected from 218.92.0.179 port 30322 [preauth]
May  7 15:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 15:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: input_userauth_request: invalid user www-data [preauth]
May  7 15:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  7 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Failed password for invalid user www-data from 196.251.84.225 port 59432 ssh2
May  7 15:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[538]: Connection closed by 196.251.84.225 port 59432 [preauth]
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[605]: pam_unix(cron:session): session closed for user p13x
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: Successful su for rubyman by root
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: + ??? root:rubyman
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347464 of user rubyman.
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[673]: pam_unix(su:session): session closed for user rubyman
May  7 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347464.
May  7 15:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Invalid user elasticsearch from 196.251.84.225
May  7 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session closed for user root
May  7 15:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[606]: pam_unix(cron:session): session closed for user samftp
May  7 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Failed password for invalid user elasticsearch from 196.251.84.225 port 38642 ssh2
May  7 15:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Connection closed by 196.251.84.225 port 38642 [preauth]
May  7 15:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Invalid user tomcat from 196.251.84.225
May  7 15:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: input_userauth_request: invalid user tomcat [preauth]
May  7 15:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Failed password for invalid user tomcat from 196.251.84.225 port 51348 ssh2
May  7 15:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[979]: Connection closed by 196.251.84.225 port 51348 [preauth]
May  7 15:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user root
May  7 15:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Invalid user jenkins from 196.251.84.225
May  7 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: input_userauth_request: invalid user jenkins [preauth]
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1098]: pam_unix(cron:session): session closed for user root
May  7 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1093]: pam_unix(cron:session): session closed for user p13x
May  7 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: Successful su for rubyman by root
May  7 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: + ??? root:rubyman
May  7 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347469 of user rubyman.
May  7 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1168]: pam_unix(su:session): session closed for user rubyman
May  7 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347469.
May  7 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Failed password for invalid user jenkins from 196.251.84.225 port 36208 ssh2
May  7 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1077]: Connection closed by 196.251.84.225 port 36208 [preauth]
May  7 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1095]: pam_unix(cron:session): session closed for user root
May  7 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user root
May  7 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1094]: pam_unix(cron:session): session closed for user samftp
May  7 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Invalid user postgres from 194.0.234.19
May  7 15:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: input_userauth_request: invalid user postgres [preauth]
May  7 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: Invalid user dstserver from 196.251.84.225
May  7 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: input_userauth_request: invalid user dstserver [preauth]
May  7 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Failed password for invalid user postgres from 194.0.234.19 port 23292 ssh2
May  7 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1494]: Connection closed by 194.0.234.19 port 23292 [preauth]
May  7 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: Failed password for invalid user dstserver from 196.251.84.225 port 57902 ssh2
May  7 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1503]: Connection closed by 196.251.84.225 port 57902 [preauth]
May  7 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32474]: pam_unix(cron:session): session closed for user root
May  7 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Invalid user lczheng from 50.235.31.47
May  7 15:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: input_userauth_request: invalid user lczheng [preauth]
May  7 15:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Failed password for invalid user lczheng from 50.235.31.47 port 57474 ssh2
May  7 15:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1586]: Connection closed by 50.235.31.47 port 57474 [preauth]
May  7 15:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  7 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: input_userauth_request: invalid user bin [preauth]
May  7 15:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  7 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Failed password for invalid user bin from 196.251.84.225 port 44904 ssh2
May  7 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: Connection closed by 196.251.84.225 port 44904 [preauth]
May  7 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1611]: pam_unix(cron:session): session closed for user p13x
May  7 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1687]: Successful su for rubyman by root
May  7 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1687]: + ??? root:rubyman
May  7 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347474 of user rubyman.
May  7 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1687]: pam_unix(su:session): session closed for user rubyman
May  7 15:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347474.
May  7 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30780]: pam_unix(cron:session): session closed for user root
May  7 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1612]: pam_unix(cron:session): session closed for user samftp
May  7 15:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Invalid user drupal from 196.251.84.225
May  7 15:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: input_userauth_request: invalid user drupal [preauth]
May  7 15:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Failed password for invalid user drupal from 196.251.84.225 port 56968 ssh2
May  7 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Connection closed by 196.251.84.225 port 56968 [preauth]
May  7 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[608]: pam_unix(cron:session): session closed for user root
May  7 15:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Invalid user satisfactory from 196.251.84.225
May  7 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: input_userauth_request: invalid user satisfactory [preauth]
May  7 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Failed password for invalid user satisfactory from 196.251.84.225 port 59396 ssh2
May  7 15:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2131]: Connection closed by 196.251.84.225 port 59396 [preauth]
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2141]: pam_unix(cron:session): session closed for user root
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2147]: pam_unix(cron:session): session closed for user p13x
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2211]: Successful su for rubyman by root
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2211]: + ??? root:rubyman
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347479 of user rubyman.
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2211]: pam_unix(su:session): session closed for user rubyman
May  7 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347479.
May  7 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31316]: pam_unix(cron:session): session closed for user root
May  7 15:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session closed for user samftp
May  7 15:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Invalid user centos from 196.251.84.225
May  7 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: input_userauth_request: invalid user centos [preauth]
May  7 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Failed password for invalid user centos from 196.251.84.225 port 43918 ssh2
May  7 15:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2454]: Connection closed by 196.251.84.225 port 43918 [preauth]
May  7 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1097]: pam_unix(cron:session): session closed for user root
May  7 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Invalid user test from 196.251.84.225
May  7 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: input_userauth_request: invalid user test [preauth]
May  7 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Failed password for invalid user test from 196.251.84.225 port 33262 ssh2
May  7 15:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2562]: Connection closed by 196.251.84.225 port 33262 [preauth]
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session closed for user p13x
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2653]: Successful su for rubyman by root
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2653]: + ??? root:rubyman
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347483 of user rubyman.
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2653]: pam_unix(su:session): session closed for user rubyman
May  7 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347483.
May  7 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31754]: pam_unix(cron:session): session closed for user root
May  7 15:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session closed for user samftp
May  7 15:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: Failed password for root from 196.251.84.225 port 56942 ssh2
May  7 15:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: Connection closed by 196.251.84.225 port 56942 [preauth]
May  7 15:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1614]: pam_unix(cron:session): session closed for user root
May  7 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: Invalid user parsa from 64.23.161.151
May  7 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: input_userauth_request: invalid user parsa [preauth]
May  7 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Invalid user sftp from 196.251.84.225
May  7 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: input_userauth_request: invalid user sftp [preauth]
May  7 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: Failed password for invalid user parsa from 64.23.161.151 port 57098 ssh2
May  7 15:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3001]: Connection closed by 64.23.161.151 port 57098 [preauth]
May  7 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for invalid user sftp from 196.251.84.225 port 38790 ssh2
May  7 15:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Connection closed by 196.251.84.225 port 38790 [preauth]
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3022]: pam_unix(cron:session): session closed for user p13x
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3081]: Successful su for rubyman by root
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3081]: + ??? root:rubyman
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347487 of user rubyman.
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3081]: pam_unix(su:session): session closed for user rubyman
May  7 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347487.
May  7 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session closed for user root
May  7 15:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3023]: pam_unix(cron:session): session closed for user samftp
May  7 15:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Invalid user jack from 196.251.84.225
May  7 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: input_userauth_request: invalid user jack [preauth]
May  7 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Failed password for invalid user jack from 196.251.84.225 port 48734 ssh2
May  7 15:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3307]: Connection closed by 196.251.84.225 port 48734 [preauth]
May  7 15:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2150]: pam_unix(cron:session): session closed for user root
May  7 15:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Invalid user jito from 196.251.84.225
May  7 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: input_userauth_request: invalid user jito [preauth]
May  7 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Failed password for invalid user jito from 196.251.84.225 port 41272 ssh2
May  7 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3414]: Connection closed by 196.251.84.225 port 41272 [preauth]
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3458]: pam_unix(cron:session): session closed for user root
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user p13x
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: Successful su for rubyman by root
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: + ??? root:rubyman
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347491 of user rubyman.
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3526]: pam_unix(su:session): session closed for user rubyman
May  7 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347491.
May  7 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[607]: pam_unix(cron:session): session closed for user root
May  7 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user root
May  7 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session closed for user samftp
May  7 15:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Failed password for root from 218.92.0.179 port 33556 ssh2
May  7 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 33556 ssh2]
May  7 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Received disconnect from 218.92.0.179 port 33556:11:  [preauth]
May  7 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: Disconnected from 218.92.0.179 port 33556 [preauth]
May  7 15:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3770]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Invalid user deploy from 196.251.84.225
May  7 15:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: input_userauth_request: invalid user deploy [preauth]
May  7 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Failed password for invalid user deploy from 196.251.84.225 port 45614 ssh2
May  7 15:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Connection closed by 196.251.84.225 port 45614 [preauth]
May  7 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2595]: pam_unix(cron:session): session closed for user root
May  7 15:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Invalid user terraria from 196.251.84.225
May  7 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: input_userauth_request: invalid user terraria [preauth]
May  7 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Failed password for invalid user terraria from 196.251.84.225 port 53178 ssh2
May  7 15:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3892]: Connection closed by 196.251.84.225 port 53178 [preauth]
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session closed for user p13x
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4017]: Successful su for rubyman by root
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4017]: + ??? root:rubyman
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347497 of user rubyman.
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4017]: pam_unix(su:session): session closed for user rubyman
May  7 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347497.
May  7 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1096]: pam_unix(cron:session): session closed for user root
May  7 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session closed for user samftp
May  7 15:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Invalid user steam from 196.251.84.225
May  7 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: input_userauth_request: invalid user steam [preauth]
May  7 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Failed password for invalid user steam from 196.251.84.225 port 41862 ssh2
May  7 15:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4229]: Connection closed by 196.251.84.225 port 41862 [preauth]
May  7 15:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3025]: pam_unix(cron:session): session closed for user root
May  7 15:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Failed password for root from 196.251.84.225 port 38438 ssh2
May  7 15:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4466]: Connection closed by 196.251.84.225 port 38438 [preauth]
May  7 15:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Invalid user  from 91.108.245.210
May  7 15:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: input_userauth_request: invalid user  [preauth]
May  7 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4523]: pam_unix(cron:session): session closed for user p13x
May  7 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: Successful su for rubyman by root
May  7 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: + ??? root:rubyman
May  7 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347501 of user rubyman.
May  7 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4592]: pam_unix(su:session): session closed for user rubyman
May  7 15:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347501.
May  7 15:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4498]: Connection closed by 91.108.245.210 port 44210 [preauth]
May  7 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1613]: pam_unix(cron:session): session closed for user root
May  7 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4524]: pam_unix(cron:session): session closed for user samftp
May  7 15:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: Invalid user gmod from 196.251.84.225
May  7 15:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: input_userauth_request: invalid user gmod [preauth]
May  7 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: Failed password for invalid user gmod from 196.251.84.225 port 55598 ssh2
May  7 15:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4795]: Connection closed by 196.251.84.225 port 55598 [preauth]
May  7 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3457]: pam_unix(cron:session): session closed for user root
May  7 15:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Failed password for root from 196.251.84.225 port 38664 ssh2
May  7 15:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Connection closed by 196.251.84.225 port 38664 [preauth]
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4951]: pam_unix(cron:session): session closed for user p13x
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: Successful su for rubyman by root
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: + ??? root:rubyman
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347505 of user rubyman.
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: pam_unix(su:session): session closed for user rubyman
May  7 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347505.
May  7 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session closed for user root
May  7 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4952]: pam_unix(cron:session): session closed for user samftp
May  7 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Invalid user gerbera from 196.251.84.225
May  7 15:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: input_userauth_request: invalid user gerbera [preauth]
May  7 15:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user gerbera from 196.251.84.225 port 36216 ssh2
May  7 15:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Connection closed by 196.251.84.225 port 36216 [preauth]
May  7 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user root
May  7 15:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Failed password for root from 196.251.84.225 port 59500 ssh2
May  7 15:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5506]: Connection closed by 196.251.84.225 port 59500 [preauth]
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5594]: pam_unix(cron:session): session closed for user p13x
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: Successful su for rubyman by root
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: + ??? root:rubyman
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347508 of user rubyman.
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5670]: pam_unix(su:session): session closed for user rubyman
May  7 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347508.
May  7 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session closed for user root
May  7 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5596]: pam_unix(cron:session): session closed for user samftp
May  7 15:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Invalid user gitlab-runner from 196.251.84.225
May  7 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: input_userauth_request: invalid user gitlab-runner [preauth]
May  7 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Failed password for invalid user gitlab-runner from 196.251.84.225 port 56596 ssh2
May  7 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5941]: Connection closed by 196.251.84.225 port 56596 [preauth]
May  7 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4527]: pam_unix(cron:session): session closed for user root
May  7 15:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Failed password for root from 196.251.84.225 port 40706 ssh2
May  7 15:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Connection closed by 196.251.84.225 port 40706 [preauth]
May  7 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6120]: pam_unix(cron:session): session closed for user root
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6112]: pam_unix(cron:session): session closed for user p13x
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: Successful su for rubyman by root
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: + ??? root:rubyman
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347512 of user rubyman.
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6188]: pam_unix(su:session): session closed for user rubyman
May  7 15:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347512.
May  7 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3024]: pam_unix(cron:session): session closed for user root
May  7 15:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6114]: pam_unix(cron:session): session closed for user root
May  7 15:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Invalid user pal from 196.251.84.225
May  7 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: input_userauth_request: invalid user pal [preauth]
May  7 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6113]: pam_unix(cron:session): session closed for user samftp
May  7 15:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Failed password for invalid user pal from 196.251.84.225 port 59222 ssh2
May  7 15:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Connection closed by 196.251.84.225 port 59222 [preauth]
May  7 15:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4954]: pam_unix(cron:session): session closed for user root
May  7 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Invalid user admin from 80.94.95.116
May  7 15:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: input_userauth_request: invalid user admin [preauth]
May  7 15:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 15:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: Invalid user omsagent from 196.251.84.225
May  7 15:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: input_userauth_request: invalid user omsagent [preauth]
May  7 15:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Failed password for invalid user admin from 80.94.95.116 port 51094 ssh2
May  7 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6472]: Connection closed by 80.94.95.116 port 51094 [preauth]
May  7 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6471]: Connection reset by 205.210.31.49 port 65388 [preauth]
May  7 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: Failed password for invalid user omsagent from 196.251.84.225 port 36866 ssh2
May  7 15:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6488]: Connection closed by 196.251.84.225 port 36866 [preauth]
May  7 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Invalid user admin from 80.94.95.241
May  7 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: input_userauth_request: invalid user admin [preauth]
May  7 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 15:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Failed password for invalid user admin from 80.94.95.241 port 39033 ssh2
May  7 15:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Failed password for invalid user admin from 80.94.95.241 port 39033 ssh2
May  7 15:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Failed password for invalid user admin from 80.94.95.241 port 39033 ssh2
May  7 15:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Failed password for invalid user admin from 80.94.95.241 port 39033 ssh2
May  7 15:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Failed password for invalid user admin from 80.94.95.241 port 39033 ssh2
May  7 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Received disconnect from 80.94.95.241 port 39033:11: Bye [preauth]
May  7 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: Disconnected from 80.94.95.241 port 39033 [preauth]
May  7 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 15:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6513]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6552]: pam_unix(cron:session): session closed for user p13x
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6621]: Successful su for rubyman by root
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6621]: + ??? root:rubyman
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347518 of user rubyman.
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6621]: pam_unix(su:session): session closed for user rubyman
May  7 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347518.
May  7 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session closed for user root
May  7 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Invalid user nvidia from 196.251.84.225
May  7 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: input_userauth_request: invalid user nvidia [preauth]
May  7 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6553]: pam_unix(cron:session): session closed for user samftp
May  7 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Failed password for invalid user nvidia from 196.251.84.225 port 46558 ssh2
May  7 15:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6794]: Connection closed by 196.251.84.225 port 46558 [preauth]
May  7 15:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5598]: pam_unix(cron:session): session closed for user root
May  7 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6888]: Failed password for root from 196.251.84.225 port 35882 ssh2
May  7 15:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6888]: Connection closed by 196.251.84.225 port 35882 [preauth]
May  7 15:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Invalid user t from 195.178.110.50
May  7 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: input_userauth_request: invalid user t [preauth]
May  7 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Invalid user salmonn from 64.23.161.151
May  7 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: input_userauth_request: invalid user salmonn [preauth]
May  7 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Failed password for invalid user t from 195.178.110.50 port 48164 ssh2
May  7 15:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Failed password for invalid user salmonn from 64.23.161.151 port 49066 ssh2
May  7 15:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7066]: Connection closed by 64.23.161.151 port 49066 [preauth]
May  7 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7042]: Connection closed by 195.178.110.50 port 48164 [preauth]
May  7 15:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session closed for user p13x
May  7 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7156]: Successful su for rubyman by root
May  7 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7156]: + ??? root:rubyman
May  7 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347523 of user rubyman.
May  7 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7156]: pam_unix(su:session): session closed for user rubyman
May  7 15:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347523.
May  7 15:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session closed for user root
May  7 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session closed for user samftp
May  7 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Invalid user oracle from 196.251.84.225
May  7 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: input_userauth_request: invalid user oracle [preauth]
May  7 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Failed password for invalid user oracle from 196.251.84.225 port 57352 ssh2
May  7 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7219]: Connection closed by 196.251.84.225 port 57352 [preauth]
May  7 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: Invalid user 7 from 195.178.110.50
May  7 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: input_userauth_request: invalid user 7 [preauth]
May  7 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 15:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: Failed password for invalid user 7 from 195.178.110.50 port 20316 ssh2
May  7 15:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7074]: Connection closed by 195.178.110.50 port 20316 [preauth]
May  7 15:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Invalid user X from 195.178.110.50
May  7 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: input_userauth_request: invalid user X [preauth]
May  7 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 15:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Failed password for invalid user X from 195.178.110.50 port 46766 ssh2
May  7 15:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: Connection closed by 195.178.110.50 port 46766 [preauth]
May  7 15:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Invalid user y from 195.178.110.50
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: input_userauth_request: invalid user y [preauth]
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Invalid user solana from 196.251.84.225
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: input_userauth_request: invalid user solana [preauth]
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Failed password for invalid user y from 195.178.110.50 port 41932 ssh2
May  7 15:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Failed password for invalid user solana from 196.251.84.225 port 54216 ssh2
May  7 15:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7403]: Connection closed by 196.251.84.225 port 54216 [preauth]
May  7 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7380]: Connection closed by 195.178.110.50 port 41932 [preauth]
May  7 15:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6119]: pam_unix(cron:session): session closed for user root
May  7 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Invalid user < from 195.178.110.50
May  7 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: input_userauth_request: invalid user < [preauth]
May  7 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 15:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Failed password for invalid user < from 195.178.110.50 port 58924 ssh2
May  7 15:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7413]: Connection closed by 195.178.110.50 port 58924 [preauth]
May  7 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Invalid user oracle from 196.251.84.225
May  7 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: input_userauth_request: invalid user oracle [preauth]
May  7 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Failed password for invalid user oracle from 196.251.84.225 port 38034 ssh2
May  7 15:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: Connection closed by 196.251.84.225 port 38034 [preauth]
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7593]: pam_unix(cron:session): session closed for user p13x
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7665]: Successful su for rubyman by root
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7665]: + ??? root:rubyman
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347527 of user rubyman.
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7665]: pam_unix(su:session): session closed for user rubyman
May  7 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347527.
May  7 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4525]: pam_unix(cron:session): session closed for user root
May  7 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7594]: pam_unix(cron:session): session closed for user samftp
May  7 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Invalid user www from 196.251.84.225
May  7 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: input_userauth_request: invalid user www [preauth]
May  7 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Failed password for invalid user www from 196.251.84.225 port 49006 ssh2
May  7 15:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7909]: Connection closed by 196.251.84.225 port 49006 [preauth]
May  7 15:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6555]: pam_unix(cron:session): session closed for user root
May  7 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Invalid user app from 196.251.84.225
May  7 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: input_userauth_request: invalid user app [preauth]
May  7 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Failed password for invalid user app from 196.251.84.225 port 37042 ssh2
May  7 15:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8006]: Connection closed by 196.251.84.225 port 37042 [preauth]
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session closed for user p13x
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: Successful su for rubyman by root
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: + ??? root:rubyman
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347532 of user rubyman.
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8090]: pam_unix(su:session): session closed for user rubyman
May  7 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347532.
May  7 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4953]: pam_unix(cron:session): session closed for user root
May  7 15:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8026]: pam_unix(cron:session): session closed for user samftp
May  7 15:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Invalid user virtualbox from 196.251.84.225
May  7 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: input_userauth_request: invalid user virtualbox [preauth]
May  7 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Failed password for invalid user virtualbox from 196.251.84.225 port 43860 ssh2
May  7 15:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8328]: Connection closed by 196.251.84.225 port 43860 [preauth]
May  7 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7087]: pam_unix(cron:session): session closed for user root
May  7 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Invalid user steam from 196.251.84.225
May  7 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: input_userauth_request: invalid user steam [preauth]
May  7 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for invalid user steam from 196.251.84.225 port 60942 ssh2
May  7 15:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Connection closed by 196.251.84.225 port 60942 [preauth]
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8470]: pam_unix(cron:session): session closed for user root
May  7 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8464]: pam_unix(cron:session): session closed for user p13x
May  7 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: Successful su for rubyman by root
May  7 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: + ??? root:rubyman
May  7 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347538 of user rubyman.
May  7 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: pam_unix(su:session): session closed for user rubyman
May  7 15:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347538.
May  7 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8466]: pam_unix(cron:session): session closed for user root
May  7 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5597]: pam_unix(cron:session): session closed for user root
May  7 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8465]: pam_unix(cron:session): session closed for user samftp
May  7 15:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for root from 218.92.0.179 port 40023 ssh2
May  7 15:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for root from 218.92.0.179 port 40023 ssh2
May  7 15:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Invalid user redis from 196.251.84.225
May  7 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: input_userauth_request: invalid user redis [preauth]
May  7 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Failed password for root from 218.92.0.179 port 40023 ssh2
May  7 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Received disconnect from 218.92.0.179 port 40023:11:  [preauth]
May  7 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: Disconnected from 218.92.0.179 port 40023 [preauth]
May  7 15:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8740]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Failed password for invalid user redis from 196.251.84.225 port 42388 ssh2
May  7 15:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8772]: Connection closed by 196.251.84.225 port 42388 [preauth]
May  7 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session closed for user root
May  7 15:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Invalid user ubuntu from 196.251.84.225
May  7 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: input_userauth_request: invalid user ubuntu [preauth]
May  7 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Failed password for invalid user ubuntu from 196.251.84.225 port 41740 ssh2
May  7 15:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Connection closed by 196.251.84.225 port 41740 [preauth]
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8928]: pam_unix(cron:session): session closed for user p13x
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: Successful su for rubyman by root
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: + ??? root:rubyman
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347540 of user rubyman.
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8999]: pam_unix(su:session): session closed for user rubyman
May  7 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347540.
May  7 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session closed for user samftp
May  7 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6117]: pam_unix(cron:session): session closed for user root
May  7 15:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: Invalid user www from 196.251.84.225
May  7 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: input_userauth_request: invalid user www [preauth]
May  7 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: Failed password for invalid user www from 196.251.84.225 port 39218 ssh2
May  7 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9305]: Connection closed by 196.251.84.225 port 39218 [preauth]
May  7 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session closed for user root
May  7 15:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Invalid user ubuntu from 196.251.84.225
May  7 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: input_userauth_request: invalid user ubuntu [preauth]
May  7 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Failed password for invalid user ubuntu from 196.251.84.225 port 39652 ssh2
May  7 15:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9409]: Connection closed by 196.251.84.225 port 39652 [preauth]
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9471]: pam_unix(cron:session): session closed for user p13x
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: Successful su for rubyman by root
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: + ??? root:rubyman
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347545 of user rubyman.
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9531]: pam_unix(su:session): session closed for user rubyman
May  7 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347545.
May  7 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6554]: pam_unix(cron:session): session closed for user root
May  7 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9472]: pam_unix(cron:session): session closed for user samftp
May  7 15:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Invalid user demo from 196.251.84.225
May  7 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: input_userauth_request: invalid user demo [preauth]
May  7 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Failed password for invalid user demo from 196.251.84.225 port 55612 ssh2
May  7 15:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9715]: Connection closed by 196.251.84.225 port 55612 [preauth]
May  7 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8468]: pam_unix(cron:session): session closed for user root
May  7 15:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Invalid user wordpress from 196.251.84.225
May  7 15:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: input_userauth_request: invalid user wordpress [preauth]
May  7 15:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Failed password for invalid user wordpress from 196.251.84.225 port 41700 ssh2
May  7 15:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9814]: Connection closed by 196.251.84.225 port 41700 [preauth]
May  7 15:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9876]: pam_unix(cron:session): session closed for user p13x
May  7 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: Successful su for rubyman by root
May  7 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: + ??? root:rubyman
May  7 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347548 of user rubyman.
May  7 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: pam_unix(su:session): session closed for user rubyman
May  7 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347548.
May  7 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Invalid user gbase from 196.251.84.225
May  7 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: input_userauth_request: invalid user gbase [preauth]
May  7 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7086]: pam_unix(cron:session): session closed for user root
May  7 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Failed password for invalid user gbase from 196.251.84.225 port 33924 ssh2
May  7 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10027]: Connection closed by 196.251.84.225 port 33924 [preauth]
May  7 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user samftp
May  7 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8931]: pam_unix(cron:session): session closed for user root
May  7 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Invalid user grafana from 196.251.84.225
May  7 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: input_userauth_request: invalid user grafana [preauth]
May  7 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Failed password for invalid user grafana from 196.251.84.225 port 37886 ssh2
May  7 15:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10199]: Connection closed by 196.251.84.225 port 37886 [preauth]
May  7 15:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9832]: Connection reset by 76.182.76.228 port 58110 [preauth]
May  7 15:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10364]: pam_unix(cron:session): session closed for user p13x
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Invalid user bigdata from 196.251.84.225
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: input_userauth_request: invalid user bigdata [preauth]
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: Successful su for rubyman by root
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: + ??? root:rubyman
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347553 of user rubyman.
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: pam_unix(su:session): session closed for user rubyman
May  7 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347553.
May  7 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Failed password for invalid user bigdata from 196.251.84.225 port 38982 ssh2
May  7 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10360]: Connection closed by 196.251.84.225 port 38982 [preauth]
May  7 15:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7595]: pam_unix(cron:session): session closed for user root
May  7 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 15:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10365]: pam_unix(cron:session): session closed for user samftp
May  7 15:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Failed password for root from 218.92.0.215 port 51458 ssh2
May  7 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: message repeated 4 times: [ Failed password for root from 218.92.0.215 port 51458 ssh2]
May  7 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 51458 ssh2 [preauth]
May  7 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Disconnecting: Too many authentication failures [preauth]
May  7 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 15:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 15:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for root from 218.92.0.215 port 12332 ssh2
May  7 15:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: Invalid user fil from 196.251.84.225
May  7 15:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: input_userauth_request: invalid user fil [preauth]
May  7 15:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for root from 218.92.0.215 port 12332 ssh2
May  7 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: Failed password for invalid user fil from 196.251.84.225 port 56306 ssh2
May  7 15:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10761]: Connection closed by 196.251.84.225 port 56306 [preauth]
May  7 15:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for root from 218.92.0.215 port 12332 ssh2
May  7 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9474]: pam_unix(cron:session): session closed for user root
May  7 15:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for root from 218.92.0.215 port 12332 ssh2
May  7 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: message repeated 2 times: [ Failed password for root from 218.92.0.215 port 12332 ssh2]
May  7 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 12332 ssh2 [preauth]
May  7 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Disconnecting: Too many authentication failures [preauth]
May  7 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 15:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Failed password for root from 218.92.0.215 port 34130 ssh2
May  7 15:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Received disconnect from 218.92.0.215 port 34130:11:  [preauth]
May  7 15:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Disconnected from 218.92.0.215 port 34130 [preauth]
May  7 15:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Invalid user gpadmin from 196.251.84.225
May  7 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: input_userauth_request: invalid user gpadmin [preauth]
May  7 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for invalid user gpadmin from 196.251.84.225 port 53314 ssh2
May  7 15:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Connection closed by 196.251.84.225 port 53314 [preauth]
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user root
May  7 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10860]: pam_unix(cron:session): session closed for user p13x
May  7 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10926]: Successful su for rubyman by root
May  7 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10926]: + ??? root:rubyman
May  7 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347557 of user rubyman.
May  7 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10926]: pam_unix(su:session): session closed for user rubyman
May  7 15:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347557.
May  7 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user root
May  7 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8027]: pam_unix(cron:session): session closed for user root
May  7 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10861]: pam_unix(cron:session): session closed for user samftp
May  7 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Invalid user sudo from 64.23.161.151
May  7 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: input_userauth_request: invalid user sudo [preauth]
May  7 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Failed password for invalid user sudo from 64.23.161.151 port 49192 ssh2
May  7 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Connection closed by 64.23.161.151 port 49192 [preauth]
May  7 15:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Failed password for root from 91.108.245.210 port 48512 ssh2
May  7 15:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11168]: Connection closed by 91.108.245.210 port 48512 [preauth]
May  7 15:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Invalid user pi from 91.108.245.210
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: input_userauth_request: invalid user pi [preauth]
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Invalid user hive from 196.251.84.225
May  7 15:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: input_userauth_request: invalid user hive [preauth]
May  7 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user hive from 196.251.84.225 port 38860 ssh2
May  7 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Connection closed by 196.251.84.225 port 38860 [preauth]
May  7 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Failed password for invalid user pi from 91.108.245.210 port 48524 ssh2
May  7 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11179]: Connection closed by 91.108.245.210 port 48524 [preauth]
May  7 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Invalid user hive from 91.108.245.210
May  7 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: input_userauth_request: invalid user hive [preauth]
May  7 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Failed password for invalid user hive from 91.108.245.210 port 54332 ssh2
May  7 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11204]: Connection closed by 91.108.245.210 port 54332 [preauth]
May  7 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Invalid user git from 91.108.245.210
May  7 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: input_userauth_request: invalid user git [preauth]
May  7 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Failed password for invalid user git from 91.108.245.210 port 54344 ssh2
May  7 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11206]: Connection closed by 91.108.245.210 port 54344 [preauth]
May  7 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session closed for user root
May  7 15:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Invalid user wang from 91.108.245.210
May  7 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: input_userauth_request: invalid user wang [preauth]
May  7 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Failed password for invalid user wang from 91.108.245.210 port 55094 ssh2
May  7 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11237]: Connection closed by 91.108.245.210 port 55094 [preauth]
May  7 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Invalid user nginx from 91.108.245.210
May  7 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: input_userauth_request: invalid user nginx [preauth]
May  7 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Failed password for invalid user nginx from 91.108.245.210 port 55106 ssh2
May  7 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Connection closed by 91.108.245.210 port 55106 [preauth]
May  7 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Invalid user mongo from 91.108.245.210
May  7 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: input_userauth_request: invalid user mongo [preauth]
May  7 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Failed password for invalid user mongo from 91.108.245.210 port 55122 ssh2
May  7 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: Connection closed by 91.108.245.210 port 55122 [preauth]
May  7 15:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Invalid user user from 91.108.245.210
May  7 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: input_userauth_request: invalid user user [preauth]
May  7 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Failed password for invalid user user from 91.108.245.210 port 32990 ssh2
May  7 15:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11273]: Connection closed by 91.108.245.210 port 32990 [preauth]
May  7 15:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Invalid user oracle from 91.108.245.210
May  7 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: input_userauth_request: invalid user oracle [preauth]
May  7 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Failed password for invalid user oracle from 91.108.245.210 port 32992 ssh2
May  7 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11285]: Connection closed by 91.108.245.210 port 32992 [preauth]
May  7 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Invalid user odoo from 196.251.84.225
May  7 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: input_userauth_request: invalid user odoo [preauth]
May  7 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Invalid user gpadmin from 91.108.245.210
May  7 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: input_userauth_request: invalid user gpadmin [preauth]
May  7 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Failed password for invalid user odoo from 196.251.84.225 port 51814 ssh2
May  7 15:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11287]: Connection closed by 196.251.84.225 port 51814 [preauth]
May  7 15:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for invalid user gpadmin from 91.108.245.210 port 33002 ssh2
May  7 15:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Connection closed by 91.108.245.210 port 33002 [preauth]
May  7 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Failed password for root from 91.108.245.210 port 42836 ssh2
May  7 15:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Connection closed by 91.108.245.210 port 42836 [preauth]
May  7 15:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Invalid user esroot from 91.108.245.210
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: input_userauth_request: invalid user esroot [preauth]
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11312]: pam_unix(cron:session): session closed for user p13x
May  7 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: Successful su for rubyman by root
May  7 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: + ??? root:rubyman
May  7 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347562 of user rubyman.
May  7 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11376]: pam_unix(su:session): session closed for user rubyman
May  7 15:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347562.
May  7 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user esroot from 91.108.245.210 port 42844 ssh2
May  7 15:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Connection closed by 91.108.245.210 port 42844 [preauth]
May  7 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8467]: pam_unix(cron:session): session closed for user root
May  7 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Invalid user gitlab from 91.108.245.210
May  7 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: input_userauth_request: invalid user gitlab [preauth]
May  7 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user samftp
May  7 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Failed password for invalid user gitlab from 91.108.245.210 port 59076 ssh2
May  7 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11527]: Connection closed by 91.108.245.210 port 59076 [preauth]
May  7 15:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Invalid user apache from 91.108.245.210
May  7 15:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: input_userauth_request: invalid user apache [preauth]
May  7 15:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Failed password for invalid user apache from 91.108.245.210 port 59084 ssh2
May  7 15:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11574]: Connection closed by 91.108.245.210 port 59084 [preauth]
May  7 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Failed password for root from 91.108.245.210 port 59090 ssh2
May  7 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11584]: Connection closed by 91.108.245.210 port 59090 [preauth]
May  7 15:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Failed password for root from 91.108.245.210 port 48756 ssh2
May  7 15:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Connection closed by 91.108.245.210 port 48756 [preauth]
May  7 15:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Invalid user user from 91.108.245.210
May  7 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: input_userauth_request: invalid user user [preauth]
May  7 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Invalid user elasticsearch from 196.251.84.225
May  7 15:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for invalid user user from 91.108.245.210 port 48764 ssh2
May  7 15:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Connection closed by 91.108.245.210 port 48764 [preauth]
May  7 15:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Invalid user lighthouse from 91.108.245.210
May  7 15:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: input_userauth_request: invalid user lighthouse [preauth]
May  7 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for invalid user elasticsearch from 196.251.84.225 port 48050 ssh2
May  7 15:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Connection closed by 196.251.84.225 port 48050 [preauth]
May  7 15:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Failed password for invalid user lighthouse from 91.108.245.210 port 48772 ssh2
May  7 15:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Connection closed by 91.108.245.210 port 48772 [preauth]
May  7 15:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Invalid user flask from 91.108.245.210
May  7 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: input_userauth_request: invalid user flask [preauth]
May  7 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Failed password for invalid user flask from 91.108.245.210 port 51100 ssh2
May  7 15:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Connection closed by 91.108.245.210 port 51100 [preauth]
May  7 15:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: Invalid user user1 from 91.108.245.210
May  7 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: input_userauth_request: invalid user user1 [preauth]
May  7 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10367]: pam_unix(cron:session): session closed for user root
May  7 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: Failed password for invalid user user1 from 91.108.245.210 port 51106 ssh2
May  7 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11653]: Connection closed by 91.108.245.210 port 51106 [preauth]
May  7 15:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: Invalid user hadoop from 91.108.245.210
May  7 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: input_userauth_request: invalid user hadoop [preauth]
May  7 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: Failed password for invalid user hadoop from 91.108.245.210 port 51110 ssh2
May  7 15:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11677]: Connection closed by 91.108.245.210 port 51110 [preauth]
May  7 15:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Invalid user test from 91.108.245.210
May  7 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: input_userauth_request: invalid user test [preauth]
May  7 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Failed password for invalid user test from 91.108.245.210 port 39540 ssh2
May  7 15:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11697]: Connection closed by 91.108.245.210 port 39540 [preauth]
May  7 15:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  7 15:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: Failed password for root from 196.251.84.225 port 38664 ssh2
May  7 15:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11721]: Connection closed by 196.251.84.225 port 38664 [preauth]
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11741]: pam_unix(cron:session): session closed for user p13x
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11802]: Successful su for rubyman by root
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11802]: + ??? root:rubyman
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347566 of user rubyman.
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11802]: pam_unix(su:session): session closed for user rubyman
May  7 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347566.
May  7 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session closed for user root
May  7 15:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11742]: pam_unix(cron:session): session closed for user samftp
May  7 15:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12019]: Did not receive identification string from 91.108.245.210
May  7 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: Invalid user guest from 196.251.84.225
May  7 15:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: input_userauth_request: invalid user guest [preauth]
May  7 15:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  7 15:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: Failed password for invalid user guest from 196.251.84.225 port 43290 ssh2
May  7 15:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12018]: Connection closed by 196.251.84.225 port 43290 [preauth]
May  7 15:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for root from 91.108.245.210 port 44904 ssh2
May  7 15:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Connection closed by 91.108.245.210 port 44904 [preauth]
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Failed password for root from 91.108.245.210 port 46876 ssh2
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Connection closed by 91.108.245.210 port 46876 [preauth]
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Invalid user user1 from 91.108.245.210
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: input_userauth_request: invalid user user1 [preauth]
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session closed for user root
May  7 15:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Failed password for invalid user user1 from 91.108.245.210 port 46886 ssh2
May  7 15:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12054]: Connection closed by 91.108.245.210 port 46886 [preauth]
May  7 15:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Invalid user flink from 91.108.245.210
May  7 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: input_userauth_request: invalid user flink [preauth]
May  7 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Failed password for invalid user flink from 91.108.245.210 port 51828 ssh2
May  7 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12094]: Connection closed by 91.108.245.210 port 51828 [preauth]
May  7 15:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Invalid user apache from 91.108.245.210
May  7 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: input_userauth_request: invalid user apache [preauth]
May  7 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Failed password for root from 91.108.245.210 port 60392 ssh2
May  7 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12116]: Connection closed by 91.108.245.210 port 60392 [preauth]
May  7 15:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Failed password for invalid user apache from 91.108.245.210 port 51834 ssh2
May  7 15:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12118]: Connection closed by 91.108.245.210 port 51834 [preauth]
May  7 15:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Invalid user esuser from 91.108.245.210
May  7 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: input_userauth_request: invalid user esuser [preauth]
May  7 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Failed password for invalid user esuser from 91.108.245.210 port 60418 ssh2
May  7 15:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12129]: Connection closed by 91.108.245.210 port 60418 [preauth]
May  7 15:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Failed password for root from 91.108.245.210 port 46900 ssh2
May  7 15:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12131]: Connection closed by 91.108.245.210 port 46900 [preauth]
May  7 15:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Invalid user git from 91.108.245.210
May  7 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: input_userauth_request: invalid user git [preauth]
May  7 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12153]: pam_unix(cron:session): session closed for user p13x
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: Successful su for rubyman by root
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: + ??? root:rubyman
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347570 of user rubyman.
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12211]: pam_unix(su:session): session closed for user rubyman
May  7 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347570.
May  7 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Failed password for invalid user git from 91.108.245.210 port 45256 ssh2
May  7 15:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12142]: Connection closed by 91.108.245.210 port 45256 [preauth]
May  7 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9473]: pam_unix(cron:session): session closed for user root
May  7 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12154]: pam_unix(cron:session): session closed for user samftp
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Invalid user svnuser from 91.108.245.210
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: input_userauth_request: invalid user svnuser [preauth]
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Invalid user postgres from 91.108.245.210
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: input_userauth_request: invalid user postgres [preauth]
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Invalid user nginx from 91.108.245.210
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: input_userauth_request: invalid user nginx [preauth]
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Failed password for invalid user svnuser from 91.108.245.210 port 55740 ssh2
May  7 15:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12411]: Connection closed by 91.108.245.210 port 55740 [preauth]
May  7 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Failed password for invalid user postgres from 91.108.245.210 port 45258 ssh2
May  7 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Connection closed by 91.108.245.210 port 45258 [preauth]
May  7 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Failed password for invalid user nginx from 91.108.245.210 port 60404 ssh2
May  7 15:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12416]: Connection closed by 91.108.245.210 port 60404 [preauth]
May  7 15:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: Invalid user dolphinscheduler from 91.108.245.210
May  7 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: Failed password for invalid user dolphinscheduler from 91.108.245.210 port 55748 ssh2
May  7 15:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12426]: Connection closed by 91.108.245.210 port 55748 [preauth]
May  7 15:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Invalid user plexserver from 91.108.245.210
May  7 15:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: input_userauth_request: invalid user plexserver [preauth]
May  7 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Failed password for invalid user plexserver from 91.108.245.210 port 60448 ssh2
May  7 15:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12448]: Connection closed by 91.108.245.210 port 60448 [preauth]
May  7 15:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Failed password for root from 91.108.245.210 port 60436 ssh2
May  7 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Invalid user sonar from 91.108.245.210
May  7 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: input_userauth_request: invalid user sonar [preauth]
May  7 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Connection closed by 91.108.245.210 port 60436 [preauth]
May  7 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Failed password for invalid user sonar from 91.108.245.210 port 60450 ssh2
May  7 15:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12452]: Connection closed by 91.108.245.210 port 60450 [preauth]
May  7 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Invalid user app from 91.108.245.210
May  7 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: input_userauth_request: invalid user app [preauth]
May  7 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Invalid user tools from 91.108.245.210
May  7 15:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: input_userauth_request: invalid user tools [preauth]
May  7 15:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Failed password for invalid user app from 91.108.245.210 port 34116 ssh2
May  7 15:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Connection closed by 91.108.245.210 port 34116 [preauth]
May  7 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Failed password for invalid user tools from 91.108.245.210 port 34120 ssh2
May  7 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Connection closed by 91.108.245.210 port 34120 [preauth]
May  7 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11315]: pam_unix(cron:session): session closed for user root
May  7 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: Invalid user lighthouse from 91.108.245.210
May  7 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: input_userauth_request: invalid user lighthouse [preauth]
May  7 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: Failed password for invalid user lighthouse from 91.108.245.210 port 34128 ssh2
May  7 15:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12503]: Connection closed by 91.108.245.210 port 34128 [preauth]
May  7 15:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 15:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Failed password for root from 194.0.234.19 port 37170 ssh2
May  7 15:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12517]: Connection closed by 194.0.234.19 port 37170 [preauth]
May  7 15:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Failed password for root from 91.108.245.210 port 52720 ssh2
May  7 15:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12528]: Connection closed by 91.108.245.210 port 52720 [preauth]
May  7 15:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user gpadmin from 91.108.245.210
May  7 15:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user gpadmin [preauth]
May  7 15:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user gpadmin from 91.108.245.210 port 37002 ssh2
May  7 15:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Connection closed by 91.108.245.210 port 37002 [preauth]
May  7 15:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: User mysql from 91.108.245.210 not allowed because not listed in AllowUsers
May  7 15:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: input_userauth_request: invalid user mysql [preauth]
May  7 15:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=mysql
May  7 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Failed password for invalid user mysql from 91.108.245.210 port 52710 ssh2
May  7 15:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Connection closed by 91.108.245.210 port 52710 [preauth]
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12583]: pam_unix(cron:session): session closed for user p13x
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12698]: Successful su for rubyman by root
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12698]: + ??? root:rubyman
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347576 of user rubyman.
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12698]: pam_unix(su:session): session closed for user rubyman
May  7 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347576.
May  7 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12581]: pam_unix(cron:session): session closed for user root
May  7 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user root
May  7 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12584]: pam_unix(cron:session): session closed for user samftp
May  7 15:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11744]: pam_unix(cron:session): session closed for user root
May  7 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Failed password for root from 91.108.245.210 port 53714 ssh2
May  7 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12969]: Connection closed by 91.108.245.210 port 53714 [preauth]
May  7 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Invalid user app from 91.108.245.210
May  7 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: input_userauth_request: invalid user app [preauth]
May  7 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Failed password for invalid user app from 91.108.245.210 port 60330 ssh2
May  7 15:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12998]: Connection closed by 91.108.245.210 port 60330 [preauth]
May  7 15:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: Invalid user guest from 91.108.245.210
May  7 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: input_userauth_request: invalid user guest [preauth]
May  7 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: Failed password for invalid user guest from 91.108.245.210 port 35616 ssh2
May  7 15:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13014]: Connection closed by 91.108.245.210 port 35616 [preauth]
May  7 15:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Invalid user elastic from 91.108.245.210
May  7 15:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: input_userauth_request: invalid user elastic [preauth]
May  7 15:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Invalid user jumpserver from 91.108.245.210
May  7 15:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: input_userauth_request: invalid user jumpserver [preauth]
May  7 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user elastic from 91.108.245.210 port 53698 ssh2
May  7 15:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Connection closed by 91.108.245.210 port 53698 [preauth]
May  7 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Failed password for invalid user jumpserver from 91.108.245.210 port 38890 ssh2
May  7 15:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13042]: Connection closed by 91.108.245.210 port 38890 [preauth]
May  7 15:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Invalid user sonar from 91.108.245.210
May  7 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: input_userauth_request: invalid user sonar [preauth]
May  7 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Failed password for invalid user sonar from 91.108.245.210 port 35634 ssh2
May  7 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Failed password for root from 91.108.245.210 port 46474 ssh2
May  7 15:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13064]: Connection closed by 91.108.245.210 port 35634 [preauth]
May  7 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13066]: Connection closed by 91.108.245.210 port 46474 [preauth]
May  7 15:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Invalid user tom from 91.108.245.210
May  7 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: input_userauth_request: invalid user tom [preauth]
May  7 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Invalid user git from 91.108.245.210
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: input_userauth_request: invalid user git [preauth]
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Failed password for invalid user tom from 91.108.245.210 port 38892 ssh2
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Connection closed by 91.108.245.210 port 38892 [preauth]
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13087]: pam_unix(cron:session): session closed for user root
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13082]: pam_unix(cron:session): session closed for user p13x
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: Successful su for rubyman by root
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: + ??? root:rubyman
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347579 of user rubyman.
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session closed for user rubyman
May  7 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347579.
May  7 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Failed password for invalid user git from 91.108.245.210 port 46484 ssh2
May  7 15:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13079]: Connection closed by 91.108.245.210 port 46484 [preauth]
May  7 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10366]: pam_unix(cron:session): session closed for user root
May  7 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13084]: pam_unix(cron:session): session closed for user root
May  7 15:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13083]: pam_unix(cron:session): session closed for user samftp
May  7 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Invalid user ranger from 91.108.245.210
May  7 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: input_userauth_request: invalid user ranger [preauth]
May  7 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Failed password for root from 91.108.245.210 port 37628 ssh2
May  7 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13338]: Connection closed by 91.108.245.210 port 37628 [preauth]
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Failed password for invalid user ranger from 91.108.245.210 port 46488 ssh2
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Connection closed by 91.108.245.210 port 46488 [preauth]
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Invalid user appuser from 91.108.245.210
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: input_userauth_request: invalid user appuser [preauth]
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Failed password for invalid user appuser from 91.108.245.210 port 37632 ssh2
May  7 15:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13363]: Connection closed by 91.108.245.210 port 37632 [preauth]
May  7 15:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Invalid user tom from 91.108.245.210
May  7 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: input_userauth_request: invalid user tom [preauth]
May  7 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Failed password for invalid user tom from 91.108.245.210 port 37640 ssh2
May  7 15:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13374]: Connection closed by 91.108.245.210 port 37640 [preauth]
May  7 15:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Failed password for root from 91.108.245.210 port 60988 ssh2
May  7 15:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Connection closed by 91.108.245.210 port 60988 [preauth]
May  7 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Invalid user rancher from 91.108.245.210
May  7 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: input_userauth_request: invalid user rancher [preauth]
May  7 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12156]: pam_unix(cron:session): session closed for user root
May  7 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Failed password for invalid user rancher from 91.108.245.210 port 52770 ssh2
May  7 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Connection closed by 91.108.245.210 port 52770 [preauth]
May  7 15:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Failed password for root from 91.108.245.210 port 55876 ssh2
May  7 15:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13557]: Connection closed by 91.108.245.210 port 55876 [preauth]
May  7 15:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: Invalid user nginx from 91.108.245.210
May  7 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: input_userauth_request: invalid user nginx [preauth]
May  7 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: Failed password for invalid user nginx from 91.108.245.210 port 52756 ssh2
May  7 15:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13568]: Connection closed by 91.108.245.210 port 52756 [preauth]
May  7 15:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Failed password for root from 91.108.245.210 port 44986 ssh2
May  7 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13594]: Connection closed by 91.108.245.210 port 44986 [preauth]
May  7 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Invalid user user from 91.108.245.210
May  7 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: input_userauth_request: invalid user user [preauth]
May  7 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Failed password for invalid user user from 91.108.245.210 port 44992 ssh2
May  7 15:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13618]: Connection closed by 91.108.245.210 port 44992 [preauth]
May  7 15:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13629]: pam_unix(cron:session): session closed for user p13x
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: Successful su for rubyman by root
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: + ??? root:rubyman
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347585 of user rubyman.
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13703]: pam_unix(su:session): session closed for user rubyman
May  7 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347585.
May  7 15:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Invalid user data from 91.108.245.210
May  7 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: input_userauth_request: invalid user data [preauth]
May  7 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session closed for user root
May  7 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13630]: pam_unix(cron:session): session closed for user samftp
May  7 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Failed password for invalid user data from 91.108.245.210 port 59320 ssh2
May  7 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13825]: Connection closed by 91.108.245.210 port 59320 [preauth]
May  7 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12586]: pam_unix(cron:session): session closed for user root
May  7 15:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Invalid user user from 91.108.245.210
May  7 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: input_userauth_request: invalid user user [preauth]
May  7 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Invalid user elastic from 91.108.245.210
May  7 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: input_userauth_request: invalid user elastic [preauth]
May  7 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Failed password for invalid user user from 91.108.245.210 port 44514 ssh2
May  7 15:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13990]: Connection closed by 91.108.245.210 port 44514 [preauth]
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Failed password for invalid user elastic from 91.108.245.210 port 44528 ssh2
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13992]: Connection closed by 91.108.245.210 port 44528 [preauth]
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Invalid user test1234 from 23.94.179.104
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: input_userauth_request: invalid user test1234 [preauth]
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  7 15:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: Invalid user esuser from 91.108.245.210
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: input_userauth_request: invalid user esuser [preauth]
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Invalid user oracle from 91.108.245.210
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: input_userauth_request: invalid user oracle [preauth]
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user test1234 from 23.94.179.104 port 37878 ssh2
May  7 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: Failed password for invalid user esuser from 91.108.245.210 port 45424 ssh2
May  7 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Connection closed by 23.94.179.104 port 37878 [preauth]
May  7 15:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14005]: Connection closed by 91.108.245.210 port 45424 [preauth]
May  7 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Failed password for invalid user oracle from 91.108.245.210 port 44540 ssh2
May  7 15:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14008]: Connection closed by 91.108.245.210 port 44540 [preauth]
May  7 15:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Invalid user ftpuser from 91.108.245.210
May  7 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: input_userauth_request: invalid user ftpuser [preauth]
May  7 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Failed password for invalid user ftpuser from 91.108.245.210 port 56450 ssh2
May  7 15:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14049]: Connection closed by 91.108.245.210 port 56450 [preauth]
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14052]: pam_unix(cron:session): session closed for user p13x
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14119]: Successful su for rubyman by root
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14119]: + ??? root:rubyman
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347590 of user rubyman.
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14119]: pam_unix(su:session): session closed for user rubyman
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347590.
May  7 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Invalid user ts from 91.108.245.210
May  7 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: input_userauth_request: invalid user ts [preauth]
May  7 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Failed password for invalid user ts from 91.108.245.210 port 51818 ssh2
May  7 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Connection closed by 91.108.245.210 port 51818 [preauth]
May  7 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session closed for user root
May  7 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Invalid user test from 91.108.245.210
May  7 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: input_userauth_request: invalid user test [preauth]
May  7 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session closed for user samftp
May  7 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Failed password for invalid user test from 91.108.245.210 port 56466 ssh2
May  7 15:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14285]: Connection closed by 91.108.245.210 port 56466 [preauth]
May  7 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14291]: Failed password for root from 91.108.245.210 port 51832 ssh2
May  7 15:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14291]: Connection closed by 91.108.245.210 port 51832 [preauth]
May  7 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Invalid user worker from 91.108.245.210
May  7 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: input_userauth_request: invalid user worker [preauth]
May  7 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Failed password for root from 164.68.105.9 port 40726 ssh2
May  7 15:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Connection closed by 164.68.105.9 port 40726 [preauth]
May  7 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for invalid user worker from 91.108.245.210 port 54714 ssh2
May  7 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Connection closed by 91.108.245.210 port 54714 [preauth]
May  7 15:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Invalid user gitlab from 91.108.245.210
May  7 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: input_userauth_request: invalid user gitlab [preauth]
May  7 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for invalid user gitlab from 91.108.245.210 port 54686 ssh2
May  7 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Connection closed by 91.108.245.210 port 54686 [preauth]
May  7 15:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Invalid user gpuadmin from 91.108.245.210
May  7 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: input_userauth_request: invalid user gpuadmin [preauth]
May  7 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Failed password for invalid user gpuadmin from 91.108.245.210 port 37286 ssh2
May  7 15:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Connection closed by 91.108.245.210 port 37286 [preauth]
May  7 15:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: Invalid user zabbix from 91.108.245.210
May  7 15:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: input_userauth_request: invalid user zabbix [preauth]
May  7 15:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: Invalid user flask from 91.108.245.210
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: input_userauth_request: invalid user flask [preauth]
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: Failed password for invalid user zabbix from 91.108.245.210 port 46994 ssh2
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14386]: Connection closed by 91.108.245.210 port 46994 [preauth]
May  7 15:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Failed password for root from 91.108.245.210 port 46996 ssh2
May  7 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Connection closed by 91.108.245.210 port 46996 [preauth]
May  7 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13086]: pam_unix(cron:session): session closed for user root
May  7 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: Failed password for invalid user flask from 91.108.245.210 port 47012 ssh2
May  7 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14390]: Connection closed by 91.108.245.210 port 47012 [preauth]
May  7 15:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Invalid user gitlab from 91.108.245.210
May  7 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: input_userauth_request: invalid user gitlab [preauth]
May  7 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Failed password for invalid user gitlab from 91.108.245.210 port 46518 ssh2
May  7 15:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14420]: Connection closed by 91.108.245.210 port 46518 [preauth]
May  7 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Invalid user testuser from 91.108.245.210
May  7 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: input_userauth_request: invalid user testuser [preauth]
May  7 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Invalid user postgres from 91.108.245.210
May  7 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: input_userauth_request: invalid user postgres [preauth]
May  7 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Failed password for invalid user testuser from 91.108.245.210 port 46526 ssh2
May  7 15:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14431]: Connection closed by 91.108.245.210 port 46526 [preauth]
May  7 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Failed password for invalid user postgres from 91.108.245.210 port 46530 ssh2
May  7 15:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14433]: Connection closed by 91.108.245.210 port 46530 [preauth]
May  7 15:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Invalid user jenkins from 91.108.245.210
May  7 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: input_userauth_request: invalid user jenkins [preauth]
May  7 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Failed password for invalid user jenkins from 91.108.245.210 port 34622 ssh2
May  7 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14456]: Connection closed by 91.108.245.210 port 34622 [preauth]
May  7 15:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: Failed password for root from 91.108.245.210 port 34636 ssh2
May  7 15:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: Connection closed by 91.108.245.210 port 34636 [preauth]
May  7 15:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: Invalid user weblogic from 91.108.245.210
May  7 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: input_userauth_request: invalid user weblogic [preauth]
May  7 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14490]: pam_unix(cron:session): session closed for user p13x
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: Successful su for rubyman by root
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: + ??? root:rubyman
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347593 of user rubyman.
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: pam_unix(su:session): session closed for user rubyman
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347593.
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: Failed password for invalid user weblogic from 91.108.245.210 port 52120 ssh2
May  7 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: Connection closed by 91.108.245.210 port 52120 [preauth]
May  7 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Invalid user centos from 91.108.245.210
May  7 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: input_userauth_request: invalid user centos [preauth]
May  7 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11743]: pam_unix(cron:session): session closed for user root
May  7 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Failed password for invalid user centos from 91.108.245.210 port 52124 ssh2
May  7 15:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14567]: Connection closed by 91.108.245.210 port 52124 [preauth]
May  7 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session closed for user samftp
May  7 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Invalid user alif from 64.23.161.151
May  7 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: input_userauth_request: invalid user alif [preauth]
May  7 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Failed password for invalid user alif from 64.23.161.151 port 38920 ssh2
May  7 15:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Connection closed by 64.23.161.151 port 38920 [preauth]
May  7 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13632]: pam_unix(cron:session): session closed for user root
May  7 15:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: User mysql from 91.108.245.210 not allowed because not listed in AllowUsers
May  7 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: input_userauth_request: invalid user mysql [preauth]
May  7 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=mysql
May  7 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Failed password for invalid user mysql from 91.108.245.210 port 46638 ssh2
May  7 15:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14834]: Connection closed by 91.108.245.210 port 46638 [preauth]
May  7 15:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Failed password for root from 91.108.245.210 port 41856 ssh2
May  7 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14841]: Connection closed by 91.108.245.210 port 41856 [preauth]
May  7 15:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Invalid user centos from 91.108.245.210
May  7 15:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: input_userauth_request: invalid user centos [preauth]
May  7 15:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14851]: Failed password for root from 91.108.245.210 port 41860 ssh2
May  7 15:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14851]: Connection closed by 91.108.245.210 port 41860 [preauth]
May  7 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Failed password for invalid user centos from 91.108.245.210 port 47256 ssh2
May  7 15:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14853]: Connection closed by 91.108.245.210 port 47256 [preauth]
May  7 15:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Invalid user kubernetes from 91.108.245.210
May  7 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: input_userauth_request: invalid user kubernetes [preauth]
May  7 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Failed password for invalid user kubernetes from 91.108.245.210 port 53400 ssh2
May  7 15:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14877]: Connection closed by 91.108.245.210 port 53400 [preauth]
May  7 15:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: Invalid user bot from 91.108.245.210
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: input_userauth_request: invalid user bot [preauth]
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Invalid user hadoop from 91.108.245.210
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: input_userauth_request: invalid user hadoop [preauth]
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14923]: pam_unix(cron:session): session closed for user p13x
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14991]: Successful su for rubyman by root
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14991]: + ??? root:rubyman
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347597 of user rubyman.
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14991]: pam_unix(su:session): session closed for user rubyman
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347597.
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Invalid user observer from 91.108.245.210
May  7 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: input_userauth_request: invalid user observer [preauth]
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Invalid user debianuser from 91.108.245.210
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: input_userauth_request: invalid user debianuser [preauth]
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: Failed password for invalid user bot from 91.108.245.210 port 45498 ssh2
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14915]: Connection closed by 91.108.245.210 port 45498 [preauth]
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Failed password for invalid user hadoop from 91.108.245.210 port 53408 ssh2
May  7 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14919]: Connection closed by 91.108.245.210 port 53408 [preauth]
May  7 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Failed password for invalid user observer from 91.108.245.210 port 53404 ssh2
May  7 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Failed password for invalid user debianuser from 91.108.245.210 port 45504 ssh2
May  7 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14921]: Connection closed by 91.108.245.210 port 53404 [preauth]
May  7 15:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14959]: Connection closed by 91.108.245.210 port 45504 [preauth]
May  7 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12155]: pam_unix(cron:session): session closed for user root
May  7 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Invalid user ranger from 91.108.245.210
May  7 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: input_userauth_request: invalid user ranger [preauth]
May  7 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14924]: pam_unix(cron:session): session closed for user samftp
May  7 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Failed password for invalid user ranger from 91.108.245.210 port 35634 ssh2
May  7 15:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15152]: Connection closed by 91.108.245.210 port 35634 [preauth]
May  7 15:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Invalid user oracle from 91.108.245.210
May  7 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: input_userauth_request: invalid user oracle [preauth]
May  7 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Failed password for invalid user oracle from 91.108.245.210 port 35638 ssh2
May  7 15:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Connection closed by 91.108.245.210 port 35638 [preauth]
May  7 15:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: User ftp from 91.108.245.210 not allowed because not listed in AllowUsers
May  7 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: input_userauth_request: invalid user ftp [preauth]
May  7 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=ftp
May  7 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Invalid user elastic from 91.108.245.210
May  7 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: input_userauth_request: invalid user elastic [preauth]
May  7 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Failed password for invalid user ftp from 91.108.245.210 port 35640 ssh2
May  7 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15204]: Connection closed by 91.108.245.210 port 35640 [preauth]
May  7 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Failed password for invalid user elastic from 91.108.245.210 port 44140 ssh2
May  7 15:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Connection closed by 91.108.245.210 port 44140 [preauth]
May  7 15:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Failed password for root from 91.108.245.210 port 44158 ssh2
May  7 15:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15213]: Connection closed by 91.108.245.210 port 44158 [preauth]
May  7 15:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: Failed password for root from 218.92.0.179 port 60308 ssh2
May  7 15:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 60308 ssh2]
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: Received disconnect from 218.92.0.179 port 60308:11:  [preauth]
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: Disconnected from 218.92.0.179 port 60308 [preauth]
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15218]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Invalid user admin from 91.108.245.210
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: input_userauth_request: invalid user admin [preauth]
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Failed password for invalid user admin from 91.108.245.210 port 44178 ssh2
May  7 15:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15242]: Connection closed by 91.108.245.210 port 44178 [preauth]
May  7 15:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: Invalid user tomcat from 91.108.245.210
May  7 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: input_userauth_request: invalid user tomcat [preauth]
May  7 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session closed for user root
May  7 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: Failed password for invalid user tomcat from 91.108.245.210 port 40276 ssh2
May  7 15:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15252]: Connection closed by 91.108.245.210 port 40276 [preauth]
May  7 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Invalid user gitlab from 91.108.245.210
May  7 15:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: input_userauth_request: invalid user gitlab [preauth]
May  7 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Failed password for invalid user gitlab from 91.108.245.210 port 49034 ssh2
May  7 15:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15274]: Connection closed by 91.108.245.210 port 49034 [preauth]
May  7 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Invalid user default from 91.108.245.210
May  7 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: input_userauth_request: invalid user default [preauth]
May  7 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Failed password for invalid user default from 91.108.245.210 port 40274 ssh2
May  7 15:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15285]: Connection closed by 91.108.245.210 port 40274 [preauth]
May  7 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Failed password for root from 91.108.245.210 port 49046 ssh2
May  7 15:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15296]: Connection closed by 91.108.245.210 port 49046 [preauth]
May  7 15:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Invalid user hadoop from 91.108.245.210
May  7 15:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: input_userauth_request: invalid user hadoop [preauth]
May  7 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Invalid user tools from 91.108.245.210
May  7 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: input_userauth_request: invalid user tools [preauth]
May  7 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Failed password for invalid user hadoop from 91.108.245.210 port 49052 ssh2
May  7 15:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15314]: Connection closed by 91.108.245.210 port 49052 [preauth]
May  7 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Failed password for invalid user tools from 91.108.245.210 port 46334 ssh2
May  7 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15324]: Connection closed by 91.108.245.210 port 46334 [preauth]
May  7 15:44:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Invalid user admin from 91.108.245.210
May  7 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: input_userauth_request: invalid user admin [preauth]
May  7 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Failed password for invalid user admin from 91.108.245.210 port 46336 ssh2
May  7 15:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15326]: Connection closed by 91.108.245.210 port 46336 [preauth]
May  7 15:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Invalid user cxy from 46.244.96.25
May  7 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: input_userauth_request: invalid user cxy [preauth]
May  7 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 15:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Invalid user www from 91.108.245.210
May  7 15:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: input_userauth_request: invalid user www [preauth]
May  7 15:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Failed password for invalid user www from 91.108.245.210 port 40988 ssh2
May  7 15:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for invalid user cxy from 46.244.96.25 port 54532 ssh2
May  7 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15342]: Connection closed by 91.108.245.210 port 40988 [preauth]
May  7 15:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Connection closed by 46.244.96.25 port 54532 [preauth]
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15361]: pam_unix(cron:session): session closed for user root
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15356]: pam_unix(cron:session): session closed for user p13x
May  7 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: Successful su for rubyman by root
May  7 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: + ??? root:rubyman
May  7 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347602 of user rubyman.
May  7 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15422]: pam_unix(su:session): session closed for user rubyman
May  7 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347602.
May  7 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15358]: pam_unix(cron:session): session closed for user root
May  7 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12585]: pam_unix(cron:session): session closed for user root
May  7 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Failed password for root from 91.108.245.210 port 40998 ssh2
May  7 15:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15353]: Connection closed by 91.108.245.210 port 40998 [preauth]
May  7 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Invalid user es from 91.108.245.210
May  7 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: input_userauth_request: invalid user es [preauth]
May  7 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15357]: pam_unix(cron:session): session closed for user samftp
May  7 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Failed password for invalid user es from 91.108.245.210 port 41256 ssh2
May  7 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15602]: Connection closed by 91.108.245.210 port 41256 [preauth]
May  7 15:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Failed password for root from 91.108.245.210 port 41006 ssh2
May  7 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Connection closed by 91.108.245.210 port 41006 [preauth]
May  7 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Failed password for root from 91.108.245.210 port 41266 ssh2
May  7 15:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15638]: Connection closed by 91.108.245.210 port 41266 [preauth]
May  7 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session closed for user root
May  7 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: Invalid user oracle from 91.108.245.210
May  7 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: input_userauth_request: invalid user oracle [preauth]
May  7 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: Failed password for invalid user oracle from 91.108.245.210 port 55722 ssh2
May  7 15:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15710]: Connection closed by 91.108.245.210 port 55722 [preauth]
May  7 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Invalid user ubnt from 91.108.245.210
May  7 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: input_userauth_request: invalid user ubnt [preauth]
May  7 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Failed password for invalid user ubnt from 91.108.245.210 port 52070 ssh2
May  7 15:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15742]: Connection closed by 91.108.245.210 port 52070 [preauth]
May  7 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Invalid user nvidia from 91.108.245.210
May  7 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: input_userauth_request: invalid user nvidia [preauth]
May  7 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for invalid user nvidia from 91.108.245.210 port 52074 ssh2
May  7 15:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Connection closed by 91.108.245.210 port 52074 [preauth]
May  7 15:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Failed password for root from 91.108.245.210 port 47476 ssh2
May  7 15:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15763]: Connection closed by 91.108.245.210 port 47476 [preauth]
May  7 15:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Failed password for root from 91.108.245.210 port 47490 ssh2
May  7 15:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Connection closed by 91.108.245.210 port 47490 [preauth]
May  7 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: Invalid user developer from 91.108.245.210
May  7 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: input_userauth_request: invalid user developer [preauth]
May  7 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: Failed password for invalid user developer from 91.108.245.210 port 47506 ssh2
May  7 15:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15784]: Connection closed by 91.108.245.210 port 47506 [preauth]
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15795]: pam_unix(cron:session): session closed for user p13x
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15862]: Successful su for rubyman by root
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15862]: + ??? root:rubyman
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347607 of user rubyman.
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15862]: pam_unix(su:session): session closed for user rubyman
May  7 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347607.
May  7 15:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Invalid user mongodb from 91.108.245.210
May  7 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: input_userauth_request: invalid user mongodb [preauth]
May  7 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13085]: pam_unix(cron:session): session closed for user root
May  7 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15796]: pam_unix(cron:session): session closed for user samftp
May  7 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Failed password for invalid user mongodb from 91.108.245.210 port 51768 ssh2
May  7 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16001]: Connection closed by 91.108.245.210 port 51768 [preauth]
May  7 15:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Failed password for root from 91.108.245.210 port 51756 ssh2
May  7 15:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16050]: Connection closed by 91.108.245.210 port 51756 [preauth]
May  7 15:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: Invalid user app from 91.108.245.210
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: input_userauth_request: invalid user app [preauth]
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Invalid user mongodb from 91.108.245.210
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: input_userauth_request: invalid user mongodb [preauth]
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: Failed password for invalid user app from 91.108.245.210 port 42822 ssh2
May  7 15:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16053]: Connection closed by 91.108.245.210 port 42822 [preauth]
May  7 15:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Failed password for invalid user mongodb from 91.108.245.210 port 42812 ssh2
May  7 15:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Connection closed by 91.108.245.210 port 42812 [preauth]
May  7 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Invalid user www from 91.108.245.210
May  7 15:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: input_userauth_request: invalid user www [preauth]
May  7 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for invalid user www from 91.108.245.210 port 40458 ssh2
May  7 15:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Connection closed by 91.108.245.210 port 40458 [preauth]
May  7 15:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Invalid user elasticsearch from 91.108.245.210
May  7 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Failed password for invalid user elasticsearch from 91.108.245.210 port 54820 ssh2
May  7 15:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16110]: Connection closed by 91.108.245.210 port 54820 [preauth]
May  7 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Invalid user docker from 91.108.245.210
May  7 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: input_userauth_request: invalid user docker [preauth]
May  7 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Failed password for invalid user docker from 91.108.245.210 port 54834 ssh2
May  7 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16120]: Connection closed by 91.108.245.210 port 54834 [preauth]
May  7 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14926]: pam_unix(cron:session): session closed for user root
May  7 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16142]: Failed password for root from 91.108.245.210 port 54846 ssh2
May  7 15:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16142]: Connection closed by 91.108.245.210 port 54846 [preauth]
May  7 15:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Invalid user postgres from 91.108.245.210
May  7 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: input_userauth_request: invalid user postgres [preauth]
May  7 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Failed password for invalid user postgres from 91.108.245.210 port 56572 ssh2
May  7 15:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16153]: Connection closed by 91.108.245.210 port 56572 [preauth]
May  7 15:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: Invalid user dev from 91.108.245.210
May  7 15:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: input_userauth_request: invalid user dev [preauth]
May  7 15:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: Failed password for invalid user dev from 91.108.245.210 port 56576 ssh2
May  7 15:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: Connection closed by 91.108.245.210 port 56576 [preauth]
May  7 15:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Invalid user tomcat from 91.108.245.210
May  7 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: input_userauth_request: invalid user tomcat [preauth]
May  7 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Failed password for invalid user tomcat from 91.108.245.210 port 59350 ssh2
May  7 15:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16195]: Connection closed by 91.108.245.210 port 59350 [preauth]
May  7 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Invalid user vagrant from 91.108.245.210
May  7 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: input_userauth_request: invalid user vagrant [preauth]
May  7 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16216]: pam_unix(cron:session): session closed for user p13x
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: Successful su for rubyman by root
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: + ??? root:rubyman
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347611 of user rubyman.
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16277]: pam_unix(su:session): session closed for user rubyman
May  7 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347611.
May  7 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Invalid user git from 91.108.245.210
May  7 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: input_userauth_request: invalid user git [preauth]
May  7 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Failed password for invalid user vagrant from 91.108.245.210 port 54212 ssh2
May  7 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16205]: Connection closed by 91.108.245.210 port 54212 [preauth]
May  7 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Failed password for invalid user git from 91.108.245.210 port 54206 ssh2
May  7 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16266]: Connection closed by 91.108.245.210 port 54206 [preauth]
May  7 15:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13631]: pam_unix(cron:session): session closed for user root
May  7 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16217]: pam_unix(cron:session): session closed for user samftp
May  7 15:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Invalid user git from 50.235.31.47
May  7 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: input_userauth_request: invalid user git [preauth]
May  7 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user git from 50.235.31.47 port 55110 ssh2
May  7 15:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Connection closed by 50.235.31.47 port 55110 [preauth]
May  7 15:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Invalid user worker from 91.108.245.210
May  7 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: input_userauth_request: invalid user worker [preauth]
May  7 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Failed password for invalid user worker from 91.108.245.210 port 49718 ssh2
May  7 15:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16515]: Connection closed by 91.108.245.210 port 49718 [preauth]
May  7 15:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Invalid user admin from 80.94.95.112
May  7 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: input_userauth_request: invalid user admin [preauth]
May  7 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user admin from 80.94.95.112 port 57529 ssh2
May  7 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15360]: pam_unix(cron:session): session closed for user root
May  7 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: Invalid user admin from 91.108.245.210
May  7 15:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: input_userauth_request: invalid user admin [preauth]
May  7 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user admin from 80.94.95.112 port 57529 ssh2
May  7 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: Failed password for invalid user admin from 91.108.245.210 port 59862 ssh2
May  7 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16581]: Connection closed by 91.108.245.210 port 59862 [preauth]
May  7 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user admin from 80.94.95.112 port 57529 ssh2
May  7 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: Invalid user steam from 91.108.245.210
May  7 15:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: input_userauth_request: invalid user steam [preauth]
May  7 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user admin from 80.94.95.112 port 57529 ssh2
May  7 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: Failed password for invalid user steam from 91.108.245.210 port 59864 ssh2
May  7 15:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16613]: Connection closed by 91.108.245.210 port 59864 [preauth]
May  7 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user admin from 80.94.95.112 port 57529 ssh2
May  7 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Received disconnect from 80.94.95.112 port 57529:11: Bye [preauth]
May  7 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Disconnected from 80.94.95.112 port 57529 [preauth]
May  7 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 15:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Invalid user demo from 91.108.245.210
May  7 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: input_userauth_request: invalid user demo [preauth]
May  7 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Invalid user vpn from 85.208.84.5
May  7 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: input_userauth_request: invalid user vpn [preauth]
May  7 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Failed password for invalid user demo from 91.108.245.210 port 54136 ssh2
May  7 15:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16641]: Connection closed by 91.108.245.210 port 54136 [preauth]
May  7 15:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user vpn from 85.208.84.5 port 34188 ssh2
May  7 15:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Connection closed by 85.208.84.5 port 34188 [preauth]
May  7 15:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Invalid user deploy from 91.108.245.210
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: input_userauth_request: invalid user deploy [preauth]
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Invalid user es from 91.108.245.210
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: input_userauth_request: invalid user es [preauth]
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Failed password for invalid user deploy from 91.108.245.210 port 54138 ssh2
May  7 15:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Connection closed by 91.108.245.210 port 54138 [preauth]
May  7 15:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Failed password for invalid user es from 91.108.245.210 port 57516 ssh2
May  7 15:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16665]: Connection closed by 91.108.245.210 port 57516 [preauth]
May  7 15:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Invalid user oscar from 91.108.245.210
May  7 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: input_userauth_request: invalid user oscar [preauth]
May  7 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16678]: pam_unix(cron:session): session closed for user p13x
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16743]: Successful su for rubyman by root
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16743]: + ??? root:rubyman
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347617 of user rubyman.
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16743]: pam_unix(su:session): session closed for user rubyman
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347617.
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Failed password for invalid user oscar from 91.108.245.210 port 42654 ssh2
May  7 15:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16675]: Connection closed by 91.108.245.210 port 42654 [preauth]
May  7 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session closed for user root
May  7 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16680]: pam_unix(cron:session): session closed for user samftp
May  7 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Invalid user dolphinscheduler from 91.108.245.210
May  7 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 15:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Invalid user dev from 91.108.245.210
May  7 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: input_userauth_request: invalid user dev [preauth]
May  7 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Failed password for invalid user dolphinscheduler from 91.108.245.210 port 42658 ssh2
May  7 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16978]: Connection closed by 91.108.245.210 port 42658 [preauth]
May  7 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Failed password for invalid user dev from 91.108.245.210 port 55330 ssh2
May  7 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Connection closed by 91.108.245.210 port 55330 [preauth]
May  7 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: Invalid user lighthouse from 91.108.245.210
May  7 15:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: input_userauth_request: invalid user lighthouse [preauth]
May  7 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: Invalid user oceanbase from 91.108.245.210
May  7 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: input_userauth_request: invalid user oceanbase [preauth]
May  7 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: Failed password for invalid user lighthouse from 91.108.245.210 port 36464 ssh2
May  7 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16992]: Connection closed by 91.108.245.210 port 36464 [preauth]
May  7 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: Failed password for invalid user oceanbase from 91.108.245.210 port 36456 ssh2
May  7 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16994]: Connection closed by 91.108.245.210 port 36456 [preauth]
May  7 15:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Failed password for root from 91.108.245.210 port 36474 ssh2
May  7 15:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17004]: Connection closed by 91.108.245.210 port 36474 [preauth]
May  7 15:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: Failed password for root from 91.108.245.210 port 52912 ssh2
May  7 15:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17026]: Connection closed by 91.108.245.210 port 52912 [preauth]
May  7 15:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Failed password for root from 91.108.245.210 port 52926 ssh2
May  7 15:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17029]: Connection closed by 91.108.245.210 port 52926 [preauth]
May  7 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15798]: pam_unix(cron:session): session closed for user root
May  7 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Invalid user user from 91.108.245.210
May  7 15:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: input_userauth_request: invalid user user [preauth]
May  7 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Failed password for invalid user user from 91.108.245.210 port 34838 ssh2
May  7 15:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17069]: Connection closed by 91.108.245.210 port 34838 [preauth]
May  7 15:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Failed password for root from 91.108.245.210 port 34846 ssh2
May  7 15:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17071]: Connection closed by 91.108.245.210 port 34846 [preauth]
May  7 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Invalid user svnuser from 91.108.245.210
May  7 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: input_userauth_request: invalid user svnuser [preauth]
May  7 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Failed password for invalid user svnuser from 91.108.245.210 port 47768 ssh2
May  7 15:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Connection closed by 91.108.245.210 port 47768 [preauth]
May  7 15:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 218.92.0.208 port 9956 ssh2
May  7 15:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Invalid user ftpuser from 91.108.245.210
May  7 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: input_userauth_request: invalid user ftpuser [preauth]
May  7 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: Failed password for root from 91.108.245.210 port 52940 ssh2
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17118]: Connection closed by 91.108.245.210 port 52940 [preauth]
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 218.92.0.208 port 9956 ssh2
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Invalid user ubuntu from 91.108.245.210
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: input_userauth_request: invalid user ubuntu [preauth]
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Failed password for invalid user ftpuser from 91.108.245.210 port 47782 ssh2
May  7 15:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17120]: Connection closed by 91.108.245.210 port 47782 [preauth]
May  7 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Failed password for invalid user ubuntu from 91.108.245.210 port 47786 ssh2
May  7 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17122]: Connection closed by 91.108.245.210 port 47786 [preauth]
May  7 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 218.92.0.208 port 9956 ssh2
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session closed for user p13x
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17193]: Successful su for rubyman by root
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17193]: + ??? root:rubyman
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347620 of user rubyman.
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17193]: pam_unix(su:session): session closed for user rubyman
May  7 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347620.
May  7 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 218.92.0.208 port 9956 ssh2
May  7 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session closed for user root
May  7 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Failed password for root from 218.92.0.208 port 9956 ssh2
May  7 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: error: maximum authentication attempts exceeded for root from 218.92.0.208 port 9956 ssh2 [preauth]
May  7 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: Disconnecting: Too many authentication failures [preauth]
May  7 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 15:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17107]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Invalid user esadmin from 91.108.245.210
May  7 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: input_userauth_request: invalid user esadmin [preauth]
May  7 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17135]: pam_unix(cron:session): session closed for user samftp
May  7 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: Failed password for root from 91.108.245.210 port 38734 ssh2
May  7 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17341]: Connection closed by 91.108.245.210 port 38734 [preauth]
May  7 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Failed password for invalid user esadmin from 91.108.245.210 port 38732 ssh2
May  7 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17370]: Connection closed by 91.108.245.210 port 38732 [preauth]
May  7 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 15:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17384]: Failed password for root from 218.92.0.208 port 32752 ssh2
May  7 15:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17384]: message repeated 2 times: [ Failed password for root from 218.92.0.208 port 32752 ssh2]
May  7 15:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Invalid user deploy from 91.108.245.210
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: input_userauth_request: invalid user deploy [preauth]
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Invalid user flask from 91.108.245.210
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: input_userauth_request: invalid user flask [preauth]
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17384]: Failed password for root from 218.92.0.208 port 32752 ssh2
May  7 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Failed password for invalid user deploy from 91.108.245.210 port 36608 ssh2
May  7 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17420]: Connection closed by 91.108.245.210 port 36608 [preauth]
May  7 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Failed password for invalid user flask from 91.108.245.210 port 36594 ssh2
May  7 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Connection closed by 91.108.245.210 port 36594 [preauth]
May  7 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Failed password for root from 91.108.245.210 port 39764 ssh2
May  7 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17432]: Connection closed by 91.108.245.210 port 39764 [preauth]
May  7 15:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17384]: Failed password for root from 218.92.0.208 port 32752 ssh2
May  7 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Did not receive identification string from 2.57.122.57
May  7 15:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Failed password for root from 91.108.245.210 port 39772 ssh2
May  7 15:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Connection closed by 91.108.245.210 port 39772 [preauth]
May  7 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Invalid user rabbitmq from 91.108.245.210
May  7 15:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: input_userauth_request: invalid user rabbitmq [preauth]
May  7 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Failed password for invalid user rabbitmq from 91.108.245.210 port 55900 ssh2
May  7 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17460]: Connection closed by 91.108.245.210 port 55900 [preauth]
May  7 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16219]: pam_unix(cron:session): session closed for user root
May  7 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Failed password for root from 218.92.0.208 port 49820 ssh2
May  7 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Failed password for root from 91.108.245.210 port 41406 ssh2
May  7 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17510]: Connection closed by 91.108.245.210 port 41406 [preauth]
May  7 15:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Failed password for root from 218.92.0.208 port 49820 ssh2
May  7 15:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Received disconnect from 218.92.0.208 port 49820:11:  [preauth]
May  7 15:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: Disconnected from 218.92.0.208 port 49820 [preauth]
May  7 15:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17497]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 15:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for root from 91.108.245.210 port 41418 ssh2
May  7 15:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Connection closed by 91.108.245.210 port 41418 [preauth]
May  7 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Invalid user wang from 91.108.245.210
May  7 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: input_userauth_request: invalid user wang [preauth]
May  7 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Failed password for invalid user wang from 91.108.245.210 port 38560 ssh2
May  7 15:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Connection closed by 91.108.245.210 port 38560 [preauth]
May  7 15:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for root from 91.108.245.210 port 41430 ssh2
May  7 15:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Connection closed by 91.108.245.210 port 41430 [preauth]
May  7 15:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Failed password for root from 91.108.245.210 port 52186 ssh2
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17572]: Connection closed by 91.108.245.210 port 52186 [preauth]
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17580]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17581]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session closed for user root
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17580]: pam_unix(cron:session): session closed for user p13x
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17655]: Successful su for rubyman by root
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17655]: + ??? root:rubyman
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347623 of user rubyman.
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17655]: pam_unix(su:session): session closed for user rubyman
May  7 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347623.
May  7 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17582]: pam_unix(cron:session): session closed for user root
May  7 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14925]: pam_unix(cron:session): session closed for user root
May  7 15:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17581]: pam_unix(cron:session): session closed for user samftp
May  7 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Invalid user uftp from 91.108.245.210
May  7 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: input_userauth_request: invalid user uftp [preauth]
May  7 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Failed password for invalid user uftp from 91.108.245.210 port 33538 ssh2
May  7 15:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17968]: Connection closed by 91.108.245.210 port 33538 [preauth]
May  7 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Invalid user awsgui from 91.108.245.210
May  7 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: input_userauth_request: invalid user awsgui [preauth]
May  7 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Failed password for invalid user awsgui from 91.108.245.210 port 33554 ssh2
May  7 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17979]: Connection closed by 91.108.245.210 port 33554 [preauth]
May  7 15:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: User ftp from 91.108.245.210 not allowed because not listed in AllowUsers
May  7 15:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: input_userauth_request: invalid user ftp [preauth]
May  7 15:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=ftp
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Failed password for invalid user ftp from 91.108.245.210 port 52208 ssh2
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18005]: Connection closed by 91.108.245.210 port 52208 [preauth]
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Invalid user dolphinscheduler from 91.108.245.210
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Failed password for invalid user dolphinscheduler from 91.108.245.210 port 60378 ssh2
May  7 15:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18007]: Connection closed by 91.108.245.210 port 60378 [preauth]
May  7 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Failed password for root from 91.108.245.210 port 60394 ssh2
May  7 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18018]: Connection closed by 91.108.245.210 port 60394 [preauth]
May  7 15:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: Invalid user test2 from 91.108.245.210
May  7 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: input_userauth_request: invalid user test2 [preauth]
May  7 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Invalid user oracle from 91.108.245.210
May  7 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: input_userauth_request: invalid user oracle [preauth]
May  7 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session closed for user root
May  7 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: Failed password for invalid user test2 from 91.108.245.210 port 54306 ssh2
May  7 15:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: Connection closed by 91.108.245.210 port 54306 [preauth]
May  7 15:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Failed password for invalid user oracle from 91.108.245.210 port 54316 ssh2
May  7 15:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18060]: Connection closed by 91.108.245.210 port 54316 [preauth]
May  7 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Invalid user wang from 91.108.245.210
May  7 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: input_userauth_request: invalid user wang [preauth]
May  7 15:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Failed password for invalid user wang from 91.108.245.210 port 48746 ssh2
May  7 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18092]: Connection closed by 91.108.245.210 port 48746 [preauth]
May  7 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: Invalid user www from 91.108.245.210
May  7 15:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: input_userauth_request: invalid user www [preauth]
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Invalid user app from 91.108.245.210
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: input_userauth_request: invalid user app [preauth]
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: Invalid user guest from 91.108.245.210
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: input_userauth_request: invalid user guest [preauth]
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: Invalid user nexus from 91.108.245.210
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: input_userauth_request: invalid user nexus [preauth]
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: Failed password for invalid user www from 91.108.245.210 port 48760 ssh2
May  7 15:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18136]: Connection closed by 91.108.245.210 port 48760 [preauth]
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Failed password for invalid user app from 91.108.245.210 port 38354 ssh2
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18140]: Connection closed by 91.108.245.210 port 38354 [preauth]
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: Failed password for invalid user guest from 91.108.245.210 port 48734 ssh2
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: Failed password for invalid user nexus from 91.108.245.210 port 38332 ssh2
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18142]: Connection closed by 91.108.245.210 port 48734 [preauth]
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18143]: Connection closed by 91.108.245.210 port 38332 [preauth]
May  7 15:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: Failed password for root from 91.108.245.210 port 38320 ssh2
May  7 15:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18155]: Connection closed by 91.108.245.210 port 38320 [preauth]
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session closed for user p13x
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18232]: Successful su for rubyman by root
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18232]: + ??? root:rubyman
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347629 of user rubyman.
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18232]: pam_unix(su:session): session closed for user rubyman
May  7 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347629.
May  7 15:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15359]: pam_unix(cron:session): session closed for user root
May  7 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user samftp
May  7 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Failed password for root from 91.108.245.210 port 37646 ssh2
May  7 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210  user=root
May  7 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18342]: Connection closed by 91.108.245.210 port 37646 [preauth]
May  7 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Failed password for root from 91.108.245.210 port 50328 ssh2
May  7 15:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18402]: Connection closed by 91.108.245.210 port 50328 [preauth]
May  7 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: Invalid user nvidia from 91.108.245.210
May  7 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: input_userauth_request: invalid user nvidia [preauth]
May  7 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: Failed password for invalid user nvidia from 91.108.245.210 port 37644 ssh2
May  7 15:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18436]: Connection closed by 91.108.245.210 port 37644 [preauth]
May  7 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Invalid user es from 91.108.245.210
May  7 15:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: input_userauth_request: invalid user es [preauth]
May  7 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Failed password for invalid user es from 91.108.245.210 port 50342 ssh2
May  7 15:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18468]: Connection closed by 91.108.245.210 port 50342 [preauth]
May  7 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Invalid user sugi from 91.108.245.210
May  7 15:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: input_userauth_request: invalid user sugi [preauth]
May  7 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.108.245.210
May  7 15:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17138]: pam_unix(cron:session): session closed for user root
May  7 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Failed password for invalid user sugi from 91.108.245.210 port 50354 ssh2
May  7 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18510]: Connection closed by 91.108.245.210 port 50354 [preauth]
May  7 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Invalid user derek from 64.23.161.151
May  7 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: input_userauth_request: invalid user derek [preauth]
May  7 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Failed password for invalid user derek from 64.23.161.151 port 35336 ssh2
May  7 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18540]: Connection closed by 64.23.161.151 port 35336 [preauth]
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session closed for user p13x
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: Successful su for rubyman by root
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: + ??? root:rubyman
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347636 of user rubyman.
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: pam_unix(su:session): session closed for user rubyman
May  7 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347636.
May  7 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15797]: pam_unix(cron:session): session closed for user root
May  7 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session closed for user samftp
May  7 15:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 15:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: Failed password for root from 80.94.95.125 port 17876 ssh2
May  7 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session closed for user root
May  7 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: Failed password for root from 80.94.95.125 port 17876 ssh2
May  7 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 17876 ssh2]
May  7 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: Received disconnect from 80.94.95.125 port 17876:11: Bye [preauth]
May  7 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: Disconnected from 80.94.95.125 port 17876 [preauth]
May  7 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 15:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18917]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session closed for user p13x
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19059]: Successful su for rubyman by root
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19059]: + ??? root:rubyman
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347639 of user rubyman.
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19059]: pam_unix(su:session): session closed for user rubyman
May  7 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347639.
May  7 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16218]: pam_unix(cron:session): session closed for user root
May  7 15:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18995]: pam_unix(cron:session): session closed for user samftp
May  7 15:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18169]: pam_unix(cron:session): session closed for user root
May  7 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19410]: pam_unix(cron:session): session closed for user p13x
May  7 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: Successful su for rubyman by root
May  7 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: + ??? root:rubyman
May  7 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347642 of user rubyman.
May  7 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: pam_unix(su:session): session closed for user rubyman
May  7 15:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347642.
May  7 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16681]: pam_unix(cron:session): session closed for user root
May  7 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session closed for user samftp
May  7 15:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18594]: pam_unix(cron:session): session closed for user root
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19825]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user root
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session closed for user p13x
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19893]: Successful su for rubyman by root
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19893]: + ??? root:rubyman
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347647 of user rubyman.
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19893]: pam_unix(su:session): session closed for user rubyman
May  7 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347647.
May  7 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user root
May  7 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17137]: pam_unix(cron:session): session closed for user root
May  7 15:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19825]: pam_unix(cron:session): session closed for user samftp
May  7 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18997]: pam_unix(cron:session): session closed for user root
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20261]: pam_unix(cron:session): session closed for user p13x
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20326]: Successful su for rubyman by root
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20326]: + ??? root:rubyman
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347651 of user rubyman.
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20326]: pam_unix(su:session): session closed for user rubyman
May  7 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347651.
May  7 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17583]: pam_unix(cron:session): session closed for user root
May  7 15:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20262]: pam_unix(cron:session): session closed for user samftp
May  7 15:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user root
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session closed for user p13x
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: Successful su for rubyman by root
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: + ??? root:rubyman
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347656 of user rubyman.
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20730]: pam_unix(su:session): session closed for user rubyman
May  7 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347656.
May  7 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18168]: pam_unix(cron:session): session closed for user root
May  7 15:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session closed for user samftp
May  7 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user root
May  7 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session closed for user p13x
May  7 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: Successful su for rubyman by root
May  7 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: + ??? root:rubyman
May  7 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347660 of user rubyman.
May  7 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21148]: pam_unix(su:session): session closed for user rubyman
May  7 15:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347660.
May  7 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session closed for user root
May  7 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21084]: pam_unix(cron:session): session closed for user samftp
May  7 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session closed for user root
May  7 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: Failed password for root from 158.51.96.38 port 41756 ssh2
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21458]: Connection closed by 158.51.96.38 port 41756 [preauth]
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Invalid user admin from 80.94.95.241
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: input_userauth_request: invalid user admin [preauth]
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 15:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user admin from 80.94.95.241 port 5295 ssh2
May  7 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: Failed password for root from 158.51.96.38 port 1128 ssh2
May  7 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21474]: Connection closed by 158.51.96.38 port 1128 [preauth]
May  7 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 15:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Failed password for root from 158.51.96.38 port 1164 ssh2
May  7 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user admin from 80.94.95.241 port 5295 ssh2
May  7 15:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21476]: Connection closed by 158.51.96.38 port 1164 [preauth]
May  7 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 15:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user admin from 80.94.95.241 port 5295 ssh2
May  7 15:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: Failed password for root from 158.51.96.38 port 1176 ssh2
May  7 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21500]: Connection closed by 158.51.96.38 port 1176 [preauth]
May  7 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user admin from 80.94.95.241 port 5295 ssh2
May  7 15:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Failed password for root from 158.51.96.38 port 1184 ssh2
May  7 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21502]: Connection closed by 158.51.96.38 port 1184 [preauth]
May  7 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Failed password for invalid user admin from 80.94.95.241 port 5295 ssh2
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Received disconnect from 80.94.95.241 port 5295:11: Bye [preauth]
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: Disconnected from 80.94.95.241 port 5295 [preauth]
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21472]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Failed password for root from 158.51.96.38 port 46426 ssh2
May  7 15:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21512]: Connection closed by 158.51.96.38 port 46426 [preauth]
May  7 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Invalid user ubuntu from 194.0.234.19
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: input_userauth_request: invalid user ubuntu [preauth]
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session closed for user p13x
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: Successful su for rubyman by root
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: + ??? root:rubyman
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347663 of user rubyman.
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21606]: pam_unix(su:session): session closed for user rubyman
May  7 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347663.
May  7 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Failed password for invalid user ubuntu from 194.0.234.19 port 58222 ssh2
May  7 15:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21532]: Connection closed by 194.0.234.19 port 58222 [preauth]
May  7 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18996]: pam_unix(cron:session): session closed for user root
May  7 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session closed for user samftp
May  7 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
May  7 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Invalid user derek from 64.23.161.151
May  7 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: input_userauth_request: invalid user derek [preauth]
May  7 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: pam_unix(sshd:auth): check pass; user unknown
May  7 15:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Failed password for invalid user derek from 64.23.161.151 port 43460 ssh2
May  7 15:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22254]: Connection closed by 64.23.161.151 port 43460 [preauth]
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22289]: pam_unix(cron:session): session closed for user root
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user root
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session closed for user p13x
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22390]: Successful su for rubyman by root
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22390]: + ??? root:rubyman
May  7 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347669 of user rubyman.
May  7 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22390]: pam_unix(su:session): session closed for user rubyman
May  7 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347669.
May  7 16:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user root
May  7 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session closed for user root
May  7 16:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user samftp
May  7 16:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21087]: pam_unix(cron:session): session closed for user root
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22848]: pam_unix(cron:session): session closed for user p13x
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22925]: Successful su for rubyman by root
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22925]: + ??? root:rubyman
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347675 of user rubyman.
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22925]: pam_unix(su:session): session closed for user rubyman
May  7 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347675.
May  7 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user root
May  7 16:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session closed for user samftp
May  7 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session closed for user root
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23329]: pam_unix(cron:session): session closed for user p13x
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23460]: Successful su for rubyman by root
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23460]: + ??? root:rubyman
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347679 of user rubyman.
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23460]: pam_unix(su:session): session closed for user rubyman
May  7 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347679.
May  7 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20263]: pam_unix(cron:session): session closed for user root
May  7 16:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session closed for user samftp
May  7 16:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22288]: pam_unix(cron:session): session closed for user root
May  7 16:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: Failed password for root from 218.92.0.179 port 12479 ssh2
May  7 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23899]: pam_unix(cron:session): session closed for user p13x
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23971]: Successful su for rubyman by root
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23971]: + ??? root:rubyman
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347683 of user rubyman.
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23971]: pam_unix(su:session): session closed for user rubyman
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347683.
May  7 16:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: Failed password for root from 218.92.0.179 port 12479 ssh2
May  7 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session closed for user root
May  7 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: Failed password for root from 218.92.0.179 port 12479 ssh2
May  7 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: Received disconnect from 218.92.0.179 port 12479:11:  [preauth]
May  7 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: Disconnected from 218.92.0.179 port 12479 [preauth]
May  7 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23880]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23900]: pam_unix(cron:session): session closed for user samftp
May  7 16:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22851]: pam_unix(cron:session): session closed for user root
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session closed for user p13x
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: Successful su for rubyman by root
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: + ??? root:rubyman
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347686 of user rubyman.
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: pam_unix(su:session): session closed for user rubyman
May  7 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347686.
May  7 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session closed for user root
May  7 16:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24341]: pam_unix(cron:session): session closed for user samftp
May  7 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user root
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24768]: pam_unix(cron:session): session closed for user root
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24763]: pam_unix(cron:session): session closed for user p13x
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: Successful su for rubyman by root
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: + ??? root:rubyman
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347692 of user rubyman.
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session closed for user rubyman
May  7 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347692.
May  7 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user root
May  7 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21543]: pam_unix(cron:session): session closed for user root
May  7 16:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24764]: pam_unix(cron:session): session closed for user samftp
May  7 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session closed for user root
May  7 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25210]: pam_unix(cron:session): session closed for user p13x
May  7 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: Successful su for rubyman by root
May  7 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: + ??? root:rubyman
May  7 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347697 of user rubyman.
May  7 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25287]: pam_unix(su:session): session closed for user rubyman
May  7 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347697.
May  7 16:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22287]: pam_unix(cron:session): session closed for user root
May  7 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25211]: pam_unix(cron:session): session closed for user samftp
May  7 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24343]: pam_unix(cron:session): session closed for user root
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session closed for user p13x
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25747]: Successful su for rubyman by root
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25747]: + ??? root:rubyman
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347701 of user rubyman.
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25747]: pam_unix(su:session): session closed for user rubyman
May  7 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347701.
May  7 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session closed for user root
May  7 16:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session closed for user samftp
May  7 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session closed for user root
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user p13x
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: Successful su for rubyman by root
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: + ??? root:rubyman
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347705 of user rubyman.
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: pam_unix(su:session): session closed for user rubyman
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347705.
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Invalid user derek from 64.23.161.151
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: input_userauth_request: invalid user derek [preauth]
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Failed password for invalid user derek from 64.23.161.151 port 35442 ssh2
May  7 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: Connection closed by 64.23.161.151 port 35442 [preauth]
May  7 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user root
May  7 16:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user samftp
May  7 16:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Invalid user xtest from 190.103.202.7
May  7 16:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: input_userauth_request: invalid user xtest [preauth]
May  7 16:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Failed password for invalid user xtest from 190.103.202.7 port 52430 ssh2
May  7 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25213]: pam_unix(cron:session): session closed for user root
May  7 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26445]: Connection closed by 190.103.202.7 port 52430 [preauth]
May  7 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26607]: pam_unix(cron:session): session closed for user p13x
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: Successful su for rubyman by root
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: + ??? root:rubyman
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347709 of user rubyman.
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26729]: pam_unix(su:session): session closed for user rubyman
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347709.
May  7 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session closed for user root
May  7 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23902]: pam_unix(cron:session): session closed for user root
May  7 16:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session closed for user samftp
May  7 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user root
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27175]: pam_unix(cron:session): session closed for user root
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user p13x
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27247]: Successful su for rubyman by root
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27247]: + ??? root:rubyman
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347713 of user rubyman.
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27247]: pam_unix(su:session): session closed for user rubyman
May  7 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347713.
May  7 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
May  7 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session closed for user root
May  7 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user samftp
May  7 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user root
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27676]: pam_unix(cron:session): session closed for user p13x
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27743]: Successful su for rubyman by root
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27743]: + ??? root:rubyman
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347721 of user rubyman.
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27743]: pam_unix(su:session): session closed for user rubyman
May  7 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347721.
May  7 16:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session closed for user root
May  7 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27677]: pam_unix(cron:session): session closed for user samftp
May  7 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26611]: pam_unix(cron:session): session closed for user root
May  7 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session closed for user p13x
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28156]: Successful su for rubyman by root
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28156]: + ??? root:rubyman
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347723 of user rubyman.
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28156]: pam_unix(su:session): session closed for user rubyman
May  7 16:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347723.
May  7 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25212]: pam_unix(cron:session): session closed for user root
May  7 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session closed for user samftp
May  7 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27174]: pam_unix(cron:session): session closed for user root
May  7 16:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  7 16:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.140.130.14
May  7 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session closed for user p13x
May  7 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: Successful su for rubyman by root
May  7 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: + ??? root:rubyman
May  7 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347728 of user rubyman.
May  7 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: pam_unix(su:session): session closed for user rubyman
May  7 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347728.
May  7 16:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25656]: pam_unix(cron:session): session closed for user root
May  7 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user samftp
May  7 16:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Invalid user system from 85.208.84.4
May  7 16:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: input_userauth_request: invalid user system [preauth]
May  7 16:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 16:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Failed password for invalid user system from 85.208.84.4 port 47164 ssh2
May  7 16:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Connection closed by 85.208.84.4 port 47164 [preauth]
May  7 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27679]: pam_unix(cron:session): session closed for user root
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session closed for user p13x
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28977]: Successful su for rubyman by root
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28977]: + ??? root:rubyman
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347731 of user rubyman.
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28977]: pam_unix(su:session): session closed for user rubyman
May  7 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347731.
May  7 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user root
May  7 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session closed for user samftp
May  7 16:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user root
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29427]: pam_unix(cron:session): session closed for user root
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29422]: pam_unix(cron:session): session closed for user p13x
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: Successful su for rubyman by root
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: + ??? root:rubyman
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347737 of user rubyman.
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29497]: pam_unix(su:session): session closed for user rubyman
May  7 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347737.
May  7 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29424]: pam_unix(cron:session): session closed for user root
May  7 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26610]: pam_unix(cron:session): session closed for user root
May  7 16:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29423]: pam_unix(cron:session): session closed for user samftp
May  7 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user root
May  7 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session closed for user p13x
May  7 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: Successful su for rubyman by root
May  7 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: + ??? root:rubyman
May  7 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347742 of user rubyman.
May  7 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29937]: pam_unix(su:session): session closed for user rubyman
May  7 16:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347742.
May  7 16:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27173]: pam_unix(cron:session): session closed for user root
May  7 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29868]: pam_unix(cron:session): session closed for user samftp
May  7 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Invalid user derek from 64.23.161.151
May  7 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: input_userauth_request: invalid user derek [preauth]
May  7 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Failed password for invalid user derek from 64.23.161.151 port 54792 ssh2
May  7 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30145]: Connection closed by 64.23.161.151 port 54792 [preauth]
May  7 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user root
May  7 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: Failed password for root from 218.92.0.179 port 29865 ssh2
May  7 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 29865 ssh2]
May  7 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: Received disconnect from 218.92.0.179 port 29865:11:  [preauth]
May  7 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: Disconnected from 218.92.0.179 port 29865 [preauth]
May  7 16:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30201]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Invalid user ] from 195.178.110.50
May  7 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: input_userauth_request: invalid user ] [preauth]
May  7 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session closed for user root
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30272]: pam_unix(cron:session): session closed for user p13x
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: Successful su for rubyman by root
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: + ??? root:rubyman
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347746 of user rubyman.
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: pam_unix(su:session): session closed for user rubyman
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347746.
May  7 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Failed password for invalid user ] from 195.178.110.50 port 47924 ssh2
May  7 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27678]: pam_unix(cron:session): session closed for user root
May  7 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30243]: Connection closed by 195.178.110.50 port 47924 [preauth]
May  7 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30273]: pam_unix(cron:session): session closed for user samftp
May  7 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Invalid user ~ from 195.178.110.50
May  7 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: input_userauth_request: invalid user ~ [preauth]
May  7 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 16:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Failed password for invalid user ~ from 195.178.110.50 port 3852 ssh2
May  7 16:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30510]: Connection closed by 195.178.110.50 port 3852 [preauth]
May  7 16:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user root
May  7 16:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Invalid user A from 195.178.110.50
May  7 16:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: input_userauth_request: invalid user A [preauth]
May  7 16:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 16:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Failed password for invalid user A from 195.178.110.50 port 28174 ssh2
May  7 16:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30562]: Connection closed by 195.178.110.50 port 28174 [preauth]
May  7 16:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Invalid user b from 195.178.110.50
May  7 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: input_userauth_request: invalid user b [preauth]
May  7 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Failed password for invalid user b from 195.178.110.50 port 5006 ssh2
May  7 16:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30630]: Connection closed by 195.178.110.50 port 5006 [preauth]
May  7 16:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30676]: pam_unix(cron:session): session closed for user p13x
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: Successful su for rubyman by root
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: + ??? root:rubyman
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347752 of user rubyman.
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30741]: pam_unix(su:session): session closed for user rubyman
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347752.
May  7 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 16:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.205 port 22868 ssh2
May  7 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session closed for user root
May  7 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30677]: pam_unix(cron:session): session closed for user samftp
May  7 16:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.205 port 22868 ssh2
May  7 16:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.205 port 22868 ssh2
May  7 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Invalid user % from 195.178.110.50
May  7 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: input_userauth_request: invalid user % [preauth]
May  7 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.205 port 22868 ssh2
May  7 16:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Failed password for invalid user % from 195.178.110.50 port 12878 ssh2
May  7 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30672]: Connection closed by 195.178.110.50 port 12878 [preauth]
May  7 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Failed password for root from 218.92.0.205 port 22868 ssh2
May  7 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 22868 ssh2 [preauth]
May  7 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: Disconnecting: Too many authentication failures [preauth]
May  7 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 16:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30673]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 16:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 16:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for root from 218.92.0.205 port 34218 ssh2
May  7 16:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 34218 ssh2]
May  7 16:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user root
May  7 16:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for root from 218.92.0.205 port 34218 ssh2
May  7 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for root from 218.92.0.205 port 34218 ssh2
May  7 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 34218 ssh2 [preauth]
May  7 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Disconnecting: Too many authentication failures [preauth]
May  7 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 16:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31175]: pam_unix(cron:session): session closed for user p13x
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31238]: Successful su for rubyman by root
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31238]: + ??? root:rubyman
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347755 of user rubyman.
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31238]: pam_unix(su:session): session closed for user rubyman
May  7 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347755.
May  7 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user root
May  7 16:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session closed for user samftp
May  7 16:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for root from 218.92.0.179 port 27131 ssh2
May  7 16:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for root from 218.92.0.179 port 27131 ssh2
May  7 16:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  7 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Failed password for root from 186.96.145.241 port 53728 ssh2
May  7 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31490]: Connection closed by 186.96.145.241 port 53728 [preauth]
May  7 16:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for root from 218.92.0.179 port 27131 ssh2
May  7 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Received disconnect from 218.92.0.179 port 27131:11:  [preauth]
May  7 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Disconnected from 218.92.0.179 port 27131 [preauth]
May  7 16:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30275]: pam_unix(cron:session): session closed for user root
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session closed for user root
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session closed for user p13x
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: Successful su for rubyman by root
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: + ??? root:rubyman
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347759 of user rubyman.
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31687]: pam_unix(su:session): session closed for user rubyman
May  7 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347759.
May  7 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session closed for user root
May  7 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user root
May  7 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31594]: pam_unix(cron:session): session closed for user samftp
May  7 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30679]: pam_unix(cron:session): session closed for user root
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32332]: pam_unix(cron:session): session closed for user p13x
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: Successful su for rubyman by root
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: + ??? root:rubyman
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347765 of user rubyman.
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32421]: pam_unix(su:session): session closed for user rubyman
May  7 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347765.
May  7 16:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29425]: pam_unix(cron:session): session closed for user root
May  7 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32333]: pam_unix(cron:session): session closed for user samftp
May  7 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session closed for user root
May  7 16:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Invalid user admin from 80.94.95.112
May  7 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: input_userauth_request: invalid user admin [preauth]
May  7 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 16:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user admin from 80.94.95.112 port 17206 ssh2
May  7 16:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user admin from 80.94.95.112 port 17206 ssh2
May  7 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user admin from 80.94.95.112 port 17206 ssh2
May  7 16:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user admin from 80.94.95.112 port 17206 ssh2
May  7 16:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Failed password for invalid user admin from 80.94.95.112 port 17206 ssh2
May  7 16:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Received disconnect from 80.94.95.112 port 17206:11: Bye [preauth]
May  7 16:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: Disconnected from 80.94.95.112 port 17206 [preauth]
May  7 16:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 16:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[411]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[464]: pam_unix(cron:session): session closed for user p13x
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: Successful su for rubyman by root
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: + ??? root:rubyman
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347768 of user rubyman.
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[545]: pam_unix(su:session): session closed for user rubyman
May  7 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347768.
May  7 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session closed for user root
May  7 16:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[465]: pam_unix(cron:session): session closed for user samftp
May  7 16:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session closed for user root
May  7 16:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: Invalid user monica from 50.235.31.47
May  7 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: input_userauth_request: invalid user monica [preauth]
May  7 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 16:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: Failed password for invalid user monica from 50.235.31.47 port 57448 ssh2
May  7 16:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[901]: Connection closed by 50.235.31.47 port 57448 [preauth]
May  7 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user p13x
May  7 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1024]: Successful su for rubyman by root
May  7 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1024]: + ??? root:rubyman
May  7 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347772 of user rubyman.
May  7 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1024]: pam_unix(su:session): session closed for user rubyman
May  7 16:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347772.
May  7 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30274]: pam_unix(cron:session): session closed for user root
May  7 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session closed for user samftp
May  7 16:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Invalid user pi from 80.94.95.116
May  7 16:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: input_userauth_request: invalid user pi [preauth]
May  7 16:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 16:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Failed password for invalid user pi from 80.94.95.116 port 52840 ssh2
May  7 16:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1278]: Connection closed by 80.94.95.116 port 52840 [preauth]
May  7 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32335]: pam_unix(cron:session): session closed for user root
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1419]: pam_unix(cron:session): session closed for user p13x
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: Successful su for rubyman by root
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: + ??? root:rubyman
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347778 of user rubyman.
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1506]: pam_unix(su:session): session closed for user rubyman
May  7 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347778.
May  7 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30678]: pam_unix(cron:session): session closed for user root
May  7 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session closed for user samftp
May  7 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Invalid user ron from 64.23.161.151
May  7 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: input_userauth_request: invalid user ron [preauth]
May  7 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Failed password for invalid user ron from 64.23.161.151 port 47690 ssh2
May  7 16:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1801]: Connection closed by 64.23.161.151 port 47690 [preauth]
May  7 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[467]: pam_unix(cron:session): session closed for user root
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1943]: pam_unix(cron:session): session closed for user root
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session closed for user p13x
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: Successful su for rubyman by root
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: + ??? root:rubyman
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347782 of user rubyman.
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2050]: pam_unix(su:session): session closed for user rubyman
May  7 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347782.
May  7 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1910]: pam_unix(cron:session): session closed for user root
May  7 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session closed for user root
May  7 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session closed for user samftp
May  7 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[952]: pam_unix(cron:session): session closed for user root
May  7 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2429]: pam_unix(cron:session): session closed for user p13x
May  7 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: Successful su for rubyman by root
May  7 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: + ??? root:rubyman
May  7 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347788 of user rubyman.
May  7 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2503]: pam_unix(su:session): session closed for user rubyman
May  7 16:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347788.
May  7 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session closed for user root
May  7 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session closed for user samftp
May  7 16:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 16:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Failed password for root from 80.94.95.125 port 22010 ssh2
May  7 16:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 22010 ssh2]
May  7 16:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Received disconnect from 80.94.95.125 port 22010:11: Bye [preauth]
May  7 16:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: Disconnected from 80.94.95.125 port 22010 [preauth]
May  7 16:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 16:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2744]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 16:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1423]: pam_unix(cron:session): session closed for user root
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user p13x
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: Successful su for rubyman by root
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: + ??? root:rubyman
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347790 of user rubyman.
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: pam_unix(su:session): session closed for user rubyman
May  7 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347790.
May  7 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32334]: pam_unix(cron:session): session closed for user root
May  7 16:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user samftp
May  7 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1912]: pam_unix(cron:session): session closed for user root
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session closed for user p13x
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: Successful su for rubyman by root
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: + ??? root:rubyman
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347794 of user rubyman.
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3345]: pam_unix(su:session): session closed for user rubyman
May  7 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347794.
May  7 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[466]: pam_unix(cron:session): session closed for user root
May  7 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user samftp
May  7 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session closed for user root
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3729]: pam_unix(cron:session): session closed for user p13x
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: Successful su for rubyman by root
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: + ??? root:rubyman
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347798 of user rubyman.
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3791]: pam_unix(su:session): session closed for user rubyman
May  7 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347798.
May  7 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session closed for user root
May  7 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3730]: pam_unix(cron:session): session closed for user samftp
May  7 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user root
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user root
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4158]: pam_unix(cron:session): session closed for user p13x
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4227]: Successful su for rubyman by root
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4227]: + ??? root:rubyman
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347802 of user rubyman.
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4227]: pam_unix(su:session): session closed for user rubyman
May  7 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347802.
May  7 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user root
May  7 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session closed for user root
May  7 16:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4159]: pam_unix(cron:session): session closed for user samftp
May  7 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user root
May  7 16:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4753]: pam_unix(cron:session): session closed for user p13x
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: Successful su for rubyman by root
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: + ??? root:rubyman
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347808 of user rubyman.
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: pam_unix(su:session): session closed for user rubyman
May  7 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347808.
May  7 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1911]: pam_unix(cron:session): session closed for user root
May  7 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4754]: pam_unix(cron:session): session closed for user samftp
May  7 16:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Invalid user admin from 80.94.95.241
May  7 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: input_userauth_request: invalid user admin [preauth]
May  7 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 16:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for invalid user admin from 80.94.95.241 port 44483 ssh2
May  7 16:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for invalid user admin from 80.94.95.241 port 44483 ssh2
May  7 16:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for invalid user admin from 80.94.95.241 port 44483 ssh2
May  7 16:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3732]: pam_unix(cron:session): session closed for user root
May  7 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for invalid user admin from 80.94.95.241 port 44483 ssh2
May  7 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for invalid user admin from 80.94.95.241 port 44483 ssh2
May  7 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Received disconnect from 80.94.95.241 port 44483:11: Bye [preauth]
May  7 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Disconnected from 80.94.95.241 port 44483 [preauth]
May  7 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 16:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5376]: pam_unix(cron:session): session closed for user p13x
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: Successful su for rubyman by root
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: + ??? root:rubyman
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347813 of user rubyman.
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5446]: pam_unix(su:session): session closed for user rubyman
May  7 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347813.
May  7 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session closed for user root
May  7 16:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5378]: pam_unix(cron:session): session closed for user samftp
May  7 16:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session closed for user root
May  7 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Invalid user ron from 64.23.161.151
May  7 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: input_userauth_request: invalid user ron [preauth]
May  7 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Failed password for invalid user ron from 64.23.161.151 port 50852 ssh2
May  7 16:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5897]: Connection closed by 64.23.161.151 port 50852 [preauth]
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5928]: pam_unix(cron:session): session closed for user p13x
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5992]: Successful su for rubyman by root
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5992]: + ??? root:rubyman
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5992]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347816 of user rubyman.
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5992]: pam_unix(su:session): session closed for user rubyman
May  7 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347816.
May  7 16:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user root
May  7 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5929]: pam_unix(cron:session): session closed for user samftp
May  7 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Failed password for root from 218.92.0.179 port 39421 ssh2
May  7 16:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39421 ssh2]
May  7 16:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Received disconnect from 218.92.0.179 port 39421:11:  [preauth]
May  7 16:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Disconnected from 218.92.0.179 port 39421 [preauth]
May  7 16:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Invalid user user from 80.94.95.115
May  7 16:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: input_userauth_request: invalid user user [preauth]
May  7 16:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 16:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Failed password for invalid user user from 80.94.95.115 port 61738 ssh2
May  7 16:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Connection closed by 80.94.95.115 port 61738 [preauth]
May  7 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4756]: pam_unix(cron:session): session closed for user root
May  7 16:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection reset by 218.92.0.252 port 13324 [preauth]
May  7 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6355]: pam_unix(cron:session): session closed for user p13x
May  7 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6416]: Successful su for rubyman by root
May  7 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6416]: + ??? root:rubyman
May  7 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347821 of user rubyman.
May  7 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6416]: pam_unix(su:session): session closed for user rubyman
May  7 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347821.
May  7 16:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user root
May  7 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6356]: pam_unix(cron:session): session closed for user samftp
May  7 16:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5381]: pam_unix(cron:session): session closed for user root
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6762]: pam_unix(cron:session): session closed for user root
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6757]: pam_unix(cron:session): session closed for user p13x
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: Successful su for rubyman by root
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: + ??? root:rubyman
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347826 of user rubyman.
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6832]: pam_unix(su:session): session closed for user rubyman
May  7 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347826.
May  7 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6759]: pam_unix(cron:session): session closed for user root
May  7 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3731]: pam_unix(cron:session): session closed for user root
May  7 16:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6758]: pam_unix(cron:session): session closed for user samftp
May  7 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5931]: pam_unix(cron:session): session closed for user root
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7307]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7306]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7306]: pam_unix(cron:session): session closed for user p13x
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7369]: Successful su for rubyman by root
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7369]: + ??? root:rubyman
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347830 of user rubyman.
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7369]: pam_unix(su:session): session closed for user rubyman
May  7 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347830.
May  7 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session closed for user root
May  7 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7307]: pam_unix(cron:session): session closed for user samftp
May  7 16:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6358]: pam_unix(cron:session): session closed for user root
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7826]: pam_unix(cron:session): session closed for user p13x
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: Successful su for rubyman by root
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: + ??? root:rubyman
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347835 of user rubyman.
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7886]: pam_unix(su:session): session closed for user rubyman
May  7 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347835.
May  7 16:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4755]: pam_unix(cron:session): session closed for user root
May  7 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7827]: pam_unix(cron:session): session closed for user samftp
May  7 16:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6761]: pam_unix(cron:session): session closed for user root
May  7 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8251]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8250]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8250]: pam_unix(cron:session): session closed for user p13x
May  7 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8309]: Successful su for rubyman by root
May  7 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8309]: + ??? root:rubyman
May  7 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347839 of user rubyman.
May  7 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8309]: pam_unix(su:session): session closed for user rubyman
May  7 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347839.
May  7 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5380]: pam_unix(cron:session): session closed for user root
May  7 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8251]: pam_unix(cron:session): session closed for user samftp
May  7 16:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.212.126.23  user=root
May  7 16:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8574]: Failed password for root from 83.212.126.23 port 41370 ssh2
May  7 16:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8574]: Connection closed by 83.212.126.23 port 41370 [preauth]
May  7 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7309]: pam_unix(cron:session): session closed for user root
May  7 16:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Invalid user dspace from 164.68.105.9
May  7 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: input_userauth_request: invalid user dspace [preauth]
May  7 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 16:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Failed password for invalid user dspace from 164.68.105.9 port 35428 ssh2
May  7 16:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8622]: Connection closed by 164.68.105.9 port 35428 [preauth]
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8671]: pam_unix(cron:session): session closed for user p13x
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8802]: Successful su for rubyman by root
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8802]: + ??? root:rubyman
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347844 of user rubyman.
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8802]: pam_unix(su:session): session closed for user rubyman
May  7 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347844.
May  7 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8669]: pam_unix(cron:session): session closed for user root
May  7 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5930]: pam_unix(cron:session): session closed for user root
May  7 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8672]: pam_unix(cron:session): session closed for user samftp
May  7 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session closed for user root
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9303]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session closed for user root
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9303]: pam_unix(cron:session): session closed for user p13x
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: Successful su for rubyman by root
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: + ??? root:rubyman
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347847 of user rubyman.
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session closed for user rubyman
May  7 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347847.
May  7 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session closed for user root
May  7 16:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6357]: pam_unix(cron:session): session closed for user root
May  7 16:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user samftp
May  7 16:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8253]: pam_unix(cron:session): session closed for user root
May  7 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Invalid user hubble from 64.23.161.151
May  7 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: input_userauth_request: invalid user hubble [preauth]
May  7 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Failed password for invalid user hubble from 64.23.161.151 port 57202 ssh2
May  7 16:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9728]: Connection closed by 64.23.161.151 port 57202 [preauth]
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9740]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9740]: pam_unix(cron:session): session closed for user p13x
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9811]: Successful su for rubyman by root
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9811]: + ??? root:rubyman
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347855 of user rubyman.
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9811]: pam_unix(su:session): session closed for user rubyman
May  7 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347855.
May  7 16:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6760]: pam_unix(cron:session): session closed for user root
May  7 16:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9742]: pam_unix(cron:session): session closed for user samftp
May  7 16:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.212.126.23  user=root
May  7 16:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Failed password for root from 83.212.126.23 port 48598 ssh2
May  7 16:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9996]: Connection closed by 83.212.126.23 port 48598 [preauth]
May  7 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: Invalid user pi from 83.212.126.23
May  7 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: input_userauth_request: invalid user pi [preauth]
May  7 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.212.126.23
May  7 16:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: Failed password for invalid user pi from 83.212.126.23 port 51636 ssh2
May  7 16:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: Connection closed by 83.212.126.23 port 51636 [preauth]
May  7 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Invalid user hive from 83.212.126.23
May  7 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: input_userauth_request: invalid user hive [preauth]
May  7 16:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8675]: pam_unix(cron:session): session closed for user root
May  7 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10058]: Connection reset by 83.212.126.23 port 51664 [preauth]
May  7 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Connection reset by 83.212.126.23 port 51200 [preauth]
May  7 16:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10039]: Connection reset by 83.212.126.23 port 51648 [preauth]
May  7 16:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10155]: pam_unix(cron:session): session closed for user p13x
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10302]: Successful su for rubyman by root
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10302]: + ??? root:rubyman
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347857 of user rubyman.
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10302]: pam_unix(su:session): session closed for user rubyman
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347857.
May  7 16:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for root from 218.92.0.179 port 43960 ssh2
May  7 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7308]: pam_unix(cron:session): session closed for user root
May  7 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for root from 218.92.0.179 port 43960 ssh2
May  7 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10156]: pam_unix(cron:session): session closed for user samftp
May  7 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for root from 218.92.0.179 port 43960 ssh2
May  7 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Received disconnect from 218.92.0.179 port 43960:11:  [preauth]
May  7 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Disconnected from 218.92.0.179 port 43960 [preauth]
May  7 16:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user root
May  7 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10697]: pam_unix(cron:session): session closed for user p13x
May  7 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: Successful su for rubyman by root
May  7 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: + ??? root:rubyman
May  7 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347862 of user rubyman.
May  7 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10783]: pam_unix(su:session): session closed for user rubyman
May  7 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347862.
May  7 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7828]: pam_unix(cron:session): session closed for user root
May  7 16:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10698]: pam_unix(cron:session): session closed for user samftp
May  7 16:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9744]: pam_unix(cron:session): session closed for user root
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session closed for user p13x
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11181]: Successful su for rubyman by root
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11181]: + ??? root:rubyman
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347865 of user rubyman.
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11181]: pam_unix(su:session): session closed for user rubyman
May  7 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347865.
May  7 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8252]: pam_unix(cron:session): session closed for user root
May  7 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session closed for user samftp
May  7 16:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10158]: pam_unix(cron:session): session closed for user root
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11517]: pam_unix(cron:session): session closed for user root
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11511]: pam_unix(cron:session): session closed for user p13x
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11585]: Successful su for rubyman by root
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11585]: + ??? root:rubyman
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11585]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347871 of user rubyman.
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11585]: pam_unix(su:session): session closed for user rubyman
May  7 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347871.
May  7 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11514]: pam_unix(cron:session): session closed for user root
May  7 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8674]: pam_unix(cron:session): session closed for user root
May  7 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11513]: pam_unix(cron:session): session closed for user samftp
May  7 16:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 16:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: Failed password for root from 194.0.234.19 port 36090 ssh2
May  7 16:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11790]: Connection closed by 194.0.234.19 port 36090 [preauth]
May  7 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10700]: pam_unix(cron:session): session closed for user root
May  7 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session closed for user p13x
May  7 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12003]: Successful su for rubyman by root
May  7 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12003]: + ??? root:rubyman
May  7 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347875 of user rubyman.
May  7 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12003]: pam_unix(su:session): session closed for user rubyman
May  7 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347875.
May  7 16:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session closed for user root
May  7 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session closed for user samftp
May  7 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session closed for user root
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12344]: pam_unix(cron:session): session closed for user p13x
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12402]: Successful su for rubyman by root
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12402]: + ??? root:rubyman
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347881 of user rubyman.
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12402]: pam_unix(su:session): session closed for user rubyman
May  7 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347881.
May  7 16:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9743]: pam_unix(cron:session): session closed for user root
May  7 16:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12345]: pam_unix(cron:session): session closed for user samftp
May  7 16:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 16:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Failed password for root from 218.92.0.215 port 36332 ssh2
May  7 16:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: message repeated 3 times: [ Failed password for root from 218.92.0.215 port 36332 ssh2]
May  7 16:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11516]: pam_unix(cron:session): session closed for user root
May  7 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Failed password for root from 218.92.0.215 port 36332 ssh2
May  7 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 36332 ssh2 [preauth]
May  7 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: Disconnecting: Too many authentication failures [preauth]
May  7 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12609]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 16:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 16:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Failed password for root from 218.92.0.215 port 51400 ssh2
May  7 16:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: message repeated 5 times: [ Failed password for root from 218.92.0.215 port 51400 ssh2]
May  7 16:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 51400 ssh2 [preauth]
May  7 16:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: Disconnecting: Too many authentication failures [preauth]
May  7 16:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 16:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12675]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 16:47:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12738]: pam_unix(cron:session): session closed for user p13x
May  7 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: Successful su for rubyman by root
May  7 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: + ??? root:rubyman
May  7 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347885 of user rubyman.
May  7 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12796]: pam_unix(su:session): session closed for user rubyman
May  7 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347885.
May  7 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10157]: pam_unix(cron:session): session closed for user root
May  7 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12739]: pam_unix(cron:session): session closed for user samftp
May  7 16:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session closed for user root
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13127]: pam_unix(cron:session): session closed for user p13x
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: Successful su for rubyman by root
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: + ??? root:rubyman
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347887 of user rubyman.
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13186]: pam_unix(su:session): session closed for user rubyman
May  7 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347887.
May  7 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10699]: pam_unix(cron:session): session closed for user root
May  7 16:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13128]: pam_unix(cron:session): session closed for user samftp
May  7 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Invalid user scanner from 64.23.161.151
May  7 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: input_userauth_request: invalid user scanner [preauth]
May  7 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Failed password for invalid user scanner from 64.23.161.151 port 47596 ssh2
May  7 16:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Connection closed by 64.23.161.151 port 47596 [preauth]
May  7 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12347]: pam_unix(cron:session): session closed for user root
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13628]: pam_unix(cron:session): session closed for user root
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13622]: pam_unix(cron:session): session closed for user p13x
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13696]: Successful su for rubyman by root
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13696]: + ??? root:rubyman
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347891 of user rubyman.
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13696]: pam_unix(su:session): session closed for user rubyman
May  7 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347891.
May  7 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13625]: pam_unix(cron:session): session closed for user root
May  7 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session closed for user root
May  7 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13623]: pam_unix(cron:session): session closed for user samftp
May  7 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12741]: pam_unix(cron:session): session closed for user root
May  7 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14060]: pam_unix(cron:session): session closed for user p13x
May  7 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: Successful su for rubyman by root
May  7 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: + ??? root:rubyman
May  7 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347897 of user rubyman.
May  7 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14126]: pam_unix(su:session): session closed for user rubyman
May  7 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347897.
May  7 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11515]: pam_unix(cron:session): session closed for user root
May  7 16:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14061]: pam_unix(cron:session): session closed for user samftp
May  7 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13130]: pam_unix(cron:session): session closed for user root
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14465]: pam_unix(cron:session): session closed for user p13x
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: Successful su for rubyman by root
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: + ??? root:rubyman
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347902 of user rubyman.
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: pam_unix(su:session): session closed for user rubyman
May  7 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347902.
May  7 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session closed for user root
May  7 16:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user samftp
May  7 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13627]: pam_unix(cron:session): session closed for user root
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user p13x
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14943]: Successful su for rubyman by root
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14943]: + ??? root:rubyman
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347905 of user rubyman.
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14943]: pam_unix(su:session): session closed for user rubyman
May  7 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347905.
May  7 16:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12346]: pam_unix(cron:session): session closed for user root
May  7 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user samftp
May  7 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14063]: pam_unix(cron:session): session closed for user root
May  7 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session closed for user p13x
May  7 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: Successful su for rubyman by root
May  7 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: + ??? root:rubyman
May  7 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347910 of user rubyman.
May  7 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: pam_unix(su:session): session closed for user rubyman
May  7 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347910.
May  7 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12740]: pam_unix(cron:session): session closed for user root
May  7 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user samftp
May  7 16:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Failed password for root from 218.92.0.179 port 35794 ssh2
May  7 16:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35794 ssh2]
May  7 16:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Received disconnect from 218.92.0.179 port 35794:11:  [preauth]
May  7 16:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: Disconnected from 218.92.0.179 port 35794 [preauth]
May  7 16:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15522]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session closed for user root
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session closed for user root
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session closed for user p13x
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: Successful su for rubyman by root
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: + ??? root:rubyman
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347915 of user rubyman.
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: pam_unix(su:session): session closed for user rubyman
May  7 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347915.
May  7 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user root
May  7 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13129]: pam_unix(cron:session): session closed for user root
May  7 16:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user samftp
May  7 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user root
May  7 16:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Invalid user admin from 80.94.95.112
May  7 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: input_userauth_request: invalid user admin [preauth]
May  7 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user admin from 80.94.95.112 port 38118 ssh2
May  7 16:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user admin from 80.94.95.112 port 38118 ssh2
May  7 16:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user admin from 80.94.95.112 port 38118 ssh2
May  7 16:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user admin from 80.94.95.112 port 38118 ssh2
May  7 16:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user admin from 80.94.95.112 port 38118 ssh2
May  7 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Received disconnect from 80.94.95.112 port 38118:11: Bye [preauth]
May  7 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Disconnected from 80.94.95.112 port 38118 [preauth]
May  7 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 16:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 16:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16093]: pam_unix(cron:session): session closed for user p13x
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16159]: Successful su for rubyman by root
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16159]: + ??? root:rubyman
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347919 of user rubyman.
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16159]: pam_unix(su:session): session closed for user rubyman
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Invalid user user1 from 85.208.84.5
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: input_userauth_request: invalid user user1 [preauth]
May  7 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347919.
May  7 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 16:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Failed password for invalid user user1 from 85.208.84.5 port 63058 ssh2
May  7 16:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16081]: Connection closed by 85.208.84.5 port 63058 [preauth]
May  7 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13626]: pam_unix(cron:session): session closed for user root
May  7 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16094]: pam_unix(cron:session): session closed for user samftp
May  7 16:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
May  7 16:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session closed for user p13x
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: Successful su for rubyman by root
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: + ??? root:rubyman
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347924 of user rubyman.
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session closed for user rubyman
May  7 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347924.
May  7 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 218.92.0.179 port 60606 ssh2
May  7 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14062]: pam_unix(cron:session): session closed for user root
May  7 16:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 218.92.0.179 port 60606 ssh2
May  7 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session closed for user samftp
May  7 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for root from 218.92.0.179 port 60606 ssh2
May  7 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Received disconnect from 218.92.0.179 port 60606:11:  [preauth]
May  7 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Disconnected from 218.92.0.179 port 60606 [preauth]
May  7 16:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Invalid user force from 64.23.161.151
May  7 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: input_userauth_request: invalid user force [preauth]
May  7 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 16:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Failed password for invalid user force from 64.23.161.151 port 37110 ssh2
May  7 16:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16838]: Connection closed by 64.23.161.151 port 37110 [preauth]
May  7 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user root
May  7 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16967]: pam_unix(cron:session): session closed for user p13x
May  7 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: Successful su for rubyman by root
May  7 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: + ??? root:rubyman
May  7 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347927 of user rubyman.
May  7 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: pam_unix(su:session): session closed for user rubyman
May  7 16:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347927.
May  7 16:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Invalid user edvaldo from 190.103.202.7
May  7 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: input_userauth_request: invalid user edvaldo [preauth]
May  7 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user root
May  7 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Failed password for invalid user edvaldo from 190.103.202.7 port 52630 ssh2
May  7 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17094]: Connection closed by 190.103.202.7 port 52630 [preauth]
May  7 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16968]: pam_unix(cron:session): session closed for user samftp
May  7 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session closed for user root
May  7 16:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Invalid user feixiang from 46.244.96.25
May  7 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: input_userauth_request: invalid user feixiang [preauth]
May  7 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: pam_unix(sshd:auth): check pass; user unknown
May  7 16:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Failed password for invalid user feixiang from 46.244.96.25 port 41578 ssh2
May  7 16:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Connection closed by 46.244.96.25 port 41578 [preauth]
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session closed for user p13x
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17429]: Successful su for rubyman by root
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17429]: + ??? root:rubyman
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347932 of user rubyman.
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17429]: pam_unix(su:session): session closed for user rubyman
May  7 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347932.
May  7 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user root
May  7 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session closed for user samftp
May  7 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16513]: pam_unix(cron:session): session closed for user root
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17894]: pam_unix(cron:session): session closed for user root
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17898]: pam_unix(cron:session): session closed for user root
May  7 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17892]: pam_unix(cron:session): session closed for user p13x
May  7 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: Successful su for rubyman by root
May  7 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: + ??? root:rubyman
May  7 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347936 of user rubyman.
May  7 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17994]: pam_unix(su:session): session closed for user rubyman
May  7 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347936.
May  7 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17895]: pam_unix(cron:session): session closed for user root
May  7 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user root
May  7 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17893]: pam_unix(cron:session): session closed for user samftp
May  7 17:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 17:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Failed password for root from 80.94.95.125 port 63042 ssh2
May  7 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 63042 ssh2]
May  7 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Received disconnect from 80.94.95.125 port 63042:11: Bye [preauth]
May  7 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: Disconnected from 80.94.95.125 port 63042 [preauth]
May  7 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 17:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18252]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16970]: pam_unix(cron:session): session closed for user root
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18416]: pam_unix(cron:session): session closed for user p13x
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18487]: Successful su for rubyman by root
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18487]: + ??? root:rubyman
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347944 of user rubyman.
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18487]: pam_unix(su:session): session closed for user rubyman
May  7 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347944.
May  7 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user root
May  7 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18417]: pam_unix(cron:session): session closed for user samftp
May  7 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session closed for user root
May  7 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18809]: Failed password for root from 218.92.0.208 port 53590 ssh2
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18830]: pam_unix(cron:session): session closed for user p13x
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: Successful su for rubyman by root
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: + ??? root:rubyman
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347947 of user rubyman.
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18891]: pam_unix(su:session): session closed for user rubyman
May  7 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347947.
May  7 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user root
May  7 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18831]: pam_unix(cron:session): session closed for user samftp
May  7 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17897]: pam_unix(cron:session): session closed for user root
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19225]: pam_unix(cron:session): session closed for user p13x
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: Successful su for rubyman by root
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: + ??? root:rubyman
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347951 of user rubyman.
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19298]: pam_unix(su:session): session closed for user rubyman
May  7 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347951.
May  7 17:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user root
May  7 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19226]: pam_unix(cron:session): session closed for user samftp
May  7 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18419]: pam_unix(cron:session): session closed for user root
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19654]: pam_unix(cron:session): session closed for user p13x
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19721]: Successful su for rubyman by root
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19721]: + ??? root:rubyman
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347956 of user rubyman.
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19721]: pam_unix(su:session): session closed for user rubyman
May  7 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347956.
May  7 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16969]: pam_unix(cron:session): session closed for user root
May  7 17:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19655]: pam_unix(cron:session): session closed for user samftp
May  7 17:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Invalid user admin from 80.94.95.241
May  7 17:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: input_userauth_request: invalid user admin [preauth]
May  7 17:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Failed password for invalid user admin from 80.94.95.241 port 14611 ssh2
May  7 17:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Failed password for invalid user admin from 80.94.95.241 port 14611 ssh2
May  7 17:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Failed password for invalid user admin from 80.94.95.241 port 14611 ssh2
May  7 17:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Failed password for invalid user admin from 80.94.95.241 port 14611 ssh2
May  7 17:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Failed password for invalid user admin from 80.94.95.241 port 14611 ssh2
May  7 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Received disconnect from 80.94.95.241 port 14611:11: Bye [preauth]
May  7 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: Disconnected from 80.94.95.241 port 14611 [preauth]
May  7 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 17:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19903]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Invalid user user1 from 85.208.84.5
May  7 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: input_userauth_request: invalid user user1 [preauth]
May  7 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Failed password for invalid user user1 from 85.208.84.5 port 37794 ssh2
May  7 17:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19945]: Connection closed by 85.208.84.5 port 37794 [preauth]
May  7 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session closed for user root
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20074]: pam_unix(cron:session): session closed for user root
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20069]: pam_unix(cron:session): session closed for user p13x
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: Successful su for rubyman by root
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: + ??? root:rubyman
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347960 of user rubyman.
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: pam_unix(su:session): session closed for user rubyman
May  7 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347960.
May  7 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20071]: pam_unix(cron:session): session closed for user root
May  7 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session closed for user root
May  7 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20070]: pam_unix(cron:session): session closed for user samftp
May  7 17:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19228]: pam_unix(cron:session): session closed for user root
May  7 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Invalid user aws from 64.23.161.151
May  7 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: input_userauth_request: invalid user aws [preauth]
May  7 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Failed password for invalid user aws from 64.23.161.151 port 37956 ssh2
May  7 17:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20435]: Connection closed by 64.23.161.151 port 37956 [preauth]
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20499]: pam_unix(cron:session): session closed for user p13x
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: Successful su for rubyman by root
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: + ??? root:rubyman
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347966 of user rubyman.
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20567]: pam_unix(su:session): session closed for user rubyman
May  7 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347966.
May  7 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17896]: pam_unix(cron:session): session closed for user root
May  7 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session closed for user samftp
May  7 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19657]: pam_unix(cron:session): session closed for user root
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20918]: pam_unix(cron:session): session closed for user p13x
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20985]: Successful su for rubyman by root
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20985]: + ??? root:rubyman
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347968 of user rubyman.
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20985]: pam_unix(su:session): session closed for user rubyman
May  7 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347968.
May  7 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18418]: pam_unix(cron:session): session closed for user root
May  7 17:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20919]: pam_unix(cron:session): session closed for user samftp
May  7 17:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20073]: pam_unix(cron:session): session closed for user root
May  7 17:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Failed password for root from 218.92.0.179 port 29983 ssh2
May  7 17:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 29983 ssh2]
May  7 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Received disconnect from 218.92.0.179 port 29983:11:  [preauth]
May  7 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: Disconnected from 218.92.0.179 port 29983 [preauth]
May  7 17:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21258]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21362]: pam_unix(cron:session): session closed for user p13x
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: Successful su for rubyman by root
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: + ??? root:rubyman
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347973 of user rubyman.
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21420]: pam_unix(su:session): session closed for user rubyman
May  7 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347973.
May  7 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session closed for user root
May  7 17:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21363]: pam_unix(cron:session): session closed for user samftp
May  7 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session closed for user root
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22051]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22050]: pam_unix(cron:session): session closed for user p13x
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22203]: Successful su for rubyman by root
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22203]: + ??? root:rubyman
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347977 of user rubyman.
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22203]: pam_unix(su:session): session closed for user rubyman
May  7 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347977.
May  7 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22047]: pam_unix(cron:session): session closed for user root
May  7 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19227]: pam_unix(cron:session): session closed for user root
May  7 17:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22051]: pam_unix(cron:session): session closed for user samftp
May  7 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20921]: pam_unix(cron:session): session closed for user root
May  7 17:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 17:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for root from 80.94.95.125 port 19738 ssh2
May  7 17:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 19738 ssh2]
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22646]: pam_unix(cron:session): session closed for user root
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22641]: pam_unix(cron:session): session closed for user p13x
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: Successful su for rubyman by root
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: + ??? root:rubyman
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347982 of user rubyman.
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22717]: pam_unix(su:session): session closed for user rubyman
May  7 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347982.
May  7 17:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for root from 80.94.95.125 port 19738 ssh2
May  7 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22643]: pam_unix(cron:session): session closed for user root
May  7 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19656]: pam_unix(cron:session): session closed for user root
May  7 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Failed password for root from 80.94.95.125 port 19738 ssh2
May  7 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Received disconnect from 80.94.95.125 port 19738:11: Bye [preauth]
May  7 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: Disconnected from 80.94.95.125 port 19738 [preauth]
May  7 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 17:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22630]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22642]: pam_unix(cron:session): session closed for user samftp
May  7 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Invalid user F from 195.178.110.50
May  7 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: input_userauth_request: invalid user F [preauth]
May  7 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 17:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Failed password for invalid user F from 195.178.110.50 port 35746 ssh2
May  7 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22619]: Connection closed by 195.178.110.50 port 35746 [preauth]
May  7 17:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Invalid user g from 195.178.110.50
May  7 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: input_userauth_request: invalid user g [preauth]
May  7 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 17:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Failed password for invalid user g from 195.178.110.50 port 2082 ssh2
May  7 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Connection closed by 195.178.110.50 port 2082 [preauth]
May  7 17:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21365]: pam_unix(cron:session): session closed for user root
May  7 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Invalid user * from 195.178.110.50
May  7 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: input_userauth_request: invalid user * [preauth]
May  7 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 17:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Failed password for invalid user * from 195.178.110.50 port 7440 ssh2
May  7 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23046]: Connection closed by 195.178.110.50 port 7440 [preauth]
May  7 17:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23135]: Connection closed by 172.104.11.4 port 58220 [preauth]
May  7 17:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23150]: pam_unix(cron:session): session closed for user p13x
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23231]: Successful su for rubyman by root
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23231]: + ??? root:rubyman
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347987 of user rubyman.
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23231]: pam_unix(su:session): session closed for user rubyman
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347987.
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23137]: Connection closed by 172.104.11.4 port 58238 [preauth]
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23252]: fatal: Unable to negotiate with 172.104.11.4 port 58240: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  7 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: Invalid user K from 195.178.110.50
May  7 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: input_userauth_request: invalid user K [preauth]
May  7 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20072]: pam_unix(cron:session): session closed for user root
May  7 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: Failed password for invalid user K from 195.178.110.50 port 44922 ssh2
May  7 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23151]: pam_unix(cron:session): session closed for user samftp
May  7 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23115]: Connection closed by 195.178.110.50 port 44922 [preauth]
May  7 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Invalid user l from 195.178.110.50
May  7 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: input_userauth_request: invalid user l [preauth]
May  7 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 17:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Failed password for invalid user l from 195.178.110.50 port 54090 ssh2
May  7 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23508]: Connection closed by 195.178.110.50 port 54090 [preauth]
May  7 17:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user root
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23663]: pam_unix(cron:session): session closed for user p13x
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23725]: Successful su for rubyman by root
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23725]: + ??? root:rubyman
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347991 of user rubyman.
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23725]: pam_unix(su:session): session closed for user rubyman
May  7 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347991.
May  7 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session closed for user root
May  7 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23664]: pam_unix(cron:session): session closed for user samftp
May  7 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22645]: pam_unix(cron:session): session closed for user root
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24180]: pam_unix(cron:session): session closed for user p13x
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24252]: Successful su for rubyman by root
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24252]: + ??? root:rubyman
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 347996 of user rubyman.
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24252]: pam_unix(su:session): session closed for user rubyman
May  7 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 347996.
May  7 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20920]: pam_unix(cron:session): session closed for user root
May  7 17:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24181]: pam_unix(cron:session): session closed for user samftp
May  7 17:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23153]: pam_unix(cron:session): session closed for user root
May  7 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Invalid user gcloud from 64.23.161.151
May  7 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: input_userauth_request: invalid user gcloud [preauth]
May  7 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Failed password for invalid user gcloud from 64.23.161.151 port 35610 ssh2
May  7 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24591]: Connection closed by 64.23.161.151 port 35610 [preauth]
May  7 17:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Invalid user mainuser from 193.176.251.229
May  7 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: input_userauth_request: invalid user mainuser [preauth]
May  7 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Failed password for invalid user mainuser from 193.176.251.229 port 58784 ssh2
May  7 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Received disconnect from 193.176.251.229 port 58784:11: Bye Bye [preauth]
May  7 17:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24613]: Disconnected from 193.176.251.229 port 58784 [preauth]
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24626]: pam_unix(cron:session): session closed for user p13x
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: Successful su for rubyman by root
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: + ??? root:rubyman
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348001 of user rubyman.
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24692]: pam_unix(su:session): session closed for user rubyman
May  7 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348001.
May  7 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21364]: pam_unix(cron:session): session closed for user root
May  7 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session closed for user samftp
May  7 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23666]: pam_unix(cron:session): session closed for user root
May  7 17:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Invalid user lenovo from 190.103.202.7
May  7 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: input_userauth_request: invalid user lenovo [preauth]
May  7 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 17:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Failed password for invalid user lenovo from 190.103.202.7 port 54062 ssh2
May  7 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25028]: Connection closed by 190.103.202.7 port 54062 [preauth]
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25052]: pam_unix(cron:session): session closed for user root
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25047]: pam_unix(cron:session): session closed for user p13x
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: Successful su for rubyman by root
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: + ??? root:rubyman
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348003 of user rubyman.
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25113]: pam_unix(su:session): session closed for user rubyman
May  7 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348003.
May  7 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session closed for user root
May  7 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session closed for user root
May  7 17:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session closed for user samftp
May  7 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session closed for user root
May  7 17:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: Failed password for root from 218.92.0.179 port 10704 ssh2
May  7 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10704 ssh2]
May  7 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: Received disconnect from 218.92.0.179 port 10704:11:  [preauth]
May  7 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: Disconnected from 218.92.0.179 port 10704 [preauth]
May  7 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25462]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25489]: pam_unix(cron:session): session closed for user p13x
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25567]: Successful su for rubyman by root
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25567]: + ??? root:rubyman
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348010 of user rubyman.
May  7 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25567]: pam_unix(su:session): session closed for user rubyman
May  7 17:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348010.
May  7 17:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22644]: pam_unix(cron:session): session closed for user root
May  7 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25490]: pam_unix(cron:session): session closed for user samftp
May  7 17:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user root
May  7 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Failed password for root from 194.0.234.19 port 19620 ssh2
May  7 17:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25895]: Connection closed by 194.0.234.19 port 19620 [preauth]
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25991]: pam_unix(cron:session): session closed for user root
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25993]: pam_unix(cron:session): session closed for user p13x
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26060]: Successful su for rubyman by root
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26060]: + ??? root:rubyman
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348013 of user rubyman.
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26060]: pam_unix(su:session): session closed for user rubyman
May  7 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348013.
May  7 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23152]: pam_unix(cron:session): session closed for user root
May  7 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25994]: pam_unix(cron:session): session closed for user samftp
May  7 17:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session closed for user root
May  7 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session closed for user p13x
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: Successful su for rubyman by root
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: + ??? root:rubyman
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348018 of user rubyman.
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26544]: pam_unix(su:session): session closed for user rubyman
May  7 17:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348018.
May  7 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23665]: pam_unix(cron:session): session closed for user root
May  7 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session closed for user samftp
May  7 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25492]: pam_unix(cron:session): session closed for user root
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26881]: pam_unix(cron:session): session closed for user p13x
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26970]: Successful su for rubyman by root
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26970]: + ??? root:rubyman
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348023 of user rubyman.
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26970]: pam_unix(su:session): session closed for user rubyman
May  7 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348023.
May  7 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24182]: pam_unix(cron:session): session closed for user root
May  7 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26882]: pam_unix(cron:session): session closed for user samftp
May  7 17:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: Failed password for root from 193.176.251.229 port 48976 ssh2
May  7 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: Received disconnect from 193.176.251.229 port 48976:11: Bye Bye [preauth]
May  7 17:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27202]: Disconnected from 193.176.251.229 port 48976 [preauth]
May  7 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25996]: pam_unix(cron:session): session closed for user root
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27379]: pam_unix(cron:session): session closed for user root
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27370]: pam_unix(cron:session): session closed for user p13x
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: Successful su for rubyman by root
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: + ??? root:rubyman
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348028 of user rubyman.
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27477]: pam_unix(su:session): session closed for user rubyman
May  7 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348028.
May  7 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27372]: pam_unix(cron:session): session closed for user root
May  7 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user root
May  7 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27371]: pam_unix(cron:session): session closed for user samftp
May  7 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26401]: pam_unix(cron:session): session closed for user root
May  7 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27863]: pam_unix(cron:session): session closed for user p13x
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27935]: Successful su for rubyman by root
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27935]: + ??? root:rubyman
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27935]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348033 of user rubyman.
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27935]: pam_unix(su:session): session closed for user rubyman
May  7 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348033.
May  7 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session closed for user root
May  7 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27864]: pam_unix(cron:session): session closed for user samftp
May  7 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26884]: pam_unix(cron:session): session closed for user root
May  7 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Invalid user gpadmin from 64.23.161.151
May  7 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: input_userauth_request: invalid user gpadmin [preauth]
May  7 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Failed password for invalid user gpadmin from 64.23.161.151 port 44956 ssh2
May  7 17:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28267]: Connection closed by 64.23.161.151 port 44956 [preauth]
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28278]: pam_unix(cron:session): session closed for user p13x
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: Successful su for rubyman by root
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: + ??? root:rubyman
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348036 of user rubyman.
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28337]: pam_unix(su:session): session closed for user rubyman
May  7 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348036.
May  7 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25491]: pam_unix(cron:session): session closed for user root
May  7 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28279]: pam_unix(cron:session): session closed for user samftp
May  7 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session closed for user root
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session closed for user p13x
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: Successful su for rubyman by root
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: + ??? root:rubyman
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348043 of user rubyman.
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28740]: pam_unix(su:session): session closed for user rubyman
May  7 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348043.
May  7 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25995]: pam_unix(cron:session): session closed for user root
May  7 17:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session closed for user samftp
May  7 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27866]: pam_unix(cron:session): session closed for user root
May  7 17:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Invalid user ubuntu from 193.176.251.229
May  7 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: input_userauth_request: invalid user ubuntu [preauth]
May  7 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Failed password for invalid user ubuntu from 193.176.251.229 port 38389 ssh2
May  7 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Received disconnect from 193.176.251.229 port 38389:11: Bye Bye [preauth]
May  7 17:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29151]: Disconnected from 193.176.251.229 port 38389 [preauth]
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user p13x
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: Successful su for rubyman by root
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: + ??? root:rubyman
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348044 of user rubyman.
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29238]: pam_unix(su:session): session closed for user rubyman
May  7 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348044.
May  7 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session closed for user root
May  7 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29175]: pam_unix(cron:session): session closed for user samftp
May  7 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28281]: pam_unix(cron:session): session closed for user root
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29600]: pam_unix(cron:session): session closed for user root
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29595]: pam_unix(cron:session): session closed for user p13x
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: Successful su for rubyman by root
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: + ??? root:rubyman
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348052 of user rubyman.
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29665]: pam_unix(su:session): session closed for user rubyman
May  7 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348052.
May  7 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29597]: pam_unix(cron:session): session closed for user root
May  7 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26883]: pam_unix(cron:session): session closed for user root
May  7 17:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29596]: pam_unix(cron:session): session closed for user samftp
May  7 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Failed password for root from 80.94.95.115 port 23508 ssh2
May  7 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29714]: Connection closed by 80.94.95.115 port 23508 [preauth]
May  7 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28681]: pam_unix(cron:session): session closed for user root
May  7 17:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Failed password for root from 218.92.0.179 port 48032 ssh2
May  7 17:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Failed password for root from 218.92.0.179 port 48032 ssh2
May  7 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: Connection reset by 218.92.0.179 port 48032 [preauth]
May  7 17:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29992]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30033]: pam_unix(cron:session): session closed for user p13x
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: Successful su for rubyman by root
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: + ??? root:rubyman
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348055 of user rubyman.
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30108]: pam_unix(su:session): session closed for user rubyman
May  7 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348055.
May  7 17:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27373]: pam_unix(cron:session): session closed for user root
May  7 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30034]: pam_unix(cron:session): session closed for user samftp
May  7 17:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session closed for user root
May  7 17:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Failed password for root from 46.244.96.25 port 48320 ssh2
May  7 17:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30350]: Connection closed by 46.244.96.25 port 48320 [preauth]
May  7 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30440]: pam_unix(cron:session): session closed for user p13x
May  7 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: Successful su for rubyman by root
May  7 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: + ??? root:rubyman
May  7 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348059 of user rubyman.
May  7 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30503]: pam_unix(su:session): session closed for user rubyman
May  7 17:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348059.
May  7 17:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27865]: pam_unix(cron:session): session closed for user root
May  7 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session closed for user samftp
May  7 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session closed for user root
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30830]: pam_unix(cron:session): session closed for user p13x
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: Successful su for rubyman by root
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: + ??? root:rubyman
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348062 of user rubyman.
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30894]: pam_unix(su:session): session closed for user rubyman
May  7 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348062.
May  7 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28280]: pam_unix(cron:session): session closed for user root
May  7 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session closed for user samftp
May  7 17:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30036]: pam_unix(cron:session): session closed for user root
May  7 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Failed password for root from 193.176.251.229 port 56038 ssh2
May  7 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Received disconnect from 193.176.251.229 port 56038:11: Bye Bye [preauth]
May  7 17:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31245]: Disconnected from 193.176.251.229 port 56038 [preauth]
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user p13x
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31395]: Successful su for rubyman by root
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31395]: + ??? root:rubyman
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31395]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348068 of user rubyman.
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31395]: pam_unix(su:session): session closed for user rubyman
May  7 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348068.
May  7 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28680]: pam_unix(cron:session): session closed for user root
May  7 17:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31334]: pam_unix(cron:session): session closed for user samftp
May  7 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session closed for user root
May  7 17:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Invalid user admin from 80.94.95.112
May  7 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: input_userauth_request: invalid user admin [preauth]
May  7 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 17:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user admin from 80.94.95.112 port 6327 ssh2
May  7 17:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user admin from 80.94.95.112 port 6327 ssh2
May  7 17:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user admin from 80.94.95.112 port 6327 ssh2
May  7 17:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user admin from 80.94.95.112 port 6327 ssh2
May  7 17:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Failed password for invalid user admin from 80.94.95.112 port 6327 ssh2
May  7 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Received disconnect from 80.94.95.112 port 6327:11: Bye [preauth]
May  7 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: Disconnected from 80.94.95.112 port 6327 [preauth]
May  7 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31732]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31776]: pam_unix(cron:session): session closed for user root
May  7 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session closed for user p13x
May  7 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31840]: Successful su for rubyman by root
May  7 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31840]: + ??? root:rubyman
May  7 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348070 of user rubyman.
May  7 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31840]: pam_unix(su:session): session closed for user rubyman
May  7 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348070.
May  7 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session closed for user root
May  7 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user root
May  7 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session closed for user samftp
May  7 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Invalid user abed from 64.23.161.151
May  7 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: input_userauth_request: invalid user abed [preauth]
May  7 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Failed password for invalid user abed from 64.23.161.151 port 39452 ssh2
May  7 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32335]: Connection closed by 64.23.161.151 port 39452 [preauth]
May  7 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user root
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32513]: pam_unix(cron:session): session closed for user p13x
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: Successful su for rubyman by root
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: + ??? root:rubyman
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348077 of user rubyman.
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32589]: pam_unix(su:session): session closed for user rubyman
May  7 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348077.
May  7 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session closed for user root
May  7 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32515]: pam_unix(cron:session): session closed for user samftp
May  7 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session closed for user root
May  7 17:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 17:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Failed password for root from 218.92.0.210 port 7510 ssh2
May  7 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 7510 ssh2]
May  7 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 7510 ssh2 [preauth]
May  7 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: Disconnecting: Too many authentication failures [preauth]
May  7 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 17:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[576]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 17:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Failed password for root from 218.92.0.210 port 19324 ssh2
May  7 17:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Failed password for root from 218.92.0.210 port 19324 ssh2
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[647]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[646]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[646]: pam_unix(cron:session): session closed for user p13x
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[721]: Successful su for rubyman by root
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[721]: + ??? root:rubyman
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348080 of user rubyman.
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[721]: pam_unix(su:session): session closed for user rubyman
May  7 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348080.
May  7 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Failed password for root from 218.92.0.210 port 19324 ssh2
May  7 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30035]: pam_unix(cron:session): session closed for user root
May  7 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[647]: pam_unix(cron:session): session closed for user samftp
May  7 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Failed password for root from 218.92.0.210 port 19324 ssh2
May  7 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 19324 ssh2]
May  7 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 19324 ssh2 [preauth]
May  7 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: Disconnecting: Too many authentication failures [preauth]
May  7 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 17:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[632]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 17:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31775]: pam_unix(cron:session): session closed for user root
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1119]: pam_unix(cron:session): session closed for user p13x
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: Successful su for rubyman by root
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: + ??? root:rubyman
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348085 of user rubyman.
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1193]: pam_unix(su:session): session closed for user rubyman
May  7 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348085.
May  7 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user root
May  7 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1120]: pam_unix(cron:session): session closed for user samftp
May  7 17:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Failed password for root from 193.176.251.229 port 45449 ssh2
May  7 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Received disconnect from 193.176.251.229 port 45449:11: Bye Bye [preauth]
May  7 17:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1421]: Disconnected from 193.176.251.229 port 45449 [preauth]
May  7 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32517]: pam_unix(cron:session): session closed for user root
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session closed for user p13x
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: Successful su for rubyman by root
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: + ??? root:rubyman
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348088 of user rubyman.
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1676]: pam_unix(su:session): session closed for user rubyman
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348088.
May  7 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Connection reset by 218.92.0.210 port 18552 [preauth]
May  7 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Invalid user nagios from 164.68.105.9
May  7 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: input_userauth_request: invalid user nagios [preauth]
May  7 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user root
May  7 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Failed password for invalid user nagios from 164.68.105.9 port 59838 ssh2
May  7 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1727]: Connection closed by 164.68.105.9 port 59838 [preauth]
May  7 17:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1608]: pam_unix(cron:session): session closed for user samftp
May  7 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session closed for user root
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2139]: pam_unix(cron:session): session closed for user root
May  7 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2134]: pam_unix(cron:session): session closed for user p13x
May  7 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: Successful su for rubyman by root
May  7 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: + ??? root:rubyman
May  7 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348094 of user rubyman.
May  7 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2207]: pam_unix(su:session): session closed for user rubyman
May  7 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348094.
May  7 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2136]: pam_unix(cron:session): session closed for user root
May  7 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session closed for user root
May  7 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2135]: pam_unix(cron:session): session closed for user samftp
May  7 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1123]: pam_unix(cron:session): session closed for user root
May  7 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2600]: pam_unix(cron:session): session closed for user p13x
May  7 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2670]: Successful su for rubyman by root
May  7 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2670]: + ??? root:rubyman
May  7 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348099 of user rubyman.
May  7 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2670]: pam_unix(su:session): session closed for user rubyman
May  7 17:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348099.
May  7 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31774]: pam_unix(cron:session): session closed for user root
May  7 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2601]: pam_unix(cron:session): session closed for user samftp
May  7 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1611]: pam_unix(cron:session): session closed for user root
May  7 17:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Invalid user admin from 80.94.95.241
May  7 17:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: input_userauth_request: invalid user admin [preauth]
May  7 17:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for invalid user admin from 80.94.95.241 port 12720 ssh2
May  7 17:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for invalid user admin from 80.94.95.241 port 12720 ssh2
May  7 17:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for invalid user admin from 80.94.95.241 port 12720 ssh2
May  7 17:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for invalid user admin from 80.94.95.241 port 12720 ssh2
May  7 17:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3031]: pam_unix(cron:session): session closed for user p13x
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: Successful su for rubyman by root
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: + ??? root:rubyman
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348102 of user rubyman.
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3091]: pam_unix(su:session): session closed for user rubyman
May  7 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348102.
May  7 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for invalid user admin from 80.94.95.241 port 12720 ssh2
May  7 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Received disconnect from 80.94.95.241 port 12720:11: Bye [preauth]
May  7 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Disconnected from 80.94.95.241 port 12720 [preauth]
May  7 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 17:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32516]: pam_unix(cron:session): session closed for user root
May  7 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session closed for user samftp
May  7 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 17:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Failed password for root from 194.0.234.19 port 27112 ssh2
May  7 17:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Connection closed by 194.0.234.19 port 27112 [preauth]
May  7 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2138]: pam_unix(cron:session): session closed for user root
May  7 17:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3402]: Did not receive identification string from 196.251.114.29
May  7 17:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Invalid user work from 193.176.251.229
May  7 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: input_userauth_request: invalid user work [preauth]
May  7 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Failed password for invalid user work from 193.176.251.229 port 34861 ssh2
May  7 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Received disconnect from 193.176.251.229 port 34861:11: Bye Bye [preauth]
May  7 17:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3446]: Disconnected from 193.176.251.229 port 34861 [preauth]
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3467]: pam_unix(cron:session): session closed for user p13x
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: Successful su for rubyman by root
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: + ??? root:rubyman
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348106 of user rubyman.
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3530]: pam_unix(su:session): session closed for user rubyman
May  7 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348106.
May  7 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[649]: pam_unix(cron:session): session closed for user root
May  7 17:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3468]: pam_unix(cron:session): session closed for user samftp
May  7 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Invalid user atik from 64.23.161.151
May  7 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: input_userauth_request: invalid user atik [preauth]
May  7 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Failed password for invalid user atik from 64.23.161.151 port 32892 ssh2
May  7 17:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3792]: Connection closed by 64.23.161.151 port 32892 [preauth]
May  7 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2603]: pam_unix(cron:session): session closed for user root
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3890]: pam_unix(cron:session): session closed for user p13x
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4049]: Successful su for rubyman by root
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4049]: + ??? root:rubyman
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348111 of user rubyman.
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4049]: pam_unix(su:session): session closed for user rubyman
May  7 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348111.
May  7 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3887]: pam_unix(cron:session): session closed for user root
May  7 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1122]: pam_unix(cron:session): session closed for user root
May  7 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3891]: pam_unix(cron:session): session closed for user samftp
May  7 17:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user root
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session closed for user root
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session closed for user p13x
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: Successful su for rubyman by root
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: + ??? root:rubyman
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348115 of user rubyman.
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4646]: pam_unix(su:session): session closed for user rubyman
May  7 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348115.
May  7 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1610]: pam_unix(cron:session): session closed for user root
May  7 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session closed for user root
May  7 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session closed for user samftp
May  7 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3470]: pam_unix(cron:session): session closed for user root
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session closed for user p13x
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5287]: Successful su for rubyman by root
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5287]: + ??? root:rubyman
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348122 of user rubyman.
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5287]: pam_unix(su:session): session closed for user rubyman
May  7 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348122.
May  7 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2137]: pam_unix(cron:session): session closed for user root
May  7 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session closed for user samftp
May  7 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3893]: pam_unix(cron:session): session closed for user root
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5694]: pam_unix(cron:session): session closed for user p13x
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: Successful su for rubyman by root
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: + ??? root:rubyman
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348127 of user rubyman.
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5758]: pam_unix(su:session): session closed for user rubyman
May  7 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348127.
May  7 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2602]: pam_unix(cron:session): session closed for user root
May  7 17:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5695]: pam_unix(cron:session): session closed for user samftp
May  7 17:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Invalid user gt from 193.176.251.229
May  7 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: input_userauth_request: invalid user gt [preauth]
May  7 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Failed password for invalid user gt from 193.176.251.229 port 52498 ssh2
May  7 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Received disconnect from 193.176.251.229 port 52498:11: Bye Bye [preauth]
May  7 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6103]: Disconnected from 193.176.251.229 port 52498 [preauth]
May  7 17:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4581]: pam_unix(cron:session): session closed for user root
May  7 17:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Failed password for root from 218.92.0.179 port 56444 ssh2
May  7 17:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56444 ssh2]
May  7 17:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Received disconnect from 218.92.0.179 port 56444:11:  [preauth]
May  7 17:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Disconnected from 218.92.0.179 port 56444 [preauth]
May  7 17:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6201]: pam_unix(cron:session): session closed for user p13x
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6265]: Successful su for rubyman by root
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6265]: + ??? root:rubyman
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348129 of user rubyman.
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6265]: pam_unix(su:session): session closed for user rubyman
May  7 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348129.
May  7 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3034]: pam_unix(cron:session): session closed for user root
May  7 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session closed for user samftp
May  7 17:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session closed for user root
May  7 17:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Failed password for root from 80.94.95.125 port 47485 ssh2
May  7 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 47485 ssh2]
May  7 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Received disconnect from 80.94.95.125 port 47485:11: Bye [preauth]
May  7 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: Disconnected from 80.94.95.125 port 47485 [preauth]
May  7 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 17:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6511]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6599]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6597]: pam_unix(cron:session): session closed for user p13x
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6669]: Successful su for rubyman by root
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6669]: + ??? root:rubyman
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348134 of user rubyman.
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6669]: pam_unix(su:session): session closed for user rubyman
May  7 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348134.
May  7 17:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3469]: pam_unix(cron:session): session closed for user root
May  7 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: Failed password for root from 218.92.0.179 port 27879 ssh2
May  7 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: Failed password for root from 218.92.0.179 port 27879 ssh2
May  7 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6599]: pam_unix(cron:session): session closed for user samftp
May  7 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: Failed password for root from 218.92.0.179 port 27879 ssh2
May  7 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: Received disconnect from 218.92.0.179 port 27879:11:  [preauth]
May  7 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: Disconnected from 218.92.0.179 port 27879 [preauth]
May  7 17:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6611]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5699]: pam_unix(cron:session): session closed for user root
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7121]: pam_unix(cron:session): session closed for user root
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7114]: pam_unix(cron:session): session closed for user p13x
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: Successful su for rubyman by root
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: + ??? root:rubyman
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348141 of user rubyman.
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7192]: pam_unix(su:session): session closed for user rubyman
May  7 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348141.
May  7 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7117]: pam_unix(cron:session): session closed for user root
May  7 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3892]: pam_unix(cron:session): session closed for user root
May  7 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7116]: pam_unix(cron:session): session closed for user samftp
May  7 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user root
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7653]: pam_unix(cron:session): session closed for user p13x
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: Successful su for rubyman by root
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: + ??? root:rubyman
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348144 of user rubyman.
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7731]: pam_unix(su:session): session closed for user rubyman
May  7 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348144.
May  7 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4580]: pam_unix(cron:session): session closed for user root
May  7 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7655]: pam_unix(cron:session): session closed for user samftp
May  7 17:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 17:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Failed password for root from 218.92.0.203 port 7698 ssh2
May  7 17:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Failed password for root from 218.92.0.203 port 7698 ssh2
May  7 17:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: message repeated 2 times: [ Failed password for root from 218.92.0.203 port 7698 ssh2]
May  7 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6601]: pam_unix(cron:session): session closed for user root
May  7 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Failed password for root from 218.92.0.203 port 7698 ssh2
May  7 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 7698 ssh2 [preauth]
May  7 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: Disconnecting: Too many authentication failures [preauth]
May  7 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 17:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7958]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 17:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 17:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Failed password for root from 218.92.0.203 port 40678 ssh2
May  7 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Invalid user bappi from 64.23.161.151
May  7 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: input_userauth_request: invalid user bappi [preauth]
May  7 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Failed password for invalid user bappi from 64.23.161.151 port 45954 ssh2
May  7 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8047]: Connection closed by 64.23.161.151 port 45954 [preauth]
May  7 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Failed password for root from 218.92.0.203 port 40678 ssh2
May  7 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: message repeated 4 times: [ Failed password for root from 218.92.0.203 port 40678 ssh2]
May  7 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 40678 ssh2 [preauth]
May  7 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: Disconnecting: Too many authentication failures [preauth]
May  7 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8036]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 17:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 17:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Failed password for root from 218.92.0.203 port 59522 ssh2
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Received disconnect from 218.92.0.203 port 59522:11:  [preauth]
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8092]: Disconnected from 218.92.0.203 port 59522 [preauth]
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8106]: pam_unix(cron:session): session closed for user p13x
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8184]: Successful su for rubyman by root
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8184]: + ??? root:rubyman
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348147 of user rubyman.
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8184]: pam_unix(su:session): session closed for user rubyman
May  7 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348147.
May  7 17:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session closed for user root
May  7 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8107]: pam_unix(cron:session): session closed for user samftp
May  7 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Invalid user ftpsecure from 193.176.251.229
May  7 17:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: input_userauth_request: invalid user ftpsecure [preauth]
May  7 17:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Failed password for invalid user ftpsecure from 193.176.251.229 port 41906 ssh2
May  7 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Received disconnect from 193.176.251.229 port 41906:11: Bye Bye [preauth]
May  7 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8373]: Disconnected from 193.176.251.229 port 41906 [preauth]
May  7 17:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7119]: pam_unix(cron:session): session closed for user root
May  7 17:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Invalid user user from 85.208.84.5
May  7 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: input_userauth_request: invalid user user [preauth]
May  7 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Failed password for invalid user user from 85.208.84.5 port 48908 ssh2
May  7 17:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Connection closed by 85.208.84.5 port 48908 [preauth]
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8538]: pam_unix(cron:session): session closed for user p13x
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: Successful su for rubyman by root
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: + ??? root:rubyman
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348151 of user rubyman.
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8607]: pam_unix(su:session): session closed for user rubyman
May  7 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348151.
May  7 17:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5697]: pam_unix(cron:session): session closed for user root
May  7 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8539]: pam_unix(cron:session): session closed for user samftp
May  7 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7657]: pam_unix(cron:session): session closed for user root
May  7 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8967]: pam_unix(cron:session): session closed for user p13x
May  7 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9029]: Successful su for rubyman by root
May  7 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9029]: + ??? root:rubyman
May  7 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348156 of user rubyman.
May  7 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9029]: pam_unix(su:session): session closed for user rubyman
May  7 17:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348156.
May  7 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session closed for user root
May  7 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8969]: pam_unix(cron:session): session closed for user samftp
May  7 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8111]: pam_unix(cron:session): session closed for user root
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9494]: pam_unix(cron:session): session closed for user root
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9489]: pam_unix(cron:session): session closed for user p13x
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: Successful su for rubyman by root
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: + ??? root:rubyman
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348161 of user rubyman.
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9558]: pam_unix(su:session): session closed for user rubyman
May  7 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348161.
May  7 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9491]: pam_unix(cron:session): session closed for user root
May  7 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6600]: pam_unix(cron:session): session closed for user root
May  7 17:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9490]: pam_unix(cron:session): session closed for user samftp
May  7 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8544]: pam_unix(cron:session): session closed for user root
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9919]: pam_unix(cron:session): session closed for user p13x
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9989]: Successful su for rubyman by root
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9989]: + ??? root:rubyman
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348166 of user rubyman.
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9989]: pam_unix(su:session): session closed for user rubyman
May  7 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348166.
May  7 17:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7118]: pam_unix(cron:session): session closed for user root
May  7 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9920]: pam_unix(cron:session): session closed for user samftp
May  7 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8971]: pam_unix(cron:session): session closed for user root
May  7 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Invalid user temp from 193.176.251.229
May  7 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: input_userauth_request: invalid user temp [preauth]
May  7 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Failed password for invalid user temp from 193.176.251.229 port 59539 ssh2
May  7 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Received disconnect from 193.176.251.229 port 59539:11: Bye Bye [preauth]
May  7 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10367]: Disconnected from 193.176.251.229 port 59539 [preauth]
May  7 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10425]: pam_unix(cron:session): session closed for user p13x
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10496]: Successful su for rubyman by root
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10496]: + ??? root:rubyman
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348169 of user rubyman.
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10496]: pam_unix(su:session): session closed for user rubyman
May  7 17:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348169.
May  7 17:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7656]: pam_unix(cron:session): session closed for user root
May  7 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10426]: pam_unix(cron:session): session closed for user samftp
May  7 17:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9493]: pam_unix(cron:session): session closed for user root
May  7 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10894]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10895]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10894]: pam_unix(cron:session): session closed for user p13x
May  7 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10952]: Successful su for rubyman by root
May  7 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10952]: + ??? root:rubyman
May  7 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348173 of user rubyman.
May  7 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10952]: pam_unix(su:session): session closed for user rubyman
May  7 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348173.
May  7 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8110]: pam_unix(cron:session): session closed for user root
May  7 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10895]: pam_unix(cron:session): session closed for user samftp
May  7 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9922]: pam_unix(cron:session): session closed for user root
May  7 17:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Failed password for root from 218.92.0.179 port 54933 ssh2
May  7 17:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54933 ssh2]
May  7 17:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Received disconnect from 218.92.0.179 port 54933:11:  [preauth]
May  7 17:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: Disconnected from 218.92.0.179 port 54933 [preauth]
May  7 17:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11228]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11300]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11299]: pam_unix(cron:session): session closed for user p13x
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11357]: Successful su for rubyman by root
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11357]: + ??? root:rubyman
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348177 of user rubyman.
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11357]: pam_unix(su:session): session closed for user rubyman
May  7 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348177.
May  7 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8540]: pam_unix(cron:session): session closed for user root
May  7 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11300]: pam_unix(cron:session): session closed for user samftp
May  7 17:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10428]: pam_unix(cron:session): session closed for user root
May  7 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Invalid user cmsupport from 64.23.161.151
May  7 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: input_userauth_request: invalid user cmsupport [preauth]
May  7 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Failed password for invalid user cmsupport from 64.23.161.151 port 47602 ssh2
May  7 17:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11684]: Connection closed by 64.23.161.151 port 47602 [preauth]
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11702]: pam_unix(cron:session): session closed for user root
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11697]: pam_unix(cron:session): session closed for user p13x
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: Successful su for rubyman by root
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: + ??? root:rubyman
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348183 of user rubyman.
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11766]: pam_unix(su:session): session closed for user rubyman
May  7 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348183.
May  7 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11699]: pam_unix(cron:session): session closed for user root
May  7 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8970]: pam_unix(cron:session): session closed for user root
May  7 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11698]: pam_unix(cron:session): session closed for user samftp
May  7 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10898]: pam_unix(cron:session): session closed for user root
May  7 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12119]: pam_unix(cron:session): session closed for user p13x
May  7 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12185]: Successful su for rubyman by root
May  7 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12185]: + ??? root:rubyman
May  7 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348187 of user rubyman.
May  7 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12185]: pam_unix(su:session): session closed for user rubyman
May  7 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348187.
May  7 17:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9492]: pam_unix(cron:session): session closed for user root
May  7 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12120]: pam_unix(cron:session): session closed for user samftp
May  7 17:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Failed password for root from 218.92.0.179 port 40928 ssh2
May  7 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Invalid user nagios from 193.176.251.229
May  7 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: input_userauth_request: invalid user nagios [preauth]
May  7 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): check pass; user unknown
May  7 17:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 17:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Failed password for root from 218.92.0.179 port 40928 ssh2
May  7 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Failed password for invalid user nagios from 193.176.251.229 port 48945 ssh2
May  7 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Received disconnect from 193.176.251.229 port 48945:11: Bye Bye [preauth]
May  7 17:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12408]: Disconnected from 193.176.251.229 port 48945 [preauth]
May  7 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Failed password for root from 218.92.0.179 port 40928 ssh2
May  7 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Received disconnect from 218.92.0.179 port 40928:11:  [preauth]
May  7 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: Disconnected from 218.92.0.179 port 40928 [preauth]
May  7 17:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12393]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11302]: pam_unix(cron:session): session closed for user root
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12530]: pam_unix(cron:session): session closed for user p13x
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12590]: Successful su for rubyman by root
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12590]: + ??? root:rubyman
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348191 of user rubyman.
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12590]: pam_unix(su:session): session closed for user rubyman
May  7 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348191.
May  7 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9921]: pam_unix(cron:session): session closed for user root
May  7 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12531]: pam_unix(cron:session): session closed for user samftp
May  7 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11701]: pam_unix(cron:session): session closed for user root
May  7 17:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 17:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Failed password for root from 194.0.234.19 port 57460 ssh2
May  7 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12911]: Connection closed by 194.0.234.19 port 57460 [preauth]
May  7 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12914]: pam_unix(cron:session): session closed for user p13x
May  7 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12974]: Successful su for rubyman by root
May  7 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12974]: + ??? root:rubyman
May  7 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348195 of user rubyman.
May  7 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12974]: pam_unix(su:session): session closed for user rubyman
May  7 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348195.
May  7 17:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10427]: pam_unix(cron:session): session closed for user root
May  7 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12915]: pam_unix(cron:session): session closed for user samftp
May  7 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 17:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13191]: Connection closed by 42.81.126.78 port 49566 [preauth]
May  7 17:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12122]: pam_unix(cron:session): session closed for user root
May  7 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13322]: pam_unix(cron:session): session closed for user p13x
May  7 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13384]: Successful su for rubyman by root
May  7 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13384]: + ??? root:rubyman
May  7 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348199 of user rubyman.
May  7 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13384]: pam_unix(su:session): session closed for user rubyman
May  7 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348199.
May  7 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10897]: pam_unix(cron:session): session closed for user root
May  7 17:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13323]: pam_unix(cron:session): session closed for user samftp
May  7 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12533]: pam_unix(cron:session): session closed for user root
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13829]: pam_unix(cron:session): session closed for user root
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13825]: pam_unix(cron:session): session closed for user root
May  7 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user p13x
May  7 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: Successful su for rubyman by root
May  7 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: + ??? root:rubyman
May  7 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348205 of user rubyman.
May  7 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13919]: pam_unix(su:session): session closed for user rubyman
May  7 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348205.
May  7 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13826]: pam_unix(cron:session): session closed for user root
May  7 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11301]: pam_unix(cron:session): session closed for user root
May  7 18:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13824]: pam_unix(cron:session): session closed for user samftp
May  7 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12917]: pam_unix(cron:session): session closed for user root
May  7 18:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14322]: pam_unix(cron:session): session closed for user p13x
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14391]: Successful su for rubyman by root
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14391]: + ??? root:rubyman
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348210 of user rubyman.
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14391]: pam_unix(su:session): session closed for user rubyman
May  7 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348210.
May  7 18:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for root from 193.176.251.229 port 38358 ssh2
May  7 18:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Received disconnect from 193.176.251.229 port 38358:11: Bye Bye [preauth]
May  7 18:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Disconnected from 193.176.251.229 port 38358 [preauth]
May  7 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11700]: pam_unix(cron:session): session closed for user root
May  7 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14307]: Connection closed by 194.164.107.6 port 57586 [preauth]
May  7 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14323]: pam_unix(cron:session): session closed for user samftp
May  7 18:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Failed password for root from 218.92.0.179 port 29240 ssh2
May  7 18:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 29240 ssh2]
May  7 18:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Received disconnect from 218.92.0.179 port 29240:11:  [preauth]
May  7 18:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: Disconnected from 218.92.0.179 port 29240 [preauth]
May  7 18:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14624]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13326]: pam_unix(cron:session): session closed for user root
May  7 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14743]: pam_unix(cron:session): session closed for user p13x
May  7 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14803]: Successful su for rubyman by root
May  7 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14803]: + ??? root:rubyman
May  7 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348216 of user rubyman.
May  7 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14803]: pam_unix(su:session): session closed for user rubyman
May  7 18:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348216.
May  7 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12121]: pam_unix(cron:session): session closed for user root
May  7 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14744]: pam_unix(cron:session): session closed for user samftp
May  7 18:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13828]: pam_unix(cron:session): session closed for user root
May  7 18:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Invalid user  from 195.178.110.50
May  7 18:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: input_userauth_request: invalid user  [preauth]
May  7 18:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Failed password for invalid user  from 195.178.110.50 port 51394 ssh2
May  7 18:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15052]: Connection closed by 195.178.110.50 port 51394 [preauth]
May  7 18:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session closed for user p13x
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15209]: Successful su for rubyman by root
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15209]: + ??? root:rubyman
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348219 of user rubyman.
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15209]: pam_unix(su:session): session closed for user rubyman
May  7 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348219.
May  7 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: Invalid user P from 195.178.110.50
May  7 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: input_userauth_request: invalid user P [preauth]
May  7 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12532]: pam_unix(cron:session): session closed for user root
May  7 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: Failed password for invalid user P from 195.178.110.50 port 4088 ssh2
May  7 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15149]: pam_unix(cron:session): session closed for user samftp
May  7 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: Connection closed by 195.178.110.50 port 4088 [preauth]
May  7 18:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Invalid user dipon from 64.23.161.151
May  7 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: input_userauth_request: invalid user dipon [preauth]
May  7 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Failed password for invalid user dipon from 64.23.161.151 port 37750 ssh2
May  7 18:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15395]: Connection closed by 64.23.161.151 port 37750 [preauth]
May  7 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: Invalid user q from 195.178.110.50
May  7 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: input_userauth_request: invalid user q [preauth]
May  7 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Invalid user admin from 80.94.95.112
May  7 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: input_userauth_request: invalid user admin [preauth]
May  7 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 18:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: Failed password for invalid user q from 195.178.110.50 port 28018 ssh2
May  7 18:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for invalid user admin from 80.94.95.112 port 43456 ssh2
May  7 18:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for invalid user admin from 80.94.95.112 port 43456 ssh2
May  7 18:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15394]: Connection closed by 195.178.110.50 port 28018 [preauth]
May  7 18:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for invalid user admin from 80.94.95.112 port 43456 ssh2
May  7 18:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for invalid user admin from 80.94.95.112 port 43456 ssh2
May  7 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14325]: pam_unix(cron:session): session closed for user root
May  7 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for invalid user admin from 80.94.95.112 port 43456 ssh2
May  7 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Received disconnect from 80.94.95.112 port 43456:11: Bye [preauth]
May  7 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Disconnected from 80.94.95.112 port 43456 [preauth]
May  7 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 18:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Invalid user 4 from 195.178.110.50
May  7 18:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: input_userauth_request: invalid user 4 [preauth]
May  7 18:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Failed password for invalid user 4 from 195.178.110.50 port 64762 ssh2
May  7 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15458]: Connection closed by 195.178.110.50 port 64762 [preauth]
May  7 18:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15547]: pam_unix(cron:session): session closed for user p13x
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15608]: Successful su for rubyman by root
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15608]: + ??? root:rubyman
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348222 of user rubyman.
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15608]: pam_unix(su:session): session closed for user rubyman
May  7 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348222.
May  7 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12916]: pam_unix(cron:session): session closed for user root
May  7 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Invalid user U from 195.178.110.50
May  7 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: input_userauth_request: invalid user U [preauth]
May  7 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user samftp
May  7 18:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Failed password for invalid user U from 195.178.110.50 port 49394 ssh2
May  7 18:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15528]: Connection closed by 195.178.110.50 port 49394 [preauth]
May  7 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14746]: pam_unix(cron:session): session closed for user root
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15946]: pam_unix(cron:session): session closed for user root
May  7 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15941]: pam_unix(cron:session): session closed for user p13x
May  7 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: Successful su for rubyman by root
May  7 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: + ??? root:rubyman
May  7 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348227 of user rubyman.
May  7 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16011]: pam_unix(su:session): session closed for user rubyman
May  7 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348227.
May  7 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15943]: pam_unix(cron:session): session closed for user root
May  7 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13324]: pam_unix(cron:session): session closed for user root
May  7 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15942]: pam_unix(cron:session): session closed for user samftp
May  7 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Invalid user steam from 80.94.95.115
May  7 18:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: input_userauth_request: invalid user steam [preauth]
May  7 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 18:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Failed password for invalid user steam from 80.94.95.115 port 58502 ssh2
May  7 18:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16243]: Connection closed by 80.94.95.115 port 58502 [preauth]
May  7 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15151]: pam_unix(cron:session): session closed for user root
May  7 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Invalid user aryan from 193.176.251.229
May  7 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: input_userauth_request: invalid user aryan [preauth]
May  7 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Failed password for invalid user aryan from 193.176.251.229 port 56000 ssh2
May  7 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Received disconnect from 193.176.251.229 port 56000:11: Bye Bye [preauth]
May  7 18:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16281]: Disconnected from 193.176.251.229 port 56000 [preauth]
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session closed for user p13x
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: Successful su for rubyman by root
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: + ??? root:rubyman
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348233 of user rubyman.
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16421]: pam_unix(su:session): session closed for user rubyman
May  7 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348233.
May  7 18:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13827]: pam_unix(cron:session): session closed for user root
May  7 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session closed for user samftp
May  7 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user root
May  7 18:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Failed password for root from 218.92.0.179 port 30071 ssh2
May  7 18:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 30071 ssh2]
May  7 18:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Received disconnect from 218.92.0.179 port 30071:11:  [preauth]
May  7 18:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: Disconnected from 218.92.0.179 port 30071 [preauth]
May  7 18:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16796]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16816]: pam_unix(cron:session): session closed for user p13x
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: Successful su for rubyman by root
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: + ??? root:rubyman
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348236 of user rubyman.
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16888]: pam_unix(su:session): session closed for user rubyman
May  7 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348236.
May  7 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14324]: pam_unix(cron:session): session closed for user root
May  7 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16817]: pam_unix(cron:session): session closed for user samftp
May  7 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15945]: pam_unix(cron:session): session closed for user root
May  7 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session closed for user p13x
May  7 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17305]: Successful su for rubyman by root
May  7 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17305]: + ??? root:rubyman
May  7 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348241 of user rubyman.
May  7 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17305]: pam_unix(su:session): session closed for user rubyman
May  7 18:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348241.
May  7 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14745]: pam_unix(cron:session): session closed for user root
May  7 18:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17241]: pam_unix(cron:session): session closed for user samftp
May  7 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16351]: pam_unix(cron:session): session closed for user root
May  7 18:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17652]: Failed password for root from 50.235.31.47 port 43080 ssh2
May  7 18:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17652]: Connection closed by 50.235.31.47 port 43080 [preauth]
May  7 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17657]: pam_unix(cron:session): session closed for user p13x
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: Successful su for rubyman by root
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: + ??? root:rubyman
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348244 of user rubyman.
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17888]: pam_unix(su:session): session closed for user rubyman
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348244.
May  7 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17655]: pam_unix(cron:session): session closed for user root
May  7 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15150]: pam_unix(cron:session): session closed for user root
May  7 18:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session closed for user samftp
May  7 18:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Invalid user admin from 80.94.95.241
May  7 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: input_userauth_request: invalid user admin [preauth]
May  7 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user admin from 80.94.95.241 port 42110 ssh2
May  7 18:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16819]: pam_unix(cron:session): session closed for user root
May  7 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user admin from 80.94.95.241 port 42110 ssh2
May  7 18:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user admin from 80.94.95.241 port 42110 ssh2
May  7 18:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user admin from 80.94.95.241 port 42110 ssh2
May  7 18:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Failed password for invalid user admin from 80.94.95.241 port 42110 ssh2
May  7 18:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Received disconnect from 80.94.95.241 port 42110:11: Bye [preauth]
May  7 18:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: Disconnected from 80.94.95.241 port 42110 [preauth]
May  7 18:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 18:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18187]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user root
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18271]: pam_unix(cron:session): session closed for user p13x
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: Successful su for rubyman by root
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: + ??? root:rubyman
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348253 of user rubyman.
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18348]: pam_unix(su:session): session closed for user rubyman
May  7 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348253.
May  7 18:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: Failed password for root from 218.92.0.179 port 59846 ssh2
May  7 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session closed for user root
May  7 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user root
May  7 18:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: Failed password for root from 218.92.0.179 port 59846 ssh2
May  7 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Invalid user trade from 193.176.251.229
May  7 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: input_userauth_request: invalid user trade [preauth]
May  7 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18272]: pam_unix(cron:session): session closed for user samftp
May  7 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: Failed password for root from 218.92.0.179 port 59846 ssh2
May  7 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: Received disconnect from 218.92.0.179 port 59846:11:  [preauth]
May  7 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: Disconnected from 218.92.0.179 port 59846 [preauth]
May  7 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18318]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Failed password for invalid user trade from 193.176.251.229 port 45397 ssh2
May  7 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Received disconnect from 193.176.251.229 port 45397:11: Bye Bye [preauth]
May  7 18:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Disconnected from 193.176.251.229 port 45397 [preauth]
May  7 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17243]: pam_unix(cron:session): session closed for user root
May  7 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user p13x
May  7 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: Successful su for rubyman by root
May  7 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: + ??? root:rubyman
May  7 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348256 of user rubyman.
May  7 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18794]: pam_unix(su:session): session closed for user rubyman
May  7 18:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348256.
May  7 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15944]: pam_unix(cron:session): session closed for user root
May  7 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session closed for user samftp
May  7 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: Invalid user gpu from 64.23.161.151
May  7 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: input_userauth_request: invalid user gpu [preauth]
May  7 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: Failed password for invalid user gpu from 64.23.161.151 port 45614 ssh2
May  7 18:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19007]: Connection closed by 64.23.161.151 port 45614 [preauth]
May  7 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session closed for user root
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19135]: pam_unix(cron:session): session closed for user p13x
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19194]: Successful su for rubyman by root
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19194]: + ??? root:rubyman
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348261 of user rubyman.
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19194]: pam_unix(su:session): session closed for user rubyman
May  7 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348261.
May  7 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16350]: pam_unix(cron:session): session closed for user root
May  7 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19136]: pam_unix(cron:session): session closed for user samftp
May  7 18:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: Invalid user kaonima from 190.103.202.7
May  7 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: input_userauth_request: invalid user kaonima [preauth]
May  7 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 18:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: Failed password for invalid user kaonima from 190.103.202.7 port 50554 ssh2
May  7 18:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19417]: Connection closed by 190.103.202.7 port 50554 [preauth]
May  7 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session closed for user root
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19538]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19537]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19537]: pam_unix(cron:session): session closed for user p13x
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19605]: Successful su for rubyman by root
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19605]: + ??? root:rubyman
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348264 of user rubyman.
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19605]: pam_unix(su:session): session closed for user rubyman
May  7 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348264.
May  7 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16818]: pam_unix(cron:session): session closed for user root
May  7 18:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19538]: pam_unix(cron:session): session closed for user samftp
May  7 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session closed for user root
May  7 18:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: Failed password for root from 218.92.0.179 port 20922 ssh2
May  7 18:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20922 ssh2]
May  7 18:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: Received disconnect from 218.92.0.179 port 20922:11:  [preauth]
May  7 18:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: Disconnected from 218.92.0.179 port 20922 [preauth]
May  7 18:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19901]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19964]: pam_unix(cron:session): session closed for user p13x
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: Successful su for rubyman by root
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: + ??? root:rubyman
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348267 of user rubyman.
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20033]: pam_unix(su:session): session closed for user rubyman
May  7 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348267.
May  7 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17242]: pam_unix(cron:session): session closed for user root
May  7 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19965]: pam_unix(cron:session): session closed for user samftp
May  7 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19138]: pam_unix(cron:session): session closed for user root
May  7 18:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Invalid user mongod from 193.176.251.229
May  7 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: input_userauth_request: invalid user mongod [preauth]
May  7 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Failed password for invalid user mongod from 193.176.251.229 port 34802 ssh2
May  7 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Received disconnect from 193.176.251.229 port 34802:11: Bye Bye [preauth]
May  7 18:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Disconnected from 193.176.251.229 port 34802 [preauth]
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20372]: pam_unix(cron:session): session closed for user root
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20367]: pam_unix(cron:session): session closed for user p13x
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: Successful su for rubyman by root
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: + ??? root:rubyman
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348271 of user rubyman.
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20439]: pam_unix(su:session): session closed for user rubyman
May  7 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348271.
May  7 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20369]: pam_unix(cron:session): session closed for user root
May  7 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session closed for user root
May  7 18:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20368]: pam_unix(cron:session): session closed for user samftp
May  7 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19540]: pam_unix(cron:session): session closed for user root
May  7 18:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: Failed password for root from 218.92.0.205 port 19782 ssh2
May  7 18:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 19782 ssh2]
May  7 18:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: Failed password for root from 218.92.0.205 port 19782 ssh2
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 19782 ssh2 [preauth]
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: Disconnecting: Too many authentication failures [preauth]
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20761]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Invalid user debian from 80.94.95.125
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: input_userauth_request: invalid user debian [preauth]
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 18:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user debian from 80.94.95.125 port 63244 ssh2
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20810]: pam_unix(cron:session): session closed for user p13x
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20895]: Successful su for rubyman by root
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20895]: + ??? root:rubyman
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348278 of user rubyman.
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20895]: pam_unix(su:session): session closed for user rubyman
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348278.
May  7 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user debian from 80.94.95.125 port 63244 ssh2
May  7 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Failed password for root from 218.92.0.205 port 4832 ssh2
May  7 18:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session closed for user root
May  7 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user debian from 80.94.95.125 port 63244 ssh2
May  7 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20811]: pam_unix(cron:session): session closed for user samftp
May  7 18:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Failed password for root from 218.92.0.205 port 4832 ssh2
May  7 18:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user debian from 80.94.95.125 port 63244 ssh2
May  7 18:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user debian from 80.94.95.125 port 63244 ssh2
May  7 18:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Failed password for root from 218.92.0.205 port 4832 ssh2
May  7 18:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Received disconnect from 80.94.95.125 port 63244:11: Bye [preauth]
May  7 18:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Disconnected from 80.94.95.125 port 63244 [preauth]
May  7 18:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 18:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Failed password for root from 218.92.0.205 port 4832 ssh2
May  7 18:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 4832 ssh2]
May  7 18:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 4832 ssh2 [preauth]
May  7 18:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: Disconnecting: Too many authentication failures [preauth]
May  7 18:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20807]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 18:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Failed password for root from 218.92.0.205 port 42736 ssh2
May  7 18:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21117]: Connection reset by 218.92.0.205 port 42736 [preauth]
May  7 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19967]: pam_unix(cron:session): session closed for user root
May  7 18:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 18:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: Failed password for root from 80.94.95.125 port 32329 ssh2
May  7 18:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 32329 ssh2]
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session closed for user root
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user p13x
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21343]: Successful su for rubyman by root
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21343]: + ??? root:rubyman
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348285 of user rubyman.
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21343]: pam_unix(su:session): session closed for user rubyman
May  7 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348285.
May  7 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: Failed password for root from 80.94.95.125 port 32329 ssh2
May  7 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: Failed password for root from 80.94.95.125 port 32329 ssh2
May  7 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: Received disconnect from 80.94.95.125 port 32329:11: Bye [preauth]
May  7 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: Disconnected from 80.94.95.125 port 32329 [preauth]
May  7 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21241]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18720]: pam_unix(cron:session): session closed for user root
May  7 18:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user samftp
May  7 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20371]: pam_unix(cron:session): session closed for user root
May  7 18:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Invalid user hacluster from 194.0.234.19
May  7 18:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: input_userauth_request: invalid user hacluster [preauth]
May  7 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Failed password for invalid user hacluster from 194.0.234.19 port 40856 ssh2
May  7 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21640]: Connection closed by 194.0.234.19 port 40856 [preauth]
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21712]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21711]: pam_unix(cron:session): session closed for user p13x
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: Successful su for rubyman by root
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: + ??? root:rubyman
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348287 of user rubyman.
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21870]: pam_unix(su:session): session closed for user rubyman
May  7 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348287.
May  7 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19137]: pam_unix(cron:session): session closed for user root
May  7 18:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21712]: pam_unix(cron:session): session closed for user samftp
May  7 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20816]: pam_unix(cron:session): session closed for user root
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22449]: pam_unix(cron:session): session closed for user p13x
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: Successful su for rubyman by root
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: + ??? root:rubyman
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348290 of user rubyman.
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22517]: pam_unix(su:session): session closed for user rubyman
May  7 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348290.
May  7 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19539]: pam_unix(cron:session): session closed for user root
May  7 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22450]: pam_unix(cron:session): session closed for user samftp
May  7 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 18:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: Failed password for root from 193.176.251.229 port 52451 ssh2
May  7 18:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: Received disconnect from 193.176.251.229 port 52451:11: Bye Bye [preauth]
May  7 18:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22762]: Disconnected from 193.176.251.229 port 52451 [preauth]
May  7 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Invalid user hpl from 64.23.161.151
May  7 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: input_userauth_request: invalid user hpl [preauth]
May  7 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Failed password for invalid user hpl from 64.23.161.151 port 49348 ssh2
May  7 18:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22799]: Connection closed by 64.23.161.151 port 49348 [preauth]
May  7 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user root
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22901]: pam_unix(cron:session): session closed for user root
May  7 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22896]: pam_unix(cron:session): session closed for user p13x
May  7 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: Successful su for rubyman by root
May  7 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: + ??? root:rubyman
May  7 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348295 of user rubyman.
May  7 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23006]: pam_unix(su:session): session closed for user rubyman
May  7 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348295.
May  7 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22898]: pam_unix(cron:session): session closed for user root
May  7 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19966]: pam_unix(cron:session): session closed for user root
May  7 18:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22897]: pam_unix(cron:session): session closed for user samftp
May  7 18:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for root from 218.92.0.179 port 26771 ssh2
May  7 18:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21715]: pam_unix(cron:session): session closed for user root
May  7 18:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for root from 218.92.0.179 port 26771 ssh2
May  7 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Failed password for root from 218.92.0.179 port 26771 ssh2
May  7 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Received disconnect from 218.92.0.179 port 26771:11:  [preauth]
May  7 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: Disconnected from 218.92.0.179 port 26771 [preauth]
May  7 18:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23279]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session closed for user p13x
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23538]: Successful su for rubyman by root
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23538]: + ??? root:rubyman
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348301 of user rubyman.
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23538]: pam_unix(su:session): session closed for user rubyman
May  7 18:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348301.
May  7 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20370]: pam_unix(cron:session): session closed for user root
May  7 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session closed for user samftp
May  7 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22453]: pam_unix(cron:session): session closed for user root
May  7 18:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for root from 218.92.0.179 port 38306 ssh2
May  7 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 38306 ssh2]
May  7 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Received disconnect from 218.92.0.179 port 38306:11:  [preauth]
May  7 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Disconnected from 218.92.0.179 port 38306 [preauth]
May  7 18:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session closed for user p13x
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: Successful su for rubyman by root
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: + ??? root:rubyman
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348305 of user rubyman.
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24063]: pam_unix(su:session): session closed for user rubyman
May  7 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348305.
May  7 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20812]: pam_unix(cron:session): session closed for user root
May  7 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24000]: pam_unix(cron:session): session closed for user samftp
May  7 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22900]: pam_unix(cron:session): session closed for user root
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24428]: pam_unix(cron:session): session closed for user p13x
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: Successful su for rubyman by root
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: + ??? root:rubyman
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348310 of user rubyman.
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24493]: pam_unix(su:session): session closed for user rubyman
May  7 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348310.
May  7 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user root
May  7 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24429]: pam_unix(cron:session): session closed for user samftp
May  7 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user root
May  7 18:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: Invalid user import from 164.68.105.9
May  7 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: input_userauth_request: invalid user import [preauth]
May  7 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 18:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: Failed password for invalid user import from 164.68.105.9 port 41380 ssh2
May  7 18:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24791]: Connection closed by 164.68.105.9 port 41380 [preauth]
May  7 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24852]: pam_unix(cron:session): session closed for user p13x
May  7 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: Successful su for rubyman by root
May  7 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: + ??? root:rubyman
May  7 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348315 of user rubyman.
May  7 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: pam_unix(su:session): session closed for user rubyman
May  7 18:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348315.
May  7 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21713]: pam_unix(cron:session): session closed for user root
May  7 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24853]: pam_unix(cron:session): session closed for user samftp
May  7 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: Failed password for root from 193.176.251.229 port 41873 ssh2
May  7 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: Received disconnect from 193.176.251.229 port 41873:11: Bye Bye [preauth]
May  7 18:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25100]: Disconnected from 193.176.251.229 port 41873 [preauth]
May  7 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session closed for user root
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25275]: pam_unix(cron:session): session closed for user root
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25268]: pam_unix(cron:session): session closed for user p13x
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: Successful su for rubyman by root
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: + ??? root:rubyman
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348320 of user rubyman.
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25338]: pam_unix(su:session): session closed for user rubyman
May  7 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348320.
May  7 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25270]: pam_unix(cron:session): session closed for user root
May  7 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22452]: pam_unix(cron:session): session closed for user root
May  7 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25269]: pam_unix(cron:session): session closed for user samftp
May  7 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24434]: pam_unix(cron:session): session closed for user root
May  7 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25761]: pam_unix(cron:session): session closed for user p13x
May  7 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: Successful su for rubyman by root
May  7 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: + ??? root:rubyman
May  7 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348323 of user rubyman.
May  7 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25852]: pam_unix(su:session): session closed for user rubyman
May  7 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348323.
May  7 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22899]: pam_unix(cron:session): session closed for user root
May  7 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25762]: pam_unix(cron:session): session closed for user samftp
May  7 18:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24855]: pam_unix(cron:session): session closed for user root
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session closed for user p13x
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: Successful su for rubyman by root
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: + ??? root:rubyman
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348328 of user rubyman.
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26264]: pam_unix(su:session): session closed for user rubyman
May  7 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348328.
May  7 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23474]: pam_unix(cron:session): session closed for user root
May  7 18:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session closed for user samftp
May  7 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25273]: pam_unix(cron:session): session closed for user root
May  7 18:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Invalid user jame from 64.23.161.151
May  7 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: input_userauth_request: invalid user jame [preauth]
May  7 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 18:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Failed password for invalid user jame from 64.23.161.151 port 39262 ssh2
May  7 18:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26660]: Connection closed by 64.23.161.151 port 39262 [preauth]
May  7 18:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26656]: Failed password for root from 80.94.95.115 port 36744 ssh2
May  7 18:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26656]: Connection closed by 80.94.95.115 port 36744 [preauth]
May  7 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26693]: pam_unix(cron:session): session closed for user p13x
May  7 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: Successful su for rubyman by root
May  7 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: + ??? root:rubyman
May  7 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348330 of user rubyman.
May  7 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26751]: pam_unix(su:session): session closed for user rubyman
May  7 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348330.
May  7 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user root
May  7 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26694]: pam_unix(cron:session): session closed for user samftp
May  7 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user root
May  7 18:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Invalid user info from 193.176.251.229
May  7 18:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: input_userauth_request: invalid user info [preauth]
May  7 18:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 18:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Failed password for invalid user info from 193.176.251.229 port 59512 ssh2
May  7 18:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Received disconnect from 193.176.251.229 port 59512:11: Bye Bye [preauth]
May  7 18:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27132]: Disconnected from 193.176.251.229 port 59512 [preauth]
May  7 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27170]: pam_unix(cron:session): session closed for user p13x
May  7 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: Successful su for rubyman by root
May  7 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: + ??? root:rubyman
May  7 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348334 of user rubyman.
May  7 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27238]: pam_unix(su:session): session closed for user rubyman
May  7 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348334.
May  7 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24430]: pam_unix(cron:session): session closed for user root
May  7 18:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27171]: pam_unix(cron:session): session closed for user samftp
May  7 18:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 18:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: Failed password for root from 80.94.95.125 port 62818 ssh2
May  7 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 62818 ssh2]
May  7 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: Received disconnect from 80.94.95.125 port 62818:11: Bye [preauth]
May  7 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: Disconnected from 80.94.95.125 port 62818 [preauth]
May  7 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 18:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27475]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session closed for user root
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27651]: pam_unix(cron:session): session closed for user root
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session closed for user p13x
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27714]: Successful su for rubyman by root
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27714]: + ??? root:rubyman
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348343 of user rubyman.
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27714]: pam_unix(su:session): session closed for user rubyman
May  7 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348343.
May  7 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session closed for user root
May  7 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24854]: pam_unix(cron:session): session closed for user root
May  7 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session closed for user samftp
May  7 18:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Failed password for root from 218.92.0.205 port 54170 ssh2
May  7 18:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 54170 ssh2]
May  7 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26696]: pam_unix(cron:session): session closed for user root
May  7 18:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Failed password for root from 218.92.0.205 port 54170 ssh2
May  7 18:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Failed password for root from 218.92.0.205 port 54170 ssh2
May  7 18:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 54170 ssh2 [preauth]
May  7 18:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Disconnecting: Too many authentication failures [preauth]
May  7 18:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 18:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28084]: pam_unix(cron:session): session closed for user p13x
May  7 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28152]: Successful su for rubyman by root
May  7 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28152]: + ??? root:rubyman
May  7 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348344 of user rubyman.
May  7 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28152]: pam_unix(su:session): session closed for user rubyman
May  7 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348344.
May  7 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25272]: pam_unix(cron:session): session closed for user root
May  7 18:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28085]: pam_unix(cron:session): session closed for user samftp
May  7 18:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27173]: pam_unix(cron:session): session closed for user root
May  7 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28504]: pam_unix(cron:session): session closed for user p13x
May  7 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: Successful su for rubyman by root
May  7 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: + ??? root:rubyman
May  7 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348348 of user rubyman.
May  7 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28563]: pam_unix(su:session): session closed for user rubyman
May  7 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348348.
May  7 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user root
May  7 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28505]: pam_unix(cron:session): session closed for user samftp
May  7 18:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27650]: pam_unix(cron:session): session closed for user root
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28902]: pam_unix(cron:session): session closed for user p13x
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28965]: Successful su for rubyman by root
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28965]: + ??? root:rubyman
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348352 of user rubyman.
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28965]: pam_unix(su:session): session closed for user rubyman
May  7 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348352.
May  7 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session closed for user root
May  7 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28904]: pam_unix(cron:session): session closed for user samftp
May  7 18:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Invalid user cri from 193.176.251.229
May  7 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: input_userauth_request: invalid user cri [preauth]
May  7 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229
May  7 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Failed password for invalid user cri from 193.176.251.229 port 48928 ssh2
May  7 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Received disconnect from 193.176.251.229 port 48928:11: Bye Bye [preauth]
May  7 18:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29289]: Disconnected from 193.176.251.229 port 48928 [preauth]
May  7 18:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28088]: pam_unix(cron:session): session closed for user root
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29403]: pam_unix(cron:session): session closed for user p13x
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: Successful su for rubyman by root
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: + ??? root:rubyman
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348357 of user rubyman.
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29467]: pam_unix(su:session): session closed for user rubyman
May  7 18:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348357.
May  7 18:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26695]: pam_unix(cron:session): session closed for user root
May  7 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29404]: pam_unix(cron:session): session closed for user samftp
May  7 18:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28507]: pam_unix(cron:session): session closed for user root
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29809]: pam_unix(cron:session): session closed for user root
May  7 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29804]: pam_unix(cron:session): session closed for user p13x
May  7 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29885]: Successful su for rubyman by root
May  7 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29885]: + ??? root:rubyman
May  7 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348360 of user rubyman.
May  7 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29885]: pam_unix(su:session): session closed for user rubyman
May  7 18:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348360.
May  7 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session closed for user root
May  7 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27172]: pam_unix(cron:session): session closed for user root
May  7 18:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session closed for user samftp
May  7 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28906]: pam_unix(cron:session): session closed for user root
May  7 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: Invalid user jawad from 64.23.161.151
May  7 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: input_userauth_request: invalid user jawad [preauth]
May  7 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: Failed password for invalid user jawad from 64.23.161.151 port 46376 ssh2
May  7 18:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30232]: Connection closed by 64.23.161.151 port 46376 [preauth]
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30243]: pam_unix(cron:session): session closed for user p13x
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30311]: Successful su for rubyman by root
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30311]: + ??? root:rubyman
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348368 of user rubyman.
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30311]: pam_unix(su:session): session closed for user rubyman
May  7 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348368.
May  7 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27648]: pam_unix(cron:session): session closed for user root
May  7 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30244]: pam_unix(cron:session): session closed for user samftp
May  7 18:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29406]: pam_unix(cron:session): session closed for user root
May  7 18:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Invalid user admin from 80.94.95.112
May  7 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: input_userauth_request: invalid user admin [preauth]
May  7 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user admin from 80.94.95.112 port 59867 ssh2
May  7 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user admin from 80.94.95.112 port 59867 ssh2
May  7 18:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user admin from 80.94.95.112 port 59867 ssh2
May  7 18:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user admin from 80.94.95.112 port 59867 ssh2
May  7 18:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30643]: pam_unix(cron:session): session closed for user p13x
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: Successful su for rubyman by root
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: + ??? root:rubyman
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348371 of user rubyman.
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: pam_unix(su:session): session closed for user rubyman
May  7 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348371.
May  7 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for invalid user admin from 80.94.95.112 port 59867 ssh2
May  7 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Received disconnect from 80.94.95.112 port 59867:11: Bye [preauth]
May  7 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Disconnected from 80.94.95.112 port 59867 [preauth]
May  7 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 18:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28087]: pam_unix(cron:session): session closed for user root
May  7 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30644]: pam_unix(cron:session): session closed for user samftp
May  7 18:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29808]: pam_unix(cron:session): session closed for user root
May  7 18:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 18:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Failed password for root from 193.176.251.229 port 38332 ssh2
May  7 18:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Received disconnect from 193.176.251.229 port 38332:11: Bye Bye [preauth]
May  7 18:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31123]: Disconnected from 193.176.251.229 port 38332 [preauth]
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31136]: pam_unix(cron:session): session closed for user p13x
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: Successful su for rubyman by root
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: + ??? root:rubyman
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348375 of user rubyman.
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31202]: pam_unix(su:session): session closed for user rubyman
May  7 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348375.
May  7 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28506]: pam_unix(cron:session): session closed for user root
May  7 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31137]: pam_unix(cron:session): session closed for user samftp
May  7 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session closed for user root
May  7 18:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Invalid user git from 194.0.234.19
May  7 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: input_userauth_request: invalid user git [preauth]
May  7 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Failed password for invalid user git from 194.0.234.19 port 47490 ssh2
May  7 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31491]: Connection closed by 194.0.234.19 port 47490 [preauth]
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31547]: pam_unix(cron:session): session closed for user p13x
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: Successful su for rubyman by root
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: + ??? root:rubyman
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348378 of user rubyman.
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31694]: pam_unix(su:session): session closed for user rubyman
May  7 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348378.
May  7 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31544]: pam_unix(cron:session): session closed for user root
May  7 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28905]: pam_unix(cron:session): session closed for user root
May  7 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31548]: pam_unix(cron:session): session closed for user samftp
May  7 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30646]: pam_unix(cron:session): session closed for user root
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32372]: pam_unix(cron:session): session closed for user root
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32360]: pam_unix(cron:session): session closed for user p13x
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32445]: Successful su for rubyman by root
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32445]: + ??? root:rubyman
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348383 of user rubyman.
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32445]: pam_unix(su:session): session closed for user rubyman
May  7 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348383.
May  7 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32362]: pam_unix(cron:session): session closed for user root
May  7 18:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29405]: pam_unix(cron:session): session closed for user root
May  7 18:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32361]: pam_unix(cron:session): session closed for user samftp
May  7 18:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session closed for user root
May  7 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[524]: Did not receive identification string from 112.46.145.170
May  7 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[529]: pam_unix(cron:session): session closed for user p13x
May  7 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: Successful su for rubyman by root
May  7 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: + ??? root:rubyman
May  7 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348390 of user rubyman.
May  7 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[603]: pam_unix(su:session): session closed for user rubyman
May  7 18:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348390.
May  7 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29807]: pam_unix(cron:session): session closed for user root
May  7 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[530]: pam_unix(cron:session): session closed for user samftp
May  7 18:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 18:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Failed password for root from 46.244.96.25 port 56562 ssh2
May  7 18:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Connection closed by 46.244.96.25 port 56562 [preauth]
May  7 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31550]: pam_unix(cron:session): session closed for user root
May  7 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[996]: pam_unix(cron:session): session closed for user p13x
May  7 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: Successful su for rubyman by root
May  7 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: + ??? root:rubyman
May  7 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348393 of user rubyman.
May  7 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1076]: pam_unix(su:session): session closed for user rubyman
May  7 18:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348393.
May  7 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session closed for user root
May  7 18:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[997]: pam_unix(cron:session): session closed for user samftp
May  7 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Invalid user admin from 80.94.95.241
May  7 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: input_userauth_request: invalid user admin [preauth]
May  7 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user admin from 80.94.95.241 port 62632 ssh2
May  7 18:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user admin from 80.94.95.241 port 62632 ssh2
May  7 18:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user admin from 80.94.95.241 port 62632 ssh2
May  7 18:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user admin from 80.94.95.241 port 62632 ssh2
May  7 18:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Failed password for invalid user admin from 80.94.95.241 port 62632 ssh2
May  7 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Received disconnect from 80.94.95.241 port 62632:11: Bye [preauth]
May  7 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: Disconnected from 80.94.95.241 port 62632 [preauth]
May  7 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 18:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1284]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.176.251.229  user=root
May  7 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: Failed password for root from 193.176.251.229 port 55967 ssh2
May  7 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: Received disconnect from 193.176.251.229 port 55967:11: Bye Bye [preauth]
May  7 18:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: Disconnected from 193.176.251.229 port 55967 [preauth]
May  7 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Invalid user testuser from 188.166.223.5
May  7 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: input_userauth_request: invalid user testuser [preauth]
May  7 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Failed password for invalid user testuser from 188.166.223.5 port 51226 ssh2
May  7 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Received disconnect from 188.166.223.5 port 51226:11: Bye Bye [preauth]
May  7 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Disconnected from 188.166.223.5 port 51226 [preauth]
May  7 18:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32371]: pam_unix(cron:session): session closed for user root
May  7 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session closed for user p13x
May  7 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: Successful su for rubyman by root
May  7 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: + ??? root:rubyman
May  7 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348400 of user rubyman.
May  7 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: pam_unix(su:session): session closed for user rubyman
May  7 18:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348400.
May  7 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30645]: pam_unix(cron:session): session closed for user root
May  7 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user samftp
May  7 18:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session closed for user root
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session closed for user p13x
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2092]: Successful su for rubyman by root
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2092]: + ??? root:rubyman
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348402 of user rubyman.
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2092]: pam_unix(su:session): session closed for user rubyman
May  7 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348402.
May  7 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31138]: pam_unix(cron:session): session closed for user root
May  7 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session closed for user samftp
May  7 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: Invalid user nirjhar1 from 64.23.161.151
May  7 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: input_userauth_request: invalid user nirjhar1 [preauth]
May  7 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: Failed password for invalid user nirjhar1 from 64.23.161.151 port 44168 ssh2
May  7 18:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2279]: Connection closed by 64.23.161.151 port 44168 [preauth]
May  7 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[999]: pam_unix(cron:session): session closed for user root
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session closed for user root
May  7 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session closed for user p13x
May  7 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2523]: Successful su for rubyman by root
May  7 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2523]: + ??? root:rubyman
May  7 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348407 of user rubyman.
May  7 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2523]: pam_unix(su:session): session closed for user rubyman
May  7 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348407.
May  7 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session closed for user root
May  7 18:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31549]: pam_unix(cron:session): session closed for user root
May  7 18:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session closed for user samftp
May  7 18:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
May  7 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2918]: pam_unix(cron:session): session closed for user p13x
May  7 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: Successful su for rubyman by root
May  7 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: + ??? root:rubyman
May  7 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348413 of user rubyman.
May  7 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2991]: pam_unix(su:session): session closed for user rubyman
May  7 18:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348413.
May  7 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32369]: pam_unix(cron:session): session closed for user root
May  7 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user samftp
May  7 18:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user root
May  7 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3334]: pam_unix(cron:session): session closed for user p13x
May  7 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: Successful su for rubyman by root
May  7 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: + ??? root:rubyman
May  7 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348416 of user rubyman.
May  7 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3409]: pam_unix(su:session): session closed for user rubyman
May  7 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348416.
May  7 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session closed for user root
May  7 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3335]: pam_unix(cron:session): session closed for user samftp
May  7 18:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session closed for user root
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session closed for user p13x
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3840]: Successful su for rubyman by root
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3840]: + ??? root:rubyman
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3840]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348422 of user rubyman.
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3840]: pam_unix(su:session): session closed for user rubyman
May  7 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348422.
May  7 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[998]: pam_unix(cron:session): session closed for user root
May  7 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session closed for user samftp
May  7 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session closed for user root
May  7 18:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: Failed password for root from 218.92.0.179 port 11096 ssh2
May  7 18:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 11096 ssh2]
May  7 18:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: Received disconnect from 218.92.0.179 port 11096:11:  [preauth]
May  7 18:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: Disconnected from 218.92.0.179 port 11096 [preauth]
May  7 18:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4190]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4209]: pam_unix(cron:session): session closed for user p13x
May  7 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4419]: Successful su for rubyman by root
May  7 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4419]: + ??? root:rubyman
May  7 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348423 of user rubyman.
May  7 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4419]: pam_unix(su:session): session closed for user rubyman
May  7 18:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348423.
May  7 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user root
May  7 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4210]: pam_unix(cron:session): session closed for user samftp
May  7 18:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 18:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for root from 80.94.95.115 port 60242 ssh2
May  7 18:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Connection closed by 80.94.95.115 port 60242 [preauth]
May  7 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session closed for user root
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4783]: pam_unix(cron:session): session closed for user root
May  7 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4778]: pam_unix(cron:session): session closed for user p13x
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: Successful su for rubyman by root
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: + ??? root:rubyman
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348432 of user rubyman.
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4867]: pam_unix(su:session): session closed for user rubyman
May  7 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348432.
May  7 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Failed password for root from 80.94.95.125 port 51140 ssh2
May  7 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4780]: pam_unix(cron:session): session closed for user root
May  7 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user root
May  7 18:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Failed password for root from 80.94.95.125 port 51140 ssh2
May  7 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4779]: pam_unix(cron:session): session closed for user samftp
May  7 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Failed password for root from 80.94.95.125 port 51140 ssh2
May  7 18:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 51140 ssh2]
May  7 18:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Received disconnect from 80.94.95.125 port 51140:11: Bye [preauth]
May  7 18:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: Disconnected from 80.94.95.125 port 51140 [preauth]
May  7 18:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 18:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4773]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session closed for user root
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5424]: pam_unix(cron:session): session closed for user p13x
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: Successful su for rubyman by root
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: + ??? root:rubyman
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348435 of user rubyman.
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5510]: pam_unix(su:session): session closed for user rubyman
May  7 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348435.
May  7 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user root
May  7 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session closed for user samftp
May  7 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4212]: pam_unix(cron:session): session closed for user root
May  7 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Failed password for root from 188.166.223.5 port 33114 ssh2
May  7 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Received disconnect from 188.166.223.5 port 33114:11: Bye Bye [preauth]
May  7 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: Disconnected from 188.166.223.5 port 33114 [preauth]
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session closed for user p13x
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: Successful su for rubyman by root
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: + ??? root:rubyman
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348437 of user rubyman.
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: pam_unix(su:session): session closed for user rubyman
May  7 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348437.
May  7 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user root
May  7 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session closed for user samftp
May  7 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Invalid user nishat from 64.23.161.151
May  7 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: input_userauth_request: invalid user nishat [preauth]
May  7 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Failed password for invalid user nishat from 64.23.161.151 port 55406 ssh2
May  7 18:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6293]: Connection closed by 64.23.161.151 port 55406 [preauth]
May  7 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4782]: pam_unix(cron:session): session closed for user root
May  7 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6403]: pam_unix(cron:session): session closed for user p13x
May  7 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: Successful su for rubyman by root
May  7 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: + ??? root:rubyman
May  7 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348443 of user rubyman.
May  7 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6468]: pam_unix(su:session): session closed for user rubyman
May  7 18:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348443.
May  7 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session closed for user root
May  7 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6404]: pam_unix(cron:session): session closed for user samftp
May  7 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session closed for user root
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6806]: pam_unix(cron:session): session closed for user p13x
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: Successful su for rubyman by root
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: + ??? root:rubyman
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348447 of user rubyman.
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6868]: pam_unix(su:session): session closed for user rubyman
May  7 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348447.
May  7 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session closed for user root
May  7 18:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6807]: pam_unix(cron:session): session closed for user samftp
May  7 18:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5988]: pam_unix(cron:session): session closed for user root
May  7 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: Invalid user v from 195.178.110.50
May  7 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: input_userauth_request: invalid user v [preauth]
May  7 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: Failed password for invalid user v from 195.178.110.50 port 22078 ssh2
May  7 18:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: Connection closed by 195.178.110.50 port 22078 [preauth]
May  7 18:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Invalid user 9 from 195.178.110.50
May  7 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: input_userauth_request: invalid user 9 [preauth]
May  7 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7329]: pam_unix(cron:session): session closed for user root
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7324]: pam_unix(cron:session): session closed for user p13x
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7389]: Successful su for rubyman by root
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7389]: + ??? root:rubyman
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7389]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348453 of user rubyman.
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7389]: pam_unix(su:session): session closed for user rubyman
May  7 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348453.
May  7 18:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Failed password for invalid user 9 from 195.178.110.50 port 17948 ssh2
May  7 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7326]: pam_unix(cron:session): session closed for user root
May  7 18:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4211]: pam_unix(cron:session): session closed for user root
May  7 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Connection closed by 195.178.110.50 port 17948 [preauth]
May  7 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7325]: pam_unix(cron:session): session closed for user samftp
May  7 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Invalid user Z from 195.178.110.50
May  7 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: input_userauth_request: invalid user Z [preauth]
May  7 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Failed password for invalid user Z from 195.178.110.50 port 64304 ssh2
May  7 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7703]: Connection closed by 195.178.110.50 port 64304 [preauth]
May  7 18:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user root
May  7 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: Invalid user { from 195.178.110.50
May  7 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: input_userauth_request: invalid user { [preauth]
May  7 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: Failed password for invalid user { from 195.178.110.50 port 11154 ssh2
May  7 18:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7763]: Connection closed by 195.178.110.50 port 11154 [preauth]
May  7 18:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Invalid user > from 195.178.110.50
May  7 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: input_userauth_request: invalid user > [preauth]
May  7 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 18:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Failed password for invalid user > from 195.178.110.50 port 33012 ssh2
May  7 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Invalid user zhuyanqiao from 164.68.105.9
May  7 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: input_userauth_request: invalid user zhuyanqiao [preauth]
May  7 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7829]: Connection closed by 195.178.110.50 port 33012 [preauth]
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Failed password for invalid user zhuyanqiao from 164.68.105.9 port 40030 ssh2
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7868]: Connection closed by 164.68.105.9 port 40030 [preauth]
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7881]: pam_unix(cron:session): session closed for user p13x
May  7 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7952]: Successful su for rubyman by root
May  7 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7952]: + ??? root:rubyman
May  7 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348455 of user rubyman.
May  7 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7952]: pam_unix(su:session): session closed for user rubyman
May  7 18:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348455.
May  7 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4781]: pam_unix(cron:session): session closed for user root
May  7 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7882]: pam_unix(cron:session): session closed for user samftp
May  7 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6809]: pam_unix(cron:session): session closed for user root
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user p13x
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: Successful su for rubyman by root
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: + ??? root:rubyman
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348459 of user rubyman.
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8373]: pam_unix(su:session): session closed for user rubyman
May  7 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348459.
May  7 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session closed for user root
May  7 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user samftp
May  7 18:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Invalid user psadmin from 188.166.223.5
May  7 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: input_userauth_request: invalid user psadmin [preauth]
May  7 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 18:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Failed password for invalid user psadmin from 188.166.223.5 port 59650 ssh2
May  7 18:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Received disconnect from 188.166.223.5 port 59650:11: Bye Bye [preauth]
May  7 18:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Disconnected from 188.166.223.5 port 59650 [preauth]
May  7 18:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7328]: pam_unix(cron:session): session closed for user root
May  7 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8747]: pam_unix(cron:session): session closed for user p13x
May  7 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: Successful su for rubyman by root
May  7 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: + ??? root:rubyman
May  7 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348466 of user rubyman.
May  7 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8809]: pam_unix(su:session): session closed for user rubyman
May  7 18:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348466.
May  7 18:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user root
May  7 18:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8748]: pam_unix(cron:session): session closed for user samftp
May  7 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7884]: pam_unix(cron:session): session closed for user root
May  7 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9241]: pam_unix(cron:session): session closed for user p13x
May  7 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: Successful su for rubyman by root
May  7 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: + ??? root:rubyman
May  7 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348467 of user rubyman.
May  7 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9334]: pam_unix(su:session): session closed for user rubyman
May  7 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348467.
May  7 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user root
May  7 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9242]: pam_unix(cron:session): session closed for user samftp
May  7 18:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Invalid user ubnt from 80.94.95.116
May  7 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: input_userauth_request: invalid user ubnt [preauth]
May  7 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Failed password for invalid user ubnt from 80.94.95.116 port 44212 ssh2
May  7 18:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9562]: Connection closed by 80.94.95.116 port 44212 [preauth]
May  7 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session closed for user root
May  7 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Failed password for root from 218.92.0.179 port 49956 ssh2
May  7 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49956 ssh2]
May  7 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Received disconnect from 218.92.0.179 port 49956:11:  [preauth]
May  7 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: Disconnected from 218.92.0.179 port 49956 [preauth]
May  7 18:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9621]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 18:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 18:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Invalid user kucjac from 193.70.84.184
May  7 18:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: input_userauth_request: invalid user kucjac [preauth]
May  7 18:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): check pass; user unknown
May  7 18:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  7 18:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Failed password for invalid user kucjac from 193.70.84.184 port 42028 ssh2
May  7 18:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9654]: Connection closed by 193.70.84.184 port 42028 [preauth]
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9677]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9683]: pam_unix(cron:session): session closed for user root
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9679]: pam_unix(cron:session): session closed for user root
May  7 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9677]: pam_unix(cron:session): session closed for user p13x
May  7 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9778]: Successful su for rubyman by root
May  7 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9778]: + ??? root:rubyman
May  7 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348474 of user rubyman.
May  7 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9778]: pam_unix(su:session): session closed for user rubyman
May  7 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348474.
May  7 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9680]: pam_unix(cron:session): session closed for user root
May  7 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
May  7 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9678]: pam_unix(cron:session): session closed for user samftp
May  7 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  7 19:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: Failed password for root from 218.92.0.208 port 11626 ssh2
May  7 19:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: message repeated 2 times: [ Failed password for root from 218.92.0.208 port 11626 ssh2]
May  7 19:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8750]: pam_unix(cron:session): session closed for user root
May  7 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Invalid user ridwan from 64.23.161.151
May  7 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: input_userauth_request: invalid user ridwan [preauth]
May  7 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Failed password for invalid user ridwan from 64.23.161.151 port 37646 ssh2
May  7 19:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10116]: Connection closed by 64.23.161.151 port 37646 [preauth]
May  7 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10180]: pam_unix(cron:session): session closed for user p13x
May  7 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10339]: Successful su for rubyman by root
May  7 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10339]: + ??? root:rubyman
May  7 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348478 of user rubyman.
May  7 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10339]: pam_unix(su:session): session closed for user rubyman
May  7 19:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348478.
May  7 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7327]: pam_unix(cron:session): session closed for user root
May  7 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10181]: pam_unix(cron:session): session closed for user samftp
May  7 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9244]: pam_unix(cron:session): session closed for user root
May  7 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10763]: pam_unix(cron:session): session closed for user p13x
May  7 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: Successful su for rubyman by root
May  7 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: + ??? root:rubyman
May  7 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348484 of user rubyman.
May  7 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10823]: pam_unix(su:session): session closed for user rubyman
May  7 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348484.
May  7 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7883]: pam_unix(cron:session): session closed for user root
May  7 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10764]: pam_unix(cron:session): session closed for user samftp
May  7 19:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9682]: pam_unix(cron:session): session closed for user root
May  7 19:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 19:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Failed password for root from 188.166.223.5 port 43624 ssh2
May  7 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Received disconnect from 188.166.223.5 port 43624:11: Bye Bye [preauth]
May  7 19:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11130]: Disconnected from 188.166.223.5 port 43624 [preauth]
May  7 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Failed password for root from 46.244.96.25 port 43254 ssh2
May  7 19:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Connection closed by 46.244.96.25 port 43254 [preauth]
May  7 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11154]: pam_unix(cron:session): session closed for user p13x
May  7 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11216]: Successful su for rubyman by root
May  7 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11216]: + ??? root:rubyman
May  7 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348487 of user rubyman.
May  7 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11216]: pam_unix(su:session): session closed for user rubyman
May  7 19:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348487.
May  7 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session closed for user root
May  7 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11156]: pam_unix(cron:session): session closed for user samftp
May  7 19:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10183]: pam_unix(cron:session): session closed for user root
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session closed for user p13x
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: Successful su for rubyman by root
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: + ??? root:rubyman
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348491 of user rubyman.
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11611]: pam_unix(su:session): session closed for user rubyman
May  7 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348491.
May  7 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8749]: pam_unix(cron:session): session closed for user root
May  7 19:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session closed for user samftp
May  7 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10766]: pam_unix(cron:session): session closed for user root
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11943]: pam_unix(cron:session): session closed for user root
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11938]: pam_unix(cron:session): session closed for user p13x
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12011]: Successful su for rubyman by root
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12011]: + ??? root:rubyman
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348496 of user rubyman.
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12011]: pam_unix(su:session): session closed for user rubyman
May  7 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348496.
May  7 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9243]: pam_unix(cron:session): session closed for user root
May  7 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11940]: pam_unix(cron:session): session closed for user root
May  7 19:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11939]: pam_unix(cron:session): session closed for user samftp
May  7 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11160]: pam_unix(cron:session): session closed for user root
May  7 19:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Invalid user admin from 80.94.95.116
May  7 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: input_userauth_request: invalid user admin [preauth]
May  7 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Failed password for invalid user admin from 80.94.95.116 port 48578 ssh2
May  7 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: Connection closed by 80.94.95.116 port 48578 [preauth]
May  7 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: Invalid user jianglei from 50.235.31.47
May  7 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: input_userauth_request: invalid user jianglei [preauth]
May  7 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 19:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: Failed password for invalid user jianglei from 50.235.31.47 port 41768 ssh2
May  7 19:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12328]: Connection closed by 50.235.31.47 port 41768 [preauth]
May  7 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12379]: pam_unix(cron:session): session closed for user p13x
May  7 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12445]: Successful su for rubyman by root
May  7 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12445]: + ??? root:rubyman
May  7 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348501 of user rubyman.
May  7 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12445]: pam_unix(su:session): session closed for user rubyman
May  7 19:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348501.
May  7 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9681]: pam_unix(cron:session): session closed for user root
May  7 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12380]: pam_unix(cron:session): session closed for user samftp
May  7 19:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11550]: pam_unix(cron:session): session closed for user root
May  7 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12767]: pam_unix(cron:session): session closed for user p13x
May  7 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: Successful su for rubyman by root
May  7 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: + ??? root:rubyman
May  7 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348505 of user rubyman.
May  7 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12828]: pam_unix(su:session): session closed for user rubyman
May  7 19:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348505.
May  7 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10182]: pam_unix(cron:session): session closed for user root
May  7 19:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12768]: pam_unix(cron:session): session closed for user samftp
May  7 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session closed for user root
May  7 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13157]: pam_unix(cron:session): session closed for user p13x
May  7 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13218]: Successful su for rubyman by root
May  7 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13218]: + ??? root:rubyman
May  7 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348508 of user rubyman.
May  7 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13218]: pam_unix(su:session): session closed for user rubyman
May  7 19:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348508.
May  7 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10765]: pam_unix(cron:session): session closed for user root
May  7 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13158]: pam_unix(cron:session): session closed for user samftp
May  7 19:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Invalid user miran from 188.166.223.5
May  7 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: input_userauth_request: invalid user miran [preauth]
May  7 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Failed password for invalid user miran from 188.166.223.5 port 40640 ssh2
May  7 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Received disconnect from 188.166.223.5 port 40640:11: Bye Bye [preauth]
May  7 19:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13436]: Disconnected from 188.166.223.5 port 40640 [preauth]
May  7 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12382]: pam_unix(cron:session): session closed for user root
May  7 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Invalid user rumman from 64.23.161.151
May  7 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: input_userauth_request: invalid user rumman [preauth]
May  7 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Failed password for invalid user rumman from 64.23.161.151 port 54300 ssh2
May  7 19:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13635]: Connection closed by 64.23.161.151 port 54300 [preauth]
May  7 19:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 19:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Failed password for root from 193.70.84.184 port 34256 ssh2
May  7 19:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13647]: Connection closed by 193.70.84.184 port 34256 [preauth]
May  7 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13660]: pam_unix(cron:session): session closed for user p13x
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13796]: Successful su for rubyman by root
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13796]: + ??? root:rubyman
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348512 of user rubyman.
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13796]: pam_unix(su:session): session closed for user rubyman
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348512.
May  7 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13658]: pam_unix(cron:session): session closed for user root
May  7 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11157]: pam_unix(cron:session): session closed for user root
May  7 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13662]: pam_unix(cron:session): session closed for user samftp
May  7 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12770]: pam_unix(cron:session): session closed for user root
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14166]: pam_unix(cron:session): session closed for user root
May  7 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14161]: pam_unix(cron:session): session closed for user p13x
May  7 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: Successful su for rubyman by root
May  7 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: + ??? root:rubyman
May  7 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348521 of user rubyman.
May  7 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: pam_unix(su:session): session closed for user rubyman
May  7 19:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348521.
May  7 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14163]: pam_unix(cron:session): session closed for user root
May  7 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session closed for user root
May  7 19:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14162]: pam_unix(cron:session): session closed for user samftp
May  7 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Invalid user admin from 80.94.95.112
May  7 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: input_userauth_request: invalid user admin [preauth]
May  7 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Failed password for invalid user admin from 80.94.95.112 port 45049 ssh2
May  7 19:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Failed password for invalid user admin from 80.94.95.112 port 45049 ssh2
May  7 19:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Failed password for invalid user admin from 80.94.95.112 port 45049 ssh2
May  7 19:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Failed password for invalid user admin from 80.94.95.112 port 45049 ssh2
May  7 19:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Failed password for invalid user admin from 80.94.95.112 port 45049 ssh2
May  7 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Received disconnect from 80.94.95.112 port 45049:11: Bye [preauth]
May  7 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: Disconnected from 80.94.95.112 port 45049 [preauth]
May  7 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 19:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14439]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13160]: pam_unix(cron:session): session closed for user root
May  7 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user p13x
May  7 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14670]: Successful su for rubyman by root
May  7 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14670]: + ??? root:rubyman
May  7 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348523 of user rubyman.
May  7 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14670]: pam_unix(su:session): session closed for user rubyman
May  7 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348523.
May  7 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11941]: pam_unix(cron:session): session closed for user root
May  7 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user samftp
May  7 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13664]: pam_unix(cron:session): session closed for user root
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15010]: pam_unix(cron:session): session closed for user p13x
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15069]: Successful su for rubyman by root
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15069]: + ??? root:rubyman
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348528 of user rubyman.
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15069]: pam_unix(su:session): session closed for user rubyman
May  7 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348528.
May  7 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.123.98  user=root
May  7 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12381]: pam_unix(cron:session): session closed for user root
May  7 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: Failed password for root from 146.190.123.98 port 57472 ssh2
May  7 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: Connection closed by 146.190.123.98 port 57472 [preauth]
May  7 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.123.98  user=root
May  7 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session closed for user samftp
May  7 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Failed password for root from 146.190.123.98 port 57480 ssh2
May  7 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15244]: Connection closed by 146.190.123.98 port 57480 [preauth]
May  7 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.123.98  user=root
May  7 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: Failed password for root from 146.190.123.98 port 57492 ssh2
May  7 19:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15254]: Connection closed by 146.190.123.98 port 57492 [preauth]
May  7 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14165]: pam_unix(cron:session): session closed for user root
May  7 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15405]: pam_unix(cron:session): session closed for user p13x
May  7 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: Successful su for rubyman by root
May  7 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: + ??? root:rubyman
May  7 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348531 of user rubyman.
May  7 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15472]: pam_unix(su:session): session closed for user rubyman
May  7 19:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348531.
May  7 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12769]: pam_unix(cron:session): session closed for user root
May  7 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15406]: pam_unix(cron:session): session closed for user samftp
May  7 19:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session closed for user root
May  7 19:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Invalid user mohammad from 188.166.223.5
May  7 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: input_userauth_request: invalid user mohammad [preauth]
May  7 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 19:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Failed password for invalid user mohammad from 188.166.223.5 port 60478 ssh2
May  7 19:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Received disconnect from 188.166.223.5 port 60478:11: Bye Bye [preauth]
May  7 19:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15752]: Disconnected from 188.166.223.5 port 60478 [preauth]
May  7 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15804]: pam_unix(cron:session): session closed for user p13x
May  7 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: Successful su for rubyman by root
May  7 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: + ??? root:rubyman
May  7 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348535 of user rubyman.
May  7 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15865]: pam_unix(su:session): session closed for user rubyman
May  7 19:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348535.
May  7 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13159]: pam_unix(cron:session): session closed for user root
May  7 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15805]: pam_unix(cron:session): session closed for user samftp
May  7 19:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15014]: pam_unix(cron:session): session closed for user root
May  7 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 19:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for root from 218.92.0.206 port 2166 ssh2
May  7 19:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 2166 ssh2]
May  7 19:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for root from 218.92.0.206 port 2166 ssh2
May  7 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Invalid user admin from 80.94.95.241
May  7 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: input_userauth_request: invalid user admin [preauth]
May  7 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Failed password for invalid user admin from 80.94.95.241 port 43841 ssh2
May  7 19:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Failed password for root from 218.92.0.206 port 2166 ssh2
May  7 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 2166 ssh2 [preauth]
May  7 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: Disconnecting: Too many authentication failures [preauth]
May  7 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16111]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Failed password for invalid user admin from 80.94.95.241 port 43841 ssh2
May  7 19:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 19:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Failed password for invalid user admin from 80.94.95.241 port 43841 ssh2
May  7 19:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Failed password for root from 218.92.0.206 port 55352 ssh2
May  7 19:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Failed password for invalid user admin from 80.94.95.241 port 43841 ssh2
May  7 19:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Failed password for invalid user admin from 80.94.95.241 port 43841 ssh2
May  7 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Received disconnect from 80.94.95.241 port 43841:11: Bye [preauth]
May  7 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: Disconnected from 80.94.95.241 port 43841 [preauth]
May  7 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16162]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Failed password for root from 218.92.0.206 port 55352 ssh2
May  7 19:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Failed password for root from 218.92.0.206 port 55352 ssh2
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16198]: pam_unix(cron:session): session closed for user root
May  7 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16193]: pam_unix(cron:session): session closed for user p13x
May  7 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16259]: Successful su for rubyman by root
May  7 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16259]: + ??? root:rubyman
May  7 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348539 of user rubyman.
May  7 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16259]: pam_unix(su:session): session closed for user rubyman
May  7 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348539.
May  7 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Failed password for root from 218.92.0.206 port 55352 ssh2
May  7 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16195]: pam_unix(cron:session): session closed for user root
May  7 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13663]: pam_unix(cron:session): session closed for user root
May  7 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16194]: pam_unix(cron:session): session closed for user samftp
May  7 19:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Failed password for root from 218.92.0.206 port 55352 ssh2
May  7 19:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Failed password for root from 218.92.0.206 port 55352 ssh2
May  7 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 55352 ssh2 [preauth]
May  7 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: Disconnecting: Too many authentication failures [preauth]
May  7 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16173]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 19:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Failed password for root from 80.94.95.115 port 40750 ssh2
May  7 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16473]: Connection closed by 80.94.95.115 port 40750 [preauth]
May  7 19:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 19:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Failed password for root from 218.92.0.206 port 2546 ssh2
May  7 19:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Received disconnect from 218.92.0.206 port 2546:11:  [preauth]
May  7 19:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Disconnected from 218.92.0.206 port 2546 [preauth]
May  7 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15408]: pam_unix(cron:session): session closed for user root
May  7 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16673]: pam_unix(cron:session): session closed for user p13x
May  7 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16744]: Successful su for rubyman by root
May  7 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16744]: + ??? root:rubyman
May  7 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348547 of user rubyman.
May  7 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16744]: pam_unix(su:session): session closed for user rubyman
May  7 19:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348547.
May  7 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14164]: pam_unix(cron:session): session closed for user root
May  7 19:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16674]: pam_unix(cron:session): session closed for user samftp
May  7 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15807]: pam_unix(cron:session): session closed for user root
May  7 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Invalid user sadika from 64.23.161.151
May  7 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: input_userauth_request: invalid user sadika [preauth]
May  7 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Failed password for invalid user sadika from 64.23.161.151 port 41610 ssh2
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17106]: Connection closed by 64.23.161.151 port 41610 [preauth]
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17108]: pam_unix(cron:session): session closed for user root
May  7 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17110]: pam_unix(cron:session): session closed for user p13x
May  7 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: Successful su for rubyman by root
May  7 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: + ??? root:rubyman
May  7 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348551 of user rubyman.
May  7 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17180]: pam_unix(su:session): session closed for user rubyman
May  7 19:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348551.
May  7 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session closed for user root
May  7 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17111]: pam_unix(cron:session): session closed for user samftp
May  7 19:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16197]: pam_unix(cron:session): session closed for user root
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17531]: pam_unix(cron:session): session closed for user p13x
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17592]: Successful su for rubyman by root
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17592]: + ??? root:rubyman
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348554 of user rubyman.
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17592]: pam_unix(su:session): session closed for user rubyman
May  7 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348554.
May  7 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user root
May  7 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17532]: pam_unix(cron:session): session closed for user samftp
May  7 19:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16676]: pam_unix(cron:session): session closed for user root
May  7 19:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Failed password for root from 188.166.223.5 port 39428 ssh2
May  7 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Received disconnect from 188.166.223.5 port 39428:11: Bye Bye [preauth]
May  7 19:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Disconnected from 188.166.223.5 port 39428 [preauth]
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session closed for user p13x
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18117]: Successful su for rubyman by root
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18117]: + ??? root:rubyman
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348559 of user rubyman.
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18117]: pam_unix(su:session): session closed for user rubyman
May  7 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348559.
May  7 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15407]: pam_unix(cron:session): session closed for user root
May  7 19:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session closed for user samftp
May  7 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17114]: pam_unix(cron:session): session closed for user root
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18466]: pam_unix(cron:session): session closed for user root
May  7 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18461]: pam_unix(cron:session): session closed for user p13x
May  7 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18531]: Successful su for rubyman by root
May  7 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18531]: + ??? root:rubyman
May  7 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348563 of user rubyman.
May  7 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18531]: pam_unix(su:session): session closed for user rubyman
May  7 19:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348563.
May  7 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session closed for user root
May  7 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15806]: pam_unix(cron:session): session closed for user root
May  7 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session closed for user samftp
May  7 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17534]: pam_unix(cron:session): session closed for user root
May  7 19:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18846]: Failed password for root from 190.103.202.7 port 35448 ssh2
May  7 19:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18846]: Connection closed by 190.103.202.7 port 35448 [preauth]
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18899]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18898]: pam_unix(cron:session): session closed for user p13x
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18972]: Successful su for rubyman by root
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18972]: + ??? root:rubyman
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348569 of user rubyman.
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18972]: pam_unix(su:session): session closed for user rubyman
May  7 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348569.
May  7 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16196]: pam_unix(cron:session): session closed for user root
May  7 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18899]: pam_unix(cron:session): session closed for user samftp
May  7 19:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user root
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19322]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19320]: pam_unix(cron:session): session closed for user p13x
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: Successful su for rubyman by root
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: + ??? root:rubyman
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348572 of user rubyman.
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19380]: pam_unix(su:session): session closed for user rubyman
May  7 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348572.
May  7 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16675]: pam_unix(cron:session): session closed for user root
May  7 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19322]: pam_unix(cron:session): session closed for user samftp
May  7 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session closed for user root
May  7 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19734]: pam_unix(cron:session): session closed for user p13x
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19794]: Successful su for rubyman by root
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19794]: + ??? root:rubyman
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348577 of user rubyman.
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19794]: pam_unix(su:session): session closed for user rubyman
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348577.
May  7 19:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17112]: pam_unix(cron:session): session closed for user root
May  7 19:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Failed password for root from 80.94.95.125 port 13155 ssh2
May  7 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19735]: pam_unix(cron:session): session closed for user samftp
May  7 19:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Failed password for root from 80.94.95.125 port 13155 ssh2
May  7 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 13155 ssh2]
May  7 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Received disconnect from 80.94.95.125 port 13155:11: Bye [preauth]
May  7 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: Disconnected from 80.94.95.125 port 13155 [preauth]
May  7 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 19:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19828]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18901]: pam_unix(cron:session): session closed for user root
May  7 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session closed for user p13x
May  7 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20202]: Successful su for rubyman by root
May  7 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20202]: + ??? root:rubyman
May  7 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348580 of user rubyman.
May  7 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20202]: pam_unix(su:session): session closed for user rubyman
May  7 19:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348580.
May  7 19:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17533]: pam_unix(cron:session): session closed for user root
May  7 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session closed for user samftp
May  7 19:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Invalid user frappe from 188.166.223.5
May  7 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: input_userauth_request: invalid user frappe [preauth]
May  7 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Failed password for invalid user frappe from 188.166.223.5 port 58492 ssh2
May  7 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Received disconnect from 188.166.223.5 port 58492:11: Bye Bye [preauth]
May  7 19:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20414]: Disconnected from 188.166.223.5 port 58492 [preauth]
May  7 19:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19324]: pam_unix(cron:session): session closed for user root
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20545]: pam_unix(cron:session): session closed for user root
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20540]: pam_unix(cron:session): session closed for user p13x
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20607]: Successful su for rubyman by root
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20607]: + ??? root:rubyman
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20607]: pam_unix(su:session): session closed for user rubyman
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348587 of user rubyman.
May  7 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348587.
May  7 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user root
May  7 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user root
May  7 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session closed for user samftp
May  7 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Invalid user saquib from 64.23.161.151
May  7 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: input_userauth_request: invalid user saquib [preauth]
May  7 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Failed password for invalid user saquib from 64.23.161.151 port 54604 ssh2
May  7 19:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20849]: Connection closed by 64.23.161.151 port 54604 [preauth]
May  7 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19737]: pam_unix(cron:session): session closed for user root
May  7 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20991]: pam_unix(cron:session): session closed for user p13x
May  7 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: Successful su for rubyman by root
May  7 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: + ??? root:rubyman
May  7 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348591 of user rubyman.
May  7 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21059]: pam_unix(su:session): session closed for user rubyman
May  7 19:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348591.
May  7 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session closed for user root
May  7 19:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20992]: pam_unix(cron:session): session closed for user samftp
May  7 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20144]: pam_unix(cron:session): session closed for user root
May  7 19:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 19:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Failed password for root from 218.92.0.179 port 24938 ssh2
May  7 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 24938 ssh2]
May  7 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Received disconnect from 218.92.0.179 port 24938:11:  [preauth]
May  7 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: Disconnected from 218.92.0.179 port 24938 [preauth]
May  7 19:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21388]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21432]: pam_unix(cron:session): session closed for user p13x
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: Successful su for rubyman by root
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: + ??? root:rubyman
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348595 of user rubyman.
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21497]: pam_unix(su:session): session closed for user rubyman
May  7 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348595.
May  7 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18900]: pam_unix(cron:session): session closed for user root
May  7 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21433]: pam_unix(cron:session): session closed for user samftp
May  7 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session closed for user root
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22154]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22153]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22153]: pam_unix(cron:session): session closed for user p13x
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: Successful su for rubyman by root
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: + ??? root:rubyman
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348598 of user rubyman.
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22219]: pam_unix(su:session): session closed for user rubyman
May  7 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348598.
May  7 19:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19323]: pam_unix(cron:session): session closed for user root
May  7 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Invalid user default from 194.0.234.19
May  7 19:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: input_userauth_request: invalid user default [preauth]
May  7 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22154]: pam_unix(cron:session): session closed for user samftp
May  7 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Failed password for invalid user default from 194.0.234.19 port 44978 ssh2
May  7 19:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22368]: Connection closed by 194.0.234.19 port 44978 [preauth]
May  7 19:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20994]: pam_unix(cron:session): session closed for user root
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22622]: pam_unix(cron:session): session closed for user p13x
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: Successful su for rubyman by root
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: + ??? root:rubyman
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348602 of user rubyman.
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22688]: pam_unix(su:session): session closed for user rubyman
May  7 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348602.
May  7 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19736]: pam_unix(cron:session): session closed for user root
May  7 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22623]: pam_unix(cron:session): session closed for user samftp
May  7 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21435]: pam_unix(cron:session): session closed for user root
May  7 19:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 19:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Failed password for root from 188.166.223.5 port 45764 ssh2
May  7 19:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Received disconnect from 188.166.223.5 port 45764:11: Bye Bye [preauth]
May  7 19:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23062]: Disconnected from 188.166.223.5 port 45764 [preauth]
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session closed for user root
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23089]: pam_unix(cron:session): session closed for user p13x
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: Successful su for rubyman by root
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: + ??? root:rubyman
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348611 of user rubyman.
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23162]: pam_unix(su:session): session closed for user rubyman
May  7 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348611.
May  7 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user root
May  7 19:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20143]: pam_unix(cron:session): session closed for user root
May  7 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23090]: pam_unix(cron:session): session closed for user samftp
May  7 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session closed for user root
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23626]: pam_unix(cron:session): session closed for user p13x
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: Successful su for rubyman by root
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: + ??? root:rubyman
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348613 of user rubyman.
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23695]: pam_unix(su:session): session closed for user rubyman
May  7 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348613.
May  7 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session closed for user root
May  7 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session closed for user samftp
May  7 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22625]: pam_unix(cron:session): session closed for user root
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24149]: pam_unix(cron:session): session closed for user p13x
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: Successful su for rubyman by root
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: + ??? root:rubyman
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348617 of user rubyman.
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24222]: pam_unix(su:session): session closed for user rubyman
May  7 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348617.
May  7 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20993]: pam_unix(cron:session): session closed for user root
May  7 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24150]: pam_unix(cron:session): session closed for user samftp
May  7 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Failed password for root from 50.235.31.47 port 47520 ssh2
May  7 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24419]: Connection closed by 50.235.31.47 port 47520 [preauth]
May  7 19:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
May  7 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session closed for user p13x
May  7 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24667]: Successful su for rubyman by root
May  7 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24667]: + ??? root:rubyman
May  7 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24667]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348620 of user rubyman.
May  7 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24667]: pam_unix(su:session): session closed for user rubyman
May  7 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348620.
May  7 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21434]: pam_unix(cron:session): session closed for user root
May  7 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session closed for user samftp
May  7 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: Invalid user shafiq from 64.23.161.151
May  7 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: input_userauth_request: invalid user shafiq [preauth]
May  7 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: Failed password for invalid user shafiq from 64.23.161.151 port 58976 ssh2
May  7 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24897]: Connection closed by 64.23.161.151 port 58976 [preauth]
May  7 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user root
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user p13x
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25077]: Successful su for rubyman by root
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25077]: + ??? root:rubyman
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348624 of user rubyman.
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25077]: pam_unix(su:session): session closed for user rubyman
May  7 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348624.
May  7 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22155]: pam_unix(cron:session): session closed for user root
May  7 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user samftp
May  7 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24152]: pam_unix(cron:session): session closed for user root
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25429]: pam_unix(cron:session): session closed for user root
May  7 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25424]: pam_unix(cron:session): session closed for user p13x
May  7 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: Successful su for rubyman by root
May  7 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: + ??? root:rubyman
May  7 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348631 of user rubyman.
May  7 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25492]: pam_unix(su:session): session closed for user rubyman
May  7 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348631.
May  7 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25426]: pam_unix(cron:session): session closed for user root
May  7 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22624]: pam_unix(cron:session): session closed for user root
May  7 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25425]: pam_unix(cron:session): session closed for user samftp
May  7 19:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Failed password for root from 188.166.223.5 port 60326 ssh2
May  7 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Received disconnect from 188.166.223.5 port 60326:11: Bye Bye [preauth]
May  7 19:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25774]: Disconnected from 188.166.223.5 port 60326 [preauth]
May  7 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session closed for user root
May  7 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session closed for user p13x
May  7 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26021]: Successful su for rubyman by root
May  7 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26021]: + ??? root:rubyman
May  7 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348636 of user rubyman.
May  7 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26021]: pam_unix(su:session): session closed for user rubyman
May  7 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348636.
May  7 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user root
May  7 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session closed for user samftp
May  7 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25018]: pam_unix(cron:session): session closed for user root
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26352]: pam_unix(cron:session): session closed for user p13x
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: Successful su for rubyman by root
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: + ??? root:rubyman
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348638 of user rubyman.
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26414]: pam_unix(su:session): session closed for user rubyman
May  7 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348638.
May  7 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user root
May  7 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26353]: pam_unix(cron:session): session closed for user samftp
May  7 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25428]: pam_unix(cron:session): session closed for user root
May  7 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session closed for user p13x
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26905]: Successful su for rubyman by root
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26905]: + ??? root:rubyman
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348642 of user rubyman.
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26905]: pam_unix(su:session): session closed for user rubyman
May  7 19:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348642.
May  7 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24151]: pam_unix(cron:session): session closed for user root
May  7 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session closed for user samftp
May  7 19:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Invalid user kevin from 85.208.84.5
May  7 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: input_userauth_request: invalid user kevin [preauth]
May  7 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  7 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Failed password for invalid user kevin from 85.208.84.5 port 22458 ssh2
May  7 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27220]: Connection closed by 85.208.84.5 port 22458 [preauth]
May  7 19:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25955]: pam_unix(cron:session): session closed for user root
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session closed for user p13x
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: Successful su for rubyman by root
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: + ??? root:rubyman
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348647 of user rubyman.
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27498]: pam_unix(su:session): session closed for user rubyman
May  7 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348647.
May  7 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27323]: pam_unix(cron:session): session closed for user root
May  7 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session closed for user root
May  7 19:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27327]: pam_unix(cron:session): session closed for user samftp
May  7 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user root
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user root
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session closed for user p13x
May  7 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: Successful su for rubyman by root
May  7 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: + ??? root:rubyman
May  7 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348652 of user rubyman.
May  7 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27953]: pam_unix(su:session): session closed for user rubyman
May  7 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348652.
May  7 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session closed for user root
May  7 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user root
May  7 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27882]: pam_unix(cron:session): session closed for user samftp
May  7 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26843]: pam_unix(cron:session): session closed for user root
May  7 19:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Failed password for root from 188.166.223.5 port 43262 ssh2
May  7 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Received disconnect from 188.166.223.5 port 43262:11: Bye Bye [preauth]
May  7 19:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28264]: Disconnected from 188.166.223.5 port 43262 [preauth]
May  7 19:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  7 19:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Failed password for root from 186.96.145.241 port 53506 ssh2
May  7 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28295]: Connection closed by 186.96.145.241 port 53506 [preauth]
May  7 19:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 19:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Failed password for root from 218.92.0.179 port 63485 ssh2
May  7 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63485 ssh2]
May  7 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Received disconnect from 218.92.0.179 port 63485:11:  [preauth]
May  7 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: Disconnected from 218.92.0.179 port 63485 [preauth]
May  7 19:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28305]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28323]: pam_unix(cron:session): session closed for user p13x
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: Successful su for rubyman by root
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: + ??? root:rubyman
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348657 of user rubyman.
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28402]: pam_unix(su:session): session closed for user rubyman
May  7 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348657.
May  7 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25427]: pam_unix(cron:session): session closed for user root
May  7 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28324]: pam_unix(cron:session): session closed for user samftp
May  7 19:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27331]: pam_unix(cron:session): session closed for user root
May  7 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: Invalid user shahriar from 64.23.161.151
May  7 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: input_userauth_request: invalid user shahriar [preauth]
May  7 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: Failed password for invalid user shahriar from 64.23.161.151 port 58052 ssh2
May  7 19:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28678]: Connection closed by 64.23.161.151 port 58052 [preauth]
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28739]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28737]: pam_unix(cron:session): session closed for user p13x
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: Successful su for rubyman by root
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: + ??? root:rubyman
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348661 of user rubyman.
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28799]: pam_unix(su:session): session closed for user rubyman
May  7 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348661.
May  7 19:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25954]: pam_unix(cron:session): session closed for user root
May  7 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28739]: pam_unix(cron:session): session closed for user samftp
May  7 19:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Invalid user default from 80.94.95.125
May  7 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: input_userauth_request: invalid user default [preauth]
May  7 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed none for invalid user default from 80.94.95.125 port 63828 ssh2
May  7 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 19:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user default from 80.94.95.125 port 63828 ssh2
May  7 19:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user default from 80.94.95.125 port 63828 ssh2
May  7 19:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user default from 80.94.95.125 port 63828 ssh2
May  7 19:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user default from 80.94.95.125 port 63828 ssh2
May  7 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Received disconnect from 80.94.95.125 port 63828:11: Bye [preauth]
May  7 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Disconnected from 80.94.95.125 port 63828 [preauth]
May  7 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 19:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: PAM service(sshd) ignoring max retries; 4 > 3
May  7 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session closed for user root
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29235]: pam_unix(cron:session): session closed for user p13x
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: Successful su for rubyman by root
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: + ??? root:rubyman
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348666 of user rubyman.
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29303]: pam_unix(su:session): session closed for user rubyman
May  7 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348666.
May  7 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session closed for user root
May  7 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29237]: pam_unix(cron:session): session closed for user samftp
May  7 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Invalid user admin from 80.94.95.112
May  7 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: input_userauth_request: invalid user admin [preauth]
May  7 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user admin from 80.94.95.112 port 8652 ssh2
May  7 19:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user admin from 80.94.95.112 port 8652 ssh2
May  7 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28328]: pam_unix(cron:session): session closed for user root
May  7 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user admin from 80.94.95.112 port 8652 ssh2
May  7 19:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user admin from 80.94.95.112 port 8652 ssh2
May  7 19:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Failed password for invalid user admin from 80.94.95.112 port 8652 ssh2
May  7 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Received disconnect from 80.94.95.112 port 8652:11: Bye [preauth]
May  7 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: Disconnected from 80.94.95.112 port 8652 [preauth]
May  7 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 19:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29557]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29654]: pam_unix(cron:session): session closed for user p13x
May  7 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29717]: Successful su for rubyman by root
May  7 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29717]: + ??? root:rubyman
May  7 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348671 of user rubyman.
May  7 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29717]: pam_unix(su:session): session closed for user rubyman
May  7 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348671.
May  7 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session closed for user root
May  7 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29655]: pam_unix(cron:session): session closed for user samftp
May  7 19:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28741]: pam_unix(cron:session): session closed for user root
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30062]: pam_unix(cron:session): session closed for user root
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30057]: pam_unix(cron:session): session closed for user p13x
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: Successful su for rubyman by root
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: + ??? root:rubyman
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348673 of user rubyman.
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30128]: pam_unix(su:session): session closed for user rubyman
May  7 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348673.
May  7 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30059]: pam_unix(cron:session): session closed for user root
May  7 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session closed for user root
May  7 19:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30058]: pam_unix(cron:session): session closed for user samftp
May  7 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29239]: pam_unix(cron:session): session closed for user root
May  7 19:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session closed for user p13x
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Invalid user joseph from 188.166.223.5
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: input_userauth_request: invalid user joseph [preauth]
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30550]: Successful su for rubyman by root
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30550]: + ??? root:rubyman
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348681 of user rubyman.
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30550]: pam_unix(su:session): session closed for user rubyman
May  7 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348681.
May  7 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Failed password for invalid user joseph from 188.166.223.5 port 37652 ssh2
May  7 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Received disconnect from 188.166.223.5 port 37652:11: Bye Bye [preauth]
May  7 19:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30480]: Disconnected from 188.166.223.5 port 37652 [preauth]
May  7 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session closed for user root
May  7 19:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session closed for user samftp
May  7 19:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29658]: pam_unix(cron:session): session closed for user root
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30881]: pam_unix(cron:session): session closed for user p13x
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31003]: Successful su for rubyman by root
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31003]: + ??? root:rubyman
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348684 of user rubyman.
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31003]: pam_unix(su:session): session closed for user rubyman
May  7 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348684.
May  7 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28327]: pam_unix(cron:session): session closed for user root
May  7 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session closed for user samftp
May  7 19:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Invalid user admin from 80.94.95.241
May  7 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: input_userauth_request: invalid user admin [preauth]
May  7 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Failed password for invalid user admin from 80.94.95.241 port 25262 ssh2
May  7 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Failed password for invalid user admin from 80.94.95.241 port 25262 ssh2
May  7 19:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Failed password for invalid user admin from 80.94.95.241 port 25262 ssh2
May  7 19:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Failed password for invalid user admin from 80.94.95.241 port 25262 ssh2
May  7 19:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Failed password for invalid user admin from 80.94.95.241 port 25262 ssh2
May  7 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Received disconnect from 80.94.95.241 port 25262:11: Bye [preauth]
May  7 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: Disconnected from 80.94.95.241 port 25262 [preauth]
May  7 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31258]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30061]: pam_unix(cron:session): session closed for user root
May  7 19:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 19:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Failed password for root from 218.92.0.179 port 47654 ssh2
May  7 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 47654 ssh2]
May  7 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Received disconnect from 218.92.0.179 port 47654:11:  [preauth]
May  7 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: Disconnected from 218.92.0.179 port 47654 [preauth]
May  7 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31366]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31393]: pam_unix(cron:session): session closed for user p13x
May  7 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31454]: Successful su for rubyman by root
May  7 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31454]: + ??? root:rubyman
May  7 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348688 of user rubyman.
May  7 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31454]: pam_unix(su:session): session closed for user rubyman
May  7 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348688.
May  7 19:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28740]: pam_unix(cron:session): session closed for user root
May  7 19:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31394]: pam_unix(cron:session): session closed for user samftp
May  7 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30486]: pam_unix(cron:session): session closed for user root
May  7 19:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: User ftp from 194.0.234.16 not allowed because not listed in AllowUsers
May  7 19:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: input_userauth_request: invalid user ftp [preauth]
May  7 19:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16  user=ftp
May  7 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Failed password for invalid user ftp from 194.0.234.16 port 38454 ssh2
May  7 19:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31779]: Connection closed by 194.0.234.16 port 38454 [preauth]
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31820]: pam_unix(cron:session): session closed for user p13x
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31894]: Successful su for rubyman by root
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31894]: + ??? root:rubyman
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348693 of user rubyman.
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31894]: pam_unix(su:session): session closed for user rubyman
May  7 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348693.
May  7 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29238]: pam_unix(cron:session): session closed for user root
May  7 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31821]: pam_unix(cron:session): session closed for user samftp
May  7 19:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Invalid user _ from 195.178.110.50
May  7 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: input_userauth_request: invalid user _ [preauth]
May  7 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 19:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Failed password for invalid user _ from 195.178.110.50 port 59786 ssh2
May  7 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32360]: Connection closed by 195.178.110.50 port 59786 [preauth]
May  7 19:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session closed for user root
May  7 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Invalid user sumaiya from 64.23.161.151
May  7 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: input_userauth_request: invalid user sumaiya [preauth]
May  7 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Failed password for invalid user sumaiya from 64.23.161.151 port 57246 ssh2
May  7 19:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32505]: Connection closed by 64.23.161.151 port 57246 [preauth]
May  7 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: Invalid user " from 195.178.110.50
May  7 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: input_userauth_request: invalid user " [preauth]
May  7 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: Failed password for invalid user " from 195.178.110.50 port 29968 ssh2
May  7 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32438]: Connection closed by 195.178.110.50 port 29968 [preauth]
May  7 19:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32547]: pam_unix(cron:session): session closed for user root
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32541]: pam_unix(cron:session): session closed for user p13x
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: Successful su for rubyman by root
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: + ??? root:rubyman
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348695 of user rubyman.
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: pam_unix(su:session): session closed for user rubyman
May  7 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348695.
May  7 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32543]: pam_unix(cron:session): session closed for user root
May  7 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29656]: pam_unix(cron:session): session closed for user root
May  7 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32542]: pam_unix(cron:session): session closed for user samftp
May  7 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Invalid user  from 170.64.222.115
May  7 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: input_userauth_request: invalid user  [preauth]
May  7 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: Invalid user C from 195.178.110.50
May  7 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: input_userauth_request: invalid user C [preauth]
May  7 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 19:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: Failed password for invalid user C from 195.178.110.50 port 51612 ssh2
May  7 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32527]: Connection closed by 195.178.110.50 port 51612 [preauth]
May  7 19:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[545]: Connection closed by 170.64.222.115 port 52822 [preauth]
May  7 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31396]: pam_unix(cron:session): session closed for user root
May  7 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Invalid user d from 195.178.110.50
May  7 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: input_userauth_request: invalid user d [preauth]
May  7 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 19:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Failed password for invalid user d from 195.178.110.50 port 1972 ssh2
May  7 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[569]: Connection closed by 195.178.110.50 port 1972 [preauth]
May  7 19:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: Invalid user ' from 195.178.110.50
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: input_userauth_request: invalid user ' [preauth]
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[713]: pam_unix(cron:session): session closed for user p13x
May  7 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[798]: Successful su for rubyman by root
May  7 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[798]: + ??? root:rubyman
May  7 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348702 of user rubyman.
May  7 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[798]: pam_unix(su:session): session closed for user rubyman
May  7 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348702.
May  7 19:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: Failed password for invalid user ' from 195.178.110.50 port 27626 ssh2
May  7 19:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30060]: pam_unix(cron:session): session closed for user root
May  7 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[714]: pam_unix(cron:session): session closed for user samftp
May  7 19:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[659]: Connection closed by 195.178.110.50 port 27626 [preauth]
May  7 19:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 19:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Failed password for root from 188.166.223.5 port 55150 ssh2
May  7 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Received disconnect from 188.166.223.5 port 55150:11: Bye Bye [preauth]
May  7 19:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Disconnected from 188.166.223.5 port 55150 [preauth]
May  7 19:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Invalid user flink from 170.64.222.115
May  7 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: input_userauth_request: invalid user flink [preauth]
May  7 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Failed password for invalid user flink from 170.64.222.115 port 54284 ssh2
May  7 19:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1093]: Connection closed by 170.64.222.115 port 54284 [preauth]
May  7 19:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31825]: pam_unix(cron:session): session closed for user root
May  7 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Invalid user gitlab from 170.64.222.115
May  7 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: input_userauth_request: invalid user gitlab [preauth]
May  7 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Failed password for invalid user gitlab from 170.64.222.115 port 49496 ssh2
May  7 19:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1124]: Connection closed by 170.64.222.115 port 49496 [preauth]
May  7 19:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Invalid user factorio from 170.64.222.115
May  7 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: input_userauth_request: invalid user factorio [preauth]
May  7 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Failed password for invalid user factorio from 170.64.222.115 port 49536 ssh2
May  7 19:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1137]: Connection closed by 170.64.222.115 port 49536 [preauth]
May  7 19:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Invalid user git from 170.64.222.115
May  7 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: input_userauth_request: invalid user git [preauth]
May  7 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Failed password for invalid user git from 170.64.222.115 port 36872 ssh2
May  7 19:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Connection closed by 170.64.222.115 port 36872 [preauth]
May  7 19:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: Failed password for root from 170.64.222.115 port 36888 ssh2
May  7 19:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1176]: Connection closed by 170.64.222.115 port 36888 [preauth]
May  7 19:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Invalid user rancher from 170.64.222.115
May  7 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: input_userauth_request: invalid user rancher [preauth]
May  7 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Failed password for invalid user rancher from 170.64.222.115 port 43100 ssh2
May  7 19:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Connection closed by 170.64.222.115 port 43100 [preauth]
May  7 19:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Invalid user kingbase from 170.64.222.115
May  7 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: input_userauth_request: invalid user kingbase [preauth]
May  7 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1223]: pam_unix(cron:session): session closed for user p13x
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: Successful su for rubyman by root
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: + ??? root:rubyman
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348706 of user rubyman.
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1299]: pam_unix(su:session): session closed for user rubyman
May  7 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348706.
May  7 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Failed password for invalid user kingbase from 170.64.222.115 port 43102 ssh2
May  7 19:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1206]: Connection closed by 170.64.222.115 port 43102 [preauth]
May  7 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session closed for user root
May  7 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Invalid user data from 170.64.222.115
May  7 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: input_userauth_request: invalid user data [preauth]
May  7 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1224]: pam_unix(cron:session): session closed for user samftp
May  7 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Failed password for invalid user data from 170.64.222.115 port 48412 ssh2
May  7 19:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1480]: Connection closed by 170.64.222.115 port 48412 [preauth]
May  7 19:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: User mysql from 170.64.222.115 not allowed because not listed in AllowUsers
May  7 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: input_userauth_request: invalid user mysql [preauth]
May  7 19:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=mysql
May  7 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Failed password for invalid user mysql from 170.64.222.115 port 48442 ssh2
May  7 19:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1521]: Connection closed by 170.64.222.115 port 48442 [preauth]
May  7 19:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Invalid user yealink from 170.64.222.115
May  7 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: input_userauth_request: invalid user yealink [preauth]
May  7 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Failed password for invalid user yealink from 170.64.222.115 port 46246 ssh2
May  7 19:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1551]: Connection closed by 170.64.222.115 port 46246 [preauth]
May  7 19:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Invalid user hadoop from 170.64.222.115
May  7 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: input_userauth_request: invalid user hadoop [preauth]
May  7 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Failed password for invalid user hadoop from 170.64.222.115 port 46250 ssh2
May  7 19:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1567]: Connection closed by 170.64.222.115 port 46250 [preauth]
May  7 19:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Invalid user ansible from 170.64.222.115
May  7 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: input_userauth_request: invalid user ansible [preauth]
May  7 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Failed password for invalid user ansible from 170.64.222.115 port 56258 ssh2
May  7 19:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Connection closed by 170.64.222.115 port 56258 [preauth]
May  7 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Invalid user runner from 170.64.222.115
May  7 19:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: input_userauth_request: invalid user runner [preauth]
May  7 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Failed password for invalid user runner from 170.64.222.115 port 56268 ssh2
May  7 19:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1604]: Connection closed by 170.64.222.115 port 56268 [preauth]
May  7 19:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32545]: pam_unix(cron:session): session closed for user root
May  7 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: Failed password for root from 170.64.222.115 port 47386 ssh2
May  7 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1636]: Connection closed by 170.64.222.115 port 47386 [preauth]
May  7 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Invalid user odoo16 from 170.64.222.115
May  7 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: input_userauth_request: invalid user odoo16 [preauth]
May  7 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Failed password for invalid user odoo16 from 170.64.222.115 port 47396 ssh2
May  7 19:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Connection closed by 170.64.222.115 port 47396 [preauth]
May  7 19:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Failed password for root from 170.64.222.115 port 52022 ssh2
May  7 19:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1663]: Connection closed by 170.64.222.115 port 52022 [preauth]
May  7 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Invalid user lighthouse from 170.64.222.115
May  7 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: input_userauth_request: invalid user lighthouse [preauth]
May  7 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Failed password for invalid user lighthouse from 170.64.222.115 port 52032 ssh2
May  7 19:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1689]: Connection closed by 170.64.222.115 port 52032 [preauth]
May  7 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Invalid user oracle from 170.64.222.115
May  7 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: input_userauth_request: invalid user oracle [preauth]
May  7 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user oracle from 170.64.222.115 port 57330 ssh2
May  7 19:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Connection closed by 170.64.222.115 port 57330 [preauth]
May  7 19:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Invalid user openvpn from 170.64.222.115
May  7 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: input_userauth_request: invalid user openvpn [preauth]
May  7 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:52:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1734]: pam_unix(cron:session): session closed for user p13x
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1805]: Successful su for rubyman by root
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1805]: + ??? root:rubyman
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348710 of user rubyman.
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1805]: pam_unix(su:session): session closed for user rubyman
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348710.
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Failed password for invalid user openvpn from 170.64.222.115 port 57340 ssh2
May  7 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1726]: Connection closed by 170.64.222.115 port 57340 [preauth]
May  7 19:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session closed for user root
May  7 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1735]: pam_unix(cron:session): session closed for user samftp
May  7 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Failed password for root from 170.64.222.115 port 45578 ssh2
May  7 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2011]: Connection closed by 170.64.222.115 port 45578 [preauth]
May  7 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Invalid user niaoyun from 170.64.222.115
May  7 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: input_userauth_request: invalid user niaoyun [preauth]
May  7 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Failed password for invalid user niaoyun from 170.64.222.115 port 45618 ssh2
May  7 19:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2083]: Connection closed by 170.64.222.115 port 45618 [preauth]
May  7 19:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Invalid user gpuadmin from 170.64.222.115
May  7 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: input_userauth_request: invalid user gpuadmin [preauth]
May  7 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Failed password for invalid user gpuadmin from 170.64.222.115 port 34002 ssh2
May  7 19:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2105]: Connection closed by 170.64.222.115 port 34002 [preauth]
May  7 19:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Invalid user dmdba from 170.64.222.115
May  7 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: input_userauth_request: invalid user dmdba [preauth]
May  7 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Failed password for invalid user dmdba from 170.64.222.115 port 34006 ssh2
May  7 19:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2117]: Connection closed by 170.64.222.115 port 34006 [preauth]
May  7 19:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Invalid user www from 170.64.222.115
May  7 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: input_userauth_request: invalid user www [preauth]
May  7 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Failed password for invalid user www from 170.64.222.115 port 45734 ssh2
May  7 19:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2128]: Connection closed by 170.64.222.115 port 45734 [preauth]
May  7 19:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: Failed password for root from 170.64.222.115 port 45748 ssh2
May  7 19:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2157]: Connection closed by 170.64.222.115 port 45748 [preauth]
May  7 19:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[716]: pam_unix(cron:session): session closed for user root
May  7 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Invalid user postgres from 170.64.222.115
May  7 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: input_userauth_request: invalid user postgres [preauth]
May  7 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Failed password for invalid user postgres from 170.64.222.115 port 50728 ssh2
May  7 19:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2174]: Connection closed by 170.64.222.115 port 50728 [preauth]
May  7 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: Invalid user server from 170.64.222.115
May  7 19:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: input_userauth_request: invalid user server [preauth]
May  7 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: Failed password for invalid user server from 170.64.222.115 port 50742 ssh2
May  7 19:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2196]: Connection closed by 170.64.222.115 port 50742 [preauth]
May  7 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Invalid user user from 170.64.222.115
May  7 19:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: input_userauth_request: invalid user user [preauth]
May  7 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Failed password for invalid user user from 170.64.222.115 port 45428 ssh2
May  7 19:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2208]: Connection closed by 170.64.222.115 port 45428 [preauth]
May  7 19:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: Invalid user dspace from 170.64.222.115
May  7 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: input_userauth_request: invalid user dspace [preauth]
May  7 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: Failed password for invalid user dspace from 170.64.222.115 port 45430 ssh2
May  7 19:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2231]: Connection closed by 170.64.222.115 port 45430 [preauth]
May  7 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Invalid user user1 from 170.64.222.115
May  7 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: input_userauth_request: invalid user user1 [preauth]
May  7 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Failed password for invalid user user1 from 170.64.222.115 port 53318 ssh2
May  7 19:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2242]: Connection closed by 170.64.222.115 port 53318 [preauth]
May  7 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Invalid user g from 170.64.222.115
May  7 19:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: input_userauth_request: invalid user g [preauth]
May  7 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Failed password for invalid user g from 170.64.222.115 port 53326 ssh2
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Connection closed by 170.64.222.115 port 53326 [preauth]
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2255]: pam_unix(cron:session): session closed for user p13x
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: Successful su for rubyman by root
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: + ??? root:rubyman
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348713 of user rubyman.
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2317]: pam_unix(su:session): session closed for user rubyman
May  7 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348713.
May  7 19:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Invalid user postgres from 170.64.222.115
May  7 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: input_userauth_request: invalid user postgres [preauth]
May  7 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31395]: pam_unix(cron:session): session closed for user root
May  7 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Failed password for invalid user postgres from 170.64.222.115 port 46554 ssh2
May  7 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Connection closed by 170.64.222.115 port 46554 [preauth]
May  7 19:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2256]: pam_unix(cron:session): session closed for user samftp
May  7 19:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Invalid user sadmin from 170.64.222.115
May  7 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: input_userauth_request: invalid user sadmin [preauth]
May  7 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Failed password for invalid user sadmin from 170.64.222.115 port 46566 ssh2
May  7 19:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2530]: Connection closed by 170.64.222.115 port 46566 [preauth]
May  7 19:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Invalid user admin from 170.64.222.115
May  7 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: input_userauth_request: invalid user admin [preauth]
May  7 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Failed password for invalid user admin from 170.64.222.115 port 49078 ssh2
May  7 19:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Connection closed by 170.64.222.115 port 49078 [preauth]
May  7 19:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Invalid user debian from 170.64.222.115
May  7 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: input_userauth_request: invalid user debian [preauth]
May  7 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Failed password for invalid user debian from 170.64.222.115 port 49094 ssh2
May  7 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2567]: Connection closed by 170.64.222.115 port 49094 [preauth]
May  7 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Failed password for root from 170.64.222.115 port 44878 ssh2
May  7 19:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2578]: Connection closed by 170.64.222.115 port 44878 [preauth]
May  7 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Failed password for root from 170.64.222.115 port 44882 ssh2
May  7 19:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2610]: Connection closed by 170.64.222.115 port 44882 [preauth]
May  7 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Invalid user centos from 170.64.222.115
May  7 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: input_userauth_request: invalid user centos [preauth]
May  7 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session closed for user root
May  7 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Failed password for invalid user centos from 170.64.222.115 port 59944 ssh2
May  7 19:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2622]: Connection closed by 170.64.222.115 port 59944 [preauth]
May  7 19:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: User ftp from 170.64.222.115 not allowed because not listed in AllowUsers
May  7 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: input_userauth_request: invalid user ftp [preauth]
May  7 19:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=ftp
May  7 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: Failed password for invalid user ftp from 170.64.222.115 port 59956 ssh2
May  7 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2652]: Connection closed by 170.64.222.115 port 59956 [preauth]
May  7 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Invalid user nvidia from 170.64.222.115
May  7 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: input_userauth_request: invalid user nvidia [preauth]
May  7 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Failed password for invalid user nvidia from 170.64.222.115 port 37232 ssh2
May  7 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2666]: Connection closed by 170.64.222.115 port 37232 [preauth]
May  7 19:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: Invalid user es from 170.64.222.115
May  7 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: input_userauth_request: invalid user es [preauth]
May  7 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: Failed password for invalid user es from 170.64.222.115 port 37240 ssh2
May  7 19:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2701]: Connection closed by 170.64.222.115 port 37240 [preauth]
May  7 19:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Invalid user hadoop from 170.64.222.115
May  7 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: input_userauth_request: invalid user hadoop [preauth]
May  7 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Failed password for invalid user hadoop from 170.64.222.115 port 51430 ssh2
May  7 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2712]: Connection closed by 170.64.222.115 port 51430 [preauth]
May  7 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: Invalid user wang from 170.64.222.115
May  7 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: input_userauth_request: invalid user wang [preauth]
May  7 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: Failed password for invalid user wang from 170.64.222.115 port 51432 ssh2
May  7 19:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2719]: Connection closed by 170.64.222.115 port 51432 [preauth]
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2732]: pam_unix(cron:session): session closed for user root
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2727]: pam_unix(cron:session): session closed for user p13x
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: Successful su for rubyman by root
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: + ??? root:rubyman
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348719 of user rubyman.
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2807]: pam_unix(su:session): session closed for user rubyman
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348719.
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: Invalid user guest from 170.64.222.115
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: input_userauth_request: invalid user guest [preauth]
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2729]: pam_unix(cron:session): session closed for user root
May  7 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: Failed password for invalid user guest from 170.64.222.115 port 37176 ssh2
May  7 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31824]: pam_unix(cron:session): session closed for user root
May  7 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2724]: Connection closed by 170.64.222.115 port 37176 [preauth]
May  7 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Invalid user demo from 170.64.222.115
May  7 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: input_userauth_request: invalid user demo [preauth]
May  7 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2728]: pam_unix(cron:session): session closed for user samftp
May  7 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Failed password for invalid user demo from 170.64.222.115 port 37188 ssh2
May  7 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3008]: Connection closed by 170.64.222.115 port 37188 [preauth]
May  7 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: Invalid user jumpserver from 170.64.222.115
May  7 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: input_userauth_request: invalid user jumpserver [preauth]
May  7 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: Failed password for invalid user jumpserver from 170.64.222.115 port 45158 ssh2
May  7 19:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3034]: Connection closed by 170.64.222.115 port 45158 [preauth]
May  7 19:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Failed password for root from 170.64.222.115 port 45170 ssh2
May  7 19:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Connection closed by 170.64.222.115 port 45170 [preauth]
May  7 19:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Invalid user dev from 170.64.222.115
May  7 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: input_userauth_request: invalid user dev [preauth]
May  7 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Failed password for invalid user dev from 170.64.222.115 port 45184 ssh2
May  7 19:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3067]: Connection closed by 170.64.222.115 port 45184 [preauth]
May  7 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: Failed password for root from 170.64.222.115 port 44866 ssh2
May  7 19:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3090]: Connection closed by 170.64.222.115 port 44866 [preauth]
May  7 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: Failed password for root from 170.64.222.115 port 44890 ssh2
May  7 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1738]: pam_unix(cron:session): session closed for user root
May  7 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3101]: Connection closed by 170.64.222.115 port 44890 [preauth]
May  7 19:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Invalid user bigdata from 170.64.222.115
May  7 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: input_userauth_request: invalid user bigdata [preauth]
May  7 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Failed password for invalid user bigdata from 170.64.222.115 port 41786 ssh2
May  7 19:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3135]: Connection closed by 170.64.222.115 port 41786 [preauth]
May  7 19:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Invalid user guest from 170.64.222.115
May  7 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: input_userauth_request: invalid user guest [preauth]
May  7 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Failed password for invalid user guest from 170.64.222.115 port 41792 ssh2
May  7 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3137]: Connection closed by 170.64.222.115 port 41792 [preauth]
May  7 19:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Invalid user deploy from 170.64.222.115
May  7 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: input_userauth_request: invalid user deploy [preauth]
May  7 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Failed password for invalid user deploy from 170.64.222.115 port 49930 ssh2
May  7 19:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3161]: Connection closed by 170.64.222.115 port 49930 [preauth]
May  7 19:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Invalid user username from 170.64.222.115
May  7 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: input_userauth_request: invalid user username [preauth]
May  7 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Failed password for invalid user username from 170.64.222.115 port 49954 ssh2
May  7 19:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3173]: Connection closed by 170.64.222.115 port 49954 [preauth]
May  7 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Invalid user gpadmin from 170.64.222.115
May  7 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: input_userauth_request: invalid user gpadmin [preauth]
May  7 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Failed password for invalid user gpadmin from 170.64.222.115 port 37290 ssh2
May  7 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3184]: Connection closed by 170.64.222.115 port 37290 [preauth]
May  7 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Invalid user tools from 170.64.222.115
May  7 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: input_userauth_request: invalid user tools [preauth]
May  7 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3212]: pam_unix(cron:session): session closed for user p13x
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: Successful su for rubyman by root
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: + ??? root:rubyman
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348724 of user rubyman.
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: pam_unix(su:session): session closed for user rubyman
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348724.
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Failed password for invalid user tools from 170.64.222.115 port 37322 ssh2
May  7 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3195]: Connection closed by 170.64.222.115 port 37322 [preauth]
May  7 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 80.94.95.125 port 50559 ssh2
May  7 19:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32544]: pam_unix(cron:session): session closed for user root
May  7 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 80.94.95.125 port 50559 ssh2
May  7 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3213]: pam_unix(cron:session): session closed for user samftp
May  7 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Failed password for root from 170.64.222.115 port 57408 ssh2
May  7 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3409]: Connection closed by 170.64.222.115 port 57408 [preauth]
May  7 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 80.94.95.125 port 50559 ssh2
May  7 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 80.94.95.125 port 50559 ssh2
May  7 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: Invalid user dolphinscheduler from 170.64.222.115
May  7 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Failed password for root from 80.94.95.125 port 50559 ssh2
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Received disconnect from 80.94.95.125 port 50559:11: Bye [preauth]
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: Disconnected from 80.94.95.125 port 50559 [preauth]
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3199]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: Failed password for invalid user dolphinscheduler from 170.64.222.115 port 57420 ssh2
May  7 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3491]: Connection closed by 170.64.222.115 port 57420 [preauth]
May  7 19:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: Failed password for root from 170.64.222.115 port 59408 ssh2
May  7 19:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3514]: Connection closed by 170.64.222.115 port 59408 [preauth]
May  7 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: Failed password for root from 170.64.222.115 port 59424 ssh2
May  7 19:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3526]: Connection closed by 170.64.222.115 port 59424 [preauth]
May  7 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Invalid user odoo from 170.64.222.115
May  7 19:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: input_userauth_request: invalid user odoo [preauth]
May  7 19:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Failed password for invalid user odoo from 170.64.222.115 port 58344 ssh2
May  7 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3536]: Connection closed by 170.64.222.115 port 58344 [preauth]
May  7 19:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Invalid user ftpuser from 170.64.222.115
May  7 19:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: input_userauth_request: invalid user ftpuser [preauth]
May  7 19:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Failed password for invalid user ftpuser from 170.64.222.115 port 58346 ssh2
May  7 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Connection closed by 170.64.222.115 port 58346 [preauth]
May  7 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Invalid user user from 170.64.222.115
May  7 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: input_userauth_request: invalid user user [preauth]
May  7 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2259]: pam_unix(cron:session): session closed for user root
May  7 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Failed password for invalid user user from 170.64.222.115 port 40386 ssh2
May  7 19:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3602]: Connection closed by 170.64.222.115 port 40386 [preauth]
May  7 19:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Failed password for root from 170.64.222.115 port 40390 ssh2
May  7 19:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Connection closed by 170.64.222.115 port 40390 [preauth]
May  7 19:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Invalid user dolphinscheduler from 170.64.222.115
May  7 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: Invalid user webdeploy from 188.166.223.5
May  7 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: input_userauth_request: invalid user webdeploy [preauth]
May  7 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Failed password for invalid user dolphinscheduler from 170.64.222.115 port 50362 ssh2
May  7 19:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3636]: Connection closed by 170.64.222.115 port 50362 [preauth]
May  7 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: Failed password for invalid user webdeploy from 188.166.223.5 port 55970 ssh2
May  7 19:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: Received disconnect from 188.166.223.5 port 55970:11: Bye Bye [preauth]
May  7 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3651]: Disconnected from 188.166.223.5 port 55970 [preauth]
May  7 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: User ftp from 170.64.222.115 not allowed because not listed in AllowUsers
May  7 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: input_userauth_request: invalid user ftp [preauth]
May  7 19:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=ftp
May  7 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Failed password for invalid user ftp from 170.64.222.115 port 50378 ssh2
May  7 19:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3661]: Connection closed by 170.64.222.115 port 50378 [preauth]
May  7 19:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Invalid user sonar from 170.64.222.115
May  7 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: input_userauth_request: invalid user sonar [preauth]
May  7 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Failed password for invalid user sonar from 170.64.222.115 port 60548 ssh2
May  7 19:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3672]: Connection closed by 170.64.222.115 port 60548 [preauth]
May  7 19:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Invalid user mehdi from 170.64.222.115
May  7 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: input_userauth_request: invalid user mehdi [preauth]
May  7 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Failed password for invalid user mehdi from 170.64.222.115 port 60562 ssh2
May  7 19:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3682]: Connection closed by 170.64.222.115 port 60562 [preauth]
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3695]: pam_unix(cron:session): session closed for user p13x
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3752]: Successful su for rubyman by root
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3752]: + ??? root:rubyman
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348728 of user rubyman.
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3752]: pam_unix(su:session): session closed for user rubyman
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348728.
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Invalid user hadoop from 170.64.222.115
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: input_userauth_request: invalid user hadoop [preauth]
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Failed password for invalid user hadoop from 170.64.222.115 port 42386 ssh2
May  7 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3692]: Connection closed by 170.64.222.115 port 42386 [preauth]
May  7 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[715]: pam_unix(cron:session): session closed for user root
May  7 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session closed for user samftp
May  7 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Invalid user guest from 170.64.222.115
May  7 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: input_userauth_request: invalid user guest [preauth]
May  7 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Failed password for invalid user guest from 170.64.222.115 port 42400 ssh2
May  7 19:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: Connection closed by 170.64.222.115 port 42400 [preauth]
May  7 19:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Invalid user ubuntu from 170.64.222.115
May  7 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: input_userauth_request: invalid user ubuntu [preauth]
May  7 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Failed password for invalid user ubuntu from 170.64.222.115 port 34778 ssh2
May  7 19:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3959]: Connection closed by 170.64.222.115 port 34778 [preauth]
May  7 19:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: Failed password for root from 170.64.222.115 port 34790 ssh2
May  7 19:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4008]: Connection closed by 170.64.222.115 port 34790 [preauth]
May  7 19:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Invalid user amir from 170.64.222.115
May  7 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: input_userauth_request: invalid user amir [preauth]
May  7 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Failed password for invalid user amir from 170.64.222.115 port 58348 ssh2
May  7 19:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4020]: Connection closed by 170.64.222.115 port 58348 [preauth]
May  7 19:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: Invalid user nexus from 170.64.222.115
May  7 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: input_userauth_request: invalid user nexus [preauth]
May  7 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: Failed password for invalid user nexus from 170.64.222.115 port 58352 ssh2
May  7 19:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4043]: Connection closed by 170.64.222.115 port 58352 [preauth]
May  7 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: Invalid user samba from 170.64.222.115
May  7 19:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: input_userauth_request: invalid user samba [preauth]
May  7 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Invalid user admin1 from 1.202.223.2
May  7 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: input_userauth_request: invalid user admin1 [preauth]
May  7 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: Failed password for invalid user samba from 170.64.222.115 port 58358 ssh2
May  7 19:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4046]: Connection closed by 170.64.222.115 port 58358 [preauth]
May  7 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2731]: pam_unix(cron:session): session closed for user root
May  7 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Failed password for invalid user admin1 from 1.202.223.2 port 12214 ssh2
May  7 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Received disconnect from 1.202.223.2 port 12214:11: Bye Bye [preauth]
May  7 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4057]: Disconnected from 1.202.223.2 port 12214 [preauth]
May  7 19:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: Invalid user dev from 170.64.222.115
May  7 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: input_userauth_request: invalid user dev [preauth]
May  7 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: Failed password for invalid user dev from 170.64.222.115 port 34260 ssh2
May  7 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4079]: Connection closed by 170.64.222.115 port 34260 [preauth]
May  7 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Failed password for root from 170.64.222.115 port 34268 ssh2
May  7 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4091]: Connection closed by 170.64.222.115 port 34268 [preauth]
May  7 19:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Invalid user admin from 170.64.222.115
May  7 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: input_userauth_request: invalid user admin [preauth]
May  7 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Failed password for invalid user admin from 170.64.222.115 port 53968 ssh2
May  7 19:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: Connection closed by 170.64.222.115 port 53968 [preauth]
May  7 19:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: Failed password for root from 170.64.222.115 port 53978 ssh2
May  7 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4123]: Connection closed by 170.64.222.115 port 53978 [preauth]
May  7 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Invalid user test from 170.64.222.115
May  7 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: input_userauth_request: invalid user test [preauth]
May  7 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Failed password for invalid user test from 170.64.222.115 port 56084 ssh2
May  7 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4137]: Connection closed by 170.64.222.115 port 56084 [preauth]
May  7 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Invalid user tohid from 64.23.161.151
May  7 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: input_userauth_request: invalid user tohid [preauth]
May  7 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: Invalid user pi from 170.64.222.115
May  7 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: input_userauth_request: invalid user pi [preauth]
May  7 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Failed password for invalid user tohid from 64.23.161.151 port 58536 ssh2
May  7 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4147]: Connection closed by 64.23.161.151 port 58536 [preauth]
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4156]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4155]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4154]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4154]: pam_unix(cron:session): session closed for user p13x
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4213]: Successful su for rubyman by root
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4213]: + ??? root:rubyman
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348732 of user rubyman.
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4213]: pam_unix(su:session): session closed for user rubyman
May  7 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348732.
May  7 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: Failed password for invalid user pi from 170.64.222.115 port 56102 ssh2
May  7 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for root from 80.94.95.125 port 63927 ssh2
May  7 19:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4151]: Connection closed by 170.64.222.115 port 56102 [preauth]
May  7 19:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1225]: pam_unix(cron:session): session closed for user root
May  7 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for root from 80.94.95.125 port 63927 ssh2
May  7 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4155]: pam_unix(cron:session): session closed for user samftp
May  7 19:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for root from 80.94.95.125 port 63927 ssh2
May  7 19:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: Failed password for root from 170.64.222.115 port 45322 ssh2
May  7 19:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4538]: Connection closed by 170.64.222.115 port 45322 [preauth]
May  7 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for root from 80.94.95.125 port 63927 ssh2
May  7 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Invalid user ubnt from 170.64.222.115
May  7 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: input_userauth_request: invalid user ubnt [preauth]
May  7 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Failed password for root from 80.94.95.125 port 63927 ssh2
May  7 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Received disconnect from 80.94.95.125 port 63927:11: Bye [preauth]
May  7 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: Disconnected from 80.94.95.125 port 63927 [preauth]
May  7 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4149]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Failed password for invalid user ubnt from 170.64.222.115 port 45348 ssh2
May  7 19:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4576]: Connection closed by 170.64.222.115 port 45348 [preauth]
May  7 19:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: Invalid user master from 170.64.222.115
May  7 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: input_userauth_request: invalid user master [preauth]
May  7 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: Failed password for invalid user master from 170.64.222.115 port 52236 ssh2
May  7 19:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4602]: Connection closed by 170.64.222.115 port 52236 [preauth]
May  7 19:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Failed password for root from 170.64.222.115 port 52238 ssh2
May  7 19:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4607]: Connection closed by 170.64.222.115 port 52238 [preauth]
May  7 19:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: Invalid user docker from 170.64.222.115
May  7 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: input_userauth_request: invalid user docker [preauth]
May  7 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: Failed password for invalid user docker from 170.64.222.115 port 44662 ssh2
May  7 19:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: Connection closed by 170.64.222.115 port 44662 [preauth]
May  7 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Invalid user manager from 80.94.95.115
May  7 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: input_userauth_request: invalid user manager [preauth]
May  7 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 19:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Failed password for invalid user manager from 80.94.95.115 port 50952 ssh2
May  7 19:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4638]: Connection closed by 80.94.95.115 port 50952 [preauth]
May  7 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Failed password for root from 170.64.222.115 port 44666 ssh2
May  7 19:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Connection closed by 170.64.222.115 port 44666 [preauth]
May  7 19:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3217]: pam_unix(cron:session): session closed for user root
May  7 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Invalid user www from 170.64.222.115
May  7 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: input_userauth_request: invalid user www [preauth]
May  7 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Failed password for invalid user www from 170.64.222.115 port 45184 ssh2
May  7 19:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4665]: Connection closed by 170.64.222.115 port 45184 [preauth]
May  7 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: User mysql from 170.64.222.115 not allowed because not listed in AllowUsers
May  7 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: input_userauth_request: invalid user mysql [preauth]
May  7 19:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=mysql
May  7 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Failed password for invalid user mysql from 170.64.222.115 port 45190 ssh2
May  7 19:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4683]: Connection closed by 170.64.222.115 port 45190 [preauth]
May  7 19:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Invalid user ubuntu from 170.64.222.115
May  7 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: input_userauth_request: invalid user ubuntu [preauth]
May  7 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for invalid user ubuntu from 170.64.222.115 port 45350 ssh2
May  7 19:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Connection closed by 170.64.222.115 port 45350 [preauth]
May  7 19:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Invalid user admin from 170.64.222.115
May  7 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: input_userauth_request: invalid user admin [preauth]
May  7 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Failed password for invalid user admin from 170.64.222.115 port 45370 ssh2
May  7 19:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4718]: Connection closed by 170.64.222.115 port 45370 [preauth]
May  7 19:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: Invalid user git from 170.64.222.115
May  7 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: input_userauth_request: invalid user git [preauth]
May  7 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: Failed password for invalid user git from 170.64.222.115 port 39270 ssh2
May  7 19:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4729]: Connection closed by 170.64.222.115 port 39270 [preauth]
May  7 19:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Invalid user test from 170.64.222.115
May  7 19:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: input_userauth_request: invalid user test [preauth]
May  7 19:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Failed password for invalid user test from 170.64.222.115 port 39286 ssh2
May  7 19:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4740]: Connection closed by 170.64.222.115 port 39286 [preauth]
May  7 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4752]: pam_unix(cron:session): session closed for user p13x
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4822]: Successful su for rubyman by root
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4822]: + ??? root:rubyman
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348735 of user rubyman.
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4822]: pam_unix(su:session): session closed for user rubyman
May  7 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348735.
May  7 19:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1737]: pam_unix(cron:session): session closed for user root
May  7 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Failed password for root from 170.64.222.115 port 55588 ssh2
May  7 19:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4820]: Connection closed by 170.64.222.115 port 55588 [preauth]
May  7 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4753]: pam_unix(cron:session): session closed for user samftp
May  7 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Failed password for root from 170.64.222.115 port 55600 ssh2
May  7 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5205]: Connection closed by 170.64.222.115 port 55600 [preauth]
May  7 19:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Invalid user postgres from 170.64.222.115
May  7 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: input_userauth_request: invalid user postgres [preauth]
May  7 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: Failed password for root from 218.92.0.207 port 17904 ssh2
May  7 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Failed password for invalid user postgres from 170.64.222.115 port 60084 ssh2
May  7 19:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5212]: Connection closed by 170.64.222.115 port 60084 [preauth]
May  7 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: Failed password for root from 218.92.0.207 port 17904 ssh2
May  7 19:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Failed password for root from 170.64.222.115 port 60102 ssh2
May  7 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Connection closed by 170.64.222.115 port 60102 [preauth]
May  7 19:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: Failed password for root from 218.92.0.207 port 17904 ssh2
May  7 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: Invalid user odoo17 from 170.64.222.115
May  7 19:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: input_userauth_request: invalid user odoo17 [preauth]
May  7 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: Failed password for root from 218.92.0.207 port 17904 ssh2
May  7 19:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: Failed password for invalid user odoo17 from 170.64.222.115 port 34124 ssh2
May  7 19:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5252]: Connection closed by 170.64.222.115 port 34124 [preauth]
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: Failed password for root from 218.92.0.207 port 17904 ssh2
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 17904 ssh2 [preauth]
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: Disconnecting: Too many authentication failures [preauth]
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5208]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Invalid user oscar from 170.64.222.115
May  7 19:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: input_userauth_request: invalid user oscar [preauth]
May  7 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Failed password for invalid user oscar from 170.64.222.115 port 34134 ssh2
May  7 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5279]: Connection closed by 170.64.222.115 port 34134 [preauth]
May  7 19:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Invalid user test from 170.64.222.115
May  7 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: input_userauth_request: invalid user test [preauth]
May  7 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  7 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3698]: pam_unix(cron:session): session closed for user root
May  7 19:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Failed password for invalid user test from 170.64.222.115 port 33314 ssh2
May  7 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5291]: Connection closed by 170.64.222.115 port 33314 [preauth]
May  7 19:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  7 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Invalid user debian from 170.64.222.115
May  7 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: input_userauth_request: invalid user debian [preauth]
May  7 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Failed password for invalid user debian from 170.64.222.115 port 33318 ssh2
May  7 19:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Connection closed by 170.64.222.115 port 33318 [preauth]
May  7 19:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  7 19:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Invalid user elasticsearch from 170.64.222.115
May  7 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  7 19:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Failed password for invalid user elasticsearch from 170.64.222.115 port 46756 ssh2
May  7 19:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5334]: Connection closed by 170.64.222.115 port 46756 [preauth]
May  7 19:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Invalid user es from 170.64.222.115
May  7 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: input_userauth_request: invalid user es [preauth]
May  7 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  7 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Failed password for invalid user es from 170.64.222.115 port 46770 ssh2
May  7 19:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5357]: Connection closed by 170.64.222.115 port 46770 [preauth]
May  7 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Failed password for root from 218.92.0.207 port 58328 ssh2
May  7 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 58328 ssh2 [preauth]
May  7 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: Disconnecting: Too many authentication failures [preauth]
May  7 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5289]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Invalid user appuser from 170.64.222.115
May  7 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: input_userauth_request: invalid user appuser [preauth]
May  7 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Failed password for invalid user appuser from 170.64.222.115 port 56376 ssh2
May  7 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5368]: Connection closed by 170.64.222.115 port 56376 [preauth]
May  7 19:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 19:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5370]: Failed password for root from 218.92.0.207 port 53046 ssh2
May  7 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Invalid user nginx from 170.64.222.115
May  7 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: input_userauth_request: invalid user nginx [preauth]
May  7 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: pam_unix(sshd:auth): check pass; user unknown
May  7 19:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5370]: Received disconnect from 218.92.0.207 port 53046:11:  [preauth]
May  7 19:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5370]: Disconnected from 218.92.0.207 port 53046 [preauth]
May  7 19:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Failed password for invalid user nginx from 170.64.222.115 port 56394 ssh2
May  7 19:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5382]: Connection closed by 170.64.222.115 port 56394 [preauth]
May  7 20:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5405]: pam_unix(cron:session): session closed for user root
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session closed for user root
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user p13x
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5507]: Successful su for rubyman by root
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5507]: + ??? root:rubyman
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5507]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348741 of user rubyman.
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5507]: pam_unix(su:session): session closed for user rubyman
May  7 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348741.
May  7 20:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: Failed password for root from 170.64.222.115 port 56420 ssh2
May  7 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5396]: Connection closed by 170.64.222.115 port 56420 [preauth]
May  7 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session closed for user root
May  7 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2258]: pam_unix(cron:session): session closed for user root
May  7 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Invalid user admin from 170.64.222.115
May  7 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: input_userauth_request: invalid user admin [preauth]
May  7 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user samftp
May  7 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Failed password for invalid user admin from 170.64.222.115 port 42912 ssh2
May  7 20:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5751]: Connection closed by 170.64.222.115 port 42912 [preauth]
May  7 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Invalid user user2 from 170.64.222.115
May  7 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: input_userauth_request: invalid user user2 [preauth]
May  7 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Failed password for invalid user user2 from 170.64.222.115 port 42926 ssh2
May  7 20:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5782]: Connection closed by 170.64.222.115 port 42926 [preauth]
May  7 20:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Invalid user admin from 170.64.222.115
May  7 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: input_userauth_request: invalid user admin [preauth]
May  7 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Failed password for invalid user admin from 170.64.222.115 port 49630 ssh2
May  7 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5801]: Connection closed by 170.64.222.115 port 49630 [preauth]
May  7 20:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Invalid user esroot from 170.64.222.115
May  7 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: input_userauth_request: invalid user esroot [preauth]
May  7 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Failed password for invalid user esroot from 170.64.222.115 port 49632 ssh2
May  7 20:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5898]: Connection closed by 170.64.222.115 port 49632 [preauth]
May  7 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Invalid user developer from 170.64.222.115
May  7 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: input_userauth_request: invalid user developer [preauth]
May  7 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Failed password for invalid user developer from 170.64.222.115 port 47616 ssh2
May  7 20:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: Connection closed by 170.64.222.115 port 47616 [preauth]
May  7 20:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Invalid user app from 170.64.222.115
May  7 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: input_userauth_request: invalid user app [preauth]
May  7 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Failed password for invalid user app from 170.64.222.115 port 47628 ssh2
May  7 20:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5934]: Connection closed by 170.64.222.115 port 47628 [preauth]
May  7 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4157]: pam_unix(cron:session): session closed for user root
May  7 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Invalid user jenkins from 170.64.222.115
May  7 20:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: input_userauth_request: invalid user jenkins [preauth]
May  7 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Failed password for invalid user jenkins from 170.64.222.115 port 57220 ssh2
May  7 20:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Connection closed by 170.64.222.115 port 57220 [preauth]
May  7 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Invalid user solr from 170.64.222.115
May  7 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: input_userauth_request: invalid user solr [preauth]
May  7 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Failed password for invalid user solr from 170.64.222.115 port 57236 ssh2
May  7 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for root from 218.92.0.179 port 47235 ssh2
May  7 20:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Connection closed by 170.64.222.115 port 57236 [preauth]
May  7 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: Invalid user jms from 170.64.222.115
May  7 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: input_userauth_request: invalid user jms [preauth]
May  7 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for root from 218.92.0.179 port 47235 ssh2
May  7 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: Failed password for invalid user jms from 170.64.222.115 port 42332 ssh2
May  7 20:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6041]: Connection closed by 170.64.222.115 port 42332 [preauth]
May  7 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Failed password for root from 218.92.0.179 port 47235 ssh2
May  7 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Received disconnect from 218.92.0.179 port 47235:11:  [preauth]
May  7 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: Disconnected from 218.92.0.179 port 47235 [preauth]
May  7 20:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Invalid user ubuntu from 170.64.222.115
May  7 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: input_userauth_request: invalid user ubuntu [preauth]
May  7 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Failed password for invalid user ubuntu from 170.64.222.115 port 42346 ssh2
May  7 20:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Connection closed by 170.64.222.115 port 42346 [preauth]
May  7 20:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Invalid user elastic from 170.64.222.115
May  7 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: input_userauth_request: invalid user elastic [preauth]
May  7 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Failed password for invalid user elastic from 170.64.222.115 port 33524 ssh2
May  7 20:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: Connection closed by 170.64.222.115 port 33524 [preauth]
May  7 20:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for root from 170.64.222.115 port 33538 ssh2
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 170.64.222.115 port 33538 [preauth]
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6083]: pam_unix(cron:session): session closed for user p13x
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: Successful su for rubyman by root
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: + ??? root:rubyman
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348746 of user rubyman.
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: pam_unix(su:session): session closed for user rubyman
May  7 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348746.
May  7 20:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Invalid user ftpuser from 170.64.222.115
May  7 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: input_userauth_request: invalid user ftpuser [preauth]
May  7 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2730]: pam_unix(cron:session): session closed for user root
May  7 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Failed password for invalid user ftpuser from 170.64.222.115 port 57544 ssh2
May  7 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6084]: pam_unix(cron:session): session closed for user samftp
May  7 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Connection closed by 170.64.222.115 port 57544 [preauth]
May  7 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Invalid user uftp from 170.64.222.115
May  7 20:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: input_userauth_request: invalid user uftp [preauth]
May  7 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Failed password for invalid user uftp from 170.64.222.115 port 57556 ssh2
May  7 20:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6352]: Connection closed by 170.64.222.115 port 57556 [preauth]
May  7 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Failed password for root from 170.64.222.115 port 58946 ssh2
May  7 20:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6362]: Connection closed by 170.64.222.115 port 58946 [preauth]
May  7 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Invalid user jfedu1 from 170.64.222.115
May  7 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: input_userauth_request: invalid user jfedu1 [preauth]
May  7 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Failed password for invalid user jfedu1 from 170.64.222.115 port 58960 ssh2
May  7 20:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6385]: Connection closed by 170.64.222.115 port 58960 [preauth]
May  7 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Invalid user nginx from 170.64.222.115
May  7 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: input_userauth_request: invalid user nginx [preauth]
May  7 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Failed password for invalid user nginx from 170.64.222.115 port 49112 ssh2
May  7 20:01:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Connection closed by 170.64.222.115 port 49112 [preauth]
May  7 20:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Invalid user tom from 170.64.222.115
May  7 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: input_userauth_request: invalid user tom [preauth]
May  7 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Failed password for invalid user tom from 170.64.222.115 port 49124 ssh2
May  7 20:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6420]: Connection closed by 170.64.222.115 port 49124 [preauth]
May  7 20:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4755]: pam_unix(cron:session): session closed for user root
May  7 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Failed password for root from 170.64.222.115 port 39802 ssh2
May  7 20:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: Connection closed by 170.64.222.115 port 39802 [preauth]
May  7 20:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Failed password for root from 170.64.222.115 port 39818 ssh2
May  7 20:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6466]: Connection closed by 170.64.222.115 port 39818 [preauth]
May  7 20:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: Invalid user centos from 170.64.222.115
May  7 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: input_userauth_request: invalid user centos [preauth]
May  7 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: Failed password for invalid user centos from 170.64.222.115 port 48888 ssh2
May  7 20:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6476]: Connection closed by 170.64.222.115 port 48888 [preauth]
May  7 20:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Invalid user test2 from 170.64.222.115
May  7 20:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: input_userauth_request: invalid user test2 [preauth]
May  7 20:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Failed password for invalid user test2 from 170.64.222.115 port 48894 ssh2
May  7 20:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6499]: Connection closed by 170.64.222.115 port 48894 [preauth]
May  7 20:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Invalid user pi from 170.64.222.115
May  7 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: input_userauth_request: invalid user pi [preauth]
May  7 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Failed password for invalid user pi from 170.64.222.115 port 41226 ssh2
May  7 20:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Connection closed by 170.64.222.115 port 41226 [preauth]
May  7 20:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Invalid user elastic from 170.64.222.115
May  7 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: input_userauth_request: invalid user elastic [preauth]
May  7 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Failed password for invalid user elastic from 170.64.222.115 port 41240 ssh2
May  7 20:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Connection closed by 170.64.222.115 port 41240 [preauth]
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6522]: pam_unix(cron:session): session closed for user p13x
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: Successful su for rubyman by root
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: + ??? root:rubyman
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348752 of user rubyman.
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: pam_unix(su:session): session closed for user rubyman
May  7 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348752.
May  7 20:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Invalid user postgres from 170.64.222.115
May  7 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: input_userauth_request: invalid user postgres [preauth]
May  7 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3216]: pam_unix(cron:session): session closed for user root
May  7 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Failed password for invalid user postgres from 170.64.222.115 port 46096 ssh2
May  7 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6641]: Connection closed by 170.64.222.115 port 46096 [preauth]
May  7 20:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6523]: pam_unix(cron:session): session closed for user samftp
May  7 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 135.237.123.98 port 33708
May  7 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: Invalid user deploy from 170.64.222.115
May  7 20:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: input_userauth_request: invalid user deploy [preauth]
May  7 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Failed password for root from 188.166.223.5 port 39660 ssh2
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Invalid user manager from 80.94.95.115
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: input_userauth_request: invalid user manager [preauth]
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Received disconnect from 188.166.223.5 port 39660:11: Bye Bye [preauth]
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6775]: Disconnected from 188.166.223.5 port 39660 [preauth]
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: Failed password for invalid user deploy from 170.64.222.115 port 46104 ssh2
May  7 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6786]: Connection closed by 170.64.222.115 port 46104 [preauth]
May  7 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Failed password for invalid user manager from 80.94.95.115 port 45786 ssh2
May  7 20:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Connection closed by 80.94.95.115 port 45786 [preauth]
May  7 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Invalid user dev from 170.64.222.115
May  7 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: input_userauth_request: invalid user dev [preauth]
May  7 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Failed password for invalid user dev from 170.64.222.115 port 56136 ssh2
May  7 20:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6797]: Connection closed by 170.64.222.115 port 56136 [preauth]
May  7 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Failed password for root from 170.64.222.115 port 56150 ssh2
May  7 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6819]: Connection closed by 170.64.222.115 port 56150 [preauth]
May  7 20:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Invalid user user from 170.64.222.115
May  7 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: input_userauth_request: invalid user user [preauth]
May  7 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for invalid user user from 170.64.222.115 port 36484 ssh2
May  7 20:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Connection closed by 170.64.222.115 port 36484 [preauth]
May  7 20:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Failed password for root from 170.64.222.115 port 36496 ssh2
May  7 20:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6855]: Connection closed by 170.64.222.115 port 36496 [preauth]
May  7 20:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: Invalid user hadoop from 170.64.222.115
May  7 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: input_userauth_request: invalid user hadoop [preauth]
May  7 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: Failed password for invalid user hadoop from 170.64.222.115 port 55948 ssh2
May  7 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6866]: Connection closed by 170.64.222.115 port 55948 [preauth]
May  7 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5404]: pam_unix(cron:session): session closed for user root
May  7 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Invalid user git from 170.64.222.115
May  7 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: input_userauth_request: invalid user git [preauth]
May  7 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Failed password for invalid user git from 170.64.222.115 port 55964 ssh2
May  7 20:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6897]: Connection closed by 170.64.222.115 port 55964 [preauth]
May  7 20:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Invalid user esuser from 170.64.222.115
May  7 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: input_userauth_request: invalid user esuser [preauth]
May  7 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Failed password for invalid user esuser from 170.64.222.115 port 38960 ssh2
May  7 20:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6995]: Connection closed by 170.64.222.115 port 38960 [preauth]
May  7 20:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Invalid user tom from 170.64.222.115
May  7 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: input_userauth_request: invalid user tom [preauth]
May  7 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Failed password for invalid user tom from 170.64.222.115 port 38972 ssh2
May  7 20:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Connection closed by 170.64.222.115 port 38972 [preauth]
May  7 20:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Invalid user media from 170.64.222.115
May  7 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: input_userauth_request: invalid user media [preauth]
May  7 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for invalid user media from 170.64.222.115 port 35612 ssh2
May  7 20:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Connection closed by 170.64.222.115 port 35612 [preauth]
May  7 20:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Invalid user ftpuser from 170.64.222.115
May  7 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: input_userauth_request: invalid user ftpuser [preauth]
May  7 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user ftpuser from 170.64.222.115 port 35626 ssh2
May  7 20:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Connection closed by 170.64.222.115 port 35626 [preauth]
May  7 20:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Invalid user oracle from 170.64.222.115
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: input_userauth_request: invalid user oracle [preauth]
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7058]: pam_unix(cron:session): session closed for user p13x
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7140]: Successful su for rubyman by root
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7140]: + ??? root:rubyman
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348754 of user rubyman.
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7140]: pam_unix(su:session): session closed for user rubyman
May  7 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348754.
May  7 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Failed password for invalid user oracle from 170.64.222.115 port 57882 ssh2
May  7 20:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7049]: Connection closed by 170.64.222.115 port 57882 [preauth]
May  7 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session closed for user root
May  7 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7059]: pam_unix(cron:session): session closed for user samftp
May  7 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Invalid user kingbase from 170.64.222.115
May  7 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: input_userauth_request: invalid user kingbase [preauth]
May  7 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Failed password for invalid user kingbase from 170.64.222.115 port 57892 ssh2
May  7 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7306]: Connection closed by 170.64.222.115 port 57892 [preauth]
May  7 20:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  7 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Invalid user lighthouse from 170.64.222.115
May  7 20:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: input_userauth_request: invalid user lighthouse [preauth]
May  7 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Failed password for root from 164.68.105.9 port 35666 ssh2
May  7 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Connection closed by 164.68.105.9 port 35666 [preauth]
May  7 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Failed password for invalid user lighthouse from 170.64.222.115 port 57908 ssh2
May  7 20:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7330]: Connection closed by 170.64.222.115 port 57908 [preauth]
May  7 20:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Invalid user user2 from 170.64.222.115
May  7 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: input_userauth_request: invalid user user2 [preauth]
May  7 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Failed password for invalid user user2 from 170.64.222.115 port 40232 ssh2
May  7 20:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7352]: Connection closed by 170.64.222.115 port 40232 [preauth]
May  7 20:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Invalid user wso2 from 170.64.222.115
May  7 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: input_userauth_request: invalid user wso2 [preauth]
May  7 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Failed password for invalid user wso2 from 170.64.222.115 port 40242 ssh2
May  7 20:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7362]: Connection closed by 170.64.222.115 port 40242 [preauth]
May  7 20:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Invalid user developer from 170.64.222.115
May  7 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: input_userauth_request: invalid user developer [preauth]
May  7 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Failed password for invalid user developer from 170.64.222.115 port 52850 ssh2
May  7 20:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7384]: Connection closed by 170.64.222.115 port 52850 [preauth]
May  7 20:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Failed password for root from 170.64.222.115 port 52862 ssh2
May  7 20:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7394]: Connection closed by 170.64.222.115 port 52862 [preauth]
May  7 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6086]: pam_unix(cron:session): session closed for user root
May  7 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Invalid user uftp from 170.64.222.115
May  7 20:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: input_userauth_request: invalid user uftp [preauth]
May  7 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Failed password for invalid user uftp from 170.64.222.115 port 38238 ssh2
May  7 20:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Connection closed by 170.64.222.115 port 38238 [preauth]
May  7 20:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Invalid user observer from 170.64.222.115
May  7 20:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: input_userauth_request: invalid user observer [preauth]
May  7 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Failed password for invalid user observer from 170.64.222.115 port 38252 ssh2
May  7 20:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Connection closed by 170.64.222.115 port 38252 [preauth]
May  7 20:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: Failed password for root from 170.64.222.115 port 52936 ssh2
May  7 20:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7452]: Connection closed by 170.64.222.115 port 52936 [preauth]
May  7 20:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: Invalid user opc from 170.64.222.115
May  7 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: input_userauth_request: invalid user opc [preauth]
May  7 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: Failed password for invalid user opc from 170.64.222.115 port 52942 ssh2
May  7 20:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7464]: Connection closed by 170.64.222.115 port 52942 [preauth]
May  7 20:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Invalid user testuser from 170.64.222.115
May  7 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: input_userauth_request: invalid user testuser [preauth]
May  7 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Failed password for invalid user testuser from 170.64.222.115 port 53736 ssh2
May  7 20:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7476]: Connection closed by 170.64.222.115 port 53736 [preauth]
May  7 20:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Invalid user ranger from 170.64.222.115
May  7 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: input_userauth_request: invalid user ranger [preauth]
May  7 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Failed password for invalid user ranger from 170.64.222.115 port 53738 ssh2
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Connection closed by 170.64.222.115 port 53738 [preauth]
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session closed for user p13x
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: Successful su for rubyman by root
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: + ??? root:rubyman
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348759 of user rubyman.
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: pam_unix(su:session): session closed for user rubyman
May  7 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348759.
May  7 20:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4156]: pam_unix(cron:session): session closed for user root
May  7 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Failed password for root from 170.64.222.115 port 40794 ssh2
May  7 20:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7755]: Connection closed by 170.64.222.115 port 40794 [preauth]
May  7 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user samftp
May  7 20:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Connection closed by 46.244.96.25 port 50762 [preauth]
May  7 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Invalid user wang from 170.64.222.115
May  7 20:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: input_userauth_request: invalid user wang [preauth]
May  7 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 20:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: Failed password for root from 46.244.96.25 port 50776 ssh2
May  7 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Failed password for invalid user wang from 170.64.222.115 port 40804 ssh2
May  7 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7878]: Connection closed by 170.64.222.115 port 40804 [preauth]
May  7 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7877]: Connection closed by 46.244.96.25 port 50776 [preauth]
May  7 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Failed password for root from 190.103.202.7 port 49692 ssh2
May  7 20:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Connection closed by 190.103.202.7 port 49692 [preauth]
May  7 20:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Invalid user zabbix from 170.64.222.115
May  7 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: input_userauth_request: invalid user zabbix [preauth]
May  7 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Failed password for invalid user zabbix from 170.64.222.115 port 43594 ssh2
May  7 20:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7891]: Connection closed by 170.64.222.115 port 43594 [preauth]
May  7 20:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Invalid user flask from 170.64.222.115
May  7 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: input_userauth_request: invalid user flask [preauth]
May  7 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Failed password for invalid user flask from 170.64.222.115 port 43614 ssh2
May  7 20:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7916]: Connection closed by 170.64.222.115 port 43614 [preauth]
May  7 20:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: Failed password for root from 170.64.222.115 port 57134 ssh2
May  7 20:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7927]: Connection closed by 170.64.222.115 port 57134 [preauth]
May  7 20:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Invalid user ec2-user from 170.64.222.115
May  7 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: input_userauth_request: invalid user ec2-user [preauth]
May  7 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Failed password for invalid user ec2-user from 170.64.222.115 port 57138 ssh2
May  7 20:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7953]: Connection closed by 170.64.222.115 port 57138 [preauth]
May  7 20:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Invalid user elsearch from 170.64.222.115
May  7 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: input_userauth_request: invalid user elsearch [preauth]
May  7 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6525]: pam_unix(cron:session): session closed for user root
May  7 20:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Failed password for invalid user elsearch from 170.64.222.115 port 49560 ssh2
May  7 20:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Connection closed by 170.64.222.115 port 49560 [preauth]
May  7 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: Invalid user server from 170.64.222.115
May  7 20:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: input_userauth_request: invalid user server [preauth]
May  7 20:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: Failed password for invalid user server from 170.64.222.115 port 49574 ssh2
May  7 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7990]: Connection closed by 170.64.222.115 port 49574 [preauth]
May  7 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Failed password for root from 170.64.222.115 port 48662 ssh2
May  7 20:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8000]: Connection closed by 170.64.222.115 port 48662 [preauth]
May  7 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Invalid user elasticsearch from 170.64.222.115
May  7 20:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Failed password for invalid user elasticsearch from 170.64.222.115 port 48692 ssh2
May  7 20:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Connection closed by 170.64.222.115 port 48692 [preauth]
May  7 20:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Failed password for root from 170.64.222.115 port 52938 ssh2
May  7 20:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Connection closed by 170.64.222.115 port 52938 [preauth]
May  7 20:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7593]: Connection closed by 46.244.96.25 port 53106 [preauth]
May  7 20:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Failed password for root from 170.64.222.115 port 52942 ssh2
May  7 20:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8044]: Connection closed by 170.64.222.115 port 52942 [preauth]
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8060]: pam_unix(cron:session): session closed for user root
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8055]: pam_unix(cron:session): session closed for user p13x
May  7 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: Successful su for rubyman by root
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: + ??? root:rubyman
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348765 of user rubyman.
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8145]: pam_unix(su:session): session closed for user rubyman
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348765.
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: Invalid user dmdba from 170.64.222.115
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: input_userauth_request: invalid user dmdba [preauth]
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8057]: pam_unix(cron:session): session closed for user root
May  7 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: Failed password for invalid user dmdba from 170.64.222.115 port 45068 ssh2
May  7 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4754]: pam_unix(cron:session): session closed for user root
May  7 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8127]: Connection closed by 170.64.222.115 port 45068 [preauth]
May  7 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8056]: pam_unix(cron:session): session closed for user samftp
May  7 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Invalid user steam from 170.64.222.115
May  7 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: input_userauth_request: invalid user steam [preauth]
May  7 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Failed password for invalid user steam from 170.64.222.115 port 45088 ssh2
May  7 20:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8352]: Connection closed by 170.64.222.115 port 45088 [preauth]
May  7 20:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Failed password for root from 170.64.222.115 port 36914 ssh2
May  7 20:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8375]: Connection closed by 170.64.222.115 port 36914 [preauth]
May  7 20:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: Failed password for root from 170.64.222.115 port 36926 ssh2
May  7 20:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8399]: Connection closed by 170.64.222.115 port 36926 [preauth]
May  7 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Failed password for root from 170.64.222.115 port 37364 ssh2
May  7 20:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8411]: Connection closed by 170.64.222.115 port 37364 [preauth]
May  7 20:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: Invalid user gitlab-runner from 170.64.222.115
May  7 20:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: input_userauth_request: invalid user gitlab-runner [preauth]
May  7 20:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: Failed password for invalid user gitlab-runner from 170.64.222.115 port 37366 ssh2
May  7 20:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8438]: Connection closed by 170.64.222.115 port 37366 [preauth]
May  7 20:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user root
May  7 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Failed password for root from 170.64.222.115 port 56002 ssh2
May  7 20:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Connection closed by 170.64.222.115 port 56002 [preauth]
May  7 20:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: Invalid user opc from 170.64.222.115
May  7 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: input_userauth_request: invalid user opc [preauth]
May  7 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: Failed password for invalid user opc from 170.64.222.115 port 56016 ssh2
May  7 20:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8475]: Connection closed by 170.64.222.115 port 56016 [preauth]
May  7 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Invalid user minecraft from 170.64.222.115
May  7 20:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: input_userauth_request: invalid user minecraft [preauth]
May  7 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Failed password for invalid user minecraft from 170.64.222.115 port 56038 ssh2
May  7 20:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8486]: Connection closed by 170.64.222.115 port 56038 [preauth]
May  7 20:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Invalid user system from 170.64.222.115
May  7 20:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: input_userauth_request: invalid user system [preauth]
May  7 20:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Failed password for invalid user system from 170.64.222.115 port 42060 ssh2
May  7 20:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8514]: Connection closed by 170.64.222.115 port 42060 [preauth]
May  7 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Invalid user apache from 170.64.222.115
May  7 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: input_userauth_request: invalid user apache [preauth]
May  7 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Failed password for invalid user apache from 170.64.222.115 port 42076 ssh2
May  7 20:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Connection closed by 170.64.222.115 port 42076 [preauth]
May  7 20:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: Invalid user gitlab from 170.64.222.115
May  7 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: input_userauth_request: invalid user gitlab [preauth]
May  7 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: Failed password for invalid user gitlab from 170.64.222.115 port 50344 ssh2
May  7 20:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8537]: Connection closed by 170.64.222.115 port 50344 [preauth]
May  7 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Invalid user steam from 170.64.222.115
May  7 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: input_userauth_request: invalid user steam [preauth]
May  7 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8555]: pam_unix(cron:session): session closed for user p13x
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: Successful su for rubyman by root
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: + ??? root:rubyman
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348768 of user rubyman.
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8626]: pam_unix(su:session): session closed for user rubyman
May  7 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348768.
May  7 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Failed password for invalid user steam from 170.64.222.115 port 50348 ssh2
May  7 20:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8552]: Connection closed by 170.64.222.115 port 50348 [preauth]
May  7 20:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5403]: pam_unix(cron:session): session closed for user root
May  7 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8556]: pam_unix(cron:session): session closed for user samftp
May  7 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: Failed password for root from 170.64.222.115 port 40688 ssh2
May  7 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8791]: Connection closed by 170.64.222.115 port 40688 [preauth]
May  7 20:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8832]: User proxy from 170.64.222.115 not allowed because not listed in AllowUsers
May  7 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8832]: input_userauth_request: invalid user proxy [preauth]
May  7 20:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=proxy
May  7 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8832]: Failed password for invalid user proxy from 170.64.222.115 port 40694 ssh2
May  7 20:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8832]: Connection closed by 170.64.222.115 port 40694 [preauth]
May  7 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Invalid user tomcat from 170.64.222.115
May  7 20:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: input_userauth_request: invalid user tomcat [preauth]
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Invalid user turjo from 64.23.161.151
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: input_userauth_request: invalid user turjo [preauth]
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Failed password for invalid user tomcat from 170.64.222.115 port 53352 ssh2
May  7 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Connection closed by 170.64.222.115 port 53352 [preauth]
May  7 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Failed password for invalid user turjo from 64.23.161.151 port 50964 ssh2
May  7 20:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8863]: Connection closed by 64.23.161.151 port 50964 [preauth]
May  7 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: Invalid user bot from 170.64.222.115
May  7 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: input_userauth_request: invalid user bot [preauth]
May  7 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: Failed password for invalid user bot from 170.64.222.115 port 53358 ssh2
May  7 20:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8865]: Connection closed by 170.64.222.115 port 53358 [preauth]
May  7 20:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: Invalid user esearch from 170.64.222.115
May  7 20:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: input_userauth_request: invalid user esearch [preauth]
May  7 20:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: Failed password for invalid user esearch from 170.64.222.115 port 44662 ssh2
May  7 20:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8877]: Connection closed by 170.64.222.115 port 44662 [preauth]
May  7 20:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8900]: Did not receive identification string from 172.245.184.242
May  7 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Invalid user postgres from 170.64.222.115
May  7 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: input_userauth_request: invalid user postgres [preauth]
May  7 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Failed password for invalid user postgres from 170.64.222.115 port 44674 ssh2
May  7 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8901]: Connection closed by 170.64.222.115 port 44674 [preauth]
May  7 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user root
May  7 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Invalid user weblogic from 170.64.222.115
May  7 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: input_userauth_request: invalid user weblogic [preauth]
May  7 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user weblogic from 170.64.222.115 port 43190 ssh2
May  7 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Invalid user kp from 1.202.223.2
May  7 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: input_userauth_request: invalid user kp [preauth]
May  7 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection closed by 170.64.222.115 port 43190 [preauth]
May  7 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Failed password for invalid user kp from 1.202.223.2 port 9706 ssh2
May  7 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Received disconnect from 1.202.223.2 port 9706:11: Bye Bye [preauth]
May  7 20:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Disconnected from 1.202.223.2 port 9706 [preauth]
May  7 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Invalid user hive from 170.64.222.115
May  7 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: input_userauth_request: invalid user hive [preauth]
May  7 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Failed password for invalid user hive from 170.64.222.115 port 43196 ssh2
May  7 20:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Connection closed by 170.64.222.115 port 43196 [preauth]
May  7 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Invalid user debian from 170.64.222.115
May  7 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: input_userauth_request: invalid user debian [preauth]
May  7 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Failed password for invalid user debian from 170.64.222.115 port 43658 ssh2
May  7 20:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Connection closed by 170.64.222.115 port 43658 [preauth]
May  7 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Invalid user minecraft from 170.64.222.115
May  7 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: input_userauth_request: invalid user minecraft [preauth]
May  7 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Failed password for invalid user minecraft from 170.64.222.115 port 43686 ssh2
May  7 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Connection closed by 170.64.222.115 port 43686 [preauth]
May  7 20:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8996]: Failed password for root from 170.64.222.115 port 45976 ssh2
May  7 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8996]: Connection closed by 170.64.222.115 port 45976 [preauth]
May  7 20:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Invalid user plexserver from 170.64.222.115
May  7 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: input_userauth_request: invalid user plexserver [preauth]
May  7 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user plexserver from 170.64.222.115 port 45978 ssh2
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Connection closed by 170.64.222.115 port 45978 [preauth]
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9017]: pam_unix(cron:session): session closed for user p13x
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9081]: Successful su for rubyman by root
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9081]: + ??? root:rubyman
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348772 of user rubyman.
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9081]: pam_unix(su:session): session closed for user rubyman
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348772.
May  7 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Invalid user oracle from 170.64.222.115
May  7 20:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: input_userauth_request: invalid user oracle [preauth]
May  7 20:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6085]: pam_unix(cron:session): session closed for user root
May  7 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Failed password for invalid user oracle from 170.64.222.115 port 40692 ssh2
May  7 20:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Connection closed by 170.64.222.115 port 40692 [preauth]
May  7 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9018]: pam_unix(cron:session): session closed for user samftp
May  7 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Invalid user user from 170.64.222.115
May  7 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: input_userauth_request: invalid user user [preauth]
May  7 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Failed password for invalid user user from 170.64.222.115 port 40720 ssh2
May  7 20:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9387]: Connection closed by 170.64.222.115 port 40720 [preauth]
May  7 20:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Invalid user gitlab-runner from 170.64.222.115
May  7 20:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: input_userauth_request: invalid user gitlab-runner [preauth]
May  7 20:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Failed password for invalid user gitlab-runner from 170.64.222.115 port 59090 ssh2
May  7 20:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9395]: Connection closed by 170.64.222.115 port 59090 [preauth]
May  7 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Failed password for root from 170.64.222.115 port 59104 ssh2
May  7 20:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9420]: Connection closed by 170.64.222.115 port 59104 [preauth]
May  7 20:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Invalid user ts from 170.64.222.115
May  7 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: input_userauth_request: invalid user ts [preauth]
May  7 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Failed password for invalid user ts from 170.64.222.115 port 45018 ssh2
May  7 20:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9431]: Connection closed by 170.64.222.115 port 45018 [preauth]
May  7 20:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Invalid user administrator from 170.64.222.115
May  7 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: input_userauth_request: invalid user administrator [preauth]
May  7 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Failed password for invalid user administrator from 170.64.222.115 port 45036 ssh2
May  7 20:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9455]: Connection closed by 170.64.222.115 port 45036 [preauth]
May  7 20:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Failed password for root from 170.64.222.115 port 47406 ssh2
May  7 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8059]: pam_unix(cron:session): session closed for user root
May  7 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9468]: Connection closed by 170.64.222.115 port 47406 [preauth]
May  7 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 20:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: Invalid user dolphinscheduler from 170.64.222.115
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: Failed password for root from 188.166.223.5 port 48052 ssh2
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: Received disconnect from 188.166.223.5 port 48052:11: Bye Bye [preauth]
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9497]: Disconnected from 188.166.223.5 port 48052 [preauth]
May  7 20:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Invalid user ubuntu from 1.202.223.2
May  7 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: input_userauth_request: invalid user ubuntu [preauth]
May  7 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: Failed password for invalid user dolphinscheduler from 170.64.222.115 port 47424 ssh2
May  7 20:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9499]: Connection closed by 170.64.222.115 port 47424 [preauth]
May  7 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Failed password for invalid user ubuntu from 1.202.223.2 port 25384 ssh2
May  7 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Received disconnect from 1.202.223.2 port 25384:11: Bye Bye [preauth]
May  7 20:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9501]: Disconnected from 1.202.223.2 port 25384 [preauth]
May  7 20:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Invalid user nginx from 170.64.222.115
May  7 20:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: input_userauth_request: invalid user nginx [preauth]
May  7 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Failed password for invalid user nginx from 170.64.222.115 port 34738 ssh2
May  7 20:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9514]: Connection closed by 170.64.222.115 port 34738 [preauth]
May  7 20:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Invalid user sonar from 170.64.222.115
May  7 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: input_userauth_request: invalid user sonar [preauth]
May  7 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Failed password for invalid user sonar from 170.64.222.115 port 34746 ssh2
May  7 20:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9537]: Connection closed by 170.64.222.115 port 34746 [preauth]
May  7 20:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Failed password for root from 170.64.222.115 port 43614 ssh2
May  7 20:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9548]: Connection closed by 170.64.222.115 port 43614 [preauth]
May  7 20:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Failed password for root from 170.64.222.115 port 43616 ssh2
May  7 20:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9558]: Connection closed by 170.64.222.115 port 43616 [preauth]
May  7 20:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: Invalid user user1 from 170.64.222.115
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: input_userauth_request: invalid user user1 [preauth]
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9571]: pam_unix(cron:session): session closed for user p13x
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9630]: Successful su for rubyman by root
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9630]: + ??? root:rubyman
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348778 of user rubyman.
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9630]: pam_unix(su:session): session closed for user rubyman
May  7 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348778.
May  7 20:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: Failed password for invalid user user1 from 170.64.222.115 port 37832 ssh2
May  7 20:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9568]: Connection closed by 170.64.222.115 port 37832 [preauth]
May  7 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6524]: pam_unix(cron:session): session closed for user root
May  7 20:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9572]: pam_unix(cron:session): session closed for user samftp
May  7 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Failed password for root from 170.64.222.115 port 37842 ssh2
May  7 20:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Connection closed by 170.64.222.115 port 37842 [preauth]
May  7 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: Invalid user gitlab from 170.64.222.115
May  7 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: input_userauth_request: invalid user gitlab [preauth]
May  7 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: Failed password for invalid user gitlab from 170.64.222.115 port 37850 ssh2
May  7 20:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: Connection closed by 170.64.222.115 port 37850 [preauth]
May  7 20:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Invalid user lsfadmin from 170.64.222.115
May  7 20:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: input_userauth_request: invalid user lsfadmin [preauth]
May  7 20:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Failed password for invalid user lsfadmin from 170.64.222.115 port 39436 ssh2
May  7 20:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9848]: Connection closed by 170.64.222.115 port 39436 [preauth]
May  7 20:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Invalid user plex from 170.64.222.115
May  7 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: input_userauth_request: invalid user plex [preauth]
May  7 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Failed password for invalid user plex from 170.64.222.115 port 39446 ssh2
May  7 20:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Connection closed by 170.64.222.115 port 39446 [preauth]
May  7 20:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Failed password for root from 170.64.222.115 port 51506 ssh2
May  7 20:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9884]: Connection closed by 170.64.222.115 port 51506 [preauth]
May  7 20:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Invalid user ec2-user from 170.64.222.115
May  7 20:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: input_userauth_request: invalid user ec2-user [preauth]
May  7 20:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Failed password for invalid user ec2-user from 170.64.222.115 port 51512 ssh2
May  7 20:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9894]: Connection closed by 170.64.222.115 port 51512 [preauth]
May  7 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user root
May  7 20:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: Invalid user mongo from 170.64.222.115
May  7 20:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: input_userauth_request: invalid user mongo [preauth]
May  7 20:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: Failed password for invalid user mongo from 170.64.222.115 port 37604 ssh2
May  7 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9920]: Connection closed by 170.64.222.115 port 37604 [preauth]
May  7 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Invalid user sduran from 1.202.223.2
May  7 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: input_userauth_request: invalid user sduran [preauth]
May  7 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Failed password for invalid user sduran from 1.202.223.2 port 41042 ssh2
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Received disconnect from 1.202.223.2 port 41042:11: Bye Bye [preauth]
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9927]: Disconnected from 1.202.223.2 port 41042 [preauth]
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Invalid user steam from 170.64.222.115
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: input_userauth_request: invalid user steam [preauth]
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Failed password for invalid user steam from 170.64.222.115 port 37616 ssh2
May  7 20:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Connection closed by 170.64.222.115 port 37616 [preauth]
May  7 20:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: Failed password for root from 170.64.222.115 port 53184 ssh2
May  7 20:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9962]: Connection closed by 170.64.222.115 port 53184 [preauth]
May  7 20:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: Invalid user minecraft from 170.64.222.115
May  7 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: input_userauth_request: invalid user minecraft [preauth]
May  7 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: Failed password for invalid user minecraft from 170.64.222.115 port 53192 ssh2
May  7 20:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9972]: Connection closed by 170.64.222.115 port 53192 [preauth]
May  7 20:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Failed password for root from 170.64.222.115 port 50102 ssh2
May  7 20:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Connection closed by 170.64.222.115 port 50102 [preauth]
May  7 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: Invalid user deployer from 170.64.222.115
May  7 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: input_userauth_request: invalid user deployer [preauth]
May  7 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: Failed password for invalid user deployer from 170.64.222.115 port 50124 ssh2
May  7 20:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: Connection closed by 170.64.222.115 port 50124 [preauth]
May  7 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10000]: pam_unix(cron:session): session closed for user p13x
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: Successful su for rubyman by root
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: + ??? root:rubyman
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348781 of user rubyman.
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10122]: pam_unix(su:session): session closed for user rubyman
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348781.
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session closed for user root
May  7 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Invalid user vagrant from 170.64.222.115
May  7 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: input_userauth_request: invalid user vagrant [preauth]
May  7 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session closed for user root
May  7 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Failed password for invalid user vagrant from 170.64.222.115 port 51872 ssh2
May  7 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10230]: Connection closed by 170.64.222.115 port 51872 [preauth]
May  7 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10001]: pam_unix(cron:session): session closed for user samftp
May  7 20:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Invalid user docker from 170.64.222.115
May  7 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: input_userauth_request: invalid user docker [preauth]
May  7 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Failed password for invalid user docker from 170.64.222.115 port 51888 ssh2
May  7 20:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10439]: Connection closed by 170.64.222.115 port 51888 [preauth]
May  7 20:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Invalid user esuser from 170.64.222.115
May  7 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: input_userauth_request: invalid user esuser [preauth]
May  7 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Failed password for invalid user esuser from 170.64.222.115 port 51864 ssh2
May  7 20:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10450]: Connection closed by 170.64.222.115 port 51864 [preauth]
May  7 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Failed password for root from 170.64.222.115 port 51878 ssh2
May  7 20:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10475]: Connection closed by 170.64.222.115 port 51878 [preauth]
May  7 20:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Invalid user fastuser from 170.64.222.115
May  7 20:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: input_userauth_request: invalid user fastuser [preauth]
May  7 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Failed password for invalid user fastuser from 170.64.222.115 port 40072 ssh2
May  7 20:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10485]: Connection closed by 170.64.222.115 port 40072 [preauth]
May  7 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Failed password for root from 170.64.222.115 port 40086 ssh2
May  7 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10512]: Connection closed by 170.64.222.115 port 40086 [preauth]
May  7 20:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Invalid user testuser from 170.64.222.115
May  7 20:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: input_userauth_request: invalid user testuser [preauth]
May  7 20:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2  user=root
May  7 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9021]: pam_unix(cron:session): session closed for user root
May  7 20:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Failed password for invalid user testuser from 170.64.222.115 port 60022 ssh2
May  7 20:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Connection closed by 170.64.222.115 port 60022 [preauth]
May  7 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Failed password for root from 1.202.223.2 port 56722 ssh2
May  7 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Received disconnect from 1.202.223.2 port 56722:11: Bye Bye [preauth]
May  7 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10527]: Disconnected from 1.202.223.2 port 56722 [preauth]
May  7 20:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Invalid user kubernetes from 170.64.222.115
May  7 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: input_userauth_request: invalid user kubernetes [preauth]
May  7 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Failed password for invalid user kubernetes from 170.64.222.115 port 60028 ssh2
May  7 20:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Connection closed by 170.64.222.115 port 60028 [preauth]
May  7 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Failed password for root from 170.64.222.115 port 60932 ssh2
May  7 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10571]: Connection closed by 170.64.222.115 port 60932 [preauth]
May  7 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: Invalid user test from 170.64.222.115
May  7 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: input_userauth_request: invalid user test [preauth]
May  7 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: Failed password for invalid user test from 170.64.222.115 port 60946 ssh2
May  7 20:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10586]: Connection closed by 170.64.222.115 port 60946 [preauth]
May  7 20:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: User backup from 170.64.222.115 not allowed because not listed in AllowUsers
May  7 20:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: input_userauth_request: invalid user backup [preauth]
May  7 20:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=backup
May  7 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Failed password for invalid user backup from 170.64.222.115 port 60590 ssh2
May  7 20:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10601]: Connection closed by 170.64.222.115 port 60590 [preauth]
May  7 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: Invalid user stream from 170.64.222.115
May  7 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: input_userauth_request: invalid user stream [preauth]
May  7 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: Failed password for invalid user stream from 170.64.222.115 port 60596 ssh2
May  7 20:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: Connection closed by 170.64.222.115 port 60596 [preauth]
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: Invalid user es from 170.64.222.115
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: input_userauth_request: invalid user es [preauth]
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10648]: pam_unix(cron:session): session closed for user root
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10643]: pam_unix(cron:session): session closed for user p13x
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10757]: Successful su for rubyman by root
May  7 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10757]: + ??? root:rubyman
May  7 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10757]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348785 of user rubyman.
May  7 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10757]: pam_unix(su:session): session closed for user rubyman
May  7 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348785.
May  7 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: Failed password for invalid user es from 170.64.222.115 port 60092 ssh2
May  7 20:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: Connection closed by 170.64.222.115 port 60092 [preauth]
May  7 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10645]: pam_unix(cron:session): session closed for user root
May  7 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user root
May  7 20:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10644]: pam_unix(cron:session): session closed for user samftp
May  7 20:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Failed password for root from 170.64.222.115 port 60094 ssh2
May  7 20:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10939]: Connection closed by 170.64.222.115 port 60094 [preauth]
May  7 20:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Invalid user user from 170.64.222.115
May  7 20:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: input_userauth_request: invalid user user [preauth]
May  7 20:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Failed password for invalid user user from 170.64.222.115 port 53852 ssh2
May  7 20:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10967]: Connection closed by 170.64.222.115 port 53852 [preauth]
May  7 20:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  7 20:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Failed password for root from 170.64.222.115 port 53866 ssh2
May  7 20:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10989]: Connection closed by 170.64.222.115 port 53866 [preauth]
May  7 20:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Invalid user apache from 170.64.222.115
May  7 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: input_userauth_request: invalid user apache [preauth]
May  7 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  7 20:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Failed password for invalid user apache from 170.64.222.115 port 33194 ssh2
May  7 20:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: Connection closed by 170.64.222.115 port 33194 [preauth]
May  7 20:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Invalid user builduser from 1.202.223.2
May  7 20:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: input_userauth_request: invalid user builduser [preauth]
May  7 20:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Failed password for invalid user builduser from 1.202.223.2 port 12393 ssh2
May  7 20:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Received disconnect from 1.202.223.2 port 12393:11: Bye Bye [preauth]
May  7 20:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11025]: Disconnected from 1.202.223.2 port 12393 [preauth]
May  7 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9574]: pam_unix(cron:session): session closed for user root
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11120]: pam_unix(cron:session): session closed for user p13x
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: Successful su for rubyman by root
May  7 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: + ??? root:rubyman
May  7 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348791 of user rubyman.
May  7 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11194]: pam_unix(su:session): session closed for user rubyman
May  7 20:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348791.
May  7 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8058]: pam_unix(cron:session): session closed for user root
May  7 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11121]: pam_unix(cron:session): session closed for user samftp
May  7 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Invalid user abdullah from 1.202.223.2
May  7 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: input_userauth_request: invalid user abdullah [preauth]
May  7 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Failed password for invalid user abdullah from 1.202.223.2 port 28067 ssh2
May  7 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Received disconnect from 1.202.223.2 port 28067:11: Bye Bye [preauth]
May  7 20:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11412]: Disconnected from 1.202.223.2 port 28067 [preauth]
May  7 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session closed for user root
May  7 20:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Invalid user ubnt from 85.208.84.4
May  7 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: input_userauth_request: invalid user ubnt [preauth]
May  7 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 20:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Failed password for invalid user ubnt from 85.208.84.4 port 51422 ssh2
May  7 20:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11496]: Connection closed by 85.208.84.4 port 51422 [preauth]
May  7 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11530]: pam_unix(cron:session): session closed for user p13x
May  7 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: Successful su for rubyman by root
May  7 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: + ??? root:rubyman
May  7 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348795 of user rubyman.
May  7 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11595]: pam_unix(su:session): session closed for user rubyman
May  7 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348795.
May  7 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8557]: pam_unix(cron:session): session closed for user root
May  7 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11531]: pam_unix(cron:session): session closed for user samftp
May  7 20:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Invalid user magda from 1.202.223.2
May  7 20:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: input_userauth_request: invalid user magda [preauth]
May  7 20:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Failed password for invalid user magda from 1.202.223.2 port 43733 ssh2
May  7 20:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Received disconnect from 1.202.223.2 port 43733:11: Bye Bye [preauth]
May  7 20:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Disconnected from 1.202.223.2 port 43733 [preauth]
May  7 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10647]: pam_unix(cron:session): session closed for user root
May  7 20:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11900]: Connection closed by 130.195.4.213 port 40836 [preauth]
May  7 20:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Invalid user shilei from 188.166.223.5
May  7 20:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: input_userauth_request: invalid user shilei [preauth]
May  7 20:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11927]: pam_unix(cron:session): session closed for user p13x
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11986]: Successful su for rubyman by root
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11986]: + ??? root:rubyman
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348799 of user rubyman.
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11986]: pam_unix(su:session): session closed for user rubyman
May  7 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348799.
May  7 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Failed password for invalid user shilei from 188.166.223.5 port 50896 ssh2
May  7 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Received disconnect from 188.166.223.5 port 50896:11: Bye Bye [preauth]
May  7 20:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Disconnected from 188.166.223.5 port 50896 [preauth]
May  7 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9020]: pam_unix(cron:session): session closed for user root
May  7 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11928]: pam_unix(cron:session): session closed for user samftp
May  7 20:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Invalid user nutanix from 1.202.223.2
May  7 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: input_userauth_request: invalid user nutanix [preauth]
May  7 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Failed password for invalid user nutanix from 1.202.223.2 port 59397 ssh2
May  7 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Received disconnect from 1.202.223.2 port 59397:11: Bye Bye [preauth]
May  7 20:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Disconnected from 1.202.223.2 port 59397 [preauth]
May  7 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11123]: pam_unix(cron:session): session closed for user root
May  7 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12326]: pam_unix(cron:session): session closed for user p13x
May  7 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12387]: Successful su for rubyman by root
May  7 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12387]: + ??? root:rubyman
May  7 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348804 of user rubyman.
May  7 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12387]: pam_unix(su:session): session closed for user rubyman
May  7 20:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348804.
May  7 20:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9573]: pam_unix(cron:session): session closed for user root
May  7 20:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Invalid user praveen from 1.202.223.2
May  7 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: input_userauth_request: invalid user praveen [preauth]
May  7 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12327]: pam_unix(cron:session): session closed for user samftp
May  7 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Failed password for invalid user praveen from 1.202.223.2 port 15060 ssh2
May  7 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Received disconnect from 1.202.223.2 port 15060:11: Bye Bye [preauth]
May  7 20:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12547]: Disconnected from 1.202.223.2 port 15060 [preauth]
May  7 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Invalid user cms from 64.23.161.151
May  7 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: input_userauth_request: invalid user cms [preauth]
May  7 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Failed password for invalid user cms from 64.23.161.151 port 40648 ssh2
May  7 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12633]: Connection closed by 64.23.161.151 port 40648 [preauth]
May  7 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11533]: pam_unix(cron:session): session closed for user root
May  7 20:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Invalid user pterodactyl from 1.202.223.2
May  7 20:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user pterodactyl [preauth]
May  7 20:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user pterodactyl from 1.202.223.2 port 30734 ssh2
May  7 20:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Received disconnect from 1.202.223.2 port 30734:11: Bye Bye [preauth]
May  7 20:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Disconnected from 1.202.223.2 port 30734 [preauth]
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12729]: pam_unix(cron:session): session closed for user root
May  7 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session closed for user p13x
May  7 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12790]: Successful su for rubyman by root
May  7 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12790]: + ??? root:rubyman
May  7 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348808 of user rubyman.
May  7 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12790]: pam_unix(su:session): session closed for user rubyman
May  7 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348808.
May  7 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session closed for user root
May  7 20:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session closed for user root
May  7 20:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session closed for user samftp
May  7 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11931]: pam_unix(cron:session): session closed for user root
May  7 20:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Invalid user bigdata from 1.202.223.2
May  7 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: input_userauth_request: invalid user bigdata [preauth]
May  7 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Failed password for invalid user bigdata from 1.202.223.2 port 46386 ssh2
May  7 20:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Received disconnect from 1.202.223.2 port 46386:11: Bye Bye [preauth]
May  7 20:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13119]: Disconnected from 1.202.223.2 port 46386 [preauth]
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13147]: pam_unix(cron:session): session closed for user p13x
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13214]: Successful su for rubyman by root
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13214]: + ??? root:rubyman
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13214]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348813 of user rubyman.
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13214]: pam_unix(su:session): session closed for user rubyman
May  7 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348813.
May  7 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10646]: pam_unix(cron:session): session closed for user root
May  7 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13148]: pam_unix(cron:session): session closed for user samftp
May  7 20:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Invalid user admin from 80.94.95.112
May  7 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: input_userauth_request: invalid user admin [preauth]
May  7 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for invalid user admin from 80.94.95.112 port 21513 ssh2
May  7 20:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for invalid user admin from 80.94.95.112 port 21513 ssh2
May  7 20:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for invalid user admin from 80.94.95.112 port 21513 ssh2
May  7 20:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12329]: pam_unix(cron:session): session closed for user root
May  7 20:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for invalid user admin from 80.94.95.112 port 21513 ssh2
May  7 20:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Failed password for invalid user admin from 80.94.95.112 port 21513 ssh2
May  7 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Received disconnect from 80.94.95.112 port 21513:11: Bye [preauth]
May  7 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: Disconnected from 80.94.95.112 port 21513 [preauth]
May  7 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 20:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13547]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Invalid user nick from 1.202.223.2
May  7 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: input_userauth_request: invalid user nick [preauth]
May  7 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Failed password for invalid user nick from 1.202.223.2 port 62060 ssh2
May  7 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Received disconnect from 1.202.223.2 port 62060:11: Bye Bye [preauth]
May  7 20:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13602]: Disconnected from 1.202.223.2 port 62060 [preauth]
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session closed for user root
May  7 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13654]: pam_unix(cron:session): session closed for user p13x
May  7 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13723]: Successful su for rubyman by root
May  7 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13723]: + ??? root:rubyman
May  7 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348817 of user rubyman.
May  7 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13723]: pam_unix(su:session): session closed for user rubyman
May  7 20:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348817.
May  7 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11122]: pam_unix(cron:session): session closed for user root
May  7 20:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13655]: pam_unix(cron:session): session closed for user samftp
May  7 20:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session closed for user root
May  7 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Invalid user cdl from 1.202.223.2
May  7 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: input_userauth_request: invalid user cdl [preauth]
May  7 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Failed password for invalid user cdl from 1.202.223.2 port 17735 ssh2
May  7 20:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Received disconnect from 1.202.223.2 port 17735:11: Bye Bye [preauth]
May  7 20:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13981]: Disconnected from 1.202.223.2 port 17735 [preauth]
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14063]: pam_unix(cron:session): session closed for user p13x
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14128]: Successful su for rubyman by root
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14128]: + ??? root:rubyman
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348822 of user rubyman.
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14128]: pam_unix(su:session): session closed for user rubyman
May  7 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348822.
May  7 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11532]: pam_unix(cron:session): session closed for user root
May  7 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14064]: pam_unix(cron:session): session closed for user samftp
May  7 20:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Invalid user cui from 188.166.223.5
May  7 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: input_userauth_request: invalid user cui [preauth]
May  7 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5
May  7 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Failed password for invalid user cui from 188.166.223.5 port 47638 ssh2
May  7 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Received disconnect from 188.166.223.5 port 47638:11: Bye Bye [preauth]
May  7 20:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14346]: Disconnected from 188.166.223.5 port 47638 [preauth]
May  7 20:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2  user=root
May  7 20:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Failed password for root from 1.202.223.2 port 33405 ssh2
May  7 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Received disconnect from 1.202.223.2 port 33405:11: Bye Bye [preauth]
May  7 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Disconnected from 1.202.223.2 port 33405 [preauth]
May  7 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13150]: pam_unix(cron:session): session closed for user root
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14466]: pam_unix(cron:session): session closed for user p13x
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: Successful su for rubyman by root
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: + ??? root:rubyman
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348826 of user rubyman.
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14533]: pam_unix(su:session): session closed for user rubyman
May  7 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348826.
May  7 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11929]: pam_unix(cron:session): session closed for user root
May  7 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14467]: pam_unix(cron:session): session closed for user samftp
May  7 20:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: Invalid user liang from 1.202.223.2
May  7 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: input_userauth_request: invalid user liang [preauth]
May  7 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: Failed password for invalid user liang from 1.202.223.2 port 49071 ssh2
May  7 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: Received disconnect from 1.202.223.2 port 49071:11: Bye Bye [preauth]
May  7 20:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14776]: Disconnected from 1.202.223.2 port 49071 [preauth]
May  7 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13657]: pam_unix(cron:session): session closed for user root
May  7 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Invalid user admin from 80.94.95.241
May  7 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: input_userauth_request: invalid user admin [preauth]
May  7 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user admin from 80.94.95.241 port 42824 ssh2
May  7 20:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user admin from 80.94.95.241 port 42824 ssh2
May  7 20:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user admin from 80.94.95.241 port 42824 ssh2
May  7 20:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user admin from 80.94.95.241 port 42824 ssh2
May  7 20:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user admin from 80.94.95.241 port 42824 ssh2
May  7 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Received disconnect from 80.94.95.241 port 42824:11: Bye [preauth]
May  7 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Disconnected from 80.94.95.241 port 42824 [preauth]
May  7 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 20:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14879]: pam_unix(cron:session): session closed for user root
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session closed for user p13x
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14955]: Successful su for rubyman by root
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14955]: + ??? root:rubyman
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348831 of user rubyman.
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14955]: pam_unix(su:session): session closed for user rubyman
May  7 20:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348831.
May  7 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14875]: pam_unix(cron:session): session closed for user root
May  7 20:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12328]: pam_unix(cron:session): session closed for user root
May  7 20:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session closed for user samftp
May  7 20:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2  user=root
May  7 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Failed password for root from 1.202.223.2 port 64731 ssh2
May  7 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Received disconnect from 1.202.223.2 port 64731:11: Bye Bye [preauth]
May  7 20:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Disconnected from 1.202.223.2 port 64731 [preauth]
May  7 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14066]: pam_unix(cron:session): session closed for user root
May  7 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session closed for user p13x
May  7 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: Successful su for rubyman by root
May  7 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: + ??? root:rubyman
May  7 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348837 of user rubyman.
May  7 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15378]: pam_unix(su:session): session closed for user rubyman
May  7 20:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348837.
May  7 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session closed for user root
May  7 20:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session closed for user samftp
May  7 20:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Invalid user eli from 1.202.223.2
May  7 20:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: input_userauth_request: invalid user eli [preauth]
May  7 20:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Failed password for invalid user eli from 1.202.223.2 port 20408 ssh2
May  7 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Received disconnect from 1.202.223.2 port 20408:11: Bye Bye [preauth]
May  7 20:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15587]: Disconnected from 1.202.223.2 port 20408 [preauth]
May  7 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session closed for user root
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user p13x
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: Successful su for rubyman by root
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: + ??? root:rubyman
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348842 of user rubyman.
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15766]: pam_unix(su:session): session closed for user rubyman
May  7 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348842.
May  7 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13149]: pam_unix(cron:session): session closed for user root
May  7 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user samftp
May  7 20:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: Invalid user vhserver from 1.202.223.2
May  7 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: input_userauth_request: invalid user vhserver [preauth]
May  7 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: Failed password for invalid user vhserver from 1.202.223.2 port 36076 ssh2
May  7 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: Received disconnect from 1.202.223.2 port 36076:11: Bye Bye [preauth]
May  7 20:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15960]: Disconnected from 1.202.223.2 port 36076 [preauth]
May  7 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14877]: pam_unix(cron:session): session closed for user root
May  7 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Invalid user andrew from 64.23.161.151
May  7 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: input_userauth_request: invalid user andrew [preauth]
May  7 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Failed password for invalid user andrew from 64.23.161.151 port 46494 ssh2
May  7 20:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16074]: Connection closed by 64.23.161.151 port 46494 [preauth]
May  7 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16104]: pam_unix(cron:session): session closed for user p13x
May  7 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16163]: Successful su for rubyman by root
May  7 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16163]: + ??? root:rubyman
May  7 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348844 of user rubyman.
May  7 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16163]: pam_unix(su:session): session closed for user rubyman
May  7 20:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348844.
May  7 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13656]: pam_unix(cron:session): session closed for user root
May  7 20:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Invalid user nk from 1.202.223.2
May  7 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: input_userauth_request: invalid user nk [preauth]
May  7 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session closed for user samftp
May  7 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Failed password for invalid user nk from 1.202.223.2 port 51732 ssh2
May  7 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Received disconnect from 1.202.223.2 port 51732:11: Bye Bye [preauth]
May  7 20:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16319]: Disconnected from 1.202.223.2 port 51732 [preauth]
May  7 20:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15313]: pam_unix(cron:session): session closed for user root
May  7 20:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 20:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Failed password for root from 188.166.223.5 port 54452 ssh2
May  7 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Received disconnect from 188.166.223.5 port 54452:11: Bye Bye [preauth]
May  7 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16438]: Disconnected from 188.166.223.5 port 54452 [preauth]
May  7 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: User sshd from 85.208.84.5 not allowed because not listed in AllowUsers
May  7 20:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: input_userauth_request: invalid user sshd [preauth]
May  7 20:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Failed none for invalid user sshd from 85.208.84.5 port 40878 ssh2
May  7 20:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Connection closed by 85.208.84.5 port 40878 [preauth]
May  7 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user p13x
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: Successful su for rubyman by root
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: + ??? root:rubyman
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348848 of user rubyman.
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session closed for user rubyman
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348848.
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Invalid user public from 1.202.223.2
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: input_userauth_request: invalid user public [preauth]
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.202.223.2
May  7 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14065]: pam_unix(cron:session): session closed for user root
May  7 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Failed password for invalid user public from 1.202.223.2 port 7397 ssh2
May  7 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Received disconnect from 1.202.223.2 port 7397:11: Bye Bye [preauth]
May  7 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16580]: Disconnected from 1.202.223.2 port 7397 [preauth]
May  7 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user samftp
May  7 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15708]: pam_unix(cron:session): session closed for user root
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session closed for user root
May  7 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16974]: pam_unix(cron:session): session closed for user p13x
May  7 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: Successful su for rubyman by root
May  7 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: + ??? root:rubyman
May  7 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348853 of user rubyman.
May  7 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17043]: pam_unix(su:session): session closed for user rubyman
May  7 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348853.
May  7 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16976]: pam_unix(cron:session): session closed for user root
May  7 20:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session closed for user root
May  7 20:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16975]: pam_unix(cron:session): session closed for user samftp
May  7 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16107]: pam_unix(cron:session): session closed for user root
May  7 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17402]: pam_unix(cron:session): session closed for user p13x
May  7 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17473]: Successful su for rubyman by root
May  7 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17473]: + ??? root:rubyman
May  7 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348858 of user rubyman.
May  7 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17473]: pam_unix(su:session): session closed for user rubyman
May  7 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348858.
May  7 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14876]: pam_unix(cron:session): session closed for user root
May  7 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17403]: pam_unix(cron:session): session closed for user samftp
May  7 20:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session closed for user root
May  7 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17939]: pam_unix(cron:session): session closed for user p13x
May  7 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: Successful su for rubyman by root
May  7 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: + ??? root:rubyman
May  7 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348863 of user rubyman.
May  7 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18004]: pam_unix(su:session): session closed for user rubyman
May  7 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348863.
May  7 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15312]: pam_unix(cron:session): session closed for user root
May  7 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17940]: pam_unix(cron:session): session closed for user samftp
May  7 20:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session closed for user root
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session closed for user p13x
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: Successful su for rubyman by root
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: + ??? root:rubyman
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348866 of user rubyman.
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18418]: pam_unix(su:session): session closed for user rubyman
May  7 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348866.
May  7 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user root
May  7 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session closed for user samftp
May  7 20:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 20:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Failed password for root from 218.92.0.206 port 26082 ssh2
May  7 20:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Failed password for root from 218.92.0.206 port 26082 ssh2
May  7 20:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17405]: pam_unix(cron:session): session closed for user root
May  7 20:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Failed password for root from 218.92.0.206 port 26082 ssh2
May  7 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 26082 ssh2]
May  7 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 26082 ssh2 [preauth]
May  7 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: Disconnecting: Too many authentication failures [preauth]
May  7 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 20:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18654]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 20:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for root from 80.94.95.125 port 50114 ssh2
May  7 20:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for root from 80.94.95.125 port 50114 ssh2
May  7 20:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Failed password for root from 80.94.95.125 port 50114 ssh2
May  7 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 50114 ssh2]
May  7 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Received disconnect from 80.94.95.125 port 50114:11: Bye [preauth]
May  7 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: Disconnected from 80.94.95.125 port 50114 [preauth]
May  7 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18736]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session closed for user p13x
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18831]: Successful su for rubyman by root
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18831]: + ??? root:rubyman
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348870 of user rubyman.
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18831]: pam_unix(su:session): session closed for user rubyman
May  7 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348870.
May  7 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.223.5  user=root
May  7 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16106]: pam_unix(cron:session): session closed for user root
May  7 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Failed password for root from 188.166.223.5 port 58442 ssh2
May  7 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Received disconnect from 188.166.223.5 port 58442:11: Bye Bye [preauth]
May  7 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18818]: Disconnected from 188.166.223.5 port 58442 [preauth]
May  7 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session closed for user samftp
May  7 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17942]: pam_unix(cron:session): session closed for user root
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user root
May  7 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19192]: pam_unix(cron:session): session closed for user p13x
May  7 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19271]: Successful su for rubyman by root
May  7 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19271]: + ??? root:rubyman
May  7 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19271]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348876 of user rubyman.
May  7 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19271]: pam_unix(su:session): session closed for user rubyman
May  7 20:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348876.
May  7 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19194]: pam_unix(cron:session): session closed for user root
May  7 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user root
May  7 20:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19193]: pam_unix(cron:session): session closed for user samftp
May  7 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18351]: pam_unix(cron:session): session closed for user root
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19643]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19642]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19642]: pam_unix(cron:session): session closed for user p13x
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: Successful su for rubyman by root
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: + ??? root:rubyman
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348880 of user rubyman.
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19717]: pam_unix(su:session): session closed for user rubyman
May  7 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348880.
May  7 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Invalid user michael from 64.23.161.151
May  7 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: input_userauth_request: invalid user michael [preauth]
May  7 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Failed password for invalid user michael from 64.23.161.151 port 49742 ssh2
May  7 20:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19744]: Connection closed by 64.23.161.151 port 49742 [preauth]
May  7 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session closed for user root
May  7 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19643]: pam_unix(cron:session): session closed for user samftp
May  7 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18766]: pam_unix(cron:session): session closed for user root
May  7 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Invalid user admin from 80.94.95.116
May  7 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: input_userauth_request: invalid user admin [preauth]
May  7 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Failed password for invalid user admin from 80.94.95.116 port 15762 ssh2
May  7 20:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20049]: Connection closed by 80.94.95.116 port 15762 [preauth]
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20063]: pam_unix(cron:session): session closed for user p13x
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20126]: Successful su for rubyman by root
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20126]: + ??? root:rubyman
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20126]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348886 of user rubyman.
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20126]: pam_unix(su:session): session closed for user rubyman
May  7 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348886.
May  7 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17404]: pam_unix(cron:session): session closed for user root
May  7 20:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20066]: pam_unix(cron:session): session closed for user samftp
May  7 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19196]: pam_unix(cron:session): session closed for user root
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session closed for user p13x
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20526]: Successful su for rubyman by root
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20526]: + ??? root:rubyman
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348889 of user rubyman.
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20526]: pam_unix(su:session): session closed for user rubyman
May  7 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348889.
May  7 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17941]: pam_unix(cron:session): session closed for user root
May  7 20:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20457]: pam_unix(cron:session): session closed for user samftp
May  7 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19647]: pam_unix(cron:session): session closed for user root
May  7 20:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55  user=root
May  7 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Failed password for root from 106.75.135.55 port 37928 ssh2
May  7 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Received disconnect from 106.75.135.55 port 37928:11: Bye Bye [preauth]
May  7 20:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20842]: Disconnected from 106.75.135.55 port 37928 [preauth]
May  7 20:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Invalid user elearn from 151.46.210.230
May  7 20:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: input_userauth_request: invalid user elearn [preauth]
May  7 20:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 20:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Failed password for invalid user elearn from 151.46.210.230 port 31648 ssh2
May  7 20:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Received disconnect from 151.46.210.230 port 31648:11: Bye Bye [preauth]
May  7 20:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Disconnected from 151.46.210.230 port 31648 [preauth]
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user p13x
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: Successful su for rubyman by root
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: + ??? root:rubyman
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348893 of user rubyman.
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20948]: pam_unix(su:session): session closed for user rubyman
May  7 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348893.
May  7 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user root
May  7 20:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session closed for user samftp
May  7 20:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20068]: pam_unix(cron:session): session closed for user root
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21324]: pam_unix(cron:session): session closed for user root
May  7 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21317]: pam_unix(cron:session): session closed for user p13x
May  7 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: Successful su for rubyman by root
May  7 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: + ??? root:rubyman
May  7 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348900 of user rubyman.
May  7 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21387]: pam_unix(su:session): session closed for user rubyman
May  7 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348900.
May  7 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session closed for user root
May  7 20:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18763]: pam_unix(cron:session): session closed for user root
May  7 20:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session closed for user samftp
May  7 20:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: Failed password for root from 218.92.0.179 port 58174 ssh2
May  7 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session closed for user root
May  7 20:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: Failed password for root from 218.92.0.179 port 58174 ssh2
May  7 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: Failed password for root from 218.92.0.179 port 58174 ssh2
May  7 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: Received disconnect from 218.92.0.179 port 58174:11:  [preauth]
May  7 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: Disconnected from 218.92.0.179 port 58174 [preauth]
May  7 20:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21687]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Invalid user kocom from 180.142.104.33
May  7 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: input_userauth_request: invalid user kocom [preauth]
May  7 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for invalid user kocom from 180.142.104.33 port 41946 ssh2
May  7 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Received disconnect from 180.142.104.33 port 41946:11: Bye Bye [preauth]
May  7 20:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Disconnected from 180.142.104.33 port 41946 [preauth]
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21896]: pam_unix(cron:session): session closed for user p13x
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22139]: Successful su for rubyman by root
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22139]: + ??? root:rubyman
May  7 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348902 of user rubyman.
May  7 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22139]: pam_unix(su:session): session closed for user rubyman
May  7 20:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348902.
May  7 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19195]: pam_unix(cron:session): session closed for user root
May  7 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21897]: pam_unix(cron:session): session closed for user samftp
May  7 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20891]: pam_unix(cron:session): session closed for user root
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22543]: pam_unix(cron:session): session closed for user p13x
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: Successful su for rubyman by root
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: + ??? root:rubyman
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348906 of user rubyman.
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22607]: pam_unix(su:session): session closed for user rubyman
May  7 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348906.
May  7 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19646]: pam_unix(cron:session): session closed for user root
May  7 20:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22544]: pam_unix(cron:session): session closed for user samftp
May  7 20:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21322]: pam_unix(cron:session): session closed for user root
May  7 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23013]: pam_unix(cron:session): session closed for user p13x
May  7 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: Successful su for rubyman by root
May  7 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: + ??? root:rubyman
May  7 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348911 of user rubyman.
May  7 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23072]: pam_unix(su:session): session closed for user rubyman
May  7 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348911.
May  7 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20067]: pam_unix(cron:session): session closed for user root
May  7 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23014]: pam_unix(cron:session): session closed for user samftp
May  7 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22014]: pam_unix(cron:session): session closed for user root
May  7 20:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Invalid user s3 from 151.46.210.230
May  7 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: input_userauth_request: invalid user s3 [preauth]
May  7 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 20:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Failed password for invalid user s3 from 151.46.210.230 port 31608 ssh2
May  7 20:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Received disconnect from 151.46.210.230 port 31608:11: Bye Bye [preauth]
May  7 20:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23499]: Disconnected from 151.46.210.230 port 31608 [preauth]
May  7 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23513]: pam_unix(cron:session): session closed for user p13x
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: Successful su for rubyman by root
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: + ??? root:rubyman
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348915 of user rubyman.
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23637]: pam_unix(su:session): session closed for user rubyman
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348915.
May  7 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session closed for user root
May  7 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session closed for user root
May  7 20:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23514]: pam_unix(cron:session): session closed for user samftp
May  7 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Invalid user michael from 64.23.161.151
May  7 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: input_userauth_request: invalid user michael [preauth]
May  7 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Failed password for invalid user michael from 64.23.161.151 port 48548 ssh2
May  7 20:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Connection closed by 64.23.161.151 port 48548 [preauth]
May  7 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22547]: pam_unix(cron:session): session closed for user root
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24125]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24124]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24124]: pam_unix(cron:session): session closed for user p13x
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24199]: Successful su for rubyman by root
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24199]: + ??? root:rubyman
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348923 of user rubyman.
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24199]: pam_unix(su:session): session closed for user rubyman
May  7 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348923.
May  7 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user root
May  7 20:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session closed for user root
May  7 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24125]: pam_unix(cron:session): session closed for user samftp
May  7 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23016]: pam_unix(cron:session): session closed for user root
May  7 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Failed password for root from 218.92.0.179 port 54441 ssh2
May  7 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Failed password for root from 218.92.0.179 port 54441 ssh2
May  7 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24602]: pam_unix(cron:session): session closed for user p13x
May  7 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: Successful su for rubyman by root
May  7 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: + ??? root:rubyman
May  7 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348925 of user rubyman.
May  7 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24673]: pam_unix(su:session): session closed for user rubyman
May  7 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348925.
May  7 20:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Failed password for root from 218.92.0.179 port 54441 ssh2
May  7 20:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Received disconnect from 218.92.0.179 port 54441:11:  [preauth]
May  7 20:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: Disconnected from 218.92.0.179 port 54441 [preauth]
May  7 20:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24589]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21321]: pam_unix(cron:session): session closed for user root
May  7 20:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24604]: pam_unix(cron:session): session closed for user samftp
May  7 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session closed for user root
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25029]: pam_unix(cron:session): session closed for user p13x
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25089]: Successful su for rubyman by root
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25089]: + ??? root:rubyman
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348930 of user rubyman.
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25089]: pam_unix(su:session): session closed for user rubyman
May  7 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348930.
May  7 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21898]: pam_unix(cron:session): session closed for user root
May  7 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25030]: pam_unix(cron:session): session closed for user samftp
May  7 20:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: Failed password for root from 218.92.0.179 port 32851 ssh2
May  7 20:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32851 ssh2]
May  7 20:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: Received disconnect from 218.92.0.179 port 32851:11:  [preauth]
May  7 20:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: Disconnected from 218.92.0.179 port 32851 [preauth]
May  7 20:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user root
May  7 20:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Invalid user raul from 151.46.210.230
May  7 20:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: input_userauth_request: invalid user raul [preauth]
May  7 20:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Failed password for invalid user raul from 151.46.210.230 port 31368 ssh2
May  7 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Received disconnect from 151.46.210.230 port 31368:11: Bye Bye [preauth]
May  7 20:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25414]: Disconnected from 151.46.210.230 port 31368 [preauth]
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session closed for user p13x
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: Successful su for rubyman by root
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: + ??? root:rubyman
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348934 of user rubyman.
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25501]: pam_unix(su:session): session closed for user rubyman
May  7 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348934.
May  7 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22545]: pam_unix(cron:session): session closed for user root
May  7 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25443]: pam_unix(cron:session): session closed for user samftp
May  7 20:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 20:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Failed password for root from 218.92.0.206 port 13898 ssh2
May  7 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 13898 ssh2]
May  7 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 13898 ssh2 [preauth]
May  7 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Disconnecting: Too many authentication failures [preauth]
May  7 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  7 20:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  7 20:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: Failed password for root from 80.94.95.116 port 21212 ssh2
May  7 20:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25815]: Connection closed by 80.94.95.116 port 21212 [preauth]
May  7 20:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24606]: pam_unix(cron:session): session closed for user root
May  7 20:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  7 20:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: Failed password for root from 50.235.31.47 port 52916 ssh2
May  7 20:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25896]: Connection closed by 50.235.31.47 port 52916 [preauth]
May  7 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25936]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25936]: pam_unix(cron:session): session closed for user p13x
May  7 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26003]: Successful su for rubyman by root
May  7 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26003]: + ??? root:rubyman
May  7 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348937 of user rubyman.
May  7 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26003]: pam_unix(su:session): session closed for user rubyman
May  7 20:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348937.
May  7 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23015]: pam_unix(cron:session): session closed for user root
May  7 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25937]: pam_unix(cron:session): session closed for user samftp
May  7 20:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: Invalid user admin from 193.70.84.184
May  7 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: input_userauth_request: invalid user admin [preauth]
May  7 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  7 20:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: Failed password for invalid user admin from 193.70.84.184 port 36350 ssh2
May  7 20:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: Connection closed by 193.70.84.184 port 36350 [preauth]
May  7 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25032]: pam_unix(cron:session): session closed for user root
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26344]: pam_unix(cron:session): session closed for user root
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26339]: pam_unix(cron:session): session closed for user p13x
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: Successful su for rubyman by root
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: + ??? root:rubyman
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348942 of user rubyman.
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26408]: pam_unix(su:session): session closed for user rubyman
May  7 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348942.
May  7 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26341]: pam_unix(cron:session): session closed for user root
May  7 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session closed for user root
May  7 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26340]: pam_unix(cron:session): session closed for user samftp
May  7 20:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25445]: pam_unix(cron:session): session closed for user root
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26850]: pam_unix(cron:session): session closed for user p13x
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26951]: Successful su for rubyman by root
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26951]: + ??? root:rubyman
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26951]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348948 of user rubyman.
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26951]: pam_unix(su:session): session closed for user rubyman
May  7 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348948.
May  7 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user root
May  7 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26851]: pam_unix(cron:session): session closed for user samftp
May  7 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25939]: pam_unix(cron:session): session closed for user root
May  7 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27351]: pam_unix(cron:session): session closed for user p13x
May  7 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: Successful su for rubyman by root
May  7 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: + ??? root:rubyman
May  7 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348952 of user rubyman.
May  7 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27449]: pam_unix(su:session): session closed for user rubyman
May  7 20:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348952.
May  7 20:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24605]: pam_unix(cron:session): session closed for user root
May  7 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27352]: pam_unix(cron:session): session closed for user samftp
May  7 20:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 20:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Failed password for root from 190.103.202.7 port 32826 ssh2
May  7 20:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27699]: Connection closed by 190.103.202.7 port 32826 [preauth]
May  7 20:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: Failed password for root from 218.92.0.179 port 48036 ssh2
May  7 20:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: Failed password for root from 218.92.0.179 port 48036 ssh2
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Invalid user derek from 64.23.161.151
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: input_userauth_request: invalid user derek [preauth]
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: Failed password for root from 218.92.0.179 port 48036 ssh2
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: Received disconnect from 218.92.0.179 port 48036:11:  [preauth]
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: Disconnected from 218.92.0.179 port 48036 [preauth]
May  7 20:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27714]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26343]: pam_unix(cron:session): session closed for user root
May  7 20:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Failed password for invalid user derek from 64.23.161.151 port 50946 ssh2
May  7 20:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Connection closed by 64.23.161.151 port 50946 [preauth]
May  7 20:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Invalid user andrea from 180.142.104.33
May  7 20:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: input_userauth_request: invalid user andrea [preauth]
May  7 20:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Failed password for invalid user andrea from 180.142.104.33 port 36866 ssh2
May  7 20:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Received disconnect from 180.142.104.33 port 36866:11: Bye Bye [preauth]
May  7 20:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27804]: Disconnected from 180.142.104.33 port 36866 [preauth]
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session closed for user p13x
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: Successful su for rubyman by root
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: + ??? root:rubyman
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348956 of user rubyman.
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27884]: pam_unix(su:session): session closed for user rubyman
May  7 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348956.
May  7 20:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Invalid user sysadmin from 164.68.105.9
May  7 20:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: input_userauth_request: invalid user sysadmin [preauth]
May  7 20:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25031]: pam_unix(cron:session): session closed for user root
May  7 20:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Failed password for invalid user sysadmin from 164.68.105.9 port 52074 ssh2
May  7 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27958]: Connection closed by 164.68.105.9 port 52074 [preauth]
May  7 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session closed for user samftp
May  7 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26854]: pam_unix(cron:session): session closed for user root
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28223]: pam_unix(cron:session): session closed for user p13x
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: Successful su for rubyman by root
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: + ??? root:rubyman
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348959 of user rubyman.
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28285]: pam_unix(su:session): session closed for user rubyman
May  7 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348959.
May  7 20:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25444]: pam_unix(cron:session): session closed for user root
May  7 20:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28224]: pam_unix(cron:session): session closed for user samftp
May  7 20:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Invalid user admin from 80.94.95.112
May  7 20:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: input_userauth_request: invalid user admin [preauth]
May  7 20:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Failed password for invalid user admin from 80.94.95.112 port 52607 ssh2
May  7 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27358]: pam_unix(cron:session): session closed for user root
May  7 20:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Failed password for invalid user admin from 80.94.95.112 port 52607 ssh2
May  7 20:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Failed password for invalid user admin from 80.94.95.112 port 52607 ssh2
May  7 20:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Failed password for invalid user admin from 80.94.95.112 port 52607 ssh2
May  7 20:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Failed password for invalid user admin from 80.94.95.112 port 52607 ssh2
May  7 20:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Received disconnect from 80.94.95.112 port 52607:11: Bye [preauth]
May  7 20:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: Disconnected from 80.94.95.112 port 52607 [preauth]
May  7 20:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 20:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28547]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: Invalid user kamal from 180.142.104.33
May  7 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: input_userauth_request: invalid user kamal [preauth]
May  7 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: Failed password for invalid user kamal from 180.142.104.33 port 41482 ssh2
May  7 20:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: Received disconnect from 180.142.104.33 port 41482:11: Bye Bye [preauth]
May  7 20:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28609]: Disconnected from 180.142.104.33 port 41482 [preauth]
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28641]: pam_unix(cron:session): session closed for user root
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session closed for user p13x
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28705]: Successful su for rubyman by root
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28705]: + ??? root:rubyman
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348966 of user rubyman.
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28705]: pam_unix(su:session): session closed for user rubyman
May  7 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348966.
May  7 20:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28638]: pam_unix(cron:session): session closed for user root
May  7 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25938]: pam_unix(cron:session): session closed for user root
May  7 20:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28637]: pam_unix(cron:session): session closed for user samftp
May  7 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27819]: pam_unix(cron:session): session closed for user root
May  7 20:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Invalid user xr from 151.46.210.230
May  7 20:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: input_userauth_request: invalid user xr [preauth]
May  7 20:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 20:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Failed password for invalid user xr from 151.46.210.230 port 31553 ssh2
May  7 20:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Received disconnect from 151.46.210.230 port 31553:11: Bye Bye [preauth]
May  7 20:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29143]: Disconnected from 151.46.210.230 port 31553 [preauth]
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session closed for user p13x
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: Successful su for rubyman by root
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: + ??? root:rubyman
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348969 of user rubyman.
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29235]: pam_unix(su:session): session closed for user rubyman
May  7 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348969.
May  7 20:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26342]: pam_unix(cron:session): session closed for user root
May  7 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29165]: pam_unix(cron:session): session closed for user samftp
May  7 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28228]: pam_unix(cron:session): session closed for user root
May  7 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Invalid user nicole from 180.142.104.33
May  7 20:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: input_userauth_request: invalid user nicole [preauth]
May  7 20:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Failed password for invalid user nicole from 180.142.104.33 port 46082 ssh2
May  7 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Received disconnect from 180.142.104.33 port 46082:11: Bye Bye [preauth]
May  7 20:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29564]: Disconnected from 180.142.104.33 port 46082 [preauth]
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user p13x
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: Successful su for rubyman by root
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: + ??? root:rubyman
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348973 of user rubyman.
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29647]: pam_unix(su:session): session closed for user rubyman
May  7 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348973.
May  7 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26852]: pam_unix(cron:session): session closed for user root
May  7 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session closed for user samftp
May  7 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Invalid user admin from 80.94.95.241
May  7 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: input_userauth_request: invalid user admin [preauth]
May  7 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 20:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for invalid user admin from 80.94.95.241 port 18895 ssh2
May  7 20:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for invalid user admin from 80.94.95.241 port 18895 ssh2
May  7 20:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for invalid user admin from 80.94.95.241 port 18895 ssh2
May  7 20:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for invalid user admin from 80.94.95.241 port 18895 ssh2
May  7 20:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Failed password for invalid user admin from 80.94.95.241 port 18895 ssh2
May  7 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Received disconnect from 80.94.95.241 port 18895:11: Bye [preauth]
May  7 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: Disconnected from 80.94.95.241 port 18895 [preauth]
May  7 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 20:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29835]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28640]: pam_unix(cron:session): session closed for user root
May  7 20:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Failed password for root from 218.92.0.179 port 61487 ssh2
May  7 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61487 ssh2]
May  7 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Received disconnect from 218.92.0.179 port 61487:11:  [preauth]
May  7 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: Disconnected from 218.92.0.179 port 61487 [preauth]
May  7 20:52:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29948]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230  user=root
May  7 20:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Failed password for root from 151.46.210.230 port 31962 ssh2
May  7 20:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Received disconnect from 151.46.210.230 port 31962:11: Bye Bye [preauth]
May  7 20:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29982]: Disconnected from 151.46.210.230 port 31962 [preauth]
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29994]: pam_unix(cron:session): session closed for user p13x
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30061]: Successful su for rubyman by root
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30061]: + ??? root:rubyman
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348979 of user rubyman.
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30061]: pam_unix(su:session): session closed for user rubyman
May  7 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348979.
May  7 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27353]: pam_unix(cron:session): session closed for user root
May  7 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29995]: pam_unix(cron:session): session closed for user samftp
May  7 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29167]: pam_unix(cron:session): session closed for user root
May  7 20:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33  user=root
May  7 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: Failed password for root from 180.142.104.33 port 50688 ssh2
May  7 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: Received disconnect from 180.142.104.33 port 50688:11: Bye Bye [preauth]
May  7 20:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30334]: Disconnected from 180.142.104.33 port 50688 [preauth]
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30394]: pam_unix(cron:session): session closed for user p13x
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30458]: Successful su for rubyman by root
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30458]: + ??? root:rubyman
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348981 of user rubyman.
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30458]: pam_unix(su:session): session closed for user rubyman
May  7 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348981.
May  7 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session closed for user root
May  7 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30395]: pam_unix(cron:session): session closed for user samftp
May  7 20:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Invalid user odoo17 from 106.75.135.55
May  7 20:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: input_userauth_request: invalid user odoo17 [preauth]
May  7 20:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 20:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Failed password for invalid user odoo17 from 106.75.135.55 port 46396 ssh2
May  7 20:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Received disconnect from 106.75.135.55 port 46396:11: Bye Bye [preauth]
May  7 20:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30668]: Disconnected from 106.75.135.55 port 46396 [preauth]
May  7 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29589]: pam_unix(cron:session): session closed for user root
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30792]: pam_unix(cron:session): session closed for user root
May  7 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30787]: pam_unix(cron:session): session closed for user p13x
May  7 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30857]: Successful su for rubyman by root
May  7 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30857]: + ??? root:rubyman
May  7 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348986 of user rubyman.
May  7 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30857]: pam_unix(su:session): session closed for user rubyman
May  7 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348986.
May  7 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28225]: pam_unix(cron:session): session closed for user root
May  7 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30789]: pam_unix(cron:session): session closed for user root
May  7 20:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30788]: pam_unix(cron:session): session closed for user samftp
May  7 20:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Invalid user arpan from 180.142.104.33
May  7 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: input_userauth_request: invalid user arpan [preauth]
May  7 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Failed password for invalid user arpan from 180.142.104.33 port 55314 ssh2
May  7 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Received disconnect from 180.142.104.33 port 55314:11: Bye Bye [preauth]
May  7 20:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31226]: Disconnected from 180.142.104.33 port 55314 [preauth]
May  7 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29997]: pam_unix(cron:session): session closed for user root
May  7 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Invalid user  from 143.110.233.145
May  7 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: input_userauth_request: invalid user  [preauth]
May  7 20:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31243]: Connection closed by 143.110.233.145 port 37034 [preauth]
May  7 20:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Failed password for root from 218.92.0.179 port 36527 ssh2
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36527 ssh2]
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Received disconnect from 218.92.0.179 port 36527:11:  [preauth]
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: Disconnected from 218.92.0.179 port 36527 [preauth]
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31271]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Invalid user ceaser from 64.23.161.151
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: input_userauth_request: invalid user ceaser [preauth]
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.23.161.151
May  7 20:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Failed password for invalid user ceaser from 64.23.161.151 port 45660 ssh2
May  7 20:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31309]: Connection closed by 64.23.161.151 port 45660 [preauth]
May  7 20:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 20:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31311]: Failed password for root from 194.0.234.19 port 34754 ssh2
May  7 20:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31311]: Connection closed by 194.0.234.19 port 34754 [preauth]
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31330]: pam_unix(cron:session): session closed for user p13x
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: Successful su for rubyman by root
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: + ??? root:rubyman
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348991 of user rubyman.
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31398]: pam_unix(su:session): session closed for user rubyman
May  7 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348991.
May  7 20:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28639]: pam_unix(cron:session): session closed for user root
May  7 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31331]: pam_unix(cron:session): session closed for user samftp
May  7 20:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Invalid user elearn from 106.75.135.55
May  7 20:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: input_userauth_request: invalid user elearn [preauth]
May  7 20:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 20:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Failed password for invalid user elearn from 106.75.135.55 port 48790 ssh2
May  7 20:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Received disconnect from 106.75.135.55 port 48790:11: Bye Bye [preauth]
May  7 20:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31660]: Disconnected from 106.75.135.55 port 48790 [preauth]
May  7 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30397]: pam_unix(cron:session): session closed for user root
May  7 20:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230  user=root
May  7 20:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Failed password for root from 151.46.210.230 port 31207 ssh2
May  7 20:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Received disconnect from 151.46.210.230 port 31207:11: Bye Bye [preauth]
May  7 20:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31755]: Disconnected from 151.46.210.230 port 31207 [preauth]
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31768]: pam_unix(cron:session): session closed for user p13x
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31830]: Successful su for rubyman by root
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31830]: + ??? root:rubyman
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348995 of user rubyman.
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31830]: pam_unix(su:session): session closed for user rubyman
May  7 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348995.
May  7 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29166]: pam_unix(cron:session): session closed for user root
May  7 20:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31769]: pam_unix(cron:session): session closed for user samftp
May  7 20:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Invalid user nfsuser from 180.142.104.33
May  7 20:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: input_userauth_request: invalid user nfsuser [preauth]
May  7 20:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Failed password for invalid user nfsuser from 180.142.104.33 port 59920 ssh2
May  7 20:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Received disconnect from 180.142.104.33 port 59920:11: Bye Bye [preauth]
May  7 20:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32355]: Disconnected from 180.142.104.33 port 59920 [preauth]
May  7 20:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30791]: pam_unix(cron:session): session closed for user root
May  7 20:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 20:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for root from 218.92.0.210 port 43502 ssh2
May  7 20:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for root from 218.92.0.210 port 43502 ssh2
May  7 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session closed for user p13x
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32557]: Successful su for rubyman by root
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32557]: + ??? root:rubyman
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32557]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 348999 of user rubyman.
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32557]: pam_unix(su:session): session closed for user rubyman
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 348999.
May  7 20:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for root from 218.92.0.210 port 43502 ssh2
May  7 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29588]: pam_unix(cron:session): session closed for user root
May  7 20:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for root from 218.92.0.210 port 43502 ssh2
May  7 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user samftp
May  7 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Failed password for root from 218.92.0.210 port 43502 ssh2
May  7 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 43502 ssh2 [preauth]
May  7 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: Disconnecting: Too many authentication failures [preauth]
May  7 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 20:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32468]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 20:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 20:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: Failed password for root from 218.92.0.210 port 27120 ssh2
May  7 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: message repeated 5 times: [ Failed password for root from 218.92.0.210 port 27120 ssh2]
May  7 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 27120 ssh2 [preauth]
May  7 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: Disconnecting: Too many authentication failures [preauth]
May  7 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 20:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[429]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31333]: pam_unix(cron:session): session closed for user root
May  7 20:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  7 20:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Failed password for root from 218.92.0.210 port 10956 ssh2
May  7 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Invalid user njzf from 106.75.135.55
May  7 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: input_userauth_request: invalid user njzf [preauth]
May  7 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 20:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Received disconnect from 218.92.0.210 port 10956:11:  [preauth]
May  7 20:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[536]: Disconnected from 218.92.0.210 port 10956 [preauth]
May  7 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Failed password for invalid user njzf from 106.75.135.55 port 42090 ssh2
May  7 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Received disconnect from 106.75.135.55 port 42090:11: Bye Bye [preauth]
May  7 20:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[552]: Disconnected from 106.75.135.55 port 42090 [preauth]
May  7 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[617]: pam_unix(cron:session): session closed for user p13x
May  7 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: Successful su for rubyman by root
May  7 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: + ??? root:rubyman
May  7 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349005 of user rubyman.
May  7 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[688]: pam_unix(su:session): session closed for user rubyman
May  7 20:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349005.
May  7 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29996]: pam_unix(cron:session): session closed for user root
May  7 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[618]: pam_unix(cron:session): session closed for user samftp
May  7 20:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Invalid user filezilla from 180.142.104.33
May  7 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: input_userauth_request: invalid user filezilla [preauth]
May  7 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: pam_unix(sshd:auth): check pass; user unknown
May  7 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Failed password for invalid user filezilla from 180.142.104.33 port 36306 ssh2
May  7 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Received disconnect from 180.142.104.33 port 36306:11: Bye Bye [preauth]
May  7 20:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[945]: Disconnected from 180.142.104.33 port 36306 [preauth]
May  7 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session closed for user root
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1102]: pam_unix(cron:session): session closed for user root
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1097]: pam_unix(cron:session): session closed for user root
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1095]: pam_unix(cron:session): session closed for user p13x
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: Successful su for rubyman by root
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: + ??? root:rubyman
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349007 of user rubyman.
May  7 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1203]: pam_unix(su:session): session closed for user rubyman
May  7 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349007.
May  7 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1098]: pam_unix(cron:session): session closed for user root
May  7 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30396]: pam_unix(cron:session): session closed for user root
May  7 21:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1096]: pam_unix(cron:session): session closed for user samftp
May  7 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session closed for user root
May  7 21:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Invalid user vanessa from 106.75.135.55
May  7 21:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: input_userauth_request: invalid user vanessa [preauth]
May  7 21:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Failed password for invalid user vanessa from 106.75.135.55 port 39716 ssh2
May  7 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Received disconnect from 106.75.135.55 port 39716:11: Bye Bye [preauth]
May  7 21:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1614]: Disconnected from 106.75.135.55 port 39716 [preauth]
May  7 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Invalid user xiangyu from 151.46.210.230
May  7 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: input_userauth_request: invalid user xiangyu [preauth]
May  7 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 21:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Failed password for invalid user xiangyu from 151.46.210.230 port 31780 ssh2
May  7 21:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Received disconnect from 151.46.210.230 port 31780:11: Bye Bye [preauth]
May  7 21:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Disconnected from 151.46.210.230 port 31780 [preauth]
May  7 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1683]: pam_unix(cron:session): session closed for user p13x
May  7 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: Successful su for rubyman by root
May  7 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: + ??? root:rubyman
May  7 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349014 of user rubyman.
May  7 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: pam_unix(su:session): session closed for user rubyman
May  7 21:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349014.
May  7 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30790]: pam_unix(cron:session): session closed for user root
May  7 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1684]: pam_unix(cron:session): session closed for user samftp
May  7 21:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Invalid user mongodb from 180.142.104.33
May  7 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: input_userauth_request: invalid user mongodb [preauth]
May  7 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Failed password for invalid user mongodb from 180.142.104.33 port 40928 ssh2
May  7 21:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Received disconnect from 180.142.104.33 port 40928:11: Bye Bye [preauth]
May  7 21:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: Disconnected from 180.142.104.33 port 40928 [preauth]
May  7 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[620]: pam_unix(cron:session): session closed for user root
May  7 21:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 21:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: Failed password for root from 80.94.95.125 port 53959 ssh2
May  7 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 53959 ssh2]
May  7 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: Received disconnect from 80.94.95.125 port 53959:11: Bye [preauth]
May  7 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: Disconnected from 80.94.95.125 port 53959 [preauth]
May  7 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2169]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2219]: pam_unix(cron:session): session closed for user p13x
May  7 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: Successful su for rubyman by root
May  7 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: + ??? root:rubyman
May  7 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349020 of user rubyman.
May  7 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2280]: pam_unix(su:session): session closed for user rubyman
May  7 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349020.
May  7 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31332]: pam_unix(cron:session): session closed for user root
May  7 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2220]: pam_unix(cron:session): session closed for user samftp
May  7 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1101]: pam_unix(cron:session): session closed for user root
May  7 21:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55  user=root
May  7 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Failed password for root from 106.75.135.55 port 57404 ssh2
May  7 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Received disconnect from 106.75.135.55 port 57404:11: Bye Bye [preauth]
May  7 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2591]: Disconnected from 106.75.135.55 port 57404 [preauth]
May  7 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session closed for user p13x
May  7 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: Successful su for rubyman by root
May  7 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: + ??? root:rubyman
May  7 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349022 of user rubyman.
May  7 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2726]: pam_unix(su:session): session closed for user rubyman
May  7 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349022.
May  7 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31770]: pam_unix(cron:session): session closed for user root
May  7 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session closed for user samftp
May  7 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Invalid user zch from 180.142.104.33
May  7 21:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: input_userauth_request: invalid user zch [preauth]
May  7 21:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for invalid user zch from 180.142.104.33 port 45548 ssh2
May  7 21:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Received disconnect from 180.142.104.33 port 45548:11: Bye Bye [preauth]
May  7 21:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Disconnected from 180.142.104.33 port 45548 [preauth]
May  7 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session closed for user root
May  7 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session closed for user p13x
May  7 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3138]: Successful su for rubyman by root
May  7 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3138]: + ??? root:rubyman
May  7 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349026 of user rubyman.
May  7 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3138]: pam_unix(su:session): session closed for user rubyman
May  7 21:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349026.
May  7 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session closed for user root
May  7 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session closed for user samftp
May  7 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2222]: pam_unix(cron:session): session closed for user root
May  7 21:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: Invalid user vtatis from 106.75.135.55
May  7 21:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: input_userauth_request: invalid user vtatis [preauth]
May  7 21:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: Failed password for invalid user vtatis from 106.75.135.55 port 58292 ssh2
May  7 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: Received disconnect from 106.75.135.55 port 58292:11: Bye Bye [preauth]
May  7 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3448]: Disconnected from 106.75.135.55 port 58292 [preauth]
May  7 21:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33  user=root
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Failed password for root from 180.142.104.33 port 50174 ssh2
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Received disconnect from 180.142.104.33 port 50174:11: Bye Bye [preauth]
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3499]: Disconnected from 180.142.104.33 port 50174 [preauth]
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3516]: pam_unix(cron:session): session closed for user root
May  7 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3511]: pam_unix(cron:session): session closed for user p13x
May  7 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3614]: Successful su for rubyman by root
May  7 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3614]: + ??? root:rubyman
May  7 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349030 of user rubyman.
May  7 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3614]: pam_unix(su:session): session closed for user rubyman
May  7 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349030.
May  7 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3513]: pam_unix(cron:session): session closed for user root
May  7 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[619]: pam_unix(cron:session): session closed for user root
May  7 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3512]: pam_unix(cron:session): session closed for user samftp
May  7 21:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Failed password for root from 218.92.0.179 port 20587 ssh2
May  7 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20587 ssh2]
May  7 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Received disconnect from 218.92.0.179 port 20587:11:  [preauth]
May  7 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Disconnected from 218.92.0.179 port 20587 [preauth]
May  7 21:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2653]: pam_unix(cron:session): session closed for user root
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session closed for user p13x
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4071]: Successful su for rubyman by root
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4071]: + ??? root:rubyman
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349036 of user rubyman.
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4071]: pam_unix(su:session): session closed for user rubyman
May  7 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349036.
May  7 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1100]: pam_unix(cron:session): session closed for user root
May  7 21:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4003]: pam_unix(cron:session): session closed for user samftp
May  7 21:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Invalid user minecraft from 50.235.31.47
May  7 21:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: input_userauth_request: invalid user minecraft [preauth]
May  7 21:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 21:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Failed password for invalid user minecraft from 50.235.31.47 port 53034 ssh2
May  7 21:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Connection closed by 50.235.31.47 port 53034 [preauth]
May  7 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session closed for user root
May  7 21:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Invalid user aditya from 106.75.135.55
May  7 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: input_userauth_request: invalid user aditya [preauth]
May  7 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Failed password for invalid user aditya from 106.75.135.55 port 56514 ssh2
May  7 21:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Received disconnect from 106.75.135.55 port 56514:11: Bye Bye [preauth]
May  7 21:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4502]: Disconnected from 106.75.135.55 port 56514 [preauth]
May  7 21:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Invalid user kt from 180.142.104.33
May  7 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: input_userauth_request: invalid user kt [preauth]
May  7 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Failed password for invalid user kt from 180.142.104.33 port 54782 ssh2
May  7 21:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Received disconnect from 180.142.104.33 port 54782:11: Bye Bye [preauth]
May  7 21:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4542]: Disconnected from 180.142.104.33 port 54782 [preauth]
May  7 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4573]: pam_unix(cron:session): session closed for user p13x
May  7 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: Successful su for rubyman by root
May  7 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: + ??? root:rubyman
May  7 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349041 of user rubyman.
May  7 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4637]: pam_unix(su:session): session closed for user rubyman
May  7 21:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349041.
May  7 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1685]: pam_unix(cron:session): session closed for user root
May  7 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4574]: pam_unix(cron:session): session closed for user samftp
May  7 21:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 21:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Failed password for root from 218.92.0.225 port 55492 ssh2
May  7 21:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 55492 ssh2]
May  7 21:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Received disconnect from 218.92.0.225 port 55492:11:  [preauth]
May  7 21:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Disconnected from 218.92.0.225 port 55492 [preauth]
May  7 21:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  7 21:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.235  user=root
May  7 21:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4914]: Failed password for root from 218.92.0.235 port 42358 ssh2
May  7 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3515]: pam_unix(cron:session): session closed for user root
May  7 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.233.145  user=root
May  7 21:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: Failed password for root from 143.110.233.145 port 42218 ssh2
May  7 21:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4942]: Connection closed by 143.110.233.145 port 42218 [preauth]
May  7 21:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5187]: pam_unix(cron:session): session closed for user p13x
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5259]: Successful su for rubyman by root
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5259]: + ??? root:rubyman
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349044 of user rubyman.
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5259]: pam_unix(su:session): session closed for user rubyman
May  7 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349044.
May  7 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2221]: pam_unix(cron:session): session closed for user root
May  7 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Invalid user pi from 143.110.233.145
May  7 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: input_userauth_request: invalid user pi [preauth]
May  7 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5189]: pam_unix(cron:session): session closed for user samftp
May  7 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.110.233.145
May  7 21:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Failed password for invalid user pi from 143.110.233.145 port 40466 ssh2
May  7 21:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4986]: Connection closed by 143.110.233.145 port 40466 [preauth]
May  7 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4005]: pam_unix(cron:session): session closed for user root
May  7 21:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33  user=root
May  7 21:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Failed password for root from 180.142.104.33 port 59382 ssh2
May  7 21:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Received disconnect from 180.142.104.33 port 59382:11: Bye Bye [preauth]
May  7 21:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5597]: Disconnected from 180.142.104.33 port 59382 [preauth]
May  7 21:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Invalid user flussonic from 106.75.135.55
May  7 21:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: input_userauth_request: invalid user flussonic [preauth]
May  7 21:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Failed password for invalid user flussonic from 106.75.135.55 port 39006 ssh2
May  7 21:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5616]: Did not receive identification string from 143.110.233.145
May  7 21:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Received disconnect from 106.75.135.55 port 39006:11: Bye Bye [preauth]
May  7 21:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5614]: Disconnected from 106.75.135.55 port 39006 [preauth]
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5674]: pam_unix(cron:session): session closed for user p13x
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: Successful su for rubyman by root
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: + ??? root:rubyman
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349048 of user rubyman.
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5795]: pam_unix(su:session): session closed for user rubyman
May  7 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349048.
May  7 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5672]: pam_unix(cron:session): session closed for user root
May  7 21:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session closed for user root
May  7 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5675]: pam_unix(cron:session): session closed for user samftp
May  7 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Invalid user demo from 80.94.95.125
May  7 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: input_userauth_request: invalid user demo [preauth]
May  7 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 21:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user demo from 80.94.95.125 port 63873 ssh2
May  7 21:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user demo from 80.94.95.125 port 63873 ssh2
May  7 21:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user demo from 80.94.95.125 port 63873 ssh2
May  7 21:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user demo from 80.94.95.125 port 63873 ssh2
May  7 21:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user demo from 80.94.95.125 port 63873 ssh2
May  7 21:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Received disconnect from 80.94.95.125 port 63873:11: Bye [preauth]
May  7 21:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Disconnected from 80.94.95.125 port 63873 [preauth]
May  7 21:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 21:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4578]: pam_unix(cron:session): session closed for user root
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6276]: pam_unix(cron:session): session closed for user root
May  7 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6271]: pam_unix(cron:session): session closed for user p13x
May  7 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: Successful su for rubyman by root
May  7 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: + ??? root:rubyman
May  7 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349057 of user rubyman.
May  7 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6343]: pam_unix(su:session): session closed for user rubyman
May  7 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349057.
May  7 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6273]: pam_unix(cron:session): session closed for user root
May  7 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session closed for user root
May  7 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6272]: pam_unix(cron:session): session closed for user samftp
May  7 21:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5191]: pam_unix(cron:session): session closed for user root
May  7 21:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Invalid user steam from 180.142.104.33
May  7 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: input_userauth_request: invalid user steam [preauth]
May  7 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Failed password for invalid user steam from 180.142.104.33 port 35774 ssh2
May  7 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Received disconnect from 180.142.104.33 port 35774:11: Bye Bye [preauth]
May  7 21:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6643]: Disconnected from 180.142.104.33 port 35774 [preauth]
May  7 21:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Invalid user linda from 106.75.135.55
May  7 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: input_userauth_request: invalid user linda [preauth]
May  7 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Failed password for invalid user linda from 106.75.135.55 port 58788 ssh2
May  7 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Received disconnect from 106.75.135.55 port 58788:11: Bye Bye [preauth]
May  7 21:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6692]: Disconnected from 106.75.135.55 port 58788 [preauth]
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6712]: pam_unix(cron:session): session closed for user p13x
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: Successful su for rubyman by root
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: + ??? root:rubyman
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349060 of user rubyman.
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6784]: pam_unix(su:session): session closed for user rubyman
May  7 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349060.
May  7 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3514]: pam_unix(cron:session): session closed for user root
May  7 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6713]: pam_unix(cron:session): session closed for user samftp
May  7 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5677]: pam_unix(cron:session): session closed for user root
May  7 21:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Invalid user user from 151.46.210.230
May  7 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: input_userauth_request: invalid user user [preauth]
May  7 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 21:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Failed password for invalid user user from 151.46.210.230 port 31947 ssh2
May  7 21:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Received disconnect from 151.46.210.230 port 31947:11: Bye Bye [preauth]
May  7 21:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7209]: Disconnected from 151.46.210.230 port 31947 [preauth]
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7235]: pam_unix(cron:session): session closed for user p13x
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7295]: Successful su for rubyman by root
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7295]: + ??? root:rubyman
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349063 of user rubyman.
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7295]: pam_unix(su:session): session closed for user rubyman
May  7 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349063.
May  7 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4004]: pam_unix(cron:session): session closed for user root
May  7 21:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Failed password for root from 218.92.0.179 port 27822 ssh2
May  7 21:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7236]: pam_unix(cron:session): session closed for user samftp
May  7 21:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Failed password for root from 218.92.0.179 port 27822 ssh2
May  7 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Failed password for root from 218.92.0.179 port 27822 ssh2
May  7 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Received disconnect from 218.92.0.179 port 27822:11:  [preauth]
May  7 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: Disconnected from 218.92.0.179 port 27822 [preauth]
May  7 21:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7347]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7486]: Failed password for root from 194.0.234.19 port 60362 ssh2
May  7 21:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7486]: Connection closed by 194.0.234.19 port 60362 [preauth]
May  7 21:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Invalid user sns from 180.142.104.33
May  7 21:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: input_userauth_request: invalid user sns [preauth]
May  7 21:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Failed password for invalid user sns from 180.142.104.33 port 40390 ssh2
May  7 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Received disconnect from 180.142.104.33 port 40390:11: Bye Bye [preauth]
May  7 21:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7641]: Disconnected from 180.142.104.33 port 40390 [preauth]
May  7 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6275]: pam_unix(cron:session): session closed for user root
May  7 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Invalid user es from 106.75.135.55
May  7 21:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: input_userauth_request: invalid user es [preauth]
May  7 21:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Failed password for invalid user es from 106.75.135.55 port 52596 ssh2
May  7 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Received disconnect from 106.75.135.55 port 52596:11: Bye Bye [preauth]
May  7 21:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7741]: Disconnected from 106.75.135.55 port 52596 [preauth]
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7756]: pam_unix(cron:session): session closed for user p13x
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: Successful su for rubyman by root
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: + ??? root:rubyman
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349068 of user rubyman.
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7826]: pam_unix(su:session): session closed for user rubyman
May  7 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349068.
May  7 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4576]: pam_unix(cron:session): session closed for user root
May  7 21:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session closed for user samftp
May  7 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6715]: pam_unix(cron:session): session closed for user root
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8182]: pam_unix(cron:session): session closed for user p13x
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: Successful su for rubyman by root
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: + ??? root:rubyman
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349072 of user rubyman.
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8249]: pam_unix(su:session): session closed for user rubyman
May  7 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349072.
May  7 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5190]: pam_unix(cron:session): session closed for user root
May  7 21:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8183]: pam_unix(cron:session): session closed for user samftp
May  7 21:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Invalid user user from 180.142.104.33
May  7 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: input_userauth_request: invalid user user [preauth]
May  7 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Failed password for invalid user user from 180.142.104.33 port 44998 ssh2
May  7 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Received disconnect from 180.142.104.33 port 44998:11: Bye Bye [preauth]
May  7 21:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8453]: Disconnected from 180.142.104.33 port 44998 [preauth]
May  7 21:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7238]: pam_unix(cron:session): session closed for user root
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session closed for user root
May  7 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8603]: pam_unix(cron:session): session closed for user p13x
May  7 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: Successful su for rubyman by root
May  7 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: + ??? root:rubyman
May  7 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349078 of user rubyman.
May  7 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: pam_unix(su:session): session closed for user rubyman
May  7 21:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349078.
May  7 21:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55  user=root
May  7 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8605]: pam_unix(cron:session): session closed for user root
May  7 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5676]: pam_unix(cron:session): session closed for user root
May  7 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Failed password for root from 106.75.135.55 port 42680 ssh2
May  7 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Received disconnect from 106.75.135.55 port 42680:11: Bye Bye [preauth]
May  7 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8764]: Disconnected from 106.75.135.55 port 42680 [preauth]
May  7 21:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8604]: pam_unix(cron:session): session closed for user samftp
May  7 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session closed for user root
May  7 21:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 21:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Failed password for root from 218.92.0.221 port 18568 ssh2
May  7 21:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 18568 ssh2]
May  7 21:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Received disconnect from 218.92.0.221 port 18568:11:  [preauth]
May  7 21:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: Disconnected from 218.92.0.221 port 18568 [preauth]
May  7 21:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9011]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9055]: pam_unix(cron:session): session closed for user p13x
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9215]: Successful su for rubyman by root
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9215]: + ??? root:rubyman
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9215]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349082 of user rubyman.
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9215]: pam_unix(su:session): session closed for user rubyman
May  7 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349082.
May  7 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6274]: pam_unix(cron:session): session closed for user root
May  7 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9056]: pam_unix(cron:session): session closed for user samftp
May  7 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Invalid user viola from 180.142.104.33
May  7 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: input_userauth_request: invalid user viola [preauth]
May  7 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Failed password for invalid user viola from 180.142.104.33 port 49594 ssh2
May  7 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Received disconnect from 180.142.104.33 port 49594:11: Bye Bye [preauth]
May  7 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9433]: Disconnected from 180.142.104.33 port 49594 [preauth]
May  7 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session closed for user root
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9588]: pam_unix(cron:session): session closed for user root
May  7 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session closed for user p13x
May  7 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9654]: Successful su for rubyman by root
May  7 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9654]: + ??? root:rubyman
May  7 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349087 of user rubyman.
May  7 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9654]: pam_unix(su:session): session closed for user rubyman
May  7 21:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349087.
May  7 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6714]: pam_unix(cron:session): session closed for user root
May  7 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9591]: pam_unix(cron:session): session closed for user samftp
May  7 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Invalid user xiangyu from 106.75.135.55
May  7 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: input_userauth_request: invalid user xiangyu [preauth]
May  7 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Failed password for invalid user xiangyu from 106.75.135.55 port 47330 ssh2
May  7 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Received disconnect from 106.75.135.55 port 47330:11: Bye Bye [preauth]
May  7 21:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9846]: Disconnected from 106.75.135.55 port 47330 [preauth]
May  7 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session closed for user root
May  7 21:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: Invalid user odoo17 from 151.46.210.230
May  7 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: input_userauth_request: invalid user odoo17 [preauth]
May  7 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: Failed password for invalid user odoo17 from 151.46.210.230 port 31927 ssh2
May  7 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: Received disconnect from 151.46.210.230 port 31927:11: Bye Bye [preauth]
May  7 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9947]: Disconnected from 151.46.210.230 port 31927 [preauth]
May  7 21:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: Invalid user sol from 180.142.104.33
May  7 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: input_userauth_request: invalid user sol [preauth]
May  7 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session closed for user p13x
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: Successful su for rubyman by root
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: + ??? root:rubyman
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349091 of user rubyman.
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: pam_unix(su:session): session closed for user rubyman
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349091.
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: Failed password for invalid user sol from 180.142.104.33 port 54212 ssh2
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: Received disconnect from 180.142.104.33 port 54212:11: Bye Bye [preauth]
May  7 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: Disconnected from 180.142.104.33 port 54212 [preauth]
May  7 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7237]: pam_unix(cron:session): session closed for user root
May  7 21:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session closed for user samftp
May  7 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9058]: pam_unix(cron:session): session closed for user root
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10500]: pam_unix(cron:session): session closed for user p13x
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10568]: Successful su for rubyman by root
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10568]: + ??? root:rubyman
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349095 of user rubyman.
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10568]: pam_unix(su:session): session closed for user rubyman
May  7 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349095.
May  7 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7762]: pam_unix(cron:session): session closed for user root
May  7 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10501]: pam_unix(cron:session): session closed for user samftp
May  7 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Invalid user keke from 106.75.135.55
May  7 21:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: input_userauth_request: invalid user keke [preauth]
May  7 21:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Failed password for invalid user keke from 106.75.135.55 port 52172 ssh2
May  7 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Received disconnect from 106.75.135.55 port 52172:11: Bye Bye [preauth]
May  7 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Disconnected from 106.75.135.55 port 52172 [preauth]
May  7 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Invalid user keke from 151.46.210.230
May  7 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: input_userauth_request: invalid user keke [preauth]
May  7 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9593]: pam_unix(cron:session): session closed for user root
May  7 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Failed password for invalid user keke from 151.46.210.230 port 31344 ssh2
May  7 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Received disconnect from 151.46.210.230 port 31344:11: Bye Bye [preauth]
May  7 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10884]: Disconnected from 151.46.210.230 port 31344 [preauth]
May  7 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: Invalid user sammy from 180.142.104.33
May  7 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: input_userauth_request: invalid user sammy [preauth]
May  7 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: Failed password for invalid user sammy from 180.142.104.33 port 58828 ssh2
May  7 21:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: Received disconnect from 180.142.104.33 port 58828:11: Bye Bye [preauth]
May  7 21:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10943]: Disconnected from 180.142.104.33 port 58828 [preauth]
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user root
May  7 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session closed for user p13x
May  7 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: Successful su for rubyman by root
May  7 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: + ??? root:rubyman
May  7 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349100 of user rubyman.
May  7 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11039]: pam_unix(su:session): session closed for user rubyman
May  7 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349100.
May  7 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session closed for user root
May  7 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8184]: pam_unix(cron:session): session closed for user root
May  7 21:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user samftp
May  7 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10005]: pam_unix(cron:session): session closed for user root
May  7 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11391]: pam_unix(cron:session): session closed for user p13x
May  7 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: Successful su for rubyman by root
May  7 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: + ??? root:rubyman
May  7 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349104 of user rubyman.
May  7 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11458]: pam_unix(su:session): session closed for user rubyman
May  7 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349104.
May  7 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session closed for user root
May  7 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11392]: pam_unix(cron:session): session closed for user samftp
May  7 21:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Invalid user m from 106.75.135.55
May  7 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: input_userauth_request: invalid user m [preauth]
May  7 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Failed password for invalid user m from 106.75.135.55 port 44520 ssh2
May  7 21:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Received disconnect from 106.75.135.55 port 44520:11: Bye Bye [preauth]
May  7 21:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11662]: Disconnected from 106.75.135.55 port 44520 [preauth]
May  7 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Invalid user es from 151.46.210.230
May  7 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: input_userauth_request: invalid user es [preauth]
May  7 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.46.210.230
May  7 21:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Failed password for invalid user es from 151.46.210.230 port 31416 ssh2
May  7 21:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Received disconnect from 151.46.210.230 port 31416:11: Bye Bye [preauth]
May  7 21:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Disconnected from 151.46.210.230 port 31416 [preauth]
May  7 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10505]: pam_unix(cron:session): session closed for user root
May  7 21:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: Invalid user astra from 180.142.104.33
May  7 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: input_userauth_request: invalid user astra [preauth]
May  7 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: Failed password for invalid user astra from 180.142.104.33 port 35240 ssh2
May  7 21:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: Received disconnect from 180.142.104.33 port 35240:11: Bye Bye [preauth]
May  7 21:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11767]: Disconnected from 180.142.104.33 port 35240 [preauth]
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11803]: pam_unix(cron:session): session closed for user p13x
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11865]: Successful su for rubyman by root
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11865]: + ??? root:rubyman
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349109 of user rubyman.
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11865]: pam_unix(su:session): session closed for user rubyman
May  7 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349109.
May  7 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9057]: pam_unix(cron:session): session closed for user root
May  7 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11804]: pam_unix(cron:session): session closed for user samftp
May  7 21:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Invalid user admin from 80.94.95.112
May  7 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: input_userauth_request: invalid user admin [preauth]
May  7 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 21:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user admin from 80.94.95.112 port 59462 ssh2
May  7 21:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10974]: pam_unix(cron:session): session closed for user root
May  7 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user admin from 80.94.95.112 port 59462 ssh2
May  7 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user admin from 80.94.95.112 port 59462 ssh2
May  7 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: User uucp from 85.208.84.5 not allowed because not listed in AllowUsers
May  7 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: input_userauth_request: invalid user uucp [preauth]
May  7 21:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=uucp
May  7 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user admin from 80.94.95.112 port 59462 ssh2
May  7 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Failed password for invalid user uucp from 85.208.84.5 port 54194 ssh2
May  7 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12139]: Connection closed by 85.208.84.5 port 54194 [preauth]
May  7 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Failed password for invalid user admin from 80.94.95.112 port 59462 ssh2
May  7 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Received disconnect from 80.94.95.112 port 59462:11: Bye [preauth]
May  7 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: Disconnected from 80.94.95.112 port 59462 [preauth]
May  7 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12100]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12187]: pam_unix(cron:session): session closed for user p13x
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12250]: Successful su for rubyman by root
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12250]: + ??? root:rubyman
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349113 of user rubyman.
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12250]: pam_unix(su:session): session closed for user rubyman
May  7 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349113.
May  7 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9592]: pam_unix(cron:session): session closed for user root
May  7 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12188]: pam_unix(cron:session): session closed for user samftp
May  7 21:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: Invalid user s3 from 106.75.135.55
May  7 21:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: input_userauth_request: invalid user s3 [preauth]
May  7 21:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: Failed password for invalid user s3 from 106.75.135.55 port 60480 ssh2
May  7 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: Received disconnect from 106.75.135.55 port 60480:11: Bye Bye [preauth]
May  7 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12504]: Disconnected from 106.75.135.55 port 60480 [preauth]
May  7 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11394]: pam_unix(cron:session): session closed for user root
May  7 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Invalid user media from 180.142.104.33
May  7 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: input_userauth_request: invalid user media [preauth]
May  7 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Failed password for invalid user media from 180.142.104.33 port 39828 ssh2
May  7 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Received disconnect from 180.142.104.33 port 39828:11: Bye Bye [preauth]
May  7 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12551]: Disconnected from 180.142.104.33 port 39828 [preauth]
May  7 21:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Failed password for root from 218.92.0.179 port 35501 ssh2
May  7 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 35501 ssh2]
May  7 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Received disconnect from 218.92.0.179 port 35501:11:  [preauth]
May  7 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: Disconnected from 218.92.0.179 port 35501 [preauth]
May  7 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12553]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12605]: pam_unix(cron:session): session closed for user p13x
May  7 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12662]: Successful su for rubyman by root
May  7 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12662]: + ??? root:rubyman
May  7 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349118 of user rubyman.
May  7 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12662]: pam_unix(su:session): session closed for user rubyman
May  7 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349118.
May  7 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session closed for user root
May  7 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12606]: pam_unix(cron:session): session closed for user samftp
May  7 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11806]: pam_unix(cron:session): session closed for user root
May  7 21:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Invalid user admin from 80.94.95.241
May  7 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: input_userauth_request: invalid user admin [preauth]
May  7 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 21:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Failed password for invalid user admin from 80.94.95.241 port 46878 ssh2
May  7 21:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Failed password for invalid user admin from 80.94.95.241 port 46878 ssh2
May  7 21:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Failed password for invalid user admin from 80.94.95.241 port 46878 ssh2
May  7 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Failed password for invalid user admin from 80.94.95.241 port 46878 ssh2
May  7 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  7 21:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Failed password for invalid user admin from 80.94.95.241 port 46878 ssh2
May  7 21:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for root from 218.92.0.198 port 64974 ssh2
May  7 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Received disconnect from 80.94.95.241 port 46878:11: Bye [preauth]
May  7 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: Disconnected from 80.94.95.241 port 46878 [preauth]
May  7 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 21:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12960]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for root from 218.92.0.198 port 64974 ssh2
May  7 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for root from 218.92.0.198 port 64974 ssh2
May  7 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Received disconnect from 218.92.0.198 port 64974:11:  [preauth]
May  7 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Disconnected from 218.92.0.198 port 64974 [preauth]
May  7 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13000]: pam_unix(cron:session): session closed for user root
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12994]: pam_unix(cron:session): session closed for user p13x
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13068]: Successful su for rubyman by root
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13068]: + ??? root:rubyman
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349122 of user rubyman.
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13068]: pam_unix(su:session): session closed for user rubyman
May  7 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349122.
May  7 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12997]: pam_unix(cron:session): session closed for user root
May  7 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10504]: pam_unix(cron:session): session closed for user root
May  7 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12996]: pam_unix(cron:session): session closed for user samftp
May  7 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12191]: pam_unix(cron:session): session closed for user root
May  7 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Invalid user guo from 180.142.104.33
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: input_userauth_request: invalid user guo [preauth]
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.142.104.33
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Invalid user sahil from 106.75.135.55
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: input_userauth_request: invalid user sahil [preauth]
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Failed password for invalid user guo from 180.142.104.33 port 44446 ssh2
May  7 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Received disconnect from 180.142.104.33 port 44446:11: Bye Bye [preauth]
May  7 21:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Disconnected from 180.142.104.33 port 44446 [preauth]
May  7 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Failed password for invalid user sahil from 106.75.135.55 port 41264 ssh2
May  7 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Received disconnect from 106.75.135.55 port 41264:11: Bye Bye [preauth]
May  7 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Disconnected from 106.75.135.55 port 41264 [preauth]
May  7 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12594]: Connection reset by 218.92.0.231 port 59474 [preauth]
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13428]: pam_unix(cron:session): session closed for user p13x
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: Successful su for rubyman by root
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: + ??? root:rubyman
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349126 of user rubyman.
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13593]: pam_unix(su:session): session closed for user rubyman
May  7 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349126.
May  7 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user root
May  7 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13429]: pam_unix(cron:session): session closed for user samftp
May  7 21:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for root from 80.94.95.125 port 62426 ssh2
May  7 21:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Failed password for root from 218.92.0.179 port 47286 ssh2
May  7 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for root from 80.94.95.125 port 62426 ssh2
May  7 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Failed password for root from 218.92.0.179 port 47286 ssh2
May  7 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for root from 80.94.95.125 port 62426 ssh2
May  7 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Failed password for root from 218.92.0.179 port 47286 ssh2
May  7 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Received disconnect from 218.92.0.179 port 47286:11:  [preauth]
May  7 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: Disconnected from 218.92.0.179 port 47286 [preauth]
May  7 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13849]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12608]: pam_unix(cron:session): session closed for user root
May  7 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for root from 80.94.95.125 port 62426 ssh2
May  7 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Failed password for root from 80.94.95.125 port 62426 ssh2
May  7 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Received disconnect from 80.94.95.125 port 62426:11: Bye [preauth]
May  7 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: Disconnected from 80.94.95.125 port 62426 [preauth]
May  7 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13839]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13946]: pam_unix(cron:session): session closed for user p13x
May  7 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14010]: Successful su for rubyman by root
May  7 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14010]: + ??? root:rubyman
May  7 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349132 of user rubyman.
May  7 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14010]: pam_unix(su:session): session closed for user rubyman
May  7 21:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349132.
May  7 21:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11393]: pam_unix(cron:session): session closed for user root
May  7 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13947]: pam_unix(cron:session): session closed for user samftp
May  7 21:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 21:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Failed password for root from 218.92.0.207 port 27252 ssh2
May  7 21:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12999]: pam_unix(cron:session): session closed for user root
May  7 21:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Failed password for root from 218.92.0.207 port 27252 ssh2
May  7 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: message repeated 2 times: [ Failed password for root from 218.92.0.207 port 27252 ssh2]
May  7 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Invalid user minni from 106.75.135.55
May  7 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: input_userauth_request: invalid user minni [preauth]
May  7 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Failed password for invalid user minni from 106.75.135.55 port 51572 ssh2
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Received disconnect from 106.75.135.55 port 51572:11: Bye Bye [preauth]
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14297]: Disconnected from 106.75.135.55 port 51572 [preauth]
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Failed password for root from 218.92.0.207 port 27252 ssh2
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 27252 ssh2 [preauth]
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: Disconnecting: Too many authentication failures [preauth]
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 21:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14245]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 21:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for root from 218.92.0.207 port 56878 ssh2
May  7 21:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 56878 ssh2]
May  7 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14350]: pam_unix(cron:session): session closed for user p13x
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14412]: Successful su for rubyman by root
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14412]: + ??? root:rubyman
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349135 of user rubyman.
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14412]: pam_unix(su:session): session closed for user rubyman
May  7 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349135.
May  7 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for root from 218.92.0.207 port 56878 ssh2
May  7 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11805]: pam_unix(cron:session): session closed for user root
May  7 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14351]: pam_unix(cron:session): session closed for user samftp
May  7 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Failed password for root from 218.92.0.207 port 56878 ssh2
May  7 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 56878 ssh2 [preauth]
May  7 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: Disconnecting: Too many authentication failures [preauth]
May  7 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14321]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Failed password for root from 218.92.0.207 port 35258 ssh2
May  7 21:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Received disconnect from 218.92.0.207 port 35258:11:  [preauth]
May  7 21:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14601]: Disconnected from 218.92.0.207 port 35258 [preauth]
May  7 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13431]: pam_unix(cron:session): session closed for user root
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session closed for user p13x
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: Successful su for rubyman by root
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: + ??? root:rubyman
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349139 of user rubyman.
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: pam_unix(su:session): session closed for user rubyman
May  7 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349139.
May  7 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12190]: pam_unix(cron:session): session closed for user root
May  7 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session closed for user samftp
May  7 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13950]: pam_unix(cron:session): session closed for user root
May  7 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: Invalid user nginx1 from 106.75.135.55
May  7 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: input_userauth_request: invalid user nginx1 [preauth]
May  7 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: Failed password for invalid user nginx1 from 106.75.135.55 port 50954 ssh2
May  7 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: Received disconnect from 106.75.135.55 port 50954:11: Bye Bye [preauth]
May  7 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15140]: Disconnected from 106.75.135.55 port 50954 [preauth]
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15166]: pam_unix(cron:session): session closed for user root
May  7 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session closed for user p13x
May  7 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15233]: Successful su for rubyman by root
May  7 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15233]: + ??? root:rubyman
May  7 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349142 of user rubyman.
May  7 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15233]: pam_unix(su:session): session closed for user rubyman
May  7 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349142.
May  7 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12607]: pam_unix(cron:session): session closed for user root
May  7 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user root
May  7 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user samftp
May  7 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14353]: pam_unix(cron:session): session closed for user root
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15583]: pam_unix(cron:session): session closed for user p13x
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15648]: Successful su for rubyman by root
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15648]: + ??? root:rubyman
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349150 of user rubyman.
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15648]: pam_unix(su:session): session closed for user rubyman
May  7 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349150.
May  7 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12998]: pam_unix(cron:session): session closed for user root
May  7 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session closed for user samftp
May  7 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Did not receive identification string from 47.250.81.7
May  7 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Invalid user  from 47.250.81.7
May  7 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: input_userauth_request: invalid user  [preauth]
May  7 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15844]: Connection closed by 47.250.81.7 port 28932 [preauth]
May  7 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session closed for user root
May  7 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: Invalid user ubuntu from 164.68.105.9
May  7 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: input_userauth_request: invalid user ubuntu [preauth]
May  7 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: Failed password for invalid user ubuntu from 164.68.105.9 port 37770 ssh2
May  7 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15974]: Connection closed by 164.68.105.9 port 37770 [preauth]
May  7 21:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session closed for user p13x
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: Successful su for rubyman by root
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: + ??? root:rubyman
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349152 of user rubyman.
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16053]: pam_unix(su:session): session closed for user rubyman
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349152.
May  7 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55  user=root
May  7 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Failed password for root from 218.92.0.179 port 10976 ssh2
May  7 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13430]: pam_unix(cron:session): session closed for user root
May  7 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Failed password for root from 106.75.135.55 port 42528 ssh2
May  7 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Received disconnect from 106.75.135.55 port 42528:11: Bye Bye [preauth]
May  7 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16059]: Disconnected from 106.75.135.55 port 42528 [preauth]
May  7 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Failed password for root from 218.92.0.179 port 10976 ssh2
May  7 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session closed for user samftp
May  7 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Failed password for root from 218.92.0.179 port 10976 ssh2
May  7 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Received disconnect from 218.92.0.179 port 10976:11:  [preauth]
May  7 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: Disconnected from 218.92.0.179 port 10976 [preauth]
May  7 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15984]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for root from 218.92.0.220 port 40922 ssh2
May  7 21:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
May  7 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for root from 218.92.0.220 port 40922 ssh2
May  7 21:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Failed password for root from 218.92.0.220 port 40922 ssh2
May  7 21:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Received disconnect from 218.92.0.220 port 40922:11:  [preauth]
May  7 21:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: Disconnected from 218.92.0.220 port 40922 [preauth]
May  7 21:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16290]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user p13x
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: Successful su for rubyman by root
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: + ??? root:rubyman
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349157 of user rubyman.
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16436]: pam_unix(su:session): session closed for user rubyman
May  7 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349157.
May  7 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13949]: pam_unix(cron:session): session closed for user root
May  7 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user samftp
May  7 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Invalid user admin from 80.94.95.115
May  7 21:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: input_userauth_request: invalid user admin [preauth]
May  7 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Failed password for invalid user admin from 80.94.95.115 port 33070 ssh2
May  7 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16674]: Connection closed by 80.94.95.115 port 33070 [preauth]
May  7 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user root
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16826]: pam_unix(cron:session): session closed for user p13x
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16900]: Successful su for rubyman by root
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16900]: + ??? root:rubyman
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349160 of user rubyman.
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16900]: pam_unix(su:session): session closed for user rubyman
May  7 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349160.
May  7 21:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14352]: pam_unix(cron:session): session closed for user root
May  7 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16827]: pam_unix(cron:session): session closed for user samftp
May  7 21:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: Invalid user user03 from 106.75.135.55
May  7 21:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: input_userauth_request: invalid user user03 [preauth]
May  7 21:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: Failed password for root from 80.94.95.125 port 58053 ssh2
May  7 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: Failed password for invalid user user03 from 106.75.135.55 port 54316 ssh2
May  7 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: Received disconnect from 106.75.135.55 port 54316:11: Bye Bye [preauth]
May  7 21:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17116]: Disconnected from 106.75.135.55 port 54316 [preauth]
May  7 21:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: Failed password for root from 80.94.95.125 port 58053 ssh2
May  7 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 58053 ssh2]
May  7 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: Received disconnect from 80.94.95.125 port 58053:11: Bye [preauth]
May  7 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: Disconnected from 80.94.95.125 port 58053 [preauth]
May  7 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 21:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17114]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15999]: pam_unix(cron:session): session closed for user root
May  7 21:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17238]: Did not receive identification string from 160.191.52.81
May  7 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: Invalid user admin from 160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: input_userauth_request: invalid user admin [preauth]
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Invalid user usario from 160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: input_userauth_request: invalid user usario [preauth]
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Invalid user support from 160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: input_userauth_request: invalid user support [preauth]
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: Invalid user ubnt from 160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: input_userauth_request: invalid user ubnt [preauth]
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Invalid user user from 160.191.52.81
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: input_userauth_request: invalid user user [preauth]
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.81
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: Failed password for invalid user admin from 160.191.52.81 port 34376 ssh2
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Failed password for invalid user usario from 160.191.52.81 port 34408 ssh2
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Failed password for invalid user support from 160.191.52.81 port 34386 ssh2
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: Failed password for invalid user ubnt from 160.191.52.81 port 34396 ssh2
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for invalid user user from 160.191.52.81 port 34372 ssh2
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: Received disconnect from 160.191.52.81 port 34376:11: Bye Bye [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17239]: Disconnected from 160.191.52.81 port 34376 [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Received disconnect from 160.191.52.81 port 34408:11: Bye Bye [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17242]: Disconnected from 160.191.52.81 port 34408 [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Received disconnect from 160.191.52.81 port 34386:11: Bye Bye [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17241]: Disconnected from 160.191.52.81 port 34386 [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: Received disconnect from 160.191.52.81 port 34396:11: Bye Bye [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17243]: Disconnected from 160.191.52.81 port 34396 [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Received disconnect from 160.191.52.81 port 34372:11: Bye Bye [preauth]
May  7 21:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Disconnected from 160.191.52.81 port 34372 [preauth]
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17275]: pam_unix(cron:session): session closed for user root
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17268]: pam_unix(cron:session): session closed for user p13x
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17345]: Successful su for rubyman by root
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17345]: + ??? root:rubyman
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349164 of user rubyman.
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17345]: pam_unix(su:session): session closed for user rubyman
May  7 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349164.
May  7 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17272]: pam_unix(cron:session): session closed for user root
May  7 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session closed for user root
May  7 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17270]: pam_unix(cron:session): session closed for user samftp
May  7 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user root
May  7 21:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17676]: Connection reset by 198.235.24.171 port 64676 [preauth]
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17726]: pam_unix(cron:session): session closed for user p13x
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: Successful su for rubyman by root
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: + ??? root:rubyman
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349173 of user rubyman.
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: pam_unix(su:session): session closed for user rubyman
May  7 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349173.
May  7 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session closed for user root
May  7 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17727]: pam_unix(cron:session): session closed for user samftp
May  7 21:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: Invalid user xr from 106.75.135.55
May  7 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: input_userauth_request: invalid user xr [preauth]
May  7 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: Failed password for invalid user xr from 106.75.135.55 port 44714 ssh2
May  7 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: Received disconnect from 106.75.135.55 port 44714:11: Bye Bye [preauth]
May  7 21:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18157]: Disconnected from 106.75.135.55 port 44714 [preauth]
May  7 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16830]: pam_unix(cron:session): session closed for user root
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18251]: pam_unix(cron:session): session closed for user p13x
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: Successful su for rubyman by root
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: + ??? root:rubyman
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349176 of user rubyman.
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18315]: pam_unix(su:session): session closed for user rubyman
May  7 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349176.
May  7 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session closed for user root
May  7 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session closed for user samftp
May  7 21:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17274]: pam_unix(cron:session): session closed for user root
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session closed for user p13x
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: Successful su for rubyman by root
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: + ??? root:rubyman
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349179 of user rubyman.
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18720]: pam_unix(su:session): session closed for user rubyman
May  7 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349179.
May  7 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session closed for user root
May  7 21:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18657]: pam_unix(cron:session): session closed for user samftp
May  7 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17730]: pam_unix(cron:session): session closed for user root
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session closed for user p13x
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19190]: Successful su for rubyman by root
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19190]: + ??? root:rubyman
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19190]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349182 of user rubyman.
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19190]: pam_unix(su:session): session closed for user rubyman
May  7 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349182.
May  7 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19063]: pam_unix(cron:session): session closed for user root
May  7 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user root
May  7 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session closed for user samftp
May  7 21:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 21:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Failed password for root from 218.92.0.103 port 42956 ssh2
May  7 21:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: message repeated 2 times: [ Failed password for root from 218.92.0.103 port 42956 ssh2]
May  7 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Received disconnect from 218.92.0.103 port 42956:11:  [preauth]
May  7 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: Disconnected from 218.92.0.103 port 42956 [preauth]
May  7 21:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19450]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session closed for user root
May  7 21:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 21:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19553]: Failed password for root from 218.92.0.111 port 60402 ssh2
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19574]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19575]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19580]: pam_unix(cron:session): session closed for user root
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19574]: pam_unix(cron:session): session closed for user p13x
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19658]: Successful su for rubyman by root
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19658]: + ??? root:rubyman
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349187 of user rubyman.
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19658]: pam_unix(su:session): session closed for user rubyman
May  7 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349187.
May  7 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19576]: pam_unix(cron:session): session closed for user root
May  7 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16828]: pam_unix(cron:session): session closed for user root
May  7 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19575]: pam_unix(cron:session): session closed for user samftp
May  7 21:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18659]: pam_unix(cron:session): session closed for user root
May  7 21:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 21:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Failed password for root from 218.92.0.111 port 26766 ssh2
May  7 21:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Invalid user admin from 106.75.135.55
May  7 21:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: input_userauth_request: invalid user admin [preauth]
May  7 21:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.135.55
May  7 21:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Failed password for invalid user admin from 106.75.135.55 port 55216 ssh2
May  7 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Received disconnect from 106.75.135.55 port 55216:11: Bye Bye [preauth]
May  7 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20009]: Disconnected from 106.75.135.55 port 55216 [preauth]
May  7 21:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session closed for user p13x
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: Successful su for rubyman by root
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: + ??? root:rubyman
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349194 of user rubyman.
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20113]: pam_unix(su:session): session closed for user rubyman
May  7 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349194.
May  7 21:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17273]: pam_unix(cron:session): session closed for user root
May  7 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session closed for user samftp
May  7 21:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 21:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 21:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Failed password for root from 218.92.0.111 port 13340 ssh2
May  7 21:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for root from 218.92.0.217 port 40418 ssh2
May  7 21:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for root from 218.92.0.217 port 40418 ssh2
May  7 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session closed for user root
May  7 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Failed password for root from 218.92.0.217 port 40418 ssh2
May  7 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Received disconnect from 218.92.0.217 port 40418:11:  [preauth]
May  7 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: Disconnected from 218.92.0.217 port 40418 [preauth]
May  7 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20349]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Received disconnect from 218.92.0.111 port 13340:11:  [preauth]
May  7 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Disconnected from 218.92.0.111 port 13340 [preauth]
May  7 21:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19834]: Connection reset by 218.92.0.111 port 64004 [preauth]
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session closed for user p13x
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20520]: Successful su for rubyman by root
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20520]: + ??? root:rubyman
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349198 of user rubyman.
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20520]: pam_unix(su:session): session closed for user rubyman
May  7 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349198.
May  7 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17728]: pam_unix(cron:session): session closed for user root
May  7 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20455]: pam_unix(cron:session): session closed for user samftp
May  7 21:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19904]: Connection reset by 218.92.0.111 port 11138 [preauth]
May  7 21:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19578]: pam_unix(cron:session): session closed for user root
May  7 21:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Invalid user admin from 80.94.95.115
May  7 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: input_userauth_request: invalid user admin [preauth]
May  7 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  7 21:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Failed password for invalid user admin from 80.94.95.115 port 63494 ssh2
May  7 21:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20848]: Connection closed by 80.94.95.115 port 63494 [preauth]
May  7 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20881]: pam_unix(cron:session): session closed for user p13x
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: Successful su for rubyman by root
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: + ??? root:rubyman
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349202 of user rubyman.
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20946]: pam_unix(su:session): session closed for user rubyman
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349202.
May  7 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  7 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18253]: pam_unix(cron:session): session closed for user root
May  7 21:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: Failed password for root from 218.92.0.204 port 37856 ssh2
May  7 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session closed for user samftp
May  7 21:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: Failed password for root from 218.92.0.204 port 37856 ssh2
May  7 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: message repeated 3 times: [ Failed password for root from 218.92.0.204 port 37856 ssh2]
May  7 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 37856 ssh2 [preauth]
May  7 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: Disconnecting: Too many authentication failures [preauth]
May  7 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  7 21:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20860]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20433]: Connection reset by 218.92.0.111 port 13020 [preauth]
May  7 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session closed for user root
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21316]: pam_unix(cron:session): session closed for user p13x
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21379]: Successful su for rubyman by root
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21379]: + ??? root:rubyman
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349206 of user rubyman.
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21379]: pam_unix(su:session): session closed for user rubyman
May  7 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349206.
May  7 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18658]: pam_unix(cron:session): session closed for user root
May  7 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21317]: pam_unix(cron:session): session closed for user samftp
May  7 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20457]: pam_unix(cron:session): session closed for user root
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21832]: pam_unix(cron:session): session closed for user root
May  7 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21748]: pam_unix(cron:session): session closed for user p13x
May  7 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22097]: Successful su for rubyman by root
May  7 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22097]: + ??? root:rubyman
May  7 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349212 of user rubyman.
May  7 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22097]: pam_unix(su:session): session closed for user rubyman
May  7 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349212.
May  7 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21750]: pam_unix(cron:session): session closed for user root
May  7 21:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user root
May  7 21:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21749]: pam_unix(cron:session): session closed for user samftp
May  7 21:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session closed for user p13x
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: Successful su for rubyman by root
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: + ??? root:rubyman
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349217 of user rubyman.
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22601]: pam_unix(su:session): session closed for user rubyman
May  7 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349217.
May  7 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19577]: pam_unix(cron:session): session closed for user root
May  7 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session closed for user samftp
May  7 21:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21320]: pam_unix(cron:session): session closed for user root
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23006]: pam_unix(cron:session): session closed for user p13x
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: Successful su for rubyman by root
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: + ??? root:rubyman
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349219 of user rubyman.
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: pam_unix(su:session): session closed for user rubyman
May  7 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349219.
May  7 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session closed for user root
May  7 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user samftp
May  7 21:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.212  user=root
May  7 21:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for root from 218.92.0.212 port 58004 ssh2
May  7 21:47:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23298]: Failed password for root from 218.92.0.212 port 58004 ssh2
May  7 21:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23415]: Did not receive identification string from 92.118.39.57
May  7 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21752]: pam_unix(cron:session): session closed for user root
May  7 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23506]: pam_unix(cron:session): session closed for user p13x
May  7 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23567]: Successful su for rubyman by root
May  7 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23567]: + ??? root:rubyman
May  7 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23567]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349223 of user rubyman.
May  7 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23567]: pam_unix(su:session): session closed for user rubyman
May  7 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349223.
May  7 21:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session closed for user root
May  7 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23507]: pam_unix(cron:session): session closed for user samftp
May  7 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22526]: pam_unix(cron:session): session closed for user root
May  7 21:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Failed password for root from 218.92.0.179 port 10578 ssh2
May  7 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10578 ssh2]
May  7 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Received disconnect from 218.92.0.179 port 10578:11:  [preauth]
May  7 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: Disconnected from 218.92.0.179 port 10578 [preauth]
May  7 21:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24017]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24032]: pam_unix(cron:session): session closed for user p13x
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24092]: Successful su for rubyman by root
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24092]: + ??? root:rubyman
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349227 of user rubyman.
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24092]: pam_unix(su:session): session closed for user rubyman
May  7 21:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349227.
May  7 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20884]: pam_unix(cron:session): session closed for user root
May  7 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24034]: pam_unix(cron:session): session closed for user samftp
May  7 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user root
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24469]: pam_unix(cron:session): session closed for user root
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session closed for user p13x
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: Successful su for rubyman by root
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: + ??? root:rubyman
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349232 of user rubyman.
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24541]: pam_unix(su:session): session closed for user rubyman
May  7 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349232.
May  7 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24466]: pam_unix(cron:session): session closed for user root
May  7 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21318]: pam_unix(cron:session): session closed for user root
May  7 21:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session closed for user samftp
May  7 21:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 21:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Failed password for root from 218.92.0.221 port 44996 ssh2
May  7 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 44996 ssh2]
May  7 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Received disconnect from 218.92.0.221 port 44996:11:  [preauth]
May  7 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: Disconnected from 218.92.0.221 port 44996 [preauth]
May  7 21:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24795]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 21:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23510]: pam_unix(cron:session): session closed for user root
May  7 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24925]: pam_unix(cron:session): session closed for user p13x
May  7 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: Successful su for rubyman by root
May  7 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: + ??? root:rubyman
May  7 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349237 of user rubyman.
May  7 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24998]: pam_unix(su:session): session closed for user rubyman
May  7 21:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349237.
May  7 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21751]: pam_unix(cron:session): session closed for user root
May  7 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24926]: pam_unix(cron:session): session closed for user samftp
May  7 21:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24036]: pam_unix(cron:session): session closed for user root
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25341]: pam_unix(cron:session): session closed for user p13x
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: Successful su for rubyman by root
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: + ??? root:rubyman
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349241 of user rubyman.
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25409]: pam_unix(su:session): session closed for user rubyman
May  7 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349241.
May  7 21:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22525]: pam_unix(cron:session): session closed for user root
May  7 21:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25342]: pam_unix(cron:session): session closed for user samftp
May  7 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24468]: pam_unix(cron:session): session closed for user root
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25808]: pam_unix(cron:session): session closed for user p13x
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25884]: Successful su for rubyman by root
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25884]: + ??? root:rubyman
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349246 of user rubyman.
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25884]: pam_unix(su:session): session closed for user rubyman
May  7 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349246.
May  7 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user root
May  7 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25809]: pam_unix(cron:session): session closed for user samftp
May  7 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24929]: pam_unix(cron:session): session closed for user root
May  7 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26246]: pam_unix(cron:session): session closed for user p13x
May  7 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26304]: Successful su for rubyman by root
May  7 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26304]: + ??? root:rubyman
May  7 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26304]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349249 of user rubyman.
May  7 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26304]: pam_unix(su:session): session closed for user rubyman
May  7 21:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349249.
May  7 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23508]: pam_unix(cron:session): session closed for user root
May  7 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26247]: pam_unix(cron:session): session closed for user samftp
May  7 21:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Invalid user node from 92.118.39.57
May  7 21:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: input_userauth_request: invalid user node [preauth]
May  7 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.57
May  7 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Failed password for invalid user node from 92.118.39.57 port 54314 ssh2
May  7 21:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26602]: Connection closed by 92.118.39.57 port 54314 [preauth]
May  7 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25344]: pam_unix(cron:session): session closed for user root
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26727]: pam_unix(cron:session): session closed for user root
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26722]: pam_unix(cron:session): session closed for user p13x
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: Successful su for rubyman by root
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: + ??? root:rubyman
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349258 of user rubyman.
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26792]: pam_unix(su:session): session closed for user rubyman
May  7 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349258.
May  7 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26724]: pam_unix(cron:session): session closed for user root
May  7 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24035]: pam_unix(cron:session): session closed for user root
May  7 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26723]: pam_unix(cron:session): session closed for user samftp
May  7 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Invalid user admin from 80.94.95.112
May  7 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: input_userauth_request: invalid user admin [preauth]
May  7 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user admin from 80.94.95.112 port 37048 ssh2
May  7 21:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user admin from 80.94.95.112 port 37048 ssh2
May  7 21:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user admin from 80.94.95.112 port 37048 ssh2
May  7 21:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user admin from 80.94.95.112 port 37048 ssh2
May  7 21:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Failed password for invalid user admin from 80.94.95.112 port 37048 ssh2
May  7 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Received disconnect from 80.94.95.112 port 37048:11: Bye [preauth]
May  7 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: Disconnected from 80.94.95.112 port 37048 [preauth]
May  7 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 21:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27095]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Invalid user array from 85.208.84.4
May  7 21:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: input_userauth_request: invalid user array [preauth]
May  7 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  7 21:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Failed password for invalid user array from 85.208.84.4 port 59506 ssh2
May  7 21:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27129]: Connection closed by 85.208.84.4 port 59506 [preauth]
May  7 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25811]: pam_unix(cron:session): session closed for user root
May  7 21:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 21:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: Failed password for root from 218.92.0.228 port 45110 ssh2
May  7 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 45110 ssh2]
May  7 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: Received disconnect from 218.92.0.228 port 45110:11:  [preauth]
May  7 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: Disconnected from 218.92.0.228 port 45110 [preauth]
May  7 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27217]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 21:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27241]: pam_unix(cron:session): session closed for user p13x
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Failed password for root from 218.92.0.228 port 51438 ssh2
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: Successful su for rubyman by root
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: + ??? root:rubyman
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349261 of user rubyman.
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27314]: pam_unix(su:session): session closed for user rubyman
May  7 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349261.
May  7 21:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Failed password for root from 218.92.0.228 port 51438 ssh2
May  7 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24467]: pam_unix(cron:session): session closed for user root
May  7 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Failed password for root from 218.92.0.228 port 51438 ssh2
May  7 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Received disconnect from 218.92.0.228 port 51438:11:  [preauth]
May  7 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Disconnected from 218.92.0.228 port 51438 [preauth]
May  7 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27242]: pam_unix(cron:session): session closed for user samftp
May  7 21:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 21:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: Failed password for root from 218.92.0.228 port 16664 ssh2
May  7 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 16664 ssh2]
May  7 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: Received disconnect from 218.92.0.228 port 16664:11:  [preauth]
May  7 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: Disconnected from 218.92.0.228 port 16664 [preauth]
May  7 21:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27560]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26249]: pam_unix(cron:session): session closed for user root
May  7 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27706]: Did not receive identification string from 196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Invalid user user from 196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: input_userauth_request: invalid user user [preauth]
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Invalid user support from 196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: input_userauth_request: invalid user support [preauth]
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Invalid user usario from 196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: input_userauth_request: invalid user usario [preauth]
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Invalid user ubnt from 196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: input_userauth_request: invalid user ubnt [preauth]
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: Invalid user admin from 196.251.69.116
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: input_userauth_request: invalid user admin [preauth]
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Failed password for invalid user support from 196.251.69.116 port 12854 ssh2
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Failed password for invalid user user from 196.251.69.116 port 12838 ssh2
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user usario from 196.251.69.116 port 12866 ssh2
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Failed password for invalid user ubnt from 196.251.69.116 port 12868 ssh2
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: Failed password for invalid user admin from 196.251.69.116 port 12860 ssh2
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Received disconnect from 196.251.69.116 port 12854:11: Bye Bye [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27709]: Disconnected from 196.251.69.116 port 12854 [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Received disconnect from 196.251.69.116 port 12838:11: Bye Bye [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27707]: Disconnected from 196.251.69.116 port 12838 [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Received disconnect from 196.251.69.116 port 12866:11: Bye Bye [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Disconnected from 196.251.69.116 port 12866 [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Received disconnect from 196.251.69.116 port 12868:11: Bye Bye [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27713]: Disconnected from 196.251.69.116 port 12868 [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: Received disconnect from 196.251.69.116 port 12860:11: Bye Bye [preauth]
May  7 21:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27715]: Disconnected from 196.251.69.116 port 12860 [preauth]
May  7 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user p13x
May  7 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: Successful su for rubyman by root
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: + ??? root:rubyman
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349263 of user rubyman.
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27799]: pam_unix(su:session): session closed for user rubyman
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349263.
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Invalid user admin from 80.94.95.241
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: input_userauth_request: invalid user admin [preauth]
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for invalid user admin from 80.94.95.241 port 37652 ssh2
May  7 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24927]: pam_unix(cron:session): session closed for user root
May  7 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for invalid user admin from 80.94.95.241 port 37652 ssh2
May  7 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session closed for user samftp
May  7 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for invalid user admin from 80.94.95.241 port 37652 ssh2
May  7 21:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for invalid user admin from 80.94.95.241 port 37652 ssh2
May  7 21:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: pam_unix(sshd:auth): check pass; user unknown
May  7 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Failed password for invalid user admin from 80.94.95.241 port 37652 ssh2
May  7 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Received disconnect from 80.94.95.241 port 37652:11: Bye [preauth]
May  7 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: Disconnected from 80.94.95.241 port 37652 [preauth]
May  7 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 21:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27788]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26726]: pam_unix(cron:session): session closed for user root
May  7 21:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28146]: pam_unix(cron:session): session closed for user p13x
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28208]: Successful su for rubyman by root
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28208]: + ??? root:rubyman
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349269 of user rubyman.
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28208]: pam_unix(su:session): session closed for user rubyman
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349269.
May  7 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Failed password for root from 218.92.0.203 port 45986 ssh2
May  7 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25343]: pam_unix(cron:session): session closed for user root
May  7 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Failed password for root from 218.92.0.203 port 45986 ssh2
May  7 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28147]: pam_unix(cron:session): session closed for user samftp
May  7 21:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Failed password for root from 218.92.0.203 port 45986 ssh2
May  7 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: message repeated 2 times: [ Failed password for root from 218.92.0.203 port 45986 ssh2]
May  7 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 45986 ssh2 [preauth]
May  7 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Disconnecting: Too many authentication failures [preauth]
May  7 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  7 21:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 21:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27245]: pam_unix(cron:session): session closed for user root
May  7 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28552]: pam_unix(cron:session): session closed for user p13x
May  7 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28614]: Successful su for rubyman by root
May  7 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28614]: + ??? root:rubyman
May  7 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349273 of user rubyman.
May  7 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28614]: pam_unix(su:session): session closed for user rubyman
May  7 21:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349273.
May  7 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25810]: pam_unix(cron:session): session closed for user root
May  7 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28553]: pam_unix(cron:session): session closed for user samftp
May  7 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user root
May  7 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 21:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 21:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: Failed password for root from 218.92.0.217 port 63650 ssh2
May  7 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 63650 ssh2]
May  7 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: Received disconnect from 218.92.0.217 port 63650:11:  [preauth]
May  7 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: Disconnected from 218.92.0.217 port 63650 [preauth]
May  7 21:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28909]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28963]: pam_unix(cron:session): session closed for user root
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28967]: pam_unix(cron:session): session closed for user root
May  7 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28961]: pam_unix(cron:session): session closed for user p13x
May  7 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: Successful su for rubyman by root
May  7 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: + ??? root:rubyman
May  7 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349280 of user rubyman.
May  7 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29156]: pam_unix(su:session): session closed for user rubyman
May  7 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349280.
May  7 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26248]: pam_unix(cron:session): session closed for user root
May  7 22:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28964]: pam_unix(cron:session): session closed for user root
May  7 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28962]: pam_unix(cron:session): session closed for user samftp
May  7 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session closed for user root
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29565]: pam_unix(cron:session): session closed for user p13x
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: Successful su for rubyman by root
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: + ??? root:rubyman
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349283 of user rubyman.
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29634]: pam_unix(su:session): session closed for user rubyman
May  7 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349283.
May  7 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: Invalid user ubuntu from 92.118.39.57
May  7 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: input_userauth_request: invalid user ubuntu [preauth]
May  7 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.57
May  7 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26725]: pam_unix(cron:session): session closed for user root
May  7 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29566]: pam_unix(cron:session): session closed for user samftp
May  7 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: Failed password for invalid user ubuntu from 92.118.39.57 port 40702 ssh2
May  7 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29780]: Connection closed by 92.118.39.57 port 40702 [preauth]
May  7 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28555]: pam_unix(cron:session): session closed for user root
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29985]: pam_unix(cron:session): session closed for user p13x
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: Successful su for rubyman by root
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: + ??? root:rubyman
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349287 of user rubyman.
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30045]: pam_unix(su:session): session closed for user rubyman
May  7 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349287.
May  7 22:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27243]: pam_unix(cron:session): session closed for user root
May  7 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session closed for user samftp
May  7 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session closed for user root
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30374]: pam_unix(cron:session): session closed for user p13x
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30436]: Successful su for rubyman by root
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30436]: + ??? root:rubyman
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349290 of user rubyman.
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30436]: pam_unix(su:session): session closed for user rubyman
May  7 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349290.
May  7 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
May  7 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30375]: pam_unix(cron:session): session closed for user samftp
May  7 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29568]: pam_unix(cron:session): session closed for user root
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30767]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30766]: pam_unix(cron:session): session closed for user p13x
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30826]: Successful su for rubyman by root
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30826]: + ??? root:rubyman
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349295 of user rubyman.
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30826]: pam_unix(su:session): session closed for user rubyman
May  7 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349295.
May  7 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session closed for user root
May  7 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30767]: pam_unix(cron:session): session closed for user samftp
May  7 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session closed for user root
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31274]: pam_unix(cron:session): session closed for user root
May  7 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session closed for user p13x
May  7 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: Successful su for rubyman by root
May  7 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: + ??? root:rubyman
May  7 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349298 of user rubyman.
May  7 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session closed for user rubyman
May  7 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349298.
May  7 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session closed for user root
May  7 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28554]: pam_unix(cron:session): session closed for user root
May  7 22:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session closed for user samftp
May  7 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30378]: pam_unix(cron:session): session closed for user root
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31733]: pam_unix(cron:session): session closed for user p13x
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31800]: Successful su for rubyman by root
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31800]: + ??? root:rubyman
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349304 of user rubyman.
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31800]: pam_unix(su:session): session closed for user rubyman
May  7 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349304.
May  7 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session closed for user root
May  7 22:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31734]: pam_unix(cron:session): session closed for user samftp
May  7 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30769]: pam_unix(cron:session): session closed for user root
May  7 22:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 22:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Failed password for root from 80.94.95.125 port 25585 ssh2
May  7 22:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 25585 ssh2]
May  7 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Received disconnect from 80.94.95.125 port 25585:11: Bye [preauth]
May  7 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Disconnected from 80.94.95.125 port 25585 [preauth]
May  7 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 22:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32445]: pam_unix(cron:session): session closed for user p13x
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: Successful su for rubyman by root
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: + ??? root:rubyman
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349308 of user rubyman.
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32513]: pam_unix(su:session): session closed for user rubyman
May  7 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349308.
May  7 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29567]: pam_unix(cron:session): session closed for user root
May  7 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32446]: pam_unix(cron:session): session closed for user samftp
May  7 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session closed for user root
May  7 22:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  7 22:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Invalid user validator from 92.118.39.57
May  7 22:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: input_userauth_request: invalid user validator [preauth]
May  7 22:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.57
May  7 22:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Failed password for root from 85.208.84.4 port 16098 ssh2
May  7 22:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[549]: Connection closed by 85.208.84.4 port 16098 [preauth]
May  7 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Failed password for invalid user validator from 92.118.39.57 port 55242 ssh2
May  7 22:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[551]: Connection closed by 92.118.39.57 port 55242 [preauth]
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session closed for user p13x
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[642]: Successful su for rubyman by root
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[642]: + ??? root:rubyman
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349313 of user rubyman.
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[642]: pam_unix(su:session): session closed for user rubyman
May  7 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349313.
May  7 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session closed for user root
May  7 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session closed for user samftp
May  7 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31736]: pam_unix(cron:session): session closed for user root
May  7 22:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Invalid user ark from 185.40.7.197
May  7 22:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: input_userauth_request: invalid user ark [preauth]
May  7 22:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session closed for user p13x
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: Successful su for rubyman by root
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: + ??? root:rubyman
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349316 of user rubyman.
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1199]: pam_unix(su:session): session closed for user rubyman
May  7 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349316.
May  7 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Failed password for invalid user ark from 185.40.7.197 port 60064 ssh2
May  7 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Received disconnect from 185.40.7.197 port 60064:11: Bye Bye [preauth]
May  7 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1038]: Disconnected from 185.40.7.197 port 60064 [preauth]
May  7 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1051]: pam_unix(cron:session): session closed for user root
May  7 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30377]: pam_unix(cron:session): session closed for user root
May  7 22:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1058]: pam_unix(cron:session): session closed for user samftp
May  7 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 22:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Failed password for root from 218.92.0.231 port 23294 ssh2
May  7 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 23294 ssh2]
May  7 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Received disconnect from 218.92.0.231 port 23294:11:  [preauth]
May  7 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: Disconnected from 218.92.0.231 port 23294 [preauth]
May  7 22:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32452]: pam_unix(cron:session): session closed for user root
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1644]: pam_unix(cron:session): session closed for user root
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1639]: pam_unix(cron:session): session closed for user p13x
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: Successful su for rubyman by root
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: + ??? root:rubyman
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349321 of user rubyman.
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1732]: pam_unix(su:session): session closed for user rubyman
May  7 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349321.
May  7 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1641]: pam_unix(cron:session): session closed for user root
May  7 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30768]: pam_unix(cron:session): session closed for user root
May  7 22:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1640]: pam_unix(cron:session): session closed for user samftp
May  7 22:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 22:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Failed password for root from 218.92.0.219 port 40218 ssh2
May  7 22:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 40218 ssh2]
May  7 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Received disconnect from 218.92.0.219 port 40218:11:  [preauth]
May  7 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: Disconnected from 218.92.0.219 port 40218 [preauth]
May  7 22:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2049]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  7 22:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2102]: Did not receive identification string from 80.64.18.84
May  7 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[575]: pam_unix(cron:session): session closed for user root
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2194]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2193]: pam_unix(cron:session): session closed for user p13x
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2262]: Successful su for rubyman by root
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2262]: + ??? root:rubyman
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349329 of user rubyman.
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2262]: pam_unix(su:session): session closed for user rubyman
May  7 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349329.
May  7 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session closed for user root
May  7 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2194]: pam_unix(cron:session): session closed for user samftp
May  7 22:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session closed for user root
May  7 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2639]: pam_unix(cron:session): session closed for user p13x
May  7 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: Successful su for rubyman by root
May  7 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: + ??? root:rubyman
May  7 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349332 of user rubyman.
May  7 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2715]: pam_unix(su:session): session closed for user rubyman
May  7 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349332.
May  7 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31735]: pam_unix(cron:session): session closed for user root
May  7 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2640]: pam_unix(cron:session): session closed for user samftp
May  7 22:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1643]: pam_unix(cron:session): session closed for user root
May  7 22:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  7 22:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Failed password for root from 218.92.0.216 port 56188 ssh2
May  7 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 56188 ssh2]
May  7 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Received disconnect from 218.92.0.216 port 56188:11:  [preauth]
May  7 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: Disconnected from 218.92.0.216 port 56188 [preauth]
May  7 22:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3016]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  7 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3068]: pam_unix(cron:session): session closed for user p13x
May  7 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3132]: Successful su for rubyman by root
May  7 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3132]: + ??? root:rubyman
May  7 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349335 of user rubyman.
May  7 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3132]: pam_unix(su:session): session closed for user rubyman
May  7 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349335.
May  7 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32447]: pam_unix(cron:session): session closed for user root
May  7 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3069]: pam_unix(cron:session): session closed for user samftp
May  7 22:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 22:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Failed password for root from 218.92.0.201 port 26500 ssh2
May  7 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: message repeated 4 times: [ Failed password for root from 218.92.0.201 port 26500 ssh2]
May  7 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 26500 ssh2 [preauth]
May  7 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: Disconnecting: Too many authentication failures [preauth]
May  7 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  7 22:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3317]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session closed for user root
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3494]: pam_unix(cron:session): session closed for user p13x
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: Successful su for rubyman by root
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: + ??? root:rubyman
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349339 of user rubyman.
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3558]: pam_unix(su:session): session closed for user rubyman
May  7 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349339.
May  7 22:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection reset by 218.92.0.228 port 61972 [preauth]
May  7 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session closed for user root
May  7 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3495]: pam_unix(cron:session): session closed for user samftp
May  7 22:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2643]: pam_unix(cron:session): session closed for user root
May  7 22:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: Invalid user solana from 92.118.39.57
May  7 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: input_userauth_request: invalid user solana [preauth]
May  7 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.57
May  7 22:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: Failed password for invalid user solana from 92.118.39.57 port 41540 ssh2
May  7 22:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3862]: Connection closed by 92.118.39.57 port 41540 [preauth]
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3922]: pam_unix(cron:session): session closed for user root
May  7 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user p13x
May  7 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4021]: Successful su for rubyman by root
May  7 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4021]: + ??? root:rubyman
May  7 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349345 of user rubyman.
May  7 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4021]: pam_unix(su:session): session closed for user rubyman
May  7 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349345.
May  7 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3918]: pam_unix(cron:session): session closed for user root
May  7 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session closed for user root
May  7 22:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session closed for user samftp
May  7 22:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: Invalid user sftptest from 167.71.228.77
May  7 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: input_userauth_request: invalid user sftptest [preauth]
May  7 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 22:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: Failed password for invalid user sftptest from 167.71.228.77 port 33632 ssh2
May  7 22:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: Received disconnect from 167.71.228.77 port 33632:11: Bye Bye [preauth]
May  7 22:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4289]: Disconnected from 167.71.228.77 port 33632 [preauth]
May  7 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3071]: pam_unix(cron:session): session closed for user root
May  7 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4544]: pam_unix(cron:session): session closed for user p13x
May  7 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: Successful su for rubyman by root
May  7 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: + ??? root:rubyman
May  7 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349350 of user rubyman.
May  7 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4624]: pam_unix(su:session): session closed for user rubyman
May  7 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349350.
May  7 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1642]: pam_unix(cron:session): session closed for user root
May  7 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4545]: pam_unix(cron:session): session closed for user samftp
May  7 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3497]: pam_unix(cron:session): session closed for user root
May  7 22:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 22:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Failed password for root from 185.40.7.197 port 56030 ssh2
May  7 22:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Received disconnect from 185.40.7.197 port 56030:11: Bye Bye [preauth]
May  7 22:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4970]: Disconnected from 185.40.7.197 port 56030 [preauth]
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4981]: pam_unix(cron:session): session closed for user root
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4983]: pam_unix(cron:session): session closed for user p13x
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5235]: Successful su for rubyman by root
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5235]: + ??? root:rubyman
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349353 of user rubyman.
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5235]: pam_unix(su:session): session closed for user rubyman
May  7 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349353.
May  7 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session closed for user root
May  7 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4984]: pam_unix(cron:session): session closed for user samftp
May  7 22:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3921]: pam_unix(cron:session): session closed for user root
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5635]: pam_unix(cron:session): session closed for user p13x
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5704]: Successful su for rubyman by root
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5704]: + ??? root:rubyman
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349358 of user rubyman.
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5704]: pam_unix(su:session): session closed for user rubyman
May  7 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349358.
May  7 22:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2641]: pam_unix(cron:session): session closed for user root
May  7 22:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Failed password for root from 197.248.178.226 port 58124 ssh2
May  7 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Received disconnect from 197.248.178.226 port 58124:11: Bye Bye [preauth]
May  7 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Disconnected from 197.248.178.226 port 58124 [preauth]
May  7 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5636]: pam_unix(cron:session): session closed for user samftp
May  7 22:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Invalid user usuario from 80.94.95.116
May  7 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: input_userauth_request: invalid user usuario [preauth]
May  7 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 22:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Failed password for invalid user usuario from 80.94.95.116 port 55174 ssh2
May  7 22:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Connection closed by 80.94.95.116 port 55174 [preauth]
May  7 22:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 22:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for root from 218.92.0.237 port 53580 ssh2
May  7 22:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 53580 ssh2]
May  7 22:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Received disconnect from 218.92.0.237 port 53580:11:  [preauth]
May  7 22:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Disconnected from 218.92.0.237 port 53580 [preauth]
May  7 22:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  7 22:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4548]: pam_unix(cron:session): session closed for user root
May  7 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6145]: pam_unix(cron:session): session closed for user p13x
May  7 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6210]: Successful su for rubyman by root
May  7 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6210]: + ??? root:rubyman
May  7 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349362 of user rubyman.
May  7 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6210]: pam_unix(su:session): session closed for user rubyman
May  7 22:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349362.
May  7 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3070]: pam_unix(cron:session): session closed for user root
May  7 22:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6146]: pam_unix(cron:session): session closed for user samftp
May  7 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4986]: pam_unix(cron:session): session closed for user root
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6546]: pam_unix(cron:session): session closed for user root
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6541]: pam_unix(cron:session): session closed for user p13x
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6614]: Successful su for rubyman by root
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6614]: + ??? root:rubyman
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6614]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349366 of user rubyman.
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6614]: pam_unix(su:session): session closed for user rubyman
May  7 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349366.
May  7 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6543]: pam_unix(cron:session): session closed for user root
May  7 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3496]: pam_unix(cron:session): session closed for user root
May  7 22:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6542]: pam_unix(cron:session): session closed for user samftp
May  7 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5640]: pam_unix(cron:session): session closed for user root
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7083]: pam_unix(cron:session): session closed for user p13x
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7166]: Successful su for rubyman by root
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7166]: + ??? root:rubyman
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349372 of user rubyman.
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7166]: pam_unix(su:session): session closed for user rubyman
May  7 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349372.
May  7 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3919]: pam_unix(cron:session): session closed for user root
May  7 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7084]: pam_unix(cron:session): session closed for user samftp
May  7 22:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Invalid user sol from 92.118.39.57
May  7 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: input_userauth_request: invalid user sol [preauth]
May  7 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.57
May  7 22:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for invalid user sol from 92.118.39.57 port 56072 ssh2
May  7 22:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Connection closed by 92.118.39.57 port 56072 [preauth]
May  7 22:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session closed for user root
May  7 22:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Invalid user mirco from 185.40.7.197
May  7 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: input_userauth_request: invalid user mirco [preauth]
May  7 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Failed password for invalid user mirco from 185.40.7.197 port 34058 ssh2
May  7 22:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Received disconnect from 185.40.7.197 port 34058:11: Bye Bye [preauth]
May  7 22:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7440]: Disconnected from 185.40.7.197 port 34058 [preauth]
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user p13x
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: Successful su for rubyman by root
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: + ??? root:rubyman
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349377 of user rubyman.
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7670]: pam_unix(su:session): session closed for user rubyman
May  7 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349377.
May  7 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4546]: pam_unix(cron:session): session closed for user root
May  7 22:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user samftp
May  7 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6545]: pam_unix(cron:session): session closed for user root
May  7 22:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8026]: pam_unix(cron:session): session closed for user p13x
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: Successful su for rubyman by root
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: + ??? root:rubyman
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349381 of user rubyman.
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8091]: pam_unix(su:session): session closed for user rubyman
May  7 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349381.
May  7 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4985]: pam_unix(cron:session): session closed for user root
May  7 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8027]: pam_unix(cron:session): session closed for user samftp
May  7 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7086]: pam_unix(cron:session): session closed for user root
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session closed for user p13x
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: Successful su for rubyman by root
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: + ??? root:rubyman
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349386 of user rubyman.
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8521]: pam_unix(su:session): session closed for user rubyman
May  7 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349386.
May  7 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5637]: pam_unix(cron:session): session closed for user root
May  7 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session closed for user samftp
May  7 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8756]: Did not receive identification string from 160.191.52.76
May  7 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7604]: pam_unix(cron:session): session closed for user root
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session closed for user root
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user p13x
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8952]: Successful su for rubyman by root
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8952]: + ??? root:rubyman
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349388 of user rubyman.
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8952]: pam_unix(su:session): session closed for user rubyman
May  7 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349388.
May  7 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session closed for user root
May  7 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6147]: pam_unix(cron:session): session closed for user root
May  7 22:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user samftp
May  7 22:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9343]: Connection closed by 46.244.96.25 port 51062 [preauth]
May  7 22:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Invalid user test_user from 46.244.96.25
May  7 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: input_userauth_request: invalid user test_user [preauth]
May  7 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  7 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8029]: pam_unix(cron:session): session closed for user root
May  7 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Failed password for invalid user test_user from 46.244.96.25 port 51072 ssh2
May  7 22:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9357]: Connection closed by 46.244.96.25 port 51072 [preauth]
May  7 22:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77  user=root
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Failed password for root from 167.71.228.77 port 51466 ssh2
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Received disconnect from 167.71.228.77 port 51466:11: Bye Bye [preauth]
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Disconnected from 167.71.228.77 port 51466 [preauth]
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9451]: pam_unix(cron:session): session closed for user p13x
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: Successful su for rubyman by root
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: + ??? root:rubyman
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349395 of user rubyman.
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9521]: pam_unix(su:session): session closed for user rubyman
May  7 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349395.
May  7 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6544]: pam_unix(cron:session): session closed for user root
May  7 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: Invalid user pos from 185.40.7.197
May  7 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: input_userauth_request: invalid user pos [preauth]
May  7 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9452]: pam_unix(cron:session): session closed for user samftp
May  7 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: Failed password for invalid user pos from 185.40.7.197 port 47962 ssh2
May  7 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: Received disconnect from 185.40.7.197 port 47962:11: Bye Bye [preauth]
May  7 22:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9669]: Disconnected from 185.40.7.197 port 47962 [preauth]
May  7 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8453]: pam_unix(cron:session): session closed for user root
May  7 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Invalid user lidan from 190.103.202.7
May  7 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: input_userauth_request: invalid user lidan [preauth]
May  7 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  7 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Failed password for invalid user lidan from 190.103.202.7 port 59596 ssh2
May  7 22:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9784]: Connection closed by 190.103.202.7 port 59596 [preauth]
May  7 22:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Invalid user baidu from 59.12.160.91
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: input_userauth_request: invalid user baidu [preauth]
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user p13x
May  7 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: Successful su for rubyman by root
May  7 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: + ??? root:rubyman
May  7 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349398 of user rubyman.
May  7 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: pam_unix(su:session): session closed for user rubyman
May  7 22:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349398.
May  7 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Failed password for invalid user baidu from 59.12.160.91 port 40296 ssh2
May  7 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Received disconnect from 59.12.160.91 port 40296:11: Bye Bye [preauth]
May  7 22:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Disconnected from 59.12.160.91 port 40296 [preauth]
May  7 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7085]: pam_unix(cron:session): session closed for user root
May  7 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session closed for user samftp
May  7 22:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8881]: pam_unix(cron:session): session closed for user root
May  7 22:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Invalid user daniel from 80.94.95.116
May  7 22:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: input_userauth_request: invalid user daniel [preauth]
May  7 22:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 22:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Failed password for invalid user daniel from 80.94.95.116 port 54408 ssh2
May  7 22:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10331]: Connection closed by 80.94.95.116 port 54408 [preauth]
May  7 22:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Invalid user admin from 80.94.95.112
May  7 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: input_userauth_request: invalid user admin [preauth]
May  7 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user admin from 80.94.95.112 port 24793 ssh2
May  7 22:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user admin from 80.94.95.112 port 24793 ssh2
May  7 22:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user admin from 80.94.95.112 port 24793 ssh2
May  7 22:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user p13x
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: Successful su for rubyman by root
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: + ??? root:rubyman
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349403 of user rubyman.
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10423]: pam_unix(su:session): session closed for user rubyman
May  7 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349403.
May  7 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user admin from 80.94.95.112 port 24793 ssh2
May  7 22:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7603]: pam_unix(cron:session): session closed for user root
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Failed password for invalid user admin from 80.94.95.112 port 24793 ssh2
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Received disconnect from 80.94.95.112 port 24793:11: Bye [preauth]
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: Disconnected from 80.94.95.112 port 24793 [preauth]
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10343]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: Invalid user shoutcast from 197.248.178.226
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: input_userauth_request: invalid user shoutcast [preauth]
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session closed for user samftp
May  7 22:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: Failed password for invalid user shoutcast from 197.248.178.226 port 49260 ssh2
May  7 22:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: Received disconnect from 197.248.178.226 port 49260:11: Bye Bye [preauth]
May  7 22:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10516]: Disconnected from 197.248.178.226 port 49260 [preauth]
May  7 22:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9455]: pam_unix(cron:session): session closed for user root
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10838]: pam_unix(cron:session): session closed for user p13x
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10903]: Successful su for rubyman by root
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10903]: + ??? root:rubyman
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349407 of user rubyman.
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10903]: pam_unix(su:session): session closed for user rubyman
May  7 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349407.
May  7 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8028]: pam_unix(cron:session): session closed for user root
May  7 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session closed for user samftp
May  7 22:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Invalid user admin from 80.94.95.241
May  7 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: input_userauth_request: invalid user admin [preauth]
May  7 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 22:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user admin from 80.94.95.241 port 8724 ssh2
May  7 22:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user admin from 80.94.95.241 port 8724 ssh2
May  7 22:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user admin from 80.94.95.241 port 8724 ssh2
May  7 22:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user admin from 80.94.95.241 port 8724 ssh2
May  7 22:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user admin from 80.94.95.241 port 8724 ssh2
May  7 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Received disconnect from 80.94.95.241 port 8724:11: Bye [preauth]
May  7 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Disconnected from 80.94.95.241 port 8724 [preauth]
May  7 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 22:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user root
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session closed for user root
May  7 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11236]: pam_unix(cron:session): session closed for user p13x
May  7 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11305]: Successful su for rubyman by root
May  7 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11305]: + ??? root:rubyman
May  7 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349410 of user rubyman.
May  7 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11305]: pam_unix(su:session): session closed for user rubyman
May  7 22:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349410.
May  7 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session closed for user root
May  7 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8452]: pam_unix(cron:session): session closed for user root
May  7 22:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11237]: pam_unix(cron:session): session closed for user samftp
May  7 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Invalid user contest from 185.40.7.197
May  7 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: input_userauth_request: invalid user contest [preauth]
May  7 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Failed password for invalid user contest from 185.40.7.197 port 34502 ssh2
May  7 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Received disconnect from 185.40.7.197 port 34502:11: Bye Bye [preauth]
May  7 22:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Disconnected from 185.40.7.197 port 34502 [preauth]
May  7 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10357]: pam_unix(cron:session): session closed for user root
May  7 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Invalid user arif from 59.12.160.91
May  7 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: input_userauth_request: invalid user arif [preauth]
May  7 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for invalid user arif from 59.12.160.91 port 42706 ssh2
May  7 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Received disconnect from 59.12.160.91 port 42706:11: Bye Bye [preauth]
May  7 22:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Disconnected from 59.12.160.91 port 42706 [preauth]
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11667]: pam_unix(cron:session): session closed for user p13x
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: Successful su for rubyman by root
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: + ??? root:rubyman
May  7 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349417 of user rubyman.
May  7 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11735]: pam_unix(su:session): session closed for user rubyman
May  7 22:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349417.
May  7 22:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session closed for user root
May  7 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11668]: pam_unix(cron:session): session closed for user samftp
May  7 22:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Invalid user frappe from 167.71.228.77
May  7 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: input_userauth_request: invalid user frappe [preauth]
May  7 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user root
May  7 22:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Failed password for invalid user frappe from 167.71.228.77 port 41452 ssh2
May  7 22:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Received disconnect from 167.71.228.77 port 41452:11: Bye Bye [preauth]
May  7 22:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11983]: Disconnected from 167.71.228.77 port 41452 [preauth]
May  7 22:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: Invalid user oka from 91.151.88.235
May  7 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: input_userauth_request: invalid user oka [preauth]
May  7 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 22:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Invalid user forest from 146.190.143.102
May  7 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user forest [preauth]
May  7 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.143.102
May  7 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: Failed password for invalid user oka from 91.151.88.235 port 37134 ssh2
May  7 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: Received disconnect from 91.151.88.235 port 37134:11: Bye Bye [preauth]
May  7 22:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12013]: Disconnected from 91.151.88.235 port 37134 [preauth]
May  7 22:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user forest from 146.190.143.102 port 55222 ssh2
May  7 22:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Received disconnect from 146.190.143.102 port 55222:11: Bye Bye [preauth]
May  7 22:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Disconnected from 146.190.143.102 port 55222 [preauth]
May  7 22:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12065]: pam_unix(cron:session): session closed for user p13x
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: Successful su for rubyman by root
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: + ??? root:rubyman
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349420 of user rubyman.
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: pam_unix(su:session): session closed for user rubyman
May  7 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349420.
May  7 22:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9453]: pam_unix(cron:session): session closed for user root
May  7 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12066]: pam_unix(cron:session): session closed for user samftp
May  7 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Invalid user support from 160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: input_userauth_request: invalid user support [preauth]
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: Invalid user admin from 160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Invalid user ubnt from 160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Invalid user user from 160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: input_userauth_request: invalid user user [preauth]
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Invalid user usario from 160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: input_userauth_request: invalid user usario [preauth]
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: input_userauth_request: invalid user admin [preauth]
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: input_userauth_request: invalid user ubnt [preauth]
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.76
May  7 22:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=160.191.52.76
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Failed password for invalid user support from 160.191.52.76 port 62654 ssh2
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Failed password for invalid user usario from 160.191.52.76 port 62630 ssh2
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: Failed password for invalid user admin from 160.191.52.76 port 62612 ssh2
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Failed password for invalid user ubnt from 160.191.52.76 port 62618 ssh2
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Failed password for invalid user user from 160.191.52.76 port 62642 ssh2
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: Received disconnect from 160.191.52.76 port 62612:11: Bye Bye [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12331]: Disconnected from 160.191.52.76 port 62612 [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Received disconnect from 160.191.52.76 port 62618:11: Bye Bye [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Disconnected from 160.191.52.76 port 62618 [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Received disconnect from 160.191.52.76 port 62630:11: Bye Bye [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12333]: Disconnected from 160.191.52.76 port 62630 [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Received disconnect from 160.191.52.76 port 62642:11: Bye Bye [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Disconnected from 160.191.52.76 port 62642 [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Received disconnect from 160.191.52.76 port 62654:11: Bye Bye [preauth]
May  7 22:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Disconnected from 160.191.52.76 port 62654 [preauth]
May  7 22:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Invalid user oka from 59.12.160.91
May  7 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: input_userauth_request: invalid user oka [preauth]
May  7 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Failed password for invalid user oka from 59.12.160.91 port 53544 ssh2
May  7 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11240]: pam_unix(cron:session): session closed for user root
May  7 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Received disconnect from 59.12.160.91 port 53544:11: Bye Bye [preauth]
May  7 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12401]: Disconnected from 59.12.160.91 port 53544 [preauth]
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12486]: pam_unix(cron:session): session closed for user p13x
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: Successful su for rubyman by root
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: + ??? root:rubyman
May  7 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349424 of user rubyman.
May  7 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12545]: pam_unix(su:session): session closed for user rubyman
May  7 22:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349424.
May  7 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user root
May  7 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12487]: pam_unix(cron:session): session closed for user samftp
May  7 22:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 22:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Failed password for root from 218.92.0.236 port 22766 ssh2
May  7 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 22766 ssh2]
May  7 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Received disconnect from 218.92.0.236 port 22766:11:  [preauth]
May  7 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: Disconnected from 218.92.0.236 port 22766 [preauth]
May  7 22:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12728]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11670]: pam_unix(cron:session): session closed for user root
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session closed for user p13x
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: Successful su for rubyman by root
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: + ??? root:rubyman
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349429 of user rubyman.
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12932]: pam_unix(su:session): session closed for user rubyman
May  7 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349429.
May  7 22:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session closed for user root
May  7 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: Failed password for root from 197.248.178.226 port 41730 ssh2
May  7 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session closed for user samftp
May  7 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: Received disconnect from 197.248.178.226 port 41730:11: Bye Bye [preauth]
May  7 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12986]: Disconnected from 197.248.178.226 port 41730 [preauth]
May  7 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: Invalid user vtatis from 59.12.160.91
May  7 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: input_userauth_request: invalid user vtatis [preauth]
May  7 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: Failed password for invalid user vtatis from 59.12.160.91 port 36012 ssh2
May  7 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: Received disconnect from 59.12.160.91 port 36012:11: Bye Bye [preauth]
May  7 22:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13159]: Disconnected from 59.12.160.91 port 36012 [preauth]
May  7 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12068]: pam_unix(cron:session): session closed for user root
May  7 22:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Invalid user ubuntu from 185.40.7.197
May  7 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: input_userauth_request: invalid user ubuntu [preauth]
May  7 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Failed password for invalid user ubuntu from 185.40.7.197 port 40280 ssh2
May  7 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Received disconnect from 185.40.7.197 port 40280:11: Bye Bye [preauth]
May  7 22:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13249]: Disconnected from 185.40.7.197 port 40280 [preauth]
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session closed for user root
May  7 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13271]: pam_unix(cron:session): session closed for user p13x
May  7 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13344]: Successful su for rubyman by root
May  7 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13344]: + ??? root:rubyman
May  7 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349433 of user rubyman.
May  7 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13344]: pam_unix(su:session): session closed for user rubyman
May  7 22:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349433.
May  7 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session closed for user root
May  7 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session closed for user root
May  7 22:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session closed for user samftp
May  7 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12490]: pam_unix(cron:session): session closed for user root
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13809]: pam_unix(cron:session): session closed for user p13x
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: Successful su for rubyman by root
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: + ??? root:rubyman
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349439 of user rubyman.
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13877]: pam_unix(su:session): session closed for user rubyman
May  7 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349439.
May  7 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session closed for user root
May  7 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Invalid user afc from 59.12.160.91
May  7 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: input_userauth_request: invalid user afc [preauth]
May  7 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13810]: pam_unix(cron:session): session closed for user samftp
May  7 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Failed password for invalid user afc from 59.12.160.91 port 46382 ssh2
May  7 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Received disconnect from 59.12.160.91 port 46382:11: Bye Bye [preauth]
May  7 22:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14035]: Disconnected from 59.12.160.91 port 46382 [preauth]
May  7 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session closed for user root
May  7 22:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: Invalid user jinyu from 167.71.228.77
May  7 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: input_userauth_request: invalid user jinyu [preauth]
May  7 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: Failed password for invalid user jinyu from 167.71.228.77 port 58146 ssh2
May  7 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: Received disconnect from 167.71.228.77 port 58146:11: Bye Bye [preauth]
May  7 22:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14211]: Disconnected from 167.71.228.77 port 58146 [preauth]
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session closed for user p13x
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: Successful su for rubyman by root
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: + ??? root:rubyman
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349442 of user rubyman.
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14287]: pam_unix(su:session): session closed for user rubyman
May  7 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349442.
May  7 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11669]: pam_unix(cron:session): session closed for user root
May  7 22:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14221]: pam_unix(cron:session): session closed for user samftp
May  7 22:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session closed for user root
May  7 22:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: Invalid user vpsuser from 59.12.160.91
May  7 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: input_userauth_request: invalid user vpsuser [preauth]
May  7 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: Failed password for invalid user vpsuser from 59.12.160.91 port 56824 ssh2
May  7 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: Received disconnect from 59.12.160.91 port 56824:11: Bye Bye [preauth]
May  7 22:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14606]: Disconnected from 59.12.160.91 port 56824 [preauth]
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session closed for user p13x
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14695]: Successful su for rubyman by root
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14695]: + ??? root:rubyman
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349446 of user rubyman.
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14695]: pam_unix(su:session): session closed for user rubyman
May  7 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349446.
May  7 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12067]: pam_unix(cron:session): session closed for user root
May  7 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session closed for user samftp
May  7 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13812]: pam_unix(cron:session): session closed for user root
May  7 22:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14163]: Connection reset by 218.92.0.217 port 24622 [preauth]
May  7 22:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15041]: pam_unix(cron:session): session closed for user p13x
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: Successful su for rubyman by root
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: + ??? root:rubyman
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349452 of user rubyman.
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session closed for user rubyman
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349452.
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Failed password for root from 80.94.95.125 port 20166 ssh2
May  7 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15039]: pam_unix(cron:session): session closed for user root
May  7 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12489]: pam_unix(cron:session): session closed for user root
May  7 22:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Failed password for root from 80.94.95.125 port 20166 ssh2
May  7 22:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15042]: pam_unix(cron:session): session closed for user samftp
May  7 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Failed password for root from 80.94.95.125 port 20166 ssh2
May  7 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 20166 ssh2]
May  7 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Received disconnect from 80.94.95.125 port 20166:11: Bye [preauth]
May  7 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: Disconnected from 80.94.95.125 port 20166 [preauth]
May  7 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 22:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15037]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Failed password for root from 185.40.7.197 port 50660 ssh2
May  7 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Received disconnect from 185.40.7.197 port 50660:11: Bye Bye [preauth]
May  7 22:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15413]: Disconnected from 185.40.7.197 port 50660 [preauth]
May  7 22:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session closed for user root
May  7 22:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Invalid user freddy from 59.12.160.91
May  7 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: input_userauth_request: invalid user freddy [preauth]
May  7 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Failed password for invalid user freddy from 59.12.160.91 port 39288 ssh2
May  7 22:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Received disconnect from 59.12.160.91 port 39288:11: Bye Bye [preauth]
May  7 22:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15473]: Disconnected from 59.12.160.91 port 39288 [preauth]
May  7 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Invalid user oka from 146.190.143.102
May  7 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: input_userauth_request: invalid user oka [preauth]
May  7 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.143.102
May  7 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Failed password for invalid user oka from 146.190.143.102 port 37188 ssh2
May  7 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Received disconnect from 146.190.143.102 port 37188:11: Bye Bye [preauth]
May  7 22:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15499]: Disconnected from 146.190.143.102 port 37188 [preauth]
May  7 22:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 22:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Failed password for root from 197.248.178.226 port 54872 ssh2
May  7 22:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Received disconnect from 197.248.178.226 port 54872:11: Bye Bye [preauth]
May  7 22:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15518]: Disconnected from 197.248.178.226 port 54872 [preauth]
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15534]: pam_unix(cron:session): session closed for user root
May  7 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15529]: pam_unix(cron:session): session closed for user p13x
May  7 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15599]: Successful su for rubyman by root
May  7 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15599]: + ??? root:rubyman
May  7 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349457 of user rubyman.
May  7 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15599]: pam_unix(su:session): session closed for user rubyman
May  7 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349457.
May  7 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15531]: pam_unix(cron:session): session closed for user root
May  7 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user root
May  7 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15530]: pam_unix(cron:session): session closed for user samftp
May  7 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session closed for user root
May  7 22:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Invalid user onlime_r from 194.0.234.19
May  7 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: input_userauth_request: invalid user onlime_r [preauth]
May  7 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  7 22:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Failed password for invalid user onlime_r from 194.0.234.19 port 47962 ssh2
May  7 22:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15904]: Connection closed by 194.0.234.19 port 47962 [preauth]
May  7 22:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Invalid user lando from 91.151.88.235
May  7 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: input_userauth_request: invalid user lando [preauth]
May  7 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Failed password for invalid user lando from 91.151.88.235 port 56892 ssh2
May  7 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Received disconnect from 91.151.88.235 port 56892:11: Bye Bye [preauth]
May  7 22:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15939]: Disconnected from 91.151.88.235 port 56892 [preauth]
May  7 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Invalid user developer from 50.235.31.47
May  7 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: input_userauth_request: invalid user developer [preauth]
May  7 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Failed password for invalid user developer from 50.235.31.47 port 51608 ssh2
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Connection closed by 50.235.31.47 port 51608 [preauth]
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session closed for user p13x
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16024]: Successful su for rubyman by root
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16024]: + ??? root:rubyman
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349461 of user rubyman.
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16024]: pam_unix(su:session): session closed for user rubyman
May  7 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349461.
May  7 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session closed for user root
May  7 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user samftp
May  7 22:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Invalid user device from 80.94.95.125
May  7 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: input_userauth_request: invalid user device [preauth]
May  7 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 22:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for invalid user device from 80.94.95.125 port 62854 ssh2
May  7 22:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for invalid user device from 80.94.95.125 port 62854 ssh2
May  7 22:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for invalid user device from 80.94.95.125 port 62854 ssh2
May  7 22:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for invalid user device from 80.94.95.125 port 62854 ssh2
May  7 22:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for invalid user device from 80.94.95.125 port 62854 ssh2
May  7 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Received disconnect from 80.94.95.125 port 62854:11: Bye [preauth]
May  7 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Disconnected from 80.94.95.125 port 62854 [preauth]
May  7 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  7 22:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Invalid user alvaro from 59.12.160.91
May  7 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: input_userauth_request: invalid user alvaro [preauth]
May  7 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Failed password for invalid user alvaro from 59.12.160.91 port 49772 ssh2
May  7 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Received disconnect from 59.12.160.91 port 49772:11: Bye Bye [preauth]
May  7 22:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16261]: Disconnected from 59.12.160.91 port 49772 [preauth]
May  7 22:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15044]: pam_unix(cron:session): session closed for user root
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16351]: pam_unix(cron:session): session closed for user p13x
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: Successful su for rubyman by root
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: + ??? root:rubyman
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349465 of user rubyman.
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16408]: pam_unix(su:session): session closed for user rubyman
May  7 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349465.
May  7 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13811]: pam_unix(cron:session): session closed for user root
May  7 22:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16352]: pam_unix(cron:session): session closed for user samftp
May  7 22:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Invalid user ftptest from 167.71.228.77
May  7 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: input_userauth_request: invalid user ftptest [preauth]
May  7 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Failed password for invalid user ftptest from 167.71.228.77 port 44092 ssh2
May  7 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Received disconnect from 167.71.228.77 port 44092:11: Bye Bye [preauth]
May  7 22:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Disconnected from 167.71.228.77 port 44092 [preauth]
May  7 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15533]: pam_unix(cron:session): session closed for user root
May  7 22:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session closed for user p13x
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: Successful su for rubyman by root
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: + ??? root:rubyman
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349470 of user rubyman.
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16870]: pam_unix(su:session): session closed for user rubyman
May  7 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349470.
May  7 22:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14222]: pam_unix(cron:session): session closed for user root
May  7 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session closed for user samftp
May  7 22:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Invalid user ftptest1 from 59.12.160.91
May  7 22:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: input_userauth_request: invalid user ftptest1 [preauth]
May  7 22:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Failed password for invalid user ftptest1 from 59.12.160.91 port 60260 ssh2
May  7 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Received disconnect from 59.12.160.91 port 60260:11: Bye Bye [preauth]
May  7 22:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17099]: Disconnected from 59.12.160.91 port 60260 [preauth]
May  7 22:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  7 22:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17123]: Failed password for root from 218.92.0.103 port 46494 ssh2
May  7 22:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session closed for user root
May  7 22:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: Invalid user zeshan from 185.40.7.197
May  7 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: input_userauth_request: invalid user zeshan [preauth]
May  7 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: Failed password for invalid user zeshan from 185.40.7.197 port 49878 ssh2
May  7 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: Received disconnect from 185.40.7.197 port 49878:11: Bye Bye [preauth]
May  7 22:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17224]: Disconnected from 185.40.7.197 port 49878 [preauth]
May  7 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17237]: pam_unix(cron:session): session closed for user p13x
May  7 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: Successful su for rubyman by root
May  7 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: + ??? root:rubyman
May  7 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349473 of user rubyman.
May  7 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17302]: pam_unix(su:session): session closed for user rubyman
May  7 22:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349473.
May  7 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session closed for user root
May  7 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17238]: pam_unix(cron:session): session closed for user samftp
May  7 22:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Failed password for root from 218.92.0.111 port 33276 ssh2
May  7 22:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Failed password for root from 218.92.0.111 port 33276 ssh2
May  7 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16354]: pam_unix(cron:session): session closed for user root
May  7 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Failed password for root from 218.92.0.111 port 33276 ssh2
May  7 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Received disconnect from 218.92.0.111 port 33276:11:  [preauth]
May  7 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: Disconnected from 218.92.0.111 port 33276 [preauth]
May  7 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17561]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Failed password for root from 218.92.0.111 port 26044 ssh2
May  7 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Invalid user afc from 146.190.143.102
May  7 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: input_userauth_request: invalid user afc [preauth]
May  7 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.143.102
May  7 22:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Failed password for invalid user afc from 146.190.143.102 port 57290 ssh2
May  7 22:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Received disconnect from 146.190.143.102 port 57290:11: Bye Bye [preauth]
May  7 22:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17634]: Disconnected from 146.190.143.102 port 57290 [preauth]
May  7 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Received disconnect from 218.92.0.111 port 26044:11:  [preauth]
May  7 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17630]: Disconnected from 218.92.0.111 port 26044 [preauth]
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17664]: pam_unix(cron:session): session closed for user root
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session closed for user p13x
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17734]: Successful su for rubyman by root
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17734]: + ??? root:rubyman
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17734]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349477 of user rubyman.
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17734]: pam_unix(su:session): session closed for user rubyman
May  7 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349477.
May  7 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session closed for user root
May  7 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15043]: pam_unix(cron:session): session closed for user root
May  7 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for root from 218.92.0.111 port 49764 ssh2
May  7 22:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session closed for user samftp
May  7 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for root from 218.92.0.111 port 49764 ssh2
May  7 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Invalid user prakash from 59.12.160.91
May  7 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: input_userauth_request: invalid user prakash [preauth]
May  7 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for root from 218.92.0.111 port 49764 ssh2
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Received disconnect from 218.92.0.111 port 49764:11:  [preauth]
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Disconnected from 218.92.0.111 port 49764 [preauth]
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Failed password for invalid user prakash from 59.12.160.91 port 42730 ssh2
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Received disconnect from 59.12.160.91 port 42730:11: Bye Bye [preauth]
May  7 22:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Disconnected from 59.12.160.91 port 42730 [preauth]
May  7 22:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  7 22:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Failed password for root from 193.70.84.184 port 41184 ssh2
May  7 22:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18074]: Connection closed by 193.70.84.184 port 41184 [preauth]
May  7 22:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16809]: pam_unix(cron:session): session closed for user root
May  7 22:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: Failed password for root from 218.92.0.111 port 20458 ssh2
May  7 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: Failed password for root from 218.92.0.111 port 20458 ssh2
May  7 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: Received disconnect from 218.92.0.111 port 20458:11:  [preauth]
May  7 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: Disconnected from 218.92.0.111 port 20458 [preauth]
May  7 22:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18180]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  7 22:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Invalid user khaled from 197.248.178.226
May  7 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: input_userauth_request: invalid user khaled [preauth]
May  7 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 22:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for invalid user khaled from 197.248.178.226 port 40984 ssh2
May  7 22:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Received disconnect from 197.248.178.226 port 40984:11: Bye Bye [preauth]
May  7 22:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Disconnected from 197.248.178.226 port 40984 [preauth]
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18231]: pam_unix(cron:session): session closed for user p13x
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: Successful su for rubyman by root
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: + ??? root:rubyman
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349484 of user rubyman.
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18302]: pam_unix(su:session): session closed for user rubyman
May  7 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349484.
May  7 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15532]: pam_unix(cron:session): session closed for user root
May  7 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18232]: pam_unix(cron:session): session closed for user samftp
May  7 22:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Invalid user dzq from 91.151.88.235
May  7 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: input_userauth_request: invalid user dzq [preauth]
May  7 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Failed password for invalid user dzq from 91.151.88.235 port 59928 ssh2
May  7 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Received disconnect from 91.151.88.235 port 59928:11: Bye Bye [preauth]
May  7 22:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Disconnected from 91.151.88.235 port 59928 [preauth]
May  7 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17240]: pam_unix(cron:session): session closed for user root
May  7 22:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: Invalid user lando from 59.12.160.91
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: input_userauth_request: invalid user lando [preauth]
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18645]: pam_unix(cron:session): session closed for user p13x
May  7 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: Successful su for rubyman by root
May  7 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: + ??? root:rubyman
May  7 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349487 of user rubyman.
May  7 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18709]: pam_unix(su:session): session closed for user rubyman
May  7 22:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349487.
May  7 22:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: Failed password for invalid user lando from 59.12.160.91 port 53582 ssh2
May  7 22:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: Received disconnect from 59.12.160.91 port 53582:11: Bye Bye [preauth]
May  7 22:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18642]: Disconnected from 59.12.160.91 port 53582 [preauth]
May  7 22:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user root
May  7 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18646]: pam_unix(cron:session): session closed for user samftp
May  7 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17663]: pam_unix(cron:session): session closed for user root
May  7 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Invalid user mj from 167.71.228.77
May  7 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: input_userauth_request: invalid user mj [preauth]
May  7 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 22:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Failed password for invalid user mj from 167.71.228.77 port 38988 ssh2
May  7 22:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Received disconnect from 167.71.228.77 port 38988:11: Bye Bye [preauth]
May  7 22:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19030]: Disconnected from 167.71.228.77 port 38988 [preauth]
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19055]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19055]: pam_unix(cron:session): session closed for user p13x
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19120]: Successful su for rubyman by root
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19120]: + ??? root:rubyman
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349493 of user rubyman.
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19120]: pam_unix(su:session): session closed for user rubyman
May  7 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349493.
May  7 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16353]: pam_unix(cron:session): session closed for user root
May  7 22:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session closed for user samftp
May  7 22:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Failed password for root from 185.40.7.197 port 39848 ssh2
May  7 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Received disconnect from 185.40.7.197 port 39848:11: Bye Bye [preauth]
May  7 22:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19373]: Disconnected from 185.40.7.197 port 39848 [preauth]
May  7 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18234]: pam_unix(cron:session): session closed for user root
May  7 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: Invalid user s from 59.12.160.91
May  7 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: input_userauth_request: invalid user s [preauth]
May  7 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: Failed password for invalid user s from 59.12.160.91 port 35942 ssh2
May  7 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: Received disconnect from 59.12.160.91 port 35942:11: Bye Bye [preauth]
May  7 22:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19442]: Disconnected from 59.12.160.91 port 35942 [preauth]
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session closed for user p13x
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19534]: Successful su for rubyman by root
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19534]: + ??? root:rubyman
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349496 of user rubyman.
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19534]: pam_unix(su:session): session closed for user rubyman
May  7 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349496.
May  7 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16807]: pam_unix(cron:session): session closed for user root
May  7 22:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19474]: pam_unix(cron:session): session closed for user samftp
May  7 22:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Invalid user wangchao from 164.68.105.9
May  7 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: input_userauth_request: invalid user wangchao [preauth]
May  7 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  7 22:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18648]: pam_unix(cron:session): session closed for user root
May  7 22:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Failed password for invalid user wangchao from 164.68.105.9 port 49252 ssh2
May  7 22:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19801]: Connection closed by 164.68.105.9 port 49252 [preauth]
May  7 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Invalid user punit from 146.190.143.102
May  7 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: input_userauth_request: invalid user punit [preauth]
May  7 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.143.102
May  7 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Failed password for invalid user punit from 146.190.143.102 port 40038 ssh2
May  7 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Received disconnect from 146.190.143.102 port 40038:11: Bye Bye [preauth]
May  7 22:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19863]: Disconnected from 146.190.143.102 port 40038 [preauth]
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session closed for user root
May  7 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session closed for user p13x
May  7 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: Successful su for rubyman by root
May  7 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: + ??? root:rubyman
May  7 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349502 of user rubyman.
May  7 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19964]: pam_unix(su:session): session closed for user rubyman
May  7 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349502.
May  7 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user root
May  7 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17239]: pam_unix(cron:session): session closed for user root
May  7 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user samftp
May  7 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user root
May  7 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Invalid user hjseo from 59.12.160.91
May  7 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: input_userauth_request: invalid user hjseo [preauth]
May  7 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Failed password for invalid user hjseo from 59.12.160.91 port 46368 ssh2
May  7 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Received disconnect from 59.12.160.91 port 46368:11: Bye Bye [preauth]
May  7 22:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20259]: Disconnected from 59.12.160.91 port 46368 [preauth]
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20328]: pam_unix(cron:session): session closed for user p13x
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: Successful su for rubyman by root
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: + ??? root:rubyman
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349506 of user rubyman.
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20397]: pam_unix(su:session): session closed for user rubyman
May  7 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349506.
May  7 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session closed for user root
May  7 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20329]: pam_unix(cron:session): session closed for user samftp
May  7 22:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  7 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: Failed password for root from 85.208.84.4 port 54122 ssh2
May  7 22:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20618]: Connection closed by 85.208.84.4 port 54122 [preauth]
May  7 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19476]: pam_unix(cron:session): session closed for user root
May  7 22:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Invalid user dev from 197.248.178.226
May  7 22:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: input_userauth_request: invalid user dev [preauth]
May  7 22:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Invalid user arif from 91.151.88.235
May  7 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: input_userauth_request: invalid user arif [preauth]
May  7 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Failed password for invalid user dev from 197.248.178.226 port 41978 ssh2
May  7 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Received disconnect from 197.248.178.226 port 41978:11: Bye Bye [preauth]
May  7 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20692]: Disconnected from 197.248.178.226 port 41978 [preauth]
May  7 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Failed password for invalid user arif from 91.151.88.235 port 48084 ssh2
May  7 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Received disconnect from 91.151.88.235 port 48084:11: Bye Bye [preauth]
May  7 22:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20704]: Disconnected from 91.151.88.235 port 48084 [preauth]
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20745]: pam_unix(cron:session): session closed for user p13x
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: Successful su for rubyman by root
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: + ??? root:rubyman
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349509 of user rubyman.
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20817]: pam_unix(su:session): session closed for user rubyman
May  7 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349509.
May  7 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18233]: pam_unix(cron:session): session closed for user root
May  7 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session closed for user samftp
May  7 22:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Invalid user raaj from 59.12.160.91
May  7 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: input_userauth_request: invalid user raaj [preauth]
May  7 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Failed password for invalid user raaj from 59.12.160.91 port 57176 ssh2
May  7 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Received disconnect from 59.12.160.91 port 57176:11: Bye Bye [preauth]
May  7 22:52:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21043]: Disconnected from 59.12.160.91 port 57176 [preauth]
May  7 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session closed for user root
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21168]: pam_unix(cron:session): session closed for user p13x
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Invalid user cubrid from 185.40.7.197
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: input_userauth_request: invalid user cubrid [preauth]
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: Successful su for rubyman by root
May  7 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: + ??? root:rubyman
May  7 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349514 of user rubyman.
May  7 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21255]: pam_unix(su:session): session closed for user rubyman
May  7 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349514.
May  7 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Failed password for invalid user cubrid from 185.40.7.197 port 50706 ssh2
May  7 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Received disconnect from 185.40.7.197 port 50706:11: Bye Bye [preauth]
May  7 22:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21164]: Disconnected from 185.40.7.197 port 50706 [preauth]
May  7 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18647]: pam_unix(cron:session): session closed for user root
May  7 22:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Invalid user admin1234 from 43.154.90.106
May  7 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: input_userauth_request: invalid user admin1234 [preauth]
May  7 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21169]: pam_unix(cron:session): session closed for user samftp
May  7 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Failed password for invalid user admin1234 from 43.154.90.106 port 46128 ssh2
May  7 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Received disconnect from 43.154.90.106 port 46128:11: Bye Bye [preauth]
May  7 22:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Disconnected from 43.154.90.106 port 46128 [preauth]
May  7 22:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77  user=root
May  7 22:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Failed password for root from 167.71.228.77 port 40374 ssh2
May  7 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Received disconnect from 167.71.228.77 port 40374:11: Bye Bye [preauth]
May  7 22:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21486]: Disconnected from 167.71.228.77 port 40374 [preauth]
May  7 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20331]: pam_unix(cron:session): session closed for user root
May  7 22:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  7 22:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Failed password for root from 218.92.0.216 port 59252 ssh2
May  7 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 59252 ssh2]
May  7 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Received disconnect from 218.92.0.216 port 59252:11:  [preauth]
May  7 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: Disconnected from 218.92.0.216 port 59252 [preauth]
May  7 22:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21586]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21615]: pam_unix(cron:session): session closed for user p13x
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: Successful su for rubyman by root
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: + ??? root:rubyman
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349518 of user rubyman.
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21704]: pam_unix(su:session): session closed for user rubyman
May  7 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349518.
May  7 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session closed for user root
May  7 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21616]: pam_unix(cron:session): session closed for user samftp
May  7 22:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Invalid user gits from 59.12.160.91
May  7 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: input_userauth_request: invalid user gits [preauth]
May  7 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Failed password for invalid user gits from 59.12.160.91 port 39886 ssh2
May  7 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Received disconnect from 59.12.160.91 port 39886:11: Bye Bye [preauth]
May  7 22:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22188]: Disconnected from 59.12.160.91 port 39886 [preauth]
May  7 22:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 22:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Failed password for root from 80.94.95.125 port 62715 ssh2
May  7 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 62715 ssh2]
May  7 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session closed for user root
May  7 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Failed password for root from 80.94.95.125 port 62715 ssh2
May  7 22:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Failed password for root from 80.94.95.125 port 62715 ssh2
May  7 22:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Received disconnect from 80.94.95.125 port 62715:11: Bye [preauth]
May  7 22:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: Disconnected from 80.94.95.125 port 62715 [preauth]
May  7 22:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 22:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22248]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: Invalid user showroom from 146.190.143.102
May  7 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: input_userauth_request: invalid user showroom [preauth]
May  7 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.143.102
May  7 22:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: Failed password for invalid user showroom from 146.190.143.102 port 50684 ssh2
May  7 22:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: Received disconnect from 146.190.143.102 port 50684:11: Bye Bye [preauth]
May  7 22:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22321]: Disconnected from 146.190.143.102 port 50684 [preauth]
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22371]: pam_unix(cron:session): session closed for user root
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session closed for user p13x
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22457]: Successful su for rubyman by root
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22457]: + ??? root:rubyman
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349523 of user rubyman.
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22457]: pam_unix(su:session): session closed for user rubyman
May  7 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349523.
May  7 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session closed for user root
May  7 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19475]: pam_unix(cron:session): session closed for user root
May  7 22:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session closed for user samftp
May  7 22:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21172]: pam_unix(cron:session): session closed for user root
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22828]: Did not receive identification string from 103.70.114.33
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Invalid user ubnt from 103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: input_userauth_request: invalid user ubnt [preauth]
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: Invalid user support from 103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: input_userauth_request: invalid user support [preauth]
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Invalid user user from 103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Invalid user admin from 103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: input_userauth_request: invalid user admin [preauth]
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: input_userauth_request: invalid user user [preauth]
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: Invalid user usario from 103.70.114.33
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: input_userauth_request: invalid user usario [preauth]
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  7 22:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Failed password for invalid user ubnt from 103.70.114.33 port 22986 ssh2
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: Failed password for invalid user support from 103.70.114.33 port 22984 ssh2
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Failed password for invalid user user from 103.70.114.33 port 22980 ssh2
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Failed password for invalid user admin from 103.70.114.33 port 22972 ssh2
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: Failed password for invalid user usario from 103.70.114.33 port 22998 ssh2
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: Received disconnect from 103.70.114.33 port 22984:11: Bye Bye [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22829]: Disconnected from 103.70.114.33 port 22984 [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Received disconnect from 103.70.114.33 port 22986:11: Bye Bye [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22839]: Disconnected from 103.70.114.33 port 22986 [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Received disconnect from 103.70.114.33 port 22972:11: Bye Bye [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22831]: Disconnected from 103.70.114.33 port 22972 [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Received disconnect from 103.70.114.33 port 22980:11: Bye Bye [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22833]: Disconnected from 103.70.114.33 port 22980 [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: Received disconnect from 103.70.114.33 port 22998:11: Bye Bye [preauth]
May  7 22:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22832]: Disconnected from 103.70.114.33 port 22998 [preauth]
May  7 22:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Invalid user linh from 101.36.113.80
May  7 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: input_userauth_request: invalid user linh [preauth]
May  7 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 22:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Failed password for invalid user linh from 101.36.113.80 port 49670 ssh2
May  7 22:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Received disconnect from 101.36.113.80 port 49670:11: Bye Bye [preauth]
May  7 22:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22861]: Disconnected from 101.36.113.80 port 49670 [preauth]
May  7 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22884]: pam_unix(cron:session): session closed for user p13x
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22988]: Successful su for rubyman by root
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22988]: + ??? root:rubyman
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349527 of user rubyman.
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22988]: pam_unix(su:session): session closed for user rubyman
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349527.
May  7 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Invalid user qwert from 59.12.160.91
May  7 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: input_userauth_request: invalid user qwert [preauth]
May  7 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session closed for user root
May  7 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Failed password for invalid user qwert from 59.12.160.91 port 50418 ssh2
May  7 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Received disconnect from 59.12.160.91 port 50418:11: Bye Bye [preauth]
May  7 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23010]: Disconnected from 59.12.160.91 port 50418 [preauth]
May  7 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22885]: pam_unix(cron:session): session closed for user samftp
May  7 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21618]: pam_unix(cron:session): session closed for user root
May  7 22:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 22:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: Failed password for root from 218.92.0.229 port 29164 ssh2
May  7 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 29164 ssh2]
May  7 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: Received disconnect from 218.92.0.229 port 29164:11:  [preauth]
May  7 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: Disconnected from 218.92.0.229 port 29164 [preauth]
May  7 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23261]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 22:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 22:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: Failed password for root from 218.92.0.229 port 48958 ssh2
May  7 22:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 48958 ssh2]
May  7 22:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: Received disconnect from 218.92.0.229 port 48958:11:  [preauth]
May  7 22:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: Disconnected from 218.92.0.229 port 48958 [preauth]
May  7 22:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23286]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 22:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 22:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: Failed password for root from 218.92.0.229 port 53686 ssh2
May  7 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 53686 ssh2]
May  7 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: Received disconnect from 218.92.0.229 port 53686:11:  [preauth]
May  7 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: Disconnected from 218.92.0.229 port 53686 [preauth]
May  7 22:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23406]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23429]: pam_unix(cron:session): session closed for user p13x
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23494]: Successful su for rubyman by root
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23494]: + ??? root:rubyman
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349532 of user rubyman.
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23494]: pam_unix(su:session): session closed for user rubyman
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349532.
May  7 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Invalid user punit from 91.151.88.235
May  7 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: input_userauth_request: invalid user punit [preauth]
May  7 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20330]: pam_unix(cron:session): session closed for user root
May  7 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Failed password for invalid user punit from 91.151.88.235 port 50336 ssh2
May  7 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Received disconnect from 91.151.88.235 port 50336:11: Bye Bye [preauth]
May  7 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23518]: Disconnected from 91.151.88.235 port 50336 [preauth]
May  7 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23431]: pam_unix(cron:session): session closed for user samftp
May  7 22:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22727]: Connection reset by 218.92.0.217 port 29986 [preauth]
May  7 22:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: Invalid user http from 185.40.7.197
May  7 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: input_userauth_request: invalid user http [preauth]
May  7 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: Failed password for invalid user http from 185.40.7.197 port 36654 ssh2
May  7 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: Received disconnect from 185.40.7.197 port 36654:11: Bye Bye [preauth]
May  7 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23745]: Disconnected from 185.40.7.197 port 36654 [preauth]
May  7 22:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 22:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22369]: pam_unix(cron:session): session closed for user root
May  7 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: Failed password for root from 197.248.178.226 port 33046 ssh2
May  7 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: Received disconnect from 197.248.178.226 port 33046:11: Bye Bye [preauth]
May  7 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23747]: Disconnected from 197.248.178.226 port 33046 [preauth]
May  7 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Invalid user punit from 59.12.160.91
May  7 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: input_userauth_request: invalid user punit [preauth]
May  7 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for invalid user punit from 59.12.160.91 port 33136 ssh2
May  7 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Received disconnect from 59.12.160.91 port 33136:11: Bye Bye [preauth]
May  7 22:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Disconnected from 59.12.160.91 port 33136 [preauth]
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23950]: pam_unix(cron:session): session closed for user p13x
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: Successful su for rubyman by root
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: + ??? root:rubyman
May  7 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349536 of user rubyman.
May  7 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24025]: pam_unix(su:session): session closed for user rubyman
May  7 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349536.
May  7 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session closed for user root
May  7 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23951]: pam_unix(cron:session): session closed for user samftp
May  7 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22887]: pam_unix(cron:session): session closed for user root
May  7 22:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Invalid user bot from 167.71.228.77
May  7 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: input_userauth_request: invalid user bot [preauth]
May  7 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 22:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Failed password for invalid user bot from 167.71.228.77 port 57122 ssh2
May  7 22:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Received disconnect from 167.71.228.77 port 57122:11: Bye Bye [preauth]
May  7 22:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24373]: Disconnected from 167.71.228.77 port 57122 [preauth]
May  7 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user p13x
May  7 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24465]: Successful su for rubyman by root
May  7 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24465]: + ??? root:rubyman
May  7 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349539 of user rubyman.
May  7 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24465]: pam_unix(su:session): session closed for user rubyman
May  7 22:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349539.
May  7 22:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21170]: pam_unix(cron:session): session closed for user root
May  7 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session closed for user samftp
May  7 22:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23433]: pam_unix(cron:session): session closed for user root
May  7 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Invalid user dzq from 59.12.160.91
May  7 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: input_userauth_request: invalid user dzq [preauth]
May  7 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): check pass; user unknown
May  7 22:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Failed password for invalid user dzq from 59.12.160.91 port 43990 ssh2
May  7 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Received disconnect from 59.12.160.91 port 43990:11: Bye Bye [preauth]
May  7 22:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24787]: Disconnected from 59.12.160.91 port 43990 [preauth]
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24819]: pam_unix(cron:session): session closed for user root
May  7 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24823]: pam_unix(cron:session): session closed for user root
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24817]: pam_unix(cron:session): session closed for user p13x
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: Successful su for rubyman by root
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: + ??? root:rubyman
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349543 of user rubyman.
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24920]: pam_unix(su:session): session closed for user rubyman
May  7 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349543.
May  7 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21617]: pam_unix(cron:session): session closed for user root
May  7 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24820]: pam_unix(cron:session): session closed for user root
May  7 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24818]: pam_unix(cron:session): session closed for user samftp
May  7 23:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Invalid user admin from 80.94.95.112
May  7 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: input_userauth_request: invalid user admin [preauth]
May  7 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23953]: pam_unix(cron:session): session closed for user root
May  7 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Failed password for invalid user admin from 80.94.95.112 port 59995 ssh2
May  7 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Failed password for invalid user admin from 80.94.95.112 port 59995 ssh2
May  7 23:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Failed password for invalid user admin from 80.94.95.112 port 59995 ssh2
May  7 23:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Failed password for invalid user admin from 80.94.95.112 port 59995 ssh2
May  7 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Failed password for invalid user admin from 80.94.95.112 port 59995 ssh2
May  7 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Received disconnect from 80.94.95.112 port 59995:11: Bye [preauth]
May  7 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: Disconnected from 80.94.95.112 port 59995 [preauth]
May  7 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25203]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25336]: pam_unix(cron:session): session closed for user p13x
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25410]: Successful su for rubyman by root
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25410]: + ??? root:rubyman
May  7 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349550 of user rubyman.
May  7 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25410]: pam_unix(su:session): session closed for user rubyman
May  7 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349550.
May  7 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22368]: pam_unix(cron:session): session closed for user root
May  7 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25337]: pam_unix(cron:session): session closed for user samftp
May  7 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Invalid user zhouxin from 182.18.139.237
May  7 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: input_userauth_request: invalid user zhouxin [preauth]
May  7 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  7 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Failed password for invalid user zhouxin from 182.18.139.237 port 53378 ssh2
May  7 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Received disconnect from 182.18.139.237 port 53378:11: Bye Bye [preauth]
May  7 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25669]: Disconnected from 182.18.139.237 port 53378 [preauth]
May  7 23:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Invalid user admin from 80.94.95.241
May  7 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: input_userauth_request: invalid user admin [preauth]
May  7 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 23:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Failed password for invalid user admin from 80.94.95.241 port 21308 ssh2
May  7 23:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user root
May  7 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Failed password for invalid user admin from 80.94.95.241 port 21308 ssh2
May  7 23:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Invalid user showroom from 59.12.160.91
May  7 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: input_userauth_request: invalid user showroom [preauth]
May  7 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Failed password for invalid user admin from 80.94.95.241 port 21308 ssh2
May  7 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Failed password for invalid user showroom from 59.12.160.91 port 54822 ssh2
May  7 23:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Received disconnect from 59.12.160.91 port 54822:11: Bye Bye [preauth]
May  7 23:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25750]: Disconnected from 59.12.160.91 port 54822 [preauth]
May  7 23:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Failed password for invalid user admin from 80.94.95.241 port 21308 ssh2
May  7 23:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Failed password for invalid user admin from 80.94.95.241 port 21308 ssh2
May  7 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Received disconnect from 80.94.95.241 port 21308:11: Bye [preauth]
May  7 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: Disconnected from 80.94.95.241 port 21308 [preauth]
May  7 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25706]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Invalid user xt from 185.40.7.197
May  7 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: input_userauth_request: invalid user xt [preauth]
May  7 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Failed password for invalid user xt from 185.40.7.197 port 58052 ssh2
May  7 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Received disconnect from 185.40.7.197 port 58052:11: Bye Bye [preauth]
May  7 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25792]: Disconnected from 185.40.7.197 port 58052 [preauth]
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25819]: pam_unix(cron:session): session closed for user p13x
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: Successful su for rubyman by root
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: + ??? root:rubyman
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349555 of user rubyman.
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25893]: pam_unix(su:session): session closed for user rubyman
May  7 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349555.
May  7 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22886]: pam_unix(cron:session): session closed for user root
May  7 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25821]: pam_unix(cron:session): session closed for user samftp
May  7 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  7 23:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: Failed password for root from 186.96.145.241 port 54736 ssh2
May  7 23:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26131]: Connection closed by 186.96.145.241 port 54736 [preauth]
May  7 23:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Invalid user ftptest1 from 91.151.88.235
May  7 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: input_userauth_request: invalid user ftptest1 [preauth]
May  7 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Failed password for invalid user ftptest1 from 91.151.88.235 port 52764 ssh2
May  7 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Received disconnect from 91.151.88.235 port 52764:11: Bye Bye [preauth]
May  7 23:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26163]: Disconnected from 91.151.88.235 port 52764 [preauth]
May  7 23:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24822]: pam_unix(cron:session): session closed for user root
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26252]: pam_unix(cron:session): session closed for user p13x
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26310]: Successful su for rubyman by root
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26310]: + ??? root:rubyman
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349559 of user rubyman.
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26310]: pam_unix(su:session): session closed for user rubyman
May  7 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349559.
May  7 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23432]: pam_unix(cron:session): session closed for user root
May  7 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26253]: pam_unix(cron:session): session closed for user samftp
May  7 23:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 23:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Failed password for root from 197.248.178.226 port 41194 ssh2
May  7 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Received disconnect from 197.248.178.226 port 41194:11: Bye Bye [preauth]
May  7 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26608]: Disconnected from 197.248.178.226 port 41194 [preauth]
May  7 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Invalid user intell from 43.154.90.106
May  7 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: input_userauth_request: invalid user intell [preauth]
May  7 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Invalid user oriol from 59.12.160.91
May  7 23:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: input_userauth_request: invalid user oriol [preauth]
May  7 23:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Failed password for invalid user intell from 43.154.90.106 port 38866 ssh2
May  7 23:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Received disconnect from 43.154.90.106 port 38866:11: Bye Bye [preauth]
May  7 23:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26628]: Disconnected from 43.154.90.106 port 38866 [preauth]
May  7 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for invalid user oriol from 59.12.160.91 port 37550 ssh2
May  7 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Received disconnect from 59.12.160.91 port 37550:11: Bye Bye [preauth]
May  7 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Disconnected from 59.12.160.91 port 37550 [preauth]
May  7 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25339]: pam_unix(cron:session): session closed for user root
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session closed for user p13x
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26806]: Successful su for rubyman by root
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26806]: + ??? root:rubyman
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349564 of user rubyman.
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26806]: pam_unix(su:session): session closed for user rubyman
May  7 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349564.
May  7 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23952]: pam_unix(cron:session): session closed for user root
May  7 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Failed password for root from 218.92.0.231 port 50292 ssh2
May  7 23:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session closed for user samftp
May  7 23:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Failed password for root from 218.92.0.231 port 50292 ssh2
May  7 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Failed password for root from 218.92.0.231 port 50292 ssh2
May  7 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Received disconnect from 218.92.0.231 port 50292:11:  [preauth]
May  7 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: Disconnected from 218.92.0.231 port 50292 [preauth]
May  7 23:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26804]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 23:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 23:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Failed password for root from 218.92.0.236 port 42078 ssh2
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Invalid user ircd from 101.36.113.80
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: input_userauth_request: invalid user ircd [preauth]
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: Invalid user username from 167.71.228.77
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: input_userauth_request: invalid user username [preauth]
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Failed password for root from 218.92.0.236 port 42078 ssh2
May  7 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Failed password for invalid user ircd from 101.36.113.80 port 36016 ssh2
May  7 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Received disconnect from 101.36.113.80 port 36016:11: Bye Bye [preauth]
May  7 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27069]: Disconnected from 101.36.113.80 port 36016 [preauth]
May  7 23:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: Failed password for invalid user username from 167.71.228.77 port 57750 ssh2
May  7 23:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: Received disconnect from 167.71.228.77 port 57750:11: Bye Bye [preauth]
May  7 23:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27071]: Disconnected from 167.71.228.77 port 57750 [preauth]
May  7 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Failed password for root from 218.92.0.236 port 42078 ssh2
May  7 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Received disconnect from 218.92.0.236 port 42078:11:  [preauth]
May  7 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Disconnected from 218.92.0.236 port 42078 [preauth]
May  7 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  7 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session closed for user root
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27233]: pam_unix(cron:session): session closed for user root
May  7 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session closed for user p13x
May  7 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: Successful su for rubyman by root
May  7 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: + ??? root:rubyman
May  7 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349568 of user rubyman.
May  7 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27298]: pam_unix(su:session): session closed for user rubyman
May  7 23:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349568.
May  7 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27230]: pam_unix(cron:session): session closed for user root
May  7 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user root
May  7 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27229]: pam_unix(cron:session): session closed for user samftp
May  7 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Invalid user forest from 59.12.160.91
May  7 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: input_userauth_request: invalid user forest [preauth]
May  7 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Failed password for invalid user forest from 59.12.160.91 port 48132 ssh2
May  7 23:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Received disconnect from 59.12.160.91 port 48132:11: Bye Bye [preauth]
May  7 23:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27583]: Disconnected from 59.12.160.91 port 48132 [preauth]
May  7 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26255]: pam_unix(cron:session): session closed for user root
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session closed for user p13x
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27798]: Successful su for rubyman by root
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27798]: + ??? root:rubyman
May  7 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349572 of user rubyman.
May  7 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27798]: pam_unix(su:session): session closed for user rubyman
May  7 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349572.
May  7 23:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27953]: Did not receive identification string from 23.224.28.12
May  7 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24821]: pam_unix(cron:session): session closed for user root
May  7 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27731]: pam_unix(cron:session): session closed for user samftp
May  7 23:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: Invalid user hari from 185.40.7.197
May  7 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: input_userauth_request: invalid user hari [preauth]
May  7 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: Failed password for invalid user hari from 185.40.7.197 port 52702 ssh2
May  7 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: Received disconnect from 185.40.7.197 port 52702:11: Bye Bye [preauth]
May  7 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28025]: Disconnected from 185.40.7.197 port 52702 [preauth]
May  7 23:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26744]: pam_unix(cron:session): session closed for user root
May  7 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Invalid user teacher from 59.12.160.91
May  7 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: input_userauth_request: invalid user teacher [preauth]
May  7 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Failed password for invalid user teacher from 59.12.160.91 port 58674 ssh2
May  7 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Received disconnect from 59.12.160.91 port 58674:11: Bye Bye [preauth]
May  7 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Disconnected from 59.12.160.91 port 58674 [preauth]
May  7 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28155]: pam_unix(cron:session): session closed for user p13x
May  7 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28220]: Successful su for rubyman by root
May  7 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28220]: + ??? root:rubyman
May  7 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28220]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349579 of user rubyman.
May  7 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28220]: pam_unix(su:session): session closed for user rubyman
May  7 23:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349579.
May  7 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25338]: pam_unix(cron:session): session closed for user root
May  7 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28156]: pam_unix(cron:session): session closed for user samftp
May  7 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27232]: pam_unix(cron:session): session closed for user root
May  7 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Invalid user alvaro from 91.151.88.235
May  7 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: input_userauth_request: invalid user alvaro [preauth]
May  7 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Failed password for invalid user alvaro from 91.151.88.235 port 48296 ssh2
May  7 23:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Received disconnect from 91.151.88.235 port 48296:11: Bye Bye [preauth]
May  7 23:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Disconnected from 91.151.88.235 port 48296 [preauth]
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28565]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28564]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28564]: pam_unix(cron:session): session closed for user p13x
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28626]: Successful su for rubyman by root
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28626]: + ??? root:rubyman
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349582 of user rubyman.
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28626]: pam_unix(su:session): session closed for user rubyman
May  7 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349582.
May  7 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25822]: pam_unix(cron:session): session closed for user root
May  7 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28565]: pam_unix(cron:session): session closed for user samftp
May  7 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27733]: pam_unix(cron:session): session closed for user root
May  7 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Invalid user fff from 43.154.90.106
May  7 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: input_userauth_request: invalid user fff [preauth]
May  7 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Failed password for invalid user fff from 43.154.90.106 port 35146 ssh2
May  7 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Received disconnect from 43.154.90.106 port 35146:11: Bye Bye [preauth]
May  7 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28916]: Disconnected from 43.154.90.106 port 35146 [preauth]
May  7 23:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Invalid user arnaldo from 59.12.160.91
May  7 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: input_userauth_request: invalid user arnaldo [preauth]
May  7 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Failed password for invalid user arnaldo from 59.12.160.91 port 41264 ssh2
May  7 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Received disconnect from 59.12.160.91 port 41264:11: Bye Bye [preauth]
May  7 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28941]: Disconnected from 59.12.160.91 port 41264 [preauth]
May  7 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session closed for user p13x
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29189]: Successful su for rubyman by root
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29189]: + ??? root:rubyman
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349586 of user rubyman.
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29189]: pam_unix(su:session): session closed for user rubyman
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349586.
May  7 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session closed for user root
May  7 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26254]: pam_unix(cron:session): session closed for user root
May  7 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28973]: pam_unix(cron:session): session closed for user samftp
May  7 23:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Invalid user vpn from 197.248.178.226
May  7 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: input_userauth_request: invalid user vpn [preauth]
May  7 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Failed password for invalid user vpn from 197.248.178.226 port 38048 ssh2
May  7 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Received disconnect from 197.248.178.226 port 38048:11: Bye Bye [preauth]
May  7 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Disconnected from 197.248.178.226 port 38048 [preauth]
May  7 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Invalid user adv from 101.36.113.80
May  7 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: input_userauth_request: invalid user adv [preauth]
May  7 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Failed password for invalid user adv from 101.36.113.80 port 40672 ssh2
May  7 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Received disconnect from 101.36.113.80 port 40672:11: Bye Bye [preauth]
May  7 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Disconnected from 101.36.113.80 port 40672 [preauth]
May  7 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29479]: Connection closed by 172.236.228.229 port 4158 [preauth]
May  7 23:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29481]: Connection closed by 172.236.228.229 port 4160 [preauth]
May  7 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29495]: fatal: Unable to negotiate with 172.236.228.229 port 4166: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  7 23:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: Invalid user dls from 167.71.228.77
May  7 23:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: input_userauth_request: invalid user dls [preauth]
May  7 23:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28158]: pam_unix(cron:session): session closed for user root
May  7 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: Failed password for invalid user dls from 167.71.228.77 port 39126 ssh2
May  7 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: Received disconnect from 167.71.228.77 port 39126:11: Bye Bye [preauth]
May  7 23:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29496]: Disconnected from 167.71.228.77 port 39126 [preauth]
May  7 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Invalid user ftpuser from 193.70.84.184
May  7 23:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: input_userauth_request: invalid user ftpuser [preauth]
May  7 23:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  7 23:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Failed password for invalid user ftpuser from 193.70.84.184 port 49810 ssh2
May  7 23:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Connection closed by 193.70.84.184 port 49810 [preauth]
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29590]: pam_unix(cron:session): session closed for user root
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session closed for user p13x
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29654]: Successful su for rubyman by root
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29654]: + ??? root:rubyman
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349592 of user rubyman.
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29654]: pam_unix(su:session): session closed for user rubyman
May  7 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349592.
May  7 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session closed for user root
May  7 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session closed for user root
May  7 23:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user samftp
May  7 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28567]: pam_unix(cron:session): session closed for user root
May  7 23:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Invalid user sunil from 59.12.160.91
May  7 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: input_userauth_request: invalid user sunil [preauth]
May  7 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Failed password for invalid user sunil from 59.12.160.91 port 51998 ssh2
May  7 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Received disconnect from 59.12.160.91 port 51998:11: Bye Bye [preauth]
May  7 23:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29970]: Disconnected from 59.12.160.91 port 51998 [preauth]
May  7 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: Failed password for root from 190.103.202.7 port 48132 ssh2
May  7 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29972]: Connection closed by 190.103.202.7 port 48132 [preauth]
May  7 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Failed password for root from 185.40.7.197 port 42778 ssh2
May  7 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Received disconnect from 185.40.7.197 port 42778:11: Bye Bye [preauth]
May  7 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30023]: Disconnected from 185.40.7.197 port 42778 [preauth]
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30027]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30026]: pam_unix(cron:session): session closed for user p13x
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: Successful su for rubyman by root
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: + ??? root:rubyman
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349595 of user rubyman.
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30095]: pam_unix(su:session): session closed for user rubyman
May  7 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349595.
May  7 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27231]: pam_unix(cron:session): session closed for user root
May  7 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30027]: pam_unix(cron:session): session closed for user samftp
May  7 23:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  7 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: Failed password for root from 80.94.95.115 port 23858 ssh2
May  7 23:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30313]: Connection closed by 80.94.95.115 port 23858 [preauth]
May  7 23:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: Failed password for root from 80.94.95.125 port 5039 ssh2
May  7 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 5039 ssh2]
May  7 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: Received disconnect from 80.94.95.125 port 5039:11: Bye [preauth]
May  7 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: Disconnected from 80.94.95.125 port 5039 [preauth]
May  7 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30315]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28975]: pam_unix(cron:session): session closed for user root
May  7 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 23:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Failed password for root from 218.92.0.229 port 17444 ssh2
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30441]: pam_unix(cron:session): session closed for user p13x
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Failed password for root from 218.92.0.229 port 17444 ssh2
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: Successful su for rubyman by root
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: + ??? root:rubyman
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349600 of user rubyman.
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30504]: pam_unix(su:session): session closed for user rubyman
May  7 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349600.
May  7 23:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Failed password for root from 218.92.0.229 port 17444 ssh2
May  7 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Received disconnect from 218.92.0.229 port 17444:11:  [preauth]
May  7 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: Disconnected from 218.92.0.229 port 17444 [preauth]
May  7 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30427]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27732]: pam_unix(cron:session): session closed for user root
May  7 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 23:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30442]: pam_unix(cron:session): session closed for user samftp
May  7 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Failed password for root from 218.92.0.229 port 55928 ssh2
May  7 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 55928 ssh2]
May  7 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Received disconnect from 218.92.0.229 port 55928:11:  [preauth]
May  7 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: Disconnected from 218.92.0.229 port 55928 [preauth]
May  7 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30622]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 23:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Failed password for root from 218.92.0.229 port 57506 ssh2
May  7 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 57506 ssh2]
May  7 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Received disconnect from 218.92.0.229 port 57506:11:  [preauth]
May  7 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: Disconnected from 218.92.0.229 port 57506 [preauth]
May  7 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30697]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  7 23:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Invalid user fabrice from 59.12.160.91
May  7 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: input_userauth_request: invalid user fabrice [preauth]
May  7 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.12.160.91
May  7 23:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Failed password for invalid user fabrice from 59.12.160.91 port 34602 ssh2
May  7 23:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Received disconnect from 59.12.160.91 port 34602:11: Bye Bye [preauth]
May  7 23:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30751]: Disconnected from 59.12.160.91 port 34602 [preauth]
May  7 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29589]: pam_unix(cron:session): session closed for user root
May  7 23:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 23:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Failed password for root from 218.92.0.205 port 31428 ssh2
May  7 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 31428 ssh2]
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30840]: pam_unix(cron:session): session closed for user p13x
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: Successful su for rubyman by root
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: + ??? root:rubyman
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349603 of user rubyman.
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30902]: pam_unix(su:session): session closed for user rubyman
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349603.
May  7 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Failed password for root from 218.92.0.205 port 31428 ssh2
May  7 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Failed password for root from 218.92.0.205 port 31428 ssh2
May  7 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 31428 ssh2 [preauth]
May  7 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Disconnecting: Too many authentication failures [preauth]
May  7 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28157]: pam_unix(cron:session): session closed for user root
May  7 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30841]: pam_unix(cron:session): session closed for user samftp
May  7 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Failed password for root from 218.92.0.205 port 1880 ssh2
May  7 23:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 1880 ssh2]
May  7 23:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Failed password for root from 218.92.0.205 port 1880 ssh2
May  7 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Invalid user qwert from 91.151.88.235
May  7 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: input_userauth_request: invalid user qwert [preauth]
May  7 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Failed password for root from 218.92.0.205 port 1880 ssh2
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 1880 ssh2 [preauth]
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: Disconnecting: Too many authentication failures [preauth]
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31188]: PAM service(sshd) ignoring max retries; 6 > 3
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Failed password for invalid user qwert from 91.151.88.235 port 45264 ssh2
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Received disconnect from 91.151.88.235 port 45264:11: Bye Bye [preauth]
May  7 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31229]: Disconnected from 91.151.88.235 port 45264 [preauth]
May  7 23:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  7 23:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Failed password for root from 218.92.0.205 port 43530 ssh2
May  7 23:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31255]: Connection reset by 218.92.0.205 port 43530 [preauth]
May  7 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30029]: pam_unix(cron:session): session closed for user root
May  7 23:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Invalid user rocky from 43.154.90.106
May  7 23:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: input_userauth_request: invalid user rocky [preauth]
May  7 23:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Failed password for invalid user rocky from 43.154.90.106 port 50520 ssh2
May  7 23:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Received disconnect from 43.154.90.106 port 50520:11: Bye Bye [preauth]
May  7 23:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Disconnected from 43.154.90.106 port 50520 [preauth]
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31352]: pam_unix(cron:session): session closed for user p13x
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: Successful su for rubyman by root
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: + ??? root:rubyman
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349608 of user rubyman.
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31411]: pam_unix(su:session): session closed for user rubyman
May  7 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349608.
May  7 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28566]: pam_unix(cron:session): session closed for user root
May  7 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31354]: pam_unix(cron:session): session closed for user samftp
May  7 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Invalid user readarr from 101.36.113.80
May  7 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: input_userauth_request: invalid user readarr [preauth]
May  7 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Failed password for invalid user readarr from 101.36.113.80 port 40658 ssh2
May  7 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Received disconnect from 101.36.113.80 port 40658:11: Bye Bye [preauth]
May  7 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31655]: Disconnected from 101.36.113.80 port 40658 [preauth]
May  7 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30445]: pam_unix(cron:session): session closed for user root
May  7 23:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  7 23:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Failed password for root from 182.18.139.237 port 54024 ssh2
May  7 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Received disconnect from 182.18.139.237 port 54024:11: Bye Bye [preauth]
May  7 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31775]: Disconnected from 182.18.139.237 port 54024 [preauth]
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31791]: pam_unix(cron:session): session closed for user root
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31786]: pam_unix(cron:session): session closed for user p13x
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31861]: Successful su for rubyman by root
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31861]: + ??? root:rubyman
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349616 of user rubyman.
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31861]: pam_unix(su:session): session closed for user rubyman
May  7 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349616.
May  7 23:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31788]: pam_unix(cron:session): session closed for user root
May  7 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28974]: pam_unix(cron:session): session closed for user root
May  7 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31787]: pam_unix(cron:session): session closed for user samftp
May  7 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: Failed password for root from 197.248.178.226 port 53400 ssh2
May  7 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: Received disconnect from 197.248.178.226 port 53400:11: Bye Bye [preauth]
May  7 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32061]: Disconnected from 197.248.178.226 port 53400 [preauth]
May  7 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Invalid user msf from 167.71.228.77
May  7 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: input_userauth_request: invalid user msf [preauth]
May  7 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Failed password for invalid user msf from 167.71.228.77 port 33550 ssh2
May  7 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Received disconnect from 167.71.228.77 port 33550:11: Bye Bye [preauth]
May  7 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Disconnected from 167.71.228.77 port 33550 [preauth]
May  7 23:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Invalid user consulta1 from 185.40.7.197
May  7 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: input_userauth_request: invalid user consulta1 [preauth]
May  7 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Failed password for invalid user consulta1 from 185.40.7.197 port 56020 ssh2
May  7 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Received disconnect from 185.40.7.197 port 56020:11: Bye Bye [preauth]
May  7 23:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Disconnected from 185.40.7.197 port 56020 [preauth]
May  7 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30843]: pam_unix(cron:session): session closed for user root
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32549]: pam_unix(cron:session): session closed for user p13x
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32714]: Successful su for rubyman by root
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32714]: + ??? root:rubyman
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349617 of user rubyman.
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32714]: pam_unix(su:session): session closed for user rubyman
May  7 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349617.
May  7 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29588]: pam_unix(cron:session): session closed for user root
May  7 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32550]: pam_unix(cron:session): session closed for user samftp
May  7 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31357]: pam_unix(cron:session): session closed for user root
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[680]: pam_unix(cron:session): session closed for user root
May  7 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[683]: pam_unix(cron:session): session closed for user p13x
May  7 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: Successful su for rubyman by root
May  7 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: + ??? root:rubyman
May  7 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349621 of user rubyman.
May  7 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[756]: pam_unix(su:session): session closed for user rubyman
May  7 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349621.
May  7 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30028]: pam_unix(cron:session): session closed for user root
May  7 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[684]: pam_unix(cron:session): session closed for user samftp
May  7 23:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 23:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Failed password for root from 218.92.0.228 port 25040 ssh2
May  7 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 25040 ssh2]
May  7 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Received disconnect from 218.92.0.228 port 25040:11:  [preauth]
May  7 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: Disconnected from 218.92.0.228 port 25040 [preauth]
May  7 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1002]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 23:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Failed password for root from 218.92.0.228 port 25042 ssh2
May  7 23:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 25042 ssh2]
May  7 23:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Received disconnect from 218.92.0.228 port 25042:11:  [preauth]
May  7 23:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: Disconnected from 218.92.0.228 port 25042 [preauth]
May  7 23:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1031]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 23:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 218.92.0.228 port 22940 ssh2
May  7 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31790]: pam_unix(cron:session): session closed for user root
May  7 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 218.92.0.228 port 22940 ssh2
May  7 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Failed password for root from 218.92.0.228 port 22940 ssh2
May  7 23:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Received disconnect from 218.92.0.228 port 22940:11:  [preauth]
May  7 23:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: Disconnected from 218.92.0.228 port 22940 [preauth]
May  7 23:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1063]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1163]: pam_unix(cron:session): session closed for user p13x
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1247]: Successful su for rubyman by root
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1247]: + ??? root:rubyman
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349627 of user rubyman.
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1247]: pam_unix(su:session): session closed for user rubyman
May  7 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349627.
May  7 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30444]: pam_unix(cron:session): session closed for user root
May  7 23:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1164]: pam_unix(cron:session): session closed for user samftp
May  7 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session closed for user root
May  7 23:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Invalid user vtatis from 91.151.88.235
May  7 23:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: input_userauth_request: invalid user vtatis [preauth]
May  7 23:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Failed password for invalid user vtatis from 91.151.88.235 port 51848 ssh2
May  7 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Received disconnect from 91.151.88.235 port 51848:11: Bye Bye [preauth]
May  7 23:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1630]: Disconnected from 91.151.88.235 port 51848 [preauth]
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1659]: pam_unix(cron:session): session closed for user p13x
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1746]: Successful su for rubyman by root
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1746]: + ??? root:rubyman
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349632 of user rubyman.
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1746]: pam_unix(su:session): session closed for user rubyman
May  7 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349632.
May  7 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Invalid user fin from 43.154.90.106
May  7 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: input_userauth_request: invalid user fin [preauth]
May  7 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30842]: pam_unix(cron:session): session closed for user root
May  7 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Failed password for invalid user fin from 43.154.90.106 port 57968 ssh2
May  7 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Received disconnect from 43.154.90.106 port 57968:11: Bye Bye [preauth]
May  7 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1792]: Disconnected from 43.154.90.106 port 57968 [preauth]
May  7 23:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1661]: pam_unix(cron:session): session closed for user samftp
May  7 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Invalid user monit from 101.36.113.80
May  7 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: input_userauth_request: invalid user monit [preauth]
May  7 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Failed password for invalid user monit from 101.36.113.80 port 45708 ssh2
May  7 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Received disconnect from 101.36.113.80 port 45708:11: Bye Bye [preauth]
May  7 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2038]: Disconnected from 101.36.113.80 port 45708 [preauth]
May  7 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[686]: pam_unix(cron:session): session closed for user root
May  7 23:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Invalid user edwin from 182.18.139.237
May  7 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: input_userauth_request: invalid user edwin [preauth]
May  7 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  7 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Failed password for invalid user edwin from 182.18.139.237 port 57682 ssh2
May  7 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Received disconnect from 182.18.139.237 port 57682:11: Bye Bye [preauth]
May  7 23:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2138]: Disconnected from 182.18.139.237 port 57682 [preauth]
May  7 23:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Invalid user gnssr from 185.40.7.197
May  7 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: input_userauth_request: invalid user gnssr [preauth]
May  7 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Failed password for invalid user gnssr from 185.40.7.197 port 54646 ssh2
May  7 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Received disconnect from 185.40.7.197 port 54646:11: Bye Bye [preauth]
May  7 23:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2167]: Disconnected from 185.40.7.197 port 54646 [preauth]
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session closed for user root
May  7 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2195]: pam_unix(cron:session): session closed for user p13x
May  7 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: Successful su for rubyman by root
May  7 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: + ??? root:rubyman
May  7 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349637 of user rubyman.
May  7 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2265]: pam_unix(su:session): session closed for user rubyman
May  7 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349637.
May  7 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2197]: pam_unix(cron:session): session closed for user root
May  7 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31355]: pam_unix(cron:session): session closed for user root
May  7 23:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  7 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2196]: pam_unix(cron:session): session closed for user samftp
May  7 23:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: Failed password for root from 23.91.96.123 port 56780 ssh2
May  7 23:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: Received disconnect from 23.91.96.123 port 56780:11: Bye Bye [preauth]
May  7 23:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2469]: Disconnected from 23.91.96.123 port 56780 [preauth]
May  7 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session closed for user root
May  7 23:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77  user=root
May  7 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: Failed password for root from 167.71.228.77 port 39176 ssh2
May  7 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: Received disconnect from 167.71.228.77 port 39176:11: Bye Bye [preauth]
May  7 23:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2615]: Disconnected from 167.71.228.77 port 39176 [preauth]
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session closed for user p13x
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2749]: Successful su for rubyman by root
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2749]: + ??? root:rubyman
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349640 of user rubyman.
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2749]: pam_unix(su:session): session closed for user rubyman
May  7 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349640.
May  7 23:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 23:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31789]: pam_unix(cron:session): session closed for user root
May  7 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Failed password for root from 197.248.178.226 port 32792 ssh2
May  7 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session closed for user samftp
May  7 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Received disconnect from 197.248.178.226 port 32792:11: Bye Bye [preauth]
May  7 23:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: Disconnected from 197.248.178.226 port 32792 [preauth]
May  7 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1663]: pam_unix(cron:session): session closed for user root
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3098]: pam_unix(cron:session): session closed for user p13x
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: Successful su for rubyman by root
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: + ??? root:rubyman
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349645 of user rubyman.
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3163]: pam_unix(su:session): session closed for user rubyman
May  7 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349645.
May  7 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session closed for user root
May  7 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3099]: pam_unix(cron:session): session closed for user samftp
May  7 23:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 23:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Failed password for root from 218.92.0.218 port 63350 ssh2
May  7 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 63350 ssh2]
May  7 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Received disconnect from 218.92.0.218 port 63350:11:  [preauth]
May  7 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: Disconnected from 218.92.0.218 port 63350 [preauth]
May  7 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3387]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  7 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session closed for user root
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3530]: pam_unix(cron:session): session closed for user p13x
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3625]: Successful su for rubyman by root
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3625]: + ??? root:rubyman
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349649 of user rubyman.
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3625]: pam_unix(su:session): session closed for user rubyman
May  7 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349649.
May  7 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[685]: pam_unix(cron:session): session closed for user root
May  7 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3531]: pam_unix(cron:session): session closed for user samftp
May  7 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2673]: pam_unix(cron:session): session closed for user root
May  7 23:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Invalid user liuyan from 146.190.93.207
May  7 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: input_userauth_request: invalid user liuyan [preauth]
May  7 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  7 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Failed password for invalid user liuyan from 146.190.93.207 port 49402 ssh2
May  7 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Received disconnect from 146.190.93.207 port 49402:11: Bye Bye [preauth]
May  7 23:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3918]: Disconnected from 146.190.93.207 port 49402 [preauth]
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3992]: pam_unix(cron:session): session closed for user p13x
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4055]: Successful su for rubyman by root
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4055]: + ??? root:rubyman
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349653 of user rubyman.
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4055]: pam_unix(su:session): session closed for user rubyman
May  7 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349653.
May  7 23:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session closed for user root
May  7 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: Invalid user fin from 101.36.113.80
May  7 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: input_userauth_request: invalid user fin [preauth]
May  7 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session closed for user samftp
May  7 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: Failed password for invalid user fin from 101.36.113.80 port 38042 ssh2
May  7 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: Received disconnect from 101.36.113.80 port 38042:11: Bye Bye [preauth]
May  7 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4173]: Disconnected from 101.36.113.80 port 38042 [preauth]
May  7 23:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Invalid user sunil from 91.151.88.235
May  7 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: input_userauth_request: invalid user sunil [preauth]
May  7 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Failed password for invalid user sunil from 91.151.88.235 port 35064 ssh2
May  7 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Received disconnect from 91.151.88.235 port 35064:11: Bye Bye [preauth]
May  7 23:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4275]: Disconnected from 91.151.88.235 port 35064 [preauth]
May  7 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: Invalid user kjs from 43.154.90.106
May  7 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: input_userauth_request: invalid user kjs [preauth]
May  7 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: Failed password for invalid user kjs from 43.154.90.106 port 34506 ssh2
May  7 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: Received disconnect from 43.154.90.106 port 34506:11: Bye Bye [preauth]
May  7 23:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4419]: Disconnected from 43.154.90.106 port 34506 [preauth]
May  7 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  7 23:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: Invalid user video from 185.40.7.197
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: input_userauth_request: invalid user video [preauth]
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Failed password for root from 182.18.139.237 port 33088 ssh2
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Received disconnect from 182.18.139.237 port 33088:11: Bye Bye [preauth]
May  7 23:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4421]: Disconnected from 182.18.139.237 port 33088 [preauth]
May  7 23:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: Failed password for invalid user video from 185.40.7.197 port 58518 ssh2
May  7 23:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: Received disconnect from 185.40.7.197 port 58518:11: Bye Bye [preauth]
May  7 23:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: Disconnected from 185.40.7.197 port 58518 [preauth]
May  7 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3101]: pam_unix(cron:session): session closed for user root
May  7 23:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Invalid user ftpuser from 194.0.234.16
May  7 23:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: input_userauth_request: invalid user ftpuser [preauth]
May  7 23:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  7 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Failed password for invalid user ftpuser from 194.0.234.16 port 54130 ssh2
May  7 23:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4493]: Connection closed by 194.0.234.16 port 54130 [preauth]
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4570]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4571]: pam_unix(cron:session): session closed for user root
May  7 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session closed for user p13x
May  7 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: Successful su for rubyman by root
May  7 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: + ??? root:rubyman
May  7 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349661 of user rubyman.
May  7 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4638]: pam_unix(su:session): session closed for user rubyman
May  7 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349661.
May  7 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1662]: pam_unix(cron:session): session closed for user root
May  7 23:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4568]: pam_unix(cron:session): session closed for user root
May  7 23:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session closed for user samftp
May  7 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Invalid user glpi from 52.183.128.237
May  7 23:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: input_userauth_request: invalid user glpi [preauth]
May  7 23:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  7 23:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Failed password for invalid user glpi from 52.183.128.237 port 34660 ssh2
May  7 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Received disconnect from 52.183.128.237 port 34660:11: Bye Bye [preauth]
May  7 23:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Disconnected from 52.183.128.237 port 34660 [preauth]
May  7 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session closed for user root
May  7 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5204]: pam_unix(cron:session): session closed for user p13x
May  7 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5283]: Successful su for rubyman by root
May  7 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5283]: + ??? root:rubyman
May  7 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349662 of user rubyman.
May  7 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5283]: pam_unix(su:session): session closed for user rubyman
May  7 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349662.
May  7 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5205]: pam_unix(cron:session): session closed for user samftp
May  7 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session closed for user root
May  7 23:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Invalid user prueba from 167.71.228.77
May  7 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: input_userauth_request: invalid user prueba [preauth]
May  7 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Failed password for invalid user prueba from 167.71.228.77 port 44972 ssh2
May  7 23:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Received disconnect from 167.71.228.77 port 44972:11: Bye Bye [preauth]
May  7 23:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5480]: Disconnected from 167.71.228.77 port 44972 [preauth]
May  7 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session closed for user root
May  7 23:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Connection closed by 130.195.4.213 port 46294 [preauth]
May  7 23:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 23:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for root from 197.248.178.226 port 60678 ssh2
May  7 23:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Received disconnect from 197.248.178.226 port 60678:11: Bye Bye [preauth]
May  7 23:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Disconnected from 197.248.178.226 port 60678 [preauth]
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user p13x
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5754]: Successful su for rubyman by root
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5754]: + ??? root:rubyman
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349667 of user rubyman.
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5754]: pam_unix(su:session): session closed for user rubyman
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349667.
May  7 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Invalid user liyan from 103.149.28.105
May  7 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: input_userauth_request: invalid user liyan [preauth]
May  7 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  7 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2670]: pam_unix(cron:session): session closed for user root
May  7 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Failed password for invalid user liyan from 103.149.28.105 port 36236 ssh2
May  7 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Received disconnect from 103.149.28.105 port 36236:11: Bye Bye [preauth]
May  7 23:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5774]: Disconnected from 103.149.28.105 port 36236 [preauth]
May  7 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user samftp
May  7 23:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: Received disconnect from 218.92.0.222 port 51510:11:  [preauth]
May  7 23:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6043]: Disconnected from 218.92.0.222 port 51510 [preauth]
May  7 23:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4570]: pam_unix(cron:session): session closed for user root
May  7 23:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  7 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: Failed password for root from 218.92.0.204 port 34542 ssh2
May  7 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 34542 ssh2]
May  7 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 34542 ssh2 [preauth]
May  7 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: Disconnecting: Too many authentication failures [preauth]
May  7 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  7 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6145]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6202]: pam_unix(cron:session): session closed for user p13x
May  7 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: Successful su for rubyman by root
May  7 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: + ??? root:rubyman
May  7 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349672 of user rubyman.
May  7 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6270]: pam_unix(su:session): session closed for user rubyman
May  7 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349672.
May  7 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3100]: pam_unix(cron:session): session closed for user root
May  7 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session closed for user samftp
May  7 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Invalid user dirk from 134.199.210.64
May  7 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: input_userauth_request: invalid user dirk [preauth]
May  7 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Failed password for invalid user dirk from 134.199.210.64 port 53888 ssh2
May  7 23:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Received disconnect from 134.199.210.64 port 53888:11: Bye Bye [preauth]
May  7 23:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Disconnected from 134.199.210.64 port 53888 [preauth]
May  7 23:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5208]: pam_unix(cron:session): session closed for user root
May  7 23:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Invalid user canvas from 23.91.96.123
May  7 23:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: input_userauth_request: invalid user canvas [preauth]
May  7 23:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  7 23:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Failed password for invalid user canvas from 23.91.96.123 port 35846 ssh2
May  7 23:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Received disconnect from 23.91.96.123 port 35846:11: Bye Bye [preauth]
May  7 23:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6546]: Disconnected from 23.91.96.123 port 35846 [preauth]
May  7 23:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  7 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 23:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 182.18.139.237 port 36722 ssh2
May  7 23:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Received disconnect from 182.18.139.237 port 36722:11: Bye Bye [preauth]
May  7 23:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Disconnected from 182.18.139.237 port 36722 [preauth]
May  7 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Failed password for root from 185.40.7.197 port 51586 ssh2
May  7 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Received disconnect from 185.40.7.197 port 51586:11: Bye Bye [preauth]
May  7 23:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6599]: Disconnected from 185.40.7.197 port 51586 [preauth]
May  7 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6613]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6613]: pam_unix(cron:session): session closed for user p13x
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: Successful su for rubyman by root
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: + ??? root:rubyman
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: Invalid user hdfs from 101.36.113.80
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: input_userauth_request: invalid user hdfs [preauth]
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349674 of user rubyman.
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6683]: pam_unix(su:session): session closed for user rubyman
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349674.
May  7 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: Failed password for invalid user hdfs from 101.36.113.80 port 48450 ssh2
May  7 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: Received disconnect from 101.36.113.80 port 48450:11: Bye Bye [preauth]
May  7 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: Disconnected from 101.36.113.80 port 48450 [preauth]
May  7 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3532]: pam_unix(cron:session): session closed for user root
May  7 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session closed for user samftp
May  7 23:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Invalid user privacy from 43.154.90.106
May  7 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: input_userauth_request: invalid user privacy [preauth]
May  7 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Failed password for invalid user privacy from 43.154.90.106 port 37538 ssh2
May  7 23:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Received disconnect from 43.154.90.106 port 37538:11: Bye Bye [preauth]
May  7 23:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7020]: Disconnected from 43.154.90.106 port 37538 [preauth]
May  7 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session closed for user root
May  7 23:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Invalid user arnaldo from 91.151.88.235
May  7 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: input_userauth_request: invalid user arnaldo [preauth]
May  7 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Failed password for invalid user arnaldo from 91.151.88.235 port 40256 ssh2
May  7 23:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Received disconnect from 91.151.88.235 port 40256:11: Bye Bye [preauth]
May  7 23:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7071]: Disconnected from 91.151.88.235 port 40256 [preauth]
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7141]: pam_unix(cron:session): session closed for user root
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7136]: pam_unix(cron:session): session closed for user p13x
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: Successful su for rubyman by root
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: + ??? root:rubyman
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349680 of user rubyman.
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: pam_unix(su:session): session closed for user rubyman
May  7 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349680.
May  7 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7138]: pam_unix(cron:session): session closed for user root
May  7 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user root
May  7 23:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7137]: pam_unix(cron:session): session closed for user samftp
May  7 23:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Invalid user xbmc from 50.235.31.47
May  7 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: input_userauth_request: invalid user xbmc [preauth]
May  7 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  7 23:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for invalid user xbmc from 50.235.31.47 port 34212 ssh2
May  7 23:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 50.235.31.47 port 34212 [preauth]
May  7 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session closed for user root
May  7 23:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  7 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Failed password for root from 52.183.128.237 port 44884 ssh2
May  7 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Received disconnect from 52.183.128.237 port 44884:11: Bye Bye [preauth]
May  7 23:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7659]: Disconnected from 52.183.128.237 port 44884 [preauth]
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7671]: pam_unix(cron:session): session closed for user p13x
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: Successful su for rubyman by root
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: + ??? root:rubyman
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349685 of user rubyman.
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7752]: pam_unix(su:session): session closed for user rubyman
May  7 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349685.
May  7 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7674]: pam_unix(cron:session): session closed for user samftp
May  7 23:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4569]: pam_unix(cron:session): session closed for user root
May  7 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session closed for user root
May  7 23:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Invalid user hamid from 167.71.228.77
May  7 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: input_userauth_request: invalid user hamid [preauth]
May  7 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Failed password for invalid user hamid from 167.71.228.77 port 35066 ssh2
May  7 23:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Received disconnect from 167.71.228.77 port 35066:11: Bye Bye [preauth]
May  7 23:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8045]: Disconnected from 167.71.228.77 port 35066 [preauth]
May  7 23:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 23:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Failed password for root from 218.92.0.231 port 29486 ssh2
May  7 23:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 29486 ssh2]
May  7 23:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Received disconnect from 218.92.0.231 port 29486:11:  [preauth]
May  7 23:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Disconnected from 218.92.0.231 port 29486 [preauth]
May  7 23:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8114]: pam_unix(cron:session): session closed for user p13x
May  7 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8192]: Successful su for rubyman by root
May  7 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8192]: + ??? root:rubyman
May  7 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349691 of user rubyman.
May  7 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8192]: pam_unix(su:session): session closed for user rubyman
May  7 23:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349691.
May  7 23:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5207]: pam_unix(cron:session): session closed for user root
May  7 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8115]: pam_unix(cron:session): session closed for user samftp
May  7 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session closed for user root
May  7 23:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Invalid user llm from 197.248.178.226
May  7 23:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: input_userauth_request: invalid user llm [preauth]
May  7 23:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Failed password for invalid user llm from 197.248.178.226 port 41530 ssh2
May  7 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Received disconnect from 197.248.178.226 port 41530:11: Bye Bye [preauth]
May  7 23:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8523]: Disconnected from 197.248.178.226 port 41530 [preauth]
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8546]: pam_unix(cron:session): session closed for user p13x
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8612]: Successful su for rubyman by root
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8612]: + ??? root:rubyman
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8612]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349692 of user rubyman.
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8612]: pam_unix(su:session): session closed for user rubyman
May  7 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349692.
May  7 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Invalid user admin from 80.94.95.112
May  7 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: input_userauth_request: invalid user admin [preauth]
May  7 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session closed for user root
May  7 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for invalid user admin from 80.94.95.112 port 7021 ssh2
May  7 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8547]: pam_unix(cron:session): session closed for user samftp
May  7 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for invalid user admin from 80.94.95.112 port 7021 ssh2
May  7 23:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for invalid user admin from 80.94.95.112 port 7021 ssh2
May  7 23:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for invalid user admin from 80.94.95.112 port 7021 ssh2
May  7 23:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Failed password for invalid user admin from 80.94.95.112 port 7021 ssh2
May  7 23:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Received disconnect from 80.94.95.112 port 7021:11: Bye [preauth]
May  7 23:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: Disconnected from 80.94.95.112 port 7021 [preauth]
May  7 23:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  7 23:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8682]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7677]: pam_unix(cron:session): session closed for user root
May  7 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Invalid user pancho from 103.149.28.105
May  7 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: input_userauth_request: invalid user pancho [preauth]
May  7 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  7 23:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Failed password for root from 185.40.7.197 port 44402 ssh2
May  7 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Failed password for invalid user pancho from 103.149.28.105 port 45248 ssh2
May  7 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Received disconnect from 185.40.7.197 port 44402:11: Bye Bye [preauth]
May  7 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Disconnected from 185.40.7.197 port 44402 [preauth]
May  7 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Received disconnect from 103.149.28.105 port 45248:11: Bye Bye [preauth]
May  7 23:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8884]: Disconnected from 103.149.28.105 port 45248 [preauth]
May  7 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Invalid user edwin from 182.18.139.237
May  7 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: input_userauth_request: invalid user edwin [preauth]
May  7 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  7 23:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Failed password for invalid user edwin from 182.18.139.237 port 40364 ssh2
May  7 23:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Received disconnect from 182.18.139.237 port 40364:11: Bye Bye [preauth]
May  7 23:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8908]: Disconnected from 182.18.139.237 port 40364 [preauth]
May  7 23:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Invalid user admin from 80.94.95.241
May  7 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: input_userauth_request: invalid user admin [preauth]
May  7 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  7 23:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user admin from 80.94.95.241 port 32501 ssh2
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Invalid user glpi from 23.91.96.123
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: input_userauth_request: invalid user glpi [preauth]
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: Failed password for root from 80.94.95.116 port 62440 ssh2
May  7 23:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8923]: Connection closed by 80.94.95.116 port 62440 [preauth]
May  7 23:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user admin from 80.94.95.241 port 32501 ssh2
May  7 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Failed password for invalid user glpi from 23.91.96.123 port 46700 ssh2
May  7 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Received disconnect from 23.91.96.123 port 46700:11: Bye Bye [preauth]
May  7 23:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8926]: Disconnected from 23.91.96.123 port 46700 [preauth]
May  7 23:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user admin from 80.94.95.241 port 32501 ssh2
May  7 23:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user admin from 80.94.95.241 port 32501 ssh2
May  7 23:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user admin from 80.94.95.241 port 32501 ssh2
May  7 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Received disconnect from 80.94.95.241 port 32501:11: Bye [preauth]
May  7 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Disconnected from 80.94.95.241 port 32501 [preauth]
May  7 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  7 23:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8979]: pam_unix(cron:session): session closed for user p13x
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: Successful su for rubyman by root
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: + ??? root:rubyman
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349696 of user rubyman.
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: pam_unix(su:session): session closed for user rubyman
May  7 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349696.
May  7 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Invalid user admin1234 from 101.36.113.80
May  7 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: input_userauth_request: invalid user admin1234 [preauth]
May  7 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Failed password for invalid user admin1234 from 101.36.113.80 port 37574 ssh2
May  7 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Received disconnect from 101.36.113.80 port 37574:11: Bye Bye [preauth]
May  7 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9031]: Disconnected from 101.36.113.80 port 37574 [preauth]
May  7 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user root
May  7 23:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8980]: pam_unix(cron:session): session closed for user samftp
May  7 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user root
May  7 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Invalid user shanta from 43.154.90.106
May  7 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: input_userauth_request: invalid user shanta [preauth]
May  7 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Failed password for invalid user shanta from 43.154.90.106 port 44522 ssh2
May  7 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Received disconnect from 43.154.90.106 port 44522:11: Bye Bye [preauth]
May  7 23:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Disconnected from 43.154.90.106 port 44522 [preauth]
May  7 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Invalid user mac from 134.199.210.64
May  7 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: input_userauth_request: invalid user mac [preauth]
May  7 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Failed password for invalid user mac from 134.199.210.64 port 39520 ssh2
May  7 23:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Received disconnect from 134.199.210.64 port 39520:11: Bye Bye [preauth]
May  7 23:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9487]: Disconnected from 134.199.210.64 port 39520 [preauth]
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session closed for user root
May  7 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user p13x
May  7 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9580]: Successful su for rubyman by root
May  7 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9580]: + ??? root:rubyman
May  7 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349703 of user rubyman.
May  7 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9580]: pam_unix(su:session): session closed for user rubyman
May  7 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349703.
May  7 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session closed for user root
May  7 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user root
May  7 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session closed for user samftp
May  7 23:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: Invalid user s from 91.151.88.235
May  7 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: input_userauth_request: invalid user s [preauth]
May  7 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: Failed password for invalid user s from 91.151.88.235 port 53034 ssh2
May  7 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: Received disconnect from 91.151.88.235 port 53034:11: Bye Bye [preauth]
May  7 23:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9799]: Disconnected from 91.151.88.235 port 53034 [preauth]
May  7 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8551]: pam_unix(cron:session): session closed for user root
May  7 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Invalid user koha from 146.190.93.207
May  7 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: input_userauth_request: invalid user koha [preauth]
May  7 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  7 23:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Failed password for invalid user koha from 146.190.93.207 port 45928 ssh2
May  7 23:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Received disconnect from 146.190.93.207 port 45928:11: Bye Bye [preauth]
May  7 23:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9921]: Disconnected from 146.190.93.207 port 45928 [preauth]
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9942]: pam_unix(cron:session): session closed for user p13x
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: Successful su for rubyman by root
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: + ??? root:rubyman
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349706 of user rubyman.
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10016]: pam_unix(su:session): session closed for user rubyman
May  7 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349706.
May  7 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Invalid user ca from 52.183.128.237
May  7 23:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: input_userauth_request: invalid user ca [preauth]
May  7 23:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  7 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session closed for user root
May  7 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9943]: pam_unix(cron:session): session closed for user samftp
May  7 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user ca from 52.183.128.237 port 53352 ssh2
May  7 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Received disconnect from 52.183.128.237 port 53352:11: Bye Bye [preauth]
May  7 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Disconnected from 52.183.128.237 port 53352 [preauth]
May  7 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8982]: pam_unix(cron:session): session closed for user root
May  7 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10458]: pam_unix(cron:session): session closed for user p13x
May  7 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: Successful su for rubyman by root
May  7 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: + ??? root:rubyman
May  7 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349713 of user rubyman.
May  7 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10525]: pam_unix(su:session): session closed for user rubyman
May  7 23:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349713.
May  7 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7675]: pam_unix(cron:session): session closed for user root
May  7 23:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10459]: pam_unix(cron:session): session closed for user samftp
May  7 23:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Invalid user public from 167.71.228.77
May  7 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: input_userauth_request: invalid user public [preauth]
May  7 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Failed password for invalid user public from 167.71.228.77 port 38322 ssh2
May  7 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Received disconnect from 167.71.228.77 port 38322:11: Bye Bye [preauth]
May  7 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10782]: Disconnected from 167.71.228.77 port 38322 [preauth]
May  7 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9513]: pam_unix(cron:session): session closed for user root
May  7 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session closed for user p13x
May  7 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: Successful su for rubyman by root
May  7 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: + ??? root:rubyman
May  7 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349714 of user rubyman.
May  7 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10994]: pam_unix(su:session): session closed for user rubyman
May  7 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349714.
May  7 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session closed for user root
May  7 23:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user samftp
May  7 23:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197  user=root
May  7 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Failed password for root from 185.40.7.197 port 45348 ssh2
May  7 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Received disconnect from 185.40.7.197 port 45348:11: Bye Bye [preauth]
May  7 23:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11194]: Disconnected from 185.40.7.197 port 45348 [preauth]
May  7 23:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: Invalid user mcserver from 182.18.139.237
May  7 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: input_userauth_request: invalid user mcserver [preauth]
May  7 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  7 23:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: Failed password for invalid user mcserver from 182.18.139.237 port 44002 ssh2
May  7 23:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: Received disconnect from 182.18.139.237 port 44002:11: Bye Bye [preauth]
May  7 23:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11216]: Disconnected from 182.18.139.237 port 44002 [preauth]
May  7 23:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9945]: pam_unix(cron:session): session closed for user root
May  7 23:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Invalid user postgres from 197.248.178.226
May  7 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: input_userauth_request: invalid user postgres [preauth]
May  7 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 23:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Failed password for invalid user postgres from 197.248.178.226 port 49494 ssh2
May  7 23:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Received disconnect from 197.248.178.226 port 49494:11: Bye Bye [preauth]
May  7 23:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11314]: Disconnected from 197.248.178.226 port 49494 [preauth]
May  7 23:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  7 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Failed password for root from 23.91.96.123 port 49360 ssh2
May  7 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Received disconnect from 23.91.96.123 port 49360:11: Bye Bye [preauth]
May  7 23:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11348]: Disconnected from 23.91.96.123 port 49360 [preauth]
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11352]: pam_unix(cron:session): session closed for user p13x
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11472]: Successful su for rubyman by root
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11472]: + ??? root:rubyman
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349718 of user rubyman.
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11472]: pam_unix(su:session): session closed for user rubyman
May  7 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349718.
May  7 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11350]: pam_unix(cron:session): session closed for user root
May  7 23:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8550]: pam_unix(cron:session): session closed for user root
May  7 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11353]: pam_unix(cron:session): session closed for user samftp
May  7 23:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Invalid user shanta from 101.36.113.80
May  7 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: input_userauth_request: invalid user shanta [preauth]
May  7 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Failed password for invalid user shanta from 101.36.113.80 port 53192 ssh2
May  7 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Received disconnect from 101.36.113.80 port 53192:11: Bye Bye [preauth]
May  7 23:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11702]: Disconnected from 101.36.113.80 port 53192 [preauth]
May  7 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Invalid user camilla from 134.199.210.64
May  7 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: input_userauth_request: invalid user camilla [preauth]
May  7 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Failed password for invalid user camilla from 134.199.210.64 port 44988 ssh2
May  7 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Received disconnect from 134.199.210.64 port 44988:11: Bye Bye [preauth]
May  7 23:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Disconnected from 134.199.210.64 port 44988 [preauth]
May  7 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10461]: pam_unix(cron:session): session closed for user root
May  7 23:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  7 23:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Failed password for root from 103.149.28.105 port 53124 ssh2
May  7 23:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Received disconnect from 103.149.28.105 port 53124:11: Bye Bye [preauth]
May  7 23:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11804]: Disconnected from 103.149.28.105 port 53124 [preauth]
May  7 23:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Invalid user linh from 43.154.90.106
May  7 23:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: input_userauth_request: invalid user linh [preauth]
May  7 23:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Failed password for invalid user linh from 43.154.90.106 port 47558 ssh2
May  7 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Received disconnect from 43.154.90.106 port 47558:11: Bye Bye [preauth]
May  7 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11829]: Disconnected from 43.154.90.106 port 47558 [preauth]
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11854]: pam_unix(cron:session): session closed for user root
May  7 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11849]: pam_unix(cron:session): session closed for user p13x
May  7 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: Successful su for rubyman by root
May  7 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: + ??? root:rubyman
May  7 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349726 of user rubyman.
May  7 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11925]: pam_unix(su:session): session closed for user rubyman
May  7 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349726.
May  7 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11851]: pam_unix(cron:session): session closed for user root
May  7 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8981]: pam_unix(cron:session): session closed for user root
May  7 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11850]: pam_unix(cron:session): session closed for user samftp
May  7 23:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Invalid user vpsuser from 91.151.88.235
May  7 23:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: input_userauth_request: invalid user vpsuser [preauth]
May  7 23:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Failed password for invalid user vpsuser from 91.151.88.235 port 47986 ssh2
May  7 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Received disconnect from 91.151.88.235 port 47986:11: Bye Bye [preauth]
May  7 23:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12177]: Disconnected from 91.151.88.235 port 47986 [preauth]
May  7 23:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session closed for user root
May  7 23:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 23:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Failed password for root from 218.92.0.221 port 17722 ssh2
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12276]: pam_unix(cron:session): session closed for user p13x
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Failed password for root from 218.92.0.221 port 17722 ssh2
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12361]: Successful su for rubyman by root
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12361]: + ??? root:rubyman
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349731 of user rubyman.
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12361]: pam_unix(su:session): session closed for user rubyman
May  7 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349731.
May  7 23:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Failed password for root from 218.92.0.221 port 17722 ssh2
May  7 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Received disconnect from 218.92.0.221 port 17722:11:  [preauth]
May  7 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: Disconnected from 218.92.0.221 port 17722 [preauth]
May  7 23:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12256]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  7 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9512]: pam_unix(cron:session): session closed for user root
May  7 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12277]: pam_unix(cron:session): session closed for user samftp
May  7 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  7 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Failed password for root from 146.190.93.207 port 38118 ssh2
May  7 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Received disconnect from 146.190.93.207 port 38118:11: Bye Bye [preauth]
May  7 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12530]: Disconnected from 146.190.93.207 port 38118 [preauth]
May  7 23:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Invalid user user from 52.183.128.237
May  7 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: input_userauth_request: invalid user user [preauth]
May  7 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  7 23:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Failed password for invalid user user from 52.183.128.237 port 33568 ssh2
May  7 23:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Received disconnect from 52.183.128.237 port 33568:11: Bye Bye [preauth]
May  7 23:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12540]: Disconnected from 52.183.128.237 port 33568 [preauth]
May  7 23:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11355]: pam_unix(cron:session): session closed for user root
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12684]: pam_unix(cron:session): session closed for user p13x
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12748]: Successful su for rubyman by root
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12748]: + ??? root:rubyman
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349735 of user rubyman.
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12748]: pam_unix(su:session): session closed for user rubyman
May  7 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349735.
May  7 23:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9944]: pam_unix(cron:session): session closed for user root
May  7 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12685]: pam_unix(cron:session): session closed for user samftp
May  7 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11853]: pam_unix(cron:session): session closed for user root
May  7 23:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Invalid user mauer from 167.71.228.77
May  7 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: input_userauth_request: invalid user mauer [preauth]
May  7 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  7 23:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Failed password for invalid user mauer from 167.71.228.77 port 32880 ssh2
May  7 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Invalid user clover from 185.40.7.197
May  7 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: input_userauth_request: invalid user clover [preauth]
May  7 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Received disconnect from 167.71.228.77 port 32880:11: Bye Bye [preauth]
May  7 23:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13026]: Disconnected from 167.71.228.77 port 32880 [preauth]
May  7 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Failed password for invalid user clover from 185.40.7.197 port 44602 ssh2
May  7 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Received disconnect from 185.40.7.197 port 44602:11: Bye Bye [preauth]
May  7 23:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13040]: Disconnected from 185.40.7.197 port 44602 [preauth]
May  7 23:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Failed password for root from 218.92.0.207 port 11468 ssh2
May  7 23:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Invalid user developer from 182.18.139.237
May  7 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: input_userauth_request: invalid user developer [preauth]
May  7 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  7 23:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Failed password for root from 218.92.0.207 port 11468 ssh2
May  7 23:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Failed password for invalid user developer from 182.18.139.237 port 47608 ssh2
May  7 23:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Received disconnect from 182.18.139.237 port 47608:11: Bye Bye [preauth]
May  7 23:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13068]: Disconnected from 182.18.139.237 port 47608 [preauth]
May  7 23:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Failed password for root from 218.92.0.207 port 11468 ssh2
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: message repeated 2 times: [ Failed password for root from 218.92.0.207 port 11468 ssh2]
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 11468 ssh2 [preauth]
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: Disconnecting: Too many authentication failures [preauth]
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13056]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13089]: pam_unix(cron:session): session closed for user p13x
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: Successful su for rubyman by root
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: + ??? root:rubyman
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349737 of user rubyman.
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13148]: pam_unix(su:session): session closed for user rubyman
May  7 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349737.
May  7 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10460]: pam_unix(cron:session): session closed for user root
May  7 23:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13090]: pam_unix(cron:session): session closed for user samftp
May  7 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12280]: pam_unix(cron:session): session closed for user root
May  7 23:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 23:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for root from 80.94.95.125 port 19134 ssh2
May  7 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 19134 ssh2]
May  7 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Received disconnect from 80.94.95.125 port 19134:11: Bye [preauth]
May  7 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Disconnected from 80.94.95.125 port 19134 [preauth]
May  7 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  7 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Invalid user namrata from 134.199.210.64
May  7 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: input_userauth_request: invalid user namrata [preauth]
May  7 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  7 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Failed password for invalid user namrata from 134.199.210.64 port 40700 ssh2
May  7 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Received disconnect from 134.199.210.64 port 40700:11: Bye Bye [preauth]
May  7 23:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13572]: Disconnected from 134.199.210.64 port 40700 [preauth]
May  7 23:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: Failed password for root from 46.244.96.25 port 57890 ssh2
May  7 23:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13570]: Connection closed by 46.244.96.25 port 57890 [preauth]
May  7 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user p13x
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13653]: Successful su for rubyman by root
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13653]: + ??? root:rubyman
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349741 of user rubyman.
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13653]: pam_unix(su:session): session closed for user rubyman
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349741.
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for root from 23.91.96.123 port 40378 ssh2
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Received disconnect from 23.91.96.123 port 40378:11: Bye Bye [preauth]
May  7 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Disconnected from 23.91.96.123 port 40378 [preauth]
May  7 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session closed for user root
May  7 23:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13590]: pam_unix(cron:session): session closed for user samftp
May  7 23:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Invalid user kjs from 101.36.113.80
May  7 23:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: input_userauth_request: invalid user kjs [preauth]
May  7 23:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Failed password for invalid user kjs from 101.36.113.80 port 34336 ssh2
May  7 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Received disconnect from 101.36.113.80 port 34336:11: Bye Bye [preauth]
May  7 23:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13852]: Disconnected from 101.36.113.80 port 34336 [preauth]
May  7 23:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12687]: pam_unix(cron:session): session closed for user root
May  7 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Invalid user victor from 197.248.178.226
May  7 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: input_userauth_request: invalid user victor [preauth]
May  7 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 23:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Failed password for invalid user victor from 197.248.178.226 port 45412 ssh2
May  7 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Received disconnect from 197.248.178.226 port 45412:11: Bye Bye [preauth]
May  7 23:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13921]: Disconnected from 197.248.178.226 port 45412 [preauth]
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14012]: pam_unix(cron:session): session closed for user root
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14006]: pam_unix(cron:session): session closed for user p13x
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: Successful su for rubyman by root
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: + ??? root:rubyman
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349745 of user rubyman.
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14077]: pam_unix(su:session): session closed for user rubyman
May  7 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349745.
May  7 23:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14009]: pam_unix(cron:session): session closed for user root
May  7 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Invalid user ircd from 43.154.90.106
May  7 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: input_userauth_request: invalid user ircd [preauth]
May  7 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11354]: pam_unix(cron:session): session closed for user root
May  7 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Failed password for invalid user ircd from 43.154.90.106 port 51984 ssh2
May  7 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Received disconnect from 43.154.90.106 port 51984:11: Bye Bye [preauth]
May  7 23:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Disconnected from 43.154.90.106 port 51984 [preauth]
May  7 23:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14008]: pam_unix(cron:session): session closed for user samftp
May  7 23:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  7 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Failed password for root from 194.0.234.19 port 32912 ssh2
May  7 23:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14309]: Connection closed by 194.0.234.19 port 32912 [preauth]
May  7 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13092]: pam_unix(cron:session): session closed for user root
May  7 23:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  7 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Failed password for root from 103.149.28.105 port 60992 ssh2
May  7 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Received disconnect from 103.149.28.105 port 60992:11: Bye Bye [preauth]
May  7 23:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14410]: Disconnected from 103.149.28.105 port 60992 [preauth]
May  7 23:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14441]: pam_unix(cron:session): session closed for user p13x
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Invalid user raaj from 91.151.88.235
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: input_userauth_request: invalid user raaj [preauth]
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: Successful su for rubyman by root
May  7 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: + ??? root:rubyman
May  7 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349751 of user rubyman.
May  7 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14512]: pam_unix(su:session): session closed for user rubyman
May  7 23:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349751.
May  7 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Failed password for invalid user raaj from 91.151.88.235 port 40880 ssh2
May  7 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Received disconnect from 91.151.88.235 port 40880:11: Bye Bye [preauth]
May  7 23:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14438]: Disconnected from 91.151.88.235 port 40880 [preauth]
May  7 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11852]: pam_unix(cron:session): session closed for user root
May  7 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14442]: pam_unix(cron:session): session closed for user samftp
May  7 23:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  7 23:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  7 23:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Failed password for root from 146.190.93.207 port 49948 ssh2
May  7 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: Failed password for root from 52.183.128.237 port 42058 ssh2
May  7 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Received disconnect from 146.190.93.207 port 49948:11: Bye Bye [preauth]
May  7 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14768]: Disconnected from 146.190.93.207 port 49948 [preauth]
May  7 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: Received disconnect from 52.183.128.237 port 42058:11: Bye Bye [preauth]
May  7 23:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14766]: Disconnected from 52.183.128.237 port 42058 [preauth]
May  7 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13592]: pam_unix(cron:session): session closed for user root
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14853]: pam_unix(cron:session): session closed for user p13x
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: Successful su for rubyman by root
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: + ??? root:rubyman
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349755 of user rubyman.
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14927]: pam_unix(su:session): session closed for user rubyman
May  7 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349755.
May  7 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12279]: pam_unix(cron:session): session closed for user root
May  7 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14854]: pam_unix(cron:session): session closed for user samftp
May  7 23:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: Invalid user elasticsearch from 185.40.7.197
May  7 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: input_userauth_request: invalid user elasticsearch [preauth]
May  7 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  7 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: Failed password for invalid user elasticsearch from 185.40.7.197 port 41650 ssh2
May  7 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: Received disconnect from 185.40.7.197 port 41650:11: Bye Bye [preauth]
May  7 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15141]: Disconnected from 185.40.7.197 port 41650 [preauth]
May  7 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Failed password for root from 182.18.139.237 port 51266 ssh2
May  7 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Received disconnect from 182.18.139.237 port 51266:11: Bye Bye [preauth]
May  7 23:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15143]: Disconnected from 182.18.139.237 port 51266 [preauth]
May  7 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14011]: pam_unix(cron:session): session closed for user root
May  7 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session closed for user p13x
May  7 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: Successful su for rubyman by root
May  7 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: + ??? root:rubyman
May  7 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349760 of user rubyman.
May  7 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15331]: pam_unix(su:session): session closed for user rubyman
May  7 23:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349760.
May  7 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12686]: pam_unix(cron:session): session closed for user root
May  7 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user samftp
May  7 23:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77  user=root
May  7 23:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Failed password for root from 167.71.228.77 port 55440 ssh2
May  7 23:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Received disconnect from 167.71.228.77 port 55440:11: Bye Bye [preauth]
May  7 23:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Disconnected from 167.71.228.77 port 55440 [preauth]
May  7 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Invalid user explore from 134.199.210.64
May  7 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: input_userauth_request: invalid user explore [preauth]
May  7 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Failed password for invalid user explore from 134.199.210.64 port 56388 ssh2
May  7 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Received disconnect from 134.199.210.64 port 56388:11: Bye Bye [preauth]
May  7 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15547]: Disconnected from 134.199.210.64 port 56388 [preauth]
May  7 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14444]: pam_unix(cron:session): session closed for user root
May  7 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user p13x
May  7 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: Successful su for rubyman by root
May  7 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: + ??? root:rubyman
May  7 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349763 of user rubyman.
May  7 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15727]: pam_unix(su:session): session closed for user rubyman
May  7 23:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349763.
May  7 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13091]: pam_unix(cron:session): session closed for user root
May  7 23:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user samftp
May  7 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  7 23:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Failed password for root from 23.91.96.123 port 52442 ssh2
May  7 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Received disconnect from 23.91.96.123 port 52442:11: Bye Bye [preauth]
May  7 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15912]: Disconnected from 23.91.96.123 port 52442 [preauth]
May  7 23:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 23:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for root from 218.92.0.232 port 62336 ssh2
May  7 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for root from 218.92.0.232 port 62336 ssh2
May  7 23:49:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for root from 218.92.0.232 port 62336 ssh2
May  7 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Received disconnect from 218.92.0.232 port 62336:11:  [preauth]
May  7 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Disconnected from 218.92.0.232 port 62336 [preauth]
May  7 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  7 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Invalid user oracle from 101.36.113.80
May  7 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: input_userauth_request: invalid user oracle [preauth]
May  7 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Failed password for invalid user oracle from 101.36.113.80 port 49560 ssh2
May  7 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Received disconnect from 101.36.113.80 port 49560:11: Bye Bye [preauth]
May  7 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15950]: Disconnected from 101.36.113.80 port 49560 [preauth]
May  7 23:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14856]: pam_unix(cron:session): session closed for user root
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session closed for user root
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16061]: pam_unix(cron:session): session closed for user p13x
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16129]: Successful su for rubyman by root
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16129]: + ??? root:rubyman
May  7 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349770 of user rubyman.
May  7 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16129]: pam_unix(su:session): session closed for user rubyman
May  7 23:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349770.
May  7 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16063]: pam_unix(cron:session): session closed for user root
May  7 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13591]: pam_unix(cron:session): session closed for user root
May  7 23:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16062]: pam_unix(cron:session): session closed for user samftp
May  7 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Invalid user readarr from 43.154.90.106
May  7 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: input_userauth_request: invalid user readarr [preauth]
May  7 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Failed password for invalid user readarr from 43.154.90.106 port 45736 ssh2
May  7 23:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Received disconnect from 43.154.90.106 port 45736:11: Bye Bye [preauth]
May  7 23:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Disconnected from 43.154.90.106 port 45736 [preauth]
May  7 23:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  7 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
May  7 23:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Failed password for root from 197.248.178.226 port 51170 ssh2
May  7 23:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Received disconnect from 197.248.178.226 port 51170:11: Bye Bye [preauth]
May  7 23:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16394]: Disconnected from 197.248.178.226 port 51170 [preauth]
May  7 23:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 23:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Failed password for root from 218.92.0.231 port 37674 ssh2
May  7 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 37674 ssh2]
May  7 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Received disconnect from 218.92.0.231 port 37674:11:  [preauth]
May  7 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: Disconnected from 218.92.0.231 port 37674 [preauth]
May  7 23:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16460]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  7 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16506]: pam_unix(cron:session): session closed for user p13x
May  7 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: Successful su for rubyman by root
May  7 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: + ??? root:rubyman
May  7 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349773 of user rubyman.
May  7 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16591]: pam_unix(su:session): session closed for user rubyman
May  7 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349773.
May  7 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14010]: pam_unix(cron:session): session closed for user root
May  7 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16474]: Did not receive identification string from 130.195.4.213
May  7 23:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session closed for user samftp
May  7 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15666]: pam_unix(cron:session): session closed for user root
May  7 23:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Invalid user afc from 91.151.88.235
May  7 23:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: input_userauth_request: invalid user afc [preauth]
May  7 23:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Failed password for invalid user afc from 91.151.88.235 port 59668 ssh2
May  7 23:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Received disconnect from 91.151.88.235 port 59668:11: Bye Bye [preauth]
May  7 23:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16901]: Disconnected from 91.151.88.235 port 59668 [preauth]
May  7 23:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Invalid user jenkins from 52.183.128.237
May  7 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: input_userauth_request: invalid user jenkins [preauth]
May  7 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  7 23:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Failed password for invalid user jenkins from 52.183.128.237 port 50522 ssh2
May  7 23:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Received disconnect from 52.183.128.237 port 50522:11: Bye Bye [preauth]
May  7 23:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16918]: Disconnected from 52.183.128.237 port 50522 [preauth]
May  7 23:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Invalid user sol from 146.190.93.207
May  7 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: input_userauth_request: invalid user sol [preauth]
May  7 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  7 23:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Failed password for invalid user sol from 146.190.93.207 port 33004 ssh2
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Invalid user shellinabox from 185.40.7.197
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: input_userauth_request: invalid user shellinabox [preauth]
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Received disconnect from 146.190.93.207 port 33004:11: Bye Bye [preauth]
May  7 23:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16947]: Disconnected from 146.190.93.207 port 33004 [preauth]
May  7 23:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Failed password for invalid user shellinabox from 185.40.7.197 port 50866 ssh2
May  7 23:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Received disconnect from 185.40.7.197 port 50866:11: Bye Bye [preauth]
May  7 23:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16957]: Disconnected from 185.40.7.197 port 50866 [preauth]
May  7 23:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  7 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Failed password for root from 182.18.139.237 port 54910 ssh2
May  7 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Received disconnect from 182.18.139.237 port 54910:11: Bye Bye [preauth]
May  7 23:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16959]: Disconnected from 182.18.139.237 port 54910 [preauth]
May  7 23:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  7 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: Failed password for root from 103.149.28.105 port 40634 ssh2
May  7 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: Received disconnect from 103.149.28.105 port 40634:11: Bye Bye [preauth]
May  7 23:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16970]: Disconnected from 103.149.28.105 port 40634 [preauth]
May  7 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16992]: pam_unix(cron:session): session closed for user p13x
May  7 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17051]: Successful su for rubyman by root
May  7 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17051]: + ??? root:rubyman
May  7 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349778 of user rubyman.
May  7 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17051]: pam_unix(su:session): session closed for user rubyman
May  7 23:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349778.
May  7 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14443]: pam_unix(cron:session): session closed for user root
May  7 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16993]: pam_unix(cron:session): session closed for user samftp
May  7 23:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16065]: pam_unix(cron:session): session closed for user root
May  7 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Invalid user matt from 134.199.210.64
May  7 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: input_userauth_request: invalid user matt [preauth]
May  7 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Failed password for invalid user matt from 134.199.210.64 port 60018 ssh2
May  7 23:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Received disconnect from 134.199.210.64 port 60018:11: Bye Bye [preauth]
May  7 23:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17359]: Disconnected from 134.199.210.64 port 60018 [preauth]
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17388]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17388]: pam_unix(cron:session): session closed for user p13x
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17452]: Successful su for rubyman by root
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17452]: + ??? root:rubyman
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349781 of user rubyman.
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17452]: pam_unix(su:session): session closed for user rubyman
May  7 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349781.
May  7 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14855]: pam_unix(cron:session): session closed for user root
May  7 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17389]: pam_unix(cron:session): session closed for user samftp
May  7 23:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16512]: pam_unix(cron:session): session closed for user root
May  7 23:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77  user=root
May  7 23:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 167.71.228.77 port 42288 ssh2
May  7 23:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Received disconnect from 167.71.228.77 port 42288:11: Bye Bye [preauth]
May  7 23:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Disconnected from 167.71.228.77 port 42288 [preauth]
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session closed for user p13x
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: Successful su for rubyman by root
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: + ??? root:rubyman
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349786 of user rubyman.
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17978]: pam_unix(su:session): session closed for user rubyman
May  7 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349786.
May  7 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user root
May  7 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session closed for user samftp
May  7 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: Invalid user ubuntu from 23.91.96.123
May  7 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: input_userauth_request: invalid user ubuntu [preauth]
May  7 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  7 23:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: Failed password for invalid user ubuntu from 23.91.96.123 port 56122 ssh2
May  7 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: Received disconnect from 23.91.96.123 port 56122:11: Bye Bye [preauth]
May  7 23:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18184]: Disconnected from 23.91.96.123 port 56122 [preauth]
May  7 23:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Invalid user intell from 101.36.113.80
May  7 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: input_userauth_request: invalid user intell [preauth]
May  7 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Failed password for invalid user intell from 101.36.113.80 port 35710 ssh2
May  7 23:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Received disconnect from 101.36.113.80 port 35710:11: Bye Bye [preauth]
May  7 23:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18206]: Disconnected from 101.36.113.80 port 35710 [preauth]
May  7 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user root
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18341]: pam_unix(cron:session): session closed for user root
May  7 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18336]: pam_unix(cron:session): session closed for user p13x
May  7 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18415]: Successful su for rubyman by root
May  7 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18415]: + ??? root:rubyman
May  7 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349794 of user rubyman.
May  7 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18415]: pam_unix(su:session): session closed for user rubyman
May  7 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349794.
May  7 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18338]: pam_unix(cron:session): session closed for user root
May  7 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15665]: pam_unix(cron:session): session closed for user root
May  7 23:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18337]: pam_unix(cron:session): session closed for user samftp
May  7 23:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Invalid user test from 80.94.95.116
May  7 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: input_userauth_request: invalid user test [preauth]
May  7 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  7 23:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Failed password for invalid user test from 80.94.95.116 port 61154 ssh2
May  7 23:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18644]: Connection closed by 80.94.95.116 port 61154 [preauth]
May  7 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17391]: pam_unix(cron:session): session closed for user root
May  7 23:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Invalid user oracle from 43.154.90.106
May  7 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: input_userauth_request: invalid user oracle [preauth]
May  7 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  7 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Failed password for invalid user oracle from 43.154.90.106 port 45444 ssh2
May  7 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Received disconnect from 43.154.90.106 port 45444:11: Bye Bye [preauth]
May  7 23:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18717]: Disconnected from 43.154.90.106 port 45444 [preauth]
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18784]: pam_unix(cron:session): session closed for user p13x
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: Successful su for rubyman by root
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: + ??? root:rubyman
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349796 of user rubyman.
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18855]: pam_unix(su:session): session closed for user rubyman
May  7 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349796.
May  7 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16064]: pam_unix(cron:session): session closed for user root
May  7 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18785]: pam_unix(cron:session): session closed for user samftp
May  7 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Invalid user postgres from 185.40.7.197
May  7 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: input_userauth_request: invalid user postgres [preauth]
May  7 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  7 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Failed password for invalid user postgres from 185.40.7.197 port 57028 ssh2
May  7 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Received disconnect from 185.40.7.197 port 57028:11: Bye Bye [preauth]
May  7 23:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19058]: Disconnected from 185.40.7.197 port 57028 [preauth]
May  7 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  7 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Invalid user user33 from 197.248.178.226
May  7 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: input_userauth_request: invalid user user33 [preauth]
May  7 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  7 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Failed password for root from 182.18.139.237 port 58562 ssh2
May  7 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Received disconnect from 182.18.139.237 port 58562:11: Bye Bye [preauth]
May  7 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19088]: Disconnected from 182.18.139.237 port 58562 [preauth]
May  7 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Failed password for invalid user user33 from 197.248.178.226 port 44666 ssh2
May  7 23:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Received disconnect from 197.248.178.226 port 44666:11: Bye Bye [preauth]
May  7 23:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Disconnected from 197.248.178.226 port 44666 [preauth]
May  7 23:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session closed for user root
May  7 23:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: Invalid user umg from 52.183.128.237
May  7 23:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: input_userauth_request: invalid user umg [preauth]
May  7 23:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  7 23:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: Failed password for invalid user umg from 52.183.128.237 port 58944 ssh2
May  7 23:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: Received disconnect from 52.183.128.237 port 58944:11: Bye Bye [preauth]
May  7 23:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19186]: Disconnected from 52.183.128.237 port 58944 [preauth]
May  7 23:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Invalid user sol from 146.190.93.207
May  7 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: input_userauth_request: invalid user sol [preauth]
May  7 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19202]: pam_unix(cron:session): session closed for user p13x
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: Successful su for rubyman by root
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: + ??? root:rubyman
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349799 of user rubyman.
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19273]: pam_unix(su:session): session closed for user rubyman
May  7 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349799.
May  7 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Failed password for invalid user sol from 146.190.93.207 port 54252 ssh2
May  7 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Received disconnect from 146.190.93.207 port 54252:11: Bye Bye [preauth]
May  7 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19199]: Disconnected from 146.190.93.207 port 54252 [preauth]
May  7 23:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16511]: pam_unix(cron:session): session closed for user root
May  7 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user samftp
May  7 23:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: Invalid user prakash from 91.151.88.235
May  7 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: input_userauth_request: invalid user prakash [preauth]
May  7 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  7 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: Failed password for invalid user prakash from 91.151.88.235 port 42106 ssh2
May  7 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: Received disconnect from 91.151.88.235 port 42106:11: Bye Bye [preauth]
May  7 23:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19458]: Disconnected from 91.151.88.235 port 42106 [preauth]
May  7 23:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Invalid user sahil from 134.199.210.64
May  7 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: input_userauth_request: invalid user sahil [preauth]
May  7 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  7 23:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Failed password for invalid user sahil from 134.199.210.64 port 52178 ssh2
May  7 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Received disconnect from 134.199.210.64 port 52178:11: Bye Bye [preauth]
May  7 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19494]: Disconnected from 134.199.210.64 port 52178 [preauth]
May  7 23:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: Failed password for root from 218.92.0.215 port 55704 ssh2
May  7 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: message repeated 4 times: [ Failed password for root from 218.92.0.215 port 55704 ssh2]
May  7 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 55704 ssh2 [preauth]
May  7 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: Disconnecting: Too many authentication failures [preauth]
May  7 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  7 23:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19492]: PAM service(sshd) ignoring max retries; 5 > 3
May  7 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18340]: pam_unix(cron:session): session closed for user root
May  7 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session closed for user p13x
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: Successful su for rubyman by root
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: + ??? root:rubyman
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349803 of user rubyman.
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: pam_unix(su:session): session closed for user rubyman
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349803.
May  7 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  7 23:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Failed password for root from 103.149.28.105 port 48510 ssh2
May  7 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Received disconnect from 103.149.28.105 port 48510:11: Bye Bye [preauth]
May  7 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Disconnected from 103.149.28.105 port 48510 [preauth]
May  7 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  7 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16994]: pam_unix(cron:session): session closed for user root
May  7 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Failed password for root from 190.103.202.7 port 58800 ssh2
May  7 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user samftp
May  7 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19788]: Connection closed by 190.103.202.7 port 58800 [preauth]
May  7 23:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18788]: pam_unix(cron:session): session closed for user root
May  7 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  7 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  7 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  7 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session closed for user p13x
May  7 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: Successful su for rubyman by root
May  7 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: + ??? root:rubyman
May  7 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  7 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349808 of user rubyman.
May  7 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: pam_unix(su:session): session closed for user rubyman
May  7 23:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349808.
May  7 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17390]: pam_unix(cron:session): session closed for user root
May  7 23:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20052]: pam_unix(cron:session): session closed for user samftp
May  7 23:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77  user=root
May  7 23:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Invalid user shao from 23.91.96.123
May  7 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: input_userauth_request: invalid user shao [preauth]
May  7 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  7 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: Failed password for root from 167.71.228.77 port 34170 ssh2
May  7 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: Received disconnect from 167.71.228.77 port 34170:11: Bye Bye [preauth]
May  7 23:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20277]: Disconnected from 167.71.228.77 port 34170 [preauth]
May  7 23:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Failed password for invalid user shao from 23.91.96.123 port 57536 ssh2
May  7 23:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Received disconnect from 23.91.96.123 port 57536:11: Bye Bye [preauth]
May  7 23:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20300]: Disconnected from 23.91.96.123 port 57536 [preauth]
May  7 23:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  7 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Invalid user maria from 101.36.113.80
May  7 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: input_userauth_request: invalid user maria [preauth]
May  7 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: pam_unix(sshd:auth): check pass; user unknown
May  7 23:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  7 23:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Failed password for invalid user maria from 101.36.113.80 port 57628 ssh2
May  7 23:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Received disconnect from 101.36.113.80 port 57628:11: Bye Bye [preauth]
May  7 23:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20322]: Disconnected from 101.36.113.80 port 57628 [preauth]
May  7 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session closed for user root
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20461]: pam_unix(cron:session): session closed for user root
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20455]: pam_unix(cron:session): session closed for user root
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20452]: pam_unix(cron:session): session closed for user p13x
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20550]: Successful su for rubyman by root
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20550]: + ??? root:rubyman
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349815 of user rubyman.
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20550]: pam_unix(su:session): session closed for user rubyman
May  8 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349815.
May  8 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20456]: pam_unix(cron:session): session closed for user root
May  8 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session closed for user root
May  8 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20454]: pam_unix(cron:session): session closed for user samftp
May  8 00:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Invalid user kale from 101.36.122.23
May  8 00:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: input_userauth_request: invalid user kale [preauth]
May  8 00:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Failed password for invalid user kale from 101.36.122.23 port 56774 ssh2
May  8 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Received disconnect from 101.36.122.23 port 56774:11: Bye Bye [preauth]
May  8 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20805]: Disconnected from 101.36.122.23 port 56774 [preauth]
May  8 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session closed for user root
May  8 00:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Invalid user ubadmin from 43.154.90.106
May  8 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: input_userauth_request: invalid user ubadmin [preauth]
May  8 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Failed password for invalid user ubadmin from 43.154.90.106 port 51814 ssh2
May  8 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Received disconnect from 43.154.90.106 port 51814:11: Bye Bye [preauth]
May  8 00:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20914]: Disconnected from 43.154.90.106 port 51814 [preauth]
May  8 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: Invalid user django from 185.40.7.197
May  8 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: input_userauth_request: invalid user django [preauth]
May  8 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.40.7.197
May  8 00:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: Failed password for invalid user django from 185.40.7.197 port 40442 ssh2
May  8 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: Received disconnect from 185.40.7.197 port 40442:11: Bye Bye [preauth]
May  8 00:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20926]: Disconnected from 185.40.7.197 port 40442 [preauth]
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20975]: pam_unix(cron:session): session closed for user root
May  8 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20977]: pam_unix(cron:session): session closed for user p13x
May  8 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21045]: Successful su for rubyman by root
May  8 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21045]: + ??? root:rubyman
May  8 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21045]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349820 of user rubyman.
May  8 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21045]: pam_unix(su:session): session closed for user rubyman
May  8 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349820.
May  8 00:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18339]: pam_unix(cron:session): session closed for user root
May  8 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: Invalid user solarwinds from 182.18.139.237
May  8 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: input_userauth_request: invalid user solarwinds [preauth]
May  8 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  8 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20978]: pam_unix(cron:session): session closed for user samftp
May  8 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: Failed password for invalid user solarwinds from 182.18.139.237 port 33980 ssh2
May  8 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: Received disconnect from 182.18.139.237 port 33980:11: Bye Bye [preauth]
May  8 00:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21194]: Disconnected from 182.18.139.237 port 33980 [preauth]
May  8 00:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20056]: pam_unix(cron:session): session closed for user root
May  8 00:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20928]: Connection reset by 218.92.0.217 port 52248 [preauth]
May  8 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Invalid user armin from 134.199.210.64
May  8 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: input_userauth_request: invalid user armin [preauth]
May  8 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Failed password for invalid user armin from 134.199.210.64 port 52456 ssh2
May  8 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Received disconnect from 134.199.210.64 port 52456:11: Bye Bye [preauth]
May  8 00:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21419]: Disconnected from 134.199.210.64 port 52456 [preauth]
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session closed for user p13x
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21487]: Successful su for rubyman by root
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21487]: + ??? root:rubyman
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349825 of user rubyman.
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21487]: pam_unix(su:session): session closed for user rubyman
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349825.
May  8 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: Invalid user thor from 164.68.105.9
May  8 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: input_userauth_request: invalid user thor [preauth]
May  8 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18786]: pam_unix(cron:session): session closed for user root
May  8 00:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: Failed password for invalid user thor from 164.68.105.9 port 50334 ssh2
May  8 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21513]: Connection closed by 164.68.105.9 port 50334 [preauth]
May  8 00:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session closed for user samftp
May  8 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Invalid user sg from 146.190.93.207
May  8 00:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: input_userauth_request: invalid user sg [preauth]
May  8 00:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Failed password for invalid user sg from 146.190.93.207 port 37000 ssh2
May  8 00:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Received disconnect from 146.190.93.207 port 37000:11: Bye Bye [preauth]
May  8 00:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21709]: Disconnected from 146.190.93.207 port 37000 [preauth]
May  8 00:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  8 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Failed password for root from 52.183.128.237 port 39180 ssh2
May  8 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Received disconnect from 52.183.128.237 port 39180:11: Bye Bye [preauth]
May  8 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21720]: Disconnected from 52.183.128.237 port 39180 [preauth]
May  8 00:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Invalid user raphael from 197.248.178.226
May  8 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: input_userauth_request: invalid user raphael [preauth]
May  8 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 00:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Failed password for invalid user raphael from 197.248.178.226 port 58348 ssh2
May  8 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Received disconnect from 197.248.178.226 port 58348:11: Bye Bye [preauth]
May  8 00:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Disconnected from 197.248.178.226 port 58348 [preauth]
May  8 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20458]: pam_unix(cron:session): session closed for user root
May  8 00:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Invalid user hjseo from 91.151.88.235
May  8 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: input_userauth_request: invalid user hjseo [preauth]
May  8 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Failed password for invalid user hjseo from 91.151.88.235 port 46000 ssh2
May  8 00:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Received disconnect from 91.151.88.235 port 46000:11: Bye Bye [preauth]
May  8 00:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22096]: Disconnected from 91.151.88.235 port 46000 [preauth]
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22161]: pam_unix(cron:session): session closed for user p13x
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22232]: Successful su for rubyman by root
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22232]: + ??? root:rubyman
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22232]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349827 of user rubyman.
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22232]: pam_unix(su:session): session closed for user rubyman
May  8 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349827.
May  8 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user root
May  8 00:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22162]: pam_unix(cron:session): session closed for user samftp
May  8 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20980]: pam_unix(cron:session): session closed for user root
May  8 00:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 00:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:35.216.201.71
May  8 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22653]: pam_unix(cron:session): session closed for user p13x
May  8 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22722]: Successful su for rubyman by root
May  8 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22722]: + ??? root:rubyman
May  8 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349831 of user rubyman.
May  8 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22722]: pam_unix(su:session): session closed for user rubyman
May  8 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349831.
May  8 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session closed for user root
May  8 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22654]: pam_unix(cron:session): session closed for user samftp
May  8 00:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Invalid user psg from 23.91.96.123
May  8 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: input_userauth_request: invalid user psg [preauth]
May  8 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Failed password for invalid user psg from 23.91.96.123 port 45196 ssh2
May  8 00:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Received disconnect from 23.91.96.123 port 45196:11: Bye Bye [preauth]
May  8 00:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22934]: Disconnected from 23.91.96.123 port 45196 [preauth]
May  8 00:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: Failed password for root from 103.149.28.105 port 56380 ssh2
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: Received disconnect from 103.149.28.105 port 56380:11: Bye Bye [preauth]
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: Disconnected from 103.149.28.105 port 56380 [preauth]
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Invalid user rocky from 101.36.113.80
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: input_userauth_request: invalid user rocky [preauth]
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:04:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Failed password for invalid user rocky from 101.36.113.80 port 53582 ssh2
May  8 00:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Received disconnect from 101.36.113.80 port 53582:11: Bye Bye [preauth]
May  8 00:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: Disconnected from 101.36.113.80 port 53582 [preauth]
May  8 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session closed for user root
May  8 00:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Invalid user arnaldo from 167.71.228.77
May  8 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: input_userauth_request: invalid user arnaldo [preauth]
May  8 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.228.77
May  8 00:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Failed password for invalid user arnaldo from 167.71.228.77 port 36838 ssh2
May  8 00:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Received disconnect from 167.71.228.77 port 36838:11: Bye Bye [preauth]
May  8 00:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23068]: Disconnected from 167.71.228.77 port 36838 [preauth]
May  8 00:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  8 00:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Failed password for root from 218.92.0.227 port 62180 ssh2
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user root
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23120]: pam_unix(cron:session): session closed for user p13x
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: Successful su for rubyman by root
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: + ??? root:rubyman
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349837 of user rubyman.
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23199]: pam_unix(su:session): session closed for user rubyman
May  8 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349837.
May  8 00:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Failed password for root from 218.92.0.227 port 62180 ssh2
May  8 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Failed password for root from 218.92.0.227 port 62180 ssh2
May  8 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23122]: pam_unix(cron:session): session closed for user root
May  8 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Received disconnect from 218.92.0.227 port 62180:11:  [preauth]
May  8 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Disconnected from 218.92.0.227 port 62180 [preauth]
May  8 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  8 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20055]: pam_unix(cron:session): session closed for user root
May  8 00:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23121]: pam_unix(cron:session): session closed for user samftp
May  8 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  8 00:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: Failed password for root from 218.92.0.227 port 10636 ssh2
May  8 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22164]: pam_unix(cron:session): session closed for user root
May  8 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: Failed password for root from 218.92.0.227 port 10636 ssh2
May  8 00:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: Failed password for root from 218.92.0.227 port 10636 ssh2
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: Received disconnect from 218.92.0.227 port 10636:11:  [preauth]
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: Disconnected from 218.92.0.227 port 10636 [preauth]
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23568]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Invalid user admin from 80.94.95.112
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: input_userauth_request: invalid user admin [preauth]
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Failed password for invalid user admin from 80.94.95.112 port 59842 ssh2
May  8 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: Invalid user sammy from 182.18.139.237
May  8 00:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: input_userauth_request: invalid user sammy [preauth]
May  8 00:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  8 00:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Failed password for invalid user admin from 80.94.95.112 port 59842 ssh2
May  8 00:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: Failed password for invalid user sammy from 182.18.139.237 port 37612 ssh2
May  8 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: Received disconnect from 182.18.139.237 port 37612:11: Bye Bye [preauth]
May  8 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23618]: Disconnected from 182.18.139.237 port 37612 [preauth]
May  8 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Failed password for invalid user admin from 80.94.95.112 port 59842 ssh2
May  8 00:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Failed password for invalid user admin from 80.94.95.112 port 59842 ssh2
May  8 00:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Failed password for invalid user admin from 80.94.95.112 port 59842 ssh2
May  8 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Received disconnect from 80.94.95.112 port 59842:11: Bye [preauth]
May  8 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: Disconnected from 80.94.95.112 port 59842 [preauth]
May  8 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23605]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Invalid user admin from 80.94.95.241
May  8 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: input_userauth_request: invalid user admin [preauth]
May  8 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 00:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  8 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Failed password for invalid user admin from 80.94.95.241 port 46774 ssh2
May  8 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Failed password for root from 218.92.0.227 port 42910 ssh2
May  8 00:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Failed password for invalid user admin from 80.94.95.241 port 46774 ssh2
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Invalid user ljsoft from 43.154.90.106
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: input_userauth_request: invalid user ljsoft [preauth]
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Failed password for root from 218.92.0.227 port 42910 ssh2
May  8 00:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Failed password for invalid user ljsoft from 43.154.90.106 port 58300 ssh2
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Failed password for invalid user admin from 80.94.95.241 port 46774 ssh2
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Received disconnect from 43.154.90.106 port 58300:11: Bye Bye [preauth]
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23662]: Disconnected from 43.154.90.106 port 58300 [preauth]
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Failed password for root from 218.92.0.227 port 42910 ssh2
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Received disconnect from 218.92.0.227 port 42910:11:  [preauth]
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: Disconnected from 218.92.0.227 port 42910 [preauth]
May  8 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23650]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.227  user=root
May  8 00:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Failed password for invalid user admin from 80.94.95.241 port 46774 ssh2
May  8 00:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Failed password for invalid user admin from 80.94.95.241 port 46774 ssh2
May  8 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Received disconnect from 80.94.95.241 port 46774:11: Bye [preauth]
May  8 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: Disconnected from 80.94.95.241 port 46774 [preauth]
May  8 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 00:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23651]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23674]: pam_unix(cron:session): session closed for user p13x
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: Successful su for rubyman by root
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: + ??? root:rubyman
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349841 of user rubyman.
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23743]: pam_unix(su:session): session closed for user rubyman
May  8 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349841.
May  8 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20457]: pam_unix(cron:session): session closed for user root
May  8 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23675]: pam_unix(cron:session): session closed for user samftp
May  8 00:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24061]: Connection closed by 130.195.4.213 port 54974 [preauth]
May  8 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Invalid user webadm from 134.199.210.64
May  8 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: input_userauth_request: invalid user webadm [preauth]
May  8 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Failed password for invalid user webadm from 134.199.210.64 port 41702 ssh2
May  8 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Received disconnect from 134.199.210.64 port 41702:11: Bye Bye [preauth]
May  8 00:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24113]: Disconnected from 134.199.210.64 port 41702 [preauth]
May  8 00:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22657]: pam_unix(cron:session): session closed for user root
May  8 00:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24224]: pam_unix(cron:session): session closed for user p13x
May  8 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: Successful su for rubyman by root
May  8 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: + ??? root:rubyman
May  8 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349845 of user rubyman.
May  8 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24296]: pam_unix(su:session): session closed for user rubyman
May  8 00:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349845.
May  8 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20979]: pam_unix(cron:session): session closed for user root
May  8 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24225]: pam_unix(cron:session): session closed for user samftp
May  8 00:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Invalid user pp from 146.190.93.207
May  8 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: input_userauth_request: invalid user pp [preauth]
May  8 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Failed password for invalid user pp from 146.190.93.207 port 44642 ssh2
May  8 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Received disconnect from 146.190.93.207 port 44642:11: Bye Bye [preauth]
May  8 00:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24534]: Disconnected from 146.190.93.207 port 44642 [preauth]
May  8 00:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Invalid user shao from 52.183.128.237
May  8 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: input_userauth_request: invalid user shao [preauth]
May  8 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 00:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Failed password for invalid user shao from 52.183.128.237 port 47682 ssh2
May  8 00:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Received disconnect from 52.183.128.237 port 47682:11: Bye Bye [preauth]
May  8 00:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24570]: Disconnected from 52.183.128.237 port 47682 [preauth]
May  8 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user root
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24665]: pam_unix(cron:session): session closed for user p13x
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: Successful su for rubyman by root
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: + ??? root:rubyman
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349849 of user rubyman.
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24731]: pam_unix(su:session): session closed for user rubyman
May  8 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349849.
May  8 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session closed for user root
May  8 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24666]: pam_unix(cron:session): session closed for user samftp
May  8 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Invalid user stefano from 197.248.178.226
May  8 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: input_userauth_request: invalid user stefano [preauth]
May  8 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 00:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Failed password for invalid user stefano from 197.248.178.226 port 52670 ssh2
May  8 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Invalid user forest from 91.151.88.235
May  8 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: input_userauth_request: invalid user forest [preauth]
May  8 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Received disconnect from 197.248.178.226 port 52670:11: Bye Bye [preauth]
May  8 00:08:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24895]: Disconnected from 197.248.178.226 port 52670 [preauth]
May  8 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Failed password for invalid user forest from 91.151.88.235 port 36790 ssh2
May  8 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Received disconnect from 91.151.88.235 port 36790:11: Bye Bye [preauth]
May  8 00:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24923]: Disconnected from 91.151.88.235 port 36790 [preauth]
May  8 00:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16  user=root
May  8 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Failed password for root from 194.0.234.16 port 34608 ssh2
May  8 00:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24935]: Connection closed by 194.0.234.16 port 34608 [preauth]
May  8 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23677]: pam_unix(cron:session): session closed for user root
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25080]: pam_unix(cron:session): session closed for user p13x
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: Successful su for rubyman by root
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: + ??? root:rubyman
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349855 of user rubyman.
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25202]: pam_unix(su:session): session closed for user rubyman
May  8 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349855.
May  8 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25078]: pam_unix(cron:session): session closed for user root
May  8 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22163]: pam_unix(cron:session): session closed for user root
May  8 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Invalid user ca from 23.91.96.123
May  8 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: input_userauth_request: invalid user ca [preauth]
May  8 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25081]: pam_unix(cron:session): session closed for user samftp
May  8 00:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Failed password for invalid user ca from 23.91.96.123 port 56026 ssh2
May  8 00:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Received disconnect from 23.91.96.123 port 56026:11: Bye Bye [preauth]
May  8 00:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25409]: Disconnected from 23.91.96.123 port 56026 [preauth]
May  8 00:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: Invalid user user8 from 101.36.113.80
May  8 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: input_userauth_request: invalid user user8 [preauth]
May  8 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: Failed password for invalid user user8 from 101.36.113.80 port 36934 ssh2
May  8 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: Received disconnect from 101.36.113.80 port 36934:11: Bye Bye [preauth]
May  8 00:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25443]: Disconnected from 101.36.113.80 port 36934 [preauth]
May  8 00:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24227]: pam_unix(cron:session): session closed for user root
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25602]: pam_unix(cron:session): session closed for user root
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25596]: pam_unix(cron:session): session closed for user p13x
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25703]: Successful su for rubyman by root
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25703]: + ??? root:rubyman
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349858 of user rubyman.
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25703]: pam_unix(su:session): session closed for user rubyman
May  8 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349858.
May  8 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25599]: pam_unix(cron:session): session closed for user root
May  8 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22656]: pam_unix(cron:session): session closed for user root
May  8 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25597]: pam_unix(cron:session): session closed for user samftp
May  8 00:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Invalid user test1234 from 182.18.139.237
May  8 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: input_userauth_request: invalid user test1234 [preauth]
May  8 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  8 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Failed password for invalid user test1234 from 182.18.139.237 port 41232 ssh2
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Invalid user postgres from 103.149.28.105
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: input_userauth_request: invalid user postgres [preauth]
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Received disconnect from 182.18.139.237 port 41232:11: Bye Bye [preauth]
May  8 00:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Disconnected from 182.18.139.237 port 41232 [preauth]
May  8 00:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Failed password for invalid user postgres from 103.149.28.105 port 36016 ssh2
May  8 00:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Received disconnect from 103.149.28.105 port 36016:11: Bye Bye [preauth]
May  8 00:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25996]: Disconnected from 103.149.28.105 port 36016 [preauth]
May  8 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24668]: pam_unix(cron:session): session closed for user root
May  8 00:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: Invalid user lili from 134.199.210.64
May  8 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: input_userauth_request: invalid user lili [preauth]
May  8 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: Failed password for invalid user lili from 134.199.210.64 port 42946 ssh2
May  8 00:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: Received disconnect from 134.199.210.64 port 42946:11: Bye Bye [preauth]
May  8 00:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26109]: Disconnected from 134.199.210.64 port 42946 [preauth]
May  8 00:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Invalid user aaaa from 101.36.122.23
May  8 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: input_userauth_request: invalid user aaaa [preauth]
May  8 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Failed password for invalid user aaaa from 101.36.122.23 port 38134 ssh2
May  8 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Received disconnect from 101.36.122.23 port 38134:11: Bye Bye [preauth]
May  8 00:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26120]: Disconnected from 101.36.122.23 port 38134 [preauth]
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26132]: pam_unix(cron:session): session closed for user p13x
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26199]: Successful su for rubyman by root
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26199]: + ??? root:rubyman
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349864 of user rubyman.
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26199]: pam_unix(su:session): session closed for user rubyman
May  8 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349864.
May  8 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session closed for user root
May  8 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26133]: pam_unix(cron:session): session closed for user samftp
May  8 00:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106  user=root
May  8 00:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Failed password for root from 43.154.90.106 port 46154 ssh2
May  8 00:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Received disconnect from 43.154.90.106 port 46154:11: Bye Bye [preauth]
May  8 00:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26382]: Disconnected from 43.154.90.106 port 46154 [preauth]
May  8 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25083]: pam_unix(cron:session): session closed for user root
May  8 00:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Connection reset by 218.92.0.231 port 52112 [preauth]
May  8 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session closed for user p13x
May  8 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26683]: Successful su for rubyman by root
May  8 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26683]: + ??? root:rubyman
May  8 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349869 of user rubyman.
May  8 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26683]: pam_unix(su:session): session closed for user rubyman
May  8 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349869.
May  8 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23676]: pam_unix(cron:session): session closed for user root
May  8 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session closed for user samftp
May  8 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25601]: pam_unix(cron:session): session closed for user root
May  8 00:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  8 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Failed password for root from 146.190.93.207 port 43068 ssh2
May  8 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Received disconnect from 146.190.93.207 port 43068:11: Bye Bye [preauth]
May  8 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Disconnected from 146.190.93.207 port 43068 [preauth]
May  8 00:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  8 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27048]: Failed password for root from 52.183.128.237 port 56146 ssh2
May  8 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27048]: Received disconnect from 52.183.128.237 port 56146:11: Bye Bye [preauth]
May  8 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27048]: Disconnected from 52.183.128.237 port 56146 [preauth]
May  8 00:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Invalid user elk_user from 80.94.95.125
May  8 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: input_userauth_request: invalid user elk_user [preauth]
May  8 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user elk_user from 80.94.95.125 port 63475 ssh2
May  8 00:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user elk_user from 80.94.95.125 port 63475 ssh2
May  8 00:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user elk_user from 80.94.95.125 port 63475 ssh2
May  8 00:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user elk_user from 80.94.95.125 port 63475 ssh2
May  8 00:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Failed password for invalid user elk_user from 80.94.95.125 port 63475 ssh2
May  8 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Received disconnect from 80.94.95.125 port 63475:11: Bye [preauth]
May  8 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: Disconnected from 80.94.95.125 port 63475 [preauth]
May  8 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 00:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27067]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27105]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27105]: pam_unix(cron:session): session closed for user p13x
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27172]: Successful su for rubyman by root
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27172]: + ??? root:rubyman
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349874 of user rubyman.
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27172]: pam_unix(su:session): session closed for user rubyman
May  8 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349874.
May  8 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24226]: pam_unix(cron:session): session closed for user root
May  8 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session closed for user samftp
May  8 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26135]: pam_unix(cron:session): session closed for user root
May  8 00:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Invalid user fabrice from 91.151.88.235
May  8 00:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: input_userauth_request: invalid user fabrice [preauth]
May  8 00:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Failed password for invalid user fabrice from 91.151.88.235 port 49244 ssh2
May  8 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Received disconnect from 91.151.88.235 port 49244:11: Bye Bye [preauth]
May  8 00:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27534]: Disconnected from 91.151.88.235 port 49244 [preauth]
May  8 00:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Invalid user admin from 197.248.178.226
May  8 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: input_userauth_request: invalid user admin [preauth]
May  8 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Failed password for invalid user admin from 197.248.178.226 port 32860 ssh2
May  8 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Received disconnect from 197.248.178.226 port 32860:11: Bye Bye [preauth]
May  8 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27579]: Disconnected from 197.248.178.226 port 32860 [preauth]
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27591]: pam_unix(cron:session): session closed for user p13x
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: Successful su for rubyman by root
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: + ??? root:rubyman
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349876 of user rubyman.
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: pam_unix(su:session): session closed for user rubyman
May  8 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349876.
May  8 00:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Invalid user siva from 23.91.96.123
May  8 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: input_userauth_request: invalid user siva [preauth]
May  8 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24667]: pam_unix(cron:session): session closed for user root
May  8 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27592]: pam_unix(cron:session): session closed for user samftp
May  8 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Failed password for invalid user siva from 23.91.96.123 port 49214 ssh2
May  8 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Received disconnect from 23.91.96.123 port 49214:11: Bye Bye [preauth]
May  8 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27734]: Disconnected from 23.91.96.123 port 49214 [preauth]
May  8 00:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Invalid user ljsoft from 101.36.113.80
May  8 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: input_userauth_request: invalid user ljsoft [preauth]
May  8 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Failed password for invalid user ljsoft from 101.36.113.80 port 45092 ssh2
May  8 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Received disconnect from 101.36.113.80 port 45092:11: Bye Bye [preauth]
May  8 00:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27859]: Disconnected from 101.36.113.80 port 45092 [preauth]
May  8 00:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26621]: pam_unix(cron:session): session closed for user root
May  8 00:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Invalid user ramtin from 182.18.139.237
May  8 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: input_userauth_request: invalid user ramtin [preauth]
May  8 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  8 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Failed password for invalid user ramtin from 182.18.139.237 port 44872 ssh2
May  8 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Received disconnect from 182.18.139.237 port 44872:11: Bye Bye [preauth]
May  8 00:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27963]: Disconnected from 182.18.139.237 port 44872 [preauth]
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28023]: pam_unix(cron:session): session closed for user root
May  8 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user p13x
May  8 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28088]: Successful su for rubyman by root
May  8 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28088]: + ??? root:rubyman
May  8 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28088]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349883 of user rubyman.
May  8 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28088]: pam_unix(su:session): session closed for user rubyman
May  8 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349883.
May  8 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session closed for user root
May  8 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25082]: pam_unix(cron:session): session closed for user root
May  8 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user samftp
May  8 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: Invalid user shreya from 134.199.210.64
May  8 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: input_userauth_request: invalid user shreya [preauth]
May  8 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: Failed password for invalid user shreya from 134.199.210.64 port 37250 ssh2
May  8 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: Received disconnect from 134.199.210.64 port 37250:11: Bye Bye [preauth]
May  8 00:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28361]: Disconnected from 134.199.210.64 port 37250 [preauth]
May  8 00:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session closed for user root
May  8 00:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 00:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Failed password for root from 80.94.95.125 port 20772 ssh2
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 20772 ssh2]
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28460]: pam_unix(cron:session): session closed for user p13x
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28532]: Successful su for rubyman by root
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28532]: + ??? root:rubyman
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349887 of user rubyman.
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28532]: pam_unix(su:session): session closed for user rubyman
May  8 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349887.
May  8 00:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Failed password for root from 80.94.95.125 port 20772 ssh2
May  8 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25600]: pam_unix(cron:session): session closed for user root
May  8 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Failed password for root from 80.94.95.125 port 20772 ssh2
May  8 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Received disconnect from 80.94.95.125 port 20772:11: Bye [preauth]
May  8 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Disconnected from 80.94.95.125 port 20772 [preauth]
May  8 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28461]: pam_unix(cron:session): session closed for user samftp
May  8 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Invalid user kamera from 101.36.122.23
May  8 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: input_userauth_request: invalid user kamera [preauth]
May  8 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Failed password for invalid user kamera from 101.36.122.23 port 58758 ssh2
May  8 00:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Received disconnect from 101.36.122.23 port 58758:11: Bye Bye [preauth]
May  8 00:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28744]: Disconnected from 101.36.122.23 port 58758 [preauth]
May  8 00:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 00:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Failed password for root from 103.149.28.105 port 43890 ssh2
May  8 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Received disconnect from 103.149.28.105 port 43890:11: Bye Bye [preauth]
May  8 00:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Disconnected from 103.149.28.105 port 43890 [preauth]
May  8 00:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Invalid user ict from 43.154.90.106
May  8 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: input_userauth_request: invalid user ict [preauth]
May  8 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27594]: pam_unix(cron:session): session closed for user root
May  8 00:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Failed password for invalid user ict from 43.154.90.106 port 41358 ssh2
May  8 00:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Received disconnect from 43.154.90.106 port 41358:11: Bye Bye [preauth]
May  8 00:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Disconnected from 43.154.90.106 port 41358 [preauth]
May  8 00:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  8 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: Failed password for root from 85.208.84.4 port 35570 ssh2
May  8 00:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: Connection closed by 85.208.84.4 port 35570 [preauth]
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28869]: pam_unix(cron:session): session closed for user root
May  8 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28871]: pam_unix(cron:session): session closed for user p13x
May  8 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: Successful su for rubyman by root
May  8 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: + ??? root:rubyman
May  8 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349890 of user rubyman.
May  8 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28942]: pam_unix(su:session): session closed for user rubyman
May  8 00:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349890.
May  8 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26134]: pam_unix(cron:session): session closed for user root
May  8 00:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28873]: pam_unix(cron:session): session closed for user samftp
May  8 00:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Failed password for root from 218.92.0.236 port 38346 ssh2
May  8 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 38346 ssh2]
May  8 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Received disconnect from 218.92.0.236 port 38346:11:  [preauth]
May  8 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: Disconnected from 218.92.0.236 port 38346 [preauth]
May  8 00:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29171]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28021]: pam_unix(cron:session): session closed for user root
May  8 00:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  8 00:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Failed password for root from 146.190.93.207 port 54778 ssh2
May  8 00:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Received disconnect from 146.190.93.207 port 54778:11: Bye Bye [preauth]
May  8 00:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29370]: Disconnected from 146.190.93.207 port 54778 [preauth]
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29383]: pam_unix(cron:session): session closed for user p13x
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29447]: Successful su for rubyman by root
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29447]: + ??? root:rubyman
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349895 of user rubyman.
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29447]: pam_unix(su:session): session closed for user rubyman
May  8 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349895.
May  8 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  8 00:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session closed for user root
May  8 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Failed password for root from 52.183.128.237 port 36404 ssh2
May  8 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Received disconnect from 52.183.128.237 port 36404:11: Bye Bye [preauth]
May  8 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29490]: Disconnected from 52.183.128.237 port 36404 [preauth]
May  8 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29384]: pam_unix(cron:session): session closed for user samftp
May  8 00:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28463]: pam_unix(cron:session): session closed for user root
May  8 00:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29680]: Connection closed by 130.195.4.213 port 39546 [preauth]
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session closed for user p13x
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: Successful su for rubyman by root
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: + ??? root:rubyman
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349899 of user rubyman.
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29865]: pam_unix(su:session): session closed for user rubyman
May  8 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349899.
May  8 00:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  8 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session closed for user root
May  8 00:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session closed for user samftp
May  8 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: Failed password for root from 23.91.96.123 port 54772 ssh2
May  8 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: Received disconnect from 23.91.96.123 port 54772:11: Bye Bye [preauth]
May  8 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: Disconnected from 23.91.96.123 port 54772 [preauth]
May  8 00:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Invalid user teacher from 91.151.88.235
May  8 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: input_userauth_request: invalid user teacher [preauth]
May  8 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Invalid user feng from 182.18.139.237
May  8 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: input_userauth_request: invalid user feng [preauth]
May  8 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  8 00:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Failed password for invalid user teacher from 91.151.88.235 port 33204 ssh2
May  8 00:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Received disconnect from 91.151.88.235 port 33204:11: Bye Bye [preauth]
May  8 00:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30056]: Disconnected from 91.151.88.235 port 33204 [preauth]
May  8 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Failed password for invalid user feng from 182.18.139.237 port 48502 ssh2
May  8 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Received disconnect from 182.18.139.237 port 48502:11: Bye Bye [preauth]
May  8 00:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30058]: Disconnected from 182.18.139.237 port 48502 [preauth]
May  8 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Invalid user bacon from 101.36.113.80
May  8 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: input_userauth_request: invalid user bacon [preauth]
May  8 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Failed password for invalid user bacon from 101.36.113.80 port 43876 ssh2
May  8 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Received disconnect from 101.36.113.80 port 43876:11: Bye Bye [preauth]
May  8 00:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30077]: Disconnected from 101.36.113.80 port 43876 [preauth]
May  8 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28875]: pam_unix(cron:session): session closed for user root
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session closed for user root
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session closed for user p13x
May  8 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Invalid user urban from 134.199.210.64
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: input_userauth_request: invalid user urban [preauth]
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: Successful su for rubyman by root
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: + ??? root:rubyman
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349906 of user rubyman.
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30277]: pam_unix(su:session): session closed for user rubyman
May  8 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349906.
May  8 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Failed password for invalid user urban from 134.199.210.64 port 52616 ssh2
May  8 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Received disconnect from 134.199.210.64 port 52616:11: Bye Bye [preauth]
May  8 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30264]: Disconnected from 134.199.210.64 port 52616 [preauth]
May  8 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session closed for user root
May  8 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27593]: pam_unix(cron:session): session closed for user root
May  8 00:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session closed for user samftp
May  8 00:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 00:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Failed password for root from 218.92.0.237 port 32014 ssh2
May  8 00:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 32014 ssh2]
May  8 00:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Received disconnect from 218.92.0.237 port 32014:11:  [preauth]
May  8 00:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: Disconnected from 218.92.0.237 port 32014 [preauth]
May  8 00:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30507]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29387]: pam_unix(cron:session): session closed for user root
May  8 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30636]: pam_unix(cron:session): session closed for user p13x
May  8 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: Successful su for rubyman by root
May  8 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: + ??? root:rubyman
May  8 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349911 of user rubyman.
May  8 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30706]: pam_unix(su:session): session closed for user rubyman
May  8 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349911.
May  8 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user root
May  8 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30637]: pam_unix(cron:session): session closed for user samftp
May  8 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Invalid user tejas from 101.36.122.23
May  8 00:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: input_userauth_request: invalid user tejas [preauth]
May  8 00:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Failed password for invalid user tejas from 101.36.122.23 port 38602 ssh2
May  8 00:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Received disconnect from 101.36.122.23 port 38602:11: Bye Bye [preauth]
May  8 00:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31020]: Disconnected from 101.36.122.23 port 38602 [preauth]
May  8 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session closed for user root
May  8 00:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Invalid user bacon from 43.154.90.106
May  8 00:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: input_userauth_request: invalid user bacon [preauth]
May  8 00:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Failed password for invalid user bacon from 43.154.90.106 port 49464 ssh2
May  8 00:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Received disconnect from 43.154.90.106 port 49464:11: Bye Bye [preauth]
May  8 00:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31096]: Disconnected from 43.154.90.106 port 49464 [preauth]
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31139]: pam_unix(cron:session): session closed for user p13x
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: Successful su for rubyman by root
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: + ??? root:rubyman
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349914 of user rubyman.
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31205]: pam_unix(su:session): session closed for user rubyman
May  8 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349914.
May  8 00:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28462]: pam_unix(cron:session): session closed for user root
May  8 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31140]: pam_unix(cron:session): session closed for user samftp
May  8 00:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 00:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: Failed password for root from 80.94.95.125 port 62938 ssh2
May  8 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 62938 ssh2]
May  8 00:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Invalid user cheng from 103.149.28.105
May  8 00:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: input_userauth_request: invalid user cheng [preauth]
May  8 00:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  8 00:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: Failed password for root from 80.94.95.125 port 62938 ssh2
May  8 00:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: Received disconnect from 80.94.95.125 port 62938:11: Bye [preauth]
May  8 00:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: Disconnected from 80.94.95.125 port 62938 [preauth]
May  8 00:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 00:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31432]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user root
May  8 00:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Failed password for invalid user cheng from 103.149.28.105 port 51760 ssh2
May  8 00:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Received disconnect from 103.149.28.105 port 51760:11: Bye Bye [preauth]
May  8 00:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31465]: Disconnected from 103.149.28.105 port 51760 [preauth]
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session closed for user p13x
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: Successful su for rubyman by root
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: + ??? root:rubyman
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349918 of user rubyman.
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31621]: pam_unix(su:session): session closed for user rubyman
May  8 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349918.
May  8 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Invalid user git from 146.190.93.207
May  8 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: input_userauth_request: invalid user git [preauth]
May  8 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28874]: pam_unix(cron:session): session closed for user root
May  8 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Failed password for invalid user git from 146.190.93.207 port 59672 ssh2
May  8 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Received disconnect from 146.190.93.207 port 59672:11: Bye Bye [preauth]
May  8 00:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: Disconnected from 146.190.93.207 port 59672 [preauth]
May  8 00:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session closed for user samftp
May  8 00:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Invalid user ubuntu from 52.183.128.237
May  8 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: input_userauth_request: invalid user ubuntu [preauth]
May  8 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 00:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Failed password for invalid user ubuntu from 52.183.128.237 port 44880 ssh2
May  8 00:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Received disconnect from 52.183.128.237 port 44880:11: Bye Bye [preauth]
May  8 00:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31870]: Disconnected from 52.183.128.237 port 44880 [preauth]
May  8 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30639]: pam_unix(cron:session): session closed for user root
May  8 00:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  8 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Failed password for root from 182.18.139.237 port 52124 ssh2
May  8 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Received disconnect from 182.18.139.237 port 52124:11: Bye Bye [preauth]
May  8 00:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32034]: Disconnected from 182.18.139.237 port 52124 [preauth]
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session closed for user p13x
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: Successful su for rubyman by root
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: + ??? root:rubyman
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349922 of user rubyman.
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32344]: pam_unix(su:session): session closed for user rubyman
May  8 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349922.
May  8 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29385]: pam_unix(cron:session): session closed for user root
May  8 00:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  8 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session closed for user samftp
May  8 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Failed password for root from 23.91.96.123 port 45424 ssh2
May  8 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Received disconnect from 23.91.96.123 port 45424:11: Bye Bye [preauth]
May  8 00:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32521]: Disconnected from 23.91.96.123 port 45424 [preauth]
May  8 00:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Invalid user asta from 101.36.113.80
May  8 00:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: input_userauth_request: invalid user asta [preauth]
May  8 00:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Failed password for invalid user asta from 101.36.113.80 port 42578 ssh2
May  8 00:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Received disconnect from 101.36.113.80 port 42578:11: Bye Bye [preauth]
May  8 00:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32575]: Disconnected from 101.36.113.80 port 42578 [preauth]
May  8 00:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Invalid user gits from 91.151.88.235
May  8 00:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: input_userauth_request: invalid user gits [preauth]
May  8 00:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Failed password for invalid user gits from 91.151.88.235 port 58896 ssh2
May  8 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Received disconnect from 91.151.88.235 port 58896:11: Bye Bye [preauth]
May  8 00:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32718]: Disconnected from 91.151.88.235 port 58896 [preauth]
May  8 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session closed for user root
May  8 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: Invalid user chris from 134.199.210.64
May  8 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: input_userauth_request: invalid user chris [preauth]
May  8 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: Failed password for invalid user chris from 134.199.210.64 port 47822 ssh2
May  8 00:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: Received disconnect from 134.199.210.64 port 47822:11: Bye Bye [preauth]
May  8 00:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: Disconnected from 134.199.210.64 port 47822 [preauth]
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session closed for user root
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[371]: pam_unix(cron:session): session closed for user p13x
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[485]: Successful su for rubyman by root
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[485]: + ??? root:rubyman
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349928 of user rubyman.
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[485]: pam_unix(su:session): session closed for user rubyman
May  8 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349928.
May  8 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session closed for user root
May  8 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[374]: pam_unix(cron:session): session closed for user root
May  8 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[373]: pam_unix(cron:session): session closed for user samftp
May  8 00:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31562]: pam_unix(cron:session): session closed for user root
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[901]: pam_unix(cron:session): session closed for user p13x
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: Successful su for rubyman by root
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: + ??? root:rubyman
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349932 of user rubyman.
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[988]: pam_unix(su:session): session closed for user rubyman
May  8 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349932.
May  8 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session closed for user root
May  8 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session closed for user samftp
May  8 00:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Invalid user axel from 101.36.122.23
May  8 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: input_userauth_request: invalid user axel [preauth]
May  8 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for invalid user axel from 101.36.122.23 port 34992 ssh2
May  8 00:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Received disconnect from 101.36.122.23 port 34992:11: Bye Bye [preauth]
May  8 00:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Disconnected from 101.36.122.23 port 34992 [preauth]
May  8 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32232]: pam_unix(cron:session): session closed for user root
May  8 00:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 00:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Failed password for root from 218.92.0.203 port 25368 ssh2
May  8 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: message repeated 4 times: [ Failed password for root from 218.92.0.203 port 25368 ssh2]
May  8 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 25368 ssh2 [preauth]
May  8 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Disconnecting: Too many authentication failures [preauth]
May  8 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 00:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Invalid user hdfs from 43.154.90.106
May  8 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: input_userauth_request: invalid user hdfs [preauth]
May  8 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1396]: pam_unix(cron:session): session closed for user p13x
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Failed password for invalid user hdfs from 43.154.90.106 port 49728 ssh2
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.203 port 47044 ssh2
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Received disconnect from 43.154.90.106 port 49728:11: Bye Bye [preauth]
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1390]: Disconnected from 43.154.90.106 port 49728 [preauth]
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1493]: Successful su for rubyman by root
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1493]: + ??? root:rubyman
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349935 of user rubyman.
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1493]: pam_unix(su:session): session closed for user rubyman
May  8 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349935.
May  8 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.203 port 47044 ssh2
May  8 00:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30638]: pam_unix(cron:session): session closed for user root
May  8 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1397]: pam_unix(cron:session): session closed for user samftp
May  8 00:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.203 port 47044 ssh2
May  8 00:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.203 port 47044 ssh2
May  8 00:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=root
May  8 00:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.203 port 47044 ssh2
May  8 00:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: Failed password for root from 85.208.84.5 port 36060 ssh2
May  8 00:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1718]: Connection closed by 85.208.84.5 port 36060 [preauth]
May  8 00:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Failed password for root from 218.92.0.203 port 47044 ssh2
May  8 00:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 47044 ssh2 [preauth]
May  8 00:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: Disconnecting: Too many authentication failures [preauth]
May  8 00:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 00:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1393]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 00:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session closed for user root
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1888]: pam_unix(cron:session): session closed for user p13x
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: Successful su for rubyman by root
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: + ??? root:rubyman
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349940 of user rubyman.
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: pam_unix(su:session): session closed for user rubyman
May  8 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349940.
May  8 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session closed for user root
May  8 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1889]: pam_unix(cron:session): session closed for user samftp
May  8 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: Invalid user pick from 146.190.93.207
May  8 00:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: input_userauth_request: invalid user pick [preauth]
May  8 00:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: Failed password for invalid user pick from 146.190.93.207 port 33168 ssh2
May  8 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: Received disconnect from 146.190.93.207 port 33168:11: Bye Bye [preauth]
May  8 00:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2251]: Disconnected from 146.190.93.207 port 33168 [preauth]
May  8 00:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  8 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Failed password for root from 182.18.139.237 port 55766 ssh2
May  8 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Received disconnect from 182.18.139.237 port 55766:11: Bye Bye [preauth]
May  8 00:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2263]: Disconnected from 182.18.139.237 port 55766 [preauth]
May  8 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session closed for user root
May  8 00:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Invalid user user01 from 103.149.28.105
May  8 00:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: input_userauth_request: invalid user user01 [preauth]
May  8 00:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  8 00:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Failed password for invalid user user01 from 103.149.28.105 port 59630 ssh2
May  8 00:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Received disconnect from 103.149.28.105 port 59630:11: Bye Bye [preauth]
May  8 00:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2323]: Disconnected from 103.149.28.105 port 59630 [preauth]
May  8 00:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  8 00:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: Failed password for root from 52.183.128.237 port 53376 ssh2
May  8 00:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: Received disconnect from 52.183.128.237 port 53376:11: Bye Bye [preauth]
May  8 00:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2326]: Disconnected from 52.183.128.237 port 53376 [preauth]
May  8 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2394]: pam_unix(cron:session): session closed for user p13x
May  8 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2464]: Successful su for rubyman by root
May  8 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2464]: + ??? root:rubyman
May  8 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349943 of user rubyman.
May  8 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2464]: pam_unix(su:session): session closed for user rubyman
May  8 00:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349943.
May  8 00:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31561]: pam_unix(cron:session): session closed for user root
May  8 00:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2395]: pam_unix(cron:session): session closed for user samftp
May  8 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Invalid user ubuntu from 23.91.96.123
May  8 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: input_userauth_request: invalid user ubuntu [preauth]
May  8 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Failed password for invalid user ubuntu from 23.91.96.123 port 50664 ssh2
May  8 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Received disconnect from 23.91.96.123 port 50664:11: Bye Bye [preauth]
May  8 00:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2668]: Disconnected from 23.91.96.123 port 50664 [preauth]
May  8 00:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Invalid user valera from 134.199.210.64
May  8 00:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: input_userauth_request: invalid user valera [preauth]
May  8 00:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Failed password for invalid user valera from 134.199.210.64 port 43002 ssh2
May  8 00:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Received disconnect from 134.199.210.64 port 43002:11: Bye Bye [preauth]
May  8 00:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2691]: Disconnected from 134.199.210.64 port 43002 [preauth]
May  8 00:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80  user=root
May  8 00:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Failed password for root from 101.36.113.80 port 44790 ssh2
May  8 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Received disconnect from 101.36.113.80 port 44790:11: Bye Bye [preauth]
May  8 00:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2714]: Disconnected from 101.36.113.80 port 44790 [preauth]
May  8 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1399]: pam_unix(cron:session): session closed for user root
May  8 00:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2847]: pam_unix(cron:session): session closed for user root
May  8 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2841]: pam_unix(cron:session): session closed for user p13x
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: Successful su for rubyman by root
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: + ??? root:rubyman
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349949 of user rubyman.
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: pam_unix(su:session): session closed for user rubyman
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349949.
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Invalid user oriol from 91.151.88.235
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: input_userauth_request: invalid user oriol [preauth]
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for root from 218.92.0.231 port 63372 ssh2
May  8 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Failed password for invalid user oriol from 91.151.88.235 port 49978 ssh2
May  8 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2843]: pam_unix(cron:session): session closed for user root
May  8 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Received disconnect from 91.151.88.235 port 49978:11: Bye Bye [preauth]
May  8 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2838]: Disconnected from 91.151.88.235 port 49978 [preauth]
May  8 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32231]: pam_unix(cron:session): session closed for user root
May  8 00:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for root from 218.92.0.231 port 63372 ssh2
May  8 00:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Failed password for root from 218.92.0.231 port 63372 ssh2
May  8 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Received disconnect from 218.92.0.231 port 63372:11:  [preauth]
May  8 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: Disconnected from 218.92.0.231 port 63372 [preauth]
May  8 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2835]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2842]: pam_unix(cron:session): session closed for user samftp
May  8 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1891]: pam_unix(cron:session): session closed for user root
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user p13x
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: Successful su for rubyman by root
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: + ??? root:rubyman
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349953 of user rubyman.
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3353]: pam_unix(su:session): session closed for user rubyman
May  8 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349953.
May  8 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[376]: pam_unix(cron:session): session closed for user root
May  8 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user samftp
May  8 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Invalid user abbas from 101.36.122.23
May  8 00:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: input_userauth_request: invalid user abbas [preauth]
May  8 00:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Failed password for invalid user abbas from 101.36.122.23 port 48666 ssh2
May  8 00:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Received disconnect from 101.36.122.23 port 48666:11: Bye Bye [preauth]
May  8 00:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3595]: Disconnected from 101.36.122.23 port 48666 [preauth]
May  8 00:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2397]: pam_unix(cron:session): session closed for user root
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3746]: pam_unix(cron:session): session closed for user p13x
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: Successful su for rubyman by root
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: + ??? root:rubyman
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349960 of user rubyman.
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3811]: pam_unix(su:session): session closed for user rubyman
May  8 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349960.
May  8 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session closed for user root
May  8 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3747]: pam_unix(cron:session): session closed for user samftp
May  8 00:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Invalid user monit from 43.154.90.106
May  8 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: input_userauth_request: invalid user monit [preauth]
May  8 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Failed password for invalid user monit from 43.154.90.106 port 59310 ssh2
May  8 00:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Received disconnect from 43.154.90.106 port 59310:11: Bye Bye [preauth]
May  8 00:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4055]: Disconnected from 43.154.90.106 port 59310 [preauth]
May  8 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Invalid user marcel from 23.227.147.163
May  8 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: input_userauth_request: invalid user marcel [preauth]
May  8 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2845]: pam_unix(cron:session): session closed for user root
May  8 00:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Failed password for invalid user marcel from 23.227.147.163 port 39140 ssh2
May  8 00:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Received disconnect from 23.227.147.163 port 39140:11: Bye Bye [preauth]
May  8 00:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4111]: Disconnected from 23.227.147.163 port 39140 [preauth]
May  8 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4186]: pam_unix(cron:session): session closed for user p13x
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: Successful su for rubyman by root
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: + ??? root:rubyman
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349962 of user rubyman.
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4274]: pam_unix(su:session): session closed for user rubyman
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349962.
May  8 00:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237  user=root
May  8 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1398]: pam_unix(cron:session): session closed for user root
May  8 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Failed password for root from 182.18.139.237 port 59404 ssh2
May  8 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Received disconnect from 182.18.139.237 port 59404:11: Bye Bye [preauth]
May  8 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4183]: Disconnected from 182.18.139.237 port 59404 [preauth]
May  8 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4187]: pam_unix(cron:session): session closed for user samftp
May  8 00:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Invalid user keycloak from 146.190.93.207
May  8 00:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: input_userauth_request: invalid user keycloak [preauth]
May  8 00:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Failed password for invalid user keycloak from 146.190.93.207 port 49464 ssh2
May  8 00:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Received disconnect from 146.190.93.207 port 49464:11: Bye Bye [preauth]
May  8 00:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Disconnected from 146.190.93.207 port 49464 [preauth]
May  8 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3289]: pam_unix(cron:session): session closed for user root
May  8 00:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 00:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Failed password for root from 190.103.202.7 port 45980 ssh2
May  8 00:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4695]: Connection closed by 190.103.202.7 port 45980 [preauth]
May  8 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Invalid user builder from 134.199.210.64
May  8 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: input_userauth_request: invalid user builder [preauth]
May  8 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Failed password for invalid user builder from 134.199.210.64 port 33766 ssh2
May  8 00:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Received disconnect from 134.199.210.64 port 33766:11: Bye Bye [preauth]
May  8 00:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4723]: Disconnected from 134.199.210.64 port 33766 [preauth]
May  8 00:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4759]: pam_unix(cron:session): session closed for user p13x
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Invalid user canvas from 52.183.128.237
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: input_userauth_request: invalid user canvas [preauth]
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: Successful su for rubyman by root
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: + ??? root:rubyman
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349966 of user rubyman.
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4829]: pam_unix(su:session): session closed for user rubyman
May  8 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349966.
May  8 00:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Failed password for invalid user canvas from 52.183.128.237 port 33612 ssh2
May  8 00:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Received disconnect from 52.183.128.237 port 33612:11: Bye Bye [preauth]
May  8 00:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Disconnected from 52.183.128.237 port 33612 [preauth]
May  8 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1890]: pam_unix(cron:session): session closed for user root
May  8 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4760]: pam_unix(cron:session): session closed for user samftp
May  8 00:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Invalid user umg from 23.91.96.123
May  8 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: input_userauth_request: invalid user umg [preauth]
May  8 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Failed password for invalid user umg from 23.91.96.123 port 41580 ssh2
May  8 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Received disconnect from 23.91.96.123 port 41580:11: Bye Bye [preauth]
May  8 00:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5224]: Disconnected from 23.91.96.123 port 41580 [preauth]
May  8 00:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Invalid user ict from 101.36.113.80
May  8 00:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: input_userauth_request: invalid user ict [preauth]
May  8 00:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Failed password for invalid user ict from 101.36.113.80 port 46126 ssh2
May  8 00:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Received disconnect from 101.36.113.80 port 46126:11: Bye Bye [preauth]
May  8 00:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5251]: Disconnected from 101.36.113.80 port 46126 [preauth]
May  8 00:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 00:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Failed password for root from 50.235.31.47 port 53970 ssh2
May  8 00:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5263]: Connection closed by 50.235.31.47 port 53970 [preauth]
May  8 00:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3749]: pam_unix(cron:session): session closed for user root
May  8 00:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 00:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Failed password for root from 103.149.28.105 port 39270 ssh2
May  8 00:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Received disconnect from 103.149.28.105 port 39270:11: Bye Bye [preauth]
May  8 00:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5335]: Disconnected from 103.149.28.105 port 39270 [preauth]
May  8 00:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5383]: pam_unix(cron:session): session closed for user root
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5376]: pam_unix(cron:session): session closed for user p13x
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: Successful su for rubyman by root
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: + ??? root:rubyman
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349970 of user rubyman.
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5457]: pam_unix(su:session): session closed for user rubyman
May  8 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349970.
May  8 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5380]: pam_unix(cron:session): session closed for user root
May  8 00:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2396]: pam_unix(cron:session): session closed for user root
May  8 00:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5378]: pam_unix(cron:session): session closed for user samftp
May  8 00:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5374]: Did not receive identification string from 130.195.4.213
May  8 00:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Invalid user baidu from 91.151.88.235
May  8 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: input_userauth_request: invalid user baidu [preauth]
May  8 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Failed password for invalid user baidu from 91.151.88.235 port 51634 ssh2
May  8 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Received disconnect from 91.151.88.235 port 51634:11: Bye Bye [preauth]
May  8 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Disconnected from 91.151.88.235 port 51634 [preauth]
May  8 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4189]: pam_unix(cron:session): session closed for user root
May  8 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5976]: pam_unix(cron:session): session closed for user p13x
May  8 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: Successful su for rubyman by root
May  8 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: + ??? root:rubyman
May  8 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349976 of user rubyman.
May  8 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6054]: pam_unix(su:session): session closed for user rubyman
May  8 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349976.
May  8 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2844]: pam_unix(cron:session): session closed for user root
May  8 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Invalid user wifi from 101.36.122.23
May  8 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: input_userauth_request: invalid user wifi [preauth]
May  8 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session closed for user samftp
May  8 00:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Failed password for invalid user wifi from 101.36.122.23 port 39436 ssh2
May  8 00:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Received disconnect from 101.36.122.23 port 39436:11: Bye Bye [preauth]
May  8 00:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6225]: Disconnected from 101.36.122.23 port 39436 [preauth]
May  8 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4762]: pam_unix(cron:session): session closed for user root
May  8 00:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 00:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for root from 218.92.0.228 port 15850 ssh2
May  8 00:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for root from 218.92.0.228 port 15850 ssh2
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6412]: pam_unix(cron:session): session closed for user p13x
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: Successful su for rubyman by root
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: + ??? root:rubyman
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349979 of user rubyman.
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: pam_unix(su:session): session closed for user rubyman
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349979.
May  8 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Failed password for root from 218.92.0.228 port 15850 ssh2
May  8 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Received disconnect from 218.92.0.228 port 15850:11:  [preauth]
May  8 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: Disconnected from 218.92.0.228 port 15850 [preauth]
May  8 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6390]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 00:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3288]: pam_unix(cron:session): session closed for user root
May  8 00:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Failed password for root from 218.92.0.228 port 15854 ssh2
May  8 00:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6413]: pam_unix(cron:session): session closed for user samftp
May  8 00:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Failed password for root from 218.92.0.228 port 15854 ssh2
May  8 00:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Failed password for root from 218.92.0.228 port 15854 ssh2
May  8 00:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Received disconnect from 218.92.0.228 port 15854:11:  [preauth]
May  8 00:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: Disconnected from 218.92.0.228 port 15854 [preauth]
May  8 00:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6523]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 00:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 00:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: Failed password for root from 218.92.0.228 port 45106 ssh2
May  8 00:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 00:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: Failed password for root from 218.92.0.228 port 45106 ssh2
May  8 00:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6677]: Failed password for root from 80.94.95.115 port 24910 ssh2
May  8 00:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6677]: Connection closed by 80.94.95.115 port 24910 [preauth]
May  8 00:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: Failed password for root from 218.92.0.228 port 45106 ssh2
May  8 00:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: Received disconnect from 218.92.0.228 port 45106:11:  [preauth]
May  8 00:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: Disconnected from 218.92.0.228 port 45106 [preauth]
May  8 00:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6666]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 00:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Invalid user user8 from 43.154.90.106
May  8 00:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: input_userauth_request: invalid user user8 [preauth]
May  8 00:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Failed password for invalid user user8 from 43.154.90.106 port 39634 ssh2
May  8 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5382]: pam_unix(cron:session): session closed for user root
May  8 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Received disconnect from 43.154.90.106 port 39634:11: Bye Bye [preauth]
May  8 00:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Disconnected from 43.154.90.106 port 39634 [preauth]
May  8 00:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Invalid user ubuntu from 182.18.139.237
May  8 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: input_userauth_request: invalid user ubuntu [preauth]
May  8 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.18.139.237
May  8 00:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Failed password for invalid user ubuntu from 182.18.139.237 port 34794 ssh2
May  8 00:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Received disconnect from 182.18.139.237 port 34794:11: Bye Bye [preauth]
May  8 00:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Disconnected from 182.18.139.237 port 34794 [preauth]
May  8 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Invalid user ssm from 23.227.147.163
May  8 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: input_userauth_request: invalid user ssm [preauth]
May  8 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 00:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user ssm from 23.227.147.163 port 50576 ssh2
May  8 00:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Received disconnect from 23.227.147.163 port 50576:11: Bye Bye [preauth]
May  8 00:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Disconnected from 23.227.147.163 port 50576 [preauth]
May  8 00:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Invalid user admin from 80.94.95.241
May  8 00:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: input_userauth_request: invalid user admin [preauth]
May  8 00:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for invalid user admin from 80.94.95.241 port 14234 ssh2
May  8 00:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for invalid user admin from 80.94.95.241 port 14234 ssh2
May  8 00:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for invalid user admin from 80.94.95.241 port 14234 ssh2
May  8 00:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for invalid user admin from 80.94.95.241 port 14234 ssh2
May  8 00:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Invalid user admin from 80.94.95.112
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: input_userauth_request: invalid user admin [preauth]
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Failed password for invalid user admin from 80.94.95.241 port 14234 ssh2
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Received disconnect from 80.94.95.241 port 14234:11: Bye [preauth]
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: Disconnected from 80.94.95.241 port 14234 [preauth]
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6809]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6834]: pam_unix(cron:session): session closed for user p13x
May  8 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: Successful su for rubyman by root
May  8 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: + ??? root:rubyman
May  8 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349984 of user rubyman.
May  8 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6896]: pam_unix(su:session): session closed for user rubyman
May  8 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349984.
May  8 00:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for invalid user admin from 80.94.95.112 port 25138 ssh2
May  8 00:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 218.92.0.236 port 31672 ssh2
May  8 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3748]: pam_unix(cron:session): session closed for user root
May  8 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 218.92.0.236 port 31672 ssh2
May  8 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for invalid user admin from 80.94.95.112 port 25138 ssh2
May  8 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user samftp
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Failed password for root from 218.92.0.236 port 31672 ssh2
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for invalid user admin from 80.94.95.112 port 25138 ssh2
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Received disconnect from 218.92.0.236 port 31672:11:  [preauth]
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: Disconnected from 218.92.0.236 port 31672 [preauth]
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6831]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: Invalid user xy from 134.199.210.64
May  8 00:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: input_userauth_request: invalid user xy [preauth]
May  8 00:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for invalid user admin from 80.94.95.112 port 25138 ssh2
May  8 00:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: Failed password for invalid user xy from 134.199.210.64 port 41382 ssh2
May  8 00:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: Received disconnect from 134.199.210.64 port 41382:11: Bye Bye [preauth]
May  8 00:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7194]: Disconnected from 134.199.210.64 port 41382 [preauth]
May  8 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Failed password for invalid user admin from 80.94.95.112 port 25138 ssh2
May  8 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Received disconnect from 80.94.95.112 port 25138:11: Bye [preauth]
May  8 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: Disconnected from 80.94.95.112 port 25138 [preauth]
May  8 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 00:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6829]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session closed for user root
May  8 00:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Invalid user mukund from 146.190.93.207
May  8 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: input_userauth_request: invalid user mukund [preauth]
May  8 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Failed password for invalid user mukund from 146.190.93.207 port 43310 ssh2
May  8 00:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Received disconnect from 146.190.93.207 port 43310:11: Bye Bye [preauth]
May  8 00:38:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7298]: Disconnected from 146.190.93.207 port 43310 [preauth]
May  8 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7347]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session closed for user p13x
May  8 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: Successful su for rubyman by root
May  8 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: + ??? root:rubyman
May  8 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349990 of user rubyman.
May  8 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7474]: pam_unix(su:session): session closed for user rubyman
May  8 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349990.
May  8 00:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session closed for user root
May  8 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4188]: pam_unix(cron:session): session closed for user root
May  8 00:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7347]: pam_unix(cron:session): session closed for user samftp
May  8 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  8 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Failed password for root from 23.91.96.123 port 38550 ssh2
May  8 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Received disconnect from 23.91.96.123 port 38550:11: Bye Bye [preauth]
May  8 00:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7805]: Disconnected from 23.91.96.123 port 38550 [preauth]
May  8 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Invalid user ubadmin from 101.36.113.80
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: input_userauth_request: invalid user ubadmin [preauth]
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Invalid user centos from 52.183.128.237
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: input_userauth_request: invalid user centos [preauth]
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for invalid user ubadmin from 101.36.113.80 port 39094 ssh2
May  8 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Failed password for invalid user centos from 52.183.128.237 port 42070 ssh2
May  8 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Received disconnect from 101.36.113.80 port 39094:11: Bye Bye [preauth]
May  8 00:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Disconnected from 101.36.113.80 port 39094 [preauth]
May  8 00:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Received disconnect from 52.183.128.237 port 42070:11: Bye Bye [preauth]
May  8 00:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7847]: Disconnected from 52.183.128.237 port 42070 [preauth]
May  8 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user root
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session closed for user root
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7965]: pam_unix(cron:session): session closed for user p13x
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: Successful su for rubyman by root
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: + ??? root:rubyman
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349995 of user rubyman.
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8038]: pam_unix(su:session): session closed for user rubyman
May  8 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349995.
May  8 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7967]: pam_unix(cron:session): session closed for user root
May  8 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4761]: pam_unix(cron:session): session closed for user root
May  8 00:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7966]: pam_unix(cron:session): session closed for user samftp
May  8 00:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session closed for user root
May  8 00:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 00:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: Failed password for root from 103.149.28.105 port 47142 ssh2
May  8 00:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: Received disconnect from 103.149.28.105 port 47142:11: Bye Bye [preauth]
May  8 00:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8408]: Disconnected from 103.149.28.105 port 47142 [preauth]
May  8 00:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Invalid user freddy from 91.151.88.235
May  8 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: input_userauth_request: invalid user freddy [preauth]
May  8 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8435]: pam_unix(cron:session): session closed for user p13x
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Failed password for invalid user freddy from 91.151.88.235 port 40680 ssh2
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: Successful su for rubyman by root
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: + ??? root:rubyman
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 349999 of user rubyman.
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8508]: pam_unix(su:session): session closed for user rubyman
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Received disconnect from 91.151.88.235 port 40680:11: Bye Bye [preauth]
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8420]: Disconnected from 91.151.88.235 port 40680 [preauth]
May  8 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 349999.
May  8 00:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5381]: pam_unix(cron:session): session closed for user root
May  8 00:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session closed for user samftp
May  8 00:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Invalid user zhouxin from 101.36.122.23
May  8 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: input_userauth_request: invalid user zhouxin [preauth]
May  8 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user zhouxin from 101.36.122.23 port 34258 ssh2
May  8 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Received disconnect from 101.36.122.23 port 34258:11: Bye Bye [preauth]
May  8 00:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Disconnected from 101.36.122.23 port 34258 [preauth]
May  8 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7349]: pam_unix(cron:session): session closed for user root
May  8 00:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 00:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: Failed password for root from 218.92.0.215 port 5018 ssh2
May  8 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: message repeated 4 times: [ Failed password for root from 218.92.0.215 port 5018 ssh2]
May  8 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 5018 ssh2 [preauth]
May  8 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: Disconnecting: Too many authentication failures [preauth]
May  8 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 00:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8803]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 00:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Failed password for root from 218.92.0.215 port 40908 ssh2
May  8 00:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: message repeated 2 times: [ Failed password for root from 218.92.0.215 port 40908 ssh2]
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8874]: pam_unix(cron:session): session closed for user p13x
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: Successful su for rubyman by root
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: + ??? root:rubyman
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350003 of user rubyman.
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8936]: pam_unix(su:session): session closed for user rubyman
May  8 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350003.
May  8 00:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Failed password for root from 218.92.0.215 port 40908 ssh2
May  8 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5980]: pam_unix(cron:session): session closed for user root
May  8 00:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Failed password for root from 218.92.0.215 port 40908 ssh2
May  8 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8875]: pam_unix(cron:session): session closed for user samftp
May  8 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Failed password for root from 218.92.0.215 port 40908 ssh2
May  8 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 40908 ssh2 [preauth]
May  8 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: Disconnecting: Too many authentication failures [preauth]
May  8 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 00:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8852]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 00:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 00:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Failed password for root from 218.92.0.215 port 27938 ssh2
May  8 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Received disconnect from 218.92.0.215 port 27938:11:  [preauth]
May  8 00:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9224]: Disconnected from 218.92.0.215 port 27938 [preauth]
May  8 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Invalid user postgres from 23.227.147.163
May  8 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: input_userauth_request: invalid user postgres [preauth]
May  8 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 00:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Failed password for invalid user postgres from 23.227.147.163 port 37880 ssh2
May  8 00:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Received disconnect from 23.227.147.163 port 37880:11: Bye Bye [preauth]
May  8 00:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9249]: Disconnected from 23.227.147.163 port 37880 [preauth]
May  8 00:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session closed for user root
May  8 00:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Invalid user radarr from 43.154.90.106
May  8 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: input_userauth_request: invalid user radarr [preauth]
May  8 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Failed password for invalid user radarr from 43.154.90.106 port 60178 ssh2
May  8 00:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Received disconnect from 43.154.90.106 port 60178:11: Bye Bye [preauth]
May  8 00:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9352]: Disconnected from 43.154.90.106 port 60178 [preauth]
May  8 00:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: Invalid user arch from 134.199.210.64
May  8 00:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: input_userauth_request: invalid user arch [preauth]
May  8 00:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: Failed password for invalid user arch from 134.199.210.64 port 46966 ssh2
May  8 00:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: Received disconnect from 134.199.210.64 port 46966:11: Bye Bye [preauth]
May  8 00:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9386]: Disconnected from 134.199.210.64 port 46966 [preauth]
May  8 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session closed for user p13x
May  8 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9472]: Successful su for rubyman by root
May  8 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9472]: + ??? root:rubyman
May  8 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350006 of user rubyman.
May  8 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9472]: pam_unix(su:session): session closed for user rubyman
May  8 00:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350006.
May  8 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user root
May  8 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session closed for user samftp
May  8 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session closed for user root
May  8 00:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Invalid user minecraft from 146.190.93.207
May  8 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: input_userauth_request: invalid user minecraft [preauth]
May  8 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:43:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for invalid user minecraft from 146.190.93.207 port 59502 ssh2
May  8 00:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Received disconnect from 146.190.93.207 port 59502:11: Bye Bye [preauth]
May  8 00:43:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Disconnected from 146.190.93.207 port 59502 [preauth]
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9809]: pam_unix(cron:session): session closed for user p13x
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9874]: Successful su for rubyman by root
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9874]: + ??? root:rubyman
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350011 of user rubyman.
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9874]: pam_unix(su:session): session closed for user rubyman
May  8 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350011.
May  8 00:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user root
May  8 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9810]: pam_unix(cron:session): session closed for user samftp
May  8 00:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Invalid user user from 23.91.96.123
May  8 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: input_userauth_request: invalid user user [preauth]
May  8 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Failed password for invalid user user from 23.91.96.123 port 37228 ssh2
May  8 00:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Received disconnect from 23.91.96.123 port 37228:11: Bye Bye [preauth]
May  8 00:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10069]: Disconnected from 23.91.96.123 port 37228 [preauth]
May  8 00:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Invalid user fff from 101.36.113.80
May  8 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: input_userauth_request: invalid user fff [preauth]
May  8 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user fff from 101.36.113.80 port 56502 ssh2
May  8 00:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Received disconnect from 101.36.113.80 port 56502:11: Bye Bye [preauth]
May  8 00:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Disconnected from 101.36.113.80 port 56502 [preauth]
May  8 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user root
May  8 00:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  8 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: Failed password for root from 52.183.128.237 port 50530 ssh2
May  8 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: Received disconnect from 52.183.128.237 port 50530:11: Bye Bye [preauth]
May  8 00:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10157]: Disconnected from 52.183.128.237 port 50530 [preauth]
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10310]: pam_unix(cron:session): session closed for user root
May  8 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10305]: pam_unix(cron:session): session closed for user p13x
May  8 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: Successful su for rubyman by root
May  8 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: + ??? root:rubyman
May  8 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350014 of user rubyman.
May  8 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10377]: pam_unix(su:session): session closed for user rubyman
May  8 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350014.
May  8 00:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10307]: pam_unix(cron:session): session closed for user root
May  8 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7348]: pam_unix(cron:session): session closed for user root
May  8 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10306]: pam_unix(cron:session): session closed for user samftp
May  8 00:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9412]: pam_unix(cron:session): session closed for user root
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10820]: pam_unix(cron:session): session closed for user p13x
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10886]: Successful su for rubyman by root
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10886]: + ??? root:rubyman
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10886]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350020 of user rubyman.
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10886]: pam_unix(su:session): session closed for user rubyman
May  8 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350020.
May  8 00:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7969]: pam_unix(cron:session): session closed for user root
May  8 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10821]: pam_unix(cron:session): session closed for user samftp
May  8 00:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Invalid user showroom from 91.151.88.235
May  8 00:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: input_userauth_request: invalid user showroom [preauth]
May  8 00:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.151.88.235
May  8 00:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Invalid user mohit from 101.36.122.23
May  8 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: input_userauth_request: invalid user mohit [preauth]
May  8 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Failed password for invalid user showroom from 91.151.88.235 port 43902 ssh2
May  8 00:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Received disconnect from 91.151.88.235 port 43902:11: Bye Bye [preauth]
May  8 00:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11076]: Disconnected from 91.151.88.235 port 43902 [preauth]
May  8 00:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Failed password for invalid user mohit from 101.36.122.23 port 59986 ssh2
May  8 00:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Received disconnect from 101.36.122.23 port 59986:11: Bye Bye [preauth]
May  8 00:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11091]: Disconnected from 101.36.122.23 port 59986 [preauth]
May  8 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session closed for user root
May  8 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Invalid user usera from 23.227.147.163
May  8 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: input_userauth_request: invalid user usera [preauth]
May  8 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Failed password for invalid user usera from 23.227.147.163 port 43054 ssh2
May  8 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Received disconnect from 23.227.147.163 port 43054:11: Bye Bye [preauth]
May  8 00:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Disconnected from 23.227.147.163 port 43054 [preauth]
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11223]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11222]: pam_unix(cron:session): session closed for user p13x
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11282]: Successful su for rubyman by root
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11282]: + ??? root:rubyman
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11282]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350025 of user rubyman.
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11282]: pam_unix(su:session): session closed for user rubyman
May  8 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350025.
May  8 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session closed for user root
May  8 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11223]: pam_unix(cron:session): session closed for user samftp
May  8 00:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Invalid user qiuhan from 103.149.28.105
May  8 00:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: input_userauth_request: invalid user qiuhan [preauth]
May  8 00:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  8 00:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Failed password for invalid user qiuhan from 103.149.28.105 port 55022 ssh2
May  8 00:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Received disconnect from 103.149.28.105 port 55022:11: Bye Bye [preauth]
May  8 00:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11470]: Disconnected from 103.149.28.105 port 55022 [preauth]
May  8 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Invalid user system from 134.199.210.64
May  8 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: input_userauth_request: invalid user system [preauth]
May  8 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Failed password for invalid user system from 134.199.210.64 port 55066 ssh2
May  8 00:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Received disconnect from 134.199.210.64 port 55066:11: Bye Bye [preauth]
May  8 00:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11530]: Disconnected from 134.199.210.64 port 55066 [preauth]
May  8 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10309]: pam_unix(cron:session): session closed for user root
May  8 00:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Invalid user finance from 43.154.90.106
May  8 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: input_userauth_request: invalid user finance [preauth]
May  8 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Failed password for invalid user finance from 43.154.90.106 port 38944 ssh2
May  8 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Received disconnect from 43.154.90.106 port 38944:11: Bye Bye [preauth]
May  8 00:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Disconnected from 43.154.90.106 port 38944 [preauth]
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11623]: pam_unix(cron:session): session closed for user p13x
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11690]: Successful su for rubyman by root
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11690]: + ??? root:rubyman
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350029 of user rubyman.
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11690]: pam_unix(su:session): session closed for user rubyman
May  8 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350029.
May  8 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for root from 80.94.95.125 port 6134 ssh2
May  8 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user root
May  8 00:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for root from 80.94.95.125 port 6134 ssh2
May  8 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session closed for user samftp
May  8 00:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for root from 80.94.95.125 port 6134 ssh2
May  8 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 6134 ssh2]
May  8 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Received disconnect from 80.94.95.125 port 6134:11: Bye [preauth]
May  8 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Disconnected from 80.94.95.125 port 6134 [preauth]
May  8 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 00:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10823]: pam_unix(cron:session): session closed for user root
May  8 00:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  8 00:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Failed password for root from 146.190.93.207 port 60506 ssh2
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Received disconnect from 146.190.93.207 port 60506:11: Bye Bye [preauth]
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Disconnected from 146.190.93.207 port 60506 [preauth]
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12022]: pam_unix(cron:session): session closed for user p13x
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: Successful su for rubyman by root
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: + ??? root:rubyman
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350034 of user rubyman.
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12080]: pam_unix(su:session): session closed for user rubyman
May  8 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350034.
May  8 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session closed for user root
May  8 00:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12023]: pam_unix(cron:session): session closed for user samftp
May  8 00:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Invalid user jenkins from 23.91.96.123
May  8 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: input_userauth_request: invalid user jenkins [preauth]
May  8 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Failed password for invalid user jenkins from 23.91.96.123 port 41578 ssh2
May  8 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Received disconnect from 23.91.96.123 port 41578:11: Bye Bye [preauth]
May  8 00:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12275]: Disconnected from 23.91.96.123 port 41578 [preauth]
May  8 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Invalid user radarr from 101.36.113.80
May  8 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: input_userauth_request: invalid user radarr [preauth]
May  8 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Failed password for invalid user radarr from 101.36.113.80 port 40708 ssh2
May  8 00:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Received disconnect from 101.36.113.80 port 40708:11: Bye Bye [preauth]
May  8 00:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12309]: Disconnected from 101.36.113.80 port 40708 [preauth]
May  8 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session closed for user root
May  8 00:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Invalid user siva from 52.183.128.237
May  8 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: input_userauth_request: invalid user siva [preauth]
May  8 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 00:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Failed password for invalid user siva from 52.183.128.237 port 58996 ssh2
May  8 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Received disconnect from 52.183.128.237 port 58996:11: Bye Bye [preauth]
May  8 00:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12413]: Disconnected from 52.183.128.237 port 58996 [preauth]
May  8 00:49:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Invalid user prueba from 80.94.95.115
May  8 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: input_userauth_request: invalid user prueba [preauth]
May  8 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 00:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Failed password for invalid user prueba from 80.94.95.115 port 23244 ssh2
May  8 00:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12424]: Connection closed by 80.94.95.115 port 23244 [preauth]
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session closed for user root
May  8 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12435]: pam_unix(cron:session): session closed for user p13x
May  8 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12503]: Successful su for rubyman by root
May  8 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12503]: + ??? root:rubyman
May  8 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350040 of user rubyman.
May  8 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12503]: pam_unix(su:session): session closed for user rubyman
May  8 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350040.
May  8 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12437]: pam_unix(cron:session): session closed for user root
May  8 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session closed for user root
May  8 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12436]: pam_unix(cron:session): session closed for user samftp
May  8 00:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session closed for user root
May  8 00:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163  user=root
May  8 00:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Failed password for root from 23.227.147.163 port 49966 ssh2
May  8 00:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Received disconnect from 23.227.147.163 port 49966:11: Bye Bye [preauth]
May  8 00:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12826]: Disconnected from 23.227.147.163 port 49966 [preauth]
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12856]: pam_unix(cron:session): session closed for user p13x
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12921]: Successful su for rubyman by root
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12921]: + ??? root:rubyman
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350042 of user rubyman.
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12921]: pam_unix(su:session): session closed for user rubyman
May  8 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350042.
May  8 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: Invalid user almacen from 101.36.122.23
May  8 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: input_userauth_request: invalid user almacen [preauth]
May  8 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: Failed password for invalid user almacen from 101.36.122.23 port 56738 ssh2
May  8 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: Received disconnect from 101.36.122.23 port 56738:11: Bye Bye [preauth]
May  8 00:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12853]: Disconnected from 101.36.122.23 port 56738 [preauth]
May  8 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10308]: pam_unix(cron:session): session closed for user root
May  8 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12857]: pam_unix(cron:session): session closed for user samftp
May  8 00:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user root
May  8 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12793]: Connection reset by 218.92.0.237 port 47220 [preauth]
May  8 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Invalid user ntuser from 134.199.210.64
May  8 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: input_userauth_request: invalid user ntuser [preauth]
May  8 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session closed for user p13x
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Failed password for invalid user ntuser from 134.199.210.64 port 33802 ssh2
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Received disconnect from 134.199.210.64 port 33802:11: Bye Bye [preauth]
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: Disconnected from 134.199.210.64 port 33802 [preauth]
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13323]: Successful su for rubyman by root
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13323]: + ??? root:rubyman
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350046 of user rubyman.
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13323]: pam_unix(su:session): session closed for user rubyman
May  8 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350046.
May  8 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10822]: pam_unix(cron:session): session closed for user root
May  8 00:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session closed for user samftp
May  8 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session closed for user root
May  8 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session closed for user p13x
May  8 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: Successful su for rubyman by root
May  8 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: + ??? root:rubyman
May  8 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350050 of user rubyman.
May  8 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13833]: pam_unix(su:session): session closed for user rubyman
May  8 00:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350050.
May  8 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session closed for user root
May  8 00:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Invalid user adv from 43.154.90.106
May  8 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: input_userauth_request: invalid user adv [preauth]
May  8 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session closed for user samftp
May  8 00:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Failed password for invalid user adv from 43.154.90.106 port 33990 ssh2
May  8 00:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Received disconnect from 43.154.90.106 port 33990:11: Bye Bye [preauth]
May  8 00:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13993]: Disconnected from 43.154.90.106 port 33990 [preauth]
May  8 00:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Failed password for root from 103.149.28.105 port 34666 ssh2
May  8 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Received disconnect from 103.149.28.105 port 34666:11: Bye Bye [preauth]
May  8 00:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14051]: Disconnected from 103.149.28.105 port 34666 [preauth]
May  8 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12860]: pam_unix(cron:session): session closed for user root
May  8 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14169]: pam_unix(cron:session): session closed for user p13x
May  8 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: Successful su for rubyman by root
May  8 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: + ??? root:rubyman
May  8 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350054 of user rubyman.
May  8 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14231]: pam_unix(su:session): session closed for user rubyman
May  8 00:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350054.
May  8 00:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11626]: pam_unix(cron:session): session closed for user root
May  8 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14170]: pam_unix(cron:session): session closed for user samftp
May  8 00:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Invalid user ftptest2 from 146.190.93.207
May  8 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: input_userauth_request: invalid user ftptest2 [preauth]
May  8 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Failed password for invalid user ftptest2 from 146.190.93.207 port 35456 ssh2
May  8 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Received disconnect from 146.190.93.207 port 35456:11: Bye Bye [preauth]
May  8 00:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14448]: Disconnected from 146.190.93.207 port 35456 [preauth]
May  8 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Invalid user centos from 23.91.96.123
May  8 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: input_userauth_request: invalid user centos [preauth]
May  8 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123
May  8 00:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Invalid user finance from 101.36.113.80
May  8 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: input_userauth_request: invalid user finance [preauth]
May  8 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Failed password for invalid user centos from 23.91.96.123 port 38736 ssh2
May  8 00:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Received disconnect from 23.91.96.123 port 38736:11: Bye Bye [preauth]
May  8 00:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14450]: Disconnected from 23.91.96.123 port 38736 [preauth]
May  8 00:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Failed password for invalid user finance from 101.36.113.80 port 60188 ssh2
May  8 00:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Received disconnect from 101.36.113.80 port 60188:11: Bye Bye [preauth]
May  8 00:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Disconnected from 101.36.113.80 port 60188 [preauth]
May  8 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session closed for user root
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14582]: pam_unix(cron:session): session closed for user root
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14576]: pam_unix(cron:session): session closed for user p13x
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14655]: Successful su for rubyman by root
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14655]: + ??? root:rubyman
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350058 of user rubyman.
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14655]: pam_unix(su:session): session closed for user rubyman
May  8 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350058.
May  8 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14579]: pam_unix(cron:session): session closed for user root
May  8 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user root
May  8 00:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14578]: pam_unix(cron:session): session closed for user samftp
May  8 00:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Invalid user ubuntu from 52.183.128.237
May  8 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: input_userauth_request: invalid user ubuntu [preauth]
May  8 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Failed password for invalid user ubuntu from 52.183.128.237 port 39242 ssh2
May  8 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Received disconnect from 52.183.128.237 port 39242:11: Bye Bye [preauth]
May  8 00:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14857]: Disconnected from 52.183.128.237 port 39242 [preauth]
May  8 00:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Invalid user stu from 23.227.147.163
May  8 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: input_userauth_request: invalid user stu [preauth]
May  8 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Failed password for invalid user stu from 23.227.147.163 port 40764 ssh2
May  8 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Received disconnect from 23.227.147.163 port 40764:11: Bye Bye [preauth]
May  8 00:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14868]: Disconnected from 23.227.147.163 port 40764 [preauth]
May  8 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session closed for user root
May  8 00:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Invalid user apache from 101.36.122.23
May  8 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: input_userauth_request: invalid user apache [preauth]
May  8 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Failed password for invalid user apache from 101.36.122.23 port 54670 ssh2
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Received disconnect from 101.36.122.23 port 54670:11: Bye Bye [preauth]
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15024]: Disconnected from 101.36.122.23 port 54670 [preauth]
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15028]: pam_unix(cron:session): session closed for user p13x
May  8 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15098]: Successful su for rubyman by root
May  8 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15098]: + ??? root:rubyman
May  8 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350065 of user rubyman.
May  8 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15098]: pam_unix(su:session): session closed for user rubyman
May  8 00:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350065.
May  8 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12438]: pam_unix(cron:session): session closed for user root
May  8 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session closed for user samftp
May  8 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: Invalid user transmission from 134.199.210.64
May  8 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: input_userauth_request: invalid user transmission [preauth]
May  8 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 00:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: Failed password for invalid user transmission from 134.199.210.64 port 56158 ssh2
May  8 00:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: Received disconnect from 134.199.210.64 port 56158:11: Bye Bye [preauth]
May  8 00:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15338]: Disconnected from 134.199.210.64 port 56158 [preauth]
May  8 00:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14173]: pam_unix(cron:session): session closed for user root
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15425]: pam_unix(cron:session): session closed for user p13x
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15489]: Successful su for rubyman by root
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15489]: + ??? root:rubyman
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350069 of user rubyman.
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15489]: pam_unix(su:session): session closed for user rubyman
May  8 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350069.
May  8 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12859]: pam_unix(cron:session): session closed for user root
May  8 00:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15426]: pam_unix(cron:session): session closed for user samftp
May  8 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14581]: pam_unix(cron:session): session closed for user root
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15827]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15824]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15825]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15823]: pam_unix(cron:session): session closed for user p13x
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15885]: Successful su for rubyman by root
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15885]: + ??? root:rubyman
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350073 of user rubyman.
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15885]: pam_unix(su:session): session closed for user rubyman
May  8 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350073.
May  8 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session closed for user root
May  8 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15824]: pam_unix(cron:session): session closed for user samftp
May  8 00:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Invalid user asta from 43.154.90.106
May  8 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: input_userauth_request: invalid user asta [preauth]
May  8 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Failed password for invalid user asta from 43.154.90.106 port 55912 ssh2
May  8 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Received disconnect from 43.154.90.106 port 55912:11: Bye Bye [preauth]
May  8 00:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16093]: Disconnected from 43.154.90.106 port 55912 [preauth]
May  8 00:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session closed for user root
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16208]: pam_unix(cron:session): session closed for user p13x
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16267]: Successful su for rubyman by root
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16267]: + ??? root:rubyman
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350077 of user rubyman.
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16267]: pam_unix(su:session): session closed for user rubyman
May  8 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350077.
May  8 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session closed for user root
May  8 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16209]: pam_unix(cron:session): session closed for user samftp
May  8 00:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Invalid user privacy from 101.36.113.80
May  8 00:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: input_userauth_request: invalid user privacy [preauth]
May  8 00:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.113.80
May  8 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Failed password for invalid user privacy from 101.36.113.80 port 44090 ssh2
May  8 00:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Received disconnect from 101.36.113.80 port 44090:11: Bye Bye [preauth]
May  8 00:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16499]: Disconnected from 101.36.113.80 port 44090 [preauth]
May  8 00:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.91.96.123  user=root
May  8 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for root from 23.91.96.123 port 53026 ssh2
May  8 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Received disconnect from 23.91.96.123 port 53026:11: Bye Bye [preauth]
May  8 00:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Disconnected from 23.91.96.123 port 53026 [preauth]
May  8 00:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 00:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Failed password for root from 103.149.28.105 port 42542 ssh2
May  8 00:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Received disconnect from 103.149.28.105 port 42542:11: Bye Bye [preauth]
May  8 00:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16542]: Disconnected from 103.149.28.105 port 42542 [preauth]
May  8 00:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15428]: pam_unix(cron:session): session closed for user root
May  8 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Invalid user voronin from 146.190.93.207
May  8 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: input_userauth_request: invalid user voronin [preauth]
May  8 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207
May  8 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Failed password for invalid user voronin from 146.190.93.207 port 57368 ssh2
May  8 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Received disconnect from 146.190.93.207 port 57368:11: Bye Bye [preauth]
May  8 00:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16558]: Disconnected from 146.190.93.207 port 57368 [preauth]
May  8 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Invalid user tester from 23.227.147.163
May  8 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: input_userauth_request: invalid user tester [preauth]
May  8 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: pam_unix(sshd:auth): check pass; user unknown
May  8 00:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 00:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Failed password for invalid user tester from 23.227.147.163 port 42370 ssh2
May  8 00:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Received disconnect from 23.227.147.163 port 42370:11: Bye Bye [preauth]
May  8 00:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16593]: Disconnected from 23.227.147.163 port 42370 [preauth]
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16664]: pam_unix(cron:session): session closed for user root
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16660]: pam_unix(cron:session): session closed for user root
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16658]: pam_unix(cron:session): session closed for user p13x
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16754]: Successful su for rubyman by root
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16754]: + ??? root:rubyman
May  8 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16754]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350080 of user rubyman.
May  8 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16754]: pam_unix(su:session): session closed for user rubyman
May  8 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350080.
May  8 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16661]: pam_unix(cron:session): session closed for user root
May  8 01:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14171]: pam_unix(cron:session): session closed for user root
May  8 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16659]: pam_unix(cron:session): session closed for user samftp
May  8 01:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Invalid user test from 194.0.234.19
May  8 01:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: input_userauth_request: invalid user test [preauth]
May  8 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 01:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Failed password for invalid user test from 194.0.234.19 port 48626 ssh2
May  8 01:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Connection closed by 194.0.234.19 port 48626 [preauth]
May  8 01:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 01:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: Failed password for root from 218.92.0.216 port 23156 ssh2
May  8 01:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: Failed password for root from 218.92.0.216 port 23156 ssh2
May  8 01:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17043]: Failed password for root from 218.92.0.216 port 23156 ssh2
May  8 01:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237  user=root
May  8 01:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for root from 52.183.128.237 port 47766 ssh2
May  8 01:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Received disconnect from 52.183.128.237 port 47766:11: Bye Bye [preauth]
May  8 01:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Disconnected from 52.183.128.237 port 47766 [preauth]
May  8 01:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15827]: pam_unix(cron:session): session closed for user root
May  8 01:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Failed password for root from 218.92.0.237 port 61624 ssh2
May  8 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 61624 ssh2]
May  8 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Received disconnect from 218.92.0.237 port 61624:11:  [preauth]
May  8 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: Disconnected from 218.92.0.237 port 61624 [preauth]
May  8 01:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17077]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 01:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Invalid user jeus from 134.199.210.64
May  8 01:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: input_userauth_request: invalid user jeus [preauth]
May  8 01:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Failed password for invalid user jeus from 134.199.210.64 port 51928 ssh2
May  8 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Received disconnect from 134.199.210.64 port 51928:11: Bye Bye [preauth]
May  8 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17189]: Disconnected from 134.199.210.64 port 51928 [preauth]
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17192]: pam_unix(cron:session): session closed for user p13x
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: Successful su for rubyman by root
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: + ??? root:rubyman
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350088 of user rubyman.
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17263]: pam_unix(su:session): session closed for user rubyman
May  8 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350088.
May  8 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14580]: pam_unix(cron:session): session closed for user root
May  8 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17193]: pam_unix(cron:session): session closed for user samftp
May  8 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Invalid user yousef from 101.36.122.23
May  8 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: input_userauth_request: invalid user yousef [preauth]
May  8 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Failed password for invalid user yousef from 101.36.122.23 port 43490 ssh2
May  8 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Received disconnect from 101.36.122.23 port 43490:11: Bye Bye [preauth]
May  8 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17450]: Disconnected from 101.36.122.23 port 43490 [preauth]
May  8 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16211]: pam_unix(cron:session): session closed for user root
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17620]: pam_unix(cron:session): session closed for user p13x
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: Successful su for rubyman by root
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: + ??? root:rubyman
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350091 of user rubyman.
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: pam_unix(su:session): session closed for user rubyman
May  8 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350091.
May  8 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15030]: pam_unix(cron:session): session closed for user root
May  8 01:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17621]: pam_unix(cron:session): session closed for user samftp
May  8 01:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16663]: pam_unix(cron:session): session closed for user root
May  8 01:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Invalid user rancher from 50.235.31.47
May  8 01:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: input_userauth_request: invalid user rancher [preauth]
May  8 01:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:02:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Failed password for invalid user rancher from 50.235.31.47 port 41658 ssh2
May  8 01:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18121]: Connection closed by 50.235.31.47 port 41658 [preauth]
May  8 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: Invalid user xiaoqiang from 193.70.84.184
May  8 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: input_userauth_request: invalid user xiaoqiang [preauth]
May  8 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: Failed password for invalid user xiaoqiang from 193.70.84.184 port 51158 ssh2
May  8 01:02:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18129]: Connection closed by 193.70.84.184 port 51158 [preauth]
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18151]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18150]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18150]: pam_unix(cron:session): session closed for user p13x
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18210]: Successful su for rubyman by root
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18210]: + ??? root:rubyman
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18210]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350095 of user rubyman.
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18210]: pam_unix(su:session): session closed for user rubyman
May  8 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350095.
May  8 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: Invalid user test from 85.208.84.4
May  8 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: input_userauth_request: invalid user test [preauth]
May  8 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15427]: pam_unix(cron:session): session closed for user root
May  8 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18151]: pam_unix(cron:session): session closed for user samftp
May  8 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: Failed password for invalid user test from 85.208.84.4 port 56046 ssh2
May  8 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18293]: Connection closed by 85.208.84.4 port 56046 [preauth]
May  8 01:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Invalid user maria from 43.154.90.106
May  8 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: input_userauth_request: invalid user maria [preauth]
May  8 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.154.90.106
May  8 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Failed password for invalid user maria from 43.154.90.106 port 56178 ssh2
May  8 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Received disconnect from 43.154.90.106 port 56178:11: Bye Bye [preauth]
May  8 01:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18449]: Disconnected from 43.154.90.106 port 56178 [preauth]
May  8 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17195]: pam_unix(cron:session): session closed for user root
May  8 01:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163  user=root
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18561]: pam_unix(cron:session): session closed for user p13x
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: Successful su for rubyman by root
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: + ??? root:rubyman
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350099 of user rubyman.
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18621]: pam_unix(su:session): session closed for user rubyman
May  8 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350099.
May  8 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Failed password for root from 23.227.147.163 port 53706 ssh2
May  8 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Received disconnect from 23.227.147.163 port 53706:11: Bye Bye [preauth]
May  8 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18557]: Disconnected from 23.227.147.163 port 53706 [preauth]
May  8 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15825]: pam_unix(cron:session): session closed for user root
May  8 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18562]: pam_unix(cron:session): session closed for user samftp
May  8 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17623]: pam_unix(cron:session): session closed for user root
May  8 01:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  8 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Failed password for root from 146.190.93.207 port 51646 ssh2
May  8 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Received disconnect from 146.190.93.207 port 51646:11: Bye Bye [preauth]
May  8 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18938]: Disconnected from 146.190.93.207 port 51646 [preauth]
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18970]: pam_unix(cron:session): session closed for user root
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session closed for user p13x
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19035]: Successful su for rubyman by root
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19035]: + ??? root:rubyman
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350105 of user rubyman.
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19035]: pam_unix(su:session): session closed for user rubyman
May  8 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350105.
May  8 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18967]: pam_unix(cron:session): session closed for user root
May  8 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16210]: pam_unix(cron:session): session closed for user root
May  8 01:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session closed for user samftp
May  8 01:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18153]: pam_unix(cron:session): session closed for user root
May  8 01:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Invalid user raghav from 103.149.28.105
May  8 01:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: input_userauth_request: invalid user raghav [preauth]
May  8 01:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  8 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Invalid user lol from 134.199.210.64
May  8 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: input_userauth_request: invalid user lol [preauth]
May  8 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Failed password for invalid user raghav from 103.149.28.105 port 50410 ssh2
May  8 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Received disconnect from 103.149.28.105 port 50410:11: Bye Bye [preauth]
May  8 01:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19352]: Disconnected from 103.149.28.105 port 50410 [preauth]
May  8 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Failed password for invalid user lol from 134.199.210.64 port 42336 ssh2
May  8 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Received disconnect from 134.199.210.64 port 42336:11: Bye Bye [preauth]
May  8 01:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19359]: Disconnected from 134.199.210.64 port 42336 [preauth]
May  8 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Invalid user psg from 52.183.128.237
May  8 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: input_userauth_request: invalid user psg [preauth]
May  8 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.183.128.237
May  8 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Failed password for invalid user psg from 52.183.128.237 port 56246 ssh2
May  8 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Received disconnect from 52.183.128.237 port 56246:11: Bye Bye [preauth]
May  8 01:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19389]: Disconnected from 52.183.128.237 port 56246 [preauth]
May  8 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19419]: pam_unix(cron:session): session closed for user p13x
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: Successful su for rubyman by root
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: + ??? root:rubyman
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350111 of user rubyman.
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: pam_unix(su:session): session closed for user rubyman
May  8 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350111.
May  8 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16662]: pam_unix(cron:session): session closed for user root
May  8 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19420]: pam_unix(cron:session): session closed for user samftp
May  8 01:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Invalid user farhan from 101.36.122.23
May  8 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: input_userauth_request: invalid user farhan [preauth]
May  8 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Failed password for invalid user farhan from 101.36.122.23 port 43048 ssh2
May  8 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Received disconnect from 101.36.122.23 port 43048:11: Bye Bye [preauth]
May  8 01:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Disconnected from 101.36.122.23 port 43048 [preauth]
May  8 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18564]: pam_unix(cron:session): session closed for user root
May  8 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19825]: Failed password for root from 101.91.181.235 port 52742 ssh2
May  8 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19825]: Connection closed by 101.91.181.235 port 52742 [preauth]
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user p13x
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: Successful su for rubyman by root
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: + ??? root:rubyman
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350114 of user rubyman.
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19910]: pam_unix(su:session): session closed for user rubyman
May  8 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350114.
May  8 01:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17194]: pam_unix(cron:session): session closed for user root
May  8 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Failed password for root from 101.91.181.235 port 53368 ssh2
May  8 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session closed for user samftp
May  8 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19835]: Connection closed by 101.91.181.235 port 53368 [preauth]
May  8 01:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Failed password for root from 101.91.181.235 port 47112 ssh2
May  8 01:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20108]: Connection closed by 101.91.181.235 port 47112 [preauth]
May  8 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Failed password for root from 101.91.181.235 port 44018 ssh2
May  8 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20140]: Connection closed by 101.91.181.235 port 44018 [preauth]
May  8 01:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: Failed password for root from 101.91.181.235 port 58860 ssh2
May  8 01:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20152]: Connection closed by 101.91.181.235 port 58860 [preauth]
May  8 01:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: Failed password for root from 101.91.181.235 port 58868 ssh2
May  8 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20175]: Connection closed by 101.91.181.235 port 58868 [preauth]
May  8 01:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18969]: pam_unix(cron:session): session closed for user root
May  8 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Failed password for root from 101.91.181.235 port 58876 ssh2
May  8 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20186]: Connection closed by 101.91.181.235 port 58876 [preauth]
May  8 01:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Failed password for root from 101.91.181.235 port 51506 ssh2
May  8 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20217]: Connection closed by 101.91.181.235 port 51506 [preauth]
May  8 01:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Failed password for root from 101.91.181.235 port 49448 ssh2
May  8 01:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20227]: Connection closed by 101.91.181.235 port 49448 [preauth]
May  8 01:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20249]: Failed password for root from 101.91.181.235 port 49452 ssh2
May  8 01:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20249]: Connection closed by 101.91.181.235 port 49452 [preauth]
May  8 01:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Failed password for root from 101.91.181.235 port 40896 ssh2
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Connection closed by 101.91.181.235 port 40896 [preauth]
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20274]: pam_unix(cron:session): session closed for user p13x
May  8 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20332]: Successful su for rubyman by root
May  8 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20332]: + ??? root:rubyman
May  8 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350117 of user rubyman.
May  8 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20332]: pam_unix(su:session): session closed for user rubyman
May  8 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350117.
May  8 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17622]: pam_unix(cron:session): session closed for user root
May  8 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20275]: pam_unix(cron:session): session closed for user samftp
May  8 01:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: Failed password for root from 101.91.181.235 port 40900 ssh2
May  8 01:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20272]: Connection closed by 101.91.181.235 port 40900 [preauth]
May  8 01:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20535]: Failed password for root from 101.91.181.235 port 38040 ssh2
May  8 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20535]: Connection closed by 101.91.181.235 port 38040 [preauth]
May  8 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Failed password for root from 101.91.181.235 port 41564 ssh2
May  8 01:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20558]: Connection closed by 101.91.181.235 port 41564 [preauth]
May  8 01:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Invalid user mb from 23.227.147.163
May  8 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: input_userauth_request: invalid user mb [preauth]
May  8 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for invalid user mb from 23.227.147.163 port 53156 ssh2
May  8 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Failed password for root from 101.91.181.235 port 41566 ssh2
May  8 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Received disconnect from 23.227.147.163 port 53156:11: Bye Bye [preauth]
May  8 01:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Disconnected from 23.227.147.163 port 53156 [preauth]
May  8 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20568]: Connection closed by 101.91.181.235 port 41566 [preauth]
May  8 01:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20594]: Failed password for root from 101.91.181.235 port 48810 ssh2
May  8 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20594]: Connection closed by 101.91.181.235 port 48810 [preauth]
May  8 01:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19423]: pam_unix(cron:session): session closed for user root
May  8 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Failed password for root from 101.91.181.235 port 48820 ssh2
May  8 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Connection closed by 101.91.181.235 port 48820 [preauth]
May  8 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20626]: Failed password for root from 101.91.181.235 port 39924 ssh2
May  8 01:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20626]: Connection closed by 101.91.181.235 port 39924 [preauth]
May  8 01:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Failed password for root from 101.91.181.235 port 39930 ssh2
May  8 01:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20638]: Connection closed by 101.91.181.235 port 39930 [preauth]
May  8 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: Failed password for root from 101.91.181.235 port 55290 ssh2
May  8 01:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20664]: Connection closed by 101.91.181.235 port 55290 [preauth]
May  8 01:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Failed password for root from 101.91.181.235 port 55292 ssh2
May  8 01:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20675]: Connection closed by 101.91.181.235 port 55292 [preauth]
May  8 01:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.181.235  user=root
May  8 01:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Failed password for root from 101.91.181.235 port 60480 ssh2
May  8 01:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20686]: Connection closed by 101.91.181.235 port 60480 [preauth]
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user p13x
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20826]: Successful su for rubyman by root
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20826]: + ??? root:rubyman
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350122 of user rubyman.
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20826]: pam_unix(su:session): session closed for user rubyman
May  8 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350122.
May  8 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session closed for user root
May  8 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18152]: pam_unix(cron:session): session closed for user root
May  8 01:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user samftp
May  8 01:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Failed password for root from 218.92.0.232 port 47018 ssh2
May  8 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: message repeated 2 times: [ Failed password for root from 218.92.0.232 port 47018 ssh2]
May  8 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Received disconnect from 218.92.0.232 port 47018:11:  [preauth]
May  8 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: Disconnected from 218.92.0.232 port 47018 [preauth]
May  8 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21003]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 01:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19853]: pam_unix(cron:session): session closed for user root
May  8 01:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Invalid user admin from 80.94.95.241
May  8 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: input_userauth_request: invalid user admin [preauth]
May  8 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for invalid user admin from 80.94.95.241 port 41294 ssh2
May  8 01:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for invalid user admin from 80.94.95.241 port 41294 ssh2
May  8 01:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.93.207  user=root
May  8 01:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for invalid user admin from 80.94.95.241 port 41294 ssh2
May  8 01:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21246]: pam_unix(cron:session): session closed for user root
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21240]: pam_unix(cron:session): session closed for user p13x
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: Successful su for rubyman by root
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: + ??? root:rubyman
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350128 of user rubyman.
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21327]: pam_unix(su:session): session closed for user rubyman
May  8 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350128.
May  8 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Failed password for root from 146.190.93.207 port 41110 ssh2
May  8 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Received disconnect from 146.190.93.207 port 41110:11: Bye Bye [preauth]
May  8 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21217]: Disconnected from 146.190.93.207 port 41110 [preauth]
May  8 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for invalid user admin from 80.94.95.241 port 41294 ssh2
May  8 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21242]: pam_unix(cron:session): session closed for user root
May  8 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18563]: pam_unix(cron:session): session closed for user root
May  8 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Failed password for invalid user admin from 80.94.95.241 port 41294 ssh2
May  8 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Received disconnect from 80.94.95.241 port 41294:11: Bye [preauth]
May  8 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: Disconnected from 80.94.95.241 port 41294 [preauth]
May  8 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21205]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21241]: pam_unix(cron:session): session closed for user samftp
May  8 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Invalid user valheim from 134.199.210.64
May  8 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: input_userauth_request: invalid user valheim [preauth]
May  8 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Failed password for invalid user valheim from 134.199.210.64 port 43202 ssh2
May  8 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Received disconnect from 134.199.210.64 port 43202:11: Bye Bye [preauth]
May  8 01:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21548]: Disconnected from 134.199.210.64 port 43202 [preauth]
May  8 01:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Invalid user admin from 80.94.95.112
May  8 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: input_userauth_request: invalid user admin [preauth]
May  8 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for invalid user admin from 80.94.95.112 port 57329 ssh2
May  8 01:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for invalid user admin from 80.94.95.112 port 57329 ssh2
May  8 01:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for invalid user admin from 80.94.95.112 port 57329 ssh2
May  8 01:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20277]: pam_unix(cron:session): session closed for user root
May  8 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for invalid user admin from 80.94.95.112 port 57329 ssh2
May  8 01:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Failed password for invalid user admin from 80.94.95.112 port 57329 ssh2
May  8 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Received disconnect from 80.94.95.112 port 57329:11: Bye [preauth]
May  8 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: Disconnected from 80.94.95.112 port 57329 [preauth]
May  8 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 01:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21597]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21724]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21724]: pam_unix(cron:session): session closed for user p13x
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22051]: Successful su for rubyman by root
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22051]: + ??? root:rubyman
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350132 of user rubyman.
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22051]: pam_unix(su:session): session closed for user rubyman
May  8 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350132.
May  8 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18968]: pam_unix(cron:session): session closed for user root
May  8 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21725]: pam_unix(cron:session): session closed for user samftp
May  8 01:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Invalid user pedrito from 101.36.122.23
May  8 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: input_userauth_request: invalid user pedrito [preauth]
May  8 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Failed password for invalid user pedrito from 101.36.122.23 port 37742 ssh2
May  8 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Received disconnect from 101.36.122.23 port 37742:11: Bye Bye [preauth]
May  8 01:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22360]: Disconnected from 101.36.122.23 port 37742 [preauth]
May  8 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20704]: pam_unix(cron:session): session closed for user root
May  8 01:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: Invalid user shanti from 103.149.28.105
May  8 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: input_userauth_request: invalid user shanti [preauth]
May  8 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105
May  8 01:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: Failed password for invalid user shanti from 103.149.28.105 port 58288 ssh2
May  8 01:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: Received disconnect from 103.149.28.105 port 58288:11: Bye Bye [preauth]
May  8 01:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22463]: Disconnected from 103.149.28.105 port 58288 [preauth]
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session closed for user p13x
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: Successful su for rubyman by root
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: + ??? root:rubyman
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350136 of user rubyman.
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22549]: pam_unix(su:session): session closed for user rubyman
May  8 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350136.
May  8 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19421]: pam_unix(cron:session): session closed for user root
May  8 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22478]: pam_unix(cron:session): session closed for user samftp
May  8 01:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Failed password for root from 218.92.0.206 port 59896 ssh2
May  8 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 59896 ssh2]
May  8 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 59896 ssh2 [preauth]
May  8 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: Disconnecting: Too many authentication failures [preauth]
May  8 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22756]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21245]: pam_unix(cron:session): session closed for user root
May  8 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21643]: Connection reset by 218.92.0.237 port 30482 [preauth]
May  8 01:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Invalid user user from 23.227.147.163
May  8 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: input_userauth_request: invalid user user [preauth]
May  8 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Failed password for invalid user user from 23.227.147.163 port 42306 ssh2
May  8 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Received disconnect from 23.227.147.163 port 42306:11: Bye Bye [preauth]
May  8 01:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22893]: Disconnected from 23.227.147.163 port 42306 [preauth]
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22924]: pam_unix(cron:session): session closed for user p13x
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23016]: Successful su for rubyman by root
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23016]: + ??? root:rubyman
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350140 of user rubyman.
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23016]: pam_unix(su:session): session closed for user rubyman
May  8 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350140.
May  8 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19852]: pam_unix(cron:session): session closed for user root
May  8 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22925]: pam_unix(cron:session): session closed for user samftp
May  8 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user root
May  8 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Invalid user admin from 80.94.95.115
May  8 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: input_userauth_request: invalid user admin [preauth]
May  8 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Failed password for invalid user admin from 80.94.95.115 port 35858 ssh2
May  8 01:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23287]: Connection closed by 80.94.95.115 port 35858 [preauth]
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23461]: pam_unix(cron:session): session closed for user p13x
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23524]: Successful su for rubyman by root
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23524]: + ??? root:rubyman
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350145 of user rubyman.
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23524]: pam_unix(su:session): session closed for user rubyman
May  8 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350145.
May  8 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20276]: pam_unix(cron:session): session closed for user root
May  8 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23463]: pam_unix(cron:session): session closed for user samftp
May  8 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22480]: pam_unix(cron:session): session closed for user root
May  8 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Invalid user dee from 134.199.210.64
May  8 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: input_userauth_request: invalid user dee [preauth]
May  8 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Failed password for invalid user dee from 134.199.210.64 port 47190 ssh2
May  8 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Received disconnect from 134.199.210.64 port 47190:11: Bye Bye [preauth]
May  8 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23914]: Disconnected from 134.199.210.64 port 47190 [preauth]
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23977]: pam_unix(cron:session): session closed for user root
May  8 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23972]: pam_unix(cron:session): session closed for user p13x
May  8 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: Successful su for rubyman by root
May  8 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: + ??? root:rubyman
May  8 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350150 of user rubyman.
May  8 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24056]: pam_unix(su:session): session closed for user rubyman
May  8 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350150.
May  8 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23974]: pam_unix(cron:session): session closed for user root
May  8 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user root
May  8 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23973]: pam_unix(cron:session): session closed for user samftp
May  8 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22927]: pam_unix(cron:session): session closed for user root
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session closed for user p13x
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: Successful su for rubyman by root
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: + ??? root:rubyman
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350154 of user rubyman.
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24519]: pam_unix(su:session): session closed for user rubyman
May  8 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350154.
May  8 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21244]: pam_unix(cron:session): session closed for user root
May  8 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session closed for user samftp
May  8 01:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Invalid user jairo from 101.36.122.23
May  8 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: input_userauth_request: invalid user jairo [preauth]
May  8 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Failed password for invalid user jairo from 101.36.122.23 port 38460 ssh2
May  8 01:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Received disconnect from 101.36.122.23 port 38460:11: Bye Bye [preauth]
May  8 01:16:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24757]: Disconnected from 101.36.122.23 port 38460 [preauth]
May  8 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23465]: pam_unix(cron:session): session closed for user root
May  8 01:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Invalid user mahendra from 23.227.147.163
May  8 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: input_userauth_request: invalid user mahendra [preauth]
May  8 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Failed password for invalid user mahendra from 23.227.147.163 port 50874 ssh2
May  8 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Received disconnect from 23.227.147.163 port 50874:11: Bye Bye [preauth]
May  8 01:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24870]: Disconnected from 23.227.147.163 port 50874 [preauth]
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24872]: pam_unix(cron:session): session closed for user root
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24874]: pam_unix(cron:session): session closed for user p13x
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: Successful su for rubyman by root
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: + ??? root:rubyman
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350158 of user rubyman.
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session closed for user rubyman
May  8 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350158.
May  8 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21726]: pam_unix(cron:session): session closed for user root
May  8 01:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24875]: pam_unix(cron:session): session closed for user samftp
May  8 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23976]: pam_unix(cron:session): session closed for user root
May  8 01:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session closed for user p13x
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25369]: Successful su for rubyman by root
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25369]: + ??? root:rubyman
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350163 of user rubyman.
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25369]: pam_unix(su:session): session closed for user rubyman
May  8 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350163.
May  8 01:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22479]: pam_unix(cron:session): session closed for user root
May  8 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: Failed password for root from 103.149.28.105 port 37926 ssh2
May  8 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: Received disconnect from 103.149.28.105 port 37926:11: Bye Bye [preauth]
May  8 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25298]: Disconnected from 103.149.28.105 port 37926 [preauth]
May  8 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user samftp
May  8 01:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25618]: Did not receive identification string from 222.222.220.108
May  8 01:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Invalid user NL5xUDpV2xRa from 222.222.220.108
May  8 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: input_userauth_request: invalid user NL5xUDpV2xRa [preauth]
May  8 01:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: fatal: ssh_packet_get_string: incomplete message [preauth]
May  8 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user root
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25763]: pam_unix(cron:session): session closed for user p13x
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25839]: Successful su for rubyman by root
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25839]: + ??? root:rubyman
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350169 of user rubyman.
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25839]: pam_unix(su:session): session closed for user rubyman
May  8 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350169.
May  8 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22926]: pam_unix(cron:session): session closed for user root
May  8 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25764]: pam_unix(cron:session): session closed for user samftp
May  8 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Invalid user sean from 134.199.210.64
May  8 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: input_userauth_request: invalid user sean [preauth]
May  8 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.199.210.64
May  8 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for invalid user sean from 134.199.210.64 port 48144 ssh2
May  8 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Received disconnect from 134.199.210.64 port 48144:11: Bye Bye [preauth]
May  8 01:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Disconnected from 134.199.210.64 port 48144 [preauth]
May  8 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24877]: pam_unix(cron:session): session closed for user root
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26206]: pam_unix(cron:session): session closed for user root
May  8 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26199]: pam_unix(cron:session): session closed for user p13x
May  8 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26269]: Successful su for rubyman by root
May  8 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26269]: + ??? root:rubyman
May  8 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350171 of user rubyman.
May  8 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26269]: pam_unix(su:session): session closed for user rubyman
May  8 01:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350171.
May  8 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26202]: pam_unix(cron:session): session closed for user root
May  8 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23464]: pam_unix(cron:session): session closed for user root
May  8 01:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26201]: pam_unix(cron:session): session closed for user samftp
May  8 01:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 01:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 80.94.95.125 port 5582 ssh2
May  8 01:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 5582 ssh2]
May  8 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Received disconnect from 80.94.95.125 port 5582:11: Bye [preauth]
May  8 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Disconnected from 80.94.95.125 port 5582 [preauth]
May  8 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 01:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 01:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Failed password for root from 218.92.0.237 port 10268 ssh2
May  8 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25304]: pam_unix(cron:session): session closed for user root
May  8 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Failed password for root from 218.92.0.237 port 10268 ssh2
May  8 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Failed password for root from 218.92.0.237 port 10268 ssh2
May  8 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Received disconnect from 218.92.0.237 port 10268:11:  [preauth]
May  8 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: Disconnected from 218.92.0.237 port 10268 [preauth]
May  8 01:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26622]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26713]: pam_unix(cron:session): session closed for user p13x
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26781]: Successful su for rubyman by root
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26781]: + ??? root:rubyman
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350177 of user rubyman.
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26781]: pam_unix(su:session): session closed for user rubyman
May  8 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350177.
May  8 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23975]: pam_unix(cron:session): session closed for user root
May  8 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session closed for user samftp
May  8 01:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Invalid user test from 23.227.147.163
May  8 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: input_userauth_request: invalid user test [preauth]
May  8 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Failed password for invalid user test from 23.227.147.163 port 44852 ssh2
May  8 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Received disconnect from 23.227.147.163 port 44852:11: Bye Bye [preauth]
May  8 01:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27066]: Disconnected from 23.227.147.163 port 44852 [preauth]
May  8 01:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: Invalid user hi from 101.36.122.23
May  8 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: input_userauth_request: invalid user hi [preauth]
May  8 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: Failed password for invalid user hi from 101.36.122.23 port 45270 ssh2
May  8 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: Received disconnect from 101.36.122.23 port 45270:11: Bye Bye [preauth]
May  8 01:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27112]: Disconnected from 101.36.122.23 port 45270 [preauth]
May  8 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Invalid user emilia from 68.183.90.203
May  8 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: input_userauth_request: invalid user emilia [preauth]
May  8 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25767]: pam_unix(cron:session): session closed for user root
May  8 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Failed password for invalid user emilia from 68.183.90.203 port 51370 ssh2
May  8 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Received disconnect from 68.183.90.203 port 51370:11: Bye Bye [preauth]
May  8 01:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27114]: Disconnected from 68.183.90.203 port 51370 [preauth]
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27210]: pam_unix(cron:session): session closed for user p13x
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: Successful su for rubyman by root
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: + ??? root:rubyman
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350182 of user rubyman.
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27277]: pam_unix(su:session): session closed for user rubyman
May  8 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350182.
May  8 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user root
May  8 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27211]: pam_unix(cron:session): session closed for user samftp
May  8 01:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27561]: Invalid user  from 196.251.84.225
May  8 01:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27561]: input_userauth_request: invalid user  [preauth]
May  8 01:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27561]: Connection closed by 196.251.84.225 port 59792 [preauth]
May  8 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26205]: pam_unix(cron:session): session closed for user root
May  8 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27686]: pam_unix(cron:session): session closed for user p13x
May  8 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27748]: Successful su for rubyman by root
May  8 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27748]: + ??? root:rubyman
May  8 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27748]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350186 of user rubyman.
May  8 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27748]: pam_unix(su:session): session closed for user rubyman
May  8 01:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350186.
May  8 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session closed for user root
May  8 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27687]: pam_unix(cron:session): session closed for user samftp
May  8 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26716]: pam_unix(cron:session): session closed for user root
May  8 01:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: User nobody from 80.94.95.116 not allowed because not listed in AllowUsers
May  8 01:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: input_userauth_request: invalid user nobody [preauth]
May  8 01:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=nobody
May  8 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: Failed password for invalid user nobody from 80.94.95.116 port 45398 ssh2
May  8 01:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28042]: Connection closed by 80.94.95.116 port 45398 [preauth]
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28095]: pam_unix(cron:session): session closed for user p13x
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28157]: Successful su for rubyman by root
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28157]: + ??? root:rubyman
May  8 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350190 of user rubyman.
May  8 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28157]: pam_unix(su:session): session closed for user rubyman
May  8 01:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350190.
May  8 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25303]: pam_unix(cron:session): session closed for user root
May  8 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28096]: pam_unix(cron:session): session closed for user samftp
May  8 01:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.149.28.105  user=root
May  8 01:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Failed password for root from 103.149.28.105 port 45796 ssh2
May  8 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Received disconnect from 103.149.28.105 port 45796:11: Bye Bye [preauth]
May  8 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Disconnected from 103.149.28.105 port 45796 [preauth]
May  8 01:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28356]: Connection closed by 46.244.96.25 port 39610 [preauth]
May  8 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Invalid user gitadmin from 46.244.96.25
May  8 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: input_userauth_request: invalid user gitadmin [preauth]
May  8 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  8 01:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user gitadmin from 46.244.96.25 port 39510 ssh2
May  8 01:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Connection closed by 46.244.96.25 port 39510 [preauth]
May  8 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27216]: pam_unix(cron:session): session closed for user root
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user root
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28511]: pam_unix(cron:session): session closed for user p13x
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: Successful su for rubyman by root
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: + ??? root:rubyman
May  8 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350195 of user rubyman.
May  8 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28577]: pam_unix(su:session): session closed for user rubyman
May  8 01:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350195.
May  8 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28513]: pam_unix(cron:session): session closed for user root
May  8 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25765]: pam_unix(cron:session): session closed for user root
May  8 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28512]: pam_unix(cron:session): session closed for user samftp
May  8 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27689]: pam_unix(cron:session): session closed for user root
May  8 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Invalid user roo from 23.227.147.163
May  8 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: input_userauth_request: invalid user roo [preauth]
May  8 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Failed password for invalid user roo from 23.227.147.163 port 60258 ssh2
May  8 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Received disconnect from 23.227.147.163 port 60258:11: Bye Bye [preauth]
May  8 01:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28932]: Disconnected from 23.227.147.163 port 60258 [preauth]
May  8 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session closed for user p13x
May  8 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: Successful su for rubyman by root
May  8 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: + ??? root:rubyman
May  8 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350200 of user rubyman.
May  8 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29072]: pam_unix(su:session): session closed for user rubyman
May  8 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350200.
May  8 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26204]: pam_unix(cron:session): session closed for user root
May  8 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session closed for user samftp
May  8 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28098]: pam_unix(cron:session): session closed for user root
May  8 01:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Invalid user devuser from 101.36.122.23
May  8 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: input_userauth_request: invalid user devuser [preauth]
May  8 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Failed password for invalid user devuser from 101.36.122.23 port 46642 ssh2
May  8 01:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Received disconnect from 101.36.122.23 port 46642:11: Bye Bye [preauth]
May  8 01:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29401]: Disconnected from 101.36.122.23 port 46642 [preauth]
May  8 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29463]: pam_unix(cron:session): session closed for user p13x
May  8 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29527]: Successful su for rubyman by root
May  8 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29527]: + ??? root:rubyman
May  8 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350205 of user rubyman.
May  8 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29527]: pam_unix(su:session): session closed for user rubyman
May  8 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350205.
May  8 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26715]: pam_unix(cron:session): session closed for user root
May  8 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29464]: pam_unix(cron:session): session closed for user samftp
May  8 01:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session closed for user root
May  8 01:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  8 01:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Failed password for root from 218.92.0.209 port 24498 ssh2
May  8 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: message repeated 4 times: [ Failed password for root from 218.92.0.209 port 24498 ssh2]
May  8 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 24498 ssh2 [preauth]
May  8 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: Disconnecting: Too many authentication failures [preauth]
May  8 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  8 01:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29806]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29869]: pam_unix(cron:session): session closed for user p13x
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: Successful su for rubyman by root
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: + ??? root:rubyman
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350207 of user rubyman.
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29934]: pam_unix(su:session): session closed for user rubyman
May  8 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350207.
May  8 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27212]: pam_unix(cron:session): session closed for user root
May  8 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29870]: pam_unix(cron:session): session closed for user samftp
May  8 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session closed for user root
May  8 01:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: Invalid user postgres from 68.183.90.203
May  8 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: input_userauth_request: invalid user postgres [preauth]
May  8 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: Failed password for invalid user postgres from 68.183.90.203 port 34546 ssh2
May  8 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: Received disconnect from 68.183.90.203 port 34546:11: Bye Bye [preauth]
May  8 01:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30252]: Disconnected from 68.183.90.203 port 34546 [preauth]
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30263]: pam_unix(cron:session): session closed for user p13x
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30326]: Successful su for rubyman by root
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30326]: + ??? root:rubyman
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350212 of user rubyman.
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30326]: pam_unix(su:session): session closed for user rubyman
May  8 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350212.
May  8 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27688]: pam_unix(cron:session): session closed for user root
May  8 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30264]: pam_unix(cron:session): session closed for user samftp
May  8 01:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session closed for user root
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30672]: pam_unix(cron:session): session closed for user root
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30667]: pam_unix(cron:session): session closed for user p13x
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: Successful su for rubyman by root
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: + ??? root:rubyman
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350218 of user rubyman.
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30740]: pam_unix(su:session): session closed for user rubyman
May  8 01:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350218.
May  8 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28097]: pam_unix(cron:session): session closed for user root
May  8 01:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30669]: pam_unix(cron:session): session closed for user root
May  8 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30668]: pam_unix(cron:session): session closed for user samftp
May  8 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163  user=root
May  8 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Failed password for root from 23.227.147.163 port 50422 ssh2
May  8 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Received disconnect from 23.227.147.163 port 50422:11: Bye Bye [preauth]
May  8 01:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Disconnected from 23.227.147.163 port 50422 [preauth]
May  8 01:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 01:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Failed password for root from 218.92.0.218 port 14852 ssh2
May  8 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: message repeated 2 times: [ Failed password for root from 218.92.0.218 port 14852 ssh2]
May  8 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29872]: pam_unix(cron:session): session closed for user root
May  8 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Received disconnect from 218.92.0.218 port 14852:11:  [preauth]
May  8 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: Disconnected from 218.92.0.218 port 14852 [preauth]
May  8 01:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31087]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31200]: pam_unix(cron:session): session closed for user p13x
May  8 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31269]: Successful su for rubyman by root
May  8 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31269]: + ??? root:rubyman
May  8 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350222 of user rubyman.
May  8 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31269]: pam_unix(su:session): session closed for user rubyman
May  8 01:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350222.
May  8 01:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28514]: pam_unix(cron:session): session closed for user root
May  8 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31201]: pam_unix(cron:session): session closed for user samftp
May  8 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session closed for user root
May  8 01:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: Invalid user report from 101.36.122.23
May  8 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: input_userauth_request: invalid user report [preauth]
May  8 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: Failed password for invalid user report from 101.36.122.23 port 39446 ssh2
May  8 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: Received disconnect from 101.36.122.23 port 39446:11: Bye Bye [preauth]
May  8 01:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31583]: Disconnected from 101.36.122.23 port 39446 [preauth]
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31612]: pam_unix(cron:session): session closed for user p13x
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31703]: Successful su for rubyman by root
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31703]: + ??? root:rubyman
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350226 of user rubyman.
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31703]: pam_unix(su:session): session closed for user rubyman
May  8 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350226.
May  8 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session closed for user root
May  8 01:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31613]: pam_unix(cron:session): session closed for user samftp
May  8 01:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30671]: pam_unix(cron:session): session closed for user root
May  8 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32320]: pam_unix(cron:session): session closed for user p13x
May  8 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: Successful su for rubyman by root
May  8 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: + ??? root:rubyman
May  8 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350229 of user rubyman.
May  8 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32414]: pam_unix(su:session): session closed for user rubyman
May  8 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350229.
May  8 01:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29465]: pam_unix(cron:session): session closed for user root
May  8 01:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32321]: pam_unix(cron:session): session closed for user samftp
May  8 01:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Failed password for root from 164.68.105.9 port 37654 ssh2
May  8 01:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32721]: Connection closed by 164.68.105.9 port 37654 [preauth]
May  8 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user root
May  8 01:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[451]: pam_unix(cron:session): session closed for user p13x
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[541]: Successful su for rubyman by root
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[541]: + ??? root:rubyman
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350234 of user rubyman.
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[541]: pam_unix(su:session): session closed for user rubyman
May  8 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350234.
May  8 01:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29871]: pam_unix(cron:session): session closed for user root
May  8 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[462]: pam_unix(cron:session): session closed for user samftp
May  8 01:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Invalid user seal from 68.183.90.203
May  8 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: input_userauth_request: invalid user seal [preauth]
May  8 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Failed password for invalid user seal from 68.183.90.203 port 51154 ssh2
May  8 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Received disconnect from 68.183.90.203 port 51154:11: Bye Bye [preauth]
May  8 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[757]: Disconnected from 68.183.90.203 port 51154 [preauth]
May  8 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31615]: pam_unix(cron:session): session closed for user root
May  8 01:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Invalid user gs from 23.227.147.163
May  8 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: input_userauth_request: invalid user gs [preauth]
May  8 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Failed password for invalid user gs from 23.227.147.163 port 56604 ssh2
May  8 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Received disconnect from 23.227.147.163 port 56604:11: Bye Bye [preauth]
May  8 01:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[853]: Disconnected from 23.227.147.163 port 56604 [preauth]
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[929]: pam_unix(cron:session): session closed for user root
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[921]: pam_unix(cron:session): session closed for user p13x
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: Successful su for rubyman by root
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: + ??? root:rubyman
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350239 of user rubyman.
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session closed for user rubyman
May  8 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350239.
May  8 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[923]: pam_unix(cron:session): session closed for user root
May  8 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30265]: pam_unix(cron:session): session closed for user root
May  8 01:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[922]: pam_unix(cron:session): session closed for user samftp
May  8 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32324]: pam_unix(cron:session): session closed for user root
May  8 01:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=root
May  8 01:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Failed password for root from 85.208.84.5 port 59722 ssh2
May  8 01:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1418]: Connection closed by 85.208.84.5 port 59722 [preauth]
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1461]: pam_unix(cron:session): session closed for user p13x
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: Successful su for rubyman by root
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: + ??? root:rubyman
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350243 of user rubyman.
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: pam_unix(su:session): session closed for user rubyman
May  8 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350243.
May  8 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30670]: pam_unix(cron:session): session closed for user root
May  8 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1462]: pam_unix(cron:session): session closed for user samftp
May  8 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[464]: pam_unix(cron:session): session closed for user root
May  8 01:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Invalid user samuel from 101.36.122.23
May  8 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: input_userauth_request: invalid user samuel [preauth]
May  8 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Failed password for invalid user samuel from 101.36.122.23 port 38736 ssh2
May  8 01:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Received disconnect from 101.36.122.23 port 38736:11: Bye Bye [preauth]
May  8 01:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1892]: Disconnected from 101.36.122.23 port 38736 [preauth]
May  8 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2009]: pam_unix(cron:session): session closed for user p13x
May  8 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: Successful su for rubyman by root
May  8 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: + ??? root:rubyman
May  8 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350249 of user rubyman.
May  8 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2075]: pam_unix(su:session): session closed for user rubyman
May  8 01:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350249.
May  8 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session closed for user root
May  8 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2010]: pam_unix(cron:session): session closed for user samftp
May  8 01:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[925]: pam_unix(cron:session): session closed for user root
May  8 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2433]: pam_unix(cron:session): session closed for user p13x
May  8 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2500]: Successful su for rubyman by root
May  8 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2500]: + ??? root:rubyman
May  8 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350252 of user rubyman.
May  8 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2500]: pam_unix(su:session): session closed for user rubyman
May  8 01:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350252.
May  8 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31614]: pam_unix(cron:session): session closed for user root
May  8 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2434]: pam_unix(cron:session): session closed for user samftp
May  8 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1464]: pam_unix(cron:session): session closed for user root
May  8 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2866]: pam_unix(cron:session): session closed for user p13x
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: Successful su for rubyman by root
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: + ??? root:rubyman
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350256 of user rubyman.
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2997]: pam_unix(su:session): session closed for user rubyman
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350256.
May  8 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2863]: pam_unix(cron:session): session closed for user root
May  8 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163  user=root
May  8 01:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32322]: pam_unix(cron:session): session closed for user root
May  8 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Failed password for root from 23.227.147.163 port 49284 ssh2
May  8 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Received disconnect from 23.227.147.163 port 49284:11: Bye Bye [preauth]
May  8 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3172]: Disconnected from 23.227.147.163 port 49284 [preauth]
May  8 01:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2867]: pam_unix(cron:session): session closed for user samftp
May  8 01:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Invalid user vr from 68.183.90.203
May  8 01:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: input_userauth_request: invalid user vr [preauth]
May  8 01:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Failed password for invalid user vr from 68.183.90.203 port 48336 ssh2
May  8 01:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Received disconnect from 68.183.90.203 port 48336:11: Bye Bye [preauth]
May  8 01:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Disconnected from 68.183.90.203 port 48336 [preauth]
May  8 01:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2012]: pam_unix(cron:session): session closed for user root
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3381]: pam_unix(cron:session): session closed for user root
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3368]: pam_unix(cron:session): session closed for user p13x
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3461]: Successful su for rubyman by root
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3461]: + ??? root:rubyman
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350262 of user rubyman.
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3461]: pam_unix(su:session): session closed for user rubyman
May  8 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350262.
May  8 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3370]: pam_unix(cron:session): session closed for user root
May  8 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[463]: pam_unix(cron:session): session closed for user root
May  8 01:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3369]: pam_unix(cron:session): session closed for user samftp
May  8 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session closed for user root
May  8 01:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 01:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Failed password for root from 218.92.0.220 port 59078 ssh2
May  8 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: message repeated 2 times: [ Failed password for root from 218.92.0.220 port 59078 ssh2]
May  8 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Received disconnect from 218.92.0.220 port 59078:11:  [preauth]
May  8 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: Disconnected from 218.92.0.220 port 59078 [preauth]
May  8 01:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3827]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user p13x
May  8 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: Successful su for rubyman by root
May  8 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: + ??? root:rubyman
May  8 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350267 of user rubyman.
May  8 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3918]: pam_unix(su:session): session closed for user rubyman
May  8 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350267.
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4028]: Did not receive identification string from 103.197.184.219
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4093]: Bad protocol version identification '\026\003\001' from 74.82.47.4 port 32728
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Invalid user usario from 103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: input_userauth_request: invalid user usario [preauth]
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Invalid user support from 103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: input_userauth_request: invalid user support [preauth]
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Invalid user ubnt from 103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: input_userauth_request: invalid user ubnt [preauth]
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Invalid user user from 103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Invalid user admin from 103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: input_userauth_request: invalid user admin [preauth]
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: input_userauth_request: invalid user user [preauth]
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.219
May  8 01:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[924]: pam_unix(cron:session): session closed for user root
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Failed password for invalid user usario from 103.197.184.219 port 15438 ssh2
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Failed password for invalid user support from 103.197.184.219 port 15434 ssh2
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Failed password for invalid user admin from 103.197.184.219 port 15454 ssh2
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Failed password for invalid user user from 103.197.184.219 port 15436 ssh2
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Failed password for invalid user ubnt from 103.197.184.219 port 15466 ssh2
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Received disconnect from 103.197.184.219 port 15438:11: Bye Bye [preauth]
May  8 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4064]: Disconnected from 103.197.184.219 port 15438 [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Received disconnect from 103.197.184.219 port 15434:11: Bye Bye [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4066]: Disconnected from 103.197.184.219 port 15434 [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Received disconnect from 103.197.184.219 port 15454:11: Bye Bye [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4070]: Disconnected from 103.197.184.219 port 15454 [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Received disconnect from 103.197.184.219 port 15436:11: Bye Bye [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4067]: Disconnected from 103.197.184.219 port 15436 [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Received disconnect from 103.197.184.219 port 15466:11: Bye Bye [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4071]: Disconnected from 103.197.184.219 port 15466 [preauth]
May  8 01:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session closed for user samftp
May  8 01:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user root
May  8 01:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Invalid user lfs from 101.36.122.23
May  8 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: input_userauth_request: invalid user lfs [preauth]
May  8 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Invalid user admin from 80.94.95.241
May  8 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: input_userauth_request: invalid user admin [preauth]
May  8 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Failed password for invalid user lfs from 101.36.122.23 port 43734 ssh2
May  8 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Received disconnect from 101.36.122.23 port 43734:11: Bye Bye [preauth]
May  8 01:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4427]: Disconnected from 101.36.122.23 port 43734 [preauth]
May  8 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Failed password for invalid user admin from 80.94.95.241 port 27166 ssh2
May  8 01:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Failed password for invalid user admin from 80.94.95.241 port 27166 ssh2
May  8 01:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Failed password for invalid user admin from 80.94.95.241 port 27166 ssh2
May  8 01:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Failed password for invalid user admin from 80.94.95.241 port 27166 ssh2
May  8 01:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Failed password for invalid user admin from 80.94.95.241 port 27166 ssh2
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Received disconnect from 80.94.95.241 port 27166:11: Bye [preauth]
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: Disconnected from 80.94.95.241 port 27166 [preauth]
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4429]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4462]: pam_unix(cron:session): session closed for user p13x
May  8 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4540]: Successful su for rubyman by root
May  8 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4540]: + ??? root:rubyman
May  8 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350270 of user rubyman.
May  8 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4540]: pam_unix(su:session): session closed for user rubyman
May  8 01:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350270.
May  8 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1463]: pam_unix(cron:session): session closed for user root
May  8 01:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4463]: pam_unix(cron:session): session closed for user samftp
May  8 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Failed password for root from 193.70.84.184 port 42950 ssh2
May  8 01:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4710]: Connection closed by 193.70.84.184 port 42950 [preauth]
May  8 01:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 01:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: Failed password for root from 218.92.0.205 port 58422 ssh2
May  8 01:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: Failed password for root from 218.92.0.205 port 58422 ssh2
May  8 01:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3380]: pam_unix(cron:session): session closed for user root
May  8 01:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: Failed password for root from 218.92.0.205 port 58422 ssh2
May  8 01:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: Failed password for root from 218.92.0.205 port 58422 ssh2
May  8 01:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Invalid user admin from 80.94.95.112
May  8 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: input_userauth_request: invalid user admin [preauth]
May  8 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: Failed password for root from 218.92.0.205 port 58422 ssh2
May  8 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 58422 ssh2 [preauth]
May  8 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: Disconnecting: Too many authentication failures [preauth]
May  8 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 01:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4784]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for invalid user admin from 80.94.95.112 port 43722 ssh2
May  8 01:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for invalid user admin from 80.94.95.112 port 43722 ssh2
May  8 01:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for invalid user admin from 80.94.95.112 port 43722 ssh2
May  8 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for root from 218.92.0.205 port 22662 ssh2
May  8 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for invalid user admin from 80.94.95.112 port 43722 ssh2
May  8 01:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for root from 218.92.0.205 port 22662 ssh2
May  8 01:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Failed password for invalid user admin from 80.94.95.112 port 43722 ssh2
May  8 01:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Received disconnect from 80.94.95.112 port 43722:11: Bye [preauth]
May  8 01:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: Disconnected from 80.94.95.112 port 43722 [preauth]
May  8 01:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 01:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4843]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for root from 218.92.0.205 port 22662 ssh2
May  8 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 22662 ssh2]
May  8 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4900]: pam_unix(cron:session): session closed for user p13x
May  8 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4971]: Successful su for rubyman by root
May  8 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4971]: + ??? root:rubyman
May  8 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350274 of user rubyman.
May  8 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4971]: pam_unix(su:session): session closed for user rubyman
May  8 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350274.
May  8 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for root from 218.92.0.205 port 22662 ssh2
May  8 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 22662 ssh2 [preauth]
May  8 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Disconnecting: Too many authentication failures [preauth]
May  8 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2011]: pam_unix(cron:session): session closed for user root
May  8 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4901]: pam_unix(cron:session): session closed for user samftp
May  8 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Invalid user debian from 23.227.147.163
May  8 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: input_userauth_request: invalid user debian [preauth]
May  8 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session closed for user root
May  8 01:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Failed password for invalid user debian from 23.227.147.163 port 37434 ssh2
May  8 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Received disconnect from 23.227.147.163 port 37434:11: Bye Bye [preauth]
May  8 01:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5419]: Disconnected from 23.227.147.163 port 37434 [preauth]
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5515]: pam_unix(cron:session): session closed for user p13x
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5621]: Successful su for rubyman by root
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5621]: + ??? root:rubyman
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350278 of user rubyman.
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5621]: pam_unix(su:session): session closed for user rubyman
May  8 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350278.
May  8 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session closed for user root
May  8 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5516]: pam_unix(cron:session): session closed for user samftp
May  8 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: Invalid user ubuntu from 196.251.84.225
May  8 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: input_userauth_request: invalid user ubuntu [preauth]
May  8 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: Failed password for invalid user ubuntu from 196.251.84.225 port 33862 ssh2
May  8 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5921]: Connection closed by 196.251.84.225 port 33862 [preauth]
May  8 01:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Invalid user enisa from 80.94.95.125
May  8 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: input_userauth_request: invalid user enisa [preauth]
May  8 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 01:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user enisa from 80.94.95.125 port 63021 ssh2
May  8 01:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user enisa from 80.94.95.125 port 63021 ssh2
May  8 01:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user enisa from 80.94.95.125 port 63021 ssh2
May  8 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Invalid user eacadm from 68.183.90.203
May  8 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: input_userauth_request: invalid user eacadm [preauth]
May  8 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user enisa from 80.94.95.125 port 63021 ssh2
May  8 01:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Failed password for invalid user eacadm from 68.183.90.203 port 58046 ssh2
May  8 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Received disconnect from 68.183.90.203 port 58046:11: Bye Bye [preauth]
May  8 01:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5963]: Disconnected from 68.183.90.203 port 58046 [preauth]
May  8 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user enisa from 80.94.95.125 port 63021 ssh2
May  8 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Received disconnect from 80.94.95.125 port 63021:11: Bye [preauth]
May  8 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Disconnected from 80.94.95.125 port 63021 [preauth]
May  8 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 01:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session closed for user root
May  8 01:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 01:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for root from 218.92.0.236 port 18202 ssh2
May  8 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 18202 ssh2]
May  8 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Received disconnect from 218.92.0.236 port 18202:11:  [preauth]
May  8 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Disconnected from 218.92.0.236 port 18202 [preauth]
May  8 01:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 01:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Invalid user jellyfin from 196.251.84.225
May  8 01:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: input_userauth_request: invalid user jellyfin [preauth]
May  8 01:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for invalid user jellyfin from 196.251.84.225 port 53462 ssh2
May  8 01:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 196.251.84.225 port 53462 [preauth]
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6069]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6068]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session closed for user root
May  8 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6068]: pam_unix(cron:session): session closed for user p13x
May  8 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6154]: Successful su for rubyman by root
May  8 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6154]: + ??? root:rubyman
May  8 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350286 of user rubyman.
May  8 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6154]: pam_unix(su:session): session closed for user rubyman
May  8 01:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350286.
May  8 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6070]: pam_unix(cron:session): session closed for user root
May  8 01:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user root
May  8 01:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6069]: pam_unix(cron:session): session closed for user samftp
May  8 01:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Invalid user steam from 196.251.84.225
May  8 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: input_userauth_request: invalid user steam [preauth]
May  8 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Failed password for invalid user steam from 196.251.84.225 port 42452 ssh2
May  8 01:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6389]: Connection closed by 196.251.84.225 port 42452 [preauth]
May  8 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4903]: pam_unix(cron:session): session closed for user root
May  8 01:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Invalid user app from 196.251.84.225
May  8 01:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: input_userauth_request: invalid user app [preauth]
May  8 01:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Failed password for invalid user app from 196.251.84.225 port 33022 ssh2
May  8 01:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6493]: Connection closed by 196.251.84.225 port 33022 [preauth]
May  8 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6520]: pam_unix(cron:session): session closed for user p13x
May  8 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: Successful su for rubyman by root
May  8 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: + ??? root:rubyman
May  8 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350290 of user rubyman.
May  8 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6584]: pam_unix(su:session): session closed for user rubyman
May  8 01:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350290.
May  8 01:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3379]: pam_unix(cron:session): session closed for user root
May  8 01:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6521]: pam_unix(cron:session): session closed for user samftp
May  8 01:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Invalid user satisfactory from 196.251.84.225
May  8 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: input_userauth_request: invalid user satisfactory [preauth]
May  8 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Failed password for invalid user satisfactory from 196.251.84.225 port 54886 ssh2
May  8 01:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6804]: Connection closed by 196.251.84.225 port 54886 [preauth]
May  8 01:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5519]: pam_unix(cron:session): session closed for user root
May  8 01:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Failed password for root from 196.251.84.225 port 52754 ssh2
May  8 01:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6891]: Connection closed by 196.251.84.225 port 52754 [preauth]
May  8 01:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Invalid user PlcmSpIp from 101.36.122.23
May  8 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: input_userauth_request: invalid user PlcmSpIp [preauth]
May  8 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Failed password for invalid user PlcmSpIp from 101.36.122.23 port 43812 ssh2
May  8 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Received disconnect from 101.36.122.23 port 43812:11: Bye Bye [preauth]
May  8 01:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7021]: Disconnected from 101.36.122.23 port 43812 [preauth]
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session closed for user p13x
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7117]: Successful su for rubyman by root
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7117]: + ??? root:rubyman
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350292 of user rubyman.
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7117]: pam_unix(su:session): session closed for user rubyman
May  8 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350292.
May  8 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session closed for user root
May  8 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user samftp
May  8 01:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: Did not receive identification string from 196.251.87.54
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Invalid user admin from 196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: input_userauth_request: invalid user admin [preauth]
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user user from 196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user user [preauth]
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Invalid user support from 196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: input_userauth_request: invalid user support [preauth]
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Invalid user ubnt from 196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: input_userauth_request: invalid user ubnt [preauth]
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Invalid user usario from 196.251.87.54
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: input_userauth_request: invalid user usario [preauth]
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.54
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Failed password for invalid user admin from 196.251.87.54 port 24552 ssh2
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user user from 196.251.87.54 port 24572 ssh2
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Failed password for invalid user support from 196.251.87.54 port 24566 ssh2
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Failed password for invalid user ubnt from 196.251.87.54 port 24568 ssh2
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Failed password for invalid user usario from 196.251.87.54 port 24574 ssh2
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Received disconnect from 196.251.87.54 port 24552:11: Bye Bye [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7318]: Disconnected from 196.251.87.54 port 24552 [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Received disconnect from 196.251.87.54 port 24572:11: Bye Bye [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Disconnected from 196.251.87.54 port 24572 [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Received disconnect from 196.251.87.54 port 24566:11: Bye Bye [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Disconnected from 196.251.87.54 port 24566 [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Received disconnect from 196.251.87.54 port 24568:11: Bye Bye [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7323]: Disconnected from 196.251.87.54 port 24568 [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Received disconnect from 196.251.87.54 port 24574:11: Bye Bye [preauth]
May  8 01:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7326]: Disconnected from 196.251.87.54 port 24574 [preauth]
May  8 01:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: Failed password for root from 196.251.84.225 port 45850 ssh2
May  8 01:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7316]: Connection closed by 196.251.84.225 port 45850 [preauth]
May  8 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Invalid user ftpuser from 194.0.234.19
May  8 01:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: input_userauth_request: invalid user ftpuser [preauth]
May  8 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 01:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Failed password for invalid user ftpuser from 194.0.234.19 port 63856 ssh2
May  8 01:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7356]: Connection closed by 194.0.234.19 port 63856 [preauth]
May  8 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6072]: pam_unix(cron:session): session closed for user root
May  8 01:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Invalid user docker from 196.251.84.225
May  8 01:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: input_userauth_request: invalid user docker [preauth]
May  8 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Failed password for invalid user docker from 196.251.84.225 port 58586 ssh2
May  8 01:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7421]: Connection closed by 196.251.84.225 port 58586 [preauth]
May  8 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: Invalid user user from 23.227.147.163
May  8 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: input_userauth_request: invalid user user [preauth]
May  8 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session closed for user p13x
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7642]: Successful su for rubyman by root
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7642]: + ??? root:rubyman
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7642]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350296 of user rubyman.
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7642]: pam_unix(su:session): session closed for user rubyman
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350296.
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: Failed password for invalid user user from 23.227.147.163 port 40952 ssh2
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: Received disconnect from 23.227.147.163 port 40952:11: Bye Bye [preauth]
May  8 01:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7474]: Disconnected from 23.227.147.163 port 40952 [preauth]
May  8 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4464]: pam_unix(cron:session): session closed for user root
May  8 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session closed for user samftp
May  8 01:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Failed password for root from 196.251.84.225 port 36398 ssh2
May  8 01:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7856]: Connection closed by 196.251.84.225 port 36398 [preauth]
May  8 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6523]: pam_unix(cron:session): session closed for user root
May  8 01:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Invalid user arkserver from 196.251.84.225
May  8 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: input_userauth_request: invalid user arkserver [preauth]
May  8 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Failed password for invalid user arkserver from 196.251.84.225 port 55236 ssh2
May  8 01:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Connection closed by 196.251.84.225 port 55236 [preauth]
May  8 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8006]: pam_unix(cron:session): session closed for user p13x
May  8 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8074]: Successful su for rubyman by root
May  8 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8074]: + ??? root:rubyman
May  8 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350301 of user rubyman.
May  8 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8074]: pam_unix(su:session): session closed for user rubyman
May  8 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350301.
May  8 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4902]: pam_unix(cron:session): session closed for user root
May  8 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8007]: pam_unix(cron:session): session closed for user samftp
May  8 01:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Failed password for root from 196.251.84.225 port 49036 ssh2
May  8 01:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8275]: Connection closed by 196.251.84.225 port 49036 [preauth]
May  8 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session closed for user root
May  8 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Invalid user jiaxuan from 68.183.90.203
May  8 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: input_userauth_request: invalid user jiaxuan [preauth]
May  8 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for invalid user jiaxuan from 68.183.90.203 port 47388 ssh2
May  8 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Received disconnect from 68.183.90.203 port 47388:11: Bye Bye [preauth]
May  8 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Disconnected from 68.183.90.203 port 47388 [preauth]
May  8 01:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Failed password for root from 196.251.84.225 port 34730 ssh2
May  8 01:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8378]: Connection closed by 196.251.84.225 port 34730 [preauth]
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user root
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session closed for user p13x
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: Successful su for rubyman by root
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: + ??? root:rubyman
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350309 of user rubyman.
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session closed for user rubyman
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350309.
May  8 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session closed for user root
May  8 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5518]: pam_unix(cron:session): session closed for user root
May  8 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for root from 80.94.95.125 port 63856 ssh2
May  8 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for root from 80.94.95.125 port 63856 ssh2
May  8 01:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session closed for user samftp
May  8 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for root from 80.94.95.125 port 63856 ssh2
May  8 01:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Failed password for root from 196.251.84.225 port 37726 ssh2
May  8 01:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8623]: Connection closed by 196.251.84.225 port 37726 [preauth]
May  8 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for root from 80.94.95.125 port 63856 ssh2
May  8 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Failed password for root from 80.94.95.125 port 63856 ssh2
May  8 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Received disconnect from 80.94.95.125 port 63856:11: Bye [preauth]
May  8 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: Disconnected from 80.94.95.125 port 63856 [preauth]
May  8 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 01:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8547]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session closed for user root
May  8 01:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Invalid user samba from 196.251.84.225
May  8 01:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: input_userauth_request: invalid user samba [preauth]
May  8 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Failed password for invalid user samba from 196.251.84.225 port 50796 ssh2
May  8 01:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8830]: Connection closed by 196.251.84.225 port 50796 [preauth]
May  8 01:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 01:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: Failed password for root from 218.92.0.221 port 21944 ssh2
May  8 01:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 21944 ssh2]
May  8 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: Received disconnect from 218.92.0.221 port 21944:11:  [preauth]
May  8 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: Disconnected from 218.92.0.221 port 21944 [preauth]
May  8 01:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8881]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session closed for user p13x
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: Successful su for rubyman by root
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: + ??? root:rubyman
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350311 of user rubyman.
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8982]: pam_unix(su:session): session closed for user rubyman
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350311.
May  8 01:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Invalid user demo from 196.251.84.225
May  8 01:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: input_userauth_request: invalid user demo [preauth]
May  8 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6071]: pam_unix(cron:session): session closed for user root
May  8 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session closed for user samftp
May  8 01:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Failed password for invalid user demo from 196.251.84.225 port 41000 ssh2
May  8 01:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9028]: Connection closed by 196.251.84.225 port 41000 [preauth]
May  8 01:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8009]: pam_unix(cron:session): session closed for user root
May  8 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: Invalid user demo from 196.251.84.225
May  8 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: input_userauth_request: invalid user demo [preauth]
May  8 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: Failed password for invalid user demo from 196.251.84.225 port 59734 ssh2
May  8 01:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9365]: Connection closed by 196.251.84.225 port 59734 [preauth]
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9446]: pam_unix(cron:session): session closed for user p13x
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: Successful su for rubyman by root
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: + ??? root:rubyman
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350314 of user rubyman.
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9511]: pam_unix(su:session): session closed for user rubyman
May  8 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350314.
May  8 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6522]: pam_unix(cron:session): session closed for user root
May  8 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9447]: pam_unix(cron:session): session closed for user samftp
May  8 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Invalid user front from 101.36.122.23
May  8 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: input_userauth_request: invalid user front [preauth]
May  8 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Failed password for root from 196.251.84.225 port 48058 ssh2
May  8 01:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9444]: Connection closed by 196.251.84.225 port 48058 [preauth]
May  8 01:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Failed password for invalid user front from 101.36.122.23 port 52330 ssh2
May  8 01:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Received disconnect from 101.36.122.23 port 52330:11: Bye Bye [preauth]
May  8 01:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9683]: Disconnected from 101.36.122.23 port 52330 [preauth]
May  8 01:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 01:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 80.94.95.125 port 60897 ssh2
May  8 01:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 80.94.95.125 port 60897 ssh2
May  8 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 80.94.95.125 port 60897 ssh2
May  8 01:52:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163  user=root
May  8 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 80.94.95.125 port 60897 ssh2
May  8 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Failed password for root from 23.227.147.163 port 59186 ssh2
May  8 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Received disconnect from 23.227.147.163 port 59186:11: Bye Bye [preauth]
May  8 01:52:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9740]: Disconnected from 23.227.147.163 port 59186 [preauth]
May  8 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for root from 80.94.95.125 port 60897 ssh2
May  8 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Received disconnect from 80.94.95.125 port 60897:11: Bye [preauth]
May  8 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Disconnected from 80.94.95.125 port 60897 [preauth]
May  8 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 01:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8447]: pam_unix(cron:session): session closed for user root
May  8 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Failed password for root from 196.251.84.225 port 35430 ssh2
May  8 01:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9766]: Connection closed by 196.251.84.225 port 35430 [preauth]
May  8 01:53:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user p13x
May  8 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: Successful su for rubyman by root
May  8 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: + ??? root:rubyman
May  8 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350320 of user rubyman.
May  8 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9927]: pam_unix(su:session): session closed for user rubyman
May  8 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350320.
May  8 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Invalid user grafana from 196.251.84.225
May  8 01:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: input_userauth_request: invalid user grafana [preauth]
May  8 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session closed for user root
May  8 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Failed password for invalid user grafana from 196.251.84.225 port 36466 ssh2
May  8 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user samftp
May  8 01:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9854]: Connection closed by 196.251.84.225 port 36466 [preauth]
May  8 01:53:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: Invalid user steam from 196.251.84.225
May  8 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: input_userauth_request: invalid user steam [preauth]
May  8 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: Failed password for invalid user steam from 196.251.84.225 port 34040 ssh2
May  8 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8912]: pam_unix(cron:session): session closed for user root
May  8 01:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10174]: Connection closed by 196.251.84.225 port 34040 [preauth]
May  8 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session closed for user p13x
May  8 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: Successful su for rubyman by root
May  8 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: + ??? root:rubyman
May  8 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350324 of user rubyman.
May  8 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10422]: pam_unix(su:session): session closed for user rubyman
May  8 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350324.
May  8 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user root
May  8 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user samftp
May  8 01:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Invalid user redis from 196.251.84.225
May  8 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: input_userauth_request: invalid user redis [preauth]
May  8 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Failed password for invalid user redis from 196.251.84.225 port 51064 ssh2
May  8 01:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10654]: Connection closed by 196.251.84.225 port 51064 [preauth]
May  8 01:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9450]: pam_unix(cron:session): session closed for user root
May  8 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Invalid user gmod from 196.251.84.225
May  8 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: input_userauth_request: invalid user gmod [preauth]
May  8 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for invalid user gmod from 196.251.84.225 port 55868 ssh2
May  8 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Invalid user cache from 68.183.90.203
May  8 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: input_userauth_request: invalid user cache [preauth]
May  8 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Connection closed by 196.251.84.225 port 55868 [preauth]
May  8 01:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Failed password for invalid user cache from 68.183.90.203 port 53056 ssh2
May  8 01:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Received disconnect from 68.183.90.203 port 53056:11: Bye Bye [preauth]
May  8 01:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10787]: Disconnected from 68.183.90.203 port 53056 [preauth]
May  8 01:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user root
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user p13x
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: Successful su for rubyman by root
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: + ??? root:rubyman
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350326 of user rubyman.
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10910]: pam_unix(su:session): session closed for user rubyman
May  8 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350326.
May  8 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Invalid user vps from 196.251.84.225
May  8 01:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: input_userauth_request: invalid user vps [preauth]
May  8 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10843]: pam_unix(cron:session): session closed for user root
May  8 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8008]: pam_unix(cron:session): session closed for user root
May  8 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user samftp
May  8 01:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Failed password for invalid user vps from 196.251.84.225 port 35444 ssh2
May  8 01:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Connection closed by 196.251.84.225 port 35444 [preauth]
May  8 01:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Invalid user hcc from 223.167.12.225
May  8 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: input_userauth_request: invalid user hcc [preauth]
May  8 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 01:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Failed password for invalid user hcc from 223.167.12.225 port 51732 ssh2
May  8 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Received disconnect from 223.167.12.225 port 51732:11: Bye Bye [preauth]
May  8 01:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11180]: Disconnected from 223.167.12.225 port 51732 [preauth]
May  8 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9869]: pam_unix(cron:session): session closed for user root
May  8 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Invalid user jito from 196.251.84.225
May  8 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: input_userauth_request: invalid user jito [preauth]
May  8 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Failed password for invalid user jito from 196.251.84.225 port 39914 ssh2
May  8 01:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11190]: Connection closed by 196.251.84.225 port 39914 [preauth]
May  8 01:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11270]: pam_unix(cron:session): session closed for user p13x
May  8 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: Successful su for rubyman by root
May  8 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: + ??? root:rubyman
May  8 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350332 of user rubyman.
May  8 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11336]: pam_unix(su:session): session closed for user rubyman
May  8 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350332.
May  8 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Invalid user elasticsearch from 196.251.84.225
May  8 01:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session closed for user root
May  8 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session closed for user samftp
May  8 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Failed password for invalid user elasticsearch from 196.251.84.225 port 59748 ssh2
May  8 01:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Connection closed by 196.251.84.225 port 59748 [preauth]
May  8 01:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10356]: pam_unix(cron:session): session closed for user root
May  8 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: Failed password for root from 196.251.84.225 port 55066 ssh2
May  8 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11589]: Connection closed by 196.251.84.225 port 55066 [preauth]
May  8 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Invalid user admin from 80.94.95.115
May  8 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: input_userauth_request: invalid user admin [preauth]
May  8 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 01:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for invalid user admin from 80.94.95.115 port 45574 ssh2
May  8 01:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Connection closed by 80.94.95.115 port 45574 [preauth]
May  8 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Invalid user mami from 23.227.147.163
May  8 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: input_userauth_request: invalid user mami [preauth]
May  8 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.227.147.163
May  8 01:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Failed password for invalid user mami from 23.227.147.163 port 42922 ssh2
May  8 01:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Received disconnect from 23.227.147.163 port 42922:11: Bye Bye [preauth]
May  8 01:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11638]: Disconnected from 23.227.147.163 port 42922 [preauth]
May  8 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Invalid user samba from 196.251.84.225
May  8 01:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: input_userauth_request: invalid user samba [preauth]
May  8 01:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Failed password for invalid user samba from 196.251.84.225 port 58566 ssh2
May  8 01:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11669]: Connection closed by 196.251.84.225 port 58566 [preauth]
May  8 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11688]: pam_unix(cron:session): session closed for user p13x
May  8 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: Successful su for rubyman by root
May  8 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: + ??? root:rubyman
May  8 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350337 of user rubyman.
May  8 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: pam_unix(su:session): session closed for user rubyman
May  8 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350337.
May  8 01:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: Invalid user art from 101.36.122.23
May  8 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: input_userauth_request: invalid user art [preauth]
May  8 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8911]: pam_unix(cron:session): session closed for user root
May  8 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11689]: pam_unix(cron:session): session closed for user samftp
May  8 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: Failed password for invalid user art from 101.36.122.23 port 60748 ssh2
May  8 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: Received disconnect from 101.36.122.23 port 60748:11: Bye Bye [preauth]
May  8 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11877]: Disconnected from 101.36.122.23 port 60748 [preauth]
May  8 01:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for root from 218.92.0.206 port 14350 ssh2
May  8 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Invalid user solana from 196.251.84.225
May  8 01:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: input_userauth_request: invalid user solana [preauth]
May  8 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for root from 218.92.0.206 port 14350 ssh2
May  8 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Failed password for invalid user solana from 196.251.84.225 port 44142 ssh2
May  8 01:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Connection closed by 196.251.84.225 port 44142 [preauth]
May  8 01:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for root from 218.92.0.206 port 14350 ssh2
May  8 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 14350 ssh2]
May  8 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 14350 ssh2 [preauth]
May  8 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Disconnecting: Too many authentication failures [preauth]
May  8 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 01:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user root
May  8 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Failed password for root from 218.92.0.206 port 32670 ssh2
May  8 01:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 32670 ssh2]
May  8 01:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Failed password for root from 218.92.0.206 port 32670 ssh2
May  8 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Invalid user esroot from 196.251.84.225
May  8 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: input_userauth_request: invalid user esroot [preauth]
May  8 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Failed password for invalid user esroot from 196.251.84.225 port 49380 ssh2
May  8 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12056]: Connection closed by 196.251.84.225 port 49380 [preauth]
May  8 01:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Failed password for root from 218.92.0.206 port 32670 ssh2
May  8 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Failed password for root from 218.92.0.206 port 32670 ssh2
May  8 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 32670 ssh2 [preauth]
May  8 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: Disconnecting: Too many authentication failures [preauth]
May  8 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12025]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 01:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 01:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Failed password for root from 218.92.0.206 port 37586 ssh2
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Received disconnect from 218.92.0.206 port 37586:11:  [preauth]
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Disconnected from 218.92.0.206 port 37586 [preauth]
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session closed for user p13x
May  8 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: Successful su for rubyman by root
May  8 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: + ??? root:rubyman
May  8 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350341 of user rubyman.
May  8 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session closed for user rubyman
May  8 01:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350341.
May  8 01:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9449]: pam_unix(cron:session): session closed for user root
May  8 01:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user samftp
May  8 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: Invalid user admin from 196.251.84.225
May  8 01:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: input_userauth_request: invalid user admin [preauth]
May  8 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: Failed password for invalid user admin from 196.251.84.225 port 36516 ssh2
May  8 01:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12377]: Connection closed by 196.251.84.225 port 36516 [preauth]
May  8 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session closed for user root
May  8 01:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Invalid user apache from 196.251.84.225
May  8 01:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: input_userauth_request: invalid user apache [preauth]
May  8 01:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Failed password for invalid user apache from 196.251.84.225 port 52402 ssh2
May  8 01:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12444]: Connection closed by 196.251.84.225 port 52402 [preauth]
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12494]: pam_unix(cron:session): session closed for user p13x
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: Successful su for rubyman by root
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: + ??? root:rubyman
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350346 of user rubyman.
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12553]: pam_unix(su:session): session closed for user rubyman
May  8 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350346.
May  8 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session closed for user root
May  8 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session closed for user samftp
May  8 01:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Invalid user latitude from 196.251.84.225
May  8 01:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: input_userauth_request: invalid user latitude [preauth]
May  8 01:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Failed password for invalid user latitude from 196.251.84.225 port 52458 ssh2
May  8 01:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12744]: Connection closed by 196.251.84.225 port 52458 [preauth]
May  8 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11691]: pam_unix(cron:session): session closed for user root
May  8 01:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: Invalid user weblogic from 196.251.84.225
May  8 01:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12842]: input_userauth_request: invalid user weblogic [preauth]
May  8 01:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 01:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Invalid user alireza from 68.183.90.203
May  8 01:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: input_userauth_request: invalid user alireza [preauth]
May  8 01:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): check pass; user unknown
May  8 01:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 01:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for invalid user alireza from 68.183.90.203 port 50556 ssh2
May  8 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Received disconnect from 68.183.90.203 port 50556:11: Bye Bye [preauth]
May  8 01:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Disconnected from 68.183.90.203 port 50556 [preauth]
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12898]: pam_unix(cron:session): session closed for user root
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12894]: pam_unix(cron:session): session closed for user root
May  8 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session closed for user p13x
May  8 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: Successful su for rubyman by root
May  8 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: + ??? root:rubyman
May  8 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350354 of user rubyman.
May  8 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: pam_unix(su:session): session closed for user rubyman
May  8 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350354.
May  8 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12895]: pam_unix(cron:session): session closed for user root
May  8 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session closed for user root
May  8 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12893]: pam_unix(cron:session): session closed for user samftp
May  8 02:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Invalid user worker from 196.251.84.225
May  8 02:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: input_userauth_request: invalid user worker [preauth]
May  8 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Failed password for invalid user worker from 196.251.84.225 port 41750 ssh2
May  8 02:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13208]: Connection closed by 196.251.84.225 port 41750 [preauth]
May  8 02:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12089]: pam_unix(cron:session): session closed for user root
May  8 02:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 02:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Failed password for root from 218.92.0.220 port 29732 ssh2
May  8 02:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Failed password for root from 218.92.0.220 port 29732 ssh2
May  8 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Failed password for root from 218.92.0.220 port 29732 ssh2
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Invalid user git from 46.244.96.25
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: input_userauth_request: invalid user git [preauth]
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Received disconnect from 218.92.0.220 port 29732:11:  [preauth]
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Disconnected from 218.92.0.220 port 29732 [preauth]
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Invalid user redis from 196.251.84.225
May  8 02:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: input_userauth_request: invalid user redis [preauth]
May  8 02:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for invalid user git from 46.244.96.25 port 47008 ssh2
May  8 02:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Connection closed by 46.244.96.25 port 47008 [preauth]
May  8 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Failed password for invalid user redis from 196.251.84.225 port 36410 ssh2
May  8 02:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13356]: Connection closed by 196.251.84.225 port 36410 [preauth]
May  8 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13400]: pam_unix(cron:session): session closed for user p13x
May  8 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13564]: Successful su for rubyman by root
May  8 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13564]: + ??? root:rubyman
May  8 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350355 of user rubyman.
May  8 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13564]: pam_unix(su:session): session closed for user rubyman
May  8 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350355.
May  8 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10844]: pam_unix(cron:session): session closed for user root
May  8 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13401]: pam_unix(cron:session): session closed for user samftp
May  8 02:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Invalid user vps from 196.251.84.225
May  8 02:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: input_userauth_request: invalid user vps [preauth]
May  8 02:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Failed password for invalid user vps from 196.251.84.225 port 55544 ssh2
May  8 02:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13761]: Connection closed by 196.251.84.225 port 55544 [preauth]
May  8 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session closed for user root
May  8 02:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Invalid user nvidia from 196.251.84.225
May  8 02:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: input_userauth_request: invalid user nvidia [preauth]
May  8 02:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Failed password for invalid user nvidia from 196.251.84.225 port 34702 ssh2
May  8 02:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13850]: Connection closed by 196.251.84.225 port 34702 [preauth]
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13910]: pam_unix(cron:session): session closed for user p13x
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: Successful su for rubyman by root
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: + ??? root:rubyman
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350360 of user rubyman.
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13972]: pam_unix(su:session): session closed for user rubyman
May  8 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350360.
May  8 02:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session closed for user root
May  8 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13911]: pam_unix(cron:session): session closed for user samftp
May  8 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Invalid user kk from 101.36.122.23
May  8 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: input_userauth_request: invalid user kk [preauth]
May  8 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Failed password for invalid user kk from 101.36.122.23 port 50746 ssh2
May  8 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Received disconnect from 101.36.122.23 port 50746:11: Bye Bye [preauth]
May  8 02:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14145]: Disconnected from 101.36.122.23 port 50746 [preauth]
May  8 02:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Failed password for root from 196.251.84.225 port 32800 ssh2
May  8 02:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Connection closed by 196.251.84.225 port 32800 [preauth]
May  8 02:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Invalid user shiny from 43.156.17.35
May  8 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: input_userauth_request: invalid user shiny [preauth]
May  8 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Bad protocol version identification 'GET / HTTP/1.1' from 64.227.101.234 port 44972
May  8 02:02:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Failed password for invalid user shiny from 43.156.17.35 port 43022 ssh2
May  8 02:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Received disconnect from 43.156.17.35 port 43022:11: Bye Bye [preauth]
May  8 02:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14222]: Disconnected from 43.156.17.35 port 43022 [preauth]
May  8 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12897]: pam_unix(cron:session): session closed for user root
May  8 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: Invalid user sftp from 196.251.84.225
May  8 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: input_userauth_request: invalid user sftp [preauth]
May  8 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: Failed password for invalid user sftp from 196.251.84.225 port 40594 ssh2
May  8 02:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14246]: Connection closed by 196.251.84.225 port 40594 [preauth]
May  8 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14316]: pam_unix(cron:session): session closed for user p13x
May  8 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: Successful su for rubyman by root
May  8 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: + ??? root:rubyman
May  8 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350366 of user rubyman.
May  8 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14383]: pam_unix(su:session): session closed for user rubyman
May  8 02:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350366.
May  8 02:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11690]: pam_unix(cron:session): session closed for user root
May  8 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: Invalid user dolphinscheduler from 196.251.84.225
May  8 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14317]: pam_unix(cron:session): session closed for user samftp
May  8 02:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 57900 ssh2
May  8 02:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14459]: Connection closed by 196.251.84.225 port 57900 [preauth]
May  8 02:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Invalid user test from 80.94.95.115
May  8 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: input_userauth_request: invalid user test [preauth]
May  8 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 02:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Failed password for invalid user test from 80.94.95.115 port 52860 ssh2
May  8 02:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14637]: Connection closed by 80.94.95.115 port 52860 [preauth]
May  8 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13403]: pam_unix(cron:session): session closed for user root
May  8 02:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Failed password for root from 196.251.84.225 port 58850 ssh2
May  8 02:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14675]: Connection closed by 196.251.84.225 port 58850 [preauth]
May  8 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14736]: pam_unix(cron:session): session closed for user p13x
May  8 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14795]: Successful su for rubyman by root
May  8 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14795]: + ??? root:rubyman
May  8 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350369 of user rubyman.
May  8 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14795]: pam_unix(su:session): session closed for user rubyman
May  8 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350369.
May  8 02:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user root
May  8 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Invalid user mapr from 196.251.84.225
May  8 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: input_userauth_request: invalid user mapr [preauth]
May  8 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14737]: pam_unix(cron:session): session closed for user samftp
May  8 02:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Failed password for invalid user mapr from 196.251.84.225 port 32958 ssh2
May  8 02:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14847]: Connection closed by 196.251.84.225 port 32958 [preauth]
May  8 02:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13913]: pam_unix(cron:session): session closed for user root
May  8 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: Invalid user admin from 196.251.84.225
May  8 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: input_userauth_request: invalid user admin [preauth]
May  8 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: Failed password for invalid user admin from 196.251.84.225 port 42116 ssh2
May  8 02:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15055]: Connection closed by 196.251.84.225 port 42116 [preauth]
May  8 02:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Invalid user suhail from 68.183.90.203
May  8 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: input_userauth_request: invalid user suhail [preauth]
May  8 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Failed password for invalid user suhail from 68.183.90.203 port 49292 ssh2
May  8 02:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Received disconnect from 68.183.90.203 port 49292:11: Bye Bye [preauth]
May  8 02:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15124]: Disconnected from 68.183.90.203 port 49292 [preauth]
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15148]: pam_unix(cron:session): session closed for user root
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15143]: pam_unix(cron:session): session closed for user p13x
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15211]: Successful su for rubyman by root
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15211]: + ??? root:rubyman
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350374 of user rubyman.
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15211]: pam_unix(su:session): session closed for user rubyman
May  8 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350374.
May  8 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15145]: pam_unix(cron:session): session closed for user root
May  8 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user root
May  8 02:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15144]: pam_unix(cron:session): session closed for user samftp
May  8 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Failed password for root from 196.251.84.225 port 56194 ssh2
May  8 02:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15253]: Connection closed by 196.251.84.225 port 56194 [preauth]
May  8 02:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: Invalid user ubuntu from 223.167.12.225
May  8 02:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: input_userauth_request: invalid user ubuntu [preauth]
May  8 02:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: Failed password for invalid user ubuntu from 223.167.12.225 port 42878 ssh2
May  8 02:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: Received disconnect from 223.167.12.225 port 42878:11: Bye Bye [preauth]
May  8 02:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15450]: Disconnected from 223.167.12.225 port 42878 [preauth]
May  8 02:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14319]: pam_unix(cron:session): session closed for user root
May  8 02:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225  user=root
May  8 02:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Failed password for root from 223.167.12.225 port 46930 ssh2
May  8 02:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Received disconnect from 223.167.12.225 port 46930:11: Bye Bye [preauth]
May  8 02:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15527]: Disconnected from 223.167.12.225 port 46930 [preauth]
May  8 02:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Failed password for root from 196.251.84.225 port 44710 ssh2
May  8 02:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Connection closed by 196.251.84.225 port 44710 [preauth]
May  8 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 02:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:8.219.111.124
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15584]: pam_unix(cron:session): session closed for user p13x
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: Successful su for rubyman by root
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: + ??? root:rubyman
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350377 of user rubyman.
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15649]: pam_unix(su:session): session closed for user rubyman
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350377.
May  8 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Invalid user nagios from 196.251.84.225
May  8 02:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: input_userauth_request: invalid user nagios [preauth]
May  8 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12896]: pam_unix(cron:session): session closed for user root
May  8 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session closed for user samftp
May  8 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Failed password for invalid user nagios from 196.251.84.225 port 53822 ssh2
May  8 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Connection closed by 196.251.84.225 port 53822 [preauth]
May  8 02:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 02:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15888]: Failed password for root from 218.92.0.230 port 49232 ssh2
May  8 02:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225  user=root
May  8 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Failed password for root from 223.167.12.225 port 55190 ssh2
May  8 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Received disconnect from 223.167.12.225 port 55190:11: Bye Bye [preauth]
May  8 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15909]: Disconnected from 223.167.12.225 port 55190 [preauth]
May  8 02:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14739]: pam_unix(cron:session): session closed for user root
May  8 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Invalid user elsearch from 196.251.84.225
May  8 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: input_userauth_request: invalid user elsearch [preauth]
May  8 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Failed password for invalid user elsearch from 196.251.84.225 port 46432 ssh2
May  8 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15905]: Connection closed by 196.251.84.225 port 46432 [preauth]
May  8 02:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Invalid user git from 110.164.228.242
May  8 02:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: input_userauth_request: invalid user git [preauth]
May  8 02:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 02:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Failed password for invalid user git from 110.164.228.242 port 54598 ssh2
May  8 02:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Received disconnect from 110.164.228.242 port 54598:11: Bye Bye [preauth]
May  8 02:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15946]: Disconnected from 110.164.228.242 port 54598 [preauth]
May  8 02:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: Invalid user di from 101.36.122.23
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: input_userauth_request: invalid user di [preauth]
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.122.23
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16003]: pam_unix(cron:session): session closed for user p13x
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: Successful su for rubyman by root
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: + ??? root:rubyman
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350381 of user rubyman.
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16065]: pam_unix(su:session): session closed for user rubyman
May  8 02:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350381.
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: Failed password for invalid user di from 101.36.122.23 port 43904 ssh2
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: Received disconnect from 101.36.122.23 port 43904:11: Bye Bye [preauth]
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: Disconnected from 101.36.122.23 port 43904 [preauth]
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Invalid user ldap from 196.251.84.225
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: input_userauth_request: invalid user ldap [preauth]
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Invalid user dcc from 50.235.31.47
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: input_userauth_request: invalid user dcc [preauth]
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13402]: pam_unix(cron:session): session closed for user root
May  8 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Failed password for invalid user dcc from 50.235.31.47 port 46168 ssh2
May  8 02:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16063]: Connection closed by 50.235.31.47 port 46168 [preauth]
May  8 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16004]: pam_unix(cron:session): session closed for user samftp
May  8 02:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for invalid user ldap from 196.251.84.225 port 35890 ssh2
May  8 02:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Connection closed by 196.251.84.225 port 35890 [preauth]
May  8 02:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Invalid user mass from 223.167.12.225
May  8 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: input_userauth_request: invalid user mass [preauth]
May  8 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Failed password for invalid user mass from 223.167.12.225 port 34824 ssh2
May  8 02:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Received disconnect from 223.167.12.225 port 34824:11: Bye Bye [preauth]
May  8 02:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16272]: Disconnected from 223.167.12.225 port 34824 [preauth]
May  8 02:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15147]: pam_unix(cron:session): session closed for user root
May  8 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Invalid user sftp from 196.251.84.225
May  8 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: input_userauth_request: invalid user sftp [preauth]
May  8 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Failed password for invalid user sftp from 196.251.84.225 port 55216 ssh2
May  8 02:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Invalid user js from 223.167.12.225
May  8 02:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: input_userauth_request: invalid user js [preauth]
May  8 02:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for invalid user js from 223.167.12.225 port 38790 ssh2
May  8 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Received disconnect from 223.167.12.225 port 38790:11: Bye Bye [preauth]
May  8 02:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Disconnected from 223.167.12.225 port 38790 [preauth]
May  8 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16387]: pam_unix(cron:session): session closed for user p13x
May  8 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16461]: Successful su for rubyman by root
May  8 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16461]: + ??? root:rubyman
May  8 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350386 of user rubyman.
May  8 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16461]: pam_unix(su:session): session closed for user rubyman
May  8 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350386.
May  8 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Invalid user dolphinscheduler from 196.251.84.225
May  8 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13912]: pam_unix(cron:session): session closed for user root
May  8 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16302]: Connection closed by 196.251.84.225 port 55216 [preauth]
May  8 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 46016 ssh2
May  8 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16388]: pam_unix(cron:session): session closed for user samftp
May  8 02:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16385]: Connection closed by 196.251.84.225 port 46016 [preauth]
May  8 02:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: Invalid user user from 223.167.12.225
May  8 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: input_userauth_request: invalid user user [preauth]
May  8 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: Failed password for invalid user user from 223.167.12.225 port 42786 ssh2
May  8 02:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: Received disconnect from 223.167.12.225 port 42786:11: Bye Bye [preauth]
May  8 02:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16692]: Disconnected from 223.167.12.225 port 42786 [preauth]
May  8 02:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user root
May  8 02:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Invalid user dominic from 223.167.12.225
May  8 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: input_userauth_request: invalid user dominic [preauth]
May  8 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Failed password for invalid user dominic from 223.167.12.225 port 47400 ssh2
May  8 02:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Received disconnect from 223.167.12.225 port 47400:11: Bye Bye [preauth]
May  8 02:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16797]: Disconnected from 223.167.12.225 port 47400 [preauth]
May  8 02:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16849]: pam_unix(cron:session): session closed for user p13x
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17002]: Successful su for rubyman by root
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17002]: + ??? root:rubyman
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350390 of user rubyman.
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17002]: pam_unix(su:session): session closed for user rubyman
May  8 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350390.
May  8 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16847]: pam_unix(cron:session): session closed for user root
May  8 02:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14318]: pam_unix(cron:session): session closed for user root
May  8 02:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16845]: Failed password for root from 196.251.84.225 port 58974 ssh2
May  8 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16850]: pam_unix(cron:session): session closed for user samftp
May  8 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16845]: Connection closed by 196.251.84.225 port 58974 [preauth]
May  8 02:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225  user=root
May  8 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Failed password for root from 223.167.12.225 port 54880 ssh2
May  8 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Received disconnect from 223.167.12.225 port 54880:11: Bye Bye [preauth]
May  8 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17283]: Disconnected from 223.167.12.225 port 54880 [preauth]
May  8 02:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16006]: pam_unix(cron:session): session closed for user root
May  8 02:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Invalid user elk from 196.251.84.225
May  8 02:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: input_userauth_request: invalid user elk [preauth]
May  8 02:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user elk from 196.251.84.225 port 57354 ssh2
May  8 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Connection closed by 196.251.84.225 port 57354 [preauth]
May  8 02:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Invalid user roo from 223.167.12.225
May  8 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: input_userauth_request: invalid user roo [preauth]
May  8 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Failed password for invalid user roo from 223.167.12.225 port 59224 ssh2
May  8 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Received disconnect from 223.167.12.225 port 59224:11: Bye Bye [preauth]
May  8 02:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17360]: Disconnected from 223.167.12.225 port 59224 [preauth]
May  8 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Invalid user dipesh from 68.183.90.203
May  8 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: input_userauth_request: invalid user dipesh [preauth]
May  8 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Failed password for invalid user dipesh from 68.183.90.203 port 46154 ssh2
May  8 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Received disconnect from 68.183.90.203 port 46154:11: Bye Bye [preauth]
May  8 02:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17362]: Disconnected from 68.183.90.203 port 46154 [preauth]
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Invalid user ftpuser from 196.251.84.225
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: input_userauth_request: invalid user ftpuser [preauth]
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session closed for user root
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17376]: pam_unix(cron:session): session closed for user p13x
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: Successful su for rubyman by root
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: + ??? root:rubyman
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350394 of user rubyman.
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17447]: pam_unix(su:session): session closed for user rubyman
May  8 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350394.
May  8 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Failed password for invalid user ftpuser from 196.251.84.225 port 40162 ssh2
May  8 02:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17373]: Connection closed by 196.251.84.225 port 40162 [preauth]
May  8 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17378]: pam_unix(cron:session): session closed for user root
May  8 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14738]: pam_unix(cron:session): session closed for user root
May  8 02:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user samftp
May  8 02:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: Invalid user sampsa from 223.167.12.225
May  8 02:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: input_userauth_request: invalid user sampsa [preauth]
May  8 02:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225
May  8 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: Failed password for invalid user sampsa from 223.167.12.225 port 34656 ssh2
May  8 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: Received disconnect from 223.167.12.225 port 34656:11: Bye Bye [preauth]
May  8 02:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17716]: Disconnected from 223.167.12.225 port 34656 [preauth]
May  8 02:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 02:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: Invalid user vagrant from 196.251.84.225
May  8 02:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: input_userauth_request: invalid user vagrant [preauth]
May  8 02:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Failed password for root from 218.92.0.237 port 23606 ssh2
May  8 02:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Failed password for root from 218.92.0.237 port 23606 ssh2
May  8 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16390]: pam_unix(cron:session): session closed for user root
May  8 02:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: Failed password for invalid user vagrant from 196.251.84.225 port 38350 ssh2
May  8 02:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17740]: Connection closed by 196.251.84.225 port 38350 [preauth]
May  8 02:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Failed password for root from 218.92.0.237 port 23606 ssh2
May  8 02:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Received disconnect from 218.92.0.237 port 23606:11:  [preauth]
May  8 02:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: Disconnected from 218.92.0.237 port 23606 [preauth]
May  8 02:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17743]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 02:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 02:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Failed password for root from 43.156.17.35 port 33110 ssh2
May  8 02:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Received disconnect from 43.156.17.35 port 33110:11: Bye Bye [preauth]
May  8 02:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17896]: Disconnected from 43.156.17.35 port 33110 [preauth]
May  8 02:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.167.12.225  user=root
May  8 02:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Failed password for root from 223.167.12.225 port 39224 ssh2
May  8 02:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Received disconnect from 223.167.12.225 port 39224:11: Bye Bye [preauth]
May  8 02:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17921]: Disconnected from 223.167.12.225 port 39224 [preauth]
May  8 02:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: Invalid user esuser from 196.251.84.225
May  8 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: input_userauth_request: invalid user esuser [preauth]
May  8 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17956]: pam_unix(cron:session): session closed for user p13x
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18028]: Successful su for rubyman by root
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18028]: + ??? root:rubyman
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350403 of user rubyman.
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18028]: pam_unix(su:session): session closed for user rubyman
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350403.
May  8 02:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: Failed password for invalid user esuser from 196.251.84.225 port 32992 ssh2
May  8 02:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15146]: pam_unix(cron:session): session closed for user root
May  8 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17957]: pam_unix(cron:session): session closed for user samftp
May  8 02:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17936]: Connection closed by 196.251.84.225 port 32992 [preauth]
May  8 02:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Invalid user opc from 196.251.84.225
May  8 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: input_userauth_request: invalid user opc [preauth]
May  8 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Failed password for invalid user opc from 196.251.84.225 port 36560 ssh2
May  8 02:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18273]: Connection closed by 196.251.84.225 port 36560 [preauth]
May  8 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16852]: pam_unix(cron:session): session closed for user root
May  8 02:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: Invalid user omsagent from 196.251.84.225
May  8 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: input_userauth_request: invalid user omsagent [preauth]
May  8 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: Failed password for invalid user omsagent from 196.251.84.225 port 58584 ssh2
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18380]: pam_unix(cron:session): session closed for user p13x
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: Connection closed by 196.251.84.225 port 58584 [preauth]
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18449]: Successful su for rubyman by root
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18449]: + ??? root:rubyman
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350406 of user rubyman.
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18449]: pam_unix(su:session): session closed for user rubyman
May  8 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350406.
May  8 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15586]: pam_unix(cron:session): session closed for user root
May  8 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18381]: pam_unix(cron:session): session closed for user samftp
May  8 02:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Failed password for root from 196.251.84.225 port 39592 ssh2
May  8 02:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18671]: Connection closed by 196.251.84.225 port 39592 [preauth]
May  8 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session closed for user root
May  8 02:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Invalid user mass from 110.164.228.242
May  8 02:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: input_userauth_request: invalid user mass [preauth]
May  8 02:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Failed password for invalid user mass from 110.164.228.242 port 48928 ssh2
May  8 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Received disconnect from 110.164.228.242 port 48928:11: Bye Bye [preauth]
May  8 02:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18757]: Disconnected from 110.164.228.242 port 48928 [preauth]
May  8 02:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Invalid user tom from 196.251.84.225
May  8 02:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: input_userauth_request: invalid user tom [preauth]
May  8 02:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Failed password for invalid user tom from 196.251.84.225 port 42024 ssh2
May  8 02:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18774]: Connection closed by 196.251.84.225 port 42024 [preauth]
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18795]: pam_unix(cron:session): session closed for user p13x
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: Successful su for rubyman by root
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: + ??? root:rubyman
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350408 of user rubyman.
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18858]: pam_unix(su:session): session closed for user rubyman
May  8 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350408.
May  8 02:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16005]: pam_unix(cron:session): session closed for user root
May  8 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18797]: pam_unix(cron:session): session closed for user samftp
May  8 02:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: Failed password for root from 196.251.84.225 port 37378 ssh2
May  8 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19108]: Connection closed by 196.251.84.225 port 37378 [preauth]
May  8 02:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17959]: pam_unix(cron:session): session closed for user root
May  8 02:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Invalid user testuser from 196.251.84.225
May  8 02:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: input_userauth_request: invalid user testuser [preauth]
May  8 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Failed password for invalid user testuser from 196.251.84.225 port 55256 ssh2
May  8 02:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Connection closed by 196.251.84.225 port 55256 [preauth]
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19197]: pam_unix(cron:session): session closed for user p13x
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: Successful su for rubyman by root
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: + ??? root:rubyman
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350412 of user rubyman.
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: pam_unix(su:session): session closed for user rubyman
May  8 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350412.
May  8 02:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16389]: pam_unix(cron:session): session closed for user root
May  8 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19198]: pam_unix(cron:session): session closed for user samftp
May  8 02:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Invalid user fil from 196.251.84.225
May  8 02:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: input_userauth_request: invalid user fil [preauth]
May  8 02:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Failed password for invalid user fil from 196.251.84.225 port 52888 ssh2
May  8 02:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Connection closed by 196.251.84.225 port 52888 [preauth]
May  8 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18384]: pam_unix(cron:session): session closed for user root
May  8 02:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: Invalid user terraria from 196.251.84.225
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: input_userauth_request: invalid user terraria [preauth]
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Invalid user admin from 80.94.95.112
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: input_userauth_request: invalid user admin [preauth]
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 02:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: Failed password for invalid user terraria from 196.251.84.225 port 34952 ssh2
May  8 02:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user admin from 80.94.95.112 port 19265 ssh2
May  8 02:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19587]: Connection closed by 196.251.84.225 port 34952 [preauth]
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user admin from 80.94.95.112 port 19265 ssh2
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session closed for user root
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19628]: pam_unix(cron:session): session closed for user p13x
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: Successful su for rubyman by root
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: + ??? root:rubyman
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350421 of user rubyman.
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19708]: pam_unix(su:session): session closed for user rubyman
May  8 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350421.
May  8 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user admin from 80.94.95.112 port 19265 ssh2
May  8 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user root
May  8 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16851]: pam_unix(cron:session): session closed for user root
May  8 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user admin from 80.94.95.112 port 19265 ssh2
May  8 02:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Invalid user nana from 68.183.90.203
May  8 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: input_userauth_request: invalid user nana [preauth]
May  8 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session closed for user samftp
May  8 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Failed password for invalid user admin from 80.94.95.112 port 19265 ssh2
May  8 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Received disconnect from 80.94.95.112 port 19265:11: Bye [preauth]
May  8 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: Disconnected from 80.94.95.112 port 19265 [preauth]
May  8 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 02:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19601]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 02:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Failed password for invalid user nana from 68.183.90.203 port 59894 ssh2
May  8 02:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Received disconnect from 68.183.90.203 port 59894:11: Bye Bye [preauth]
May  8 02:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19885]: Disconnected from 68.183.90.203 port 59894 [preauth]
May  8 02:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Invalid user deepspeed from 196.251.84.225
May  8 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: input_userauth_request: invalid user deepspeed [preauth]
May  8 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Failed password for invalid user deepspeed from 196.251.84.225 port 33310 ssh2
May  8 02:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: Invalid user operator from 85.208.84.4
May  8 02:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: input_userauth_request: invalid user operator [preauth]
May  8 02:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: Failed none for invalid user operator from 85.208.84.4 port 33080 ssh2
May  8 02:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Connection closed by 196.251.84.225 port 33310 [preauth]
May  8 02:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19951]: Connection closed by 85.208.84.4 port 33080 [preauth]
May  8 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18800]: pam_unix(cron:session): session closed for user root
May  8 02:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Invalid user zookeeper from 196.251.84.225
May  8 02:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: input_userauth_request: invalid user zookeeper [preauth]
May  8 02:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Failed password for invalid user zookeeper from 196.251.84.225 port 56010 ssh2
May  8 02:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20052]: Connection closed by 196.251.84.225 port 56010 [preauth]
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user p13x
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20154]: Successful su for rubyman by root
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20154]: + ??? root:rubyman
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350422 of user rubyman.
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20154]: pam_unix(su:session): session closed for user rubyman
May  8 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350422.
May  8 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17379]: pam_unix(cron:session): session closed for user root
May  8 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user samftp
May  8 02:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Invalid user diogo from 43.156.17.35
May  8 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: input_userauth_request: invalid user diogo [preauth]
May  8 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 02:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Failed password for invalid user diogo from 43.156.17.35 port 51142 ssh2
May  8 02:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Received disconnect from 43.156.17.35 port 51142:11: Bye Bye [preauth]
May  8 02:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20333]: Disconnected from 43.156.17.35 port 51142 [preauth]
May  8 02:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Failed password for root from 196.251.84.225 port 55578 ssh2
May  8 02:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20358]: Connection closed by 196.251.84.225 port 55578 [preauth]
May  8 02:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Invalid user automak from 193.70.84.184
May  8 02:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: input_userauth_request: invalid user automak [preauth]
May  8 02:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 02:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Failed password for invalid user automak from 193.70.84.184 port 36362 ssh2
May  8 02:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20399]: Connection closed by 193.70.84.184 port 36362 [preauth]
May  8 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19200]: pam_unix(cron:session): session closed for user root
May  8 02:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Invalid user jumpserver from 196.251.84.225
May  8 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: input_userauth_request: invalid user jumpserver [preauth]
May  8 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Failed password for invalid user jumpserver from 196.251.84.225 port 35174 ssh2
May  8 02:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Connection closed by 196.251.84.225 port 35174 [preauth]
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20498]: pam_unix(cron:session): session closed for user root
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20500]: pam_unix(cron:session): session closed for user p13x
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20564]: Successful su for rubyman by root
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20564]: + ??? root:rubyman
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350428 of user rubyman.
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20564]: pam_unix(su:session): session closed for user rubyman
May  8 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350428.
May  8 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17958]: pam_unix(cron:session): session closed for user root
May  8 02:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20501]: pam_unix(cron:session): session closed for user samftp
May  8 02:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: Invalid user chain from 196.251.84.225
May  8 02:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: input_userauth_request: invalid user chain [preauth]
May  8 02:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: Failed password for invalid user chain from 196.251.84.225 port 47900 ssh2
May  8 02:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20759]: Connection closed by 196.251.84.225 port 47900 [preauth]
May  8 02:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session closed for user root
May  8 02:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Invalid user odoo from 196.251.84.225
May  8 02:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: input_userauth_request: invalid user odoo [preauth]
May  8 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20929]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20928]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20928]: pam_unix(cron:session): session closed for user p13x
May  8 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20987]: Successful su for rubyman by root
May  8 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20987]: + ??? root:rubyman
May  8 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20987]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350432 of user rubyman.
May  8 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20987]: pam_unix(su:session): session closed for user rubyman
May  8 02:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350432.
May  8 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18383]: pam_unix(cron:session): session closed for user root
May  8 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20929]: pam_unix(cron:session): session closed for user samftp
May  8 02:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Failed password for invalid user odoo from 196.251.84.225 port 47388 ssh2
May  8 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20869]: Connection closed by 196.251.84.225 port 47388 [preauth]
May  8 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: Invalid user redis from 196.251.84.225
May  8 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: input_userauth_request: invalid user redis [preauth]
May  8 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: Failed password for invalid user redis from 196.251.84.225 port 43054 ssh2
May  8 02:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21190]: Connection closed by 196.251.84.225 port 43054 [preauth]
May  8 02:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: Failed password for root from 110.164.228.242 port 56234 ssh2
May  8 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: Received disconnect from 110.164.228.242 port 56234:11: Bye Bye [preauth]
May  8 02:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21218]: Disconnected from 110.164.228.242 port 56234 [preauth]
May  8 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user root
May  8 02:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session closed for user p13x
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: Successful su for rubyman by root
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: + ??? root:rubyman
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350436 of user rubyman.
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session closed for user rubyman
May  8 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350436.
May  8 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18799]: pam_unix(cron:session): session closed for user root
May  8 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session closed for user samftp
May  8 02:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Invalid user lighthouse from 190.103.202.7
May  8 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: input_userauth_request: invalid user lighthouse [preauth]
May  8 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Invalid user elasticsearch from 196.251.84.225
May  8 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Failed password for invalid user lighthouse from 190.103.202.7 port 59816 ssh2
May  8 02:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Connection closed by 190.103.202.7 port 59816 [preauth]
May  8 02:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Failed password for invalid user elasticsearch from 196.251.84.225 port 58146 ssh2
May  8 02:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21634]: Connection closed by 196.251.84.225 port 58146 [preauth]
May  8 02:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20503]: pam_unix(cron:session): session closed for user root
May  8 02:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 02:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Failed password for root from 218.92.0.221 port 12914 ssh2
May  8 02:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 12914 ssh2]
May  8 02:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Received disconnect from 218.92.0.221 port 12914:11:  [preauth]
May  8 02:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: Disconnected from 218.92.0.221 port 12914 [preauth]
May  8 02:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21713]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Invalid user solr from 196.251.84.225
May  8 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: input_userauth_request: invalid user solr [preauth]
May  8 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:19:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Failed password for invalid user solr from 196.251.84.225 port 42082 ssh2
May  8 02:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21846]: Connection closed by 196.251.84.225 port 42082 [preauth]
May  8 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Invalid user mapr from 196.251.84.225
May  8 02:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: input_userauth_request: invalid user mapr [preauth]
May  8 02:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Failed password for invalid user mapr from 196.251.84.225 port 49142 ssh2
May  8 02:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21338]: Connection closed by 196.251.84.225 port 49142 [preauth]
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22084]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user root
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22083]: pam_unix(cron:session): session closed for user p13x
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: Successful su for rubyman by root
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: + ??? root:rubyman
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350440 of user rubyman.
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22161]: pam_unix(su:session): session closed for user rubyman
May  8 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350440.
May  8 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session closed for user root
May  8 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19199]: pam_unix(cron:session): session closed for user root
May  8 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22084]: pam_unix(cron:session): session closed for user samftp
May  8 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Invalid user superv from 68.183.90.203
May  8 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: input_userauth_request: invalid user superv [preauth]
May  8 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Failed password for invalid user superv from 68.183.90.203 port 57448 ssh2
May  8 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Received disconnect from 68.183.90.203 port 57448:11: Bye Bye [preauth]
May  8 02:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22398]: Disconnected from 68.183.90.203 port 57448 [preauth]
May  8 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Invalid user satisfactory from 196.251.84.225
May  8 02:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: input_userauth_request: invalid user satisfactory [preauth]
May  8 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Failed password for invalid user satisfactory from 196.251.84.225 port 60202 ssh2
May  8 02:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22424]: Connection closed by 196.251.84.225 port 60202 [preauth]
May  8 02:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20931]: pam_unix(cron:session): session closed for user root
May  8 02:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Failed password for root from 196.251.84.225 port 50262 ssh2
May  8 02:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22544]: Connection closed by 196.251.84.225 port 50262 [preauth]
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22597]: pam_unix(cron:session): session closed for user p13x
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: Successful su for rubyman by root
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: + ??? root:rubyman
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350447 of user rubyman.
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22666]: pam_unix(su:session): session closed for user rubyman
May  8 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350447.
May  8 02:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session closed for user root
May  8 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22598]: pam_unix(cron:session): session closed for user samftp
May  8 02:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Invalid user data from 196.251.84.225
May  8 02:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: input_userauth_request: invalid user data [preauth]
May  8 02:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Failed password for invalid user data from 196.251.84.225 port 45088 ssh2
May  8 02:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22914]: Connection closed by 196.251.84.225 port 45088 [preauth]
May  8 02:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Invalid user dev from 43.156.17.35
May  8 02:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: input_userauth_request: invalid user dev [preauth]
May  8 02:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 02:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Failed password for invalid user dev from 43.156.17.35 port 40068 ssh2
May  8 02:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Received disconnect from 43.156.17.35 port 40068:11: Bye Bye [preauth]
May  8 02:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22975]: Disconnected from 43.156.17.35 port 40068 [preauth]
May  8 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21370]: pam_unix(cron:session): session closed for user root
May  8 02:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Invalid user centos from 196.251.84.225
May  8 02:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: input_userauth_request: invalid user centos [preauth]
May  8 02:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Failed password for invalid user centos from 196.251.84.225 port 58704 ssh2
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23070]: pam_unix(cron:session): session closed for user p13x
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23047]: Connection closed by 196.251.84.225 port 58704 [preauth]
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: Successful su for rubyman by root
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: + ??? root:rubyman
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350449 of user rubyman.
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23136]: pam_unix(su:session): session closed for user rubyman
May  8 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350449.
May  8 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session closed for user root
May  8 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session closed for user samftp
May  8 02:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Invalid user dolphinscheduler from 196.251.84.225
May  8 02:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 37642 ssh2
May  8 02:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23331]: Connection closed by 196.251.84.225 port 37642 [preauth]
May  8 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user root
May  8 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Invalid user amp from 196.251.84.225
May  8 02:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: input_userauth_request: invalid user amp [preauth]
May  8 02:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Failed password for invalid user amp from 196.251.84.225 port 56392 ssh2
May  8 02:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23503]: Connection closed by 196.251.84.225 port 56392 [preauth]
May  8 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23579]: pam_unix(cron:session): session closed for user p13x
May  8 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: Successful su for rubyman by root
May  8 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: + ??? root:rubyman
May  8 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350453 of user rubyman.
May  8 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23647]: pam_unix(su:session): session closed for user rubyman
May  8 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350453.
May  8 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: Invalid user nexus from 196.251.84.225
May  8 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: input_userauth_request: invalid user nexus [preauth]
May  8 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20502]: pam_unix(cron:session): session closed for user root
May  8 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: Failed password for invalid user nexus from 196.251.84.225 port 39774 ssh2
May  8 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23580]: pam_unix(cron:session): session closed for user samftp
May  8 02:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23576]: Connection closed by 196.251.84.225 port 39774 [preauth]
May  8 02:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Invalid user ubuntu from 196.251.84.225
May  8 02:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: input_userauth_request: invalid user ubuntu [preauth]
May  8 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22600]: pam_unix(cron:session): session closed for user root
May  8 02:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Failed password for invalid user ubuntu from 196.251.84.225 port 43248 ssh2
May  8 02:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24018]: Connection closed by 196.251.84.225 port 43248 [preauth]
May  8 02:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.145.241  user=root
May  8 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Failed password for root from 186.96.145.241 port 54402 ssh2
May  8 02:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24078]: Connection closed by 186.96.145.241 port 54402 [preauth]
May  8 02:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Invalid user dominic from 110.164.228.242
May  8 02:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: input_userauth_request: invalid user dominic [preauth]
May  8 02:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 02:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Failed password for invalid user dominic from 110.164.228.242 port 40202 ssh2
May  8 02:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Received disconnect from 110.164.228.242 port 40202:11: Bye Bye [preauth]
May  8 02:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24098]: Disconnected from 110.164.228.242 port 40202 [preauth]
May  8 02:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24111]: pam_unix(cron:session): session closed for user p13x
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24174]: Successful su for rubyman by root
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24174]: + ??? root:rubyman
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350458 of user rubyman.
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24174]: pam_unix(su:session): session closed for user rubyman
May  8 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350458.
May  8 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24100]: Failed password for root from 196.251.84.225 port 56794 ssh2
May  8 02:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24100]: Connection closed by 196.251.84.225 port 56794 [preauth]
May  8 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session closed for user root
May  8 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session closed for user samftp
May  8 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24395]: Did not receive identification string from 193.32.162.185
May  8 02:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for root from 80.94.95.125 port 50906 ssh2
May  8 02:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 50906 ssh2]
May  8 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Failed password for root from 80.94.95.125 port 50906 ssh2
May  8 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Received disconnect from 80.94.95.125 port 50906:11: Bye [preauth]
May  8 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: Disconnected from 80.94.95.125 port 50906 [preauth]
May  8 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 02:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24424]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 02:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: Failed password for root from 196.251.84.225 port 37654 ssh2
May  8 02:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24462]: Connection closed by 196.251.84.225 port 37654 [preauth]
May  8 02:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session closed for user root
May  8 02:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Invalid user ranger from 196.251.84.225
May  8 02:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: input_userauth_request: invalid user ranger [preauth]
May  8 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session closed for user root
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24557]: pam_unix(cron:session): session closed for user p13x
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Failed password for invalid user ranger from 196.251.84.225 port 36816 ssh2
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24633]: Successful su for rubyman by root
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24633]: + ??? root:rubyman
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350462 of user rubyman.
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24633]: pam_unix(su:session): session closed for user rubyman
May  8 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350462.
May  8 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24545]: Connection closed by 196.251.84.225 port 36816 [preauth]
May  8 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21369]: pam_unix(cron:session): session closed for user root
May  8 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24559]: pam_unix(cron:session): session closed for user root
May  8 02:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24558]: pam_unix(cron:session): session closed for user samftp
May  8 02:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Invalid user operation from 68.183.90.203
May  8 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: input_userauth_request: invalid user operation [preauth]
May  8 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Failed password for invalid user operation from 68.183.90.203 port 57792 ssh2
May  8 02:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Received disconnect from 68.183.90.203 port 57792:11: Bye Bye [preauth]
May  8 02:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24845]: Disconnected from 68.183.90.203 port 57792 [preauth]
May  8 02:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Invalid user elk from 196.251.84.225
May  8 02:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: input_userauth_request: invalid user elk [preauth]
May  8 02:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Failed password for invalid user elk from 196.251.84.225 port 53334 ssh2
May  8 02:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24889]: Connection closed by 196.251.84.225 port 53334 [preauth]
May  8 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23582]: pam_unix(cron:session): session closed for user root
May  8 02:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Invalid user wordpress from 196.251.84.225
May  8 02:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: input_userauth_request: invalid user wordpress [preauth]
May  8 02:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Failed password for invalid user wordpress from 196.251.84.225 port 56634 ssh2
May  8 02:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24992]: Connection closed by 196.251.84.225 port 56634 [preauth]
May  8 02:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Invalid user pi from 80.94.95.115
May  8 02:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: input_userauth_request: invalid user pi [preauth]
May  8 02:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Failed password for invalid user pi from 80.94.95.115 port 44186 ssh2
May  8 02:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25001]: Connection closed by 80.94.95.115 port 44186 [preauth]
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25013]: pam_unix(cron:session): session closed for user p13x
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: Successful su for rubyman by root
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: + ??? root:rubyman
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350467 of user rubyman.
May  8 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25082]: pam_unix(su:session): session closed for user rubyman
May  8 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350467.
May  8 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session closed for user root
May  8 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25014]: pam_unix(cron:session): session closed for user samftp
May  8 02:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Invalid user vps from 196.251.84.225
May  8 02:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: input_userauth_request: invalid user vps [preauth]
May  8 02:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Failed password for invalid user vps from 196.251.84.225 port 47968 ssh2
May  8 02:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25308]: Connection closed by 196.251.84.225 port 47968 [preauth]
May  8 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session closed for user root
May  8 02:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Invalid user user from 196.251.84.225
May  8 02:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: input_userauth_request: invalid user user [preauth]
May  8 02:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Invalid user dara from 43.156.17.35
May  8 02:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: input_userauth_request: invalid user dara [preauth]
May  8 02:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 02:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Failed password for invalid user user from 196.251.84.225 port 47430 ssh2
May  8 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25406]: Connection closed by 196.251.84.225 port 47430 [preauth]
May  8 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Failed password for invalid user dara from 43.156.17.35 port 56994 ssh2
May  8 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Received disconnect from 43.156.17.35 port 56994:11: Bye Bye [preauth]
May  8 02:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Disconnected from 43.156.17.35 port 56994 [preauth]
May  8 02:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 02:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Failed password for root from 218.92.0.215 port 28624 ssh2
May  8 02:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: message repeated 2 times: [ Failed password for root from 218.92.0.215 port 28624 ssh2]
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25439]: pam_unix(cron:session): session closed for user p13x
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25498]: Successful su for rubyman by root
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25498]: + ??? root:rubyman
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350471 of user rubyman.
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25498]: pam_unix(su:session): session closed for user rubyman
May  8 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350471.
May  8 02:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Failed password for root from 218.92.0.215 port 28624 ssh2
May  8 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22599]: pam_unix(cron:session): session closed for user root
May  8 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Failed password for root from 218.92.0.215 port 28624 ssh2
May  8 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 28624 ssh2 [preauth]
May  8 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Disconnecting: Too many authentication failures [preauth]
May  8 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 02:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25440]: pam_unix(cron:session): session closed for user samftp
May  8 02:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 02:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for root from 218.92.0.215 port 19108 ssh2
May  8 02:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for root from 218.92.0.215 port 19108 ssh2
May  8 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Failed password for root from 196.251.84.225 port 36968 ssh2
May  8 02:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25757]: Connection closed by 196.251.84.225 port 36968 [preauth]
May  8 02:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Failed password for root from 218.92.0.215 port 19108 ssh2
May  8 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: message repeated 3 times: [ Failed password for root from 218.92.0.215 port 19108 ssh2]
May  8 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 19108 ssh2 [preauth]
May  8 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: Disconnecting: Too many authentication failures [preauth]
May  8 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 02:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25753]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 02:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 02:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Failed password for root from 218.92.0.215 port 1116 ssh2
May  8 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24561]: pam_unix(cron:session): session closed for user root
May  8 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Received disconnect from 218.92.0.215 port 1116:11:  [preauth]
May  8 02:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25834]: Disconnected from 218.92.0.215 port 1116 [preauth]
May  8 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Invalid user vbox from 196.251.84.225
May  8 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: input_userauth_request: invalid user vbox [preauth]
May  8 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Failed password for invalid user vbox from 196.251.84.225 port 49680 ssh2
May  8 02:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25874]: Connection closed by 196.251.84.225 port 49680 [preauth]
May  8 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25946]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25946]: pam_unix(cron:session): session closed for user p13x
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: Successful su for rubyman by root
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: + ??? root:rubyman
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350477 of user rubyman.
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26011]: pam_unix(su:session): session closed for user rubyman
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350477.
May  8 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: Invalid user satisfactory from 196.251.84.225
May  8 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: input_userauth_request: invalid user satisfactory [preauth]
May  8 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session closed for user root
May  8 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: Failed password for invalid user satisfactory from 196.251.84.225 port 50064 ssh2
May  8 02:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26034]: Connection closed by 196.251.84.225 port 50064 [preauth]
May  8 02:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25951]: pam_unix(cron:session): session closed for user samftp
May  8 02:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: Invalid user centos from 196.251.84.225
May  8 02:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: input_userauth_request: invalid user centos [preauth]
May  8 02:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: Failed password for invalid user centos from 196.251.84.225 port 59506 ssh2
May  8 02:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26263]: Connection closed by 196.251.84.225 port 59506 [preauth]
May  8 02:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25017]: pam_unix(cron:session): session closed for user root
May  8 02:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Invalid user sysadmin from 196.251.84.225
May  8 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: input_userauth_request: invalid user sysadmin [preauth]
May  8 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Failed password for invalid user sysadmin from 196.251.84.225 port 56278 ssh2
May  8 02:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26343]: Connection closed by 196.251.84.225 port 56278 [preauth]
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26354]: pam_unix(cron:session): session closed for user p13x
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: Successful su for rubyman by root
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: + ??? root:rubyman
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350479 of user rubyman.
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26416]: pam_unix(su:session): session closed for user rubyman
May  8 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350479.
May  8 02:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23581]: pam_unix(cron:session): session closed for user root
May  8 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user samftp
May  8 02:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 02:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: Invalid user sonar from 196.251.84.225
May  8 02:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: input_userauth_request: invalid user sonar [preauth]
May  8 02:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26716]: Failed password for root from 110.164.228.242 port 56792 ssh2
May  8 02:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26716]: Received disconnect from 110.164.228.242 port 56792:11: Bye Bye [preauth]
May  8 02:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26716]: Disconnected from 110.164.228.242 port 56792 [preauth]
May  8 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: Failed password for invalid user sonar from 196.251.84.225 port 46186 ssh2
May  8 02:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26726]: Connection closed by 196.251.84.225 port 46186 [preauth]
May  8 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25442]: pam_unix(cron:session): session closed for user root
May  8 02:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Invalid user postgres from 196.251.84.225
May  8 02:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: input_userauth_request: invalid user postgres [preauth]
May  8 02:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Failed password for invalid user postgres from 196.251.84.225 port 52522 ssh2
May  8 02:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26820]: Connection closed by 196.251.84.225 port 52522 [preauth]
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26846]: pam_unix(cron:session): session closed for user root
May  8 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session closed for user p13x
May  8 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: Successful su for rubyman by root
May  8 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: + ??? root:rubyman
May  8 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350485 of user rubyman.
May  8 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26922]: pam_unix(su:session): session closed for user rubyman
May  8 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350485.
May  8 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session closed for user root
May  8 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26843]: pam_unix(cron:session): session closed for user root
May  8 02:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26842]: pam_unix(cron:session): session closed for user samftp
May  8 02:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 02:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: input_userauth_request: invalid user ftp [preauth]
May  8 02:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  8 02:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Invalid user dangulo from 68.183.90.203
May  8 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: input_userauth_request: invalid user dangulo [preauth]
May  8 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Failed password for invalid user ftp from 196.251.84.225 port 51980 ssh2
May  8 02:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27243]: Connection closed by 196.251.84.225 port 51980 [preauth]
May  8 02:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Failed password for invalid user dangulo from 68.183.90.203 port 35382 ssh2
May  8 02:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Received disconnect from 68.183.90.203 port 35382:11: Bye Bye [preauth]
May  8 02:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27246]: Disconnected from 68.183.90.203 port 35382 [preauth]
May  8 02:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25953]: pam_unix(cron:session): session closed for user root
May  8 02:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Invalid user arkserver from 196.251.84.225
May  8 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: input_userauth_request: invalid user arkserver [preauth]
May  8 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Failed password for invalid user arkserver from 196.251.84.225 port 44972 ssh2
May  8 02:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27348]: Connection closed by 196.251.84.225 port 44972 [preauth]
May  8 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27374]: pam_unix(cron:session): session closed for user p13x
May  8 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27490]: Successful su for rubyman by root
May  8 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27490]: + ??? root:rubyman
May  8 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350490 of user rubyman.
May  8 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27490]: pam_unix(su:session): session closed for user rubyman
May  8 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350490.
May  8 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24560]: pam_unix(cron:session): session closed for user root
May  8 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27379]: pam_unix(cron:session): session closed for user samftp
May  8 02:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Invalid user test from 196.251.84.225
May  8 02:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: input_userauth_request: invalid user test [preauth]
May  8 02:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Failed password for invalid user test from 196.251.84.225 port 56902 ssh2
May  8 02:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27719]: Connection closed by 196.251.84.225 port 56902 [preauth]
May  8 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user root
May  8 02:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: Invalid user solana from 196.251.84.225
May  8 02:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: input_userauth_request: invalid user solana [preauth]
May  8 02:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: Failed password for invalid user solana from 196.251.84.225 port 39712 ssh2
May  8 02:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27819]: Connection closed by 196.251.84.225 port 39712 [preauth]
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27847]: pam_unix(cron:session): session closed for user p13x
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27916]: Successful su for rubyman by root
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27916]: + ??? root:rubyman
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350494 of user rubyman.
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27916]: pam_unix(su:session): session closed for user rubyman
May  8 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350494.
May  8 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25016]: pam_unix(cron:session): session closed for user root
May  8 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27848]: pam_unix(cron:session): session closed for user samftp
May  8 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Invalid user admin from 43.156.17.35
May  8 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: input_userauth_request: invalid user admin [preauth]
May  8 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 02:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Failed password for invalid user admin from 43.156.17.35 port 46024 ssh2
May  8 02:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Received disconnect from 43.156.17.35 port 46024:11: Bye Bye [preauth]
May  8 02:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28093]: Disconnected from 43.156.17.35 port 46024 [preauth]
May  8 02:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Invalid user sol from 196.251.84.225
May  8 02:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: input_userauth_request: invalid user sol [preauth]
May  8 02:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Failed password for invalid user sol from 196.251.84.225 port 37156 ssh2
May  8 02:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28128]: Connection closed by 196.251.84.225 port 37156 [preauth]
May  8 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26845]: pam_unix(cron:session): session closed for user root
May  8 02:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Invalid user halo from 186.233.208.13
May  8 02:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: input_userauth_request: invalid user halo [preauth]
May  8 02:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Invalid user ranger from 196.251.84.225
May  8 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: input_userauth_request: invalid user ranger [preauth]
May  8 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Failed password for invalid user halo from 186.233.208.13 port 36534 ssh2
May  8 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Received disconnect from 186.233.208.13 port 36534:11: Bye Bye [preauth]
May  8 02:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28211]: Disconnected from 186.233.208.13 port 36534 [preauth]
May  8 02:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Failed password for invalid user ranger from 196.251.84.225 port 56286 ssh2
May  8 02:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28213]: Connection closed by 196.251.84.225 port 56286 [preauth]
May  8 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28267]: pam_unix(cron:session): session closed for user p13x
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: Successful su for rubyman by root
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: + ??? root:rubyman
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350497 of user rubyman.
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28324]: pam_unix(su:session): session closed for user rubyman
May  8 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350497.
May  8 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25441]: pam_unix(cron:session): session closed for user root
May  8 02:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28268]: pam_unix(cron:session): session closed for user samftp
May  8 02:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Invalid user admin from 196.251.84.225
May  8 02:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: input_userauth_request: invalid user admin [preauth]
May  8 02:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Failed password for invalid user admin from 196.251.84.225 port 47162 ssh2
May  8 02:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28525]: Connection closed by 196.251.84.225 port 47162 [preauth]
May  8 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27381]: pam_unix(cron:session): session closed for user root
May  8 02:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Invalid user drupal from 196.251.84.225
May  8 02:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: input_userauth_request: invalid user drupal [preauth]
May  8 02:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Failed password for invalid user drupal from 196.251.84.225 port 48502 ssh2
May  8 02:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Connection closed by 196.251.84.225 port 48502 [preauth]
May  8 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28674]: pam_unix(cron:session): session closed for user p13x
May  8 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: Successful su for rubyman by root
May  8 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: + ??? root:rubyman
May  8 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350501 of user rubyman.
May  8 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28735]: pam_unix(su:session): session closed for user rubyman
May  8 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350501.
May  8 02:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25952]: pam_unix(cron:session): session closed for user root
May  8 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28675]: pam_unix(cron:session): session closed for user samftp
May  8 02:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Invalid user mongodb from 196.251.84.225
May  8 02:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: input_userauth_request: invalid user mongodb [preauth]
May  8 02:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Failed password for invalid user mongodb from 196.251.84.225 port 48608 ssh2
May  8 02:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28928]: Connection closed by 196.251.84.225 port 48608 [preauth]
May  8 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27850]: pam_unix(cron:session): session closed for user root
May  8 02:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Invalid user jack from 196.251.84.225
May  8 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: input_userauth_request: invalid user jack [preauth]
May  8 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Failed password for invalid user jack from 196.251.84.225 port 37800 ssh2
May  8 02:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29112]: Connection closed by 196.251.84.225 port 37800 [preauth]
May  8 02:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Invalid user js from 110.164.228.242
May  8 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: input_userauth_request: invalid user js [preauth]
May  8 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Failed password for invalid user js from 110.164.228.242 port 58002 ssh2
May  8 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Received disconnect from 110.164.228.242 port 58002:11: Bye Bye [preauth]
May  8 02:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29153]: Disconnected from 110.164.228.242 port 58002 [preauth]
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29183]: pam_unix(cron:session): session closed for user root
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29176]: pam_unix(cron:session): session closed for user p13x
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: Successful su for rubyman by root
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: + ??? root:rubyman
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350509 of user rubyman.
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29249]: pam_unix(su:session): session closed for user rubyman
May  8 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350509.
May  8 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29179]: pam_unix(cron:session): session closed for user root
May  8 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session closed for user root
May  8 02:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29178]: pam_unix(cron:session): session closed for user samftp
May  8 02:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Invalid user vbox from 196.251.84.225
May  8 02:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: input_userauth_request: invalid user vbox [preauth]
May  8 02:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Failed password for invalid user vbox from 196.251.84.225 port 35080 ssh2
May  8 02:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29468]: Connection closed by 196.251.84.225 port 35080 [preauth]
May  8 02:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Invalid user saeid from 68.183.90.203
May  8 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: input_userauth_request: invalid user saeid [preauth]
May  8 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28270]: pam_unix(cron:session): session closed for user root
May  8 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Failed password for invalid user saeid from 68.183.90.203 port 36582 ssh2
May  8 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Received disconnect from 68.183.90.203 port 36582:11: Bye Bye [preauth]
May  8 02:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29543]: Disconnected from 68.183.90.203 port 36582 [preauth]
May  8 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Invalid user sonar from 196.251.84.225
May  8 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: input_userauth_request: invalid user sonar [preauth]
May  8 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Failed password for invalid user sonar from 196.251.84.225 port 56974 ssh2
May  8 02:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29577]: Connection closed by 196.251.84.225 port 56974 [preauth]
May  8 02:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 02:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Failed password for root from 80.94.95.115 port 19542 ssh2
May  8 02:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29601]: Connection closed by 80.94.95.115 port 19542 [preauth]
May  8 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29640]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29639]: pam_unix(cron:session): session closed for user p13x
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29708]: Successful su for rubyman by root
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29708]: + ??? root:rubyman
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29708]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350512 of user rubyman.
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29708]: pam_unix(su:session): session closed for user rubyman
May  8 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350512.
May  8 02:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26844]: pam_unix(cron:session): session closed for user root
May  8 02:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29640]: pam_unix(cron:session): session closed for user samftp
May  8 02:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Failed password for root from 196.251.84.225 port 45858 ssh2
May  8 02:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29836]: Connection closed by 196.251.84.225 port 45858 [preauth]
May  8 02:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session closed for user root
May  8 02:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Failed password for root from 196.251.84.225 port 36322 ssh2
May  8 02:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29996]: Did not receive identification string from 196.251.70.234
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29971]: Connection closed by 196.251.84.225 port 36322 [preauth]
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Invalid user ubnt from 196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: input_userauth_request: invalid user ubnt [preauth]
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Invalid user user from 196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: input_userauth_request: invalid user user [preauth]
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Invalid user usario from 196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: input_userauth_request: invalid user usario [preauth]
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Invalid user support from 196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: input_userauth_request: invalid user support [preauth]
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Invalid user admin from 196.251.70.234
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: input_userauth_request: invalid user admin [preauth]
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.70.234
May  8 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Failed password for invalid user ubnt from 196.251.70.234 port 38368 ssh2
May  8 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Failed password for invalid user user from 196.251.70.234 port 38396 ssh2
May  8 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Failed password for invalid user usario from 196.251.70.234 port 38362 ssh2
May  8 02:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Failed password for invalid user support from 196.251.70.234 port 38390 ssh2
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Failed password for invalid user admin from 196.251.70.234 port 38376 ssh2
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Received disconnect from 196.251.70.234 port 38362:11: Bye Bye [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30001]: Disconnected from 196.251.70.234 port 38362 [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Received disconnect from 196.251.70.234 port 38396:11: Bye Bye [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30003]: Disconnected from 196.251.70.234 port 38396 [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Received disconnect from 196.251.70.234 port 38368:11: Bye Bye [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30002]: Disconnected from 196.251.70.234 port 38368 [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Received disconnect from 196.251.70.234 port 38390:11: Bye Bye [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30004]: Disconnected from 196.251.70.234 port 38390 [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Received disconnect from 196.251.70.234 port 38376:11: Bye Bye [preauth]
May  8 02:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30010]: Disconnected from 196.251.70.234 port 38376 [preauth]
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30063]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30064]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30063]: pam_unix(cron:session): session closed for user p13x
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: Successful su for rubyman by root
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: + ??? root:rubyman
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350516 of user rubyman.
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30127]: pam_unix(su:session): session closed for user rubyman
May  8 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350516.
May  8 02:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Invalid user test from 196.251.84.225
May  8 02:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: input_userauth_request: invalid user test [preauth]
May  8 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27380]: pam_unix(cron:session): session closed for user root
May  8 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Failed password for invalid user test from 196.251.84.225 port 49724 ssh2
May  8 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30126]: Connection closed by 196.251.84.225 port 49724 [preauth]
May  8 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30064]: pam_unix(cron:session): session closed for user samftp
May  8 02:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Invalid user ldap from 196.251.84.225
May  8 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: input_userauth_request: invalid user ldap [preauth]
May  8 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Failed password for root from 43.156.17.35 port 35130 ssh2
May  8 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Received disconnect from 43.156.17.35 port 35130:11: Bye Bye [preauth]
May  8 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Disconnected from 43.156.17.35 port 35130 [preauth]
May  8 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Failed password for invalid user ldap from 196.251.84.225 port 58296 ssh2
May  8 02:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30373]: Connection closed by 196.251.84.225 port 58296 [preauth]
May  8 02:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29181]: pam_unix(cron:session): session closed for user root
May  8 02:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: Failed password for root from 196.251.84.225 port 47424 ssh2
May  8 02:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30459]: Connection closed by 196.251.84.225 port 47424 [preauth]
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30471]: pam_unix(cron:session): session closed for user p13x
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: Successful su for rubyman by root
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: + ??? root:rubyman
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350519 of user rubyman.
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30532]: pam_unix(su:session): session closed for user rubyman
May  8 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350519.
May  8 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27849]: pam_unix(cron:session): session closed for user root
May  8 02:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30472]: pam_unix(cron:session): session closed for user samftp
May  8 02:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: Invalid user dolphinscheduler from 196.251.84.225
May  8 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 33988 ssh2
May  8 02:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30753]: Connection closed by 196.251.84.225 port 33988 [preauth]
May  8 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29643]: pam_unix(cron:session): session closed for user root
May  8 02:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Failed password for root from 196.251.84.225 port 56360 ssh2
May  8 02:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30852]: Connection closed by 196.251.84.225 port 56360 [preauth]
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30865]: pam_unix(cron:session): session closed for user p13x
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31084]: Successful su for rubyman by root
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31084]: + ??? root:rubyman
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350525 of user rubyman.
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31084]: pam_unix(su:session): session closed for user rubyman
May  8 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350525.
May  8 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30863]: pam_unix(cron:session): session closed for user root
May  8 02:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28269]: pam_unix(cron:session): session closed for user root
May  8 02:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30866]: pam_unix(cron:session): session closed for user samftp
May  8 02:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Invalid user vagrant from 196.251.84.225
May  8 02:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: input_userauth_request: invalid user vagrant [preauth]
May  8 02:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Failed password for invalid user vagrant from 196.251.84.225 port 33978 ssh2
May  8 02:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31347]: Connection closed by 196.251.84.225 port 33978 [preauth]
May  8 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30066]: pam_unix(cron:session): session closed for user root
May  8 02:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Connection reset by 218.92.0.220 port 28294 [preauth]
May  8 02:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Invalid user awsgui from 196.251.84.225
May  8 02:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: input_userauth_request: invalid user awsgui [preauth]
May  8 02:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Failed password for invalid user awsgui from 196.251.84.225 port 45860 ssh2
May  8 02:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31438]: Connection closed by 196.251.84.225 port 45860 [preauth]
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31474]: pam_unix(cron:session): session closed for user root
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31467]: pam_unix(cron:session): session closed for user p13x
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: Successful su for rubyman by root
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: + ??? root:rubyman
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350533 of user rubyman.
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31540]: pam_unix(su:session): session closed for user rubyman
May  8 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350533.
May  8 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31470]: pam_unix(cron:session): session closed for user root
May  8 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session closed for user root
May  8 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31469]: pam_unix(cron:session): session closed for user samftp
May  8 02:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Invalid user postgres from 196.251.84.225
May  8 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: input_userauth_request: invalid user postgres [preauth]
May  8 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Failed password for invalid user postgres from 196.251.84.225 port 43982 ssh2
May  8 02:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31802]: Connection closed by 196.251.84.225 port 43982 [preauth]
May  8 02:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 02:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Failed password for root from 110.164.228.242 port 50134 ssh2
May  8 02:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Received disconnect from 110.164.228.242 port 50134:11: Bye Bye [preauth]
May  8 02:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31845]: Disconnected from 110.164.228.242 port 50134 [preauth]
May  8 02:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30474]: pam_unix(cron:session): session closed for user root
May  8 02:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Invalid user av from 68.183.90.203
May  8 02:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: input_userauth_request: invalid user av [preauth]
May  8 02:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Failed password for invalid user av from 68.183.90.203 port 56962 ssh2
May  8 02:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Received disconnect from 68.183.90.203 port 56962:11: Bye Bye [preauth]
May  8 02:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31896]: Disconnected from 68.183.90.203 port 56962 [preauth]
May  8 02:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Invalid user dev from 196.251.84.225
May  8 02:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: input_userauth_request: invalid user dev [preauth]
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session closed for user p13x
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32250]: Successful su for rubyman by root
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32250]: + ??? root:rubyman
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350535 of user rubyman.
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32250]: pam_unix(su:session): session closed for user rubyman
May  8 02:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350535.
May  8 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29180]: pam_unix(cron:session): session closed for user root
May  8 02:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32035]: pam_unix(cron:session): session closed for user samftp
May  8 02:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Failed password for root from 196.251.84.225 port 52202 ssh2
May  8 02:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32542]: Connection closed by 196.251.84.225 port 52202 [preauth]
May  8 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30868]: pam_unix(cron:session): session closed for user root
May  8 02:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Failed password for invalid user dev from 196.251.84.225 port 34212 ssh2
May  8 02:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31933]: Connection closed by 196.251.84.225 port 34212 [preauth]
May  8 02:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Failed password for root from 196.251.84.225 port 36114 ssh2
May  8 02:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32735]: Connection closed by 196.251.84.225 port 36114 [preauth]
May  8 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32767]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32767]: pam_unix(cron:session): session closed for user p13x
May  8 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[396]: Successful su for rubyman by root
May  8 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[396]: + ??? root:rubyman
May  8 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350539 of user rubyman.
May  8 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[396]: pam_unix(su:session): session closed for user rubyman
May  8 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350539.
May  8 02:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29641]: pam_unix(cron:session): session closed for user root
May  8 02:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[302]: pam_unix(cron:session): session closed for user samftp
May  8 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Invalid user userdb from 50.235.31.47
May  8 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: input_userauth_request: invalid user userdb [preauth]
May  8 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 02:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Failed password for invalid user userdb from 50.235.31.47 port 44788 ssh2
May  8 02:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Connection closed by 50.235.31.47 port 44788 [preauth]
May  8 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Invalid user test from 196.251.84.225
May  8 02:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: input_userauth_request: invalid user test [preauth]
May  8 02:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Failed password for invalid user test from 196.251.84.225 port 34160 ssh2
May  8 02:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[647]: Connection closed by 196.251.84.225 port 34160 [preauth]
May  8 02:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31472]: pam_unix(cron:session): session closed for user root
May  8 02:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Invalid user test from 196.251.84.225
May  8 02:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: input_userauth_request: invalid user test [preauth]
May  8 02:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Failed password for invalid user test from 196.251.84.225 port 48940 ssh2
May  8 02:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[755]: Connection closed by 196.251.84.225 port 48940 [preauth]
May  8 02:42:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Invalid user erpnext from 43.156.17.35
May  8 02:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: input_userauth_request: invalid user erpnext [preauth]
May  8 02:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 02:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Failed password for invalid user erpnext from 43.156.17.35 port 52570 ssh2
May  8 02:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Received disconnect from 43.156.17.35 port 52570:11: Bye Bye [preauth]
May  8 02:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[804]: Disconnected from 43.156.17.35 port 52570 [preauth]
May  8 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session closed for user p13x
May  8 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: Successful su for rubyman by root
May  8 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: + ??? root:rubyman
May  8 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350542 of user rubyman.
May  8 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[897]: pam_unix(su:session): session closed for user rubyman
May  8 02:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350542.
May  8 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30065]: pam_unix(cron:session): session closed for user root
May  8 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Invalid user apache from 196.251.84.225
May  8 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: input_userauth_request: invalid user apache [preauth]
May  8 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[819]: pam_unix(cron:session): session closed for user samftp
May  8 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Failed password for invalid user apache from 196.251.84.225 port 49396 ssh2
May  8 02:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1095]: Connection closed by 196.251.84.225 port 49396 [preauth]
May  8 02:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: Invalid user docker from 196.251.84.225
May  8 02:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: input_userauth_request: invalid user docker [preauth]
May  8 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: Failed password for invalid user docker from 196.251.84.225 port 60570 ssh2
May  8 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1201]: Connection closed by 196.251.84.225 port 60570 [preauth]
May  8 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32039]: pam_unix(cron:session): session closed for user root
May  8 02:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Invalid user node from 196.251.84.225
May  8 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: input_userauth_request: invalid user node [preauth]
May  8 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Failed password for invalid user node from 196.251.84.225 port 54346 ssh2
May  8 02:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Connection closed by 196.251.84.225 port 54346 [preauth]
May  8 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1319]: pam_unix(cron:session): session closed for user p13x
May  8 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1382]: Successful su for rubyman by root
May  8 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1382]: + ??? root:rubyman
May  8 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350547 of user rubyman.
May  8 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1382]: pam_unix(su:session): session closed for user rubyman
May  8 02:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350547.
May  8 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30473]: pam_unix(cron:session): session closed for user root
May  8 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1320]: pam_unix(cron:session): session closed for user samftp
May  8 02:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Invalid user wordpress from 196.251.84.225
May  8 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: input_userauth_request: invalid user wordpress [preauth]
May  8 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Failed password for invalid user wordpress from 196.251.84.225 port 33514 ssh2
May  8 02:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1654]: Connection closed by 196.251.84.225 port 33514 [preauth]
May  8 02:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[304]: pam_unix(cron:session): session closed for user root
May  8 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Invalid user usr from 14.103.173.90
May  8 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: input_userauth_request: invalid user usr [preauth]
May  8 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 02:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Invalid user centos from 196.251.84.225
May  8 02:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: input_userauth_request: invalid user centos [preauth]
May  8 02:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Failed password for invalid user usr from 14.103.173.90 port 49366 ssh2
May  8 02:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Received disconnect from 14.103.173.90 port 49366:11: Bye Bye [preauth]
May  8 02:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1770]: Disconnected from 14.103.173.90 port 49366 [preauth]
May  8 02:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Failed password for invalid user centos from 196.251.84.225 port 60462 ssh2
May  8 02:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Connection closed by 196.251.84.225 port 60462 [preauth]
May  8 02:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  8 02:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for root from 186.233.208.13 port 47414 ssh2
May  8 02:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Received disconnect from 186.233.208.13 port 47414:11: Bye Bye [preauth]
May  8 02:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Disconnected from 186.233.208.13 port 47414 [preauth]
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1808]: pam_unix(cron:session): session closed for user root
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1803]: pam_unix(cron:session): session closed for user p13x
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: Successful su for rubyman by root
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: + ??? root:rubyman
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350552 of user rubyman.
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: pam_unix(su:session): session closed for user rubyman
May  8 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350552.
May  8 02:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1805]: pam_unix(cron:session): session closed for user root
May  8 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30867]: pam_unix(cron:session): session closed for user root
May  8 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1804]: pam_unix(cron:session): session closed for user samftp
May  8 02:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: Invalid user esuser from 196.251.84.225
May  8 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: input_userauth_request: invalid user esuser [preauth]
May  8 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: Failed password for invalid user esuser from 196.251.84.225 port 51520 ssh2
May  8 02:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2206]: Connection closed by 196.251.84.225 port 51520 [preauth]
May  8 02:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[822]: pam_unix(cron:session): session closed for user root
May  8 02:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: Invalid user xiwen from 68.183.90.203
May  8 02:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: input_userauth_request: invalid user xiwen [preauth]
May  8 02:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Invalid user app from 196.251.84.225
May  8 02:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: input_userauth_request: invalid user app [preauth]
May  8 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: Failed password for invalid user xiwen from 68.183.90.203 port 56172 ssh2
May  8 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: Received disconnect from 68.183.90.203 port 56172:11: Bye Bye [preauth]
May  8 02:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2287]: Disconnected from 68.183.90.203 port 56172 [preauth]
May  8 02:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Failed password for invalid user app from 196.251.84.225 port 33978 ssh2
May  8 02:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2299]: Connection closed by 196.251.84.225 port 33978 [preauth]
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2330]: pam_unix(cron:session): session closed for user p13x
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: Successful su for rubyman by root
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: + ??? root:rubyman
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350557 of user rubyman.
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2421]: pam_unix(su:session): session closed for user rubyman
May  8 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350557.
May  8 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Invalid user user from 110.164.228.242
May  8 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: input_userauth_request: invalid user user [preauth]
May  8 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Failed password for invalid user user from 110.164.228.242 port 33642 ssh2
May  8 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Received disconnect from 110.164.228.242 port 33642:11: Bye Bye [preauth]
May  8 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2327]: Disconnected from 110.164.228.242 port 33642 [preauth]
May  8 02:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31471]: pam_unix(cron:session): session closed for user root
May  8 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2331]: pam_unix(cron:session): session closed for user samftp
May  8 02:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Invalid user pal from 196.251.84.225
May  8 02:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: input_userauth_request: invalid user pal [preauth]
May  8 02:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Failed password for invalid user pal from 196.251.84.225 port 38220 ssh2
May  8 02:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2633]: Connection closed by 196.251.84.225 port 38220 [preauth]
May  8 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1322]: pam_unix(cron:session): session closed for user root
May  8 02:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Failed password for root from 196.251.84.225 port 36356 ssh2
May  8 02:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2749]: Connection closed by 196.251.84.225 port 36356 [preauth]
May  8 02:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 02:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Failed password for root from 218.92.0.231 port 24740 ssh2
May  8 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 24740 ssh2]
May  8 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Received disconnect from 218.92.0.231 port 24740:11:  [preauth]
May  8 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: Disconnected from 218.92.0.231 port 24740 [preauth]
May  8 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2772]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2804]: pam_unix(cron:session): session closed for user p13x
May  8 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2870]: Successful su for rubyman by root
May  8 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2870]: + ??? root:rubyman
May  8 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350560 of user rubyman.
May  8 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2870]: pam_unix(su:session): session closed for user rubyman
May  8 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350560.
May  8 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32036]: pam_unix(cron:session): session closed for user root
May  8 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2805]: pam_unix(cron:session): session closed for user samftp
May  8 02:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Invalid user admin from 80.94.95.112
May  8 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: input_userauth_request: invalid user admin [preauth]
May  8 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 02:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for invalid user admin from 80.94.95.112 port 52311 ssh2
May  8 02:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for invalid user admin from 80.94.95.112 port 52311 ssh2
May  8 02:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Invalid user a from 85.208.84.4
May  8 02:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: input_userauth_request: invalid user a [preauth]
May  8 02:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 02:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for invalid user admin from 80.94.95.112 port 52311 ssh2
May  8 02:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Failed password for invalid user a from 85.208.84.4 port 36888 ssh2
May  8 02:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Connection closed by 85.208.84.4 port 36888 [preauth]
May  8 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for invalid user admin from 80.94.95.112 port 52311 ssh2
May  8 02:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Failed password for invalid user admin from 80.94.95.112 port 52311 ssh2
May  8 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Received disconnect from 80.94.95.112 port 52311:11: Bye [preauth]
May  8 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: Disconnected from 80.94.95.112 port 52311 [preauth]
May  8 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 02:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3066]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: User bin from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: input_userauth_request: invalid user bin [preauth]
May  8 02:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=bin
May  8 02:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Failed password for invalid user bin from 196.251.84.225 port 47210 ssh2
May  8 02:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3064]: Connection closed by 196.251.84.225 port 47210 [preauth]
May  8 02:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1807]: pam_unix(cron:session): session closed for user root
May  8 02:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Invalid user nft from 196.251.84.225
May  8 02:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: input_userauth_request: invalid user nft [preauth]
May  8 02:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Failed password for invalid user nft from 196.251.84.225 port 57530 ssh2
May  8 02:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3163]: Connection closed by 196.251.84.225 port 57530 [preauth]
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3227]: pam_unix(cron:session): session closed for user p13x
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: Successful su for rubyman by root
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: + ??? root:rubyman
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350565 of user rubyman.
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3286]: pam_unix(su:session): session closed for user rubyman
May  8 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350565.
May  8 02:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[303]: pam_unix(cron:session): session closed for user root
May  8 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3228]: pam_unix(cron:session): session closed for user samftp
May  8 02:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Invalid user plex from 196.251.84.225
May  8 02:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: input_userauth_request: invalid user plex [preauth]
May  8 02:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 02:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Failed password for root from 43.156.17.35 port 40140 ssh2
May  8 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Received disconnect from 43.156.17.35 port 40140:11: Bye Bye [preauth]
May  8 02:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Disconnected from 43.156.17.35 port 40140 [preauth]
May  8 02:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Failed password for invalid user plex from 196.251.84.225 port 36464 ssh2
May  8 02:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3484]: Connection closed by 196.251.84.225 port 36464 [preauth]
May  8 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2333]: pam_unix(cron:session): session closed for user root
May  8 02:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Invalid user hadoop from 196.251.84.225
May  8 02:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: input_userauth_request: invalid user hadoop [preauth]
May  8 02:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Failed password for invalid user hadoop from 196.251.84.225 port 37078 ssh2
May  8 02:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3622]: Connection closed by 196.251.84.225 port 37078 [preauth]
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3680]: pam_unix(cron:session): session closed for user p13x
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3737]: Successful su for rubyman by root
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3737]: + ??? root:rubyman
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350569 of user rubyman.
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3737]: pam_unix(su:session): session closed for user rubyman
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350569.
May  8 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Invalid user es from 196.251.84.225
May  8 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: input_userauth_request: invalid user es [preauth]
May  8 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[821]: pam_unix(cron:session): session closed for user root
May  8 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3681]: pam_unix(cron:session): session closed for user samftp
May  8 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Failed password for invalid user es from 196.251.84.225 port 38348 ssh2
May  8 02:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Connection closed by 196.251.84.225 port 38348 [preauth]
May  8 02:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2807]: pam_unix(cron:session): session closed for user root
May  8 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Invalid user jack from 196.251.84.225
May  8 02:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: input_userauth_request: invalid user jack [preauth]
May  8 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Failed password for invalid user jack from 196.251.84.225 port 44084 ssh2
May  8 02:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4031]: Connection closed by 196.251.84.225 port 44084 [preauth]
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4113]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4118]: pam_unix(cron:session): session closed for user root
May  8 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4113]: pam_unix(cron:session): session closed for user p13x
May  8 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4191]: Successful su for rubyman by root
May  8 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4191]: + ??? root:rubyman
May  8 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350574 of user rubyman.
May  8 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4191]: pam_unix(su:session): session closed for user rubyman
May  8 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350574.
May  8 02:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1321]: pam_unix(cron:session): session closed for user root
May  8 02:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4115]: pam_unix(cron:session): session closed for user root
May  8 02:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4114]: pam_unix(cron:session): session closed for user samftp
May  8 02:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4110]: Failed password for root from 196.251.84.225 port 42550 ssh2
May  8 02:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4110]: Connection closed by 196.251.84.225 port 42550 [preauth]
May  8 02:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3230]: pam_unix(cron:session): session closed for user root
May  8 02:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Invalid user jorgen from 186.233.208.13
May  8 02:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: input_userauth_request: invalid user jorgen [preauth]
May  8 02:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 02:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Failed password for invalid user jorgen from 186.233.208.13 port 50106 ssh2
May  8 02:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Received disconnect from 186.233.208.13 port 50106:11: Bye Bye [preauth]
May  8 02:50:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4662]: Disconnected from 186.233.208.13 port 50106 [preauth]
May  8 02:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Invalid user yesung from 68.183.90.203
May  8 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: input_userauth_request: invalid user yesung [preauth]
May  8 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Failed password for invalid user yesung from 68.183.90.203 port 43604 ssh2
May  8 02:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Received disconnect from 68.183.90.203 port 43604:11: Bye Bye [preauth]
May  8 02:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: Disconnected from 68.183.90.203 port 43604 [preauth]
May  8 02:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4727]: pam_unix(cron:session): session closed for user p13x
May  8 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: Successful su for rubyman by root
May  8 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: + ??? root:rubyman
May  8 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350580 of user rubyman.
May  8 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4797]: pam_unix(su:session): session closed for user rubyman
May  8 02:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350580.
May  8 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: Invalid user demo from 196.251.84.225
May  8 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: input_userauth_request: invalid user demo [preauth]
May  8 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1806]: pam_unix(cron:session): session closed for user root
May  8 02:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4728]: pam_unix(cron:session): session closed for user samftp
May  8 02:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: Failed password for invalid user demo from 196.251.84.225 port 41188 ssh2
May  8 02:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: Connection closed by 196.251.84.225 port 41188 [preauth]
May  8 02:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Failed password for root from 196.251.84.225 port 41158 ssh2
May  8 02:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Connection closed by 196.251.84.225 port 41158 [preauth]
May  8 02:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 02:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Failed password for root from 110.164.228.242 port 56494 ssh2
May  8 02:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Received disconnect from 110.164.228.242 port 56494:11: Bye Bye [preauth]
May  8 02:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Disconnected from 110.164.228.242 port 56494 [preauth]
May  8 02:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Invalid user nagios from 196.251.84.225
May  8 02:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: input_userauth_request: invalid user nagios [preauth]
May  8 02:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Failed password for invalid user nagios from 196.251.84.225 port 36506 ssh2
May  8 02:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5248]: Connection closed by 196.251.84.225 port 36506 [preauth]
May  8 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3683]: pam_unix(cron:session): session closed for user root
May  8 02:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Did not receive identification string from 193.32.162.185
May  8 02:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5351]: pam_unix(cron:session): session closed for user p13x
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5414]: Successful su for rubyman by root
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5414]: + ??? root:rubyman
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350584 of user rubyman.
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5414]: pam_unix(su:session): session closed for user rubyman
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350584.
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: Invalid user vagrant from 196.251.84.225
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: input_userauth_request: invalid user vagrant [preauth]
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: Failed password for invalid user vagrant from 196.251.84.225 port 54528 ssh2
May  8 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2332]: pam_unix(cron:session): session closed for user root
May  8 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5340]: Connection closed by 196.251.84.225 port 54528 [preauth]
May  8 02:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5352]: pam_unix(cron:session): session closed for user samftp
May  8 02:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Failed password for root from 196.251.84.225 port 41324 ssh2
May  8 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4117]: pam_unix(cron:session): session closed for user root
May  8 02:52:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5729]: Connection closed by 196.251.84.225 port 41324 [preauth]
May  8 02:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Failed password for root from 196.251.84.225 port 38710 ssh2
May  8 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5891]: Connection closed by 196.251.84.225 port 38710 [preauth]
May  8 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5904]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5903]: pam_unix(cron:session): session closed for user p13x
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: Successful su for rubyman by root
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: + ??? root:rubyman
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350586 of user rubyman.
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5966]: pam_unix(su:session): session closed for user rubyman
May  8 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350586.
May  8 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2806]: pam_unix(cron:session): session closed for user root
May  8 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5904]: pam_unix(cron:session): session closed for user samftp
May  8 02:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4730]: pam_unix(cron:session): session closed for user root
May  8 02:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: Invalid user puppet from 196.251.84.225
May  8 02:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: input_userauth_request: invalid user puppet [preauth]
May  8 02:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 02:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Failed password for root from 43.156.17.35 port 56826 ssh2
May  8 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: Failed password for invalid user puppet from 196.251.84.225 port 52720 ssh2
May  8 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Received disconnect from 43.156.17.35 port 56826:11: Bye Bye [preauth]
May  8 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6273]: Disconnected from 43.156.17.35 port 56826 [preauth]
May  8 02:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: Connection closed by 196.251.84.225 port 52720 [preauth]
May  8 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6329]: pam_unix(cron:session): session closed for user p13x
May  8 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6388]: Successful su for rubyman by root
May  8 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6388]: + ??? root:rubyman
May  8 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350592 of user rubyman.
May  8 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6388]: pam_unix(su:session): session closed for user rubyman
May  8 02:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350592.
May  8 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3229]: pam_unix(cron:session): session closed for user root
May  8 02:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6330]: pam_unix(cron:session): session closed for user samftp
May  8 02:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Invalid user hikvision from 196.251.84.225
May  8 02:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: input_userauth_request: invalid user hikvision [preauth]
May  8 02:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Failed password for invalid user hikvision from 196.251.84.225 port 39242 ssh2
May  8 02:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6327]: Connection closed by 196.251.84.225 port 39242 [preauth]
May  8 02:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5354]: pam_unix(cron:session): session closed for user root
May  8 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: Invalid user solana from 196.251.84.225
May  8 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: input_userauth_request: invalid user solana [preauth]
May  8 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: Failed password for invalid user solana from 196.251.84.225 port 60324 ssh2
May  8 02:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: Connection closed by 196.251.84.225 port 60324 [preauth]
May  8 02:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: Invalid user es from 196.251.84.225
May  8 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: input_userauth_request: invalid user es [preauth]
May  8 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: Failed password for invalid user es from 196.251.84.225 port 34104 ssh2
May  8 02:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6730]: Connection closed by 196.251.84.225 port 34104 [preauth]
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6739]: pam_unix(cron:session): session closed for user root
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6733]: pam_unix(cron:session): session closed for user p13x
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: Successful su for rubyman by root
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: + ??? root:rubyman
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350597 of user rubyman.
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: pam_unix(su:session): session closed for user rubyman
May  8 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350597.
May  8 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6736]: pam_unix(cron:session): session closed for user root
May  8 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3682]: pam_unix(cron:session): session closed for user root
May  8 02:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6735]: pam_unix(cron:session): session closed for user samftp
May  8 02:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Invalid user www from 196.251.84.225
May  8 02:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: input_userauth_request: invalid user www [preauth]
May  8 02:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Failed password for invalid user www from 196.251.84.225 port 39308 ssh2
May  8 02:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Connection closed by 196.251.84.225 port 39308 [preauth]
May  8 02:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 02:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: Failed password for root from 218.92.0.218 port 58600 ssh2
May  8 02:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5906]: pam_unix(cron:session): session closed for user root
May  8 02:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: Failed password for root from 218.92.0.218 port 58600 ssh2
May  8 02:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: Failed password for root from 218.92.0.218 port 58600 ssh2
May  8 02:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: Received disconnect from 218.92.0.218 port 58600:11:  [preauth]
May  8 02:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: Disconnected from 218.92.0.218 port 58600 [preauth]
May  8 02:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7199]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 02:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Invalid user jito from 196.251.84.225
May  8 02:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: input_userauth_request: invalid user jito [preauth]
May  8 02:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Failed password for invalid user jito from 196.251.84.225 port 59050 ssh2
May  8 02:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Connection closed by 196.251.84.225 port 59050 [preauth]
May  8 02:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Invalid user bilal from 68.183.90.203
May  8 02:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: input_userauth_request: invalid user bilal [preauth]
May  8 02:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Failed password for invalid user bilal from 68.183.90.203 port 59090 ssh2
May  8 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Received disconnect from 68.183.90.203 port 59090:11: Bye Bye [preauth]
May  8 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7276]: Disconnected from 68.183.90.203 port 59090 [preauth]
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7296]: pam_unix(cron:session): session closed for user p13x
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7359]: Successful su for rubyman by root
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7359]: + ??? root:rubyman
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350602 of user rubyman.
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7359]: pam_unix(su:session): session closed for user rubyman
May  8 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350602.
May  8 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4116]: pam_unix(cron:session): session closed for user root
May  8 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7297]: pam_unix(cron:session): session closed for user samftp
May  8 02:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Invalid user alireza from 186.233.208.13
May  8 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: input_userauth_request: invalid user alireza [preauth]
May  8 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Failed password for invalid user alireza from 186.233.208.13 port 41588 ssh2
May  8 02:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Received disconnect from 186.233.208.13 port 41588:11: Bye Bye [preauth]
May  8 02:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7683]: Disconnected from 186.233.208.13 port 41588 [preauth]
May  8 02:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: Invalid user palworld from 196.251.84.225
May  8 02:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: input_userauth_request: invalid user palworld [preauth]
May  8 02:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: Failed password for invalid user palworld from 196.251.84.225 port 49084 ssh2
May  8 02:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 02:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7686]: Connection closed by 196.251.84.225 port 49084 [preauth]
May  8 02:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Failed password for root from 80.94.95.125 port 49261 ssh2
May  8 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 49261 ssh2]
May  8 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Received disconnect from 80.94.95.125 port 49261:11: Bye [preauth]
May  8 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: Disconnected from 80.94.95.125 port 49261 [preauth]
May  8 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7698]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 02:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session closed for user root
May  8 02:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Invalid user jito from 196.251.84.225
May  8 02:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: input_userauth_request: invalid user jito [preauth]
May  8 02:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:56:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Failed password for invalid user jito from 196.251.84.225 port 42456 ssh2
May  8 02:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7794]: Connection closed by 196.251.84.225 port 42456 [preauth]
May  8 02:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 02:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Failed password for root from 110.164.228.242 port 42462 ssh2
May  8 02:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Received disconnect from 110.164.228.242 port 42462:11: Bye Bye [preauth]
May  8 02:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7816]: Disconnected from 110.164.228.242 port 42462 [preauth]
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7829]: pam_unix(cron:session): session closed for user p13x
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7889]: Successful su for rubyman by root
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7889]: + ??? root:rubyman
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350606 of user rubyman.
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7889]: pam_unix(su:session): session closed for user rubyman
May  8 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350606.
May  8 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4729]: pam_unix(cron:session): session closed for user root
May  8 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7830]: pam_unix(cron:session): session closed for user samftp
May  8 02:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: Invalid user user from 196.251.84.225
May  8 02:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: input_userauth_request: invalid user user [preauth]
May  8 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: Failed password for invalid user user from 196.251.84.225 port 40318 ssh2
May  8 02:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: Connection closed by 196.251.84.225 port 40318 [preauth]
May  8 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Invalid user alireza from 14.103.173.90
May  8 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: input_userauth_request: invalid user alireza [preauth]
May  8 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Failed password for invalid user alireza from 14.103.173.90 port 57810 ssh2
May  8 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Received disconnect from 14.103.173.90 port 57810:11: Bye Bye [preauth]
May  8 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8151]: Disconnected from 14.103.173.90 port 57810 [preauth]
May  8 02:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6738]: pam_unix(cron:session): session closed for user root
May  8 02:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 02:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: input_userauth_request: invalid user www-data [preauth]
May  8 02:57:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  8 02:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Failed password for invalid user www-data from 196.251.84.225 port 40386 ssh2
May  8 02:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8230]: Connection closed by 196.251.84.225 port 40386 [preauth]
May  8 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8258]: pam_unix(cron:session): session closed for user p13x
May  8 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: Successful su for rubyman by root
May  8 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: + ??? root:rubyman
May  8 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350608 of user rubyman.
May  8 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8326]: pam_unix(su:session): session closed for user rubyman
May  8 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350608.
May  8 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5353]: pam_unix(cron:session): session closed for user root
May  8 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user samftp
May  8 02:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8527]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8527]: input_userauth_request: invalid user ftp [preauth]
May  8 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  8 02:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  8 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8527]: Failed password for invalid user ftp from 196.251.84.225 port 49130 ssh2
May  8 02:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8527]: Connection closed by 196.251.84.225 port 49130 [preauth]
May  8 02:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Failed password for root from 218.92.0.226 port 45418 ssh2
May  8 02:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 45418 ssh2]
May  8 02:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Received disconnect from 218.92.0.226 port 45418:11:  [preauth]
May  8 02:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: Disconnected from 218.92.0.226 port 45418 [preauth]
May  8 02:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8529]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  8 02:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 02:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Failed password for root from 194.0.234.19 port 15538 ssh2
May  8 02:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: Connection closed by 194.0.234.19 port 15538 [preauth]
May  8 02:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7299]: pam_unix(cron:session): session closed for user root
May  8 02:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 02:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8632]: Failed password for root from 196.251.84.225 port 33830 ssh2
May  8 02:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8632]: Connection closed by 196.251.84.225 port 33830 [preauth]
May  8 02:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session closed for user p13x
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8767]: Successful su for rubyman by root
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8767]: + ??? root:rubyman
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350614 of user rubyman.
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8767]: pam_unix(su:session): session closed for user rubyman
May  8 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350614.
May  8 02:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Failed password for root from 43.156.17.35 port 46030 ssh2
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Received disconnect from 43.156.17.35 port 46030:11: Bye Bye [preauth]
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8684]: Disconnected from 43.156.17.35 port 46030 [preauth]
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Invalid user puppet from 196.251.84.225
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: input_userauth_request: invalid user puppet [preauth]
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5905]: pam_unix(cron:session): session closed for user root
May  8 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Failed password for invalid user puppet from 196.251.84.225 port 56744 ssh2
May  8 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Connection closed by 196.251.84.225 port 56744 [preauth]
May  8 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8688]: pam_unix(cron:session): session closed for user samftp
May  8 02:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: Invalid user jito from 196.251.84.225
May  8 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: input_userauth_request: invalid user jito [preauth]
May  8 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: pam_unix(sshd:auth): check pass; user unknown
May  8 02:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: Failed password for invalid user jito from 196.251.84.225 port 33826 ssh2
May  8 02:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9013]: Connection closed by 196.251.84.225 port 33826 [preauth]
May  8 02:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7832]: pam_unix(cron:session): session closed for user root
May  8 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 02:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: input_userauth_request: invalid user mysql [preauth]
May  8 02:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  8 02:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Failed password for invalid user mysql from 196.251.84.225 port 57294 ssh2
May  8 02:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9093]: Connection closed by 196.251.84.225 port 57294 [preauth]
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9205]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9210]: pam_unix(cron:session): session closed for user root
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9206]: pam_unix(cron:session): session closed for user root
May  8 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9171]: pam_unix(cron:session): session closed for user p13x
May  8 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: Successful su for rubyman by root
May  8 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: + ??? root:rubyman
May  8 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350619 of user rubyman.
May  8 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9331]: pam_unix(su:session): session closed for user rubyman
May  8 03:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350619.
May  8 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9207]: pam_unix(cron:session): session closed for user root
May  8 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6331]: pam_unix(cron:session): session closed for user root
May  8 03:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9205]: pam_unix(cron:session): session closed for user samftp
May  8 03:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: Invalid user dolphin from 196.251.84.225
May  8 03:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: input_userauth_request: invalid user dolphin [preauth]
May  8 03:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: Failed password for invalid user dolphin from 196.251.84.225 port 34660 ssh2
May  8 03:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9583]: Connection closed by 196.251.84.225 port 34660 [preauth]
May  8 03:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
May  8 03:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: input_userauth_request: invalid user ftp [preauth]
May  8 03:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  8 03:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: Failed password for invalid user ftp from 196.251.84.225 port 60570 ssh2
May  8 03:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9712]: Connection closed by 196.251.84.225 port 60570 [preauth]
May  8 03:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Invalid user Guest from 68.183.90.203
May  8 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: input_userauth_request: invalid user Guest [preauth]
May  8 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 03:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Failed password for invalid user Guest from 68.183.90.203 port 40456 ssh2
May  8 03:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Received disconnect from 68.183.90.203 port 40456:11: Bye Bye [preauth]
May  8 03:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9735]: Disconnected from 68.183.90.203 port 40456 [preauth]
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9750]: pam_unix(cron:session): session closed for user p13x
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: Successful su for rubyman by root
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: + ??? root:rubyman
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350624 of user rubyman.
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9818]: pam_unix(su:session): session closed for user rubyman
May  8 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350624.
May  8 03:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6737]: pam_unix(cron:session): session closed for user root
May  8 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9751]: pam_unix(cron:session): session closed for user samftp
May  8 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Invalid user vnc from 196.251.84.225
May  8 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: input_userauth_request: invalid user vnc [preauth]
May  8 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Failed password for invalid user vnc from 196.251.84.225 port 51244 ssh2
May  8 03:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Connection closed by 196.251.84.225 port 51244 [preauth]
May  8 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8690]: pam_unix(cron:session): session closed for user root
May  8 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Failed password for root from 196.251.84.225 port 50350 ssh2
May  8 03:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10107]: Connection closed by 196.251.84.225 port 50350 [preauth]
May  8 03:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Invalid user antonio from 14.103.173.90
May  8 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: input_userauth_request: invalid user antonio [preauth]
May  8 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Failed password for invalid user antonio from 14.103.173.90 port 58642 ssh2
May  8 03:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Received disconnect from 14.103.173.90 port 58642:11: Bye Bye [preauth]
May  8 03:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Disconnected from 14.103.173.90 port 58642 [preauth]
May  8 03:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Invalid user enrico from 186.233.208.13
May  8 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: input_userauth_request: invalid user enrico [preauth]
May  8 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10162]: pam_unix(cron:session): session closed for user p13x
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10310]: Successful su for rubyman by root
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10310]: + ??? root:rubyman
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350627 of user rubyman.
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10310]: pam_unix(su:session): session closed for user rubyman
May  8 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350627.
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Failed password for invalid user enrico from 186.233.208.13 port 52714 ssh2
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Invalid user eurek from 80.94.95.125
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: input_userauth_request: invalid user eurek [preauth]
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Received disconnect from 186.233.208.13 port 52714:11: Bye Bye [preauth]
May  8 03:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10156]: Disconnected from 186.233.208.13 port 52714 [preauth]
May  8 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for invalid user eurek from 80.94.95.125 port 63901 ssh2
May  8 03:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7298]: pam_unix(cron:session): session closed for user root
May  8 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for invalid user eurek from 80.94.95.125 port 63901 ssh2
May  8 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10163]: pam_unix(cron:session): session closed for user samftp
May  8 03:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for invalid user eurek from 80.94.95.125 port 63901 ssh2
May  8 03:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for invalid user eurek from 80.94.95.125 port 63901 ssh2
May  8 03:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Failed password for invalid user eurek from 80.94.95.125 port 63901 ssh2
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Received disconnect from 80.94.95.125 port 63901:11: Bye [preauth]
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: Disconnected from 80.94.95.125 port 63901 [preauth]
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10158]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Invalid user user from 196.251.84.225
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: input_userauth_request: invalid user user [preauth]
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Failed password for invalid user user from 196.251.84.225 port 35518 ssh2
May  8 03:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10518]: Connection closed by 196.251.84.225 port 35518 [preauth]
May  8 03:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9209]: pam_unix(cron:session): session closed for user root
May  8 03:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Failed password for root from 110.164.228.242 port 47326 ssh2
May  8 03:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Received disconnect from 110.164.228.242 port 47326:11: Bye Bye [preauth]
May  8 03:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Disconnected from 110.164.228.242 port 47326 [preauth]
May  8 03:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Invalid user wordpress from 196.251.84.225
May  8 03:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: input_userauth_request: invalid user wordpress [preauth]
May  8 03:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Failed password for invalid user wordpress from 196.251.84.225 port 44166 ssh2
May  8 03:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10643]: Connection closed by 196.251.84.225 port 44166 [preauth]
May  8 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10741]: pam_unix(cron:session): session closed for user p13x
May  8 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10809]: Successful su for rubyman by root
May  8 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10809]: + ??? root:rubyman
May  8 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350632 of user rubyman.
May  8 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10809]: pam_unix(su:session): session closed for user rubyman
May  8 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350632.
May  8 03:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7831]: pam_unix(cron:session): session closed for user root
May  8 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10743]: pam_unix(cron:session): session closed for user samftp
May  8 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Failed password for root from 196.251.84.225 port 46320 ssh2
May  8 03:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10961]: Connection closed by 196.251.84.225 port 46320 [preauth]
May  8 03:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 03:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Failed password for root from 80.94.95.125 port 62074 ssh2
May  8 03:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 62074 ssh2]
May  8 03:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9754]: pam_unix(cron:session): session closed for user root
May  8 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: Invalid user dolphinscheduler from 196.251.84.225
May  8 03:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Failed password for root from 80.94.95.125 port 62074 ssh2
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Received disconnect from 80.94.95.125 port 62074:11: Bye [preauth]
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: Disconnected from 80.94.95.125 port 62074 [preauth]
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11018]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 50050 ssh2
May  8 03:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11050]: Connection closed by 196.251.84.225 port 50050 [preauth]
May  8 03:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  8 03:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Failed password for root from 80.94.95.116 port 39800 ssh2
May  8 03:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11121]: Connection closed by 80.94.95.116 port 39800 [preauth]
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11143]: pam_unix(cron:session): session closed for user p13x
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: Successful su for rubyman by root
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: + ??? root:rubyman
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350636 of user rubyman.
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11208]: pam_unix(su:session): session closed for user rubyman
May  8 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350636.
May  8 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Invalid user steam from 196.251.84.225
May  8 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: input_userauth_request: invalid user steam [preauth]
May  8 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Failed password for invalid user steam from 196.251.84.225 port 39442 ssh2
May  8 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Connection closed by 196.251.84.225 port 39442 [preauth]
May  8 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user root
May  8 03:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11144]: pam_unix(cron:session): session closed for user samftp
May  8 03:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Connection reset by 205.210.31.237 port 59572 [preauth]
May  8 03:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Invalid user chenqi from 46.244.96.25
May  8 03:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: input_userauth_request: invalid user chenqi [preauth]
May  8 03:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  8 03:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Failed password for invalid user chenqi from 46.244.96.25 port 36352 ssh2
May  8 03:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11438]: Connection closed by 46.244.96.25 port 36352 [preauth]
May  8 03:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: Invalid user adam from 43.156.17.35
May  8 03:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: input_userauth_request: invalid user adam [preauth]
May  8 03:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 03:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: Failed password for invalid user adam from 43.156.17.35 port 36000 ssh2
May  8 03:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: Received disconnect from 43.156.17.35 port 36000:11: Bye Bye [preauth]
May  8 03:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11448]: Disconnected from 43.156.17.35 port 36000 [preauth]
May  8 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Invalid user wordpress from 196.251.84.225
May  8 03:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: input_userauth_request: invalid user wordpress [preauth]
May  8 03:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10165]: pam_unix(cron:session): session closed for user root
May  8 03:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Failed password for invalid user wordpress from 196.251.84.225 port 48638 ssh2
May  8 03:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11451]: Connection closed by 196.251.84.225 port 48638 [preauth]
May  8 03:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: Invalid user nagios from 196.251.84.225
May  8 03:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: input_userauth_request: invalid user nagios [preauth]
May  8 03:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: Failed password for invalid user nagios from 196.251.84.225 port 44700 ssh2
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11562]: pam_unix(cron:session): session closed for user root
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: Connection closed by 196.251.84.225 port 44700 [preauth]
May  8 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11551]: pam_unix(cron:session): session closed for user p13x
May  8 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11622]: Successful su for rubyman by root
May  8 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11622]: + ??? root:rubyman
May  8 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350640 of user rubyman.
May  8 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11622]: pam_unix(su:session): session closed for user rubyman
May  8 03:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350640.
May  8 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11555]: pam_unix(cron:session): session closed for user root
May  8 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8689]: pam_unix(cron:session): session closed for user root
May  8 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11554]: pam_unix(cron:session): session closed for user samftp
May  8 03:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11868]: Did not receive identification string from 193.32.162.130
May  8 03:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: Failed password for root from 196.251.84.225 port 51854 ssh2
May  8 03:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11891]: Connection closed by 196.251.84.225 port 51854 [preauth]
May  8 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10745]: pam_unix(cron:session): session closed for user root
May  8 03:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Invalid user ubuntu from 14.103.173.90
May  8 03:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: input_userauth_request: invalid user ubuntu [preauth]
May  8 03:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Failed password for invalid user ubuntu from 14.103.173.90 port 35268 ssh2
May  8 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Received disconnect from 14.103.173.90 port 35268:11: Bye Bye [preauth]
May  8 03:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11960]: Disconnected from 14.103.173.90 port 35268 [preauth]
May  8 03:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: Invalid user oracle from 196.251.84.225
May  8 03:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: input_userauth_request: invalid user oracle [preauth]
May  8 03:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: Invalid user ftp_user from 68.183.90.203
May  8 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: input_userauth_request: invalid user ftp_user [preauth]
May  8 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 03:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: Failed password for invalid user oracle from 196.251.84.225 port 49278 ssh2
May  8 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11983]: pam_unix(cron:session): session closed for user p13x
May  8 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11970]: Connection closed by 196.251.84.225 port 49278 [preauth]
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12046]: Successful su for rubyman by root
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12046]: + ??? root:rubyman
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350646 of user rubyman.
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12046]: pam_unix(su:session): session closed for user rubyman
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350646.
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: Failed password for invalid user ftp_user from 68.183.90.203 port 58600 ssh2
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: Received disconnect from 68.183.90.203 port 58600:11: Bye Bye [preauth]
May  8 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11980]: Disconnected from 68.183.90.203 port 58600 [preauth]
May  8 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9208]: pam_unix(cron:session): session closed for user root
May  8 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11984]: pam_unix(cron:session): session closed for user samftp
May  8 03:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: Invalid user postgres from 196.251.84.225
May  8 03:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: input_userauth_request: invalid user postgres [preauth]
May  8 03:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: Failed password for invalid user postgres from 196.251.84.225 port 58502 ssh2
May  8 03:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12292]: Connection closed by 196.251.84.225 port 58502 [preauth]
May  8 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11146]: pam_unix(cron:session): session closed for user root
May  8 03:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Invalid user solana from 196.251.84.225
May  8 03:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: input_userauth_request: invalid user solana [preauth]
May  8 03:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12395]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12394]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12394]: pam_unix(cron:session): session closed for user p13x
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12453]: Successful su for rubyman by root
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12453]: + ??? root:rubyman
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350650 of user rubyman.
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12453]: pam_unix(su:session): session closed for user rubyman
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350650.
May  8 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Failed password for invalid user solana from 196.251.84.225 port 40866 ssh2
May  8 03:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12383]: Connection closed by 196.251.84.225 port 40866 [preauth]
May  8 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9752]: pam_unix(cron:session): session closed for user root
May  8 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12395]: pam_unix(cron:session): session closed for user samftp
May  8 03:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: Invalid user user1 from 196.251.84.225
May  8 03:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: input_userauth_request: invalid user user1 [preauth]
May  8 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: Failed password for invalid user user1 from 196.251.84.225 port 39530 ssh2
May  8 03:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12669]: Connection closed by 196.251.84.225 port 39530 [preauth]
May  8 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11561]: pam_unix(cron:session): session closed for user root
May  8 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Invalid user usr from 186.233.208.13
May  8 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: input_userauth_request: invalid user usr [preauth]
May  8 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Failed password for invalid user usr from 186.233.208.13 port 41190 ssh2
May  8 03:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Received disconnect from 186.233.208.13 port 41190:11: Bye Bye [preauth]
May  8 03:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12732]: Disconnected from 186.233.208.13 port 41190 [preauth]
May  8 03:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Failed password for root from 196.251.84.225 port 41196 ssh2
May  8 03:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12771]: Connection closed by 196.251.84.225 port 41196 [preauth]
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12791]: pam_unix(cron:session): session closed for user p13x
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12852]: Successful su for rubyman by root
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12852]: + ??? root:rubyman
May  8 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350654 of user rubyman.
May  8 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12852]: pam_unix(su:session): session closed for user rubyman
May  8 03:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350654.
May  8 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10164]: pam_unix(cron:session): session closed for user root
May  8 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12792]: pam_unix(cron:session): session closed for user samftp
May  8 03:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Invalid user stefan from 110.164.228.242
May  8 03:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: input_userauth_request: invalid user stefan [preauth]
May  8 03:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Failed password for invalid user stefan from 110.164.228.242 port 58168 ssh2
May  8 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Received disconnect from 110.164.228.242 port 58168:11: Bye Bye [preauth]
May  8 03:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13034]: Disconnected from 110.164.228.242 port 58168 [preauth]
May  8 03:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Invalid user palworld from 196.251.84.225
May  8 03:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: input_userauth_request: invalid user palworld [preauth]
May  8 03:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Failed password for invalid user palworld from 196.251.84.225 port 52774 ssh2
May  8 03:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13073]: Connection closed by 196.251.84.225 port 52774 [preauth]
May  8 03:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11986]: pam_unix(cron:session): session closed for user root
May  8 03:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: Failed password for root from 196.251.84.225 port 51018 ssh2
May  8 03:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13161]: Connection closed by 196.251.84.225 port 51018 [preauth]
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13191]: pam_unix(cron:session): session closed for user p13x
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13316]: Successful su for rubyman by root
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13316]: + ??? root:rubyman
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350658 of user rubyman.
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13316]: pam_unix(su:session): session closed for user rubyman
May  8 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350658.
May  8 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13189]: pam_unix(cron:session): session closed for user root
May  8 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10744]: pam_unix(cron:session): session closed for user root
May  8 03:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13192]: pam_unix(cron:session): session closed for user samftp
May  8 03:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: Invalid user user1 from 196.251.84.225
May  8 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: input_userauth_request: invalid user user1 [preauth]
May  8 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: Failed password for invalid user user1 from 196.251.84.225 port 53232 ssh2
May  8 03:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: Connection closed by 196.251.84.225 port 53232 [preauth]
May  8 03:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12397]: pam_unix(cron:session): session closed for user root
May  8 03:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Invalid user dolphinscheduler from 196.251.84.225
May  8 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 35842 ssh2
May  8 03:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13762]: Connection closed by 196.251.84.225 port 35842 [preauth]
May  8 03:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Invalid user aaaa from 43.156.17.35
May  8 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: input_userauth_request: invalid user aaaa [preauth]
May  8 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Failed password for invalid user aaaa from 43.156.17.35 port 53208 ssh2
May  8 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Received disconnect from 43.156.17.35 port 53208:11: Bye Bye [preauth]
May  8 03:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13773]: Disconnected from 43.156.17.35 port 53208 [preauth]
May  8 03:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Invalid user software from 14.103.173.90
May  8 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: input_userauth_request: invalid user software [preauth]
May  8 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session closed for user root
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13796]: pam_unix(cron:session): session closed for user p13x
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13863]: Successful su for rubyman by root
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13863]: + ??? root:rubyman
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13863]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350663 of user rubyman.
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13863]: pam_unix(su:session): session closed for user rubyman
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350663.
May  8 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Failed password for invalid user software from 14.103.173.90 port 41674 ssh2
May  8 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Received disconnect from 14.103.173.90 port 41674:11: Bye Bye [preauth]
May  8 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13793]: Disconnected from 14.103.173.90 port 41674 [preauth]
May  8 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11145]: pam_unix(cron:session): session closed for user root
May  8 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session closed for user root
May  8 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user samftp
May  8 03:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: Invalid user dolphin from 196.251.84.225
May  8 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: input_userauth_request: invalid user dolphin [preauth]
May  8 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: Failed password for invalid user dolphin from 196.251.84.225 port 39190 ssh2
May  8 03:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14106]: Connection closed by 196.251.84.225 port 39190 [preauth]
May  8 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12794]: pam_unix(cron:session): session closed for user root
May  8 03:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Invalid user nagios from 196.251.84.225
May  8 03:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: input_userauth_request: invalid user nagios [preauth]
May  8 03:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Failed password for invalid user nagios from 196.251.84.225 port 38406 ssh2
May  8 03:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14196]: Connection closed by 196.251.84.225 port 38406 [preauth]
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session closed for user p13x
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Invalid user best from 68.183.90.203
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: input_userauth_request: invalid user best [preauth]
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14298]: Successful su for rubyman by root
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14298]: + ??? root:rubyman
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350669 of user rubyman.
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14298]: pam_unix(su:session): session closed for user rubyman
May  8 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350669.
May  8 03:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Failed password for invalid user best from 68.183.90.203 port 45222 ssh2
May  8 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Received disconnect from 68.183.90.203 port 45222:11: Bye Bye [preauth]
May  8 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14225]: Disconnected from 68.183.90.203 port 45222 [preauth]
May  8 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11560]: pam_unix(cron:session): session closed for user root
May  8 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14229]: pam_unix(cron:session): session closed for user samftp
May  8 03:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 03:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Invalid user ftpuser from 196.251.84.225
May  8 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: input_userauth_request: invalid user ftpuser [preauth]
May  8 03:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: Failed password for root from 218.92.0.204 port 2952 ssh2
May  8 03:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: Failed password for root from 218.92.0.204 port 2952 ssh2
May  8 03:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Failed password for invalid user ftpuser from 196.251.84.225 port 49130 ssh2
May  8 03:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Connection closed by 196.251.84.225 port 49130 [preauth]
May  8 03:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: Failed password for root from 218.92.0.204 port 2952 ssh2
May  8 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 2952 ssh2]
May  8 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 2952 ssh2 [preauth]
May  8 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: Disconnecting: Too many authentication failures [preauth]
May  8 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 03:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14490]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13194]: pam_unix(cron:session): session closed for user root
May  8 03:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Invalid user gmodserver from 196.251.84.225
May  8 03:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: input_userauth_request: invalid user gmodserver [preauth]
May  8 03:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Failed password for invalid user gmodserver from 196.251.84.225 port 40616 ssh2
May  8 03:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14628]: Connection closed by 196.251.84.225 port 40616 [preauth]
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session closed for user p13x
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: Successful su for rubyman by root
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: + ??? root:rubyman
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350672 of user rubyman.
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14719]: pam_unix(su:session): session closed for user rubyman
May  8 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350672.
May  8 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11985]: pam_unix(cron:session): session closed for user root
May  8 03:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14659]: pam_unix(cron:session): session closed for user samftp
May  8 03:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: input_userauth_request: invalid user sys [preauth]
May  8 03:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  8 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: Failed password for invalid user sys from 196.251.84.225 port 46840 ssh2
May  8 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14907]: Connection closed by 196.251.84.225 port 46840 [preauth]
May  8 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user root
May  8 03:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Invalid user dolphin from 196.251.84.225
May  8 03:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: input_userauth_request: invalid user dolphin [preauth]
May  8 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Failed password for invalid user dolphin from 196.251.84.225 port 38250 ssh2
May  8 03:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Connection closed by 196.251.84.225 port 38250 [preauth]
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15064]: pam_unix(cron:session): session closed for user p13x
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15125]: Successful su for rubyman by root
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15125]: + ??? root:rubyman
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350678 of user rubyman.
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15125]: pam_unix(su:session): session closed for user rubyman
May  8 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350678.
May  8 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12396]: pam_unix(cron:session): session closed for user root
May  8 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15065]: pam_unix(cron:session): session closed for user samftp
May  8 03:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Invalid user cdn from 186.233.208.13
May  8 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: input_userauth_request: invalid user cdn [preauth]
May  8 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Failed password for invalid user cdn from 186.233.208.13 port 44542 ssh2
May  8 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Received disconnect from 186.233.208.13 port 44542:11: Bye Bye [preauth]
May  8 03:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15308]: Disconnected from 186.233.208.13 port 44542 [preauth]
May  8 03:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Invalid user omm from 164.68.105.9
May  8 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: input_userauth_request: invalid user omm [preauth]
May  8 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Failed password for root from 196.251.84.225 port 37952 ssh2
May  8 03:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Connection closed by 196.251.84.225 port 37952 [preauth]
May  8 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Failed password for invalid user omm from 164.68.105.9 port 34994 ssh2
May  8 03:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15336]: Connection closed by 164.68.105.9 port 34994 [preauth]
May  8 03:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Invalid user matrix from 80.94.95.115
May  8 03:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: input_userauth_request: invalid user matrix [preauth]
May  8 03:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Failed password for invalid user matrix from 80.94.95.115 port 20284 ssh2
May  8 03:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15376]: Connection closed by 80.94.95.115 port 20284 [preauth]
May  8 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14231]: pam_unix(cron:session): session closed for user root
May  8 03:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Invalid user admin from 196.251.84.225
May  8 03:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: input_userauth_request: invalid user admin [preauth]
May  8 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Failed password for root from 110.164.228.242 port 46488 ssh2
May  8 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Received disconnect from 110.164.228.242 port 46488:11: Bye Bye [preauth]
May  8 03:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15415]: Disconnected from 110.164.228.242 port 46488 [preauth]
May  8 03:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Failed password for invalid user admin from 196.251.84.225 port 44826 ssh2
May  8 03:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15417]: Connection closed by 196.251.84.225 port 44826 [preauth]
May  8 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session closed for user p13x
May  8 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: Successful su for rubyman by root
May  8 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: + ??? root:rubyman
May  8 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350681 of user rubyman.
May  8 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15529]: pam_unix(su:session): session closed for user rubyman
May  8 03:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350681.
May  8 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Invalid user shubham from 14.103.173.90
May  8 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: input_userauth_request: invalid user shubham [preauth]
May  8 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12793]: pam_unix(cron:session): session closed for user root
May  8 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Failed password for invalid user shubham from 14.103.173.90 port 55278 ssh2
May  8 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Received disconnect from 14.103.173.90 port 55278:11: Bye Bye [preauth]
May  8 03:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15589]: Disconnected from 14.103.173.90 port 55278 [preauth]
May  8 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session closed for user samftp
May  8 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: Invalid user node from 196.251.84.225
May  8 03:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: input_userauth_request: invalid user node [preauth]
May  8 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: Failed password for invalid user node from 196.251.84.225 port 41654 ssh2
May  8 03:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15713]: Connection closed by 196.251.84.225 port 41654 [preauth]
May  8 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14662]: pam_unix(cron:session): session closed for user root
May  8 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Invalid user uftp from 196.251.84.225
May  8 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: input_userauth_request: invalid user uftp [preauth]
May  8 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Failed password for invalid user uftp from 196.251.84.225 port 49566 ssh2
May  8 03:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15814]: Connection closed by 196.251.84.225 port 49566 [preauth]
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15870]: pam_unix(cron:session): session closed for user root
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15865]: pam_unix(cron:session): session closed for user p13x
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: Successful su for rubyman by root
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: + ??? root:rubyman
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350686 of user rubyman.
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15938]: pam_unix(su:session): session closed for user rubyman
May  8 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350686.
May  8 03:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session closed for user root
May  8 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13193]: pam_unix(cron:session): session closed for user root
May  8 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Invalid user ubuntu from 196.251.84.225
May  8 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: input_userauth_request: invalid user ubuntu [preauth]
May  8 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Failed password for invalid user ubuntu from 196.251.84.225 port 34384 ssh2
May  8 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16031]: Connection closed by 196.251.84.225 port 34384 [preauth]
May  8 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15866]: pam_unix(cron:session): session closed for user samftp
May  8 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: Failed password for root from 43.156.17.35 port 41244 ssh2
May  8 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: Received disconnect from 43.156.17.35 port 41244:11: Bye Bye [preauth]
May  8 03:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16145]: Disconnected from 43.156.17.35 port 41244 [preauth]
May  8 03:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Invalid user bot from 196.251.84.225
May  8 03:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: input_userauth_request: invalid user bot [preauth]
May  8 03:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Failed password for invalid user bot from 196.251.84.225 port 48482 ssh2
May  8 03:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16201]: Connection closed by 196.251.84.225 port 48482 [preauth]
May  8 03:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15067]: pam_unix(cron:session): session closed for user root
May  8 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16278]: Did not receive identification string from 64.23.184.246
May  8 03:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Invalid user developer from 196.251.84.225
May  8 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: input_userauth_request: invalid user developer [preauth]
May  8 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Failed password for invalid user developer from 196.251.84.225 port 51242 ssh2
May  8 03:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16282]: Connection closed by 196.251.84.225 port 51242 [preauth]
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16292]: pam_unix(cron:session): session closed for user p13x
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16356]: Successful su for rubyman by root
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16356]: + ??? root:rubyman
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350691 of user rubyman.
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16356]: pam_unix(su:session): session closed for user rubyman
May  8 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350691.
May  8 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user root
May  8 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16293]: pam_unix(cron:session): session closed for user samftp
May  8 03:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Invalid user paulo from 68.183.90.203
May  8 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: input_userauth_request: invalid user paulo [preauth]
May  8 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Failed password for invalid user paulo from 68.183.90.203 port 35208 ssh2
May  8 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Received disconnect from 68.183.90.203 port 35208:11: Bye Bye [preauth]
May  8 03:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16579]: Disconnected from 68.183.90.203 port 35208 [preauth]
May  8 03:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Invalid user oscar from 196.251.84.225
May  8 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: input_userauth_request: invalid user oscar [preauth]
May  8 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Failed password for invalid user oscar from 196.251.84.225 port 53670 ssh2
May  8 03:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16652]: Connection closed by 196.251.84.225 port 53670 [preauth]
May  8 03:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15470]: pam_unix(cron:session): session closed for user root
May  8 03:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Invalid user latitude from 196.251.84.225
May  8 03:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: input_userauth_request: invalid user latitude [preauth]
May  8 03:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Failed password for invalid user latitude from 196.251.84.225 port 55246 ssh2
May  8 03:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16731]: Connection closed by 196.251.84.225 port 55246 [preauth]
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16751]: pam_unix(cron:session): session closed for user root
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16753]: pam_unix(cron:session): session closed for user p13x
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16816]: Successful su for rubyman by root
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16816]: + ??? root:rubyman
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16816]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350694 of user rubyman.
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16816]: pam_unix(su:session): session closed for user rubyman
May  8 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350694.
May  8 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14230]: pam_unix(cron:session): session closed for user root
May  8 03:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16754]: pam_unix(cron:session): session closed for user samftp
May  8 03:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Invalid user palworld from 196.251.84.225
May  8 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: input_userauth_request: invalid user palworld [preauth]
May  8 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Failed password for invalid user palworld from 196.251.84.225 port 34798 ssh2
May  8 03:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17061]: Connection closed by 196.251.84.225 port 34798 [preauth]
May  8 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15869]: pam_unix(cron:session): session closed for user root
May  8 03:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: Invalid user ethnode from 196.251.84.225
May  8 03:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: input_userauth_request: invalid user ethnode [preauth]
May  8 03:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: Failed password for invalid user ethnode from 196.251.84.225 port 47374 ssh2
May  8 03:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17154]: Connection closed by 196.251.84.225 port 47374 [preauth]
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17182]: pam_unix(cron:session): session closed for user p13x
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17245]: Successful su for rubyman by root
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17245]: + ??? root:rubyman
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350699 of user rubyman.
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17245]: pam_unix(su:session): session closed for user rubyman
May  8 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350699.
May  8 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14660]: pam_unix(cron:session): session closed for user root
May  8 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17183]: pam_unix(cron:session): session closed for user samftp
May  8 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Invalid user prova from 14.103.173.90
May  8 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: input_userauth_request: invalid user prova [preauth]
May  8 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for invalid user prova from 14.103.173.90 port 60842 ssh2
May  8 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Received disconnect from 14.103.173.90 port 60842:11: Bye Bye [preauth]
May  8 03:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Disconnected from 14.103.173.90 port 60842 [preauth]
May  8 03:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Failed password for root from 196.251.84.225 port 38764 ssh2
May  8 03:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17466]: Connection closed by 196.251.84.225 port 38764 [preauth]
May  8 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16295]: pam_unix(cron:session): session closed for user root
May  8 03:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: Invalid user hadoop from 196.251.84.225
May  8 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: input_userauth_request: invalid user hadoop [preauth]
May  8 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: Failed password for invalid user hadoop from 196.251.84.225 port 59732 ssh2
May  8 03:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17571]: Connection closed by 196.251.84.225 port 59732 [preauth]
May  8 03:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Invalid user dev from 186.233.208.13
May  8 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: input_userauth_request: invalid user dev [preauth]
May  8 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Failed password for invalid user dev from 186.233.208.13 port 43186 ssh2
May  8 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Received disconnect from 186.233.208.13 port 43186:11: Bye Bye [preauth]
May  8 03:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17582]: Disconnected from 186.233.208.13 port 43186 [preauth]
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17604]: pam_unix(cron:session): session closed for user p13x
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17677]: Successful su for rubyman by root
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17677]: + ??? root:rubyman
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17677]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350705 of user rubyman.
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17677]: pam_unix(su:session): session closed for user rubyman
May  8 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350705.
May  8 03:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15066]: pam_unix(cron:session): session closed for user root
May  8 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17605]: pam_unix(cron:session): session closed for user samftp
May  8 03:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Invalid user admin from 196.251.84.225
May  8 03:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: input_userauth_request: invalid user admin [preauth]
May  8 03:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Failed password for invalid user admin from 196.251.84.225 port 48380 ssh2
May  8 03:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17974]: Connection closed by 196.251.84.225 port 48380 [preauth]
May  8 03:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Invalid user roo from 110.164.228.242
May  8 03:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: input_userauth_request: invalid user roo [preauth]
May  8 03:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Failed password for invalid user roo from 110.164.228.242 port 47558 ssh2
May  8 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Received disconnect from 110.164.228.242 port 47558:11: Bye Bye [preauth]
May  8 03:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18000]: Disconnected from 110.164.228.242 port 47558 [preauth]
May  8 03:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Invalid user admin from 80.94.95.112
May  8 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: input_userauth_request: invalid user admin [preauth]
May  8 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Failed password for invalid user admin from 80.94.95.112 port 55796 ssh2
May  8 03:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Failed password for invalid user admin from 80.94.95.112 port 55796 ssh2
May  8 03:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16756]: pam_unix(cron:session): session closed for user root
May  8 03:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Failed password for invalid user admin from 80.94.95.112 port 55796 ssh2
May  8 03:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Failed password for invalid user admin from 80.94.95.112 port 55796 ssh2
May  8 03:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Failed password for invalid user admin from 80.94.95.112 port 55796 ssh2
May  8 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Received disconnect from 80.94.95.112 port 55796:11: Bye [preauth]
May  8 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: Disconnected from 80.94.95.112 port 55796 [preauth]
May  8 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 03:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18036]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Invalid user hadoop from 196.251.84.225
May  8 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: input_userauth_request: invalid user hadoop [preauth]
May  8 03:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Failed password for invalid user hadoop from 196.251.84.225 port 57406 ssh2
May  8 03:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18087]: Connection closed by 196.251.84.225 port 57406 [preauth]
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18149]: pam_unix(cron:session): session closed for user root
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session closed for user p13x
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: Successful su for rubyman by root
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: + ??? root:rubyman
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350709 of user rubyman.
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: pam_unix(su:session): session closed for user rubyman
May  8 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350709.
May  8 03:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session closed for user root
May  8 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15469]: pam_unix(cron:session): session closed for user root
May  8 03:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session closed for user samftp
May  8 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Invalid user goeth from 196.251.84.225
May  8 03:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: input_userauth_request: invalid user goeth [preauth]
May  8 03:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Failed password for invalid user goeth from 196.251.84.225 port 59360 ssh2
May  8 03:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: Connection closed by 196.251.84.225 port 59360 [preauth]
May  8 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17185]: pam_unix(cron:session): session closed for user root
May  8 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: Invalid user samba from 196.251.84.225
May  8 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: input_userauth_request: invalid user samba [preauth]
May  8 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: Failed password for invalid user samba from 196.251.84.225 port 38530 ssh2
May  8 03:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Invalid user adriana from 43.156.17.35
May  8 03:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: input_userauth_request: invalid user adriana [preauth]
May  8 03:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 03:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18526]: Connection closed by 196.251.84.225 port 38530 [preauth]
May  8 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Failed password for invalid user adriana from 43.156.17.35 port 47536 ssh2
May  8 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Received disconnect from 43.156.17.35 port 47536:11: Bye Bye [preauth]
May  8 03:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18536]: Disconnected from 43.156.17.35 port 47536 [preauth]
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18587]: pam_unix(cron:session): session closed for user p13x
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18653]: Successful su for rubyman by root
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18653]: + ??? root:rubyman
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350714 of user rubyman.
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18653]: pam_unix(su:session): session closed for user rubyman
May  8 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350714.
May  8 03:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15868]: pam_unix(cron:session): session closed for user root
May  8 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18588]: pam_unix(cron:session): session closed for user samftp
May  8 03:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: Invalid user admin from 196.251.84.225
May  8 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: input_userauth_request: invalid user admin [preauth]
May  8 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: Failed password for invalid user admin from 196.251.84.225 port 44770 ssh2
May  8 03:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18848]: Connection closed by 196.251.84.225 port 44770 [preauth]
May  8 03:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Invalid user printer from 68.183.90.203
May  8 03:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: input_userauth_request: invalid user printer [preauth]
May  8 03:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 03:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Failed password for invalid user printer from 68.183.90.203 port 47362 ssh2
May  8 03:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Received disconnect from 68.183.90.203 port 47362:11: Bye Bye [preauth]
May  8 03:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18890]: Disconnected from 68.183.90.203 port 47362 [preauth]
May  8 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session closed for user root
May  8 03:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Invalid user blockchain from 196.251.84.225
May  8 03:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: input_userauth_request: invalid user blockchain [preauth]
May  8 03:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Failed password for invalid user blockchain from 196.251.84.225 port 57912 ssh2
May  8 03:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18944]: Connection closed by 196.251.84.225 port 57912 [preauth]
May  8 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19000]: pam_unix(cron:session): session closed for user p13x
May  8 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: Successful su for rubyman by root
May  8 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: + ??? root:rubyman
May  8 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350719 of user rubyman.
May  8 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19067]: pam_unix(su:session): session closed for user rubyman
May  8 03:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350719.
May  8 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16294]: pam_unix(cron:session): session closed for user root
May  8 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19001]: pam_unix(cron:session): session closed for user samftp
May  8 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Invalid user amanda from 196.251.84.225
May  8 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: input_userauth_request: invalid user amanda [preauth]
May  8 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Failed password for invalid user amanda from 196.251.84.225 port 49058 ssh2
May  8 03:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Connection closed by 196.251.84.225 port 49058 [preauth]
May  8 03:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90  user=root
May  8 03:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session closed for user root
May  8 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Failed password for root from 14.103.173.90 port 46268 ssh2
May  8 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Received disconnect from 14.103.173.90 port 46268:11: Bye Bye [preauth]
May  8 03:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19335]: Disconnected from 14.103.173.90 port 46268 [preauth]
May  8 03:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Failed password for root from 196.251.84.225 port 59686 ssh2
May  8 03:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19337]: Connection closed by 196.251.84.225 port 59686 [preauth]
May  8 03:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19424]: pam_unix(cron:session): session closed for user p13x
May  8 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: Successful su for rubyman by root
May  8 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: + ??? root:rubyman
May  8 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350721 of user rubyman.
May  8 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19488]: pam_unix(su:session): session closed for user rubyman
May  8 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350721.
May  8 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: Invalid user steam from 196.251.84.225
May  8 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: input_userauth_request: invalid user steam [preauth]
May  8 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16755]: pam_unix(cron:session): session closed for user root
May  8 03:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: Failed password for invalid user steam from 196.251.84.225 port 50074 ssh2
May  8 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19414]: Connection closed by 196.251.84.225 port 50074 [preauth]
May  8 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19425]: pam_unix(cron:session): session closed for user samftp
May  8 03:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Invalid user samba from 196.251.84.225
May  8 03:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: input_userauth_request: invalid user samba [preauth]
May  8 03:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Failed password for invalid user samba from 196.251.84.225 port 57722 ssh2
May  8 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18590]: pam_unix(cron:session): session closed for user root
May  8 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19755]: Connection closed by 196.251.84.225 port 57722 [preauth]
May  8 03:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Invalid user ftpuser from 196.251.84.225
May  8 03:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: input_userauth_request: invalid user ftpuser [preauth]
May  8 03:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19847]: pam_unix(cron:session): session closed for user p13x
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19907]: Successful su for rubyman by root
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19907]: + ??? root:rubyman
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350725 of user rubyman.
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19907]: pam_unix(su:session): session closed for user rubyman
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350725.
May  8 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Failed password for invalid user ftpuser from 196.251.84.225 port 58872 ssh2
May  8 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Connection closed by 196.251.84.225 port 58872 [preauth]
May  8 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17184]: pam_unix(cron:session): session closed for user root
May  8 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19848]: pam_unix(cron:session): session closed for user samftp
May  8 03:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: input_userauth_request: invalid user uucp [preauth]
May  8 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  8 03:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: Invalid user antonio from 186.233.208.13
May  8 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: input_userauth_request: invalid user antonio [preauth]
May  8 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: Failed password for invalid user uucp from 196.251.84.225 port 41908 ssh2
May  8 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: Failed password for invalid user antonio from 186.233.208.13 port 43368 ssh2
May  8 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: Received disconnect from 186.233.208.13 port 43368:11: Bye Bye [preauth]
May  8 03:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20163]: Disconnected from 186.233.208.13 port 43368 [preauth]
May  8 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19003]: pam_unix(cron:session): session closed for user root
May  8 03:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: Connection closed by 196.251.84.225 port 41908 [preauth]
May  8 03:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: Failed password for root from 110.164.228.242 port 60100 ssh2
May  8 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: Received disconnect from 110.164.228.242 port 60100:11: Bye Bye [preauth]
May  8 03:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20208]: Disconnected from 110.164.228.242 port 60100 [preauth]
May  8 03:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Invalid user default from 85.208.84.4
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: input_userauth_request: invalid user default [preauth]
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: input_userauth_request: invalid user www-data [preauth]
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 03:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  8 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Failed password for invalid user default from 85.208.84.4 port 58926 ssh2
May  8 03:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20239]: Connection closed by 85.208.84.4 port 58926 [preauth]
May  8 03:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Failed password for invalid user www-data from 196.251.84.225 port 36608 ssh2
May  8 03:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20241]: Connection closed by 196.251.84.225 port 36608 [preauth]
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session closed for user root
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20262]: pam_unix(cron:session): session closed for user p13x
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20328]: Successful su for rubyman by root
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20328]: + ??? root:rubyman
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350731 of user rubyman.
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20328]: pam_unix(su:session): session closed for user rubyman
May  8 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350731.
May  8 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session closed for user root
May  8 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17606]: pam_unix(cron:session): session closed for user root
May  8 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20263]: pam_unix(cron:session): session closed for user samftp
May  8 03:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Invalid user amp from 196.251.84.225
May  8 03:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: input_userauth_request: invalid user amp [preauth]
May  8 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Failed password for invalid user amp from 196.251.84.225 port 33824 ssh2
May  8 03:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20581]: Connection closed by 196.251.84.225 port 33824 [preauth]
May  8 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user root
May  8 03:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Invalid user oscar from 196.251.84.225
May  8 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: input_userauth_request: invalid user oscar [preauth]
May  8 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Failed password for invalid user oscar from 196.251.84.225 port 42846 ssh2
May  8 03:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20677]: Connection closed by 196.251.84.225 port 42846 [preauth]
May  8 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user p13x
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20767]: Successful su for rubyman by root
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20767]: + ??? root:rubyman
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20767]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350736 of user rubyman.
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20767]: pam_unix(su:session): session closed for user rubyman
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350736.
May  8 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 03:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session closed for user root
May  8 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Failed password for root from 43.156.17.35 port 55686 ssh2
May  8 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Received disconnect from 43.156.17.35 port 55686:11: Bye Bye [preauth]
May  8 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20803]: Disconnected from 43.156.17.35 port 55686 [preauth]
May  8 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user samftp
May  8 03:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 03:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for root from 218.92.0.207 port 58930 ssh2
May  8 03:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Invalid user dino from 68.183.90.203
May  8 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: input_userauth_request: invalid user dino [preauth]
May  8 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.90.203
May  8 03:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for root from 218.92.0.207 port 58930 ssh2
May  8 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Failed password for invalid user dino from 68.183.90.203 port 38732 ssh2
May  8 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Received disconnect from 68.183.90.203 port 38732:11: Bye Bye [preauth]
May  8 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21007]: Disconnected from 68.183.90.203 port 38732 [preauth]
May  8 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Invalid user amandabackup from 196.251.84.225
May  8 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: input_userauth_request: invalid user amandabackup [preauth]
May  8 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for root from 218.92.0.207 port 58930 ssh2
May  8 03:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Failed password for invalid user amandabackup from 196.251.84.225 port 35986 ssh2
May  8 03:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Connection closed by 196.251.84.225 port 35986 [preauth]
May  8 03:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for root from 218.92.0.207 port 58930 ssh2
May  8 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for root from 218.92.0.207 port 58930 ssh2
May  8 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 58930 ssh2 [preauth]
May  8 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Disconnecting: Too many authentication failures [preauth]
May  8 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 03:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19851]: pam_unix(cron:session): session closed for user root
May  8 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 03:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Failed password for root from 218.92.0.207 port 26666 ssh2
May  8 03:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 26666 ssh2]
May  8 03:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Failed password for root from 218.92.0.207 port 26666 ssh2
May  8 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: User mysql from 14.103.173.90 not allowed because not listed in AllowUsers
May  8 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: input_userauth_request: invalid user mysql [preauth]
May  8 03:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90  user=mysql
May  8 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Failed password for invalid user mysql from 14.103.173.90 port 41266 ssh2
May  8 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Received disconnect from 14.103.173.90 port 41266:11: Bye Bye [preauth]
May  8 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21106]: Disconnected from 14.103.173.90 port 41266 [preauth]
May  8 03:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Failed password for root from 218.92.0.207 port 26666 ssh2
May  8 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 26666 ssh2 [preauth]
May  8 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: Disconnecting: Too many authentication failures [preauth]
May  8 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21062]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Invalid user ec2-user from 196.251.84.225
May  8 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: input_userauth_request: invalid user ec2-user [preauth]
May  8 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Failed password for invalid user ec2-user from 196.251.84.225 port 59316 ssh2
May  8 03:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21108]: Connection closed by 196.251.84.225 port 59316 [preauth]
May  8 03:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21121]: Failed password for root from 218.92.0.207 port 33940 ssh2
May  8 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21121]: Received disconnect from 218.92.0.207 port 33940:11:  [preauth]
May  8 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21121]: Disconnected from 218.92.0.207 port 33940 [preauth]
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21132]: pam_unix(cron:session): session closed for user p13x
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21205]: Successful su for rubyman by root
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21205]: + ??? root:rubyman
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350741 of user rubyman.
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21205]: pam_unix(su:session): session closed for user rubyman
May  8 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350741.
May  8 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18589]: pam_unix(cron:session): session closed for user root
May  8 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21133]: pam_unix(cron:session): session closed for user samftp
May  8 03:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: User mysql from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: input_userauth_request: invalid user mysql [preauth]
May  8 03:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=mysql
May  8 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Failed password for invalid user mysql from 196.251.84.225 port 42400 ssh2
May  8 03:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Connection closed by 196.251.84.225 port 42400 [preauth]
May  8 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session closed for user root
May  8 03:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: input_userauth_request: invalid user uucp [preauth]
May  8 03:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  8 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Failed password for invalid user uucp from 196.251.84.225 port 44316 ssh2
May  8 03:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21560]: Connection closed by 196.251.84.225 port 44316 [preauth]
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session closed for user p13x
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21662]: Successful su for rubyman by root
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21662]: + ??? root:rubyman
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21662]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350744 of user rubyman.
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21662]: pam_unix(su:session): session closed for user rubyman
May  8 03:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350744.
May  8 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19002]: pam_unix(cron:session): session closed for user root
May  8 03:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session closed for user samftp
May  8 03:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Invalid user tom from 196.251.84.225
May  8 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: input_userauth_request: invalid user tom [preauth]
May  8 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Failed password for invalid user tom from 196.251.84.225 port 36916 ssh2
May  8 03:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 03:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Failed password for root from 80.94.95.125 port 7623 ssh2
May  8 03:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 7623 ssh2]
May  8 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20703]: pam_unix(cron:session): session closed for user root
May  8 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Failed password for root from 80.94.95.125 port 7623 ssh2
May  8 03:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Received disconnect from 80.94.95.125 port 7623:11: Bye [preauth]
May  8 03:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Disconnected from 80.94.95.125 port 7623 [preauth]
May  8 03:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 03:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22182]: Connection closed by 196.251.84.225 port 36916 [preauth]
May  8 03:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Invalid user ds from 196.251.84.225
May  8 03:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: input_userauth_request: invalid user ds [preauth]
May  8 03:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Failed password for invalid user ds from 196.251.84.225 port 38696 ssh2
May  8 03:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22301]: Connection closed by 196.251.84.225 port 38696 [preauth]
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22335]: pam_unix(cron:session): session closed for user p13x
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: Successful su for rubyman by root
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: + ??? root:rubyman
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350749 of user rubyman.
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22412]: pam_unix(su:session): session closed for user rubyman
May  8 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350749.
May  8 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session closed for user root
May  8 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22337]: pam_unix(cron:session): session closed for user samftp
May  8 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Invalid user drupal from 196.251.84.225
May  8 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: input_userauth_request: invalid user drupal [preauth]
May  8 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Failed password for invalid user drupal from 196.251.84.225 port 54912 ssh2
May  8 03:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22651]: Connection closed by 196.251.84.225 port 54912 [preauth]
May  8 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21135]: pam_unix(cron:session): session closed for user root
May  8 03:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: Invalid user admin from 196.251.84.225
May  8 03:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: input_userauth_request: invalid user admin [preauth]
May  8 03:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: Failed password for invalid user admin from 196.251.84.225 port 50156 ssh2
May  8 03:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22738]: Connection closed by 196.251.84.225 port 50156 [preauth]
May  8 03:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: Invalid user ld from 186.233.208.13
May  8 03:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: input_userauth_request: invalid user ld [preauth]
May  8 03:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: Failed password for invalid user ld from 186.233.208.13 port 50964 ssh2
May  8 03:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: Received disconnect from 186.233.208.13 port 50964:11: Bye Bye [preauth]
May  8 03:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22780]: Disconnected from 186.233.208.13 port 50964 [preauth]
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22797]: pam_unix(cron:session): session closed for user root
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22792]: pam_unix(cron:session): session closed for user p13x
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22873]: Successful su for rubyman by root
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22873]: + ??? root:rubyman
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350756 of user rubyman.
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22873]: pam_unix(su:session): session closed for user rubyman
May  8 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350756.
May  8 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19849]: pam_unix(cron:session): session closed for user root
May  8 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22794]: pam_unix(cron:session): session closed for user root
May  8 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22793]: pam_unix(cron:session): session closed for user samftp
May  8 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Failed password for root from 196.251.84.225 port 53670 ssh2
May  8 03:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23116]: Connection closed by 196.251.84.225 port 53670 [preauth]
May  8 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Invalid user guest from 110.164.228.242
May  8 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: input_userauth_request: invalid user guest [preauth]
May  8 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Failed password for invalid user guest from 110.164.228.242 port 34982 ssh2
May  8 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Received disconnect from 110.164.228.242 port 34982:11: Bye Bye [preauth]
May  8 03:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23127]: Disconnected from 110.164.228.242 port 34982 [preauth]
May  8 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Invalid user madsonic from 196.251.84.225
May  8 03:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: input_userauth_request: invalid user madsonic [preauth]
May  8 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21589]: pam_unix(cron:session): session closed for user root
May  8 03:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Failed password for invalid user madsonic from 196.251.84.225 port 41960 ssh2
May  8 03:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23199]: Connection closed by 196.251.84.225 port 41960 [preauth]
May  8 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: Invalid user dolphinscheduler from 196.251.84.225
May  8 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: Failed password for invalid user dolphinscheduler from 196.251.84.225 port 48006 ssh2
May  8 03:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23282]: Connection closed by 196.251.84.225 port 48006 [preauth]
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23286]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23285]: pam_unix(cron:session): session closed for user p13x
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: Successful su for rubyman by root
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: + ??? root:rubyman
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350757 of user rubyman.
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23446]: pam_unix(su:session): session closed for user rubyman
May  8 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350757.
May  8 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90  user=root
May  8 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session closed for user root
May  8 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Failed password for root from 14.103.173.90 port 32826 ssh2
May  8 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Received disconnect from 14.103.173.90 port 32826:11: Bye Bye [preauth]
May  8 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23484]: Disconnected from 14.103.173.90 port 32826 [preauth]
May  8 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23286]: pam_unix(cron:session): session closed for user samftp
May  8 03:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Failed password for root from 196.251.84.225 port 39490 ssh2
May  8 03:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23675]: Connection closed by 196.251.84.225 port 39490 [preauth]
May  8 03:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22339]: pam_unix(cron:session): session closed for user root
May  8 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Failed password for root from 43.156.17.35 port 36244 ssh2
May  8 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Received disconnect from 43.156.17.35 port 36244:11: Bye Bye [preauth]
May  8 03:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23709]: Disconnected from 43.156.17.35 port 36244 [preauth]
May  8 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Invalid user danya from 181.188.159.138
May  8 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: input_userauth_request: invalid user danya [preauth]
May  8 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Failed password for invalid user danya from 181.188.159.138 port 42294 ssh2
May  8 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Received disconnect from 181.188.159.138 port 42294:11: Bye Bye [preauth]
May  8 03:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23740]: Disconnected from 181.188.159.138 port 42294 [preauth]
May  8 03:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Invalid user arkserver from 196.251.84.225
May  8 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: input_userauth_request: invalid user arkserver [preauth]
May  8 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Failed password for invalid user arkserver from 196.251.84.225 port 39480 ssh2
May  8 03:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23863]: Connection closed by 196.251.84.225 port 39480 [preauth]
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23902]: pam_unix(cron:session): session closed for user p13x
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23974]: Successful su for rubyman by root
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23974]: + ??? root:rubyman
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350761 of user rubyman.
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23974]: pam_unix(su:session): session closed for user rubyman
May  8 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350761.
May  8 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
May  8 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23903]: pam_unix(cron:session): session closed for user samftp
May  8 03:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: Invalid user tomcat from 196.251.84.225
May  8 03:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: input_userauth_request: invalid user tomcat [preauth]
May  8 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: Failed password for invalid user tomcat from 196.251.84.225 port 38440 ssh2
May  8 03:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24181]: Connection closed by 196.251.84.225 port 38440 [preauth]
May  8 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22796]: pam_unix(cron:session): session closed for user root
May  8 03:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Invalid user palworld from 196.251.84.225
May  8 03:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: input_userauth_request: invalid user palworld [preauth]
May  8 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Failed password for invalid user palworld from 196.251.84.225 port 56154 ssh2
May  8 03:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24300]: Connection closed by 196.251.84.225 port 56154 [preauth]
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24348]: pam_unix(cron:session): session closed for user p13x
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24420]: Successful su for rubyman by root
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24420]: + ??? root:rubyman
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350765 of user rubyman.
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24420]: pam_unix(su:session): session closed for user rubyman
May  8 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350765.
May  8 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21134]: pam_unix(cron:session): session closed for user root
May  8 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24349]: pam_unix(cron:session): session closed for user samftp
May  8 03:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Invalid user ubuntu from 196.251.84.225
May  8 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: input_userauth_request: invalid user ubuntu [preauth]
May  8 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Failed password for invalid user ubuntu from 196.251.84.225 port 58364 ssh2
May  8 03:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24620]: Connection closed by 196.251.84.225 port 58364 [preauth]
May  8 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session closed for user root
May  8 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Invalid user git from 196.251.84.225
May  8 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: input_userauth_request: invalid user git [preauth]
May  8 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Failed password for invalid user git from 196.251.84.225 port 35066 ssh2
May  8 03:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24719]: Connection closed by 196.251.84.225 port 35066 [preauth]
May  8 03:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Invalid user jito-validator from 196.251.84.225
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: input_userauth_request: invalid user jito-validator [preauth]
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session closed for user p13x
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: Successful su for rubyman by root
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: + ??? root:rubyman
May  8 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350771 of user rubyman.
May  8 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session closed for user rubyman
May  8 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350771.
May  8 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Failed password for invalid user jito-validator from 196.251.84.225 port 59150 ssh2
May  8 03:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Connection closed by 196.251.84.225 port 59150 [preauth]
May  8 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user root
May  8 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24778]: pam_unix(cron:session): session closed for user samftp
May  8 03:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Failed password for root from 196.251.84.225 port 32968 ssh2
May  8 03:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Connection closed by 196.251.84.225 port 32968 [preauth]
May  8 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23905]: pam_unix(cron:session): session closed for user root
May  8 03:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Invalid user jack from 196.251.84.225
May  8 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: input_userauth_request: invalid user jack [preauth]
May  8 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Failed password for invalid user jack from 196.251.84.225 port 57544 ssh2
May  8 03:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Connection closed by 196.251.84.225 port 57544 [preauth]
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25195]: pam_unix(cron:session): session closed for user root
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25190]: pam_unix(cron:session): session closed for user p13x
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25269]: Successful su for rubyman by root
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25269]: + ??? root:rubyman
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350778 of user rubyman.
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25269]: pam_unix(su:session): session closed for user rubyman
May  8 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350778.
May  8 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25192]: pam_unix(cron:session): session closed for user root
May  8 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22338]: pam_unix(cron:session): session closed for user root
May  8 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25191]: pam_unix(cron:session): session closed for user samftp
May  8 03:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: Invalid user user from 196.251.84.225
May  8 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: input_userauth_request: invalid user user [preauth]
May  8 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: Failed password for invalid user user from 196.251.84.225 port 49258 ssh2
May  8 03:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25524]: Connection closed by 196.251.84.225 port 49258 [preauth]
May  8 03:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24352]: pam_unix(cron:session): session closed for user root
May  8 03:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Invalid user wanghe from 186.233.208.13
May  8 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: input_userauth_request: invalid user wanghe [preauth]
May  8 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Failed password for invalid user wanghe from 186.233.208.13 port 54790 ssh2
May  8 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Received disconnect from 186.233.208.13 port 54790:11: Bye Bye [preauth]
May  8 03:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25595]: Disconnected from 186.233.208.13 port 54790 [preauth]
May  8 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Invalid user sampsa from 110.164.228.242
May  8 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: input_userauth_request: invalid user sampsa [preauth]
May  8 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: Invalid user sol from 196.251.84.225
May  8 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: input_userauth_request: invalid user sol [preauth]
May  8 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Failed password for invalid user sampsa from 110.164.228.242 port 52138 ssh2
May  8 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Received disconnect from 110.164.228.242 port 52138:11: Bye Bye [preauth]
May  8 03:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25639]: Disconnected from 110.164.228.242 port 52138 [preauth]
May  8 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: Failed password for invalid user sol from 196.251.84.225 port 52540 ssh2
May  8 03:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25645]: Connection closed by 196.251.84.225 port 52540 [preauth]
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25682]: pam_unix(cron:session): session closed for user p13x
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: Successful su for rubyman by root
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: + ??? root:rubyman
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350780 of user rubyman.
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25774]: pam_unix(su:session): session closed for user rubyman
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350780.
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: Invalid user fad from 14.103.173.90
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: input_userauth_request: invalid user fad [preauth]
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: Failed password for invalid user fad from 14.103.173.90 port 39942 ssh2
May  8 03:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: Received disconnect from 14.103.173.90 port 39942:11: Bye Bye [preauth]
May  8 03:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25677]: Disconnected from 14.103.173.90 port 39942 [preauth]
May  8 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22795]: pam_unix(cron:session): session closed for user root
May  8 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25683]: pam_unix(cron:session): session closed for user samftp
May  8 03:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Invalid user node from 196.251.84.225
May  8 03:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: input_userauth_request: invalid user node [preauth]
May  8 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Failed password for invalid user node from 196.251.84.225 port 41412 ssh2
May  8 03:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26023]: Connection closed by 196.251.84.225 port 41412 [preauth]
May  8 03:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24780]: pam_unix(cron:session): session closed for user root
May  8 03:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: Invalid user guest from 196.251.84.225
May  8 03:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: input_userauth_request: invalid user guest [preauth]
May  8 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: Failed password for invalid user guest from 196.251.84.225 port 42272 ssh2
May  8 03:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26128]: Connection closed by 196.251.84.225 port 42272 [preauth]
May  8 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26158]: pam_unix(cron:session): session closed for user p13x
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: Successful su for rubyman by root
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: + ??? root:rubyman
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350784 of user rubyman.
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26219]: pam_unix(su:session): session closed for user rubyman
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350784.
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Invalid user user9 from 43.156.17.35
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: input_userauth_request: invalid user user9 [preauth]
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35
May  8 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session closed for user root
May  8 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Failed password for invalid user user9 from 43.156.17.35 port 53588 ssh2
May  8 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Received disconnect from 43.156.17.35 port 53588:11: Bye Bye [preauth]
May  8 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Disconnected from 43.156.17.35 port 53588 [preauth]
May  8 03:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  8 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26159]: pam_unix(cron:session): session closed for user samftp
May  8 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Failed password for root from 85.208.84.4 port 58206 ssh2
May  8 03:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Connection closed by 85.208.84.4 port 58206 [preauth]
May  8 03:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Invalid user grafana from 196.251.84.225
May  8 03:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: input_userauth_request: invalid user grafana [preauth]
May  8 03:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Failed password for invalid user grafana from 196.251.84.225 port 40800 ssh2
May  8 03:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Connection closed by 196.251.84.225 port 40800 [preauth]
May  8 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25194]: pam_unix(cron:session): session closed for user root
May  8 03:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Invalid user redis from 196.251.84.225
May  8 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: input_userauth_request: invalid user redis [preauth]
May  8 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Failed password for invalid user redis from 196.251.84.225 port 45416 ssh2
May  8 03:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Connection closed by 196.251.84.225 port 45416 [preauth]
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session closed for user p13x
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26703]: Successful su for rubyman by root
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26703]: + ??? root:rubyman
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26703]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350787 of user rubyman.
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26703]: pam_unix(su:session): session closed for user rubyman
May  8 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350787.
May  8 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23904]: pam_unix(cron:session): session closed for user root
May  8 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session closed for user samftp
May  8 03:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Invalid user virtualbox from 196.251.84.225
May  8 03:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: input_userauth_request: invalid user virtualbox [preauth]
May  8 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Failed password for invalid user virtualbox from 196.251.84.225 port 51740 ssh2
May  8 03:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26908]: Connection closed by 196.251.84.225 port 51740 [preauth]
May  8 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25685]: pam_unix(cron:session): session closed for user root
May  8 03:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Invalid user david from 193.70.84.184
May  8 03:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: input_userauth_request: invalid user david [preauth]
May  8 03:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 03:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Failed password for invalid user david from 193.70.84.184 port 37228 ssh2
May  8 03:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27057]: Connection closed by 193.70.84.184 port 37228 [preauth]
May  8 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Invalid user opc from 196.251.84.225
May  8 03:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: input_userauth_request: invalid user opc [preauth]
May  8 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Failed password for invalid user opc from 196.251.84.225 port 43136 ssh2
May  8 03:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27073]: Connection closed by 196.251.84.225 port 43136 [preauth]
May  8 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27116]: pam_unix(cron:session): session closed for user p13x
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27250]: Successful su for rubyman by root
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27250]: + ??? root:rubyman
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350791 of user rubyman.
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27250]: pam_unix(su:session): session closed for user rubyman
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350791.
May  8 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27114]: pam_unix(cron:session): session closed for user root
May  8 03:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24350]: pam_unix(cron:session): session closed for user root
May  8 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27118]: pam_unix(cron:session): session closed for user samftp
May  8 03:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Invalid user apache from 196.251.84.225
May  8 03:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: input_userauth_request: invalid user apache [preauth]
May  8 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Failed password for invalid user apache from 196.251.84.225 port 53408 ssh2
May  8 03:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Connection closed by 196.251.84.225 port 53408 [preauth]
May  8 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26161]: pam_unix(cron:session): session closed for user root
May  8 03:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: Invalid user factorio from 196.251.84.225
May  8 03:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: input_userauth_request: invalid user factorio [preauth]
May  8 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: Failed password for invalid user factorio from 196.251.84.225 port 55100 ssh2
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27665]: Connection closed by 196.251.84.225 port 55100 [preauth]
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session closed for user root
May  8 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27698]: pam_unix(cron:session): session closed for user p13x
May  8 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27771]: Successful su for rubyman by root
May  8 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27771]: + ??? root:rubyman
May  8 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350800 of user rubyman.
May  8 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27771]: pam_unix(su:session): session closed for user rubyman
May  8 03:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350800.
May  8 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session closed for user root
May  8 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27700]: pam_unix(cron:session): session closed for user root
May  8 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session closed for user samftp
May  8 03:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Invalid user solar from 14.103.173.90
May  8 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: input_userauth_request: invalid user solar [preauth]
May  8 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Failed password for invalid user solar from 14.103.173.90 port 45950 ssh2
May  8 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Received disconnect from 14.103.173.90 port 45950:11: Bye Bye [preauth]
May  8 03:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28026]: Disconnected from 14.103.173.90 port 45950 [preauth]
May  8 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Invalid user zabbix from 196.251.84.225
May  8 03:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: input_userauth_request: invalid user zabbix [preauth]
May  8 03:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Failed password for invalid user zabbix from 196.251.84.225 port 40194 ssh2
May  8 03:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28014]: Connection closed by 196.251.84.225 port 40194 [preauth]
May  8 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26640]: pam_unix(cron:session): session closed for user root
May  8 03:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Invalid user wang from 196.251.84.225
May  8 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: input_userauth_request: invalid user wang [preauth]
May  8 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Failed password for invalid user wang from 196.251.84.225 port 53134 ssh2
May  8 03:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28102]: Connection closed by 196.251.84.225 port 53134 [preauth]
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28148]: pam_unix(cron:session): session closed for user p13x
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: Successful su for rubyman by root
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: + ??? root:rubyman
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350803 of user rubyman.
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28219]: pam_unix(su:session): session closed for user rubyman
May  8 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350803.
May  8 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25193]: pam_unix(cron:session): session closed for user root
May  8 03:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28149]: pam_unix(cron:session): session closed for user samftp
May  8 03:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Invalid user jhlee from 186.233.208.13
May  8 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: input_userauth_request: invalid user jhlee [preauth]
May  8 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Invalid user hadoop from 196.251.84.225
May  8 03:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: input_userauth_request: invalid user hadoop [preauth]
May  8 03:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242  user=root
May  8 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Failed password for invalid user jhlee from 186.233.208.13 port 49150 ssh2
May  8 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Received disconnect from 186.233.208.13 port 49150:11: Bye Bye [preauth]
May  8 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28444]: Disconnected from 186.233.208.13 port 49150 [preauth]
May  8 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Failed password for root from 110.164.228.242 port 36210 ssh2
May  8 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Received disconnect from 110.164.228.242 port 36210:11: Bye Bye [preauth]
May  8 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28446]: Disconnected from 110.164.228.242 port 36210 [preauth]
May  8 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Failed password for invalid user hadoop from 196.251.84.225 port 50138 ssh2
May  8 03:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28438]: Connection closed by 196.251.84.225 port 50138 [preauth]
May  8 03:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27120]: pam_unix(cron:session): session closed for user root
May  8 03:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Invalid user admin from 196.251.84.225
May  8 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: input_userauth_request: invalid user admin [preauth]
May  8 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Failed password for invalid user admin from 196.251.84.225 port 46310 ssh2
May  8 03:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Connection closed by 196.251.84.225 port 46310 [preauth]
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28570]: pam_unix(cron:session): session closed for user p13x
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: Successful su for rubyman by root
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: + ??? root:rubyman
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350808 of user rubyman.
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28633]: pam_unix(su:session): session closed for user rubyman
May  8 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350808.
May  8 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session closed for user root
May  8 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28571]: pam_unix(cron:session): session closed for user samftp
May  8 03:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Invalid user lighthouse from 196.251.84.225
May  8 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: input_userauth_request: invalid user lighthouse [preauth]
May  8 03:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 03:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Failed password for invalid user lighthouse from 196.251.84.225 port 60666 ssh2
May  8 03:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: Failed password for root from 43.156.17.35 port 41324 ssh2
May  8 03:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: Received disconnect from 43.156.17.35 port 41324:11: Bye Bye [preauth]
May  8 03:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28849]: Disconnected from 43.156.17.35 port 41324 [preauth]
May  8 03:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28839]: Connection closed by 196.251.84.225 port 60666 [preauth]
May  8 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session closed for user root
May  8 03:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Invalid user redis from 196.251.84.225
May  8 03:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: input_userauth_request: invalid user redis [preauth]
May  8 03:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Failed password for invalid user redis from 196.251.84.225 port 60538 ssh2
May  8 03:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28948]: Connection closed by 196.251.84.225 port 60538 [preauth]
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28978]: pam_unix(cron:session): session closed for user p13x
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: Successful su for rubyman by root
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: + ??? root:rubyman
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350811 of user rubyman.
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29124]: pam_unix(su:session): session closed for user rubyman
May  8 03:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350811.
May  8 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26160]: pam_unix(cron:session): session closed for user root
May  8 03:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session closed for user samftp
May  8 03:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138  user=root
May  8 03:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29326]: Failed password for root from 181.188.159.138 port 59000 ssh2
May  8 03:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29326]: Received disconnect from 181.188.159.138 port 59000:11: Bye Bye [preauth]
May  8 03:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29326]: Disconnected from 181.188.159.138 port 59000 [preauth]
May  8 03:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Invalid user ds from 196.251.84.225
May  8 03:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: input_userauth_request: invalid user ds [preauth]
May  8 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Failed password for invalid user ds from 196.251.84.225 port 40636 ssh2
May  8 03:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29361]: Connection closed by 196.251.84.225 port 40636 [preauth]
May  8 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28151]: pam_unix(cron:session): session closed for user root
May  8 03:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29486]: pam_unix(cron:session): session closed for user p13x
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29550]: Successful su for rubyman by root
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29550]: + ??? root:rubyman
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350815 of user rubyman.
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29550]: pam_unix(su:session): session closed for user rubyman
May  8 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350815.
May  8 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Invalid user hadoop from 196.251.84.225
May  8 03:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: input_userauth_request: invalid user hadoop [preauth]
May  8 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session closed for user root
May  8 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29487]: pam_unix(cron:session): session closed for user samftp
May  8 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Failed password for invalid user hadoop from 196.251.84.225 port 57286 ssh2
May  8 03:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29465]: Connection closed by 196.251.84.225 port 57286 [preauth]
May  8 03:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Invalid user solana from 196.251.84.225
May  8 03:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: input_userauth_request: invalid user solana [preauth]
May  8 03:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Failed password for invalid user solana from 196.251.84.225 port 41588 ssh2
May  8 03:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29772]: Connection closed by 196.251.84.225 port 41588 [preauth]
May  8 03:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Invalid user halo from 14.103.173.90
May  8 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: input_userauth_request: invalid user halo [preauth]
May  8 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Failed password for invalid user halo from 14.103.173.90 port 47860 ssh2
May  8 03:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Received disconnect from 14.103.173.90 port 47860:11: Bye Bye [preauth]
May  8 03:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29802]: Disconnected from 14.103.173.90 port 47860 [preauth]
May  8 03:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28573]: pam_unix(cron:session): session closed for user root
May  8 03:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Invalid user test from 196.251.84.225
May  8 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: input_userauth_request: invalid user test [preauth]
May  8 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Failed password for invalid user test from 196.251.84.225 port 58252 ssh2
May  8 03:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29876]: Connection closed by 196.251.84.225 port 58252 [preauth]
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session closed for user root
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session closed for user p13x
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: Successful su for rubyman by root
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: + ??? root:rubyman
May  8 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350819 of user rubyman.
May  8 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29980]: pam_unix(su:session): session closed for user rubyman
May  8 03:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350819.
May  8 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session closed for user root
May  8 03:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27119]: pam_unix(cron:session): session closed for user root
May  8 03:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29906]: pam_unix(cron:session): session closed for user samftp
May  8 03:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Invalid user steam from 196.251.84.225
May  8 03:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: input_userauth_request: invalid user steam [preauth]
May  8 03:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Failed password for invalid user steam from 196.251.84.225 port 40196 ssh2
May  8 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30208]: Connection closed by 196.251.84.225 port 40196 [preauth]
May  8 03:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session closed for user root
May  8 03:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: Invalid user tom from 196.251.84.225
May  8 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: input_userauth_request: invalid user tom [preauth]
May  8 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: Failed password for invalid user tom from 196.251.84.225 port 45932 ssh2
May  8 03:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30290]: Connection closed by 196.251.84.225 port 45932 [preauth]
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30336]: pam_unix(cron:session): session closed for user p13x
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30404]: Successful su for rubyman by root
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30404]: + ??? root:rubyman
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350825 of user rubyman.
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30404]: pam_unix(su:session): session closed for user rubyman
May  8 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350825.
May  8 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session closed for user root
May  8 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30338]: pam_unix(cron:session): session closed for user samftp
May  8 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Invalid user tadmin from 50.235.31.47
May  8 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: input_userauth_request: invalid user tadmin [preauth]
May  8 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 03:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Failed password for invalid user tadmin from 50.235.31.47 port 40688 ssh2
May  8 03:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30588]: Connection closed by 50.235.31.47 port 40688 [preauth]
May  8 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Invalid user steam from 196.251.84.225
May  8 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: input_userauth_request: invalid user steam [preauth]
May  8 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Failed password for invalid user steam from 196.251.84.225 port 45086 ssh2
May  8 03:46:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30591]: Connection closed by 196.251.84.225 port 45086 [preauth]
May  8 03:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  8 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Failed password for root from 80.94.95.116 port 21294 ssh2
May  8 03:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30631]: Connection closed by 80.94.95.116 port 21294 [preauth]
May  8 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29490]: pam_unix(cron:session): session closed for user root
May  8 03:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Invalid user testuser from 196.251.84.225
May  8 03:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: input_userauth_request: invalid user testuser [preauth]
May  8 03:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Failed password for invalid user testuser from 196.251.84.225 port 48262 ssh2
May  8 03:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30688]: Connection closed by 196.251.84.225 port 48262 [preauth]
May  8 03:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Invalid user ubuntu from 110.164.228.242
May  8 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: input_userauth_request: invalid user ubuntu [preauth]
May  8 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 03:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for invalid user ubuntu from 110.164.228.242 port 55154 ssh2
May  8 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Received disconnect from 110.164.228.242 port 55154:11: Bye Bye [preauth]
May  8 03:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Disconnected from 110.164.228.242 port 55154 [preauth]
May  8 03:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Invalid user kibana from 186.233.208.13
May  8 03:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: input_userauth_request: invalid user kibana [preauth]
May  8 03:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Failed password for invalid user kibana from 186.233.208.13 port 60864 ssh2
May  8 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Received disconnect from 186.233.208.13 port 60864:11: Bye Bye [preauth]
May  8 03:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30740]: Disconnected from 186.233.208.13 port 60864 [preauth]
May  8 03:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: input_userauth_request: invalid user www-data [preauth]
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session closed for user p13x
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30811]: Successful su for rubyman by root
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30811]: + ??? root:rubyman
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350830 of user rubyman.
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30811]: pam_unix(su:session): session closed for user rubyman
May  8 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350830.
May  8 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Failed password for invalid user www-data from 196.251.84.225 port 35832 ssh2
May  8 03:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30750]: Connection closed by 196.251.84.225 port 35832 [preauth]
May  8 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28150]: pam_unix(cron:session): session closed for user root
May  8 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30754]: pam_unix(cron:session): session closed for user samftp
May  8 03:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Invalid user plex from 196.251.84.225
May  8 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: input_userauth_request: invalid user plex [preauth]
May  8 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Failed password for invalid user plex from 196.251.84.225 port 47634 ssh2
May  8 03:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31155]: Connection closed by 196.251.84.225 port 47634 [preauth]
May  8 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session closed for user root
May  8 03:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.156.17.35  user=root
May  8 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Failed password for root from 43.156.17.35 port 57696 ssh2
May  8 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Received disconnect from 43.156.17.35 port 57696:11: Bye Bye [preauth]
May  8 03:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31200]: Disconnected from 43.156.17.35 port 57696 [preauth]
May  8 03:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: Invalid user www from 196.251.84.225
May  8 03:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: input_userauth_request: invalid user www [preauth]
May  8 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: Failed password for invalid user www from 196.251.84.225 port 35884 ssh2
May  8 03:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31230]: Connection closed by 196.251.84.225 port 35884 [preauth]
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31254]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31253]: pam_unix(cron:session): session closed for user p13x
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: Successful su for rubyman by root
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: + ??? root:rubyman
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350832 of user rubyman.
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session closed for user rubyman
May  8 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350832.
May  8 03:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28572]: pam_unix(cron:session): session closed for user root
May  8 03:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31254]: pam_unix(cron:session): session closed for user samftp
May  8 03:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Invalid user yarn from 196.251.84.225
May  8 03:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: input_userauth_request: invalid user yarn [preauth]
May  8 03:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Failed password for invalid user yarn from 196.251.84.225 port 46686 ssh2
May  8 03:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31547]: Connection closed by 196.251.84.225 port 46686 [preauth]
May  8 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session closed for user root
May  8 03:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: Invalid user ds from 196.251.84.225
May  8 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: input_userauth_request: invalid user ds [preauth]
May  8 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: Failed password for invalid user ds from 196.251.84.225 port 35500 ssh2
May  8 03:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31653]: Connection closed by 196.251.84.225 port 35500 [preauth]
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31694]: pam_unix(cron:session): session closed for user p13x
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: Successful su for rubyman by root
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: + ??? root:rubyman
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350837 of user rubyman.
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31758]: pam_unix(su:session): session closed for user rubyman
May  8 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350837.
May  8 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session closed for user root
May  8 03:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31699]: pam_unix(cron:session): session closed for user samftp
May  8 03:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Invalid user kodi from 196.251.84.225
May  8 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: input_userauth_request: invalid user kodi [preauth]
May  8 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Failed password for invalid user kodi from 196.251.84.225 port 55648 ssh2
May  8 03:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32083]: Connection closed by 196.251.84.225 port 55648 [preauth]
May  8 03:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Failed password for root from 186.121.205.29 port 47228 ssh2
May  8 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Received disconnect from 186.121.205.29 port 47228:11: Bye Bye [preauth]
May  8 03:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32215]: Disconnected from 186.121.205.29 port 47228 [preauth]
May  8 03:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Invalid user admin from 80.94.95.241
May  8 03:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: input_userauth_request: invalid user admin [preauth]
May  8 03:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user admin from 80.94.95.241 port 42324 ssh2
May  8 03:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user admin from 80.94.95.241 port 42324 ssh2
May  8 03:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30756]: pam_unix(cron:session): session closed for user root
May  8 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user admin from 80.94.95.241 port 42324 ssh2
May  8 03:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user admin from 80.94.95.241 port 42324 ssh2
May  8 03:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Failed password for invalid user admin from 80.94.95.241 port 42324 ssh2
May  8 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Received disconnect from 80.94.95.241 port 42324:11: Bye [preauth]
May  8 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: Disconnected from 80.94.95.241 port 42324 [preauth]
May  8 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 03:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32242]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Invalid user amp from 196.251.84.225
May  8 03:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: input_userauth_request: invalid user amp [preauth]
May  8 03:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Failed password for invalid user amp from 196.251.84.225 port 37862 ssh2
May  8 03:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32372]: Connection closed by 196.251.84.225 port 37862 [preauth]
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32416]: pam_unix(cron:session): session closed for user root
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32410]: pam_unix(cron:session): session closed for user p13x
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: Successful su for rubyman by root
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: + ??? root:rubyman
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350840 of user rubyman.
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32486]: pam_unix(su:session): session closed for user rubyman
May  8 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350840.
May  8 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32413]: pam_unix(cron:session): session closed for user root
May  8 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29489]: pam_unix(cron:session): session closed for user root
May  8 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32411]: pam_unix(cron:session): session closed for user samftp
May  8 03:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Invalid user vagrant from 196.251.84.225
May  8 03:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: input_userauth_request: invalid user vagrant [preauth]
May  8 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Failed password for invalid user vagrant from 196.251.84.225 port 53098 ssh2
May  8 03:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[368]: Connection closed by 196.251.84.225 port 53098 [preauth]
May  8 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31256]: pam_unix(cron:session): session closed for user root
May  8 03:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: User sys from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: input_userauth_request: invalid user sys [preauth]
May  8 03:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=sys
May  8 03:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: Failed password for invalid user sys from 196.251.84.225 port 52836 ssh2
May  8 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[541]: Connection closed by 196.251.84.225 port 52836 [preauth]
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[570]: pam_unix(cron:session): session closed for user p13x
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: Successful su for rubyman by root
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: + ??? root:rubyman
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350849 of user rubyman.
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: pam_unix(su:session): session closed for user rubyman
May  8 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350849.
May  8 03:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29908]: pam_unix(cron:session): session closed for user root
May  8 03:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[571]: pam_unix(cron:session): session closed for user samftp
May  8 03:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Invalid user master from 196.251.84.225
May  8 03:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: input_userauth_request: invalid user master [preauth]
May  8 03:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Failed password for invalid user master from 196.251.84.225 port 37792 ssh2
May  8 03:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[890]: Connection closed by 196.251.84.225 port 37792 [preauth]
May  8 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31701]: pam_unix(cron:session): session closed for user root
May  8 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Invalid user admin from 80.94.95.112
May  8 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: input_userauth_request: invalid user admin [preauth]
May  8 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 03:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user admin from 80.94.95.112 port 30807 ssh2
May  8 03:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user admin from 80.94.95.112 port 30807 ssh2
May  8 03:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user admin from 80.94.95.112 port 30807 ssh2
May  8 03:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Failed password for root from 196.251.84.225 port 55512 ssh2
May  8 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Connection closed by 196.251.84.225 port 55512 [preauth]
May  8 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user admin from 80.94.95.112 port 30807 ssh2
May  8 03:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Failed password for invalid user admin from 80.94.95.112 port 30807 ssh2
May  8 03:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Received disconnect from 80.94.95.112 port 30807:11: Bye [preauth]
May  8 03:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: Disconnected from 80.94.95.112 port 30807 [preauth]
May  8 03:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 03:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[996]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session closed for user p13x
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1125]: Successful su for rubyman by root
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1125]: + ??? root:rubyman
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350850 of user rubyman.
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1125]: pam_unix(su:session): session closed for user rubyman
May  8 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350850.
May  8 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30339]: pam_unix(cron:session): session closed for user root
May  8 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1058]: pam_unix(cron:session): session closed for user samftp
May  8 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Invalid user www from 196.251.84.225
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: input_userauth_request: invalid user www [preauth]
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Invalid user hcc from 110.164.228.242
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: input_userauth_request: invalid user hcc [preauth]
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.164.228.242
May  8 03:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Failed password for invalid user www from 196.251.84.225 port 53688 ssh2
May  8 03:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Failed password for invalid user hcc from 110.164.228.242 port 57280 ssh2
May  8 03:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Received disconnect from 110.164.228.242 port 57280:11: Bye Bye [preauth]
May  8 03:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1385]: Disconnected from 110.164.228.242 port 57280 [preauth]
May  8 03:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Connection closed by 196.251.84.225 port 53688 [preauth]
May  8 03:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Invalid user prova from 186.233.208.13
May  8 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: input_userauth_request: invalid user prova [preauth]
May  8 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  8 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for invalid user prova from 186.233.208.13 port 46030 ssh2
May  8 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Received disconnect from 186.233.208.13 port 46030:11: Bye Bye [preauth]
May  8 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Disconnected from 186.233.208.13 port 46030 [preauth]
May  8 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Failed password for root from 46.244.96.25 port 59778 ssh2
May  8 03:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Connection closed by 46.244.96.25 port 59778 [preauth]
May  8 03:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32415]: pam_unix(cron:session): session closed for user root
May  8 03:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: Invalid user ark from 196.251.84.225
May  8 03:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: input_userauth_request: invalid user ark [preauth]
May  8 03:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: Failed password for invalid user ark from 196.251.84.225 port 38734 ssh2
May  8 03:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1508]: Connection closed by 196.251.84.225 port 38734 [preauth]
May  8 03:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Invalid user daniel from 14.103.173.90
May  8 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: input_userauth_request: invalid user daniel [preauth]
May  8 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Failed password for invalid user daniel from 14.103.173.90 port 36106 ssh2
May  8 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Received disconnect from 14.103.173.90 port 36106:11: Bye Bye [preauth]
May  8 03:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Disconnected from 14.103.173.90 port 36106 [preauth]
May  8 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1556]: pam_unix(cron:session): session closed for user p13x
May  8 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: Successful su for rubyman by root
May  8 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: + ??? root:rubyman
May  8 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350855 of user rubyman.
May  8 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: pam_unix(su:session): session closed for user rubyman
May  8 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350855.
May  8 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30755]: pam_unix(cron:session): session closed for user root
May  8 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1559]: pam_unix(cron:session): session closed for user samftp
May  8 03:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Invalid user grafana from 196.251.84.225
May  8 03:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: input_userauth_request: invalid user grafana [preauth]
May  8 03:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Failed password for invalid user grafana from 196.251.84.225 port 43646 ssh2
May  8 03:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Connection closed by 196.251.84.225 port 43646 [preauth]
May  8 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[573]: pam_unix(cron:session): session closed for user root
May  8 03:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Invalid user sonar from 196.251.84.225
May  8 03:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: input_userauth_request: invalid user sonar [preauth]
May  8 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Failed password for invalid user sonar from 196.251.84.225 port 49536 ssh2
May  8 03:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Connection closed by 196.251.84.225 port 49536 [preauth]
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2088]: pam_unix(cron:session): session closed for user p13x
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2154]: Successful su for rubyman by root
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2154]: + ??? root:rubyman
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2154]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350858 of user rubyman.
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2154]: pam_unix(su:session): session closed for user rubyman
May  8 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350858.
May  8 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31255]: pam_unix(cron:session): session closed for user root
May  8 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2089]: pam_unix(cron:session): session closed for user samftp
May  8 03:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Invalid user vagrant from 196.251.84.225
May  8 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: input_userauth_request: invalid user vagrant [preauth]
May  8 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Failed password for invalid user vagrant from 196.251.84.225 port 47280 ssh2
May  8 03:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Connection closed by 196.251.84.225 port 47280 [preauth]
May  8 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session closed for user root
May  8 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: Invalid user palworld from 196.251.84.225
May  8 03:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: input_userauth_request: invalid user palworld [preauth]
May  8 03:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: Failed password for invalid user palworld from 196.251.84.225 port 54452 ssh2
May  8 03:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: Connection closed by 196.251.84.225 port 54452 [preauth]
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2522]: pam_unix(cron:session): session closed for user root
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2517]: pam_unix(cron:session): session closed for user p13x
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: Successful su for rubyman by root
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: + ??? root:rubyman
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350866 of user rubyman.
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2599]: pam_unix(su:session): session closed for user rubyman
May  8 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350866.
May  8 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2519]: pam_unix(cron:session): session closed for user root
May  8 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31700]: pam_unix(cron:session): session closed for user root
May  8 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2518]: pam_unix(cron:session): session closed for user samftp
May  8 03:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Failed password for root from 196.251.84.225 port 43536 ssh2
May  8 03:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2857]: Connection closed by 196.251.84.225 port 43536 [preauth]
May  8 03:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Invalid user rede from 181.188.159.138
May  8 03:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: input_userauth_request: invalid user rede [preauth]
May  8 03:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Failed password for invalid user rede from 181.188.159.138 port 40588 ssh2
May  8 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Received disconnect from 181.188.159.138 port 40588:11: Bye Bye [preauth]
May  8 03:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Disconnected from 181.188.159.138 port 40588 [preauth]
May  8 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1564]: pam_unix(cron:session): session closed for user root
May  8 03:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Invalid user solana from 196.251.84.225
May  8 03:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: input_userauth_request: invalid user solana [preauth]
May  8 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Failed password for invalid user solana from 196.251.84.225 port 42032 ssh2
May  8 03:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2947]: Connection closed by 196.251.84.225 port 42032 [preauth]
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session closed for user p13x
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3061]: Successful su for rubyman by root
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3061]: + ??? root:rubyman
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350868 of user rubyman.
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3061]: pam_unix(su:session): session closed for user rubyman
May  8 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350868.
May  8 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32414]: pam_unix(cron:session): session closed for user root
May  8 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session closed for user samftp
May  8 03:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: Invalid user git from 196.251.84.225
May  8 03:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: input_userauth_request: invalid user git [preauth]
May  8 03:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: Failed password for invalid user git from 196.251.84.225 port 60238 ssh2
May  8 03:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3260]: Connection closed by 196.251.84.225 port 60238 [preauth]
May  8 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2091]: pam_unix(cron:session): session closed for user root
May  8 03:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  8 03:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Invalid user opc from 196.251.84.225
May  8 03:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: input_userauth_request: invalid user opc [preauth]
May  8 03:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: Failed password for root from 218.92.0.211 port 53998 ssh2
May  8 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Failed password for invalid user opc from 196.251.84.225 port 49264 ssh2
May  8 03:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3362]: Connection closed by 196.251.84.225 port 49264 [preauth]
May  8 03:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: Failed password for root from 218.92.0.211 port 53998 ssh2
May  8 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: message repeated 3 times: [ Failed password for root from 218.92.0.211 port 53998 ssh2]
May  8 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: error: maximum authentication attempts exceeded for root from 218.92.0.211 port 53998 ssh2 [preauth]
May  8 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: Disconnecting: Too many authentication failures [preauth]
May  8 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.211  user=root
May  8 03:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 03:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3436]: pam_unix(cron:session): session closed for user p13x
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: Successful su for rubyman by root
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: + ??? root:rubyman
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350872 of user rubyman.
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3499]: pam_unix(su:session): session closed for user rubyman
May  8 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350872.
May  8 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[572]: pam_unix(cron:session): session closed for user root
May  8 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3437]: pam_unix(cron:session): session closed for user samftp
May  8 03:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: Failed password for root from 196.251.84.225 port 36192 ssh2
May  8 03:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3712]: Connection closed by 196.251.84.225 port 36192 [preauth]
May  8 03:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: Invalid user enrico from 14.103.173.90
May  8 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: input_userauth_request: invalid user enrico [preauth]
May  8 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 03:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: Failed password for invalid user enrico from 14.103.173.90 port 38260 ssh2
May  8 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: Received disconnect from 14.103.173.90 port 38260:11: Bye Bye [preauth]
May  8 03:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3734]: Disconnected from 14.103.173.90 port 38260 [preauth]
May  8 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2521]: pam_unix(cron:session): session closed for user root
May  8 03:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: Invalid user master from 196.251.84.225
May  8 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: input_userauth_request: invalid user master [preauth]
May  8 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: Failed password for invalid user master from 196.251.84.225 port 52024 ssh2
May  8 03:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3812]: Connection closed by 196.251.84.225 port 52024 [preauth]
May  8 03:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: Invalid user anonymous from 194.0.234.16
May  8 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: input_userauth_request: invalid user anonymous [preauth]
May  8 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  8 03:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: Failed password for invalid user anonymous from 194.0.234.16 port 24820 ssh2
May  8 03:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3836]: Connection closed by 194.0.234.16 port 24820 [preauth]
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3865]: pam_unix(cron:session): session closed for user p13x
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3934]: Successful su for rubyman by root
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3934]: + ??? root:rubyman
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350876 of user rubyman.
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3934]: pam_unix(su:session): session closed for user rubyman
May  8 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350876.
May  8 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session closed for user root
May  8 03:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3866]: pam_unix(cron:session): session closed for user samftp
May  8 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: Invalid user admin from 196.251.84.225
May  8 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: input_userauth_request: invalid user admin [preauth]
May  8 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: Failed password for invalid user admin from 196.251.84.225 port 34998 ssh2
May  8 03:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: Connection closed by 196.251.84.225 port 34998 [preauth]
May  8 03:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: Invalid user daniel from 186.233.208.13
May  8 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: input_userauth_request: invalid user daniel [preauth]
May  8 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: Failed password for invalid user daniel from 186.233.208.13 port 37928 ssh2
May  8 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: Received disconnect from 186.233.208.13 port 37928:11: Bye Bye [preauth]
May  8 03:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4160]: Disconnected from 186.233.208.13 port 37928 [preauth]
May  8 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 03:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2995]: pam_unix(cron:session): session closed for user root
May  8 03:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4222]: Failed password for root from 196.251.84.225 port 33724 ssh2
May  8 03:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4222]: Connection closed by 196.251.84.225 port 33724 [preauth]
May  8 03:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: Invalid user redis from 196.251.84.225
May  8 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: input_userauth_request: invalid user redis [preauth]
May  8 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user p13x
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: Successful su for rubyman by root
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: + ??? root:rubyman
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350881 of user rubyman.
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4531]: pam_unix(su:session): session closed for user rubyman
May  8 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350881.
May  8 03:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: Failed password for invalid user redis from 196.251.84.225 port 50948 ssh2
May  8 03:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4452]: Connection closed by 196.251.84.225 port 50948 [preauth]
May  8 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1562]: pam_unix(cron:session): session closed for user root
May  8 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4456]: pam_unix(cron:session): session closed for user samftp
May  8 03:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Invalid user caddy from 196.251.84.225
May  8 03:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: input_userauth_request: invalid user caddy [preauth]
May  8 03:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for invalid user caddy from 196.251.84.225 port 32772 ssh2
May  8 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Connection closed by 196.251.84.225 port 32772 [preauth]
May  8 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3439]: pam_unix(cron:session): session closed for user root
May  8 03:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Invalid user www from 196.251.84.225
May  8 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: input_userauth_request: invalid user www [preauth]
May  8 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: pam_unix(sshd:auth): check pass; user unknown
May  8 03:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Failed password for invalid user www from 196.251.84.225 port 42954 ssh2
May  8 03:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4876]: Connection closed by 196.251.84.225 port 42954 [preauth]
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4894]: pam_unix(cron:session): session closed for user root
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4890]: pam_unix(cron:session): session closed for user root
May  8 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4888]: pam_unix(cron:session): session closed for user p13x
May  8 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: Successful su for rubyman by root
May  8 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: + ??? root:rubyman
May  8 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350886 of user rubyman.
May  8 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5008]: pam_unix(su:session): session closed for user rubyman
May  8 04:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350886.
May  8 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2090]: pam_unix(cron:session): session closed for user root
May  8 04:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4891]: pam_unix(cron:session): session closed for user root
May  8 04:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4889]: pam_unix(cron:session): session closed for user samftp
May  8 04:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: Invalid user minecraft from 196.251.84.225
May  8 04:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: input_userauth_request: invalid user minecraft [preauth]
May  8 04:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: Failed password for invalid user minecraft from 196.251.84.225 port 56012 ssh2
May  8 04:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5448]: Connection closed by 196.251.84.225 port 56012 [preauth]
May  8 04:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 04:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Failed password for root from 80.94.95.125 port 38586 ssh2
May  8 04:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Failed password for root from 80.94.95.125 port 38586 ssh2
May  8 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3868]: pam_unix(cron:session): session closed for user root
May  8 04:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Failed password for root from 80.94.95.125 port 38586 ssh2
May  8 04:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 38586 ssh2]
May  8 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Received disconnect from 80.94.95.125 port 38586:11: Bye [preauth]
May  8 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: Disconnected from 80.94.95.125 port 38586 [preauth]
May  8 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 04:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5478]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Invalid user vagrant from 196.251.84.225
May  8 04:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: input_userauth_request: invalid user vagrant [preauth]
May  8 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Failed password for invalid user vagrant from 196.251.84.225 port 59630 ssh2
May  8 04:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5631]: Connection closed by 196.251.84.225 port 59630 [preauth]
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5656]: pam_unix(cron:session): session closed for user p13x
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: Successful su for rubyman by root
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: + ??? root:rubyman
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350891 of user rubyman.
May  8 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5736]: pam_unix(su:session): session closed for user rubyman
May  8 04:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350891.
May  8 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2520]: pam_unix(cron:session): session closed for user root
May  8 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5657]: pam_unix(cron:session): session closed for user samftp
May  8 04:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Bad protocol version identification 'GET / HTTP/1.1' from 3.145.34.44 port 54878
May  8 04:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Invalid user ubuntu from 196.251.84.225
May  8 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for invalid user ubuntu from 196.251.84.225 port 39556 ssh2
May  8 04:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 196.251.84.225 port 39556 [preauth]
May  8 04:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Invalid user tabata from 186.121.205.29
May  8 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: input_userauth_request: invalid user tabata [preauth]
May  8 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29
May  8 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Failed password for invalid user tabata from 186.121.205.29 port 36600 ssh2
May  8 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Received disconnect from 186.121.205.29 port 36600:11: Bye Bye [preauth]
May  8 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6071]: Disconnected from 186.121.205.29 port 36600 [preauth]
May  8 04:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Invalid user dev from 14.103.173.90
May  8 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: input_userauth_request: invalid user dev [preauth]
May  8 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4458]: pam_unix(cron:session): session closed for user root
May  8 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Failed password for invalid user dev from 14.103.173.90 port 50456 ssh2
May  8 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Received disconnect from 14.103.173.90 port 50456:11: Bye Bye [preauth]
May  8 04:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: Disconnected from 14.103.173.90 port 50456 [preauth]
May  8 04:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Failed password for root from 196.251.84.225 port 53808 ssh2
May  8 04:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Connection closed by 196.251.84.225 port 53808 [preauth]
May  8 04:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Connection closed by 161.35.38.226 port 45492 [preauth]
May  8 04:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Connection closed by 161.35.38.226 port 45506 [preauth]
May  8 04:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6166]: Connection closed by 161.35.38.226 port 45518 [preauth]
May  8 04:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Connection closed by 161.35.38.226 port 45532 [preauth]
May  8 04:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Connection closed by 161.35.38.226 port 45548 [preauth]
May  8 04:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6185]: Connection closed by 161.35.38.226 port 45550 [preauth]
May  8 04:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6187]: Connection closed by 161.35.38.226 port 45552 [preauth]
May  8 04:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6189]: Connection closed by 161.35.38.226 port 45554 [preauth]
May  8 04:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6191]: Connection closed by 161.35.38.226 port 45560 [preauth]
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6203]: pam_unix(cron:session): session closed for user p13x
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: Successful su for rubyman by root
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: + ??? root:rubyman
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350896 of user rubyman.
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6269]: pam_unix(su:session): session closed for user rubyman
May  8 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350896.
May  8 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: Connection closed by 161.35.38.226 port 45564 [preauth]
May  8 04:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Connection closed by 161.35.38.226 port 51194 [preauth]
May  8 04:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6376]: Connection closed by 161.35.38.226 port 51206 [preauth]
May  8 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6418]: Connection closed by 161.35.38.226 port 51220 [preauth]
May  8 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2994]: pam_unix(cron:session): session closed for user root
May  8 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6204]: pam_unix(cron:session): session closed for user samftp
May  8 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Invalid user deploy from 196.251.84.225
May  8 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: input_userauth_request: invalid user deploy [preauth]
May  8 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Failed password for invalid user deploy from 196.251.84.225 port 46696 ssh2
May  8 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6465]: Connection closed by 196.251.84.225 port 46696 [preauth]
May  8 04:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4893]: pam_unix(cron:session): session closed for user root
May  8 04:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Invalid user drupal from 196.251.84.225
May  8 04:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: input_userauth_request: invalid user drupal [preauth]
May  8 04:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Failed password for invalid user drupal from 196.251.84.225 port 36502 ssh2
May  8 04:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6551]: Connection closed by 196.251.84.225 port 36502 [preauth]
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6612]: pam_unix(cron:session): session closed for user p13x
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6682]: Successful su for rubyman by root
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6682]: + ??? root:rubyman
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350901 of user rubyman.
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6682]: pam_unix(su:session): session closed for user rubyman
May  8 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350901.
May  8 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3438]: pam_unix(cron:session): session closed for user root
May  8 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Invalid user ubuntu from 196.251.84.225
May  8 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6613]: pam_unix(cron:session): session closed for user samftp
May  8 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Failed password for invalid user ubuntu from 196.251.84.225 port 50454 ssh2
May  8 04:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6839]: Connection closed by 196.251.84.225 port 50454 [preauth]
May  8 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6999]: Bad protocol version identification '\026\003\001' from 3.145.34.44 port 39282
May  8 04:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5659]: pam_unix(cron:session): session closed for user root
May  8 04:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Failed password for root from 196.251.84.225 port 58412 ssh2
May  8 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7032]: Connection closed by 196.251.84.225 port 58412 [preauth]
May  8 04:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Invalid user Administrator from 194.0.234.19
May  8 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: input_userauth_request: invalid user Administrator [preauth]
May  8 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Failed none for invalid user Administrator from 194.0.234.19 port 34566 ssh2
May  8 04:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7073]: Connection closed by 194.0.234.19 port 34566 [preauth]
May  8 04:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7086]: Failed password for root from 164.68.105.9 port 55064 ssh2
May  8 04:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7086]: Connection closed by 164.68.105.9 port 55064 [preauth]
May  8 04:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: User mysql from 186.233.208.13 not allowed because not listed in AllowUsers
May  8 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: input_userauth_request: invalid user mysql [preauth]
May  8 04:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=mysql
May  8 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Failed password for invalid user mysql from 186.233.208.13 port 40182 ssh2
May  8 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Received disconnect from 186.233.208.13 port 40182:11: Bye Bye [preauth]
May  8 04:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7123]: Disconnected from 186.233.208.13 port 40182 [preauth]
May  8 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7141]: pam_unix(cron:session): session closed for user p13x
May  8 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: Successful su for rubyman by root
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: + ??? root:rubyman
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350905 of user rubyman.
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7206]: pam_unix(su:session): session closed for user rubyman
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350905.
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Invalid user oracle from 196.251.84.225
May  8 04:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: input_userauth_request: invalid user oracle [preauth]
May  8 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3867]: pam_unix(cron:session): session closed for user root
May  8 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Failed password for invalid user oracle from 196.251.84.225 port 47260 ssh2
May  8 04:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7176]: Connection closed by 196.251.84.225 port 47260 [preauth]
May  8 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7142]: pam_unix(cron:session): session closed for user samftp
May  8 04:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Invalid user elasticsearch from 196.251.84.225
May  8 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6206]: pam_unix(cron:session): session closed for user root
May  8 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for invalid user elasticsearch from 196.251.84.225 port 45740 ssh2
May  8 04:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 196.251.84.225 port 45740 [preauth]
May  8 04:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7650]: pam_unix(cron:session): session closed for user root
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7643]: pam_unix(cron:session): session closed for user p13x
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7730]: Successful su for rubyman by root
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7730]: + ??? root:rubyman
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350909 of user rubyman.
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7730]: pam_unix(su:session): session closed for user rubyman
May  8 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350909.
May  8 04:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7645]: pam_unix(cron:session): session closed for user root
May  8 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: Failed password for root from 196.251.84.225 port 59570 ssh2
May  8 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4457]: pam_unix(cron:session): session closed for user root
May  8 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7640]: Connection closed by 196.251.84.225 port 59570 [preauth]
May  8 04:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7644]: pam_unix(cron:session): session closed for user samftp
May  8 04:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Invalid user gitlab from 196.251.84.225
May  8 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: input_userauth_request: invalid user gitlab [preauth]
May  8 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Failed password for invalid user gitlab from 196.251.84.225 port 48520 ssh2
May  8 04:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Connection closed by 196.251.84.225 port 48520 [preauth]
May  8 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user root
May  8 04:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Invalid user cdn from 14.103.173.90
May  8 04:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: input_userauth_request: invalid user cdn [preauth]
May  8 04:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Failed password for invalid user cdn from 14.103.173.90 port 48246 ssh2
May  8 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Received disconnect from 14.103.173.90 port 48246:11: Bye Bye [preauth]
May  8 04:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8079]: Disconnected from 14.103.173.90 port 48246 [preauth]
May  8 04:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Invalid user ubuntu from 196.251.84.225
May  8 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Failed password for invalid user ubuntu from 196.251.84.225 port 42870 ssh2
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user p13x
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8104]: Connection closed by 196.251.84.225 port 42870 [preauth]
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: Successful su for rubyman by root
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: + ??? root:rubyman
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350915 of user rubyman.
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session closed for user rubyman
May  8 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350915.
May  8 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4892]: pam_unix(cron:session): session closed for user root
May  8 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user samftp
May  8 04:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Failed password for root from 196.251.84.225 port 51054 ssh2
May  8 04:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8446]: Connection closed by 196.251.84.225 port 51054 [preauth]
May  8 04:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7145]: pam_unix(cron:session): session closed for user root
May  8 04:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Invalid user ubuntu from 196.251.84.225
May  8 04:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Failed password for invalid user ubuntu from 196.251.84.225 port 40078 ssh2
May  8 04:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8533]: Connection closed by 196.251.84.225 port 40078 [preauth]
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8558]: pam_unix(cron:session): session closed for user p13x
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: Successful su for rubyman by root
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: + ??? root:rubyman
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350919 of user rubyman.
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8623]: pam_unix(su:session): session closed for user rubyman
May  8 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350919.
May  8 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5658]: pam_unix(cron:session): session closed for user root
May  8 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8559]: pam_unix(cron:session): session closed for user samftp
May  8 04:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Invalid user airflow from 196.251.84.225
May  8 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: input_userauth_request: invalid user airflow [preauth]
May  8 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Failed password for invalid user airflow from 196.251.84.225 port 41540 ssh2
May  8 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8860]: Connection closed by 196.251.84.225 port 41540 [preauth]
May  8 04:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Invalid user crv from 181.188.159.138
May  8 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: input_userauth_request: invalid user crv [preauth]
May  8 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 04:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Failed password for invalid user crv from 181.188.159.138 port 51478 ssh2
May  8 04:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Received disconnect from 181.188.159.138 port 51478:11: Bye Bye [preauth]
May  8 04:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8886]: Disconnected from 181.188.159.138 port 51478 [preauth]
May  8 04:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7648]: pam_unix(cron:session): session closed for user root
May  8 04:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Invalid user jito from 196.251.84.225
May  8 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: input_userauth_request: invalid user jito [preauth]
May  8 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Failed password for invalid user jito from 196.251.84.225 port 36810 ssh2
May  8 04:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Connection closed by 196.251.84.225 port 36810 [preauth]
May  8 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8982]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8981]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8981]: pam_unix(cron:session): session closed for user p13x
May  8 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: Successful su for rubyman by root
May  8 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: + ??? root:rubyman
May  8 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350922 of user rubyman.
May  8 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9043]: pam_unix(su:session): session closed for user rubyman
May  8 04:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350922.
May  8 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6205]: pam_unix(cron:session): session closed for user root
May  8 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8982]: pam_unix(cron:session): session closed for user samftp
May  8 04:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Invalid user solana from 196.251.84.225
May  8 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: input_userauth_request: invalid user solana [preauth]
May  8 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Failed password for invalid user solana from 196.251.84.225 port 59450 ssh2
May  8 04:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9385]: Connection closed by 196.251.84.225 port 59450 [preauth]
May  8 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session closed for user root
May  8 04:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Invalid user wang from 196.251.84.225
May  8 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: input_userauth_request: invalid user wang [preauth]
May  8 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Failed password for invalid user wang from 196.251.84.225 port 45004 ssh2
May  8 04:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9488]: Connection closed by 196.251.84.225 port 45004 [preauth]
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9511]: pam_unix(cron:session): session closed for user p13x
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9627]: Successful su for rubyman by root
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9627]: + ??? root:rubyman
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9627]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350926 of user rubyman.
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9627]: pam_unix(su:session): session closed for user rubyman
May  8 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350926.
May  8 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user root
May  8 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session closed for user root
May  8 04:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9512]: pam_unix(cron:session): session closed for user samftp
May  8 04:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Invalid user mongodb from 196.251.84.225
May  8 04:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: input_userauth_request: invalid user mongodb [preauth]
May  8 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Failed password for invalid user mongodb from 196.251.84.225 port 57710 ssh2
May  8 04:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9881]: Connection closed by 196.251.84.225 port 57710 [preauth]
May  8 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8561]: pam_unix(cron:session): session closed for user root
May  8 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: Invalid user software from 186.233.208.13
May  8 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: input_userauth_request: invalid user software [preauth]
May  8 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: Failed password for invalid user software from 186.233.208.13 port 44380 ssh2
May  8 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: Received disconnect from 186.233.208.13 port 44380:11: Bye Bye [preauth]
May  8 04:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9935]: Disconnected from 186.233.208.13 port 44380 [preauth]
May  8 04:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Invalid user dolphin from 196.251.84.225
May  8 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: input_userauth_request: invalid user dolphin [preauth]
May  8 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Failed password for invalid user dolphin from 196.251.84.225 port 50340 ssh2
May  8 04:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Connection closed by 196.251.84.225 port 50340 [preauth]
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10013]: pam_unix(cron:session): session closed for user root
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session closed for user p13x
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10086]: Successful su for rubyman by root
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10086]: + ??? root:rubyman
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350933 of user rubyman.
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10086]: pam_unix(su:session): session closed for user rubyman
May  8 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350933.
May  8 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10010]: pam_unix(cron:session): session closed for user root
May  8 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session closed for user root
May  8 04:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session closed for user samftp
May  8 04:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: Invalid user sftpuser from 196.251.84.225
May  8 04:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: input_userauth_request: invalid user sftpuser [preauth]
May  8 04:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: Failed password for invalid user sftpuser from 196.251.84.225 port 60256 ssh2
May  8 04:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10409]: Connection closed by 196.251.84.225 port 60256 [preauth]
May  8 04:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8985]: pam_unix(cron:session): session closed for user root
May  8 04:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Invalid user dma from 14.103.173.90
May  8 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: input_userauth_request: invalid user dma [preauth]
May  8 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Failed password for invalid user dma from 14.103.173.90 port 42544 ssh2
May  8 04:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Received disconnect from 14.103.173.90 port 42544:11: Bye Bye [preauth]
May  8 04:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10499]: Disconnected from 14.103.173.90 port 42544 [preauth]
May  8 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: Invalid user rancher from 196.251.84.225
May  8 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: input_userauth_request: invalid user rancher [preauth]
May  8 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: Failed password for invalid user rancher from 196.251.84.225 port 40728 ssh2
May  8 04:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10510]: Connection closed by 196.251.84.225 port 40728 [preauth]
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10556]: pam_unix(cron:session): session closed for user p13x
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10646]: Successful su for rubyman by root
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10646]: + ??? root:rubyman
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350937 of user rubyman.
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10646]: pam_unix(su:session): session closed for user rubyman
May  8 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350937.
May  8 04:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7647]: pam_unix(cron:session): session closed for user root
May  8 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10557]: pam_unix(cron:session): session closed for user samftp
May  8 04:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Invalid user sftp from 196.251.84.225
May  8 04:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: input_userauth_request: invalid user sftp [preauth]
May  8 04:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Failed password for invalid user sftp from 196.251.84.225 port 36330 ssh2
May  8 04:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10894]: Connection closed by 196.251.84.225 port 36330 [preauth]
May  8 04:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9514]: pam_unix(cron:session): session closed for user root
May  8 04:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Invalid user wordpress from 196.251.84.225
May  8 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: input_userauth_request: invalid user wordpress [preauth]
May  8 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Failed password for invalid user wordpress from 196.251.84.225 port 38276 ssh2
May  8 04:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10970]: Connection closed by 196.251.84.225 port 38276 [preauth]
May  8 04:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  8 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Failed password for root from 124.198.59.254 port 48422 ssh2
May  8 04:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10960]: Connection closed by 124.198.59.254 port 48422 [preauth]
May  8 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11022]: pam_unix(cron:session): session closed for user p13x
May  8 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11086]: Successful su for rubyman by root
May  8 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11086]: + ??? root:rubyman
May  8 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350941 of user rubyman.
May  8 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11086]: pam_unix(su:session): session closed for user rubyman
May  8 04:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350941.
May  8 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session closed for user root
May  8 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Invalid user emby from 196.251.84.225
May  8 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: input_userauth_request: invalid user emby [preauth]
May  8 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11023]: pam_unix(cron:session): session closed for user samftp
May  8 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Failed password for invalid user emby from 196.251.84.225 port 53970 ssh2
May  8 04:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11256]: Connection closed by 196.251.84.225 port 53970 [preauth]
May  8 04:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  8 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Invalid user deploy from 196.251.84.225
May  8 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: input_userauth_request: invalid user deploy [preauth]
May  8 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: Failed password for root from 80.94.95.116 port 51464 ssh2
May  8 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11330]: Connection closed by 80.94.95.116 port 51464 [preauth]
May  8 04:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10012]: pam_unix(cron:session): session closed for user root
May  8 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Failed password for invalid user deploy from 196.251.84.225 port 40950 ssh2
May  8 04:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11340]: Connection closed by 196.251.84.225 port 40950 [preauth]
May  8 04:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11418]: pam_unix(cron:session): session closed for user p13x
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11482]: Successful su for rubyman by root
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11482]: + ??? root:rubyman
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350945 of user rubyman.
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11482]: pam_unix(su:session): session closed for user rubyman
May  8 04:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350945.
May  8 04:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Failed password for root from 196.251.84.225 port 40890 ssh2
May  8 04:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11415]: Connection closed by 196.251.84.225 port 40890 [preauth]
May  8 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8560]: pam_unix(cron:session): session closed for user root
May  8 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session closed for user samftp
May  8 04:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: Invalid user world from 181.188.159.138
May  8 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: input_userauth_request: invalid user world [preauth]
May  8 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 04:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: Failed password for invalid user world from 181.188.159.138 port 33328 ssh2
May  8 04:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: Received disconnect from 181.188.159.138 port 33328:11: Bye Bye [preauth]
May  8 04:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11734]: Disconnected from 181.188.159.138 port 33328 [preauth]
May  8 04:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Failed password for root from 196.251.84.225 port 58460 ssh2
May  8 04:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11736]: Connection closed by 196.251.84.225 port 58460 [preauth]
May  8 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10560]: pam_unix(cron:session): session closed for user root
May  8 04:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Invalid user master from 196.251.84.225
May  8 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: input_userauth_request: invalid user master [preauth]
May  8 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Failed password for invalid user master from 196.251.84.225 port 54100 ssh2
May  8 04:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11815]: Connection closed by 196.251.84.225 port 54100 [preauth]
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user p13x
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: Successful su for rubyman by root
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: + ??? root:rubyman
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350948 of user rubyman.
May  8 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11896]: pam_unix(su:session): session closed for user rubyman
May  8 04:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350948.
May  8 04:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8983]: pam_unix(cron:session): session closed for user root
May  8 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11835]: pam_unix(cron:session): session closed for user samftp
May  8 04:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: User uucp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 04:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: input_userauth_request: invalid user uucp [preauth]
May  8 04:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=uucp
May  8 04:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Failed password for invalid user uucp from 196.251.84.225 port 34548 ssh2
May  8 04:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12103]: Connection closed by 196.251.84.225 port 34548 [preauth]
May  8 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11025]: pam_unix(cron:session): session closed for user root
May  8 04:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Invalid user testuser from 196.251.84.225
May  8 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: input_userauth_request: invalid user testuser [preauth]
May  8 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for invalid user testuser from 196.251.84.225 port 43320 ssh2
May  8 04:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Connection closed by 196.251.84.225 port 43320 [preauth]
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session closed for user root
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session closed for user p13x
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12298]: Successful su for rubyman by root
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12298]: + ??? root:rubyman
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350952 of user rubyman.
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12298]: pam_unix(su:session): session closed for user rubyman
May  8 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350952.
May  8 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12222]: pam_unix(cron:session): session closed for user root
May  8 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9513]: pam_unix(cron:session): session closed for user root
May  8 04:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12221]: pam_unix(cron:session): session closed for user samftp
May  8 04:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Invalid user ubuntu from 186.233.208.13
May  8 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Failed password for invalid user ubuntu from 186.233.208.13 port 36610 ssh2
May  8 04:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Received disconnect from 186.233.208.13 port 36610:11: Bye Bye [preauth]
May  8 04:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12511]: Disconnected from 186.233.208.13 port 36610 [preauth]
May  8 04:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: Invalid user git from 196.251.84.225
May  8 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: input_userauth_request: invalid user git [preauth]
May  8 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: Failed password for invalid user git from 196.251.84.225 port 54550 ssh2
May  8 04:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12542]: Connection closed by 196.251.84.225 port 54550 [preauth]
May  8 04:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user root
May  8 04:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: Invalid user wanghe from 14.103.173.90
May  8 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: input_userauth_request: invalid user wanghe [preauth]
May  8 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: Failed password for invalid user wanghe from 14.103.173.90 port 36158 ssh2
May  8 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: Received disconnect from 14.103.173.90 port 36158:11: Bye Bye [preauth]
May  8 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12612]: Disconnected from 14.103.173.90 port 36158 [preauth]
May  8 04:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: Invalid user airflow from 196.251.84.225
May  8 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: input_userauth_request: invalid user airflow [preauth]
May  8 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: Failed password for invalid user airflow from 196.251.84.225 port 43846 ssh2
May  8 04:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12634]: Connection closed by 196.251.84.225 port 43846 [preauth]
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12661]: pam_unix(cron:session): session closed for user p13x
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: Successful su for rubyman by root
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: + ??? root:rubyman
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350960 of user rubyman.
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12731]: pam_unix(su:session): session closed for user rubyman
May  8 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350960.
May  8 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10011]: pam_unix(cron:session): session closed for user root
May  8 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12662]: pam_unix(cron:session): session closed for user samftp
May  8 04:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Failed password for root from 80.94.95.241 port 61961 ssh2
May  8 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Invalid user zabbix from 196.251.84.225
May  8 04:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: input_userauth_request: invalid user zabbix [preauth]
May  8 04:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Failed password for root from 80.94.95.241 port 61961 ssh2
May  8 04:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Failed password for invalid user zabbix from 196.251.84.225 port 46564 ssh2
May  8 04:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12932]: Connection closed by 196.251.84.225 port 46564 [preauth]
May  8 04:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Failed password for root from 80.94.95.241 port 61961 ssh2
May  8 04:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: message repeated 2 times: [ Failed password for root from 80.94.95.241 port 61961 ssh2]
May  8 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Received disconnect from 80.94.95.241 port 61961:11: Bye [preauth]
May  8 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Disconnected from 80.94.95.241 port 61961 [preauth]
May  8 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11837]: pam_unix(cron:session): session closed for user root
May  8 04:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Invalid user node from 196.251.84.225
May  8 04:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: input_userauth_request: invalid user node [preauth]
May  8 04:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Failed password for invalid user node from 196.251.84.225 port 54574 ssh2
May  8 04:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Connection closed by 196.251.84.225 port 54574 [preauth]
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13068]: pam_unix(cron:session): session closed for user root
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13071]: pam_unix(cron:session): session closed for user p13x
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13135]: Successful su for rubyman by root
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13135]: + ??? root:rubyman
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13135]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350964 of user rubyman.
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13135]: pam_unix(su:session): session closed for user rubyman
May  8 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350964.
May  8 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10559]: pam_unix(cron:session): session closed for user root
May  8 04:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13072]: pam_unix(cron:session): session closed for user samftp
May  8 04:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: Invalid user user from 196.251.84.225
May  8 04:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: input_userauth_request: invalid user user [preauth]
May  8 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: Failed password for invalid user user from 196.251.84.225 port 40630 ssh2
May  8 04:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13318]: Connection closed by 196.251.84.225 port 40630 [preauth]
May  8 04:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: User ftp from 80.94.95.241 not allowed because not listed in AllowUsers
May  8 04:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: input_userauth_request: invalid user ftp [preauth]
May  8 04:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=ftp
May  8 04:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Failed password for invalid user ftp from 80.94.95.241 port 63592 ssh2
May  8 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: message repeated 4 times: [ Failed password for invalid user ftp from 80.94.95.241 port 63592 ssh2]
May  8 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Received disconnect from 80.94.95.241 port 63592:11: Bye [preauth]
May  8 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: Disconnected from 80.94.95.241 port 63592 [preauth]
May  8 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=ftp
May  8 04:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13330]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Invalid user testuser from 196.251.84.225
May  8 04:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: input_userauth_request: invalid user testuser [preauth]
May  8 04:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12224]: pam_unix(cron:session): session closed for user root
May  8 04:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Failed password for invalid user testuser from 196.251.84.225 port 50110 ssh2
May  8 04:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Connection closed by 196.251.84.225 port 50110 [preauth]
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13578]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13578]: pam_unix(cron:session): session closed for user p13x
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13645]: Successful su for rubyman by root
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13645]: + ??? root:rubyman
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350968 of user rubyman.
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13645]: pam_unix(su:session): session closed for user rubyman
May  8 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350968.
May  8 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: Invalid user nagios from 196.251.84.225
May  8 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: input_userauth_request: invalid user nagios [preauth]
May  8 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: Failed password for invalid user nagios from 196.251.84.225 port 41272 ssh2
May  8 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13575]: Connection closed by 196.251.84.225 port 41272 [preauth]
May  8 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11024]: pam_unix(cron:session): session closed for user root
May  8 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13580]: pam_unix(cron:session): session closed for user samftp
May  8 04:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Failed password for root from 196.251.84.225 port 41132 ssh2
May  8 04:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Connection closed by 196.251.84.225 port 41132 [preauth]
May  8 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12665]: pam_unix(cron:session): session closed for user root
May  8 04:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Invalid user puppet from 196.251.84.225
May  8 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: input_userauth_request: invalid user puppet [preauth]
May  8 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Failed password for invalid user puppet from 196.251.84.225 port 48088 ssh2
May  8 04:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13967]: Connection closed by 196.251.84.225 port 48088 [preauth]
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13987]: pam_unix(cron:session): session closed for user p13x
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14051]: Successful su for rubyman by root
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14051]: + ??? root:rubyman
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350972 of user rubyman.
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14051]: pam_unix(su:session): session closed for user rubyman
May  8 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350972.
May  8 04:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user root
May  8 04:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13988]: pam_unix(cron:session): session closed for user samftp
May  8 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Invalid user subsonic from 196.251.84.225
May  8 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: input_userauth_request: invalid user subsonic [preauth]
May  8 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Failed password for invalid user subsonic from 196.251.84.225 port 52508 ssh2
May  8 04:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Connection closed by 196.251.84.225 port 52508 [preauth]
May  8 04:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 04:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Failed password for root from 186.121.205.29 port 45284 ssh2
May  8 04:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Received disconnect from 186.121.205.29 port 45284:11: Bye Bye [preauth]
May  8 04:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14276]: Disconnected from 186.121.205.29 port 45284 [preauth]
May  8 04:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13074]: pam_unix(cron:session): session closed for user root
May  8 04:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Invalid user ubuntu from 196.251.84.225
May  8 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Failed password for invalid user ubuntu from 196.251.84.225 port 48172 ssh2
May  8 04:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14369]: Connection closed by 196.251.84.225 port 48172 [preauth]
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14396]: pam_unix(cron:session): session closed for user root
May  8 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14391]: pam_unix(cron:session): session closed for user p13x
May  8 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: Successful su for rubyman by root
May  8 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: + ??? root:rubyman
May  8 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350978 of user rubyman.
May  8 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14458]: pam_unix(su:session): session closed for user rubyman
May  8 04:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350978.
May  8 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14393]: pam_unix(cron:session): session closed for user root
May  8 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11836]: pam_unix(cron:session): session closed for user root
May  8 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14392]: pam_unix(cron:session): session closed for user samftp
May  8 04:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14710]: Failed password for root from 196.251.84.225 port 37384 ssh2
May  8 04:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14710]: Connection closed by 196.251.84.225 port 37384 [preauth]
May  8 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session closed for user root
May  8 04:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Invalid user kibana from 14.103.173.90
May  8 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: input_userauth_request: invalid user kibana [preauth]
May  8 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Invalid user shubham from 186.233.208.13
May  8 04:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: input_userauth_request: invalid user shubham [preauth]
May  8 04:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: Invalid user git from 196.251.84.225
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: input_userauth_request: invalid user git [preauth]
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Failed password for invalid user kibana from 14.103.173.90 port 47152 ssh2
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Received disconnect from 14.103.173.90 port 47152:11: Bye Bye [preauth]
May  8 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14788]: Disconnected from 14.103.173.90 port 47152 [preauth]
May  8 04:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Failed password for invalid user shubham from 186.233.208.13 port 60068 ssh2
May  8 04:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Received disconnect from 186.233.208.13 port 60068:11: Bye Bye [preauth]
May  8 04:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14790]: Disconnected from 186.233.208.13 port 60068 [preauth]
May  8 04:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: Failed password for invalid user git from 196.251.84.225 port 35694 ssh2
May  8 04:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14799]: Connection closed by 196.251.84.225 port 35694 [preauth]
May  8 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session closed for user p13x
May  8 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14909]: Successful su for rubyman by root
May  8 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14909]: + ??? root:rubyman
May  8 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350984 of user rubyman.
May  8 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14909]: pam_unix(su:session): session closed for user rubyman
May  8 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350984.
May  8 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12223]: pam_unix(cron:session): session closed for user root
May  8 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session closed for user samftp
May  8 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: Invalid user lsb from 196.251.84.225
May  8 04:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: input_userauth_request: invalid user lsb [preauth]
May  8 04:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: Failed password for invalid user lsb from 196.251.84.225 port 48852 ssh2
May  8 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15107]: Connection closed by 196.251.84.225 port 48852 [preauth]
May  8 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13990]: pam_unix(cron:session): session closed for user root
May  8 04:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Failed password for root from 196.251.84.225 port 46680 ssh2
May  8 04:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15196]: Connection closed by 196.251.84.225 port 46680 [preauth]
May  8 04:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Invalid user admin from 80.94.95.241
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: input_userauth_request: invalid user admin [preauth]
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15256]: pam_unix(cron:session): session closed for user p13x
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: Successful su for rubyman by root
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: + ??? root:rubyman
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350986 of user rubyman.
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15320]: pam_unix(su:session): session closed for user rubyman
May  8 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350986.
May  8 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for invalid user admin from 80.94.95.241 port 18285 ssh2
May  8 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12663]: pam_unix(cron:session): session closed for user root
May  8 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for invalid user admin from 80.94.95.241 port 18285 ssh2
May  8 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session closed for user samftp
May  8 04:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for invalid user admin from 80.94.95.241 port 18285 ssh2
May  8 04:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for invalid user admin from 80.94.95.241 port 18285 ssh2
May  8 04:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Invalid user sol from 196.251.84.225
May  8 04:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: input_userauth_request: invalid user sol [preauth]
May  8 04:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for invalid user admin from 80.94.95.241 port 18285 ssh2
May  8 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Failed password for invalid user sol from 196.251.84.225 port 41658 ssh2
May  8 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Received disconnect from 80.94.95.241 port 18285:11: Bye [preauth]
May  8 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Disconnected from 80.94.95.241 port 18285 [preauth]
May  8 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15505]: Connection closed by 196.251.84.225 port 41658 [preauth]
May  8 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14395]: pam_unix(cron:session): session closed for user root
May  8 04:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Failed password for root from 196.251.84.225 port 56984 ssh2
May  8 04:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15595]: Connection closed by 196.251.84.225 port 56984 [preauth]
May  8 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15652]: pam_unix(cron:session): session closed for user p13x
May  8 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: Successful su for rubyman by root
May  8 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: + ??? root:rubyman
May  8 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350991 of user rubyman.
May  8 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15715]: pam_unix(su:session): session closed for user rubyman
May  8 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350991.
May  8 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13073]: pam_unix(cron:session): session closed for user root
May  8 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15653]: pam_unix(cron:session): session closed for user samftp
May  8 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: Invalid user factorio from 196.251.84.225
May  8 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: input_userauth_request: invalid user factorio [preauth]
May  8 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: Failed password for invalid user factorio from 196.251.84.225 port 38006 ssh2
May  8 04:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15898]: Connection closed by 196.251.84.225 port 38006 [preauth]
May  8 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session closed for user root
May  8 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Invalid user opc from 196.251.84.225
May  8 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: input_userauth_request: invalid user opc [preauth]
May  8 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Failed password for invalid user opc from 196.251.84.225 port 49702 ssh2
May  8 04:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15978]: Connection closed by 196.251.84.225 port 49702 [preauth]
May  8 04:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=root
May  8 04:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: Failed password for root from 85.208.84.5 port 15786 ssh2
May  8 04:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16029]: Connection closed by 85.208.84.5 port 15786 [preauth]
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16048]: pam_unix(cron:session): session closed for user p13x
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16108]: Successful su for rubyman by root
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16108]: + ??? root:rubyman
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16108]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 350993 of user rubyman.
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16108]: pam_unix(su:session): session closed for user rubyman
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 350993.
May  8 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session closed for user root
May  8 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16119]: Failed password for root from 196.251.84.225 port 60410 ssh2
May  8 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16119]: Connection closed by 196.251.84.225 port 60410 [preauth]
May  8 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16049]: pam_unix(cron:session): session closed for user samftp
May  8 04:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Invalid user admin from 80.94.95.112
May  8 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: input_userauth_request: invalid user admin [preauth]
May  8 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user admin from 80.94.95.112 port 37141 ssh2
May  8 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user admin from 80.94.95.112 port 37141 ssh2
May  8 04:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user admin from 80.94.95.112 port 37141 ssh2
May  8 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user admin from 80.94.95.112 port 37141 ssh2
May  8 04:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Failed password for invalid user admin from 80.94.95.112 port 37141 ssh2
May  8 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Received disconnect from 80.94.95.112 port 37141:11: Bye [preauth]
May  8 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: Disconnected from 80.94.95.112 port 37141 [preauth]
May  8 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 04:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16293]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session closed for user root
May  8 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Invalid user omsagent from 196.251.84.225
May  8 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: input_userauth_request: invalid user omsagent [preauth]
May  8 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Failed password for invalid user omsagent from 196.251.84.225 port 58456 ssh2
May  8 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16352]: Connection closed by 196.251.84.225 port 58456 [preauth]
May  8 04:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16440]: pam_unix(cron:session): session closed for user root
May  8 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16432]: pam_unix(cron:session): session closed for user p13x
May  8 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: Successful su for rubyman by root
May  8 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: + ??? root:rubyman
May  8 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351000 of user rubyman.
May  8 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16532]: pam_unix(su:session): session closed for user rubyman
May  8 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351000.
May  8 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Invalid user elastic from 196.251.84.225
May  8 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: input_userauth_request: invalid user elastic [preauth]
May  8 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16437]: pam_unix(cron:session): session closed for user root
May  8 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13989]: pam_unix(cron:session): session closed for user root
May  8 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Failed password for invalid user elastic from 196.251.84.225 port 37132 ssh2
May  8 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Connection closed by 196.251.84.225 port 37132 [preauth]
May  8 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16436]: pam_unix(cron:session): session closed for user samftp
May  8 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Invalid user jorgen from 14.103.173.90
May  8 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: input_userauth_request: invalid user jorgen [preauth]
May  8 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Failed password for invalid user jorgen from 14.103.173.90 port 33472 ssh2
May  8 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Received disconnect from 14.103.173.90 port 33472:11: Bye Bye [preauth]
May  8 04:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16833]: Disconnected from 14.103.173.90 port 33472 [preauth]
May  8 04:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Invalid user hadoop from 196.251.84.225
May  8 04:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: input_userauth_request: invalid user hadoop [preauth]
May  8 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15655]: pam_unix(cron:session): session closed for user root
May  8 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Invalid user ttx from 181.188.159.138
May  8 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: input_userauth_request: invalid user ttx [preauth]
May  8 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Failed password for invalid user hadoop from 196.251.84.225 port 54552 ssh2
May  8 04:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16831]: Connection closed by 196.251.84.225 port 54552 [preauth]
May  8 04:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Failed password for invalid user ttx from 181.188.159.138 port 42350 ssh2
May  8 04:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Received disconnect from 181.188.159.138 port 42350:11: Bye Bye [preauth]
May  8 04:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16844]: Disconnected from 181.188.159.138 port 42350 [preauth]
May  8 04:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Invalid user dstserver from 196.251.84.225
May  8 04:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: input_userauth_request: invalid user dstserver [preauth]
May  8 04:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Failed password for invalid user dstserver from 196.251.84.225 port 37324 ssh2
May  8 04:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16946]: Connection closed by 196.251.84.225 port 37324 [preauth]
May  8 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16958]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16957]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16957]: pam_unix(cron:session): session closed for user p13x
May  8 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17025]: Successful su for rubyman by root
May  8 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17025]: + ??? root:rubyman
May  8 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351003 of user rubyman.
May  8 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17025]: pam_unix(su:session): session closed for user rubyman
May  8 04:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351003.
May  8 04:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14394]: pam_unix(cron:session): session closed for user root
May  8 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16958]: pam_unix(cron:session): session closed for user samftp
May  8 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Invalid user steamsrv from 193.70.84.184
May  8 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: input_userauth_request: invalid user steamsrv [preauth]
May  8 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 04:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Failed password for invalid user steamsrv from 193.70.84.184 port 53092 ssh2
May  8 04:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Connection closed by 193.70.84.184 port 53092 [preauth]
May  8 04:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: Invalid user fad from 186.233.208.13
May  8 04:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: input_userauth_request: invalid user fad [preauth]
May  8 04:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: Failed password for invalid user fad from 186.233.208.13 port 48736 ssh2
May  8 04:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: Received disconnect from 186.233.208.13 port 48736:11: Bye Bye [preauth]
May  8 04:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17257]: Disconnected from 186.233.208.13 port 48736 [preauth]
May  8 04:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Failed password for root from 196.251.84.225 port 39954 ssh2
May  8 04:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17284]: Connection closed by 196.251.84.225 port 39954 [preauth]
May  8 04:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Invalid user enisa from 46.244.96.25
May  8 04:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: input_userauth_request: invalid user enisa [preauth]
May  8 04:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25
May  8 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16051]: pam_unix(cron:session): session closed for user root
May  8 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Failed password for invalid user enisa from 46.244.96.25 port 42658 ssh2
May  8 04:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17295]: Connection closed by 46.244.96.25 port 42658 [preauth]
May  8 04:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Invalid user gitlab-psql from 196.251.84.225
May  8 04:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: input_userauth_request: invalid user gitlab-psql [preauth]
May  8 04:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for invalid user gitlab-psql from 196.251.84.225 port 60834 ssh2
May  8 04:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Connection closed by 196.251.84.225 port 60834 [preauth]
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17380]: pam_unix(cron:session): session closed for user p13x
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: Successful su for rubyman by root
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: + ??? root:rubyman
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351008 of user rubyman.
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17446]: pam_unix(su:session): session closed for user rubyman
May  8 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351008.
May  8 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session closed for user root
May  8 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17381]: pam_unix(cron:session): session closed for user samftp
May  8 04:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Invalid user uftp from 196.251.84.225
May  8 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: input_userauth_request: invalid user uftp [preauth]
May  8 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 04:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Failed password for invalid user uftp from 196.251.84.225 port 50274 ssh2
May  8 04:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17682]: Connection closed by 196.251.84.225 port 50274 [preauth]
May  8 04:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: Failed password for root from 218.92.0.201 port 26110 ssh2
May  8 04:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 26110 ssh2]
May  8 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16439]: pam_unix(cron:session): session closed for user root
May  8 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: Failed password for root from 218.92.0.201 port 26110 ssh2
May  8 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: Failed password for root from 218.92.0.201 port 26110 ssh2
May  8 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 26110 ssh2 [preauth]
May  8 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: Disconnecting: Too many authentication failures [preauth]
May  8 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 04:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17681]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 04:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 218.92.0.201 port 28204 ssh2
May  8 04:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 218.92.0.201 port 28204 ssh2
May  8 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Invalid user sol from 196.251.84.225
May  8 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: input_userauth_request: invalid user sol [preauth]
May  8 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Failed password for invalid user sol from 196.251.84.225 port 33634 ssh2
May  8 04:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 218.92.0.201 port 28204 ssh2
May  8 04:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17799]: Connection closed by 196.251.84.225 port 33634 [preauth]
May  8 04:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Failed password for root from 218.92.0.201 port 28204 ssh2
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 28204 ssh2]
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 28204 ssh2 [preauth]
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: Disconnecting: Too many authentication failures [preauth]
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17758]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session closed for user p13x
May  8 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17980]: Successful su for rubyman by root
May  8 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17980]: + ??? root:rubyman
May  8 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351011 of user rubyman.
May  8 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17980]: pam_unix(su:session): session closed for user rubyman
May  8 04:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351011.
May  8 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session closed for user root
May  8 04:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17913]: pam_unix(cron:session): session closed for user samftp
May  8 04:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: Invalid user es from 196.251.84.225
May  8 04:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: input_userauth_request: invalid user es [preauth]
May  8 04:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: Failed password for invalid user es from 196.251.84.225 port 39696 ssh2
May  8 04:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18198]: Connection closed by 196.251.84.225 port 39696 [preauth]
May  8 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16960]: pam_unix(cron:session): session closed for user root
May  8 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Invalid user solr from 196.251.84.225
May  8 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: input_userauth_request: invalid user solr [preauth]
May  8 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Failed password for invalid user solr from 196.251.84.225 port 54638 ssh2
May  8 04:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18286]: Connection closed by 196.251.84.225 port 54638 [preauth]
May  8 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18331]: pam_unix(cron:session): session closed for user p13x
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18398]: Successful su for rubyman by root
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18398]: + ??? root:rubyman
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351015 of user rubyman.
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18398]: pam_unix(su:session): session closed for user rubyman
May  8 04:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351015.
May  8 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15654]: pam_unix(cron:session): session closed for user root
May  8 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18332]: pam_unix(cron:session): session closed for user samftp
May  8 04:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Invalid user plex from 196.251.84.225
May  8 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: input_userauth_request: invalid user plex [preauth]
May  8 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Failed password for invalid user plex from 196.251.84.225 port 35344 ssh2
May  8 04:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18587]: Connection closed by 196.251.84.225 port 35344 [preauth]
May  8 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session closed for user root
May  8 04:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Invalid user amp from 196.251.84.225
May  8 04:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: input_userauth_request: invalid user amp [preauth]
May  8 04:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Failed password for invalid user amp from 196.251.84.225 port 59596 ssh2
May  8 04:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Connection closed by 196.251.84.225 port 59596 [preauth]
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18745]: pam_unix(cron:session): session closed for user root
May  8 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18739]: pam_unix(cron:session): session closed for user p13x
May  8 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18818]: Successful su for rubyman by root
May  8 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18818]: + ??? root:rubyman
May  8 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18818]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351021 of user rubyman.
May  8 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18818]: pam_unix(su:session): session closed for user rubyman
May  8 04:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351021.
May  8 04:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Invalid user docker from 196.251.84.225
May  8 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: input_userauth_request: invalid user docker [preauth]
May  8 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18741]: pam_unix(cron:session): session closed for user root
May  8 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16050]: pam_unix(cron:session): session closed for user root
May  8 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Failed password for invalid user docker from 196.251.84.225 port 44030 ssh2
May  8 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18905]: Connection closed by 196.251.84.225 port 44030 [preauth]
May  8 04:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18740]: pam_unix(cron:session): session closed for user samftp
May  8 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Invalid user jhlee from 14.103.173.90
May  8 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: input_userauth_request: invalid user jhlee [preauth]
May  8 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Failed password for invalid user jhlee from 14.103.173.90 port 32832 ssh2
May  8 04:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Received disconnect from 14.103.173.90 port 32832:11: Bye Bye [preauth]
May  8 04:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19013]: Disconnected from 14.103.173.90 port 32832 [preauth]
May  8 04:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Failed password for root from 196.251.84.225 port 56752 ssh2
May  8 04:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17916]: pam_unix(cron:session): session closed for user root
May  8 04:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19097]: Connection closed by 196.251.84.225 port 56752 [preauth]
May  8 04:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Invalid user caddy from 196.251.84.225
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: input_userauth_request: invalid user caddy [preauth]
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19185]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19184]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19184]: pam_unix(cron:session): session closed for user p13x
May  8 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: Successful su for rubyman by root
May  8 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: + ??? root:rubyman
May  8 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351028 of user rubyman.
May  8 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19268]: pam_unix(su:session): session closed for user rubyman
May  8 04:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351028.
May  8 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Failed password for invalid user caddy from 196.251.84.225 port 60706 ssh2
May  8 04:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19181]: Connection closed by 196.251.84.225 port 60706 [preauth]
May  8 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16438]: pam_unix(cron:session): session closed for user root
May  8 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19185]: pam_unix(cron:session): session closed for user samftp
May  8 04:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 04:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: Invalid user ds from 196.251.84.225
May  8 04:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: input_userauth_request: invalid user ds [preauth]
May  8 04:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Failed password for root from 186.121.205.29 port 48766 ssh2
May  8 04:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Received disconnect from 186.121.205.29 port 48766:11: Bye Bye [preauth]
May  8 04:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19507]: Disconnected from 186.121.205.29 port 48766 [preauth]
May  8 04:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: Failed password for invalid user ds from 196.251.84.225 port 37390 ssh2
May  8 04:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19509]: Connection closed by 196.251.84.225 port 37390 [preauth]
May  8 04:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session closed for user root
May  8 04:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Invalid user palworld from 196.251.84.225
May  8 04:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: input_userauth_request: invalid user palworld [preauth]
May  8 04:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Failed password for invalid user palworld from 196.251.84.225 port 57370 ssh2
May  8 04:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19610]: Connection closed by 196.251.84.225 port 57370 [preauth]
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user p13x
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19702]: Successful su for rubyman by root
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19702]: + ??? root:rubyman
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351030 of user rubyman.
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19702]: pam_unix(su:session): session closed for user rubyman
May  8 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351030.
May  8 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Invalid user tl from 186.233.208.13
May  8 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: input_userauth_request: invalid user tl [preauth]
May  8 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Failed password for invalid user tl from 186.233.208.13 port 52624 ssh2
May  8 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Received disconnect from 186.233.208.13 port 52624:11: Bye Bye [preauth]
May  8 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19624]: Disconnected from 186.233.208.13 port 52624 [preauth]
May  8 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16959]: pam_unix(cron:session): session closed for user root
May  8 04:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session closed for user samftp
May  8 04:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Invalid user mapr from 196.251.84.225
May  8 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: input_userauth_request: invalid user mapr [preauth]
May  8 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Failed password for invalid user mapr from 196.251.84.225 port 35698 ssh2
May  8 04:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19925]: Connection closed by 196.251.84.225 port 35698 [preauth]
May  8 04:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 04:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Failed password for root from 80.94.95.125 port 49011 ssh2
May  8 04:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 49011 ssh2]
May  8 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18744]: pam_unix(cron:session): session closed for user root
May  8 04:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Failed password for root from 80.94.95.125 port 49011 ssh2
May  8 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Failed password for root from 80.94.95.125 port 49011 ssh2
May  8 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Received disconnect from 80.94.95.125 port 49011:11: Bye [preauth]
May  8 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: Disconnected from 80.94.95.125 port 49011 [preauth]
May  8 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 04:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19940]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: Invalid user solr from 196.251.84.225
May  8 04:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: input_userauth_request: invalid user solr [preauth]
May  8 04:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: Failed password for invalid user solr from 196.251.84.225 port 54016 ssh2
May  8 04:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20021]: Connection closed by 196.251.84.225 port 54016 [preauth]
May  8 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20049]: pam_unix(cron:session): session closed for user p13x
May  8 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: Successful su for rubyman by root
May  8 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: + ??? root:rubyman
May  8 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351034 of user rubyman.
May  8 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20114]: pam_unix(su:session): session closed for user rubyman
May  8 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351034.
May  8 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session closed for user root
May  8 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20050]: pam_unix(cron:session): session closed for user samftp
May  8 04:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Invalid user nginx from 196.251.84.225
May  8 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: input_userauth_request: invalid user nginx [preauth]
May  8 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Failed password for invalid user nginx from 196.251.84.225 port 42858 ssh2
May  8 04:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20316]: Connection closed by 196.251.84.225 port 42858 [preauth]
May  8 04:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19189]: pam_unix(cron:session): session closed for user root
May  8 04:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Failed password for root from 196.251.84.225 port 56702 ssh2
May  8 04:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20403]: Connection closed by 196.251.84.225 port 56702 [preauth]
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20447]: pam_unix(cron:session): session closed for user p13x
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20515]: Successful su for rubyman by root
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20515]: + ??? root:rubyman
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351039 of user rubyman.
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20515]: pam_unix(su:session): session closed for user rubyman
May  8 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351039.
May  8 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17915]: pam_unix(cron:session): session closed for user root
May  8 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session closed for user samftp
May  8 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Invalid user esuser from 196.251.84.225
May  8 04:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: input_userauth_request: invalid user esuser [preauth]
May  8 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Failed password for invalid user esuser from 196.251.84.225 port 56048 ssh2
May  8 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20701]: Connection closed by 196.251.84.225 port 56048 [preauth]
May  8 04:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Invalid user tl from 14.103.173.90
May  8 04:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: input_userauth_request: invalid user tl [preauth]
May  8 04:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.173.90
May  8 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19633]: pam_unix(cron:session): session closed for user root
May  8 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Failed password for invalid user tl from 14.103.173.90 port 40846 ssh2
May  8 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Received disconnect from 14.103.173.90 port 40846:11: Bye Bye [preauth]
May  8 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20773]: Disconnected from 14.103.173.90 port 40846 [preauth]
May  8 04:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Invalid user puppet from 196.251.84.225
May  8 04:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: input_userauth_request: invalid user puppet [preauth]
May  8 04:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Failed password for invalid user puppet from 196.251.84.225 port 60584 ssh2
May  8 04:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20796]: Connection closed by 196.251.84.225 port 60584 [preauth]
May  8 04:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: Invalid user dev from 196.251.84.225
May  8 04:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: input_userauth_request: invalid user dev [preauth]
May  8 04:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20871]: pam_unix(cron:session): session closed for user root
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20866]: pam_unix(cron:session): session closed for user p13x
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20952]: Successful su for rubyman by root
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20952]: + ??? root:rubyman
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351045 of user rubyman.
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20952]: pam_unix(su:session): session closed for user rubyman
May  8 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351045.
May  8 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: Failed password for invalid user dev from 196.251.84.225 port 60144 ssh2
May  8 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20859]: Connection closed by 196.251.84.225 port 60144 [preauth]
May  8 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20868]: pam_unix(cron:session): session closed for user root
May  8 04:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session closed for user root
May  8 04:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20867]: pam_unix(cron:session): session closed for user samftp
May  8 04:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: Invalid user hadoop from 196.251.84.225
May  8 04:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: input_userauth_request: invalid user hadoop [preauth]
May  8 04:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: Failed password for invalid user hadoop from 196.251.84.225 port 46798 ssh2
May  8 04:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21229]: Connection closed by 196.251.84.225 port 46798 [preauth]
May  8 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20052]: pam_unix(cron:session): session closed for user root
May  8 04:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Invalid user oscar from 196.251.84.225
May  8 04:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: input_userauth_request: invalid user oscar [preauth]
May  8 04:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21352]: pam_unix(cron:session): session closed for user p13x
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21417]: Successful su for rubyman by root
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21417]: + ??? root:rubyman
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351050 of user rubyman.
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21417]: pam_unix(su:session): session closed for user rubyman
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351050.
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Failed password for invalid user oscar from 196.251.84.225 port 53428 ssh2
May  8 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21332]: Connection closed by 196.251.84.225 port 53428 [preauth]
May  8 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18742]: pam_unix(cron:session): session closed for user root
May  8 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21353]: pam_unix(cron:session): session closed for user samftp
May  8 04:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  8 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Failed password for root from 85.208.84.4 port 34234 ssh2
May  8 04:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21605]: Connection closed by 85.208.84.4 port 34234 [preauth]
May  8 04:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Failed password for root from 196.251.84.225 port 43396 ssh2
May  8 04:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21673]: Connection closed by 196.251.84.225 port 43396 [preauth]
May  8 04:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20451]: pam_unix(cron:session): session closed for user root
May  8 04:36:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Invalid user ranger from 196.251.84.225
May  8 04:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: input_userauth_request: invalid user ranger [preauth]
May  8 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Failed password for invalid user ranger from 196.251.84.225 port 40032 ssh2
May  8 04:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21870]: Connection closed by 196.251.84.225 port 40032 [preauth]
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22054]: pam_unix(cron:session): session closed for user p13x
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22141]: Successful su for rubyman by root
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22141]: + ??? root:rubyman
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351052 of user rubyman.
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22141]: pam_unix(su:session): session closed for user rubyman
May  8 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351052.
May  8 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19186]: pam_unix(cron:session): session closed for user root
May  8 04:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22055]: pam_unix(cron:session): session closed for user samftp
May  8 04:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Invalid user uftp from 196.251.84.225
May  8 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: input_userauth_request: invalid user uftp [preauth]
May  8 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Failed password for invalid user uftp from 196.251.84.225 port 35876 ssh2
May  8 04:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22397]: Connection closed by 196.251.84.225 port 35876 [preauth]
May  8 04:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Invalid user lch from 181.188.159.138
May  8 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: input_userauth_request: invalid user lch [preauth]
May  8 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Failed password for invalid user lch from 181.188.159.138 port 36254 ssh2
May  8 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Received disconnect from 181.188.159.138 port 36254:11: Bye Bye [preauth]
May  8 04:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22446]: Disconnected from 181.188.159.138 port 36254 [preauth]
May  8 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20870]: pam_unix(cron:session): session closed for user root
May  8 04:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Invalid user rakesh from 186.233.208.13
May  8 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: input_userauth_request: invalid user rakesh [preauth]
May  8 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Failed password for invalid user rakesh from 186.233.208.13 port 39222 ssh2
May  8 04:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Received disconnect from 186.233.208.13 port 39222:11: Bye Bye [preauth]
May  8 04:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22482]: Disconnected from 186.233.208.13 port 39222 [preauth]
May  8 04:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: Invalid user vagrant from 196.251.84.225
May  8 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: input_userauth_request: invalid user vagrant [preauth]
May  8 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: Failed password for invalid user vagrant from 196.251.84.225 port 41646 ssh2
May  8 04:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22525]: Connection closed by 196.251.84.225 port 41646 [preauth]
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22555]: pam_unix(cron:session): session closed for user p13x
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: Successful su for rubyman by root
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: + ??? root:rubyman
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351056 of user rubyman.
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22619]: pam_unix(su:session): session closed for user rubyman
May  8 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351056.
May  8 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session closed for user root
May  8 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22556]: pam_unix(cron:session): session closed for user samftp
May  8 04:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: Invalid user ark from 196.251.84.225
May  8 04:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: input_userauth_request: invalid user ark [preauth]
May  8 04:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: Failed password for invalid user ark from 196.251.84.225 port 54966 ssh2
May  8 04:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22851]: Connection closed by 196.251.84.225 port 54966 [preauth]
May  8 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21355]: pam_unix(cron:session): session closed for user root
May  8 04:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: Failed password for root from 196.251.84.225 port 38540 ssh2
May  8 04:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22966]: Connection closed by 196.251.84.225 port 38540 [preauth]
May  8 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23028]: pam_unix(cron:session): session closed for user p13x
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23149]: Successful su for rubyman by root
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23149]: + ??? root:rubyman
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351061 of user rubyman.
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23149]: pam_unix(su:session): session closed for user rubyman
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351061.
May  8 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23026]: pam_unix(cron:session): session closed for user root
May  8 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20051]: pam_unix(cron:session): session closed for user root
May  8 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session closed for user samftp
May  8 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Invalid user caddy from 196.251.84.225
May  8 04:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: input_userauth_request: invalid user caddy [preauth]
May  8 04:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Failed password for invalid user caddy from 196.251.84.225 port 60332 ssh2
May  8 04:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23460]: Connection closed by 196.251.84.225 port 60332 [preauth]
May  8 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user root
May  8 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Invalid user ds from 196.251.84.225
May  8 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: input_userauth_request: invalid user ds [preauth]
May  8 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Failed password for invalid user ds from 196.251.84.225 port 42232 ssh2
May  8 04:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23532]: Connection closed by 196.251.84.225 port 42232 [preauth]
May  8 04:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session closed for user root
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23627]: pam_unix(cron:session): session closed for user p13x
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23697]: Successful su for rubyman by root
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23697]: + ??? root:rubyman
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351064 of user rubyman.
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23697]: pam_unix(su:session): session closed for user rubyman
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351064.
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Invalid user palworld from 196.251.84.225
May  8 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: input_userauth_request: invalid user palworld [preauth]
May  8 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user root
May  8 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session closed for user root
May  8 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Failed password for invalid user palworld from 196.251.84.225 port 58674 ssh2
May  8 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23616]: Connection closed by 196.251.84.225 port 58674 [preauth]
May  8 04:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23628]: pam_unix(cron:session): session closed for user samftp
May  8 04:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Invalid user factorio from 196.251.84.225
May  8 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: input_userauth_request: invalid user factorio [preauth]
May  8 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Failed password for invalid user factorio from 196.251.84.225 port 54038 ssh2
May  8 04:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24069]: Connection closed by 196.251.84.225 port 54038 [preauth]
May  8 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22558]: pam_unix(cron:session): session closed for user root
May  8 04:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Invalid user ethnode from 196.251.84.225
May  8 04:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: input_userauth_request: invalid user ethnode [preauth]
May  8 04:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Failed password for invalid user ethnode from 196.251.84.225 port 51130 ssh2
May  8 04:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24161]: Connection closed by 196.251.84.225 port 51130 [preauth]
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24182]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24182]: pam_unix(cron:session): session closed for user p13x
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: Successful su for rubyman by root
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: + ??? root:rubyman
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351072 of user rubyman.
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24263]: pam_unix(su:session): session closed for user rubyman
May  8 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351072.
May  8 04:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20869]: pam_unix(cron:session): session closed for user root
May  8 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24186]: pam_unix(cron:session): session closed for user samftp
May  8 04:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Invalid user gitlab from 196.251.84.225
May  8 04:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: input_userauth_request: invalid user gitlab [preauth]
May  8 04:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Failed password for invalid user gitlab from 196.251.84.225 port 48186 ssh2
May  8 04:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24502]: Connection closed by 196.251.84.225 port 48186 [preauth]
May  8 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session closed for user root
May  8 04:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: Invalid user sol from 196.251.84.225
May  8 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: input_userauth_request: invalid user sol [preauth]
May  8 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: Failed password for invalid user sol from 196.251.84.225 port 32802 ssh2
May  8 04:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24606]: Connection closed by 196.251.84.225 port 32802 [preauth]
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24636]: pam_unix(cron:session): session closed for user p13x
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: Successful su for rubyman by root
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: + ??? root:rubyman
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351075 of user rubyman.
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24705]: pam_unix(su:session): session closed for user rubyman
May  8 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351075.
May  8 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21354]: pam_unix(cron:session): session closed for user root
May  8 04:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24637]: pam_unix(cron:session): session closed for user samftp
May  8 04:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: User ftp from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 04:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: input_userauth_request: invalid user ftp [preauth]
May  8 04:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=ftp
May  8 04:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Failed password for invalid user ftp from 196.251.84.225 port 48156 ssh2
May  8 04:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24925]: Connection closed by 196.251.84.225 port 48156 [preauth]
May  8 04:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session closed for user root
May  8 04:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: Invalid user terraria from 196.251.84.225
May  8 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: input_userauth_request: invalid user terraria [preauth]
May  8 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: Failed password for invalid user terraria from 196.251.84.225 port 48290 ssh2
May  8 04:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25005]: Connection closed by 196.251.84.225 port 48290 [preauth]
May  8 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25061]: pam_unix(cron:session): session closed for user p13x
May  8 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25120]: Successful su for rubyman by root
May  8 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25120]: + ??? root:rubyman
May  8 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351078 of user rubyman.
May  8 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25120]: pam_unix(su:session): session closed for user rubyman
May  8 04:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351078.
May  8 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session closed for user root
May  8 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25062]: pam_unix(cron:session): session closed for user samftp
May  8 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Failed password for root from 196.251.84.225 port 55006 ssh2
May  8 04:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25319]: Connection closed by 196.251.84.225 port 55006 [preauth]
May  8 04:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Invalid user dma from 186.233.208.13
May  8 04:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: input_userauth_request: invalid user dma [preauth]
May  8 04:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Failed password for invalid user dma from 186.233.208.13 port 58342 ssh2
May  8 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Received disconnect from 186.233.208.13 port 58342:11: Bye Bye [preauth]
May  8 04:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25342]: Disconnected from 186.233.208.13 port 58342 [preauth]
May  8 04:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: Invalid user nlp from 181.188.159.138
May  8 04:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: input_userauth_request: invalid user nlp [preauth]
May  8 04:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: Failed password for invalid user nlp from 181.188.159.138 port 39128 ssh2
May  8 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: Received disconnect from 181.188.159.138 port 39128:11: Bye Bye [preauth]
May  8 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25389]: Disconnected from 181.188.159.138 port 39128 [preauth]
May  8 04:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24188]: pam_unix(cron:session): session closed for user root
May  8 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Invalid user ec2-user from 196.251.84.225
May  8 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: input_userauth_request: invalid user ec2-user [preauth]
May  8 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Failed password for invalid user ec2-user from 196.251.84.225 port 50718 ssh2
May  8 04:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25392]: Connection closed by 196.251.84.225 port 50718 [preauth]
May  8 04:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 04:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Failed password for root from 190.103.202.7 port 56886 ssh2
May  8 04:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25470]: Connection closed by 190.103.202.7 port 56886 [preauth]
May  8 04:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session closed for user p13x
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25555]: Successful su for rubyman by root
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25555]: + ??? root:rubyman
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351083 of user rubyman.
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25555]: pam_unix(su:session): session closed for user rubyman
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351083.
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Invalid user ubuntu from 196.251.84.225
May  8 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Failed password for invalid user ubuntu from 196.251.84.225 port 43654 ssh2
May  8 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25480]: Connection closed by 196.251.84.225 port 43654 [preauth]
May  8 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22557]: pam_unix(cron:session): session closed for user root
May  8 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session closed for user samftp
May  8 04:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: User www-data from 196.251.84.225 not allowed because not listed in AllowUsers
May  8 04:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: input_userauth_request: invalid user www-data [preauth]
May  8 04:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=www-data
May  8 04:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Failed password for invalid user www-data from 196.251.84.225 port 36902 ssh2
May  8 04:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Connection closed by 196.251.84.225 port 36902 [preauth]
May  8 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24639]: pam_unix(cron:session): session closed for user root
May  8 04:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: Invalid user debian from 80.94.95.115
May  8 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: input_userauth_request: invalid user debian [preauth]
May  8 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 04:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: Failed password for invalid user debian from 80.94.95.115 port 63650 ssh2
May  8 04:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25931]: Connection closed by 80.94.95.115 port 63650 [preauth]
May  8 04:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Invalid user ts from 196.251.84.225
May  8 04:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: input_userauth_request: invalid user ts [preauth]
May  8 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session closed for user root
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session closed for user p13x
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Failed password for invalid user ts from 196.251.84.225 port 45532 ssh2
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25970]: Connection closed by 196.251.84.225 port 45532 [preauth]
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26056]: Successful su for rubyman by root
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26056]: + ??? root:rubyman
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351086 of user rubyman.
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26056]: pam_unix(su:session): session closed for user rubyman
May  8 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351086.
May  8 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session closed for user root
May  8 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session closed for user root
May  8 04:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session closed for user samftp
May  8 04:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Failed password for root from 196.251.84.225 port 58082 ssh2
May  8 04:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26301]: Connection closed by 196.251.84.225 port 58082 [preauth]
May  8 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25064]: pam_unix(cron:session): session closed for user root
May  8 04:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for root from 196.251.84.225 port 40736 ssh2
May  8 04:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Connection closed by 196.251.84.225 port 40736 [preauth]
May  8 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26414]: pam_unix(cron:session): session closed for user p13x
May  8 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: Successful su for rubyman by root
May  8 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: + ??? root:rubyman
May  8 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351092 of user rubyman.
May  8 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session closed for user rubyman
May  8 04:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351092.
May  8 04:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session closed for user root
May  8 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26415]: pam_unix(cron:session): session closed for user samftp
May  8 04:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Invalid user jupyter from 196.251.84.225
May  8 04:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: input_userauth_request: invalid user jupyter [preauth]
May  8 04:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Failed password for invalid user jupyter from 196.251.84.225 port 56048 ssh2
May  8 04:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26758]: Connection closed by 196.251.84.225 port 56048 [preauth]
May  8 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25486]: pam_unix(cron:session): session closed for user root
May  8 04:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Invalid user oracle from 196.251.84.225
May  8 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: input_userauth_request: invalid user oracle [preauth]
May  8 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Failed password for invalid user oracle from 196.251.84.225 port 52398 ssh2
May  8 04:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26854]: Connection closed by 196.251.84.225 port 52398 [preauth]
May  8 04:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26934]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26934]: pam_unix(cron:session): session closed for user p13x
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: Successful su for rubyman by root
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: + ??? root:rubyman
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351097 of user rubyman.
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27029]: pam_unix(su:session): session closed for user rubyman
May  8 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351097.
May  8 04:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24187]: pam_unix(cron:session): session closed for user root
May  8 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Failed password for root from 196.251.84.225 port 47216 ssh2
May  8 04:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Connection closed by 196.251.84.225 port 47216 [preauth]
May  8 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26936]: pam_unix(cron:session): session closed for user samftp
May  8 04:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session closed for user root
May  8 04:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Failed password for root from 196.251.84.225 port 35072 ssh2
May  8 04:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27312]: Connection closed by 196.251.84.225 port 35072 [preauth]
May  8 04:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Invalid user sftp from 196.251.84.225
May  8 04:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: input_userauth_request: invalid user sftp [preauth]
May  8 04:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Failed password for invalid user sftp from 196.251.84.225 port 39806 ssh2
May  8 04:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27413]: Connection closed by 196.251.84.225 port 39806 [preauth]
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27449]: pam_unix(cron:session): session closed for user p13x
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27526]: Successful su for rubyman by root
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27526]: + ??? root:rubyman
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351100 of user rubyman.
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27526]: pam_unix(su:session): session closed for user rubyman
May  8 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351100.
May  8 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24638]: pam_unix(cron:session): session closed for user root
May  8 04:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27450]: pam_unix(cron:session): session closed for user samftp
May  8 04:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Invalid user redis from 196.251.84.225
May  8 04:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: input_userauth_request: invalid user redis [preauth]
May  8 04:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Failed password for invalid user redis from 196.251.84.225 port 55638 ssh2
May  8 04:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27752]: Connection closed by 196.251.84.225 port 55638 [preauth]
May  8 04:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session closed for user root
May  8 04:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Invalid user admin from 196.251.84.225
May  8 04:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: input_userauth_request: invalid user admin [preauth]
May  8 04:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Failed password for invalid user admin from 196.251.84.225 port 50136 ssh2
May  8 04:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27845]: Connection closed by 196.251.84.225 port 50136 [preauth]
May  8 04:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session closed for user p13x
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Failed password for root from 186.233.208.13 port 56568 ssh2
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Received disconnect from 186.233.208.13 port 56568:11: Bye Bye [preauth]
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27871]: Disconnected from 186.233.208.13 port 56568 [preauth]
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: Successful su for rubyman by root
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: + ??? root:rubyman
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351104 of user rubyman.
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27947]: pam_unix(su:session): session closed for user rubyman
May  8 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351104.
May  8 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25063]: pam_unix(cron:session): session closed for user root
May  8 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session closed for user samftp
May  8 04:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Failed password for root from 196.251.84.225 port 34620 ssh2
May  8 04:49:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28143]: Connection closed by 196.251.84.225 port 34620 [preauth]
May  8 04:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Invalid user user1 from 186.121.205.29
May  8 04:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: input_userauth_request: invalid user user1 [preauth]
May  8 04:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29
May  8 04:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Failed password for invalid user user1 from 186.121.205.29 port 48494 ssh2
May  8 04:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Received disconnect from 186.121.205.29 port 48494:11: Bye Bye [preauth]
May  8 04:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28201]: Disconnected from 186.121.205.29 port 48494 [preauth]
May  8 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session closed for user root
May  8 04:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Invalid user solana from 196.251.84.225
May  8 04:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: input_userauth_request: invalid user solana [preauth]
May  8 04:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Failed password for invalid user solana from 196.251.84.225 port 40072 ssh2
May  8 04:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28234]: Connection closed by 196.251.84.225 port 40072 [preauth]
May  8 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: Failed password for root from 196.251.84.225 port 58454 ssh2
May  8 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28291]: Connection closed by 196.251.84.225 port 58454 [preauth]
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28299]: pam_unix(cron:session): session closed for user root
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28294]: pam_unix(cron:session): session closed for user p13x
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: Successful su for rubyman by root
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: + ??? root:rubyman
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351109 of user rubyman.
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28367]: pam_unix(su:session): session closed for user rubyman
May  8 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351109.
May  8 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28296]: pam_unix(cron:session): session closed for user root
May  8 04:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25485]: pam_unix(cron:session): session closed for user root
May  8 04:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28295]: pam_unix(cron:session): session closed for user samftp
May  8 04:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Invalid user test from 196.251.84.225
May  8 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: input_userauth_request: invalid user test [preauth]
May  8 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Failed password for invalid user test from 196.251.84.225 port 50412 ssh2
May  8 04:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Connection closed by 196.251.84.225 port 50412 [preauth]
May  8 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session closed for user root
May  8 04:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: Invalid user postgres from 196.251.84.225
May  8 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: input_userauth_request: invalid user postgres [preauth]
May  8 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: Failed password for invalid user postgres from 196.251.84.225 port 60162 ssh2
May  8 04:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28713]: Connection closed by 196.251.84.225 port 60162 [preauth]
May  8 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28735]: pam_unix(cron:session): session closed for user p13x
May  8 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: Successful su for rubyman by root
May  8 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: + ??? root:rubyman
May  8 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351114 of user rubyman.
May  8 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28812]: pam_unix(su:session): session closed for user rubyman
May  8 04:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351114.
May  8 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session closed for user root
May  8 04:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28736]: pam_unix(cron:session): session closed for user samftp
May  8 04:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Failed password for root from 196.251.84.225 port 48450 ssh2
May  8 04:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29004]: Connection closed by 196.251.84.225 port 48450 [preauth]
May  8 04:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user root
May  8 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Invalid user developer from 196.251.84.225
May  8 04:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: input_userauth_request: invalid user developer [preauth]
May  8 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Failed password for invalid user developer from 196.251.84.225 port 41334 ssh2
May  8 04:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29191]: Connection closed by 196.251.84.225 port 41334 [preauth]
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29254]: pam_unix(cron:session): session closed for user p13x
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29320]: Successful su for rubyman by root
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29320]: + ??? root:rubyman
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351120 of user rubyman.
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29320]: pam_unix(su:session): session closed for user rubyman
May  8 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351120.
May  8 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Invalid user steam from 196.251.84.225
May  8 04:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: input_userauth_request: invalid user steam [preauth]
May  8 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session closed for user root
May  8 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Failed password for invalid user steam from 196.251.84.225 port 34314 ssh2
May  8 04:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Connection closed by 196.251.84.225 port 34314 [preauth]
May  8 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29255]: pam_unix(cron:session): session closed for user samftp
May  8 04:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Invalid user app from 196.251.84.225
May  8 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: input_userauth_request: invalid user app [preauth]
May  8 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Failed password for invalid user app from 196.251.84.225 port 43374 ssh2
May  8 04:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29568]: Connection closed by 196.251.84.225 port 43374 [preauth]
May  8 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28298]: pam_unix(cron:session): session closed for user root
May  8 04:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Failed password for root from 196.251.84.225 port 46618 ssh2
May  8 04:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29649]: Connection closed by 196.251.84.225 port 46618 [preauth]
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29669]: pam_unix(cron:session): session closed for user p13x
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29732]: Successful su for rubyman by root
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29732]: + ??? root:rubyman
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351124 of user rubyman.
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29732]: pam_unix(su:session): session closed for user rubyman
May  8 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351124.
May  8 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session closed for user root
May  8 04:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29670]: pam_unix(cron:session): session closed for user samftp
May  8 04:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: Invalid user sysadmin from 196.251.84.225
May  8 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: input_userauth_request: invalid user sysadmin [preauth]
May  8 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Invalid user otthild from 164.68.105.9
May  8 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: input_userauth_request: invalid user otthild [preauth]
May  8 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: Failed password for invalid user sysadmin from 196.251.84.225 port 58676 ssh2
May  8 04:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29954]: Connection closed by 196.251.84.225 port 58676 [preauth]
May  8 04:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Failed password for invalid user otthild from 164.68.105.9 port 46098 ssh2
May  8 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29957]: Connection closed by 164.68.105.9 port 46098 [preauth]
May  8 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28739]: pam_unix(cron:session): session closed for user root
May  8 04:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30078]: pam_unix(cron:session): session closed for user p13x
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30140]: Successful su for rubyman by root
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30140]: + ??? root:rubyman
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351129 of user rubyman.
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30140]: pam_unix(su:session): session closed for user rubyman
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351129.
May  8 04:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: Failed password for root from 196.251.84.225 port 32958 ssh2
May  8 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27451]: pam_unix(cron:session): session closed for user root
May  8 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30036]: Connection closed by 196.251.84.225 port 32958 [preauth]
May  8 04:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30080]: pam_unix(cron:session): session closed for user samftp
May  8 04:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Invalid user admin from 80.94.95.241
May  8 04:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: input_userauth_request: invalid user admin [preauth]
May  8 04:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 04:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user admin from 80.94.95.241 port 11276 ssh2
May  8 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user admin from 80.94.95.241 port 11276 ssh2
May  8 04:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Invalid user elastic from 196.251.84.225
May  8 04:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: input_userauth_request: invalid user elastic [preauth]
May  8 04:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user admin from 80.94.95.241 port 11276 ssh2
May  8 04:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Failed password for invalid user elastic from 196.251.84.225 port 38418 ssh2
May  8 04:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user admin from 80.94.95.241 port 11276 ssh2
May  8 04:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30332]: Connection closed by 196.251.84.225 port 38418 [preauth]
May  8 04:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Failed password for invalid user admin from 80.94.95.241 port 11276 ssh2
May  8 04:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Received disconnect from 80.94.95.241 port 11276:11: Bye [preauth]
May  8 04:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: Disconnected from 80.94.95.241 port 11276 [preauth]
May  8 04:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 04:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30320]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29257]: pam_unix(cron:session): session closed for user root
May  8 04:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: Invalid user solar from 186.233.208.13
May  8 04:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: input_userauth_request: invalid user solar [preauth]
May  8 04:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  8 04:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Invalid user ldap from 196.251.84.225
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: input_userauth_request: invalid user ldap [preauth]
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: Failed password for invalid user solar from 186.233.208.13 port 59082 ssh2
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: Received disconnect from 186.233.208.13 port 59082:11: Bye Bye [preauth]
May  8 04:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30424]: Disconnected from 186.233.208.13 port 59082 [preauth]
May  8 04:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for invalid user ldap from 196.251.84.225 port 50480 ssh2
May  8 04:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Connection closed by 196.251.84.225 port 50480 [preauth]
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30485]: pam_unix(cron:session): session closed for user root
May  8 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30480]: pam_unix(cron:session): session closed for user p13x
May  8 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30555]: Successful su for rubyman by root
May  8 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30555]: + ??? root:rubyman
May  8 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351134 of user rubyman.
May  8 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30555]: pam_unix(su:session): session closed for user rubyman
May  8 04:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351134.
May  8 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30482]: pam_unix(cron:session): session closed for user root
May  8 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session closed for user root
May  8 04:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30481]: pam_unix(cron:session): session closed for user samftp
May  8 04:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: Invalid user worker from 196.251.84.225
May  8 04:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: input_userauth_request: invalid user worker [preauth]
May  8 04:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: Failed password for invalid user worker from 196.251.84.225 port 36910 ssh2
May  8 04:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: Connection closed by 196.251.84.225 port 36910 [preauth]
May  8 04:55:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138  user=root
May  8 04:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Failed password for root from 181.188.159.138 port 52564 ssh2
May  8 04:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Received disconnect from 181.188.159.138 port 52564:11: Bye Bye [preauth]
May  8 04:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30817]: Disconnected from 181.188.159.138 port 52564 [preauth]
May  8 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29672]: pam_unix(cron:session): session closed for user root
May  8 04:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: Invalid user redis from 196.251.84.225
May  8 04:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: input_userauth_request: invalid user redis [preauth]
May  8 04:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: Failed password for invalid user redis from 196.251.84.225 port 58586 ssh2
May  8 04:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30859]: Connection closed by 196.251.84.225 port 58586 [preauth]
May  8 04:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Invalid user nginx from 196.251.84.225
May  8 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: input_userauth_request: invalid user nginx [preauth]
May  8 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30931]: pam_unix(cron:session): session closed for user p13x
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: Successful su for rubyman by root
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: + ??? root:rubyman
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351139 of user rubyman.
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31085]: pam_unix(su:session): session closed for user rubyman
May  8 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351139.
May  8 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Failed password for invalid user nginx from 196.251.84.225 port 36740 ssh2
May  8 04:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30911]: Connection closed by 196.251.84.225 port 36740 [preauth]
May  8 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28297]: pam_unix(cron:session): session closed for user root
May  8 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30936]: pam_unix(cron:session): session closed for user samftp
May  8 04:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Invalid user admin from 80.94.95.112
May  8 04:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: input_userauth_request: invalid user admin [preauth]
May  8 04:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 04:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user admin from 80.94.95.112 port 44132 ssh2
May  8 04:56:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user admin from 80.94.95.112 port 44132 ssh2
May  8 04:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user admin from 80.94.95.112 port 44132 ssh2
May  8 04:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user admin from 80.94.95.112 port 44132 ssh2
May  8 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Failed password for invalid user admin from 80.94.95.112 port 44132 ssh2
May  8 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Received disconnect from 80.94.95.112 port 44132:11: Bye [preauth]
May  8 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: Disconnected from 80.94.95.112 port 44132 [preauth]
May  8 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 04:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31301]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  8 04:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Failed password for root from 85.208.84.4 port 47404 ssh2
May  8 04:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Invalid user esuser from 196.251.84.225
May  8 04:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: input_userauth_request: invalid user esuser [preauth]
May  8 04:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31333]: Connection closed by 85.208.84.4 port 47404 [preauth]
May  8 04:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Failed password for invalid user esuser from 196.251.84.225 port 58250 ssh2
May  8 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Connection closed by 196.251.84.225 port 58250 [preauth]
May  8 04:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30082]: pam_unix(cron:session): session closed for user root
May  8 04:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Invalid user odoo from 196.251.84.225
May  8 04:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: input_userauth_request: invalid user odoo [preauth]
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31435]: pam_unix(cron:session): session closed for user p13x
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: Successful su for rubyman by root
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: + ??? root:rubyman
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351141 of user rubyman.
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31501]: pam_unix(su:session): session closed for user rubyman
May  8 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351141.
May  8 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28737]: pam_unix(cron:session): session closed for user root
May  8 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31436]: pam_unix(cron:session): session closed for user samftp
May  8 04:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Failed password for invalid user odoo from 196.251.84.225 port 50326 ssh2
May  8 04:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Connection closed by 196.251.84.225 port 50326 [preauth]
May  8 04:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Invalid user appuser from 196.251.84.225
May  8 04:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: input_userauth_request: invalid user appuser [preauth]
May  8 04:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Failed password for invalid user appuser from 196.251.84.225 port 44954 ssh2
May  8 04:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31754]: Connection closed by 196.251.84.225 port 44954 [preauth]
May  8 04:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 04:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Failed password for root from 218.92.0.215 port 62024 ssh2
May  8 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: message repeated 2 times: [ Failed password for root from 218.92.0.215 port 62024 ssh2]
May  8 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30484]: pam_unix(cron:session): session closed for user root
May  8 04:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Failed password for root from 218.92.0.215 port 62024 ssh2
May  8 04:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Failed password for root from 218.92.0.215 port 62024 ssh2
May  8 04:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 62024 ssh2 [preauth]
May  8 04:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Disconnecting: Too many authentication failures [preauth]
May  8 04:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 04:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 04:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 04:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 218.92.0.215 port 20026 ssh2
May  8 04:57:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 218.92.0.215 port 20026 ssh2
May  8 04:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Invalid user lighthouse from 196.251.84.225
May  8 04:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: input_userauth_request: invalid user lighthouse [preauth]
May  8 04:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Failed password for invalid user lighthouse from 196.251.84.225 port 38948 ssh2
May  8 04:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 218.92.0.215 port 20026 ssh2
May  8 04:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31843]: Connection closed by 196.251.84.225 port 38948 [preauth]
May  8 04:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Failed password for root from 218.92.0.215 port 20026 ssh2
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: message repeated 2 times: [ Failed password for root from 218.92.0.215 port 20026 ssh2]
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: error: maximum authentication attempts exceeded for root from 218.92.0.215 port 20026 ssh2 [preauth]
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: Disconnecting: Too many authentication failures [preauth]
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31827]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31878]: pam_unix(cron:session): session closed for user p13x
May  8 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31979]: Successful su for rubyman by root
May  8 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31979]: + ??? root:rubyman
May  8 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351144 of user rubyman.
May  8 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31979]: pam_unix(su:session): session closed for user rubyman
May  8 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351144.
May  8 04:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29256]: pam_unix(cron:session): session closed for user root
May  8 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  8 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Failed password for root from 218.92.0.215 port 60152 ssh2
May  8 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31879]: pam_unix(cron:session): session closed for user samftp
May  8 04:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Received disconnect from 218.92.0.215 port 60152:11:  [preauth]
May  8 04:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32281]: Disconnected from 218.92.0.215 port 60152 [preauth]
May  8 04:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Invalid user steam from 196.251.84.225
May  8 04:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: input_userauth_request: invalid user steam [preauth]
May  8 04:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Failed password for invalid user steam from 196.251.84.225 port 36902 ssh2
May  8 04:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Connection closed by 196.251.84.225 port 36902 [preauth]
May  8 04:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30938]: pam_unix(cron:session): session closed for user root
May  8 04:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Failed password for root from 196.251.84.225 port 38508 ssh2
May  8 04:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32551]: Connection closed by 196.251.84.225 port 38508 [preauth]
May  8 04:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32611]: pam_unix(cron:session): session closed for user p13x
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: Successful su for rubyman by root
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: + ??? root:rubyman
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351150 of user rubyman.
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32760]: pam_unix(su:session): session closed for user rubyman
May  8 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351150.
May  8 04:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29671]: pam_unix(cron:session): session closed for user root
May  8 04:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32612]: pam_unix(cron:session): session closed for user samftp
May  8 04:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 04:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Failed password for root from 196.251.84.225 port 55030 ssh2
May  8 04:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Invalid user kubeadmin from 23.94.179.104
May  8 04:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: input_userauth_request: invalid user kubeadmin [preauth]
May  8 04:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  8 04:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Connection closed by 196.251.84.225 port 55030 [preauth]
May  8 04:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Failed password for invalid user kubeadmin from 23.94.179.104 port 35710 ssh2
May  8 04:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32574]: Connection closed by 23.94.179.104 port 35710 [preauth]
May  8 04:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31438]: pam_unix(cron:session): session closed for user root
May  8 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Invalid user ubuntu from 196.251.84.225
May  8 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: input_userauth_request: invalid user ubuntu [preauth]
May  8 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): check pass; user unknown
May  8 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Failed password for invalid user ubuntu from 196.251.84.225 port 44802 ssh2
May  8 04:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[638]: Connection closed by 196.251.84.225 port 44802 [preauth]
May  8 04:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[742]: pam_unix(cron:session): session closed for user root
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[735]: pam_unix(cron:session): session closed for user root
May  8 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[733]: pam_unix(cron:session): session closed for user p13x
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: Successful su for rubyman by root
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: + ??? root:rubyman
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351157 of user rubyman.
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[850]: pam_unix(su:session): session closed for user rubyman
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351157.
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Invalid user lsb from 196.251.84.225
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: input_userauth_request: invalid user lsb [preauth]
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Failed password for invalid user lsb from 196.251.84.225 port 52292 ssh2
May  8 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[737]: pam_unix(cron:session): session closed for user root
May  8 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30081]: pam_unix(cron:session): session closed for user root
May  8 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[730]: Connection closed by 196.251.84.225 port 52292 [preauth]
May  8 05:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[734]: pam_unix(cron:session): session closed for user samftp
May  8 05:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: Invalid user test from 196.251.84.225
May  8 05:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: input_userauth_request: invalid user test [preauth]
May  8 05:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: Failed password for invalid user test from 196.251.84.225 port 56628 ssh2
May  8 05:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1164]: Connection closed by 196.251.84.225 port 56628 [preauth]
May  8 05:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31882]: pam_unix(cron:session): session closed for user root
May  8 05:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Invalid user kodi from 196.251.84.225
May  8 05:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: input_userauth_request: invalid user kodi [preauth]
May  8 05:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Failed password for invalid user kodi from 196.251.84.225 port 39470 ssh2
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1337]: pam_unix(cron:session): session closed for user p13x
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Connection closed by 196.251.84.225 port 39470 [preauth]
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: Successful su for rubyman by root
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: + ??? root:rubyman
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351161 of user rubyman.
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1411]: pam_unix(su:session): session closed for user rubyman
May  8 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351161.
May  8 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30483]: pam_unix(cron:session): session closed for user root
May  8 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1338]: pam_unix(cron:session): session closed for user samftp
May  8 05:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Invalid user caddy from 196.251.84.225
May  8 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: input_userauth_request: invalid user caddy [preauth]
May  8 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Failed password for invalid user caddy from 196.251.84.225 port 43660 ssh2
May  8 05:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1670]: Connection closed by 196.251.84.225 port 43660 [preauth]
May  8 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32614]: pam_unix(cron:session): session closed for user root
May  8 05:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Invalid user ampache from 196.251.84.225
May  8 05:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: input_userauth_request: invalid user ampache [preauth]
May  8 05:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Failed password for invalid user ampache from 196.251.84.225 port 34038 ssh2
May  8 05:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1803]: Connection closed by 196.251.84.225 port 34038 [preauth]
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session closed for user p13x
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: Successful su for rubyman by root
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: + ??? root:rubyman
May  8 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351164 of user rubyman.
May  8 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1911]: pam_unix(su:session): session closed for user rubyman
May  8 05:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351164.
May  8 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30937]: pam_unix(cron:session): session closed for user root
May  8 05:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session closed for user samftp
May  8 05:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Invalid user amandabackup from 196.251.84.225
May  8 05:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: input_userauth_request: invalid user amandabackup [preauth]
May  8 05:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Failed password for invalid user amandabackup from 196.251.84.225 port 45584 ssh2
May  8 05:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2181]: Connection closed by 196.251.84.225 port 45584 [preauth]
May  8 05:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[740]: pam_unix(cron:session): session closed for user root
May  8 05:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Invalid user ubuntu from 196.251.84.225
May  8 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: input_userauth_request: invalid user ubuntu [preauth]
May  8 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Failed password for invalid user ubuntu from 196.251.84.225 port 51746 ssh2
May  8 05:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2273]: Connection closed by 196.251.84.225 port 51746 [preauth]
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2323]: pam_unix(cron:session): session closed for user p13x
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2400]: Successful su for rubyman by root
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2400]: + ??? root:rubyman
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351167 of user rubyman.
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2400]: pam_unix(su:session): session closed for user rubyman
May  8 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351167.
May  8 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31437]: pam_unix(cron:session): session closed for user root
May  8 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2324]: pam_unix(cron:session): session closed for user samftp
May  8 05:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Invalid user test from 196.251.84.225
May  8 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: input_userauth_request: invalid user test [preauth]
May  8 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 05:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Failed password for invalid user test from 196.251.84.225 port 37298 ssh2
May  8 05:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2609]: Connection closed by 196.251.84.225 port 37298 [preauth]
May  8 05:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2620]: Failed password for root from 186.121.205.29 port 48302 ssh2
May  8 05:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2620]: Received disconnect from 186.121.205.29 port 48302:11: Bye Bye [preauth]
May  8 05:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2620]: Disconnected from 186.121.205.29 port 48302 [preauth]
May  8 05:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Invalid user ubuntu from 196.251.84.225
May  8 05:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: input_userauth_request: invalid user ubuntu [preauth]
May  8 05:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1340]: pam_unix(cron:session): session closed for user root
May  8 05:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Failed password for invalid user ubuntu from 196.251.84.225 port 42484 ssh2
May  8 05:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2697]: Connection closed by 196.251.84.225 port 42484 [preauth]
May  8 05:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2782]: pam_unix(cron:session): session closed for user p13x
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Failed password for root from 196.251.84.225 port 47632 ssh2
May  8 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2777]: Connection closed by 196.251.84.225 port 47632 [preauth]
May  8 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2845]: Successful su for rubyman by root
May  8 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2845]: + ??? root:rubyman
May  8 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351171 of user rubyman.
May  8 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2845]: pam_unix(su:session): session closed for user rubyman
May  8 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351171.
May  8 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31880]: pam_unix(cron:session): session closed for user root
May  8 05:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2783]: pam_unix(cron:session): session closed for user samftp
May  8 05:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Invalid user ftpuser from 196.251.84.225
May  8 05:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: input_userauth_request: invalid user ftpuser [preauth]
May  8 05:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Failed password for invalid user ftpuser from 196.251.84.225 port 55794 ssh2
May  8 05:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3081]: Connection closed by 196.251.84.225 port 55794 [preauth]
May  8 05:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 05:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Failed password for root from 80.94.95.125 port 25597 ssh2
May  8 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Failed password for root from 80.94.95.125 port 25597 ssh2
May  8 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1838]: pam_unix(cron:session): session closed for user root
May  8 05:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Failed password for root from 80.94.95.125 port 25597 ssh2
May  8 05:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 25597 ssh2]
May  8 05:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Received disconnect from 80.94.95.125 port 25597:11: Bye [preauth]
May  8 05:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: Disconnected from 80.94.95.125 port 25597 [preauth]
May  8 05:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 05:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3105]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Invalid user redis from 196.251.84.225
May  8 05:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: input_userauth_request: invalid user redis [preauth]
May  8 05:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Failed password for invalid user redis from 196.251.84.225 port 33328 ssh2
May  8 05:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Connection closed by 196.251.84.225 port 33328 [preauth]
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3209]: pam_unix(cron:session): session closed for user root
May  8 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session closed for user p13x
May  8 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: Successful su for rubyman by root
May  8 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: + ??? root:rubyman
May  8 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351176 of user rubyman.
May  8 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3279]: pam_unix(su:session): session closed for user rubyman
May  8 05:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351176.
May  8 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3204]: pam_unix(cron:session): session closed for user root
May  8 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32613]: pam_unix(cron:session): session closed for user root
May  8 05:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3203]: pam_unix(cron:session): session closed for user samftp
May  8 05:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Invalid user wang from 196.251.84.225
May  8 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: input_userauth_request: invalid user wang [preauth]
May  8 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Failed password for invalid user wang from 196.251.84.225 port 47736 ssh2
May  8 05:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3513]: Connection closed by 196.251.84.225 port 47736 [preauth]
May  8 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2326]: pam_unix(cron:session): session closed for user root
May  8 05:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: Invalid user admin from 196.251.84.225
May  8 05:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: input_userauth_request: invalid user admin [preauth]
May  8 05:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: Failed password for invalid user admin from 196.251.84.225 port 48250 ssh2
May  8 05:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3621]: Connection closed by 196.251.84.225 port 48250 [preauth]
May  8 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Invalid user amp from 196.251.84.225
May  8 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: input_userauth_request: invalid user amp [preauth]
May  8 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3695]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3695]: pam_unix(cron:session): session closed for user p13x
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Failed password for invalid user amp from 196.251.84.225 port 59680 ssh2
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3685]: Connection closed by 196.251.84.225 port 59680 [preauth]
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3762]: Successful su for rubyman by root
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3762]: + ??? root:rubyman
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351182 of user rubyman.
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3762]: pam_unix(su:session): session closed for user rubyman
May  8 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351182.
May  8 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[739]: pam_unix(cron:session): session closed for user root
May  8 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3696]: pam_unix(cron:session): session closed for user samftp
May  8 05:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Invalid user terraria from 196.251.84.225
May  8 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: input_userauth_request: invalid user terraria [preauth]
May  8 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Failed password for invalid user terraria from 196.251.84.225 port 42380 ssh2
May  8 05:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4013]: Connection closed by 196.251.84.225 port 42380 [preauth]
May  8 05:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2785]: pam_unix(cron:session): session closed for user root
May  8 05:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Invalid user nagios from 196.251.84.225
May  8 05:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: input_userauth_request: invalid user nagios [preauth]
May  8 05:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Failed password for invalid user nagios from 196.251.84.225 port 38194 ssh2
May  8 05:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: Connection closed by 196.251.84.225 port 38194 [preauth]
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4136]: pam_unix(cron:session): session closed for user p13x
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4195]: Successful su for rubyman by root
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4195]: + ??? root:rubyman
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351185 of user rubyman.
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4195]: pam_unix(su:session): session closed for user rubyman
May  8 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351185.
May  8 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1339]: pam_unix(cron:session): session closed for user root
May  8 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4137]: pam_unix(cron:session): session closed for user samftp
May  8 05:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Invalid user es from 196.251.84.225
May  8 05:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: input_userauth_request: invalid user es [preauth]
May  8 05:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Failed password for invalid user es from 196.251.84.225 port 40930 ssh2
May  8 05:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4546]: Connection closed by 196.251.84.225 port 40930 [preauth]
May  8 05:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: Invalid user carlos from 80.94.95.115
May  8 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: input_userauth_request: invalid user carlos [preauth]
May  8 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 05:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: Failed password for invalid user carlos from 80.94.95.115 port 19782 ssh2
May  8 05:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4615]: Connection closed by 80.94.95.115 port 19782 [preauth]
May  8 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3208]: pam_unix(cron:session): session closed for user root
May  8 05:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Invalid user ark from 196.251.84.225
May  8 05:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: input_userauth_request: invalid user ark [preauth]
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4709]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4708]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4708]: pam_unix(cron:session): session closed for user p13x
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: Successful su for rubyman by root
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: + ??? root:rubyman
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351189 of user rubyman.
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4769]: pam_unix(su:session): session closed for user rubyman
May  8 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351189.
May  8 05:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Failed password for invalid user ark from 196.251.84.225 port 56440 ssh2
May  8 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1837]: pam_unix(cron:session): session closed for user root
May  8 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4704]: Connection closed by 196.251.84.225 port 56440 [preauth]
May  8 05:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 05:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4709]: pam_unix(cron:session): session closed for user samftp
May  8 05:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Failed password for root from 196.251.84.225 port 51830 ssh2
May  8 05:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4617]: Connection closed by 196.251.84.225 port 51830 [preauth]
May  8 05:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Invalid user elastic from 196.251.84.225
May  8 05:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: input_userauth_request: invalid user elastic [preauth]
May  8 05:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Failed password for invalid user elastic from 196.251.84.225 port 40192 ssh2
May  8 05:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5225]: Connection closed by 196.251.84.225 port 40192 [preauth]
May  8 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3698]: pam_unix(cron:session): session closed for user root
May  8 05:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: Invalid user zookeeper from 196.251.84.225
May  8 05:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: input_userauth_request: invalid user zookeeper [preauth]
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5323]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5323]: pam_unix(cron:session): session closed for user p13x
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5450]: Successful su for rubyman by root
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5450]: + ??? root:rubyman
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351194 of user rubyman.
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5450]: pam_unix(su:session): session closed for user rubyman
May  8 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351194.
May  8 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5321]: pam_unix(cron:session): session closed for user root
May  8 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: Failed password for invalid user zookeeper from 196.251.84.225 port 48300 ssh2
May  8 05:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5310]: Connection closed by 196.251.84.225 port 48300 [preauth]
May  8 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2325]: pam_unix(cron:session): session closed for user root
May  8 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Connection closed by 45.79.181.223 port 42930 [preauth]
May  8 05:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5324]: pam_unix(cron:session): session closed for user samftp
May  8 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Connection closed by 45.79.181.223 port 51990 [preauth]
May  8 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5734]: fatal: Unable to negotiate with 45.79.181.223 port 51996: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  8 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138  user=root
May  8 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Failed password for root from 181.188.159.138 port 45752 ssh2
May  8 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Received disconnect from 181.188.159.138 port 45752:11: Bye Bye [preauth]
May  8 05:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5765]: Disconnected from 181.188.159.138 port 45752 [preauth]
May  8 05:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Invalid user dst from 196.251.84.225
May  8 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: input_userauth_request: invalid user dst [preauth]
May  8 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Failed password for invalid user dst from 196.251.84.225 port 58758 ssh2
May  8 05:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5775]: Connection closed by 196.251.84.225 port 58758 [preauth]
May  8 05:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4139]: pam_unix(cron:session): session closed for user root
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5987]: pam_unix(cron:session): session closed for user root
May  8 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5982]: pam_unix(cron:session): session closed for user p13x
May  8 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: Successful su for rubyman by root
May  8 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: + ??? root:rubyman
May  8 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351200 of user rubyman.
May  8 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6060]: pam_unix(su:session): session closed for user rubyman
May  8 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351200.
May  8 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5984]: pam_unix(cron:session): session closed for user root
May  8 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2784]: pam_unix(cron:session): session closed for user root
May  8 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5983]: pam_unix(cron:session): session closed for user samftp
May  8 05:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Invalid user dolphin from 196.251.84.225
May  8 05:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: input_userauth_request: invalid user dolphin [preauth]
May  8 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Failed password for invalid user dolphin from 196.251.84.225 port 50448 ssh2
May  8 05:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6297]: Connection closed by 196.251.84.225 port 50448 [preauth]
May  8 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4711]: pam_unix(cron:session): session closed for user root
May  8 05:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Invalid user sol from 196.251.84.225
May  8 05:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: input_userauth_request: invalid user sol [preauth]
May  8 05:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Failed password for invalid user sol from 196.251.84.225 port 42114 ssh2
May  8 05:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6405]: Connection closed by 196.251.84.225 port 42114 [preauth]
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session closed for user p13x
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: Successful su for rubyman by root
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: + ??? root:rubyman
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351205 of user rubyman.
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session closed for user rubyman
May  8 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351205.
May  8 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3207]: pam_unix(cron:session): session closed for user root
May  8 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6435]: pam_unix(cron:session): session closed for user samftp
May  8 05:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Invalid user vbox from 196.251.84.225
May  8 05:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: input_userauth_request: invalid user vbox [preauth]
May  8 05:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Failed password for invalid user vbox from 196.251.84.225 port 60170 ssh2
May  8 05:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6716]: Connection closed by 196.251.84.225 port 60170 [preauth]
May  8 05:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5326]: pam_unix(cron:session): session closed for user root
May  8 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225  user=root
May  8 05:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Failed password for root from 196.251.84.225 port 50992 ssh2
May  8 05:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6806]: Connection closed by 196.251.84.225 port 50992 [preauth]
May  8 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6847]: pam_unix(cron:session): session closed for user p13x
May  8 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: Successful su for rubyman by root
May  8 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: + ??? root:rubyman
May  8 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351208 of user rubyman.
May  8 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6997]: pam_unix(su:session): session closed for user rubyman
May  8 05:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351208.
May  8 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3697]: pam_unix(cron:session): session closed for user root
May  8 05:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6848]: pam_unix(cron:session): session closed for user samftp
May  8 05:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Invalid user jito-validator from 196.251.84.225
May  8 05:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: input_userauth_request: invalid user jito-validator [preauth]
May  8 05:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Failed password for invalid user jito-validator from 196.251.84.225 port 39910 ssh2
May  8 05:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7241]: Connection closed by 196.251.84.225 port 39910 [preauth]
May  8 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5986]: pam_unix(cron:session): session closed for user root
May  8 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user steam from 196.251.84.225
May  8 05:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user steam [preauth]
May  8 05:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.84.225
May  8 05:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user steam from 196.251.84.225 port 48684 ssh2
May  8 05:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Connection closed by 196.251.84.225 port 48684 [preauth]
May  8 05:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7360]: pam_unix(cron:session): session closed for user p13x
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7422]: Successful su for rubyman by root
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7422]: + ??? root:rubyman
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351213 of user rubyman.
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7422]: pam_unix(su:session): session closed for user rubyman
May  8 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351213.
May  8 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4138]: pam_unix(cron:session): session closed for user root
May  8 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7361]: pam_unix(cron:session): session closed for user samftp
May  8 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6437]: pam_unix(cron:session): session closed for user root
May  8 05:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7831]: Did not receive identification string from 196.251.84.225
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session closed for user p13x
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: Successful su for rubyman by root
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: + ??? root:rubyman
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351216 of user rubyman.
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7953]: pam_unix(su:session): session closed for user rubyman
May  8 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351216.
May  8 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4710]: pam_unix(cron:session): session closed for user root
May  8 05:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session closed for user samftp
May  8 05:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session closed for user root
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user p13x
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: Successful su for rubyman by root
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: + ??? root:rubyman
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351222 of user rubyman.
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8381]: pam_unix(su:session): session closed for user rubyman
May  8 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351222.
May  8 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8313]: pam_unix(cron:session): session closed for user root
May  8 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5325]: pam_unix(cron:session): session closed for user root
May  8 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8312]: pam_unix(cron:session): session closed for user samftp
May  8 05:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 05:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Failed password for root from 186.121.205.29 port 38870 ssh2
May  8 05:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Received disconnect from 186.121.205.29 port 38870:11: Bye Bye [preauth]
May  8 05:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8651]: Disconnected from 186.121.205.29 port 38870 [preauth]
May  8 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
May  8 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session closed for user p13x
May  8 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8843]: Successful su for rubyman by root
May  8 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8843]: + ??? root:rubyman
May  8 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351226 of user rubyman.
May  8 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8843]: pam_unix(su:session): session closed for user rubyman
May  8 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351226.
May  8 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5985]: pam_unix(cron:session): session closed for user root
May  8 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session closed for user samftp
May  8 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7891]: pam_unix(cron:session): session closed for user root
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session closed for user root
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user p13x
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9377]: Successful su for rubyman by root
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9377]: + ??? root:rubyman
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351231 of user rubyman.
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9377]: pam_unix(su:session): session closed for user rubyman
May  8 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351231.
May  8 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6436]: pam_unix(cron:session): session closed for user root
May  8 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9305]: pam_unix(cron:session): session closed for user samftp
May  8 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: Invalid user node from 193.70.84.184
May  8 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: input_userauth_request: invalid user node [preauth]
May  8 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 05:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: Failed password for invalid user node from 193.70.84.184 port 41628 ssh2
May  8 05:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9594]: Connection closed by 193.70.84.184 port 41628 [preauth]
May  8 05:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user root
May  8 05:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9661]: Did not receive identification string from 42.180.130.120
May  8 05:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9667]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9721]: pam_unix(cron:session): session closed for user p13x
May  8 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: Successful su for rubyman by root
May  8 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: + ??? root:rubyman
May  8 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351236 of user rubyman.
May  8 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: pam_unix(su:session): session closed for user rubyman
May  8 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351236.
May  8 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session closed for user root
May  8 05:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session closed for user samftp
May  8 05:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Invalid user 1111 from 85.208.84.4
May  8 05:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: input_userauth_request: invalid user 1111 [preauth]
May  8 05:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 05:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Failed password for invalid user 1111 from 85.208.84.4 port 41040 ssh2
May  8 05:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session closed for user root
May  8 05:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10034]: Connection closed by 85.208.84.4 port 41040 [preauth]
May  8 05:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Invalid user username from 27.254.235.4
May  8 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: input_userauth_request: invalid user username [preauth]
May  8 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10125]: pam_unix(cron:session): session closed for user p13x
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10184]: Successful su for rubyman by root
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10184]: + ??? root:rubyman
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351240 of user rubyman.
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10184]: pam_unix(su:session): session closed for user rubyman
May  8 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351240.
May  8 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Failed password for invalid user username from 27.254.235.4 port 55262 ssh2
May  8 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Received disconnect from 27.254.235.4 port 55262:11: Bye Bye [preauth]
May  8 05:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10122]: Disconnected from 27.254.235.4 port 55262 [preauth]
May  8 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7362]: pam_unix(cron:session): session closed for user root
May  8 05:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10126]: pam_unix(cron:session): session closed for user samftp
May  8 05:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user root
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10659]: pam_unix(cron:session): session closed for user root
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10649]: pam_unix(cron:session): session closed for user p13x
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: Successful su for rubyman by root
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: + ??? root:rubyman
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351244 of user rubyman.
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10764]: pam_unix(su:session): session closed for user rubyman
May  8 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351244.
May  8 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10656]: pam_unix(cron:session): session closed for user root
May  8 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session closed for user root
May  8 05:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10654]: pam_unix(cron:session): session closed for user samftp
May  8 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session closed for user root
May  8 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11116]: pam_unix(cron:session): session closed for user p13x
May  8 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11192]: Successful su for rubyman by root
May  8 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11192]: + ??? root:rubyman
May  8 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351251 of user rubyman.
May  8 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11192]: pam_unix(su:session): session closed for user rubyman
May  8 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351251.
May  8 05:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user root
May  8 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11117]: pam_unix(cron:session): session closed for user samftp
May  8 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Invalid user user from 122.54.18.220
May  8 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: input_userauth_request: invalid user user [preauth]
May  8 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Failed password for invalid user user from 122.54.18.220 port 42832 ssh2
May  8 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session closed for user root
May  8 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Received disconnect from 122.54.18.220 port 42832:11: Bye Bye [preauth]
May  8 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11428]: Disconnected from 122.54.18.220 port 42832 [preauth]
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11524]: pam_unix(cron:session): session closed for user p13x
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: Successful su for rubyman by root
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: + ??? root:rubyman
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351254 of user rubyman.
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11591]: pam_unix(su:session): session closed for user rubyman
May  8 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351254.
May  8 05:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session closed for user root
May  8 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11525]: pam_unix(cron:session): session closed for user samftp
May  8 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Failed password for root from 164.68.105.9 port 49514 ssh2
May  8 05:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Connection closed by 164.68.105.9 port 49514 [preauth]
May  8 05:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Failed password for root from 27.254.235.4 port 42680 ssh2
May  8 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Received disconnect from 27.254.235.4 port 42680:11: Bye Bye [preauth]
May  8 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11772]: Disconnected from 27.254.235.4 port 42680 [preauth]
May  8 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Invalid user xmr from 181.188.159.138
May  8 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: input_userauth_request: invalid user xmr [preauth]
May  8 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.188.159.138
May  8 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Failed password for invalid user xmr from 181.188.159.138 port 50692 ssh2
May  8 05:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Received disconnect from 181.188.159.138 port 50692:11: Bye Bye [preauth]
May  8 05:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11774]: Disconnected from 181.188.159.138 port 50692 [preauth]
May  8 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10658]: pam_unix(cron:session): session closed for user root
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11922]: pam_unix(cron:session): session closed for user p13x
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11982]: Successful su for rubyman by root
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11982]: + ??? root:rubyman
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11982]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351258 of user rubyman.
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11982]: pam_unix(su:session): session closed for user rubyman
May  8 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351258.
May  8 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9306]: pam_unix(cron:session): session closed for user root
May  8 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11923]: pam_unix(cron:session): session closed for user samftp
May  8 05:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11119]: pam_unix(cron:session): session closed for user root
May  8 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12317]: pam_unix(cron:session): session closed for user p13x
May  8 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: Successful su for rubyman by root
May  8 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: + ??? root:rubyman
May  8 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351262 of user rubyman.
May  8 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12383]: pam_unix(su:session): session closed for user rubyman
May  8 05:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351262.
May  8 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session closed for user root
May  8 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12321]: pam_unix(cron:session): session closed for user samftp
May  8 05:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Invalid user ylj from 27.254.235.4
May  8 05:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: input_userauth_request: invalid user ylj [preauth]
May  8 05:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Failed password for invalid user ylj from 27.254.235.4 port 49674 ssh2
May  8 05:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Received disconnect from 27.254.235.4 port 49674:11: Bye Bye [preauth]
May  8 05:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Disconnected from 27.254.235.4 port 49674 [preauth]
May  8 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11527]: pam_unix(cron:session): session closed for user root
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12713]: pam_unix(cron:session): session closed for user root
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12705]: pam_unix(cron:session): session closed for user p13x
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: Successful su for rubyman by root
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: + ??? root:rubyman
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351267 of user rubyman.
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12775]: pam_unix(su:session): session closed for user rubyman
May  8 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351267.
May  8 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12710]: pam_unix(cron:session): session closed for user root
May  8 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10127]: pam_unix(cron:session): session closed for user root
May  8 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12706]: pam_unix(cron:session): session closed for user samftp
May  8 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11926]: pam_unix(cron:session): session closed for user root
May  8 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  8 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Failed password for root from 46.244.96.25 port 42202 ssh2
May  8 05:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Connection closed by 46.244.96.25 port 42202 [preauth]
May  8 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user p13x
May  8 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: Successful su for rubyman by root
May  8 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: + ??? root:rubyman
May  8 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351272 of user rubyman.
May  8 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13209]: pam_unix(su:session): session closed for user rubyman
May  8 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351272.
May  8 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10657]: pam_unix(cron:session): session closed for user root
May  8 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13135]: pam_unix(cron:session): session closed for user samftp
May  8 05:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Invalid user admin from 80.94.95.241
May  8 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: input_userauth_request: invalid user admin [preauth]
May  8 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Failed password for invalid user admin from 80.94.95.241 port 26649 ssh2
May  8 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Failed password for invalid user admin from 80.94.95.241 port 26649 ssh2
May  8 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Failed password for invalid user admin from 80.94.95.241 port 26649 ssh2
May  8 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Failed password for invalid user admin from 80.94.95.241 port 26649 ssh2
May  8 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Failed password for root from 27.254.235.4 port 56678 ssh2
May  8 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Received disconnect from 27.254.235.4 port 56678:11: Bye Bye [preauth]
May  8 05:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13431]: Disconnected from 27.254.235.4 port 56678 [preauth]
May  8 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Failed password for invalid user admin from 80.94.95.241 port 26649 ssh2
May  8 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Received disconnect from 80.94.95.241 port 26649:11: Bye [preauth]
May  8 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: Disconnected from 80.94.95.241 port 26649 [preauth]
May  8 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 05:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13398]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12325]: pam_unix(cron:session): session closed for user root
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13649]: pam_unix(cron:session): session closed for user p13x
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: Successful su for rubyman by root
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: + ??? root:rubyman
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351275 of user rubyman.
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13716]: pam_unix(su:session): session closed for user rubyman
May  8 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351275.
May  8 05:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11118]: pam_unix(cron:session): session closed for user root
May  8 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13650]: pam_unix(cron:session): session closed for user samftp
May  8 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12712]: pam_unix(cron:session): session closed for user root
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14051]: pam_unix(cron:session): session closed for user p13x
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14113]: Successful su for rubyman by root
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14113]: + ??? root:rubyman
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351280 of user rubyman.
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14113]: pam_unix(su:session): session closed for user rubyman
May  8 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351280.
May  8 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11526]: pam_unix(cron:session): session closed for user root
May  8 05:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14052]: pam_unix(cron:session): session closed for user samftp
May  8 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Invalid user nexus from 27.254.235.4
May  8 05:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: input_userauth_request: invalid user nexus [preauth]
May  8 05:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 05:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Failed password for invalid user nexus from 27.254.235.4 port 35446 ssh2
May  8 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Received disconnect from 27.254.235.4 port 35446:11: Bye Bye [preauth]
May  8 05:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14328]: Disconnected from 27.254.235.4 port 35446 [preauth]
May  8 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Failed password for root from 186.121.205.29 port 43562 ssh2
May  8 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14333]: Failed password for root from 218.92.0.201 port 51878 ssh2
May  8 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Received disconnect from 186.121.205.29 port 43562:11: Bye Bye [preauth]
May  8 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Disconnected from 186.121.205.29 port 43562 [preauth]
May  8 05:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Invalid user admin from 80.94.95.112
May  8 05:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: input_userauth_request: invalid user admin [preauth]
May  8 05:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 05:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user admin from 80.94.95.112 port 28483 ssh2
May  8 05:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user admin from 80.94.95.112 port 28483 ssh2
May  8 05:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user admin from 80.94.95.112 port 28483 ssh2
May  8 05:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13137]: pam_unix(cron:session): session closed for user root
May  8 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user admin from 80.94.95.112 port 28483 ssh2
May  8 05:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Failed password for invalid user admin from 80.94.95.112 port 28483 ssh2
May  8 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Received disconnect from 80.94.95.112 port 28483:11: Bye [preauth]
May  8 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: Disconnected from 80.94.95.112 port 28483 [preauth]
May  8 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14357]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14454]: pam_unix(cron:session): session closed for user p13x
May  8 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: Successful su for rubyman by root
May  8 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: + ??? root:rubyman
May  8 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351284 of user rubyman.
May  8 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14519]: pam_unix(su:session): session closed for user rubyman
May  8 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351284.
May  8 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11925]: pam_unix(cron:session): session closed for user root
May  8 05:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14455]: pam_unix(cron:session): session closed for user samftp
May  8 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13653]: pam_unix(cron:session): session closed for user root
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14861]: pam_unix(cron:session): session closed for user root
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14855]: pam_unix(cron:session): session closed for user p13x
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14940]: Successful su for rubyman by root
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14940]: + ??? root:rubyman
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351290 of user rubyman.
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14940]: pam_unix(su:session): session closed for user rubyman
May  8 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351290.
May  8 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14857]: pam_unix(cron:session): session closed for user root
May  8 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12322]: pam_unix(cron:session): session closed for user root
May  8 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14856]: pam_unix(cron:session): session closed for user samftp
May  8 05:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 27.254.235.4 port 42450 ssh2
May  8 05:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Received disconnect from 27.254.235.4 port 42450:11: Bye Bye [preauth]
May  8 05:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Disconnected from 27.254.235.4 port 42450 [preauth]
May  8 05:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Invalid user nutanix from 80.94.95.115
May  8 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: input_userauth_request: invalid user nutanix [preauth]
May  8 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 05:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session closed for user root
May  8 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Failed password for invalid user nutanix from 80.94.95.115 port 21760 ssh2
May  8 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15206]: Connection closed by 80.94.95.115 port 21760 [preauth]
May  8 05:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 05:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Failed password for root from 50.235.31.47 port 44006 ssh2
May  8 05:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15283]: Connection closed by 50.235.31.47 port 44006 [preauth]
May  8 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15305]: pam_unix(cron:session): session closed for user p13x
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15375]: Successful su for rubyman by root
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15375]: + ??? root:rubyman
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351293 of user rubyman.
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15375]: pam_unix(su:session): session closed for user rubyman
May  8 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351293.
May  8 05:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 05:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12711]: pam_unix(cron:session): session closed for user root
May  8 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Failed password for root from 218.92.0.252 port 40534 ssh2
May  8 05:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15306]: pam_unix(cron:session): session closed for user samftp
May  8 05:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14457]: pam_unix(cron:session): session closed for user root
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user p13x
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: Successful su for rubyman by root
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: + ??? root:rubyman
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351297 of user rubyman.
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15765]: pam_unix(su:session): session closed for user rubyman
May  8 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351297.
May  8 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13136]: pam_unix(cron:session): session closed for user root
May  8 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user samftp
May  8 05:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Invalid user fenix from 27.254.235.4
May  8 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: input_userauth_request: invalid user fenix [preauth]
May  8 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Failed password for invalid user fenix from 27.254.235.4 port 49450 ssh2
May  8 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Received disconnect from 27.254.235.4 port 49450:11: Bye Bye [preauth]
May  8 05:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Disconnected from 27.254.235.4 port 49450 [preauth]
May  8 05:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14860]: pam_unix(cron:session): session closed for user root
May  8 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 46.36.123.34 port 45026 ssh2
May  8 05:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 46.36.123.34 port 45026 ssh2
May  8 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 46.36.123.34 port 45026 ssh2
May  8 05:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 46.36.123.34 port 45026 ssh2
May  8 05:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Failed password for root from 122.54.18.220 port 32979 ssh2
May  8 05:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Received disconnect from 122.54.18.220 port 32979:11: Bye Bye [preauth]
May  8 05:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16075]: Disconnected from 122.54.18.220 port 32979 [preauth]
May  8 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 46.36.123.34 port 45026 ssh2
May  8 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Failed password for root from 46.36.123.34 port 45026 ssh2
May  8 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: error: maximum authentication attempts exceeded for root from 46.36.123.34 port 45026 ssh2 [preauth]
May  8 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: Disconnecting: Too many authentication failures [preauth]
May  8 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16045]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for root from 46.36.123.34 port 46046 ssh2
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user p13x
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: Successful su for rubyman by root
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: + ??? root:rubyman
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351302 of user rubyman.
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16158]: pam_unix(su:session): session closed for user rubyman
May  8 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351302.
May  8 05:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for root from 46.36.123.34 port 46046 ssh2
May  8 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13652]: pam_unix(cron:session): session closed for user root
May  8 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for root from 46.36.123.34 port 46046 ssh2
May  8 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user samftp
May  8 05:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Failed password for root from 46.36.123.34 port 46046 ssh2
May  8 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: message repeated 2 times: [ Failed password for root from 46.36.123.34 port 46046 ssh2]
May  8 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: error: maximum authentication attempts exceeded for root from 46.36.123.34 port 46046 ssh2 [preauth]
May  8 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: Disconnecting: Too many authentication failures [preauth]
May  8 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16087]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Failed password for root from 46.36.123.34 port 47070 ssh2
May  8 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: message repeated 5 times: [ Failed password for root from 46.36.123.34 port 47070 ssh2]
May  8 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: error: maximum authentication attempts exceeded for root from 46.36.123.34 port 47070 ssh2 [preauth]
May  8 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: Disconnecting: Too many authentication failures [preauth]
May  8 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16340]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34  user=root
May  8 05:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Failed password for root from 46.36.123.34 port 48044 ssh2
May  8 05:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Received disconnect from 46.36.123.34 port 48044:11: disconnected by user [preauth]
May  8 05:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16390]: Disconnected from 46.36.123.34 port 48044 [preauth]
May  8 05:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user root
May  8 05:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Invalid user admin from 46.36.123.34
May  8 05:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: input_userauth_request: invalid user admin [preauth]
May  8 05:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user admin from 46.36.123.34 port 48366 ssh2
May  8 05:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user admin from 46.36.123.34 port 48366 ssh2
May  8 05:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user admin from 46.36.123.34 port 48366 ssh2
May  8 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user admin from 46.36.123.34 port 48366 ssh2
May  8 05:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user admin from 46.36.123.34 port 48366 ssh2
May  8 05:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Failed password for invalid user admin from 46.36.123.34 port 48366 ssh2
May  8 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: error: maximum authentication attempts exceeded for invalid user admin from 46.36.123.34 port 48366 ssh2 [preauth]
May  8 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: Disconnecting: Too many authentication failures [preauth]
May  8 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16400]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Invalid user admin from 46.36.123.34
May  8 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: input_userauth_request: invalid user admin [preauth]
May  8 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user admin from 46.36.123.34 port 49360 ssh2
May  8 05:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user admin from 46.36.123.34 port 49360 ssh2
May  8 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user admin from 46.36.123.34 port 49360 ssh2
May  8 05:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user admin from 46.36.123.34 port 49360 ssh2
May  8 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user p13x
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user admin from 46.36.123.34 port 49360 ssh2
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16590]: Successful su for rubyman by root
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16590]: + ??? root:rubyman
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351305 of user rubyman.
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16590]: pam_unix(su:session): session closed for user rubyman
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351305.
May  8 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for invalid user admin from 46.36.123.34 port 49360 ssh2
May  8 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: maximum authentication attempts exceeded for invalid user admin from 46.36.123.34 port 49360 ssh2 [preauth]
May  8 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Disconnecting: Too many authentication failures [preauth]
May  8 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session closed for user root
May  8 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user samftp
May  8 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Invalid user admin from 46.36.123.34
May  8 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: input_userauth_request: invalid user admin [preauth]
May  8 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for invalid user admin from 46.36.123.34 port 50306 ssh2
May  8 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for invalid user admin from 46.36.123.34 port 50306 ssh2
May  8 05:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for invalid user admin from 46.36.123.34 port 50306 ssh2
May  8 05:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for invalid user admin from 46.36.123.34 port 50306 ssh2
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Received disconnect from 46.36.123.34 port 50306:11: disconnected by user [preauth]
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Disconnected from 46.36.123.34 port 50306 [preauth]
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 05:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 80.94.95.241 port 63765 ssh2
May  8 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Invalid user oracle from 46.36.123.34
May  8 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: input_userauth_request: invalid user oracle [preauth]
May  8 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 80.94.95.241 port 63765 ssh2
May  8 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user oracle from 46.36.123.34 port 51016 ssh2
May  8 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 80.94.95.241 port 63765 ssh2
May  8 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user oracle from 46.36.123.34 port 51016 ssh2
May  8 05:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 80.94.95.241 port 63765 ssh2
May  8 05:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user oracle from 46.36.123.34 port 51016 ssh2
May  8 05:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Failed password for root from 80.94.95.241 port 63765 ssh2
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user oracle from 46.36.123.34 port 51016 ssh2
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Received disconnect from 80.94.95.241 port 63765:11: Bye [preauth]
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: Disconnected from 80.94.95.241 port 63765 [preauth]
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16820]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: Failed password for root from 27.254.235.4 port 56450 ssh2
May  8 05:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: Received disconnect from 27.254.235.4 port 56450:11: Bye Bye [preauth]
May  8 05:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: Disconnected from 27.254.235.4 port 56450 [preauth]
May  8 05:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user oracle from 46.36.123.34 port 51016 ssh2
May  8 05:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Failed password for invalid user oracle from 46.36.123.34 port 51016 ssh2
May  8 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: error: maximum authentication attempts exceeded for invalid user oracle from 46.36.123.34 port 51016 ssh2 [preauth]
May  8 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: Disconnecting: Too many authentication failures [preauth]
May  8 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16822]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15707]: pam_unix(cron:session): session closed for user root
May  8 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Invalid user oracle from 46.36.123.34
May  8 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: input_userauth_request: invalid user oracle [preauth]
May  8 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user oracle from 46.36.123.34 port 52042 ssh2
May  8 05:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user oracle from 46.36.123.34 port 52042 ssh2
May  8 05:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user oracle from 46.36.123.34 port 52042 ssh2
May  8 05:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.121.205.29  user=root
May  8 05:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user oracle from 46.36.123.34 port 52042 ssh2
May  8 05:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Failed password for root from 186.121.205.29 port 39234 ssh2
May  8 05:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Received disconnect from 186.121.205.29 port 39234:11: Bye Bye [preauth]
May  8 05:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16915]: Disconnected from 186.121.205.29 port 39234 [preauth]
May  8 05:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user oracle from 46.36.123.34 port 52042 ssh2
May  8 05:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Failed password for invalid user oracle from 46.36.123.34 port 52042 ssh2
May  8 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: error: maximum authentication attempts exceeded for invalid user oracle from 46.36.123.34 port 52042 ssh2 [preauth]
May  8 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: Disconnecting: Too many authentication failures [preauth]
May  8 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16869]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Invalid user oracle from 46.36.123.34
May  8 05:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: input_userauth_request: invalid user oracle [preauth]
May  8 05:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user oracle from 46.36.123.34 port 53028 ssh2
May  8 05:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user oracle from 46.36.123.34 port 53028 ssh2
May  8 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Received disconnect from 46.36.123.34 port 53028:11: disconnected by user [preauth]
May  8 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Disconnected from 46.36.123.34 port 53028 [preauth]
May  8 05:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Invalid user usuario from 46.36.123.34
May  8 05:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: input_userauth_request: invalid user usuario [preauth]
May  8 05:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for invalid user usuario from 46.36.123.34 port 53456 ssh2
May  8 05:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for invalid user usuario from 46.36.123.34 port 53456 ssh2
May  8 05:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17000]: pam_unix(cron:session): session closed for user root
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16995]: pam_unix(cron:session): session closed for user p13x
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for invalid user usuario from 46.36.123.34 port 53456 ssh2
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17064]: Successful su for rubyman by root
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17064]: + ??? root:rubyman
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351311 of user rubyman.
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17064]: pam_unix(su:session): session closed for user rubyman
May  8 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351311.
May  8 05:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for invalid user usuario from 46.36.123.34 port 53456 ssh2
May  8 05:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16997]: pam_unix(cron:session): session closed for user root
May  8 05:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14456]: pam_unix(cron:session): session closed for user root
May  8 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for invalid user usuario from 46.36.123.34 port 53456 ssh2
May  8 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16996]: pam_unix(cron:session): session closed for user samftp
May  8 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Failed password for invalid user usuario from 46.36.123.34 port 53456 ssh2
May  8 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: error: maximum authentication attempts exceeded for invalid user usuario from 46.36.123.34 port 53456 ssh2 [preauth]
May  8 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: Disconnecting: Too many authentication failures [preauth]
May  8 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16973]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Invalid user usuario from 46.36.123.34
May  8 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: input_userauth_request: invalid user usuario [preauth]
May  8 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user usuario from 46.36.123.34 port 54410 ssh2
May  8 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user usuario from 46.36.123.34 port 54410 ssh2
May  8 05:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user usuario from 46.36.123.34 port 54410 ssh2
May  8 05:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user usuario from 46.36.123.34 port 54410 ssh2
May  8 05:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user usuario from 46.36.123.34 port 54410 ssh2
May  8 05:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Failed password for invalid user usuario from 46.36.123.34 port 54410 ssh2
May  8 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: error: maximum authentication attempts exceeded for invalid user usuario from 46.36.123.34 port 54410 ssh2 [preauth]
May  8 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: Disconnecting: Too many authentication failures [preauth]
May  8 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17279]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:35:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Invalid user usuario from 46.36.123.34
May  8 05:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: input_userauth_request: invalid user usuario [preauth]
May  8 05:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Failed password for invalid user usuario from 46.36.123.34 port 55448 ssh2
May  8 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Failed password for invalid user usuario from 46.36.123.34 port 55448 ssh2
May  8 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Received disconnect from 46.36.123.34 port 55448:11: disconnected by user [preauth]
May  8 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: Disconnected from 46.36.123.34 port 55448 [preauth]
May  8 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17321]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session closed for user root
May  8 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Invalid user test from 46.36.123.34
May  8 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: input_userauth_request: invalid user test [preauth]
May  8 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user test from 46.36.123.34 port 55902 ssh2
May  8 05:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user test from 46.36.123.34 port 55902 ssh2
May  8 05:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user test from 46.36.123.34 port 55902 ssh2
May  8 05:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user test from 46.36.123.34 port 55902 ssh2
May  8 05:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user test from 46.36.123.34 port 55902 ssh2
May  8 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Failed password for invalid user test from 46.36.123.34 port 55902 ssh2
May  8 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: error: maximum authentication attempts exceeded for invalid user test from 46.36.123.34 port 55902 ssh2 [preauth]
May  8 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: Disconnecting: Too many authentication failures [preauth]
May  8 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17345]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Invalid user test from 46.36.123.34
May  8 05:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: input_userauth_request: invalid user test [preauth]
May  8 05:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user test from 46.36.123.34 port 56988 ssh2
May  8 05:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user test from 46.36.123.34 port 56988 ssh2
May  8 05:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user test from 46.36.123.34 port 56988 ssh2
May  8 05:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user test from 46.36.123.34 port 56988 ssh2
May  8 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user test from 46.36.123.34 port 56988 ssh2
May  8 05:36:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17436]: pam_unix(cron:session): session closed for user p13x
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17513]: Successful su for rubyman by root
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17513]: + ??? root:rubyman
May  8 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351315 of user rubyman.
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17513]: pam_unix(su:session): session closed for user rubyman
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351315.
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Failed password for invalid user test from 46.36.123.34 port 56988 ssh2
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: error: maximum authentication attempts exceeded for invalid user test from 46.36.123.34 port 56988 ssh2 [preauth]
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: Disconnecting: Too many authentication failures [preauth]
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17406]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14859]: pam_unix(cron:session): session closed for user root
May  8 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Invalid user test from 46.36.123.34
May  8 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: input_userauth_request: invalid user test [preauth]
May  8 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17437]: pam_unix(cron:session): session closed for user samftp
May  8 05:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for invalid user test from 46.36.123.34 port 57952 ssh2
May  8 05:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Failed password for invalid user test from 46.36.123.34 port 57952 ssh2
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Received disconnect from 46.36.123.34 port 57952:11: disconnected by user [preauth]
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: Disconnected from 46.36.123.34 port 57952 [preauth]
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17586]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: Invalid user pzuser from 190.103.202.7
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: input_userauth_request: invalid user pzuser [preauth]
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 05:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: Failed password for invalid user pzuser from 190.103.202.7 port 45554 ssh2
May  8 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17712]: Connection closed by 190.103.202.7 port 45554 [preauth]
May  8 05:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Invalid user user from 46.36.123.34
May  8 05:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: input_userauth_request: invalid user user [preauth]
May  8 05:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Failed password for invalid user user from 46.36.123.34 port 58406 ssh2
May  8 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for root from 80.94.95.125 port 52763 ssh2
May  8 05:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for root from 80.94.95.125 port 52763 ssh2
May  8 05:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Failed password for invalid user user from 46.36.123.34 port 58406 ssh2
May  8 05:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for root from 80.94.95.125 port 52763 ssh2
May  8 05:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Failed password for invalid user user from 46.36.123.34 port 58406 ssh2
May  8 05:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for root from 80.94.95.125 port 52763 ssh2
May  8 05:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Failed password for invalid user user from 46.36.123.34 port 58406 ssh2
May  8 05:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Failed password for root from 80.94.95.125 port 52763 ssh2
May  8 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Received disconnect from 80.94.95.125 port 52763:11: Bye [preauth]
May  8 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: Disconnected from 80.94.95.125 port 52763 [preauth]
May  8 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17725]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Failed password for invalid user user from 46.36.123.34 port 58406 ssh2
May  8 05:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Failed password for invalid user user from 46.36.123.34 port 58406 ssh2
May  8 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: error: maximum authentication attempts exceeded for invalid user user from 46.36.123.34 port 58406 ssh2 [preauth]
May  8 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Disconnecting: Too many authentication failures [preauth]
May  8 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Invalid user donna from 27.254.235.4
May  8 05:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: input_userauth_request: invalid user donna [preauth]
May  8 05:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Invalid user user from 46.36.123.34
May  8 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: input_userauth_request: invalid user user [preauth]
May  8 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Failed password for invalid user donna from 27.254.235.4 port 35218 ssh2
May  8 05:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Received disconnect from 27.254.235.4 port 35218:11: Bye Bye [preauth]
May  8 05:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Disconnected from 27.254.235.4 port 35218 [preauth]
May  8 05:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Failed password for invalid user user from 46.36.123.34 port 59420 ssh2
May  8 05:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user root
May  8 05:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Failed password for invalid user user from 46.36.123.34 port 59420 ssh2
May  8 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Invalid user fwupgrade from 80.94.95.241
May  8 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: input_userauth_request: invalid user fwupgrade [preauth]
May  8 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 05:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Failed password for invalid user user from 46.36.123.34 port 59420 ssh2
May  8 05:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Failed password for invalid user fwupgrade from 80.94.95.241 port 62017 ssh2
May  8 05:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Failed password for invalid user user from 46.36.123.34 port 59420 ssh2
May  8 05:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Failed password for invalid user fwupgrade from 80.94.95.241 port 62017 ssh2
May  8 05:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Failed password for invalid user user from 46.36.123.34 port 59420 ssh2
May  8 05:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Failed password for invalid user fwupgrade from 80.94.95.241 port 62017 ssh2
May  8 05:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Failed password for invalid user user from 46.36.123.34 port 59420 ssh2
May  8 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: error: maximum authentication attempts exceeded for invalid user user from 46.36.123.34 port 59420 ssh2 [preauth]
May  8 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: Disconnecting: Too many authentication failures [preauth]
May  8 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17800]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Failed password for invalid user fwupgrade from 80.94.95.241 port 62017 ssh2
May  8 05:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Failed password for invalid user fwupgrade from 80.94.95.241 port 62017 ssh2
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Invalid user user from 46.36.123.34
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: input_userauth_request: invalid user user [preauth]
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Received disconnect from 80.94.95.241 port 62017:11: Bye [preauth]
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: Disconnected from 80.94.95.241 port 62017 [preauth]
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 05:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17915]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for invalid user user from 46.36.123.34 port 60438 ssh2
May  8 05:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for invalid user user from 46.36.123.34 port 60438 ssh2
May  8 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for invalid user user from 46.36.123.34 port 60438 ssh2
May  8 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for invalid user user from 46.36.123.34 port 60438 ssh2
May  8 05:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Received disconnect from 46.36.123.34 port 60438:11: disconnected by user [preauth]
May  8 05:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Disconnected from 46.36.123.34 port 60438 [preauth]
May  8 05:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 05:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Invalid user ftpuser from 46.36.123.34
May  8 05:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: input_userauth_request: invalid user ftpuser [preauth]
May  8 05:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user ftpuser from 46.36.123.34 port 32862 ssh2
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17988]: pam_unix(cron:session): session closed for user p13x
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: Successful su for rubyman by root
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: + ??? root:rubyman
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351319 of user rubyman.
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18059]: pam_unix(su:session): session closed for user rubyman
May  8 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351319.
May  8 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user ftpuser from 46.36.123.34 port 32862 ssh2
May  8 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user root
May  8 05:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user ftpuser from 46.36.123.34 port 32862 ssh2
May  8 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17989]: pam_unix(cron:session): session closed for user samftp
May  8 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user ftpuser from 46.36.123.34 port 32862 ssh2
May  8 05:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user ftpuser from 46.36.123.34 port 32862 ssh2
May  8 05:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Failed password for invalid user ftpuser from 46.36.123.34 port 32862 ssh2
May  8 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: error: maximum authentication attempts exceeded for invalid user ftpuser from 46.36.123.34 port 32862 ssh2 [preauth]
May  8 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: Disconnecting: Too many authentication failures [preauth]
May  8 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17976]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Invalid user ftpuser from 46.36.123.34
May  8 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: input_userauth_request: invalid user ftpuser [preauth]
May  8 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user ftpuser from 46.36.123.34 port 33894 ssh2
May  8 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user ftpuser from 46.36.123.34 port 33894 ssh2
May  8 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user ftpuser from 46.36.123.34 port 33894 ssh2
May  8 05:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user ftpuser from 46.36.123.34 port 33894 ssh2
May  8 05:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user ftpuser from 46.36.123.34 port 33894 ssh2
May  8 05:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Failed password for invalid user ftpuser from 46.36.123.34 port 33894 ssh2
May  8 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: error: maximum authentication attempts exceeded for invalid user ftpuser from 46.36.123.34 port 33894 ssh2 [preauth]
May  8 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: Disconnecting: Too many authentication failures [preauth]
May  8 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18253]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Invalid user ftpuser from 46.36.123.34
May  8 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: input_userauth_request: invalid user ftpuser [preauth]
May  8 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16999]: pam_unix(cron:session): session closed for user root
May  8 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Failed password for invalid user ftpuser from 46.36.123.34 port 34896 ssh2
May  8 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Failed password for invalid user ftpuser from 46.36.123.34 port 34896 ssh2
May  8 05:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Failed password for invalid user ftpuser from 46.36.123.34 port 34896 ssh2
May  8 05:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Failed password for invalid user ftpuser from 46.36.123.34 port 34896 ssh2
May  8 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Received disconnect from 46.36.123.34 port 34896:11: disconnected by user [preauth]
May  8 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: Disconnected from 46.36.123.34 port 34896 [preauth]
May  8 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18315]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 05:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Invalid user test1 from 46.36.123.34
May  8 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: input_userauth_request: invalid user test1 [preauth]
May  8 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Failed password for invalid user test1 from 46.36.123.34 port 35692 ssh2
May  8 05:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Failed password for invalid user test1 from 46.36.123.34 port 35692 ssh2
May  8 05:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Failed password for invalid user test1 from 46.36.123.34 port 35692 ssh2
May  8 05:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Failed password for invalid user test1 from 46.36.123.34 port 35692 ssh2
May  8 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Failed password for invalid user test1 from 46.36.123.34 port 35692 ssh2
May  8 05:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Failed password for invalid user test1 from 46.36.123.34 port 35692 ssh2
May  8 05:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: error: maximum authentication attempts exceeded for invalid user test1 from 46.36.123.34 port 35692 ssh2 [preauth]
May  8 05:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: Disconnecting: Too many authentication failures [preauth]
May  8 05:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18361]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18412]: pam_unix(cron:session): session closed for user p13x
May  8 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: Successful su for rubyman by root
May  8 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: + ??? root:rubyman
May  8 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351323 of user rubyman.
May  8 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18485]: pam_unix(su:session): session closed for user rubyman
May  8 05:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351323.
May  8 05:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Invalid user test1 from 46.36.123.34
May  8 05:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: input_userauth_request: invalid user test1 [preauth]
May  8 05:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15706]: pam_unix(cron:session): session closed for user root
May  8 05:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user test1 from 46.36.123.34 port 36782 ssh2
May  8 05:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18413]: pam_unix(cron:session): session closed for user samftp
May  8 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user test1 from 46.36.123.34 port 36782 ssh2
May  8 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user test1 from 46.36.123.34 port 36782 ssh2
May  8 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user test1 from 46.36.123.34 port 36782 ssh2
May  8 05:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user test1 from 46.36.123.34 port 36782 ssh2
May  8 05:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user test1 from 46.36.123.34 port 36782 ssh2
May  8 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: error: maximum authentication attempts exceeded for invalid user test1 from 46.36.123.34 port 36782 ssh2 [preauth]
May  8 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Disconnecting: Too many authentication failures [preauth]
May  8 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Invalid user test1 from 46.36.123.34
May  8 05:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: input_userauth_request: invalid user test1 [preauth]
May  8 05:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Failed password for invalid user test1 from 46.36.123.34 port 37824 ssh2
May  8 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Failed password for invalid user test1 from 46.36.123.34 port 37824 ssh2
May  8 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Received disconnect from 46.36.123.34 port 37824:11: disconnected by user [preauth]
May  8 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: Disconnected from 46.36.123.34 port 37824 [preauth]
May  8 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18689]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Invalid user test2 from 46.36.123.34
May  8 05:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: input_userauth_request: invalid user test2 [preauth]
May  8 05:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user test2 from 46.36.123.34 port 38360 ssh2
May  8 05:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18735]: Did not receive identification string from 154.81.156.51
May  8 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17439]: pam_unix(cron:session): session closed for user root
May  8 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user test2 from 46.36.123.34 port 38360 ssh2
May  8 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user test2 from 46.36.123.34 port 38360 ssh2
May  8 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user test2 from 46.36.123.34 port 38360 ssh2
May  8 05:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Invalid user jarservice from 27.254.235.4
May  8 05:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: input_userauth_request: invalid user jarservice [preauth]
May  8 05:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user test2 from 46.36.123.34 port 38360 ssh2
May  8 05:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Failed password for invalid user jarservice from 27.254.235.4 port 42210 ssh2
May  8 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Received disconnect from 27.254.235.4 port 42210:11: Bye Bye [preauth]
May  8 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18772]: Disconnected from 27.254.235.4 port 42210 [preauth]
May  8 05:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Failed password for invalid user test2 from 46.36.123.34 port 38360 ssh2
May  8 05:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: error: maximum authentication attempts exceeded for invalid user test2 from 46.36.123.34 port 38360 ssh2 [preauth]
May  8 05:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: Disconnecting: Too many authentication failures [preauth]
May  8 05:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18724]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Invalid user test2 from 46.36.123.34
May  8 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: input_userauth_request: invalid user test2 [preauth]
May  8 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user test2 from 46.36.123.34 port 39448 ssh2
May  8 05:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user test2 from 46.36.123.34 port 39448 ssh2
May  8 05:38:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user test2 from 46.36.123.34 port 39448 ssh2
May  8 05:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user test2 from 46.36.123.34 port 39448 ssh2
May  8 05:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user test2 from 46.36.123.34 port 39448 ssh2
May  8 05:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Failed password for invalid user test2 from 46.36.123.34 port 39448 ssh2
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: maximum authentication attempts exceeded for invalid user test2 from 46.36.123.34 port 39448 ssh2 [preauth]
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Disconnecting: Too many authentication failures [preauth]
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session closed for user p13x
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18960]: Successful su for rubyman by root
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18960]: + ??? root:rubyman
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351329 of user rubyman.
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18960]: pam_unix(su:session): session closed for user rubyman
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351329.
May  8 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18837]: pam_unix(cron:session): session closed for user root
May  8 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user root
May  8 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Invalid user test2 from 46.36.123.34
May  8 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: input_userauth_request: invalid user test2 [preauth]
May  8 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user test2 from 46.36.123.34 port 40560 ssh2
May  8 05:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session closed for user samftp
May  8 05:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Failed password for invalid user test2 from 46.36.123.34 port 40560 ssh2
May  8 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Received disconnect from 46.36.123.34 port 40560:11: disconnected by user [preauth]
May  8 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: Disconnected from 46.36.123.34 port 40560 [preauth]
May  8 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18835]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Invalid user ubuntu from 46.36.123.34
May  8 05:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: input_userauth_request: invalid user ubuntu [preauth]
May  8 05:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user ubuntu from 46.36.123.34 port 40994 ssh2
May  8 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user ubuntu from 46.36.123.34 port 40994 ssh2
May  8 05:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user ubuntu from 46.36.123.34 port 40994 ssh2
May  8 05:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user ubuntu from 46.36.123.34 port 40994 ssh2
May  8 05:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user ubuntu from 46.36.123.34 port 40994 ssh2
May  8 05:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user ubuntu from 46.36.123.34 port 40994 ssh2
May  8 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: error: maximum authentication attempts exceeded for invalid user ubuntu from 46.36.123.34 port 40994 ssh2 [preauth]
May  8 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Disconnecting: Too many authentication failures [preauth]
May  8 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17991]: pam_unix(cron:session): session closed for user root
May  8 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Invalid user ubuntu from 46.36.123.34
May  8 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: input_userauth_request: invalid user ubuntu [preauth]
May  8 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for invalid user ubuntu from 46.36.123.34 port 42090 ssh2
May  8 05:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for invalid user ubuntu from 46.36.123.34 port 42090 ssh2
May  8 05:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for invalid user ubuntu from 46.36.123.34 port 42090 ssh2
May  8 05:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for invalid user ubuntu from 46.36.123.34 port 42090 ssh2
May  8 05:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for invalid user ubuntu from 46.36.123.34 port 42090 ssh2
May  8 05:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Failed password for invalid user ubuntu from 46.36.123.34 port 42090 ssh2
May  8 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: error: maximum authentication attempts exceeded for invalid user ubuntu from 46.36.123.34 port 42090 ssh2 [preauth]
May  8 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: Disconnecting: Too many authentication failures [preauth]
May  8 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19255]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Invalid user ubuntu from 46.36.123.34
May  8 05:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: input_userauth_request: invalid user ubuntu [preauth]
May  8 05:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Failed password for invalid user ubuntu from 46.36.123.34 port 43192 ssh2
May  8 05:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Failed password for invalid user ubuntu from 46.36.123.34 port 43192 ssh2
May  8 05:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: Invalid user kevin from 122.54.18.220
May  8 05:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: input_userauth_request: invalid user kevin [preauth]
May  8 05:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 05:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Failed password for invalid user ubuntu from 46.36.123.34 port 43192 ssh2
May  8 05:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: Failed password for invalid user kevin from 122.54.18.220 port 8048 ssh2
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: Received disconnect from 122.54.18.220 port 8048:11: Bye Bye [preauth]
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19333]: Disconnected from 122.54.18.220 port 8048 [preauth]
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19351]: pam_unix(cron:session): session closed for user root
May  8 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19345]: pam_unix(cron:session): session closed for user p13x
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Failed password for invalid user ubuntu from 46.36.123.34 port 43192 ssh2
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Received disconnect from 46.36.123.34 port 43192:11: disconnected by user [preauth]
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: Disconnected from 46.36.123.34 port 43192 [preauth]
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19323]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: Successful su for rubyman by root
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: + ??? root:rubyman
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351337 of user rubyman.
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19412]: pam_unix(su:session): session closed for user rubyman
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351337.
May  8 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19347]: pam_unix(cron:session): session closed for user root
May  8 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May  8 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Invalid user pi from 46.36.123.34
May  8 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: input_userauth_request: invalid user pi [preauth]
May  8 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19346]: pam_unix(cron:session): session closed for user samftp
May  8 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Failed password for invalid user pi from 46.36.123.34 port 43950 ssh2
May  8 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Failed password for invalid user pi from 46.36.123.34 port 43950 ssh2
May  8 05:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Failed password for invalid user pi from 46.36.123.34 port 43950 ssh2
May  8 05:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Failed password for invalid user pi from 46.36.123.34 port 43950 ssh2
May  8 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Received disconnect from 46.36.123.34 port 43950:11: disconnected by user [preauth]
May  8 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: Disconnected from 46.36.123.34 port 43950 [preauth]
May  8 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19425]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: Invalid user baikal from 46.36.123.34
May  8 05:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: input_userauth_request: invalid user baikal [preauth]
May  8 05:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.36.123.34
May  8 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: Failed password for invalid user baikal from 46.36.123.34 port 44666 ssh2
May  8 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: Received disconnect from 46.36.123.34 port 44666:11: disconnected by user [preauth]
May  8 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19653]: Disconnected from 46.36.123.34 port 44666 [preauth]
May  8 05:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18416]: pam_unix(cron:session): session closed for user root
May  8 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Invalid user tanya from 27.254.235.4
May  8 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: input_userauth_request: invalid user tanya [preauth]
May  8 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Failed password for invalid user tanya from 27.254.235.4 port 49202 ssh2
May  8 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Received disconnect from 27.254.235.4 port 49202:11: Bye Bye [preauth]
May  8 05:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19754]: Disconnected from 27.254.235.4 port 49202 [preauth]
May  8 05:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19777]: Connection closed by 159.223.173.53 port 50774 [preauth]
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19797]: pam_unix(cron:session): session closed for user p13x
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: Successful su for rubyman by root
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: + ??? root:rubyman
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351339 of user rubyman.
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19866]: pam_unix(su:session): session closed for user rubyman
May  8 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351339.
May  8 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16998]: pam_unix(cron:session): session closed for user root
May  8 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19798]: pam_unix(cron:session): session closed for user samftp
May  8 05:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Invalid user oracle from 194.0.234.19
May  8 05:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: input_userauth_request: invalid user oracle [preauth]
May  8 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 05:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Failed password for invalid user oracle from 194.0.234.19 port 54366 ssh2
May  8 05:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20124]: Connection closed by 194.0.234.19 port 54366 [preauth]
May  8 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session closed for user root
May  8 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20221]: pam_unix(cron:session): session closed for user p13x
May  8 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: Successful su for rubyman by root
May  8 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: + ??? root:rubyman
May  8 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351344 of user rubyman.
May  8 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20281]: pam_unix(su:session): session closed for user rubyman
May  8 05:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351344.
May  8 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17438]: pam_unix(cron:session): session closed for user root
May  8 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20222]: pam_unix(cron:session): session closed for user samftp
May  8 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19349]: pam_unix(cron:session): session closed for user root
May  8 05:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: Invalid user tiger from 27.254.235.4
May  8 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: input_userauth_request: invalid user tiger [preauth]
May  8 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: Failed password for invalid user tiger from 27.254.235.4 port 56194 ssh2
May  8 05:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: Received disconnect from 27.254.235.4 port 56194:11: Bye Bye [preauth]
May  8 05:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20569]: Disconnected from 27.254.235.4 port 56194 [preauth]
May  8 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session closed for user p13x
May  8 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: Successful su for rubyman by root
May  8 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: + ??? root:rubyman
May  8 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351347 of user rubyman.
May  8 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20684]: pam_unix(su:session): session closed for user rubyman
May  8 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351347.
May  8 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17990]: pam_unix(cron:session): session closed for user root
May  8 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session closed for user samftp
May  8 05:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19801]: pam_unix(cron:session): session closed for user root
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21029]: pam_unix(cron:session): session closed for user p13x
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: Successful su for rubyman by root
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: + ??? root:rubyman
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351351 of user rubyman.
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21093]: pam_unix(su:session): session closed for user rubyman
May  8 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351351.
May  8 05:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18415]: pam_unix(cron:session): session closed for user root
May  8 05:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21030]: pam_unix(cron:session): session closed for user samftp
May  8 05:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20224]: pam_unix(cron:session): session closed for user root
May  8 05:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Failed password for root from 27.254.235.4 port 34960 ssh2
May  8 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Received disconnect from 27.254.235.4 port 34960:11: Bye Bye [preauth]
May  8 05:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21435]: Disconnected from 27.254.235.4 port 34960 [preauth]
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21473]: pam_unix(cron:session): session closed for user root
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21465]: pam_unix(cron:session): session closed for user p13x
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: Successful su for rubyman by root
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: + ??? root:rubyman
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351355 of user rubyman.
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21538]: pam_unix(su:session): session closed for user rubyman
May  8 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351355.
May  8 05:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21467]: pam_unix(cron:session): session closed for user root
May  8 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session closed for user root
May  8 05:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21466]: pam_unix(cron:session): session closed for user samftp
May  8 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 05:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Failed password for root from 164.68.105.9 port 45230 ssh2
May  8 05:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Connection closed by 164.68.105.9 port 45230 [preauth]
May  8 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session closed for user root
May  8 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22246]: pam_unix(cron:session): session closed for user p13x
May  8 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22329]: Successful su for rubyman by root
May  8 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22329]: + ??? root:rubyman
May  8 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351360 of user rubyman.
May  8 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22329]: pam_unix(su:session): session closed for user rubyman
May  8 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351360.
May  8 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19348]: pam_unix(cron:session): session closed for user root
May  8 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22247]: pam_unix(cron:session): session closed for user samftp
May  8 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21032]: pam_unix(cron:session): session closed for user root
May  8 05:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Invalid user ons from 27.254.235.4
May  8 05:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: input_userauth_request: invalid user ons [preauth]
May  8 05:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Failed password for invalid user ons from 27.254.235.4 port 41960 ssh2
May  8 05:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Received disconnect from 27.254.235.4 port 41960:11: Bye Bye [preauth]
May  8 05:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22678]: Disconnected from 27.254.235.4 port 41960 [preauth]
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22709]: pam_unix(cron:session): session closed for user p13x
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: Successful su for rubyman by root
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: + ??? root:rubyman
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351365 of user rubyman.
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22784]: pam_unix(su:session): session closed for user rubyman
May  8 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351365.
May  8 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: Invalid user turtle from 122.54.18.220
May  8 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: input_userauth_request: invalid user turtle [preauth]
May  8 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19799]: pam_unix(cron:session): session closed for user root
May  8 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: Failed password for invalid user turtle from 122.54.18.220 port 8050 ssh2
May  8 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: Received disconnect from 122.54.18.220 port 8050:11: Bye Bye [preauth]
May  8 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22730]: Disconnected from 122.54.18.220 port 8050 [preauth]
May  8 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22710]: pam_unix(cron:session): session closed for user samftp
May  8 05:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21472]: pam_unix(cron:session): session closed for user root
May  8 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23165]: pam_unix(cron:session): session closed for user p13x
May  8 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23238]: Successful su for rubyman by root
May  8 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23238]: + ??? root:rubyman
May  8 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351369 of user rubyman.
May  8 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23238]: pam_unix(su:session): session closed for user rubyman
May  8 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351369.
May  8 05:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20223]: pam_unix(cron:session): session closed for user root
May  8 05:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23166]: pam_unix(cron:session): session closed for user samftp
May  8 05:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22249]: pam_unix(cron:session): session closed for user root
May  8 05:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: Invalid user tempuser from 27.254.235.4
May  8 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: input_userauth_request: invalid user tempuser [preauth]
May  8 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: Failed password for invalid user tempuser from 27.254.235.4 port 48952 ssh2
May  8 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: Received disconnect from 27.254.235.4 port 48952:11: Bye Bye [preauth]
May  8 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23647]: Disconnected from 27.254.235.4 port 48952 [preauth]
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23668]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23669]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23668]: pam_unix(cron:session): session closed for user p13x
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23730]: Successful su for rubyman by root
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23730]: + ??? root:rubyman
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351375 of user rubyman.
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23730]: pam_unix(su:session): session closed for user rubyman
May  8 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351375.
May  8 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session closed for user root
May  8 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23669]: pam_unix(cron:session): session closed for user samftp
May  8 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22713]: pam_unix(cron:session): session closed for user root
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24200]: pam_unix(cron:session): session closed for user root
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session closed for user p13x
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: Successful su for rubyman by root
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: + ??? root:rubyman
May  8 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351379 of user rubyman.
May  8 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24279]: pam_unix(su:session): session closed for user rubyman
May  8 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351379.
May  8 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session closed for user root
May  8 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21031]: pam_unix(cron:session): session closed for user root
May  8 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session closed for user samftp
May  8 05:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23168]: pam_unix(cron:session): session closed for user root
May  8 05:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24654]: Failed password for root from 27.254.235.4 port 55948 ssh2
May  8 05:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24654]: Received disconnect from 27.254.235.4 port 55948:11: Bye Bye [preauth]
May  8 05:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24654]: Disconnected from 27.254.235.4 port 55948 [preauth]
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24674]: pam_unix(cron:session): session closed for user p13x
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24747]: Successful su for rubyman by root
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24747]: + ??? root:rubyman
May  8 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24747]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351382 of user rubyman.
May  8 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24747]: pam_unix(su:session): session closed for user rubyman
May  8 05:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351382.
May  8 05:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21471]: pam_unix(cron:session): session closed for user root
May  8 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24675]: pam_unix(cron:session): session closed for user samftp
May  8 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23671]: pam_unix(cron:session): session closed for user root
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25090]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25089]: pam_unix(cron:session): session closed for user p13x
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: Successful su for rubyman by root
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: + ??? root:rubyman
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351387 of user rubyman.
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25155]: pam_unix(su:session): session closed for user rubyman
May  8 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351387.
May  8 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22248]: pam_unix(cron:session): session closed for user root
May  8 05:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25090]: pam_unix(cron:session): session closed for user samftp
May  8 05:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Invalid user ftpuser from 194.0.234.19
May  8 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: input_userauth_request: invalid user ftpuser [preauth]
May  8 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 05:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Failed password for invalid user ftpuser from 194.0.234.19 port 51874 ssh2
May  8 05:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25349]: Connection closed by 194.0.234.19 port 51874 [preauth]
May  8 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24199]: pam_unix(cron:session): session closed for user root
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25499]: pam_unix(cron:session): session closed for user p13x
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: Successful su for rubyman by root
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: + ??? root:rubyman
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351391 of user rubyman.
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25571]: pam_unix(su:session): session closed for user rubyman
May  8 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351391.
May  8 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22711]: pam_unix(cron:session): session closed for user root
May  8 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4  user=root
May  8 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25500]: pam_unix(cron:session): session closed for user samftp
May  8 05:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Failed password for root from 27.254.235.4 port 34724 ssh2
May  8 05:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Received disconnect from 27.254.235.4 port 34724:11: Bye Bye [preauth]
May  8 05:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Disconnected from 27.254.235.4 port 34724 [preauth]
May  8 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24677]: pam_unix(cron:session): session closed for user root
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25998]: pam_unix(cron:session): session closed for user p13x
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: Successful su for rubyman by root
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: + ??? root:rubyman
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351394 of user rubyman.
May  8 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26068]: pam_unix(su:session): session closed for user rubyman
May  8 05:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351394.
May  8 05:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23167]: pam_unix(cron:session): session closed for user root
May  8 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25999]: pam_unix(cron:session): session closed for user samftp
May  8 05:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26247]: Failed password for root from 122.54.18.220 port 65212 ssh2
May  8 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26247]: Received disconnect from 122.54.18.220 port 65212:11: Bye Bye [preauth]
May  8 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26247]: Disconnected from 122.54.18.220 port 65212 [preauth]
May  8 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25092]: pam_unix(cron:session): session closed for user root
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26408]: pam_unix(cron:session): session closed for user root
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26402]: pam_unix(cron:session): session closed for user p13x
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: Successful su for rubyman by root
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: + ??? root:rubyman
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351400 of user rubyman.
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26556]: pam_unix(su:session): session closed for user rubyman
May  8 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351400.
May  8 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26405]: pam_unix(cron:session): session closed for user root
May  8 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23670]: pam_unix(cron:session): session closed for user root
May  8 05:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26403]: pam_unix(cron:session): session closed for user samftp
May  8 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: Invalid user alex from 27.254.235.4
May  8 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: input_userauth_request: invalid user alex [preauth]
May  8 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: Failed password for invalid user alex from 27.254.235.4 port 41718 ssh2
May  8 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: Received disconnect from 27.254.235.4 port 41718:11: Bye Bye [preauth]
May  8 05:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26763]: Disconnected from 27.254.235.4 port 41718 [preauth]
May  8 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25502]: pam_unix(cron:session): session closed for user root
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26937]: pam_unix(cron:session): session closed for user p13x
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27044]: Successful su for rubyman by root
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27044]: + ??? root:rubyman
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27044]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351405 of user rubyman.
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27044]: pam_unix(su:session): session closed for user rubyman
May  8 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351405.
May  8 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24198]: pam_unix(cron:session): session closed for user root
May  8 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26938]: pam_unix(cron:session): session closed for user samftp
May  8 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26001]: pam_unix(cron:session): session closed for user root
May  8 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27452]: pam_unix(cron:session): session closed for user p13x
May  8 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27532]: Successful su for rubyman by root
May  8 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27532]: + ??? root:rubyman
May  8 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27532]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351408 of user rubyman.
May  8 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27532]: pam_unix(su:session): session closed for user rubyman
May  8 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351408.
May  8 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24676]: pam_unix(cron:session): session closed for user root
May  8 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27453]: pam_unix(cron:session): session closed for user samftp
May  8 05:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Invalid user sentry from 27.254.235.4
May  8 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: input_userauth_request: invalid user sentry [preauth]
May  8 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Failed password for invalid user sentry from 27.254.235.4 port 48710 ssh2
May  8 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Received disconnect from 27.254.235.4 port 48710:11: Bye Bye [preauth]
May  8 05:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27735]: Disconnected from 27.254.235.4 port 48710 [preauth]
May  8 05:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26407]: pam_unix(cron:session): session closed for user root
May  8 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27890]: pam_unix(cron:session): session closed for user p13x
May  8 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: Successful su for rubyman by root
May  8 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: + ??? root:rubyman
May  8 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351412 of user rubyman.
May  8 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27955]: pam_unix(su:session): session closed for user rubyman
May  8 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351412.
May  8 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25091]: pam_unix(cron:session): session closed for user root
May  8 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27891]: pam_unix(cron:session): session closed for user samftp
May  8 05:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: Failed password for root from 218.92.0.210 port 22110 ssh2
May  8 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 22110 ssh2]
May  8 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 22110 ssh2 [preauth]
May  8 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: Disconnecting: Too many authentication failures [preauth]
May  8 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 05:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28118]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Invalid user admin from 80.94.95.241
May  8 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: input_userauth_request: invalid user admin [preauth]
May  8 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 05:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for invalid user admin from 80.94.95.241 port 31204 ssh2
May  8 05:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: Failed password for root from 218.92.0.210 port 12422 ssh2
May  8 05:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for invalid user admin from 80.94.95.241 port 31204 ssh2
May  8 05:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: Failed password for root from 218.92.0.210 port 12422 ssh2
May  8 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for invalid user admin from 80.94.95.241 port 31204 ssh2
May  8 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for invalid user admin from 80.94.95.241 port 31204 ssh2
May  8 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:58:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: Failed password for root from 218.92.0.210 port 12422 ssh2
May  8 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26941]: pam_unix(cron:session): session closed for user root
May  8 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Failed password for invalid user admin from 80.94.95.241 port 31204 ssh2
May  8 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Received disconnect from 80.94.95.241 port 31204:11: Bye [preauth]
May  8 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: Disconnected from 80.94.95.241 port 31204 [preauth]
May  8 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 05:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28177]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 05:58:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: Failed password for root from 218.92.0.210 port 12422 ssh2
May  8 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: message repeated 2 times: [ Failed password for root from 218.92.0.210 port 12422 ssh2]
May  8 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 12422 ssh2 [preauth]
May  8 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: Disconnecting: Too many authentication failures [preauth]
May  8 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 05:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28188]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 05:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 05:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Failed password for root from 218.92.0.210 port 23306 ssh2
May  8 05:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Received disconnect from 218.92.0.210 port 23306:11:  [preauth]
May  8 05:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28273]: Disconnected from 218.92.0.210 port 23306 [preauth]
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28300]: pam_unix(cron:session): session closed for user p13x
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: Successful su for rubyman by root
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: + ??? root:rubyman
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351416 of user rubyman.
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28365]: pam_unix(su:session): session closed for user rubyman
May  8 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351416.
May  8 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25501]: pam_unix(cron:session): session closed for user root
May  8 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28301]: pam_unix(cron:session): session closed for user samftp
May  8 05:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 05:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Invalid user ubuntu from 27.254.235.4
May  8 05:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: input_userauth_request: invalid user ubuntu [preauth]
May  8 05:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: pam_unix(sshd:auth): check pass; user unknown
May  8 05:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.254.235.4
May  8 05:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Failed password for invalid user ubuntu from 27.254.235.4 port 55696 ssh2
May  8 05:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Received disconnect from 27.254.235.4 port 55696:11: Bye Bye [preauth]
May  8 05:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28574]: Disconnected from 27.254.235.4 port 55696 [preauth]
May  8 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27455]: pam_unix(cron:session): session closed for user root
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28712]: pam_unix(cron:session): session closed for user root
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28708]: pam_unix(cron:session): session closed for user root
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28706]: pam_unix(cron:session): session closed for user p13x
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28802]: Successful su for rubyman by root
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28802]: + ??? root:rubyman
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351424 of user rubyman.
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28802]: pam_unix(su:session): session closed for user rubyman
May  8 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351424.
May  8 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28709]: pam_unix(cron:session): session closed for user root
May  8 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26000]: pam_unix(cron:session): session closed for user root
May  8 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28707]: pam_unix(cron:session): session closed for user samftp
May  8 06:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27893]: pam_unix(cron:session): session closed for user root
May  8 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Invalid user admin from 80.94.95.112
May  8 06:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: input_userauth_request: invalid user admin [preauth]
May  8 06:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 06:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user admin from 80.94.95.112 port 63668 ssh2
May  8 06:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user admin from 80.94.95.112 port 63668 ssh2
May  8 06:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user admin from 80.94.95.112 port 63668 ssh2
May  8 06:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user admin from 80.94.95.112 port 63668 ssh2
May  8 06:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Failed password for invalid user admin from 80.94.95.112 port 63668 ssh2
May  8 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Received disconnect from 80.94.95.112 port 63668:11: Bye [preauth]
May  8 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: Disconnected from 80.94.95.112 port 63668 [preauth]
May  8 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29258]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29312]: pam_unix(cron:session): session closed for user p13x
May  8 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: Successful su for rubyman by root
May  8 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: + ??? root:rubyman
May  8 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351428 of user rubyman.
May  8 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29384]: pam_unix(su:session): session closed for user rubyman
May  8 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351428.
May  8 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26406]: pam_unix(cron:session): session closed for user root
May  8 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29313]: pam_unix(cron:session): session closed for user samftp
May  8 06:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Invalid user esuser from 122.54.18.220
May  8 06:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: input_userauth_request: invalid user esuser [preauth]
May  8 06:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 06:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Failed password for invalid user esuser from 122.54.18.220 port 7229 ssh2
May  8 06:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Received disconnect from 122.54.18.220 port 7229:11: Bye Bye [preauth]
May  8 06:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29586]: Disconnected from 122.54.18.220 port 7229 [preauth]
May  8 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28303]: pam_unix(cron:session): session closed for user root
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29728]: pam_unix(cron:session): session closed for user p13x
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: Successful su for rubyman by root
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: + ??? root:rubyman
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351434 of user rubyman.
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29798]: pam_unix(su:session): session closed for user rubyman
May  8 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351434.
May  8 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26940]: pam_unix(cron:session): session closed for user root
May  8 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29729]: pam_unix(cron:session): session closed for user samftp
May  8 06:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Invalid user  from 103.148.150.87
May  8 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: input_userauth_request: invalid user  [preauth]
May  8 06:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30014]: Connection closed by 103.148.150.87 port 34122 [preauth]
May  8 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28711]: pam_unix(cron:session): session closed for user root
May  8 06:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Invalid user admin123 from 80.94.95.116
May  8 06:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: input_userauth_request: invalid user admin123 [preauth]
May  8 06:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Failed password for invalid user admin123 from 80.94.95.116 port 55914 ssh2
May  8 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Connection closed by 80.94.95.116 port 55914 [preauth]
May  8 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30142]: pam_unix(cron:session): session closed for user p13x
May  8 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30203]: Successful su for rubyman by root
May  8 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30203]: + ??? root:rubyman
May  8 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351436 of user rubyman.
May  8 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30203]: pam_unix(su:session): session closed for user rubyman
May  8 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351436.
May  8 06:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27454]: pam_unix(cron:session): session closed for user root
May  8 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30144]: pam_unix(cron:session): session closed for user samftp
May  8 06:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29316]: pam_unix(cron:session): session closed for user root
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30535]: pam_unix(cron:session): session closed for user p13x
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: Successful su for rubyman by root
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: + ??? root:rubyman
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351439 of user rubyman.
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30593]: pam_unix(su:session): session closed for user rubyman
May  8 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351439.
May  8 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27892]: pam_unix(cron:session): session closed for user root
May  8 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30536]: pam_unix(cron:session): session closed for user samftp
May  8 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29731]: pam_unix(cron:session): session closed for user root
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30949]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30949]: pam_unix(cron:session): session closed for user root
May  8 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30940]: pam_unix(cron:session): session closed for user p13x
May  8 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: Successful su for rubyman by root
May  8 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: + ??? root:rubyman
May  8 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351445 of user rubyman.
May  8 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31092]: pam_unix(su:session): session closed for user rubyman
May  8 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351445.
May  8 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30945]: pam_unix(cron:session): session closed for user root
May  8 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28302]: pam_unix(cron:session): session closed for user root
May  8 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30944]: pam_unix(cron:session): session closed for user samftp
May  8 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30146]: pam_unix(cron:session): session closed for user root
May  8 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31456]: pam_unix(cron:session): session closed for user p13x
May  8 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31536]: Successful su for rubyman by root
May  8 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31536]: + ??? root:rubyman
May  8 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351449 of user rubyman.
May  8 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31536]: pam_unix(su:session): session closed for user rubyman
May  8 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351449.
May  8 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28710]: pam_unix(cron:session): session closed for user root
May  8 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31458]: pam_unix(cron:session): session closed for user samftp
May  8 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30538]: pam_unix(cron:session): session closed for user root
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31918]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31918]: pam_unix(cron:session): session closed for user p13x
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: Successful su for rubyman by root
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: + ??? root:rubyman
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351455 of user rubyman.
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32074]: pam_unix(su:session): session closed for user rubyman
May  8 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351455.
May  8 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29315]: pam_unix(cron:session): session closed for user root
May  8 06:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31926]: pam_unix(cron:session): session closed for user samftp
May  8 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30948]: pam_unix(cron:session): session closed for user root
May  8 06:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32717]: pam_unix(cron:session): session closed for user p13x
May  8 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: Successful su for rubyman by root
May  8 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: + ??? root:rubyman
May  8 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351457 of user rubyman.
May  8 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[324]: pam_unix(su:session): session closed for user rubyman
May  8 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351457.
May  8 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29730]: pam_unix(cron:session): session closed for user root
May  8 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32718]: pam_unix(cron:session): session closed for user samftp
May  8 06:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: Failed password for root from 50.235.31.47 port 53370 ssh2
May  8 06:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[542]: Connection closed by 50.235.31.47 port 53370 [preauth]
May  8 06:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 06:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for root from 80.94.95.125 port 16452 ssh2
May  8 06:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for root from 80.94.95.125 port 16452 ssh2
May  8 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for root from 80.94.95.125 port 16452 ssh2
May  8 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for root from 80.94.95.125 port 16452 ssh2
May  8 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for root from 122.54.18.220 port 51882 ssh2
May  8 06:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Received disconnect from 122.54.18.220 port 51882:11: Bye Bye [preauth]
May  8 06:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Disconnected from 122.54.18.220 port 51882 [preauth]
May  8 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Failed password for root from 80.94.95.125 port 16452 ssh2
May  8 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Received disconnect from 80.94.95.125 port 16452:11: Bye [preauth]
May  8 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: Disconnected from 80.94.95.125 port 16452 [preauth]
May  8 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 06:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[602]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31460]: pam_unix(cron:session): session closed for user root
May  8 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[777]: pam_unix(cron:session): session closed for user p13x
May  8 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[915]: Successful su for rubyman by root
May  8 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[915]: + ??? root:rubyman
May  8 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351462 of user rubyman.
May  8 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[915]: pam_unix(su:session): session closed for user rubyman
May  8 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351462.
May  8 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[775]: pam_unix(cron:session): session closed for user root
May  8 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30145]: pam_unix(cron:session): session closed for user root
May  8 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[778]: pam_unix(cron:session): session closed for user samftp
May  8 06:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31928]: pam_unix(cron:session): session closed for user root
May  8 06:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1374]: pam_unix(cron:session): session closed for user root
May  8 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1368]: pam_unix(cron:session): session closed for user p13x
May  8 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: Successful su for rubyman by root
May  8 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: + ??? root:rubyman
May  8 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351470 of user rubyman.
May  8 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: pam_unix(su:session): session closed for user rubyman
May  8 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351470.
May  8 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1370]: pam_unix(cron:session): session closed for user root
May  8 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30537]: pam_unix(cron:session): session closed for user root
May  8 06:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1369]: pam_unix(cron:session): session closed for user samftp
May  8 06:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32721]: pam_unix(cron:session): session closed for user root
May  8 06:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1906]: pam_unix(cron:session): session closed for user p13x
May  8 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2046]: Successful su for rubyman by root
May  8 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2046]: + ??? root:rubyman
May  8 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351474 of user rubyman.
May  8 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2046]: pam_unix(su:session): session closed for user rubyman
May  8 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351474.
May  8 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30946]: pam_unix(cron:session): session closed for user root
May  8 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1907]: pam_unix(cron:session): session closed for user samftp
May  8 06:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[780]: pam_unix(cron:session): session closed for user root
May  8 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2406]: pam_unix(cron:session): session closed for user p13x
May  8 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2472]: Successful su for rubyman by root
May  8 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2472]: + ??? root:rubyman
May  8 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351476 of user rubyman.
May  8 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2472]: pam_unix(su:session): session closed for user rubyman
May  8 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351476.
May  8 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31459]: pam_unix(cron:session): session closed for user root
May  8 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2409]: pam_unix(cron:session): session closed for user samftp
May  8 06:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1373]: pam_unix(cron:session): session closed for user root
May  8 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2849]: pam_unix(cron:session): session closed for user p13x
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: Successful su for rubyman by root
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: + ??? root:rubyman
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351481 of user rubyman.
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2918]: pam_unix(su:session): session closed for user rubyman
May  8 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351481.
May  8 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31927]: pam_unix(cron:session): session closed for user root
May  8 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2850]: pam_unix(cron:session): session closed for user samftp
May  8 06:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1909]: pam_unix(cron:session): session closed for user root
May  8 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 06:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 218.92.0.207 port 52138 ssh2
May  8 06:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 218.92.0.207 port 52138 ssh2
May  8 06:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Failed password for root from 218.92.0.207 port 52138 ssh2
May  8 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: message repeated 2 times: [ Failed password for root from 218.92.0.207 port 52138 ssh2]
May  8 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 52138 ssh2 [preauth]
May  8 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: Disconnecting: Too many authentication failures [preauth]
May  8 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 06:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3217]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3271]: pam_unix(cron:session): session closed for user p13x
May  8 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3337]: Successful su for rubyman by root
May  8 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3337]: + ??? root:rubyman
May  8 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351484 of user rubyman.
May  8 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3337]: pam_unix(su:session): session closed for user rubyman
May  8 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351484.
May  8 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32720]: pam_unix(cron:session): session closed for user root
May  8 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3272]: pam_unix(cron:session): session closed for user samftp
May  8 06:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3615]: Did not receive identification string from 193.32.162.185
May  8 06:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2412]: pam_unix(cron:session): session closed for user root
May  8 06:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session closed for user root
May  8 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3733]: pam_unix(cron:session): session closed for user p13x
May  8 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3802]: Successful su for rubyman by root
May  8 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3802]: + ??? root:rubyman
May  8 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351493 of user rubyman.
May  8 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3802]: pam_unix(su:session): session closed for user rubyman
May  8 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351493.
May  8 06:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3735]: pam_unix(cron:session): session closed for user root
May  8 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: User mysql from 85.208.84.5 not allowed because not listed in AllowUsers
May  8 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: input_userauth_request: invalid user mysql [preauth]
May  8 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=mysql
May  8 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[779]: pam_unix(cron:session): session closed for user root
May  8 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Failed password for invalid user mysql from 85.208.84.5 port 38306 ssh2
May  8 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Connection closed by 85.208.84.5 port 38306 [preauth]
May  8 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3734]: pam_unix(cron:session): session closed for user samftp
May  8 06:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Failed password for root from 122.54.18.220 port 43830 ssh2
May  8 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Received disconnect from 122.54.18.220 port 43830:11: Bye Bye [preauth]
May  8 06:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4090]: Disconnected from 122.54.18.220 port 43830 [preauth]
May  8 06:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2854]: pam_unix(cron:session): session closed for user root
May  8 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user p13x
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4421]: Successful su for rubyman by root
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4421]: + ??? root:rubyman
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351496 of user rubyman.
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4421]: pam_unix(su:session): session closed for user rubyman
May  8 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351496.
May  8 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1371]: pam_unix(cron:session): session closed for user root
May  8 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user samftp
May  8 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3275]: pam_unix(cron:session): session closed for user root
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4795]: pam_unix(cron:session): session closed for user root
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4797]: pam_unix(cron:session): session closed for user p13x
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4873]: Successful su for rubyman by root
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4873]: + ??? root:rubyman
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4873]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351499 of user rubyman.
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4873]: pam_unix(su:session): session closed for user rubyman
May  8 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351499.
May  8 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1908]: pam_unix(cron:session): session closed for user root
May  8 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4798]: pam_unix(cron:session): session closed for user samftp
May  8 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user root
May  8 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5410]: pam_unix(cron:session): session closed for user p13x
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: Successful su for rubyman by root
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: + ??? root:rubyman
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351505 of user rubyman.
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5482]: pam_unix(su:session): session closed for user rubyman
May  8 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351505.
May  8 06:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2410]: pam_unix(cron:session): session closed for user root
May  8 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5411]: pam_unix(cron:session): session closed for user samftp
May  8 06:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4208]: pam_unix(cron:session): session closed for user root
May  8 06:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Invalid user admin from 190.103.202.7
May  8 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: input_userauth_request: invalid user admin [preauth]
May  8 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 06:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Failed password for invalid user admin from 190.103.202.7 port 52592 ssh2
May  8 06:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5945]: Connection closed by 190.103.202.7 port 52592 [preauth]
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5974]: pam_unix(cron:session): session closed for user p13x
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: Successful su for rubyman by root
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: + ??? root:rubyman
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351507 of user rubyman.
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6046]: pam_unix(su:session): session closed for user rubyman
May  8 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351507.
May  8 06:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2853]: pam_unix(cron:session): session closed for user root
May  8 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5975]: pam_unix(cron:session): session closed for user samftp
May  8 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4800]: pam_unix(cron:session): session closed for user root
May  8 06:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6402]: pam_unix(cron:session): session closed for user root
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6396]: pam_unix(cron:session): session closed for user p13x
May  8 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6471]: Successful su for rubyman by root
May  8 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6471]: + ??? root:rubyman
May  8 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351511 of user rubyman.
May  8 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6471]: pam_unix(su:session): session closed for user rubyman
May  8 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351511.
May  8 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6398]: pam_unix(cron:session): session closed for user root
May  8 06:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3273]: pam_unix(cron:session): session closed for user root
May  8 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6397]: pam_unix(cron:session): session closed for user samftp
May  8 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6360]: Connection reset by 103.148.150.87 port 46662 [preauth]
May  8 06:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6367]: Connection reset by 103.148.150.87 port 46678 [preauth]
May  8 06:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6469]: Connection closed by 103.148.150.87 port 55178 [preauth]
May  8 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5413]: pam_unix(cron:session): session closed for user root
May  8 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6835]: pam_unix(cron:session): session closed for user p13x
May  8 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: Successful su for rubyman by root
May  8 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: + ??? root:rubyman
May  8 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351519 of user rubyman.
May  8 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: pam_unix(su:session): session closed for user rubyman
May  8 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351519.
May  8 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session closed for user root
May  8 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6836]: pam_unix(cron:session): session closed for user samftp
May  8 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5978]: pam_unix(cron:session): session closed for user root
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7348]: pam_unix(cron:session): session closed for user p13x
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7407]: Successful su for rubyman by root
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7407]: + ??? root:rubyman
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351521 of user rubyman.
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7407]: pam_unix(su:session): session closed for user rubyman
May  8 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351521.
May  8 06:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4207]: pam_unix(cron:session): session closed for user root
May  8 06:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7349]: pam_unix(cron:session): session closed for user samftp
May  8 06:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6401]: pam_unix(cron:session): session closed for user root
May  8 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Invalid user username from 122.54.18.220
May  8 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: input_userauth_request: invalid user username [preauth]
May  8 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 06:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Failed password for invalid user username from 122.54.18.220 port 29303 ssh2
May  8 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Received disconnect from 122.54.18.220 port 29303:11: Bye Bye [preauth]
May  8 06:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7817]: Disconnected from 122.54.18.220 port 29303 [preauth]
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user p13x
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7940]: Successful su for rubyman by root
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7940]: + ??? root:rubyman
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351527 of user rubyman.
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7940]: pam_unix(su:session): session closed for user rubyman
May  8 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351527.
May  8 06:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4799]: pam_unix(cron:session): session closed for user root
May  8 06:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session closed for user samftp
May  8 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6838]: pam_unix(cron:session): session closed for user root
May  8 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8300]: pam_unix(cron:session): session closed for user p13x
May  8 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: Successful su for rubyman by root
May  8 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: + ??? root:rubyman
May  8 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351529 of user rubyman.
May  8 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8363]: pam_unix(su:session): session closed for user rubyman
May  8 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351529.
May  8 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5412]: pam_unix(cron:session): session closed for user root
May  8 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8301]: pam_unix(cron:session): session closed for user samftp
May  8 06:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session closed for user root
May  8 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Failed password for root from 103.248.63.75 port 58256 ssh2
May  8 06:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8639]: Connection closed by 103.248.63.75 port 58256 [preauth]
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8738]: pam_unix(cron:session): session closed for user root
May  8 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8733]: pam_unix(cron:session): session closed for user p13x
May  8 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: Successful su for rubyman by root
May  8 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: + ??? root:rubyman
May  8 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351536 of user rubyman.
May  8 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8814]: pam_unix(su:session): session closed for user rubyman
May  8 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351536.
May  8 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5976]: pam_unix(cron:session): session closed for user root
May  8 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8735]: pam_unix(cron:session): session closed for user root
May  8 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8734]: pam_unix(cron:session): session closed for user samftp
May  8 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7880]: pam_unix(cron:session): session closed for user root
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9299]: pam_unix(cron:session): session closed for user p13x
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: Successful su for rubyman by root
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: + ??? root:rubyman
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351540 of user rubyman.
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9373]: pam_unix(su:session): session closed for user rubyman
May  8 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351540.
May  8 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6399]: pam_unix(cron:session): session closed for user root
May  8 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9302]: pam_unix(cron:session): session closed for user samftp
May  8 06:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Invalid user admin from 194.0.234.19
May  8 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: input_userauth_request: invalid user admin [preauth]
May  8 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 06:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Failed password for invalid user admin from 194.0.234.19 port 29766 ssh2
May  8 06:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9616]: Connection closed by 194.0.234.19 port 29766 [preauth]
May  8 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8303]: pam_unix(cron:session): session closed for user root
May  8 06:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Invalid user pi from 103.248.63.75
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: input_userauth_request: invalid user pi [preauth]
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Failed password for root from 103.248.63.75 port 51888 ssh2
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9722]: pam_unix(cron:session): session closed for user p13x
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9708]: Connection closed by 103.248.63.75 port 51888 [preauth]
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9790]: Successful su for rubyman by root
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9790]: + ??? root:rubyman
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351545 of user rubyman.
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9790]: pam_unix(su:session): session closed for user rubyman
May  8 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351545.
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Invalid user hive from 103.248.63.75
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: input_userauth_request: invalid user hive [preauth]
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Failed password for invalid user pi from 103.248.63.75 port 51912 ssh2
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9710]: Connection closed by 103.248.63.75 port 51912 [preauth]
May  8 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6837]: pam_unix(cron:session): session closed for user root
May  8 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: Invalid user git from 103.248.63.75
May  8 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: input_userauth_request: invalid user git [preauth]
May  8 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Failed password for invalid user hive from 103.248.63.75 port 51924 ssh2
May  8 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9778]: Connection closed by 103.248.63.75 port 51924 [preauth]
May  8 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Invalid user wang from 103.248.63.75
May  8 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: input_userauth_request: invalid user wang [preauth]
May  8 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9723]: pam_unix(cron:session): session closed for user samftp
May  8 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: Failed password for invalid user git from 103.248.63.75 port 51938 ssh2
May  8 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9865]: Connection closed by 103.248.63.75 port 51938 [preauth]
May  8 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Invalid user nginx from 103.248.63.75
May  8 06:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: input_userauth_request: invalid user nginx [preauth]
May  8 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Failed password for invalid user wang from 103.248.63.75 port 51942 ssh2
May  8 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9946]: Connection closed by 103.248.63.75 port 51942 [preauth]
May  8 06:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: Invalid user mongo from 103.248.63.75
May  8 06:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: input_userauth_request: invalid user mongo [preauth]
May  8 06:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Failed password for invalid user nginx from 103.248.63.75 port 51946 ssh2
May  8 06:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9970]: Connection closed by 103.248.63.75 port 51946 [preauth]
May  8 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Invalid user user from 103.248.63.75
May  8 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: input_userauth_request: invalid user user [preauth]
May  8 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: Failed password for invalid user mongo from 103.248.63.75 port 28754 ssh2
May  8 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9984]: Connection closed by 103.248.63.75 port 28754 [preauth]
May  8 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: Invalid user oracle from 103.248.63.75
May  8 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: input_userauth_request: invalid user oracle [preauth]
May  8 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Failed password for invalid user user from 103.248.63.75 port 28756 ssh2
May  8 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9986]: Connection closed by 103.248.63.75 port 28756 [preauth]
May  8 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Invalid user gpadmin from 103.248.63.75
May  8 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: input_userauth_request: invalid user gpadmin [preauth]
May  8 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: Failed password for invalid user oracle from 103.248.63.75 port 28764 ssh2
May  8 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9988]: Connection closed by 103.248.63.75 port 28764 [preauth]
May  8 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Failed password for invalid user gpadmin from 103.248.63.75 port 28780 ssh2
May  8 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Connection closed by 103.248.63.75 port 28780 [preauth]
May  8 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: Invalid user esroot from 103.248.63.75
May  8 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: input_userauth_request: invalid user esroot [preauth]
May  8 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Failed password for root from 103.248.63.75 port 28790 ssh2
May  8 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10012]: Connection closed by 103.248.63.75 port 28790 [preauth]
May  8 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: Invalid user gitlab from 103.248.63.75
May  8 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: input_userauth_request: invalid user gitlab [preauth]
May  8 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: Failed password for invalid user esroot from 103.248.63.75 port 28792 ssh2
May  8 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10014]: Connection closed by 103.248.63.75 port 28792 [preauth]
May  8 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: Invalid user apache from 103.248.63.75
May  8 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: input_userauth_request: invalid user apache [preauth]
May  8 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: Failed password for invalid user gitlab from 103.248.63.75 port 40404 ssh2
May  8 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10026]: Connection closed by 103.248.63.75 port 40404 [preauth]
May  8 06:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: Failed password for invalid user apache from 103.248.63.75 port 40406 ssh2
May  8 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10028]: Connection closed by 103.248.63.75 port 40406 [preauth]
May  8 06:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10030]: Failed password for root from 103.248.63.75 port 40416 ssh2
May  8 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10030]: Connection closed by 103.248.63.75 port 40416 [preauth]
May  8 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Invalid user user from 103.248.63.75
May  8 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: input_userauth_request: invalid user user [preauth]
May  8 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10041]: Failed password for root from 103.248.63.75 port 40432 ssh2
May  8 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10041]: Connection closed by 103.248.63.75 port 40432 [preauth]
May  8 06:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: Invalid user lighthouse from 103.248.63.75
May  8 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: input_userauth_request: invalid user lighthouse [preauth]
May  8 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Failed password for invalid user user from 103.248.63.75 port 40446 ssh2
May  8 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10060]: Connection closed by 103.248.63.75 port 40446 [preauth]
May  8 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: Invalid user flask from 103.248.63.75
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: input_userauth_request: invalid user flask [preauth]
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: Failed password for invalid user lighthouse from 103.248.63.75 port 40408 ssh2
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10062]: Connection closed by 103.248.63.75 port 40408 [preauth]
May  8 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Invalid user user1 from 103.248.63.75
May  8 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: input_userauth_request: invalid user user1 [preauth]
May  8 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: Failed password for invalid user flask from 103.248.63.75 port 40410 ssh2
May  8 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10073]: Connection closed by 103.248.63.75 port 40410 [preauth]
May  8 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Invalid user hadoop from 103.248.63.75
May  8 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: input_userauth_request: invalid user hadoop [preauth]
May  8 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Failed password for invalid user user1 from 103.248.63.75 port 40418 ssh2
May  8 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10075]: Connection closed by 103.248.63.75 port 40418 [preauth]
May  8 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Invalid user oracle from 103.248.63.75
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: input_userauth_request: invalid user oracle [preauth]
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Failed password for invalid user hadoop from 103.248.63.75 port 40434 ssh2
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8737]: pam_unix(cron:session): session closed for user root
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10078]: Connection closed by 103.248.63.75 port 40434 [preauth]
May  8 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Invalid user test from 103.248.63.75
May  8 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: input_userauth_request: invalid user test [preauth]
May  8 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Failed password for invalid user oracle from 103.248.63.75 port 40448 ssh2
May  8 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10094]: Connection closed by 103.248.63.75 port 40448 [preauth]
May  8 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Failed password for invalid user test from 103.248.63.75 port 40450 ssh2
May  8 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10109]: Connection closed by 103.248.63.75 port 40450 [preauth]
May  8 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Invalid user developer from 103.248.63.75
May  8 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: input_userauth_request: invalid user developer [preauth]
May  8 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Failed password for root from 103.248.63.75 port 41882 ssh2
May  8 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10111]: Connection closed by 103.248.63.75 port 41882 [preauth]
May  8 06:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Failed password for invalid user developer from 103.248.63.75 port 41890 ssh2
May  8 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10120]: Connection closed by 103.248.63.75 port 41890 [preauth]
May  8 06:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: User mysql from 103.248.63.75 not allowed because not listed in AllowUsers
May  8 06:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: input_userauth_request: invalid user mysql [preauth]
May  8 06:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=mysql
May  8 06:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Failed password for root from 103.248.63.75 port 41898 ssh2
May  8 06:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10123]: Connection closed by 103.248.63.75 port 41898 [preauth]
May  8 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Failed password for invalid user mysql from 103.248.63.75 port 41906 ssh2
May  8 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Connection closed by 103.248.63.75 port 41906 [preauth]
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Invalid user tom from 103.248.63.75
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: input_userauth_request: invalid user tom [preauth]
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: Failed password for root from 103.248.63.75 port 41912 ssh2
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: Connection closed by 103.248.63.75 port 41912 [preauth]
May  8 06:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Failed password for invalid user tom from 103.248.63.75 port 41914 ssh2
May  8 06:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10150]: Connection closed by 103.248.63.75 port 41914 [preauth]
May  8 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Invalid user oscar from 103.248.63.75
May  8 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: input_userauth_request: invalid user oscar [preauth]
May  8 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Failed password for root from 103.248.63.75 port 23644 ssh2
May  8 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10152]: Connection closed by 103.248.63.75 port 23644 [preauth]
May  8 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Failed password for invalid user oscar from 103.248.63.75 port 23652 ssh2
May  8 06:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10154]: Connection closed by 103.248.63.75 port 23652 [preauth]
May  8 06:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: Failed password for root from 103.248.63.75 port 23664 ssh2
May  8 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10165]: Connection closed by 103.248.63.75 port 23664 [preauth]
May  8 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Invalid user user1 from 103.248.63.75
May  8 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: input_userauth_request: invalid user user1 [preauth]
May  8 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Failed password for root from 103.248.63.75 port 23678 ssh2
May  8 06:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10167]: Connection closed by 103.248.63.75 port 23678 [preauth]
May  8 06:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Failed password for invalid user user1 from 103.248.63.75 port 23684 ssh2
May  8 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10169]: Connection closed by 103.248.63.75 port 23684 [preauth]
May  8 06:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Invalid user flink from 103.248.63.75
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: input_userauth_request: invalid user flink [preauth]
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Failed password for root from 103.248.63.75 port 23690 ssh2
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10179]: Connection closed by 103.248.63.75 port 23690 [preauth]
May  8 06:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Invalid user apache from 103.248.63.75
May  8 06:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: input_userauth_request: invalid user apache [preauth]
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Failed password for invalid user flink from 103.248.63.75 port 12318 ssh2
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10194]: pam_unix(cron:session): session closed for user p13x
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10181]: Connection closed by 103.248.63.75 port 12318 [preauth]
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: Successful su for rubyman by root
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: + ??? root:rubyman
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351549 of user rubyman.
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10350]: pam_unix(su:session): session closed for user rubyman
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351549.
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Failed password for invalid user apache from 103.248.63.75 port 12326 ssh2
May  8 06:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10183]: Connection closed by 103.248.63.75 port 12326 [preauth]
May  8 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Invalid user nginx from 103.248.63.75
May  8 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: input_userauth_request: invalid user nginx [preauth]
May  8 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7350]: pam_unix(cron:session): session closed for user root
May  8 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10328]: Failed password for root from 103.248.63.75 port 12332 ssh2
May  8 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10328]: Connection closed by 103.248.63.75 port 12332 [preauth]
May  8 06:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Invalid user esuser from 103.248.63.75
May  8 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: input_userauth_request: invalid user esuser [preauth]
May  8 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10195]: pam_unix(cron:session): session closed for user samftp
May  8 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Failed password for invalid user nginx from 103.248.63.75 port 12340 ssh2
May  8 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10430]: Connection closed by 103.248.63.75 port 12340 [preauth]
May  8 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Failed password for invalid user esuser from 103.248.63.75 port 12342 ssh2
May  8 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Connection closed by 103.248.63.75 port 12342 [preauth]
May  8 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: Invalid user git from 103.248.63.75
May  8 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: input_userauth_request: invalid user git [preauth]
May  8 06:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Failed password for root from 103.248.63.75 port 12354 ssh2
May  8 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10560]: Connection closed by 103.248.63.75 port 12354 [preauth]
May  8 06:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: Invalid user postgres from 103.248.63.75
May  8 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: input_userauth_request: invalid user postgres [preauth]
May  8 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: Failed password for invalid user git from 103.248.63.75 port 57812 ssh2
May  8 06:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10562]: Connection closed by 103.248.63.75 port 57812 [preauth]
May  8 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Invalid user svnuser from 103.248.63.75
May  8 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: input_userauth_request: invalid user svnuser [preauth]
May  8 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: Failed password for invalid user postgres from 103.248.63.75 port 57822 ssh2
May  8 06:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10566]: Connection closed by 103.248.63.75 port 57822 [preauth]
May  8 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Failed password for invalid user svnuser from 103.248.63.75 port 57824 ssh2
May  8 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Invalid user dolphinscheduler from 103.248.63.75
May  8 06:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10576]: Connection closed by 103.248.63.75 port 57824 [preauth]
May  8 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Failed password for invalid user dolphinscheduler from 103.248.63.75 port 57826 ssh2
May  8 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10585]: Connection closed by 103.248.63.75 port 57826 [preauth]
May  8 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Invalid user plexserver from 103.248.63.75
May  8 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: input_userauth_request: invalid user plexserver [preauth]
May  8 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: Failed password for root from 103.248.63.75 port 57838 ssh2
May  8 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10597]: Connection closed by 103.248.63.75 port 57838 [preauth]
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Invalid user sonar from 103.248.63.75
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: input_userauth_request: invalid user sonar [preauth]
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Failed password for invalid user plexserver from 103.248.63.75 port 56592 ssh2
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10611]: Connection closed by 103.248.63.75 port 56592 [preauth]
May  8 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: Invalid user app from 103.248.63.75
May  8 06:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: input_userauth_request: invalid user app [preauth]
May  8 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Failed password for invalid user sonar from 103.248.63.75 port 56596 ssh2
May  8 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10613]: Connection closed by 103.248.63.75 port 56596 [preauth]
May  8 06:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: Invalid user tools from 103.248.63.75
May  8 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: input_userauth_request: invalid user tools [preauth]
May  8 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: Failed password for invalid user app from 103.248.63.75 port 56612 ssh2
May  8 06:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10625]: Connection closed by 103.248.63.75 port 56612 [preauth]
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Invalid user lighthouse from 103.248.63.75
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: input_userauth_request: invalid user lighthouse [preauth]
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: Failed password for invalid user tools from 103.248.63.75 port 56622 ssh2
May  8 06:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10640]: Connection closed by 103.248.63.75 port 56622 [preauth]
May  8 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: User mysql from 103.248.63.75 not allowed because not listed in AllowUsers
May  8 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: input_userauth_request: invalid user mysql [preauth]
May  8 06:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=mysql
May  8 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Failed password for invalid user lighthouse from 103.248.63.75 port 56624 ssh2
May  8 06:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10644]: Connection closed by 103.248.63.75 port 56624 [preauth]
May  8 06:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Failed password for invalid user mysql from 103.248.63.75 port 56634 ssh2
May  8 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10661]: Connection closed by 103.248.63.75 port 56634 [preauth]
May  8 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Invalid user gpadmin from 103.248.63.75
May  8 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: input_userauth_request: invalid user gpadmin [preauth]
May  8 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Failed password for root from 103.248.63.75 port 24968 ssh2
May  8 06:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10682]: Connection closed by 103.248.63.75 port 24968 [preauth]
May  8 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Invalid user oracle from 103.248.63.75
May  8 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: input_userauth_request: invalid user oracle [preauth]
May  8 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Failed password for invalid user gpadmin from 103.248.63.75 port 24974 ssh2
May  8 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10687]: Connection closed by 103.248.63.75 port 24974 [preauth]
May  8 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9304]: pam_unix(cron:session): session closed for user root
May  8 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Failed password for invalid user oracle from 103.248.63.75 port 24988 ssh2
May  8 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10691]: Connection closed by 103.248.63.75 port 24988 [preauth]
May  8 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Invalid user www from 103.248.63.75
May  8 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: input_userauth_request: invalid user www [preauth]
May  8 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Failed password for root from 103.248.63.75 port 24990 ssh2
May  8 06:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10693]: Connection closed by 103.248.63.75 port 24990 [preauth]
May  8 06:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Failed password for invalid user www from 103.248.63.75 port 24998 ssh2
May  8 06:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10731]: Connection closed by 103.248.63.75 port 24998 [preauth]
May  8 06:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: Invalid user oscar from 103.248.63.75
May  8 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: input_userauth_request: invalid user oscar [preauth]
May  8 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for root from 103.248.63.75 port 25008 ssh2
May  8 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Connection closed by 103.248.63.75 port 25008 [preauth]
May  8 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Invalid user test from 103.248.63.75
May  8 06:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: input_userauth_request: invalid user test [preauth]
May  8 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: Failed password for invalid user oscar from 103.248.63.75 port 25020 ssh2
May  8 06:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10751]: Connection closed by 103.248.63.75 port 25020 [preauth]
May  8 06:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Invalid user admin from 103.248.63.75
May  8 06:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: input_userauth_request: invalid user admin [preauth]
May  8 06:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Failed password for invalid user test from 103.248.63.75 port 28580 ssh2
May  8 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10765]: Connection closed by 103.248.63.75 port 28580 [preauth]
May  8 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user admin from 103.248.63.75 port 28586 ssh2
May  8 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Connection closed by 103.248.63.75 port 28586 [preauth]
May  8 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Invalid user app from 103.248.63.75
May  8 06:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: input_userauth_request: invalid user app [preauth]
May  8 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Failed password for root from 103.248.63.75 port 28592 ssh2
May  8 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10769]: Connection closed by 103.248.63.75 port 28592 [preauth]
May  8 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Invalid user elastic from 103.248.63.75
May  8 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: input_userauth_request: invalid user elastic [preauth]
May  8 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Failed password for invalid user app from 103.248.63.75 port 28602 ssh2
May  8 06:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10784]: Connection closed by 103.248.63.75 port 28602 [preauth]
May  8 06:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Failed password for invalid user elastic from 103.248.63.75 port 28612 ssh2
May  8 06:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10795]: Connection closed by 103.248.63.75 port 28612 [preauth]
May  8 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: Invalid user guest from 103.248.63.75
May  8 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: input_userauth_request: invalid user guest [preauth]
May  8 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Failed password for root from 103.248.63.75 port 28626 ssh2
May  8 06:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: Connection closed by 103.248.63.75 port 28626 [preauth]
May  8 06:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: Failed password for invalid user guest from 103.248.63.75 port 48540 ssh2
May  8 06:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10809]: Connection closed by 103.248.63.75 port 48540 [preauth]
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Invalid user sonar from 103.248.63.75
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: input_userauth_request: invalid user sonar [preauth]
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Failed password for root from 103.248.63.75 port 48548 ssh2
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10811]: Connection closed by 103.248.63.75 port 48548 [preauth]
May  8 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: Invalid user jumpserver from 103.248.63.75
May  8 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: input_userauth_request: invalid user jumpserver [preauth]
May  8 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Failed password for invalid user sonar from 103.248.63.75 port 48560 ssh2
May  8 06:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10813]: Connection closed by 103.248.63.75 port 48560 [preauth]
May  8 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Invalid user tom from 103.248.63.75
May  8 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: input_userauth_request: invalid user tom [preauth]
May  8 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: Failed password for invalid user jumpserver from 103.248.63.75 port 48574 ssh2
May  8 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10822]: Connection closed by 103.248.63.75 port 48574 [preauth]
May  8 06:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Failed password for invalid user tom from 103.248.63.75 port 48588 ssh2
May  8 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: Connection closed by 103.248.63.75 port 48588 [preauth]
May  8 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Invalid user git from 103.248.63.75
May  8 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: input_userauth_request: invalid user git [preauth]
May  8 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Failed password for root from 103.248.63.75 port 48604 ssh2
May  8 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10827]: Connection closed by 103.248.63.75 port 48604 [preauth]
May  8 06:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user p13x
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: Invalid user ranger from 103.248.63.75
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: input_userauth_request: invalid user ranger [preauth]
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: Successful su for rubyman by root
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: + ??? root:rubyman
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351552 of user rubyman.
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: pam_unix(su:session): session closed for user rubyman
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351552.
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Failed password for invalid user git from 103.248.63.75 port 40404 ssh2
May  8 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Connection closed by 103.248.63.75 port 40404 [preauth]
May  8 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: Failed password for invalid user ranger from 103.248.63.75 port 40406 ssh2
May  8 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10841]: Connection closed by 103.248.63.75 port 40406 [preauth]
May  8 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session closed for user root
May  8 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Invalid user appuser from 103.248.63.75
May  8 06:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: input_userauth_request: invalid user appuser [preauth]
May  8 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.204 port 38886 ssh2
May  8 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Failed password for root from 103.248.63.75 port 40408 ssh2
May  8 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Connection closed by 103.248.63.75 port 40408 [preauth]
May  8 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Invalid user tom from 103.248.63.75
May  8 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: input_userauth_request: invalid user tom [preauth]
May  8 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user samftp
May  8 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Failed password for invalid user appuser from 103.248.63.75 port 40420 ssh2
May  8 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11020]: Connection closed by 103.248.63.75 port 40420 [preauth]
May  8 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.204 port 38886 ssh2
May  8 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Failed password for invalid user tom from 103.248.63.75 port 40434 ssh2
May  8 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11074]: Connection closed by 103.248.63.75 port 40434 [preauth]
May  8 06:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: Invalid user ubuntu from 103.248.63.75
May  8 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: input_userauth_request: invalid user ubuntu [preauth]
May  8 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Failed password for root from 103.248.63.75 port 49870 ssh2
May  8 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11093]: Connection closed by 103.248.63.75 port 49870 [preauth]
May  8 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: Invalid user elsearch from 103.248.63.75
May  8 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: input_userauth_request: invalid user elsearch [preauth]
May  8 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.204 port 38886 ssh2
May  8 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: Failed password for invalid user ubuntu from 103.248.63.75 port 49886 ssh2
May  8 06:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11095]: Connection closed by 103.248.63.75 port 49886 [preauth]
May  8 06:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Invalid user nginx from 103.248.63.75
May  8 06:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: input_userauth_request: invalid user nginx [preauth]
May  8 06:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: Failed password for invalid user elsearch from 103.248.63.75 port 49888 ssh2
May  8 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11105]: Connection closed by 103.248.63.75 port 49888 [preauth]
May  8 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Invalid user rancher from 103.248.63.75
May  8 06:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: input_userauth_request: invalid user rancher [preauth]
May  8 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.204 port 38886 ssh2
May  8 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Failed password for invalid user nginx from 103.248.63.75 port 49894 ssh2
May  8 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11107]: Connection closed by 103.248.63.75 port 49894 [preauth]
May  8 06:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Failed password for invalid user rancher from 103.248.63.75 port 49904 ssh2
May  8 06:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11117]: Connection closed by 103.248.63.75 port 49904 [preauth]
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: Invalid user rancher from 103.248.63.75
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: input_userauth_request: invalid user rancher [preauth]
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Failed password for root from 218.92.0.204 port 38886 ssh2
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 38886 ssh2 [preauth]
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: Disconnecting: Too many authentication failures [preauth]
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10843]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: Failed password for root from 103.248.63.75 port 49914 ssh2
May  8 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11126]: Connection closed by 103.248.63.75 port 49914 [preauth]
May  8 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: Invalid user es from 103.248.63.75
May  8 06:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: input_userauth_request: invalid user es [preauth]
May  8 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: Failed password for invalid user rancher from 103.248.63.75 port 43598 ssh2
May  8 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11136]: Connection closed by 103.248.63.75 port 43598 [preauth]
May  8 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: Failed password for invalid user es from 103.248.63.75 port 43604 ssh2
May  8 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11139]: Connection closed by 103.248.63.75 port 43604 [preauth]
May  8 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Invalid user user from 103.248.63.75
May  8 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: input_userauth_request: invalid user user [preauth]
May  8 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Failed password for root from 103.248.63.75 port 43618 ssh2
May  8 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11148]: Connection closed by 103.248.63.75 port 43618 [preauth]
May  8 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.204 port 23114 ssh2
May  8 06:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Failed password for invalid user user from 103.248.63.75 port 43632 ssh2
May  8 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11154]: Connection closed by 103.248.63.75 port 43632 [preauth]
May  8 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Invalid user uftp from 103.248.63.75
May  8 06:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: input_userauth_request: invalid user uftp [preauth]
May  8 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Failed password for root from 103.248.63.75 port 43640 ssh2
May  8 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11157]: Connection closed by 103.248.63.75 port 43640 [preauth]
May  8 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.204 port 23114 ssh2
May  8 06:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Invalid user data from 103.248.63.75
May  8 06:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: input_userauth_request: invalid user data [preauth]
May  8 06:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Failed password for invalid user uftp from 103.248.63.75 port 43652 ssh2
May  8 06:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11181]: Connection closed by 103.248.63.75 port 43652 [preauth]
May  8 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: Invalid user bigdata from 103.248.63.75
May  8 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: input_userauth_request: invalid user bigdata [preauth]
May  8 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Failed password for invalid user data from 103.248.63.75 port 12966 ssh2
May  8 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.204 port 23114 ssh2
May  8 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11184]: Connection closed by 103.248.63.75 port 12966 [preauth]
May  8 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Invalid user oracle from 103.248.63.75
May  8 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: input_userauth_request: invalid user oracle [preauth]
May  8 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: Failed password for invalid user bigdata from 103.248.63.75 port 12972 ssh2
May  8 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11187]: Connection closed by 103.248.63.75 port 12972 [preauth]
May  8 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.204 port 23114 ssh2
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Failed password for invalid user oracle from 103.248.63.75 port 12974 ssh2
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Invalid user plex from 103.248.63.75
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: input_userauth_request: invalid user plex [preauth]
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9725]: pam_unix(cron:session): session closed for user root
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Connection closed by 103.248.63.75 port 12974 [preauth]
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Invalid user steam from 103.248.63.75
May  8 06:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: input_userauth_request: invalid user steam [preauth]
May  8 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Failed password for invalid user plex from 103.248.63.75 port 12988 ssh2
May  8 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11199]: Connection closed by 103.248.63.75 port 12988 [preauth]
May  8 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Invalid user esuser from 103.248.63.75
May  8 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: input_userauth_request: invalid user esuser [preauth]
May  8 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.204 port 23114 ssh2
May  8 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Failed password for invalid user steam from 103.248.63.75 port 12998 ssh2
May  8 06:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11221]: Connection closed by 103.248.63.75 port 12998 [preauth]
May  8 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Invalid user observer from 103.248.63.75
May  8 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: input_userauth_request: invalid user observer [preauth]
May  8 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Failed password for invalid user esuser from 103.248.63.75 port 13008 ssh2
May  8 06:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11230]: Connection closed by 103.248.63.75 port 13008 [preauth]
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Invalid user docker from 103.248.63.75
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: input_userauth_request: invalid user docker [preauth]
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for root from 218.92.0.204 port 23114 ssh2
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 23114 ssh2 [preauth]
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Disconnecting: Too many authentication failures [preauth]
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Failed password for invalid user observer from 103.248.63.75 port 17500 ssh2
May  8 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11233]: Connection closed by 103.248.63.75 port 17500 [preauth]
May  8 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Invalid user user from 103.248.63.75
May  8 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: input_userauth_request: invalid user user [preauth]
May  8 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Failed password for invalid user docker from 103.248.63.75 port 17512 ssh2
May  8 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11235]: Connection closed by 103.248.63.75 port 17512 [preauth]
May  8 06:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Invalid user elastic from 103.248.63.75
May  8 06:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: input_userauth_request: invalid user elastic [preauth]
May  8 06:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Failed password for invalid user user from 103.248.63.75 port 17522 ssh2
May  8 06:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11244]: Connection closed by 103.248.63.75 port 17522 [preauth]
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Invalid user oracle from 103.248.63.75
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: input_userauth_request: invalid user oracle [preauth]
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Failed password for invalid user elastic from 103.248.63.75 port 17536 ssh2
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11248]: Connection closed by 103.248.63.75 port 17536 [preauth]
May  8 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Invalid user postgres from 103.248.63.75
May  8 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: input_userauth_request: invalid user postgres [preauth]
May  8 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Failed password for invalid user oracle from 103.248.63.75 port 17546 ssh2
May  8 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11264]: Connection closed by 103.248.63.75 port 17546 [preauth]
May  8 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Invalid user ts from 103.248.63.75
May  8 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: input_userauth_request: invalid user ts [preauth]
May  8 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Failed password for invalid user postgres from 103.248.63.75 port 17562 ssh2
May  8 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11266]: Connection closed by 103.248.63.75 port 17562 [preauth]
May  8 06:29:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Failed password for invalid user ts from 103.248.63.75 port 57852 ssh2
May  8 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11276]: Connection closed by 103.248.63.75 port 57852 [preauth]
May  8 06:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Invalid user ftpuser from 103.248.63.75
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: input_userauth_request: invalid user ftpuser [preauth]
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: Failed password for root from 103.248.63.75 port 57866 ssh2
May  8 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11279]: Connection closed by 103.248.63.75 port 57866 [preauth]
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Failed password for root from 122.54.18.220 port 10534 ssh2
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Received disconnect from 122.54.18.220 port 10534:11: Bye Bye [preauth]
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11281]: Disconnected from 122.54.18.220 port 10534 [preauth]
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Invalid user test from 103.248.63.75
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: input_userauth_request: invalid user test [preauth]
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Failed password for invalid user ftpuser from 103.248.63.75 port 57874 ssh2
May  8 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11284]: Connection closed by 103.248.63.75 port 57874 [preauth]
May  8 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Invalid user gitlab from 103.248.63.75
May  8 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: input_userauth_request: invalid user gitlab [preauth]
May  8 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Failed password for invalid user test from 103.248.63.75 port 57878 ssh2
May  8 06:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11294]: Connection closed by 103.248.63.75 port 57878 [preauth]
May  8 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: Invalid user guest from 103.248.63.75
May  8 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: input_userauth_request: invalid user guest [preauth]
May  8 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for invalid user gitlab from 103.248.63.75 port 57884 ssh2
May  8 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Connection closed by 103.248.63.75 port 57884 [preauth]
May  8 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Invalid user worker from 103.248.63.75
May  8 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: input_userauth_request: invalid user worker [preauth]
May  8 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: Failed password for invalid user guest from 103.248.63.75 port 15400 ssh2
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11298]: Connection closed by 103.248.63.75 port 15400 [preauth]
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11318]: pam_unix(cron:session): session closed for user root
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11313]: pam_unix(cron:session): session closed for user p13x
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Invalid user flask from 103.248.63.75
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: input_userauth_request: invalid user flask [preauth]
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11378]: Successful su for rubyman by root
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11378]: + ??? root:rubyman
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11378]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351558 of user rubyman.
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11378]: pam_unix(su:session): session closed for user rubyman
May  8 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351558.
May  8 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Failed password for invalid user worker from 103.248.63.75 port 15410 ssh2
May  8 06:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11308]: Connection closed by 103.248.63.75 port 15410 [preauth]
May  8 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Invalid user gpuadmin from 103.248.63.75
May  8 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: input_userauth_request: invalid user gpuadmin [preauth]
May  8 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Failed password for invalid user flask from 103.248.63.75 port 15412 ssh2
May  8 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11310]: Connection closed by 103.248.63.75 port 15412 [preauth]
May  8 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11315]: pam_unix(cron:session): session closed for user root
May  8 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Invalid user zabbix from 103.248.63.75
May  8 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: input_userauth_request: invalid user zabbix [preauth]
May  8 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8302]: pam_unix(cron:session): session closed for user root
May  8 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Failed password for invalid user gpuadmin from 103.248.63.75 port 15418 ssh2
May  8 06:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11402]: Connection closed by 103.248.63.75 port 15418 [preauth]
May  8 06:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Failed password for invalid user zabbix from 103.248.63.75 port 15420 ssh2
May  8 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11314]: pam_unix(cron:session): session closed for user samftp
May  8 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11484]: Connection closed by 103.248.63.75 port 15420 [preauth]
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: Invalid user flask from 103.248.63.75
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: input_userauth_request: invalid user flask [preauth]
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Failed password for root from 103.248.63.75 port 15436 ssh2
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11566]: Connection closed by 103.248.63.75 port 15436 [preauth]
May  8 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Invalid user gitlab from 103.248.63.75
May  8 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: input_userauth_request: invalid user gitlab [preauth]
May  8 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: Failed password for invalid user flask from 103.248.63.75 port 15452 ssh2
May  8 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11600]: Connection closed by 103.248.63.75 port 15452 [preauth]
May  8 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Invalid user testuser from 103.248.63.75
May  8 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: input_userauth_request: invalid user testuser [preauth]
May  8 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Failed password for invalid user gitlab from 103.248.63.75 port 17002 ssh2
May  8 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11607]: Connection closed by 103.248.63.75 port 17002 [preauth]
May  8 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Invalid user postgres from 103.248.63.75
May  8 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: input_userauth_request: invalid user postgres [preauth]
May  8 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Failed password for invalid user testuser from 103.248.63.75 port 17008 ssh2
May  8 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11617]: Connection closed by 103.248.63.75 port 17008 [preauth]
May  8 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Invalid user jenkins from 103.248.63.75
May  8 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: input_userauth_request: invalid user jenkins [preauth]
May  8 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for invalid user postgres from 103.248.63.75 port 17014 ssh2
May  8 06:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Connection closed by 103.248.63.75 port 17014 [preauth]
May  8 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Failed password for invalid user jenkins from 103.248.63.75 port 17026 ssh2
May  8 06:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11627]: Connection closed by 103.248.63.75 port 17026 [preauth]
May  8 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Invalid user admin from 103.248.63.75
May  8 06:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: input_userauth_request: invalid user admin [preauth]
May  8 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Failed password for root from 103.248.63.75 port 17040 ssh2
May  8 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Connection closed by 103.248.63.75 port 17040 [preauth]
May  8 06:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: Invalid user weblogic from 103.248.63.75
May  8 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: input_userauth_request: invalid user weblogic [preauth]
May  8 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Failed password for invalid user admin from 103.248.63.75 port 17054 ssh2
May  8 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11647]: Connection closed by 103.248.63.75 port 17054 [preauth]
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Invalid user centos from 103.248.63.75
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: input_userauth_request: invalid user centos [preauth]
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: Failed password for invalid user weblogic from 103.248.63.75 port 65392 ssh2
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11649]: Connection closed by 103.248.63.75 port 65392 [preauth]
May  8 06:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Invalid user steam from 103.248.63.75
May  8 06:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: input_userauth_request: invalid user steam [preauth]
May  8 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Failed password for invalid user centos from 103.248.63.75 port 65408 ssh2
May  8 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11659]: Connection closed by 103.248.63.75 port 65408 [preauth]
May  8 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Invalid user test from 103.248.63.75
May  8 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: input_userauth_request: invalid user test [preauth]
May  8 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Failed password for invalid user steam from 103.248.63.75 port 65420 ssh2
May  8 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11661]: Connection closed by 103.248.63.75 port 65420 [preauth]
May  8 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: Invalid user test from 103.248.63.75
May  8 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: input_userauth_request: invalid user test [preauth]
May  8 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Failed password for invalid user test from 103.248.63.75 port 65436 ssh2
May  8 06:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11663]: Connection closed by 103.248.63.75 port 65436 [preauth]
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: Failed password for invalid user test from 103.248.63.75 port 65448 ssh2
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Invalid user admin from 80.94.95.241
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: input_userauth_request: invalid user admin [preauth]
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11668]: Connection closed by 103.248.63.75 port 65448 [preauth]
May  8 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: Invalid user centos from 103.248.63.75
May  8 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: input_userauth_request: invalid user centos [preauth]
May  8 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Failed password for root from 103.248.63.75 port 65460 ssh2
May  8 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11687]: Connection closed by 103.248.63.75 port 65460 [preauth]
May  8 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user admin from 80.94.95.241 port 53976 ssh2
May  8 06:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8731]: pam_unix(cron:session): session closed for user root
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: Invalid user tomcat from 103.248.63.75
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: input_userauth_request: invalid user tomcat [preauth]
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: Failed password for invalid user centos from 103.248.63.75 port 18956 ssh2
May  8 06:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11691]: Connection closed by 103.248.63.75 port 18956 [preauth]
May  8 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user admin from 80.94.95.241 port 53976 ssh2
May  8 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: User mysql from 103.248.63.75 not allowed because not listed in AllowUsers
May  8 06:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: input_userauth_request: invalid user mysql [preauth]
May  8 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=mysql
May  8 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: Failed password for invalid user tomcat from 103.248.63.75 port 18964 ssh2
May  8 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10197]: pam_unix(cron:session): session closed for user root
May  8 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11799]: Connection closed by 103.248.63.75 port 18964 [preauth]
May  8 06:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user admin from 80.94.95.241 port 53976 ssh2
May  8 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Failed password for invalid user mysql from 103.248.63.75 port 18976 ssh2
May  8 06:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11896]: Connection closed by 103.248.63.75 port 18976 [preauth]
May  8 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: Failed password for root from 103.248.63.75 port 18980 ssh2
May  8 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11898]: Connection closed by 103.248.63.75 port 18980 [preauth]
May  8 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user admin from 80.94.95.241 port 53976 ssh2
May  8 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Invalid user zabbix from 103.248.63.75
May  8 06:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: input_userauth_request: invalid user zabbix [preauth]
May  8 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11920]: Failed password for root from 103.248.63.75 port 18994 ssh2
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user admin from 80.94.95.241 port 53976 ssh2
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11920]: Connection closed by 103.248.63.75 port 18994 [preauth]
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Invalid user kubernetes from 103.248.63.75
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: input_userauth_request: invalid user kubernetes [preauth]
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Received disconnect from 80.94.95.241 port 53976:11: Bye [preauth]
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Disconnected from 80.94.95.241 port 53976 [preauth]
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Failed password for invalid user zabbix from 103.248.63.75 port 18998 ssh2
May  8 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11932]: Connection closed by 103.248.63.75 port 18998 [preauth]
May  8 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Invalid user observer from 103.248.63.75
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: input_userauth_request: invalid user observer [preauth]
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Failed password for invalid user kubernetes from 103.248.63.75 port 40404 ssh2
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11934]: Connection closed by 103.248.63.75 port 40404 [preauth]
May  8 06:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Invalid user hadoop from 103.248.63.75
May  8 06:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: input_userauth_request: invalid user hadoop [preauth]
May  8 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Failed password for invalid user observer from 103.248.63.75 port 40406 ssh2
May  8 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11936]: Connection closed by 103.248.63.75 port 40406 [preauth]
May  8 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Invalid user bot from 103.248.63.75
May  8 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: input_userauth_request: invalid user bot [preauth]
May  8 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Failed password for invalid user hadoop from 103.248.63.75 port 40412 ssh2
May  8 06:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11948]: Connection closed by 103.248.63.75 port 40412 [preauth]
May  8 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Invalid user debianuser from 103.248.63.75
May  8 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: input_userauth_request: invalid user debianuser [preauth]
May  8 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Failed password for invalid user bot from 103.248.63.75 port 40424 ssh2
May  8 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11950]: Connection closed by 103.248.63.75 port 40424 [preauth]
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Invalid user ranger from 103.248.63.75
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: input_userauth_request: invalid user ranger [preauth]
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Failed password for invalid user debianuser from 103.248.63.75 port 40428 ssh2
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11964]: Connection closed by 103.248.63.75 port 40428 [preauth]
May  8 06:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Invalid user oracle from 103.248.63.75
May  8 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: input_userauth_request: invalid user oracle [preauth]
May  8 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Failed password for invalid user ranger from 103.248.63.75 port 40442 ssh2
May  8 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11974]: Connection closed by 103.248.63.75 port 40442 [preauth]
May  8 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11978]: User ftp from 103.248.63.75 not allowed because not listed in AllowUsers
May  8 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11978]: input_userauth_request: invalid user ftp [preauth]
May  8 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=ftp
May  8 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Failed password for invalid user oracle from 103.248.63.75 port 61676 ssh2
May  8 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11976]: Connection closed by 103.248.63.75 port 61676 [preauth]
May  8 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Invalid user elastic from 103.248.63.75
May  8 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: input_userauth_request: invalid user elastic [preauth]
May  8 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11978]: Failed password for invalid user ftp from 103.248.63.75 port 61688 ssh2
May  8 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11978]: Connection closed by 103.248.63.75 port 61688 [preauth]
May  8 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Failed password for invalid user elastic from 103.248.63.75 port 61692 ssh2
May  8 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11988]: Connection closed by 103.248.63.75 port 61692 [preauth]
May  8 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Invalid user admin from 103.248.63.75
May  8 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: input_userauth_request: invalid user admin [preauth]
May  8 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Failed password for root from 103.248.63.75 port 61698 ssh2
May  8 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Connection closed by 103.248.63.75 port 61698 [preauth]
May  8 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Invalid user default from 103.248.63.75
May  8 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: input_userauth_request: invalid user default [preauth]
May  8 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Failed password for invalid user admin from 103.248.63.75 port 61706 ssh2
May  8 06:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11992]: Connection closed by 103.248.63.75 port 61706 [preauth]
May  8 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Invalid user tomcat from 103.248.63.75
May  8 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: input_userauth_request: invalid user tomcat [preauth]
May  8 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Failed password for invalid user default from 103.248.63.75 port 40408 ssh2
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Connection closed by 103.248.63.75 port 40408 [preauth]
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12009]: pam_unix(cron:session): session closed for user p13x
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Invalid user gitlab from 103.248.63.75
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: input_userauth_request: invalid user gitlab [preauth]
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: Successful su for rubyman by root
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: + ??? root:rubyman
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351562 of user rubyman.
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12073]: pam_unix(su:session): session closed for user rubyman
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351562.
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Failed password for invalid user tomcat from 103.248.63.75 port 40410 ssh2
May  8 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12004]: Connection closed by 103.248.63.75 port 40410 [preauth]
May  8 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Failed password for invalid user gitlab from 103.248.63.75 port 40420 ssh2
May  8 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Connection closed by 103.248.63.75 port 40420 [preauth]
May  8 06:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: Invalid user hadoop from 103.248.63.75
May  8 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: input_userauth_request: invalid user hadoop [preauth]
May  8 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: Failed password for root from 103.248.63.75 port 40426 ssh2
May  8 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12114]: Connection closed by 103.248.63.75 port 40426 [preauth]
May  8 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8736]: pam_unix(cron:session): session closed for user root
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Invalid user tools from 103.248.63.75
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: input_userauth_request: invalid user tools [preauth]
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: Failed password for invalid user hadoop from 103.248.63.75 port 40430 ssh2
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session closed for user samftp
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12215]: Connection closed by 103.248.63.75 port 40430 [preauth]
May  8 06:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Invalid user admin from 103.248.63.75
May  8 06:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: input_userauth_request: invalid user admin [preauth]
May  8 06:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Failed password for invalid user tools from 103.248.63.75 port 40436 ssh2
May  8 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12234]: Connection closed by 103.248.63.75 port 40436 [preauth]
May  8 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Invalid user www from 103.248.63.75
May  8 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: input_userauth_request: invalid user www [preauth]
May  8 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Failed password for invalid user admin from 103.248.63.75 port 52776 ssh2
May  8 06:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12263]: Connection closed by 103.248.63.75 port 52776 [preauth]
May  8 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Failed password for invalid user www from 103.248.63.75 port 52778 ssh2
May  8 06:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12274]: Connection closed by 103.248.63.75 port 52778 [preauth]
May  8 06:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: Failed password for root from 103.248.63.75 port 52794 ssh2
May  8 06:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12276]: Connection closed by 103.248.63.75 port 52794 [preauth]
May  8 06:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Invalid user es from 103.248.63.75
May  8 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: input_userauth_request: invalid user es [preauth]
May  8 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Failed password for root from 103.248.63.75 port 52798 ssh2
May  8 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Connection closed by 103.248.63.75 port 52798 [preauth]
May  8 06:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Failed password for invalid user es from 103.248.63.75 port 52822 ssh2
May  8 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12313]: Connection closed by 103.248.63.75 port 52822 [preauth]
May  8 06:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Invalid user oracle from 103.248.63.75
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: input_userauth_request: invalid user oracle [preauth]
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Failed password for root from 103.248.63.75 port 52824 ssh2
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12315]: Connection closed by 103.248.63.75 port 52824 [preauth]
May  8 06:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Invalid user uftp from 103.248.63.75
May  8 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: input_userauth_request: invalid user uftp [preauth]
May  8 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Failed password for invalid user oracle from 103.248.63.75 port 64084 ssh2
May  8 06:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12317]: Connection closed by 103.248.63.75 port 64084 [preauth]
May  8 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Invalid user flink from 103.248.63.75
May  8 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: input_userauth_request: invalid user flink [preauth]
May  8 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Failed password for invalid user uftp from 103.248.63.75 port 64090 ssh2
May  8 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12332]: Connection closed by 103.248.63.75 port 64090 [preauth]
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Invalid user gitlab-runner from 103.248.63.75
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: input_userauth_request: invalid user gitlab-runner [preauth]
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Failed password for invalid user flink from 103.248.63.75 port 64102 ssh2
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12334]: Connection closed by 103.248.63.75 port 64102 [preauth]
May  8 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: Invalid user es from 103.248.63.75
May  8 06:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: input_userauth_request: invalid user es [preauth]
May  8 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Failed password for invalid user gitlab-runner from 103.248.63.75 port 64116 ssh2
May  8 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12336]: Connection closed by 103.248.63.75 port 64116 [preauth]
May  8 06:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Invalid user oracle from 103.248.63.75
May  8 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: input_userauth_request: invalid user oracle [preauth]
May  8 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: Failed password for invalid user es from 103.248.63.75 port 64128 ssh2
May  8 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12361]: Connection closed by 103.248.63.75 port 64128 [preauth]
May  8 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Invalid user ubnt from 103.248.63.75
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: input_userauth_request: invalid user ubnt [preauth]
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Failed password for invalid user oracle from 103.248.63.75 port 64134 ssh2
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12364]: Connection closed by 103.248.63.75 port 64134 [preauth]
May  8 06:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Invalid user nvidia from 103.248.63.75
May  8 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: input_userauth_request: invalid user nvidia [preauth]
May  8 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Failed password for invalid user ubnt from 103.248.63.75 port 51522 ssh2
May  8 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Connection closed by 103.248.63.75 port 51522 [preauth]
May  8 06:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Failed password for invalid user nvidia from 103.248.63.75 port 51532 ssh2
May  8 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12375]: Connection closed by 103.248.63.75 port 51532 [preauth]
May  8 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user root
May  8 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Failed password for root from 103.248.63.75 port 51538 ssh2
May  8 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12378]: Connection closed by 103.248.63.75 port 51538 [preauth]
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: Invalid user developer from 103.248.63.75
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: input_userauth_request: invalid user developer [preauth]
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Failed password for root from 103.248.63.75 port 51542 ssh2
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12380]: Connection closed by 103.248.63.75 port 51542 [preauth]
May  8 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: Failed password for invalid user developer from 103.248.63.75 port 51546 ssh2
May  8 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12407]: Connection closed by 103.248.63.75 port 51546 [preauth]
May  8 06:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: User ftp from 103.248.63.75 not allowed because not listed in AllowUsers
May  8 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: input_userauth_request: invalid user ftp [preauth]
May  8 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12412]: Failed password for root from 103.248.63.75 port 51554 ssh2
May  8 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=ftp
May  8 06:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12412]: Connection closed by 103.248.63.75 port 51554 [preauth]
May  8 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Invalid user mongodb from 103.248.63.75
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: input_userauth_request: invalid user mongodb [preauth]
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Failed password for invalid user ftp from 103.248.63.75 port 40414 ssh2
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12414]: Connection closed by 103.248.63.75 port 40414 [preauth]
May  8 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: Invalid user mongodb from 103.248.63.75
May  8 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: input_userauth_request: invalid user mongodb [preauth]
May  8 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Failed password for invalid user mongodb from 103.248.63.75 port 40416 ssh2
May  8 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12417]: Connection closed by 103.248.63.75 port 40416 [preauth]
May  8 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Invalid user app from 103.248.63.75
May  8 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: input_userauth_request: invalid user app [preauth]
May  8 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: Failed password for invalid user mongodb from 103.248.63.75 port 40422 ssh2
May  8 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12427]: Connection closed by 103.248.63.75 port 40422 [preauth]
May  8 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Failed password for invalid user app from 103.248.63.75 port 40432 ssh2
May  8 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Connection closed by 103.248.63.75 port 40432 [preauth]
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Invalid user www from 103.248.63.75
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: input_userauth_request: invalid user www [preauth]
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Failed password for root from 103.248.63.75 port 40444 ssh2
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12443]: Connection closed by 103.248.63.75 port 40444 [preauth]
May  8 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Invalid user sonar from 103.248.63.75
May  8 06:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: input_userauth_request: invalid user sonar [preauth]
May  8 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Failed password for invalid user www from 103.248.63.75 port 40458 ssh2
May  8 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Connection closed by 103.248.63.75 port 40458 [preauth]
May  8 06:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Invalid user elasticsearch from 103.248.63.75
May  8 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Failed password for invalid user sonar from 103.248.63.75 port 52626 ssh2
May  8 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12455]: Connection closed by 103.248.63.75 port 52626 [preauth]
May  8 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Invalid user docker from 103.248.63.75
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: input_userauth_request: invalid user docker [preauth]
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Failed password for invalid user elasticsearch from 103.248.63.75 port 52638 ssh2
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12457]: Connection closed by 103.248.63.75 port 52638 [preauth]
May  8 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Failed password for invalid user docker from 103.248.63.75 port 52648 ssh2
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12468]: Connection closed by 103.248.63.75 port 52648 [preauth]
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Invalid user postgres from 103.248.63.75
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: input_userauth_request: invalid user postgres [preauth]
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Failed password for root from 103.248.63.75 port 52652 ssh2
May  8 06:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12471]: Connection closed by 103.248.63.75 port 52652 [preauth]
May  8 06:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Invalid user dev from 103.248.63.75
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: input_userauth_request: invalid user dev [preauth]
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Failed password for invalid user postgres from 103.248.63.75 port 52664 ssh2
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Connection closed by 103.248.63.75 port 52664 [preauth]
May  8 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Invalid user guest from 103.248.63.75
May  8 06:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: input_userauth_request: invalid user guest [preauth]
May  8 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Failed password for invalid user dev from 103.248.63.75 port 52668 ssh2
May  8 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Connection closed by 103.248.63.75 port 52668 [preauth]
May  8 06:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Invalid user tomcat from 103.248.63.75
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: input_userauth_request: invalid user tomcat [preauth]
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12499]: pam_unix(cron:session): session closed for user p13x
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12558]: Successful su for rubyman by root
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12558]: + ??? root:rubyman
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12558]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351567 of user rubyman.
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12558]: pam_unix(su:session): session closed for user rubyman
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351567.
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Failed password for invalid user guest from 103.248.63.75 port 60508 ssh2
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12485]: Connection closed by 103.248.63.75 port 60508 [preauth]
May  8 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Invalid user elsearch from 103.248.63.75
May  8 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: input_userauth_request: invalid user elsearch [preauth]
May  8 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Failed password for invalid user tomcat from 103.248.63.75 port 60524 ssh2
May  8 06:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12487]: Connection closed by 103.248.63.75 port 60524 [preauth]
May  8 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9303]: pam_unix(cron:session): session closed for user root
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Invalid user git from 103.248.63.75
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: input_userauth_request: invalid user git [preauth]
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Failed password for invalid user elsearch from 103.248.63.75 port 60530 ssh2
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12580]: Connection closed by 103.248.63.75 port 60530 [preauth]
May  8 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user samftp
May  8 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Invalid user vagrant from 103.248.63.75
May  8 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: input_userauth_request: invalid user vagrant [preauth]
May  8 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Failed password for invalid user git from 103.248.63.75 port 60540 ssh2
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12670]: Connection closed by 103.248.63.75 port 60540 [preauth]
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Failed password for invalid user vagrant from 103.248.63.75 port 60556 ssh2
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Invalid user esuser from 103.248.63.75
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: input_userauth_request: invalid user esuser [preauth]
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12725]: Connection closed by 103.248.63.75 port 60556 [preauth]
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Invalid user ftpuser from 103.248.63.75
May  8 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: input_userauth_request: invalid user ftpuser [preauth]
May  8 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Failed password for invalid user esuser from 103.248.63.75 port 49322 ssh2
May  8 06:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12746]: Connection closed by 103.248.63.75 port 49322 [preauth]
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Invalid user esuser from 103.248.63.75
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: input_userauth_request: invalid user esuser [preauth]
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Failed password for invalid user ftpuser from 103.248.63.75 port 53948 ssh2
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12748]: Connection closed by 103.248.63.75 port 53948 [preauth]
May  8 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Failed password for invalid user esuser from 103.248.63.75 port 53956 ssh2
May  8 06:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12750]: Connection closed by 103.248.63.75 port 53956 [preauth]
May  8 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: Invalid user worker from 103.248.63.75
May  8 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: input_userauth_request: invalid user worker [preauth]
May  8 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Failed password for root from 103.248.63.75 port 53986 ssh2
May  8 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12760]: Connection closed by 103.248.63.75 port 53986 [preauth]
May  8 06:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Invalid user ftpuser from 103.248.63.75
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: input_userauth_request: invalid user ftpuser [preauth]
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: Failed password for invalid user worker from 103.248.63.75 port 54012 ssh2
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12774]: Connection closed by 103.248.63.75 port 54012 [preauth]
May  8 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Invalid user admin from 103.248.63.75
May  8 06:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: input_userauth_request: invalid user admin [preauth]
May  8 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Failed password for invalid user ftpuser from 103.248.63.75 port 54022 ssh2
May  8 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12776]: Connection closed by 103.248.63.75 port 54022 [preauth]
May  8 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Invalid user steam from 103.248.63.75
May  8 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: input_userauth_request: invalid user steam [preauth]
May  8 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Failed password for invalid user admin from 103.248.63.75 port 41472 ssh2
May  8 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12786]: Connection closed by 103.248.63.75 port 41472 [preauth]
May  8 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Invalid user es from 103.248.63.75
May  8 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: input_userauth_request: invalid user es [preauth]
May  8 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Failed password for invalid user steam from 103.248.63.75 port 41484 ssh2
May  8 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12788]: Connection closed by 103.248.63.75 port 41484 [preauth]
May  8 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Failed password for invalid user es from 103.248.63.75 port 41496 ssh2
May  8 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12791]: Connection closed by 103.248.63.75 port 41496 [preauth]
May  8 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Invalid user deploy from 103.248.63.75
May  8 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: input_userauth_request: invalid user deploy [preauth]
May  8 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Failed password for root from 103.248.63.75 port 41504 ssh2
May  8 06:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12803]: Connection closed by 103.248.63.75 port 41504 [preauth]
May  8 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Failed password for invalid user deploy from 103.248.63.75 port 41514 ssh2
May  8 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Invalid user demo from 103.248.63.75
May  8 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: input_userauth_request: invalid user demo [preauth]
May  8 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12805]: Connection closed by 103.248.63.75 port 41514 [preauth]
May  8 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Invalid user deploy from 103.248.63.75
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: input_userauth_request: invalid user deploy [preauth]
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Failed password for invalid user demo from 103.248.63.75 port 41528 ssh2
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12820]: Connection closed by 103.248.63.75 port 41528 [preauth]
May  8 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Invalid user dev from 103.248.63.75
May  8 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: input_userauth_request: invalid user dev [preauth]
May  8 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Failed password for invalid user deploy from 103.248.63.75 port 29866 ssh2
May  8 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Connection closed by 103.248.63.75 port 29866 [preauth]
May  8 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Invalid user oscar from 103.248.63.75
May  8 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: input_userauth_request: invalid user oscar [preauth]
May  8 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Failed password for invalid user dev from 103.248.63.75 port 29874 ssh2
May  8 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Connection closed by 103.248.63.75 port 29874 [preauth]
May  8 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Invalid user dolphinscheduler from 103.248.63.75
May  8 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Failed password for invalid user oscar from 103.248.63.75 port 29882 ssh2
May  8 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11317]: pam_unix(cron:session): session closed for user root
May  8 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12834]: Connection closed by 103.248.63.75 port 29882 [preauth]
May  8 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Invalid user pi from 103.248.63.75
May  8 06:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: input_userauth_request: invalid user pi [preauth]
May  8 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Failed password for invalid user dolphinscheduler from 103.248.63.75 port 29894 ssh2
May  8 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12836]: Connection closed by 103.248.63.75 port 29894 [preauth]
May  8 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Invalid user dev from 103.248.63.75
May  8 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: input_userauth_request: invalid user dev [preauth]
May  8 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Failed password for invalid user pi from 103.248.63.75 port 29902 ssh2
May  8 06:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Connection closed by 103.248.63.75 port 29902 [preauth]
May  8 06:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Failed password for invalid user dev from 103.248.63.75 port 29910 ssh2
May  8 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Invalid user oceanbase from 103.248.63.75
May  8 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: input_userauth_request: invalid user oceanbase [preauth]
May  8 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12869]: Connection closed by 103.248.63.75 port 29910 [preauth]
May  8 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Invalid user lighthouse from 103.248.63.75
May  8 06:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: input_userauth_request: invalid user lighthouse [preauth]
May  8 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Failed password for invalid user oceanbase from 103.248.63.75 port 26044 ssh2
May  8 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12871]: Connection closed by 103.248.63.75 port 26044 [preauth]
May  8 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Failed password for invalid user lighthouse from 103.248.63.75 port 26046 ssh2
May  8 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12882]: Connection closed by 103.248.63.75 port 26046 [preauth]
May  8 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Failed password for root from 103.248.63.75 port 26052 ssh2
May  8 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12884]: Connection closed by 103.248.63.75 port 26052 [preauth]
May  8 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Failed password for root from 103.248.63.75 port 26056 ssh2
May  8 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12886]: Connection closed by 103.248.63.75 port 26056 [preauth]
May  8 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Failed password for root from 103.248.63.75 port 26066 ssh2
May  8 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12908]: Connection closed by 103.248.63.75 port 26066 [preauth]
May  8 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Invalid user user from 103.248.63.75
May  8 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: input_userauth_request: invalid user user [preauth]
May  8 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12910]: Failed password for root from 103.248.63.75 port 26078 ssh2
May  8 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12910]: Connection closed by 103.248.63.75 port 26078 [preauth]
May  8 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Failed password for invalid user user from 103.248.63.75 port 51512 ssh2
May  8 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12912]: Connection closed by 103.248.63.75 port 51512 [preauth]
May  8 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Invalid user svnuser from 103.248.63.75
May  8 06:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: input_userauth_request: invalid user svnuser [preauth]
May  8 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Failed password for root from 103.248.63.75 port 51522 ssh2
May  8 06:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12922]: Connection closed by 103.248.63.75 port 51522 [preauth]
May  8 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: Invalid user ftpuser from 103.248.63.75
May  8 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: input_userauth_request: invalid user ftpuser [preauth]
May  8 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Failed password for invalid user svnuser from 103.248.63.75 port 51524 ssh2
May  8 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12925]: Connection closed by 103.248.63.75 port 51524 [preauth]
May  8 06:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: Invalid user ubuntu from 103.248.63.75
May  8 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: input_userauth_request: invalid user ubuntu [preauth]
May  8 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: Failed password for invalid user ftpuser from 103.248.63.75 port 51536 ssh2
May  8 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12927]: Connection closed by 103.248.63.75 port 51536 [preauth]
May  8 06:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: Failed password for invalid user ubuntu from 103.248.63.75 port 51546 ssh2
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12937]: Connection closed by 103.248.63.75 port 51546 [preauth]
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Invalid user admin from 80.94.95.112
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: input_userauth_request: invalid user admin [preauth]
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Invalid user esadmin from 103.248.63.75
May  8 06:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: input_userauth_request: invalid user esadmin [preauth]
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Failed password for root from 103.248.63.75 port 51548 ssh2
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for invalid user admin from 80.94.95.112 port 50806 ssh2
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12939]: Connection closed by 103.248.63.75 port 51548 [preauth]
May  8 06:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12958]: pam_unix(cron:session): session closed for user p13x
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13022]: Successful su for rubyman by root
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13022]: + ??? root:rubyman
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351571 of user rubyman.
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13022]: pam_unix(su:session): session closed for user rubyman
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351571.
May  8 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Failed password for invalid user esadmin from 103.248.63.75 port 51526 ssh2
May  8 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12944]: Connection closed by 103.248.63.75 port 51526 [preauth]
May  8 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for invalid user admin from 80.94.95.112 port 50806 ssh2
May  8 06:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Invalid user flask from 103.248.63.75
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: input_userauth_request: invalid user flask [preauth]
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: Failed password for root from 103.248.63.75 port 51528 ssh2
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12954]: Connection closed by 103.248.63.75 port 51528 [preauth]
May  8 06:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Invalid user deploy from 103.248.63.75
May  8 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: input_userauth_request: invalid user deploy [preauth]
May  8 06:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for invalid user admin from 80.94.95.112 port 50806 ssh2
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9724]: pam_unix(cron:session): session closed for user root
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Failed password for invalid user flask from 103.248.63.75 port 51532 ssh2
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13061]: Connection closed by 103.248.63.75 port 51532 [preauth]
May  8 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12959]: pam_unix(cron:session): session closed for user samftp
May  8 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for invalid user admin from 80.94.95.112 port 50806 ssh2
May  8 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Failed password for invalid user deploy from 103.248.63.75 port 51538 ssh2
May  8 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13143]: Connection closed by 103.248.63.75 port 51538 [preauth]
May  8 06:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Failed password for invalid user admin from 80.94.95.112 port 50806 ssh2
May  8 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Received disconnect from 80.94.95.112 port 50806:11: Bye [preauth]
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: Disconnected from 80.94.95.112 port 50806 [preauth]
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12941]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Failed password for root from 103.248.63.75 port 51552 ssh2
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13198]: Connection closed by 103.248.63.75 port 51552 [preauth]
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: Invalid user oracle from 103.248.63.75
May  8 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: input_userauth_request: invalid user oracle [preauth]
May  8 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: Failed password for root from 103.248.63.75 port 61066 ssh2
May  8 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13214]: Connection closed by 103.248.63.75 port 61066 [preauth]
May  8 06:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Invalid user rabbitmq from 103.248.63.75
May  8 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: input_userauth_request: invalid user rabbitmq [preauth]
May  8 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: Failed password for invalid user oracle from 103.248.63.75 port 61068 ssh2
May  8 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13216]: Connection closed by 103.248.63.75 port 61068 [preauth]
May  8 06:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Failed password for invalid user rabbitmq from 103.248.63.75 port 61072 ssh2
May  8 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13226]: Connection closed by 103.248.63.75 port 61072 [preauth]
May  8 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Failed password for root from 103.248.63.75 port 61076 ssh2
May  8 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13228]: Connection closed by 103.248.63.75 port 61076 [preauth]
May  8 06:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13242]: Failed password for root from 103.248.63.75 port 61088 ssh2
May  8 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13242]: Connection closed by 103.248.63.75 port 61088 [preauth]
May  8 06:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for root from 103.248.63.75 port 61104 ssh2
May  8 06:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Connection closed by 103.248.63.75 port 61104 [preauth]
May  8 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Invalid user wang from 103.248.63.75
May  8 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: input_userauth_request: invalid user wang [preauth]
May  8 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Failed password for root from 103.248.63.75 port 40404 ssh2
May  8 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13255]: Connection closed by 103.248.63.75 port 40404 [preauth]
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: Invalid user hadoop from 103.248.63.75
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: input_userauth_request: invalid user hadoop [preauth]
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for invalid user wang from 103.248.63.75 port 40406 ssh2
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 103.248.63.75 port 40406 [preauth]
May  8 06:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: Failed password for invalid user hadoop from 103.248.63.75 port 40422 ssh2
May  8 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13269]: Connection closed by 103.248.63.75 port 40422 [preauth]
May  8 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Invalid user elasticsearch from 103.248.63.75
May  8 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: Failed password for root from 103.248.63.75 port 40424 ssh2
May  8 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13272]: Connection closed by 103.248.63.75 port 40424 [preauth]
May  8 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: User ftp from 103.248.63.75 not allowed because not listed in AllowUsers
May  8 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: input_userauth_request: invalid user ftp [preauth]
May  8 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=ftp
May  8 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Failed password for invalid user elasticsearch from 103.248.63.75 port 40426 ssh2
May  8 06:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13291]: Connection closed by 103.248.63.75 port 40426 [preauth]
May  8 06:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: Invalid user uftp from 103.248.63.75
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: input_userauth_request: invalid user uftp [preauth]
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Failed password for invalid user ftp from 103.248.63.75 port 40440 ssh2
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13297]: Connection closed by 103.248.63.75 port 40440 [preauth]
May  8 06:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: Invalid user awsgui from 103.248.63.75
May  8 06:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: input_userauth_request: invalid user awsgui [preauth]
May  8 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: Failed password for invalid user uftp from 103.248.63.75 port 40408 ssh2
May  8 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13304]: Connection closed by 103.248.63.75 port 40408 [preauth]
May  8 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: Failed password for invalid user awsgui from 103.248.63.75 port 40410 ssh2
May  8 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Invalid user dolphinscheduler from 103.248.63.75
May  8 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13307]: Connection closed by 103.248.63.75 port 40410 [preauth]
May  8 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session closed for user root
May  8 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Failed password for invalid user dolphinscheduler from 103.248.63.75 port 40414 ssh2
May  8 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13309]: Connection closed by 103.248.63.75 port 40414 [preauth]
May  8 06:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Invalid user yarn from 103.248.63.75
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: input_userauth_request: invalid user yarn [preauth]
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13320]: Failed password for root from 103.248.63.75 port 40430 ssh2
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13320]: Connection closed by 103.248.63.75 port 40430 [preauth]
May  8 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Invalid user test2 from 103.248.63.75
May  8 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: input_userauth_request: invalid user test2 [preauth]
May  8 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Failed password for invalid user yarn from 103.248.63.75 port 40442 ssh2
May  8 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Connection closed by 103.248.63.75 port 40442 [preauth]
May  8 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Invalid user oracle from 103.248.63.75
May  8 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: input_userauth_request: invalid user oracle [preauth]
May  8 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Failed password for invalid user test2 from 103.248.63.75 port 40454 ssh2
May  8 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13345]: Connection closed by 103.248.63.75 port 40454 [preauth]
May  8 06:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Invalid user guest from 103.248.63.75
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: input_userauth_request: invalid user guest [preauth]
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Failed password for invalid user oracle from 103.248.63.75 port 22990 ssh2
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13355]: Connection closed by 103.248.63.75 port 22990 [preauth]
May  8 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Invalid user wang from 103.248.63.75
May  8 06:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: input_userauth_request: invalid user wang [preauth]
May  8 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Failed password for invalid user guest from 103.248.63.75 port 23002 ssh2
May  8 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Connection closed by 103.248.63.75 port 23002 [preauth]
May  8 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Failed password for invalid user wang from 103.248.63.75 port 23024 ssh2
May  8 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Invalid user www from 103.248.63.75
May  8 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: input_userauth_request: invalid user www [preauth]
May  8 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Connection closed by 103.248.63.75 port 23024 [preauth]
May  8 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Failed password for invalid user www from 103.248.63.75 port 23048 ssh2
May  8 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Connection closed by 103.248.63.75 port 23048 [preauth]
May  8 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Invalid user nexus from 103.248.63.75
May  8 06:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: input_userauth_request: invalid user nexus [preauth]
May  8 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Failed password for root from 103.248.63.75 port 23060 ssh2
May  8 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13386]: Connection closed by 103.248.63.75 port 23060 [preauth]
May  8 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Invalid user app from 103.248.63.75
May  8 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: input_userauth_request: invalid user app [preauth]
May  8 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Failed password for invalid user nexus from 103.248.63.75 port 23084 ssh2
May  8 06:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13388]: Connection closed by 103.248.63.75 port 23084 [preauth]
May  8 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: Invalid user nvidia from 103.248.63.75
May  8 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: input_userauth_request: invalid user nvidia [preauth]
May  8 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Failed password for invalid user app from 103.248.63.75 port 52178 ssh2
May  8 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Connection closed by 103.248.63.75 port 52178 [preauth]
May  8 06:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: Failed password for invalid user nvidia from 103.248.63.75 port 52182 ssh2
May  8 06:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13401]: Connection closed by 103.248.63.75 port 52182 [preauth]
May  8 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75  user=root
May  8 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Failed password for root from 103.248.63.75 port 52198 ssh2
May  8 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13403]: Connection closed by 103.248.63.75 port 52198 [preauth]
May  8 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Failed password for root from 103.248.63.75 port 52212 ssh2
May  8 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13415]: Connection closed by 103.248.63.75 port 52212 [preauth]
May  8 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Invalid user es from 103.248.63.75
May  8 06:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: input_userauth_request: invalid user es [preauth]
May  8 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Invalid user sugi from 103.248.63.75
May  8 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: input_userauth_request: invalid user sugi [preauth]
May  8 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.63.75
May  8 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Failed password for invalid user es from 103.248.63.75 port 52222 ssh2
May  8 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Connection closed by 103.248.63.75 port 52222 [preauth]
May  8 06:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Failed password for invalid user sugi from 103.248.63.75 port 17250 ssh2
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13419]: Connection closed by 103.248.63.75 port 17250 [preauth]
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13432]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13431]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13431]: pam_unix(cron:session): session closed for user p13x
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: Successful su for rubyman by root
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: + ??? root:rubyman
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351576 of user rubyman.
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13590]: pam_unix(su:session): session closed for user rubyman
May  8 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351576.
May  8 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10196]: pam_unix(cron:session): session closed for user root
May  8 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13432]: pam_unix(cron:session): session closed for user samftp
May  8 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session closed for user root
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13936]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13936]: pam_unix(cron:session): session closed for user root
May  8 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session closed for user p13x
May  8 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: Successful su for rubyman by root
May  8 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: + ??? root:rubyman
May  8 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351579 of user rubyman.
May  8 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14009]: pam_unix(su:session): session closed for user rubyman
May  8 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351579.
May  8 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13933]: pam_unix(cron:session): session closed for user root
May  8 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
May  8 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session closed for user samftp
May  8 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12961]: pam_unix(cron:session): session closed for user root
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14378]: pam_unix(cron:session): session closed for user p13x
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: Successful su for rubyman by root
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: + ??? root:rubyman
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351585 of user rubyman.
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14444]: pam_unix(su:session): session closed for user rubyman
May  8 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351585.
May  8 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11316]: pam_unix(cron:session): session closed for user root
May  8 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14379]: pam_unix(cron:session): session closed for user samftp
May  8 06:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  8 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: Failed password for root from 46.244.96.25 port 47644 ssh2
May  8 06:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14642]: Connection closed by 46.244.96.25 port 47644 [preauth]
May  8 06:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: Invalid user adm from 80.94.95.116
May  8 06:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: input_userauth_request: invalid user adm [preauth]
May  8 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: Failed password for invalid user adm from 80.94.95.116 port 20342 ssh2
May  8 06:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14684]: Connection closed by 80.94.95.116 port 20342 [preauth]
May  8 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13434]: pam_unix(cron:session): session closed for user root
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14791]: pam_unix(cron:session): session closed for user p13x
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: Successful su for rubyman by root
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: + ??? root:rubyman
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351589 of user rubyman.
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14851]: pam_unix(su:session): session closed for user rubyman
May  8 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351589.
May  8 06:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session closed for user root
May  8 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14792]: pam_unix(cron:session): session closed for user samftp
May  8 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Invalid user ftpuser from 122.54.18.220
May  8 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: input_userauth_request: invalid user ftpuser [preauth]
May  8 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Failed password for invalid user ftpuser from 122.54.18.220 port 40478 ssh2
May  8 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Received disconnect from 122.54.18.220 port 40478:11: Bye Bye [preauth]
May  8 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15058]: Disconnected from 122.54.18.220 port 40478 [preauth]
May  8 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13935]: pam_unix(cron:session): session closed for user root
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15192]: pam_unix(cron:session): session closed for user p13x
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: Successful su for rubyman by root
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: + ??? root:rubyman
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351593 of user rubyman.
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15254]: pam_unix(su:session): session closed for user rubyman
May  8 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351593.
May  8 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session closed for user root
May  8 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15193]: pam_unix(cron:session): session closed for user samftp
May  8 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Invalid user storage from 164.68.105.9
May  8 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: input_userauth_request: invalid user storage [preauth]
May  8 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Failed password for invalid user storage from 164.68.105.9 port 55122 ssh2
May  8 06:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15437]: Connection closed by 164.68.105.9 port 55122 [preauth]
May  8 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14382]: pam_unix(cron:session): session closed for user root
May  8 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15587]: pam_unix(cron:session): session closed for user p13x
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15714]: Successful su for rubyman by root
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15714]: + ??? root:rubyman
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351596 of user rubyman.
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15714]: pam_unix(su:session): session closed for user rubyman
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351596.
May  8 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15585]: pam_unix(cron:session): session closed for user root
May  8 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12960]: pam_unix(cron:session): session closed for user root
May  8 06:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15588]: pam_unix(cron:session): session closed for user samftp
May  8 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14794]: pam_unix(cron:session): session closed for user root
May  8 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 06:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 80.94.95.125 port 34342 ssh2
May  8 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 80.94.95.125 port 34342 ssh2
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16077]: pam_unix(cron:session): session closed for user root
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session closed for user p13x
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16141]: Successful su for rubyman by root
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16141]: + ??? root:rubyman
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351604 of user rubyman.
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16141]: pam_unix(su:session): session closed for user rubyman
May  8 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351604.
May  8 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 80.94.95.125 port 34342 ssh2
May  8 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16074]: pam_unix(cron:session): session closed for user root
May  8 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13433]: pam_unix(cron:session): session closed for user root
May  8 06:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 80.94.95.125 port 34342 ssh2
May  8 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user samftp
May  8 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Failed password for root from 80.94.95.125 port 34342 ssh2
May  8 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Received disconnect from 80.94.95.125 port 34342:11: Bye [preauth]
May  8 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: Disconnected from 80.94.95.125 port 34342 [preauth]
May  8 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16061]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Failed password for root from 80.94.95.241 port 62880 ssh2
May  8 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 62880 ssh2]
May  8 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Received disconnect from 80.94.95.241 port 62880:11: Bye [preauth]
May  8 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: Disconnected from 80.94.95.241 port 62880 [preauth]
May  8 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 06:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16312]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session closed for user root
May  8 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16514]: pam_unix(cron:session): session closed for user p13x
May  8 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: Successful su for rubyman by root
May  8 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: + ??? root:rubyman
May  8 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351609 of user rubyman.
May  8 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16600]: pam_unix(su:session): session closed for user rubyman
May  8 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351609.
May  8 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13934]: pam_unix(cron:session): session closed for user root
May  8 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16515]: pam_unix(cron:session): session closed for user samftp
May  8 06:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Invalid user thomas from 193.70.84.184
May  8 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: input_userauth_request: invalid user thomas [preauth]
May  8 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Failed password for invalid user thomas from 193.70.84.184 port 42170 ssh2
May  8 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16856]: Connection closed by 193.70.84.184 port 42170 [preauth]
May  8 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15590]: pam_unix(cron:session): session closed for user root
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16978]: pam_unix(cron:session): session closed for user p13x
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17040]: Successful su for rubyman by root
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17040]: + ??? root:rubyman
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17040]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351611 of user rubyman.
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17040]: pam_unix(su:session): session closed for user rubyman
May  8 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351611.
May  8 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14380]: pam_unix(cron:session): session closed for user root
May  8 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16979]: pam_unix(cron:session): session closed for user samftp
May  8 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16076]: pam_unix(cron:session): session closed for user root
May  8 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17382]: pam_unix(cron:session): session closed for user p13x
May  8 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: Successful su for rubyman by root
May  8 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: + ??? root:rubyman
May  8 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351615 of user rubyman.
May  8 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17448]: pam_unix(su:session): session closed for user rubyman
May  8 06:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351615.
May  8 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14793]: pam_unix(cron:session): session closed for user root
May  8 06:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17383]: pam_unix(cron:session): session closed for user samftp
May  8 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user root
May  8 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17906]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17906]: pam_unix(cron:session): session closed for user p13x
May  8 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17974]: Successful su for rubyman by root
May  8 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17974]: + ??? root:rubyman
May  8 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351621 of user rubyman.
May  8 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17974]: pam_unix(su:session): session closed for user rubyman
May  8 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351621.
May  8 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15194]: pam_unix(cron:session): session closed for user root
May  8 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17907]: pam_unix(cron:session): session closed for user samftp
May  8 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Invalid user oliver from 122.54.18.220
May  8 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: input_userauth_request: invalid user oliver [preauth]
May  8 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Failed password for invalid user oliver from 122.54.18.220 port 34190 ssh2
May  8 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Received disconnect from 122.54.18.220 port 34190:11: Bye Bye [preauth]
May  8 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18192]: Disconnected from 122.54.18.220 port 34190 [preauth]
May  8 06:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Invalid user geosolutions from 80.94.95.241
May  8 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: input_userauth_request: invalid user geosolutions [preauth]
May  8 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for invalid user geosolutions from 80.94.95.241 port 63522 ssh2
May  8 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:44:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for invalid user geosolutions from 80.94.95.241 port 63522 ssh2
May  8 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Failed password for root from 218.92.0.204 port 34904 ssh2
May  8 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for invalid user geosolutions from 80.94.95.241 port 63522 ssh2
May  8 06:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for invalid user geosolutions from 80.94.95.241 port 63522 ssh2
May  8 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Failed password for root from 218.92.0.204 port 34904 ssh2
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Failed password for invalid user geosolutions from 80.94.95.241 port 63522 ssh2
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Received disconnect from 80.94.95.241 port 63522:11: Bye [preauth]
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: Disconnected from 80.94.95.241 port 63522 [preauth]
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18202]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session closed for user root
May  8 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Failed password for root from 218.92.0.204 port 34904 ssh2
May  8 06:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Failed password for root from 218.92.0.204 port 34904 ssh2
May  8 06:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Invalid user testssh from 50.235.31.47
May  8 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: input_userauth_request: invalid user testssh [preauth]
May  8 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Failed password for root from 218.92.0.204 port 34904 ssh2
May  8 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 34904 ssh2 [preauth]
May  8 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: Disconnecting: Too many authentication failures [preauth]
May  8 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18214]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Failed password for invalid user testssh from 50.235.31.47 port 45148 ssh2
May  8 06:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18274]: Connection closed by 50.235.31.47 port 45148 [preauth]
May  8 06:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18335]: pam_unix(cron:session): session closed for user root
May  8 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18330]: pam_unix(cron:session): session closed for user p13x
May  8 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18406]: Successful su for rubyman by root
May  8 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18406]: + ??? root:rubyman
May  8 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351628 of user rubyman.
May  8 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18406]: pam_unix(su:session): session closed for user rubyman
May  8 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351628.
May  8 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18332]: pam_unix(cron:session): session closed for user root
May  8 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15589]: pam_unix(cron:session): session closed for user root
May  8 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18331]: pam_unix(cron:session): session closed for user samftp
May  8 06:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Invalid user admin from 194.0.234.19
May  8 06:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: input_userauth_request: invalid user admin [preauth]
May  8 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 06:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Failed password for invalid user admin from 194.0.234.19 port 63668 ssh2
May  8 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18677]: Connection closed by 194.0.234.19 port 63668 [preauth]
May  8 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17385]: pam_unix(cron:session): session closed for user root
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session closed for user p13x
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18845]: Successful su for rubyman by root
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18845]: + ??? root:rubyman
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351631 of user rubyman.
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18845]: pam_unix(su:session): session closed for user rubyman
May  8 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351631.
May  8 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16075]: pam_unix(cron:session): session closed for user root
May  8 06:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session closed for user samftp
May  8 06:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17909]: pam_unix(cron:session): session closed for user root
May  8 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19189]: pam_unix(cron:session): session closed for user p13x
May  8 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19260]: Successful su for rubyman by root
May  8 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19260]: + ??? root:rubyman
May  8 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351633 of user rubyman.
May  8 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19260]: pam_unix(su:session): session closed for user rubyman
May  8 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351633.
May  8 06:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user root
May  8 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19190]: pam_unix(cron:session): session closed for user samftp
May  8 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18334]: pam_unix(cron:session): session closed for user root
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19599]: pam_unix(cron:session): session closed for user p13x
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19674]: Successful su for rubyman by root
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19674]: + ??? root:rubyman
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19674]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351639 of user rubyman.
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19674]: pam_unix(su:session): session closed for user rubyman
May  8 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351639.
May  8 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16980]: pam_unix(cron:session): session closed for user root
May  8 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19600]: pam_unix(cron:session): session closed for user samftp
May  8 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18778]: pam_unix(cron:session): session closed for user root
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20014]: pam_unix(cron:session): session closed for user p13x
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: Successful su for rubyman by root
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: + ??? root:rubyman
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351641 of user rubyman.
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20081]: pam_unix(su:session): session closed for user rubyman
May  8 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351641.
May  8 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17384]: pam_unix(cron:session): session closed for user root
May  8 06:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20015]: pam_unix(cron:session): session closed for user samftp
May  8 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19192]: pam_unix(cron:session): session closed for user root
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user root
May  8 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20418]: pam_unix(cron:session): session closed for user p13x
May  8 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: Successful su for rubyman by root
May  8 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: + ??? root:rubyman
May  8 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351647 of user rubyman.
May  8 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20495]: pam_unix(su:session): session closed for user rubyman
May  8 06:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351647.
May  8 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20420]: pam_unix(cron:session): session closed for user root
May  8 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17908]: pam_unix(cron:session): session closed for user root
May  8 06:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20419]: pam_unix(cron:session): session closed for user samftp
May  8 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19602]: pam_unix(cron:session): session closed for user root
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20858]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20858]: pam_unix(cron:session): session closed for user p13x
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20938]: Successful su for rubyman by root
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20938]: + ??? root:rubyman
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351651 of user rubyman.
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20938]: pam_unix(su:session): session closed for user rubyman
May  8 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351651.
May  8 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18333]: pam_unix(cron:session): session closed for user root
May  8 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session closed for user samftp
May  8 06:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Invalid user guest from 122.54.18.220
May  8 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: input_userauth_request: invalid user guest [preauth]
May  8 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Failed password for invalid user guest from 122.54.18.220 port 11500 ssh2
May  8 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Received disconnect from 122.54.18.220 port 11500:11: Bye Bye [preauth]
May  8 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21130]: Disconnected from 122.54.18.220 port 11500 [preauth]
May  8 06:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20017]: pam_unix(cron:session): session closed for user root
May  8 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21310]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21309]: pam_unix(cron:session): session closed for user p13x
May  8 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: Successful su for rubyman by root
May  8 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: + ??? root:rubyman
May  8 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351657 of user rubyman.
May  8 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21373]: pam_unix(su:session): session closed for user rubyman
May  8 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351657.
May  8 06:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18777]: pam_unix(cron:session): session closed for user root
May  8 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21310]: pam_unix(cron:session): session closed for user samftp
May  8 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session closed for user root
May  8 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Invalid user fiscal from 190.103.202.7
May  8 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: input_userauth_request: invalid user fiscal [preauth]
May  8 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Failed password for invalid user fiscal from 190.103.202.7 port 58464 ssh2
May  8 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21707]: Connection closed by 190.103.202.7 port 58464 [preauth]
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21743]: pam_unix(cron:session): session closed for user p13x
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: Successful su for rubyman by root
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: + ??? root:rubyman
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351660 of user rubyman.
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22082]: pam_unix(su:session): session closed for user rubyman
May  8 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351660.
May  8 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19191]: pam_unix(cron:session): session closed for user root
May  8 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21744]: pam_unix(cron:session): session closed for user samftp
May  8 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20865]: pam_unix(cron:session): session closed for user root
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22492]: pam_unix(cron:session): session closed for user p13x
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: Successful su for rubyman by root
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: + ??? root:rubyman
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351664 of user rubyman.
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22565]: pam_unix(su:session): session closed for user rubyman
May  8 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351664.
May  8 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session closed for user root
May  8 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session closed for user samftp
May  8 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21312]: pam_unix(cron:session): session closed for user root
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session closed for user root
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22933]: pam_unix(cron:session): session closed for user p13x
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23033]: Successful su for rubyman by root
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23033]: + ??? root:rubyman
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23033]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351670 of user rubyman.
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23033]: pam_unix(su:session): session closed for user rubyman
May  8 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351670.
May  8 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22959]: pam_unix(cron:session): session closed for user root
May  8 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20016]: pam_unix(cron:session): session closed for user root
May  8 06:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22934]: pam_unix(cron:session): session closed for user samftp
May  8 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21746]: pam_unix(cron:session): session closed for user root
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23493]: pam_unix(cron:session): session closed for user p13x
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: Successful su for rubyman by root
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: + ??? root:rubyman
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351673 of user rubyman.
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23560]: pam_unix(su:session): session closed for user rubyman
May  8 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351673.
May  8 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20422]: pam_unix(cron:session): session closed for user root
May  8 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23494]: pam_unix(cron:session): session closed for user samftp
May  8 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22495]: pam_unix(cron:session): session closed for user root
May  8 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24022]: pam_unix(cron:session): session closed for user p13x
May  8 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: Successful su for rubyman by root
May  8 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: + ??? root:rubyman
May  8 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351677 of user rubyman.
May  8 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24086]: pam_unix(su:session): session closed for user rubyman
May  8 06:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351677.
May  8 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user root
May  8 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24023]: pam_unix(cron:session): session closed for user samftp
May  8 06:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22961]: pam_unix(cron:session): session closed for user root
May  8 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24463]: pam_unix(cron:session): session closed for user p13x
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: Successful su for rubyman by root
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: + ??? root:rubyman
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351681 of user rubyman.
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: pam_unix(su:session): session closed for user rubyman
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351681.
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Invalid user ll from 122.54.18.220
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: input_userauth_request: invalid user ll [preauth]
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21311]: pam_unix(cron:session): session closed for user root
May  8 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Failed password for invalid user ll from 122.54.18.220 port 21328 ssh2
May  8 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Received disconnect from 122.54.18.220 port 21328:11: Bye Bye [preauth]
May  8 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24471]: Disconnected from 122.54.18.220 port 21328 [preauth]
May  8 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24464]: pam_unix(cron:session): session closed for user samftp
May  8 06:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Invalid user admin from 85.208.84.4
May  8 06:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: input_userauth_request: invalid user admin [preauth]
May  8 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): check pass; user unknown
May  8 06:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Failed password for invalid user admin from 85.208.84.4 port 20376 ssh2
May  8 06:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Connection closed by 85.208.84.4 port 20376 [preauth]
May  8 06:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23496]: pam_unix(cron:session): session closed for user root
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session closed for user p13x
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: Successful su for rubyman by root
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: + ??? root:rubyman
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351687 of user rubyman.
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session closed for user rubyman
May  8 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351687.
May  8 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21745]: pam_unix(cron:session): session closed for user root
May  8 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user samftp
May  8 06:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24025]: pam_unix(cron:session): session closed for user root
May  8 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: Failed password for root from 218.92.0.207 port 31158 ssh2
May  8 06:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 31158 ssh2]
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25298]: pam_unix(cron:session): session closed for user root
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25302]: pam_unix(cron:session): session closed for user root
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25296]: pam_unix(cron:session): session closed for user p13x
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: Received disconnect from 218.92.0.207 port 31158:11:  [preauth]
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: Disconnected from 218.92.0.207 port 31158 [preauth]
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: Successful su for rubyman by root
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: + ??? root:rubyman
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351693 of user rubyman.
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25396]: pam_unix(su:session): session closed for user rubyman
May  8 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351693.
May  8 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25299]: pam_unix(cron:session): session closed for user root
May  8 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session closed for user root
May  8 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25297]: pam_unix(cron:session): session closed for user samftp
May  8 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24466]: pam_unix(cron:session): session closed for user root
May  8 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session closed for user p13x
May  8 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25966]: Successful su for rubyman by root
May  8 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25966]: + ??? root:rubyman
May  8 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351698 of user rubyman.
May  8 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25966]: pam_unix(su:session): session closed for user rubyman
May  8 07:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351698.
May  8 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22960]: pam_unix(cron:session): session closed for user root
May  8 07:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session closed for user samftp
May  8 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session closed for user root
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26301]: pam_unix(cron:session): session closed for user p13x
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: Successful su for rubyman by root
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: + ??? root:rubyman
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351700 of user rubyman.
May  8 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26363]: pam_unix(su:session): session closed for user rubyman
May  8 07:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351700.
May  8 07:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23495]: pam_unix(cron:session): session closed for user root
May  8 07:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26302]: pam_unix(cron:session): session closed for user samftp
May  8 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25301]: pam_unix(cron:session): session closed for user root
May  8 07:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Invalid user admin from 85.208.84.4
May  8 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: input_userauth_request: invalid user admin [preauth]
May  8 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 07:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Failed password for invalid user admin from 85.208.84.4 port 34874 ssh2
May  8 07:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26768]: Connection closed by 85.208.84.4 port 34874 [preauth]
May  8 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26780]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26779]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26779]: pam_unix(cron:session): session closed for user p13x
May  8 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26845]: Successful su for rubyman by root
May  8 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26845]: + ??? root:rubyman
May  8 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351704 of user rubyman.
May  8 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26845]: pam_unix(su:session): session closed for user rubyman
May  8 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351704.
May  8 07:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24024]: pam_unix(cron:session): session closed for user root
May  8 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26780]: pam_unix(cron:session): session closed for user samftp
May  8 07:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session closed for user root
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27261]: pam_unix(cron:session): session closed for user p13x
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: Successful su for rubyman by root
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: + ??? root:rubyman
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351709 of user rubyman.
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27331]: pam_unix(su:session): session closed for user rubyman
May  8 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351709.
May  8 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24465]: pam_unix(cron:session): session closed for user root
May  8 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27262]: pam_unix(cron:session): session closed for user samftp
May  8 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session closed for user root
May  8 07:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Invalid user admin from 80.94.95.112
May  8 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: input_userauth_request: invalid user admin [preauth]
May  8 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 07:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user admin from 80.94.95.112 port 14068 ssh2
May  8 07:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user admin from 80.94.95.112 port 14068 ssh2
May  8 07:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user admin from 80.94.95.112 port 14068 ssh2
May  8 07:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Failed password for root from 122.54.18.220 port 61626 ssh2
May  8 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Received disconnect from 122.54.18.220 port 61626:11: Bye Bye [preauth]
May  8 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Disconnected from 122.54.18.220 port 61626 [preauth]
May  8 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user admin from 80.94.95.112 port 14068 ssh2
May  8 07:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Failed password for invalid user admin from 80.94.95.112 port 14068 ssh2
May  8 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Received disconnect from 80.94.95.112 port 14068:11: Bye [preauth]
May  8 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: Disconnected from 80.94.95.112 port 14068 [preauth]
May  8 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 07:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27711]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27739]: pam_unix(cron:session): session closed for user root
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27734]: pam_unix(cron:session): session closed for user p13x
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27803]: Successful su for rubyman by root
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27803]: + ??? root:rubyman
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351712 of user rubyman.
May  8 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27803]: pam_unix(su:session): session closed for user rubyman
May  8 07:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351712.
May  8 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27736]: pam_unix(cron:session): session closed for user root
May  8 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session closed for user root
May  8 07:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27735]: pam_unix(cron:session): session closed for user samftp
May  8 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26782]: pam_unix(cron:session): session closed for user root
May  8 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28186]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28185]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28184]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28183]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28183]: pam_unix(cron:session): session closed for user p13x
May  8 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28251]: Successful su for rubyman by root
May  8 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28251]: + ??? root:rubyman
May  8 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351719 of user rubyman.
May  8 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28251]: pam_unix(su:session): session closed for user rubyman
May  8 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351719.
May  8 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25300]: pam_unix(cron:session): session closed for user root
May  8 07:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28184]: pam_unix(cron:session): session closed for user samftp
May  8 07:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27264]: pam_unix(cron:session): session closed for user root
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28594]: pam_unix(cron:session): session closed for user p13x
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28656]: Successful su for rubyman by root
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28656]: + ??? root:rubyman
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351722 of user rubyman.
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28656]: pam_unix(su:session): session closed for user rubyman
May  8 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351722.
May  8 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25878]: pam_unix(cron:session): session closed for user root
May  8 07:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28595]: pam_unix(cron:session): session closed for user samftp
May  8 07:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27738]: pam_unix(cron:session): session closed for user root
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28993]: pam_unix(cron:session): session closed for user p13x
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: Successful su for rubyman by root
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: + ??? root:rubyman
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351726 of user rubyman.
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29147]: pam_unix(su:session): session closed for user rubyman
May  8 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351726.
May  8 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26303]: pam_unix(cron:session): session closed for user root
May  8 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28994]: pam_unix(cron:session): session closed for user samftp
May  8 07:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28186]: pam_unix(cron:session): session closed for user root
May  8 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user p13x
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: Successful su for rubyman by root
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: + ??? root:rubyman
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351730 of user rubyman.
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29632]: pam_unix(su:session): session closed for user rubyman
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351730.
May  8 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session closed for user root
May  8 07:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26781]: pam_unix(cron:session): session closed for user root
May  8 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session closed for user samftp
May  8 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29851]: Bad protocol version identification 'GET / HTTP/1.1' from 65.49.1.76 port 51793
May  8 07:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28597]: pam_unix(cron:session): session closed for user root
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30012]: pam_unix(cron:session): session closed for user root
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session closed for user p13x
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: Successful su for rubyman by root
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: + ??? root:rubyman
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351738 of user rubyman.
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30075]: pam_unix(su:session): session closed for user rubyman
May  8 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351738.
May  8 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session closed for user root
May  8 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27263]: pam_unix(cron:session): session closed for user root
May  8 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session closed for user samftp
May  8 07:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28997]: pam_unix(cron:session): session closed for user root
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30428]: pam_unix(cron:session): session closed for user p13x
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: Successful su for rubyman by root
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: + ??? root:rubyman
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351744 of user rubyman.
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30500]: pam_unix(su:session): session closed for user rubyman
May  8 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351744.
May  8 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27737]: pam_unix(cron:session): session closed for user root
May  8 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30431]: pam_unix(cron:session): session closed for user samftp
May  8 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 07:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Failed password for root from 80.94.95.125 port 55370 ssh2
May  8 07:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 55370 ssh2]
May  8 07:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Failed password for root from 80.94.95.125 port 55370 ssh2
May  8 07:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Failed password for root from 197.253.54.22 port 24593 ssh2
May  8 07:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Failed password for root from 80.94.95.125 port 55370 ssh2
May  8 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Received disconnect from 197.253.54.22 port 24593:11: Bye Bye [preauth]
May  8 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30745]: Disconnected from 197.253.54.22 port 24593 [preauth]
May  8 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Received disconnect from 80.94.95.125 port 55370:11: Bye [preauth]
May  8 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: Disconnected from 80.94.95.125 port 55370 [preauth]
May  8 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30720]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29503]: pam_unix(cron:session): session closed for user root
May  8 07:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Failed password for root from 122.54.18.220 port 40031 ssh2
May  8 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Received disconnect from 122.54.18.220 port 40031:11: Bye Bye [preauth]
May  8 07:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30808]: Disconnected from 122.54.18.220 port 40031 [preauth]
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user p13x
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: Successful su for rubyman by root
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: + ??? root:rubyman
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351746 of user rubyman.
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30896]: pam_unix(su:session): session closed for user rubyman
May  8 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351746.
May  8 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28185]: pam_unix(cron:session): session closed for user root
May  8 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user samftp
May  8 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Invalid user lab from 80.94.95.116
May  8 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: input_userauth_request: invalid user lab [preauth]
May  8 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Failed password for invalid user lab from 80.94.95.116 port 40046 ssh2
May  8 07:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31143]: Connection closed by 80.94.95.116 port 40046 [preauth]
May  8 07:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30011]: pam_unix(cron:session): session closed for user root
May  8 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31344]: pam_unix(cron:session): session closed for user p13x
May  8 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31405]: Successful su for rubyman by root
May  8 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31405]: + ??? root:rubyman
May  8 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351750 of user rubyman.
May  8 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31405]: pam_unix(su:session): session closed for user rubyman
May  8 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351750.
May  8 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28596]: pam_unix(cron:session): session closed for user root
May  8 07:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31345]: pam_unix(cron:session): session closed for user samftp
May  8 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30433]: pam_unix(cron:session): session closed for user root
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session closed for user p13x
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31834]: Successful su for rubyman by root
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31834]: + ??? root:rubyman
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351754 of user rubyman.
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31834]: pam_unix(su:session): session closed for user rubyman
May  8 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351754.
May  8 07:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28996]: pam_unix(cron:session): session closed for user root
May  8 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31774]: pam_unix(cron:session): session closed for user samftp
May  8 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user root
May  8 07:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Failed password for root from 197.253.54.22 port 36024 ssh2
May  8 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Received disconnect from 197.253.54.22 port 36024:11: Bye Bye [preauth]
May  8 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32427]: Disconnected from 197.253.54.22 port 36024 [preauth]
May  8 07:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Failed password for root from 218.92.0.205 port 41276 ssh2
May  8 07:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Failed password for root from 218.92.0.205 port 41276 ssh2
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session closed for user root
May  8 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user p13x
May  8 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: Successful su for rubyman by root
May  8 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: + ??? root:rubyman
May  8 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351758 of user rubyman.
May  8 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32562]: pam_unix(su:session): session closed for user rubyman
May  8 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351758.
May  8 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Failed password for root from 218.92.0.205 port 41276 ssh2
May  8 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user root
May  8 07:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29502]: pam_unix(cron:session): session closed for user root
May  8 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Failed password for root from 218.92.0.205 port 41276 ssh2
May  8 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user samftp
May  8 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Failed password for root from 218.92.0.205 port 41276 ssh2
May  8 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 41276 ssh2 [preauth]
May  8 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: Disconnecting: Too many authentication failures [preauth]
May  8 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32473]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 07:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: Failed password for root from 218.92.0.205 port 59820 ssh2
May  8 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: message repeated 5 times: [ Failed password for root from 218.92.0.205 port 59820 ssh2]
May  8 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 59820 ssh2 [preauth]
May  8 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: Disconnecting: Too many authentication failures [preauth]
May  8 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[482]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31347]: pam_unix(cron:session): session closed for user root
May  8 07:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Failed password for root from 218.92.0.205 port 20506 ssh2
May  8 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Received disconnect from 218.92.0.205 port 20506:11:  [preauth]
May  8 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[559]: Disconnected from 218.92.0.205 port 20506 [preauth]
May  8 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Invalid user admin from 93.108.120.147
May  8 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: input_userauth_request: invalid user admin [preauth]
May  8 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Failed password for invalid user admin from 93.108.120.147 port 39114 ssh2
May  8 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Received disconnect from 93.108.120.147 port 39114:11: Bye Bye [preauth]
May  8 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[617]: Disconnected from 93.108.120.147 port 39114 [preauth]
May  8 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[650]: pam_unix(cron:session): session closed for user p13x
May  8 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: Successful su for rubyman by root
May  8 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: + ??? root:rubyman
May  8 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351764 of user rubyman.
May  8 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[730]: pam_unix(su:session): session closed for user rubyman
May  8 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351764.
May  8 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session closed for user root
May  8 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[652]: pam_unix(cron:session): session closed for user samftp
May  8 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31776]: pam_unix(cron:session): session closed for user root
May  8 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Failed password for root from 197.253.54.22 port 10973 ssh2
May  8 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Received disconnect from 197.253.54.22 port 10973:11: Bye Bye [preauth]
May  8 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Disconnected from 197.253.54.22 port 10973 [preauth]
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1129]: pam_unix(cron:session): session closed for user root
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1132]: pam_unix(cron:session): session closed for user p13x
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1219]: Successful su for rubyman by root
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1219]: + ??? root:rubyman
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351769 of user rubyman.
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1219]: pam_unix(su:session): session closed for user rubyman
May  8 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351769.
May  8 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30432]: pam_unix(cron:session): session closed for user root
May  8 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1133]: pam_unix(cron:session): session closed for user samftp
May  8 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user root
May  8 07:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1590]: Did not receive identification string from 193.32.162.185
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1626]: pam_unix(cron:session): session closed for user p13x
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: Successful su for rubyman by root
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: + ??? root:rubyman
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351772 of user rubyman.
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1694]: pam_unix(su:session): session closed for user rubyman
May  8 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351772.
May  8 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user root
May  8 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1627]: pam_unix(cron:session): session closed for user samftp
May  8 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[655]: pam_unix(cron:session): session closed for user root
May  8 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: Invalid user debian from 122.54.18.220
May  8 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: input_userauth_request: invalid user debian [preauth]
May  8 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 07:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: Failed password for invalid user debian from 122.54.18.220 port 11105 ssh2
May  8 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: Received disconnect from 122.54.18.220 port 11105:11: Bye Bye [preauth]
May  8 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2092]: Disconnected from 122.54.18.220 port 11105 [preauth]
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2142]: pam_unix(cron:session): session closed for user p13x
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2209]: Successful su for rubyman by root
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2209]: + ??? root:rubyman
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351776 of user rubyman.
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2209]: pam_unix(su:session): session closed for user rubyman
May  8 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351776.
May  8 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31346]: pam_unix(cron:session): session closed for user root
May  8 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2147]: pam_unix(cron:session): session closed for user samftp
May  8 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Failed password for root from 197.253.54.22 port 36418 ssh2
May  8 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Received disconnect from 197.253.54.22 port 36418:11: Bye Bye [preauth]
May  8 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Disconnected from 197.253.54.22 port 36418 [preauth]
May  8 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1135]: pam_unix(cron:session): session closed for user root
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2577]: pam_unix(cron:session): session closed for user root
May  8 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2571]: pam_unix(cron:session): session closed for user p13x
May  8 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2650]: Successful su for rubyman by root
May  8 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2650]: + ??? root:rubyman
May  8 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351783 of user rubyman.
May  8 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2650]: pam_unix(su:session): session closed for user rubyman
May  8 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351783.
May  8 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2573]: pam_unix(cron:session): session closed for user root
May  8 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31775]: pam_unix(cron:session): session closed for user root
May  8 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2572]: pam_unix(cron:session): session closed for user samftp
May  8 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1629]: pam_unix(cron:session): session closed for user root
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session closed for user p13x
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: Successful su for rubyman by root
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: + ??? root:rubyman
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351789 of user rubyman.
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3105]: pam_unix(su:session): session closed for user rubyman
May  8 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351789.
May  8 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session closed for user root
May  8 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3040]: pam_unix(cron:session): session closed for user samftp
May  8 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Invalid user user from 197.253.54.22
May  8 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: input_userauth_request: invalid user user [preauth]
May  8 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Failed password for invalid user user from 197.253.54.22 port 14045 ssh2
May  8 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Received disconnect from 197.253.54.22 port 14045:11: Bye Bye [preauth]
May  8 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3353]: Disconnected from 197.253.54.22 port 14045 [preauth]
May  8 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2149]: pam_unix(cron:session): session closed for user root
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3477]: pam_unix(cron:session): session closed for user p13x
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3540]: Successful su for rubyman by root
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3540]: + ??? root:rubyman
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351791 of user rubyman.
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3540]: pam_unix(su:session): session closed for user rubyman
May  8 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351791.
May  8 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[653]: pam_unix(cron:session): session closed for user root
May  8 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3478]: pam_unix(cron:session): session closed for user samftp
May  8 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2575]: pam_unix(cron:session): session closed for user root
May  8 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3899]: pam_unix(cron:session): session closed for user p13x
May  8 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3998]: Successful su for rubyman by root
May  8 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3998]: + ??? root:rubyman
May  8 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351794 of user rubyman.
May  8 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3998]: pam_unix(su:session): session closed for user rubyman
May  8 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351794.
May  8 07:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1134]: pam_unix(cron:session): session closed for user root
May  8 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3900]: pam_unix(cron:session): session closed for user samftp
May  8 07:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.144.198.71  user=root
May  8 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Failed password for root from 58.144.198.71 port 33728 ssh2
May  8 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Received disconnect from 58.144.198.71 port 33728:11: Bye Bye [preauth]
May  8 07:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Disconnected from 58.144.198.71 port 33728 [preauth]
May  8 07:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=root
May  8 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: Failed password for root from 197.253.54.22 port 42390 ssh2
May  8 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: Received disconnect from 197.253.54.22 port 42390:11: Bye Bye [preauth]
May  8 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4271]: Disconnected from 197.253.54.22 port 42390 [preauth]
May  8 07:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4273]: Failed password for root from 85.208.84.5 port 45282 ssh2
May  8 07:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4273]: Connection closed by 85.208.84.5 port 45282 [preauth]
May  8 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3042]: pam_unix(cron:session): session closed for user root
May  8 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4486]: pam_unix(cron:session): session closed for user p13x
May  8 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4564]: Successful su for rubyman by root
May  8 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4564]: + ??? root:rubyman
May  8 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351798 of user rubyman.
May  8 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4564]: pam_unix(su:session): session closed for user rubyman
May  8 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351798.
May  8 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1628]: pam_unix(cron:session): session closed for user root
May  8 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4487]: pam_unix(cron:session): session closed for user samftp
May  8 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3480]: pam_unix(cron:session): session closed for user root
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4925]: pam_unix(cron:session): session closed for user root
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4916]: pam_unix(cron:session): session closed for user p13x
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5000]: Successful su for rubyman by root
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5000]: + ??? root:rubyman
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351807 of user rubyman.
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5000]: pam_unix(su:session): session closed for user rubyman
May  8 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351807.
May  8 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4918]: pam_unix(cron:session): session closed for user root
May  8 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2148]: pam_unix(cron:session): session closed for user root
May  8 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4917]: pam_unix(cron:session): session closed for user samftp
May  8 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: Invalid user remote from 197.253.54.22
May  8 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: input_userauth_request: invalid user remote [preauth]
May  8 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: Failed password for invalid user remote from 197.253.54.22 port 37262 ssh2
May  8 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: Received disconnect from 197.253.54.22 port 37262:11: Bye Bye [preauth]
May  8 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5445]: Disconnected from 197.253.54.22 port 37262 [preauth]
May  8 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3902]: pam_unix(cron:session): session closed for user root
May  8 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: Invalid user mel from 122.54.18.220
May  8 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: input_userauth_request: invalid user mel [preauth]
May  8 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: Failed password for invalid user mel from 122.54.18.220 port 1581 ssh2
May  8 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: Received disconnect from 122.54.18.220 port 1581:11: Bye Bye [preauth]
May  8 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5500]: Disconnected from 122.54.18.220 port 1581 [preauth]
May  8 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5608]: pam_unix(cron:session): session closed for user p13x
May  8 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: Successful su for rubyman by root
May  8 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: + ??? root:rubyman
May  8 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351811 of user rubyman.
May  8 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: pam_unix(su:session): session closed for user rubyman
May  8 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351811.
May  8 07:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2574]: pam_unix(cron:session): session closed for user root
May  8 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5609]: pam_unix(cron:session): session closed for user samftp
May  8 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4493]: pam_unix(cron:session): session closed for user root
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session closed for user p13x
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: Successful su for rubyman by root
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: + ??? root:rubyman
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351813 of user rubyman.
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6199]: pam_unix(su:session): session closed for user rubyman
May  8 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351813.
May  8 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3041]: pam_unix(cron:session): session closed for user root
May  8 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user samftp
May  8 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Invalid user abdel from 197.253.54.22
May  8 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: input_userauth_request: invalid user abdel [preauth]
May  8 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Failed password for invalid user abdel from 197.253.54.22 port 43012 ssh2
May  8 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Received disconnect from 197.253.54.22 port 43012:11: Bye Bye [preauth]
May  8 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6437]: Disconnected from 197.253.54.22 port 43012 [preauth]
May  8 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4924]: pam_unix(cron:session): session closed for user root
May  8 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Invalid user email from 93.108.120.147
May  8 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: input_userauth_request: invalid user email [preauth]
May  8 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 07:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Failed password for invalid user email from 93.108.120.147 port 47788 ssh2
May  8 07:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Received disconnect from 93.108.120.147 port 47788:11: Bye Bye [preauth]
May  8 07:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6509]: Disconnected from 93.108.120.147 port 47788 [preauth]
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6536]: pam_unix(cron:session): session closed for user p13x
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6597]: Successful su for rubyman by root
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6597]: + ??? root:rubyman
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351816 of user rubyman.
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6597]: pam_unix(su:session): session closed for user rubyman
May  8 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351816.
May  8 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3479]: pam_unix(cron:session): session closed for user root
May  8 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6537]: pam_unix(cron:session): session closed for user samftp
May  8 07:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user root
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7032]: pam_unix(cron:session): session closed for user p13x
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7114]: Successful su for rubyman by root
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7114]: + ??? root:rubyman
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351820 of user rubyman.
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7114]: pam_unix(su:session): session closed for user rubyman
May  8 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351820.
May  8 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3901]: pam_unix(cron:session): session closed for user root
May  8 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user samftp
May  8 07:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Invalid user ftp-user from 197.253.54.22
May  8 07:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: input_userauth_request: invalid user ftp-user [preauth]
May  8 07:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Failed password for invalid user ftp-user from 197.253.54.22 port 56008 ssh2
May  8 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Received disconnect from 197.253.54.22 port 56008:11: Bye Bye [preauth]
May  8 07:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7332]: Disconnected from 197.253.54.22 port 56008 [preauth]
May  8 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user root
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session closed for user p13x
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7626]: Successful su for rubyman by root
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7626]: + ??? root:rubyman
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351824 of user rubyman.
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7626]: pam_unix(su:session): session closed for user rubyman
May  8 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351824.
May  8 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session closed for user root
May  8 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4488]: pam_unix(cron:session): session closed for user root
May  8 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7449]: pam_unix(cron:session): session closed for user samftp
May  8 07:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 07:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Failed password for root from 218.92.0.206 port 24832 ssh2
May  8 07:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Failed password for root from 218.92.0.206 port 24832 ssh2
May  8 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6539]: pam_unix(cron:session): session closed for user root
May  8 07:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Failed password for root from 218.92.0.206 port 24832 ssh2
May  8 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 24832 ssh2]
May  8 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 24832 ssh2 [preauth]
May  8 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: Disconnecting: Too many authentication failures [preauth]
May  8 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 07:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8016]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8016]: pam_unix(cron:session): session closed for user p13x
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: Successful su for rubyman by root
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: + ??? root:rubyman
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351831 of user rubyman.
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: pam_unix(su:session): session closed for user rubyman
May  8 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351831.
May  8 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4923]: pam_unix(cron:session): session closed for user root
May  8 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session closed for user samftp
May  8 07:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Invalid user cosmo from 197.253.54.22
May  8 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: input_userauth_request: invalid user cosmo [preauth]
May  8 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Failed password for invalid user cosmo from 197.253.54.22 port 29559 ssh2
May  8 07:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Received disconnect from 197.253.54.22 port 29559:11: Bye Bye [preauth]
May  8 07:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8292]: Disconnected from 197.253.54.22 port 29559 [preauth]
May  8 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user root
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user p13x
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: Successful su for rubyman by root
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: + ??? root:rubyman
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351835 of user rubyman.
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: pam_unix(su:session): session closed for user rubyman
May  8 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351835.
May  8 07:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5610]: pam_unix(cron:session): session closed for user root
May  8 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session closed for user samftp
May  8 07:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Invalid user user05 from 122.54.18.220
May  8 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: input_userauth_request: invalid user user05 [preauth]
May  8 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220
May  8 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Failed password for invalid user user05 from 122.54.18.220 port 2192 ssh2
May  8 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Received disconnect from 122.54.18.220 port 2192:11: Bye Bye [preauth]
May  8 07:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8754]: Disconnected from 122.54.18.220 port 2192 [preauth]
May  8 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session closed for user root
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8876]: pam_unix(cron:session): session closed for user p13x
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8938]: Successful su for rubyman by root
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8938]: + ??? root:rubyman
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351838 of user rubyman.
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8938]: pam_unix(su:session): session closed for user rubyman
May  8 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351838.
May  8 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user root
May  8 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8877]: pam_unix(cron:session): session closed for user samftp
May  8 07:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: Failed password for root from 197.253.54.22 port 48009 ssh2
May  8 07:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: Received disconnect from 197.253.54.22 port 48009:11: Bye Bye [preauth]
May  8 07:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9225]: Disconnected from 197.253.54.22 port 48009 [preauth]
May  8 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session closed for user root
May  8 07:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: Invalid user test from 50.235.31.47
May  8 07:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: input_userauth_request: invalid user test [preauth]
May  8 07:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: Failed password for invalid user test from 50.235.31.47 port 59900 ssh2
May  8 07:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9361]: Connection closed by 50.235.31.47 port 59900 [preauth]
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9405]: pam_unix(cron:session): session closed for user p13x
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: Successful su for rubyman by root
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: + ??? root:rubyman
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351842 of user rubyman.
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9470]: pam_unix(su:session): session closed for user rubyman
May  8 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351842.
May  8 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6538]: pam_unix(cron:session): session closed for user root
May  8 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9406]: pam_unix(cron:session): session closed for user samftp
May  8 07:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.10.175.77  user=root
May  8 07:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: Failed password for root from 45.10.175.77 port 46460 ssh2
May  8 07:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: Connection closed by 45.10.175.77 port 46460 [preauth]
May  8 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:34:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Connection closed by 93.108.120.147 port 44076 [preauth]
May  8 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session closed for user root
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9817]: pam_unix(cron:session): session closed for user p13x
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9887]: Successful su for rubyman by root
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9887]: + ??? root:rubyman
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351846 of user rubyman.
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9887]: pam_unix(su:session): session closed for user rubyman
May  8 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351846.
May  8 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9819]: pam_unix(cron:session): session closed for user root
May  8 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session closed for user root
May  8 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9818]: pam_unix(cron:session): session closed for user samftp
May  8 07:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Invalid user yanghui from 197.253.54.22
May  8 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: input_userauth_request: invalid user yanghui [preauth]
May  8 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Failed password for invalid user yanghui from 197.253.54.22 port 53351 ssh2
May  8 07:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Received disconnect from 197.253.54.22 port 53351:11: Bye Bye [preauth]
May  8 07:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10100]: Disconnected from 197.253.54.22 port 53351 [preauth]
May  8 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session closed for user root
May  8 07:35:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Invalid user user from 85.208.84.4
May  8 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: input_userauth_request: invalid user user [preauth]
May  8 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 07:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Failed password for invalid user user from 85.208.84.4 port 37980 ssh2
May  8 07:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10306]: Connection closed by 85.208.84.4 port 37980 [preauth]
May  8 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10339]: pam_unix(cron:session): session closed for user p13x
May  8 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: Successful su for rubyman by root
May  8 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: + ??? root:rubyman
May  8 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351853 of user rubyman.
May  8 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10412]: pam_unix(su:session): session closed for user rubyman
May  8 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351853.
May  8 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session closed for user root
May  8 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10340]: pam_unix(cron:session): session closed for user samftp
May  8 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session closed for user root
May  8 07:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.10.175.77  user=root
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10826]: pam_unix(cron:session): session closed for user p13x
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10887]: Successful su for rubyman by root
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10887]: + ??? root:rubyman
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351857 of user rubyman.
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10887]: pam_unix(su:session): session closed for user rubyman
May  8 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351857.
May  8 07:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Failed password for root from 45.10.175.77 port 56424 ssh2
May  8 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8018]: pam_unix(cron:session): session closed for user root
May  8 07:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10823]: Connection closed by 45.10.175.77 port 56424 [preauth]
May  8 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10827]: pam_unix(cron:session): session closed for user samftp
May  8 07:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Invalid user jin from 197.253.54.22
May  8 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: input_userauth_request: invalid user jin [preauth]
May  8 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Failed password for invalid user jin from 197.253.54.22 port 61023 ssh2
May  8 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Received disconnect from 197.253.54.22 port 61023:11: Bye Bye [preauth]
May  8 07:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11068]: Disconnected from 197.253.54.22 port 61023 [preauth]
May  8 07:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Invalid user pi from 45.10.175.77
May  8 07:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: input_userauth_request: invalid user pi [preauth]
May  8 07:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11083]: Connection reset by 45.10.175.77 port 53554 [preauth]
May  8 07:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10877]: Connection reset by 45.10.175.77 port 56440 [preauth]
May  8 07:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11071]: Connection closed by 45.10.175.77 port 56452 [preauth]
May  8 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user root
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11224]: pam_unix(cron:session): session closed for user p13x
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: Successful su for rubyman by root
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: + ??? root:rubyman
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351861 of user rubyman.
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: pam_unix(su:session): session closed for user rubyman
May  8 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351861.
May  8 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session closed for user root
May  8 07:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session closed for user samftp
May  8 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10342]: pam_unix(cron:session): session closed for user root
May  8 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93  user=root
May  8 07:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: Failed password for root from 116.147.40.93 port 53406 ssh2
May  8 07:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: Received disconnect from 116.147.40.93 port 53406:11: Bye Bye [preauth]
May  8 07:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11547]: Disconnected from 116.147.40.93 port 53406 [preauth]
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11634]: pam_unix(cron:session): session closed for user p13x
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.54.18.220  user=root
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: Successful su for rubyman by root
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: + ??? root:rubyman
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351867 of user rubyman.
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11751]: pam_unix(su:session): session closed for user rubyman
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351867.
May  8 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11632]: pam_unix(cron:session): session closed for user root
May  8 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8878]: pam_unix(cron:session): session closed for user root
May  8 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Failed password for root from 122.54.18.220 port 60196 ssh2
May  8 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Received disconnect from 122.54.18.220 port 60196:11: Bye Bye [preauth]
May  8 07:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Disconnected from 122.54.18.220 port 60196 [preauth]
May  8 07:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11635]: pam_unix(cron:session): session closed for user samftp
May  8 07:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Invalid user nacos from 197.253.54.22
May  8 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: input_userauth_request: invalid user nacos [preauth]
May  8 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Failed password for invalid user nacos from 197.253.54.22 port 4466 ssh2
May  8 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Received disconnect from 197.253.54.22 port 4466:11: Bye Bye [preauth]
May  8 07:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11990]: Disconnected from 197.253.54.22 port 4466 [preauth]
May  8 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10829]: pam_unix(cron:session): session closed for user root
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12117]: pam_unix(cron:session): session closed for user root
May  8 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12112]: pam_unix(cron:session): session closed for user p13x
May  8 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: Successful su for rubyman by root
May  8 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: + ??? root:rubyman
May  8 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351869 of user rubyman.
May  8 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12181]: pam_unix(su:session): session closed for user rubyman
May  8 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351869.
May  8 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12114]: pam_unix(cron:session): session closed for user root
May  8 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session closed for user root
May  8 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12113]: pam_unix(cron:session): session closed for user samftp
May  8 07:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Invalid user sxf from 47.236.228.254
May  8 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: input_userauth_request: invalid user sxf [preauth]
May  8 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.228.254
May  8 07:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Failed password for invalid user sxf from 47.236.228.254 port 38932 ssh2
May  8 07:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Received disconnect from 47.236.228.254 port 38932:11: Bye Bye [preauth]
May  8 07:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12463]: Disconnected from 47.236.228.254 port 38932 [preauth]
May  8 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session closed for user root
May  8 07:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 07:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: Failed password for root from 193.70.84.184 port 46900 ssh2
May  8 07:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12523]: Connection closed by 193.70.84.184 port 46900 [preauth]
May  8 07:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12533]: Connection closed by 93.108.120.147 port 40192 [preauth]
May  8 07:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Invalid user user from 91.200.151.78
May  8 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: input_userauth_request: invalid user user [preauth]
May  8 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12555]: pam_unix(cron:session): session closed for user p13x
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: Successful su for rubyman by root
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: + ??? root:rubyman
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351875 of user rubyman.
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12622]: pam_unix(su:session): session closed for user rubyman
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351875.
May  8 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Failed password for invalid user user from 91.200.151.78 port 59812 ssh2
May  8 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Received disconnect from 91.200.151.78 port 59812:11: Bye Bye [preauth]
May  8 07:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12552]: Disconnected from 91.200.151.78 port 59812 [preauth]
May  8 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user root
May  8 07:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12556]: pam_unix(cron:session): session closed for user samftp
May  8 07:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Failed password for root from 197.253.54.22 port 63205 ssh2
May  8 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Received disconnect from 197.253.54.22 port 63205:11: Bye Bye [preauth]
May  8 07:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12832]: Disconnected from 197.253.54.22 port 63205 [preauth]
May  8 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11637]: pam_unix(cron:session): session closed for user root
May  8 07:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 07:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Failed password for root from 185.141.132.26 port 54134 ssh2
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12952]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12950]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12949]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12949]: pam_unix(cron:session): session closed for user p13x
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Received disconnect from 185.141.132.26 port 54134:11: Bye Bye [preauth]
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Disconnected from 185.141.132.26 port 54134 [preauth]
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: Successful su for rubyman by root
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: + ??? root:rubyman
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351880 of user rubyman.
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13014]: pam_unix(su:session): session closed for user rubyman
May  8 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351880.
May  8 07:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10341]: pam_unix(cron:session): session closed for user root
May  8 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12950]: pam_unix(cron:session): session closed for user samftp
May  8 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12116]: pam_unix(cron:session): session closed for user root
May  8 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13360]: pam_unix(cron:session): session closed for user p13x
May  8 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13423]: Successful su for rubyman by root
May  8 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13423]: + ??? root:rubyman
May  8 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351883 of user rubyman.
May  8 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13423]: pam_unix(su:session): session closed for user rubyman
May  8 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351883.
May  8 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10828]: pam_unix(cron:session): session closed for user root
May  8 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13361]: pam_unix(cron:session): session closed for user samftp
May  8 07:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Invalid user mathias from 197.253.54.22
May  8 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: input_userauth_request: invalid user mathias [preauth]
May  8 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Failed password for invalid user mathias from 197.253.54.22 port 8229 ssh2
May  8 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Received disconnect from 197.253.54.22 port 8229:11: Bye Bye [preauth]
May  8 07:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Disconnected from 197.253.54.22 port 8229 [preauth]
May  8 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12558]: pam_unix(cron:session): session closed for user root
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13861]: pam_unix(cron:session): session closed for user p13x
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13923]: Successful su for rubyman by root
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13923]: + ??? root:rubyman
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351887 of user rubyman.
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13923]: pam_unix(su:session): session closed for user rubyman
May  8 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351887.
May  8 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session closed for user root
May  8 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13862]: pam_unix(cron:session): session closed for user samftp
May  8 07:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14139]: Connection closed by 46.244.96.25 port 37582 [preauth]
May  8 07:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  8 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Failed password for root from 46.244.96.25 port 37588 ssh2
May  8 07:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14141]: Connection closed by 46.244.96.25 port 37588 [preauth]
May  8 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12952]: pam_unix(cron:session): session closed for user root
May  8 07:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Invalid user anonymous from 80.94.95.115
May  8 07:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: input_userauth_request: invalid user anonymous [preauth]
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14272]: pam_unix(cron:session): session closed for user root
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14267]: pam_unix(cron:session): session closed for user p13x
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: Successful su for rubyman by root
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: + ??? root:rubyman
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351893 of user rubyman.
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: pam_unix(su:session): session closed for user rubyman
May  8 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351893.
May  8 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Failed password for invalid user anonymous from 80.94.95.115 port 30428 ssh2
May  8 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14263]: Connection closed by 80.94.95.115 port 30428 [preauth]
May  8 07:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session closed for user root
May  8 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11636]: pam_unix(cron:session): session closed for user root
May  8 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session closed for user samftp
May  8 07:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 07:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: Invalid user squid from 197.253.54.22
May  8 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: input_userauth_request: invalid user squid [preauth]
May  8 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Failed password for root from 80.94.95.241 port 63870 ssh2
May  8 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Failed password for root from 80.94.95.241 port 63870 ssh2
May  8 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: Failed password for invalid user squid from 197.253.54.22 port 46262 ssh2
May  8 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: Received disconnect from 197.253.54.22 port 46262:11: Bye Bye [preauth]
May  8 07:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14561]: Disconnected from 197.253.54.22 port 46262 [preauth]
May  8 07:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Failed password for root from 80.94.95.241 port 63870 ssh2
May  8 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: message repeated 2 times: [ Failed password for root from 80.94.95.241 port 63870 ssh2]
May  8 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Received disconnect from 80.94.95.241 port 63870:11: Bye [preauth]
May  8 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Disconnected from 80.94.95.241 port 63870 [preauth]
May  8 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 07:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  8 07:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Failed password for root from 218.92.0.209 port 54892 ssh2
May  8 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Failed password for root from 218.92.0.209 port 54892 ssh2
May  8 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13363]: pam_unix(cron:session): session closed for user root
May  8 07:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Failed password for root from 218.92.0.209 port 54892 ssh2
May  8 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: message repeated 2 times: [ Failed password for root from 218.92.0.209 port 54892 ssh2]
May  8 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 54892 ssh2 [preauth]
May  8 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: Disconnecting: Too many authentication failures [preauth]
May  8 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  8 07:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14621]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14715]: pam_unix(cron:session): session closed for user p13x
May  8 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: Successful su for rubyman by root
May  8 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: + ??? root:rubyman
May  8 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351898 of user rubyman.
May  8 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14786]: pam_unix(su:session): session closed for user rubyman
May  8 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351898.
May  8 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12115]: pam_unix(cron:session): session closed for user root
May  8 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14716]: pam_unix(cron:session): session closed for user samftp
May  8 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13865]: pam_unix(cron:session): session closed for user root
May  8 07:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Invalid user admin from 80.94.95.112
May  8 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: input_userauth_request: invalid user admin [preauth]
May  8 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 07:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Failed password for invalid user admin from 80.94.95.112 port 52052 ssh2
May  8 07:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Failed password for invalid user admin from 80.94.95.112 port 52052 ssh2
May  8 07:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Failed password for invalid user admin from 80.94.95.112 port 52052 ssh2
May  8 07:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Failed password for invalid user admin from 80.94.95.112 port 52052 ssh2
May  8 07:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Failed password for invalid user admin from 80.94.95.112 port 52052 ssh2
May  8 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Received disconnect from 80.94.95.112 port 52052:11: Bye [preauth]
May  8 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: Disconnected from 80.94.95.112 port 52052 [preauth]
May  8 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15103]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user p13x
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: Successful su for rubyman by root
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: + ??? root:rubyman
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351902 of user rubyman.
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15189]: pam_unix(su:session): session closed for user rubyman
May  8 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351902.
May  8 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12557]: pam_unix(cron:session): session closed for user root
May  8 07:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15132]: pam_unix(cron:session): session closed for user samftp
May  8 07:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Invalid user boom from 197.253.54.22
May  8 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: input_userauth_request: invalid user boom [preauth]
May  8 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Failed password for invalid user boom from 197.253.54.22 port 44953 ssh2
May  8 07:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Received disconnect from 197.253.54.22 port 44953:11: Bye Bye [preauth]
May  8 07:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15374]: Disconnected from 197.253.54.22 port 44953 [preauth]
May  8 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session closed for user root
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15522]: pam_unix(cron:session): session closed for user p13x
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: Successful su for rubyman by root
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: + ??? root:rubyman
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351906 of user rubyman.
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15583]: pam_unix(su:session): session closed for user rubyman
May  8 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351906.
May  8 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12951]: pam_unix(cron:session): session closed for user root
May  8 07:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15523]: pam_unix(cron:session): session closed for user samftp
May  8 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14719]: pam_unix(cron:session): session closed for user root
May  8 07:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147  user=root
May  8 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15885]: Failed password for root from 93.108.120.147 port 44020 ssh2
May  8 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15885]: Received disconnect from 93.108.120.147 port 44020:11: Bye Bye [preauth]
May  8 07:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15885]: Disconnected from 93.108.120.147 port 44020 [preauth]
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15916]: pam_unix(cron:session): session closed for user p13x
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: Successful su for rubyman by root
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: + ??? root:rubyman
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351909 of user rubyman.
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15976]: pam_unix(su:session): session closed for user rubyman
May  8 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351909.
May  8 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13362]: pam_unix(cron:session): session closed for user root
May  8 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15917]: pam_unix(cron:session): session closed for user samftp
May  8 07:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Invalid user test from 197.253.54.22
May  8 07:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: input_userauth_request: invalid user test [preauth]
May  8 07:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Failed password for invalid user test from 197.253.54.22 port 46950 ssh2
May  8 07:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Received disconnect from 197.253.54.22 port 46950:11: Bye Bye [preauth]
May  8 07:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16160]: Disconnected from 197.253.54.22 port 46950 [preauth]
May  8 07:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Invalid user ik from 47.236.228.254
May  8 07:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: input_userauth_request: invalid user ik [preauth]
May  8 07:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.228.254
May  8 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15134]: pam_unix(cron:session): session closed for user root
May  8 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Failed password for invalid user ik from 47.236.228.254 port 44830 ssh2
May  8 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Received disconnect from 47.236.228.254 port 44830:11: Bye Bye [preauth]
May  8 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16220]: Disconnected from 47.236.228.254 port 44830 [preauth]
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16301]: pam_unix(cron:session): session closed for user root
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16296]: pam_unix(cron:session): session closed for user p13x
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16367]: Successful su for rubyman by root
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16367]: + ??? root:rubyman
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351913 of user rubyman.
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16367]: pam_unix(su:session): session closed for user rubyman
May  8 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351913.
May  8 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16298]: pam_unix(cron:session): session closed for user root
May  8 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13863]: pam_unix(cron:session): session closed for user root
May  8 07:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16297]: pam_unix(cron:session): session closed for user samftp
May  8 07:50:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Invalid user dvs from 85.208.84.134
May  8 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: input_userauth_request: invalid user dvs [preauth]
May  8 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15525]: pam_unix(cron:session): session closed for user root
May  8 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Failed password for invalid user dvs from 85.208.84.134 port 59350 ssh2
May  8 07:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Connection closed by 85.208.84.134 port 59350 [preauth]
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16786]: pam_unix(cron:session): session closed for user p13x
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16851]: Successful su for rubyman by root
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16851]: + ??? root:rubyman
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351919 of user rubyman.
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16851]: pam_unix(su:session): session closed for user rubyman
May  8 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351919.
May  8 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session closed for user root
May  8 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16787]: pam_unix(cron:session): session closed for user samftp
May  8 07:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: Invalid user intell from 197.253.54.22
May  8 07:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: input_userauth_request: invalid user intell [preauth]
May  8 07:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: Failed password for invalid user intell from 197.253.54.22 port 21142 ssh2
May  8 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: Received disconnect from 197.253.54.22 port 21142:11: Bye Bye [preauth]
May  8 07:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17095]: Disconnected from 197.253.54.22 port 21142 [preauth]
May  8 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15919]: pam_unix(cron:session): session closed for user root
May  8 07:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17188]: Failed password for root from 91.200.151.78 port 48590 ssh2
May  8 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17188]: Received disconnect from 91.200.151.78 port 48590:11: Bye Bye [preauth]
May  8 07:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17188]: Disconnected from 91.200.151.78 port 48590 [preauth]
May  8 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17219]: pam_unix(cron:session): session closed for user p13x
May  8 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: Successful su for rubyman by root
May  8 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: + ??? root:rubyman
May  8 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351924 of user rubyman.
May  8 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17284]: pam_unix(su:session): session closed for user rubyman
May  8 07:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351924.
May  8 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14717]: pam_unix(cron:session): session closed for user root
May  8 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17220]: pam_unix(cron:session): session closed for user samftp
May  8 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16300]: pam_unix(cron:session): session closed for user root
May  8 07:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Failed password for root from 185.141.132.26 port 50252 ssh2
May  8 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Received disconnect from 185.141.132.26 port 50252:11: Bye Bye [preauth]
May  8 07:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17620]: Disconnected from 185.141.132.26 port 50252 [preauth]
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17632]: pam_unix(cron:session): session closed for user p13x
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17700]: Successful su for rubyman by root
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17700]: + ??? root:rubyman
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351927 of user rubyman.
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17700]: pam_unix(su:session): session closed for user rubyman
May  8 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351927.
May  8 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15133]: pam_unix(cron:session): session closed for user root
May  8 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17634]: pam_unix(cron:session): session closed for user samftp
May  8 07:53:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:53:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22  user=root
May  8 07:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18066]: Failed password for root from 197.253.54.22 port 57604 ssh2
May  8 07:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18066]: Received disconnect from 197.253.54.22 port 57604:11: Bye Bye [preauth]
May  8 07:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18066]: Disconnected from 197.253.54.22 port 57604 [preauth]
May  8 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16789]: pam_unix(cron:session): session closed for user root
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18165]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18164]: pam_unix(cron:session): session closed for user p13x
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18226]: Successful su for rubyman by root
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18226]: + ??? root:rubyman
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18226]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351931 of user rubyman.
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18226]: pam_unix(su:session): session closed for user rubyman
May  8 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351931.
May  8 07:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15524]: pam_unix(cron:session): session closed for user root
May  8 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18165]: pam_unix(cron:session): session closed for user samftp
May  8 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17223]: pam_unix(cron:session): session closed for user root
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18572]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18577]: pam_unix(cron:session): session closed for user root
May  8 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18572]: pam_unix(cron:session): session closed for user p13x
May  8 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18639]: Successful su for rubyman by root
May  8 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18639]: + ??? root:rubyman
May  8 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351939 of user rubyman.
May  8 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18639]: pam_unix(su:session): session closed for user rubyman
May  8 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351939.
May  8 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18574]: pam_unix(cron:session): session closed for user root
May  8 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15918]: pam_unix(cron:session): session closed for user root
May  8 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session closed for user samftp
May  8 07:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Invalid user toby from 197.253.54.22
May  8 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: input_userauth_request: invalid user toby [preauth]
May  8 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Failed password for invalid user toby from 197.253.54.22 port 10027 ssh2
May  8 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Received disconnect from 197.253.54.22 port 10027:11: Bye Bye [preauth]
May  8 07:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Disconnected from 197.253.54.22 port 10027 [preauth]
May  8 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17636]: pam_unix(cron:session): session closed for user root
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session closed for user p13x
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19084]: Successful su for rubyman by root
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19084]: + ??? root:rubyman
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351941 of user rubyman.
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19084]: pam_unix(su:session): session closed for user rubyman
May  8 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351941.
May  8 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16299]: pam_unix(cron:session): session closed for user root
May  8 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session closed for user samftp
May  8 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Invalid user sysadmin from 202.168.179.141
May  8 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: input_userauth_request: invalid user sysadmin [preauth]
May  8 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Failed password for invalid user sysadmin from 202.168.179.141 port 59750 ssh2
May  8 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Received disconnect from 202.168.179.141 port 59750:11: Bye Bye [preauth]
May  8 07:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19262]: Disconnected from 202.168.179.141 port 59750 [preauth]
May  8 07:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Failed password for root from 194.0.234.19 port 32020 ssh2
May  8 07:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Connection closed by 194.0.234.19 port 32020 [preauth]
May  8 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18167]: pam_unix(cron:session): session closed for user root
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19426]: pam_unix(cron:session): session closed for user p13x
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19487]: Successful su for rubyman by root
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19487]: + ??? root:rubyman
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351946 of user rubyman.
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19487]: pam_unix(su:session): session closed for user rubyman
May  8 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351946.
May  8 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16788]: pam_unix(cron:session): session closed for user root
May  8 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19427]: pam_unix(cron:session): session closed for user samftp
May  8 07:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Failed password for root from 91.200.151.78 port 35530 ssh2
May  8 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Received disconnect from 91.200.151.78 port 35530:11: Bye Bye [preauth]
May  8 07:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19703]: Disconnected from 91.200.151.78 port 35530 [preauth]
May  8 07:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Invalid user babak from 197.253.54.22
May  8 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: input_userauth_request: invalid user babak [preauth]
May  8 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Failed password for invalid user babak from 197.253.54.22 port 57403 ssh2
May  8 07:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Received disconnect from 197.253.54.22 port 57403:11: Bye Bye [preauth]
May  8 07:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19726]: Disconnected from 197.253.54.22 port 57403 [preauth]
May  8 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user root
May  8 07:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Invalid user sxf from 185.141.132.26
May  8 07:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: input_userauth_request: invalid user sxf [preauth]
May  8 07:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 07:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Failed password for invalid user sxf from 185.141.132.26 port 42104 ssh2
May  8 07:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Received disconnect from 185.141.132.26 port 42104:11: Bye Bye [preauth]
May  8 07:57:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19833]: Disconnected from 185.141.132.26 port 42104 [preauth]
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session closed for user p13x
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: Successful su for rubyman by root
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: + ??? root:rubyman
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351950 of user rubyman.
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19917]: pam_unix(su:session): session closed for user rubyman
May  8 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351950.
May  8 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17222]: pam_unix(cron:session): session closed for user root
May  8 07:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Invalid user hacker from 80.94.95.241
May  8 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: input_userauth_request: invalid user hacker [preauth]
May  8 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19856]: pam_unix(cron:session): session closed for user samftp
May  8 07:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user hacker from 80.94.95.241 port 63187 ssh2
May  8 07:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user hacker from 80.94.95.241 port 63187 ssh2
May  8 07:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user hacker from 80.94.95.241 port 63187 ssh2
May  8 07:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:58:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user hacker from 80.94.95.241 port 63187 ssh2
May  8 07:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Failed password for invalid user hacker from 80.94.95.241 port 63187 ssh2
May  8 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Received disconnect from 80.94.95.241 port 63187:11: Bye [preauth]
May  8 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: Disconnected from 80.94.95.241 port 63187 [preauth]
May  8 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 07:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20090]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19010]: pam_unix(cron:session): session closed for user root
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20263]: pam_unix(cron:session): session closed for user p13x
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20322]: Successful su for rubyman by root
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20322]: + ??? root:rubyman
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20322]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351954 of user rubyman.
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20322]: pam_unix(su:session): session closed for user rubyman
May  8 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351954.
May  8 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17635]: pam_unix(cron:session): session closed for user root
May  8 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session closed for user samftp
May  8 07:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: Invalid user mike from 197.253.54.22
May  8 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: input_userauth_request: invalid user mike [preauth]
May  8 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: pam_unix(sshd:auth): check pass; user unknown
May  8 07:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 07:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: Failed password for invalid user mike from 197.253.54.22 port 46176 ssh2
May  8 07:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: Received disconnect from 197.253.54.22 port 46176:11: Bye Bye [preauth]
May  8 07:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20531]: Disconnected from 197.253.54.22 port 46176 [preauth]
May  8 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19429]: pam_unix(cron:session): session closed for user root
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20671]: pam_unix(cron:session): session closed for user root
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20667]: pam_unix(cron:session): session closed for user root
May  8 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20664]: pam_unix(cron:session): session closed for user p13x
May  8 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20761]: Successful su for rubyman by root
May  8 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20761]: + ??? root:rubyman
May  8 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351962 of user rubyman.
May  8 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20761]: pam_unix(su:session): session closed for user rubyman
May  8 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351962.
May  8 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18166]: pam_unix(cron:session): session closed for user root
May  8 08:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20668]: pam_unix(cron:session): session closed for user root
May  8 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20665]: pam_unix(cron:session): session closed for user samftp
May  8 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session closed for user root
May  8 08:00:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 08:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21135]: Failed password for root from 218.92.0.203 port 26654 ssh2
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21178]: pam_unix(cron:session): session closed for user p13x
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: Successful su for rubyman by root
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: + ??? root:rubyman
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351965 of user rubyman.
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: pam_unix(su:session): session closed for user rubyman
May  8 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351965.
May  8 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user root
May  8 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21179]: pam_unix(cron:session): session closed for user samftp
May  8 08:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Invalid user emilia from 197.253.54.22
May  8 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: input_userauth_request: invalid user emilia [preauth]
May  8 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.54.22
May  8 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Failed password for invalid user emilia from 197.253.54.22 port 44048 ssh2
May  8 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Received disconnect from 197.253.54.22 port 44048:11: Bye Bye [preauth]
May  8 08:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21477]: Disconnected from 197.253.54.22 port 44048 [preauth]
May  8 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session closed for user root
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user p13x
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: Successful su for rubyman by root
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: + ??? root:rubyman
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351968 of user rubyman.
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session closed for user rubyman
May  8 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351968.
May  8 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19009]: pam_unix(cron:session): session closed for user root
May  8 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user samftp
May  8 08:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20670]: pam_unix(cron:session): session closed for user root
May  8 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Invalid user ik from 185.141.132.26
May  8 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: input_userauth_request: invalid user ik [preauth]
May  8 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Failed password for root from 91.200.151.78 port 44332 ssh2
May  8 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Failed password for invalid user ik from 185.141.132.26 port 42106 ssh2
May  8 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Received disconnect from 91.200.151.78 port 44332:11: Bye Bye [preauth]
May  8 08:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Disconnected from 91.200.151.78 port 44332 [preauth]
May  8 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Received disconnect from 185.141.132.26 port 42106:11: Bye Bye [preauth]
May  8 08:02:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Disconnected from 185.141.132.26 port 42106 [preauth]
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22387]: pam_unix(cron:session): session closed for user p13x
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: Successful su for rubyman by root
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: + ??? root:rubyman
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351972 of user rubyman.
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22470]: pam_unix(su:session): session closed for user rubyman
May  8 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351972.
May  8 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19428]: pam_unix(cron:session): session closed for user root
May  8 08:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22388]: pam_unix(cron:session): session closed for user samftp
May  8 08:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: Invalid user Sujan from 85.208.84.5
May  8 08:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: input_userauth_request: invalid user Sujan [preauth]
May  8 08:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 08:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: Failed password for invalid user Sujan from 85.208.84.5 port 32304 ssh2
May  8 08:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22726]: Connection closed by 85.208.84.5 port 32304 [preauth]
May  8 08:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21181]: pam_unix(cron:session): session closed for user root
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22842]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22843]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22842]: pam_unix(cron:session): session closed for user p13x
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: Successful su for rubyman by root
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: + ??? root:rubyman
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351976 of user rubyman.
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22913]: pam_unix(su:session): session closed for user rubyman
May  8 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351976.
May  8 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session closed for user root
May  8 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22843]: pam_unix(cron:session): session closed for user samftp
May  8 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user root
May  8 08:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Invalid user arma3server from 202.168.179.141
May  8 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: input_userauth_request: invalid user arma3server [preauth]
May  8 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Failed password for invalid user arma3server from 202.168.179.141 port 42406 ssh2
May  8 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Received disconnect from 202.168.179.141 port 42406:11: Bye Bye [preauth]
May  8 08:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Disconnected from 202.168.179.141 port 42406 [preauth]
May  8 08:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 08:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Failed password for root from 164.68.105.9 port 43494 ssh2
May  8 08:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23270]: Connection closed by 164.68.105.9 port 43494 [preauth]
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23291]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23296]: pam_unix(cron:session): session closed for user root
May  8 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23291]: pam_unix(cron:session): session closed for user p13x
May  8 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23454]: Successful su for rubyman by root
May  8 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23454]: + ??? root:rubyman
May  8 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351982 of user rubyman.
May  8 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23454]: pam_unix(su:session): session closed for user rubyman
May  8 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351982.
May  8 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23293]: pam_unix(cron:session): session closed for user root
May  8 08:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session closed for user root
May  8 08:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23292]: pam_unix(cron:session): session closed for user samftp
May  8 08:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.244.96.25  user=root
May  8 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22391]: pam_unix(cron:session): session closed for user root
May  8 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23737]: Failed password for root from 46.244.96.25 port 37278 ssh2
May  8 08:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23737]: Connection closed by 46.244.96.25 port 37278 [preauth]
May  8 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session closed for user p13x
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: Successful su for rubyman by root
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: + ??? root:rubyman
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351986 of user rubyman.
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24014]: pam_unix(su:session): session closed for user rubyman
May  8 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351986.
May  8 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20669]: pam_unix(cron:session): session closed for user root
May  8 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23922]: pam_unix(cron:session): session closed for user samftp
May  8 08:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22847]: pam_unix(cron:session): session closed for user root
May  8 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Invalid user director from 116.147.40.93
May  8 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: input_userauth_request: invalid user director [preauth]
May  8 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.147.40.93
May  8 08:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Failed password for invalid user director from 116.147.40.93 port 49248 ssh2
May  8 08:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Received disconnect from 116.147.40.93 port 49248:11: Bye Bye [preauth]
May  8 08:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Disconnected from 116.147.40.93 port 49248 [preauth]
May  8 08:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Invalid user ubuntu from 103.193.176.106
May  8 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: input_userauth_request: invalid user ubuntu [preauth]
May  8 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Failed password for invalid user ubuntu from 103.193.176.106 port 38054 ssh2
May  8 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Received disconnect from 103.193.176.106 port 38054:11: Bye Bye [preauth]
May  8 08:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24369]: Disconnected from 103.193.176.106 port 38054 [preauth]
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session closed for user p13x
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: Successful su for rubyman by root
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: + ??? root:rubyman
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351991 of user rubyman.
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24449]: pam_unix(su:session): session closed for user rubyman
May  8 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351991.
May  8 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21180]: pam_unix(cron:session): session closed for user root
May  8 08:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session closed for user samftp
May  8 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23295]: pam_unix(cron:session): session closed for user root
May  8 08:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Invalid user lobby from 185.141.132.26
May  8 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: input_userauth_request: invalid user lobby [preauth]
May  8 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Failed password for invalid user lobby from 185.141.132.26 port 45886 ssh2
May  8 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Received disconnect from 185.141.132.26 port 45886:11: Bye Bye [preauth]
May  8 08:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Disconnected from 185.141.132.26 port 45886 [preauth]
May  8 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user p13x
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24870]: Successful su for rubyman by root
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24870]: + ??? root:rubyman
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351994 of user rubyman.
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24870]: pam_unix(su:session): session closed for user rubyman
May  8 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351994.
May  8 08:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user root
May  8 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24807]: pam_unix(cron:session): session closed for user samftp
May  8 08:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 08:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Failed password for root from 91.200.151.78 port 46516 ssh2
May  8 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Received disconnect from 91.200.151.78 port 46516:11: Bye Bye [preauth]
May  8 08:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25083]: Disconnected from 91.200.151.78 port 46516 [preauth]
May  8 08:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
May  8 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Failed password for root from 136.232.11.10 port 57340 ssh2
May  8 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Received disconnect from 136.232.11.10 port 57340:11: Bye Bye [preauth]
May  8 08:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25093]: Disconnected from 136.232.11.10 port 57340 [preauth]
May  8 08:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Invalid user pro from 47.236.228.254
May  8 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: input_userauth_request: invalid user pro [preauth]
May  8 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.228.254
May  8 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Failed password for invalid user pro from 47.236.228.254 port 45544 ssh2
May  8 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Received disconnect from 47.236.228.254 port 45544:11: Bye Bye [preauth]
May  8 08:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25106]: Disconnected from 47.236.228.254 port 45544 [preauth]
May  8 08:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session closed for user root
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user p13x
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25351]: Successful su for rubyman by root
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25351]: + ??? root:rubyman
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 351998 of user rubyman.
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25351]: pam_unix(su:session): session closed for user rubyman
May  8 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 351998.
May  8 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session closed for user root
May  8 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22390]: pam_unix(cron:session): session closed for user root
May  8 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25219]: pam_unix(cron:session): session closed for user samftp
May  8 08:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session closed for user root
May  8 08:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 08:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: Failed password for root from 103.160.148.170 port 46006 ssh2
May  8 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: Received disconnect from 103.160.148.170 port 46006:11: Bye Bye [preauth]
May  8 08:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25768]: Disconnected from 103.160.148.170 port 46006 [preauth]
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25786]: pam_unix(cron:session): session closed for user root
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25781]: pam_unix(cron:session): session closed for user p13x
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25871]: Successful su for rubyman by root
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25871]: + ??? root:rubyman
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352006 of user rubyman.
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25871]: pam_unix(su:session): session closed for user rubyman
May  8 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352006.
May  8 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22845]: pam_unix(cron:session): session closed for user root
May  8 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25783]: pam_unix(cron:session): session closed for user root
May  8 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25782]: pam_unix(cron:session): session closed for user samftp
May  8 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24809]: pam_unix(cron:session): session closed for user root
May  8 08:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.236.228.254  user=root
May  8 08:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Failed password for root from 47.236.228.254 port 54142 ssh2
May  8 08:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Received disconnect from 47.236.228.254 port 54142:11: Bye Bye [preauth]
May  8 08:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26207]: Disconnected from 47.236.228.254 port 54142 [preauth]
May  8 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26258]: pam_unix(cron:session): session closed for user p13x
May  8 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: Successful su for rubyman by root
May  8 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: + ??? root:rubyman
May  8 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352010 of user rubyman.
May  8 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26326]: pam_unix(su:session): session closed for user rubyman
May  8 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352010.
May  8 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23294]: pam_unix(cron:session): session closed for user root
May  8 08:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26259]: pam_unix(cron:session): session closed for user samftp
May  8 08:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25221]: pam_unix(cron:session): session closed for user root
May  8 08:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Invalid user yoyo from 202.168.179.141
May  8 08:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: input_userauth_request: invalid user yoyo [preauth]
May  8 08:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 08:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Failed password for invalid user yoyo from 202.168.179.141 port 48216 ssh2
May  8 08:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Received disconnect from 202.168.179.141 port 48216:11: Bye Bye [preauth]
May  8 08:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26684]: Disconnected from 202.168.179.141 port 48216 [preauth]
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session closed for user p13x
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26804]: Successful su for rubyman by root
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26804]: + ??? root:rubyman
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352015 of user rubyman.
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26804]: pam_unix(su:session): session closed for user rubyman
May  8 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352015.
May  8 08:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23923]: pam_unix(cron:session): session closed for user root
May  8 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session closed for user samftp
May  8 08:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Failed password for root from 185.141.132.26 port 49610 ssh2
May  8 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Received disconnect from 185.141.132.26 port 49610:11: Bye Bye [preauth]
May  8 08:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27056]: Disconnected from 185.141.132.26 port 49610 [preauth]
May  8 08:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Invalid user admin from 80.94.95.116
May  8 08:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: input_userauth_request: invalid user admin [preauth]
May  8 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 08:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Failed password for invalid user admin from 80.94.95.116 port 31132 ssh2
May  8 08:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27085]: Connection closed by 80.94.95.116 port 31132 [preauth]
May  8 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session closed for user root
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27225]: pam_unix(cron:session): session closed for user p13x
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: Successful su for rubyman by root
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: + ??? root:rubyman
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352017 of user rubyman.
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27288]: pam_unix(su:session): session closed for user rubyman
May  8 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352017.
May  8 08:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session closed for user root
May  8 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27226]: pam_unix(cron:session): session closed for user samftp
May  8 08:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26261]: pam_unix(cron:session): session closed for user root
May  8 08:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 08:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Failed password for root from 91.200.151.78 port 48448 ssh2
May  8 08:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Received disconnect from 91.200.151.78 port 48448:11: Bye Bye [preauth]
May  8 08:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27666]: Disconnected from 91.200.151.78 port 48448 [preauth]
May  8 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session closed for user p13x
May  8 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27764]: Successful su for rubyman by root
May  8 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27764]: + ??? root:rubyman
May  8 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352022 of user rubyman.
May  8 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27764]: pam_unix(su:session): session closed for user rubyman
May  8 08:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352022.
May  8 08:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24808]: pam_unix(cron:session): session closed for user root
May  8 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session closed for user samftp
May  8 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26744]: pam_unix(cron:session): session closed for user root
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28113]: pam_unix(cron:session): session closed for user root
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28108]: pam_unix(cron:session): session closed for user p13x
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: Successful su for rubyman by root
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: + ??? root:rubyman
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352027 of user rubyman.
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session closed for user rubyman
May  8 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352027.
May  8 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28110]: pam_unix(cron:session): session closed for user root
May  8 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25220]: pam_unix(cron:session): session closed for user root
May  8 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28109]: pam_unix(cron:session): session closed for user samftp
May  8 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28451]: Failed password for root from 218.92.0.203 port 27966 ssh2
May  8 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27228]: pam_unix(cron:session): session closed for user root
May  8 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28552]: pam_unix(cron:session): session closed for user p13x
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: Successful su for rubyman by root
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: + ??? root:rubyman
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352031 of user rubyman.
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28620]: pam_unix(su:session): session closed for user rubyman
May  8 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352031.
May  8 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25784]: pam_unix(cron:session): session closed for user root
May  8 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28553]: pam_unix(cron:session): session closed for user samftp
May  8 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session closed for user root
May  8 08:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Invalid user user from 185.141.132.26
May  8 08:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: input_userauth_request: invalid user user [preauth]
May  8 08:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Failed password for invalid user user from 185.141.132.26 port 46524 ssh2
May  8 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Received disconnect from 185.141.132.26 port 46524:11: Bye Bye [preauth]
May  8 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28940]: Disconnected from 185.141.132.26 port 46524 [preauth]
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28960]: pam_unix(cron:session): session closed for user root
May  8 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28963]: pam_unix(cron:session): session closed for user p13x
May  8 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: Successful su for rubyman by root
May  8 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: + ??? root:rubyman
May  8 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352035 of user rubyman.
May  8 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29109]: pam_unix(su:session): session closed for user rubyman
May  8 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352035.
May  8 08:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26260]: pam_unix(cron:session): session closed for user root
May  8 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28964]: pam_unix(cron:session): session closed for user samftp
May  8 08:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Failed password for root from 103.193.176.106 port 44200 ssh2
May  8 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Received disconnect from 103.193.176.106 port 44200:11: Bye Bye [preauth]
May  8 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Disconnected from 103.193.176.106 port 44200 [preauth]
May  8 08:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28112]: pam_unix(cron:session): session closed for user root
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session closed for user p13x
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: Successful su for rubyman by root
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: + ??? root:rubyman
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352040 of user rubyman.
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29538]: pam_unix(su:session): session closed for user rubyman
May  8 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352040.
May  8 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session closed for user root
May  8 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session closed for user samftp
May  8 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Invalid user nodeuser from 202.168.179.141
May  8 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: input_userauth_request: invalid user nodeuser [preauth]
May  8 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Failed password for invalid user nodeuser from 202.168.179.141 port 53942 ssh2
May  8 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28555]: pam_unix(cron:session): session closed for user root
May  8 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Received disconnect from 202.168.179.141 port 53942:11: Bye Bye [preauth]
May  8 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29791]: Disconnected from 202.168.179.141 port 53942 [preauth]
May  8 08:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Invalid user admin from 80.94.95.112
May  8 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: input_userauth_request: invalid user admin [preauth]
May  8 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user admin from 80.94.95.112 port 37958 ssh2
May  8 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user admin from 80.94.95.112 port 37958 ssh2
May  8 08:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user admin from 80.94.95.112 port 37958 ssh2
May  8 08:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user admin from 80.94.95.112 port 37958 ssh2
May  8 08:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user admin from 80.94.95.112 port 37958 ssh2
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session closed for user p13x
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Received disconnect from 80.94.95.112 port 37958:11: Bye [preauth]
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Disconnected from 80.94.95.112 port 37958 [preauth]
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29952]: Successful su for rubyman by root
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29952]: + ??? root:rubyman
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352044 of user rubyman.
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29952]: pam_unix(su:session): session closed for user rubyman
May  8 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352044.
May  8 08:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: Invalid user ubuntu from 103.160.148.170
May  8 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: input_userauth_request: invalid user ubuntu [preauth]
May  8 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27227]: pam_unix(cron:session): session closed for user root
May  8 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: Failed password for invalid user ubuntu from 103.160.148.170 port 58206 ssh2
May  8 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: Received disconnect from 103.160.148.170 port 58206:11: Bye Bye [preauth]
May  8 08:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30020]: Disconnected from 103.160.148.170 port 58206 [preauth]
May  8 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session closed for user samftp
May  8 08:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Invalid user admin from 93.108.120.147
May  8 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: input_userauth_request: invalid user admin [preauth]
May  8 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 08:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Failed password for invalid user admin from 93.108.120.147 port 57502 ssh2
May  8 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Received disconnect from 93.108.120.147 port 57502:11: Bye Bye [preauth]
May  8 08:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30148]: Disconnected from 93.108.120.147 port 57502 [preauth]
May  8 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Failed password for root from 190.103.202.7 port 53788 ssh2
May  8 08:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: Connection closed by 190.103.202.7 port 53788 [preauth]
May  8 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Invalid user opuser from 199.188.103.179
May  8 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: input_userauth_request: invalid user opuser [preauth]
May  8 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.188.103.179
May  8 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Invalid user www from 91.200.151.78
May  8 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: input_userauth_request: invalid user www [preauth]
May  8 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Failed password for invalid user opuser from 199.188.103.179 port 46874 ssh2
May  8 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29874]: Connection closed by 199.188.103.179 port 46874 [preauth]
May  8 08:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Failed password for invalid user www from 91.200.151.78 port 54156 ssh2
May  8 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Received disconnect from 91.200.151.78 port 54156:11: Bye Bye [preauth]
May  8 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30173]: Disconnected from 91.200.151.78 port 54156 [preauth]
May  8 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28966]: pam_unix(cron:session): session closed for user root
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30292]: pam_unix(cron:session): session closed for user root
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user p13x
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30358]: Successful su for rubyman by root
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30358]: + ??? root:rubyman
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352050 of user rubyman.
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30358]: pam_unix(su:session): session closed for user rubyman
May  8 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352050.
May  8 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user root
May  8 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session closed for user root
May  8 08:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user samftp
May  8 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29470]: pam_unix(cron:session): session closed for user root
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30716]: pam_unix(cron:session): session closed for user p13x
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: Successful su for rubyman by root
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: + ??? root:rubyman
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352054 of user rubyman.
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30783]: pam_unix(su:session): session closed for user rubyman
May  8 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352054.
May  8 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28111]: pam_unix(cron:session): session closed for user root
May  8 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30717]: pam_unix(cron:session): session closed for user samftp
May  8 08:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29891]: pam_unix(cron:session): session closed for user root
May  8 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Failed password for root from 185.141.132.26 port 48114 ssh2
May  8 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Received disconnect from 185.141.132.26 port 48114:11: Bye Bye [preauth]
May  8 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31135]: Disconnected from 185.141.132.26 port 48114 [preauth]
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31218]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31218]: pam_unix(cron:session): session closed for user p13x
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: Successful su for rubyman by root
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: + ??? root:rubyman
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352059 of user rubyman.
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31283]: pam_unix(su:session): session closed for user rubyman
May  8 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352059.
May  8 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28554]: pam_unix(cron:session): session closed for user root
May  8 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31219]: pam_unix(cron:session): session closed for user samftp
May  8 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session closed for user root
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31633]: pam_unix(cron:session): session closed for user p13x
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31722]: Successful su for rubyman by root
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31722]: + ??? root:rubyman
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352062 of user rubyman.
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31722]: pam_unix(su:session): session closed for user rubyman
May  8 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352062.
May  8 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28965]: pam_unix(cron:session): session closed for user root
May  8 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31636]: pam_unix(cron:session): session closed for user samftp
May  8 08:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Failed password for root from 103.193.176.106 port 34290 ssh2
May  8 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Received disconnect from 103.193.176.106 port 34290:11: Bye Bye [preauth]
May  8 08:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32069]: Disconnected from 103.193.176.106 port 34290 [preauth]
May  8 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30719]: pam_unix(cron:session): session closed for user root
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32351]: pam_unix(cron:session): session closed for user p13x
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: Successful su for rubyman by root
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: + ??? root:rubyman
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352066 of user rubyman.
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: pam_unix(su:session): session closed for user rubyman
May  8 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352066.
May  8 08:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session closed for user root
May  8 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32352]: pam_unix(cron:session): session closed for user samftp
May  8 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session closed for user root
May  8 08:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: Failed password for root from 103.160.148.170 port 58038 ssh2
May  8 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: Received disconnect from 103.160.148.170 port 58038:11: Bye Bye [preauth]
May  8 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[407]: Disconnected from 103.160.148.170 port 58038 [preauth]
May  8 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: User mysql from 91.200.151.78 not allowed because not listed in AllowUsers
May  8 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: input_userauth_request: invalid user mysql [preauth]
May  8 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=mysql
May  8 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Failed password for invalid user mysql from 91.200.151.78 port 51642 ssh2
May  8 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Received disconnect from 91.200.151.78 port 51642:11: Bye Bye [preauth]
May  8 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[443]: Disconnected from 91.200.151.78 port 51642 [preauth]
May  8 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: Invalid user backups from 194.0.234.19
May  8 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: input_userauth_request: invalid user backups [preauth]
May  8 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: Failed password for invalid user backups from 194.0.234.19 port 35558 ssh2
May  8 08:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[466]: Connection closed by 194.0.234.19 port 35558 [preauth]
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session closed for user root
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[482]: pam_unix(cron:session): session closed for user p13x
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: Successful su for rubyman by root
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: + ??? root:rubyman
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352072 of user rubyman.
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[566]: pam_unix(su:session): session closed for user rubyman
May  8 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352072.
May  8 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[484]: pam_unix(cron:session): session closed for user root
May  8 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29890]: pam_unix(cron:session): session closed for user root
May  8 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[483]: pam_unix(cron:session): session closed for user samftp
May  8 08:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Failed password for root from 202.168.179.141 port 59750 ssh2
May  8 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Received disconnect from 202.168.179.141 port 59750:11: Bye Bye [preauth]
May  8 08:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[817]: Disconnected from 202.168.179.141 port 59750 [preauth]
May  8 08:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31640]: pam_unix(cron:session): session closed for user root
May  8 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[897]: Did not receive identification string from 196.251.114.29
May  8 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[987]: pam_unix(cron:session): session closed for user p13x
May  8 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: Successful su for rubyman by root
May  8 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: + ??? root:rubyman
May  8 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352079 of user rubyman.
May  8 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1079]: pam_unix(su:session): session closed for user rubyman
May  8 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352079.
May  8 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user root
May  8 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[988]: pam_unix(cron:session): session closed for user samftp
May  8 08:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Invalid user ubuntu from 136.232.11.10
May  8 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: input_userauth_request: invalid user ubuntu [preauth]
May  8 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
May  8 08:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Failed password for invalid user ubuntu from 136.232.11.10 port 48638 ssh2
May  8 08:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Received disconnect from 136.232.11.10 port 48638:11: Bye Bye [preauth]
May  8 08:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1334]: Disconnected from 136.232.11.10 port 48638 [preauth]
May  8 08:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Failed password for root from 185.141.132.26 port 52496 ssh2
May  8 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Received disconnect from 185.141.132.26 port 52496:11: Bye Bye [preauth]
May  8 08:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1343]: Disconnected from 185.141.132.26 port 52496 [preauth]
May  8 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user root
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1496]: pam_unix(cron:session): session closed for user p13x
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: Successful su for rubyman by root
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: + ??? root:rubyman
May  8 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352080 of user rubyman.
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1569]: pam_unix(su:session): session closed for user rubyman
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352080.
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Invalid user paco from 93.108.120.147
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: input_userauth_request: invalid user paco [preauth]
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Failed password for invalid user paco from 93.108.120.147 port 33372 ssh2
May  8 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Received disconnect from 93.108.120.147 port 33372:11: Bye Bye [preauth]
May  8 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Disconnected from 93.108.120.147 port 33372 [preauth]
May  8 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30718]: pam_unix(cron:session): session closed for user root
May  8 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session closed for user samftp
May  8 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session closed for user root
May  8 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session closed for user p13x
May  8 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2093]: Successful su for rubyman by root
May  8 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2093]: + ??? root:rubyman
May  8 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352084 of user rubyman.
May  8 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2093]: pam_unix(su:session): session closed for user rubyman
May  8 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352084.
May  8 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31220]: pam_unix(cron:session): session closed for user root
May  8 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user samftp
May  8 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[991]: pam_unix(cron:session): session closed for user root
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2449]: pam_unix(cron:session): session closed for user p13x
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2517]: Successful su for rubyman by root
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2517]: + ??? root:rubyman
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352089 of user rubyman.
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2517]: pam_unix(su:session): session closed for user rubyman
May  8 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352089.
May  8 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31639]: pam_unix(cron:session): session closed for user root
May  8 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2450]: pam_unix(cron:session): session closed for user samftp
May  8 08:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Invalid user marcus from 103.193.176.106
May  8 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: input_userauth_request: invalid user marcus [preauth]
May  8 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user root
May  8 08:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Failed password for invalid user marcus from 103.193.176.106 port 54332 ssh2
May  8 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Received disconnect from 103.193.176.106 port 54332:11: Bye Bye [preauth]
May  8 08:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2799]: Disconnected from 103.193.176.106 port 54332 [preauth]
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2897]: pam_unix(cron:session): session closed for user root
May  8 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2892]: pam_unix(cron:session): session closed for user p13x
May  8 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2970]: Successful su for rubyman by root
May  8 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2970]: + ??? root:rubyman
May  8 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2970]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352097 of user rubyman.
May  8 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2970]: pam_unix(su:session): session closed for user rubyman
May  8 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352097.
May  8 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session closed for user root
May  8 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session closed for user root
May  8 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2893]: pam_unix(cron:session): session closed for user samftp
May  8 08:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Invalid user wiebe from 103.160.148.170
May  8 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: input_userauth_request: invalid user wiebe [preauth]
May  8 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 08:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Invalid user samir from 91.200.151.78
May  8 08:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: input_userauth_request: invalid user samir [preauth]
May  8 08:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Failed password for invalid user wiebe from 103.160.148.170 port 38948 ssh2
May  8 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Received disconnect from 103.160.148.170 port 38948:11: Bye Bye [preauth]
May  8 08:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3220]: Disconnected from 103.160.148.170 port 38948 [preauth]
May  8 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Failed password for invalid user samir from 91.200.151.78 port 48328 ssh2
May  8 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Received disconnect from 91.200.151.78 port 48328:11: Bye Bye [preauth]
May  8 08:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3222]: Disconnected from 91.200.151.78 port 48328 [preauth]
May  8 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2035]: pam_unix(cron:session): session closed for user root
May  8 08:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 08:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 218.92.0.206 port 50132 ssh2
May  8 08:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 50132 ssh2]
May  8 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3339]: pam_unix(cron:session): session closed for user p13x
May  8 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: Successful su for rubyman by root
May  8 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: + ??? root:rubyman
May  8 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352099 of user rubyman.
May  8 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3422]: pam_unix(su:session): session closed for user rubyman
May  8 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352099.
May  8 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for root from 218.92.0.206 port 50132 ssh2
May  8 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 50132 ssh2 [preauth]
May  8 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Disconnecting: Too many authentication failures [preauth]
May  8 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 08:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[485]: pam_unix(cron:session): session closed for user root
May  8 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3341]: pam_unix(cron:session): session closed for user samftp
May  8 08:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Failed password for root from 218.92.0.206 port 32650 ssh2
May  8 08:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: User mysql from 185.141.132.26 not allowed because not listed in AllowUsers
May  8 08:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: input_userauth_request: invalid user mysql [preauth]
May  8 08:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=mysql
May  8 08:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Failed password for root from 218.92.0.206 port 32650 ssh2
May  8 08:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Failed password for invalid user mysql from 185.141.132.26 port 36300 ssh2
May  8 08:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Received disconnect from 185.141.132.26 port 36300:11: Bye Bye [preauth]
May  8 08:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3650]: Disconnected from 185.141.132.26 port 36300 [preauth]
May  8 08:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Failed password for root from 218.92.0.206 port 32650 ssh2
May  8 08:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 32650 ssh2]
May  8 08:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 32650 ssh2 [preauth]
May  8 08:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Disconnecting: Too many authentication failures [preauth]
May  8 08:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 08:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user root
May  8 08:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session closed for user p13x
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3857]: Successful su for rubyman by root
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3857]: + ??? root:rubyman
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3857]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352104 of user rubyman.
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3857]: pam_unix(su:session): session closed for user rubyman
May  8 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352104.
May  8 08:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 08:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Failed password for root from 202.168.179.141 port 37294 ssh2
May  8 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[989]: pam_unix(cron:session): session closed for user root
May  8 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Received disconnect from 202.168.179.141 port 37294:11: Bye Bye [preauth]
May  8 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3794]: Disconnected from 202.168.179.141 port 37294 [preauth]
May  8 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session closed for user samftp
May  8 08:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2896]: pam_unix(cron:session): session closed for user root
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4228]: pam_unix(cron:session): session closed for user p13x
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: Successful su for rubyman by root
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: + ??? root:rubyman
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352108 of user rubyman.
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4441]: pam_unix(su:session): session closed for user rubyman
May  8 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352108.
May  8 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user root
May  8 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4229]: pam_unix(cron:session): session closed for user samftp
May  8 08:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3343]: pam_unix(cron:session): session closed for user root
May  8 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4808]: pam_unix(cron:session): session closed for user p13x
May  8 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: Successful su for rubyman by root
May  8 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: + ??? root:rubyman
May  8 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352110 of user rubyman.
May  8 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4879]: pam_unix(su:session): session closed for user rubyman
May  8 08:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352110.
May  8 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user root
May  8 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4809]: pam_unix(cron:session): session closed for user samftp
May  8 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3800]: pam_unix(cron:session): session closed for user root
May  8 08:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Invalid user mohammed from 93.108.120.147
May  8 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: input_userauth_request: invalid user mohammed [preauth]
May  8 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Failed password for invalid user mohammed from 93.108.120.147 port 36952 ssh2
May  8 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Received disconnect from 93.108.120.147 port 36952:11: Bye Bye [preauth]
May  8 08:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5403]: Disconnected from 93.108.120.147 port 36952 [preauth]
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5427]: pam_unix(cron:session): session closed for user root
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5422]: pam_unix(cron:session): session closed for user p13x
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: Successful su for rubyman by root
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: + ??? root:rubyman
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352117 of user rubyman.
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5506]: pam_unix(su:session): session closed for user rubyman
May  8 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352117.
May  8 08:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5424]: pam_unix(cron:session): session closed for user root
May  8 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session closed for user root
May  8 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5423]: pam_unix(cron:session): session closed for user samftp
May  8 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4260]: pam_unix(cron:session): session closed for user root
May  8 08:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Invalid user deploy from 103.193.176.106
May  8 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: input_userauth_request: invalid user deploy [preauth]
May  8 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Failed password for invalid user deploy from 103.193.176.106 port 46994 ssh2
May  8 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Received disconnect from 103.193.176.106 port 46994:11: Bye Bye [preauth]
May  8 08:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5959]: Disconnected from 103.193.176.106 port 46994 [preauth]
May  8 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:35:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Invalid user mirco from 103.160.148.170
May  8 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: input_userauth_request: invalid user mirco [preauth]
May  8 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 08:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Invalid user pro from 185.141.132.26
May  8 08:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: input_userauth_request: invalid user pro [preauth]
May  8 08:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Failed password for root from 91.200.151.78 port 43284 ssh2
May  8 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Failed password for invalid user pro from 185.141.132.26 port 35864 ssh2
May  8 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Failed password for invalid user mirco from 103.160.148.170 port 44212 ssh2
May  8 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Received disconnect from 91.200.151.78 port 43284:11: Bye Bye [preauth]
May  8 08:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6005]: Disconnected from 91.200.151.78 port 43284 [preauth]
May  8 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Received disconnect from 103.160.148.170 port 44212:11: Bye Bye [preauth]
May  8 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6011]: Disconnected from 103.160.148.170 port 44212 [preauth]
May  8 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Received disconnect from 185.141.132.26 port 35864:11: Bye Bye [preauth]
May  8 08:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6013]: Disconnected from 185.141.132.26 port 35864 [preauth]
May  8 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6028]: pam_unix(cron:session): session closed for user p13x
May  8 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6098]: Successful su for rubyman by root
May  8 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6098]: + ??? root:rubyman
May  8 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352121 of user rubyman.
May  8 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6098]: pam_unix(su:session): session closed for user rubyman
May  8 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352121.
May  8 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session closed for user root
May  8 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6029]: pam_unix(cron:session): session closed for user samftp
May  8 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session closed for user root
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user p13x
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: Successful su for rubyman by root
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: + ??? root:rubyman
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352125 of user rubyman.
May  8 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6504]: pam_unix(su:session): session closed for user rubyman
May  8 08:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352125.
May  8 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3342]: pam_unix(cron:session): session closed for user root
May  8 08:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session closed for user samftp
May  8 08:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5426]: pam_unix(cron:session): session closed for user root
May  8 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session closed for user p13x
May  8 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7004]: Successful su for rubyman by root
May  8 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7004]: + ??? root:rubyman
May  8 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352128 of user rubyman.
May  8 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7004]: pam_unix(su:session): session closed for user rubyman
May  8 08:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352128.
May  8 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3799]: pam_unix(cron:session): session closed for user root
May  8 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user samftp
May  8 08:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
May  8 08:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7239]: Failed password for root from 136.232.11.10 port 7166 ssh2
May  8 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7239]: Received disconnect from 136.232.11.10 port 7166:11: Bye Bye [preauth]
May  8 08:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7239]: Disconnected from 136.232.11.10 port 7166 [preauth]
May  8 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Failed password for root from 96.67.59.65 port 51366 ssh2
May  8 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Received disconnect from 96.67.59.65 port 51366:11: Bye Bye [preauth]
May  8 08:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Disconnected from 96.67.59.65 port 51366 [preauth]
May  8 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user root
May  8 08:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for root from 202.168.179.141 port 42998 ssh2
May  8 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Received disconnect from 202.168.179.141 port 42998:11: Bye Bye [preauth]
May  8 08:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Disconnected from 202.168.179.141 port 42998 [preauth]
May  8 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7365]: pam_unix(cron:session): session closed for user p13x
May  8 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: Successful su for rubyman by root
May  8 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: + ??? root:rubyman
May  8 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352132 of user rubyman.
May  8 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7490]: pam_unix(su:session): session closed for user rubyman
May  8 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352132.
May  8 08:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7363]: pam_unix(cron:session): session closed for user root
May  8 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4230]: pam_unix(cron:session): session closed for user root
May  8 08:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7366]: pam_unix(cron:session): session closed for user samftp
May  8 08:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6443]: pam_unix(cron:session): session closed for user root
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7983]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7982]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7987]: pam_unix(cron:session): session closed for user root
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7982]: pam_unix(cron:session): session closed for user p13x
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: Successful su for rubyman by root
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: + ??? root:rubyman
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352137 of user rubyman.
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session closed for user rubyman
May  8 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352137.
May  8 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session closed for user root
May  8 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session closed for user root
May  8 08:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7983]: pam_unix(cron:session): session closed for user samftp
May  8 08:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Invalid user support from 85.208.84.4
May  8 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: input_userauth_request: invalid user support [preauth]
May  8 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 08:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Failed password for invalid user support from 85.208.84.4 port 19220 ssh2
May  8 08:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8313]: Connection closed by 85.208.84.4 port 19220 [preauth]
May  8 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6856]: pam_unix(cron:session): session closed for user root
May  8 08:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 08:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for root from 185.141.132.26 port 33054 ssh2
May  8 08:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Received disconnect from 185.141.132.26 port 33054:11: Bye Bye [preauth]
May  8 08:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Disconnected from 185.141.132.26 port 33054 [preauth]
May  8 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session closed for user p13x
May  8 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: Successful su for rubyman by root
May  8 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: + ??? root:rubyman
May  8 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352143 of user rubyman.
May  8 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8523]: pam_unix(su:session): session closed for user rubyman
May  8 08:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352143.
May  8 08:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5425]: pam_unix(cron:session): session closed for user root
May  8 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session closed for user samftp
May  8 08:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Failed password for root from 103.160.148.170 port 45364 ssh2
May  8 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Received disconnect from 103.160.148.170 port 45364:11: Bye Bye [preauth]
May  8 08:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8784]: Disconnected from 103.160.148.170 port 45364 [preauth]
May  8 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session closed for user root
May  8 08:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Invalid user ik from 91.200.151.78
May  8 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: input_userauth_request: invalid user ik [preauth]
May  8 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 08:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Invalid user test from 103.193.176.106
May  8 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: input_userauth_request: invalid user test [preauth]
May  8 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 08:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Failed password for invalid user ik from 91.200.151.78 port 60804 ssh2
May  8 08:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Received disconnect from 91.200.151.78 port 60804:11: Bye Bye [preauth]
May  8 08:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8824]: Disconnected from 91.200.151.78 port 60804 [preauth]
May  8 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Failed password for invalid user test from 103.193.176.106 port 49656 ssh2
May  8 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Received disconnect from 103.193.176.106 port 49656:11: Bye Bye [preauth]
May  8 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8826]: Disconnected from 103.193.176.106 port 49656 [preauth]
May  8 08:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Invalid user yyz from 193.70.84.184
May  8 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: input_userauth_request: invalid user yyz [preauth]
May  8 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Failed password for invalid user yyz from 193.70.84.184 port 51474 ssh2
May  8 08:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8836]: Connection closed by 193.70.84.184 port 51474 [preauth]
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8893]: pam_unix(cron:session): session closed for user p13x
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: Successful su for rubyman by root
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: + ??? root:rubyman
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352147 of user rubyman.
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8955]: pam_unix(su:session): session closed for user rubyman
May  8 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352147.
May  8 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session closed for user root
May  8 08:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8894]: pam_unix(cron:session): session closed for user samftp
May  8 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 50.235.31.47 port 40402 ssh2
May  8 08:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 50.235.31.47 port 40402 [preauth]
May  8 08:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Invalid user vmail from 52.170.91.127
May  8 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: input_userauth_request: invalid user vmail [preauth]
May  8 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 08:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Failed password for invalid user vmail from 52.170.91.127 port 40238 ssh2
May  8 08:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Received disconnect from 52.170.91.127 port 40238:11: Bye Bye [preauth]
May  8 08:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Disconnected from 52.170.91.127 port 40238 [preauth]
May  8 08:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7986]: pam_unix(cron:session): session closed for user root
May  8 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9430]: pam_unix(cron:session): session closed for user p13x
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9492]: Successful su for rubyman by root
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9492]: + ??? root:rubyman
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352152 of user rubyman.
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9492]: pam_unix(su:session): session closed for user rubyman
May  8 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352152.
May  8 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6442]: pam_unix(cron:session): session closed for user root
May  8 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9431]: pam_unix(cron:session): session closed for user samftp
May  8 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session closed for user root
May  8 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9828]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9828]: pam_unix(cron:session): session closed for user p13x
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: Successful su for rubyman by root
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: + ??? root:rubyman
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352156 of user rubyman.
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9890]: pam_unix(su:session): session closed for user rubyman
May  8 08:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352156.
May  8 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6855]: pam_unix(cron:session): session closed for user root
May  8 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9829]: pam_unix(cron:session): session closed for user samftp
May  8 08:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: Invalid user admin from 81.70.167.132
May  8 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: input_userauth_request: invalid user admin [preauth]
May  8 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  8 08:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10137]: Failed password for invalid user admin from 81.70.167.132 port 46082 ssh2
May  8 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8896]: pam_unix(cron:session): session closed for user root
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user root
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10313]: pam_unix(cron:session): session closed for user p13x
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10388]: Successful su for rubyman by root
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10388]: + ??? root:rubyman
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352161 of user rubyman.
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10388]: pam_unix(su:session): session closed for user rubyman
May  8 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352161.
May  8 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10315]: pam_unix(cron:session): session closed for user root
May  8 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user root
May  8 08:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10314]: pam_unix(cron:session): session closed for user samftp
May  8 08:45:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Invalid user rsync from 185.141.132.26
May  8 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: input_userauth_request: invalid user rsync [preauth]
May  8 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Failed password for root from 202.168.179.141 port 48760 ssh2
May  8 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Invalid user hju from 96.67.59.65
May  8 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: input_userauth_request: invalid user hju [preauth]
May  8 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Received disconnect from 202.168.179.141 port 48760:11: Bye Bye [preauth]
May  8 08:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10734]: Disconnected from 202.168.179.141 port 48760 [preauth]
May  8 08:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Failed password for invalid user rsync from 185.141.132.26 port 53642 ssh2
May  8 08:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Received disconnect from 185.141.132.26 port 53642:11: Bye Bye [preauth]
May  8 08:45:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Disconnected from 185.141.132.26 port 53642 [preauth]
May  8 08:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Failed password for invalid user hju from 96.67.59.65 port 44631 ssh2
May  8 08:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Received disconnect from 96.67.59.65 port 44631:11: Bye Bye [preauth]
May  8 08:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10743]: Disconnected from 96.67.59.65 port 44631 [preauth]
May  8 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9433]: pam_unix(cron:session): session closed for user root
May  8 08:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10845]: pam_unix(cron:session): session closed for user p13x
May  8 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10911]: Successful su for rubyman by root
May  8 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10911]: + ??? root:rubyman
May  8 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352165 of user rubyman.
May  8 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10911]: pam_unix(su:session): session closed for user rubyman
May  8 08:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352165.
May  8 08:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session closed for user root
May  8 08:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user samftp
May  8 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9831]: pam_unix(cron:session): session closed for user root
May  8 08:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 08:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Failed password for root from 210.79.142.221 port 56902 ssh2
May  8 08:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Received disconnect from 210.79.142.221 port 56902:11: Bye Bye [preauth]
May  8 08:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11193]: Disconnected from 210.79.142.221 port 56902 [preauth]
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11242]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session closed for user p13x
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: Successful su for rubyman by root
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: + ??? root:rubyman
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352171 of user rubyman.
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11302]: pam_unix(su:session): session closed for user rubyman
May  8 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352171.
May  8 08:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Invalid user marcus from 103.160.148.170
May  8 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: input_userauth_request: invalid user marcus [preauth]
May  8 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 08:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session closed for user root
May  8 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11242]: pam_unix(cron:session): session closed for user samftp
May  8 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Failed password for invalid user marcus from 103.160.148.170 port 52238 ssh2
May  8 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Received disconnect from 103.160.148.170 port 52238:11: Bye Bye [preauth]
May  8 08:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11422]: Disconnected from 103.160.148.170 port 52238 [preauth]
May  8 08:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 08:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Failed password for root from 91.200.151.78 port 54372 ssh2
May  8 08:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Received disconnect from 91.200.151.78 port 54372:11: Bye Bye [preauth]
May  8 08:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Disconnected from 91.200.151.78 port 54372 [preauth]
May  8 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user root
May  8 08:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Invalid user mirco from 103.193.176.106
May  8 08:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: input_userauth_request: invalid user mirco [preauth]
May  8 08:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 08:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Failed password for invalid user mirco from 103.193.176.106 port 34514 ssh2
May  8 08:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Received disconnect from 103.193.176.106 port 34514:11: Bye Bye [preauth]
May  8 08:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11596]: Disconnected from 103.193.176.106 port 34514 [preauth]
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11648]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session closed for user p13x
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11704]: Successful su for rubyman by root
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11704]: + ??? root:rubyman
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352173 of user rubyman.
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11704]: pam_unix(su:session): session closed for user rubyman
May  8 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352173.
May  8 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8895]: pam_unix(cron:session): session closed for user root
May  8 08:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user samftp
May  8 08:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
May  8 08:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Invalid user mqm from 58.144.198.71
May  8 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: input_userauth_request: invalid user mqm [preauth]
May  8 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.144.198.71
May  8 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Failed password for invalid user mqm from 58.144.198.71 port 58552 ssh2
May  8 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Received disconnect from 58.144.198.71 port 58552:11: Bye Bye [preauth]
May  8 08:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12007]: Disconnected from 58.144.198.71 port 58552 [preauth]
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session closed for user p13x
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: Successful su for rubyman by root
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: + ??? root:rubyman
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352178 of user rubyman.
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12095]: pam_unix(su:session): session closed for user rubyman
May  8 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352178.
May  8 08:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9432]: pam_unix(cron:session): session closed for user root
May  8 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session closed for user samftp
May  8 08:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11244]: pam_unix(cron:session): session closed for user root
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12450]: pam_unix(cron:session): session closed for user root
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12445]: pam_unix(cron:session): session closed for user p13x
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: Successful su for rubyman by root
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: + ??? root:rubyman
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352184 of user rubyman.
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12513]: pam_unix(su:session): session closed for user rubyman
May  8 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352184.
May  8 08:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Invalid user dr from 96.67.59.65
May  8 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: input_userauth_request: invalid user dr [preauth]
May  8 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12447]: pam_unix(cron:session): session closed for user root
May  8 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Failed password for invalid user dr from 96.67.59.65 port 33114 ssh2
May  8 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Received disconnect from 96.67.59.65 port 33114:11: Bye Bye [preauth]
May  8 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12564]: Disconnected from 96.67.59.65 port 33114 [preauth]
May  8 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9830]: pam_unix(cron:session): session closed for user root
May  8 08:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12446]: pam_unix(cron:session): session closed for user samftp
May  8 08:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 08:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Failed password for root from 185.141.132.26 port 54232 ssh2
May  8 08:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Received disconnect from 185.141.132.26 port 54232:11: Bye Bye [preauth]
May  8 08:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12719]: Disconnected from 185.141.132.26 port 54232 [preauth]
May  8 08:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Invalid user wiebe from 136.232.11.10
May  8 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: input_userauth_request: invalid user wiebe [preauth]
May  8 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
May  8 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Failed password for invalid user wiebe from 136.232.11.10 port 6706 ssh2
May  8 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Received disconnect from 136.232.11.10 port 6706:11: Bye Bye [preauth]
May  8 08:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12743]: Disconnected from 136.232.11.10 port 6706 [preauth]
May  8 08:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Invalid user test from 52.170.91.127
May  8 08:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: input_userauth_request: invalid user test [preauth]
May  8 08:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 08:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Failed password for invalid user test from 52.170.91.127 port 45946 ssh2
May  8 08:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Received disconnect from 52.170.91.127 port 45946:11: Bye Bye [preauth]
May  8 08:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12761]: Disconnected from 52.170.91.127 port 45946 [preauth]
May  8 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11648]: pam_unix(cron:session): session closed for user root
May  8 08:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Invalid user admin from 80.94.95.112
May  8 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: input_userauth_request: invalid user admin [preauth]
May  8 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12871]: pam_unix(cron:session): session closed for user p13x
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user admin from 80.94.95.112 port 29937 ssh2
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12936]: Successful su for rubyman by root
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12936]: + ??? root:rubyman
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352188 of user rubyman.
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12936]: pam_unix(su:session): session closed for user rubyman
May  8 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352188.
May  8 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user admin from 80.94.95.112 port 29937 ssh2
May  8 08:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user root
May  8 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user admin from 80.94.95.112 port 29937 ssh2
May  8 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session closed for user samftp
May  8 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user admin from 80.94.95.112 port 29937 ssh2
May  8 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:51:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Failed password for invalid user admin from 80.94.95.112 port 29937 ssh2
May  8 08:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Received disconnect from 80.94.95.112 port 29937:11: Bye [preauth]
May  8 08:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: Disconnected from 80.94.95.112 port 29937 [preauth]
May  8 08:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 08:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12860]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 08:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 08:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Failed password for root from 80.94.95.241 port 63390 ssh2
May  8 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 63390 ssh2]
May  8 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Received disconnect from 80.94.95.241 port 63390:11: Bye [preauth]
May  8 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: Disconnected from 80.94.95.241 port 63390 [preauth]
May  8 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 08:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13148]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12037]: pam_unix(cron:session): session closed for user root
May  8 08:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13278]: pam_unix(cron:session): session closed for user p13x
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13343]: Successful su for rubyman by root
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13343]: + ??? root:rubyman
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352192 of user rubyman.
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13343]: pam_unix(su:session): session closed for user rubyman
May  8 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352192.
May  8 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Failed password for root from 202.168.179.141 port 54516 ssh2
May  8 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Received disconnect from 202.168.179.141 port 54516:11: Bye Bye [preauth]
May  8 08:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13273]: Disconnected from 202.168.179.141 port 54516 [preauth]
May  8 08:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user root
May  8 08:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13279]: pam_unix(cron:session): session closed for user samftp
May  8 08:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Invalid user admin from 194.0.234.16
May  8 08:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: input_userauth_request: invalid user admin [preauth]
May  8 08:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  8 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Failed password for invalid user admin from 194.0.234.16 port 31412 ssh2
May  8 08:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13626]: Connection closed by 194.0.234.16 port 31412 [preauth]
May  8 08:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12449]: pam_unix(cron:session): session closed for user root
May  8 08:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Failed password for root from 103.160.148.170 port 38498 ssh2
May  8 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Received disconnect from 103.160.148.170 port 38498:11: Bye Bye [preauth]
May  8 08:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13742]: Disconnected from 103.160.148.170 port 38498 [preauth]
May  8 08:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78  user=root
May  8 08:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Failed password for root from 91.200.151.78 port 39750 ssh2
May  8 08:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Received disconnect from 91.200.151.78 port 39750:11: Bye Bye [preauth]
May  8 08:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13777]: Disconnected from 91.200.151.78 port 39750 [preauth]
May  8 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13797]: pam_unix(cron:session): session closed for user p13x
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: Successful su for rubyman by root
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: + ??? root:rubyman
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352195 of user rubyman.
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13856]: pam_unix(su:session): session closed for user rubyman
May  8 08:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352195.
May  8 08:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11243]: pam_unix(cron:session): session closed for user root
May  8 08:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session closed for user samftp
May  8 08:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session closed for user root
May  8 08:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Failed password for root from 103.193.176.106 port 34928 ssh2
May  8 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Received disconnect from 103.193.176.106 port 34928:11: Bye Bye [preauth]
May  8 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14105]: Disconnected from 103.193.176.106 port 34928 [preauth]
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14194]: pam_unix(cron:session): session closed for user p13x
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: Successful su for rubyman by root
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: + ??? root:rubyman
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352200 of user rubyman.
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14257]: pam_unix(su:session): session closed for user rubyman
May  8 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352200.
May  8 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11647]: pam_unix(cron:session): session closed for user root
May  8 08:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14195]: pam_unix(cron:session): session closed for user samftp
May  8 08:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Failed password for root from 96.67.59.65 port 40768 ssh2
May  8 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Received disconnect from 96.67.59.65 port 40768:11: Bye Bye [preauth]
May  8 08:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14506]: Disconnected from 96.67.59.65 port 40768 [preauth]
May  8 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13283]: pam_unix(cron:session): session closed for user root
May  8 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: Invalid user support from 210.79.142.221
May  8 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: input_userauth_request: invalid user support [preauth]
May  8 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: Failed password for invalid user support from 210.79.142.221 port 42492 ssh2
May  8 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: Received disconnect from 210.79.142.221 port 42492:11: Bye Bye [preauth]
May  8 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14538]: Disconnected from 210.79.142.221 port 42492 [preauth]
May  8 08:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Invalid user postgres from 185.141.132.26
May  8 08:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: input_userauth_request: invalid user postgres [preauth]
May  8 08:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: Invalid user  from 65.49.1.77
May  8 08:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: input_userauth_request: invalid user  [preauth]
May  8 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Failed password for invalid user postgres from 185.141.132.26 port 49278 ssh2
May  8 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Received disconnect from 185.141.132.26 port 49278:11: Bye Bye [preauth]
May  8 08:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14581]: Disconnected from 185.141.132.26 port 49278 [preauth]
May  8 08:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14583]: Connection closed by 65.49.1.77 port 42141 [preauth]
May  8 08:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: Invalid user administrator from 52.170.91.127
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: input_userauth_request: invalid user administrator [preauth]
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14615]: pam_unix(cron:session): session closed for user root
May  8 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14606]: pam_unix(cron:session): session closed for user p13x
May  8 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: Successful su for rubyman by root
May  8 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: + ??? root:rubyman
May  8 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352204 of user rubyman.
May  8 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14683]: pam_unix(su:session): session closed for user rubyman
May  8 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352204.
May  8 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: Failed password for invalid user administrator from 52.170.91.127 port 33910 ssh2
May  8 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: Received disconnect from 52.170.91.127 port 33910:11: Bye Bye [preauth]
May  8 08:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14603]: Disconnected from 52.170.91.127 port 33910 [preauth]
May  8 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14608]: pam_unix(cron:session): session closed for user root
May  8 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session closed for user root
May  8 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14607]: pam_unix(cron:session): session closed for user samftp
May  8 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Invalid user telecomadmin from 85.208.84.134
May  8 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: input_userauth_request: invalid user telecomadmin [preauth]
May  8 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Failed password for invalid user telecomadmin from 85.208.84.134 port 57022 ssh2
May  8 08:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14931]: Connection closed by 85.208.84.134 port 57022 [preauth]
May  8 08:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user root
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15051]: pam_unix(cron:session): session closed for user p13x
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15116]: Successful su for rubyman by root
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15116]: + ??? root:rubyman
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352209 of user rubyman.
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15116]: pam_unix(su:session): session closed for user rubyman
May  8 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352209.
May  8 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12448]: pam_unix(cron:session): session closed for user root
May  8 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session closed for user samftp
May  8 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14197]: pam_unix(cron:session): session closed for user root
May  8 08:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Invalid user c from 195.178.110.50
May  8 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: input_userauth_request: invalid user c [preauth]
May  8 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 08:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Failed password for invalid user c from 195.178.110.50 port 15392 ssh2
May  8 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Connection closed by 195.178.110.50 port 15392 [preauth]
May  8 08:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Invalid user l from 195.178.110.50
May  8 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: input_userauth_request: invalid user l [preauth]
May  8 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 08:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Failed password for invalid user l from 195.178.110.50 port 51612 ssh2
May  8 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15427]: Connection closed by 195.178.110.50 port 51612 [preauth]
May  8 08:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15452]: pam_unix(cron:session): session closed for user p13x
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15518]: Successful su for rubyman by root
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15518]: + ??? root:rubyman
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352213 of user rubyman.
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15518]: pam_unix(su:session): session closed for user rubyman
May  8 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352213.
May  8 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session closed for user root
May  8 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session closed for user samftp
May  8 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Invalid user u from 195.178.110.50
May  8 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: input_userauth_request: invalid user u [preauth]
May  8 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 08:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Failed password for invalid user u from 195.178.110.50 port 46446 ssh2
May  8 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15445]: Connection closed by 195.178.110.50 port 46446 [preauth]
May  8 08:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Invalid user ~ from 195.178.110.50
May  8 08:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: input_userauth_request: invalid user ~ [preauth]
May  8 08:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 08:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Failed password for invalid user ~ from 195.178.110.50 port 23960 ssh2
May  8 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15703]: Connection closed by 195.178.110.50 port 23960 [preauth]
May  8 08:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Invalid user ) from 195.178.110.50
May  8 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: input_userauth_request: invalid user ) [preauth]
May  8 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 08:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Failed password for invalid user ) from 195.178.110.50 port 7442 ssh2
May  8 08:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15735]: Connection closed by 195.178.110.50 port 7442 [preauth]
May  8 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14614]: pam_unix(cron:session): session closed for user root
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15854]: pam_unix(cron:session): session closed for user p13x
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: Successful su for rubyman by root
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: + ??? root:rubyman
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352217 of user rubyman.
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15917]: pam_unix(su:session): session closed for user rubyman
May  8 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352217.
May  8 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13282]: pam_unix(cron:session): session closed for user root
May  8 08:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15855]: pam_unix(cron:session): session closed for user samftp
May  8 08:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
May  8 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16122]: Failed password for root from 136.232.11.10 port 37330 ssh2
May  8 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16122]: Received disconnect from 136.232.11.10 port 37330:11: Bye Bye [preauth]
May  8 08:58:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16122]: Disconnected from 136.232.11.10 port 37330 [preauth]
May  8 08:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 08:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Failed password for root from 103.160.148.170 port 40020 ssh2
May  8 08:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Received disconnect from 103.160.148.170 port 40020:11: Bye Bye [preauth]
May  8 08:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16124]: Disconnected from 103.160.148.170 port 40020 [preauth]
May  8 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user root
May  8 08:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Invalid user pro from 91.200.151.78
May  8 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: input_userauth_request: invalid user pro [preauth]
May  8 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:58:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Failed password for invalid user pro from 91.200.151.78 port 52266 ssh2
May  8 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Received disconnect from 91.200.151.78 port 52266:11: Bye Bye [preauth]
May  8 08:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16192]: Disconnected from 91.200.151.78 port 52266 [preauth]
May  8 08:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Invalid user da from 202.168.179.141
May  8 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: input_userauth_request: invalid user da [preauth]
May  8 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16226]: Connection closed by 93.108.120.147 port 48314 [preauth]
May  8 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Failed password for invalid user da from 202.168.179.141 port 60264 ssh2
May  8 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Received disconnect from 202.168.179.141 port 60264:11: Bye Bye [preauth]
May  8 08:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16215]: Disconnected from 202.168.179.141 port 60264 [preauth]
May  8 08:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16247]: pam_unix(cron:session): session closed for user p13x
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Invalid user wangzf from 96.67.59.65
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: input_userauth_request: invalid user wangzf [preauth]
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16305]: Successful su for rubyman by root
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16305]: + ??? root:rubyman
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352222 of user rubyman.
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16305]: pam_unix(su:session): session closed for user rubyman
May  8 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352222.
May  8 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Failed password for invalid user wangzf from 96.67.59.65 port 49325 ssh2
May  8 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Received disconnect from 96.67.59.65 port 49325:11: Bye Bye [preauth]
May  8 08:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16244]: Disconnected from 96.67.59.65 port 49325 [preauth]
May  8 08:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user root
May  8 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16248]: pam_unix(cron:session): session closed for user samftp
May  8 08:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session closed for user root
May  8 08:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Failed password for root from 103.193.176.106 port 34776 ssh2
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Received disconnect from 103.193.176.106 port 34776:11: Bye Bye [preauth]
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16600]: Disconnected from 103.193.176.106 port 34776 [preauth]
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Invalid user www from 185.141.132.26
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: input_userauth_request: invalid user www [preauth]
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Failed password for invalid user www from 185.141.132.26 port 43736 ssh2
May  8 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Received disconnect from 185.141.132.26 port 43736:11: Bye Bye [preauth]
May  8 08:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Disconnected from 185.141.132.26 port 43736 [preauth]
May  8 08:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Invalid user reggie from 52.170.91.127
May  8 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: input_userauth_request: invalid user reggie [preauth]
May  8 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: pam_unix(sshd:auth): check pass; user unknown
May  8 08:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Failed password for invalid user reggie from 52.170.91.127 port 46230 ssh2
May  8 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Received disconnect from 52.170.91.127 port 46230:11: Bye Bye [preauth]
May  8 08:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16682]: Disconnected from 52.170.91.127 port 46230 [preauth]
May  8 08:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Invalid user ravi from 210.79.142.221
May  8 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: input_userauth_request: invalid user ravi [preauth]
May  8 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16703]: pam_unix(cron:session): session closed for user root
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session closed for user root
May  8 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16697]: pam_unix(cron:session): session closed for user p13x
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: Successful su for rubyman by root
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: + ??? root:rubyman
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352229 of user rubyman.
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16797]: pam_unix(su:session): session closed for user rubyman
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352229.
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Failed password for invalid user ravi from 210.79.142.221 port 43572 ssh2
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Received disconnect from 210.79.142.221 port 43572:11: Bye Bye [preauth]
May  8 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16694]: Disconnected from 210.79.142.221 port 43572 [preauth]
May  8 09:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14196]: pam_unix(cron:session): session closed for user root
May  8 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session closed for user root
May  8 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16698]: pam_unix(cron:session): session closed for user samftp
May  8 09:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Invalid user xbmc from 81.70.167.132
May  8 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: input_userauth_request: invalid user xbmc [preauth]
May  8 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  8 09:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Failed password for invalid user xbmc from 81.70.167.132 port 52936 ssh2
May  8 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Received disconnect from 81.70.167.132 port 52936:11: Bye Bye [preauth]
May  8 09:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17102]: Disconnected from 81.70.167.132 port 52936 [preauth]
May  8 09:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Failed password for root from 218.92.0.205 port 47382 ssh2
May  8 09:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15857]: pam_unix(cron:session): session closed for user root
May  8 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Failed password for root from 218.92.0.205 port 47382 ssh2
May  8 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 47382 ssh2]
May  8 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 47382 ssh2 [preauth]
May  8 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: Disconnecting: Too many authentication failures [preauth]
May  8 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 09:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17104]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 09:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 09:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for root from 218.92.0.205 port 30488 ssh2
May  8 09:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: message repeated 3 times: [ Failed password for root from 218.92.0.205 port 30488 ssh2]
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17229]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17228]: pam_unix(cron:session): session closed for user p13x
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17299]: Successful su for rubyman by root
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17299]: + ??? root:rubyman
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352232 of user rubyman.
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17299]: pam_unix(su:session): session closed for user rubyman
May  8 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352232.
May  8 09:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for root from 218.92.0.205 port 30488 ssh2
May  8 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Failed password for root from 218.92.0.205 port 30488 ssh2
May  8 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 30488 ssh2 [preauth]
May  8 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: Disconnecting: Too many authentication failures [preauth]
May  8 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17204]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14609]: pam_unix(cron:session): session closed for user root
May  8 09:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17229]: pam_unix(cron:session): session closed for user samftp
May  8 09:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 09:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Failed password for root from 218.92.0.205 port 48998 ssh2
May  8 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Received disconnect from 218.92.0.205 port 48998:11:  [preauth]
May  8 09:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Disconnected from 218.92.0.205 port 48998 [preauth]
May  8 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session closed for user root
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17658]: pam_unix(cron:session): session closed for user p13x
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: Successful su for rubyman by root
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: + ??? root:rubyman
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352238 of user rubyman.
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17722]: pam_unix(su:session): session closed for user rubyman
May  8 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352238.
May  8 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user root
May  8 09:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17660]: pam_unix(cron:session): session closed for user samftp
May  8 09:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
May  8 09:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: Failed password for root from 136.232.11.10 port 37666 ssh2
May  8 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: Received disconnect from 136.232.11.10 port 37666:11: Bye Bye [preauth]
May  8 09:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18058]: Disconnected from 136.232.11.10 port 37666 [preauth]
May  8 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session closed for user root
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18181]: pam_unix(cron:session): session closed for user p13x
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18240]: Successful su for rubyman by root
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18240]: + ??? root:rubyman
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18240]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352240 of user rubyman.
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18240]: pam_unix(su:session): session closed for user rubyman
May  8 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352240.
May  8 09:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session closed for user root
May  8 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18182]: pam_unix(cron:session): session closed for user samftp
May  8 09:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132  user=root
May  8 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Failed password for root from 81.70.167.132 port 36762 ssh2
May  8 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Received disconnect from 81.70.167.132 port 36762:11: Bye Bye [preauth]
May  8 09:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18462]: Disconnected from 81.70.167.132 port 36762 [preauth]
May  8 09:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Invalid user develop from 96.67.59.65
May  8 09:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: input_userauth_request: invalid user develop [preauth]
May  8 09:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for invalid user develop from 96.67.59.65 port 60737 ssh2
May  8 09:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Received disconnect from 96.67.59.65 port 60737:11: Bye Bye [preauth]
May  8 09:03:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Disconnected from 96.67.59.65 port 60737 [preauth]
May  8 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17231]: pam_unix(cron:session): session closed for user root
May  8 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Invalid user support from 80.94.95.115
May  8 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: input_userauth_request: invalid user support [preauth]
May  8 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Failed password for invalid user support from 80.94.95.115 port 50550 ssh2
May  8 09:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18515]: Connection closed by 80.94.95.115 port 50550 [preauth]
May  8 09:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18595]: pam_unix(cron:session): session closed for user p13x
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: Successful su for rubyman by root
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: + ??? root:rubyman
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352244 of user rubyman.
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18655]: pam_unix(su:session): session closed for user rubyman
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352244.
May  8 09:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18592]: Failed password for root from 103.160.148.170 port 58316 ssh2
May  8 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18592]: Received disconnect from 103.160.148.170 port 58316:11: Bye Bye [preauth]
May  8 09:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18592]: Disconnected from 103.160.148.170 port 58316 [preauth]
May  8 09:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15856]: pam_unix(cron:session): session closed for user root
May  8 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18596]: pam_unix(cron:session): session closed for user samftp
May  8 09:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Invalid user rsync from 91.200.151.78
May  8 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: input_userauth_request: invalid user rsync [preauth]
May  8 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Failed password for invalid user rsync from 91.200.151.78 port 49502 ssh2
May  8 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Received disconnect from 91.200.151.78 port 49502:11: Bye Bye [preauth]
May  8 09:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Disconnected from 91.200.151.78 port 49502 [preauth]
May  8 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: Invalid user samir from 185.141.132.26
May  8 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: input_userauth_request: invalid user samir [preauth]
May  8 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: Failed password for invalid user samir from 185.141.132.26 port 54908 ssh2
May  8 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: Received disconnect from 185.141.132.26 port 54908:11: Bye Bye [preauth]
May  8 09:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18892]: Disconnected from 185.141.132.26 port 54908 [preauth]
May  8 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17662]: pam_unix(cron:session): session closed for user root
May  8 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 09:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Failed password for root from 52.170.91.127 port 57162 ssh2
May  8 09:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Received disconnect from 52.170.91.127 port 57162:11: Bye Bye [preauth]
May  8 09:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18991]: Disconnected from 52.170.91.127 port 57162 [preauth]
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session closed for user root
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19002]: pam_unix(cron:session): session closed for user p13x
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19081]: Successful su for rubyman by root
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19081]: + ??? root:rubyman
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19081]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352249 of user rubyman.
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19081]: pam_unix(su:session): session closed for user rubyman
May  8 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352249.
May  8 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19004]: pam_unix(cron:session): session closed for user root
May  8 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session closed for user root
May  8 09:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19003]: pam_unix(cron:session): session closed for user samftp
May  8 09:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Invalid user alireza from 202.168.179.141
May  8 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: input_userauth_request: invalid user alireza [preauth]
May  8 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 09:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Failed password for invalid user alireza from 202.168.179.141 port 37786 ssh2
May  8 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Received disconnect from 202.168.179.141 port 37786:11: Bye Bye [preauth]
May  8 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19336]: Disconnected from 202.168.179.141 port 37786 [preauth]
May  8 09:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Failed password for root from 210.79.142.221 port 35666 ssh2
May  8 09:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Received disconnect from 210.79.142.221 port 35666:11: Bye Bye [preauth]
May  8 09:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19338]: Disconnected from 210.79.142.221 port 35666 [preauth]
May  8 09:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18184]: pam_unix(cron:session): session closed for user root
May  8 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for root from 103.193.176.106 port 60878 ssh2
May  8 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Received disconnect from 103.193.176.106 port 60878:11: Bye Bye [preauth]
May  8 09:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Disconnected from 103.193.176.106 port 60878 [preauth]
May  8 09:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Invalid user hunter from 80.94.95.241
May  8 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: input_userauth_request: invalid user hunter [preauth]
May  8 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 09:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user hunter from 80.94.95.241 port 62704 ssh2
May  8 09:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user hunter from 80.94.95.241 port 62704 ssh2
May  8 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19453]: pam_unix(cron:session): session closed for user p13x
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: Successful su for rubyman by root
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: + ??? root:rubyman
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352255 of user rubyman.
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19529]: pam_unix(su:session): session closed for user rubyman
May  8 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352255.
May  8 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user hunter from 80.94.95.241 port 62704 ssh2
May  8 09:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user hunter from 80.94.95.241 port 62704 ssh2
May  8 09:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session closed for user root
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Failed password for invalid user hunter from 80.94.95.241 port 62704 ssh2
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19454]: pam_unix(cron:session): session closed for user samftp
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Received disconnect from 80.94.95.241 port 62704:11: Bye [preauth]
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: Disconnected from 80.94.95.241 port 62704 [preauth]
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19441]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 09:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Invalid user test from 136.232.11.10
May  8 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: input_userauth_request: invalid user test [preauth]
May  8 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
May  8 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Invalid user db2inst1 from 50.235.31.47
May  8 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: input_userauth_request: invalid user db2inst1 [preauth]
May  8 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Failed password for invalid user test from 136.232.11.10 port 10841 ssh2
May  8 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Received disconnect from 136.232.11.10 port 10841:11: Bye Bye [preauth]
May  8 09:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19758]: Disconnected from 136.232.11.10 port 10841 [preauth]
May  8 09:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Failed password for invalid user db2inst1 from 50.235.31.47 port 48736 ssh2
May  8 09:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19768]: Connection closed by 50.235.31.47 port 48736 [preauth]
May  8 09:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18598]: pam_unix(cron:session): session closed for user root
May  8 09:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Invalid user jenkins from 93.108.120.147
May  8 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: input_userauth_request: invalid user jenkins [preauth]
May  8 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 09:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Failed password for invalid user jenkins from 93.108.120.147 port 51882 ssh2
May  8 09:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Received disconnect from 93.108.120.147 port 51882:11: Bye Bye [preauth]
May  8 09:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19861]: Disconnected from 93.108.120.147 port 51882 [preauth]
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19889]: pam_unix(cron:session): session closed for user p13x
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: Successful su for rubyman by root
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: + ??? root:rubyman
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352258 of user rubyman.
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19952]: pam_unix(su:session): session closed for user rubyman
May  8 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352258.
May  8 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17230]: pam_unix(cron:session): session closed for user root
May  8 09:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19891]: pam_unix(cron:session): session closed for user samftp
May  8 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session closed for user root
May  8 09:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Failed password for root from 96.67.59.65 port 54505 ssh2
May  8 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Received disconnect from 96.67.59.65 port 54505:11: Bye Bye [preauth]
May  8 09:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20276]: Disconnected from 96.67.59.65 port 54505 [preauth]
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20296]: pam_unix(cron:session): session closed for user p13x
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20356]: Successful su for rubyman by root
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20356]: + ??? root:rubyman
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352264 of user rubyman.
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20356]: pam_unix(su:session): session closed for user rubyman
May  8 09:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352264.
May  8 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17661]: pam_unix(cron:session): session closed for user root
May  8 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20297]: pam_unix(cron:session): session closed for user samftp
May  8 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19456]: pam_unix(cron:session): session closed for user root
May  8 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20697]: pam_unix(cron:session): session closed for user p13x
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: Successful su for rubyman by root
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: + ??? root:rubyman
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352266 of user rubyman.
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20823]: pam_unix(su:session): session closed for user rubyman
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352266.
May  8 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20695]: pam_unix(cron:session): session closed for user root
May  8 09:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18183]: pam_unix(cron:session): session closed for user root
May  8 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Invalid user developer from 185.141.132.26
May  8 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: input_userauth_request: invalid user developer [preauth]
May  8 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20698]: pam_unix(cron:session): session closed for user samftp
May  8 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Failed password for invalid user developer from 185.141.132.26 port 42450 ssh2
May  8 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Received disconnect from 185.141.132.26 port 42450:11: Bye Bye [preauth]
May  8 09:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20941]: Disconnected from 185.141.132.26 port 42450 [preauth]
May  8 09:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user root
May  8 09:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Invalid user deploy from 103.160.148.170
May  8 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: input_userauth_request: invalid user deploy [preauth]
May  8 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Failed password for invalid user deploy from 103.160.148.170 port 50998 ssh2
May  8 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Received disconnect from 103.160.148.170 port 50998:11: Bye Bye [preauth]
May  8 09:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Disconnected from 103.160.148.170 port 50998 [preauth]
May  8 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Failed password for root from 52.170.91.127 port 43038 ssh2
May  8 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Received disconnect from 52.170.91.127 port 43038:11: Bye Bye [preauth]
May  8 09:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21213]: Disconnected from 52.170.91.127 port 43038 [preauth]
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21227]: pam_unix(cron:session): session closed for user root
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21217]: pam_unix(cron:session): session closed for user p13x
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: Successful su for rubyman by root
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: + ??? root:rubyman
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352271 of user rubyman.
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21313]: pam_unix(su:session): session closed for user rubyman
May  8 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352271.
May  8 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21224]: pam_unix(cron:session): session closed for user root
May  8 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18597]: pam_unix(cron:session): session closed for user root
May  8 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Invalid user developer from 91.200.151.78
May  8 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: input_userauth_request: invalid user developer [preauth]
May  8 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 09:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21218]: pam_unix(cron:session): session closed for user samftp
May  8 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Failed password for invalid user developer from 91.200.151.78 port 53676 ssh2
May  8 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Received disconnect from 91.200.151.78 port 53676:11: Bye Bye [preauth]
May  8 09:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Disconnected from 91.200.151.78 port 53676 [preauth]
May  8 09:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Invalid user postgres from 136.232.11.10
May  8 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: input_userauth_request: invalid user postgres [preauth]
May  8 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
May  8 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Failed password for invalid user postgres from 136.232.11.10 port 18907 ssh2
May  8 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Received disconnect from 136.232.11.10 port 18907:11: Bye Bye [preauth]
May  8 09:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21568]: Disconnected from 136.232.11.10 port 18907 [preauth]
May  8 09:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20299]: pam_unix(cron:session): session closed for user root
May  8 09:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Invalid user ansadmin from 210.79.142.221
May  8 09:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: input_userauth_request: invalid user ansadmin [preauth]
May  8 09:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Failed password for invalid user ansadmin from 210.79.142.221 port 53714 ssh2
May  8 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Received disconnect from 210.79.142.221 port 53714:11: Bye Bye [preauth]
May  8 09:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21657]: Disconnected from 210.79.142.221 port 53714 [preauth]
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21720]: pam_unix(cron:session): session closed for user p13x
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22014]: Successful su for rubyman by root
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22014]: + ??? root:rubyman
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22014]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352278 of user rubyman.
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22014]: pam_unix(su:session): session closed for user rubyman
May  8 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352278.
May  8 09:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19005]: pam_unix(cron:session): session closed for user root
May  8 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21721]: pam_unix(cron:session): session closed for user samftp
May  8 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20701]: pam_unix(cron:session): session closed for user root
May  8 09:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 09:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Failed password for root from 103.193.176.106 port 59138 ssh2
May  8 09:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Received disconnect from 103.193.176.106 port 59138:11: Bye Bye [preauth]
May  8 09:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22374]: Disconnected from 103.193.176.106 port 59138 [preauth]
May  8 09:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Invalid user exit from 202.168.179.141
May  8 09:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: input_userauth_request: invalid user exit [preauth]
May  8 09:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:11:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Failed password for invalid user exit from 202.168.179.141 port 43590 ssh2
May  8 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Received disconnect from 202.168.179.141 port 43590:11: Bye Bye [preauth]
May  8 09:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22449]: Disconnected from 202.168.179.141 port 43590 [preauth]
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22473]: pam_unix(cron:session): session closed for user p13x
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22545]: Successful su for rubyman by root
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22545]: + ??? root:rubyman
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352283 of user rubyman.
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22545]: pam_unix(su:session): session closed for user rubyman
May  8 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352283.
May  8 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19455]: pam_unix(cron:session): session closed for user root
May  8 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22474]: pam_unix(cron:session): session closed for user samftp
May  8 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Failed password for root from 96.67.59.65 port 44052 ssh2
May  8 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Received disconnect from 96.67.59.65 port 44052:11: Bye Bye [preauth]
May  8 09:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22800]: Disconnected from 96.67.59.65 port 44052 [preauth]
May  8 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21226]: pam_unix(cron:session): session closed for user root
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user p13x
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23008]: Successful su for rubyman by root
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23008]: + ??? root:rubyman
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352286 of user rubyman.
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23008]: pam_unix(su:session): session closed for user rubyman
May  8 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352286.
May  8 09:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session closed for user root
May  8 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user samftp
May  8 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21723]: pam_unix(cron:session): session closed for user root
May  8 09:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: Invalid user director from 185.141.132.26
May  8 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: input_userauth_request: invalid user director [preauth]
May  8 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26
May  8 09:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: Failed password for invalid user director from 185.141.132.26 port 44984 ssh2
May  8 09:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: Received disconnect from 185.141.132.26 port 44984:11: Bye Bye [preauth]
May  8 09:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23334]: Disconnected from 185.141.132.26 port 44984 [preauth]
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23445]: pam_unix(cron:session): session closed for user p13x
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: Successful su for rubyman by root
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: + ??? root:rubyman
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352290 of user rubyman.
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23506]: pam_unix(su:session): session closed for user rubyman
May  8 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352290.
May  8 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20298]: pam_unix(cron:session): session closed for user root
May  8 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23446]: pam_unix(cron:session): session closed for user samftp
May  8 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: Invalid user liuwei from 164.68.105.9
May  8 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: input_userauth_request: invalid user liuwei [preauth]
May  8 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: Failed password for invalid user liuwei from 164.68.105.9 port 33010 ssh2
May  8 09:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23705]: Connection closed by 164.68.105.9 port 33010 [preauth]
May  8 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22477]: pam_unix(cron:session): session closed for user root
May  8 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Invalid user hendra from 52.170.91.127
May  8 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: input_userauth_request: invalid user hendra [preauth]
May  8 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for invalid user hendra from 52.170.91.127 port 52688 ssh2
May  8 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Received disconnect from 52.170.91.127 port 52688:11: Bye Bye [preauth]
May  8 09:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Disconnected from 52.170.91.127 port 52688 [preauth]
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23971]: pam_unix(cron:session): session closed for user root
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23966]: pam_unix(cron:session): session closed for user p13x
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: Successful su for rubyman by root
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: + ??? root:rubyman
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352293 of user rubyman.
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24052]: pam_unix(su:session): session closed for user rubyman
May  8 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352293.
May  8 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23968]: pam_unix(cron:session): session closed for user root
May  8 09:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20699]: pam_unix(cron:session): session closed for user root
May  8 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23967]: pam_unix(cron:session): session closed for user samftp
May  8 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: Failed password for root from 103.160.148.170 port 53316 ssh2
May  8 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: Received disconnect from 103.160.148.170 port 53316:11: Bye Bye [preauth]
May  8 09:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24274]: Disconnected from 103.160.148.170 port 53316 [preauth]
May  8 09:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22920]: pam_unix(cron:session): session closed for user root
May  8 09:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: Invalid user postgres from 91.200.151.78
May  8 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: input_userauth_request: invalid user postgres [preauth]
May  8 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 09:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: Failed password for invalid user postgres from 91.200.151.78 port 33248 ssh2
May  8 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: Received disconnect from 91.200.151.78 port 33248:11: Bye Bye [preauth]
May  8 09:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24389]: Disconnected from 91.200.151.78 port 33248 [preauth]
May  8 09:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Invalid user worker from 210.79.142.221
May  8 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: input_userauth_request: invalid user worker [preauth]
May  8 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user p13x
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Failed password for invalid user worker from 210.79.142.221 port 34912 ssh2
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24525]: Successful su for rubyman by root
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24525]: + ??? root:rubyman
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352299 of user rubyman.
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24525]: pam_unix(su:session): session closed for user rubyman
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352299.
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Received disconnect from 210.79.142.221 port 34912:11: Bye Bye [preauth]
May  8 09:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24440]: Disconnected from 210.79.142.221 port 34912 [preauth]
May  8 09:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21225]: pam_unix(cron:session): session closed for user root
May  8 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24452]: pam_unix(cron:session): session closed for user samftp
May  8 09:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24738]: Connection closed by 135.237.126.194 port 48070 [preauth]
May  8 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23448]: pam_unix(cron:session): session closed for user root
May  8 09:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Invalid user ubuntu from 96.67.59.65
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: input_userauth_request: invalid user ubuntu [preauth]
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24876]: pam_unix(cron:session): session closed for user root
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24878]: pam_unix(cron:session): session closed for user p13x
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: Successful su for rubyman by root
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: + ??? root:rubyman
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352304 of user rubyman.
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24952]: pam_unix(su:session): session closed for user rubyman
May  8 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352304.
May  8 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Failed password for invalid user ubuntu from 96.67.59.65 port 34999 ssh2
May  8 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Received disconnect from 96.67.59.65 port 34999:11: Bye Bye [preauth]
May  8 09:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24874]: Disconnected from 96.67.59.65 port 34999 [preauth]
May  8 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21722]: pam_unix(cron:session): session closed for user root
May  8 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session closed for user samftp
May  8 09:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 09:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for root from 194.0.234.19 port 59492 ssh2
May  8 09:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Connection closed by 194.0.234.19 port 59492 [preauth]
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25206]: Did not receive identification string from 103.197.184.167
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Invalid user support from 103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: input_userauth_request: invalid user support [preauth]
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: Invalid user usario from 103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: input_userauth_request: invalid user usario [preauth]
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Invalid user ubnt from 103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: input_userauth_request: invalid user ubnt [preauth]
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Invalid user user from 103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: input_userauth_request: invalid user user [preauth]
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Invalid user admin from 103.197.184.167
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: input_userauth_request: invalid user admin [preauth]
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.197.184.167
May  8 09:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23970]: pam_unix(cron:session): session closed for user root
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: Failed password for invalid user usario from 103.197.184.167 port 59656 ssh2
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Failed password for invalid user support from 103.197.184.167 port 59628 ssh2
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Failed password for invalid user ubnt from 103.197.184.167 port 59652 ssh2
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for invalid user user from 103.197.184.167 port 59642 ssh2
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Failed password for invalid user admin from 103.197.184.167 port 59630 ssh2
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Received disconnect from 103.197.184.167 port 59628:11: Bye Bye [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25208]: Disconnected from 103.197.184.167 port 59628 [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: Received disconnect from 103.197.184.167 port 59656:11: Bye Bye [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25212]: Disconnected from 103.197.184.167 port 59656 [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Received disconnect from 103.197.184.167 port 59652:11: Bye Bye [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25210]: Disconnected from 103.197.184.167 port 59652 [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Received disconnect from 103.197.184.167 port 59642:11: Bye Bye [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Disconnected from 103.197.184.167 port 59642 [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Received disconnect from 103.197.184.167 port 59630:11: Bye Bye [preauth]
May  8 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Disconnected from 103.197.184.167 port 59630 [preauth]
May  8 09:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Invalid user wiebe from 103.193.176.106
May  8 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: input_userauth_request: invalid user wiebe [preauth]
May  8 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 09:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Failed password for invalid user wiebe from 103.193.176.106 port 50948 ssh2
May  8 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Received disconnect from 103.193.176.106 port 50948:11: Bye Bye [preauth]
May  8 09:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25250]: Disconnected from 103.193.176.106 port 50948 [preauth]
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25309]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25309]: pam_unix(cron:session): session closed for user p13x
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25377]: Successful su for rubyman by root
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25377]: + ??? root:rubyman
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352309 of user rubyman.
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25377]: pam_unix(su:session): session closed for user rubyman
May  8 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352309.
May  8 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22476]: pam_unix(cron:session): session closed for user root
May  8 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session closed for user samftp
May  8 09:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
May  8 09:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: Failed password for root from 136.232.11.10 port 46749 ssh2
May  8 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: Received disconnect from 136.232.11.10 port 46749:11: Bye Bye [preauth]
May  8 09:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25610]: Disconnected from 136.232.11.10 port 46749 [preauth]
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25649]: Did not receive identification string from 103.70.115.15
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Invalid user admin from 103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: input_userauth_request: invalid user admin [preauth]
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Invalid user user from 103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: input_userauth_request: invalid user user [preauth]
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: Invalid user ubnt from 103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: input_userauth_request: invalid user ubnt [preauth]
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Invalid user support from 103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: input_userauth_request: invalid user support [preauth]
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Invalid user usario from 103.70.115.15
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: input_userauth_request: invalid user usario [preauth]
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.115.15
May  8 09:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.141.132.26  user=root
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Failed password for invalid user admin from 103.70.115.15 port 31018 ssh2
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Failed password for invalid user user from 103.70.115.15 port 31032 ssh2
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: Failed password for invalid user ubnt from 103.70.115.15 port 31076 ssh2
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Failed password for invalid user support from 103.70.115.15 port 31048 ssh2
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Failed password for invalid user usario from 103.70.115.15 port 31062 ssh2
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Received disconnect from 103.70.115.15 port 31018:11: Bye Bye [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25653]: Disconnected from 103.70.115.15 port 31018 [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Received disconnect from 103.70.115.15 port 31032:11: Bye Bye [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Disconnected from 103.70.115.15 port 31032 [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: Received disconnect from 103.70.115.15 port 31076:11: Bye Bye [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25657]: Disconnected from 103.70.115.15 port 31076 [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Received disconnect from 103.70.115.15 port 31048:11: Bye Bye [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25656]: Disconnected from 103.70.115.15 port 31048 [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Received disconnect from 103.70.115.15 port 31062:11: Bye Bye [preauth]
May  8 09:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25665]: Disconnected from 103.70.115.15 port 31062 [preauth]
May  8 09:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25674]: Failed password for root from 185.141.132.26 port 60678 ssh2
May  8 09:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25674]: Received disconnect from 185.141.132.26 port 60678:11: Bye Bye [preauth]
May  8 09:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25674]: Disconnected from 185.141.132.26 port 60678 [preauth]
May  8 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24454]: pam_unix(cron:session): session closed for user root
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session closed for user p13x
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: Successful su for rubyman by root
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: + ??? root:rubyman
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352312 of user rubyman.
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25876]: pam_unix(su:session): session closed for user rubyman
May  8 09:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352312.
May  8 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user root
May  8 09:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session closed for user samftp
May  8 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user root
May  8 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Failed password for root from 52.170.91.127 port 42120 ssh2
May  8 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Received disconnect from 52.170.91.127 port 42120:11: Bye Bye [preauth]
May  8 09:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Disconnected from 52.170.91.127 port 42120 [preauth]
May  8 09:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26238]: pam_unix(cron:session): session closed for user root
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26233]: pam_unix(cron:session): session closed for user p13x
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Invalid user gmodserver from 202.168.179.141
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: input_userauth_request: invalid user gmodserver [preauth]
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: Successful su for rubyman by root
May  8 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: + ??? root:rubyman
May  8 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352320 of user rubyman.
May  8 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26299]: pam_unix(su:session): session closed for user rubyman
May  8 09:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352320.
May  8 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Failed password for invalid user gmodserver from 202.168.179.141 port 49444 ssh2
May  8 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Received disconnect from 202.168.179.141 port 49444:11: Bye Bye [preauth]
May  8 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26228]: Disconnected from 202.168.179.141 port 49444 [preauth]
May  8 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26235]: pam_unix(cron:session): session closed for user root
May  8 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23447]: pam_unix(cron:session): session closed for user root
May  8 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26234]: pam_unix(cron:session): session closed for user samftp
May  8 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25313]: pam_unix(cron:session): session closed for user root
May  8 09:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Failed password for root from 103.160.148.170 port 53972 ssh2
May  8 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Received disconnect from 103.160.148.170 port 53972:11: Bye Bye [preauth]
May  8 09:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26693]: Disconnected from 103.160.148.170 port 53972 [preauth]
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26741]: pam_unix(cron:session): session closed for user p13x
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: Successful su for rubyman by root
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: + ??? root:rubyman
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352323 of user rubyman.
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26811]: pam_unix(su:session): session closed for user rubyman
May  8 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352323.
May  8 09:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23969]: pam_unix(cron:session): session closed for user root
May  8 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26742]: pam_unix(cron:session): session closed for user samftp
May  8 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 09:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Invalid user director from 91.200.151.78
May  8 09:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: input_userauth_request: invalid user director [preauth]
May  8 09:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: Failed password for root from 210.79.142.221 port 37632 ssh2
May  8 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Failed password for invalid user director from 91.200.151.78 port 45282 ssh2
May  8 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: Received disconnect from 210.79.142.221 port 37632:11: Bye Bye [preauth]
May  8 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: Disconnected from 210.79.142.221 port 37632 [preauth]
May  8 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Received disconnect from 91.200.151.78 port 45282:11: Bye Bye [preauth]
May  8 09:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27098]: Disconnected from 91.200.151.78 port 45282 [preauth]
May  8 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25798]: pam_unix(cron:session): session closed for user root
May  8 09:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: Invalid user original from 96.67.59.65
May  8 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: input_userauth_request: invalid user original [preauth]
May  8 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: Failed password for invalid user original from 96.67.59.65 port 57583 ssh2
May  8 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: Received disconnect from 96.67.59.65 port 57583:11: Bye Bye [preauth]
May  8 09:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27168]: Disconnected from 96.67.59.65 port 57583 [preauth]
May  8 09:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27182]: Connection closed by 93.108.120.147 port 58494 [preauth]
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27236]: pam_unix(cron:session): session closed for user p13x
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27299]: Successful su for rubyman by root
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27299]: + ??? root:rubyman
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27299]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352326 of user rubyman.
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27299]: pam_unix(su:session): session closed for user rubyman
May  8 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352326.
May  8 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24453]: pam_unix(cron:session): session closed for user root
May  8 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27237]: pam_unix(cron:session): session closed for user samftp
May  8 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26237]: pam_unix(cron:session): session closed for user root
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27713]: pam_unix(cron:session): session closed for user p13x
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: Successful su for rubyman by root
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: + ??? root:rubyman
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352332 of user rubyman.
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27774]: pam_unix(su:session): session closed for user rubyman
May  8 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352332.
May  8 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session closed for user root
May  8 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27714]: pam_unix(cron:session): session closed for user samftp
May  8 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Invalid user admin from 80.94.95.112
May  8 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: input_userauth_request: invalid user admin [preauth]
May  8 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user admin from 80.94.95.112 port 43131 ssh2
May  8 09:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user admin from 80.94.95.112 port 43131 ssh2
May  8 09:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user admin from 80.94.95.112 port 43131 ssh2
May  8 09:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user admin from 80.94.95.112 port 43131 ssh2
May  8 09:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Failed password for invalid user admin from 80.94.95.112 port 43131 ssh2
May  8 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Received disconnect from 80.94.95.112 port 43131:11: Bye [preauth]
May  8 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: Disconnected from 80.94.95.112 port 43131 [preauth]
May  8 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 09:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27967]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26744]: pam_unix(cron:session): session closed for user root
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28119]: pam_unix(cron:session): session closed for user p13x
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28185]: Successful su for rubyman by root
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28185]: + ??? root:rubyman
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352336 of user rubyman.
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28185]: pam_unix(su:session): session closed for user rubyman
May  8 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352336.
May  8 09:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25312]: pam_unix(cron:session): session closed for user root
May  8 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Failed password for root from 103.193.176.106 port 55334 ssh2
May  8 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Received disconnect from 103.193.176.106 port 55334:11: Bye Bye [preauth]
May  8 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28206]: Disconnected from 103.193.176.106 port 55334 [preauth]
May  8 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28120]: pam_unix(cron:session): session closed for user samftp
May  8 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27240]: pam_unix(cron:session): session closed for user root
May  8 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 09:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Failed password for root from 52.170.91.127 port 39654 ssh2
May  8 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Received disconnect from 52.170.91.127 port 39654:11: Bye Bye [preauth]
May  8 09:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28478]: Disconnected from 52.170.91.127 port 39654 [preauth]
May  8 09:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  8 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28514]: Failed password for root from 80.94.95.116 port 24278 ssh2
May  8 09:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28514]: Connection closed by 80.94.95.116 port 24278 [preauth]
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28535]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28540]: pam_unix(cron:session): session closed for user root
May  8 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28535]: pam_unix(cron:session): session closed for user p13x
May  8 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28604]: Successful su for rubyman by root
May  8 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28604]: + ??? root:rubyman
May  8 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352341 of user rubyman.
May  8 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28604]: pam_unix(su:session): session closed for user rubyman
May  8 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352341.
May  8 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28537]: pam_unix(cron:session): session closed for user root
May  8 09:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25796]: pam_unix(cron:session): session closed for user root
May  8 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28536]: pam_unix(cron:session): session closed for user samftp
May  8 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27716]: pam_unix(cron:session): session closed for user root
May  8 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: Failed password for root from 96.67.59.65 port 50324 ssh2
May  8 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: Received disconnect from 96.67.59.65 port 50324:11: Bye Bye [preauth]
May  8 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28957]: Disconnected from 96.67.59.65 port 50324 [preauth]
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28969]: pam_unix(cron:session): session closed for user p13x
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: Successful su for rubyman by root
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: + ??? root:rubyman
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352344 of user rubyman.
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29121]: pam_unix(su:session): session closed for user rubyman
May  8 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352344.
May  8 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26236]: pam_unix(cron:session): session closed for user root
May  8 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28970]: pam_unix(cron:session): session closed for user samftp
May  8 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Failed password for root from 103.160.148.170 port 60210 ssh2
May  8 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Received disconnect from 103.160.148.170 port 60210:11: Bye Bye [preauth]
May  8 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29355]: Disconnected from 103.160.148.170 port 60210 [preauth]
May  8 09:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Invalid user marcus from 136.232.11.10
May  8 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: input_userauth_request: invalid user marcus [preauth]
May  8 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10
May  8 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Failed password for invalid user marcus from 136.232.11.10 port 44918 ssh2
May  8 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Received disconnect from 136.232.11.10 port 44918:11: Bye Bye [preauth]
May  8 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29366]: Disconnected from 136.232.11.10 port 44918 [preauth]
May  8 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28123]: pam_unix(cron:session): session closed for user root
May  8 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29412]: Failed password for root from 202.168.179.141 port 55128 ssh2
May  8 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29412]: Received disconnect from 202.168.179.141 port 55128:11: Bye Bye [preauth]
May  8 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29412]: Disconnected from 202.168.179.141 port 55128 [preauth]
May  8 09:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Invalid user ubuntu from 210.79.142.221
May  8 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: input_userauth_request: invalid user ubuntu [preauth]
May  8 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Failed password for invalid user ubuntu from 210.79.142.221 port 55308 ssh2
May  8 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Received disconnect from 210.79.142.221 port 55308:11: Bye Bye [preauth]
May  8 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29433]: Disconnected from 210.79.142.221 port 55308 [preauth]
May  8 09:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Invalid user sxf from 91.200.151.78
May  8 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: input_userauth_request: invalid user sxf [preauth]
May  8 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Failed password for invalid user sxf from 91.200.151.78 port 43786 ssh2
May  8 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Received disconnect from 91.200.151.78 port 43786:11: Bye Bye [preauth]
May  8 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Disconnected from 91.200.151.78 port 43786 [preauth]
May  8 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29496]: pam_unix(cron:session): session closed for user p13x
May  8 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29562]: Successful su for rubyman by root
May  8 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29562]: + ??? root:rubyman
May  8 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352349 of user rubyman.
May  8 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29562]: pam_unix(su:session): session closed for user rubyman
May  8 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352349.
May  8 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26743]: pam_unix(cron:session): session closed for user root
May  8 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29498]: pam_unix(cron:session): session closed for user samftp
May  8 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28539]: pam_unix(cron:session): session closed for user root
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29902]: pam_unix(cron:session): session closed for user p13x
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: Successful su for rubyman by root
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: + ??? root:rubyman
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352354 of user rubyman.
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29967]: pam_unix(su:session): session closed for user rubyman
May  8 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352354.
May  8 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27238]: pam_unix(cron:session): session closed for user root
May  8 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29903]: pam_unix(cron:session): session closed for user samftp
May  8 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28972]: pam_unix(cron:session): session closed for user root
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30293]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30292]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30292]: pam_unix(cron:session): session closed for user p13x
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: Successful su for rubyman by root
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: + ??? root:rubyman
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352357 of user rubyman.
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30356]: pam_unix(su:session): session closed for user rubyman
May  8 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352357.
May  8 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27715]: pam_unix(cron:session): session closed for user root
May  8 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30293]: pam_unix(cron:session): session closed for user samftp
May  8 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Invalid user bot from 190.103.202.7
May  8 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: input_userauth_request: invalid user bot [preauth]
May  8 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Failed password for invalid user bot from 190.103.202.7 port 49834 ssh2
May  8 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: Connection closed by 190.103.202.7 port 49834 [preauth]
May  8 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29500]: pam_unix(cron:session): session closed for user root
May  8 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Invalid user azureuser from 52.170.91.127
May  8 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: input_userauth_request: invalid user azureuser [preauth]
May  8 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 09:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Failed password for invalid user azureuser from 52.170.91.127 port 41190 ssh2
May  8 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Received disconnect from 52.170.91.127 port 41190:11: Bye Bye [preauth]
May  8 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30640]: Disconnected from 52.170.91.127 port 41190 [preauth]
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30695]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30694]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30699]: pam_unix(cron:session): session closed for user root
May  8 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30694]: pam_unix(cron:session): session closed for user p13x
May  8 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30768]: Successful su for rubyman by root
May  8 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30768]: + ??? root:rubyman
May  8 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352361 of user rubyman.
May  8 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30768]: pam_unix(su:session): session closed for user rubyman
May  8 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352361.
May  8 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28122]: pam_unix(cron:session): session closed for user root
May  8 09:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30696]: pam_unix(cron:session): session closed for user root
May  8 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30695]: pam_unix(cron:session): session closed for user samftp
May  8 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for root from 218.92.0.204 port 25242 ssh2
May  8 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31074]: Connection reset by 205.210.31.26 port 61294 [preauth]
May  8 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for root from 218.92.0.204 port 25242 ssh2
May  8 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 09:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Failed password for root from 96.67.59.65 port 48285 ssh2
May  8 09:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Received disconnect from 96.67.59.65 port 48285:11: Bye Bye [preauth]
May  8 09:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31110]: Disconnected from 96.67.59.65 port 48285 [preauth]
May  8 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for root from 218.92.0.204 port 25242 ssh2
May  8 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.11.10  user=root
May  8 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Failed password for root from 136.232.11.10 port 6770 ssh2
May  8 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Received disconnect from 136.232.11.10 port 6770:11: Bye Bye [preauth]
May  8 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31112]: Disconnected from 136.232.11.10 port 6770 [preauth]
May  8 09:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for root from 218.92.0.204 port 25242 ssh2
May  8 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Failed password for root from 218.92.0.204 port 25242 ssh2
May  8 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 25242 ssh2 [preauth]
May  8 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: Disconnecting: Too many authentication failures [preauth]
May  8 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31092]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29905]: pam_unix(cron:session): session closed for user root
May  8 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Failed password for root from 103.193.176.106 port 43830 ssh2
May  8 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Received disconnect from 103.193.176.106 port 43830:11: Bye Bye [preauth]
May  8 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31189]: Disconnected from 103.193.176.106 port 43830 [preauth]
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31229]: pam_unix(cron:session): session closed for user p13x
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: Successful su for rubyman by root
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: + ??? root:rubyman
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352366 of user rubyman.
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31310]: pam_unix(su:session): session closed for user rubyman
May  8 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352366.
May  8 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28538]: pam_unix(cron:session): session closed for user root
May  8 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31230]: pam_unix(cron:session): session closed for user samftp
May  8 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30299]: pam_unix(cron:session): session closed for user root
May  8 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Invalid user jia from 210.79.142.221
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: input_userauth_request: invalid user jia [preauth]
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Invalid user postgres from 103.160.148.170
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: input_userauth_request: invalid user postgres [preauth]
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Failed password for invalid user jia from 210.79.142.221 port 59276 ssh2
May  8 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for invalid user postgres from 103.160.148.170 port 59810 ssh2
May  8 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Received disconnect from 210.79.142.221 port 59276:11: Bye Bye [preauth]
May  8 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31623]: Disconnected from 210.79.142.221 port 59276 [preauth]
May  8 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Received disconnect from 103.160.148.170 port 59810:11: Bye Bye [preauth]
May  8 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Disconnected from 103.160.148.170 port 59810 [preauth]
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user p13x
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: Successful su for rubyman by root
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: + ??? root:rubyman
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352371 of user rubyman.
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31746]: pam_unix(su:session): session closed for user rubyman
May  8 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352371.
May  8 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28971]: pam_unix(cron:session): session closed for user root
May  8 09:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user samftp
May  8 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Invalid user test_1 from 14.103.114.22
May  8 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: input_userauth_request: invalid user test_1 [preauth]
May  8 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.22
May  8 09:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Failed password for invalid user test_1 from 14.103.114.22 port 37718 ssh2
May  8 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Received disconnect from 14.103.114.22 port 37718:11: Bye Bye [preauth]
May  8 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31976]: Disconnected from 14.103.114.22 port 37718 [preauth]
May  8 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: Invalid user lobby from 91.200.151.78
May  8 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: input_userauth_request: invalid user lobby [preauth]
May  8 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.200.151.78
May  8 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30698]: pam_unix(cron:session): session closed for user root
May  8 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: Failed password for invalid user lobby from 91.200.151.78 port 54746 ssh2
May  8 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: Received disconnect from 91.200.151.78 port 54746:11: Bye Bye [preauth]
May  8 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32279]: Disconnected from 91.200.151.78 port 54746 [preauth]
May  8 09:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Invalid user mohamed from 202.168.179.141
May  8 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: input_userauth_request: invalid user mohamed [preauth]
May  8 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32390]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session closed for user p13x
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32461]: Successful su for rubyman by root
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32461]: + ??? root:rubyman
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352374 of user rubyman.
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32461]: pam_unix(su:session): session closed for user rubyman
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352374.
May  8 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Failed password for invalid user mohamed from 202.168.179.141 port 60876 ssh2
May  8 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Received disconnect from 202.168.179.141 port 60876:11: Bye Bye [preauth]
May  8 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Disconnected from 202.168.179.141 port 60876 [preauth]
May  8 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29499]: pam_unix(cron:session): session closed for user root
May  8 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32390]: pam_unix(cron:session): session closed for user samftp
May  8 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31232]: pam_unix(cron:session): session closed for user root
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[511]: pam_unix(cron:session): session closed for user p13x
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[581]: Successful su for rubyman by root
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[581]: + ??? root:rubyman
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352380 of user rubyman.
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[581]: pam_unix(su:session): session closed for user rubyman
May  8 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352380.
May  8 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29904]: pam_unix(cron:session): session closed for user root
May  8 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[512]: pam_unix(cron:session): session closed for user samftp
May  8 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Invalid user nss from 52.170.91.127
May  8 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: input_userauth_request: invalid user nss [preauth]
May  8 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session closed for user root
May  8 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Failed password for invalid user nss from 52.170.91.127 port 49562 ssh2
May  8 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Received disconnect from 52.170.91.127 port 49562:11: Bye Bye [preauth]
May  8 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[871]: Disconnected from 52.170.91.127 port 49562 [preauth]
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[980]: pam_unix(cron:session): session closed for user root
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[975]: pam_unix(cron:session): session closed for user p13x
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Invalid user tidb from 96.67.59.65
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: input_userauth_request: invalid user tidb [preauth]
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: Successful su for rubyman by root
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: + ??? root:rubyman
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352383 of user rubyman.
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1075]: pam_unix(su:session): session closed for user rubyman
May  8 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352383.
May  8 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Failed password for invalid user tidb from 96.67.59.65 port 54837 ssh2
May  8 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Received disconnect from 96.67.59.65 port 54837:11: Bye Bye [preauth]
May  8 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1035]: Disconnected from 96.67.59.65 port 54837 [preauth]
May  8 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[977]: pam_unix(cron:session): session closed for user root
May  8 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30298]: pam_unix(cron:session): session closed for user root
May  8 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[976]: pam_unix(cron:session): session closed for user samftp
May  8 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session closed for user root
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1506]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session closed for user p13x
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: Successful su for rubyman by root
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: + ??? root:rubyman
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352388 of user rubyman.
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: pam_unix(su:session): session closed for user rubyman
May  8 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352388.
May  8 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30697]: pam_unix(cron:session): session closed for user root
May  8 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1506]: pam_unix(cron:session): session closed for user samftp
May  8 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[519]: pam_unix(cron:session): session closed for user root
May  8 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Invalid user test from 103.193.176.106
May  8 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: input_userauth_request: invalid user test [preauth]
May  8 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Failed password for invalid user test from 103.193.176.106 port 40778 ssh2
May  8 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Received disconnect from 103.193.176.106 port 40778:11: Bye Bye [preauth]
May  8 09:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2020]: Disconnected from 103.193.176.106 port 40778 [preauth]
May  8 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2049]: pam_unix(cron:session): session closed for user p13x
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2109]: Successful su for rubyman by root
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2109]: + ??? root:rubyman
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2109]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352394 of user rubyman.
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2109]: pam_unix(su:session): session closed for user rubyman
May  8 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352394.
May  8 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31231]: pam_unix(cron:session): session closed for user root
May  8 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2050]: pam_unix(cron:session): session closed for user samftp
May  8 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Invalid user tomcat from 210.79.142.221
May  8 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: input_userauth_request: invalid user tomcat [preauth]
May  8 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Failed password for invalid user tomcat from 210.79.142.221 port 33702 ssh2
May  8 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Received disconnect from 210.79.142.221 port 33702:11: Bye Bye [preauth]
May  8 09:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2306]: Disconnected from 210.79.142.221 port 33702 [preauth]
May  8 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Invalid user admin from 93.108.120.147
May  8 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: input_userauth_request: invalid user admin [preauth]
May  8 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Failed password for invalid user admin from 93.108.120.147 port 38002 ssh2
May  8 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Received disconnect from 93.108.120.147 port 38002:11: Bye Bye [preauth]
May  8 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2308]: Disconnected from 93.108.120.147 port 38002 [preauth]
May  8 09:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Invalid user odoo from 103.160.148.170
May  8 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: input_userauth_request: invalid user odoo [preauth]
May  8 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Failed password for invalid user odoo from 103.160.148.170 port 55602 ssh2
May  8 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Received disconnect from 103.160.148.170 port 55602:11: Bye Bye [preauth]
May  8 09:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2367]: Disconnected from 103.160.148.170 port 55602 [preauth]
May  8 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[979]: pam_unix(cron:session): session closed for user root
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2474]: pam_unix(cron:session): session closed for user p13x
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2541]: Successful su for rubyman by root
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2541]: + ??? root:rubyman
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352396 of user rubyman.
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2541]: pam_unix(su:session): session closed for user rubyman
May  8 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352396.
May  8 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user root
May  8 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2476]: pam_unix(cron:session): session closed for user samftp
May  8 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Invalid user user from 194.0.234.19
May  8 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: input_userauth_request: invalid user user [preauth]
May  8 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Failed password for invalid user user from 194.0.234.19 port 31748 ssh2
May  8 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2752]: Connection closed by 194.0.234.19 port 31748 [preauth]
May  8 09:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Failed password for root from 218.92.0.252 port 30414 ssh2
May  8 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1508]: pam_unix(cron:session): session closed for user root
May  8 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Received disconnect from 218.92.0.252 port 30414:11:  [preauth]
May  8 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2816]: Disconnected from 218.92.0.252 port 30414 [preauth]
May  8 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user p13x
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3052]: Successful su for rubyman by root
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3052]: + ??? root:rubyman
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352402 of user rubyman.
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3052]: pam_unix(su:session): session closed for user rubyman
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352402.
May  8 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2917]: pam_unix(cron:session): session closed for user root
May  8 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32395]: pam_unix(cron:session): session closed for user root
May  8 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user samftp
May  8 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141  user=root
May  8 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session closed for user root
May  8 09:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Failed password for root from 202.168.179.141 port 38392 ssh2
May  8 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Received disconnect from 202.168.179.141 port 38392:11: Bye Bye [preauth]
May  8 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Disconnected from 202.168.179.141 port 38392 [preauth]
May  8 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Failed password for root from 52.170.91.127 port 41274 ssh2
May  8 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Received disconnect from 52.170.91.127 port 41274:11: Bye Bye [preauth]
May  8 09:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3366]: Disconnected from 52.170.91.127 port 41274 [preauth]
May  8 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Invalid user diana from 96.67.59.65
May  8 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: input_userauth_request: invalid user diana [preauth]
May  8 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Failed password for invalid user diana from 96.67.59.65 port 52022 ssh2
May  8 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Received disconnect from 96.67.59.65 port 52022:11: Bye Bye [preauth]
May  8 09:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Disconnected from 96.67.59.65 port 52022 [preauth]
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3456]: pam_unix(cron:session): session closed for user root
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session closed for user p13x
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: Successful su for rubyman by root
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: + ??? root:rubyman
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352405 of user rubyman.
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3523]: pam_unix(su:session): session closed for user rubyman
May  8 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352405.
May  8 09:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user root
May  8 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[517]: pam_unix(cron:session): session closed for user root
May  8 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session closed for user samftp
May  8 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session closed for user root
May  8 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3904]: pam_unix(cron:session): session closed for user p13x
May  8 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: Successful su for rubyman by root
May  8 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: + ??? root:rubyman
May  8 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352412 of user rubyman.
May  8 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4009]: pam_unix(su:session): session closed for user rubyman
May  8 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352412.
May  8 09:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[978]: pam_unix(cron:session): session closed for user root
May  8 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3905]: pam_unix(cron:session): session closed for user samftp
May  8 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4156]: Connection closed by 103.29.69.96 port 45140 [preauth]
May  8 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session closed for user root
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4500]: pam_unix(cron:session): session closed for user p13x
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: Successful su for rubyman by root
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: + ??? root:rubyman
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352415 of user rubyman.
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4572]: pam_unix(su:session): session closed for user rubyman
May  8 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352415.
May  8 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1507]: pam_unix(cron:session): session closed for user root
May  8 09:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4501]: pam_unix(cron:session): session closed for user samftp
May  8 09:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Invalid user VPN from 210.79.142.221
May  8 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: input_userauth_request: invalid user VPN [preauth]
May  8 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3455]: pam_unix(cron:session): session closed for user root
May  8 09:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Failed password for invalid user VPN from 210.79.142.221 port 51294 ssh2
May  8 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Received disconnect from 210.79.142.221 port 51294:11: Bye Bye [preauth]
May  8 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Disconnected from 210.79.142.221 port 51294 [preauth]
May  8 09:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Invalid user postgres from 103.193.176.106
May  8 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: input_userauth_request: invalid user postgres [preauth]
May  8 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 09:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Failed password for invalid user postgres from 103.193.176.106 port 51734 ssh2
May  8 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Received disconnect from 103.193.176.106 port 51734:11: Bye Bye [preauth]
May  8 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4897]: Disconnected from 103.193.176.106 port 51734 [preauth]
May  8 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4941]: pam_unix(cron:session): session closed for user p13x
May  8 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5185]: Successful su for rubyman by root
May  8 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5185]: + ??? root:rubyman
May  8 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352421 of user rubyman.
May  8 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5185]: pam_unix(su:session): session closed for user rubyman
May  8 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352421.
May  8 09:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session closed for user root
May  8 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4942]: pam_unix(cron:session): session closed for user samftp
May  8 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Failed password for root from 103.160.148.170 port 45978 ssh2
May  8 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Received disconnect from 103.160.148.170 port 45978:11: Bye Bye [preauth]
May  8 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5313]: Disconnected from 103.160.148.170 port 45978 [preauth]
May  8 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3907]: pam_unix(cron:session): session closed for user root
May  8 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5589]: pam_unix(cron:session): session closed for user p13x
May  8 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: Successful su for rubyman by root
May  8 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: + ??? root:rubyman
May  8 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352423 of user rubyman.
May  8 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5666]: pam_unix(su:session): session closed for user rubyman
May  8 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352423.
May  8 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2477]: pam_unix(cron:session): session closed for user root
May  8 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5590]: pam_unix(cron:session): session closed for user samftp
May  8 09:44:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Invalid user hdfs from 96.67.59.65
May  8 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: input_userauth_request: invalid user hdfs [preauth]
May  8 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Failed password for invalid user hdfs from 96.67.59.65 port 51676 ssh2
May  8 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Received disconnect from 96.67.59.65 port 51676:11: Bye Bye [preauth]
May  8 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: Disconnected from 96.67.59.65 port 51676 [preauth]
May  8 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: Invalid user cognos from 52.170.91.127
May  8 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: input_userauth_request: invalid user cognos [preauth]
May  8 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: Failed password for invalid user cognos from 52.170.91.127 port 60520 ssh2
May  8 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: Received disconnect from 52.170.91.127 port 60520:11: Bye Bye [preauth]
May  8 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6030]: Disconnected from 52.170.91.127 port 60520 [preauth]
May  8 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session closed for user root
May  8 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for root from 212.83.130.207 port 35914 ssh2
May  8 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Received disconnect from 212.83.130.207 port 35914:11: Bye Bye [preauth]
May  8 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Disconnected from 212.83.130.207 port 35914 [preauth]
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session closed for user root
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6130]: pam_unix(cron:session): session closed for user p13x
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6201]: Successful su for rubyman by root
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6201]: + ??? root:rubyman
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6201]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352429 of user rubyman.
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6201]: pam_unix(su:session): session closed for user rubyman
May  8 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352429.
May  8 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6133]: pam_unix(cron:session): session closed for user root
May  8 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session closed for user root
May  8 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6132]: pam_unix(cron:session): session closed for user samftp
May  8 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4946]: pam_unix(cron:session): session closed for user root
May  8 09:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Invalid user 2 from 195.178.110.50
May  8 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: input_userauth_request: invalid user 2 [preauth]
May  8 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Failed password for invalid user 2 from 195.178.110.50 port 21270 ssh2
May  8 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6514]: Connection closed by 195.178.110.50 port 21270 [preauth]
May  8 09:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6566]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6563]: pam_unix(cron:session): session closed for user p13x
May  8 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: Successful su for rubyman by root
May  8 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: + ??? root:rubyman
May  8 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352433 of user rubyman.
May  8 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6635]: pam_unix(su:session): session closed for user rubyman
May  8 09:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352433.
May  8 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3454]: pam_unix(cron:session): session closed for user root
May  8 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6564]: pam_unix(cron:session): session closed for user samftp
May  8 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Invalid user ; from 195.178.110.50
May  8 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: input_userauth_request: invalid user ; [preauth]
May  8 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 09:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for invalid user ; from 195.178.110.50 port 4594 ssh2
May  8 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Connection closed by 195.178.110.50 port 4594 [preauth]
May  8 09:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Invalid user D from 195.178.110.50
May  8 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: input_userauth_request: invalid user D [preauth]
May  8 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5592]: pam_unix(cron:session): session closed for user root
May  8 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Failed password for invalid user D from 195.178.110.50 port 49932 ssh2
May  8 09:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6860]: Connection closed by 195.178.110.50 port 49932 [preauth]
May  8 09:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Invalid user M from 195.178.110.50
May  8 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: input_userauth_request: invalid user M [preauth]
May  8 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 09:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Failed password for invalid user M from 195.178.110.50 port 51096 ssh2
May  8 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7019]: Connection closed by 195.178.110.50 port 51096 [preauth]
May  8 09:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7095]: pam_unix(cron:session): session closed for user p13x
May  8 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7165]: Successful su for rubyman by root
May  8 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7165]: + ??? root:rubyman
May  8 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352438 of user rubyman.
May  8 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7165]: pam_unix(su:session): session closed for user rubyman
May  8 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352438.
May  8 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3906]: pam_unix(cron:session): session closed for user root
May  8 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7096]: pam_unix(cron:session): session closed for user samftp
May  8 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Invalid user V from 195.178.110.50
May  8 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: input_userauth_request: invalid user V [preauth]
May  8 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 09:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Failed password for invalid user V from 195.178.110.50 port 54698 ssh2
May  8 09:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7082]: Connection closed by 195.178.110.50 port 54698 [preauth]
May  8 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session closed for user root
May  8 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Invalid user sxb from 202.168.179.141
May  8 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: input_userauth_request: invalid user sxb [preauth]
May  8 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 09:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Failed password for invalid user sxb from 202.168.179.141 port 44136 ssh2
May  8 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Received disconnect from 202.168.179.141 port 44136:11: Bye Bye [preauth]
May  8 09:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7432]: Disconnected from 202.168.179.141 port 44136 [preauth]
May  8 09:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 09:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Failed password for root from 210.79.142.221 port 53160 ssh2
May  8 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Received disconnect from 210.79.142.221 port 53160:11: Bye Bye [preauth]
May  8 09:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7483]: Disconnected from 210.79.142.221 port 53160 [preauth]
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7599]: pam_unix(cron:session): session closed for user p13x
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: Successful su for rubyman by root
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: + ??? root:rubyman
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352442 of user rubyman.
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7669]: pam_unix(su:session): session closed for user rubyman
May  8 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352442.
May  8 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session closed for user root
May  8 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7600]: pam_unix(cron:session): session closed for user samftp
May  8 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6566]: pam_unix(cron:session): session closed for user root
May  8 09:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Failed password for root from 96.67.59.65 port 44400 ssh2
May  8 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Received disconnect from 96.67.59.65 port 44400:11: Bye Bye [preauth]
May  8 09:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7967]: Disconnected from 96.67.59.65 port 44400 [preauth]
May  8 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Invalid user test from 103.160.148.170
May  8 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: input_userauth_request: invalid user test [preauth]
May  8 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 09:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Failed password for invalid user test from 103.160.148.170 port 40034 ssh2
May  8 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Failed password for root from 103.193.176.106 port 38906 ssh2
May  8 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Received disconnect from 103.160.148.170 port 40034:11: Bye Bye [preauth]
May  8 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7980]: Disconnected from 103.160.148.170 port 40034 [preauth]
May  8 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Received disconnect from 103.193.176.106 port 38906:11: Bye Bye [preauth]
May  8 09:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7982]: Disconnected from 103.193.176.106 port 38906 [preauth]
May  8 09:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Invalid user telecomadmin from 85.208.84.5
May  8 09:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: input_userauth_request: invalid user telecomadmin [preauth]
May  8 09:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Failed password for invalid user telecomadmin from 85.208.84.5 port 57348 ssh2
May  8 09:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8013]: Connection closed by 85.208.84.5 port 57348 [preauth]
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8032]: pam_unix(cron:session): session closed for user p13x
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8098]: Successful su for rubyman by root
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8098]: + ??? root:rubyman
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8098]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352445 of user rubyman.
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8098]: pam_unix(su:session): session closed for user rubyman
May  8 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352445.
May  8 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session closed for user root
May  8 09:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8033]: pam_unix(cron:session): session closed for user samftp
May  8 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7098]: pam_unix(cron:session): session closed for user root
May  8 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Failed password for root from 52.170.91.127 port 49064 ssh2
May  8 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Received disconnect from 52.170.91.127 port 49064:11: Bye Bye [preauth]
May  8 09:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Disconnected from 52.170.91.127 port 49064 [preauth]
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8477]: pam_unix(cron:session): session closed for user root
May  8 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8472]: pam_unix(cron:session): session closed for user p13x
May  8 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: Successful su for rubyman by root
May  8 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: + ??? root:rubyman
May  8 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352452 of user rubyman.
May  8 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8551]: pam_unix(su:session): session closed for user rubyman
May  8 09:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352452.
May  8 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session closed for user root
May  8 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5591]: pam_unix(cron:session): session closed for user root
May  8 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session closed for user samftp
May  8 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7602]: pam_unix(cron:session): session closed for user root
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8929]: pam_unix(cron:session): session closed for user p13x
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9000]: Successful su for rubyman by root
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9000]: + ??? root:rubyman
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352455 of user rubyman.
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9000]: pam_unix(su:session): session closed for user rubyman
May  8 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352455.
May  8 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session closed for user root
May  8 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8930]: pam_unix(cron:session): session closed for user samftp
May  8 09:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8035]: pam_unix(cron:session): session closed for user root
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9460]: pam_unix(cron:session): session closed for user p13x
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9523]: Successful su for rubyman by root
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9523]: + ??? root:rubyman
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352459 of user rubyman.
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9523]: pam_unix(su:session): session closed for user rubyman
May  8 09:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352459.
May  8 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6565]: pam_unix(cron:session): session closed for user root
May  8 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9462]: pam_unix(cron:session): session closed for user samftp
May  8 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session closed for user root
May  8 09:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Invalid user pgsql from 93.108.120.147
May  8 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: input_userauth_request: invalid user pgsql [preauth]
May  8 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.108.120.147
May  8 09:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Failed password for invalid user pgsql from 93.108.120.147 port 45432 ssh2
May  8 09:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Received disconnect from 93.108.120.147 port 45432:11: Bye Bye [preauth]
May  8 09:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Disconnected from 93.108.120.147 port 45432 [preauth]
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9862]: pam_unix(cron:session): session closed for user p13x
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Invalid user esuser from 96.67.59.65
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: input_userauth_request: invalid user esuser [preauth]
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: Successful su for rubyman by root
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: + ??? root:rubyman
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352464 of user rubyman.
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9924]: pam_unix(su:session): session closed for user rubyman
May  8 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352464.
May  8 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Failed password for invalid user esuser from 96.67.59.65 port 41633 ssh2
May  8 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Received disconnect from 96.67.59.65 port 41633:11: Bye Bye [preauth]
May  8 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9859]: Disconnected from 96.67.59.65 port 41633 [preauth]
May  8 09:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7097]: pam_unix(cron:session): session closed for user root
May  8 09:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9865]: pam_unix(cron:session): session closed for user samftp
May  8 09:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 09:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Failed password for root from 210.79.142.221 port 46524 ssh2
May  8 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Received disconnect from 210.79.142.221 port 46524:11: Bye Bye [preauth]
May  8 09:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10121]: Disconnected from 210.79.142.221 port 46524 [preauth]
May  8 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8932]: pam_unix(cron:session): session closed for user root
May  8 09:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Invalid user huy from 202.168.179.141
May  8 09:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: input_userauth_request: invalid user huy [preauth]
May  8 09:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session closed for user p13x
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10428]: Successful su for rubyman by root
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10428]: + ??? root:rubyman
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10428]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352468 of user rubyman.
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10428]: pam_unix(su:session): session closed for user rubyman
May  8 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352468.
May  8 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Failed password for invalid user huy from 202.168.179.141 port 49930 ssh2
May  8 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Received disconnect from 202.168.179.141 port 49930:11: Bye Bye [preauth]
May  8 09:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10349]: Disconnected from 202.168.179.141 port 49930 [preauth]
May  8 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7601]: pam_unix(cron:session): session closed for user root
May  8 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session closed for user samftp
May  8 09:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Invalid user test from 103.160.148.170
May  8 09:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: input_userauth_request: invalid user test [preauth]
May  8 09:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170
May  8 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Failed password for invalid user test from 103.160.148.170 port 42184 ssh2
May  8 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Received disconnect from 103.160.148.170 port 42184:11: Bye Bye [preauth]
May  8 09:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10688]: Disconnected from 103.160.148.170 port 42184 [preauth]
May  8 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Invalid user jasper from 52.170.91.127
May  8 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: input_userauth_request: invalid user jasper [preauth]
May  8 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Failed password for invalid user jasper from 52.170.91.127 port 53880 ssh2
May  8 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Received disconnect from 52.170.91.127 port 53880:11: Bye Bye [preauth]
May  8 09:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Disconnected from 52.170.91.127 port 53880 [preauth]
May  8 09:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9465]: pam_unix(cron:session): session closed for user root
May  8 09:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Failed password for root from 103.193.176.106 port 40318 ssh2
May  8 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Received disconnect from 103.193.176.106 port 40318:11: Bye Bye [preauth]
May  8 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10818]: Disconnected from 103.193.176.106 port 40318 [preauth]
May  8 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Invalid user admin from 80.94.95.112
May  8 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: input_userauth_request: invalid user admin [preauth]
May  8 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:54:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user admin from 80.94.95.112 port 33730 ssh2
May  8 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:54:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user admin from 80.94.95.112 port 33730 ssh2
May  8 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Failed password for root from 212.83.130.207 port 46020 ssh2
May  8 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Received disconnect from 212.83.130.207 port 46020:11: Bye Bye [preauth]
May  8 09:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10830]: Disconnected from 212.83.130.207 port 46020 [preauth]
May  8 09:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user admin from 80.94.95.112 port 33730 ssh2
May  8 09:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user admin from 80.94.95.112 port 33730 ssh2
May  8 09:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Failed password for invalid user admin from 80.94.95.112 port 33730 ssh2
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10857]: pam_unix(cron:session): session closed for user root
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10852]: pam_unix(cron:session): session closed for user p13x
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Received disconnect from 80.94.95.112 port 33730:11: Bye [preauth]
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: Disconnected from 80.94.95.112 port 33730 [preauth]
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10828]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: Successful su for rubyman by root
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: + ??? root:rubyman
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352476 of user rubyman.
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10918]: pam_unix(su:session): session closed for user rubyman
May  8 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352476.
May  8 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10854]: pam_unix(cron:session): session closed for user root
May  8 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8034]: pam_unix(cron:session): session closed for user root
May  8 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10853]: pam_unix(cron:session): session closed for user samftp
May  8 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9867]: pam_unix(cron:session): session closed for user root
May  8 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11271]: pam_unix(cron:session): session closed for user p13x
May  8 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: Successful su for rubyman by root
May  8 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: + ??? root:rubyman
May  8 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352478 of user rubyman.
May  8 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11337]: pam_unix(su:session): session closed for user rubyman
May  8 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352478.
May  8 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8475]: pam_unix(cron:session): session closed for user root
May  8 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11272]: pam_unix(cron:session): session closed for user samftp
May  8 09:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 09:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Failed password for root from 80.94.95.241 port 63492 ssh2
May  8 09:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: message repeated 2 times: [ Failed password for root from 80.94.95.241 port 63492 ssh2]
May  8 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10355]: pam_unix(cron:session): session closed for user root
May  8 09:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Failed password for root from 80.94.95.241 port 63492 ssh2
May  8 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Failed password for root from 80.94.95.241 port 63492 ssh2
May  8 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Received disconnect from 80.94.95.241 port 63492:11: Bye [preauth]
May  8 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: Disconnected from 80.94.95.241 port 63492 [preauth]
May  8 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 09:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11571]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11676]: pam_unix(cron:session): session closed for user p13x
May  8 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11738]: Successful su for rubyman by root
May  8 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11738]: + ??? root:rubyman
May  8 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352482 of user rubyman.
May  8 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11738]: pam_unix(su:session): session closed for user rubyman
May  8 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352482.
May  8 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8931]: pam_unix(cron:session): session closed for user root
May  8 09:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11677]: pam_unix(cron:session): session closed for user samftp
May  8 09:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Invalid user wxf from 96.67.59.65
May  8 09:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: input_userauth_request: invalid user wxf [preauth]
May  8 09:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 09:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10856]: pam_unix(cron:session): session closed for user root
May  8 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Failed password for invalid user wxf from 96.67.59.65 port 47381 ssh2
May  8 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Received disconnect from 96.67.59.65 port 47381:11: Bye Bye [preauth]
May  8 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11991]: Disconnected from 96.67.59.65 port 47381 [preauth]
May  8 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12074]: pam_unix(cron:session): session closed for user p13x
May  8 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12136]: Successful su for rubyman by root
May  8 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12136]: + ??? root:rubyman
May  8 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352486 of user rubyman.
May  8 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12136]: pam_unix(su:session): session closed for user rubyman
May  8 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352486.
May  8 09:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9463]: pam_unix(cron:session): session closed for user root
May  8 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12075]: pam_unix(cron:session): session closed for user samftp
May  8 09:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12366]: Connection closed by 80.94.95.115 port 16932 [preauth]
May  8 09:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Failed password for root from 210.79.142.221 port 33960 ssh2
May  8 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Received disconnect from 210.79.142.221 port 33960:11: Bye Bye [preauth]
May  8 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12396]: Disconnected from 210.79.142.221 port 33960 [preauth]
May  8 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11274]: pam_unix(cron:session): session closed for user root
May  8 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12482]: pam_unix(cron:session): session closed for user p13x
May  8 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: Successful su for rubyman by root
May  8 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: + ??? root:rubyman
May  8 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352489 of user rubyman.
May  8 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12541]: pam_unix(su:session): session closed for user rubyman
May  8 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352489.
May  8 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9866]: pam_unix(cron:session): session closed for user root
May  8 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12483]: pam_unix(cron:session): session closed for user samftp
May  8 09:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Failed password for root from 212.83.130.207 port 39360 ssh2
May  8 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Received disconnect from 212.83.130.207 port 39360:11: Bye Bye [preauth]
May  8 09:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12716]: Disconnected from 212.83.130.207 port 39360 [preauth]
May  8 09:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Invalid user web from 52.170.91.127
May  8 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: input_userauth_request: invalid user web [preauth]
May  8 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): check pass; user unknown
May  8 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Failed password for invalid user web from 52.170.91.127 port 53628 ssh2
May  8 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Received disconnect from 52.170.91.127 port 53628:11: Bye Bye [preauth]
May  8 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12762]: Disconnected from 52.170.91.127 port 53628 [preauth]
May  8 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11679]: pam_unix(cron:session): session closed for user root
May  8 09:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 09:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.160.148.170  user=root
May  8 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Failed password for root from 103.160.148.170 port 44008 ssh2
May  8 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Received disconnect from 103.160.148.170 port 44008:11: Bye Bye [preauth]
May  8 09:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12844]: Disconnected from 103.160.148.170 port 44008 [preauth]
May  8 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12874]: pam_unix(cron:session): session closed for user root
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12879]: pam_unix(cron:session): session closed for user root
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12872]: pam_unix(cron:session): session closed for user p13x
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: Successful su for rubyman by root
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: + ??? root:rubyman
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352497 of user rubyman.
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12967]: pam_unix(su:session): session closed for user rubyman
May  8 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352497.
May  8 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user root
May  8 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12875]: pam_unix(cron:session): session closed for user root
May  8 10:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12873]: pam_unix(cron:session): session closed for user samftp
May  8 10:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Invalid user minecraft from 202.168.179.141
May  8 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: input_userauth_request: invalid user minecraft [preauth]
May  8 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 10:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Failed password for invalid user minecraft from 202.168.179.141 port 55640 ssh2
May  8 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Received disconnect from 202.168.179.141 port 55640:11: Bye Bye [preauth]
May  8 10:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13194]: Disconnected from 202.168.179.141 port 55640 [preauth]
May  8 10:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132  user=root
May  8 10:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Failed password for root from 81.70.167.132 port 39630 ssh2
May  8 10:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Received disconnect from 81.70.167.132 port 39630:11: Bye Bye [preauth]
May  8 10:00:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Disconnected from 81.70.167.132 port 39630 [preauth]
May  8 10:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Invalid user abc123 from 85.208.84.134
May  8 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: input_userauth_request: invalid user abc123 [preauth]
May  8 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: Invalid user db2inst1 from 50.235.31.47
May  8 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: input_userauth_request: invalid user db2inst1 [preauth]
May  8 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12077]: pam_unix(cron:session): session closed for user root
May  8 10:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Failed password for invalid user abc123 from 85.208.84.134 port 47040 ssh2
May  8 10:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13257]: Connection closed by 85.208.84.134 port 47040 [preauth]
May  8 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: Failed password for invalid user db2inst1 from 50.235.31.47 port 43540 ssh2
May  8 10:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13259]: Connection closed by 50.235.31.47 port 43540 [preauth]
May  8 10:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106  user=root
May  8 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Failed password for root from 103.193.176.106 port 41838 ssh2
May  8 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Received disconnect from 103.193.176.106 port 41838:11: Bye Bye [preauth]
May  8 10:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Disconnected from 103.193.176.106 port 41838 [preauth]
May  8 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13381]: pam_unix(cron:session): session closed for user p13x
May  8 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13535]: Successful su for rubyman by root
May  8 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13535]: + ??? root:rubyman
May  8 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352501 of user rubyman.
May  8 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13535]: pam_unix(su:session): session closed for user rubyman
May  8 10:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352501.
May  8 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10855]: pam_unix(cron:session): session closed for user root
May  8 10:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13382]: pam_unix(cron:session): session closed for user samftp
May  8 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12485]: pam_unix(cron:session): session closed for user root
May  8 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13895]: pam_unix(cron:session): session closed for user p13x
May  8 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13956]: Successful su for rubyman by root
May  8 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13956]: + ??? root:rubyman
May  8 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352506 of user rubyman.
May  8 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13956]: pam_unix(su:session): session closed for user rubyman
May  8 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352506.
May  8 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11273]: pam_unix(cron:session): session closed for user root
May  8 10:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13896]: pam_unix(cron:session): session closed for user samftp
May  8 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Invalid user openvpn from 96.67.59.65
May  8 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: input_userauth_request: invalid user openvpn [preauth]
May  8 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65
May  8 10:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Failed password for invalid user openvpn from 96.67.59.65 port 52966 ssh2
May  8 10:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Received disconnect from 96.67.59.65 port 52966:11: Bye Bye [preauth]
May  8 10:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14143]: Disconnected from 96.67.59.65 port 52966 [preauth]
May  8 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12878]: pam_unix(cron:session): session closed for user root
May  8 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14298]: pam_unix(cron:session): session closed for user p13x
May  8 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: Successful su for rubyman by root
May  8 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: + ??? root:rubyman
May  8 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352508 of user rubyman.
May  8 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14360]: pam_unix(su:session): session closed for user rubyman
May  8 10:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352508.
May  8 10:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11678]: pam_unix(cron:session): session closed for user root
May  8 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14299]: pam_unix(cron:session): session closed for user samftp
May  8 10:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Invalid user eder from 212.83.130.207
May  8 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: input_userauth_request: invalid user eder [preauth]
May  8 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Failed password for invalid user eder from 212.83.130.207 port 40820 ssh2
May  8 10:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Received disconnect from 212.83.130.207 port 40820:11: Bye Bye [preauth]
May  8 10:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14600]: Disconnected from 212.83.130.207 port 40820 [preauth]
May  8 10:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user root
May  8 10:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Failed password for root from 210.79.142.221 port 58080 ssh2
May  8 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Received disconnect from 210.79.142.221 port 58080:11: Bye Bye [preauth]
May  8 10:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14699]: Disconnected from 210.79.142.221 port 58080 [preauth]
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14711]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14710]: pam_unix(cron:session): session closed for user p13x
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14772]: Successful su for rubyman by root
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14772]: + ??? root:rubyman
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352513 of user rubyman.
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14772]: pam_unix(su:session): session closed for user rubyman
May  8 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352513.
May  8 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12076]: pam_unix(cron:session): session closed for user root
May  8 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14711]: pam_unix(cron:session): session closed for user samftp
May  8 10:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Invalid user amssys from 193.70.84.184
May  8 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: input_userauth_request: invalid user amssys [preauth]
May  8 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Failed password for invalid user amssys from 193.70.84.184 port 59552 ssh2
May  8 10:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15015]: Connection closed by 193.70.84.184 port 59552 [preauth]
May  8 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Failed password for root from 52.170.91.127 port 58298 ssh2
May  8 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Received disconnect from 52.170.91.127 port 58298:11: Bye Bye [preauth]
May  8 10:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15031]: Disconnected from 52.170.91.127 port 58298 [preauth]
May  8 10:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13898]: pam_unix(cron:session): session closed for user root
May  8 10:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Invalid user test from 80.94.95.116
May  8 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: input_userauth_request: invalid user test [preauth]
May  8 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 10:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Failed password for invalid user test from 80.94.95.116 port 25370 ssh2
May  8 10:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15098]: Connection closed by 80.94.95.116 port 25370 [preauth]
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15132]: pam_unix(cron:session): session closed for user root
May  8 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15127]: pam_unix(cron:session): session closed for user p13x
May  8 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: Successful su for rubyman by root
May  8 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: + ??? root:rubyman
May  8 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352518 of user rubyman.
May  8 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15193]: pam_unix(su:session): session closed for user rubyman
May  8 10:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352518.
May  8 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15129]: pam_unix(cron:session): session closed for user root
May  8 10:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12484]: pam_unix(cron:session): session closed for user root
May  8 10:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15128]: pam_unix(cron:session): session closed for user samftp
May  8 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14301]: pam_unix(cron:session): session closed for user root
May  8 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: Invalid user jorge from 81.70.167.132
May  8 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: input_userauth_request: invalid user jorge [preauth]
May  8 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  8 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: Failed password for invalid user jorge from 81.70.167.132 port 33808 ssh2
May  8 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: Received disconnect from 81.70.167.132 port 33808:11: Bye Bye [preauth]
May  8 10:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15485]: Disconnected from 81.70.167.132 port 33808 [preauth]
May  8 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15548]: pam_unix(cron:session): session closed for user p13x
May  8 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15617]: Successful su for rubyman by root
May  8 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15617]: + ??? root:rubyman
May  8 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352522 of user rubyman.
May  8 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15617]: pam_unix(su:session): session closed for user rubyman
May  8 10:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352522.
May  8 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12876]: pam_unix(cron:session): session closed for user root
May  8 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15549]: pam_unix(cron:session): session closed for user samftp
May  8 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14713]: pam_unix(cron:session): session closed for user root
May  8 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Invalid user aramos from 202.168.179.141
May  8 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: input_userauth_request: invalid user aramos [preauth]
May  8 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.179.141
May  8 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Failed password for invalid user aramos from 202.168.179.141 port 33124 ssh2
May  8 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Received disconnect from 202.168.179.141 port 33124:11: Bye Bye [preauth]
May  8 10:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15878]: Disconnected from 202.168.179.141 port 33124 [preauth]
May  8 10:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.67.59.65  user=root
May  8 10:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Failed password for root from 96.67.59.65 port 58499 ssh2
May  8 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Received disconnect from 96.67.59.65 port 58499:11: Bye Bye [preauth]
May  8 10:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15920]: Disconnected from 96.67.59.65 port 58499 [preauth]
May  8 10:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Invalid user odoo from 103.193.176.106
May  8 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: input_userauth_request: invalid user odoo [preauth]
May  8 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.193.176.106
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15960]: pam_unix(cron:session): session closed for user p13x
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: Successful su for rubyman by root
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: + ??? root:rubyman
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352526 of user rubyman.
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16025]: pam_unix(su:session): session closed for user rubyman
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352526.
May  8 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Failed password for invalid user odoo from 103.193.176.106 port 58626 ssh2
May  8 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Received disconnect from 103.193.176.106 port 58626:11: Bye Bye [preauth]
May  8 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15957]: Disconnected from 103.193.176.106 port 58626 [preauth]
May  8 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13383]: pam_unix(cron:session): session closed for user root
May  8 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Invalid user frappe from 164.68.105.9
May  8 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: input_userauth_request: invalid user frappe [preauth]
May  8 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 10:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15961]: pam_unix(cron:session): session closed for user samftp
May  8 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Failed password for invalid user frappe from 164.68.105.9 port 60906 ssh2
May  8 10:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16181]: Connection closed by 164.68.105.9 port 60906 [preauth]
May  8 10:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15131]: pam_unix(cron:session): session closed for user root
May  8 10:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Invalid user csii from 212.83.130.207
May  8 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: input_userauth_request: invalid user csii [preauth]
May  8 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Failed password for invalid user csii from 212.83.130.207 port 54970 ssh2
May  8 10:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Received disconnect from 212.83.130.207 port 54970:11: Bye Bye [preauth]
May  8 10:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Disconnected from 212.83.130.207 port 54970 [preauth]
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16347]: pam_unix(cron:session): session closed for user p13x
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: Successful su for rubyman by root
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: + ??? root:rubyman
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352532 of user rubyman.
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16404]: pam_unix(su:session): session closed for user rubyman
May  8 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352532.
May  8 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13897]: pam_unix(cron:session): session closed for user root
May  8 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16348]: pam_unix(cron:session): session closed for user samftp
May  8 10:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: Failed password for root from 193.70.2.2 port 56292 ssh2
May  8 10:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: Received disconnect from 193.70.2.2 port 56292:11: Bye Bye [preauth]
May  8 10:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16703]: Disconnected from 193.70.2.2 port 56292 [preauth]
May  8 10:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15552]: pam_unix(cron:session): session closed for user root
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16803]: pam_unix(cron:session): session closed for user p13x
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16947]: Successful su for rubyman by root
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16947]: + ??? root:rubyman
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352536 of user rubyman.
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16947]: pam_unix(su:session): session closed for user rubyman
May  8 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352536.
May  8 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16801]: pam_unix(cron:session): session closed for user root
May  8 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14300]: pam_unix(cron:session): session closed for user root
May  8 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16804]: pam_unix(cron:session): session closed for user samftp
May  8 10:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Failed password for root from 176.109.92.170 port 62342 ssh2
May  8 10:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Received disconnect from 176.109.92.170 port 62342:11: Bye Bye [preauth]
May  8 10:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17192]: Disconnected from 176.109.92.170 port 62342 [preauth]
May  8 10:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Invalid user admin from 210.79.142.221
May  8 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: input_userauth_request: invalid user admin [preauth]
May  8 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 10:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Invalid user nextcloud from 52.170.91.127
May  8 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: input_userauth_request: invalid user nextcloud [preauth]
May  8 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 10:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Failed password for invalid user admin from 210.79.142.221 port 34906 ssh2
May  8 10:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Received disconnect from 210.79.142.221 port 34906:11: Bye Bye [preauth]
May  8 10:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17206]: Disconnected from 210.79.142.221 port 34906 [preauth]
May  8 10:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Failed password for invalid user nextcloud from 52.170.91.127 port 34768 ssh2
May  8 10:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Received disconnect from 52.170.91.127 port 34768:11: Bye Bye [preauth]
May  8 10:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17209]: Disconnected from 52.170.91.127 port 34768 [preauth]
May  8 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15963]: pam_unix(cron:session): session closed for user root
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17331]: pam_unix(cron:session): session closed for user root
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17325]: pam_unix(cron:session): session closed for user p13x
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: Successful su for rubyman by root
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: + ??? root:rubyman
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352540 of user rubyman.
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17393]: pam_unix(su:session): session closed for user rubyman
May  8 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352540.
May  8 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14712]: pam_unix(cron:session): session closed for user root
May  8 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17327]: pam_unix(cron:session): session closed for user root
May  8 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17326]: pam_unix(cron:session): session closed for user samftp
May  8 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16350]: pam_unix(cron:session): session closed for user root
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17790]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17790]: pam_unix(cron:session): session closed for user p13x
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: Successful su for rubyman by root
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: + ??? root:rubyman
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352547 of user rubyman.
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17950]: pam_unix(su:session): session closed for user rubyman
May  8 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352547.
May  8 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15130]: pam_unix(cron:session): session closed for user root
May  8 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17791]: pam_unix(cron:session): session closed for user samftp
May  8 10:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16806]: pam_unix(cron:session): session closed for user root
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18305]: pam_unix(cron:session): session closed for user p13x
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: Successful su for rubyman by root
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: + ??? root:rubyman
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352551 of user rubyman.
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18370]: pam_unix(su:session): session closed for user rubyman
May  8 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352551.
May  8 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Invalid user joanne from 212.83.130.207
May  8 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: input_userauth_request: invalid user joanne [preauth]
May  8 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15551]: pam_unix(cron:session): session closed for user root
May  8 10:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18306]: pam_unix(cron:session): session closed for user samftp
May  8 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Failed password for invalid user joanne from 212.83.130.207 port 32880 ssh2
May  8 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Received disconnect from 212.83.130.207 port 32880:11: Bye Bye [preauth]
May  8 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18456]: Disconnected from 212.83.130.207 port 32880 [preauth]
May  8 10:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Invalid user hxeadm from 80.94.95.241
May  8 10:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: input_userauth_request: invalid user hxeadm [preauth]
May  8 10:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user hxeadm from 80.94.95.241 port 62525 ssh2
May  8 10:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user hxeadm from 80.94.95.241 port 62525 ssh2
May  8 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17330]: pam_unix(cron:session): session closed for user root
May  8 10:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user hxeadm from 80.94.95.241 port 62525 ssh2
May  8 10:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user hxeadm from 80.94.95.241 port 62525 ssh2
May  8 10:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Failed password for invalid user hxeadm from 80.94.95.241 port 62525 ssh2
May  8 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Received disconnect from 80.94.95.241 port 62525:11: Bye [preauth]
May  8 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: Disconnected from 80.94.95.241 port 62525 [preauth]
May  8 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 10:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18623]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18713]: pam_unix(cron:session): session closed for user p13x
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: Successful su for rubyman by root
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: + ??? root:rubyman
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352554 of user rubyman.
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18782]: pam_unix(su:session): session closed for user rubyman
May  8 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352554.
May  8 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15962]: pam_unix(cron:session): session closed for user root
May  8 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18714]: pam_unix(cron:session): session closed for user samftp
May  8 10:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17793]: pam_unix(cron:session): session closed for user root
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19122]: pam_unix(cron:session): session closed for user p13x
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: Successful su for rubyman by root
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: + ??? root:rubyman
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352557 of user rubyman.
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19181]: pam_unix(su:session): session closed for user rubyman
May  8 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352557.
May  8 10:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16349]: pam_unix(cron:session): session closed for user root
May  8 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19123]: pam_unix(cron:session): session closed for user samftp
May  8 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 10:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Failed password for root from 218.92.0.205 port 43240 ssh2
May  8 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Failed password for root from 218.92.0.205 port 43240 ssh2
May  8 10:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Failed password for root from 193.70.2.2 port 56456 ssh2
May  8 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Received disconnect from 193.70.2.2 port 56456:11: Bye Bye [preauth]
May  8 10:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19387]: Disconnected from 193.70.2.2 port 56456 [preauth]
May  8 10:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Failed password for root from 218.92.0.205 port 43240 ssh2
May  8 10:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 43240 ssh2]
May  8 10:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 43240 ssh2 [preauth]
May  8 10:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: Disconnecting: Too many authentication failures [preauth]
May  8 10:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 10:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19366]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 10:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Invalid user sunil from 52.170.91.127
May  8 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: input_userauth_request: invalid user sunil [preauth]
May  8 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127
May  8 10:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Failed password for invalid user sunil from 52.170.91.127 port 37882 ssh2
May  8 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Received disconnect from 52.170.91.127 port 37882:11: Bye Bye [preauth]
May  8 10:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19420]: Disconnected from 52.170.91.127 port 37882 [preauth]
May  8 10:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Failed password for root from 218.92.0.205 port 23514 ssh2
May  8 10:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 23514 ssh2]
May  8 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18308]: pam_unix(cron:session): session closed for user root
May  8 10:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Failed password for root from 218.92.0.205 port 23514 ssh2
May  8 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: message repeated 2 times: [ Failed password for root from 218.92.0.205 port 23514 ssh2]
May  8 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: error: maximum authentication attempts exceeded for root from 218.92.0.205 port 23514 ssh2 [preauth]
May  8 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: Disconnecting: Too many authentication failures [preauth]
May  8 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 10:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19423]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 10:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Invalid user cnt from 210.79.142.221
May  8 10:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: input_userauth_request: invalid user cnt [preauth]
May  8 10:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 10:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.205  user=root
May  8 10:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Failed password for invalid user cnt from 210.79.142.221 port 60034 ssh2
May  8 10:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Received disconnect from 210.79.142.221 port 60034:11: Bye Bye [preauth]
May  8 10:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19493]: Disconnected from 210.79.142.221 port 60034 [preauth]
May  8 10:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19495]: Failed password for root from 218.92.0.205 port 27004 ssh2
May  8 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19495]: Received disconnect from 218.92.0.205 port 27004:11:  [preauth]
May  8 10:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19495]: Disconnected from 218.92.0.205 port 27004 [preauth]
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19543]: pam_unix(cron:session): session closed for user root
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19536]: pam_unix(cron:session): session closed for user p13x
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19619]: Successful su for rubyman by root
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19619]: + ??? root:rubyman
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19619]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352563 of user rubyman.
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19619]: pam_unix(su:session): session closed for user rubyman
May  8 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352563.
May  8 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19538]: pam_unix(cron:session): session closed for user root
May  8 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16805]: pam_unix(cron:session): session closed for user root
May  8 10:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19537]: pam_unix(cron:session): session closed for user samftp
May  8 10:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Failed password for root from 176.109.92.170 port 10669 ssh2
May  8 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Received disconnect from 176.109.92.170 port 10669:11: Bye Bye [preauth]
May  8 10:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Disconnected from 176.109.92.170 port 10669 [preauth]
May  8 10:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18716]: pam_unix(cron:session): session closed for user root
May  8 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Invalid user username from 185.213.164.175
May  8 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: input_userauth_request: invalid user username [preauth]
May  8 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Failed password for invalid user username from 185.213.164.175 port 55774 ssh2
May  8 10:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Received disconnect from 185.213.164.175 port 55774:11: Bye Bye [preauth]
May  8 10:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19907]: Disconnected from 185.213.164.175 port 55774 [preauth]
May  8 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20005]: pam_unix(cron:session): session closed for user p13x
May  8 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20078]: Successful su for rubyman by root
May  8 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20078]: + ??? root:rubyman
May  8 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352567 of user rubyman.
May  8 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20078]: pam_unix(su:session): session closed for user rubyman
May  8 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352567.
May  8 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17328]: pam_unix(cron:session): session closed for user root
May  8 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20006]: pam_unix(cron:session): session closed for user samftp
May  8 10:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Invalid user wzy from 212.83.130.207
May  8 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: input_userauth_request: invalid user wzy [preauth]
May  8 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Failed password for invalid user wzy from 212.83.130.207 port 39436 ssh2
May  8 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Received disconnect from 212.83.130.207 port 39436:11: Bye Bye [preauth]
May  8 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20261]: Disconnected from 212.83.130.207 port 39436 [preauth]
May  8 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19125]: pam_unix(cron:session): session closed for user root
May  8 10:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: Invalid user ubnt from 85.208.84.5
May  8 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: input_userauth_request: invalid user ubnt [preauth]
May  8 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 10:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: Failed password for invalid user ubnt from 85.208.84.5 port 27764 ssh2
May  8 10:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20381]: Connection closed by 85.208.84.5 port 27764 [preauth]
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20409]: pam_unix(cron:session): session closed for user root
May  8 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20411]: pam_unix(cron:session): session closed for user p13x
May  8 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: Successful su for rubyman by root
May  8 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: + ??? root:rubyman
May  8 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352573 of user rubyman.
May  8 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20480]: pam_unix(su:session): session closed for user rubyman
May  8 10:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352573.
May  8 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17792]: pam_unix(cron:session): session closed for user root
May  8 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20413]: pam_unix(cron:session): session closed for user samftp
May  8 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19540]: pam_unix(cron:session): session closed for user root
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20820]: pam_unix(cron:session): session closed for user p13x
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: Successful su for rubyman by root
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: + ??? root:rubyman
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352578 of user rubyman.
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20896]: pam_unix(su:session): session closed for user rubyman
May  8 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352578.
May  8 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18307]: pam_unix(cron:session): session closed for user root
May  8 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20821]: pam_unix(cron:session): session closed for user samftp
May  8 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20008]: pam_unix(cron:session): session closed for user root
May  8 10:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Failed password for root from 193.70.2.2 port 56602 ssh2
May  8 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Received disconnect from 193.70.2.2 port 56602:11: Bye Bye [preauth]
May  8 10:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21177]: Disconnected from 193.70.2.2 port 56602 [preauth]
May  8 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21260]: pam_unix(cron:session): session closed for user p13x
May  8 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21337]: Successful su for rubyman by root
May  8 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21337]: + ??? root:rubyman
May  8 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352581 of user rubyman.
May  8 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21337]: pam_unix(su:session): session closed for user rubyman
May  8 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352581.
May  8 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18715]: pam_unix(cron:session): session closed for user root
May  8 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21262]: pam_unix(cron:session): session closed for user samftp
May  8 10:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.170.91.127  user=root
May  8 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Failed password for root from 52.170.91.127 port 32946 ssh2
May  8 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Received disconnect from 52.170.91.127 port 32946:11: Bye Bye [preauth]
May  8 10:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21556]: Disconnected from 52.170.91.127 port 32946 [preauth]
May  8 10:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21587]: Connection closed by 93.108.120.147 port 57552 [preauth]
May  8 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20415]: pam_unix(cron:session): session closed for user root
May  8 10:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Invalid user oracle from 176.109.92.170
May  8 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: input_userauth_request: invalid user oracle [preauth]
May  8 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 10:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Failed password for invalid user oracle from 176.109.92.170 port 37237 ssh2
May  8 10:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Received disconnect from 176.109.92.170 port 37237:11: Bye Bye [preauth]
May  8 10:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21674]: Disconnected from 176.109.92.170 port 37237 [preauth]
May  8 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Invalid user erpnext from 210.79.142.221
May  8 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: input_userauth_request: invalid user erpnext [preauth]
May  8 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21719]: pam_unix(cron:session): session closed for user root
May  8 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21713]: pam_unix(cron:session): session closed for user p13x
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Failed password for invalid user erpnext from 210.79.142.221 port 57874 ssh2
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: Successful su for rubyman by root
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: + ??? root:rubyman
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352588 of user rubyman.
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21895]: pam_unix(su:session): session closed for user rubyman
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352588.
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Received disconnect from 210.79.142.221 port 57874:11: Bye Bye [preauth]
May  8 10:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21701]: Disconnected from 210.79.142.221 port 57874 [preauth]
May  8 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21716]: pam_unix(cron:session): session closed for user root
May  8 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19124]: pam_unix(cron:session): session closed for user root
May  8 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21715]: pam_unix(cron:session): session closed for user samftp
May  8 10:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Failed password for root from 212.83.130.207 port 50970 ssh2
May  8 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Received disconnect from 212.83.130.207 port 50970:11: Bye Bye [preauth]
May  8 10:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22355]: Disconnected from 212.83.130.207 port 50970 [preauth]
May  8 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20823]: pam_unix(cron:session): session closed for user root
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22491]: pam_unix(cron:session): session closed for user p13x
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22571]: Successful su for rubyman by root
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22571]: + ??? root:rubyman
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352590 of user rubyman.
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22571]: pam_unix(su:session): session closed for user rubyman
May  8 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352590.
May  8 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19539]: pam_unix(cron:session): session closed for user root
May  8 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22492]: pam_unix(cron:session): session closed for user samftp
May  8 10:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22781]: Did not receive identification string from 80.64.18.84
May  8 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21265]: pam_unix(cron:session): session closed for user root
May  8 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22962]: pam_unix(cron:session): session closed for user p13x
May  8 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23031]: Successful su for rubyman by root
May  8 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23031]: + ??? root:rubyman
May  8 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352594 of user rubyman.
May  8 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23031]: pam_unix(su:session): session closed for user rubyman
May  8 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352594.
May  8 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20007]: pam_unix(cron:session): session closed for user root
May  8 10:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22964]: pam_unix(cron:session): session closed for user samftp
May  8 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session closed for user root
May  8 10:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Failed password for root from 193.70.2.2 port 56746 ssh2
May  8 10:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Received disconnect from 193.70.2.2 port 56746:11: Bye Bye [preauth]
May  8 10:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23456]: Disconnected from 193.70.2.2 port 56746 [preauth]
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23469]: pam_unix(cron:session): session closed for user p13x
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23537]: Successful su for rubyman by root
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23537]: + ??? root:rubyman
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23537]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352599 of user rubyman.
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23537]: pam_unix(su:session): session closed for user rubyman
May  8 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352599.
May  8 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20414]: pam_unix(cron:session): session closed for user root
May  8 10:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23470]: pam_unix(cron:session): session closed for user samftp
May  8 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22494]: pam_unix(cron:session): session closed for user root
May  8 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23986]: pam_unix(cron:session): session closed for user p13x
May  8 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24061]: Successful su for rubyman by root
May  8 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24061]: + ??? root:rubyman
May  8 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352603 of user rubyman.
May  8 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24061]: pam_unix(su:session): session closed for user rubyman
May  8 10:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352603.
May  8 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20822]: pam_unix(cron:session): session closed for user root
May  8 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23997]: pam_unix(cron:session): session closed for user samftp
May  8 10:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Failed password for root from 176.109.92.170 port 27261 ssh2
May  8 10:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Received disconnect from 176.109.92.170 port 27261:11: Bye Bye [preauth]
May  8 10:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24295]: Disconnected from 176.109.92.170 port 27261 [preauth]
May  8 10:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Invalid user xiaobin from 212.83.130.207
May  8 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: input_userauth_request: invalid user xiaobin [preauth]
May  8 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22966]: pam_unix(cron:session): session closed for user root
May  8 10:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Failed password for invalid user xiaobin from 212.83.130.207 port 49122 ssh2
May  8 10:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Received disconnect from 212.83.130.207 port 49122:11: Bye Bye [preauth]
May  8 10:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Disconnected from 212.83.130.207 port 49122 [preauth]
May  8 10:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: Invalid user jeff from 190.103.202.7
May  8 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: input_userauth_request: invalid user jeff [preauth]
May  8 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: Failed password for invalid user jeff from 190.103.202.7 port 33074 ssh2
May  8 10:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24412]: Connection closed by 190.103.202.7 port 33074 [preauth]
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24441]: pam_unix(cron:session): session closed for user root
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24436]: pam_unix(cron:session): session closed for user p13x
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24508]: Successful su for rubyman by root
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24508]: + ??? root:rubyman
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352611 of user rubyman.
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24508]: pam_unix(su:session): session closed for user rubyman
May  8 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352611.
May  8 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24438]: pam_unix(cron:session): session closed for user root
May  8 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user root
May  8 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24437]: pam_unix(cron:session): session closed for user samftp
May  8 10:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221  user=root
May  8 10:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Failed password for root from 210.79.142.221 port 58576 ssh2
May  8 10:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Received disconnect from 210.79.142.221 port 58576:11: Bye Bye [preauth]
May  8 10:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24763]: Disconnected from 210.79.142.221 port 58576 [preauth]
May  8 10:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23473]: pam_unix(cron:session): session closed for user root
May  8 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session closed for user p13x
May  8 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: Successful su for rubyman by root
May  8 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: + ??? root:rubyman
May  8 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352614 of user rubyman.
May  8 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24962]: pam_unix(su:session): session closed for user rubyman
May  8 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352614.
May  8 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session closed for user root
May  8 10:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24885]: pam_unix(cron:session): session closed for user samftp
May  8 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23999]: pam_unix(cron:session): session closed for user root
May  8 10:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Invalid user web from 185.213.164.175
May  8 10:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: input_userauth_request: invalid user web [preauth]
May  8 10:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Failed password for invalid user web from 185.213.164.175 port 49006 ssh2
May  8 10:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Received disconnect from 185.213.164.175 port 49006:11: Bye Bye [preauth]
May  8 10:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25248]: Disconnected from 185.213.164.175 port 49006 [preauth]
May  8 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25307]: pam_unix(cron:session): session closed for user p13x
May  8 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25380]: Successful su for rubyman by root
May  8 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25380]: + ??? root:rubyman
May  8 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352617 of user rubyman.
May  8 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25380]: pam_unix(su:session): session closed for user rubyman
May  8 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352617.
May  8 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22493]: pam_unix(cron:session): session closed for user root
May  8 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25308]: pam_unix(cron:session): session closed for user samftp
May  8 10:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Invalid user admin from 80.94.95.112
May  8 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: input_userauth_request: invalid user admin [preauth]
May  8 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Failed password for invalid user admin from 80.94.95.112 port 20055 ssh2
May  8 10:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Failed password for invalid user admin from 80.94.95.112 port 20055 ssh2
May  8 10:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Failed password for invalid user admin from 80.94.95.112 port 20055 ssh2
May  8 10:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Failed password for invalid user admin from 80.94.95.112 port 20055 ssh2
May  8 10:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Failed password for invalid user admin from 80.94.95.112 port 20055 ssh2
May  8 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Received disconnect from 80.94.95.112 port 20055:11: Bye [preauth]
May  8 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: Disconnected from 80.94.95.112 port 20055 [preauth]
May  8 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25591]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 10:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Failed password for root from 193.70.2.2 port 56888 ssh2
May  8 10:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Received disconnect from 193.70.2.2 port 56888:11: Bye Bye [preauth]
May  8 10:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25647]: Disconnected from 193.70.2.2 port 56888 [preauth]
May  8 10:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24440]: pam_unix(cron:session): session closed for user root
May  8 10:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: Invalid user admin from 194.0.234.19
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: input_userauth_request: invalid user admin [preauth]
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25782]: pam_unix(cron:session): session closed for user p13x
May  8 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25864]: Successful su for rubyman by root
May  8 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25864]: + ??? root:rubyman
May  8 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25864]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352620 of user rubyman.
May  8 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25864]: pam_unix(su:session): session closed for user rubyman
May  8 10:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352620.
May  8 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: Failed password for invalid user admin from 194.0.234.19 port 52462 ssh2
May  8 10:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25769]: Connection closed by 194.0.234.19 port 52462 [preauth]
May  8 10:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22965]: pam_unix(cron:session): session closed for user root
May  8 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25783]: pam_unix(cron:session): session closed for user samftp
May  8 10:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24887]: pam_unix(cron:session): session closed for user root
May  8 10:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26196]: Failed password for root from 212.83.130.207 port 58656 ssh2
May  8 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26196]: Received disconnect from 212.83.130.207 port 58656:11: Bye Bye [preauth]
May  8 10:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26196]: Disconnected from 212.83.130.207 port 58656 [preauth]
May  8 10:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Invalid user vps1 from 176.109.92.170
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: input_userauth_request: invalid user vps1 [preauth]
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26219]: pam_unix(cron:session): session closed for user p13x
May  8 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26281]: Successful su for rubyman by root
May  8 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26281]: + ??? root:rubyman
May  8 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352624 of user rubyman.
May  8 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26281]: pam_unix(su:session): session closed for user rubyman
May  8 10:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352624.
May  8 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for invalid user vps1 from 176.109.92.170 port 10778 ssh2
May  8 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Received disconnect from 176.109.92.170 port 10778:11: Bye Bye [preauth]
May  8 10:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Disconnected from 176.109.92.170 port 10778 [preauth]
May  8 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23472]: pam_unix(cron:session): session closed for user root
May  8 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26220]: pam_unix(cron:session): session closed for user samftp
May  8 10:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25311]: pam_unix(cron:session): session closed for user root
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26703]: pam_unix(cron:session): session closed for user root
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26698]: pam_unix(cron:session): session closed for user p13x
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: Successful su for rubyman by root
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: + ??? root:rubyman
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352630 of user rubyman.
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26764]: pam_unix(su:session): session closed for user rubyman
May  8 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352630.
May  8 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26700]: pam_unix(cron:session): session closed for user root
May  8 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23998]: pam_unix(cron:session): session closed for user root
May  8 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26699]: pam_unix(cron:session): session closed for user samftp
May  8 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25785]: pam_unix(cron:session): session closed for user root
May  8 10:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Invalid user davide from 210.79.142.221
May  8 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: input_userauth_request: invalid user davide [preauth]
May  8 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.79.142.221
May  8 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Failed password for invalid user davide from 210.79.142.221 port 50468 ssh2
May  8 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Received disconnect from 210.79.142.221 port 50468:11: Bye Bye [preauth]
May  8 10:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27161]: Disconnected from 210.79.142.221 port 50468 [preauth]
May  8 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27206]: pam_unix(cron:session): session closed for user p13x
May  8 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27279]: Successful su for rubyman by root
May  8 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27279]: + ??? root:rubyman
May  8 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27279]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352635 of user rubyman.
May  8 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27279]: pam_unix(su:session): session closed for user rubyman
May  8 10:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352635.
May  8 10:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24439]: pam_unix(cron:session): session closed for user root
May  8 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27207]: pam_unix(cron:session): session closed for user samftp
May  8 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26222]: pam_unix(cron:session): session closed for user root
May  8 10:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Invalid user mongouser from 185.213.164.175
May  8 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: input_userauth_request: invalid user mongouser [preauth]
May  8 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Failed password for invalid user mongouser from 185.213.164.175 port 53902 ssh2
May  8 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Received disconnect from 185.213.164.175 port 53902:11: Bye Bye [preauth]
May  8 10:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27643]: Disconnected from 185.213.164.175 port 53902 [preauth]
May  8 10:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Invalid user admin from 193.70.2.2
May  8 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: input_userauth_request: invalid user admin [preauth]
May  8 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Failed password for invalid user admin from 193.70.2.2 port 57036 ssh2
May  8 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Received disconnect from 193.70.2.2 port 57036:11: Bye Bye [preauth]
May  8 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27668]: Disconnected from 193.70.2.2 port 57036 [preauth]
May  8 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27696]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27696]: pam_unix(cron:session): session closed for user p13x
May  8 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: Successful su for rubyman by root
May  8 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: + ??? root:rubyman
May  8 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352639 of user rubyman.
May  8 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27758]: pam_unix(su:session): session closed for user rubyman
May  8 10:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352639.
May  8 10:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24886]: pam_unix(cron:session): session closed for user root
May  8 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session closed for user samftp
May  8 10:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26702]: pam_unix(cron:session): session closed for user root
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session closed for user p13x
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28168]: Successful su for rubyman by root
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28168]: + ??? root:rubyman
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352642 of user rubyman.
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28168]: pam_unix(su:session): session closed for user rubyman
May  8 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352642.
May  8 10:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25309]: pam_unix(cron:session): session closed for user root
May  8 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session closed for user samftp
May  8 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Invalid user debian from 212.83.130.207
May  8 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: input_userauth_request: invalid user debian [preauth]
May  8 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Failed password for invalid user debian from 212.83.130.207 port 54486 ssh2
May  8 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Received disconnect from 212.83.130.207 port 54486:11: Bye Bye [preauth]
May  8 10:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28389]: Disconnected from 212.83.130.207 port 54486 [preauth]
May  8 10:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27209]: pam_unix(cron:session): session closed for user root
May  8 10:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: Failed password for root from 176.109.92.170 port 64202 ssh2
May  8 10:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: Received disconnect from 176.109.92.170 port 64202:11: Bye Bye [preauth]
May  8 10:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28430]: Disconnected from 176.109.92.170 port 64202 [preauth]
May  8 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session closed for user p13x
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: Successful su for rubyman by root
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: + ??? root:rubyman
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352647 of user rubyman.
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28574]: pam_unix(su:session): session closed for user rubyman
May  8 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352647.
May  8 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25784]: pam_unix(cron:session): session closed for user root
May  8 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user samftp
May  8 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27699]: pam_unix(cron:session): session closed for user root
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user root
May  8 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28913]: pam_unix(cron:session): session closed for user p13x
May  8 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: Successful su for rubyman by root
May  8 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: + ??? root:rubyman
May  8 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352652 of user rubyman.
May  8 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: pam_unix(su:session): session closed for user rubyman
May  8 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352652.
May  8 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28915]: pam_unix(cron:session): session closed for user root
May  8 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26221]: pam_unix(cron:session): session closed for user root
May  8 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28914]: pam_unix(cron:session): session closed for user samftp
May  8 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28106]: pam_unix(cron:session): session closed for user root
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29447]: pam_unix(cron:session): session closed for user p13x
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: Successful su for rubyman by root
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: + ??? root:rubyman
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352658 of user rubyman.
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29522]: pam_unix(su:session): session closed for user rubyman
May  8 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352658.
May  8 10:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26701]: pam_unix(cron:session): session closed for user root
May  8 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29448]: pam_unix(cron:session): session closed for user samftp
May  8 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Failed password for root from 193.70.2.2 port 57178 ssh2
May  8 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Received disconnect from 193.70.2.2 port 57178:11: Bye Bye [preauth]
May  8 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29636]: Disconnected from 193.70.2.2 port 57178 [preauth]
May  8 10:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Failed password for root from 80.94.95.115 port 29792 ssh2
May  8 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29775]: Connection closed by 80.94.95.115 port 29792 [preauth]
May  8 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user root
May  8 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Invalid user  from 140.99.164.80
May  8 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: input_userauth_request: invalid user  [preauth]
May  8 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Invalid user xiaolin from 185.213.164.175
May  8 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: input_userauth_request: invalid user xiaolin [preauth]
May  8 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Failed password for invalid user xiaolin from 185.213.164.175 port 33184 ssh2
May  8 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Received disconnect from 185.213.164.175 port 33184:11: Bye Bye [preauth]
May  8 10:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29814]: Disconnected from 185.213.164.175 port 33184 [preauth]
May  8 10:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Connection closed by 140.99.164.80 port 49138 [preauth]
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session closed for user p13x
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29943]: Successful su for rubyman by root
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29943]: + ??? root:rubyman
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352660 of user rubyman.
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29943]: pam_unix(su:session): session closed for user rubyman
May  8 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352660.
May  8 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27208]: pam_unix(cron:session): session closed for user root
May  8 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29879]: pam_unix(cron:session): session closed for user samftp
May  8 10:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28917]: pam_unix(cron:session): session closed for user root
May  8 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Invalid user fastuser from 212.83.130.207
May  8 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: input_userauth_request: invalid user fastuser [preauth]
May  8 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Failed password for invalid user fastuser from 212.83.130.207 port 32924 ssh2
May  8 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Received disconnect from 212.83.130.207 port 32924:11: Bye Bye [preauth]
May  8 10:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30206]: Disconnected from 212.83.130.207 port 32924 [preauth]
May  8 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Invalid user _ from 195.178.110.50
May  8 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: input_userauth_request: invalid user _ [preauth]
May  8 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 10:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Failed password for invalid user _ from 195.178.110.50 port 7538 ssh2
May  8 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30179]: Connection closed by 195.178.110.50 port 7538 [preauth]
May  8 10:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30278]: pam_unix(cron:session): session closed for user p13x
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30343]: Successful su for rubyman by root
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30343]: + ??? root:rubyman
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352664 of user rubyman.
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30343]: pam_unix(su:session): session closed for user rubyman
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352664.
May  8 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Failed password for root from 176.109.92.170 port 19388 ssh2
May  8 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Invalid user h from 195.178.110.50
May  8 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: input_userauth_request: invalid user h [preauth]
May  8 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Received disconnect from 176.109.92.170 port 19388:11: Bye Bye [preauth]
May  8 10:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30274]: Disconnected from 176.109.92.170 port 19388 [preauth]
May  8 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27698]: pam_unix(cron:session): session closed for user root
May  8 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Failed password for invalid user h from 195.178.110.50 port 43188 ssh2
May  8 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30279]: pam_unix(cron:session): session closed for user samftp
May  8 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Connection closed by 195.178.110.50 port 43188 [preauth]
May  8 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Invalid user q from 195.178.110.50
May  8 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: input_userauth_request: invalid user q [preauth]
May  8 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 10:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Failed password for invalid user q from 195.178.110.50 port 45086 ssh2
May  8 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30531]: Connection closed by 195.178.110.50 port 45086 [preauth]
May  8 10:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user root
May  8 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Invalid user z from 195.178.110.50
May  8 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: input_userauth_request: invalid user z [preauth]
May  8 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 10:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Failed password for invalid user z from 195.178.110.50 port 26232 ssh2
May  8 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30589]: Connection closed by 195.178.110.50 port 26232 [preauth]
May  8 10:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session closed for user p13x
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: Successful su for rubyman by root
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: + ??? root:rubyman
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352668 of user rubyman.
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30802]: pam_unix(su:session): session closed for user rubyman
May  8 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352668.
May  8 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30679]: pam_unix(cron:session): session closed for user root
May  8 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28105]: pam_unix(cron:session): session closed for user root
May  8 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session closed for user samftp
May  8 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: Invalid user % from 195.178.110.50
May  8 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: input_userauth_request: invalid user % [preauth]
May  8 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 10:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: Failed password for invalid user % from 195.178.110.50 port 1868 ssh2
May  8 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30663]: Connection closed by 195.178.110.50 port 1868 [preauth]
May  8 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29881]: pam_unix(cron:session): session closed for user root
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31273]: pam_unix(cron:session): session closed for user root
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31268]: pam_unix(cron:session): session closed for user p13x
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: Successful su for rubyman by root
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: + ??? root:rubyman
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352677 of user rubyman.
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31344]: pam_unix(su:session): session closed for user rubyman
May  8 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352677.
May  8 10:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31270]: pam_unix(cron:session): session closed for user root
May  8 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user root
May  8 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31269]: pam_unix(cron:session): session closed for user samftp
May  8 10:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user root
May  8 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for root from 193.70.2.2 port 57322 ssh2
May  8 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Received disconnect from 193.70.2.2 port 57322:11: Bye Bye [preauth]
May  8 10:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Disconnected from 193.70.2.2 port 57322 [preauth]
May  8 10:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Invalid user david from 164.68.105.9
May  8 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: input_userauth_request: invalid user david [preauth]
May  8 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Failed password for invalid user david from 164.68.105.9 port 52088 ssh2
May  8 10:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31734]: Connection closed by 164.68.105.9 port 52088 [preauth]
May  8 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31745]: pam_unix(cron:session): session closed for user p13x
May  8 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: Successful su for rubyman by root
May  8 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: + ??? root:rubyman
May  8 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352682 of user rubyman.
May  8 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31813]: pam_unix(su:session): session closed for user rubyman
May  8 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352682.
May  8 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28916]: pam_unix(cron:session): session closed for user root
May  8 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31746]: pam_unix(cron:session): session closed for user samftp
May  8 10:41:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Invalid user furukawa from 185.213.164.175
May  8 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: input_userauth_request: invalid user furukawa [preauth]
May  8 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for invalid user furukawa from 185.213.164.175 port 49532 ssh2
May  8 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Received disconnect from 185.213.164.175 port 49532:11: Bye Bye [preauth]
May  8 10:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Disconnected from 185.213.164.175 port 49532 [preauth]
May  8 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30688]: pam_unix(cron:session): session closed for user root
May  8 10:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Failed password for root from 212.83.130.207 port 35824 ssh2
May  8 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Received disconnect from 212.83.130.207 port 35824:11: Bye Bye [preauth]
May  8 10:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32431]: Disconnected from 212.83.130.207 port 35824 [preauth]
May  8 10:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.99.164.80  user=root
May  8 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32468]: pam_unix(cron:session): session closed for user p13x
May  8 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32535]: Successful su for rubyman by root
May  8 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32535]: + ??? root:rubyman
May  8 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352683 of user rubyman.
May  8 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32535]: pam_unix(su:session): session closed for user rubyman
May  8 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352683.
May  8 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Failed password for root from 140.99.164.80 port 36244 ssh2
May  8 10:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32456]: Connection closed by 140.99.164.80 port 36244 [preauth]
May  8 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29449]: pam_unix(cron:session): session closed for user root
May  8 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32469]: pam_unix(cron:session): session closed for user samftp
May  8 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31272]: pam_unix(cron:session): session closed for user root
May  8 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Invalid user david from 176.109.92.170
May  8 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: input_userauth_request: invalid user david [preauth]
May  8 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 10:42:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Failed password for invalid user david from 176.109.92.170 port 39449 ssh2
May  8 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Received disconnect from 176.109.92.170 port 39449:11: Bye Bye [preauth]
May  8 10:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[526]: Disconnected from 176.109.92.170 port 39449 [preauth]
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session closed for user p13x
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[659]: Successful su for rubyman by root
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[659]: + ??? root:rubyman
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[659]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352687 of user rubyman.
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[659]: pam_unix(su:session): session closed for user rubyman
May  8 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352687.
May  8 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29880]: pam_unix(cron:session): session closed for user root
May  8 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[591]: pam_unix(cron:session): session closed for user samftp
May  8 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31748]: pam_unix(cron:session): session closed for user root
May  8 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session closed for user p13x
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1127]: Successful su for rubyman by root
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1127]: + ??? root:rubyman
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352692 of user rubyman.
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1127]: pam_unix(su:session): session closed for user rubyman
May  8 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352692.
May  8 10:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session closed for user root
May  8 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session closed for user samftp
May  8 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32471]: pam_unix(cron:session): session closed for user root
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1540]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session closed for user root
May  8 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1540]: pam_unix(cron:session): session closed for user p13x
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: Successful su for rubyman by root
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: + ??? root:rubyman
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352700 of user rubyman.
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1630]: pam_unix(su:session): session closed for user rubyman
May  8 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352700.
May  8 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Failed password for root from 193.70.2.2 port 57468 ssh2
May  8 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Received disconnect from 193.70.2.2 port 57468:11: Bye Bye [preauth]
May  8 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1529]: Disconnected from 193.70.2.2 port 57468 [preauth]
May  8 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30687]: pam_unix(cron:session): session closed for user root
May  8 10:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1546]: pam_unix(cron:session): session closed for user root
May  8 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1542]: pam_unix(cron:session): session closed for user samftp
May  8 10:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[595]: pam_unix(cron:session): session closed for user root
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user p13x
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: Successful su for rubyman by root
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: + ??? root:rubyman
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352703 of user rubyman.
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2181]: pam_unix(su:session): session closed for user rubyman
May  8 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352703.
May  8 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31271]: pam_unix(cron:session): session closed for user root
May  8 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2108]: pam_unix(cron:session): session closed for user samftp
May  8 10:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Failed password for root from 212.83.130.207 port 44684 ssh2
May  8 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Received disconnect from 212.83.130.207 port 44684:11: Bye Bye [preauth]
May  8 10:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Disconnected from 212.83.130.207 port 44684 [preauth]
May  8 10:46:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 10:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=cisco rhost=::ffff:134.48.13.22
May  8 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Invalid user oss from 185.213.164.175
May  8 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: input_userauth_request: invalid user oss [preauth]
May  8 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Failed password for invalid user oss from 185.213.164.175 port 57862 ssh2
May  8 10:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Received disconnect from 185.213.164.175 port 57862:11: Bye Bye [preauth]
May  8 10:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2417]: Disconnected from 185.213.164.175 port 57862 [preauth]
May  8 10:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session closed for user root
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user p13x
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: Successful su for rubyman by root
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: + ??? root:rubyman
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352707 of user rubyman.
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: pam_unix(su:session): session closed for user rubyman
May  8 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352707.
May  8 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31747]: pam_unix(cron:session): session closed for user root
May  8 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session closed for user samftp
May  8 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Failed password for root from 176.109.92.170 port 38258 ssh2
May  8 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Received disconnect from 176.109.92.170 port 38258:11: Bye Bye [preauth]
May  8 10:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2824]: Disconnected from 176.109.92.170 port 38258 [preauth]
May  8 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1550]: pam_unix(cron:session): session closed for user root
May  8 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user p13x
May  8 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: Successful su for rubyman by root
May  8 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: + ??? root:rubyman
May  8 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352709 of user rubyman.
May  8 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3053]: pam_unix(su:session): session closed for user rubyman
May  8 10:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352709.
May  8 10:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32470]: pam_unix(cron:session): session closed for user root
May  8 10:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user samftp
May  8 10:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Invalid user deployer from 50.235.31.47
May  8 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: input_userauth_request: invalid user deployer [preauth]
May  8 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Failed password for invalid user deployer from 50.235.31.47 port 39868 ssh2
May  8 10:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3302]: Connection closed by 50.235.31.47 port 39868 [preauth]
May  8 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2110]: pam_unix(cron:session): session closed for user root
May  8 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session closed for user p13x
May  8 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: Successful su for rubyman by root
May  8 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: + ??? root:rubyman
May  8 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352713 of user rubyman.
May  8 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3487]: pam_unix(su:session): session closed for user rubyman
May  8 10:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352713.
May  8 10:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[593]: pam_unix(cron:session): session closed for user root
May  8 10:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3411]: pam_unix(cron:session): session closed for user samftp
May  8 10:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Failed password for root from 193.70.2.2 port 57610 ssh2
May  8 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Received disconnect from 193.70.2.2 port 57610:11: Bye Bye [preauth]
May  8 10:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Disconnected from 193.70.2.2 port 57610 [preauth]
May  8 10:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2556]: pam_unix(cron:session): session closed for user root
May  8 10:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  8 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Failed password for root from 85.208.84.4 port 26130 ssh2
May  8 10:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3811]: Connection closed by 85.208.84.4 port 26130 [preauth]
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3853]: pam_unix(cron:session): session closed for user root
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user p13x
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3919]: Successful su for rubyman by root
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3919]: + ??? root:rubyman
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3919]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352720 of user rubyman.
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3919]: pam_unix(su:session): session closed for user rubyman
May  8 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352720.
May  8 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session closed for user root
May  8 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session closed for user root
May  8 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session closed for user samftp
May  8 10:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Failed password for root from 212.83.130.207 port 50282 ssh2
May  8 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Received disconnect from 212.83.130.207 port 50282:11: Bye Bye [preauth]
May  8 10:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4203]: Disconnected from 212.83.130.207 port 50282 [preauth]
May  8 10:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2993]: pam_unix(cron:session): session closed for user root
May  8 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4464]: pam_unix(cron:session): session closed for user p13x
May  8 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4550]: Successful su for rubyman by root
May  8 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4550]: + ??? root:rubyman
May  8 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352723 of user rubyman.
May  8 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4550]: pam_unix(su:session): session closed for user rubyman
May  8 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352723.
May  8 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1548]: pam_unix(cron:session): session closed for user root
May  8 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4465]: pam_unix(cron:session): session closed for user samftp
May  8 10:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Invalid user sysadmin from 185.213.164.175
May  8 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: input_userauth_request: invalid user sysadmin [preauth]
May  8 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Failed password for invalid user sysadmin from 185.213.164.175 port 56606 ssh2
May  8 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Received disconnect from 185.213.164.175 port 56606:11: Bye Bye [preauth]
May  8 10:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4768]: Disconnected from 185.213.164.175 port 56606 [preauth]
May  8 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3413]: pam_unix(cron:session): session closed for user root
May  8 10:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Failed password for root from 176.109.92.170 port 51825 ssh2
May  8 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Received disconnect from 176.109.92.170 port 51825:11: Bye Bye [preauth]
May  8 10:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4850]: Disconnected from 176.109.92.170 port 51825 [preauth]
May  8 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4904]: pam_unix(cron:session): session closed for user p13x
May  8 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4975]: Successful su for rubyman by root
May  8 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4975]: + ??? root:rubyman
May  8 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4975]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352729 of user rubyman.
May  8 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4975]: pam_unix(su:session): session closed for user rubyman
May  8 10:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352729.
May  8 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2109]: pam_unix(cron:session): session closed for user root
May  8 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4905]: pam_unix(cron:session): session closed for user samftp
May  8 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3852]: pam_unix(cron:session): session closed for user root
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5525]: pam_unix(cron:session): session closed for user p13x
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: Successful su for rubyman by root
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: + ??? root:rubyman
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352731 of user rubyman.
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5633]: pam_unix(su:session): session closed for user rubyman
May  8 10:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352731.
May  8 10:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session closed for user root
May  8 10:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5527]: pam_unix(cron:session): session closed for user samftp
May  8 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4468]: pam_unix(cron:session): session closed for user root
May  8 10:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Invalid user david from 193.70.2.2
May  8 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: input_userauth_request: invalid user david [preauth]
May  8 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Failed password for invalid user david from 193.70.2.2 port 57756 ssh2
May  8 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Received disconnect from 193.70.2.2 port 57756:11: Bye Bye [preauth]
May  8 10:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6021]: Disconnected from 193.70.2.2 port 57756 [preauth]
May  8 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6073]: pam_unix(cron:session): session closed for user p13x
May  8 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6144]: Successful su for rubyman by root
May  8 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6144]: + ??? root:rubyman
May  8 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6144]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352736 of user rubyman.
May  8 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6144]: pam_unix(su:session): session closed for user rubyman
May  8 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352736.
May  8 10:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session closed for user root
May  8 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6074]: pam_unix(cron:session): session closed for user samftp
May  8 10:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4907]: pam_unix(cron:session): session closed for user root
May  8 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Failed password for root from 212.83.130.207 port 56094 ssh2
May  8 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Received disconnect from 212.83.130.207 port 56094:11: Bye Bye [preauth]
May  8 10:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6440]: Disconnected from 212.83.130.207 port 56094 [preauth]
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user root
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6486]: pam_unix(cron:session): session closed for user p13x
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6552]: Successful su for rubyman by root
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6552]: + ??? root:rubyman
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352742 of user rubyman.
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6552]: pam_unix(su:session): session closed for user rubyman
May  8 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352742.
May  8 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session closed for user root
May  8 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3412]: pam_unix(cron:session): session closed for user root
May  8 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6488]: pam_unix(cron:session): session closed for user samftp
May  8 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5530]: pam_unix(cron:session): session closed for user root
May  8 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7009]: pam_unix(cron:session): session closed for user p13x
May  8 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7092]: Successful su for rubyman by root
May  8 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7092]: + ??? root:rubyman
May  8 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352745 of user rubyman.
May  8 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7092]: pam_unix(su:session): session closed for user rubyman
May  8 10:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352745.
May  8 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3851]: pam_unix(cron:session): session closed for user root
May  8 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7010]: pam_unix(cron:session): session closed for user samftp
May  8 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Invalid user nikhil from 185.213.164.175
May  8 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: input_userauth_request: invalid user nikhil [preauth]
May  8 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user nikhil from 185.213.164.175 port 59256 ssh2
May  8 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Received disconnect from 185.213.164.175 port 59256:11: Bye Bye [preauth]
May  8 10:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Disconnected from 185.213.164.175 port 59256 [preauth]
May  8 10:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Invalid user mis from 176.109.92.170
May  8 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: input_userauth_request: invalid user mis [preauth]
May  8 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Failed password for invalid user mis from 176.109.92.170 port 34400 ssh2
May  8 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Received disconnect from 176.109.92.170 port 34400:11: Bye Bye [preauth]
May  8 10:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7321]: Disconnected from 176.109.92.170 port 34400 [preauth]
May  8 10:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6076]: pam_unix(cron:session): session closed for user root
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session closed for user p13x
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: Successful su for rubyman by root
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: + ??? root:rubyman
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352751 of user rubyman.
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: pam_unix(su:session): session closed for user rubyman
May  8 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352751.
May  8 10:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4466]: pam_unix(cron:session): session closed for user root
May  8 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session closed for user samftp
May  8 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user root
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7970]: pam_unix(cron:session): session closed for user p13x
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8030]: Successful su for rubyman by root
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8030]: + ??? root:rubyman
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352754 of user rubyman.
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8030]: pam_unix(su:session): session closed for user rubyman
May  8 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352754.
May  8 10:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4906]: pam_unix(cron:session): session closed for user root
May  8 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7971]: pam_unix(cron:session): session closed for user samftp
May  8 10:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Failed password for root from 193.70.2.2 port 57898 ssh2
May  8 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Received disconnect from 193.70.2.2 port 57898:11: Bye Bye [preauth]
May  8 10:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8242]: Disconnected from 193.70.2.2 port 57898 [preauth]
May  8 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 10:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:91.196.152.40
May  8 10:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7013]: pam_unix(cron:session): session closed for user root
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8404]: pam_unix(cron:session): session closed for user p13x
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8475]: Successful su for rubyman by root
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8475]: + ??? root:rubyman
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352758 of user rubyman.
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8475]: pam_unix(su:session): session closed for user rubyman
May  8 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352758.
May  8 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5529]: pam_unix(cron:session): session closed for user root
May  8 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8405]: pam_unix(cron:session): session closed for user samftp
May  8 10:59:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Invalid user ya from 212.83.130.207
May  8 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: input_userauth_request: invalid user ya [preauth]
May  8 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207
May  8 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Failed password for invalid user ya from 212.83.130.207 port 59358 ssh2
May  8 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Received disconnect from 212.83.130.207 port 59358:11: Bye Bye [preauth]
May  8 10:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8681]: Disconnected from 212.83.130.207 port 59358 [preauth]
May  8 10:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session closed for user root
May  8 10:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Invalid user admin from 80.94.95.112
May  8 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: input_userauth_request: invalid user admin [preauth]
May  8 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): check pass; user unknown
May  8 10:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Failed password for invalid user admin from 80.94.95.112 port 28338 ssh2
May  8 11:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8853]: pam_unix(cron:session): session closed for user root
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8849]: pam_unix(cron:session): session closed for user root
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session closed for user p13x
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Failed password for invalid user admin from 80.94.95.112 port 28338 ssh2
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: Successful su for rubyman by root
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: + ??? root:rubyman
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352765 of user rubyman.
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8945]: pam_unix(su:session): session closed for user rubyman
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352765.
May  8 11:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Failed password for invalid user admin from 80.94.95.112 port 28338 ssh2
May  8 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6075]: pam_unix(cron:session): session closed for user root
May  8 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8850]: pam_unix(cron:session): session closed for user root
May  8 11:00:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Failed password for invalid user admin from 80.94.95.112 port 28338 ssh2
May  8 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session closed for user samftp
May  8 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Failed password for invalid user admin from 80.94.95.112 port 28338 ssh2
May  8 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Received disconnect from 80.94.95.112 port 28338:11: Bye [preauth]
May  8 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Disconnected from 80.94.95.112 port 28338 [preauth]
May  8 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 11:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 11:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Invalid user admin from 85.208.84.5
May  8 11:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: input_userauth_request: invalid user admin [preauth]
May  8 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Failed password for invalid user admin from 85.208.84.5 port 49390 ssh2
May  8 11:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Connection closed by 85.208.84.5 port 49390 [preauth]
May  8 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7973]: pam_unix(cron:session): session closed for user root
May  8 11:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Failed password for root from 176.109.92.170 port 44867 ssh2
May  8 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Received disconnect from 176.109.92.170 port 44867:11: Bye Bye [preauth]
May  8 11:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9446]: Disconnected from 176.109.92.170 port 44867 [preauth]
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9478]: pam_unix(cron:session): session closed for user p13x
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: Successful su for rubyman by root
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: + ??? root:rubyman
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352769 of user rubyman.
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9545]: pam_unix(su:session): session closed for user rubyman
May  8 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352769.
May  8 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user root
May  8 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9479]: pam_unix(cron:session): session closed for user samftp
May  8 11:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Invalid user user1 from 185.213.164.175
May  8 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: input_userauth_request: invalid user user1 [preauth]
May  8 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Failed password for invalid user user1 from 185.213.164.175 port 47724 ssh2
May  8 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Received disconnect from 185.213.164.175 port 47724:11: Bye Bye [preauth]
May  8 11:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9737]: Disconnected from 185.213.164.175 port 47724 [preauth]
May  8 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user root
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9882]: pam_unix(cron:session): session closed for user p13x
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: Successful su for rubyman by root
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: + ??? root:rubyman
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352773 of user rubyman.
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9943]: pam_unix(su:session): session closed for user rubyman
May  8 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352773.
May  8 11:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7012]: pam_unix(cron:session): session closed for user root
May  8 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9883]: pam_unix(cron:session): session closed for user samftp
May  8 11:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Invalid user vps1 from 193.70.2.2
May  8 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: input_userauth_request: invalid user vps1 [preauth]
May  8 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Failed password for invalid user vps1 from 193.70.2.2 port 58046 ssh2
May  8 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Received disconnect from 193.70.2.2 port 58046:11: Bye Bye [preauth]
May  8 11:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10161]: Disconnected from 193.70.2.2 port 58046 [preauth]
May  8 11:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8852]: pam_unix(cron:session): session closed for user root
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10369]: pam_unix(cron:session): session closed for user p13x
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10446]: Successful su for rubyman by root
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10446]: + ??? root:rubyman
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10446]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352778 of user rubyman.
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10446]: pam_unix(su:session): session closed for user rubyman
May  8 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352778.
May  8 11:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session closed for user root
May  8 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10370]: pam_unix(cron:session): session closed for user samftp
May  8 11:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 11:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Failed password for root from 212.83.130.207 port 43290 ssh2
May  8 11:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Received disconnect from 212.83.130.207 port 43290:11: Bye Bye [preauth]
May  8 11:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10763]: Disconnected from 212.83.130.207 port 43290 [preauth]
May  8 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9481]: pam_unix(cron:session): session closed for user root
May  8 11:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 11:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 80.94.95.241 port 62653 ssh2
May  8 11:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 80.94.95.241 port 62653 ssh2
May  8 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10862]: pam_unix(cron:session): session closed for user p13x
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10921]: Successful su for rubyman by root
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10921]: + ??? root:rubyman
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352780 of user rubyman.
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10921]: pam_unix(su:session): session closed for user rubyman
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352780.
May  8 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 80.94.95.241 port 62653 ssh2
May  8 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7972]: pam_unix(cron:session): session closed for user root
May  8 11:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 80.94.95.241 port 62653 ssh2
May  8 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10863]: pam_unix(cron:session): session closed for user samftp
May  8 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Failed password for root from 80.94.95.241 port 62653 ssh2
May  8 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Received disconnect from 80.94.95.241 port 62653:11: Bye [preauth]
May  8 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: Disconnected from 80.94.95.241 port 62653 [preauth]
May  8 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 11:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10842]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 11:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Did not receive identification string from 82.129.29.124
May  8 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9885]: pam_unix(cron:session): session closed for user root
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user root
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11251]: pam_unix(cron:session): session closed for user p13x
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: Successful su for rubyman by root
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: + ??? root:rubyman
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352788 of user rubyman.
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11319]: pam_unix(su:session): session closed for user rubyman
May  8 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352788.
May  8 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11253]: pam_unix(cron:session): session closed for user root
May  8 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8406]: pam_unix(cron:session): session closed for user root
May  8 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11252]: pam_unix(cron:session): session closed for user samftp
May  8 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: Invalid user operator from 85.208.84.134
May  8 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: input_userauth_request: invalid user operator [preauth]
May  8 11:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: Failed password for invalid user operator from 85.208.84.134 port 57014 ssh2
May  8 11:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11555]: Connection closed by 85.208.84.134 port 57014 [preauth]
May  8 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 11:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Failed password for root from 176.109.92.170 port 21543 ssh2
May  8 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Received disconnect from 176.109.92.170 port 21543:11: Bye Bye [preauth]
May  8 11:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11569]: Disconnected from 176.109.92.170 port 21543 [preauth]
May  8 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10372]: pam_unix(cron:session): session closed for user root
May  8 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11682]: pam_unix(cron:session): session closed for user p13x
May  8 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: Successful su for rubyman by root
May  8 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: + ??? root:rubyman
May  8 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352791 of user rubyman.
May  8 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11750]: pam_unix(su:session): session closed for user rubyman
May  8 11:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352791.
May  8 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8851]: pam_unix(cron:session): session closed for user root
May  8 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11683]: pam_unix(cron:session): session closed for user samftp
May  8 11:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: Invalid user said from 185.213.164.175
May  8 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: input_userauth_request: invalid user said [preauth]
May  8 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: Failed password for invalid user said from 185.213.164.175 port 34052 ssh2
May  8 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: Received disconnect from 185.213.164.175 port 34052:11: Bye Bye [preauth]
May  8 11:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11937]: Disconnected from 185.213.164.175 port 34052 [preauth]
May  8 11:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10865]: pam_unix(cron:session): session closed for user root
May  8 11:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12032]: Failed password for root from 193.70.2.2 port 58190 ssh2
May  8 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12032]: Received disconnect from 193.70.2.2 port 58190:11: Bye Bye [preauth]
May  8 11:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12032]: Disconnected from 193.70.2.2 port 58190 [preauth]
May  8 11:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Invalid user techno from 81.70.167.132
May  8 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: input_userauth_request: invalid user techno [preauth]
May  8 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.167.132
May  8 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12082]: pam_unix(cron:session): session closed for user p13x
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: Successful su for rubyman by root
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: + ??? root:rubyman
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352795 of user rubyman.
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session closed for user rubyman
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352795.
May  8 11:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Failed password for invalid user techno from 81.70.167.132 port 56910 ssh2
May  8 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Received disconnect from 81.70.167.132 port 56910:11: Bye Bye [preauth]
May  8 11:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12079]: Disconnected from 81.70.167.132 port 56910 [preauth]
May  8 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9480]: pam_unix(cron:session): session closed for user root
May  8 11:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12083]: pam_unix(cron:session): session closed for user samftp
May  8 11:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 11:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Failed password for root from 218.92.0.207 port 13596 ssh2
May  8 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: message repeated 4 times: [ Failed password for root from 218.92.0.207 port 13596 ssh2]
May  8 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 13596 ssh2 [preauth]
May  8 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: Disconnecting: Too many authentication failures [preauth]
May  8 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 11:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12354]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 11:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11255]: pam_unix(cron:session): session closed for user root
May  8 11:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Failed password for root from 212.83.130.207 port 35582 ssh2
May  8 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Received disconnect from 212.83.130.207 port 35582:11: Bye Bye [preauth]
May  8 11:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12450]: Disconnected from 212.83.130.207 port 35582 [preauth]
May  8 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12500]: pam_unix(cron:session): session closed for user p13x
May  8 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12559]: Successful su for rubyman by root
May  8 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12559]: + ??? root:rubyman
May  8 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352799 of user rubyman.
May  8 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12559]: pam_unix(su:session): session closed for user rubyman
May  8 11:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352799.
May  8 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9884]: pam_unix(cron:session): session closed for user root
May  8 11:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12501]: pam_unix(cron:session): session closed for user samftp
May  8 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11685]: pam_unix(cron:session): session closed for user root
May  8 11:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12827]: Connection closed by 172.236.228.197 port 22970 [preauth]
May  8 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12829]: Connection closed by 172.236.228.197 port 22972 [preauth]
May  8 11:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12831]: fatal: Unable to negotiate with 172.236.228.197 port 22974: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  8 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12890]: pam_unix(cron:session): session closed for user p13x
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: Successful su for rubyman by root
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: + ??? root:rubyman
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352805 of user rubyman.
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13011]: pam_unix(su:session): session closed for user rubyman
May  8 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352805.
May  8 11:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12888]: pam_unix(cron:session): session closed for user root
May  8 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10371]: pam_unix(cron:session): session closed for user root
May  8 11:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12891]: pam_unix(cron:session): session closed for user samftp
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13225]: Did not receive identification string from 196.251.67.42
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Invalid user user from 196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: input_userauth_request: invalid user user [preauth]
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Invalid user admin from 196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: input_userauth_request: invalid user admin [preauth]
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Invalid user support from 196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: input_userauth_request: invalid user support [preauth]
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Invalid user usario from 196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: input_userauth_request: invalid user usario [preauth]
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Invalid user ubnt from 196.251.67.42
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: input_userauth_request: invalid user ubnt [preauth]
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.67.42
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Failed password for invalid user user from 196.251.67.42 port 16634 ssh2
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Failed password for invalid user admin from 196.251.67.42 port 16662 ssh2
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Failed password for invalid user support from 196.251.67.42 port 16658 ssh2
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Failed password for invalid user usario from 196.251.67.42 port 16678 ssh2
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Failed password for invalid user ubnt from 196.251.67.42 port 16642 ssh2
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Received disconnect from 196.251.67.42 port 16634:11: Bye Bye [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13234]: Disconnected from 196.251.67.42 port 16634 [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Received disconnect from 196.251.67.42 port 16662:11: Bye Bye [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13236]: Disconnected from 196.251.67.42 port 16662 [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Received disconnect from 196.251.67.42 port 16658:11: Bye Bye [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13239]: Disconnected from 196.251.67.42 port 16658 [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Received disconnect from 196.251.67.42 port 16678:11: Bye Bye [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13240]: Disconnected from 196.251.67.42 port 16678 [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Received disconnect from 196.251.67.42 port 16642:11: Bye Bye [preauth]
May  8 11:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13238]: Disconnected from 196.251.67.42 port 16642 [preauth]
May  8 11:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session closed for user root
May  8 11:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Invalid user alexis from 176.109.92.170
May  8 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: input_userauth_request: invalid user alexis [preauth]
May  8 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Failed password for invalid user alexis from 176.109.92.170 port 50272 ssh2
May  8 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Received disconnect from 176.109.92.170 port 50272:11: Bye Bye [preauth]
May  8 11:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13371]: Disconnected from 176.109.92.170 port 50272 [preauth]
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13397]: pam_unix(cron:session): session closed for user root
May  8 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13391]: pam_unix(cron:session): session closed for user p13x
May  8 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: Successful su for rubyman by root
May  8 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: + ??? root:rubyman
May  8 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352812 of user rubyman.
May  8 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13555]: pam_unix(su:session): session closed for user rubyman
May  8 11:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352812.
May  8 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13393]: pam_unix(cron:session): session closed for user root
May  8 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10864]: pam_unix(cron:session): session closed for user root
May  8 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13392]: pam_unix(cron:session): session closed for user samftp
May  8 11:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: Failed password for root from 193.70.84.184 port 59698 ssh2
May  8 11:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13816]: Connection closed by 193.70.84.184 port 59698 [preauth]
May  8 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12503]: pam_unix(cron:session): session closed for user root
May  8 11:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Invalid user fr from 193.70.2.2
May  8 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: input_userauth_request: invalid user fr [preauth]
May  8 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Failed password for invalid user fr from 193.70.2.2 port 58336 ssh2
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Received disconnect from 193.70.2.2 port 58336:11: Bye Bye [preauth]
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13924]: Disconnected from 193.70.2.2 port 58336 [preauth]
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13927]: pam_unix(cron:session): session closed for user p13x
May  8 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: Successful su for rubyman by root
May  8 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: + ??? root:rubyman
May  8 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352813 of user rubyman.
May  8 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13995]: pam_unix(su:session): session closed for user rubyman
May  8 11:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352813.
May  8 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11254]: pam_unix(cron:session): session closed for user root
May  8 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13928]: pam_unix(cron:session): session closed for user samftp
May  8 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Invalid user kishan from 185.213.164.175
May  8 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: input_userauth_request: invalid user kishan [preauth]
May  8 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Failed password for invalid user kishan from 185.213.164.175 port 38286 ssh2
May  8 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Received disconnect from 185.213.164.175 port 38286:11: Bye Bye [preauth]
May  8 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14173]: Disconnected from 185.213.164.175 port 38286 [preauth]
May  8 11:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12893]: pam_unix(cron:session): session closed for user root
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14336]: pam_unix(cron:session): session closed for user p13x
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14403]: Successful su for rubyman by root
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14403]: + ??? root:rubyman
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352818 of user rubyman.
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14403]: pam_unix(su:session): session closed for user rubyman
May  8 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352818.
May  8 11:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11684]: pam_unix(cron:session): session closed for user root
May  8 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14337]: pam_unix(cron:session): session closed for user samftp
May  8 11:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.130.207  user=root
May  8 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Failed password for root from 212.83.130.207 port 45336 ssh2
May  8 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Received disconnect from 212.83.130.207 port 45336:11: Bye Bye [preauth]
May  8 11:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Disconnected from 212.83.130.207 port 45336 [preauth]
May  8 11:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 11:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Failed password for root from 50.235.31.47 port 47428 ssh2
May  8 11:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14658]: Connection closed by 50.235.31.47 port 47428 [preauth]
May  8 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13396]: pam_unix(cron:session): session closed for user root
May  8 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Invalid user admin from 85.208.84.5
May  8 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: input_userauth_request: invalid user admin [preauth]
May  8 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 11:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Failed password for invalid user admin from 85.208.84.5 port 52054 ssh2
May  8 11:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14747]: Connection closed by 85.208.84.5 port 52054 [preauth]
May  8 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14759]: pam_unix(cron:session): session closed for user p13x
May  8 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: Successful su for rubyman by root
May  8 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: + ??? root:rubyman
May  8 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352821 of user rubyman.
May  8 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14820]: pam_unix(su:session): session closed for user rubyman
May  8 11:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352821.
May  8 11:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12084]: pam_unix(cron:session): session closed for user root
May  8 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14761]: pam_unix(cron:session): session closed for user samftp
May  8 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13932]: pam_unix(cron:session): session closed for user root
May  8 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user p13x
May  8 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15222]: Successful su for rubyman by root
May  8 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15222]: + ??? root:rubyman
May  8 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352825 of user rubyman.
May  8 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15222]: pam_unix(su:session): session closed for user rubyman
May  8 11:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352825.
May  8 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12502]: pam_unix(cron:session): session closed for user root
May  8 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user samftp
May  8 11:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Invalid user admin from 176.109.92.170
May  8 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: input_userauth_request: invalid user admin [preauth]
May  8 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Failed password for invalid user admin from 176.109.92.170 port 19515 ssh2
May  8 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Received disconnect from 176.109.92.170 port 19515:11: Bye Bye [preauth]
May  8 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15435]: Disconnected from 176.109.92.170 port 19515 [preauth]
May  8 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14339]: pam_unix(cron:session): session closed for user root
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15558]: pam_unix(cron:session): session closed for user root
May  8 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15553]: pam_unix(cron:session): session closed for user p13x
May  8 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: Successful su for rubyman by root
May  8 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: + ??? root:rubyman
May  8 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352832 of user rubyman.
May  8 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: pam_unix(su:session): session closed for user rubyman
May  8 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352832.
May  8 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15555]: pam_unix(cron:session): session closed for user root
May  8 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12892]: pam_unix(cron:session): session closed for user root
May  8 11:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15554]: pam_unix(cron:session): session closed for user samftp
May  8 11:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Invalid user oracle from 193.70.2.2
May  8 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: input_userauth_request: invalid user oracle [preauth]
May  8 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Failed password for invalid user oracle from 193.70.2.2 port 58482 ssh2
May  8 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Received disconnect from 193.70.2.2 port 58482:11: Bye Bye [preauth]
May  8 11:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15855]: Disconnected from 193.70.2.2 port 58482 [preauth]
May  8 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14763]: pam_unix(cron:session): session closed for user root
May  8 11:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175  user=root
May  8 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15986]: pam_unix(cron:session): session closed for user p13x
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: Successful su for rubyman by root
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: + ??? root:rubyman
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352836 of user rubyman.
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16050]: pam_unix(su:session): session closed for user rubyman
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352836.
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15983]: Failed password for root from 185.213.164.175 port 39112 ssh2
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15983]: Received disconnect from 185.213.164.175 port 39112:11: Bye Bye [preauth]
May  8 11:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15983]: Disconnected from 185.213.164.175 port 39112 [preauth]
May  8 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13395]: pam_unix(cron:session): session closed for user root
May  8 11:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15987]: pam_unix(cron:session): session closed for user samftp
May  8 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15165]: pam_unix(cron:session): session closed for user root
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user root
May  8 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16376]: pam_unix(cron:session): session closed for user p13x
May  8 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: Successful su for rubyman by root
May  8 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: + ??? root:rubyman
May  8 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352839 of user rubyman.
May  8 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16442]: pam_unix(su:session): session closed for user rubyman
May  8 11:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352839.
May  8 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13931]: pam_unix(cron:session): session closed for user root
May  8 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16377]: pam_unix(cron:session): session closed for user samftp
May  8 11:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15557]: pam_unix(cron:session): session closed for user root
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16831]: pam_unix(cron:session): session closed for user p13x
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16904]: Successful su for rubyman by root
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16904]: + ??? root:rubyman
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352844 of user rubyman.
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16904]: pam_unix(su:session): session closed for user rubyman
May  8 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352844.
May  8 11:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14338]: pam_unix(cron:session): session closed for user root
May  8 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16832]: pam_unix(cron:session): session closed for user samftp
May  8 11:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17177]: Did not receive identification string from 193.32.162.136
May  8 11:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15990]: pam_unix(cron:session): session closed for user root
May  8 11:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Failed password for root from 176.109.92.170 port 43326 ssh2
May  8 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Received disconnect from 176.109.92.170 port 43326:11: Bye Bye [preauth]
May  8 11:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17248]: Disconnected from 176.109.92.170 port 43326 [preauth]
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17259]: pam_unix(cron:session): session closed for user p13x
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17323]: Successful su for rubyman by root
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17323]: + ??? root:rubyman
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352848 of user rubyman.
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17323]: pam_unix(su:session): session closed for user rubyman
May  8 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352848.
May  8 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14762]: pam_unix(cron:session): session closed for user root
May  8 11:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17260]: pam_unix(cron:session): session closed for user samftp
May  8 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Invalid user mis from 193.70.2.2
May  8 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: input_userauth_request: invalid user mis [preauth]
May  8 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 11:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Failed password for invalid user mis from 193.70.2.2 port 58628 ssh2
May  8 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Received disconnect from 193.70.2.2 port 58628:11: Bye Bye [preauth]
May  8 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17592]: Disconnected from 193.70.2.2 port 58628 [preauth]
May  8 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session closed for user root
May  8 11:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Invalid user w1 from 164.68.105.9
May  8 11:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: input_userauth_request: invalid user w1 [preauth]
May  8 11:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 11:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Failed password for invalid user w1 from 164.68.105.9 port 55422 ssh2
May  8 11:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17623]: Connection closed by 164.68.105.9 port 55422 [preauth]
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17693]: pam_unix(cron:session): session closed for user root
May  8 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17688]: pam_unix(cron:session): session closed for user p13x
May  8 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17763]: Successful su for rubyman by root
May  8 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17763]: + ??? root:rubyman
May  8 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352857 of user rubyman.
May  8 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17763]: pam_unix(su:session): session closed for user rubyman
May  8 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352857.
May  8 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17690]: pam_unix(cron:session): session closed for user root
May  8 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session closed for user root
May  8 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17689]: pam_unix(cron:session): session closed for user samftp
May  8 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16834]: pam_unix(cron:session): session closed for user root
May  8 11:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175  user=root
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18228]: Failed password for root from 185.213.164.175 port 57912 ssh2
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18228]: Received disconnect from 185.213.164.175 port 57912:11: Bye Bye [preauth]
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18228]: Disconnected from 185.213.164.175 port 57912 [preauth]
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18239]: pam_unix(cron:session): session closed for user p13x
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18310]: Successful su for rubyman by root
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18310]: + ??? root:rubyman
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18310]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352859 of user rubyman.
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18310]: pam_unix(su:session): session closed for user rubyman
May  8 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352859.
May  8 11:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15556]: pam_unix(cron:session): session closed for user root
May  8 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18240]: pam_unix(cron:session): session closed for user samftp
May  8 11:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17263]: pam_unix(cron:session): session closed for user root
May  8 11:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Invalid user leo from 80.94.95.241
May  8 11:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: input_userauth_request: invalid user leo [preauth]
May  8 11:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user leo from 80.94.95.241 port 63180 ssh2
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18653]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18653]: pam_unix(cron:session): session closed for user p13x
May  8 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18716]: Successful su for rubyman by root
May  8 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18716]: + ??? root:rubyman
May  8 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352862 of user rubyman.
May  8 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18716]: pam_unix(su:session): session closed for user rubyman
May  8 11:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352862.
May  8 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user leo from 80.94.95.241 port 63180 ssh2
May  8 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15988]: pam_unix(cron:session): session closed for user root
May  8 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user leo from 80.94.95.241 port 63180 ssh2
May  8 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18654]: pam_unix(cron:session): session closed for user samftp
May  8 11:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Invalid user sshadmin from 80.94.95.116
May  8 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: input_userauth_request: invalid user sshadmin [preauth]
May  8 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user leo from 80.94.95.241 port 63180 ssh2
May  8 11:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Failed password for invalid user sshadmin from 80.94.95.116 port 24204 ssh2
May  8 11:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18912]: Connection closed by 80.94.95.116 port 24204 [preauth]
May  8 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Failed password for invalid user leo from 80.94.95.241 port 63180 ssh2
May  8 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Received disconnect from 80.94.95.241 port 63180:11: Bye [preauth]
May  8 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: Disconnected from 80.94.95.241 port 63180 [preauth]
May  8 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 11:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18643]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17692]: pam_unix(cron:session): session closed for user root
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19065]: pam_unix(cron:session): session closed for user p13x
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19129]: Successful su for rubyman by root
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19129]: + ??? root:rubyman
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19129]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352868 of user rubyman.
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19129]: pam_unix(su:session): session closed for user rubyman
May  8 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352868.
May  8 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session closed for user root
May  8 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19066]: pam_unix(cron:session): session closed for user samftp
May  8 11:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Invalid user bloom from 176.109.92.170
May  8 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: input_userauth_request: invalid user bloom [preauth]
May  8 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 11:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Failed password for invalid user bloom from 176.109.92.170 port 47621 ssh2
May  8 11:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Received disconnect from 176.109.92.170 port 47621:11: Bye Bye [preauth]
May  8 11:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19381]: Disconnected from 176.109.92.170 port 47621 [preauth]
May  8 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user root
May  8 11:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: Invalid user bloom from 193.70.2.2
May  8 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: input_userauth_request: invalid user bloom [preauth]
May  8 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 11:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: Failed password for invalid user bloom from 193.70.2.2 port 58774 ssh2
May  8 11:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: Received disconnect from 193.70.2.2 port 58774:11: Bye Bye [preauth]
May  8 11:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19451]: Disconnected from 193.70.2.2 port 58774 [preauth]
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19472]: pam_unix(cron:session): session closed for user p13x
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19540]: Successful su for rubyman by root
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19540]: + ??? root:rubyman
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352871 of user rubyman.
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19540]: pam_unix(su:session): session closed for user rubyman
May  8 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352871.
May  8 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16833]: pam_unix(cron:session): session closed for user root
May  8 11:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19473]: pam_unix(cron:session): session closed for user samftp
May  8 11:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18656]: pam_unix(cron:session): session closed for user root
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19897]: pam_unix(cron:session): session closed for user root
May  8 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19892]: pam_unix(cron:session): session closed for user p13x
May  8 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19971]: Successful su for rubyman by root
May  8 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19971]: + ??? root:rubyman
May  8 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352879 of user rubyman.
May  8 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19971]: pam_unix(su:session): session closed for user rubyman
May  8 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352879.
May  8 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19894]: pam_unix(cron:session): session closed for user root
May  8 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17261]: pam_unix(cron:session): session closed for user root
May  8 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19893]: pam_unix(cron:session): session closed for user samftp
May  8 11:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Invalid user qi from 14.103.114.22
May  8 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: input_userauth_request: invalid user qi [preauth]
May  8 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.114.22
May  8 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user qi from 14.103.114.22 port 60822 ssh2
May  8 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Received disconnect from 14.103.114.22 port 60822:11: Bye Bye [preauth]
May  8 11:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Disconnected from 14.103.114.22 port 60822 [preauth]
May  8 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19072]: pam_unix(cron:session): session closed for user root
May  8 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20335]: pam_unix(cron:session): session closed for user p13x
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20404]: Successful su for rubyman by root
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20404]: + ??? root:rubyman
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352882 of user rubyman.
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20404]: pam_unix(su:session): session closed for user rubyman
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352882.
May  8 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175  user=root
May  8 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Failed password for root from 185.213.164.175 port 56980 ssh2
May  8 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Received disconnect from 185.213.164.175 port 56980:11: Bye Bye [preauth]
May  8 11:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20332]: Disconnected from 185.213.164.175 port 56980 [preauth]
May  8 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17691]: pam_unix(cron:session): session closed for user root
May  8 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20336]: pam_unix(cron:session): session closed for user samftp
May  8 11:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19475]: pam_unix(cron:session): session closed for user root
May  8 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20696]: Did not receive identification string from 154.81.156.51
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20746]: pam_unix(cron:session): session closed for user p13x
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20810]: Successful su for rubyman by root
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20810]: + ??? root:rubyman
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20810]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352885 of user rubyman.
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20810]: pam_unix(su:session): session closed for user rubyman
May  8 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352885.
May  8 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18241]: pam_unix(cron:session): session closed for user root
May  8 11:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20747]: pam_unix(cron:session): session closed for user samftp
May  8 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19896]: pam_unix(cron:session): session closed for user root
May  8 11:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: Failed password for root from 176.109.92.170 port 8732 ssh2
May  8 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: Received disconnect from 176.109.92.170 port 8732:11: Bye Bye [preauth]
May  8 11:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21137]: Disconnected from 176.109.92.170 port 8732 [preauth]
May  8 11:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Invalid user alexis from 193.70.2.2
May  8 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: input_userauth_request: invalid user alexis [preauth]
May  8 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2
May  8 11:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Failed password for invalid user alexis from 193.70.2.2 port 58922 ssh2
May  8 11:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Received disconnect from 193.70.2.2 port 58922:11: Bye Bye [preauth]
May  8 11:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21148]: Disconnected from 193.70.2.2 port 58922 [preauth]
May  8 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21159]: pam_unix(cron:session): session closed for user p13x
May  8 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: Successful su for rubyman by root
May  8 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: + ??? root:rubyman
May  8 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352888 of user rubyman.
May  8 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21247]: pam_unix(su:session): session closed for user rubyman
May  8 11:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352888.
May  8 11:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18655]: pam_unix(cron:session): session closed for user root
May  8 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21160]: pam_unix(cron:session): session closed for user samftp
May  8 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20338]: pam_unix(cron:session): session closed for user root
May  8 11:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21606]: pam_unix(cron:session): session closed for user p13x
May  8 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: Successful su for rubyman by root
May  8 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: + ??? root:rubyman
May  8 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352893 of user rubyman.
May  8 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21699]: pam_unix(su:session): session closed for user rubyman
May  8 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352893.
May  8 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19067]: pam_unix(cron:session): session closed for user root
May  8 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Invalid user . from 195.178.110.50
May  8 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: input_userauth_request: invalid user . [preauth]
May  8 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21607]: pam_unix(cron:session): session closed for user samftp
May  8 11:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Failed password for invalid user . from 195.178.110.50 port 45528 ssh2
May  8 11:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21581]: Connection closed by 195.178.110.50 port 45528 [preauth]
May  8 11:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Invalid user 7 from 195.178.110.50
May  8 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: input_userauth_request: invalid user 7 [preauth]
May  8 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 11:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Failed password for invalid user 7 from 195.178.110.50 port 2602 ssh2
May  8 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Connection closed by 195.178.110.50 port 2602 [preauth]
May  8 11:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20749]: pam_unix(cron:session): session closed for user root
May  8 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: Invalid user @ from 195.178.110.50
May  8 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: input_userauth_request: invalid user @ [preauth]
May  8 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 11:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: Failed password for invalid user @ from 195.178.110.50 port 4536 ssh2
May  8 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22256]: Connection closed by 195.178.110.50 port 4536 [preauth]
May  8 11:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Invalid user I from 195.178.110.50
May  8 11:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: input_userauth_request: invalid user I [preauth]
May  8 11:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Failed password for invalid user I from 195.178.110.50 port 63302 ssh2
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22362]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22367]: pam_unix(cron:session): session closed for user root
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22362]: pam_unix(cron:session): session closed for user p13x
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: Successful su for rubyman by root
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: + ??? root:rubyman
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352898 of user rubyman.
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22454]: pam_unix(su:session): session closed for user rubyman
May  8 11:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352898.
May  8 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Connection closed by 195.178.110.50 port 63302 [preauth]
May  8 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22364]: pam_unix(cron:session): session closed for user root
May  8 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19474]: pam_unix(cron:session): session closed for user root
May  8 11:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22363]: pam_unix(cron:session): session closed for user samftp
May  8 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Invalid user R from 195.178.110.50
May  8 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: input_userauth_request: invalid user R [preauth]
May  8 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 11:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Failed password for invalid user R from 195.178.110.50 port 2122 ssh2
May  8 11:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22570]: Connection closed by 195.178.110.50 port 2122 [preauth]
May  8 11:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21163]: pam_unix(cron:session): session closed for user root
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22857]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22856]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22856]: pam_unix(cron:session): session closed for user p13x
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22932]: Successful su for rubyman by root
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22932]: + ??? root:rubyman
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352902 of user rubyman.
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22932]: pam_unix(su:session): session closed for user rubyman
May  8 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352902.
May  8 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19895]: pam_unix(cron:session): session closed for user root
May  8 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22857]: pam_unix(cron:session): session closed for user samftp
May  8 11:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Invalid user username from 185.213.164.175
May  8 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: input_userauth_request: invalid user username [preauth]
May  8 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Failed password for invalid user username from 185.213.164.175 port 58366 ssh2
May  8 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Received disconnect from 185.213.164.175 port 58366:11: Bye Bye [preauth]
May  8 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23146]: Disconnected from 185.213.164.175 port 58366 [preauth]
May  8 11:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21609]: pam_unix(cron:session): session closed for user root
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23331]: pam_unix(cron:session): session closed for user p13x
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: Successful su for rubyman by root
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: + ??? root:rubyman
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352907 of user rubyman.
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23461]: pam_unix(su:session): session closed for user rubyman
May  8 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352907.
May  8 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20337]: pam_unix(cron:session): session closed for user root
May  8 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23332]: pam_unix(cron:session): session closed for user samftp
May  8 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.2.2  user=root
May  8 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: Failed password for root from 193.70.2.2 port 59072 ssh2
May  8 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: Received disconnect from 193.70.2.2 port 59072:11: Bye Bye [preauth]
May  8 11:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23680]: Disconnected from 193.70.2.2 port 59072 [preauth]
May  8 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Invalid user fr from 176.109.92.170
May  8 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: input_userauth_request: invalid user fr [preauth]
May  8 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Failed password for invalid user fr from 176.109.92.170 port 65480 ssh2
May  8 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Received disconnect from 176.109.92.170 port 65480:11: Bye Bye [preauth]
May  8 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23713]: Disconnected from 176.109.92.170 port 65480 [preauth]
May  8 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22366]: pam_unix(cron:session): session closed for user root
May  8 11:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Invalid user admin from 80.94.95.112
May  8 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: input_userauth_request: invalid user admin [preauth]
May  8 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 11:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for invalid user admin from 80.94.95.112 port 41612 ssh2
May  8 11:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for invalid user admin from 80.94.95.112 port 41612 ssh2
May  8 11:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for invalid user admin from 80.94.95.112 port 41612 ssh2
May  8 11:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for invalid user admin from 80.94.95.112 port 41612 ssh2
May  8 11:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Failed password for invalid user admin from 80.94.95.112 port 41612 ssh2
May  8 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Received disconnect from 80.94.95.112 port 41612:11: Bye [preauth]
May  8 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: Disconnected from 80.94.95.112 port 41612 [preauth]
May  8 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 11:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23753]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23915]: pam_unix(cron:session): session closed for user p13x
May  8 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23986]: Successful su for rubyman by root
May  8 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23986]: + ??? root:rubyman
May  8 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352911 of user rubyman.
May  8 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23986]: pam_unix(su:session): session closed for user rubyman
May  8 11:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352911.
May  8 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20748]: pam_unix(cron:session): session closed for user root
May  8 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23916]: pam_unix(cron:session): session closed for user samftp
May  8 11:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Invalid user bamboo from 193.70.84.184
May  8 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: input_userauth_request: invalid user bamboo [preauth]
May  8 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Failed password for invalid user bamboo from 193.70.84.184 port 37338 ssh2
May  8 11:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24223]: Connection closed by 193.70.84.184 port 37338 [preauth]
May  8 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22860]: pam_unix(cron:session): session closed for user root
May  8 11:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: Invalid user username from 85.208.84.4
May  8 11:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: input_userauth_request: invalid user username [preauth]
May  8 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: Failed password for invalid user username from 85.208.84.4 port 40040 ssh2
May  8 11:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24338]: Connection closed by 85.208.84.4 port 40040 [preauth]
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session closed for user p13x
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: Successful su for rubyman by root
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: + ??? root:rubyman
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352914 of user rubyman.
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24434]: pam_unix(su:session): session closed for user rubyman
May  8 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352914.
May  8 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21162]: pam_unix(cron:session): session closed for user root
May  8 11:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session closed for user samftp
May  8 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23334]: pam_unix(cron:session): session closed for user root
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user root
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24783]: pam_unix(cron:session): session closed for user p13x
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: Successful su for rubyman by root
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: + ??? root:rubyman
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352918 of user rubyman.
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: pam_unix(su:session): session closed for user rubyman
May  8 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352918.
May  8 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24785]: pam_unix(cron:session): session closed for user root
May  8 11:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21608]: pam_unix(cron:session): session closed for user root
May  8 11:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24784]: pam_unix(cron:session): session closed for user samftp
May  8 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23919]: pam_unix(cron:session): session closed for user root
May  8 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25222]: pam_unix(cron:session): session closed for user p13x
May  8 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: Successful su for rubyman by root
May  8 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: + ??? root:rubyman
May  8 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352926 of user rubyman.
May  8 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25301]: pam_unix(su:session): session closed for user rubyman
May  8 11:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352926.
May  8 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22365]: pam_unix(cron:session): session closed for user root
May  8 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25224]: pam_unix(cron:session): session closed for user samftp
May  8 11:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Invalid user sunrise from 185.213.164.175
May  8 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: input_userauth_request: invalid user sunrise [preauth]
May  8 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Failed password for invalid user sunrise from 185.213.164.175 port 60560 ssh2
May  8 11:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Received disconnect from 185.213.164.175 port 60560:11: Bye Bye [preauth]
May  8 11:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25522]: Disconnected from 185.213.164.175 port 60560 [preauth]
May  8 11:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24366]: pam_unix(cron:session): session closed for user root
May  8 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25693]: pam_unix(cron:session): session closed for user p13x
May  8 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: Successful su for rubyman by root
May  8 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: + ??? root:rubyman
May  8 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352930 of user rubyman.
May  8 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25772]: pam_unix(su:session): session closed for user rubyman
May  8 11:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352930.
May  8 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22858]: pam_unix(cron:session): session closed for user root
May  8 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25694]: pam_unix(cron:session): session closed for user samftp
May  8 11:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25992]: Failed password for root from 176.109.92.170 port 60739 ssh2
May  8 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25992]: Received disconnect from 176.109.92.170 port 60739:11: Bye Bye [preauth]
May  8 11:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25992]: Disconnected from 176.109.92.170 port 60739 [preauth]
May  8 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24787]: pam_unix(cron:session): session closed for user root
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26146]: pam_unix(cron:session): session closed for user p13x
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26208]: Successful su for rubyman by root
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26208]: + ??? root:rubyman
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352934 of user rubyman.
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26208]: pam_unix(su:session): session closed for user rubyman
May  8 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352934.
May  8 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23333]: pam_unix(cron:session): session closed for user root
May  8 11:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26148]: pam_unix(cron:session): session closed for user samftp
May  8 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25226]: pam_unix(cron:session): session closed for user root
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26623]: pam_unix(cron:session): session closed for user p13x
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26745]: Successful su for rubyman by root
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26745]: + ??? root:rubyman
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352937 of user rubyman.
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26745]: pam_unix(su:session): session closed for user rubyman
May  8 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352937.
May  8 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26621]: pam_unix(cron:session): session closed for user root
May  8 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23918]: pam_unix(cron:session): session closed for user root
May  8 11:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26624]: pam_unix(cron:session): session closed for user samftp
May  8 11:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session closed for user root
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27194]: pam_unix(cron:session): session closed for user root
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user p13x
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27264]: Successful su for rubyman by root
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27264]: + ??? root:rubyman
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352941 of user rubyman.
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27264]: pam_unix(su:session): session closed for user rubyman
May  8 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352941.
May  8 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27191]: pam_unix(cron:session): session closed for user root
May  8 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session closed for user root
May  8 11:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user samftp
May  8 11:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26151]: pam_unix(cron:session): session closed for user root
May  8 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27701]: pam_unix(cron:session): session closed for user p13x
May  8 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: Successful su for rubyman by root
May  8 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: + ??? root:rubyman
May  8 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352948 of user rubyman.
May  8 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27770]: pam_unix(su:session): session closed for user rubyman
May  8 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352948.
May  8 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24786]: pam_unix(cron:session): session closed for user root
May  8 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27702]: pam_unix(cron:session): session closed for user samftp
May  8 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Invalid user dayz from 185.213.164.175
May  8 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: input_userauth_request: invalid user dayz [preauth]
May  8 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Failed password for invalid user dayz from 185.213.164.175 port 41626 ssh2
May  8 11:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Received disconnect from 185.213.164.175 port 41626:11: Bye Bye [preauth]
May  8 11:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Disconnected from 185.213.164.175 port 41626 [preauth]
May  8 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26626]: pam_unix(cron:session): session closed for user root
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28115]: pam_unix(cron:session): session closed for user p13x
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: Successful su for rubyman by root
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: + ??? root:rubyman
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352952 of user rubyman.
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28181]: pam_unix(su:session): session closed for user rubyman
May  8 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352952.
May  8 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25225]: pam_unix(cron:session): session closed for user root
May  8 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28116]: pam_unix(cron:session): session closed for user samftp
May  8 11:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27193]: pam_unix(cron:session): session closed for user root
May  8 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28527]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28526]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28526]: pam_unix(cron:session): session closed for user p13x
May  8 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28586]: Successful su for rubyman by root
May  8 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28586]: + ??? root:rubyman
May  8 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352957 of user rubyman.
May  8 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28586]: pam_unix(su:session): session closed for user rubyman
May  8 11:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352957.
May  8 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25699]: pam_unix(cron:session): session closed for user root
May  8 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28527]: pam_unix(cron:session): session closed for user samftp
May  8 11:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27705]: pam_unix(cron:session): session closed for user root
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28924]: pam_unix(cron:session): session closed for user p13x
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: Successful su for rubyman by root
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: + ??? root:rubyman
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352960 of user rubyman.
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28985]: pam_unix(su:session): session closed for user rubyman
May  8 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352960.
May  8 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26150]: pam_unix(cron:session): session closed for user root
May  8 11:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28925]: pam_unix(cron:session): session closed for user samftp
May  8 11:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28118]: pam_unix(cron:session): session closed for user root
May  8 11:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Failed password for root from 190.103.202.7 port 44184 ssh2
May  8 11:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29423]: Connection closed by 190.103.202.7 port 44184 [preauth]
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29440]: pam_unix(cron:session): session closed for user root
May  8 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29435]: pam_unix(cron:session): session closed for user p13x
May  8 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: Successful su for rubyman by root
May  8 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: + ??? root:rubyman
May  8 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352965 of user rubyman.
May  8 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29509]: pam_unix(su:session): session closed for user rubyman
May  8 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352965.
May  8 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29437]: pam_unix(cron:session): session closed for user root
May  8 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26625]: pam_unix(cron:session): session closed for user root
May  8 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29436]: pam_unix(cron:session): session closed for user samftp
May  8 11:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Invalid user guest from 194.0.234.19
May  8 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: input_userauth_request: invalid user guest [preauth]
May  8 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Failed password for invalid user guest from 194.0.234.19 port 31040 ssh2
May  8 11:45:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29764]: Connection closed by 194.0.234.19 port 31040 [preauth]
May  8 11:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28529]: pam_unix(cron:session): session closed for user root
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29874]: pam_unix(cron:session): session closed for user p13x
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: Successful su for rubyman by root
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: + ??? root:rubyman
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352971 of user rubyman.
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29946]: pam_unix(su:session): session closed for user rubyman
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352971.
May  8 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: User bin from 185.213.164.175 not allowed because not listed in AllowUsers
May  8 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: input_userauth_request: invalid user bin [preauth]
May  8 11:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175  user=bin
May  8 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27192]: pam_unix(cron:session): session closed for user root
May  8 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Failed password for invalid user bin from 185.213.164.175 port 52018 ssh2
May  8 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Received disconnect from 185.213.164.175 port 52018:11: Bye Bye [preauth]
May  8 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29981]: Disconnected from 185.213.164.175 port 52018 [preauth]
May  8 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29876]: pam_unix(cron:session): session closed for user samftp
May  8 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28927]: pam_unix(cron:session): session closed for user root
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30286]: pam_unix(cron:session): session closed for user p13x
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: Successful su for rubyman by root
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: + ??? root:rubyman
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352975 of user rubyman.
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30350]: pam_unix(su:session): session closed for user rubyman
May  8 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352975.
May  8 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27703]: pam_unix(cron:session): session closed for user root
May  8 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user samftp
May  8 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 11:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.180.138
May  8 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29439]: pam_unix(cron:session): session closed for user root
May  8 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30700]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30699]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30698]: pam_unix(cron:session): session closed for user p13x
May  8 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: Successful su for rubyman by root
May  8 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: + ??? root:rubyman
May  8 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352979 of user rubyman.
May  8 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30762]: pam_unix(su:session): session closed for user rubyman
May  8 11:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352979.
May  8 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28117]: pam_unix(cron:session): session closed for user root
May  8 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30699]: pam_unix(cron:session): session closed for user samftp
May  8 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29878]: pam_unix(cron:session): session closed for user root
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31200]: pam_unix(cron:session): session closed for user p13x
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31263]: Successful su for rubyman by root
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31263]: + ??? root:rubyman
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352981 of user rubyman.
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31263]: pam_unix(su:session): session closed for user rubyman
May  8 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352981.
May  8 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28528]: pam_unix(cron:session): session closed for user root
May  8 11:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31201]: pam_unix(cron:session): session closed for user samftp
May  8 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user root
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31606]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31605]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31610]: pam_unix(cron:session): session closed for user root
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31605]: pam_unix(cron:session): session closed for user p13x
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: Successful su for rubyman by root
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: + ??? root:rubyman
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352985 of user rubyman.
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31704]: pam_unix(su:session): session closed for user rubyman
May  8 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352985.
May  8 11:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31607]: pam_unix(cron:session): session closed for user root
May  8 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28926]: pam_unix(cron:session): session closed for user root
May  8 11:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31606]: pam_unix(cron:session): session closed for user samftp
May  8 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30701]: pam_unix(cron:session): session closed for user root
May  8 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32353]: pam_unix(cron:session): session closed for user p13x
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32437]: Successful su for rubyman by root
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32437]: + ??? root:rubyman
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352992 of user rubyman.
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32437]: pam_unix(su:session): session closed for user rubyman
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352992.
May  8 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Invalid user mohamed from 185.213.164.175
May  8 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: input_userauth_request: invalid user mohamed [preauth]
May  8 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:51:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29438]: pam_unix(cron:session): session closed for user root
May  8 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Failed password for invalid user mohamed from 185.213.164.175 port 37744 ssh2
May  8 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Received disconnect from 185.213.164.175 port 37744:11: Bye Bye [preauth]
May  8 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32444]: Disconnected from 185.213.164.175 port 37744 [preauth]
May  8 11:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32354]: pam_unix(cron:session): session closed for user samftp
May  8 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31203]: pam_unix(cron:session): session closed for user root
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[486]: pam_unix(cron:session): session closed for user p13x
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[563]: Successful su for rubyman by root
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[563]: + ??? root:rubyman
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[563]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 352996 of user rubyman.
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[563]: pam_unix(su:session): session closed for user rubyman
May  8 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 352996.
May  8 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29877]: pam_unix(cron:session): session closed for user root
May  8 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[490]: pam_unix(cron:session): session closed for user samftp
May  8 11:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31609]: pam_unix(cron:session): session closed for user root
May  8 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[959]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[959]: pam_unix(cron:session): session closed for user p13x
May  8 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1037]: Successful su for rubyman by root
May  8 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1037]: + ??? root:rubyman
May  8 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353000 of user rubyman.
May  8 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1037]: pam_unix(su:session): session closed for user rubyman
May  8 11:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353000.
May  8 11:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user root
May  8 11:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[961]: pam_unix(cron:session): session closed for user samftp
May  8 11:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1265]: Did not receive identification string from 123.6.60.18
May  8 11:53:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Failed password for root from 123.6.60.18 port 53612 ssh2
May  8 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1289]: Connection closed by 123.6.60.18 port 53612 [preauth]
May  8 11:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for root from 179.127.87.114 port 56560 ssh2
May  8 11:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: message repeated 3 times: [ Failed password for root from 179.127.87.114 port 56560 ssh2]
May  8 11:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32356]: pam_unix(cron:session): session closed for user root
May  8 11:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for root from 179.127.87.114 port 56560 ssh2
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for root from 179.127.87.114 port 56560 ssh2
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: maximum authentication attempts exceeded for root from 179.127.87.114 port 56560 ssh2 [preauth]
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Disconnecting: Too many authentication failures [preauth]
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Failed password for root from 123.6.60.18 port 54860 ssh2
May  8 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Connection closed by 123.6.60.18 port 54860 [preauth]
May  8 11:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Failed password for root from 179.127.87.114 port 59372 ssh2
May  8 11:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Failed password for root from 179.127.87.114 port 59372 ssh2
May  8 11:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: message repeated 3 times: [ Failed password for root from 179.127.87.114 port 59372 ssh2]
May  8 11:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Failed password for root from 179.127.87.114 port 59372 ssh2
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: error: maximum authentication attempts exceeded for root from 179.127.87.114 port 59372 ssh2 [preauth]
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: Disconnecting: Too many authentication failures [preauth]
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1381]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: Failed password for root from 123.6.60.18 port 56608 ssh2
May  8 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1409]: Connection closed by 123.6.60.18 port 56608 [preauth]
May  8 11:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for root from 179.127.87.114 port 33778 ssh2
May  8 11:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for root from 179.127.87.114 port 33778 ssh2
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1468]: pam_unix(cron:session): session closed for user p13x
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: Successful su for rubyman by root
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: + ??? root:rubyman
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353004 of user rubyman.
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1529]: pam_unix(su:session): session closed for user rubyman
May  8 11:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353004.
May  8 11:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for root from 179.127.87.114 port 33778 ssh2
May  8 11:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30700]: pam_unix(cron:session): session closed for user root
May  8 11:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for root from 179.127.87.114 port 33778 ssh2
May  8 11:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Failed password for root from 123.6.60.18 port 58080 ssh2
May  8 11:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1469]: pam_unix(cron:session): session closed for user samftp
May  8 11:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for root from 179.127.87.114 port 33778 ssh2
May  8 11:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Connection closed by 123.6.60.18 port 58080 [preauth]
May  8 11:54:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for root from 179.127.87.114 port 33778 ssh2
May  8 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: maximum authentication attempts exceeded for root from 179.127.87.114 port 33778 ssh2 [preauth]
May  8 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Disconnecting: Too many authentication failures [preauth]
May  8 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114  user=root
May  8 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1767]: Failed password for root from 179.127.87.114 port 36586 ssh2
May  8 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1767]: Received disconnect from 179.127.87.114 port 36586:11: disconnected by user [preauth]
May  8 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1767]: Disconnected from 179.127.87.114 port 36586 [preauth]
May  8 11:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Invalid user admin from 179.127.87.114
May  8 11:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: input_userauth_request: invalid user admin [preauth]
May  8 11:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user admin from 179.127.87.114 port 37258 ssh2
May  8 11:54:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user admin from 179.127.87.114 port 37258 ssh2
May  8 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user admin from 179.127.87.114 port 37258 ssh2
May  8 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: Failed password for root from 123.6.60.18 port 59472 ssh2
May  8 11:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1759]: Connection closed by 123.6.60.18 port 59472 [preauth]
May  8 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user admin from 179.127.87.114 port 37258 ssh2
May  8 11:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user admin from 179.127.87.114 port 37258 ssh2
May  8 11:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user admin from 179.127.87.114 port 37258 ssh2
May  8 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: maximum authentication attempts exceeded for invalid user admin from 179.127.87.114 port 37258 ssh2 [preauth]
May  8 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Disconnecting: Too many authentication failures [preauth]
May  8 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Invalid user admin from 179.127.87.114
May  8 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: input_userauth_request: invalid user admin [preauth]
May  8 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user admin from 179.127.87.114 port 39888 ssh2
May  8 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[492]: pam_unix(cron:session): session closed for user root
May  8 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user admin from 179.127.87.114 port 39888 ssh2
May  8 11:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user admin from 179.127.87.114 port 39888 ssh2
May  8 11:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Failed password for root from 123.6.60.18 port 32934 ssh2
May  8 11:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user admin from 179.127.87.114 port 39888 ssh2
May  8 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1827]: Connection closed by 123.6.60.18 port 32934 [preauth]
May  8 11:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user admin from 179.127.87.114 port 39888 ssh2
May  8 11:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Failed password for invalid user admin from 179.127.87.114 port 39888 ssh2
May  8 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: error: maximum authentication attempts exceeded for invalid user admin from 179.127.87.114 port 39888 ssh2 [preauth]
May  8 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: Disconnecting: Too many authentication failures [preauth]
May  8 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1838]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Invalid user admin from 179.127.87.114
May  8 11:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: input_userauth_request: invalid user admin [preauth]
May  8 11:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Failed password for invalid user admin from 179.127.87.114 port 42416 ssh2
May  8 11:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Failed password for invalid user admin from 179.127.87.114 port 42416 ssh2
May  8 11:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Failed password for invalid user admin from 179.127.87.114 port 42416 ssh2
May  8 11:54:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Failed password for invalid user admin from 179.127.87.114 port 42416 ssh2
May  8 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Received disconnect from 179.127.87.114 port 42416:11: disconnected by user [preauth]
May  8 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: Disconnected from 179.127.87.114 port 42416 [preauth]
May  8 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1947]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 11:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Invalid user oracle from 179.127.87.114
May  8 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: input_userauth_request: invalid user oracle [preauth]
May  8 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user oracle from 179.127.87.114 port 44210 ssh2
May  8 11:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user oracle from 179.127.87.114 port 44210 ssh2
May  8 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session closed for user root
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2021]: pam_unix(cron:session): session closed for user p13x
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: Failed password for root from 123.6.60.18 port 34728 ssh2
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user oracle from 179.127.87.114 port 44210 ssh2
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: Successful su for rubyman by root
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: + ??? root:rubyman
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353007 of user rubyman.
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2090]: pam_unix(su:session): session closed for user rubyman
May  8 11:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353007.
May  8 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user oracle from 179.127.87.114 port 44210 ssh2
May  8 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2023]: pam_unix(cron:session): session closed for user root
May  8 11:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31202]: pam_unix(cron:session): session closed for user root
May  8 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user oracle from 179.127.87.114 port 44210 ssh2
May  8 11:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2022]: pam_unix(cron:session): session closed for user samftp
May  8 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Failed password for invalid user oracle from 179.127.87.114 port 44210 ssh2
May  8 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: error: maximum authentication attempts exceeded for invalid user oracle from 179.127.87.114 port 44210 ssh2 [preauth]
May  8 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: Disconnecting: Too many authentication failures [preauth]
May  8 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2009]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Invalid user oracle from 179.127.87.114
May  8 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: input_userauth_request: invalid user oracle [preauth]
May  8 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user oracle from 179.127.87.114 port 46720 ssh2
May  8 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1882]: Connection closed by 123.6.60.18 port 34728 [preauth]
May  8 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user oracle from 179.127.87.114 port 46720 ssh2
May  8 11:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user oracle from 179.127.87.114 port 46720 ssh2
May  8 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Failed password for root from 123.6.60.18 port 37200 ssh2
May  8 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user oracle from 179.127.87.114 port 46720 ssh2
May  8 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2254]: Connection closed by 123.6.60.18 port 37200 [preauth]
May  8 11:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user oracle from 179.127.87.114 port 46720 ssh2
May  8 11:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Failed password for invalid user oracle from 179.127.87.114 port 46720 ssh2
May  8 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: error: maximum authentication attempts exceeded for invalid user oracle from 179.127.87.114 port 46720 ssh2 [preauth]
May  8 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: Disconnecting: Too many authentication failures [preauth]
May  8 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2304]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Invalid user oracle from 179.127.87.114
May  8 11:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: input_userauth_request: invalid user oracle [preauth]
May  8 11:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Failed password for invalid user oracle from 179.127.87.114 port 49356 ssh2
May  8 11:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Failed password for invalid user oracle from 179.127.87.114 port 49356 ssh2
May  8 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Received disconnect from 179.127.87.114 port 49356:11: disconnected by user [preauth]
May  8 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: Disconnected from 179.127.87.114 port 49356 [preauth]
May  8 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2348]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Failed password for root from 123.6.60.18 port 38776 ssh2
May  8 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Invalid user usuario from 179.127.87.114
May  8 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: input_userauth_request: invalid user usuario [preauth]
May  8 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2337]: Connection closed by 123.6.60.18 port 38776 [preauth]
May  8 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user usuario from 179.127.87.114 port 50582 ssh2
May  8 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[964]: pam_unix(cron:session): session closed for user root
May  8 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user usuario from 179.127.87.114 port 50582 ssh2
May  8 11:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user usuario from 179.127.87.114 port 50582 ssh2
May  8 11:55:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user usuario from 179.127.87.114 port 50582 ssh2
May  8 11:55:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user usuario from 179.127.87.114 port 50582 ssh2
May  8 11:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Failed password for invalid user usuario from 179.127.87.114 port 50582 ssh2
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: error: maximum authentication attempts exceeded for invalid user usuario from 179.127.87.114 port 50582 ssh2 [preauth]
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: Disconnecting: Too many authentication failures [preauth]
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2381]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Invalid user usuario from 179.127.87.114
May  8 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: input_userauth_request: invalid user usuario [preauth]
May  8 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for root from 123.6.60.18 port 40180 ssh2
May  8 11:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Connection closed by 123.6.60.18 port 40180 [preauth]
May  8 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user usuario from 179.127.87.114 port 53096 ssh2
May  8 11:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user usuario from 179.127.87.114 port 53096 ssh2
May  8 11:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user usuario from 179.127.87.114 port 53096 ssh2
May  8 11:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user usuario from 179.127.87.114 port 53096 ssh2
May  8 11:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user usuario from 179.127.87.114 port 53096 ssh2
May  8 11:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user usuario from 179.127.87.114 port 53096 ssh2
May  8 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: maximum authentication attempts exceeded for invalid user usuario from 179.127.87.114 port 53096 ssh2 [preauth]
May  8 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Disconnecting: Too many authentication failures [preauth]
May  8 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Invalid user usuario from 179.127.87.114
May  8 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: input_userauth_request: invalid user usuario [preauth]
May  8 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2470]: Failed password for root from 123.6.60.18 port 41846 ssh2
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2497]: pam_unix(cron:session): session closed for user p13x
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: Successful su for rubyman by root
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: + ??? root:rubyman
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353013 of user rubyman.
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2568]: pam_unix(su:session): session closed for user rubyman
May  8 11:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353013.
May  8 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2470]: Connection closed by 123.6.60.18 port 41846 [preauth]
May  8 11:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Failed password for invalid user usuario from 179.127.87.114 port 55646 ssh2
May  8 11:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31608]: pam_unix(cron:session): session closed for user root
May  8 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Failed password for invalid user usuario from 179.127.87.114 port 55646 ssh2
May  8 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Received disconnect from 179.127.87.114 port 55646:11: disconnected by user [preauth]
May  8 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: Disconnected from 179.127.87.114 port 55646 [preauth]
May  8 11:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2492]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Invalid user login from 185.213.164.175
May  8 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: input_userauth_request: invalid user login [preauth]
May  8 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 11:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2498]: pam_unix(cron:session): session closed for user samftp
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Invalid user test from 179.127.87.114
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: input_userauth_request: invalid user test [preauth]
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Failed password for invalid user login from 185.213.164.175 port 58378 ssh2
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Received disconnect from 185.213.164.175 port 58378:11: Bye Bye [preauth]
May  8 11:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2746]: Disconnected from 185.213.164.175 port 58378 [preauth]
May  8 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user test from 179.127.87.114 port 56984 ssh2
May  8 11:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user test from 179.127.87.114 port 56984 ssh2
May  8 11:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:56:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user test from 179.127.87.114 port 56984 ssh2
May  8 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 123.6.60.18 port 43464 ssh2
May  8 11:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Connection closed by 123.6.60.18 port 43464 [preauth]
May  8 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user test from 179.127.87.114 port 56984 ssh2
May  8 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user test from 179.127.87.114 port 56984 ssh2
May  8 11:56:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Failed password for invalid user test from 179.127.87.114 port 56984 ssh2
May  8 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: error: maximum authentication attempts exceeded for invalid user test from 179.127.87.114 port 56984 ssh2 [preauth]
May  8 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: Disconnecting: Too many authentication failures [preauth]
May  8 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2769]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Invalid user test from 179.127.87.114
May  8 11:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: input_userauth_request: invalid user test [preauth]
May  8 11:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user test from 179.127.87.114 port 59886 ssh2
May  8 11:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user test from 179.127.87.114 port 59886 ssh2
May  8 11:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2815]: Failed password for root from 123.6.60.18 port 44808 ssh2
May  8 11:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user test from 179.127.87.114 port 59886 ssh2
May  8 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2815]: Connection closed by 123.6.60.18 port 44808 [preauth]
May  8 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user test from 179.127.87.114 port 59886 ssh2
May  8 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user test from 179.127.87.114 port 59886 ssh2
May  8 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Invalid user admin from 85.208.84.5
May  8 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: input_userauth_request: invalid user admin [preauth]
May  8 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 11:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1471]: pam_unix(cron:session): session closed for user root
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Failed password for invalid user test from 179.127.87.114 port 59886 ssh2
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: error: maximum authentication attempts exceeded for invalid user test from 179.127.87.114 port 59886 ssh2 [preauth]
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: Disconnecting: Too many authentication failures [preauth]
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2827]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Failed password for invalid user admin from 85.208.84.5 port 40446 ssh2
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2864]: Connection closed by 85.208.84.5 port 40446 [preauth]
May  8 11:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Invalid user test from 179.127.87.114
May  8 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: input_userauth_request: invalid user test [preauth]
May  8 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Failed password for invalid user test from 179.127.87.114 port 34192 ssh2
May  8 11:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Failed password for invalid user test from 179.127.87.114 port 34192 ssh2
May  8 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Received disconnect from 179.127.87.114 port 34192:11: disconnected by user [preauth]
May  8 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Disconnected from 179.127.87.114 port 34192 [preauth]
May  8 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: Failed password for root from 123.6.60.18 port 46250 ssh2
May  8 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Invalid user user from 179.127.87.114
May  8 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: input_userauth_request: invalid user user [preauth]
May  8 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2862]: Connection closed by 123.6.60.18 port 46250 [preauth]
May  8 11:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user user from 179.127.87.114 port 35346 ssh2
May  8 11:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user user from 179.127.87.114 port 35346 ssh2
May  8 11:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user user from 179.127.87.114 port 35346 ssh2
May  8 11:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user user from 179.127.87.114 port 35346 ssh2
May  8 11:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user user from 179.127.87.114 port 35346 ssh2
May  8 11:56:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for invalid user user from 179.127.87.114 port 35346 ssh2
May  8 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: maximum authentication attempts exceeded for invalid user user from 179.127.87.114 port 35346 ssh2 [preauth]
May  8 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Disconnecting: Too many authentication failures [preauth]
May  8 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Invalid user user from 179.127.87.114
May  8 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: input_userauth_request: invalid user user [preauth]
May  8 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for invalid user user from 179.127.87.114 port 38012 ssh2
May  8 11:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for invalid user user from 179.127.87.114 port 38012 ssh2
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2960]: pam_unix(cron:session): session closed for user p13x
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3034]: Successful su for rubyman by root
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3034]: + ??? root:rubyman
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353019 of user rubyman.
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3034]: pam_unix(su:session): session closed for user rubyman
May  8 11:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353019.
May  8 11:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for invalid user user from 179.127.87.114 port 38012 ssh2
May  8 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for root from 123.6.60.18 port 47700 ssh2
May  8 11:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32355]: pam_unix(cron:session): session closed for user root
May  8 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for invalid user user from 179.127.87.114 port 38012 ssh2
May  8 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 123.6.60.18 port 47700 [preauth]
May  8 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2961]: pam_unix(cron:session): session closed for user samftp
May  8 11:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for invalid user user from 179.127.87.114 port 38012 ssh2
May  8 11:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Failed password for invalid user user from 179.127.87.114 port 38012 ssh2
May  8 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: error: maximum authentication attempts exceeded for invalid user user from 179.127.87.114 port 38012 ssh2 [preauth]
May  8 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: Disconnecting: Too many authentication failures [preauth]
May  8 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2949]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Invalid user user from 179.127.87.114
May  8 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: input_userauth_request: invalid user user [preauth]
May  8 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Failed password for invalid user user from 179.127.87.114 port 40434 ssh2
May  8 11:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Failed password for invalid user user from 179.127.87.114 port 40434 ssh2
May  8 11:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Failed password for invalid user user from 179.127.87.114 port 40434 ssh2
May  8 11:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Failed password for invalid user user from 179.127.87.114 port 40434 ssh2
May  8 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Received disconnect from 179.127.87.114 port 40434:11: disconnected by user [preauth]
May  8 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: Disconnected from 179.127.87.114 port 40434 [preauth]
May  8 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3231]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 11:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Invalid user ftpuser from 179.127.87.114
May  8 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: input_userauth_request: invalid user ftpuser [preauth]
May  8 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for invalid user ftpuser from 179.127.87.114 port 42278 ssh2
May  8 11:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for invalid user ftpuser from 179.127.87.114 port 42278 ssh2
May  8 11:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for invalid user ftpuser from 179.127.87.114 port 42278 ssh2
May  8 11:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for invalid user ftpuser from 179.127.87.114 port 42278 ssh2
May  8 11:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for invalid user ftpuser from 179.127.87.114 port 42278 ssh2
May  8 11:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Failed password for invalid user ftpuser from 179.127.87.114 port 42278 ssh2
May  8 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: error: maximum authentication attempts exceeded for invalid user ftpuser from 179.127.87.114 port 42278 ssh2 [preauth]
May  8 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: Disconnecting: Too many authentication failures [preauth]
May  8 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3262]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session closed for user root
May  8 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Invalid user ftpuser from 179.127.87.114
May  8 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: input_userauth_request: invalid user ftpuser [preauth]
May  8 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user ftpuser from 179.127.87.114 port 44886 ssh2
May  8 11:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user ftpuser from 179.127.87.114 port 44886 ssh2
May  8 11:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user ftpuser from 179.127.87.114 port 44886 ssh2
May  8 11:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user ftpuser from 179.127.87.114 port 44886 ssh2
May  8 11:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user ftpuser from 179.127.87.114 port 44886 ssh2
May  8 11:57:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Failed password for invalid user ftpuser from 179.127.87.114 port 44886 ssh2
May  8 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: error: maximum authentication attempts exceeded for invalid user ftpuser from 179.127.87.114 port 44886 ssh2 [preauth]
May  8 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: Disconnecting: Too many authentication failures [preauth]
May  8 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3310]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:57:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Invalid user ftpuser from 179.127.87.114
May  8 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: input_userauth_request: invalid user ftpuser [preauth]
May  8 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Failed password for invalid user ftpuser from 179.127.87.114 port 47410 ssh2
May  8 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Failed password for invalid user ftpuser from 179.127.87.114 port 47410 ssh2
May  8 11:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: Failed password for root from 123.6.60.18 port 50120 ssh2
May  8 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Failed password for invalid user ftpuser from 179.127.87.114 port 47410 ssh2
May  8 11:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3221]: Connection closed by 123.6.60.18 port 50120 [preauth]
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Failed password for invalid user ftpuser from 179.127.87.114 port 47410 ssh2
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Received disconnect from 179.127.87.114 port 47410:11: disconnected by user [preauth]
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: Disconnected from 179.127.87.114 port 47410 [preauth]
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3354]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 11:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Invalid user test1 from 179.127.87.114
May  8 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: input_userauth_request: invalid user test1 [preauth]
May  8 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3402]: pam_unix(cron:session): session closed for user p13x
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user test1 from 179.127.87.114 port 49242 ssh2
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: Successful su for rubyman by root
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: + ??? root:rubyman
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353022 of user rubyman.
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3474]: pam_unix(su:session): session closed for user rubyman
May  8 11:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353022.
May  8 11:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user test1 from 179.127.87.114 port 49242 ssh2
May  8 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[491]: pam_unix(cron:session): session closed for user root
May  8 11:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3403]: pam_unix(cron:session): session closed for user samftp
May  8 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user test1 from 179.127.87.114 port 49242 ssh2
May  8 11:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Failed password for root from 123.6.60.18 port 55528 ssh2
May  8 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3383]: Connection closed by 123.6.60.18 port 55528 [preauth]
May  8 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user test1 from 179.127.87.114 port 49242 ssh2
May  8 11:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user test1 from 179.127.87.114 port 49242 ssh2
May  8 11:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Failed password for invalid user test1 from 179.127.87.114 port 49242 ssh2
May  8 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: error: maximum authentication attempts exceeded for invalid user test1 from 179.127.87.114 port 49242 ssh2 [preauth]
May  8 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: Disconnecting: Too many authentication failures [preauth]
May  8 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3385]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Invalid user test1 from 179.127.87.114
May  8 11:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: input_userauth_request: invalid user test1 [preauth]
May  8 11:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for invalid user test1 from 179.127.87.114 port 51786 ssh2
May  8 11:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for invalid user test1 from 179.127.87.114 port 51786 ssh2
May  8 11:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for invalid user test1 from 179.127.87.114 port 51786 ssh2
May  8 11:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for invalid user test1 from 179.127.87.114 port 51786 ssh2
May  8 11:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for invalid user test1 from 179.127.87.114 port 51786 ssh2
May  8 11:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Failed password for invalid user test1 from 179.127.87.114 port 51786 ssh2
May  8 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: error: maximum authentication attempts exceeded for invalid user test1 from 179.127.87.114 port 51786 ssh2 [preauth]
May  8 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: Disconnecting: Too many authentication failures [preauth]
May  8 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3698]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Invalid user test1 from 179.127.87.114
May  8 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: input_userauth_request: invalid user test1 [preauth]
May  8 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Failed password for invalid user test1 from 179.127.87.114 port 54464 ssh2
May  8 11:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3689]: Failed password for root from 123.6.60.18 port 56836 ssh2
May  8 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Failed password for invalid user test1 from 179.127.87.114 port 54464 ssh2
May  8 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session closed for user root
May  8 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Received disconnect from 179.127.87.114 port 54464:11: disconnected by user [preauth]
May  8 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: Disconnected from 179.127.87.114 port 54464 [preauth]
May  8 11:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3749]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3689]: Connection closed by 123.6.60.18 port 56836 [preauth]
May  8 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Invalid user test2 from 179.127.87.114
May  8 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: input_userauth_request: invalid user test2 [preauth]
May  8 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user test2 from 179.127.87.114 port 55410 ssh2
May  8 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user test2 from 179.127.87.114 port 55410 ssh2
May  8 11:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user test2 from 179.127.87.114 port 55410 ssh2
May  8 11:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user test2 from 179.127.87.114 port 55410 ssh2
May  8 11:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user test2 from 179.127.87.114 port 55410 ssh2
May  8 11:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user test2 from 179.127.87.114 port 55410 ssh2
May  8 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: error: maximum authentication attempts exceeded for invalid user test2 from 179.127.87.114 port 55410 ssh2 [preauth]
May  8 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Disconnecting: Too many authentication failures [preauth]
May  8 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Failed password for root from 123.6.60.18 port 59648 ssh2
May  8 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Invalid user test2 from 179.127.87.114
May  8 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: input_userauth_request: invalid user test2 [preauth]
May  8 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:58:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Connection closed by 123.6.60.18 port 59648 [preauth]
May  8 11:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user test2 from 179.127.87.114 port 57792 ssh2
May  8 11:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user test2 from 179.127.87.114 port 57792 ssh2
May  8 11:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user test2 from 179.127.87.114 port 57792 ssh2
May  8 11:58:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user test2 from 179.127.87.114 port 57792 ssh2
May  8 11:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3846]: pam_unix(cron:session): session closed for user p13x
May  8 11:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user test2 from 179.127.87.114 port 57792 ssh2
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3910]: Successful su for rubyman by root
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3910]: + ??? root:rubyman
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3910]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353026 of user rubyman.
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3910]: pam_unix(su:session): session closed for user rubyman
May  8 11:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353026.
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Failed password for invalid user test2 from 179.127.87.114 port 57792 ssh2
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: error: maximum authentication attempts exceeded for invalid user test2 from 179.127.87.114 port 57792 ssh2 [preauth]
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: Disconnecting: Too many authentication failures [preauth]
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3824]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[962]: pam_unix(cron:session): session closed for user root
May  8 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Invalid user test2 from 179.127.87.114
May  8 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: input_userauth_request: invalid user test2 [preauth]
May  8 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3848]: pam_unix(cron:session): session closed for user samftp
May  8 11:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Failed password for invalid user test2 from 179.127.87.114 port 60422 ssh2
May  8 11:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Failed password for root from 123.6.60.18 port 33184 ssh2
May  8 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Failed password for invalid user test2 from 179.127.87.114 port 60422 ssh2
May  8 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Received disconnect from 179.127.87.114 port 60422:11: disconnected by user [preauth]
May  8 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: Disconnected from 179.127.87.114 port 60422 [preauth]
May  8 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4094]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Connection closed by 123.6.60.18 port 33184 [preauth]
May  8 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Invalid user ubuntu from 179.127.87.114
May  8 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: input_userauth_request: invalid user ubuntu [preauth]
May  8 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user ubuntu from 179.127.87.114 port 33128 ssh2
May  8 11:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user ubuntu from 179.127.87.114 port 33128 ssh2
May  8 11:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user ubuntu from 179.127.87.114 port 33128 ssh2
May  8 11:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user ubuntu from 179.127.87.114 port 33128 ssh2
May  8 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Failed password for root from 123.6.60.18 port 35180 ssh2
May  8 11:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4146]: Connection closed by 123.6.60.18 port 35180 [preauth]
May  8 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user ubuntu from 179.127.87.114 port 33128 ssh2
May  8 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Failed password for invalid user ubuntu from 179.127.87.114 port 33128 ssh2
May  8 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: error: maximum authentication attempts exceeded for invalid user ubuntu from 179.127.87.114 port 33128 ssh2 [preauth]
May  8 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: Disconnecting: Too many authentication failures [preauth]
May  8 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4144]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Invalid user ubuntu from 179.127.87.114
May  8 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: input_userauth_request: invalid user ubuntu [preauth]
May  8 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user ubuntu from 179.127.87.114 port 35776 ssh2
May  8 11:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user ubuntu from 179.127.87.114 port 35776 ssh2
May  8 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2964]: pam_unix(cron:session): session closed for user root
May  8 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user ubuntu from 179.127.87.114 port 35776 ssh2
May  8 11:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user ubuntu from 179.127.87.114 port 35776 ssh2
May  8 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user ubuntu from 179.127.87.114 port 35776 ssh2
May  8 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Failed password for root from 123.6.60.18 port 36510 ssh2
May  8 11:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Failed password for invalid user ubuntu from 179.127.87.114 port 35776 ssh2
May  8 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: error: maximum authentication attempts exceeded for invalid user ubuntu from 179.127.87.114 port 35776 ssh2 [preauth]
May  8 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: Disconnecting: Too many authentication failures [preauth]
May  8 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4199]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 11:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Invalid user ubuntu from 179.127.87.114
May  8 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: input_userauth_request: invalid user ubuntu [preauth]
May  8 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for invalid user ubuntu from 179.127.87.114 port 38542 ssh2
May  8 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4177]: Connection closed by 123.6.60.18 port 36510 [preauth]
May  8 11:59:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for invalid user ubuntu from 179.127.87.114 port 38542 ssh2
May  8 11:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 11:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for invalid user ubuntu from 179.127.87.114 port 38542 ssh2
May  8 11:59:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Failed password for root from 123.6.60.18 port 38470 ssh2
May  8 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for invalid user ubuntu from 179.127.87.114 port 38542 ssh2
May  8 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Received disconnect from 179.127.87.114 port 38542:11: disconnected by user [preauth]
May  8 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Disconnected from 179.127.87.114 port 38542 [preauth]
May  8 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 11:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Invalid user pi from 179.127.87.114
May  8 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: input_userauth_request: invalid user pi [preauth]
May  8 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): check pass; user unknown
May  8 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 11:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4276]: Connection closed by 123.6.60.18 port 38470 [preauth]
May  8 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for invalid user pi from 179.127.87.114 port 40580 ssh2
May  8 11:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for invalid user pi from 179.127.87.114 port 40580 ssh2
May  8 12:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4451]: pam_unix(cron:session): session closed for user root
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4455]: pam_unix(cron:session): session closed for user root
May  8 12:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4449]: pam_unix(cron:session): session closed for user p13x
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: Successful su for rubyman by root
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: + ??? root:rubyman
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353033 of user rubyman.
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: pam_unix(su:session): session closed for user rubyman
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353033.
May  8 12:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for invalid user pi from 179.127.87.114 port 40580 ssh2
May  8 12:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1470]: pam_unix(cron:session): session closed for user root
May  8 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Failed password for invalid user pi from 179.127.87.114 port 40580 ssh2
May  8 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Received disconnect from 179.127.87.114 port 40580:11: disconnected by user [preauth]
May  8 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: Disconnected from 179.127.87.114 port 40580 [preauth]
May  8 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4430]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 12:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4452]: pam_unix(cron:session): session closed for user root
May  8 12:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4450]: pam_unix(cron:session): session closed for user samftp
May  8 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Invalid user baikal from 179.127.87.114
May  8 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: input_userauth_request: invalid user baikal [preauth]
May  8 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.127.87.114
May  8 12:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Failed password for root from 123.6.60.18 port 39836 ssh2
May  8 12:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4434]: Connection closed by 123.6.60.18 port 39836 [preauth]
May  8 12:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Failed password for invalid user baikal from 179.127.87.114 port 50598 ssh2
May  8 12:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Received disconnect from 179.127.87.114 port 50598:11: disconnected by user [preauth]
May  8 12:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4793]: Disconnected from 179.127.87.114 port 50598 [preauth]
May  8 12:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3405]: pam_unix(cron:session): session closed for user root
May  8 12:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: Failed password for root from 123.6.60.18 port 42132 ssh2
May  8 12:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4823]: Connection closed by 123.6.60.18 port 42132 [preauth]
May  8 12:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Failed password for root from 123.6.60.18 port 44160 ssh2
May  8 12:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection closed by 123.6.60.18 port 44160 [preauth]
May  8 12:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Failed password for root from 123.6.60.18 port 45478 ssh2
May  8 12:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4974]: Connection closed by 123.6.60.18 port 45478 [preauth]
May  8 12:01:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5052]: pam_unix(cron:session): session closed for user p13x
May  8 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: Successful su for rubyman by root
May  8 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: + ??? root:rubyman
May  8 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353036 of user rubyman.
May  8 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5274]: pam_unix(su:session): session closed for user rubyman
May  8 12:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353036.
May  8 12:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2024]: pam_unix(cron:session): session closed for user root
May  8 12:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5182]: pam_unix(cron:session): session closed for user samftp
May  8 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:01:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175  user=root
May  8 12:01:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: Failed password for root from 123.6.60.18 port 46690 ssh2
May  8 12:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Failed password for root from 185.213.164.175 port 50928 ssh2
May  8 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Received disconnect from 185.213.164.175 port 50928:11: Bye Bye [preauth]
May  8 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Disconnected from 185.213.164.175 port 50928 [preauth]
May  8 12:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5001]: Connection closed by 123.6.60.18 port 46690 [preauth]
May  8 12:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 12:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.250.21
May  8 12:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Failed password for root from 123.6.60.18 port 48258 ssh2
May  8 12:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5498]: Connection closed by 123.6.60.18 port 48258 [preauth]
May  8 12:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3850]: pam_unix(cron:session): session closed for user root
May  8 12:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Failed password for root from 123.6.60.18 port 50044 ssh2
May  8 12:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5596]: Connection closed by 123.6.60.18 port 50044 [preauth]
May  8 12:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Failed password for root from 123.6.60.18 port 51814 ssh2
May  8 12:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5671]: Connection closed by 123.6.60.18 port 51814 [preauth]
May  8 12:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5707]: pam_unix(cron:session): session closed for user p13x
May  8 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: Successful su for rubyman by root
May  8 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: + ??? root:rubyman
May  8 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353040 of user rubyman.
May  8 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5768]: pam_unix(su:session): session closed for user rubyman
May  8 12:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353040.
May  8 12:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session closed for user root
May  8 12:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5708]: pam_unix(cron:session): session closed for user samftp
May  8 12:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Failed password for root from 123.6.60.18 port 53090 ssh2
May  8 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5695]: Connection closed by 123.6.60.18 port 53090 [preauth]
May  8 12:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4454]: pam_unix(cron:session): session closed for user root
May  8 12:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for root from 123.6.60.18 port 54792 ssh2
May  8 12:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 123.6.60.18 port 54792 [preauth]
May  8 12:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: Failed password for root from 123.6.60.18 port 57208 ssh2
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6214]: pam_unix(cron:session): session closed for user p13x
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6159]: Connection closed by 123.6.60.18 port 57208 [preauth]
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: Successful su for rubyman by root
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: + ??? root:rubyman
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353046 of user rubyman.
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6276]: pam_unix(su:session): session closed for user rubyman
May  8 12:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353046.
May  8 12:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2963]: pam_unix(cron:session): session closed for user root
May  8 12:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6215]: pam_unix(cron:session): session closed for user samftp
May  8 12:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Failed password for root from 123.6.60.18 port 59700 ssh2
May  8 12:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6345]: Connection closed by 123.6.60.18 port 59700 [preauth]
May  8 12:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5184]: pam_unix(cron:session): session closed for user root
May  8 12:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: Failed password for root from 123.6.60.18 port 33258 ssh2
May  8 12:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6496]: Connection closed by 123.6.60.18 port 33258 [preauth]
May  8 12:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6614]: pam_unix(cron:session): session closed for user p13x
May  8 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: Successful su for rubyman by root
May  8 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: + ??? root:rubyman
May  8 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353048 of user rubyman.
May  8 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6684]: pam_unix(su:session): session closed for user rubyman
May  8 12:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353048.
May  8 12:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3404]: pam_unix(cron:session): session closed for user root
May  8 12:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6615]: pam_unix(cron:session): session closed for user samftp
May  8 12:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Failed password for root from 123.6.60.18 port 35454 ssh2
May  8 12:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6561]: Connection closed by 123.6.60.18 port 35454 [preauth]
May  8 12:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Failed password for root from 123.6.60.18 port 38946 ssh2
May  8 12:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5710]: pam_unix(cron:session): session closed for user root
May  8 12:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Connection closed by 123.6.60.18 port 38946 [preauth]
May  8 12:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:04:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: Failed password for root from 123.6.60.18 port 41168 ssh2
May  8 12:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7060]: Connection closed by 123.6.60.18 port 41168 [preauth]
May  8 12:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7144]: pam_unix(cron:session): session closed for user root
May  8 12:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7138]: pam_unix(cron:session): session closed for user p13x
May  8 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7219]: Successful su for rubyman by root
May  8 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7219]: + ??? root:rubyman
May  8 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7219]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353052 of user rubyman.
May  8 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7219]: pam_unix(su:session): session closed for user rubyman
May  8 12:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353052.
May  8 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3849]: pam_unix(cron:session): session closed for user root
May  8 12:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7140]: pam_unix(cron:session): session closed for user root
May  8 12:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7139]: pam_unix(cron:session): session closed for user samftp
May  8 12:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: Failed password for root from 123.6.60.18 port 42838 ssh2
May  8 12:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7116]: Connection closed by 123.6.60.18 port 42838 [preauth]
May  8 12:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6217]: pam_unix(cron:session): session closed for user root
May  8 12:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Failed password for root from 123.6.60.18 port 46208 ssh2
May  8 12:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7454]: Connection closed by 123.6.60.18 port 46208 [preauth]
May  8 12:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Failed password for root from 123.6.60.18 port 48794 ssh2
May  8 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Invalid user admin from 80.94.95.112
May  8 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: input_userauth_request: invalid user admin [preauth]
May  8 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 12:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Connection closed by 123.6.60.18 port 48794 [preauth]
May  8 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Failed password for invalid user admin from 80.94.95.112 port 5285 ssh2
May  8 12:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Failed password for invalid user admin from 80.94.95.112 port 5285 ssh2
May  8 12:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7686]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7685]: pam_unix(cron:session): session closed for user p13x
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: Successful su for rubyman by root
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: + ??? root:rubyman
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353058 of user rubyman.
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7772]: pam_unix(su:session): session closed for user rubyman
May  8 12:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353058.
May  8 12:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Failed password for invalid user admin from 80.94.95.112 port 5285 ssh2
May  8 12:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175  user=root
May  8 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Failed password for invalid user admin from 80.94.95.112 port 5285 ssh2
May  8 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: Failed password for root from 185.213.164.175 port 34268 ssh2
May  8 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4453]: pam_unix(cron:session): session closed for user root
May  8 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7686]: pam_unix(cron:session): session closed for user samftp
May  8 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: Received disconnect from 185.213.164.175 port 34268:11: Bye Bye [preauth]
May  8 12:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7835]: Disconnected from 185.213.164.175 port 34268 [preauth]
May  8 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Failed password for invalid user admin from 80.94.95.112 port 5285 ssh2
May  8 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Received disconnect from 80.94.95.112 port 5285:11: Bye [preauth]
May  8 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: Disconnected from 80.94.95.112 port 5285 [preauth]
May  8 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7665]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 12:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Invalid user 12345 from 80.94.95.116
May  8 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: input_userauth_request: invalid user 12345 [preauth]
May  8 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 12:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: Failed password for root from 123.6.60.18 port 50172 ssh2
May  8 12:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7678]: Connection closed by 123.6.60.18 port 50172 [preauth]
May  8 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Failed password for invalid user 12345 from 80.94.95.116 port 21046 ssh2
May  8 12:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7966]: Connection closed by 80.94.95.116 port 21046 [preauth]
May  8 12:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Invalid user mike from 50.235.31.47
May  8 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: input_userauth_request: invalid user mike [preauth]
May  8 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Failed password for invalid user mike from 50.235.31.47 port 60918 ssh2
May  8 12:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8001]: Connection closed by 50.235.31.47 port 60918 [preauth]
May  8 12:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: Failed password for root from 123.6.60.18 port 51944 ssh2
May  8 12:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7991]: Connection closed by 123.6.60.18 port 51944 [preauth]
May  8 12:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6617]: pam_unix(cron:session): session closed for user root
May  8 12:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Failed password for root from 123.6.60.18 port 53582 ssh2
May  8 12:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Connection closed by 123.6.60.18 port 53582 [preauth]
May  8 12:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: Failed password for root from 123.6.60.18 port 55184 ssh2
May  8 12:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8098]: Connection closed by 123.6.60.18 port 55184 [preauth]
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8139]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8138]: pam_unix(cron:session): session closed for user p13x
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: Successful su for rubyman by root
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: + ??? root:rubyman
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353064 of user rubyman.
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8211]: pam_unix(su:session): session closed for user rubyman
May  8 12:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353064.
May  8 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5183]: pam_unix(cron:session): session closed for user root
May  8 12:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8139]: pam_unix(cron:session): session closed for user samftp
May  8 12:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Failed password for root from 123.6.60.18 port 57004 ssh2
May  8 12:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8358]: Connection closed by 123.6.60.18 port 57004 [preauth]
May  8 12:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7142]: pam_unix(cron:session): session closed for user root
May  8 12:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: Failed password for root from 123.6.60.18 port 58856 ssh2
May  8 12:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8435]: Connection closed by 123.6.60.18 port 58856 [preauth]
May  8 12:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Failed password for root from 123.6.60.18 port 33234 ssh2
May  8 12:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8535]: Connection closed by 123.6.60.18 port 33234 [preauth]
May  8 12:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8571]: pam_unix(cron:session): session closed for user p13x
May  8 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: Successful su for rubyman by root
May  8 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: + ??? root:rubyman
May  8 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353067 of user rubyman.
May  8 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8637]: pam_unix(su:session): session closed for user rubyman
May  8 12:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353067.
May  8 12:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5709]: pam_unix(cron:session): session closed for user root
May  8 12:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8573]: pam_unix(cron:session): session closed for user samftp
May  8 12:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Failed password for root from 123.6.60.18 port 34484 ssh2
May  8 12:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8559]: Connection closed by 123.6.60.18 port 34484 [preauth]
May  8 12:08:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Failed password for root from 123.6.60.18 port 36488 ssh2
May  8 12:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8867]: Connection closed by 123.6.60.18 port 36488 [preauth]
May  8 12:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7688]: pam_unix(cron:session): session closed for user root
May  8 12:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Invalid user sysadmin from 85.208.84.134
May  8 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: input_userauth_request: invalid user sysadmin [preauth]
May  8 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 12:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Failed password for root from 123.6.60.18 port 38226 ssh2
May  8 12:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: Connection closed by 123.6.60.18 port 38226 [preauth]
May  8 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Failed password for invalid user sysadmin from 85.208.84.134 port 36754 ssh2
May  8 12:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8949]: Connection closed by 85.208.84.134 port 36754 [preauth]
May  8 12:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8976]: Failed password for root from 123.6.60.18 port 39800 ssh2
May  8 12:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8976]: Connection closed by 123.6.60.18 port 39800 [preauth]
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8998]: pam_unix(cron:session): session closed for user p13x
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9212]: Successful su for rubyman by root
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9212]: + ??? root:rubyman
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9212]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353070 of user rubyman.
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9212]: pam_unix(su:session): session closed for user rubyman
May  8 12:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353070.
May  8 12:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8996]: pam_unix(cron:session): session closed for user root
May  8 12:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6216]: pam_unix(cron:session): session closed for user root
May  8 12:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8999]: pam_unix(cron:session): session closed for user samftp
May  8 12:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Failed password for root from 123.6.60.18 port 41358 ssh2
May  8 12:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9002]: Connection closed by 123.6.60.18 port 41358 [preauth]
May  8 12:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8144]: pam_unix(cron:session): session closed for user root
May  8 12:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Failed password for root from 123.6.60.18 port 44494 ssh2
May  8 12:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9530]: Connection closed by 123.6.60.18 port 44494 [preauth]
May  8 12:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Failed password for root from 123.6.60.18 port 46110 ssh2
May  8 12:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9588]: Connection closed by 123.6.60.18 port 46110 [preauth]
May  8 12:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9624]: pam_unix(cron:session): session closed for user root
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session closed for user p13x
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9690]: Successful su for rubyman by root
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9690]: + ??? root:rubyman
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353075 of user rubyman.
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9690]: pam_unix(su:session): session closed for user rubyman
May  8 12:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353075.
May  8 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9621]: pam_unix(cron:session): session closed for user root
May  8 12:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6616]: pam_unix(cron:session): session closed for user root
May  8 12:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session closed for user samftp
May  8 12:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Failed password for root from 123.6.60.18 port 47522 ssh2
May  8 12:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9608]: Connection closed by 123.6.60.18 port 47522 [preauth]
May  8 12:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Failed password for root from 123.6.60.18 port 49902 ssh2
May  8 12:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9936]: Connection closed by 123.6.60.18 port 49902 [preauth]
May  8 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8575]: pam_unix(cron:session): session closed for user root
May  8 12:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: Failed password for root from 123.6.60.18 port 51312 ssh2
May  8 12:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9999]: Connection closed by 123.6.60.18 port 51312 [preauth]
May  8 12:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Failed password for root from 123.6.60.18 port 52940 ssh2
May  8 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10040]: Connection closed by 123.6.60.18 port 52940 [preauth]
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10066]: pam_unix(cron:session): session closed for user p13x
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: Successful su for rubyman by root
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: + ??? root:rubyman
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353081 of user rubyman.
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10132]: pam_unix(su:session): session closed for user rubyman
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353081.
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Invalid user soporte from 185.213.164.175
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: input_userauth_request: invalid user soporte [preauth]
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 12:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Failed password for invalid user soporte from 185.213.164.175 port 53442 ssh2
May  8 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Received disconnect from 185.213.164.175 port 53442:11: Bye Bye [preauth]
May  8 12:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10063]: Disconnected from 185.213.164.175 port 53442 [preauth]
May  8 12:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7141]: pam_unix(cron:session): session closed for user root
May  8 12:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10068]: pam_unix(cron:session): session closed for user samftp
May  8 12:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Failed password for root from 123.6.60.18 port 54182 ssh2
May  8 12:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10166]: Connection closed by 123.6.60.18 port 54182 [preauth]
May  8 12:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9001]: pam_unix(cron:session): session closed for user root
May  8 12:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Failed password for root from 123.6.60.18 port 55924 ssh2
May  8 12:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10453]: Connection closed by 123.6.60.18 port 55924 [preauth]
May  8 12:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: Failed password for root from 123.6.60.18 port 59200 ssh2
May  8 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10582]: pam_unix(cron:session): session closed for user p13x
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: Successful su for rubyman by root
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: + ??? root:rubyman
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353086 of user rubyman.
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10676]: pam_unix(su:session): session closed for user rubyman
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353086.
May  8 12:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10561]: Connection closed by 123.6.60.18 port 59200 [preauth]
May  8 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session closed for user root
May  8 12:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10583]: pam_unix(cron:session): session closed for user samftp
May  8 12:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: Failed password for root from 123.6.60.18 port 60854 ssh2
May  8 12:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10853]: Connection closed by 123.6.60.18 port 60854 [preauth]
May  8 12:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session closed for user root
May  8 12:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10922]: Failed password for root from 123.6.60.18 port 33956 ssh2
May  8 12:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10922]: Connection closed by 123.6.60.18 port 33956 [preauth]
May  8 12:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Failed password for root from 123.6.60.18 port 36438 ssh2
May  8 12:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10987]: Connection closed by 123.6.60.18 port 36438 [preauth]
May  8 12:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  8 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Failed password for root from 218.92.0.208 port 10802 ssh2
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11043]: pam_unix(cron:session): session closed for user p13x
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: Successful su for rubyman by root
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: + ??? root:rubyman
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353090 of user rubyman.
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11106]: pam_unix(su:session): session closed for user rubyman
May  8 12:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353090.
May  8 12:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: Failed password for root from 123.6.60.18 port 37872 ssh2
May  8 12:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11029]: Connection closed by 123.6.60.18 port 37872 [preauth]
May  8 12:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8142]: pam_unix(cron:session): session closed for user root
May  8 12:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11044]: pam_unix(cron:session): session closed for user samftp
May  8 12:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 12:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for root from 80.94.95.241 port 62677 ssh2
May  8 12:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for root from 80.94.95.241 port 62677 ssh2
May  8 12:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Failed password for root from 123.6.60.18 port 39140 ssh2
May  8 12:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for root from 80.94.95.241 port 62677 ssh2
May  8 12:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11272]: Connection closed by 123.6.60.18 port 39140 [preauth]
May  8 12:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for root from 80.94.95.241 port 62677 ssh2
May  8 12:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Failed password for root from 80.94.95.241 port 62677 ssh2
May  8 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Received disconnect from 80.94.95.241 port 62677:11: Bye [preauth]
May  8 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: Disconnected from 80.94.95.241 port 62677 [preauth]
May  8 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 12:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11296]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 12:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Failed password for root from 123.6.60.18 port 40708 ssh2
May  8 12:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11333]: Connection closed by 123.6.60.18 port 40708 [preauth]
May  8 12:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10070]: pam_unix(cron:session): session closed for user root
May  8 12:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Failed password for root from 123.6.60.18 port 42012 ssh2
May  8 12:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11364]: Connection closed by 123.6.60.18 port 42012 [preauth]
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11443]: pam_unix(cron:session): session closed for user p13x
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11518]: Successful su for rubyman by root
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11518]: + ??? root:rubyman
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353094 of user rubyman.
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11518]: pam_unix(su:session): session closed for user rubyman
May  8 12:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353094.
May  8 12:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8574]: pam_unix(cron:session): session closed for user root
May  8 12:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11444]: pam_unix(cron:session): session closed for user samftp
May  8 12:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: Failed password for root from 123.6.60.18 port 43662 ssh2
May  8 12:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11423]: Connection closed by 123.6.60.18 port 43662 [preauth]
May  8 12:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11706]: Failed password for root from 123.6.60.18 port 46308 ssh2
May  8 12:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11706]: Connection closed by 123.6.60.18 port 46308 [preauth]
May  8 12:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session closed for user root
May  8 12:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Failed password for root from 123.6.60.18 port 47662 ssh2
May  8 12:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11759]: Connection closed by 123.6.60.18 port 47662 [preauth]
May  8 12:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Failed password for root from 123.6.60.18 port 49336 ssh2
May  8 12:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Connection closed by 123.6.60.18 port 49336 [preauth]
May  8 12:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11865]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11866]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11870]: pam_unix(cron:session): session closed for user root
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11865]: pam_unix(cron:session): session closed for user p13x
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11934]: Successful su for rubyman by root
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11934]: + ??? root:rubyman
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353099 of user rubyman.
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11934]: pam_unix(su:session): session closed for user rubyman
May  8 12:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353099.
May  8 12:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11867]: pam_unix(cron:session): session closed for user root
May  8 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9000]: pam_unix(cron:session): session closed for user root
May  8 12:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11853]: Failed password for root from 123.6.60.18 port 50972 ssh2
May  8 12:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11866]: pam_unix(cron:session): session closed for user samftp
May  8 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11853]: Connection closed by 123.6.60.18 port 50972 [preauth]
May  8 12:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: Failed password for root from 123.6.60.18 port 52450 ssh2
May  8 12:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12135]: Connection closed by 123.6.60.18 port 52450 [preauth]
May  8 12:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11047]: pam_unix(cron:session): session closed for user root
May  8 12:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Failed password for root from 123.6.60.18 port 54044 ssh2
May  8 12:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12187]: Connection closed by 123.6.60.18 port 54044 [preauth]
May  8 12:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12238]: Failed password for root from 123.6.60.18 port 55968 ssh2
May  8 12:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12238]: Connection closed by 123.6.60.18 port 55968 [preauth]
May  8 12:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session closed for user p13x
May  8 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: Successful su for rubyman by root
May  8 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: + ??? root:rubyman
May  8 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353104 of user rubyman.
May  8 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12374]: pam_unix(su:session): session closed for user rubyman
May  8 12:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353104.
May  8 12:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: Invalid user zcm from 185.213.164.175
May  8 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: input_userauth_request: invalid user zcm [preauth]
May  8 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 12:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session closed for user root
May  8 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: Failed password for invalid user zcm from 185.213.164.175 port 35672 ssh2
May  8 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: Received disconnect from 185.213.164.175 port 35672:11: Bye Bye [preauth]
May  8 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12438]: Disconnected from 185.213.164.175 port 35672 [preauth]
May  8 12:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session closed for user samftp
May  8 12:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Failed password for root from 123.6.60.18 port 57708 ssh2
May  8 12:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12290]: Connection closed by 123.6.60.18 port 57708 [preauth]
May  8 12:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11446]: pam_unix(cron:session): session closed for user root
May  8 12:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12614]: Failed password for root from 123.6.60.18 port 32772 ssh2
May  8 12:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12614]: Connection closed by 123.6.60.18 port 32772 [preauth]
May  8 12:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Failed password for root from 123.6.60.18 port 34232 ssh2
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12699]: pam_unix(cron:session): session closed for user root
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12701]: pam_unix(cron:session): session closed for user p13x
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12765]: Successful su for rubyman by root
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12765]: + ??? root:rubyman
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353107 of user rubyman.
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12765]: pam_unix(su:session): session closed for user rubyman
May  8 12:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353107.
May  8 12:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12672]: Connection closed by 123.6.60.18 port 34232 [preauth]
May  8 12:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10069]: pam_unix(cron:session): session closed for user root
May  8 12:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12702]: pam_unix(cron:session): session closed for user samftp
May  8 12:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: Failed password for root from 123.6.60.18 port 36374 ssh2
May  8 12:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12873]: Connection closed by 123.6.60.18 port 36374 [preauth]
May  8 12:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11869]: pam_unix(cron:session): session closed for user root
May  8 12:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Failed password for root from 123.6.60.18 port 37684 ssh2
May  8 12:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12975]: Connection closed by 123.6.60.18 port 37684 [preauth]
May  8 12:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4  user=root
May  8 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Failed password for root from 85.208.84.4 port 44092 ssh2
May  8 12:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13086]: Connection closed by 85.208.84.4 port 44092 [preauth]
May  8 12:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Failed password for root from 123.6.60.18 port 40122 ssh2
May  8 12:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13052]: Connection closed by 123.6.60.18 port 40122 [preauth]
May  8 12:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13117]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13116]: pam_unix(cron:session): session closed for user p13x
May  8 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13174]: Successful su for rubyman by root
May  8 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13174]: + ??? root:rubyman
May  8 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353112 of user rubyman.
May  8 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13174]: pam_unix(su:session): session closed for user rubyman
May  8 12:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353112.
May  8 12:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10584]: pam_unix(cron:session): session closed for user root
May  8 12:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13117]: pam_unix(cron:session): session closed for user samftp
May  8 12:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: Failed password for root from 123.6.60.18 port 42374 ssh2
May  8 12:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13104]: Connection closed by 123.6.60.18 port 42374 [preauth]
May  8 12:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session closed for user root
May  8 12:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Failed password for root from 123.6.60.18 port 43624 ssh2
May  8 12:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13372]: Connection closed by 123.6.60.18 port 43624 [preauth]
May  8 12:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Failed password for root from 123.6.60.18 port 46556 ssh2
May  8 12:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13560]: Connection closed by 123.6.60.18 port 46556 [preauth]
May  8 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session closed for user p13x
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13681]: Successful su for rubyman by root
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13681]: + ??? root:rubyman
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353118 of user rubyman.
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13681]: pam_unix(su:session): session closed for user rubyman
May  8 12:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353118.
May  8 12:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11046]: pam_unix(cron:session): session closed for user root
May  8 12:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13617]: pam_unix(cron:session): session closed for user samftp
May  8 12:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Failed password for root from 123.6.60.18 port 48840 ssh2
May  8 12:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13613]: Connection closed by 123.6.60.18 port 48840 [preauth]
May  8 12:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12704]: pam_unix(cron:session): session closed for user root
May  8 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: Invalid user [ from 195.178.110.50
May  8 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: input_userauth_request: invalid user [ [preauth]
May  8 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 12:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: Failed password for invalid user [ from 195.178.110.50 port 12504 ssh2
May  8 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13932]: Connection closed by 195.178.110.50 port 12504 [preauth]
May  8 12:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Failed password for root from 123.6.60.18 port 51282 ssh2
May  8 12:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13931]: Connection closed by 123.6.60.18 port 51282 [preauth]
May  8 12:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Invalid user d from 195.178.110.50
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: input_userauth_request: invalid user d [preauth]
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user root
May  8 12:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14028]: pam_unix(cron:session): session closed for user p13x
May  8 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: Successful su for rubyman by root
May  8 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: + ??? root:rubyman
May  8 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353120 of user rubyman.
May  8 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14097]: pam_unix(su:session): session closed for user rubyman
May  8 12:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353120.
May  8 12:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Failed password for invalid user d from 195.178.110.50 port 4744 ssh2
May  8 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14030]: pam_unix(cron:session): session closed for user root
May  8 12:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11445]: pam_unix(cron:session): session closed for user root
May  8 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14004]: Connection closed by 195.178.110.50 port 4744 [preauth]
May  8 12:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14029]: pam_unix(cron:session): session closed for user samftp
May  8 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Invalid user m from 195.178.110.50
May  8 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: input_userauth_request: invalid user m [preauth]
May  8 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Failed password for invalid user m from 195.178.110.50 port 15200 ssh2
May  8 12:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Failed password for root from 123.6.60.18 port 55118 ssh2
May  8 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14298]: Connection closed by 195.178.110.50 port 15200 [preauth]
May  8 12:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14024]: Connection closed by 123.6.60.18 port 55118 [preauth]
May  8 12:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13119]: pam_unix(cron:session): session closed for user root
May  8 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: Invalid user v from 195.178.110.50
May  8 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: input_userauth_request: invalid user v [preauth]
May  8 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: Failed password for invalid user v from 195.178.110.50 port 29944 ssh2
May  8 12:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Failed password for root from 123.6.60.18 port 57902 ssh2
May  8 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14351]: Connection closed by 195.178.110.50 port 29944 [preauth]
May  8 12:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14376]: Connection closed by 123.6.60.18 port 57902 [preauth]
May  8 12:20:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Failed password for root from 123.6.60.18 port 59740 ssh2
May  8 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Invalid user ! from 195.178.110.50
May  8 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: input_userauth_request: invalid user ! [preauth]
May  8 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 12:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14424]: Connection closed by 123.6.60.18 port 59740 [preauth]
May  8 12:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Failed password for invalid user ! from 195.178.110.50 port 40294 ssh2
May  8 12:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14415]: Connection closed by 195.178.110.50 port 40294 [preauth]
May  8 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14468]: pam_unix(cron:session): session closed for user p13x
May  8 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14541]: Successful su for rubyman by root
May  8 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14541]: + ??? root:rubyman
May  8 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353127 of user rubyman.
May  8 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14541]: pam_unix(su:session): session closed for user rubyman
May  8 12:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353127.
May  8 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11868]: pam_unix(cron:session): session closed for user root
May  8 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Invalid user admin from 185.213.164.175
May  8 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: input_userauth_request: invalid user admin [preauth]
May  8 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.164.175
May  8 12:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14469]: pam_unix(cron:session): session closed for user samftp
May  8 12:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: Failed password for root from 123.6.60.18 port 32842 ssh2
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Failed password for invalid user admin from 185.213.164.175 port 42168 ssh2
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Invalid user ubuntu from 190.103.202.7
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: input_userauth_request: invalid user ubuntu [preauth]
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Received disconnect from 185.213.164.175 port 42168:11: Bye Bye [preauth]
May  8 12:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Disconnected from 185.213.164.175 port 42168 [preauth]
May  8 12:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14457]: Connection closed by 123.6.60.18 port 32842 [preauth]
May  8 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Failed password for invalid user ubuntu from 190.103.202.7 port 37138 ssh2
May  8 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14740]: Connection closed by 190.103.202.7 port 37138 [preauth]
May  8 12:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Failed password for root from 123.6.60.18 port 34456 ssh2
May  8 12:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14750]: Connection closed by 123.6.60.18 port 34456 [preauth]
May  8 12:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13619]: pam_unix(cron:session): session closed for user root
May  8 12:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14813]: Failed password for root from 123.6.60.18 port 36646 ssh2
May  8 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14813]: Connection closed by 123.6.60.18 port 36646 [preauth]
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14897]: pam_unix(cron:session): session closed for user p13x
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: Successful su for rubyman by root
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: + ??? root:rubyman
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353130 of user rubyman.
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14968]: pam_unix(su:session): session closed for user rubyman
May  8 12:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353130.
May  8 12:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session closed for user root
May  8 12:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14902]: pam_unix(cron:session): session closed for user samftp
May  8 12:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: Failed password for root from 123.6.60.18 port 39436 ssh2
May  8 12:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14894]: Connection closed by 123.6.60.18 port 39436 [preauth]
May  8 12:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session closed for user root
May  8 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15307]: pam_unix(cron:session): session closed for user p13x
May  8 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: Successful su for rubyman by root
May  8 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: + ??? root:rubyman
May  8 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353134 of user rubyman.
May  8 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15370]: pam_unix(su:session): session closed for user rubyman
May  8 12:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353134.
May  8 12:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12703]: pam_unix(cron:session): session closed for user root
May  8 12:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15308]: pam_unix(cron:session): session closed for user samftp
May  8 12:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14471]: pam_unix(cron:session): session closed for user root
May  8 12:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Failed password for root from 123.6.60.18 port 41346 ssh2
May  8 12:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: Failed password for root from 123.6.60.18 port 49908 ssh2
May  8 12:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15646]: Connection closed by 123.6.60.18 port 49908 [preauth]
May  8 12:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15180]: Connection closed by 123.6.60.18 port 41346 [preauth]
May  8 12:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15702]: pam_unix(cron:session): session closed for user p13x
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: Successful su for rubyman by root
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: + ??? root:rubyman
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353139 of user rubyman.
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15763]: pam_unix(su:session): session closed for user rubyman
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353139.
May  8 12:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Failed password for root from 123.6.60.18 port 51214 ssh2
May  8 12:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Connection closed by 123.6.60.18 port 51214 [preauth]
May  8 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13118]: pam_unix(cron:session): session closed for user root
May  8 12:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15703]: pam_unix(cron:session): session closed for user samftp
May  8 12:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: Failed password for root from 123.6.60.18 port 52776 ssh2
May  8 12:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15938]: Connection closed by 123.6.60.18 port 52776 [preauth]
May  8 12:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14904]: pam_unix(cron:session): session closed for user root
May  8 12:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: Failed password for root from 123.6.60.18 port 54662 ssh2
May  8 12:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15993]: Connection closed by 123.6.60.18 port 54662 [preauth]
May  8 12:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Failed password for root from 123.6.60.18 port 56214 ssh2
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16105]: pam_unix(cron:session): session closed for user root
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16100]: pam_unix(cron:session): session closed for user p13x
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: Successful su for rubyman by root
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: + ??? root:rubyman
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353142 of user rubyman.
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16167]: pam_unix(su:session): session closed for user rubyman
May  8 12:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353142.
May  8 12:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16042]: Connection closed by 123.6.60.18 port 56214 [preauth]
May  8 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16102]: pam_unix(cron:session): session closed for user root
May  8 12:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session closed for user root
May  8 12:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16101]: pam_unix(cron:session): session closed for user samftp
May  8 12:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: Failed password for root from 123.6.60.18 port 59388 ssh2
May  8 12:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16306]: Connection closed by 123.6.60.18 port 59388 [preauth]
May  8 12:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15310]: pam_unix(cron:session): session closed for user root
May  8 12:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Failed password for root from 123.6.60.18 port 60954 ssh2
May  8 12:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16395]: Connection closed by 123.6.60.18 port 60954 [preauth]
May  8 12:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Failed password for root from 123.6.60.18 port 35850 ssh2
May  8 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16559]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16558]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16558]: pam_unix(cron:session): session closed for user p13x
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16647]: Successful su for rubyman by root
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16647]: + ??? root:rubyman
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353149 of user rubyman.
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16647]: pam_unix(su:session): session closed for user rubyman
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353149.
May  8 12:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16528]: Connection closed by 123.6.60.18 port 35850 [preauth]
May  8 12:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14031]: pam_unix(cron:session): session closed for user root
May  8 12:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16559]: pam_unix(cron:session): session closed for user samftp
May  8 12:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Failed password for root from 123.6.60.18 port 37668 ssh2
May  8 12:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16718]: Connection closed by 123.6.60.18 port 37668 [preauth]
May  8 12:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15705]: pam_unix(cron:session): session closed for user root
May  8 12:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Failed password for root from 123.6.60.18 port 39502 ssh2
May  8 12:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16874]: Connection closed by 123.6.60.18 port 39502 [preauth]
May  8 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17022]: pam_unix(cron:session): session closed for user p13x
May  8 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: Successful su for rubyman by root
May  8 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: + ??? root:rubyman
May  8 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353152 of user rubyman.
May  8 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17084]: pam_unix(su:session): session closed for user rubyman
May  8 12:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353152.
May  8 12:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14470]: pam_unix(cron:session): session closed for user root
May  8 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for root from 123.6.60.18 port 42164 ssh2
May  8 12:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17023]: pam_unix(cron:session): session closed for user samftp
May  8 12:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Connection closed by 123.6.60.18 port 42164 [preauth]
May  8 12:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Failed password for root from 123.6.60.18 port 44858 ssh2
May  8 12:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17272]: Connection closed by 123.6.60.18 port 44858 [preauth]
May  8 12:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16104]: pam_unix(cron:session): session closed for user root
May  8 12:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Failed password for root from 123.6.60.18 port 46630 ssh2
May  8 12:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17326]: Connection closed by 123.6.60.18 port 46630 [preauth]
May  8 12:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.6.60.18  user=root
May  8 12:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Failed password for root from 123.6.60.18 port 47952 ssh2
May  8 12:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17366]: Connection closed by 123.6.60.18 port 47952 [preauth]
May  8 12:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17441]: pam_unix(cron:session): session closed for user p13x
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17512]: Successful su for rubyman by root
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17512]: + ??? root:rubyman
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353157 of user rubyman.
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17512]: pam_unix(su:session): session closed for user rubyman
May  8 12:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353157.
May  8 12:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14903]: pam_unix(cron:session): session closed for user root
May  8 12:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17442]: pam_unix(cron:session): session closed for user samftp
May  8 12:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16562]: pam_unix(cron:session): session closed for user root
May  8 12:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Invalid user admin from 194.0.234.19
May  8 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: input_userauth_request: invalid user admin [preauth]
May  8 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 12:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Failed password for invalid user admin from 194.0.234.19 port 40254 ssh2
May  8 12:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17948]: Connection closed by 194.0.234.19 port 40254 [preauth]
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17969]: pam_unix(cron:session): session closed for user p13x
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18037]: Successful su for rubyman by root
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18037]: + ??? root:rubyman
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353160 of user rubyman.
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18037]: pam_unix(su:session): session closed for user rubyman
May  8 12:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353160.
May  8 12:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15309]: pam_unix(cron:session): session closed for user root
May  8 12:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17970]: pam_unix(cron:session): session closed for user samftp
May  8 12:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: Failed password for root from 193.70.84.184 port 53808 ssh2
May  8 12:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18257]: Connection closed by 193.70.84.184 port 53808 [preauth]
May  8 12:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17026]: pam_unix(cron:session): session closed for user root
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18391]: pam_unix(cron:session): session closed for user root
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18385]: pam_unix(cron:session): session closed for user p13x
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18461]: Successful su for rubyman by root
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18461]: + ??? root:rubyman
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353165 of user rubyman.
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18461]: pam_unix(su:session): session closed for user rubyman
May  8 12:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353165.
May  8 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15704]: pam_unix(cron:session): session closed for user root
May  8 12:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18388]: pam_unix(cron:session): session closed for user root
May  8 12:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18386]: pam_unix(cron:session): session closed for user samftp
May  8 12:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17444]: pam_unix(cron:session): session closed for user root
May  8 12:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Invalid user tuan from 164.68.105.9
May  8 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: input_userauth_request: invalid user tuan [preauth]
May  8 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 12:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Failed password for invalid user tuan from 164.68.105.9 port 34912 ssh2
May  8 12:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Connection closed by 164.68.105.9 port 34912 [preauth]
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18830]: pam_unix(cron:session): session closed for user p13x
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18898]: Successful su for rubyman by root
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18898]: + ??? root:rubyman
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353171 of user rubyman.
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18898]: pam_unix(su:session): session closed for user rubyman
May  8 12:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353171.
May  8 12:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16103]: pam_unix(cron:session): session closed for user root
May  8 12:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18831]: pam_unix(cron:session): session closed for user samftp
May  8 12:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17973]: pam_unix(cron:session): session closed for user root
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19241]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19241]: pam_unix(cron:session): session closed for user p13x
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19315]: Successful su for rubyman by root
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19315]: + ??? root:rubyman
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19315]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353174 of user rubyman.
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19315]: pam_unix(su:session): session closed for user rubyman
May  8 12:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353174.
May  8 12:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16560]: pam_unix(cron:session): session closed for user root
May  8 12:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19252]: pam_unix(cron:session): session closed for user samftp
May  8 12:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18390]: pam_unix(cron:session): session closed for user root
May  8 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19660]: pam_unix(cron:session): session closed for user p13x
May  8 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19728]: Successful su for rubyman by root
May  8 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19728]: + ??? root:rubyman
May  8 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353180 of user rubyman.
May  8 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19728]: pam_unix(su:session): session closed for user rubyman
May  8 12:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353180.
May  8 12:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17025]: pam_unix(cron:session): session closed for user root
May  8 12:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19661]: pam_unix(cron:session): session closed for user samftp
May  8 12:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18833]: pam_unix(cron:session): session closed for user root
May  8 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20071]: Did not receive identification string from 64.23.184.246
May  8 12:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20076]: pam_unix(cron:session): session closed for user p13x
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: Successful su for rubyman by root
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: + ??? root:rubyman
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353182 of user rubyman.
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20137]: pam_unix(su:session): session closed for user rubyman
May  8 12:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353182.
May  8 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Invalid user localadmin from 80.94.95.241
May  8 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: input_userauth_request: invalid user localadmin [preauth]
May  8 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17443]: pam_unix(cron:session): session closed for user root
May  8 12:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for invalid user localadmin from 80.94.95.241 port 63716 ssh2
May  8 12:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for invalid user localadmin from 80.94.95.241 port 63716 ssh2
May  8 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20077]: pam_unix(cron:session): session closed for user samftp
May  8 12:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for invalid user localadmin from 80.94.95.241 port 63716 ssh2
May  8 12:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for invalid user localadmin from 80.94.95.241 port 63716 ssh2
May  8 12:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Failed password for invalid user localadmin from 80.94.95.241 port 63716 ssh2
May  8 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Received disconnect from 80.94.95.241 port 63716:11: Bye [preauth]
May  8 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: Disconnected from 80.94.95.241 port 63716 [preauth]
May  8 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 12:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20073]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 12:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19254]: pam_unix(cron:session): session closed for user root
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20484]: pam_unix(cron:session): session closed for user root
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session closed for user p13x
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20551]: Successful su for rubyman by root
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20551]: + ??? root:rubyman
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353188 of user rubyman.
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20551]: pam_unix(su:session): session closed for user rubyman
May  8 12:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353188.
May  8 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session closed for user root
May  8 12:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17971]: pam_unix(cron:session): session closed for user root
May  8 12:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session closed for user samftp
May  8 12:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19666]: pam_unix(cron:session): session closed for user root
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20927]: pam_unix(cron:session): session closed for user p13x
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: Successful su for rubyman by root
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: + ??? root:rubyman
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353193 of user rubyman.
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20991]: pam_unix(su:session): session closed for user rubyman
May  8 12:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353193.
May  8 12:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18389]: pam_unix(cron:session): session closed for user root
May  8 12:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20928]: pam_unix(cron:session): session closed for user samftp
May  8 12:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20079]: pam_unix(cron:session): session closed for user root
May  8 12:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Received disconnect from 80.94.95.125 port 55402:11: Bye [preauth]
May  8 12:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21326]: Disconnected from 80.94.95.125 port 55402 [preauth]
May  8 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21367]: pam_unix(cron:session): session closed for user p13x
May  8 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: Successful su for rubyman by root
May  8 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: + ??? root:rubyman
May  8 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353196 of user rubyman.
May  8 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21425]: pam_unix(su:session): session closed for user rubyman
May  8 12:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353196.
May  8 12:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18832]: pam_unix(cron:session): session closed for user root
May  8 12:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21368]: pam_unix(cron:session): session closed for user samftp
May  8 12:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20483]: pam_unix(cron:session): session closed for user root
May  8 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22056]: pam_unix(cron:session): session closed for user p13x
May  8 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22145]: Successful su for rubyman by root
May  8 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22145]: + ??? root:rubyman
May  8 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353200 of user rubyman.
May  8 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22145]: pam_unix(su:session): session closed for user rubyman
May  8 12:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353200.
May  8 12:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19253]: pam_unix(cron:session): session closed for user root
May  8 12:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22075]: pam_unix(cron:session): session closed for user samftp
May  8 12:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Invalid user admin from 80.94.95.241
May  8 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: input_userauth_request: invalid user admin [preauth]
May  8 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user admin from 80.94.95.241 port 38803 ssh2
May  8 12:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user admin from 80.94.95.241 port 38803 ssh2
May  8 12:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user admin from 80.94.95.241 port 38803 ssh2
May  8 12:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user admin from 80.94.95.241 port 38803 ssh2
May  8 12:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Failed password for invalid user admin from 80.94.95.241 port 38803 ssh2
May  8 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Received disconnect from 80.94.95.241 port 38803:11: Bye [preauth]
May  8 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: Disconnected from 80.94.95.241 port 38803 [preauth]
May  8 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 12:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22364]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 12:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20930]: pam_unix(cron:session): session closed for user root
May  8 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22561]: pam_unix(cron:session): session closed for user p13x
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: Successful su for rubyman by root
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: + ??? root:rubyman
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353204 of user rubyman.
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22689]: pam_unix(su:session): session closed for user rubyman
May  8 12:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353204.
May  8 12:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22559]: pam_unix(cron:session): session closed for user root
May  8 12:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19663]: pam_unix(cron:session): session closed for user root
May  8 12:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22562]: pam_unix(cron:session): session closed for user samftp
May  8 12:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: User sshd from 80.94.95.115 not allowed because not listed in AllowUsers
May  8 12:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: input_userauth_request: invalid user sshd [preauth]
May  8 12:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=sshd
May  8 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Failed password for invalid user sshd from 80.94.95.115 port 43612 ssh2
May  8 12:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22987]: Connection closed by 80.94.95.115 port 43612 [preauth]
May  8 12:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21370]: pam_unix(cron:session): session closed for user root
May  8 12:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Invalid user admin from 80.94.95.112
May  8 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: input_userauth_request: invalid user admin [preauth]
May  8 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 12:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for invalid user admin from 80.94.95.112 port 55113 ssh2
May  8 12:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for invalid user admin from 80.94.95.112 port 55113 ssh2
May  8 12:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for invalid user admin from 80.94.95.112 port 55113 ssh2
May  8 12:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for invalid user admin from 80.94.95.112 port 55113 ssh2
May  8 12:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Failed password for invalid user admin from 80.94.95.112 port 55113 ssh2
May  8 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Received disconnect from 80.94.95.112 port 55113:11: Bye [preauth]
May  8 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: Disconnected from 80.94.95.112 port 55113 [preauth]
May  8 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 12:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23064]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23119]: pam_unix(cron:session): session closed for user root
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23114]: pam_unix(cron:session): session closed for user p13x
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23193]: Successful su for rubyman by root
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23193]: + ??? root:rubyman
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23193]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353212 of user rubyman.
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23193]: pam_unix(su:session): session closed for user rubyman
May  8 12:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353212.
May  8 12:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23116]: pam_unix(cron:session): session closed for user root
May  8 12:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20078]: pam_unix(cron:session): session closed for user root
May  8 12:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23115]: pam_unix(cron:session): session closed for user samftp
May  8 12:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22077]: pam_unix(cron:session): session closed for user root
May  8 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23651]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23650]: pam_unix(cron:session): session closed for user p13x
May  8 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23718]: Successful su for rubyman by root
May  8 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23718]: + ??? root:rubyman
May  8 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353216 of user rubyman.
May  8 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23718]: pam_unix(su:session): session closed for user rubyman
May  8 12:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353216.
May  8 12:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session closed for user root
May  8 12:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23651]: pam_unix(cron:session): session closed for user samftp
May  8 12:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22564]: pam_unix(cron:session): session closed for user root
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24174]: pam_unix(cron:session): session closed for user p13x
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: Successful su for rubyman by root
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: + ??? root:rubyman
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353219 of user rubyman.
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24246]: pam_unix(su:session): session closed for user rubyman
May  8 12:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353219.
May  8 12:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20929]: pam_unix(cron:session): session closed for user root
May  8 12:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24176]: pam_unix(cron:session): session closed for user samftp
May  8 12:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23118]: pam_unix(cron:session): session closed for user root
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24627]: pam_unix(cron:session): session closed for user p13x
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24693]: Successful su for rubyman by root
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24693]: + ??? root:rubyman
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24693]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353224 of user rubyman.
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24693]: pam_unix(su:session): session closed for user rubyman
May  8 12:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353224.
May  8 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21369]: pam_unix(cron:session): session closed for user root
May  8 12:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24628]: pam_unix(cron:session): session closed for user samftp
May  8 12:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23653]: pam_unix(cron:session): session closed for user root
May  8 12:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Invalid user ebrahim from 61.160.106.78
May  8 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: input_userauth_request: invalid user ebrahim [preauth]
May  8 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Failed password for invalid user ebrahim from 61.160.106.78 port 44982 ssh2
May  8 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Received disconnect from 61.160.106.78 port 44982:11: Bye Bye [preauth]
May  8 12:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24990]: Disconnected from 61.160.106.78 port 44982 [preauth]
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25043]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25042]: pam_unix(cron:session): session closed for user p13x
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25101]: Successful su for rubyman by root
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25101]: + ??? root:rubyman
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353227 of user rubyman.
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25101]: pam_unix(su:session): session closed for user rubyman
May  8 12:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353227.
May  8 12:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22076]: pam_unix(cron:session): session closed for user root
May  8 12:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25043]: pam_unix(cron:session): session closed for user samftp
May  8 12:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24178]: pam_unix(cron:session): session closed for user root
May  8 12:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25455]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25455]: pam_unix(cron:session): session closed for user root
May  8 12:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25450]: pam_unix(cron:session): session closed for user p13x
May  8 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25522]: Successful su for rubyman by root
May  8 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25522]: + ??? root:rubyman
May  8 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353232 of user rubyman.
May  8 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25522]: pam_unix(su:session): session closed for user rubyman
May  8 12:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353232.
May  8 12:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25452]: pam_unix(cron:session): session closed for user root
May  8 12:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22563]: pam_unix(cron:session): session closed for user root
May  8 12:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25451]: pam_unix(cron:session): session closed for user samftp
May  8 12:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24630]: pam_unix(cron:session): session closed for user root
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25976]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25975]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25975]: pam_unix(cron:session): session closed for user p13x
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26048]: Successful su for rubyman by root
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26048]: + ??? root:rubyman
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353237 of user rubyman.
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26048]: pam_unix(su:session): session closed for user rubyman
May  8 12:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353237.
May  8 12:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23117]: pam_unix(cron:session): session closed for user root
May  8 12:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25976]: pam_unix(cron:session): session closed for user samftp
May  8 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Invalid user herman from 107.0.200.227
May  8 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: input_userauth_request: invalid user herman [preauth]
May  8 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 12:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Failed password for invalid user herman from 107.0.200.227 port 41096 ssh2
May  8 12:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Received disconnect from 107.0.200.227 port 41096:11: Bye Bye [preauth]
May  8 12:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26291]: Disconnected from 107.0.200.227 port 41096 [preauth]
May  8 12:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25045]: pam_unix(cron:session): session closed for user root
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26382]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26381]: pam_unix(cron:session): session closed for user p13x
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26526]: Successful su for rubyman by root
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26526]: + ??? root:rubyman
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353241 of user rubyman.
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26526]: pam_unix(su:session): session closed for user rubyman
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353241.
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Invalid user login from 118.193.45.247
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: input_userauth_request: invalid user login [preauth]
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Failed password for invalid user login from 118.193.45.247 port 55022 ssh2
May  8 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Received disconnect from 118.193.45.247 port 55022:11: Bye Bye [preauth]
May  8 12:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26377]: Disconnected from 118.193.45.247 port 55022 [preauth]
May  8 12:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23652]: pam_unix(cron:session): session closed for user root
May  8 12:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26382]: pam_unix(cron:session): session closed for user samftp
May  8 12:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25454]: pam_unix(cron:session): session closed for user root
May  8 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26870]: pam_unix(cron:session): session closed for user p13x
May  8 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: Successful su for rubyman by root
May  8 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: + ??? root:rubyman
May  8 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353246 of user rubyman.
May  8 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26957]: pam_unix(su:session): session closed for user rubyman
May  8 12:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353246.
May  8 12:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24177]: pam_unix(cron:session): session closed for user root
May  8 12:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26871]: pam_unix(cron:session): session closed for user samftp
May  8 12:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25978]: pam_unix(cron:session): session closed for user root
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27360]: pam_unix(cron:session): session closed for user p13x
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27454]: Successful su for rubyman by root
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27454]: + ??? root:rubyman
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353249 of user rubyman.
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27454]: pam_unix(su:session): session closed for user rubyman
May  8 12:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353249.
May  8 12:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24629]: pam_unix(cron:session): session closed for user root
May  8 12:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27361]: pam_unix(cron:session): session closed for user samftp
May  8 12:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Failed password for root from 80.94.95.115 port 28748 ssh2
May  8 12:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27727]: Connection closed by 80.94.95.115 port 28748 [preauth]
May  8 12:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26384]: pam_unix(cron:session): session closed for user root
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27821]: pam_unix(cron:session): session closed for user root
May  8 12:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27816]: pam_unix(cron:session): session closed for user p13x
May  8 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27892]: Successful su for rubyman by root
May  8 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27892]: + ??? root:rubyman
May  8 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27892]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353257 of user rubyman.
May  8 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27892]: pam_unix(su:session): session closed for user rubyman
May  8 12:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353257.
May  8 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25044]: pam_unix(cron:session): session closed for user root
May  8 12:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27818]: pam_unix(cron:session): session closed for user root
May  8 12:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27817]: pam_unix(cron:session): session closed for user samftp
May  8 12:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user root
May  8 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28258]: pam_unix(cron:session): session closed for user p13x
May  8 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: Successful su for rubyman by root
May  8 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: + ??? root:rubyman
May  8 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353260 of user rubyman.
May  8 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28331]: pam_unix(su:session): session closed for user rubyman
May  8 12:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353260.
May  8 12:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25453]: pam_unix(cron:session): session closed for user root
May  8 12:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28259]: pam_unix(cron:session): session closed for user samftp
May  8 12:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27363]: pam_unix(cron:session): session closed for user root
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28676]: pam_unix(cron:session): session closed for user p13x
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28737]: Successful su for rubyman by root
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28737]: + ??? root:rubyman
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353263 of user rubyman.
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28737]: pam_unix(su:session): session closed for user rubyman
May  8 12:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353263.
May  8 12:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25977]: pam_unix(cron:session): session closed for user root
May  8 12:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28677]: pam_unix(cron:session): session closed for user samftp
May  8 12:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27820]: pam_unix(cron:session): session closed for user root
May  8 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29170]: pam_unix(cron:session): session closed for user p13x
May  8 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: Successful su for rubyman by root
May  8 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: + ??? root:rubyman
May  8 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353267 of user rubyman.
May  8 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29233]: pam_unix(su:session): session closed for user rubyman
May  8 12:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353267.
May  8 12:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26383]: pam_unix(cron:session): session closed for user root
May  8 12:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29171]: pam_unix(cron:session): session closed for user samftp
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28261]: pam_unix(cron:session): session closed for user root
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29517]: Did not receive identification string from 196.251.85.34
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Invalid user user from 196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: input_userauth_request: invalid user user [preauth]
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Invalid user admin from 196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: input_userauth_request: invalid user admin [preauth]
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Invalid user support from 196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: input_userauth_request: invalid user support [preauth]
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Invalid user ubnt from 196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: input_userauth_request: invalid user ubnt [preauth]
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Invalid user usario from 196.251.85.34
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: input_userauth_request: invalid user usario [preauth]
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.85.34
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Failed password for invalid user user from 196.251.85.34 port 19140 ssh2
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Failed password for invalid user admin from 196.251.85.34 port 19162 ssh2
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Failed password for invalid user support from 196.251.85.34 port 19144 ssh2
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Failed password for invalid user ubnt from 196.251.85.34 port 19174 ssh2
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Failed password for invalid user usario from 196.251.85.34 port 19156 ssh2
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Received disconnect from 196.251.85.34 port 19140:11: Bye Bye [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29524]: Disconnected from 196.251.85.34 port 19140 [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Received disconnect from 196.251.85.34 port 19162:11: Bye Bye [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29525]: Disconnected from 196.251.85.34 port 19162 [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Received disconnect from 196.251.85.34 port 19144:11: Bye Bye [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29528]: Disconnected from 196.251.85.34 port 19144 [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Received disconnect from 196.251.85.34 port 19174:11: Bye Bye [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29531]: Disconnected from 196.251.85.34 port 19174 [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Received disconnect from 196.251.85.34 port 19156:11: Bye Bye [preauth]
May  8 12:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29530]: Disconnected from 196.251.85.34 port 19156 [preauth]
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29596]: pam_unix(cron:session): session closed for user p13x
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29658]: Successful su for rubyman by root
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29658]: + ??? root:rubyman
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353272 of user rubyman.
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29658]: pam_unix(su:session): session closed for user rubyman
May  8 12:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353272.
May  8 12:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26872]: pam_unix(cron:session): session closed for user root
May  8 12:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29597]: pam_unix(cron:session): session closed for user samftp
May  8 12:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Invalid user ebrahim from 118.193.45.247
May  8 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: input_userauth_request: invalid user ebrahim [preauth]
May  8 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 12:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Failed password for invalid user ebrahim from 118.193.45.247 port 54556 ssh2
May  8 12:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Received disconnect from 118.193.45.247 port 54556:11: Bye Bye [preauth]
May  8 12:54:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29907]: Disconnected from 118.193.45.247 port 54556 [preauth]
May  8 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Invalid user zabbix from 107.0.200.227
May  8 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: input_userauth_request: invalid user zabbix [preauth]
May  8 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28679]: pam_unix(cron:session): session closed for user root
May  8 12:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Failed password for invalid user zabbix from 107.0.200.227 port 58714 ssh2
May  8 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Received disconnect from 107.0.200.227 port 58714:11: Bye Bye [preauth]
May  8 12:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29920]: Disconnected from 107.0.200.227 port 58714 [preauth]
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30010]: pam_unix(cron:session): session closed for user root
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30004]: pam_unix(cron:session): session closed for user p13x
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: Successful su for rubyman by root
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: + ??? root:rubyman
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353279 of user rubyman.
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30076]: pam_unix(su:session): session closed for user rubyman
May  8 12:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353279.
May  8 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30006]: pam_unix(cron:session): session closed for user root
May  8 12:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27362]: pam_unix(cron:session): session closed for user root
May  8 12:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30005]: pam_unix(cron:session): session closed for user samftp
May  8 12:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29173]: pam_unix(cron:session): session closed for user root
May  8 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30436]: pam_unix(cron:session): session closed for user p13x
May  8 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30505]: Successful su for rubyman by root
May  8 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30505]: + ??? root:rubyman
May  8 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30505]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353282 of user rubyman.
May  8 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30505]: pam_unix(su:session): session closed for user rubyman
May  8 12:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353282.
May  8 12:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27819]: pam_unix(cron:session): session closed for user root
May  8 12:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30437]: pam_unix(cron:session): session closed for user samftp
May  8 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29599]: pam_unix(cron:session): session closed for user root
May  8 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Invalid user hengshi from 61.160.106.78
May  8 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: input_userauth_request: invalid user hengshi [preauth]
May  8 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 12:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Failed password for invalid user hengshi from 61.160.106.78 port 39962 ssh2
May  8 12:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Received disconnect from 61.160.106.78 port 39962:11: Bye Bye [preauth]
May  8 12:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30756]: Disconnected from 61.160.106.78 port 39962 [preauth]
May  8 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user p13x
May  8 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: Successful su for rubyman by root
May  8 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: + ??? root:rubyman
May  8 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353286 of user rubyman.
May  8 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30897]: pam_unix(su:session): session closed for user rubyman
May  8 12:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353286.
May  8 12:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28260]: pam_unix(cron:session): session closed for user root
May  8 12:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user samftp
May  8 12:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30009]: pam_unix(cron:session): session closed for user root
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31336]: pam_unix(cron:session): session closed for user p13x
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31397]: Successful su for rubyman by root
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31397]: + ??? root:rubyman
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353289 of user rubyman.
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31397]: pam_unix(su:session): session closed for user rubyman
May  8 12:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353289.
May  8 12:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28678]: pam_unix(cron:session): session closed for user root
May  8 12:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31337]: pam_unix(cron:session): session closed for user samftp
May  8 12:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30439]: pam_unix(cron:session): session closed for user root
May  8 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 12:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31772]: pam_unix(cron:session): session closed for user p13x
May  8 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: Successful su for rubyman by root
May  8 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: + ??? root:rubyman
May  8 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353294 of user rubyman.
May  8 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31833]: pam_unix(su:session): session closed for user rubyman
May  8 12:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353294.
May  8 12:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29172]: pam_unix(cron:session): session closed for user root
May  8 12:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31773]: pam_unix(cron:session): session closed for user samftp
May  8 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32320]: Failed password for root from 107.0.200.227 port 37636 ssh2
May  8 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32320]: Received disconnect from 107.0.200.227 port 37636:11: Bye Bye [preauth]
May  8 12:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32320]: Disconnected from 107.0.200.227 port 37636 [preauth]
May  8 12:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Invalid user rajeev from 118.193.45.247
May  8 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: input_userauth_request: invalid user rajeev [preauth]
May  8 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: pam_unix(sshd:auth): check pass; user unknown
May  8 12:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Failed password for invalid user rajeev from 118.193.45.247 port 47852 ssh2
May  8 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Received disconnect from 118.193.45.247 port 47852:11: Bye Bye [preauth]
May  8 12:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: Disconnected from 118.193.45.247 port 47852 [preauth]
May  8 12:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user root
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32492]: pam_unix(cron:session): session closed for user root
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32488]: pam_unix(cron:session): session closed for user root
May  8 13:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user p13x
May  8 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32590]: Successful su for rubyman by root
May  8 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32590]: + ??? root:rubyman
May  8 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353299 of user rubyman.
May  8 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32590]: pam_unix(su:session): session closed for user rubyman
May  8 13:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353299.
May  8 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29598]: pam_unix(cron:session): session closed for user root
May  8 13:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32489]: pam_unix(cron:session): session closed for user root
May  8 13:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user samftp
May  8 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31339]: pam_unix(cron:session): session closed for user root
May  8 13:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Invalid user souken from 61.160.106.78
May  8 13:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: input_userauth_request: invalid user souken [preauth]
May  8 13:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Failed password for invalid user souken from 61.160.106.78 port 36952 ssh2
May  8 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Received disconnect from 61.160.106.78 port 36952:11: Bye Bye [preauth]
May  8 13:00:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[646]: Disconnected from 61.160.106.78 port 36952 [preauth]
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[726]: pam_unix(cron:session): session closed for user p13x
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: Successful su for rubyman by root
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: + ??? root:rubyman
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353305 of user rubyman.
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[805]: pam_unix(su:session): session closed for user rubyman
May  8 13:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353305.
May  8 13:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30008]: pam_unix(cron:session): session closed for user root
May  8 13:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[727]: pam_unix(cron:session): session closed for user samftp
May  8 13:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31775]: pam_unix(cron:session): session closed for user root
May  8 13:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user p13x
May  8 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: Successful su for rubyman by root
May  8 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: + ??? root:rubyman
May  8 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353308 of user rubyman.
May  8 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session closed for user rubyman
May  8 13:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353308.
May  8 13:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30438]: pam_unix(cron:session): session closed for user root
May  8 13:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1207]: pam_unix(cron:session): session closed for user samftp
May  8 13:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32491]: pam_unix(cron:session): session closed for user root
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1676]: pam_unix(cron:session): session closed for user p13x
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1768]: Successful su for rubyman by root
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1768]: + ??? root:rubyman
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353313 of user rubyman.
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1768]: pam_unix(su:session): session closed for user rubyman
May  8 13:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353313.
May  8 13:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user root
May  8 13:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1677]: pam_unix(cron:session): session closed for user samftp
May  8 13:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[729]: pam_unix(cron:session): session closed for user root
May  8 13:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 13:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for root from 107.0.200.227 port 44798 ssh2
May  8 13:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Received disconnect from 107.0.200.227 port 44798:11: Bye Bye [preauth]
May  8 13:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Disconnected from 107.0.200.227 port 44798 [preauth]
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session closed for user p13x
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: Successful su for rubyman by root
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: + ??? root:rubyman
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353317 of user rubyman.
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2267]: pam_unix(su:session): session closed for user rubyman
May  8 13:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353317.
May  8 13:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31338]: pam_unix(cron:session): session closed for user root
May  8 13:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session closed for user samftp
May  8 13:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: Invalid user scm from 118.193.45.247
May  8 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: input_userauth_request: invalid user scm [preauth]
May  8 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: Failed password for invalid user scm from 118.193.45.247 port 47528 ssh2
May  8 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: Received disconnect from 118.193.45.247 port 47528:11: Bye Bye [preauth]
May  8 13:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2523]: Disconnected from 118.193.45.247 port 47528 [preauth]
May  8 13:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1209]: pam_unix(cron:session): session closed for user root
May  8 13:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Invalid user rajeev from 61.160.106.78
May  8 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: input_userauth_request: invalid user rajeev [preauth]
May  8 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Failed password for invalid user rajeev from 61.160.106.78 port 33942 ssh2
May  8 13:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Received disconnect from 61.160.106.78 port 33942:11: Bye Bye [preauth]
May  8 13:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2597]: Disconnected from 61.160.106.78 port 33942 [preauth]
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2665]: pam_unix(cron:session): session closed for user root
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2657]: pam_unix(cron:session): session closed for user p13x
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2742]: Successful su for rubyman by root
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2742]: + ??? root:rubyman
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353320 of user rubyman.
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2742]: pam_unix(su:session): session closed for user rubyman
May  8 13:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353320.
May  8 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2660]: pam_unix(cron:session): session closed for user root
May  8 13:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31774]: pam_unix(cron:session): session closed for user root
May  8 13:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2659]: pam_unix(cron:session): session closed for user samftp
May  8 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Invalid user nxuser from 50.235.31.47
May  8 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: input_userauth_request: invalid user nxuser [preauth]
May  8 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Failed password for invalid user nxuser from 50.235.31.47 port 36112 ssh2
May  8 13:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Connection closed by 50.235.31.47 port 36112 [preauth]
May  8 13:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1680]: pam_unix(cron:session): session closed for user root
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3119]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3116]: pam_unix(cron:session): session closed for user p13x
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3188]: Successful su for rubyman by root
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3188]: + ??? root:rubyman
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353327 of user rubyman.
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3188]: pam_unix(su:session): session closed for user rubyman
May  8 13:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353327.
May  8 13:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32490]: pam_unix(cron:session): session closed for user root
May  8 13:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3119]: pam_unix(cron:session): session closed for user samftp
May  8 13:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2209]: pam_unix(cron:session): session closed for user root
May  8 13:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 13:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Failed password for root from 190.103.202.7 port 38324 ssh2
May  8 13:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3528]: Connection closed by 190.103.202.7 port 38324 [preauth]
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3550]: pam_unix(cron:session): session closed for user p13x
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: Successful su for rubyman by root
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: + ??? root:rubyman
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353331 of user rubyman.
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3648]: pam_unix(su:session): session closed for user rubyman
May  8 13:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353331.
May  8 13:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[728]: pam_unix(cron:session): session closed for user root
May  8 13:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3551]: pam_unix(cron:session): session closed for user samftp
May  8 13:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2664]: pam_unix(cron:session): session closed for user root
May  8 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4013]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4013]: pam_unix(cron:session): session closed for user p13x
May  8 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: Successful su for rubyman by root
May  8 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: + ??? root:rubyman
May  8 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353335 of user rubyman.
May  8 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4075]: pam_unix(su:session): session closed for user rubyman
May  8 13:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353335.
May  8 13:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1208]: pam_unix(cron:session): session closed for user root
May  8 13:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4015]: pam_unix(cron:session): session closed for user samftp
May  8 13:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Invalid user login from 61.160.106.78
May  8 13:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: input_userauth_request: invalid user login [preauth]
May  8 13:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Invalid user wanghy from 107.0.200.227
May  8 13:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: input_userauth_request: invalid user wanghy [preauth]
May  8 13:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 13:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Failed password for invalid user login from 61.160.106.78 port 59208 ssh2
May  8 13:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Received disconnect from 61.160.106.78 port 59208:11: Bye Bye [preauth]
May  8 13:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4461]: Disconnected from 61.160.106.78 port 59208 [preauth]
May  8 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Failed password for invalid user wanghy from 107.0.200.227 port 51944 ssh2
May  8 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Received disconnect from 107.0.200.227 port 51944:11: Bye Bye [preauth]
May  8 13:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Disconnected from 107.0.200.227 port 51944 [preauth]
May  8 13:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3121]: pam_unix(cron:session): session closed for user root
May  8 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4582]: pam_unix(cron:session): session closed for user p13x
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4704]: Successful su for rubyman by root
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4704]: + ??? root:rubyman
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4704]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353338 of user rubyman.
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4704]: pam_unix(su:session): session closed for user rubyman
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353338.
May  8 13:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4579]: pam_unix(cron:session): session closed for user root
May  8 13:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1678]: pam_unix(cron:session): session closed for user root
May  8 13:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4583]: pam_unix(cron:session): session closed for user samftp
May  8 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: Invalid user postgres from 118.193.45.247
May  8 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: input_userauth_request: invalid user postgres [preauth]
May  8 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: Failed password for invalid user postgres from 118.193.45.247 port 42904 ssh2
May  8 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: Received disconnect from 118.193.45.247 port 42904:11: Bye Bye [preauth]
May  8 13:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4929]: Disconnected from 118.193.45.247 port 42904 [preauth]
May  8 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session closed for user root
May  8 13:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 13:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: Failed password for root from 80.94.95.115 port 22990 ssh2
May  8 13:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5204]: Connection closed by 80.94.95.115 port 22990 [preauth]
May  8 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: Invalid user * from 195.178.110.50
May  8 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: input_userauth_request: invalid user * [preauth]
May  8 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 13:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: Failed password for invalid user * from 195.178.110.50 port 16190 ssh2
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5295]: pam_unix(cron:session): session closed for user root
May  8 13:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5289]: pam_unix(cron:session): session closed for user p13x
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5234]: Connection closed by 195.178.110.50 port 16190 [preauth]
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5359]: Successful su for rubyman by root
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5359]: + ??? root:rubyman
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353343 of user rubyman.
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5359]: pam_unix(su:session): session closed for user rubyman
May  8 13:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353343.
May  8 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5291]: pam_unix(cron:session): session closed for user root
May  8 13:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session closed for user root
May  8 13:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5290]: pam_unix(cron:session): session closed for user samftp
May  8 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Invalid user 3 from 195.178.110.50
May  8 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: input_userauth_request: invalid user 3 [preauth]
May  8 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 13:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Failed password for invalid user 3 from 195.178.110.50 port 23812 ssh2
May  8 13:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5358]: Connection closed by 195.178.110.50 port 23812 [preauth]
May  8 13:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session closed for user root
May  8 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Invalid user < from 195.178.110.50
May  8 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: input_userauth_request: invalid user < [preauth]
May  8 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 13:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user < from 195.178.110.50 port 24348 ssh2
May  8 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Connection closed by 195.178.110.50 port 24348 [preauth]
May  8 13:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session closed for user p13x
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5948]: Successful su for rubyman by root
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5948]: + ??? root:rubyman
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353351 of user rubyman.
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5948]: pam_unix(su:session): session closed for user rubyman
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353351.
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Invalid user E from 195.178.110.50
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: input_userauth_request: invalid user E [preauth]
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 13:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user E from 195.178.110.50 port 20986 ssh2
May  8 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2663]: pam_unix(cron:session): session closed for user root
May  8 13:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5792]: pam_unix(cron:session): session closed for user samftp
May  8 13:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Connection closed by 195.178.110.50 port 20986 [preauth]
May  8 13:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Invalid user N from 195.178.110.50
May  8 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: input_userauth_request: invalid user N [preauth]
May  8 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 13:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Failed password for invalid user N from 195.178.110.50 port 38716 ssh2
May  8 13:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Connection closed by 195.178.110.50 port 38716 [preauth]
May  8 13:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4585]: pam_unix(cron:session): session closed for user root
May  8 13:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Invalid user admin from 80.94.95.241
May  8 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: input_userauth_request: invalid user admin [preauth]
May  8 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user admin from 80.94.95.241 port 11143 ssh2
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6318]: pam_unix(cron:session): session closed for user p13x
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: Successful su for rubyman by root
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: + ??? root:rubyman
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353353 of user rubyman.
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: pam_unix(su:session): session closed for user rubyman
May  8 13:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353353.
May  8 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user admin from 80.94.95.241 port 11143 ssh2
May  8 13:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3120]: pam_unix(cron:session): session closed for user root
May  8 13:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user admin from 80.94.95.241 port 11143 ssh2
May  8 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6320]: pam_unix(cron:session): session closed for user samftp
May  8 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user admin from 80.94.95.241 port 11143 ssh2
May  8 13:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user admin from 80.94.95.241 port 11143 ssh2
May  8 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Received disconnect from 80.94.95.241 port 11143:11: Bye [preauth]
May  8 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Disconnected from 80.94.95.241 port 11143 [preauth]
May  8 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 13:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: Invalid user git from 61.160.106.78
May  8 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: input_userauth_request: invalid user git [preauth]
May  8 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: Failed password for invalid user git from 61.160.106.78 port 56228 ssh2
May  8 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: Received disconnect from 61.160.106.78 port 56228:11: Bye Bye [preauth]
May  8 13:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6590]: Disconnected from 61.160.106.78 port 56228 [preauth]
May  8 13:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5293]: pam_unix(cron:session): session closed for user root
May  8 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6720]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6721]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6720]: pam_unix(cron:session): session closed for user p13x
May  8 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6786]: Successful su for rubyman by root
May  8 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6786]: + ??? root:rubyman
May  8 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353358 of user rubyman.
May  8 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6786]: pam_unix(su:session): session closed for user rubyman
May  8 13:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353358.
May  8 13:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session closed for user root
May  8 13:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6721]: pam_unix(cron:session): session closed for user samftp
May  8 13:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134  user=root
May  8 13:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Failed password for root from 85.208.84.134 port 48344 ssh2
May  8 13:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7109]: Connection closed by 85.208.84.134 port 48344 [preauth]
May  8 13:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Invalid user admin from 80.94.95.112
May  8 13:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: input_userauth_request: invalid user admin [preauth]
May  8 13:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 13:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: Invalid user zhzhang from 101.36.117.148
May  8 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: input_userauth_request: invalid user zhzhang [preauth]
May  8 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user admin from 80.94.95.112 port 31718 ssh2
May  8 13:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: Failed password for invalid user zhzhang from 101.36.117.148 port 36438 ssh2
May  8 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: Received disconnect from 101.36.117.148 port 36438:11: Bye Bye [preauth]
May  8 13:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7125]: Disconnected from 101.36.117.148 port 36438 [preauth]
May  8 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user admin from 80.94.95.112 port 31718 ssh2
May  8 13:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user admin from 80.94.95.112 port 31718 ssh2
May  8 13:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user admin from 80.94.95.112 port 31718 ssh2
May  8 13:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Failed password for invalid user admin from 80.94.95.112 port 31718 ssh2
May  8 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Received disconnect from 80.94.95.112 port 31718:11: Bye [preauth]
May  8 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: Disconnected from 80.94.95.112 port 31718 [preauth]
May  8 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 13:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7113]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: Invalid user lx from 107.0.200.227
May  8 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: input_userauth_request: invalid user lx [preauth]
May  8 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user root
May  8 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: Failed password for invalid user lx from 107.0.200.227 port 59086 ssh2
May  8 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: Received disconnect from 107.0.200.227 port 59086:11: Bye Bye [preauth]
May  8 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7150]: Disconnected from 107.0.200.227 port 59086 [preauth]
May  8 13:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Invalid user nagios from 164.68.105.9
May  8 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: input_userauth_request: invalid user nagios [preauth]
May  8 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 13:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Failed password for invalid user nagios from 164.68.105.9 port 35056 ssh2
May  8 13:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7177]: Connection closed by 164.68.105.9 port 35056 [preauth]
May  8 13:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Invalid user dut from 118.193.45.247
May  8 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: input_userauth_request: invalid user dut [preauth]
May  8 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Failed password for invalid user dut from 118.193.45.247 port 35310 ssh2
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Received disconnect from 118.193.45.247 port 35310:11: Bye Bye [preauth]
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7245]: Disconnected from 118.193.45.247 port 35310 [preauth]
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session closed for user p13x
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: Successful su for rubyman by root
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: + ??? root:rubyman
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353361 of user rubyman.
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7308]: pam_unix(su:session): session closed for user rubyman
May  8 13:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353361.
May  8 13:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4016]: pam_unix(cron:session): session closed for user root
May  8 13:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7249]: pam_unix(cron:session): session closed for user samftp
May  8 13:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6322]: pam_unix(cron:session): session closed for user root
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7769]: pam_unix(cron:session): session closed for user root
May  8 13:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7763]: pam_unix(cron:session): session closed for user p13x
May  8 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: Successful su for rubyman by root
May  8 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: + ??? root:rubyman
May  8 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353369 of user rubyman.
May  8 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7841]: pam_unix(su:session): session closed for user rubyman
May  8 13:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353369.
May  8 13:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7766]: pam_unix(cron:session): session closed for user root
May  8 13:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4584]: pam_unix(cron:session): session closed for user root
May  8 13:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7764]: pam_unix(cron:session): session closed for user samftp
May  8 13:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6723]: pam_unix(cron:session): session closed for user root
May  8 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8229]: pam_unix(cron:session): session closed for user p13x
May  8 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8295]: Successful su for rubyman by root
May  8 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8295]: + ??? root:rubyman
May  8 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353373 of user rubyman.
May  8 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8295]: pam_unix(su:session): session closed for user rubyman
May  8 13:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353373.
May  8 13:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5292]: pam_unix(cron:session): session closed for user root
May  8 13:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8230]: pam_unix(cron:session): session closed for user samftp
May  8 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Invalid user vendas from 61.160.106.78
May  8 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: input_userauth_request: invalid user vendas [preauth]
May  8 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Failed password for invalid user vendas from 61.160.106.78 port 53236 ssh2
May  8 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Received disconnect from 61.160.106.78 port 53236:11: Bye Bye [preauth]
May  8 13:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8526]: Disconnected from 61.160.106.78 port 53236 [preauth]
May  8 13:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7251]: pam_unix(cron:session): session closed for user root
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8652]: pam_unix(cron:session): session closed for user root
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8654]: pam_unix(cron:session): session closed for user p13x
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8731]: Successful su for rubyman by root
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8731]: + ??? root:rubyman
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353375 of user rubyman.
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8731]: pam_unix(su:session): session closed for user rubyman
May  8 13:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353375.
May  8 13:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session closed for user root
May  8 13:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8656]: pam_unix(cron:session): session closed for user samftp
May  8 13:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7768]: pam_unix(cron:session): session closed for user root
May  8 13:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 13:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Failed password for root from 218.92.0.203 port 11982 ssh2
May  8 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: message repeated 4 times: [ Failed password for root from 218.92.0.203 port 11982 ssh2]
May  8 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 11982 ssh2 [preauth]
May  8 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: Disconnecting: Too many authentication failures [preauth]
May  8 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 13:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9042]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9073]: pam_unix(cron:session): session closed for user p13x
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: Successful su for rubyman by root
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: + ??? root:rubyman
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353381 of user rubyman.
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: pam_unix(su:session): session closed for user rubyman
May  8 13:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353381.
May  8 13:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6321]: pam_unix(cron:session): session closed for user root
May  8 13:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session closed for user samftp
May  8 13:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Failed password for root from 107.0.200.227 port 38008 ssh2
May  8 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Received disconnect from 107.0.200.227 port 38008:11: Bye Bye [preauth]
May  8 13:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9452]: Disconnected from 107.0.200.227 port 38008 [preauth]
May  8 13:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8233]: pam_unix(cron:session): session closed for user root
May  8 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9595]: pam_unix(cron:session): session closed for user p13x
May  8 13:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9660]: Successful su for rubyman by root
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9660]: + ??? root:rubyman
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353386 of user rubyman.
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9660]: pam_unix(su:session): session closed for user rubyman
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353386.
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Invalid user hengshi from 118.193.45.247
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: input_userauth_request: invalid user hengshi [preauth]
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Failed password for invalid user hengshi from 118.193.45.247 port 46182 ssh2
May  8 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Received disconnect from 118.193.45.247 port 46182:11: Bye Bye [preauth]
May  8 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9640]: Disconnected from 118.193.45.247 port 46182 [preauth]
May  8 13:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6722]: pam_unix(cron:session): session closed for user root
May  8 13:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session closed for user samftp
May  8 13:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8658]: pam_unix(cron:session): session closed for user root
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session closed for user root
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10002]: pam_unix(cron:session): session closed for user p13x
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10076]: Successful su for rubyman by root
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10076]: + ??? root:rubyman
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353391 of user rubyman.
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10076]: pam_unix(su:session): session closed for user rubyman
May  8 13:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353391.
May  8 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10004]: pam_unix(cron:session): session closed for user root
May  8 13:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7250]: pam_unix(cron:session): session closed for user root
May  8 13:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10003]: pam_unix(cron:session): session closed for user samftp
May  8 13:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78  user=root
May  8 13:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Failed password for root from 61.160.106.78 port 50296 ssh2
May  8 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Received disconnect from 61.160.106.78 port 50296:11: Bye Bye [preauth]
May  8 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10447]: Disconnected from 61.160.106.78 port 50296 [preauth]
May  8 13:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9076]: pam_unix(cron:session): session closed for user root
May  8 13:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Invalid user admin from 194.0.234.19
May  8 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: input_userauth_request: invalid user admin [preauth]
May  8 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Failed password for invalid user admin from 194.0.234.19 port 17798 ssh2
May  8 13:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10488]: Connection closed by 194.0.234.19 port 17798 [preauth]
May  8 13:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Invalid user rsync from 101.36.117.148
May  8 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: input_userauth_request: invalid user rsync [preauth]
May  8 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Failed password for invalid user rsync from 101.36.117.148 port 57552 ssh2
May  8 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Received disconnect from 101.36.117.148 port 57552:11: Bye Bye [preauth]
May  8 13:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10525]: Disconnected from 101.36.117.148 port 57552 [preauth]
May  8 13:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10548]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10548]: pam_unix(cron:session): session closed for user p13x
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10639]: Successful su for rubyman by root
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10639]: + ??? root:rubyman
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10639]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353395 of user rubyman.
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10639]: pam_unix(su:session): session closed for user rubyman
May  8 13:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353395.
May  8 13:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10545]: Failed password for root from 218.92.0.252 port 11238 ssh2
May  8 13:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7767]: pam_unix(cron:session): session closed for user root
May  8 13:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10549]: pam_unix(cron:session): session closed for user samftp
May  8 13:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9598]: pam_unix(cron:session): session closed for user root
May  8 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11007]: pam_unix(cron:session): session closed for user p13x
May  8 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11069]: Successful su for rubyman by root
May  8 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11069]: + ??? root:rubyman
May  8 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11069]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353399 of user rubyman.
May  8 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11069]: pam_unix(su:session): session closed for user rubyman
May  8 13:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353399.
May  8 13:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8232]: pam_unix(cron:session): session closed for user root
May  8 13:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11008]: pam_unix(cron:session): session closed for user samftp
May  8 13:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session closed for user root
May  8 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Invalid user juan from 107.0.200.227
May  8 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: input_userauth_request: invalid user juan [preauth]
May  8 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 13:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Failed password for invalid user juan from 107.0.200.227 port 45154 ssh2
May  8 13:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Received disconnect from 107.0.200.227 port 45154:11: Bye Bye [preauth]
May  8 13:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11349]: Disconnected from 107.0.200.227 port 45154 [preauth]
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11398]: pam_unix(cron:session): session closed for user p13x
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11460]: Successful su for rubyman by root
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11460]: + ??? root:rubyman
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11460]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353403 of user rubyman.
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11460]: pam_unix(su:session): session closed for user rubyman
May  8 13:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353403.
May  8 13:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8657]: pam_unix(cron:session): session closed for user root
May  8 13:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11399]: pam_unix(cron:session): session closed for user samftp
May  8 13:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10551]: pam_unix(cron:session): session closed for user root
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11810]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11807]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11809]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11807]: pam_unix(cron:session): session closed for user p13x
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: Successful su for rubyman by root
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: + ??? root:rubyman
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353406 of user rubyman.
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11874]: pam_unix(su:session): session closed for user rubyman
May  8 13:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353406.
May  8 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Invalid user hr from 118.193.45.247
May  8 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: input_userauth_request: invalid user hr [preauth]
May  8 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Failed password for invalid user hr from 118.193.45.247 port 57148 ssh2
May  8 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Received disconnect from 118.193.45.247 port 57148:11: Bye Bye [preauth]
May  8 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11805]: Disconnected from 118.193.45.247 port 57148 [preauth]
May  8 13:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9075]: pam_unix(cron:session): session closed for user root
May  8 13:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11809]: pam_unix(cron:session): session closed for user samftp
May  8 13:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11010]: pam_unix(cron:session): session closed for user root
May  8 13:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Invalid user postgres from 61.160.106.78
May  8 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: input_userauth_request: invalid user postgres [preauth]
May  8 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Failed password for invalid user postgres from 61.160.106.78 port 47362 ssh2
May  8 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Received disconnect from 61.160.106.78 port 47362:11: Bye Bye [preauth]
May  8 13:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12147]: Disconnected from 61.160.106.78 port 47362 [preauth]
May  8 13:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 13:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Failed password for root from 80.94.95.241 port 62825 ssh2
May  8 13:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 62825 ssh2]
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Received disconnect from 80.94.95.241 port 62825:11: Bye [preauth]
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: Disconnected from 80.94.95.241 port 62825 [preauth]
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12171]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12204]: pam_unix(cron:session): session closed for user root
May  8 13:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session closed for user p13x
May  8 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: Successful su for rubyman by root
May  8 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: + ??? root:rubyman
May  8 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353410 of user rubyman.
May  8 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12270]: pam_unix(su:session): session closed for user rubyman
May  8 13:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353410.
May  8 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session closed for user root
May  8 13:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9597]: pam_unix(cron:session): session closed for user root
May  8 13:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session closed for user samftp
May  8 13:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11402]: pam_unix(cron:session): session closed for user root
May  8 13:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Invalid user dspace from 101.36.117.148
May  8 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: input_userauth_request: invalid user dspace [preauth]
May  8 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 13:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Failed password for invalid user dspace from 101.36.117.148 port 44924 ssh2
May  8 13:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Received disconnect from 101.36.117.148 port 44924:11: Bye Bye [preauth]
May  8 13:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12616]: Disconnected from 101.36.117.148 port 44924 [preauth]
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12635]: pam_unix(cron:session): session closed for user p13x
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12700]: Successful su for rubyman by root
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12700]: + ??? root:rubyman
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353417 of user rubyman.
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12700]: pam_unix(su:session): session closed for user rubyman
May  8 13:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353417.
May  8 13:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10005]: pam_unix(cron:session): session closed for user root
May  8 13:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12636]: pam_unix(cron:session): session closed for user samftp
May  8 13:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11811]: pam_unix(cron:session): session closed for user root
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13028]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13027]: pam_unix(cron:session): session closed for user p13x
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13094]: Successful su for rubyman by root
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13094]: + ??? root:rubyman
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353420 of user rubyman.
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13094]: pam_unix(su:session): session closed for user rubyman
May  8 13:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353420.
May  8 13:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10550]: pam_unix(cron:session): session closed for user root
May  8 13:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13028]: pam_unix(cron:session): session closed for user samftp
May  8 13:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12203]: pam_unix(cron:session): session closed for user root
May  8 13:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Invalid user weblogic from 107.0.200.227
May  8 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: input_userauth_request: invalid user weblogic [preauth]
May  8 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Failed password for invalid user weblogic from 107.0.200.227 port 52300 ssh2
May  8 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Received disconnect from 107.0.200.227 port 52300:11: Bye Bye [preauth]
May  8 13:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13407]: Disconnected from 107.0.200.227 port 52300 [preauth]
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13437]: pam_unix(cron:session): session closed for user p13x
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: Successful su for rubyman by root
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: + ??? root:rubyman
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353424 of user rubyman.
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13597]: pam_unix(su:session): session closed for user rubyman
May  8 13:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353424.
May  8 13:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11009]: pam_unix(cron:session): session closed for user root
May  8 13:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13438]: pam_unix(cron:session): session closed for user samftp
May  8 13:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12638]: pam_unix(cron:session): session closed for user root
May  8 13:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Invalid user frappe from 61.160.106.78
May  8 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: input_userauth_request: invalid user frappe [preauth]
May  8 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Failed password for invalid user frappe from 61.160.106.78 port 44366 ssh2
May  8 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Received disconnect from 61.160.106.78 port 44366:11: Bye Bye [preauth]
May  8 13:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13880]: Disconnected from 61.160.106.78 port 44366 [preauth]
May  8 13:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247  user=root
May  8 13:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Failed password for root from 118.193.45.247 port 50976 ssh2
May  8 13:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Received disconnect from 118.193.45.247 port 50976:11: Bye Bye [preauth]
May  8 13:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13928]: Disconnected from 118.193.45.247 port 50976 [preauth]
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13942]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13941]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13941]: pam_unix(cron:session): session closed for user p13x
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14004]: Successful su for rubyman by root
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14004]: + ??? root:rubyman
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14004]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353428 of user rubyman.
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14004]: pam_unix(su:session): session closed for user rubyman
May  8 13:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353428.
May  8 13:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11401]: pam_unix(cron:session): session closed for user root
May  8 13:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13942]: pam_unix(cron:session): session closed for user samftp
May  8 13:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session closed for user root
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14345]: pam_unix(cron:session): session closed for user root
May  8 13:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14340]: pam_unix(cron:session): session closed for user p13x
May  8 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: Successful su for rubyman by root
May  8 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: + ??? root:rubyman
May  8 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353433 of user rubyman.
May  8 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14409]: pam_unix(su:session): session closed for user rubyman
May  8 13:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353433.
May  8 13:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11810]: pam_unix(cron:session): session closed for user root
May  8 13:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14342]: pam_unix(cron:session): session closed for user root
May  8 13:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14341]: pam_unix(cron:session): session closed for user samftp
May  8 13:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13440]: pam_unix(cron:session): session closed for user root
May  8 13:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Invalid user nic from 101.36.117.148
May  8 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: input_userauth_request: invalid user nic [preauth]
May  8 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Failed password for invalid user nic from 101.36.117.148 port 46020 ssh2
May  8 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Received disconnect from 101.36.117.148 port 46020:11: Bye Bye [preauth]
May  8 13:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Disconnected from 101.36.117.148 port 46020 [preauth]
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14782]: pam_unix(cron:session): session closed for user p13x
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14848]: Successful su for rubyman by root
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14848]: + ??? root:rubyman
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353438 of user rubyman.
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14848]: pam_unix(su:session): session closed for user rubyman
May  8 13:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353438.
May  8 13:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12202]: pam_unix(cron:session): session closed for user root
May  8 13:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14783]: pam_unix(cron:session): session closed for user samftp
May  8 13:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13944]: pam_unix(cron:session): session closed for user root
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15196]: pam_unix(cron:session): session closed for user p13x
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15259]: Successful su for rubyman by root
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15259]: + ??? root:rubyman
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353444 of user rubyman.
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15259]: pam_unix(su:session): session closed for user rubyman
May  8 13:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353444.
May  8 13:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12637]: pam_unix(cron:session): session closed for user root
May  8 13:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15197]: pam_unix(cron:session): session closed for user samftp
May  8 13:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Invalid user odoo from 107.0.200.227
May  8 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: input_userauth_request: invalid user odoo [preauth]
May  8 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Failed password for invalid user odoo from 107.0.200.227 port 59442 ssh2
May  8 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Received disconnect from 107.0.200.227 port 59442:11: Bye Bye [preauth]
May  8 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15496]: Disconnected from 107.0.200.227 port 59442 [preauth]
May  8 13:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Invalid user hr from 61.160.106.78
May  8 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: input_userauth_request: invalid user hr [preauth]
May  8 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Failed password for invalid user hr from 61.160.106.78 port 41312 ssh2
May  8 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Received disconnect from 61.160.106.78 port 41312:11: Bye Bye [preauth]
May  8 13:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15507]: Disconnected from 61.160.106.78 port 41312 [preauth]
May  8 13:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14344]: pam_unix(cron:session): session closed for user root
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15594]: pam_unix(cron:session): session closed for user p13x
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15653]: Successful su for rubyman by root
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15653]: + ??? root:rubyman
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15653]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353448 of user rubyman.
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15653]: pam_unix(su:session): session closed for user rubyman
May  8 13:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353448.
May  8 13:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13029]: pam_unix(cron:session): session closed for user root
May  8 13:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15595]: pam_unix(cron:session): session closed for user samftp
May  8 13:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Failed password for root from 194.0.234.19 port 30464 ssh2
May  8 13:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15843]: Connection closed by 194.0.234.19 port 30464 [preauth]
May  8 13:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14785]: pam_unix(cron:session): session closed for user root
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15995]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15995]: pam_unix(cron:session): session closed for user p13x
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Invalid user sunny from 118.193.45.247
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: input_userauth_request: invalid user sunny [preauth]
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16052]: Successful su for rubyman by root
May  8 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16052]: + ??? root:rubyman
May  8 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353451 of user rubyman.
May  8 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16052]: pam_unix(su:session): session closed for user rubyman
May  8 13:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353451.
May  8 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Failed password for invalid user sunny from 118.193.45.247 port 40996 ssh2
May  8 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Received disconnect from 118.193.45.247 port 40996:11: Bye Bye [preauth]
May  8 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15992]: Disconnected from 118.193.45.247 port 40996 [preauth]
May  8 13:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13439]: pam_unix(cron:session): session closed for user root
May  8 13:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15996]: pam_unix(cron:session): session closed for user samftp
May  8 13:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15199]: pam_unix(cron:session): session closed for user root
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16375]: pam_unix(cron:session): session closed for user root
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16370]: pam_unix(cron:session): session closed for user p13x
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16441]: Successful su for rubyman by root
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16441]: + ??? root:rubyman
May  8 13:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16441]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353457 of user rubyman.
May  8 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16441]: pam_unix(su:session): session closed for user rubyman
May  8 13:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353457.
May  8 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16372]: pam_unix(cron:session): session closed for user root
May  8 13:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13943]: pam_unix(cron:session): session closed for user root
May  8 13:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16371]: pam_unix(cron:session): session closed for user samftp
May  8 13:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15597]: pam_unix(cron:session): session closed for user root
May  8 13:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148  user=root
May  8 13:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Failed password for root from 101.36.117.148 port 43024 ssh2
May  8 13:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Received disconnect from 101.36.117.148 port 43024:11: Bye Bye [preauth]
May  8 13:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16778]: Disconnected from 101.36.117.148 port 43024 [preauth]
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16859]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16857]: pam_unix(cron:session): session closed for user p13x
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: Successful su for rubyman by root
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: + ??? root:rubyman
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353461 of user rubyman.
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: pam_unix(su:session): session closed for user rubyman
May  8 13:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353461.
May  8 13:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14343]: pam_unix(cron:session): session closed for user root
May  8 13:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16859]: pam_unix(cron:session): session closed for user samftp
May  8 13:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15998]: pam_unix(cron:session): session closed for user root
May  8 13:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: Invalid user data from 61.160.106.78
May  8 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: input_userauth_request: invalid user data [preauth]
May  8 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: Failed password for invalid user data from 61.160.106.78 port 38326 ssh2
May  8 13:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: Received disconnect from 61.160.106.78 port 38326:11: Bye Bye [preauth]
May  8 13:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17260]: Disconnected from 61.160.106.78 port 38326 [preauth]
May  8 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:37:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user p13x
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17376]: Successful su for rubyman by root
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17376]: + ??? root:rubyman
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353465 of user rubyman.
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17376]: pam_unix(su:session): session closed for user rubyman
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353465.
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Failed password for root from 107.0.200.227 port 38358 ssh2
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Received disconnect from 107.0.200.227 port 38358:11: Bye Bye [preauth]
May  8 13:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Disconnected from 107.0.200.227 port 38358 [preauth]
May  8 13:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14784]: pam_unix(cron:session): session closed for user root
May  8 13:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user samftp
May  8 13:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: Invalid user fsuser from 190.103.202.7
May  8 13:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: input_userauth_request: invalid user fsuser [preauth]
May  8 13:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: Failed password for invalid user fsuser from 190.103.202.7 port 49418 ssh2
May  8 13:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17598]: Connection closed by 190.103.202.7 port 49418 [preauth]
May  8 13:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16374]: pam_unix(cron:session): session closed for user root
May  8 13:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17723]: Did not receive identification string from 193.32.162.185
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17734]: pam_unix(cron:session): session closed for user p13x
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: Successful su for rubyman by root
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: + ??? root:rubyman
May  8 13:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353469 of user rubyman.
May  8 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17901]: pam_unix(su:session): session closed for user rubyman
May  8 13:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353469.
May  8 13:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15198]: pam_unix(cron:session): session closed for user root
May  8 13:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17735]: pam_unix(cron:session): session closed for user samftp
May  8 13:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16861]: pam_unix(cron:session): session closed for user root
May  8 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Invalid user nutanix from 50.235.31.47
May  8 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: input_userauth_request: invalid user nutanix [preauth]
May  8 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 13:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Failed password for invalid user nutanix from 50.235.31.47 port 37142 ssh2
May  8 13:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18231]: Connection closed by 50.235.31.47 port 37142 [preauth]
May  8 13:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Invalid user vendas from 118.193.45.247
May  8 13:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: input_userauth_request: invalid user vendas [preauth]
May  8 13:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Failed password for invalid user vendas from 118.193.45.247 port 41930 ssh2
May  8 13:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Received disconnect from 118.193.45.247 port 41930:11: Bye Bye [preauth]
May  8 13:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18241]: Disconnected from 118.193.45.247 port 41930 [preauth]
May  8 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18254]: pam_unix(cron:session): session closed for user p13x
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18384]: Successful su for rubyman by root
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18384]: + ??? root:rubyman
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353473 of user rubyman.
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18384]: pam_unix(su:session): session closed for user rubyman
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353473.
May  8 13:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18252]: pam_unix(cron:session): session closed for user root
May  8 13:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15596]: pam_unix(cron:session): session closed for user root
May  8 13:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18255]: pam_unix(cron:session): session closed for user samftp
May  8 13:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17319]: pam_unix(cron:session): session closed for user root
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18759]: pam_unix(cron:session): session closed for user root
May  8 13:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18753]: pam_unix(cron:session): session closed for user p13x
May  8 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18835]: Successful su for rubyman by root
May  8 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18835]: + ??? root:rubyman
May  8 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18835]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353482 of user rubyman.
May  8 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18835]: pam_unix(su:session): session closed for user rubyman
May  8 13:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353482.
May  8 13:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18756]: pam_unix(cron:session): session closed for user root
May  8 13:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15997]: pam_unix(cron:session): session closed for user root
May  8 13:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18754]: pam_unix(cron:session): session closed for user samftp
May  8 13:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148  user=root
May  8 13:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Failed password for root from 101.36.117.148 port 55666 ssh2
May  8 13:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Received disconnect from 101.36.117.148 port 55666:11: Bye Bye [preauth]
May  8 13:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19087]: Disconnected from 101.36.117.148 port 55666 [preauth]
May  8 13:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17737]: pam_unix(cron:session): session closed for user root
May  8 13:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78  user=root
May  8 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19162]: Failed password for root from 61.160.106.78 port 35356 ssh2
May  8 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19162]: Received disconnect from 61.160.106.78 port 35356:11: Bye Bye [preauth]
May  8 13:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19162]: Disconnected from 61.160.106.78 port 35356 [preauth]
May  8 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19203]: pam_unix(cron:session): session closed for user p13x
May  8 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: Successful su for rubyman by root
May  8 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: + ??? root:rubyman
May  8 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353483 of user rubyman.
May  8 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19281]: pam_unix(su:session): session closed for user rubyman
May  8 13:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353483.
May  8 13:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16373]: pam_unix(cron:session): session closed for user root
May  8 13:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19204]: pam_unix(cron:session): session closed for user samftp
May  8 13:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18257]: pam_unix(cron:session): session closed for user root
May  8 13:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: Invalid user pk from 107.0.200.227
May  8 13:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: input_userauth_request: invalid user pk [preauth]
May  8 13:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 13:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: Failed password for invalid user pk from 107.0.200.227 port 45504 ssh2
May  8 13:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: Received disconnect from 107.0.200.227 port 45504:11: Bye Bye [preauth]
May  8 13:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19558]: Disconnected from 107.0.200.227 port 45504 [preauth]
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19629]: pam_unix(cron:session): session closed for user p13x
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: Successful su for rubyman by root
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: + ??? root:rubyman
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353488 of user rubyman.
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19701]: pam_unix(su:session): session closed for user rubyman
May  8 13:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353488.
May  8 13:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16860]: pam_unix(cron:session): session closed for user root
May  8 13:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19630]: pam_unix(cron:session): session closed for user samftp
May  8 13:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18758]: pam_unix(cron:session): session closed for user root
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20041]: pam_unix(cron:session): session closed for user p13x
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20106]: Successful su for rubyman by root
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20106]: + ??? root:rubyman
May  8 13:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353492 of user rubyman.
May  8 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20106]: pam_unix(su:session): session closed for user rubyman
May  8 13:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353492.
May  8 13:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17318]: pam_unix(cron:session): session closed for user root
May  8 13:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20042]: pam_unix(cron:session): session closed for user samftp
May  8 13:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Invalid user ubnt from 80.94.95.115
May  8 13:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: input_userauth_request: invalid user ubnt [preauth]
May  8 13:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Failed password for invalid user ubnt from 80.94.95.115 port 63530 ssh2
May  8 13:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20325]: Connection closed by 80.94.95.115 port 63530 [preauth]
May  8 13:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19206]: pam_unix(cron:session): session closed for user root
May  8 13:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Invalid user frappe from 118.193.45.247
May  8 13:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: input_userauth_request: invalid user frappe [preauth]
May  8 13:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20440]: pam_unix(cron:session): session closed for user p13x
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Failed password for invalid user frappe from 118.193.45.247 port 37836 ssh2
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: Successful su for rubyman by root
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: + ??? root:rubyman
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353495 of user rubyman.
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20506]: pam_unix(su:session): session closed for user rubyman
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353495.
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Received disconnect from 118.193.45.247 port 37836:11: Bye Bye [preauth]
May  8 13:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20437]: Disconnected from 118.193.45.247 port 37836 [preauth]
May  8 13:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17736]: pam_unix(cron:session): session closed for user root
May  8 13:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20441]: pam_unix(cron:session): session closed for user samftp
May  8 13:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19632]: pam_unix(cron:session): session closed for user root
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20860]: pam_unix(cron:session): session closed for user root
May  8 13:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session closed for user p13x
May  8 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: Successful su for rubyman by root
May  8 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: + ??? root:rubyman
May  8 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353503 of user rubyman.
May  8 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20936]: pam_unix(su:session): session closed for user rubyman
May  8 13:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353503.
May  8 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Invalid user sunny from 61.160.106.78
May  8 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: input_userauth_request: invalid user sunny [preauth]
May  8 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20857]: pam_unix(cron:session): session closed for user root
May  8 13:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18256]: pam_unix(cron:session): session closed for user root
May  8 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Failed password for invalid user sunny from 61.160.106.78 port 60614 ssh2
May  8 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Received disconnect from 61.160.106.78 port 60614:11: Bye Bye [preauth]
May  8 13:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20997]: Disconnected from 61.160.106.78 port 60614 [preauth]
May  8 13:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20854]: pam_unix(cron:session): session closed for user samftp
May  8 13:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Invalid user steam from 101.36.117.148
May  8 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: input_userauth_request: invalid user steam [preauth]
May  8 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 13:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Failed password for invalid user steam from 101.36.117.148 port 43112 ssh2
May  8 13:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Received disconnect from 101.36.117.148 port 43112:11: Bye Bye [preauth]
May  8 13:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21193]: Disconnected from 101.36.117.148 port 43112 [preauth]
May  8 13:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session closed for user root
May  8 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21336]: pam_unix(cron:session): session closed for user p13x
May  8 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21402]: Successful su for rubyman by root
May  8 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21402]: + ??? root:rubyman
May  8 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353505 of user rubyman.
May  8 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21402]: pam_unix(su:session): session closed for user rubyman
May  8 13:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353505.
May  8 13:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18757]: pam_unix(cron:session): session closed for user root
May  8 13:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21337]: pam_unix(cron:session): session closed for user samftp
May  8 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Failed password for root from 107.0.200.227 port 52652 ssh2
May  8 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Received disconnect from 107.0.200.227 port 52652:11: Bye Bye [preauth]
May  8 13:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21631]: Disconnected from 107.0.200.227 port 52652 [preauth]
May  8 13:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20443]: pam_unix(cron:session): session closed for user root
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21870]: pam_unix(cron:session): session closed for user p13x
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22118]: Successful su for rubyman by root
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22118]: + ??? root:rubyman
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353510 of user rubyman.
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22118]: pam_unix(su:session): session closed for user rubyman
May  8 13:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353510.
May  8 13:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19205]: pam_unix(cron:session): session closed for user root
May  8 13:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21872]: pam_unix(cron:session): session closed for user samftp
May  8 13:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20859]: pam_unix(cron:session): session closed for user root
May  8 13:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Invalid user admin from 80.94.95.112
May  8 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: input_userauth_request: invalid user admin [preauth]
May  8 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 13:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Failed password for invalid user admin from 80.94.95.112 port 41501 ssh2
May  8 13:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:47:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Failed password for invalid user admin from 80.94.95.112 port 41501 ssh2
May  8 13:47:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Failed password for invalid user admin from 80.94.95.112 port 41501 ssh2
May  8 13:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Failed password for invalid user admin from 80.94.95.112 port 41501 ssh2
May  8 13:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Failed password for invalid user admin from 80.94.95.112 port 41501 ssh2
May  8 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Received disconnect from 80.94.95.112 port 41501:11: Bye [preauth]
May  8 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: Disconnected from 80.94.95.112 port 41501 [preauth]
May  8 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 13:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22467]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22521]: pam_unix(cron:session): session closed for user p13x
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: Successful su for rubyman by root
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: + ??? root:rubyman
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353513 of user rubyman.
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: pam_unix(su:session): session closed for user rubyman
May  8 13:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353513.
May  8 13:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19631]: pam_unix(cron:session): session closed for user root
May  8 13:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22522]: pam_unix(cron:session): session closed for user samftp
May  8 13:48:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Invalid user m202 from 80.94.95.241
May  8 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: input_userauth_request: invalid user m202 [preauth]
May  8 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 13:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for invalid user m202 from 80.94.95.241 port 62130 ssh2
May  8 13:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for invalid user m202 from 80.94.95.241 port 62130 ssh2
May  8 13:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for invalid user m202 from 80.94.95.241 port 62130 ssh2
May  8 13:48:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for invalid user m202 from 80.94.95.241 port 62130 ssh2
May  8 13:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Failed password for invalid user m202 from 80.94.95.241 port 62130 ssh2
May  8 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Received disconnect from 80.94.95.241 port 62130:11: Bye [preauth]
May  8 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: Disconnected from 80.94.95.241 port 62130 [preauth]
May  8 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 13:48:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22802]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21339]: pam_unix(cron:session): session closed for user root
May  8 13:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Invalid user jane from 193.70.84.184
May  8 13:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: input_userauth_request: invalid user jane [preauth]
May  8 13:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 13:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Failed password for invalid user jane from 193.70.84.184 port 39016 ssh2
May  8 13:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Connection closed by 193.70.84.184 port 39016 [preauth]
May  8 13:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247  user=root
May  8 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Failed password for root from 118.193.45.247 port 33402 ssh2
May  8 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Received disconnect from 118.193.45.247 port 33402:11: Bye Bye [preauth]
May  8 13:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22993]: Disconnected from 118.193.45.247 port 33402 [preauth]
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23007]: pam_unix(cron:session): session closed for user p13x
May  8 13:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78  user=root
May  8 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: Successful su for rubyman by root
May  8 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: + ??? root:rubyman
May  8 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353519 of user rubyman.
May  8 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23067]: pam_unix(su:session): session closed for user rubyman
May  8 13:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353519.
May  8 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: Failed password for root from 61.160.106.78 port 57614 ssh2
May  8 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: Received disconnect from 61.160.106.78 port 57614:11: Bye Bye [preauth]
May  8 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23003]: Disconnected from 61.160.106.78 port 57614 [preauth]
May  8 13:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session closed for user root
May  8 13:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23008]: pam_unix(cron:session): session closed for user samftp
May  8 13:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21875]: pam_unix(cron:session): session closed for user root
May  8 13:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 13:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 218.92.0.206 port 26840 ssh2
May  8 13:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Invalid user admin from 80.94.95.125
May  8 13:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: input_userauth_request: invalid user admin [preauth]
May  8 13:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 13:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 218.92.0.206 port 26840 ssh2
May  8 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 80.94.95.125 port 29611 ssh2
May  8 13:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 218.92.0.206 port 26840 ssh2
May  8 13:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 80.94.95.125 port 29611 ssh2
May  8 13:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 80.94.95.125 port 29611 ssh2
May  8 13:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 218.92.0.206 port 26840 ssh2
May  8 13:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 80.94.95.125 port 29611 ssh2
May  8 13:49:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Failed password for root from 218.92.0.206 port 26840 ssh2
May  8 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 26840 ssh2 [preauth]
May  8 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: Disconnecting: Too many authentication failures [preauth]
May  8 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 13:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23459]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Failed password for invalid user admin from 80.94.95.125 port 29611 ssh2
May  8 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Received disconnect from 80.94.95.125 port 29611:11: Bye [preauth]
May  8 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: Disconnected from 80.94.95.125 port 29611 [preauth]
May  8 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 13:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23294]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 13:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 13:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for root from 218.92.0.206 port 42840 ssh2
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23520]: pam_unix(cron:session): session closed for user root
May  8 13:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23514]: pam_unix(cron:session): session closed for user p13x
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for root from 218.92.0.206 port 42840 ssh2
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: Successful su for rubyman by root
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: + ??? root:rubyman
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353521 of user rubyman.
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23581]: pam_unix(su:session): session closed for user rubyman
May  8 13:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353521.
May  8 13:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23516]: pam_unix(cron:session): session closed for user root
May  8 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for root from 218.92.0.206 port 42840 ssh2
May  8 13:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20442]: pam_unix(cron:session): session closed for user root
May  8 13:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23515]: pam_unix(cron:session): session closed for user samftp
May  8 13:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Failed password for root from 218.92.0.206 port 42840 ssh2
May  8 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 42840 ssh2]
May  8 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 42840 ssh2 [preauth]
May  8 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: Disconnecting: Too many authentication failures [preauth]
May  8 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 13:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23501]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 13:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 13:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Failed password for root from 218.92.0.206 port 52450 ssh2
May  8 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Invalid user user from 101.36.117.148
May  8 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: input_userauth_request: invalid user user [preauth]
May  8 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 13:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Received disconnect from 218.92.0.206 port 52450:11:  [preauth]
May  8 13:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23931]: Disconnected from 218.92.0.206 port 52450 [preauth]
May  8 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Failed password for invalid user user from 101.36.117.148 port 46416 ssh2
May  8 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Received disconnect from 101.36.117.148 port 46416:11: Bye Bye [preauth]
May  8 13:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23933]: Disconnected from 101.36.117.148 port 46416 [preauth]
May  8 13:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22524]: pam_unix(cron:session): session closed for user root
May  8 13:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 13:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Failed password for root from 107.0.200.227 port 59810 ssh2
May  8 13:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Received disconnect from 107.0.200.227 port 59810:11: Bye Bye [preauth]
May  8 13:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24058]: Disconnected from 107.0.200.227 port 59810 [preauth]
May  8 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24074]: pam_unix(cron:session): session closed for user p13x
May  8 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24140]: Successful su for rubyman by root
May  8 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24140]: + ??? root:rubyman
May  8 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353528 of user rubyman.
May  8 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24140]: pam_unix(su:session): session closed for user rubyman
May  8 13:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353528.
May  8 13:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20858]: pam_unix(cron:session): session closed for user root
May  8 13:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24075]: pam_unix(cron:session): session closed for user samftp
May  8 13:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23010]: pam_unix(cron:session): session closed for user root
May  8 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24514]: pam_unix(cron:session): session closed for user p13x
May  8 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24587]: Successful su for rubyman by root
May  8 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24587]: + ??? root:rubyman
May  8 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353532 of user rubyman.
May  8 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24587]: pam_unix(su:session): session closed for user rubyman
May  8 13:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353532.
May  8 13:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21338]: pam_unix(cron:session): session closed for user root
May  8 13:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24515]: pam_unix(cron:session): session closed for user samftp
May  8 13:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23519]: pam_unix(cron:session): session closed for user root
May  8 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24944]: pam_unix(cron:session): session closed for user p13x
May  8 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25006]: Successful su for rubyman by root
May  8 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25006]: + ??? root:rubyman
May  8 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25006]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353538 of user rubyman.
May  8 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25006]: pam_unix(su:session): session closed for user rubyman
May  8 13:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353538.
May  8 13:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21874]: pam_unix(cron:session): session closed for user root
May  8 13:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24945]: pam_unix(cron:session): session closed for user samftp
May  8 13:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: Invalid user admin from 61.160.106.78
May  8 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: input_userauth_request: invalid user admin [preauth]
May  8 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: Failed password for invalid user admin from 61.160.106.78 port 54658 ssh2
May  8 13:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: Received disconnect from 61.160.106.78 port 54658:11: Bye Bye [preauth]
May  8 13:53:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25192]: Disconnected from 61.160.106.78 port 54658 [preauth]
May  8 13:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Invalid user ubnt from 80.94.95.116
May  8 13:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: input_userauth_request: invalid user ubnt [preauth]
May  8 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 13:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Failed password for invalid user ubnt from 80.94.95.116 port 39258 ssh2
May  8 13:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25215]: Connection closed by 80.94.95.116 port 39258 [preauth]
May  8 13:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24077]: pam_unix(cron:session): session closed for user root
May  8 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25357]: pam_unix(cron:session): session closed for user p13x
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25423]: Successful su for rubyman by root
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25423]: + ??? root:rubyman
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353541 of user rubyman.
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25423]: pam_unix(su:session): session closed for user rubyman
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353541.
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: Invalid user data from 118.193.45.247
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: input_userauth_request: invalid user data [preauth]
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: Failed password for invalid user data from 118.193.45.247 port 47184 ssh2
May  8 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: Received disconnect from 118.193.45.247 port 47184:11: Bye Bye [preauth]
May  8 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25354]: Disconnected from 118.193.45.247 port 47184 [preauth]
May  8 13:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22523]: pam_unix(cron:session): session closed for user root
May  8 13:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25363]: pam_unix(cron:session): session closed for user samftp
May  8 13:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24517]: pam_unix(cron:session): session closed for user root
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25833]: pam_unix(cron:session): session closed for user root
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25823]: pam_unix(cron:session): session closed for user p13x
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: Successful su for rubyman by root
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: + ??? root:rubyman
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353546 of user rubyman.
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25911]: pam_unix(su:session): session closed for user rubyman
May  8 13:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353546.
May  8 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25828]: pam_unix(cron:session): session closed for user root
May  8 13:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23009]: pam_unix(cron:session): session closed for user root
May  8 13:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25826]: pam_unix(cron:session): session closed for user samftp
May  8 13:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148  user=root
May  8 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Failed password for root from 101.36.117.148 port 60460 ssh2
May  8 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Received disconnect from 101.36.117.148 port 60460:11: Bye Bye [preauth]
May  8 13:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26144]: Disconnected from 101.36.117.148 port 60460 [preauth]
May  8 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24947]: pam_unix(cron:session): session closed for user root
May  8 13:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Failed password for root from 107.0.200.227 port 38736 ssh2
May  8 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Received disconnect from 107.0.200.227 port 38736:11: Bye Bye [preauth]
May  8 13:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26216]: Disconnected from 107.0.200.227 port 38736 [preauth]
May  8 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26286]: pam_unix(cron:session): session closed for user p13x
May  8 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: Successful su for rubyman by root
May  8 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: + ??? root:rubyman
May  8 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353549 of user rubyman.
May  8 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26353]: pam_unix(su:session): session closed for user rubyman
May  8 13:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353549.
May  8 13:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23518]: pam_unix(cron:session): session closed for user root
May  8 13:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26287]: pam_unix(cron:session): session closed for user samftp
May  8 13:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25366]: pam_unix(cron:session): session closed for user root
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26775]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26774]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26774]: pam_unix(cron:session): session closed for user p13x
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26841]: Successful su for rubyman by root
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26841]: + ??? root:rubyman
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353555 of user rubyman.
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26841]: pam_unix(su:session): session closed for user rubyman
May  8 13:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353555.
May  8 13:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24076]: pam_unix(cron:session): session closed for user root
May  8 13:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26775]: pam_unix(cron:session): session closed for user samftp
May  8 13:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Invalid user dut from 61.160.106.78
May  8 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: input_userauth_request: invalid user dut [preauth]
May  8 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): check pass; user unknown
May  8 13:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 13:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Failed password for invalid user dut from 61.160.106.78 port 51680 ssh2
May  8 13:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Received disconnect from 61.160.106.78 port 51680:11: Bye Bye [preauth]
May  8 13:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27153]: Disconnected from 61.160.106.78 port 51680 [preauth]
May  8 13:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25832]: pam_unix(cron:session): session closed for user root
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27259]: pam_unix(cron:session): session closed for user p13x
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27327]: Successful su for rubyman by root
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27327]: + ??? root:rubyman
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27327]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353557 of user rubyman.
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27327]: pam_unix(su:session): session closed for user rubyman
May  8 13:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353557.
May  8 13:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24516]: pam_unix(cron:session): session closed for user root
May  8 13:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27260]: pam_unix(cron:session): session closed for user samftp
May  8 13:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26289]: pam_unix(cron:session): session closed for user root
May  8 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27727]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27726]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 13:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27726]: pam_unix(cron:session): session closed for user p13x
May  8 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: Successful su for rubyman by root
May  8 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: + ??? root:rubyman
May  8 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353562 of user rubyman.
May  8 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27789]: pam_unix(su:session): session closed for user rubyman
May  8 13:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353562.
May  8 13:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24946]: pam_unix(cron:session): session closed for user root
May  8 13:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247  user=root
May  8 13:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27727]: pam_unix(cron:session): session closed for user samftp
May  8 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Failed password for root from 118.193.45.247 port 48474 ssh2
May  8 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Received disconnect from 118.193.45.247 port 48474:11: Bye Bye [preauth]
May  8 13:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Disconnected from 118.193.45.247 port 48474 [preauth]
May  8 13:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26777]: pam_unix(cron:session): session closed for user root
May  8 13:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28141]: pam_unix(cron:session): session closed for user root
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28137]: pam_unix(cron:session): session closed for user root
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28135]: pam_unix(cron:session): session closed for user p13x
May  8 14:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: Successful su for rubyman by root
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: + ??? root:rubyman
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353565 of user rubyman.
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28238]: pam_unix(su:session): session closed for user rubyman
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353565.
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148  user=root
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Invalid user W from 195.178.110.50
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: input_userauth_request: invalid user W [preauth]
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Failed password for root from 101.36.117.148 port 46210 ssh2
May  8 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28138]: pam_unix(cron:session): session closed for user root
May  8 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Received disconnect from 101.36.117.148 port 46210:11: Bye Bye [preauth]
May  8 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28210]: Disconnected from 101.36.117.148 port 46210 [preauth]
May  8 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25365]: pam_unix(cron:session): session closed for user root
May  8 14:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Failed password for invalid user W from 195.178.110.50 port 17292 ssh2
May  8 14:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28136]: pam_unix(cron:session): session closed for user samftp
May  8 14:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28114]: Connection closed by 195.178.110.50 port 17292 [preauth]
May  8 14:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Invalid user ` from 195.178.110.50
May  8 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: input_userauth_request: invalid user ` [preauth]
May  8 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Failed password for invalid user ` from 195.178.110.50 port 3346 ssh2
May  8 14:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: Invalid user circleci from 107.0.200.227
May  8 14:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: input_userauth_request: invalid user circleci [preauth]
May  8 14:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 14:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28462]: Connection closed by 195.178.110.50 port 3346 [preauth]
May  8 14:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: Failed password for invalid user circleci from 107.0.200.227 port 45884 ssh2
May  8 14:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: Received disconnect from 107.0.200.227 port 45884:11: Bye Bye [preauth]
May  8 14:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28507]: Disconnected from 107.0.200.227 port 45884 [preauth]
May  8 14:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27262]: pam_unix(cron:session): session closed for user root
May  8 14:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: Invalid user i from 195.178.110.50
May  8 14:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: input_userauth_request: invalid user i [preauth]
May  8 14:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: Failed password for invalid user i from 195.178.110.50 port 46890 ssh2
May  8 14:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28531]: Connection closed by 195.178.110.50 port 46890 [preauth]
May  8 14:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Invalid user r from 195.178.110.50
May  8 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: input_userauth_request: invalid user r [preauth]
May  8 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28633]: Did not receive identification string from 172.212.201.77
May  8 14:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Failed password for invalid user r from 195.178.110.50 port 16400 ssh2
May  8 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session closed for user p13x
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28727]: Successful su for rubyman by root
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28727]: + ??? root:rubyman
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28727]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353572 of user rubyman.
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28727]: pam_unix(su:session): session closed for user rubyman
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353572.
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28623]: Connection closed by 195.178.110.50 port 16400 [preauth]
May  8 14:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25829]: pam_unix(cron:session): session closed for user root
May  8 14:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session closed for user samftp
May  8 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Invalid user { from 195.178.110.50
May  8 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: input_userauth_request: invalid user { [preauth]
May  8 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Failed password for invalid user { from 195.178.110.50 port 51252 ssh2
May  8 14:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28750]: Connection closed by 195.178.110.50 port 51252 [preauth]
May  8 14:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: Invalid user user1 from 61.160.106.78
May  8 14:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: input_userauth_request: invalid user user1 [preauth]
May  8 14:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 14:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: Failed password for invalid user user1 from 61.160.106.78 port 48724 ssh2
May  8 14:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: Received disconnect from 61.160.106.78 port 48724:11: Bye Bye [preauth]
May  8 14:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28955]: Disconnected from 61.160.106.78 port 48724 [preauth]
May  8 14:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27730]: pam_unix(cron:session): session closed for user root
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29160]: pam_unix(cron:session): session closed for user p13x
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: Successful su for rubyman by root
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: + ??? root:rubyman
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353577 of user rubyman.
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29229]: pam_unix(su:session): session closed for user rubyman
May  8 14:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353577.
May  8 14:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26288]: pam_unix(cron:session): session closed for user root
May  8 14:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29162]: pam_unix(cron:session): session closed for user samftp
May  8 14:02:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28140]: pam_unix(cron:session): session closed for user root
May  8 14:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Failed password for root from 80.94.95.125 port 21045 ssh2
May  8 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 21045 ssh2]
May  8 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Received disconnect from 80.94.95.125 port 21045:11: Bye [preauth]
May  8 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: Disconnected from 80.94.95.125 port 21045 [preauth]
May  8 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29466]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29583]: pam_unix(cron:session): session closed for user p13x
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: Successful su for rubyman by root
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: + ??? root:rubyman
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353580 of user rubyman.
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29645]: pam_unix(su:session): session closed for user rubyman
May  8 14:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353580.
May  8 14:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26776]: pam_unix(cron:session): session closed for user root
May  8 14:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29584]: pam_unix(cron:session): session closed for user samftp
May  8 14:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28661]: pam_unix(cron:session): session closed for user root
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29987]: pam_unix(cron:session): session closed for user p13x
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30046]: Successful su for rubyman by root
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30046]: + ??? root:rubyman
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30046]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353584 of user rubyman.
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30046]: pam_unix(su:session): session closed for user rubyman
May  8 14:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353584.
May  8 14:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27261]: pam_unix(cron:session): session closed for user root
May  8 14:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29988]: pam_unix(cron:session): session closed for user samftp
May  8 14:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247  user=root
May  8 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Failed password for root from 118.193.45.247 port 57610 ssh2
May  8 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Received disconnect from 118.193.45.247 port 57610:11: Bye Bye [preauth]
May  8 14:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30236]: Disconnected from 118.193.45.247 port 57610 [preauth]
May  8 14:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29164]: pam_unix(cron:session): session closed for user root
May  8 14:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: Invalid user mobile from 101.36.117.148
May  8 14:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: input_userauth_request: invalid user mobile [preauth]
May  8 14:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 14:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: Failed password for invalid user mobile from 101.36.117.148 port 53302 ssh2
May  8 14:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: Received disconnect from 101.36.117.148 port 53302:11: Bye Bye [preauth]
May  8 14:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30369]: Disconnected from 101.36.117.148 port 53302 [preauth]
May  8 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Failed password for root from 107.0.200.227 port 53038 ssh2
May  8 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Received disconnect from 107.0.200.227 port 53038:11: Bye Bye [preauth]
May  8 14:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30371]: Disconnected from 107.0.200.227 port 53038 [preauth]
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30388]: pam_unix(cron:session): session closed for user root
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30383]: pam_unix(cron:session): session closed for user p13x
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: Successful su for rubyman by root
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: + ??? root:rubyman
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353592 of user rubyman.
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30453]: pam_unix(su:session): session closed for user rubyman
May  8 14:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353592.
May  8 14:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30385]: pam_unix(cron:session): session closed for user root
May  8 14:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27729]: pam_unix(cron:session): session closed for user root
May  8 14:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30384]: pam_unix(cron:session): session closed for user samftp
May  8 14:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Invalid user scm from 61.160.106.78
May  8 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: input_userauth_request: invalid user scm [preauth]
May  8 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.106.78
May  8 14:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Failed password for invalid user scm from 61.160.106.78 port 45728 ssh2
May  8 14:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Received disconnect from 61.160.106.78 port 45728:11: Bye Bye [preauth]
May  8 14:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30700]: Disconnected from 61.160.106.78 port 45728 [preauth]
May  8 14:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29586]: pam_unix(cron:session): session closed for user root
May  8 14:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30817]: pam_unix(cron:session): session closed for user p13x
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: Successful su for rubyman by root
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: + ??? root:rubyman
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353594 of user rubyman.
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30888]: pam_unix(su:session): session closed for user rubyman
May  8 14:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353594.
May  8 14:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28139]: pam_unix(cron:session): session closed for user root
May  8 14:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30819]: pam_unix(cron:session): session closed for user samftp
May  8 14:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29990]: pam_unix(cron:session): session closed for user root
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31326]: pam_unix(cron:session): session closed for user p13x
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: Successful su for rubyman by root
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: + ??? root:rubyman
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353598 of user rubyman.
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31388]: pam_unix(su:session): session closed for user rubyman
May  8 14:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353598.
May  8 14:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28660]: pam_unix(cron:session): session closed for user root
May  8 14:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31327]: pam_unix(cron:session): session closed for user samftp
May  8 14:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Invalid user user from 85.208.84.4
May  8 14:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: input_userauth_request: invalid user user [preauth]
May  8 14:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 14:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Failed password for invalid user user from 85.208.84.4 port 60156 ssh2
May  8 14:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Connection closed by 85.208.84.4 port 60156 [preauth]
May  8 14:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30387]: pam_unix(cron:session): session closed for user root
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31755]: pam_unix(cron:session): session closed for user p13x
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31817]: Successful su for rubyman by root
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31817]: + ??? root:rubyman
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31817]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353605 of user rubyman.
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31817]: pam_unix(su:session): session closed for user rubyman
May  8 14:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353605.
May  8 14:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29163]: pam_unix(cron:session): session closed for user root
May  8 14:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31756]: pam_unix(cron:session): session closed for user samftp
May  8 14:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30821]: pam_unix(cron:session): session closed for user root
May  8 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32475]: pam_unix(cron:session): session closed for user p13x
May  8 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: Successful su for rubyman by root
May  8 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: + ??? root:rubyman
May  8 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353609 of user rubyman.
May  8 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32622]: pam_unix(su:session): session closed for user rubyman
May  8 14:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353609.
May  8 14:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32473]: pam_unix(cron:session): session closed for user root
May  8 14:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29585]: pam_unix(cron:session): session closed for user root
May  8 14:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32476]: pam_unix(cron:session): session closed for user samftp
May  8 14:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Invalid user souken from 118.193.45.247
May  8 14:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: input_userauth_request: invalid user souken [preauth]
May  8 14:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 14:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Failed password for invalid user souken from 118.193.45.247 port 35620 ssh2
May  8 14:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Received disconnect from 118.193.45.247 port 35620:11: Bye Bye [preauth]
May  8 14:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[568]: Disconnected from 118.193.45.247 port 35620 [preauth]
May  8 14:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31329]: pam_unix(cron:session): session closed for user root
May  8 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[639]: Failed password for root from 107.0.200.227 port 60196 ssh2
May  8 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[639]: Received disconnect from 107.0.200.227 port 60196:11: Bye Bye [preauth]
May  8 14:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[639]: Disconnected from 107.0.200.227 port 60196 [preauth]
May  8 14:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Invalid user support from 80.94.95.125
May  8 14:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: input_userauth_request: invalid user support [preauth]
May  8 14:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Failed password for invalid user support from 80.94.95.125 port 10822 ssh2
May  8 14:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Failed password for invalid user support from 80.94.95.125 port 10822 ssh2
May  8 14:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Failed password for invalid user support from 80.94.95.125 port 10822 ssh2
May  8 14:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Failed password for invalid user support from 80.94.95.125 port 10822 ssh2
May  8 14:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148  user=root
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Failed password for invalid user support from 80.94.95.125 port 10822 ssh2
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[722]: pam_unix(cron:session): session closed for user root
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[717]: pam_unix(cron:session): session closed for user p13x
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Received disconnect from 80.94.95.125 port 10822:11: Bye [preauth]
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: Disconnected from 80.94.95.125 port 10822 [preauth]
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[687]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[796]: Successful su for rubyman by root
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[796]: + ??? root:rubyman
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[796]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353613 of user rubyman.
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[796]: pam_unix(su:session): session closed for user rubyman
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353613.
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: Failed password for root from 101.36.117.148 port 57450 ssh2
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: Received disconnect from 101.36.117.148 port 57450:11: Bye Bye [preauth]
May  8 14:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[704]: Disconnected from 101.36.117.148 port 57450 [preauth]
May  8 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[719]: pam_unix(cron:session): session closed for user root
May  8 14:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29989]: pam_unix(cron:session): session closed for user root
May  8 14:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[718]: pam_unix(cron:session): session closed for user samftp
May  8 14:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session closed for user root
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1226]: pam_unix(cron:session): session closed for user p13x
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1313]: Successful su for rubyman by root
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1313]: + ??? root:rubyman
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353617 of user rubyman.
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1313]: pam_unix(su:session): session closed for user rubyman
May  8 14:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353617.
May  8 14:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Invalid user ec2-user from 125.18.49.130
May  8 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: input_userauth_request: invalid user ec2-user [preauth]
May  8 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 14:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30386]: pam_unix(cron:session): session closed for user root
May  8 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Failed password for invalid user ec2-user from 125.18.49.130 port 40492 ssh2
May  8 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1227]: pam_unix(cron:session): session closed for user samftp
May  8 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Received disconnect from 125.18.49.130 port 40492:11: Bye Bye [preauth]
May  8 14:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1425]: Disconnected from 125.18.49.130 port 40492 [preauth]
May  8 14:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32479]: pam_unix(cron:session): session closed for user root
May  8 14:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Invalid user user from 80.94.95.125
May  8 14:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: input_userauth_request: invalid user user [preauth]
May  8 14:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1714]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1713]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1713]: pam_unix(cron:session): session closed for user p13x
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1792]: Successful su for rubyman by root
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1792]: + ??? root:rubyman
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353621 of user rubyman.
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1792]: pam_unix(su:session): session closed for user rubyman
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353621.
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user user from 80.94.95.125 port 12725 ssh2
May  8 14:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user user from 80.94.95.125 port 12725 ssh2
May  8 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30820]: pam_unix(cron:session): session closed for user root
May  8 14:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1714]: pam_unix(cron:session): session closed for user samftp
May  8 14:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user user from 80.94.95.125 port 12725 ssh2
May  8 14:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user user from 80.94.95.125 port 12725 ssh2
May  8 14:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Failed password for invalid user user from 80.94.95.125 port 12725 ssh2
May  8 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Received disconnect from 80.94.95.125 port 12725:11: Bye [preauth]
May  8 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: Disconnected from 80.94.95.125 port 12725 [preauth]
May  8 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1710]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[721]: pam_unix(cron:session): session closed for user root
May  8 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2229]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2229]: pam_unix(cron:session): session closed for user p13x
May  8 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2291]: Successful su for rubyman by root
May  8 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2291]: + ??? root:rubyman
May  8 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353626 of user rubyman.
May  8 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2291]: pam_unix(su:session): session closed for user rubyman
May  8 14:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353626.
May  8 14:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31328]: pam_unix(cron:session): session closed for user root
May  8 14:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2230]: pam_unix(cron:session): session closed for user samftp
May  8 14:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1230]: pam_unix(cron:session): session closed for user root
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2666]: pam_unix(cron:session): session closed for user p13x
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2741]: Successful su for rubyman by root
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2741]: + ??? root:rubyman
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353631 of user rubyman.
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2741]: pam_unix(su:session): session closed for user rubyman
May  8 14:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353631.
May  8 14:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31757]: pam_unix(cron:session): session closed for user root
May  8 14:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2667]: pam_unix(cron:session): session closed for user samftp
May  8 14:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227  user=root
May  8 14:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Failed password for root from 107.0.200.227 port 39122 ssh2
May  8 14:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Received disconnect from 107.0.200.227 port 39122:11: Bye Bye [preauth]
May  8 14:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2946]: Disconnected from 107.0.200.227 port 39122 [preauth]
May  8 14:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Invalid user git from 118.193.45.247
May  8 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: input_userauth_request: invalid user git [preauth]
May  8 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Failed password for invalid user git from 118.193.45.247 port 59382 ssh2
May  8 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Received disconnect from 118.193.45.247 port 59382:11: Bye Bye [preauth]
May  8 14:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3003]: Disconnected from 118.193.45.247 port 59382 [preauth]
May  8 14:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1716]: pam_unix(cron:session): session closed for user root
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3097]: pam_unix(cron:session): session closed for user root
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session closed for user p13x
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3166]: Successful su for rubyman by root
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3166]: + ??? root:rubyman
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353633 of user rubyman.
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3166]: pam_unix(su:session): session closed for user rubyman
May  8 14:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353633.
May  8 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Invalid user mailuser from 101.36.117.148
May  8 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: input_userauth_request: invalid user mailuser [preauth]
May  8 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3094]: pam_unix(cron:session): session closed for user root
May  8 14:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Failed password for invalid user mailuser from 101.36.117.148 port 59166 ssh2
May  8 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Received disconnect from 101.36.117.148 port 59166:11: Bye Bye [preauth]
May  8 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3164]: Disconnected from 101.36.117.148 port 59166 [preauth]
May  8 14:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32477]: pam_unix(cron:session): session closed for user root
May  8 14:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user samftp
May  8 14:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2232]: pam_unix(cron:session): session closed for user root
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3552]: pam_unix(cron:session): session closed for user p13x
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3649]: Successful su for rubyman by root
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3649]: + ??? root:rubyman
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3649]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353639 of user rubyman.
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3649]: pam_unix(su:session): session closed for user rubyman
May  8 14:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353639.
May  8 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[720]: pam_unix(cron:session): session closed for user root
May  8 14:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3554]: pam_unix(cron:session): session closed for user samftp
May  8 14:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2669]: pam_unix(cron:session): session closed for user root
May  8 14:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: Invalid user username from 85.208.84.134
May  8 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: input_userauth_request: invalid user username [preauth]
May  8 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: Failed password for invalid user username from 85.208.84.134 port 33378 ssh2
May  8 14:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3943]: Connection closed by 85.208.84.134 port 33378 [preauth]
May  8 14:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4019]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4020]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4017]: pam_unix(cron:session): session closed for user root
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4019]: pam_unix(cron:session): session closed for user p13x
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4089]: Successful su for rubyman by root
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4089]: + ??? root:rubyman
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353643 of user rubyman.
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4089]: pam_unix(su:session): session closed for user rubyman
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353643.
May  8 14:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 80.94.95.125 port 22376 ssh2
May  8 14:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1229]: pam_unix(cron:session): session closed for user root
May  8 14:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 80.94.95.125 port 22376 ssh2
May  8 14:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4020]: pam_unix(cron:session): session closed for user samftp
May  8 14:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Failed password for root from 80.94.95.125 port 22376 ssh2
May  8 14:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 22376 ssh2]
May  8 14:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Received disconnect from 80.94.95.125 port 22376:11: Bye [preauth]
May  8 14:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: Disconnected from 80.94.95.125 port 22376 [preauth]
May  8 14:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4015]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3096]: pam_unix(cron:session): session closed for user root
May  8 14:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 14:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: Invalid user teste from 85.208.84.5
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: input_userauth_request: invalid user teste [preauth]
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Failed password for root from 164.68.105.9 port 54578 ssh2
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4569]: Connection closed by 164.68.105.9 port 54578 [preauth]
May  8 14:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 14:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: Failed password for invalid user teste from 85.208.84.5 port 57380 ssh2
May  8 14:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4571]: Connection closed by 85.208.84.5 port 57380 [preauth]
May  8 14:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Failed password for root from 125.18.49.130 port 40512 ssh2
May  8 14:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Received disconnect from 125.18.49.130 port 40512:11: Bye Bye [preauth]
May  8 14:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Disconnected from 125.18.49.130 port 40512 [preauth]
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4606]: pam_unix(cron:session): session closed for user p13x
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4666]: Successful su for rubyman by root
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4666]: + ??? root:rubyman
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353649 of user rubyman.
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4666]: pam_unix(su:session): session closed for user rubyman
May  8 14:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353649.
May  8 14:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1715]: pam_unix(cron:session): session closed for user root
May  8 14:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4607]: pam_unix(cron:session): session closed for user samftp
May  8 14:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3556]: pam_unix(cron:session): session closed for user root
May  8 14:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Invalid user  from 80.94.95.125
May  8 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: input_userauth_request: invalid user  [preauth]
May  8 14:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed none for invalid user  from 80.94.95.125 port 26187 ssh2
May  8 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user  from 80.94.95.125 port 26187 ssh2
May  8 14:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user  from 80.94.95.125 port 26187 ssh2
May  8 14:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user  from 80.94.95.125 port 26187 ssh2
May  8 14:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5210]: pam_unix(cron:session): session closed for user p13x
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5281]: Successful su for rubyman by root
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5281]: + ??? root:rubyman
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353652 of user rubyman.
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5281]: pam_unix(su:session): session closed for user rubyman
May  8 14:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353652.
May  8 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Failed password for invalid user  from 80.94.95.125 port 26187 ssh2
May  8 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Received disconnect from 80.94.95.125 port 26187:11: Bye [preauth]
May  8 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: Disconnected from 80.94.95.125 port 26187 [preauth]
May  8 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5185]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 14:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2231]: pam_unix(cron:session): session closed for user root
May  8 14:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5212]: pam_unix(cron:session): session closed for user samftp
May  8 14:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Invalid user admin from 118.193.45.247
May  8 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: input_userauth_request: invalid user admin [preauth]
May  8 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Failed password for invalid user admin from 118.193.45.247 port 40710 ssh2
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Received disconnect from 118.193.45.247 port 40710:11: Bye Bye [preauth]
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5521]: Disconnected from 118.193.45.247 port 40710 [preauth]
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Invalid user ftpmedia from 107.0.200.227
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: input_userauth_request: invalid user ftpmedia [preauth]
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.0.200.227
May  8 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Failed password for invalid user ftpmedia from 107.0.200.227 port 46268 ssh2
May  8 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Received disconnect from 107.0.200.227 port 46268:11: Bye Bye [preauth]
May  8 14:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5523]: Disconnected from 107.0.200.227 port 46268 [preauth]
May  8 14:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4022]: pam_unix(cron:session): session closed for user root
May  8 14:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Invalid user wq from 101.36.117.148
May  8 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: input_userauth_request: invalid user wq [preauth]
May  8 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Failed password for invalid user wq from 101.36.117.148 port 51074 ssh2
May  8 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Received disconnect from 101.36.117.148 port 51074:11: Bye Bye [preauth]
May  8 14:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5674]: Disconnected from 101.36.117.148 port 51074 [preauth]
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5692]: pam_unix(cron:session): session closed for user root
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5686]: pam_unix(cron:session): session closed for user p13x
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: Successful su for rubyman by root
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: + ??? root:rubyman
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353661 of user rubyman.
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5761]: pam_unix(su:session): session closed for user rubyman
May  8 14:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353661.
May  8 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2668]: pam_unix(cron:session): session closed for user root
May  8 14:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5689]: pam_unix(cron:session): session closed for user root
May  8 14:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5688]: pam_unix(cron:session): session closed for user samftp
May  8 14:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4609]: pam_unix(cron:session): session closed for user root
May  8 14:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Invalid user 1234 from 80.94.95.125
May  8 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: input_userauth_request: invalid user 1234 [preauth]
May  8 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user 1234 from 80.94.95.125 port 22279 ssh2
May  8 14:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6235]: pam_unix(cron:session): session closed for user p13x
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: Successful su for rubyman by root
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: + ??? root:rubyman
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353663 of user rubyman.
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6305]: pam_unix(su:session): session closed for user rubyman
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353663.
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user 1234 from 80.94.95.125 port 22279 ssh2
May  8 14:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user 1234 from 80.94.95.125 port 22279 ssh2
May  8 14:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3095]: pam_unix(cron:session): session closed for user root
May  8 14:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user 1234 from 80.94.95.125 port 22279 ssh2
May  8 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6236]: pam_unix(cron:session): session closed for user samftp
May  8 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user 1234 from 80.94.95.125 port 22279 ssh2
May  8 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Received disconnect from 80.94.95.125 port 22279:11: Bye [preauth]
May  8 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Disconnected from 80.94.95.125 port 22279 [preauth]
May  8 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5214]: pam_unix(cron:session): session closed for user root
May  8 14:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 14:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 218.92.0.210 port 10668 ssh2
May  8 14:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Invalid user admin from 80.94.95.112
May  8 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: input_userauth_request: invalid user admin [preauth]
May  8 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 14:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 218.92.0.210 port 10668 ssh2
May  8 14:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Failed password for invalid user admin from 80.94.95.112 port 9027 ssh2
May  8 14:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Failed password for invalid user admin from 80.94.95.112 port 9027 ssh2
May  8 14:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 218.92.0.210 port 10668 ssh2
May  8 14:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Failed password for invalid user admin from 80.94.95.112 port 9027 ssh2
May  8 14:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 218.92.0.210 port 10668 ssh2
May  8 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Failed password for invalid user admin from 80.94.95.112 port 9027 ssh2
May  8 14:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Failed password for root from 218.92.0.210 port 10668 ssh2
May  8 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 10668 ssh2 [preauth]
May  8 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: Disconnecting: Too many authentication failures [preauth]
May  8 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6585]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Failed password for invalid user admin from 80.94.95.112 port 9027 ssh2
May  8 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Received disconnect from 80.94.95.112 port 9027:11: Bye [preauth]
May  8 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: Disconnected from 80.94.95.112 port 9027 [preauth]
May  8 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 14:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6666]: pam_unix(cron:session): session closed for user p13x
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: Successful su for rubyman by root
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: + ??? root:rubyman
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353666 of user rubyman.
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6729]: pam_unix(su:session): session closed for user rubyman
May  8 14:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353666.
May  8 14:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3555]: pam_unix(cron:session): session closed for user root
May  8 14:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6667]: pam_unix(cron:session): session closed for user samftp
May  8 14:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 14:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Failed password for root from 218.92.0.210 port 9714 ssh2
May  8 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: message repeated 5 times: [ Failed password for root from 218.92.0.210 port 9714 ssh2]
May  8 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 9714 ssh2 [preauth]
May  8 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: Disconnecting: Too many authentication failures [preauth]
May  8 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 14:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7014]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 14:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5691]: pam_unix(cron:session): session closed for user root
May  8 14:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 14:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Failed password for root from 218.92.0.210 port 18252 ssh2
May  8 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Received disconnect from 218.92.0.210 port 18252:11:  [preauth]
May  8 14:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7153]: Disconnected from 218.92.0.210 port 18252 [preauth]
May  8 14:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Invalid user adm from 80.94.95.125
May  8 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: input_userauth_request: invalid user adm [preauth]
May  8 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed password for invalid user adm from 80.94.95.125 port 25839 ssh2
May  8 14:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed password for invalid user adm from 80.94.95.125 port 25839 ssh2
May  8 14:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7186]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7188]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7187]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7185]: pam_unix(cron:session): session closed for user p13x
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: Successful su for rubyman by root
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: + ??? root:rubyman
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353671 of user rubyman.
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7250]: pam_unix(su:session): session closed for user rubyman
May  8 14:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353671.
May  8 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed password for invalid user adm from 80.94.95.125 port 25839 ssh2
May  8 14:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4021]: pam_unix(cron:session): session closed for user root
May  8 14:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed password for invalid user adm from 80.94.95.125 port 25839 ssh2
May  8 14:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7186]: pam_unix(cron:session): session closed for user samftp
May  8 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Failed password for invalid user adm from 80.94.95.125 port 25839 ssh2
May  8 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Received disconnect from 80.94.95.125 port 25839:11: Bye [preauth]
May  8 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: Disconnected from 80.94.95.125 port 25839 [preauth]
May  8 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7173]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Invalid user ubuntu from 125.18.49.130
May  8 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: input_userauth_request: invalid user ubuntu [preauth]
May  8 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Failed password for invalid user ubuntu from 125.18.49.130 port 40526 ssh2
May  8 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Received disconnect from 125.18.49.130 port 40526:11: Bye Bye [preauth]
May  8 14:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7434]: Disconnected from 125.18.49.130 port 40526 [preauth]
May  8 14:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6238]: pam_unix(cron:session): session closed for user root
May  8 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7688]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7687]: pam_unix(cron:session): session closed for user p13x
May  8 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7763]: Successful su for rubyman by root
May  8 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7763]: + ??? root:rubyman
May  8 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353675 of user rubyman.
May  8 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7763]: pam_unix(su:session): session closed for user rubyman
May  8 14:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353675.
May  8 14:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4608]: pam_unix(cron:session): session closed for user root
May  8 14:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7688]: pam_unix(cron:session): session closed for user samftp
May  8 14:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: Invalid user user1 from 118.193.45.247
May  8 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: input_userauth_request: invalid user user1 [preauth]
May  8 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.193.45.247
May  8 14:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: Failed password for invalid user user1 from 118.193.45.247 port 53240 ssh2
May  8 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: Received disconnect from 118.193.45.247 port 53240:11: Bye Bye [preauth]
May  8 14:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7988]: Disconnected from 118.193.45.247 port 53240 [preauth]
May  8 14:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6669]: pam_unix(cron:session): session closed for user root
May  8 14:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Invalid user admin from 80.94.95.125
May  8 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: input_userauth_request: invalid user admin [preauth]
May  8 14:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed none for invalid user admin from 80.94.95.125 port 43952 ssh2
May  8 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Invalid user admin01 from 101.36.117.148
May  8 14:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: input_userauth_request: invalid user admin01 [preauth]
May  8 14:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user admin from 80.94.95.125 port 43952 ssh2
May  8 14:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Failed password for invalid user admin01 from 101.36.117.148 port 58668 ssh2
May  8 14:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Received disconnect from 101.36.117.148 port 58668:11: Bye Bye [preauth]
May  8 14:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8080]: Disconnected from 101.36.117.148 port 58668 [preauth]
May  8 14:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user admin from 80.94.95.125 port 43952 ssh2
May  8 14:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user admin from 80.94.95.125 port 43952 ssh2
May  8 14:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Failed password for invalid user admin from 80.94.95.125 port 43952 ssh2
May  8 14:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Received disconnect from 80.94.95.125 port 43952:11: Bye [preauth]
May  8 14:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: Disconnected from 80.94.95.125 port 43952 [preauth]
May  8 14:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8063]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8126]: pam_unix(cron:session): session closed for user root
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8116]: pam_unix(cron:session): session closed for user p13x
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: Successful su for rubyman by root
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: + ??? root:rubyman
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353678 of user rubyman.
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8205]: pam_unix(su:session): session closed for user rubyman
May  8 14:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353678.
May  8 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8123]: pam_unix(cron:session): session closed for user root
May  8 14:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5213]: pam_unix(cron:session): session closed for user root
May  8 14:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8122]: pam_unix(cron:session): session closed for user samftp
May  8 14:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7188]: pam_unix(cron:session): session closed for user root
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8617]: pam_unix(cron:session): session closed for user p13x
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: Successful su for rubyman by root
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: + ??? root:rubyman
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353685 of user rubyman.
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8692]: pam_unix(su:session): session closed for user rubyman
May  8 14:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353685.
May  8 14:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5690]: pam_unix(cron:session): session closed for user root
May  8 14:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8618]: pam_unix(cron:session): session closed for user samftp
May  8 14:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7690]: pam_unix(cron:session): session closed for user root
May  8 14:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Invalid user admin from 80.94.95.125
May  8 14:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: input_userauth_request: invalid user admin [preauth]
May  8 14:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user admin from 80.94.95.125 port 43844 ssh2
May  8 14:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user admin from 80.94.95.125 port 43844 ssh2
May  8 14:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user admin from 80.94.95.125 port 43844 ssh2
May  8 14:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user admin from 80.94.95.125 port 43844 ssh2
May  8 14:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Failed password for invalid user admin from 80.94.95.125 port 43844 ssh2
May  8 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Received disconnect from 80.94.95.125 port 43844:11: Bye [preauth]
May  8 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: Disconnected from 80.94.95.125 port 43844 [preauth]
May  8 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9006]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9085]: pam_unix(cron:session): session closed for user p13x
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: Successful su for rubyman by root
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: + ??? root:rubyman
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353688 of user rubyman.
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9235]: pam_unix(su:session): session closed for user rubyman
May  8 14:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353688.
May  8 14:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6237]: pam_unix(cron:session): session closed for user root
May  8 14:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9086]: pam_unix(cron:session): session closed for user samftp
May  8 14:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8125]: pam_unix(cron:session): session closed for user root
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9615]: pam_unix(cron:session): session closed for user p13x
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: Successful su for rubyman by root
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: + ??? root:rubyman
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353692 of user rubyman.
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9679]: pam_unix(su:session): session closed for user rubyman
May  8 14:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353692.
May  8 14:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6668]: pam_unix(cron:session): session closed for user root
May  8 14:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9616]: pam_unix(cron:session): session closed for user samftp
May  8 14:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Invalid user anik from 175.6.36.108
May  8 14:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: input_userauth_request: invalid user anik [preauth]
May  8 14:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 14:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Failed password for invalid user anik from 175.6.36.108 port 57204 ssh2
May  8 14:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Received disconnect from 175.6.36.108 port 57204:11: Bye Bye [preauth]
May  8 14:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9877]: Disconnected from 175.6.36.108 port 57204 [preauth]
May  8 14:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8621]: pam_unix(cron:session): session closed for user root
May  8 14:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Invalid user trade from 125.18.49.130
May  8 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: input_userauth_request: invalid user trade [preauth]
May  8 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Invalid user admin from 80.94.95.125
May  8 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: input_userauth_request: invalid user admin [preauth]
May  8 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Failed password for invalid user trade from 125.18.49.130 port 40540 ssh2
May  8 14:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Received disconnect from 125.18.49.130 port 40540:11: Bye Bye [preauth]
May  8 14:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9981]: Disconnected from 125.18.49.130 port 40540 [preauth]
May  8 14:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Failed password for invalid user admin from 80.94.95.125 port 42493 ssh2
May  8 14:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Failed password for invalid user admin from 80.94.95.125 port 42493 ssh2
May  8 14:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Failed password for invalid user admin from 80.94.95.125 port 42493 ssh2
May  8 14:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Failed password for invalid user admin from 80.94.95.125 port 42493 ssh2
May  8 14:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Failed password for invalid user admin from 80.94.95.125 port 42493 ssh2
May  8 14:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Received disconnect from 80.94.95.125 port 42493:11: Bye [preauth]
May  8 14:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: Disconnected from 80.94.95.125 port 42493 [preauth]
May  8 14:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9991]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session closed for user p13x
May  8 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10105]: Successful su for rubyman by root
May  8 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10105]: + ??? root:rubyman
May  8 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353696 of user rubyman.
May  8 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10105]: pam_unix(su:session): session closed for user rubyman
May  8 14:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353696.
May  8 14:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7187]: pam_unix(cron:session): session closed for user root
May  8 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10042]: pam_unix(cron:session): session closed for user samftp
May  8 14:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Invalid user teste from 194.0.234.19
May  8 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: input_userauth_request: invalid user teste [preauth]
May  8 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 14:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Failed password for invalid user teste from 194.0.234.19 port 58950 ssh2
May  8 14:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10377]: Connection closed by 194.0.234.19 port 58950 [preauth]
May  8 14:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9088]: pam_unix(cron:session): session closed for user root
May  8 14:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Invalid user niranjan from 101.36.117.148
May  8 14:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: input_userauth_request: invalid user niranjan [preauth]
May  8 14:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Failed password for invalid user niranjan from 101.36.117.148 port 48036 ssh2
May  8 14:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Received disconnect from 101.36.117.148 port 48036:11: Bye Bye [preauth]
May  8 14:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Disconnected from 101.36.117.148 port 48036 [preauth]
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10574]: pam_unix(cron:session): session closed for user root
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10569]: pam_unix(cron:session): session closed for user p13x
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10671]: Successful su for rubyman by root
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10671]: + ??? root:rubyman
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353703 of user rubyman.
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10671]: pam_unix(su:session): session closed for user rubyman
May  8 14:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353703.
May  8 14:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10571]: pam_unix(cron:session): session closed for user root
May  8 14:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7689]: pam_unix(cron:session): session closed for user root
May  8 14:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10570]: pam_unix(cron:session): session closed for user samftp
May  8 14:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9618]: pam_unix(cron:session): session closed for user root
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11074]: pam_unix(cron:session): session closed for user p13x
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11150]: Successful su for rubyman by root
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11150]: + ??? root:rubyman
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11150]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353708 of user rubyman.
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11150]: pam_unix(su:session): session closed for user rubyman
May  8 14:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353708.
May  8 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8124]: pam_unix(cron:session): session closed for user root
May  8 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Invalid user admin from 80.94.95.125
May  8 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: input_userauth_request: invalid user admin [preauth]
May  8 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11075]: pam_unix(cron:session): session closed for user samftp
May  8 14:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Failed password for invalid user admin from 80.94.95.125 port 56080 ssh2
May  8 14:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Failed password for invalid user admin from 80.94.95.125 port 56080 ssh2
May  8 14:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Failed password for invalid user admin from 80.94.95.125 port 56080 ssh2
May  8 14:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Failed password for invalid user admin from 80.94.95.125 port 56080 ssh2
May  8 14:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Failed password for invalid user admin from 80.94.95.125 port 56080 ssh2
May  8 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Received disconnect from 80.94.95.125 port 56080:11: Bye [preauth]
May  8 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: Disconnected from 80.94.95.125 port 56080 [preauth]
May  8 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10974]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10044]: pam_unix(cron:session): session closed for user root
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11477]: pam_unix(cron:session): session closed for user p13x
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11544]: Successful su for rubyman by root
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11544]: + ??? root:rubyman
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353710 of user rubyman.
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11544]: pam_unix(su:session): session closed for user rubyman
May  8 14:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353710.
May  8 14:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8620]: pam_unix(cron:session): session closed for user root
May  8 14:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11478]: pam_unix(cron:session): session closed for user samftp
May  8 14:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10573]: pam_unix(cron:session): session closed for user root
May  8 14:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session closed for user p13x
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: Successful su for rubyman by root
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: + ??? root:rubyman
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353716 of user rubyman.
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: pam_unix(su:session): session closed for user rubyman
May  8 14:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353716.
May  8 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Invalid user admin from 80.94.95.125
May  8 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: input_userauth_request: invalid user admin [preauth]
May  8 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user admin from 80.94.95.125 port 41047 ssh2
May  8 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9087]: pam_unix(cron:session): session closed for user root
May  8 14:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11880]: pam_unix(cron:session): session closed for user samftp
May  8 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user admin from 80.94.95.125 port 41047 ssh2
May  8 14:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user admin from 80.94.95.125 port 41047 ssh2
May  8 14:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user admin from 80.94.95.125 port 41047 ssh2
May  8 14:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Failed password for invalid user admin from 80.94.95.125 port 41047 ssh2
May  8 14:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Received disconnect from 80.94.95.125 port 41047:11: Bye [preauth]
May  8 14:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: Disconnected from 80.94.95.125 port 41047 [preauth]
May  8 14:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11876]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11078]: pam_unix(cron:session): session closed for user root
May  8 14:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Invalid user papio from 125.18.49.130
May  8 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: input_userauth_request: invalid user papio [preauth]
May  8 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 14:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Failed password for invalid user papio from 125.18.49.130 port 40556 ssh2
May  8 14:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Received disconnect from 125.18.49.130 port 40556:11: Bye Bye [preauth]
May  8 14:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12245]: Disconnected from 125.18.49.130 port 40556 [preauth]
May  8 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12265]: pam_unix(cron:session): session closed for user p13x
May  8 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: Successful su for rubyman by root
May  8 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: + ??? root:rubyman
May  8 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353718 of user rubyman.
May  8 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12344]: pam_unix(su:session): session closed for user rubyman
May  8 14:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353718.
May  8 14:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9617]: pam_unix(cron:session): session closed for user root
May  8 14:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12266]: pam_unix(cron:session): session closed for user samftp
May  8 14:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11480]: pam_unix(cron:session): session closed for user root
May  8 14:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Invalid user alexey from 101.36.117.148
May  8 14:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: input_userauth_request: invalid user alexey [preauth]
May  8 14:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for invalid user alexey from 101.36.117.148 port 42892 ssh2
May  8 14:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Received disconnect from 101.36.117.148 port 42892:11: Bye Bye [preauth]
May  8 14:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Disconnected from 101.36.117.148 port 42892 [preauth]
May  8 14:34:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Invalid user admin from 80.94.95.125
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: input_userauth_request: invalid user admin [preauth]
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12672]: pam_unix(cron:session): session closed for user root
May  8 14:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12667]: pam_unix(cron:session): session closed for user p13x
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12742]: Successful su for rubyman by root
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12742]: + ??? root:rubyman
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12742]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353722 of user rubyman.
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12742]: pam_unix(su:session): session closed for user rubyman
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353722.
May  8 14:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Failed password for invalid user admin from 80.94.95.125 port 46456 ssh2
May  8 14:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12669]: pam_unix(cron:session): session closed for user root
May  8 14:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Failed password for invalid user admin from 80.94.95.125 port 46456 ssh2
May  8 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10043]: pam_unix(cron:session): session closed for user root
May  8 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12668]: pam_unix(cron:session): session closed for user samftp
May  8 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Failed password for invalid user admin from 80.94.95.125 port 46456 ssh2
May  8 14:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Failed password for invalid user admin from 80.94.95.125 port 46456 ssh2
May  8 14:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Failed password for invalid user admin from 80.94.95.125 port 46456 ssh2
May  8 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Received disconnect from 80.94.95.125 port 46456:11: Bye [preauth]
May  8 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: Disconnected from 80.94.95.125 port 46456 [preauth]
May  8 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12663]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Invalid user devil from 175.6.36.108
May  8 14:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: input_userauth_request: invalid user devil [preauth]
May  8 14:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Failed password for invalid user devil from 175.6.36.108 port 60510 ssh2
May  8 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Received disconnect from 175.6.36.108 port 60510:11: Bye Bye [preauth]
May  8 14:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Disconnected from 175.6.36.108 port 60510 [preauth]
May  8 14:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11882]: pam_unix(cron:session): session closed for user root
May  8 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13102]: pam_unix(cron:session): session closed for user p13x
May  8 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13167]: Successful su for rubyman by root
May  8 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13167]: + ??? root:rubyman
May  8 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13167]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353729 of user rubyman.
May  8 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13167]: pam_unix(su:session): session closed for user rubyman
May  8 14:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353729.
May  8 14:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10572]: pam_unix(cron:session): session closed for user root
May  8 14:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13103]: pam_unix(cron:session): session closed for user samftp
May  8 14:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12269]: pam_unix(cron:session): session closed for user root
May  8 14:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13583]: Bad protocol version identification '\026\003\001\001\027\001' from 165.154.128.199 port 36432
May  8 14:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Invalid user admin from 80.94.95.125
May  8 14:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: input_userauth_request: invalid user admin [preauth]
May  8 14:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user admin from 80.94.95.125 port 13309 ssh2
May  8 14:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user admin from 80.94.95.125 port 13309 ssh2
May  8 14:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user admin from 80.94.95.125 port 13309 ssh2
May  8 14:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13608]: pam_unix(cron:session): session closed for user p13x
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user admin from 80.94.95.125 port 13309 ssh2
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13672]: Successful su for rubyman by root
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13672]: + ??? root:rubyman
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13672]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353732 of user rubyman.
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13672]: pam_unix(su:session): session closed for user rubyman
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353732.
May  8 14:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Failed password for invalid user admin from 80.94.95.125 port 13309 ssh2
May  8 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Received disconnect from 80.94.95.125 port 13309:11: Bye [preauth]
May  8 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: Disconnected from 80.94.95.125 port 13309 [preauth]
May  8 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13585]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11076]: pam_unix(cron:session): session closed for user root
May  8 14:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13609]: pam_unix(cron:session): session closed for user samftp
May  8 14:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13584]: Did not receive identification string from 165.154.128.199
May  8 14:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13860]: Connection closed by 165.154.128.199 port 53268 [preauth]
May  8 14:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13862]: Protocol major versions differ for 165.154.128.199: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May  8 14:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12671]: pam_unix(cron:session): session closed for user root
May  8 14:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14014]: pam_unix(cron:session): session closed for user p13x
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14076]: Successful su for rubyman by root
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14076]: + ??? root:rubyman
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353736 of user rubyman.
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14076]: pam_unix(su:session): session closed for user rubyman
May  8 14:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353736.
May  8 14:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11479]: pam_unix(cron:session): session closed for user root
May  8 14:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session closed for user samftp
May  8 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14265]: Disconnected from 185.93.89.118 port 30646 [preauth]
May  8 14:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 14:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Failed password for root from 80.94.95.241 port 62167 ssh2
May  8 14:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 62167 ssh2]
May  8 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Received disconnect from 80.94.95.241 port 62167:11: Bye [preauth]
May  8 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: Disconnected from 80.94.95.241 port 62167 [preauth]
May  8 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 14:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14252]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session closed for user root
May  8 14:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Invalid user admin1 from 80.94.95.125
May  8 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: input_userauth_request: invalid user admin1 [preauth]
May  8 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user admin1 from 80.94.95.125 port 12621 ssh2
May  8 14:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user admin1 from 80.94.95.125 port 12621 ssh2
May  8 14:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user admin1 from 80.94.95.125 port 12621 ssh2
May  8 14:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user admin1 from 80.94.95.125 port 12621 ssh2
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14422]: pam_unix(cron:session): session closed for user p13x
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14551]: Successful su for rubyman by root
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14551]: + ??? root:rubyman
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353740 of user rubyman.
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14551]: pam_unix(su:session): session closed for user rubyman
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353740.
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Failed password for invalid user admin1 from 80.94.95.125 port 12621 ssh2
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Received disconnect from 80.94.95.125 port 12621:11: Bye [preauth]
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: Disconnected from 80.94.95.125 port 12621 [preauth]
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14398]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14420]: pam_unix(cron:session): session closed for user root
May  8 14:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 14:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11881]: pam_unix(cron:session): session closed for user root
May  8 14:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session closed for user samftp
May  8 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Failed password for root from 125.18.49.130 port 40570 ssh2
May  8 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Received disconnect from 125.18.49.130 port 40570:11: Bye Bye [preauth]
May  8 14:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14640]: Disconnected from 125.18.49.130 port 40570 [preauth]
May  8 14:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13611]: pam_unix(cron:session): session closed for user root
May  8 14:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: Invalid user ec2-user from 101.36.117.148
May  8 14:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: input_userauth_request: invalid user ec2-user [preauth]
May  8 14:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: Failed password for invalid user ec2-user from 101.36.117.148 port 37034 ssh2
May  8 14:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: Received disconnect from 101.36.117.148 port 37034:11: Bye Bye [preauth]
May  8 14:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14867]: Disconnected from 101.36.117.148 port 37034 [preauth]
May  8 14:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Invalid user admin from 85.208.84.5
May  8 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: input_userauth_request: invalid user admin [preauth]
May  8 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Failed none for invalid user admin from 85.208.84.5 port 57066 ssh2
May  8 14:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14880]: Connection closed by 85.208.84.5 port 57066 [preauth]
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14946]: pam_unix(cron:session): session closed for user root
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session closed for user p13x
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15012]: Successful su for rubyman by root
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15012]: + ??? root:rubyman
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15012]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353750 of user rubyman.
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15012]: pam_unix(su:session): session closed for user rubyman
May  8 14:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353750.
May  8 14:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14942]: pam_unix(cron:session): session closed for user root
May  8 14:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12268]: pam_unix(cron:session): session closed for user root
May  8 14:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session closed for user samftp
May  8 14:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session closed for user root
May  8 14:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Invalid user administrator from 80.94.95.125
May  8 14:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: input_userauth_request: invalid user administrator [preauth]
May  8 14:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for invalid user administrator from 80.94.95.125 port 18700 ssh2
May  8 14:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for invalid user administrator from 80.94.95.125 port 18700 ssh2
May  8 14:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for invalid user administrator from 80.94.95.125 port 18700 ssh2
May  8 14:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for invalid user administrator from 80.94.95.125 port 18700 ssh2
May  8 14:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Failed password for invalid user administrator from 80.94.95.125 port 18700 ssh2
May  8 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Received disconnect from 80.94.95.125 port 18700:11: Bye [preauth]
May  8 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: Disconnected from 80.94.95.125 port 18700 [preauth]
May  8 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15339]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session closed for user p13x
May  8 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: Successful su for rubyman by root
May  8 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: + ??? root:rubyman
May  8 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353751 of user rubyman.
May  8 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15434]: pam_unix(su:session): session closed for user rubyman
May  8 14:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353751.
May  8 14:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12670]: pam_unix(cron:session): session closed for user root
May  8 14:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15369]: pam_unix(cron:session): session closed for user samftp
May  8 14:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session closed for user root
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15763]: pam_unix(cron:session): session closed for user p13x
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15827]: Successful su for rubyman by root
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15827]: + ??? root:rubyman
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353756 of user rubyman.
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15827]: pam_unix(su:session): session closed for user rubyman
May  8 14:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353756.
May  8 14:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session closed for user root
May  8 14:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15764]: pam_unix(cron:session): session closed for user samftp
May  8 14:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14944]: pam_unix(cron:session): session closed for user root
May  8 14:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: User daemon from 80.94.95.125 not allowed because not listed in AllowUsers
May  8 14:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: input_userauth_request: invalid user daemon [preauth]
May  8 14:42:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=daemon
May  8 14:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Failed password for invalid user daemon from 80.94.95.125 port 9250 ssh2
May  8 14:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: message repeated 4 times: [ Failed password for invalid user daemon from 80.94.95.125 port 9250 ssh2]
May  8 14:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Received disconnect from 80.94.95.125 port 9250:11: Bye [preauth]
May  8 14:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: Disconnected from 80.94.95.125 port 9250 [preauth]
May  8 14:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=daemon
May  8 14:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16107]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16158]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16157]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16157]: pam_unix(cron:session): session closed for user p13x
May  8 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16222]: Successful su for rubyman by root
May  8 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16222]: + ??? root:rubyman
May  8 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353760 of user rubyman.
May  8 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16222]: pam_unix(su:session): session closed for user rubyman
May  8 14:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353760.
May  8 14:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13610]: pam_unix(cron:session): session closed for user root
May  8 14:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16158]: pam_unix(cron:session): session closed for user samftp
May  8 14:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15371]: pam_unix(cron:session): session closed for user root
May  8 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16589]: pam_unix(cron:session): session closed for user p13x
May  8 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16664]: Successful su for rubyman by root
May  8 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16664]: + ??? root:rubyman
May  8 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353764 of user rubyman.
May  8 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16664]: pam_unix(su:session): session closed for user rubyman
May  8 14:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353764.
May  8 14:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session closed for user root
May  8 14:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16590]: pam_unix(cron:session): session closed for user samftp
May  8 14:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: Invalid user shaseng from 125.18.49.130
May  8 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: input_userauth_request: invalid user shaseng [preauth]
May  8 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: Failed password for invalid user shaseng from 125.18.49.130 port 40586 ssh2
May  8 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: Received disconnect from 125.18.49.130 port 40586:11: Bye Bye [preauth]
May  8 14:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16888]: Disconnected from 125.18.49.130 port 40586 [preauth]
May  8 14:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Invalid user admin from 101.36.117.148
May  8 14:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: input_userauth_request: invalid user admin [preauth]
May  8 14:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Failed password for invalid user admin from 101.36.117.148 port 57604 ssh2
May  8 14:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Received disconnect from 101.36.117.148 port 57604:11: Bye Bye [preauth]
May  8 14:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16934]: Disconnected from 101.36.117.148 port 57604 [preauth]
May  8 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15766]: pam_unix(cron:session): session closed for user root
May  8 14:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Invalid user default from 80.94.95.125
May  8 14:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: input_userauth_request: invalid user default [preauth]
May  8 14:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user default from 80.94.95.125 port 46889 ssh2
May  8 14:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user default from 80.94.95.125 port 46889 ssh2
May  8 14:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user default from 80.94.95.125 port 46889 ssh2
May  8 14:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user default from 80.94.95.125 port 46889 ssh2
May  8 14:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user default from 80.94.95.125 port 46889 ssh2
May  8 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Received disconnect from 80.94.95.125 port 46889:11: Bye [preauth]
May  8 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Disconnected from 80.94.95.125 port 46889 [preauth]
May  8 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17038]: pam_unix(cron:session): session closed for user root
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17033]: pam_unix(cron:session): session closed for user p13x
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17103]: Successful su for rubyman by root
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17103]: + ??? root:rubyman
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353769 of user rubyman.
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17103]: pam_unix(su:session): session closed for user rubyman
May  8 14:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353769.
May  8 14:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17035]: pam_unix(cron:session): session closed for user root
May  8 14:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session closed for user root
May  8 14:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17034]: pam_unix(cron:session): session closed for user samftp
May  8 14:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session closed for user root
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17463]: pam_unix(cron:session): session closed for user p13x
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17468]: pam_unix(cron:session): session closed for user root
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17547]: Successful su for rubyman by root
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17547]: + ??? root:rubyman
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17547]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353773 of user rubyman.
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17547]: pam_unix(su:session): session closed for user rubyman
May  8 14:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353773.
May  8 14:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14943]: pam_unix(cron:session): session closed for user root
May  8 14:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17465]: pam_unix(cron:session): session closed for user samftp
May  8 14:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Invalid user jules from 175.6.36.108
May  8 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: input_userauth_request: invalid user jules [preauth]
May  8 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Failed password for invalid user jules from 175.6.36.108 port 43570 ssh2
May  8 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Received disconnect from 175.6.36.108 port 43570:11: Bye Bye [preauth]
May  8 14:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17750]: Disconnected from 175.6.36.108 port 43570 [preauth]
May  8 14:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: User ftp from 80.94.95.125 not allowed because not listed in AllowUsers
May  8 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: input_userauth_request: invalid user ftp [preauth]
May  8 14:46:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=ftp
May  8 14:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16592]: pam_unix(cron:session): session closed for user root
May  8 14:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Failed password for invalid user ftp from 80.94.95.125 port 58049 ssh2
May  8 14:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: message repeated 2 times: [ Failed password for invalid user ftp from 80.94.95.125 port 58049 ssh2]
May  8 14:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Failed password for invalid user ftp from 80.94.95.125 port 58049 ssh2
May  8 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Failed password for invalid user ftp from 80.94.95.125 port 58049 ssh2
May  8 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Received disconnect from 80.94.95.125 port 58049:11: Bye [preauth]
May  8 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: Disconnected from 80.94.95.125 port 58049 [preauth]
May  8 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=ftp
May  8 14:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17919]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session closed for user p13x
May  8 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18082]: Successful su for rubyman by root
May  8 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18082]: + ??? root:rubyman
May  8 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353778 of user rubyman.
May  8 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18082]: pam_unix(su:session): session closed for user rubyman
May  8 14:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353778.
May  8 14:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15370]: pam_unix(cron:session): session closed for user root
May  8 14:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18008]: pam_unix(cron:session): session closed for user samftp
May  8 14:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17037]: pam_unix(cron:session): session closed for user root
May  8 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18435]: pam_unix(cron:session): session closed for user p13x
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18498]: Successful su for rubyman by root
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18498]: + ??? root:rubyman
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353782 of user rubyman.
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18498]: pam_unix(su:session): session closed for user rubyman
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353782.
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Invalid user odoo from 164.68.105.9
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: input_userauth_request: invalid user odoo [preauth]
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Failed password for invalid user odoo from 164.68.105.9 port 42898 ssh2
May  8 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15765]: pam_unix(cron:session): session closed for user root
May  8 14:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Connection closed by 164.68.105.9 port 42898 [preauth]
May  8 14:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18436]: pam_unix(cron:session): session closed for user samftp
May  8 14:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Invalid user ftpuser from 80.94.95.125
May  8 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: input_userauth_request: invalid user ftpuser [preauth]
May  8 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for invalid user ftpuser from 80.94.95.125 port 49526 ssh2
May  8 14:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for invalid user ftpuser from 80.94.95.125 port 49526 ssh2
May  8 14:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for invalid user ftpuser from 80.94.95.125 port 49526 ssh2
May  8 14:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for invalid user ftpuser from 80.94.95.125 port 49526 ssh2
May  8 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17469]: pam_unix(cron:session): session closed for user root
May  8 14:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Failed password for invalid user ftpuser from 80.94.95.125 port 49526 ssh2
May  8 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Received disconnect from 80.94.95.125 port 49526:11: Bye [preauth]
May  8 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: Disconnected from 80.94.95.125 port 49526 [preauth]
May  8 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18721]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18841]: pam_unix(cron:session): session closed for user p13x
May  8 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: Successful su for rubyman by root
May  8 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: + ??? root:rubyman
May  8 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353788 of user rubyman.
May  8 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18903]: pam_unix(su:session): session closed for user rubyman
May  8 14:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353788.
May  8 14:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session closed for user root
May  8 14:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18842]: pam_unix(cron:session): session closed for user samftp
May  8 14:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: Invalid user abbas from 101.36.117.148
May  8 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: input_userauth_request: invalid user abbas [preauth]
May  8 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.117.148
May  8 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: Failed password for invalid user abbas from 101.36.117.148 port 35072 ssh2
May  8 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: Received disconnect from 101.36.117.148 port 35072:11: Bye Bye [preauth]
May  8 14:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19134]: Disconnected from 101.36.117.148 port 35072 [preauth]
May  8 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: Invalid user config from 80.94.95.116
May  8 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: input_userauth_request: invalid user config [preauth]
May  8 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: Failed password for invalid user config from 80.94.95.116 port 55412 ssh2
May  8 14:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19136]: Connection closed by 80.94.95.116 port 55412 [preauth]
May  8 14:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18010]: pam_unix(cron:session): session closed for user root
May  8 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Invalid user & from 195.178.110.50
May  8 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: input_userauth_request: invalid user & [preauth]
May  8 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Failed password for invalid user & from 195.178.110.50 port 6408 ssh2
May  8 14:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19123]: Connection closed by 195.178.110.50 port 6408 [preauth]
May  8 14:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19196]: Failed password for root from 125.18.49.130 port 40598 ssh2
May  8 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19196]: Received disconnect from 125.18.49.130 port 40598:11: Bye Bye [preauth]
May  8 14:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19196]: Disconnected from 125.18.49.130 port 40598 [preauth]
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Invalid user  from 195.178.110.50
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: input_userauth_request: invalid user  [preauth]
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19270]: pam_unix(cron:session): session closed for user root
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19265]: pam_unix(cron:session): session closed for user p13x
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: Successful su for rubyman by root
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: + ??? root:rubyman
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353792 of user rubyman.
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19337]: pam_unix(su:session): session closed for user rubyman
May  8 14:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353792.
May  8 14:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Failed password for invalid user  from 195.178.110.50 port 10876 ssh2
May  8 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19210]: Connection closed by 195.178.110.50 port 10876 [preauth]
May  8 14:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session closed for user root
May  8 14:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16591]: pam_unix(cron:session): session closed for user root
May  8 14:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session closed for user samftp
May  8 14:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Invalid user guest from 80.94.95.125
May  8 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: input_userauth_request: invalid user guest [preauth]
May  8 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Failed password for invalid user guest from 80.94.95.125 port 12797 ssh2
May  8 14:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Failed password for invalid user guest from 80.94.95.125 port 12797 ssh2
May  8 14:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Invalid user 8 from 195.178.110.50
May  8 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: input_userauth_request: invalid user 8 [preauth]
May  8 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Failed password for invalid user guest from 80.94.95.125 port 12797 ssh2
May  8 14:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Failed password for invalid user 8 from 195.178.110.50 port 14044 ssh2
May  8 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Failed password for invalid user guest from 80.94.95.125 port 12797 ssh2
May  8 14:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19428]: Connection closed by 195.178.110.50 port 14044 [preauth]
May  8 14:50:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Failed password for invalid user guest from 80.94.95.125 port 12797 ssh2
May  8 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Received disconnect from 80.94.95.125 port 12797:11: Bye [preauth]
May  8 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: Disconnected from 80.94.95.125 port 12797 [preauth]
May  8 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:50:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19578]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18438]: pam_unix(cron:session): session closed for user root
May  8 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Invalid user A from 195.178.110.50
May  8 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: input_userauth_request: invalid user A [preauth]
May  8 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Failed password for invalid user A from 195.178.110.50 port 8800 ssh2
May  8 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Connection closed by 195.178.110.50 port 8800 [preauth]
May  8 14:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19721]: pam_unix(cron:session): session closed for user p13x
May  8 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: Successful su for rubyman by root
May  8 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: + ??? root:rubyman
May  8 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353797 of user rubyman.
May  8 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19792]: pam_unix(su:session): session closed for user rubyman
May  8 14:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353797.
May  8 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17036]: pam_unix(cron:session): session closed for user root
May  8 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Invalid user J from 195.178.110.50
May  8 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: input_userauth_request: invalid user J [preauth]
May  8 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 14:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19722]: pam_unix(cron:session): session closed for user samftp
May  8 14:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Failed password for invalid user J from 195.178.110.50 port 46230 ssh2
May  8 14:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19702]: Connection closed by 195.178.110.50 port 46230 [preauth]
May  8 14:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18844]: pam_unix(cron:session): session closed for user root
May  8 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session closed for user p13x
May  8 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: Successful su for rubyman by root
May  8 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: + ??? root:rubyman
May  8 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353802 of user rubyman.
May  8 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20203]: pam_unix(su:session): session closed for user rubyman
May  8 14:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353802.
May  8 14:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17466]: pam_unix(cron:session): session closed for user root
May  8 14:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20143]: pam_unix(cron:session): session closed for user samftp
May  8 14:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Invalid user moth3r from 80.94.95.125
May  8 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: input_userauth_request: invalid user moth3r [preauth]
May  8 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for invalid user moth3r from 80.94.95.125 port 28305 ssh2
May  8 14:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for invalid user moth3r from 80.94.95.125 port 28305 ssh2
May  8 14:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for invalid user moth3r from 80.94.95.125 port 28305 ssh2
May  8 14:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for invalid user moth3r from 80.94.95.125 port 28305 ssh2
May  8 14:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Failed password for invalid user moth3r from 80.94.95.125 port 28305 ssh2
May  8 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Received disconnect from 80.94.95.125 port 28305:11: Bye [preauth]
May  8 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: Disconnected from 80.94.95.125 port 28305 [preauth]
May  8 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20384]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session closed for user root
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20541]: pam_unix(cron:session): session closed for user p13x
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20601]: Successful su for rubyman by root
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20601]: + ??? root:rubyman
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20601]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353804 of user rubyman.
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20601]: pam_unix(su:session): session closed for user rubyman
May  8 14:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353804.
May  8 14:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18009]: pam_unix(cron:session): session closed for user root
May  8 14:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20542]: pam_unix(cron:session): session closed for user samftp
May  8 14:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19725]: pam_unix(cron:session): session closed for user root
May  8 14:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session closed for user p13x
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: Successful su for rubyman by root
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: + ??? root:rubyman
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353808 of user rubyman.
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21013]: pam_unix(su:session): session closed for user rubyman
May  8 14:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353808.
May  8 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Invalid user nexus from 80.94.95.125
May  8 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: input_userauth_request: invalid user nexus [preauth]
May  8 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18437]: pam_unix(cron:session): session closed for user root
May  8 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user nexus from 80.94.95.125 port 34310 ssh2
May  8 14:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session closed for user samftp
May  8 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user nexus from 80.94.95.125 port 34310 ssh2
May  8 14:54:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user nexus from 80.94.95.125 port 34310 ssh2
May  8 14:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user nexus from 80.94.95.125 port 34310 ssh2
May  8 14:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Failed password for invalid user nexus from 80.94.95.125 port 34310 ssh2
May  8 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Received disconnect from 80.94.95.125 port 34310:11: Bye [preauth]
May  8 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: Disconnected from 80.94.95.125 port 34310 [preauth]
May  8 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20989]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20147]: pam_unix(cron:session): session closed for user root
May  8 14:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Invalid user sasan from 69.166.232.229
May  8 14:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: input_userauth_request: invalid user sasan [preauth]
May  8 14:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 14:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Failed password for invalid user sasan from 69.166.232.229 port 36492 ssh2
May  8 14:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Received disconnect from 69.166.232.229 port 36492:11: Bye Bye [preauth]
May  8 14:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Disconnected from 69.166.232.229 port 36492 [preauth]
May  8 14:54:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:55:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21393]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21394]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21398]: pam_unix(cron:session): session closed for user root
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21393]: pam_unix(cron:session): session closed for user p13x
May  8 14:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Failed password for root from 125.18.49.130 port 40614 ssh2
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Received disconnect from 125.18.49.130 port 40614:11: Bye Bye [preauth]
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21390]: Disconnected from 125.18.49.130 port 40614 [preauth]
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: Successful su for rubyman by root
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: + ??? root:rubyman
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353815 of user rubyman.
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21465]: pam_unix(su:session): session closed for user rubyman
May  8 14:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353815.
May  8 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21395]: pam_unix(cron:session): session closed for user root
May  8 14:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18843]: pam_unix(cron:session): session closed for user root
May  8 14:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21394]: pam_unix(cron:session): session closed for user samftp
May  8 14:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Invalid user admin from 80.94.95.112
May  8 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: input_userauth_request: invalid user admin [preauth]
May  8 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 14:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Failed password for invalid user admin from 80.94.95.112 port 6717 ssh2
May  8 14:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Failed password for invalid user admin from 80.94.95.112 port 6717 ssh2
May  8 14:55:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Failed password for invalid user admin from 80.94.95.112 port 6717 ssh2
May  8 14:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Failed password for invalid user admin from 80.94.95.112 port 6717 ssh2
May  8 14:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Failed password for invalid user admin from 80.94.95.112 port 6717 ssh2
May  8 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Received disconnect from 80.94.95.112 port 6717:11: Bye [preauth]
May  8 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: Disconnected from 80.94.95.112 port 6717 [preauth]
May  8 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 14:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21740]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20544]: pam_unix(cron:session): session closed for user root
May  8 14:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Invalid user pritchard from 80.94.95.125
May  8 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: input_userauth_request: invalid user pritchard [preauth]
May  8 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user pritchard from 80.94.95.125 port 21546 ssh2
May  8 14:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user pritchard from 80.94.95.125 port 21546 ssh2
May  8 14:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user pritchard from 80.94.95.125 port 21546 ssh2
May  8 14:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22157]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user pritchard from 80.94.95.125 port 21546 ssh2
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22156]: pam_unix(cron:session): session closed for user p13x
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: Successful su for rubyman by root
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: + ??? root:rubyman
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353819 of user rubyman.
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22235]: pam_unix(su:session): session closed for user rubyman
May  8 14:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353819.
May  8 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Failed password for invalid user pritchard from 80.94.95.125 port 21546 ssh2
May  8 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Received disconnect from 80.94.95.125 port 21546:11: Bye [preauth]
May  8 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: Disconnected from 80.94.95.125 port 21546 [preauth]
May  8 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 14:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22123]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 14:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session closed for user root
May  8 14:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22157]: pam_unix(cron:session): session closed for user samftp
May  8 14:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session closed for user root
May  8 14:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Invalid user felipe from 175.6.36.108
May  8 14:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: input_userauth_request: invalid user felipe [preauth]
May  8 14:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): check pass; user unknown
May  8 14:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 14:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for invalid user felipe from 175.6.36.108 port 41944 ssh2
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Received disconnect from 175.6.36.108 port 41944:11: Bye Bye [preauth]
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Disconnected from 175.6.36.108 port 41944 [preauth]
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22635]: pam_unix(cron:session): session closed for user p13x
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: Successful su for rubyman by root
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: + ??? root:rubyman
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353822 of user rubyman.
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22701]: pam_unix(su:session): session closed for user rubyman
May  8 14:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353822.
May  8 14:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19723]: pam_unix(cron:session): session closed for user root
May  8 14:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22636]: pam_unix(cron:session): session closed for user samftp
May  8 14:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21397]: pam_unix(cron:session): session closed for user root
May  8 14:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Failed password for root from 80.94.95.125 port 50826 ssh2
May  8 14:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 50826 ssh2]
May  8 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Received disconnect from 80.94.95.125 port 50826:11: Bye [preauth]
May  8 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: Disconnected from 80.94.95.125 port 50826 [preauth]
May  8 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23043]: PAM service(sshd) ignoring max retries; 4 > 3
May  8 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23091]: pam_unix(cron:session): session closed for user p13x
May  8 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23156]: Successful su for rubyman by root
May  8 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23156]: + ??? root:rubyman
May  8 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353827 of user rubyman.
May  8 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23156]: pam_unix(su:session): session closed for user rubyman
May  8 14:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353827.
May  8 14:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20144]: pam_unix(cron:session): session closed for user root
May  8 14:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23093]: pam_unix(cron:session): session closed for user samftp
May  8 14:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22159]: pam_unix(cron:session): session closed for user root
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23590]: pam_unix(cron:session): session closed for user p13x
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23658]: Successful su for rubyman by root
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23658]: + ??? root:rubyman
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353831 of user rubyman.
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23658]: pam_unix(su:session): session closed for user rubyman
May  8 14:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353831.
May  8 14:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20543]: pam_unix(cron:session): session closed for user root
May  8 14:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23591]: pam_unix(cron:session): session closed for user samftp
May  8 14:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 14:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Failed password for root from 80.94.95.125 port 26379 ssh2
May  8 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22638]: pam_unix(cron:session): session closed for user root
May  8 14:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Failed password for root from 80.94.95.125 port 26379 ssh2
May  8 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: message repeated 3 times: [ Failed password for root from 80.94.95.125 port 26379 ssh2]
May  8 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Received disconnect from 80.94.95.125 port 26379:11: Bye [preauth]
May  8 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: Disconnected from 80.94.95.125 port 26379 [preauth]
May  8 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 14:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24031]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user root
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24129]: pam_unix(cron:session): session closed for user root
May  8 15:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24127]: pam_unix(cron:session): session closed for user p13x
May  8 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: Successful su for rubyman by root
May  8 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: + ??? root:rubyman
May  8 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353834 of user rubyman.
May  8 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: pam_unix(su:session): session closed for user rubyman
May  8 15:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353834.
May  8 15:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session closed for user root
May  8 15:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24130]: pam_unix(cron:session): session closed for user root
May  8 15:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24128]: pam_unix(cron:session): session closed for user samftp
May  8 15:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Invalid user user1 from 125.18.49.130
May  8 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: input_userauth_request: invalid user user1 [preauth]
May  8 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Failed password for invalid user user1 from 125.18.49.130 port 40636 ssh2
May  8 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Received disconnect from 125.18.49.130 port 40636:11: Bye Bye [preauth]
May  8 15:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24515]: Disconnected from 125.18.49.130 port 40636 [preauth]
May  8 15:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23095]: pam_unix(cron:session): session closed for user root
May  8 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24681]: pam_unix(cron:session): session closed for user p13x
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: Successful su for rubyman by root
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: + ??? root:rubyman
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353841 of user rubyman.
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24752]: pam_unix(su:session): session closed for user rubyman
May  8 15:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353841.
May  8 15:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21396]: pam_unix(cron:session): session closed for user root
May  8 15:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24682]: pam_unix(cron:session): session closed for user samftp
May  8 15:01:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:01:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Failed password for root from 80.94.95.125 port 13843 ssh2
May  8 15:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 13843 ssh2]
May  8 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Received disconnect from 80.94.95.125 port 13843:11: Bye [preauth]
May  8 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: Disconnected from 80.94.95.125 port 13843 [preauth]
May  8 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24978]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23594]: pam_unix(cron:session): session closed for user root
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25100]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25099]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25099]: pam_unix(cron:session): session closed for user p13x
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: Successful su for rubyman by root
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: + ??? root:rubyman
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353847 of user rubyman.
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25164]: pam_unix(su:session): session closed for user rubyman
May  8 15:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353847.
May  8 15:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Invalid user admin from 80.94.95.241
May  8 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: input_userauth_request: invalid user admin [preauth]
May  8 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 15:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22158]: pam_unix(cron:session): session closed for user root
May  8 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user admin from 80.94.95.241 port 17630 ssh2
May  8 15:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25100]: pam_unix(cron:session): session closed for user samftp
May  8 15:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user admin from 80.94.95.241 port 17630 ssh2
May  8 15:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user admin from 80.94.95.241 port 17630 ssh2
May  8 15:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user admin from 80.94.95.241 port 17630 ssh2
May  8 15:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Failed password for invalid user admin from 80.94.95.241 port 17630 ssh2
May  8 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Received disconnect from 80.94.95.241 port 17630:11: Bye [preauth]
May  8 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: Disconnected from 80.94.95.241 port 17630 [preauth]
May  8 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 15:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25196]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Invalid user maint from 80.94.95.241
May  8 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: input_userauth_request: invalid user maint [preauth]
May  8 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 15:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for invalid user maint from 80.94.95.241 port 63169 ssh2
May  8 15:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for invalid user maint from 80.94.95.241 port 63169 ssh2
May  8 15:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for invalid user maint from 80.94.95.241 port 63169 ssh2
May  8 15:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for invalid user maint from 80.94.95.241 port 63169 ssh2
May  8 15:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Failed password for invalid user maint from 80.94.95.241 port 63169 ssh2
May  8 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Received disconnect from 80.94.95.241 port 63169:11: Bye [preauth]
May  8 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: Disconnected from 80.94.95.241 port 63169 [preauth]
May  8 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 15:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25404]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user root
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25522]: pam_unix(cron:session): session closed for user p13x
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25593]: Successful su for rubyman by root
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25593]: + ??? root:rubyman
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353849 of user rubyman.
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25593]: pam_unix(su:session): session closed for user rubyman
May  8 15:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353849.
May  8 15:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22637]: pam_unix(cron:session): session closed for user root
May  8 15:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25524]: pam_unix(cron:session): session closed for user samftp
May  8 15:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Failed password for root from 80.94.95.125 port 23756 ssh2
May  8 15:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 23756 ssh2]
May  8 15:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Received disconnect from 80.94.95.125 port 23756:11: Bye [preauth]
May  8 15:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: Disconnected from 80.94.95.125 port 23756 [preauth]
May  8 15:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25858]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24685]: pam_unix(cron:session): session closed for user root
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26021]: pam_unix(cron:session): session closed for user p13x
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26087]: Successful su for rubyman by root
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26087]: + ??? root:rubyman
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26087]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353853 of user rubyman.
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26087]: pam_unix(su:session): session closed for user rubyman
May  8 15:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353853.
May  8 15:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23094]: pam_unix(cron:session): session closed for user root
May  8 15:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26022]: pam_unix(cron:session): session closed for user samftp
May  8 15:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25102]: pam_unix(cron:session): session closed for user root
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26435]: pam_unix(cron:session): session closed for user root
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26430]: pam_unix(cron:session): session closed for user p13x
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: Successful su for rubyman by root
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: + ??? root:rubyman
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353858 of user rubyman.
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26571]: pam_unix(su:session): session closed for user rubyman
May  8 15:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353858.
May  8 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26432]: pam_unix(cron:session): session closed for user root
May  8 15:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23592]: pam_unix(cron:session): session closed for user root
May  8 15:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26431]: pam_unix(cron:session): session closed for user samftp
May  8 15:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: Failed password for root from 80.94.95.125 port 50886 ssh2
May  8 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 50886 ssh2]
May  8 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: Received disconnect from 80.94.95.125 port 50886:11: Bye [preauth]
May  8 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: Disconnected from 80.94.95.125 port 50886 [preauth]
May  8 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26770]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25531]: pam_unix(cron:session): session closed for user root
May  8 15:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Failed password for root from 125.18.49.130 port 40654 ssh2
May  8 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Received disconnect from 125.18.49.130 port 40654:11: Bye Bye [preauth]
May  8 15:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Disconnected from 125.18.49.130 port 40654 [preauth]
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26967]: pam_unix(cron:session): session closed for user p13x
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: Successful su for rubyman by root
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: + ??? root:rubyman
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353863 of user rubyman.
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27061]: pam_unix(su:session): session closed for user rubyman
May  8 15:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353863.
May  8 15:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user root
May  8 15:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26968]: pam_unix(cron:session): session closed for user samftp
May  8 15:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: Invalid user gianni from 69.166.232.229
May  8 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: input_userauth_request: invalid user gianni [preauth]
May  8 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: Failed password for invalid user gianni from 69.166.232.229 port 57500 ssh2
May  8 15:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: Received disconnect from 69.166.232.229 port 57500:11: Bye Bye [preauth]
May  8 15:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27310]: Disconnected from 69.166.232.229 port 57500 [preauth]
May  8 15:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26024]: pam_unix(cron:session): session closed for user root
May  8 15:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for root from 80.94.95.125 port 18039 ssh2
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27487]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27481]: pam_unix(cron:session): session closed for user p13x
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27559]: Successful su for rubyman by root
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27559]: + ??? root:rubyman
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353868 of user rubyman.
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27559]: pam_unix(su:session): session closed for user rubyman
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353868.
May  8 15:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for root from 80.94.95.125 port 18039 ssh2
May  8 15:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for root from 80.94.95.125 port 18039 ssh2
May  8 15:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24684]: pam_unix(cron:session): session closed for user root
May  8 15:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for root from 80.94.95.125 port 18039 ssh2
May  8 15:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27487]: pam_unix(cron:session): session closed for user samftp
May  8 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Failed password for root from 80.94.95.125 port 18039 ssh2
May  8 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Received disconnect from 80.94.95.125 port 18039:11: Bye [preauth]
May  8 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: Disconnected from 80.94.95.125 port 18039 [preauth]
May  8 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27478]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26434]: pam_unix(cron:session): session closed for user root
May  8 15:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Invalid user bot_server from 175.6.36.108
May  8 15:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: input_userauth_request: invalid user bot_server [preauth]
May  8 15:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Failed password for invalid user bot_server from 175.6.36.108 port 58544 ssh2
May  8 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Received disconnect from 175.6.36.108 port 58544:11: Bye Bye [preauth]
May  8 15:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27886]: Disconnected from 175.6.36.108 port 58544 [preauth]
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27914]: pam_unix(cron:session): session closed for user p13x
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27979]: Successful su for rubyman by root
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27979]: + ??? root:rubyman
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27979]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353871 of user rubyman.
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27979]: pam_unix(su:session): session closed for user rubyman
May  8 15:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353871.
May  8 15:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25101]: pam_unix(cron:session): session closed for user root
May  8 15:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27915]: pam_unix(cron:session): session closed for user samftp
May  8 15:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26970]: pam_unix(cron:session): session closed for user root
May  8 15:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Failed password for root from 80.94.95.125 port 60729 ssh2
May  8 15:08:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 60729 ssh2]
May  8 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Received disconnect from 80.94.95.125 port 60729:11: Bye [preauth]
May  8 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: Disconnected from 80.94.95.125 port 60729 [preauth]
May  8 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  8 15:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28271]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28319]: pam_unix(cron:session): session closed for user p13x
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28451]: Successful su for rubyman by root
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28451]: + ??? root:rubyman
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353878 of user rubyman.
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28451]: pam_unix(su:session): session closed for user rubyman
May  8 15:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353878.
May  8 15:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28317]: pam_unix(cron:session): session closed for user root
May  8 15:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25525]: pam_unix(cron:session): session closed for user root
May  8 15:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28320]: pam_unix(cron:session): session closed for user samftp
May  8 15:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27489]: pam_unix(cron:session): session closed for user root
May  8 15:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28821]: pam_unix(cron:session): session closed for user root
May  8 15:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28816]: pam_unix(cron:session): session closed for user p13x
May  8 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: Successful su for rubyman by root
May  8 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: + ??? root:rubyman
May  8 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353881 of user rubyman.
May  8 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: pam_unix(su:session): session closed for user rubyman
May  8 15:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353881.
May  8 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session closed for user root
May  8 15:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26023]: pam_unix(cron:session): session closed for user root
May  8 15:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session closed for user samftp
May  8 15:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Invalid user service from 80.94.95.125
May  8 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: input_userauth_request: invalid user service [preauth]
May  8 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27917]: pam_unix(cron:session): session closed for user root
May  8 15:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for invalid user service from 80.94.95.125 port 19097 ssh2
May  8 15:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for invalid user service from 80.94.95.125 port 19097 ssh2
May  8 15:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for invalid user service from 80.94.95.125 port 19097 ssh2
May  8 15:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for invalid user service from 80.94.95.125 port 19097 ssh2
May  8 15:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Failed password for root from 80.94.95.115 port 51360 ssh2
May  8 15:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29308]: Connection closed by 80.94.95.115 port 51360 [preauth]
May  8 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Failed password for invalid user service from 80.94.95.125 port 19097 ssh2
May  8 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Received disconnect from 80.94.95.125 port 19097:11: Bye [preauth]
May  8 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: Disconnected from 80.94.95.125 port 19097 [preauth]
May  8 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29278]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: Invalid user informix from 125.18.49.130
May  8 15:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: input_userauth_request: invalid user informix [preauth]
May  8 15:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: Failed password for invalid user informix from 125.18.49.130 port 40666 ssh2
May  8 15:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: Received disconnect from 125.18.49.130 port 40666:11: Bye Bye [preauth]
May  8 15:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29352]: Disconnected from 125.18.49.130 port 40666 [preauth]
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user p13x
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: Successful su for rubyman by root
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: + ??? root:rubyman
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353888 of user rubyman.
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29435]: pam_unix(su:session): session closed for user rubyman
May  8 15:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353888.
May  8 15:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26433]: pam_unix(cron:session): session closed for user root
May  8 15:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user samftp
May  8 15:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28322]: pam_unix(cron:session): session closed for user root
May  8 15:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Invalid user marko from 69.166.232.229
May  8 15:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: input_userauth_request: invalid user marko [preauth]
May  8 15:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29780]: pam_unix(cron:session): session closed for user p13x
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29850]: Successful su for rubyman by root
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29850]: + ??? root:rubyman
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353891 of user rubyman.
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29850]: pam_unix(su:session): session closed for user rubyman
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353891.
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Failed password for invalid user marko from 69.166.232.229 port 39836 ssh2
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Received disconnect from 69.166.232.229 port 39836:11: Bye Bye [preauth]
May  8 15:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29777]: Disconnected from 69.166.232.229 port 39836 [preauth]
May  8 15:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26969]: pam_unix(cron:session): session closed for user root
May  8 15:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29781]: pam_unix(cron:session): session closed for user samftp
May  8 15:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=root
May  8 15:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Failed password for root from 103.18.70.10 port 46473 ssh2
May  8 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30072]: Connection closed by 103.18.70.10 port 46473 [preauth]
May  8 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Invalid user squid from 80.94.95.125
May  8 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: input_userauth_request: invalid user squid [preauth]
May  8 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user squid from 80.94.95.125 port 12656 ssh2
May  8 15:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user squid from 80.94.95.125 port 12656 ssh2
May  8 15:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user squid from 80.94.95.125 port 12656 ssh2
May  8 15:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user squid from 80.94.95.125 port 12656 ssh2
May  8 15:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user squid from 80.94.95.125 port 12656 ssh2
May  8 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Received disconnect from 80.94.95.125 port 12656:11: Bye [preauth]
May  8 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Disconnected from 80.94.95.125 port 12656 [preauth]
May  8 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session closed for user root
May  8 15:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Invalid user apolo from 64.227.158.157
May  8 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: input_userauth_request: invalid user apolo [preauth]
May  8 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Failed password for invalid user apolo from 64.227.158.157 port 54178 ssh2
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Received disconnect from 64.227.158.157 port 54178:11: Bye Bye [preauth]
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30183]: Disconnected from 64.227.158.157 port 54178 [preauth]
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30196]: pam_unix(cron:session): session closed for user p13x
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30253]: Successful su for rubyman by root
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30253]: + ??? root:rubyman
May  8 15:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353895 of user rubyman.
May  8 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30253]: pam_unix(su:session): session closed for user rubyman
May  8 15:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353895.
May  8 15:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27488]: pam_unix(cron:session): session closed for user root
May  8 15:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user samftp
May  8 15:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29367]: pam_unix(cron:session): session closed for user root
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30585]: pam_unix(cron:session): session closed for user p13x
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: Successful su for rubyman by root
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: + ??? root:rubyman
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353898 of user rubyman.
May  8 15:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30647]: pam_unix(su:session): session closed for user rubyman
May  8 15:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353898.
May  8 15:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27916]: pam_unix(cron:session): session closed for user root
May  8 15:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30586]: pam_unix(cron:session): session closed for user samftp
May  8 15:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Invalid user telecomadmin from 80.94.95.125
May  8 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: input_userauth_request: invalid user telecomadmin [preauth]
May  8 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for invalid user telecomadmin from 80.94.95.125 port 17724 ssh2
May  8 15:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for invalid user telecomadmin from 80.94.95.125 port 17724 ssh2
May  8 15:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for invalid user telecomadmin from 80.94.95.125 port 17724 ssh2
May  8 15:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for invalid user telecomadmin from 80.94.95.125 port 17724 ssh2
May  8 15:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Failed password for invalid user telecomadmin from 80.94.95.125 port 17724 ssh2
May  8 15:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Received disconnect from 80.94.95.125 port 17724:11: Bye [preauth]
May  8 15:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: Disconnected from 80.94.95.125 port 17724 [preauth]
May  8 15:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30830]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29783]: pam_unix(cron:session): session closed for user root
May  8 15:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: Invalid user pi from 103.18.70.10
May  8 15:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: input_userauth_request: invalid user pi [preauth]
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: Invalid user git from 103.18.70.10
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: input_userauth_request: invalid user git [preauth]
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Invalid user oracle from 103.18.70.10
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: input_userauth_request: invalid user oracle [preauth]
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31099]: pam_unix(cron:session): session closed for user root
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31094]: pam_unix(cron:session): session closed for user p13x
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31166]: Successful su for rubyman by root
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31166]: + ??? root:rubyman
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353903 of user rubyman.
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31166]: pam_unix(su:session): session closed for user rubyman
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353903.
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: Failed password for invalid user pi from 103.18.70.10 port 50033 ssh2
May  8 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Invalid user hive from 103.18.70.10
May  8 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: input_userauth_request: invalid user hive [preauth]
May  8 15:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31049]: Connection closed by 103.18.70.10 port 50033 [preauth]
May  8 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31096]: pam_unix(cron:session): session closed for user root
May  8 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31048]: Failed password for invalid user git from 103.18.70.10 port 50532 ssh2
May  8 15:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28321]: pam_unix(cron:session): session closed for user root
May  8 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Failed password for invalid user oracle from 103.18.70.10 port 51760 ssh2
May  8 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Failed password for invalid user hive from 103.18.70.10 port 50285 ssh2
May  8 15:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31046]: Connection closed by 103.18.70.10 port 50285 [preauth]
May  8 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31095]: pam_unix(cron:session): session closed for user samftp
May  8 15:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: Invalid user wang from 103.18.70.10
May  8 15:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: input_userauth_request: invalid user wang [preauth]
May  8 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: Failed password for invalid user wang from 103.18.70.10 port 50778 ssh2
May  8 15:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31054]: Connection closed by 103.18.70.10 port 50778 [preauth]
May  8 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: Invalid user gitlab from 103.18.70.10
May  8 15:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: input_userauth_request: invalid user gitlab [preauth]
May  8 15:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: Invalid user mongo from 103.18.70.10
May  8 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: input_userauth_request: invalid user mongo [preauth]
May  8 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: Failed password for invalid user gitlab from 103.18.70.10 port 52741 ssh2
May  8 15:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31395]: Connection closed by 103.18.70.10 port 52741 [preauth]
May  8 15:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: Failed password for invalid user mongo from 103.18.70.10 port 51270 ssh2
May  8 15:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31357]: Connection closed by 103.18.70.10 port 51270 [preauth]
May  8 15:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session closed for user root
May  8 15:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31451]: User mysql from 103.18.70.10 not allowed because not listed in AllowUsers
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31451]: input_userauth_request: invalid user mysql [preauth]
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Invalid user docker from 103.18.70.10
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: input_userauth_request: invalid user docker [preauth]
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=mysql
May  8 15:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=root
May  8 15:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Invalid user esuser from 103.18.70.10
May  8 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: input_userauth_request: invalid user esuser [preauth]
May  8 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31451]: Failed password for invalid user mysql from 103.18.70.10 port 55552 ssh2
May  8 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: Failed password for root from 103.18.70.10 port 52250 ssh2
May  8 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Failed password for invalid user docker from 103.18.70.10 port 59358 ssh2
May  8 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31375]: Connection closed by 103.18.70.10 port 52250 [preauth]
May  8 15:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Failed password for invalid user esuser from 103.18.70.10 port 59008 ssh2
May  8 15:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31509]: Connection closed by 103.18.70.10 port 59008 [preauth]
May  8 15:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31451]: Connection closed by 103.18.70.10 port 55552 [preauth]
May  8 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Invalid user steam from 103.18.70.10
May  8 15:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: input_userauth_request: invalid user steam [preauth]
May  8 15:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Invalid user telnet from 80.94.95.125
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: input_userauth_request: invalid user telnet [preauth]
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: Invalid user nginx from 103.18.70.10
May  8 15:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: input_userauth_request: invalid user nginx [preauth]
May  8 15:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user telnet from 80.94.95.125 port 16405 ssh2
May  8 15:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Failed password for invalid user steam from 103.18.70.10 port 61038 ssh2
May  8 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31528]: Connection closed by 103.18.70.10 port 61038 [preauth]
May  8 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: Failed password for invalid user nginx from 103.18.70.10 port 51025 ssh2
May  8 15:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31057]: Connection closed by 103.18.70.10 port 51025 [preauth]
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user telnet from 80.94.95.125 port 16405 ssh2
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session closed for user p13x
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31625]: Successful su for rubyman by root
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31625]: + ??? root:rubyman
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353908 of user rubyman.
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31625]: pam_unix(su:session): session closed for user rubyman
May  8 15:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353908.
May  8 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user telnet from 80.94.95.125 port 16405 ssh2
May  8 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28819]: pam_unix(cron:session): session closed for user root
May  8 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: Invalid user oracle from 103.18.70.10
May  8 15:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: input_userauth_request: invalid user oracle [preauth]
May  8 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31557]: pam_unix(cron:session): session closed for user samftp
May  8 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user telnet from 80.94.95.125 port 16405 ssh2
May  8 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31501]: Connection closed by 103.18.70.10 port 59358 [preauth]
May  8 15:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Failed password for invalid user telnet from 80.94.95.125 port 16405 ssh2
May  8 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Received disconnect from 80.94.95.125 port 16405:11: Bye [preauth]
May  8 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: Disconnected from 80.94.95.125 port 16405 [preauth]
May  8 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31544]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31060]: Connection closed by 103.18.70.10 port 51760 [preauth]
May  8 15:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: Failed password for invalid user oracle from 103.18.70.10 port 56272 ssh2
May  8 15:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31427]: Connection closed by 103.18.70.10 port 56272 [preauth]
May  8 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=root
May  8 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Invalid user tomcat from 103.18.70.10
May  8 15:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: input_userauth_request: invalid user tomcat [preauth]
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: Invalid user wuxianjin from 125.18.49.130
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: input_userauth_request: invalid user wuxianjin [preauth]
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Failed password for root from 103.18.70.10 port 64674 ssh2
May  8 15:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Connection closed by 103.18.70.10 port 64674 [preauth]
May  8 15:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Failed password for invalid user tomcat from 103.18.70.10 port 61459 ssh2
May  8 15:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: Failed password for invalid user wuxianjin from 125.18.49.130 port 40674 ssh2
May  8 15:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: Received disconnect from 125.18.49.130 port 40674:11: Bye Bye [preauth]
May  8 15:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31884]: Disconnected from 125.18.49.130 port 40674 [preauth]
May  8 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31769]: Connection closed by 103.18.70.10 port 61459 [preauth]
May  8 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: User ftp from 103.18.70.10 not allowed because not listed in AllowUsers
May  8 15:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: input_userauth_request: invalid user ftp [preauth]
May  8 15:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=root
May  8 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=ftp
May  8 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Invalid user deploy from 103.18.70.10
May  8 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: input_userauth_request: invalid user deploy [preauth]
May  8 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Failed password for root from 103.18.70.10 port 49788 ssh2
May  8 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Failed password for invalid user ftp from 103.18.70.10 port 64768 ssh2
May  8 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31039]: Connection closed by 103.18.70.10 port 49788 [preauth]
May  8 15:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Failed password for invalid user deploy from 103.18.70.10 port 34435 ssh2
May  8 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30588]: pam_unix(cron:session): session closed for user root
May  8 15:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31901]: Connection closed by 103.18.70.10 port 34435 [preauth]
May  8 15:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31880]: Connection closed by 103.18.70.10 port 64768 [preauth]
May  8 15:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Invalid user elsearch from 103.18.70.10
May  8 15:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: input_userauth_request: invalid user elsearch [preauth]
May  8 15:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Invalid user ftpuser from 103.18.70.10
May  8 15:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: input_userauth_request: invalid user ftpuser [preauth]
May  8 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Invalid user wang from 103.18.70.10
May  8 15:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: input_userauth_request: invalid user wang [preauth]
May  8 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Failed password for invalid user elsearch from 103.18.70.10 port 33468 ssh2
May  8 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: Invalid user oracle from 103.18.70.10
May  8 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: input_userauth_request: invalid user oracle [preauth]
May  8 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31939]: Connection closed by 103.18.70.10 port 33468 [preauth]
May  8 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Failed password for invalid user wang from 103.18.70.10 port 37897 ssh2
May  8 15:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=root
May  8 15:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10  user=root
May  8 15:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32093]: Connection closed by 103.18.70.10 port 37897 [preauth]
May  8 15:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: Failed password for invalid user oracle from 103.18.70.10 port 37686 ssh2
May  8 15:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32085]: Connection closed by 103.18.70.10 port 37686 [preauth]
May  8 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Failed password for root from 103.18.70.10 port 36981 ssh2
May  8 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Failed password for root from 103.18.70.10 port 36797 ssh2
May  8 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32065]: Connection closed by 103.18.70.10 port 36981 [preauth]
May  8 15:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32236]: Connection closed by 103.18.70.10 port 36797 [preauth]
May  8 15:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Invalid user nvidia from 103.18.70.10
May  8 15:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: input_userauth_request: invalid user nvidia [preauth]
May  8 15:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Failed password for invalid user ftpuser from 103.18.70.10 port 35540 ssh2
May  8 15:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31966]: Connection closed by 103.18.70.10 port 35540 [preauth]
May  8 15:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Failed password for invalid user nvidia from 103.18.70.10 port 38280 ssh2
May  8 15:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32238]: Connection closed by 103.18.70.10 port 38280 [preauth]
May  8 15:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Invalid user www from 103.18.70.10
May  8 15:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: input_userauth_request: invalid user www [preauth]
May  8 15:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Failed password for invalid user www from 103.18.70.10 port 37968 ssh2
May  8 15:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Connection closed by 103.18.70.10 port 37968 [preauth]
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: Invalid user plex from 103.18.70.10
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: input_userauth_request: invalid user plex [preauth]
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32312]: pam_unix(cron:session): session closed for user root
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32314]: pam_unix(cron:session): session closed for user p13x
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.18.70.10
May  8 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: Successful su for rubyman by root
May  8 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: + ??? root:rubyman
May  8 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353914 of user rubyman.
May  8 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32401]: pam_unix(su:session): session closed for user rubyman
May  8 15:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353914.
May  8 15:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: Failed password for invalid user plex from 103.18.70.10 port 58650 ssh2
May  8 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31483]: Connection closed by 103.18.70.10 port 58650 [preauth]
May  8 15:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user root
May  8 15:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32315]: pam_unix(cron:session): session closed for user samftp
May  8 15:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Invalid user ccorrea from 14.103.112.35
May  8 15:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: input_userauth_request: invalid user ccorrea [preauth]
May  8 15:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Failed password for invalid user ccorrea from 14.103.112.35 port 59686 ssh2
May  8 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Received disconnect from 14.103.112.35 port 59686:11: Bye Bye [preauth]
May  8 15:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32727]: Disconnected from 14.103.112.35 port 59686 [preauth]
May  8 15:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31098]: pam_unix(cron:session): session closed for user root
May  8 15:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  8 15:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Failed password for root from 218.92.0.112 port 62526 ssh2
May  8 15:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 62526 ssh2]
May  8 15:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Received disconnect from 218.92.0.112 port 62526:11:  [preauth]
May  8 15:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Disconnected from 218.92.0.112 port 62526 [preauth]
May  8 15:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  8 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Invalid user admin from 193.70.84.184
May  8 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: input_userauth_request: invalid user admin [preauth]
May  8 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 15:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Invalid user test from 80.94.95.125
May  8 15:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: input_userauth_request: invalid user test [preauth]
May  8 15:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Failed password for invalid user admin from 193.70.84.184 port 50210 ssh2
May  8 15:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Connection closed by 193.70.84.184 port 50210 [preauth]
May  8 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user test from 80.94.95.125 port 16807 ssh2
May  8 15:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user test from 80.94.95.125 port 16807 ssh2
May  8 15:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user test from 80.94.95.125 port 16807 ssh2
May  8 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Invalid user wxg from 69.166.232.229
May  8 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: input_userauth_request: invalid user wxg [preauth]
May  8 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user test from 80.94.95.125 port 16807 ssh2
May  8 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Failed password for invalid user wxg from 69.166.232.229 port 34852 ssh2
May  8 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Received disconnect from 69.166.232.229 port 34852:11: Bye Bye [preauth]
May  8 15:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[412]: Disconnected from 69.166.232.229 port 34852 [preauth]
May  8 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user test from 80.94.95.125 port 16807 ssh2
May  8 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Received disconnect from 80.94.95.125 port 16807:11: Bye [preauth]
May  8 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Disconnected from 80.94.95.125 port 16807 [preauth]
May  8 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[445]: pam_unix(cron:session): session closed for user p13x
May  8 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[536]: Successful su for rubyman by root
May  8 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[536]: + ??? root:rubyman
May  8 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353919 of user rubyman.
May  8 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[536]: pam_unix(su:session): session closed for user rubyman
May  8 15:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353919.
May  8 15:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29782]: pam_unix(cron:session): session closed for user root
May  8 15:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[447]: pam_unix(cron:session): session closed for user samftp
May  8 15:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Failed password for root from 189.167.51.249 port 55502 ssh2
May  8 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Received disconnect from 189.167.51.249 port 55502:11: Bye Bye [preauth]
May  8 15:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[754]: Disconnected from 189.167.51.249 port 55502 [preauth]
May  8 15:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31560]: pam_unix(cron:session): session closed for user root
May  8 15:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Invalid user rramirez from 175.6.36.108
May  8 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: input_userauth_request: invalid user rramirez [preauth]
May  8 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 15:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Failed password for invalid user rramirez from 175.6.36.108 port 50606 ssh2
May  8 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Received disconnect from 175.6.36.108 port 50606:11: Bye Bye [preauth]
May  8 15:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[870]: Disconnected from 175.6.36.108 port 50606 [preauth]
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[934]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[933]: pam_unix(cron:session): session closed for user p13x
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: Successful su for rubyman by root
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: + ??? root:rubyman
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353922 of user rubyman.
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1010]: pam_unix(su:session): session closed for user rubyman
May  8 15:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353922.
May  8 15:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user root
May  8 15:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[934]: pam_unix(cron:session): session closed for user samftp
May  8 15:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32317]: pam_unix(cron:session): session closed for user root
May  8 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Invalid user ubnt from 80.94.95.125
May  8 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: input_userauth_request: invalid user ubnt [preauth]
May  8 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user ubnt from 80.94.95.125 port 8852 ssh2
May  8 15:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user ubnt from 80.94.95.125 port 8852 ssh2
May  8 15:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user ubnt from 80.94.95.125 port 8852 ssh2
May  8 15:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user ubnt from 80.94.95.125 port 8852 ssh2
May  8 15:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Failed password for invalid user ubnt from 80.94.95.125 port 8852 ssh2
May  8 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Received disconnect from 80.94.95.125 port 8852:11: Bye [preauth]
May  8 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Disconnected from 80.94.95.125 port 8852 [preauth]
May  8 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: Invalid user zabbix from 85.208.84.134
May  8 15:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: input_userauth_request: invalid user zabbix [preauth]
May  8 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: Failed password for invalid user zabbix from 85.208.84.134 port 44968 ssh2
May  8 15:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1406]: Connection closed by 85.208.84.134 port 44968 [preauth]
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1426]: pam_unix(cron:session): session closed for user root
May  8 15:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1421]: pam_unix(cron:session): session closed for user p13x
May  8 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1523]: Successful su for rubyman by root
May  8 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1523]: + ??? root:rubyman
May  8 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353925 of user rubyman.
May  8 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1523]: pam_unix(su:session): session closed for user rubyman
May  8 15:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353925.
May  8 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1423]: pam_unix(cron:session): session closed for user root
May  8 15:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30587]: pam_unix(cron:session): session closed for user root
May  8 15:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1422]: pam_unix(cron:session): session closed for user samftp
May  8 15:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[449]: pam_unix(cron:session): session closed for user root
May  8 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2023]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2023]: pam_unix(cron:session): session closed for user p13x
May  8 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: Successful su for rubyman by root
May  8 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: + ??? root:rubyman
May  8 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353931 of user rubyman.
May  8 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2091]: pam_unix(su:session): session closed for user rubyman
May  8 15:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353931.
May  8 15:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31097]: pam_unix(cron:session): session closed for user root
May  8 15:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2024]: pam_unix(cron:session): session closed for user samftp
May  8 15:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[937]: pam_unix(cron:session): session closed for user root
May  8 15:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Failed password for root from 125.18.49.130 port 40694 ssh2
May  8 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Received disconnect from 125.18.49.130 port 40694:11: Bye Bye [preauth]
May  8 15:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2390]: Disconnected from 125.18.49.130 port 40694 [preauth]
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2451]: pam_unix(cron:session): session closed for user p13x
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2519]: Successful su for rubyman by root
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2519]: + ??? root:rubyman
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353935 of user rubyman.
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2519]: pam_unix(su:session): session closed for user rubyman
May  8 15:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353935.
May  8 15:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31559]: pam_unix(cron:session): session closed for user root
May  8 15:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2452]: pam_unix(cron:session): session closed for user samftp
May  8 15:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1425]: pam_unix(cron:session): session closed for user root
May  8 15:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Invalid user operator from 85.208.84.4
May  8 15:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: input_userauth_request: invalid user operator [preauth]
May  8 15:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Failed password for invalid user operator from 85.208.84.4 port 16846 ssh2
May  8 15:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2866]: Connection closed by 85.208.84.4 port 16846 [preauth]
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2892]: pam_unix(cron:session): session closed for user p13x
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2957]: Successful su for rubyman by root
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2957]: + ??? root:rubyman
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353940 of user rubyman.
May  8 15:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2957]: pam_unix(su:session): session closed for user rubyman
May  8 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353940.
May  8 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Invalid user eddy from 176.109.92.170
May  8 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: input_userauth_request: invalid user eddy [preauth]
May  8 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32316]: pam_unix(cron:session): session closed for user root
May  8 15:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Failed password for invalid user eddy from 176.109.92.170 port 14235 ssh2
May  8 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Received disconnect from 176.109.92.170 port 14235:11: Bye Bye [preauth]
May  8 15:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2889]: Disconnected from 176.109.92.170 port 14235 [preauth]
May  8 15:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2893]: pam_unix(cron:session): session closed for user samftp
May  8 15:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2027]: pam_unix(cron:session): session closed for user root
May  8 15:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Invalid user gabriele from 69.166.232.229
May  8 15:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: input_userauth_request: invalid user gabriele [preauth]
May  8 15:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Failed password for invalid user gabriele from 69.166.232.229 port 35850 ssh2
May  8 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Received disconnect from 69.166.232.229 port 35850:11: Bye Bye [preauth]
May  8 15:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Disconnected from 69.166.232.229 port 35850 [preauth]
May  8 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session closed for user p13x
May  8 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: Successful su for rubyman by root
May  8 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: + ??? root:rubyman
May  8 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353944 of user rubyman.
May  8 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3367]: pam_unix(su:session): session closed for user rubyman
May  8 15:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353944.
May  8 15:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[448]: pam_unix(cron:session): session closed for user root
May  8 15:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3302]: pam_unix(cron:session): session closed for user samftp
May  8 15:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Invalid user ubnt from 80.94.95.125
May  8 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: input_userauth_request: invalid user ubnt [preauth]
May  8 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for invalid user ubnt from 80.94.95.125 port 7510 ssh2
May  8 15:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for invalid user ubnt from 80.94.95.125 port 7510 ssh2
May  8 15:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for invalid user ubnt from 80.94.95.125 port 7510 ssh2
May  8 15:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for invalid user ubnt from 80.94.95.125 port 7510 ssh2
May  8 15:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Failed password for invalid user ubnt from 80.94.95.125 port 7510 ssh2
May  8 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Received disconnect from 80.94.95.125 port 7510:11: Bye [preauth]
May  8 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: Disconnected from 80.94.95.125 port 7510 [preauth]
May  8 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3606]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2454]: pam_unix(cron:session): session closed for user root
May  8 15:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 15:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Failed password for root from 64.227.158.157 port 46234 ssh2
May  8 15:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Received disconnect from 64.227.158.157 port 46234:11: Bye Bye [preauth]
May  8 15:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3714]: Disconnected from 64.227.158.157 port 46234 [preauth]
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3762]: pam_unix(cron:session): session closed for user root
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3753]: pam_unix(cron:session): session closed for user p13x
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3827]: Successful su for rubyman by root
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3827]: + ??? root:rubyman
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3827]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353947 of user rubyman.
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3827]: pam_unix(su:session): session closed for user rubyman
May  8 15:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353947.
May  8 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3759]: pam_unix(cron:session): session closed for user root
May  8 15:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[935]: pam_unix(cron:session): session closed for user root
May  8 15:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3758]: pam_unix(cron:session): session closed for user samftp
May  8 15:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 15:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4134]: Failed password for root from 218.92.0.218 port 22324 ssh2
May  8 15:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2895]: pam_unix(cron:session): session closed for user root
May  8 15:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Invalid user ubnt from 80.94.95.125
May  8 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: input_userauth_request: invalid user ubnt [preauth]
May  8 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for invalid user ubnt from 80.94.95.125 port 7053 ssh2
May  8 15:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for invalid user ubnt from 80.94.95.125 port 7053 ssh2
May  8 15:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for invalid user ubnt from 80.94.95.125 port 7053 ssh2
May  8 15:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4263]: pam_unix(cron:session): session closed for user p13x
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for invalid user ubnt from 80.94.95.125 port 7053 ssh2
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: Successful su for rubyman by root
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: + ??? root:rubyman
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353953 of user rubyman.
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4454]: pam_unix(su:session): session closed for user rubyman
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353953.
May  8 15:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Failed password for invalid user ubnt from 80.94.95.125 port 7053 ssh2
May  8 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Received disconnect from 80.94.95.125 port 7053:11: Bye [preauth]
May  8 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: Disconnected from 80.94.95.125 port 7053 [preauth]
May  8 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4212]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1424]: pam_unix(cron:session): session closed for user root
May  8 15:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4264]: pam_unix(cron:session): session closed for user samftp
May  8 15:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: Invalid user tnd from 45.163.1.222
May  8 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: input_userauth_request: invalid user tnd [preauth]
May  8 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: Failed password for invalid user tnd from 45.163.1.222 port 37522 ssh2
May  8 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: Received disconnect from 45.163.1.222 port 37522:11: Bye Bye [preauth]
May  8 15:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4681]: Disconnected from 45.163.1.222 port 37522 [preauth]
May  8 15:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3304]: pam_unix(cron:session): session closed for user root
May  8 15:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Invalid user utente from 125.18.49.130
May  8 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: input_userauth_request: invalid user utente [preauth]
May  8 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Failed password for invalid user utente from 125.18.49.130 port 40700 ssh2
May  8 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Received disconnect from 125.18.49.130 port 40700:11: Bye Bye [preauth]
May  8 15:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4800]: Disconnected from 125.18.49.130 port 40700 [preauth]
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4818]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4819]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4818]: pam_unix(cron:session): session closed for user p13x
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4887]: Successful su for rubyman by root
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4887]: + ??? root:rubyman
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353958 of user rubyman.
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4887]: pam_unix(su:session): session closed for user rubyman
May  8 15:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353958.
May  8 15:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2025]: pam_unix(cron:session): session closed for user root
May  8 15:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4819]: pam_unix(cron:session): session closed for user samftp
May  8 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session closed for user root
May  8 15:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Invalid user ubuntu from 80.94.95.125
May  8 15:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: input_userauth_request: invalid user ubuntu [preauth]
May  8 15:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for invalid user ubuntu from 80.94.95.125 port 28709 ssh2
May  8 15:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for invalid user ubuntu from 80.94.95.125 port 28709 ssh2
May  8 15:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for invalid user ubuntu from 80.94.95.125 port 28709 ssh2
May  8 15:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for invalid user ubuntu from 80.94.95.125 port 28709 ssh2
May  8 15:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Failed password for invalid user ubuntu from 80.94.95.125 port 28709 ssh2
May  8 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Received disconnect from 80.94.95.125 port 28709:11: Bye [preauth]
May  8 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: Disconnected from 80.94.95.125 port 28709 [preauth]
May  8 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5362]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Invalid user user1 from 116.193.190.174
May  8 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: input_userauth_request: invalid user user1 [preauth]
May  8 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 15:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Failed password for invalid user user1 from 116.193.190.174 port 44998 ssh2
May  8 15:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Received disconnect from 116.193.190.174 port 44998:11: Bye Bye [preauth]
May  8 15:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5407]: Disconnected from 116.193.190.174 port 44998 [preauth]
May  8 15:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Invalid user admin from 80.94.95.112
May  8 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: input_userauth_request: invalid user admin [preauth]
May  8 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user admin from 80.94.95.112 port 39389 ssh2
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5430]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5428]: pam_unix(cron:session): session closed for user p13x
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5503]: Successful su for rubyman by root
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5503]: + ??? root:rubyman
May  8 15:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5503]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353961 of user rubyman.
May  8 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5503]: pam_unix(su:session): session closed for user rubyman
May  8 15:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353961.
May  8 15:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user admin from 80.94.95.112 port 39389 ssh2
May  8 15:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2453]: pam_unix(cron:session): session closed for user root
May  8 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user admin from 80.94.95.112 port 39389 ssh2
May  8 15:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5430]: pam_unix(cron:session): session closed for user samftp
May  8 15:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user admin from 80.94.95.112 port 39389 ssh2
May  8 15:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Failed password for invalid user admin from 80.94.95.112 port 39389 ssh2
May  8 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Received disconnect from 80.94.95.112 port 39389:11: Bye [preauth]
May  8 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: Disconnected from 80.94.95.112 port 39389 [preauth]
May  8 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 15:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5425]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session closed for user root
May  8 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Failed password for root from 189.167.51.249 port 50366 ssh2
May  8 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Received disconnect from 189.167.51.249 port 50366:11: Bye Bye [preauth]
May  8 15:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: Disconnected from 189.167.51.249 port 50366 [preauth]
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6003]: pam_unix(cron:session): session closed for user p13x
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: Successful su for rubyman by root
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: + ??? root:rubyman
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353965 of user rubyman.
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6071]: pam_unix(su:session): session closed for user rubyman
May  8 15:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353965.
May  8 15:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2894]: pam_unix(cron:session): session closed for user root
May  8 15:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6004]: pam_unix(cron:session): session closed for user samftp
May  8 15:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Invalid user taiko from 115.72.8.68
May  8 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: input_userauth_request: invalid user taiko [preauth]
May  8 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 15:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Failed password for invalid user taiko from 115.72.8.68 port 37343 ssh2
May  8 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Received disconnect from 115.72.8.68 port 37343:11: Bye Bye [preauth]
May  8 15:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6310]: Disconnected from 115.72.8.68 port 37343 [preauth]
May  8 15:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Invalid user user from 80.94.95.125
May  8 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: input_userauth_request: invalid user user [preauth]
May  8 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for invalid user user from 80.94.95.125 port 50139 ssh2
May  8 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Invalid user dee from 175.6.36.108
May  8 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: input_userauth_request: invalid user dee [preauth]
May  8 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 15:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Failed password for invalid user dee from 175.6.36.108 port 37464 ssh2
May  8 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for invalid user user from 80.94.95.125 port 50139 ssh2
May  8 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Received disconnect from 175.6.36.108 port 37464:11: Bye Bye [preauth]
May  8 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6346]: Disconnected from 175.6.36.108 port 37464 [preauth]
May  8 15:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for invalid user user from 80.94.95.125 port 50139 ssh2
May  8 15:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for invalid user user from 80.94.95.125 port 50139 ssh2
May  8 15:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4822]: pam_unix(cron:session): session closed for user root
May  8 15:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Failed password for invalid user user from 80.94.95.125 port 50139 ssh2
May  8 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Received disconnect from 80.94.95.125 port 50139:11: Bye [preauth]
May  8 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: Disconnected from 80.94.95.125 port 50139 [preauth]
May  8 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6344]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Invalid user sanjay from 69.166.232.229
May  8 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: input_userauth_request: invalid user sanjay [preauth]
May  8 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Failed password for invalid user sanjay from 69.166.232.229 port 35388 ssh2
May  8 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Received disconnect from 69.166.232.229 port 35388:11: Bye Bye [preauth]
May  8 15:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6434]: Disconnected from 69.166.232.229 port 35388 [preauth]
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6494]: pam_unix(cron:session): session closed for user root
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6489]: pam_unix(cron:session): session closed for user p13x
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: Successful su for rubyman by root
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: + ??? root:rubyman
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353972 of user rubyman.
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6554]: pam_unix(su:session): session closed for user rubyman
May  8 15:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353972.
May  8 15:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6491]: pam_unix(cron:session): session closed for user root
May  8 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3303]: pam_unix(cron:session): session closed for user root
May  8 15:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 15:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6490]: pam_unix(cron:session): session closed for user samftp
May  8 15:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Failed password for root from 64.227.158.157 port 37984 ssh2
May  8 15:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Received disconnect from 64.227.158.157 port 37984:11: Bye Bye [preauth]
May  8 15:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6747]: Disconnected from 64.227.158.157 port 37984 [preauth]
May  8 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5433]: pam_unix(cron:session): session closed for user root
May  8 15:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 15:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Failed password for root from 176.109.92.170 port 61570 ssh2
May  8 15:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Received disconnect from 176.109.92.170 port 61570:11: Bye Bye [preauth]
May  8 15:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Disconnected from 176.109.92.170 port 61570 [preauth]
May  8 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7018]: pam_unix(cron:session): session closed for user p13x
May  8 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7103]: Successful su for rubyman by root
May  8 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7103]: + ??? root:rubyman
May  8 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353976 of user rubyman.
May  8 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7103]: pam_unix(su:session): session closed for user rubyman
May  8 15:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353976.
May  8 15:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3760]: pam_unix(cron:session): session closed for user root
May  8 15:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7019]: pam_unix(cron:session): session closed for user samftp
May  8 15:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Invalid user username from 80.94.95.125
May  8 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: input_userauth_request: invalid user username [preauth]
May  8 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user username from 80.94.95.125 port 40555 ssh2
May  8 15:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user username from 80.94.95.125 port 40555 ssh2
May  8 15:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user username from 80.94.95.125 port 40555 ssh2
May  8 15:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user username from 80.94.95.125 port 40555 ssh2
May  8 15:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Failed password for invalid user username from 80.94.95.125 port 40555 ssh2
May  8 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Received disconnect from 80.94.95.125 port 40555:11: Bye [preauth]
May  8 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: Disconnected from 80.94.95.125 port 40555 [preauth]
May  8 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7299]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6010]: pam_unix(cron:session): session closed for user root
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7445]: pam_unix(cron:session): session closed for user p13x
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: Successful su for rubyman by root
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: + ??? root:rubyman
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353981 of user rubyman.
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7605]: pam_unix(su:session): session closed for user rubyman
May  8 15:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353981.
May  8 15:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session closed for user root
May  8 15:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7446]: pam_unix(cron:session): session closed for user samftp
May  8 15:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 15:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Failed password for root from 125.18.49.130 port 40728 ssh2
May  8 15:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Received disconnect from 125.18.49.130 port 40728:11: Bye Bye [preauth]
May  8 15:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7849]: Disconnected from 125.18.49.130 port 40728 [preauth]
May  8 15:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 15:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: Failed password for root from 190.103.202.7 port 46002 ssh2
May  8 15:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: Connection closed by 190.103.202.7 port 46002 [preauth]
May  8 15:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6493]: pam_unix(cron:session): session closed for user root
May  8 15:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 15:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Failed password for root from 45.163.1.222 port 56488 ssh2
May  8 15:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Received disconnect from 45.163.1.222 port 56488:11: Bye Bye [preauth]
May  8 15:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Disconnected from 45.163.1.222 port 56488 [preauth]
May  8 15:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Invalid user usuario from 80.94.95.125
May  8 15:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: input_userauth_request: invalid user usuario [preauth]
May  8 15:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:32:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user usuario from 80.94.95.125 port 29871 ssh2
May  8 15:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user usuario from 80.94.95.125 port 29871 ssh2
May  8 15:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user usuario from 80.94.95.125 port 29871 ssh2
May  8 15:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user usuario from 80.94.95.125 port 29871 ssh2
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7983]: pam_unix(cron:session): session closed for user p13x
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8041]: Successful su for rubyman by root
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8041]: + ??? root:rubyman
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353983 of user rubyman.
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8041]: pam_unix(su:session): session closed for user rubyman
May  8 15:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353983.
May  8 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Failed password for invalid user usuario from 80.94.95.125 port 29871 ssh2
May  8 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Received disconnect from 80.94.95.125 port 29871:11: Bye [preauth]
May  8 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: Disconnected from 80.94.95.125 port 29871 [preauth]
May  8 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7969]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4820]: pam_unix(cron:session): session closed for user root
May  8 15:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 15:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7984]: pam_unix(cron:session): session closed for user samftp
May  8 15:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Failed password for root from 218.92.0.236 port 33518 ssh2
May  8 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 33518 ssh2]
May  8 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Received disconnect from 218.92.0.236 port 33518:11:  [preauth]
May  8 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: Disconnected from 218.92.0.236 port 33518 [preauth]
May  8 15:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8172]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 15:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: Invalid user admin from 85.208.84.4
May  8 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: input_userauth_request: invalid user admin [preauth]
May  8 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 15:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: Failed password for invalid user admin from 85.208.84.4 port 31998 ssh2
May  8 15:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8284]: Connection closed by 85.208.84.4 port 31998 [preauth]
May  8 15:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7021]: pam_unix(cron:session): session closed for user root
May  8 15:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Invalid user mine from 189.167.51.249
May  8 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: input_userauth_request: invalid user mine [preauth]
May  8 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Failed password for invalid user mine from 189.167.51.249 port 42412 ssh2
May  8 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Received disconnect from 189.167.51.249 port 42412:11: Bye Bye [preauth]
May  8 15:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Disconnected from 189.167.51.249 port 42412 [preauth]
May  8 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8422]: pam_unix(cron:session): session closed for user p13x
May  8 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: Successful su for rubyman by root
May  8 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: + ??? root:rubyman
May  8 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353988 of user rubyman.
May  8 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8490]: pam_unix(su:session): session closed for user rubyman
May  8 15:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353988.
May  8 15:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5431]: pam_unix(cron:session): session closed for user root
May  8 15:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8425]: pam_unix(cron:session): session closed for user samftp
May  8 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7448]: pam_unix(cron:session): session closed for user root
May  8 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Invalid user vpn from 80.94.95.125
May  8 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: input_userauth_request: invalid user vpn [preauth]
May  8 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for invalid user vpn from 80.94.95.125 port 32501 ssh2
May  8 15:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for invalid user vpn from 80.94.95.125 port 32501 ssh2
May  8 15:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for invalid user vpn from 80.94.95.125 port 32501 ssh2
May  8 15:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for invalid user vpn from 80.94.95.125 port 32501 ssh2
May  8 15:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Failed password for invalid user vpn from 80.94.95.125 port 32501 ssh2
May  8 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Received disconnect from 80.94.95.125 port 32501:11: Bye [preauth]
May  8 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: Disconnected from 80.94.95.125 port 32501 [preauth]
May  8 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  8 15:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8769]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Invalid user rootadmin from 176.109.92.170
May  8 15:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: input_userauth_request: invalid user rootadmin [preauth]
May  8 15:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 15:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Failed password for invalid user rootadmin from 176.109.92.170 port 44865 ssh2
May  8 15:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Received disconnect from 176.109.92.170 port 44865:11: Bye Bye [preauth]
May  8 15:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Disconnected from 176.109.92.170 port 44865 [preauth]
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8859]: pam_unix(cron:session): session closed for user root
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8854]: pam_unix(cron:session): session closed for user p13x
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8927]: Successful su for rubyman by root
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8927]: + ??? root:rubyman
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353993 of user rubyman.
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8927]: pam_unix(su:session): session closed for user rubyman
May  8 15:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353993.
May  8 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8856]: pam_unix(cron:session): session closed for user root
May  8 15:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6005]: pam_unix(cron:session): session closed for user root
May  8 15:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8855]: pam_unix(cron:session): session closed for user samftp
May  8 15:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 15:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Failed password for root from 115.72.8.68 port 55930 ssh2
May  8 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Received disconnect from 115.72.8.68 port 55930:11: Bye Bye [preauth]
May  8 15:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9228]: Disconnected from 115.72.8.68 port 55930 [preauth]
May  8 15:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: Failed password for root from 64.227.158.157 port 39754 ssh2
May  8 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: Received disconnect from 64.227.158.157 port 39754:11: Bye Bye [preauth]
May  8 15:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9323]: Disconnected from 64.227.158.157 port 39754 [preauth]
May  8 15:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7986]: pam_unix(cron:session): session closed for user root
May  8 15:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Invalid user raccmcserver from 69.166.232.229
May  8 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: input_userauth_request: invalid user raccmcserver [preauth]
May  8 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Failed password for invalid user raccmcserver from 69.166.232.229 port 41576 ssh2
May  8 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Received disconnect from 69.166.232.229 port 41576:11: Bye Bye [preauth]
May  8 15:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Disconnected from 69.166.232.229 port 41576 [preauth]
May  8 15:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Invalid user  from 80.94.95.125
May  8 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: input_userauth_request: invalid user  [preauth]
May  8 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Failed none for invalid user  from 80.94.95.125 port 35780 ssh2
May  8 15:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Failed password for invalid user  from 80.94.95.125 port 35780 ssh2
May  8 15:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: message repeated 3 times: [ Failed password for invalid user  from 80.94.95.125 port 35780 ssh2]
May  8 15:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Received disconnect from 80.94.95.125 port 35780:11: Bye [preauth]
May  8 15:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Disconnected from 80.94.95.125 port 35780 [preauth]
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9420]: pam_unix(cron:session): session closed for user p13x
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9489]: Successful su for rubyman by root
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9489]: + ??? root:rubyman
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9489]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 353998 of user rubyman.
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9489]: pam_unix(su:session): session closed for user rubyman
May  8 15:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 353998.
May  8 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6492]: pam_unix(cron:session): session closed for user root
May  8 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Invalid user david from 164.68.105.9
May  8 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: input_userauth_request: invalid user david [preauth]
May  8 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 15:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9421]: pam_unix(cron:session): session closed for user samftp
May  8 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Failed password for invalid user david from 164.68.105.9 port 50520 ssh2
May  8 15:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9633]: Connection closed by 164.68.105.9 port 50520 [preauth]
May  8 15:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8428]: pam_unix(cron:session): session closed for user root
May  8 15:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174  user=root
May  8 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Failed password for root from 116.193.190.174 port 46930 ssh2
May  8 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Received disconnect from 116.193.190.174 port 46930:11: Bye Bye [preauth]
May  8 15:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9808]: Disconnected from 116.193.190.174 port 46930 [preauth]
May  8 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session closed for user p13x
May  8 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: Successful su for rubyman by root
May  8 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: + ??? root:rubyman
May  8 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354001 of user rubyman.
May  8 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9898]: pam_unix(su:session): session closed for user rubyman
May  8 15:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354001.
May  8 15:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7020]: pam_unix(cron:session): session closed for user root
May  8 15:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session closed for user samftp
May  8 15:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Invalid user kodi from 14.103.112.35
May  8 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: input_userauth_request: invalid user kodi [preauth]
May  8 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Failed password for invalid user kodi from 14.103.112.35 port 45506 ssh2
May  8 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Received disconnect from 14.103.112.35 port 45506:11: Bye Bye [preauth]
May  8 15:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10088]: Disconnected from 14.103.112.35 port 45506 [preauth]
May  8 15:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8858]: pam_unix(cron:session): session closed for user root
May  8 15:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Invalid user admin123 from 125.18.49.130
May  8 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: input_userauth_request: invalid user admin123 [preauth]
May  8 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Failed password for invalid user admin123 from 125.18.49.130 port 40756 ssh2
May  8 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Received disconnect from 125.18.49.130 port 40756:11: Bye Bye [preauth]
May  8 15:37:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10226]: Disconnected from 125.18.49.130 port 40756 [preauth]
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10326]: pam_unix(cron:session): session closed for user p13x
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: Successful su for rubyman by root
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: + ??? root:rubyman
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354005 of user rubyman.
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10393]: pam_unix(su:session): session closed for user rubyman
May  8 15:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354005.
May  8 15:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7447]: pam_unix(cron:session): session closed for user root
May  8 15:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10328]: pam_unix(cron:session): session closed for user samftp
May  8 15:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9423]: pam_unix(cron:session): session closed for user root
May  8 15:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10813]: pam_unix(cron:session): session closed for user p13x
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: Successful su for rubyman by root
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: + ??? root:rubyman
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354009 of user rubyman.
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10930]: pam_unix(su:session): session closed for user rubyman
May  8 15:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354009.
May  8 15:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10811]: pam_unix(cron:session): session closed for user root
May  8 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Invalid user uno85c from 189.167.51.249
May  8 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: input_userauth_request: invalid user uno85c [preauth]
May  8 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7985]: pam_unix(cron:session): session closed for user root
May  8 15:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Failed password for invalid user uno85c from 189.167.51.249 port 56414 ssh2
May  8 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Received disconnect from 189.167.51.249 port 56414:11: Bye Bye [preauth]
May  8 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11031]: Disconnected from 189.167.51.249 port 56414 [preauth]
May  8 15:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10814]: pam_unix(cron:session): session closed for user samftp
May  8 15:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Failed password for root from 45.163.1.222 port 35434 ssh2
May  8 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Received disconnect from 45.163.1.222 port 35434:11: Bye Bye [preauth]
May  8 15:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11116]: Disconnected from 45.163.1.222 port 35434 [preauth]
May  8 15:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Invalid user sneha from 176.109.92.170
May  8 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: input_userauth_request: invalid user sneha [preauth]
May  8 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: Invalid user S from 195.178.110.50
May  8 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: input_userauth_request: invalid user S [preauth]
May  8 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 15:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Failed password for invalid user sneha from 176.109.92.170 port 59217 ssh2
May  8 15:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Received disconnect from 176.109.92.170 port 59217:11: Bye Bye [preauth]
May  8 15:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11160]: Disconnected from 176.109.92.170 port 59217 [preauth]
May  8 15:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: Failed password for invalid user S from 195.178.110.50 port 21008 ssh2
May  8 15:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10801]: Connection closed by 195.178.110.50 port 21008 [preauth]
May  8 15:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Invalid user \\ from 195.178.110.50
May  8 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: input_userauth_request: invalid user \\\\ [preauth]
May  8 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 15:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Failed password for invalid user \\ from 195.178.110.50 port 39400 ssh2
May  8 15:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user root
May  8 15:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11183]: Connection closed by 195.178.110.50 port 39400 [preauth]
May  8 15:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Invalid user e from 195.178.110.50
May  8 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: input_userauth_request: invalid user e [preauth]
May  8 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 15:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Failed password for invalid user e from 195.178.110.50 port 40292 ssh2
May  8 15:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Connection closed by 195.178.110.50 port 40292 [preauth]
May  8 15:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11341]: pam_unix(cron:session): session closed for user root
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11336]: pam_unix(cron:session): session closed for user p13x
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: Successful su for rubyman by root
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: + ??? root:rubyman
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354017 of user rubyman.
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11402]: pam_unix(su:session): session closed for user rubyman
May  8 15:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354017.
May  8 15:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11338]: pam_unix(cron:session): session closed for user root
May  8 15:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8427]: pam_unix(cron:session): session closed for user root
May  8 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11337]: pam_unix(cron:session): session closed for user samftp
May  8 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: Invalid user n from 195.178.110.50
May  8 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: input_userauth_request: invalid user n [preauth]
May  8 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 15:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: Failed password for invalid user n from 195.178.110.50 port 29812 ssh2
May  8 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11307]: Connection closed by 195.178.110.50 port 29812 [preauth]
May  8 15:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: Invalid user bee from 175.6.36.108
May  8 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: input_userauth_request: invalid user bee [preauth]
May  8 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: Failed password for invalid user bee from 175.6.36.108 port 58450 ssh2
May  8 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: Received disconnect from 175.6.36.108 port 58450:11: Bye Bye [preauth]
May  8 15:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11643]: Disconnected from 175.6.36.108 port 58450 [preauth]
May  8 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Invalid user w from 195.178.110.50
May  8 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: input_userauth_request: invalid user w [preauth]
May  8 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 15:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Failed password for invalid user w from 195.178.110.50 port 2256 ssh2
May  8 15:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Invalid user damian from 14.103.112.35
May  8 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: input_userauth_request: invalid user damian [preauth]
May  8 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11629]: Connection closed by 195.178.110.50 port 2256 [preauth]
May  8 15:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Failed password for invalid user damian from 14.103.112.35 port 43550 ssh2
May  8 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Received disconnect from 14.103.112.35 port 43550:11: Bye Bye [preauth]
May  8 15:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11682]: Disconnected from 14.103.112.35 port 43550 [preauth]
May  8 15:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10330]: pam_unix(cron:session): session closed for user root
May  8 15:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Invalid user hadoop from 115.72.8.68
May  8 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: input_userauth_request: invalid user hadoop [preauth]
May  8 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Failed password for invalid user hadoop from 115.72.8.68 port 45786 ssh2
May  8 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Received disconnect from 115.72.8.68 port 45786:11: Bye Bye [preauth]
May  8 15:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11753]: Disconnected from 115.72.8.68 port 45786 [preauth]
May  8 15:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Invalid user steve from 64.227.158.157
May  8 15:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: input_userauth_request: invalid user steve [preauth]
May  8 15:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Failed password for invalid user steve from 64.227.158.157 port 39168 ssh2
May  8 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Received disconnect from 64.227.158.157 port 39168:11: Bye Bye [preauth]
May  8 15:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11764]: Disconnected from 64.227.158.157 port 39168 [preauth]
May  8 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11776]: pam_unix(cron:session): session closed for user p13x
May  8 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: Successful su for rubyman by root
May  8 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: + ??? root:rubyman
May  8 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354022 of user rubyman.
May  8 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11852]: pam_unix(su:session): session closed for user rubyman
May  8 15:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354022.
May  8 15:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8857]: pam_unix(cron:session): session closed for user root
May  8 15:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11777]: pam_unix(cron:session): session closed for user samftp
May  8 15:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10816]: pam_unix(cron:session): session closed for user root
May  8 15:41:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Invalid user barman from 69.166.232.229
May  8 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: input_userauth_request: invalid user barman [preauth]
May  8 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Failed password for invalid user barman from 69.166.232.229 port 58110 ssh2
May  8 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Received disconnect from 69.166.232.229 port 58110:11: Bye Bye [preauth]
May  8 15:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12122]: Disconnected from 69.166.232.229 port 58110 [preauth]
May  8 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session closed for user p13x
May  8 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12263]: Successful su for rubyman by root
May  8 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12263]: + ??? root:rubyman
May  8 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12263]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354024 of user rubyman.
May  8 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12263]: pam_unix(su:session): session closed for user rubyman
May  8 15:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354024.
May  8 15:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9422]: pam_unix(cron:session): session closed for user root
May  8 15:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session closed for user samftp
May  8 15:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Invalid user crew from 14.103.112.35
May  8 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: input_userauth_request: invalid user crew [preauth]
May  8 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Failed password for invalid user crew from 14.103.112.35 port 33116 ssh2
May  8 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Received disconnect from 14.103.112.35 port 33116:11: Bye Bye [preauth]
May  8 15:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12461]: Disconnected from 14.103.112.35 port 33116 [preauth]
May  8 15:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11340]: pam_unix(cron:session): session closed for user root
May  8 15:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  8 15:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Failed password for root from 218.92.0.103 port 57342 ssh2
May  8 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: message repeated 2 times: [ Failed password for root from 218.92.0.103 port 57342 ssh2]
May  8 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Received disconnect from 218.92.0.103 port 57342:11:  [preauth]
May  8 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: Disconnected from 218.92.0.103 port 57342 [preauth]
May  8 15:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12578]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.103  user=root
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session closed for user p13x
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: Successful su for rubyman by root
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: + ??? root:rubyman
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354029 of user rubyman.
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: pam_unix(su:session): session closed for user rubyman
May  8 15:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354029.
May  8 15:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session closed for user root
May  8 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user samftp
May  8 15:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Invalid user test3 from 125.18.49.130
May  8 15:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: input_userauth_request: invalid user test3 [preauth]
May  8 15:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Failed password for invalid user test3 from 125.18.49.130 port 40766 ssh2
May  8 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Received disconnect from 125.18.49.130 port 40766:11: Bye Bye [preauth]
May  8 15:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12867]: Disconnected from 125.18.49.130 port 40766 [preauth]
May  8 15:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Invalid user erpadmin from 176.109.92.170
May  8 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: input_userauth_request: invalid user erpadmin [preauth]
May  8 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Failed password for invalid user erpadmin from 176.109.92.170 port 53062 ssh2
May  8 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Received disconnect from 176.109.92.170 port 53062:11: Bye Bye [preauth]
May  8 15:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12898]: Disconnected from 176.109.92.170 port 53062 [preauth]
May  8 15:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11779]: pam_unix(cron:session): session closed for user root
May  8 15:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35  user=root
May  8 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Invalid user eddy from 116.193.190.174
May  8 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: input_userauth_request: invalid user eddy [preauth]
May  8 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Failed password for root from 14.103.112.35 port 38216 ssh2
May  8 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Received disconnect from 14.103.112.35 port 38216:11: Bye Bye [preauth]
May  8 15:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13001]: Disconnected from 14.103.112.35 port 38216 [preauth]
May  8 15:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: Invalid user prueba from 80.94.95.116
May  8 15:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: input_userauth_request: invalid user prueba [preauth]
May  8 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Failed password for invalid user eddy from 116.193.190.174 port 50298 ssh2
May  8 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Received disconnect from 116.193.190.174 port 50298:11: Bye Bye [preauth]
May  8 15:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13003]: Disconnected from 116.193.190.174 port 50298 [preauth]
May  8 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: Failed password for invalid user prueba from 80.94.95.116 port 17834 ssh2
May  8 15:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13006]: Connection closed by 80.94.95.116 port 17834 [preauth]
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13025]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13026]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13025]: pam_unix(cron:session): session closed for user p13x
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13092]: Successful su for rubyman by root
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13092]: + ??? root:rubyman
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354032 of user rubyman.
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13092]: pam_unix(su:session): session closed for user rubyman
May  8 15:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354032.
May  8 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10329]: pam_unix(cron:session): session closed for user root
May  8 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Failed password for root from 189.167.51.249 port 56986 ssh2
May  8 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Received disconnect from 189.167.51.249 port 56986:11: Bye Bye [preauth]
May  8 15:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13113]: Disconnected from 189.167.51.249 port 56986 [preauth]
May  8 15:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13026]: pam_unix(cron:session): session closed for user samftp
May  8 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: Failed password for root from 193.70.84.184 port 44608 ssh2
May  8 15:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13339]: Connection closed by 193.70.84.184 port 44608 [preauth]
May  8 15:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12203]: pam_unix(cron:session): session closed for user root
May  8 15:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Failed password for root from 50.235.31.47 port 46522 ssh2
May  8 15:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13411]: Connection closed by 50.235.31.47 port 46522 [preauth]
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user root
May  8 15:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13443]: pam_unix(cron:session): session closed for user p13x
May  8 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: Successful su for rubyman by root
May  8 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: + ??? root:rubyman
May  8 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354039 of user rubyman.
May  8 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13615]: pam_unix(su:session): session closed for user rubyman
May  8 15:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354039.
May  8 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10815]: pam_unix(cron:session): session closed for user root
May  8 15:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13526]: pam_unix(cron:session): session closed for user root
May  8 15:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13524]: pam_unix(cron:session): session closed for user samftp
May  8 15:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 15:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user root
May  8 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Failed password for root from 45.163.1.222 port 37274 ssh2
May  8 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35  user=root
May  8 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Received disconnect from 45.163.1.222 port 37274:11: Bye Bye [preauth]
May  8 15:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13895]: Disconnected from 45.163.1.222 port 37274 [preauth]
May  8 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Failed password for root from 14.103.112.35 port 35100 ssh2
May  8 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Received disconnect from 14.103.112.35 port 35100:11: Bye Bye [preauth]
May  8 15:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13897]: Disconnected from 14.103.112.35 port 35100 [preauth]
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13976]: pam_unix(cron:session): session closed for user p13x
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14052]: Successful su for rubyman by root
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14052]: + ??? root:rubyman
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354042 of user rubyman.
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14052]: pam_unix(su:session): session closed for user rubyman
May  8 15:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354042.
May  8 15:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11339]: pam_unix(cron:session): session closed for user root
May  8 15:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user samftp
May  8 15:46:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Invalid user tnd from 64.227.158.157
May  8 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: input_userauth_request: invalid user tnd [preauth]
May  8 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 15:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Failed password for invalid user tnd from 64.227.158.157 port 35588 ssh2
May  8 15:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Received disconnect from 64.227.158.157 port 35588:11: Bye Bye [preauth]
May  8 15:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Disconnected from 64.227.158.157 port 35588 [preauth]
May  8 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13028]: pam_unix(cron:session): session closed for user root
May  8 15:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14343]: Failed password for root from 115.72.8.68 port 35638 ssh2
May  8 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14343]: Received disconnect from 115.72.8.68 port 35638:11: Bye Bye [preauth]
May  8 15:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14343]: Disconnected from 115.72.8.68 port 35638 [preauth]
May  8 15:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 15:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 80.94.95.241 port 61992 ssh2
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Invalid user patrol from 185.247.118.77
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: input_userauth_request: invalid user patrol [preauth]
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14416]: pam_unix(cron:session): session closed for user p13x
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14476]: Successful su for rubyman by root
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14476]: + ??? root:rubyman
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354046 of user rubyman.
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14476]: pam_unix(su:session): session closed for user rubyman
May  8 15:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354046.
May  8 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Failed password for invalid user patrol from 185.247.118.77 port 33694 ssh2
May  8 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 80.94.95.241 port 61992 ssh2
May  8 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Received disconnect from 185.247.118.77 port 33694:11: Bye Bye [preauth]
May  8 15:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14404]: Disconnected from 185.247.118.77 port 33694 [preauth]
May  8 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11778]: pam_unix(cron:session): session closed for user root
May  8 15:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 80.94.95.241 port 61992 ssh2
May  8 15:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14417]: pam_unix(cron:session): session closed for user samftp
May  8 15:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 80.94.95.241 port 61992 ssh2
May  8 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Failed password for root from 80.94.95.241 port 61992 ssh2
May  8 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Received disconnect from 80.94.95.241 port 61992:11: Bye [preauth]
May  8 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: Disconnected from 80.94.95.241 port 61992 [preauth]
May  8 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 15:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14402]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: Invalid user hadoop from 14.103.112.35
May  8 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: input_userauth_request: invalid user hadoop [preauth]
May  8 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: Failed password for invalid user hadoop from 14.103.112.35 port 44128 ssh2
May  8 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: Received disconnect from 14.103.112.35 port 44128:11: Bye Bye [preauth]
May  8 15:47:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14687]: Disconnected from 14.103.112.35 port 44128 [preauth]
May  8 15:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Invalid user joko from 176.109.92.170
May  8 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: input_userauth_request: invalid user joko [preauth]
May  8 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Failed password for invalid user joko from 176.109.92.170 port 29042 ssh2
May  8 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Received disconnect from 176.109.92.170 port 29042:11: Bye Bye [preauth]
May  8 15:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Disconnected from 176.109.92.170 port 29042 [preauth]
May  8 15:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user root
May  8 15:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Invalid user pooja from 69.166.232.229
May  8 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: input_userauth_request: invalid user pooja [preauth]
May  8 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Failed password for invalid user pooja from 69.166.232.229 port 47034 ssh2
May  8 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Received disconnect from 69.166.232.229 port 47034:11: Bye Bye [preauth]
May  8 15:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14792]: Disconnected from 69.166.232.229 port 47034 [preauth]
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14868]: pam_unix(cron:session): session closed for user p13x
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: Successful su for rubyman by root
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: + ??? root:rubyman
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354050 of user rubyman.
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14944]: pam_unix(su:session): session closed for user rubyman
May  8 15:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354050.
May  8 15:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12202]: pam_unix(cron:session): session closed for user root
May  8 15:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14869]: pam_unix(cron:session): session closed for user samftp
May  8 15:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: Invalid user vmail from 125.18.49.130
May  8 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: input_userauth_request: invalid user vmail [preauth]
May  8 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130
May  8 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: Failed password for invalid user vmail from 125.18.49.130 port 40772 ssh2
May  8 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: Received disconnect from 125.18.49.130 port 40772:11: Bye Bye [preauth]
May  8 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15137]: Disconnected from 125.18.49.130 port 40772 [preauth]
May  8 15:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Failed password for root from 165.154.14.28 port 35030 ssh2
May  8 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Received disconnect from 165.154.14.28 port 35030:11: Bye Bye [preauth]
May  8 15:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15160]: Disconnected from 165.154.14.28 port 35030 [preauth]
May  8 15:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session closed for user root
May  8 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: Invalid user damian from 189.167.51.249
May  8 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: input_userauth_request: invalid user damian [preauth]
May  8 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: Failed password for invalid user damian from 189.167.51.249 port 54844 ssh2
May  8 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: Received disconnect from 189.167.51.249 port 54844:11: Bye Bye [preauth]
May  8 15:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15276]: Disconnected from 189.167.51.249 port 54844 [preauth]
May  8 15:48:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Invalid user ton from 14.103.112.35
May  8 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: input_userauth_request: invalid user ton [preauth]
May  8 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:48:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Failed password for invalid user ton from 14.103.112.35 port 50284 ssh2
May  8 15:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Received disconnect from 14.103.112.35 port 50284:11: Bye Bye [preauth]
May  8 15:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15306]: Disconnected from 14.103.112.35 port 50284 [preauth]
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15320]: pam_unix(cron:session): session closed for user p13x
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15382]: Successful su for rubyman by root
May  8 15:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15382]: + ??? root:rubyman
May  8 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354056 of user rubyman.
May  8 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15382]: pam_unix(su:session): session closed for user rubyman
May  8 15:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354056.
May  8 15:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user root
May  8 15:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15321]: pam_unix(cron:session): session closed for user samftp
May  8 15:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: Failed password for root from 197.248.178.226 port 49442 ssh2
May  8 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: Received disconnect from 197.248.178.226 port 49442:11: Bye Bye [preauth]
May  8 15:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15563]: Disconnected from 197.248.178.226 port 49442 [preauth]
May  8 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 15:49:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Failed password for root from 218.92.0.220 port 50330 ssh2
May  8 15:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15623]: Connection reset by 147.185.132.135 port 61448 [preauth]
May  8 15:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Failed password for root from 218.92.0.220 port 50330 ssh2
May  8 15:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Failed password for root from 218.92.0.220 port 50330 ssh2
May  8 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Received disconnect from 218.92.0.220 port 50330:11:  [preauth]
May  8 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: Disconnected from 218.92.0.220 port 50330 [preauth]
May  8 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15624]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 15:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 15:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Failed password for root from 218.92.0.111 port 55984 ssh2
May  8 15:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Failed password for root from 218.92.0.111 port 55984 ssh2
May  8 15:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14419]: pam_unix(cron:session): session closed for user root
May  8 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Failed password for root from 218.92.0.111 port 55984 ssh2
May  8 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Received disconnect from 218.92.0.111 port 55984:11:  [preauth]
May  8 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: Disconnected from 218.92.0.111 port 55984 [preauth]
May  8 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15650]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 15:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 15:49:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Failed password for root from 218.92.0.111 port 51528 ssh2
May  8 15:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Failed password for root from 218.92.0.111 port 51528 ssh2
May  8 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Failed password for root from 218.92.0.111 port 51528 ssh2
May  8 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Received disconnect from 218.92.0.111 port 51528:11:  [preauth]
May  8 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: Disconnected from 218.92.0.111 port 51528 [preauth]
May  8 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15686]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 15:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15769]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15768]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15774]: pam_unix(cron:session): session closed for user root
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15768]: pam_unix(cron:session): session closed for user p13x
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15843]: Successful su for rubyman by root
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15843]: + ??? root:rubyman
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354058 of user rubyman.
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15843]: pam_unix(su:session): session closed for user rubyman
May  8 15:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354058.
May  8 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15770]: pam_unix(cron:session): session closed for user root
May  8 15:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13027]: pam_unix(cron:session): session closed for user root
May  8 15:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15769]: pam_unix(cron:session): session closed for user samftp
May  8 15:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 15:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Failed password for root from 218.92.0.111 port 54050 ssh2
May  8 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 54050 ssh2]
May  8 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Received disconnect from 218.92.0.111 port 54050:11:  [preauth]
May  8 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: Disconnected from 218.92.0.111 port 54050 [preauth]
May  8 15:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 15:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174  user=root
May  8 15:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16105]: Failed password for root from 116.193.190.174 port 35398 ssh2
May  8 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16105]: Received disconnect from 116.193.190.174 port 35398:11: Bye Bye [preauth]
May  8 15:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16105]: Disconnected from 116.193.190.174 port 35398 [preauth]
May  8 15:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user root
May  8 15:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Invalid user dan from 14.103.112.35
May  8 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: input_userauth_request: invalid user dan [preauth]
May  8 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35
May  8 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Failed password for invalid user dan from 14.103.112.35 port 51136 ssh2
May  8 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Received disconnect from 14.103.112.35 port 51136:11: Bye Bye [preauth]
May  8 15:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16184]: Disconnected from 14.103.112.35 port 51136 [preauth]
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16235]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16235]: pam_unix(cron:session): session closed for user p13x
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16303]: Successful su for rubyman by root
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16303]: + ??? root:rubyman
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16303]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354065 of user rubyman.
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16303]: pam_unix(su:session): session closed for user rubyman
May  8 15:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354065.
May  8 15:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user root
May  8 15:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16236]: pam_unix(cron:session): session closed for user samftp
May  8 15:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Invalid user chenhui from 175.6.36.108
May  8 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: input_userauth_request: invalid user chenhui [preauth]
May  8 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Failed password for invalid user chenhui from 175.6.36.108 port 59598 ssh2
May  8 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Received disconnect from 175.6.36.108 port 59598:11: Bye Bye [preauth]
May  8 15:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16537]: Disconnected from 175.6.36.108 port 59598 [preauth]
May  8 15:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Invalid user  from 158.101.158.236
May  8 15:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: input_userauth_request: invalid user  [preauth]
May  8 15:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15323]: pam_unix(cron:session): session closed for user root
May  8 15:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Connection closed by 158.101.158.236 port 37500 [preauth]
May  8 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Invalid user zx from 64.227.158.157
May  8 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: input_userauth_request: invalid user zx [preauth]
May  8 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 15:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Failed password for invalid user zx from 64.227.158.157 port 37290 ssh2
May  8 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Received disconnect from 64.227.158.157 port 37290:11: Bye Bye [preauth]
May  8 15:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16635]: Disconnected from 64.227.158.157 port 37290 [preauth]
May  8 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Failed password for root from 176.109.92.170 port 47940 ssh2
May  8 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Received disconnect from 176.109.92.170 port 47940:11: Bye Bye [preauth]
May  8 15:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16647]: Disconnected from 176.109.92.170 port 47940 [preauth]
May  8 15:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Invalid user user from 45.163.1.222
May  8 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: input_userauth_request: invalid user user [preauth]
May  8 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 15:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Failed password for invalid user user from 45.163.1.222 port 50230 ssh2
May  8 15:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Received disconnect from 45.163.1.222 port 50230:11: Bye Bye [preauth]
May  8 15:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16687]: Disconnected from 45.163.1.222 port 50230 [preauth]
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16699]: pam_unix(cron:session): session closed for user p13x
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16762]: Successful su for rubyman by root
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16762]: + ??? root:rubyman
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16762]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354069 of user rubyman.
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16762]: pam_unix(su:session): session closed for user rubyman
May  8 15:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354069.
May  8 15:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user root
May  8 15:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16700]: pam_unix(cron:session): session closed for user samftp
May  8 15:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35  user=root
May  8 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Failed password for root from 14.103.112.35 port 54840 ssh2
May  8 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Received disconnect from 14.103.112.35 port 54840:11: Bye Bye [preauth]
May  8 15:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17007]: Disconnected from 14.103.112.35 port 54840 [preauth]
May  8 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15772]: pam_unix(cron:session): session closed for user root
May  8 15:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Invalid user RPM from 80.94.95.115
May  8 15:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: input_userauth_request: invalid user RPM [preauth]
May  8 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 15:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Failed password for invalid user RPM from 80.94.95.115 port 61960 ssh2
May  8 15:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17065]: Connection closed by 80.94.95.115 port 61960 [preauth]
May  8 15:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 15:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Failed password for root from 115.72.8.68 port 53707 ssh2
May  8 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Received disconnect from 115.72.8.68 port 53707:11: Bye Bye [preauth]
May  8 15:52:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17119]: Disconnected from 115.72.8.68 port 53707 [preauth]
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17131]: pam_unix(cron:session): session closed for user p13x
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: Successful su for rubyman by root
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: + ??? root:rubyman
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354073 of user rubyman.
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17191]: pam_unix(su:session): session closed for user rubyman
May  8 15:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354073.
May  8 15:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14418]: pam_unix(cron:session): session closed for user root
May  8 15:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17132]: pam_unix(cron:session): session closed for user samftp
May  8 15:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16238]: pam_unix(cron:session): session closed for user root
May  8 15:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.18.49.130  user=root
May  8 15:53:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Invalid user dragon from 69.166.232.229
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: input_userauth_request: invalid user dragon [preauth]
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Failed password for root from 125.18.49.130 port 40792 ssh2
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Received disconnect from 125.18.49.130 port 40792:11: Bye Bye [preauth]
May  8 15:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Disconnected from 125.18.49.130 port 40792 [preauth]
May  8 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Failed password for invalid user dragon from 69.166.232.229 port 58440 ssh2
May  8 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Received disconnect from 69.166.232.229 port 58440:11: Bye Bye [preauth]
May  8 15:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17506]: Disconnected from 69.166.232.229 port 58440 [preauth]
May  8 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Invalid user ton from 189.167.51.249
May  8 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: input_userauth_request: invalid user ton [preauth]
May  8 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Failed password for invalid user ton from 189.167.51.249 port 44110 ssh2
May  8 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Received disconnect from 189.167.51.249 port 44110:11: Bye Bye [preauth]
May  8 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17536]: Disconnected from 189.167.51.249 port 44110 [preauth]
May  8 15:53:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Invalid user shilei from 43.153.195.114
May  8 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: input_userauth_request: invalid user shilei [preauth]
May  8 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Failed password for invalid user shilei from 43.153.195.114 port 49224 ssh2
May  8 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Received disconnect from 43.153.195.114 port 49224:11: Bye Bye [preauth]
May  8 15:53:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17546]: Disconnected from 43.153.195.114 port 49224 [preauth]
May  8 15:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.112.35  user=root
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17571]: pam_unix(cron:session): session closed for user p13x
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: Successful su for rubyman by root
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: + ??? root:rubyman
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354076 of user rubyman.
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: pam_unix(su:session): session closed for user rubyman
May  8 15:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354076.
May  8 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Failed password for root from 14.103.112.35 port 45588 ssh2
May  8 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Received disconnect from 14.103.112.35 port 45588:11: Bye Bye [preauth]
May  8 15:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17568]: Disconnected from 14.103.112.35 port 45588 [preauth]
May  8 15:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user root
May  8 15:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17573]: pam_unix(cron:session): session closed for user samftp
May  8 15:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16702]: pam_unix(cron:session): session closed for user root
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session closed for user root
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session closed for user p13x
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: Successful su for rubyman by root
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: + ??? root:rubyman
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354080 of user rubyman.
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18175]: pam_unix(su:session): session closed for user rubyman
May  8 15:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354080.
May  8 15:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18105]: pam_unix(cron:session): session closed for user root
May  8 15:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15322]: pam_unix(cron:session): session closed for user root
May  8 15:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18103]: pam_unix(cron:session): session closed for user samftp
May  8 15:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17134]: pam_unix(cron:session): session closed for user root
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18542]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18542]: pam_unix(cron:session): session closed for user p13x
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18610]: Successful su for rubyman by root
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18610]: + ??? root:rubyman
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354088 of user rubyman.
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18610]: pam_unix(su:session): session closed for user rubyman
May  8 15:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354088.
May  8 15:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Invalid user mysqld from 176.109.92.170
May  8 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: input_userauth_request: invalid user mysqld [preauth]
May  8 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 15:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15771]: pam_unix(cron:session): session closed for user root
May  8 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Failed password for invalid user mysqld from 176.109.92.170 port 16751 ssh2
May  8 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Received disconnect from 176.109.92.170 port 16751:11: Bye Bye [preauth]
May  8 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18708]: Disconnected from 176.109.92.170 port 16751 [preauth]
May  8 15:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18543]: pam_unix(cron:session): session closed for user samftp
May  8 15:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17575]: pam_unix(cron:session): session closed for user root
May  8 15:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Invalid user testuser from 186.208.159.26
May  8 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: input_userauth_request: invalid user testuser [preauth]
May  8 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 15:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Failed password for invalid user testuser from 186.208.159.26 port 51986 ssh2
May  8 15:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Received disconnect from 186.208.159.26 port 51986:11: Bye Bye [preauth]
May  8 15:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18911]: Disconnected from 186.208.159.26 port 51986 [preauth]
May  8 15:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:56:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Failed password for root from 64.227.158.157 port 59260 ssh2
May  8 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Received disconnect from 64.227.158.157 port 59260:11: Bye Bye [preauth]
May  8 15:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18941]: Disconnected from 64.227.158.157 port 59260 [preauth]
May  8 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Invalid user jing from 116.193.190.174
May  8 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: input_userauth_request: invalid user jing [preauth]
May  8 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 15:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Failed password for invalid user jing from 116.193.190.174 port 58402 ssh2
May  8 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Received disconnect from 116.193.190.174 port 58402:11: Bye Bye [preauth]
May  8 15:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18951]: Disconnected from 116.193.190.174 port 58402 [preauth]
May  8 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18963]: pam_unix(cron:session): session closed for user p13x
May  8 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: Successful su for rubyman by root
May  8 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: + ??? root:rubyman
May  8 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354091 of user rubyman.
May  8 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19023]: pam_unix(su:session): session closed for user rubyman
May  8 15:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354091.
May  8 15:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16237]: pam_unix(cron:session): session closed for user root
May  8 15:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18964]: pam_unix(cron:session): session closed for user samftp
May  8 15:57:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:57:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Failed password for root from 185.247.118.77 port 51308 ssh2
May  8 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Received disconnect from 185.247.118.77 port 51308:11: Bye Bye [preauth]
May  8 15:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19302]: Disconnected from 185.247.118.77 port 51308 [preauth]
May  8 15:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session closed for user root
May  8 15:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 15:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Failed password for root from 218.92.0.204 port 3684 ssh2
May  8 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: message repeated 4 times: [ Failed password for root from 218.92.0.204 port 3684 ssh2]
May  8 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 3684 ssh2 [preauth]
May  8 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: Disconnecting: Too many authentication failures [preauth]
May  8 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  8 15:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19349]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user p13x
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19475]: Successful su for rubyman by root
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19475]: + ??? root:rubyman
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19475]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354094 of user rubyman.
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19475]: pam_unix(su:session): session closed for user rubyman
May  8 15:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354094.
May  8 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16701]: pam_unix(cron:session): session closed for user root
May  8 15:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session closed for user samftp
May  8 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19649]: Failed password for root from 45.163.1.222 port 36596 ssh2
May  8 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19649]: Received disconnect from 45.163.1.222 port 36596:11: Bye Bye [preauth]
May  8 15:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19649]: Disconnected from 45.163.1.222 port 36596 [preauth]
May  8 15:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18545]: pam_unix(cron:session): session closed for user root
May  8 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Invalid user dev from 189.167.51.249
May  8 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: input_userauth_request: invalid user dev [preauth]
May  8 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Failed password for invalid user dev from 189.167.51.249 port 58712 ssh2
May  8 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Received disconnect from 189.167.51.249 port 58712:11: Bye Bye [preauth]
May  8 15:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19827]: Disconnected from 189.167.51.249 port 58712 [preauth]
May  8 15:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Invalid user crew from 115.72.8.68
May  8 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: input_userauth_request: invalid user crew [preauth]
May  8 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Failed password for invalid user crew from 115.72.8.68 port 43576 ssh2
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Received disconnect from 115.72.8.68 port 43576:11: Bye Bye [preauth]
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19888]: Disconnected from 115.72.8.68 port 43576 [preauth]
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 15:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19900]: pam_unix(cron:session): session closed for user p13x
May  8 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19965]: Successful su for rubyman by root
May  8 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19965]: + ??? root:rubyman
May  8 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19965]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354098 of user rubyman.
May  8 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19965]: pam_unix(su:session): session closed for user rubyman
May  8 15:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354098.
May  8 15:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17133]: pam_unix(cron:session): session closed for user root
May  8 15:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19901]: pam_unix(cron:session): session closed for user samftp
May  8 15:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: Invalid user frappe from 197.248.178.226
May  8 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: input_userauth_request: invalid user frappe [preauth]
May  8 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: Failed password for invalid user frappe from 197.248.178.226 port 48988 ssh2
May  8 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: Received disconnect from 197.248.178.226 port 48988:11: Bye Bye [preauth]
May  8 15:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20195]: Disconnected from 197.248.178.226 port 48988 [preauth]
May  8 15:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Invalid user admin from 80.94.95.112
May  8 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: input_userauth_request: invalid user admin [preauth]
May  8 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 15:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user admin from 80.94.95.112 port 49131 ssh2
May  8 15:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user admin from 80.94.95.112 port 49131 ssh2
May  8 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user admin from 80.94.95.112 port 49131 ssh2
May  8 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: Failed password for root from 165.154.14.28 port 39978 ssh2
May  8 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: Received disconnect from 165.154.14.28 port 39978:11: Bye Bye [preauth]
May  8 15:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20234]: Disconnected from 165.154.14.28 port 39978 [preauth]
May  8 15:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user admin from 80.94.95.112 port 49131 ssh2
May  8 15:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Failed password for invalid user admin from 80.94.95.112 port 49131 ssh2
May  8 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Received disconnect from 80.94.95.112 port 49131:11: Bye [preauth]
May  8 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: Disconnected from 80.94.95.112 port 49131 [preauth]
May  8 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 15:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20219]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18966]: pam_unix(cron:session): session closed for user root
May  8 15:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Invalid user montse from 69.166.232.229
May  8 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: input_userauth_request: invalid user montse [preauth]
May  8 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: pam_unix(sshd:auth): check pass; user unknown
May  8 15:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Failed password for invalid user montse from 69.166.232.229 port 55320 ssh2
May  8 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Received disconnect from 69.166.232.229 port 55320:11: Bye Bye [preauth]
May  8 15:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20274]: Disconnected from 69.166.232.229 port 55320 [preauth]
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20371]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20377]: pam_unix(cron:session): session closed for user root
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20372]: pam_unix(cron:session): session closed for user root
May  8 16:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20370]: pam_unix(cron:session): session closed for user p13x
May  8 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20469]: Successful su for rubyman by root
May  8 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20469]: + ??? root:rubyman
May  8 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354104 of user rubyman.
May  8 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20469]: pam_unix(su:session): session closed for user rubyman
May  8 16:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354104.
May  8 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session closed for user root
May  8 16:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20373]: pam_unix(cron:session): session closed for user root
May  8 16:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20371]: pam_unix(cron:session): session closed for user samftp
May  8 16:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170  user=root
May  8 16:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: Failed password for root from 176.109.92.170 port 43339 ssh2
May  8 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: Received disconnect from 176.109.92.170 port 43339:11: Bye Bye [preauth]
May  8 16:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20735]: Disconnected from 176.109.92.170 port 43339 [preauth]
May  8 16:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Invalid user shilei from 88.142.46.185
May  8 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: input_userauth_request: invalid user shilei [preauth]
May  8 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Failed password for invalid user shilei from 88.142.46.185 port 39376 ssh2
May  8 16:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Received disconnect from 88.142.46.185 port 39376:11: Bye Bye [preauth]
May  8 16:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20767]: Disconnected from 88.142.46.185 port 39376 [preauth]
May  8 16:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19416]: pam_unix(cron:session): session closed for user root
May  8 16:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Failed password for root from 180.253.142.73 port 42150 ssh2
May  8 16:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Received disconnect from 180.253.142.73 port 42150:11: Bye Bye [preauth]
May  8 16:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20942]: Disconnected from 180.253.142.73 port 42150 [preauth]
May  8 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20954]: pam_unix(cron:session): session closed for user p13x
May  8 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: Successful su for rubyman by root
May  8 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: + ??? root:rubyman
May  8 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354109 of user rubyman.
May  8 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21017]: pam_unix(su:session): session closed for user rubyman
May  8 16:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354109.
May  8 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18106]: pam_unix(cron:session): session closed for user root
May  8 16:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20955]: pam_unix(cron:session): session closed for user samftp
May  8 16:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: Failed password for root from 136.232.203.134 port 31962 ssh2
May  8 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: Received disconnect from 136.232.203.134 port 31962:11: Bye Bye [preauth]
May  8 16:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21344]: Disconnected from 136.232.203.134 port 31962 [preauth]
May  8 16:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19903]: pam_unix(cron:session): session closed for user root
May  8 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21450]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21448]: pam_unix(cron:session): session closed for user p13x
May  8 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21512]: Successful su for rubyman by root
May  8 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21512]: + ??? root:rubyman
May  8 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21512]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354113 of user rubyman.
May  8 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21512]: pam_unix(su:session): session closed for user rubyman
May  8 16:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354113.
May  8 16:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18544]: pam_unix(cron:session): session closed for user root
May  8 16:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21450]: pam_unix(cron:session): session closed for user samftp
May  8 16:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Invalid user ming from 175.6.36.108
May  8 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: input_userauth_request: invalid user ming [preauth]
May  8 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 16:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Failed password for invalid user ming from 175.6.36.108 port 34962 ssh2
May  8 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Received disconnect from 175.6.36.108 port 34962:11: Bye Bye [preauth]
May  8 16:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21744]: Disconnected from 175.6.36.108 port 34962 [preauth]
May  8 16:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Failed password for root from 64.227.158.157 port 46768 ssh2
May  8 16:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Received disconnect from 64.227.158.157 port 46768:11: Bye Bye [preauth]
May  8 16:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21746]: Disconnected from 64.227.158.157 port 46768 [preauth]
May  8 16:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Invalid user zhangjunyin from 185.247.118.77
May  8 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: input_userauth_request: invalid user zhangjunyin [preauth]
May  8 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Failed password for invalid user zhangjunyin from 185.247.118.77 port 48638 ssh2
May  8 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Received disconnect from 185.247.118.77 port 48638:11: Bye Bye [preauth]
May  8 16:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21863]: Disconnected from 185.247.118.77 port 48638 [preauth]
May  8 16:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20376]: pam_unix(cron:session): session closed for user root
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22198]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22198]: pam_unix(cron:session): session closed for user p13x
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: Successful su for rubyman by root
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: + ??? root:rubyman
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354117 of user rubyman.
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: pam_unix(su:session): session closed for user rubyman
May  8 16:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354117.
May  8 16:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18965]: pam_unix(cron:session): session closed for user root
May  8 16:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22199]: pam_unix(cron:session): session closed for user samftp
May  8 16:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 16:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Failed password for root from 218.92.0.217 port 55738 ssh2
May  8 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Failed password for root from 218.92.0.217 port 55738 ssh2
May  8 16:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Failed password for root from 218.92.0.217 port 55738 ssh2
May  8 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Received disconnect from 218.92.0.217 port 55738:11:  [preauth]
May  8 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: Disconnected from 218.92.0.217 port 55738 [preauth]
May  8 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22494]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 16:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: Failed password for root from 218.92.0.216 port 35014 ssh2
May  8 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 35014 ssh2]
May  8 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: Received disconnect from 218.92.0.216 port 35014:11:  [preauth]
May  8 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: Disconnected from 218.92.0.216 port 35014 [preauth]
May  8 16:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 16:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 16:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22584]: Failed password for root from 43.153.195.114 port 50488 ssh2
May  8 16:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22584]: Received disconnect from 43.153.195.114 port 50488:11: Bye Bye [preauth]
May  8 16:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22584]: Disconnected from 43.153.195.114 port 50488 [preauth]
May  8 16:03:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 16:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20957]: pam_unix(cron:session): session closed for user root
May  8 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Failed password for root from 189.167.51.249 port 40106 ssh2
May  8 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Received disconnect from 189.167.51.249 port 40106:11: Bye Bye [preauth]
May  8 16:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22594]: Disconnected from 189.167.51.249 port 40106 [preauth]
May  8 16:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Invalid user valeriy from 116.193.190.174
May  8 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: input_userauth_request: invalid user valeriy [preauth]
May  8 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Failed password for invalid user valeriy from 116.193.190.174 port 39590 ssh2
May  8 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Received disconnect from 116.193.190.174 port 39590:11: Bye Bye [preauth]
May  8 16:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22657]: Disconnected from 116.193.190.174 port 39590 [preauth]
May  8 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22691]: pam_unix(cron:session): session closed for user p13x
May  8 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: Successful su for rubyman by root
May  8 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: + ??? root:rubyman
May  8 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354121 of user rubyman.
May  8 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22760]: pam_unix(su:session): session closed for user rubyman
May  8 16:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354121.
May  8 16:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19415]: pam_unix(cron:session): session closed for user root
May  8 16:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22692]: pam_unix(cron:session): session closed for user samftp
May  8 16:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Invalid user javier from 45.163.1.222
May  8 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: input_userauth_request: invalid user javier [preauth]
May  8 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Failed password for invalid user javier from 45.163.1.222 port 43634 ssh2
May  8 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Received disconnect from 45.163.1.222 port 43634:11: Bye Bye [preauth]
May  8 16:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22997]: Disconnected from 45.163.1.222 port 43634 [preauth]
May  8 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21452]: pam_unix(cron:session): session closed for user root
May  8 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Invalid user thomas from 176.109.92.170
May  8 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: input_userauth_request: invalid user thomas [preauth]
May  8 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Invalid user dan from 115.72.8.68
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: input_userauth_request: invalid user dan [preauth]
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Failed password for invalid user thomas from 176.109.92.170 port 59396 ssh2
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Received disconnect from 176.109.92.170 port 59396:11: Bye Bye [preauth]
May  8 16:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23085]: Disconnected from 176.109.92.170 port 59396 [preauth]
May  8 16:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Failed password for invalid user dan from 115.72.8.68 port 33432 ssh2
May  8 16:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Received disconnect from 115.72.8.68 port 33432:11: Bye Bye [preauth]
May  8 16:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23108]: Disconnected from 115.72.8.68 port 33432 [preauth]
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23183]: pam_unix(cron:session): session closed for user root
May  8 16:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23172]: pam_unix(cron:session): session closed for user p13x
May  8 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: Successful su for rubyman by root
May  8 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: + ??? root:rubyman
May  8 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354127 of user rubyman.
May  8 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23252]: pam_unix(su:session): session closed for user rubyman
May  8 16:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354127.
May  8 16:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23180]: pam_unix(cron:session): session closed for user root
May  8 16:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19902]: pam_unix(cron:session): session closed for user root
May  8 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: Invalid user server from 197.248.178.226
May  8 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: input_userauth_request: invalid user server [preauth]
May  8 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: Failed password for invalid user server from 197.248.178.226 port 49952 ssh2
May  8 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23175]: pam_unix(cron:session): session closed for user samftp
May  8 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: Received disconnect from 197.248.178.226 port 49952:11: Bye Bye [preauth]
May  8 16:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23411]: Disconnected from 197.248.178.226 port 49952 [preauth]
May  8 16:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Failed password for root from 158.101.158.236 port 57602 ssh2
May  8 16:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23607]: Connection closed by 158.101.158.236 port 57602 [preauth]
May  8 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Invalid user pi from 158.101.158.236
May  8 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: input_userauth_request: invalid user pi [preauth]
May  8 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Failed password for invalid user pi from 158.101.158.236 port 41786 ssh2
May  8 16:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23621]: Connection closed by 158.101.158.236 port 41786 [preauth]
May  8 16:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Invalid user hive from 158.101.158.236
May  8 16:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: input_userauth_request: invalid user hive [preauth]
May  8 16:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Failed password for invalid user hive from 158.101.158.236 port 41796 ssh2
May  8 16:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23623]: Connection closed by 158.101.158.236 port 41796 [preauth]
May  8 16:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Invalid user git from 158.101.158.236
May  8 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: input_userauth_request: invalid user git [preauth]
May  8 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Failed password for invalid user git from 158.101.158.236 port 41798 ssh2
May  8 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23646]: Connection closed by 158.101.158.236 port 41798 [preauth]
May  8 16:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Invalid user wang from 158.101.158.236
May  8 16:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: input_userauth_request: invalid user wang [preauth]
May  8 16:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: Failed password for root from 88.142.46.185 port 49800 ssh2
May  8 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: Received disconnect from 88.142.46.185 port 49800:11: Bye Bye [preauth]
May  8 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23649]: Disconnected from 88.142.46.185 port 49800 [preauth]
May  8 16:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22201]: pam_unix(cron:session): session closed for user root
May  8 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Failed password for invalid user wang from 158.101.158.236 port 35602 ssh2
May  8 16:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23660]: Connection closed by 158.101.158.236 port 35602 [preauth]
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Invalid user shyam from 69.166.232.229
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: input_userauth_request: invalid user shyam [preauth]
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Invalid user nginx from 158.101.158.236
May  8 16:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: input_userauth_request: invalid user nginx [preauth]
May  8 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Failed password for invalid user shyam from 69.166.232.229 port 51674 ssh2
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Failed password for invalid user nginx from 158.101.158.236 port 35616 ssh2
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Received disconnect from 69.166.232.229 port 51674:11: Bye Bye [preauth]
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23674]: Disconnected from 69.166.232.229 port 51674 [preauth]
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Connection closed by 158.101.158.236 port 35616 [preauth]
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Invalid user zhangjunyin from 165.154.14.28
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: input_userauth_request: invalid user zhangjunyin [preauth]
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 16:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Invalid user mongo from 158.101.158.236
May  8 16:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: input_userauth_request: invalid user mongo [preauth]
May  8 16:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Failed password for invalid user zhangjunyin from 165.154.14.28 port 45050 ssh2
May  8 16:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Received disconnect from 165.154.14.28 port 45050:11: Bye Bye [preauth]
May  8 16:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23697]: Disconnected from 165.154.14.28 port 45050 [preauth]
May  8 16:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Failed password for invalid user mongo from 158.101.158.236 port 35620 ssh2
May  8 16:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23699]: Connection closed by 158.101.158.236 port 35620 [preauth]
May  8 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: Invalid user user from 158.101.158.236
May  8 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: input_userauth_request: invalid user user [preauth]
May  8 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: Failed password for invalid user user from 158.101.158.236 port 52354 ssh2
May  8 16:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23710]: Connection closed by 158.101.158.236 port 52354 [preauth]
May  8 16:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: Invalid user oracle from 158.101.158.236
May  8 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: input_userauth_request: invalid user oracle [preauth]
May  8 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: Failed password for invalid user oracle from 158.101.158.236 port 52364 ssh2
May  8 16:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23725]: Connection closed by 158.101.158.236 port 52364 [preauth]
May  8 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: Invalid user gpadmin from 158.101.158.236
May  8 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: input_userauth_request: invalid user gpadmin [preauth]
May  8 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: Failed password for invalid user gpadmin from 158.101.158.236 port 52376 ssh2
May  8 16:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23736]: Connection closed by 158.101.158.236 port 52376 [preauth]
May  8 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: Failed password for root from 158.101.158.236 port 47316 ssh2
May  8 16:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23738]: Connection closed by 158.101.158.236 port 47316 [preauth]
May  8 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23758]: pam_unix(cron:session): session closed for user p13x
May  8 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23931]: Successful su for rubyman by root
May  8 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23931]: + ??? root:rubyman
May  8 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354131 of user rubyman.
May  8 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23931]: pam_unix(su:session): session closed for user rubyman
May  8 16:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354131.
May  8 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20375]: pam_unix(cron:session): session closed for user root
May  8 16:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23759]: pam_unix(cron:session): session closed for user samftp
May  8 16:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Invalid user shilei from 186.208.159.26
May  8 16:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: input_userauth_request: invalid user shilei [preauth]
May  8 16:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 16:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Failed password for invalid user shilei from 186.208.159.26 port 44766 ssh2
May  8 16:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Received disconnect from 186.208.159.26 port 44766:11: Bye Bye [preauth]
May  8 16:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24141]: Disconnected from 186.208.159.26 port 44766 [preauth]
May  8 16:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Failed password for root from 218.92.0.233 port 46462 ssh2
May  8 16:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22695]: pam_unix(cron:session): session closed for user root
May  8 16:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Failed password for root from 218.92.0.233 port 46462 ssh2
May  8 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Failed password for root from 218.92.0.233 port 46462 ssh2
May  8 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Received disconnect from 218.92.0.233 port 46462:11:  [preauth]
May  8 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: Disconnected from 218.92.0.233 port 46462 [preauth]
May  8 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24201]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: Failed password for root from 218.92.0.233 port 56956 ssh2
May  8 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 56956 ssh2]
May  8 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: Received disconnect from 218.92.0.233 port 56956:11:  [preauth]
May  8 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: Disconnected from 218.92.0.233 port 56956 [preauth]
May  8 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24250]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Failed password for root from 218.92.0.233 port 38696 ssh2
May  8 16:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 38696 ssh2]
May  8 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Received disconnect from 218.92.0.233 port 38696:11:  [preauth]
May  8 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: Disconnected from 218.92.0.233 port 38696 [preauth]
May  8 16:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24268]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 16:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Failed password for root from 218.92.0.198 port 48590 ssh2
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24317]: pam_unix(cron:session): session closed for user p13x
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24314]: Failed password for root from 185.247.118.77 port 8774 ssh2
May  8 16:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Failed password for root from 218.92.0.198 port 48590 ssh2
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24314]: Received disconnect from 185.247.118.77 port 8774:11: Bye Bye [preauth]
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24314]: Disconnected from 185.247.118.77 port 8774 [preauth]
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: Successful su for rubyman by root
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: + ??? root:rubyman
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354135 of user rubyman.
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24393]: pam_unix(su:session): session closed for user rubyman
May  8 16:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354135.
May  8 16:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Failed password for root from 218.92.0.198 port 48590 ssh2
May  8 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Received disconnect from 218.92.0.198 port 48590:11:  [preauth]
May  8 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: Disconnected from 218.92.0.198 port 48590 [preauth]
May  8 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24303]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20956]: pam_unix(cron:session): session closed for user root
May  8 16:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 16:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24318]: pam_unix(cron:session): session closed for user samftp
May  8 16:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Failed password for root from 218.92.0.198 port 48594 ssh2
May  8 16:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 48594 ssh2]
May  8 16:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Received disconnect from 218.92.0.198 port 48594:11:  [preauth]
May  8 16:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: Disconnected from 218.92.0.198 port 48594 [preauth]
May  8 16:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24531]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 16:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 16:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: Failed password for root from 218.92.0.198 port 39508 ssh2
May  8 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 39508 ssh2]
May  8 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: Received disconnect from 218.92.0.198 port 39508:11:  [preauth]
May  8 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: Disconnected from 218.92.0.198 port 39508 [preauth]
May  8 16:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24609]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 16:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Failed password for root from 158.101.158.236 port 38954 ssh2
May  8 16:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24676]: Connection closed by 158.101.158.236 port 38954 [preauth]
May  8 16:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Failed password for root from 64.227.158.157 port 53824 ssh2
May  8 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Received disconnect from 64.227.158.157 port 53824:11: Bye Bye [preauth]
May  8 16:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24690]: Disconnected from 64.227.158.157 port 53824 [preauth]
May  8 16:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23182]: pam_unix(cron:session): session closed for user root
May  8 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Failed password for root from 158.101.158.236 port 53764 ssh2
May  8 16:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24693]: Connection closed by 158.101.158.236 port 53764 [preauth]
May  8 16:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Invalid user apache from 158.101.158.236
May  8 16:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: input_userauth_request: invalid user apache [preauth]
May  8 16:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: User mysql from 80.94.95.115 not allowed because not listed in AllowUsers
May  8 16:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: input_userauth_request: invalid user mysql [preauth]
May  8 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Failed none for invalid user mysql from 80.94.95.115 port 50408 ssh2
May  8 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Connection closed by 80.94.95.115 port 50408 [preauth]
May  8 16:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Failed password for invalid user apache from 158.101.158.236 port 53780 ssh2
May  8 16:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24746]: Connection closed by 158.101.158.236 port 53780 [preauth]
May  8 16:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: Invalid user user1 from 158.101.158.236
May  8 16:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: input_userauth_request: invalid user user1 [preauth]
May  8 16:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:07:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: Failed password for invalid user user1 from 158.101.158.236 port 38956 ssh2
May  8 16:07:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24765]: Connection closed by 158.101.158.236 port 38956 [preauth]
May  8 16:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Failed password for root from 158.101.158.236 port 49136 ssh2
May  8 16:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24790]: Connection closed by 158.101.158.236 port 49136 [preauth]
May  8 16:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Invalid user cui from 136.232.203.134
May  8 16:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: input_userauth_request: invalid user cui [preauth]
May  8 16:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 16:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Failed password for invalid user cui from 136.232.203.134 port 33339 ssh2
May  8 16:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Received disconnect from 136.232.203.134 port 33339:11: Bye Bye [preauth]
May  8 16:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24820]: Disconnected from 136.232.203.134 port 33339 [preauth]
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Invalid user postgres from 158.101.158.236
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: input_userauth_request: invalid user postgres [preauth]
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24834]: pam_unix(cron:session): session closed for user p13x
May  8 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24898]: Successful su for rubyman by root
May  8 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24898]: + ??? root:rubyman
May  8 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24898]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354139 of user rubyman.
May  8 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24898]: pam_unix(su:session): session closed for user rubyman
May  8 16:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354139.
May  8 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Failed password for invalid user postgres from 158.101.158.236 port 49152 ssh2
May  8 16:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24829]: Connection closed by 158.101.158.236 port 49152 [preauth]
May  8 16:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21451]: pam_unix(cron:session): session closed for user root
May  8 16:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session closed for user samftp
May  8 16:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Invalid user plexserver from 158.101.158.236
May  8 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: input_userauth_request: invalid user plexserver [preauth]
May  8 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Failed password for invalid user plexserver from 158.101.158.236 port 42474 ssh2
May  8 16:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25111]: Connection closed by 158.101.158.236 port 42474 [preauth]
May  8 16:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: Invalid user hadoop from 189.167.51.249
May  8 16:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: input_userauth_request: invalid user hadoop [preauth]
May  8 16:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: Failed password for invalid user hadoop from 189.167.51.249 port 49522 ssh2
May  8 16:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: Received disconnect from 189.167.51.249 port 49522:11: Bye Bye [preauth]
May  8 16:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25149]: Disconnected from 189.167.51.249 port 49522 [preauth]
May  8 16:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23849]: pam_unix(cron:session): session closed for user root
May  8 16:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Invalid user user1 from 176.109.92.170
May  8 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: input_userauth_request: invalid user user1 [preauth]
May  8 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Failed password for invalid user user1 from 176.109.92.170 port 39780 ssh2
May  8 16:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Received disconnect from 176.109.92.170 port 39780:11: Bye Bye [preauth]
May  8 16:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25195]: Disconnected from 176.109.92.170 port 39780 [preauth]
May  8 16:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: Failed password for root from 43.153.195.114 port 38694 ssh2
May  8 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: Received disconnect from 43.153.195.114 port 38694:11: Bye Bye [preauth]
May  8 16:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25219]: Disconnected from 43.153.195.114 port 38694 [preauth]
May  8 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25255]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25251]: pam_unix(cron:session): session closed for user p13x
May  8 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: Successful su for rubyman by root
May  8 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: + ??? root:rubyman
May  8 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354144 of user rubyman.
May  8 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25387]: pam_unix(su:session): session closed for user rubyman
May  8 16:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354144.
May  8 16:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25249]: pam_unix(cron:session): session closed for user root
May  8 16:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22200]: pam_unix(cron:session): session closed for user root
May  8 16:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session closed for user samftp
May  8 16:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Invalid user app from 158.101.158.236
May  8 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: input_userauth_request: invalid user app [preauth]
May  8 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Failed password for root from 158.101.158.236 port 35296 ssh2
May  8 16:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25682]: Connection closed by 158.101.158.236 port 35296 [preauth]
May  8 16:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Failed password for invalid user app from 158.101.158.236 port 35308 ssh2
May  8 16:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25705]: Connection closed by 158.101.158.236 port 35308 [preauth]
May  8 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: Invalid user elastic from 158.101.158.236
May  8 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: input_userauth_request: invalid user elastic [preauth]
May  8 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: Failed password for invalid user elastic from 158.101.158.236 port 35324 ssh2
May  8 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25715]: Connection closed by 158.101.158.236 port 35324 [preauth]
May  8 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Invalid user admin from 158.101.158.236
May  8 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: input_userauth_request: invalid user admin [preauth]
May  8 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24321]: pam_unix(cron:session): session closed for user root
May  8 16:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Failed password for root from 158.101.158.236 port 58296 ssh2
May  8 16:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Failed password for invalid user admin from 158.101.158.236 port 50484 ssh2
May  8 16:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25725]: Connection closed by 158.101.158.236 port 58296 [preauth]
May  8 16:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25727]: Connection closed by 158.101.158.236 port 50484 [preauth]
May  8 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Invalid user guest from 158.101.158.236
May  8 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: input_userauth_request: invalid user guest [preauth]
May  8 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Invalid user manage from 80.94.95.241
May  8 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: input_userauth_request: invalid user manage [preauth]
May  8 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 16:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Failed password for invalid user guest from 158.101.158.236 port 58302 ssh2
May  8 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25763]: Connection closed by 158.101.158.236 port 58302 [preauth]
May  8 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Failed password for invalid user manage from 80.94.95.241 port 63232 ssh2
May  8 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Failed password for invalid user manage from 80.94.95.241 port 63232 ssh2
May  8 16:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Failed password for root from 158.101.158.236 port 58312 ssh2
May  8 16:09:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Connection closed by 158.101.158.236 port 58312 [preauth]
May  8 16:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Failed password for invalid user manage from 80.94.95.241 port 63232 ssh2
May  8 16:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Failed password for invalid user manage from 80.94.95.241 port 63232 ssh2
May  8 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Invalid user jumpserver from 158.101.158.236
May  8 16:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: input_userauth_request: invalid user jumpserver [preauth]
May  8 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Failed password for invalid user manage from 80.94.95.241 port 63232 ssh2
May  8 16:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Received disconnect from 80.94.95.241 port 63232:11: Bye [preauth]
May  8 16:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: Disconnected from 80.94.95.241 port 63232 [preauth]
May  8 16:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 16:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25765]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 16:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Failed password for invalid user jumpserver from 158.101.158.236 port 60516 ssh2
May  8 16:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25832]: Connection closed by 158.101.158.236 port 60516 [preauth]
May  8 16:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Invalid user tom from 158.101.158.236
May  8 16:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: input_userauth_request: invalid user tom [preauth]
May  8 16:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Failed password for invalid user tom from 158.101.158.236 port 60518 ssh2
May  8 16:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25852]: Connection closed by 158.101.158.236 port 60518 [preauth]
May  8 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Failed password for root from 158.101.158.236 port 54146 ssh2
May  8 16:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Connection closed by 158.101.158.236 port 54146 [preauth]
May  8 16:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Invalid user git from 158.101.158.236
May  8 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: input_userauth_request: invalid user git [preauth]
May  8 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Invalid user sonar from 158.101.158.236
May  8 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: input_userauth_request: invalid user sonar [preauth]
May  8 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Failed password for invalid user git from 158.101.158.236 port 54162 ssh2
May  8 16:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25864]: Connection closed by 158.101.158.236 port 54162 [preauth]
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25883]: pam_unix(cron:session): session closed for user root
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25878]: pam_unix(cron:session): session closed for user p13x
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Failed password for invalid user sonar from 158.101.158.236 port 60510 ssh2
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Connection closed by 158.101.158.236 port 60510 [preauth]
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: Successful su for rubyman by root
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: + ??? root:rubyman
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354149 of user rubyman.
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25964]: pam_unix(su:session): session closed for user rubyman
May  8 16:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354149.
May  8 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25880]: pam_unix(cron:session): session closed for user root
May  8 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Invalid user joseph from 88.142.46.185
May  8 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: input_userauth_request: invalid user joseph [preauth]
May  8 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22694]: pam_unix(cron:session): session closed for user root
May  8 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session closed for user samftp
May  8 16:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Failed password for invalid user joseph from 88.142.46.185 port 58462 ssh2
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Received disconnect from 88.142.46.185 port 58462:11: Bye Bye [preauth]
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26105]: Disconnected from 88.142.46.185 port 58462 [preauth]
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Invalid user uno85c from 115.72.8.68
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: input_userauth_request: invalid user uno85c [preauth]
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: Invalid user appuser from 158.101.158.236
May  8 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: input_userauth_request: invalid user appuser [preauth]
May  8 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Invalid user joko from 116.193.190.174
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: input_userauth_request: invalid user joko [preauth]
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Failed password for invalid user uno85c from 115.72.8.68 port 51520 ssh2
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Received disconnect from 115.72.8.68 port 51520:11: Bye Bye [preauth]
May  8 16:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Disconnected from 115.72.8.68 port 51520 [preauth]
May  8 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: Failed password for invalid user appuser from 158.101.158.236 port 43942 ssh2
May  8 16:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26182]: Connection closed by 158.101.158.236 port 43942 [preauth]
May  8 16:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Failed password for invalid user joko from 116.193.190.174 port 44916 ssh2
May  8 16:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Received disconnect from 116.193.190.174 port 44916:11: Bye Bye [preauth]
May  8 16:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26180]: Disconnected from 116.193.190.174 port 44916 [preauth]
May  8 16:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: Invalid user tom from 158.101.158.236
May  8 16:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: input_userauth_request: invalid user tom [preauth]
May  8 16:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: Failed password for invalid user tom from 158.101.158.236 port 49458 ssh2
May  8 16:10:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26193]: Connection closed by 158.101.158.236 port 49458 [preauth]
May  8 16:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: Failed password for root from 158.101.158.236 port 49470 ssh2
May  8 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26218]: Connection closed by 158.101.158.236 port 49470 [preauth]
May  8 16:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: Failed password for root from 45.163.1.222 port 59854 ssh2
May  8 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: Received disconnect from 45.163.1.222 port 59854:11: Bye Bye [preauth]
May  8 16:10:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26220]: Disconnected from 45.163.1.222 port 59854 [preauth]
May  8 16:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session closed for user root
May  8 16:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Failed password for root from 197.248.178.226 port 34410 ssh2
May  8 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Received disconnect from 197.248.178.226 port 34410:11: Bye Bye [preauth]
May  8 16:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26384]: Disconnected from 197.248.178.226 port 34410 [preauth]
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26396]: pam_unix(cron:session): session closed for user p13x
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26549]: Successful su for rubyman by root
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26549]: + ??? root:rubyman
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354154 of user rubyman.
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26549]: pam_unix(su:session): session closed for user rubyman
May  8 16:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354154.
May  8 16:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23181]: pam_unix(cron:session): session closed for user root
May  8 16:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26397]: pam_unix(cron:session): session closed for user samftp
May  8 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: Invalid user esuser from 158.101.158.236
May  8 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: input_userauth_request: invalid user esuser [preauth]
May  8 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: Failed password for invalid user esuser from 158.101.158.236 port 40890 ssh2
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26814]: Connection closed by 158.101.158.236 port 40890 [preauth]
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: Invalid user steam from 158.101.158.236
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: input_userauth_request: invalid user steam [preauth]
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Invalid user observer from 158.101.158.236
May  8 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: input_userauth_request: invalid user observer [preauth]
May  8 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: Failed password for invalid user steam from 158.101.158.236 port 40882 ssh2
May  8 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26826]: Connection closed by 158.101.158.236 port 40882 [preauth]
May  8 16:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session closed for user root
May  8 16:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Failed password for invalid user observer from 158.101.158.236 port 60992 ssh2
May  8 16:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26829]: Connection closed by 158.101.158.236 port 60992 [preauth]
May  8 16:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Invalid user docker from 158.101.158.236
May  8 16:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: input_userauth_request: invalid user docker [preauth]
May  8 16:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Failed password for invalid user docker from 158.101.158.236 port 32776 ssh2
May  8 16:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26882]: Connection closed by 158.101.158.236 port 32776 [preauth]
May  8 16:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Invalid user atl from 69.166.232.229
May  8 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: input_userauth_request: invalid user atl [preauth]
May  8 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Invalid user user from 158.101.158.236
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: input_userauth_request: invalid user user [preauth]
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Failed password for invalid user atl from 69.166.232.229 port 33976 ssh2
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Received disconnect from 69.166.232.229 port 33976:11: Bye Bye [preauth]
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26893]: Disconnected from 69.166.232.229 port 33976 [preauth]
May  8 16:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Invalid user elastic from 158.101.158.236
May  8 16:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: input_userauth_request: invalid user elastic [preauth]
May  8 16:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Failed password for invalid user user from 158.101.158.236 port 32792 ssh2
May  8 16:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26895]: Connection closed by 158.101.158.236 port 32792 [preauth]
May  8 16:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Failed password for invalid user elastic from 158.101.158.236 port 53912 ssh2
May  8 16:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Failed password for root from 185.247.118.77 port 59648 ssh2
May  8 16:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26907]: Connection closed by 158.101.158.236 port 53912 [preauth]
May  8 16:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Received disconnect from 185.247.118.77 port 59648:11: Bye Bye [preauth]
May  8 16:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26898]: Disconnected from 185.247.118.77 port 59648 [preauth]
May  8 16:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Invalid user patrol from 165.154.14.28
May  8 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: input_userauth_request: invalid user patrol [preauth]
May  8 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Failed password for invalid user patrol from 165.154.14.28 port 51306 ssh2
May  8 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Received disconnect from 165.154.14.28 port 51306:11: Bye Bye [preauth]
May  8 16:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26941]: Disconnected from 165.154.14.28 port 51306 [preauth]
May  8 16:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: Invalid user oracle from 158.101.158.236
May  8 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: input_userauth_request: invalid user oracle [preauth]
May  8 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: Invalid user ts from 158.101.158.236
May  8 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: input_userauth_request: invalid user ts [preauth]
May  8 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: Failed password for invalid user oracle from 158.101.158.236 port 53914 ssh2
May  8 16:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26963]: Connection closed by 158.101.158.236 port 53914 [preauth]
May  8 16:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: Failed password for invalid user ts from 158.101.158.236 port 58964 ssh2
May  8 16:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26966]: Connection closed by 158.101.158.236 port 58964 [preauth]
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27027]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27027]: pam_unix(cron:session): session closed for user p13x
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27107]: Successful su for rubyman by root
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27107]: + ??? root:rubyman
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354158 of user rubyman.
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27107]: pam_unix(su:session): session closed for user rubyman
May  8 16:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354158.
May  8 16:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: Invalid user ftpuser from 158.101.158.236
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: input_userauth_request: invalid user ftpuser [preauth]
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Invalid user test from 158.101.158.236
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: input_userauth_request: invalid user test [preauth]
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23848]: pam_unix(cron:session): session closed for user root
May  8 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session closed for user samftp
May  8 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: Failed password for invalid user ftpuser from 158.101.158.236 port 58996 ssh2
May  8 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27229]: Connection closed by 158.101.158.236 port 58996 [preauth]
May  8 16:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Failed password for invalid user test from 158.101.158.236 port 48588 ssh2
May  8 16:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27237]: Connection closed by 158.101.158.236 port 48588 [preauth]
May  8 16:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: Invalid user miran from 186.208.159.26
May  8 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: input_userauth_request: invalid user miran [preauth]
May  8 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 16:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: Failed password for invalid user miran from 186.208.159.26 port 52552 ssh2
May  8 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: Received disconnect from 186.208.159.26 port 52552:11: Bye Bye [preauth]
May  8 16:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27313]: Disconnected from 186.208.159.26 port 52552 [preauth]
May  8 16:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27363]: Failed password for root from 180.253.142.73 port 52372 ssh2
May  8 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27363]: Received disconnect from 180.253.142.73 port 52372:11: Bye Bye [preauth]
May  8 16:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27363]: Disconnected from 180.253.142.73 port 52372 [preauth]
May  8 16:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 16:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for root from 218.92.0.216 port 37666 ssh2
May  8 16:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for root from 218.92.0.216 port 37666 ssh2
May  8 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for root from 218.92.0.216 port 37666 ssh2
May  8 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Received disconnect from 218.92.0.216 port 37666:11:  [preauth]
May  8 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Disconnected from 218.92.0.216 port 37666 [preauth]
May  8 16:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 16:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25882]: pam_unix(cron:session): session closed for user root
May  8 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Failed password for root from 158.101.158.236 port 54534 ssh2
May  8 16:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27448]: Connection closed by 158.101.158.236 port 54534 [preauth]
May  8 16:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Invalid user dev from 176.109.92.170
May  8 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: input_userauth_request: invalid user dev [preauth]
May  8 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Failed password for invalid user dev from 176.109.92.170 port 49444 ssh2
May  8 16:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Received disconnect from 176.109.92.170 port 49444:11: Bye Bye [preauth]
May  8 16:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27538]: Disconnected from 176.109.92.170 port 49444 [preauth]
May  8 16:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27549]: Failed password for root from 64.227.158.157 port 37000 ssh2
May  8 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27549]: Received disconnect from 64.227.158.157 port 37000:11: Bye Bye [preauth]
May  8 16:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27549]: Disconnected from 64.227.158.157 port 37000 [preauth]
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27577]: pam_unix(cron:session): session closed for user p13x
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: Successful su for rubyman by root
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: + ??? root:rubyman
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354164 of user rubyman.
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session closed for user rubyman
May  8 16:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354164.
May  8 16:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Invalid user rramirez from 175.6.36.108
May  8 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: input_userauth_request: invalid user rramirez [preauth]
May  8 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Failed password for invalid user rramirez from 175.6.36.108 port 44414 ssh2
May  8 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24319]: pam_unix(cron:session): session closed for user root
May  8 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Received disconnect from 175.6.36.108 port 44414:11: Bye Bye [preauth]
May  8 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27708]: Disconnected from 175.6.36.108 port 44414 [preauth]
May  8 16:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27578]: pam_unix(cron:session): session closed for user samftp
May  8 16:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 16:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Failed password for root from 189.167.51.249 port 33206 ssh2
May  8 16:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Received disconnect from 189.167.51.249 port 33206:11: Bye Bye [preauth]
May  8 16:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27832]: Disconnected from 189.167.51.249 port 33206 [preauth]
May  8 16:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Failed password for root from 136.232.203.134 port 48577 ssh2
May  8 16:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Received disconnect from 136.232.203.134 port 48577:11: Bye Bye [preauth]
May  8 16:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27901]: Disconnected from 136.232.203.134 port 48577 [preauth]
May  8 16:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 218.92.0.203 port 16278 ssh2
May  8 16:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26400]: pam_unix(cron:session): session closed for user root
May  8 16:13:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 218.92.0.203 port 16278 ssh2
May  8 16:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 218.92.0.203 port 16278 ssh2
May  8 16:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Invalid user tomcat from 158.101.158.236
May  8 16:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: input_userauth_request: invalid user tomcat [preauth]
May  8 16:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Failed password for invalid user tomcat from 158.101.158.236 port 54744 ssh2
May  8 16:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27948]: Connection closed by 158.101.158.236 port 54744 [preauth]
May  8 16:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 218.92.0.203 port 16278 ssh2
May  8 16:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Failed password for root from 218.92.0.203 port 16278 ssh2
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 16278 ssh2 [preauth]
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: Disconnecting: Too many authentication failures [preauth]
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27903]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Failed password for root from 158.101.158.236 port 39488 ssh2
May  8 16:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Connection closed by 158.101.158.236 port 39488 [preauth]
May  8 16:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 16:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 218.92.0.203 port 19600 ssh2
May  8 16:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Invalid user zabbix from 158.101.158.236
May  8 16:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: input_userauth_request: invalid user zabbix [preauth]
May  8 16:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Failed password for invalid user zabbix from 158.101.158.236 port 39538 ssh2
May  8 16:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27986]: Connection closed by 158.101.158.236 port 39538 [preauth]
May  8 16:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 218.92.0.203 port 19600 ssh2
May  8 16:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: Invalid user cui from 43.153.195.114
May  8 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: input_userauth_request: invalid user cui [preauth]
May  8 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 16:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 218.92.0.203 port 19600 ssh2
May  8 16:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: Failed password for invalid user cui from 43.153.195.114 port 49418 ssh2
May  8 16:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: Received disconnect from 43.153.195.114 port 49418:11: Bye Bye [preauth]
May  8 16:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27997]: Disconnected from 43.153.195.114 port 49418 [preauth]
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 218.92.0.203 port 19600 ssh2
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Invalid user hadoop from 158.101.158.236
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: input_userauth_request: invalid user hadoop [preauth]
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session closed for user p13x
May  8 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28076]: Successful su for rubyman by root
May  8 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28076]: + ??? root:rubyman
May  8 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354167 of user rubyman.
May  8 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28076]: pam_unix(su:session): session closed for user rubyman
May  8 16:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354167.
May  8 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Failed password for invalid user hadoop from 158.101.158.236 port 39836 ssh2
May  8 16:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28009]: Connection closed by 158.101.158.236 port 39836 [preauth]
May  8 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session closed for user root
May  8 16:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 218.92.0.203 port 19600 ssh2
May  8 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: Invalid user bot from 158.101.158.236
May  8 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: input_userauth_request: invalid user bot [preauth]
May  8 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session closed for user samftp
May  8 16:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: Failed password for invalid user bot from 158.101.158.236 port 39844 ssh2
May  8 16:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28225]: Connection closed by 158.101.158.236 port 39844 [preauth]
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Failed password for root from 218.92.0.203 port 19600 ssh2
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 19600 ssh2 [preauth]
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: Disconnecting: Too many authentication failures [preauth]
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27984]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Invalid user debianuser from 158.101.158.236
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: input_userauth_request: invalid user debianuser [preauth]
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Failed password for invalid user debianuser from 158.101.158.236 port 39852 ssh2
May  8 16:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28266]: Connection closed by 158.101.158.236 port 39852 [preauth]
May  8 16:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 16:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Failed password for root from 218.92.0.203 port 63416 ssh2
May  8 16:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Received disconnect from 218.92.0.203 port 63416:11:  [preauth]
May  8 16:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28276]: Disconnected from 218.92.0.203 port 63416 [preauth]
May  8 16:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Invalid user oracle from 158.101.158.236
May  8 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: input_userauth_request: invalid user oracle [preauth]
May  8 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Failed password for invalid user oracle from 158.101.158.236 port 49804 ssh2
May  8 16:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28298]: Connection closed by 158.101.158.236 port 49804 [preauth]
May  8 16:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: User ftp from 158.101.158.236 not allowed because not listed in AllowUsers
May  8 16:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: input_userauth_request: invalid user ftp [preauth]
May  8 16:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=ftp
May  8 16:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Failed password for invalid user ftp from 158.101.158.236 port 49816 ssh2
May  8 16:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28300]: Connection closed by 158.101.158.236 port 49816 [preauth]
May  8 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Invalid user elastic from 158.101.158.236
May  8 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: input_userauth_request: invalid user elastic [preauth]
May  8 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Failed password for invalid user elastic from 158.101.158.236 port 55744 ssh2
May  8 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28332]: Connection closed by 158.101.158.236 port 55744 [preauth]
May  8 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Failed password for root from 88.142.46.185 port 38880 ssh2
May  8 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Received disconnect from 88.142.46.185 port 38880:11: Bye Bye [preauth]
May  8 16:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28334]: Disconnected from 88.142.46.185 port 38880 [preauth]
May  8 16:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session closed for user root
May  8 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Invalid user default from 158.101.158.236
May  8 16:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: input_userauth_request: invalid user default [preauth]
May  8 16:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for invalid user default from 158.101.158.236 port 44138 ssh2
May  8 16:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Connection closed by 158.101.158.236 port 44138 [preauth]
May  8 16:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Invalid user gitlab from 158.101.158.236
May  8 16:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: input_userauth_request: invalid user gitlab [preauth]
May  8 16:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Failed password for invalid user gitlab from 158.101.158.236 port 55700 ssh2
May  8 16:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28407]: Connection closed by 158.101.158.236 port 55700 [preauth]
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28443]: pam_unix(cron:session): session closed for user root
May  8 16:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28437]: pam_unix(cron:session): session closed for user p13x
May  8 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28511]: Successful su for rubyman by root
May  8 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28511]: + ??? root:rubyman
May  8 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354172 of user rubyman.
May  8 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28511]: pam_unix(su:session): session closed for user rubyman
May  8 16:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354172.
May  8 16:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28439]: pam_unix(cron:session): session closed for user root
May  8 16:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25255]: pam_unix(cron:session): session closed for user root
May  8 16:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28438]: pam_unix(cron:session): session closed for user samftp
May  8 16:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27580]: pam_unix(cron:session): session closed for user root
May  8 16:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Invalid user dev from 115.72.8.68
May  8 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: input_userauth_request: invalid user dev [preauth]
May  8 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Failed password for invalid user dev from 115.72.8.68 port 41376 ssh2
May  8 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Received disconnect from 115.72.8.68 port 41376:11: Bye Bye [preauth]
May  8 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Disconnected from 115.72.8.68 port 41376 [preauth]
May  8 16:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Invalid user gitlab-runner from 158.101.158.236
May  8 16:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: input_userauth_request: invalid user gitlab-runner [preauth]
May  8 16:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Failed password for invalid user gitlab-runner from 158.101.158.236 port 39172 ssh2
May  8 16:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28822]: Connection closed by 158.101.158.236 port 39172 [preauth]
May  8 16:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Invalid user es from 158.101.158.236
May  8 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: input_userauth_request: invalid user es [preauth]
May  8 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Failed password for invalid user es from 158.101.158.236 port 32880 ssh2
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28846]: Connection closed by 158.101.158.236 port 32880 [preauth]
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Invalid user oracle from 158.101.158.236
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: input_userauth_request: invalid user oracle [preauth]
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Failed password for invalid user oracle from 158.101.158.236 port 32890 ssh2
May  8 16:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28857]: Connection closed by 158.101.158.236 port 32890 [preauth]
May  8 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Invalid user nvidia from 158.101.158.236
May  8 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: input_userauth_request: invalid user nvidia [preauth]
May  8 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Failed password for invalid user nvidia from 158.101.158.236 port 38414 ssh2
May  8 16:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28868]: Connection closed by 158.101.158.236 port 38414 [preauth]
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28882]: pam_unix(cron:session): session closed for user p13x
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: Successful su for rubyman by root
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: + ??? root:rubyman
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354176 of user rubyman.
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28956]: pam_unix(su:session): session closed for user rubyman
May  8 16:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354176.
May  8 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session closed for user root
May  8 16:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28883]: pam_unix(cron:session): session closed for user samftp
May  8 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: Failed password for root from 158.101.158.236 port 38422 ssh2
May  8 16:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29209]: Connection closed by 158.101.158.236 port 38422 [preauth]
May  8 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Invalid user developer from 158.101.158.236
May  8 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: input_userauth_request: invalid user developer [preauth]
May  8 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Failed password for invalid user developer from 158.101.158.236 port 57212 ssh2
May  8 16:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29248]: Connection closed by 158.101.158.236 port 57212 [preauth]
May  8 16:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: Failed password for root from 158.101.158.236 port 57226 ssh2
May  8 16:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29251]: Connection closed by 158.101.158.236 port 57226 [preauth]
May  8 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: User ftp from 158.101.158.236 not allowed because not listed in AllowUsers
May  8 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: input_userauth_request: invalid user ftp [preauth]
May  8 16:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=ftp
May  8 16:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Failed password for invalid user ftp from 158.101.158.236 port 58240 ssh2
May  8 16:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29253]: Connection closed by 158.101.158.236 port 58240 [preauth]
May  8 16:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: Invalid user mongodb from 158.101.158.236
May  8 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: input_userauth_request: invalid user mongodb [preauth]
May  8 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: Failed password for invalid user mongodb from 158.101.158.236 port 58244 ssh2
May  8 16:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29281]: Connection closed by 158.101.158.236 port 58244 [preauth]
May  8 16:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Invalid user mongodb from 158.101.158.236
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: input_userauth_request: invalid user mongodb [preauth]
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: Invalid user apolo from 45.163.1.222
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: input_userauth_request: invalid user apolo [preauth]
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Failed password for invalid user mongodb from 158.101.158.236 port 58252 ssh2
May  8 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: Failed password for invalid user apolo from 45.163.1.222 port 47250 ssh2
May  8 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Connection closed by 158.101.158.236 port 58252 [preauth]
May  8 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: Received disconnect from 45.163.1.222 port 47250:11: Bye Bye [preauth]
May  8 16:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29292]: Disconnected from 45.163.1.222 port 47250 [preauth]
May  8 16:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Invalid user app from 158.101.158.236
May  8 16:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: input_userauth_request: invalid user app [preauth]
May  8 16:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Failed password for root from 185.247.118.77 port 51546 ssh2
May  8 16:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Received disconnect from 185.247.118.77 port 51546:11: Bye Bye [preauth]
May  8 16:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29318]: Disconnected from 185.247.118.77 port 51546 [preauth]
May  8 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Failed password for invalid user app from 158.101.158.236 port 57198 ssh2
May  8 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29329]: Connection closed by 158.101.158.236 port 57198 [preauth]
May  8 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Invalid user thomas from 116.193.190.174
May  8 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: input_userauth_request: invalid user thomas [preauth]
May  8 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session closed for user root
May  8 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Failed password for invalid user thomas from 116.193.190.174 port 33350 ssh2
May  8 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Received disconnect from 116.193.190.174 port 33350:11: Bye Bye [preauth]
May  8 16:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Disconnected from 116.193.190.174 port 33350 [preauth]
May  8 16:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29372]: Failed password for root from 197.248.178.226 port 40774 ssh2
May  8 16:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29372]: Received disconnect from 197.248.178.226 port 40774:11: Bye Bye [preauth]
May  8 16:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29372]: Disconnected from 197.248.178.226 port 40774 [preauth]
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29426]: pam_unix(cron:session): session closed for user root
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29428]: pam_unix(cron:session): session closed for user p13x
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: Successful su for rubyman by root
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: + ??? root:rubyman
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354182 of user rubyman.
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session closed for user rubyman
May  8 16:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354182.
May  8 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26398]: pam_unix(cron:session): session closed for user root
May  8 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Invalid user jing from 176.109.92.170
May  8 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: input_userauth_request: invalid user jing [preauth]
May  8 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29429]: pam_unix(cron:session): session closed for user samftp
May  8 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Failed password for invalid user jing from 176.109.92.170 port 46401 ssh2
May  8 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Received disconnect from 176.109.92.170 port 46401:11: Bye Bye [preauth]
May  8 16:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29651]: Disconnected from 176.109.92.170 port 46401 [preauth]
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:34.76.105.151
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Invalid user vagrant from 158.101.158.236
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: input_userauth_request: invalid user vagrant [preauth]
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Failed password for invalid user vagrant from 158.101.158.236 port 35264 ssh2
May  8 16:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29729]: Connection closed by 158.101.158.236 port 35264 [preauth]
May  8 16:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28441]: pam_unix(cron:session): session closed for user root
May  8 16:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Invalid user marmot from 69.166.232.229
May  8 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: input_userauth_request: invalid user marmot [preauth]
May  8 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Failed password for invalid user marmot from 69.166.232.229 port 33378 ssh2
May  8 16:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Received disconnect from 69.166.232.229 port 33378:11: Bye Bye [preauth]
May  8 16:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29803]: Disconnected from 69.166.232.229 port 33378 [preauth]
May  8 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Invalid user steam from 158.101.158.236
May  8 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: input_userauth_request: invalid user steam [preauth]
May  8 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Failed password for invalid user steam from 158.101.158.236 port 57674 ssh2
May  8 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29838]: Connection closed by 158.101.158.236 port 57674 [preauth]
May  8 16:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 16:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: Failed password for root from 165.154.14.28 port 32846 ssh2
May  8 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Failed password for root from 186.208.159.26 port 60328 ssh2
May  8 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: Received disconnect from 165.154.14.28 port 32846:11: Bye Bye [preauth]
May  8 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29840]: Disconnected from 165.154.14.28 port 32846 [preauth]
May  8 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Received disconnect from 186.208.159.26 port 60328:11: Bye Bye [preauth]
May  8 16:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29842]: Disconnected from 186.208.159.26 port 60328 [preauth]
May  8 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29865]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29864]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29864]: pam_unix(cron:session): session closed for user p13x
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29928]: Successful su for rubyman by root
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29928]: + ??? root:rubyman
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354187 of user rubyman.
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29928]: pam_unix(su:session): session closed for user rubyman
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354187.
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: Invalid user deploy from 158.101.158.236
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: input_userauth_request: invalid user deploy [preauth]
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: Failed password for invalid user deploy from 158.101.158.236 port 56660 ssh2
May  8 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29939]: Connection closed by 158.101.158.236 port 56660 [preauth]
May  8 16:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session closed for user root
May  8 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: Invalid user taiko from 189.167.51.249
May  8 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: input_userauth_request: invalid user taiko [preauth]
May  8 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Invalid user demo from 158.101.158.236
May  8 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: input_userauth_request: invalid user demo [preauth]
May  8 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29865]: pam_unix(cron:session): session closed for user samftp
May  8 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: Failed password for invalid user taiko from 189.167.51.249 port 36742 ssh2
May  8 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: Received disconnect from 189.167.51.249 port 36742:11: Bye Bye [preauth]
May  8 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30094]: Disconnected from 189.167.51.249 port 36742 [preauth]
May  8 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Failed password for invalid user demo from 158.101.158.236 port 56664 ssh2
May  8 16:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30102]: Connection closed by 158.101.158.236 port 56664 [preauth]
May  8 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Invalid user deploy from 158.101.158.236
May  8 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: input_userauth_request: invalid user deploy [preauth]
May  8 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Failed password for invalid user deploy from 158.101.158.236 port 56678 ssh2
May  8 16:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30129]: Connection closed by 158.101.158.236 port 56678 [preauth]
May  8 16:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Failed password for root from 64.227.158.157 port 52524 ssh2
May  8 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Received disconnect from 64.227.158.157 port 52524:11: Bye Bye [preauth]
May  8 16:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30154]: Disconnected from 64.227.158.157 port 52524 [preauth]
May  8 16:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Invalid user pi from 158.101.158.236
May  8 16:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: input_userauth_request: invalid user pi [preauth]
May  8 16:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Failed password for invalid user pi from 158.101.158.236 port 44232 ssh2
May  8 16:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30166]: Connection closed by 158.101.158.236 port 44232 [preauth]
May  8 16:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 16:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: Invalid user dev from 158.101.158.236
May  8 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: input_userauth_request: invalid user dev [preauth]
May  8 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Failed password for root from 194.0.234.19 port 34910 ssh2
May  8 16:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30178]: Connection closed by 194.0.234.19 port 34910 [preauth]
May  8 16:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: Failed password for invalid user dev from 158.101.158.236 port 44246 ssh2
May  8 16:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30190]: Connection closed by 158.101.158.236 port 44246 [preauth]
May  8 16:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28885]: pam_unix(cron:session): session closed for user root
May  8 16:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Failed password for root from 180.253.142.73 port 41326 ssh2
May  8 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Received disconnect from 180.253.142.73 port 41326:11: Bye Bye [preauth]
May  8 16:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30219]: Disconnected from 180.253.142.73 port 41326 [preauth]
May  8 16:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Failed password for root from 88.142.46.185 port 47534 ssh2
May  8 16:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Received disconnect from 88.142.46.185 port 47534:11: Bye Bye [preauth]
May  8 16:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30265]: Disconnected from 88.142.46.185 port 47534 [preauth]
May  8 16:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30281]: pam_unix(cron:session): session closed for user p13x
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: Successful su for rubyman by root
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: + ??? root:rubyman
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354190 of user rubyman.
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30345]: pam_unix(su:session): session closed for user rubyman
May  8 16:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354190.
May  8 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Failed password for root from 136.232.203.134 port 22997 ssh2
May  8 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Received disconnect from 136.232.203.134 port 22997:11: Bye Bye [preauth]
May  8 16:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30276]: Disconnected from 136.232.203.134 port 22997 [preauth]
May  8 16:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27579]: pam_unix(cron:session): session closed for user root
May  8 16:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30282]: pam_unix(cron:session): session closed for user samftp
May  8 16:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Invalid user psadmin from 43.153.195.114
May  8 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: input_userauth_request: invalid user psadmin [preauth]
May  8 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Failed password for invalid user psadmin from 43.153.195.114 port 58944 ssh2
May  8 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Received disconnect from 43.153.195.114 port 58944:11: Bye Bye [preauth]
May  8 16:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30539]: Disconnected from 43.153.195.114 port 58944 [preauth]
May  8 16:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user root
May  8 16:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: Invalid user rabbitmq from 158.101.158.236
May  8 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: input_userauth_request: invalid user rabbitmq [preauth]
May  8 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: Failed password for invalid user rabbitmq from 158.101.158.236 port 43888 ssh2
May  8 16:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30671]: Connection closed by 158.101.158.236 port 43888 [preauth]
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30694]: pam_unix(cron:session): session closed for user root
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30689]: pam_unix(cron:session): session closed for user p13x
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30758]: Successful su for rubyman by root
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30758]: + ??? root:rubyman
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354193 of user rubyman.
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30758]: pam_unix(su:session): session closed for user rubyman
May  8 16:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354193.
May  8 16:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30691]: pam_unix(cron:session): session closed for user root
May  8 16:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session closed for user root
May  8 16:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30690]: pam_unix(cron:session): session closed for user samftp
May  8 16:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Invalid user wang from 158.101.158.236
May  8 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: input_userauth_request: invalid user wang [preauth]
May  8 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Failed password for invalid user wang from 158.101.158.236 port 54306 ssh2
May  8 16:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31067]: Connection closed by 158.101.158.236 port 54306 [preauth]
May  8 16:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 16:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Failed password for root from 218.92.0.231 port 41734 ssh2
May  8 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 41734 ssh2]
May  8 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Received disconnect from 218.92.0.231 port 41734:11:  [preauth]
May  8 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: Disconnected from 218.92.0.231 port 41734 [preauth]
May  8 16:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31097]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Invalid user uftp from 158.101.158.236
May  8 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: input_userauth_request: invalid user uftp [preauth]
May  8 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Failed password for invalid user uftp from 158.101.158.236 port 42710 ssh2
May  8 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31129]: Connection closed by 158.101.158.236 port 42710 [preauth]
May  8 16:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: User ftp from 158.101.158.236 not allowed because not listed in AllowUsers
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: input_userauth_request: invalid user ftp [preauth]
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=ftp
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Invalid user awsgui from 158.101.158.236
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: input_userauth_request: invalid user awsgui [preauth]
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29867]: pam_unix(cron:session): session closed for user root
May  8 16:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: Failed password for invalid user ftp from 158.101.158.236 port 42702 ssh2
May  8 16:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31142]: Connection closed by 158.101.158.236 port 42702 [preauth]
May  8 16:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for invalid user awsgui from 158.101.158.236 port 60542 ssh2
May  8 16:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Connection closed by 158.101.158.236 port 60542 [preauth]
May  8 16:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Invalid user dolphinscheduler from 158.101.158.236
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Invalid user elasticsearch from 158.101.158.236
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Failed password for invalid user dolphinscheduler from 158.101.158.236 port 60554 ssh2
May  8 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Connection closed by 158.101.158.236 port 60554 [preauth]
May  8 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Failed password for invalid user elasticsearch from 158.101.158.236 port 41310 ssh2
May  8 16:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31181]: Connection closed by 158.101.158.236 port 41310 [preauth]
May  8 16:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Failed password for root from 158.101.158.236 port 60566 ssh2
May  8 16:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31183]: Connection closed by 158.101.158.236 port 60566 [preauth]
May  8 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user p13x
May  8 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: Successful su for rubyman by root
May  8 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: + ??? root:rubyman
May  8 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354200 of user rubyman.
May  8 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31320]: pam_unix(su:session): session closed for user rubyman
May  8 16:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354200.
May  8 16:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28440]: pam_unix(cron:session): session closed for user root
May  8 16:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session closed for user samftp
May  8 16:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236  user=root
May  8 16:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Failed password for root from 158.101.158.236 port 49038 ssh2
May  8 16:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Connection closed by 158.101.158.236 port 49038 [preauth]
May  8 16:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Invalid user dev from 115.72.8.68
May  8 16:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: input_userauth_request: invalid user dev [preauth]
May  8 16:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Failed password for invalid user dev from 115.72.8.68 port 59464 ssh2
May  8 16:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Received disconnect from 115.72.8.68 port 59464:11: Bye Bye [preauth]
May  8 16:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31518]: Disconnected from 115.72.8.68 port 59464 [preauth]
May  8 16:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Invalid user blog from 176.109.92.170
May  8 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: input_userauth_request: invalid user blog [preauth]
May  8 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Invalid user nvidia from 158.101.158.236
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: input_userauth_request: invalid user nvidia [preauth]
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: Failed password for root from 185.247.118.77 port 35312 ssh2
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: Received disconnect from 185.247.118.77 port 35312:11: Bye Bye [preauth]
May  8 16:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31542]: Disconnected from 185.247.118.77 port 35312 [preauth]
May  8 16:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Failed password for invalid user nvidia from 158.101.158.236 port 37402 ssh2
May  8 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31548]: Connection closed by 158.101.158.236 port 37402 [preauth]
May  8 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Failed password for invalid user blog from 176.109.92.170 port 30163 ssh2
May  8 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Received disconnect from 176.109.92.170 port 30163:11: Bye Bye [preauth]
May  8 16:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31546]: Disconnected from 176.109.92.170 port 30163 [preauth]
May  8 16:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30284]: pam_unix(cron:session): session closed for user root
May  8 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: Invalid user es from 158.101.158.236
May  8 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: input_userauth_request: invalid user es [preauth]
May  8 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: Failed password for invalid user es from 158.101.158.236 port 57346 ssh2
May  8 16:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31664]: Connection closed by 158.101.158.236 port 57346 [preauth]
May  8 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Invalid user sugi from 158.101.158.236
May  8 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: input_userauth_request: invalid user sugi [preauth]
May  8 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.101.158.236
May  8 16:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Failed password for invalid user sugi from 158.101.158.236 port 57362 ssh2
May  8 16:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31686]: Connection closed by 158.101.158.236 port 57362 [preauth]
May  8 16:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31707]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31704]: pam_unix(cron:session): session closed for user p13x
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31765]: Successful su for rubyman by root
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31765]: + ??? root:rubyman
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31765]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354204 of user rubyman.
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31765]: pam_unix(su:session): session closed for user rubyman
May  8 16:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354204.
May  8 16:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28884]: pam_unix(cron:session): session closed for user root
May  8 16:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31705]: pam_unix(cron:session): session closed for user samftp
May  8 16:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Failed password for root from 218.92.0.233 port 54880 ssh2
May  8 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 54880 ssh2]
May  8 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Received disconnect from 218.92.0.233 port 54880:11:  [preauth]
May  8 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: Disconnected from 218.92.0.233 port 54880 [preauth]
May  8 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32055]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Failed password for root from 218.92.0.233 port 51924 ssh2
May  8 16:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 51924 ssh2]
May  8 16:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Received disconnect from 218.92.0.233 port 51924:11:  [preauth]
May  8 16:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: Disconnected from 218.92.0.233 port 51924 [preauth]
May  8 16:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32221]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for root from 218.92.0.233 port 38958 ssh2
May  8 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Invalid user n from 45.163.1.222
May  8 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: input_userauth_request: invalid user n [preauth]
May  8 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 16:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for root from 218.92.0.233 port 38958 ssh2
May  8 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Failed password for invalid user n from 45.163.1.222 port 52082 ssh2
May  8 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Received disconnect from 45.163.1.222 port 52082:11: Bye Bye [preauth]
May  8 16:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32303]: Disconnected from 45.163.1.222 port 52082 [preauth]
May  8 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: Failed password for root from 197.248.178.226 port 42778 ssh2
May  8 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: Received disconnect from 197.248.178.226 port 42778:11: Bye Bye [preauth]
May  8 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32305]: Disconnected from 197.248.178.226 port 42778 [preauth]
May  8 16:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for root from 218.92.0.233 port 38958 ssh2
May  8 16:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Received disconnect from 218.92.0.233 port 38958:11:  [preauth]
May  8 16:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Disconnected from 218.92.0.233 port 38958 [preauth]
May  8 16:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 16:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30693]: pam_unix(cron:session): session closed for user root
May  8 16:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Invalid user reboot from 85.208.84.134
May  8 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: input_userauth_request: invalid user reboot [preauth]
May  8 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 16:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Failed password for invalid user reboot from 85.208.84.134 port 37182 ssh2
May  8 16:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32408]: Connection closed by 85.208.84.134 port 37182 [preauth]
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session closed for user p13x
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Failed password for root from 218.92.0.232 port 55776 ssh2
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: Successful su for rubyman by root
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: + ??? root:rubyman
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354208 of user rubyman.
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: pam_unix(su:session): session closed for user rubyman
May  8 16:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354208.
May  8 16:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Failed password for root from 218.92.0.232 port 55776 ssh2
May  8 16:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session closed for user root
May  8 16:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Failed password for root from 218.92.0.232 port 55776 ssh2
May  8 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Received disconnect from 218.92.0.232 port 55776:11:  [preauth]
May  8 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: Disconnected from 218.92.0.232 port 55776 [preauth]
May  8 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32418]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session closed for user samftp
May  8 16:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 16:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Failed password for root from 189.167.51.249 port 57046 ssh2
May  8 16:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Received disconnect from 189.167.51.249 port 57046:11: Bye Bye [preauth]
May  8 16:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[332]: Disconnected from 189.167.51.249 port 57046 [preauth]
May  8 16:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Invalid user niklas from 116.193.190.174
May  8 16:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: input_userauth_request: invalid user niklas [preauth]
May  8 16:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Failed password for invalid user niklas from 116.193.190.174 port 59702 ssh2
May  8 16:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Received disconnect from 116.193.190.174 port 59702:11: Bye Bye [preauth]
May  8 16:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[385]: Disconnected from 116.193.190.174 port 59702 [preauth]
May  8 16:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 218.92.0.232 port 42782 ssh2
May  8 16:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Invalid user frappe from 88.142.46.185
May  8 16:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: input_userauth_request: invalid user frappe [preauth]
May  8 16:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 218.92.0.232 port 42782 ssh2
May  8 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Failed password for invalid user frappe from 88.142.46.185 port 56196 ssh2
May  8 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Received disconnect from 88.142.46.185 port 56196:11: Bye Bye [preauth]
May  8 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[447]: Disconnected from 88.142.46.185 port 56196 [preauth]
May  8 16:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user root
May  8 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 218.92.0.232 port 42782 ssh2
May  8 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Received disconnect from 218.92.0.232 port 42782:11:  [preauth]
May  8 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Disconnected from 218.92.0.232 port 42782 [preauth]
May  8 16:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Invalid user daniela from 69.166.232.229
May  8 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: input_userauth_request: invalid user daniela [preauth]
May  8 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Invalid user psadmin from 186.208.159.26
May  8 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: input_userauth_request: invalid user psadmin [preauth]
May  8 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 16:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Failed password for invalid user daniela from 69.166.232.229 port 36294 ssh2
May  8 16:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Received disconnect from 69.166.232.229 port 36294:11: Bye Bye [preauth]
May  8 16:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[510]: Disconnected from 69.166.232.229 port 36294 [preauth]
May  8 16:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Failed password for invalid user psadmin from 186.208.159.26 port 39876 ssh2
May  8 16:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Received disconnect from 186.208.159.26 port 39876:11: Bye Bye [preauth]
May  8 16:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[517]: Disconnected from 186.208.159.26 port 39876 [preauth]
May  8 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Failed password for root from 64.227.158.157 port 60544 ssh2
May  8 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Received disconnect from 64.227.158.157 port 60544:11: Bye Bye [preauth]
May  8 16:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Disconnected from 64.227.158.157 port 60544 [preauth]
May  8 16:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: Invalid user giorgio from 175.6.36.108
May  8 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: input_userauth_request: invalid user giorgio [preauth]
May  8 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 16:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: Failed password for invalid user giorgio from 175.6.36.108 port 53986 ssh2
May  8 16:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: Received disconnect from 175.6.36.108 port 53986:11: Bye Bye [preauth]
May  8 16:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[555]: Disconnected from 175.6.36.108 port 53986 [preauth]
May  8 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[576]: pam_unix(cron:session): session closed for user p13x
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: Successful su for rubyman by root
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: + ??? root:rubyman
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354211 of user rubyman.
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[646]: pam_unix(su:session): session closed for user rubyman
May  8 16:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354211.
May  8 16:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29866]: pam_unix(cron:session): session closed for user root
May  8 16:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 16:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[577]: pam_unix(cron:session): session closed for user samftp
May  8 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Failed password for root from 165.154.14.28 port 59444 ssh2
May  8 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Received disconnect from 165.154.14.28 port 59444:11: Bye Bye [preauth]
May  8 16:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[827]: Disconnected from 165.154.14.28 port 59444 [preauth]
May  8 16:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Invalid user joseph from 43.153.195.114
May  8 16:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: input_userauth_request: invalid user joseph [preauth]
May  8 16:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 16:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Failed password for invalid user joseph from 43.153.195.114 port 50646 ssh2
May  8 16:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Received disconnect from 43.153.195.114 port 50646:11: Bye Bye [preauth]
May  8 16:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[899]: Disconnected from 43.153.195.114 port 50646 [preauth]
May  8 16:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31707]: pam_unix(cron:session): session closed for user root
May  8 16:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Failed password for root from 136.232.203.134 port 65532 ssh2
May  8 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Received disconnect from 136.232.203.134 port 65532:11: Bye Bye [preauth]
May  8 16:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Disconnected from 136.232.203.134 port 65532 [preauth]
May  8 16:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Failed password for root from 180.253.142.73 port 47520 ssh2
May  8 16:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Received disconnect from 180.253.142.73 port 47520:11: Bye Bye [preauth]
May  8 16:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1024]: Disconnected from 180.253.142.73 port 47520 [preauth]
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1063]: pam_unix(cron:session): session closed for user root
May  8 16:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1053]: pam_unix(cron:session): session closed for user p13x
May  8 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: Successful su for rubyman by root
May  8 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: + ??? root:rubyman
May  8 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354218 of user rubyman.
May  8 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1134]: pam_unix(su:session): session closed for user rubyman
May  8 16:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354218.
May  8 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1059]: pam_unix(cron:session): session closed for user root
May  8 16:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30283]: pam_unix(cron:session): session closed for user root
May  8 16:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1058]: pam_unix(cron:session): session closed for user samftp
May  8 16:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Invalid user lch from 176.109.92.170
May  8 16:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: input_userauth_request: invalid user lch [preauth]
May  8 16:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Failed password for invalid user lch from 176.109.92.170 port 21390 ssh2
May  8 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Received disconnect from 176.109.92.170 port 21390:11: Bye Bye [preauth]
May  8 16:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1473]: Disconnected from 176.109.92.170 port 21390 [preauth]
May  8 16:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32426]: pam_unix(cron:session): session closed for user root
May  8 16:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: Failed password for root from 164.68.105.9 port 40590 ssh2
May  8 16:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1504]: Connection closed by 164.68.105.9 port 40590 [preauth]
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1575]: pam_unix(cron:session): session closed for user p13x
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1651]: Successful su for rubyman by root
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1651]: + ??? root:rubyman
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354222 of user rubyman.
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1651]: pam_unix(su:session): session closed for user rubyman
May  8 16:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354222.
May  8 16:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30692]: pam_unix(cron:session): session closed for user root
May  8 16:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1576]: pam_unix(cron:session): session closed for user samftp
May  8 16:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Invalid user rr1 from 185.247.118.77
May  8 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: input_userauth_request: invalid user rr1 [preauth]
May  8 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 16:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Failed password for invalid user rr1 from 185.247.118.77 port 46268 ssh2
May  8 16:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Received disconnect from 185.247.118.77 port 46268:11: Bye Bye [preauth]
May  8 16:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1874]: Disconnected from 185.247.118.77 port 46268 [preauth]
May  8 16:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[580]: pam_unix(cron:session): session closed for user root
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2106]: pam_unix(cron:session): session closed for user p13x
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: Successful su for rubyman by root
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: + ??? root:rubyman
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354227 of user rubyman.
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2174]: pam_unix(su:session): session closed for user rubyman
May  8 16:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354227.
May  8 16:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session closed for user root
May  8 16:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2107]: pam_unix(cron:session): session closed for user samftp
May  8 16:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 16:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Failed password for root from 115.72.8.68 port 49311 ssh2
May  8 16:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Received disconnect from 115.72.8.68 port 49311:11: Bye Bye [preauth]
May  8 16:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2391]: Disconnected from 115.72.8.68 port 49311 [preauth]
May  8 16:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1061]: pam_unix(cron:session): session closed for user root
May  8 16:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: Invalid user miran from 88.142.46.185
May  8 16:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: input_userauth_request: invalid user miran [preauth]
May  8 16:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Invalid user " from 195.178.110.50
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: input_userauth_request: invalid user " [preauth]
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: Failed password for invalid user miran from 88.142.46.185 port 36612 ssh2
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: Received disconnect from 88.142.46.185 port 36612:11: Bye Bye [preauth]
May  8 16:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2529]: Disconnected from 88.142.46.185 port 36612 [preauth]
May  8 16:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Failed password for invalid user " from 195.178.110.50 port 27144 ssh2
May  8 16:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2493]: Connection closed by 195.178.110.50 port 27144 [preauth]
May  8 16:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session closed for user p13x
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: Successful su for rubyman by root
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: + ??? root:rubyman
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354231 of user rubyman.
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2625]: pam_unix(su:session): session closed for user rubyman
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354231.
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Invalid user kodi from 189.167.51.249
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: input_userauth_request: invalid user kodi [preauth]
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31706]: pam_unix(cron:session): session closed for user root
May  8 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Failed password for invalid user kodi from 189.167.51.249 port 36154 ssh2
May  8 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Received disconnect from 189.167.51.249 port 36154:11: Bye Bye [preauth]
May  8 16:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2643]: Disconnected from 189.167.51.249 port 36154 [preauth]
May  8 16:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2552]: pam_unix(cron:session): session closed for user samftp
May  8 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Invalid user + from 195.178.110.50
May  8 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: input_userauth_request: invalid user + [preauth]
May  8 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: pam_unix(sshd:auth): bad username [+]
May  8 16:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Failed password for invalid user + from 195.178.110.50 port 25258 ssh2
May  8 16:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2539]: Connection closed by 195.178.110.50 port 25258 [preauth]
May  8 16:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Invalid user rr1 from 197.248.178.226
May  8 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: input_userauth_request: invalid user rr1 [preauth]
May  8 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Failed password for invalid user rr1 from 197.248.178.226 port 40440 ssh2
May  8 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Received disconnect from 197.248.178.226 port 40440:11: Bye Bye [preauth]
May  8 16:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2848]: Disconnected from 197.248.178.226 port 40440 [preauth]
May  8 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Invalid user 4 from 195.178.110.50
May  8 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: input_userauth_request: invalid user 4 [preauth]
May  8 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 16:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Failed password for invalid user 4 from 195.178.110.50 port 25770 ssh2
May  8 16:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1578]: pam_unix(cron:session): session closed for user root
May  8 16:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2847]: Connection closed by 195.178.110.50 port 25770 [preauth]
May  8 16:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Failed password for root from 45.163.1.222 port 54850 ssh2
May  8 16:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Received disconnect from 45.163.1.222 port 54850:11: Bye Bye [preauth]
May  8 16:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2902]: Disconnected from 45.163.1.222 port 54850 [preauth]
May  8 16:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Invalid user = from 195.178.110.50
May  8 16:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: input_userauth_request: invalid user = [preauth]
May  8 16:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 16:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Failed password for invalid user = from 195.178.110.50 port 16730 ssh2
May  8 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2933]: Connection closed by 195.178.110.50 port 16730 [preauth]
May  8 16:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3004]: pam_unix(cron:session): session closed for user p13x
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3066]: Successful su for rubyman by root
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3066]: + ??? root:rubyman
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354235 of user rubyman.
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3066]: pam_unix(su:session): session closed for user rubyman
May  8 16:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354235.
May  8 16:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Failed password for root from 218.92.0.217 port 59774 ssh2
May  8 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Invalid user F from 195.178.110.50
May  8 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: input_userauth_request: invalid user F [preauth]
May  8 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 16:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32425]: pam_unix(cron:session): session closed for user root
May  8 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Failed password for invalid user F from 195.178.110.50 port 30942 ssh2
May  8 16:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Failed password for root from 218.92.0.217 port 59774 ssh2
May  8 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3005]: pam_unix(cron:session): session closed for user samftp
May  8 16:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Connection closed by 195.178.110.50 port 30942 [preauth]
May  8 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Failed password for root from 218.92.0.217 port 59774 ssh2
May  8 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Received disconnect from 218.92.0.217 port 59774:11:  [preauth]
May  8 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: Disconnected from 218.92.0.217 port 59774 [preauth]
May  8 16:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2992]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Invalid user wow from 64.227.158.157
May  8 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: input_userauth_request: invalid user wow [preauth]
May  8 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Failed password for invalid user wow from 64.227.158.157 port 55492 ssh2
May  8 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Received disconnect from 64.227.158.157 port 55492:11: Bye Bye [preauth]
May  8 16:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3257]: Disconnected from 64.227.158.157 port 55492 [preauth]
May  8 16:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Invalid user mohammad from 43.153.195.114
May  8 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: input_userauth_request: invalid user mohammad [preauth]
May  8 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 16:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Failed password for invalid user mohammad from 43.153.195.114 port 58942 ssh2
May  8 16:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Received disconnect from 43.153.195.114 port 58942:11: Bye Bye [preauth]
May  8 16:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3309]: Disconnected from 43.153.195.114 port 58942 [preauth]
May  8 16:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2109]: pam_unix(cron:session): session closed for user root
May  8 16:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: Invalid user saude from 69.166.232.229
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: input_userauth_request: invalid user saude [preauth]
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Invalid user mohammad from 186.208.159.26
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: input_userauth_request: invalid user mohammad [preauth]
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 16:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Invalid user link from 176.109.92.170
May  8 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: input_userauth_request: invalid user link [preauth]
May  8 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: Failed password for invalid user saude from 69.166.232.229 port 44648 ssh2
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: Received disconnect from 69.166.232.229 port 44648:11: Bye Bye [preauth]
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3361]: Disconnected from 69.166.232.229 port 44648 [preauth]
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Failed password for invalid user mohammad from 186.208.159.26 port 47666 ssh2
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Received disconnect from 186.208.159.26 port 47666:11: Bye Bye [preauth]
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3363]: Disconnected from 186.208.159.26 port 47666 [preauth]
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Failed password for invalid user link from 176.109.92.170 port 24891 ssh2
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Invalid user mysqld from 116.193.190.174
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: input_userauth_request: invalid user mysqld [preauth]
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Received disconnect from 176.109.92.170 port 24891:11: Bye Bye [preauth]
May  8 16:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3365]: Disconnected from 176.109.92.170 port 24891 [preauth]
May  8 16:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Invalid user squid from 85.208.84.4
May  8 16:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: input_userauth_request: invalid user squid [preauth]
May  8 16:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 16:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Failed password for invalid user mysqld from 116.193.190.174 port 52336 ssh2
May  8 16:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Received disconnect from 116.193.190.174 port 52336:11: Bye Bye [preauth]
May  8 16:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3367]: Disconnected from 116.193.190.174 port 52336 [preauth]
May  8 16:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Failed password for invalid user squid from 85.208.84.4 port 40996 ssh2
May  8 16:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3386]: Connection closed by 85.208.84.4 port 40996 [preauth]
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3447]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3448]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session closed for user root
May  8 16:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3447]: pam_unix(cron:session): session closed for user p13x
May  8 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3518]: Successful su for rubyman by root
May  8 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3518]: + ??? root:rubyman
May  8 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3518]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354238 of user rubyman.
May  8 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3518]: pam_unix(su:session): session closed for user rubyman
May  8 16:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354238.
May  8 16:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3449]: pam_unix(cron:session): session closed for user root
May  8 16:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[578]: pam_unix(cron:session): session closed for user root
May  8 16:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3448]: pam_unix(cron:session): session closed for user samftp
May  8 16:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Failed password for root from 136.232.203.134 port 8436 ssh2
May  8 16:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Received disconnect from 136.232.203.134 port 8436:11: Bye Bye [preauth]
May  8 16:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3751]: Disconnected from 136.232.203.134 port 8436 [preauth]
May  8 16:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Invalid user webdev from 165.154.14.28
May  8 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: input_userauth_request: invalid user webdev [preauth]
May  8 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 16:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Failed password for invalid user webdev from 165.154.14.28 port 34812 ssh2
May  8 16:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Received disconnect from 165.154.14.28 port 34812:11: Bye Bye [preauth]
May  8 16:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3775]: Disconnected from 165.154.14.28 port 34812 [preauth]
May  8 16:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Invalid user admin from 80.94.95.112
May  8 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: input_userauth_request: invalid user admin [preauth]
May  8 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 16:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Failed password for invalid user admin from 80.94.95.112 port 53108 ssh2
May  8 16:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Failed password for invalid user admin from 80.94.95.112 port 53108 ssh2
May  8 16:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Failed password for invalid user admin from 80.94.95.112 port 53108 ssh2
May  8 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2555]: pam_unix(cron:session): session closed for user root
May  8 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Failed password for invalid user admin from 80.94.95.112 port 53108 ssh2
May  8 16:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Failed password for invalid user admin from 80.94.95.112 port 53108 ssh2
May  8 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Received disconnect from 80.94.95.112 port 53108:11: Bye [preauth]
May  8 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: Disconnected from 80.94.95.112 port 53108 [preauth]
May  8 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 16:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3817]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 16:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Invalid user webdev from 185.247.118.77
May  8 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: input_userauth_request: invalid user webdev [preauth]
May  8 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 16:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Failed password for invalid user webdev from 185.247.118.77 port 65308 ssh2
May  8 16:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Received disconnect from 185.247.118.77 port 65308:11: Bye Bye [preauth]
May  8 16:30:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Disconnected from 185.247.118.77 port 65308 [preauth]
May  8 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3914]: pam_unix(cron:session): session closed for user p13x
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4019]: Successful su for rubyman by root
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4019]: + ??? root:rubyman
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354243 of user rubyman.
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4019]: pam_unix(su:session): session closed for user rubyman
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354243.
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Invalid user dasusr1 from 180.253.142.73
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: input_userauth_request: invalid user dasusr1 [preauth]
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Failed password for invalid user dasusr1 from 180.253.142.73 port 56750 ssh2
May  8 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Received disconnect from 180.253.142.73 port 56750:11: Bye Bye [preauth]
May  8 16:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Disconnected from 180.253.142.73 port 56750 [preauth]
May  8 16:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1060]: pam_unix(cron:session): session closed for user root
May  8 16:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3915]: pam_unix(cron:session): session closed for user samftp
May  8 16:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  8 16:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Failed password for root from 218.92.0.112 port 53398 ssh2
May  8 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: message repeated 2 times: [ Failed password for root from 218.92.0.112 port 53398 ssh2]
May  8 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Received disconnect from 218.92.0.112 port 53398:11:  [preauth]
May  8 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: Disconnected from 218.92.0.112 port 53398 [preauth]
May  8 16:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4209]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.112  user=root
May  8 16:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3007]: pam_unix(cron:session): session closed for user root
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session closed for user p13x
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4586]: Successful su for rubyman by root
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4586]: + ??? root:rubyman
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354248 of user rubyman.
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4586]: pam_unix(su:session): session closed for user rubyman
May  8 16:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354248.
May  8 16:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1577]: pam_unix(cron:session): session closed for user root
May  8 16:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4518]: pam_unix(cron:session): session closed for user samftp
May  8 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: Invalid user cui from 88.142.46.185
May  8 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: input_userauth_request: invalid user cui [preauth]
May  8 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: Failed password for invalid user cui from 88.142.46.185 port 45260 ssh2
May  8 16:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: Received disconnect from 88.142.46.185 port 45260:11: Bye Bye [preauth]
May  8 16:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4801]: Disconnected from 88.142.46.185 port 45260 [preauth]
May  8 16:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session closed for user root
May  8 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Invalid user sajan from 190.103.202.7
May  8 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: input_userauth_request: invalid user sajan [preauth]
May  8 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 16:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Failed password for invalid user sajan from 190.103.202.7 port 33976 ssh2
May  8 16:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4870]: Connection closed by 190.103.202.7 port 33976 [preauth]
May  8 16:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Invalid user ccorrea from 189.167.51.249
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: input_userauth_request: invalid user ccorrea [preauth]
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Invalid user ccorrea from 115.72.8.68
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: input_userauth_request: invalid user ccorrea [preauth]
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Failed password for invalid user ccorrea from 189.167.51.249 port 33834 ssh2
May  8 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Received disconnect from 189.167.51.249 port 33834:11: Bye Bye [preauth]
May  8 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Disconnected from 189.167.51.249 port 33834 [preauth]
May  8 16:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Failed password for invalid user ccorrea from 115.72.8.68 port 39168 ssh2
May  8 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Received disconnect from 115.72.8.68 port 39168:11: Bye Bye [preauth]
May  8 16:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4935]: Disconnected from 115.72.8.68 port 39168 [preauth]
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4961]: pam_unix(cron:session): session closed for user p13x
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5205]: Successful su for rubyman by root
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5205]: + ??? root:rubyman
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354252 of user rubyman.
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5205]: pam_unix(su:session): session closed for user rubyman
May  8 16:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354252.
May  8 16:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2108]: pam_unix(cron:session): session closed for user root
May  8 16:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4962]: pam_unix(cron:session): session closed for user samftp
May  8 16:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3917]: pam_unix(cron:session): session closed for user root
May  8 16:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Failed password for root from 197.248.178.226 port 50864 ssh2
May  8 16:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Received disconnect from 197.248.178.226 port 50864:11: Bye Bye [preauth]
May  8 16:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5573]: Disconnected from 197.248.178.226 port 50864 [preauth]
May  8 16:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Invalid user niklas from 176.109.92.170
May  8 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: input_userauth_request: invalid user niklas [preauth]
May  8 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5611]: pam_unix(cron:session): session closed for user p13x
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: Successful su for rubyman by root
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: + ??? root:rubyman
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354255 of user rubyman.
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5680]: pam_unix(su:session): session closed for user rubyman
May  8 16:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354255.
May  8 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Failed password for invalid user niklas from 176.109.92.170 port 28387 ssh2
May  8 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Received disconnect from 176.109.92.170 port 28387:11: Bye Bye [preauth]
May  8 16:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5608]: Disconnected from 176.109.92.170 port 28387 [preauth]
May  8 16:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2554]: pam_unix(cron:session): session closed for user root
May  8 16:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5612]: pam_unix(cron:session): session closed for user samftp
May  8 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4520]: pam_unix(cron:session): session closed for user root
May  8 16:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:34:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Failed password for root from 64.227.158.157 port 34918 ssh2
May  8 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Received disconnect from 64.227.158.157 port 34918:11: Bye Bye [preauth]
May  8 16:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6052]: Disconnected from 64.227.158.157 port 34918 [preauth]
May  8 16:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 16:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: Failed password for root from 45.163.1.222 port 38142 ssh2
May  8 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: Received disconnect from 45.163.1.222 port 38142:11: Bye Bye [preauth]
May  8 16:34:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6070]: Disconnected from 45.163.1.222 port 38142 [preauth]
May  8 16:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Failed password for root from 43.153.195.114 port 50584 ssh2
May  8 16:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Received disconnect from 43.153.195.114 port 50584:11: Bye Bye [preauth]
May  8 16:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6072]: Disconnected from 43.153.195.114 port 50584 [preauth]
May  8 16:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Invalid user piotr from 175.6.36.108
May  8 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: input_userauth_request: invalid user piotr [preauth]
May  8 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.6.36.108
May  8 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Failed password for invalid user piotr from 175.6.36.108 port 32842 ssh2
May  8 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Received disconnect from 175.6.36.108 port 32842:11: Bye Bye [preauth]
May  8 16:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6098]: Disconnected from 175.6.36.108 port 32842 [preauth]
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6140]: pam_unix(cron:session): session closed for user root
May  8 16:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session closed for user p13x
May  8 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6205]: Successful su for rubyman by root
May  8 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6205]: + ??? root:rubyman
May  8 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6205]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354263 of user rubyman.
May  8 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6205]: pam_unix(su:session): session closed for user rubyman
May  8 16:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354263.
May  8 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user root
May  8 16:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3006]: pam_unix(cron:session): session closed for user root
May  8 16:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session closed for user samftp
May  8 16:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Failed password for root from 186.208.159.26 port 55446 ssh2
May  8 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Received disconnect from 186.208.159.26 port 55446:11: Bye Bye [preauth]
May  8 16:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6481]: Disconnected from 186.208.159.26 port 55446 [preauth]
May  8 16:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session closed for user root
May  8 16:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Invalid user server from 185.247.118.77
May  8 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: input_userauth_request: invalid user server [preauth]
May  8 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Failed password for invalid user server from 185.247.118.77 port 35282 ssh2
May  8 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Received disconnect from 185.247.118.77 port 35282:11: Bye Bye [preauth]
May  8 16:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6519]: Disconnected from 185.247.118.77 port 35282 [preauth]
May  8 16:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Invalid user mohammad from 136.232.203.134
May  8 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: input_userauth_request: invalid user mohammad [preauth]
May  8 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 16:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Invalid user palworld from 69.166.232.229
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: input_userauth_request: invalid user palworld [preauth]
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Failed password for invalid user mohammad from 136.232.203.134 port 57912 ssh2
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Received disconnect from 136.232.203.134 port 57912:11: Bye Bye [preauth]
May  8 16:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6529]: Disconnected from 136.232.203.134 port 57912 [preauth]
May  8 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Failed password for invalid user palworld from 69.166.232.229 port 47722 ssh2
May  8 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Received disconnect from 69.166.232.229 port 47722:11: Bye Bye [preauth]
May  8 16:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6543]: Disconnected from 69.166.232.229 port 47722 [preauth]
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6570]: pam_unix(cron:session): session closed for user p13x
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6643]: Successful su for rubyman by root
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6643]: + ??? root:rubyman
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6643]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354266 of user rubyman.
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6643]: pam_unix(su:session): session closed for user rubyman
May  8 16:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354266.
May  8 16:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session closed for user root
May  8 16:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6571]: pam_unix(cron:session): session closed for user samftp
May  8 16:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Invalid user username from 115.231.78.11
May  8 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: input_userauth_request: invalid user username [preauth]
May  8 16:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6836]: Connection closed by 115.231.78.11 port 30000 [preauth]
May  8 16:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: Invalid user erpadmin from 116.193.190.174
May  8 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: input_userauth_request: invalid user erpadmin [preauth]
May  8 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 16:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: Failed password for invalid user erpadmin from 116.193.190.174 port 49644 ssh2
May  8 16:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: Received disconnect from 116.193.190.174 port 49644:11: Bye Bye [preauth]
May  8 16:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6877]: Disconnected from 116.193.190.174 port 49644 [preauth]
May  8 16:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Failed password for root from 165.154.14.28 port 48124 ssh2
May  8 16:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Received disconnect from 165.154.14.28 port 48124:11: Bye Bye [preauth]
May  8 16:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6879]: Disconnected from 165.154.14.28 port 48124 [preauth]
May  8 16:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5616]: pam_unix(cron:session): session closed for user root
May  8 16:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: Invalid user mohammad from 88.142.46.185
May  8 16:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: input_userauth_request: invalid user mohammad [preauth]
May  8 16:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: Failed password for invalid user mohammad from 88.142.46.185 port 53916 ssh2
May  8 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: Received disconnect from 88.142.46.185 port 53916:11: Bye Bye [preauth]
May  8 16:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7050]: Disconnected from 88.142.46.185 port 53916 [preauth]
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7098]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7097]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7097]: pam_unix(cron:session): session closed for user p13x
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: Successful su for rubyman by root
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: + ??? root:rubyman
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354269 of user rubyman.
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7173]: pam_unix(su:session): session closed for user rubyman
May  8 16:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354269.
May  8 16:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3916]: pam_unix(cron:session): session closed for user root
May  8 16:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7098]: pam_unix(cron:session): session closed for user samftp
May  8 16:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Failed password for root from 180.253.142.73 port 39734 ssh2
May  8 16:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Received disconnect from 180.253.142.73 port 39734:11: Bye Bye [preauth]
May  8 16:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7368]: Disconnected from 180.253.142.73 port 39734 [preauth]
May  8 16:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 16:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6139]: pam_unix(cron:session): session closed for user root
May  8 16:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 218.92.0.237 port 60536 ssh2
May  8 16:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 218.92.0.237 port 60536 ssh2
May  8 16:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 16:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Failed password for root from 218.92.0.237 port 60536 ssh2
May  8 16:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Received disconnect from 218.92.0.237 port 60536:11:  [preauth]
May  8 16:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: Disconnected from 218.92.0.237 port 60536 [preauth]
May  8 16:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7420]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 16:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Failed password for root from 218.92.0.225 port 52872 ssh2
May  8 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 52872 ssh2]
May  8 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Received disconnect from 218.92.0.225 port 52872:11:  [preauth]
May  8 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: Disconnected from 218.92.0.225 port 52872 [preauth]
May  8 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7453]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 16:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Invalid user dan from 189.167.51.249
May  8 16:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: input_userauth_request: invalid user dan [preauth]
May  8 16:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Failed password for invalid user dan from 189.167.51.249 port 60100 ssh2
May  8 16:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Received disconnect from 189.167.51.249 port 60100:11: Bye Bye [preauth]
May  8 16:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7492]: Disconnected from 189.167.51.249 port 60100 [preauth]
May  8 16:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 16:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for root from 218.92.0.225 port 33214 ssh2
May  8 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7618]: pam_unix(cron:session): session closed for user p13x
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7691]: Successful su for rubyman by root
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7691]: + ??? root:rubyman
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354273 of user rubyman.
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7691]: pam_unix(su:session): session closed for user rubyman
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354273.
May  8 16:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for root from 218.92.0.225 port 33214 ssh2
May  8 16:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4519]: pam_unix(cron:session): session closed for user root
May  8 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Failed password for root from 218.92.0.225 port 33214 ssh2
May  8 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Received disconnect from 218.92.0.225 port 33214:11:  [preauth]
May  8 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: Disconnected from 218.92.0.225 port 33214 [preauth]
May  8 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7607]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 16:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7621]: pam_unix(cron:session): session closed for user samftp
May  8 16:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 16:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for root from 218.92.0.225 port 33216 ssh2
May  8 16:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Invalid user sina from 176.109.92.170
May  8 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: input_userauth_request: invalid user sina [preauth]
May  8 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for root from 218.92.0.225 port 33216 ssh2
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Failed password for invalid user sina from 176.109.92.170 port 21427 ssh2
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Received disconnect from 176.109.92.170 port 21427:11: Bye Bye [preauth]
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Disconnected from 176.109.92.170 port 21427 [preauth]
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Failed password for root from 218.92.0.225 port 33216 ssh2
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Received disconnect from 218.92.0.225 port 33216:11:  [preauth]
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: Disconnected from 218.92.0.225 port 33216 [preauth]
May  8 16:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7870]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 16:38:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Invalid user kodi from 115.72.8.68
May  8 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: input_userauth_request: invalid user kodi [preauth]
May  8 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Failed password for invalid user kodi from 115.72.8.68 port 57257 ssh2
May  8 16:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Received disconnect from 115.72.8.68 port 57257:11: Bye Bye [preauth]
May  8 16:38:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7952]: Disconnected from 115.72.8.68 port 57257 [preauth]
May  8 16:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6574]: pam_unix(cron:session): session closed for user root
May  8 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8049]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8051]: pam_unix(cron:session): session closed for user p13x
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8197]: Successful su for rubyman by root
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8197]: + ??? root:rubyman
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8197]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354279 of user rubyman.
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8197]: pam_unix(su:session): session closed for user rubyman
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354279.
May  8 16:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8049]: pam_unix(cron:session): session closed for user root
May  8 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: Invalid user admin from 80.94.95.115
May  8 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: input_userauth_request: invalid user admin [preauth]
May  8 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 16:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4963]: pam_unix(cron:session): session closed for user root
May  8 16:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: Failed password for invalid user admin from 80.94.95.115 port 24306 ssh2
May  8 16:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8052]: pam_unix(cron:session): session closed for user samftp
May  8 16:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8177]: Connection closed by 80.94.95.115 port 24306 [preauth]
May  8 16:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Failed password for root from 218.92.0.232 port 38684 ssh2
May  8 16:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: message repeated 2 times: [ Failed password for root from 218.92.0.232 port 38684 ssh2]
May  8 16:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Received disconnect from 218.92.0.232 port 38684:11:  [preauth]
May  8 16:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: Disconnected from 218.92.0.232 port 38684 [preauth]
May  8 16:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8359]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Invalid user webdev from 197.248.178.226
May  8 16:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: input_userauth_request: invalid user webdev [preauth]
May  8 16:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:39:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 16:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Failed password for root from 218.92.0.232 port 46412 ssh2
May  8 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7101]: pam_unix(cron:session): session closed for user root
May  8 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Failed password for invalid user webdev from 197.248.178.226 port 40898 ssh2
May  8 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Received disconnect from 197.248.178.226 port 40898:11: Bye Bye [preauth]
May  8 16:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8492]: Disconnected from 197.248.178.226 port 40898 [preauth]
May  8 16:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Failed password for root from 218.92.0.232 port 46412 ssh2
May  8 16:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Received disconnect from 218.92.0.232 port 46412:11:  [preauth]
May  8 16:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: Disconnected from 218.92.0.232 port 46412 [preauth]
May  8 16:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8490]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for root from 218.92.0.232 port 38764 ssh2
May  8 16:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for root from 218.92.0.232 port 38764 ssh2
May  8 16:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Failed password for root from 218.92.0.232 port 38764 ssh2
May  8 16:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Received disconnect from 218.92.0.232 port 38764:11:  [preauth]
May  8 16:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: Disconnected from 218.92.0.232 port 38764 [preauth]
May  8 16:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8551]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.232  user=root
May  8 16:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 16:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: Failed password for root from 43.153.195.114 port 33998 ssh2
May  8 16:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: Received disconnect from 43.153.195.114 port 33998:11: Bye Bye [preauth]
May  8 16:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8575]: Disconnected from 43.153.195.114 port 33998 [preauth]
May  8 16:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Failed password for root from 64.227.158.157 port 36188 ssh2
May  8 16:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Received disconnect from 64.227.158.157 port 36188:11: Bye Bye [preauth]
May  8 16:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8587]: Disconnected from 64.227.158.157 port 36188 [preauth]
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8608]: pam_unix(cron:session): session closed for user root
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8603]: pam_unix(cron:session): session closed for user p13x
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: Successful su for rubyman by root
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: + ??? root:rubyman
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354282 of user rubyman.
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8675]: pam_unix(su:session): session closed for user rubyman
May  8 16:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354282.
May  8 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8605]: pam_unix(cron:session): session closed for user root
May  8 16:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5614]: pam_unix(cron:session): session closed for user root
May  8 16:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8604]: pam_unix(cron:session): session closed for user samftp
May  8 16:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Failed password for root from 185.247.118.77 port 50970 ssh2
May  8 16:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Received disconnect from 185.247.118.77 port 50970:11: Bye Bye [preauth]
May  8 16:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8905]: Disconnected from 185.247.118.77 port 50970 [preauth]
May  8 16:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7624]: pam_unix(cron:session): session closed for user root
May  8 16:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9018]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Invalid user ubuntu from 45.163.1.222
May  8 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: input_userauth_request: invalid user ubuntu [preauth]
May  8 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 16:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Failed password for invalid user ubuntu from 45.163.1.222 port 40294 ssh2
May  8 16:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Received disconnect from 45.163.1.222 port 40294:11: Bye Bye [preauth]
May  8 16:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9036]: Disconnected from 45.163.1.222 port 40294 [preauth]
May  8 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9059]: pam_unix(cron:session): session closed for user p13x
May  8 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: Successful su for rubyman by root
May  8 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: + ??? root:rubyman
May  8 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354289 of user rubyman.
May  8 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9224]: pam_unix(su:session): session closed for user rubyman
May  8 16:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354289.
May  8 16:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6138]: pam_unix(cron:session): session closed for user root
May  8 16:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9060]: pam_unix(cron:session): session closed for user samftp
May  8 16:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:41:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Failed password for root from 88.142.46.185 port 34336 ssh2
May  8 16:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Received disconnect from 88.142.46.185 port 34336:11: Bye Bye [preauth]
May  8 16:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9443]: Disconnected from 88.142.46.185 port 34336 [preauth]
May  8 16:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 16:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Failed password for root from 186.208.159.26 port 34994 ssh2
May  8 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Received disconnect from 186.208.159.26 port 34994:11: Bye Bye [preauth]
May  8 16:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9477]: Disconnected from 186.208.159.26 port 34994 [preauth]
May  8 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9480]: Failed password for root from 136.232.203.134 port 32954 ssh2
May  8 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9480]: Received disconnect from 136.232.203.134 port 32954:11: Bye Bye [preauth]
May  8 16:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9480]: Disconnected from 136.232.203.134 port 32954 [preauth]
May  8 16:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8054]: pam_unix(cron:session): session closed for user root
May  8 16:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Invalid user rtc from 69.166.232.229
May  8 16:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: input_userauth_request: invalid user rtc [preauth]
May  8 16:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Failed password for invalid user rtc from 69.166.232.229 port 58504 ssh2
May  8 16:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Received disconnect from 69.166.232.229 port 58504:11: Bye Bye [preauth]
May  8 16:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9549]: Disconnected from 69.166.232.229 port 58504 [preauth]
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9596]: pam_unix(cron:session): session closed for user p13x
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9657]: Successful su for rubyman by root
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9657]: + ??? root:rubyman
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354293 of user rubyman.
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9657]: pam_unix(su:session): session closed for user rubyman
May  8 16:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354293.
May  8 16:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6572]: pam_unix(cron:session): session closed for user root
May  8 16:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9597]: pam_unix(cron:session): session closed for user samftp
May  8 16:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Invalid user valeriy from 176.109.92.170
May  8 16:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: input_userauth_request: invalid user valeriy [preauth]
May  8 16:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Failed password for invalid user valeriy from 176.109.92.170 port 58207 ssh2
May  8 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Received disconnect from 176.109.92.170 port 58207:11: Bye Bye [preauth]
May  8 16:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9901]: Disconnected from 176.109.92.170 port 58207 [preauth]
May  8 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Failed password for root from 165.154.14.28 port 56728 ssh2
May  8 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Received disconnect from 165.154.14.28 port 56728:11: Bye Bye [preauth]
May  8 16:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9912]: Disconnected from 165.154.14.28 port 56728 [preauth]
May  8 16:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8607]: pam_unix(cron:session): session closed for user root
May  8 16:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: Invalid user crew from 189.167.51.249
May  8 16:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: input_userauth_request: invalid user crew [preauth]
May  8 16:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: Failed password for invalid user crew from 189.167.51.249 port 38302 ssh2
May  8 16:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: Received disconnect from 189.167.51.249 port 38302:11: Bye Bye [preauth]
May  8 16:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9985]: Disconnected from 189.167.51.249 port 38302 [preauth]
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10006]: pam_unix(cron:session): session closed for user p13x
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: Successful su for rubyman by root
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: + ??? root:rubyman
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354297 of user rubyman.
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10072]: pam_unix(su:session): session closed for user rubyman
May  8 16:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354297.
May  8 16:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Failed password for root from 193.70.84.184 port 51770 ssh2
May  8 16:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10003]: Connection closed by 193.70.84.184 port 51770 [preauth]
May  8 16:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7100]: pam_unix(cron:session): session closed for user root
May  8 16:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10007]: pam_unix(cron:session): session closed for user samftp
May  8 16:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Invalid user rootadmin from 116.193.190.174
May  8 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: input_userauth_request: invalid user rootadmin [preauth]
May  8 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Invalid user sauce from 180.253.142.73
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: input_userauth_request: invalid user sauce [preauth]
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Failed password for invalid user rootadmin from 116.193.190.174 port 55490 ssh2
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Received disconnect from 116.193.190.174 port 55490:11: Bye Bye [preauth]
May  8 16:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10371]: Disconnected from 116.193.190.174 port 55490 [preauth]
May  8 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Failed password for invalid user sauce from 180.253.142.73 port 56260 ssh2
May  8 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Received disconnect from 180.253.142.73 port 56260:11: Bye Bye [preauth]
May  8 16:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10383]: Disconnected from 180.253.142.73 port 56260 [preauth]
May  8 16:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9062]: pam_unix(cron:session): session closed for user root
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10511]: pam_unix(cron:session): session closed for user p13x
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10577]: Successful su for rubyman by root
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10577]: + ??? root:rubyman
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354301 of user rubyman.
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10577]: pam_unix(su:session): session closed for user rubyman
May  8 16:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354301.
May  8 16:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Invalid user damian from 115.72.8.68
May  8 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: input_userauth_request: invalid user damian [preauth]
May  8 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7623]: pam_unix(cron:session): session closed for user root
May  8 16:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Failed password for invalid user damian from 115.72.8.68 port 47116 ssh2
May  8 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Received disconnect from 115.72.8.68 port 47116:11: Bye Bye [preauth]
May  8 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10677]: Disconnected from 115.72.8.68 port 47116 [preauth]
May  8 16:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10512]: pam_unix(cron:session): session closed for user samftp
May  8 16:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9599]: pam_unix(cron:session): session closed for user root
May  8 16:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Invalid user frappe from 185.247.118.77
May  8 16:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: input_userauth_request: invalid user frappe [preauth]
May  8 16:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 16:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Failed password for invalid user frappe from 185.247.118.77 port 17050 ssh2
May  8 16:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Received disconnect from 185.247.118.77 port 17050:11: Bye Bye [preauth]
May  8 16:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10959]: Disconnected from 185.247.118.77 port 17050 [preauth]
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10974]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10975]: pam_unix(cron:session): session closed for user root
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session closed for user p13x
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: Successful su for rubyman by root
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: + ??? root:rubyman
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354309 of user rubyman.
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11042]: pam_unix(su:session): session closed for user rubyman
May  8 16:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354309.
May  8 16:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 16:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session closed for user root
May  8 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Failed password for root from 43.153.195.114 port 37898 ssh2
May  8 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8053]: pam_unix(cron:session): session closed for user root
May  8 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Received disconnect from 43.153.195.114 port 37898:11: Bye Bye [preauth]
May  8 16:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11072]: Disconnected from 43.153.195.114 port 37898 [preauth]
May  8 16:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user samftp
May  8 16:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Invalid user javier from 64.227.158.157
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: input_userauth_request: invalid user javier [preauth]
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Failed password for root from 197.248.178.226 port 56606 ssh2
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Received disconnect from 197.248.178.226 port 56606:11: Bye Bye [preauth]
May  8 16:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11275]: Disconnected from 197.248.178.226 port 56606 [preauth]
May  8 16:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Failed password for invalid user javier from 64.227.158.157 port 34184 ssh2
May  8 16:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Received disconnect from 64.227.158.157 port 34184:11: Bye Bye [preauth]
May  8 16:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11286]: Disconnected from 64.227.158.157 port 34184 [preauth]
May  8 16:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10009]: pam_unix(cron:session): session closed for user root
May  8 16:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Failed password for root from 88.142.46.185 port 42988 ssh2
May  8 16:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Received disconnect from 88.142.46.185 port 42988:11: Bye Bye [preauth]
May  8 16:45:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11352]: Disconnected from 88.142.46.185 port 42988 [preauth]
May  8 16:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 16:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Failed password for root from 218.92.0.206 port 18856 ssh2
May  8 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 18856 ssh2]
May  8 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 18856 ssh2 [preauth]
May  8 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Disconnecting: Too many authentication failures [preauth]
May  8 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 16:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11407]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11406]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11406]: pam_unix(cron:session): session closed for user p13x
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11480]: Successful su for rubyman by root
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11480]: + ??? root:rubyman
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354312 of user rubyman.
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11480]: pam_unix(su:session): session closed for user rubyman
May  8 16:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354312.
May  8 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 16:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8606]: pam_unix(cron:session): session closed for user root
May  8 16:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Failed password for root from 218.92.0.220 port 34732 ssh2
May  8 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Failed password for root from 218.92.0.206 port 10188 ssh2
May  8 16:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11407]: pam_unix(cron:session): session closed for user samftp
May  8 16:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Failed password for root from 218.92.0.220 port 34732 ssh2
May  8 16:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Failed password for root from 218.92.0.206 port 10188 ssh2
May  8 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Failed password for root from 218.92.0.220 port 34732 ssh2
May  8 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Received disconnect from 218.92.0.220 port 34732:11:  [preauth]
May  8 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: Disconnected from 218.92.0.220 port 34732 [preauth]
May  8 16:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11506]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 16:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Failed password for root from 218.92.0.206 port 10188 ssh2
May  8 16:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 10188 ssh2]
May  8 16:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 10188 ssh2 [preauth]
May  8 16:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: Disconnecting: Too many authentication failures [preauth]
May  8 16:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 16:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11520]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 16:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:46:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 16:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Failed password for root from 218.92.0.206 port 23628 ssh2
May  8 16:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Received disconnect from 218.92.0.206 port 23628:11:  [preauth]
May  8 16:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11728]: Disconnected from 218.92.0.206 port 23628 [preauth]
May  8 16:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10514]: pam_unix(cron:session): session closed for user root
May  8 16:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Invalid user vishnu from 176.109.92.170
May  8 16:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: input_userauth_request: invalid user vishnu [preauth]
May  8 16:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.109.92.170
May  8 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Failed password for invalid user vishnu from 176.109.92.170 port 56645 ssh2
May  8 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Received disconnect from 176.109.92.170 port 56645:11: Bye Bye [preauth]
May  8 16:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11780]: Disconnected from 176.109.92.170 port 56645 [preauth]
May  8 16:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:46:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: Invalid user miran from 136.232.203.134
May  8 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: input_userauth_request: invalid user miran [preauth]
May  8 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 16:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Invalid user wow from 45.163.1.222
May  8 16:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: input_userauth_request: invalid user wow [preauth]
May  8 16:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 16:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: Failed password for invalid user miran from 136.232.203.134 port 13787 ssh2
May  8 16:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: Received disconnect from 136.232.203.134 port 13787:11: Bye Bye [preauth]
May  8 16:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: Disconnected from 136.232.203.134 port 13787 [preauth]
May  8 16:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Failed password for invalid user wow from 45.163.1.222 port 44466 ssh2
May  8 16:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Received disconnect from 45.163.1.222 port 44466:11: Bye Bye [preauth]
May  8 16:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11819]: Disconnected from 45.163.1.222 port 44466 [preauth]
May  8 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11831]: pam_unix(cron:session): session closed for user p13x
May  8 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: Successful su for rubyman by root
May  8 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: + ??? root:rubyman
May  8 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354314 of user rubyman.
May  8 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11893]: pam_unix(su:session): session closed for user rubyman
May  8 16:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354314.
May  8 16:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9061]: pam_unix(cron:session): session closed for user root
May  8 16:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session closed for user samftp
May  8 16:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Invalid user cui from 186.208.159.26
May  8 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: input_userauth_request: invalid user cui [preauth]
May  8 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 16:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Failed password for invalid user cui from 186.208.159.26 port 42772 ssh2
May  8 16:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Received disconnect from 186.208.159.26 port 42772:11: Bye Bye [preauth]
May  8 16:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12076]: Disconnected from 186.208.159.26 port 42772 [preauth]
May  8 16:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10974]: pam_unix(cron:session): session closed for user root
May  8 16:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Invalid user ghafori from 69.166.232.229
May  8 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: input_userauth_request: invalid user ghafori [preauth]
May  8 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:47:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Failed password for invalid user ghafori from 69.166.232.229 port 58484 ssh2
May  8 16:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Received disconnect from 69.166.232.229 port 58484:11: Bye Bye [preauth]
May  8 16:47:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Disconnected from 69.166.232.229 port 58484 [preauth]
May  8 16:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:47:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249  user=root
May  8 16:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for root from 189.167.51.249 port 45442 ssh2
May  8 16:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Received disconnect from 189.167.51.249 port 45442:11: Bye Bye [preauth]
May  8 16:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Disconnected from 189.167.51.249 port 45442 [preauth]
May  8 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12219]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12219]: pam_unix(cron:session): session closed for user p13x
May  8 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: Successful su for rubyman by root
May  8 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: + ??? root:rubyman
May  8 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354318 of user rubyman.
May  8 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12286]: pam_unix(su:session): session closed for user rubyman
May  8 16:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354318.
May  8 16:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9598]: pam_unix(cron:session): session closed for user root
May  8 16:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12220]: pam_unix(cron:session): session closed for user samftp
May  8 16:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11409]: pam_unix(cron:session): session closed for user root
May  8 16:48:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:48:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Invalid user admin from 80.94.95.116
May  8 16:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: input_userauth_request: invalid user admin [preauth]
May  8 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Failed password for root from 165.154.14.28 port 59052 ssh2
May  8 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Received disconnect from 165.154.14.28 port 59052:11: Bye Bye [preauth]
May  8 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12576]: Disconnected from 165.154.14.28 port 59052 [preauth]
May  8 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Failed password for invalid user admin from 80.94.95.116 port 51436 ssh2
May  8 16:48:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12566]: Connection closed by 80.94.95.116 port 51436 [preauth]
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12626]: pam_unix(cron:session): session closed for user p13x
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: Successful su for rubyman by root
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: + ??? root:rubyman
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354325 of user rubyman.
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: pam_unix(su:session): session closed for user rubyman
May  8 16:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354325.
May  8 16:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10008]: pam_unix(cron:session): session closed for user root
May  8 16:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session closed for user samftp
May  8 16:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:49:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Failed password for root from 180.253.142.73 port 44778 ssh2
May  8 16:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Received disconnect from 180.253.142.73 port 44778:11: Bye Bye [preauth]
May  8 16:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12923]: Disconnected from 180.253.142.73 port 44778 [preauth]
May  8 16:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11834]: pam_unix(cron:session): session closed for user root
May  8 16:49:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Invalid user rami from 115.72.8.68
May  8 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: input_userauth_request: invalid user rami [preauth]
May  8 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 16:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Failed password for invalid user rami from 115.72.8.68 port 36973 ssh2
May  8 16:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Received disconnect from 115.72.8.68 port 36973:11: Bye Bye [preauth]
May  8 16:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12970]: Disconnected from 115.72.8.68 port 36973 [preauth]
May  8 16:49:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174  user=root
May  8 16:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Failed password for root from 116.193.190.174 port 54760 ssh2
May  8 16:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Received disconnect from 116.193.190.174 port 54760:11: Bye Bye [preauth]
May  8 16:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12973]: Disconnected from 116.193.190.174 port 54760 [preauth]
May  8 16:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13028]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user root
May  8 16:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13028]: pam_unix(cron:session): session closed for user p13x
May  8 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: Successful su for rubyman by root
May  8 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: + ??? root:rubyman
May  8 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354328 of user rubyman.
May  8 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13103]: pam_unix(su:session): session closed for user rubyman
May  8 16:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354328.
May  8 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13030]: pam_unix(cron:session): session closed for user root
May  8 16:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10513]: pam_unix(cron:session): session closed for user root
May  8 16:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13029]: pam_unix(cron:session): session closed for user samftp
May  8 16:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: Failed password for root from 88.142.46.185 port 51648 ssh2
May  8 16:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: Received disconnect from 88.142.46.185 port 51648:11: Bye Bye [preauth]
May  8 16:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13313]: Disconnected from 88.142.46.185 port 51648 [preauth]
May  8 16:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Invalid user testuser from 43.153.195.114
May  8 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: input_userauth_request: invalid user testuser [preauth]
May  8 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Failed password for invalid user testuser from 43.153.195.114 port 41588 ssh2
May  8 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Received disconnect from 43.153.195.114 port 41588:11: Bye Bye [preauth]
May  8 16:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13337]: Disconnected from 43.153.195.114 port 41588 [preauth]
May  8 16:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12222]: pam_unix(cron:session): session closed for user root
May  8 16:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Invalid user ubuntu from 64.227.158.157
May  8 16:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: input_userauth_request: invalid user ubuntu [preauth]
May  8 16:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 16:50:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Failed password for invalid user ubuntu from 64.227.158.157 port 59814 ssh2
May  8 16:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Received disconnect from 64.227.158.157 port 59814:11: Bye Bye [preauth]
May  8 16:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13417]: Disconnected from 64.227.158.157 port 59814 [preauth]
May  8 16:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Failed password for root from 197.248.178.226 port 32956 ssh2
May  8 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Received disconnect from 197.248.178.226 port 32956:11: Bye Bye [preauth]
May  8 16:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13551]: Disconnected from 197.248.178.226 port 32956 [preauth]
May  8 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13565]: pam_unix(cron:session): session closed for user p13x
May  8 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: Successful su for rubyman by root
May  8 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: + ??? root:rubyman
May  8 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354332 of user rubyman.
May  8 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13637]: pam_unix(su:session): session closed for user rubyman
May  8 16:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354332.
May  8 16:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10973]: pam_unix(cron:session): session closed for user root
May  8 16:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13566]: pam_unix(cron:session): session closed for user samftp
May  8 16:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 16:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Failed password for root from 80.94.95.241 port 63490 ssh2
May  8 16:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user root
May  8 16:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Failed password for root from 80.94.95.241 port 63490 ssh2
May  8 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: message repeated 3 times: [ Failed password for root from 80.94.95.241 port 63490 ssh2]
May  8 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Received disconnect from 80.94.95.241 port 63490:11: Bye [preauth]
May  8 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: Disconnected from 80.94.95.241 port 63490 [preauth]
May  8 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 16:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13889]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13980]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13977]: pam_unix(cron:session): session closed for user p13x
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14041]: Successful su for rubyman by root
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14041]: + ??? root:rubyman
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14041]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354336 of user rubyman.
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14041]: pam_unix(su:session): session closed for user rubyman
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354336.
May  8 16:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11408]: pam_unix(cron:session): session closed for user root
May  8 16:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13978]: pam_unix(cron:session): session closed for user samftp
May  8 16:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: Failed password for root from 185.247.118.77 port 14732 ssh2
May  8 16:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: Received disconnect from 185.247.118.77 port 14732:11: Bye Bye [preauth]
May  8 16:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: Disconnected from 185.247.118.77 port 14732 [preauth]
May  8 16:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Invalid user frappe from 136.232.203.134
May  8 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: input_userauth_request: invalid user frappe [preauth]
May  8 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 16:52:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Failed password for invalid user frappe from 136.232.203.134 port 3929 ssh2
May  8 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Received disconnect from 136.232.203.134 port 3929:11: Bye Bye [preauth]
May  8 16:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Disconnected from 136.232.203.134 port 3929 [preauth]
May  8 16:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user root
May  8 16:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Invalid user dev from 189.167.51.249
May  8 16:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: input_userauth_request: invalid user dev [preauth]
May  8 16:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Failed password for invalid user dev from 189.167.51.249 port 45294 ssh2
May  8 16:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Received disconnect from 189.167.51.249 port 45294:11: Bye Bye [preauth]
May  8 16:52:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14330]: Disconnected from 189.167.51.249 port 45294 [preauth]
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14375]: Did not receive identification string from 196.251.87.45
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: Invalid user user from 196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: input_userauth_request: invalid user user [preauth]
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user ubnt from 196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user ubnt [preauth]
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Invalid user usario from 196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: input_userauth_request: invalid user usario [preauth]
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Invalid user support from 196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: input_userauth_request: invalid user support [preauth]
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Failed none for invalid user support from 196.251.87.45 port 18180 ssh2
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Invalid user admin from 196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: input_userauth_request: invalid user admin [preauth]
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.45
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Received disconnect from 196.251.87.45 port 18180:11: Bye Bye [preauth]
May  8 16:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14380]: Disconnected from 196.251.87.45 port 18180 [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: Failed password for invalid user user from 196.251.87.45 port 18172 ssh2
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user ubnt from 196.251.87.45 port 18162 ssh2
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Failed password for invalid user usario from 196.251.87.45 port 18194 ssh2
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Failed password for invalid user admin from 196.251.87.45 port 18210 ssh2
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: Received disconnect from 196.251.87.45 port 18172:11: Bye Bye [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14378]: Disconnected from 196.251.87.45 port 18172 [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Received disconnect from 196.251.87.45 port 18162:11: Bye Bye [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Disconnected from 196.251.87.45 port 18162 [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Received disconnect from 196.251.87.45 port 18194:11: Bye Bye [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14379]: Disconnected from 196.251.87.45 port 18194 [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Received disconnect from 196.251.87.45 port 18210:11: Bye Bye [preauth]
May  8 16:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Disconnected from 196.251.87.45 port 18210 [preauth]
May  8 16:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 16:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Failed password for root from 186.208.159.26 port 50546 ssh2
May  8 16:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Received disconnect from 186.208.159.26 port 50546:11: Bye Bye [preauth]
May  8 16:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Disconnected from 186.208.159.26 port 50546 [preauth]
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14399]: pam_unix(cron:session): session closed for user p13x
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14459]: Successful su for rubyman by root
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14459]: + ??? root:rubyman
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354340 of user rubyman.
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14459]: pam_unix(su:session): session closed for user rubyman
May  8 16:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354340.
May  8 16:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 16:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user root
May  8 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Failed password for root from 45.163.1.222 port 39558 ssh2
May  8 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Received disconnect from 45.163.1.222 port 39558:11: Bye Bye [preauth]
May  8 16:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14514]: Disconnected from 45.163.1.222 port 39558 [preauth]
May  8 16:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14400]: pam_unix(cron:session): session closed for user samftp
May  8 16:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13568]: pam_unix(cron:session): session closed for user root
May  8 16:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Invalid user exam from 69.166.232.229
May  8 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: input_userauth_request: invalid user exam [preauth]
May  8 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:53:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Failed password for invalid user exam from 69.166.232.229 port 44516 ssh2
May  8 16:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Received disconnect from 69.166.232.229 port 44516:11: Bye Bye [preauth]
May  8 16:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14763]: Disconnected from 69.166.232.229 port 44516 [preauth]
May  8 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14821]: pam_unix(cron:session): session closed for user p13x
May  8 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14883]: Successful su for rubyman by root
May  8 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14883]: + ??? root:rubyman
May  8 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14883]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354344 of user rubyman.
May  8 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14883]: pam_unix(su:session): session closed for user rubyman
May  8 16:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354344.
May  8 16:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12221]: pam_unix(cron:session): session closed for user root
May  8 16:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14822]: pam_unix(cron:session): session closed for user samftp
May  8 16:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13980]: pam_unix(cron:session): session closed for user root
May  8 16:54:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Invalid user devil from 165.154.14.28
May  8 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: input_userauth_request: invalid user devil [preauth]
May  8 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 16:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 218.92.0.237 port 37938 ssh2
May  8 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Failed password for invalid user devil from 165.154.14.28 port 60934 ssh2
May  8 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Received disconnect from 165.154.14.28 port 60934:11: Bye Bye [preauth]
May  8 16:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15176]: Disconnected from 165.154.14.28 port 60934 [preauth]
May  8 16:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 218.92.0.237 port 37938 ssh2
May  8 16:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Failed password for root from 218.92.0.237 port 37938 ssh2
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Received disconnect from 218.92.0.237 port 37938:11:  [preauth]
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: Disconnected from 218.92.0.237 port 37938 [preauth]
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15174]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Failed password for root from 88.142.46.185 port 60312 ssh2
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Received disconnect from 88.142.46.185 port 60312:11: Bye Bye [preauth]
May  8 16:54:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15198]: Disconnected from 88.142.46.185 port 60312 [preauth]
May  8 16:54:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15233]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15232]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15237]: pam_unix(cron:session): session closed for user root
May  8 16:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15232]: pam_unix(cron:session): session closed for user p13x
May  8 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15298]: Successful su for rubyman by root
May  8 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15298]: + ??? root:rubyman
May  8 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15298]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354353 of user rubyman.
May  8 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15298]: pam_unix(su:session): session closed for user rubyman
May  8 16:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354353.
May  8 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15234]: pam_unix(cron:session): session closed for user root
May  8 16:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user root
May  8 16:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15233]: pam_unix(cron:session): session closed for user samftp
May  8 16:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 16:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Failed password for root from 115.72.8.68 port 55065 ssh2
May  8 16:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Received disconnect from 115.72.8.68 port 55065:11: Bye Bye [preauth]
May  8 16:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15517]: Disconnected from 115.72.8.68 port 55065 [preauth]
May  8 16:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: Failed password for root from 43.153.195.114 port 32964 ssh2
May  8 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: Received disconnect from 43.153.195.114 port 32964:11: Bye Bye [preauth]
May  8 16:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15569]: Disconnected from 43.153.195.114 port 32964 [preauth]
May  8 16:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14402]: pam_unix(cron:session): session closed for user root
May  8 16:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:55:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 16:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Failed password for root from 180.253.142.73 port 33246 ssh2
May  8 16:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Received disconnect from 180.253.142.73 port 33246:11: Bye Bye [preauth]
May  8 16:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15601]: Disconnected from 180.253.142.73 port 33246 [preauth]
May  8 16:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Invalid user qauser from 190.103.202.7
May  8 16:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: input_userauth_request: invalid user qauser [preauth]
May  8 16:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 16:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Failed password for invalid user qauser from 190.103.202.7 port 51916 ssh2
May  8 16:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15632]: Connection closed by 190.103.202.7 port 51916 [preauth]
May  8 16:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157  user=root
May  8 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user p13x
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: Successful su for rubyman by root
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: + ??? root:rubyman
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354356 of user rubyman.
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15732]: pam_unix(su:session): session closed for user rubyman
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354356.
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Failed password for root from 64.227.158.157 port 60284 ssh2
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Received disconnect from 64.227.158.157 port 60284:11: Bye Bye [preauth]
May  8 16:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15658]: Disconnected from 64.227.158.157 port 60284 [preauth]
May  8 16:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13031]: pam_unix(cron:session): session closed for user root
May  8 16:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user samftp
May  8 16:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Invalid user sina from 116.193.190.174
May  8 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: input_userauth_request: invalid user sina [preauth]
May  8 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 16:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Failed password for invalid user sina from 116.193.190.174 port 57236 ssh2
May  8 16:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Received disconnect from 116.193.190.174 port 57236:11: Bye Bye [preauth]
May  8 16:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Disconnected from 116.193.190.174 port 57236 [preauth]
May  8 16:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14824]: pam_unix(cron:session): session closed for user root
May  8 16:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 16:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Failed password for root from 197.248.178.226 port 36776 ssh2
May  8 16:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Received disconnect from 197.248.178.226 port 36776:11: Bye Bye [preauth]
May  8 16:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16028]: Disconnected from 197.248.178.226 port 36776 [preauth]
May  8 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session closed for user p13x
May  8 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: Successful su for rubyman by root
May  8 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: + ??? root:rubyman
May  8 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354358 of user rubyman.
May  8 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: pam_unix(su:session): session closed for user rubyman
May  8 16:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354358.
May  8 16:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13567]: pam_unix(cron:session): session closed for user root
May  8 16:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16068]: pam_unix(cron:session): session closed for user samftp
May  8 16:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16320]: Did not receive identification string from 92.118.39.68
May  8 16:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: Invalid user rami from 189.167.51.249
May  8 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: input_userauth_request: invalid user rami [preauth]
May  8 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.167.51.249
May  8 16:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15236]: pam_unix(cron:session): session closed for user root
May  8 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: Failed password for invalid user rami from 189.167.51.249 port 48462 ssh2
May  8 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: Received disconnect from 189.167.51.249 port 48462:11: Bye Bye [preauth]
May  8 16:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16383]: Disconnected from 189.167.51.249 port 48462 [preauth]
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16499]: pam_unix(cron:session): session closed for user p13x
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16574]: Successful su for rubyman by root
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16574]: + ??? root:rubyman
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354362 of user rubyman.
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16574]: pam_unix(su:session): session closed for user rubyman
May  8 16:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354362.
May  8 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13979]: pam_unix(cron:session): session closed for user root
May  8 16:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 16:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16501]: pam_unix(cron:session): session closed for user samftp
May  8 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Failed password for root from 136.232.203.134 port 2543 ssh2
May  8 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Received disconnect from 136.232.203.134 port 2543:11: Bye Bye [preauth]
May  8 16:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16730]: Disconnected from 136.232.203.134 port 2543 [preauth]
May  8 16:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15664]: pam_unix(cron:session): session closed for user root
May  8 16:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: Invalid user webdeploy from 186.208.159.26
May  8 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: input_userauth_request: invalid user webdeploy [preauth]
May  8 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: Failed password for invalid user webdeploy from 186.208.159.26 port 58322 ssh2
May  8 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: Received disconnect from 186.208.159.26 port 58322:11: Bye Bye [preauth]
May  8 16:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16887]: Disconnected from 186.208.159.26 port 58322 [preauth]
May  8 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16960]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16958]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 16:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16958]: pam_unix(cron:session): session closed for user p13x
May  8 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: Successful su for rubyman by root
May  8 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: + ??? root:rubyman
May  8 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354366 of user rubyman.
May  8 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17019]: pam_unix(su:session): session closed for user rubyman
May  8 16:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354366.
May  8 16:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14401]: pam_unix(cron:session): session closed for user root
May  8 16:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16959]: pam_unix(cron:session): session closed for user samftp
May  8 16:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Invalid user steve from 45.163.1.222
May  8 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: input_userauth_request: invalid user steve [preauth]
May  8 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Failed password for invalid user steve from 45.163.1.222 port 45344 ssh2
May  8 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Received disconnect from 45.163.1.222 port 45344:11: Bye Bye [preauth]
May  8 16:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17213]: Disconnected from 45.163.1.222 port 45344 [preauth]
May  8 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Invalid user testuser from 88.142.46.185
May  8 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: input_userauth_request: invalid user testuser [preauth]
May  8 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 16:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Failed password for invalid user testuser from 88.142.46.185 port 40734 ssh2
May  8 16:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Received disconnect from 88.142.46.185 port 40734:11: Bye Bye [preauth]
May  8 16:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17240]: Disconnected from 88.142.46.185 port 40734 [preauth]
May  8 16:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 16:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Failed password for root from 185.247.118.77 port 43162 ssh2
May  8 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Received disconnect from 185.247.118.77 port 43162:11: Bye Bye [preauth]
May  8 16:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17274]: Disconnected from 185.247.118.77 port 43162 [preauth]
May  8 16:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16070]: pam_unix(cron:session): session closed for user root
May  8 16:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 16:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Invalid user uno85 from 69.166.232.229
May  8 16:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: input_userauth_request: invalid user uno85 [preauth]
May  8 16:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): check pass; user unknown
May  8 16:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Failed password for invalid user uno85 from 69.166.232.229 port 47706 ssh2
May  8 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Received disconnect from 69.166.232.229 port 47706:11: Bye Bye [preauth]
May  8 16:59:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17315]: Disconnected from 69.166.232.229 port 47706 [preauth]
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17371]: pam_unix(cron:session): session closed for user root
May  8 17:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session closed for user root
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session closed for user p13x
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17462]: Successful su for rubyman by root
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17462]: + ??? root:rubyman
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17462]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354376 of user rubyman.
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17462]: pam_unix(su:session): session closed for user rubyman
May  8 17:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354376.
May  8 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14823]: pam_unix(cron:session): session closed for user root
May  8 17:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session closed for user root
May  8 17:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session closed for user samftp
May  8 17:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16503]: pam_unix(cron:session): session closed for user root
May  8 17:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:00:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Failed password for root from 43.153.195.114 port 51114 ssh2
May  8 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Received disconnect from 43.153.195.114 port 51114:11: Bye Bye [preauth]
May  8 17:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17942]: Disconnected from 43.153.195.114 port 51114 [preauth]
May  8 17:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Invalid user server from 165.154.14.28
May  8 17:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: input_userauth_request: invalid user server [preauth]
May  8 17:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:00:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Failed password for invalid user server from 165.154.14.28 port 55076 ssh2
May  8 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Received disconnect from 165.154.14.28 port 55076:11: Bye Bye [preauth]
May  8 17:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17967]: Disconnected from 165.154.14.28 port 55076 [preauth]
May  8 17:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Failed password for root from 115.72.8.68 port 44926 ssh2
May  8 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Received disconnect from 115.72.8.68 port 44926:11: Bye Bye [preauth]
May  8 17:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17978]: Disconnected from 115.72.8.68 port 44926 [preauth]
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18001]: pam_unix(cron:session): session closed for user p13x
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18077]: Successful su for rubyman by root
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18077]: + ??? root:rubyman
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354377 of user rubyman.
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18077]: pam_unix(su:session): session closed for user rubyman
May  8 17:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354377.
May  8 17:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15235]: pam_unix(cron:session): session closed for user root
May  8 17:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18002]: pam_unix(cron:session): session closed for user samftp
May  8 17:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: Invalid user user from 64.227.158.157
May  8 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: input_userauth_request: invalid user user [preauth]
May  8 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.227.158.157
May  8 17:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: Failed password for invalid user user from 64.227.158.157 port 52148 ssh2
May  8 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: Received disconnect from 64.227.158.157 port 52148:11: Bye Bye [preauth]
May  8 17:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18325]: Disconnected from 64.227.158.157 port 52148 [preauth]
May  8 17:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16961]: pam_unix(cron:session): session closed for user root
May  8 17:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: Failed password for root from 194.0.234.19 port 26362 ssh2
May  8 17:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18337]: Connection closed by 194.0.234.19 port 26362 [preauth]
May  8 17:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  8 17:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 218.92.0.209 port 58448 ssh2
May  8 17:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 218.92.0.209 port 58448 ssh2
May  8 17:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Invalid user suporte from 180.253.142.73
May  8 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: input_userauth_request: invalid user suporte [preauth]
May  8 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for invalid user suporte from 180.253.142.73 port 49964 ssh2
May  8 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 218.92.0.209 port 58448 ssh2
May  8 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Received disconnect from 180.253.142.73 port 49964:11: Bye Bye [preauth]
May  8 17:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Disconnected from 180.253.142.73 port 49964 [preauth]
May  8 17:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 218.92.0.209 port 58448 ssh2
May  8 17:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Invalid user admin from 80.94.95.112
May  8 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: input_userauth_request: invalid user admin [preauth]
May  8 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Failed password for root from 218.92.0.209 port 58448 ssh2
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 58448 ssh2 [preauth]
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: Disconnecting: Too many authentication failures [preauth]
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18371]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Failed password for invalid user admin from 80.94.95.112 port 15195 ssh2
May  8 17:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Failed password for invalid user admin from 80.94.95.112 port 15195 ssh2
May  8 17:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Failed password for invalid user admin from 80.94.95.112 port 15195 ssh2
May  8 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session closed for user p13x
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18508]: Successful su for rubyman by root
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18508]: + ??? root:rubyman
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18508]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354381 of user rubyman.
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18508]: pam_unix(su:session): session closed for user rubyman
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354381.
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Failed password for invalid user admin from 80.94.95.112 port 15195 ssh2
May  8 17:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user root
May  8 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Failed password for invalid user admin from 80.94.95.112 port 15195 ssh2
May  8 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Received disconnect from 80.94.95.112 port 15195:11: Bye [preauth]
May  8 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: Disconnected from 80.94.95.112 port 15195 [preauth]
May  8 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 17:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18420]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 17:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18446]: pam_unix(cron:session): session closed for user samftp
May  8 17:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 17:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17370]: pam_unix(cron:session): session closed for user root
May  8 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: Failed password for root from 197.248.178.226 port 55446 ssh2
May  8 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: Received disconnect from 197.248.178.226 port 55446:11: Bye Bye [preauth]
May  8 17:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18753]: Disconnected from 197.248.178.226 port 55446 [preauth]
May  8 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 17:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: Failed password for root from 193.70.84.184 port 33200 ssh2
May  8 17:02:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18833]: Connection closed by 193.70.84.184 port 33200 [preauth]
May  8 17:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Invalid user link from 116.193.190.174
May  8 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: input_userauth_request: invalid user link [preauth]
May  8 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Failed password for invalid user link from 116.193.190.174 port 42124 ssh2
May  8 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Received disconnect from 116.193.190.174 port 42124:11: Bye Bye [preauth]
May  8 17:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18843]: Disconnected from 116.193.190.174 port 42124 [preauth]
May  8 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18855]: pam_unix(cron:session): session closed for user p13x
May  8 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: Successful su for rubyman by root
May  8 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: + ??? root:rubyman
May  8 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354386 of user rubyman.
May  8 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18918]: pam_unix(su:session): session closed for user rubyman
May  8 17:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354386.
May  8 17:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16069]: pam_unix(cron:session): session closed for user root
May  8 17:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18856]: pam_unix(cron:session): session closed for user samftp
May  8 17:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: Received disconnect from 218.92.0.231 port 48988:11:  [preauth]
May  8 17:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19107]: Disconnected from 218.92.0.231 port 48988 [preauth]
May  8 17:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18004]: pam_unix(cron:session): session closed for user root
May  8 17:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Invalid user webdeploy from 88.142.46.185
May  8 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: input_userauth_request: invalid user webdeploy [preauth]
May  8 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Failed password for invalid user webdeploy from 88.142.46.185 port 49388 ssh2
May  8 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Received disconnect from 88.142.46.185 port 49388:11: Bye Bye [preauth]
May  8 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19205]: Disconnected from 88.142.46.185 port 49388 [preauth]
May  8 17:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: Failed password for root from 136.232.203.134 port 4600 ssh2
May  8 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: Received disconnect from 136.232.203.134 port 4600:11: Bye Bye [preauth]
May  8 17:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19216]: Disconnected from 136.232.203.134 port 4600 [preauth]
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session closed for user p13x
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19332]: Successful su for rubyman by root
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19332]: + ??? root:rubyman
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19332]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354389 of user rubyman.
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19332]: pam_unix(su:session): session closed for user rubyman
May  8 17:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354389.
May  8 17:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16502]: pam_unix(cron:session): session closed for user root
May  8 17:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session closed for user samftp
May  8 17:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Failed password for root from 186.208.159.26 port 37870 ssh2
May  8 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Received disconnect from 186.208.159.26 port 37870:11: Bye Bye [preauth]
May  8 17:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19577]: Disconnected from 186.208.159.26 port 37870 [preauth]
May  8 17:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session closed for user root
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19698]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19698]: pam_unix(cron:session): session closed for user root
May  8 17:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19693]: pam_unix(cron:session): session closed for user p13x
May  8 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19763]: Successful su for rubyman by root
May  8 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19763]: + ??? root:rubyman
May  8 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19763]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354393 of user rubyman.
May  8 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19763]: pam_unix(su:session): session closed for user rubyman
May  8 17:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354393.
May  8 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19695]: pam_unix(cron:session): session closed for user root
May  8 17:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16960]: pam_unix(cron:session): session closed for user root
May  8 17:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19694]: pam_unix(cron:session): session closed for user samftp
May  8 17:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Invalid user zx from 45.163.1.222
May  8 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: input_userauth_request: invalid user zx [preauth]
May  8 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222
May  8 17:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Failed password for invalid user zx from 45.163.1.222 port 59146 ssh2
May  8 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Received disconnect from 45.163.1.222 port 59146:11: Bye Bye [preauth]
May  8 17:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20010]: Disconnected from 45.163.1.222 port 59146 [preauth]
May  8 17:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18858]: pam_unix(cron:session): session closed for user root
May  8 17:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Invalid user tan from 69.166.232.229
May  8 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: input_userauth_request: invalid user tan [preauth]
May  8 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Failed password for invalid user tan from 69.166.232.229 port 50504 ssh2
May  8 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Received disconnect from 69.166.232.229 port 50504:11: Bye Bye [preauth]
May  8 17:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Disconnected from 69.166.232.229 port 50504 [preauth]
May  8 17:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Invalid user miran from 43.153.195.114
May  8 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: input_userauth_request: invalid user miran [preauth]
May  8 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 17:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Failed password for invalid user miran from 43.153.195.114 port 46954 ssh2
May  8 17:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Received disconnect from 43.153.195.114 port 46954:11: Bye Bye [preauth]
May  8 17:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20119]: Disconnected from 43.153.195.114 port 46954 [preauth]
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20139]: pam_unix(cron:session): session closed for user p13x
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20207]: Successful su for rubyman by root
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20207]: + ??? root:rubyman
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354399 of user rubyman.
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20207]: pam_unix(su:session): session closed for user rubyman
May  8 17:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354399.
May  8 17:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20140]: pam_unix(cron:session): session closed for user samftp
May  8 17:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session closed for user root
May  8 17:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Invalid user runner from 185.247.118.77
May  8 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: input_userauth_request: invalid user runner [preauth]
May  8 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 17:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Invalid user mine from 115.72.8.68
May  8 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: input_userauth_request: invalid user mine [preauth]
May  8 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Failed password for invalid user runner from 185.247.118.77 port 47370 ssh2
May  8 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Received disconnect from 185.247.118.77 port 47370:11: Bye Bye [preauth]
May  8 17:06:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20451]: Disconnected from 185.247.118.77 port 47370 [preauth]
May  8 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Failed password for invalid user mine from 115.72.8.68 port 34784 ssh2
May  8 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Received disconnect from 115.72.8.68 port 34784:11: Bye Bye [preauth]
May  8 17:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20454]: Disconnected from 115.72.8.68 port 34784 [preauth]
May  8 17:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19271]: pam_unix(cron:session): session closed for user root
May  8 17:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Invalid user frappe from 165.154.14.28
May  8 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: input_userauth_request: invalid user frappe [preauth]
May  8 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Failed password for invalid user frappe from 165.154.14.28 port 42720 ssh2
May  8 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Received disconnect from 165.154.14.28 port 42720:11: Bye Bye [preauth]
May  8 17:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Disconnected from 165.154.14.28 port 42720 [preauth]
May  8 17:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Invalid user beth from 164.68.105.9
May  8 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: input_userauth_request: invalid user beth [preauth]
May  8 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Failed password for invalid user beth from 164.68.105.9 port 54574 ssh2
May  8 17:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20540]: Connection closed by 164.68.105.9 port 54574 [preauth]
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20551]: pam_unix(cron:session): session closed for user p13x
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20611]: Successful su for rubyman by root
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20611]: + ??? root:rubyman
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354404 of user rubyman.
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20611]: pam_unix(su:session): session closed for user rubyman
May  8 17:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354404.
May  8 17:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18003]: pam_unix(cron:session): session closed for user root
May  8 17:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20552]: pam_unix(cron:session): session closed for user samftp
May  8 17:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19697]: pam_unix(cron:session): session closed for user root
May  8 17:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Invalid user zhang from 180.253.142.73
May  8 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: input_userauth_request: invalid user zhang [preauth]
May  8 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Failed password for invalid user zhang from 180.253.142.73 port 38670 ssh2
May  8 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Received disconnect from 180.253.142.73 port 38670:11: Bye Bye [preauth]
May  8 17:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20957]: Disconnected from 180.253.142.73 port 38670 [preauth]
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user p13x
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21026]: Successful su for rubyman by root
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21026]: + ??? root:rubyman
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354407 of user rubyman.
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21026]: pam_unix(su:session): session closed for user rubyman
May  8 17:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354407.
May  8 17:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 17:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session closed for user root
May  8 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Failed password for root from 88.142.46.185 port 58036 ssh2
May  8 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Received disconnect from 88.142.46.185 port 58036:11: Bye Bye [preauth]
May  8 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21151]: Disconnected from 88.142.46.185 port 58036 [preauth]
May  8 17:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session closed for user samftp
May  8 17:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Invalid user zhangjunyin from 197.248.178.226
May  8 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: input_userauth_request: invalid user zhangjunyin [preauth]
May  8 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Failed password for invalid user zhangjunyin from 197.248.178.226 port 55176 ssh2
May  8 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Received disconnect from 197.248.178.226 port 55176:11: Bye Bye [preauth]
May  8 17:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21285]: Disconnected from 197.248.178.226 port 55176 [preauth]
May  8 17:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 17:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Failed password for root from 218.92.0.230 port 45290 ssh2
May  8 17:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20142]: pam_unix(cron:session): session closed for user root
May  8 17:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Failed password for root from 218.92.0.230 port 45290 ssh2
May  8 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Failed password for root from 218.92.0.230 port 45290 ssh2
May  8 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Received disconnect from 218.92.0.230 port 45290:11:  [preauth]
May  8 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: Disconnected from 218.92.0.230 port 45290 [preauth]
May  8 17:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21320]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session closed for user p13x
May  8 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: Successful su for rubyman by root
May  8 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: + ??? root:rubyman
May  8 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354412 of user rubyman.
May  8 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21544]: pam_unix(su:session): session closed for user rubyman
May  8 17:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354412.
May  8 17:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session closed for user root
May  8 17:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18857]: pam_unix(cron:session): session closed for user root
May  8 17:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21417]: pam_unix(cron:session): session closed for user samftp
May  8 17:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Invalid user shilei from 136.232.203.134
May  8 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: input_userauth_request: invalid user shilei [preauth]
May  8 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Failed password for invalid user shilei from 136.232.203.134 port 57173 ssh2
May  8 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Received disconnect from 136.232.203.134 port 57173:11: Bye Bye [preauth]
May  8 17:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22095]: Disconnected from 136.232.203.134 port 57173 [preauth]
May  8 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Invalid user sneha from 116.193.190.174
May  8 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: input_userauth_request: invalid user sneha [preauth]
May  8 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user sneha from 116.193.190.174 port 41754 ssh2
May  8 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Received disconnect from 116.193.190.174 port 41754:11: Bye Bye [preauth]
May  8 17:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Disconnected from 116.193.190.174 port 41754 [preauth]
May  8 17:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20554]: pam_unix(cron:session): session closed for user root
May  8 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Connection closed by 45.79.181.251 port 32452 [preauth]
May  8 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22187]: Connection closed by 45.79.181.251 port 32468 [preauth]
May  8 17:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22189]: fatal: Unable to negotiate with 45.79.181.251 port 53716: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  8 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22227]: Did not receive identification string from 193.32.162.134
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22267]: pam_unix(cron:session): session closed for user root
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user p13x
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: Successful su for rubyman by root
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: + ??? root:rubyman
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354416 of user rubyman.
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: pam_unix(su:session): session closed for user rubyman
May  8 17:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354416.
May  8 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
May  8 17:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19270]: pam_unix(cron:session): session closed for user root
May  8 17:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user samftp
May  8 17:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Failed password for root from 186.208.159.26 port 45652 ssh2
May  8 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Received disconnect from 186.208.159.26 port 45652:11: Bye Bye [preauth]
May  8 17:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22623]: Disconnected from 186.208.159.26 port 45652 [preauth]
May  8 17:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user root
May  8 17:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22755]: pam_unix(cron:session): session closed for user p13x
May  8 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22837]: Successful su for rubyman by root
May  8 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22837]: + ??? root:rubyman
May  8 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354422 of user rubyman.
May  8 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22837]: pam_unix(su:session): session closed for user rubyman
May  8 17:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354422.
May  8 17:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19696]: pam_unix(cron:session): session closed for user root
May  8 17:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22756]: pam_unix(cron:session): session closed for user samftp
May  8 17:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: Invalid user frappe from 43.153.195.114
May  8 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: input_userauth_request: invalid user frappe [preauth]
May  8 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: Failed password for invalid user frappe from 43.153.195.114 port 40306 ssh2
May  8 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: Received disconnect from 43.153.195.114 port 40306:11: Bye Bye [preauth]
May  8 17:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23060]: Disconnected from 43.153.195.114 port 40306 [preauth]
May  8 17:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: Failed password for root from 45.163.1.222 port 54694 ssh2
May  8 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: Received disconnect from 45.163.1.222 port 54694:11: Bye Bye [preauth]
May  8 17:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23121]: Disconnected from 45.163.1.222 port 54694 [preauth]
May  8 17:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21419]: pam_unix(cron:session): session closed for user root
May  8 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Invalid user utils from 69.166.232.229
May  8 17:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: input_userauth_request: invalid user utils [preauth]
May  8 17:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Invalid user gitlab from 185.213.165.126
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: input_userauth_request: invalid user gitlab [preauth]
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Failed password for invalid user utils from 69.166.232.229 port 46304 ssh2
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Received disconnect from 69.166.232.229 port 46304:11: Bye Bye [preauth]
May  8 17:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23165]: Disconnected from 69.166.232.229 port 46304 [preauth]
May  8 17:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Failed password for invalid user gitlab from 185.213.165.126 port 39916 ssh2
May  8 17:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Received disconnect from 185.213.165.126 port 39916:11: Bye Bye [preauth]
May  8 17:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23167]: Disconnected from 185.213.165.126 port 39916 [preauth]
May  8 17:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23231]: pam_unix(cron:session): session closed for user p13x
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23291]: Successful su for rubyman by root
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23291]: + ??? root:rubyman
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23291]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354426 of user rubyman.
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23291]: pam_unix(su:session): session closed for user rubyman
May  8 17:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354426.
May  8 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20141]: pam_unix(cron:session): session closed for user root
May  8 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: Invalid user ton from 115.72.8.68
May  8 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: input_userauth_request: invalid user ton [preauth]
May  8 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68
May  8 17:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23232]: pam_unix(cron:session): session closed for user samftp
May  8 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: Failed password for invalid user ton from 115.72.8.68 port 52875 ssh2
May  8 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: Received disconnect from 115.72.8.68 port 52875:11: Bye Bye [preauth]
May  8 17:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23529]: Disconnected from 115.72.8.68 port 52875 [preauth]
May  8 17:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session closed for user root
May  8 17:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Failed password for root from 88.142.46.185 port 38460 ssh2
May  8 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Received disconnect from 88.142.46.185 port 38460:11: Bye Bye [preauth]
May  8 17:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23673]: Disconnected from 88.142.46.185 port 38460 [preauth]
May  8 17:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Invalid user runner from 165.154.14.28
May  8 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: input_userauth_request: invalid user runner [preauth]
May  8 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Failed password for invalid user runner from 165.154.14.28 port 54316 ssh2
May  8 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Received disconnect from 165.154.14.28 port 54316:11: Bye Bye [preauth]
May  8 17:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23722]: Disconnected from 165.154.14.28 port 54316 [preauth]
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23738]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23737]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23737]: pam_unix(cron:session): session closed for user p13x
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: Successful su for rubyman by root
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: + ??? root:rubyman
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354432 of user rubyman.
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23904]: pam_unix(su:session): session closed for user rubyman
May  8 17:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354432.
May  8 17:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20553]: pam_unix(cron:session): session closed for user root
May  8 17:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23738]: pam_unix(cron:session): session closed for user samftp
May  8 17:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24140]: Connection closed by 172.236.228.86 port 49218 [preauth]
May  8 17:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24142]: Connection closed by 172.236.228.86 port 49222 [preauth]
May  8 17:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24146]: fatal: Unable to negotiate with 172.236.228.86 port 49238: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  8 17:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22759]: pam_unix(cron:session): session closed for user root
May  8 17:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Invalid user devil from 185.247.118.77
May  8 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: input_userauth_request: invalid user devil [preauth]
May  8 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 17:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Failed password for invalid user devil from 185.247.118.77 port 7596 ssh2
May  8 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Received disconnect from 185.247.118.77 port 7596:11: Bye Bye [preauth]
May  8 17:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24251]: Disconnected from 185.247.118.77 port 7596 [preauth]
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session closed for user p13x
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24359]: Successful su for rubyman by root
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24359]: + ??? root:rubyman
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354437 of user rubyman.
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24359]: pam_unix(su:session): session closed for user rubyman
May  8 17:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354437.
May  8 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Invalid user frontend from 197.248.178.226
May  8 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: input_userauth_request: invalid user frontend [preauth]
May  8 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Invalid user root2 from 180.253.142.73
May  8 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: input_userauth_request: invalid user root2 [preauth]
May  8 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Failed password for invalid user frontend from 197.248.178.226 port 39448 ssh2
May  8 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Received disconnect from 197.248.178.226 port 39448:11: Bye Bye [preauth]
May  8 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24284]: Disconnected from 197.248.178.226 port 39448 [preauth]
May  8 17:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user root
May  8 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Failed password for invalid user root2 from 180.253.142.73 port 54956 ssh2
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session closed for user samftp
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Received disconnect from 180.253.142.73 port 54956:11: Bye Bye [preauth]
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24418]: Disconnected from 180.253.142.73 port 54956 [preauth]
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Invalid user admin from 194.0.234.19
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: input_userauth_request: invalid user admin [preauth]
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Failed password for invalid user admin from 194.0.234.19 port 27636 ssh2
May  8 17:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24543]: Connection closed by 194.0.234.19 port 27636 [preauth]
May  8 17:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23235]: pam_unix(cron:session): session closed for user root
May  8 17:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 17:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: Failed password for root from 136.232.203.134 port 48331 ssh2
May  8 17:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: Received disconnect from 136.232.203.134 port 48331:11: Bye Bye [preauth]
May  8 17:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24718]: Disconnected from 136.232.203.134 port 48331 [preauth]
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session closed for user root
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24729]: pam_unix(cron:session): session closed for user p13x
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24798]: Successful su for rubyman by root
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24798]: + ??? root:rubyman
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354442 of user rubyman.
May  8 17:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24798]: pam_unix(su:session): session closed for user rubyman
May  8 17:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354442.
May  8 17:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24731]: pam_unix(cron:session): session closed for user root
May  8 17:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21418]: pam_unix(cron:session): session closed for user root
May  8 17:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24730]: pam_unix(cron:session): session closed for user samftp
May  8 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 17:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25049]: Failed password for root from 50.235.31.47 port 46850 ssh2
May  8 17:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25049]: Connection closed by 50.235.31.47 port 46850 [preauth]
May  8 17:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23740]: pam_unix(cron:session): session closed for user root
May  8 17:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Invalid user misp from 80.94.95.241
May  8 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: input_userauth_request: invalid user misp [preauth]
May  8 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 17:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Invalid user dev from 116.193.190.174
May  8 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: input_userauth_request: invalid user dev [preauth]
May  8 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 17:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Failed password for invalid user misp from 80.94.95.241 port 61962 ssh2
May  8 17:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Failed password for invalid user dev from 116.193.190.174 port 46392 ssh2
May  8 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Received disconnect from 116.193.190.174 port 46392:11: Bye Bye [preauth]
May  8 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25154]: Disconnected from 116.193.190.174 port 46392 [preauth]
May  8 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Failed password for invalid user misp from 80.94.95.241 port 61962 ssh2
May  8 17:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Failed password for invalid user misp from 80.94.95.241 port 61962 ssh2
May  8 17:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Failed password for invalid user misp from 80.94.95.241 port 61962 ssh2
May  8 17:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25176]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session closed for user p13x
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Failed password for invalid user misp from 80.94.95.241 port 61962 ssh2
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: Successful su for rubyman by root
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: + ??? root:rubyman
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354446 of user rubyman.
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session closed for user rubyman
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354446.
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Received disconnect from 80.94.95.241 port 61962:11: Bye [preauth]
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: Disconnected from 80.94.95.241 port 61962 [preauth]
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 17:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25152]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 17:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
May  8 17:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25176]: pam_unix(cron:session): session closed for user samftp
May  8 17:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Invalid user joseph from 186.208.159.26
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: input_userauth_request: invalid user joseph [preauth]
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Invalid user O from 195.178.110.50
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: input_userauth_request: invalid user O [preauth]
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 17:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Failed password for invalid user joseph from 186.208.159.26 port 53434 ssh2
May  8 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Received disconnect from 186.208.159.26 port 53434:11: Bye Bye [preauth]
May  8 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25472]: Disconnected from 186.208.159.26 port 53434 [preauth]
May  8 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Failed password for invalid user O from 195.178.110.50 port 40752 ssh2
May  8 17:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25474]: Failed password for root from 43.153.195.114 port 49290 ssh2
May  8 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25474]: Received disconnect from 43.153.195.114 port 49290:11: Bye Bye [preauth]
May  8 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25474]: Disconnected from 43.153.195.114 port 49290 [preauth]
May  8 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Connection closed by 195.178.110.50 port 40752 [preauth]
May  8 17:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24294]: pam_unix(cron:session): session closed for user root
May  8 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Invalid user X from 195.178.110.50
May  8 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: input_userauth_request: invalid user X [preauth]
May  8 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Failed password for invalid user X from 195.178.110.50 port 2960 ssh2
May  8 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25483]: Connection closed by 195.178.110.50 port 2960 [preauth]
May  8 17:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Invalid user a from 195.178.110.50
May  8 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: input_userauth_request: invalid user a [preauth]
May  8 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25608]: pam_unix(cron:session): session closed for user root
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25610]: pam_unix(cron:session): session closed for user p13x
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: Successful su for rubyman by root
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: + ??? root:rubyman
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354448 of user rubyman.
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25711]: pam_unix(su:session): session closed for user rubyman
May  8 17:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354448.
May  8 17:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Failed password for invalid user a from 195.178.110.50 port 57804 ssh2
May  8 17:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Invalid user psadmin from 88.142.46.185
May  8 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: input_userauth_request: invalid user psadmin [preauth]
May  8 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185
May  8 17:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22758]: pam_unix(cron:session): session closed for user root
May  8 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user samftp
May  8 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25564]: Connection closed by 195.178.110.50 port 57804 [preauth]
May  8 17:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Failed password for invalid user psadmin from 88.142.46.185 port 47116 ssh2
May  8 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Received disconnect from 88.142.46.185 port 47116:11: Bye Bye [preauth]
May  8 17:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25879]: Disconnected from 88.142.46.185 port 47116 [preauth]
May  8 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Invalid user j from 195.178.110.50
May  8 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: input_userauth_request: invalid user j [preauth]
May  8 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 17:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Failed password for invalid user j from 195.178.110.50 port 35048 ssh2
May  8 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25942]: Connection closed by 195.178.110.50 port 35048 [preauth]
May  8 17:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24733]: pam_unix(cron:session): session closed for user root
May  8 17:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.72.8.68  user=root
May  8 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Failed password for root from 115.72.8.68 port 42731 ssh2
May  8 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Received disconnect from 115.72.8.68 port 42731:11: Bye Bye [preauth]
May  8 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26054]: Disconnected from 115.72.8.68 port 42731 [preauth]
May  8 17:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 17:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Invalid user raju from 69.166.232.229
May  8 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: input_userauth_request: invalid user raju [preauth]
May  8 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26061]: Failed password for root from 45.163.1.222 port 40674 ssh2
May  8 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26061]: Received disconnect from 45.163.1.222 port 40674:11: Bye Bye [preauth]
May  8 17:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26061]: Disconnected from 45.163.1.222 port 40674 [preauth]
May  8 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Failed password for invalid user raju from 69.166.232.229 port 37286 ssh2
May  8 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Received disconnect from 69.166.232.229 port 37286:11: Bye Bye [preauth]
May  8 17:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26066]: Disconnected from 69.166.232.229 port 37286 [preauth]
May  8 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Invalid user s from 195.178.110.50
May  8 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: input_userauth_request: invalid user s [preauth]
May  8 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 17:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Failed password for invalid user s from 195.178.110.50 port 15948 ssh2
May  8 17:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26019]: Connection closed by 195.178.110.50 port 15948 [preauth]
May  8 17:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 17:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Failed password for root from 218.92.0.236 port 56482 ssh2
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user p13x
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: Successful su for rubyman by root
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: + ??? root:rubyman
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354454 of user rubyman.
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26181]: pam_unix(su:session): session closed for user rubyman
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354454.
May  8 17:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Failed password for root from 218.92.0.236 port 56482 ssh2
May  8 17:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Failed password for root from 218.92.0.236 port 56482 ssh2
May  8 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Received disconnect from 218.92.0.236 port 56482:11:  [preauth]
May  8 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: Disconnected from 218.92.0.236 port 56482 [preauth]
May  8 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26108]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 17:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23234]: pam_unix(cron:session): session closed for user root
May  8 17:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user samftp
May  8 17:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Invalid user lim from 83.235.16.111
May  8 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: input_userauth_request: invalid user lim [preauth]
May  8 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Failed password for invalid user lim from 83.235.16.111 port 48608 ssh2
May  8 17:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Received disconnect from 83.235.16.111 port 48608:11: Bye Bye [preauth]
May  8 17:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26363]: Disconnected from 83.235.16.111 port 48608 [preauth]
May  8 17:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Invalid user rami from 185.213.165.126
May  8 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: input_userauth_request: invalid user rami [preauth]
May  8 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Failed password for invalid user rami from 185.213.165.126 port 41380 ssh2
May  8 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Received disconnect from 185.213.165.126 port 41380:11: Bye Bye [preauth]
May  8 17:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26438]: Disconnected from 185.213.165.126 port 41380 [preauth]
May  8 17:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session closed for user root
May  8 17:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Invalid user frontend from 165.154.14.28
May  8 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: input_userauth_request: invalid user frontend [preauth]
May  8 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Failed password for invalid user frontend from 165.154.14.28 port 45876 ssh2
May  8 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Received disconnect from 165.154.14.28 port 45876:11: Bye Bye [preauth]
May  8 17:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26590]: Disconnected from 165.154.14.28 port 45876 [preauth]
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26601]: pam_unix(cron:session): session closed for user p13x
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26664]: Successful su for rubyman by root
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26664]: + ??? root:rubyman
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354457 of user rubyman.
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26664]: pam_unix(su:session): session closed for user rubyman
May  8 17:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354457.
May  8 17:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23739]: pam_unix(cron:session): session closed for user root
May  8 17:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session closed for user samftp
May  8 17:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
May  8 17:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: Failed password for root from 197.248.178.226 port 43744 ssh2
May  8 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: Received disconnect from 197.248.178.226 port 43744:11: Bye Bye [preauth]
May  8 17:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26983]: Disconnected from 197.248.178.226 port 43744 [preauth]
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27062]: pam_unix(cron:session): session closed for user root
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user p13x
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27145]: Successful su for rubyman by root
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27145]: + ??? root:rubyman
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354463 of user rubyman.
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27145]: pam_unix(su:session): session closed for user rubyman
May  8 17:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354463.
May  8 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session closed for user root
May  8 17:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session closed for user root
May  8 17:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user samftp
May  8 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Invalid user zhanglijuan from 180.253.142.73
May  8 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: input_userauth_request: invalid user zhanglijuan [preauth]
May  8 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Failed password for invalid user zhanglijuan from 180.253.142.73 port 42926 ssh2
May  8 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Received disconnect from 180.253.142.73 port 42926:11: Bye Bye [preauth]
May  8 17:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27368]: Disconnected from 180.253.142.73 port 42926 [preauth]
May  8 17:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26123]: pam_unix(cron:session): session closed for user root
May  8 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: Invalid user webdeploy from 136.232.203.134
May  8 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: input_userauth_request: invalid user webdeploy [preauth]
May  8 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 17:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: Failed password for invalid user webdeploy from 136.232.203.134 port 62416 ssh2
May  8 17:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: Received disconnect from 136.232.203.134 port 62416:11: Bye Bye [preauth]
May  8 17:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27490]: Disconnected from 136.232.203.134 port 62416 [preauth]
May  8 17:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27585]: pam_unix(cron:session): session closed for user p13x
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: Successful su for rubyman by root
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: + ??? root:rubyman
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354468 of user rubyman.
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27660]: pam_unix(su:session): session closed for user rubyman
May  8 17:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354468.
May  8 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27582]: Failed password for root from 185.247.118.77 port 14690 ssh2
May  8 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27582]: Received disconnect from 185.247.118.77 port 14690:11: Bye Bye [preauth]
May  8 17:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27582]: Disconnected from 185.247.118.77 port 14690 [preauth]
May  8 17:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 17:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 218.92.0.217 port 47348 ssh2
May  8 17:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24732]: pam_unix(cron:session): session closed for user root
May  8 17:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27586]: pam_unix(cron:session): session closed for user samftp
May  8 17:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 218.92.0.217 port 47348 ssh2
May  8 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Failed password for root from 218.92.0.217 port 47348 ssh2
May  8 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Received disconnect from 218.92.0.217 port 47348:11:  [preauth]
May  8 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: Disconnected from 218.92.0.217 port 47348 [preauth]
May  8 17:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27685]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 17:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Invalid user webdeploy from 43.153.195.114
May  8 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: input_userauth_request: invalid user webdeploy [preauth]
May  8 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Failed password for invalid user webdeploy from 43.153.195.114 port 56372 ssh2
May  8 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Received disconnect from 43.153.195.114 port 56372:11: Bye Bye [preauth]
May  8 17:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27912]: Disconnected from 43.153.195.114 port 56372 [preauth]
May  8 17:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session closed for user root
May  8 17:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Failed password for root from 88.142.46.185 port 55772 ssh2
May  8 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Received disconnect from 88.142.46.185 port 55772:11: Bye Bye [preauth]
May  8 17:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27955]: Disconnected from 88.142.46.185 port 55772 [preauth]
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user p13x
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28080]: Successful su for rubyman by root
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28080]: + ??? root:rubyman
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354472 of user rubyman.
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28080]: pam_unix(su:session): session closed for user rubyman
May  8 17:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354472.
May  8 17:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Invalid user demo from 83.235.16.111
May  8 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: input_userauth_request: invalid user demo [preauth]
May  8 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session closed for user root
May  8 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Failed password for invalid user demo from 83.235.16.111 port 51034 ssh2
May  8 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Received disconnect from 83.235.16.111 port 51034:11: Bye Bye [preauth]
May  8 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28132]: Disconnected from 83.235.16.111 port 51034 [preauth]
May  8 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user samftp
May  8 17:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Failed password for root from 186.208.159.26 port 32984 ssh2
May  8 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Received disconnect from 186.208.159.26 port 32984:11: Bye Bye [preauth]
May  8 17:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28261]: Disconnected from 186.208.159.26 port 32984 [preauth]
May  8 17:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27061]: pam_unix(cron:session): session closed for user root
May  8 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Invalid user lch from 116.193.190.174
May  8 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: input_userauth_request: invalid user lch [preauth]
May  8 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Failed password for invalid user lch from 116.193.190.174 port 33312 ssh2
May  8 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Received disconnect from 116.193.190.174 port 33312:11: Bye Bye [preauth]
May  8 17:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28353]: Disconnected from 116.193.190.174 port 33312 [preauth]
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session closed for user p13x
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28493]: Successful su for rubyman by root
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28493]: + ??? root:rubyman
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354476 of user rubyman.
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28493]: pam_unix(su:session): session closed for user rubyman
May  8 17:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354476.
May  8 17:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user root
May  8 17:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session closed for user samftp
May  8 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27588]: pam_unix(cron:session): session closed for user root
May  8 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Invalid user kong from 185.213.165.126
May  8 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: input_userauth_request: invalid user kong [preauth]
May  8 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Failed password for invalid user kong from 185.213.165.126 port 54968 ssh2
May  8 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Received disconnect from 185.213.165.126 port 54968:11: Bye Bye [preauth]
May  8 17:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Disconnected from 185.213.165.126 port 54968 [preauth]
May  8 17:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Invalid user shiny from 83.235.16.111
May  8 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: input_userauth_request: invalid user shiny [preauth]
May  8 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Invalid user radmin from 69.166.232.229
May  8 17:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: input_userauth_request: invalid user radmin [preauth]
May  8 17:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.166.232.229
May  8 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Failed password for invalid user shiny from 83.235.16.111 port 58762 ssh2
May  8 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Received disconnect from 83.235.16.111 port 58762:11: Bye Bye [preauth]
May  8 17:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28777]: Disconnected from 83.235.16.111 port 58762 [preauth]
May  8 17:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Failed password for invalid user radmin from 69.166.232.229 port 59424 ssh2
May  8 17:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Received disconnect from 69.166.232.229 port 59424:11: Bye Bye [preauth]
May  8 17:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28788]: Disconnected from 69.166.232.229 port 59424 [preauth]
May  8 17:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Failed password for root from 45.163.1.222 port 53782 ssh2
May  8 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Received disconnect from 45.163.1.222 port 53782:11: Bye Bye [preauth]
May  8 17:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28820]: Disconnected from 45.163.1.222 port 53782 [preauth]
May  8 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session closed for user p13x
May  8 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28900]: Successful su for rubyman by root
May  8 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28900]: + ??? root:rubyman
May  8 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354479 of user rubyman.
May  8 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28900]: pam_unix(su:session): session closed for user rubyman
May  8 17:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354479.
May  8 17:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user root
May  8 17:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user samftp
May  8 17:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: Invalid user admin from 85.208.84.5
May  8 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: input_userauth_request: invalid user admin [preauth]
May  8 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: Failed password for invalid user admin from 85.208.84.5 port 31366 ssh2
May  8 17:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29190]: Connection closed by 85.208.84.5 port 31366 [preauth]
May  8 17:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28020]: pam_unix(cron:session): session closed for user root
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29342]: pam_unix(cron:session): session closed for user root
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29337]: pam_unix(cron:session): session closed for user p13x
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29409]: Successful su for rubyman by root
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29409]: + ??? root:rubyman
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354486 of user rubyman.
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29409]: pam_unix(su:session): session closed for user rubyman
May  8 17:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354486.
May  8 17:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session closed for user root
May  8 17:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session closed for user root
May  8 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Failed password for root from 165.154.14.28 port 54698 ssh2
May  8 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Received disconnect from 165.154.14.28 port 54698:11: Bye Bye [preauth]
May  8 17:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29474]: Disconnected from 165.154.14.28 port 54698 [preauth]
May  8 17:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29338]: pam_unix(cron:session): session closed for user samftp
May  8 17:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Invalid user devil from 197.248.178.226
May  8 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: input_userauth_request: invalid user devil [preauth]
May  8 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 17:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Failed password for invalid user devil from 197.248.178.226 port 35574 ssh2
May  8 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Received disconnect from 197.248.178.226 port 35574:11: Bye Bye [preauth]
May  8 17:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29638]: Disconnected from 197.248.178.226 port 35574 [preauth]
May  8 17:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Failed password for root from 83.235.16.111 port 38254 ssh2
May  8 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Received disconnect from 83.235.16.111 port 38254:11: Bye Bye [preauth]
May  8 17:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29670]: Disconnected from 83.235.16.111 port 38254 [preauth]
May  8 17:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28430]: pam_unix(cron:session): session closed for user root
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29784]: pam_unix(cron:session): session closed for user p13x
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29853]: Successful su for rubyman by root
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29853]: + ??? root:rubyman
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354491 of user rubyman.
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29853]: pam_unix(su:session): session closed for user rubyman
May  8 17:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354491.
May  8 17:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27060]: pam_unix(cron:session): session closed for user root
May  8 17:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29785]: pam_unix(cron:session): session closed for user samftp
May  8 17:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Invalid user joseph from 136.232.203.134
May  8 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: input_userauth_request: invalid user joseph [preauth]
May  8 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 17:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.142.46.185  user=root
May  8 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Failed password for invalid user joseph from 136.232.203.134 port 30306 ssh2
May  8 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Received disconnect from 136.232.203.134 port 30306:11: Bye Bye [preauth]
May  8 17:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: Disconnected from 136.232.203.134 port 30306 [preauth]
May  8 17:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Failed password for root from 88.142.46.185 port 36204 ssh2
May  8 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Received disconnect from 88.142.46.185 port 36204:11: Bye Bye [preauth]
May  8 17:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30076]: Disconnected from 88.142.46.185 port 36204 [preauth]
May  8 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Failed password for root from 180.253.142.73 port 59642 ssh2
May  8 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Received disconnect from 180.253.142.73 port 59642:11: Bye Bye [preauth]
May  8 17:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30078]: Disconnected from 180.253.142.73 port 59642 [preauth]
May  8 17:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Invalid user system from 85.208.84.134
May  8 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: input_userauth_request: invalid user system [preauth]
May  8 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 17:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Failed password for invalid user system from 85.208.84.134 port 37268 ssh2
May  8 17:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30120]: Connection closed by 85.208.84.134 port 37268 [preauth]
May  8 17:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May  8 17:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Failed password for root from 43.153.195.114 port 54596 ssh2
May  8 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Received disconnect from 43.153.195.114 port 54596:11: Bye Bye [preauth]
May  8 17:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30180]: Disconnected from 43.153.195.114 port 54596 [preauth]
May  8 17:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Invalid user ali from 83.235.16.111
May  8 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: input_userauth_request: invalid user ali [preauth]
May  8 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Failed password for invalid user ali from 83.235.16.111 port 45974 ssh2
May  8 17:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Received disconnect from 83.235.16.111 port 45974:11: Bye Bye [preauth]
May  8 17:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30192]: Disconnected from 83.235.16.111 port 45974 [preauth]
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30211]: pam_unix(cron:session): session closed for user p13x
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30269]: Successful su for rubyman by root
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30269]: + ??? root:rubyman
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354493 of user rubyman.
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30269]: pam_unix(su:session): session closed for user rubyman
May  8 17:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354493.
May  8 17:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27587]: pam_unix(cron:session): session closed for user root
May  8 17:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session closed for user samftp
May  8 17:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session closed for user root
May  8 17:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Invalid user frappe from 186.208.159.26
May  8 17:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: input_userauth_request: invalid user frappe [preauth]
May  8 17:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26
May  8 17:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Failed password for invalid user frappe from 186.208.159.26 port 40762 ssh2
May  8 17:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Received disconnect from 186.208.159.26 port 40762:11: Bye Bye [preauth]
May  8 17:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30594]: Disconnected from 186.208.159.26 port 40762 [preauth]
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30607]: pam_unix(cron:session): session closed for user p13x
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: Successful su for rubyman by root
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: + ??? root:rubyman
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354497 of user rubyman.
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: pam_unix(su:session): session closed for user rubyman
May  8 17:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354497.
May  8 17:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28019]: pam_unix(cron:session): session closed for user root
May  8 17:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session closed for user samftp
May  8 17:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Invalid user taha from 83.235.16.111
May  8 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: input_userauth_request: invalid user taha [preauth]
May  8 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Failed password for root from 218.92.0.216 port 46684 ssh2
May  8 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Failed password for invalid user taha from 83.235.16.111 port 53690 ssh2
May  8 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Received disconnect from 83.235.16.111 port 53690:11: Bye Bye [preauth]
May  8 17:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30909]: Disconnected from 83.235.16.111 port 53690 [preauth]
May  8 17:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Failed password for root from 218.92.0.216 port 46684 ssh2
May  8 17:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Failed password for root from 218.92.0.216 port 46684 ssh2
May  8 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Received disconnect from 218.92.0.216 port 46684:11:  [preauth]
May  8 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: Disconnected from 218.92.0.216 port 46684 [preauth]
May  8 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30893]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 17:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29787]: pam_unix(cron:session): session closed for user root
May  8 17:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 17:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: Failed password for root from 185.247.118.77 port 61108 ssh2
May  8 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: Received disconnect from 185.247.118.77 port 61108:11: Bye Bye [preauth]
May  8 17:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30945]: Disconnected from 185.247.118.77 port 61108 [preauth]
May  8 17:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Invalid user nano from 185.213.165.126
May  8 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: input_userauth_request: invalid user nano [preauth]
May  8 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Failed password for invalid user nano from 185.213.165.126 port 37236 ssh2
May  8 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Received disconnect from 185.213.165.126 port 37236:11: Bye Bye [preauth]
May  8 17:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31035]: Disconnected from 185.213.165.126 port 37236 [preauth]
May  8 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31106]: pam_unix(cron:session): session closed for user p13x
May  8 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: Successful su for rubyman by root
May  8 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: + ??? root:rubyman
May  8 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354501 of user rubyman.
May  8 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31171]: pam_unix(su:session): session closed for user rubyman
May  8 17:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354501.
May  8 17:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28429]: pam_unix(cron:session): session closed for user root
May  8 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Invalid user vishnu from 116.193.190.174
May  8 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: input_userauth_request: invalid user vishnu [preauth]
May  8 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31107]: pam_unix(cron:session): session closed for user samftp
May  8 17:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Failed password for invalid user vishnu from 116.193.190.174 port 42674 ssh2
May  8 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Received disconnect from 116.193.190.174 port 42674:11: Bye Bye [preauth]
May  8 17:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31231]: Disconnected from 116.193.190.174 port 42674 [preauth]
May  8 17:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session closed for user root
May  8 17:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Failed password for root from 83.235.16.111 port 33184 ssh2
May  8 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Received disconnect from 83.235.16.111 port 33184:11: Bye Bye [preauth]
May  8 17:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31505]: Disconnected from 83.235.16.111 port 33184 [preauth]
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31522]: pam_unix(cron:session): session closed for user root
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session closed for user p13x
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31595]: Successful su for rubyman by root
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31595]: + ??? root:rubyman
May  8 17:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354507 of user rubyman.
May  8 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31595]: pam_unix(su:session): session closed for user rubyman
May  8 17:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354507.
May  8 17:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user root
May  8 17:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user root
May  8 17:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session closed for user samftp
May  8 17:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.163.1.222  user=root
May  8 17:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Failed password for root from 45.163.1.222 port 42624 ssh2
May  8 17:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Received disconnect from 45.163.1.222 port 42624:11: Bye Bye [preauth]
May  8 17:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31836]: Disconnected from 45.163.1.222 port 42624 [preauth]
May  8 17:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session closed for user root
May  8 17:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Invalid user patrol from 197.248.178.226
May  8 17:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: input_userauth_request: invalid user patrol [preauth]
May  8 17:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 17:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Failed password for invalid user patrol from 197.248.178.226 port 47158 ssh2
May  8 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Received disconnect from 197.248.178.226 port 47158:11: Bye Bye [preauth]
May  8 17:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32084]: Disconnected from 197.248.178.226 port 47158 [preauth]
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32225]: pam_unix(cron:session): session closed for user p13x
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32350]: Successful su for rubyman by root
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32350]: + ??? root:rubyman
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32350]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354512 of user rubyman.
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32350]: pam_unix(su:session): session closed for user rubyman
May  8 17:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354512.
May  8 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29340]: pam_unix(cron:session): session closed for user root
May  8 17:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32228]: pam_unix(cron:session): session closed for user samftp
May  8 17:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: Invalid user rr1 from 165.154.14.28
May  8 17:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: input_userauth_request: invalid user rr1 [preauth]
May  8 17:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28
May  8 17:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: Failed password for invalid user rr1 from 165.154.14.28 port 47704 ssh2
May  8 17:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: Received disconnect from 165.154.14.28 port 47704:11: Bye Bye [preauth]
May  8 17:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32563]: Disconnected from 165.154.14.28 port 47704 [preauth]
May  8 17:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Failed password for root from 83.235.16.111 port 40910 ssh2
May  8 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Received disconnect from 83.235.16.111 port 40910:11: Bye Bye [preauth]
May  8 17:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Disconnected from 83.235.16.111 port 40910 [preauth]
May  8 17:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31109]: pam_unix(cron:session): session closed for user root
May  8 17:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Invalid user psadmin from 136.232.203.134
May  8 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: input_userauth_request: invalid user psadmin [preauth]
May  8 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Failed password for invalid user psadmin from 136.232.203.134 port 22439 ssh2
May  8 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Received disconnect from 136.232.203.134 port 22439:11: Bye Bye [preauth]
May  8 17:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[341]: Disconnected from 136.232.203.134 port 22439 [preauth]
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[376]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[376]: pam_unix(cron:session): session closed for user p13x
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[481]: Successful su for rubyman by root
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[481]: + ??? root:rubyman
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354516 of user rubyman.
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[481]: pam_unix(su:session): session closed for user rubyman
May  8 17:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354516.
May  8 17:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 17:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29786]: pam_unix(cron:session): session closed for user root
May  8 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[378]: pam_unix(cron:session): session closed for user samftp
May  8 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: Failed password for root from 43.153.195.114 port 42012 ssh2
May  8 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: Received disconnect from 43.153.195.114 port 42012:11: Bye Bye [preauth]
May  8 17:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[610]: Disconnected from 43.153.195.114 port 42012 [preauth]
May  8 17:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: Invalid user elasticsearch from 180.253.142.73
May  8 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: Failed password for invalid user elasticsearch from 180.253.142.73 port 48094 ssh2
May  8 17:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: Received disconnect from 180.253.142.73 port 48094:11: Bye Bye [preauth]
May  8 17:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[760]: Disconnected from 180.253.142.73 port 48094 [preauth]
May  8 17:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[871]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[871]: pam_unix(cron:session): session closed for user p13x
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[950]: Successful su for rubyman by root
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[950]: + ??? root:rubyman
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354520 of user rubyman.
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[950]: pam_unix(su:session): session closed for user rubyman
May  8 17:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354520.
May  8 17:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user root
May  8 17:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Failed password for root from 83.235.16.111 port 48634 ssh2
May  8 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Received disconnect from 83.235.16.111 port 48634:11: Bye Bye [preauth]
May  8 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: Disconnected from 83.235.16.111 port 48634 [preauth]
May  8 17:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[872]: pam_unix(cron:session): session closed for user samftp
May  8 17:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32230]: pam_unix(cron:session): session closed for user root
May  8 17:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: Invalid user 1234 from 80.94.95.116
May  8 17:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: input_userauth_request: invalid user 1234 [preauth]
May  8 17:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 17:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: Failed password for invalid user 1234 from 80.94.95.116 port 28324 ssh2
May  8 17:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1267]: Connection closed by 80.94.95.116 port 28324 [preauth]
May  8 17:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126  user=root
May  8 17:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Invalid user admin from 80.94.95.112
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: input_userauth_request: invalid user admin [preauth]
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Failed password for root from 185.213.165.126 port 35166 ssh2
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Received disconnect from 185.213.165.126 port 35166:11: Bye Bye [preauth]
May  8 17:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1302]: Disconnected from 185.213.165.126 port 35166 [preauth]
May  8 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user admin from 80.94.95.112 port 40429 ssh2
May  8 17:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user admin from 80.94.95.112 port 40429 ssh2
May  8 17:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user admin from 80.94.95.112 port 40429 ssh2
May  8 17:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user admin from 80.94.95.112 port 40429 ssh2
May  8 17:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Failed password for invalid user admin from 80.94.95.112 port 40429 ssh2
May  8 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Received disconnect from 80.94.95.112 port 40429:11: Bye [preauth]
May  8 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: Disconnected from 80.94.95.112 port 40429 [preauth]
May  8 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 17:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1318]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 17:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Failed password for root from 186.208.159.26 port 48548 ssh2
May  8 17:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Received disconnect from 186.208.159.26 port 48548:11: Bye Bye [preauth]
May  8 17:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Disconnected from 186.208.159.26 port 48548 [preauth]
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user p13x
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: Successful su for rubyman by root
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: + ??? root:rubyman
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354523 of user rubyman.
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1440]: pam_unix(su:session): session closed for user rubyman
May  8 17:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354523.
May  8 17:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session closed for user root
May  8 17:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session closed for user samftp
May  8 17:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[380]: pam_unix(cron:session): session closed for user root
May  8 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Invalid user synct from 83.235.16.111
May  8 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: input_userauth_request: invalid user synct [preauth]
May  8 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Failed password for invalid user synct from 83.235.16.111 port 56362 ssh2
May  8 17:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Received disconnect from 83.235.16.111 port 56362:11: Bye Bye [preauth]
May  8 17:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1753]: Disconnected from 83.235.16.111 port 56362 [preauth]
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user root
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1852]: pam_unix(cron:session): session closed for user p13x
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2007]: Successful su for rubyman by root
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2007]: + ??? root:rubyman
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354528 of user rubyman.
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2007]: pam_unix(su:session): session closed for user rubyman
May  8 17:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354528.
May  8 17:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1854]: pam_unix(cron:session): session closed for user root
May  8 17:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31108]: pam_unix(cron:session): session closed for user root
May  8 17:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1853]: pam_unix(cron:session): session closed for user samftp
May  8 17:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Invalid user blog from 116.193.190.174
May  8 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: input_userauth_request: invalid user blog [preauth]
May  8 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.193.190.174
May  8 17:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Failed password for invalid user blog from 116.193.190.174 port 42192 ssh2
May  8 17:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Received disconnect from 116.193.190.174 port 42192:11: Bye Bye [preauth]
May  8 17:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2282]: Disconnected from 116.193.190.174 port 42192 [preauth]
May  8 17:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[874]: pam_unix(cron:session): session closed for user root
May  8 17:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77  user=root
May  8 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Failed password for root from 185.247.118.77 port 27512 ssh2
May  8 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Received disconnect from 185.247.118.77 port 27512:11: Bye Bye [preauth]
May  8 17:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2313]: Disconnected from 185.247.118.77 port 27512 [preauth]
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2382]: pam_unix(cron:session): session closed for user p13x
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: Successful su for rubyman by root
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: + ??? root:rubyman
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354534 of user rubyman.
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2466]: pam_unix(su:session): session closed for user rubyman
May  8 17:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354534.
May  8 17:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user root
May  8 17:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2385]: pam_unix(cron:session): session closed for user samftp
May  8 17:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Invalid user manuel from 83.235.16.111
May  8 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: input_userauth_request: invalid user manuel [preauth]
May  8 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Failed password for invalid user manuel from 83.235.16.111 port 35852 ssh2
May  8 17:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Received disconnect from 83.235.16.111 port 35852:11: Bye Bye [preauth]
May  8 17:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2670]: Disconnected from 83.235.16.111 port 35852 [preauth]
May  8 17:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Invalid user runner from 197.248.178.226
May  8 17:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: input_userauth_request: invalid user runner [preauth]
May  8 17:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226
May  8 17:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Failed password for invalid user runner from 197.248.178.226 port 32876 ssh2
May  8 17:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Received disconnect from 197.248.178.226 port 32876:11: Bye Bye [preauth]
May  8 17:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2722]: Disconnected from 197.248.178.226 port 32876 [preauth]
May  8 17:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1367]: pam_unix(cron:session): session closed for user root
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2836]: pam_unix(cron:session): session closed for user p13x
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2905]: Successful su for rubyman by root
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2905]: + ??? root:rubyman
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354539 of user rubyman.
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2905]: pam_unix(su:session): session closed for user rubyman
May  8 17:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354539.
May  8 17:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32229]: pam_unix(cron:session): session closed for user root
May  8 17:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2838]: pam_unix(cron:session): session closed for user samftp
May  8 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: Invalid user deploy from 50.235.31.47
May  8 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: input_userauth_request: invalid user deploy [preauth]
May  8 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 17:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: Failed password for invalid user deploy from 50.235.31.47 port 46502 ssh2
May  8 17:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3104]: Connection closed by 50.235.31.47 port 46502 [preauth]
May  8 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Failed password for root from 165.154.14.28 port 57670 ssh2
May  8 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Received disconnect from 165.154.14.28 port 57670:11: Bye Bye [preauth]
May  8 17:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3107]: Disconnected from 165.154.14.28 port 57670 [preauth]
May  8 17:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Failed password for root from 43.153.195.114 port 59960 ssh2
May  8 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Received disconnect from 43.153.195.114 port 59960:11: Bye Bye [preauth]
May  8 17:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3133]: Disconnected from 43.153.195.114 port 59960 [preauth]
May  8 17:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Failed password for root from 136.232.203.134 port 49320 ssh2
May  8 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Received disconnect from 136.232.203.134 port 49320:11: Bye Bye [preauth]
May  8 17:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3166]: Disconnected from 136.232.203.134 port 49320 [preauth]
May  8 17:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1856]: pam_unix(cron:session): session closed for user root
May  8 17:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Failed password for root from 83.235.16.111 port 43568 ssh2
May  8 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Received disconnect from 83.235.16.111 port 43568:11: Bye Bye [preauth]
May  8 17:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3242]: Disconnected from 83.235.16.111 port 43568 [preauth]
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3262]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3261]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3261]: pam_unix(cron:session): session closed for user p13x
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3323]: Successful su for rubyman by root
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3323]: + ??? root:rubyman
May  8 17:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3323]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354543 of user rubyman.
May  8 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3323]: pam_unix(su:session): session closed for user rubyman
May  8 17:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354543.
May  8 17:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[379]: pam_unix(cron:session): session closed for user root
May  8 17:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3262]: pam_unix(cron:session): session closed for user samftp
May  8 17:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 17:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2389]: pam_unix(cron:session): session closed for user root
May  8 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: Failed password for root from 180.253.142.73 port 36170 ssh2
May  8 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: Received disconnect from 180.253.142.73 port 36170:11: Bye Bye [preauth]
May  8 17:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: Disconnected from 180.253.142.73 port 36170 [preauth]
May  8 17:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Invalid user theta from 185.213.165.126
May  8 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: input_userauth_request: invalid user theta [preauth]
May  8 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Failed password for invalid user theta from 185.213.165.126 port 44664 ssh2
May  8 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Received disconnect from 185.213.165.126 port 44664:11: Bye Bye [preauth]
May  8 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3678]: Disconnected from 185.213.165.126 port 44664 [preauth]
May  8 17:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  8 17:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: Failed password for root from 218.92.0.226 port 43412 ssh2
May  8 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: message repeated 2 times: [ Failed password for root from 218.92.0.226 port 43412 ssh2]
May  8 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: Received disconnect from 218.92.0.226 port 43412:11:  [preauth]
May  8 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: Disconnected from 218.92.0.226 port 43412 [preauth]
May  8 17:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3695]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3722]: pam_unix(cron:session): session closed for user p13x
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3842]: Successful su for rubyman by root
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3842]: + ??? root:rubyman
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354549 of user rubyman.
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3842]: pam_unix(su:session): session closed for user rubyman
May  8 17:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354549.
May  8 17:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3720]: pam_unix(cron:session): session closed for user root
May  8 17:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[873]: pam_unix(cron:session): session closed for user root
May  8 17:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3723]: pam_unix(cron:session): session closed for user samftp
May  8 17:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Invalid user rony from 83.235.16.111
May  8 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: input_userauth_request: invalid user rony [preauth]
May  8 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Failed password for invalid user rony from 83.235.16.111 port 51294 ssh2
May  8 17:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Received disconnect from 83.235.16.111 port 51294:11: Bye Bye [preauth]
May  8 17:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4157]: Disconnected from 83.235.16.111 port 51294 [preauth]
May  8 17:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2840]: pam_unix(cron:session): session closed for user root
May  8 17:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Failed password for root from 186.208.159.26 port 56338 ssh2
May  8 17:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Received disconnect from 186.208.159.26 port 56338:11: Bye Bye [preauth]
May  8 17:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4226]: Disconnected from 186.208.159.26 port 56338 [preauth]
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user root
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4274]: pam_unix(cron:session): session closed for user p13x
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: Successful su for rubyman by root
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: + ??? root:rubyman
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354552 of user rubyman.
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4469]: pam_unix(su:session): session closed for user rubyman
May  8 17:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354552.
May  8 17:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4276]: pam_unix(cron:session): session closed for user root
May  8 17:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1366]: pam_unix(cron:session): session closed for user root
May  8 17:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session closed for user samftp
May  8 17:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3264]: pam_unix(cron:session): session closed for user root
May  8 17:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 17:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Failed password for root from 218.92.0.222 port 45480 ssh2
May  8 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 45480 ssh2]
May  8 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Received disconnect from 218.92.0.222 port 45480:11:  [preauth]
May  8 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: Disconnected from 218.92.0.222 port 45480 [preauth]
May  8 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4813]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 17:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 17:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Failed password for root from 218.92.0.222 port 46192 ssh2
May  8 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 46192 ssh2]
May  8 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Received disconnect from 218.92.0.222 port 46192:11:  [preauth]
May  8 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: Disconnected from 218.92.0.222 port 46192 [preauth]
May  8 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4839]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Invalid user yfc from 83.235.16.111
May  8 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: input_userauth_request: invalid user yfc [preauth]
May  8 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:40:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for root from 218.92.0.222 port 50810 ssh2
May  8 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Failed password for invalid user yfc from 83.235.16.111 port 59014 ssh2
May  8 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Received disconnect from 83.235.16.111 port 59014:11: Bye Bye [preauth]
May  8 17:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4856]: Disconnected from 83.235.16.111 port 59014 [preauth]
May  8 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4868]: pam_unix(cron:session): session closed for user p13x
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4946]: Successful su for rubyman by root
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4946]: + ??? root:rubyman
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4946]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354556 of user rubyman.
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4946]: pam_unix(su:session): session closed for user rubyman
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354556.
May  8 17:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for root from 218.92.0.222 port 50810 ssh2
May  8 17:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Failed password for root from 218.92.0.222 port 50810 ssh2
May  8 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Received disconnect from 218.92.0.222 port 50810:11:  [preauth]
May  8 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: Disconnected from 218.92.0.222 port 50810 [preauth]
May  8 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4851]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 17:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user root
May  8 17:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4869]: pam_unix(cron:session): session closed for user samftp
May  8 17:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3725]: pam_unix(cron:session): session closed for user root
May  8 17:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.248.178.226  user=root
May  8 17:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Failed password for root from 197.248.178.226 port 48618 ssh2
May  8 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Received disconnect from 197.248.178.226 port 48618:11: Bye Bye [preauth]
May  8 17:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5472]: Disconnected from 197.248.178.226 port 48618 [preauth]
May  8 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5487]: pam_unix(cron:session): session closed for user p13x
May  8 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5587]: Successful su for rubyman by root
May  8 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5587]: + ??? root:rubyman
May  8 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354562 of user rubyman.
May  8 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5587]: pam_unix(su:session): session closed for user rubyman
May  8 17:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354562.
May  8 17:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2387]: pam_unix(cron:session): session closed for user root
May  8 17:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5488]: pam_unix(cron:session): session closed for user samftp
May  8 17:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Invalid user polaris from 83.235.16.111
May  8 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: input_userauth_request: invalid user polaris [preauth]
May  8 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Failed password for invalid user polaris from 83.235.16.111 port 38504 ssh2
May  8 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Received disconnect from 83.235.16.111 port 38504:11: Bye Bye [preauth]
May  8 17:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5976]: Disconnected from 83.235.16.111 port 38504 [preauth]
May  8 17:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session closed for user root
May  8 17:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Invalid user frontend from 185.247.118.77
May  8 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: input_userauth_request: invalid user frontend [preauth]
May  8 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.118.77
May  8 17:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Failed password for invalid user frontend from 185.247.118.77 port 27034 ssh2
May  8 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Received disconnect from 185.247.118.77 port 27034:11: Bye Bye [preauth]
May  8 17:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: Disconnected from 185.247.118.77 port 27034 [preauth]
May  8 17:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Invalid user testuser from 136.232.203.134
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: input_userauth_request: invalid user testuser [preauth]
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6091]: pam_unix(cron:session): session closed for user p13x
May  8 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: Successful su for rubyman by root
May  8 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: + ??? root:rubyman
May  8 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354565 of user rubyman.
May  8 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6159]: pam_unix(su:session): session closed for user rubyman
May  8 17:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354565.
May  8 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Failed password for invalid user testuser from 136.232.203.134 port 63754 ssh2
May  8 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Received disconnect from 136.232.203.134 port 63754:11: Bye Bye [preauth]
May  8 17:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6077]: Disconnected from 136.232.203.134 port 63754 [preauth]
May  8 17:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2839]: pam_unix(cron:session): session closed for user root
May  8 17:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6092]: pam_unix(cron:session): session closed for user samftp
May  8 17:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for root from 165.154.14.28 port 58402 ssh2
May  8 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Received disconnect from 165.154.14.28 port 58402:11: Bye Bye [preauth]
May  8 17:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Disconnected from 165.154.14.28 port 58402 [preauth]
May  8 17:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4871]: pam_unix(cron:session): session closed for user root
May  8 17:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Invalid user dev from 185.213.165.126
May  8 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: input_userauth_request: invalid user dev [preauth]
May  8 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Failed password for invalid user dev from 185.213.165.126 port 58670 ssh2
May  8 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Received disconnect from 185.213.165.126 port 58670:11: Bye Bye [preauth]
May  8 17:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6482]: Disconnected from 185.213.165.126 port 58670 [preauth]
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6503]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6502]: pam_unix(cron:session): session closed for user p13x
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: Successful su for rubyman by root
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: + ??? root:rubyman
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354569 of user rubyman.
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6559]: pam_unix(su:session): session closed for user rubyman
May  8 17:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354569.
May  8 17:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3263]: pam_unix(cron:session): session closed for user root
May  8 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Failed password for root from 83.235.16.111 port 46228 ssh2
May  8 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Received disconnect from 83.235.16.111 port 46228:11: Bye Bye [preauth]
May  8 17:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6627]: Disconnected from 83.235.16.111 port 46228 [preauth]
May  8 17:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6503]: pam_unix(cron:session): session closed for user samftp
May  8 17:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5490]: pam_unix(cron:session): session closed for user root
May  8 17:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: Invalid user staging from 180.253.142.73
May  8 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: input_userauth_request: invalid user staging [preauth]
May  8 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: Failed password for invalid user staging from 180.253.142.73 port 52894 ssh2
May  8 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: Received disconnect from 180.253.142.73 port 52894:11: Bye Bye [preauth]
May  8 17:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6867]: Disconnected from 180.253.142.73 port 52894 [preauth]
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6999]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7006]: pam_unix(cron:session): session closed for user root
May  8 17:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6998]: pam_unix(cron:session): session closed for user p13x
May  8 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: Successful su for rubyman by root
May  8 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: + ??? root:rubyman
May  8 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354576 of user rubyman.
May  8 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7083]: pam_unix(su:session): session closed for user rubyman
May  8 17:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354576.
May  8 17:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7003]: pam_unix(cron:session): session closed for user root
May  8 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3724]: pam_unix(cron:session): session closed for user root
May  8 17:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Invalid user ubnt from 85.208.84.5
May  8 17:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: input_userauth_request: invalid user ubnt [preauth]
May  8 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 17:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6999]: pam_unix(cron:session): session closed for user samftp
May  8 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Failed password for invalid user ubnt from 85.208.84.5 port 42976 ssh2
May  8 17:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7286]: Connection closed by 85.208.84.5 port 42976 [preauth]
May  8 17:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6094]: pam_unix(cron:session): session closed for user root
May  8 17:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Invalid user rizal from 83.235.16.111
May  8 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: input_userauth_request: invalid user rizal [preauth]
May  8 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Failed password for invalid user rizal from 83.235.16.111 port 53954 ssh2
May  8 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Received disconnect from 83.235.16.111 port 53954:11: Bye Bye [preauth]
May  8 17:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7402]: Disconnected from 83.235.16.111 port 53954 [preauth]
May  8 17:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Failed password for root from 186.208.159.26 port 35890 ssh2
May  8 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Received disconnect from 186.208.159.26 port 35890:11: Bye Bye [preauth]
May  8 17:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7424]: Disconnected from 186.208.159.26 port 35890 [preauth]
May  8 17:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:45:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 17:45:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: Failed password for root from 218.92.0.198 port 56056 ssh2
May  8 17:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 56056 ssh2]
May  8 17:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: Received disconnect from 218.92.0.198 port 56056:11:  [preauth]
May  8 17:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: Disconnected from 218.92.0.198 port 56056 [preauth]
May  8 17:45:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7435]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 17:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session closed for user p13x
May  8 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: Successful su for rubyman by root
May  8 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: + ??? root:rubyman
May  8 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354579 of user rubyman.
May  8 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session closed for user rubyman
May  8 17:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354579.
May  8 17:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session closed for user root
May  8 17:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user samftp
May  8 17:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 17:46:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Failed password for root from 218.92.0.198 port 37850 ssh2
May  8 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 37850 ssh2]
May  8 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Received disconnect from 218.92.0.198 port 37850:11:  [preauth]
May  8 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: Disconnected from 218.92.0.198 port 37850 [preauth]
May  8 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7848]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 17:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6505]: pam_unix(cron:session): session closed for user root
May  8 17:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Received disconnect from 218.92.0.198 port 58938:11:  [preauth]
May  8 17:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7956]: Disconnected from 218.92.0.198 port 58938 [preauth]
May  8 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Invalid user steam from 164.68.105.9
May  8 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: input_userauth_request: invalid user steam [preauth]
May  8 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 17:46:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Failed password for invalid user steam from 164.68.105.9 port 51848 ssh2
May  8 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7994]: Connection closed by 164.68.105.9 port 51848 [preauth]
May  8 17:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Failed password for root from 218.92.0.198 port 41950 ssh2
May  8 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 41950 ssh2]
May  8 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Received disconnect from 218.92.0.198 port 41950:11:  [preauth]
May  8 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: Disconnected from 218.92.0.198 port 41950 [preauth]
May  8 17:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7996]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8017]: pam_unix(cron:session): session closed for user p13x
May  8 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8078]: Successful su for rubyman by root
May  8 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8078]: + ??? root:rubyman
May  8 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354583 of user rubyman.
May  8 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8078]: pam_unix(su:session): session closed for user rubyman
May  8 17:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354583.
May  8 17:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4870]: pam_unix(cron:session): session closed for user root
May  8 17:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8018]: pam_unix(cron:session): session closed for user samftp
May  8 17:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: Invalid user postgres from 83.235.16.111
May  8 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: input_userauth_request: invalid user postgres [preauth]
May  8 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: Failed password for invalid user postgres from 83.235.16.111 port 33444 ssh2
May  8 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: Received disconnect from 83.235.16.111 port 33444:11: Bye Bye [preauth]
May  8 17:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8287]: Disconnected from 83.235.16.111 port 33444 [preauth]
May  8 17:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7005]: pam_unix(cron:session): session closed for user root
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8443]: pam_unix(cron:session): session closed for user p13x
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8511]: Successful su for rubyman by root
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8511]: + ??? root:rubyman
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8511]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354587 of user rubyman.
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8511]: pam_unix(su:session): session closed for user rubyman
May  8 17:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354587.
May  8 17:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5489]: pam_unix(cron:session): session closed for user root
May  8 17:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8444]: pam_unix(cron:session): session closed for user samftp
May  8 17:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8759]: Connection closed by 27.252.144.74 port 57466 [preauth]
May  8 17:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user root
May  8 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111  user=root
May  8 17:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.203.134  user=root
May  8 17:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: Failed password for root from 83.235.16.111 port 41164 ssh2
May  8 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: Received disconnect from 83.235.16.111 port 41164:11: Bye Bye [preauth]
May  8 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: Disconnected from 83.235.16.111 port 41164 [preauth]
May  8 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: Failed password for root from 136.232.203.134 port 50873 ssh2
May  8 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: Received disconnect from 136.232.203.134 port 50873:11: Bye Bye [preauth]
May  8 17:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8821]: Disconnected from 136.232.203.134 port 50873 [preauth]
May  8 17:48:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: Invalid user jbernal from 185.213.165.126
May  8 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: input_userauth_request: invalid user jbernal [preauth]
May  8 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: Failed password for invalid user jbernal from 185.213.165.126 port 49062 ssh2
May  8 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: Received disconnect from 185.213.165.126 port 49062:11: Bye Bye [preauth]
May  8 17:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8857]: Disconnected from 185.213.165.126 port 49062 [preauth]
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8879]: pam_unix(cron:session): session closed for user p13x
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: Successful su for rubyman by root
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: + ??? root:rubyman
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354590 of user rubyman.
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8942]: pam_unix(su:session): session closed for user rubyman
May  8 17:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354590.
May  8 17:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6093]: pam_unix(cron:session): session closed for user root
May  8 17:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8880]: pam_unix(cron:session): session closed for user samftp
May  8 17:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.154.14.28  user=root
May  8 17:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Failed password for root from 165.154.14.28 port 33148 ssh2
May  8 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Received disconnect from 165.154.14.28 port 33148:11: Bye Bye [preauth]
May  8 17:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9311]: Disconnected from 165.154.14.28 port 33148 [preauth]
May  8 17:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8020]: pam_unix(cron:session): session closed for user root
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session closed for user root
May  8 17:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9404]: pam_unix(cron:session): session closed for user p13x
May  8 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: Successful su for rubyman by root
May  8 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: + ??? root:rubyman
May  8 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354595 of user rubyman.
May  8 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9482]: pam_unix(su:session): session closed for user rubyman
May  8 17:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354595.
May  8 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9406]: pam_unix(cron:session): session closed for user root
May  8 17:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6504]: pam_unix(cron:session): session closed for user root
May  8 17:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9405]: pam_unix(cron:session): session closed for user samftp
May  8 17:50:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9713]: Connection closed by 27.252.144.74 port 7419 [preauth]
May  8 17:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Invalid user zhangxd from 83.235.16.111
May  8 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: input_userauth_request: invalid user zhangxd [preauth]
May  8 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.235.16.111
May  8 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Failed password for invalid user zhangxd from 83.235.16.111 port 48892 ssh2
May  8 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Received disconnect from 83.235.16.111 port 48892:11: Bye Bye [preauth]
May  8 17:50:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9729]: Disconnected from 83.235.16.111 port 48892 [preauth]
May  8 17:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8446]: pam_unix(cron:session): session closed for user root
May  8 17:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: Invalid user debian from 180.253.142.73
May  8 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: input_userauth_request: invalid user debian [preauth]
May  8 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: Failed password for invalid user debian from 180.253.142.73 port 40898 ssh2
May  8 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: Received disconnect from 180.253.142.73 port 40898:11: Bye Bye [preauth]
May  8 17:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9849]: Disconnected from 180.253.142.73 port 40898 [preauth]
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9868]: pam_unix(cron:session): session closed for user p13x
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: Successful su for rubyman by root
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: + ??? root:rubyman
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354600 of user rubyman.
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9938]: pam_unix(su:session): session closed for user rubyman
May  8 17:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354600.
May  8 17:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9869]: pam_unix(cron:session): session closed for user samftp
May  8 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7004]: pam_unix(cron:session): session closed for user root
May  8 17:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Did not receive identification string from 27.252.144.74
May  8 17:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10134]: Connection closed by 27.252.144.74 port 7497 [preauth]
May  8 17:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8882]: pam_unix(cron:session): session closed for user root
May  8 17:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.208.159.26  user=root
May  8 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Failed password for root from 186.208.159.26 port 43672 ssh2
May  8 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Received disconnect from 186.208.159.26 port 43672:11: Bye Bye [preauth]
May  8 17:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10313]: Disconnected from 186.208.159.26 port 43672 [preauth]
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10367]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10366]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10366]: pam_unix(cron:session): session closed for user p13x
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: Successful su for rubyman by root
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: + ??? root:rubyman
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354605 of user rubyman.
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10443]: pam_unix(su:session): session closed for user rubyman
May  8 17:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354605.
May  8 17:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session closed for user root
May  8 17:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10367]: pam_unix(cron:session): session closed for user samftp
May  8 17:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9408]: pam_unix(cron:session): session closed for user root
May  8 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10846]: pam_unix(cron:session): session closed for user p13x
May  8 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: Successful su for rubyman by root
May  8 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: + ??? root:rubyman
May  8 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354609 of user rubyman.
May  8 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10906]: pam_unix(su:session): session closed for user rubyman
May  8 17:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354609.
May  8 17:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8019]: pam_unix(cron:session): session closed for user root
May  8 17:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10847]: pam_unix(cron:session): session closed for user samftp
May  8 17:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9871]: pam_unix(cron:session): session closed for user root
May  8 17:53:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Invalid user admin1 from 185.213.165.126
May  8 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: input_userauth_request: invalid user admin1 [preauth]
May  8 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Failed password for invalid user admin1 from 185.213.165.126 port 38254 ssh2
May  8 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Received disconnect from 185.213.165.126 port 38254:11: Bye Bye [preauth]
May  8 17:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11225]: Disconnected from 185.213.165.126 port 38254 [preauth]
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11237]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11236]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11236]: pam_unix(cron:session): session closed for user p13x
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: Successful su for rubyman by root
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: + ??? root:rubyman
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354612 of user rubyman.
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11297]: pam_unix(su:session): session closed for user rubyman
May  8 17:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354612.
May  8 17:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8445]: pam_unix(cron:session): session closed for user root
May  8 17:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11237]: pam_unix(cron:session): session closed for user samftp
May  8 17:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10369]: pam_unix(cron:session): session closed for user root
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session closed for user root
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user p13x
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11706]: Successful su for rubyman by root
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11706]: + ??? root:rubyman
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354619 of user rubyman.
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11706]: pam_unix(su:session): session closed for user rubyman
May  8 17:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354619.
May  8 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session closed for user root
May  8 17:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8881]: pam_unix(cron:session): session closed for user root
May  8 17:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session closed for user samftp
May  8 17:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user root
May  8 17:55:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 17:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Failed password for root from 218.92.0.231 port 35622 ssh2
May  8 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 35622 ssh2]
May  8 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Received disconnect from 218.92.0.231 port 35622:11:  [preauth]
May  8 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: Disconnected from 218.92.0.231 port 35622 [preauth]
May  8 17:55:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12002]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12058]: pam_unix(cron:session): session closed for user p13x
May  8 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: Successful su for rubyman by root
May  8 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: + ??? root:rubyman
May  8 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354622 of user rubyman.
May  8 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12125]: pam_unix(su:session): session closed for user rubyman
May  8 17:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354622.
May  8 17:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9407]: pam_unix(cron:session): session closed for user root
May  8 17:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12059]: pam_unix(cron:session): session closed for user samftp
May  8 17:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  8 17:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Failed password for root from 218.92.0.219 port 49682 ssh2
May  8 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: message repeated 2 times: [ Failed password for root from 218.92.0.219 port 49682 ssh2]
May  8 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Received disconnect from 218.92.0.219 port 49682:11:  [preauth]
May  8 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: Disconnected from 218.92.0.219 port 49682 [preauth]
May  8 17:56:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12326]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.219  user=root
May  8 17:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session closed for user root
May  8 17:56:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 17:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Failed password for root from 80.94.95.241 port 62417 ssh2
May  8 17:56:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: message repeated 2 times: [ Failed password for root from 80.94.95.241 port 62417 ssh2]
May  8 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Failed password for root from 80.94.95.241 port 62417 ssh2
May  8 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: Invalid user julian from 180.253.142.73
May  8 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: input_userauth_request: invalid user julian [preauth]
May  8 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73
May  8 17:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: Failed password for invalid user julian from 180.253.142.73 port 56508 ssh2
May  8 17:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: Received disconnect from 180.253.142.73 port 56508:11: Bye Bye [preauth]
May  8 17:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12464]: Disconnected from 180.253.142.73 port 56508 [preauth]
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Failed password for root from 80.94.95.241 port 62417 ssh2
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Received disconnect from 80.94.95.241 port 62417:11: Bye [preauth]
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: Disconnected from 80.94.95.241 port 62417 [preauth]
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12453]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12476]: pam_unix(cron:session): session closed for user p13x
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12535]: Successful su for rubyman by root
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12535]: + ??? root:rubyman
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12535]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354626 of user rubyman.
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12535]: pam_unix(su:session): session closed for user rubyman
May  8 17:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354626.
May  8 17:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9870]: pam_unix(cron:session): session closed for user root
May  8 17:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12477]: pam_unix(cron:session): session closed for user samftp
May  8 17:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Invalid user test from 85.208.84.5
May  8 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: input_userauth_request: invalid user test [preauth]
May  8 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Failed password for invalid user test from 85.208.84.5 port 49786 ssh2
May  8 17:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12724]: Connection closed by 85.208.84.5 port 49786 [preauth]
May  8 17:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11642]: pam_unix(cron:session): session closed for user root
May  8 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12861]: pam_unix(cron:session): session closed for user p13x
May  8 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12925]: Successful su for rubyman by root
May  8 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12925]: + ??? root:rubyman
May  8 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354631 of user rubyman.
May  8 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12925]: pam_unix(su:session): session closed for user rubyman
May  8 17:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354631.
May  8 17:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10368]: pam_unix(cron:session): session closed for user root
May  8 17:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12862]: pam_unix(cron:session): session closed for user samftp
May  8 17:58:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:58:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 17:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: Failed password for root from 218.92.0.230 port 60714 ssh2
May  8 17:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 60714 ssh2]
May  8 17:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: Received disconnect from 218.92.0.230 port 60714:11:  [preauth]
May  8 17:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: Disconnected from 218.92.0.230 port 60714 [preauth]
May  8 17:58:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13117]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 17:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12061]: pam_unix(cron:session): session closed for user root
May  8 17:58:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 17:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Invalid user mmd from 185.213.165.126
May  8 17:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: input_userauth_request: invalid user mmd [preauth]
May  8 17:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): check pass; user unknown
May  8 17:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13258]: pam_unix(cron:session): session closed for user p13x
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: Successful su for rubyman by root
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: + ??? root:rubyman
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354634 of user rubyman.
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13331]: pam_unix(su:session): session closed for user rubyman
May  8 17:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354634.
May  8 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Failed password for invalid user mmd from 185.213.165.126 port 58802 ssh2
May  8 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Received disconnect from 185.213.165.126 port 58802:11: Bye Bye [preauth]
May  8 17:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13252]: Disconnected from 185.213.165.126 port 58802 [preauth]
May  8 17:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user root
May  8 17:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13259]: pam_unix(cron:session): session closed for user samftp
May  8 17:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12479]: pam_unix(cron:session): session closed for user root
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13778]: pam_unix(cron:session): session closed for user root
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13774]: pam_unix(cron:session): session closed for user root
May  8 18:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13772]: pam_unix(cron:session): session closed for user p13x
May  8 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13867]: Successful su for rubyman by root
May  8 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13867]: + ??? root:rubyman
May  8 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354642 of user rubyman.
May  8 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13867]: pam_unix(su:session): session closed for user rubyman
May  8 18:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354642.
May  8 18:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11238]: pam_unix(cron:session): session closed for user root
May  8 18:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13775]: pam_unix(cron:session): session closed for user root
May  8 18:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13773]: pam_unix(cron:session): session closed for user samftp
May  8 18:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: Invalid user pippo from 140.246.18.64
May  8 18:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: input_userauth_request: invalid user pippo [preauth]
May  8 18:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:00:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.246.18.64
May  8 18:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: Failed password for invalid user pippo from 140.246.18.64 port 48964 ssh2
May  8 18:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: Received disconnect from 140.246.18.64 port 48964:11: Bye Bye [preauth]
May  8 18:00:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14115]: Disconnected from 140.246.18.64 port 48964 [preauth]
May  8 18:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12864]: pam_unix(cron:session): session closed for user root
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14268]: pam_unix(cron:session): session closed for user p13x
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: Successful su for rubyman by root
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: + ??? root:rubyman
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354645 of user rubyman.
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14337]: pam_unix(su:session): session closed for user rubyman
May  8 18:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354645.
May  8 18:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session closed for user root
May  8 18:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14269]: pam_unix(cron:session): session closed for user samftp
May  8 18:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13262]: pam_unix(cron:session): session closed for user root
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session closed for user p13x
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: Successful su for rubyman by root
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: + ??? root:rubyman
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354650 of user rubyman.
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14745]: pam_unix(su:session): session closed for user rubyman
May  8 18:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354650.
May  8 18:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12060]: pam_unix(cron:session): session closed for user root
May  8 18:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user samftp
May  8 18:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Invalid user sysadmin from 117.177.125.173
May  8 18:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: input_userauth_request: invalid user sysadmin [preauth]
May  8 18:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.177.125.173
May  8 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Failed password for invalid user sysadmin from 117.177.125.173 port 40128 ssh2
May  8 18:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14982]: Connection closed by 117.177.125.173 port 40128 [preauth]
May  8 18:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13777]: pam_unix(cron:session): session closed for user root
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15094]: pam_unix(cron:session): session closed for user p13x
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: Successful su for rubyman by root
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: + ??? root:rubyman
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354653 of user rubyman.
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session closed for user rubyman
May  8 18:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354653.
May  8 18:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12478]: pam_unix(cron:session): session closed for user root
May  8 18:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15095]: pam_unix(cron:session): session closed for user samftp
May  8 18:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.253.142.73  user=root
May  8 18:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Failed password for root from 180.253.142.73 port 44658 ssh2
May  8 18:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Received disconnect from 180.253.142.73 port 44658:11: Bye Bye [preauth]
May  8 18:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Disconnected from 180.253.142.73 port 44658 [preauth]
May  8 18:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:03:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  8 18:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Failed password for root from 158.51.96.38 port 55144 ssh2
May  8 18:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15396]: Connection closed by 158.51.96.38 port 55144 [preauth]
May  8 18:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.51.96.38  user=root
May  8 18:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15405]: Failed password for root from 158.51.96.38 port 24930 ssh2
May  8 18:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15405]: Connection closed by 158.51.96.38 port 24930 [preauth]
May  8 18:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14271]: pam_unix(cron:session): session closed for user root
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15494]: pam_unix(cron:session): session closed for user p13x
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: Successful su for rubyman by root
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: + ??? root:rubyman
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354658 of user rubyman.
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15554]: pam_unix(su:session): session closed for user rubyman
May  8 18:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354658.
May  8 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12863]: pam_unix(cron:session): session closed for user root
May  8 18:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session closed for user samftp
May  8 18:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Invalid user helpdesk from 185.213.165.126
May  8 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: input_userauth_request: invalid user helpdesk [preauth]
May  8 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Failed password for invalid user helpdesk from 185.213.165.126 port 36274 ssh2
May  8 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Received disconnect from 185.213.165.126 port 36274:11: Bye Bye [preauth]
May  8 18:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15737]: Disconnected from 185.213.165.126 port 36274 [preauth]
May  8 18:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14687]: pam_unix(cron:session): session closed for user root
May  8 18:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Invalid user | from 195.178.110.50
May  8 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: input_userauth_request: invalid user | [preauth]
May  8 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 18:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Failed password for invalid user | from 195.178.110.50 port 54668 ssh2
May  8 18:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15832]: Connection closed by 195.178.110.50 port 54668 [preauth]
May  8 18:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15894]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15893]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15898]: pam_unix(cron:session): session closed for user root
May  8 18:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15893]: pam_unix(cron:session): session closed for user p13x
May  8 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: Successful su for rubyman by root
May  8 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: + ??? root:rubyman
May  8 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354664 of user rubyman.
May  8 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15966]: pam_unix(su:session): session closed for user rubyman
May  8 18:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354664.
May  8 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15895]: pam_unix(cron:session): session closed for user root
May  8 18:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13261]: pam_unix(cron:session): session closed for user root
May  8 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Invalid user ' from 195.178.110.50
May  8 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: input_userauth_request: invalid user ' [preauth]
May  8 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 18:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15894]: pam_unix(cron:session): session closed for user samftp
May  8 18:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Failed password for invalid user ' from 195.178.110.50 port 34932 ssh2
May  8 18:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15873]: Connection closed by 195.178.110.50 port 34932 [preauth]
May  8 18:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Invalid user admin from 80.94.95.112
May  8 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: input_userauth_request: invalid user admin [preauth]
May  8 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Failed password for invalid user admin from 80.94.95.112 port 36399 ssh2
May  8 18:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Failed password for invalid user admin from 80.94.95.112 port 36399 ssh2
May  8 18:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Failed password for invalid user admin from 80.94.95.112 port 36399 ssh2
May  8 18:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Failed password for invalid user admin from 80.94.95.112 port 36399 ssh2
May  8 18:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Invalid user 0 from 195.178.110.50
May  8 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: input_userauth_request: invalid user 0 [preauth]
May  8 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 18:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Failed password for invalid user admin from 80.94.95.112 port 36399 ssh2
May  8 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Received disconnect from 80.94.95.112 port 36399:11: Bye [preauth]
May  8 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: Disconnected from 80.94.95.112 port 36399 [preauth]
May  8 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 18:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16176]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 18:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user 0 from 195.178.110.50 port 52574 ssh2
May  8 18:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Connection closed by 195.178.110.50 port 52574 [preauth]
May  8 18:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15097]: pam_unix(cron:session): session closed for user root
May  8 18:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Invalid user 9 from 195.178.110.50
May  8 18:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: input_userauth_request: invalid user 9 [preauth]
May  8 18:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 18:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Failed password for invalid user 9 from 195.178.110.50 port 5052 ssh2
May  8 18:05:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16229]: Connection closed by 195.178.110.50 port 5052 [preauth]
May  8 18:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16314]: pam_unix(cron:session): session closed for user p13x
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: Successful su for rubyman by root
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: + ??? root:rubyman
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354667 of user rubyman.
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16377]: pam_unix(su:session): session closed for user rubyman
May  8 18:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354667.
May  8 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Invalid user B from 195.178.110.50
May  8 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: input_userauth_request: invalid user B [preauth]
May  8 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:06:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.178.110.50
May  8 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13776]: pam_unix(cron:session): session closed for user root
May  8 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Failed password for invalid user B from 195.178.110.50 port 53730 ssh2
May  8 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16315]: pam_unix(cron:session): session closed for user samftp
May  8 18:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16295]: Connection closed by 195.178.110.50 port 53730 [preauth]
May  8 18:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15497]: pam_unix(cron:session): session closed for user root
May  8 18:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 18:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Failed password for root from 218.92.0.203 port 42674 ssh2
May  8 18:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Failed password for root from 218.92.0.203 port 42674 ssh2
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16771]: pam_unix(cron:session): session closed for user p13x
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16832]: Successful su for rubyman by root
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16832]: + ??? root:rubyman
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354671 of user rubyman.
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16832]: pam_unix(su:session): session closed for user rubyman
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354671.
May  8 18:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Failed password for root from 218.92.0.203 port 42674 ssh2
May  8 18:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14270]: pam_unix(cron:session): session closed for user root
May  8 18:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Failed password for root from 218.92.0.203 port 42674 ssh2
May  8 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Invalid user postgres from 194.0.234.19
May  8 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: input_userauth_request: invalid user postgres [preauth]
May  8 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 18:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16773]: pam_unix(cron:session): session closed for user samftp
May  8 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Failed password for invalid user postgres from 194.0.234.19 port 40818 ssh2
May  8 18:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16981]: Connection closed by 194.0.234.19 port 40818 [preauth]
May  8 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Failed password for root from 218.92.0.203 port 42674 ssh2
May  8 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 42674 ssh2 [preauth]
May  8 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: Disconnecting: Too many authentication failures [preauth]
May  8 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 18:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16757]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 18:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 18:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Failed password for root from 218.92.0.203 port 12130 ssh2
May  8 18:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: message repeated 5 times: [ Failed password for root from 218.92.0.203 port 12130 ssh2]
May  8 18:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: error: maximum authentication attempts exceeded for root from 218.92.0.203 port 12130 ssh2 [preauth]
May  8 18:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: Disconnecting: Too many authentication failures [preauth]
May  8 18:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 18:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17057]: PAM service(sshd) ignoring max retries; 6 > 3
May  8 18:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203  user=root
May  8 18:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15897]: pam_unix(cron:session): session closed for user root
May  8 18:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Failed password for root from 218.92.0.203 port 14234 ssh2
May  8 18:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Received disconnect from 218.92.0.203 port 14234:11:  [preauth]
May  8 18:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17121]: Disconnected from 218.92.0.203 port 14234 [preauth]
May  8 18:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Invalid user tests from 190.103.202.7
May  8 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: input_userauth_request: invalid user tests [preauth]
May  8 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 18:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Failed password for invalid user tests from 190.103.202.7 port 34482 ssh2
May  8 18:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17162]: Connection closed by 190.103.202.7 port 34482 [preauth]
May  8 18:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17212]: pam_unix(cron:session): session closed for user p13x
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17278]: Successful su for rubyman by root
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17278]: + ??? root:rubyman
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17278]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354677 of user rubyman.
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17278]: pam_unix(su:session): session closed for user rubyman
May  8 18:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354677.
May  8 18:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session closed for user root
May  8 18:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17213]: pam_unix(cron:session): session closed for user samftp
May  8 18:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16317]: pam_unix(cron:session): session closed for user root
May  8 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17628]: pam_unix(cron:session): session closed for user p13x
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: Successful su for rubyman by root
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: + ??? root:rubyman
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354680 of user rubyman.
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17760]: pam_unix(su:session): session closed for user rubyman
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354680.
May  8 18:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17626]: pam_unix(cron:session): session closed for user root
May  8 18:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15096]: pam_unix(cron:session): session closed for user root
May  8 18:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17629]: pam_unix(cron:session): session closed for user samftp
May  8 18:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Invalid user mustafa from 185.213.165.126
May  8 18:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: input_userauth_request: invalid user mustafa [preauth]
May  8 18:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:09:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Failed password for invalid user mustafa from 185.213.165.126 port 54296 ssh2
May  8 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Received disconnect from 185.213.165.126 port 54296:11: Bye Bye [preauth]
May  8 18:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18101]: Disconnected from 185.213.165.126 port 54296 [preauth]
May  8 18:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16775]: pam_unix(cron:session): session closed for user root
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18248]: pam_unix(cron:session): session closed for user root
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18242]: pam_unix(cron:session): session closed for user p13x
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: Successful su for rubyman by root
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: + ??? root:rubyman
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354684 of user rubyman.
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18314]: pam_unix(su:session): session closed for user rubyman
May  8 18:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354684.
May  8 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18245]: pam_unix(cron:session): session closed for user root
May  8 18:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session closed for user root
May  8 18:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18243]: pam_unix(cron:session): session closed for user samftp
May  8 18:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17218]: pam_unix(cron:session): session closed for user root
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18680]: pam_unix(cron:session): session closed for user p13x
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18752]: Successful su for rubyman by root
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18752]: + ??? root:rubyman
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354691 of user rubyman.
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18752]: pam_unix(su:session): session closed for user rubyman
May  8 18:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354691.
May  8 18:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15896]: pam_unix(cron:session): session closed for user root
May  8 18:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18681]: pam_unix(cron:session): session closed for user samftp
May  8 18:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17631]: pam_unix(cron:session): session closed for user root
May  8 18:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  8 18:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Failed password for root from 218.92.0.223 port 53868 ssh2
May  8 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: message repeated 2 times: [ Failed password for root from 218.92.0.223 port 53868 ssh2]
May  8 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Received disconnect from 218.92.0.223 port 53868:11:  [preauth]
May  8 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: Disconnected from 218.92.0.223 port 53868 [preauth]
May  8 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19085]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  8 18:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19114]: pam_unix(cron:session): session closed for user p13x
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19173]: Successful su for rubyman by root
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19173]: + ??? root:rubyman
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19173]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354695 of user rubyman.
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19173]: pam_unix(su:session): session closed for user rubyman
May  8 18:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354695.
May  8 18:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Failed password for root from 218.92.0.198 port 59496 ssh2
May  8 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16316]: pam_unix(cron:session): session closed for user root
May  8 18:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Failed password for root from 218.92.0.198 port 59496 ssh2
May  8 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19115]: pam_unix(cron:session): session closed for user samftp
May  8 18:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Failed password for root from 218.92.0.198 port 59496 ssh2
May  8 18:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Received disconnect from 218.92.0.198 port 59496:11:  [preauth]
May  8 18:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: Disconnected from 218.92.0.198 port 59496 [preauth]
May  8 18:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19102]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 18:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 18:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Failed password for root from 218.92.0.198 port 59518 ssh2
May  8 18:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  8 18:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Failed password for root from 218.92.0.198 port 59518 ssh2
May  8 18:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for root from 218.92.0.223 port 46588 ssh2
May  8 18:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Failed password for root from 218.92.0.198 port 59518 ssh2
May  8 18:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Received disconnect from 218.92.0.198 port 59518:11:  [preauth]
May  8 18:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: Disconnected from 218.92.0.198 port 59518 [preauth]
May  8 18:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19368]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 18:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for root from 218.92.0.223 port 46588 ssh2
May  8 18:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Failed password for root from 218.92.0.223 port 46588 ssh2
May  8 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Failed password for root from 218.92.0.198 port 44540 ssh2
May  8 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Received disconnect from 218.92.0.223 port 46588:11:  [preauth]
May  8 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: Disconnected from 218.92.0.223 port 46588 [preauth]
May  8 18:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19370]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  8 18:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Failed password for root from 218.92.0.198 port 44540 ssh2
May  8 18:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  8 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Failed password for root from 218.92.0.223 port 48336 ssh2
May  8 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Failed password for root from 218.92.0.198 port 44540 ssh2
May  8 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Received disconnect from 218.92.0.198 port 44540:11:  [preauth]
May  8 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: Disconnected from 218.92.0.198 port 44540 [preauth]
May  8 18:12:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19392]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 18:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Failed password for root from 218.92.0.223 port 48336 ssh2
May  8 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Failed password for root from 218.92.0.223 port 48336 ssh2
May  8 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Received disconnect from 218.92.0.223 port 48336:11:  [preauth]
May  8 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: Disconnected from 218.92.0.223 port 48336 [preauth]
May  8 18:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19403]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.223  user=root
May  8 18:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18247]: pam_unix(cron:session): session closed for user root
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19522]: pam_unix(cron:session): session closed for user p13x
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: Successful su for rubyman by root
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: + ??? root:rubyman
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354698 of user rubyman.
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19587]: pam_unix(su:session): session closed for user rubyman
May  8 18:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354698.
May  8 18:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16774]: pam_unix(cron:session): session closed for user root
May  8 18:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19523]: pam_unix(cron:session): session closed for user samftp
May  8 18:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18683]: pam_unix(cron:session): session closed for user root
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19956]: pam_unix(cron:session): session closed for user p13x
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20026]: Successful su for rubyman by root
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20026]: + ??? root:rubyman
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20026]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354702 of user rubyman.
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20026]: pam_unix(su:session): session closed for user rubyman
May  8 18:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354702.
May  8 18:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17214]: pam_unix(cron:session): session closed for user root
May  8 18:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19960]: pam_unix(cron:session): session closed for user samftp
May  8 18:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126  user=root
May  8 18:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20226]: Failed password for root from 185.213.165.126 port 34560 ssh2
May  8 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20226]: Received disconnect from 185.213.165.126 port 34560:11: Bye Bye [preauth]
May  8 18:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20226]: Disconnected from 185.213.165.126 port 34560 [preauth]
May  8 18:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19117]: pam_unix(cron:session): session closed for user root
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20367]: pam_unix(cron:session): session closed for user root
May  8 18:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20361]: pam_unix(cron:session): session closed for user p13x
May  8 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20445]: Successful su for rubyman by root
May  8 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20445]: + ??? root:rubyman
May  8 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20445]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354710 of user rubyman.
May  8 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20445]: pam_unix(su:session): session closed for user rubyman
May  8 18:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354710.
May  8 18:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20364]: pam_unix(cron:session): session closed for user root
May  8 18:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17630]: pam_unix(cron:session): session closed for user root
May  8 18:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20362]: pam_unix(cron:session): session closed for user samftp
May  8 18:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Invalid user admin from 80.94.95.115
May  8 18:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: input_userauth_request: invalid user admin [preauth]
May  8 18:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 18:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Failed password for invalid user admin from 80.94.95.115 port 16948 ssh2
May  8 18:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20694]: Connection closed by 80.94.95.115 port 16948 [preauth]
May  8 18:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19525]: pam_unix(cron:session): session closed for user root
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20827]: pam_unix(cron:session): session closed for user p13x
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: Successful su for rubyman by root
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: + ??? root:rubyman
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354713 of user rubyman.
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20908]: pam_unix(su:session): session closed for user rubyman
May  8 18:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354713.
May  8 18:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18246]: pam_unix(cron:session): session closed for user root
May  8 18:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20828]: pam_unix(cron:session): session closed for user samftp
May  8 18:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19962]: pam_unix(cron:session): session closed for user root
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21264]: pam_unix(cron:session): session closed for user root
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21267]: pam_unix(cron:session): session closed for user p13x
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21344]: Successful su for rubyman by root
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21344]: + ??? root:rubyman
May  8 18:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354716 of user rubyman.
May  8 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21344]: pam_unix(su:session): session closed for user rubyman
May  8 18:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354716.
May  8 18:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18682]: pam_unix(cron:session): session closed for user root
May  8 18:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21268]: pam_unix(cron:session): session closed for user samftp
May  8 18:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 18:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21562]: Failed password for root from 190.103.202.7 port 43274 ssh2
May  8 18:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21562]: Connection closed by 190.103.202.7 port 43274 [preauth]
May  8 18:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20366]: pam_unix(cron:session): session closed for user root
May  8 18:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21717]: pam_unix(cron:session): session closed for user p13x
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21885]: Successful su for rubyman by root
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21885]: + ??? root:rubyman
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21885]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354724 of user rubyman.
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21885]: pam_unix(su:session): session closed for user rubyman
May  8 18:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354724.
May  8 18:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19116]: pam_unix(cron:session): session closed for user root
May  8 18:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21718]: pam_unix(cron:session): session closed for user samftp
May  8 18:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20830]: pam_unix(cron:session): session closed for user root
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22458]: pam_unix(cron:session): session closed for user p13x
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22538]: Successful su for rubyman by root
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22538]: + ??? root:rubyman
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354725 of user rubyman.
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22538]: pam_unix(su:session): session closed for user rubyman
May  8 18:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354725.
May  8 18:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19524]: pam_unix(cron:session): session closed for user root
May  8 18:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22459]: pam_unix(cron:session): session closed for user samftp
May  8 18:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Invalid user redbot from 185.213.165.126
May  8 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: input_userauth_request: invalid user redbot [preauth]
May  8 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Failed password for invalid user redbot from 185.213.165.126 port 55180 ssh2
May  8 18:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Received disconnect from 185.213.165.126 port 55180:11: Bye Bye [preauth]
May  8 18:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22772]: Disconnected from 185.213.165.126 port 55180 [preauth]
May  8 18:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21270]: pam_unix(cron:session): session closed for user root
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22919]: pam_unix(cron:session): session closed for user root
May  8 18:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22912]: pam_unix(cron:session): session closed for user p13x
May  8 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23013]: Successful su for rubyman by root
May  8 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23013]: + ??? root:rubyman
May  8 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354730 of user rubyman.
May  8 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23013]: pam_unix(su:session): session closed for user rubyman
May  8 18:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354730.
May  8 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22914]: pam_unix(cron:session): session closed for user root
May  8 18:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19961]: pam_unix(cron:session): session closed for user root
May  8 18:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22913]: pam_unix(cron:session): session closed for user samftp
May  8 18:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21720]: pam_unix(cron:session): session closed for user root
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23475]: pam_unix(cron:session): session closed for user p13x
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23541]: Successful su for rubyman by root
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23541]: + ??? root:rubyman
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354736 of user rubyman.
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23541]: pam_unix(su:session): session closed for user rubyman
May  8 18:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354736.
May  8 18:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20365]: pam_unix(cron:session): session closed for user root
May  8 18:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23476]: pam_unix(cron:session): session closed for user samftp
May  8 18:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22463]: pam_unix(cron:session): session closed for user root
May  8 18:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Invalid user monitor from 80.94.95.241
May  8 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: input_userauth_request: invalid user monitor [preauth]
May  8 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 18:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for invalid user monitor from 80.94.95.241 port 63286 ssh2
May  8 18:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for invalid user monitor from 80.94.95.241 port 63286 ssh2
May  8 18:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for invalid user monitor from 80.94.95.241 port 63286 ssh2
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24001]: pam_unix(cron:session): session closed for user p13x
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: Successful su for rubyman by root
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: + ??? root:rubyman
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354739 of user rubyman.
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24066]: pam_unix(su:session): session closed for user rubyman
May  8 18:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354739.
May  8 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for invalid user monitor from 80.94.95.241 port 63286 ssh2
May  8 18:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20829]: pam_unix(cron:session): session closed for user root
May  8 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Failed password for invalid user monitor from 80.94.95.241 port 63286 ssh2
May  8 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Received disconnect from 80.94.95.241 port 63286:11: Bye [preauth]
May  8 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: Disconnected from 80.94.95.241 port 63286 [preauth]
May  8 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 18:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23979]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 18:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24002]: pam_unix(cron:session): session closed for user samftp
May  8 18:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22918]: pam_unix(cron:session): session closed for user root
May  8 18:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 18:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for root from 218.92.0.207 port 6594 ssh2
May  8 18:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for root from 218.92.0.207 port 6594 ssh2
May  8 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24442]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24442]: pam_unix(cron:session): session closed for user p13x
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: Successful su for rubyman by root
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: + ??? root:rubyman
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354743 of user rubyman.
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24509]: pam_unix(su:session): session closed for user rubyman
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354743.
May  8 18:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for root from 218.92.0.207 port 6594 ssh2
May  8 18:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21269]: pam_unix(cron:session): session closed for user root
May  8 18:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for root from 218.92.0.207 port 6594 ssh2
May  8 18:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24443]: pam_unix(cron:session): session closed for user samftp
May  8 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Failed password for root from 218.92.0.207 port 6594 ssh2
May  8 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 6594 ssh2 [preauth]
May  8 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: Disconnecting: Too many authentication failures [preauth]
May  8 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 18:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24422]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 18:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23478]: pam_unix(cron:session): session closed for user root
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24859]: pam_unix(cron:session): session closed for user p13x
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24926]: Successful su for rubyman by root
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24926]: + ??? root:rubyman
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354747 of user rubyman.
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24926]: pam_unix(su:session): session closed for user rubyman
May  8 18:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354747.
May  8 18:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21719]: pam_unix(cron:session): session closed for user root
May  8 18:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24860]: pam_unix(cron:session): session closed for user samftp
May  8 18:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Invalid user karthavya from 185.213.165.126
May  8 18:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: input_userauth_request: invalid user karthavya [preauth]
May  8 18:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Failed password for invalid user karthavya from 185.213.165.126 port 54480 ssh2
May  8 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Received disconnect from 185.213.165.126 port 54480:11: Bye Bye [preauth]
May  8 18:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25180]: Disconnected from 185.213.165.126 port 54480 [preauth]
May  8 18:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25178]: Connection closed by 27.252.144.74 port 8592 [preauth]
May  8 18:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24005]: pam_unix(cron:session): session closed for user root
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25279]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25278]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25283]: pam_unix(cron:session): session closed for user root
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25278]: pam_unix(cron:session): session closed for user p13x
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: Successful su for rubyman by root
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: + ??? root:rubyman
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354751 of user rubyman.
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25349]: pam_unix(su:session): session closed for user rubyman
May  8 18:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354751.
May  8 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25280]: pam_unix(cron:session): session closed for user root
May  8 18:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22461]: pam_unix(cron:session): session closed for user root
May  8 18:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25279]: pam_unix(cron:session): session closed for user samftp
May  8 18:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24445]: pam_unix(cron:session): session closed for user root
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25769]: pam_unix(cron:session): session closed for user p13x
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25859]: Successful su for rubyman by root
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25859]: + ??? root:rubyman
May  8 18:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354758 of user rubyman.
May  8 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25859]: pam_unix(su:session): session closed for user rubyman
May  8 18:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354758.
May  8 18:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22917]: pam_unix(cron:session): session closed for user root
May  8 18:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25771]: pam_unix(cron:session): session closed for user samftp
May  8 18:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24863]: pam_unix(cron:session): session closed for user root
May  8 18:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 18:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Failed password for root from 218.92.0.230 port 34556 ssh2
May  8 18:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 34556 ssh2]
May  8 18:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Received disconnect from 218.92.0.230 port 34556:11:  [preauth]
May  8 18:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: Disconnected from 218.92.0.230 port 34556 [preauth]
May  8 18:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26183]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26213]: pam_unix(cron:session): session closed for user p13x
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: Successful su for rubyman by root
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: + ??? root:rubyman
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354762 of user rubyman.
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26274]: pam_unix(su:session): session closed for user rubyman
May  8 18:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354762.
May  8 18:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23477]: pam_unix(cron:session): session closed for user root
May  8 18:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26214]: pam_unix(cron:session): session closed for user samftp
May  8 18:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 18:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Failed password for root from 218.92.0.222 port 52312 ssh2
May  8 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 52312 ssh2]
May  8 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Received disconnect from 218.92.0.222 port 52312:11:  [preauth]
May  8 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: Disconnected from 218.92.0.222 port 52312 [preauth]
May  8 18:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26559]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 18:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 18:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Failed password for root from 218.92.0.222 port 57252 ssh2
May  8 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: message repeated 2 times: [ Failed password for root from 218.92.0.222 port 57252 ssh2]
May  8 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Received disconnect from 218.92.0.222 port 57252:11:  [preauth]
May  8 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: Disconnected from 218.92.0.222 port 57252 [preauth]
May  8 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26581]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 18:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Failed password for root from 218.92.0.222 port 49664 ssh2
May  8 18:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25282]: pam_unix(cron:session): session closed for user root
May  8 18:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Failed password for root from 218.92.0.222 port 49664 ssh2
May  8 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Failed password for root from 218.92.0.222 port 49664 ssh2
May  8 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Received disconnect from 218.92.0.222 port 49664:11:  [preauth]
May  8 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: Disconnected from 218.92.0.222 port 49664 [preauth]
May  8 18:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26614]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.222  user=root
May  8 18:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: Failed password for root from 194.0.234.19 port 36720 ssh2
May  8 18:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26677]: Connection closed by 194.0.234.19 port 36720 [preauth]
May  8 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26708]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26710]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26707]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26707]: pam_unix(cron:session): session closed for user p13x
May  8 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: Successful su for rubyman by root
May  8 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: + ??? root:rubyman
May  8 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354768 of user rubyman.
May  8 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26766]: pam_unix(su:session): session closed for user rubyman
May  8 18:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354768.
May  8 18:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24003]: pam_unix(cron:session): session closed for user root
May  8 18:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26708]: pam_unix(cron:session): session closed for user samftp
May  8 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Invalid user oracle from 164.68.105.9
May  8 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: input_userauth_request: invalid user oracle [preauth]
May  8 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 18:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25773]: pam_unix(cron:session): session closed for user root
May  8 18:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Failed password for invalid user oracle from 164.68.105.9 port 40550 ssh2
May  8 18:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27092]: Connection closed by 164.68.105.9 port 40550 [preauth]
May  8 18:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 18:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Failed password for root from 218.92.0.221 port 60002 ssh2
May  8 18:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: message repeated 2 times: [ Failed password for root from 218.92.0.221 port 60002 ssh2]
May  8 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Received disconnect from 218.92.0.221 port 60002:11:  [preauth]
May  8 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: Disconnected from 218.92.0.221 port 60002 [preauth]
May  8 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27128]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 18:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Invalid user ftpuser from 85.208.84.134
May  8 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: input_userauth_request: invalid user ftpuser [preauth]
May  8 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Failed password for invalid user ftpuser from 85.208.84.134 port 58312 ssh2
May  8 18:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27164]: Connection closed by 85.208.84.134 port 58312 [preauth]
May  8 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27187]: pam_unix(cron:session): session closed for user p13x
May  8 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27254]: Successful su for rubyman by root
May  8 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27254]: + ??? root:rubyman
May  8 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27254]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354769 of user rubyman.
May  8 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27254]: pam_unix(su:session): session closed for user rubyman
May  8 18:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354769.
May  8 18:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24444]: pam_unix(cron:session): session closed for user root
May  8 18:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27188]: pam_unix(cron:session): session closed for user samftp
May  8 18:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26216]: pam_unix(cron:session): session closed for user root
May  8 18:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Invalid user frappe-user from 185.213.165.126
May  8 18:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: input_userauth_request: invalid user frappe-user [preauth]
May  8 18:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Failed password for invalid user frappe-user from 185.213.165.126 port 51988 ssh2
May  8 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Received disconnect from 185.213.165.126 port 51988:11: Bye Bye [preauth]
May  8 18:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27596]: Disconnected from 185.213.165.126 port 51988 [preauth]
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27663]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27667]: pam_unix(cron:session): session closed for user root
May  8 18:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27662]: pam_unix(cron:session): session closed for user p13x
May  8 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27731]: Successful su for rubyman by root
May  8 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27731]: + ??? root:rubyman
May  8 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27731]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354777 of user rubyman.
May  8 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27731]: pam_unix(su:session): session closed for user rubyman
May  8 18:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354777.
May  8 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27664]: pam_unix(cron:session): session closed for user root
May  8 18:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24861]: pam_unix(cron:session): session closed for user root
May  8 18:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27663]: pam_unix(cron:session): session closed for user samftp
May  8 18:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26710]: pam_unix(cron:session): session closed for user root
May  8 18:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: Invalid user ftpadmin from 101.36.108.134
May  8 18:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: input_userauth_request: invalid user ftpadmin [preauth]
May  8 18:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 18:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: Failed password for invalid user ftpadmin from 101.36.108.134 port 60020 ssh2
May  8 18:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: Received disconnect from 101.36.108.134 port 60020:11: Bye Bye [preauth]
May  8 18:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28081]: Disconnected from 101.36.108.134 port 60020 [preauth]
May  8 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session closed for user p13x
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28172]: Successful su for rubyman by root
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28172]: + ??? root:rubyman
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354780 of user rubyman.
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28172]: pam_unix(su:session): session closed for user rubyman
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354780.
May  8 18:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Failed password for root from 218.92.0.111 port 43066 ssh2
May  8 18:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25281]: pam_unix(cron:session): session closed for user root
May  8 18:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session closed for user samftp
May  8 18:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Failed password for root from 218.92.0.111 port 43066 ssh2
May  8 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Failed password for root from 218.92.0.111 port 43066 ssh2
May  8 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Received disconnect from 218.92.0.111 port 43066:11:  [preauth]
May  8 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: Disconnected from 218.92.0.111 port 43066 [preauth]
May  8 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28221]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 18:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 18:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Failed password for root from 218.92.0.111 port 45470 ssh2
May  8 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 45470 ssh2]
May  8 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Received disconnect from 218.92.0.111 port 45470:11:  [preauth]
May  8 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: Disconnected from 218.92.0.111 port 45470 [preauth]
May  8 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28374]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 18:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 18:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Failed password for root from 218.92.0.111 port 40946 ssh2
May  8 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 40946 ssh2]
May  8 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Received disconnect from 218.92.0.111 port 40946:11:  [preauth]
May  8 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: Disconnected from 218.92.0.111 port 40946 [preauth]
May  8 18:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28397]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 18:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27190]: pam_unix(cron:session): session closed for user root
May  8 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user p13x
May  8 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28591]: Successful su for rubyman by root
May  8 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28591]: + ??? root:rubyman
May  8 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354784 of user rubyman.
May  8 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28591]: pam_unix(su:session): session closed for user rubyman
May  8 18:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354784.
May  8 18:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25772]: pam_unix(cron:session): session closed for user root
May  8 18:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session closed for user samftp
May  8 18:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27666]: pam_unix(cron:session): session closed for user root
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28929]: pam_unix(cron:session): session closed for user p13x
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: Successful su for rubyman by root
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: + ??? root:rubyman
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354788 of user rubyman.
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28991]: pam_unix(su:session): session closed for user rubyman
May  8 18:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354788.
May  8 18:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26215]: pam_unix(cron:session): session closed for user root
May  8 18:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28930]: pam_unix(cron:session): session closed for user samftp
May  8 18:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28104]: pam_unix(cron:session): session closed for user root
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29430]: pam_unix(cron:session): session closed for user p13x
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: Successful su for rubyman by root
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: + ??? root:rubyman
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354792 of user rubyman.
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29495]: pam_unix(su:session): session closed for user rubyman
May  8 18:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354792.
May  8 18:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26709]: pam_unix(cron:session): session closed for user root
May  8 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29431]: pam_unix(cron:session): session closed for user samftp
May  8 18:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29677]: Connection closed by 27.252.144.74 port 8896 [preauth]
May  8 18:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28526]: pam_unix(cron:session): session closed for user root
May  8 18:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Invalid user nima from 185.213.165.126
May  8 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: input_userauth_request: invalid user nima [preauth]
May  8 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Failed password for invalid user nima from 185.213.165.126 port 42950 ssh2
May  8 18:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Received disconnect from 185.213.165.126 port 42950:11: Bye Bye [preauth]
May  8 18:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29786]: Disconnected from 185.213.165.126 port 42950 [preauth]
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29846]: pam_unix(cron:session): session closed for user root
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29841]: pam_unix(cron:session): session closed for user p13x
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: Successful su for rubyman by root
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: + ??? root:rubyman
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354797 of user rubyman.
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29914]: pam_unix(su:session): session closed for user rubyman
May  8 18:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354797.
May  8 18:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29843]: pam_unix(cron:session): session closed for user root
May  8 18:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27189]: pam_unix(cron:session): session closed for user root
May  8 18:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29842]: pam_unix(cron:session): session closed for user samftp
May  8 18:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28932]: pam_unix(cron:session): session closed for user root
May  8 18:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Connection closed by 27.252.144.74 port 8908 [preauth]
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30266]: pam_unix(cron:session): session closed for user p13x
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: Successful su for rubyman by root
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: + ??? root:rubyman
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354802 of user rubyman.
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30338]: pam_unix(su:session): session closed for user rubyman
May  8 18:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354802.
May  8 18:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27665]: pam_unix(cron:session): session closed for user root
May  8 18:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30268]: pam_unix(cron:session): session closed for user samftp
May  8 18:36:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  8 18:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Invalid user admin from 80.94.95.112
May  8 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: input_userauth_request: invalid user admin [preauth]
May  8 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 18:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Failed password for root from 218.92.0.226 port 40988 ssh2
May  8 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for invalid user admin from 80.94.95.112 port 17016 ssh2
May  8 18:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Failed password for root from 218.92.0.226 port 40988 ssh2
May  8 18:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for invalid user admin from 80.94.95.112 port 17016 ssh2
May  8 18:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Failed password for root from 218.92.0.226 port 40988 ssh2
May  8 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Received disconnect from 218.92.0.226 port 40988:11:  [preauth]
May  8 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: Disconnected from 218.92.0.226 port 40988 [preauth]
May  8 18:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30561]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.226  user=root
May  8 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for invalid user admin from 80.94.95.112 port 17016 ssh2
May  8 18:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for invalid user admin from 80.94.95.112 port 17016 ssh2
May  8 18:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29434]: pam_unix(cron:session): session closed for user root
May  8 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Failed password for invalid user admin from 80.94.95.112 port 17016 ssh2
May  8 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Received disconnect from 80.94.95.112 port 17016:11: Bye [preauth]
May  8 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: Disconnected from 80.94.95.112 port 17016 [preauth]
May  8 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 18:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30563]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30662]: Did not receive identification string from 92.118.39.65
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30680]: pam_unix(cron:session): session closed for user p13x
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30746]: Successful su for rubyman by root
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30746]: + ??? root:rubyman
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354806 of user rubyman.
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30746]: pam_unix(su:session): session closed for user rubyman
May  8 18:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354806.
May  8 18:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session closed for user root
May  8 18:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30681]: pam_unix(cron:session): session closed for user samftp
May  8 18:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29845]: pam_unix(cron:session): session closed for user root
May  8 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31176]: pam_unix(cron:session): session closed for user p13x
May  8 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31236]: Successful su for rubyman by root
May  8 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31236]: + ??? root:rubyman
May  8 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354809 of user rubyman.
May  8 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31236]: pam_unix(su:session): session closed for user rubyman
May  8 18:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354809.
May  8 18:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session closed for user root
May  8 18:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31178]: pam_unix(cron:session): session closed for user samftp
May  8 18:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30270]: pam_unix(cron:session): session closed for user root
May  8 18:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 18:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Failed password for root from 218.92.0.225 port 49078 ssh2
May  8 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 49078 ssh2]
May  8 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Received disconnect from 218.92.0.225 port 49078:11:  [preauth]
May  8 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: Disconnected from 218.92.0.225 port 49078 [preauth]
May  8 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31522]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 18:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 18:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: Failed password for root from 218.92.0.225 port 49436 ssh2
May  8 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 49436 ssh2]
May  8 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: Received disconnect from 218.92.0.225 port 49436:11:  [preauth]
May  8 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: Disconnected from 218.92.0.225 port 49436 [preauth]
May  8 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31533]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 18:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 18:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: Failed password for root from 218.92.0.225 port 57270 ssh2
May  8 18:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: message repeated 2 times: [ Failed password for root from 218.92.0.225 port 57270 ssh2]
May  8 18:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: Received disconnect from 218.92.0.225 port 57270:11:  [preauth]
May  8 18:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: Disconnected from 218.92.0.225 port 57270 [preauth]
May  8 18:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31567]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.225  user=root
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31590]: pam_unix(cron:session): session closed for user p13x
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: Successful su for rubyman by root
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: + ??? root:rubyman
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354813 of user rubyman.
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: pam_unix(su:session): session closed for user rubyman
May  8 18:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354813.
May  8 18:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31588]: pam_unix(cron:session): session closed for user root
May  8 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28931]: pam_unix(cron:session): session closed for user root
May  8 18:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 18:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31591]: pam_unix(cron:session): session closed for user samftp
May  8 18:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for root from 218.92.0.201 port 44850 ssh2
May  8 18:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 44850 ssh2]
May  8 18:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for root from 218.92.0.201 port 44850 ssh2
May  8 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Invalid user vpn from 85.208.84.4
May  8 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: input_userauth_request: invalid user vpn [preauth]
May  8 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.4
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Failed password for invalid user vpn from 85.208.84.4 port 28808 ssh2
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32225]: Connection closed by 85.208.84.4 port 28808 [preauth]
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for root from 218.92.0.201 port 44850 ssh2
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 44850 ssh2 [preauth]
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Disconnecting: Too many authentication failures [preauth]
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  8 18:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 18:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32239]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32240]: Bad protocol version identification 'GET / HTTP/1.1' from 65.49.20.69 port 63092
May  8 18:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30687]: pam_unix(cron:session): session closed for user root
May  8 18:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Invalid user jenkins from 185.213.165.126
May  8 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: input_userauth_request: invalid user jenkins [preauth]
May  8 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Failed password for invalid user jenkins from 185.213.165.126 port 43930 ssh2
May  8 18:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Received disconnect from 185.213.165.126 port 43930:11: Bye Bye [preauth]
May  8 18:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32346]: Disconnected from 185.213.165.126 port 43930 [preauth]
May  8 18:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 18:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Failed password for root from 218.92.0.218 port 57170 ssh2
May  8 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Failed password for root from 218.92.0.218 port 57170 ssh2
May  8 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Received disconnect from 218.92.0.218 port 57170:11:  [preauth]
May  8 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: Disconnected from 218.92.0.218 port 57170 [preauth]
May  8 18:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32415]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32432]: pam_unix(cron:session): session closed for user root
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32427]: pam_unix(cron:session): session closed for user p13x
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32502]: Successful su for rubyman by root
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32502]: + ??? root:rubyman
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354821 of user rubyman.
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32502]: pam_unix(su:session): session closed for user rubyman
May  8 18:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354821.
May  8 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32429]: pam_unix(cron:session): session closed for user root
May  8 18:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29433]: pam_unix(cron:session): session closed for user root
May  8 18:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32428]: pam_unix(cron:session): session closed for user samftp
May  8 18:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 18:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for root from 101.36.108.134 port 42798 ssh2
May  8 18:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Received disconnect from 101.36.108.134 port 42798:11: Bye Bye [preauth]
May  8 18:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Disconnected from 101.36.108.134 port 42798 [preauth]
May  8 18:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31180]: pam_unix(cron:session): session closed for user root
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[586]: pam_unix(cron:session): session closed for user p13x
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: Successful su for rubyman by root
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: + ??? root:rubyman
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354826 of user rubyman.
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[668]: pam_unix(su:session): session closed for user rubyman
May  8 18:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354826.
May  8 18:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29844]: pam_unix(cron:session): session closed for user root
May  8 18:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[587]: pam_unix(cron:session): session closed for user samftp
May  8 18:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31593]: pam_unix(cron:session): session closed for user root
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1077]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1076]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1076]: pam_unix(cron:session): session closed for user p13x
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1142]: Successful su for rubyman by root
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1142]: + ??? root:rubyman
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354828 of user rubyman.
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1142]: pam_unix(su:session): session closed for user rubyman
May  8 18:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354828.
May  8 18:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30269]: pam_unix(cron:session): session closed for user root
May  8 18:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1077]: pam_unix(cron:session): session closed for user samftp
May  8 18:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32431]: pam_unix(cron:session): session closed for user root
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1548]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1546]: pam_unix(cron:session): session closed for user p13x
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: Successful su for rubyman by root
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: + ??? root:rubyman
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354833 of user rubyman.
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1622]: pam_unix(su:session): session closed for user rubyman
May  8 18:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354833.
May  8 18:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30682]: pam_unix(cron:session): session closed for user root
May  8 18:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1548]: pam_unix(cron:session): session closed for user samftp
May  8 18:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[590]: pam_unix(cron:session): session closed for user root
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2080]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2078]: pam_unix(cron:session): session closed for user p13x
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: Successful su for rubyman by root
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: + ??? root:rubyman
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354837 of user rubyman.
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2138]: pam_unix(su:session): session closed for user rubyman
May  8 18:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354837.
May  8 18:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31179]: pam_unix(cron:session): session closed for user root
May  8 18:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2079]: pam_unix(cron:session): session closed for user samftp
May  8 18:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1079]: pam_unix(cron:session): session closed for user root
May  8 18:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126  user=root
May  8 18:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for root from 185.213.165.126 port 47188 ssh2
May  8 18:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Received disconnect from 185.213.165.126 port 47188:11: Bye Bye [preauth]
May  8 18:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Disconnected from 185.213.165.126 port 47188 [preauth]
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2512]: pam_unix(cron:session): session closed for user root
May  8 18:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user p13x
May  8 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2596]: Successful su for rubyman by root
May  8 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2596]: + ??? root:rubyman
May  8 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2596]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354840 of user rubyman.
May  8 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2596]: pam_unix(su:session): session closed for user rubyman
May  8 18:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354840.
May  8 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user root
May  8 18:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31592]: pam_unix(cron:session): session closed for user root
May  8 18:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session closed for user samftp
May  8 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1551]: pam_unix(cron:session): session closed for user root
May  8 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Invalid user sysadmin from 101.36.108.134
May  8 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: input_userauth_request: invalid user sysadmin [preauth]
May  8 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Failed password for invalid user sysadmin from 101.36.108.134 port 49318 ssh2
May  8 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Received disconnect from 101.36.108.134 port 49318:11: Bye Bye [preauth]
May  8 18:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2891]: Disconnected from 101.36.108.134 port 49318 [preauth]
May  8 18:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 18:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Failed password for root from 218.92.0.230 port 41510 ssh2
May  8 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 41510 ssh2]
May  8 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Received disconnect from 218.92.0.230 port 41510:11:  [preauth]
May  8 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: Disconnected from 218.92.0.230 port 41510 [preauth]
May  8 18:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2924]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2988]: pam_unix(cron:session): session closed for user p13x
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3058]: Successful su for rubyman by root
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3058]: + ??? root:rubyman
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354846 of user rubyman.
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3058]: pam_unix(su:session): session closed for user rubyman
May  8 18:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354846.
May  8 18:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32430]: pam_unix(cron:session): session closed for user root
May  8 18:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2990]: pam_unix(cron:session): session closed for user samftp
May  8 18:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2081]: pam_unix(cron:session): session closed for user root
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3407]: pam_unix(cron:session): session closed for user p13x
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3479]: Successful su for rubyman by root
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3479]: + ??? root:rubyman
May  8 18:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354851 of user rubyman.
May  8 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3479]: pam_unix(su:session): session closed for user rubyman
May  8 18:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354851.
May  8 18:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[589]: pam_unix(cron:session): session closed for user root
May  8 18:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3408]: pam_unix(cron:session): session closed for user samftp
May  8 18:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2511]: pam_unix(cron:session): session closed for user root
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3837]: pam_unix(cron:session): session closed for user p13x
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: Successful su for rubyman by root
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: + ??? root:rubyman
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354855 of user rubyman.
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3901]: pam_unix(su:session): session closed for user rubyman
May  8 18:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354855.
May  8 18:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1078]: pam_unix(cron:session): session closed for user root
May  8 18:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3838]: pam_unix(cron:session): session closed for user samftp
May  8 18:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2992]: pam_unix(cron:session): session closed for user root
May  8 18:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Invalid user water from 50.235.31.47
May  8 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: input_userauth_request: invalid user water [preauth]
May  8 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Failed password for invalid user water from 50.235.31.47 port 45884 ssh2
May  8 18:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4279]: Connection closed by 50.235.31.47 port 45884 [preauth]
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4418]: pam_unix(cron:session): session closed for user p13x
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: Successful su for rubyman by root
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: + ??? root:rubyman
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354860 of user rubyman.
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4498]: pam_unix(su:session): session closed for user rubyman
May  8 18:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354860.
May  8 18:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1550]: pam_unix(cron:session): session closed for user root
May  8 18:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4419]: pam_unix(cron:session): session closed for user samftp
May  8 18:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3410]: pam_unix(cron:session): session closed for user root
May  8 18:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Invalid user publisher from 185.213.165.126
May  8 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: input_userauth_request: invalid user publisher [preauth]
May  8 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:49:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 18:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Failed password for invalid user publisher from 185.213.165.126 port 47346 ssh2
May  8 18:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Received disconnect from 185.213.165.126 port 47346:11: Bye Bye [preauth]
May  8 18:49:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4825]: Disconnected from 185.213.165.126 port 47346 [preauth]
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4861]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4866]: pam_unix(cron:session): session closed for user root
May  8 18:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4860]: pam_unix(cron:session): session closed for user p13x
May  8 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4938]: Successful su for rubyman by root
May  8 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4938]: + ??? root:rubyman
May  8 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354864 of user rubyman.
May  8 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4938]: pam_unix(su:session): session closed for user rubyman
May  8 18:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354864.
May  8 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4862]: pam_unix(cron:session): session closed for user root
May  8 18:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2080]: pam_unix(cron:session): session closed for user root
May  8 18:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4861]: pam_unix(cron:session): session closed for user samftp
May  8 18:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 18:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: Failed password for root from 218.92.0.228 port 49810 ssh2
May  8 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 49810 ssh2]
May  8 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: Received disconnect from 218.92.0.228 port 49810:11:  [preauth]
May  8 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: Disconnected from 218.92.0.228 port 49810 [preauth]
May  8 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5343]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:50:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 18:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Invalid user ubuntu from 194.0.234.16
May  8 18:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: input_userauth_request: invalid user ubuntu [preauth]
May  8 18:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  8 18:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Failed password for root from 218.92.0.228 port 55226 ssh2
May  8 18:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Failed password for invalid user ubuntu from 194.0.234.16 port 43686 ssh2
May  8 18:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5375]: Connection closed by 194.0.234.16 port 43686 [preauth]
May  8 18:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Failed password for root from 218.92.0.228 port 55226 ssh2
May  8 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Failed password for root from 218.92.0.228 port 55226 ssh2
May  8 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Received disconnect from 218.92.0.228 port 55226:11:  [preauth]
May  8 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Disconnected from 218.92.0.228 port 55226 [preauth]
May  8 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 18:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 18:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: Failed password for root from 218.92.0.228 port 36758 ssh2
May  8 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: message repeated 2 times: [ Failed password for root from 218.92.0.228 port 36758 ssh2]
May  8 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: Received disconnect from 218.92.0.228 port 36758:11:  [preauth]
May  8 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: Disconnected from 218.92.0.228 port 36758 [preauth]
May  8 18:50:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5387]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.228  user=root
May  8 18:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3840]: pam_unix(cron:session): session closed for user root
May  8 18:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 18:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Failed password for root from 218.92.0.237 port 58952 ssh2
May  8 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: message repeated 2 times: [ Failed password for root from 218.92.0.237 port 58952 ssh2]
May  8 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Received disconnect from 218.92.0.237 port 58952:11:  [preauth]
May  8 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: Disconnected from 218.92.0.237 port 58952 [preauth]
May  8 18:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5420]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.237  user=root
May  8 18:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Invalid user gpu from 101.36.108.134
May  8 18:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: input_userauth_request: invalid user gpu [preauth]
May  8 18:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:50:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Failed password for invalid user gpu from 101.36.108.134 port 38744 ssh2
May  8 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Received disconnect from 101.36.108.134 port 38744:11: Bye Bye [preauth]
May  8 18:50:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5487]: Disconnected from 101.36.108.134 port 38744 [preauth]
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5520]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5521]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5520]: pam_unix(cron:session): session closed for user p13x
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5634]: Successful su for rubyman by root
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5634]: + ??? root:rubyman
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354868 of user rubyman.
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5634]: pam_unix(su:session): session closed for user rubyman
May  8 18:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354868.
May  8 18:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user root
May  8 18:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5521]: pam_unix(cron:session): session closed for user samftp
May  8 18:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Invalid user  from 117.50.181.55
May  8 18:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: input_userauth_request: invalid user  [preauth]
May  8 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Invalid user hive from 117.50.181.55
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: input_userauth_request: invalid user hive [preauth]
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Invalid user git from 117.50.181.55
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: input_userauth_request: invalid user git [preauth]
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Invalid user mongo from 117.50.181.55
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: input_userauth_request: invalid user mongo [preauth]
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Failed password for root from 117.50.181.55 port 60990 ssh2
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5925]: Connection closed by 117.50.181.55 port 60990 [preauth]
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Failed password for invalid user hive from 117.50.181.55 port 35842 ssh2
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5929]: Connection closed by 117.50.181.55 port 35842 [preauth]
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Failed password for invalid user git from 117.50.181.55 port 37078 ssh2
May  8 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5931]: Connection closed by 117.50.181.55 port 37078 [preauth]
May  8 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5911]: Connection closed by 117.50.181.55 port 59586 [preauth]
May  8 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Failed password for invalid user mongo from 117.50.181.55 port 42182 ssh2
May  8 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5937]: Connection closed by 117.50.181.55 port 42182 [preauth]
May  8 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Invalid user apache from 117.50.181.55
May  8 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: input_userauth_request: invalid user apache [preauth]
May  8 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: Invalid user user from 117.50.181.55
May  8 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: input_userauth_request: invalid user user [preauth]
May  8 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Failed password for invalid user apache from 117.50.181.55 port 56376 ssh2
May  8 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5968]: Connection closed by 117.50.181.55 port 56376 [preauth]
May  8 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: Failed password for invalid user user from 117.50.181.55 port 38780 ssh2
May  8 18:51:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5973]: Connection closed by 117.50.181.55 port 38780 [preauth]
May  8 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Invalid user user1 from 117.50.181.55
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: input_userauth_request: invalid user user1 [preauth]
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Invalid user flink from 117.50.181.55
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: input_userauth_request: invalid user flink [preauth]
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Invalid user esuser from 117.50.181.55
May  8 18:51:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: input_userauth_request: invalid user esuser [preauth]
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Failed password for invalid user user1 from 117.50.181.55 port 43724 ssh2
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6000]: Connection closed by 117.50.181.55 port 43724 [preauth]
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Failed password for invalid user flink from 117.50.181.55 port 46608 ssh2
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6004]: Connection closed by 117.50.181.55 port 46608 [preauth]
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Invalid user sonar from 117.50.181.55
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: input_userauth_request: invalid user sonar [preauth]
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Invalid user app from 117.50.181.55
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: input_userauth_request: invalid user app [preauth]
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Invalid user lighthouse from 117.50.181.55
May  8 18:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: input_userauth_request: invalid user lighthouse [preauth]
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Failed password for invalid user sonar from 117.50.181.55 port 47584 ssh2
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Failed password for invalid user esuser from 117.50.181.55 port 53358 ssh2
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6022]: Connection closed by 117.50.181.55 port 47584 [preauth]
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Failed password for invalid user app from 117.50.181.55 port 48958 ssh2
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6014]: Connection closed by 117.50.181.55 port 53358 [preauth]
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6038]: Connection closed by 117.50.181.55 port 48958 [preauth]
May  8 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Failed password for invalid user lighthouse from 117.50.181.55 port 52002 ssh2
May  8 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6042]: Connection closed by 117.50.181.55 port 52002 [preauth]
May  8 18:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Invalid user admin from 117.50.181.55
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: input_userauth_request: invalid user admin [preauth]
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: Failed password for root from 117.50.181.55 port 54964 ssh2
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6044]: Connection closed by 117.50.181.55 port 54964 [preauth]
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Invalid user elastic from 117.50.181.55
May  8 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: input_userauth_request: invalid user elastic [preauth]
May  8 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Failed password for root from 117.50.181.55 port 42412 ssh2
May  8 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6058]: Connection closed by 117.50.181.55 port 42412 [preauth]
May  8 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Failed password for invalid user admin from 117.50.181.55 port 47560 ssh2
May  8 18:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6060]: Connection closed by 117.50.181.55 port 47560 [preauth]
May  8 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Failed password for invalid user elastic from 117.50.181.55 port 52504 ssh2
May  8 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6065]: Connection closed by 117.50.181.55 port 52504 [preauth]
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Invalid user tom from 117.50.181.55
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: input_userauth_request: invalid user tom [preauth]
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Invalid user elsearch from 117.50.181.55
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: input_userauth_request: invalid user elsearch [preauth]
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Invalid user rancher from 117.50.181.55
May  8 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: input_userauth_request: invalid user rancher [preauth]
May  8 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4421]: pam_unix(cron:session): session closed for user root
May  8 18:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Failed password for invalid user tom from 117.50.181.55 port 49886 ssh2
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: Invalid user nginx from 117.50.181.55
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: input_userauth_request: invalid user nginx [preauth]
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6079]: Connection closed by 117.50.181.55 port 49886 [preauth]
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: Invalid user es from 117.50.181.55
May  8 18:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: input_userauth_request: invalid user es [preauth]
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Failed password for invalid user elsearch from 117.50.181.55 port 56590 ssh2
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6086]: Connection closed by 117.50.181.55 port 56590 [preauth]
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Failed password for invalid user rancher from 117.50.181.55 port 58908 ssh2
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6092]: Connection closed by 117.50.181.55 port 58908 [preauth]
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Invalid user bigdata from 117.50.181.55
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: input_userauth_request: invalid user bigdata [preauth]
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Invalid user steam from 117.50.181.55
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: input_userauth_request: invalid user steam [preauth]
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Failed password for root from 117.50.181.55 port 53096 ssh2
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6084]: Connection closed by 117.50.181.55 port 53096 [preauth]
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Invalid user plex from 117.50.181.55
May  8 18:51:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: input_userauth_request: invalid user plex [preauth]
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: Failed password for invalid user nginx from 117.50.181.55 port 57946 ssh2
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6090]: Connection closed by 117.50.181.55 port 57946 [preauth]
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Failed password for root from 117.50.181.55 port 43570 ssh2
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: Failed password for invalid user es from 117.50.181.55 port 35646 ssh2
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6127]: Connection closed by 117.50.181.55 port 43570 [preauth]
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6125]: Connection closed by 117.50.181.55 port 35646 [preauth]
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Invalid user observer from 117.50.181.55
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: input_userauth_request: invalid user observer [preauth]
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Invalid user oracle from 117.50.181.55
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: input_userauth_request: invalid user oracle [preauth]
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Failed password for invalid user steam from 117.50.181.55 port 57658 ssh2
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6134]: Connection closed by 117.50.181.55 port 57658 [preauth]
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Failed password for invalid user plex from 117.50.181.55 port 56242 ssh2
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6132]: Connection closed by 117.50.181.55 port 56242 [preauth]
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Failed password for invalid user bigdata from 117.50.181.55 port 50936 ssh2
May  8 18:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6129]: Connection closed by 117.50.181.55 port 50936 [preauth]
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Failed password for invalid user observer from 117.50.181.55 port 32778 ssh2
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6144]: Connection closed by 117.50.181.55 port 32778 [preauth]
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Invalid user ftpuser from 117.50.181.55
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: input_userauth_request: invalid user ftpuser [preauth]
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Failed password for invalid user oracle from 117.50.181.55 port 39746 ssh2
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6146]: Connection closed by 117.50.181.55 port 39746 [preauth]
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Invalid user worker from 117.50.181.55
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: input_userauth_request: invalid user worker [preauth]
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: Invalid user zabbix from 117.50.181.55
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: input_userauth_request: invalid user zabbix [preauth]
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Invalid user gpuadmin from 117.50.181.55
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: input_userauth_request: invalid user gpuadmin [preauth]
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Invalid user flask from 117.50.181.55
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: input_userauth_request: invalid user flask [preauth]
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Failed password for invalid user ftpuser from 117.50.181.55 port 47662 ssh2
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6152]: Connection closed by 117.50.181.55 port 47662 [preauth]
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Failed password for invalid user worker from 117.50.181.55 port 60228 ssh2
May  8 18:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6156]: Connection closed by 117.50.181.55 port 60228 [preauth]
May  8 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: Failed password for invalid user zabbix from 117.50.181.55 port 36524 ssh2
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6160]: Connection closed by 117.50.181.55 port 36524 [preauth]
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Failed password for invalid user gpuadmin from 117.50.181.55 port 34970 ssh2
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Failed password for invalid user flask from 117.50.181.55 port 39288 ssh2
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6158]: Connection closed by 117.50.181.55 port 34970 [preauth]
May  8 18:51:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6162]: Connection closed by 117.50.181.55 port 39288 [preauth]
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Invalid user testuser from 117.50.181.55
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: input_userauth_request: invalid user testuser [preauth]
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Invalid user centos from 117.50.181.55
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: input_userauth_request: invalid user centos [preauth]
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: Failed password for root from 117.50.181.55 port 50288 ssh2
May  8 18:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6179]: Connection closed by 117.50.181.55 port 50288 [preauth]
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Invalid user zabbix from 117.50.181.55
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: input_userauth_request: invalid user zabbix [preauth]
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: Invalid user kubernetes from 117.50.181.55
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: input_userauth_request: invalid user kubernetes [preauth]
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Invalid user ts from 117.50.181.55
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: input_userauth_request: invalid user ts [preauth]
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Failed password for invalid user testuser from 117.50.181.55 port 42666 ssh2
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Failed password for invalid user centos from 117.50.181.55 port 57054 ssh2
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6197]: Connection closed by 117.50.181.55 port 42666 [preauth]
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6183]: Connection closed by 117.50.181.55 port 57054 [preauth]
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Invalid user debianuser from 117.50.181.55
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: input_userauth_request: invalid user debianuser [preauth]
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Failed password for invalid user zabbix from 117.50.181.55 port 45430 ssh2
May  8 18:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6200]: Connection closed by 117.50.181.55 port 45430 [preauth]
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: Failed password for invalid user kubernetes from 117.50.181.55 port 46854 ssh2
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Invalid user admin from 117.50.181.55
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: input_userauth_request: invalid user admin [preauth]
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6202]: Connection closed by 117.50.181.55 port 46854 [preauth]
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Failed password for invalid user ts from 117.50.181.55 port 42906 ssh2
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Invalid user default from 117.50.181.55
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: input_userauth_request: invalid user default [preauth]
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6148]: Connection closed by 117.50.181.55 port 42906 [preauth]
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Invalid user tomcat from 117.50.181.55
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: input_userauth_request: invalid user tomcat [preauth]
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Failed password for invalid user debianuser from 117.50.181.55 port 55374 ssh2
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Invalid user gitlab from 117.50.181.55
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: input_userauth_request: invalid user gitlab [preauth]
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6214]: Connection closed by 117.50.181.55 port 55374 [preauth]
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Failed password for invalid user admin from 117.50.181.55 port 39836 ssh2
May  8 18:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Connection closed by 117.50.181.55 port 39836 [preauth]
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Failed password for invalid user default from 117.50.181.55 port 41100 ssh2
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6218]: Connection closed by 117.50.181.55 port 41100 [preauth]
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Invalid user admin from 117.50.181.55
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: input_userauth_request: invalid user admin [preauth]
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Failed password for invalid user tomcat from 117.50.181.55 port 42268 ssh2
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6220]: Connection closed by 117.50.181.55 port 42268 [preauth]
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Failed password for invalid user gitlab from 117.50.181.55 port 43964 ssh2
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: Invalid user esuser from 117.50.181.55
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: input_userauth_request: invalid user esuser [preauth]
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6222]: Connection closed by 117.50.181.55 port 43964 [preauth]
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Invalid user es from 117.50.181.55
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: input_userauth_request: invalid user es [preauth]
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Invalid user flink from 117.50.181.55
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: input_userauth_request: invalid user flink [preauth]
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Failed password for invalid user admin from 117.50.181.55 port 52214 ssh2
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6224]: Connection closed by 117.50.181.55 port 52214 [preauth]
May  8 18:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: Failed password for root from 117.50.181.55 port 59352 ssh2
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Invalid user ubnt from 117.50.181.55
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: input_userauth_request: invalid user ubnt [preauth]
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6226]: Connection closed by 117.50.181.55 port 59352 [preauth]
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: Failed password for invalid user esuser from 117.50.181.55 port 59500 ssh2
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6228]: Connection closed by 117.50.181.55 port 59500 [preauth]
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Failed password for invalid user es from 117.50.181.55 port 34064 ssh2
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Connection closed by 117.50.181.55 port 34064 [preauth]
May  8 18:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Failed password for invalid user flink from 117.50.181.55 port 40618 ssh2
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Invalid user mongodb from 117.50.181.55
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: input_userauth_request: invalid user mongodb [preauth]
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Failed password for invalid user ubnt from 117.50.181.55 port 47124 ssh2
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6244]: Connection closed by 117.50.181.55 port 47124 [preauth]
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6241]: Connection closed by 117.50.181.55 port 40618 [preauth]
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:51:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Invalid user sonar from 117.50.181.55
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: input_userauth_request: invalid user sonar [preauth]
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Invalid user elasticsearch from 117.50.181.55
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Failed password for invalid user mongodb from 117.50.181.55 port 35136 ssh2
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Invalid user docker from 117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: input_userauth_request: invalid user docker [preauth]
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Connection closed by 117.50.181.55 port 35136 [preauth]
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Invalid user weblogic from 117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: input_userauth_request: invalid user weblogic [preauth]
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Failed password for root from 117.50.181.55 port 52330 ssh2
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Invalid user gitlab from 117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: input_userauth_request: invalid user gitlab [preauth]
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6246]: Connection closed by 117.50.181.55 port 52330 [preauth]
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6271]: Did not receive identification string from 205.210.31.79
May  8 18:51:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Invalid user guest from 117.50.181.55
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: input_userauth_request: invalid user guest [preauth]
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Invalid user elsearch from 117.50.181.55
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: input_userauth_request: invalid user elsearch [preauth]
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Invalid user git from 117.50.181.55
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: input_userauth_request: invalid user git [preauth]
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:51:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for invalid user sonar from 117.50.181.55 port 40950 ssh2
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Failed password for invalid user elasticsearch from 117.50.181.55 port 42072 ssh2
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 117.50.181.55 port 40950 [preauth]
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Invalid user vagrant from 117.50.181.55
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: input_userauth_request: invalid user vagrant [preauth]
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6260]: Connection closed by 117.50.181.55 port 42072 [preauth]
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Failed password for invalid user docker from 117.50.181.55 port 43778 ssh2
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6266]: Connection closed by 117.50.181.55 port 43778 [preauth]
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Failed password for invalid user weblogic from 117.50.181.55 port 54420 ssh2
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: User mysql from 117.50.181.55 not allowed because not listed in AllowUsers
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: input_userauth_request: invalid user mysql [preauth]
May  8 18:52:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6181]: Connection closed by 117.50.181.55 port 54420 [preauth]
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=mysql
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Failed password for invalid user gitlab from 117.50.181.55 port 52016 ssh2
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6249]: Connection closed by 117.50.181.55 port 52016 [preauth]
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Invalid user worker from 117.50.181.55
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: input_userauth_request: invalid user worker [preauth]
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6291]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6290]: pam_unix(cron:session): session closed for user p13x
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Failed password for invalid user git from 117.50.181.55 port 58638 ssh2
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Failed password for invalid user guest from 117.50.181.55 port 51986 ssh2
May  8 18:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Invalid user admin from 117.50.181.55
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Failed password for invalid user elsearch from 117.50.181.55 port 56358 ssh2
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: input_userauth_request: invalid user admin [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6274]: Connection closed by 117.50.181.55 port 58638 [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6269]: Connection closed by 117.50.181.55 port 51986 [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: Successful su for rubyman by root
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: + ??? root:rubyman
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354872 of user rubyman.
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6354]: pam_unix(su:session): session closed for user rubyman
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354872.
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6272]: Connection closed by 117.50.181.55 port 56358 [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Failed password for invalid user vagrant from 117.50.181.55 port 33286 ssh2
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6276]: Connection closed by 117.50.181.55 port 33286 [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Failed password for invalid user mysql from 117.50.181.55 port 40980 ssh2
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6279]: Connection closed by 117.50.181.55 port 40980 [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Invalid user es from 117.50.181.55
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: input_userauth_request: invalid user es [preauth]
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Failed password for invalid user worker from 117.50.181.55 port 39304 ssh2
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Invalid user deploy from 117.50.181.55
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: input_userauth_request: invalid user deploy [preauth]
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6283]: Connection closed by 117.50.181.55 port 39304 [preauth]
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: Failed password for root from 117.50.181.55 port 37788 ssh2
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6281]: Connection closed by 117.50.181.55 port 37788 [preauth]
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Invalid user dev from 117.50.181.55
May  8 18:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: input_userauth_request: invalid user dev [preauth]
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Failed password for invalid user admin from 117.50.181.55 port 43006 ssh2
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6286]: Connection closed by 117.50.181.55 port 43006 [preauth]
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2991]: pam_unix(cron:session): session closed for user root
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Failed password for invalid user es from 117.50.181.55 port 47246 ssh2
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6343]: Connection closed by 117.50.181.55 port 47246 [preauth]
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Invalid user demo from 117.50.181.55
May  8 18:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: input_userauth_request: invalid user demo [preauth]
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Invalid user oceanbase from 117.50.181.55
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: input_userauth_request: invalid user oceanbase [preauth]
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for invalid user deploy from 117.50.181.55 port 50834 ssh2
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Connection closed by 117.50.181.55 port 50834 [preauth]
May  8 18:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Failed password for invalid user dev from 117.50.181.55 port 57308 ssh2
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6419]: Connection closed by 117.50.181.55 port 57308 [preauth]
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for root from 117.50.181.55 port 49360 ssh2
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 117.50.181.55 port 49360 [preauth]
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6291]: pam_unix(cron:session): session closed for user samftp
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Failed password for invalid user demo from 117.50.181.55 port 52346 ssh2
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Invalid user user from 117.50.181.55
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: input_userauth_request: invalid user user [preauth]
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6396]: Connection closed by 117.50.181.55 port 52346 [preauth]
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Failed password for invalid user oceanbase from 117.50.181.55 port 38882 ssh2
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6517]: Connection closed by 117.50.181.55 port 38882 [preauth]
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: Invalid user ftpuser from 117.50.181.55
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: input_userauth_request: invalid user ftpuser [preauth]
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Failed password for root from 117.50.181.55 port 46354 ssh2
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6531]: Connection closed by 117.50.181.55 port 46354 [preauth]
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: Invalid user oracle from 117.50.181.55
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: input_userauth_request: invalid user oracle [preauth]
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Failed password for invalid user user from 117.50.181.55 port 49782 ssh2
May  8 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6535]: Connection closed by 117.50.181.55 port 49782 [preauth]
May  8 18:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: Invalid user oracle from 117.50.181.55
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: input_userauth_request: invalid user oracle [preauth]
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: Failed password for invalid user ftpuser from 117.50.181.55 port 56894 ssh2
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6550]: Connection closed by 117.50.181.55 port 56894 [preauth]
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: Failed password for invalid user oracle from 117.50.181.55 port 54502 ssh2
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Failed password for root from 117.50.181.55 port 39018 ssh2
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6150]: Connection closed by 117.50.181.55 port 54502 [preauth]
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:52:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6552]: Connection closed by 117.50.181.55 port 39018 [preauth]
May  8 18:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: Failed password for invalid user oracle from 117.50.181.55 port 46782 ssh2
May  8 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6564]: Connection closed by 117.50.181.55 port 46782 [preauth]
May  8 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Failed password for root from 117.50.181.55 port 42766 ssh2
May  8 18:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6566]: Connection closed by 117.50.181.55 port 42766 [preauth]
May  8 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Invalid user uftp from 117.50.181.55
May  8 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: input_userauth_request: invalid user uftp [preauth]
May  8 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Invalid user dolphinscheduler from 117.50.181.55
May  8 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55
May  8 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6608]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Failed password for invalid user uftp from 117.50.181.55 port 43428 ssh2
May  8 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Connection closed by 117.50.181.55 port 43428 [preauth]
May  8 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Failed password for invalid user dolphinscheduler from 117.50.181.55 port 46260 ssh2
May  8 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6579]: Connection closed by 117.50.181.55 port 46260 [preauth]
May  8 18:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4865]: pam_unix(cron:session): session closed for user root
May  8 18:52:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.181.55  user=root
May  8 18:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Failed password for root from 117.50.181.55 port 45506 ssh2
May  8 18:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6175]: Connection closed by 117.50.181.55 port 45506 [preauth]
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6746]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6744]: pam_unix(cron:session): session closed for user p13x
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: Successful su for rubyman by root
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: + ??? root:rubyman
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354877 of user rubyman.
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6811]: pam_unix(su:session): session closed for user rubyman
May  8 18:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354877.
May  8 18:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3409]: pam_unix(cron:session): session closed for user root
May  8 18:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6746]: pam_unix(cron:session): session closed for user samftp
May  8 18:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5523]: pam_unix(cron:session): session closed for user root
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7267]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7267]: pam_unix(cron:session): session closed for user p13x
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: Successful su for rubyman by root
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: + ??? root:rubyman
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354880 of user rubyman.
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7326]: pam_unix(su:session): session closed for user rubyman
May  8 18:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354880.
May  8 18:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3839]: pam_unix(cron:session): session closed for user root
May  8 18:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7268]: pam_unix(cron:session): session closed for user samftp
May  8 18:54:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Received disconnect from 218.92.0.222 port 35106:11:  [preauth]
May  8 18:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7632]: Disconnected from 218.92.0.222 port 35106 [preauth]
May  8 18:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6293]: pam_unix(cron:session): session closed for user root
May  8 18:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:54:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126  user=root
May  8 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Failed password for root from 185.213.165.126 port 38158 ssh2
May  8 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Received disconnect from 185.213.165.126 port 38158:11: Bye Bye [preauth]
May  8 18:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Disconnected from 185.213.165.126 port 38158 [preauth]
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7803]: pam_unix(cron:session): session closed for user root
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7796]: pam_unix(cron:session): session closed for user p13x
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7867]: Successful su for rubyman by root
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7867]: + ??? root:rubyman
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7867]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354886 of user rubyman.
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7867]: pam_unix(su:session): session closed for user rubyman
May  8 18:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354886.
May  8 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7798]: pam_unix(cron:session): session closed for user root
May  8 18:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4420]: pam_unix(cron:session): session closed for user root
May  8 18:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7797]: pam_unix(cron:session): session closed for user samftp
May  8 18:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6748]: pam_unix(cron:session): session closed for user root
May  8 18:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Failed password for root from 101.36.108.134 port 34378 ssh2
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Received disconnect from 101.36.108.134 port 34378:11: Bye Bye [preauth]
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Disconnected from 101.36.108.134 port 34378 [preauth]
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8259]: pam_unix(cron:session): session closed for user p13x
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8328]: Successful su for rubyman by root
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8328]: + ??? root:rubyman
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354892 of user rubyman.
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8328]: pam_unix(su:session): session closed for user rubyman
May  8 18:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354892.
May  8 18:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4864]: pam_unix(cron:session): session closed for user root
May  8 18:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8260]: pam_unix(cron:session): session closed for user samftp
May  8 18:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7270]: pam_unix(cron:session): session closed for user root
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8684]: pam_unix(cron:session): session closed for user p13x
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: Successful su for rubyman by root
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: + ??? root:rubyman
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354894 of user rubyman.
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8756]: pam_unix(su:session): session closed for user rubyman
May  8 18:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354894.
May  8 18:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5522]: pam_unix(cron:session): session closed for user root
May  8 18:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8685]: pam_unix(cron:session): session closed for user samftp
May  8 18:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7800]: pam_unix(cron:session): session closed for user root
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9096]: pam_unix(cron:session): session closed for user p13x
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9255]: Successful su for rubyman by root
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9255]: + ??? root:rubyman
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354898 of user rubyman.
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9255]: pam_unix(su:session): session closed for user rubyman
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354898.
May  8 18:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Invalid user 1 from 80.94.95.115
May  8 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: input_userauth_request: invalid user 1 [preauth]
May  8 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6292]: pam_unix(cron:session): session closed for user root
May  8 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for invalid user 1 from 80.94.95.115 port 41508 ssh2
May  8 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Connection closed by 80.94.95.115 port 41508 [preauth]
May  8 18:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9097]: pam_unix(cron:session): session closed for user samftp
May  8 18:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8262]: pam_unix(cron:session): session closed for user root
May  8 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 18:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9619]: pam_unix(cron:session): session closed for user p13x
May  8 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9683]: Successful su for rubyman by root
May  8 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9683]: + ??? root:rubyman
May  8 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9683]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354904 of user rubyman.
May  8 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9683]: pam_unix(su:session): session closed for user rubyman
May  8 18:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354904.
May  8 18:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6747]: pam_unix(cron:session): session closed for user root
May  8 18:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9621]: pam_unix(cron:session): session closed for user samftp
May  8 18:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8687]: pam_unix(cron:session): session closed for user root
May  8 18:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:59:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 18:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Failed password for root from 218.92.0.252 port 59430 ssh2
May  8 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Received disconnect from 218.92.0.252 port 59430:11:  [preauth]
May  8 18:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9983]: Disconnected from 218.92.0.252 port 59430 [preauth]
May  8 18:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 18:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Invalid user ubuntu from 185.213.165.126
May  8 18:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: input_userauth_request: invalid user ubuntu [preauth]
May  8 18:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: pam_unix(sshd:auth): check pass; user unknown
May  8 18:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Failed password for invalid user ubuntu from 185.213.165.126 port 59838 ssh2
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10041]: pam_unix(cron:session): session closed for user root
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10037]: pam_unix(cron:session): session closed for user root
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10035]: pam_unix(cron:session): session closed for user p13x
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Received disconnect from 185.213.165.126 port 59838:11: Bye Bye [preauth]
May  8 19:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10022]: Disconnected from 185.213.165.126 port 59838 [preauth]
May  8 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10127]: Successful su for rubyman by root
May  8 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10127]: + ??? root:rubyman
May  8 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10127]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354908 of user rubyman.
May  8 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10127]: pam_unix(su:session): session closed for user rubyman
May  8 19:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354908.
May  8 19:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7269]: pam_unix(cron:session): session closed for user root
May  8 19:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10038]: pam_unix(cron:session): session closed for user root
May  8 19:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10036]: pam_unix(cron:session): session closed for user samftp
May  8 19:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9099]: pam_unix(cron:session): session closed for user root
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10671]: pam_unix(cron:session): session closed for user p13x
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: Successful su for rubyman by root
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: + ??? root:rubyman
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354915 of user rubyman.
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10771]: pam_unix(su:session): session closed for user rubyman
May  8 19:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354915.
May  8 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7799]: pam_unix(cron:session): session closed for user root
May  8 19:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10672]: pam_unix(cron:session): session closed for user samftp
May  8 19:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Failed password for root from 101.36.108.134 port 41982 ssh2
May  8 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Received disconnect from 101.36.108.134 port 41982:11: Bye Bye [preauth]
May  8 19:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10940]: Disconnected from 101.36.108.134 port 41982 [preauth]
May  8 19:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 19:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: Failed password for root from 80.94.95.241 port 62523 ssh2
May  8 19:01:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: Failed password for root from 80.94.95.241 port 62523 ssh2
May  8 19:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9623]: pam_unix(cron:session): session closed for user root
May  8 19:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: Failed password for root from 80.94.95.241 port 62523 ssh2
May  8 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: message repeated 2 times: [ Failed password for root from 80.94.95.241 port 62523 ssh2]
May  8 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: Received disconnect from 80.94.95.241 port 62523:11: Bye [preauth]
May  8 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: Disconnected from 80.94.95.241 port 62523 [preauth]
May  8 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 19:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11011]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11101]: pam_unix(cron:session): session closed for user p13x
May  8 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11174]: Successful su for rubyman by root
May  8 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11174]: + ??? root:rubyman
May  8 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11174]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354919 of user rubyman.
May  8 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11174]: pam_unix(su:session): session closed for user rubyman
May  8 19:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354919.
May  8 19:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8261]: pam_unix(cron:session): session closed for user root
May  8 19:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11102]: pam_unix(cron:session): session closed for user samftp
May  8 19:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Received disconnect from 218.92.0.220 port 34106:11:  [preauth]
May  8 19:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11353]: Disconnected from 218.92.0.220 port 34106 [preauth]
May  8 19:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10040]: pam_unix(cron:session): session closed for user root
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11506]: pam_unix(cron:session): session closed for user p13x
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: Successful su for rubyman by root
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: + ??? root:rubyman
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354922 of user rubyman.
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11574]: pam_unix(su:session): session closed for user rubyman
May  8 19:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354922.
May  8 19:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8686]: pam_unix(cron:session): session closed for user root
May  8 19:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11507]: pam_unix(cron:session): session closed for user samftp
May  8 19:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session closed for user root
May  8 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: Did not receive identification string from 193.32.162.84
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user p13x
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11962]: Successful su for rubyman by root
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11962]: + ??? root:rubyman
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354925 of user rubyman.
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11962]: pam_unix(su:session): session closed for user rubyman
May  8 19:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354925.
May  8 19:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9098]: pam_unix(cron:session): session closed for user root
May  8 19:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11903]: pam_unix(cron:session): session closed for user samftp
May  8 19:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user root
May  8 19:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12011]: Connection closed by 104.28.249.24 port 14633 [preauth]
May  8 19:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Invalid user ollama from 185.213.165.126
May  8 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: input_userauth_request: invalid user ollama [preauth]
May  8 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 19:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Failed password for invalid user ollama from 185.213.165.126 port 32782 ssh2
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Received disconnect from 185.213.165.126 port 32782:11: Bye Bye [preauth]
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12279]: Disconnected from 185.213.165.126 port 32782 [preauth]
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12301]: pam_unix(cron:session): session closed for user root
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12296]: pam_unix(cron:session): session closed for user p13x
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: Successful su for rubyman by root
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: + ??? root:rubyman
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354931 of user rubyman.
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12375]: pam_unix(su:session): session closed for user rubyman
May  8 19:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354931.
May  8 19:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9622]: pam_unix(cron:session): session closed for user root
May  8 19:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12298]: pam_unix(cron:session): session closed for user root
May  8 19:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12297]: pam_unix(cron:session): session closed for user samftp
May  8 19:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11509]: pam_unix(cron:session): session closed for user root
May  8 19:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: Invalid user 1 from 80.94.95.115
May  8 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: input_userauth_request: invalid user 1 [preauth]
May  8 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 19:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: Failed password for invalid user 1 from 80.94.95.115 port 55062 ssh2
May  8 19:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12671]: Connection closed by 80.94.95.115 port 55062 [preauth]
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12723]: pam_unix(cron:session): session closed for user p13x
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12787]: Successful su for rubyman by root
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12787]: + ??? root:rubyman
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354935 of user rubyman.
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12787]: pam_unix(su:session): session closed for user rubyman
May  8 19:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354935.
May  8 19:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10039]: pam_unix(cron:session): session closed for user root
May  8 19:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12724]: pam_unix(cron:session): session closed for user samftp
May  8 19:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Failed password for root from 101.36.108.134 port 57184 ssh2
May  8 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Received disconnect from 101.36.108.134 port 57184:11: Bye Bye [preauth]
May  8 19:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12976]: Disconnected from 101.36.108.134 port 57184 [preauth]
May  8 19:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11905]: pam_unix(cron:session): session closed for user root
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13131]: pam_unix(cron:session): session closed for user p13x
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: Successful su for rubyman by root
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: + ??? root:rubyman
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354940 of user rubyman.
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13191]: pam_unix(su:session): session closed for user rubyman
May  8 19:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354940.
May  8 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session closed for user root
May  8 19:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13132]: pam_unix(cron:session): session closed for user samftp
May  8 19:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Invalid user admin from 80.94.95.112
May  8 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: input_userauth_request: invalid user admin [preauth]
May  8 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user admin from 80.94.95.112 port 9353 ssh2
May  8 19:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user admin from 80.94.95.112 port 9353 ssh2
May  8 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Invalid user winter from 115.190.111.193
May  8 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: input_userauth_request: invalid user winter [preauth]
May  8 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user admin from 80.94.95.112 port 9353 ssh2
May  8 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Failed password for invalid user winter from 115.190.111.193 port 51660 ssh2
May  8 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Received disconnect from 115.190.111.193 port 51660:11: Bye Bye [preauth]
May  8 19:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13526]: Disconnected from 115.190.111.193 port 51660 [preauth]
May  8 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12300]: pam_unix(cron:session): session closed for user root
May  8 19:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user admin from 80.94.95.112 port 9353 ssh2
May  8 19:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Failed password for invalid user admin from 80.94.95.112 port 9353 ssh2
May  8 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Received disconnect from 80.94.95.112 port 9353:11: Bye [preauth]
May  8 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: Disconnected from 80.94.95.112 port 9353 [preauth]
May  8 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 19:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13434]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13635]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13634]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13634]: pam_unix(cron:session): session closed for user p13x
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: Successful su for rubyman by root
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: + ??? root:rubyman
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354945 of user rubyman.
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13702]: pam_unix(su:session): session closed for user rubyman
May  8 19:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354945.
May  8 19:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13546]: Connection closed by 104.28.249.24 port 14631 [preauth]
May  8 19:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user root
May  8 19:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13635]: pam_unix(cron:session): session closed for user samftp
May  8 19:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12726]: pam_unix(cron:session): session closed for user root
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14040]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14039]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14039]: pam_unix(cron:session): session closed for user p13x
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14157]: Successful su for rubyman by root
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14157]: + ??? root:rubyman
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14157]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354947 of user rubyman.
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14157]: pam_unix(su:session): session closed for user rubyman
May  8 19:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354947.
May  8 19:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session closed for user root
May  8 19:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11508]: pam_unix(cron:session): session closed for user root
May  8 19:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14040]: pam_unix(cron:session): session closed for user samftp
May  8 19:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13134]: pam_unix(cron:session): session closed for user root
May  8 19:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:09:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 19:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Failed password for root from 49.64.169.153 port 40411 ssh2
May  8 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Received disconnect from 49.64.169.153 port 40411:11: Bye Bye [preauth]
May  8 19:09:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14516]: Disconnected from 49.64.169.153 port 40411 [preauth]
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14537]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14537]: pam_unix(cron:session): session closed for user root
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14530]: pam_unix(cron:session): session closed for user p13x
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14608]: Successful su for rubyman by root
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14608]: + ??? root:rubyman
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354954 of user rubyman.
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14608]: pam_unix(su:session): session closed for user rubyman
May  8 19:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354954.
May  8 19:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14534]: pam_unix(cron:session): session closed for user root
May  8 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11904]: pam_unix(cron:session): session closed for user root
May  8 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Invalid user dos from 185.213.165.126
May  8 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: input_userauth_request: invalid user dos [preauth]
May  8 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Failed password for invalid user dos from 185.213.165.126 port 37664 ssh2
May  8 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Received disconnect from 185.213.165.126 port 37664:11: Bye Bye [preauth]
May  8 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14713]: Disconnected from 185.213.165.126 port 37664 [preauth]
May  8 19:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14533]: pam_unix(cron:session): session closed for user samftp
May  8 19:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13638]: pam_unix(cron:session): session closed for user root
May  8 19:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14527]: Connection closed by 27.252.144.74 port 10070 [preauth]
May  8 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14993]: pam_unix(cron:session): session closed for user p13x
May  8 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15062]: Successful su for rubyman by root
May  8 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15062]: + ??? root:rubyman
May  8 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354958 of user rubyman.
May  8 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15062]: pam_unix(su:session): session closed for user rubyman
May  8 19:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354958.
May  8 19:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12299]: pam_unix(cron:session): session closed for user root
May  8 19:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14994]: pam_unix(cron:session): session closed for user samftp
May  8 19:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Failed password for root from 101.36.108.134 port 52072 ssh2
May  8 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Received disconnect from 101.36.108.134 port 52072:11: Bye Bye [preauth]
May  8 19:11:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Disconnected from 101.36.108.134 port 52072 [preauth]
May  8 19:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14043]: pam_unix(cron:session): session closed for user root
May  8 19:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15391]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15391]: pam_unix(cron:session): session closed for user p13x
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: Successful su for rubyman by root
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: + ??? root:rubyman
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354963 of user rubyman.
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15450]: pam_unix(su:session): session closed for user rubyman
May  8 19:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354963.
May  8 19:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12725]: pam_unix(cron:session): session closed for user root
May  8 19:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15392]: pam_unix(cron:session): session closed for user samftp
May  8 19:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15661]: Did not receive identification string from 92.118.39.57
May  8 19:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Invalid user  from 104.28.249.24
May  8 19:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: input_userauth_request: invalid user  [preauth]
May  8 19:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14536]: pam_unix(cron:session): session closed for user root
May  8 19:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15670]: Connection closed by 104.28.249.24 port 42944 [preauth]
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user p13x
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15849]: Successful su for rubyman by root
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15849]: + ??? root:rubyman
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354968 of user rubyman.
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15849]: pam_unix(su:session): session closed for user rubyman
May  8 19:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354968.
May  8 19:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13133]: pam_unix(cron:session): session closed for user root
May  8 19:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user samftp
May  8 19:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14997]: pam_unix(cron:session): session closed for user root
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16174]: pam_unix(cron:session): session closed for user p13x
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16233]: Successful su for rubyman by root
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16233]: + ??? root:rubyman
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354970 of user rubyman.
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16233]: pam_unix(su:session): session closed for user rubyman
May  8 19:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354970.
May  8 19:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13637]: pam_unix(cron:session): session closed for user root
May  8 19:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16175]: pam_unix(cron:session): session closed for user samftp
May  8 19:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15395]: pam_unix(cron:session): session closed for user root
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16624]: pam_unix(cron:session): session closed for user root
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16618]: pam_unix(cron:session): session closed for user p13x
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16692]: Successful su for rubyman by root
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16692]: + ??? root:rubyman
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16692]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354974 of user rubyman.
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16692]: pam_unix(su:session): session closed for user rubyman
May  8 19:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354974.
May  8 19:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Invalid user mehdi from 185.213.165.126
May  8 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: input_userauth_request: invalid user mehdi [preauth]
May  8 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.165.126
May  8 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16621]: pam_unix(cron:session): session closed for user root
May  8 19:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14041]: pam_unix(cron:session): session closed for user root
May  8 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user mehdi from 185.213.165.126 port 52246 ssh2
May  8 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Received disconnect from 185.213.165.126 port 52246:11: Bye Bye [preauth]
May  8 19:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Disconnected from 185.213.165.126 port 52246 [preauth]
May  8 19:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16620]: pam_unix(cron:session): session closed for user samftp
May  8 19:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session closed for user root
May  8 19:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17082]: pam_unix(cron:session): session closed for user p13x
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: Successful su for rubyman by root
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: + ??? root:rubyman
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354980 of user rubyman.
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17152]: pam_unix(su:session): session closed for user rubyman
May  8 19:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354980.
May  8 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14535]: pam_unix(cron:session): session closed for user root
May  8 19:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17083]: pam_unix(cron:session): session closed for user samftp
May  8 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17367]: Bad protocol version identification '\026\003\001\001\027\001' from 128.1.46.183 port 44456
May  8 19:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16178]: pam_unix(cron:session): session closed for user root
May  8 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17369]: Did not receive identification string from 128.1.46.183
May  8 19:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17431]: Connection closed by 128.1.46.183 port 60524 [preauth]
May  8 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17433]: Protocol major versions differ for 128.1.46.183: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10 vs. SSH-1.5-Server
May  8 19:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Failed password for root from 101.36.108.134 port 40592 ssh2
May  8 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Received disconnect from 101.36.108.134 port 40592:11: Bye Bye [preauth]
May  8 19:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17434]: Disconnected from 101.36.108.134 port 40592 [preauth]
May  8 19:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Invalid user niklas from 103.226.138.58
May  8 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: input_userauth_request: invalid user niklas [preauth]
May  8 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Failed password for invalid user niklas from 103.226.138.58 port 53120 ssh2
May  8 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Received disconnect from 103.226.138.58 port 53120:11: Bye Bye [preauth]
May  8 19:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17469]: Disconnected from 103.226.138.58 port 53120 [preauth]
May  8 19:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: Invalid user system from 80.94.95.115
May  8 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: input_userauth_request: invalid user system [preauth]
May  8 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: Failed password for invalid user system from 80.94.95.115 port 58690 ssh2
May  8 19:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17484]: Connection closed by 80.94.95.115 port 58690 [preauth]
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17510]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17508]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17505]: pam_unix(cron:session): session closed for user root
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17508]: pam_unix(cron:session): session closed for user p13x
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17579]: Successful su for rubyman by root
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17579]: + ??? root:rubyman
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354984 of user rubyman.
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17579]: pam_unix(su:session): session closed for user rubyman
May  8 19:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354984.
May  8 19:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14996]: pam_unix(cron:session): session closed for user root
May  8 19:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17510]: pam_unix(cron:session): session closed for user samftp
May  8 19:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Failed password for root from 193.70.84.184 port 41232 ssh2
May  8 19:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17790]: Connection closed by 193.70.84.184 port 41232 [preauth]
May  8 19:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16623]: pam_unix(cron:session): session closed for user root
May  8 19:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Invalid user readonly from 164.68.105.9
May  8 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: input_userauth_request: invalid user readonly [preauth]
May  8 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Failed password for invalid user readonly from 164.68.105.9 port 35508 ssh2
May  8 19:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17984]: Connection closed by 164.68.105.9 port 35508 [preauth]
May  8 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18049]: pam_unix(cron:session): session closed for user p13x
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18118]: Successful su for rubyman by root
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18118]: + ??? root:rubyman
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18118]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354991 of user rubyman.
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18118]: pam_unix(su:session): session closed for user rubyman
May  8 19:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354991.
May  8 19:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15394]: pam_unix(cron:session): session closed for user root
May  8 19:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18050]: pam_unix(cron:session): session closed for user samftp
May  8 19:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17085]: pam_unix(cron:session): session closed for user root
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18462]: pam_unix(cron:session): session closed for user p13x
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18524]: Successful su for rubyman by root
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18524]: + ??? root:rubyman
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 354993 of user rubyman.
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18524]: pam_unix(su:session): session closed for user rubyman
May  8 19:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 354993.
May  8 19:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session closed for user root
May  8 19:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18463]: pam_unix(cron:session): session closed for user samftp
May  8 19:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17512]: pam_unix(cron:session): session closed for user root
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18867]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18866]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18872]: pam_unix(cron:session): session closed for user root
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18866]: pam_unix(cron:session): session closed for user p13x
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: Successful su for rubyman by root
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: + ??? root:rubyman
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355001 of user rubyman.
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18936]: pam_unix(su:session): session closed for user rubyman
May  8 19:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355001.
May  8 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18869]: pam_unix(cron:session): session closed for user root
May  8 19:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16176]: pam_unix(cron:session): session closed for user root
May  8 19:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18867]: pam_unix(cron:session): session closed for user samftp
May  8 19:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18054]: pam_unix(cron:session): session closed for user root
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19308]: pam_unix(cron:session): session closed for user p13x
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19376]: Successful su for rubyman by root
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19376]: + ??? root:rubyman
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355003 of user rubyman.
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19376]: pam_unix(su:session): session closed for user rubyman
May  8 19:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355003.
May  8 19:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16622]: pam_unix(cron:session): session closed for user root
May  8 19:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19309]: pam_unix(cron:session): session closed for user samftp
May  8 19:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Invalid user dominic from 49.64.169.153
May  8 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: input_userauth_request: invalid user dominic [preauth]
May  8 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Failed password for invalid user dominic from 49.64.169.153 port 38590 ssh2
May  8 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Received disconnect from 49.64.169.153 port 38590:11: Bye Bye [preauth]
May  8 19:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19606]: Disconnected from 49.64.169.153 port 38590 [preauth]
May  8 19:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18465]: pam_unix(cron:session): session closed for user root
May  8 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19713]: Failed password for root from 101.36.108.134 port 59132 ssh2
May  8 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19713]: Received disconnect from 101.36.108.134 port 59132:11: Bye Bye [preauth]
May  8 19:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19713]: Disconnected from 101.36.108.134 port 59132 [preauth]
May  8 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19743]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19742]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19742]: pam_unix(cron:session): session closed for user p13x
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19803]: Successful su for rubyman by root
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19803]: + ??? root:rubyman
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19803]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355007 of user rubyman.
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19803]: pam_unix(su:session): session closed for user rubyman
May  8 19:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355007.
May  8 19:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17084]: pam_unix(cron:session): session closed for user root
May  8 19:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19743]: pam_unix(cron:session): session closed for user samftp
May  8 19:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18871]: pam_unix(cron:session): session closed for user root
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20149]: pam_unix(cron:session): session closed for user p13x
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20209]: Successful su for rubyman by root
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20209]: + ??? root:rubyman
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20209]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355012 of user rubyman.
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20209]: pam_unix(su:session): session closed for user rubyman
May  8 19:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355012.
May  8 19:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17511]: pam_unix(cron:session): session closed for user root
May  8 19:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20150]: pam_unix(cron:session): session closed for user samftp
May  8 19:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19312]: pam_unix(cron:session): session closed for user root
May  8 19:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20546]: pam_unix(cron:session): session closed for user p13x
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: Successful su for rubyman by root
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: + ??? root:rubyman
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355016 of user rubyman.
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20606]: pam_unix(su:session): session closed for user rubyman
May  8 19:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355016.
May  8 19:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18051]: pam_unix(cron:session): session closed for user root
May  8 19:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20547]: pam_unix(cron:session): session closed for user samftp
May  8 19:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19745]: pam_unix(cron:session): session closed for user root
May  8 19:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8  user=root
May  8 19:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Failed password for root from 197.5.145.8 port 40047 ssh2
May  8 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Received disconnect from 197.5.145.8 port 40047:11: Bye Bye [preauth]
May  8 19:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Disconnected from 197.5.145.8 port 40047 [preauth]
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20964]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20962]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20960]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20963]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20961]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20965]: pam_unix(cron:session): session closed for user root
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20960]: pam_unix(cron:session): session closed for user p13x
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21024]: Successful su for rubyman by root
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21024]: + ??? root:rubyman
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21024]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355019 of user rubyman.
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21024]: pam_unix(su:session): session closed for user rubyman
May  8 19:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355019.
May  8 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20962]: pam_unix(cron:session): session closed for user root
May  8 19:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18464]: pam_unix(cron:session): session closed for user root
May  8 19:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20961]: pam_unix(cron:session): session closed for user samftp
May  8 19:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20152]: pam_unix(cron:session): session closed for user root
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21422]: pam_unix(cron:session): session closed for user p13x
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21493]: Successful su for rubyman by root
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21493]: + ??? root:rubyman
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21493]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355027 of user rubyman.
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21493]: pam_unix(su:session): session closed for user rubyman
May  8 19:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355027.
May  8 19:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18870]: pam_unix(cron:session): session closed for user root
May  8 19:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21423]: pam_unix(cron:session): session closed for user samftp
May  8 19:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20549]: pam_unix(cron:session): session closed for user root
May  8 19:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: Invalid user pi from 80.94.95.116
May  8 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: input_userauth_request: invalid user pi [preauth]
May  8 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: Failed password for invalid user pi from 80.94.95.116 port 20170 ssh2
May  8 19:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22084]: Connection closed by 80.94.95.116 port 20170 [preauth]
May  8 19:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22165]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22165]: pam_unix(cron:session): session closed for user p13x
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: Successful su for rubyman by root
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: + ??? root:rubyman
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355031 of user rubyman.
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22245]: pam_unix(su:session): session closed for user rubyman
May  8 19:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355031.
May  8 19:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Failed password for root from 101.36.108.134 port 56608 ssh2
May  8 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Received disconnect from 101.36.108.134 port 56608:11: Bye Bye [preauth]
May  8 19:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22162]: Disconnected from 101.36.108.134 port 56608 [preauth]
May  8 19:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19310]: pam_unix(cron:session): session closed for user root
May  8 19:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22169]: pam_unix(cron:session): session closed for user samftp
May  8 19:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Failed password for root from 49.64.169.153 port 55802 ssh2
May  8 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Received disconnect from 49.64.169.153 port 55802:11: Bye Bye [preauth]
May  8 19:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22474]: Disconnected from 49.64.169.153 port 55802 [preauth]
May  8 19:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 19:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: Failed password for root from 218.92.0.236 port 58604 ssh2
May  8 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: message repeated 2 times: [ Failed password for root from 218.92.0.236 port 58604 ssh2]
May  8 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: Received disconnect from 218.92.0.236 port 58604:11:  [preauth]
May  8 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: Disconnected from 218.92.0.236 port 58604 [preauth]
May  8 19:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22518]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 19:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20964]: pam_unix(cron:session): session closed for user root
May  8 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Invalid user myshake from 80.94.95.241
May  8 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: input_userauth_request: invalid user myshake [preauth]
May  8 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 19:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user myshake from 80.94.95.241 port 63742 ssh2
May  8 19:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user myshake from 80.94.95.241 port 63742 ssh2
May  8 19:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user myshake from 80.94.95.241 port 63742 ssh2
May  8 19:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 19:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user myshake from 80.94.95.241 port 63742 ssh2
May  8 19:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for root from 218.92.0.111 port 47336 ssh2
May  8 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Failed password for invalid user myshake from 80.94.95.241 port 63742 ssh2
May  8 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Received disconnect from 80.94.95.241 port 63742:11: Bye [preauth]
May  8 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: Disconnected from 80.94.95.241 port 63742 [preauth]
May  8 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 19:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22575]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 19:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for root from 218.92.0.111 port 47336 ssh2
May  8 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Failed password for root from 218.92.0.111 port 47336 ssh2
May  8 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Received disconnect from 218.92.0.111 port 47336:11:  [preauth]
May  8 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: Disconnected from 218.92.0.111 port 47336 [preauth]
May  8 19:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22598]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 19:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Invalid user gpadmin from 190.103.202.7
May  8 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: input_userauth_request: invalid user gpadmin [preauth]
May  8 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 19:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Failed password for invalid user gpadmin from 190.103.202.7 port 44466 ssh2
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22660]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22656]: pam_unix(cron:session): session closed for user p13x
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22642]: Connection closed by 190.103.202.7 port 44466 [preauth]
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22724]: Successful su for rubyman by root
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22724]: + ??? root:rubyman
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355033 of user rubyman.
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22724]: pam_unix(su:session): session closed for user rubyman
May  8 19:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355033.
May  8 19:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19744]: pam_unix(cron:session): session closed for user root
May  8 19:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22657]: pam_unix(cron:session): session closed for user samftp
May  8 19:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 19:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: Failed password for root from 218.92.0.111 port 42380 ssh2
May  8 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 42380 ssh2]
May  8 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: Received disconnect from 218.92.0.111 port 42380:11:  [preauth]
May  8 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: Disconnected from 218.92.0.111 port 42380 [preauth]
May  8 19:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22972]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 19:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 19:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Failed password for root from 218.92.0.111 port 48048 ssh2
May  8 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: message repeated 2 times: [ Failed password for root from 218.92.0.111 port 48048 ssh2]
May  8 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Received disconnect from 218.92.0.111 port 48048:11:  [preauth]
May  8 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: Disconnected from 218.92.0.111 port 48048 [preauth]
May  8 19:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23000]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 19:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21425]: pam_unix(cron:session): session closed for user root
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23123]: pam_unix(cron:session): session closed for user p13x
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: Successful su for rubyman by root
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: + ??? root:rubyman
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355039 of user rubyman.
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23195]: pam_unix(su:session): session closed for user rubyman
May  8 19:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355039.
May  8 19:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20151]: pam_unix(cron:session): session closed for user root
May  8 19:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23124]: pam_unix(cron:session): session closed for user samftp
May  8 19:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23249]: Connection closed by 104.28.249.24 port 33744 [preauth]
May  8 19:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22171]: pam_unix(cron:session): session closed for user root
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23634]: pam_unix(cron:session): session closed for user root
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23629]: pam_unix(cron:session): session closed for user p13x
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23699]: Successful su for rubyman by root
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23699]: + ??? root:rubyman
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355045 of user rubyman.
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23699]: pam_unix(su:session): session closed for user rubyman
May  8 19:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355045.
May  8 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23631]: pam_unix(cron:session): session closed for user root
May  8 19:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20548]: pam_unix(cron:session): session closed for user root
May  8 19:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23630]: pam_unix(cron:session): session closed for user samftp
May  8 19:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Invalid user thomas from 197.5.145.8
May  8 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: input_userauth_request: invalid user thomas [preauth]
May  8 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Failed password for invalid user thomas from 197.5.145.8 port 40048 ssh2
May  8 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Received disconnect from 197.5.145.8 port 40048:11: Bye Bye [preauth]
May  8 19:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24071]: Disconnected from 197.5.145.8 port 40048 [preauth]
May  8 19:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22660]: pam_unix(cron:session): session closed for user root
May  8 19:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Invalid user mfi from 193.70.84.184
May  8 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: input_userauth_request: invalid user mfi [preauth]
May  8 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:30:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 19:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Failed password for invalid user mfi from 193.70.84.184 port 38226 ssh2
May  8 19:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24131]: Connection closed by 193.70.84.184 port 38226 [preauth]
May  8 19:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Invalid user vishnu from 103.226.138.58
May  8 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: input_userauth_request: invalid user vishnu [preauth]
May  8 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 19:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Failed password for invalid user vishnu from 103.226.138.58 port 50044 ssh2
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Invalid user mike from 85.208.84.134
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: input_userauth_request: invalid user mike [preauth]
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Received disconnect from 103.226.138.58 port 50044:11: Bye Bye [preauth]
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24165]: Disconnected from 103.226.138.58 port 50044 [preauth]
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 19:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Failed password for invalid user mike from 85.208.84.134 port 47376 ssh2
May  8 19:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24177]: Connection closed by 85.208.84.134 port 47376 [preauth]
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24193]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24193]: pam_unix(cron:session): session closed for user p13x
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24190]: Connection closed by 104.28.249.24 port 33644 [preauth]
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: Successful su for rubyman by root
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: + ??? root:rubyman
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355047 of user rubyman.
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24283]: pam_unix(su:session): session closed for user rubyman
May  8 19:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355047.
May  8 19:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20963]: pam_unix(cron:session): session closed for user root
May  8 19:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24195]: pam_unix(cron:session): session closed for user samftp
May  8 19:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 19:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23127]: pam_unix(cron:session): session closed for user root
May  8 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Failed password for root from 178.159.213.128 port 1908 ssh2
May  8 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Received disconnect from 178.159.213.128 port 1908:11: Bye Bye [preauth]
May  8 19:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24556]: Disconnected from 178.159.213.128 port 1908 [preauth]
May  8 19:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Invalid user laravel from 115.190.111.193
May  8 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: input_userauth_request: invalid user laravel [preauth]
May  8 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Failed password for invalid user laravel from 115.190.111.193 port 40340 ssh2
May  8 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Received disconnect from 115.190.111.193 port 40340:11: Bye Bye [preauth]
May  8 19:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24601]: Disconnected from 115.190.111.193 port 40340 [preauth]
May  8 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24656]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24655]: pam_unix(cron:session): session closed for user p13x
May  8 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: Successful su for rubyman by root
May  8 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: + ??? root:rubyman
May  8 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355052 of user rubyman.
May  8 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24722]: pam_unix(su:session): session closed for user rubyman
May  8 19:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355052.
May  8 19:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21424]: pam_unix(cron:session): session closed for user root
May  8 19:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: Invalid user git from 101.36.108.134
May  8 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: input_userauth_request: invalid user git [preauth]
May  8 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 19:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24656]: pam_unix(cron:session): session closed for user samftp
May  8 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: Failed password for invalid user git from 101.36.108.134 port 44472 ssh2
May  8 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: Received disconnect from 101.36.108.134 port 44472:11: Bye Bye [preauth]
May  8 19:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24888]: Disconnected from 101.36.108.134 port 44472 [preauth]
May  8 19:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23633]: pam_unix(cron:session): session closed for user root
May  8 19:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Invalid user roo from 49.64.169.153
May  8 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: input_userauth_request: invalid user roo [preauth]
May  8 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Failed password for invalid user roo from 49.64.169.153 port 44785 ssh2
May  8 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Received disconnect from 49.64.169.153 port 44785:11: Bye Bye [preauth]
May  8 19:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25019]: Disconnected from 49.64.169.153 port 44785 [preauth]
May  8 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25071]: pam_unix(cron:session): session closed for user p13x
May  8 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25131]: Successful su for rubyman by root
May  8 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25131]: + ??? root:rubyman
May  8 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355055 of user rubyman.
May  8 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25131]: pam_unix(su:session): session closed for user rubyman
May  8 19:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355055.
May  8 19:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22170]: pam_unix(cron:session): session closed for user root
May  8 19:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25072]: pam_unix(cron:session): session closed for user samftp
May  8 19:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193  user=root
May  8 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Failed password for root from 115.190.111.193 port 39206 ssh2
May  8 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Received disconnect from 115.190.111.193 port 39206:11: Bye Bye [preauth]
May  8 19:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25373]: Disconnected from 115.190.111.193 port 39206 [preauth]
May  8 19:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24197]: pam_unix(cron:session): session closed for user root
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25481]: pam_unix(cron:session): session closed for user p13x
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: Successful su for rubyman by root
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: + ??? root:rubyman
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355061 of user rubyman.
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25552]: pam_unix(su:session): session closed for user rubyman
May  8 19:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355061.
May  8 19:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22658]: pam_unix(cron:session): session closed for user root
May  8 19:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25482]: pam_unix(cron:session): session closed for user samftp
May  8 19:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24658]: pam_unix(cron:session): session closed for user root
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25988]: pam_unix(cron:session): session closed for user root
May  8 19:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25983]: pam_unix(cron:session): session closed for user p13x
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: Successful su for rubyman by root
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: + ??? root:rubyman
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355066 of user rubyman.
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26057]: pam_unix(su:session): session closed for user rubyman
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355066.
May  8 19:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Invalid user dev from 115.190.111.193
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: input_userauth_request: invalid user dev [preauth]
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Invalid user rootadmin from 197.5.145.8
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: input_userauth_request: invalid user rootadmin [preauth]
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25985]: pam_unix(cron:session): session closed for user root
May  8 19:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23125]: pam_unix(cron:session): session closed for user root
May  8 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Failed password for invalid user dev from 115.190.111.193 port 48328 ssh2
May  8 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Received disconnect from 115.190.111.193 port 48328:11: Bye Bye [preauth]
May  8 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26055]: Disconnected from 115.190.111.193 port 48328 [preauth]
May  8 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Failed password for invalid user rootadmin from 197.5.145.8 port 40049 ssh2
May  8 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Received disconnect from 197.5.145.8 port 40049:11: Bye Bye [preauth]
May  8 19:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26079]: Disconnected from 197.5.145.8 port 40049 [preauth]
May  8 19:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25984]: pam_unix(cron:session): session closed for user samftp
May  8 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: User bin from 50.235.31.47 not allowed because not listed in AllowUsers
May  8 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: input_userauth_request: invalid user bin [preauth]
May  8 19:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=bin
May  8 19:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Failed password for invalid user bin from 50.235.31.47 port 40640 ssh2
May  8 19:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26289]: Connection closed by 50.235.31.47 port 40640 [preauth]
May  8 19:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25074]: pam_unix(cron:session): session closed for user root
May  8 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26416]: pam_unix(cron:session): session closed for user p13x
May  8 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26568]: Successful su for rubyman by root
May  8 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26568]: + ??? root:rubyman
May  8 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355071 of user rubyman.
May  8 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26568]: pam_unix(su:session): session closed for user rubyman
May  8 19:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355071.
May  8 19:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23632]: pam_unix(cron:session): session closed for user root
May  8 19:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26417]: pam_unix(cron:session): session closed for user samftp
May  8 19:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25484]: pam_unix(cron:session): session closed for user root
May  8 19:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Invalid user gast from 115.190.111.193
May  8 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: input_userauth_request: invalid user gast [preauth]
May  8 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Failed password for invalid user gast from 115.190.111.193 port 43406 ssh2
May  8 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Received disconnect from 115.190.111.193 port 43406:11: Bye Bye [preauth]
May  8 19:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26846]: Disconnected from 115.190.111.193 port 43406 [preauth]
May  8 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26916]: pam_unix(cron:session): session closed for user p13x
May  8 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27010]: Successful su for rubyman by root
May  8 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27010]: + ??? root:rubyman
May  8 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355074 of user rubyman.
May  8 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27010]: pam_unix(su:session): session closed for user rubyman
May  8 19:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355074.
May  8 19:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24196]: pam_unix(cron:session): session closed for user root
May  8 19:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26917]: pam_unix(cron:session): session closed for user samftp
May  8 19:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Invalid user user from 101.36.108.134
May  8 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: input_userauth_request: invalid user user [preauth]
May  8 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Failed password for invalid user user from 101.36.108.134 port 32810 ssh2
May  8 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Received disconnect from 101.36.108.134 port 32810:11: Bye Bye [preauth]
May  8 19:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27253]: Disconnected from 101.36.108.134 port 32810 [preauth]
May  8 19:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 19:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Failed password for root from 218.92.0.230 port 37860 ssh2
May  8 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: message repeated 2 times: [ Failed password for root from 218.92.0.230 port 37860 ssh2]
May  8 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Received disconnect from 218.92.0.230 port 37860:11:  [preauth]
May  8 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: Disconnected from 218.92.0.230 port 37860 [preauth]
May  8 19:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27278]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 19:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Invalid user link from 103.226.138.58
May  8 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: input_userauth_request: invalid user link [preauth]
May  8 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25987]: pam_unix(cron:session): session closed for user root
May  8 19:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Failed password for invalid user link from 103.226.138.58 port 54600 ssh2
May  8 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Received disconnect from 103.226.138.58 port 54600:11: Bye Bye [preauth]
May  8 19:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27314]: Disconnected from 103.226.138.58 port 54600 [preauth]
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27428]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27425]: pam_unix(cron:session): session closed for user p13x
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: Successful su for rubyman by root
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: + ??? root:rubyman
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355077 of user rubyman.
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27510]: pam_unix(su:session): session closed for user rubyman
May  8 19:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355077.
May  8 19:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24657]: pam_unix(cron:session): session closed for user root
May  8 19:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27428]: pam_unix(cron:session): session closed for user samftp
May  8 19:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26757]: Connection reset by 218.92.0.237 port 30744 [preauth]
May  8 19:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:38:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Invalid user user from 115.190.111.193
May  8 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: input_userauth_request: invalid user user [preauth]
May  8 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Invalid user user from 80.94.95.116
May  8 19:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: input_userauth_request: invalid user user [preauth]
May  8 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Failed password for invalid user user from 115.190.111.193 port 43764 ssh2
May  8 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Received disconnect from 115.190.111.193 port 43764:11: Bye Bye [preauth]
May  8 19:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27722]: Disconnected from 115.190.111.193 port 43764 [preauth]
May  8 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27724]: Failed password for root from 49.64.169.153 port 33793 ssh2
May  8 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27724]: Received disconnect from 49.64.169.153 port 33793:11: Bye Bye [preauth]
May  8 19:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27724]: Disconnected from 49.64.169.153 port 33793 [preauth]
May  8 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Failed password for invalid user user from 80.94.95.116 port 31212 ssh2
May  8 19:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27720]: Connection closed by 80.94.95.116 port 31212 [preauth]
May  8 19:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Invalid user admin from 80.94.95.112
May  8 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: input_userauth_request: invalid user admin [preauth]
May  8 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for invalid user admin from 80.94.95.112 port 21194 ssh2
May  8 19:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for invalid user admin from 80.94.95.112 port 21194 ssh2
May  8 19:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for invalid user admin from 80.94.95.112 port 21194 ssh2
May  8 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26431]: pam_unix(cron:session): session closed for user root
May  8 19:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for invalid user admin from 80.94.95.112 port 21194 ssh2
May  8 19:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Failed password for invalid user admin from 80.94.95.112 port 21194 ssh2
May  8 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Received disconnect from 80.94.95.112 port 21194:11: Bye [preauth]
May  8 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: Disconnected from 80.94.95.112 port 21194 [preauth]
May  8 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 19:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27778]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27883]: pam_unix(cron:session): session closed for user p13x
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28009]: Successful su for rubyman by root
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28009]: + ??? root:rubyman
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355084 of user rubyman.
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28009]: pam_unix(su:session): session closed for user rubyman
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355084.
May  8 19:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27881]: pam_unix(cron:session): session closed for user root
May  8 19:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25073]: pam_unix(cron:session): session closed for user root
May  8 19:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27884]: pam_unix(cron:session): session closed for user samftp
May  8 19:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26919]: pam_unix(cron:session): session closed for user root
May  8 19:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Invalid user valeriy from 197.5.145.8
May  8 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: input_userauth_request: invalid user valeriy [preauth]
May  8 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Failed password for invalid user valeriy from 197.5.145.8 port 40050 ssh2
May  8 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Received disconnect from 197.5.145.8 port 40050:11: Bye Bye [preauth]
May  8 19:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Disconnected from 197.5.145.8 port 40050 [preauth]
May  8 19:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Invalid user kafka from 115.190.111.193
May  8 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: input_userauth_request: invalid user kafka [preauth]
May  8 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Failed password for invalid user kafka from 115.190.111.193 port 32960 ssh2
May  8 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Received disconnect from 115.190.111.193 port 32960:11: Bye Bye [preauth]
May  8 19:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28350]: Disconnected from 115.190.111.193 port 32960 [preauth]
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28391]: pam_unix(cron:session): session closed for user root
May  8 19:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28386]: pam_unix(cron:session): session closed for user p13x
May  8 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28456]: Successful su for rubyman by root
May  8 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28456]: + ??? root:rubyman
May  8 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355091 of user rubyman.
May  8 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28456]: pam_unix(su:session): session closed for user rubyman
May  8 19:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355091.
May  8 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28388]: pam_unix(cron:session): session closed for user root
May  8 19:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25483]: pam_unix(cron:session): session closed for user root
May  8 19:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28387]: pam_unix(cron:session): session closed for user samftp
May  8 19:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Invalid user loginuser from 178.159.213.128
May  8 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: input_userauth_request: invalid user loginuser [preauth]
May  8 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Failed password for invalid user loginuser from 178.159.213.128 port 2646 ssh2
May  8 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Received disconnect from 178.159.213.128 port 2646:11: Bye Bye [preauth]
May  8 19:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28705]: Disconnected from 178.159.213.128 port 2646 [preauth]
May  8 19:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27430]: pam_unix(cron:session): session closed for user root
May  8 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28817]: pam_unix(cron:session): session closed for user p13x
May  8 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: Successful su for rubyman by root
May  8 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: + ??? root:rubyman
May  8 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355092 of user rubyman.
May  8 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28887]: pam_unix(su:session): session closed for user rubyman
May  8 19:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355092.
May  8 19:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25986]: pam_unix(cron:session): session closed for user root
May  8 19:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28818]: pam_unix(cron:session): session closed for user samftp
May  8 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Invalid user dq from 115.190.111.193
May  8 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: input_userauth_request: invalid user dq [preauth]
May  8 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Failed password for invalid user dq from 115.190.111.193 port 52748 ssh2
May  8 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Received disconnect from 115.190.111.193 port 52748:11: Bye Bye [preauth]
May  8 19:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29211]: Disconnected from 115.190.111.193 port 52748 [preauth]
May  8 19:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27886]: pam_unix(cron:session): session closed for user root
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29331]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29330]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29329]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29329]: pam_unix(cron:session): session closed for user p13x
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29394]: Successful su for rubyman by root
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29394]: + ??? root:rubyman
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355096 of user rubyman.
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29394]: pam_unix(su:session): session closed for user rubyman
May  8 19:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355096.
May  8 19:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26430]: pam_unix(cron:session): session closed for user root
May  8 19:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29330]: pam_unix(cron:session): session closed for user samftp
May  8 19:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Failed password for root from 101.36.108.134 port 41980 ssh2
May  8 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Received disconnect from 101.36.108.134 port 41980:11: Bye Bye [preauth]
May  8 19:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29616]: Disconnected from 101.36.108.134 port 41980 [preauth]
May  8 19:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28390]: pam_unix(cron:session): session closed for user root
May  8 19:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:42:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193  user=root
May  8 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: Failed password for root from 115.190.111.193 port 45222 ssh2
May  8 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: Received disconnect from 115.190.111.193 port 45222:11: Bye Bye [preauth]
May  8 19:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29735]: Disconnected from 115.190.111.193 port 45222 [preauth]
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29743]: pam_unix(cron:session): session closed for user p13x
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29808]: Successful su for rubyman by root
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29808]: + ??? root:rubyman
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355100 of user rubyman.
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29808]: pam_unix(su:session): session closed for user rubyman
May  8 19:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355100.
May  8 19:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26918]: pam_unix(cron:session): session closed for user root
May  8 19:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29744]: pam_unix(cron:session): session closed for user samftp
May  8 19:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28820]: pam_unix(cron:session): session closed for user root
May  8 19:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Failed password for root from 49.64.169.153 port 51029 ssh2
May  8 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Received disconnect from 49.64.169.153 port 51029:11: Bye Bye [preauth]
May  8 19:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30122]: Disconnected from 49.64.169.153 port 51029 [preauth]
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30152]: pam_unix(cron:session): session closed for user p13x
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: Successful su for rubyman by root
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: + ??? root:rubyman
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355106 of user rubyman.
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30211]: pam_unix(su:session): session closed for user rubyman
May  8 19:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355106.
May  8 19:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Invalid user link from 197.5.145.8
May  8 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: input_userauth_request: invalid user link [preauth]
May  8 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27429]: pam_unix(cron:session): session closed for user root
May  8 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Failed password for invalid user link from 197.5.145.8 port 40051 ssh2
May  8 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Received disconnect from 197.5.145.8 port 40051:11: Bye Bye [preauth]
May  8 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30279]: Disconnected from 197.5.145.8 port 40051 [preauth]
May  8 19:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30153]: pam_unix(cron:session): session closed for user samftp
May  8 19:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29332]: pam_unix(cron:session): session closed for user root
May  8 19:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Invalid user paco from 115.190.111.193
May  8 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: input_userauth_request: invalid user paco [preauth]
May  8 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Failed password for invalid user paco from 115.190.111.193 port 36204 ssh2
May  8 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Received disconnect from 115.190.111.193 port 36204:11: Bye Bye [preauth]
May  8 19:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30489]: Disconnected from 115.190.111.193 port 36204 [preauth]
May  8 19:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Invalid user erpadmin from 103.226.138.58
May  8 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: input_userauth_request: invalid user erpadmin [preauth]
May  8 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 19:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Failed password for invalid user erpadmin from 103.226.138.58 port 34862 ssh2
May  8 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Received disconnect from 103.226.138.58 port 34862:11: Bye Bye [preauth]
May  8 19:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30501]: Disconnected from 103.226.138.58 port 34862 [preauth]
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30555]: pam_unix(cron:session): session closed for user root
May  8 19:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30550]: pam_unix(cron:session): session closed for user p13x
May  8 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: Successful su for rubyman by root
May  8 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: + ??? root:rubyman
May  8 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355112 of user rubyman.
May  8 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30617]: pam_unix(su:session): session closed for user rubyman
May  8 19:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355112.
May  8 19:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30552]: pam_unix(cron:session): session closed for user root
May  8 19:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27885]: pam_unix(cron:session): session closed for user root
May  8 19:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30551]: pam_unix(cron:session): session closed for user samftp
May  8 19:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 19:45:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Failed password for root from 178.159.213.128 port 3272 ssh2
May  8 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Received disconnect from 178.159.213.128 port 3272:11: Bye Bye [preauth]
May  8 19:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Disconnected from 178.159.213.128 port 3272 [preauth]
May  8 19:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29747]: pam_unix(cron:session): session closed for user root
May  8 19:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.220  user=root
May  8 19:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30928]: Failed password for root from 218.92.0.220 port 54144 ssh2
May  8 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31060]: pam_unix(cron:session): session closed for user p13x
May  8 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: Successful su for rubyman by root
May  8 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: + ??? root:rubyman
May  8 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355115 of user rubyman.
May  8 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31142]: pam_unix(su:session): session closed for user rubyman
May  8 19:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355115.
May  8 19:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28389]: pam_unix(cron:session): session closed for user root
May  8 19:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31067]: pam_unix(cron:session): session closed for user samftp
May  8 19:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Failed password for root from 43.153.195.114 port 52142 ssh2
May  8 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Received disconnect from 43.153.195.114 port 52142:11: Bye Bye [preauth]
May  8 19:46:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31334]: Disconnected from 43.153.195.114 port 52142 [preauth]
May  8 19:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: User lp from 115.190.111.193 not allowed because not listed in AllowUsers
May  8 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: input_userauth_request: invalid user lp [preauth]
May  8 19:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193  user=lp
May  8 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Failed password for invalid user lp from 115.190.111.193 port 55014 ssh2
May  8 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Received disconnect from 115.190.111.193 port 55014:11: Bye Bye [preauth]
May  8 19:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31369]: Disconnected from 115.190.111.193 port 55014 [preauth]
May  8 19:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30155]: pam_unix(cron:session): session closed for user root
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31489]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31488]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31487]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31487]: pam_unix(cron:session): session closed for user p13x
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31552]: Successful su for rubyman by root
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31552]: + ??? root:rubyman
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355118 of user rubyman.
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31552]: pam_unix(su:session): session closed for user rubyman
May  8 19:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355118.
May  8 19:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28819]: pam_unix(cron:session): session closed for user root
May  8 19:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31488]: pam_unix(cron:session): session closed for user samftp
May  8 19:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 19:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Failed password for root from 218.92.0.198 port 42408 ssh2
May  8 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 42408 ssh2]
May  8 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Received disconnect from 218.92.0.198 port 42408:11:  [preauth]
May  8 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: Disconnected from 218.92.0.198 port 42408 [preauth]
May  8 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31736]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 19:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 19:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Failed password for root from 218.92.0.198 port 55934 ssh2
May  8 19:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Failed password for root from 218.92.0.198 port 55934 ssh2
May  8 19:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Failed password for root from 218.92.0.198 port 55934 ssh2
May  8 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Received disconnect from 218.92.0.198 port 55934:11:  [preauth]
May  8 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: Disconnected from 218.92.0.198 port 55934 [preauth]
May  8 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31798]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 19:47:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Failed password for root from 218.92.0.230 port 58228 ssh2
May  8 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 19:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Failed password for root from 218.92.0.198 port 52214 ssh2
May  8 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Failed password for root from 218.92.0.230 port 58228 ssh2
May  8 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Failed password for root from 101.36.108.134 port 42706 ssh2
May  8 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Received disconnect from 101.36.108.134 port 42706:11: Bye Bye [preauth]
May  8 19:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31824]: Disconnected from 101.36.108.134 port 42706 [preauth]
May  8 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Failed password for root from 218.92.0.198 port 52214 ssh2
May  8 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Failed password for root from 218.92.0.230 port 58228 ssh2
May  8 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Received disconnect from 218.92.0.230 port 58228:11:  [preauth]
May  8 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: Disconnected from 218.92.0.230 port 58228 [preauth]
May  8 19:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31808]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.230  user=root
May  8 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Failed password for root from 218.92.0.198 port 52214 ssh2
May  8 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Received disconnect from 218.92.0.198 port 52214:11:  [preauth]
May  8 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: Disconnected from 218.92.0.198 port 52214 [preauth]
May  8 19:47:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31812]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 19:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30554]: pam_unix(cron:session): session closed for user root
May  8 19:47:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Invalid user mc from 115.190.111.193
May  8 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: input_userauth_request: invalid user mc [preauth]
May  8 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:47:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Failed password for invalid user mc from 115.190.111.193 port 56806 ssh2
May  8 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Received disconnect from 115.190.111.193 port 56806:11: Bye Bye [preauth]
May  8 19:47:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31943]: Disconnected from 115.190.111.193 port 56806 [preauth]
May  8 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32032]: pam_unix(cron:session): session closed for user p13x
May  8 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: Successful su for rubyman by root
May  8 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: + ??? root:rubyman
May  8 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355122 of user rubyman.
May  8 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32239]: pam_unix(su:session): session closed for user rubyman
May  8 19:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355122.
May  8 19:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29331]: pam_unix(cron:session): session closed for user root
May  8 19:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32033]: pam_unix(cron:session): session closed for user samftp
May  8 19:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Invalid user user1 from 197.5.145.8
May  8 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: input_userauth_request: invalid user user1 [preauth]
May  8 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for invalid user user1 from 197.5.145.8 port 40052 ssh2
May  8 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Received disconnect from 197.5.145.8 port 40052:11: Bye Bye [preauth]
May  8 19:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Disconnected from 197.5.145.8 port 40052 [preauth]
May  8 19:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31073]: pam_unix(cron:session): session closed for user root
May  8 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32756]: pam_unix(cron:session): session closed for user p13x
May  8 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[374]: Successful su for rubyman by root
May  8 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[374]: + ??? root:rubyman
May  8 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355127 of user rubyman.
May  8 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[374]: pam_unix(su:session): session closed for user rubyman
May  8 19:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355127.
May  8 19:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29745]: pam_unix(cron:session): session closed for user root
May  8 19:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user samftp
May  8 19:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31490]: pam_unix(cron:session): session closed for user root
May  8 19:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Invalid user marco from 115.190.111.193
May  8 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: input_userauth_request: invalid user marco [preauth]
May  8 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:49:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Failed password for invalid user marco from 115.190.111.193 port 57534 ssh2
May  8 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Received disconnect from 115.190.111.193 port 57534:11: Bye Bye [preauth]
May  8 19:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[729]: Disconnected from 115.190.111.193 port 57534 [preauth]
May  8 19:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254  user=root
May  8 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: Failed password for root from 124.198.59.254 port 43378 ssh2
May  8 19:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[742]: Connection closed by 124.198.59.254 port 43378 [preauth]
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[807]: pam_unix(cron:session): session closed for user root
May  8 19:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[802]: pam_unix(cron:session): session closed for user p13x
May  8 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[879]: Successful su for rubyman by root
May  8 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[879]: + ??? root:rubyman
May  8 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[879]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355134 of user rubyman.
May  8 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[879]: pam_unix(su:session): session closed for user rubyman
May  8 19:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355134.
May  8 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[804]: pam_unix(cron:session): session closed for user root
May  8 19:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30154]: pam_unix(cron:session): session closed for user root
May  8 19:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[803]: pam_unix(cron:session): session closed for user samftp
May  8 19:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  8 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Failed password for root from 80.94.95.116 port 44590 ssh2
May  8 19:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1117]: Connection closed by 80.94.95.116 port 44590 [preauth]
May  8 19:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Failed password for root from 178.159.213.128 port 2884 ssh2
May  8 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Received disconnect from 178.159.213.128 port 2884:11: Bye Bye [preauth]
May  8 19:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1186]: Disconnected from 178.159.213.128 port 2884 [preauth]
May  8 19:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32035]: pam_unix(cron:session): session closed for user root
May  8 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1326]: pam_unix(cron:session): session closed for user p13x
May  8 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1397]: Successful su for rubyman by root
May  8 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1397]: + ??? root:rubyman
May  8 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355138 of user rubyman.
May  8 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1397]: pam_unix(su:session): session closed for user rubyman
May  8 19:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355138.
May  8 19:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30553]: pam_unix(cron:session): session closed for user root
May  8 19:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session closed for user samftp
May  8 19:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Invalid user student08 from 115.190.111.193
May  8 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: input_userauth_request: invalid user student08 [preauth]
May  8 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Invalid user lch from 103.226.138.58
May  8 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: input_userauth_request: invalid user lch [preauth]
May  8 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Failed password for invalid user student08 from 115.190.111.193 port 58940 ssh2
May  8 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Received disconnect from 115.190.111.193 port 58940:11: Bye Bye [preauth]
May  8 19:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1658]: Disconnected from 115.190.111.193 port 58940 [preauth]
May  8 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Failed password for invalid user lch from 103.226.138.58 port 36492 ssh2
May  8 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Received disconnect from 103.226.138.58 port 36492:11: Bye Bye [preauth]
May  8 19:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1661]: Disconnected from 103.226.138.58 port 36492 [preauth]
May  8 19:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session closed for user root
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1812]: pam_unix(cron:session): session closed for user p13x
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: Successful su for rubyman by root
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: + ??? root:rubyman
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355140 of user rubyman.
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1880]: pam_unix(su:session): session closed for user rubyman
May  8 19:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355140.
May  8 19:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31072]: pam_unix(cron:session): session closed for user root
May  8 19:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1813]: pam_unix(cron:session): session closed for user samftp
May  8 19:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[806]: pam_unix(cron:session): session closed for user root
May  8 19:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:52:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 19:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Failed password for root from 101.36.108.134 port 60944 ssh2
May  8 19:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Received disconnect from 101.36.108.134 port 60944:11: Bye Bye [preauth]
May  8 19:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2249]: Disconnected from 101.36.108.134 port 60944 [preauth]
May  8 19:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Invalid user minecraft from 115.190.111.193
May  8 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: input_userauth_request: invalid user minecraft [preauth]
May  8 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for invalid user minecraft from 115.190.111.193 port 54228 ssh2
May  8 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Received disconnect from 115.190.111.193 port 54228:11: Bye Bye [preauth]
May  8 19:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Disconnected from 115.190.111.193 port 54228 [preauth]
May  8 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2310]: pam_unix(cron:session): session closed for user p13x
May  8 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2382]: Successful su for rubyman by root
May  8 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2382]: + ??? root:rubyman
May  8 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2382]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355144 of user rubyman.
May  8 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2382]: pam_unix(su:session): session closed for user rubyman
May  8 19:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355144.
May  8 19:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31489]: pam_unix(cron:session): session closed for user root
May  8 19:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2312]: pam_unix(cron:session): session closed for user samftp
May  8 19:53:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: Invalid user eddy from 197.5.145.8
May  8 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: input_userauth_request: invalid user eddy [preauth]
May  8 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: Failed password for invalid user eddy from 197.5.145.8 port 40053 ssh2
May  8 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: Received disconnect from 197.5.145.8 port 40053:11: Bye Bye [preauth]
May  8 19:53:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2599]: Disconnected from 197.5.145.8 port 40053 [preauth]
May  8 19:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session closed for user root
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2764]: pam_unix(cron:session): session closed for user p13x
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2828]: Successful su for rubyman by root
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2828]: + ??? root:rubyman
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355150 of user rubyman.
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2828]: pam_unix(su:session): session closed for user rubyman
May  8 19:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355150.
May  8 19:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32034]: pam_unix(cron:session): session closed for user root
May  8 19:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2765]: pam_unix(cron:session): session closed for user samftp
May  8 19:54:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:54:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Failed password for root from 43.153.195.114 port 39092 ssh2
May  8 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Received disconnect from 43.153.195.114 port 39092:11: Bye Bye [preauth]
May  8 19:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3057]: Disconnected from 43.153.195.114 port 39092 [preauth]
May  8 19:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: Invalid user postgres from 115.190.111.193
May  8 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: input_userauth_request: invalid user postgres [preauth]
May  8 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193
May  8 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: Failed password for invalid user postgres from 115.190.111.193 port 34902 ssh2
May  8 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: Received disconnect from 115.190.111.193 port 34902:11: Bye Bye [preauth]
May  8 19:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3088]: Disconnected from 115.190.111.193 port 34902 [preauth]
May  8 19:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1815]: pam_unix(cron:session): session closed for user root
May  8 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3131]: Did not receive identification string from 172.105.83.23
May  8 19:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:54:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Failed password for root from 172.105.83.23 port 41412 ssh2
May  8 19:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3132]: Connection closed by 172.105.83.23 port 41412 [preauth]
May  8 19:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:54:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Failed password for root from 172.105.83.23 port 41422 ssh2
May  8 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3156]: Connection closed by 172.105.83.23 port 41422 [preauth]
May  8 19:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 19:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Failed password for root from 218.92.0.217 port 38654 ssh2
May  8 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 38654 ssh2]
May  8 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Received disconnect from 218.92.0.217 port 38654:11:  [preauth]
May  8 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: Disconnected from 218.92.0.217 port 38654 [preauth]
May  8 19:54:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3167]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user root
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3189]: pam_unix(cron:session): session closed for user p13x
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: Successful su for rubyman by root
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: + ??? root:rubyman
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355152 of user rubyman.
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3262]: pam_unix(su:session): session closed for user rubyman
May  8 19:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355152.
May  8 19:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3192]: pam_unix(cron:session): session closed for user root
May  8 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session closed for user root
May  8 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: Failed password for root from 172.105.83.23 port 44560 ssh2
May  8 19:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3318]: Connection closed by 172.105.83.23 port 44560 [preauth]
May  8 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3190]: pam_unix(cron:session): session closed for user samftp
May  8 19:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Failed password for root from 178.159.213.128 port 2445 ssh2
May  8 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Received disconnect from 178.159.213.128 port 2445:11: Bye Bye [preauth]
May  8 19:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3497]: Disconnected from 178.159.213.128 port 2445 [preauth]
May  8 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Failed password for root from 172.105.83.23 port 58764 ssh2
May  8 19:55:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3538]: Connection closed by 172.105.83.23 port 58764 [preauth]
May  8 19:55:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2314]: pam_unix(cron:session): session closed for user root
May  8 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Failed password for root from 172.105.83.23 port 46630 ssh2
May  8 19:55:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Connection closed by 172.105.83.23 port 46630 [preauth]
May  8 19:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:55:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Failed password for root from 172.105.83.23 port 36966 ssh2
May  8 19:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3641]: Connection closed by 172.105.83.23 port 36966 [preauth]
May  8 19:55:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 19:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 218.92.0.229 port 43058 ssh2
May  8 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Failed password for root from 172.105.83.23 port 60986 ssh2
May  8 19:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3676]: Connection closed by 172.105.83.23 port 60986 [preauth]
May  8 19:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 218.92.0.229 port 43058 ssh2
May  8 19:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for root from 218.92.0.229 port 43058 ssh2
May  8 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Received disconnect from 218.92.0.229 port 43058:11:  [preauth]
May  8 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Disconnected from 218.92.0.229 port 43058 [preauth]
May  8 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 19:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3686]: Failed password for root from 172.105.83.23 port 60996 ssh2
May  8 19:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3686]: Connection closed by 172.105.83.23 port 60996 [preauth]
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3690]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3700]: pam_unix(cron:session): session closed for user p13x
May  8 19:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193  user=root
May  8 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3768]: Successful su for rubyman by root
May  8 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3768]: + ??? root:rubyman
May  8 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3768]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355160 of user rubyman.
May  8 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3768]: pam_unix(su:session): session closed for user rubyman
May  8 19:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355160.
May  8 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3690]: Failed password for root from 115.190.111.193 port 42168 ssh2
May  8 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3690]: Received disconnect from 115.190.111.193 port 42168:11: Bye Bye [preauth]
May  8 19:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3690]: Disconnected from 115.190.111.193 port 42168 [preauth]
May  8 19:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[805]: pam_unix(cron:session): session closed for user root
May  8 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3701]: pam_unix(cron:session): session closed for user samftp
May  8 19:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Failed password for root from 172.105.83.23 port 36554 ssh2
May  8 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Connection closed by 172.105.83.23 port 36554 [preauth]
May  8 19:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3993]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Failed password for root from 172.105.83.23 port 53814 ssh2
May  8 19:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3990]: Connection closed by 172.105.83.23 port 53814 [preauth]
May  8 19:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 19:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Failed password for root from 218.92.0.229 port 45324 ssh2
May  8 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 45324 ssh2]
May  8 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Received disconnect from 218.92.0.229 port 45324:11:  [preauth]
May  8 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: Disconnected from 218.92.0.229 port 45324 [preauth]
May  8 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4026]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: Failed password for root from 172.105.83.23 port 57976 ssh2
May  8 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2767]: pam_unix(cron:session): session closed for user root
May  8 19:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4060]: Connection closed by 172.105.83.23 port 57976 [preauth]
May  8 19:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Failed password for root from 172.105.83.23 port 57982 ssh2
May  8 19:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4092]: Connection closed by 172.105.83.23 port 57982 [preauth]
May  8 19:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.105.83.23  user=root
May  8 19:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Failed password for root from 172.105.83.23 port 36176 ssh2
May  8 19:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4095]: Connection closed by 172.105.83.23 port 36176 [preauth]
May  8 19:56:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:56:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 19:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Failed password for root from 218.92.0.229 port 54884 ssh2
May  8 19:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Failed password for root from 218.92.0.229 port 54884 ssh2
May  8 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4160]: pam_unix(cron:session): session closed for user p13x
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Failed password for root from 218.92.0.229 port 54884 ssh2
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: Successful su for rubyman by root
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: + ??? root:rubyman
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355163 of user rubyman.
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4221]: pam_unix(su:session): session closed for user rubyman
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355163.
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Received disconnect from 218.92.0.229 port 54884:11:  [preauth]
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: Disconnected from 218.92.0.229 port 54884 [preauth]
May  8 19:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4141]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 19:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session closed for user root
May  8 19:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4161]: pam_unix(cron:session): session closed for user samftp
May  8 19:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3194]: pam_unix(cron:session): session closed for user root
May  8 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:57:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.111.193  user=root
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Invalid user sneha from 197.5.145.8
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: input_userauth_request: invalid user sneha [preauth]
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Invalid user blog from 103.226.138.58
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: input_userauth_request: invalid user blog [preauth]
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Failed password for root from 115.190.111.193 port 54434 ssh2
May  8 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Received disconnect from 115.190.111.193 port 54434:11: Bye Bye [preauth]
May  8 19:57:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4676]: Disconnected from 115.190.111.193 port 54434 [preauth]
May  8 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for invalid user sneha from 197.5.145.8 port 40054 ssh2
May  8 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Received disconnect from 197.5.145.8 port 40054:11: Bye Bye [preauth]
May  8 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Disconnected from 197.5.145.8 port 40054 [preauth]
May  8 19:57:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Failed password for invalid user blog from 103.226.138.58 port 52966 ssh2
May  8 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Received disconnect from 103.226.138.58 port 52966:11: Bye Bye [preauth]
May  8 19:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4674]: Disconnected from 103.226.138.58 port 52966 [preauth]
May  8 19:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Invalid user ubuntu from 49.64.169.153
May  8 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: input_userauth_request: invalid user ubuntu [preauth]
May  8 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Failed password for invalid user ubuntu from 49.64.169.153 port 57167 ssh2
May  8 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Received disconnect from 49.64.169.153 port 57167:11: Bye Bye [preauth]
May  8 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4722]: Disconnected from 49.64.169.153 port 57167 [preauth]
May  8 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Invalid user lien from 101.36.108.134
May  8 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: input_userauth_request: invalid user lien [preauth]
May  8 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: pam_unix(sshd:auth): check pass; user unknown
May  8 19:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 19:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Failed password for invalid user lien from 101.36.108.134 port 53702 ssh2
May  8 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Received disconnect from 101.36.108.134 port 53702:11: Bye Bye [preauth]
May  8 19:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4724]: Disconnected from 101.36.108.134 port 53702 [preauth]
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4735]: pam_unix(cron:session): session closed for user p13x
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4798]: Successful su for rubyman by root
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4798]: + ??? root:rubyman
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355168 of user rubyman.
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4798]: pam_unix(su:session): session closed for user rubyman
May  8 19:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355168.
May  8 19:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1814]: pam_unix(cron:session): session closed for user root
May  8 19:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4736]: pam_unix(cron:session): session closed for user samftp
May  8 19:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3703]: pam_unix(cron:session): session closed for user root
May  8 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 19:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5345]: pam_unix(cron:session): session closed for user p13x
May  8 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5408]: Successful su for rubyman by root
May  8 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5408]: + ??? root:rubyman
May  8 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5408]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355172 of user rubyman.
May  8 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5408]: pam_unix(su:session): session closed for user rubyman
May  8 19:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355172.
May  8 19:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2313]: pam_unix(cron:session): session closed for user root
May  8 19:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5346]: pam_unix(cron:session): session closed for user samftp
May  8 19:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4164]: pam_unix(cron:session): session closed for user root
May  8 19:59:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 19:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Failed password for root from 43.153.195.114 port 35670 ssh2
May  8 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Received disconnect from 43.153.195.114 port 35670:11: Bye Bye [preauth]
May  8 19:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5789]: Disconnected from 43.153.195.114 port 35670 [preauth]
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5897]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5896]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5895]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5897]: pam_unix(cron:session): session closed for user root
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5902]: pam_unix(cron:session): session closed for user root
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5895]: pam_unix(cron:session): session closed for user p13x
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: Successful su for rubyman by root
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: + ??? root:rubyman
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355174 of user rubyman.
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5991]: pam_unix(su:session): session closed for user rubyman
May  8 20:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355174.
May  8 20:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5898]: pam_unix(cron:session): session closed for user root
May  8 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2766]: pam_unix(cron:session): session closed for user root
May  8 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Invalid user kigere from 178.159.213.128
May  8 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: input_userauth_request: invalid user kigere [preauth]
May  8 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Failed password for invalid user kigere from 178.159.213.128 port 1352 ssh2
May  8 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5896]: pam_unix(cron:session): session closed for user samftp
May  8 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Received disconnect from 178.159.213.128 port 1352:11: Bye Bye [preauth]
May  8 20:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6119]: Disconnected from 178.159.213.128 port 1352 [preauth]
May  8 20:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Invalid user user1 from 80.94.95.116
May  8 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: input_userauth_request: invalid user user1 [preauth]
May  8 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Failed password for invalid user user1 from 80.94.95.116 port 17724 ssh2
May  8 20:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6277]: Connection closed by 80.94.95.116 port 17724 [preauth]
May  8 20:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4739]: pam_unix(cron:session): session closed for user root
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6421]: pam_unix(cron:session): session closed for user p13x
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6497]: Successful su for rubyman by root
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6497]: + ??? root:rubyman
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6497]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355181 of user rubyman.
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6497]: pam_unix(su:session): session closed for user rubyman
May  8 20:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355181.
May  8 20:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3193]: pam_unix(cron:session): session closed for user root
May  8 20:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6422]: pam_unix(cron:session): session closed for user samftp
May  8 20:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5348]: pam_unix(cron:session): session closed for user root
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6841]: pam_unix(cron:session): session closed for user p13x
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: Successful su for rubyman by root
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: + ??? root:rubyman
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355186 of user rubyman.
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: pam_unix(su:session): session closed for user rubyman
May  8 20:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355186.
May  8 20:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3702]: pam_unix(cron:session): session closed for user root
May  8 20:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session closed for user samftp
May  8 20:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8  user=root
May  8 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: Failed password for root from 197.5.145.8 port 40055 ssh2
May  8 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: Received disconnect from 197.5.145.8 port 40055:11: Bye Bye [preauth]
May  8 20:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7228]: Disconnected from 197.5.145.8 port 40055 [preauth]
May  8 20:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5901]: pam_unix(cron:session): session closed for user root
May  8 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session closed for user p13x
May  8 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7410]: Successful su for rubyman by root
May  8 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7410]: + ??? root:rubyman
May  8 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355190 of user rubyman.
May  8 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7410]: pam_unix(su:session): session closed for user rubyman
May  8 20:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355190.
May  8 20:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4163]: pam_unix(cron:session): session closed for user root
May  8 20:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session closed for user samftp
May  8 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Invalid user git from 101.36.108.134
May  8 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: input_userauth_request: invalid user git [preauth]
May  8 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 20:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Failed password for invalid user git from 101.36.108.134 port 37818 ssh2
May  8 20:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Received disconnect from 101.36.108.134 port 37818:11: Bye Bye [preauth]
May  8 20:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7718]: Disconnected from 101.36.108.134 port 37818 [preauth]
May  8 20:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6425]: pam_unix(cron:session): session closed for user root
May  8 20:03:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7872]: Did not receive identification string from 196.251.114.29
May  8 20:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: Failed password for root from 49.64.169.153 port 46181 ssh2
May  8 20:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: Received disconnect from 49.64.169.153 port 46181:11: Bye Bye [preauth]
May  8 20:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7861]: Disconnected from 49.64.169.153 port 46181 [preauth]
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user p13x
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: Successful su for rubyman by root
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: + ??? root:rubyman
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355193 of user rubyman.
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: pam_unix(su:session): session closed for user rubyman
May  8 20:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355193.
May  8 20:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4738]: pam_unix(cron:session): session closed for user root
May  8 20:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user samftp
May  8 20:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session closed for user root
May  8 20:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Invalid user sina from 103.226.138.58
May  8 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: input_userauth_request: invalid user sina [preauth]
May  8 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 20:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Failed password for invalid user sina from 103.226.138.58 port 50830 ssh2
May  8 20:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Received disconnect from 103.226.138.58 port 50830:11: Bye Bye [preauth]
May  8 20:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8261]: Disconnected from 103.226.138.58 port 50830 [preauth]
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8311]: pam_unix(cron:session): session closed for user root
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8305]: pam_unix(cron:session): session closed for user p13x
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: Successful su for rubyman by root
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: + ??? root:rubyman
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355202 of user rubyman.
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8380]: pam_unix(su:session): session closed for user rubyman
May  8 20:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355202.
May  8 20:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8307]: pam_unix(cron:session): session closed for user root
May  8 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Invalid user ubuntu from 178.159.213.128
May  8 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: input_userauth_request: invalid user ubuntu [preauth]
May  8 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5347]: pam_unix(cron:session): session closed for user root
May  8 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Failed password for invalid user ubuntu from 178.159.213.128 port 62011 ssh2
May  8 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Received disconnect from 178.159.213.128 port 62011:11: Bye Bye [preauth]
May  8 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8471]: Disconnected from 178.159.213.128 port 62011 [preauth]
May  8 20:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8306]: pam_unix(cron:session): session closed for user samftp
May  8 20:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:05:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Failed password for root from 43.153.195.114 port 41366 ssh2
May  8 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Received disconnect from 43.153.195.114 port 41366:11: Bye Bye [preauth]
May  8 20:05:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8644]: Disconnected from 43.153.195.114 port 41366 [preauth]
May  8 20:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session closed for user root
May  8 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8776]: pam_unix(cron:session): session closed for user p13x
May  8 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: Successful su for rubyman by root
May  8 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: + ??? root:rubyman
May  8 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355204 of user rubyman.
May  8 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8846]: pam_unix(su:session): session closed for user rubyman
May  8 20:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355204.
May  8 20:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5899]: pam_unix(cron:session): session closed for user root
May  8 20:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8777]: pam_unix(cron:session): session closed for user samftp
May  8 20:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session closed for user root
May  8 20:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for root from 80.94.95.241 port 62384 ssh2
May  8 20:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for root from 80.94.95.241 port 62384 ssh2
May  8 20:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for root from 218.92.0.111 port 53754 ssh2
May  8 20:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for root from 218.92.0.111 port 53754 ssh2
May  8 20:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for root from 80.94.95.241 port 62384 ssh2
May  8 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for root from 218.92.0.111 port 53754 ssh2
May  8 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Received disconnect from 218.92.0.111 port 53754:11:  [preauth]
May  8 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Disconnected from 218.92.0.111 port 53754 [preauth]
May  8 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 20:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for root from 80.94.95.241 port 62384 ssh2
May  8 20:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 20:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Failed password for root from 80.94.95.241 port 62384 ssh2
May  8 20:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Failed password for root from 218.92.0.111 port 53768 ssh2
May  8 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Received disconnect from 80.94.95.241 port 62384:11: Bye [preauth]
May  8 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: Disconnected from 80.94.95.241 port 62384 [preauth]
May  8 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 20:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9106]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 20:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Failed password for root from 218.92.0.111 port 53768 ssh2
May  8 20:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8  user=root
May  8 20:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Failed password for root from 218.92.0.111 port 53768 ssh2
May  8 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Received disconnect from 218.92.0.111 port 53768:11:  [preauth]
May  8 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: Disconnected from 218.92.0.111 port 53768 [preauth]
May  8 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9245]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Failed password for root from 197.5.145.8 port 40056 ssh2
May  8 20:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Received disconnect from 197.5.145.8 port 40056:11: Bye Bye [preauth]
May  8 20:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9276]: Disconnected from 197.5.145.8 port 40056 [preauth]
May  8 20:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 20:06:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 218.92.0.111 port 51558 ssh2
May  8 20:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 218.92.0.111 port 51558 ssh2
May  8 20:06:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Failed password for root from 218.92.0.111 port 51558 ssh2
May  8 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Received disconnect from 218.92.0.111 port 51558:11:  [preauth]
May  8 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: Disconnected from 218.92.0.111 port 51558 [preauth]
May  8 20:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9278]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.111  user=root
May  8 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9319]: pam_unix(cron:session): session closed for user p13x
May  8 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9384]: Successful su for rubyman by root
May  8 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9384]: + ??? root:rubyman
May  8 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9384]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355209 of user rubyman.
May  8 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9384]: pam_unix(su:session): session closed for user rubyman
May  8 20:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355209.
May  8 20:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6423]: pam_unix(cron:session): session closed for user root
May  8 20:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9320]: pam_unix(cron:session): session closed for user samftp
May  8 20:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8309]: pam_unix(cron:session): session closed for user root
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9714]: pam_unix(cron:session): session closed for user p13x
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: Successful su for rubyman by root
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: + ??? root:rubyman
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355212 of user rubyman.
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9787]: pam_unix(su:session): session closed for user rubyman
May  8 20:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355212.
May  8 20:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session closed for user root
May  8 20:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session closed for user samftp
May  8 20:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134  user=root
May  8 20:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: Failed password for root from 101.36.108.134 port 44880 ssh2
May  8 20:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: Received disconnect from 101.36.108.134 port 44880:11: Bye Bye [preauth]
May  8 20:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10013]: Disconnected from 101.36.108.134 port 44880 [preauth]
May  8 20:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8779]: pam_unix(cron:session): session closed for user root
May  8 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user p13x
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10345]: Successful su for rubyman by root
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10345]: + ??? root:rubyman
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355215 of user rubyman.
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10345]: pam_unix(su:session): session closed for user rubyman
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355215.
May  8 20:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user root
May  8 20:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session closed for user root
May  8 20:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session closed for user samftp
May  8 20:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5  user=root
May  8 20:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: Failed password for root from 85.208.84.5 port 55238 ssh2
May  8 20:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10610]: Connection closed by 85.208.84.5 port 55238 [preauth]
May  8 20:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Invalid user admin from 80.94.95.112
May  8 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: input_userauth_request: invalid user admin [preauth]
May  8 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 20:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for invalid user admin from 80.94.95.112 port 13620 ssh2
May  8 20:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for invalid user admin from 80.94.95.112 port 13620 ssh2
May  8 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9323]: pam_unix(cron:session): session closed for user root
May  8 20:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for invalid user admin from 80.94.95.112 port 13620 ssh2
May  8 20:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for invalid user admin from 80.94.95.112 port 13620 ssh2
May  8 20:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Failed password for invalid user admin from 80.94.95.112 port 13620 ssh2
May  8 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Received disconnect from 80.94.95.112 port 13620:11: Bye [preauth]
May  8 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: Disconnected from 80.94.95.112 port 13620 [preauth]
May  8 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10676]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 20:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Invalid user magnus from 178.159.213.128
May  8 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: input_userauth_request: invalid user magnus [preauth]
May  8 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Failed password for invalid user magnus from 178.159.213.128 port 58819 ssh2
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Invalid user hcc from 49.64.169.153
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: input_userauth_request: invalid user hcc [preauth]
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Received disconnect from 178.159.213.128 port 58819:11: Bye Bye [preauth]
May  8 20:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10745]: Disconnected from 178.159.213.128 port 58819 [preauth]
May  8 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Failed password for invalid user hcc from 49.64.169.153 port 35180 ssh2
May  8 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Received disconnect from 49.64.169.153 port 35180:11: Bye Bye [preauth]
May  8 20:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10759]: Disconnected from 49.64.169.153 port 35180 [preauth]
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session closed for user root
May  8 20:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10803]: pam_unix(cron:session): session closed for user p13x
May  8 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10870]: Successful su for rubyman by root
May  8 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10870]: + ??? root:rubyman
May  8 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355222 of user rubyman.
May  8 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10870]: pam_unix(su:session): session closed for user rubyman
May  8 20:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355222.
May  8 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10805]: pam_unix(cron:session): session closed for user root
May  8 20:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session closed for user root
May  8 20:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10804]: pam_unix(cron:session): session closed for user samftp
May  8 20:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user root
May  8 20:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Failed password for root from 43.153.195.114 port 39742 ssh2
May  8 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Received disconnect from 43.153.195.114 port 39742:11: Bye Bye [preauth]
May  8 20:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11197]: Disconnected from 43.153.195.114 port 39742 [preauth]
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11225]: pam_unix(cron:session): session closed for user p13x
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: Successful su for rubyman by root
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: + ??? root:rubyman
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355227 of user rubyman.
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11292]: pam_unix(su:session): session closed for user rubyman
May  8 20:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355227.
May  8 20:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8308]: pam_unix(cron:session): session closed for user root
May  8 20:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11226]: pam_unix(cron:session): session closed for user samftp
May  8 20:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Invalid user jing from 103.226.138.58
May  8 20:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: input_userauth_request: invalid user jing [preauth]
May  8 20:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 20:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Failed password for invalid user jing from 103.226.138.58 port 46082 ssh2
May  8 20:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Received disconnect from 103.226.138.58 port 46082:11: Bye Bye [preauth]
May  8 20:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11501]: Disconnected from 103.226.138.58 port 46082 [preauth]
May  8 20:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Invalid user joko from 197.5.145.8
May  8 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: input_userauth_request: invalid user joko [preauth]
May  8 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Failed password for invalid user joko from 197.5.145.8 port 40057 ssh2
May  8 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Received disconnect from 197.5.145.8 port 40057:11: Bye Bye [preauth]
May  8 20:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11517]: Disconnected from 197.5.145.8 port 40057 [preauth]
May  8 20:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10136]: pam_unix(cron:session): session closed for user root
May  8 20:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 20:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Failed password for root from 218.92.0.233 port 56416 ssh2
May  8 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 56416 ssh2]
May  8 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Received disconnect from 218.92.0.233 port 56416:11:  [preauth]
May  8 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Disconnected from 218.92.0.233 port 56416 [preauth]
May  8 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 20:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11644]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11643]: pam_unix(cron:session): session closed for user p13x
May  8 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: Successful su for rubyman by root
May  8 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: + ??? root:rubyman
May  8 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355231 of user rubyman.
May  8 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11702]: pam_unix(su:session): session closed for user rubyman
May  8 20:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355231.
May  8 20:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Failed password for root from 218.92.0.233 port 33036 ssh2
May  8 20:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8778]: pam_unix(cron:session): session closed for user root
May  8 20:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Failed password for root from 218.92.0.233 port 33036 ssh2
May  8 20:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11644]: pam_unix(cron:session): session closed for user samftp
May  8 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Failed password for root from 218.92.0.233 port 33036 ssh2
May  8 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Received disconnect from 218.92.0.233 port 33036:11:  [preauth]
May  8 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: Disconnected from 218.92.0.233 port 33036 [preauth]
May  8 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11633]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 20:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 20:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Failed password for root from 218.92.0.233 port 53540 ssh2
May  8 20:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 53540 ssh2]
May  8 20:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Received disconnect from 218.92.0.233 port 53540:11:  [preauth]
May  8 20:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: Disconnected from 218.92.0.233 port 53540 [preauth]
May  8 20:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11889]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 20:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session closed for user root
May  8 20:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12006]: Connection closed by 148.113.210.228 port 44166 [preauth]
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12033]: pam_unix(cron:session): session closed for user p13x
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12094]: Successful su for rubyman by root
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12094]: + ??? root:rubyman
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12094]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355234 of user rubyman.
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12094]: pam_unix(su:session): session closed for user rubyman
May  8 20:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355234.
May  8 20:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9322]: pam_unix(cron:session): session closed for user root
May  8 20:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12034]: pam_unix(cron:session): session closed for user samftp
May  8 20:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user root
May  8 20:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Invalid user jboss from 101.36.108.134
May  8 20:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: input_userauth_request: invalid user jboss [preauth]
May  8 20:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.108.134
May  8 20:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Failed password for invalid user jboss from 101.36.108.134 port 53872 ssh2
May  8 20:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Received disconnect from 101.36.108.134 port 53872:11: Bye Bye [preauth]
May  8 20:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12390]: Disconnected from 101.36.108.134 port 53872 [preauth]
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12439]: pam_unix(cron:session): session closed for user p13x
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12499]: Successful su for rubyman by root
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12499]: + ??? root:rubyman
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355240 of user rubyman.
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12499]: pam_unix(su:session): session closed for user rubyman
May  8 20:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355240.
May  8 20:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session closed for user root
May  8 20:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session closed for user samftp
May  8 20:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Invalid user egarcia from 178.159.213.128
May  8 20:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: input_userauth_request: invalid user egarcia [preauth]
May  8 20:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Failed password for invalid user egarcia from 178.159.213.128 port 53436 ssh2
May  8 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Received disconnect from 178.159.213.128 port 53436:11: Bye Bye [preauth]
May  8 20:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12739]: Disconnected from 178.159.213.128 port 53436 [preauth]
May  8 20:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11646]: pam_unix(cron:session): session closed for user root
May  8 20:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 20:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Failed password for root from 218.92.0.217 port 58506 ssh2
May  8 20:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: message repeated 2 times: [ Failed password for root from 218.92.0.217 port 58506 ssh2]
May  8 20:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Received disconnect from 218.92.0.217 port 58506:11:  [preauth]
May  8 20:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: Disconnected from 218.92.0.217 port 58506 [preauth]
May  8 20:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12797]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.217  user=root
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session closed for user root
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12827]: pam_unix(cron:session): session closed for user p13x
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: Successful su for rubyman by root
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: + ??? root:rubyman
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355242 of user rubyman.
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12894]: pam_unix(su:session): session closed for user rubyman
May  8 20:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355242.
May  8 20:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session closed for user root
May  8 20:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session closed for user root
May  8 20:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session closed for user samftp
May  8 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Invalid user sampsa from 49.64.169.153
May  8 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: input_userauth_request: invalid user sampsa [preauth]
May  8 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 20:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Failed password for invalid user sampsa from 49.64.169.153 port 52411 ssh2
May  8 20:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Received disconnect from 49.64.169.153 port 52411:11: Bye Bye [preauth]
May  8 20:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13165]: Disconnected from 49.64.169.153 port 52411 [preauth]
May  8 20:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12036]: pam_unix(cron:session): session closed for user root
May  8 20:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Invalid user vishnu from 197.5.145.8
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: input_userauth_request: invalid user vishnu [preauth]
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13254]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13254]: pam_unix(cron:session): session closed for user p13x
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13329]: Successful su for rubyman by root
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13329]: + ??? root:rubyman
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355249 of user rubyman.
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13329]: pam_unix(su:session): session closed for user rubyman
May  8 20:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355249.
May  8 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Failed password for invalid user vishnu from 197.5.145.8 port 40058 ssh2
May  8 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Received disconnect from 197.5.145.8 port 40058:11: Bye Bye [preauth]
May  8 20:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13251]: Disconnected from 197.5.145.8 port 40058 [preauth]
May  8 20:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session closed for user root
May  8 20:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13255]: pam_unix(cron:session): session closed for user samftp
May  8 20:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Invalid user zhangxin from 43.153.195.114
May  8 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: input_userauth_request: invalid user zhangxin [preauth]
May  8 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Failed password for invalid user zhangxin from 43.153.195.114 port 40236 ssh2
May  8 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Received disconnect from 43.153.195.114 port 40236:11: Bye Bye [preauth]
May  8 20:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13620]: Disconnected from 43.153.195.114 port 40236 [preauth]
May  8 20:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session closed for user root
May  8 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Invalid user mtest from 164.68.105.9
May  8 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: input_userauth_request: invalid user mtest [preauth]
May  8 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Failed password for invalid user mtest from 164.68.105.9 port 54292 ssh2
May  8 20:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13727]: Connection closed by 164.68.105.9 port 54292 [preauth]
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13780]: pam_unix(cron:session): session closed for user root
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13783]: pam_unix(cron:session): session closed for user p13x
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13844]: Successful su for rubyman by root
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13844]: + ??? root:rubyman
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13844]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355253 of user rubyman.
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13844]: pam_unix(su:session): session closed for user rubyman
May  8 20:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355253.
May  8 20:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session closed for user root
May  8 20:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session closed for user samftp
May  8 20:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14031]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 20:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: Failed password for root from 218.92.0.216 port 52806 ssh2
May  8 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: message repeated 2 times: [ Failed password for root from 218.92.0.216 port 52806 ssh2]
May  8 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: Received disconnect from 218.92.0.216 port 52806:11:  [preauth]
May  8 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: Disconnected from 218.92.0.216 port 52806 [preauth]
May  8 20:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14063]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 20:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session closed for user root
May  8 20:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58  user=root
May  8 20:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Failed password for root from 103.226.138.58 port 56032 ssh2
May  8 20:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Received disconnect from 103.226.138.58 port 56032:11: Bye Bye [preauth]
May  8 20:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14151]: Disconnected from 103.226.138.58 port 56032 [preauth]
May  8 20:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 20:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 218.92.0.207 port 38984 ssh2
May  8 20:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 218.92.0.207 port 38984 ssh2
May  8 20:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14132]: Connection closed by 167.94.145.107 port 38092 [preauth]
May  8 20:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 218.92.0.207 port 38984 ssh2
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14189]: pam_unix(cron:session): session closed for user p13x
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14251]: Successful su for rubyman by root
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14251]: + ??? root:rubyman
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14251]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355257 of user rubyman.
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14251]: pam_unix(su:session): session closed for user rubyman
May  8 20:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355257.
May  8 20:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 218.92.0.207 port 38984 ssh2
May  8 20:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11645]: pam_unix(cron:session): session closed for user root
May  8 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14190]: pam_unix(cron:session): session closed for user samftp
May  8 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Failed password for root from 218.92.0.207 port 38984 ssh2
May  8 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 38984 ssh2 [preauth]
May  8 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: Disconnecting: Too many authentication failures [preauth]
May  8 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 20:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14168]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 20:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  8 20:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: Failed password for root from 218.92.0.207 port 22708 ssh2
May  8 20:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14466]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 22708 ssh2]
May  8 20:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13257]: pam_unix(cron:session): session closed for user root
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14592]: pam_unix(cron:session): session closed for user p13x
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14663]: Successful su for rubyman by root
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14663]: + ??? root:rubyman
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355262 of user rubyman.
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14663]: pam_unix(su:session): session closed for user rubyman
May  8 20:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355262.
May  8 20:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12035]: pam_unix(cron:session): session closed for user root
May  8 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14593]: pam_unix(cron:session): session closed for user samftp
May  8 20:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: Failed password for root from 80.94.95.115 port 26256 ssh2
May  8 20:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14837]: Connection closed by 80.94.95.115 port 26256 [preauth]
May  8 20:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Invalid user ftpuser from 178.159.213.128
May  8 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: input_userauth_request: invalid user ftpuser [preauth]
May  8 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Failed password for invalid user ftpuser from 178.159.213.128 port 49409 ssh2
May  8 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Received disconnect from 178.159.213.128 port 49409:11: Bye Bye [preauth]
May  8 20:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14890]: Disconnected from 178.159.213.128 port 49409 [preauth]
May  8 20:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13786]: pam_unix(cron:session): session closed for user root
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15018]: pam_unix(cron:session): session closed for user root
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15011]: pam_unix(cron:session): session closed for user p13x
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15085]: Successful su for rubyman by root
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15085]: + ??? root:rubyman
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355268 of user rubyman.
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15085]: pam_unix(su:session): session closed for user rubyman
May  8 20:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355268.
May  8 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15015]: pam_unix(cron:session): session closed for user root
May  8 20:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12441]: pam_unix(cron:session): session closed for user root
May  8 20:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15012]: pam_unix(cron:session): session closed for user samftp
May  8 20:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14192]: pam_unix(cron:session): session closed for user root
May  8 20:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: Invalid user jing from 197.5.145.8
May  8 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: input_userauth_request: invalid user jing [preauth]
May  8 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: Failed password for invalid user jing from 197.5.145.8 port 40059 ssh2
May  8 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: Received disconnect from 197.5.145.8 port 40059:11: Bye Bye [preauth]
May  8 20:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15384]: Disconnected from 197.5.145.8 port 40059 [preauth]
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session closed for user p13x
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: Successful su for rubyman by root
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: + ??? root:rubyman
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355274 of user rubyman.
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: pam_unix(su:session): session closed for user rubyman
May  8 20:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355274.
May  8 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session closed for user samftp
May  8 20:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session closed for user root
May  8 20:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Invalid user guest from 49.64.169.153
May  8 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: input_userauth_request: invalid user guest [preauth]
May  8 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Failed password for invalid user guest from 49.64.169.153 port 41408 ssh2
May  8 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Received disconnect from 49.64.169.153 port 41408:11: Bye Bye [preauth]
May  8 20:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15691]: Disconnected from 49.64.169.153 port 41408 [preauth]
May  8 20:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user root
May  8 20:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Failed password for root from 43.153.195.114 port 42652 ssh2
May  8 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Received disconnect from 43.153.195.114 port 42652:11: Bye Bye [preauth]
May  8 20:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15786]: Disconnected from 43.153.195.114 port 42652 [preauth]
May  8 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15847]: pam_unix(cron:session): session closed for user p13x
May  8 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15909]: Successful su for rubyman by root
May  8 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15909]: + ??? root:rubyman
May  8 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355275 of user rubyman.
May  8 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15909]: pam_unix(su:session): session closed for user rubyman
May  8 20:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355275.
May  8 20:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13256]: pam_unix(cron:session): session closed for user root
May  8 20:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15848]: pam_unix(cron:session): session closed for user samftp
May  8 20:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15017]: pam_unix(cron:session): session closed for user root
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session closed for user p13x
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: Successful su for rubyman by root
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: + ??? root:rubyman
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355281 of user rubyman.
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16290]: pam_unix(su:session): session closed for user rubyman
May  8 20:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355281.
May  8 20:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session closed for user root
May  8 20:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16232]: pam_unix(cron:session): session closed for user samftp
May  8 20:23:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session closed for user root
May  8 20:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 20:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Failed password for root from 50.235.31.47 port 57948 ssh2
May  8 20:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16670]: Connection closed by 50.235.31.47 port 57948 [preauth]
May  8 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16682]: pam_unix(cron:session): session closed for user p13x
May  8 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: Successful su for rubyman by root
May  8 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: + ??? root:rubyman
May  8 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355284 of user rubyman.
May  8 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16746]: pam_unix(su:session): session closed for user rubyman
May  8 20:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355284.
May  8 20:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14191]: pam_unix(cron:session): session closed for user root
May  8 20:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16683]: pam_unix(cron:session): session closed for user samftp
May  8 20:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Invalid user gahn from 178.159.213.128
May  8 20:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: input_userauth_request: invalid user gahn [preauth]
May  8 20:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Failed password for invalid user gahn from 178.159.213.128 port 44307 ssh2
May  8 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Received disconnect from 178.159.213.128 port 44307:11: Bye Bye [preauth]
May  8 20:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16960]: Disconnected from 178.159.213.128 port 44307 [preauth]
May  8 20:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 20:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Failed password for root from 218.92.0.218 port 40008 ssh2
May  8 20:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Failed password for root from 218.92.0.218 port 40008 ssh2
May  8 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Failed password for root from 218.92.0.218 port 40008 ssh2
May  8 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Received disconnect from 218.92.0.218 port 40008:11:  [preauth]
May  8 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: Disconnected from 218.92.0.218 port 40008 [preauth]
May  8 20:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17002]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.218  user=root
May  8 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Invalid user valeriy from 103.226.138.58
May  8 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: input_userauth_request: invalid user valeriy [preauth]
May  8 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 20:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15850]: pam_unix(cron:session): session closed for user root
May  8 20:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Failed password for invalid user valeriy from 103.226.138.58 port 35456 ssh2
May  8 20:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Received disconnect from 103.226.138.58 port 35456:11: Bye Bye [preauth]
May  8 20:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17025]: Disconnected from 103.226.138.58 port 35456 [preauth]
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17120]: pam_unix(cron:session): session closed for user root
May  8 20:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17115]: pam_unix(cron:session): session closed for user p13x
May  8 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17183]: Successful su for rubyman by root
May  8 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17183]: + ??? root:rubyman
May  8 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17183]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355287 of user rubyman.
May  8 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17183]: pam_unix(su:session): session closed for user rubyman
May  8 20:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355287.
May  8 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14594]: pam_unix(cron:session): session closed for user root
May  8 20:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17117]: pam_unix(cron:session): session closed for user root
May  8 20:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17116]: pam_unix(cron:session): session closed for user samftp
May  8 20:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 20:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Invalid user niklas from 197.5.145.8
May  8 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: input_userauth_request: invalid user niklas [preauth]
May  8 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17410]: Failed password for root from 218.92.0.252 port 30372 ssh2
May  8 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Failed password for invalid user niklas from 197.5.145.8 port 40060 ssh2
May  8 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Received disconnect from 197.5.145.8 port 40060:11: Bye Bye [preauth]
May  8 20:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17421]: Disconnected from 197.5.145.8 port 40060 [preauth]
May  8 20:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session closed for user root
May  8 20:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17565]: pam_unix(cron:session): session closed for user p13x
May  8 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: Successful su for rubyman by root
May  8 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: + ??? root:rubyman
May  8 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355293 of user rubyman.
May  8 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17632]: pam_unix(su:session): session closed for user rubyman
May  8 20:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355293.
May  8 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15016]: pam_unix(cron:session): session closed for user root
May  8 20:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17566]: pam_unix(cron:session): session closed for user samftp
May  8 20:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17892]: Did not receive identification string from 130.195.4.212
May  8 20:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16685]: pam_unix(cron:session): session closed for user root
May  8 20:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Invalid user user from 49.64.169.153
May  8 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: input_userauth_request: invalid user user [preauth]
May  8 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 20:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Failed password for invalid user user from 49.64.169.153 port 58631 ssh2
May  8 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Received disconnect from 49.64.169.153 port 58631:11: Bye Bye [preauth]
May  8 20:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18069]: Disconnected from 49.64.169.153 port 58631 [preauth]
May  8 20:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18100]: pam_unix(cron:session): session closed for user p13x
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18165]: Successful su for rubyman by root
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18165]: + ??? root:rubyman
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355297 of user rubyman.
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18165]: pam_unix(su:session): session closed for user rubyman
May  8 20:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355297.
May  8 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Failed password for root from 43.153.195.114 port 60874 ssh2
May  8 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Received disconnect from 43.153.195.114 port 60874:11: Bye Bye [preauth]
May  8 20:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18097]: Disconnected from 43.153.195.114 port 60874 [preauth]
May  8 20:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session closed for user root
May  8 20:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18101]: pam_unix(cron:session): session closed for user samftp
May  8 20:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Invalid user vpn from 193.70.84.184
May  8 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: input_userauth_request: invalid user vpn [preauth]
May  8 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Failed password for invalid user vpn from 193.70.84.184 port 54762 ssh2
May  8 20:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18419]: Connection closed by 193.70.84.184 port 54762 [preauth]
May  8 20:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17119]: pam_unix(cron:session): session closed for user root
May  8 20:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 20:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for root from 218.92.0.229 port 40668 ssh2
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18516]: pam_unix(cron:session): session closed for user p13x
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: Successful su for rubyman by root
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: + ??? root:rubyman
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355301 of user rubyman.
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18579]: pam_unix(su:session): session closed for user rubyman
May  8 20:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355301.
May  8 20:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for root from 218.92.0.229 port 40668 ssh2
May  8 20:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15849]: pam_unix(cron:session): session closed for user root
May  8 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Failed password for root from 218.92.0.229 port 40668 ssh2
May  8 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Received disconnect from 218.92.0.229 port 40668:11:  [preauth]
May  8 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: Disconnected from 218.92.0.229 port 40668 [preauth]
May  8 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18505]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 20:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session closed for user samftp
May  8 20:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 20:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Failed password for root from 218.92.0.229 port 39466 ssh2
May  8 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 39466 ssh2]
May  8 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Received disconnect from 218.92.0.229 port 39466:11:  [preauth]
May  8 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: Disconnected from 218.92.0.229 port 39466 [preauth]
May  8 20:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18751]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 20:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17568]: pam_unix(cron:session): session closed for user root
May  8 20:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 20:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Failed password for root from 218.92.0.229 port 48122 ssh2
May  8 20:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: message repeated 2 times: [ Failed password for root from 218.92.0.229 port 48122 ssh2]
May  8 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Received disconnect from 218.92.0.229 port 48122:11:  [preauth]
May  8 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: Disconnected from 218.92.0.229 port 48122 [preauth]
May  8 20:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18875]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.229  user=root
May  8 20:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: Invalid user zl from 178.159.213.128
May  8 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: input_userauth_request: invalid user zl [preauth]
May  8 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18937]: pam_unix(cron:session): session closed for user p13x
May  8 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18996]: Successful su for rubyman by root
May  8 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18996]: + ??? root:rubyman
May  8 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355307 of user rubyman.
May  8 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18996]: pam_unix(su:session): session closed for user rubyman
May  8 20:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355307.
May  8 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: Failed password for invalid user zl from 178.159.213.128 port 30712 ssh2
May  8 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: Received disconnect from 178.159.213.128 port 30712:11: Bye Bye [preauth]
May  8 20:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18924]: Disconnected from 178.159.213.128 port 30712 [preauth]
May  8 20:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session closed for user root
May  8 20:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19165]: Did not receive identification string from 196.251.87.74
May  8 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Invalid user usario from 196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: input_userauth_request: invalid user usario [preauth]
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Invalid user user from 196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: input_userauth_request: invalid user user [preauth]
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Invalid user ubnt from 196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: input_userauth_request: invalid user ubnt [preauth]
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Invalid user admin from 196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: input_userauth_request: invalid user admin [preauth]
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Invalid user support from 196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: input_userauth_request: invalid user support [preauth]
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.87.74
May  8 20:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18938]: pam_unix(cron:session): session closed for user samftp
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Failed password for invalid user usario from 196.251.87.74 port 39914 ssh2
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Failed password for invalid user user from 196.251.87.74 port 39890 ssh2
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Failed password for invalid user ubnt from 196.251.87.74 port 39930 ssh2
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Failed password for invalid user admin from 196.251.87.74 port 39904 ssh2
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user support from 196.251.87.74 port 39900 ssh2
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Received disconnect from 196.251.87.74 port 39914:11: Bye Bye [preauth]
May  8 20:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19174]: Disconnected from 196.251.87.74 port 39914 [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Received disconnect from 196.251.87.74 port 39890:11: Bye Bye [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Disconnected from 196.251.87.74 port 39890 [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Received disconnect from 196.251.87.74 port 39930:11: Bye Bye [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19176]: Disconnected from 196.251.87.74 port 39930 [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Received disconnect from 196.251.87.74 port 39904:11: Bye Bye [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19178]: Disconnected from 196.251.87.74 port 39904 [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Received disconnect from 196.251.87.74 port 39900:11: Bye Bye [preauth]
May  8 20:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Disconnected from 196.251.87.74 port 39900 [preauth]
May  8 20:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 20:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19236]: Failed password for root from 218.92.0.252 port 22668 ssh2
May  8 20:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18103]: pam_unix(cron:session): session closed for user root
May  8 20:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Invalid user erpadmin from 197.5.145.8
May  8 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: input_userauth_request: invalid user erpadmin [preauth]
May  8 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Failed password for invalid user erpadmin from 197.5.145.8 port 40061 ssh2
May  8 20:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Received disconnect from 197.5.145.8 port 40061:11: Bye Bye [preauth]
May  8 20:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19332]: Disconnected from 197.5.145.8 port 40061 [preauth]
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19361]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19366]: pam_unix(cron:session): session closed for user root
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19361]: pam_unix(cron:session): session closed for user p13x
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19429]: Successful su for rubyman by root
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19429]: + ??? root:rubyman
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355309 of user rubyman.
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19429]: pam_unix(su:session): session closed for user rubyman
May  8 20:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355309.
May  8 20:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19363]: pam_unix(cron:session): session closed for user root
May  8 20:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16684]: pam_unix(cron:session): session closed for user root
May  8 20:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19362]: pam_unix(cron:session): session closed for user samftp
May  8 20:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: Failed password for root from 80.94.95.115 port 32948 ssh2
May  8 20:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19701]: Connection closed by 80.94.95.115 port 32948 [preauth]
May  8 20:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session closed for user root
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19811]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19809]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19809]: pam_unix(cron:session): session closed for user p13x
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19877]: Successful su for rubyman by root
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19877]: + ??? root:rubyman
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19877]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355315 of user rubyman.
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19877]: pam_unix(su:session): session closed for user rubyman
May  8 20:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355315.
May  8 20:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17118]: pam_unix(cron:session): session closed for user root
May  8 20:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19810]: pam_unix(cron:session): session closed for user samftp
May  8 20:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58  user=root
May  8 20:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Failed password for root from 103.226.138.58 port 60256 ssh2
May  8 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Received disconnect from 103.226.138.58 port 60256:11: Bye Bye [preauth]
May  8 20:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20083]: Disconnected from 103.226.138.58 port 60256 [preauth]
May  8 20:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18940]: pam_unix(cron:session): session closed for user root
May  8 20:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: Invalid user test2 from 85.208.84.134
May  8 20:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: input_userauth_request: invalid user test2 [preauth]
May  8 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.134
May  8 20:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: Failed password for invalid user test2 from 85.208.84.134 port 37386 ssh2
May  8 20:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20214]: Connection closed by 85.208.84.134 port 37386 [preauth]
May  8 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20234]: pam_unix(cron:session): session closed for user p13x
May  8 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: Successful su for rubyman by root
May  8 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: + ??? root:rubyman
May  8 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355319 of user rubyman.
May  8 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20295]: pam_unix(su:session): session closed for user rubyman
May  8 20:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355319.
May  8 20:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17567]: pam_unix(cron:session): session closed for user root
May  8 20:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20235]: pam_unix(cron:session): session closed for user samftp
May  8 20:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Invalid user management from 43.153.195.114
May  8 20:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: input_userauth_request: invalid user management [preauth]
May  8 20:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Failed password for invalid user management from 43.153.195.114 port 38308 ssh2
May  8 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Received disconnect from 43.153.195.114 port 38308:11: Bye Bye [preauth]
May  8 20:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20546]: Disconnected from 43.153.195.114 port 38308 [preauth]
May  8 20:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19365]: pam_unix(cron:session): session closed for user root
May  8 20:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Invalid user stefan from 49.64.169.153
May  8 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: input_userauth_request: invalid user stefan [preauth]
May  8 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Failed password for invalid user stefan from 49.64.169.153 port 47636 ssh2
May  8 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Received disconnect from 49.64.169.153 port 47636:11: Bye Bye [preauth]
May  8 20:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20620]: Disconnected from 49.64.169.153 port 47636 [preauth]
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session closed for user p13x
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: Successful su for rubyman by root
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: + ??? root:rubyman
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355323 of user rubyman.
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20701]: pam_unix(su:session): session closed for user rubyman
May  8 20:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355323.
May  8 20:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18102]: pam_unix(cron:session): session closed for user root
May  8 20:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20637]: pam_unix(cron:session): session closed for user samftp
May  8 20:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Invalid user nao from 80.94.95.241
May  8 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: input_userauth_request: invalid user nao [preauth]
May  8 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user nao from 80.94.95.241 port 62674 ssh2
May  8 20:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user nao from 80.94.95.241 port 62674 ssh2
May  8 20:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user nao from 80.94.95.241 port 62674 ssh2
May  8 20:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user nao from 80.94.95.241 port 62674 ssh2
May  8 20:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Failed password for invalid user nao from 80.94.95.241 port 62674 ssh2
May  8 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Received disconnect from 80.94.95.241 port 62674:11: Bye [preauth]
May  8 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: Disconnected from 80.94.95.241 port 62674 [preauth]
May  8 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 20:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20903]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 20:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19812]: pam_unix(cron:session): session closed for user root
May  8 20:33:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 20:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Failed password for root from 178.159.213.128 port 35120 ssh2
May  8 20:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Received disconnect from 178.159.213.128 port 35120:11: Bye Bye [preauth]
May  8 20:33:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21019]: Disconnected from 178.159.213.128 port 35120 [preauth]
May  8 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21049]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21049]: pam_unix(cron:session): session closed for user p13x
May  8 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: Successful su for rubyman by root
May  8 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: + ??? root:rubyman
May  8 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355328 of user rubyman.
May  8 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21114]: pam_unix(su:session): session closed for user rubyman
May  8 20:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355328.
May  8 20:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user root
May  8 20:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 20:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21050]: pam_unix(cron:session): session closed for user samftp
May  8 20:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Failed password for root from 218.92.0.231 port 41354 ssh2
May  8 20:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: message repeated 2 times: [ Failed password for root from 218.92.0.231 port 41354 ssh2]
May  8 20:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Received disconnect from 218.92.0.231 port 41354:11:  [preauth]
May  8 20:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: Disconnected from 218.92.0.231 port 41354 [preauth]
May  8 20:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21167]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.231  user=root
May  8 20:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Invalid user dev from 197.5.145.8
May  8 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: input_userauth_request: invalid user dev [preauth]
May  8 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Failed password for invalid user dev from 197.5.145.8 port 40062 ssh2
May  8 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Received disconnect from 197.5.145.8 port 40062:11: Bye Bye [preauth]
May  8 20:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21350]: Disconnected from 197.5.145.8 port 40062 [preauth]
May  8 20:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20237]: pam_unix(cron:session): session closed for user root
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21491]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21492]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session closed for user root
May  8 20:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21491]: pam_unix(cron:session): session closed for user p13x
May  8 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21569]: Successful su for rubyman by root
May  8 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21569]: + ??? root:rubyman
May  8 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355333 of user rubyman.
May  8 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21569]: pam_unix(su:session): session closed for user rubyman
May  8 20:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355333.
May  8 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21493]: pam_unix(cron:session): session closed for user root
May  8 20:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18939]: pam_unix(cron:session): session closed for user root
May  8 20:35:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21492]: pam_unix(cron:session): session closed for user samftp
May  8 20:35:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20639]: pam_unix(cron:session): session closed for user root
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session closed for user p13x
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22347]: Successful su for rubyman by root
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22347]: + ??? root:rubyman
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355339 of user rubyman.
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22347]: pam_unix(su:session): session closed for user rubyman
May  8 20:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355339.
May  8 20:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19364]: pam_unix(cron:session): session closed for user root
May  8 20:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22267]: pam_unix(cron:session): session closed for user samftp
May  8 20:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21052]: pam_unix(cron:session): session closed for user root
May  8 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22733]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22733]: pam_unix(cron:session): session closed for user p13x
May  8 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22806]: Successful su for rubyman by root
May  8 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22806]: + ??? root:rubyman
May  8 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22806]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355343 of user rubyman.
May  8 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22806]: pam_unix(su:session): session closed for user rubyman
May  8 20:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355343.
May  8 20:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19811]: pam_unix(cron:session): session closed for user root
May  8 20:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22735]: pam_unix(cron:session): session closed for user samftp
May  8 20:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21495]: pam_unix(cron:session): session closed for user root
May  8 20:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: Failed password for root from 43.153.195.114 port 41082 ssh2
May  8 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: Received disconnect from 43.153.195.114 port 41082:11: Bye Bye [preauth]
May  8 20:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23168]: Disconnected from 43.153.195.114 port 41082 [preauth]
May  8 20:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Invalid user dev from 103.226.138.58
May  8 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: input_userauth_request: invalid user dev [preauth]
May  8 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 20:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for root from 218.92.0.216 port 56806 ssh2
May  8 20:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Failed password for invalid user dev from 103.226.138.58 port 38474 ssh2
May  8 20:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Received disconnect from 103.226.138.58 port 38474:11: Bye Bye [preauth]
May  8 20:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23187]: Disconnected from 103.226.138.58 port 38474 [preauth]
May  8 20:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for root from 218.92.0.216 port 56806 ssh2
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23199]: pam_unix(cron:session): session closed for user p13x
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23264]: Successful su for rubyman by root
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23264]: + ??? root:rubyman
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355346 of user rubyman.
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23264]: pam_unix(su:session): session closed for user rubyman
May  8 20:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355346.
May  8 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for root from 218.92.0.216 port 56806 ssh2
May  8 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Received disconnect from 218.92.0.216 port 56806:11:  [preauth]
May  8 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Disconnected from 218.92.0.216 port 56806 [preauth]
May  8 20:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.216  user=root
May  8 20:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20236]: pam_unix(cron:session): session closed for user root
May  8 20:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23201]: pam_unix(cron:session): session closed for user samftp
May  8 20:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22269]: pam_unix(cron:session): session closed for user root
May  8 20:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Failed password for root from 178.159.213.128 port 28089 ssh2
May  8 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Received disconnect from 178.159.213.128 port 28089:11: Bye Bye [preauth]
May  8 20:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23630]: Disconnected from 178.159.213.128 port 28089 [preauth]
May  8 20:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Invalid user mysqld from 197.5.145.8
May  8 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: input_userauth_request: invalid user mysqld [preauth]
May  8 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Failed password for invalid user mysqld from 197.5.145.8 port 40063 ssh2
May  8 20:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Received disconnect from 197.5.145.8 port 40063:11: Bye Bye [preauth]
May  8 20:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23684]: Disconnected from 197.5.145.8 port 40063 [preauth]
May  8 20:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 20:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Failed password for root from 49.64.169.153 port 36646 ssh2
May  8 20:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Received disconnect from 49.64.169.153 port 36646:11: Bye Bye [preauth]
May  8 20:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23689]: Disconnected from 49.64.169.153 port 36646 [preauth]
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23703]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23705]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23702]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23699]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23702]: pam_unix(cron:session): session closed for user p13x
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23923]: Successful su for rubyman by root
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23923]: + ??? root:rubyman
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23923]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355350 of user rubyman.
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23923]: pam_unix(su:session): session closed for user rubyman
May  8 20:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355350.
May  8 20:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23699]: pam_unix(cron:session): session closed for user root
May  8 20:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20638]: pam_unix(cron:session): session closed for user root
May  8 20:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23703]: pam_unix(cron:session): session closed for user samftp
May  8 20:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22738]: pam_unix(cron:session): session closed for user root
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24338]: pam_unix(cron:session): session closed for user root
May  8 20:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24332]: pam_unix(cron:session): session closed for user p13x
May  8 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24421]: Successful su for rubyman by root
May  8 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24421]: + ??? root:rubyman
May  8 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355356 of user rubyman.
May  8 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24421]: pam_unix(su:session): session closed for user rubyman
May  8 20:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355356.
May  8 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21051]: pam_unix(cron:session): session closed for user root
May  8 20:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24334]: pam_unix(cron:session): session closed for user root
May  8 20:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24333]: pam_unix(cron:session): session closed for user samftp
May  8 20:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Invalid user admin from 80.94.95.112
May  8 20:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: input_userauth_request: invalid user admin [preauth]
May  8 20:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:40:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user admin from 80.94.95.112 port 46680 ssh2
May  8 20:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user admin from 80.94.95.112 port 46680 ssh2
May  8 20:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user admin from 80.94.95.112 port 46680 ssh2
May  8 20:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user admin from 80.94.95.112 port 46680 ssh2
May  8 20:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user admin from 80.94.95.112 port 46680 ssh2
May  8 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Received disconnect from 80.94.95.112 port 46680:11: Bye [preauth]
May  8 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Disconnected from 80.94.95.112 port 46680 [preauth]
May  8 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 20:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 20:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23207]: pam_unix(cron:session): session closed for user root
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24800]: pam_unix(cron:session): session closed for user p13x
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: Successful su for rubyman by root
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: + ??? root:rubyman
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355362 of user rubyman.
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24871]: pam_unix(su:session): session closed for user rubyman
May  8 20:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355362.
May  8 20:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21494]: pam_unix(cron:session): session closed for user root
May  8 20:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user samftp
May  8 20:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23705]: pam_unix(cron:session): session closed for user root
May  8 20:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Invalid user user from 85.208.84.5
May  8 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: input_userauth_request: invalid user user [preauth]
May  8 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.208.84.5
May  8 20:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Failed password for invalid user user from 85.208.84.5 port 51988 ssh2
May  8 20:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Connection closed by 85.208.84.5 port 51988 [preauth]
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25214]: pam_unix(cron:session): session closed for user p13x
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25286]: Successful su for rubyman by root
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25286]: + ??? root:rubyman
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355365 of user rubyman.
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25286]: pam_unix(su:session): session closed for user rubyman
May  8 20:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355365.
May  8 20:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22268]: pam_unix(cron:session): session closed for user root
May  8 20:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25215]: pam_unix(cron:session): session closed for user samftp
May  8 20:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24337]: pam_unix(cron:session): session closed for user root
May  8 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25649]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25649]: pam_unix(cron:session): session closed for user p13x
May  8 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25745]: Successful su for rubyman by root
May  8 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25745]: + ??? root:rubyman
May  8 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355368 of user rubyman.
May  8 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25745]: pam_unix(su:session): session closed for user rubyman
May  8 20:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355368.
May  8 20:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22736]: pam_unix(cron:session): session closed for user root
May  8 20:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25653]: pam_unix(cron:session): session closed for user samftp
May  8 20:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Invalid user jona from 43.153.195.114
May  8 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: input_userauth_request: invalid user jona [preauth]
May  8 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Failed password for invalid user jona from 43.153.195.114 port 44652 ssh2
May  8 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Received disconnect from 43.153.195.114 port 44652:11: Bye Bye [preauth]
May  8 20:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25975]: Disconnected from 43.153.195.114 port 44652 [preauth]
May  8 20:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Invalid user pula from 178.159.213.128
May  8 20:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: input_userauth_request: invalid user pula [preauth]
May  8 20:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Failed password for invalid user pula from 178.159.213.128 port 23262 ssh2
May  8 20:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Received disconnect from 178.159.213.128 port 23262:11: Bye Bye [preauth]
May  8 20:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26007]: Disconnected from 178.159.213.128 port 23262 [preauth]
May  8 20:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user root
May  8 20:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Invalid user blog from 197.5.145.8
May  8 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: input_userauth_request: invalid user blog [preauth]
May  8 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Failed password for invalid user blog from 197.5.145.8 port 40064 ssh2
May  8 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Received disconnect from 197.5.145.8 port 40064:11: Bye Bye [preauth]
May  8 20:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26073]: Disconnected from 197.5.145.8 port 40064 [preauth]
May  8 20:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26115]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26128]: pam_unix(cron:session): session closed for user p13x
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26188]: Successful su for rubyman by root
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26188]: + ??? root:rubyman
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355373 of user rubyman.
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26188]: pam_unix(su:session): session closed for user rubyman
May  8 20:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355373.
May  8 20:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23202]: pam_unix(cron:session): session closed for user root
May  8 20:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26129]: pam_unix(cron:session): session closed for user samftp
May  8 20:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Received disconnect from 218.92.0.229 port 39486:11:  [preauth]
May  8 20:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26386]: Disconnected from 218.92.0.229 port 39486 [preauth]
May  8 20:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25217]: pam_unix(cron:session): session closed for user root
May  8 20:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 20:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: Failed password for root from 49.64.169.153 port 53885 ssh2
May  8 20:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: Received disconnect from 49.64.169.153 port 53885:11: Bye Bye [preauth]
May  8 20:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26585]: Disconnected from 49.64.169.153 port 53885 [preauth]
May  8 20:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Invalid user rootadmin from 103.226.138.58
May  8 20:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: input_userauth_request: invalid user rootadmin [preauth]
May  8 20:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 20:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Failed password for invalid user rootadmin from 103.226.138.58 port 60250 ssh2
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26613]: pam_unix(cron:session): session closed for user root
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26607]: pam_unix(cron:session): session closed for user p13x
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Received disconnect from 103.226.138.58 port 60250:11: Bye Bye [preauth]
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26604]: Disconnected from 103.226.138.58 port 60250 [preauth]
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: Successful su for rubyman by root
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: + ??? root:rubyman
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355380 of user rubyman.
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26686]: pam_unix(su:session): session closed for user rubyman
May  8 20:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355380.
May  8 20:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26610]: pam_unix(cron:session): session closed for user root
May  8 20:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23704]: pam_unix(cron:session): session closed for user root
May  8 20:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26608]: pam_unix(cron:session): session closed for user samftp
May  8 20:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25655]: pam_unix(cron:session): session closed for user root
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27118]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27120]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27116]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27116]: pam_unix(cron:session): session closed for user p13x
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: Successful su for rubyman by root
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: + ??? root:rubyman
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355384 of user rubyman.
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27192]: pam_unix(su:session): session closed for user rubyman
May  8 20:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355384.
May  8 20:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24335]: pam_unix(cron:session): session closed for user root
May  8 20:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27118]: pam_unix(cron:session): session closed for user samftp
May  8 20:46:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 20:46:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Failed password for root from 218.92.0.198 port 47758 ssh2
May  8 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 47758 ssh2]
May  8 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Received disconnect from 218.92.0.198 port 47758:11:  [preauth]
May  8 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: Disconnected from 218.92.0.198 port 47758 [preauth]
May  8 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27410]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 20:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 20:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Failed password for root from 218.92.0.198 port 57236 ssh2
May  8 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 57236 ssh2]
May  8 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Received disconnect from 218.92.0.198 port 57236:11:  [preauth]
May  8 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: Disconnected from 218.92.0.198 port 57236 [preauth]
May  8 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27465]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 20:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:46:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 20:46:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Failed password for root from 218.92.0.198 port 53028 ssh2
May  8 20:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: message repeated 2 times: [ Failed password for root from 218.92.0.198 port 53028 ssh2]
May  8 20:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Received disconnect from 218.92.0.198 port 53028:11:  [preauth]
May  8 20:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: Disconnected from 218.92.0.198 port 53028 [preauth]
May  8 20:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27476]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.198  user=root
May  8 20:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26131]: pam_unix(cron:session): session closed for user root
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27604]: pam_unix(cron:session): session closed for user p13x
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27671]: Successful su for rubyman by root
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27671]: + ??? root:rubyman
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27671]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355387 of user rubyman.
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27671]: pam_unix(su:session): session closed for user rubyman
May  8 20:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355387.
May  8 20:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user root
May  8 20:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27605]: pam_unix(cron:session): session closed for user samftp
May  8 20:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26612]: pam_unix(cron:session): session closed for user root
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session closed for user p13x
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28078]: Successful su for rubyman by root
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28078]: + ??? root:rubyman
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28078]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355391 of user rubyman.
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28078]: pam_unix(su:session): session closed for user rubyman
May  8 20:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355391.
May  8 20:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25216]: pam_unix(cron:session): session closed for user root
May  8 20:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session closed for user samftp
May  8 20:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Invalid user sina from 197.5.145.8
May  8 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: input_userauth_request: invalid user sina [preauth]
May  8 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Failed password for invalid user sina from 197.5.145.8 port 40065 ssh2
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Received disconnect from 197.5.145.8 port 40065:11: Bye Bye [preauth]
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28274]: Disconnected from 197.5.145.8 port 40065 [preauth]
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Invalid user discord from 178.159.213.128
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: input_userauth_request: invalid user discord [preauth]
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Failed password for invalid user discord from 178.159.213.128 port 17782 ssh2
May  8 20:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Received disconnect from 178.159.213.128 port 17782:11: Bye Bye [preauth]
May  8 20:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28284]: Disconnected from 178.159.213.128 port 17782 [preauth]
May  8 20:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:48:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 20:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for root from 218.92.0.236 port 38188 ssh2
May  8 20:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for root from 218.92.0.236 port 38188 ssh2
May  8 20:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Failed password for root from 218.92.0.236 port 38188 ssh2
May  8 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Received disconnect from 218.92.0.236 port 38188:11:  [preauth]
May  8 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: Disconnected from 218.92.0.236 port 38188 [preauth]
May  8 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28306]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.236  user=root
May  8 20:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Failed password for root from 43.153.195.114 port 38894 ssh2
May  8 20:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Received disconnect from 43.153.195.114 port 38894:11: Bye Bye [preauth]
May  8 20:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28330]: Disconnected from 43.153.195.114 port 38894 [preauth]
May  8 20:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27120]: pam_unix(cron:session): session closed for user root
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28432]: pam_unix(cron:session): session closed for user p13x
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: Successful su for rubyman by root
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: + ??? root:rubyman
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355394 of user rubyman.
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28501]: pam_unix(su:session): session closed for user rubyman
May  8 20:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355394.
May  8 20:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25654]: pam_unix(cron:session): session closed for user root
May  8 20:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28433]: pam_unix(cron:session): session closed for user samftp
May  8 20:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27609]: pam_unix(cron:session): session closed for user root
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28838]: pam_unix(cron:session): session closed for user root
May  8 20:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28832]: pam_unix(cron:session): session closed for user p13x
May  8 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: Successful su for rubyman by root
May  8 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: + ??? root:rubyman
May  8 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355400 of user rubyman.
May  8 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28909]: pam_unix(su:session): session closed for user rubyman
May  8 20:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355400.
May  8 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user root
May  8 20:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26130]: pam_unix(cron:session): session closed for user root
May  8 20:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user samftp
May  8 20:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28018]: pam_unix(cron:session): session closed for user root
May  8 20:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29370]: pam_unix(cron:session): session closed for user p13x
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29442]: Successful su for rubyman by root
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29442]: + ??? root:rubyman
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29442]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355404 of user rubyman.
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29442]: pam_unix(su:session): session closed for user rubyman
May  8 20:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355404.
May  8 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Invalid user mass from 49.64.169.153
May  8 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: input_userauth_request: invalid user mass [preauth]
May  8 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Failed password for invalid user mass from 49.64.169.153 port 42877 ssh2
May  8 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Received disconnect from 49.64.169.153 port 42877:11: Bye Bye [preauth]
May  8 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29464]: Disconnected from 49.64.169.153 port 42877 [preauth]
May  8 20:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26611]: pam_unix(cron:session): session closed for user root
May  8 20:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29372]: pam_unix(cron:session): session closed for user samftp
May  8 20:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:51:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  8 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Failed password for root from 80.94.95.116 port 17486 ssh2
May  8 20:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Connection closed by 80.94.95.116 port 17486 [preauth]
May  8 20:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28436]: pam_unix(cron:session): session closed for user root
May  8 20:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Invalid user user1 from 103.226.138.58
May  8 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: input_userauth_request: invalid user user1 [preauth]
May  8 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Failed password for invalid user user1 from 103.226.138.58 port 45654 ssh2
May  8 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Received disconnect from 103.226.138.58 port 45654:11: Bye Bye [preauth]
May  8 20:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29769]: Disconnected from 103.226.138.58 port 45654 [preauth]
May  8 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29789]: pam_unix(cron:session): session closed for user p13x
May  8 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: Successful su for rubyman by root
May  8 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: + ??? root:rubyman
May  8 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355409 of user rubyman.
May  8 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29852]: pam_unix(su:session): session closed for user rubyman
May  8 20:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355409.
May  8 20:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27119]: pam_unix(cron:session): session closed for user root
May  8 20:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29790]: pam_unix(cron:session): session closed for user samftp
May  8 20:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session closed for user root
May  8 20:52:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Invalid user lch from 197.5.145.8
May  8 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: input_userauth_request: invalid user lch [preauth]
May  8 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:52:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.5.145.8
May  8 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Failed password for invalid user lch from 197.5.145.8 port 40066 ssh2
May  8 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Received disconnect from 197.5.145.8 port 40066:11: Bye Bye [preauth]
May  8 20:52:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30140]: Disconnected from 197.5.145.8 port 40066 [preauth]
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30191]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30192]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30191]: pam_unix(cron:session): session closed for user p13x
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30255]: Successful su for rubyman by root
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30255]: + ??? root:rubyman
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355412 of user rubyman.
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30255]: pam_unix(su:session): session closed for user rubyman
May  8 20:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355412.
May  8 20:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27607]: pam_unix(cron:session): session closed for user root
May  8 20:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30192]: pam_unix(cron:session): session closed for user samftp
May  8 20:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 20:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Failed password for root from 178.159.213.128 port 13605 ssh2
May  8 20:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Received disconnect from 178.159.213.128 port 13605:11: Bye Bye [preauth]
May  8 20:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30426]: Disconnected from 178.159.213.128 port 13605 [preauth]
May  8 20:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29374]: pam_unix(cron:session): session closed for user root
May  8 20:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for root from 43.153.195.114 port 41136 ssh2
May  8 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Received disconnect from 43.153.195.114 port 41136:11: Bye Bye [preauth]
May  8 20:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Disconnected from 43.153.195.114 port 41136 [preauth]
May  8 20:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Failed password for root from 218.92.0.221 port 47668 ssh2
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30596]: pam_unix(cron:session): session closed for user p13x
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30657]: Successful su for rubyman by root
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30657]: + ??? root:rubyman
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355416 of user rubyman.
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30657]: pam_unix(su:session): session closed for user rubyman
May  8 20:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355416.
May  8 20:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Failed password for root from 218.92.0.221 port 47668 ssh2
May  8 20:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28017]: pam_unix(cron:session): session closed for user root
May  8 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Failed password for root from 218.92.0.221 port 47668 ssh2
May  8 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Received disconnect from 218.92.0.221 port 47668:11:  [preauth]
May  8 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: Disconnected from 218.92.0.221 port 47668 [preauth]
May  8 20:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30584]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.221  user=root
May  8 20:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session closed for user samftp
May  8 20:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29792]: pam_unix(cron:session): session closed for user root
May  8 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session closed for user root
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31085]: pam_unix(cron:session): session closed for user p13x
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: Successful su for rubyman by root
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: + ??? root:rubyman
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355424 of user rubyman.
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31158]: pam_unix(su:session): session closed for user rubyman
May  8 20:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355424.
May  8 20:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31087]: pam_unix(cron:session): session closed for user root
May  8 20:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28435]: pam_unix(cron:session): session closed for user root
May  8 20:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user samftp
May  8 20:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30194]: pam_unix(cron:session): session closed for user root
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31524]: pam_unix(cron:session): session closed for user p13x
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31594]: Successful su for rubyman by root
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31594]: + ??? root:rubyman
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355428 of user rubyman.
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31594]: pam_unix(su:session): session closed for user rubyman
May  8 20:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355428.
May  8 20:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May  8 20:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31525]: pam_unix(cron:session): session closed for user samftp
May  8 20:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30600]: pam_unix(cron:session): session closed for user root
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32059]: pam_unix(cron:session): session closed for user p13x
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32294]: Successful su for rubyman by root
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32294]: + ??? root:rubyman
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32294]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355431 of user rubyman.
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32294]: pam_unix(su:session): session closed for user rubyman
May  8 20:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355431.
May  8 20:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29373]: pam_unix(cron:session): session closed for user root
May  8 20:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32060]: pam_unix(cron:session): session closed for user samftp
May  8 20:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153  user=root
May  8 20:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Failed password for root from 49.64.169.153 port 60108 ssh2
May  8 20:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Received disconnect from 49.64.169.153 port 60108:11: Bye Bye [preauth]
May  8 20:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32562]: Disconnected from 49.64.169.153 port 60108 [preauth]
May  8 20:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session closed for user root
May  8 20:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Invalid user student03 from 178.159.213.128
May  8 20:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: input_userauth_request: invalid user student03 [preauth]
May  8 20:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:57:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128
May  8 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Failed password for invalid user student03 from 178.159.213.128 port 7560 ssh2
May  8 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Received disconnect from 178.159.213.128 port 7560:11: Bye Bye [preauth]
May  8 20:57:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32764]: Disconnected from 178.159.213.128 port 7560 [preauth]
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[324]: pam_unix(cron:session): session closed for user p13x
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[422]: Successful su for rubyman by root
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[422]: + ??? root:rubyman
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[422]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355434 of user rubyman.
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[422]: pam_unix(su:session): session closed for user rubyman
May  8 20:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355434.
May  8 20:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29791]: pam_unix(cron:session): session closed for user root
May  8 20:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[325]: pam_unix(cron:session): session closed for user samftp
May  8 20:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31527]: pam_unix(cron:session): session closed for user root
May  8 20:58:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58  user=root
May  8 20:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Failed password for root from 103.226.138.58 port 48330 ssh2
May  8 20:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Received disconnect from 103.226.138.58 port 48330:11: Bye Bye [preauth]
May  8 20:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[774]: Disconnected from 103.226.138.58 port 48330 [preauth]
May  8 20:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[833]: pam_unix(cron:session): session closed for user p13x
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: Successful su for rubyman by root
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: + ??? root:rubyman
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355439 of user rubyman.
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[906]: pam_unix(su:session): session closed for user rubyman
May  8 20:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355439.
May  8 20:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30193]: pam_unix(cron:session): session closed for user root
May  8 20:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[834]: pam_unix(cron:session): session closed for user samftp
May  8 20:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 20:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Invalid user dad from 43.153.195.114
May  8 20:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: input_userauth_request: invalid user dad [preauth]
May  8 20:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): check pass; user unknown
May  8 20:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 20:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72  user=root
May  8 20:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Failed password for invalid user dad from 43.153.195.114 port 32836 ssh2
May  8 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Received disconnect from 43.153.195.114 port 32836:11: Bye Bye [preauth]
May  8 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1168]: Disconnected from 43.153.195.114 port 32836 [preauth]
May  8 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Failed password for root from 157.230.245.72 port 37996 ssh2
May  8 20:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1170]: Connection closed by 157.230.245.72 port 37996 [preauth]
May  8 20:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32065]: pam_unix(cron:session): session closed for user root
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1326]: pam_unix(cron:session): session closed for user root
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1330]: pam_unix(cron:session): session closed for user root
May  8 21:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1324]: pam_unix(cron:session): session closed for user p13x
May  8 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: Successful su for rubyman by root
May  8 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: + ??? root:rubyman
May  8 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355442 of user rubyman.
May  8 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1424]: pam_unix(su:session): session closed for user rubyman
May  8 21:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355442.
May  8 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session closed for user root
May  8 21:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1327]: pam_unix(cron:session): session closed for user root
May  8 21:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1325]: pam_unix(cron:session): session closed for user samftp
May  8 21:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 21:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Failed password for root from 218.92.0.233 port 35414 ssh2
May  8 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 35414 ssh2]
May  8 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Received disconnect from 218.92.0.233 port 35414:11:  [preauth]
May  8 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: Disconnected from 218.92.0.233 port 35414 [preauth]
May  8 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1750]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 21:00:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 21:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[328]: pam_unix(cron:session): session closed for user root
May  8 21:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Failed password for root from 218.92.0.233 port 35422 ssh2
May  8 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 35422 ssh2]
May  8 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Received disconnect from 218.92.0.233 port 35422:11:  [preauth]
May  8 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: Disconnected from 218.92.0.233 port 35422 [preauth]
May  8 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1787]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 21:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 21:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Failed password for root from 218.92.0.233 port 47602 ssh2
May  8 21:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: message repeated 2 times: [ Failed password for root from 218.92.0.233 port 47602 ssh2]
May  8 21:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Received disconnect from 218.92.0.233 port 47602:11:  [preauth]
May  8 21:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: Disconnected from 218.92.0.233 port 47602 [preauth]
May  8 21:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1857]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.233  user=root
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1956]: pam_unix(cron:session): session closed for user p13x
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2063]: Successful su for rubyman by root
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2063]: + ??? root:rubyman
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2063]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355451 of user rubyman.
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2063]: pam_unix(su:session): session closed for user rubyman
May  8 21:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355451.
May  8 21:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user root
May  8 21:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1959]: pam_unix(cron:session): session closed for user samftp
May  8 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[836]: pam_unix(cron:session): session closed for user root
May  8 21:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Invalid user steam from 80.94.95.116
May  8 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: input_userauth_request: invalid user steam [preauth]
May  8 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 21:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Failed password for invalid user steam from 80.94.95.116 port 52802 ssh2
May  8 21:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Connection closed by 80.94.95.116 port 52802 [preauth]
May  8 21:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72  user=root
May  8 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Failed password for root from 157.230.245.72 port 52372 ssh2
May  8 21:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Connection closed by 157.230.245.72 port 52372 [preauth]
May  8 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Invalid user pi from 157.230.245.72
May  8 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: input_userauth_request: invalid user pi [preauth]
May  8 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Invalid user hive from 157.230.245.72
May  8 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: input_userauth_request: invalid user hive [preauth]
May  8 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Failed password for invalid user pi from 157.230.245.72 port 52386 ssh2
May  8 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:01:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: Connection closed by 157.230.245.72 port 52386 [preauth]
May  8 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Invalid user git from 157.230.245.72
May  8 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: input_userauth_request: invalid user git [preauth]
May  8 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Failed password for invalid user hive from 157.230.245.72 port 45904 ssh2
May  8 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2416]: Connection closed by 157.230.245.72 port 45904 [preauth]
May  8 21:01:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Failed password for invalid user git from 157.230.245.72 port 45906 ssh2
May  8 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2427]: Connection closed by 157.230.245.72 port 45906 [preauth]
May  8 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Invalid user wang from 157.230.245.72
May  8 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: input_userauth_request: invalid user wang [preauth]
May  8 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:01:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Failed password for invalid user wang from 157.230.245.72 port 45920 ssh2
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2445]: pam_unix(cron:session): session closed for user p13x
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2429]: Connection closed by 157.230.245.72 port 45920 [preauth]
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: Successful su for rubyman by root
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: + ??? root:rubyman
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355454 of user rubyman.
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2513]: pam_unix(su:session): session closed for user rubyman
May  8 21:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355454.
May  8 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: Invalid user nginx from 157.230.245.72
May  8 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: input_userauth_request: invalid user nginx [preauth]
May  8 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: Failed password for invalid user nginx from 157.230.245.72 port 45934 ssh2
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31526]: pam_unix(cron:session): session closed for user root
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: Invalid user mongo from 157.230.245.72
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: input_userauth_request: invalid user mongo [preauth]
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2436]: Connection closed by 157.230.245.72 port 45934 [preauth]
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2446]: pam_unix(cron:session): session closed for user samftp
May  8 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: Invalid user user from 157.230.245.72
May  8 21:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: input_userauth_request: invalid user user [preauth]
May  8 21:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: Failed password for invalid user mongo from 157.230.245.72 port 47456 ssh2
May  8 21:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2650]: Connection closed by 157.230.245.72 port 47456 [preauth]
May  8 21:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: Failed password for invalid user user from 157.230.245.72 port 47464 ssh2
May  8 21:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2717]: Connection closed by 157.230.245.72 port 47464 [preauth]
May  8 21:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Invalid user oracle from 157.230.245.72
May  8 21:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: input_userauth_request: invalid user oracle [preauth]
May  8 21:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Failed password for invalid user oracle from 157.230.245.72 port 47476 ssh2
May  8 21:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2728]: Connection closed by 157.230.245.72 port 47476 [preauth]
May  8 21:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: Invalid user gpadmin from 157.230.245.72
May  8 21:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: input_userauth_request: invalid user gpadmin [preauth]
May  8 21:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: Failed password for invalid user gpadmin from 157.230.245.72 port 47506 ssh2
May  8 21:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2730]: Connection closed by 157.230.245.72 port 47506 [preauth]
May  8 21:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72  user=root
May  8 21:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Failed password for root from 157.230.245.72 port 60226 ssh2
May  8 21:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2755]: Connection closed by 157.230.245.72 port 60226 [preauth]
May  8 21:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Invalid user esroot from 157.230.245.72
May  8 21:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: input_userauth_request: invalid user esroot [preauth]
May  8 21:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Failed password for invalid user esroot from 157.230.245.72 port 60238 ssh2
May  8 21:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: Invalid user gitlab from 157.230.245.72
May  8 21:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: input_userauth_request: invalid user gitlab [preauth]
May  8 21:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2757]: Connection closed by 157.230.245.72 port 60238 [preauth]
May  8 21:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: Failed password for invalid user gitlab from 157.230.245.72 port 60240 ssh2
May  8 21:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2768]: Connection closed by 157.230.245.72 port 60240 [preauth]
May  8 21:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Invalid user apache from 157.230.245.72
May  8 21:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: input_userauth_request: invalid user apache [preauth]
May  8 21:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Failed password for invalid user apache from 157.230.245.72 port 60250 ssh2
May  8 21:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2770]: Connection closed by 157.230.245.72 port 60250 [preauth]
May  8 21:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72  user=root
May  8 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Failed password for root from 157.230.245.72 port 46538 ssh2
May  8 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2796]: Connection closed by 157.230.245.72 port 46538 [preauth]
May  8 21:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72  user=root
May  8 21:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Failed password for root from 157.230.245.72 port 46542 ssh2
May  8 21:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Invalid user user from 157.230.245.72
May  8 21:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: input_userauth_request: invalid user user [preauth]
May  8 21:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2798]: Connection closed by 157.230.245.72 port 46542 [preauth]
May  8 21:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Failed password for invalid user user from 157.230.245.72 port 46544 ssh2
May  8 21:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2809]: Connection closed by 157.230.245.72 port 46544 [preauth]
May  8 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: Invalid user lighthouse from 157.230.245.72
May  8 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: input_userauth_request: invalid user lighthouse [preauth]
May  8 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: Failed password for invalid user lighthouse from 157.230.245.72 port 34626 ssh2
May  8 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1329]: pam_unix(cron:session): session closed for user root
May  8 21:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2811]: Connection closed by 157.230.245.72 port 34626 [preauth]
May  8 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Invalid user flask from 157.230.245.72
May  8 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: input_userauth_request: invalid user flask [preauth]
May  8 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Failed password for invalid user flask from 157.230.245.72 port 34634 ssh2
May  8 21:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Connection closed by 157.230.245.72 port 34634 [preauth]
May  8 21:02:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Invalid user user1 from 157.230.245.72
May  8 21:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: input_userauth_request: invalid user user1 [preauth]
May  8 21:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Failed password for invalid user user1 from 157.230.245.72 port 34638 ssh2
May  8 21:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2845]: Connection closed by 157.230.245.72 port 34638 [preauth]
May  8 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: Invalid user hadoop from 157.230.245.72
May  8 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: input_userauth_request: invalid user hadoop [preauth]
May  8 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: Failed password for invalid user hadoop from 157.230.245.72 port 34646 ssh2
May  8 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2858]: Connection closed by 157.230.245.72 port 34646 [preauth]
May  8 21:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 21:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Failed password for root from 178.159.213.128 port 1380 ssh2
May  8 21:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Received disconnect from 178.159.213.128 port 1380:11: Bye Bye [preauth]
May  8 21:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2879]: Disconnected from 178.159.213.128 port 1380 [preauth]
May  8 21:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Invalid user developer from 157.230.245.72
May  8 21:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: input_userauth_request: invalid user developer [preauth]
May  8 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.245.72
May  8 21:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Failed password for invalid user developer from 157.230.245.72 port 59420 ssh2
May  8 21:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2897]: Connection closed by 157.230.245.72 port 59420 [preauth]
May  8 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2919]: pam_unix(cron:session): session closed for user p13x
May  8 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: Successful su for rubyman by root
May  8 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: + ??? root:rubyman
May  8 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355460 of user rubyman.
May  8 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2986]: pam_unix(su:session): session closed for user rubyman
May  8 21:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355460.
May  8 21:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32061]: pam_unix(cron:session): session closed for user root
May  8 21:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2920]: pam_unix(cron:session): session closed for user samftp
May  8 21:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: Invalid user js from 49.64.169.153
May  8 21:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: input_userauth_request: invalid user js [preauth]
May  8 21:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 21:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: Failed password for invalid user js from 49.64.169.153 port 49109 ssh2
May  8 21:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: Received disconnect from 49.64.169.153 port 49109:11: Bye Bye [preauth]
May  8 21:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3209]: Disconnected from 49.64.169.153 port 49109 [preauth]
May  8 21:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1968]: pam_unix(cron:session): session closed for user root
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3326]: pam_unix(cron:session): session closed for user p13x
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: Successful su for rubyman by root
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: + ??? root:rubyman
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355461 of user rubyman.
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3401]: pam_unix(su:session): session closed for user rubyman
May  8 21:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355461.
May  8 21:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[326]: pam_unix(cron:session): session closed for user root
May  8 21:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3327]: pam_unix(cron:session): session closed for user samftp
May  8 21:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2448]: pam_unix(cron:session): session closed for user root
May  8 21:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Invalid user james from 43.153.195.114
May  8 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: input_userauth_request: invalid user james [preauth]
May  8 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 21:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Failed password for invalid user james from 43.153.195.114 port 45904 ssh2
May  8 21:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Received disconnect from 43.153.195.114 port 45904:11: Bye Bye [preauth]
May  8 21:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3730]: Disconnected from 43.153.195.114 port 45904 [preauth]
May  8 21:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: Invalid user admin01 from 190.103.202.7
May  8 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: input_userauth_request: invalid user admin01 [preauth]
May  8 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 21:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: Failed password for invalid user admin01 from 190.103.202.7 port 54858 ssh2
May  8 21:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3764]: Connection closed by 190.103.202.7 port 54858 [preauth]
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session closed for user root
May  8 21:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3776]: pam_unix(cron:session): session closed for user p13x
May  8 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3850]: Successful su for rubyman by root
May  8 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3850]: + ??? root:rubyman
May  8 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355468 of user rubyman.
May  8 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3850]: pam_unix(su:session): session closed for user rubyman
May  8 21:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355468.
May  8 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3778]: pam_unix(cron:session): session closed for user root
May  8 21:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[835]: pam_unix(cron:session): session closed for user root
May  8 21:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3777]: pam_unix(cron:session): session closed for user samftp
May  8 21:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2923]: pam_unix(cron:session): session closed for user root
May  8 21:05:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Invalid user sneha from 103.226.138.58
May  8 21:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: input_userauth_request: invalid user sneha [preauth]
May  8 21:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 21:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Failed password for invalid user sneha from 103.226.138.58 port 52270 ssh2
May  8 21:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Received disconnect from 103.226.138.58 port 52270:11: Bye Bye [preauth]
May  8 21:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4220]: Disconnected from 103.226.138.58 port 52270 [preauth]
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4276]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4275]: pam_unix(cron:session): session closed for user p13x
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4466]: Successful su for rubyman by root
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4466]: + ??? root:rubyman
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355472 of user rubyman.
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4466]: pam_unix(su:session): session closed for user rubyman
May  8 21:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355472.
May  8 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1328]: pam_unix(cron:session): session closed for user root
May  8 21:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4276]: pam_unix(cron:session): session closed for user samftp
May  8 21:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3329]: pam_unix(cron:session): session closed for user root
May  8 21:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Invalid user steam from 194.0.234.19
May  8 21:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: input_userauth_request: invalid user steam [preauth]
May  8 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 21:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Failed password for invalid user steam from 194.0.234.19 port 19438 ssh2
May  8 21:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4783]: Connection closed by 194.0.234.19 port 19438 [preauth]
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4832]: pam_unix(cron:session): session closed for user p13x
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: Successful su for rubyman by root
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: + ??? root:rubyman
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355475 of user rubyman.
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4899]: pam_unix(su:session): session closed for user rubyman
May  8 21:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355475.
May  8 21:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1961]: pam_unix(cron:session): session closed for user root
May  8 21:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user samftp
May  8 21:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3780]: pam_unix(cron:session): session closed for user root
May  8 21:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.159.213.128  user=root
May  8 21:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Failed password for root from 178.159.213.128 port 59591 ssh2
May  8 21:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Received disconnect from 178.159.213.128 port 59591:11: Bye Bye [preauth]
May  8 21:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5373]: Disconnected from 178.159.213.128 port 59591 [preauth]
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user p13x
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: Successful su for rubyman by root
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: + ??? root:rubyman
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355480 of user rubyman.
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5515]: pam_unix(su:session): session closed for user rubyman
May  8 21:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355480.
May  8 21:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2447]: pam_unix(cron:session): session closed for user root
May  8 21:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session closed for user samftp
May  8 21:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4280]: pam_unix(cron:session): session closed for user root
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5991]: pam_unix(cron:session): session closed for user p13x
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6132]: Successful su for rubyman by root
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6132]: + ??? root:rubyman
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6132]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355484 of user rubyman.
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6132]: pam_unix(su:session): session closed for user rubyman
May  8 21:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355484.
May  8 21:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5989]: pam_unix(cron:session): session closed for user root
May  8 21:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2922]: pam_unix(cron:session): session closed for user root
May  8 21:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user samftp
May  8 21:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: Invalid user git from 49.64.169.153
May  8 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: input_userauth_request: invalid user git [preauth]
May  8 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.64.169.153
May  8 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: Failed password for invalid user git from 49.64.169.153 port 38122 ssh2
May  8 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: Received disconnect from 49.64.169.153 port 38122:11: Bye Bye [preauth]
May  8 21:09:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6354]: Disconnected from 49.64.169.153 port 38122 [preauth]
May  8 21:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
May  8 21:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.108.169.58  user=root
May  8 21:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6483]: Failed password for root from 171.108.169.58 port 61294 ssh2
May  8 21:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6483]: Connection closed by 171.108.169.58 port 61294 [preauth]
May  8 21:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6517]: pam_unix(cron:session): session closed for user root
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6512]: pam_unix(cron:session): session closed for user p13x
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: Successful su for rubyman by root
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: + ??? root:rubyman
May  8 21:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355489 of user rubyman.
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6580]: pam_unix(su:session): session closed for user rubyman
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355489.
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Invalid user dev from 118.45.205.44
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: input_userauth_request: invalid user dev [preauth]
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Invalid user ubuntu from 43.153.195.114
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: input_userauth_request: invalid user ubuntu [preauth]
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6514]: pam_unix(cron:session): session closed for user root
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3328]: pam_unix(cron:session): session closed for user root
May  8 21:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Failed password for invalid user dev from 118.45.205.44 port 33254 ssh2
May  8 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Received disconnect from 118.45.205.44 port 33254:11: Bye Bye [preauth]
May  8 21:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6577]: Disconnected from 118.45.205.44 port 33254 [preauth]
May  8 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Failed password for invalid user ubuntu from 43.153.195.114 port 44920 ssh2
May  8 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Received disconnect from 43.153.195.114 port 44920:11: Bye Bye [preauth]
May  8 21:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6663]: Disconnected from 43.153.195.114 port 44920 [preauth]
May  8 21:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6513]: pam_unix(cron:session): session closed for user samftp
May  8 21:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 21:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Failed password for root from 80.94.95.241 port 61916 ssh2
May  8 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 61916 ssh2]
May  8 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Received disconnect from 80.94.95.241 port 61916:11: Bye [preauth]
May  8 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Disconnected from 80.94.95.241 port 61916 [preauth]
May  8 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 21:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 21:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5446]: pam_unix(cron:session): session closed for user root
May  8 21:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Invalid user admin from 80.94.95.112
May  8 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: input_userauth_request: invalid user admin [preauth]
May  8 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 21:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user admin from 80.94.95.112 port 11521 ssh2
May  8 21:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7050]: pam_unix(cron:session): session closed for user p13x
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user admin from 80.94.95.112 port 11521 ssh2
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7138]: Successful su for rubyman by root
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7138]: + ??? root:rubyman
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7138]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355494 of user rubyman.
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7138]: pam_unix(su:session): session closed for user rubyman
May  8 21:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355494.
May  8 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user admin from 80.94.95.112 port 11521 ssh2
May  8 21:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3779]: pam_unix(cron:session): session closed for user root
May  8 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user admin from 80.94.95.112 port 11521 ssh2
May  8 21:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7054]: pam_unix(cron:session): session closed for user samftp
May  8 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Failed password for invalid user admin from 80.94.95.112 port 11521 ssh2
May  8 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Received disconnect from 80.94.95.112 port 11521:11: Bye [preauth]
May  8 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: Disconnected from 80.94.95.112 port 11521 [preauth]
May  8 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 21:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7037]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 21:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
May  8 21:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.108.169.58  user=root
May  8 21:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7450]: Failed password for root from 171.108.169.58 port 36852 ssh2
May  8 21:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7450]: Connection closed by 171.108.169.58 port 36852 [preauth]
May  8 21:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7473]: pam_unix(cron:session): session closed for user p13x
May  8 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7637]: Successful su for rubyman by root
May  8 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7637]: + ??? root:rubyman
May  8 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355498 of user rubyman.
May  8 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7637]: pam_unix(su:session): session closed for user rubyman
May  8 21:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355498.
May  8 21:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4279]: pam_unix(cron:session): session closed for user root
May  8 21:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7474]: pam_unix(cron:session): session closed for user samftp
May  8 21:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6516]: pam_unix(cron:session): session closed for user root
May  8 21:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Invalid user joko from 103.226.138.58
May  8 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: input_userauth_request: invalid user joko [preauth]
May  8 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 21:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Failed password for invalid user joko from 103.226.138.58 port 35186 ssh2
May  8 21:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Received disconnect from 103.226.138.58 port 35186:11: Bye Bye [preauth]
May  8 21:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7955]: Disconnected from 103.226.138.58 port 35186 [preauth]
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8000]: pam_unix(cron:session): session closed for user p13x
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8059]: Successful su for rubyman by root
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8059]: + ??? root:rubyman
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8059]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355503 of user rubyman.
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8059]: pam_unix(su:session): session closed for user rubyman
May  8 21:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355503.
May  8 21:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user root
May  8 21:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8001]: pam_unix(cron:session): session closed for user samftp
May  8 21:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7056]: pam_unix(cron:session): session closed for user root
May  8 21:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.108.169.58  user=root
May  8 21:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Failed password for root from 171.108.169.58 port 22910 ssh2
May  8 21:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8410]: Connection closed by 171.108.169.58 port 22910 [preauth]
May  8 21:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.108.169.58  user=root
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8437]: pam_unix(cron:session): session closed for user p13x
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: Successful su for rubyman by root
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: + ??? root:rubyman
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355507 of user rubyman.
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8502]: pam_unix(su:session): session closed for user rubyman
May  8 21:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355507.
May  8 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Failed password for root from 171.108.169.58 port 22922 ssh2
May  8 21:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8421]: Connection closed by 171.108.169.58 port 22922 [preauth]
May  8 21:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user root
May  8 21:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8438]: pam_unix(cron:session): session closed for user samftp
May  8 21:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session closed for user root
May  8 21:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: Invalid user  from 170.64.222.115
May  8 21:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: input_userauth_request: invalid user  [preauth]
May  8 21:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: Connection closed by 170.64.222.115 port 46208 [preauth]
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session closed for user root
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8863]: pam_unix(cron:session): session closed for user p13x
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8934]: Successful su for rubyman by root
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8934]: + ??? root:rubyman
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8934]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355515 of user rubyman.
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8934]: pam_unix(su:session): session closed for user rubyman
May  8 21:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355515.
May  8 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8865]: pam_unix(cron:session): session closed for user root
May  8 21:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user root
May  8 21:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8864]: pam_unix(cron:session): session closed for user samftp
May  8 21:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Invalid user igor from 43.153.195.114
May  8 21:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: input_userauth_request: invalid user igor [preauth]
May  8 21:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 21:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Failed password for invalid user igor from 43.153.195.114 port 36340 ssh2
May  8 21:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Received disconnect from 43.153.195.114 port 36340:11: Bye Bye [preauth]
May  8 21:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9320]: Disconnected from 43.153.195.114 port 36340 [preauth]
May  8 21:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8003]: pam_unix(cron:session): session closed for user root
May  8 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Failed password for root from 170.64.222.115 port 34954 ssh2
May  8 21:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9331]: Connection closed by 170.64.222.115 port 34954 [preauth]
May  8 21:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Invalid user debian from 170.64.222.115
May  8 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: input_userauth_request: invalid user debian [preauth]
May  8 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Failed password for invalid user debian from 170.64.222.115 port 34956 ssh2
May  8 21:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9366]: Connection closed by 170.64.222.115 port 34956 [preauth]
May  8 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Invalid user centos from 170.64.222.115
May  8 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: input_userauth_request: invalid user centos [preauth]
May  8 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Failed password for invalid user centos from 170.64.222.115 port 49150 ssh2
May  8 21:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Connection closed by 170.64.222.115 port 49150 [preauth]
May  8 21:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Invalid user hive from 170.64.222.115
May  8 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: input_userauth_request: invalid user hive [preauth]
May  8 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Failed password for invalid user hive from 170.64.222.115 port 49160 ssh2
May  8 21:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Connection closed by 170.64.222.115 port 49160 [preauth]
May  8 21:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: Invalid user user from 170.64.222.115
May  8 21:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: input_userauth_request: invalid user user [preauth]
May  8 21:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: Failed password for invalid user user from 170.64.222.115 port 60006 ssh2
May  8 21:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: Connection closed by 170.64.222.115 port 60006 [preauth]
May  8 21:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Invalid user apache from 170.64.222.115
May  8 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: input_userauth_request: invalid user apache [preauth]
May  8 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Failed password for invalid user apache from 170.64.222.115 port 60032 ssh2
May  8 21:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9422]: Connection closed by 170.64.222.115 port 60032 [preauth]
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9435]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9434]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9434]: pam_unix(cron:session): session closed for user p13x
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9502]: Successful su for rubyman by root
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9502]: + ??? root:rubyman
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355516 of user rubyman.
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9502]: pam_unix(su:session): session closed for user rubyman
May  8 21:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355516.
May  8 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Invalid user samba from 170.64.222.115
May  8 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: input_userauth_request: invalid user samba [preauth]
May  8 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for invalid user samba from 170.64.222.115 port 37010 ssh2
May  8 21:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Connection closed by 170.64.222.115 port 37010 [preauth]
May  8 21:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6515]: pam_unix(cron:session): session closed for user root
May  8 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9435]: pam_unix(cron:session): session closed for user samftp
May  8 21:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Invalid user dev from 170.64.222.115
May  8 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: input_userauth_request: invalid user dev [preauth]
May  8 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Failed password for invalid user dev from 170.64.222.115 port 37016 ssh2
May  8 21:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9687]: Connection closed by 170.64.222.115 port 37016 [preauth]
May  8 21:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Invalid user ftpuser from 170.64.222.115
May  8 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: input_userauth_request: invalid user ftpuser [preauth]
May  8 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 21:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Failed password for invalid user ftpuser from 170.64.222.115 port 36932 ssh2
May  8 21:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9698]: Connection closed by 170.64.222.115 port 36932 [preauth]
May  8 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: Failed password for root from 118.45.205.44 port 52288 ssh2
May  8 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: Received disconnect from 118.45.205.44 port 52288:11: Bye Bye [preauth]
May  8 21:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: Disconnected from 118.45.205.44 port 52288 [preauth]
May  8 21:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Invalid user kubernetes from 170.64.222.115
May  8 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: input_userauth_request: invalid user kubernetes [preauth]
May  8 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Failed password for invalid user kubernetes from 170.64.222.115 port 36948 ssh2
May  8 21:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9725]: Connection closed by 170.64.222.115 port 36948 [preauth]
May  8 21:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: Invalid user docker from 170.64.222.115
May  8 21:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: input_userauth_request: invalid user docker [preauth]
May  8 21:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: Failed password for invalid user docker from 170.64.222.115 port 60210 ssh2
May  8 21:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9742]: Connection closed by 170.64.222.115 port 60210 [preauth]
May  8 21:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Failed password for root from 170.64.222.115 port 60218 ssh2
May  8 21:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9769]: Connection closed by 170.64.222.115 port 60218 [preauth]
May  8 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Invalid user elasticsearch from 170.64.222.115
May  8 21:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8440]: pam_unix(cron:session): session closed for user root
May  8 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Failed password for invalid user elasticsearch from 170.64.222.115 port 37438 ssh2
May  8 21:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9780]: Connection closed by 170.64.222.115 port 37438 [preauth]
May  8 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Invalid user es from 170.64.222.115
May  8 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: input_userauth_request: invalid user es [preauth]
May  8 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Failed password for invalid user es from 170.64.222.115 port 37442 ssh2
May  8 21:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9812]: Connection closed by 170.64.222.115 port 37442 [preauth]
May  8 21:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: Failed password for root from 170.64.222.115 port 42164 ssh2
May  8 21:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9824]: Connection closed by 170.64.222.115 port 42164 [preauth]
May  8 21:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Invalid user admin from 170.64.222.115
May  8 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: input_userauth_request: invalid user admin [preauth]
May  8 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Failed password for invalid user admin from 170.64.222.115 port 42170 ssh2
May  8 21:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9840]: Connection closed by 170.64.222.115 port 42170 [preauth]
May  8 21:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Invalid user server from 170.64.222.115
May  8 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: input_userauth_request: invalid user server [preauth]
May  8 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Failed password for invalid user server from 170.64.222.115 port 49936 ssh2
May  8 21:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9850]: Connection closed by 170.64.222.115 port 49936 [preauth]
May  8 21:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Invalid user sonar from 170.64.222.115
May  8 21:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: input_userauth_request: invalid user sonar [preauth]
May  8 21:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Failed password for invalid user sonar from 170.64.222.115 port 49942 ssh2
May  8 21:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9861]: Connection closed by 170.64.222.115 port 49942 [preauth]
May  8 21:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Invalid user ubnt from 170.64.222.115
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: input_userauth_request: invalid user ubnt [preauth]
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9875]: pam_unix(cron:session): session closed for user root
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9877]: pam_unix(cron:session): session closed for user p13x
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: Successful su for rubyman by root
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: + ??? root:rubyman
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355520 of user rubyman.
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9942]: pam_unix(su:session): session closed for user rubyman
May  8 21:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355520.
May  8 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Failed password for invalid user ubnt from 170.64.222.115 port 42158 ssh2
May  8 21:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9873]: Connection closed by 170.64.222.115 port 42158 [preauth]
May  8 21:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7055]: pam_unix(cron:session): session closed for user root
May  8 21:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9879]: pam_unix(cron:session): session closed for user samftp
May  8 21:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Failed password for root from 170.64.222.115 port 42172 ssh2
May  8 21:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10112]: Connection closed by 170.64.222.115 port 42172 [preauth]
May  8 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Invalid user www from 170.64.222.115
May  8 21:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: input_userauth_request: invalid user www [preauth]
May  8 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Failed password for invalid user www from 170.64.222.115 port 42178 ssh2
May  8 21:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10138]: Connection closed by 170.64.222.115 port 42178 [preauth]
May  8 21:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Invalid user oracle from 170.64.222.115
May  8 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: input_userauth_request: invalid user oracle [preauth]
May  8 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Failed password for invalid user oracle from 170.64.222.115 port 39920 ssh2
May  8 21:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10162]: Connection closed by 170.64.222.115 port 39920 [preauth]
May  8 21:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: Failed password for root from 170.64.222.115 port 39924 ssh2
May  8 21:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10172]: Connection closed by 170.64.222.115 port 39924 [preauth]
May  8 21:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: User mysql from 170.64.222.115 not allowed because not listed in AllowUsers
May  8 21:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: input_userauth_request: invalid user mysql [preauth]
May  8 21:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=mysql
May  8 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Failed password for invalid user mysql from 170.64.222.115 port 50436 ssh2
May  8 21:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10194]: Connection closed by 170.64.222.115 port 50436 [preauth]
May  8 21:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: User ftp from 170.64.222.115 not allowed because not listed in AllowUsers
May  8 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: input_userauth_request: invalid user ftp [preauth]
May  8 21:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=ftp
May  8 21:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Failed password for invalid user ftp from 170.64.222.115 port 50440 ssh2
May  8 21:17:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10220]: Connection closed by 170.64.222.115 port 50440 [preauth]
May  8 21:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session closed for user root
May  8 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Invalid user ec2-user from 170.64.222.115
May  8 21:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: input_userauth_request: invalid user ec2-user [preauth]
May  8 21:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Failed password for invalid user ec2-user from 170.64.222.115 port 44422 ssh2
May  8 21:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10318]: Connection closed by 170.64.222.115 port 44422 [preauth]
May  8 21:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Invalid user user1 from 170.64.222.115
May  8 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: input_userauth_request: invalid user user1 [preauth]
May  8 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Failed password for invalid user user1 from 170.64.222.115 port 44424 ssh2
May  8 21:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10330]: Connection closed by 170.64.222.115 port 44424 [preauth]
May  8 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: Invalid user ts from 170.64.222.115
May  8 21:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: input_userauth_request: invalid user ts [preauth]
May  8 21:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: Failed password for invalid user ts from 170.64.222.115 port 40222 ssh2
May  8 21:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10354]: Connection closed by 170.64.222.115 port 40222 [preauth]
May  8 21:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Invalid user odoo from 170.64.222.115
May  8 21:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: input_userauth_request: invalid user odoo [preauth]
May  8 21:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Failed password for invalid user odoo from 170.64.222.115 port 40230 ssh2
May  8 21:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10365]: Connection closed by 170.64.222.115 port 40230 [preauth]
May  8 21:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Invalid user jenkins from 170.64.222.115
May  8 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: input_userauth_request: invalid user jenkins [preauth]
May  8 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Failed password for invalid user jenkins from 170.64.222.115 port 43350 ssh2
May  8 21:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10376]: Connection closed by 170.64.222.115 port 43350 [preauth]
May  8 21:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Failed password for root from 170.64.222.115 port 43358 ssh2
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10387]: Connection closed by 170.64.222.115 port 43358 [preauth]
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10404]: pam_unix(cron:session): session closed for user p13x
May  8 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: Successful su for rubyman by root
May  8 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: + ??? root:rubyman
May  8 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355525 of user rubyman.
May  8 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10476]: pam_unix(su:session): session closed for user rubyman
May  8 21:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355525.
May  8 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Invalid user wang from 170.64.222.115
May  8 21:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: input_userauth_request: invalid user wang [preauth]
May  8 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session closed for user root
May  8 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Failed password for invalid user wang from 170.64.222.115 port 48040 ssh2
May  8 21:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10546]: Connection closed by 170.64.222.115 port 48040 [preauth]
May  8 21:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10405]: pam_unix(cron:session): session closed for user samftp
May  8 21:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Invalid user test from 170.64.222.115
May  8 21:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: input_userauth_request: invalid user test [preauth]
May  8 21:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Failed password for invalid user test from 170.64.222.115 port 48060 ssh2
May  8 21:18:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10713]: Connection closed by 170.64.222.115 port 48060 [preauth]
May  8 21:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Invalid user dolphinscheduler from 170.64.222.115
May  8 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Failed password for invalid user dolphinscheduler from 170.64.222.115 port 35114 ssh2
May  8 21:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10736]: Connection closed by 170.64.222.115 port 35114 [preauth]
May  8 21:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: Failed password for root from 170.64.222.115 port 35130 ssh2
May  8 21:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10768]: Connection closed by 170.64.222.115 port 35130 [preauth]
May  8 21:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Invalid user ubuntu from 170.64.222.115
May  8 21:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: input_userauth_request: invalid user ubuntu [preauth]
May  8 21:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Failed password for invalid user ubuntu from 170.64.222.115 port 54406 ssh2
May  8 21:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10778]: Connection closed by 170.64.222.115 port 54406 [preauth]
May  8 21:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Invalid user deploy from 170.64.222.115
May  8 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: input_userauth_request: invalid user deploy [preauth]
May  8 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Failed password for invalid user deploy from 170.64.222.115 port 54416 ssh2
May  8 21:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10794]: Connection closed by 170.64.222.115 port 54416 [preauth]
May  8 21:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Invalid user developer from 170.64.222.115
May  8 21:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: input_userauth_request: invalid user developer [preauth]
May  8 21:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session closed for user root
May  8 21:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 21:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Failed password for invalid user developer from 170.64.222.115 port 54890 ssh2
May  8 21:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10806]: Connection closed by 170.64.222.115 port 54890 [preauth]
May  8 21:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Failed password for root from 193.70.84.184 port 41728 ssh2
May  8 21:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10816]: Connection closed by 193.70.84.184 port 41728 [preauth]
May  8 21:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Failed password for root from 170.64.222.115 port 54894 ssh2
May  8 21:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10839]: Connection closed by 170.64.222.115 port 54894 [preauth]
May  8 21:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Invalid user gitlab from 170.64.222.115
May  8 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: input_userauth_request: invalid user gitlab [preauth]
May  8 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Failed password for invalid user gitlab from 170.64.222.115 port 42154 ssh2
May  8 21:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10850]: Connection closed by 170.64.222.115 port 42154 [preauth]
May  8 21:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Failed password for root from 170.64.222.115 port 42162 ssh2
May  8 21:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10872]: Connection closed by 170.64.222.115 port 42162 [preauth]
May  8 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Invalid user git from 170.64.222.115
May  8 21:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: input_userauth_request: invalid user git [preauth]
May  8 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Failed password for invalid user git from 170.64.222.115 port 37332 ssh2
May  8 21:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10882]: Connection closed by 170.64.222.115 port 37332 [preauth]
May  8 21:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Invalid user user from 170.64.222.115
May  8 21:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: input_userauth_request: invalid user user [preauth]
May  8 21:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Failed password for invalid user user from 170.64.222.115 port 37358 ssh2
May  8 21:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10892]: Connection closed by 170.64.222.115 port 37358 [preauth]
May  8 21:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10907]: pam_unix(cron:session): session closed for user p13x
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Invalid user esroot from 170.64.222.115
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: input_userauth_request: invalid user esroot [preauth]
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: Successful su for rubyman by root
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: + ??? root:rubyman
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355530 of user rubyman.
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10964]: pam_unix(su:session): session closed for user rubyman
May  8 21:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355530.
May  8 21:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Failed password for invalid user esroot from 170.64.222.115 port 39842 ssh2
May  8 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10904]: Connection closed by 170.64.222.115 port 39842 [preauth]
May  8 21:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8002]: pam_unix(cron:session): session closed for user root
May  8 21:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Invalid user flink from 170.64.222.115
May  8 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: input_userauth_request: invalid user flink [preauth]
May  8 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10908]: pam_unix(cron:session): session closed for user samftp
May  8 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Failed password for invalid user flink from 170.64.222.115 port 39846 ssh2
May  8 21:19:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11132]: Connection closed by 170.64.222.115 port 39846 [preauth]
May  8 21:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: Invalid user jfedu1 from 170.64.222.115
May  8 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: input_userauth_request: invalid user jfedu1 [preauth]
May  8 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: Failed password for invalid user jfedu1 from 170.64.222.115 port 43424 ssh2
May  8 21:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11163]: Connection closed by 170.64.222.115 port 43424 [preauth]
May  8 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Invalid user jms from 170.64.222.115
May  8 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: input_userauth_request: invalid user jms [preauth]
May  8 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Failed password for invalid user jms from 170.64.222.115 port 43430 ssh2
May  8 21:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11178]: Connection closed by 170.64.222.115 port 43430 [preauth]
May  8 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Invalid user app from 170.64.222.115
May  8 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: input_userauth_request: invalid user app [preauth]
May  8 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Failed password for invalid user app from 170.64.222.115 port 43438 ssh2
May  8 21:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Connection closed by 170.64.222.115 port 43438 [preauth]
May  8 21:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Invalid user test from 170.64.222.115
May  8 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: input_userauth_request: invalid user test [preauth]
May  8 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Failed password for invalid user test from 170.64.222.115 port 52298 ssh2
May  8 21:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11211]: Connection closed by 170.64.222.115 port 52298 [preauth]
May  8 21:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: Invalid user niaoyun from 170.64.222.115
May  8 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: input_userauth_request: invalid user niaoyun [preauth]
May  8 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Invalid user thomas from 103.226.138.58
May  8 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: input_userauth_request: invalid user thomas [preauth]
May  8 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 21:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: Failed password for invalid user niaoyun from 170.64.222.115 port 52304 ssh2
May  8 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11224]: Connection closed by 170.64.222.115 port 52304 [preauth]
May  8 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Failed password for invalid user thomas from 103.226.138.58 port 34800 ssh2
May  8 21:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9881]: pam_unix(cron:session): session closed for user root
May  8 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Received disconnect from 103.226.138.58 port 34800:11: Bye Bye [preauth]
May  8 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11222]: Disconnected from 103.226.138.58 port 34800 [preauth]
May  8 21:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Failed password for root from 170.64.222.115 port 59102 ssh2
May  8 21:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11254]: Connection closed by 170.64.222.115 port 59102 [preauth]
May  8 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: Invalid user admin from 170.64.222.115
May  8 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: input_userauth_request: invalid user admin [preauth]
May  8 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: Failed password for invalid user admin from 170.64.222.115 port 59126 ssh2
May  8 21:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11265]: Connection closed by 170.64.222.115 port 59126 [preauth]
May  8 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Invalid user nginx from 170.64.222.115
May  8 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: input_userauth_request: invalid user nginx [preauth]
May  8 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Failed password for invalid user nginx from 170.64.222.115 port 51098 ssh2
May  8 21:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11289]: Connection closed by 170.64.222.115 port 51098 [preauth]
May  8 21:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Failed password for root from 170.64.222.115 port 51106 ssh2
May  8 21:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11299]: Connection closed by 170.64.222.115 port 51106 [preauth]
May  8 21:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Invalid user oscar from 170.64.222.115
May  8 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: input_userauth_request: invalid user oscar [preauth]
May  8 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Failed password for invalid user oscar from 170.64.222.115 port 55348 ssh2
May  8 21:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11309]: Connection closed by 170.64.222.115 port 55348 [preauth]
May  8 21:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: Invalid user bigdata from 170.64.222.115
May  8 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: input_userauth_request: invalid user bigdata [preauth]
May  8 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11327]: pam_unix(cron:session): session closed for user root
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11322]: pam_unix(cron:session): session closed for user p13x
May  8 21:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: Failed password for invalid user bigdata from 170.64.222.115 port 55366 ssh2
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11319]: Connection closed by 170.64.222.115 port 55366 [preauth]
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: Successful su for rubyman by root
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: + ??? root:rubyman
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355533 of user rubyman.
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11388]: pam_unix(su:session): session closed for user rubyman
May  8 21:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355533.
May  8 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Invalid user lighthouse from 170.64.222.115
May  8 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: input_userauth_request: invalid user lighthouse [preauth]
May  8 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11324]: pam_unix(cron:session): session closed for user root
May  8 21:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8439]: pam_unix(cron:session): session closed for user root
May  8 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Failed password for invalid user lighthouse from 170.64.222.115 port 53328 ssh2
May  8 21:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11458]: Connection closed by 170.64.222.115 port 53328 [preauth]
May  8 21:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11323]: pam_unix(cron:session): session closed for user samftp
May  8 21:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Invalid user fastuser from 170.64.222.115
May  8 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: input_userauth_request: invalid user fastuser [preauth]
May  8 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Failed password for invalid user fastuser from 170.64.222.115 port 53334 ssh2
May  8 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11609]: Connection closed by 170.64.222.115 port 53334 [preauth]
May  8 21:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Invalid user esuser from 170.64.222.115
May  8 21:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: input_userauth_request: invalid user esuser [preauth]
May  8 21:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Failed password for invalid user esuser from 170.64.222.115 port 33254 ssh2
May  8 21:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11621]: Connection closed by 170.64.222.115 port 33254 [preauth]
May  8 21:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Invalid user opc from 170.64.222.115
May  8 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: input_userauth_request: invalid user opc [preauth]
May  8 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Failed password for invalid user opc from 170.64.222.115 port 33260 ssh2
May  8 21:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11645]: Connection closed by 170.64.222.115 port 33260 [preauth]
May  8 21:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  8 21:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Invalid user nginx from 170.64.222.115
May  8 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: input_userauth_request: invalid user nginx [preauth]
May  8 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11655]: Failed password for root from 190.103.202.7 port 47142 ssh2
May  8 21:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11655]: Connection closed by 190.103.202.7 port 47142 [preauth]
May  8 21:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Failed password for invalid user nginx from 170.64.222.115 port 50420 ssh2
May  8 21:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11657]: Connection closed by 170.64.222.115 port 50420 [preauth]
May  8 21:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: Invalid user sadmin from 170.64.222.115
May  8 21:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: input_userauth_request: invalid user sadmin [preauth]
May  8 21:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: Failed password for invalid user sadmin from 170.64.222.115 port 50442 ssh2
May  8 21:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11679]: Connection closed by 170.64.222.115 port 50442 [preauth]
May  8 21:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Invalid user system from 170.64.222.115
May  8 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: input_userauth_request: invalid user system [preauth]
May  8 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10407]: pam_unix(cron:session): session closed for user root
May  8 21:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Failed password for invalid user system from 170.64.222.115 port 37420 ssh2
May  8 21:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11689]: Connection closed by 170.64.222.115 port 37420 [preauth]
May  8 21:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Invalid user flask from 170.64.222.115
May  8 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: input_userauth_request: invalid user flask [preauth]
May  8 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Failed password for invalid user flask from 170.64.222.115 port 37432 ssh2
May  8 21:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11723]: Connection closed by 170.64.222.115 port 37432 [preauth]
May  8 21:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Invalid user gitlab-runner from 170.64.222.115
May  8 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: input_userauth_request: invalid user gitlab-runner [preauth]
May  8 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Failed password for invalid user gitlab-runner from 170.64.222.115 port 59048 ssh2
May  8 21:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11732]: Connection closed by 170.64.222.115 port 59048 [preauth]
May  8 21:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Invalid user ubuntu from 170.64.222.115
May  8 21:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: input_userauth_request: invalid user ubuntu [preauth]
May  8 21:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Failed password for invalid user ubuntu from 170.64.222.115 port 59076 ssh2
May  8 21:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11747]: Connection closed by 170.64.222.115 port 59076 [preauth]
May  8 21:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Invalid user hadoop from 170.64.222.115
May  8 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: input_userauth_request: invalid user hadoop [preauth]
May  8 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Failed password for invalid user hadoop from 170.64.222.115 port 36486 ssh2
May  8 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11757]: Connection closed by 170.64.222.115 port 36486 [preauth]
May  8 21:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 21:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Invalid user runner from 170.64.222.115
May  8 21:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: input_userauth_request: invalid user runner [preauth]
May  8 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Failed password for root from 43.153.195.114 port 55552 ssh2
May  8 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Received disconnect from 43.153.195.114 port 55552:11: Bye Bye [preauth]
May  8 21:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11769]: Disconnected from 43.153.195.114 port 55552 [preauth]
May  8 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Failed password for invalid user runner from 170.64.222.115 port 36504 ssh2
May  8 21:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11771]: Connection closed by 170.64.222.115 port 36504 [preauth]
May  8 21:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11784]: pam_unix(cron:session): session closed for user p13x
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11853]: Successful su for rubyman by root
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11853]: + ??? root:rubyman
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355539 of user rubyman.
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11853]: pam_unix(su:session): session closed for user rubyman
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355539.
May  8 21:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104  user=root
May  8 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Failed password for root from 170.64.222.115 port 54808 ssh2
May  8 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11781]: Connection closed by 170.64.222.115 port 54808 [preauth]
May  8 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Failed password for root from 23.94.179.104 port 43306 ssh2
May  8 21:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11619]: Connection closed by 23.94.179.104 port 43306 [preauth]
May  8 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8867]: pam_unix(cron:session): session closed for user root
May  8 21:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Invalid user jumpserver from 170.64.222.115
May  8 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: input_userauth_request: invalid user jumpserver [preauth]
May  8 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11785]: pam_unix(cron:session): session closed for user samftp
May  8 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Failed password for invalid user jumpserver from 170.64.222.115 port 54812 ssh2
May  8 21:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12015]: Connection closed by 170.64.222.115 port 54812 [preauth]
May  8 21:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Invalid user amir from 170.64.222.115
May  8 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: input_userauth_request: invalid user amir [preauth]
May  8 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Failed password for invalid user amir from 170.64.222.115 port 34794 ssh2
May  8 21:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12041]: Connection closed by 170.64.222.115 port 34794 [preauth]
May  8 21:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Invalid user ftpuser from 170.64.222.115
May  8 21:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: input_userauth_request: invalid user ftpuser [preauth]
May  8 21:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Failed password for invalid user ftpuser from 170.64.222.115 port 34804 ssh2
May  8 21:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12064]: Connection closed by 170.64.222.115 port 34804 [preauth]
May  8 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Invalid user ranger from 170.64.222.115
May  8 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: input_userauth_request: invalid user ranger [preauth]
May  8 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Failed password for invalid user ranger from 170.64.222.115 port 34814 ssh2
May  8 21:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12074]: Connection closed by 170.64.222.115 port 34814 [preauth]
May  8 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Invalid user gitlab from 170.64.222.115
May  8 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: input_userauth_request: invalid user gitlab [preauth]
May  8 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Failed password for invalid user gitlab from 170.64.222.115 port 37070 ssh2
May  8 21:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12099]: Connection closed by 170.64.222.115 port 37070 [preauth]
May  8 21:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Invalid user git from 170.64.222.115
May  8 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: input_userauth_request: invalid user git [preauth]
May  8 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Failed password for invalid user git from 170.64.222.115 port 37076 ssh2
May  8 21:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12109]: Connection closed by 170.64.222.115 port 37076 [preauth]
May  8 21:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10910]: pam_unix(cron:session): session closed for user root
May  8 21:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Invalid user media from 170.64.222.115
May  8 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: input_userauth_request: invalid user media [preauth]
May  8 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Failed password for invalid user media from 170.64.222.115 port 34982 ssh2
May  8 21:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12132]: Connection closed by 170.64.222.115 port 34982 [preauth]
May  8 21:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Invalid user gpuadmin from 170.64.222.115
May  8 21:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: input_userauth_request: invalid user gpuadmin [preauth]
May  8 21:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Failed password for invalid user gpuadmin from 170.64.222.115 port 34988 ssh2
May  8 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12143]: Connection closed by 170.64.222.115 port 34988 [preauth]
May  8 21:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: Invalid user damian from 118.45.205.44
May  8 21:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: input_userauth_request: invalid user damian [preauth]
May  8 21:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Invalid user hadoop from 170.64.222.115
May  8 21:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: input_userauth_request: invalid user hadoop [preauth]
May  8 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: Failed password for invalid user damian from 118.45.205.44 port 41898 ssh2
May  8 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: Received disconnect from 118.45.205.44 port 41898:11: Bye Bye [preauth]
May  8 21:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12154]: Disconnected from 118.45.205.44 port 41898 [preauth]
May  8 21:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Failed password for invalid user hadoop from 170.64.222.115 port 37932 ssh2
May  8 21:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12162]: Connection closed by 170.64.222.115 port 37932 [preauth]
May  8 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Invalid user www from 170.64.222.115
May  8 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: input_userauth_request: invalid user www [preauth]
May  8 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Failed password for invalid user www from 170.64.222.115 port 37958 ssh2
May  8 21:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Connection closed by 170.64.222.115 port 37958 [preauth]
May  8 21:21:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Failed password for root from 170.64.222.115 port 50462 ssh2
May  8 21:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12190]: Connection closed by 170.64.222.115 port 50462 [preauth]
May  8 21:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Failed password for root from 170.64.222.115 port 50476 ssh2
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12200]: Connection closed by 170.64.222.115 port 50476 [preauth]
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12210]: pam_unix(cron:session): session closed for user p13x
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12275]: Successful su for rubyman by root
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12275]: + ??? root:rubyman
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355543 of user rubyman.
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12275]: pam_unix(su:session): session closed for user rubyman
May  8 21:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355543.
May  8 21:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Invalid user tomcat from 170.64.222.115
May  8 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: input_userauth_request: invalid user tomcat [preauth]
May  8 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session closed for user root
May  8 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12211]: pam_unix(cron:session): session closed for user samftp
May  8 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Failed password for invalid user tomcat from 170.64.222.115 port 47384 ssh2
May  8 21:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12362]: Connection closed by 170.64.222.115 port 47384 [preauth]
May  8 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Invalid user developer from 170.64.222.115
May  8 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: input_userauth_request: invalid user developer [preauth]
May  8 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Failed password for invalid user developer from 170.64.222.115 port 47394 ssh2
May  8 21:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12473]: Connection closed by 170.64.222.115 port 47394 [preauth]
May  8 21:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Invalid user es from 170.64.222.115
May  8 21:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: input_userauth_request: invalid user es [preauth]
May  8 21:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Failed password for invalid user es from 170.64.222.115 port 57670 ssh2
May  8 21:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12483]: Connection closed by 170.64.222.115 port 57670 [preauth]
May  8 21:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: Failed password for root from 170.64.222.115 port 57686 ssh2
May  8 21:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12506]: Connection closed by 170.64.222.115 port 57686 [preauth]
May  8 21:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Invalid user observer from 170.64.222.115
May  8 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: input_userauth_request: invalid user observer [preauth]
May  8 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for invalid user observer from 170.64.222.115 port 35562 ssh2
May  8 21:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 170.64.222.115 port 35562 [preauth]
May  8 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Invalid user factorio from 170.64.222.115
May  8 21:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: input_userauth_request: invalid user factorio [preauth]
May  8 21:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Failed password for invalid user factorio from 170.64.222.115 port 35564 ssh2
May  8 21:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Connection closed by 170.64.222.115 port 35564 [preauth]
May  8 21:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11326]: pam_unix(cron:session): session closed for user root
May  8 21:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Failed password for root from 170.64.222.115 port 56234 ssh2
May  8 21:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12541]: Connection closed by 170.64.222.115 port 56234 [preauth]
May  8 21:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Invalid user gitlab from 170.64.222.115
May  8 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: input_userauth_request: invalid user gitlab [preauth]
May  8 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Failed password for invalid user gitlab from 170.64.222.115 port 56248 ssh2
May  8 21:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12572]: Connection closed by 170.64.222.115 port 56248 [preauth]
May  8 21:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Invalid user mehdi from 170.64.222.115
May  8 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: input_userauth_request: invalid user mehdi [preauth]
May  8 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Failed password for invalid user mehdi from 170.64.222.115 port 37266 ssh2
May  8 21:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Connection closed by 170.64.222.115 port 37266 [preauth]
May  8 21:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: Invalid user plexserver from 170.64.222.115
May  8 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: input_userauth_request: invalid user plexserver [preauth]
May  8 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: Failed password for invalid user plexserver from 170.64.222.115 port 37268 ssh2
May  8 21:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12607]: Connection closed by 170.64.222.115 port 37268 [preauth]
May  8 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Failed password for root from 170.64.222.115 port 40218 ssh2
May  8 21:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12617]: Connection closed by 170.64.222.115 port 40218 [preauth]
May  8 21:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: Invalid user solr from 170.64.222.115
May  8 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: input_userauth_request: invalid user solr [preauth]
May  8 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: Failed password for invalid user solr from 170.64.222.115 port 40234 ssh2
May  8 21:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12627]: Connection closed by 170.64.222.115 port 40234 [preauth]
May  8 21:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: Invalid user minecraft from 170.64.222.115
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: input_userauth_request: invalid user minecraft [preauth]
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12640]: pam_unix(cron:session): session closed for user p13x
May  8 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12699]: Successful su for rubyman by root
May  8 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12699]: + ??? root:rubyman
May  8 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355547 of user rubyman.
May  8 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12699]: pam_unix(su:session): session closed for user rubyman
May  8 21:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355547.
May  8 21:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: Failed password for invalid user minecraft from 170.64.222.115 port 48064 ssh2
May  8 21:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12637]: Connection closed by 170.64.222.115 port 48064 [preauth]
May  8 21:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9880]: pam_unix(cron:session): session closed for user root
May  8 21:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12641]: pam_unix(cron:session): session closed for user samftp
May  8 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Failed password for root from 170.64.222.115 port 48080 ssh2
May  8 21:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12861]: Connection closed by 170.64.222.115 port 48080 [preauth]
May  8 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Failed password for root from 170.64.222.115 port 48090 ssh2
May  8 21:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12885]: Connection closed by 170.64.222.115 port 48090 [preauth]
May  8 21:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Failed password for root from 170.64.222.115 port 49220 ssh2
May  8 21:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12907]: Connection closed by 170.64.222.115 port 49220 [preauth]
May  8 21:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Failed password for root from 170.64.222.115 port 49222 ssh2
May  8 21:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12917]: Connection closed by 170.64.222.115 port 49222 [preauth]
May  8 21:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: Invalid user tools from 170.64.222.115
May  8 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: input_userauth_request: invalid user tools [preauth]
May  8 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: Failed password for invalid user tools from 170.64.222.115 port 40228 ssh2
May  8 21:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12931]: Connection closed by 170.64.222.115 port 40228 [preauth]
May  8 21:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Failed password for root from 170.64.222.115 port 40236 ssh2
May  8 21:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12951]: Connection closed by 170.64.222.115 port 40236 [preauth]
May  8 21:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11787]: pam_unix(cron:session): session closed for user root
May  8 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Invalid user admin from 170.64.222.115
May  8 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: input_userauth_request: invalid user admin [preauth]
May  8 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Failed password for invalid user admin from 170.64.222.115 port 57818 ssh2
May  8 21:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12965]: Connection closed by 170.64.222.115 port 57818 [preauth]
May  8 21:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: Invalid user elsearch from 170.64.222.115
May  8 21:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: input_userauth_request: invalid user elsearch [preauth]
May  8 21:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: Failed password for invalid user elsearch from 170.64.222.115 port 57828 ssh2
May  8 21:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12997]: Connection closed by 170.64.222.115 port 57828 [preauth]
May  8 21:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Invalid user ubuntu from 170.64.222.115
May  8 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: input_userauth_request: invalid user ubuntu [preauth]
May  8 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Failed password for invalid user ubuntu from 170.64.222.115 port 55522 ssh2
May  8 21:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13015]: Connection closed by 170.64.222.115 port 55522 [preauth]
May  8 21:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Invalid user uftp from 170.64.222.115
May  8 21:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: input_userauth_request: invalid user uftp [preauth]
May  8 21:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Failed password for invalid user uftp from 170.64.222.115 port 55534 ssh2
May  8 21:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13032]: Connection closed by 170.64.222.115 port 55534 [preauth]
May  8 21:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13022]: Connection reset by 198.235.24.151 port 60434 [preauth]
May  8 21:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: Invalid user postgres from 170.64.222.115
May  8 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: input_userauth_request: invalid user postgres [preauth]
May  8 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: Failed password for invalid user postgres from 170.64.222.115 port 52456 ssh2
May  8 21:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13047]: Connection closed by 170.64.222.115 port 52456 [preauth]
May  8 21:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Invalid user administrator from 170.64.222.115
May  8 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: input_userauth_request: invalid user administrator [preauth]
May  8 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Failed password for invalid user administrator from 170.64.222.115 port 52464 ssh2
May  8 21:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13054]: Connection closed by 170.64.222.115 port 52464 [preauth]
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13067]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13064]: pam_unix(cron:session): session closed for user p13x
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: Successful su for rubyman by root
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: + ??? root:rubyman
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355551 of user rubyman.
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13124]: pam_unix(su:session): session closed for user rubyman
May  8 21:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355551.
May  8 21:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: Invalid user dspace from 170.64.222.115
May  8 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: input_userauth_request: invalid user dspace [preauth]
May  8 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10406]: pam_unix(cron:session): session closed for user root
May  8 21:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: Failed password for invalid user dspace from 170.64.222.115 port 59994 ssh2
May  8 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13180]: Connection closed by 170.64.222.115 port 59994 [preauth]
May  8 21:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13065]: pam_unix(cron:session): session closed for user samftp
May  8 21:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: Failed password for root from 170.64.222.115 port 59996 ssh2
May  8 21:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13312]: Connection closed by 170.64.222.115 port 59996 [preauth]
May  8 21:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: Invalid user pi from 170.64.222.115
May  8 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: input_userauth_request: invalid user pi [preauth]
May  8 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: Failed password for invalid user pi from 170.64.222.115 port 33516 ssh2
May  8 21:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13322]: Connection closed by 170.64.222.115 port 33516 [preauth]
May  8 21:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Invalid user es from 170.64.222.115
May  8 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: input_userauth_request: invalid user es [preauth]
May  8 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Failed password for invalid user es from 170.64.222.115 port 33518 ssh2
May  8 21:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13347]: Connection closed by 170.64.222.115 port 33518 [preauth]
May  8 21:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Failed password for root from 170.64.222.115 port 45202 ssh2
May  8 21:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Connection closed by 170.64.222.115 port 45202 [preauth]
May  8 21:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Invalid user uftp from 170.64.222.115
May  8 21:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: input_userauth_request: invalid user uftp [preauth]
May  8 21:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Failed password for invalid user uftp from 170.64.222.115 port 45212 ssh2
May  8 21:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13382]: Connection closed by 170.64.222.115 port 45212 [preauth]
May  8 21:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Invalid user dev from 170.64.222.115
May  8 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: input_userauth_request: invalid user dev [preauth]
May  8 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12213]: pam_unix(cron:session): session closed for user root
May  8 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Failed password for invalid user dev from 170.64.222.115 port 59876 ssh2
May  8 21:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13392]: Connection closed by 170.64.222.115 port 59876 [preauth]
May  8 21:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: Invalid user admin from 170.64.222.115
May  8 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: input_userauth_request: invalid user admin [preauth]
May  8 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: Failed password for invalid user admin from 170.64.222.115 port 59888 ssh2
May  8 21:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13425]: Connection closed by 170.64.222.115 port 59888 [preauth]
May  8 21:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Invalid user user2 from 170.64.222.115
May  8 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: input_userauth_request: invalid user user2 [preauth]
May  8 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Failed password for invalid user user2 from 170.64.222.115 port 50266 ssh2
May  8 21:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13430]: Connection closed by 170.64.222.115 port 50266 [preauth]
May  8 21:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Failed password for root from 170.64.222.115 port 50270 ssh2
May  8 21:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13544]: Connection closed by 170.64.222.115 port 50270 [preauth]
May  8 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Invalid user opc from 170.64.222.115
May  8 21:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: input_userauth_request: invalid user opc [preauth]
May  8 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Failed password for invalid user opc from 170.64.222.115 port 50286 ssh2
May  8 21:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13555]: Connection closed by 170.64.222.115 port 50286 [preauth]
May  8 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Invalid user mongo from 170.64.222.115
May  8 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: input_userauth_request: invalid user mongo [preauth]
May  8 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Failed password for invalid user mongo from 170.64.222.115 port 49050 ssh2
May  8 21:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13567]: Connection closed by 170.64.222.115 port 49050 [preauth]
May  8 21:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Invalid user zabbix from 170.64.222.115
May  8 21:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: input_userauth_request: invalid user zabbix [preauth]
May  8 21:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13588]: pam_unix(cron:session): session closed for user root
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13583]: pam_unix(cron:session): session closed for user p13x
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: Successful su for rubyman by root
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: + ??? root:rubyman
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355559 of user rubyman.
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13655]: pam_unix(su:session): session closed for user rubyman
May  8 21:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355559.
May  8 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Failed password for invalid user zabbix from 170.64.222.115 port 49060 ssh2
May  8 21:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13577]: Connection closed by 170.64.222.115 port 49060 [preauth]
May  8 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13585]: pam_unix(cron:session): session closed for user root
May  8 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10909]: pam_unix(cron:session): session closed for user root
May  8 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: Invalid user steam from 170.64.222.115
May  8 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: input_userauth_request: invalid user steam [preauth]
May  8 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13584]: pam_unix(cron:session): session closed for user samftp
May  8 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: Failed password for invalid user steam from 170.64.222.115 port 49306 ssh2
May  8 21:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13808]: Connection closed by 170.64.222.115 port 49306 [preauth]
May  8 21:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Failed password for root from 170.64.222.115 port 49312 ssh2
May  8 21:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13882]: Connection closed by 170.64.222.115 port 49312 [preauth]
May  8 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Invalid user elasticsearch from 170.64.222.115
May  8 21:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Failed password for invalid user elasticsearch from 170.64.222.115 port 44190 ssh2
May  8 21:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13888]: Connection closed by 170.64.222.115 port 44190 [preauth]
May  8 21:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Failed password for root from 170.64.222.115 port 44200 ssh2
May  8 21:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13907]: Connection closed by 170.64.222.115 port 44200 [preauth]
May  8 21:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Invalid user gitlab-runner from 170.64.222.115
May  8 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: input_userauth_request: invalid user gitlab-runner [preauth]
May  8 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Failed password for invalid user gitlab-runner from 170.64.222.115 port 51644 ssh2
May  8 21:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13917]: Connection closed by 170.64.222.115 port 51644 [preauth]
May  8 21:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Invalid user kingbase from 170.64.222.115
May  8 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: input_userauth_request: invalid user kingbase [preauth]
May  8 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Failed password for invalid user kingbase from 170.64.222.115 port 51648 ssh2
May  8 21:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13942]: Connection closed by 170.64.222.115 port 51648 [preauth]
May  8 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Failed password for root from 164.68.105.9 port 38342 ssh2
May  8 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13953]: Connection closed by 164.68.105.9 port 38342 [preauth]
May  8 21:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12643]: pam_unix(cron:session): session closed for user root
May  8 21:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Failed password for root from 170.64.222.115 port 57928 ssh2
May  8 21:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13955]: Connection closed by 170.64.222.115 port 57928 [preauth]
May  8 21:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Failed password for root from 170.64.222.115 port 57942 ssh2
May  8 21:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13986]: Connection closed by 170.64.222.115 port 57942 [preauth]
May  8 21:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: User mysql from 170.64.222.115 not allowed because not listed in AllowUsers
May  8 21:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: input_userauth_request: invalid user mysql [preauth]
May  8 21:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=mysql
May  8 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Failed password for invalid user mysql from 170.64.222.115 port 54980 ssh2
May  8 21:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14006]: Connection closed by 170.64.222.115 port 54980 [preauth]
May  8 21:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Invalid user user1 from 170.64.222.115
May  8 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: input_userauth_request: invalid user user1 [preauth]
May  8 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Failed password for invalid user user1 from 170.64.222.115 port 54988 ssh2
May  8 21:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14023]: Connection closed by 170.64.222.115 port 54988 [preauth]
May  8 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: Invalid user server from 170.64.222.115
May  8 21:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: input_userauth_request: invalid user server [preauth]
May  8 21:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: Failed password for invalid user server from 170.64.222.115 port 59130 ssh2
May  8 21:25:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14034]: Connection closed by 170.64.222.115 port 59130 [preauth]
May  8 21:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Invalid user demo from 170.64.222.115
May  8 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: input_userauth_request: invalid user demo [preauth]
May  8 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Failed password for invalid user demo from 170.64.222.115 port 59142 ssh2
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14045]: Connection closed by 170.64.222.115 port 59142 [preauth]
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14053]: pam_unix(cron:session): session closed for user p13x
May  8 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14123]: Successful su for rubyman by root
May  8 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14123]: + ??? root:rubyman
May  8 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14123]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355561 of user rubyman.
May  8 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14123]: pam_unix(su:session): session closed for user rubyman
May  8 21:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355561.
May  8 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: Invalid user sonar from 170.64.222.115
May  8 21:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: input_userauth_request: invalid user sonar [preauth]
May  8 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11325]: pam_unix(cron:session): session closed for user root
May  8 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: Failed password for invalid user sonar from 170.64.222.115 port 60512 ssh2
May  8 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14177]: Connection closed by 170.64.222.115 port 60512 [preauth]
May  8 21:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14054]: pam_unix(cron:session): session closed for user samftp
May  8 21:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Invalid user kingbase from 170.64.222.115
May  8 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: input_userauth_request: invalid user kingbase [preauth]
May  8 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Failed password for invalid user kingbase from 170.64.222.115 port 60526 ssh2
May  8 21:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14311]: Connection closed by 170.64.222.115 port 60526 [preauth]
May  8 21:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Invalid user postgres from 170.64.222.115
May  8 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: input_userauth_request: invalid user postgres [preauth]
May  8 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Failed password for invalid user postgres from 170.64.222.115 port 57270 ssh2
May  8 21:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14314]: Connection closed by 170.64.222.115 port 57270 [preauth]
May  8 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: Invalid user cgpexpert from 43.153.195.114
May  8 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: input_userauth_request: invalid user cgpexpert [preauth]
May  8 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114
May  8 21:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: Failed password for invalid user cgpexpert from 43.153.195.114 port 49106 ssh2
May  8 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: Received disconnect from 43.153.195.114 port 49106:11: Bye Bye [preauth]
May  8 21:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14339]: Disconnected from 43.153.195.114 port 49106 [preauth]
May  8 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Failed password for root from 170.64.222.115 port 57284 ssh2
May  8 21:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14341]: Connection closed by 170.64.222.115 port 57284 [preauth]
May  8 21:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Invalid user docker from 170.64.222.115
May  8 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: input_userauth_request: invalid user docker [preauth]
May  8 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Failed password for invalid user docker from 170.64.222.115 port 34308 ssh2
May  8 21:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14352]: Connection closed by 170.64.222.115 port 34308 [preauth]
May  8 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Invalid user test from 170.64.222.115
May  8 21:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: input_userauth_request: invalid user test [preauth]
May  8 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Failed password for invalid user test from 170.64.222.115 port 34320 ssh2
May  8 21:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14377]: Connection closed by 170.64.222.115 port 34320 [preauth]
May  8 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13067]: pam_unix(cron:session): session closed for user root
May  8 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Failed password for root from 170.64.222.115 port 53598 ssh2
May  8 21:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14388]: Connection closed by 170.64.222.115 port 53598 [preauth]
May  8 21:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Failed password for root from 170.64.222.115 port 53600 ssh2
May  8 21:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14418]: Connection closed by 170.64.222.115 port 53600 [preauth]
May  8 21:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: Failed password for root from 170.64.222.115 port 35996 ssh2
May  8 21:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14429]: Connection closed by 170.64.222.115 port 35996 [preauth]
May  8 21:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Invalid user postgres from 170.64.222.115
May  8 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: input_userauth_request: invalid user postgres [preauth]
May  8 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Invalid user mysqld from 103.226.138.58
May  8 21:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: input_userauth_request: invalid user mysqld [preauth]
May  8 21:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Failed password for invalid user postgres from 170.64.222.115 port 36002 ssh2
May  8 21:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14452]: Connection closed by 170.64.222.115 port 36002 [preauth]
May  8 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Failed password for invalid user mysqld from 103.226.138.58 port 48458 ssh2
May  8 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Received disconnect from 103.226.138.58 port 48458:11: Bye Bye [preauth]
May  8 21:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14454]: Disconnected from 103.226.138.58 port 48458 [preauth]
May  8 21:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: Invalid user guest from 170.64.222.115
May  8 21:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: input_userauth_request: invalid user guest [preauth]
May  8 21:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: Failed password for invalid user guest from 170.64.222.115 port 36228 ssh2
May  8 21:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14464]: Connection closed by 170.64.222.115 port 36228 [preauth]
May  8 21:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Invalid user stream from 170.64.222.115
May  8 21:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: input_userauth_request: invalid user stream [preauth]
May  8 21:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Failed password for invalid user stream from 170.64.222.115 port 36250 ssh2
May  8 21:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14475]: Connection closed by 170.64.222.115 port 36250 [preauth]
May  8 21:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14490]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14490]: pam_unix(cron:session): session closed for user p13x
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: Successful su for rubyman by root
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: + ??? root:rubyman
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355566 of user rubyman.
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14556]: pam_unix(su:session): session closed for user rubyman
May  8 21:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355566.
May  8 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: Failed password for root from 170.64.222.115 port 46346 ssh2
May  8 21:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14477]: Connection closed by 170.64.222.115 port 46346 [preauth]
May  8 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11786]: pam_unix(cron:session): session closed for user root
May  8 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14491]: pam_unix(cron:session): session closed for user samftp
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Invalid user taiko from 118.45.205.44
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: input_userauth_request: invalid user taiko [preauth]
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: Invalid user dolphinscheduler from 170.64.222.115
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Failed password for invalid user taiko from 118.45.205.44 port 59739 ssh2
May  8 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Received disconnect from 118.45.205.44 port 59739:11: Bye Bye [preauth]
May  8 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14733]: Disconnected from 118.45.205.44 port 59739 [preauth]
May  8 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: Failed password for invalid user dolphinscheduler from 170.64.222.115 port 46358 ssh2
May  8 21:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14737]: Connection closed by 170.64.222.115 port 46358 [preauth]
May  8 21:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: Failed password for root from 170.64.222.115 port 46370 ssh2
May  8 21:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14755]: Connection closed by 170.64.222.115 port 46370 [preauth]
May  8 21:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: Failed password for root from 170.64.222.115 port 46984 ssh2
May  8 21:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14779]: Connection closed by 170.64.222.115 port 46984 [preauth]
May  8 21:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Invalid user hadoop from 170.64.222.115
May  8 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: input_userauth_request: invalid user hadoop [preauth]
May  8 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Failed password for invalid user hadoop from 170.64.222.115 port 46998 ssh2
May  8 21:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14789]: Connection closed by 170.64.222.115 port 46998 [preauth]
May  8 21:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Invalid user oracle from 170.64.222.115
May  8 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: input_userauth_request: invalid user oracle [preauth]
May  8 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Failed password for invalid user oracle from 170.64.222.115 port 48908 ssh2
May  8 21:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14814]: Connection closed by 170.64.222.115 port 48908 [preauth]
May  8 21:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Invalid user g from 170.64.222.115
May  8 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: input_userauth_request: invalid user g [preauth]
May  8 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Failed password for invalid user g from 170.64.222.115 port 48910 ssh2
May  8 21:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14824]: Connection closed by 170.64.222.115 port 48910 [preauth]
May  8 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13587]: pam_unix(cron:session): session closed for user root
May  8 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: Invalid user deployer from 170.64.222.115
May  8 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: input_userauth_request: invalid user deployer [preauth]
May  8 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: Failed password for invalid user deployer from 170.64.222.115 port 49982 ssh2
May  8 21:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14846]: Connection closed by 170.64.222.115 port 49982 [preauth]
May  8 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Failed password for root from 170.64.222.115 port 50026 ssh2
May  8 21:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14864]: Connection closed by 170.64.222.115 port 50026 [preauth]
May  8 21:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Invalid user ec2-user from 170.64.222.115
May  8 21:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: input_userauth_request: invalid user ec2-user [preauth]
May  8 21:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Failed password for invalid user ec2-user from 170.64.222.115 port 38680 ssh2
May  8 21:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14876]: Connection closed by 170.64.222.115 port 38680 [preauth]
May  8 21:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: Failed password for root from 170.64.222.115 port 38692 ssh2
May  8 21:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14906]: Connection closed by 170.64.222.115 port 38692 [preauth]
May  8 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Invalid user appuser from 170.64.222.115
May  8 21:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: input_userauth_request: invalid user appuser [preauth]
May  8 21:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Failed password for invalid user appuser from 170.64.222.115 port 52620 ssh2
May  8 21:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14909]: Connection closed by 170.64.222.115 port 52620 [preauth]
May  8 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Invalid user oracle from 170.64.222.115
May  8 21:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: input_userauth_request: invalid user oracle [preauth]
May  8 21:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Failed password for invalid user oracle from 170.64.222.115 port 52636 ssh2
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14924]: Connection closed by 170.64.222.115 port 52636 [preauth]
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14938]: pam_unix(cron:session): session closed for user p13x
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15001]: Successful su for rubyman by root
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15001]: + ??? root:rubyman
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15001]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355571 of user rubyman.
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15001]: pam_unix(su:session): session closed for user rubyman
May  8 21:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355571.
May  8 21:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12212]: pam_unix(cron:session): session closed for user root
May  8 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Failed password for root from 170.64.222.115 port 32882 ssh2
May  8 21:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15061]: Connection closed by 170.64.222.115 port 32882 [preauth]
May  8 21:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14939]: pam_unix(cron:session): session closed for user samftp
May  8 21:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Invalid user odoo17 from 170.64.222.115
May  8 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: input_userauth_request: invalid user odoo17 [preauth]
May  8 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Failed password for invalid user odoo17 from 170.64.222.115 port 32896 ssh2
May  8 21:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15182]: Connection closed by 170.64.222.115 port 32896 [preauth]
May  8 21:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Failed password for root from 170.64.222.115 port 42056 ssh2
May  8 21:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15192]: Connection closed by 170.64.222.115 port 42056 [preauth]
May  8 21:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: Invalid user tom from 170.64.222.115
May  8 21:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: input_userauth_request: invalid user tom [preauth]
May  8 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: Failed password for invalid user tom from 170.64.222.115 port 42058 ssh2
May  8 21:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15216]: Connection closed by 170.64.222.115 port 42058 [preauth]
May  8 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Failed password for root from 170.64.222.115 port 44312 ssh2
May  8 21:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15227]: Connection closed by 170.64.222.115 port 44312 [preauth]
May  8 21:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Invalid user nvidia from 170.64.222.115
May  8 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: input_userauth_request: invalid user nvidia [preauth]
May  8 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Failed password for invalid user nvidia from 170.64.222.115 port 44324 ssh2
May  8 21:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15251]: Connection closed by 170.64.222.115 port 44324 [preauth]
May  8 21:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15261]: Failed password for root from 170.64.222.115 port 47758 ssh2
May  8 21:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15261]: Connection closed by 170.64.222.115 port 47758 [preauth]
May  8 21:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14056]: pam_unix(cron:session): session closed for user root
May  8 21:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Invalid user dmdba from 170.64.222.115
May  8 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: input_userauth_request: invalid user dmdba [preauth]
May  8 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Failed password for invalid user dmdba from 170.64.222.115 port 47768 ssh2
May  8 21:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15290]: Connection closed by 170.64.222.115 port 47768 [preauth]
May  8 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Invalid user centos from 170.64.222.115
May  8 21:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: input_userauth_request: invalid user centos [preauth]
May  8 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Failed password for invalid user centos from 170.64.222.115 port 52230 ssh2
May  8 21:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15293]: Connection closed by 170.64.222.115 port 52230 [preauth]
May  8 21:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Invalid user tom from 170.64.222.115
May  8 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: input_userauth_request: invalid user tom [preauth]
May  8 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Failed password for invalid user tom from 170.64.222.115 port 52238 ssh2
May  8 21:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15319]: Connection closed by 170.64.222.115 port 52238 [preauth]
May  8 21:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Invalid user minecraft from 170.64.222.115
May  8 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: input_userauth_request: invalid user minecraft [preauth]
May  8 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Failed password for invalid user minecraft from 170.64.222.115 port 41740 ssh2
May  8 21:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15329]: Connection closed by 170.64.222.115 port 41740 [preauth]
May  8 21:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Invalid user hadoop from 170.64.222.115
May  8 21:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: input_userauth_request: invalid user hadoop [preauth]
May  8 21:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Failed password for invalid user hadoop from 170.64.222.115 port 41756 ssh2
May  8 21:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15343]: Connection closed by 170.64.222.115 port 41756 [preauth]
May  8 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Invalid user ansible from 170.64.222.115
May  8 21:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: input_userauth_request: invalid user ansible [preauth]
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15358]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15357]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15357]: pam_unix(cron:session): session closed for user p13x
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15416]: Successful su for rubyman by root
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15416]: + ??? root:rubyman
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15416]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355574 of user rubyman.
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15416]: pam_unix(su:session): session closed for user rubyman
May  8 21:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355574.
May  8 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Failed password for invalid user ansible from 170.64.222.115 port 41760 ssh2
May  8 21:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15354]: Connection closed by 170.64.222.115 port 41760 [preauth]
May  8 21:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12642]: pam_unix(cron:session): session closed for user root
May  8 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Invalid user steam from 170.64.222.115
May  8 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: input_userauth_request: invalid user steam [preauth]
May  8 21:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15358]: pam_unix(cron:session): session closed for user samftp
May  8 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Failed password for invalid user steam from 170.64.222.115 port 46458 ssh2
May  8 21:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15577]: Connection closed by 170.64.222.115 port 46458 [preauth]
May  8 21:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: Invalid user apache from 170.64.222.115
May  8 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: input_userauth_request: invalid user apache [preauth]
May  8 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: Failed password for invalid user apache from 170.64.222.115 port 46474 ssh2
May  8 21:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15610]: Connection closed by 170.64.222.115 port 46474 [preauth]
May  8 21:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: User backup from 170.64.222.115 not allowed because not listed in AllowUsers
May  8 21:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: input_userauth_request: invalid user backup [preauth]
May  8 21:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=backup
May  8 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: Failed password for invalid user backup from 170.64.222.115 port 37230 ssh2
May  8 21:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15628]: Connection closed by 170.64.222.115 port 37230 [preauth]
May  8 21:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15643]: Failed password for root from 170.64.222.115 port 37234 ssh2
May  8 21:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15643]: Connection closed by 170.64.222.115 port 37234 [preauth]
May  8 21:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  8 21:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Invalid user esearch from 170.64.222.115
May  8 21:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: input_userauth_request: invalid user esearch [preauth]
May  8 21:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: Failed password for root from 194.0.234.19 port 58410 ssh2
May  8 21:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15645]: Connection closed by 194.0.234.19 port 58410 [preauth]
May  8 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Failed password for invalid user esearch from 170.64.222.115 port 59764 ssh2
May  8 21:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15660]: Connection closed by 170.64.222.115 port 59764 [preauth]
May  8 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Invalid user vagrant from 170.64.222.115
May  8 21:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: input_userauth_request: invalid user vagrant [preauth]
May  8 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Failed password for invalid user vagrant from 170.64.222.115 port 59766 ssh2
May  8 21:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15669]: Connection closed by 170.64.222.115 port 59766 [preauth]
May  8 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14496]: pam_unix(cron:session): session closed for user root
May  8 21:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Invalid user steam from 170.64.222.115
May  8 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: input_userauth_request: invalid user steam [preauth]
May  8 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Failed password for invalid user steam from 170.64.222.115 port 43670 ssh2
May  8 21:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15699]: Connection closed by 170.64.222.115 port 43670 [preauth]
May  8 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: Invalid user guest from 170.64.222.115
May  8 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: input_userauth_request: invalid user guest [preauth]
May  8 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: Failed password for invalid user guest from 170.64.222.115 port 43678 ssh2
May  8 21:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15714]: Connection closed by 170.64.222.115 port 43678 [preauth]
May  8 21:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: Invalid user user from 170.64.222.115
May  8 21:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: input_userauth_request: invalid user user [preauth]
May  8 21:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: Failed password for invalid user user from 170.64.222.115 port 50370 ssh2
May  8 21:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15738]: Connection closed by 170.64.222.115 port 50370 [preauth]
May  8 21:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: Invalid user rancher from 170.64.222.115
May  8 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: input_userauth_request: invalid user rancher [preauth]
May  8 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: Failed password for invalid user rancher from 170.64.222.115 port 50384 ssh2
May  8 21:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15748]: Connection closed by 170.64.222.115 port 50384 [preauth]
May  8 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: Invalid user pi from 170.64.222.115
May  8 21:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: input_userauth_request: invalid user pi [preauth]
May  8 21:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: Failed password for invalid user pi from 170.64.222.115 port 39436 ssh2
May  8 21:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15760]: Connection closed by 170.64.222.115 port 39436 [preauth]
May  8 21:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Invalid user user2 from 170.64.222.115
May  8 21:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: input_userauth_request: invalid user user2 [preauth]
May  8 21:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Failed password for invalid user user2 from 170.64.222.115 port 39454 ssh2
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session closed for user root
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15784]: pam_unix(cron:session): session closed for user p13x
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15770]: Connection closed by 170.64.222.115 port 39454 [preauth]
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15854]: Successful su for rubyman by root
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15854]: + ??? root:rubyman
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15854]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355580 of user rubyman.
May  8 21:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15854]: pam_unix(su:session): session closed for user rubyman
May  8 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355580.
May  8 21:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Invalid user deploy from 170.64.222.115
May  8 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: input_userauth_request: invalid user deploy [preauth]
May  8 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user root
May  8 21:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13066]: pam_unix(cron:session): session closed for user root
May  8 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Failed password for invalid user deploy from 170.64.222.115 port 56460 ssh2
May  8 21:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15914]: Connection closed by 170.64.222.115 port 56460 [preauth]
May  8 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15785]: pam_unix(cron:session): session closed for user samftp
May  8 21:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: Invalid user nexus from 170.64.222.115
May  8 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: input_userauth_request: invalid user nexus [preauth]
May  8 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: Failed password for invalid user nexus from 170.64.222.115 port 56474 ssh2
May  8 21:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16062]: Connection closed by 170.64.222.115 port 56474 [preauth]
May  8 21:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Invalid user master from 170.64.222.115
May  8 21:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: input_userauth_request: invalid user master [preauth]
May  8 21:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Failed password for invalid user master from 170.64.222.115 port 47114 ssh2
May  8 21:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16072]: Connection closed by 170.64.222.115 port 47114 [preauth]
May  8 21:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: Invalid user postgres from 170.64.222.115
May  8 21:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: input_userauth_request: invalid user postgres [preauth]
May  8 21:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: Failed password for invalid user postgres from 170.64.222.115 port 47128 ssh2
May  8 21:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16088]: Connection closed by 170.64.222.115 port 47128 [preauth]
May  8 21:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Failed password for root from 170.64.222.115 port 60068 ssh2
May  8 21:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16099]: Connection closed by 170.64.222.115 port 60068 [preauth]
May  8 21:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Invalid user weblogic from 170.64.222.115
May  8 21:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: input_userauth_request: invalid user weblogic [preauth]
May  8 21:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Failed password for invalid user weblogic from 170.64.222.115 port 60072 ssh2
May  8 21:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16121]: Connection closed by 170.64.222.115 port 60072 [preauth]
May  8 21:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14941]: pam_unix(cron:session): session closed for user root
May  8 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Failed password for root from 170.64.222.115 port 39326 ssh2
May  8 21:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16132]: Connection closed by 170.64.222.115 port 39326 [preauth]
May  8 21:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: Failed password for root from 170.64.222.115 port 39336 ssh2
May  8 21:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16163]: Connection closed by 170.64.222.115 port 39336 [preauth]
May  8 21:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Failed password for root from 170.64.222.115 port 46874 ssh2
May  8 21:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16174]: Connection closed by 170.64.222.115 port 46874 [preauth]
May  8 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Invalid user dolphinscheduler from 170.64.222.115
May  8 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Failed password for invalid user dolphinscheduler from 170.64.222.115 port 46890 ssh2
May  8 21:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16197]: Connection closed by 170.64.222.115 port 46890 [preauth]
May  8 21:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Invalid user dmdba from 170.64.222.115
May  8 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: input_userauth_request: invalid user dmdba [preauth]
May  8 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Failed password for invalid user dmdba from 170.64.222.115 port 33830 ssh2
May  8 21:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16207]: Connection closed by 170.64.222.115 port 33830 [preauth]
May  8 21:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Invalid user minecraft from 170.64.222.115
May  8 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: input_userauth_request: invalid user minecraft [preauth]
May  8 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Failed password for invalid user minecraft from 170.64.222.115 port 33838 ssh2
May  8 21:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16217]: Connection closed by 170.64.222.115 port 33838 [preauth]
May  8 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Invalid user bot from 170.64.222.115
May  8 21:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: input_userauth_request: invalid user bot [preauth]
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16232]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16231]: pam_unix(cron:session): session closed for user p13x
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16296]: Successful su for rubyman by root
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16296]: + ??? root:rubyman
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355584 of user rubyman.
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16296]: pam_unix(su:session): session closed for user rubyman
May  8 21:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355584.
May  8 21:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Failed password for invalid user bot from 170.64.222.115 port 33854 ssh2
May  8 21:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16228]: Connection closed by 170.64.222.115 port 33854 [preauth]
May  8 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13586]: pam_unix(cron:session): session closed for user root
May  8 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Invalid user debian from 170.64.222.115
May  8 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: input_userauth_request: invalid user debian [preauth]
May  8 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16232]: pam_unix(cron:session): session closed for user samftp
May  8 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Failed password for invalid user debian from 170.64.222.115 port 58046 ssh2
May  8 21:31:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16458]: Connection closed by 170.64.222.115 port 58046 [preauth]
May  8 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Invalid user wang from 170.64.222.115
May  8 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: input_userauth_request: invalid user wang [preauth]
May  8 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Failed password for invalid user wang from 170.64.222.115 port 58050 ssh2
May  8 21:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16503]: Connection closed by 170.64.222.115 port 58050 [preauth]
May  8 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: Invalid user nginx from 170.64.222.115
May  8 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: input_userauth_request: invalid user nginx [preauth]
May  8 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: Failed password for invalid user nginx from 170.64.222.115 port 39142 ssh2
May  8 21:31:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16530]: Connection closed by 170.64.222.115 port 39142 [preauth]
May  8 21:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Invalid user esuser from 170.64.222.115
May  8 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: input_userauth_request: invalid user esuser [preauth]
May  8 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Failed password for invalid user esuser from 170.64.222.115 port 39150 ssh2
May  8 21:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16545]: Connection closed by 170.64.222.115 port 39150 [preauth]
May  8 21:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: User proxy from 170.64.222.115 not allowed because not listed in AllowUsers
May  8 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: input_userauth_request: invalid user proxy [preauth]
May  8 21:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=proxy
May  8 21:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: Failed password for invalid user proxy from 170.64.222.115 port 52244 ssh2
May  8 21:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: Connection closed by 170.64.222.115 port 52244 [preauth]
May  8 21:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.153.195.114  user=root
May  8 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Invalid user lighthouse from 170.64.222.115
May  8 21:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: input_userauth_request: invalid user lighthouse [preauth]
May  8 21:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Failed password for root from 43.153.195.114 port 55782 ssh2
May  8 21:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Received disconnect from 43.153.195.114 port 55782:11: Bye Bye [preauth]
May  8 21:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Disconnected from 43.153.195.114 port 55782 [preauth]
May  8 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Failed password for invalid user lighthouse from 170.64.222.115 port 52260 ssh2
May  8 21:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16591]: Connection closed by 170.64.222.115 port 52260 [preauth]
May  8 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15360]: pam_unix(cron:session): session closed for user root
May  8 21:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Invalid user user from 170.64.222.115
May  8 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: input_userauth_request: invalid user user [preauth]
May  8 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Failed password for invalid user user from 170.64.222.115 port 60488 ssh2
May  8 21:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16636]: Connection closed by 170.64.222.115 port 60488 [preauth]
May  8 21:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Invalid user elastic from 170.64.222.115
May  8 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: input_userauth_request: invalid user elastic [preauth]
May  8 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Failed password for invalid user elastic from 170.64.222.115 port 60498 ssh2
May  8 21:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16648]: Connection closed by 170.64.222.115 port 60498 [preauth]
May  8 21:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Invalid user username from 170.64.222.115
May  8 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: input_userauth_request: invalid user username [preauth]
May  8 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Failed password for invalid user username from 170.64.222.115 port 51796 ssh2
May  8 21:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16663]: Connection closed by 170.64.222.115 port 51796 [preauth]
May  8 21:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Failed password for root from 170.64.222.115 port 51806 ssh2
May  8 21:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16681]: Connection closed by 170.64.222.115 port 51806 [preauth]
May  8 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: Invalid user data from 170.64.222.115
May  8 21:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: input_userauth_request: invalid user data [preauth]
May  8 21:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: Failed password for invalid user data from 170.64.222.115 port 35140 ssh2
May  8 21:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16689]: Connection closed by 170.64.222.115 port 35140 [preauth]
May  8 21:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Invalid user gpadmin from 170.64.222.115
May  8 21:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: input_userauth_request: invalid user gpadmin [preauth]
May  8 21:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16706]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16706]: pam_unix(cron:session): session closed for user p13x
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Failed password for invalid user gpadmin from 170.64.222.115 port 35154 ssh2
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16695]: Connection closed by 170.64.222.115 port 35154 [preauth]
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: Successful su for rubyman by root
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: + ??? root:rubyman
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355589 of user rubyman.
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16769]: pam_unix(su:session): session closed for user rubyman
May  8 21:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355589.
May  8 21:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Invalid user odoo16 from 170.64.222.115
May  8 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: input_userauth_request: invalid user odoo16 [preauth]
May  8 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14055]: pam_unix(cron:session): session closed for user root
May  8 21:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Failed password for invalid user odoo16 from 170.64.222.115 port 40956 ssh2
May  8 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16868]: Connection closed by 170.64.222.115 port 40956 [preauth]
May  8 21:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16707]: pam_unix(cron:session): session closed for user samftp
May  8 21:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Invalid user test from 170.64.222.115
May  8 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: input_userauth_request: invalid user test [preauth]
May  8 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Failed password for invalid user test from 170.64.222.115 port 40958 ssh2
May  8 21:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16985]: Connection closed by 170.64.222.115 port 40958 [preauth]
May  8 21:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Invalid user test2 from 170.64.222.115
May  8 21:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: input_userauth_request: invalid user test2 [preauth]
May  8 21:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Failed password for invalid user test2 from 170.64.222.115 port 36542 ssh2
May  8 21:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16997]: Connection closed by 170.64.222.115 port 36542 [preauth]
May  8 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Invalid user git from 170.64.222.115
May  8 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: input_userauth_request: invalid user git [preauth]
May  8 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: Invalid user mine from 118.45.205.44
May  8 21:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: input_userauth_request: invalid user mine [preauth]
May  8 21:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Failed password for invalid user git from 170.64.222.115 port 36562 ssh2
May  8 21:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17019]: Connection closed by 170.64.222.115 port 36562 [preauth]
May  8 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: Failed password for invalid user mine from 118.45.205.44 port 49341 ssh2
May  8 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: Received disconnect from 118.45.205.44 port 49341:11: Bye Bye [preauth]
May  8 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17021]: Disconnected from 118.45.205.44 port 49341 [preauth]
May  8 21:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Invalid user dev from 170.64.222.115
May  8 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: input_userauth_request: invalid user dev [preauth]
May  8 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Failed password for invalid user dev from 170.64.222.115 port 44176 ssh2
May  8 21:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17033]: Connection closed by 170.64.222.115 port 44176 [preauth]
May  8 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Invalid user lsfadmin from 170.64.222.115
May  8 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: input_userauth_request: invalid user lsfadmin [preauth]
May  8 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Failed password for invalid user lsfadmin from 170.64.222.115 port 44184 ssh2
May  8 21:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17056]: Connection closed by 170.64.222.115 port 44184 [preauth]
May  8 21:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Failed password for root from 170.64.222.115 port 49308 ssh2
May  8 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session closed for user root
May  8 21:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17067]: Connection closed by 170.64.222.115 port 49308 [preauth]
May  8 21:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: User ftp from 170.64.222.115 not allowed because not listed in AllowUsers
May  8 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: input_userauth_request: invalid user ftp [preauth]
May  8 21:32:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=ftp
May  8 21:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Failed password for invalid user ftp from 170.64.222.115 port 49330 ssh2
May  8 21:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17100]: Connection closed by 170.64.222.115 port 49330 [preauth]
May  8 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: Invalid user debian from 170.64.222.115
May  8 21:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: input_userauth_request: invalid user debian [preauth]
May  8 21:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: Failed password for invalid user debian from 170.64.222.115 port 54384 ssh2
May  8 21:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17109]: Connection closed by 170.64.222.115 port 54384 [preauth]
May  8 21:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Invalid user testuser from 170.64.222.115
May  8 21:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: input_userauth_request: invalid user testuser [preauth]
May  8 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Failed password for invalid user testuser from 170.64.222.115 port 54398 ssh2
May  8 21:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17125]: Connection closed by 170.64.222.115 port 54398 [preauth]
May  8 21:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Failed password for root from 170.64.222.115 port 60650 ssh2
May  8 21:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17137]: Connection closed by 170.64.222.115 port 60650 [preauth]
May  8 21:32:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Invalid user yealink from 170.64.222.115
May  8 21:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: input_userauth_request: invalid user yealink [preauth]
May  8 21:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Failed password for invalid user yealink from 170.64.222.115 port 60654 ssh2
May  8 21:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17148]: Connection closed by 170.64.222.115 port 60654 [preauth]
May  8 21:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Invalid user guest from 170.64.222.115
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: input_userauth_request: invalid user guest [preauth]
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user p13x
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17224]: Successful su for rubyman by root
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17224]: + ??? root:rubyman
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17224]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355592 of user rubyman.
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17224]: pam_unix(su:session): session closed for user rubyman
May  8 21:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355592.
May  8 21:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Failed password for invalid user guest from 170.64.222.115 port 60668 ssh2
May  8 21:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17159]: Connection closed by 170.64.222.115 port 60668 [preauth]
May  8 21:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14493]: pam_unix(cron:session): session closed for user root
May  8 21:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session closed for user samftp
May  8 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: Failed password for root from 170.64.222.115 port 52192 ssh2
May  8 21:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17393]: Connection closed by 170.64.222.115 port 52192 [preauth]
May  8 21:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: Invalid user plex from 170.64.222.115
May  8 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: input_userauth_request: invalid user plex [preauth]
May  8 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: Failed password for invalid user plex from 170.64.222.115 port 52196 ssh2
May  8 21:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17422]: Connection closed by 170.64.222.115 port 52196 [preauth]
May  8 21:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Invalid user testuser from 170.64.222.115
May  8 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: input_userauth_request: invalid user testuser [preauth]
May  8 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Failed password for invalid user testuser from 170.64.222.115 port 59404 ssh2
May  8 21:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17444]: Connection closed by 170.64.222.115 port 59404 [preauth]
May  8 21:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Failed password for root from 170.64.222.115 port 59406 ssh2
May  8 21:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17456]: Connection closed by 170.64.222.115 port 59406 [preauth]
May  8 21:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Invalid user openvpn from 170.64.222.115
May  8 21:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: input_userauth_request: invalid user openvpn [preauth]
May  8 21:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Failed password for invalid user openvpn from 170.64.222.115 port 42528 ssh2
May  8 21:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17485]: Connection closed by 170.64.222.115 port 42528 [preauth]
May  8 21:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Failed password for root from 170.64.222.115 port 42542 ssh2
May  8 21:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Connection closed by 170.64.222.115 port 42542 [preauth]
May  8 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16234]: pam_unix(cron:session): session closed for user root
May  8 21:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Invalid user ftpuser from 170.64.222.115
May  8 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: input_userauth_request: invalid user ftpuser [preauth]
May  8 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Failed password for invalid user ftpuser from 170.64.222.115 port 48984 ssh2
May  8 21:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17517]: Connection closed by 170.64.222.115 port 48984 [preauth]
May  8 21:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Invalid user wso2 from 170.64.222.115
May  8 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: input_userauth_request: invalid user wso2 [preauth]
May  8 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Invalid user eddy from 103.226.138.58
May  8 21:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: input_userauth_request: invalid user eddy [preauth]
May  8 21:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.226.138.58
May  8 21:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Failed password for invalid user wso2 from 170.64.222.115 port 49004 ssh2
May  8 21:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17538]: Connection closed by 170.64.222.115 port 49004 [preauth]
May  8 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Failed password for invalid user eddy from 103.226.138.58 port 35100 ssh2
May  8 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Received disconnect from 103.226.138.58 port 35100:11: Bye Bye [preauth]
May  8 21:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17540]: Disconnected from 103.226.138.58 port 35100 [preauth]
May  8 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Invalid user user from 170.64.222.115
May  8 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: input_userauth_request: invalid user user [preauth]
May  8 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Failed password for invalid user user from 170.64.222.115 port 35528 ssh2
May  8 21:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17566]: Connection closed by 170.64.222.115 port 35528 [preauth]
May  8 21:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: Failed password for root from 170.64.222.115 port 35544 ssh2
May  8 21:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17577]: Connection closed by 170.64.222.115 port 35544 [preauth]
May  8 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Invalid user admin from 170.64.222.115
May  8 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: input_userauth_request: invalid user admin [preauth]
May  8 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Failed password for invalid user admin from 170.64.222.115 port 47784 ssh2
May  8 21:33:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17587]: Connection closed by 170.64.222.115 port 47784 [preauth]
May  8 21:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Invalid user elastic from 170.64.222.115
May  8 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: input_userauth_request: invalid user elastic [preauth]
May  8 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Failed password for invalid user elastic from 170.64.222.115 port 47794 ssh2
May  8 21:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17597]: Connection closed by 170.64.222.115 port 47794 [preauth]
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17607]: pam_unix(cron:session): session closed for user p13x
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: Successful su for rubyman by root
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: + ??? root:rubyman
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355596 of user rubyman.
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17678]: pam_unix(su:session): session closed for user rubyman
May  8 21:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355596.
May  8 21:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14940]: pam_unix(cron:session): session closed for user root
May  8 21:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Failed password for root from 170.64.222.115 port 33422 ssh2
May  8 21:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17733]: Connection closed by 170.64.222.115 port 33422 [preauth]
May  8 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17609]: pam_unix(cron:session): session closed for user samftp
May  8 21:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17977]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115  user=root
May  8 21:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17977]: Failed password for root from 170.64.222.115 port 33430 ssh2
May  8 21:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17977]: Connection closed by 170.64.222.115 port 33430 [preauth]
May  8 21:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Invalid user postgres from 170.64.222.115
May  8 21:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: input_userauth_request: invalid user postgres [preauth]
May  8 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.222.115
May  8 21:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user postgres from 170.64.222.115 port 43064 ssh2
May  8 21:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Connection closed by 170.64.222.115 port 43064 [preauth]
May  8 21:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16709]: pam_unix(cron:session): session closed for user root
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18143]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18148]: pam_unix(cron:session): session closed for user root
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18143]: pam_unix(cron:session): session closed for user p13x
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: Successful su for rubyman by root
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: + ??? root:rubyman
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355602 of user rubyman.
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18211]: pam_unix(su:session): session closed for user rubyman
May  8 21:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355602.
May  8 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18145]: pam_unix(cron:session): session closed for user root
May  8 21:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15359]: pam_unix(cron:session): session closed for user root
May  8 21:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18144]: pam_unix(cron:session): session closed for user samftp
May  8 21:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session closed for user root
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18579]: pam_unix(cron:session): session closed for user p13x
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: Successful su for rubyman by root
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: + ??? root:rubyman
May  8 21:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355606 of user rubyman.
May  8 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18644]: pam_unix(su:session): session closed for user rubyman
May  8 21:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355606.
May  8 21:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user root
May  8 21:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18580]: pam_unix(cron:session): session closed for user samftp
May  8 21:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Invalid user transmission from 50.235.31.47
May  8 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: input_userauth_request: invalid user transmission [preauth]
May  8 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Failed password for invalid user transmission from 50.235.31.47 port 57328 ssh2
May  8 21:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18882]: Connection closed by 50.235.31.47 port 57328 [preauth]
May  8 21:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17612]: pam_unix(cron:session): session closed for user root
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18991]: pam_unix(cron:session): session closed for user p13x
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: Successful su for rubyman by root
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: + ??? root:rubyman
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355611 of user rubyman.
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19056]: pam_unix(su:session): session closed for user rubyman
May  8 21:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355611.
May  8 21:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16233]: pam_unix(cron:session): session closed for user root
May  8 21:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18992]: pam_unix(cron:session): session closed for user samftp
May  8 21:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18147]: pam_unix(cron:session): session closed for user root
May  8 21:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Invalid user NetLinx from 80.94.95.241
May  8 21:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: input_userauth_request: invalid user NetLinx [preauth]
May  8 21:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Invalid user dan from 118.45.205.44
May  8 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: input_userauth_request: invalid user dan [preauth]
May  8 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user NetLinx from 80.94.95.241 port 62772 ssh2
May  8 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Failed password for invalid user dan from 118.45.205.44 port 38948 ssh2
May  8 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Received disconnect from 118.45.205.44 port 38948:11: Bye Bye [preauth]
May  8 21:37:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19362]: Disconnected from 118.45.205.44 port 38948 [preauth]
May  8 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user NetLinx from 80.94.95.241 port 62772 ssh2
May  8 21:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user NetLinx from 80.94.95.241 port 62772 ssh2
May  8 21:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user NetLinx from 80.94.95.241 port 62772 ssh2
May  8 21:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Failed password for invalid user NetLinx from 80.94.95.241 port 62772 ssh2
May  8 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Received disconnect from 80.94.95.241 port 62772:11: Bye [preauth]
May  8 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: Disconnected from 80.94.95.241 port 62772 [preauth]
May  8 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 21:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19360]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19411]: pam_unix(cron:session): session closed for user p13x
May  8 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: Successful su for rubyman by root
May  8 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: + ??? root:rubyman
May  8 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355613 of user rubyman.
May  8 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19473]: pam_unix(su:session): session closed for user rubyman
May  8 21:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355613.
May  8 21:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16708]: pam_unix(cron:session): session closed for user root
May  8 21:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session closed for user samftp
May  8 21:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18582]: pam_unix(cron:session): session closed for user root
May  8 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user p13x
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: Successful su for rubyman by root
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: + ??? root:rubyman
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355618 of user rubyman.
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19948]: pam_unix(su:session): session closed for user rubyman
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355618.
May  8 21:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19824]: pam_unix(cron:session): session closed for user root
May  8 21:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user root
May  8 21:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user samftp
May  8 21:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18994]: pam_unix(cron:session): session closed for user root
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20324]: pam_unix(cron:session): session closed for user root
May  8 21:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20319]: pam_unix(cron:session): session closed for user p13x
May  8 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20388]: Successful su for rubyman by root
May  8 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20388]: + ??? root:rubyman
May  8 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20388]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355624 of user rubyman.
May  8 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20388]: pam_unix(su:session): session closed for user rubyman
May  8 21:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355624.
May  8 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20321]: pam_unix(cron:session): session closed for user root
May  8 21:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17611]: pam_unix(cron:session): session closed for user root
May  8 21:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20320]: pam_unix(cron:session): session closed for user samftp
May  8 21:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session closed for user root
May  8 21:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20757]: pam_unix(cron:session): session closed for user p13x
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: Successful su for rubyman by root
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: + ??? root:rubyman
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355629 of user rubyman.
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20830]: pam_unix(su:session): session closed for user rubyman
May  8 21:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355629.
May  8 21:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18146]: pam_unix(cron:session): session closed for user root
May  8 21:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20758]: pam_unix(cron:session): session closed for user samftp
May  8 21:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Invalid user admin from 80.94.95.112
May  8 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: input_userauth_request: invalid user admin [preauth]
May  8 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 21:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user root
May  8 21:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for invalid user admin from 80.94.95.112 port 10829 ssh2
May  8 21:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for invalid user admin from 80.94.95.112 port 10829 ssh2
May  8 21:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for invalid user admin from 80.94.95.112 port 10829 ssh2
May  8 21:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for invalid user admin from 80.94.95.112 port 10829 ssh2
May  8 21:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Failed password for invalid user admin from 80.94.95.112 port 10829 ssh2
May  8 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Received disconnect from 80.94.95.112 port 10829:11: Bye [preauth]
May  8 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: Disconnected from 80.94.95.112 port 10829 [preauth]
May  8 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 21:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21093]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21193]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21192]: pam_unix(cron:session): session closed for user p13x
May  8 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: Successful su for rubyman by root
May  8 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: + ??? root:rubyman
May  8 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355632 of user rubyman.
May  8 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21281]: pam_unix(su:session): session closed for user rubyman
May  8 21:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355632.
May  8 21:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18581]: pam_unix(cron:session): session closed for user root
May  8 21:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21193]: pam_unix(cron:session): session closed for user samftp
May  8 21:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20323]: pam_unix(cron:session): session closed for user root
May  8 21:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: Invalid user git from 80.94.95.116
May  8 21:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: input_userauth_request: invalid user git [preauth]
May  8 21:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: Failed password for invalid user git from 80.94.95.116 port 59106 ssh2
May  8 21:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21598]: Connection closed by 80.94.95.116 port 59106 [preauth]
May  8 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21632]: pam_unix(cron:session): session closed for user p13x
May  8 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: Successful su for rubyman by root
May  8 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: + ??? root:rubyman
May  8 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355636 of user rubyman.
May  8 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21717]: pam_unix(su:session): session closed for user rubyman
May  8 21:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355636.
May  8 21:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18993]: pam_unix(cron:session): session closed for user root
May  8 21:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21633]: pam_unix(cron:session): session closed for user samftp
May  8 21:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Invalid user ton from 118.45.205.44
May  8 21:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: input_userauth_request: invalid user ton [preauth]
May  8 21:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Failed password for invalid user ton from 118.45.205.44 port 56790 ssh2
May  8 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Received disconnect from 118.45.205.44 port 56790:11: Bye Bye [preauth]
May  8 21:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22192]: Disconnected from 118.45.205.44 port 56790 [preauth]
May  8 21:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20760]: pam_unix(cron:session): session closed for user root
May  8 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22377]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22378]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22377]: pam_unix(cron:session): session closed for user p13x
May  8 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: Successful su for rubyman by root
May  8 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: + ??? root:rubyman
May  8 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355640 of user rubyman.
May  8 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22461]: pam_unix(su:session): session closed for user rubyman
May  8 21:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355640.
May  8 21:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user root
May  8 21:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22378]: pam_unix(cron:session): session closed for user samftp
May  8 21:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21195]: pam_unix(cron:session): session closed for user root
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22838]: pam_unix(cron:session): session closed for user root
May  8 21:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22831]: pam_unix(cron:session): session closed for user p13x
May  8 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: Successful su for rubyman by root
May  8 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: + ??? root:rubyman
May  8 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355647 of user rubyman.
May  8 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22920]: pam_unix(su:session): session closed for user rubyman
May  8 21:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355647.
May  8 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user root
May  8 21:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22833]: pam_unix(cron:session): session closed for user root
May  8 21:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22832]: pam_unix(cron:session): session closed for user samftp
May  8 21:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21635]: pam_unix(cron:session): session closed for user root
May  8 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23404]: pam_unix(cron:session): session closed for user p13x
May  8 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23480]: Successful su for rubyman by root
May  8 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23480]: + ??? root:rubyman
May  8 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355650 of user rubyman.
May  8 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23480]: pam_unix(su:session): session closed for user rubyman
May  8 21:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355650.
May  8 21:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20322]: pam_unix(cron:session): session closed for user root
May  8 21:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23406]: pam_unix(cron:session): session closed for user samftp
May  8 21:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22380]: pam_unix(cron:session): session closed for user root
May  8 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23920]: pam_unix(cron:session): session closed for user p13x
May  8 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: Successful su for rubyman by root
May  8 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: + ??? root:rubyman
May  8 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355654 of user rubyman.
May  8 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23999]: pam_unix(su:session): session closed for user rubyman
May  8 21:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355654.
May  8 21:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20759]: pam_unix(cron:session): session closed for user root
May  8 21:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23921]: pam_unix(cron:session): session closed for user samftp
May  8 21:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22837]: pam_unix(cron:session): session closed for user root
May  8 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24360]: pam_unix(cron:session): session closed for user p13x
May  8 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: Successful su for rubyman by root
May  8 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: + ??? root:rubyman
May  8 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355660 of user rubyman.
May  8 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24430]: pam_unix(su:session): session closed for user rubyman
May  8 21:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355660.
May  8 21:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21194]: pam_unix(cron:session): session closed for user root
May  8 21:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24361]: pam_unix(cron:session): session closed for user samftp
May  8 21:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23408]: pam_unix(cron:session): session closed for user root
May  8 21:48:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Failed password for root from 118.45.205.44 port 46401 ssh2
May  8 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Received disconnect from 118.45.205.44 port 46401:11: Bye Bye [preauth]
May  8 21:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24754]: Disconnected from 118.45.205.44 port 46401 [preauth]
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24788]: pam_unix(cron:session): session closed for user p13x
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: Successful su for rubyman by root
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: + ??? root:rubyman
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355663 of user rubyman.
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24853]: pam_unix(su:session): session closed for user rubyman
May  8 21:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355663.
May  8 21:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21634]: pam_unix(cron:session): session closed for user root
May  8 21:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24789]: pam_unix(cron:session): session closed for user samftp
May  8 21:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Invalid user xh from 164.68.105.9
May  8 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: input_userauth_request: invalid user xh [preauth]
May  8 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 21:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Failed password for invalid user xh from 164.68.105.9 port 46260 ssh2
May  8 21:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Connection closed by 164.68.105.9 port 46260 [preauth]
May  8 21:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23923]: pam_unix(cron:session): session closed for user root
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user root
May  8 21:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25199]: pam_unix(cron:session): session closed for user p13x
May  8 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: Successful su for rubyman by root
May  8 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: + ??? root:rubyman
May  8 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355669 of user rubyman.
May  8 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25280]: pam_unix(su:session): session closed for user rubyman
May  8 21:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355669.
May  8 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25201]: pam_unix(cron:session): session closed for user root
May  8 21:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22379]: pam_unix(cron:session): session closed for user root
May  8 21:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25200]: pam_unix(cron:session): session closed for user samftp
May  8 21:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24364]: pam_unix(cron:session): session closed for user root
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25683]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25681]: pam_unix(cron:session): session closed for user p13x
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25769]: Successful su for rubyman by root
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25769]: + ??? root:rubyman
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355673 of user rubyman.
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25769]: pam_unix(su:session): session closed for user rubyman
May  8 21:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355673.
May  8 21:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22835]: pam_unix(cron:session): session closed for user root
May  8 21:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25682]: pam_unix(cron:session): session closed for user samftp
May  8 21:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24791]: pam_unix(cron:session): session closed for user root
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26142]: pam_unix(cron:session): session closed for user p13x
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26204]: Successful su for rubyman by root
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26204]: + ??? root:rubyman
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26204]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355677 of user rubyman.
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26204]: pam_unix(su:session): session closed for user rubyman
May  8 21:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355677.
May  8 21:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23407]: pam_unix(cron:session): session closed for user root
May  8 21:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26143]: pam_unix(cron:session): session closed for user samftp
May  8 21:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user root
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26617]: pam_unix(cron:session): session closed for user p13x
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26689]: Successful su for rubyman by root
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26689]: + ??? root:rubyman
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355680 of user rubyman.
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26689]: pam_unix(su:session): session closed for user rubyman
May  8 21:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355680.
May  8 21:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23922]: pam_unix(cron:session): session closed for user root
May  8 21:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26618]: pam_unix(cron:session): session closed for user samftp
May  8 21:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25684]: pam_unix(cron:session): session closed for user root
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27092]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27092]: pam_unix(cron:session): session closed for user p13x
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27161]: Successful su for rubyman by root
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27161]: + ??? root:rubyman
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355685 of user rubyman.
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27161]: pam_unix(su:session): session closed for user rubyman
May  8 21:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355685.
May  8 21:54:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Invalid user rami from 118.45.205.44
May  8 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: input_userauth_request: invalid user rami [preauth]
May  8 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): check pass; user unknown
May  8 21:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24363]: pam_unix(cron:session): session closed for user root
May  8 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Failed password for invalid user rami from 118.45.205.44 port 36006 ssh2
May  8 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Received disconnect from 118.45.205.44 port 36006:11: Bye Bye [preauth]
May  8 21:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27279]: Disconnected from 118.45.205.44 port 36006 [preauth]
May  8 21:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27093]: pam_unix(cron:session): session closed for user samftp
May  8 21:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26145]: pam_unix(cron:session): session closed for user root
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27575]: pam_unix(cron:session): session closed for user root
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user p13x
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: Successful su for rubyman by root
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: + ??? root:rubyman
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355691 of user rubyman.
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27644]: pam_unix(su:session): session closed for user rubyman
May  8 21:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355691.
May  8 21:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
May  8 21:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24790]: pam_unix(cron:session): session closed for user root
May  8 21:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user samftp
May  8 21:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26620]: pam_unix(cron:session): session closed for user root
May  8 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session closed for user p13x
May  8 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28082]: Successful su for rubyman by root
May  8 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28082]: + ??? root:rubyman
May  8 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355695 of user rubyman.
May  8 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28082]: pam_unix(su:session): session closed for user rubyman
May  8 21:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355695.
May  8 21:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session closed for user root
May  8 21:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session closed for user samftp
May  8 21:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27096]: pam_unix(cron:session): session closed for user root
May  8 21:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28425]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28425]: pam_unix(cron:session): session closed for user p13x
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28496]: Successful su for rubyman by root
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28496]: + ??? root:rubyman
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355698 of user rubyman.
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28496]: pam_unix(su:session): session closed for user rubyman
May  8 21:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355698.
May  8 21:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25683]: pam_unix(cron:session): session closed for user root
May  8 21:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28426]: pam_unix(cron:session): session closed for user samftp
May  8 21:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27574]: pam_unix(cron:session): session closed for user root
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28833]: pam_unix(cron:session): session closed for user p13x
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: Successful su for rubyman by root
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: + ??? root:rubyman
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355704 of user rubyman.
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28901]: pam_unix(su:session): session closed for user rubyman
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355704.
May  8 21:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  8 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26144]: pam_unix(cron:session): session closed for user root
May  8 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Failed password for root from 193.70.84.184 port 40428 ssh2
May  8 21:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28829]: Connection closed by 193.70.84.184 port 40428 [preauth]
May  8 21:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28834]: pam_unix(cron:session): session closed for user samftp
May  8 21:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28016]: pam_unix(cron:session): session closed for user root
May  8 21:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:58:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 21:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: Failed password for root from 80.94.95.115 port 41346 ssh2
May  8 21:58:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29309]: Connection closed by 80.94.95.115 port 41346 [preauth]
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29339]: pam_unix(cron:session): session closed for user p13x
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29404]: Successful su for rubyman by root
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29404]: + ??? root:rubyman
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29404]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355706 of user rubyman.
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29404]: pam_unix(su:session): session closed for user rubyman
May  8 21:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355706.
May  8 21:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26619]: pam_unix(cron:session): session closed for user root
May  8 21:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29340]: pam_unix(cron:session): session closed for user samftp
May  8 21:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28428]: pam_unix(cron:session): session closed for user root
May  8 21:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 21:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: Failed password for root from 118.45.205.44 port 53848 ssh2
May  8 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: Received disconnect from 118.45.205.44 port 53848:11: Bye Bye [preauth]
May  8 21:59:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29687]: Disconnected from 118.45.205.44 port 53848 [preauth]
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29753]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29752]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29758]: pam_unix(cron:session): session closed for user root
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29754]: pam_unix(cron:session): session closed for user root
May  8 22:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29752]: pam_unix(cron:session): session closed for user p13x
May  8 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29847]: Successful su for rubyman by root
May  8 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29847]: + ??? root:rubyman
May  8 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355710 of user rubyman.
May  8 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29847]: pam_unix(su:session): session closed for user rubyman
May  8 22:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355710.
May  8 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27095]: pam_unix(cron:session): session closed for user root
May  8 22:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29755]: pam_unix(cron:session): session closed for user root
May  8 22:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29753]: pam_unix(cron:session): session closed for user samftp
May  8 22:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28837]: pam_unix(cron:session): session closed for user root
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30244]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30244]: pam_unix(cron:session): session closed for user p13x
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: Successful su for rubyman by root
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: + ??? root:rubyman
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355718 of user rubyman.
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30313]: pam_unix(su:session): session closed for user rubyman
May  8 22:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355718.
May  8 22:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session closed for user root
May  8 22:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30245]: pam_unix(cron:session): session closed for user samftp
May  8 22:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29342]: pam_unix(cron:session): session closed for user root
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session closed for user p13x
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: Successful su for rubyman by root
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: + ??? root:rubyman
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355723 of user rubyman.
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30715]: pam_unix(su:session): session closed for user rubyman
May  8 22:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355723.
May  8 22:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session closed for user root
May  8 22:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session closed for user samftp
May  8 22:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29757]: pam_unix(cron:session): session closed for user root
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31142]: pam_unix(cron:session): session closed for user p13x
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: Successful su for rubyman by root
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: + ??? root:rubyman
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355727 of user rubyman.
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31207]: pam_unix(su:session): session closed for user rubyman
May  8 22:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355727.
May  8 22:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28427]: pam_unix(cron:session): session closed for user root
May  8 22:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31143]: pam_unix(cron:session): session closed for user samftp
May  8 22:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30247]: pam_unix(cron:session): session closed for user root
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31554]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31555]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31554]: pam_unix(cron:session): session closed for user p13x
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31617]: Successful su for rubyman by root
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31617]: + ??? root:rubyman
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355729 of user rubyman.
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31617]: pam_unix(su:session): session closed for user rubyman
May  8 22:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355729.
May  8 22:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28836]: pam_unix(cron:session): session closed for user root
May  8 22:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31555]: pam_unix(cron:session): session closed for user samftp
May  8 22:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30655]: pam_unix(cron:session): session closed for user root
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32217]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32223]: pam_unix(cron:session): session closed for user root
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32217]: pam_unix(cron:session): session closed for user p13x
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: Successful su for rubyman by root
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: + ??? root:rubyman
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355733 of user rubyman.
May  8 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32347]: pam_unix(su:session): session closed for user rubyman
May  8 22:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355733.
May  8 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32220]: pam_unix(cron:session): session closed for user root
May  8 22:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29341]: pam_unix(cron:session): session closed for user root
May  8 22:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32218]: pam_unix(cron:session): session closed for user samftp
May  8 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Failed password for root from 118.45.205.44 port 43458 ssh2
May  8 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Received disconnect from 118.45.205.44 port 43458:11: Bye Bye [preauth]
May  8 22:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32488]: Disconnected from 118.45.205.44 port 43458 [preauth]
May  8 22:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31147]: pam_unix(cron:session): session closed for user root
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[412]: pam_unix(cron:session): session closed for user p13x
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: Successful su for rubyman by root
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: + ??? root:rubyman
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355742 of user rubyman.
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[520]: pam_unix(su:session): session closed for user rubyman
May  8 22:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355742.
May  8 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29756]: pam_unix(cron:session): session closed for user root
May  8 22:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[414]: pam_unix(cron:session): session closed for user samftp
May  8 22:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31557]: pam_unix(cron:session): session closed for user root
May  8 22:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: Failed password for root from 218.92.0.179 port 61742 ssh2
May  8 22:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61742 ssh2]
May  8 22:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: Received disconnect from 218.92.0.179 port 61742:11:  [preauth]
May  8 22:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: Disconnected from 218.92.0.179 port 61742 [preauth]
May  8 22:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[801]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[902]: pam_unix(cron:session): session closed for user p13x
May  8 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: Successful su for rubyman by root
May  8 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: + ??? root:rubyman
May  8 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355744 of user rubyman.
May  8 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[983]: pam_unix(su:session): session closed for user rubyman
May  8 22:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355744.
May  8 22:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30246]: pam_unix(cron:session): session closed for user root
May  8 22:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[903]: pam_unix(cron:session): session closed for user samftp
May  8 22:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32222]: pam_unix(cron:session): session closed for user root
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1379]: pam_unix(cron:session): session closed for user p13x
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: Successful su for rubyman by root
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: + ??? root:rubyman
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355747 of user rubyman.
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1470]: pam_unix(su:session): session closed for user rubyman
May  8 22:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355747.
May  8 22:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user root
May  8 22:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1380]: pam_unix(cron:session): session closed for user samftp
May  8 22:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[416]: pam_unix(cron:session): session closed for user root
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1859]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1860]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1857]: pam_unix(cron:session): session closed for user p13x
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: Successful su for rubyman by root
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: + ??? root:rubyman
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355752 of user rubyman.
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2065]: pam_unix(su:session): session closed for user rubyman
May  8 22:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355752.
May  8 22:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1855]: pam_unix(cron:session): session closed for user root
May  8 22:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31146]: pam_unix(cron:session): session closed for user root
May  8 22:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1858]: pam_unix(cron:session): session closed for user samftp
May  8 22:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[907]: pam_unix(cron:session): session closed for user root
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2468]: pam_unix(cron:session): session closed for user root
May  8 22:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2461]: pam_unix(cron:session): session closed for user p13x
May  8 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: Successful su for rubyman by root
May  8 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: + ??? root:rubyman
May  8 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355758 of user rubyman.
May  8 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2538]: pam_unix(su:session): session closed for user rubyman
May  8 22:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355758.
May  8 22:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2464]: pam_unix(cron:session): session closed for user root
May  8 22:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31556]: pam_unix(cron:session): session closed for user root
May  8 22:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2462]: pam_unix(cron:session): session closed for user samftp
May  8 22:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1382]: pam_unix(cron:session): session closed for user root
May  8 22:10:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Invalid user dev from 118.45.205.44
May  8 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: input_userauth_request: invalid user dev [preauth]
May  8 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Failed password for invalid user dev from 118.45.205.44 port 33068 ssh2
May  8 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Received disconnect from 118.45.205.44 port 33068:11: Bye Bye [preauth]
May  8 22:10:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Disconnected from 118.45.205.44 port 33068 [preauth]
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2940]: pam_unix(cron:session): session closed for user p13x
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: Successful su for rubyman by root
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: + ??? root:rubyman
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355762 of user rubyman.
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3010]: pam_unix(su:session): session closed for user rubyman
May  8 22:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355762.
May  8 22:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Failed password for root from 218.92.0.179 port 54166 ssh2
May  8 22:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32221]: pam_unix(cron:session): session closed for user root
May  8 22:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2941]: pam_unix(cron:session): session closed for user samftp
May  8 22:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Failed password for root from 218.92.0.179 port 54166 ssh2
May  8 22:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Failed password for root from 218.92.0.179 port 54166 ssh2
May  8 22:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Received disconnect from 218.92.0.179 port 54166:11:  [preauth]
May  8 22:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: Disconnected from 218.92.0.179 port 54166 [preauth]
May  8 22:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2937]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1860]: pam_unix(cron:session): session closed for user root
May  8 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session closed for user p13x
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3423]: Successful su for rubyman by root
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3423]: + ??? root:rubyman
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3423]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355767 of user rubyman.
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3423]: pam_unix(su:session): session closed for user rubyman
May  8 22:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355767.
May  8 22:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[415]: pam_unix(cron:session): session closed for user root
May  8 22:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3348]: pam_unix(cron:session): session closed for user samftp
May  8 22:12:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Invalid user admin from 80.94.95.112
May  8 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: input_userauth_request: invalid user admin [preauth]
May  8 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for invalid user admin from 80.94.95.112 port 54426 ssh2
May  8 22:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for invalid user admin from 80.94.95.112 port 54426 ssh2
May  8 22:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for invalid user admin from 80.94.95.112 port 54426 ssh2
May  8 22:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for invalid user admin from 80.94.95.112 port 54426 ssh2
May  8 22:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Failed password for invalid user admin from 80.94.95.112 port 54426 ssh2
May  8 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Received disconnect from 80.94.95.112 port 54426:11: Bye [preauth]
May  8 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: Disconnected from 80.94.95.112 port 54426 [preauth]
May  8 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 22:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3658]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 22:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2467]: pam_unix(cron:session): session closed for user root
May  8 22:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Invalid user ubnt from 80.94.95.115
May  8 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: input_userauth_request: invalid user ubnt [preauth]
May  8 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3796]: pam_unix(cron:session): session closed for user p13x
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: Successful su for rubyman by root
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: + ??? root:rubyman
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355770 of user rubyman.
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3856]: pam_unix(su:session): session closed for user rubyman
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355770.
May  8 22:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Failed password for invalid user ubnt from 80.94.95.115 port 23384 ssh2
May  8 22:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3793]: Connection closed by 80.94.95.115 port 23384 [preauth]
May  8 22:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[906]: pam_unix(cron:session): session closed for user root
May  8 22:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session closed for user samftp
May  8 22:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2943]: pam_unix(cron:session): session closed for user root
May  8 22:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4179]: Connection closed by 27.252.144.74 port 16388 [preauth]
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4265]: pam_unix(cron:session): session closed for user p13x
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: Successful su for rubyman by root
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: + ??? root:rubyman
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355775 of user rubyman.
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4450]: pam_unix(su:session): session closed for user rubyman
May  8 22:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355775.
May  8 22:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1381]: pam_unix(cron:session): session closed for user root
May  8 22:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4266]: pam_unix(cron:session): session closed for user samftp
May  8 22:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 22:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Failed password for root from 80.94.95.241 port 62608 ssh2
May  8 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 62608 ssh2]
May  8 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Received disconnect from 80.94.95.241 port 62608:11: Bye [preauth]
May  8 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: Disconnected from 80.94.95.241 port 62608 [preauth]
May  8 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4682]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 22:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3350]: pam_unix(cron:session): session closed for user root
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4818]: pam_unix(cron:session): session closed for user root
May  8 22:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4813]: pam_unix(cron:session): session closed for user p13x
May  8 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4890]: Successful su for rubyman by root
May  8 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4890]: + ??? root:rubyman
May  8 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4890]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355779 of user rubyman.
May  8 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4890]: pam_unix(su:session): session closed for user rubyman
May  8 22:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355779.
May  8 22:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4815]: pam_unix(cron:session): session closed for user root
May  8 22:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1859]: pam_unix(cron:session): session closed for user root
May  8 22:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4814]: pam_unix(cron:session): session closed for user samftp
May  8 22:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3799]: pam_unix(cron:session): session closed for user root
May  8 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5459]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session closed for user p13x
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: Successful su for rubyman by root
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: + ??? root:rubyman
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355784 of user rubyman.
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5539]: pam_unix(su:session): session closed for user rubyman
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355784.
May  8 22:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Invalid user crew from 118.45.205.44
May  8 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: input_userauth_request: invalid user crew [preauth]
May  8 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2466]: pam_unix(cron:session): session closed for user root
May  8 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Failed password for invalid user crew from 118.45.205.44 port 50911 ssh2
May  8 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Received disconnect from 118.45.205.44 port 50911:11: Bye Bye [preauth]
May  8 22:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5610]: Disconnected from 118.45.205.44 port 50911 [preauth]
May  8 22:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session closed for user samftp
May  8 22:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4268]: pam_unix(cron:session): session closed for user root
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session closed for user root
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session closed for user p13x
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6085]: Successful su for rubyman by root
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6085]: + ??? root:rubyman
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6085]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355788 of user rubyman.
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6085]: pam_unix(su:session): session closed for user rubyman
May  8 22:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355788.
May  8 22:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2942]: pam_unix(cron:session): session closed for user root
May  8 22:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6021]: pam_unix(cron:session): session closed for user samftp
May  8 22:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4817]: pam_unix(cron:session): session closed for user root
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6438]: pam_unix(cron:session): session closed for user p13x
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6502]: Successful su for rubyman by root
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6502]: + ??? root:rubyman
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6502]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355793 of user rubyman.
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6502]: pam_unix(su:session): session closed for user rubyman
May  8 22:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355793.
May  8 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3349]: pam_unix(cron:session): session closed for user root
May  8 22:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6439]: pam_unix(cron:session): session closed for user samftp
May  8 22:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5459]: pam_unix(cron:session): session closed for user root
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6841]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6841]: pam_unix(cron:session): session closed for user p13x
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: Successful su for rubyman by root
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: + ??? root:rubyman
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355799 of user rubyman.
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6903]: pam_unix(su:session): session closed for user rubyman
May  8 22:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355799.
May  8 22:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session closed for user root
May  8 22:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6842]: pam_unix(cron:session): session closed for user samftp
May  8 22:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6023]: pam_unix(cron:session): session closed for user root
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7356]: pam_unix(cron:session): session closed for user root
May  8 22:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7351]: pam_unix(cron:session): session closed for user p13x
May  8 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7417]: Successful su for rubyman by root
May  8 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7417]: + ??? root:rubyman
May  8 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7417]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355802 of user rubyman.
May  8 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7417]: pam_unix(su:session): session closed for user rubyman
May  8 22:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355802.
May  8 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7353]: pam_unix(cron:session): session closed for user root
May  8 22:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4267]: pam_unix(cron:session): session closed for user root
May  8 22:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7352]: pam_unix(cron:session): session closed for user samftp
May  8 22:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6441]: pam_unix(cron:session): session closed for user root
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7904]: pam_unix(cron:session): session closed for user p13x
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7977]: Successful su for rubyman by root
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7977]: + ??? root:rubyman
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355807 of user rubyman.
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7977]: pam_unix(su:session): session closed for user rubyman
May  8 22:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355807.
May  8 22:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4816]: pam_unix(cron:session): session closed for user root
May  8 22:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7905]: pam_unix(cron:session): session closed for user samftp
May  8 22:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: Invalid user kodi from 118.45.205.44
May  8 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: input_userauth_request: invalid user kodi [preauth]
May  8 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 22:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: Failed password for invalid user kodi from 118.45.205.44 port 40514 ssh2
May  8 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: Received disconnect from 118.45.205.44 port 40514:11: Bye Bye [preauth]
May  8 22:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8217]: Disconnected from 118.45.205.44 port 40514 [preauth]
May  8 22:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6844]: pam_unix(cron:session): session closed for user root
May  8 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8345]: pam_unix(cron:session): session closed for user p13x
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8406]: Successful su for rubyman by root
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8406]: + ??? root:rubyman
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8406]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355813 of user rubyman.
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8406]: pam_unix(su:session): session closed for user rubyman
May  8 22:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355813.
May  8 22:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5458]: pam_unix(cron:session): session closed for user root
May  8 22:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8346]: pam_unix(cron:session): session closed for user samftp
May  8 22:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7355]: pam_unix(cron:session): session closed for user root
May  8 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8772]: pam_unix(cron:session): session closed for user p13x
May  8 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: Successful su for rubyman by root
May  8 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: + ??? root:rubyman
May  8 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355815 of user rubyman.
May  8 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8831]: pam_unix(su:session): session closed for user rubyman
May  8 22:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355815.
May  8 22:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6022]: pam_unix(cron:session): session closed for user root
May  8 22:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8773]: pam_unix(cron:session): session closed for user samftp
May  8 22:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7907]: pam_unix(cron:session): session closed for user root
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9276]: pam_unix(cron:session): session closed for user p13x
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: Successful su for rubyman by root
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: + ??? root:rubyman
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355820 of user rubyman.
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9359]: pam_unix(su:session): session closed for user rubyman
May  8 22:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355820.
May  8 22:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6440]: pam_unix(cron:session): session closed for user root
May  8 22:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9277]: pam_unix(cron:session): session closed for user samftp
May  8 22:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8348]: pam_unix(cron:session): session closed for user root
May  8 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9695]: pam_unix(cron:session): session closed for user root
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9689]: pam_unix(cron:session): session closed for user p13x
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9775]: Successful su for rubyman by root
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9775]: + ??? root:rubyman
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355826 of user rubyman.
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9775]: pam_unix(su:session): session closed for user rubyman
May  8 22:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355826.
May  8 22:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6843]: pam_unix(cron:session): session closed for user root
May  8 22:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9691]: pam_unix(cron:session): session closed for user root
May  8 22:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9690]: pam_unix(cron:session): session closed for user samftp
May  8 22:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8775]: pam_unix(cron:session): session closed for user root
May  8 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10133]: pam_unix(cron:session): session closed for user p13x
May  8 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: Successful su for rubyman by root
May  8 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: + ??? root:rubyman
May  8 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355829 of user rubyman.
May  8 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10218]: pam_unix(su:session): session closed for user rubyman
May  8 22:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355829.
May  8 22:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7354]: pam_unix(cron:session): session closed for user root
May  8 22:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10134]: pam_unix(cron:session): session closed for user samftp
May  8 22:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9279]: pam_unix(cron:session): session closed for user root
May  8 22:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Invalid user hadoop from 118.45.205.44
May  8 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: input_userauth_request: invalid user hadoop [preauth]
May  8 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Failed password for invalid user hadoop from 118.45.205.44 port 58360 ssh2
May  8 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Received disconnect from 118.45.205.44 port 58360:11: Bye Bye [preauth]
May  8 22:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Disconnected from 118.45.205.44 port 58360 [preauth]
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10692]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10691]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10691]: pam_unix(cron:session): session closed for user p13x
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10777]: Successful su for rubyman by root
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10777]: + ??? root:rubyman
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10777]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355833 of user rubyman.
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10777]: pam_unix(su:session): session closed for user rubyman
May  8 22:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355833.
May  8 22:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7906]: pam_unix(cron:session): session closed for user root
May  8 22:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10692]: pam_unix(cron:session): session closed for user samftp
May  8 22:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9694]: pam_unix(cron:session): session closed for user root
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11103]: pam_unix(cron:session): session closed for user p13x
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: Successful su for rubyman by root
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: + ??? root:rubyman
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355838 of user rubyman.
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11168]: pam_unix(su:session): session closed for user rubyman
May  8 22:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355838.
May  8 22:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8347]: pam_unix(cron:session): session closed for user root
May  8 22:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11104]: pam_unix(cron:session): session closed for user samftp
May  8 22:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Failed password for root from 218.92.0.179 port 29643 ssh2
May  8 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 29643 ssh2]
May  8 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Received disconnect from 218.92.0.179 port 29643:11:  [preauth]
May  8 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: Disconnected from 218.92.0.179 port 29643 [preauth]
May  8 22:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11375]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10136]: pam_unix(cron:session): session closed for user root
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11496]: pam_unix(cron:session): session closed for user p13x
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: Successful su for rubyman by root
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: + ??? root:rubyman
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355842 of user rubyman.
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11568]: pam_unix(su:session): session closed for user rubyman
May  8 22:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355842.
May  8 22:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8774]: pam_unix(cron:session): session closed for user root
May  8 22:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11497]: pam_unix(cron:session): session closed for user samftp
May  8 22:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10694]: pam_unix(cron:session): session closed for user root
May  8 22:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Invalid user admin from 80.94.95.116
May  8 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: input_userauth_request: invalid user admin [preauth]
May  8 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 22:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Failed password for invalid user admin from 80.94.95.116 port 39252 ssh2
May  8 22:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11883]: Connection closed by 80.94.95.116 port 39252 [preauth]
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11900]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11898]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11896]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11897]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11902]: pam_unix(cron:session): session closed for user root
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11896]: pam_unix(cron:session): session closed for user p13x
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: Successful su for rubyman by root
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: + ??? root:rubyman
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355848 of user rubyman.
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11971]: pam_unix(su:session): session closed for user rubyman
May  8 22:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355848.
May  8 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11898]: pam_unix(cron:session): session closed for user root
May  8 22:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9278]: pam_unix(cron:session): session closed for user root
May  8 22:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11897]: pam_unix(cron:session): session closed for user samftp
May  8 22:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11106]: pam_unix(cron:session): session closed for user root
May  8 22:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12337]: pam_unix(cron:session): session closed for user p13x
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12405]: Successful su for rubyman by root
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12405]: + ??? root:rubyman
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12405]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355851 of user rubyman.
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12405]: pam_unix(su:session): session closed for user rubyman
May  8 22:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355851.
May  8 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9692]: pam_unix(cron:session): session closed for user root
May  8 22:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12341]: pam_unix(cron:session): session closed for user samftp
May  8 22:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11499]: pam_unix(cron:session): session closed for user root
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12727]: pam_unix(cron:session): session closed for user p13x
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: Successful su for rubyman by root
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: + ??? root:rubyman
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355857 of user rubyman.
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12786]: pam_unix(su:session): session closed for user rubyman
May  8 22:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355857.
May  8 22:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10135]: pam_unix(cron:session): session closed for user root
May  8 22:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12728]: pam_unix(cron:session): session closed for user samftp
May  8 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Invalid user uno85c from 118.45.205.44
May  8 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: input_userauth_request: invalid user uno85c [preauth]
May  8 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 22:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Failed password for invalid user uno85c from 118.45.205.44 port 47970 ssh2
May  8 22:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Received disconnect from 118.45.205.44 port 47970:11: Bye Bye [preauth]
May  8 22:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13029]: Disconnected from 118.45.205.44 port 47970 [preauth]
May  8 22:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11901]: pam_unix(cron:session): session closed for user root
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13122]: pam_unix(cron:session): session closed for user p13x
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13180]: Successful su for rubyman by root
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13180]: + ??? root:rubyman
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355860 of user rubyman.
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13180]: pam_unix(su:session): session closed for user rubyman
May  8 22:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355860.
May  8 22:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10693]: pam_unix(cron:session): session closed for user root
May  8 22:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13123]: pam_unix(cron:session): session closed for user samftp
May  8 22:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12343]: pam_unix(cron:session): session closed for user root
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13616]: pam_unix(cron:session): session closed for user p13x
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13688]: Successful su for rubyman by root
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13688]: + ??? root:rubyman
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355865 of user rubyman.
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13688]: pam_unix(su:session): session closed for user rubyman
May  8 22:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355865.
May  8 22:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11105]: pam_unix(cron:session): session closed for user root
May  8 22:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13617]: pam_unix(cron:session): session closed for user samftp
May  8 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13909]: Did not receive identification string from 92.118.39.97
May  8 22:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12731]: pam_unix(cron:session): session closed for user root
May  8 22:34:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14011]: Connection closed by 27.252.144.74 port 49976 [preauth]
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14037]: pam_unix(cron:session): session closed for user root
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14032]: pam_unix(cron:session): session closed for user p13x
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14101]: Successful su for rubyman by root
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14101]: + ??? root:rubyman
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355867 of user rubyman.
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14101]: pam_unix(su:session): session closed for user rubyman
May  8 22:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355867.
May  8 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14034]: pam_unix(cron:session): session closed for user root
May  8 22:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11498]: pam_unix(cron:session): session closed for user root
May  8 22:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14033]: pam_unix(cron:session): session closed for user samftp
May  8 22:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13125]: pam_unix(cron:session): session closed for user root
May  8 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14459]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14458]: pam_unix(cron:session): session closed for user p13x
May  8 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: Successful su for rubyman by root
May  8 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: + ??? root:rubyman
May  8 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355874 of user rubyman.
May  8 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14529]: pam_unix(su:session): session closed for user rubyman
May  8 22:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355874.
May  8 22:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11900]: pam_unix(cron:session): session closed for user root
May  8 22:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14459]: pam_unix(cron:session): session closed for user samftp
May  8 22:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13619]: pam_unix(cron:session): session closed for user root
May  8 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14870]: pam_unix(cron:session): session closed for user p13x
May  8 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: Successful su for rubyman by root
May  8 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: + ??? root:rubyman
May  8 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355877 of user rubyman.
May  8 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14947]: pam_unix(su:session): session closed for user rubyman
May  8 22:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355877.
May  8 22:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12342]: pam_unix(cron:session): session closed for user root
May  8 22:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14872]: pam_unix(cron:session): session closed for user samftp
May  8 22:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Invalid user ad from 27.252.144.74
May  8 22:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: input_userauth_request: invalid user ad [preauth]
May  8 22:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  8 22:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Failed password for invalid user ad from 27.252.144.74 port 50061 ssh2
May  8 22:37:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14036]: pam_unix(cron:session): session closed for user root
May  8 22:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15159]: Connection closed by 27.252.144.74 port 50061 [preauth]
May  8 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15284]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15283]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15283]: pam_unix(cron:session): session closed for user p13x
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: Successful su for rubyman by root
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: + ??? root:rubyman
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355882 of user rubyman.
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15349]: pam_unix(su:session): session closed for user rubyman
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355882.
May  8 22:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:38:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 22:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12730]: pam_unix(cron:session): session closed for user root
May  8 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: Failed password for root from 118.45.205.44 port 37582 ssh2
May  8 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: Received disconnect from 118.45.205.44 port 37582:11: Bye Bye [preauth]
May  8 22:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15359]: Disconnected from 118.45.205.44 port 37582 [preauth]
May  8 22:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15284]: pam_unix(cron:session): session closed for user samftp
May  8 22:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14461]: pam_unix(cron:session): session closed for user root
May  8 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15674]: pam_unix(cron:session): session closed for user p13x
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15800]: Successful su for rubyman by root
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15800]: + ??? root:rubyman
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15800]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355885 of user rubyman.
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15800]: pam_unix(su:session): session closed for user rubyman
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355885.
May  8 22:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15672]: pam_unix(cron:session): session closed for user root
May  8 22:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13124]: pam_unix(cron:session): session closed for user root
May  8 22:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15675]: pam_unix(cron:session): session closed for user samftp
May  8 22:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14874]: pam_unix(cron:session): session closed for user root
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16164]: pam_unix(cron:session): session closed for user root
May  8 22:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16159]: pam_unix(cron:session): session closed for user p13x
May  8 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16227]: Successful su for rubyman by root
May  8 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16227]: + ??? root:rubyman
May  8 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16227]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355891 of user rubyman.
May  8 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16227]: pam_unix(su:session): session closed for user rubyman
May  8 22:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355891.
May  8 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16161]: pam_unix(cron:session): session closed for user root
May  8 22:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13618]: pam_unix(cron:session): session closed for user root
May  8 22:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16160]: pam_unix(cron:session): session closed for user samftp
May  8 22:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15286]: pam_unix(cron:session): session closed for user root
May  8 22:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Invalid user lol from 27.252.144.74
May  8 22:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: input_userauth_request: invalid user lol [preauth]
May  8 22:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  8 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session closed for user p13x
May  8 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: Successful su for rubyman by root
May  8 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: + ??? root:rubyman
May  8 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355897 of user rubyman.
May  8 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16700]: pam_unix(su:session): session closed for user rubyman
May  8 22:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355897.
May  8 22:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16615]: Failed password for invalid user lol from 27.252.144.74 port 50189 ssh2
May  8 22:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14035]: pam_unix(cron:session): session closed for user root
May  8 22:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session closed for user samftp
May  8 22:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15677]: pam_unix(cron:session): session closed for user root
May  8 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17070]: pam_unix(cron:session): session closed for user p13x
May  8 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: Successful su for rubyman by root
May  8 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: + ??? root:rubyman
May  8 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355900 of user rubyman.
May  8 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17133]: pam_unix(su:session): session closed for user rubyman
May  8 22:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355900.
May  8 22:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14460]: pam_unix(cron:session): session closed for user root
May  8 22:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17071]: pam_unix(cron:session): session closed for user samftp
May  8 22:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16163]: pam_unix(cron:session): session closed for user root
May  8 22:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 218.92.0.179 port 56467 ssh2
May  8 22:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Invalid user admin from 80.94.95.112
May  8 22:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: input_userauth_request: invalid user admin [preauth]
May  8 22:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 22:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 218.92.0.179 port 56467 ssh2
May  8 22:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Invalid user netscreen from 80.94.95.241
May  8 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: input_userauth_request: invalid user netscreen [preauth]
May  8 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user admin from 80.94.95.112 port 65458 ssh2
May  8 22:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Failed password for root from 218.92.0.179 port 56467 ssh2
May  8 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Received disconnect from 218.92.0.179 port 56467:11:  [preauth]
May  8 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: Disconnected from 218.92.0.179 port 56467 [preauth]
May  8 22:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17440]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for invalid user netscreen from 80.94.95.241 port 62789 ssh2
May  8 22:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user admin from 80.94.95.112 port 65458 ssh2
May  8 22:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for invalid user netscreen from 80.94.95.241 port 62789 ssh2
May  8 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user admin from 80.94.95.112 port 65458 ssh2
May  8 22:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for invalid user netscreen from 80.94.95.241 port 62789 ssh2
May  8 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user admin from 80.94.95.112 port 65458 ssh2
May  8 22:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for invalid user netscreen from 80.94.95.241 port 62789 ssh2
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Failed password for invalid user admin from 80.94.95.112 port 65458 ssh2
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Received disconnect from 80.94.95.112 port 65458:11: Bye [preauth]
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: Disconnected from 80.94.95.112 port 65458 [preauth]
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 22:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17442]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17480]: pam_unix(cron:session): session closed for user p13x
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17550]: Successful su for rubyman by root
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17550]: + ??? root:rubyman
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355905 of user rubyman.
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17550]: pam_unix(su:session): session closed for user rubyman
May  8 22:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355905.
May  8 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Failed password for invalid user netscreen from 80.94.95.241 port 62789 ssh2
May  8 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Received disconnect from 80.94.95.241 port 62789:11: Bye [preauth]
May  8 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: Disconnected from 80.94.95.241 port 62789 [preauth]
May  8 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 22:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17454]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 22:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14873]: pam_unix(cron:session): session closed for user root
May  8 22:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17482]: pam_unix(cron:session): session closed for user samftp
May  8 22:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Failed password for root from 118.45.205.44 port 55421 ssh2
May  8 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Received disconnect from 118.45.205.44 port 55421:11: Bye Bye [preauth]
May  8 22:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17791]: Disconnected from 118.45.205.44 port 55421 [preauth]
May  8 22:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session closed for user root
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18008]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18005]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18005]: pam_unix(cron:session): session closed for user p13x
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: Successful su for rubyman by root
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: + ??? root:rubyman
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355908 of user rubyman.
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18075]: pam_unix(su:session): session closed for user rubyman
May  8 22:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355908.
May  8 22:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15285]: pam_unix(cron:session): session closed for user root
May  8 22:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18006]: pam_unix(cron:session): session closed for user samftp
May  8 22:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17073]: pam_unix(cron:session): session closed for user root
May  8 22:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May  8 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Failed password for root from 104.244.77.50 port 47030 ssh2
May  8 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18408]: Connection closed by 104.244.77.50 port 47030 [preauth]
May  8 22:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May  8 22:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May  8 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: Failed password for root from 104.244.77.50 port 47034 ssh2
May  8 22:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18411]: Connection closed by 104.244.77.50 port 47034 [preauth]
May  8 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18413]: Failed password for root from 104.244.77.50 port 50696 ssh2
May  8 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May  8 22:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18413]: Connection closed by 104.244.77.50 port 50696 [preauth]
May  8 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: Failed password for root from 104.244.77.50 port 50702 ssh2
May  8 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18425]: Connection closed by 104.244.77.50 port 50702 [preauth]
May  8 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.244.77.50  user=root
May  8 22:45:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18446]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18443]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18444]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18448]: pam_unix(cron:session): session closed for user root
May  8 22:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18443]: pam_unix(cron:session): session closed for user p13x
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: Successful su for rubyman by root
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: + ??? root:rubyman
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355916 of user rubyman.
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18514]: pam_unix(su:session): session closed for user rubyman
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355916.
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Failed password for root from 104.244.77.50 port 50712 ssh2
May  8 22:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18428]: Connection closed by 104.244.77.50 port 50712 [preauth]
May  8 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Failed password for root from 80.94.95.115 port 17354 ssh2
May  8 22:45:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18424]: Connection closed by 80.94.95.115 port 17354 [preauth]
May  8 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18445]: pam_unix(cron:session): session closed for user root
May  8 22:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15676]: pam_unix(cron:session): session closed for user root
May  8 22:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18444]: pam_unix(cron:session): session closed for user samftp
May  8 22:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17484]: pam_unix(cron:session): session closed for user root
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18881]: pam_unix(cron:session): session closed for user p13x
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: Successful su for rubyman by root
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: + ??? root:rubyman
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355920 of user rubyman.
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18949]: pam_unix(su:session): session closed for user rubyman
May  8 22:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355920.
May  8 22:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16162]: pam_unix(cron:session): session closed for user root
May  8 22:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18882]: pam_unix(cron:session): session closed for user samftp
May  8 22:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18008]: pam_unix(cron:session): session closed for user root
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19294]: pam_unix(cron:session): session closed for user p13x
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: Successful su for rubyman by root
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: + ??? root:rubyman
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355922 of user rubyman.
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19357]: pam_unix(su:session): session closed for user rubyman
May  8 22:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355922.
May  8 22:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session closed for user root
May  8 22:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19295]: pam_unix(cron:session): session closed for user samftp
May  8 22:47:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:47:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 22:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18447]: pam_unix(cron:session): session closed for user root
May  8 22:47:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Failed password for root from 218.92.0.210 port 62480 ssh2
May  8 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: message repeated 4 times: [ Failed password for root from 218.92.0.210 port 62480 ssh2]
May  8 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: error: maximum authentication attempts exceeded for root from 218.92.0.210 port 62480 ssh2 [preauth]
May  8 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: Disconnecting: Too many authentication failures [preauth]
May  8 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  8 22:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19616]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 22:47:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19712]: pam_unix(cron:session): session closed for user p13x
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: Successful su for rubyman by root
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: + ??? root:rubyman
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355926 of user rubyman.
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19773]: pam_unix(su:session): session closed for user rubyman
May  8 22:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355926.
May  8 22:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17072]: pam_unix(cron:session): session closed for user root
May  8 22:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19713]: pam_unix(cron:session): session closed for user samftp
May  8 22:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18884]: pam_unix(cron:session): session closed for user root
May  8 22:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44  user=root
May  8 22:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Failed password for root from 118.45.205.44 port 45031 ssh2
May  8 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Received disconnect from 118.45.205.44 port 45031:11: Bye Bye [preauth]
May  8 22:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20099]: Disconnected from 118.45.205.44 port 45031 [preauth]
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20120]: pam_unix(cron:session): session closed for user p13x
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: Successful su for rubyman by root
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: + ??? root:rubyman
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355930 of user rubyman.
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20182]: pam_unix(su:session): session closed for user rubyman
May  8 22:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355930.
May  8 22:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17483]: pam_unix(cron:session): session closed for user root
May  8 22:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user samftp
May  8 22:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19298]: pam_unix(cron:session): session closed for user root
May  8 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20531]: pam_unix(cron:session): session closed for user root
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20525]: pam_unix(cron:session): session closed for user p13x
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20594]: Successful su for rubyman by root
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20594]: + ??? root:rubyman
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20594]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355936 of user rubyman.
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20594]: pam_unix(su:session): session closed for user rubyman
May  8 22:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355936.
May  8 22:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18007]: pam_unix(cron:session): session closed for user root
May  8 22:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20527]: pam_unix(cron:session): session closed for user root
May  8 22:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20526]: pam_unix(cron:session): session closed for user samftp
May  8 22:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19715]: pam_unix(cron:session): session closed for user root
May  8 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20968]: pam_unix(cron:session): session closed for user p13x
May  8 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: Successful su for rubyman by root
May  8 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: + ??? root:rubyman
May  8 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355940 of user rubyman.
May  8 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21032]: pam_unix(su:session): session closed for user rubyman
May  8 22:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355940.
May  8 22:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18446]: pam_unix(cron:session): session closed for user root
May  8 22:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20969]: pam_unix(cron:session): session closed for user samftp
May  8 22:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user root
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21413]: pam_unix(cron:session): session closed for user p13x
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21476]: Successful su for rubyman by root
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21476]: + ??? root:rubyman
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355944 of user rubyman.
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21476]: pam_unix(su:session): session closed for user rubyman
May  8 22:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355944.
May  8 22:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18883]: pam_unix(cron:session): session closed for user root
May  8 22:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21414]: pam_unix(cron:session): session closed for user samftp
May  8 22:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20529]: pam_unix(cron:session): session closed for user root
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22140]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22141]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22139]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22139]: pam_unix(cron:session): session closed for user p13x
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22206]: Successful su for rubyman by root
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22206]: + ??? root:rubyman
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22206]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355948 of user rubyman.
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22206]: pam_unix(su:session): session closed for user rubyman
May  8 22:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355948.
May  8 22:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19296]: pam_unix(cron:session): session closed for user root
May  8 22:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22140]: pam_unix(cron:session): session closed for user samftp
May  8 22:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20971]: pam_unix(cron:session): session closed for user root
May  8 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22611]: pam_unix(cron:session): session closed for user p13x
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22675]: Successful su for rubyman by root
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22675]: + ??? root:rubyman
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355954 of user rubyman.
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22675]: pam_unix(su:session): session closed for user rubyman
May  8 22:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355954.
May  8 22:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19714]: pam_unix(cron:session): session closed for user root
May  8 22:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22612]: pam_unix(cron:session): session closed for user samftp
May  8 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Invalid user ccorrea from 118.45.205.44
May  8 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: input_userauth_request: invalid user ccorrea [preauth]
May  8 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:54:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.45.205.44
May  8 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Failed password for invalid user ccorrea from 118.45.205.44 port 34641 ssh2
May  8 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Received disconnect from 118.45.205.44 port 34641:11: Bye Bye [preauth]
May  8 22:54:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22922]: Disconnected from 118.45.205.44 port 34641 [preauth]
May  8 22:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  8 22:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Failed password for root from 50.235.31.47 port 33832 ssh2
May  8 22:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22985]: Connection closed by 50.235.31.47 port 33832 [preauth]
May  8 22:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21416]: pam_unix(cron:session): session closed for user root
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23076]: pam_unix(cron:session): session closed for user root
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23071]: pam_unix(cron:session): session closed for user p13x
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: Successful su for rubyman by root
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: + ??? root:rubyman
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355959 of user rubyman.
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23143]: pam_unix(su:session): session closed for user rubyman
May  8 22:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355959.
May  8 22:55:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23073]: pam_unix(cron:session): session closed for user root
May  8 22:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session closed for user root
May  8 22:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23072]: pam_unix(cron:session): session closed for user samftp
May  8 22:55:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22143]: pam_unix(cron:session): session closed for user root
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23604]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23601]: pam_unix(cron:session): session closed for user p13x
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: Successful su for rubyman by root
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: + ??? root:rubyman
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355962 of user rubyman.
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23676]: pam_unix(su:session): session closed for user rubyman
May  8 22:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355962.
May  8 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: Invalid user upload from 164.68.105.9
May  8 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: input_userauth_request: invalid user upload [preauth]
May  8 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  8 22:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: Failed password for invalid user upload from 164.68.105.9 port 45754 ssh2
May  8 22:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23652]: Connection closed by 164.68.105.9 port 45754 [preauth]
May  8 22:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20528]: pam_unix(cron:session): session closed for user root
May  8 22:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23604]: pam_unix(cron:session): session closed for user samftp
May  8 22:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22614]: pam_unix(cron:session): session closed for user root
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24134]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24131]: pam_unix(cron:session): session closed for user p13x
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: Successful su for rubyman by root
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: + ??? root:rubyman
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355966 of user rubyman.
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24203]: pam_unix(su:session): session closed for user rubyman
May  8 22:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355966.
May  8 22:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20970]: pam_unix(cron:session): session closed for user root
May  8 22:57:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24132]: pam_unix(cron:session): session closed for user samftp
May  8 22:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23075]: pam_unix(cron:session): session closed for user root
May  8 22:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Invalid user  from 170.64.237.171
May  8 22:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: input_userauth_request: invalid user  [preauth]
May  8 22:57:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24518]: Connection closed by 170.64.237.171 port 32922 [preauth]
May  8 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24586]: pam_unix(cron:session): session closed for user p13x
May  8 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24652]: Successful su for rubyman by root
May  8 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24652]: + ??? root:rubyman
May  8 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24652]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355971 of user rubyman.
May  8 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24652]: pam_unix(su:session): session closed for user rubyman
May  8 22:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355971.
May  8 22:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21415]: pam_unix(cron:session): session closed for user root
May  8 22:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24587]: pam_unix(cron:session): session closed for user samftp
May  8 22:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: Invalid user client from 193.70.84.184
May  8 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: input_userauth_request: invalid user client [preauth]
May  8 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:58:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 22:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: Failed password for invalid user client from 193.70.84.184 port 47492 ssh2
May  8 22:58:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24893]: Connection closed by 193.70.84.184 port 47492 [preauth]
May  8 22:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23607]: pam_unix(cron:session): session closed for user root
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24999]: pam_unix(cron:session): session closed for user p13x
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25061]: Successful su for rubyman by root
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25061]: + ??? root:rubyman
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25061]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355974 of user rubyman.
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25061]: pam_unix(su:session): session closed for user rubyman
May  8 22:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355974.
May  8 22:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22141]: pam_unix(cron:session): session closed for user root
May  8 22:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25000]: pam_unix(cron:session): session closed for user samftp
May  8 22:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Invalid user postgres from 170.64.237.171
May  8 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: input_userauth_request: invalid user postgres [preauth]
May  8 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for root from 218.92.0.179 port 58284 ssh2
May  8 22:59:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Failed password for invalid user postgres from 170.64.237.171 port 32900 ssh2
May  8 22:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25280]: Connection closed by 170.64.237.171 port 32900 [preauth]
May  8 22:59:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for root from 218.92.0.179 port 58284 ssh2
May  8 22:59:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Failed password for root from 218.92.0.179 port 58284 ssh2
May  8 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Received disconnect from 218.92.0.179 port 58284:11:  [preauth]
May  8 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: Disconnected from 218.92.0.179 port 58284 [preauth]
May  8 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25266]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: Invalid user debian from 170.64.237.171
May  8 22:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: input_userauth_request: invalid user debian [preauth]
May  8 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: Failed password for invalid user debian from 170.64.237.171 port 32914 ssh2
May  8 22:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25290]: Connection closed by 170.64.237.171 port 32914 [preauth]
May  8 22:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Invalid user username from 170.64.237.171
May  8 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: input_userauth_request: invalid user username [preauth]
May  8 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Failed password for invalid user username from 170.64.237.171 port 40474 ssh2
May  8 22:59:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25323]: Connection closed by 170.64.237.171 port 40474 [preauth]
May  8 22:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Invalid user uftp from 170.64.237.171
May  8 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: input_userauth_request: invalid user uftp [preauth]
May  8 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24134]: pam_unix(cron:session): session closed for user root
May  8 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Failed password for invalid user uftp from 170.64.237.171 port 40484 ssh2
May  8 22:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Connection closed by 170.64.237.171 port 40484 [preauth]
May  8 22:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: Failed password for root from 170.64.237.171 port 34546 ssh2
May  8 22:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25363]: Connection closed by 170.64.237.171 port 34546 [preauth]
May  8 22:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 22:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: Failed password for root from 170.64.237.171 port 34556 ssh2
May  8 22:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25374]: Connection closed by 170.64.237.171 port 34556 [preauth]
May  8 22:59:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Invalid user elastic from 170.64.237.171
May  8 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: input_userauth_request: invalid user elastic [preauth]
May  8 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Failed password for invalid user elastic from 170.64.237.171 port 46370 ssh2
May  8 22:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25397]: Connection closed by 170.64.237.171 port 46370 [preauth]
May  8 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Invalid user ubnt from 170.64.237.171
May  8 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: input_userauth_request: invalid user ubnt [preauth]
May  8 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Failed password for invalid user ubnt from 170.64.237.171 port 46388 ssh2
May  8 22:59:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25408]: Connection closed by 170.64.237.171 port 46388 [preauth]
May  8 22:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 22:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Invalid user deployer from 170.64.237.171
May  8 22:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: input_userauth_request: invalid user deployer [preauth]
May  8 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: pam_unix(sshd:auth): check pass; user unknown
May  8 22:59:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 22:59:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Failed password for invalid user deployer from 170.64.237.171 port 55798 ssh2
May  8 22:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25419]: Connection closed by 170.64.237.171 port 55798 [preauth]
May  8 23:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Invalid user gitlab-runner from 170.64.237.171
May  8 23:00:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: input_userauth_request: invalid user gitlab-runner [preauth]
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25435]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25436]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25433]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25434]: pam_unix(cron:session): session closed for user root
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25439]: pam_unix(cron:session): session closed for user root
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25432]: pam_unix(cron:session): session closed for user p13x
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: Successful su for rubyman by root
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: + ??? root:rubyman
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355978 of user rubyman.
May  8 23:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25534]: pam_unix(su:session): session closed for user rubyman
May  8 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355978.
May  8 23:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Failed password for invalid user gitlab-runner from 170.64.237.171 port 55802 ssh2
May  8 23:00:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25429]: Connection closed by 170.64.237.171 port 55802 [preauth]
May  8 23:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25435]: pam_unix(cron:session): session closed for user root
May  8 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22613]: pam_unix(cron:session): session closed for user root
May  8 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Invalid user elasticsearch from 170.64.237.171
May  8 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25433]: pam_unix(cron:session): session closed for user samftp
May  8 23:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Failed password for invalid user elasticsearch from 170.64.237.171 port 36106 ssh2
May  8 23:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25777]: Connection closed by 170.64.237.171 port 36106 [preauth]
May  8 23:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: Invalid user gitlab-runner from 170.64.237.171
May  8 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: input_userauth_request: invalid user gitlab-runner [preauth]
May  8 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: Failed password for invalid user gitlab-runner from 170.64.237.171 port 36126 ssh2
May  8 23:00:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25828]: Connection closed by 170.64.237.171 port 36126 [preauth]
May  8 23:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Invalid user weblogic from 170.64.237.171
May  8 23:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: input_userauth_request: invalid user weblogic [preauth]
May  8 23:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Failed password for invalid user weblogic from 170.64.237.171 port 57494 ssh2
May  8 23:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25862]: Connection closed by 170.64.237.171 port 57494 [preauth]
May  8 23:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Invalid user rancher from 170.64.237.171
May  8 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: input_userauth_request: invalid user rancher [preauth]
May  8 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Failed password for invalid user rancher from 170.64.237.171 port 57502 ssh2
May  8 23:00:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25873]: Connection closed by 170.64.237.171 port 57502 [preauth]
May  8 23:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Invalid user app from 170.64.237.171
May  8 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: input_userauth_request: invalid user app [preauth]
May  8 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Failed password for invalid user app from 170.64.237.171 port 55980 ssh2
May  8 23:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25875]: Connection closed by 170.64.237.171 port 55980 [preauth]
May  8 23:00:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Failed password for root from 170.64.237.171 port 55986 ssh2
May  8 23:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25899]: Connection closed by 170.64.237.171 port 55986 [preauth]
May  8 23:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24589]: pam_unix(cron:session): session closed for user root
May  8 23:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Invalid user uftp from 170.64.237.171
May  8 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: input_userauth_request: invalid user uftp [preauth]
May  8 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Failed password for invalid user uftp from 170.64.237.171 port 32886 ssh2
May  8 23:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25971]: Connection closed by 170.64.237.171 port 32886 [preauth]
May  8 23:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Invalid user ansible from 170.64.237.171
May  8 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: input_userauth_request: invalid user ansible [preauth]
May  8 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Failed password for invalid user ansible from 170.64.237.171 port 32902 ssh2
May  8 23:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25990]: Connection closed by 170.64.237.171 port 32902 [preauth]
May  8 23:00:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: Failed password for root from 170.64.237.171 port 46960 ssh2
May  8 23:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26014]: Connection closed by 170.64.237.171 port 46960 [preauth]
May  8 23:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Invalid user ec2-user from 170.64.237.171
May  8 23:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: input_userauth_request: invalid user ec2-user [preauth]
May  8 23:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Failed password for invalid user ec2-user from 170.64.237.171 port 46972 ssh2
May  8 23:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26025]: Connection closed by 170.64.237.171 port 46972 [preauth]
May  8 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Invalid user nginx from 170.64.237.171
May  8 23:00:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: input_userauth_request: invalid user nginx [preauth]
May  8 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Failed password for invalid user nginx from 170.64.237.171 port 40462 ssh2
May  8 23:00:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26037]: Connection closed by 170.64.237.171 port 40462 [preauth]
May  8 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Invalid user kingbase from 170.64.237.171
May  8 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: input_userauth_request: invalid user kingbase [preauth]
May  8 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Failed password for invalid user kingbase from 170.64.237.171 port 40472 ssh2
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26053]: pam_unix(cron:session): session closed for user p13x
May  8 23:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26050]: Connection closed by 170.64.237.171 port 40472 [preauth]
May  8 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26125]: Successful su for rubyman by root
May  8 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26125]: + ??? root:rubyman
May  8 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26125]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355985 of user rubyman.
May  8 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26125]: pam_unix(su:session): session closed for user rubyman
May  8 23:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355985.
May  8 23:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Invalid user odoo16 from 170.64.237.171
May  8 23:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: input_userauth_request: invalid user odoo16 [preauth]
May  8 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23074]: pam_unix(cron:session): session closed for user root
May  8 23:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26054]: pam_unix(cron:session): session closed for user samftp
May  8 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Failed password for invalid user odoo16 from 170.64.237.171 port 55058 ssh2
May  8 23:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26257]: Connection closed by 170.64.237.171 port 55058 [preauth]
May  8 23:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Invalid user mehdi from 170.64.237.171
May  8 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: input_userauth_request: invalid user mehdi [preauth]
May  8 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Failed password for invalid user mehdi from 170.64.237.171 port 55060 ssh2
May  8 23:01:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Connection closed by 170.64.237.171 port 55060 [preauth]
May  8 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Invalid user default from 80.94.95.116
May  8 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: input_userauth_request: invalid user default [preauth]
May  8 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  8 23:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Invalid user hadoop from 170.64.237.171
May  8 23:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: input_userauth_request: invalid user hadoop [preauth]
May  8 23:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Failed password for invalid user default from 80.94.95.116 port 31172 ssh2
May  8 23:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26313]: Connection closed by 80.94.95.116 port 31172 [preauth]
May  8 23:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Failed password for invalid user hadoop from 170.64.237.171 port 35782 ssh2
May  8 23:01:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26334]: Connection closed by 170.64.237.171 port 35782 [preauth]
May  8 23:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: Failed password for root from 170.64.237.171 port 35786 ssh2
May  8 23:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26350]: Connection closed by 170.64.237.171 port 35786 [preauth]
May  8 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Invalid user hadoop from 170.64.237.171
May  8 23:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: input_userauth_request: invalid user hadoop [preauth]
May  8 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Failed password for invalid user hadoop from 170.64.237.171 port 50378 ssh2
May  8 23:01:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26353]: Connection closed by 170.64.237.171 port 50378 [preauth]
May  8 23:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Failed password for root from 170.64.237.171 port 50398 ssh2
May  8 23:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26376]: Connection closed by 170.64.237.171 port 50398 [preauth]
May  8 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25002]: pam_unix(cron:session): session closed for user root
May  8 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Invalid user esuser from 170.64.237.171
May  8 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: input_userauth_request: invalid user esuser [preauth]
May  8 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Failed password for invalid user esuser from 170.64.237.171 port 47116 ssh2
May  8 23:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26387]: Connection closed by 170.64.237.171 port 47116 [preauth]
May  8 23:01:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Invalid user dspace from 170.64.237.171
May  8 23:01:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: input_userauth_request: invalid user dspace [preauth]
May  8 23:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Failed password for invalid user dspace from 170.64.237.171 port 47126 ssh2
May  8 23:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26431]: Connection closed by 170.64.237.171 port 47126 [preauth]
May  8 23:01:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: Invalid user default from 194.0.234.19
May  8 23:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: input_userauth_request: invalid user default [preauth]
May  8 23:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 23:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26441]: Failed password for root from 170.64.237.171 port 58868 ssh2
May  8 23:01:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26441]: Connection closed by 170.64.237.171 port 58868 [preauth]
May  8 23:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: Failed password for invalid user default from 194.0.234.19 port 49268 ssh2
May  8 23:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26443]: Connection closed by 194.0.234.19 port 49268 [preauth]
May  8 23:01:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Invalid user docker from 170.64.237.171
May  8 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: input_userauth_request: invalid user docker [preauth]
May  8 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Failed password for invalid user docker from 170.64.237.171 port 58872 ssh2
May  8 23:01:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26539]: Connection closed by 170.64.237.171 port 58872 [preauth]
May  8 23:01:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Failed password for root from 170.64.237.171 port 58882 ssh2
May  8 23:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26552]: Connection closed by 170.64.237.171 port 58882 [preauth]
May  8 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: Invalid user server from 170.64.237.171
May  8 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: input_userauth_request: invalid user server [preauth]
May  8 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:01:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: Failed password for invalid user server from 170.64.237.171 port 46762 ssh2
May  8 23:02:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26562]: Connection closed by 170.64.237.171 port 46762 [preauth]
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26573]: pam_unix(cron:session): session closed for user p13x
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26633]: Successful su for rubyman by root
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26633]: + ??? root:rubyman
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355990 of user rubyman.
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26633]: pam_unix(su:session): session closed for user rubyman
May  8 23:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355990.
May  8 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23605]: pam_unix(cron:session): session closed for user root
May  8 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26654]: Failed password for root from 170.64.237.171 port 46778 ssh2
May  8 23:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26654]: Connection closed by 170.64.237.171 port 46778 [preauth]
May  8 23:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26574]: pam_unix(cron:session): session closed for user samftp
May  8 23:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: Failed password for root from 170.64.237.171 port 51138 ssh2
May  8 23:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26824]: Connection closed by 170.64.237.171 port 51138 [preauth]
May  8 23:02:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Invalid user user1 from 170.64.237.171
May  8 23:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: input_userauth_request: invalid user user1 [preauth]
May  8 23:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Failed password for invalid user user1 from 170.64.237.171 port 51152 ssh2
May  8 23:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26834]: Connection closed by 170.64.237.171 port 51152 [preauth]
May  8 23:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Invalid user gitlab from 170.64.237.171
May  8 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: input_userauth_request: invalid user gitlab [preauth]
May  8 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Failed password for invalid user gitlab from 170.64.237.171 port 33460 ssh2
May  8 23:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26850]: Connection closed by 170.64.237.171 port 33460 [preauth]
May  8 23:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: Invalid user tomcat from 170.64.237.171
May  8 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: input_userauth_request: invalid user tomcat [preauth]
May  8 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:02:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: Failed password for invalid user tomcat from 170.64.237.171 port 33492 ssh2
May  8 23:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26862]: Connection closed by 170.64.237.171 port 33492 [preauth]
May  8 23:02:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Failed password for root from 170.64.237.171 port 46368 ssh2
May  8 23:02:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26888]: Connection closed by 170.64.237.171 port 46368 [preauth]
May  8 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: Invalid user ftpuser from 170.64.237.171
May  8 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: input_userauth_request: invalid user ftpuser [preauth]
May  8 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: Failed password for invalid user ftpuser from 170.64.237.171 port 46386 ssh2
May  8 23:02:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26899]: Connection closed by 170.64.237.171 port 46386 [preauth]
May  8 23:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25437]: pam_unix(cron:session): session closed for user root
May  8 23:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: User mysql from 170.64.237.171 not allowed because not listed in AllowUsers
May  8 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: input_userauth_request: invalid user mysql [preauth]
May  8 23:02:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=mysql
May  8 23:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Failed password for invalid user mysql from 170.64.237.171 port 48066 ssh2
May  8 23:02:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26952]: Connection closed by 170.64.237.171 port 48066 [preauth]
May  8 23:02:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Invalid user kubernetes from 170.64.237.171
May  8 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: input_userauth_request: invalid user kubernetes [preauth]
May  8 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Failed password for invalid user kubernetes from 170.64.237.171 port 48082 ssh2
May  8 23:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26969]: Connection closed by 170.64.237.171 port 48082 [preauth]
May  8 23:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: Failed password for root from 170.64.237.171 port 56382 ssh2
May  8 23:02:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26998]: Connection closed by 170.64.237.171 port 56382 [preauth]
May  8 23:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Invalid user niaoyun from 170.64.237.171
May  8 23:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: input_userauth_request: invalid user niaoyun [preauth]
May  8 23:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:02:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Failed password for invalid user niaoyun from 170.64.237.171 port 56384 ssh2
May  8 23:02:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27024]: Connection closed by 170.64.237.171 port 56384 [preauth]
May  8 23:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: User ftp from 170.64.237.171 not allowed because not listed in AllowUsers
May  8 23:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: input_userauth_request: invalid user ftp [preauth]
May  8 23:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=ftp
May  8 23:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Failed password for invalid user ftp from 170.64.237.171 port 51284 ssh2
May  8 23:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27040]: Connection closed by 170.64.237.171 port 51284 [preauth]
May  8 23:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27054]: pam_unix(cron:session): session closed for user p13x
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: Successful su for rubyman by root
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: + ??? root:rubyman
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355993 of user rubyman.
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27133]: pam_unix(su:session): session closed for user rubyman
May  8 23:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355993.
May  8 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: Failed password for root from 170.64.237.171 port 51294 ssh2
May  8 23:03:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27051]: Connection closed by 170.64.237.171 port 51294 [preauth]
May  8 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24133]: pam_unix(cron:session): session closed for user root
May  8 23:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Invalid user vagrant from 170.64.237.171
May  8 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: input_userauth_request: invalid user vagrant [preauth]
May  8 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user samftp
May  8 23:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Failed password for invalid user vagrant from 170.64.237.171 port 55280 ssh2
May  8 23:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27305]: Connection closed by 170.64.237.171 port 55280 [preauth]
May  8 23:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Invalid user esuser from 170.64.237.171
May  8 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: input_userauth_request: invalid user esuser [preauth]
May  8 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Failed password for invalid user esuser from 170.64.237.171 port 55286 ssh2
May  8 23:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27338]: Connection closed by 170.64.237.171 port 55286 [preauth]
May  8 23:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: Failed password for root from 170.64.237.171 port 50204 ssh2
May  8 23:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27369]: Connection closed by 170.64.237.171 port 50204 [preauth]
May  8 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Invalid user server from 170.64.237.171
May  8 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: input_userauth_request: invalid user server [preauth]
May  8 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Failed password for invalid user server from 170.64.237.171 port 50212 ssh2
May  8 23:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Connection closed by 170.64.237.171 port 50212 [preauth]
May  8 23:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Invalid user gitlab from 170.64.237.171
May  8 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: input_userauth_request: invalid user gitlab [preauth]
May  8 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Failed password for invalid user gitlab from 170.64.237.171 port 33884 ssh2
May  8 23:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27403]: Connection closed by 170.64.237.171 port 33884 [preauth]
May  8 23:03:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: Invalid user deploy from 170.64.237.171
May  8 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: input_userauth_request: invalid user deploy [preauth]
May  8 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: Failed password for invalid user deploy from 170.64.237.171 port 33896 ssh2
May  8 23:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27439]: Connection closed by 170.64.237.171 port 33896 [preauth]
May  8 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26056]: pam_unix(cron:session): session closed for user root
May  8 23:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Failed password for root from 170.64.237.171 port 59956 ssh2
May  8 23:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27461]: Connection closed by 170.64.237.171 port 59956 [preauth]
May  8 23:03:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: Invalid user guest from 170.64.237.171
May  8 23:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: input_userauth_request: invalid user guest [preauth]
May  8 23:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: Failed password for invalid user guest from 170.64.237.171 port 59986 ssh2
May  8 23:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27500]: Connection closed by 170.64.237.171 port 59986 [preauth]
May  8 23:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: Invalid user developer from 170.64.237.171
May  8 23:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: input_userauth_request: invalid user developer [preauth]
May  8 23:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: Failed password for invalid user developer from 170.64.237.171 port 33732 ssh2
May  8 23:03:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27515]: Connection closed by 170.64.237.171 port 33732 [preauth]
May  8 23:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: Invalid user administrator from 170.64.237.171
May  8 23:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: input_userauth_request: invalid user administrator [preauth]
May  8 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: Failed password for invalid user administrator from 170.64.237.171 port 33764 ssh2
May  8 23:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27540]: Connection closed by 170.64.237.171 port 33764 [preauth]
May  8 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Invalid user system from 170.64.237.171
May  8 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: input_userauth_request: invalid user system [preauth]
May  8 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Failed password for invalid user system from 170.64.237.171 port 35974 ssh2
May  8 23:03:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27552]: Connection closed by 170.64.237.171 port 35974 [preauth]
May  8 23:03:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Invalid user bot from 170.64.237.171
May  8 23:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: input_userauth_request: invalid user bot [preauth]
May  8 23:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Failed password for invalid user bot from 170.64.237.171 port 35976 ssh2
May  8 23:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27565]: Connection closed by 170.64.237.171 port 35976 [preauth]
May  8 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27569]: pam_unix(cron:session): session closed for user p13x
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: Successful su for rubyman by root
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: + ??? root:rubyman
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 355999 of user rubyman.
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27635]: pam_unix(su:session): session closed for user rubyman
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 355999.
May  8 23:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Invalid user postgres from 170.64.237.171
May  8 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: input_userauth_request: invalid user postgres [preauth]
May  8 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24588]: pam_unix(cron:session): session closed for user root
May  8 23:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Failed password for invalid user postgres from 170.64.237.171 port 35988 ssh2
May  8 23:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27660]: Connection closed by 170.64.237.171 port 35988 [preauth]
May  8 23:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27570]: pam_unix(cron:session): session closed for user samftp
May  8 23:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Failed password for root from 170.64.237.171 port 54278 ssh2
May  8 23:04:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27823]: Connection closed by 170.64.237.171 port 54278 [preauth]
May  8 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Invalid user deploy from 170.64.237.171
May  8 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: input_userauth_request: invalid user deploy [preauth]
May  8 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Failed password for invalid user deploy from 170.64.237.171 port 54294 ssh2
May  8 23:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27835]: Connection closed by 170.64.237.171 port 54294 [preauth]
May  8 23:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Invalid user dmdba from 170.64.237.171
May  8 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: input_userauth_request: invalid user dmdba [preauth]
May  8 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Failed password for invalid user dmdba from 170.64.237.171 port 45326 ssh2
May  8 23:04:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27864]: Connection closed by 170.64.237.171 port 45326 [preauth]
May  8 23:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: Invalid user pi from 170.64.237.171
May  8 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: input_userauth_request: invalid user pi [preauth]
May  8 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: Failed password for invalid user pi from 170.64.237.171 port 45354 ssh2
May  8 23:04:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27876]: Connection closed by 170.64.237.171 port 45354 [preauth]
May  8 23:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Invalid user flink from 170.64.237.171
May  8 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: input_userauth_request: invalid user flink [preauth]
May  8 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Failed password for invalid user flink from 170.64.237.171 port 38500 ssh2
May  8 23:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27900]: Connection closed by 170.64.237.171 port 38500 [preauth]
May  8 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26576]: pam_unix(cron:session): session closed for user root
May  8 23:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Failed password for root from 170.64.237.171 port 38516 ssh2
May  8 23:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27911]: Connection closed by 170.64.237.171 port 38516 [preauth]
May  8 23:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Failed password for root from 170.64.237.171 port 34638 ssh2
May  8 23:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27942]: Connection closed by 170.64.237.171 port 34638 [preauth]
May  8 23:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Invalid user amir from 170.64.237.171
May  8 23:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: input_userauth_request: invalid user amir [preauth]
May  8 23:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Failed password for invalid user amir from 170.64.237.171 port 34654 ssh2
May  8 23:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27956]: Connection closed by 170.64.237.171 port 34654 [preauth]
May  8 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Invalid user hive from 170.64.237.171
May  8 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: input_userauth_request: invalid user hive [preauth]
May  8 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Failed password for invalid user hive from 170.64.237.171 port 53840 ssh2
May  8 23:04:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27971]: Connection closed by 170.64.237.171 port 53840 [preauth]
May  8 23:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Invalid user tom from 170.64.237.171
May  8 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: input_userauth_request: invalid user tom [preauth]
May  8 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Failed password for invalid user tom from 170.64.237.171 port 53842 ssh2
May  8 23:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27983]: Connection closed by 170.64.237.171 port 53842 [preauth]
May  8 23:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: Invalid user plexserver from 170.64.237.171
May  8 23:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: input_userauth_request: invalid user plexserver [preauth]
May  8 23:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: Failed password for invalid user plexserver from 170.64.237.171 port 59032 ssh2
May  8 23:04:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27994]: Connection closed by 170.64.237.171 port 59032 [preauth]
May  8 23:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Invalid user oscar from 170.64.237.171
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: input_userauth_request: invalid user oscar [preauth]
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28014]: pam_unix(cron:session): session closed for user root
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session closed for user p13x
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28083]: Successful su for rubyman by root
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28083]: + ??? root:rubyman
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356002 of user rubyman.
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28083]: pam_unix(su:session): session closed for user rubyman
May  8 23:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356002.
May  8 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Failed password for invalid user oscar from 170.64.237.171 port 59048 ssh2
May  8 23:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28006]: Connection closed by 170.64.237.171 port 59048 [preauth]
May  8 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session closed for user root
May  8 23:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25001]: pam_unix(cron:session): session closed for user root
May  8 23:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Invalid user test from 170.64.237.171
May  8 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: input_userauth_request: invalid user test [preauth]
May  8 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session closed for user samftp
May  8 23:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Failed password for invalid user test from 170.64.237.171 port 53108 ssh2
May  8 23:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28269]: Connection closed by 170.64.237.171 port 53108 [preauth]
May  8 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Failed password for root from 170.64.237.171 port 53114 ssh2
May  8 23:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28301]: Connection closed by 170.64.237.171 port 53114 [preauth]
May  8 23:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Failed password for root from 170.64.237.171 port 57356 ssh2
May  8 23:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28323]: Connection closed by 170.64.237.171 port 57356 [preauth]
May  8 23:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Invalid user docker from 170.64.237.171
May  8 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: input_userauth_request: invalid user docker [preauth]
May  8 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Failed password for invalid user docker from 170.64.237.171 port 57372 ssh2
May  8 23:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28335]: Connection closed by 170.64.237.171 port 57372 [preauth]
May  8 23:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Invalid user admin from 170.64.237.171
May  8 23:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: input_userauth_request: invalid user admin [preauth]
May  8 23:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Failed password for invalid user admin from 170.64.237.171 port 46998 ssh2
May  8 23:05:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28344]: Connection closed by 170.64.237.171 port 46998 [preauth]
May  8 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: Invalid user postgres from 170.64.237.171
May  8 23:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: input_userauth_request: invalid user postgres [preauth]
May  8 23:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: Failed password for invalid user postgres from 170.64.237.171 port 47006 ssh2
May  8 23:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28365]: Connection closed by 170.64.237.171 port 47006 [preauth]
May  8 23:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user root
May  8 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: Invalid user sonar from 170.64.237.171
May  8 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: input_userauth_request: invalid user sonar [preauth]
May  8 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: Failed password for invalid user sonar from 170.64.237.171 port 48784 ssh2
May  8 23:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28393]: Connection closed by 170.64.237.171 port 48784 [preauth]
May  8 23:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Invalid user bigdata from 170.64.237.171
May  8 23:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: input_userauth_request: invalid user bigdata [preauth]
May  8 23:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Failed password for invalid user bigdata from 170.64.237.171 port 48804 ssh2
May  8 23:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28412]: Connection closed by 170.64.237.171 port 48804 [preauth]
May  8 23:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Invalid user data from 170.64.237.171
May  8 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: input_userauth_request: invalid user data [preauth]
May  8 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Failed password for invalid user data from 170.64.237.171 port 46114 ssh2
May  8 23:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28423]: Connection closed by 170.64.237.171 port 46114 [preauth]
May  8 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: Invalid user opc from 170.64.237.171
May  8 23:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: input_userauth_request: invalid user opc [preauth]
May  8 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: Failed password for invalid user opc from 170.64.237.171 port 46136 ssh2
May  8 23:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28448]: Connection closed by 170.64.237.171 port 46136 [preauth]
May  8 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: Invalid user flask from 170.64.237.171
May  8 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: input_userauth_request: invalid user flask [preauth]
May  8 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: Failed password for invalid user flask from 170.64.237.171 port 58154 ssh2
May  8 23:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28459]: Connection closed by 170.64.237.171 port 58154 [preauth]
May  8 23:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Invalid user dev from 170.64.237.171
May  8 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: input_userauth_request: invalid user dev [preauth]
May  8 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Failed password for invalid user dev from 170.64.237.171 port 58166 ssh2
May  8 23:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28470]: Connection closed by 170.64.237.171 port 58166 [preauth]
May  8 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28482]: pam_unix(cron:session): session closed for user p13x
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28552]: Successful su for rubyman by root
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28552]: + ??? root:rubyman
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356007 of user rubyman.
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28552]: pam_unix(su:session): session closed for user rubyman
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356007.
May  8 23:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: Invalid user admin from 170.64.237.171
May  8 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: input_userauth_request: invalid user admin [preauth]
May  8 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: Failed password for invalid user admin from 170.64.237.171 port 58186 ssh2
May  8 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28572]: Connection closed by 170.64.237.171 port 58186 [preauth]
May  8 23:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25436]: pam_unix(cron:session): session closed for user root
May  8 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28483]: pam_unix(cron:session): session closed for user samftp
May  8 23:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: User proxy from 170.64.237.171 not allowed because not listed in AllowUsers
May  8 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: input_userauth_request: invalid user proxy [preauth]
May  8 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=proxy
May  8 23:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28736]: Did not receive identification string from 8.137.124.200
May  8 23:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Failed password for invalid user proxy from 170.64.237.171 port 45694 ssh2
May  8 23:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28739]: Connection closed by 170.64.237.171 port 45694 [preauth]
May  8 23:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Invalid user gpadmin from 170.64.237.171
May  8 23:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: input_userauth_request: invalid user gpadmin [preauth]
May  8 23:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Failed password for invalid user gpadmin from 170.64.237.171 port 45716 ssh2
May  8 23:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28749]: Connection closed by 170.64.237.171 port 45716 [preauth]
May  8 23:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: Failed password for root from 170.64.237.171 port 46806 ssh2
May  8 23:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28773]: Connection closed by 170.64.237.171 port 46806 [preauth]
May  8 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Failed password for root from 170.64.237.171 port 46818 ssh2
May  8 23:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28776]: Connection closed by 170.64.237.171 port 46818 [preauth]
May  8 23:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Invalid user factorio from 170.64.237.171
May  8 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: input_userauth_request: invalid user factorio [preauth]
May  8 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Failed password for invalid user factorio from 170.64.237.171 port 33602 ssh2
May  8 23:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28799]: Connection closed by 170.64.237.171 port 33602 [preauth]
May  8 23:06:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Failed password for root from 170.64.237.171 port 33612 ssh2
May  8 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28811]: Connection closed by 170.64.237.171 port 33612 [preauth]
May  8 23:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27573]: pam_unix(cron:session): session closed for user root
May  8 23:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: Invalid user steam from 170.64.237.171
May  8 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: input_userauth_request: invalid user steam [preauth]
May  8 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: Failed password for invalid user steam from 170.64.237.171 port 46158 ssh2
May  8 23:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28842]: Connection closed by 170.64.237.171 port 46158 [preauth]
May  8 23:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: Invalid user fastuser from 170.64.237.171
May  8 23:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: input_userauth_request: invalid user fastuser [preauth]
May  8 23:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: Failed password for invalid user fastuser from 170.64.237.171 port 46172 ssh2
May  8 23:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28853]: Connection closed by 170.64.237.171 port 46172 [preauth]
May  8 23:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Failed password for root from 170.64.237.171 port 53980 ssh2
May  8 23:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28877]: Connection closed by 170.64.237.171 port 53980 [preauth]
May  8 23:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: Invalid user user from 170.64.237.171
May  8 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: input_userauth_request: invalid user user [preauth]
May  8 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: Failed password for invalid user user from 170.64.237.171 port 53992 ssh2
May  8 23:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28893]: Connection closed by 170.64.237.171 port 53992 [preauth]
May  8 23:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Invalid user hadoop from 170.64.237.171
May  8 23:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: input_userauth_request: invalid user hadoop [preauth]
May  8 23:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:06:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Failed password for invalid user hadoop from 170.64.237.171 port 56464 ssh2
May  8 23:06:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28905]: Connection closed by 170.64.237.171 port 56464 [preauth]
May  8 23:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: Invalid user postgres from 170.64.237.171
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: input_userauth_request: invalid user postgres [preauth]
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28922]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28919]: pam_unix(cron:session): session closed for user p13x
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: Successful su for rubyman by root
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: + ??? root:rubyman
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356011 of user rubyman.
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28981]: pam_unix(su:session): session closed for user rubyman
May  8 23:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356011.
May  8 23:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: Failed password for invalid user postgres from 170.64.237.171 port 56466 ssh2
May  8 23:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28915]: Connection closed by 170.64.237.171 port 56466 [preauth]
May  8 23:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26055]: pam_unix(cron:session): session closed for user root
May  8 23:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28920]: pam_unix(cron:session): session closed for user samftp
May  8 23:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Failed password for root from 170.64.237.171 port 40694 ssh2
May  8 23:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29245]: Connection closed by 170.64.237.171 port 40694 [preauth]
May  8 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Invalid user ec2-user from 170.64.237.171
May  8 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: input_userauth_request: invalid user ec2-user [preauth]
May  8 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Failed password for invalid user ec2-user from 170.64.237.171 port 40708 ssh2
May  8 23:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29270]: Connection closed by 170.64.237.171 port 40708 [preauth]
May  8 23:07:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Failed password for root from 170.64.237.171 port 58024 ssh2
May  8 23:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29294]: Connection closed by 170.64.237.171 port 58024 [preauth]
May  8 23:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Invalid user guest from 170.64.237.171
May  8 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: input_userauth_request: invalid user guest [preauth]
May  8 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Failed password for invalid user guest from 170.64.237.171 port 58030 ssh2
May  8 23:07:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29306]: Connection closed by 170.64.237.171 port 58030 [preauth]
May  8 23:07:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Invalid user steam from 170.64.237.171
May  8 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: input_userauth_request: invalid user steam [preauth]
May  8 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Failed password for invalid user steam from 170.64.237.171 port 39934 ssh2
May  8 23:07:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29331]: Connection closed by 170.64.237.171 port 39934 [preauth]
May  8 23:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Invalid user dev from 170.64.237.171
May  8 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: input_userauth_request: invalid user dev [preauth]
May  8 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Failed password for invalid user dev from 170.64.237.171 port 39938 ssh2
May  8 23:07:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29341]: Connection closed by 170.64.237.171 port 39938 [preauth]
May  8 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session closed for user root
May  8 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Invalid user odoo17 from 170.64.237.171
May  8 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: input_userauth_request: invalid user odoo17 [preauth]
May  8 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Failed password for invalid user odoo17 from 170.64.237.171 port 34612 ssh2
May  8 23:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29362]: Connection closed by 170.64.237.171 port 34612 [preauth]
May  8 23:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Invalid user dolphinscheduler from 170.64.237.171
May  8 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Failed password for invalid user dolphinscheduler from 170.64.237.171 port 34636 ssh2
May  8 23:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29387]: Connection closed by 170.64.237.171 port 34636 [preauth]
May  8 23:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Invalid user hadoop from 170.64.237.171
May  8 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: input_userauth_request: invalid user hadoop [preauth]
May  8 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Failed password for invalid user hadoop from 170.64.237.171 port 35338 ssh2
May  8 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29398]: Connection closed by 170.64.237.171 port 35338 [preauth]
May  8 23:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Invalid user developer from 170.64.237.171
May  8 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: input_userauth_request: invalid user developer [preauth]
May  8 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Failed password for invalid user developer from 170.64.237.171 port 35346 ssh2
May  8 23:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29425]: Connection closed by 170.64.237.171 port 35346 [preauth]
May  8 23:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Invalid user kingbase from 170.64.237.171
May  8 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: input_userauth_request: invalid user kingbase [preauth]
May  8 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Failed password for invalid user kingbase from 170.64.237.171 port 43228 ssh2
May  8 23:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29436]: Connection closed by 170.64.237.171 port 43228 [preauth]
May  8 23:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Invalid user elastic from 170.64.237.171
May  8 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: input_userauth_request: invalid user elastic [preauth]
May  8 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29450]: pam_unix(cron:session): session closed for user p13x
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Failed password for invalid user elastic from 170.64.237.171 port 43242 ssh2
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29447]: Connection closed by 170.64.237.171 port 43242 [preauth]
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29515]: Successful su for rubyman by root
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29515]: + ??? root:rubyman
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29515]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356015 of user rubyman.
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29515]: pam_unix(su:session): session closed for user rubyman
May  8 23:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356015.
May  8 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Invalid user sadmin from 170.64.237.171
May  8 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: input_userauth_request: invalid user sadmin [preauth]
May  8 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26575]: pam_unix(cron:session): session closed for user root
May  8 23:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Failed password for invalid user sadmin from 170.64.237.171 port 55858 ssh2
May  8 23:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29589]: Connection closed by 170.64.237.171 port 55858 [preauth]
May  8 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29452]: pam_unix(cron:session): session closed for user samftp
May  8 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29696]: Connection closed by 172.236.228.197 port 51732 [preauth]
May  8 23:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29708]: Connection closed by 172.236.228.197 port 51738 [preauth]
May  8 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29710]: fatal: Unable to negotiate with 172.236.228.197 port 51744: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  8 23:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Invalid user wang from 170.64.237.171
May  8 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: input_userauth_request: invalid user wang [preauth]
May  8 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Failed password for invalid user wang from 170.64.237.171 port 55890 ssh2
May  8 23:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29713]: Connection closed by 170.64.237.171 port 55890 [preauth]
May  8 23:08:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: Invalid user demo from 170.64.237.171
May  8 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: input_userauth_request: invalid user demo [preauth]
May  8 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: Failed password for invalid user demo from 170.64.237.171 port 55916 ssh2
May  8 23:08:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29724]: Connection closed by 170.64.237.171 port 55916 [preauth]
May  8 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Invalid user ftpuser from 170.64.237.171
May  8 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: input_userauth_request: invalid user ftpuser [preauth]
May  8 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Failed password for invalid user ftpuser from 170.64.237.171 port 54676 ssh2
May  8 23:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29752]: Connection closed by 170.64.237.171 port 54676 [preauth]
May  8 23:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Invalid user git from 170.64.237.171
May  8 23:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: input_userauth_request: invalid user git [preauth]
May  8 23:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Failed password for invalid user git from 170.64.237.171 port 54688 ssh2
May  8 23:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29762]: Connection closed by 170.64.237.171 port 54688 [preauth]
May  8 23:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: Failed password for root from 170.64.237.171 port 56894 ssh2
May  8 23:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29784]: Connection closed by 170.64.237.171 port 56894 [preauth]
May  8 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Invalid user jumpserver from 170.64.237.171
May  8 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: input_userauth_request: invalid user jumpserver [preauth]
May  8 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29796]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28488]: pam_unix(cron:session): session closed for user root
May  8 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Failed password for invalid user jumpserver from 170.64.237.171 port 56910 ssh2
May  8 23:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29794]: Connection closed by 170.64.237.171 port 56910 [preauth]
May  8 23:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Invalid user plex from 170.64.237.171
May  8 23:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: input_userauth_request: invalid user plex [preauth]
May  8 23:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29812]: Did not receive identification string from 205.185.120.237
May  8 23:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Failed password for invalid user plex from 170.64.237.171 port 41118 ssh2
May  8 23:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29830]: Connection closed by 170.64.237.171 port 41118 [preauth]
May  8 23:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Invalid user appuser from 170.64.237.171
May  8 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: input_userauth_request: invalid user appuser [preauth]
May  8 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Failed password for invalid user appuser from 170.64.237.171 port 41144 ssh2
May  8 23:08:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29841]: Connection closed by 170.64.237.171 port 41144 [preauth]
May  8 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29832]: Did not receive identification string from 205.185.120.237
May  8 23:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Invalid user oracle from 170.64.237.171
May  8 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: input_userauth_request: invalid user oracle [preauth]
May  8 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Failed password for invalid user oracle from 170.64.237.171 port 47116 ssh2
May  8 23:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29860]: Connection closed by 170.64.237.171 port 47116 [preauth]
May  8 23:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: Invalid user dolphinscheduler from 170.64.237.171
May  8 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: Failed password for invalid user dolphinscheduler from 170.64.237.171 port 47124 ssh2
May  8 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: Connection closed by 170.64.237.171 port 47124 [preauth]
May  8 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29862]: Did not receive identification string from 205.185.120.237
May  8 23:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Failed password for root from 170.64.237.171 port 37368 ssh2
May  8 23:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29886]: Connection closed by 170.64.237.171 port 37368 [preauth]
May  8 23:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Invalid user runner from 170.64.237.171
May  8 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: input_userauth_request: invalid user runner [preauth]
May  8 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29909]: pam_unix(cron:session): session closed for user p13x
May  8 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: Successful su for rubyman by root
May  8 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: + ??? root:rubyman
May  8 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356019 of user rubyman.
May  8 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30034]: pam_unix(su:session): session closed for user rubyman
May  8 23:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356019.
May  8 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Failed password for invalid user runner from 170.64.237.171 port 37396 ssh2
May  8 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29907]: pam_unix(cron:session): session closed for user root
May  8 23:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29898]: Connection closed by 170.64.237.171 port 37396 [preauth]
May  8 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user root
May  8 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: User backup from 170.64.237.171 not allowed because not listed in AllowUsers
May  8 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: input_userauth_request: invalid user backup [preauth]
May  8 23:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=backup
May  8 23:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29911]: pam_unix(cron:session): session closed for user samftp
May  8 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: Failed password for invalid user backup from 170.64.237.171 port 40156 ssh2
May  8 23:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30184]: Connection closed by 170.64.237.171 port 40156 [preauth]
May  8 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: Invalid user solr from 170.64.237.171
May  8 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: input_userauth_request: invalid user solr [preauth]
May  8 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: Failed password for invalid user solr from 170.64.237.171 port 40172 ssh2
May  8 23:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30248]: Connection closed by 170.64.237.171 port 40172 [preauth]
May  8 23:09:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Invalid user www from 170.64.237.171
May  8 23:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: input_userauth_request: invalid user www [preauth]
May  8 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Invalid user ggggggggggggg from 130.195.4.212
May  8 23:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: input_userauth_request: invalid user ggggggggggggg [preauth]
May  8 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Failed password for invalid user www from 170.64.237.171 port 40480 ssh2
May  8 23:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30258]: Connection closed by 170.64.237.171 port 40480 [preauth]
May  8 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Invalid user user from 170.64.237.171
May  8 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: input_userauth_request: invalid user user [preauth]
May  8 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.195.4.212
May  8 23:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Failed password for invalid user user from 170.64.237.171 port 40494 ssh2
May  8 23:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29858]: Failed password for invalid user ggggggggggggg from 130.195.4.212 port 49914 ssh2
May  8 23:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30282]: Connection closed by 170.64.237.171 port 40494 [preauth]
May  8 23:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30292]: Failed password for root from 170.64.237.171 port 57846 ssh2
May  8 23:09:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Failed password for root from 205.185.120.237 port 47002 ssh2
May  8 23:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30292]: Connection closed by 170.64.237.171 port 57846 [preauth]
May  8 23:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Invalid user es from 170.64.237.171
May  8 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: input_userauth_request: invalid user es [preauth]
May  8 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Failed password for invalid user es from 170.64.237.171 port 57856 ssh2
May  8 23:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30317]: Connection closed by 170.64.237.171 port 57856 [preauth]
May  8 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28922]: pam_unix(cron:session): session closed for user root
May  8 23:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Connection closed by 205.185.120.237 port 47002 [preauth]
May  8 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Invalid user user from 170.64.237.171
May  8 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: input_userauth_request: invalid user user [preauth]
May  8 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Failed password for invalid user user from 170.64.237.171 port 60110 ssh2
May  8 23:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30327]: Connection closed by 170.64.237.171 port 60110 [preauth]
May  8 23:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Failed password for root from 170.64.237.171 port 60114 ssh2
May  8 23:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30353]: Connection closed by 170.64.237.171 port 60114 [preauth]
May  8 23:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: Invalid user testuser from 170.64.237.171
May  8 23:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: input_userauth_request: invalid user testuser [preauth]
May  8 23:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: Failed password for invalid user testuser from 170.64.237.171 port 39650 ssh2
May  8 23:09:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30380]: Connection closed by 170.64.237.171 port 39650 [preauth]
May  8 23:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: Invalid user stream from 170.64.237.171
May  8 23:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: input_userauth_request: invalid user stream [preauth]
May  8 23:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: Failed password for invalid user stream from 170.64.237.171 port 39664 ssh2
May  8 23:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30390]: Connection closed by 170.64.237.171 port 39664 [preauth]
May  8 23:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Failed password for root from 170.64.237.171 port 33852 ssh2
May  8 23:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30400]: Connection closed by 170.64.237.171 port 33852 [preauth]
May  8 23:09:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Invalid user steam from 170.64.237.171
May  8 23:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: input_userauth_request: invalid user steam [preauth]
May  8 23:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30428]: pam_unix(cron:session): session closed for user root
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30423]: pam_unix(cron:session): session closed for user p13x
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Failed password for invalid user steam from 170.64.237.171 port 33864 ssh2
May  8 23:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30411]: Connection closed by 170.64.237.171 port 33864 [preauth]
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30495]: Successful su for rubyman by root
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30495]: + ??? root:rubyman
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30495]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356024 of user rubyman.
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30495]: pam_unix(su:session): session closed for user rubyman
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356024.
May  8 23:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Invalid user zabbix from 170.64.237.171
May  8 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: input_userauth_request: invalid user zabbix [preauth]
May  8 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30425]: pam_unix(cron:session): session closed for user root
May  8 23:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Failed password for root from 205.185.120.237 port 47078 ssh2
May  8 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27571]: pam_unix(cron:session): session closed for user root
May  8 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Failed password for invalid user zabbix from 170.64.237.171 port 38036 ssh2
May  8 23:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30565]: Connection closed by 170.64.237.171 port 38036 [preauth]
May  8 23:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30424]: pam_unix(cron:session): session closed for user samftp
May  8 23:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Invalid user postgres from 170.64.237.171
May  8 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: input_userauth_request: invalid user postgres [preauth]
May  8 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30352]: Connection closed by 205.185.120.237 port 47078 [preauth]
May  8 23:10:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Failed password for invalid user postgres from 170.64.237.171 port 38050 ssh2
May  8 23:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30703]: Connection closed by 170.64.237.171 port 38050 [preauth]
May  8 23:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Invalid user samba from 170.64.237.171
May  8 23:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: input_userauth_request: invalid user samba [preauth]
May  8 23:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Failed password for invalid user samba from 170.64.237.171 port 38058 ssh2
May  8 23:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30715]: Connection closed by 170.64.237.171 port 38058 [preauth]
May  8 23:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30705]: Did not receive identification string from 205.185.120.237
May  8 23:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: Invalid user oracle from 170.64.237.171
May  8 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: input_userauth_request: invalid user oracle [preauth]
May  8 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: Failed password for invalid user oracle from 170.64.237.171 port 53542 ssh2
May  8 23:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30741]: Connection closed by 170.64.237.171 port 53542 [preauth]
May  8 23:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Invalid user test from 170.64.237.171
May  8 23:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: input_userauth_request: invalid user test [preauth]
May  8 23:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30754]: Did not receive identification string from 103.203.57.11
May  8 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Failed password for invalid user test from 170.64.237.171 port 53556 ssh2
May  8 23:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30752]: Connection closed by 170.64.237.171 port 53556 [preauth]
May  8 23:10:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Invalid user ranger from 170.64.237.171
May  8 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: input_userauth_request: invalid user ranger [preauth]
May  8 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Failed password for invalid user ranger from 170.64.237.171 port 33072 ssh2
May  8 23:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30767]: Connection closed by 170.64.237.171 port 33072 [preauth]
May  8 23:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29454]: pam_unix(cron:session): session closed for user root
May  8 23:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Failed password for root from 170.64.237.171 port 33092 ssh2
May  8 23:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30778]: Connection closed by 170.64.237.171 port 33092 [preauth]
May  8 23:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Invalid user test2 from 170.64.237.171
May  8 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: input_userauth_request: invalid user test2 [preauth]
May  8 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Failed password for invalid user test2 from 170.64.237.171 port 48540 ssh2
May  8 23:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30807]: Connection closed by 170.64.237.171 port 48540 [preauth]
May  8 23:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Invalid user observer from 170.64.237.171
May  8 23:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: input_userauth_request: invalid user observer [preauth]
May  8 23:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Failed password for invalid user observer from 170.64.237.171 port 48542 ssh2
May  8 23:10:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30819]: Connection closed by 170.64.237.171 port 48542 [preauth]
May  8 23:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Failed password for root from 205.185.120.237 port 47146 ssh2
May  8 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Invalid user debian from 170.64.237.171
May  8 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: input_userauth_request: invalid user debian [preauth]
May  8 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Failed password for invalid user debian from 170.64.237.171 port 32870 ssh2
May  8 23:10:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30843]: Connection closed by 170.64.237.171 port 32870 [preauth]
May  8 23:10:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Invalid user dolphinscheduler from 170.64.237.171
May  8 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  8 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30730]: Connection closed by 205.185.120.237 port 47146 [preauth]
May  8 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Failed password for invalid user dolphinscheduler from 170.64.237.171 port 32872 ssh2
May  8 23:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30854]: Connection closed by 170.64.237.171 port 32872 [preauth]
May  8 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Invalid user apache from 170.64.237.171
May  8 23:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: input_userauth_request: invalid user apache [preauth]
May  8 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Failed password for invalid user apache from 170.64.237.171 port 43300 ssh2
May  8 23:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30865]: Connection closed by 170.64.237.171 port 43300 [preauth]
May  8 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30863]: Did not receive identification string from 205.185.120.237
May  8 23:10:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30882]: pam_unix(cron:session): session closed for user p13x
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: Successful su for rubyman by root
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: + ??? root:rubyman
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356031 of user rubyman.
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31018]: pam_unix(su:session): session closed for user rubyman
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356031.
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: User ftp from 170.64.237.171 not allowed because not listed in AllowUsers
May  8 23:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: input_userauth_request: invalid user ftp [preauth]
May  8 23:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=ftp
May  8 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Failed password for invalid user ftp from 170.64.237.171 port 43302 ssh2
May  8 23:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30879]: Connection closed by 170.64.237.171 port 43302 [preauth]
May  8 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30878]: Did not receive identification string from 205.185.120.237
May  8 23:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session closed for user root
May  8 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30883]: pam_unix(cron:session): session closed for user samftp
May  8 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: Invalid user pi from 170.64.237.171
May  8 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: input_userauth_request: invalid user pi [preauth]
May  8 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: Failed password for invalid user pi from 170.64.237.171 port 53126 ssh2
May  8 23:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: Connection closed by 170.64.237.171 port 53126 [preauth]
May  8 23:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31187]: Did not receive identification string from 205.185.120.237
May  8 23:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Invalid user test from 170.64.237.171
May  8 23:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: input_userauth_request: invalid user test [preauth]
May  8 23:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Failed password for invalid user test from 170.64.237.171 port 53128 ssh2
May  8 23:11:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31244]: Connection closed by 170.64.237.171 port 53128 [preauth]
May  8 23:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Failed password for root from 170.64.237.171 port 51122 ssh2
May  8 23:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31272]: Connection closed by 170.64.237.171 port 51122 [preauth]
May  8 23:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Invalid user nvidia from 170.64.237.171
May  8 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: input_userauth_request: invalid user nvidia [preauth]
May  8 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Failed password for invalid user nvidia from 170.64.237.171 port 51130 ssh2
May  8 23:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31284]: Connection closed by 170.64.237.171 port 51130 [preauth]
May  8 23:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Failed password for root from 170.64.237.171 port 34134 ssh2
May  8 23:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31303]: Connection closed by 170.64.237.171 port 34134 [preauth]
May  8 23:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Invalid user oracle from 170.64.237.171
May  8 23:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: input_userauth_request: invalid user oracle [preauth]
May  8 23:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Failed password for invalid user oracle from 170.64.237.171 port 34144 ssh2
May  8 23:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: Connection closed by 170.64.237.171 port 34144 [preauth]
May  8 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29913]: pam_unix(cron:session): session closed for user root
May  8 23:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Invalid user media from 170.64.237.171
May  8 23:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: input_userauth_request: invalid user media [preauth]
May  8 23:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Failed password for invalid user media from 170.64.237.171 port 49420 ssh2
May  8 23:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31346]: Connection closed by 170.64.237.171 port 49420 [preauth]
May  8 23:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: Invalid user gitlab from 170.64.237.171
May  8 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: input_userauth_request: invalid user gitlab [preauth]
May  8 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: Failed password for invalid user gitlab from 170.64.237.171 port 49434 ssh2
May  8 23:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31359]: Connection closed by 170.64.237.171 port 49434 [preauth]
May  8 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Invalid user jms from 170.64.237.171
May  8 23:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: input_userauth_request: invalid user jms [preauth]
May  8 23:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Failed password for root from 205.185.120.237 port 47264 ssh2
May  8 23:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Failed password for invalid user jms from 170.64.237.171 port 53302 ssh2
May  8 23:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31381]: Connection closed by 170.64.237.171 port 53302 [preauth]
May  8 23:11:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Invalid user openvpn from 170.64.237.171
May  8 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: input_userauth_request: invalid user openvpn [preauth]
May  8 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31242]: Connection closed by 205.185.120.237 port 47264 [preauth]
May  8 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Failed password for invalid user openvpn from 170.64.237.171 port 53304 ssh2
May  8 23:11:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31391]: Connection closed by 170.64.237.171 port 53304 [preauth]
May  8 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: Invalid user minecraft from 170.64.237.171
May  8 23:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: input_userauth_request: invalid user minecraft [preauth]
May  8 23:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: Failed password for invalid user minecraft from 170.64.237.171 port 35194 ssh2
May  8 23:11:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31402]: Connection closed by 170.64.237.171 port 35194 [preauth]
May  8 23:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31416]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31416]: pam_unix(cron:session): session closed for user p13x
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: Successful su for rubyman by root
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: + ??? root:rubyman
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356034 of user rubyman.
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31480]: pam_unix(su:session): session closed for user rubyman
May  8 23:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356034.
May  8 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Failed password for root from 170.64.237.171 port 35206 ssh2
May  8 23:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31413]: Connection closed by 170.64.237.171 port 35206 [preauth]
May  8 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Invalid user elsearch from 170.64.237.171
May  8 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: input_userauth_request: invalid user elsearch [preauth]
May  8 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28484]: pam_unix(cron:session): session closed for user root
May  8 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31417]: pam_unix(cron:session): session closed for user samftp
May  8 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Failed password for invalid user elsearch from 170.64.237.171 port 58504 ssh2
May  8 23:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31625]: Connection closed by 170.64.237.171 port 58504 [preauth]
May  8 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:12:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Failed password for root from 170.64.237.171 port 58510 ssh2
May  8 23:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Connection closed by 170.64.237.171 port 58510 [preauth]
May  8 23:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Invalid user www from 170.64.237.171
May  8 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: input_userauth_request: invalid user www [preauth]
May  8 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Failed password for invalid user www from 170.64.237.171 port 49464 ssh2
May  8 23:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31729]: Connection closed by 170.64.237.171 port 49464 [preauth]
May  8 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Failed password for root from 205.185.120.237 port 47324 ssh2
May  8 23:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Invalid user ubuntu from 170.64.237.171
May  8 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: input_userauth_request: invalid user ubuntu [preauth]
May  8 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Failed password for invalid user ubuntu from 170.64.237.171 port 49478 ssh2
May  8 23:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31735]: Connection closed by 170.64.237.171 port 49478 [preauth]
May  8 23:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31393]: Connection closed by 205.185.120.237 port 47324 [preauth]
May  8 23:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: Failed password for root from 170.64.237.171 port 42038 ssh2
May  8 23:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: Connection closed by 170.64.237.171 port 42038 [preauth]
May  8 23:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:12:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Failed password for root from 170.64.237.171 port 42050 ssh2
May  8 23:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Connection closed by 170.64.237.171 port 42050 [preauth]
May  8 23:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30427]: pam_unix(cron:session): session closed for user root
May  8 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Invalid user debian from 170.64.237.171
May  8 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: input_userauth_request: invalid user debian [preauth]
May  8 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Failed password for invalid user debian from 170.64.237.171 port 35036 ssh2
May  8 23:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31792]: Connection closed by 170.64.237.171 port 35036 [preauth]
May  8 23:12:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Invalid user jfedu1 from 170.64.237.171
May  8 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: input_userauth_request: invalid user jfedu1 [preauth]
May  8 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Failed password for invalid user jfedu1 from 170.64.237.171 port 35038 ssh2
May  8 23:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Connection closed by 170.64.237.171 port 35038 [preauth]
May  8 23:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Failed password for root from 218.92.0.179 port 48744 ssh2
May  8 23:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: Invalid user ts from 170.64.237.171
May  8 23:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: input_userauth_request: invalid user ts [preauth]
May  8 23:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Failed password for root from 218.92.0.179 port 48744 ssh2
May  8 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: Failed password for invalid user ts from 170.64.237.171 port 39592 ssh2
May  8 23:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31837]: Connection closed by 170.64.237.171 port 39592 [preauth]
May  8 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Failed password for root from 218.92.0.179 port 48744 ssh2
May  8 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Received disconnect from 218.92.0.179 port 48744:11:  [preauth]
May  8 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: Disconnected from 218.92.0.179 port 48744 [preauth]
May  8 23:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31818]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:12:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Invalid user odoo from 170.64.237.171
May  8 23:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: input_userauth_request: invalid user odoo [preauth]
May  8 23:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for invalid user odoo from 170.64.237.171 port 39604 ssh2
May  8 23:12:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 170.64.237.171 port 39604 [preauth]
May  8 23:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Failed password for root from 205.185.120.237 port 47390 ssh2
May  8 23:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Invalid user esroot from 170.64.237.171
May  8 23:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: input_userauth_request: invalid user esroot [preauth]
May  8 23:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Failed password for invalid user esroot from 170.64.237.171 port 44606 ssh2
May  8 23:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Connection closed by 170.64.237.171 port 44606 [preauth]
May  8 23:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Connection closed by 205.185.120.237 port 47390 [preauth]
May  8 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Invalid user centos from 170.64.237.171
May  8 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: input_userauth_request: invalid user centos [preauth]
May  8 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Failed password for invalid user centos from 170.64.237.171 port 44608 ssh2
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31889]: pam_unix(cron:session): session closed for user p13x
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31882]: Connection closed by 170.64.237.171 port 44608 [preauth]
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32052]: Successful su for rubyman by root
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32052]: + ??? root:rubyman
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32052]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356039 of user rubyman.
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32052]: pam_unix(su:session): session closed for user rubyman
May  8 23:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356039.
May  8 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Invalid user admin from 80.94.95.112
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: input_userauth_request: invalid user admin [preauth]
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Invalid user apache from 170.64.237.171
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: input_userauth_request: invalid user apache [preauth]
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user root
May  8 23:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Failed password for invalid user admin from 80.94.95.112 port 37589 ssh2
May  8 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Failed password for invalid user apache from 170.64.237.171 port 36388 ssh2
May  8 23:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32304]: Connection closed by 170.64.237.171 port 36388 [preauth]
May  8 23:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31890]: pam_unix(cron:session): session closed for user samftp
May  8 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Failed password for invalid user admin from 80.94.95.112 port 37589 ssh2
May  8 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Invalid user wang from 170.64.237.171
May  8 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: input_userauth_request: invalid user wang [preauth]
May  8 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Failed password for invalid user admin from 80.94.95.112 port 37589 ssh2
May  8 23:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Failed password for invalid user wang from 170.64.237.171 port 36396 ssh2
May  8 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32452]: Connection closed by 170.64.237.171 port 36396 [preauth]
May  8 23:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Failed password for invalid user admin from 80.94.95.112 port 37589 ssh2
May  8 23:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Failed password for invalid user admin from 80.94.95.112 port 37589 ssh2
May  8 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Received disconnect from 80.94.95.112 port 37589:11: Bye [preauth]
May  8 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: Disconnected from 80.94.95.112 port 37589 [preauth]
May  8 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32220]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 23:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Failed password for root from 170.64.237.171 port 37954 ssh2
May  8 23:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Connection closed by 170.64.237.171 port 37954 [preauth]
May  8 23:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Invalid user tools from 170.64.237.171
May  8 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: input_userauth_request: invalid user tools [preauth]
May  8 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Failed password for invalid user tools from 170.64.237.171 port 37962 ssh2
May  8 23:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32482]: Connection closed by 170.64.237.171 port 37962 [preauth]
May  8 23:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Invalid user git from 170.64.237.171
May  8 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: input_userauth_request: invalid user git [preauth]
May  8 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Failed password for invalid user git from 170.64.237.171 port 37966 ssh2
May  8 23:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32492]: Connection closed by 170.64.237.171 port 37966 [preauth]
May  8 23:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Failed password for root from 205.185.120.237 port 47434 ssh2
May  8 23:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32518]: Failed password for root from 170.64.237.171 port 60594 ssh2
May  8 23:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32518]: Connection closed by 170.64.237.171 port 60594 [preauth]
May  8 23:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31778]: Invalid user abcdef from 130.195.4.212
May  8 23:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31778]: input_userauth_request: invalid user abcdef [preauth]
May  8 23:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30885]: pam_unix(cron:session): session closed for user root
May  8 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Connection closed by 205.185.120.237 port 47434 [preauth]
May  8 23:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Failed password for root from 170.64.237.171 port 60604 ssh2
May  8 23:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32531]: Connection closed by 170.64.237.171 port 60604 [preauth]
May  8 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Invalid user gpuadmin from 170.64.237.171
May  8 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: input_userauth_request: invalid user gpuadmin [preauth]
May  8 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Failed password for invalid user gpuadmin from 170.64.237.171 port 57268 ssh2
May  8 23:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32566]: Connection closed by 170.64.237.171 port 57268 [preauth]
May  8 23:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Invalid user lighthouse from 170.64.237.171
May  8 23:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: input_userauth_request: invalid user lighthouse [preauth]
May  8 23:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Failed password for invalid user lighthouse from 170.64.237.171 port 57280 ssh2
May  8 23:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32579]: Connection closed by 170.64.237.171 port 57280 [preauth]
May  8 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Invalid user user1 from 170.64.237.171
May  8 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: input_userauth_request: invalid user user1 [preauth]
May  8 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Failed password for invalid user user1 from 170.64.237.171 port 38536 ssh2
May  8 23:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32620]: Connection closed by 170.64.237.171 port 38536 [preauth]
May  8 23:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: User mysql from 170.64.237.171 not allowed because not listed in AllowUsers
May  8 23:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: input_userauth_request: invalid user mysql [preauth]
May  8 23:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=mysql
May  8 23:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: Failed password for invalid user mysql from 170.64.237.171 port 38570 ssh2
May  8 23:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32675]: Connection closed by 170.64.237.171 port 38570 [preauth]
May  8 23:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Failed password for root from 170.64.237.171 port 37622 ssh2
May  8 23:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32720]: Connection closed by 170.64.237.171 port 37622 [preauth]
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32735]: pam_unix(cron:session): session closed for user p13x
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: Successful su for rubyman by root
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: + ??? root:rubyman
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356044 of user rubyman.
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[349]: pam_unix(su:session): session closed for user rubyman
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356044.
May  8 23:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: Invalid user nginx from 170.64.237.171
May  8 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: input_userauth_request: invalid user nginx [preauth]
May  8 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29453]: pam_unix(cron:session): session closed for user root
May  8 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Failed password for root from 205.185.120.237 port 47494 ssh2
May  8 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: Failed password for invalid user nginx from 170.64.237.171 port 37638 ssh2
May  8 23:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[366]: Connection closed by 170.64.237.171 port 37638 [preauth]
May  8 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32736]: pam_unix(cron:session): session closed for user samftp
May  8 23:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Invalid user lsfadmin from 170.64.237.171
May  8 23:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: input_userauth_request: invalid user lsfadmin [preauth]
May  8 23:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Failed password for invalid user lsfadmin from 170.64.237.171 port 55340 ssh2
May  8 23:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[604]: Connection closed by 170.64.237.171 port 55340 [preauth]
May  8 23:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: Invalid user admin from 170.64.237.171
May  8 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: input_userauth_request: invalid user admin [preauth]
May  8 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32565]: Connection closed by 205.185.120.237 port 47494 [preauth]
May  8 23:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: Failed password for invalid user admin from 170.64.237.171 port 55356 ssh2
May  8 23:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[614]: Connection closed by 170.64.237.171 port 55356 [preauth]
May  8 23:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Failed password for root from 170.64.237.171 port 41960 ssh2
May  8 23:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[636]: Connection closed by 170.64.237.171 port 41960 [preauth]
May  8 23:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Failed password for root from 170.64.237.171 port 41962 ssh2
May  8 23:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[649]: Connection closed by 170.64.237.171 port 41962 [preauth]
May  8 23:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: Invalid user yealink from 170.64.237.171
May  8 23:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: input_userauth_request: invalid user yealink [preauth]
May  8 23:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: Failed password for invalid user yealink from 170.64.237.171 port 47446 ssh2
May  8 23:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[678]: Connection closed by 170.64.237.171 port 47446 [preauth]
May  8 23:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Invalid user testuser from 170.64.237.171
May  8 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: input_userauth_request: invalid user testuser [preauth]
May  8 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31419]: pam_unix(cron:session): session closed for user root
May  8 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Failed password for invalid user testuser from 170.64.237.171 port 47458 ssh2
May  8 23:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[689]: Connection closed by 170.64.237.171 port 47458 [preauth]
May  8 23:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Invalid user user from 170.64.237.171
May  8 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: input_userauth_request: invalid user user [preauth]
May  8 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Failed password for invalid user user from 170.64.237.171 port 37326 ssh2
May  8 23:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[727]: Connection closed by 170.64.237.171 port 37326 [preauth]
May  8 23:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Failed password for root from 205.185.120.237 port 47554 ssh2
May  8 23:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Failed password for root from 170.64.237.171 port 37332 ssh2
May  8 23:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[739]: Connection closed by 170.64.237.171 port 37332 [preauth]
May  8 23:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Failed password for root from 170.64.237.171 port 55608 ssh2
May  8 23:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[769]: Connection closed by 170.64.237.171 port 55608 [preauth]
May  8 23:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Connection closed by 205.185.120.237 port 47554 [preauth]
May  8 23:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Failed password for root from 170.64.237.171 port 55616 ssh2
May  8 23:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[780]: Connection closed by 170.64.237.171 port 55616 [preauth]
May  8 23:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Invalid user es from 170.64.237.171
May  8 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: input_userauth_request: invalid user es [preauth]
May  8 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Failed password for invalid user es from 170.64.237.171 port 42964 ssh2
May  8 23:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[794]: Connection closed by 170.64.237.171 port 42964 [preauth]
May  8 23:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Invalid user nexus from 170.64.237.171
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: input_userauth_request: invalid user nexus [preauth]
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[813]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[818]: pam_unix(cron:session): session closed for user root
May  8 23:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[813]: pam_unix(cron:session): session closed for user p13x
May  8 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[891]: Successful su for rubyman by root
May  8 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[891]: + ??? root:rubyman
May  8 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[891]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356049 of user rubyman.
May  8 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[891]: pam_unix(su:session): session closed for user rubyman
May  8 23:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356049.
May  8 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Failed password for invalid user nexus from 170.64.237.171 port 42972 ssh2
May  8 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[807]: Connection closed by 170.64.237.171 port 42972 [preauth]
May  8 23:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[815]: pam_unix(cron:session): session closed for user root
May  8 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29912]: pam_unix(cron:session): session closed for user root
May  8 23:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Invalid user jenkins from 170.64.237.171
May  8 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: input_userauth_request: invalid user jenkins [preauth]
May  8 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[814]: pam_unix(cron:session): session closed for user samftp
May  8 23:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Failed password for invalid user jenkins from 170.64.237.171 port 52900 ssh2
May  8 23:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1118]: Connection closed by 170.64.237.171 port 52900 [preauth]
May  8 23:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Failed password for root from 170.64.237.171 port 52904 ssh2
May  8 23:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1152]: Connection closed by 170.64.237.171 port 52904 [preauth]
May  8 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Invalid user dmdba from 170.64.237.171
May  8 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: input_userauth_request: invalid user dmdba [preauth]
May  8 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Failed password for invalid user dmdba from 170.64.237.171 port 41896 ssh2
May  8 23:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1177]: Connection closed by 170.64.237.171 port 41896 [preauth]
May  8 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Invalid user user2 from 170.64.237.171
May  8 23:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: input_userauth_request: invalid user user2 [preauth]
May  8 23:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Failed password for invalid user user2 from 170.64.237.171 port 41906 ssh2
May  8 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1193]: Connection closed by 170.64.237.171 port 41906 [preauth]
May  8 23:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Failed password for root from 205.185.120.237 port 47622 ssh2
May  8 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Failed password for root from 170.64.237.171 port 50832 ssh2
May  8 23:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1225]: Connection closed by 170.64.237.171 port 50832 [preauth]
May  8 23:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Invalid user tom from 170.64.237.171
May  8 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: input_userauth_request: invalid user tom [preauth]
May  8 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[784]: Connection closed by 205.185.120.237 port 47622 [preauth]
May  8 23:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Failed password for invalid user tom from 170.64.237.171 port 50852 ssh2
May  8 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1242]: Connection closed by 170.64.237.171 port 50852 [preauth]
May  8 23:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31894]: pam_unix(cron:session): session closed for user root
May  8 23:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: Invalid user sonar from 170.64.237.171
May  8 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: input_userauth_request: invalid user sonar [preauth]
May  8 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: Failed password for invalid user sonar from 170.64.237.171 port 49556 ssh2
May  8 23:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1280]: Connection closed by 170.64.237.171 port 49556 [preauth]
May  8 23:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Invalid user admin from 170.64.237.171
May  8 23:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: input_userauth_request: invalid user admin [preauth]
May  8 23:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Failed password for invalid user admin from 170.64.237.171 port 49558 ssh2
May  8 23:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1293]: Connection closed by 170.64.237.171 port 49558 [preauth]
May  8 23:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Invalid user lighthouse from 170.64.237.171
May  8 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: input_userauth_request: invalid user lighthouse [preauth]
May  8 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Failed password for invalid user lighthouse from 170.64.237.171 port 42606 ssh2
May  8 23:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1325]: Connection closed by 170.64.237.171 port 42606 [preauth]
May  8 23:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Invalid user test from 170.64.237.171
May  8 23:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: input_userauth_request: invalid user test [preauth]
May  8 23:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Failed password for invalid user test from 170.64.237.171 port 42608 ssh2
May  8 23:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1336]: Connection closed by 170.64.237.171 port 42608 [preauth]
May  8 23:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Invalid user nginx from 170.64.237.171
May  8 23:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: input_userauth_request: invalid user nginx [preauth]
May  8 23:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Failed password for invalid user nginx from 170.64.237.171 port 50672 ssh2
May  8 23:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1346]: Connection closed by 170.64.237.171 port 50672 [preauth]
May  8 23:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Invalid user user from 170.64.237.171
May  8 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: input_userauth_request: invalid user user [preauth]
May  8 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Failed password for root from 205.185.120.237 port 47680 ssh2
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1363]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1360]: pam_unix(cron:session): session closed for user p13x
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: Successful su for rubyman by root
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: + ??? root:rubyman
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356053 of user rubyman.
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1459]: pam_unix(su:session): session closed for user rubyman
May  8 23:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356053.
May  8 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Failed password for invalid user user from 170.64.237.171 port 50688 ssh2
May  8 23:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1356]: Connection closed by 170.64.237.171 port 50688 [preauth]
May  8 23:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30426]: pam_unix(cron:session): session closed for user root
May  8 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Invalid user wso2 from 170.64.237.171
May  8 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: input_userauth_request: invalid user wso2 [preauth]
May  8 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1363]: pam_unix(cron:session): session closed for user samftp
May  8 23:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Failed password for invalid user wso2 from 170.64.237.171 port 40302 ssh2
May  8 23:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1612]: Connection closed by 170.64.237.171 port 40302 [preauth]
May  8 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1258]: Connection closed by 205.185.120.237 port 47680 [preauth]
May  8 23:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Invalid user centos from 170.64.237.171
May  8 23:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: input_userauth_request: invalid user centos [preauth]
May  8 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Failed password for invalid user centos from 170.64.237.171 port 40318 ssh2
May  8 23:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1675]: Connection closed by 170.64.237.171 port 40318 [preauth]
May  8 23:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Invalid user master from 170.64.237.171
May  8 23:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: input_userauth_request: invalid user master [preauth]
May  8 23:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Failed password for invalid user master from 170.64.237.171 port 37952 ssh2
May  8 23:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1702]: Connection closed by 170.64.237.171 port 37952 [preauth]
May  8 23:16:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Invalid user opc from 170.64.237.171
May  8 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: input_userauth_request: invalid user opc [preauth]
May  8 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Failed password for invalid user opc from 170.64.237.171 port 37962 ssh2
May  8 23:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1714]: Connection closed by 170.64.237.171 port 37962 [preauth]
May  8 23:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Failed password for root from 170.64.237.171 port 41590 ssh2
May  8 23:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1735]: Connection closed by 170.64.237.171 port 41590 [preauth]
May  8 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Invalid user ubuntu from 170.64.237.171
May  8 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: input_userauth_request: invalid user ubuntu [preauth]
May  8 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Failed password for invalid user ubuntu from 170.64.237.171 port 41606 ssh2
May  8 23:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1761]: Connection closed by 170.64.237.171 port 41606 [preauth]
May  8 23:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32739]: pam_unix(cron:session): session closed for user root
May  8 23:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Failed password for root from 170.64.237.171 port 59614 ssh2
May  8 23:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1771]: Connection closed by 170.64.237.171 port 59614 [preauth]
May  8 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Failed password for root from 205.185.120.237 port 47732 ssh2
May  8 23:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for root from 170.64.237.171 port 59630 ssh2
May  8 23:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Connection closed by 170.64.237.171 port 59630 [preauth]
May  8 23:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: Invalid user mongo from 170.64.237.171
May  8 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: input_userauth_request: invalid user mongo [preauth]
May  8 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: Failed password for invalid user mongo from 170.64.237.171 port 59632 ssh2
May  8 23:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: Connection closed by 170.64.237.171 port 59632 [preauth]
May  8 23:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1665]: Connection closed by 205.185.120.237 port 47732 [preauth]
May  8 23:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Failed password for root from 170.64.237.171 port 50692 ssh2
May  8 23:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1848]: Connection closed by 170.64.237.171 port 50692 [preauth]
May  8 23:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: Invalid user guest from 170.64.237.171
May  8 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: input_userauth_request: invalid user guest [preauth]
May  8 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: Failed password for invalid user guest from 170.64.237.171 port 50698 ssh2
May  8 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1860]: Connection closed by 170.64.237.171 port 50698 [preauth]
May  8 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1850]: Did not receive identification string from 205.185.120.237
May  8 23:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Invalid user minecraft from 170.64.237.171
May  8 23:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: input_userauth_request: invalid user minecraft [preauth]
May  8 23:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Failed password for invalid user minecraft from 170.64.237.171 port 59262 ssh2
May  8 23:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1875]: Connection closed by 170.64.237.171 port 59262 [preauth]
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1879]: pam_unix(cron:session): session closed for user root
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1881]: pam_unix(cron:session): session closed for user p13x
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: Successful su for rubyman by root
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: + ??? root:rubyman
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356058 of user rubyman.
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2034]: pam_unix(su:session): session closed for user rubyman
May  8 23:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356058.
May  8 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: Invalid user esearch from 170.64.237.171
May  8 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: input_userauth_request: invalid user esearch [preauth]
May  8 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30884]: pam_unix(cron:session): session closed for user root
May  8 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: Failed password for invalid user esearch from 170.64.237.171 port 59272 ssh2
May  8 23:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: Connection closed by 170.64.237.171 port 59272 [preauth]
May  8 23:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1882]: pam_unix(cron:session): session closed for user samftp
May  8 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: Invalid user es from 170.64.237.171
May  8 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: input_userauth_request: invalid user es [preauth]
May  8 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: Failed password for invalid user es from 170.64.237.171 port 50888 ssh2
May  8 23:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2210]: Connection closed by 170.64.237.171 port 50888 [preauth]
May  8 23:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Failed password for root from 170.64.237.171 port 50896 ssh2
May  8 23:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2229]: Connection closed by 170.64.237.171 port 50896 [preauth]
May  8 23:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Invalid user dev from 170.64.237.171
May  8 23:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: input_userauth_request: invalid user dev [preauth]
May  8 23:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Failed password for invalid user dev from 170.64.237.171 port 44160 ssh2
May  8 23:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2252]: Connection closed by 170.64.237.171 port 44160 [preauth]
May  8 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Invalid user admin from 170.64.237.171
May  8 23:17:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: input_userauth_request: invalid user admin [preauth]
May  8 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Failed password for invalid user admin from 170.64.237.171 port 44170 ssh2
May  8 23:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2264]: Connection closed by 170.64.237.171 port 44170 [preauth]
May  8 23:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Invalid user g from 170.64.237.171
May  8 23:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: input_userauth_request: invalid user g [preauth]
May  8 23:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Failed password for invalid user g from 170.64.237.171 port 39928 ssh2
May  8 23:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2288]: Connection closed by 170.64.237.171 port 39928 [preauth]
May  8 23:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Invalid user ubuntu from 170.64.237.171
May  8 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: input_userauth_request: invalid user ubuntu [preauth]
May  8 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Failed password for invalid user ubuntu from 170.64.237.171 port 39950 ssh2
May  8 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2298]: Connection closed by 170.64.237.171 port 39950 [preauth]
May  8 23:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[817]: pam_unix(cron:session): session closed for user root
May  8 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Failed password for root from 205.185.120.237 port 47804 ssh2
May  8 23:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Invalid user elasticsearch from 170.64.237.171
May  8 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: input_userauth_request: invalid user elasticsearch [preauth]
May  8 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Failed password for invalid user elasticsearch from 170.64.237.171 port 45514 ssh2
May  8 23:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Connection closed by 170.64.237.171 port 45514 [preauth]
May  8 23:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1862]: Connection closed by 205.185.120.237 port 47804 [preauth]
May  8 23:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Failed password for root from 170.64.237.171 port 45530 ssh2
May  8 23:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2341]: Connection closed by 170.64.237.171 port 45530 [preauth]
May  8 23:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Invalid user git from 170.64.237.171
May  8 23:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: input_userauth_request: invalid user git [preauth]
May  8 23:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: Invalid user kevin from 194.0.234.19
May  8 23:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: input_userauth_request: invalid user kevin [preauth]
May  8 23:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Failed password for invalid user git from 170.64.237.171 port 38034 ssh2
May  8 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2375]: Connection closed by 170.64.237.171 port 38034 [preauth]
May  8 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Did not receive identification string from 205.185.120.237
May  8 23:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: Failed password for invalid user kevin from 194.0.234.19 port 41342 ssh2
May  8 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2357]: Connection closed by 194.0.234.19 port 41342 [preauth]
May  8 23:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: Invalid user ftpuser from 170.64.237.171
May  8 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: input_userauth_request: invalid user ftpuser [preauth]
May  8 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: Failed password for invalid user ftpuser from 170.64.237.171 port 38048 ssh2
May  8 23:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2378]: Connection closed by 170.64.237.171 port 38048 [preauth]
May  8 23:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Invalid user minecraft from 170.64.237.171
May  8 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: input_userauth_request: invalid user minecraft [preauth]
May  8 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2377]: Did not receive identification string from 205.185.120.237
May  8 23:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Failed password for invalid user minecraft from 170.64.237.171 port 38400 ssh2
May  8 23:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2395]: Connection closed by 170.64.237.171 port 38400 [preauth]
May  8 23:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171  user=root
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2428]: pam_unix(cron:session): session closed for user p13x
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: Successful su for rubyman by root
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: + ??? root:rubyman
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356062 of user rubyman.
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2496]: pam_unix(su:session): session closed for user rubyman
May  8 23:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356062.
May  8 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Failed password for root from 170.64.237.171 port 38416 ssh2
May  8 23:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2415]: Connection closed by 170.64.237.171 port 38416 [preauth]
May  8 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31418]: pam_unix(cron:session): session closed for user root
May  8 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Invalid user user2 from 170.64.237.171
May  8 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: input_userauth_request: invalid user user2 [preauth]
May  8 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.64.237.171
May  8 23:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2429]: pam_unix(cron:session): session closed for user samftp
May  8 23:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Failed password for invalid user user2 from 170.64.237.171 port 42530 ssh2
May  8 23:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2651]: Connection closed by 170.64.237.171 port 42530 [preauth]
May  8 23:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 23:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 80.94.95.241 port 63509 ssh2
May  8 23:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 80.94.95.241 port 63509 ssh2
May  8 23:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 80.94.95.241 port 63509 ssh2
May  8 23:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Failed password for root from 205.185.120.237 port 47882 ssh2
May  8 23:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 80.94.95.241 port 63509 ssh2
May  8 23:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Failed password for root from 80.94.95.241 port 63509 ssh2
May  8 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Received disconnect from 80.94.95.241 port 63509:11: Bye [preauth]
May  8 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: Disconnected from 80.94.95.241 port 63509 [preauth]
May  8 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  8 23:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2742]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 23:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1365]: pam_unix(cron:session): session closed for user root
May  8 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2413]: Connection closed by 205.185.120.237 port 47882 [preauth]
May  8 23:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2869]: pam_unix(cron:session): session closed for user p13x
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: Successful su for rubyman by root
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: + ??? root:rubyman
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356066 of user rubyman.
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2938]: pam_unix(su:session): session closed for user rubyman
May  8 23:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356066.
May  8 23:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31891]: pam_unix(cron:session): session closed for user root
May  8 23:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2870]: pam_unix(cron:session): session closed for user samftp
May  8 23:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2805]: Failed password for root from 205.185.120.237 port 47932 ssh2
May  8 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2805]: Connection closed by 205.185.120.237 port 47932 [preauth]
May  8 23:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3157]: Did not receive identification string from 205.185.120.237
May  8 23:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3181]: Did not receive identification string from 205.185.120.237
May  8 23:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1884]: pam_unix(cron:session): session closed for user root
May  8 23:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3283]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3287]: pam_unix(cron:session): session closed for user root
May  8 23:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3282]: pam_unix(cron:session): session closed for user p13x
May  8 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: Successful su for rubyman by root
May  8 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: + ??? root:rubyman
May  8 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356070 of user rubyman.
May  8 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3351]: pam_unix(su:session): session closed for user rubyman
May  8 23:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356070.
May  8 23:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: Failed password for root from 205.185.120.237 port 48018 ssh2
May  8 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3284]: pam_unix(cron:session): session closed for user root
May  8 23:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32738]: pam_unix(cron:session): session closed for user root
May  8 23:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3283]: pam_unix(cron:session): session closed for user samftp
May  8 23:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3202]: Connection closed by 205.185.120.237 port 48018 [preauth]
May  8 23:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2432]: pam_unix(cron:session): session closed for user root
May  8 23:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Failed password for root from 205.185.120.237 port 48060 ssh2
May  8 23:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3625]: Connection closed by 205.185.120.237 port 48060 [preauth]
May  8 23:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3766]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3764]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3763]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3763]: pam_unix(cron:session): session closed for user p13x
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: Successful su for rubyman by root
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: + ??? root:rubyman
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356075 of user rubyman.
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3828]: pam_unix(su:session): session closed for user rubyman
May  8 23:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356075.
May  8 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[816]: pam_unix(cron:session): session closed for user root
May  8 23:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3764]: pam_unix(cron:session): session closed for user samftp
May  8 23:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2872]: pam_unix(cron:session): session closed for user root
May  8 23:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4154]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Failed password for root from 205.185.120.237 port 48134 ssh2
May  8 23:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3761]: Connection closed by 205.185.120.237 port 48134 [preauth]
May  8 23:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4165]: Did not receive identification string from 205.185.120.237
May  8 23:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4187]: Did not receive identification string from 205.185.120.237
May  8 23:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4217]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4216]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4216]: pam_unix(cron:session): session closed for user p13x
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: Successful su for rubyman by root
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: + ??? root:rubyman
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356080 of user rubyman.
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4424]: pam_unix(su:session): session closed for user rubyman
May  8 23:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356080.
May  8 23:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1364]: pam_unix(cron:session): session closed for user root
May  8 23:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4217]: pam_unix(cron:session): session closed for user samftp
May  8 23:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Failed password for root from 205.185.120.237 port 48200 ssh2
May  8 23:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3286]: pam_unix(cron:session): session closed for user root
May  8 23:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4204]: Connection closed by 205.185.120.237 port 48200 [preauth]
May  8 23:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4784]: pam_unix(cron:session): session closed for user p13x
May  8 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: Successful su for rubyman by root
May  8 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: + ??? root:rubyman
May  8 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356085 of user rubyman.
May  8 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4859]: pam_unix(su:session): session closed for user rubyman
May  8 23:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356085.
May  8 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1883]: pam_unix(cron:session): session closed for user root
May  8 23:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4785]: pam_unix(cron:session): session closed for user samftp
May  8 23:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Failed password for root from 205.185.120.237 port 48268 ssh2
May  8 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4725]: Connection closed by 205.185.120.237 port 48268 [preauth]
May  8 23:23:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3766]: pam_unix(cron:session): session closed for user root
May  8 23:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Failed password for root from 205.185.120.237 port 48334 ssh2
May  8 23:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5277]: Connection closed by 205.185.120.237 port 48334 [preauth]
May  8 23:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5399]: pam_unix(cron:session): session closed for user p13x
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: Successful su for rubyman by root
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: + ??? root:rubyman
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356088 of user rubyman.
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5469]: pam_unix(su:session): session closed for user rubyman
May  8 23:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356088.
May  8 23:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2430]: pam_unix(cron:session): session closed for user root
May  8 23:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5400]: pam_unix(cron:session): session closed for user samftp
May  8 23:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5397]: Failed password for root from 205.185.120.237 port 48404 ssh2
May  8 23:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4219]: pam_unix(cron:session): session closed for user root
May  8 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5397]: Connection closed by 205.185.120.237 port 48404 [preauth]
May  8 23:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5906]: Did not receive identification string from 205.185.120.237
May  8 23:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5958]: pam_unix(cron:session): session closed for user root
May  8 23:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5953]: pam_unix(cron:session): session closed for user p13x
May  8 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: Successful su for rubyman by root
May  8 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: + ??? root:rubyman
May  8 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356094 of user rubyman.
May  8 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6039]: pam_unix(su:session): session closed for user rubyman
May  8 23:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356094.
May  8 23:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2871]: pam_unix(cron:session): session closed for user root
May  8 23:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5955]: pam_unix(cron:session): session closed for user root
May  8 23:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5954]: pam_unix(cron:session): session closed for user samftp
May  8 23:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: Failed password for root from 205.185.120.237 port 48496 ssh2
May  8 23:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5932]: Connection closed by 205.185.120.237 port 48496 [preauth]
May  8 23:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4787]: pam_unix(cron:session): session closed for user root
May  8 23:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Failed password for root from 205.185.120.237 port 48544 ssh2
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6405]: pam_unix(cron:session): session closed for user p13x
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: Successful su for rubyman by root
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: + ??? root:rubyman
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356098 of user rubyman.
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6476]: pam_unix(su:session): session closed for user rubyman
May  8 23:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356098.
May  8 23:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Connection closed by 205.185.120.237 port 48544 [preauth]
May  8 23:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6567]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3285]: pam_unix(cron:session): session closed for user root
May  8 23:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6406]: pam_unix(cron:session): session closed for user samftp
May  8 23:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5402]: pam_unix(cron:session): session closed for user root
May  8 23:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6567]: Failed password for root from 205.185.120.237 port 48600 ssh2
May  8 23:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6567]: Connection closed by 205.185.120.237 port 48600 [preauth]
May  8 23:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6785]: Did not receive identification string from 205.185.120.237
May  8 23:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6821]: pam_unix(cron:session): session closed for user p13x
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: Successful su for rubyman by root
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: + ??? root:rubyman
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356103 of user rubyman.
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6882]: pam_unix(su:session): session closed for user rubyman
May  8 23:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356103.
May  8 23:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3765]: pam_unix(cron:session): session closed for user root
May  8 23:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6822]: pam_unix(cron:session): session closed for user samftp
May  8 23:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Failed password for root from 205.185.120.237 port 48682 ssh2
May  8 23:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Connection closed by 205.185.120.237 port 48682 [preauth]
May  8 23:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5957]: pam_unix(cron:session): session closed for user root
May  8 23:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: Failed password for root from 218.92.0.179 port 38031 ssh2
May  8 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 38031 ssh2]
May  8 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: Received disconnect from 218.92.0.179 port 38031:11:  [preauth]
May  8 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: Disconnected from 218.92.0.179 port 38031 [preauth]
May  8 23:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7272]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: Failed password for root from 205.185.120.237 port 48738 ssh2
May  8 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7343]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7343]: pam_unix(cron:session): session closed for user p13x
May  8 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: Successful su for rubyman by root
May  8 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: + ??? root:rubyman
May  8 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356108 of user rubyman.
May  8 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7402]: pam_unix(su:session): session closed for user rubyman
May  8 23:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356108.
May  8 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7248]: Connection closed by 205.185.120.237 port 48738 [preauth]
May  8 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4218]: pam_unix(cron:session): session closed for user root
May  8 23:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7344]: pam_unix(cron:session): session closed for user samftp
May  8 23:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6409]: pam_unix(cron:session): session closed for user root
May  8 23:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:28:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Failed password for root from 205.185.120.237 port 48804 ssh2
May  8 23:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7653]: Connection closed by 205.185.120.237 port 48804 [preauth]
May  8 23:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7868]: pam_unix(cron:session): session closed for user p13x
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: Successful su for rubyman by root
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: + ??? root:rubyman
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356109 of user rubyman.
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7932]: pam_unix(su:session): session closed for user rubyman
May  8 23:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356109.
May  8 23:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4786]: pam_unix(cron:session): session closed for user root
May  8 23:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7869]: pam_unix(cron:session): session closed for user samftp
May  8 23:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: Failed password for root from 205.185.120.237 port 48862 ssh2
May  8 23:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7840]: Connection closed by 205.185.120.237 port 48862 [preauth]
May  8 23:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6824]: pam_unix(cron:session): session closed for user root
May  8 23:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Invalid user thing from 27.252.144.74
May  8 23:29:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: input_userauth_request: invalid user thing [preauth]
May  8 23:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  8 23:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Failed password for invalid user thing from 27.252.144.74 port 51747 ssh2
May  8 23:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:29:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Failed password for root from 205.185.120.237 port 48908 ssh2
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8299]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8296]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8301]: pam_unix(cron:session): session closed for user root
May  8 23:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8296]: pam_unix(cron:session): session closed for user p13x
May  8 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: Successful su for rubyman by root
May  8 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: + ??? root:rubyman
May  8 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356116 of user rubyman.
May  8 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8366]: pam_unix(su:session): session closed for user rubyman
May  8 23:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356116.
May  8 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8194]: Connection closed by 205.185.120.237 port 48908 [preauth]
May  8 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8298]: pam_unix(cron:session): session closed for user root
May  8 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5401]: pam_unix(cron:session): session closed for user root
May  8 23:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8297]: pam_unix(cron:session): session closed for user samftp
May  8 23:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Failed password for root from 205.185.120.237 port 48966 ssh2
May  8 23:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7346]: pam_unix(cron:session): session closed for user root
May  8 23:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8501]: Connection closed by 205.185.120.237 port 48966 [preauth]
May  8 23:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8769]: pam_unix(cron:session): session closed for user p13x
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8834]: Successful su for rubyman by root
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8834]: + ??? root:rubyman
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356120 of user rubyman.
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8834]: pam_unix(su:session): session closed for user rubyman
May  8 23:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356120.
May  8 23:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8770]: pam_unix(cron:session): session closed for user samftp
May  8 23:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5956]: pam_unix(cron:session): session closed for user root
May  8 23:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Failed password for root from 205.185.120.237 port 49004 ssh2
May  8 23:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8718]: Connection closed by 205.185.120.237 port 49004 [preauth]
May  8 23:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9069]: Did not receive identification string from 205.185.120.237
May  8 23:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7871]: pam_unix(cron:session): session closed for user root
May  8 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9100]: Did not receive identification string from 205.185.120.237
May  8 23:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9307]: pam_unix(cron:session): session closed for user p13x
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: Successful su for rubyman by root
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: + ??? root:rubyman
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356125 of user rubyman.
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9376]: pam_unix(su:session): session closed for user rubyman
May  8 23:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356125.
May  8 23:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6408]: pam_unix(cron:session): session closed for user root
May  8 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9309]: pam_unix(cron:session): session closed for user samftp
May  8 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: User ftp from 80.94.95.116 not allowed because not listed in AllowUsers
May  8 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: input_userauth_request: invalid user ftp [preauth]
May  8 23:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=ftp
May  8 23:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Failed password for root from 205.185.120.237 port 49086 ssh2
May  8 23:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Failed password for invalid user ftp from 80.94.95.116 port 21096 ssh2
May  8 23:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9298]: Connection closed by 80.94.95.116 port 21096 [preauth]
May  8 23:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9219]: Connection closed by 205.185.120.237 port 49086 [preauth]
May  8 23:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8300]: pam_unix(cron:session): session closed for user root
May  8 23:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: Failed password for root from 205.185.120.237 port 49136 ssh2
May  8 23:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9582]: Connection closed by 205.185.120.237 port 49136 [preauth]
May  8 23:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9715]: pam_unix(cron:session): session closed for user p13x
May  8 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: Successful su for rubyman by root
May  8 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: + ??? root:rubyman
May  8 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356127 of user rubyman.
May  8 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9788]: pam_unix(su:session): session closed for user rubyman
May  8 23:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356127.
May  8 23:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6823]: pam_unix(cron:session): session closed for user root
May  8 23:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9717]: pam_unix(cron:session): session closed for user samftp
May  8 23:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: Failed password for root from 205.185.120.237 port 49198 ssh2
May  8 23:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9695]: Connection closed by 205.185.120.237 port 49198 [preauth]
May  8 23:33:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8772]: pam_unix(cron:session): session closed for user root
May  8 23:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Failed password for root from 205.185.120.237 port 49246 ssh2
May  8 23:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10128]: pam_unix(cron:session): session closed for user p13x
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: Successful su for rubyman by root
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: + ??? root:rubyman
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356131 of user rubyman.
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10187]: pam_unix(su:session): session closed for user rubyman
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356131.
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Invalid user guest from 190.103.202.7
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: input_userauth_request: invalid user guest [preauth]
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  8 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Failed password for invalid user guest from 190.103.202.7 port 49866 ssh2
May  8 23:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10125]: Connection closed by 190.103.202.7 port 49866 [preauth]
May  8 23:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7345]: pam_unix(cron:session): session closed for user root
May  8 23:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10129]: pam_unix(cron:session): session closed for user samftp
May  8 23:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10037]: Connection closed by 205.185.120.237 port 49246 [preauth]
May  8 23:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Invalid user student8 from 50.235.31.47
May  8 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: input_userauth_request: invalid user student8 [preauth]
May  8 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  8 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Failed password for invalid user student8 from 50.235.31.47 port 52964 ssh2
May  8 23:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10513]: Connection closed by 50.235.31.47 port 52964 [preauth]
May  8 23:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9311]: pam_unix(cron:session): session closed for user root
May  8 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Failed password for root from 205.185.120.237 port 49290 ssh2
May  8 23:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: Failed password for root from 218.92.0.179 port 48729 ssh2
May  8 23:34:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: Failed password for root from 218.92.0.179 port 48729 ssh2
May  8 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10487]: Connection closed by 205.185.120.237 port 49290 [preauth]
May  8 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: Failed password for root from 218.92.0.179 port 48729 ssh2
May  8 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: Received disconnect from 218.92.0.179 port 48729:11:  [preauth]
May  8 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: Disconnected from 218.92.0.179 port 48729 [preauth]
May  8 23:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10626]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10682]: pam_unix(cron:session): session closed for user root
May  8 23:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10673]: pam_unix(cron:session): session closed for user p13x
May  8 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10774]: Successful su for rubyman by root
May  8 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10774]: + ??? root:rubyman
May  8 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10774]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356136 of user rubyman.
May  8 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10774]: pam_unix(su:session): session closed for user rubyman
May  8 23:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356136.
May  8 23:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10675]: pam_unix(cron:session): session closed for user root
May  8 23:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7870]: pam_unix(cron:session): session closed for user root
May  8 23:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10674]: pam_unix(cron:session): session closed for user samftp
May  8 23:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Failed password for root from 205.185.120.237 port 49330 ssh2
May  8 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10649]: Connection closed by 205.185.120.237 port 49330 [preauth]
May  8 23:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9720]: pam_unix(cron:session): session closed for user root
May  8 23:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:35:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Failed password for root from 205.185.120.237 port 49368 ssh2
May  8 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11132]: pam_unix(cron:session): session closed for user p13x
May  8 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: Successful su for rubyman by root
May  8 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: + ??? root:rubyman
May  8 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356141 of user rubyman.
May  8 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11207]: pam_unix(su:session): session closed for user rubyman
May  8 23:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356141.
May  8 23:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8299]: pam_unix(cron:session): session closed for user root
May  8 23:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11039]: Connection closed by 205.185.120.237 port 49368 [preauth]
May  8 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11133]: pam_unix(cron:session): session closed for user samftp
May  8 23:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10131]: pam_unix(cron:session): session closed for user root
May  8 23:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Failed password for root from 205.185.120.237 port 49412 ssh2
May  8 23:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11367]: Connection closed by 205.185.120.237 port 49412 [preauth]
May  8 23:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:36:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10829]: Connection closed by 130.195.4.212 port 47776 [preauth]
May  8 23:36:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11546]: pam_unix(cron:session): session closed for user p13x
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11610]: Successful su for rubyman by root
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11610]: + ??? root:rubyman
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11610]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356145 of user rubyman.
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11610]: pam_unix(su:session): session closed for user rubyman
May  8 23:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356145.
May  8 23:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8771]: pam_unix(cron:session): session closed for user root
May  8 23:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11547]: pam_unix(cron:session): session closed for user samftp
May  8 23:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Failed password for root from 205.185.120.237 port 49452 ssh2
May  8 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11493]: Connection closed by 205.185.120.237 port 49452 [preauth]
May  8 23:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Invalid user frappe from 193.70.84.184
May  8 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: input_userauth_request: invalid user frappe [preauth]
May  8 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  8 23:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Failed password for invalid user frappe from 193.70.84.184 port 60924 ssh2
May  8 23:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11844]: Connection closed by 193.70.84.184 port 60924 [preauth]
May  8 23:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10677]: pam_unix(cron:session): session closed for user root
May  8 23:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: Failed password for root from 205.185.120.237 port 49500 ssh2
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11944]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11943]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11942]: pam_unix(cron:session): session closed for user p13x
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11843]: Connection closed by 205.185.120.237 port 49500 [preauth]
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: Successful su for rubyman by root
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: + ??? root:rubyman
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356149 of user rubyman.
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12000]: pam_unix(su:session): session closed for user rubyman
May  8 23:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356149.
May  8 23:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9310]: pam_unix(cron:session): session closed for user root
May  8 23:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11943]: pam_unix(cron:session): session closed for user samftp
May  8 23:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11524]: Connection closed by 27.252.144.74 port 51980 [preauth]
May  8 23:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Failed password for root from 205.185.120.237 port 49546 ssh2
May  8 23:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11136]: pam_unix(cron:session): session closed for user root
May  8 23:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12051]: Connection closed by 205.185.120.237 port 49546 [preauth]
May  8 23:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: Invalid user swag from 27.252.144.74
May  8 23:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: input_userauth_request: invalid user swag [preauth]
May  8 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.252.144.74
May  8 23:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: Failed password for invalid user swag from 27.252.144.74 port 52029 ssh2
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12354]: pam_unix(cron:session): session closed for user p13x
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12471]: Successful su for rubyman by root
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12471]: + ??? root:rubyman
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356155 of user rubyman.
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12471]: pam_unix(su:session): session closed for user rubyman
May  8 23:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356155.
May  8 23:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12352]: pam_unix(cron:session): session closed for user root
May  8 23:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9718]: pam_unix(cron:session): session closed for user root
May  8 23:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12355]: pam_unix(cron:session): session closed for user samftp
May  8 23:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Failed password for root from 205.185.120.237 port 49584 ssh2
May  8 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12289]: Connection closed by 205.185.120.237 port 49584 [preauth]
May  8 23:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12718]: Did not receive identification string from 205.185.120.237
May  8 23:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11549]: pam_unix(cron:session): session closed for user root
May  8 23:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12246]: Connection closed by 27.252.144.74 port 52029 [preauth]
May  8 23:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Failed password for root from 205.185.120.237 port 49632 ssh2
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12827]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12832]: pam_unix(cron:session): session closed for user root
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12827]: pam_unix(cron:session): session closed for user p13x
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: Successful su for rubyman by root
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: + ??? root:rubyman
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356159 of user rubyman.
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12897]: pam_unix(su:session): session closed for user rubyman
May  8 23:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356159.
May  8 23:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12741]: Connection closed by 205.185.120.237 port 49632 [preauth]
May  8 23:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12829]: pam_unix(cron:session): session closed for user root
May  8 23:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10130]: pam_unix(cron:session): session closed for user root
May  8 23:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12828]: pam_unix(cron:session): session closed for user samftp
May  8 23:40:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11946]: pam_unix(cron:session): session closed for user root
May  8 23:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Failed password for root from 205.185.120.237 port 49676 ssh2
May  8 23:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12971]: Connection closed by 205.185.120.237 port 49676 [preauth]
May  8 23:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13268]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13265]: pam_unix(cron:session): session closed for user p13x
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13339]: Successful su for rubyman by root
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13339]: + ??? root:rubyman
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356164 of user rubyman.
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13339]: pam_unix(su:session): session closed for user rubyman
May  8 23:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356164.
May  8 23:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10676]: pam_unix(cron:session): session closed for user root
May  8 23:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13268]: pam_unix(cron:session): session closed for user samftp
May  8 23:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Failed password for root from 205.185.120.237 port 49728 ssh2
May  8 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13206]: Connection closed by 205.185.120.237 port 49728 [preauth]
May  8 23:41:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12357]: pam_unix(cron:session): session closed for user root
May  8 23:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Failed password for root from 205.185.120.237 port 49764 ssh2
May  8 23:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13645]: Connection closed by 205.185.120.237 port 49764 [preauth]
May  8 23:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13787]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13784]: pam_unix(cron:session): session closed for user p13x
May  8 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: Successful su for rubyman by root
May  8 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: + ??? root:rubyman
May  8 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356168 of user rubyman.
May  8 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session closed for user rubyman
May  8 23:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356168.
May  8 23:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11135]: pam_unix(cron:session): session closed for user root
May  8 23:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13785]: pam_unix(cron:session): session closed for user samftp
May  8 23:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: Failed password for root from 205.185.120.237 port 49808 ssh2
May  8 23:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13763]: Connection closed by 205.185.120.237 port 49808 [preauth]
May  8 23:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12831]: pam_unix(cron:session): session closed for user root
May  8 23:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13207]: Connection closed by 130.195.4.212 port 39868 [preauth]
May  8 23:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14181]: pam_unix(cron:session): session closed for user p13x
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14242]: Successful su for rubyman by root
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14242]: + ??? root:rubyman
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14242]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356173 of user rubyman.
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14242]: pam_unix(su:session): session closed for user rubyman
May  8 23:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356173.
May  8 23:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: Failed password for root from 205.185.120.237 port 49856 ssh2
May  8 23:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11548]: pam_unix(cron:session): session closed for user root
May  8 23:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14182]: pam_unix(cron:session): session closed for user samftp
May  8 23:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14098]: Connection closed by 205.185.120.237 port 49856 [preauth]
May  8 23:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Invalid user admin from 80.94.95.112
May  8 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: input_userauth_request: invalid user admin [preauth]
May  8 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 23:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user admin from 80.94.95.112 port 46352 ssh2
May  8 23:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Failed password for root from 218.92.0.179 port 52852 ssh2
May  8 23:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user admin from 80.94.95.112 port 46352 ssh2
May  8 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Failed password for root from 218.92.0.179 port 52852 ssh2
May  8 23:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13270]: pam_unix(cron:session): session closed for user root
May  8 23:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user admin from 80.94.95.112 port 46352 ssh2
May  8 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Failed password for root from 218.92.0.179 port 52852 ssh2
May  8 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Received disconnect from 218.92.0.179 port 52852:11:  [preauth]
May  8 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: Disconnected from 218.92.0.179 port 52852 [preauth]
May  8 23:43:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14491]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user admin from 80.94.95.112 port 46352 ssh2
May  8 23:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user admin from 80.94.95.112 port 46352 ssh2
May  8 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Received disconnect from 80.94.95.112 port 46352:11: Bye [preauth]
May  8 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Disconnected from 80.94.95.112 port 46352 [preauth]
May  8 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  8 23:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 23:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Failed password for root from 205.185.120.237 port 49896 ssh2
May  8 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14437]: Connection closed by 205.185.120.237 port 49896 [preauth]
May  8 23:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14595]: pam_unix(cron:session): session closed for user p13x
May  8 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: Successful su for rubyman by root
May  8 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: + ??? root:rubyman
May  8 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356176 of user rubyman.
May  8 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14675]: pam_unix(su:session): session closed for user rubyman
May  8 23:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356176.
May  8 23:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11944]: pam_unix(cron:session): session closed for user root
May  8 23:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14596]: pam_unix(cron:session): session closed for user samftp
May  8 23:44:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Failed password for root from 205.185.120.237 port 49942 ssh2
May  8 23:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14574]: Connection closed by 205.185.120.237 port 49942 [preauth]
May  8 23:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13787]: pam_unix(cron:session): session closed for user root
May  8 23:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14932]: Did not receive identification string from 205.185.120.237
May  8 23:44:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:44:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14975]: Did not receive identification string from 205.185.120.237
May  8 23:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15034]: pam_unix(cron:session): session closed for user root
May  8 23:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15029]: pam_unix(cron:session): session closed for user p13x
May  8 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15095]: Successful su for rubyman by root
May  8 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15095]: + ??? root:rubyman
May  8 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15095]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356180 of user rubyman.
May  8 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15095]: pam_unix(su:session): session closed for user rubyman
May  8 23:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356180.
May  8 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15031]: pam_unix(cron:session): session closed for user root
May  8 23:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12356]: pam_unix(cron:session): session closed for user root
May  8 23:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15030]: pam_unix(cron:session): session closed for user samftp
May  8 23:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Failed password for root from 205.185.120.237 port 50018 ssh2
May  8 23:45:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Connection closed by 205.185.120.237 port 50018 [preauth]
May  8 23:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14184]: pam_unix(cron:session): session closed for user root
May  8 23:45:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Failed password for root from 205.185.120.237 port 50084 ssh2
May  8 23:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15364]: Connection closed by 205.185.120.237 port 50084 [preauth]
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15453]: pam_unix(cron:session): session closed for user p13x
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15524]: Successful su for rubyman by root
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15524]: + ??? root:rubyman
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356187 of user rubyman.
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15524]: pam_unix(su:session): session closed for user rubyman
May  8 23:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356187.
May  8 23:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12830]: pam_unix(cron:session): session closed for user root
May  8 23:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15454]: pam_unix(cron:session): session closed for user samftp
May  8 23:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14598]: pam_unix(cron:session): session closed for user root
May  8 23:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: Failed password for root from 205.185.120.237 port 50122 ssh2
May  8 23:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15513]: Connection closed by 205.185.120.237 port 50122 [preauth]
May  8 23:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Invalid user nexthink from 80.94.95.241
May  8 23:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: input_userauth_request: invalid user nexthink [preauth]
May  8 23:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15873]: pam_unix(cron:session): session closed for user p13x
May  8 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15939]: Successful su for rubyman by root
May  8 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15939]: + ??? root:rubyman
May  8 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356190 of user rubyman.
May  8 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15939]: pam_unix(su:session): session closed for user rubyman
May  8 23:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356190.
May  8 23:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for invalid user nexthink from 80.94.95.241 port 63716 ssh2
May  8 23:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13269]: pam_unix(cron:session): session closed for user root
May  8 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for invalid user nexthink from 80.94.95.241 port 63716 ssh2
May  8 23:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15874]: pam_unix(cron:session): session closed for user samftp
May  8 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for invalid user nexthink from 80.94.95.241 port 63716 ssh2
May  8 23:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for invalid user nexthink from 80.94.95.241 port 63716 ssh2
May  8 23:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Failed password for invalid user nexthink from 80.94.95.241 port 63716 ssh2
May  8 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Received disconnect from 80.94.95.241 port 63716:11: Bye [preauth]
May  8 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: Disconnected from 80.94.95.241 port 63716 [preauth]
May  8 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  8 23:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15865]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 23:47:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:47:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Failed password for root from 205.185.120.237 port 50200 ssh2
May  8 23:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15841]: Connection closed by 205.185.120.237 port 50200 [preauth]
May  8 23:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15033]: pam_unix(cron:session): session closed for user root
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16266]: pam_unix(cron:session): session closed for user p13x
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16328]: Successful su for rubyman by root
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16328]: + ??? root:rubyman
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16328]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356196 of user rubyman.
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16328]: pam_unix(su:session): session closed for user rubyman
May  8 23:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356196.
May  8 23:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13786]: pam_unix(cron:session): session closed for user root
May  8 23:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Failed password for root from 205.185.120.237 port 50270 ssh2
May  8 23:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16267]: pam_unix(cron:session): session closed for user samftp
May  8 23:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16175]: Connection closed by 205.185.120.237 port 50270 [preauth]
May  8 23:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16546]: Did not receive identification string from 205.185.120.237
May  8 23:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16574]: Did not receive identification string from 205.185.120.237
May  8 23:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16603]: Did not receive identification string from 205.185.120.237
May  8 23:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15457]: pam_unix(cron:session): session closed for user root
May  8 23:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Invalid user manager from 194.0.234.19
May  8 23:48:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: input_userauth_request: invalid user manager [preauth]
May  8 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  8 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Failed password for invalid user manager from 194.0.234.19 port 23104 ssh2
May  8 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16672]: Connection closed by 194.0.234.19 port 23104 [preauth]
May  8 23:48:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:48:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:48:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Failed password for root from 205.185.120.237 port 50386 ssh2
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16727]: pam_unix(cron:session): session closed for user p13x
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16790]: Successful su for rubyman by root
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16790]: + ??? root:rubyman
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356198 of user rubyman.
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16790]: pam_unix(su:session): session closed for user rubyman
May  8 23:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356198.
May  8 23:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14183]: pam_unix(cron:session): session closed for user root
May  8 23:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16728]: pam_unix(cron:session): session closed for user samftp
May  8 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16633]: Connection closed by 205.185.120.237 port 50386 [preauth]
May  8 23:49:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:49:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: Failed password for root from 218.92.0.179 port 48954 ssh2
May  8 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 48954 ssh2]
May  8 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: Received disconnect from 218.92.0.179 port 48954:11:  [preauth]
May  8 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: Disconnected from 218.92.0.179 port 48954 [preauth]
May  8 23:49:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17035]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  8 23:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15876]: pam_unix(cron:session): session closed for user root
May  8 23:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:49:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Failed password for root from 205.185.120.237 port 50448 ssh2
May  8 23:49:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17003]: Connection closed by 205.185.120.237 port 50448 [preauth]
May  8 23:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17158]: Did not receive identification string from 159.65.136.183
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session closed for user root
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17160]: pam_unix(cron:session): session closed for user p13x
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17230]: Successful su for rubyman by root
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17230]: + ??? root:rubyman
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17230]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356203 of user rubyman.
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17230]: pam_unix(su:session): session closed for user rubyman
May  8 23:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356203.
May  8 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17162]: pam_unix(cron:session): session closed for user root
May  8 23:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14597]: pam_unix(cron:session): session closed for user root
May  8 23:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17161]: pam_unix(cron:session): session closed for user samftp
May  8 23:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17129]: Failed password for root from 205.185.120.237 port 50502 ssh2
May  8 23:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17129]: Connection closed by 205.185.120.237 port 50502 [preauth]
May  8 23:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17495]: Did not receive identification string from 205.185.120.237
May  8 23:50:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16269]: pam_unix(cron:session): session closed for user root
May  8 23:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17519]: Failed password for root from 205.185.120.237 port 50566 ssh2
May  8 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user p13x
May  8 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: Successful su for rubyman by root
May  8 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: + ??? root:rubyman
May  8 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356209 of user rubyman.
May  8 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17689]: pam_unix(su:session): session closed for user rubyman
May  8 23:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356209.
May  8 23:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15032]: pam_unix(cron:session): session closed for user root
May  8 23:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session closed for user samftp
May  8 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17519]: Connection closed by 205.185.120.237 port 50566 [preauth]
May  8 23:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17985]: Did not receive identification string from 205.185.120.237
May  8 23:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18015]: Did not receive identification string from 205.185.120.237
May  8 23:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18062]: Did not receive identification string from 205.185.120.237
May  8 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user root
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18156]: pam_unix(cron:session): session closed for user p13x
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18216]: Successful su for rubyman by root
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18216]: + ??? root:rubyman
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18216]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356213 of user rubyman.
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18216]: pam_unix(su:session): session closed for user rubyman
May  8 23:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356213.
May  8 23:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15456]: pam_unix(cron:session): session closed for user root
May  8 23:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18157]: pam_unix(cron:session): session closed for user samftp
May  8 23:52:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Failed password for root from 205.185.120.237 port 50676 ssh2
May  8 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Connection closed by 205.185.120.237 port 50676 [preauth]
May  8 23:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18452]: Did not receive identification string from 205.185.120.237
May  8 23:52:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18475]: Did not receive identification string from 205.185.120.237
May  8 23:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user root
May  8 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18574]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18573]: pam_unix(cron:session): session closed for user p13x
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: Successful su for rubyman by root
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: + ??? root:rubyman
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356218 of user rubyman.
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18632]: pam_unix(su:session): session closed for user rubyman
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356218.
May  8 23:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18492]: Failed password for root from 205.185.120.237 port 50788 ssh2
May  8 23:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15875]: pam_unix(cron:session): session closed for user root
May  8 23:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18574]: pam_unix(cron:session): session closed for user samftp
May  8 23:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18492]: Connection closed by 205.185.120.237 port 50788 [preauth]
May  8 23:53:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:53:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.252  user=root
May  8 23:53:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for root from 218.92.0.252 port 28444 ssh2
May  8 23:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18852]: Failed password for root from 218.92.0.252 port 28444 ssh2
May  8 23:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session closed for user root
May  8 23:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Failed password for root from 205.185.120.237 port 50854 ssh2
May  8 23:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Connection closed by 205.185.120.237 port 50854 [preauth]
May  8 23:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18956]: Did not receive identification string from 205.185.120.237
May  8 23:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18984]: pam_unix(cron:session): session closed for user p13x
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19049]: Successful su for rubyman by root
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19049]: + ??? root:rubyman
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19049]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356221 of user rubyman.
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19049]: pam_unix(su:session): session closed for user rubyman
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356221.
May  8 23:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19077]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16268]: pam_unix(cron:session): session closed for user root
May  8 23:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18986]: pam_unix(cron:session): session closed for user samftp
May  8 23:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Failed password for root from 205.185.120.237 port 50920 ssh2
May  8 23:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18965]: Connection closed by 205.185.120.237 port 50920 [preauth]
May  8 23:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18159]: pam_unix(cron:session): session closed for user root
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19401]: pam_unix(cron:session): session closed for user root
May  8 23:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19396]: pam_unix(cron:session): session closed for user p13x
May  8 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: Successful su for rubyman by root
May  8 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: + ??? root:rubyman
May  8 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356226 of user rubyman.
May  8 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19466]: pam_unix(su:session): session closed for user rubyman
May  8 23:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356226.
May  8 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Failed password for root from 205.185.120.237 port 50974 ssh2
May  8 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19398]: pam_unix(cron:session): session closed for user root
May  8 23:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16729]: pam_unix(cron:session): session closed for user root
May  8 23:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19397]: pam_unix(cron:session): session closed for user samftp
May  8 23:55:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:55:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 23:55:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: Failed password for root from 218.92.0.206 port 16148 ssh2
May  8 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19318]: Connection closed by 205.185.120.237 port 50974 [preauth]
May  8 23:55:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: Failed password for root from 218.92.0.206 port 16148 ssh2
May  8 23:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 16148 ssh2]
May  8 23:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 16148 ssh2 [preauth]
May  8 23:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: Disconnecting: Too many authentication failures [preauth]
May  8 23:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 23:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19697]: PAM service(sshd) ignoring max retries; 5 > 3
May  8 23:55:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  8 23:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19762]: Failed password for root from 218.92.0.206 port 55464 ssh2
May  8 23:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18576]: pam_unix(cron:session): session closed for user root
May  8 23:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19709]: Failed password for root from 205.185.120.237 port 51044 ssh2
May  8 23:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19709]: Connection closed by 205.185.120.237 port 51044 [preauth]
May  8 23:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19841]: Did not receive identification string from 205.185.120.237
May  8 23:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19855]: pam_unix(cron:session): session closed for user p13x
May  8 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19928]: Successful su for rubyman by root
May  8 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19928]: + ??? root:rubyman
May  8 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19928]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356232 of user rubyman.
May  8 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19928]: pam_unix(su:session): session closed for user rubyman
May  8 23:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356232.
May  8 23:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session closed for user root
May  8 23:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19856]: pam_unix(cron:session): session closed for user samftp
May  8 23:56:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:56:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19853]: Failed password for root from 205.185.120.237 port 51116 ssh2
May  8 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18988]: pam_unix(cron:session): session closed for user root
May  8 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20199]: Did not receive identification string from 92.118.39.65
May  8 23:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19853]: Connection closed by 205.185.120.237 port 51116 [preauth]
May  8 23:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20271]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20270]: pam_unix(cron:session): session closed for user p13x
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20333]: Successful su for rubyman by root
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20333]: + ??? root:rubyman
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20333]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356234 of user rubyman.
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20333]: pam_unix(su:session): session closed for user rubyman
May  8 23:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356234.
May  8 23:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: Failed password for root from 205.185.120.237 port 51170 ssh2
May  8 23:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session closed for user root
May  8 23:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20271]: pam_unix(cron:session): session closed for user samftp
May  8 23:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20220]: Connection closed by 205.185.120.237 port 51170 [preauth]
May  8 23:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  8 23:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: Failed password for root from 164.68.105.9 port 50214 ssh2
May  8 23:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20561]: Connection closed by 164.68.105.9 port 50214 [preauth]
May  8 23:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19400]: pam_unix(cron:session): session closed for user root
May  8 23:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Failed password for root from 205.185.120.237 port 51206 ssh2
May  8 23:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20529]: Connection closed by 205.185.120.237 port 51206 [preauth]
May  8 23:57:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session closed for user p13x
May  8 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20745]: Successful su for rubyman by root
May  8 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20745]: + ??? root:rubyman
May  8 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20745]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356238 of user rubyman.
May  8 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20745]: pam_unix(su:session): session closed for user rubyman
May  8 23:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356238.
May  8 23:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20672]: Did not receive identification string from 205.185.120.237
May  8 23:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18158]: pam_unix(cron:session): session closed for user root
May  8 23:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20684]: pam_unix(cron:session): session closed for user samftp
May  8 23:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20865]: Did not receive identification string from 205.185.120.237
May  8 23:58:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19858]: pam_unix(cron:session): session closed for user root
May  8 23:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Failed password for root from 205.185.120.237 port 51302 ssh2
May  8 23:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20953]: Connection closed by 205.185.120.237 port 51302 [preauth]
May  8 23:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21096]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21096]: pam_unix(cron:session): session closed for user p13x
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: Successful su for rubyman by root
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: + ??? root:rubyman
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356245 of user rubyman.
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21159]: pam_unix(su:session): session closed for user rubyman
May  8 23:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356245.
May  8 23:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18575]: pam_unix(cron:session): session closed for user root
May  8 23:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21097]: pam_unix(cron:session): session closed for user samftp
May  8 23:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  8 23:59:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:59:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Failed password for root from 205.185.120.237 port 51354 ssh2
May  8 23:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20273]: pam_unix(cron:session): session closed for user root
May  8 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: Invalid user woainilaopo from 124.198.59.254
May  8 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: input_userauth_request: invalid user woainilaopo [preauth]
May  8 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: pam_unix(sshd:auth): check pass; user unknown
May  8 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  8 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21074]: Connection closed by 205.185.120.237 port 51354 [preauth]
May  8 23:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  8 23:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: Failed password for invalid user woainilaopo from 124.198.59.254 port 58104 ssh2
May  8 23:59:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21450]: Connection closed by 124.198.59.254 port 58104 [preauth]
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21534]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21538]: pam_unix(cron:session): session closed for user root
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session closed for user root
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21534]: pam_unix(cron:session): session closed for user p13x
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21656]: Successful su for rubyman by root
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21656]: + ??? root:rubyman
May  9 00:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21656]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356246 of user rubyman.
May  9 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21656]: pam_unix(su:session): session closed for user rubyman
May  9 00:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356246.
May  9 00:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21543]: pam_unix(cron:session): session closed for user root
May  9 00:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18987]: pam_unix(cron:session): session closed for user root
May  9 00:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21536]: pam_unix(cron:session): session closed for user samftp
May  9 00:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Failed password for root from 205.185.120.237 port 51432 ssh2
May  9 00:00:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Connection closed by 205.185.120.237 port 51432 [preauth]
May  9 00:00:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22217]: Did not receive identification string from 205.185.120.237
May  9 00:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20686]: pam_unix(cron:session): session closed for user root
May  9 00:00:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Failed password for root from 205.185.120.237 port 51500 ssh2
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22411]: pam_unix(cron:session): session closed for user root
May  9 00:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22414]: pam_unix(cron:session): session closed for user p13x
May  9 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: Successful su for rubyman by root
May  9 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: + ??? root:rubyman
May  9 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356254 of user rubyman.
May  9 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22499]: pam_unix(su:session): session closed for user rubyman
May  9 00:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356254.
May  9 00:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22250]: Connection closed by 205.185.120.237 port 51500 [preauth]
May  9 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19399]: pam_unix(cron:session): session closed for user root
May  9 00:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22416]: pam_unix(cron:session): session closed for user samftp
May  9 00:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21099]: pam_unix(cron:session): session closed for user root
May  9 00:01:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:01:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Failed password for root from 205.185.120.237 port 51570 ssh2
May  9 00:01:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22660]: Connection closed by 205.185.120.237 port 51570 [preauth]
May  9 00:01:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22878]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22878]: pam_unix(cron:session): session closed for user p13x
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: Successful su for rubyman by root
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: + ??? root:rubyman
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356258 of user rubyman.
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22972]: pam_unix(su:session): session closed for user rubyman
May  9 00:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356258.
May  9 00:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19857]: pam_unix(cron:session): session closed for user root
May  9 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22880]: pam_unix(cron:session): session closed for user samftp
May  9 00:02:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Failed password for root from 218.92.0.179 port 34566 ssh2
May  9 00:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Failed password for root from 218.92.0.179 port 34566 ssh2
May  9 00:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Failed password for root from 218.92.0.179 port 34566 ssh2
May  9 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Received disconnect from 218.92.0.179 port 34566:11:  [preauth]
May  9 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: Disconnected from 218.92.0.179 port 34566 [preauth]
May  9 00:02:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23041]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23161]: Did not receive identification string from 45.156.128.102
May  9 00:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: Failed password for root from 205.185.120.237 port 51648 ssh2
May  9 00:02:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22845]: Connection closed by 205.185.120.237 port 51648 [preauth]
May  9 00:02:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23226]: Did not receive identification string from 205.185.120.237
May  9 00:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23245]: Bad protocol version identification 'GET / HTTP/1.1' from 148.113.210.228 port 45318
May  9 00:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21546]: pam_unix(cron:session): session closed for user root
May  9 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23413]: pam_unix(cron:session): session closed for user p13x
May  9 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: Successful su for rubyman by root
May  9 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: + ??? root:rubyman
May  9 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356262 of user rubyman.
May  9 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23481]: pam_unix(su:session): session closed for user rubyman
May  9 00:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356262.
May  9 00:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20272]: pam_unix(cron:session): session closed for user root
May  9 00:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23415]: pam_unix(cron:session): session closed for user samftp
May  9 00:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: Failed password for root from 205.185.120.237 port 51720 ssh2
May  9 00:03:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23237]: Connection closed by 205.185.120.237 port 51720 [preauth]
May  9 00:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22418]: pam_unix(cron:session): session closed for user root
May  9 00:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Failed password for root from 205.185.120.237 port 51792 ssh2
May  9 00:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23698]: Connection closed by 205.185.120.237 port 51792 [preauth]
May  9 00:03:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:03:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23913]: Did not receive identification string from 64.23.184.246
May  9 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session closed for user p13x
May  9 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24005]: Successful su for rubyman by root
May  9 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24005]: + ??? root:rubyman
May  9 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24005]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356267 of user rubyman.
May  9 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24005]: pam_unix(su:session): session closed for user rubyman
May  9 00:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356267.
May  9 00:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session closed for user root
May  9 00:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session closed for user samftp
May  9 00:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: Invalid user ubuntu from 92.118.39.65
May  9 00:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: input_userauth_request: invalid user ubuntu [preauth]
May  9 00:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: Failed password for invalid user ubuntu from 92.118.39.65 port 33066 ssh2
May  9 00:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24240]: Connection closed by 92.118.39.65 port 33066 [preauth]
May  9 00:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: Failed password for root from 205.185.120.237 port 51844 ssh2
May  9 00:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22883]: pam_unix(cron:session): session closed for user root
May  9 00:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23911]: Connection closed by 205.185.120.237 port 51844 [preauth]
May  9 00:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24372]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24371]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24377]: pam_unix(cron:session): session closed for user root
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24371]: pam_unix(cron:session): session closed for user p13x
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: Successful su for rubyman by root
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: + ??? root:rubyman
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356270 of user rubyman.
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24452]: pam_unix(su:session): session closed for user rubyman
May  9 00:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356270.
May  9 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24373]: pam_unix(cron:session): session closed for user root
May  9 00:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21098]: pam_unix(cron:session): session closed for user root
May  9 00:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24372]: pam_unix(cron:session): session closed for user samftp
May  9 00:05:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Failed password for root from 205.185.120.237 port 51902 ssh2
May  9 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24313]: Connection closed by 205.185.120.237 port 51902 [preauth]
May  9 00:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23417]: pam_unix(cron:session): session closed for user root
May  9 00:05:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Failed password for root from 205.185.120.237 port 51948 ssh2
May  9 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24709]: Connection closed by 205.185.120.237 port 51948 [preauth]
May  9 00:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24835]: pam_unix(cron:session): session closed for user p13x
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: Successful su for rubyman by root
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: + ??? root:rubyman
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356277 of user rubyman.
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24909]: pam_unix(su:session): session closed for user rubyman
May  9 00:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356277.
May  9 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24824]: Did not receive identification string from 205.185.120.237
May  9 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21544]: pam_unix(cron:session): session closed for user root
May  9 00:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24836]: pam_unix(cron:session): session closed for user samftp
May  9 00:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25063]: Did not receive identification string from 205.185.120.237
May  9 00:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23929]: pam_unix(cron:session): session closed for user root
May  9 00:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:06:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Failed password for root from 205.185.120.237 port 52020 ssh2
May  9 00:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25099]: Connection closed by 205.185.120.237 port 52020 [preauth]
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25255]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25252]: pam_unix(cron:session): session closed for user p13x
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25324]: Successful su for rubyman by root
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25324]: + ??? root:rubyman
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356282 of user rubyman.
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25324]: pam_unix(su:session): session closed for user rubyman
May  9 00:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356282.
May  9 00:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22417]: pam_unix(cron:session): session closed for user root
May  9 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25255]: pam_unix(cron:session): session closed for user samftp
May  9 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25313]: Did not receive identification string from 205.185.120.237
May  9 00:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24375]: pam_unix(cron:session): session closed for user root
May  9 00:07:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Failed password for root from 205.185.120.237 port 52064 ssh2
May  9 00:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25510]: Connection closed by 205.185.120.237 port 52064 [preauth]
May  9 00:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25637]: Did not receive identification string from 205.185.120.237
May  9 00:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25715]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25714]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25714]: pam_unix(cron:session): session closed for user p13x
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: Successful su for rubyman by root
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: + ??? root:rubyman
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356285 of user rubyman.
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25790]: pam_unix(su:session): session closed for user rubyman
May  9 00:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356285.
May  9 00:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22882]: pam_unix(cron:session): session closed for user root
May  9 00:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25715]: pam_unix(cron:session): session closed for user samftp
May  9 00:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: Failed password for root from 205.185.120.237 port 52118 ssh2
May  9 00:08:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25685]: Connection closed by 205.185.120.237 port 52118 [preauth]
May  9 00:08:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26074]: Did not receive identification string from 205.185.120.237
May  9 00:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24838]: pam_unix(cron:session): session closed for user root
May  9 00:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Invalid user myappuser from 193.70.84.184
May  9 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: input_userauth_request: invalid user myappuser [preauth]
May  9 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 00:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Failed password for invalid user myappuser from 193.70.84.184 port 49916 ssh2
May  9 00:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26158]: Connection closed by 193.70.84.184 port 49916 [preauth]
May  9 00:08:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Failed password for root from 205.185.120.237 port 52156 ssh2
May  9 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26177]: pam_unix(cron:session): session closed for user p13x
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: Successful su for rubyman by root
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: + ??? root:rubyman
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356289 of user rubyman.
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26300]: pam_unix(su:session): session closed for user rubyman
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356289.
May  9 00:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26175]: pam_unix(cron:session): session closed for user root
May  9 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23416]: pam_unix(cron:session): session closed for user root
May  9 00:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26084]: Connection closed by 205.185.120.237 port 52156 [preauth]
May  9 00:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26178]: pam_unix(cron:session): session closed for user samftp
May  9 00:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25263]: pam_unix(cron:session): session closed for user root
May  9 00:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Failed password for root from 205.185.120.237 port 52188 ssh2
May  9 00:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26569]: Connection closed by 205.185.120.237 port 52188 [preauth]
May  9 00:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26711]: Did not receive identification string from 205.185.120.237
May  9 00:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26753]: pam_unix(cron:session): session closed for user root
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26748]: pam_unix(cron:session): session closed for user p13x
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: Successful su for rubyman by root
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: + ??? root:rubyman
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356297 of user rubyman.
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26820]: pam_unix(su:session): session closed for user rubyman
May  9 00:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356297.
May  9 00:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26750]: pam_unix(cron:session): session closed for user root
May  9 00:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user root
May  9 00:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26749]: pam_unix(cron:session): session closed for user samftp
May  9 00:10:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:10:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Failed password for root from 205.185.120.237 port 52234 ssh2
May  9 00:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26720]: Connection closed by 205.185.120.237 port 52234 [preauth]
May  9 00:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25717]: pam_unix(cron:session): session closed for user root
May  9 00:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: Failed password for root from 205.185.120.237 port 52258 ssh2
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27263]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27264]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27263]: pam_unix(cron:session): session closed for user p13x
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27144]: Connection closed by 205.185.120.237 port 52258 [preauth]
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27340]: Successful su for rubyman by root
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27340]: + ??? root:rubyman
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356301 of user rubyman.
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27340]: pam_unix(su:session): session closed for user rubyman
May  9 00:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356301.
May  9 00:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24374]: pam_unix(cron:session): session closed for user root
May  9 00:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27264]: pam_unix(cron:session): session closed for user samftp
May  9 00:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  9 00:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27383]: Did not receive identification string from 205.185.120.237
May  9 00:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: Failed password for root from 50.235.31.47 port 59380 ssh2
May  9 00:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27575]: Connection closed by 50.235.31.47 port 59380 [preauth]
May  9 00:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Invalid user validator from 92.118.39.65
May  9 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: input_userauth_request: invalid user validator [preauth]
May  9 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Failed password for invalid user validator from 92.118.39.65 port 50384 ssh2
May  9 00:11:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27632]: Connection closed by 92.118.39.65 port 50384 [preauth]
May  9 00:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26180]: pam_unix(cron:session): session closed for user root
May  9 00:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Failed password for root from 205.185.120.237 port 52320 ssh2
May  9 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27587]: Connection closed by 205.185.120.237 port 52320 [preauth]
May  9 00:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27747]: pam_unix(cron:session): session closed for user p13x
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27809]: Successful su for rubyman by root
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27809]: + ??? root:rubyman
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356304 of user rubyman.
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27809]: pam_unix(su:session): session closed for user rubyman
May  9 00:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356304.
May  9 00:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24837]: pam_unix(cron:session): session closed for user root
May  9 00:12:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27748]: pam_unix(cron:session): session closed for user samftp
May  9 00:12:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=205.185.120.237  user=root
May  9 00:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27696]: Failed password for root from 205.185.120.237 port 52374 ssh2
May  9 00:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27696]: Connection closed by 205.185.120.237 port 52374 [preauth]
May  9 00:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28045]: Did not receive identification string from 205.185.120.237
May  9 00:12:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28070]: Did not receive identification string from 205.185.120.237
May  9 00:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:12:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26752]: pam_unix(cron:session): session closed for user root
May  9 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28079]: Did not receive identification string from 205.185.120.237
May  9 00:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28108]: Did not receive identification string from 205.185.120.237
May  9 00:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28117]: Did not receive identification string from 205.185.120.237
May  9 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28171]: pam_unix(cron:session): session closed for user p13x
May  9 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: Successful su for rubyman by root
May  9 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: + ??? root:rubyman
May  9 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356307 of user rubyman.
May  9 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28234]: pam_unix(su:session): session closed for user rubyman
May  9 00:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356307.
May  9 00:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25260]: pam_unix(cron:session): session closed for user root
May  9 00:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28172]: pam_unix(cron:session): session closed for user samftp
May  9 00:13:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: User sshd from 80.94.95.116 not allowed because not listed in AllowUsers
May  9 00:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: input_userauth_request: invalid user sshd [preauth]
May  9 00:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Failed none for invalid user sshd from 80.94.95.116 port 29340 ssh2
May  9 00:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28477]: Connection closed by 80.94.95.116 port 29340 [preauth]
May  9 00:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27266]: pam_unix(cron:session): session closed for user root
May  9 00:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Invalid user admin from 80.94.95.112
May  9 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: input_userauth_request: invalid user admin [preauth]
May  9 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 00:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Failed password for invalid user admin from 80.94.95.112 port 25550 ssh2
May  9 00:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Failed password for invalid user admin from 80.94.95.112 port 25550 ssh2
May  9 00:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Failed password for invalid user admin from 80.94.95.112 port 25550 ssh2
May  9 00:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Failed password for invalid user admin from 80.94.95.112 port 25550 ssh2
May  9 00:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Failed password for invalid user admin from 80.94.95.112 port 25550 ssh2
May  9 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Received disconnect from 80.94.95.112 port 25550:11: Bye [preauth]
May  9 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: Disconnected from 80.94.95.112 port 25550 [preauth]
May  9 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 00:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28543]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28580]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28578]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28577]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28577]: pam_unix(cron:session): session closed for user p13x
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28640]: Successful su for rubyman by root
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28640]: + ??? root:rubyman
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356312 of user rubyman.
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28640]: pam_unix(su:session): session closed for user rubyman
May  9 00:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356312.
May  9 00:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25716]: pam_unix(cron:session): session closed for user root
May  9 00:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28578]: pam_unix(cron:session): session closed for user samftp
May  9 00:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27750]: pam_unix(cron:session): session closed for user root
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28983]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28984]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28984]: pam_unix(cron:session): session closed for user root
May  9 00:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28979]: pam_unix(cron:session): session closed for user p13x
May  9 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29141]: Successful su for rubyman by root
May  9 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29141]: + ??? root:rubyman
May  9 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29141]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356315 of user rubyman.
May  9 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29141]: pam_unix(su:session): session closed for user rubyman
May  9 00:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356315.
May  9 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28981]: pam_unix(cron:session): session closed for user root
May  9 00:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26179]: pam_unix(cron:session): session closed for user root
May  9 00:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28980]: pam_unix(cron:session): session closed for user samftp
May  9 00:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28174]: pam_unix(cron:session): session closed for user root
May  9 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29515]: pam_unix(cron:session): session closed for user p13x
May  9 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29588]: Successful su for rubyman by root
May  9 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29588]: + ??? root:rubyman
May  9 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29588]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356323 of user rubyman.
May  9 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29588]: pam_unix(su:session): session closed for user rubyman
May  9 00:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356323.
May  9 00:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26751]: pam_unix(cron:session): session closed for user root
May  9 00:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session closed for user samftp
May  9 00:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28580]: pam_unix(cron:session): session closed for user root
May  9 00:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Failed password for root from 218.92.0.179 port 37128 ssh2
May  9 00:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Failed password for root from 218.92.0.179 port 37128 ssh2
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29933]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29929]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29927]: pam_unix(cron:session): session closed for user root
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29929]: pam_unix(cron:session): session closed for user p13x
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Failed password for root from 218.92.0.179 port 37128 ssh2
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Received disconnect from 218.92.0.179 port 37128:11:  [preauth]
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: Disconnected from 218.92.0.179 port 37128 [preauth]
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29915]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29996]: Successful su for rubyman by root
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29996]: + ??? root:rubyman
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356326 of user rubyman.
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29996]: pam_unix(su:session): session closed for user rubyman
May  9 00:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356326.
May  9 00:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27265]: pam_unix(cron:session): session closed for user root
May  9 00:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29930]: pam_unix(cron:session): session closed for user samftp
May  9 00:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28983]: pam_unix(cron:session): session closed for user root
May  9 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30332]: pam_unix(cron:session): session closed for user p13x
May  9 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: Successful su for rubyman by root
May  9 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: + ??? root:rubyman
May  9 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356331 of user rubyman.
May  9 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30394]: pam_unix(su:session): session closed for user rubyman
May  9 00:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356331.
May  9 00:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27749]: pam_unix(cron:session): session closed for user root
May  9 00:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30333]: pam_unix(cron:session): session closed for user samftp
May  9 00:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Invalid user node from 92.118.39.65
May  9 00:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: input_userauth_request: invalid user node [preauth]
May  9 00:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Failed password for invalid user node from 92.118.39.65 port 39374 ssh2
May  9 00:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30638]: Connection closed by 92.118.39.65 port 39374 [preauth]
May  9 00:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29518]: pam_unix(cron:session): session closed for user root
May  9 00:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Invalid user admin from 80.94.95.241
May  9 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: input_userauth_request: invalid user admin [preauth]
May  9 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 00:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user admin from 80.94.95.241 port 8283 ssh2
May  9 00:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user admin from 80.94.95.241 port 8283 ssh2
May  9 00:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user admin from 80.94.95.241 port 8283 ssh2
May  9 00:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user admin from 80.94.95.241 port 8283 ssh2
May  9 00:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Failed password for invalid user admin from 80.94.95.241 port 8283 ssh2
May  9 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Received disconnect from 80.94.95.241 port 8283:11: Bye [preauth]
May  9 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: Disconnected from 80.94.95.241 port 8283 [preauth]
May  9 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 00:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30669]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30730]: pam_unix(cron:session): session closed for user p13x
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: Successful su for rubyman by root
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: + ??? root:rubyman
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356334 of user rubyman.
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30790]: pam_unix(su:session): session closed for user rubyman
May  9 00:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356334.
May  9 00:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28173]: pam_unix(cron:session): session closed for user root
May  9 00:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30731]: pam_unix(cron:session): session closed for user samftp
May  9 00:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29933]: pam_unix(cron:session): session closed for user root
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31226]: pam_unix(cron:session): session closed for user root
May  9 00:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31221]: pam_unix(cron:session): session closed for user p13x
May  9 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: Successful su for rubyman by root
May  9 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: + ??? root:rubyman
May  9 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356341 of user rubyman.
May  9 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31297]: pam_unix(su:session): session closed for user rubyman
May  9 00:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356341.
May  9 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31223]: pam_unix(cron:session): session closed for user root
May  9 00:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28579]: pam_unix(cron:session): session closed for user root
May  9 00:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31222]: pam_unix(cron:session): session closed for user samftp
May  9 00:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30335]: pam_unix(cron:session): session closed for user root
May  9 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user p13x
May  9 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31755]: Successful su for rubyman by root
May  9 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31755]: + ??? root:rubyman
May  9 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31755]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356344 of user rubyman.
May  9 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31755]: pam_unix(su:session): session closed for user rubyman
May  9 00:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356344.
May  9 00:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28982]: pam_unix(cron:session): session closed for user root
May  9 00:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31685]: pam_unix(cron:session): session closed for user samftp
May  9 00:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30733]: pam_unix(cron:session): session closed for user root
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32396]: pam_unix(cron:session): session closed for user p13x
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: Successful su for rubyman by root
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: + ??? root:rubyman
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356348 of user rubyman.
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32464]: pam_unix(su:session): session closed for user rubyman
May  9 00:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356348.
May  9 00:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session closed for user root
May  9 00:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32397]: pam_unix(cron:session): session closed for user samftp
May  9 00:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31225]: pam_unix(cron:session): session closed for user root
May  9 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[530]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[529]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[529]: pam_unix(cron:session): session closed for user p13x
May  9 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[595]: Successful su for rubyman by root
May  9 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[595]: + ??? root:rubyman
May  9 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[595]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356352 of user rubyman.
May  9 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[595]: pam_unix(su:session): session closed for user rubyman
May  9 00:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356352.
May  9 00:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29931]: pam_unix(cron:session): session closed for user root
May  9 00:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[530]: pam_unix(cron:session): session closed for user samftp
May  9 00:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[849]: Did not receive identification string from 193.32.162.97
May  9 00:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31687]: pam_unix(cron:session): session closed for user root
May  9 00:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Failed password for root from 218.92.0.179 port 57762 ssh2
May  9 00:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57762 ssh2]
May  9 00:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Received disconnect from 218.92.0.179 port 57762:11:  [preauth]
May  9 00:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: Disconnected from 218.92.0.179 port 57762 [preauth]
May  9 00:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[952]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[988]: pam_unix(cron:session): session closed for user p13x
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1070]: Successful su for rubyman by root
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1070]: + ??? root:rubyman
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1070]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356358 of user rubyman.
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1070]: pam_unix(su:session): session closed for user rubyman
May  9 00:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356358.
May  9 00:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30334]: pam_unix(cron:session): session closed for user root
May  9 00:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[989]: pam_unix(cron:session): session closed for user samftp
May  9 00:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1329]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.168.127.104 port 46782
May  9 00:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32399]: pam_unix(cron:session): session closed for user root
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1478]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session closed for user root
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1477]: pam_unix(cron:session): session closed for user p13x
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1559]: Successful su for rubyman by root
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1559]: + ??? root:rubyman
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1559]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356360 of user rubyman.
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1559]: pam_unix(su:session): session closed for user rubyman
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356360.
May  9 00:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Failed password for root from 218.92.0.179 port 16954 ssh2
May  9 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1479]: pam_unix(cron:session): session closed for user root
May  9 00:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30732]: pam_unix(cron:session): session closed for user root
May  9 00:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Failed password for root from 218.92.0.179 port 16954 ssh2
May  9 00:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1478]: pam_unix(cron:session): session closed for user samftp
May  9 00:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Failed password for root from 218.92.0.179 port 16954 ssh2
May  9 00:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Received disconnect from 218.92.0.179 port 16954:11:  [preauth]
May  9 00:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: Disconnected from 218.92.0.179 port 16954 [preauth]
May  9 00:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1506]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[532]: pam_unix(cron:session): session closed for user root
May  9 00:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Invalid user solana from 92.118.39.65
May  9 00:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: input_userauth_request: invalid user solana [preauth]
May  9 00:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Failed password for invalid user solana from 92.118.39.65 port 56600 ssh2
May  9 00:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Connection closed by 92.118.39.65 port 56600 [preauth]
May  9 00:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Invalid user postgres from 190.103.202.7
May  9 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: input_userauth_request: invalid user postgres [preauth]
May  9 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  9 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Failed password for invalid user postgres from 190.103.202.7 port 36348 ssh2
May  9 00:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2039]: Connection closed by 190.103.202.7 port 36348 [preauth]
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session closed for user p13x
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: Successful su for rubyman by root
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: + ??? root:rubyman
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356366 of user rubyman.
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2119]: pam_unix(su:session): session closed for user rubyman
May  9 00:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356366.
May  9 00:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31224]: pam_unix(cron:session): session closed for user root
May  9 00:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2052]: pam_unix(cron:session): session closed for user samftp
May  9 00:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[992]: pam_unix(cron:session): session closed for user root
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2478]: pam_unix(cron:session): session closed for user p13x
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2552]: Successful su for rubyman by root
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2552]: + ??? root:rubyman
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2552]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356373 of user rubyman.
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2552]: pam_unix(su:session): session closed for user rubyman
May  9 00:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356373.
May  9 00:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31686]: pam_unix(cron:session): session closed for user root
May  9 00:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2479]: pam_unix(cron:session): session closed for user samftp
May  9 00:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1481]: pam_unix(cron:session): session closed for user root
May  9 00:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Invalid user admin from 80.94.95.116
May  9 00:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: input_userauth_request: invalid user admin [preauth]
May  9 00:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 00:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  9 00:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Failed password for invalid user admin from 80.94.95.116 port 62832 ssh2
May  9 00:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2870]: Connection closed by 80.94.95.116 port 62832 [preauth]
May  9 00:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Failed password for root from 218.92.0.207 port 24524 ssh2
May  9 00:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 24524 ssh2]
May  9 00:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Failed password for root from 218.92.0.207 port 24524 ssh2
May  9 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 24524 ssh2 [preauth]
May  9 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: Disconnecting: Too many authentication failures [preauth]
May  9 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  9 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2872]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 00:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Failed password for root from 218.92.0.179 port 41528 ssh2
May  9 00:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Failed password for root from 218.92.0.179 port 41528 ssh2
May  9 00:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2935]: pam_unix(cron:session): session closed for user p13x
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  9 00:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Failed password for root from 218.92.0.179 port 41528 ssh2
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Received disconnect from 218.92.0.179 port 41528:11:  [preauth]
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: Disconnected from 218.92.0.179 port 41528 [preauth]
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2908]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: Successful su for rubyman by root
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: + ??? root:rubyman
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356374 of user rubyman.
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2998]: pam_unix(su:session): session closed for user rubyman
May  9 00:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356374.
May  9 00:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Failed password for root from 218.92.0.207 port 6574 ssh2
May  9 00:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32398]: pam_unix(cron:session): session closed for user root
May  9 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Failed password for root from 218.92.0.207 port 6574 ssh2
May  9 00:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2936]: pam_unix(cron:session): session closed for user samftp
May  9 00:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Failed password for root from 218.92.0.207 port 6574 ssh2
May  9 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: message repeated 3 times: [ Failed password for root from 218.92.0.207 port 6574 ssh2]
May  9 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: error: maximum authentication attempts exceeded for root from 218.92.0.207 port 6574 ssh2 [preauth]
May  9 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: Disconnecting: Too many authentication failures [preauth]
May  9 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.207  user=root
May  9 00:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2925]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 00:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user root
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3335]: pam_unix(cron:session): session closed for user p13x
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3410]: Successful su for rubyman by root
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3410]: + ??? root:rubyman
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3410]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356380 of user rubyman.
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3410]: pam_unix(su:session): session closed for user rubyman
May  9 00:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356380.
May  9 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[531]: pam_unix(cron:session): session closed for user root
May  9 00:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3336]: pam_unix(cron:session): session closed for user samftp
May  9 00:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2482]: pam_unix(cron:session): session closed for user root
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3786]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3786]: pam_unix(cron:session): session closed for user root
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3781]: pam_unix(cron:session): session closed for user p13x
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: Successful su for rubyman by root
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: + ??? root:rubyman
May  9 00:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356386 of user rubyman.
May  9 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3849]: pam_unix(su:session): session closed for user rubyman
May  9 00:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356386.
May  9 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[991]: pam_unix(cron:session): session closed for user root
May  9 00:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3783]: pam_unix(cron:session): session closed for user root
May  9 00:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3782]: pam_unix(cron:session): session closed for user samftp
May  9 00:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2938]: pam_unix(cron:session): session closed for user root
May  9 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4281]: pam_unix(cron:session): session closed for user p13x
May  9 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4471]: Successful su for rubyman by root
May  9 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4471]: + ??? root:rubyman
May  9 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4471]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356388 of user rubyman.
May  9 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4471]: pam_unix(su:session): session closed for user rubyman
May  9 00:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356388.
May  9 00:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1480]: pam_unix(cron:session): session closed for user root
May  9 00:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4282]: pam_unix(cron:session): session closed for user samftp
May  9 00:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3338]: pam_unix(cron:session): session closed for user root
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4833]: pam_unix(cron:session): session closed for user p13x
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4900]: Successful su for rubyman by root
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4900]: + ??? root:rubyman
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356394 of user rubyman.
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4900]: pam_unix(su:session): session closed for user rubyman
May  9 00:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356394.
May  9 00:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user root
May  9 00:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4834]: pam_unix(cron:session): session closed for user samftp
May  9 00:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3785]: pam_unix(cron:session): session closed for user root
May  9 00:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: Invalid user sol from 92.118.39.65
May  9 00:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: input_userauth_request: invalid user sol [preauth]
May  9 00:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: Failed password for invalid user sol from 92.118.39.65 port 45590 ssh2
May  9 00:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: Connection closed by 92.118.39.65 port 45590 [preauth]
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5437]: pam_unix(cron:session): session closed for user p13x
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: Successful su for rubyman by root
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: + ??? root:rubyman
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356399 of user rubyman.
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5514]: pam_unix(su:session): session closed for user rubyman
May  9 00:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356399.
May  9 00:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2481]: pam_unix(cron:session): session closed for user root
May  9 00:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5440]: pam_unix(cron:session): session closed for user samftp
May  9 00:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4284]: pam_unix(cron:session): session closed for user root
May  9 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5992]: pam_unix(cron:session): session closed for user p13x
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: Successful su for rubyman by root
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: + ??? root:rubyman
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356401 of user rubyman.
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6068]: pam_unix(su:session): session closed for user rubyman
May  9 00:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356401.
May  9 00:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2937]: pam_unix(cron:session): session closed for user root
May  9 00:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5996]: pam_unix(cron:session): session closed for user samftp
May  9 00:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4836]: pam_unix(cron:session): session closed for user root
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6419]: pam_unix(cron:session): session closed for user root
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6414]: pam_unix(cron:session): session closed for user p13x
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: Successful su for rubyman by root
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: + ??? root:rubyman
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356406 of user rubyman.
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6485]: pam_unix(su:session): session closed for user rubyman
May  9 00:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356406.
May  9 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6416]: pam_unix(cron:session): session closed for user root
May  9 00:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3337]: pam_unix(cron:session): session closed for user root
May  9 00:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6415]: pam_unix(cron:session): session closed for user samftp
May  9 00:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5445]: pam_unix(cron:session): session closed for user root
May  9 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6850]: pam_unix(cron:session): session closed for user p13x
May  9 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: Successful su for rubyman by root
May  9 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: + ??? root:rubyman
May  9 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356411 of user rubyman.
May  9 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7008]: pam_unix(su:session): session closed for user rubyman
May  9 00:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356411.
May  9 00:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3784]: pam_unix(cron:session): session closed for user root
May  9 00:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6852]: pam_unix(cron:session): session closed for user samftp
May  9 00:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5998]: pam_unix(cron:session): session closed for user root
May  9 00:36:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Failed password for root from 218.92.0.179 port 41214 ssh2
May  9 00:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 41214 ssh2]
May  9 00:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Received disconnect from 218.92.0.179 port 41214:11:  [preauth]
May  9 00:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: Disconnected from 218.92.0.179 port 41214 [preauth]
May  9 00:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7328]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7367]: pam_unix(cron:session): session closed for user p13x
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7426]: Successful su for rubyman by root
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7426]: + ??? root:rubyman
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356415 of user rubyman.
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7426]: pam_unix(su:session): session closed for user rubyman
May  9 00:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356415.
May  9 00:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4283]: pam_unix(cron:session): session closed for user root
May  9 00:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7368]: pam_unix(cron:session): session closed for user samftp
May  9 00:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6418]: pam_unix(cron:session): session closed for user root
May  9 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7887]: pam_unix(cron:session): session closed for user p13x
May  9 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: Successful su for rubyman by root
May  9 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: + ??? root:rubyman
May  9 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356420 of user rubyman.
May  9 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7959]: pam_unix(su:session): session closed for user rubyman
May  9 00:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356420.
May  9 00:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4835]: pam_unix(cron:session): session closed for user root
May  9 00:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7888]: pam_unix(cron:session): session closed for user samftp
May  9 00:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6854]: pam_unix(cron:session): session closed for user root
May  9 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session closed for user p13x
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8447]: Successful su for rubyman by root
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8447]: + ??? root:rubyman
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356425 of user rubyman.
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8447]: pam_unix(su:session): session closed for user rubyman
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356425.
May  9 00:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session closed for user root
May  9 00:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5443]: pam_unix(cron:session): session closed for user root
May  9 00:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8321]: pam_unix(cron:session): session closed for user samftp
May  9 00:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7370]: pam_unix(cron:session): session closed for user root
May  9 00:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Invalid user solx from 92.118.39.65
May  9 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: input_userauth_request: invalid user solx [preauth]
May  9 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Failed password for invalid user solx from 92.118.39.65 port 34580 ssh2
May  9 00:39:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8789]: Connection closed by 92.118.39.65 port 34580 [preauth]
May  9 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8847]: pam_unix(cron:session): session closed for user root
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session closed for user p13x
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8911]: Successful su for rubyman by root
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8911]: + ??? root:rubyman
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356427 of user rubyman.
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8911]: pam_unix(su:session): session closed for user rubyman
May  9 00:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356427.
May  9 00:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user root
May  9 00:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5997]: pam_unix(cron:session): session closed for user root
May  9 00:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session closed for user samftp
May  9 00:40:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7890]: pam_unix(cron:session): session closed for user root
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session closed for user p13x
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: Successful su for rubyman by root
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: + ??? root:rubyman
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356434 of user rubyman.
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9469]: pam_unix(su:session): session closed for user rubyman
May  9 00:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356434.
May  9 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6417]: pam_unix(cron:session): session closed for user root
May  9 00:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session closed for user samftp
May  9 00:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8325]: pam_unix(cron:session): session closed for user root
May  9 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9819]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9819]: pam_unix(cron:session): session closed for user p13x
May  9 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: Successful su for rubyman by root
May  9 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: + ??? root:rubyman
May  9 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356438 of user rubyman.
May  9 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9882]: pam_unix(su:session): session closed for user rubyman
May  9 00:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356438.
May  9 00:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6853]: pam_unix(cron:session): session closed for user root
May  9 00:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9821]: pam_unix(cron:session): session closed for user samftp
May  9 00:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8846]: pam_unix(cron:session): session closed for user root
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10300]: pam_unix(cron:session): session closed for user p13x
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: Successful su for rubyman by root
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: + ??? root:rubyman
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356442 of user rubyman.
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10365]: pam_unix(su:session): session closed for user rubyman
May  9 00:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356442.
May  9 00:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7369]: pam_unix(cron:session): session closed for user root
May  9 00:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10301]: pam_unix(cron:session): session closed for user samftp
May  9 00:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9402]: pam_unix(cron:session): session closed for user root
May  9 00:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:43:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 00:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: Failed password for root from 80.94.95.116 port 16732 ssh2
May  9 00:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10714]: Connection closed by 80.94.95.116 port 16732 [preauth]
May  9 00:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Invalid user admin from 80.94.95.112
May  9 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: input_userauth_request: invalid user admin [preauth]
May  9 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user admin from 80.94.95.112 port 44011 ssh2
May  9 00:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user admin from 80.94.95.112 port 44011 ssh2
May  9 00:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user admin from 80.94.95.112 port 44011 ssh2
May  9 00:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10786]: pam_unix(cron:session): session closed for user p13x
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: Successful su for rubyman by root
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: + ??? root:rubyman
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356445 of user rubyman.
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10850]: pam_unix(su:session): session closed for user rubyman
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356445.
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user admin from 80.94.95.112 port 44011 ssh2
May  9 00:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Failed password for invalid user admin from 80.94.95.112 port 44011 ssh2
May  9 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Received disconnect from 80.94.95.112 port 44011:11: Bye [preauth]
May  9 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: Disconnected from 80.94.95.112 port 44011 [preauth]
May  9 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10767]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 00:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7889]: pam_unix(cron:session): session closed for user root
May  9 00:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10787]: pam_unix(cron:session): session closed for user samftp
May  9 00:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9823]: pam_unix(cron:session): session closed for user root
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11192]: pam_unix(cron:session): session closed for user root
May  9 00:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11187]: pam_unix(cron:session): session closed for user p13x
May  9 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: Successful su for rubyman by root
May  9 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: + ??? root:rubyman
May  9 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356453 of user rubyman.
May  9 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11253]: pam_unix(su:session): session closed for user rubyman
May  9 00:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356453.
May  9 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8322]: pam_unix(cron:session): session closed for user root
May  9 00:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11189]: pam_unix(cron:session): session closed for user root
May  9 00:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11188]: pam_unix(cron:session): session closed for user samftp
May  9 00:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10303]: pam_unix(cron:session): session closed for user root
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11614]: pam_unix(cron:session): session closed for user p13x
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11679]: Successful su for rubyman by root
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11679]: + ??? root:rubyman
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11679]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356457 of user rubyman.
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11679]: pam_unix(su:session): session closed for user rubyman
May  9 00:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356457.
May  9 00:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session closed for user root
May  9 00:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user samftp
May  9 00:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10791]: pam_unix(cron:session): session closed for user root
May  9 00:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: Invalid user x from 92.118.39.65
May  9 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: input_userauth_request: invalid user x [preauth]
May  9 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: Failed password for invalid user x from 92.118.39.65 port 51802 ssh2
May  9 00:46:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11982]: Connection closed by 92.118.39.65 port 51802 [preauth]
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12010]: pam_unix(cron:session): session closed for user p13x
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12068]: Successful su for rubyman by root
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12068]: + ??? root:rubyman
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356460 of user rubyman.
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12068]: pam_unix(su:session): session closed for user rubyman
May  9 00:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356460.
May  9 00:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9401]: pam_unix(cron:session): session closed for user root
May  9 00:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12011]: pam_unix(cron:session): session closed for user samftp
May  9 00:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11191]: pam_unix(cron:session): session closed for user root
May  9 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12418]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12417]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12416]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12414]: pam_unix(cron:session): session closed for user p13x
May  9 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: Successful su for rubyman by root
May  9 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: + ??? root:rubyman
May  9 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356463 of user rubyman.
May  9 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12474]: pam_unix(su:session): session closed for user rubyman
May  9 00:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356463.
May  9 00:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9822]: pam_unix(cron:session): session closed for user root
May  9 00:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12416]: pam_unix(cron:session): session closed for user samftp
May  9 00:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Failed password for root from 218.92.0.179 port 59177 ssh2
May  9 00:48:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59177 ssh2]
May  9 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Received disconnect from 218.92.0.179 port 59177:11:  [preauth]
May  9 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: Disconnected from 218.92.0.179 port 59177 [preauth]
May  9 00:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12680]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session closed for user root
May  9 00:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  9 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Failed password for root from 190.103.202.7 port 50822 ssh2
May  9 00:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12780]: Connection closed by 190.103.202.7 port 50822 [preauth]
May  9 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12806]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12805]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12805]: pam_unix(cron:session): session closed for user p13x
May  9 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12869]: Successful su for rubyman by root
May  9 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12869]: + ??? root:rubyman
May  9 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12869]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356468 of user rubyman.
May  9 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12869]: pam_unix(su:session): session closed for user rubyman
May  9 00:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356468.
May  9 00:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10302]: pam_unix(cron:session): session closed for user root
May  9 00:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12806]: pam_unix(cron:session): session closed for user samftp
May  9 00:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12013]: pam_unix(cron:session): session closed for user root
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Invalid user admin from 80.94.95.241
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: input_userauth_request: invalid user admin [preauth]
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Failed password for root from 50.235.31.47 port 33676 ssh2
May  9 00:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13185]: Connection closed by 50.235.31.47 port 33676 [preauth]
May  9 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Failed password for invalid user admin from 80.94.95.241 port 34550 ssh2
May  9 00:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Failed password for invalid user admin from 80.94.95.241 port 34550 ssh2
May  9 00:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user root
May  9 00:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13207]: pam_unix(cron:session): session closed for user p13x
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: Successful su for rubyman by root
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: + ??? root:rubyman
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356471 of user rubyman.
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: pam_unix(su:session): session closed for user rubyman
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356471.
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Failed password for invalid user admin from 80.94.95.241 port 34550 ssh2
May  9 00:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session closed for user root
May  9 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10788]: pam_unix(cron:session): session closed for user root
May  9 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Failed password for invalid user admin from 80.94.95.241 port 34550 ssh2
May  9 00:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Failed password for invalid user admin from 80.94.95.241 port 34550 ssh2
May  9 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Received disconnect from 80.94.95.241 port 34550:11: Bye [preauth]
May  9 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: Disconnected from 80.94.95.241 port 34550 [preauth]
May  9 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 00:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13182]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 00:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13208]: pam_unix(cron:session): session closed for user samftp
May  9 00:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12418]: pam_unix(cron:session): session closed for user root
May  9 00:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Invalid user zhangyao from 164.68.105.9
May  9 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: input_userauth_request: invalid user zhangyao [preauth]
May  9 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  9 00:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Failed password for invalid user zhangyao from 164.68.105.9 port 54888 ssh2
May  9 00:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13699]: Connection closed by 164.68.105.9 port 54888 [preauth]
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13744]: pam_unix(cron:session): session closed for user p13x
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: Successful su for rubyman by root
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: + ??? root:rubyman
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356477 of user rubyman.
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13814]: pam_unix(su:session): session closed for user rubyman
May  9 00:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356477.
May  9 00:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11190]: pam_unix(cron:session): session closed for user root
May  9 00:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13745]: pam_unix(cron:session): session closed for user samftp
May  9 00:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12809]: pam_unix(cron:session): session closed for user root
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14145]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14145]: pam_unix(cron:session): session closed for user p13x
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: Successful su for rubyman by root
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: + ??? root:rubyman
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356482 of user rubyman.
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14208]: pam_unix(su:session): session closed for user rubyman
May  9 00:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356482.
May  9 00:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session closed for user root
May  9 00:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14146]: pam_unix(cron:session): session closed for user samftp
May  9 00:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user root
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14546]: pam_unix(cron:session): session closed for user p13x
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14609]: Successful su for rubyman by root
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14609]: + ??? root:rubyman
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356486 of user rubyman.
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14609]: pam_unix(su:session): session closed for user rubyman
May  9 00:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356486.
May  9 00:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12012]: pam_unix(cron:session): session closed for user root
May  9 00:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14547]: pam_unix(cron:session): session closed for user samftp
May  9 00:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session closed for user root
May  9 00:53:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Invalid user vali from 92.118.39.65
May  9 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: input_userauth_request: invalid user vali [preauth]
May  9 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: pam_unix(sshd:auth): check pass; user unknown
May  9 00:53:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 00:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Failed password for invalid user vali from 92.118.39.65 port 40790 ssh2
May  9 00:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14952]: Connection closed by 92.118.39.65 port 40790 [preauth]
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14972]: pam_unix(cron:session): session closed for user p13x
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15037]: Successful su for rubyman by root
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15037]: + ??? root:rubyman
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15037]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356490 of user rubyman.
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15037]: pam_unix(su:session): session closed for user rubyman
May  9 00:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356490.
May  9 00:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12417]: pam_unix(cron:session): session closed for user root
May  9 00:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14975]: pam_unix(cron:session): session closed for user samftp
May  9 00:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14149]: pam_unix(cron:session): session closed for user root
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15368]: pam_unix(cron:session): session closed for user root
May  9 00:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15363]: pam_unix(cron:session): session closed for user p13x
May  9 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: Successful su for rubyman by root
May  9 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: + ??? root:rubyman
May  9 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356496 of user rubyman.
May  9 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15431]: pam_unix(su:session): session closed for user rubyman
May  9 00:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356496.
May  9 00:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15365]: pam_unix(cron:session): session closed for user root
May  9 00:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12808]: pam_unix(cron:session): session closed for user root
May  9 00:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15364]: pam_unix(cron:session): session closed for user samftp
May  9 00:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14549]: pam_unix(cron:session): session closed for user root
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15786]: pam_unix(cron:session): session closed for user p13x
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15855]: Successful su for rubyman by root
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15855]: + ??? root:rubyman
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15855]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356500 of user rubyman.
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15855]: pam_unix(su:session): session closed for user rubyman
May  9 00:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356500.
May  9 00:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user root
May  9 00:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15787]: pam_unix(cron:session): session closed for user samftp
May  9 00:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14977]: pam_unix(cron:session): session closed for user root
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16181]: pam_unix(cron:session): session closed for user p13x
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: Successful su for rubyman by root
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: + ??? root:rubyman
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356504 of user rubyman.
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16239]: pam_unix(su:session): session closed for user rubyman
May  9 00:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356504.
May  9 00:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session closed for user root
May  9 00:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16182]: pam_unix(cron:session): session closed for user samftp
May  9 00:57:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:57:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Failed password for root from 218.92.0.179 port 55619 ssh2
May  9 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55619 ssh2]
May  9 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Received disconnect from 218.92.0.179 port 55619:11:  [preauth]
May  9 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: Disconnected from 218.92.0.179 port 55619 [preauth]
May  9 00:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16422]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 00:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15367]: pam_unix(cron:session): session closed for user root
May  9 00:57:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:57:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 00:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Failed password for root from 80.94.95.241 port 62771 ssh2
May  9 00:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 62771 ssh2]
May  9 00:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Received disconnect from 80.94.95.241 port 62771:11: Bye [preauth]
May  9 00:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: Disconnected from 80.94.95.241 port 62771 [preauth]
May  9 00:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 00:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16589]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16632]: pam_unix(cron:session): session closed for user p13x
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16694]: Successful su for rubyman by root
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16694]: + ??? root:rubyman
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356507 of user rubyman.
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16694]: pam_unix(su:session): session closed for user rubyman
May  9 00:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356507.
May  9 00:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14147]: pam_unix(cron:session): session closed for user root
May  9 00:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16633]: pam_unix(cron:session): session closed for user samftp
May  9 00:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15789]: pam_unix(cron:session): session closed for user root
May  9 00:58:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 00:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 00:58:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Failed password for root from 80.94.95.116 port 37312 ssh2
May  9 00:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17008]: Connection closed by 80.94.95.116 port 37312 [preauth]
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17060]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17058]: pam_unix(cron:session): session closed for user p13x
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: Successful su for rubyman by root
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: + ??? root:rubyman
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356512 of user rubyman.
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17121]: pam_unix(su:session): session closed for user rubyman
May  9 00:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356512.
May  9 00:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14548]: pam_unix(cron:session): session closed for user root
May  9 00:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17060]: pam_unix(cron:session): session closed for user samftp
May  9 00:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16184]: pam_unix(cron:session): session closed for user root
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17456]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17463]: pam_unix(cron:session): session closed for user root
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17458]: pam_unix(cron:session): session closed for user root
May  9 01:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17456]: pam_unix(cron:session): session closed for user p13x
May  9 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: Successful su for rubyman by root
May  9 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: + ??? root:rubyman
May  9 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356515 of user rubyman.
May  9 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17568]: pam_unix(su:session): session closed for user rubyman
May  9 01:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356515.
May  9 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14976]: pam_unix(cron:session): session closed for user root
May  9 01:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17460]: pam_unix(cron:session): session closed for user root
May  9 01:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17457]: pam_unix(cron:session): session closed for user samftp
May  9 01:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16635]: pam_unix(cron:session): session closed for user root
May  9 01:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:00:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  9 01:00:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18072]: Failed password for root from 218.92.0.208 port 44704 ssh2
May  9 01:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Invalid user a from 92.118.39.65
May  9 01:00:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: input_userauth_request: invalid user a [preauth]
May  9 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Failed password for invalid user a from 92.118.39.65 port 58010 ssh2
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18095]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18091]: Connection closed by 92.118.39.65 port 58010 [preauth]
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18094]: pam_unix(cron:session): session closed for user p13x
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: Successful su for rubyman by root
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: + ??? root:rubyman
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356522 of user rubyman.
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18166]: pam_unix(su:session): session closed for user rubyman
May  9 01:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356522.
May  9 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15366]: pam_unix(cron:session): session closed for user root
May  9 01:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18095]: pam_unix(cron:session): session closed for user samftp
May  9 01:01:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  9 01:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18323]: Failed password for root from 218.92.0.208 port 60260 ssh2
May  9 01:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17062]: pam_unix(cron:session): session closed for user root
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user p13x
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18581]: Successful su for rubyman by root
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18581]: + ??? root:rubyman
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356526 of user rubyman.
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18581]: pam_unix(su:session): session closed for user rubyman
May  9 01:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356526.
May  9 01:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15788]: pam_unix(cron:session): session closed for user root
May  9 01:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user samftp
May  9 01:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17462]: pam_unix(cron:session): session closed for user root
May  9 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18924]: pam_unix(cron:session): session closed for user p13x
May  9 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: Successful su for rubyman by root
May  9 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: + ??? root:rubyman
May  9 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356531 of user rubyman.
May  9 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18984]: pam_unix(su:session): session closed for user rubyman
May  9 01:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356531.
May  9 01:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16183]: pam_unix(cron:session): session closed for user root
May  9 01:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18925]: pam_unix(cron:session): session closed for user samftp
May  9 01:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18098]: pam_unix(cron:session): session closed for user root
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19332]: pam_unix(cron:session): session closed for user p13x
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19391]: Successful su for rubyman by root
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19391]: + ??? root:rubyman
May  9 01:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19391]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356535 of user rubyman.
May  9 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19391]: pam_unix(su:session): session closed for user rubyman
May  9 01:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356535.
May  9 01:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16634]: pam_unix(cron:session): session closed for user root
May  9 01:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19333]: pam_unix(cron:session): session closed for user samftp
May  9 01:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18524]: pam_unix(cron:session): session closed for user root
May  9 01:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:04:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: Failed password for root from 106.13.34.203 port 51178 ssh2
May  9 01:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19728]: Connection closed by 106.13.34.203 port 51178 [preauth]
May  9 01:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Invalid user martin from 106.13.34.203
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: input_userauth_request: invalid user martin [preauth]
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19752]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19755]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19751]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19756]: pam_unix(cron:session): session closed for user root
May  9 01:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19751]: pam_unix(cron:session): session closed for user p13x
May  9 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19824]: Successful su for rubyman by root
May  9 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19824]: + ??? root:rubyman
May  9 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356542 of user rubyman.
May  9 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19824]: pam_unix(su:session): session closed for user rubyman
May  9 01:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356542.
May  9 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Failed password for invalid user martin from 106.13.34.203 port 47818 ssh2
May  9 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19753]: pam_unix(cron:session): session closed for user root
May  9 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19748]: Connection closed by 106.13.34.203 port 47818 [preauth]
May  9 01:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17061]: pam_unix(cron:session): session closed for user root
May  9 01:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19752]: pam_unix(cron:session): session closed for user samftp
May  9 01:05:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: Failed password for root from 106.13.34.203 port 46800 ssh2
May  9 01:05:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20047]: Connection closed by 106.13.34.203 port 46800 [preauth]
May  9 01:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Failed password for root from 106.13.34.203 port 45120 ssh2
May  9 01:05:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20082]: Connection closed by 106.13.34.203 port 45120 [preauth]
May  9 01:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18929]: pam_unix(cron:session): session closed for user root
May  9 01:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Failed password for root from 218.92.0.179 port 33383 ssh2
May  9 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: Invalid user sales from 106.13.34.203
May  9 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: input_userauth_request: invalid user sales [preauth]
May  9 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: Failed password for invalid user sales from 106.13.34.203 port 44002 ssh2
May  9 01:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20144]: Connection closed by 106.13.34.203 port 44002 [preauth]
May  9 01:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Failed password for root from 218.92.0.179 port 33383 ssh2
May  9 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Failed password for root from 218.92.0.179 port 33383 ssh2
May  9 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Received disconnect from 218.92.0.179 port 33383:11:  [preauth]
May  9 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: Disconnected from 218.92.0.179 port 33383 [preauth]
May  9 01:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20148]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:05:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20188]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:05:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20188]: Failed password for root from 106.13.34.203 port 55406 ssh2
May  9 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Invalid user wangqi from 193.70.84.184
May  9 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: input_userauth_request: invalid user wangqi [preauth]
May  9 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 01:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20188]: Connection closed by 106.13.34.203 port 55406 [preauth]
May  9 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Failed password for invalid user wangqi from 193.70.84.184 port 50322 ssh2
May  9 01:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20198]: Connection closed by 193.70.84.184 port 50322 [preauth]
May  9 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20210]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20211]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20210]: pam_unix(cron:session): session closed for user p13x
May  9 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: Successful su for rubyman by root
May  9 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: + ??? root:rubyman
May  9 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356546 of user rubyman.
May  9 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20277]: pam_unix(su:session): session closed for user rubyman
May  9 01:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356546.
May  9 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17461]: pam_unix(cron:session): session closed for user root
May  9 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20211]: pam_unix(cron:session): session closed for user samftp
May  9 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: Invalid user bcrc from 106.13.34.203
May  9 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: input_userauth_request: invalid user bcrc [preauth]
May  9 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: Failed password for invalid user bcrc from 106.13.34.203 port 54128 ssh2
May  9 01:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20422]: Connection closed by 106.13.34.203 port 54128 [preauth]
May  9 01:06:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Invalid user ts3 from 106.13.34.203
May  9 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: input_userauth_request: invalid user ts3 [preauth]
May  9 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Failed password for invalid user ts3 from 106.13.34.203 port 51326 ssh2
May  9 01:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20489]: Connection closed by 106.13.34.203 port 51326 [preauth]
May  9 01:06:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19335]: pam_unix(cron:session): session closed for user root
May  9 01:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Failed password for root from 106.13.34.203 port 48594 ssh2
May  9 01:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Connection closed by 106.13.34.203 port 48594 [preauth]
May  9 01:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Invalid user download from 106.13.34.203
May  9 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: input_userauth_request: invalid user download [preauth]
May  9 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Failed password for invalid user download from 106.13.34.203 port 35584 ssh2
May  9 01:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20591]: Connection closed by 106.13.34.203 port 35584 [preauth]
May  9 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session closed for user p13x
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20685]: Successful su for rubyman by root
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20685]: + ??? root:rubyman
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356548 of user rubyman.
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20685]: pam_unix(su:session): session closed for user rubyman
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356548.
May  9 01:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18097]: pam_unix(cron:session): session closed for user root
May  9 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: Invalid user xs from 106.13.34.203
May  9 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: input_userauth_request: invalid user xs [preauth]
May  9 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session closed for user samftp
May  9 01:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: Failed password for invalid user xs from 106.13.34.203 port 38174 ssh2
May  9 01:07:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20708]: Connection closed by 106.13.34.203 port 38174 [preauth]
May  9 01:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:07:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Failed password for root from 106.13.34.203 port 41026 ssh2
May  9 01:07:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20919]: Connection closed by 106.13.34.203 port 41026 [preauth]
May  9 01:07:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19755]: pam_unix(cron:session): session closed for user root
May  9 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Invalid user hrc from 106.13.34.203
May  9 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: input_userauth_request: invalid user hrc [preauth]
May  9 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:07:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Failed password for invalid user hrc from 106.13.34.203 port 43784 ssh2
May  9 01:07:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20952]: Connection closed by 106.13.34.203 port 43784 [preauth]
May  9 01:07:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:07:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:07:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Failed password for root from 106.13.34.203 port 49486 ssh2
May  9 01:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21009]: Connection closed by 106.13.34.203 port 49486 [preauth]
May  9 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: Invalid user ubuntu from 92.118.39.65
May  9 01:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: input_userauth_request: invalid user ubuntu [preauth]
May  9 01:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session closed for user p13x
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: Successful su for rubyman by root
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: + ??? root:rubyman
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356554 of user rubyman.
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21107]: pam_unix(su:session): session closed for user rubyman
May  9 01:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356554.
May  9 01:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: Failed password for invalid user ubuntu from 92.118.39.65 port 47000 ssh2
May  9 01:08:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21038]: Connection closed by 92.118.39.65 port 47000 [preauth]
May  9 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Failed password for root from 106.13.34.203 port 51130 ssh2
May  9 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21040]: Connection closed by 106.13.34.203 port 51130 [preauth]
May  9 01:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18523]: pam_unix(cron:session): session closed for user root
May  9 01:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session closed for user samftp
May  9 01:08:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Invalid user odoo from 106.13.34.203
May  9 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: input_userauth_request: invalid user odoo [preauth]
May  9 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Failed password for invalid user odoo from 106.13.34.203 port 54262 ssh2
May  9 01:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21363]: Connection closed by 106.13.34.203 port 54262 [preauth]
May  9 01:08:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20214]: pam_unix(cron:session): session closed for user root
May  9 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: Failed password for root from 106.13.34.203 port 32976 ssh2
May  9 01:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21394]: Connection closed by 106.13.34.203 port 32976 [preauth]
May  9 01:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Invalid user adam from 106.13.34.203
May  9 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: input_userauth_request: invalid user adam [preauth]
May  9 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:08:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Failed password for invalid user adam from 106.13.34.203 port 39064 ssh2
May  9 01:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Connection closed by 106.13.34.203 port 39064 [preauth]
May  9 01:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21496]: pam_unix(cron:session): session closed for user p13x
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Invalid user steam from 106.13.34.203
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: input_userauth_request: invalid user steam [preauth]
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21632]: Successful su for rubyman by root
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21632]: + ??? root:rubyman
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356557 of user rubyman.
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21632]: pam_unix(su:session): session closed for user rubyman
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356557.
May  9 01:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21494]: pam_unix(cron:session): session closed for user root
May  9 01:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Failed password for invalid user steam from 106.13.34.203 port 43106 ssh2
May  9 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21485]: Connection closed by 106.13.34.203 port 43106 [preauth]
May  9 01:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18928]: pam_unix(cron:session): session closed for user root
May  9 01:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21497]: pam_unix(cron:session): session closed for user samftp
May  9 01:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22184]: Failed password for root from 106.13.34.203 port 48496 ssh2
May  9 01:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22184]: Connection closed by 106.13.34.203 port 48496 [preauth]
May  9 01:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Invalid user cloudera from 106.13.34.203
May  9 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: input_userauth_request: invalid user cloudera [preauth]
May  9 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20623]: pam_unix(cron:session): session closed for user root
May  9 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Failed password for invalid user cloudera from 106.13.34.203 port 54440 ssh2
May  9 01:09:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22231]: Connection closed by 106.13.34.203 port 54440 [preauth]
May  9 01:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Invalid user user10 from 106.13.34.203
May  9 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: input_userauth_request: invalid user user10 [preauth]
May  9 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:09:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:09:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Failed password for invalid user user10 from 106.13.34.203 port 33750 ssh2
May  9 01:09:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22313]: Connection closed by 106.13.34.203 port 33750 [preauth]
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22350]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22355]: pam_unix(cron:session): session closed for user root
May  9 01:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22350]: pam_unix(cron:session): session closed for user p13x
May  9 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22438]: Successful su for rubyman by root
May  9 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22438]: + ??? root:rubyman
May  9 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22438]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356566 of user rubyman.
May  9 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22438]: pam_unix(su:session): session closed for user rubyman
May  9 01:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356566.
May  9 01:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user root
May  9 01:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19334]: pam_unix(cron:session): session closed for user root
May  9 01:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user samftp
May  9 01:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22520]: Failed password for root from 106.13.34.203 port 40816 ssh2
May  9 01:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22520]: Connection closed by 106.13.34.203 port 40816 [preauth]
May  9 01:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Invalid user fo from 106.13.34.203
May  9 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: input_userauth_request: invalid user fo [preauth]
May  9 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:10:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:10:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Failed password for invalid user fo from 106.13.34.203 port 48376 ssh2
May  9 01:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22705]: Connection closed by 106.13.34.203 port 48376 [preauth]
May  9 01:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21046]: pam_unix(cron:session): session closed for user root
May  9 01:10:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22775]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:10:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22775]: Failed password for root from 106.13.34.203 port 55154 ssh2
May  9 01:10:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22775]: Connection closed by 106.13.34.203 port 55154 [preauth]
May  9 01:10:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Failed password for root from 106.13.34.203 port 39204 ssh2
May  9 01:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22835]: Connection closed by 106.13.34.203 port 39204 [preauth]
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22849]: pam_unix(cron:session): session closed for user p13x
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22926]: Successful su for rubyman by root
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22926]: + ??? root:rubyman
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356568 of user rubyman.
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22926]: pam_unix(su:session): session closed for user rubyman
May  9 01:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356568.
May  9 01:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19754]: pam_unix(cron:session): session closed for user root
May  9 01:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22850]: pam_unix(cron:session): session closed for user samftp
May  9 01:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Invalid user kevin from 106.13.34.203
May  9 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: input_userauth_request: invalid user kevin [preauth]
May  9 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Failed password for invalid user kevin from 106.13.34.203 port 49004 ssh2
May  9 01:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23148]: Connection closed by 106.13.34.203 port 49004 [preauth]
May  9 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: Invalid user admin from 80.94.95.116
May  9 01:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: input_userauth_request: invalid user admin [preauth]
May  9 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 01:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: Failed password for invalid user admin from 80.94.95.116 port 39236 ssh2
May  9 01:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23175]: Connection closed by 80.94.95.116 port 39236 [preauth]
May  9 01:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Failed password for root from 91.241.196.75 port 40068 ssh2
May  9 01:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Connection closed by 91.241.196.75 port 40068 [preauth]
May  9 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21499]: pam_unix(cron:session): session closed for user root
May  9 01:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:11:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Failed password for root from 91.241.196.75 port 40076 ssh2
May  9 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23248]: Connection closed by 91.241.196.75 port 40076 [preauth]
May  9 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: Failed password for root from 106.13.34.203 port 41674 ssh2
May  9 01:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23258]: Connection closed by 106.13.34.203 port 41674 [preauth]
May  9 01:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:11:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Failed password for root from 106.13.34.203 port 58282 ssh2
May  9 01:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23300]: Connection closed by 106.13.34.203 port 58282 [preauth]
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23400]: pam_unix(cron:session): session closed for user p13x
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: Successful su for rubyman by root
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: + ??? root:rubyman
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356571 of user rubyman.
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23469]: pam_unix(su:session): session closed for user rubyman
May  9 01:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356571.
May  9 01:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20212]: pam_unix(cron:session): session closed for user root
May  9 01:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23401]: pam_unix(cron:session): session closed for user samftp
May  9 01:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: Invalid user prometheus from 106.13.34.203
May  9 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: input_userauth_request: invalid user prometheus [preauth]
May  9 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: Failed password for invalid user prometheus from 106.13.34.203 port 43146 ssh2
May  9 01:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23681]: Connection closed by 106.13.34.203 port 43146 [preauth]
May  9 01:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session closed for user root
May  9 01:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23728]: Failed password for root from 106.13.34.203 port 55374 ssh2
May  9 01:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23728]: Connection closed by 106.13.34.203 port 55374 [preauth]
May  9 01:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: Invalid user ansible from 106.13.34.203
May  9 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: input_userauth_request: invalid user ansible [preauth]
May  9 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: Failed password for invalid user ansible from 106.13.34.203 port 42946 ssh2
May  9 01:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23899]: Connection closed by 106.13.34.203 port 42946 [preauth]
May  9 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23921]: Bad protocol version identification '\003' from 206.189.32.126 port 53591
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23924]: pam_unix(cron:session): session closed for user p13x
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: Successful su for rubyman by root
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: + ??? root:rubyman
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356575 of user rubyman.
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24003]: pam_unix(su:session): session closed for user rubyman
May  9 01:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356575.
May  9 01:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20622]: pam_unix(cron:session): session closed for user root
May  9 01:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23925]: pam_unix(cron:session): session closed for user samftp
May  9 01:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Invalid user test from 106.13.34.203
May  9 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: input_userauth_request: invalid user test [preauth]
May  9 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:13:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Failed password for invalid user test from 106.13.34.203 port 56826 ssh2
May  9 01:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24202]: Connection closed by 106.13.34.203 port 56826 [preauth]
May  9 01:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22852]: pam_unix(cron:session): session closed for user root
May  9 01:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24266]: Failed password for root from 106.13.34.203 port 43028 ssh2
May  9 01:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24266]: Connection closed by 106.13.34.203 port 43028 [preauth]
May  9 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24339]: Did not receive identification string from 176.65.143.202
May  9 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Failed password for root from 176.65.143.202 port 47282 ssh2
May  9 01:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24340]: Connection closed by 176.65.143.202 port 47282 [preauth]
May  9 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Failed password for root from 176.65.143.202 port 55600 ssh2
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24352]: Connection closed by 176.65.143.202 port 55600 [preauth]
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Invalid user debian from 106.13.34.203
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: input_userauth_request: invalid user debian [preauth]
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Failed password for invalid user debian from 106.13.34.203 port 53978 ssh2
May  9 01:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24356]: Connection closed by 106.13.34.203 port 53978 [preauth]
May  9 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24358]: Failed password for root from 176.65.143.202 port 55608 ssh2
May  9 01:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24358]: Connection closed by 176.65.143.202 port 55608 [preauth]
May  9 01:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Invalid user admin from 80.94.95.112
May  9 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: input_userauth_request: invalid user admin [preauth]
May  9 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 01:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Failed password for root from 176.65.143.202 port 55620 ssh2
May  9 01:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24370]: Connection closed by 176.65.143.202 port 55620 [preauth]
May  9 01:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Failed password for invalid user admin from 80.94.95.112 port 20586 ssh2
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24386]: pam_unix(cron:session): session closed for user p13x
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24456]: Successful su for rubyman by root
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24456]: + ??? root:rubyman
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356579 of user rubyman.
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24456]: pam_unix(su:session): session closed for user rubyman
May  9 01:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356579.
May  9 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Failed password for root from 176.65.143.202 port 48122 ssh2
May  9 01:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24383]: Connection closed by 176.65.143.202 port 48122 [preauth]
May  9 01:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Failed password for invalid user admin from 80.94.95.112 port 20586 ssh2
May  9 01:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21045]: pam_unix(cron:session): session closed for user root
May  9 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Failed password for invalid user admin from 80.94.95.112 port 20586 ssh2
May  9 01:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24387]: pam_unix(cron:session): session closed for user samftp
May  9 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Failed password for invalid user admin from 80.94.95.112 port 20586 ssh2
May  9 01:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Failed password for invalid user admin from 80.94.95.112 port 20586 ssh2
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Received disconnect from 80.94.95.112 port 20586:11: Bye [preauth]
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: Disconnected from 80.94.95.112 port 20586 [preauth]
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24372]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Failed password for root from 176.65.143.202 port 54440 ssh2
May  9 01:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24656]: Connection closed by 176.65.143.202 port 54440 [preauth]
May  9 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Invalid user webusr from 106.13.34.203
May  9 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: input_userauth_request: invalid user webusr [preauth]
May  9 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24673]: Did not receive identification string from 64.23.184.246
May  9 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Failed password for root from 91.241.196.75 port 55076 ssh2
May  9 01:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24658]: Connection closed by 91.241.196.75 port 55076 [preauth]
May  9 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Failed password for invalid user webusr from 106.13.34.203 port 40448 ssh2
May  9 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Failed password for root from 176.65.143.202 port 54454 ssh2
May  9 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24669]: Connection closed by 106.13.34.203 port 40448 [preauth]
May  9 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24671]: Connection closed by 176.65.143.202 port 54454 [preauth]
May  9 01:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Failed password for root from 91.241.196.75 port 55080 ssh2
May  9 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24674]: Connection closed by 91.241.196.75 port 55080 [preauth]
May  9 01:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Failed password for root from 176.65.143.202 port 54466 ssh2
May  9 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24706]: Failed password for root from 91.241.196.75 port 55094 ssh2
May  9 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24686]: Connection closed by 176.65.143.202 port 54466 [preauth]
May  9 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24706]: Connection closed by 91.241.196.75 port 55094 [preauth]
May  9 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for root from 176.65.143.202 port 60988 ssh2
May  9 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Connection closed by 176.65.143.202 port 60988 [preauth]
May  9 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24716]: Failed password for root from 91.241.196.75 port 46688 ssh2
May  9 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24716]: Connection closed by 91.241.196.75 port 46688 [preauth]
May  9 01:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Failed password for root from 176.65.143.202 port 32772 ssh2
May  9 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24721]: Connection closed by 176.65.143.202 port 32772 [preauth]
May  9 01:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: Failed password for root from 91.241.196.75 port 46702 ssh2
May  9 01:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24735]: Connection closed by 91.241.196.75 port 46702 [preauth]
May  9 01:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Failed password for root from 176.65.143.202 port 41624 ssh2
May  9 01:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24745]: Connection closed by 176.65.143.202 port 41624 [preauth]
May  9 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: Failed password for root from 91.241.196.75 port 46182 ssh2
May  9 01:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: Connection closed by 91.241.196.75 port 46182 [preauth]
May  9 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: Failed password for root from 176.65.143.202 port 41638 ssh2
May  9 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24749]: Connection closed by 176.65.143.202 port 41638 [preauth]
May  9 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23403]: pam_unix(cron:session): session closed for user root
May  9 01:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203  user=root
May  9 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: Failed password for root from 91.241.196.75 port 46188 ssh2
May  9 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24762]: Connection closed by 91.241.196.75 port 46188 [preauth]
May  9 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24778]: Failed password for root from 176.65.143.202 port 41650 ssh2
May  9 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24778]: Connection closed by 176.65.143.202 port 41650 [preauth]
May  9 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for root from 106.13.34.203 port 53920 ssh2
May  9 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Connection closed by 106.13.34.203 port 53920 [preauth]
May  9 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Failed password for root from 176.65.143.202 port 57728 ssh2
May  9 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24794]: Connection closed by 176.65.143.202 port 57728 [preauth]
May  9 01:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Failed password for root from 91.241.196.75 port 46192 ssh2
May  9 01:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24798]: Connection closed by 91.241.196.75 port 46192 [preauth]
May  9 01:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Failed password for root from 176.65.143.202 port 57736 ssh2
May  9 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24800]: Connection closed by 176.65.143.202 port 57736 [preauth]
May  9 01:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24811]: Failed password for root from 91.241.196.75 port 43894 ssh2
May  9 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24811]: Connection closed by 91.241.196.75 port 43894 [preauth]
May  9 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24825]: Failed password for root from 176.65.143.202 port 57746 ssh2
May  9 01:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24825]: Connection closed by 176.65.143.202 port 57746 [preauth]
May  9 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: Failed password for root from 91.241.196.75 port 43896 ssh2
May  9 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24827]: Connection closed by 91.241.196.75 port 43896 [preauth]
May  9 01:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Failed password for root from 176.65.143.202 port 54996 ssh2
May  9 01:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24838]: Connection closed by 176.65.143.202 port 54996 [preauth]
May  9 01:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Failed password for root from 91.241.196.75 port 43900 ssh2
May  9 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24840]: Connection closed by 91.241.196.75 port 43900 [preauth]
May  9 01:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24842]: Failed password for root from 176.65.143.202 port 55010 ssh2
May  9 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24842]: Connection closed by 176.65.143.202 port 55010 [preauth]
May  9 01:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Failed password for root from 91.241.196.75 port 45276 ssh2
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: Invalid user gpu2 from 106.13.34.203
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: input_userauth_request: invalid user gpu2 [preauth]
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.34.203
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24854]: Connection closed by 91.241.196.75 port 45276 [preauth]
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Invalid user ada from 92.118.39.65
May  9 01:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: input_userauth_request: invalid user ada [preauth]
May  9 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: Failed password for root from 176.65.143.202 port 55026 ssh2
May  9 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24859]: Connection closed by 176.65.143.202 port 55026 [preauth]
May  9 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: Failed password for invalid user gpu2 from 106.13.34.203 port 46838 ssh2
May  9 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Failed password for invalid user ada from 92.118.39.65 port 35988 ssh2
May  9 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24861]: Connection closed by 92.118.39.65 port 35988 [preauth]
May  9 01:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24856]: Connection closed by 106.13.34.203 port 46838 [preauth]
May  9 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: Failed password for root from 91.241.196.75 port 45284 ssh2
May  9 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24873]: Connection closed by 91.241.196.75 port 45284 [preauth]
May  9 01:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24884]: pam_unix(cron:session): session closed for user root
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24879]: pam_unix(cron:session): session closed for user p13x
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: Successful su for rubyman by root
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: + ??? root:rubyman
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356585 of user rubyman.
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24958]: pam_unix(su:session): session closed for user rubyman
May  9 01:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356585.
May  9 01:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24881]: pam_unix(cron:session): session closed for user root
May  9 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Failed password for root from 91.241.196.75 port 35490 ssh2
May  9 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24876]: Connection closed by 91.241.196.75 port 35490 [preauth]
May  9 01:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21498]: pam_unix(cron:session): session closed for user root
May  9 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Failed password for root from 176.65.143.202 port 55996 ssh2
May  9 01:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25065]: Connection closed by 176.65.143.202 port 55996 [preauth]
May  9 01:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24880]: pam_unix(cron:session): session closed for user samftp
May  9 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Failed password for root from 91.241.196.75 port 35504 ssh2
May  9 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25131]: Connection closed by 91.241.196.75 port 35504 [preauth]
May  9 01:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for root from 91.241.196.75 port 35512 ssh2
May  9 01:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Connection closed by 91.241.196.75 port 35512 [preauth]
May  9 01:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Failed password for root from 91.241.196.75 port 59608 ssh2
May  9 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25186]: Connection closed by 91.241.196.75 port 59608 [preauth]
May  9 01:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Failed password for root from 176.65.143.202 port 39502 ssh2
May  9 01:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25179]: Connection closed by 176.65.143.202 port 39502 [preauth]
May  9 01:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Failed password for root from 91.241.196.75 port 59622 ssh2
May  9 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25209]: Connection closed by 91.241.196.75 port 59622 [preauth]
May  9 01:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Failed password for root from 176.65.143.202 port 56564 ssh2
May  9 01:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25211]: Connection closed by 176.65.143.202 port 56564 [preauth]
May  9 01:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Failed password for root from 91.241.196.75 port 57980 ssh2
May  9 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25213]: Connection closed by 91.241.196.75 port 57980 [preauth]
May  9 01:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: Failed password for root from 176.65.143.202 port 56580 ssh2
May  9 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25225]: Connection closed by 176.65.143.202 port 56580 [preauth]
May  9 01:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Failed password for root from 91.241.196.75 port 57990 ssh2
May  9 01:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25227]: Connection closed by 91.241.196.75 port 57990 [preauth]
May  9 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Failed password for root from 176.65.143.202 port 56592 ssh2
May  9 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25242]: Connection closed by 176.65.143.202 port 56592 [preauth]
May  9 01:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Failed password for root from 91.241.196.75 port 57998 ssh2
May  9 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25260]: Connection closed by 91.241.196.75 port 57998 [preauth]
May  9 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25264]: Failed password for root from 176.65.143.202 port 53870 ssh2
May  9 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25264]: Connection closed by 176.65.143.202 port 53870 [preauth]
May  9 01:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23927]: pam_unix(cron:session): session closed for user root
May  9 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Failed password for root from 91.241.196.75 port 42628 ssh2
May  9 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25276]: Connection closed by 91.241.196.75 port 42628 [preauth]
May  9 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Failed password for root from 176.65.143.202 port 53874 ssh2
May  9 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25278]: Connection closed by 176.65.143.202 port 53874 [preauth]
May  9 01:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Failed password for root from 91.241.196.75 port 42634 ssh2
May  9 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25311]: Failed password for root from 176.65.143.202 port 58824 ssh2
May  9 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25311]: Connection closed by 176.65.143.202 port 58824 [preauth]
May  9 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25304]: Connection closed by 91.241.196.75 port 42634 [preauth]
May  9 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Failed password for root from 176.65.143.202 port 58836 ssh2
May  9 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: Failed password for root from 91.241.196.75 port 33670 ssh2
May  9 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25314]: Connection closed by 176.65.143.202 port 58836 [preauth]
May  9 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25316]: Connection closed by 91.241.196.75 port 33670 [preauth]
May  9 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Failed password for root from 176.65.143.202 port 58850 ssh2
May  9 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25327]: Connection closed by 176.65.143.202 port 58850 [preauth]
May  9 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: Failed password for root from 91.241.196.75 port 33674 ssh2
May  9 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25329]: Connection closed by 91.241.196.75 port 33674 [preauth]
May  9 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Failed password for root from 218.92.0.179 port 51985 ssh2
May  9 01:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Failed password for root from 176.65.143.202 port 58862 ssh2
May  9 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25348]: Connection closed by 176.65.143.202 port 58862 [preauth]
May  9 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Failed password for root from 91.241.196.75 port 33682 ssh2
May  9 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25350]: Connection closed by 91.241.196.75 port 33682 [preauth]
May  9 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Failed password for root from 218.92.0.179 port 51985 ssh2
May  9 01:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: Failed password for root from 176.65.143.202 port 36888 ssh2
May  9 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25366]: Connection closed by 176.65.143.202 port 36888 [preauth]
May  9 01:15:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Failed password for root from 218.92.0.179 port 51985 ssh2
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Received disconnect from 218.92.0.179 port 51985:11:  [preauth]
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: Disconnected from 218.92.0.179 port 51985 [preauth]
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25343]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Failed password for root from 91.241.196.75 port 34580 ssh2
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25368]: Connection closed by 91.241.196.75 port 34580 [preauth]
May  9 01:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25378]: Failed password for root from 176.65.143.202 port 36894 ssh2
May  9 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25378]: Connection closed by 176.65.143.202 port 36894 [preauth]
May  9 01:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: Failed password for root from 91.241.196.75 port 34588 ssh2
May  9 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25380]: Connection closed by 91.241.196.75 port 34588 [preauth]
May  9 01:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Failed password for root from 176.65.143.202 port 55398 ssh2
May  9 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25383]: Connection closed by 176.65.143.202 port 55398 [preauth]
May  9 01:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25396]: pam_unix(cron:session): session closed for user p13x
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25464]: Successful su for rubyman by root
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25464]: + ??? root:rubyman
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25464]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356591 of user rubyman.
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25464]: pam_unix(su:session): session closed for user rubyman
May  9 01:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356591.
May  9 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25393]: Failed password for root from 91.241.196.75 port 34594 ssh2
May  9 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25393]: Connection closed by 91.241.196.75 port 34594 [preauth]
May  9 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:16:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.196.75  user=root
May  9 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user root
May  9 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: Failed password for root from 176.65.143.202 port 55408 ssh2
May  9 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25500]: Failed password for root from 91.241.196.75 port 42126 ssh2
May  9 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25504]: Connection closed by 176.65.143.202 port 55408 [preauth]
May  9 01:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25397]: pam_unix(cron:session): session closed for user samftp
May  9 01:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.65.143.202  user=root
May  9 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Failed password for root from 176.65.143.202 port 55416 ssh2
May  9 01:16:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25678]: Connection closed by 176.65.143.202 port 55416 [preauth]
May  9 01:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24389]: pam_unix(cron:session): session closed for user root
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25895]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25896]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25893]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25892]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25890]: pam_unix(cron:session): session closed for user root
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25892]: pam_unix(cron:session): session closed for user p13x
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: Successful su for rubyman by root
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: + ??? root:rubyman
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356595 of user rubyman.
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25973]: pam_unix(su:session): session closed for user rubyman
May  9 01:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356595.
May  9 01:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22851]: pam_unix(cron:session): session closed for user root
May  9 01:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25893]: pam_unix(cron:session): session closed for user samftp
May  9 01:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24883]: pam_unix(cron:session): session closed for user root
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26308]: pam_unix(cron:session): session closed for user p13x
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: Successful su for rubyman by root
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: + ??? root:rubyman
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356599 of user rubyman.
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26369]: pam_unix(su:session): session closed for user rubyman
May  9 01:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356599.
May  9 01:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23402]: pam_unix(cron:session): session closed for user root
May  9 01:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26309]: pam_unix(cron:session): session closed for user samftp
May  9 01:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session closed for user root
May  9 01:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26784]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26784]: pam_unix(cron:session): session closed for user p13x
May  9 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: Successful su for rubyman by root
May  9 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: + ??? root:rubyman
May  9 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356602 of user rubyman.
May  9 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26851]: pam_unix(su:session): session closed for user rubyman
May  9 01:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356602.
May  9 01:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23926]: pam_unix(cron:session): session closed for user root
May  9 01:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26786]: pam_unix(cron:session): session closed for user samftp
May  9 01:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25896]: pam_unix(cron:session): session closed for user root
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27271]: pam_unix(cron:session): session closed for user root
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27266]: pam_unix(cron:session): session closed for user p13x
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27352]: Successful su for rubyman by root
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27352]: + ??? root:rubyman
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27352]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356606 of user rubyman.
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27352]: pam_unix(su:session): session closed for user rubyman
May  9 01:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356606.
May  9 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27268]: pam_unix(cron:session): session closed for user root
May  9 01:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24388]: pam_unix(cron:session): session closed for user root
May  9 01:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27267]: pam_unix(cron:session): session closed for user samftp
May  9 01:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26311]: pam_unix(cron:session): session closed for user root
May  9 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Invalid user admin from 80.94.95.241
May  9 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: input_userauth_request: invalid user admin [preauth]
May  9 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 01:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for invalid user admin from 80.94.95.241 port 25423 ssh2
May  9 01:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27777]: pam_unix(cron:session): session closed for user p13x
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27845]: Successful su for rubyman by root
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27845]: + ??? root:rubyman
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27845]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356612 of user rubyman.
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27845]: pam_unix(su:session): session closed for user rubyman
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356612.
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for invalid user admin from 80.94.95.241 port 25423 ssh2
May  9 01:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for invalid user admin from 80.94.95.241 port 25423 ssh2
May  9 01:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24882]: pam_unix(cron:session): session closed for user root
May  9 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27778]: pam_unix(cron:session): session closed for user samftp
May  9 01:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for invalid user admin from 80.94.95.241 port 25423 ssh2
May  9 01:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Failed password for invalid user admin from 80.94.95.241 port 25423 ssh2
May  9 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Received disconnect from 80.94.95.241 port 25423:11: Bye [preauth]
May  9 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: Disconnected from 80.94.95.241 port 25423 [preauth]
May  9 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 01:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27764]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 01:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26789]: pam_unix(cron:session): session closed for user root
May  9 01:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Invalid user cardano from 92.118.39.65
May  9 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: input_userauth_request: invalid user cardano [preauth]
May  9 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session closed for user p13x
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28258]: Successful su for rubyman by root
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28258]: + ??? root:rubyman
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28258]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356617 of user rubyman.
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28258]: pam_unix(su:session): session closed for user rubyman
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356617.
May  9 01:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Failed password for invalid user cardano from 92.118.39.65 port 53230 ssh2
May  9 01:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28183]: Connection closed by 92.118.39.65 port 53230 [preauth]
May  9 01:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25398]: pam_unix(cron:session): session closed for user root
May  9 01:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session closed for user samftp
May  9 01:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27270]: pam_unix(cron:session): session closed for user root
May  9 01:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: Invalid user david from 164.68.105.9
May  9 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: input_userauth_request: invalid user david [preauth]
May  9 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  9 01:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: Failed password for invalid user david from 164.68.105.9 port 32840 ssh2
May  9 01:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28590]: Connection closed by 164.68.105.9 port 32840 [preauth]
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28601]: pam_unix(cron:session): session closed for user p13x
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28663]: Successful su for rubyman by root
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28663]: + ??? root:rubyman
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356621 of user rubyman.
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28663]: pam_unix(su:session): session closed for user rubyman
May  9 01:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356621.
May  9 01:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25895]: pam_unix(cron:session): session closed for user root
May  9 01:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28602]: pam_unix(cron:session): session closed for user samftp
May  9 01:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27780]: pam_unix(cron:session): session closed for user root
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29004]: pam_unix(cron:session): session closed for user p13x
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: Successful su for rubyman by root
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: + ??? root:rubyman
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356625 of user rubyman.
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29163]: pam_unix(su:session): session closed for user rubyman
May  9 01:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356625.
May  9 01:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26310]: pam_unix(cron:session): session closed for user root
May  9 01:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29005]: pam_unix(cron:session): session closed for user samftp
May  9 01:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28198]: pam_unix(cron:session): session closed for user root
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29513]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29512]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29517]: pam_unix(cron:session): session closed for user root
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29512]: pam_unix(cron:session): session closed for user p13x
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29586]: Successful su for rubyman by root
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29586]: + ??? root:rubyman
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356633 of user rubyman.
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29586]: pam_unix(su:session): session closed for user rubyman
May  9 01:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356633.
May  9 01:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29514]: pam_unix(cron:session): session closed for user root
May  9 01:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26788]: pam_unix(cron:session): session closed for user root
May  9 01:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29513]: pam_unix(cron:session): session closed for user samftp
May  9 01:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28605]: pam_unix(cron:session): session closed for user root
May  9 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29951]: pam_unix(cron:session): session closed for user p13x
May  9 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: Successful su for rubyman by root
May  9 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: + ??? root:rubyman
May  9 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356634 of user rubyman.
May  9 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30021]: pam_unix(su:session): session closed for user rubyman
May  9 01:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356634.
May  9 01:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27269]: pam_unix(cron:session): session closed for user root
May  9 01:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29952]: pam_unix(cron:session): session closed for user samftp
May  9 01:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29007]: pam_unix(cron:session): session closed for user root
May  9 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session closed for user p13x
May  9 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30411]: Successful su for rubyman by root
May  9 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30411]: + ??? root:rubyman
May  9 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356638 of user rubyman.
May  9 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30411]: pam_unix(su:session): session closed for user rubyman
May  9 01:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356638.
May  9 01:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27779]: pam_unix(cron:session): session closed for user root
May  9 01:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session closed for user samftp
May  9 01:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29516]: pam_unix(cron:session): session closed for user root
May  9 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30743]: pam_unix(cron:session): session closed for user p13x
May  9 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30804]: Successful su for rubyman by root
May  9 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30804]: + ??? root:rubyman
May  9 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356642 of user rubyman.
May  9 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30804]: pam_unix(su:session): session closed for user rubyman
May  9 01:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356642.
May  9 01:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session closed for user root
May  9 01:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30744]: pam_unix(cron:session): session closed for user samftp
May  9 01:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for root from 218.92.0.179 port 44150 ssh2
May  9 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29954]: pam_unix(cron:session): session closed for user root
May  9 01:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for root from 218.92.0.179 port 44150 ssh2
May  9 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Failed password for root from 218.92.0.179 port 44150 ssh2
May  9 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Received disconnect from 218.92.0.179 port 44150:11:  [preauth]
May  9 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: Disconnected from 218.92.0.179 port 44150 [preauth]
May  9 01:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31146]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31234]: pam_unix(cron:session): session closed for user p13x
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31312]: Successful su for rubyman by root
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31312]: + ??? root:rubyman
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31312]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356646 of user rubyman.
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31312]: pam_unix(su:session): session closed for user rubyman
May  9 01:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356646.
May  9 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Invalid user ethereum from 92.118.39.65
May  9 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: input_userauth_request: invalid user ethereum [preauth]
May  9 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28604]: pam_unix(cron:session): session closed for user root
May  9 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Failed password for invalid user ethereum from 92.118.39.65 port 42220 ssh2
May  9 01:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31345]: Connection closed by 92.118.39.65 port 42220 [preauth]
May  9 01:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31235]: pam_unix(cron:session): session closed for user samftp
May  9 01:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30352]: pam_unix(cron:session): session closed for user root
May  9 01:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Invalid user magento from 50.235.31.47
May  9 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: input_userauth_request: invalid user magento [preauth]
May  9 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 01:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Failed password for invalid user magento from 50.235.31.47 port 51118 ssh2
May  9 01:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31633]: Connection closed by 50.235.31.47 port 51118 [preauth]
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31674]: pam_unix(cron:session): session closed for user root
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31669]: pam_unix(cron:session): session closed for user p13x
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31752]: Successful su for rubyman by root
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31752]: + ??? root:rubyman
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31752]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356650 of user rubyman.
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31752]: pam_unix(su:session): session closed for user rubyman
May  9 01:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356650.
May  9 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31671]: pam_unix(cron:session): session closed for user root
May  9 01:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29006]: pam_unix(cron:session): session closed for user root
May  9 01:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31670]: pam_unix(cron:session): session closed for user samftp
May  9 01:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30746]: pam_unix(cron:session): session closed for user root
May  9 01:30:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  9 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Failed password for root from 194.0.234.19 port 30324 ssh2
May  9 01:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32398]: Connection closed by 194.0.234.19 port 30324 [preauth]
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32420]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32420]: pam_unix(cron:session): session closed for user p13x
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: Successful su for rubyman by root
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: + ??? root:rubyman
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356656 of user rubyman.
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32494]: pam_unix(su:session): session closed for user rubyman
May  9 01:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356656.
May  9 01:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29515]: pam_unix(cron:session): session closed for user root
May  9 01:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session closed for user samftp
May  9 01:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31237]: pam_unix(cron:session): session closed for user root
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session closed for user p13x
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: Successful su for rubyman by root
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: + ??? root:rubyman
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356660 of user rubyman.
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[616]: pam_unix(su:session): session closed for user rubyman
May  9 01:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356660.
May  9 01:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29953]: pam_unix(cron:session): session closed for user root
May  9 01:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session closed for user samftp
May  9 01:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31673]: pam_unix(cron:session): session closed for user root
May  9 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1021]: pam_unix(cron:session): session closed for user p13x
May  9 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: Successful su for rubyman by root
May  9 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: + ??? root:rubyman
May  9 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356664 of user rubyman.
May  9 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1101]: pam_unix(su:session): session closed for user rubyman
May  9 01:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356664.
May  9 01:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30351]: pam_unix(cron:session): session closed for user root
May  9 01:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1022]: pam_unix(cron:session): session closed for user samftp
May  9 01:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32424]: pam_unix(cron:session): session closed for user root
May  9 01:33:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1504]: pam_unix(cron:session): session closed for user p13x
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: Successful su for rubyman by root
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: + ??? root:rubyman
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356670 of user rubyman.
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session closed for user rubyman
May  9 01:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356670.
May  9 01:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30745]: pam_unix(cron:session): session closed for user root
May  9 01:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1505]: pam_unix(cron:session): session closed for user samftp
May  9 01:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Failed password for root from 218.92.0.179 port 42458 ssh2
May  9 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42458 ssh2]
May  9 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Received disconnect from 218.92.0.179 port 42458:11:  [preauth]
May  9 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: Disconnected from 218.92.0.179 port 42458 [preauth]
May  9 01:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1826]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[553]: pam_unix(cron:session): session closed for user root
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2046]: pam_unix(cron:session): session closed for user root
May  9 01:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2041]: pam_unix(cron:session): session closed for user p13x
May  9 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: Successful su for rubyman by root
May  9 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: + ??? root:rubyman
May  9 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356673 of user rubyman.
May  9 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2110]: pam_unix(su:session): session closed for user rubyman
May  9 01:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356673.
May  9 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2043]: pam_unix(cron:session): session closed for user root
May  9 01:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31236]: pam_unix(cron:session): session closed for user root
May  9 01:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2042]: pam_unix(cron:session): session closed for user samftp
May  9 01:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1024]: pam_unix(cron:session): session closed for user root
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2499]: pam_unix(cron:session): session closed for user p13x
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: Successful su for rubyman by root
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: + ??? root:rubyman
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356678 of user rubyman.
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: pam_unix(su:session): session closed for user rubyman
May  9 01:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356678.
May  9 01:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Invalid user openhabian from 80.94.95.241
May  9 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: input_userauth_request: invalid user openhabian [preauth]
May  9 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 01:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31672]: pam_unix(cron:session): session closed for user root
May  9 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2500]: pam_unix(cron:session): session closed for user samftp
May  9 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Failed password for invalid user openhabian from 80.94.95.241 port 63771 ssh2
May  9 01:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Invalid user eth from 92.118.39.65
May  9 01:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: input_userauth_request: invalid user eth [preauth]
May  9 01:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Failed password for invalid user eth from 92.118.39.65 port 59440 ssh2
May  9 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Failed password for invalid user openhabian from 80.94.95.241 port 63771 ssh2
May  9 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2783]: Connection closed by 92.118.39.65 port 59440 [preauth]
May  9 01:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Failed password for invalid user openhabian from 80.94.95.241 port 63771 ssh2
May  9 01:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Failed password for invalid user openhabian from 80.94.95.241 port 63771 ssh2
May  9 01:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Failed password for invalid user openhabian from 80.94.95.241 port 63771 ssh2
May  9 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Received disconnect from 80.94.95.241 port 63771:11: Bye [preauth]
May  9 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: Disconnected from 80.94.95.241 port 63771 [preauth]
May  9 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 01:36:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2715]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 01:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1507]: pam_unix(cron:session): session closed for user root
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session closed for user p13x
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: Successful su for rubyman by root
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: + ??? root:rubyman
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356682 of user rubyman.
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3016]: pam_unix(su:session): session closed for user rubyman
May  9 01:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356682.
May  9 01:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session closed for user root
May  9 01:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session closed for user samftp
May  9 01:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2045]: pam_unix(cron:session): session closed for user root
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3354]: pam_unix(cron:session): session closed for user p13x
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3440]: Successful su for rubyman by root
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3440]: + ??? root:rubyman
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3440]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356687 of user rubyman.
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3440]: pam_unix(su:session): session closed for user rubyman
May  9 01:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356687.
May  9 01:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session closed for user root
May  9 01:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3355]: pam_unix(cron:session): session closed for user samftp
May  9 01:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2503]: pam_unix(cron:session): session closed for user root
May  9 01:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.76.151.8  user=root
May  9 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Failed password for root from 47.76.151.8 port 54300 ssh2
May  9 01:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3687]: Connection closed by 47.76.151.8 port 54300 [preauth]
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3803]: pam_unix(cron:session): session closed for user p13x
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: Successful su for rubyman by root
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: + ??? root:rubyman
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356691 of user rubyman.
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3931]: pam_unix(su:session): session closed for user rubyman
May  9 01:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356691.
May  9 01:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session closed for user root
May  9 01:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1023]: pam_unix(cron:session): session closed for user root
May  9 01:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3805]: pam_unix(cron:session): session closed for user samftp
May  9 01:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2948]: pam_unix(cron:session): session closed for user root
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4479]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4479]: pam_unix(cron:session): session closed for user root
May  9 01:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4474]: pam_unix(cron:session): session closed for user p13x
May  9 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: Successful su for rubyman by root
May  9 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: + ??? root:rubyman
May  9 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356695 of user rubyman.
May  9 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4561]: pam_unix(su:session): session closed for user rubyman
May  9 01:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356695.
May  9 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4476]: pam_unix(cron:session): session closed for user root
May  9 01:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1506]: pam_unix(cron:session): session closed for user root
May  9 01:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4475]: pam_unix(cron:session): session closed for user samftp
May  9 01:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3357]: pam_unix(cron:session): session closed for user root
May  9 01:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4940]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4964]: pam_unix(cron:session): session closed for user p13x
May  9 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5218]: Successful su for rubyman by root
May  9 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5218]: + ??? root:rubyman
May  9 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356703 of user rubyman.
May  9 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5218]: pam_unix(su:session): session closed for user rubyman
May  9 01:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356703.
May  9 01:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2044]: pam_unix(cron:session): session closed for user root
May  9 01:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4965]: pam_unix(cron:session): session closed for user samftp
May  9 01:41:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4940]: Connection closed by 47.76.151.8 port 55778 [preauth]
May  9 01:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3807]: pam_unix(cron:session): session closed for user root
May  9 01:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4927]: Connection closed by 47.76.151.8 port 44788 [preauth]
May  9 01:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4939]: Connection closed by 47.76.151.8 port 50284 [preauth]
May  9 01:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4952]: Connection closed by 47.76.151.8 port 33040 [preauth]
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5621]: pam_unix(cron:session): session closed for user p13x
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: Successful su for rubyman by root
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: + ??? root:rubyman
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356705 of user rubyman.
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5689]: pam_unix(su:session): session closed for user rubyman
May  9 01:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356705.
May  9 01:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2501]: pam_unix(cron:session): session closed for user root
May  9 01:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5622]: pam_unix(cron:session): session closed for user samftp
May  9 01:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4478]: pam_unix(cron:session): session closed for user root
May  9 01:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Failed password for root from 218.92.0.179 port 34484 ssh2
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6134]: pam_unix(cron:session): session closed for user p13x
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6196]: Successful su for rubyman by root
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6196]: + ??? root:rubyman
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356710 of user rubyman.
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6196]: pam_unix(su:session): session closed for user rubyman
May  9 01:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356710.
May  9 01:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Failed password for root from 218.92.0.179 port 34484 ssh2
May  9 01:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2947]: pam_unix(cron:session): session closed for user root
May  9 01:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Failed password for root from 218.92.0.179 port 34484 ssh2
May  9 01:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6135]: pam_unix(cron:session): session closed for user samftp
May  9 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Invalid user trx from 92.118.39.65
May  9 01:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: input_userauth_request: invalid user trx [preauth]
May  9 01:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:43:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Failed password for invalid user trx from 92.118.39.65 port 48430 ssh2
May  9 01:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6391]: Connection closed by 92.118.39.65 port 48430 [preauth]
May  9 01:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4968]: pam_unix(cron:session): session closed for user root
May  9 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6532]: pam_unix(cron:session): session closed for user p13x
May  9 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6591]: Successful su for rubyman by root
May  9 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6591]: + ??? root:rubyman
May  9 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356714 of user rubyman.
May  9 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6591]: pam_unix(su:session): session closed for user rubyman
May  9 01:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356714.
May  9 01:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3356]: pam_unix(cron:session): session closed for user root
May  9 01:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6533]: pam_unix(cron:session): session closed for user samftp
May  9 01:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Invalid user admin from 80.94.95.112
May  9 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: input_userauth_request: invalid user admin [preauth]
May  9 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:44:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user admin from 80.94.95.112 port 10828 ssh2
May  9 01:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user admin from 80.94.95.112 port 10828 ssh2
May  9 01:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user admin from 80.94.95.112 port 10828 ssh2
May  9 01:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user admin from 80.94.95.112 port 10828 ssh2
May  9 01:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Failed password for invalid user admin from 80.94.95.112 port 10828 ssh2
May  9 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Received disconnect from 80.94.95.112 port 10828:11: Bye [preauth]
May  9 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: Disconnected from 80.94.95.112 port 10828 [preauth]
May  9 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 01:44:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6799]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 01:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5624]: pam_unix(cron:session): session closed for user root
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7041]: pam_unix(cron:session): session closed for user root
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7036]: pam_unix(cron:session): session closed for user p13x
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: Successful su for rubyman by root
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: + ??? root:rubyman
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356721 of user rubyman.
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7130]: pam_unix(su:session): session closed for user rubyman
May  9 01:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356721.
May  9 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7038]: pam_unix(cron:session): session closed for user root
May  9 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3806]: pam_unix(cron:session): session closed for user root
May  9 01:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7037]: pam_unix(cron:session): session closed for user samftp
May  9 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: User uucp from 80.94.95.116 not allowed because not listed in AllowUsers
May  9 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: input_userauth_request: invalid user uucp [preauth]
May  9 01:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=uucp
May  9 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Failed password for invalid user uucp from 80.94.95.116 port 23138 ssh2
May  9 01:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7300]: Connection closed by 80.94.95.116 port 23138 [preauth]
May  9 01:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6137]: pam_unix(cron:session): session closed for user root
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7589]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7588]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7494]: pam_unix(cron:session): session closed for user p13x
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: Successful su for rubyman by root
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: + ??? root:rubyman
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356724 of user rubyman.
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7666]: pam_unix(su:session): session closed for user rubyman
May  9 01:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356724.
May  9 01:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4477]: pam_unix(cron:session): session closed for user root
May  9 01:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7588]: pam_unix(cron:session): session closed for user samftp
May  9 01:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6535]: pam_unix(cron:session): session closed for user root
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8022]: pam_unix(cron:session): session closed for user p13x
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: Successful su for rubyman by root
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: + ??? root:rubyman
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356727 of user rubyman.
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8086]: pam_unix(su:session): session closed for user rubyman
May  9 01:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356727.
May  9 01:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4966]: pam_unix(cron:session): session closed for user root
May  9 01:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8023]: pam_unix(cron:session): session closed for user samftp
May  9 01:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: Failed password for root from 218.92.0.179 port 53942 ssh2
May  9 01:47:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 53942 ssh2]
May  9 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: Received disconnect from 218.92.0.179 port 53942:11:  [preauth]
May  9 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: Disconnected from 218.92.0.179 port 53942 [preauth]
May  9 01:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8333]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7040]: pam_unix(cron:session): session closed for user root
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8448]: pam_unix(cron:session): session closed for user p13x
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: Successful su for rubyman by root
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: + ??? root:rubyman
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356732 of user rubyman.
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8517]: pam_unix(su:session): session closed for user rubyman
May  9 01:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356732.
May  9 01:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5623]: pam_unix(cron:session): session closed for user root
May  9 01:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8449]: pam_unix(cron:session): session closed for user samftp
May  9 01:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: Invalid user evertz from 190.103.202.7
May  9 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: input_userauth_request: invalid user evertz [preauth]
May  9 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  9 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: Failed password for invalid user evertz from 190.103.202.7 port 60786 ssh2
May  9 01:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8783]: Connection closed by 190.103.202.7 port 60786 [preauth]
May  9 01:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7590]: pam_unix(cron:session): session closed for user root
May  9 01:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:48:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Failed password for root from 218.92.0.179 port 12888 ssh2
May  9 01:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12888 ssh2]
May  9 01:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: Connection reset by 218.92.0.179 port 12888 [preauth]
May  9 01:49:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8856]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8886]: pam_unix(cron:session): session closed for user p13x
May  9 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: Successful su for rubyman by root
May  9 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: + ??? root:rubyman
May  9 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356735 of user rubyman.
May  9 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8949]: pam_unix(su:session): session closed for user rubyman
May  9 01:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356735.
May  9 01:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6136]: pam_unix(cron:session): session closed for user root
May  9 01:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8887]: pam_unix(cron:session): session closed for user samftp
May  9 01:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8025]: pam_unix(cron:session): session closed for user root
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9412]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9415]: pam_unix(cron:session): session closed for user root
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9409]: pam_unix(cron:session): session closed for user p13x
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9480]: Successful su for rubyman by root
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9480]: + ??? root:rubyman
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9480]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356739 of user rubyman.
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9480]: pam_unix(su:session): session closed for user rubyman
May  9 01:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356739.
May  9 01:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9412]: pam_unix(cron:session): session closed for user root
May  9 01:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6534]: pam_unix(cron:session): session closed for user root
May  9 01:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9411]: pam_unix(cron:session): session closed for user samftp
May  9 01:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Failed password for root from 218.92.0.179 port 59045 ssh2
May  9 01:50:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59045 ssh2]
May  9 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Invalid user ton from 92.118.39.65
May  9 01:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: input_userauth_request: invalid user ton [preauth]
May  9 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.118.39.65
May  9 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Received disconnect from 218.92.0.179 port 59045:11:  [preauth]
May  9 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: Disconnected from 218.92.0.179 port 59045 [preauth]
May  9 01:50:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9688]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Failed password for invalid user ton from 92.118.39.65 port 37420 ssh2
May  9 01:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9722]: Connection closed by 92.118.39.65 port 37420 [preauth]
May  9 01:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8451]: pam_unix(cron:session): session closed for user root
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9856]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9853]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9853]: pam_unix(cron:session): session closed for user p13x
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9921]: Successful su for rubyman by root
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9921]: + ??? root:rubyman
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9921]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356745 of user rubyman.
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9921]: pam_unix(su:session): session closed for user rubyman
May  9 01:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356745.
May  9 01:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7039]: pam_unix(cron:session): session closed for user root
May  9 01:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9854]: pam_unix(cron:session): session closed for user samftp
May  9 01:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Invalid user shiny from 193.70.84.184
May  9 01:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: input_userauth_request: invalid user shiny [preauth]
May  9 01:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Failed password for invalid user shiny from 193.70.84.184 port 52044 ssh2
May  9 01:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10117]: Connection closed by 193.70.84.184 port 52044 [preauth]
May  9 01:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8890]: pam_unix(cron:session): session closed for user root
May  9 01:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Failed password for root from 218.92.0.179 port 32851 ssh2
May  9 01:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 32851 ssh2]
May  9 01:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Received disconnect from 218.92.0.179 port 32851:11:  [preauth]
May  9 01:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: Disconnected from 218.92.0.179 port 32851 [preauth]
May  9 01:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10221]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10348]: pam_unix(cron:session): session closed for user p13x
May  9 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: Successful su for rubyman by root
May  9 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: + ??? root:rubyman
May  9 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356749 of user rubyman.
May  9 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10419]: pam_unix(su:session): session closed for user rubyman
May  9 01:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356749.
May  9 01:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7589]: pam_unix(cron:session): session closed for user root
May  9 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Invalid user admin from 80.94.95.241
May  9 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: input_userauth_request: invalid user admin [preauth]
May  9 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user admin from 80.94.95.241 port 5970 ssh2
May  9 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10349]: pam_unix(cron:session): session closed for user samftp
May  9 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user admin from 80.94.95.241 port 5970 ssh2
May  9 01:52:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user admin from 80.94.95.241 port 5970 ssh2
May  9 01:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user admin from 80.94.95.241 port 5970 ssh2
May  9 01:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: pam_unix(sshd:auth): check pass; user unknown
May  9 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Failed password for invalid user admin from 80.94.95.241 port 5970 ssh2
May  9 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Received disconnect from 80.94.95.241 port 5970:11: Bye [preauth]
May  9 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: Disconnected from 80.94.95.241 port 5970 [preauth]
May  9 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 01:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10536]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 01:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9414]: pam_unix(cron:session): session closed for user root
May  9 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10839]: pam_unix(cron:session): session closed for user p13x
May  9 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10899]: Successful su for rubyman by root
May  9 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10899]: + ??? root:rubyman
May  9 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10899]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356755 of user rubyman.
May  9 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10899]: pam_unix(su:session): session closed for user rubyman
May  9 01:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356755.
May  9 01:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8024]: pam_unix(cron:session): session closed for user root
May  9 01:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10840]: pam_unix(cron:session): session closed for user samftp
May  9 01:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9856]: pam_unix(cron:session): session closed for user root
May  9 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11227]: pam_unix(cron:session): session closed for user p13x
May  9 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11288]: Successful su for rubyman by root
May  9 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11288]: + ??? root:rubyman
May  9 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356757 of user rubyman.
May  9 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11288]: pam_unix(su:session): session closed for user rubyman
May  9 01:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356757.
May  9 01:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8450]: pam_unix(cron:session): session closed for user root
May  9 01:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11228]: pam_unix(cron:session): session closed for user samftp
May  9 01:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session closed for user root
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11628]: pam_unix(cron:session): session closed for user root
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11622]: pam_unix(cron:session): session closed for user p13x
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11688]: Successful su for rubyman by root
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11688]: + ??? root:rubyman
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11688]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356761 of user rubyman.
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11688]: pam_unix(su:session): session closed for user rubyman
May  9 01:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356761.
May  9 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11624]: pam_unix(cron:session): session closed for user root
May  9 01:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8888]: pam_unix(cron:session): session closed for user root
May  9 01:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11623]: pam_unix(cron:session): session closed for user samftp
May  9 01:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10842]: pam_unix(cron:session): session closed for user root
May  9 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12040]: pam_unix(cron:session): session closed for user p13x
May  9 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12113]: Successful su for rubyman by root
May  9 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12113]: + ??? root:rubyman
May  9 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356769 of user rubyman.
May  9 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12113]: pam_unix(su:session): session closed for user rubyman
May  9 01:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356769.
May  9 01:56:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9413]: pam_unix(cron:session): session closed for user root
May  9 01:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12041]: pam_unix(cron:session): session closed for user samftp
May  9 01:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 01:56:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:56:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Failed password for root from 218.92.0.179 port 55516 ssh2
May  9 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55516 ssh2]
May  9 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Received disconnect from 218.92.0.179 port 55516:11:  [preauth]
May  9 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: Disconnected from 218.92.0.179 port 55516 [preauth]
May  9 01:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12349]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 01:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11230]: pam_unix(cron:session): session closed for user root
May  9 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12463]: pam_unix(cron:session): session closed for user p13x
May  9 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12523]: Successful su for rubyman by root
May  9 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12523]: + ??? root:rubyman
May  9 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12523]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356771 of user rubyman.
May  9 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12523]: pam_unix(su:session): session closed for user rubyman
May  9 01:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356771.
May  9 01:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9855]: pam_unix(cron:session): session closed for user root
May  9 01:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12464]: pam_unix(cron:session): session closed for user samftp
May  9 01:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11627]: pam_unix(cron:session): session closed for user root
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12847]: pam_unix(cron:session): session closed for user p13x
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12906]: Successful su for rubyman by root
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12906]: + ??? root:rubyman
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12906]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356775 of user rubyman.
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12906]: pam_unix(su:session): session closed for user rubyman
May  9 01:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356775.
May  9 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10350]: pam_unix(cron:session): session closed for user root
May  9 01:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12848]: pam_unix(cron:session): session closed for user samftp
May  9 01:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12043]: pam_unix(cron:session): session closed for user root
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13239]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13238]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13238]: pam_unix(cron:session): session closed for user p13x
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13305]: Successful su for rubyman by root
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13305]: + ??? root:rubyman
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13305]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356779 of user rubyman.
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13305]: pam_unix(su:session): session closed for user rubyman
May  9 01:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356779.
May  9 01:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10841]: pam_unix(cron:session): session closed for user root
May  9 01:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13239]: pam_unix(cron:session): session closed for user samftp
May  9 01:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12466]: pam_unix(cron:session): session closed for user root
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13754]: pam_unix(cron:session): session closed for user root
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13748]: pam_unix(cron:session): session closed for user root
May  9 02:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13746]: pam_unix(cron:session): session closed for user p13x
May  9 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: Successful su for rubyman by root
May  9 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: + ??? root:rubyman
May  9 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356786 of user rubyman.
May  9 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13848]: pam_unix(su:session): session closed for user rubyman
May  9 02:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356786.
May  9 02:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11229]: pam_unix(cron:session): session closed for user root
May  9 02:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13751]: pam_unix(cron:session): session closed for user root
May  9 02:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13747]: pam_unix(cron:session): session closed for user samftp
May  9 02:00:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12850]: pam_unix(cron:session): session closed for user root
May  9 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14246]: pam_unix(cron:session): session closed for user p13x
May  9 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14317]: Successful su for rubyman by root
May  9 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14317]: + ??? root:rubyman
May  9 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356792 of user rubyman.
May  9 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14317]: pam_unix(su:session): session closed for user rubyman
May  9 02:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356792.
May  9 02:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11626]: pam_unix(cron:session): session closed for user root
May  9 02:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14248]: pam_unix(cron:session): session closed for user samftp
May  9 02:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13241]: pam_unix(cron:session): session closed for user root
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14663]: pam_unix(cron:session): session closed for user p13x
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: Successful su for rubyman by root
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: + ??? root:rubyman
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356795 of user rubyman.
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14726]: pam_unix(su:session): session closed for user rubyman
May  9 02:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356795.
May  9 02:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12042]: pam_unix(cron:session): session closed for user root
May  9 02:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14664]: pam_unix(cron:session): session closed for user samftp
May  9 02:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13753]: pam_unix(cron:session): session closed for user root
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session closed for user p13x
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15130]: Successful su for rubyman by root
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15130]: + ??? root:rubyman
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15130]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356800 of user rubyman.
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15130]: pam_unix(su:session): session closed for user rubyman
May  9 02:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356800.
May  9 02:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12465]: pam_unix(cron:session): session closed for user root
May  9 02:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user samftp
May  9 02:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14251]: pam_unix(cron:session): session closed for user root
May  9 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15463]: pam_unix(cron:session): session closed for user p13x
May  9 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15526]: Successful su for rubyman by root
May  9 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15526]: + ??? root:rubyman
May  9 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15526]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356804 of user rubyman.
May  9 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15526]: pam_unix(su:session): session closed for user rubyman
May  9 02:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356804.
May  9 02:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12849]: pam_unix(cron:session): session closed for user root
May  9 02:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session closed for user samftp
May  9 02:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14666]: pam_unix(cron:session): session closed for user root
May  9 02:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:05:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15866]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15863]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15865]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15862]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15867]: pam_unix(cron:session): session closed for user root
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15862]: pam_unix(cron:session): session closed for user p13x
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15936]: Successful su for rubyman by root
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15936]: + ??? root:rubyman
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15936]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356810 of user rubyman.
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15936]: pam_unix(su:session): session closed for user rubyman
May  9 02:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356810.
May  9 02:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Failed password for root from 190.103.202.7 port 60666 ssh2
May  9 02:05:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15850]: Connection closed by 190.103.202.7 port 60666 [preauth]
May  9 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15864]: pam_unix(cron:session): session closed for user root
May  9 02:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13240]: pam_unix(cron:session): session closed for user root
May  9 02:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15863]: pam_unix(cron:session): session closed for user samftp
May  9 02:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15073]: pam_unix(cron:session): session closed for user root
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16278]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16277]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16277]: pam_unix(cron:session): session closed for user p13x
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: Successful su for rubyman by root
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: + ??? root:rubyman
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356812 of user rubyman.
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16340]: pam_unix(su:session): session closed for user rubyman
May  9 02:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356812.
May  9 02:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13752]: pam_unix(cron:session): session closed for user root
May  9 02:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16278]: pam_unix(cron:session): session closed for user samftp
May  9 02:06:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  9 02:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16595]: Failed password for root from 218.92.0.215 port 23534 ssh2
May  9 02:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session closed for user root
May  9 02:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16678]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user p13x
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: Successful su for rubyman by root
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: + ??? root:rubyman
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356818 of user rubyman.
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16793]: pam_unix(su:session): session closed for user rubyman
May  9 02:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356818.
May  9 02:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14249]: pam_unix(cron:session): session closed for user root
May  9 02:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session closed for user samftp
May  9 02:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15866]: pam_unix(cron:session): session closed for user root
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17163]: pam_unix(cron:session): session closed for user p13x
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17225]: Successful su for rubyman by root
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17225]: + ??? root:rubyman
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17225]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356821 of user rubyman.
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17225]: pam_unix(su:session): session closed for user rubyman
May  9 02:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356821.
May  9 02:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14665]: pam_unix(cron:session): session closed for user root
May  9 02:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17164]: pam_unix(cron:session): session closed for user samftp
May  9 02:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16280]: pam_unix(cron:session): session closed for user root
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17577]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17576]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17576]: pam_unix(cron:session): session closed for user p13x
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17702]: Successful su for rubyman by root
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17702]: + ??? root:rubyman
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356825 of user rubyman.
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17702]: pam_unix(su:session): session closed for user rubyman
May  9 02:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356825.
May  9 02:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17574]: pam_unix(cron:session): session closed for user root
May  9 02:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session closed for user root
May  9 02:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17577]: pam_unix(cron:session): session closed for user samftp
May  9 02:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session closed for user root
May  9 02:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:09:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: Failed password for root from 218.92.0.179 port 28075 ssh2
May  9 02:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 28075 ssh2]
May  9 02:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: Received disconnect from 218.92.0.179 port 28075:11:  [preauth]
May  9 02:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: Disconnected from 218.92.0.179 port 28075 [preauth]
May  9 02:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18131]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18194]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18195]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18195]: pam_unix(cron:session): session closed for user root
May  9 02:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18190]: pam_unix(cron:session): session closed for user p13x
May  9 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: Successful su for rubyman by root
May  9 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: + ??? root:rubyman
May  9 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356833 of user rubyman.
May  9 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18257]: pam_unix(su:session): session closed for user rubyman
May  9 02:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356833.
May  9 02:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18192]: pam_unix(cron:session): session closed for user root
May  9 02:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session closed for user root
May  9 02:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18191]: pam_unix(cron:session): session closed for user samftp
May  9 02:10:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Invalid user admin from 80.94.95.116
May  9 02:10:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: input_userauth_request: invalid user admin [preauth]
May  9 02:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 02:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Failed password for invalid user admin from 80.94.95.116 port 61314 ssh2
May  9 02:10:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18541]: Connection closed by 80.94.95.116 port 61314 [preauth]
May  9 02:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17166]: pam_unix(cron:session): session closed for user root
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18629]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18628]: pam_unix(cron:session): session closed for user p13x
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: Successful su for rubyman by root
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: + ??? root:rubyman
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356835 of user rubyman.
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18696]: pam_unix(su:session): session closed for user rubyman
May  9 02:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356835.
May  9 02:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15865]: pam_unix(cron:session): session closed for user root
May  9 02:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18629]: pam_unix(cron:session): session closed for user samftp
May  9 02:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 218.92.0.179 port 59978 ssh2
May  9 02:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 218.92.0.179 port 59978 ssh2
May  9 02:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Invalid user teamspeak-user from 164.68.105.9
May  9 02:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: input_userauth_request: invalid user teamspeak-user [preauth]
May  9 02:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:11:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  9 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Failed password for root from 218.92.0.179 port 59978 ssh2
May  9 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Received disconnect from 218.92.0.179 port 59978:11:  [preauth]
May  9 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: Disconnected from 218.92.0.179 port 59978 [preauth]
May  9 02:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18902]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Failed password for invalid user teamspeak-user from 164.68.105.9 port 37504 ssh2
May  9 02:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18928]: Connection closed by 164.68.105.9 port 37504 [preauth]
May  9 02:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17579]: pam_unix(cron:session): session closed for user root
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19056]: pam_unix(cron:session): session closed for user p13x
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Did not receive identification string from 64.23.184.246
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: Successful su for rubyman by root
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: + ??? root:rubyman
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356841 of user rubyman.
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19122]: pam_unix(su:session): session closed for user rubyman
May  9 02:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356841.
May  9 02:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16279]: pam_unix(cron:session): session closed for user root
May  9 02:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19057]: pam_unix(cron:session): session closed for user samftp
May  9 02:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18194]: pam_unix(cron:session): session closed for user root
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19460]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19460]: pam_unix(cron:session): session closed for user p13x
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: Successful su for rubyman by root
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: + ??? root:rubyman
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356843 of user rubyman.
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19522]: pam_unix(su:session): session closed for user rubyman
May  9 02:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356843.
May  9 02:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user root
May  9 02:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19461]: pam_unix(cron:session): session closed for user samftp
May  9 02:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18631]: pam_unix(cron:session): session closed for user root
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19875]: pam_unix(cron:session): session closed for user p13x
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19938]: Successful su for rubyman by root
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19938]: + ??? root:rubyman
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19938]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356847 of user rubyman.
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19938]: pam_unix(su:session): session closed for user rubyman
May  9 02:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356847.
May  9 02:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17165]: pam_unix(cron:session): session closed for user root
May  9 02:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19876]: pam_unix(cron:session): session closed for user samftp
May  9 02:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19059]: pam_unix(cron:session): session closed for user root
May  9 02:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Invalid user admin from 80.94.95.112
May  9 02:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: input_userauth_request: invalid user admin [preauth]
May  9 02:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 02:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Failed password for invalid user admin from 80.94.95.112 port 53856 ssh2
May  9 02:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Failed password for invalid user admin from 80.94.95.112 port 53856 ssh2
May  9 02:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:14:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Failed password for invalid user admin from 80.94.95.112 port 53856 ssh2
May  9 02:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Failed password for invalid user admin from 80.94.95.112 port 53856 ssh2
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20289]: pam_unix(cron:session): session closed for user root
May  9 02:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20284]: pam_unix(cron:session): session closed for user p13x
May  9 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: Successful su for rubyman by root
May  9 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: + ??? root:rubyman
May  9 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356851 of user rubyman.
May  9 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20357]: pam_unix(su:session): session closed for user rubyman
May  9 02:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356851.
May  9 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Failed password for invalid user admin from 80.94.95.112 port 53856 ssh2
May  9 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Received disconnect from 80.94.95.112 port 53856:11: Bye [preauth]
May  9 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: Disconnected from 80.94.95.112 port 53856 [preauth]
May  9 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 02:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20271]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20286]: pam_unix(cron:session): session closed for user root
May  9 02:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17578]: pam_unix(cron:session): session closed for user root
May  9 02:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20285]: pam_unix(cron:session): session closed for user samftp
May  9 02:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19463]: pam_unix(cron:session): session closed for user root
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20728]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20726]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20725]: pam_unix(cron:session): session closed for user p13x
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20794]: Successful su for rubyman by root
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20794]: + ??? root:rubyman
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20794]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356857 of user rubyman.
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20794]: pam_unix(su:session): session closed for user rubyman
May  9 02:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356857.
May  9 02:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18193]: pam_unix(cron:session): session closed for user root
May  9 02:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20726]: pam_unix(cron:session): session closed for user samftp
May  9 02:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19878]: pam_unix(cron:session): session closed for user root
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21139]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21139]: pam_unix(cron:session): session closed for user root
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21141]: pam_unix(cron:session): session closed for user p13x
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: Successful su for rubyman by root
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: + ??? root:rubyman
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356863 of user rubyman.
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21218]: pam_unix(su:session): session closed for user rubyman
May  9 02:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356863.
May  9 02:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18630]: pam_unix(cron:session): session closed for user root
May  9 02:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21142]: pam_unix(cron:session): session closed for user samftp
May  9 02:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20288]: pam_unix(cron:session): session closed for user root
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21585]: pam_unix(cron:session): session closed for user p13x
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21661]: Successful su for rubyman by root
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21661]: + ??? root:rubyman
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356866 of user rubyman.
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21661]: pam_unix(su:session): session closed for user rubyman
May  9 02:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356866.
May  9 02:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19058]: pam_unix(cron:session): session closed for user root
May  9 02:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21586]: pam_unix(cron:session): session closed for user samftp
May  9 02:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20729]: pam_unix(cron:session): session closed for user root
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22327]: Did not receive identification string from 103.70.114.33
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22351]: pam_unix(cron:session): session closed for user p13x
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Invalid user usario from 103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: input_userauth_request: invalid user usario [preauth]
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Invalid user user from 103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: input_userauth_request: invalid user user [preauth]
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Invalid user support from 103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Invalid user ubnt from 103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: input_userauth_request: invalid user support [preauth]
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: input_userauth_request: invalid user ubnt [preauth]
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: Invalid user admin from 103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: input_userauth_request: invalid user admin [preauth]
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.70.114.33
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22430]: Successful su for rubyman by root
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22430]: + ??? root:rubyman
May  9 02:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22430]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356870 of user rubyman.
May  9 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22430]: pam_unix(su:session): session closed for user rubyman
May  9 02:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356870.
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Failed password for invalid user usario from 103.70.114.33 port 47492 ssh2
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Failed password for invalid user user from 103.70.114.33 port 47452 ssh2
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Failed password for invalid user support from 103.70.114.33 port 47454 ssh2
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Failed password for invalid user ubnt from 103.70.114.33 port 47484 ssh2
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: Failed password for invalid user admin from 103.70.114.33 port 47468 ssh2
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Received disconnect from 103.70.114.33 port 47492:11: Bye Bye [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22328]: Disconnected from 103.70.114.33 port 47492 [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Received disconnect from 103.70.114.33 port 47452:11: Bye Bye [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22331]: Disconnected from 103.70.114.33 port 47452 [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Received disconnect from 103.70.114.33 port 47454:11: Bye Bye [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22329]: Disconnected from 103.70.114.33 port 47454 [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Received disconnect from 103.70.114.33 port 47484:11: Bye Bye [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22330]: Disconnected from 103.70.114.33 port 47484 [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: Received disconnect from 103.70.114.33 port 47468:11: Bye Bye [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22332]: Disconnected from 103.70.114.33 port 47468 [preauth]
May  9 02:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19462]: pam_unix(cron:session): session closed for user root
May  9 02:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22352]: pam_unix(cron:session): session closed for user samftp
May  9 02:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21144]: pam_unix(cron:session): session closed for user root
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22806]: pam_unix(cron:session): session closed for user root
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22800]: pam_unix(cron:session): session closed for user p13x
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: Successful su for rubyman by root
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: + ??? root:rubyman
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356876 of user rubyman.
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22884]: pam_unix(su:session): session closed for user rubyman
May  9 02:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356876.
May  9 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22802]: pam_unix(cron:session): session closed for user root
May  9 02:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19877]: pam_unix(cron:session): session closed for user root
May  9 02:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22801]: pam_unix(cron:session): session closed for user samftp
May  9 02:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21588]: pam_unix(cron:session): session closed for user root
May  9 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23286]: pam_unix(cron:session): session closed for user p13x
May  9 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23447]: Successful su for rubyman by root
May  9 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23447]: + ??? root:rubyman
May  9 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23447]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356882 of user rubyman.
May  9 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23447]: pam_unix(su:session): session closed for user rubyman
May  9 02:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356882.
May  9 02:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20287]: pam_unix(cron:session): session closed for user root
May  9 02:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23287]: pam_unix(cron:session): session closed for user samftp
May  9 02:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22354]: pam_unix(cron:session): session closed for user root
May  9 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23877]: pam_unix(cron:session): session closed for user p13x
May  9 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: Successful su for rubyman by root
May  9 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: + ??? root:rubyman
May  9 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356884 of user rubyman.
May  9 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: pam_unix(su:session): session closed for user rubyman
May  9 02:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356884.
May  9 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20728]: pam_unix(cron:session): session closed for user root
May  9 02:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 02:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23878]: pam_unix(cron:session): session closed for user samftp
May  9 02:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: Failed password for root from 80.94.95.241 port 63080 ssh2
May  9 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 63080 ssh2]
May  9 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: Received disconnect from 80.94.95.241 port 63080:11: Bye [preauth]
May  9 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: Disconnected from 80.94.95.241 port 63080 [preauth]
May  9 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 02:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24123]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 02:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22805]: pam_unix(cron:session): session closed for user root
May  9 02:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 02:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Failed password for root from 218.92.0.206 port 31450 ssh2
May  9 02:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: message repeated 4 times: [ Failed password for root from 218.92.0.206 port 31450 ssh2]
May  9 02:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 31450 ssh2 [preauth]
May  9 02:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: Disconnecting: Too many authentication failures [preauth]
May  9 02:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 02:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24279]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 02:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24339]: pam_unix(cron:session): session closed for user p13x
May  9 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: Successful su for rubyman by root
May  9 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: + ??? root:rubyman
May  9 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356889 of user rubyman.
May  9 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24411]: pam_unix(su:session): session closed for user rubyman
May  9 02:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356889.
May  9 02:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21143]: pam_unix(cron:session): session closed for user root
May  9 02:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24340]: pam_unix(cron:session): session closed for user samftp
May  9 02:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23289]: pam_unix(cron:session): session closed for user root
May  9 02:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  9 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Failed password for root from 50.235.31.47 port 59004 ssh2
May  9 02:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24708]: Connection closed by 50.235.31.47 port 59004 [preauth]
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24765]: pam_unix(cron:session): session closed for user p13x
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: Successful su for rubyman by root
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: + ??? root:rubyman
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356892 of user rubyman.
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24826]: pam_unix(su:session): session closed for user rubyman
May  9 02:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356892.
May  9 02:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21587]: pam_unix(cron:session): session closed for user root
May  9 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24766]: pam_unix(cron:session): session closed for user samftp
May  9 02:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Invalid user admin from 80.94.95.241
May  9 02:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: input_userauth_request: invalid user admin [preauth]
May  9 02:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for invalid user admin from 80.94.95.241 port 24529 ssh2
May  9 02:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for invalid user admin from 80.94.95.241 port 24529 ssh2
May  9 02:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for invalid user admin from 80.94.95.241 port 24529 ssh2
May  9 02:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for invalid user admin from 80.94.95.241 port 24529 ssh2
May  9 02:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Failed password for invalid user admin from 80.94.95.241 port 24529 ssh2
May  9 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Received disconnect from 80.94.95.241 port 24529:11: Bye [preauth]
May  9 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: Disconnected from 80.94.95.241 port 24529 [preauth]
May  9 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 02:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 02:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23880]: pam_unix(cron:session): session closed for user root
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25176]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25174]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session closed for user root
May  9 02:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25174]: pam_unix(cron:session): session closed for user p13x
May  9 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: Successful su for rubyman by root
May  9 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: + ??? root:rubyman
May  9 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356897 of user rubyman.
May  9 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25241]: pam_unix(su:session): session closed for user rubyman
May  9 02:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356897.
May  9 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25326]: Did not receive identification string from 193.32.162.185
May  9 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25176]: pam_unix(cron:session): session closed for user root
May  9 02:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22353]: pam_unix(cron:session): session closed for user root
May  9 02:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25175]: pam_unix(cron:session): session closed for user samftp
May  9 02:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session closed for user root
May  9 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25637]: pam_unix(cron:session): session closed for user p13x
May  9 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: Successful su for rubyman by root
May  9 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: + ??? root:rubyman
May  9 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356903 of user rubyman.
May  9 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25729]: pam_unix(su:session): session closed for user rubyman
May  9 02:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356903.
May  9 02:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22803]: pam_unix(cron:session): session closed for user root
May  9 02:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25638]: pam_unix(cron:session): session closed for user samftp
May  9 02:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Invalid user admin from 194.0.234.19
May  9 02:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: input_userauth_request: invalid user admin [preauth]
May  9 02:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  9 02:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Failed password for invalid user admin from 194.0.234.19 port 22018 ssh2
May  9 02:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25983]: Connection closed by 194.0.234.19 port 22018 [preauth]
May  9 02:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24768]: pam_unix(cron:session): session closed for user root
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26119]: pam_unix(cron:session): session closed for user p13x
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: Successful su for rubyman by root
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: + ??? root:rubyman
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356907 of user rubyman.
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26180]: pam_unix(su:session): session closed for user rubyman
May  9 02:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356907.
May  9 02:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23288]: pam_unix(cron:session): session closed for user root
May  9 02:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26120]: pam_unix(cron:session): session closed for user samftp
May  9 02:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session closed for user root
May  9 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26602]: pam_unix(cron:session): session closed for user p13x
May  9 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: Successful su for rubyman by root
May  9 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: + ??? root:rubyman
May  9 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356911 of user rubyman.
May  9 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26665]: pam_unix(su:session): session closed for user rubyman
May  9 02:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356911.
May  9 02:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23879]: pam_unix(cron:session): session closed for user root
May  9 02:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26603]: pam_unix(cron:session): session closed for user samftp
May  9 02:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25640]: pam_unix(cron:session): session closed for user root
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27056]: pam_unix(cron:session): session closed for user p13x
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27134]: Successful su for rubyman by root
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27134]: + ??? root:rubyman
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356914 of user rubyman.
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27134]: pam_unix(su:session): session closed for user rubyman
May  9 02:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356914.
May  9 02:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24341]: pam_unix(cron:session): session closed for user root
May  9 02:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27057]: pam_unix(cron:session): session closed for user samftp
May  9 02:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26122]: pam_unix(cron:session): session closed for user root
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27543]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27544]: pam_unix(cron:session): session closed for user root
May  9 02:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27539]: pam_unix(cron:session): session closed for user p13x
May  9 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27616]: Successful su for rubyman by root
May  9 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27616]: + ??? root:rubyman
May  9 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356919 of user rubyman.
May  9 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27616]: pam_unix(su:session): session closed for user rubyman
May  9 02:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356919.
May  9 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27541]: pam_unix(cron:session): session closed for user root
May  9 02:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24767]: pam_unix(cron:session): session closed for user root
May  9 02:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27540]: pam_unix(cron:session): session closed for user samftp
May  9 02:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26605]: pam_unix(cron:session): session closed for user root
May  9 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28024]: pam_unix(cron:session): session closed for user p13x
May  9 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28093]: Successful su for rubyman by root
May  9 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28093]: + ??? root:rubyman
May  9 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356925 of user rubyman.
May  9 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28093]: pam_unix(su:session): session closed for user rubyman
May  9 02:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356925.
May  9 02:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session closed for user root
May  9 02:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28025]: pam_unix(cron:session): session closed for user samftp
May  9 02:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  9 02:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=anonymous rhost=::ffff:152.32.143.71
May  9 02:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27059]: pam_unix(cron:session): session closed for user root
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28473]: pam_unix(cron:session): session closed for user p13x
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: Successful su for rubyman by root
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: + ??? root:rubyman
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356928 of user rubyman.
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28543]: pam_unix(su:session): session closed for user rubyman
May  9 02:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356928.
May  9 02:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25639]: pam_unix(cron:session): session closed for user root
May  9 02:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28474]: pam_unix(cron:session): session closed for user samftp
May  9 02:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27543]: pam_unix(cron:session): session closed for user root
May  9 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28922]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28921]: pam_unix(cron:session): session closed for user p13x
May  9 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28983]: Successful su for rubyman by root
May  9 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28983]: + ??? root:rubyman
May  9 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28983]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356932 of user rubyman.
May  9 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28983]: pam_unix(su:session): session closed for user rubyman
May  9 02:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356932.
May  9 02:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26121]: pam_unix(cron:session): session closed for user root
May  9 02:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28922]: pam_unix(cron:session): session closed for user samftp
May  9 02:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28027]: pam_unix(cron:session): session closed for user root
May  9 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29459]: pam_unix(cron:session): session closed for user p13x
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29524]: Successful su for rubyman by root
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29524]: + ??? root:rubyman
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356937 of user rubyman.
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29524]: pam_unix(su:session): session closed for user rubyman
May  9 02:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356937.
May  9 02:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26604]: pam_unix(cron:session): session closed for user root
May  9 02:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29461]: pam_unix(cron:session): session closed for user samftp
May  9 02:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28476]: pam_unix(cron:session): session closed for user root
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29889]: pam_unix(cron:session): session closed for user root
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29883]: pam_unix(cron:session): session closed for user p13x
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: Successful su for rubyman by root
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: + ??? root:rubyman
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356944 of user rubyman.
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29957]: pam_unix(su:session): session closed for user rubyman
May  9 02:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356944.
May  9 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29886]: pam_unix(cron:session): session closed for user root
May  9 02:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27058]: pam_unix(cron:session): session closed for user root
May  9 02:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29885]: pam_unix(cron:session): session closed for user samftp
May  9 02:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28925]: pam_unix(cron:session): session closed for user root
May  9 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30316]: pam_unix(cron:session): session closed for user p13x
May  9 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: Successful su for rubyman by root
May  9 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: + ??? root:rubyman
May  9 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356947 of user rubyman.
May  9 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: pam_unix(su:session): session closed for user rubyman
May  9 02:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356947.
May  9 02:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27542]: pam_unix(cron:session): session closed for user root
May  9 02:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30317]: pam_unix(cron:session): session closed for user samftp
May  9 02:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29463]: pam_unix(cron:session): session closed for user root
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30735]: pam_unix(cron:session): session closed for user p13x
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: Successful su for rubyman by root
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: + ??? root:rubyman
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356951 of user rubyman.
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30795]: pam_unix(su:session): session closed for user rubyman
May  9 02:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356951.
May  9 02:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28026]: pam_unix(cron:session): session closed for user root
May  9 02:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30736]: pam_unix(cron:session): session closed for user samftp
May  9 02:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29888]: pam_unix(cron:session): session closed for user root
May  9 02:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Failed password for root from 218.92.0.179 port 16416 ssh2
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Failed password for root from 218.92.0.179 port 16416 ssh2
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31245]: pam_unix(cron:session): session closed for user p13x
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: Successful su for rubyman by root
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: + ??? root:rubyman
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356955 of user rubyman.
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31316]: pam_unix(su:session): session closed for user rubyman
May  9 02:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356955.
May  9 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Failed password for root from 218.92.0.179 port 16416 ssh2
May  9 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Received disconnect from 218.92.0.179 port 16416:11:  [preauth]
May  9 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: Disconnected from 218.92.0.179 port 16416 [preauth]
May  9 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31234]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28475]: pam_unix(cron:session): session closed for user root
May  9 02:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31246]: pam_unix(cron:session): session closed for user samftp
May  9 02:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30319]: pam_unix(cron:session): session closed for user root
May  9 02:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  9 02:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31654]: Failed password for root from 218.92.0.215 port 10228 ssh2
May  9 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  9 02:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31711]: Failed password for root from 218.92.0.215 port 3036 ssh2
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31723]: pam_unix(cron:session): session closed for user p13x
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31846]: Successful su for rubyman by root
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31846]: + ??? root:rubyman
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31846]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356958 of user rubyman.
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31846]: pam_unix(su:session): session closed for user rubyman
May  9 02:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356958.
May  9 02:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31721]: pam_unix(cron:session): session closed for user root
May  9 02:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28924]: pam_unix(cron:session): session closed for user root
May  9 02:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31725]: pam_unix(cron:session): session closed for user samftp
May  9 02:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30740]: pam_unix(cron:session): session closed for user root
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32535]: pam_unix(cron:session): session closed for user root
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32527]: pam_unix(cron:session): session closed for user p13x
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32620]: Successful su for rubyman by root
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32620]: + ??? root:rubyman
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356965 of user rubyman.
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32620]: pam_unix(su:session): session closed for user rubyman
May  9 02:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356965.
May  9 02:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32531]: pam_unix(cron:session): session closed for user root
May  9 02:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29462]: pam_unix(cron:session): session closed for user root
May  9 02:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32529]: pam_unix(cron:session): session closed for user samftp
May  9 02:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31252]: pam_unix(cron:session): session closed for user root
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[706]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[704]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[704]: pam_unix(cron:session): session closed for user p13x
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[780]: Successful su for rubyman by root
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[780]: + ??? root:rubyman
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356969 of user rubyman.
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[780]: pam_unix(su:session): session closed for user rubyman
May  9 02:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356969.
May  9 02:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session closed for user root
May  9 02:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[705]: pam_unix(cron:session): session closed for user samftp
May  9 02:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31727]: pam_unix(cron:session): session closed for user root
May  9 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1200]: pam_unix(cron:session): session closed for user p13x
May  9 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1280]: Successful su for rubyman by root
May  9 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1280]: + ??? root:rubyman
May  9 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1280]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356973 of user rubyman.
May  9 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1280]: pam_unix(su:session): session closed for user rubyman
May  9 02:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356973.
May  9 02:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30318]: pam_unix(cron:session): session closed for user root
May  9 02:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session closed for user samftp
May  9 02:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Invalid user b1 from 193.70.84.184
May  9 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: input_userauth_request: invalid user b1 [preauth]
May  9 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 02:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32533]: pam_unix(cron:session): session closed for user root
May  9 02:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Failed password for invalid user b1 from 193.70.84.184 port 36112 ssh2
May  9 02:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1575]: Connection closed by 193.70.84.184 port 36112 [preauth]
May  9 02:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Invalid user array from 194.0.234.19
May  9 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: input_userauth_request: invalid user array [preauth]
May  9 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  9 02:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Failed password for invalid user array from 194.0.234.19 port 23412 ssh2
May  9 02:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1664]: Connection closed by 194.0.234.19 port 23412 [preauth]
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1707]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1705]: pam_unix(cron:session): session closed for user p13x
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: Successful su for rubyman by root
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: + ??? root:rubyman
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356977 of user rubyman.
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1781]: pam_unix(su:session): session closed for user rubyman
May  9 02:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356977.
May  9 02:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30739]: pam_unix(cron:session): session closed for user root
May  9 02:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1707]: pam_unix(cron:session): session closed for user samftp
May  9 02:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[708]: pam_unix(cron:session): session closed for user root
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2212]: pam_unix(cron:session): session closed for user p13x
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: Successful su for rubyman by root
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: + ??? root:rubyman
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356983 of user rubyman.
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2274]: pam_unix(su:session): session closed for user rubyman
May  9 02:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356983.
May  9 02:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31247]: pam_unix(cron:session): session closed for user root
May  9 02:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2213]: pam_unix(cron:session): session closed for user samftp
May  9 02:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user root
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2652]: pam_unix(cron:session): session closed for user root
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2647]: pam_unix(cron:session): session closed for user p13x
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: Successful su for rubyman by root
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: + ??? root:rubyman
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356985 of user rubyman.
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2739]: pam_unix(su:session): session closed for user rubyman
May  9 02:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356985.
May  9 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user root
May  9 02:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31726]: pam_unix(cron:session): session closed for user root
May  9 02:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user samftp
May  9 02:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1709]: pam_unix(cron:session): session closed for user root
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3116]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3112]: pam_unix(cron:session): session closed for user p13x
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3185]: Successful su for rubyman by root
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3185]: + ??? root:rubyman
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3185]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356991 of user rubyman.
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3185]: pam_unix(su:session): session closed for user rubyman
May  9 02:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356991.
May  9 02:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32532]: pam_unix(cron:session): session closed for user root
May  9 02:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3114]: pam_unix(cron:session): session closed for user samftp
May  9 02:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2215]: pam_unix(cron:session): session closed for user root
May  9 02:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Invalid user admin from 80.94.95.112
May  9 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: input_userauth_request: invalid user admin [preauth]
May  9 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 02:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for invalid user admin from 80.94.95.112 port 51128 ssh2
May  9 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3736]: pam_unix(cron:session): session closed for user p13x
May  9 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: Successful su for rubyman by root
May  9 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: + ??? root:rubyman
May  9 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 356996 of user rubyman.
May  9 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3798]: pam_unix(su:session): session closed for user rubyman
May  9 02:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 356996.
May  9 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for invalid user admin from 80.94.95.112 port 51128 ssh2
May  9 02:47:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[706]: pam_unix(cron:session): session closed for user root
May  9 02:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for invalid user admin from 80.94.95.112 port 51128 ssh2
May  9 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3737]: pam_unix(cron:session): session closed for user samftp
May  9 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for invalid user admin from 80.94.95.112 port 51128 ssh2
May  9 02:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:47:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Failed password for invalid user admin from 80.94.95.112 port 51128 ssh2
May  9 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Received disconnect from 80.94.95.112 port 51128:11: Bye [preauth]
May  9 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: Disconnected from 80.94.95.112 port 51128 [preauth]
May  9 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 02:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3725]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 02:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session closed for user root
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4515]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4514]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4513]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4513]: pam_unix(cron:session): session closed for user p13x
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4583]: Successful su for rubyman by root
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4583]: + ??? root:rubyman
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4583]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357000 of user rubyman.
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4583]: pam_unix(su:session): session closed for user rubyman
May  9 02:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357000.
May  9 02:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user root
May  9 02:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4514]: pam_unix(cron:session): session closed for user samftp
May  9 02:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3116]: pam_unix(cron:session): session closed for user root
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5657]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5656]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5656]: pam_unix(cron:session): session closed for user p13x
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: Successful su for rubyman by root
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: + ??? root:rubyman
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357003 of user rubyman.
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5721]: pam_unix(su:session): session closed for user rubyman
May  9 02:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357003.
May  9 02:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1708]: pam_unix(cron:session): session closed for user root
May  9 02:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5657]: pam_unix(cron:session): session closed for user samftp
May  9 02:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3739]: pam_unix(cron:session): session closed for user root
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6270]: pam_unix(cron:session): session closed for user root
May  9 02:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6265]: pam_unix(cron:session): session closed for user p13x
May  9 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: Successful su for rubyman by root
May  9 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: + ??? root:rubyman
May  9 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357007 of user rubyman.
May  9 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6338]: pam_unix(su:session): session closed for user rubyman
May  9 02:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357007.
May  9 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6267]: pam_unix(cron:session): session closed for user root
May  9 02:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2214]: pam_unix(cron:session): session closed for user root
May  9 02:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6266]: pam_unix(cron:session): session closed for user samftp
May  9 02:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4516]: pam_unix(cron:session): session closed for user root
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6700]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6700]: pam_unix(cron:session): session closed for user p13x
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6771]: Successful su for rubyman by root
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6771]: + ??? root:rubyman
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357013 of user rubyman.
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6771]: pam_unix(su:session): session closed for user rubyman
May  9 02:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357013.
May  9 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session closed for user root
May  9 02:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6701]: pam_unix(cron:session): session closed for user samftp
May  9 02:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5659]: pam_unix(cron:session): session closed for user root
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7220]: pam_unix(cron:session): session closed for user p13x
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7284]: Successful su for rubyman by root
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7284]: + ??? root:rubyman
May  9 02:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7284]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357019 of user rubyman.
May  9 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7284]: pam_unix(su:session): session closed for user rubyman
May  9 02:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357019.
May  9 02:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3115]: pam_unix(cron:session): session closed for user root
May  9 02:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7221]: pam_unix(cron:session): session closed for user samftp
May  9 02:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6269]: pam_unix(cron:session): session closed for user root
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7730]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7729]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7729]: pam_unix(cron:session): session closed for user p13x
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7805]: Successful su for rubyman by root
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7805]: + ??? root:rubyman
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7805]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357021 of user rubyman.
May  9 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7805]: pam_unix(su:session): session closed for user rubyman
May  9 02:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357021.
May  9 02:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3738]: pam_unix(cron:session): session closed for user root
May  9 02:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7730]: pam_unix(cron:session): session closed for user samftp
May  9 02:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6703]: pam_unix(cron:session): session closed for user root
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8164]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8166]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8163]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8163]: pam_unix(cron:session): session closed for user p13x
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8233]: Successful su for rubyman by root
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8233]: + ??? root:rubyman
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357025 of user rubyman.
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8233]: pam_unix(su:session): session closed for user rubyman
May  9 02:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357025.
May  9 02:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4515]: pam_unix(cron:session): session closed for user root
May  9 02:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8164]: pam_unix(cron:session): session closed for user samftp
May  9 02:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7224]: pam_unix(cron:session): session closed for user root
May  9 02:54:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8588]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8588]: pam_unix(cron:session): session closed for user root
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8582]: pam_unix(cron:session): session closed for user p13x
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8654]: Successful su for rubyman by root
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8654]: + ??? root:rubyman
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8654]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357029 of user rubyman.
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8654]: pam_unix(su:session): session closed for user rubyman
May  9 02:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357029.
May  9 02:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8584]: pam_unix(cron:session): session closed for user root
May  9 02:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5658]: pam_unix(cron:session): session closed for user root
May  9 02:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8583]: pam_unix(cron:session): session closed for user samftp
May  9 02:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7732]: pam_unix(cron:session): session closed for user root
May  9 02:55:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:55:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Failed password for root from 218.92.0.179 port 10225 ssh2
May  9 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 10225 ssh2]
May  9 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Received disconnect from 218.92.0.179 port 10225:11:  [preauth]
May  9 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: Disconnected from 218.92.0.179 port 10225 [preauth]
May  9 02:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9012]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9032]: pam_unix(cron:session): session closed for user p13x
May  9 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9102]: Successful su for rubyman by root
May  9 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9102]: + ??? root:rubyman
May  9 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357035 of user rubyman.
May  9 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9102]: pam_unix(su:session): session closed for user rubyman
May  9 02:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357035.
May  9 02:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6268]: pam_unix(cron:session): session closed for user root
May  9 02:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9033]: pam_unix(cron:session): session closed for user samftp
May  9 02:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8166]: pam_unix(cron:session): session closed for user root
May  9 02:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Invalid user ec2-user from 182.92.142.76
May  9 02:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: input_userauth_request: invalid user ec2-user [preauth]
May  9 02:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.92.142.76
May  9 02:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Failed password for invalid user ec2-user from 182.92.142.76 port 60682 ssh2
May  9 02:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Received disconnect from 182.92.142.76 port 60682:11: Bye Bye [preauth]
May  9 02:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9524]: Disconnected from 182.92.142.76 port 60682 [preauth]
May  9 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9565]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9565]: pam_unix(cron:session): session closed for user p13x
May  9 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: Successful su for rubyman by root
May  9 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: + ??? root:rubyman
May  9 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357039 of user rubyman.
May  9 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9626]: pam_unix(su:session): session closed for user rubyman
May  9 02:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357039.
May  9 02:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6702]: pam_unix(cron:session): session closed for user root
May  9 02:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9566]: pam_unix(cron:session): session closed for user samftp
May  9 02:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Invalid user admin from 80.94.95.241
May  9 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: input_userauth_request: invalid user admin [preauth]
May  9 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 02:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for invalid user admin from 80.94.95.241 port 40064 ssh2
May  9 02:57:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for invalid user admin from 80.94.95.241 port 40064 ssh2
May  9 02:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for invalid user admin from 80.94.95.241 port 40064 ssh2
May  9 02:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for invalid user admin from 80.94.95.241 port 40064 ssh2
May  9 02:57:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: pam_unix(sshd:auth): check pass; user unknown
May  9 02:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Failed password for invalid user admin from 80.94.95.241 port 40064 ssh2
May  9 02:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Received disconnect from 80.94.95.241 port 40064:11: Bye [preauth]
May  9 02:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: Disconnected from 80.94.95.241 port 40064 [preauth]
May  9 02:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 02:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9845]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 02:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8587]: pam_unix(cron:session): session closed for user root
May  9 02:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9977]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9977]: pam_unix(cron:session): session closed for user p13x
May  9 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: Successful su for rubyman by root
May  9 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: + ??? root:rubyman
May  9 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357043 of user rubyman.
May  9 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10039]: pam_unix(su:session): session closed for user rubyman
May  9 02:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357043.
May  9 02:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  9 02:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7222]: pam_unix(cron:session): session closed for user root
May  9 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Failed password for root from 80.94.95.115 port 18934 ssh2
May  9 02:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9964]: Connection closed by 80.94.95.115 port 18934 [preauth]
May  9 02:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9978]: pam_unix(cron:session): session closed for user samftp
May  9 02:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9035]: pam_unix(cron:session): session closed for user root
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10476]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10475]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10475]: pam_unix(cron:session): session closed for user p13x
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10541]: Successful su for rubyman by root
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10541]: + ??? root:rubyman
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10541]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357050 of user rubyman.
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10541]: pam_unix(su:session): session closed for user rubyman
May  9 02:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357050.
May  9 02:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7731]: pam_unix(cron:session): session closed for user root
May  9 02:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10476]: pam_unix(cron:session): session closed for user samftp
May  9 02:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9568]: pam_unix(cron:session): session closed for user root
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10941]: pam_unix(cron:session): session closed for user root
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10937]: pam_unix(cron:session): session closed for user root
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10935]: pam_unix(cron:session): session closed for user p13x
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: Successful su for rubyman by root
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: + ??? root:rubyman
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357053 of user rubyman.
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11027]: pam_unix(su:session): session closed for user rubyman
May  9 03:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357053.
May  9 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8165]: pam_unix(cron:session): session closed for user root
May  9 03:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10938]: pam_unix(cron:session): session closed for user root
May  9 03:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10936]: pam_unix(cron:session): session closed for user samftp
May  9 03:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9981]: pam_unix(cron:session): session closed for user root
May  9 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11419]: pam_unix(cron:session): session closed for user p13x
May  9 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: Successful su for rubyman by root
May  9 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: + ??? root:rubyman
May  9 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357058 of user rubyman.
May  9 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11490]: pam_unix(su:session): session closed for user rubyman
May  9 03:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357058.
May  9 03:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8585]: pam_unix(cron:session): session closed for user root
May  9 03:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11420]: pam_unix(cron:session): session closed for user samftp
May  9 03:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10478]: pam_unix(cron:session): session closed for user root
May  9 03:01:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:01:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:01:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Failed password for root from 218.92.0.179 port 54166 ssh2
May  9 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 54166 ssh2]
May  9 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Received disconnect from 218.92.0.179 port 54166:11:  [preauth]
May  9 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: Disconnected from 218.92.0.179 port 54166 [preauth]
May  9 03:01:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11809]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11831]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11830]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11830]: pam_unix(cron:session): session closed for user p13x
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11900]: Successful su for rubyman by root
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11900]: + ??? root:rubyman
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11900]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357063 of user rubyman.
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11900]: pam_unix(su:session): session closed for user rubyman
May  9 03:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357063.
May  9 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9034]: pam_unix(cron:session): session closed for user root
May  9 03:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11831]: pam_unix(cron:session): session closed for user samftp
May  9 03:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10940]: pam_unix(cron:session): session closed for user root
May  9 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12224]: pam_unix(cron:session): session closed for user p13x
May  9 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12293]: Successful su for rubyman by root
May  9 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12293]: + ??? root:rubyman
May  9 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12293]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357067 of user rubyman.
May  9 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12293]: pam_unix(su:session): session closed for user rubyman
May  9 03:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357067.
May  9 03:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9567]: pam_unix(cron:session): session closed for user root
May  9 03:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12226]: pam_unix(cron:session): session closed for user samftp
May  9 03:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11422]: pam_unix(cron:session): session closed for user root
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session closed for user p13x
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: Successful su for rubyman by root
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: + ??? root:rubyman
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357072 of user rubyman.
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12685]: pam_unix(su:session): session closed for user rubyman
May  9 03:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357072.
May  9 03:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9979]: pam_unix(cron:session): session closed for user root
May  9 03:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user samftp
May  9 03:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11833]: pam_unix(cron:session): session closed for user root
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13020]: pam_unix(cron:session): session closed for user root
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13015]: pam_unix(cron:session): session closed for user p13x
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13089]: Successful su for rubyman by root
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13089]: + ??? root:rubyman
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357076 of user rubyman.
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13089]: pam_unix(su:session): session closed for user rubyman
May  9 03:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357076.
May  9 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13017]: pam_unix(cron:session): session closed for user root
May  9 03:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10477]: pam_unix(cron:session): session closed for user root
May  9 03:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13016]: pam_unix(cron:session): session closed for user samftp
May  9 03:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12232]: pam_unix(cron:session): session closed for user root
May  9 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13530]: pam_unix(cron:session): session closed for user p13x
May  9 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: Successful su for rubyman by root
May  9 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: + ??? root:rubyman
May  9 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357081 of user rubyman.
May  9 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13620]: pam_unix(su:session): session closed for user rubyman
May  9 03:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357081.
May  9 03:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10939]: pam_unix(cron:session): session closed for user root
May  9 03:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user samftp
May  9 03:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12630]: pam_unix(cron:session): session closed for user root
May  9 03:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Invalid user osbash from 80.94.95.241
May  9 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: input_userauth_request: invalid user osbash [preauth]
May  9 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for invalid user osbash from 80.94.95.241 port 64397 ssh2
May  9 03:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for invalid user osbash from 80.94.95.241 port 64397 ssh2
May  9 03:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for invalid user osbash from 80.94.95.241 port 64397 ssh2
May  9 03:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for invalid user osbash from 80.94.95.241 port 64397 ssh2
May  9 03:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Failed password for invalid user osbash from 80.94.95.241 port 64397 ssh2
May  9 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Received disconnect from 80.94.95.241 port 64397:11: Bye [preauth]
May  9 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: Disconnected from 80.94.95.241 port 64397 [preauth]
May  9 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 03:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13911]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13962]: pam_unix(cron:session): session closed for user p13x
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14027]: Successful su for rubyman by root
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14027]: + ??? root:rubyman
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14027]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357084 of user rubyman.
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14027]: pam_unix(su:session): session closed for user rubyman
May  9 03:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357084.
May  9 03:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11421]: pam_unix(cron:session): session closed for user root
May  9 03:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user samftp
May  9 03:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13019]: pam_unix(cron:session): session closed for user root
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14364]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14360]: pam_unix(cron:session): session closed for user p13x
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14421]: Successful su for rubyman by root
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14421]: + ??? root:rubyman
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14421]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357089 of user rubyman.
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14421]: pam_unix(su:session): session closed for user rubyman
May  9 03:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357089.
May  9 03:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11832]: pam_unix(cron:session): session closed for user root
May  9 03:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14361]: pam_unix(cron:session): session closed for user samftp
May  9 03:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user root
May  9 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14768]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14770]: pam_unix(cron:session): session closed for user p13x
May  9 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14893]: Successful su for rubyman by root
May  9 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14893]: + ??? root:rubyman
May  9 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14893]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357093 of user rubyman.
May  9 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14893]: pam_unix(su:session): session closed for user rubyman
May  9 03:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357093.
May  9 03:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14768]: pam_unix(cron:session): session closed for user root
May  9 03:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12231]: pam_unix(cron:session): session closed for user root
May  9 03:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14771]: pam_unix(cron:session): session closed for user samftp
May  9 03:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session closed for user root
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session closed for user root
May  9 03:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15266]: pam_unix(cron:session): session closed for user p13x
May  9 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: Successful su for rubyman by root
May  9 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: + ??? root:rubyman
May  9 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357102 of user rubyman.
May  9 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15340]: pam_unix(su:session): session closed for user rubyman
May  9 03:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357102.
May  9 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user root
May  9 03:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user root
May  9 03:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15267]: pam_unix(cron:session): session closed for user samftp
May  9 03:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14364]: pam_unix(cron:session): session closed for user root
May  9 03:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:10:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Failed password for root from 218.92.0.179 port 40443 ssh2
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15692]: pam_unix(cron:session): session closed for user p13x
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Failed password for root from 218.92.0.179 port 40443 ssh2
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: Successful su for rubyman by root
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: + ??? root:rubyman
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357103 of user rubyman.
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15761]: pam_unix(su:session): session closed for user rubyman
May  9 03:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357103.
May  9 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Failed password for root from 218.92.0.179 port 40443 ssh2
May  9 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Received disconnect from 218.92.0.179 port 40443:11:  [preauth]
May  9 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: Disconnected from 218.92.0.179 port 40443 [preauth]
May  9 03:11:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15677]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13018]: pam_unix(cron:session): session closed for user root
May  9 03:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15693]: pam_unix(cron:session): session closed for user samftp
May  9 03:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  9 03:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for root from 218.92.0.201 port 50368 ssh2
May  9 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 50368 ssh2]
May  9 03:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14773]: pam_unix(cron:session): session closed for user root
May  9 03:11:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for root from 218.92.0.201 port 50368 ssh2
May  9 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Failed password for root from 218.92.0.201 port 50368 ssh2
May  9 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: error: maximum authentication attempts exceeded for root from 218.92.0.201 port 50368 ssh2 [preauth]
May  9 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: Disconnecting: Too many authentication failures [preauth]
May  9 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  9 03:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15988]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 03:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:11:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  9 03:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: Failed password for root from 218.92.0.201 port 20172 ssh2
May  9 03:11:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: message repeated 2 times: [ Failed password for root from 218.92.0.201 port 20172 ssh2]
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16098]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16095]: pam_unix(cron:session): session closed for user p13x
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16156]: Successful su for rubyman by root
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16156]: + ??? root:rubyman
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16156]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357108 of user rubyman.
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16156]: pam_unix(su:session): session closed for user rubyman
May  9 03:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357108.
May  9 03:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16054]: Failed password for root from 218.92.0.201 port 20172 ssh2
May  9 03:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user root
May  9 03:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16097]: pam_unix(cron:session): session closed for user samftp
May  9 03:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  9 03:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for root from 218.92.0.201 port 32586 ssh2
May  9 03:12:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Failed password for root from 218.92.0.201 port 32586 ssh2
May  9 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Received disconnect from 218.92.0.201 port 32586:11:  [preauth]
May  9 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: Disconnected from 218.92.0.201 port 32586 [preauth]
May  9 03:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16359]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  9 03:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
May  9 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16504]: pam_unix(cron:session): session closed for user p13x
May  9 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: Successful su for rubyman by root
May  9 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: + ??? root:rubyman
May  9 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357111 of user rubyman.
May  9 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16581]: pam_unix(su:session): session closed for user rubyman
May  9 03:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357111.
May  9 03:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user root
May  9 03:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16505]: pam_unix(cron:session): session closed for user samftp
May  9 03:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15697]: pam_unix(cron:session): session closed for user root
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16967]: pam_unix(cron:session): session closed for user p13x
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: Successful su for rubyman by root
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: + ??? root:rubyman
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357117 of user rubyman.
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17028]: pam_unix(su:session): session closed for user rubyman
May  9 03:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357117.
May  9 03:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14362]: pam_unix(cron:session): session closed for user root
May  9 03:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16968]: pam_unix(cron:session): session closed for user samftp
May  9 03:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16099]: pam_unix(cron:session): session closed for user root
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17369]: pam_unix(cron:session): session closed for user root
May  9 03:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17364]: pam_unix(cron:session): session closed for user p13x
May  9 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: Successful su for rubyman by root
May  9 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: + ??? root:rubyman
May  9 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357119 of user rubyman.
May  9 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17434]: pam_unix(su:session): session closed for user rubyman
May  9 03:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357119.
May  9 03:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17366]: pam_unix(cron:session): session closed for user root
May  9 03:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14772]: pam_unix(cron:session): session closed for user root
May  9 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17365]: pam_unix(cron:session): session closed for user samftp
May  9 03:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: Invalid user ptcall from 182.92.142.76
May  9 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: input_userauth_request: invalid user ptcall [preauth]
May  9 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.92.142.76
May  9 03:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: Failed password for invalid user ptcall from 182.92.142.76 port 50324 ssh2
May  9 03:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: Received disconnect from 182.92.142.76 port 50324:11: Bye Bye [preauth]
May  9 03:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17662]: Disconnected from 182.92.142.76 port 50324 [preauth]
May  9 03:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16510]: pam_unix(cron:session): session closed for user root
May  9 03:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.92.142.76  user=root
May  9 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Failed password for root from 182.92.142.76 port 43888 ssh2
May  9 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Received disconnect from 182.92.142.76 port 43888:11: Bye Bye [preauth]
May  9 03:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17908]: Disconnected from 182.92.142.76 port 43888 [preauth]
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17924]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17921]: pam_unix(cron:session): session closed for user p13x
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17996]: Successful su for rubyman by root
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17996]: + ??? root:rubyman
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17996]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357125 of user rubyman.
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17996]: pam_unix(su:session): session closed for user rubyman
May  9 03:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357125.
May  9 03:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user root
May  9 03:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17924]: pam_unix(cron:session): session closed for user samftp
May  9 03:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Invalid user dal from 182.92.142.76
May  9 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: input_userauth_request: invalid user dal [preauth]
May  9 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.92.142.76
May  9 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Failed password for invalid user dal from 182.92.142.76 port 57306 ssh2
May  9 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Received disconnect from 182.92.142.76 port 57306:11: Bye Bye [preauth]
May  9 03:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18250]: Disconnected from 182.92.142.76 port 57306 [preauth]
May  9 03:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16970]: pam_unix(cron:session): session closed for user root
May  9 03:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:16:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Failed password for root from 218.92.0.179 port 39382 ssh2
May  9 03:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 39382 ssh2]
May  9 03:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Received disconnect from 218.92.0.179 port 39382:11:  [preauth]
May  9 03:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: Disconnected from 218.92.0.179 port 39382 [preauth]
May  9 03:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18292]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18345]: pam_unix(cron:session): session closed for user root
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18347]: pam_unix(cron:session): session closed for user p13x
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18425]: Successful su for rubyman by root
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18425]: + ??? root:rubyman
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18425]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357130 of user rubyman.
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18425]: pam_unix(su:session): session closed for user rubyman
May  9 03:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357130.
May  9 03:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15694]: pam_unix(cron:session): session closed for user root
May  9 03:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18348]: pam_unix(cron:session): session closed for user samftp
May  9 03:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Invalid user yuriy from 182.92.142.76
May  9 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: input_userauth_request: invalid user yuriy [preauth]
May  9 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.92.142.76
May  9 03:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Failed password for invalid user yuriy from 182.92.142.76 port 45022 ssh2
May  9 03:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Received disconnect from 182.92.142.76 port 45022:11: Bye Bye [preauth]
May  9 03:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18612]: Disconnected from 182.92.142.76 port 45022 [preauth]
May  9 03:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17368]: pam_unix(cron:session): session closed for user root
May  9 03:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.92.142.76  user=root
May  9 03:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Failed password for root from 182.92.142.76 port 33944 ssh2
May  9 03:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Received disconnect from 182.92.142.76 port 33944:11: Bye Bye [preauth]
May  9 03:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18737]: Disconnected from 182.92.142.76 port 33944 [preauth]
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18773]: pam_unix(cron:session): session closed for user p13x
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: Successful su for rubyman by root
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: + ??? root:rubyman
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357134 of user rubyman.
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18837]: pam_unix(su:session): session closed for user rubyman
May  9 03:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357134.
May  9 03:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16098]: pam_unix(cron:session): session closed for user root
May  9 03:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18774]: pam_unix(cron:session): session closed for user samftp
May  9 03:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17927]: pam_unix(cron:session): session closed for user root
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19172]: pam_unix(cron:session): session closed for user p13x
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19234]: Successful su for rubyman by root
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19234]: + ??? root:rubyman
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357139 of user rubyman.
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19234]: pam_unix(su:session): session closed for user rubyman
May  9 03:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357139.
May  9 03:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16506]: pam_unix(cron:session): session closed for user root
May  9 03:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19173]: pam_unix(cron:session): session closed for user samftp
May  9 03:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Invalid user admin from 80.94.95.112
May  9 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: input_userauth_request: invalid user admin [preauth]
May  9 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: Invalid user daniel from 194.0.234.19
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: input_userauth_request: invalid user daniel [preauth]
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for invalid user admin from 80.94.95.112 port 14448 ssh2
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18350]: pam_unix(cron:session): session closed for user root
May  9 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: Failed password for invalid user daniel from 194.0.234.19 port 28084 ssh2
May  9 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for invalid user admin from 80.94.95.112 port 14448 ssh2
May  9 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19499]: Connection closed by 194.0.234.19 port 28084 [preauth]
May  9 03:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for invalid user admin from 80.94.95.112 port 14448 ssh2
May  9 03:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for invalid user admin from 80.94.95.112 port 14448 ssh2
May  9 03:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Failed password for invalid user admin from 80.94.95.112 port 14448 ssh2
May  9 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Received disconnect from 80.94.95.112 port 14448:11: Bye [preauth]
May  9 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: Disconnected from 80.94.95.112 port 14448 [preauth]
May  9 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 03:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19488]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19587]: pam_unix(cron:session): session closed for user root
May  9 03:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19582]: pam_unix(cron:session): session closed for user p13x
May  9 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19670]: Successful su for rubyman by root
May  9 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19670]: + ??? root:rubyman
May  9 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357146 of user rubyman.
May  9 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19670]: pam_unix(su:session): session closed for user rubyman
May  9 03:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357146.
May  9 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19584]: pam_unix(cron:session): session closed for user root
May  9 03:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16969]: pam_unix(cron:session): session closed for user root
May  9 03:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19583]: pam_unix(cron:session): session closed for user samftp
May  9 03:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18776]: pam_unix(cron:session): session closed for user root
May  9 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20043]: pam_unix(cron:session): session closed for user p13x
May  9 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: Successful su for rubyman by root
May  9 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: + ??? root:rubyman
May  9 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357149 of user rubyman.
May  9 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20116]: pam_unix(su:session): session closed for user rubyman
May  9 03:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357149.
May  9 03:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17367]: pam_unix(cron:session): session closed for user root
May  9 03:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20044]: pam_unix(cron:session): session closed for user samftp
May  9 03:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19175]: pam_unix(cron:session): session closed for user root
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20446]: pam_unix(cron:session): session closed for user p13x
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20513]: Successful su for rubyman by root
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20513]: + ??? root:rubyman
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357152 of user rubyman.
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20513]: pam_unix(su:session): session closed for user rubyman
May  9 03:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357152.
May  9 03:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17925]: pam_unix(cron:session): session closed for user root
May  9 03:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20447]: pam_unix(cron:session): session closed for user samftp
May  9 03:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19586]: pam_unix(cron:session): session closed for user root
May  9 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20852]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20851]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20854]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20851]: pam_unix(cron:session): session closed for user p13x
May  9 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20927]: Successful su for rubyman by root
May  9 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20927]: + ??? root:rubyman
May  9 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357156 of user rubyman.
May  9 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20927]: pam_unix(su:session): session closed for user rubyman
May  9 03:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357156.
May  9 03:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18349]: pam_unix(cron:session): session closed for user root
May  9 03:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20852]: pam_unix(cron:session): session closed for user samftp
May  9 03:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20046]: pam_unix(cron:session): session closed for user root
May  9 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21297]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21296]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21295]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21294]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21294]: pam_unix(cron:session): session closed for user p13x
May  9 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21359]: Successful su for rubyman by root
May  9 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21359]: + ??? root:rubyman
May  9 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357160 of user rubyman.
May  9 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21359]: pam_unix(su:session): session closed for user rubyman
May  9 03:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357160.
May  9 03:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18775]: pam_unix(cron:session): session closed for user root
May  9 03:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21295]: pam_unix(cron:session): session closed for user samftp
May  9 03:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20450]: pam_unix(cron:session): session closed for user root
May  9 03:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21663]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21663]: Connection reset by 147.185.132.88 port 62154 [preauth]
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21732]: pam_unix(cron:session): session closed for user root
May  9 03:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21727]: pam_unix(cron:session): session closed for user p13x
May  9 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: Successful su for rubyman by root
May  9 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: + ??? root:rubyman
May  9 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357167 of user rubyman.
May  9 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22077]: pam_unix(su:session): session closed for user rubyman
May  9 03:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357167.
May  9 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21729]: pam_unix(cron:session): session closed for user root
May  9 03:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19174]: pam_unix(cron:session): session closed for user root
May  9 03:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21728]: pam_unix(cron:session): session closed for user samftp
May  9 03:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20854]: pam_unix(cron:session): session closed for user root
May  9 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22506]: pam_unix(cron:session): session closed for user p13x
May  9 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: Successful su for rubyman by root
May  9 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: + ??? root:rubyman
May  9 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357170 of user rubyman.
May  9 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22593]: pam_unix(su:session): session closed for user rubyman
May  9 03:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357170.
May  9 03:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19585]: pam_unix(cron:session): session closed for user root
May  9 03:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22507]: pam_unix(cron:session): session closed for user samftp
May  9 03:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21297]: pam_unix(cron:session): session closed for user root
May  9 03:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Failed password for root from 218.92.0.179 port 45525 ssh2
May  9 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 45525 ssh2]
May  9 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Received disconnect from 218.92.0.179 port 45525:11:  [preauth]
May  9 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: Disconnected from 218.92.0.179 port 45525 [preauth]
May  9 03:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22969]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22994]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22994]: pam_unix(cron:session): session closed for user p13x
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23055]: Successful su for rubyman by root
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23055]: + ??? root:rubyman
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357177 of user rubyman.
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23055]: pam_unix(su:session): session closed for user rubyman
May  9 03:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357177.
May  9 03:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20045]: pam_unix(cron:session): session closed for user root
May  9 03:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22995]: pam_unix(cron:session): session closed for user samftp
May  9 03:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21731]: pam_unix(cron:session): session closed for user root
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23494]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23493]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23492]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23492]: pam_unix(cron:session): session closed for user p13x
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23553]: Successful su for rubyman by root
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23553]: + ??? root:rubyman
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23553]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357179 of user rubyman.
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23553]: pam_unix(su:session): session closed for user rubyman
May  9 03:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357179.
May  9 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20448]: pam_unix(cron:session): session closed for user root
May  9 03:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23493]: pam_unix(cron:session): session closed for user samftp
May  9 03:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: Failed password for root from 218.92.0.179 port 59972 ssh2
May  9 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59972 ssh2]
May  9 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: Received disconnect from 218.92.0.179 port 59972:11:  [preauth]
May  9 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: Disconnected from 218.92.0.179 port 59972 [preauth]
May  9 03:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23704]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22509]: pam_unix(cron:session): session closed for user root
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24018]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24017]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24017]: pam_unix(cron:session): session closed for user p13x
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24077]: Successful su for rubyman by root
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24077]: + ??? root:rubyman
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24077]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357182 of user rubyman.
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24077]: pam_unix(su:session): session closed for user rubyman
May  9 03:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357182.
May  9 03:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20853]: pam_unix(cron:session): session closed for user root
May  9 03:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24018]: pam_unix(cron:session): session closed for user samftp
May  9 03:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22997]: pam_unix(cron:session): session closed for user root
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24451]: pam_unix(cron:session): session closed for user root
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24446]: pam_unix(cron:session): session closed for user p13x
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: Successful su for rubyman by root
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: + ??? root:rubyman
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357186 of user rubyman.
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24530]: pam_unix(su:session): session closed for user rubyman
May  9 03:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357186.
May  9 03:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24448]: pam_unix(cron:session): session closed for user root
May  9 03:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21296]: pam_unix(cron:session): session closed for user root
May  9 03:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24447]: pam_unix(cron:session): session closed for user samftp
May  9 03:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Invalid user admin from 80.94.95.241
May  9 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: input_userauth_request: invalid user admin [preauth]
May  9 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 03:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user admin from 80.94.95.241 port 8096 ssh2
May  9 03:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user admin from 80.94.95.241 port 8096 ssh2
May  9 03:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user admin from 80.94.95.241 port 8096 ssh2
May  9 03:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user admin from 80.94.95.241 port 8096 ssh2
May  9 03:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Failed password for invalid user admin from 80.94.95.241 port 8096 ssh2
May  9 03:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Received disconnect from 80.94.95.241 port 8096:11: Bye [preauth]
May  9 03:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: Disconnected from 80.94.95.241 port 8096 [preauth]
May  9 03:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 03:30:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24751]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 03:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23495]: pam_unix(cron:session): session closed for user root
May  9 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24907]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24905]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24905]: pam_unix(cron:session): session closed for user p13x
May  9 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24980]: Successful su for rubyman by root
May  9 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24980]: + ??? root:rubyman
May  9 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24980]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357194 of user rubyman.
May  9 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24980]: pam_unix(su:session): session closed for user rubyman
May  9 03:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357194.
May  9 03:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21730]: pam_unix(cron:session): session closed for user root
May  9 03:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24907]: pam_unix(cron:session): session closed for user samftp
May  9 03:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24020]: pam_unix(cron:session): session closed for user root
May  9 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  9 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25287]: Failed password for root from 50.235.31.47 port 39662 ssh2
May  9 03:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25287]: Connection closed by 50.235.31.47 port 39662 [preauth]
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25325]: pam_unix(cron:session): session closed for user p13x
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: Successful su for rubyman by root
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: + ??? root:rubyman
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357196 of user rubyman.
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25392]: pam_unix(su:session): session closed for user rubyman
May  9 03:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357196.
May  9 03:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22508]: pam_unix(cron:session): session closed for user root
May  9 03:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25326]: pam_unix(cron:session): session closed for user samftp
May  9 03:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Invalid user onlime_r from 80.94.95.115
May  9 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: input_userauth_request: invalid user onlime_r [preauth]
May  9 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  9 03:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Failed password for invalid user onlime_r from 80.94.95.115 port 33610 ssh2
May  9 03:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25587]: Connection closed by 80.94.95.115 port 33610 [preauth]
May  9 03:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24450]: pam_unix(cron:session): session closed for user root
May  9 03:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Invalid user jianghao from 164.68.105.9
May  9 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: input_userauth_request: invalid user jianghao [preauth]
May  9 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  9 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Failed password for invalid user jianghao from 164.68.105.9 port 38424 ssh2
May  9 03:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25771]: Connection closed by 164.68.105.9 port 38424 [preauth]
May  9 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25792]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25792]: pam_unix(cron:session): session closed for user p13x
May  9 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25874]: Successful su for rubyman by root
May  9 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25874]: + ??? root:rubyman
May  9 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25874]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357201 of user rubyman.
May  9 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25874]: pam_unix(su:session): session closed for user rubyman
May  9 03:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357201.
May  9 03:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22996]: pam_unix(cron:session): session closed for user root
May  9 03:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25793]: pam_unix(cron:session): session closed for user samftp
May  9 03:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24909]: pam_unix(cron:session): session closed for user root
May  9 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26225]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26224]: pam_unix(cron:session): session closed for user p13x
May  9 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26289]: Successful su for rubyman by root
May  9 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26289]: + ??? root:rubyman
May  9 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357204 of user rubyman.
May  9 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26289]: pam_unix(su:session): session closed for user rubyman
May  9 03:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357204.
May  9 03:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23494]: pam_unix(cron:session): session closed for user root
May  9 03:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26225]: pam_unix(cron:session): session closed for user samftp
May  9 03:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25328]: pam_unix(cron:session): session closed for user root
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26713]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26714]: pam_unix(cron:session): session closed for user root
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26709]: pam_unix(cron:session): session closed for user p13x
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: Successful su for rubyman by root
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: + ??? root:rubyman
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357213 of user rubyman.
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26775]: pam_unix(su:session): session closed for user rubyman
May  9 03:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357213.
May  9 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26711]: pam_unix(cron:session): session closed for user root
May  9 03:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24019]: pam_unix(cron:session): session closed for user root
May  9 03:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26710]: pam_unix(cron:session): session closed for user samftp
May  9 03:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25795]: pam_unix(cron:session): session closed for user root
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27220]: pam_unix(cron:session): session closed for user p13x
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27290]: Successful su for rubyman by root
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27290]: + ??? root:rubyman
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357215 of user rubyman.
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27290]: pam_unix(su:session): session closed for user rubyman
May  9 03:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357215.
May  9 03:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24449]: pam_unix(cron:session): session closed for user root
May  9 03:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27221]: pam_unix(cron:session): session closed for user samftp
May  9 03:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26228]: pam_unix(cron:session): session closed for user root
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27696]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27693]: pam_unix(cron:session): session closed for user p13x
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27756]: Successful su for rubyman by root
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27756]: + ??? root:rubyman
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27756]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357218 of user rubyman.
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27756]: pam_unix(su:session): session closed for user rubyman
May  9 03:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357218.
May  9 03:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24908]: pam_unix(cron:session): session closed for user root
May  9 03:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27694]: pam_unix(cron:session): session closed for user samftp
May  9 03:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26713]: pam_unix(cron:session): session closed for user root
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28100]: pam_unix(cron:session): session closed for user p13x
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: Successful su for rubyman by root
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: + ??? root:rubyman
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357224 of user rubyman.
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28165]: pam_unix(su:session): session closed for user rubyman
May  9 03:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357224.
May  9 03:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25327]: pam_unix(cron:session): session closed for user root
May  9 03:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28101]: pam_unix(cron:session): session closed for user samftp
May  9 03:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27224]: pam_unix(cron:session): session closed for user root
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28515]: pam_unix(cron:session): session closed for user p13x
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28637]: Successful su for rubyman by root
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28637]: + ??? root:rubyman
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28637]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357226 of user rubyman.
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28637]: pam_unix(su:session): session closed for user rubyman
May  9 03:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357226.
May  9 03:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28513]: pam_unix(cron:session): session closed for user root
May  9 03:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25794]: pam_unix(cron:session): session closed for user root
May  9 03:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28517]: pam_unix(cron:session): session closed for user samftp
May  9 03:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27697]: pam_unix(cron:session): session closed for user root
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29009]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29007]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29012]: pam_unix(cron:session): session closed for user root
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29007]: pam_unix(cron:session): session closed for user p13x
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: Successful su for rubyman by root
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: + ??? root:rubyman
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357231 of user rubyman.
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29170]: pam_unix(su:session): session closed for user rubyman
May  9 03:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357231.
May  9 03:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29009]: pam_unix(cron:session): session closed for user root
May  9 03:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26226]: pam_unix(cron:session): session closed for user root
May  9 03:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29008]: pam_unix(cron:session): session closed for user samftp
May  9 03:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28103]: pam_unix(cron:session): session closed for user root
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29544]: pam_unix(cron:session): session closed for user p13x
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29615]: Successful su for rubyman by root
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29615]: + ??? root:rubyman
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29615]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357237 of user rubyman.
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29615]: pam_unix(su:session): session closed for user rubyman
May  9 03:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357237.
May  9 03:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26712]: pam_unix(cron:session): session closed for user root
May  9 03:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29545]: pam_unix(cron:session): session closed for user samftp
May  9 03:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28520]: pam_unix(cron:session): session closed for user root
May  9 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29956]: pam_unix(cron:session): session closed for user p13x
May  9 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: Successful su for rubyman by root
May  9 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: + ??? root:rubyman
May  9 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357243 of user rubyman.
May  9 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30019]: pam_unix(su:session): session closed for user rubyman
May  9 03:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357243.
May  9 03:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27223]: pam_unix(cron:session): session closed for user root
May  9 03:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29957]: pam_unix(cron:session): session closed for user samftp
May  9 03:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29011]: pam_unix(cron:session): session closed for user root
May  9 03:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30347]: pam_unix(cron:session): session closed for user p13x
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30414]: Successful su for rubyman by root
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30414]: + ??? root:rubyman
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357245 of user rubyman.
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30414]: pam_unix(su:session): session closed for user rubyman
May  9 03:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357245.
May  9 03:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27696]: pam_unix(cron:session): session closed for user root
May  9 03:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30348]: pam_unix(cron:session): session closed for user samftp
May  9 03:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29547]: pam_unix(cron:session): session closed for user root
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30749]: pam_unix(cron:session): session closed for user p13x
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30807]: Successful su for rubyman by root
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30807]: + ??? root:rubyman
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30807]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357249 of user rubyman.
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30807]: pam_unix(su:session): session closed for user rubyman
May  9 03:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357249.
May  9 03:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28102]: pam_unix(cron:session): session closed for user root
May  9 03:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user samftp
May  9 03:44:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29959]: pam_unix(cron:session): session closed for user root
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31244]: pam_unix(cron:session): session closed for user root
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31239]: pam_unix(cron:session): session closed for user p13x
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31317]: Successful su for rubyman by root
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31317]: + ??? root:rubyman
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357255 of user rubyman.
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31317]: pam_unix(su:session): session closed for user rubyman
May  9 03:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357255.
May  9 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session closed for user root
May  9 03:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28519]: pam_unix(cron:session): session closed for user root
May  9 03:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session closed for user samftp
May  9 03:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 03:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Failed password for root from 164.68.105.9 port 54944 ssh2
May  9 03:45:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31560]: Connection closed by 164.68.105.9 port 54944 [preauth]
May  9 03:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30350]: pam_unix(cron:session): session closed for user root
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31710]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31709]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31709]: pam_unix(cron:session): session closed for user p13x
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31778]: Successful su for rubyman by root
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31778]: + ??? root:rubyman
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31778]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357260 of user rubyman.
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31778]: pam_unix(su:session): session closed for user rubyman
May  9 03:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357260.
May  9 03:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29010]: pam_unix(cron:session): session closed for user root
May  9 03:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31710]: pam_unix(cron:session): session closed for user samftp
May  9 03:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session closed for user root
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32420]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32419]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32419]: pam_unix(cron:session): session closed for user p13x
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: Successful su for rubyman by root
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: + ??? root:rubyman
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357265 of user rubyman.
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32490]: pam_unix(su:session): session closed for user rubyman
May  9 03:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357265.
May  9 03:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29546]: pam_unix(cron:session): session closed for user root
May  9 03:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32420]: pam_unix(cron:session): session closed for user samftp
May  9 03:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user root
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session closed for user p13x
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[617]: Successful su for rubyman by root
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[617]: + ??? root:rubyman
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[617]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357267 of user rubyman.
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[617]: pam_unix(su:session): session closed for user rubyman
May  9 03:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357267.
May  9 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29958]: pam_unix(cron:session): session closed for user root
May  9 03:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session closed for user samftp
May  9 03:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31712]: pam_unix(cron:session): session closed for user root
May  9 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1008]: pam_unix(cron:session): session closed for user p13x
May  9 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1089]: Successful su for rubyman by root
May  9 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1089]: + ??? root:rubyman
May  9 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1089]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357272 of user rubyman.
May  9 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1089]: pam_unix(su:session): session closed for user rubyman
May  9 03:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357272.
May  9 03:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30349]: pam_unix(cron:session): session closed for user root
May  9 03:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1009]: pam_unix(cron:session): session closed for user samftp
May  9 03:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:49:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 03:49:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: Failed password for root from 80.94.95.116 port 20632 ssh2
May  9 03:49:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1355]: Connection closed by 80.94.95.116 port 20632 [preauth]
May  9 03:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32423]: pam_unix(cron:session): session closed for user root
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1502]: pam_unix(cron:session): session closed for user root
May  9 03:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1497]: pam_unix(cron:session): session closed for user p13x
May  9 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: Successful su for rubyman by root
May  9 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: + ??? root:rubyman
May  9 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357277 of user rubyman.
May  9 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1577]: pam_unix(su:session): session closed for user rubyman
May  9 03:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357277.
May  9 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1499]: pam_unix(cron:session): session closed for user root
May  9 03:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session closed for user root
May  9 03:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1498]: pam_unix(cron:session): session closed for user samftp
May  9 03:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[554]: pam_unix(cron:session): session closed for user root
May  9 03:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Invalid user admin from 80.94.95.112
May  9 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: input_userauth_request: invalid user admin [preauth]
May  9 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:50:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 03:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Failed password for invalid user admin from 80.94.95.112 port 18864 ssh2
May  9 03:50:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Failed password for invalid user admin from 80.94.95.112 port 18864 ssh2
May  9 03:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Failed password for invalid user admin from 80.94.95.112 port 18864 ssh2
May  9 03:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Failed password for invalid user admin from 80.94.95.112 port 18864 ssh2
May  9 03:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: pam_unix(sshd:auth): check pass; user unknown
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2066]: pam_unix(cron:session): session closed for user p13x
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Failed password for invalid user admin from 80.94.95.112 port 18864 ssh2
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: Successful su for rubyman by root
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: + ??? root:rubyman
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357281 of user rubyman.
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2134]: pam_unix(su:session): session closed for user rubyman
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357281.
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Received disconnect from 80.94.95.112 port 18864:11: Bye [preauth]
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: Disconnected from 80.94.95.112 port 18864 [preauth]
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 03:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2045]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session closed for user root
May  9 03:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2067]: pam_unix(cron:session): session closed for user samftp
May  9 03:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1011]: pam_unix(cron:session): session closed for user root
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user p13x
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: Successful su for rubyman by root
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: + ??? root:rubyman
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357285 of user rubyman.
May  9 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2571]: pam_unix(su:session): session closed for user rubyman
May  9 03:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357285.
May  9 03:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31711]: pam_unix(cron:session): session closed for user root
May  9 03:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session closed for user samftp
May  9 03:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Failed password for root from 218.92.0.179 port 55463 ssh2
May  9 03:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 55463 ssh2]
May  9 03:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Received disconnect from 218.92.0.179 port 55463:11:  [preauth]
May  9 03:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: Disconnected from 218.92.0.179 port 55463 [preauth]
May  9 03:52:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2804]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 03:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1501]: pam_unix(cron:session): session closed for user root
May  9 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2944]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2943]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2943]: pam_unix(cron:session): session closed for user p13x
May  9 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: Successful su for rubyman by root
May  9 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: + ??? root:rubyman
May  9 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357289 of user rubyman.
May  9 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3007]: pam_unix(su:session): session closed for user rubyman
May  9 03:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357289.
May  9 03:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32421]: pam_unix(cron:session): session closed for user root
May  9 03:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2944]: pam_unix(cron:session): session closed for user samftp
May  9 03:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2070]: pam_unix(cron:session): session closed for user root
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3344]: pam_unix(cron:session): session closed for user p13x
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3420]: Successful su for rubyman by root
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3420]: + ??? root:rubyman
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3420]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357294 of user rubyman.
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3420]: pam_unix(su:session): session closed for user rubyman
May  9 03:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357294.
May  9 03:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[553]: pam_unix(cron:session): session closed for user root
May  9 03:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3345]: pam_unix(cron:session): session closed for user samftp
May  9 03:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2510]: pam_unix(cron:session): session closed for user root
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3802]: pam_unix(cron:session): session closed for user root
May  9 03:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3797]: pam_unix(cron:session): session closed for user p13x
May  9 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: Successful su for rubyman by root
May  9 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: + ??? root:rubyman
May  9 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357298 of user rubyman.
May  9 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3866]: pam_unix(su:session): session closed for user rubyman
May  9 03:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357298.
May  9 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3799]: pam_unix(cron:session): session closed for user root
May  9 03:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1010]: pam_unix(cron:session): session closed for user root
May  9 03:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3798]: pam_unix(cron:session): session closed for user samftp
May  9 03:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2946]: pam_unix(cron:session): session closed for user root
May  9 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4292]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4290]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4290]: pam_unix(cron:session): session closed for user p13x
May  9 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: Successful su for rubyman by root
May  9 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: + ??? root:rubyman
May  9 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357303 of user rubyman.
May  9 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4479]: pam_unix(su:session): session closed for user rubyman
May  9 03:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357303.
May  9 03:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1500]: pam_unix(cron:session): session closed for user root
May  9 03:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4292]: pam_unix(cron:session): session closed for user samftp
May  9 03:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3347]: pam_unix(cron:session): session closed for user root
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4846]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4844]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4843]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4843]: pam_unix(cron:session): session closed for user p13x
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: Successful su for rubyman by root
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: + ??? root:rubyman
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357307 of user rubyman.
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4909]: pam_unix(su:session): session closed for user rubyman
May  9 03:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357307.
May  9 03:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2068]: pam_unix(cron:session): session closed for user root
May  9 03:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4844]: pam_unix(cron:session): session closed for user samftp
May  9 03:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3801]: pam_unix(cron:session): session closed for user root
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5454]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5455]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5454]: pam_unix(cron:session): session closed for user p13x
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: Successful su for rubyman by root
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: + ??? root:rubyman
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357311 of user rubyman.
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5524]: pam_unix(su:session): session closed for user rubyman
May  9 03:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357311.
May  9 03:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2509]: pam_unix(cron:session): session closed for user root
May  9 03:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5455]: pam_unix(cron:session): session closed for user samftp
May  9 03:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4372]: pam_unix(cron:session): session closed for user root
May  9 03:58:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  9 03:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5957]: Failed password for root from 218.92.0.210 port 42260 ssh2
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6015]: pam_unix(cron:session): session closed for user p13x
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: Successful su for rubyman by root
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: + ??? root:rubyman
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357317 of user rubyman.
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6080]: pam_unix(su:session): session closed for user rubyman
May  9 03:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357317.
May  9 03:59:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210  user=root
May  9 03:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2945]: pam_unix(cron:session): session closed for user root
May  9 03:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6016]: pam_unix(cron:session): session closed for user samftp
May  9 03:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6164]: Failed password for root from 218.92.0.210 port 51796 ssh2
May  9 03:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4847]: pam_unix(cron:session): session closed for user root
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6431]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6432]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6433]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6430]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6434]: pam_unix(cron:session): session closed for user root
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6430]: pam_unix(cron:session): session closed for user root
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6428]: pam_unix(cron:session): session closed for user p13x
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6525]: Successful su for rubyman by root
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6525]: + ??? root:rubyman
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6525]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357322 of user rubyman.
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6525]: pam_unix(su:session): session closed for user rubyman
May  9 04:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357322.
May  9 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6431]: pam_unix(cron:session): session closed for user root
May  9 04:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3346]: pam_unix(cron:session): session closed for user root
May  9 04:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6429]: pam_unix(cron:session): session closed for user samftp
May  9 04:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6773]: Did not receive identification string from 195.184.76.164
May  9 04:00:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:00:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6784]: Did not receive identification string from 195.184.76.167
May  9 04:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5457]: pam_unix(cron:session): session closed for user root
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7024]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7022]: pam_unix(cron:session): session closed for user p13x
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: Successful su for rubyman by root
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: + ??? root:rubyman
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357326 of user rubyman.
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7113]: pam_unix(su:session): session closed for user rubyman
May  9 04:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357326.
May  9 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3800]: pam_unix(cron:session): session closed for user root
May  9 04:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7024]: pam_unix(cron:session): session closed for user samftp
May  9 04:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:01:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Failed password for root from 218.92.0.179 port 49050 ssh2
May  9 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49050 ssh2]
May  9 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Received disconnect from 218.92.0.179 port 49050:11:  [preauth]
May  9 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: Disconnected from 218.92.0.179 port 49050 [preauth]
May  9 04:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7295]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6020]: pam_unix(cron:session): session closed for user root
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7450]: pam_unix(cron:session): session closed for user p13x
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7611]: Successful su for rubyman by root
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7611]: + ??? root:rubyman
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357330 of user rubyman.
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7611]: pam_unix(su:session): session closed for user rubyman
May  9 04:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357330.
May  9 04:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4371]: pam_unix(cron:session): session closed for user root
May  9 04:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7451]: pam_unix(cron:session): session closed for user samftp
May  9 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Invalid user admin from 80.94.95.241
May  9 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: input_userauth_request: invalid user admin [preauth]
May  9 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Failed password for invalid user admin from 80.94.95.241 port 57262 ssh2
May  9 04:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Failed password for invalid user admin from 80.94.95.241 port 57262 ssh2
May  9 04:02:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Failed password for invalid user admin from 80.94.95.241 port 57262 ssh2
May  9 04:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Failed password for invalid user admin from 80.94.95.241 port 57262 ssh2
May  9 04:02:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Failed password for invalid user admin from 80.94.95.241 port 57262 ssh2
May  9 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Received disconnect from 80.94.95.241 port 57262:11: Bye [preauth]
May  9 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: Disconnected from 80.94.95.241 port 57262 [preauth]
May  9 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 04:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7815]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6433]: pam_unix(cron:session): session closed for user root
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7989]: pam_unix(cron:session): session closed for user p13x
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: Successful su for rubyman by root
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: + ??? root:rubyman
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357334 of user rubyman.
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8048]: pam_unix(su:session): session closed for user rubyman
May  9 04:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357334.
May  9 04:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4846]: pam_unix(cron:session): session closed for user root
May  9 04:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7990]: pam_unix(cron:session): session closed for user samftp
May  9 04:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7026]: pam_unix(cron:session): session closed for user root
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8408]: pam_unix(cron:session): session closed for user p13x
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8476]: Successful su for rubyman by root
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8476]: + ??? root:rubyman
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8476]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357339 of user rubyman.
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8476]: pam_unix(su:session): session closed for user rubyman
May  9 04:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357339.
May  9 04:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5456]: pam_unix(cron:session): session closed for user root
May  9 04:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8409]: pam_unix(cron:session): session closed for user samftp
May  9 04:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Invalid user Administrator from 80.94.95.116
May  9 04:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: input_userauth_request: invalid user Administrator [preauth]
May  9 04:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:04:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 04:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Failed password for invalid user Administrator from 80.94.95.116 port 29220 ssh2
May  9 04:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8717]: Connection closed by 80.94.95.116 port 29220 [preauth]
May  9 04:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8750]: Bad protocol version identification '\026\003\003\001\246\001' from 195.184.76.165 port 46807
May  9 04:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8751]: Did not receive identification string from 195.184.76.205
May  9 04:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7453]: pam_unix(cron:session): session closed for user root
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8845]: pam_unix(cron:session): session closed for user root
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8835]: pam_unix(cron:session): session closed for user p13x
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8909]: Successful su for rubyman by root
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8909]: + ??? root:rubyman
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8909]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357344 of user rubyman.
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8909]: pam_unix(su:session): session closed for user rubyman
May  9 04:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357344.
May  9 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8839]: pam_unix(cron:session): session closed for user root
May  9 04:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6019]: pam_unix(cron:session): session closed for user root
May  9 04:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8836]: pam_unix(cron:session): session closed for user samftp
May  9 04:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7992]: pam_unix(cron:session): session closed for user root
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9396]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session closed for user p13x
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: Successful su for rubyman by root
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: + ??? root:rubyman
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357350 of user rubyman.
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9467]: pam_unix(su:session): session closed for user rubyman
May  9 04:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357350.
May  9 04:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6432]: pam_unix(cron:session): session closed for user root
May  9 04:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9396]: pam_unix(cron:session): session closed for user samftp
May  9 04:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8411]: pam_unix(cron:session): session closed for user root
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9814]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9811]: pam_unix(cron:session): session closed for user p13x
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9875]: Successful su for rubyman by root
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9875]: + ??? root:rubyman
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357352 of user rubyman.
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9875]: pam_unix(su:session): session closed for user rubyman
May  9 04:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357352.
May  9 04:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7025]: pam_unix(cron:session): session closed for user root
May  9 04:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9812]: pam_unix(cron:session): session closed for user samftp
May  9 04:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8843]: pam_unix(cron:session): session closed for user root
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10231]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10230]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10226]: pam_unix(cron:session): session closed for user p13x
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: Successful su for rubyman by root
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: + ??? root:rubyman
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357357 of user rubyman.
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10359]: pam_unix(su:session): session closed for user rubyman
May  9 04:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357357.
May  9 04:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7452]: pam_unix(cron:session): session closed for user root
May  9 04:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10230]: pam_unix(cron:session): session closed for user samftp
May  9 04:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9398]: pam_unix(cron:session): session closed for user root
May  9 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10778]: pam_unix(cron:session): session closed for user p13x
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10895]: Successful su for rubyman by root
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10895]: + ??? root:rubyman
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10895]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357362 of user rubyman.
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10895]: pam_unix(su:session): session closed for user rubyman
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357362.
May  9 04:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10776]: pam_unix(cron:session): session closed for user root
May  9 04:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7991]: pam_unix(cron:session): session closed for user root
May  9 04:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10779]: pam_unix(cron:session): session closed for user samftp
May  9 04:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9814]: pam_unix(cron:session): session closed for user root
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11261]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11258]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11262]: pam_unix(cron:session): session closed for user root
May  9 04:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11256]: pam_unix(cron:session): session closed for user p13x
May  9 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: Successful su for rubyman by root
May  9 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: + ??? root:rubyman
May  9 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357369 of user rubyman.
May  9 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11330]: pam_unix(su:session): session closed for user rubyman
May  9 04:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357369.
May  9 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11258]: pam_unix(cron:session): session closed for user root
May  9 04:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8410]: pam_unix(cron:session): session closed for user root
May  9 04:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11257]: pam_unix(cron:session): session closed for user samftp
May  9 04:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10298]: pam_unix(cron:session): session closed for user root
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11690]: pam_unix(cron:session): session closed for user p13x
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11758]: Successful su for rubyman by root
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11758]: + ??? root:rubyman
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357371 of user rubyman.
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11758]: pam_unix(su:session): session closed for user rubyman
May  9 04:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357371.
May  9 04:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8841]: pam_unix(cron:session): session closed for user root
May  9 04:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11691]: pam_unix(cron:session): session closed for user samftp
May  9 04:11:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: Failed password for root from 218.92.0.179 port 61327 ssh2
May  9 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 61327 ssh2]
May  9 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: Received disconnect from 218.92.0.179 port 61327:11:  [preauth]
May  9 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: Disconnected from 218.92.0.179 port 61327 [preauth]
May  9 04:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11972]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10781]: pam_unix(cron:session): session closed for user root
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12084]: pam_unix(cron:session): session closed for user p13x
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: Successful su for rubyman by root
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: + ??? root:rubyman
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357377 of user rubyman.
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12147]: pam_unix(su:session): session closed for user rubyman
May  9 04:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357377.
May  9 04:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9397]: pam_unix(cron:session): session closed for user root
May  9 04:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12085]: pam_unix(cron:session): session closed for user samftp
May  9 04:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12370]: Failed password for root from 190.244.25.245 port 46996 ssh2
May  9 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12370]: Received disconnect from 190.244.25.245 port 46996:11: Bye Bye [preauth]
May  9 04:12:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12370]: Disconnected from 190.244.25.245 port 46996 [preauth]
May  9 04:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11261]: pam_unix(cron:session): session closed for user root
May  9 04:12:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:12:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 04:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Failed password for root from 80.94.95.241 port 62510 ssh2
May  9 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: message repeated 4 times: [ Failed password for root from 80.94.95.241 port 62510 ssh2]
May  9 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Received disconnect from 80.94.95.241 port 62510:11: Bye [preauth]
May  9 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: Disconnected from 80.94.95.241 port 62510 [preauth]
May  9 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 04:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12437]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12495]: pam_unix(cron:session): session closed for user p13x
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: Successful su for rubyman by root
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: + ??? root:rubyman
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357380 of user rubyman.
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12554]: pam_unix(su:session): session closed for user rubyman
May  9 04:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357380.
May  9 04:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9813]: pam_unix(cron:session): session closed for user root
May  9 04:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12496]: pam_unix(cron:session): session closed for user samftp
May  9 04:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11693]: pam_unix(cron:session): session closed for user root
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12882]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12880]: pam_unix(cron:session): session closed for user p13x
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: Successful su for rubyman by root
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: + ??? root:rubyman
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357383 of user rubyman.
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12939]: pam_unix(su:session): session closed for user rubyman
May  9 04:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357383.
May  9 04:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10231]: pam_unix(cron:session): session closed for user root
May  9 04:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12881]: pam_unix(cron:session): session closed for user samftp
May  9 04:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12088]: pam_unix(cron:session): session closed for user root
May  9 04:14:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13292]: pam_unix(cron:session): session closed for user root
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13286]: pam_unix(cron:session): session closed for user p13x
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13358]: Successful su for rubyman by root
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13358]: + ??? root:rubyman
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357387 of user rubyman.
May  9 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13358]: pam_unix(su:session): session closed for user rubyman
May  9 04:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357387.
May  9 04:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13288]: pam_unix(cron:session): session closed for user root
May  9 04:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10780]: pam_unix(cron:session): session closed for user root
May  9 04:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13287]: pam_unix(cron:session): session closed for user samftp
May  9 04:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12498]: pam_unix(cron:session): session closed for user root
May  9 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13820]: pam_unix(cron:session): session closed for user p13x
May  9 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: Successful su for rubyman by root
May  9 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: + ??? root:rubyman
May  9 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357393 of user rubyman.
May  9 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13888]: pam_unix(su:session): session closed for user rubyman
May  9 04:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357393.
May  9 04:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11259]: pam_unix(cron:session): session closed for user root
May  9 04:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13821]: pam_unix(cron:session): session closed for user samftp
May  9 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Invalid user admin from 50.235.31.47
May  9 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: input_userauth_request: invalid user admin [preauth]
May  9 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 04:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Failed password for invalid user admin from 50.235.31.47 port 49496 ssh2
May  9 04:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14125]: Connection closed by 50.235.31.47 port 49496 [preauth]
May  9 04:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12883]: pam_unix(cron:session): session closed for user root
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14226]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14225]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14223]: pam_unix(cron:session): session closed for user root
May  9 04:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14225]: pam_unix(cron:session): session closed for user p13x
May  9 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: Successful su for rubyman by root
May  9 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: + ??? root:rubyman
May  9 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357398 of user rubyman.
May  9 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14290]: pam_unix(su:session): session closed for user rubyman
May  9 04:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357398.
May  9 04:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11692]: pam_unix(cron:session): session closed for user root
May  9 04:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14226]: pam_unix(cron:session): session closed for user samftp
May  9 04:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13291]: pam_unix(cron:session): session closed for user root
May  9 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session closed for user p13x
May  9 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: Successful su for rubyman by root
May  9 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: + ??? root:rubyman
May  9 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357404 of user rubyman.
May  9 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session closed for user rubyman
May  9 04:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357404.
May  9 04:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12086]: pam_unix(cron:session): session closed for user root
May  9 04:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session closed for user samftp
May  9 04:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13823]: pam_unix(cron:session): session closed for user root
May  9 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session closed for user p13x
May  9 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: Successful su for rubyman by root
May  9 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: + ??? root:rubyman
May  9 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357407 of user rubyman.
May  9 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15111]: pam_unix(su:session): session closed for user rubyman
May  9 04:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357407.
May  9 04:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12497]: pam_unix(cron:session): session closed for user root
May  9 04:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user samftp
May  9 04:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14228]: pam_unix(cron:session): session closed for user root
May  9 04:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 192.112.63.23 port 41228 ssh2
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15445]: pam_unix(cron:session): session closed for user root
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15440]: pam_unix(cron:session): session closed for user p13x
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 192.112.63.23 port 41228 ssh2
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: Successful su for rubyman by root
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: + ??? root:rubyman
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357413 of user rubyman.
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15510]: pam_unix(su:session): session closed for user rubyman
May  9 04:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357413.
May  9 04:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 192.112.63.23 port 41228 ssh2
May  9 04:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15442]: pam_unix(cron:session): session closed for user root
May  9 04:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12882]: pam_unix(cron:session): session closed for user root
May  9 04:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 192.112.63.23 port 41228 ssh2
May  9 04:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15441]: pam_unix(cron:session): session closed for user samftp
May  9 04:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 192.112.63.23 port 41228 ssh2
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Failed password for root from 192.112.63.23 port 41228 ssh2
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: error: maximum authentication attempts exceeded for root from 192.112.63.23 port 41228 ssh2 [preauth]
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: Disconnecting: Too many authentication failures [preauth]
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15429]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Failed password for root from 192.112.63.23 port 47356 ssh2
May  9 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: message repeated 5 times: [ Failed password for root from 192.112.63.23 port 47356 ssh2]
May  9 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: error: maximum authentication attempts exceeded for root from 192.112.63.23 port 47356 ssh2 [preauth]
May  9 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Disconnecting: Too many authentication failures [preauth]
May  9 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for root from 192.112.63.23 port 54026 ssh2
May  9 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: message repeated 2 times: [ Failed password for root from 192.112.63.23 port 54026 ssh2]
May  9 04:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session closed for user root
May  9 04:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Failed password for root from 192.112.63.23 port 54026 ssh2
May  9 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: message repeated 2 times: [ Failed password for root from 192.112.63.23 port 54026 ssh2]
May  9 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: error: maximum authentication attempts exceeded for root from 192.112.63.23 port 54026 ssh2 [preauth]
May  9 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: Disconnecting: Too many authentication failures [preauth]
May  9 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15758]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23  user=root
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: Failed password for root from 192.112.63.23 port 60940 ssh2
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: Received disconnect from 192.112.63.23 port 60940:11: disconnected by user [preauth]
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15820]: Disconnected from 192.112.63.23 port 60940 [preauth]
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Invalid user admin from 192.112.63.23
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: input_userauth_request: invalid user admin [preauth]
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user admin from 192.112.63.23 port 34916 ssh2
May  9 04:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user admin from 192.112.63.23 port 34916 ssh2
May  9 04:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user admin from 192.112.63.23 port 34916 ssh2
May  9 04:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user admin from 192.112.63.23 port 34916 ssh2
May  9 04:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user admin from 192.112.63.23 port 34916 ssh2
May  9 04:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Failed password for invalid user admin from 192.112.63.23 port 34916 ssh2
May  9 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: error: maximum authentication attempts exceeded for invalid user admin from 192.112.63.23 port 34916 ssh2 [preauth]
May  9 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: Disconnecting: Too many authentication failures [preauth]
May  9 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15847]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Invalid user admin from 192.112.63.23
May  9 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: input_userauth_request: invalid user admin [preauth]
May  9 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user admin from 192.112.63.23 port 41700 ssh2
May  9 04:20:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15878]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15877]: pam_unix(cron:session): session closed for user p13x
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user admin from 192.112.63.23 port 41700 ssh2
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15950]: Successful su for rubyman by root
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15950]: + ??? root:rubyman
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15950]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357417 of user rubyman.
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15950]: pam_unix(su:session): session closed for user rubyman
May  9 04:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357417.
May  9 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user admin from 192.112.63.23 port 41700 ssh2
May  9 04:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13290]: pam_unix(cron:session): session closed for user root
May  9 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user admin from 192.112.63.23 port 41700 ssh2
May  9 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15878]: pam_unix(cron:session): session closed for user samftp
May  9 04:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user admin from 192.112.63.23 port 41700 ssh2
May  9 04:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Failed password for invalid user admin from 192.112.63.23 port 41700 ssh2
May  9 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: error: maximum authentication attempts exceeded for invalid user admin from 192.112.63.23 port 41700 ssh2 [preauth]
May  9 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: Disconnecting: Too many authentication failures [preauth]
May  9 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15866]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Invalid user admin from 192.112.63.23
May  9 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: input_userauth_request: invalid user admin [preauth]
May  9 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Failed password for invalid user admin from 192.112.63.23 port 48554 ssh2
May  9 04:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Failed password for invalid user admin from 192.112.63.23 port 48554 ssh2
May  9 04:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Failed password for invalid user admin from 192.112.63.23 port 48554 ssh2
May  9 04:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Failed password for invalid user admin from 192.112.63.23 port 48554 ssh2
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Received disconnect from 192.112.63.23 port 48554:11: disconnected by user [preauth]
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: Disconnected from 192.112.63.23 port 48554 [preauth]
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16133]: PAM service(sshd) ignoring max retries; 4 > 3
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Invalid user oracle from 192.112.63.23
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: input_userauth_request: invalid user oracle [preauth]
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Invalid user web from 190.244.25.245
May  9 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: input_userauth_request: invalid user web [preauth]
May  9 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 04:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user oracle from 192.112.63.23 port 52986 ssh2
May  9 04:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Failed password for invalid user web from 190.244.25.245 port 39892 ssh2
May  9 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Received disconnect from 190.244.25.245 port 39892:11: Bye Bye [preauth]
May  9 04:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16170]: Disconnected from 190.244.25.245 port 39892 [preauth]
May  9 04:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user oracle from 192.112.63.23 port 52986 ssh2
May  9 04:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16  user=root
May  9 04:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user oracle from 192.112.63.23 port 52986 ssh2
May  9 04:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Failed password for root from 194.0.234.16 port 33076 ssh2
May  9 04:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16172]: Connection closed by 194.0.234.16 port 33076 [preauth]
May  9 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user oracle from 192.112.63.23 port 52986 ssh2
May  9 04:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user oracle from 192.112.63.23 port 52986 ssh2
May  9 04:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Failed password for invalid user oracle from 192.112.63.23 port 52986 ssh2
May  9 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: error: maximum authentication attempts exceeded for invalid user oracle from 192.112.63.23 port 52986 ssh2 [preauth]
May  9 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: Disconnecting: Too many authentication failures [preauth]
May  9 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16166]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Invalid user oracle from 192.112.63.23
May  9 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: input_userauth_request: invalid user oracle [preauth]
May  9 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session closed for user root
May  9 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user oracle from 192.112.63.23 port 60166 ssh2
May  9 04:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user oracle from 192.112.63.23 port 60166 ssh2
May  9 04:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16157]: Connection closed by 43.153.141.121 port 46698 [preauth]
May  9 04:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user oracle from 192.112.63.23 port 60166 ssh2
May  9 04:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user oracle from 192.112.63.23 port 60166 ssh2
May  9 04:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user oracle from 192.112.63.23 port 60166 ssh2
May  9 04:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Failed password for invalid user oracle from 192.112.63.23 port 60166 ssh2
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: error: maximum authentication attempts exceeded for invalid user oracle from 192.112.63.23 port 60166 ssh2 [preauth]
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: Disconnecting: Too many authentication failures [preauth]
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16203]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Invalid user oracle from 192.112.63.23
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: input_userauth_request: invalid user oracle [preauth]
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Failed password for invalid user oracle from 192.112.63.23 port 39386 ssh2
May  9 04:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Failed password for invalid user oracle from 192.112.63.23 port 39386 ssh2
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Received disconnect from 192.112.63.23 port 39386:11: disconnected by user [preauth]
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: Disconnected from 192.112.63.23 port 39386 [preauth]
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16255]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Invalid user usuario from 192.112.63.23
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: input_userauth_request: invalid user usuario [preauth]
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for invalid user usuario from 192.112.63.23 port 41886 ssh2
May  9 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Invalid user admin from 80.94.95.112
May  9 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: input_userauth_request: invalid user admin [preauth]
May  9 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for invalid user usuario from 192.112.63.23 port 41886 ssh2
May  9 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user admin from 80.94.95.112 port 16610 ssh2
May  9 04:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for invalid user usuario from 192.112.63.23 port 41886 ssh2
May  9 04:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user admin from 80.94.95.112 port 16610 ssh2
May  9 04:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for invalid user usuario from 192.112.63.23 port 41886 ssh2
May  9 04:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user admin from 80.94.95.112 port 16610 ssh2
May  9 04:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for invalid user usuario from 192.112.63.23 port 41886 ssh2
May  9 04:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Failed password for invalid user usuario from 192.112.63.23 port 41886 ssh2
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: error: maximum authentication attempts exceeded for invalid user usuario from 192.112.63.23 port 41886 ssh2 [preauth]
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: Disconnecting: Too many authentication failures [preauth]
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16265]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16288]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16287]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16286]: pam_unix(cron:session): session closed for user p13x
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Invalid user usuario from 192.112.63.23
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: input_userauth_request: invalid user usuario [preauth]
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user admin from 80.94.95.112 port 16610 ssh2
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: Successful su for rubyman by root
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: + ??? root:rubyman
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357421 of user rubyman.
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16345]: pam_unix(su:session): session closed for user rubyman
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357421.
May  9 04:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user usuario from 192.112.63.23 port 48638 ssh2
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Failed password for invalid user admin from 80.94.95.112 port 16610 ssh2
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Received disconnect from 80.94.95.112 port 16610:11: Bye [preauth]
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: Disconnected from 80.94.95.112 port 16610 [preauth]
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16267]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13822]: pam_unix(cron:session): session closed for user root
May  9 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user usuario from 192.112.63.23 port 48638 ssh2
May  9 04:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16287]: pam_unix(cron:session): session closed for user samftp
May  9 04:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user usuario from 192.112.63.23 port 48638 ssh2
May  9 04:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user usuario from 192.112.63.23 port 48638 ssh2
May  9 04:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user usuario from 192.112.63.23 port 48638 ssh2
May  9 04:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Failed password for invalid user usuario from 192.112.63.23 port 48638 ssh2
May  9 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: error: maximum authentication attempts exceeded for invalid user usuario from 192.112.63.23 port 48638 ssh2 [preauth]
May  9 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: Disconnecting: Too many authentication failures [preauth]
May  9 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16292]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Invalid user usuario from 192.112.63.23
May  9 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: input_userauth_request: invalid user usuario [preauth]
May  9 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Failed password for invalid user usuario from 192.112.63.23 port 55126 ssh2
May  9 04:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Failed password for invalid user usuario from 192.112.63.23 port 55126 ssh2
May  9 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Received disconnect from 192.112.63.23 port 55126:11: disconnected by user [preauth]
May  9 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: Disconnected from 192.112.63.23 port 55126 [preauth]
May  9 04:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16575]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Invalid user test from 192.112.63.23
May  9 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: input_userauth_request: invalid user test [preauth]
May  9 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user test from 192.112.63.23 port 57630 ssh2
May  9 04:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user test from 192.112.63.23 port 57630 ssh2
May  9 04:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user test from 192.112.63.23 port 57630 ssh2
May  9 04:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user test from 192.112.63.23 port 57630 ssh2
May  9 04:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user test from 192.112.63.23 port 57630 ssh2
May  9 04:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Failed password for invalid user test from 192.112.63.23 port 57630 ssh2
May  9 04:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: error: maximum authentication attempts exceeded for invalid user test from 192.112.63.23 port 57630 ssh2 [preauth]
May  9 04:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: Disconnecting: Too many authentication failures [preauth]
May  9 04:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16607]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Invalid user test from 192.112.63.23
May  9 04:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: input_userauth_request: invalid user test [preauth]
May  9 04:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user test from 192.112.63.23 port 36186 ssh2
May  9 04:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user test from 192.112.63.23 port 36186 ssh2
May  9 04:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user test from 192.112.63.23 port 36186 ssh2
May  9 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15444]: pam_unix(cron:session): session closed for user root
May  9 04:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user test from 192.112.63.23 port 36186 ssh2
May  9 04:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user test from 192.112.63.23 port 36186 ssh2
May  9 04:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Failed password for invalid user test from 192.112.63.23 port 36186 ssh2
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: error: maximum authentication attempts exceeded for invalid user test from 192.112.63.23 port 36186 ssh2 [preauth]
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: Disconnecting: Too many authentication failures [preauth]
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16650]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: Invalid user test from 192.112.63.23
May  9 04:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: input_userauth_request: invalid user test [preauth]
May  9 04:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: Failed password for invalid user test from 192.112.63.23 port 41440 ssh2
May  9 04:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: Failed password for invalid user test from 192.112.63.23 port 41440 ssh2
May  9 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: Received disconnect from 192.112.63.23 port 41440:11: disconnected by user [preauth]
May  9 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: Disconnected from 192.112.63.23 port 41440 [preauth]
May  9 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16698]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Invalid user user from 192.112.63.23
May  9 04:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: input_userauth_request: invalid user user [preauth]
May  9 04:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user user from 192.112.63.23 port 43700 ssh2
May  9 04:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user user from 192.112.63.23 port 43700 ssh2
May  9 04:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user user from 192.112.63.23 port 43700 ssh2
May  9 04:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user user from 192.112.63.23 port 43700 ssh2
May  9 04:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user user from 192.112.63.23 port 43700 ssh2
May  9 04:22:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Failed password for invalid user user from 192.112.63.23 port 43700 ssh2
May  9 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: error: maximum authentication attempts exceeded for invalid user user from 192.112.63.23 port 43700 ssh2 [preauth]
May  9 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: Disconnecting: Too many authentication failures [preauth]
May  9 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16700]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Invalid user user from 192.112.63.23
May  9 04:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: input_userauth_request: invalid user user [preauth]
May  9 04:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user user from 192.112.63.23 port 50144 ssh2
May  9 04:22:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user user from 192.112.63.23 port 50144 ssh2
May  9 04:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user user from 192.112.63.23 port 50144 ssh2
May  9 04:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16749]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16747]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16748]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16746]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16746]: pam_unix(cron:session): session closed for user p13x
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16812]: Successful su for rubyman by root
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16812]: + ??? root:rubyman
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16812]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357425 of user rubyman.
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16812]: pam_unix(su:session): session closed for user rubyman
May  9 04:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357425.
May  9 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user user from 192.112.63.23 port 50144 ssh2
May  9 04:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user user from 192.112.63.23 port 50144 ssh2
May  9 04:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14227]: pam_unix(cron:session): session closed for user root
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16747]: pam_unix(cron:session): session closed for user samftp
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Failed password for invalid user user from 192.112.63.23 port 50144 ssh2
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: error: maximum authentication attempts exceeded for invalid user user from 192.112.63.23 port 50144 ssh2 [preauth]
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: Disconnecting: Too many authentication failures [preauth]
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16734]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Invalid user user from 192.112.63.23
May  9 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: input_userauth_request: invalid user user [preauth]
May  9 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Failed password for invalid user user from 192.112.63.23 port 57092 ssh2
May  9 04:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Failed password for invalid user user from 192.112.63.23 port 57092 ssh2
May  9 04:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Failed password for invalid user user from 192.112.63.23 port 57092 ssh2
May  9 04:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Failed password for invalid user user from 192.112.63.23 port 57092 ssh2
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Received disconnect from 192.112.63.23 port 57092:11: disconnected by user [preauth]
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: Disconnected from 192.112.63.23 port 57092 [preauth]
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17020]: PAM service(sshd) ignoring max retries; 4 > 3
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Invalid user ftpuser from 192.112.63.23
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: input_userauth_request: invalid user ftpuser [preauth]
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftpuser from 192.112.63.23 port 33124 ssh2
May  9 04:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftpuser from 192.112.63.23 port 33124 ssh2
May  9 04:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftpuser from 192.112.63.23 port 33124 ssh2
May  9 04:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftpuser from 192.112.63.23 port 33124 ssh2
May  9 04:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftpuser from 192.112.63.23 port 33124 ssh2
May  9 04:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Failed password for invalid user ftpuser from 192.112.63.23 port 33124 ssh2
May  9 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: error: maximum authentication attempts exceeded for invalid user ftpuser from 192.112.63.23 port 33124 ssh2 [preauth]
May  9 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: Disconnecting: Too many authentication failures [preauth]
May  9 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17052]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Invalid user ftpuser from 192.112.63.23
May  9 04:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: input_userauth_request: invalid user ftpuser [preauth]
May  9 04:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user ftpuser from 192.112.63.23 port 39704 ssh2
May  9 04:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user ftpuser from 192.112.63.23 port 39704 ssh2
May  9 04:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user ftpuser from 192.112.63.23 port 39704 ssh2
May  9 04:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user ftpuser from 192.112.63.23 port 39704 ssh2
May  9 04:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15881]: pam_unix(cron:session): session closed for user root
May  9 04:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user ftpuser from 192.112.63.23 port 39704 ssh2
May  9 04:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Failed password for invalid user ftpuser from 192.112.63.23 port 39704 ssh2
May  9 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: error: maximum authentication attempts exceeded for invalid user ftpuser from 192.112.63.23 port 39704 ssh2 [preauth]
May  9 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: Disconnecting: Too many authentication failures [preauth]
May  9 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17085]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Invalid user ftpuser from 192.112.63.23
May  9 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: input_userauth_request: invalid user ftpuser [preauth]
May  9 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Failed password for invalid user ftpuser from 192.112.63.23 port 46134 ssh2
May  9 04:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Failed password for invalid user ftpuser from 192.112.63.23 port 46134 ssh2
May  9 04:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Failed password for invalid user ftpuser from 192.112.63.23 port 46134 ssh2
May  9 04:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Failed password for invalid user ftpuser from 192.112.63.23 port 46134 ssh2
May  9 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Received disconnect from 192.112.63.23 port 46134:11: disconnected by user [preauth]
May  9 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: Disconnected from 192.112.63.23 port 46134 [preauth]
May  9 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17126]: PAM service(sshd) ignoring max retries; 4 > 3
May  9 04:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Invalid user test1 from 192.112.63.23
May  9 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: input_userauth_request: invalid user test1 [preauth]
May  9 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user test1 from 192.112.63.23 port 50858 ssh2
May  9 04:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user test1 from 192.112.63.23 port 50858 ssh2
May  9 04:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user test1 from 192.112.63.23 port 50858 ssh2
May  9 04:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user test1 from 192.112.63.23 port 50858 ssh2
May  9 04:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user test1 from 192.112.63.23 port 50858 ssh2
May  9 04:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for invalid user test1 from 192.112.63.23 port 50858 ssh2
May  9 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: maximum authentication attempts exceeded for invalid user test1 from 192.112.63.23 port 50858 ssh2 [preauth]
May  9 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Disconnecting: Too many authentication failures [preauth]
May  9 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Invalid user test1 from 192.112.63.23
May  9 04:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: input_userauth_request: invalid user test1 [preauth]
May  9 04:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Failed password for invalid user test1 from 192.112.63.23 port 57428 ssh2
May  9 04:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Failed password for invalid user test1 from 192.112.63.23 port 57428 ssh2
May  9 04:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17189]: pam_unix(cron:session): session closed for user p13x
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17253]: Successful su for rubyman by root
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17253]: + ??? root:rubyman
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357429 of user rubyman.
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17253]: pam_unix(su:session): session closed for user rubyman
May  9 04:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357429.
May  9 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Failed password for invalid user test1 from 192.112.63.23 port 57428 ssh2
May  9 04:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Failed password for invalid user test1 from 192.112.63.23 port 57428 ssh2
May  9 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session closed for user root
May  9 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17190]: pam_unix(cron:session): session closed for user samftp
May  9 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Failed password for invalid user test1 from 192.112.63.23 port 57428 ssh2
May  9 04:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Failed password for invalid user test1 from 192.112.63.23 port 57428 ssh2
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: error: maximum authentication attempts exceeded for invalid user test1 from 192.112.63.23 port 57428 ssh2 [preauth]
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: Disconnecting: Too many authentication failures [preauth]
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17178]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Invalid user test1 from 192.112.63.23
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: input_userauth_request: invalid user test1 [preauth]
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Failed password for invalid user test1 from 192.112.63.23 port 36594 ssh2
May  9 04:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Failed password for invalid user test1 from 192.112.63.23 port 36594 ssh2
May  9 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Received disconnect from 192.112.63.23 port 36594:11: disconnected by user [preauth]
May  9 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: Disconnected from 192.112.63.23 port 36594 [preauth]
May  9 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17439]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Invalid user test2 from 192.112.63.23
May  9 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: input_userauth_request: invalid user test2 [preauth]
May  9 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user test2 from 192.112.63.23 port 39478 ssh2
May  9 04:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user test2 from 192.112.63.23 port 39478 ssh2
May  9 04:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user test2 from 192.112.63.23 port 39478 ssh2
May  9 04:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user test2 from 192.112.63.23 port 39478 ssh2
May  9 04:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user test2 from 192.112.63.23 port 39478 ssh2
May  9 04:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Failed password for invalid user test2 from 192.112.63.23 port 39478 ssh2
May  9 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: error: maximum authentication attempts exceeded for invalid user test2 from 192.112.63.23 port 39478 ssh2 [preauth]
May  9 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: Disconnecting: Too many authentication failures [preauth]
May  9 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17451]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Invalid user test2 from 192.112.63.23
May  9 04:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: input_userauth_request: invalid user test2 [preauth]
May  9 04:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for invalid user test2 from 192.112.63.23 port 46348 ssh2
May  9 04:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for invalid user test2 from 192.112.63.23 port 46348 ssh2
May  9 04:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for invalid user test2 from 192.112.63.23 port 46348 ssh2
May  9 04:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for invalid user test2 from 192.112.63.23 port 46348 ssh2
May  9 04:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16289]: pam_unix(cron:session): session closed for user root
May  9 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for invalid user test2 from 192.112.63.23 port 46348 ssh2
May  9 04:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Failed password for invalid user test2 from 192.112.63.23 port 46348 ssh2
May  9 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: error: maximum authentication attempts exceeded for invalid user test2 from 192.112.63.23 port 46348 ssh2 [preauth]
May  9 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: Disconnecting: Too many authentication failures [preauth]
May  9 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17502]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Invalid user test2 from 192.112.63.23
May  9 04:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: input_userauth_request: invalid user test2 [preauth]
May  9 04:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Failed password for invalid user test2 from 192.112.63.23 port 52640 ssh2
May  9 04:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Failed password for invalid user test2 from 192.112.63.23 port 52640 ssh2
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Received disconnect from 192.112.63.23 port 52640:11: disconnected by user [preauth]
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: Disconnected from 192.112.63.23 port 52640 [preauth]
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17548]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Invalid user ubuntu from 192.112.63.23
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: input_userauth_request: invalid user ubuntu [preauth]
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user ubuntu from 192.112.63.23 port 55026 ssh2
May  9 04:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user ubuntu from 192.112.63.23 port 55026 ssh2
May  9 04:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user ubuntu from 192.112.63.23 port 55026 ssh2
May  9 04:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user ubuntu from 192.112.63.23 port 55026 ssh2
May  9 04:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user ubuntu from 192.112.63.23 port 55026 ssh2
May  9 04:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Failed password for invalid user ubuntu from 192.112.63.23 port 55026 ssh2
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: error: maximum authentication attempts exceeded for invalid user ubuntu from 192.112.63.23 port 55026 ssh2 [preauth]
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: Disconnecting: Too many authentication failures [preauth]
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17562]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Invalid user ubuntu from 192.112.63.23
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: input_userauth_request: invalid user ubuntu [preauth]
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user ubuntu from 192.112.63.23 port 60550 ssh2
May  9 04:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user ubuntu from 192.112.63.23 port 60550 ssh2
May  9 04:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user ubuntu from 192.112.63.23 port 60550 ssh2
May  9 04:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user ubuntu from 192.112.63.23 port 60550 ssh2
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17619]: pam_unix(cron:session): session closed for user root
May  9 04:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17614]: pam_unix(cron:session): session closed for user p13x
May  9 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17690]: Successful su for rubyman by root
May  9 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17690]: + ??? root:rubyman
May  9 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17690]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357435 of user rubyman.
May  9 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17690]: pam_unix(su:session): session closed for user rubyman
May  9 04:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357435.
May  9 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user ubuntu from 192.112.63.23 port 60550 ssh2
May  9 04:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17616]: pam_unix(cron:session): session closed for user root
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user root
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Failed password for invalid user ubuntu from 192.112.63.23 port 60550 ssh2
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: error: maximum authentication attempts exceeded for invalid user ubuntu from 192.112.63.23 port 60550 ssh2 [preauth]
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: Disconnecting: Too many authentication failures [preauth]
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17593]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Invalid user ubuntu from 192.112.63.23
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: input_userauth_request: invalid user ubuntu [preauth]
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user ubuntu from 192.112.63.23 port 39316 ssh2
May  9 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17615]: pam_unix(cron:session): session closed for user samftp
May  9 04:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user ubuntu from 192.112.63.23 port 39316 ssh2
May  9 04:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user ubuntu from 192.112.63.23 port 39316 ssh2
May  9 04:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Failed password for invalid user ubuntu from 192.112.63.23 port 39316 ssh2
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Received disconnect from 192.112.63.23 port 39316:11: disconnected by user [preauth]
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: Disconnected from 192.112.63.23 port 39316 [preauth]
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17987]: PAM service(sshd) ignoring max retries; 4 > 3
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Invalid user pi from 192.112.63.23
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: input_userauth_request: invalid user pi [preauth]
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for invalid user pi from 192.112.63.23 port 43662 ssh2
May  9 04:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for invalid user pi from 192.112.63.23 port 43662 ssh2
May  9 04:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for invalid user pi from 192.112.63.23 port 43662 ssh2
May  9 04:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Failed password for invalid user pi from 192.112.63.23 port 43662 ssh2
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Received disconnect from 192.112.63.23 port 43662:11: disconnected by user [preauth]
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: Disconnected from 192.112.63.23 port 43662 [preauth]
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18025]: PAM service(sshd) ignoring max retries; 4 > 3
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Invalid user baikal from 192.112.63.23
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: input_userauth_request: invalid user baikal [preauth]
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.112.63.23
May  9 04:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Failed password for invalid user baikal from 192.112.63.23 port 47992 ssh2
May  9 04:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Received disconnect from 192.112.63.23 port 47992:11: disconnected by user [preauth]
May  9 04:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18063]: Disconnected from 192.112.63.23 port 47992 [preauth]
May  9 04:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16749]: pam_unix(cron:session): session closed for user root
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18181]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18179]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18178]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18178]: pam_unix(cron:session): session closed for user p13x
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18243]: Successful su for rubyman by root
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18243]: + ??? root:rubyman
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357438 of user rubyman.
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18243]: pam_unix(su:session): session closed for user rubyman
May  9 04:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357438.
May  9 04:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15443]: pam_unix(cron:session): session closed for user root
May  9 04:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18179]: pam_unix(cron:session): session closed for user samftp
May  9 04:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Invalid user dockeradmin from 193.70.84.184
May  9 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: input_userauth_request: invalid user dockeradmin [preauth]
May  9 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 04:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Failed password for invalid user dockeradmin from 193.70.84.184 port 47570 ssh2
May  9 04:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18482]: Connection closed by 193.70.84.184 port 47570 [preauth]
May  9 04:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17192]: pam_unix(cron:session): session closed for user root
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18591]: pam_unix(cron:session): session closed for user p13x
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: Successful su for rubyman by root
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: + ??? root:rubyman
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357444 of user rubyman.
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18651]: pam_unix(su:session): session closed for user rubyman
May  9 04:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357444.
May  9 04:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15879]: pam_unix(cron:session): session closed for user root
May  9 04:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18592]: pam_unix(cron:session): session closed for user samftp
May  9 04:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Invalid user default from 190.244.25.245
May  9 04:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: input_userauth_request: invalid user default [preauth]
May  9 04:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 04:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Failed password for invalid user default from 190.244.25.245 port 53316 ssh2
May  9 04:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Received disconnect from 190.244.25.245 port 53316:11: Bye Bye [preauth]
May  9 04:27:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Disconnected from 190.244.25.245 port 53316 [preauth]
May  9 04:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17618]: pam_unix(cron:session): session closed for user root
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19005]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19004]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19004]: pam_unix(cron:session): session closed for user p13x
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: Successful su for rubyman by root
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: + ??? root:rubyman
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357446 of user rubyman.
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19076]: pam_unix(su:session): session closed for user rubyman
May  9 04:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357446.
May  9 04:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16288]: pam_unix(cron:session): session closed for user root
May  9 04:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19005]: pam_unix(cron:session): session closed for user samftp
May  9 04:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18181]: pam_unix(cron:session): session closed for user root
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19412]: pam_unix(cron:session): session closed for user p13x
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19474]: Successful su for rubyman by root
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19474]: + ??? root:rubyman
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19474]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357451 of user rubyman.
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19474]: pam_unix(su:session): session closed for user rubyman
May  9 04:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357451.
May  9 04:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16748]: pam_unix(cron:session): session closed for user root
May  9 04:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19413]: pam_unix(cron:session): session closed for user samftp
May  9 04:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18594]: pam_unix(cron:session): session closed for user root
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19831]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19830]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19831]: pam_unix(cron:session): session closed for user root
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19826]: pam_unix(cron:session): session closed for user p13x
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: Successful su for rubyman by root
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: + ??? root:rubyman
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357458 of user rubyman.
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19896]: pam_unix(su:session): session closed for user rubyman
May  9 04:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357458.
May  9 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19828]: pam_unix(cron:session): session closed for user root
May  9 04:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17191]: pam_unix(cron:session): session closed for user root
May  9 04:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19827]: pam_unix(cron:session): session closed for user samftp
May  9 04:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19007]: pam_unix(cron:session): session closed for user root
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20265]: pam_unix(cron:session): session closed for user p13x
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: Successful su for rubyman by root
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: + ??? root:rubyman
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357462 of user rubyman.
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20329]: pam_unix(su:session): session closed for user rubyman
May  9 04:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357462.
May  9 04:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17617]: pam_unix(cron:session): session closed for user root
May  9 04:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20266]: pam_unix(cron:session): session closed for user samftp
May  9 04:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 04:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Failed password for root from 218.92.0.209 port 58016 ssh2
May  9 04:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: message repeated 4 times: [ Failed password for root from 218.92.0.209 port 58016 ssh2]
May  9 04:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 58016 ssh2 [preauth]
May  9 04:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: Disconnecting: Too many authentication failures [preauth]
May  9 04:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 04:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20532]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19415]: pam_unix(cron:session): session closed for user root
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20684]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20681]: pam_unix(cron:session): session closed for user p13x
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: Successful su for rubyman by root
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: + ??? root:rubyman
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357464 of user rubyman.
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20744]: pam_unix(su:session): session closed for user rubyman
May  9 04:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357464.
May  9 04:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18180]: pam_unix(cron:session): session closed for user root
May  9 04:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20682]: pam_unix(cron:session): session closed for user samftp
May  9 04:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19830]: pam_unix(cron:session): session closed for user root
May  9 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21092]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21089]: pam_unix(cron:session): session closed for user p13x
May  9 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: Successful su for rubyman by root
May  9 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: + ??? root:rubyman
May  9 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357468 of user rubyman.
May  9 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: pam_unix(su:session): session closed for user rubyman
May  9 04:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357468.
May  9 04:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18593]: pam_unix(cron:session): session closed for user root
May  9 04:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21091]: pam_unix(cron:session): session closed for user samftp
May  9 04:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Invalid user test from 190.244.25.245
May  9 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: input_userauth_request: invalid user test [preauth]
May  9 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:33:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 04:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Failed password for invalid user test from 190.244.25.245 port 60096 ssh2
May  9 04:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Received disconnect from 190.244.25.245 port 60096:11: Bye Bye [preauth]
May  9 04:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21426]: Disconnected from 190.244.25.245 port 60096 [preauth]
May  9 04:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20268]: pam_unix(cron:session): session closed for user root
May  9 04:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21527]: pam_unix(cron:session): session closed for user p13x
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Failed password for root from 164.68.105.9 port 45596 ssh2
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: Successful su for rubyman by root
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: + ??? root:rubyman
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357473 of user rubyman.
May  9 04:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21599]: pam_unix(su:session): session closed for user rubyman
May  9 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357473.
May  9 04:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21524]: Connection closed by 164.68.105.9 port 45596 [preauth]
May  9 04:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19006]: pam_unix(cron:session): session closed for user root
May  9 04:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21528]: pam_unix(cron:session): session closed for user samftp
May  9 04:34:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Invalid user admin from 80.94.95.241
May  9 04:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: input_userauth_request: invalid user admin [preauth]
May  9 04:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 04:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for invalid user admin from 80.94.95.241 port 23514 ssh2
May  9 04:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for invalid user admin from 80.94.95.241 port 23514 ssh2
May  9 04:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for invalid user admin from 80.94.95.241 port 23514 ssh2
May  9 04:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for invalid user admin from 80.94.95.241 port 23514 ssh2
May  9 04:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Failed password for invalid user admin from 80.94.95.241 port 23514 ssh2
May  9 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Received disconnect from 80.94.95.241 port 23514:11: Bye [preauth]
May  9 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: Disconnected from 80.94.95.241 port 23514 [preauth]
May  9 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 04:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22102]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Invalid user quagga from 50.235.31.47
May  9 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: input_userauth_request: invalid user quagga [preauth]
May  9 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 04:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Failed password for invalid user quagga from 50.235.31.47 port 57660 ssh2
May  9 04:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22139]: Connection closed by 50.235.31.47 port 57660 [preauth]
May  9 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Invalid user wwwuser from 165.22.235.5
May  9 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: input_userauth_request: invalid user wwwuser [preauth]
May  9 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 04:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20685]: pam_unix(cron:session): session closed for user root
May  9 04:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Failed password for invalid user wwwuser from 165.22.235.5 port 48944 ssh2
May  9 04:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Received disconnect from 165.22.235.5 port 48944:11: Bye Bye [preauth]
May  9 04:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22175]: Disconnected from 165.22.235.5 port 48944 [preauth]
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22281]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22286]: pam_unix(cron:session): session closed for user root
May  9 04:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22281]: pam_unix(cron:session): session closed for user p13x
May  9 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22362]: Successful su for rubyman by root
May  9 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22362]: + ??? root:rubyman
May  9 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22362]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357476 of user rubyman.
May  9 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22362]: pam_unix(su:session): session closed for user rubyman
May  9 04:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357476.
May  9 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22283]: pam_unix(cron:session): session closed for user root
May  9 04:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19414]: pam_unix(cron:session): session closed for user root
May  9 04:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22282]: pam_unix(cron:session): session closed for user samftp
May  9 04:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21093]: pam_unix(cron:session): session closed for user root
May  9 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22782]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22783]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22780]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22781]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22780]: pam_unix(cron:session): session closed for user p13x
May  9 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22858]: Successful su for rubyman by root
May  9 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22858]: + ??? root:rubyman
May  9 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22858]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357483 of user rubyman.
May  9 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22858]: pam_unix(su:session): session closed for user rubyman
May  9 04:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357483.
May  9 04:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19829]: pam_unix(cron:session): session closed for user root
May  9 04:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22781]: pam_unix(cron:session): session closed for user samftp
May  9 04:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Invalid user ftpuser from 80.94.95.116
May  9 04:36:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: input_userauth_request: invalid user ftpuser [preauth]
May  9 04:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 04:36:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Failed password for invalid user ftpuser from 80.94.95.116 port 31644 ssh2
May  9 04:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23109]: Connection closed by 80.94.95.116 port 31644 [preauth]
May  9 04:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21531]: pam_unix(cron:session): session closed for user root
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session closed for user p13x
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: Successful su for rubyman by root
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: + ??? root:rubyman
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357486 of user rubyman.
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23302]: pam_unix(su:session): session closed for user rubyman
May  9 04:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357486.
May  9 04:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20267]: pam_unix(cron:session): session closed for user root
May  9 04:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session closed for user samftp
May  9 04:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22285]: pam_unix(cron:session): session closed for user root
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23734]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23735]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23732]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23732]: pam_unix(cron:session): session closed for user p13x
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: Successful su for rubyman by root
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: + ??? root:rubyman
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357491 of user rubyman.
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23889]: pam_unix(su:session): session closed for user rubyman
May  9 04:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357491.
May  9 04:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20684]: pam_unix(cron:session): session closed for user root
May  9 04:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23734]: pam_unix(cron:session): session closed for user samftp
May  9 04:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22783]: pam_unix(cron:session): session closed for user root
May  9 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24275]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24274]: pam_unix(cron:session): session closed for user p13x
May  9 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: Successful su for rubyman by root
May  9 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: + ??? root:rubyman
May  9 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357495 of user rubyman.
May  9 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24415]: pam_unix(su:session): session closed for user rubyman
May  9 04:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357495.
May  9 04:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24272]: pam_unix(cron:session): session closed for user root
May  9 04:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21092]: pam_unix(cron:session): session closed for user root
May  9 04:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24275]: pam_unix(cron:session): session closed for user samftp
May  9 04:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Invalid user gamemaster from 190.244.25.245
May  9 04:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: input_userauth_request: invalid user gamemaster [preauth]
May  9 04:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Failed password for invalid user gamemaster from 190.244.25.245 port 42896 ssh2
May  9 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Received disconnect from 190.244.25.245 port 42896:11: Bye Bye [preauth]
May  9 04:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24677]: Disconnected from 190.244.25.245 port 42896 [preauth]
May  9 04:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session closed for user root
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24800]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24805]: pam_unix(cron:session): session closed for user root
May  9 04:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24800]: pam_unix(cron:session): session closed for user p13x
May  9 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24872]: Successful su for rubyman by root
May  9 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24872]: + ??? root:rubyman
May  9 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357501 of user rubyman.
May  9 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24872]: pam_unix(su:session): session closed for user rubyman
May  9 04:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357501.
May  9 04:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24802]: pam_unix(cron:session): session closed for user root
May  9 04:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21530]: pam_unix(cron:session): session closed for user root
May  9 04:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24801]: pam_unix(cron:session): session closed for user samftp
May  9 04:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23736]: pam_unix(cron:session): session closed for user root
May  9 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25237]: pam_unix(cron:session): session closed for user p13x
May  9 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25316]: Successful su for rubyman by root
May  9 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25316]: + ??? root:rubyman
May  9 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25316]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357506 of user rubyman.
May  9 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25316]: pam_unix(su:session): session closed for user rubyman
May  9 04:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357506.
May  9 04:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22284]: pam_unix(cron:session): session closed for user root
May  9 04:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25238]: pam_unix(cron:session): session closed for user samftp
May  9 04:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24279]: pam_unix(cron:session): session closed for user root
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25704]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25702]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25701]: pam_unix(cron:session): session closed for user p13x
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: Successful su for rubyman by root
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: + ??? root:rubyman
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357512 of user rubyman.
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25775]: pam_unix(su:session): session closed for user rubyman
May  9 04:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357512.
May  9 04:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22782]: pam_unix(cron:session): session closed for user root
May  9 04:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25702]: pam_unix(cron:session): session closed for user samftp
May  9 04:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Failed password for root from 218.92.0.179 port 19337 ssh2
May  9 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 19337 ssh2]
May  9 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Received disconnect from 218.92.0.179 port 19337:11:  [preauth]
May  9 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: Disconnected from 218.92.0.179 port 19337 [preauth]
May  9 04:42:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26004]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Invalid user newuser from 122.114.173.209
May  9 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: input_userauth_request: invalid user newuser [preauth]
May  9 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:42:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.173.209
May  9 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Failed password for invalid user newuser from 122.114.173.209 port 34224 ssh2
May  9 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Received disconnect from 122.114.173.209 port 34224:11: Bye Bye [preauth]
May  9 04:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26030]: Disconnected from 122.114.173.209 port 34224 [preauth]
May  9 04:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24804]: pam_unix(cron:session): session closed for user root
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26162]: pam_unix(cron:session): session closed for user p13x
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26222]: Successful su for rubyman by root
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26222]: + ??? root:rubyman
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357514 of user rubyman.
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26222]: pam_unix(su:session): session closed for user rubyman
May  9 04:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357514.
May  9 04:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session closed for user root
May  9 04:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26163]: pam_unix(cron:session): session closed for user samftp
May  9 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: Invalid user bla from 165.22.235.5
May  9 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: input_userauth_request: invalid user bla [preauth]
May  9 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: Failed password for invalid user bla from 165.22.235.5 port 52958 ssh2
May  9 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: Received disconnect from 165.22.235.5 port 52958:11: Bye Bye [preauth]
May  9 04:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26550]: Disconnected from 165.22.235.5 port 52958 [preauth]
May  9 04:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25240]: pam_unix(cron:session): session closed for user root
May  9 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26636]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26636]: pam_unix(cron:session): session closed for user p13x
May  9 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26702]: Successful su for rubyman by root
May  9 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26702]: + ??? root:rubyman
May  9 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26702]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357518 of user rubyman.
May  9 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26702]: pam_unix(su:session): session closed for user rubyman
May  9 04:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357518.
May  9 04:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23735]: pam_unix(cron:session): session closed for user root
May  9 04:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26637]: pam_unix(cron:session): session closed for user samftp
May  9 04:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25704]: pam_unix(cron:session): session closed for user root
May  9 04:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Invalid user osboxes from 80.94.95.241
May  9 04:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: input_userauth_request: invalid user osboxes [preauth]
May  9 04:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 04:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Failed password for invalid user osboxes from 80.94.95.241 port 62721 ssh2
May  9 04:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Failed password for invalid user osboxes from 80.94.95.241 port 62721 ssh2
May  9 04:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Failed password for invalid user osboxes from 80.94.95.241 port 62721 ssh2
May  9 04:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Failed password for invalid user osboxes from 80.94.95.241 port 62721 ssh2
May  9 04:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Failed password for invalid user osboxes from 80.94.95.241 port 62721 ssh2
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27113]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27112]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27113]: pam_unix(cron:session): session closed for user root
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27107]: pam_unix(cron:session): session closed for user p13x
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Received disconnect from 80.94.95.241 port 62721:11: Bye [preauth]
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: Disconnected from 80.94.95.241 port 62721 [preauth]
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27064]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: Successful su for rubyman by root
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: + ??? root:rubyman
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357524 of user rubyman.
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27188]: pam_unix(su:session): session closed for user rubyman
May  9 04:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357524.
May  9 04:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27109]: pam_unix(cron:session): session closed for user root
May  9 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Failed password for root from 218.92.0.179 port 22551 ssh2
May  9 04:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24278]: pam_unix(cron:session): session closed for user root
May  9 04:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27108]: pam_unix(cron:session): session closed for user samftp
May  9 04:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Failed password for root from 218.92.0.179 port 22551 ssh2
May  9 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Failed password for root from 218.92.0.179 port 22551 ssh2
May  9 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Received disconnect from 218.92.0.179 port 22551:11:  [preauth]
May  9 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: Disconnected from 218.92.0.179 port 22551 [preauth]
May  9 04:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27172]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 04:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Failed password for root from 190.244.25.245 port 46134 ssh2
May  9 04:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Received disconnect from 190.244.25.245 port 46134:11: Bye Bye [preauth]
May  9 04:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27487]: Disconnected from 190.244.25.245 port 46134 [preauth]
May  9 04:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26165]: pam_unix(cron:session): session closed for user root
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27624]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27622]: pam_unix(cron:session): session closed for user p13x
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: Successful su for rubyman by root
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: + ??? root:rubyman
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357527 of user rubyman.
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27691]: pam_unix(su:session): session closed for user rubyman
May  9 04:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357527.
May  9 04:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24803]: pam_unix(cron:session): session closed for user root
May  9 04:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session closed for user samftp
May  9 04:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26639]: pam_unix(cron:session): session closed for user root
May  9 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28044]: pam_unix(cron:session): session closed for user p13x
May  9 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: Successful su for rubyman by root
May  9 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: + ??? root:rubyman
May  9 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357532 of user rubyman.
May  9 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28106]: pam_unix(su:session): session closed for user rubyman
May  9 04:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357532.
May  9 04:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25239]: pam_unix(cron:session): session closed for user root
May  9 04:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user samftp
May  9 04:47:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27112]: pam_unix(cron:session): session closed for user root
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session closed for user p13x
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: Successful su for rubyman by root
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: + ??? root:rubyman
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357535 of user rubyman.
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: pam_unix(su:session): session closed for user rubyman
May  9 04:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357535.
May  9 04:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25703]: pam_unix(cron:session): session closed for user root
May  9 04:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28452]: pam_unix(cron:session): session closed for user samftp
May  9 04:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: Invalid user admin from 165.22.235.5
May  9 04:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: input_userauth_request: invalid user admin [preauth]
May  9 04:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 04:48:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: Failed password for invalid user admin from 165.22.235.5 port 35302 ssh2
May  9 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: Received disconnect from 165.22.235.5 port 35302:11: Bye Bye [preauth]
May  9 04:48:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28760]: Disconnected from 165.22.235.5 port 35302 [preauth]
May  9 04:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session closed for user root
May  9 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session closed for user p13x
May  9 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28917]: Successful su for rubyman by root
May  9 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28917]: + ??? root:rubyman
May  9 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357540 of user rubyman.
May  9 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28917]: pam_unix(su:session): session closed for user rubyman
May  9 04:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357540.
May  9 04:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26164]: pam_unix(cron:session): session closed for user root
May  9 04:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28850]: pam_unix(cron:session): session closed for user samftp
May  9 04:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session closed for user root
May  9 04:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Invalid user evin from 60.49.31.229
May  9 04:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: input_userauth_request: invalid user evin [preauth]
May  9 04:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Failed password for invalid user evin from 60.49.31.229 port 51754 ssh2
May  9 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Received disconnect from 60.49.31.229 port 51754:11: Bye Bye [preauth]
May  9 04:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29353]: Disconnected from 60.49.31.229 port 51754 [preauth]
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29362]: pam_unix(cron:session): session closed for user root
May  9 04:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session closed for user p13x
May  9 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: Successful su for rubyman by root
May  9 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: + ??? root:rubyman
May  9 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357544 of user rubyman.
May  9 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29434]: pam_unix(su:session): session closed for user rubyman
May  9 04:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357544.
May  9 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26638]: pam_unix(cron:session): session closed for user root
May  9 04:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29358]: pam_unix(cron:session): session closed for user root
May  9 04:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29357]: pam_unix(cron:session): session closed for user samftp
May  9 04:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28454]: pam_unix(cron:session): session closed for user root
May  9 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Invalid user manoj from 12.156.67.18
May  9 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: input_userauth_request: invalid user manoj [preauth]
May  9 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Failed password for invalid user manoj from 12.156.67.18 port 41076 ssh2
May  9 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Received disconnect from 12.156.67.18 port 41076:11: Bye Bye [preauth]
May  9 04:50:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29785]: Disconnected from 12.156.67.18 port 41076 [preauth]
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29804]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29803]: pam_unix(cron:session): session closed for user p13x
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29876]: Successful su for rubyman by root
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29876]: + ??? root:rubyman
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357550 of user rubyman.
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29876]: pam_unix(su:session): session closed for user rubyman
May  9 04:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357550.
May  9 04:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27110]: pam_unix(cron:session): session closed for user root
May  9 04:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29804]: pam_unix(cron:session): session closed for user samftp
May  9 04:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Invalid user sa from 190.244.25.245
May  9 04:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: input_userauth_request: invalid user sa [preauth]
May  9 04:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Failed password for invalid user sa from 190.244.25.245 port 34882 ssh2
May  9 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Received disconnect from 190.244.25.245 port 34882:11: Bye Bye [preauth]
May  9 04:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30075]: Disconnected from 190.244.25.245 port 34882 [preauth]
May  9 04:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28853]: pam_unix(cron:session): session closed for user root
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30212]: pam_unix(cron:session): session closed for user p13x
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30272]: Successful su for rubyman by root
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30272]: + ??? root:rubyman
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30272]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357554 of user rubyman.
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30272]: pam_unix(su:session): session closed for user rubyman
May  9 04:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357554.
May  9 04:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27624]: pam_unix(cron:session): session closed for user root
May  9 04:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30213]: pam_unix(cron:session): session closed for user samftp
May  9 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Invalid user admin from 124.198.59.254
May  9 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: input_userauth_request: invalid user admin [preauth]
May  9 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:52:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.198.59.254
May  9 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Failed password for invalid user admin from 124.198.59.254 port 36676 ssh2
May  9 04:52:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30270]: Connection closed by 124.198.59.254 port 36676 [preauth]
May  9 04:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29361]: pam_unix(cron:session): session closed for user root
May  9 04:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:52:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  9 04:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Failed password for root from 186.233.208.13 port 52468 ssh2
May  9 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Received disconnect from 186.233.208.13 port 52468:11: Bye Bye [preauth]
May  9 04:52:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30573]: Disconnected from 186.233.208.13 port 52468 [preauth]
May  9 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30608]: pam_unix(cron:session): session closed for user p13x
May  9 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: Successful su for rubyman by root
May  9 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: + ??? root:rubyman
May  9 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357559 of user rubyman.
May  9 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30668]: pam_unix(su:session): session closed for user rubyman
May  9 04:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357559.
May  9 04:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session closed for user root
May  9 04:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30609]: pam_unix(cron:session): session closed for user samftp
May  9 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Invalid user iptv from 165.22.235.5
May  9 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: input_userauth_request: invalid user iptv [preauth]
May  9 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:53:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 04:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Failed password for invalid user iptv from 165.22.235.5 port 52262 ssh2
May  9 04:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Received disconnect from 165.22.235.5 port 52262:11: Bye Bye [preauth]
May  9 04:53:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30892]: Disconnected from 165.22.235.5 port 52262 [preauth]
May  9 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29806]: pam_unix(cron:session): session closed for user root
May  9 04:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Invalid user admin from 80.94.95.112
May  9 04:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: input_userauth_request: invalid user admin [preauth]
May  9 04:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 04:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for invalid user admin from 80.94.95.112 port 16287 ssh2
May  9 04:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for invalid user admin from 80.94.95.112 port 16287 ssh2
May  9 04:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for invalid user admin from 80.94.95.112 port 16287 ssh2
May  9 04:53:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for invalid user admin from 80.94.95.112 port 16287 ssh2
May  9 04:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Failed password for invalid user admin from 80.94.95.112 port 16287 ssh2
May  9 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Received disconnect from 80.94.95.112 port 16287:11: Bye [preauth]
May  9 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: Disconnected from 80.94.95.112 port 16287 [preauth]
May  9 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 04:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30946]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31101]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31100]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31100]: pam_unix(cron:session): session closed for user p13x
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: Successful su for rubyman by root
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: + ??? root:rubyman
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357561 of user rubyman.
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31165]: pam_unix(su:session): session closed for user rubyman
May  9 04:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357561.
May  9 04:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28453]: pam_unix(cron:session): session closed for user root
May  9 04:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31101]: pam_unix(cron:session): session closed for user samftp
May  9 04:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30215]: pam_unix(cron:session): session closed for user root
May  9 04:54:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:54:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  9 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Failed password for root from 194.0.234.19 port 52002 ssh2
May  9 04:54:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31463]: Connection closed by 194.0.234.19 port 52002 [preauth]
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31522]: pam_unix(cron:session): session closed for user root
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31517]: pam_unix(cron:session): session closed for user p13x
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31590]: Successful su for rubyman by root
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31590]: + ??? root:rubyman
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31590]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357570 of user rubyman.
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31590]: pam_unix(su:session): session closed for user rubyman
May  9 04:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357570.
May  9 04:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31519]: pam_unix(cron:session): session closed for user root
May  9 04:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28851]: pam_unix(cron:session): session closed for user root
May  9 04:55:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31518]: pam_unix(cron:session): session closed for user samftp
May  9 04:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30611]: pam_unix(cron:session): session closed for user root
May  9 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32216]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32108]: pam_unix(cron:session): session closed for user p13x
May  9 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32331]: Successful su for rubyman by root
May  9 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32331]: + ??? root:rubyman
May  9 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32331]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357572 of user rubyman.
May  9 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32331]: pam_unix(su:session): session closed for user rubyman
May  9 04:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357572.
May  9 04:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29360]: pam_unix(cron:session): session closed for user root
May  9 04:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32109]: pam_unix(cron:session): session closed for user samftp
May  9 04:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:56:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  9 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Failed password for root from 12.156.67.18 port 60346 ssh2
May  9 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Received disconnect from 12.156.67.18 port 60346:11: Bye Bye [preauth]
May  9 04:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Disconnected from 12.156.67.18 port 60346 [preauth]
May  9 04:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31103]: pam_unix(cron:session): session closed for user root
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[351]: pam_unix(cron:session): session closed for user p13x
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[449]: Successful su for rubyman by root
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[449]: + ??? root:rubyman
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357575 of user rubyman.
May  9 04:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[449]: pam_unix(su:session): session closed for user rubyman
May  9 04:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357575.
May  9 04:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29805]: pam_unix(cron:session): session closed for user root
May  9 04:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  9 04:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[352]: pam_unix(cron:session): session closed for user samftp
May  9 04:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Failed password for root from 190.103.202.7 port 40066 ssh2
May  9 04:57:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[591]: Connection closed by 190.103.202.7 port 40066 [preauth]
May  9 04:57:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Failed password for root from 190.244.25.245 port 41550 ssh2
May  9 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Received disconnect from 190.244.25.245 port 41550:11: Bye Bye [preauth]
May  9 04:57:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[717]: Disconnected from 190.244.25.245 port 41550 [preauth]
May  9 04:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:57:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31521]: pam_unix(cron:session): session closed for user root
May  9 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Invalid user junior from 60.49.31.229
May  9 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: input_userauth_request: invalid user junior [preauth]
May  9 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 04:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Failed password for invalid user junior from 60.49.31.229 port 38986 ssh2
May  9 04:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Received disconnect from 60.49.31.229 port 38986:11: Bye Bye [preauth]
May  9 04:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[761]: Disconnected from 60.49.31.229 port 38986 [preauth]
May  9 04:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Invalid user infoserve from 165.22.235.5
May  9 04:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: input_userauth_request: invalid user infoserve [preauth]
May  9 04:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: pam_unix(sshd:auth): check pass; user unknown
May  9 04:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[858]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[857]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[856]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[855]: pam_unix(cron:session): session closed for user p13x
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: Successful su for rubyman by root
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: + ??? root:rubyman
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357579 of user rubyman.
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[937]: pam_unix(su:session): session closed for user rubyman
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357579.
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Failed password for invalid user infoserve from 165.22.235.5 port 54102 ssh2
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Received disconnect from 165.22.235.5 port 54102:11: Bye Bye [preauth]
May  9 04:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[850]: Disconnected from 165.22.235.5 port 54102 [preauth]
May  9 04:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30214]: pam_unix(cron:session): session closed for user root
May  9 04:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[856]: pam_unix(cron:session): session closed for user samftp
May  9 04:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:58:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:58:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Failed password for root from 218.92.0.179 port 40826 ssh2
May  9 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 40826 ssh2]
May  9 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Received disconnect from 218.92.0.179 port 40826:11:  [preauth]
May  9 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: Disconnected from 218.92.0.179 port 40826 [preauth]
May  9 04:58:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1192]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 04:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32216]: pam_unix(cron:session): session closed for user root
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1350]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1348]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1348]: pam_unix(cron:session): session closed for user p13x
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1415]: Successful su for rubyman by root
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1415]: + ??? root:rubyman
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357583 of user rubyman.
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1415]: pam_unix(su:session): session closed for user rubyman
May  9 04:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357583.
May  9 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30610]: pam_unix(cron:session): session closed for user root
May  9 04:59:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1349]: pam_unix(cron:session): session closed for user samftp
May  9 04:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[354]: pam_unix(cron:session): session closed for user root
May  9 04:59:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 04:59:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  9 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: Failed password for root from 186.233.208.13 port 55086 ssh2
May  9 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: Received disconnect from 186.233.208.13 port 55086:11: Bye Bye [preauth]
May  9 04:59:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1806]: Disconnected from 186.233.208.13 port 55086 [preauth]
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1836]: pam_unix(cron:session): session closed for user root
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1832]: pam_unix(cron:session): session closed for user root
May  9 05:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1829]: pam_unix(cron:session): session closed for user p13x
May  9 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2011]: Successful su for rubyman by root
May  9 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2011]: + ??? root:rubyman
May  9 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2011]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357589 of user rubyman.
May  9 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2011]: pam_unix(su:session): session closed for user rubyman
May  9 05:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357589.
May  9 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31102]: pam_unix(cron:session): session closed for user root
May  9 05:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1833]: pam_unix(cron:session): session closed for user root
May  9 05:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1830]: pam_unix(cron:session): session closed for user samftp
May  9 05:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[858]: pam_unix(cron:session): session closed for user root
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2435]: pam_unix(cron:session): session closed for user p13x
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2510]: Successful su for rubyman by root
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2510]: + ??? root:rubyman
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2510]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357595 of user rubyman.
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2510]: pam_unix(su:session): session closed for user rubyman
May  9 05:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357595.
May  9 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Invalid user hang from 12.156.67.18
May  9 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: input_userauth_request: invalid user hang [preauth]
May  9 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Failed password for invalid user hang from 12.156.67.18 port 43492 ssh2
May  9 05:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Received disconnect from 12.156.67.18 port 43492:11: Bye Bye [preauth]
May  9 05:01:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2565]: Disconnected from 12.156.67.18 port 43492 [preauth]
May  9 05:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31520]: pam_unix(cron:session): session closed for user root
May  9 05:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2436]: pam_unix(cron:session): session closed for user samftp
May  9 05:01:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Invalid user  from 146.190.241.149
May  9 05:01:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: input_userauth_request: invalid user  [preauth]
May  9 05:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2763]: Connection closed by 146.190.241.149 port 58322 [preauth]
May  9 05:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1351]: pam_unix(cron:session): session closed for user root
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2882]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2881]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2881]: pam_unix(cron:session): session closed for user p13x
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2948]: Successful su for rubyman by root
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2948]: + ??? root:rubyman
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357598 of user rubyman.
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2948]: pam_unix(su:session): session closed for user rubyman
May  9 05:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357598.
May  9 05:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32215]: pam_unix(cron:session): session closed for user root
May  9 05:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2882]: pam_unix(cron:session): session closed for user samftp
May  9 05:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1835]: pam_unix(cron:session): session closed for user root
May  9 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Invalid user host from 165.22.235.5
May  9 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: input_userauth_request: invalid user host [preauth]
May  9 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:02:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Failed password for invalid user host from 165.22.235.5 port 58014 ssh2
May  9 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Received disconnect from 165.22.235.5 port 58014:11: Bye Bye [preauth]
May  9 05:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3250]: Disconnected from 165.22.235.5 port 58014 [preauth]
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3300]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3299]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3298]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3298]: pam_unix(cron:session): session closed for user p13x
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3361]: Successful su for rubyman by root
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3361]: + ??? root:rubyman
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3361]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357604 of user rubyman.
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3361]: pam_unix(su:session): session closed for user rubyman
May  9 05:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357604.
May  9 05:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[353]: pam_unix(cron:session): session closed for user root
May  9 05:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3299]: pam_unix(cron:session): session closed for user samftp
May  9 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: Invalid user steam from 146.190.241.149
May  9 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: input_userauth_request: invalid user steam [preauth]
May  9 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: Failed password for invalid user steam from 146.190.241.149 port 45176 ssh2
May  9 05:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3600]: Connection closed by 146.190.241.149 port 45176 [preauth]
May  9 05:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Invalid user beacon from 60.49.31.229
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: input_userauth_request: invalid user beacon [preauth]
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Invalid user transmission from 190.244.25.245
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: input_userauth_request: invalid user transmission [preauth]
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Failed password for invalid user beacon from 60.49.31.229 port 47930 ssh2
May  9 05:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Received disconnect from 60.49.31.229 port 47930:11: Bye Bye [preauth]
May  9 05:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3635]: Disconnected from 60.49.31.229 port 47930 [preauth]
May  9 05:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Failed password for invalid user transmission from 190.244.25.245 port 33298 ssh2
May  9 05:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Received disconnect from 190.244.25.245 port 33298:11: Bye Bye [preauth]
May  9 05:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3637]: Disconnected from 190.244.25.245 port 33298 [preauth]
May  9 05:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Invalid user nginx from 146.190.241.149
May  9 05:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: input_userauth_request: invalid user nginx [preauth]
May  9 05:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:03:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:03:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Failed password for invalid user nginx from 146.190.241.149 port 42942 ssh2
May  9 05:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3640]: Connection closed by 146.190.241.149 port 42942 [preauth]
May  9 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2438]: pam_unix(cron:session): session closed for user root
May  9 05:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Invalid user palworld from 146.190.241.149
May  9 05:03:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: input_userauth_request: invalid user palworld [preauth]
May  9 05:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:03:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Failed password for invalid user palworld from 146.190.241.149 port 55592 ssh2
May  9 05:03:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3694]: Connection closed by 146.190.241.149 port 55592 [preauth]
May  9 05:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: Invalid user ranger from 146.190.241.149
May  9 05:03:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: input_userauth_request: invalid user ranger [preauth]
May  9 05:03:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3762]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3761]: pam_unix(cron:session): session closed for user p13x
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: Successful su for rubyman by root
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: + ??? root:rubyman
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357606 of user rubyman.
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3820]: pam_unix(su:session): session closed for user rubyman
May  9 05:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357606.
May  9 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: Failed password for invalid user ranger from 146.190.241.149 port 36824 ssh2
May  9 05:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[857]: pam_unix(cron:session): session closed for user root
May  9 05:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3762]: pam_unix(cron:session): session closed for user samftp
May  9 05:04:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3729]: Connection closed by 146.190.241.149 port 36824 [preauth]
May  9 05:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4062]: Connection reset by 46.101.157.195 port 24686 [preauth]
May  9 05:04:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:04:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Failed password for root from 146.190.241.149 port 52804 ssh2
May  9 05:04:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3759]: Connection closed by 146.190.241.149 port 52804 [preauth]
May  9 05:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Invalid user odoo from 146.190.241.149
May  9 05:04:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: input_userauth_request: invalid user odoo [preauth]
May  9 05:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:04:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:04:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Failed password for invalid user odoo from 146.190.241.149 port 43068 ssh2
May  9 05:04:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Connection closed by 146.190.241.149 port 43068 [preauth]
May  9 05:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2886]: pam_unix(cron:session): session closed for user root
May  9 05:04:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:04:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: Failed password for root from 146.190.241.149 port 33808 ssh2
May  9 05:04:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4109]: Connection closed by 146.190.241.149 port 33808 [preauth]
May  9 05:04:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Invalid user vagrant from 146.190.241.149
May  9 05:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: input_userauth_request: invalid user vagrant [preauth]
May  9 05:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:04:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Failed password for invalid user vagrant from 146.190.241.149 port 39276 ssh2
May  9 05:04:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4171]: Connection closed by 146.190.241.149 port 39276 [preauth]
May  9 05:04:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4206]: pam_unix(cron:session): session closed for user root
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4201]: pam_unix(cron:session): session closed for user p13x
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4418]: Successful su for rubyman by root
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4418]: + ??? root:rubyman
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357611 of user rubyman.
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4418]: pam_unix(su:session): session closed for user rubyman
May  9 05:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357611.
May  9 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: Invalid user git from 146.190.241.149
May  9 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: input_userauth_request: invalid user git [preauth]
May  9 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1350]: pam_unix(cron:session): session closed for user root
May  9 05:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4203]: pam_unix(cron:session): session closed for user root
May  9 05:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4202]: pam_unix(cron:session): session closed for user samftp
May  9 05:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: Failed password for invalid user git from 146.190.241.149 port 42624 ssh2
May  9 05:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4198]: Connection closed by 146.190.241.149 port 42624 [preauth]
May  9 05:05:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: Invalid user centos from 146.190.241.149
May  9 05:05:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: input_userauth_request: invalid user centos [preauth]
May  9 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:05:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: Failed password for invalid user centos from 146.190.241.149 port 59432 ssh2
May  9 05:05:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4660]: Connection closed by 146.190.241.149 port 59432 [preauth]
May  9 05:05:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: Invalid user redis from 146.190.241.149
May  9 05:05:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: input_userauth_request: invalid user redis [preauth]
May  9 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3301]: pam_unix(cron:session): session closed for user root
May  9 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: Failed password for invalid user redis from 146.190.241.149 port 56096 ssh2
May  9 05:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4715]: Connection closed by 146.190.241.149 port 56096 [preauth]
May  9 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  9 05:05:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Failed password for root from 12.156.67.18 port 60374 ssh2
May  9 05:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Received disconnect from 12.156.67.18 port 60374:11: Bye Bye [preauth]
May  9 05:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4756]: Disconnected from 12.156.67.18 port 60374 [preauth]
May  9 05:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  9 05:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Failed password for root from 186.233.208.13 port 50078 ssh2
May  9 05:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Received disconnect from 186.233.208.13 port 50078:11: Bye Bye [preauth]
May  9 05:05:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4767]: Disconnected from 186.233.208.13 port 50078 [preauth]
May  9 05:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Invalid user sol from 146.190.241.149
May  9 05:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: input_userauth_request: invalid user sol [preauth]
May  9 05:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:05:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Failed password for invalid user sol from 146.190.241.149 port 33426 ssh2
May  9 05:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4766]: Connection closed by 146.190.241.149 port 33426 [preauth]
May  9 05:05:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Invalid user gbase from 146.190.241.149
May  9 05:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: input_userauth_request: invalid user gbase [preauth]
May  9 05:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:05:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4824]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4822]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4823]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4820]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4820]: pam_unix(cron:session): session closed for user p13x
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4896]: Successful su for rubyman by root
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4896]: + ??? root:rubyman
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4896]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357616 of user rubyman.
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4896]: pam_unix(su:session): session closed for user rubyman
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Failed password for invalid user gbase from 146.190.241.149 port 42142 ssh2
May  9 05:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357616.
May  9 05:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Connection closed by 146.190.241.149 port 42142 [preauth]
May  9 05:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1834]: pam_unix(cron:session): session closed for user root
May  9 05:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4822]: pam_unix(cron:session): session closed for user samftp
May  9 05:06:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Invalid user git from 146.190.241.149
May  9 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: input_userauth_request: invalid user git [preauth]
May  9 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Failed password for invalid user git from 146.190.241.149 port 41172 ssh2
May  9 05:06:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5290]: Connection closed by 146.190.241.149 port 41172 [preauth]
May  9 05:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:06:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Failed password for root from 146.190.241.149 port 44338 ssh2
May  9 05:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5323]: Connection closed by 146.190.241.149 port 44338 [preauth]
May  9 05:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3764]: pam_unix(cron:session): session closed for user root
May  9 05:06:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: Invalid user test from 146.190.241.149
May  9 05:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: input_userauth_request: invalid user test [preauth]
May  9 05:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: Failed password for invalid user test from 146.190.241.149 port 56988 ssh2
May  9 05:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5384]: Connection closed by 146.190.241.149 port 56988 [preauth]
May  9 05:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Invalid user admin from 80.94.95.241
May  9 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: input_userauth_request: invalid user admin [preauth]
May  9 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 05:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user admin from 80.94.95.241 port 24172 ssh2
May  9 05:06:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user admin from 80.94.95.241 port 24172 ssh2
May  9 05:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user admin from 80.94.95.241 port 24172 ssh2
May  9 05:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:06:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user admin from 80.94.95.241 port 24172 ssh2
May  9 05:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Failed password for invalid user admin from 80.94.95.241 port 24172 ssh2
May  9 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Received disconnect from 80.94.95.241 port 24172:11: Bye [preauth]
May  9 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: Disconnected from 80.94.95.241 port 24172 [preauth]
May  9 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 05:06:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5400]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5423]: Failed password for root from 146.190.241.149 port 45840 ssh2
May  9 05:06:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5423]: Connection closed by 146.190.241.149 port 45840 [preauth]
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5464]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5463]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5463]: pam_unix(cron:session): session closed for user p13x
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: Successful su for rubyman by root
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: + ??? root:rubyman
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357620 of user rubyman.
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5536]: pam_unix(su:session): session closed for user rubyman
May  9 05:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357620.
May  9 05:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2437]: pam_unix(cron:session): session closed for user root
May  9 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: Failed password for root from 146.190.241.149 port 39794 ssh2
May  9 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5587]: Connection closed by 146.190.241.149 port 39794 [preauth]
May  9 05:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5464]: pam_unix(cron:session): session closed for user samftp
May  9 05:07:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Failed password for root from 218.92.0.179 port 49720 ssh2
May  9 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 49720 ssh2]
May  9 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Received disconnect from 218.92.0.179 port 49720:11:  [preauth]
May  9 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: Disconnected from 218.92.0.179 port 49720 [preauth]
May  9 05:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5728]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Invalid user wordpress from 146.190.241.149
May  9 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: input_userauth_request: invalid user wordpress [preauth]
May  9 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Failed password for invalid user wordpress from 146.190.241.149 port 50974 ssh2
May  9 05:07:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5793]: Connection closed by 146.190.241.149 port 50974 [preauth]
May  9 05:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Invalid user elias from 165.22.235.5
May  9 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: input_userauth_request: invalid user elias [preauth]
May  9 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Failed password for invalid user elias from 165.22.235.5 port 41126 ssh2
May  9 05:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Received disconnect from 165.22.235.5 port 41126:11: Bye Bye [preauth]
May  9 05:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5912]: Disconnected from 165.22.235.5 port 41126 [preauth]
May  9 05:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Invalid user red5 from 146.190.241.149
May  9 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: input_userauth_request: invalid user red5 [preauth]
May  9 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:07:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Failed password for invalid user red5 from 146.190.241.149 port 55642 ssh2
May  9 05:07:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5926]: Connection closed by 146.190.241.149 port 55642 [preauth]
May  9 05:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4205]: pam_unix(cron:session): session closed for user root
May  9 05:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Invalid user nexus from 146.190.241.149
May  9 05:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: input_userauth_request: invalid user nexus [preauth]
May  9 05:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Failed password for invalid user nexus from 146.190.241.149 port 53294 ssh2
May  9 05:07:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5966]: Connection closed by 146.190.241.149 port 53294 [preauth]
May  9 05:07:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Invalid user test from 146.190.241.149
May  9 05:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: input_userauth_request: invalid user test [preauth]
May  9 05:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Failed password for invalid user test from 146.190.241.149 port 44468 ssh2
May  9 05:07:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6015]: Connection closed by 146.190.241.149 port 44468 [preauth]
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6030]: pam_unix(cron:session): session closed for user p13x
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: Successful su for rubyman by root
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: + ??? root:rubyman
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357625 of user rubyman.
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6093]: pam_unix(su:session): session closed for user rubyman
May  9 05:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357625.
May  9 05:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2884]: pam_unix(cron:session): session closed for user root
May  9 05:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6031]: pam_unix(cron:session): session closed for user samftp
May  9 05:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Invalid user ubuntu from 146.190.241.149
May  9 05:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Failed password for invalid user ubuntu from 146.190.241.149 port 42230 ssh2
May  9 05:08:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6290]: Connection closed by 146.190.241.149 port 42230 [preauth]
May  9 05:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: Failed password for root from 146.190.241.149 port 52854 ssh2
May  9 05:08:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6324]: Connection closed by 146.190.241.149 port 52854 [preauth]
May  9 05:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6363]: Did not receive identification string from 196.251.69.116
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4824]: pam_unix(cron:session): session closed for user root
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Invalid user ubnt from 196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: input_userauth_request: invalid user ubnt [preauth]
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Invalid user support from 196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: input_userauth_request: invalid user support [preauth]
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Invalid user user from 196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Invalid user usario from 196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: input_userauth_request: invalid user usario [preauth]
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: input_userauth_request: invalid user user [preauth]
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Invalid user admin from 196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: input_userauth_request: invalid user admin [preauth]
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.251.69.116
May  9 05:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:08:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Failed password for invalid user ubnt from 196.251.69.116 port 12344 ssh2
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Failed password for invalid user support from 196.251.69.116 port 12350 ssh2
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Failed password for invalid user usario from 196.251.69.116 port 12338 ssh2
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Failed password for invalid user user from 196.251.69.116 port 12348 ssh2
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Failed password for invalid user admin from 196.251.69.116 port 12364 ssh2
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Received disconnect from 196.251.69.116 port 12344:11: Bye Bye [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6380]: Disconnected from 196.251.69.116 port 12344 [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Received disconnect from 196.251.69.116 port 12350:11: Bye Bye [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6379]: Disconnected from 196.251.69.116 port 12350 [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Received disconnect from 196.251.69.116 port 12348:11: Bye Bye [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6382]: Disconnected from 196.251.69.116 port 12348 [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Received disconnect from 196.251.69.116 port 12338:11: Bye Bye [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6381]: Disconnected from 196.251.69.116 port 12338 [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Received disconnect from 196.251.69.116 port 12364:11: Bye Bye [preauth]
May  9 05:08:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6384]: Disconnected from 196.251.69.116 port 12364 [preauth]
May  9 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Failed password for root from 146.190.241.149 port 59572 ssh2
May  9 05:08:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6364]: Connection closed by 146.190.241.149 port 59572 [preauth]
May  9 05:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Failed password for root from 218.92.0.179 port 18930 ssh2
May  9 05:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18930 ssh2]
May  9 05:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Received disconnect from 218.92.0.179 port 18930:11:  [preauth]
May  9 05:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: Disconnected from 218.92.0.179 port 18930 [preauth]
May  9 05:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6397]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: Invalid user nagios from 146.190.241.149
May  9 05:08:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: input_userauth_request: invalid user nagios [preauth]
May  9 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: Failed password for invalid user nagios from 146.190.241.149 port 47606 ssh2
May  9 05:08:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6430]: Connection closed by 146.190.241.149 port 47606 [preauth]
May  9 05:08:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Invalid user violet from 60.49.31.229
May  9 05:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: input_userauth_request: invalid user violet [preauth]
May  9 05:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:08:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Failed password for invalid user violet from 60.49.31.229 port 56860 ssh2
May  9 05:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Received disconnect from 60.49.31.229 port 56860:11: Bye Bye [preauth]
May  9 05:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6450]: Disconnected from 60.49.31.229 port 56860 [preauth]
May  9 05:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Invalid user postgres from 146.190.241.149
May  9 05:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: input_userauth_request: invalid user postgres [preauth]
May  9 05:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:09:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6470]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6471]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6468]: pam_unix(cron:session): session closed for user p13x
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Failed password for invalid user postgres from 146.190.241.149 port 55824 ssh2
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: Successful su for rubyman by root
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: + ??? root:rubyman
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357631 of user rubyman.
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6582]: pam_unix(su:session): session closed for user rubyman
May  9 05:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357631.
May  9 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6464]: Connection closed by 146.190.241.149 port 55824 [preauth]
May  9 05:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6466]: pam_unix(cron:session): session closed for user root
May  9 05:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3300]: pam_unix(cron:session): session closed for user root
May  9 05:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6469]: pam_unix(cron:session): session closed for user samftp
May  9 05:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Failed password for root from 146.190.241.149 port 46000 ssh2
May  9 05:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6818]: Connection closed by 146.190.241.149 port 46000 [preauth]
May  9 05:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Invalid user robot from 190.244.25.245
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: input_userauth_request: invalid user robot [preauth]
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Invalid user ftp_user from 193.70.84.184
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: input_userauth_request: invalid user ftp_user [preauth]
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Failed password for invalid user robot from 190.244.25.245 port 39626 ssh2
May  9 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Received disconnect from 190.244.25.245 port 39626:11: Bye Bye [preauth]
May  9 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6842]: Disconnected from 190.244.25.245 port 39626 [preauth]
May  9 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Failed password for invalid user ftp_user from 193.70.84.184 port 59466 ssh2
May  9 05:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Connection closed by 193.70.84.184 port 59466 [preauth]
May  9 05:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Invalid user palworld from 146.190.241.149
May  9 05:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: input_userauth_request: invalid user palworld [preauth]
May  9 05:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Failed password for invalid user palworld from 146.190.241.149 port 55188 ssh2
May  9 05:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6856]: Connection closed by 146.190.241.149 port 55188 [preauth]
May  9 05:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5466]: pam_unix(cron:session): session closed for user root
May  9 05:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 05:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Invalid user fil from 146.190.241.149
May  9 05:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: input_userauth_request: invalid user fil [preauth]
May  9 05:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Failed password for root from 80.94.95.116 port 38476 ssh2
May  9 05:09:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7007]: Connection closed by 80.94.95.116 port 38476 [preauth]
May  9 05:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Failed password for invalid user fil from 146.190.241.149 port 34448 ssh2
May  9 05:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7009]: Connection closed by 146.190.241.149 port 34448 [preauth]
May  9 05:09:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:09:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7046]: Failed password for root from 146.190.241.149 port 33554 ssh2
May  9 05:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7046]: Connection closed by 146.190.241.149 port 33554 [preauth]
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7081]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7075]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7074]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7073]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7081]: pam_unix(cron:session): session closed for user root
May  9 05:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7073]: pam_unix(cron:session): session closed for user p13x
May  9 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7164]: Successful su for rubyman by root
May  9 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7164]: + ??? root:rubyman
May  9 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7164]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357633 of user rubyman.
May  9 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7164]: pam_unix(su:session): session closed for user rubyman
May  9 05:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357633.
May  9 05:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7075]: pam_unix(cron:session): session closed for user root
May  9 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3763]: pam_unix(cron:session): session closed for user root
May  9 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Invalid user test from 146.190.241.149
May  9 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: input_userauth_request: invalid user test [preauth]
May  9 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7074]: pam_unix(cron:session): session closed for user samftp
May  9 05:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Failed password for invalid user test from 146.190.241.149 port 32874 ssh2
May  9 05:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Connection closed by 146.190.241.149 port 32874 [preauth]
May  9 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Invalid user newuser from 12.156.67.18
May  9 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: input_userauth_request: invalid user newuser [preauth]
May  9 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Failed password for invalid user newuser from 12.156.67.18 port 50814 ssh2
May  9 05:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Received disconnect from 12.156.67.18 port 50814:11: Bye Bye [preauth]
May  9 05:10:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7377]: Disconnected from 12.156.67.18 port 50814 [preauth]
May  9 05:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:10:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Failed password for root from 146.190.241.149 port 39382 ssh2
May  9 05:10:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7400]: Connection closed by 146.190.241.149 port 39382 [preauth]
May  9 05:10:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Invalid user amandabackup from 146.190.241.149
May  9 05:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: input_userauth_request: invalid user amandabackup [preauth]
May  9 05:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:10:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6033]: pam_unix(cron:session): session closed for user root
May  9 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Failed password for invalid user amandabackup from 146.190.241.149 port 41378 ssh2
May  9 05:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7439]: Connection closed by 146.190.241.149 port 41378 [preauth]
May  9 05:10:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Invalid user steam from 146.190.241.149
May  9 05:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: input_userauth_request: invalid user steam [preauth]
May  9 05:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:10:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Failed password for invalid user steam from 146.190.241.149 port 48356 ssh2
May  9 05:10:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7491]: Connection closed by 146.190.241.149 port 48356 [preauth]
May  9 05:10:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: User uucp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: input_userauth_request: invalid user uucp [preauth]
May  9 05:10:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=uucp
May  9 05:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Failed password for invalid user uucp from 146.190.241.149 port 45996 ssh2
May  9 05:11:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7626]: Connection closed by 146.190.241.149 port 45996 [preauth]
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7640]: pam_unix(cron:session): session closed for user p13x
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7718]: Successful su for rubyman by root
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7718]: + ??? root:rubyman
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7718]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357641 of user rubyman.
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7718]: pam_unix(su:session): session closed for user rubyman
May  9 05:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357641.
May  9 05:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4204]: pam_unix(cron:session): session closed for user root
May  9 05:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7641]: pam_unix(cron:session): session closed for user samftp
May  9 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7917]: Connection closed by 45.79.181.223 port 29272 [preauth]
May  9 05:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Invalid user tom from 146.190.241.149
May  9 05:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: input_userauth_request: invalid user tom [preauth]
May  9 05:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 45.79.181.223 port 29276 [preauth]
May  9 05:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7924]: fatal: Unable to negotiate with 45.79.181.223 port 29292: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  9 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Failed password for invalid user tom from 146.190.241.149 port 57932 ssh2
May  9 05:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Connection closed by 146.190.241.149 port 57932 [preauth]
May  9 05:11:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Invalid user ubuntu from 146.190.241.149
May  9 05:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Failed password for invalid user ubuntu from 146.190.241.149 port 45686 ssh2
May  9 05:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7970]: Connection closed by 146.190.241.149 port 45686 [preauth]
May  9 05:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6471]: pam_unix(cron:session): session closed for user root
May  9 05:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: Invalid user hadoop from 146.190.241.149
May  9 05:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: input_userauth_request: invalid user hadoop [preauth]
May  9 05:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:11:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:11:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: Failed password for invalid user hadoop from 146.190.241.149 port 48374 ssh2
May  9 05:11:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8022]: Connection closed by 146.190.241.149 port 48374 [preauth]
May  9 05:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Invalid user newuser from 186.233.208.13
May  9 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: input_userauth_request: invalid user newuser [preauth]
May  9 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 05:11:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Failed password for invalid user newuser from 186.233.208.13 port 54994 ssh2
May  9 05:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Received disconnect from 186.233.208.13 port 54994:11: Bye Bye [preauth]
May  9 05:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8032]: Disconnected from 186.233.208.13 port 54994 [preauth]
May  9 05:11:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Invalid user deploy from 146.190.241.149
May  9 05:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: input_userauth_request: invalid user deploy [preauth]
May  9 05:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:11:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Failed password for invalid user deploy from 146.190.241.149 port 34424 ssh2
May  9 05:11:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8055]: Connection closed by 146.190.241.149 port 34424 [preauth]
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8092]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8091]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8091]: pam_unix(cron:session): session closed for user p13x
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Invalid user nginx from 146.190.241.149
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: input_userauth_request: invalid user nginx [preauth]
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8170]: Successful su for rubyman by root
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8170]: + ??? root:rubyman
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8170]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357644 of user rubyman.
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8170]: pam_unix(su:session): session closed for user rubyman
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357644.
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Failed password for invalid user nginx from 146.190.241.149 port 36034 ssh2
May  9 05:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8087]: Connection closed by 146.190.241.149 port 36034 [preauth]
May  9 05:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4823]: pam_unix(cron:session): session closed for user root
May  9 05:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8092]: pam_unix(cron:session): session closed for user samftp
May  9 05:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:12:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5  user=root
May  9 05:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: Invalid user test from 146.190.241.149
May  9 05:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: input_userauth_request: invalid user test [preauth]
May  9 05:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:12:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Failed password for root from 165.22.235.5 port 43542 ssh2
May  9 05:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Received disconnect from 165.22.235.5 port 43542:11: Bye Bye [preauth]
May  9 05:12:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8376]: Disconnected from 165.22.235.5 port 43542 [preauth]
May  9 05:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: Failed password for invalid user test from 146.190.241.149 port 46472 ssh2
May  9 05:12:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8385]: Connection closed by 146.190.241.149 port 46472 [preauth]
May  9 05:12:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Invalid user tomcat from 146.190.241.149
May  9 05:12:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: input_userauth_request: invalid user tomcat [preauth]
May  9 05:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:12:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Failed password for invalid user tomcat from 146.190.241.149 port 46414 ssh2
May  9 05:12:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8429]: Connection closed by 146.190.241.149 port 46414 [preauth]
May  9 05:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7077]: pam_unix(cron:session): session closed for user root
May  9 05:12:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Invalid user www from 146.190.241.149
May  9 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: input_userauth_request: invalid user www [preauth]
May  9 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Failed password for invalid user www from 146.190.241.149 port 35854 ssh2
May  9 05:12:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8473]: Connection closed by 146.190.241.149 port 35854 [preauth]
May  9 05:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Invalid user bot from 146.190.241.149
May  9 05:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: input_userauth_request: invalid user bot [preauth]
May  9 05:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Failed password for invalid user bot from 146.190.241.149 port 41814 ssh2
May  9 05:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8517]: Connection closed by 146.190.241.149 port 41814 [preauth]
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8534]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8531]: pam_unix(cron:session): session closed for user p13x
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: Successful su for rubyman by root
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: + ??? root:rubyman
May  9 05:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357647 of user rubyman.
May  9 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8600]: pam_unix(su:session): session closed for user rubyman
May  9 05:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357647.
May  9 05:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5465]: pam_unix(cron:session): session closed for user root
May  9 05:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: Invalid user samba from 146.190.241.149
May  9 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: input_userauth_request: invalid user samba [preauth]
May  9 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8532]: pam_unix(cron:session): session closed for user samftp
May  9 05:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: Failed password for invalid user samba from 146.190.241.149 port 33876 ssh2
May  9 05:13:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8779]: Connection closed by 146.190.241.149 port 33876 [preauth]
May  9 05:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Invalid user samba from 146.190.241.149
May  9 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: input_userauth_request: invalid user samba [preauth]
May  9 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Failed password for invalid user samba from 146.190.241.149 port 52424 ssh2
May  9 05:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8828]: Connection closed by 146.190.241.149 port 52424 [preauth]
May  9 05:13:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7643]: pam_unix(cron:session): session closed for user root
May  9 05:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: Failed password for root from 146.190.241.149 port 40072 ssh2
May  9 05:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8875]: Connection closed by 146.190.241.149 port 40072 [preauth]
May  9 05:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Invalid user redis from 146.190.241.149
May  9 05:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: input_userauth_request: invalid user redis [preauth]
May  9 05:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Failed password for invalid user redis from 146.190.241.149 port 45688 ssh2
May  9 05:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8929]: Connection closed by 146.190.241.149 port 45688 [preauth]
May  9 05:13:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Invalid user oracle from 146.190.241.149
May  9 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: input_userauth_request: invalid user oracle [preauth]
May  9 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Failed password for invalid user oracle from 146.190.241.149 port 60214 ssh2
May  9 05:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8956]: Connection closed by 146.190.241.149 port 60214 [preauth]
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8964]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8963]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8963]: pam_unix(cron:session): session closed for user p13x
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9025]: Successful su for rubyman by root
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9025]: + ??? root:rubyman
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9025]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357652 of user rubyman.
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9025]: pam_unix(su:session): session closed for user rubyman
May  9 05:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357652.
May  9 05:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6032]: pam_unix(cron:session): session closed for user root
May  9 05:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8964]: pam_unix(cron:session): session closed for user samftp
May  9 05:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Invalid user vps from 146.190.241.149
May  9 05:14:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: input_userauth_request: invalid user vps [preauth]
May  9 05:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:14:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Failed password for invalid user vps from 146.190.241.149 port 34636 ssh2
May  9 05:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9339]: Connection closed by 146.190.241.149 port 34636 [preauth]
May  9 05:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Failed password for root from 146.190.241.149 port 55618 ssh2
May  9 05:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9384]: Connection closed by 146.190.241.149 port 55618 [preauth]
May  9 05:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Invalid user adolfo from 60.49.31.229
May  9 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: input_userauth_request: invalid user adolfo [preauth]
May  9 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Failed password for invalid user adolfo from 60.49.31.229 port 37568 ssh2
May  9 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8094]: pam_unix(cron:session): session closed for user root
May  9 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Received disconnect from 60.49.31.229 port 37568:11: Bye Bye [preauth]
May  9 05:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9408]: Disconnected from 60.49.31.229 port 37568 [preauth]
May  9 05:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: Invalid user oracle from 12.156.67.18
May  9 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: input_userauth_request: invalid user oracle [preauth]
May  9 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:14:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Failed password for root from 146.190.241.149 port 56586 ssh2
May  9 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9439]: Connection closed by 146.190.241.149 port 56586 [preauth]
May  9 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: Failed password for invalid user oracle from 12.156.67.18 port 36468 ssh2
May  9 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: Received disconnect from 12.156.67.18 port 36468:11: Bye Bye [preauth]
May  9 05:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9450]: Disconnected from 12.156.67.18 port 36468 [preauth]
May  9 05:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Invalid user nagios from 146.190.241.149
May  9 05:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: input_userauth_request: invalid user nagios [preauth]
May  9 05:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Failed password for invalid user nagios from 146.190.241.149 port 57802 ssh2
May  9 05:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9484]: Connection closed by 146.190.241.149 port 57802 [preauth]
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9510]: pam_unix(cron:session): session closed for user root
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9503]: pam_unix(cron:session): session closed for user p13x
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: Successful su for rubyman by root
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: + ??? root:rubyman
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357656 of user rubyman.
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9572]: pam_unix(su:session): session closed for user rubyman
May  9 05:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357656.
May  9 05:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9507]: pam_unix(cron:session): session closed for user root
May  9 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Invalid user redis from 146.190.241.149
May  9 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: input_userauth_request: invalid user redis [preauth]
May  9 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6470]: pam_unix(cron:session): session closed for user root
May  9 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Failed password for invalid user redis from 146.190.241.149 port 52748 ssh2
May  9 05:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9505]: pam_unix(cron:session): session closed for user samftp
May  9 05:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Connection closed by 146.190.241.149 port 52748 [preauth]
May  9 05:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 05:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: Failed password for root from 190.244.25.245 port 58188 ssh2
May  9 05:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: Received disconnect from 190.244.25.245 port 58188:11: Bye Bye [preauth]
May  9 05:15:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9800]: Disconnected from 190.244.25.245 port 58188 [preauth]
May  9 05:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: User ftp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: input_userauth_request: invalid user ftp [preauth]
May  9 05:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=ftp
May  9 05:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: Failed password for invalid user ftp from 146.190.241.149 port 37468 ssh2
May  9 05:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9825]: Connection closed by 146.190.241.149 port 37468 [preauth]
May  9 05:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Invalid user nvidia from 146.190.241.149
May  9 05:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: input_userauth_request: invalid user nvidia [preauth]
May  9 05:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Failed password for invalid user nvidia from 146.190.241.149 port 60392 ssh2
May  9 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Connection closed by 146.190.241.149 port 60392 [preauth]
May  9 05:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8534]: pam_unix(cron:session): session closed for user root
May  9 05:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: Invalid user www from 146.190.241.149
May  9 05:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: input_userauth_request: invalid user www [preauth]
May  9 05:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: Failed password for invalid user www from 146.190.241.149 port 55892 ssh2
May  9 05:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9898]: Connection closed by 146.190.241.149 port 55892 [preauth]
May  9 05:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Invalid user testuser from 146.190.241.149
May  9 05:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: input_userauth_request: invalid user testuser [preauth]
May  9 05:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Failed password for invalid user testuser from 146.190.241.149 port 47820 ssh2
May  9 05:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9939]: Connection closed by 146.190.241.149 port 47820 [preauth]
May  9 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9952]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9951]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9951]: pam_unix(cron:session): session closed for user p13x
May  9 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10019]: Successful su for rubyman by root
May  9 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10019]: + ??? root:rubyman
May  9 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10019]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357662 of user rubyman.
May  9 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10019]: pam_unix(su:session): session closed for user rubyman
May  9 05:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357662.
May  9 05:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7076]: pam_unix(cron:session): session closed for user root
May  9 05:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9952]: pam_unix(cron:session): session closed for user samftp
May  9 05:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: User sys from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: input_userauth_request: invalid user sys [preauth]
May  9 05:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=sys
May  9 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: Failed password for invalid user sys from 146.190.241.149 port 48754 ssh2
May  9 05:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10202]: Connection closed by 146.190.241.149 port 48754 [preauth]
May  9 05:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Invalid user uftp from 146.190.241.149
May  9 05:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: input_userauth_request: invalid user uftp [preauth]
May  9 05:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Failed password for invalid user uftp from 146.190.241.149 port 34132 ssh2
May  9 05:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10335]: Connection closed by 146.190.241.149 port 34132 [preauth]
May  9 05:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8966]: pam_unix(cron:session): session closed for user root
May  9 05:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: Invalid user ds from 146.190.241.149
May  9 05:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: input_userauth_request: invalid user ds [preauth]
May  9 05:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: Failed password for invalid user ds from 146.190.241.149 port 52114 ssh2
May  9 05:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10388]: Connection closed by 146.190.241.149 port 52114 [preauth]
May  9 05:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Invalid user latitude from 146.190.241.149
May  9 05:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: input_userauth_request: invalid user latitude [preauth]
May  9 05:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:16:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Failed password for invalid user latitude from 146.190.241.149 port 47552 ssh2
May  9 05:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10427]: Connection closed by 146.190.241.149 port 47552 [preauth]
May  9 05:16:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Invalid user kamran from 165.22.235.5
May  9 05:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: input_userauth_request: invalid user kamran [preauth]
May  9 05:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Failed password for invalid user kamran from 165.22.235.5 port 53880 ssh2
May  9 05:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Received disconnect from 165.22.235.5 port 53880:11: Bye Bye [preauth]
May  9 05:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10462]: Disconnected from 165.22.235.5 port 53880 [preauth]
May  9 05:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10472]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10473]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10469]: pam_unix(cron:session): session closed for user root
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10472]: pam_unix(cron:session): session closed for user p13x
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10540]: Successful su for rubyman by root
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10540]: + ??? root:rubyman
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357667 of user rubyman.
May  9 05:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10540]: pam_unix(su:session): session closed for user rubyman
May  9 05:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357667.
May  9 05:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: Failed password for root from 146.190.241.149 port 52440 ssh2
May  9 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10466]: Connection closed by 146.190.241.149 port 52440 [preauth]
May  9 05:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7642]: pam_unix(cron:session): session closed for user root
May  9 05:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10473]: pam_unix(cron:session): session closed for user samftp
May  9 05:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Invalid user dolphin from 146.190.241.149
May  9 05:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: input_userauth_request: invalid user dolphin [preauth]
May  9 05:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Failed password for invalid user dolphin from 146.190.241.149 port 48580 ssh2
May  9 05:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10802]: Connection closed by 146.190.241.149 port 48580 [preauth]
May  9 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10832]: Bad protocol version identification '' from 3.20.238.59 port 37042
May  9 05:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Invalid user srv from 186.233.208.13
May  9 05:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: input_userauth_request: invalid user srv [preauth]
May  9 05:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 05:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Invalid user sysadmin from 146.190.241.149
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: input_userauth_request: invalid user sysadmin [preauth]
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Failed password for invalid user srv from 186.233.208.13 port 56130 ssh2
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Received disconnect from 186.233.208.13 port 56130:11: Bye Bye [preauth]
May  9 05:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10847]: Disconnected from 186.233.208.13 port 56130 [preauth]
May  9 05:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Failed password for invalid user sysadmin from 146.190.241.149 port 34382 ssh2
May  9 05:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10858]: Connection closed by 146.190.241.149 port 34382 [preauth]
May  9 05:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10868]: Bad protocol version identification 'GET / HTTP/1.1' from 3.20.238.59 port 51388
May  9 05:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9509]: pam_unix(cron:session): session closed for user root
May  9 05:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10897]: Bad protocol version identification 'GET / HTTP/1.1' from 3.20.238.59 port 51430
May  9 05:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Failed password for root from 146.190.241.149 port 39828 ssh2
May  9 05:17:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10899]: Connection closed by 146.190.241.149 port 39828 [preauth]
May  9 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Invalid user steam from 146.190.241.149
May  9 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: input_userauth_request: invalid user steam [preauth]
May  9 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Failed password for invalid user steam from 146.190.241.149 port 44662 ssh2
May  9 05:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10937]: Connection closed by 146.190.241.149 port 44662 [preauth]
May  9 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10948]: pam_unix(cron:session): session closed for user p13x
May  9 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11013]: Successful su for rubyman by root
May  9 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11013]: + ??? root:rubyman
May  9 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11013]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357671 of user rubyman.
May  9 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11013]: pam_unix(su:session): session closed for user rubyman
May  9 05:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357671.
May  9 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8093]: pam_unix(cron:session): session closed for user root
May  9 05:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: User ftp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: input_userauth_request: invalid user ftp [preauth]
May  9 05:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=ftp
May  9 05:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10949]: pam_unix(cron:session): session closed for user samftp
May  9 05:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Failed password for invalid user ftp from 146.190.241.149 port 38600 ssh2
May  9 05:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11173]: Connection closed by 146.190.241.149 port 38600 [preauth]
May  9 05:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: Invalid user postgres from 146.190.241.149
May  9 05:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: input_userauth_request: invalid user postgres [preauth]
May  9 05:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: Failed password for invalid user postgres from 146.190.241.149 port 47488 ssh2
May  9 05:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11227]: Connection closed by 146.190.241.149 port 47488 [preauth]
May  9 05:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Failed password for root from 146.190.241.149 port 39646 ssh2
May  9 05:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11267]: Connection closed by 146.190.241.149 port 39646 [preauth]
May  9 05:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9954]: pam_unix(cron:session): session closed for user root
May  9 05:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:18:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Failed password for root from 146.190.241.149 port 47652 ssh2
May  9 05:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11306]: Connection closed by 146.190.241.149 port 47652 [preauth]
May  9 05:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Invalid user app from 146.190.241.149
May  9 05:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: input_userauth_request: invalid user app [preauth]
May  9 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:18:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Failed password for invalid user app from 146.190.241.149 port 37854 ssh2
May  9 05:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11345]: Connection closed by 146.190.241.149 port 37854 [preauth]
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11356]: pam_unix(cron:session): session closed for user p13x
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: Successful su for rubyman by root
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: + ??? root:rubyman
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357674 of user rubyman.
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11415]: pam_unix(su:session): session closed for user rubyman
May  9 05:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357674.
May  9 05:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8533]: pam_unix(cron:session): session closed for user root
May  9 05:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11357]: pam_unix(cron:session): session closed for user samftp
May  9 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Invalid user dev from 12.156.67.18
May  9 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: input_userauth_request: invalid user dev [preauth]
May  9 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Invalid user worker from 146.190.241.149
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: input_userauth_request: invalid user worker [preauth]
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Failed password for invalid user dev from 12.156.67.18 port 60622 ssh2
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Received disconnect from 12.156.67.18 port 60622:11: Bye Bye [preauth]
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11610]: Disconnected from 12.156.67.18 port 60622 [preauth]
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Failed password for invalid user worker from 146.190.241.149 port 58686 ssh2
May  9 05:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Connection closed by 146.190.241.149 port 58686 [preauth]
May  9 05:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 05:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Failed password for root from 218.92.0.206 port 22032 ssh2
May  9 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Failed password for root from 146.190.241.149 port 57578 ssh2
May  9 05:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11646]: Connection closed by 146.190.241.149 port 57578 [preauth]
May  9 05:19:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11644]: Failed password for root from 218.92.0.206 port 22032 ssh2
May  9 05:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10475]: pam_unix(cron:session): session closed for user root
May  9 05:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: Invalid user oracle from 146.190.241.149
May  9 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: input_userauth_request: invalid user oracle [preauth]
May  9 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: Failed password for invalid user oracle from 146.190.241.149 port 34638 ssh2
May  9 05:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11705]: Connection closed by 146.190.241.149 port 34638 [preauth]
May  9 05:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: Invalid user latitude from 146.190.241.149
May  9 05:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: input_userauth_request: invalid user latitude [preauth]
May  9 05:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: Failed password for invalid user latitude from 146.190.241.149 port 60344 ssh2
May  9 05:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11738]: Connection closed by 146.190.241.149 port 60344 [preauth]
May  9 05:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11770]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11771]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11769]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11774]: pam_unix(cron:session): session closed for user root
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11769]: pam_unix(cron:session): session closed for user p13x
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11839]: Successful su for rubyman by root
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11839]: + ??? root:rubyman
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357679 of user rubyman.
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11839]: pam_unix(su:session): session closed for user rubyman
May  9 05:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357679.
May  9 05:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: Failed password for root from 146.190.241.149 port 60782 ssh2
May  9 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11766]: Connection closed by 146.190.241.149 port 60782 [preauth]
May  9 05:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11771]: pam_unix(cron:session): session closed for user root
May  9 05:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8965]: pam_unix(cron:session): session closed for user root
May  9 05:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11770]: pam_unix(cron:session): session closed for user samftp
May  9 05:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Invalid user odoo from 146.190.241.149
May  9 05:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: input_userauth_request: invalid user odoo [preauth]
May  9 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Invalid user adrian from 60.49.31.229
May  9 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: input_userauth_request: invalid user adrian [preauth]
May  9 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Failed password for invalid user odoo from 146.190.241.149 port 50704 ssh2
May  9 05:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Failed password for invalid user adrian from 60.49.31.229 port 46508 ssh2
May  9 05:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12050]: Connection closed by 146.190.241.149 port 50704 [preauth]
May  9 05:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Received disconnect from 60.49.31.229 port 46508:11: Bye Bye [preauth]
May  9 05:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12052]: Disconnected from 60.49.31.229 port 46508 [preauth]
May  9 05:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Invalid user sysadmin from 146.190.241.149
May  9 05:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: input_userauth_request: invalid user sysadmin [preauth]
May  9 05:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Failed password for invalid user sysadmin from 146.190.241.149 port 45490 ssh2
May  9 05:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12097]: Connection closed by 146.190.241.149 port 45490 [preauth]
May  9 05:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10951]: pam_unix(cron:session): session closed for user root
May  9 05:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Invalid user ranger from 146.190.241.149
May  9 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: input_userauth_request: invalid user ranger [preauth]
May  9 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:20:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Failed password for invalid user ranger from 146.190.241.149 port 35460 ssh2
May  9 05:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12145]: Connection closed by 146.190.241.149 port 35460 [preauth]
May  9 05:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12178]: Bad protocol version identification '\026\003\001' from 3.20.238.59 port 47650
May  9 05:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Invalid user dolphin from 146.190.241.149
May  9 05:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: input_userauth_request: invalid user dolphin [preauth]
May  9 05:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Failed password for invalid user dolphin from 146.190.241.149 port 51034 ssh2
May  9 05:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12179]: Connection closed by 146.190.241.149 port 51034 [preauth]
May  9 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12199]: pam_unix(cron:session): session closed for user p13x
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12269]: Successful su for rubyman by root
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12269]: + ??? root:rubyman
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12269]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357686 of user rubyman.
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12269]: pam_unix(su:session): session closed for user rubyman
May  9 05:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357686.
May  9 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: input_userauth_request: invalid user www-data [preauth]
May  9 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 05:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9508]: pam_unix(cron:session): session closed for user root
May  9 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Failed password for invalid user www-data from 146.190.241.149 port 36096 ssh2
May  9 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12400]: Connection closed by 146.190.241.149 port 36096 [preauth]
May  9 05:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12200]: pam_unix(cron:session): session closed for user samftp
May  9 05:21:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Invalid user mina from 190.244.25.245
May  9 05:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: input_userauth_request: invalid user mina [preauth]
May  9 05:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Failed password for invalid user mina from 190.244.25.245 port 33490 ssh2
May  9 05:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Received disconnect from 190.244.25.245 port 33490:11: Bye Bye [preauth]
May  9 05:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12474]: Disconnected from 190.244.25.245 port 33490 [preauth]
May  9 05:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: Invalid user satisfactory from 146.190.241.149
May  9 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: input_userauth_request: invalid user satisfactory [preauth]
May  9 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:21:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: Failed password for invalid user satisfactory from 146.190.241.149 port 49192 ssh2
May  9 05:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12498]: Connection closed by 146.190.241.149 port 49192 [preauth]
May  9 05:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12500]: Connection closed by 3.20.238.59 port 54148 [preauth]
May  9 05:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Invalid user admin from 146.190.241.149
May  9 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: input_userauth_request: invalid user admin [preauth]
May  9 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Failed password for invalid user admin from 146.190.241.149 port 53214 ssh2
May  9 05:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12531]: Connection closed by 146.190.241.149 port 53214 [preauth]
May  9 05:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user root
May  9 05:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Invalid user vhserver3 from 165.22.235.5
May  9 05:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: input_userauth_request: invalid user vhserver3 [preauth]
May  9 05:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Failed password for invalid user vhserver3 from 165.22.235.5 port 51488 ssh2
May  9 05:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Received disconnect from 165.22.235.5 port 51488:11: Bye Bye [preauth]
May  9 05:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12570]: Disconnected from 165.22.235.5 port 51488 [preauth]
May  9 05:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Invalid user qsj from 14.103.127.97
May  9 05:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: input_userauth_request: invalid user qsj [preauth]
May  9 05:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 05:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Failed password for invalid user qsj from 14.103.127.97 port 41152 ssh2
May  9 05:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Received disconnect from 14.103.127.97 port 41152:11: Bye Bye [preauth]
May  9 05:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12582]: Disconnected from 14.103.127.97 port 41152 [preauth]
May  9 05:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Failed password for root from 146.190.241.149 port 38152 ssh2
May  9 05:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12584]: Connection closed by 146.190.241.149 port 38152 [preauth]
May  9 05:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Invalid user redis from 146.190.241.149
May  9 05:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: input_userauth_request: invalid user redis [preauth]
May  9 05:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Failed password for invalid user redis from 146.190.241.149 port 42914 ssh2
May  9 05:21:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12615]: Connection closed by 146.190.241.149 port 42914 [preauth]
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12626]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12626]: pam_unix(cron:session): session closed for user p13x
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: Successful su for rubyman by root
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: + ??? root:rubyman
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357689 of user rubyman.
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12684]: pam_unix(su:session): session closed for user rubyman
May  9 05:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357689.
May  9 05:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9953]: pam_unix(cron:session): session closed for user root
May  9 05:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12627]: pam_unix(cron:session): session closed for user samftp
May  9 05:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Invalid user redis from 146.190.241.149
May  9 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: input_userauth_request: invalid user redis [preauth]
May  9 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Failed password for invalid user redis from 146.190.241.149 port 36982 ssh2
May  9 05:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12870]: Connection closed by 146.190.241.149 port 36982 [preauth]
May  9 05:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Invalid user plex from 146.190.241.149
May  9 05:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: input_userauth_request: invalid user plex [preauth]
May  9 05:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Failed password for invalid user plex from 146.190.241.149 port 35214 ssh2
May  9 05:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12906]: Connection closed by 146.190.241.149 port 35214 [preauth]
May  9 05:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11773]: pam_unix(cron:session): session closed for user root
May  9 05:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: Invalid user ark from 146.190.241.149
May  9 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: input_userauth_request: invalid user ark [preauth]
May  9 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: Failed password for invalid user ark from 146.190.241.149 port 59756 ssh2
May  9 05:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12958]: Connection closed by 146.190.241.149 port 59756 [preauth]
May  9 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Invalid user elastic from 146.190.241.149
May  9 05:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: input_userauth_request: invalid user elastic [preauth]
May  9 05:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Failed password for invalid user elastic from 146.190.241.149 port 59166 ssh2
May  9 05:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13002]: Connection closed by 146.190.241.149 port 59166 [preauth]
May  9 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: Invalid user zookeeper from 146.190.241.149
May  9 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: input_userauth_request: invalid user zookeeper [preauth]
May  9 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: Failed password for invalid user zookeeper from 146.190.241.149 port 48924 ssh2
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13032]: pam_unix(cron:session): session closed for user p13x
May  9 05:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13021]: Connection closed by 146.190.241.149 port 48924 [preauth]
May  9 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13099]: Successful su for rubyman by root
May  9 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13099]: + ??? root:rubyman
May  9 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13099]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357692 of user rubyman.
May  9 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13099]: pam_unix(su:session): session closed for user rubyman
May  9 05:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357692.
May  9 05:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10474]: pam_unix(cron:session): session closed for user root
May  9 05:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13033]: pam_unix(cron:session): session closed for user samftp
May  9 05:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: User www-data from 186.233.208.13 not allowed because not listed in AllowUsers
May  9 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: input_userauth_request: invalid user www-data [preauth]
May  9 05:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=www-data
May  9 05:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: Failed password for invalid user www-data from 186.233.208.13 port 39316 ssh2
May  9 05:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: Received disconnect from 186.233.208.13 port 39316:11: Bye Bye [preauth]
May  9 05:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13284]: Disconnected from 186.233.208.13 port 39316 [preauth]
May  9 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: Invalid user dolphinscheduler from 146.190.241.149
May  9 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 56106 ssh2
May  9 05:23:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13296]: Connection closed by 146.190.241.149 port 56106 [preauth]
May  9 05:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13329]: Bad protocol version identification '\026\003\001' from 3.20.238.59 port 42944
May  9 05:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Failed password for root from 146.190.241.149 port 36858 ssh2
May  9 05:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13343]: Connection closed by 146.190.241.149 port 36858 [preauth]
May  9 05:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12202]: pam_unix(cron:session): session closed for user root
May  9 05:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: Invalid user airflow from 146.190.241.149
May  9 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: input_userauth_request: invalid user airflow [preauth]
May  9 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: Failed password for invalid user airflow from 146.190.241.149 port 52040 ssh2
May  9 05:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13383]: Connection closed by 146.190.241.149 port 52040 [preauth]
May  9 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Invalid user testftp from 12.156.67.18
May  9 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: input_userauth_request: invalid user testftp [preauth]
May  9 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Failed password for invalid user testftp from 12.156.67.18 port 37906 ssh2
May  9 05:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Received disconnect from 12.156.67.18 port 37906:11: Bye Bye [preauth]
May  9 05:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13393]: Disconnected from 12.156.67.18 port 37906 [preauth]
May  9 05:23:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Invalid user samba from 146.190.241.149
May  9 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: input_userauth_request: invalid user samba [preauth]
May  9 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Failed password for invalid user samba from 146.190.241.149 port 36010 ssh2
May  9 05:23:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13427]: Connection closed by 146.190.241.149 port 36010 [preauth]
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13531]: pam_unix(cron:session): session closed for user p13x
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: Successful su for rubyman by root
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: + ??? root:rubyman
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357696 of user rubyman.
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13608]: pam_unix(su:session): session closed for user rubyman
May  9 05:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357696.
May  9 05:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Invalid user amandabackup from 146.190.241.149
May  9 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: input_userauth_request: invalid user amandabackup [preauth]
May  9 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10950]: pam_unix(cron:session): session closed for user root
May  9 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Failed password for invalid user amandabackup from 146.190.241.149 port 47534 ssh2
May  9 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13534]: pam_unix(cron:session): session closed for user samftp
May  9 05:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13709]: Connection closed by 146.190.241.149 port 47534 [preauth]
May  9 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Invalid user sonar from 146.190.241.149
May  9 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: input_userauth_request: invalid user sonar [preauth]
May  9 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Failed password for invalid user sonar from 146.190.241.149 port 49456 ssh2
May  9 05:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13831]: Connection closed by 146.190.241.149 port 49456 [preauth]
May  9 05:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: Invalid user node from 146.190.241.149
May  9 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: input_userauth_request: invalid user node [preauth]
May  9 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12629]: pam_unix(cron:session): session closed for user root
May  9 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: Failed password for invalid user node from 146.190.241.149 port 37036 ssh2
May  9 05:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13863]: Connection closed by 146.190.241.149 port 37036 [preauth]
May  9 05:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Invalid user admin from 80.94.95.112
May  9 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: input_userauth_request: invalid user admin [preauth]
May  9 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 05:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for invalid user admin from 80.94.95.112 port 52033 ssh2
May  9 05:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Invalid user nagios from 146.190.241.149
May  9 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: input_userauth_request: invalid user nagios [preauth]
May  9 05:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for invalid user admin from 80.94.95.112 port 52033 ssh2
May  9 05:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Failed password for invalid user nagios from 146.190.241.149 port 35906 ssh2
May  9 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for invalid user admin from 80.94.95.112 port 52033 ssh2
May  9 05:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13904]: Connection closed by 146.190.241.149 port 35906 [preauth]
May  9 05:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for invalid user admin from 80.94.95.112 port 52033 ssh2
May  9 05:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Invalid user test from 80.94.95.115
May  9 05:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: input_userauth_request: invalid user test [preauth]
May  9 05:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  9 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Failed password for invalid user admin from 80.94.95.112 port 52033 ssh2
May  9 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Received disconnect from 80.94.95.112 port 52033:11: Bye [preauth]
May  9 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: Disconnected from 80.94.95.112 port 52033 [preauth]
May  9 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 05:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13912]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Failed password for invalid user test from 80.94.95.115 port 57304 ssh2
May  9 05:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13939]: Connection closed by 80.94.95.115 port 57304 [preauth]
May  9 05:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: Invalid user yarn from 146.190.241.149
May  9 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: input_userauth_request: invalid user yarn [preauth]
May  9 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: Failed password for invalid user yarn from 146.190.241.149 port 43862 ssh2
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13950]: Connection closed by 146.190.241.149 port 43862 [preauth]
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13969]: pam_unix(cron:session): session closed for user root
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13964]: pam_unix(cron:session): session closed for user p13x
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14035]: Successful su for rubyman by root
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14035]: + ??? root:rubyman
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357702 of user rubyman.
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14035]: pam_unix(su:session): session closed for user rubyman
May  9 05:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357702.
May  9 05:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  9 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  9 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13966]: pam_unix(cron:session): session closed for user root
May  9 05:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11358]: pam_unix(cron:session): session closed for user root
May  9 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Failed password for root from 218.92.0.179 port 59267 ssh2
May  9 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Received disconnect from 218.92.0.179 port 59267:11:  [preauth]
May  9 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: Disconnected from 218.92.0.179 port 59267 [preauth]
May  9 05:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13960]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13965]: pam_unix(cron:session): session closed for user samftp
May  9 05:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Invalid user dolphinscheduler from 146.190.241.149
May  9 05:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 42002 ssh2
May  9 05:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14243]: Connection closed by 146.190.241.149 port 42002 [preauth]
May  9 05:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Invalid user user from 146.190.241.149
May  9 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: input_userauth_request: invalid user user [preauth]
May  9 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Failed password for invalid user user from 146.190.241.149 port 34394 ssh2
May  9 05:25:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14287]: Connection closed by 146.190.241.149 port 34394 [preauth]
May  9 05:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13039]: pam_unix(cron:session): session closed for user root
May  9 05:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Invalid user opc from 146.190.241.149
May  9 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: input_userauth_request: invalid user opc [preauth]
May  9 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Failed password for invalid user opc from 146.190.241.149 port 48852 ssh2
May  9 05:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14347]: Connection closed by 146.190.241.149 port 48852 [preauth]
May  9 05:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Invalid user tom from 146.190.241.149
May  9 05:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: input_userauth_request: invalid user tom [preauth]
May  9 05:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Failed password for invalid user tom from 146.190.241.149 port 40810 ssh2
May  9 05:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14383]: Connection closed by 146.190.241.149 port 40810 [preauth]
May  9 05:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: Invalid user hammad from 60.49.31.229
May  9 05:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: input_userauth_request: invalid user hammad [preauth]
May  9 05:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: Failed password for invalid user hammad from 60.49.31.229 port 55450 ssh2
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: Received disconnect from 60.49.31.229 port 55450:11: Bye Bye [preauth]
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14401]: Disconnected from 60.49.31.229 port 55450 [preauth]
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14407]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14404]: pam_unix(cron:session): session closed for user p13x
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: Successful su for rubyman by root
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: + ??? root:rubyman
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357706 of user rubyman.
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14470]: pam_unix(su:session): session closed for user rubyman
May  9 05:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357706.
May  9 05:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Invalid user palworld from 146.190.241.149
May  9 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: input_userauth_request: invalid user palworld [preauth]
May  9 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user palworld from 146.190.241.149 port 34250 ssh2
May  9 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11772]: pam_unix(cron:session): session closed for user root
May  9 05:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Connection closed by 146.190.241.149 port 34250 [preauth]
May  9 05:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14405]: pam_unix(cron:session): session closed for user samftp
May  9 05:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Invalid user erp from 122.114.173.209
May  9 05:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: input_userauth_request: invalid user erp [preauth]
May  9 05:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.173.209
May  9 05:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Failed password for invalid user erp from 122.114.173.209 port 32845 ssh2
May  9 05:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Received disconnect from 122.114.173.209 port 32845:11: Bye Bye [preauth]
May  9 05:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14674]: Disconnected from 122.114.173.209 port 32845 [preauth]
May  9 05:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Invalid user vagrant from 146.190.241.149
May  9 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: input_userauth_request: invalid user vagrant [preauth]
May  9 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Invalid user prowlarr from 165.22.235.5
May  9 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: input_userauth_request: invalid user prowlarr [preauth]
May  9 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Failed password for invalid user vagrant from 146.190.241.149 port 59168 ssh2
May  9 05:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14706]: Connection closed by 146.190.241.149 port 59168 [preauth]
May  9 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Failed password for invalid user prowlarr from 165.22.235.5 port 45082 ssh2
May  9 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Received disconnect from 165.22.235.5 port 45082:11: Bye Bye [preauth]
May  9 05:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14708]: Disconnected from 165.22.235.5 port 45082 [preauth]
May  9 05:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Invalid user elk from 146.190.241.149
May  9 05:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: input_userauth_request: invalid user elk [preauth]
May  9 05:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Failed password for invalid user elk from 146.190.241.149 port 60682 ssh2
May  9 05:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14741]: Connection closed by 146.190.241.149 port 60682 [preauth]
May  9 05:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13544]: pam_unix(cron:session): session closed for user root
May  9 05:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Invalid user solana from 146.190.241.149
May  9 05:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: input_userauth_request: invalid user solana [preauth]
May  9 05:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Failed password for invalid user solana from 146.190.241.149 port 50610 ssh2
May  9 05:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14787]: Connection closed by 146.190.241.149 port 50610 [preauth]
May  9 05:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: Invalid user master from 146.190.241.149
May  9 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: input_userauth_request: invalid user master [preauth]
May  9 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: Failed password for invalid user master from 146.190.241.149 port 47276 ssh2
May  9 05:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14821]: Connection closed by 146.190.241.149 port 47276 [preauth]
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14833]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14832]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14832]: pam_unix(cron:session): session closed for user p13x
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: Successful su for rubyman by root
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: + ??? root:rubyman
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357710 of user rubyman.
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14897]: pam_unix(su:session): session closed for user rubyman
May  9 05:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357710.
May  9 05:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12201]: pam_unix(cron:session): session closed for user root
May  9 05:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14833]: pam_unix(cron:session): session closed for user samftp
May  9 05:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Invalid user es from 146.190.241.149
May  9 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: input_userauth_request: invalid user es [preauth]
May  9 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Failed password for invalid user es from 146.190.241.149 port 53710 ssh2
May  9 05:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15091]: Connection closed by 146.190.241.149 port 53710 [preauth]
May  9 05:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 05:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: Failed password for root from 190.244.25.245 port 50830 ssh2
May  9 05:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: Received disconnect from 190.244.25.245 port 50830:11: Bye Bye [preauth]
May  9 05:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15102]: Disconnected from 190.244.25.245 port 50830 [preauth]
May  9 05:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Failed password for root from 146.190.241.149 port 38458 ssh2
May  9 05:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15133]: Connection closed by 146.190.241.149 port 38458 [preauth]
May  9 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Invalid user factorio from 146.190.241.149
May  9 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: input_userauth_request: invalid user factorio [preauth]
May  9 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Failed password for invalid user factorio from 146.190.241.149 port 37566 ssh2
May  9 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15164]: Connection closed by 146.190.241.149 port 37566 [preauth]
May  9 05:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13968]: pam_unix(cron:session): session closed for user root
May  9 05:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for root from 218.92.0.179 port 24906 ssh2
May  9 05:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for root from 218.92.0.179 port 24906 ssh2
May  9 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Failed password for root from 146.190.241.149 port 38798 ssh2
May  9 05:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15226]: Connection closed by 146.190.241.149 port 38798 [preauth]
May  9 05:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Failed password for root from 218.92.0.179 port 24906 ssh2
May  9 05:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Received disconnect from 218.92.0.179 port 24906:11:  [preauth]
May  9 05:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: Disconnected from 218.92.0.179 port 24906 [preauth]
May  9 05:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15203]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Invalid user ubuntu from 146.190.241.149
May  9 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Failed password for invalid user ubuntu from 146.190.241.149 port 55472 ssh2
May  9 05:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15246]: Connection closed by 146.190.241.149 port 55472 [preauth]
May  9 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15257]: pam_unix(cron:session): session closed for user p13x
May  9 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15319]: Successful su for rubyman by root
May  9 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15319]: + ??? root:rubyman
May  9 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15319]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357714 of user rubyman.
May  9 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15319]: pam_unix(su:session): session closed for user rubyman
May  9 05:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357714.
May  9 05:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12628]: pam_unix(cron:session): session closed for user root
May  9 05:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15258]: pam_unix(cron:session): session closed for user samftp
May  9 05:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Invalid user steam from 146.190.241.149
May  9 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: input_userauth_request: invalid user steam [preauth]
May  9 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Failed password for invalid user steam from 146.190.241.149 port 49854 ssh2
May  9 05:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15503]: Connection closed by 146.190.241.149 port 49854 [preauth]
May  9 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  9 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Failed password for root from 12.156.67.18 port 37440 ssh2
May  9 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Received disconnect from 12.156.67.18 port 37440:11: Bye Bye [preauth]
May  9 05:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15534]: Disconnected from 12.156.67.18 port 37440 [preauth]
May  9 05:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Invalid user steam from 146.190.241.149
May  9 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: input_userauth_request: invalid user steam [preauth]
May  9 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Failed password for invalid user steam from 146.190.241.149 port 50134 ssh2
May  9 05:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15544]: Connection closed by 146.190.241.149 port 50134 [preauth]
May  9 05:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14407]: pam_unix(cron:session): session closed for user root
May  9 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Invalid user virtualbox from 146.190.241.149
May  9 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: input_userauth_request: invalid user virtualbox [preauth]
May  9 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:28:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Failed password for invalid user virtualbox from 146.190.241.149 port 39084 ssh2
May  9 05:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15597]: Connection closed by 146.190.241.149 port 39084 [preauth]
May  9 05:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: Invalid user ec2-user from 146.190.241.149
May  9 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: input_userauth_request: invalid user ec2-user [preauth]
May  9 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: Failed password for invalid user ec2-user from 146.190.241.149 port 60674 ssh2
May  9 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Invalid user ftp_user from 186.233.208.13
May  9 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: input_userauth_request: invalid user ftp_user [preauth]
May  9 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 05:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15636]: Connection closed by 146.190.241.149 port 60674 [preauth]
May  9 05:28:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Failed password for invalid user ftp_user from 186.233.208.13 port 50378 ssh2
May  9 05:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Received disconnect from 186.233.208.13 port 50378:11: Bye Bye [preauth]
May  9 05:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15639]: Disconnected from 186.233.208.13 port 50378 [preauth]
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Invalid user oscar from 146.190.241.149
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: input_userauth_request: invalid user oscar [preauth]
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15660]: pam_unix(cron:session): session closed for user p13x
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15724]: Successful su for rubyman by root
May  9 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15724]: + ??? root:rubyman
May  9 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15724]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357718 of user rubyman.
May  9 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15724]: pam_unix(su:session): session closed for user rubyman
May  9 05:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357718.
May  9 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Failed password for invalid user oscar from 146.190.241.149 port 52144 ssh2
May  9 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15657]: Connection closed by 146.190.241.149 port 52144 [preauth]
May  9 05:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13034]: pam_unix(cron:session): session closed for user root
May  9 05:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15661]: pam_unix(cron:session): session closed for user samftp
May  9 05:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 05:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Failed password for root from 80.94.95.241 port 62621 ssh2
May  9 05:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Invalid user node from 146.190.241.149
May  9 05:29:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: input_userauth_request: invalid user node [preauth]
May  9 05:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Failed password for root from 80.94.95.241 port 62621 ssh2
May  9 05:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Failed password for invalid user node from 146.190.241.149 port 54656 ssh2
May  9 05:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15935]: Connection closed by 146.190.241.149 port 54656 [preauth]
May  9 05:29:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Failed password for root from 80.94.95.241 port 62621 ssh2
May  9 05:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: message repeated 2 times: [ Failed password for root from 80.94.95.241 port 62621 ssh2]
May  9 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Received disconnect from 80.94.95.241 port 62621:11: Bye [preauth]
May  9 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: Disconnected from 80.94.95.241 port 62621 [preauth]
May  9 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241  user=root
May  9 05:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15923]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:29:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Invalid user test from 146.190.241.149
May  9 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: input_userauth_request: invalid user test [preauth]
May  9 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Failed password for invalid user test from 146.190.241.149 port 56322 ssh2
May  9 05:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15979]: Connection closed by 146.190.241.149 port 56322 [preauth]
May  9 05:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session closed for user root
May  9 05:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: Invalid user vagrant from 146.190.241.149
May  9 05:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: input_userauth_request: invalid user vagrant [preauth]
May  9 05:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:29:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: Failed password for invalid user vagrant from 146.190.241.149 port 57006 ssh2
May  9 05:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16017]: Connection closed by 146.190.241.149 port 57006 [preauth]
May  9 05:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Invalid user fil from 146.190.241.149
May  9 05:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: input_userauth_request: invalid user fil [preauth]
May  9 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Failed password for invalid user fil from 146.190.241.149 port 42020 ssh2
May  9 05:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16047]: Connection closed by 146.190.241.149 port 42020 [preauth]
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16068]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user root
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16066]: pam_unix(cron:session): session closed for user p13x
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: Successful su for rubyman by root
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: + ??? root:rubyman
May  9 05:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357723 of user rubyman.
May  9 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16134]: pam_unix(su:session): session closed for user rubyman
May  9 05:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357723.
May  9 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16068]: pam_unix(cron:session): session closed for user root
May  9 05:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13535]: pam_unix(cron:session): session closed for user root
May  9 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Invalid user postgres from 146.190.241.149
May  9 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: input_userauth_request: invalid user postgres [preauth]
May  9 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Failed password for invalid user postgres from 146.190.241.149 port 57332 ssh2
May  9 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16259]: Connection closed by 146.190.241.149 port 57332 [preauth]
May  9 05:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16067]: pam_unix(cron:session): session closed for user samftp
May  9 05:30:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Invalid user nginx from 146.190.241.149
May  9 05:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: input_userauth_request: invalid user nginx [preauth]
May  9 05:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:30:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Failed password for invalid user nginx from 146.190.241.149 port 56532 ssh2
May  9 05:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16364]: Connection closed by 146.190.241.149 port 56532 [preauth]
May  9 05:30:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Invalid user ubuntu from 146.190.241.149
May  9 05:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Failed password for invalid user ubuntu from 146.190.241.149 port 45696 ssh2
May  9 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15260]: pam_unix(cron:session): session closed for user root
May  9 05:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16402]: Connection closed by 146.190.241.149 port 45696 [preauth]
May  9 05:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Failed password for root from 146.190.241.149 port 37656 ssh2
May  9 05:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16456]: Connection closed by 146.190.241.149 port 37656 [preauth]
May  9 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Invalid user dolphin from 146.190.241.149
May  9 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: input_userauth_request: invalid user dolphin [preauth]
May  9 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Failed password for invalid user dolphin from 146.190.241.149 port 35380 ssh2
May  9 05:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: Invalid user rstudio from 165.22.235.5
May  9 05:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: input_userauth_request: invalid user rstudio [preauth]
May  9 05:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16504]: Connection closed by 146.190.241.149 port 35380 [preauth]
May  9 05:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: Failed password for invalid user rstudio from 165.22.235.5 port 57348 ssh2
May  9 05:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: Received disconnect from 165.22.235.5 port 57348:11: Bye Bye [preauth]
May  9 05:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16517]: Disconnected from 165.22.235.5 port 57348 [preauth]
May  9 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16521]: pam_unix(cron:session): session closed for user p13x
May  9 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16607]: Successful su for rubyman by root
May  9 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16607]: + ??? root:rubyman
May  9 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357728 of user rubyman.
May  9 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16607]: pam_unix(su:session): session closed for user rubyman
May  9 05:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357728.
May  9 05:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13967]: pam_unix(cron:session): session closed for user root
May  9 05:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16523]: pam_unix(cron:session): session closed for user samftp
May  9 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: Invalid user dev from 146.190.241.149
May  9 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: input_userauth_request: invalid user dev [preauth]
May  9 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: Failed password for invalid user dev from 146.190.241.149 port 50670 ssh2
May  9 05:31:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16810]: Connection closed by 146.190.241.149 port 50670 [preauth]
May  9 05:31:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: Invalid user gitlab-runner from 146.190.241.149
May  9 05:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: input_userauth_request: invalid user gitlab-runner [preauth]
May  9 05:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: Failed password for invalid user gitlab-runner from 146.190.241.149 port 36186 ssh2
May  9 05:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16842]: Connection closed by 146.190.241.149 port 36186 [preauth]
May  9 05:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15663]: pam_unix(cron:session): session closed for user root
May  9 05:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Failed password for root from 146.190.241.149 port 39786 ssh2
May  9 05:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16913]: Connection closed by 146.190.241.149 port 39786 [preauth]
May  9 05:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Invalid user dm from 60.49.31.229
May  9 05:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: input_userauth_request: invalid user dm [preauth]
May  9 05:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Failed password for invalid user dm from 60.49.31.229 port 36152 ssh2
May  9 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Received disconnect from 60.49.31.229 port 36152:11: Bye Bye [preauth]
May  9 05:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Disconnected from 60.49.31.229 port 36152 [preauth]
May  9 05:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Invalid user tomcat from 146.190.241.149
May  9 05:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: input_userauth_request: invalid user tomcat [preauth]
May  9 05:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Failed password for invalid user tomcat from 146.190.241.149 port 54058 ssh2
May  9 05:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Connection closed by 146.190.241.149 port 54058 [preauth]
May  9 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Invalid user esuser from 146.190.241.149
May  9 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: input_userauth_request: invalid user esuser [preauth]
May  9 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17002]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17001]: pam_unix(cron:session): session closed for user p13x
May  9 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17062]: Successful su for rubyman by root
May  9 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17062]: + ??? root:rubyman
May  9 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17062]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357732 of user rubyman.
May  9 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17062]: pam_unix(su:session): session closed for user rubyman
May  9 05:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357732.
May  9 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Failed password for invalid user esuser from 146.190.241.149 port 45006 ssh2
May  9 05:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16990]: Connection closed by 146.190.241.149 port 45006 [preauth]
May  9 05:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14406]: pam_unix(cron:session): session closed for user root
May  9 05:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17002]: pam_unix(cron:session): session closed for user samftp
May  9 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Invalid user gitlab from 146.190.241.149
May  9 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: input_userauth_request: invalid user gitlab [preauth]
May  9 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:32:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Failed password for invalid user gitlab from 146.190.241.149 port 49460 ssh2
May  9 05:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17256]: Connection closed by 146.190.241.149 port 49460 [preauth]
May  9 05:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Invalid user sysadmin from 146.190.241.149
May  9 05:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: input_userauth_request: invalid user sysadmin [preauth]
May  9 05:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Failed password for invalid user sysadmin from 146.190.241.149 port 47346 ssh2
May  9 05:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17305]: Connection closed by 146.190.241.149 port 47346 [preauth]
May  9 05:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16070]: pam_unix(cron:session): session closed for user root
May  9 05:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Invalid user airflow from 146.190.241.149
May  9 05:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: input_userauth_request: invalid user airflow [preauth]
May  9 05:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:32:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Failed password for invalid user airflow from 146.190.241.149 port 52766 ssh2
May  9 05:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17351]: Connection closed by 146.190.241.149 port 52766 [preauth]
May  9 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Invalid user testuser from 146.190.241.149
May  9 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: input_userauth_request: invalid user testuser [preauth]
May  9 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:32:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Failed password for invalid user testuser from 146.190.241.149 port 56520 ssh2
May  9 05:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17383]: Connection closed by 146.190.241.149 port 56520 [preauth]
May  9 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Invalid user ftp_user from 12.156.67.18
May  9 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: input_userauth_request: invalid user ftp_user [preauth]
May  9 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Failed password for invalid user ftp_user from 12.156.67.18 port 45726 ssh2
May  9 05:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Received disconnect from 12.156.67.18 port 45726:11: Bye Bye [preauth]
May  9 05:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17394]: Disconnected from 12.156.67.18 port 45726 [preauth]
May  9 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17408]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17407]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17407]: pam_unix(cron:session): session closed for user p13x
May  9 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: Successful su for rubyman by root
May  9 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: + ??? root:rubyman
May  9 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357738 of user rubyman.
May  9 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17472]: pam_unix(su:session): session closed for user rubyman
May  9 05:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357738.
May  9 05:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session closed for user root
May  9 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Invalid user solr from 146.190.241.149
May  9 05:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: input_userauth_request: invalid user solr [preauth]
May  9 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Failed password for invalid user solr from 146.190.241.149 port 52412 ssh2
May  9 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17408]: pam_unix(cron:session): session closed for user samftp
May  9 05:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17555]: Connection closed by 146.190.241.149 port 52412 [preauth]
May  9 05:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: Invalid user egor from 190.244.25.245
May  9 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: input_userauth_request: invalid user egor [preauth]
May  9 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:33:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: Failed password for invalid user egor from 190.244.25.245 port 39536 ssh2
May  9 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: Received disconnect from 190.244.25.245 port 39536:11: Bye Bye [preauth]
May  9 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17685]: Disconnected from 190.244.25.245 port 39536 [preauth]
May  9 05:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: Invalid user goeth from 146.190.241.149
May  9 05:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: input_userauth_request: invalid user goeth [preauth]
May  9 05:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:33:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: Failed password for invalid user goeth from 146.190.241.149 port 50552 ssh2
May  9 05:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17709]: Connection closed by 146.190.241.149 port 50552 [preauth]
May  9 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: Invalid user zabbix from 146.190.241.149
May  9 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: input_userauth_request: invalid user zabbix [preauth]
May  9 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:33:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: Failed password for invalid user zabbix from 146.190.241.149 port 34670 ssh2
May  9 05:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17741]: Connection closed by 146.190.241.149 port 34670 [preauth]
May  9 05:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16525]: pam_unix(cron:session): session closed for user root
May  9 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Invalid user nagios from 146.190.241.149
May  9 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: input_userauth_request: invalid user nagios [preauth]
May  9 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:33:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Failed password for invalid user nagios from 146.190.241.149 port 34416 ssh2
May  9 05:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17824]: Connection closed by 146.190.241.149 port 34416 [preauth]
May  9 05:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Failed password for root from 146.190.241.149 port 33462 ssh2
May  9 05:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17933]: Connection closed by 146.190.241.149 port 33462 [preauth]
May  9 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17944]: pam_unix(cron:session): session closed for user p13x
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: Successful su for rubyman by root
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: + ??? root:rubyman
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357742 of user rubyman.
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18009]: pam_unix(su:session): session closed for user rubyman
May  9 05:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357742.
May  9 05:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15259]: pam_unix(cron:session): session closed for user root
May  9 05:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17945]: pam_unix(cron:session): session closed for user samftp
May  9 05:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Invalid user deepspeed from 146.190.241.149
May  9 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: input_userauth_request: invalid user deepspeed [preauth]
May  9 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Failed password for invalid user deepspeed from 146.190.241.149 port 53126 ssh2
May  9 05:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18203]: Connection closed by 146.190.241.149 port 53126 [preauth]
May  9 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Invalid user sol from 146.190.241.149
May  9 05:34:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: input_userauth_request: invalid user sol [preauth]
May  9 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Failed password for invalid user sol from 146.190.241.149 port 44400 ssh2
May  9 05:34:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18243]: Connection closed by 146.190.241.149 port 44400 [preauth]
May  9 05:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Invalid user victor from 186.233.208.13
May  9 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: input_userauth_request: invalid user victor [preauth]
May  9 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Failed password for invalid user victor from 186.233.208.13 port 45302 ssh2
May  9 05:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17004]: pam_unix(cron:session): session closed for user root
May  9 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Received disconnect from 186.233.208.13 port 45302:11: Bye Bye [preauth]
May  9 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18276]: Disconnected from 186.233.208.13 port 45302 [preauth]
May  9 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Invalid user ec2-user from 146.190.241.149
May  9 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: input_userauth_request: invalid user ec2-user [preauth]
May  9 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Failed password for invalid user ec2-user from 146.190.241.149 port 51756 ssh2
May  9 05:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18278]: Connection closed by 146.190.241.149 port 51756 [preauth]
May  9 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: Invalid user docker from 146.190.241.149
May  9 05:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: input_userauth_request: invalid user docker [preauth]
May  9 05:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:34:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:34:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: Failed password for invalid user docker from 146.190.241.149 port 60260 ssh2
May  9 05:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18335]: Connection closed by 146.190.241.149 port 60260 [preauth]
May  9 05:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18374]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18375]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18369]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18376]: pam_unix(cron:session): session closed for user root
May  9 05:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18369]: pam_unix(cron:session): session closed for user p13x
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18453]: Successful su for rubyman by root
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18453]: + ??? root:rubyman
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18453]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357746 of user rubyman.
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18453]: pam_unix(su:session): session closed for user rubyman
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357746.
May  9 05:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: Failed password for root from 146.190.241.149 port 36666 ssh2
May  9 05:35:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18364]: Connection closed by 146.190.241.149 port 36666 [preauth]
May  9 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18371]: pam_unix(cron:session): session closed for user root
May  9 05:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15662]: pam_unix(cron:session): session closed for user root
May  9 05:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18370]: pam_unix(cron:session): session closed for user samftp
May  9 05:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Failed password for root from 146.190.241.149 port 35962 ssh2
May  9 05:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18662]: Connection closed by 146.190.241.149 port 35962 [preauth]
May  9 05:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Invalid user admin from 146.190.241.149
May  9 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: input_userauth_request: invalid user admin [preauth]
May  9 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Failed password for invalid user admin from 146.190.241.149 port 35042 ssh2
May  9 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 05:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18719]: Connection closed by 146.190.241.149 port 35042 [preauth]
May  9 05:35:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 218.92.0.206 port 2600 ssh2
May  9 05:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17411]: pam_unix(cron:session): session closed for user root
May  9 05:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 218.92.0.206 port 2600 ssh2
May  9 05:35:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 218.92.0.206 port 2600 ssh2
May  9 05:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: Invalid user dolphinscheduler from 146.190.241.149
May  9 05:35:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Invalid user maman from 165.22.235.5
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: input_userauth_request: invalid user maman [preauth]
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 218.92.0.206 port 2600 ssh2
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18782]: Bad protocol version identification '\026\003\001' from 74.82.47.5 port 59214
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Failed password for invalid user maman from 165.22.235.5 port 44068 ssh2
May  9 05:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Received disconnect from 165.22.235.5 port 44068:11: Bye Bye [preauth]
May  9 05:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18780]: Disconnected from 165.22.235.5 port 44068 [preauth]
May  9 05:35:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 45872 ssh2
May  9 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18769]: Connection closed by 146.190.241.149 port 45872 [preauth]
May  9 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Failed password for root from 218.92.0.206 port 2600 ssh2
May  9 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 2600 ssh2 [preauth]
May  9 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: Disconnecting: Too many authentication failures [preauth]
May  9 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 05:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18722]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Failed password for root from 146.190.241.149 port 55108 ssh2
May  9 05:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18817]: Connection closed by 146.190.241.149 port 55108 [preauth]
May  9 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18837]: pam_unix(cron:session): session closed for user p13x
May  9 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18905]: Successful su for rubyman by root
May  9 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18905]: + ??? root:rubyman
May  9 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357750 of user rubyman.
May  9 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18905]: pam_unix(su:session): session closed for user rubyman
May  9 05:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357750.
May  9 05:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16069]: pam_unix(cron:session): session closed for user root
May  9 05:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18838]: pam_unix(cron:session): session closed for user samftp
May  9 05:36:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: Failed password for root from 146.190.241.149 port 42230 ssh2
May  9 05:36:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19024]: Connection closed by 146.190.241.149 port 42230 [preauth]
May  9 05:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Invalid user es from 146.190.241.149
May  9 05:36:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: input_userauth_request: invalid user es [preauth]
May  9 05:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Failed password for invalid user es from 146.190.241.149 port 36964 ssh2
May  9 05:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19120]: Connection closed by 146.190.241.149 port 36964 [preauth]
May  9 05:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17948]: pam_unix(cron:session): session closed for user root
May  9 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Invalid user palworld from 146.190.241.149
May  9 05:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: input_userauth_request: invalid user palworld [preauth]
May  9 05:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:36:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Failed password for invalid user palworld from 146.190.241.149 port 58312 ssh2
May  9 05:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19160]: Connection closed by 146.190.241.149 port 58312 [preauth]
May  9 05:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Invalid user app from 14.103.127.97
May  9 05:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: input_userauth_request: invalid user app [preauth]
May  9 05:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 05:36:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Failed password for invalid user app from 14.103.127.97 port 33414 ssh2
May  9 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Received disconnect from 14.103.127.97 port 33414:11: Bye Bye [preauth]
May  9 05:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19200]: Disconnected from 14.103.127.97 port 33414 [preauth]
May  9 05:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Failed password for root from 218.92.0.179 port 51776 ssh2
May  9 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 51776 ssh2]
May  9 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Received disconnect from 218.92.0.179 port 51776:11:  [preauth]
May  9 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: Disconnected from 218.92.0.179 port 51776 [preauth]
May  9 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19203]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: input_userauth_request: invalid user www-data [preauth]
May  9 05:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Failed password for invalid user www-data from 146.190.241.149 port 51848 ssh2
May  9 05:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19230]: Connection closed by 146.190.241.149 port 51848 [preauth]
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19266]: pam_unix(cron:session): session closed for user p13x
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19330]: Successful su for rubyman by root
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19330]: + ??? root:rubyman
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19330]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357755 of user rubyman.
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19330]: pam_unix(su:session): session closed for user rubyman
May  9 05:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357755.
May  9 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Invalid user chain from 146.190.241.149
May  9 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: input_userauth_request: invalid user chain [preauth]
May  9 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16524]: pam_unix(cron:session): session closed for user root
May  9 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Failed password for invalid user chain from 146.190.241.149 port 48610 ssh2
May  9 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19267]: pam_unix(cron:session): session closed for user samftp
May  9 05:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19416]: Connection closed by 146.190.241.149 port 48610 [preauth]
May  9 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Invalid user myappuser from 23.94.179.104
May  9 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: input_userauth_request: invalid user myappuser [preauth]
May  9 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.179.104
May  9 05:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Failed password for invalid user myappuser from 23.94.179.104 port 56334 ssh2
May  9 05:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19194]: Connection closed by 23.94.179.104 port 56334 [preauth]
May  9 05:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Failed password for root from 146.190.241.149 port 58254 ssh2
May  9 05:37:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19535]: Connection closed by 146.190.241.149 port 58254 [preauth]
May  9 05:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: Invalid user diogo from 60.49.31.229
May  9 05:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: input_userauth_request: invalid user diogo [preauth]
May  9 05:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: Failed password for invalid user diogo from 60.49.31.229 port 45094 ssh2
May  9 05:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: Received disconnect from 60.49.31.229 port 45094:11: Bye Bye [preauth]
May  9 05:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19548]: Disconnected from 60.49.31.229 port 45094 [preauth]
May  9 05:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Invalid user srv from 12.156.67.18
May  9 05:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: input_userauth_request: invalid user srv [preauth]
May  9 05:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Invalid user hadoop from 146.190.241.149
May  9 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: input_userauth_request: invalid user hadoop [preauth]
May  9 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Failed password for invalid user srv from 12.156.67.18 port 59192 ssh2
May  9 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Received disconnect from 12.156.67.18 port 59192:11: Bye Bye [preauth]
May  9 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19582]: Disconnected from 12.156.67.18 port 59192 [preauth]
May  9 05:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Failed password for invalid user hadoop from 146.190.241.149 port 40048 ssh2
May  9 05:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19584]: Connection closed by 146.190.241.149 port 40048 [preauth]
May  9 05:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18375]: pam_unix(cron:session): session closed for user root
May  9 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: Invalid user esuser from 146.190.241.149
May  9 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: input_userauth_request: invalid user esuser [preauth]
May  9 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: Failed password for invalid user esuser from 146.190.241.149 port 41066 ssh2
May  9 05:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19635]: Connection closed by 146.190.241.149 port 41066 [preauth]
May  9 05:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: Invalid user virtualbox from 146.190.241.149
May  9 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: input_userauth_request: invalid user virtualbox [preauth]
May  9 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: Failed password for invalid user virtualbox from 146.190.241.149 port 56886 ssh2
May  9 05:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19684]: Connection closed by 146.190.241.149 port 56886 [preauth]
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19701]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19698]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19698]: pam_unix(cron:session): session closed for user p13x
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19760]: Successful su for rubyman by root
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19760]: + ??? root:rubyman
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19760]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357758 of user rubyman.
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19760]: pam_unix(su:session): session closed for user rubyman
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357758.
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Invalid user testftp from 122.114.173.209
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: input_userauth_request: invalid user testftp [preauth]
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.173.209
May  9 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Failed password for invalid user testftp from 122.114.173.209 port 59556 ssh2
May  9 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Received disconnect from 122.114.173.209 port 59556:11: Bye Bye [preauth]
May  9 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19695]: Disconnected from 122.114.173.209 port 59556 [preauth]
May  9 05:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17003]: pam_unix(cron:session): session closed for user root
May  9 05:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19701]: pam_unix(cron:session): session closed for user samftp
May  9 05:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: Invalid user wordpress from 146.190.241.149
May  9 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: input_userauth_request: invalid user wordpress [preauth]
May  9 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: Failed password for invalid user wordpress from 146.190.241.149 port 59912 ssh2
May  9 05:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19944]: Connection closed by 146.190.241.149 port 59912 [preauth]
May  9 05:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Invalid user arkserver from 146.190.241.149
May  9 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: input_userauth_request: invalid user arkserver [preauth]
May  9 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Failed password for invalid user arkserver from 146.190.241.149 port 54204 ssh2
May  9 05:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19991]: Connection closed by 146.190.241.149 port 54204 [preauth]
May  9 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Invalid user admin from 80.94.95.241
May  9 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: input_userauth_request: invalid user admin [preauth]
May  9 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  9 05:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18840]: pam_unix(cron:session): session closed for user root
May  9 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  9 05:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Failed password for root from 146.190.241.149 port 56352 ssh2
May  9 05:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20038]: Connection closed by 146.190.241.149 port 56352 [preauth]
May  9 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  9 05:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  9 05:38:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Failed password for invalid user admin from 80.94.95.241 port 59391 ssh2
May  9 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Received disconnect from 80.94.95.241 port 59391:11: Bye [preauth]
May  9 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: Disconnected from 80.94.95.241 port 59391 [preauth]
May  9 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 05:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20016]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Invalid user gmod from 146.190.241.149
May  9 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: input_userauth_request: invalid user gmod [preauth]
May  9 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 05:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Failed password for invalid user gmod from 146.190.241.149 port 57408 ssh2
May  9 05:38:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20085]: Connection closed by 146.190.241.149 port 57408 [preauth]
May  9 05:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20097]: Failed password for root from 164.68.105.9 port 47936 ssh2
May  9 05:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20097]: Connection closed by 164.68.105.9 port 47936 [preauth]
May  9 05:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: Invalid user yarn from 146.190.241.149
May  9 05:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: input_userauth_request: invalid user yarn [preauth]
May  9 05:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: Failed password for invalid user yarn from 146.190.241.149 port 34254 ssh2
May  9 05:39:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20116]: Connection closed by 146.190.241.149 port 34254 [preauth]
May  9 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20121]: pam_unix(cron:session): session closed for user p13x
May  9 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: Successful su for rubyman by root
May  9 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: + ??? root:rubyman
May  9 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357762 of user rubyman.
May  9 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20243]: pam_unix(su:session): session closed for user rubyman
May  9 05:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357762.
May  9 05:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20119]: pam_unix(cron:session): session closed for user root
May  9 05:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17410]: pam_unix(cron:session): session closed for user root
May  9 05:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20122]: pam_unix(cron:session): session closed for user samftp
May  9 05:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: Invalid user user1 from 146.190.241.149
May  9 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: input_userauth_request: invalid user user1 [preauth]
May  9 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: Failed password for invalid user user1 from 146.190.241.149 port 52130 ssh2
May  9 05:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20465]: Connection closed by 146.190.241.149 port 52130 [preauth]
May  9 05:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Invalid user dylan from 190.244.25.245
May  9 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: input_userauth_request: invalid user dylan [preauth]
May  9 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Failed password for invalid user dylan from 190.244.25.245 port 46012 ssh2
May  9 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Received disconnect from 190.244.25.245 port 46012:11: Bye Bye [preauth]
May  9 05:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20499]: Disconnected from 190.244.25.245 port 46012 [preauth]
May  9 05:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Failed password for root from 146.190.241.149 port 47614 ssh2
May  9 05:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20502]: Connection closed by 146.190.241.149 port 47614 [preauth]
May  9 05:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19269]: pam_unix(cron:session): session closed for user root
May  9 05:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Invalid user dolphinscheduler from 146.190.241.149
May  9 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 48644 ssh2
May  9 05:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20564]: Connection closed by 146.190.241.149 port 48644 [preauth]
May  9 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Invalid user terraria from 146.190.241.149
May  9 05:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: input_userauth_request: invalid user terraria [preauth]
May  9 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Failed password for invalid user terraria from 146.190.241.149 port 33854 ssh2
May  9 05:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20596]: Connection closed by 146.190.241.149 port 33854 [preauth]
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20616]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20621]: pam_unix(cron:session): session closed for user root
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20616]: pam_unix(cron:session): session closed for user p13x
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: Successful su for rubyman by root
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: + ??? root:rubyman
May  9 05:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357767 of user rubyman.
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20697]: pam_unix(su:session): session closed for user rubyman
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357767.
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: Invalid user vbox from 146.190.241.149
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: input_userauth_request: invalid user vbox [preauth]
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20618]: pam_unix(cron:session): session closed for user root
May  9 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: Failed password for invalid user vbox from 146.190.241.149 port 42730 ssh2
May  9 05:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20709]: Connection closed by 146.190.241.149 port 42730 [preauth]
May  9 05:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17947]: pam_unix(cron:session): session closed for user root
May  9 05:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20617]: pam_unix(cron:session): session closed for user samftp
May  9 05:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: User ftp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: input_userauth_request: invalid user ftp [preauth]
May  9 05:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=ftp
May  9 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Failed password for invalid user ftp from 146.190.241.149 port 36536 ssh2
May  9 05:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20948]: Connection closed by 146.190.241.149 port 36536 [preauth]
May  9 05:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  9 05:40:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: Failed password for root from 186.233.208.13 port 40760 ssh2
May  9 05:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: Received disconnect from 186.233.208.13 port 40760:11: Bye Bye [preauth]
May  9 05:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20958]: Disconnected from 186.233.208.13 port 40760 [preauth]
May  9 05:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: Invalid user ftpuser from 165.22.235.5
May  9 05:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: input_userauth_request: invalid user ftpuser [preauth]
May  9 05:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:40:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: Failed password for invalid user ftpuser from 165.22.235.5 port 42812 ssh2
May  9 05:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: Received disconnect from 165.22.235.5 port 42812:11: Bye Bye [preauth]
May  9 05:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20980]: Disconnected from 165.22.235.5 port 42812 [preauth]
May  9 05:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Failed password for root from 146.190.241.149 port 51436 ssh2
May  9 05:40:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20982]: Connection closed by 146.190.241.149 port 51436 [preauth]
May  9 05:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19703]: pam_unix(cron:session): session closed for user root
May  9 05:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: Invalid user centos from 146.190.241.149
May  9 05:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: input_userauth_request: invalid user centos [preauth]
May  9 05:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: Failed password for invalid user centos from 146.190.241.149 port 39458 ssh2
May  9 05:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21028]: Connection closed by 146.190.241.149 port 39458 [preauth]
May  9 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Invalid user sol from 146.190.241.149
May  9 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: input_userauth_request: invalid user sol [preauth]
May  9 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:40:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Failed password for invalid user sol from 146.190.241.149 port 49486 ssh2
May  9 05:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21061]: Connection closed by 146.190.241.149 port 49486 [preauth]
May  9 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21084]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21082]: pam_unix(cron:session): session closed for user p13x
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: Successful su for rubyman by root
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: + ??? root:rubyman
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357774 of user rubyman.
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21153]: pam_unix(su:session): session closed for user rubyman
May  9 05:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357774.
May  9 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18374]: pam_unix(cron:session): session closed for user root
May  9 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: Invalid user vps from 146.190.241.149
May  9 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: input_userauth_request: invalid user vps [preauth]
May  9 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21083]: pam_unix(cron:session): session closed for user samftp
May  9 05:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: Failed password for invalid user vps from 146.190.241.149 port 43724 ssh2
May  9 05:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21346]: Connection closed by 146.190.241.149 port 43724 [preauth]
May  9 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Invalid user ubuntu from 146.190.241.149
May  9 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Failed password for invalid user ubuntu from 146.190.241.149 port 41920 ssh2
May  9 05:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21409]: Connection closed by 146.190.241.149 port 41920 [preauth]
May  9 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: Invalid user sftp from 146.190.241.149
May  9 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: input_userauth_request: invalid user sftp [preauth]
May  9 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: Failed password for invalid user sftp from 146.190.241.149 port 45054 ssh2
May  9 05:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21439]: Connection closed by 146.190.241.149 port 45054 [preauth]
May  9 05:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20124]: pam_unix(cron:session): session closed for user root
May  9 05:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Invalid user jupyter from 146.190.241.149
May  9 05:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: input_userauth_request: invalid user jupyter [preauth]
May  9 05:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Failed password for invalid user jupyter from 146.190.241.149 port 56064 ssh2
May  9 05:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21492]: Connection closed by 146.190.241.149 port 56064 [preauth]
May  9 05:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Failed password for root from 194.0.234.19 port 18000 ssh2
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Invalid user erp from 12.156.67.18
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: input_userauth_request: invalid user erp [preauth]
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21506]: Connection closed by 194.0.234.19 port 18000 [preauth]
May  9 05:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Failed password for invalid user erp from 12.156.67.18 port 57064 ssh2
May  9 05:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Received disconnect from 12.156.67.18 port 57064:11: Bye Bye [preauth]
May  9 05:41:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21516]: Disconnected from 12.156.67.18 port 57064 [preauth]
May  9 05:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:41:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Failed password for root from 146.190.241.149 port 54232 ssh2
May  9 05:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21527]: Connection closed by 146.190.241.149 port 54232 [preauth]
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21546]: pam_unix(cron:session): session closed for user p13x
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21611]: Successful su for rubyman by root
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21611]: + ??? root:rubyman
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21611]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357777 of user rubyman.
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21611]: pam_unix(su:session): session closed for user rubyman
May  9 05:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357777.
May  9 05:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18839]: pam_unix(cron:session): session closed for user root
May  9 05:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21547]: pam_unix(cron:session): session closed for user samftp
May  9 05:42:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: input_userauth_request: invalid user www-data [preauth]
May  9 05:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Failed password for invalid user www-data from 146.190.241.149 port 53310 ssh2
May  9 05:42:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22107]: Connection closed by 146.190.241.149 port 53310 [preauth]
May  9 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: Invalid user ubuntu from 146.190.241.149
May  9 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:42:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: Failed password for invalid user ubuntu from 146.190.241.149 port 36028 ssh2
May  9 05:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22153]: Connection closed by 146.190.241.149 port 36028 [preauth]
May  9 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20620]: pam_unix(cron:session): session closed for user root
May  9 05:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Invalid user nft from 146.190.241.149
May  9 05:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: input_userauth_request: invalid user nft [preauth]
May  9 05:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Failed password for invalid user nft from 146.190.241.149 port 53692 ssh2
May  9 05:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22208]: Connection closed by 146.190.241.149 port 53692 [preauth]
May  9 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: Invalid user ask from 193.70.84.184
May  9 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: input_userauth_request: invalid user ask [preauth]
May  9 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 05:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: Failed password for invalid user ask from 193.70.84.184 port 42558 ssh2
May  9 05:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22262]: Connection closed by 193.70.84.184 port 42558 [preauth]
May  9 05:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Failed password for root from 146.190.241.149 port 50528 ssh2
May  9 05:42:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22274]: Connection closed by 146.190.241.149 port 50528 [preauth]
May  9 05:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Invalid user elasticsearch from 146.190.241.149
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22299]: pam_unix(cron:session): session closed for user p13x
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: Successful su for rubyman by root
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: + ??? root:rubyman
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357783 of user rubyman.
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22369]: pam_unix(su:session): session closed for user rubyman
May  9 05:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357783.
May  9 05:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Failed password for invalid user elasticsearch from 146.190.241.149 port 32792 ssh2
May  9 05:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: Invalid user aman from 60.49.31.229
May  9 05:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: input_userauth_request: invalid user aman [preauth]
May  9 05:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22295]: Connection closed by 146.190.241.149 port 32792 [preauth]
May  9 05:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19268]: pam_unix(cron:session): session closed for user root
May  9 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: Failed password for invalid user aman from 60.49.31.229 port 54036 ssh2
May  9 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: Received disconnect from 60.49.31.229 port 54036:11: Bye Bye [preauth]
May  9 05:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22421]: Disconnected from 60.49.31.229 port 54036 [preauth]
May  9 05:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22301]: pam_unix(cron:session): session closed for user samftp
May  9 05:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: Invalid user pal from 146.190.241.149
May  9 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: input_userauth_request: invalid user pal [preauth]
May  9 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: Failed password for invalid user pal from 146.190.241.149 port 51738 ssh2
May  9 05:43:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22603]: Connection closed by 146.190.241.149 port 51738 [preauth]
May  9 05:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 05:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Failed password for root from 14.103.127.97 port 48912 ssh2
May  9 05:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Received disconnect from 14.103.127.97 port 48912:11: Bye Bye [preauth]
May  9 05:43:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22629]: Disconnected from 14.103.127.97 port 48912 [preauth]
May  9 05:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: Invalid user gmod from 146.190.241.149
May  9 05:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: input_userauth_request: invalid user gmod [preauth]
May  9 05:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:43:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: Failed password for invalid user gmod from 146.190.241.149 port 34176 ssh2
May  9 05:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22661]: Connection closed by 146.190.241.149 port 34176 [preauth]
May  9 05:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21085]: pam_unix(cron:session): session closed for user root
May  9 05:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Failed password for root from 146.190.241.149 port 43052 ssh2
May  9 05:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22706]: Connection closed by 146.190.241.149 port 43052 [preauth]
May  9 05:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: Invalid user lighthouse from 146.190.241.149
May  9 05:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: input_userauth_request: invalid user lighthouse [preauth]
May  9 05:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: Failed password for invalid user lighthouse from 146.190.241.149 port 47718 ssh2
May  9 05:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22751]: Connection closed by 146.190.241.149 port 47718 [preauth]
May  9 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22768]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22770]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22769]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22766]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22766]: pam_unix(cron:session): session closed for user p13x
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22849]: Successful su for rubyman by root
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22849]: + ??? root:rubyman
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22849]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357785 of user rubyman.
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22849]: pam_unix(su:session): session closed for user rubyman
May  9 05:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357785.
May  9 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19702]: pam_unix(cron:session): session closed for user root
May  9 05:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22768]: pam_unix(cron:session): session closed for user samftp
May  9 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Failed password for root from 146.190.241.149 port 33602 ssh2
May  9 05:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23024]: Connection closed by 146.190.241.149 port 33602 [preauth]
May  9 05:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: Invalid user wordpress from 146.190.241.149
May  9 05:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: input_userauth_request: invalid user wordpress [preauth]
May  9 05:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: Failed password for invalid user wordpress from 146.190.241.149 port 57098 ssh2
May  9 05:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23094]: Connection closed by 146.190.241.149 port 57098 [preauth]
May  9 05:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: Invalid user hadoop from 146.190.241.149
May  9 05:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: input_userauth_request: invalid user hadoop [preauth]
May  9 05:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: Failed password for invalid user hadoop from 146.190.241.149 port 59782 ssh2
May  9 05:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23136]: Connection closed by 146.190.241.149 port 59782 [preauth]
May  9 05:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21549]: pam_unix(cron:session): session closed for user root
May  9 05:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Invalid user developer from 146.190.241.149
May  9 05:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: input_userauth_request: invalid user developer [preauth]
May  9 05:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:44:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Failed password for invalid user developer from 146.190.241.149 port 42450 ssh2
May  9 05:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23184]: Connection closed by 146.190.241.149 port 42450 [preauth]
May  9 05:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Invalid user dolphinscheduler from 146.190.241.149
May  9 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 50848 ssh2
May  9 05:44:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23231]: Connection closed by 146.190.241.149 port 50848 [preauth]
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23248]: pam_unix(cron:session): session closed for user root
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23243]: pam_unix(cron:session): session closed for user p13x
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: Successful su for rubyman by root
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: + ??? root:rubyman
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357792 of user rubyman.
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23398]: pam_unix(su:session): session closed for user rubyman
May  9 05:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357792.
May  9 05:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23245]: pam_unix(cron:session): session closed for user root
May  9 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20123]: pam_unix(cron:session): session closed for user root
May  9 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Invalid user gitea from 165.22.235.5
May  9 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: input_userauth_request: invalid user gitea [preauth]
May  9 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Failed password for invalid user gitea from 165.22.235.5 port 35948 ssh2
May  9 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23244]: pam_unix(cron:session): session closed for user samftp
May  9 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Received disconnect from 165.22.235.5 port 35948:11: Bye Bye [preauth]
May  9 05:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23569]: Disconnected from 165.22.235.5 port 35948 [preauth]
May  9 05:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Invalid user minecraft from 146.190.241.149
May  9 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: input_userauth_request: invalid user minecraft [preauth]
May  9 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Failed password for invalid user minecraft from 146.190.241.149 port 55952 ssh2
May  9 05:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23620]: Connection closed by 146.190.241.149 port 55952 [preauth]
May  9 05:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: Invalid user uno50 from 190.244.25.245
May  9 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: input_userauth_request: invalid user uno50 [preauth]
May  9 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:45:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: Failed password for invalid user uno50 from 190.244.25.245 port 40674 ssh2
May  9 05:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: Received disconnect from 190.244.25.245 port 40674:11: Bye Bye [preauth]
May  9 05:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23643]: Disconnected from 190.244.25.245 port 40674 [preauth]
May  9 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: Invalid user palworld from 146.190.241.149
May  9 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: input_userauth_request: invalid user palworld [preauth]
May  9 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:45:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: Failed password for invalid user palworld from 146.190.241.149 port 54664 ssh2
May  9 05:45:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: Connection closed by 146.190.241.149 port 54664 [preauth]
May  9 05:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22303]: pam_unix(cron:session): session closed for user root
May  9 05:45:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Failed password for root from 146.190.241.149 port 51660 ssh2
May  9 05:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23716]: Connection closed by 146.190.241.149 port 51660 [preauth]
May  9 05:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23735]: Did not receive identification string from 154.81.156.51
May  9 05:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Invalid user vbox from 146.190.241.149
May  9 05:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: input_userauth_request: invalid user vbox [preauth]
May  9 05:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:45:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Failed password for invalid user vbox from 146.190.241.149 port 52090 ssh2
May  9 05:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23750]: Connection closed by 146.190.241.149 port 52090 [preauth]
May  9 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23874]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23873]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23872]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23872]: pam_unix(cron:session): session closed for user p13x
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: Successful su for rubyman by root
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: + ??? root:rubyman
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357796 of user rubyman.
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23960]: pam_unix(su:session): session closed for user rubyman
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357796.
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Invalid user vnc from 146.190.241.149
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: input_userauth_request: invalid user vnc [preauth]
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:46:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Failed password for invalid user vnc from 146.190.241.149 port 37050 ssh2
May  9 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: Invalid user www from 186.233.208.13
May  9 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: input_userauth_request: invalid user www [preauth]
May  9 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 05:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23958]: Connection closed by 146.190.241.149 port 37050 [preauth]
May  9 05:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20619]: pam_unix(cron:session): session closed for user root
May  9 05:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23873]: pam_unix(cron:session): session closed for user samftp
May  9 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: Failed password for invalid user www from 186.233.208.13 port 46904 ssh2
May  9 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: Received disconnect from 186.233.208.13 port 46904:11: Bye Bye [preauth]
May  9 05:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24041]: Disconnected from 186.233.208.13 port 46904 [preauth]
May  9 05:46:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: Invalid user samba from 146.190.241.149
May  9 05:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: input_userauth_request: invalid user samba [preauth]
May  9 05:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:46:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: Failed password for invalid user samba from 146.190.241.149 port 58304 ssh2
May  9 05:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24182]: Connection closed by 146.190.241.149 port 58304 [preauth]
May  9 05:46:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Invalid user docker from 146.190.241.149
May  9 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: input_userauth_request: invalid user docker [preauth]
May  9 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:46:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Failed password for invalid user docker from 146.190.241.149 port 56402 ssh2
May  9 05:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Connection closed by 146.190.241.149 port 56402 [preauth]
May  9 05:46:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  9 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24244]: Failed password for root from 12.156.67.18 port 33016 ssh2
May  9 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24244]: Received disconnect from 12.156.67.18 port 33016:11: Bye Bye [preauth]
May  9 05:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24244]: Disconnected from 12.156.67.18 port 33016 [preauth]
May  9 05:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22770]: pam_unix(cron:session): session closed for user root
May  9 05:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Invalid user latitude from 146.190.241.149
May  9 05:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: input_userauth_request: invalid user latitude [preauth]
May  9 05:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:46:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Failed password for invalid user latitude from 146.190.241.149 port 59530 ssh2
May  9 05:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24281]: Connection closed by 146.190.241.149 port 59530 [preauth]
May  9 05:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Invalid user uftp from 146.190.241.149
May  9 05:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: input_userauth_request: invalid user uftp [preauth]
May  9 05:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:46:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Failed password for invalid user uftp from 146.190.241.149 port 56196 ssh2
May  9 05:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24329]: Connection closed by 146.190.241.149 port 56196 [preauth]
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24342]: pam_unix(cron:session): session closed for user p13x
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24414]: Successful su for rubyman by root
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24414]: + ??? root:rubyman
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24414]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357799 of user rubyman.
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24414]: pam_unix(su:session): session closed for user rubyman
May  9 05:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357799.
May  9 05:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21084]: pam_unix(cron:session): session closed for user root
May  9 05:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24343]: pam_unix(cron:session): session closed for user samftp
May  9 05:47:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: Invalid user apache from 146.190.241.149
May  9 05:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: input_userauth_request: invalid user apache [preauth]
May  9 05:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:47:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: Failed password for invalid user apache from 146.190.241.149 port 39926 ssh2
May  9 05:47:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24615]: Connection closed by 146.190.241.149 port 39926 [preauth]
May  9 05:47:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Invalid user nvidia from 146.190.241.149
May  9 05:47:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: input_userauth_request: invalid user nvidia [preauth]
May  9 05:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:47:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:47:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Failed password for invalid user nvidia from 146.190.241.149 port 37700 ssh2
May  9 05:47:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24657]: Connection closed by 146.190.241.149 port 37700 [preauth]
May  9 05:47:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23247]: pam_unix(cron:session): session closed for user root
May  9 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Invalid user jumpserver from 146.190.241.149
May  9 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: input_userauth_request: invalid user jumpserver [preauth]
May  9 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:47:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Failed password for invalid user jumpserver from 146.190.241.149 port 40750 ssh2
May  9 05:47:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24694]: Connection closed by 146.190.241.149 port 40750 [preauth]
May  9 05:47:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: Invalid user omsagent from 146.190.241.149
May  9 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: input_userauth_request: invalid user omsagent [preauth]
May  9 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:47:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: Failed password for invalid user omsagent from 146.190.241.149 port 42206 ssh2
May  9 05:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24747]: Connection closed by 146.190.241.149 port 42206 [preauth]
May  9 05:47:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Invalid user dst from 146.190.241.149
May  9 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: input_userauth_request: invalid user dst [preauth]
May  9 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:48:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24778]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24777]: pam_unix(cron:session): session closed for user p13x
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: Successful su for rubyman by root
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: + ??? root:rubyman
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357803 of user rubyman.
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24839]: pam_unix(su:session): session closed for user rubyman
May  9 05:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357803.
May  9 05:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Failed password for invalid user dst from 146.190.241.149 port 35718 ssh2
May  9 05:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24774]: Connection closed by 146.190.241.149 port 35718 [preauth]
May  9 05:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21548]: pam_unix(cron:session): session closed for user root
May  9 05:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24778]: pam_unix(cron:session): session closed for user samftp
May  9 05:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Invalid user git from 146.190.241.149
May  9 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: input_userauth_request: invalid user git [preauth]
May  9 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:48:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Failed password for invalid user git from 146.190.241.149 port 42306 ssh2
May  9 05:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25045]: Connection closed by 146.190.241.149 port 42306 [preauth]
May  9 05:48:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Invalid user gmodserver from 146.190.241.149
May  9 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: input_userauth_request: invalid user gmodserver [preauth]
May  9 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:48:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Failed password for invalid user gmodserver from 146.190.241.149 port 50986 ssh2
May  9 05:48:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25096]: Connection closed by 146.190.241.149 port 50986 [preauth]
May  9 05:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23876]: pam_unix(cron:session): session closed for user root
May  9 05:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Invalid user user from 146.190.241.149
May  9 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: input_userauth_request: invalid user user [preauth]
May  9 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Failed password for invalid user user from 146.190.241.149 port 58938 ssh2
May  9 05:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25137]: Connection closed by 146.190.241.149 port 58938 [preauth]
May  9 05:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Invalid user oem from 60.49.31.229
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: input_userauth_request: invalid user oem [preauth]
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: Invalid user es from 146.190.241.149
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: input_userauth_request: invalid user es [preauth]
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:48:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:48:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Failed password for invalid user oem from 60.49.31.229 port 34750 ssh2
May  9 05:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Received disconnect from 60.49.31.229 port 34750:11: Bye Bye [preauth]
May  9 05:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25173]: Disconnected from 60.49.31.229 port 34750 [preauth]
May  9 05:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: Failed password for invalid user es from 146.190.241.149 port 41428 ssh2
May  9 05:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25175]: Connection closed by 146.190.241.149 port 41428 [preauth]
May  9 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25202]: pam_unix(cron:session): session closed for user p13x
May  9 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: Successful su for rubyman by root
May  9 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: + ??? root:rubyman
May  9 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357809 of user rubyman.
May  9 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25275]: pam_unix(su:session): session closed for user rubyman
May  9 05:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357809.
May  9 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: Invalid user samba from 146.190.241.149
May  9 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: input_userauth_request: invalid user samba [preauth]
May  9 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22302]: pam_unix(cron:session): session closed for user root
May  9 05:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: Failed password for invalid user samba from 146.190.241.149 port 41944 ssh2
May  9 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25339]: Connection closed by 146.190.241.149 port 41944 [preauth]
May  9 05:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25203]: pam_unix(cron:session): session closed for user samftp
May  9 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: Invalid user weblogic from 146.190.241.149
May  9 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: input_userauth_request: invalid user weblogic [preauth]
May  9 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: Failed password for invalid user weblogic from 146.190.241.149 port 60140 ssh2
May  9 05:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25486]: Connection closed by 146.190.241.149 port 60140 [preauth]
May  9 05:49:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: Invalid user emby from 146.190.241.149
May  9 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: input_userauth_request: invalid user emby [preauth]
May  9 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:49:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: Failed password for invalid user emby from 146.190.241.149 port 57732 ssh2
May  9 05:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25535]: Connection closed by 146.190.241.149 port 57732 [preauth]
May  9 05:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24345]: pam_unix(cron:session): session closed for user root
May  9 05:49:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Invalid user user1 from 146.190.241.149
May  9 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: input_userauth_request: invalid user user1 [preauth]
May  9 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Failed password for invalid user user1 from 146.190.241.149 port 51160 ssh2
May  9 05:49:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25576]: Connection closed by 146.190.241.149 port 51160 [preauth]
May  9 05:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Invalid user mtest from 50.235.31.47
May  9 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: input_userauth_request: invalid user mtest [preauth]
May  9 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Failed password for invalid user mtest from 50.235.31.47 port 50284 ssh2
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Invalid user haorui from 165.22.235.5
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: input_userauth_request: invalid user haorui [preauth]
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25604]: Connection closed by 50.235.31.47 port 50284 [preauth]
May  9 05:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Failed password for invalid user haorui from 165.22.235.5 port 55154 ssh2
May  9 05:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Received disconnect from 165.22.235.5 port 55154:11: Bye Bye [preauth]
May  9 05:49:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25606]: Disconnected from 165.22.235.5 port 55154 [preauth]
May  9 05:49:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Invalid user oracle from 146.190.241.149
May  9 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: input_userauth_request: invalid user oracle [preauth]
May  9 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:49:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Failed password for invalid user oracle from 146.190.241.149 port 48412 ssh2
May  9 05:49:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25619]: Connection closed by 146.190.241.149 port 48412 [preauth]
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25669]: pam_unix(cron:session): session closed for user root
May  9 05:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25657]: pam_unix(cron:session): session closed for user p13x
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25758]: Successful su for rubyman by root
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25758]: + ??? root:rubyman
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25758]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357816 of user rubyman.
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25758]: pam_unix(su:session): session closed for user rubyman
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357816.
May  9 05:50:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Failed password for root from 14.103.127.97 port 50566 ssh2
May  9 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25665]: pam_unix(cron:session): session closed for user root
May  9 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Received disconnect from 14.103.127.97 port 50566:11: Bye Bye [preauth]
May  9 05:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25654]: Disconnected from 14.103.127.97 port 50566 [preauth]
May  9 05:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22769]: pam_unix(cron:session): session closed for user root
May  9 05:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Invalid user solana from 146.190.241.149
May  9 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: input_userauth_request: invalid user solana [preauth]
May  9 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25664]: pam_unix(cron:session): session closed for user samftp
May  9 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Failed password for invalid user solana from 146.190.241.149 port 45134 ssh2
May  9 05:50:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25994]: Connection closed by 146.190.241.149 port 45134 [preauth]
May  9 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Invalid user satisfactory from 146.190.241.149
May  9 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: input_userauth_request: invalid user satisfactory [preauth]
May  9 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:50:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:50:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Failed password for invalid user satisfactory from 146.190.241.149 port 59050 ssh2
May  9 05:50:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26039]: Connection closed by 146.190.241.149 port 59050 [preauth]
May  9 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Invalid user oracle from 146.190.241.149
May  9 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: input_userauth_request: invalid user oracle [preauth]
May  9 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:50:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24780]: pam_unix(cron:session): session closed for user root
May  9 05:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Failed password for invalid user oracle from 146.190.241.149 port 54578 ssh2
May  9 05:50:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26081]: Connection closed by 146.190.241.149 port 54578 [preauth]
May  9 05:50:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Invalid user steam from 146.190.241.149
May  9 05:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: input_userauth_request: invalid user steam [preauth]
May  9 05:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:50:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Failed password for invalid user steam from 146.190.241.149 port 49546 ssh2
May  9 05:50:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26136]: Connection closed by 146.190.241.149 port 49546 [preauth]
May  9 05:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Invalid user guest from 146.190.241.149
May  9 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: input_userauth_request: invalid user guest [preauth]
May  9 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Failed password for invalid user guest from 146.190.241.149 port 52012 ssh2
May  9 05:51:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26156]: Connection closed by 146.190.241.149 port 52012 [preauth]
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26167]: pam_unix(cron:session): session closed for user p13x
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26236]: Successful su for rubyman by root
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26236]: + ??? root:rubyman
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26236]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357817 of user rubyman.
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26236]: pam_unix(su:session): session closed for user rubyman
May  9 05:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357817.
May  9 05:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23246]: pam_unix(cron:session): session closed for user root
May  9 05:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26168]: pam_unix(cron:session): session closed for user samftp
May  9 05:51:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Failed password for root from 146.190.241.149 port 48426 ssh2
May  9 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26437]: Connection closed by 146.190.241.149 port 48426 [preauth]
May  9 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Invalid user victor from 12.156.67.18
May  9 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: input_userauth_request: invalid user victor [preauth]
May  9 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Failed password for invalid user victor from 12.156.67.18 port 43628 ssh2
May  9 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Received disconnect from 12.156.67.18 port 43628:11: Bye Bye [preauth]
May  9 05:51:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26532]: Disconnected from 12.156.67.18 port 43628 [preauth]
May  9 05:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Failed password for root from 190.244.25.245 port 40064 ssh2
May  9 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Received disconnect from 190.244.25.245 port 40064:11: Bye Bye [preauth]
May  9 05:51:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26535]: Disconnected from 190.244.25.245 port 40064 [preauth]
May  9 05:51:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for root from 218.92.0.206 port 30176 ssh2
May  9 05:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Invalid user jenkins from 146.190.241.149
May  9 05:51:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: input_userauth_request: invalid user jenkins [preauth]
May  9 05:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:51:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for root from 218.92.0.206 port 30176 ssh2
May  9 05:51:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Failed password for invalid user jenkins from 146.190.241.149 port 51632 ssh2
May  9 05:51:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26549]: Connection closed by 146.190.241.149 port 51632 [preauth]
May  9 05:51:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for root from 218.92.0.206 port 30176 ssh2
May  9 05:51:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for root from 218.92.0.206 port 30176 ssh2
May  9 05:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25205]: pam_unix(cron:session): session closed for user root
May  9 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Failed password for root from 218.92.0.206 port 30176 ssh2
May  9 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 30176 ssh2 [preauth]
May  9 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: Disconnecting: Too many authentication failures [preauth]
May  9 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26537]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:51:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Invalid user solana from 146.190.241.149
May  9 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: input_userauth_request: invalid user solana [preauth]
May  9 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:51:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Failed password for invalid user solana from 146.190.241.149 port 51368 ssh2
May  9 05:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26610]: Connection closed by 146.190.241.149 port 51368 [preauth]
May  9 05:51:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Invalid user hang from 186.233.208.13
May  9 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: input_userauth_request: invalid user hang [preauth]
May  9 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:51:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Failed password for invalid user hang from 186.233.208.13 port 60766 ssh2
May  9 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Received disconnect from 186.233.208.13 port 60766:11: Bye Bye [preauth]
May  9 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26641]: Disconnected from 186.233.208.13 port 60766 [preauth]
May  9 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: Invalid user admin from 146.190.241.149
May  9 05:51:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: input_userauth_request: invalid user admin [preauth]
May  9 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:51:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:51:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: Failed password for invalid user admin from 146.190.241.149 port 42110 ssh2
May  9 05:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26643]: Connection closed by 146.190.241.149 port 42110 [preauth]
May  9 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26676]: pam_unix(cron:session): session closed for user p13x
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26738]: Successful su for rubyman by root
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26738]: + ??? root:rubyman
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26738]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357822 of user rubyman.
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26738]: pam_unix(su:session): session closed for user rubyman
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357822.
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: Invalid user ethnode from 146.190.241.149
May  9 05:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: input_userauth_request: invalid user ethnode [preauth]
May  9 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:52:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23874]: pam_unix(cron:session): session closed for user root
May  9 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: Failed password for invalid user ethnode from 146.190.241.149 port 42826 ssh2
May  9 05:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26674]: Connection closed by 146.190.241.149 port 42826 [preauth]
May  9 05:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26677]: pam_unix(cron:session): session closed for user samftp
May  9 05:52:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: Invalid user elk from 146.190.241.149
May  9 05:52:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: input_userauth_request: invalid user elk [preauth]
May  9 05:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:52:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: Failed password for invalid user elk from 146.190.241.149 port 37748 ssh2
May  9 05:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26985]: Connection closed by 146.190.241.149 port 37748 [preauth]
May  9 05:52:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Invalid user satisfactory from 146.190.241.149
May  9 05:52:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: input_userauth_request: invalid user satisfactory [preauth]
May  9 05:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:52:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Failed password for invalid user satisfactory from 146.190.241.149 port 41770 ssh2
May  9 05:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27038]: Connection closed by 146.190.241.149 port 41770 [preauth]
May  9 05:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25667]: pam_unix(cron:session): session closed for user root
May  9 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: Invalid user demo from 146.190.241.149
May  9 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: input_userauth_request: invalid user demo [preauth]
May  9 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:52:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: Failed password for invalid user demo from 146.190.241.149 port 45900 ssh2
May  9 05:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27100]: Connection closed by 146.190.241.149 port 45900 [preauth]
May  9 05:52:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Invalid user ampache from 146.190.241.149
May  9 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: input_userauth_request: invalid user ampache [preauth]
May  9 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:52:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Failed password for invalid user ampache from 146.190.241.149 port 35104 ssh2
May  9 05:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27136]: Connection closed by 146.190.241.149 port 35104 [preauth]
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27162]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27161]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27159]: pam_unix(cron:session): session closed for user p13x
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27228]: Successful su for rubyman by root
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27228]: + ??? root:rubyman
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357827 of user rubyman.
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27228]: pam_unix(su:session): session closed for user rubyman
May  9 05:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357827.
May  9 05:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24344]: pam_unix(cron:session): session closed for user root
May  9 05:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27161]: pam_unix(cron:session): session closed for user samftp
May  9 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Invalid user hive from 146.190.241.149
May  9 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: input_userauth_request: invalid user hive [preauth]
May  9 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Failed password for invalid user hive from 146.190.241.149 port 47200 ssh2
May  9 05:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27449]: Connection closed by 146.190.241.149 port 47200 [preauth]
May  9 05:53:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: Failed password for root from 146.190.241.149 port 43586 ssh2
May  9 05:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27503]: Connection closed by 146.190.241.149 port 43586 [preauth]
May  9 05:53:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: Invalid user gitlab-psql from 146.190.241.149
May  9 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: input_userauth_request: invalid user gitlab-psql [preauth]
May  9 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26170]: pam_unix(cron:session): session closed for user root
May  9 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: Failed password for invalid user gitlab-psql from 146.190.241.149 port 60960 ssh2
May  9 05:53:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27541]: Connection closed by 146.190.241.149 port 60960 [preauth]
May  9 05:53:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:53:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Failed password for root from 146.190.241.149 port 37418 ssh2
May  9 05:53:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27610]: Connection closed by 146.190.241.149 port 37418 [preauth]
May  9 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Invalid user solana from 146.190.241.149
May  9 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: input_userauth_request: invalid user solana [preauth]
May  9 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:53:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Failed password for invalid user solana from 146.190.241.149 port 33830 ssh2
May  9 05:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27631]: Connection closed by 146.190.241.149 port 33830 [preauth]
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27644]: pam_unix(cron:session): session closed for user p13x
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: Successful su for rubyman by root
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: + ??? root:rubyman
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357829 of user rubyman.
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27706]: pam_unix(su:session): session closed for user rubyman
May  9 05:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357829.
May  9 05:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24779]: pam_unix(cron:session): session closed for user root
May  9 05:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27645]: pam_unix(cron:session): session closed for user samftp
May  9 05:54:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Invalid user satisfactory from 146.190.241.149
May  9 05:54:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: input_userauth_request: invalid user satisfactory [preauth]
May  9 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:54:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:54:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Failed password for invalid user satisfactory from 146.190.241.149 port 51306 ssh2
May  9 05:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27896]: Connection closed by 146.190.241.149 port 51306 [preauth]
May  9 05:54:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: User sys from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: input_userauth_request: invalid user sys [preauth]
May  9 05:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=sys
May  9 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: Failed password for invalid user sys from 146.190.241.149 port 59004 ssh2
May  9 05:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27937]: Connection closed by 146.190.241.149 port 59004 [preauth]
May  9 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Invalid user orange from 165.22.235.5
May  9 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: input_userauth_request: invalid user orange [preauth]
May  9 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Failed password for invalid user orange from 165.22.235.5 port 50750 ssh2
May  9 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Received disconnect from 165.22.235.5 port 50750:11: Bye Bye [preauth]
May  9 05:54:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27964]: Disconnected from 165.22.235.5 port 50750 [preauth]
May  9 05:54:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Invalid user term2 from 60.49.31.229
May  9 05:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: input_userauth_request: invalid user term2 [preauth]
May  9 05:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:54:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 05:54:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Failed password for invalid user term2 from 60.49.31.229 port 43692 ssh2
May  9 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Received disconnect from 60.49.31.229 port 43692:11: Bye Bye [preauth]
May  9 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27966]: Disconnected from 60.49.31.229 port 43692 [preauth]
May  9 05:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26679]: pam_unix(cron:session): session closed for user root
May  9 05:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: Invalid user ds from 146.190.241.149
May  9 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: input_userauth_request: invalid user ds [preauth]
May  9 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:54:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: Failed password for invalid user ds from 146.190.241.149 port 37308 ssh2
May  9 05:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27999]: Connection closed by 146.190.241.149 port 37308 [preauth]
May  9 05:54:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: input_userauth_request: invalid user www-data [preauth]
May  9 05:54:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Failed password for invalid user www-data from 146.190.241.149 port 54406 ssh2
May  9 05:54:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28041]: Connection closed by 146.190.241.149 port 54406 [preauth]
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28072]: pam_unix(cron:session): session closed for user root
May  9 05:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28067]: pam_unix(cron:session): session closed for user p13x
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: Successful su for rubyman by root
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: + ??? root:rubyman
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357838 of user rubyman.
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28134]: pam_unix(su:session): session closed for user rubyman
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357838.
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Invalid user test from 146.190.241.149
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: input_userauth_request: invalid user test [preauth]
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28069]: pam_unix(cron:session): session closed for user root
May  9 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25204]: pam_unix(cron:session): session closed for user root
May  9 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Failed password for invalid user test from 146.190.241.149 port 53316 ssh2
May  9 05:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28064]: Connection closed by 146.190.241.149 port 53316 [preauth]
May  9 05:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28068]: pam_unix(cron:session): session closed for user samftp
May  9 05:55:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: Invalid user elastic from 146.190.241.149
May  9 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: input_userauth_request: invalid user elastic [preauth]
May  9 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: Failed password for invalid user elastic from 146.190.241.149 port 37764 ssh2
May  9 05:55:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28378]: Connection closed by 146.190.241.149 port 37764 [preauth]
May  9 05:55:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Invalid user admin from 80.94.95.112
May  9 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: input_userauth_request: invalid user admin [preauth]
May  9 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 05:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user admin from 80.94.95.112 port 53623 ssh2
May  9 05:55:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user admin from 80.94.95.112 port 53623 ssh2
May  9 05:55:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user admin from 80.94.95.112 port 53623 ssh2
May  9 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Invalid user solana from 146.190.241.149
May  9 05:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: input_userauth_request: invalid user solana [preauth]
May  9 05:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user admin from 80.94.95.112 port 53623 ssh2
May  9 05:55:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Failed password for invalid user solana from 146.190.241.149 port 55714 ssh2
May  9 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28419]: Connection closed by 146.190.241.149 port 55714 [preauth]
May  9 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Failed password for invalid user admin from 80.94.95.112 port 53623 ssh2
May  9 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Received disconnect from 80.94.95.112 port 53623:11: Bye [preauth]
May  9 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: Disconnected from 80.94.95.112 port 53623 [preauth]
May  9 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 05:55:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28386]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 05:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27163]: pam_unix(cron:session): session closed for user root
May  9 05:55:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: Invalid user vagrant from 146.190.241.149
May  9 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: input_userauth_request: invalid user vagrant [preauth]
May  9 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: Failed password for invalid user vagrant from 146.190.241.149 port 41138 ssh2
May  9 05:55:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28460]: Connection closed by 146.190.241.149 port 41138 [preauth]
May  9 05:55:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  9 05:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  9 05:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28488]: Failed password for root from 12.156.67.18 port 45330 ssh2
May  9 05:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28488]: Received disconnect from 12.156.67.18 port 45330:11: Bye Bye [preauth]
May  9 05:55:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28488]: Disconnected from 12.156.67.18 port 45330 [preauth]
May  9 05:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: Failed password for root from 80.94.95.115 port 29532 ssh2
May  9 05:55:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28484]: Connection closed by 80.94.95.115 port 29532 [preauth]
May  9 05:55:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: Invalid user guest from 146.190.241.149
May  9 05:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: input_userauth_request: invalid user guest [preauth]
May  9 05:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:55:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: Failed password for invalid user guest from 146.190.241.149 port 56604 ssh2
May  9 05:55:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28509]: Connection closed by 146.190.241.149 port 56604 [preauth]
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28522]: pam_unix(cron:session): session closed for user p13x
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28589]: Successful su for rubyman by root
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28589]: + ??? root:rubyman
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28589]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357840 of user rubyman.
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28589]: pam_unix(su:session): session closed for user rubyman
May  9 05:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357840.
May  9 05:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25666]: pam_unix(cron:session): session closed for user root
May  9 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28523]: pam_unix(cron:session): session closed for user samftp
May  9 05:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Failed password for root from 146.190.241.149 port 38198 ssh2
May  9 05:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28770]: Connection closed by 146.190.241.149 port 38198 [preauth]
May  9 05:56:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Invalid user airflow from 146.190.241.149
May  9 05:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: input_userauth_request: invalid user airflow [preauth]
May  9 05:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:56:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Failed password for invalid user airflow from 146.190.241.149 port 42368 ssh2
May  9 05:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28813]: Connection closed by 146.190.241.149 port 42368 [preauth]
May  9 05:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:56:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27647]: pam_unix(cron:session): session closed for user root
May  9 05:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: Invalid user oscar from 146.190.241.149
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: input_userauth_request: invalid user oscar [preauth]
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Failed password for root from 14.103.127.97 port 36664 ssh2
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Received disconnect from 14.103.127.97 port 36664:11: Bye Bye [preauth]
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28844]: Disconnected from 14.103.127.97 port 36664 [preauth]
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:56:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: Failed password for invalid user oscar from 146.190.241.149 port 34002 ssh2
May  9 05:56:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28851]: Connection closed by 146.190.241.149 port 34002 [preauth]
May  9 05:56:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:56:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:56:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for root from 218.92.0.179 port 42080 ssh2
May  9 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Invalid user ubuntu from 146.190.241.149
May  9 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:56:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Failed password for invalid user ubuntu from 146.190.241.149 port 53660 ssh2
May  9 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for root from 218.92.0.179 port 42080 ssh2
May  9 05:56:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28917]: Connection closed by 146.190.241.149 port 53660 [preauth]
May  9 05:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Failed password for root from 218.92.0.179 port 42080 ssh2
May  9 05:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Received disconnect from 218.92.0.179 port 42080:11:  [preauth]
May  9 05:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: Disconnected from 218.92.0.179 port 42080 [preauth]
May  9 05:56:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28899]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 05:56:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28937]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28937]: User mysql from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 05:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28937]: input_userauth_request: invalid user mysql [preauth]
May  9 05:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=mysql
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28944]: pam_unix(cron:session): session closed for user p13x
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29010]: Successful su for rubyman by root
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29010]: + ??? root:rubyman
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29010]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357845 of user rubyman.
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29010]: pam_unix(su:session): session closed for user rubyman
May  9 05:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357845.
May  9 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28937]: Failed password for invalid user mysql from 146.190.241.149 port 60770 ssh2
May  9 05:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28937]: Connection closed by 146.190.241.149 port 60770 [preauth]
May  9 05:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26169]: pam_unix(cron:session): session closed for user root
May  9 05:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28945]: pam_unix(cron:session): session closed for user samftp
May  9 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:57:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Failed password for root from 146.190.241.149 port 39924 ssh2
May  9 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: Invalid user silas from 190.244.25.245
May  9 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: input_userauth_request: invalid user silas [preauth]
May  9 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 05:57:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29298]: Connection closed by 146.190.241.149 port 39924 [preauth]
May  9 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: Failed password for invalid user silas from 190.244.25.245 port 39266 ssh2
May  9 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: Received disconnect from 190.244.25.245 port 39266:11: Bye Bye [preauth]
May  9 05:57:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29322]: Disconnected from 190.244.25.245 port 39266 [preauth]
May  9 05:57:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  9 05:57:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Failed password for root from 186.233.208.13 port 60106 ssh2
May  9 05:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Received disconnect from 186.233.208.13 port 60106:11: Bye Bye [preauth]
May  9 05:57:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29333]: Disconnected from 186.233.208.13 port 60106 [preauth]
May  9 05:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Invalid user mapr from 146.190.241.149
May  9 05:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: input_userauth_request: invalid user mapr [preauth]
May  9 05:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:57:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Failed password for invalid user mapr from 146.190.241.149 port 34424 ssh2
May  9 05:57:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29358]: Connection closed by 146.190.241.149 port 34424 [preauth]
May  9 05:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28071]: pam_unix(cron:session): session closed for user root
May  9 05:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Invalid user arkserver from 146.190.241.149
May  9 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: input_userauth_request: invalid user arkserver [preauth]
May  9 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Failed password for invalid user arkserver from 146.190.241.149 port 36860 ssh2
May  9 05:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29400]: Connection closed by 146.190.241.149 port 36860 [preauth]
May  9 05:57:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: Invalid user gitlab-psql from 146.190.241.149
May  9 05:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: input_userauth_request: invalid user gitlab-psql [preauth]
May  9 05:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:57:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:57:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: Failed password for invalid user gitlab-psql from 146.190.241.149 port 59880 ssh2
May  9 05:57:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29443]: Connection closed by 146.190.241.149 port 59880 [preauth]
May  9 05:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:58:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.194.47.162  user=root
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29466]: pam_unix(cron:session): session closed for user p13x
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29531]: Successful su for rubyman by root
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29531]: + ??? root:rubyman
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29531]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357848 of user rubyman.
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29531]: pam_unix(su:session): session closed for user rubyman
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357848.
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Failed password for root from 103.194.47.162 port 58698 ssh2
May  9 05:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29454]: Connection closed by 103.194.47.162 port 58698 [preauth]
May  9 05:58:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: Invalid user jack from 146.190.241.149
May  9 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: input_userauth_request: invalid user jack [preauth]
May  9 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26678]: pam_unix(cron:session): session closed for user root
May  9 05:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: Failed password for invalid user jack from 146.190.241.149 port 45516 ssh2
May  9 05:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29607]: Connection closed by 146.190.241.149 port 45516 [preauth]
May  9 05:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29467]: pam_unix(cron:session): session closed for user samftp
May  9 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Invalid user docker from 146.190.241.149
May  9 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: input_userauth_request: invalid user docker [preauth]
May  9 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:58:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Failed password for invalid user docker from 146.190.241.149 port 45406 ssh2
May  9 05:58:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29757]: Connection closed by 146.190.241.149 port 45406 [preauth]
May  9 05:58:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Invalid user plex from 146.190.241.149
May  9 05:58:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: input_userauth_request: invalid user plex [preauth]
May  9 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:58:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Failed password for invalid user plex from 146.190.241.149 port 40794 ssh2
May  9 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29787]: Connection closed by 146.190.241.149 port 40794 [preauth]
May  9 05:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28525]: pam_unix(cron:session): session closed for user root
May  9 05:58:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Invalid user master from 146.190.241.149
May  9 05:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: input_userauth_request: invalid user master [preauth]
May  9 05:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:58:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:58:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Failed password for invalid user master from 146.190.241.149 port 44188 ssh2
May  9 05:58:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29828]: Connection closed by 146.190.241.149 port 44188 [preauth]
May  9 05:58:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Invalid user admin from 146.190.241.149
May  9 05:58:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: input_userauth_request: invalid user admin [preauth]
May  9 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:58:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Failed password for invalid user admin from 146.190.241.149 port 35224 ssh2
May  9 05:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29870]: Connection closed by 146.190.241.149 port 35224 [preauth]
May  9 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29886]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29885]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29883]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 05:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29883]: pam_unix(cron:session): session closed for user p13x
May  9 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: Successful su for rubyman by root
May  9 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: + ??? root:rubyman
May  9 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357851 of user rubyman.
May  9 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29948]: pam_unix(su:session): session closed for user rubyman
May  9 05:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357851.
May  9 05:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27162]: pam_unix(cron:session): session closed for user root
May  9 05:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29885]: pam_unix(cron:session): session closed for user samftp
May  9 05:59:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Invalid user factorio from 146.190.241.149
May  9 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: input_userauth_request: invalid user factorio [preauth]
May  9 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:59:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Failed password for invalid user factorio from 146.190.241.149 port 57288 ssh2
May  9 05:59:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30133]: Connection closed by 146.190.241.149 port 57288 [preauth]
May  9 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: Invalid user amin from 165.22.235.5
May  9 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: input_userauth_request: invalid user amin [preauth]
May  9 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: Failed password for invalid user amin from 165.22.235.5 port 59166 ssh2
May  9 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: Received disconnect from 165.22.235.5 port 59166:11: Bye Bye [preauth]
May  9 05:59:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30144]: Disconnected from 165.22.235.5 port 59166 [preauth]
May  9 05:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:59:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 05:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: Failed password for root from 146.190.241.149 port 52822 ssh2
May  9 05:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30175]: Connection closed by 146.190.241.149 port 52822 [preauth]
May  9 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28947]: pam_unix(cron:session): session closed for user root
May  9 05:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: Invalid user ubuntu from 146.190.241.149
May  9 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: input_userauth_request: invalid user ubuntu [preauth]
May  9 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: Failed password for invalid user ubuntu from 146.190.241.149 port 47776 ssh2
May  9 05:59:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30216]: Connection closed by 146.190.241.149 port 47776 [preauth]
May  9 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Invalid user centos from 146.190.241.149
May  9 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: input_userauth_request: invalid user centos [preauth]
May  9 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:59:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 05:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Failed password for invalid user centos from 146.190.241.149 port 40444 ssh2
May  9 05:59:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30256]: Connection closed by 146.190.241.149 port 40444 [preauth]
May  9 05:59:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Invalid user elasticsearch from 146.190.241.149
May  9 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): check pass; user unknown
May  9 05:59:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Failed password for invalid user elasticsearch from 146.190.241.149 port 48356 ssh2
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30293]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30293]: pam_unix(cron:session): session closed for user root
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30289]: pam_unix(cron:session): session closed for user root
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: Connection closed by 146.190.241.149 port 48356 [preauth]
May  9 06:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30287]: pam_unix(cron:session): session closed for user p13x
May  9 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: Successful su for rubyman by root
May  9 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: + ??? root:rubyman
May  9 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357858 of user rubyman.
May  9 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30386]: pam_unix(su:session): session closed for user rubyman
May  9 06:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357858.
May  9 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30290]: pam_unix(cron:session): session closed for user root
May  9 06:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27646]: pam_unix(cron:session): session closed for user root
May  9 06:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30288]: pam_unix(cron:session): session closed for user samftp
May  9 06:00:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Invalid user brenda from 60.49.31.229
May  9 06:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: input_userauth_request: invalid user brenda [preauth]
May  9 06:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:00:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:00:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Invalid user jack from 146.190.241.149
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: input_userauth_request: invalid user jack [preauth]
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Failed password for invalid user brenda from 60.49.31.229 port 52632 ssh2
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Received disconnect from 60.49.31.229 port 52632:11: Bye Bye [preauth]
May  9 06:00:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30611]: Disconnected from 60.49.31.229 port 52632 [preauth]
May  9 06:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Failed password for invalid user jack from 146.190.241.149 port 39546 ssh2
May  9 06:00:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30613]: Connection closed by 146.190.241.149 port 39546 [preauth]
May  9 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: Invalid user www from 12.156.67.18
May  9 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: input_userauth_request: invalid user www [preauth]
May  9 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:00:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: Failed password for invalid user www from 12.156.67.18 port 43336 ssh2
May  9 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: Received disconnect from 12.156.67.18 port 43336:11: Bye Bye [preauth]
May  9 06:00:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30636]: Disconnected from 12.156.67.18 port 43336 [preauth]
May  9 06:00:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Invalid user demo from 146.190.241.149
May  9 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: input_userauth_request: invalid user demo [preauth]
May  9 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:00:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Failed password for invalid user demo from 146.190.241.149 port 44536 ssh2
May  9 06:00:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30646]: Connection closed by 146.190.241.149 port 44536 [preauth]
May  9 06:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29469]: pam_unix(cron:session): session closed for user root
May  9 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30743]: User uucp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:00:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30743]: input_userauth_request: invalid user uucp [preauth]
May  9 06:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=uucp
May  9 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30743]: Failed password for invalid user uucp from 146.190.241.149 port 40248 ssh2
May  9 06:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30743]: Connection closed by 146.190.241.149 port 40248 [preauth]
May  9 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: User ftp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: input_userauth_request: invalid user ftp [preauth]
May  9 06:00:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=ftp
May  9 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Failed password for invalid user ftp from 146.190.241.149 port 38446 ssh2
May  9 06:00:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30774]: Connection closed by 146.190.241.149 port 38446 [preauth]
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30794]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30796]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30795]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30793]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30793]: pam_unix(cron:session): session closed for user p13x
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: Successful su for rubyman by root
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: + ??? root:rubyman
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357862 of user rubyman.
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30861]: pam_unix(su:session): session closed for user rubyman
May  9 06:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357862.
May  9 06:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: Invalid user elsearch from 146.190.241.149
May  9 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: input_userauth_request: invalid user elsearch [preauth]
May  9 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:01:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28070]: pam_unix(cron:session): session closed for user root
May  9 06:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: Failed password for invalid user elsearch from 146.190.241.149 port 57022 ssh2
May  9 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30930]: Connection closed by 146.190.241.149 port 57022 [preauth]
May  9 06:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30794]: pam_unix(cron:session): session closed for user samftp
May  9 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Invalid user ubuntu from 146.190.241.149
May  9 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:01:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Failed password for invalid user ubuntu from 146.190.241.149 port 38622 ssh2
May  9 06:01:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31179]: Connection closed by 146.190.241.149 port 38622 [preauth]
May  9 06:01:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Invalid user palworld from 146.190.241.149
May  9 06:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: input_userauth_request: invalid user palworld [preauth]
May  9 06:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:01:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:01:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Failed password for invalid user palworld from 146.190.241.149 port 51830 ssh2
May  9 06:01:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31211]: Connection closed by 146.190.241.149 port 51830 [preauth]
May  9 06:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29887]: pam_unix(cron:session): session closed for user root
May  9 06:01:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Invalid user master from 146.190.241.149
May  9 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: input_userauth_request: invalid user master [preauth]
May  9 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:01:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Failed password for invalid user master from 146.190.241.149 port 52578 ssh2
May  9 06:01:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31260]: Connection closed by 146.190.241.149 port 52578 [preauth]
May  9 06:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Invalid user tom from 146.190.241.149
May  9 06:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: input_userauth_request: invalid user tom [preauth]
May  9 06:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:01:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Failed password for invalid user tom from 146.190.241.149 port 36660 ssh2
May  9 06:01:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31298]: Connection closed by 146.190.241.149 port 36660 [preauth]
May  9 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31322]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31320]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31321]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31319]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31319]: pam_unix(cron:session): session closed for user p13x
May  9 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: Successful su for rubyman by root
May  9 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: + ??? root:rubyman
May  9 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357866 of user rubyman.
May  9 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31381]: pam_unix(su:session): session closed for user rubyman
May  9 06:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357866.
May  9 06:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28524]: pam_unix(cron:session): session closed for user root
May  9 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Invalid user esuser from 146.190.241.149
May  9 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: input_userauth_request: invalid user esuser [preauth]
May  9 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31320]: pam_unix(cron:session): session closed for user samftp
May  9 06:02:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Failed password for invalid user esuser from 146.190.241.149 port 39170 ssh2
May  9 06:02:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31555]: Connection closed by 146.190.241.149 port 39170 [preauth]
May  9 06:02:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: Invalid user admin from 146.190.241.149
May  9 06:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: input_userauth_request: invalid user admin [preauth]
May  9 06:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:02:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: Failed password for invalid user admin from 146.190.241.149 port 37602 ssh2
May  9 06:02:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31603]: Connection closed by 146.190.241.149 port 37602 [preauth]
May  9 06:02:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: Invalid user omsagent from 146.190.241.149
May  9 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: input_userauth_request: invalid user omsagent [preauth]
May  9 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:02:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: Failed password for invalid user omsagent from 146.190.241.149 port 60008 ssh2
May  9 06:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30292]: pam_unix(cron:session): session closed for user root
May  9 06:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31639]: Connection closed by 146.190.241.149 port 60008 [preauth]
May  9 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Failed password for root from 146.190.241.149 port 57884 ssh2
May  9 06:02:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31719]: Connection closed by 146.190.241.149 port 57884 [preauth]
May  9 06:02:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: Invalid user yyh from 14.103.127.97
May  9 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: input_userauth_request: invalid user yyh [preauth]
May  9 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:02:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:02:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:02:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: Failed password for invalid user yyh from 14.103.127.97 port 39802 ssh2
May  9 06:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: Received disconnect from 14.103.127.97 port 39802:11: Bye Bye [preauth]
May  9 06:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31745]: Disconnected from 14.103.127.97 port 39802 [preauth]
May  9 06:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: Failed password for root from 146.190.241.149 port 57274 ssh2
May  9 06:02:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31747]: Connection closed by 146.190.241.149 port 57274 [preauth]
May  9 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31758]: pam_unix(cron:session): session closed for user p13x
May  9 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: Successful su for rubyman by root
May  9 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: + ??? root:rubyman
May  9 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357871 of user rubyman.
May  9 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31820]: pam_unix(su:session): session closed for user rubyman
May  9 06:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357871.
May  9 06:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28946]: pam_unix(cron:session): session closed for user root
May  9 06:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31759]: pam_unix(cron:session): session closed for user samftp
May  9 06:03:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Invalid user erp from 186.233.208.13
May  9 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: input_userauth_request: invalid user erp [preauth]
May  9 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:03:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Failed password for invalid user erp from 186.233.208.13 port 44024 ssh2
May  9 06:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Received disconnect from 186.233.208.13 port 44024:11: Bye Bye [preauth]
May  9 06:03:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32249]: Disconnected from 186.233.208.13 port 44024 [preauth]
May  9 06:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Failed password for root from 146.190.241.149 port 44702 ssh2
May  9 06:03:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32251]: Connection closed by 146.190.241.149 port 44702 [preauth]
May  9 06:03:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 06:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Failed password for root from 190.244.25.245 port 44668 ssh2
May  9 06:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Received disconnect from 190.244.25.245 port 44668:11: Bye Bye [preauth]
May  9 06:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Disconnected from 190.244.25.245 port 44668 [preauth]
May  9 06:03:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Invalid user ftpuser from 146.190.241.149
May  9 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: input_userauth_request: invalid user ftpuser [preauth]
May  9 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:03:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Failed password for invalid user ftpuser from 146.190.241.149 port 40648 ssh2
May  9 06:03:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32344]: Connection closed by 146.190.241.149 port 40648 [preauth]
May  9 06:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30796]: pam_unix(cron:session): session closed for user root
May  9 06:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: User bin from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: input_userauth_request: invalid user bin [preauth]
May  9 06:03:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=bin
May  9 06:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: Failed password for invalid user bin from 146.190.241.149 port 58164 ssh2
May  9 06:03:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32414]: Connection closed by 146.190.241.149 port 58164 [preauth]
May  9 06:03:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Invalid user steam from 146.190.241.149
May  9 06:03:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: input_userauth_request: invalid user steam [preauth]
May  9 06:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Failed password for invalid user steam from 146.190.241.149 port 56984 ssh2
May  9 06:03:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32460]: Connection closed by 146.190.241.149 port 56984 [preauth]
May  9 06:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Invalid user ubuntu from 146.190.241.149
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32484]: pam_unix(cron:session): session closed for user p13x
May  9 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32551]: Successful su for rubyman by root
May  9 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32551]: + ??? root:rubyman
May  9 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357875 of user rubyman.
May  9 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32551]: pam_unix(su:session): session closed for user rubyman
May  9 06:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357875.
May  9 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Failed password for invalid user ubuntu from 146.190.241.149 port 53128 ssh2
May  9 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32480]: Connection closed by 146.190.241.149 port 53128 [preauth]
May  9 06:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Invalid user rec from 165.22.235.5
May  9 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: input_userauth_request: invalid user rec [preauth]
May  9 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29468]: pam_unix(cron:session): session closed for user root
May  9 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Failed password for invalid user rec from 165.22.235.5 port 56768 ssh2
May  9 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Received disconnect from 165.22.235.5 port 56768:11: Bye Bye [preauth]
May  9 06:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32730]: Disconnected from 165.22.235.5 port 56768 [preauth]
May  9 06:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32485]: pam_unix(cron:session): session closed for user samftp
May  9 06:04:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Invalid user wang from 146.190.241.149
May  9 06:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: input_userauth_request: invalid user wang [preauth]
May  9 06:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:04:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Failed password for invalid user wang from 146.190.241.149 port 55822 ssh2
May  9 06:04:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[428]: Connection closed by 146.190.241.149 port 55822 [preauth]
May  9 06:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Invalid user es from 146.190.241.149
May  9 06:04:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: input_userauth_request: invalid user es [preauth]
May  9 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:04:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Failed password for invalid user es from 146.190.241.149 port 59334 ssh2
May  9 06:04:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[534]: Connection closed by 146.190.241.149 port 59334 [preauth]
May  9 06:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31322]: pam_unix(cron:session): session closed for user root
May  9 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: Invalid user admin from 146.190.241.149
May  9 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: input_userauth_request: invalid user admin [preauth]
May  9 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:04:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: Failed password for invalid user admin from 146.190.241.149 port 57078 ssh2
May  9 06:04:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[575]: Connection closed by 146.190.241.149 port 57078 [preauth]
May  9 06:04:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Failed password for root from 146.190.241.149 port 57706 ssh2
May  9 06:04:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[620]: Connection closed by 146.190.241.149 port 57706 [preauth]
May  9 06:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:04:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=root
May  9 06:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Failed password for root from 12.156.67.18 port 53560 ssh2
May  9 06:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Received disconnect from 12.156.67.18 port 53560:11: Bye Bye [preauth]
May  9 06:04:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[622]: Disconnected from 12.156.67.18 port 53560 [preauth]
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[644]: pam_unix(cron:session): session closed for user root
May  9 06:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[638]: pam_unix(cron:session): session closed for user p13x
May  9 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[728]: Successful su for rubyman by root
May  9 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[728]: + ??? root:rubyman
May  9 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[728]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357879 of user rubyman.
May  9 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[728]: pam_unix(su:session): session closed for user rubyman
May  9 06:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357879.
May  9 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[641]: pam_unix(cron:session): session closed for user root
May  9 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29886]: pam_unix(cron:session): session closed for user root
May  9 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Invalid user admin from 146.190.241.149
May  9 06:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: input_userauth_request: invalid user admin [preauth]
May  9 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Failed password for invalid user admin from 146.190.241.149 port 34036 ssh2
May  9 06:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[847]: Connection closed by 146.190.241.149 port 34036 [preauth]
May  9 06:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[639]: pam_unix(cron:session): session closed for user samftp
May  9 06:05:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Invalid user ark from 146.190.241.149
May  9 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: input_userauth_request: invalid user ark [preauth]
May  9 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Failed password for invalid user ark from 146.190.241.149 port 44598 ssh2
May  9 06:05:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: Connection closed by 146.190.241.149 port 44598 [preauth]
May  9 06:05:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Invalid user hadoop from 146.190.241.149
May  9 06:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: input_userauth_request: invalid user hadoop [preauth]
May  9 06:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Failed password for invalid user hadoop from 146.190.241.149 port 36670 ssh2
May  9 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1061]: Connection closed by 146.190.241.149 port 36670 [preauth]
May  9 06:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31761]: pam_unix(cron:session): session closed for user root
May  9 06:05:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Invalid user lighthouse from 146.190.241.149
May  9 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: input_userauth_request: invalid user lighthouse [preauth]
May  9 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:05:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:05:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Failed password for invalid user lighthouse from 146.190.241.149 port 51124 ssh2
May  9 06:05:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1108]: Connection closed by 146.190.241.149 port 51124 [preauth]
May  9 06:05:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:05:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Failed password for root from 146.190.241.149 port 36454 ssh2
May  9 06:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1142]: Connection closed by 146.190.241.149 port 36454 [preauth]
May  9 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1169]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1167]: pam_unix(cron:session): session closed for user p13x
May  9 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1260]: Successful su for rubyman by root
May  9 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1260]: + ??? root:rubyman
May  9 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1260]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357885 of user rubyman.
May  9 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1260]: pam_unix(su:session): session closed for user rubyman
May  9 06:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357885.
May  9 06:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30291]: pam_unix(cron:session): session closed for user root
May  9 06:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1168]: pam_unix(cron:session): session closed for user samftp
May  9 06:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Invalid user ftpclient from 60.49.31.229
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: input_userauth_request: invalid user ftpclient [preauth]
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: Invalid user mongodb from 146.190.241.149
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: input_userauth_request: invalid user mongodb [preauth]
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:06:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Failed password for invalid user ftpclient from 60.49.31.229 port 33354 ssh2
May  9 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Received disconnect from 60.49.31.229 port 33354:11: Bye Bye [preauth]
May  9 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1483]: Disconnected from 60.49.31.229 port 33354 [preauth]
May  9 06:06:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: Failed password for invalid user mongodb from 146.190.241.149 port 46314 ssh2
May  9 06:06:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1485]: Connection closed by 146.190.241.149 port 46314 [preauth]
May  9 06:06:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Invalid user developer from 146.190.241.149
May  9 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: input_userauth_request: invalid user developer [preauth]
May  9 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:06:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Failed password for invalid user developer from 146.190.241.149 port 56574 ssh2
May  9 06:06:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1518]: Connection closed by 146.190.241.149 port 56574 [preauth]
May  9 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32487]: pam_unix(cron:session): session closed for user root
May  9 06:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Failed password for root from 146.190.241.149 port 39936 ssh2
May  9 06:06:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1570]: Connection closed by 146.190.241.149 port 39936 [preauth]
May  9 06:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Invalid user vps from 146.190.241.149
May  9 06:06:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: input_userauth_request: invalid user vps [preauth]
May  9 06:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:06:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:06:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Failed password for invalid user vps from 146.190.241.149 port 60466 ssh2
May  9 06:06:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1632]: Connection closed by 146.190.241.149 port 60466 [preauth]
May  9 06:06:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Invalid user terraria from 146.190.241.149
May  9 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: input_userauth_request: invalid user terraria [preauth]
May  9 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:07:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1666]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1665]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1664]: pam_unix(cron:session): session closed for user p13x
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Failed password for invalid user terraria from 146.190.241.149 port 33860 ssh2
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: Successful su for rubyman by root
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: + ??? root:rubyman
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357888 of user rubyman.
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1750]: pam_unix(su:session): session closed for user rubyman
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357888.
May  9 06:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1651]: Connection closed by 146.190.241.149 port 33860 [preauth]
May  9 06:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30795]: pam_unix(cron:session): session closed for user root
May  9 06:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1665]: pam_unix(cron:session): session closed for user samftp
May  9 06:07:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 06:07:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Invalid user jack from 146.190.241.149
May  9 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: input_userauth_request: invalid user jack [preauth]
May  9 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: Failed password for root from 218.92.0.204 port 38372 ssh2
May  9 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:07:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Failed password for invalid user jack from 146.190.241.149 port 39180 ssh2
May  9 06:07:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2042]: Connection closed by 146.190.241.149 port 39180 [preauth]
May  9 06:07:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: Failed password for root from 218.92.0.204 port 38372 ssh2
May  9 06:07:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 38372 ssh2]
May  9 06:07:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: Invalid user dev from 146.190.241.149
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: input_userauth_request: invalid user dev [preauth]
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: Failed password for root from 218.92.0.204 port 38372 ssh2
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 38372 ssh2 [preauth]
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: Disconnecting: Too many authentication failures [preauth]
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2032]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:07:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: Failed password for invalid user dev from 146.190.241.149 port 59482 ssh2
May  9 06:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2088]: Connection closed by 146.190.241.149 port 59482 [preauth]
May  9 06:07:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2098]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[643]: pam_unix(cron:session): session closed for user root
May  9 06:07:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Invalid user www from 146.190.241.149
May  9 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: input_userauth_request: invalid user www [preauth]
May  9 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:07:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:07:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  9 06:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Failed password for invalid user www from 146.190.241.149 port 56752 ssh2
May  9 06:07:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2137]: Connection closed by 146.190.241.149 port 56752 [preauth]
May  9 06:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: Failed password for root from 194.0.234.19 port 53884 ssh2
May  9 06:07:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2139]: Connection closed by 194.0.234.19 port 53884 [preauth]
May  9 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Invalid user admin from 146.190.241.149
May  9 06:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: input_userauth_request: invalid user admin [preauth]
May  9 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:07:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Failed password for invalid user admin from 146.190.241.149 port 33132 ssh2
May  9 06:07:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2177]: Connection closed by 146.190.241.149 port 33132 [preauth]
May  9 06:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:07:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2187]: Did not receive identification string from 103.107.67.65
May  9 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2197]: pam_unix(cron:session): session closed for user p13x
May  9 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2259]: Successful su for rubyman by root
May  9 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2259]: + ??? root:rubyman
May  9 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357892 of user rubyman.
May  9 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2259]: pam_unix(su:session): session closed for user rubyman
May  9 06:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357892.
May  9 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31321]: pam_unix(cron:session): session closed for user root
May  9 06:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2199]: pam_unix(cron:session): session closed for user samftp
May  9 06:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Failed password for root from 146.190.241.149 port 42404 ssh2
May  9 06:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2423]: Connection closed by 146.190.241.149 port 42404 [preauth]
May  9 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Invalid user ftpuser from 146.190.241.149
May  9 06:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: input_userauth_request: invalid user ftpuser [preauth]
May  9 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:08:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Failed password for invalid user ftpuser from 146.190.241.149 port 42412 ssh2
May  9 06:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2504]: Connection closed by 146.190.241.149 port 42412 [preauth]
May  9 06:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Invalid user sol from 146.190.241.149
May  9 06:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: input_userauth_request: invalid user sol [preauth]
May  9 06:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Failed password for invalid user sol from 146.190.241.149 port 40308 ssh2
May  9 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2541]: Connection closed by 146.190.241.149 port 40308 [preauth]
May  9 06:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1170]: pam_unix(cron:session): session closed for user root
May  9 06:08:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Invalid user fahim from 165.22.235.5
May  9 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: input_userauth_request: invalid user fahim [preauth]
May  9 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Failed password for invalid user fahim from 165.22.235.5 port 48220 ssh2
May  9 06:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Received disconnect from 165.22.235.5 port 48220:11: Bye Bye [preauth]
May  9 06:08:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2589]: Disconnected from 165.22.235.5 port 48220 [preauth]
May  9 06:08:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: input_userauth_request: invalid user www-data [preauth]
May  9 06:08:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 06:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: Failed password for invalid user www-data from 146.190.241.149 port 57330 ssh2
May  9 06:08:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2600]: Connection closed by 146.190.241.149 port 57330 [preauth]
May  9 06:08:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13  user=root
May  9 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Failed password for root from 186.233.208.13 port 49066 ssh2
May  9 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Received disconnect from 186.233.208.13 port 49066:11: Bye Bye [preauth]
May  9 06:08:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2625]: Disconnected from 186.233.208.13 port 49066 [preauth]
May  9 06:08:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:08:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:08:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: Failed password for root from 146.190.241.149 port 38594 ssh2
May  9 06:08:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2635]: Connection closed by 146.190.241.149 port 38594 [preauth]
May  9 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user p13x
May  9 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: Successful su for rubyman by root
May  9 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: + ??? root:rubyman
May  9 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357898 of user rubyman.
May  9 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2792]: pam_unix(su:session): session closed for user rubyman
May  9 06:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357898.
May  9 06:09:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2646]: pam_unix(cron:session): session closed for user root
May  9 06:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31760]: pam_unix(cron:session): session closed for user root
May  9 06:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user samftp
May  9 06:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Failed password for root from 146.190.241.149 port 60392 ssh2
May  9 06:09:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3023]: Connection closed by 146.190.241.149 port 60392 [preauth]
May  9 06:09:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Failed password for root from 14.103.127.97 port 47568 ssh2
May  9 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Received disconnect from 14.103.127.97 port 47568:11: Bye Bye [preauth]
May  9 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: Disconnected from 14.103.127.97 port 47568 [preauth]
May  9 06:09:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: Invalid user damian from 190.244.25.245
May  9 06:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: input_userauth_request: invalid user damian [preauth]
May  9 06:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: Failed password for invalid user damian from 190.244.25.245 port 60716 ssh2
May  9 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: Received disconnect from 190.244.25.245 port 60716:11: Bye Bye [preauth]
May  9 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3051]: Disconnected from 190.244.25.245 port 60716 [preauth]
May  9 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Invalid user uftp from 146.190.241.149
May  9 06:09:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: input_userauth_request: invalid user uftp [preauth]
May  9 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:09:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for invalid user uftp from 146.190.241.149 port 42534 ssh2
May  9 06:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Connection closed by 146.190.241.149 port 42534 [preauth]
May  9 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: User www-data from 12.156.67.18 not allowed because not listed in AllowUsers
May  9 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: input_userauth_request: invalid user www-data [preauth]
May  9 06:09:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18  user=www-data
May  9 06:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Failed password for invalid user www-data from 12.156.67.18 port 47280 ssh2
May  9 06:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Received disconnect from 12.156.67.18 port 47280:11: Bye Bye [preauth]
May  9 06:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3093]: Disconnected from 12.156.67.18 port 47280 [preauth]
May  9 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1667]: pam_unix(cron:session): session closed for user root
May  9 06:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Invalid user sftp from 146.190.241.149
May  9 06:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: input_userauth_request: invalid user sftp [preauth]
May  9 06:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Failed password for invalid user sftp from 146.190.241.149 port 60530 ssh2
May  9 06:09:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3095]: Connection closed by 146.190.241.149 port 60530 [preauth]
May  9 06:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Invalid user steam from 146.190.241.149
May  9 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: input_userauth_request: invalid user steam [preauth]
May  9 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Failed password for invalid user steam from 146.190.241.149 port 58344 ssh2
May  9 06:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3159]: Connection closed by 146.190.241.149 port 58344 [preauth]
May  9 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:09:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Invalid user admin from 80.94.95.241
May  9 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: input_userauth_request: invalid user admin [preauth]
May  9 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3202]: pam_unix(cron:session): session closed for user root
May  9 06:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3195]: pam_unix(cron:session): session closed for user p13x
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: Successful su for rubyman by root
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: + ??? root:rubyman
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357905 of user rubyman.
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3266]: pam_unix(su:session): session closed for user rubyman
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357905.
May  9 06:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Failed password for root from 146.190.241.149 port 36062 ssh2
May  9 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for invalid user admin from 80.94.95.241 port 52924 ssh2
May  9 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3180]: Connection closed by 146.190.241.149 port 36062 [preauth]
May  9 06:10:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3199]: pam_unix(cron:session): session closed for user root
May  9 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32486]: pam_unix(cron:session): session closed for user root
May  9 06:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for invalid user admin from 80.94.95.241 port 52924 ssh2
May  9 06:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3197]: pam_unix(cron:session): session closed for user samftp
May  9 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for invalid user admin from 80.94.95.241 port 52924 ssh2
May  9 06:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for invalid user admin from 80.94.95.241 port 52924 ssh2
May  9 06:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:10:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Failed password for invalid user admin from 80.94.95.241 port 52924 ssh2
May  9 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Received disconnect from 80.94.95.241 port 52924:11: Bye [preauth]
May  9 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: Disconnected from 80.94.95.241 port 52924 [preauth]
May  9 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3182]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 06:10:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Failed password for root from 146.190.241.149 port 36448 ssh2
May  9 06:10:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3502]: Connection closed by 146.190.241.149 port 36448 [preauth]
May  9 06:10:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: Invalid user dstserver from 146.190.241.149
May  9 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: input_userauth_request: invalid user dstserver [preauth]
May  9 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: Failed password for invalid user dstserver from 146.190.241.149 port 47086 ssh2
May  9 06:10:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3541]: Connection closed by 146.190.241.149 port 47086 [preauth]
May  9 06:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2201]: pam_unix(cron:session): session closed for user root
May  9 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:10:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Failed password for root from 146.190.241.149 port 56262 ssh2
May  9 06:10:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3626]: Connection closed by 146.190.241.149 port 56262 [preauth]
May  9 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Invalid user admin from 146.190.241.149
May  9 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: input_userauth_request: invalid user admin [preauth]
May  9 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Failed password for invalid user admin from 146.190.241.149 port 58372 ssh2
May  9 06:10:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3666]: Connection closed by 146.190.241.149 port 58372 [preauth]
May  9 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3686]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3686]: pam_unix(cron:session): session closed for user p13x
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3749]: Successful su for rubyman by root
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3749]: + ??? root:rubyman
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3749]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357908 of user rubyman.
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3749]: pam_unix(su:session): session closed for user rubyman
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357908.
May  9 06:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: User mysql from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: input_userauth_request: invalid user mysql [preauth]
May  9 06:11:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=mysql
May  9 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Failed password for invalid user mysql from 146.190.241.149 port 55968 ssh2
May  9 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[642]: pam_unix(cron:session): session closed for user root
May  9 06:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3785]: Connection closed by 146.190.241.149 port 55968 [preauth]
May  9 06:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3687]: pam_unix(cron:session): session closed for user samftp
May  9 06:11:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: Invalid user hadoop from 146.190.241.149
May  9 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: input_userauth_request: invalid user hadoop [preauth]
May  9 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: Failed password for invalid user hadoop from 146.190.241.149 port 40090 ssh2
May  9 06:11:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4000]: Connection closed by 146.190.241.149 port 40090 [preauth]
May  9 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: Invalid user vss from 50.235.31.47
May  9 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: input_userauth_request: invalid user vss [preauth]
May  9 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 06:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: Failed password for invalid user vss from 50.235.31.47 port 34394 ssh2
May  9 06:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4017]: Connection closed by 50.235.31.47 port 34394 [preauth]
May  9 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May  9 06:11:24 attack20221223-s-1vcpu-2gb-sfo1-01 vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=admin rhost=::ffff:59.184.36.113
May  9 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Invalid user dolphinscheduler from 146.190.241.149
May  9 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:11:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:11:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 37892 ssh2
May  9 06:11:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4048]: Connection closed by 146.190.241.149 port 37892 [preauth]
May  9 06:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session closed for user root
May  9 06:11:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Invalid user user from 146.190.241.149
May  9 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: input_userauth_request: invalid user user [preauth]
May  9 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:11:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Failed password for invalid user user from 146.190.241.149 port 32860 ssh2
May  9 06:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4087]: Connection closed by 146.190.241.149 port 32860 [preauth]
May  9 06:11:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:11:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Failed password for root from 146.190.241.149 port 42106 ssh2
May  9 06:11:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4126]: Connection closed by 146.190.241.149 port 42106 [preauth]
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4142]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4141]: pam_unix(cron:session): session closed for user p13x
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4200]: Successful su for rubyman by root
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4200]: + ??? root:rubyman
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4200]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357914 of user rubyman.
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4200]: pam_unix(su:session): session closed for user rubyman
May  9 06:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357914.
May  9 06:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Invalid user sample from 60.49.31.229
May  9 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: input_userauth_request: invalid user sample [preauth]
May  9 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:12:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1169]: pam_unix(cron:session): session closed for user root
May  9 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Failed password for invalid user sample from 60.49.31.229 port 42306 ssh2
May  9 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Received disconnect from 60.49.31.229 port 42306:11: Bye Bye [preauth]
May  9 06:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4262]: Disconnected from 60.49.31.229 port 42306 [preauth]
May  9 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4142]: pam_unix(cron:session): session closed for user samftp
May  9 06:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Failed password for root from 146.190.241.149 port 49002 ssh2
May  9 06:12:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4543]: Connection closed by 146.190.241.149 port 49002 [preauth]
May  9 06:12:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Invalid user user from 146.190.241.149
May  9 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: input_userauth_request: invalid user user [preauth]
May  9 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:12:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Failed password for invalid user user from 146.190.241.149 port 36742 ssh2
May  9 06:12:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4591]: Connection closed by 146.190.241.149 port 36742 [preauth]
May  9 06:12:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Invalid user ethnode from 146.190.241.149
May  9 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: input_userauth_request: invalid user ethnode [preauth]
May  9 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:12:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3201]: pam_unix(cron:session): session closed for user root
May  9 06:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Failed password for invalid user ethnode from 146.190.241.149 port 36126 ssh2
May  9 06:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4631]: Connection closed by 146.190.241.149 port 36126 [preauth]
May  9 06:12:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:12:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:12:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Failed password for root from 146.190.241.149 port 49774 ssh2
May  9 06:12:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4680]: Connection closed by 146.190.241.149 port 49774 [preauth]
May  9 06:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Invalid user palworld from 146.190.241.149
May  9 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: input_userauth_request: invalid user palworld [preauth]
May  9 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:12:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Failed password for invalid user palworld from 146.190.241.149 port 41054 ssh2
May  9 06:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4712]: Connection closed by 146.190.241.149 port 41054 [preauth]
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4719]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4718]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4717]: pam_unix(cron:session): session closed for user p13x
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: Successful su for rubyman by root
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: + ??? root:rubyman
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357916 of user rubyman.
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4779]: pam_unix(su:session): session closed for user rubyman
May  9 06:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357916.
May  9 06:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1666]: pam_unix(cron:session): session closed for user root
May  9 06:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4718]: pam_unix(cron:session): session closed for user samftp
May  9 06:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Invalid user gerbera from 146.190.241.149
May  9 06:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: input_userauth_request: invalid user gerbera [preauth]
May  9 06:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:13:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Failed password for invalid user gerbera from 146.190.241.149 port 50564 ssh2
May  9 06:13:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5005]: Connection closed by 146.190.241.149 port 50564 [preauth]
May  9 06:13:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Invalid user aliyun from 165.22.235.5
May  9 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: input_userauth_request: invalid user aliyun [preauth]
May  9 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:13:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Failed password for invalid user aliyun from 165.22.235.5 port 35308 ssh2
May  9 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Received disconnect from 165.22.235.5 port 35308:11: Bye Bye [preauth]
May  9 06:13:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5202]: Disconnected from 165.22.235.5 port 35308 [preauth]
May  9 06:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: Failed password for root from 146.190.241.149 port 45686 ssh2
May  9 06:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5216]: Connection closed by 146.190.241.149 port 45686 [preauth]
May  9 06:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3689]: pam_unix(cron:session): session closed for user root
May  9 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Invalid user hikvision from 146.190.241.149
May  9 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: input_userauth_request: invalid user hikvision [preauth]
May  9 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Failed password for invalid user hikvision from 146.190.241.149 port 43648 ssh2
May  9 06:13:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5285]: Connection closed by 146.190.241.149 port 43648 [preauth]
May  9 06:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Invalid user plex from 146.190.241.149
May  9 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: input_userauth_request: invalid user plex [preauth]
May  9 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Failed password for invalid user plex from 146.190.241.149 port 52364 ssh2
May  9 06:13:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5317]: Connection closed by 146.190.241.149 port 52364 [preauth]
May  9 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Invalid user oscar from 146.190.241.149
May  9 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: input_userauth_request: invalid user oscar [preauth]
May  9 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5351]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5352]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5349]: pam_unix(cron:session): session closed for user p13x
May  9 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: Successful su for rubyman by root
May  9 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: + ??? root:rubyman
May  9 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357921 of user rubyman.
May  9 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5415]: pam_unix(su:session): session closed for user rubyman
May  9 06:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357921.
May  9 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Failed password for invalid user oscar from 146.190.241.149 port 39852 ssh2
May  9 06:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5338]: Connection closed by 146.190.241.149 port 39852 [preauth]
May  9 06:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2200]: pam_unix(cron:session): session closed for user root
May  9 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Invalid user radu from 12.156.67.18
May  9 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: input_userauth_request: invalid user radu [preauth]
May  9 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 06:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5350]: pam_unix(cron:session): session closed for user samftp
May  9 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Failed password for invalid user radu from 12.156.67.18 port 50996 ssh2
May  9 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Received disconnect from 12.156.67.18 port 50996:11: Bye Bye [preauth]
May  9 06:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5640]: Disconnected from 12.156.67.18 port 50996 [preauth]
May  9 06:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Invalid user esroot from 146.190.241.149
May  9 06:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: input_userauth_request: invalid user esroot [preauth]
May  9 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Failed password for invalid user esroot from 146.190.241.149 port 39716 ssh2
May  9 06:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5676]: Connection closed by 146.190.241.149 port 39716 [preauth]
May  9 06:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Failed password for root from 146.190.241.149 port 54722 ssh2
May  9 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5727]: Connection closed by 146.190.241.149 port 54722 [preauth]
May  9 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Invalid user manoj from 186.233.208.13
May  9 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: input_userauth_request: invalid user manoj [preauth]
May  9 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Failed password for invalid user manoj from 186.233.208.13 port 48224 ssh2
May  9 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Received disconnect from 186.233.208.13 port 48224:11: Bye Bye [preauth]
May  9 06:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5738]: Disconnected from 186.233.208.13 port 48224 [preauth]
May  9 06:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4144]: pam_unix(cron:session): session closed for user root
May  9 06:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Invalid user rancher from 146.190.241.149
May  9 06:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: input_userauth_request: invalid user rancher [preauth]
May  9 06:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Failed password for invalid user rancher from 146.190.241.149 port 34636 ssh2
May  9 06:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5776]: Connection closed by 146.190.241.149 port 34636 [preauth]
May  9 06:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: Invalid user redis from 146.190.241.149
May  9 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: input_userauth_request: invalid user redis [preauth]
May  9 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: Failed password for invalid user redis from 146.190.241.149 port 51646 ssh2
May  9 06:14:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5893]: Connection closed by 146.190.241.149 port 51646 [preauth]
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5923]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5921]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5923]: pam_unix(cron:session): session closed for user root
May  9 06:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5915]: pam_unix(cron:session): session closed for user p13x
May  9 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5988]: Successful su for rubyman by root
May  9 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5988]: + ??? root:rubyman
May  9 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5988]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357926 of user rubyman.
May  9 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5988]: pam_unix(su:session): session closed for user rubyman
May  9 06:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357926.
May  9 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5918]: pam_unix(cron:session): session closed for user root
May  9 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: input_userauth_request: invalid user www-data [preauth]
May  9 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 06:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session closed for user root
May  9 06:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Failed password for invalid user www-data from 146.190.241.149 port 45464 ssh2
May  9 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6139]: Connection closed by 146.190.241.149 port 45464 [preauth]
May  9 06:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5916]: pam_unix(cron:session): session closed for user samftp
May  9 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Invalid user ubuntu from 146.190.241.149
May  9 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Failed password for invalid user ubuntu from 146.190.241.149 port 57844 ssh2
May  9 06:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Connection closed by 146.190.241.149 port 57844 [preauth]
May  9 06:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 06:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for root from 190.244.25.245 port 36522 ssh2
May  9 06:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Received disconnect from 190.244.25.245 port 36522:11: Bye Bye [preauth]
May  9 06:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Disconnected from 190.244.25.245 port 36522 [preauth]
May  9 06:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Invalid user ubuntu from 146.190.241.149
May  9 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Failed password for invalid user ubuntu from 146.190.241.149 port 47172 ssh2
May  9 06:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6288]: Connection closed by 146.190.241.149 port 47172 [preauth]
May  9 06:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4720]: pam_unix(cron:session): session closed for user root
May  9 06:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Invalid user dev from 146.190.241.149
May  9 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: input_userauth_request: invalid user dev [preauth]
May  9 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:15:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Invalid user sistema from 14.103.127.97
May  9 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: input_userauth_request: invalid user sistema [preauth]
May  9 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 06:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Failed password for invalid user dev from 146.190.241.149 port 54288 ssh2
May  9 06:15:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6340]: Connection closed by 146.190.241.149 port 54288 [preauth]
May  9 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Failed password for invalid user sistema from 14.103.127.97 port 47212 ssh2
May  9 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Received disconnect from 14.103.127.97 port 47212:11: Bye Bye [preauth]
May  9 06:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6336]: Disconnected from 14.103.127.97 port 47212 [preauth]
May  9 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Invalid user ds from 146.190.241.149
May  9 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: input_userauth_request: invalid user ds [preauth]
May  9 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Failed password for invalid user ds from 146.190.241.149 port 56342 ssh2
May  9 06:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6370]: Connection closed by 146.190.241.149 port 56342 [preauth]
May  9 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6383]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6382]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6382]: pam_unix(cron:session): session closed for user p13x
May  9 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: Successful su for rubyman by root
May  9 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: + ??? root:rubyman
May  9 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357930 of user rubyman.
May  9 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6451]: pam_unix(su:session): session closed for user rubyman
May  9 06:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357930.
May  9 06:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3200]: pam_unix(cron:session): session closed for user root
May  9 06:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6383]: pam_unix(cron:session): session closed for user samftp
May  9 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Invalid user steam from 146.190.241.149
May  9 06:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: input_userauth_request: invalid user steam [preauth]
May  9 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Failed password for invalid user steam from 146.190.241.149 port 40554 ssh2
May  9 06:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6637]: Connection closed by 146.190.241.149 port 40554 [preauth]
May  9 06:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: Invalid user sol from 146.190.241.149
May  9 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: input_userauth_request: invalid user sol [preauth]
May  9 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:16:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: Failed password for invalid user sol from 146.190.241.149 port 47608 ssh2
May  9 06:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6684]: Connection closed by 146.190.241.149 port 47608 [preauth]
May  9 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5352]: pam_unix(cron:session): session closed for user root
May  9 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Invalid user dolphinscheduler from 146.190.241.149
May  9 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 56788 ssh2
May  9 06:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6717]: Connection closed by 146.190.241.149 port 56788 [preauth]
May  9 06:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Invalid user demo from 146.190.241.149
May  9 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: input_userauth_request: invalid user demo [preauth]
May  9 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Failed password for invalid user demo from 146.190.241.149 port 42160 ssh2
May  9 06:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6783]: Connection closed by 146.190.241.149 port 42160 [preauth]
May  9 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Invalid user vps from 146.190.241.149
May  9 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: input_userauth_request: invalid user vps [preauth]
May  9 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Failed password for invalid user vps from 146.190.241.149 port 58428 ssh2
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6801]: Connection closed by 146.190.241.149 port 58428 [preauth]
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6811]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6808]: pam_unix(cron:session): session closed for user root
May  9 06:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6810]: pam_unix(cron:session): session closed for user p13x
May  9 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6876]: Successful su for rubyman by root
May  9 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6876]: + ??? root:rubyman
May  9 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6876]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357935 of user rubyman.
May  9 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6876]: pam_unix(su:session): session closed for user rubyman
May  9 06:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357935.
May  9 06:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3688]: pam_unix(cron:session): session closed for user root
May  9 06:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6811]: pam_unix(cron:session): session closed for user samftp
May  9 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Invalid user steam from 146.190.241.149
May  9 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: input_userauth_request: invalid user steam [preauth]
May  9 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Failed password for invalid user steam from 146.190.241.149 port 45060 ssh2
May  9 06:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7178]: Connection closed by 146.190.241.149 port 45060 [preauth]
May  9 06:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: User mysql from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: input_userauth_request: invalid user mysql [preauth]
May  9 06:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=mysql
May  9 06:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Failed password for invalid user mysql from 146.190.241.149 port 52468 ssh2
May  9 06:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7238]: Connection closed by 146.190.241.149 port 52468 [preauth]
May  9 06:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5921]: pam_unix(cron:session): session closed for user root
May  9 06:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Invalid user vagrant from 146.190.241.149
May  9 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: input_userauth_request: invalid user vagrant [preauth]
May  9 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Failed password for invalid user vagrant from 146.190.241.149 port 52920 ssh2
May  9 06:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Connection closed by 146.190.241.149 port 52920 [preauth]
May  9 06:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Failed password for root from 146.190.241.149 port 51760 ssh2
May  9 06:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7317]: Connection closed by 146.190.241.149 port 51760 [preauth]
May  9 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user root11 from 60.49.31.229
May  9 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user root11 [preauth]
May  9 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user root11 from 60.49.31.229 port 51256 ssh2
May  9 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Received disconnect from 60.49.31.229 port 51256:11: Bye Bye [preauth]
May  9 06:17:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Disconnected from 60.49.31.229 port 51256 [preauth]
May  9 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Invalid user user4 from 165.22.235.5
May  9 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: input_userauth_request: invalid user user4 [preauth]
May  9 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7340]: pam_unix(cron:session): session closed for user p13x
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Failed password for invalid user user4 from 165.22.235.5 port 47190 ssh2
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Received disconnect from 165.22.235.5 port 47190:11: Bye Bye [preauth]
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Disconnected from 165.22.235.5 port 47190 [preauth]
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: Successful su for rubyman by root
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: + ??? root:rubyman
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357939 of user rubyman.
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: pam_unix(su:session): session closed for user rubyman
May  9 06:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357939.
May  9 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4143]: pam_unix(cron:session): session closed for user root
May  9 06:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7341]: pam_unix(cron:session): session closed for user samftp
May  9 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: Failed password for root from 146.190.241.149 port 55608 ssh2
May  9 06:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7628]: Connection closed by 146.190.241.149 port 55608 [preauth]
May  9 06:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Failed password for root from 146.190.241.149 port 44000 ssh2
May  9 06:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7737]: Connection closed by 146.190.241.149 port 44000 [preauth]
May  9 06:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Invalid user lighthouse from 146.190.241.149
May  9 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: input_userauth_request: invalid user lighthouse [preauth]
May  9 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Failed password for invalid user lighthouse from 146.190.241.149 port 38140 ssh2
May  9 06:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7778]: Connection closed by 146.190.241.149 port 38140 [preauth]
May  9 06:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6385]: pam_unix(cron:session): session closed for user root
May  9 06:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.177.204.63  user=root
May  9 06:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7707]: Failed password for root from 163.177.204.63 port 54202 ssh2
May  9 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: Invalid user rms from 12.156.67.18
May  9 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: input_userauth_request: invalid user rms [preauth]
May  9 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=12.156.67.18
May  9 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: Failed password for invalid user rms from 12.156.67.18 port 39520 ssh2
May  9 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: Received disconnect from 12.156.67.18 port 39520:11: Bye Bye [preauth]
May  9 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7820]: Disconnected from 12.156.67.18 port 39520 [preauth]
May  9 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Invalid user ds from 146.190.241.149
May  9 06:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: input_userauth_request: invalid user ds [preauth]
May  9 06:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:18:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Failed password for invalid user ds from 146.190.241.149 port 34660 ssh2
May  9 06:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Connection closed by 146.190.241.149 port 34660 [preauth]
May  9 06:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7863]: Failed password for root from 146.190.241.149 port 34476 ssh2
May  9 06:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7863]: Connection closed by 146.190.241.149 port 34476 [preauth]
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7874]: pam_unix(cron:session): session closed for user p13x
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: Successful su for rubyman by root
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: + ??? root:rubyman
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357943 of user rubyman.
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7939]: pam_unix(su:session): session closed for user rubyman
May  9 06:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357943.
May  9 06:19:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4719]: pam_unix(cron:session): session closed for user root
May  9 06:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7877]: pam_unix(cron:session): session closed for user samftp
May  9 06:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Invalid user admin from 146.190.241.149
May  9 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: input_userauth_request: invalid user admin [preauth]
May  9 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Failed password for invalid user admin from 146.190.241.149 port 39758 ssh2
May  9 06:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8144]: Connection closed by 146.190.241.149 port 39758 [preauth]
May  9 06:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: Invalid user redis from 146.190.241.149
May  9 06:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: input_userauth_request: invalid user redis [preauth]
May  9 06:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: Failed password for invalid user redis from 146.190.241.149 port 44350 ssh2
May  9 06:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8183]: Connection closed by 146.190.241.149 port 44350 [preauth]
May  9 06:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6813]: pam_unix(cron:session): session closed for user root
May  9 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Invalid user ds from 146.190.241.149
May  9 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: input_userauth_request: invalid user ds [preauth]
May  9 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Failed password for invalid user ds from 146.190.241.149 port 44940 ssh2
May  9 06:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8238]: Connection closed by 146.190.241.149 port 44940 [preauth]
May  9 06:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Invalid user kubernetes from 146.190.241.149
May  9 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: input_userauth_request: invalid user kubernetes [preauth]
May  9 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:19:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Failed password for invalid user kubernetes from 146.190.241.149 port 38314 ssh2
May  9 06:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Connection closed by 146.190.241.149 port 38314 [preauth]
May  9 06:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Received disconnect from 80.94.95.125 port 54184:11: Bye [preauth]
May  9 06:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8300]: Disconnected from 80.94.95.125 port 54184 [preauth]
May  9 06:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Invalid user jellyfin from 146.190.241.149
May  9 06:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: input_userauth_request: invalid user jellyfin [preauth]
May  9 06:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8319]: pam_unix(cron:session): session closed for user root
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8314]: pam_unix(cron:session): session closed for user p13x
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8387]: Successful su for rubyman by root
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8387]: + ??? root:rubyman
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357946 of user rubyman.
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8387]: pam_unix(su:session): session closed for user rubyman
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357946.
May  9 06:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Failed password for invalid user jellyfin from 146.190.241.149 port 59352 ssh2
May  9 06:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8311]: Connection closed by 146.190.241.149 port 59352 [preauth]
May  9 06:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8316]: pam_unix(cron:session): session closed for user root
May  9 06:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5351]: pam_unix(cron:session): session closed for user root
May  9 06:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8315]: pam_unix(cron:session): session closed for user samftp
May  9 06:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Invalid user oracle from 186.233.208.13
May  9 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: input_userauth_request: invalid user oracle [preauth]
May  9 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for invalid user oracle from 186.233.208.13 port 44018 ssh2
May  9 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Received disconnect from 186.233.208.13 port 44018:11: Bye Bye [preauth]
May  9 06:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Disconnected from 186.233.208.13 port 44018 [preauth]
May  9 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Invalid user steam from 146.190.241.149
May  9 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: input_userauth_request: invalid user steam [preauth]
May  9 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:20:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Failed password for invalid user steam from 146.190.241.149 port 50702 ssh2
May  9 06:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8625]: Connection closed by 146.190.241.149 port 50702 [preauth]
May  9 06:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: Invalid user ubuntu from 146.190.241.149
May  9 06:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: Failed password for invalid user ubuntu from 146.190.241.149 port 51654 ssh2
May  9 06:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8662]: Connection closed by 146.190.241.149 port 51654 [preauth]
May  9 06:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7343]: pam_unix(cron:session): session closed for user root
May  9 06:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: User uucp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:20:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: input_userauth_request: invalid user uucp [preauth]
May  9 06:20:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=uucp
May  9 06:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Failed password for invalid user uucp from 146.190.241.149 port 52040 ssh2
May  9 06:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8733]: Connection closed by 146.190.241.149 port 52040 [preauth]
May  9 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: Invalid user nagios from 146.190.241.149
May  9 06:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: input_userauth_request: invalid user nagios [preauth]
May  9 06:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: Failed password for invalid user nagios from 146.190.241.149 port 49582 ssh2
May  9 06:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: Connection closed by 146.190.241.149 port 49582 [preauth]
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8786]: pam_unix(cron:session): session closed for user p13x
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: Successful su for rubyman by root
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: + ??? root:rubyman
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357953 of user rubyman.
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8856]: pam_unix(su:session): session closed for user rubyman
May  9 06:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357953.
May  9 06:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Invalid user dolphin from 146.190.241.149
May  9 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: input_userauth_request: invalid user dolphin [preauth]
May  9 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5920]: pam_unix(cron:session): session closed for user root
May  9 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8787]: pam_unix(cron:session): session closed for user samftp
May  9 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for invalid user dolphin from 146.190.241.149 port 37532 ssh2
May  9 06:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Connection closed by 146.190.241.149 port 37532 [preauth]
May  9 06:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: Failed password for root from 146.190.241.149 port 56850 ssh2
May  9 06:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9080]: Connection closed by 146.190.241.149 port 56850 [preauth]
May  9 06:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245  user=root
May  9 06:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: Failed password for root from 190.244.25.245 port 39190 ssh2
May  9 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: Received disconnect from 190.244.25.245 port 39190:11: Bye Bye [preauth]
May  9 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9099]: Disconnected from 190.244.25.245 port 39190 [preauth]
May  9 06:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Invalid user vbox from 146.190.241.149
May  9 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: input_userauth_request: invalid user vbox [preauth]
May  9 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:21:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Failed password for invalid user vbox from 146.190.241.149 port 45686 ssh2
May  9 06:21:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9205]: Connection closed by 146.190.241.149 port 45686 [preauth]
May  9 06:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7879]: pam_unix(cron:session): session closed for user root
May  9 06:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Invalid user postgres from 146.190.241.149
May  9 06:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: input_userauth_request: invalid user postgres [preauth]
May  9 06:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Failed password for invalid user postgres from 146.190.241.149 port 58288 ssh2
May  9 06:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9255]: Connection closed by 146.190.241.149 port 58288 [preauth]
May  9 06:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.177.204.63  user=root
May  9 06:21:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Failed password for root from 163.177.204.63 port 58936 ssh2
May  9 06:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9171]: Connection closed by 163.177.204.63 port 58936 [preauth]
May  9 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Failed password for root from 146.190.241.149 port 40668 ssh2
May  9 06:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9317]: Connection closed by 146.190.241.149 port 40668 [preauth]
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9336]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9335]: pam_unix(cron:session): session closed for user p13x
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9403]: Successful su for rubyman by root
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9403]: + ??? root:rubyman
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9403]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357956 of user rubyman.
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9403]: pam_unix(su:session): session closed for user rubyman
May  9 06:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357956.
May  9 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6384]: pam_unix(cron:session): session closed for user root
May  9 06:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9336]: pam_unix(cron:session): session closed for user samftp
May  9 06:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Invalid user mapr from 146.190.241.149
May  9 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: input_userauth_request: invalid user mapr [preauth]
May  9 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Failed password for invalid user mapr from 146.190.241.149 port 54596 ssh2
May  9 06:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9585]: Connection closed by 146.190.241.149 port 54596 [preauth]
May  9 06:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Failed password for root from 146.190.241.149 port 39178 ssh2
May  9 06:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9617]: Connection closed by 146.190.241.149 port 39178 [preauth]
May  9 06:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: Invalid user jupyter from 146.190.241.149
May  9 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: input_userauth_request: invalid user jupyter [preauth]
May  9 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8318]: pam_unix(cron:session): session closed for user root
May  9 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: Failed password for invalid user jupyter from 146.190.241.149 port 56516 ssh2
May  9 06:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9650]: Connection closed by 146.190.241.149 port 56516 [preauth]
May  9 06:22:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  9 06:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Invalid user jack from 146.190.241.149
May  9 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: input_userauth_request: invalid user jack [preauth]
May  9 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Invalid user fivem from 165.22.235.5
May  9 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: input_userauth_request: invalid user fivem [preauth]
May  9 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Failed password for root from 80.94.95.115 port 23056 ssh2
May  9 06:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9692]: Connection closed by 80.94.95.115 port 23056 [preauth]
May  9 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Failed password for invalid user fivem from 165.22.235.5 port 46822 ssh2
May  9 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Received disconnect from 165.22.235.5 port 46822:11: Bye Bye [preauth]
May  9 06:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9720]: Disconnected from 165.22.235.5 port 46822 [preauth]
May  9 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Failed password for invalid user jack from 146.190.241.149 port 34102 ssh2
May  9 06:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9717]: Connection closed by 146.190.241.149 port 34102 [preauth]
May  9 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Invalid user apache from 146.190.241.149
May  9 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: input_userauth_request: invalid user apache [preauth]
May  9 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Failed password for invalid user apache from 146.190.241.149 port 45144 ssh2
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9743]: Connection closed by 146.190.241.149 port 45144 [preauth]
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9758]: pam_unix(cron:session): session closed for user p13x
May  9 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: Successful su for rubyman by root
May  9 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: + ??? root:rubyman
May  9 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357962 of user rubyman.
May  9 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9822]: pam_unix(su:session): session closed for user rubyman
May  9 06:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357962.
May  9 06:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6812]: pam_unix(cron:session): session closed for user root
May  9 06:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9759]: pam_unix(cron:session): session closed for user samftp
May  9 06:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10008]: Failed password for root from 146.190.241.149 port 58814 ssh2
May  9 06:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10008]: Connection closed by 146.190.241.149 port 58814 [preauth]
May  9 06:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: Invalid user awsgui from 146.190.241.149
May  9 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: input_userauth_request: invalid user awsgui [preauth]
May  9 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: Failed password for invalid user awsgui from 146.190.241.149 port 50786 ssh2
May  9 06:23:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10053]: Connection closed by 146.190.241.149 port 50786 [preauth]
May  9 06:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8789]: pam_unix(cron:session): session closed for user root
May  9 06:23:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Invalid user nagios from 146.190.241.149
May  9 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: input_userauth_request: invalid user nagios [preauth]
May  9 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Failed password for invalid user nagios from 146.190.241.149 port 50014 ssh2
May  9 06:23:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10105]: Connection closed by 146.190.241.149 port 50014 [preauth]
May  9 06:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 06:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: Failed password for root from 14.103.127.97 port 54644 ssh2
May  9 06:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: Received disconnect from 14.103.127.97 port 54644:11: Bye Bye [preauth]
May  9 06:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10135]: Disconnected from 14.103.127.97 port 54644 [preauth]
May  9 06:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Invalid user traefik from 60.49.31.229
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: input_userauth_request: invalid user traefik [preauth]
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Invalid user data from 146.190.241.149
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: input_userauth_request: invalid user data [preauth]
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Failed password for invalid user traefik from 60.49.31.229 port 60206 ssh2
May  9 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Received disconnect from 60.49.31.229 port 60206:11: Bye Bye [preauth]
May  9 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10146]: Disconnected from 60.49.31.229 port 60206 [preauth]
May  9 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Failed password for invalid user data from 146.190.241.149 port 51688 ssh2
May  9 06:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10148]: Connection closed by 146.190.241.149 port 51688 [preauth]
May  9 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10168]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10168]: pam_unix(cron:session): session closed for user p13x
May  9 06:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: Successful su for rubyman by root
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: + ??? root:rubyman
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357965 of user rubyman.
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10320]: pam_unix(su:session): session closed for user rubyman
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357965.
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Invalid user redis from 146.190.241.149
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: input_userauth_request: invalid user redis [preauth]
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7342]: pam_unix(cron:session): session closed for user root
May  9 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Failed password for invalid user redis from 146.190.241.149 port 38098 ssh2
May  9 06:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10231]: Connection closed by 146.190.241.149 port 38098 [preauth]
May  9 06:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10169]: pam_unix(cron:session): session closed for user samftp
May  9 06:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Failed password for root from 146.190.241.149 port 40852 ssh2
May  9 06:24:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10548]: Connection closed by 146.190.241.149 port 40852 [preauth]
May  9 06:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Invalid user solana from 146.190.241.149
May  9 06:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: input_userauth_request: invalid user solana [preauth]
May  9 06:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Failed password for invalid user solana from 146.190.241.149 port 38176 ssh2
May  9 06:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10594]: Connection closed by 146.190.241.149 port 38176 [preauth]
May  9 06:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9338]: pam_unix(cron:session): session closed for user root
May  9 06:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Invalid user azureuser from 146.190.241.149
May  9 06:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: input_userauth_request: invalid user azureuser [preauth]
May  9 06:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Failed password for invalid user azureuser from 146.190.241.149 port 41378 ssh2
May  9 06:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10656]: Connection closed by 146.190.241.149 port 41378 [preauth]
May  9 06:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Invalid user sol from 146.190.241.149
May  9 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: input_userauth_request: invalid user sol [preauth]
May  9 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Failed password for invalid user sol from 146.190.241.149 port 35214 ssh2
May  9 06:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10729]: Connection closed by 146.190.241.149 port 35214 [preauth]
May  9 06:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10758]: pam_unix(cron:session): session closed for user root
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10749]: pam_unix(cron:session): session closed for user p13x
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: Successful su for rubyman by root
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: + ??? root:rubyman
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357972 of user rubyman.
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Failed password for root from 164.68.105.9 port 55058 ssh2
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10833]: pam_unix(su:session): session closed for user rubyman
May  9 06:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357972.
May  9 06:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10744]: Connection closed by 164.68.105.9 port 55058 [preauth]
May  9 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10751]: pam_unix(cron:session): session closed for user root
May  9 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7878]: pam_unix(cron:session): session closed for user root
May  9 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Invalid user ubuntu from 146.190.241.149
May  9 06:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Failed password for invalid user ubuntu from 146.190.241.149 port 35480 ssh2
May  9 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11007]: Connection closed by 146.190.241.149 port 35480 [preauth]
May  9 06:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10750]: pam_unix(cron:session): session closed for user samftp
May  9 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Failed password for root from 146.190.241.149 port 40592 ssh2
May  9 06:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11069]: Connection closed by 146.190.241.149 port 40592 [preauth]
May  9 06:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Invalid user centos from 146.190.241.149
May  9 06:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: input_userauth_request: invalid user centos [preauth]
May  9 06:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Failed password for invalid user centos from 146.190.241.149 port 44882 ssh2
May  9 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11102]: Connection closed by 146.190.241.149 port 44882 [preauth]
May  9 06:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9761]: pam_unix(cron:session): session closed for user root
May  9 06:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Invalid user elsearch from 146.190.241.149
May  9 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: input_userauth_request: invalid user elsearch [preauth]
May  9 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Failed password for invalid user elsearch from 146.190.241.149 port 43352 ssh2
May  9 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11152]: Connection closed by 146.190.241.149 port 43352 [preauth]
May  9 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Invalid user admin from 80.94.95.112
May  9 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: input_userauth_request: invalid user admin [preauth]
May  9 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 06:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Failed password for invalid user admin from 80.94.95.112 port 21898 ssh2
May  9 06:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Failed password for invalid user admin from 80.94.95.112 port 21898 ssh2
May  9 06:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Failed password for invalid user admin from 80.94.95.112 port 21898 ssh2
May  9 06:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Invalid user appuser from 146.190.241.149
May  9 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: input_userauth_request: invalid user appuser [preauth]
May  9 06:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Failed password for invalid user admin from 80.94.95.112 port 21898 ssh2
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Invalid user radu from 186.233.208.13
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: input_userauth_request: invalid user radu [preauth]
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:25:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Failed password for invalid user admin from 80.94.95.112 port 21898 ssh2
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Failed password for invalid user appuser from 146.190.241.149 port 36900 ssh2
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Failed password for invalid user radu from 186.233.208.13 port 33680 ssh2
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11191]: Connection closed by 146.190.241.149 port 36900 [preauth]
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Received disconnect from 80.94.95.112 port 21898:11: Bye [preauth]
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: Disconnected from 80.94.95.112 port 21898 [preauth]
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11169]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Received disconnect from 186.233.208.13 port 33680:11: Bye Bye [preauth]
May  9 06:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11189]: Disconnected from 186.233.208.13 port 33680 [preauth]
May  9 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11202]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11202]: pam_unix(cron:session): session closed for user p13x
May  9 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: Successful su for rubyman by root
May  9 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: + ??? root:rubyman
May  9 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357978 of user rubyman.
May  9 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11268]: pam_unix(su:session): session closed for user rubyman
May  9 06:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357978.
May  9 06:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8317]: pam_unix(cron:session): session closed for user root
May  9 06:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11203]: pam_unix(cron:session): session closed for user samftp
May  9 06:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Invalid user bigdata from 146.190.241.149
May  9 06:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: input_userauth_request: invalid user bigdata [preauth]
May  9 06:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Failed password for invalid user bigdata from 146.190.241.149 port 36042 ssh2
May  9 06:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11444]: Connection closed by 146.190.241.149 port 36042 [preauth]
May  9 06:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Invalid user mongodb from 146.190.241.149
May  9 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: input_userauth_request: invalid user mongodb [preauth]
May  9 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Failed password for invalid user mongodb from 146.190.241.149 port 33974 ssh2
May  9 06:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11489]: Connection closed by 146.190.241.149 port 33974 [preauth]
May  9 06:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10171]: pam_unix(cron:session): session closed for user root
May  9 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Invalid user ftpuser from 146.190.241.149
May  9 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: input_userauth_request: invalid user ftpuser [preauth]
May  9 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Failed password for invalid user ftpuser from 146.190.241.149 port 49724 ssh2
May  9 06:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11548]: Connection closed by 146.190.241.149 port 49724 [preauth]
May  9 06:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Invalid user sftp from 146.190.241.149
May  9 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: input_userauth_request: invalid user sftp [preauth]
May  9 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Failed password for invalid user sftp from 146.190.241.149 port 36754 ssh2
May  9 06:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11593]: Connection closed by 146.190.241.149 port 36754 [preauth]
May  9 06:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11595]: Did not receive identification string from 141.98.10.41
May  9 06:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Invalid user node from 146.190.241.149
May  9 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: input_userauth_request: invalid user node [preauth]
May  9 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11618]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11615]: pam_unix(cron:session): session closed for user p13x
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11681]: Successful su for rubyman by root
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11681]: + ??? root:rubyman
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11681]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357981 of user rubyman.
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11681]: pam_unix(su:session): session closed for user rubyman
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357981.
May  9 06:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Failed password for invalid user node from 146.190.241.149 port 54240 ssh2
May  9 06:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11612]: Connection closed by 146.190.241.149 port 54240 [preauth]
May  9 06:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8788]: pam_unix(cron:session): session closed for user root
May  9 06:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11616]: pam_unix(cron:session): session closed for user samftp
May  9 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: Invalid user dstserver from 146.190.241.149
May  9 06:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: input_userauth_request: invalid user dstserver [preauth]
May  9 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: Failed password for invalid user dstserver from 146.190.241.149 port 46636 ssh2
May  9 06:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11867]: Connection closed by 146.190.241.149 port 46636 [preauth]
May  9 06:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 06:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Failed password for root from 218.92.0.179 port 46027 ssh2
May  9 06:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 46027 ssh2]
May  9 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Received disconnect from 218.92.0.179 port 46027:11:  [preauth]
May  9 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: Disconnected from 218.92.0.179 port 46027 [preauth]
May  9 06:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11892]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Invalid user es from 146.190.241.149
May  9 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: input_userauth_request: invalid user es [preauth]
May  9 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Failed password for invalid user es from 146.190.241.149 port 53648 ssh2
May  9 06:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11923]: Connection closed by 146.190.241.149 port 53648 [preauth]
May  9 06:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Invalid user posiflex from 190.244.25.245
May  9 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: input_userauth_request: invalid user posiflex [preauth]
May  9 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Failed password for invalid user posiflex from 190.244.25.245 port 50904 ssh2
May  9 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Received disconnect from 190.244.25.245 port 50904:11: Bye Bye [preauth]
May  9 06:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11935]: Disconnected from 190.244.25.245 port 50904 [preauth]
May  9 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10757]: pam_unix(cron:session): session closed for user root
May  9 06:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Invalid user steam from 165.22.235.5
May  9 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: input_userauth_request: invalid user steam [preauth]
May  9 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Failed password for invalid user steam from 165.22.235.5 port 46350 ssh2
May  9 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Received disconnect from 165.22.235.5 port 46350:11: Bye Bye [preauth]
May  9 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11965]: Disconnected from 165.22.235.5 port 46350 [preauth]
May  9 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Invalid user sonar from 146.190.241.149
May  9 06:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: input_userauth_request: invalid user sonar [preauth]
May  9 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Failed password for invalid user sonar from 146.190.241.149 port 34410 ssh2
May  9 06:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11967]: Connection closed by 146.190.241.149 port 34410 [preauth]
May  9 06:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: Invalid user test from 146.190.241.149
May  9 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: input_userauth_request: invalid user test [preauth]
May  9 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: Failed password for invalid user test from 146.190.241.149 port 49994 ssh2
May  9 06:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11997]: Connection closed by 146.190.241.149 port 49994 [preauth]
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user p13x
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: Successful su for rubyman by root
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: + ??? root:rubyman
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357983 of user rubyman.
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12083]: pam_unix(su:session): session closed for user rubyman
May  9 06:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357983.
May  9 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Invalid user elasticsearch from 146.190.241.149
May  9 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9337]: pam_unix(cron:session): session closed for user root
May  9 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user samftp
May  9 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Failed password for invalid user elasticsearch from 146.190.241.149 port 45870 ssh2
May  9 06:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12186]: Connection closed by 146.190.241.149 port 45870 [preauth]
May  9 06:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:28:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: Failed password for root from 146.190.241.149 port 50754 ssh2
May  9 06:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12299]: Connection closed by 146.190.241.149 port 50754 [preauth]
May  9 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Invalid user vagrant from 146.190.241.149
May  9 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: input_userauth_request: invalid user vagrant [preauth]
May  9 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Failed password for invalid user vagrant from 146.190.241.149 port 38062 ssh2
May  9 06:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12351]: Connection closed by 146.190.241.149 port 38062 [preauth]
May  9 06:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11205]: pam_unix(cron:session): session closed for user root
May  9 06:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: Invalid user test from 146.190.241.149
May  9 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: input_userauth_request: invalid user test [preauth]
May  9 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: Failed password for invalid user test from 146.190.241.149 port 59986 ssh2
May  9 06:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12389]: Connection closed by 146.190.241.149 port 59986 [preauth]
May  9 06:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Invalid user sol from 146.190.241.149
May  9 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: input_userauth_request: invalid user sol [preauth]
May  9 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:28:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Failed password for invalid user sol from 146.190.241.149 port 44904 ssh2
May  9 06:28:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12429]: Connection closed by 146.190.241.149 port 44904 [preauth]
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12443]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12441]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12440]: pam_unix(cron:session): session closed for user p13x
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12500]: Successful su for rubyman by root
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12500]: + ??? root:rubyman
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12500]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357987 of user rubyman.
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12500]: pam_unix(su:session): session closed for user rubyman
May  9 06:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357987.
May  9 06:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9760]: pam_unix(cron:session): session closed for user root
May  9 06:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12441]: pam_unix(cron:session): session closed for user samftp
May  9 06:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Invalid user ranger from 146.190.241.149
May  9 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: input_userauth_request: invalid user ranger [preauth]
May  9 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Failed password for invalid user ranger from 146.190.241.149 port 43160 ssh2
May  9 06:29:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12677]: Connection closed by 146.190.241.149 port 43160 [preauth]
May  9 06:29:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Invalid user esadmin from 146.190.241.149
May  9 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: input_userauth_request: invalid user esadmin [preauth]
May  9 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Failed password for invalid user esadmin from 146.190.241.149 port 42292 ssh2
May  9 06:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12711]: Connection closed by 146.190.241.149 port 42292 [preauth]
May  9 06:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Invalid user amanda from 146.190.241.149
May  9 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: input_userauth_request: invalid user amanda [preauth]
May  9 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11618]: pam_unix(cron:session): session closed for user root
May  9 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Failed password for invalid user amanda from 146.190.241.149 port 60904 ssh2
May  9 06:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12759]: Connection closed by 146.190.241.149 port 60904 [preauth]
May  9 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Invalid user admin from 146.190.241.149
May  9 06:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: input_userauth_request: invalid user admin [preauth]
May  9 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:29:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Failed password for invalid user admin from 146.190.241.149 port 59014 ssh2
May  9 06:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12804]: Connection closed by 146.190.241.149 port 59014 [preauth]
May  9 06:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Invalid user itsupport from 60.49.31.229
May  9 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: input_userauth_request: invalid user itsupport [preauth]
May  9 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:29:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Failed password for invalid user itsupport from 60.49.31.229 port 40932 ssh2
May  9 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Received disconnect from 60.49.31.229 port 40932:11: Bye Bye [preauth]
May  9 06:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12815]: Disconnected from 60.49.31.229 port 40932 [preauth]
May  9 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Invalid user solana from 146.190.241.149
May  9 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: input_userauth_request: invalid user solana [preauth]
May  9 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:29:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12842]: pam_unix(cron:session): session closed for user root
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12836]: pam_unix(cron:session): session closed for user p13x
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Failed password for invalid user solana from 146.190.241.149 port 45452 ssh2
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12833]: Connection closed by 146.190.241.149 port 45452 [preauth]
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12903]: Successful su for rubyman by root
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12903]: + ??? root:rubyman
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357994 of user rubyman.
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12903]: pam_unix(su:session): session closed for user rubyman
May  9 06:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357994.
May  9 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12839]: pam_unix(cron:session): session closed for user root
May  9 06:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10170]: pam_unix(cron:session): session closed for user root
May  9 06:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12837]: pam_unix(cron:session): session closed for user samftp
May  9 06:30:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Invalid user grafana from 146.190.241.149
May  9 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: input_userauth_request: invalid user grafana [preauth]
May  9 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Failed password for invalid user grafana from 146.190.241.149 port 58936 ssh2
May  9 06:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13125]: Connection closed by 146.190.241.149 port 58936 [preauth]
May  9 06:30:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Invalid user tomcat from 146.190.241.149
May  9 06:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: input_userauth_request: invalid user tomcat [preauth]
May  9 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:30:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Failed password for invalid user tomcat from 146.190.241.149 port 58986 ssh2
May  9 06:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13156]: Connection closed by 146.190.241.149 port 58986 [preauth]
May  9 06:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user root
May  9 06:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Invalid user test from 146.190.241.149
May  9 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: input_userauth_request: invalid user test [preauth]
May  9 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Failed password for invalid user test from 146.190.241.149 port 44730 ssh2
May  9 06:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13217]: Connection closed by 146.190.241.149 port 44730 [preauth]
May  9 06:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Invalid user odoo from 146.190.241.149
May  9 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: input_userauth_request: invalid user odoo [preauth]
May  9 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:30:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Failed password for invalid user odoo from 146.190.241.149 port 39748 ssh2
May  9 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13248]: Connection closed by 146.190.241.149 port 39748 [preauth]
May  9 06:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 06:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13258]: Failed password for root from 14.103.127.97 port 52020 ssh2
May  9 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13258]: Received disconnect from 14.103.127.97 port 52020:11: Bye Bye [preauth]
May  9 06:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13258]: Disconnected from 14.103.127.97 port 52020 [preauth]
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13272]: pam_unix(cron:session): session closed for user p13x
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13345]: Successful su for rubyman by root
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13345]: + ??? root:rubyman
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13345]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 357998 of user rubyman.
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13345]: pam_unix(su:session): session closed for user rubyman
May  9 06:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 357998.
May  9 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Invalid user dst from 146.190.241.149
May  9 06:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: input_userauth_request: invalid user dst [preauth]
May  9 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Failed password for invalid user dst from 146.190.241.149 port 35222 ssh2
May  9 06:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13399]: Connection closed by 146.190.241.149 port 35222 [preauth]
May  9 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10753]: pam_unix(cron:session): session closed for user root
May  9 06:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13273]: pam_unix(cron:session): session closed for user samftp
May  9 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: Failed password for root from 146.190.241.149 port 50280 ssh2
May  9 06:31:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13662]: Connection closed by 146.190.241.149 port 50280 [preauth]
May  9 06:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: Invalid user sftp from 146.190.241.149
May  9 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: input_userauth_request: invalid user sftp [preauth]
May  9 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: Failed password for invalid user sftp from 146.190.241.149 port 49068 ssh2
May  9 06:31:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13697]: Connection closed by 146.190.241.149 port 49068 [preauth]
May  9 06:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12443]: pam_unix(cron:session): session closed for user root
May  9 06:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Invalid user rms from 186.233.208.13
May  9 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: input_userauth_request: invalid user rms [preauth]
May  9 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: Failed password for root from 146.190.241.149 port 34562 ssh2
May  9 06:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13747]: Connection closed by 146.190.241.149 port 34562 [preauth]
May  9 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Failed password for invalid user rms from 186.233.208.13 port 33498 ssh2
May  9 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Received disconnect from 186.233.208.13 port 33498:11: Bye Bye [preauth]
May  9 06:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13752]: Disconnected from 186.233.208.13 port 33498 [preauth]
May  9 06:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Invalid user ts from 146.190.241.149
May  9 06:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: input_userauth_request: invalid user ts [preauth]
May  9 06:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Failed password for invalid user ts from 146.190.241.149 port 49946 ssh2
May  9 06:31:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13786]: Connection closed by 146.190.241.149 port 49946 [preauth]
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13798]: pam_unix(cron:session): session closed for user p13x
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13862]: Successful su for rubyman by root
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13862]: + ??? root:rubyman
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13862]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358001 of user rubyman.
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13862]: pam_unix(su:session): session closed for user rubyman
May  9 06:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358001.
May  9 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11204]: pam_unix(cron:session): session closed for user root
May  9 06:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13799]: pam_unix(cron:session): session closed for user samftp
May  9 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: Invalid user arkserver from 146.190.241.149
May  9 06:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: input_userauth_request: invalid user arkserver [preauth]
May  9 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: Failed password for invalid user arkserver from 146.190.241.149 port 34144 ssh2
May  9 06:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14029]: Connection closed by 146.190.241.149 port 34144 [preauth]
May  9 06:32:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Invalid user sqlite from 165.22.235.5
May  9 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: input_userauth_request: invalid user sqlite [preauth]
May  9 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.235.5
May  9 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Failed password for invalid user sqlite from 165.22.235.5 port 34808 ssh2
May  9 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Received disconnect from 165.22.235.5 port 34808:11: Bye Bye [preauth]
May  9 06:32:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14054]: Disconnected from 165.22.235.5 port 34808 [preauth]
May  9 06:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Invalid user ark from 146.190.241.149
May  9 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: input_userauth_request: invalid user ark [preauth]
May  9 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Failed password for invalid user ark from 146.190.241.149 port 53264 ssh2
May  9 06:32:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14078]: Connection closed by 146.190.241.149 port 53264 [preauth]
May  9 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Invalid user rancher from 146.190.241.149
May  9 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: input_userauth_request: invalid user rancher [preauth]
May  9 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Failed password for invalid user rancher from 146.190.241.149 port 59808 ssh2
May  9 06:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14119]: Connection closed by 146.190.241.149 port 59808 [preauth]
May  9 06:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12841]: pam_unix(cron:session): session closed for user root
May  9 06:32:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Invalid user sftp from 146.190.241.149
May  9 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: input_userauth_request: invalid user sftp [preauth]
May  9 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Failed password for invalid user sftp from 146.190.241.149 port 60774 ssh2
May  9 06:32:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14160]: Connection closed by 146.190.241.149 port 60774 [preauth]
May  9 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Invalid user wordpress from 146.190.241.149
May  9 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: input_userauth_request: invalid user wordpress [preauth]
May  9 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Failed password for invalid user wordpress from 146.190.241.149 port 56046 ssh2
May  9 06:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14200]: Connection closed by 146.190.241.149 port 56046 [preauth]
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14213]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14212]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14212]: pam_unix(cron:session): session closed for user p13x
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14275]: Successful su for rubyman by root
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14275]: + ??? root:rubyman
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358005 of user rubyman.
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14275]: pam_unix(su:session): session closed for user rubyman
May  9 06:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358005.
May  9 06:33:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11617]: pam_unix(cron:session): session closed for user root
May  9 06:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14213]: pam_unix(cron:session): session closed for user samftp
May  9 06:33:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Invalid user nagios from 146.190.241.149
May  9 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: input_userauth_request: invalid user nagios [preauth]
May  9 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Failed password for invalid user nagios from 146.190.241.149 port 37316 ssh2
May  9 06:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14460]: Connection closed by 146.190.241.149 port 37316 [preauth]
May  9 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Invalid user gitlab from 146.190.241.149
May  9 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: input_userauth_request: invalid user gitlab [preauth]
May  9 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Failed password for invalid user gitlab from 146.190.241.149 port 37394 ssh2
May  9 06:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14496]: Connection closed by 146.190.241.149 port 37394 [preauth]
May  9 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13275]: pam_unix(cron:session): session closed for user root
May  9 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Invalid user oracle from 146.190.241.149
May  9 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: input_userauth_request: invalid user oracle [preauth]
May  9 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Failed password for invalid user oracle from 146.190.241.149 port 58634 ssh2
May  9 06:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14546]: Connection closed by 146.190.241.149 port 58634 [preauth]
May  9 06:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Invalid user kian from 190.244.25.245
May  9 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: input_userauth_request: invalid user kian [preauth]
May  9 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:33:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Failed password for invalid user kian from 190.244.25.245 port 51656 ssh2
May  9 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Received disconnect from 190.244.25.245 port 51656:11: Bye Bye [preauth]
May  9 06:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14562]: Disconnected from 190.244.25.245 port 51656 [preauth]
May  9 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Invalid user ubuntu from 146.190.241.149
May  9 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Failed password for invalid user ubuntu from 146.190.241.149 port 40370 ssh2
May  9 06:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14595]: Connection closed by 146.190.241.149 port 40370 [preauth]
May  9 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Invalid user worker from 146.190.241.149
May  9 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: input_userauth_request: invalid user worker [preauth]
May  9 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:33:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14633]: pam_unix(cron:session): session closed for user p13x
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: Successful su for rubyman by root
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: + ??? root:rubyman
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358009 of user rubyman.
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14699]: pam_unix(su:session): session closed for user rubyman
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358009.
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Failed password for invalid user worker from 146.190.241.149 port 60788 ssh2
May  9 06:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14623]: Connection closed by 146.190.241.149 port 60788 [preauth]
May  9 06:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session closed for user root
May  9 06:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14634]: pam_unix(cron:session): session closed for user samftp
May  9 06:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Failed password for root from 146.190.241.149 port 37476 ssh2
May  9 06:34:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14893]: Connection closed by 146.190.241.149 port 37476 [preauth]
May  9 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Invalid user dolphinscheduler from 146.190.241.149
May  9 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Failed password for invalid user dolphinscheduler from 146.190.241.149 port 57694 ssh2
May  9 06:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14948]: Connection closed by 146.190.241.149 port 57694 [preauth]
May  9 06:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13801]: pam_unix(cron:session): session closed for user root
May  9 06:34:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Invalid user redis from 146.190.241.149
May  9 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: input_userauth_request: invalid user redis [preauth]
May  9 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Failed password for invalid user redis from 146.190.241.149 port 41000 ssh2
May  9 06:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14998]: Connection closed by 146.190.241.149 port 41000 [preauth]
May  9 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Invalid user apache from 146.190.241.149
May  9 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: input_userauth_request: invalid user apache [preauth]
May  9 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Failed password for invalid user apache from 146.190.241.149 port 44492 ssh2
May  9 06:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15032]: Connection closed by 146.190.241.149 port 44492 [preauth]
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15057]: pam_unix(cron:session): session closed for user root
May  9 06:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15052]: pam_unix(cron:session): session closed for user p13x
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15120]: Successful su for rubyman by root
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15120]: + ??? root:rubyman
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358014 of user rubyman.
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15120]: pam_unix(su:session): session closed for user rubyman
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358014.
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: Invalid user admin from 146.190.241.149
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: input_userauth_request: invalid user admin [preauth]
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15054]: pam_unix(cron:session): session closed for user root
May  9 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: Failed password for invalid user admin from 146.190.241.149 port 46940 ssh2
May  9 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12442]: pam_unix(cron:session): session closed for user root
May  9 06:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15130]: Connection closed by 146.190.241.149 port 46940 [preauth]
May  9 06:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15053]: pam_unix(cron:session): session closed for user samftp
May  9 06:35:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Invalid user sonar from 146.190.241.149
May  9 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: input_userauth_request: invalid user sonar [preauth]
May  9 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Failed password for invalid user sonar from 146.190.241.149 port 58090 ssh2
May  9 06:35:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15358]: Connection closed by 146.190.241.149 port 58090 [preauth]
May  9 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: Invalid user factorio from 146.190.241.149
May  9 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: input_userauth_request: invalid user factorio [preauth]
May  9 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: Failed password for invalid user factorio from 146.190.241.149 port 35930 ssh2
May  9 06:35:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15389]: Connection closed by 146.190.241.149 port 35930 [preauth]
May  9 06:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session closed for user root
May  9 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Invalid user steam from 146.190.241.149
May  9 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: input_userauth_request: invalid user steam [preauth]
May  9 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Failed password for invalid user steam from 146.190.241.149 port 54982 ssh2
May  9 06:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15428]: Connection closed by 146.190.241.149 port 54982 [preauth]
May  9 06:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Invalid user git from 60.49.31.229
May  9 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: input_userauth_request: invalid user git [preauth]
May  9 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:35:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Failed password for invalid user git from 60.49.31.229 port 49888 ssh2
May  9 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Received disconnect from 60.49.31.229 port 49888:11: Bye Bye [preauth]
May  9 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15459]: Disconnected from 60.49.31.229 port 49888 [preauth]
May  9 06:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Invalid user steam from 146.190.241.149
May  9 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: input_userauth_request: invalid user steam [preauth]
May  9 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:35:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Failed password for invalid user steam from 146.190.241.149 port 40888 ssh2
May  9 06:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15470]: Connection closed by 146.190.241.149 port 40888 [preauth]
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15482]: pam_unix(cron:session): session closed for user p13x
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: Successful su for rubyman by root
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: + ??? root:rubyman
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358019 of user rubyman.
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15549]: pam_unix(su:session): session closed for user rubyman
May  9 06:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358019.
May  9 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12840]: pam_unix(cron:session): session closed for user root
May  9 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Invalid user node from 146.190.241.149
May  9 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: input_userauth_request: invalid user node [preauth]
May  9 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15483]: pam_unix(cron:session): session closed for user samftp
May  9 06:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Failed password for invalid user node from 146.190.241.149 port 52472 ssh2
May  9 06:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15716]: Connection closed by 146.190.241.149 port 52472 [preauth]
May  9 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Invalid user app from 146.190.241.149
May  9 06:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: input_userauth_request: invalid user app [preauth]
May  9 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Failed password for invalid user app from 146.190.241.149 port 42470 ssh2
May  9 06:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15765]: Connection closed by 146.190.241.149 port 42470 [preauth]
May  9 06:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Invalid user node from 146.190.241.149
May  9 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: input_userauth_request: invalid user node [preauth]
May  9 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14637]: pam_unix(cron:session): session closed for user root
May  9 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Failed password for invalid user node from 146.190.241.149 port 55192 ssh2
May  9 06:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Connection closed by 146.190.241.149 port 55192 [preauth]
May  9 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:36:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Failed password for root from 146.190.241.149 port 34392 ssh2
May  9 06:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15871]: Connection closed by 146.190.241.149 port 34392 [preauth]
May  9 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session closed for user p13x
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15967]: Successful su for rubyman by root
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15967]: + ??? root:rubyman
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15967]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358025 of user rubyman.
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15967]: pam_unix(su:session): session closed for user rubyman
May  9 06:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358025.
May  9 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Failed password for root from 146.190.241.149 port 35188 ssh2
May  9 06:37:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15890]: Connection closed by 146.190.241.149 port 35188 [preauth]
May  9 06:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13274]: pam_unix(cron:session): session closed for user root
May  9 06:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session closed for user samftp
May  9 06:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10746]: pam_unix(cron:session): session closed for user root
May  9 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Invalid user guest from 146.190.241.149
May  9 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: input_userauth_request: invalid user guest [preauth]
May  9 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:37:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Failed password for invalid user guest from 146.190.241.149 port 49098 ssh2
May  9 06:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16347]: Connection closed by 146.190.241.149 port 49098 [preauth]
May  9 06:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Invalid user testftp from 186.233.208.13
May  9 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: input_userauth_request: invalid user testftp [preauth]
May  9 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Failed password for root from 146.190.241.149 port 57114 ssh2
May  9 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16378]: Connection closed by 146.190.241.149 port 57114 [preauth]
May  9 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Failed password for invalid user testftp from 186.233.208.13 port 41826 ssh2
May  9 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Received disconnect from 186.233.208.13 port 41826:11: Bye Bye [preauth]
May  9 06:37:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16380]: Disconnected from 186.233.208.13 port 41826 [preauth]
May  9 06:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15056]: pam_unix(cron:session): session closed for user root
May  9 06:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Invalid user wang from 146.190.241.149
May  9 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: input_userauth_request: invalid user wang [preauth]
May  9 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Failed password for invalid user wang from 146.190.241.149 port 36160 ssh2
May  9 06:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16429]: Connection closed by 146.190.241.149 port 36160 [preauth]
May  9 06:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 06:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Failed password for root from 218.92.0.179 port 17933 ssh2
May  9 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Failed password for root from 146.190.241.149 port 43322 ssh2
May  9 06:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16482]: Connection closed by 146.190.241.149 port 43322 [preauth]
May  9 06:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Failed password for root from 218.92.0.179 port 17933 ssh2
May  9 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Failed password for root from 218.92.0.179 port 17933 ssh2
May  9 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Received disconnect from 218.92.0.179 port 17933:11:  [preauth]
May  9 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: Disconnected from 218.92.0.179 port 17933 [preauth]
May  9 06:37:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16476]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 06:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Invalid user postgres from 14.103.127.97
May  9 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: input_userauth_request: invalid user postgres [preauth]
May  9 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:38:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16516]: pam_unix(cron:session): session closed for user p13x
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: Successful su for rubyman by root
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: + ??? root:rubyman
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358028 of user rubyman.
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16592]: pam_unix(su:session): session closed for user rubyman
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358028.
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Failed password for invalid user postgres from 14.103.127.97 port 56004 ssh2
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Received disconnect from 14.103.127.97 port 56004:11: Bye Bye [preauth]
May  9 06:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16502]: Disconnected from 14.103.127.97 port 56004 [preauth]
May  9 06:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13800]: pam_unix(cron:session): session closed for user root
May  9 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Invalid user deploy from 146.190.241.149
May  9 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: input_userauth_request: invalid user deploy [preauth]
May  9 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16517]: pam_unix(cron:session): session closed for user samftp
May  9 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Failed password for invalid user deploy from 146.190.241.149 port 55262 ssh2
May  9 06:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16768]: Connection closed by 146.190.241.149 port 55262 [preauth]
May  9 06:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Failed password for root from 80.94.95.116 port 63750 ssh2
May  9 06:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16774]: Connection closed by 80.94.95.116 port 63750 [preauth]
May  9 06:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: Invalid user oracle from 146.190.241.149
May  9 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: input_userauth_request: invalid user oracle [preauth]
May  9 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:38:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: Failed password for invalid user oracle from 146.190.241.149 port 59008 ssh2
May  9 06:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16824]: Connection closed by 146.190.241.149 port 59008 [preauth]
May  9 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Invalid user pal from 146.190.241.149
May  9 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: input_userauth_request: invalid user pal [preauth]
May  9 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Failed password for invalid user pal from 146.190.241.149 port 41716 ssh2
May  9 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16857]: Connection closed by 146.190.241.149 port 41716 [preauth]
May  9 06:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15486]: pam_unix(cron:session): session closed for user root
May  9 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Invalid user ftpuser from 146.190.241.149
May  9 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: input_userauth_request: invalid user ftpuser [preauth]
May  9 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Failed password for invalid user ftpuser from 146.190.241.149 port 39260 ssh2
May  9 06:38:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16929]: Connection closed by 146.190.241.149 port 39260 [preauth]
May  9 06:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Invalid user palworld from 146.190.241.149
May  9 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: input_userauth_request: invalid user palworld [preauth]
May  9 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Failed password for invalid user palworld from 146.190.241.149 port 37256 ssh2
May  9 06:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16969]: Connection closed by 146.190.241.149 port 37256 [preauth]
May  9 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16984]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16983]: pam_unix(cron:session): session closed for user p13x
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17105]: Successful su for rubyman by root
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17105]: + ??? root:rubyman
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17105]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358031 of user rubyman.
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17105]: pam_unix(su:session): session closed for user rubyman
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358031.
May  9 06:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16981]: pam_unix(cron:session): session closed for user root
May  9 06:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session closed for user root
May  9 06:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16984]: pam_unix(cron:session): session closed for user samftp
May  9 06:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: Invalid user elastic from 146.190.241.149
May  9 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: input_userauth_request: invalid user elastic [preauth]
May  9 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:39:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: Failed password for invalid user elastic from 146.190.241.149 port 58514 ssh2
May  9 06:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17323]: Connection closed by 146.190.241.149 port 58514 [preauth]
May  9 06:39:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Invalid user app from 146.190.241.149
May  9 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: input_userauth_request: invalid user app [preauth]
May  9 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:39:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Failed password for invalid user app from 146.190.241.149 port 55128 ssh2
May  9 06:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17364]: Connection closed by 146.190.241.149 port 55128 [preauth]
May  9 06:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session closed for user root
May  9 06:39:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Failed password for root from 146.190.241.149 port 34380 ssh2
May  9 06:39:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17417]: Connection closed by 146.190.241.149 port 34380 [preauth]
May  9 06:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Invalid user toor from 190.244.25.245
May  9 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: input_userauth_request: invalid user toor [preauth]
May  9 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.244.25.245
May  9 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Failed password for invalid user toor from 190.244.25.245 port 53340 ssh2
May  9 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Received disconnect from 190.244.25.245 port 53340:11: Bye Bye [preauth]
May  9 06:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17429]: Disconnected from 190.244.25.245 port 53340 [preauth]
May  9 06:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Invalid user ali from 190.103.202.7
May  9 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: input_userauth_request: invalid user ali [preauth]
May  9 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  9 06:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Failed password for invalid user ali from 190.103.202.7 port 57852 ssh2
May  9 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Invalid user kodi from 146.190.241.149
May  9 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: input_userauth_request: invalid user kodi [preauth]
May  9 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17453]: Connection closed by 190.103.202.7 port 57852 [preauth]
May  9 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Failed password for invalid user kodi from 146.190.241.149 port 40150 ssh2
May  9 06:39:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17465]: Connection closed by 146.190.241.149 port 40150 [preauth]
May  9 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Invalid user hadoop from 146.190.241.149
May  9 06:40:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: input_userauth_request: invalid user hadoop [preauth]
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17498]: pam_unix(cron:session): session closed for user root
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17493]: pam_unix(cron:session): session closed for user p13x
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: Successful su for rubyman by root
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: + ??? root:rubyman
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358037 of user rubyman.
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17574]: pam_unix(su:session): session closed for user rubyman
May  9 06:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358037.
May  9 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Failed password for invalid user hadoop from 146.190.241.149 port 39172 ssh2
May  9 06:40:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17489]: Connection closed by 146.190.241.149 port 39172 [preauth]
May  9 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17495]: pam_unix(cron:session): session closed for user root
May  9 06:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14635]: pam_unix(cron:session): session closed for user root
May  9 06:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17494]: pam_unix(cron:session): session closed for user samftp
May  9 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Failed password for root from 146.190.241.149 port 43810 ssh2
May  9 06:40:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17898]: Connection closed by 146.190.241.149 port 43810 [preauth]
May  9 06:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Invalid user wordpress from 146.190.241.149
May  9 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: input_userauth_request: invalid user wordpress [preauth]
May  9 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Failed password for invalid user wordpress from 146.190.241.149 port 54474 ssh2
May  9 06:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17958]: Connection closed by 146.190.241.149 port 54474 [preauth]
May  9 06:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16520]: pam_unix(cron:session): session closed for user root
May  9 06:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Failed password for root from 146.190.241.149 port 50410 ssh2
May  9 06:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18001]: Connection closed by 146.190.241.149 port 50410 [preauth]
May  9 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: Invalid user blockchain from 146.190.241.149
May  9 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: input_userauth_request: invalid user blockchain [preauth]
May  9 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: Failed password for invalid user blockchain from 146.190.241.149 port 56766 ssh2
May  9 06:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18046]: Connection closed by 146.190.241.149 port 56766 [preauth]
May  9 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18065]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18063]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18062]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18062]: pam_unix(cron:session): session closed for user p13x
May  9 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18142]: Successful su for rubyman by root
May  9 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18142]: + ??? root:rubyman
May  9 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18142]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358044 of user rubyman.
May  9 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18142]: pam_unix(su:session): session closed for user rubyman
May  9 06:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358044.
May  9 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: Invalid user elasticsearch from 146.190.241.149
May  9 06:41:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15055]: pam_unix(cron:session): session closed for user root
May  9 06:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18063]: pam_unix(cron:session): session closed for user samftp
May  9 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: Failed password for invalid user elasticsearch from 146.190.241.149 port 33708 ssh2
May  9 06:41:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18270]: Connection closed by 146.190.241.149 port 33708 [preauth]
May  9 06:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Invalid user testuser from 146.190.241.149
May  9 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: input_userauth_request: invalid user testuser [preauth]
May  9 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Failed password for invalid user testuser from 146.190.241.149 port 44724 ssh2
May  9 06:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18351]: Connection closed by 146.190.241.149 port 44724 [preauth]
May  9 06:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Invalid user admin from 80.94.95.241
May  9 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: input_userauth_request: invalid user admin [preauth]
May  9 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 06:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: Failed password for root from 146.190.241.149 port 34906 ssh2
May  9 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18397]: Connection closed by 146.190.241.149 port 34906 [preauth]
May  9 06:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16986]: pam_unix(cron:session): session closed for user root
May  9 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for invalid user admin from 80.94.95.241 port 17293 ssh2
May  9 06:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for invalid user admin from 80.94.95.241 port 17293 ssh2
May  9 06:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for invalid user admin from 80.94.95.241 port 17293 ssh2
May  9 06:41:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for invalid user admin from 80.94.95.241 port 17293 ssh2
May  9 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: Invalid user gitlab from 146.190.241.149
May  9 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: input_userauth_request: invalid user gitlab [preauth]
May  9 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Failed password for invalid user admin from 80.94.95.241 port 17293 ssh2
May  9 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Received disconnect from 80.94.95.241 port 17293:11: Bye [preauth]
May  9 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: Disconnected from 80.94.95.241 port 17293 [preauth]
May  9 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 06:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18400]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 06:41:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: Failed password for invalid user gitlab from 146.190.241.149 port 49268 ssh2
May  9 06:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18446]: Connection closed by 146.190.241.149 port 49268 [preauth]
May  9 06:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: Invalid user useradmin from 60.49.31.229
May  9 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: input_userauth_request: invalid user useradmin [preauth]
May  9 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: Failed password for invalid user useradmin from 60.49.31.229 port 58842 ssh2
May  9 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: Received disconnect from 60.49.31.229 port 58842:11: Bye Bye [preauth]
May  9 06:41:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18469]: Disconnected from 60.49.31.229 port 58842 [preauth]
May  9 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Invalid user redis from 146.190.241.149
May  9 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: input_userauth_request: invalid user redis [preauth]
May  9 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Failed password for invalid user redis from 146.190.241.149 port 51930 ssh2
May  9 06:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18484]: Connection closed by 146.190.241.149 port 51930 [preauth]
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18505]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18504]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18503]: pam_unix(cron:session): session closed for user p13x
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18562]: Successful su for rubyman by root
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18562]: + ??? root:rubyman
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18562]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358046 of user rubyman.
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18562]: pam_unix(su:session): session closed for user rubyman
May  9 06:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358046.
May  9 06:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15485]: pam_unix(cron:session): session closed for user root
May  9 06:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18504]: pam_unix(cron:session): session closed for user samftp
May  9 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Invalid user solana from 146.190.241.149
May  9 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: input_userauth_request: invalid user solana [preauth]
May  9 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Failed password for invalid user solana from 146.190.241.149 port 59628 ssh2
May  9 06:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18748]: Connection closed by 146.190.241.149 port 59628 [preauth]
May  9 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: Invalid user test from 146.190.241.149
May  9 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: input_userauth_request: invalid user test [preauth]
May  9 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:42:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: Failed password for invalid user test from 146.190.241.149 port 36916 ssh2
May  9 06:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18786]: Connection closed by 146.190.241.149 port 36916 [preauth]
May  9 06:42:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Invalid user demo from 146.190.241.149
May  9 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: input_userauth_request: invalid user demo [preauth]
May  9 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17497]: pam_unix(cron:session): session closed for user root
May  9 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Failed password for invalid user demo from 146.190.241.149 port 35956 ssh2
May  9 06:42:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18838]: Connection closed by 146.190.241.149 port 35956 [preauth]
May  9 06:42:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: Invalid user satisfactory from 146.190.241.149
May  9 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: input_userauth_request: invalid user satisfactory [preauth]
May  9 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: Failed password for invalid user satisfactory from 146.190.241.149 port 60230 ssh2
May  9 06:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18884]: Connection closed by 146.190.241.149 port 60230 [preauth]
May  9 06:42:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Invalid user www from 146.190.241.149
May  9 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: input_userauth_request: invalid user www [preauth]
May  9 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18915]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18915]: pam_unix(cron:session): session closed for user p13x
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: Successful su for rubyman by root
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: + ??? root:rubyman
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358051 of user rubyman.
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18976]: pam_unix(su:session): session closed for user rubyman
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358051.
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Failed password for invalid user www from 146.190.241.149 port 33692 ssh2
May  9 06:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18909]: Connection closed by 146.190.241.149 port 33692 [preauth]
May  9 06:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session closed for user root
May  9 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19156]: Connection closed by 92.204.144.151 port 58678 [preauth]
May  9 06:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18917]: pam_unix(cron:session): session closed for user samftp
May  9 06:43:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Invalid user dev from 186.233.208.13
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: input_userauth_request: invalid user dev [preauth]
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.233.208.13
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Invalid user elasticsearch from 146.190.241.149
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Failed password for invalid user dev from 186.233.208.13 port 47724 ssh2
May  9 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Failed password for invalid user elasticsearch from 146.190.241.149 port 58764 ssh2
May  9 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Received disconnect from 186.233.208.13 port 47724:11: Bye Bye [preauth]
May  9 06:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19175]: Disconnected from 186.233.208.13 port 47724 [preauth]
May  9 06:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19177]: Connection closed by 146.190.241.149 port 58764 [preauth]
May  9 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Invalid user opc from 146.190.241.149
May  9 06:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: input_userauth_request: invalid user opc [preauth]
May  9 06:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Failed password for invalid user opc from 146.190.241.149 port 60972 ssh2
May  9 06:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19223]: Connection closed by 146.190.241.149 port 60972 [preauth]
May  9 06:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18065]: pam_unix(cron:session): session closed for user root
May  9 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: Invalid user sol from 146.190.241.149
May  9 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: input_userauth_request: invalid user sol [preauth]
May  9 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: Failed password for invalid user sol from 146.190.241.149 port 42676 ssh2
May  9 06:43:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19281]: Connection closed by 146.190.241.149 port 42676 [preauth]
May  9 06:43:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: Invalid user nexus from 146.190.241.149
May  9 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: input_userauth_request: invalid user nexus [preauth]
May  9 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: Failed password for invalid user nexus from 146.190.241.149 port 50992 ssh2
May  9 06:43:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19316]: Connection closed by 146.190.241.149 port 50992 [preauth]
May  9 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19337]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19336]: pam_unix(cron:session): session closed for user p13x
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: Successful su for rubyman by root
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: + ??? root:rubyman
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358054 of user rubyman.
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19397]: pam_unix(su:session): session closed for user rubyman
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358054.
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: Invalid user vagrant from 146.190.241.149
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: input_userauth_request: invalid user vagrant [preauth]
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16518]: pam_unix(cron:session): session closed for user root
May  9 06:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: Failed password for invalid user vagrant from 146.190.241.149 port 47432 ssh2
May  9 06:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19396]: Connection closed by 146.190.241.149 port 47432 [preauth]
May  9 06:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19337]: pam_unix(cron:session): session closed for user samftp
May  9 06:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Invalid user caddy from 146.190.241.149
May  9 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: input_userauth_request: invalid user caddy [preauth]
May  9 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:44:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Failed password for invalid user caddy from 146.190.241.149 port 48200 ssh2
May  9 06:44:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19615]: Connection closed by 146.190.241.149 port 48200 [preauth]
May  9 06:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: Invalid user app from 146.190.241.149
May  9 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: input_userauth_request: invalid user app [preauth]
May  9 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:44:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: Failed password for invalid user app from 146.190.241.149 port 38552 ssh2
May  9 06:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19661]: Connection closed by 146.190.241.149 port 38552 [preauth]
May  9 06:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18506]: pam_unix(cron:session): session closed for user root
May  9 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Invalid user hadoop from 146.190.241.149
May  9 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: input_userauth_request: invalid user hadoop [preauth]
May  9 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:44:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Failed password for invalid user hadoop from 146.190.241.149 port 36236 ssh2
May  9 06:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19708]: Connection closed by 146.190.241.149 port 36236 [preauth]
May  9 06:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:44:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: Failed password for root from 146.190.241.149 port 48978 ssh2
May  9 06:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19749]: Connection closed by 146.190.241.149 port 48978 [preauth]
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19765]: pam_unix(cron:session): session closed for user root
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19760]: pam_unix(cron:session): session closed for user p13x
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: Successful su for rubyman by root
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: + ??? root:rubyman
May  9 06:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358063 of user rubyman.
May  9 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19834]: pam_unix(su:session): session closed for user rubyman
May  9 06:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358063.
May  9 06:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19762]: pam_unix(cron:session): session closed for user root
May  9 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16985]: pam_unix(cron:session): session closed for user root
May  9 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Invalid user testuser from 146.190.241.149
May  9 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: input_userauth_request: invalid user testuser [preauth]
May  9 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:45:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19761]: pam_unix(cron:session): session closed for user samftp
May  9 06:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Failed password for invalid user testuser from 146.190.241.149 port 49344 ssh2
May  9 06:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20024]: Connection closed by 146.190.241.149 port 49344 [preauth]
May  9 06:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: Invalid user zxhuang from 14.103.127.97
May  9 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: input_userauth_request: invalid user zxhuang [preauth]
May  9 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: Failed password for invalid user zxhuang from 14.103.127.97 port 45746 ssh2
May  9 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: Received disconnect from 14.103.127.97 port 45746:11: Bye Bye [preauth]
May  9 06:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20061]: Disconnected from 14.103.127.97 port 45746 [preauth]
May  9 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: Invalid user ubuntu from 146.190.241.149
May  9 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:45:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: Failed password for invalid user ubuntu from 146.190.241.149 port 52470 ssh2
May  9 06:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20087]: Connection closed by 146.190.241.149 port 52470 [preauth]
May  9 06:45:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: User bin from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: input_userauth_request: invalid user bin [preauth]
May  9 06:45:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=bin
May  9 06:45:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18919]: pam_unix(cron:session): session closed for user root
May  9 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Failed password for invalid user bin from 146.190.241.149 port 32774 ssh2
May  9 06:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20128]: Connection closed by 146.190.241.149 port 32774 [preauth]
May  9 06:45:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Invalid user terraria from 146.190.241.149
May  9 06:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: input_userauth_request: invalid user terraria [preauth]
May  9 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Failed password for invalid user terraria from 146.190.241.149 port 52746 ssh2
May  9 06:45:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20174]: Connection closed by 146.190.241.149 port 52746 [preauth]
May  9 06:45:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: Invalid user solana from 146.190.241.149
May  9 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: input_userauth_request: invalid user solana [preauth]
May  9 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:45:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: Failed password for invalid user solana from 146.190.241.149 port 46036 ssh2
May  9 06:46:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20209]: Connection closed by 146.190.241.149 port 46036 [preauth]
May  9 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20224]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20222]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20223]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20221]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20221]: pam_unix(cron:session): session closed for user p13x
May  9 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: Successful su for rubyman by root
May  9 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: + ??? root:rubyman
May  9 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358064 of user rubyman.
May  9 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20288]: pam_unix(su:session): session closed for user rubyman
May  9 06:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358064.
May  9 06:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17496]: pam_unix(cron:session): session closed for user root
May  9 06:46:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20222]: pam_unix(cron:session): session closed for user samftp
May  9 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: Invalid user subsonic from 146.190.241.149
May  9 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: input_userauth_request: invalid user subsonic [preauth]
May  9 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:46:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: Failed password for invalid user subsonic from 146.190.241.149 port 58130 ssh2
May  9 06:46:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20475]: Connection closed by 146.190.241.149 port 58130 [preauth]
May  9 06:46:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Invalid user esuser from 146.190.241.149
May  9 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: input_userauth_request: invalid user esuser [preauth]
May  9 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:46:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Failed password for invalid user esuser from 146.190.241.149 port 35462 ssh2
May  9 06:46:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20508]: Connection closed by 146.190.241.149 port 35462 [preauth]
May  9 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19339]: pam_unix(cron:session): session closed for user root
May  9 06:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Invalid user terraria from 146.190.241.149
May  9 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: input_userauth_request: invalid user terraria [preauth]
May  9 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Failed password for invalid user terraria from 146.190.241.149 port 46916 ssh2
May  9 06:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20570]: Connection closed by 146.190.241.149 port 46916 [preauth]
May  9 06:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Invalid user centos from 146.190.241.149
May  9 06:46:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: input_userauth_request: invalid user centos [preauth]
May  9 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:46:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Failed password for invalid user centos from 146.190.241.149 port 41306 ssh2
May  9 06:46:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20602]: Connection closed by 146.190.241.149 port 41306 [preauth]
May  9 06:46:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20633]: pam_unix(cron:session): session closed for user p13x
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: Successful su for rubyman by root
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: + ??? root:rubyman
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358068 of user rubyman.
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20698]: pam_unix(su:session): session closed for user rubyman
May  9 06:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358068.
May  9 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Failed password for root from 146.190.241.149 port 59354 ssh2
May  9 06:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20630]: Connection closed by 146.190.241.149 port 59354 [preauth]
May  9 06:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18064]: pam_unix(cron:session): session closed for user root
May  9 06:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20634]: pam_unix(cron:session): session closed for user samftp
May  9 06:47:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Invalid user dolphin from 146.190.241.149
May  9 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: input_userauth_request: invalid user dolphin [preauth]
May  9 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:47:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Failed password for invalid user dolphin from 146.190.241.149 port 50642 ssh2
May  9 06:47:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20909]: Connection closed by 146.190.241.149 port 50642 [preauth]
May  9 06:47:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Invalid user steam from 146.190.241.149
May  9 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: input_userauth_request: invalid user steam [preauth]
May  9 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Failed password for invalid user steam from 146.190.241.149 port 41012 ssh2
May  9 06:47:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20954]: Connection closed by 146.190.241.149 port 41012 [preauth]
May  9 06:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19764]: pam_unix(cron:session): session closed for user root
May  9 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Invalid user flussonic from 146.190.241.149
May  9 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: input_userauth_request: invalid user flussonic [preauth]
May  9 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:47:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:47:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: Invalid user sonaruser from 60.49.31.229
May  9 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: input_userauth_request: invalid user sonaruser [preauth]
May  9 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:47:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Failed password for invalid user flussonic from 146.190.241.149 port 55312 ssh2
May  9 06:47:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20999]: Connection closed by 146.190.241.149 port 55312 [preauth]
May  9 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: Failed password for invalid user sonaruser from 60.49.31.229 port 39560 ssh2
May  9 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: Received disconnect from 60.49.31.229 port 39560:11: Bye Bye [preauth]
May  9 06:47:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21001]: Disconnected from 60.49.31.229 port 39560 [preauth]
May  9 06:47:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Invalid user hadoop from 146.190.241.149
May  9 06:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: input_userauth_request: invalid user hadoop [preauth]
May  9 06:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:47:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Failed password for invalid user hadoop from 146.190.241.149 port 49892 ssh2
May  9 06:47:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21032]: Connection closed by 146.190.241.149 port 49892 [preauth]
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21053]: pam_unix(cron:session): session closed for user p13x
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: Successful su for rubyman by root
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: + ??? root:rubyman
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358073 of user rubyman.
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21120]: pam_unix(su:session): session closed for user rubyman
May  9 06:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358073.
May  9 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Invalid user zookeeper from 146.190.241.149
May  9 06:48:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: input_userauth_request: invalid user zookeeper [preauth]
May  9 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18505]: pam_unix(cron:session): session closed for user root
May  9 06:48:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Failed password for invalid user zookeeper from 146.190.241.149 port 36818 ssh2
May  9 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21249]: Connection closed by 146.190.241.149 port 36818 [preauth]
May  9 06:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21054]: pam_unix(cron:session): session closed for user samftp
May  9 06:48:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Invalid user gpadmin from 146.190.241.149
May  9 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: input_userauth_request: invalid user gpadmin [preauth]
May  9 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Failed password for invalid user gpadmin from 146.190.241.149 port 41548 ssh2
May  9 06:48:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21376]: Connection closed by 146.190.241.149 port 41548 [preauth]
May  9 06:48:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: Invalid user ubuntu from 146.190.241.149
May  9 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:48:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: Failed password for invalid user ubuntu from 146.190.241.149 port 53816 ssh2
May  9 06:48:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21406]: Connection closed by 146.190.241.149 port 53816 [preauth]
May  9 06:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20224]: pam_unix(cron:session): session closed for user root
May  9 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:48:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Failed password for root from 146.190.241.149 port 58856 ssh2
May  9 06:48:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21453]: Connection closed by 146.190.241.149 port 58856 [preauth]
May  9 06:48:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: Invalid user madsonic from 146.190.241.149
May  9 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: input_userauth_request: invalid user madsonic [preauth]
May  9 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:48:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: Failed password for invalid user madsonic from 146.190.241.149 port 60084 ssh2
May  9 06:48:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21489]: Connection closed by 146.190.241.149 port 60084 [preauth]
May  9 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21507]: pam_unix(cron:session): session closed for user p13x
May  9 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: Successful su for rubyman by root
May  9 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: + ??? root:rubyman
May  9 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358076 of user rubyman.
May  9 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21577]: pam_unix(su:session): session closed for user rubyman
May  9 06:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358076.
May  9 06:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18918]: pam_unix(cron:session): session closed for user root
May  9 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21508]: pam_unix(cron:session): session closed for user samftp
May  9 06:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21895]: Failed password for root from 146.190.241.149 port 52250 ssh2
May  9 06:49:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21895]: Connection closed by 146.190.241.149 port 52250 [preauth]
May  9 06:49:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:49:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:49:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Failed password for root from 146.190.241.149 port 59858 ssh2
May  9 06:49:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22108]: Connection closed by 146.190.241.149 port 59858 [preauth]
May  9 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Invalid user elasticsearch from 146.190.241.149
May  9 06:49:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20637]: pam_unix(cron:session): session closed for user root
May  9 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Failed password for invalid user elasticsearch from 146.190.241.149 port 43644 ssh2
May  9 06:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22145]: Connection closed by 146.190.241.149 port 43644 [preauth]
May  9 06:49:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Invalid user git from 146.190.241.149
May  9 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: input_userauth_request: invalid user git [preauth]
May  9 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:49:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Failed password for invalid user git from 146.190.241.149 port 42848 ssh2
May  9 06:49:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22212]: Connection closed by 146.190.241.149 port 42848 [preauth]
May  9 06:49:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Invalid user wang from 146.190.241.149
May  9 06:49:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: input_userauth_request: invalid user wang [preauth]
May  9 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:49:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Failed password for invalid user wang from 146.190.241.149 port 49010 ssh2
May  9 06:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22240]: Connection closed by 146.190.241.149 port 49010 [preauth]
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22267]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22267]: pam_unix(cron:session): session closed for user root
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22262]: pam_unix(cron:session): session closed for user p13x
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: Successful su for rubyman by root
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: + ??? root:rubyman
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358082 of user rubyman.
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22343]: pam_unix(su:session): session closed for user rubyman
May  9 06:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358082.
May  9 06:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22264]: pam_unix(cron:session): session closed for user root
May  9 06:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19338]: pam_unix(cron:session): session closed for user root
May  9 06:50:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22263]: pam_unix(cron:session): session closed for user samftp
May  9 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: User www-data from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: input_userauth_request: invalid user www-data [preauth]
May  9 06:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=www-data
May  9 06:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Failed password for invalid user www-data from 146.190.241.149 port 59926 ssh2
May  9 06:50:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22597]: Connection closed by 146.190.241.149 port 59926 [preauth]
May  9 06:50:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22634]: User sys from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22634]: input_userauth_request: invalid user sys [preauth]
May  9 06:50:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=sys
May  9 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22634]: Failed password for invalid user sys from 146.190.241.149 port 59018 ssh2
May  9 06:50:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22634]: Connection closed by 146.190.241.149 port 59018 [preauth]
May  9 06:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21057]: pam_unix(cron:session): session closed for user root
May  9 06:50:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Invalid user ranger from 146.190.241.149
May  9 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: input_userauth_request: invalid user ranger [preauth]
May  9 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:50:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Failed password for invalid user ranger from 146.190.241.149 port 46368 ssh2
May  9 06:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22691]: Connection closed by 146.190.241.149 port 46368 [preauth]
May  9 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Invalid user deploy from 146.190.241.149
May  9 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: input_userauth_request: invalid user deploy [preauth]
May  9 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:50:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Failed password for invalid user deploy from 146.190.241.149 port 45430 ssh2
May  9 06:50:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22733]: Connection closed by 146.190.241.149 port 45430 [preauth]
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22760]: pam_unix(cron:session): session closed for user p13x
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22841]: Successful su for rubyman by root
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22841]: + ??? root:rubyman
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22841]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358086 of user rubyman.
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22841]: pam_unix(su:session): session closed for user rubyman
May  9 06:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358086.
May  9 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: Invalid user oracle from 146.190.241.149
May  9 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: input_userauth_request: invalid user oracle [preauth]
May  9 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:51:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: Failed password for invalid user oracle from 146.190.241.149 port 54260 ssh2
May  9 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22867]: Connection closed by 146.190.241.149 port 54260 [preauth]
May  9 06:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19763]: pam_unix(cron:session): session closed for user root
May  9 06:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22761]: pam_unix(cron:session): session closed for user samftp
May  9 06:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: Invalid user oracle from 146.190.241.149
May  9 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: input_userauth_request: invalid user oracle [preauth]
May  9 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:51:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: Failed password for invalid user oracle from 146.190.241.149 port 36076 ssh2
May  9 06:51:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23087]: Connection closed by 146.190.241.149 port 36076 [preauth]
May  9 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: Invalid user hadoop from 146.190.241.149
May  9 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: input_userauth_request: invalid user hadoop [preauth]
May  9 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:51:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: Failed password for invalid user hadoop from 146.190.241.149 port 33036 ssh2
May  9 06:51:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23129]: Connection closed by 146.190.241.149 port 33036 [preauth]
May  9 06:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21510]: pam_unix(cron:session): session closed for user root
May  9 06:51:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:51:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Failed password for root from 146.190.241.149 port 57080 ssh2
May  9 06:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23172]: Connection closed by 146.190.241.149 port 57080 [preauth]
May  9 06:51:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:51:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:51:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Failed password for root from 146.190.241.149 port 52714 ssh2
May  9 06:51:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23224]: Connection closed by 146.190.241.149 port 52714 [preauth]
May  9 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23237]: pam_unix(cron:session): session closed for user p13x
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23296]: Successful su for rubyman by root
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23296]: + ??? root:rubyman
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23296]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358090 of user rubyman.
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23296]: pam_unix(su:session): session closed for user rubyman
May  9 06:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358090.
May  9 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20223]: pam_unix(cron:session): session closed for user root
May  9 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Invalid user wordpress from 146.190.241.149
May  9 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: input_userauth_request: invalid user wordpress [preauth]
May  9 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23238]: pam_unix(cron:session): session closed for user samftp
May  9 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Failed password for invalid user wordpress from 146.190.241.149 port 37904 ssh2
May  9 06:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23553]: Connection closed by 146.190.241.149 port 37904 [preauth]
May  9 06:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23612]: User bin from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23612]: input_userauth_request: invalid user bin [preauth]
May  9 06:52:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=bin
May  9 06:52:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23612]: Failed password for invalid user bin from 146.190.241.149 port 46184 ssh2
May  9 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23612]: Connection closed by 146.190.241.149 port 46184 [preauth]
May  9 06:52:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Failed password for root from 14.103.127.97 port 34676 ssh2
May  9 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Received disconnect from 14.103.127.97 port 34676:11: Bye Bye [preauth]
May  9 06:52:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23622]: Disconnected from 14.103.127.97 port 34676 [preauth]
May  9 06:52:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: Invalid user latitude from 146.190.241.149
May  9 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: input_userauth_request: invalid user latitude [preauth]
May  9 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:52:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22266]: pam_unix(cron:session): session closed for user root
May  9 06:52:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: Failed password for invalid user latitude from 146.190.241.149 port 60244 ssh2
May  9 06:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23654]: Connection closed by 146.190.241.149 port 60244 [preauth]
May  9 06:52:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Invalid user zabbix from 146.190.241.149
May  9 06:52:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: input_userauth_request: invalid user zabbix [preauth]
May  9 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:52:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:52:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Failed password for invalid user zabbix from 146.190.241.149 port 57278 ssh2
May  9 06:52:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23695]: Connection closed by 146.190.241.149 port 57278 [preauth]
May  9 06:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: Invalid user ubuntu from 146.190.241.149
May  9 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: input_userauth_request: invalid user ubuntu [preauth]
May  9 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: Failed password for invalid user ubuntu from 146.190.241.149 port 36154 ssh2
May  9 06:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23727]: Connection closed by 146.190.241.149 port 36154 [preauth]
May  9 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23750]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23749]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23747]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23747]: pam_unix(cron:session): session closed for user p13x
May  9 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23913]: Successful su for rubyman by root
May  9 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23913]: + ??? root:rubyman
May  9 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23913]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358094 of user rubyman.
May  9 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23913]: pam_unix(su:session): session closed for user rubyman
May  9 06:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358094.
May  9 06:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20635]: pam_unix(cron:session): session closed for user root
May  9 06:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23749]: pam_unix(cron:session): session closed for user samftp
May  9 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: User uucp from 146.190.241.149 not allowed because not listed in AllowUsers
May  9 06:53:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: input_userauth_request: invalid user uucp [preauth]
May  9 06:53:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=uucp
May  9 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: Failed password for invalid user uucp from 146.190.241.149 port 54312 ssh2
May  9 06:53:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24116]: Connection closed by 146.190.241.149 port 54312 [preauth]
May  9 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Invalid user sftpuser from 146.190.241.149
May  9 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: input_userauth_request: invalid user sftpuser [preauth]
May  9 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:53:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Failed password for invalid user sftpuser from 146.190.241.149 port 41372 ssh2
May  9 06:53:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24149]: Connection closed by 146.190.241.149 port 41372 [preauth]
May  9 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22763]: pam_unix(cron:session): session closed for user root
May  9 06:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: Failed password for root from 146.190.241.149 port 46352 ssh2
May  9 06:53:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24193]: Connection closed by 146.190.241.149 port 46352 [preauth]
May  9 06:53:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Invalid user frank from 60.49.31.229
May  9 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: input_userauth_request: invalid user frank [preauth]
May  9 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:53:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Failed password for invalid user frank from 60.49.31.229 port 48516 ssh2
May  9 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Received disconnect from 60.49.31.229 port 48516:11: Bye Bye [preauth]
May  9 06:53:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24232]: Disconnected from 60.49.31.229 port 48516 [preauth]
May  9 06:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:53:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149  user=root
May  9 06:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Failed password for root from 146.190.241.149 port 56186 ssh2
May  9 06:53:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24260]: Connection closed by 146.190.241.149 port 56186 [preauth]
May  9 06:53:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:53:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24283]: Disconnected from 185.93.89.118 port 15932 [preauth]
May  9 06:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: Invalid user user from 146.190.241.149
May  9 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: input_userauth_request: invalid user user [preauth]
May  9 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:54:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24305]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24303]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24304]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24300]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24300]: pam_unix(cron:session): session closed for user p13x
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: Successful su for rubyman by root
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: + ??? root:rubyman
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358098 of user rubyman.
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24370]: pam_unix(su:session): session closed for user rubyman
May  9 06:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358098.
May  9 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: Failed password for invalid user user from 146.190.241.149 port 53216 ssh2
May  9 06:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24285]: Connection closed by 146.190.241.149 port 53216 [preauth]
May  9 06:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21055]: pam_unix(cron:session): session closed for user root
May  9 06:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24303]: pam_unix(cron:session): session closed for user samftp
May  9 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Invalid user www from 146.190.241.149
May  9 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: input_userauth_request: invalid user www [preauth]
May  9 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:54:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Failed password for invalid user www from 146.190.241.149 port 60762 ssh2
May  9 06:54:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24581]: Connection closed by 146.190.241.149 port 60762 [preauth]
May  9 06:54:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Invalid user www from 146.190.241.149
May  9 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: input_userauth_request: invalid user www [preauth]
May  9 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:54:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.241.149
May  9 06:54:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Failed password for invalid user www from 146.190.241.149 port 44402 ssh2
May  9 06:54:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24631]: Connection closed by 146.190.241.149 port 44402 [preauth]
May  9 06:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23240]: pam_unix(cron:session): session closed for user root
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24739]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24738]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24739]: pam_unix(cron:session): session closed for user root
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24734]: pam_unix(cron:session): session closed for user p13x
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: Successful su for rubyman by root
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: + ??? root:rubyman
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358103 of user rubyman.
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24802]: pam_unix(su:session): session closed for user rubyman
May  9 06:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358103.
May  9 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24736]: pam_unix(cron:session): session closed for user root
May  9 06:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21509]: pam_unix(cron:session): session closed for user root
May  9 06:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24735]: pam_unix(cron:session): session closed for user samftp
May  9 06:55:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23751]: pam_unix(cron:session): session closed for user root
May  9 06:55:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Invalid user prueba from 194.0.234.19
May  9 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: input_userauth_request: invalid user prueba [preauth]
May  9 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:55:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  9 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Failed password for invalid user prueba from 194.0.234.19 port 51564 ssh2
May  9 06:55:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25163]: Connection closed by 194.0.234.19 port 51564 [preauth]
May  9 06:55:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.201  user=root
May  9 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25177]: pam_unix(cron:session): session closed for user p13x
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: Successful su for rubyman by root
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: + ??? root:rubyman
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358108 of user rubyman.
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25249]: pam_unix(su:session): session closed for user rubyman
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358108.
May  9 06:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for root from 218.92.0.201 port 59652 ssh2
May  9 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22265]: pam_unix(cron:session): session closed for user root
May  9 06:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for root from 218.92.0.201 port 59652 ssh2
May  9 06:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25178]: pam_unix(cron:session): session closed for user samftp
May  9 06:56:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for root from 218.92.0.201 port 59652 ssh2
May  9 06:56:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25174]: Failed password for root from 218.92.0.201 port 59652 ssh2
May  9 06:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:56:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Invalid user admin from 80.94.95.112
May  9 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: input_userauth_request: invalid user admin [preauth]
May  9 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:56:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24305]: pam_unix(cron:session): session closed for user root
May  9 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user admin from 80.94.95.112 port 50508 ssh2
May  9 06:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:56:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user admin from 80.94.95.112 port 50508 ssh2
May  9 06:56:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user admin from 80.94.95.112 port 50508 ssh2
May  9 06:56:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user admin from 80.94.95.112 port 50508 ssh2
May  9 06:56:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:56:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Failed password for invalid user admin from 80.94.95.112 port 50508 ssh2
May  9 06:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Received disconnect from 80.94.95.112 port 50508:11: Bye [preauth]
May  9 06:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: Disconnected from 80.94.95.112 port 50508 [preauth]
May  9 06:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 06:56:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25511]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 06:56:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: Invalid user test from 193.70.84.184
May  9 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: input_userauth_request: invalid user test [preauth]
May  9 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:56:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: Failed password for invalid user test from 193.70.84.184 port 41360 ssh2
May  9 06:57:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25605]: Connection closed by 193.70.84.184 port 41360 [preauth]
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25611]: pam_unix(cron:session): session closed for user p13x
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25714]: Successful su for rubyman by root
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25714]: + ??? root:rubyman
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25714]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358113 of user rubyman.
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25714]: pam_unix(su:session): session closed for user rubyman
May  9 06:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358113.
May  9 06:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22762]: pam_unix(cron:session): session closed for user root
May  9 06:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25612]: pam_unix(cron:session): session closed for user samftp
May  9 06:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24738]: pam_unix(cron:session): session closed for user root
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26103]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26102]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26101]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26101]: pam_unix(cron:session): session closed for user p13x
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26163]: Successful su for rubyman by root
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26163]: + ??? root:rubyman
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26163]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358117 of user rubyman.
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26163]: pam_unix(su:session): session closed for user rubyman
May  9 06:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358117.
May  9 06:58:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23239]: pam_unix(cron:session): session closed for user root
May  9 06:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26102]: pam_unix(cron:session): session closed for user samftp
May  9 06:58:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25180]: pam_unix(cron:session): session closed for user root
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26577]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26578]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26576]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26575]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26575]: pam_unix(cron:session): session closed for user p13x
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: Successful su for rubyman by root
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: + ??? root:rubyman
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358121 of user rubyman.
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26635]: pam_unix(su:session): session closed for user rubyman
May  9 06:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358121.
May  9 06:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23750]: pam_unix(cron:session): session closed for user root
May  9 06:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26576]: pam_unix(cron:session): session closed for user samftp
May  9 06:59:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:59:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Failed password for root from 14.103.127.97 port 47546 ssh2
May  9 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Received disconnect from 14.103.127.97 port 47546:11: Bye Bye [preauth]
May  9 06:59:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26864]: Disconnected from 14.103.127.97 port 47546 [preauth]
May  9 06:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25617]: pam_unix(cron:session): session closed for user root
May  9 06:59:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Invalid user zihan from 60.49.31.229
May  9 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: input_userauth_request: invalid user zihan [preauth]
May  9 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: pam_unix(sshd:auth): check pass; user unknown
May  9 06:59:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 06:59:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Failed password for invalid user zihan from 60.49.31.229 port 57470 ssh2
May  9 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Received disconnect from 60.49.31.229 port 57470:11: Bye Bye [preauth]
May  9 06:59:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26950]: Disconnected from 60.49.31.229 port 57470 [preauth]
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27036]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27039]: pam_unix(cron:session): session closed for user root
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27034]: pam_unix(cron:session): session closed for user root
May  9 07:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27029]: pam_unix(cron:session): session closed for user p13x
May  9 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: Successful su for rubyman by root
May  9 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: + ??? root:rubyman
May  9 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358128 of user rubyman.
May  9 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27149]: pam_unix(su:session): session closed for user rubyman
May  9 07:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358128.
May  9 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27035]: pam_unix(cron:session): session closed for user root
May  9 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24304]: pam_unix(cron:session): session closed for user root
May  9 07:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27335]: Did not receive identification string from 45.6.188.43
May  9 07:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27030]: pam_unix(cron:session): session closed for user samftp
May  9 07:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26104]: pam_unix(cron:session): session closed for user root
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27624]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27623]: pam_unix(cron:session): session closed for user p13x
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27700]: Successful su for rubyman by root
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27700]: + ??? root:rubyman
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27700]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358133 of user rubyman.
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27700]: pam_unix(su:session): session closed for user rubyman
May  9 07:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358133.
May  9 07:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24737]: pam_unix(cron:session): session closed for user root
May  9 07:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27624]: pam_unix(cron:session): session closed for user samftp
May  9 07:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26578]: pam_unix(cron:session): session closed for user root
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28045]: pam_unix(cron:session): session closed for user p13x
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28107]: Successful su for rubyman by root
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28107]: + ??? root:rubyman
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358136 of user rubyman.
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28107]: pam_unix(su:session): session closed for user rubyman
May  9 07:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358136.
May  9 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25179]: pam_unix(cron:session): session closed for user root
May  9 07:02:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28047]: pam_unix(cron:session): session closed for user samftp
May  9 07:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27038]: pam_unix(cron:session): session closed for user root
May  9 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28454]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28452]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28451]: pam_unix(cron:session): session closed for user p13x
May  9 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: Successful su for rubyman by root
May  9 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: + ??? root:rubyman
May  9 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358142 of user rubyman.
May  9 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28517]: pam_unix(su:session): session closed for user rubyman
May  9 07:03:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358142.
May  9 07:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25616]: pam_unix(cron:session): session closed for user root
May  9 07:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28452]: pam_unix(cron:session): session closed for user samftp
May  9 07:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27626]: pam_unix(cron:session): session closed for user root
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28847]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28846]: pam_unix(cron:session): session closed for user p13x
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: Successful su for rubyman by root
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: + ??? root:rubyman
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358143 of user rubyman.
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28914]: pam_unix(su:session): session closed for user rubyman
May  9 07:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358143.
May  9 07:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26103]: pam_unix(cron:session): session closed for user root
May  9 07:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28847]: pam_unix(cron:session): session closed for user samftp
May  9 07:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28050]: pam_unix(cron:session): session closed for user root
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29356]: pam_unix(cron:session): session closed for user root
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29351]: pam_unix(cron:session): session closed for user p13x
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: Successful su for rubyman by root
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: + ??? root:rubyman
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358152 of user rubyman.
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29426]: pam_unix(su:session): session closed for user rubyman
May  9 07:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358152.
May  9 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29353]: pam_unix(cron:session): session closed for user root
May  9 07:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26577]: pam_unix(cron:session): session closed for user root
May  9 07:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29352]: pam_unix(cron:session): session closed for user samftp
May  9 07:05:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Invalid user Test01 from 60.49.31.229
May  9 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: input_userauth_request: invalid user Test01 [preauth]
May  9 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:05:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Failed password for invalid user Test01 from 60.49.31.229 port 38188 ssh2
May  9 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Received disconnect from 60.49.31.229 port 38188:11: Bye Bye [preauth]
May  9 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29709]: Disconnected from 60.49.31.229 port 38188 [preauth]
May  9 07:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28454]: pam_unix(cron:session): session closed for user root
May  9 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29799]: pam_unix(cron:session): session closed for user p13x
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: Successful su for rubyman by root
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: + ??? root:rubyman
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358153 of user rubyman.
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29870]: pam_unix(su:session): session closed for user rubyman
May  9 07:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358153.
May  9 07:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27036]: pam_unix(cron:session): session closed for user root
May  9 07:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29800]: pam_unix(cron:session): session closed for user samftp
May  9 07:06:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Invalid user eduard from 14.103.127.97
May  9 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: input_userauth_request: invalid user eduard [preauth]
May  9 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:06:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 07:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Failed password for invalid user eduard from 14.103.127.97 port 60460 ssh2
May  9 07:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Received disconnect from 14.103.127.97 port 60460:11: Bye Bye [preauth]
May  9 07:06:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30081]: Disconnected from 14.103.127.97 port 60460 [preauth]
May  9 07:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session closed for user root
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30208]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30207]: pam_unix(cron:session): session closed for user p13x
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: Successful su for rubyman by root
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: + ??? root:rubyman
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358158 of user rubyman.
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30264]: pam_unix(su:session): session closed for user rubyman
May  9 07:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358158.
May  9 07:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27625]: pam_unix(cron:session): session closed for user root
May  9 07:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30208]: pam_unix(cron:session): session closed for user samftp
May  9 07:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29355]: pam_unix(cron:session): session closed for user root
May  9 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30597]: pam_unix(cron:session): session closed for user p13x
May  9 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: Successful su for rubyman by root
May  9 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: + ??? root:rubyman
May  9 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358161 of user rubyman.
May  9 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30658]: pam_unix(su:session): session closed for user rubyman
May  9 07:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358161.
May  9 07:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28048]: pam_unix(cron:session): session closed for user root
May  9 07:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30598]: pam_unix(cron:session): session closed for user samftp
May  9 07:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29802]: pam_unix(cron:session): session closed for user root
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31088]: pam_unix(cron:session): session closed for user p13x
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31213]: Successful su for rubyman by root
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31213]: + ??? root:rubyman
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358165 of user rubyman.
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31213]: pam_unix(su:session): session closed for user rubyman
May  9 07:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358165.
May  9 07:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31086]: pam_unix(cron:session): session closed for user root
May  9 07:09:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28453]: pam_unix(cron:session): session closed for user root
May  9 07:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31089]: pam_unix(cron:session): session closed for user samftp
May  9 07:09:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30210]: pam_unix(cron:session): session closed for user root
May  9 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31601]: pam_unix(cron:session): session closed for user root
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31595]: pam_unix(cron:session): session closed for user p13x
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31691]: Successful su for rubyman by root
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31691]: + ??? root:rubyman
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31691]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358171 of user rubyman.
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31691]: pam_unix(su:session): session closed for user rubyman
May  9 07:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358171.
May  9 07:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28848]: pam_unix(cron:session): session closed for user root
May  9 07:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31597]: pam_unix(cron:session): session closed for user root
May  9 07:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31596]: pam_unix(cron:session): session closed for user samftp
May  9 07:10:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30601]: pam_unix(cron:session): session closed for user root
May  9 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:10:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32316]: Did not receive identification string from 42.96.18.83
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32344]: pam_unix(cron:session): session closed for user p13x
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: Successful su for rubyman by root
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: + ??? root:rubyman
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358177 of user rubyman.
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32429]: pam_unix(su:session): session closed for user rubyman
May  9 07:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358177.
May  9 07:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29354]: pam_unix(cron:session): session closed for user root
May  9 07:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32345]: pam_unix(cron:session): session closed for user samftp
May  9 07:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Invalid user esearch from 60.49.31.229
May  9 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: input_userauth_request: invalid user esearch [preauth]
May  9 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:11:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.31.229
May  9 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Failed password for invalid user esearch from 60.49.31.229 port 47138 ssh2
May  9 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Received disconnect from 60.49.31.229 port 47138:11: Bye Bye [preauth]
May  9 07:11:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32766]: Disconnected from 60.49.31.229 port 47138 [preauth]
May  9 07:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31091]: pam_unix(cron:session): session closed for user root
May  9 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[478]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[478]: pam_unix(cron:session): session closed for user p13x
May  9 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[554]: Successful su for rubyman by root
May  9 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[554]: + ??? root:rubyman
May  9 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[554]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358180 of user rubyman.
May  9 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[554]: pam_unix(su:session): session closed for user rubyman
May  9 07:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358180.
May  9 07:12:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29801]: pam_unix(cron:session): session closed for user root
May  9 07:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[479]: pam_unix(cron:session): session closed for user samftp
May  9 07:12:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31600]: pam_unix(cron:session): session closed for user root
May  9 07:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:12:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Invalid user admin from 80.94.95.241
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: input_userauth_request: invalid user admin [preauth]
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: Invalid user tob from 14.103.127.97
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: input_userauth_request: invalid user tob [preauth]
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:12:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Failed password for invalid user admin from 80.94.95.241 port 56616 ssh2
May  9 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: Failed password for invalid user tob from 14.103.127.97 port 42912 ssh2
May  9 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: Received disconnect from 14.103.127.97 port 42912:11: Bye Bye [preauth]
May  9 07:12:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[915]: Disconnected from 14.103.127.97 port 42912 [preauth]
May  9 07:12:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Failed password for invalid user admin from 80.94.95.241 port 56616 ssh2
May  9 07:12:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for root from 218.92.0.209 port 12548 ssh2
May  9 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Failed password for invalid user admin from 80.94.95.241 port 56616 ssh2
May  9 07:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Failed password for invalid user admin from 80.94.95.241 port 56616 ssh2
May  9 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:12:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for root from 218.92.0.209 port 12548 ssh2
May  9 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Failed password for invalid user admin from 80.94.95.241 port 56616 ssh2
May  9 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Received disconnect from 80.94.95.241 port 56616:11: Bye [preauth]
May  9 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: Disconnected from 80.94.95.241 port 56616 [preauth]
May  9 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 07:13:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[913]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[948]: pam_unix(cron:session): session closed for user p13x
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: Successful su for rubyman by root
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: + ??? root:rubyman
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358184 of user rubyman.
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1022]: pam_unix(su:session): session closed for user rubyman
May  9 07:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358184.
May  9 07:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for root from 218.92.0.209 port 12548 ssh2
May  9 07:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30209]: pam_unix(cron:session): session closed for user root
May  9 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[949]: pam_unix(cron:session): session closed for user samftp
May  9 07:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for root from 218.92.0.209 port 12548 ssh2
May  9 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Failed password for root from 218.92.0.209 port 12548 ssh2
May  9 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 12548 ssh2 [preauth]
May  9 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: Disconnecting: Too many authentication failures [preauth]
May  9 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:13:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[925]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 07:13:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:13:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for root from 218.92.0.209 port 65206 ssh2
May  9 07:13:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for root from 218.92.0.209 port 65206 ssh2
May  9 07:13:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:13:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for root from 218.92.0.209 port 65206 ssh2
May  9 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Failed password for root from 42.96.18.83 port 37232 ssh2
May  9 07:13:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1299]: Connection closed by 42.96.18.83 port 37232 [preauth]
May  9 07:13:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Invalid user pi from 42.96.18.83
May  9 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: input_userauth_request: invalid user pi [preauth]
May  9 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for root from 218.92.0.209 port 65206 ssh2
May  9 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Failed password for invalid user pi from 42.96.18.83 port 37242 ssh2
May  9 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1316]: Connection closed by 42.96.18.83 port 37242 [preauth]
May  9 07:13:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Invalid user hive from 42.96.18.83
May  9 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: input_userauth_request: invalid user hive [preauth]
May  9 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for root from 218.92.0.209 port 65206 ssh2
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Failed password for invalid user hive from 42.96.18.83 port 37254 ssh2
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1331]: Connection closed by 42.96.18.83 port 37254 [preauth]
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Failed password for root from 218.92.0.209 port 65206 ssh2
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 65206 ssh2 [preauth]
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: Disconnecting: Too many authentication failures [preauth]
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1264]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Invalid user git from 42.96.18.83
May  9 07:13:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: input_userauth_request: invalid user git [preauth]
May  9 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32347]: pam_unix(cron:session): session closed for user root
May  9 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Failed password for invalid user git from 42.96.18.83 port 33312 ssh2
May  9 07:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1342]: Connection closed by 42.96.18.83 port 33312 [preauth]
May  9 07:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: Invalid user wang from 42.96.18.83
May  9 07:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: input_userauth_request: invalid user wang [preauth]
May  9 07:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: Failed password for invalid user wang from 42.96.18.83 port 33326 ssh2
May  9 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1368]: Connection closed by 42.96.18.83 port 33326 [preauth]
May  9 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Invalid user nginx from 42.96.18.83
May  9 07:13:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: input_userauth_request: invalid user nginx [preauth]
May  9 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Failed password for invalid user nginx from 42.96.18.83 port 33336 ssh2
May  9 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1377]: Connection closed by 42.96.18.83 port 33336 [preauth]
May  9 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Failed password for root from 218.92.0.179 port 53005 ssh2
May  9 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Invalid user mongo from 42.96.18.83
May  9 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: input_userauth_request: invalid user mongo [preauth]
May  9 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Failed password for root from 218.92.0.179 port 53005 ssh2
May  9 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Failed password for invalid user mongo from 42.96.18.83 port 50398 ssh2
May  9 07:13:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1392]: Connection closed by 42.96.18.83 port 50398 [preauth]
May  9 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Invalid user user from 42.96.18.83
May  9 07:13:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: input_userauth_request: invalid user user [preauth]
May  9 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Failed password for root from 218.92.0.179 port 53005 ssh2
May  9 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Received disconnect from 218.92.0.179 port 53005:11:  [preauth]
May  9 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: Disconnected from 218.92.0.179 port 53005 [preauth]
May  9 07:13:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1379]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Failed password for invalid user user from 42.96.18.83 port 50400 ssh2
May  9 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1414]: Connection closed by 42.96.18.83 port 50400 [preauth]
May  9 07:13:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Invalid user oracle from 42.96.18.83
May  9 07:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: input_userauth_request: invalid user oracle [preauth]
May  9 07:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Failed password for invalid user oracle from 42.96.18.83 port 56326 ssh2
May  9 07:13:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1419]: Connection closed by 42.96.18.83 port 56326 [preauth]
May  9 07:13:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Invalid user gpadmin from 42.96.18.83
May  9 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: input_userauth_request: invalid user gpadmin [preauth]
May  9 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:13:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:13:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Failed password for invalid user gpadmin from 42.96.18.83 port 56342 ssh2
May  9 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1455]: Connection closed by 42.96.18.83 port 56342 [preauth]
May  9 07:13:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:13:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Failed password for root from 42.96.18.83 port 56350 ssh2
May  9 07:13:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1465]: Connection closed by 42.96.18.83 port 56350 [preauth]
May  9 07:13:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Invalid user esroot from 42.96.18.83
May  9 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: input_userauth_request: invalid user esroot [preauth]
May  9 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1481]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1480]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1480]: pam_unix(cron:session): session closed for user p13x
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1546]: Successful su for rubyman by root
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1546]: + ??? root:rubyman
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358188 of user rubyman.
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1546]: pam_unix(su:session): session closed for user rubyman
May  9 07:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358188.
May  9 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Failed password for invalid user esroot from 42.96.18.83 port 59622 ssh2
May  9 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1469]: Connection closed by 42.96.18.83 port 59622 [preauth]
May  9 07:14:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Invalid user gitlab from 42.96.18.83
May  9 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: input_userauth_request: invalid user gitlab [preauth]
May  9 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30600]: pam_unix(cron:session): session closed for user root
May  9 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Failed password for invalid user gitlab from 42.96.18.83 port 59636 ssh2
May  9 07:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1621]: Connection closed by 42.96.18.83 port 59636 [preauth]
May  9 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1481]: pam_unix(cron:session): session closed for user samftp
May  9 07:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Invalid user apache from 42.96.18.83
May  9 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: input_userauth_request: invalid user apache [preauth]
May  9 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Failed password for invalid user apache from 42.96.18.83 port 59648 ssh2
May  9 07:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1774]: Connection closed by 42.96.18.83 port 59648 [preauth]
May  9 07:14:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Failed password for root from 42.96.18.83 port 45960 ssh2
May  9 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1777]: Connection closed by 42.96.18.83 port 45960 [preauth]
May  9 07:14:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Failed password for root from 42.96.18.83 port 45968 ssh2
May  9 07:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1797]: Connection closed by 42.96.18.83 port 45968 [preauth]
May  9 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Invalid user user from 42.96.18.83
May  9 07:14:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: input_userauth_request: invalid user user [preauth]
May  9 07:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Failed password for invalid user user from 42.96.18.83 port 45984 ssh2
May  9 07:14:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1820]: Connection closed by 42.96.18.83 port 45984 [preauth]
May  9 07:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: Invalid user lighthouse from 42.96.18.83
May  9 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: input_userauth_request: invalid user lighthouse [preauth]
May  9 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: Failed password for invalid user lighthouse from 42.96.18.83 port 59514 ssh2
May  9 07:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1824]: Connection closed by 42.96.18.83 port 59514 [preauth]
May  9 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Invalid user flask from 42.96.18.83
May  9 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: input_userauth_request: invalid user flask [preauth]
May  9 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Failed password for invalid user flask from 42.96.18.83 port 59518 ssh2
May  9 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1837]: Connection closed by 42.96.18.83 port 59518 [preauth]
May  9 07:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: Invalid user user1 from 42.96.18.83
May  9 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: input_userauth_request: invalid user user1 [preauth]
May  9 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: Failed password for invalid user user1 from 42.96.18.83 port 59520 ssh2
May  9 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1859]: Connection closed by 42.96.18.83 port 59520 [preauth]
May  9 07:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Invalid user hadoop from 42.96.18.83
May  9 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: input_userauth_request: invalid user hadoop [preauth]
May  9 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[481]: pam_unix(cron:session): session closed for user root
May  9 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Failed password for invalid user hadoop from 42.96.18.83 port 54038 ssh2
May  9 07:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1861]: Connection closed by 42.96.18.83 port 54038 [preauth]
May  9 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Invalid user oracle from 42.96.18.83
May  9 07:14:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: input_userauth_request: invalid user oracle [preauth]
May  9 07:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Failed password for invalid user oracle from 42.96.18.83 port 54042 ssh2
May  9 07:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1907]: Connection closed by 42.96.18.83 port 54042 [preauth]
May  9 07:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Invalid user test from 42.96.18.83
May  9 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: input_userauth_request: invalid user test [preauth]
May  9 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Failed password for invalid user test from 42.96.18.83 port 48138 ssh2
May  9 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1949]: Connection closed by 42.96.18.83 port 48138 [preauth]
May  9 07:14:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: Failed password for root from 42.96.18.83 port 48160 ssh2
May  9 07:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: Connection closed by 42.96.18.83 port 48160 [preauth]
May  9 07:14:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Invalid user developer from 42.96.18.83
May  9 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: input_userauth_request: invalid user developer [preauth]
May  9 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:14:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Failed password for invalid user developer from 42.96.18.83 port 48182 ssh2
May  9 07:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Connection closed by 42.96.18.83 port 48182 [preauth]
May  9 07:14:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2028]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2028]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2028]: Failed password for root from 42.96.18.83 port 40654 ssh2
May  9 07:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2028]: Connection closed by 42.96.18.83 port 40654 [preauth]
May  9 07:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2030]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2030]: User mysql from 42.96.18.83 not allowed because not listed in AllowUsers
May  9 07:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2030]: input_userauth_request: invalid user mysql [preauth]
May  9 07:14:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=mysql
May  9 07:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2030]: Failed password for invalid user mysql from 42.96.18.83 port 40660 ssh2
May  9 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2030]: Connection closed by 42.96.18.83 port 40660 [preauth]
May  9 07:14:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: Failed password for root from 42.96.18.83 port 40666 ssh2
May  9 07:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: Connection closed by 42.96.18.83 port 40666 [preauth]
May  9 07:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: Invalid user tom from 42.96.18.83
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: input_userauth_request: invalid user tom [preauth]
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2057]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2060]: pam_unix(cron:session): session closed for user root
May  9 07:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user p13x
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2124]: Successful su for rubyman by root
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2124]: + ??? root:rubyman
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2124]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358193 of user rubyman.
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2124]: pam_unix(su:session): session closed for user rubyman
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358193.
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: Failed password for invalid user tom from 42.96.18.83 port 59422 ssh2
May  9 07:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2051]: Connection closed by 42.96.18.83 port 59422 [preauth]
May  9 07:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2056]: pam_unix(cron:session): session closed for user root
May  9 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31090]: pam_unix(cron:session): session closed for user root
May  9 07:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: Failed password for root from 42.96.18.83 port 59424 ssh2
May  9 07:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2221]: Connection closed by 42.96.18.83 port 59424 [preauth]
May  9 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session closed for user samftp
May  9 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Invalid user oscar from 42.96.18.83
May  9 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: input_userauth_request: invalid user oscar [preauth]
May  9 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Failed password for invalid user oscar from 42.96.18.83 port 59430 ssh2
May  9 07:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2338]: Connection closed by 42.96.18.83 port 59430 [preauth]
May  9 07:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Failed password for root from 42.96.18.83 port 39994 ssh2
May  9 07:15:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2349]: Connection closed by 42.96.18.83 port 39994 [preauth]
May  9 07:15:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Failed password for root from 42.96.18.83 port 40002 ssh2
May  9 07:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2368]: Connection closed by 42.96.18.83 port 40002 [preauth]
May  9 07:15:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Invalid user user1 from 42.96.18.83
May  9 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: input_userauth_request: invalid user user1 [preauth]
May  9 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Failed password for invalid user user1 from 42.96.18.83 port 40014 ssh2
May  9 07:15:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2387]: Connection closed by 42.96.18.83 port 40014 [preauth]
May  9 07:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Failed password for root from 42.96.18.83 port 55426 ssh2
May  9 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2400]: Connection closed by 42.96.18.83 port 55426 [preauth]
May  9 07:15:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Invalid user flink from 42.96.18.83
May  9 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: input_userauth_request: invalid user flink [preauth]
May  9 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Failed password for invalid user flink from 42.96.18.83 port 55434 ssh2
May  9 07:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2422]: Connection closed by 42.96.18.83 port 55434 [preauth]
May  9 07:15:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: Invalid user apache from 42.96.18.83
May  9 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: input_userauth_request: invalid user apache [preauth]
May  9 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: Failed password for invalid user apache from 42.96.18.83 port 52530 ssh2
May  9 07:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2433]: Connection closed by 42.96.18.83 port 52530 [preauth]
May  9 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[951]: pam_unix(cron:session): session closed for user root
May  9 07:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Failed password for root from 42.96.18.83 port 52540 ssh2
May  9 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2444]: Connection closed by 42.96.18.83 port 52540 [preauth]
May  9 07:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Invalid user nginx from 42.96.18.83
May  9 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: input_userauth_request: invalid user nginx [preauth]
May  9 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Failed password for invalid user nginx from 42.96.18.83 port 52544 ssh2
May  9 07:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2468]: Connection closed by 42.96.18.83 port 52544 [preauth]
May  9 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: Invalid user esuser from 42.96.18.83
May  9 07:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: input_userauth_request: invalid user esuser [preauth]
May  9 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: Failed password for invalid user esuser from 42.96.18.83 port 34912 ssh2
May  9 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2479]: Connection closed by 42.96.18.83 port 34912 [preauth]
May  9 07:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Failed password for root from 42.96.18.83 port 34936 ssh2
May  9 07:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2508]: Connection closed by 42.96.18.83 port 34936 [preauth]
May  9 07:15:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: Invalid user git from 42.96.18.83
May  9 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: input_userauth_request: invalid user git [preauth]
May  9 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: Failed password for invalid user git from 42.96.18.83 port 34964 ssh2
May  9 07:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2517]: Connection closed by 42.96.18.83 port 34964 [preauth]
May  9 07:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: Invalid user postgres from 42.96.18.83
May  9 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: input_userauth_request: invalid user postgres [preauth]
May  9 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: Failed password for invalid user postgres from 42.96.18.83 port 59508 ssh2
May  9 07:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2520]: Connection closed by 42.96.18.83 port 59508 [preauth]
May  9 07:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Invalid user svnuser from 42.96.18.83
May  9 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: input_userauth_request: invalid user svnuser [preauth]
May  9 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Failed password for invalid user svnuser from 42.96.18.83 port 59522 ssh2
May  9 07:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2532]: Connection closed by 42.96.18.83 port 59522 [preauth]
May  9 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: Invalid user dolphinscheduler from 42.96.18.83
May  9 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: Failed password for invalid user dolphinscheduler from 42.96.18.83 port 59526 ssh2
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2542]: Connection closed by 42.96.18.83 port 59526 [preauth]
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2547]: pam_unix(cron:session): session closed for user p13x
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: Successful su for rubyman by root
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: + ??? root:rubyman
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358198 of user rubyman.
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2629]: pam_unix(su:session): session closed for user rubyman
May  9 07:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358198.
May  9 07:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: Failed password for root from 42.96.18.83 port 51574 ssh2
May  9 07:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2627]: Connection closed by 42.96.18.83 port 51574 [preauth]
May  9 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31599]: pam_unix(cron:session): session closed for user root
May  9 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Invalid user plexserver from 42.96.18.83
May  9 07:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: input_userauth_request: invalid user plexserver [preauth]
May  9 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2549]: pam_unix(cron:session): session closed for user samftp
May  9 07:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Failed password for invalid user plexserver from 42.96.18.83 port 51584 ssh2
May  9 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2803]: Connection closed by 42.96.18.83 port 51584 [preauth]
May  9 07:16:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Invalid user sonar from 42.96.18.83
May  9 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: input_userauth_request: invalid user sonar [preauth]
May  9 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Failed password for invalid user sonar from 42.96.18.83 port 45124 ssh2
May  9 07:16:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Connection closed by 42.96.18.83 port 45124 [preauth]
May  9 07:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Invalid user app from 42.96.18.83
May  9 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: input_userauth_request: invalid user app [preauth]
May  9 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Failed password for invalid user app from 42.96.18.83 port 45138 ssh2
May  9 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2843]: Connection closed by 42.96.18.83 port 45138 [preauth]
May  9 07:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Invalid user tools from 42.96.18.83
May  9 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: input_userauth_request: invalid user tools [preauth]
May  9 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Failed password for invalid user tools from 42.96.18.83 port 45154 ssh2
May  9 07:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2871]: Connection closed by 42.96.18.83 port 45154 [preauth]
May  9 07:16:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: Invalid user lighthouse from 42.96.18.83
May  9 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: input_userauth_request: invalid user lighthouse [preauth]
May  9 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: Failed password for invalid user lighthouse from 42.96.18.83 port 56320 ssh2
May  9 07:16:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2880]: Connection closed by 42.96.18.83 port 56320 [preauth]
May  9 07:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: User mysql from 42.96.18.83 not allowed because not listed in AllowUsers
May  9 07:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: input_userauth_request: invalid user mysql [preauth]
May  9 07:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=mysql
May  9 07:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: Failed password for invalid user mysql from 42.96.18.83 port 56332 ssh2
May  9 07:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: Connection closed by 42.96.18.83 port 56332 [preauth]
May  9 07:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Failed password for root from 42.96.18.83 port 56336 ssh2
May  9 07:16:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2912]: Connection closed by 42.96.18.83 port 56336 [preauth]
May  9 07:16:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Invalid user gpadmin from 42.96.18.83
May  9 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: input_userauth_request: invalid user gpadmin [preauth]
May  9 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Failed password for invalid user gpadmin from 42.96.18.83 port 42068 ssh2
May  9 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2922]: Connection closed by 42.96.18.83 port 42068 [preauth]
May  9 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1483]: pam_unix(cron:session): session closed for user root
May  9 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Invalid user oracle from 42.96.18.83
May  9 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: input_userauth_request: invalid user oracle [preauth]
May  9 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Failed password for invalid user oracle from 42.96.18.83 port 42084 ssh2
May  9 07:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2941]: Connection closed by 42.96.18.83 port 42084 [preauth]
May  9 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Invalid user www from 42.96.18.83
May  9 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: input_userauth_request: invalid user www [preauth]
May  9 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Failed password for root from 42.96.18.83 port 42086 ssh2
May  9 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2958]: Connection closed by 42.96.18.83 port 42086 [preauth]
May  9 07:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Failed password for invalid user www from 42.96.18.83 port 34582 ssh2
May  9 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2971]: Connection closed by 42.96.18.83 port 34582 [preauth]
May  9 07:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Failed password for root from 42.96.18.83 port 34584 ssh2
May  9 07:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2979]: Connection closed by 42.96.18.83 port 34584 [preauth]
May  9 07:16:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Invalid user oscar from 42.96.18.83
May  9 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: input_userauth_request: invalid user oscar [preauth]
May  9 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Failed password for invalid user oscar from 42.96.18.83 port 34600 ssh2
May  9 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2998]: Connection closed by 42.96.18.83 port 34600 [preauth]
May  9 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Invalid user test from 42.96.18.83
May  9 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: input_userauth_request: invalid user test [preauth]
May  9 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Failed password for invalid user test from 42.96.18.83 port 47640 ssh2
May  9 07:16:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3009]: Connection closed by 42.96.18.83 port 47640 [preauth]
May  9 07:16:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Invalid user admin from 80.94.95.116
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: input_userauth_request: invalid user admin [preauth]
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Invalid user admin from 42.96.18.83
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: input_userauth_request: invalid user admin [preauth]
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Failed password for invalid user admin from 80.94.95.116 port 45630 ssh2
May  9 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3011]: Connection closed by 80.94.95.116 port 45630 [preauth]
May  9 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Failed password for invalid user admin from 42.96.18.83 port 47648 ssh2
May  9 07:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3013]: Connection closed by 42.96.18.83 port 47648 [preauth]
May  9 07:16:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3033]: pam_unix(cron:session): session closed for user root
May  9 07:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3035]: pam_unix(cron:session): session closed for user p13x
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Failed password for root from 42.96.18.83 port 47658 ssh2
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: Successful su for rubyman by root
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: + ??? root:rubyman
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358204 of user rubyman.
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3102]: pam_unix(su:session): session closed for user rubyman
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358204.
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3025]: Connection closed by 42.96.18.83 port 47658 [preauth]
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Invalid user app from 42.96.18.83
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: input_userauth_request: invalid user app [preauth]
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32346]: pam_unix(cron:session): session closed for user root
May  9 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Failed password for invalid user app from 42.96.18.83 port 38264 ssh2
May  9 07:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3096]: Connection closed by 42.96.18.83 port 38264 [preauth]
May  9 07:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: Invalid user elastic from 42.96.18.83
May  9 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: input_userauth_request: invalid user elastic [preauth]
May  9 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3036]: pam_unix(cron:session): session closed for user samftp
May  9 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: Failed password for invalid user elastic from 42.96.18.83 port 38276 ssh2
May  9 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3269]: Connection closed by 42.96.18.83 port 38276 [preauth]
May  9 07:17:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Failed password for root from 42.96.18.83 port 56540 ssh2
May  9 07:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3295]: Connection closed by 42.96.18.83 port 56540 [preauth]
May  9 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Invalid user guest from 42.96.18.83
May  9 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: input_userauth_request: invalid user guest [preauth]
May  9 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Failed password for invalid user guest from 42.96.18.83 port 56554 ssh2
May  9 07:17:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3297]: Connection closed by 42.96.18.83 port 56554 [preauth]
May  9 07:17:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Failed password for root from 42.96.18.83 port 56570 ssh2
May  9 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3320]: Connection closed by 42.96.18.83 port 56570 [preauth]
May  9 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: Invalid user sonar from 42.96.18.83
May  9 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: input_userauth_request: invalid user sonar [preauth]
May  9 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: Failed password for invalid user sonar from 42.96.18.83 port 42614 ssh2
May  9 07:17:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3332]: Connection closed by 42.96.18.83 port 42614 [preauth]
May  9 07:17:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Invalid user jumpserver from 42.96.18.83
May  9 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: input_userauth_request: invalid user jumpserver [preauth]
May  9 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Failed password for invalid user jumpserver from 42.96.18.83 port 42620 ssh2
May  9 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3334]: Connection closed by 42.96.18.83 port 42620 [preauth]
May  9 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Invalid user tom from 42.96.18.83
May  9 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: input_userauth_request: invalid user tom [preauth]
May  9 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Failed password for invalid user tom from 42.96.18.83 port 42634 ssh2
May  9 07:17:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Connection closed by 42.96.18.83 port 42634 [preauth]
May  9 07:17:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Failed password for root from 42.96.18.83 port 55564 ssh2
May  9 07:17:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3369]: Connection closed by 42.96.18.83 port 55564 [preauth]
May  9 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2059]: pam_unix(cron:session): session closed for user root
May  9 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Invalid user git from 42.96.18.83
May  9 07:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: input_userauth_request: invalid user git [preauth]
May  9 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Failed password for invalid user git from 42.96.18.83 port 55580 ssh2
May  9 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3401]: Connection closed by 42.96.18.83 port 55580 [preauth]
May  9 07:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Invalid user ranger from 42.96.18.83
May  9 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: input_userauth_request: invalid user ranger [preauth]
May  9 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Failed password for invalid user ranger from 42.96.18.83 port 55596 ssh2
May  9 07:17:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3415]: Connection closed by 42.96.18.83 port 55596 [preauth]
May  9 07:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: Invalid user appuser from 42.96.18.83
May  9 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: input_userauth_request: invalid user appuser [preauth]
May  9 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: Failed password for invalid user appuser from 42.96.18.83 port 42720 ssh2
May  9 07:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3457]: Connection closed by 42.96.18.83 port 42720 [preauth]
May  9 07:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: Invalid user tom from 42.96.18.83
May  9 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: input_userauth_request: invalid user tom [preauth]
May  9 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: Failed password for invalid user tom from 42.96.18.83 port 42734 ssh2
May  9 07:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Failed password for root from 42.96.18.83 port 42704 ssh2
May  9 07:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3460]: Connection closed by 42.96.18.83 port 42734 [preauth]
May  9 07:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3463]: Connection closed by 42.96.18.83 port 42704 [preauth]
May  9 07:17:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:17:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: Failed password for root from 42.96.18.83 port 54184 ssh2
May  9 07:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3474]: Connection closed by 42.96.18.83 port 54184 [preauth]
May  9 07:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Invalid user ubuntu from 42.96.18.83
May  9 07:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: input_userauth_request: invalid user ubuntu [preauth]
May  9 07:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Failed password for invalid user ubuntu from 42.96.18.83 port 54198 ssh2
May  9 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3485]: Connection closed by 42.96.18.83 port 54198 [preauth]
May  9 07:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: Invalid user elsearch from 42.96.18.83
May  9 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: input_userauth_request: invalid user elsearch [preauth]
May  9 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3500]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3500]: pam_unix(cron:session): session closed for user p13x
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3593]: Successful su for rubyman by root
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3593]: + ??? root:rubyman
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3593]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358207 of user rubyman.
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3593]: pam_unix(su:session): session closed for user rubyman
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358207.
May  9 07:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: Failed password for invalid user elsearch from 42.96.18.83 port 49876 ssh2
May  9 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3489]: Connection closed by 42.96.18.83 port 49876 [preauth]
May  9 07:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Invalid user nginx from 42.96.18.83
May  9 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: input_userauth_request: invalid user nginx [preauth]
May  9 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[480]: pam_unix(cron:session): session closed for user root
May  9 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Failed password for invalid user nginx from 42.96.18.83 port 49882 ssh2
May  9 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3627]: Connection closed by 42.96.18.83 port 49882 [preauth]
May  9 07:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3501]: pam_unix(cron:session): session closed for user samftp
May  9 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: Invalid user rancher from 42.96.18.83
May  9 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: input_userauth_request: invalid user rancher [preauth]
May  9 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: Failed password for invalid user rancher from 42.96.18.83 port 49890 ssh2
May  9 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: Connection closed by 42.96.18.83 port 49890 [preauth]
May  9 07:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for root from 42.96.18.83 port 58596 ssh2
May  9 07:18:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Connection closed by 42.96.18.83 port 58596 [preauth]
May  9 07:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Invalid user rancher from 42.96.18.83
May  9 07:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: input_userauth_request: invalid user rancher [preauth]
May  9 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Failed password for invalid user rancher from 42.96.18.83 port 58610 ssh2
May  9 07:18:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3788]: Connection closed by 42.96.18.83 port 58610 [preauth]
May  9 07:18:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Invalid user es from 42.96.18.83
May  9 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: input_userauth_request: invalid user es [preauth]
May  9 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Failed password for invalid user es from 42.96.18.83 port 58624 ssh2
May  9 07:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3808]: Connection closed by 42.96.18.83 port 58624 [preauth]
May  9 07:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Failed password for root from 42.96.18.83 port 45402 ssh2
May  9 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Connection closed by 42.96.18.83 port 45402 [preauth]
May  9 07:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Invalid user user from 42.96.18.83
May  9 07:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: input_userauth_request: invalid user user [preauth]
May  9 07:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Failed password for invalid user user from 42.96.18.83 port 45418 ssh2
May  9 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3823]: Connection closed by 42.96.18.83 port 45418 [preauth]
May  9 07:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Failed password for root from 42.96.18.83 port 45422 ssh2
May  9 07:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Connection closed by 42.96.18.83 port 45422 [preauth]
May  9 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Invalid user uftp from 42.96.18.83
May  9 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: input_userauth_request: invalid user uftp [preauth]
May  9 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2551]: pam_unix(cron:session): session closed for user root
May  9 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Failed password for invalid user uftp from 42.96.18.83 port 34130 ssh2
May  9 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3849]: Connection closed by 42.96.18.83 port 34130 [preauth]
May  9 07:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Invalid user data from 42.96.18.83
May  9 07:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: input_userauth_request: invalid user data [preauth]
May  9 07:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Failed password for invalid user data from 42.96.18.83 port 34140 ssh2
May  9 07:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3875]: Connection closed by 42.96.18.83 port 34140 [preauth]
May  9 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Invalid user bigdata from 42.96.18.83
May  9 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: input_userauth_request: invalid user bigdata [preauth]
May  9 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Failed password for invalid user bigdata from 42.96.18.83 port 34148 ssh2
May  9 07:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3891]: Connection closed by 42.96.18.83 port 34148 [preauth]
May  9 07:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: Invalid user oracle from 42.96.18.83
May  9 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: input_userauth_request: invalid user oracle [preauth]
May  9 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: Failed password for invalid user oracle from 42.96.18.83 port 35604 ssh2
May  9 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3894]: Connection closed by 42.96.18.83 port 35604 [preauth]
May  9 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Invalid user plex from 42.96.18.83
May  9 07:18:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: input_userauth_request: invalid user plex [preauth]
May  9 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Failed password for invalid user plex from 42.96.18.83 port 35620 ssh2
May  9 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3919]: Connection closed by 42.96.18.83 port 35620 [preauth]
May  9 07:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: Invalid user steam from 42.96.18.83
May  9 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: input_userauth_request: invalid user steam [preauth]
May  9 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: Failed password for invalid user steam from 42.96.18.83 port 44358 ssh2
May  9 07:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3935]: Connection closed by 42.96.18.83 port 44358 [preauth]
May  9 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Invalid user esuser from 42.96.18.83
May  9 07:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: input_userauth_request: invalid user esuser [preauth]
May  9 07:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Failed password for invalid user esuser from 42.96.18.83 port 44368 ssh2
May  9 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3938]: Connection closed by 42.96.18.83 port 44368 [preauth]
May  9 07:18:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: Invalid user observer from 42.96.18.83
May  9 07:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: input_userauth_request: invalid user observer [preauth]
May  9 07:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: Failed password for invalid user observer from 42.96.18.83 port 44382 ssh2
May  9 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3949]: Connection closed by 42.96.18.83 port 44382 [preauth]
May  9 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Invalid user docker from 42.96.18.83
May  9 07:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: input_userauth_request: invalid user docker [preauth]
May  9 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3993]: pam_unix(cron:session): session closed for user p13x
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: Successful su for rubyman by root
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: + ??? root:rubyman
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358211 of user rubyman.
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4056]: pam_unix(su:session): session closed for user rubyman
May  9 07:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358211.
May  9 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Failed password for invalid user docker from 42.96.18.83 port 38834 ssh2
May  9 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3989]: Connection closed by 42.96.18.83 port 38834 [preauth]
May  9 07:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Invalid user user from 42.96.18.83
May  9 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: input_userauth_request: invalid user user [preauth]
May  9 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[950]: pam_unix(cron:session): session closed for user root
May  9 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Failed password for invalid user user from 42.96.18.83 port 38838 ssh2
May  9 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4119]: Connection closed by 42.96.18.83 port 38838 [preauth]
May  9 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3995]: pam_unix(cron:session): session closed for user samftp
May  9 07:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Invalid user elastic from 42.96.18.83
May  9 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: input_userauth_request: invalid user elastic [preauth]
May  9 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Failed password for invalid user elastic from 42.96.18.83 port 38848 ssh2
May  9 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4268]: Connection closed by 42.96.18.83 port 38848 [preauth]
May  9 07:19:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Invalid user oracle from 42.96.18.83
May  9 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: input_userauth_request: invalid user oracle [preauth]
May  9 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Failed password for invalid user oracle from 42.96.18.83 port 59056 ssh2
May  9 07:19:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4274]: Connection closed by 42.96.18.83 port 59056 [preauth]
May  9 07:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Invalid user postgres from 42.96.18.83
May  9 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: input_userauth_request: invalid user postgres [preauth]
May  9 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Failed password for invalid user postgres from 42.96.18.83 port 59082 ssh2
May  9 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4290]: Connection closed by 42.96.18.83 port 59082 [preauth]
May  9 07:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Invalid user ts from 42.96.18.83
May  9 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: input_userauth_request: invalid user ts [preauth]
May  9 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Failed password for invalid user ts from 42.96.18.83 port 59094 ssh2
May  9 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4424]: Connection closed by 42.96.18.83 port 59094 [preauth]
May  9 07:19:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: Failed password for root from 42.96.18.83 port 57264 ssh2
May  9 07:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4432]: Connection closed by 42.96.18.83 port 57264 [preauth]
May  9 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Invalid user ftpuser from 42.96.18.83
May  9 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: input_userauth_request: invalid user ftpuser [preauth]
May  9 07:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Failed password for invalid user ftpuser from 42.96.18.83 port 57266 ssh2
May  9 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4441]: Connection closed by 42.96.18.83 port 57266 [preauth]
May  9 07:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: Invalid user test from 42.96.18.83
May  9 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: input_userauth_request: invalid user test [preauth]
May  9 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: Failed password for invalid user test from 42.96.18.83 port 57274 ssh2
May  9 07:19:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4464]: Connection closed by 42.96.18.83 port 57274 [preauth]
May  9 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Invalid user gitlab from 42.96.18.83
May  9 07:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: input_userauth_request: invalid user gitlab [preauth]
May  9 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3038]: pam_unix(cron:session): session closed for user root
May  9 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Failed password for invalid user gitlab from 42.96.18.83 port 56308 ssh2
May  9 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4474]: Connection closed by 42.96.18.83 port 56308 [preauth]
May  9 07:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Invalid user guest from 42.96.18.83
May  9 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: input_userauth_request: invalid user guest [preauth]
May  9 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Failed password for invalid user guest from 42.96.18.83 port 56318 ssh2
May  9 07:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4510]: Connection closed by 42.96.18.83 port 56318 [preauth]
May  9 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: Invalid user shan from 14.103.127.97
May  9 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: input_userauth_request: invalid user shan [preauth]
May  9 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97
May  9 07:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Invalid user worker from 42.96.18.83
May  9 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: input_userauth_request: invalid user worker [preauth]
May  9 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: Failed password for invalid user shan from 14.103.127.97 port 60174 ssh2
May  9 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: Received disconnect from 14.103.127.97 port 60174:11: Bye Bye [preauth]
May  9 07:19:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4521]: Disconnected from 14.103.127.97 port 60174 [preauth]
May  9 07:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Failed password for invalid user worker from 42.96.18.83 port 56322 ssh2
May  9 07:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4524]: Connection closed by 42.96.18.83 port 56322 [preauth]
May  9 07:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Invalid user flask from 42.96.18.83
May  9 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: input_userauth_request: invalid user flask [preauth]
May  9 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Failed password for invalid user flask from 42.96.18.83 port 50338 ssh2
May  9 07:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4536]: Connection closed by 42.96.18.83 port 50338 [preauth]
May  9 07:19:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Invalid user gpuadmin from 42.96.18.83
May  9 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: input_userauth_request: invalid user gpuadmin [preauth]
May  9 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Failed password for invalid user gpuadmin from 42.96.18.83 port 50340 ssh2
May  9 07:19:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4554]: Connection closed by 42.96.18.83 port 50340 [preauth]
May  9 07:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: Invalid user zabbix from 42.96.18.83
May  9 07:19:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: input_userauth_request: invalid user zabbix [preauth]
May  9 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: Failed password for invalid user zabbix from 42.96.18.83 port 33370 ssh2
May  9 07:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4565]: Connection closed by 42.96.18.83 port 33370 [preauth]
May  9 07:19:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: Invalid user flask from 42.96.18.83
May  9 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: input_userauth_request: invalid user flask [preauth]
May  9 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:19:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: Failed password for root from 42.96.18.83 port 33378 ssh2
May  9 07:19:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4578]: Connection closed by 42.96.18.83 port 33378 [preauth]
May  9 07:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: Failed password for invalid user flask from 42.96.18.83 port 33388 ssh2
May  9 07:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4580]: Connection closed by 42.96.18.83 port 33388 [preauth]
May  9 07:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Invalid user gitlab from 42.96.18.83
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: input_userauth_request: invalid user gitlab [preauth]
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4601]: pam_unix(cron:session): session closed for user root
May  9 07:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4595]: pam_unix(cron:session): session closed for user p13x
May  9 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4663]: Successful su for rubyman by root
May  9 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4663]: + ??? root:rubyman
May  9 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4663]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358220 of user rubyman.
May  9 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4663]: pam_unix(su:session): session closed for user rubyman
May  9 07:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358220.
May  9 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Failed password for invalid user gitlab from 42.96.18.83 port 50118 ssh2
May  9 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: Connection closed by 42.96.18.83 port 50118 [preauth]
May  9 07:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: Invalid user testuser from 42.96.18.83
May  9 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: input_userauth_request: invalid user testuser [preauth]
May  9 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1482]: pam_unix(cron:session): session closed for user root
May  9 07:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4598]: pam_unix(cron:session): session closed for user root
May  9 07:20:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: Failed password for invalid user testuser from 42.96.18.83 port 50132 ssh2
May  9 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4739]: Connection closed by 42.96.18.83 port 50132 [preauth]
May  9 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4596]: pam_unix(cron:session): session closed for user samftp
May  9 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Invalid user postgres from 42.96.18.83
May  9 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: input_userauth_request: invalid user postgres [preauth]
May  9 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Failed password for invalid user postgres from 42.96.18.83 port 50138 ssh2
May  9 07:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4878]: Connection closed by 42.96.18.83 port 50138 [preauth]
May  9 07:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Invalid user jenkins from 42.96.18.83
May  9 07:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: input_userauth_request: invalid user jenkins [preauth]
May  9 07:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Failed password for invalid user jenkins from 42.96.18.83 port 59930 ssh2
May  9 07:20:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4901]: Connection closed by 42.96.18.83 port 59930 [preauth]
May  9 07:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Failed password for root from 42.96.18.83 port 59936 ssh2
May  9 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4909]: Connection closed by 42.96.18.83 port 59936 [preauth]
May  9 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Invalid user admin from 42.96.18.83
May  9 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: input_userauth_request: invalid user admin [preauth]
May  9 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Failed password for invalid user admin from 42.96.18.83 port 59938 ssh2
May  9 07:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4932]: Connection closed by 42.96.18.83 port 59938 [preauth]
May  9 07:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: Invalid user weblogic from 42.96.18.83
May  9 07:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: input_userauth_request: invalid user weblogic [preauth]
May  9 07:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: Failed password for invalid user weblogic from 42.96.18.83 port 56432 ssh2
May  9 07:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4946]: Connection closed by 42.96.18.83 port 56432 [preauth]
May  9 07:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Invalid user centos from 42.96.18.83
May  9 07:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: input_userauth_request: invalid user centos [preauth]
May  9 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Failed password for invalid user centos from 42.96.18.83 port 56442 ssh2
May  9 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4956]: Connection closed by 42.96.18.83 port 56442 [preauth]
May  9 07:20:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Invalid user steam from 42.96.18.83
May  9 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: input_userauth_request: invalid user steam [preauth]
May  9 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Failed password for invalid user steam from 42.96.18.83 port 60826 ssh2
May  9 07:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4973]: Connection closed by 42.96.18.83 port 60826 [preauth]
May  9 07:20:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Invalid user test from 42.96.18.83
May  9 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: input_userauth_request: invalid user test [preauth]
May  9 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3503]: pam_unix(cron:session): session closed for user root
May  9 07:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Failed password for invalid user test from 42.96.18.83 port 60834 ssh2
May  9 07:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4984]: Connection closed by 42.96.18.83 port 60834 [preauth]
May  9 07:20:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Invalid user test from 42.96.18.83
May  9 07:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: input_userauth_request: invalid user test [preauth]
May  9 07:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Failed password for invalid user test from 42.96.18.83 port 60848 ssh2
May  9 07:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5198]: Connection closed by 42.96.18.83 port 60848 [preauth]
May  9 07:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: Failed password for root from 42.96.18.83 port 38052 ssh2
May  9 07:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5201]: Connection closed by 42.96.18.83 port 38052 [preauth]
May  9 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: Invalid user centos from 42.96.18.83
May  9 07:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: input_userauth_request: invalid user centos [preauth]
May  9 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: Failed password for invalid user centos from 42.96.18.83 port 38062 ssh2
May  9 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5229]: Connection closed by 42.96.18.83 port 38062 [preauth]
May  9 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Invalid user tomcat from 42.96.18.83
May  9 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: input_userauth_request: invalid user tomcat [preauth]
May  9 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:20:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Failed password for invalid user tomcat from 42.96.18.83 port 38070 ssh2
May  9 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Connection closed by 42.96.18.83 port 38070 [preauth]
May  9 07:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: User mysql from 42.96.18.83 not allowed because not listed in AllowUsers
May  9 07:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: input_userauth_request: invalid user mysql [preauth]
May  9 07:20:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=mysql
May  9 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Failed password for invalid user mysql from 42.96.18.83 port 54846 ssh2
May  9 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Connection closed by 42.96.18.83 port 54846 [preauth]
May  9 07:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for root from 42.96.18.83 port 54848 ssh2
May  9 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Connection closed by 42.96.18.83 port 54848 [preauth]
May  9 07:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: Failed password for root from 42.96.18.83 port 54856 ssh2
May  9 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5268]: Connection closed by 42.96.18.83 port 54856 [preauth]
May  9 07:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5279]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5276]: pam_unix(cron:session): session closed for user p13x
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Invalid user zabbix from 42.96.18.83
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: input_userauth_request: invalid user zabbix [preauth]
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5344]: Successful su for rubyman by root
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5344]: + ??? root:rubyman
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358221 of user rubyman.
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5344]: pam_unix(su:session): session closed for user rubyman
May  9 07:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358221.
May  9 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Failed password for invalid user zabbix from 42.96.18.83 port 39690 ssh2
May  9 07:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Connection closed by 42.96.18.83 port 39690 [preauth]
May  9 07:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Invalid user kubernetes from 42.96.18.83
May  9 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: input_userauth_request: invalid user kubernetes [preauth]
May  9 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2057]: pam_unix(cron:session): session closed for user root
May  9 07:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5277]: pam_unix(cron:session): session closed for user samftp
May  9 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Failed password for invalid user kubernetes from 42.96.18.83 port 39702 ssh2
May  9 07:21:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Connection closed by 42.96.18.83 port 39702 [preauth]
May  9 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Invalid user observer from 42.96.18.83
May  9 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: input_userauth_request: invalid user observer [preauth]
May  9 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Failed password for invalid user observer from 42.96.18.83 port 39718 ssh2
May  9 07:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5577]: Connection closed by 42.96.18.83 port 39718 [preauth]
May  9 07:21:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Invalid user hadoop from 42.96.18.83
May  9 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: input_userauth_request: invalid user hadoop [preauth]
May  9 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Failed password for invalid user hadoop from 42.96.18.83 port 55566 ssh2
May  9 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5594]: Connection closed by 42.96.18.83 port 55566 [preauth]
May  9 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Invalid user bot from 42.96.18.83
May  9 07:21:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: input_userauth_request: invalid user bot [preauth]
May  9 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Failed password for invalid user bot from 42.96.18.83 port 55576 ssh2
May  9 07:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5626]: Connection closed by 42.96.18.83 port 55576 [preauth]
May  9 07:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Invalid user debianuser from 42.96.18.83
May  9 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: input_userauth_request: invalid user debianuser [preauth]
May  9 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Failed password for invalid user debianuser from 42.96.18.83 port 39550 ssh2
May  9 07:21:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5635]: Connection closed by 42.96.18.83 port 39550 [preauth]
May  9 07:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Invalid user ranger from 42.96.18.83
May  9 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: input_userauth_request: invalid user ranger [preauth]
May  9 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Failed password for invalid user ranger from 42.96.18.83 port 39558 ssh2
May  9 07:21:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5643]: Connection closed by 42.96.18.83 port 39558 [preauth]
May  9 07:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Invalid user oracle from 42.96.18.83
May  9 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: input_userauth_request: invalid user oracle [preauth]
May  9 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Failed password for invalid user oracle from 42.96.18.83 port 39564 ssh2
May  9 07:21:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Connection closed by 42.96.18.83 port 39564 [preauth]
May  9 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3997]: pam_unix(cron:session): session closed for user root
May  9 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Invalid user elastic from 42.96.18.83
May  9 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: input_userauth_request: invalid user elastic [preauth]
May  9 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Failed password for invalid user elastic from 42.96.18.83 port 43070 ssh2
May  9 07:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5679]: Connection closed by 42.96.18.83 port 43070 [preauth]
May  9 07:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Failed password for root from 42.96.18.83 port 43072 ssh2
May  9 07:21:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5715]: Connection closed by 42.96.18.83 port 43072 [preauth]
May  9 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Invalid user admin from 42.96.18.83
May  9 07:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: input_userauth_request: invalid user admin [preauth]
May  9 07:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Failed password for invalid user admin from 42.96.18.83 port 35366 ssh2
May  9 07:21:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5726]: Connection closed by 42.96.18.83 port 35366 [preauth]
May  9 07:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Invalid user default from 42.96.18.83
May  9 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: input_userauth_request: invalid user default [preauth]
May  9 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: User ftp from 42.96.18.83 not allowed because not listed in AllowUsers
May  9 07:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: input_userauth_request: invalid user ftp [preauth]
May  9 07:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=ftp
May  9 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Failed password for invalid user default from 42.96.18.83 port 35372 ssh2
May  9 07:21:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5735]: Connection closed by 42.96.18.83 port 35372 [preauth]
May  9 07:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Failed password for invalid user ftp from 42.96.18.83 port 43056 ssh2
May  9 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Invalid user tomcat from 42.96.18.83
May  9 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: input_userauth_request: invalid user tomcat [preauth]
May  9 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5737]: Connection closed by 42.96.18.83 port 43056 [preauth]
May  9 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Failed password for invalid user tomcat from 42.96.18.83 port 35380 ssh2
May  9 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5755]: Connection closed by 42.96.18.83 port 35380 [preauth]
May  9 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Invalid user pi from 79.232.104.119
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: input_userauth_request: invalid user pi [preauth]
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: Invalid user pi from 79.232.104.119
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: input_userauth_request: invalid user pi [preauth]
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Invalid user gitlab from 42.96.18.83
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: input_userauth_request: invalid user gitlab [preauth]
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.232.104.119
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.232.104.119
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Failed password for invalid user pi from 79.232.104.119 port 61995 ssh2
May  9 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: Failed password for invalid user pi from 79.232.104.119 port 59762 ssh2
May  9 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for invalid user gitlab from 42.96.18.83 port 60130 ssh2
May  9 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5764]: Connection closed by 79.232.104.119 port 61995 [preauth]
May  9 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5766]: Connection closed by 79.232.104.119 port 59762 [preauth]
May  9 07:21:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection closed by 42.96.18.83 port 60130 [preauth]
May  9 07:21:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Failed password for root from 42.96.18.83 port 60138 ssh2
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5771]: Connection closed by 42.96.18.83 port 60138 [preauth]
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Invalid user hadoop from 42.96.18.83
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: input_userauth_request: invalid user hadoop [preauth]
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Failed password for invalid user hadoop from 42.96.18.83 port 60146 ssh2
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5781]: Connection closed by 42.96.18.83 port 60146 [preauth]
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5792]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5791]: pam_unix(cron:session): session closed for user p13x
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: Successful su for rubyman by root
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: + ??? root:rubyman
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358227 of user rubyman.
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5945]: pam_unix(su:session): session closed for user rubyman
May  9 07:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358227.
May  9 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Invalid user tools from 42.96.18.83
May  9 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: input_userauth_request: invalid user tools [preauth]
May  9 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Failed password for invalid user tools from 42.96.18.83 port 44294 ssh2
May  9 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2550]: pam_unix(cron:session): session closed for user root
May  9 07:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5942]: Connection closed by 42.96.18.83 port 44294 [preauth]
May  9 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Invalid user admin from 42.96.18.83
May  9 07:22:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: input_userauth_request: invalid user admin [preauth]
May  9 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5792]: pam_unix(cron:session): session closed for user samftp
May  9 07:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Failed password for invalid user admin from 42.96.18.83 port 44308 ssh2
May  9 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6122]: Connection closed by 42.96.18.83 port 44308 [preauth]
May  9 07:22:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Invalid user www from 42.96.18.83
May  9 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: input_userauth_request: invalid user www [preauth]
May  9 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Failed password for invalid user www from 42.96.18.83 port 38962 ssh2
May  9 07:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6151]: Connection closed by 42.96.18.83 port 38962 [preauth]
May  9 07:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Failed password for root from 42.96.18.83 port 38968 ssh2
May  9 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6161]: Connection closed by 42.96.18.83 port 38968 [preauth]
May  9 07:22:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Failed password for root from 42.96.18.83 port 38974 ssh2
May  9 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Connection closed by 42.96.18.83 port 38974 [preauth]
May  9 07:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: Invalid user es from 42.96.18.83
May  9 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: input_userauth_request: invalid user es [preauth]
May  9 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Failed password for root from 218.92.0.179 port 32325 ssh2
May  9 07:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: Failed password for invalid user es from 42.96.18.83 port 57408 ssh2
May  9 07:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6192]: Connection closed by 42.96.18.83 port 57408 [preauth]
May  9 07:22:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Failed password for root from 218.92.0.179 port 32325 ssh2
May  9 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: Failed password for root from 42.96.18.83 port 57424 ssh2
May  9 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6203]: Connection closed by 42.96.18.83 port 57424 [preauth]
May  9 07:22:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Failed password for root from 218.92.0.179 port 32325 ssh2
May  9 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Received disconnect from 218.92.0.179 port 32325:11:  [preauth]
May  9 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: Disconnected from 218.92.0.179 port 32325 [preauth]
May  9 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6190]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Invalid user oracle from 42.96.18.83
May  9 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: input_userauth_request: invalid user oracle [preauth]
May  9 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Invalid user enshi from 50.235.31.47
May  9 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: input_userauth_request: invalid user enshi [preauth]
May  9 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Failed password for invalid user oracle from 42.96.18.83 port 57438 ssh2
May  9 07:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Connection closed by 42.96.18.83 port 57438 [preauth]
May  9 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Failed password for invalid user enshi from 50.235.31.47 port 54632 ssh2
May  9 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: Invalid user uftp from 42.96.18.83
May  9 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: input_userauth_request: invalid user uftp [preauth]
May  9 07:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6229]: Connection closed by 50.235.31.47 port 54632 [preauth]
May  9 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: Failed password for invalid user uftp from 42.96.18.83 port 50378 ssh2
May  9 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6232]: Connection closed by 42.96.18.83 port 50378 [preauth]
May  9 07:22:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Invalid user flink from 42.96.18.83
May  9 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: input_userauth_request: invalid user flink [preauth]
May  9 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4600]: pam_unix(cron:session): session closed for user root
May  9 07:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Failed password for invalid user flink from 42.96.18.83 port 50386 ssh2
May  9 07:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6258]: Connection closed by 42.96.18.83 port 50386 [preauth]
May  9 07:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Invalid user gitlab-runner from 42.96.18.83
May  9 07:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: input_userauth_request: invalid user gitlab-runner [preauth]
May  9 07:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Failed password for invalid user gitlab-runner from 42.96.18.83 port 50398 ssh2
May  9 07:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6267]: Connection closed by 42.96.18.83 port 50398 [preauth]
May  9 07:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Invalid user oracle from 42.96.18.83
May  9 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: input_userauth_request: invalid user oracle [preauth]
May  9 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Failed password for invalid user oracle from 42.96.18.83 port 39006 ssh2
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6295]: Connection closed by 42.96.18.83 port 39006 [preauth]
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Invalid user ubnt from 42.96.18.83
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: input_userauth_request: invalid user ubnt [preauth]
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Invalid user es from 42.96.18.83
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: input_userauth_request: invalid user es [preauth]
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Failed password for invalid user ubnt from 42.96.18.83 port 39020 ssh2
May  9 07:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6302]: Connection closed by 42.96.18.83 port 39020 [preauth]
May  9 07:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Failed password for invalid user es from 42.96.18.83 port 38996 ssh2
May  9 07:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Connection closed by 42.96.18.83 port 38996 [preauth]
May  9 07:22:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Invalid user nvidia from 42.96.18.83
May  9 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: input_userauth_request: invalid user nvidia [preauth]
May  9 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:22:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Failed password for invalid user nvidia from 42.96.18.83 port 37558 ssh2
May  9 07:22:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6315]: Connection closed by 42.96.18.83 port 37558 [preauth]
May  9 07:22:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Failed password for root from 42.96.18.83 port 37570 ssh2
May  9 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6328]: Connection closed by 42.96.18.83 port 37570 [preauth]
May  9 07:22:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6343]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6342]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6342]: pam_unix(cron:session): session closed for user p13x
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6402]: Successful su for rubyman by root
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6402]: + ??? root:rubyman
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6402]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358229 of user rubyman.
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6402]: pam_unix(su:session): session closed for user rubyman
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358229.
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Failed password for root from 42.96.18.83 port 55662 ssh2
May  9 07:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6330]: Connection closed by 42.96.18.83 port 55662 [preauth]
May  9 07:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: Invalid user developer from 42.96.18.83
May  9 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: input_userauth_request: invalid user developer [preauth]
May  9 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3037]: pam_unix(cron:session): session closed for user root
May  9 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: Failed password for invalid user developer from 42.96.18.83 port 55670 ssh2
May  9 07:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6446]: Connection closed by 42.96.18.83 port 55670 [preauth]
May  9 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6343]: pam_unix(cron:session): session closed for user samftp
May  9 07:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Failed password for root from 42.96.18.83 port 55678 ssh2
May  9 07:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6575]: Connection closed by 42.96.18.83 port 55678 [preauth]
May  9 07:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: User ftp from 42.96.18.83 not allowed because not listed in AllowUsers
May  9 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: input_userauth_request: invalid user ftp [preauth]
May  9 07:23:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=ftp
May  9 07:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: Failed password for invalid user ftp from 42.96.18.83 port 33468 ssh2
May  9 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6586]: Connection closed by 42.96.18.83 port 33468 [preauth]
May  9 07:23:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: Invalid user mongodb from 42.96.18.83
May  9 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: input_userauth_request: invalid user mongodb [preauth]
May  9 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: Failed password for invalid user mongodb from 42.96.18.83 port 33476 ssh2
May  9 07:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6600]: Connection closed by 42.96.18.83 port 33476 [preauth]
May  9 07:23:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: Invalid user mongodb from 42.96.18.83
May  9 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: input_userauth_request: invalid user mongodb [preauth]
May  9 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: Failed password for invalid user mongodb from 42.96.18.83 port 33478 ssh2
May  9 07:23:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6624]: Connection closed by 42.96.18.83 port 33478 [preauth]
May  9 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Invalid user app from 42.96.18.83
May  9 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: input_userauth_request: invalid user app [preauth]
May  9 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Failed password for invalid user app from 42.96.18.83 port 35582 ssh2
May  9 07:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6626]: Connection closed by 42.96.18.83 port 35582 [preauth]
May  9 07:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Failed password for root from 42.96.18.83 port 35594 ssh2
May  9 07:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6639]: Connection closed by 42.96.18.83 port 35594 [preauth]
May  9 07:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: Invalid user www from 42.96.18.83
May  9 07:23:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: input_userauth_request: invalid user www [preauth]
May  9 07:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: Failed password for invalid user www from 42.96.18.83 port 35604 ssh2
May  9 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6668]: Connection closed by 42.96.18.83 port 35604 [preauth]
May  9 07:23:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Invalid user sonar from 42.96.18.83
May  9 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: input_userauth_request: invalid user sonar [preauth]
May  9 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Failed password for invalid user sonar from 42.96.18.83 port 36922 ssh2
May  9 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5279]: pam_unix(cron:session): session closed for user root
May  9 07:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6670]: Connection closed by 42.96.18.83 port 36922 [preauth]
May  9 07:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Invalid user elasticsearch from 42.96.18.83
May  9 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Failed password for invalid user elasticsearch from 42.96.18.83 port 36926 ssh2
May  9 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6698]: Connection closed by 42.96.18.83 port 36926 [preauth]
May  9 07:23:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: Invalid user docker from 42.96.18.83
May  9 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: input_userauth_request: invalid user docker [preauth]
May  9 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: Failed password for invalid user docker from 42.96.18.83 port 36928 ssh2
May  9 07:23:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6714]: Connection closed by 42.96.18.83 port 36928 [preauth]
May  9 07:23:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:23:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Failed password for root from 42.96.18.83 port 44174 ssh2
May  9 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Invalid user postgres from 42.96.18.83
May  9 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: input_userauth_request: invalid user postgres [preauth]
May  9 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6723]: Connection closed by 42.96.18.83 port 44174 [preauth]
May  9 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Failed password for invalid user postgres from 42.96.18.83 port 44190 ssh2
May  9 07:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6740]: Connection closed by 42.96.18.83 port 44190 [preauth]
May  9 07:23:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Invalid user dev from 42.96.18.83
May  9 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: input_userauth_request: invalid user dev [preauth]
May  9 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Failed password for invalid user dev from 42.96.18.83 port 44206 ssh2
May  9 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6751]: Connection closed by 42.96.18.83 port 44206 [preauth]
May  9 07:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Invalid user guest from 42.96.18.83
May  9 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: input_userauth_request: invalid user guest [preauth]
May  9 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Failed password for invalid user guest from 42.96.18.83 port 43000 ssh2
May  9 07:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6753]: Connection closed by 42.96.18.83 port 43000 [preauth]
May  9 07:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Invalid user tomcat from 42.96.18.83
May  9 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: input_userauth_request: invalid user tomcat [preauth]
May  9 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Failed password for invalid user tomcat from 42.96.18.83 port 43010 ssh2
May  9 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6765]: Connection closed by 42.96.18.83 port 43010 [preauth]
May  9 07:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Invalid user elsearch from 42.96.18.83
May  9 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: input_userauth_request: invalid user elsearch [preauth]
May  9 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:23:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Failed password for invalid user elsearch from 42.96.18.83 port 42042 ssh2
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6785]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6783]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6782]: pam_unix(cron:session): session closed for user p13x
May  9 07:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6779]: Connection closed by 42.96.18.83 port 42042 [preauth]
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: Successful su for rubyman by root
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: + ??? root:rubyman
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358234 of user rubyman.
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6842]: pam_unix(su:session): session closed for user rubyman
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358234.
May  9 07:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Invalid user git from 42.96.18.83
May  9 07:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: input_userauth_request: invalid user git [preauth]
May  9 07:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3502]: pam_unix(cron:session): session closed for user root
May  9 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Failed password for invalid user git from 42.96.18.83 port 42056 ssh2
May  9 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6865]: Connection closed by 42.96.18.83 port 42056 [preauth]
May  9 07:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Invalid user vagrant from 42.96.18.83
May  9 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: input_userauth_request: invalid user vagrant [preauth]
May  9 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6783]: pam_unix(cron:session): session closed for user samftp
May  9 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Failed password for invalid user vagrant from 42.96.18.83 port 42068 ssh2
May  9 07:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7117]: Connection closed by 42.96.18.83 port 42068 [preauth]
May  9 07:24:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: Invalid user esuser from 42.96.18.83
May  9 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: input_userauth_request: invalid user esuser [preauth]
May  9 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: Failed password for invalid user esuser from 42.96.18.83 port 58050 ssh2
May  9 07:24:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7146]: Connection closed by 42.96.18.83 port 58050 [preauth]
May  9 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: Invalid user ftpuser from 42.96.18.83
May  9 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: input_userauth_request: invalid user ftpuser [preauth]
May  9 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: Failed password for invalid user ftpuser from 42.96.18.83 port 58066 ssh2
May  9 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7158]: Connection closed by 42.96.18.83 port 58066 [preauth]
May  9 07:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Invalid user esuser from 42.96.18.83
May  9 07:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: input_userauth_request: invalid user esuser [preauth]
May  9 07:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Failed password for invalid user esuser from 42.96.18.83 port 58068 ssh2
May  9 07:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7182]: Connection closed by 42.96.18.83 port 58068 [preauth]
May  9 07:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: Failed password for root from 42.96.18.83 port 54848 ssh2
May  9 07:24:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7185]: Connection closed by 42.96.18.83 port 54848 [preauth]
May  9 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Invalid user worker from 42.96.18.83
May  9 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: input_userauth_request: invalid user worker [preauth]
May  9 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Failed password for invalid user worker from 42.96.18.83 port 54864 ssh2
May  9 07:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7195]: Connection closed by 42.96.18.83 port 54864 [preauth]
May  9 07:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Invalid user ftpuser from 42.96.18.83
May  9 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: input_userauth_request: invalid user ftpuser [preauth]
May  9 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Invalid user api from 193.70.84.184
May  9 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: input_userauth_request: invalid user api [preauth]
May  9 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Failed password for invalid user ftpuser from 42.96.18.83 port 54870 ssh2
May  9 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7222]: Connection closed by 42.96.18.83 port 54870 [preauth]
May  9 07:24:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Failed password for invalid user api from 193.70.84.184 port 51502 ssh2
May  9 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7225]: Connection closed by 193.70.84.184 port 51502 [preauth]
May  9 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Invalid user admin from 42.96.18.83
May  9 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: input_userauth_request: invalid user admin [preauth]
May  9 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5794]: pam_unix(cron:session): session closed for user root
May  9 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Failed password for invalid user admin from 42.96.18.83 port 55580 ssh2
May  9 07:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7227]: Connection closed by 42.96.18.83 port 55580 [preauth]
May  9 07:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Invalid user steam from 42.96.18.83
May  9 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: input_userauth_request: invalid user steam [preauth]
May  9 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Failed password for invalid user steam from 42.96.18.83 port 55582 ssh2
May  9 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7252]: Connection closed by 42.96.18.83 port 55582 [preauth]
May  9 07:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Invalid user es from 42.96.18.83
May  9 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: input_userauth_request: invalid user es [preauth]
May  9 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Failed password for invalid user es from 42.96.18.83 port 55586 ssh2
May  9 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7271]: Connection closed by 42.96.18.83 port 55586 [preauth]
May  9 07:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Failed password for root from 42.96.18.83 port 49550 ssh2
May  9 07:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7273]: Connection closed by 42.96.18.83 port 49550 [preauth]
May  9 07:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: Invalid user deploy from 42.96.18.83
May  9 07:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: input_userauth_request: invalid user deploy [preauth]
May  9 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: Failed password for invalid user deploy from 42.96.18.83 port 49560 ssh2
May  9 07:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7297]: Connection closed by 42.96.18.83 port 49560 [preauth]
May  9 07:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Invalid user demo from 42.96.18.83
May  9 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: input_userauth_request: invalid user demo [preauth]
May  9 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Failed password for invalid user demo from 42.96.18.83 port 36586 ssh2
May  9 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7307]: Connection closed by 42.96.18.83 port 36586 [preauth]
May  9 07:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Invalid user deploy from 42.96.18.83
May  9 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: input_userauth_request: invalid user deploy [preauth]
May  9 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Failed password for invalid user deploy from 42.96.18.83 port 36600 ssh2
May  9 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7309]: Connection closed by 42.96.18.83 port 36600 [preauth]
May  9 07:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Invalid user dev from 42.96.18.83
May  9 07:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: input_userauth_request: invalid user dev [preauth]
May  9 07:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:24:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Failed password for invalid user dev from 42.96.18.83 port 36602 ssh2
May  9 07:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7319]: Connection closed by 42.96.18.83 port 36602 [preauth]
May  9 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Invalid user oscar from 42.96.18.83
May  9 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: input_userauth_request: invalid user oscar [preauth]
May  9 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7337]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7333]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7332]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7335]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7337]: pam_unix(cron:session): session closed for user root
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7332]: pam_unix(cron:session): session closed for user p13x
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: Successful su for rubyman by root
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: + ??? root:rubyman
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358242 of user rubyman.
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7399]: pam_unix(su:session): session closed for user rubyman
May  9 07:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358242.
May  9 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Failed password for invalid user oscar from 42.96.18.83 port 41794 ssh2
May  9 07:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7329]: Connection closed by 42.96.18.83 port 41794 [preauth]
May  9 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Invalid user dolphinscheduler from 42.96.18.83
May  9 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7334]: pam_unix(cron:session): session closed for user root
May  9 07:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3996]: pam_unix(cron:session): session closed for user root
May  9 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Failed password for invalid user dolphinscheduler from 42.96.18.83 port 41810 ssh2
May  9 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7459]: Connection closed by 42.96.18.83 port 41810 [preauth]
May  9 07:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Invalid user pi from 42.96.18.83
May  9 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: input_userauth_request: invalid user pi [preauth]
May  9 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7333]: pam_unix(cron:session): session closed for user samftp
May  9 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Failed password for invalid user pi from 42.96.18.83 port 41816 ssh2
May  9 07:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7708]: Connection closed by 42.96.18.83 port 41816 [preauth]
May  9 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: Invalid user dev from 42.96.18.83
May  9 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: input_userauth_request: invalid user dev [preauth]
May  9 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: Failed password for invalid user dev from 42.96.18.83 port 47358 ssh2
May  9 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7738]: Connection closed by 42.96.18.83 port 47358 [preauth]
May  9 07:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Invalid user oceanbase from 42.96.18.83
May  9 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: input_userauth_request: invalid user oceanbase [preauth]
May  9 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Failed password for invalid user oceanbase from 42.96.18.83 port 47374 ssh2
May  9 07:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7740]: Connection closed by 42.96.18.83 port 47374 [preauth]
May  9 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: Invalid user lighthouse from 42.96.18.83
May  9 07:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: input_userauth_request: invalid user lighthouse [preauth]
May  9 07:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: Failed password for invalid user lighthouse from 42.96.18.83 port 47390 ssh2
May  9 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7773]: Connection closed by 42.96.18.83 port 47390 [preauth]
May  9 07:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Failed password for root from 42.96.18.83 port 41170 ssh2
May  9 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7783]: Connection closed by 42.96.18.83 port 41170 [preauth]
May  9 07:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Failed password for root from 42.96.18.83 port 41172 ssh2
May  9 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7785]: Connection closed by 42.96.18.83 port 41172 [preauth]
May  9 07:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Failed password for root from 42.96.18.83 port 41176 ssh2
May  9 07:25:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7810]: Connection closed by 42.96.18.83 port 41176 [preauth]
May  9 07:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6345]: pam_unix(cron:session): session closed for user root
May  9 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Failed password for root from 42.96.18.83 port 46944 ssh2
May  9 07:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7824]: Connection closed by 42.96.18.83 port 46944 [preauth]
May  9 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Invalid user user from 42.96.18.83
May  9 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: input_userauth_request: invalid user user [preauth]
May  9 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Failed password for invalid user user from 42.96.18.83 port 46960 ssh2
May  9 07:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7845]: Connection closed by 42.96.18.83 port 46960 [preauth]
May  9 07:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Failed password for root from 42.96.18.83 port 52822 ssh2
May  9 07:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7855]: Connection closed by 42.96.18.83 port 52822 [preauth]
May  9 07:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: Invalid user svnuser from 42.96.18.83
May  9 07:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: input_userauth_request: invalid user svnuser [preauth]
May  9 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: Failed password for invalid user svnuser from 42.96.18.83 port 52836 ssh2
May  9 07:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7866]: Connection closed by 42.96.18.83 port 52836 [preauth]
May  9 07:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: Invalid user ftpuser from 42.96.18.83
May  9 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: input_userauth_request: invalid user ftpuser [preauth]
May  9 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: Failed password for invalid user ftpuser from 42.96.18.83 port 52846 ssh2
May  9 07:25:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7883]: Connection closed by 42.96.18.83 port 52846 [preauth]
May  9 07:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Invalid user ubuntu from 42.96.18.83
May  9 07:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: input_userauth_request: invalid user ubuntu [preauth]
May  9 07:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Failed password for invalid user ubuntu from 42.96.18.83 port 48806 ssh2
May  9 07:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7894]: Connection closed by 42.96.18.83 port 48806 [preauth]
May  9 07:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Failed password for root from 42.96.18.83 port 48822 ssh2
May  9 07:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7906]: Connection closed by 42.96.18.83 port 48822 [preauth]
May  9 07:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Invalid user esadmin from 42.96.18.83
May  9 07:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: input_userauth_request: invalid user esadmin [preauth]
May  9 07:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Failed password for invalid user esadmin from 42.96.18.83 port 48828 ssh2
May  9 07:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7908]: Connection closed by 42.96.18.83 port 48828 [preauth]
May  9 07:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7925]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7924]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7922]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7923]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7922]: pam_unix(cron:session): session closed for user p13x
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: Successful su for rubyman by root
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: + ??? root:rubyman
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358245 of user rubyman.
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7995]: pam_unix(su:session): session closed for user rubyman
May  9 07:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358245.
May  9 07:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Failed password for root from 42.96.18.83 port 52746 ssh2
May  9 07:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7918]: Connection closed by 42.96.18.83 port 52746 [preauth]
May  9 07:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Invalid user flask from 42.96.18.83
May  9 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: input_userauth_request: invalid user flask [preauth]
May  9 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4599]: pam_unix(cron:session): session closed for user root
May  9 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Failed password for invalid user flask from 42.96.18.83 port 52758 ssh2
May  9 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8125]: Connection closed by 42.96.18.83 port 52758 [preauth]
May  9 07:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7923]: pam_unix(cron:session): session closed for user samftp
May  9 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Invalid user deploy from 42.96.18.83
May  9 07:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: input_userauth_request: invalid user deploy [preauth]
May  9 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Failed password for invalid user deploy from 42.96.18.83 port 52762 ssh2
May  9 07:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8208]: Connection closed by 42.96.18.83 port 52762 [preauth]
May  9 07:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Failed password for root from 42.96.18.83 port 57932 ssh2
May  9 07:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8220]: Connection closed by 42.96.18.83 port 57932 [preauth]
May  9 07:26:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Failed password for root from 42.96.18.83 port 57944 ssh2
May  9 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8244]: Connection closed by 42.96.18.83 port 57944 [preauth]
May  9 07:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: Invalid user oracle from 42.96.18.83
May  9 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: input_userauth_request: invalid user oracle [preauth]
May  9 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: Failed password for invalid user oracle from 42.96.18.83 port 57954 ssh2
May  9 07:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8246]: Connection closed by 42.96.18.83 port 57954 [preauth]
May  9 07:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Invalid user rabbitmq from 42.96.18.83
May  9 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: input_userauth_request: invalid user rabbitmq [preauth]
May  9 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Failed password for invalid user rabbitmq from 42.96.18.83 port 50390 ssh2
May  9 07:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8256]: Connection closed by 42.96.18.83 port 50390 [preauth]
May  9 07:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8278]: Failed password for root from 42.96.18.83 port 50392 ssh2
May  9 07:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8278]: Connection closed by 42.96.18.83 port 50392 [preauth]
May  9 07:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Failed password for root from 42.96.18.83 port 50398 ssh2
May  9 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8281]: Connection closed by 42.96.18.83 port 50398 [preauth]
May  9 07:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Failed password for root from 14.103.127.97 port 57738 ssh2
May  9 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Received disconnect from 14.103.127.97 port 57738:11: Bye Bye [preauth]
May  9 07:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8291]: Disconnected from 14.103.127.97 port 57738 [preauth]
May  9 07:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6785]: pam_unix(cron:session): session closed for user root
May  9 07:26:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Failed password for root from 42.96.18.83 port 34048 ssh2
May  9 07:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8325]: Connection closed by 42.96.18.83 port 34048 [preauth]
May  9 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Invalid user wang from 42.96.18.83
May  9 07:26:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: input_userauth_request: invalid user wang [preauth]
May  9 07:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Failed password for invalid user wang from 42.96.18.83 port 51828 ssh2
May  9 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Connection closed by 42.96.18.83 port 51828 [preauth]
May  9 07:26:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Invalid user hadoop from 42.96.18.83
May  9 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: input_userauth_request: invalid user hadoop [preauth]
May  9 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Failed password for invalid user hadoop from 42.96.18.83 port 51840 ssh2
May  9 07:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8338]: Connection closed by 42.96.18.83 port 51840 [preauth]
May  9 07:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Failed password for root from 42.96.18.83 port 51856 ssh2
May  9 07:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8361]: Connection closed by 42.96.18.83 port 51856 [preauth]
May  9 07:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Invalid user elasticsearch from 42.96.18.83
May  9 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: input_userauth_request: invalid user elasticsearch [preauth]
May  9 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Failed password for invalid user elasticsearch from 42.96.18.83 port 47342 ssh2
May  9 07:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Connection closed by 42.96.18.83 port 47342 [preauth]
May  9 07:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: User ftp from 42.96.18.83 not allowed because not listed in AllowUsers
May  9 07:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: input_userauth_request: invalid user ftp [preauth]
May  9 07:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=ftp
May  9 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Failed password for invalid user ftp from 42.96.18.83 port 47344 ssh2
May  9 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8374]: Connection closed by 42.96.18.83 port 47344 [preauth]
May  9 07:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Invalid user uftp from 42.96.18.83
May  9 07:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: input_userauth_request: invalid user uftp [preauth]
May  9 07:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Failed password for invalid user uftp from 42.96.18.83 port 47348 ssh2
May  9 07:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8386]: Connection closed by 42.96.18.83 port 47348 [preauth]
May  9 07:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Invalid user awsgui from 42.96.18.83
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: input_userauth_request: invalid user awsgui [preauth]
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8401]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8399]: pam_unix(cron:session): session closed for user p13x
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: Successful su for rubyman by root
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: + ??? root:rubyman
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358247 of user rubyman.
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8468]: pam_unix(su:session): session closed for user rubyman
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358247.
May  9 07:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Failed password for invalid user awsgui from 42.96.18.83 port 37566 ssh2
May  9 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8388]: Connection closed by 42.96.18.83 port 37566 [preauth]
May  9 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Invalid user admin from 80.94.95.112
May  9 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: input_userauth_request: invalid user admin [preauth]
May  9 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: Invalid user dolphinscheduler from 42.96.18.83
May  9 07:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5278]: pam_unix(cron:session): session closed for user root
May  9 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Failed password for invalid user admin from 80.94.95.112 port 29306 ssh2
May  9 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8400]: pam_unix(cron:session): session closed for user samftp
May  9 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: Failed password for invalid user dolphinscheduler from 42.96.18.83 port 37584 ssh2
May  9 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8613]: Connection closed by 42.96.18.83 port 37584 [preauth]
May  9 07:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Failed password for invalid user admin from 80.94.95.112 port 29306 ssh2
May  9 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Failed password for root from 42.96.18.83 port 37598 ssh2
May  9 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Failed password for invalid user admin from 80.94.95.112 port 29306 ssh2
May  9 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8672]: Connection closed by 42.96.18.83 port 37598 [preauth]
May  9 07:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Invalid user yarn from 42.96.18.83
May  9 07:27:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: input_userauth_request: invalid user yarn [preauth]
May  9 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Failed password for invalid user admin from 80.94.95.112 port 29306 ssh2
May  9 07:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Failed password for invalid user yarn from 42.96.18.83 port 57308 ssh2
May  9 07:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8675]: Connection closed by 42.96.18.83 port 57308 [preauth]
May  9 07:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Failed password for invalid user admin from 80.94.95.112 port 29306 ssh2
May  9 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Received disconnect from 80.94.95.112 port 29306:11: Bye [preauth]
May  9 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: Disconnected from 80.94.95.112 port 29306 [preauth]
May  9 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8524]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 07:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Invalid user test2 from 42.96.18.83
May  9 07:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: input_userauth_request: invalid user test2 [preauth]
May  9 07:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Failed password for invalid user test2 from 42.96.18.83 port 57316 ssh2
May  9 07:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8704]: Connection closed by 42.96.18.83 port 57316 [preauth]
May  9 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Invalid user oracle from 42.96.18.83
May  9 07:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: input_userauth_request: invalid user oracle [preauth]
May  9 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Failed password for invalid user oracle from 42.96.18.83 port 57332 ssh2
May  9 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8720]: Connection closed by 42.96.18.83 port 57332 [preauth]
May  9 07:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Invalid user guest from 42.96.18.83
May  9 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: input_userauth_request: invalid user guest [preauth]
May  9 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Failed password for invalid user guest from 42.96.18.83 port 34728 ssh2
May  9 07:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8723]: Connection closed by 42.96.18.83 port 34728 [preauth]
May  9 07:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Invalid user wang from 42.96.18.83
May  9 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: input_userauth_request: invalid user wang [preauth]
May  9 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Failed password for invalid user wang from 42.96.18.83 port 34734 ssh2
May  9 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8747]: Connection closed by 42.96.18.83 port 34734 [preauth]
May  9 07:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: Invalid user www from 42.96.18.83
May  9 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: input_userauth_request: invalid user www [preauth]
May  9 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: Failed password for invalid user www from 42.96.18.83 port 56052 ssh2
May  9 07:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8757]: Connection closed by 42.96.18.83 port 56052 [preauth]
May  9 07:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7336]: pam_unix(cron:session): session closed for user root
May  9 07:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8759]: Failed password for root from 42.96.18.83 port 56062 ssh2
May  9 07:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8759]: Connection closed by 42.96.18.83 port 56062 [preauth]
May  9 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Invalid user nexus from 42.96.18.83
May  9 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: input_userauth_request: invalid user nexus [preauth]
May  9 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Failed password for invalid user nexus from 42.96.18.83 port 56072 ssh2
May  9 07:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8790]: Connection closed by 42.96.18.83 port 56072 [preauth]
May  9 07:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: Invalid user app from 42.96.18.83
May  9 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: input_userauth_request: invalid user app [preauth]
May  9 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: Failed password for invalid user app from 42.96.18.83 port 52032 ssh2
May  9 07:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8800]: Connection closed by 42.96.18.83 port 52032 [preauth]
May  9 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Invalid user nvidia from 42.96.18.83
May  9 07:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: input_userauth_request: invalid user nvidia [preauth]
May  9 07:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Failed password for invalid user nvidia from 42.96.18.83 port 52036 ssh2
May  9 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8802]: Connection closed by 42.96.18.83 port 52036 [preauth]
May  9 07:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May  9 07:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Failed password for root from 42.96.18.83 port 52050 ssh2
May  9 07:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8825]: Connection closed by 42.96.18.83 port 52050 [preauth]
May  9 07:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8827]: Failed password for root from 45.6.188.43 port 36372 ssh2
May  9 07:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8827]: Connection closed by 45.6.188.43 port 36372 [preauth]
May  9 07:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83  user=root
May  9 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: Invalid user es from 42.96.18.83
May  9 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: input_userauth_request: invalid user es [preauth]
May  9 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Failed password for root from 42.96.18.83 port 36688 ssh2
May  9 07:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8839]: Connection closed by 42.96.18.83 port 36688 [preauth]
May  9 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: Failed password for invalid user es from 42.96.18.83 port 36692 ssh2
May  9 07:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8843]: Connection closed by 42.96.18.83 port 36692 [preauth]
May  9 07:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: Invalid user sugi from 42.96.18.83
May  9 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: input_userauth_request: invalid user sugi [preauth]
May  9 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.96.18.83
May  9 07:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: Failed password for invalid user sugi from 42.96.18.83 port 36704 ssh2
May  9 07:27:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8855]: Connection closed by 42.96.18.83 port 36704 [preauth]
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8872]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8869]: pam_unix(cron:session): session closed for user p13x
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8931]: Successful su for rubyman by root
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8931]: + ??? root:rubyman
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8931]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358252 of user rubyman.
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8931]: pam_unix(su:session): session closed for user rubyman
May  9 07:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358252.
May  9 07:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5793]: pam_unix(cron:session): session closed for user root
May  9 07:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8870]: pam_unix(cron:session): session closed for user samftp
May  9 07:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7925]: pam_unix(cron:session): session closed for user root
May  9 07:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Failed password for root from 218.92.0.209 port 38474 ssh2
May  9 07:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: message repeated 3 times: [ Failed password for root from 218.92.0.209 port 38474 ssh2]
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9393]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9394]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9392]: pam_unix(cron:session): session closed for user p13x
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: Successful su for rubyman by root
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: + ??? root:rubyman
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358255 of user rubyman.
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9455]: pam_unix(su:session): session closed for user rubyman
May  9 07:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358255.
May  9 07:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Failed password for root from 218.92.0.209 port 38474 ssh2
May  9 07:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 38474 ssh2 [preauth]
May  9 07:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: Disconnecting: Too many authentication failures [preauth]
May  9 07:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9372]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 07:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6344]: pam_unix(cron:session): session closed for user root
May  9 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9393]: pam_unix(cron:session): session closed for user samftp
May  9 07:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: Failed password for root from 218.92.0.209 port 10862 ssh2
May  9 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: message repeated 5 times: [ Failed password for root from 218.92.0.209 port 10862 ssh2]
May  9 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: error: maximum authentication attempts exceeded for root from 218.92.0.209 port 10862 ssh2 [preauth]
May  9 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: Disconnecting: Too many authentication failures [preauth]
May  9 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9634]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 07:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.209  user=root
May  9 07:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: Failed password for root from 218.92.0.209 port 64024 ssh2
May  9 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: Received disconnect from 218.92.0.209 port 64024:11:  [preauth]
May  9 07:29:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9700]: Disconnected from 218.92.0.209 port 64024 [preauth]
May  9 07:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8403]: pam_unix(cron:session): session closed for user root
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9807]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9807]: pam_unix(cron:session): session closed for user root
May  9 07:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9802]: pam_unix(cron:session): session closed for user p13x
May  9 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: Successful su for rubyman by root
May  9 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: + ??? root:rubyman
May  9 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358259 of user rubyman.
May  9 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9872]: pam_unix(su:session): session closed for user rubyman
May  9 07:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358259.
May  9 07:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9804]: pam_unix(cron:session): session closed for user root
May  9 07:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6784]: pam_unix(cron:session): session closed for user root
May  9 07:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9803]: pam_unix(cron:session): session closed for user samftp
May  9 07:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8872]: pam_unix(cron:session): session closed for user root
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10316]: pam_unix(cron:session): session closed for user p13x
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: Successful su for rubyman by root
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: + ??? root:rubyman
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358267 of user rubyman.
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10387]: pam_unix(su:session): session closed for user rubyman
May  9 07:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358267.
May  9 07:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7335]: pam_unix(cron:session): session closed for user root
May  9 07:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10317]: pam_unix(cron:session): session closed for user samftp
May  9 07:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9395]: pam_unix(cron:session): session closed for user root
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10809]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10806]: pam_unix(cron:session): session closed for user p13x
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10866]: Successful su for rubyman by root
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10866]: + ??? root:rubyman
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10866]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358269 of user rubyman.
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10866]: pam_unix(su:session): session closed for user rubyman
May  9 07:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358269.
May  9 07:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7924]: pam_unix(cron:session): session closed for user root
May  9 07:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10807]: pam_unix(cron:session): session closed for user samftp
May  9 07:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9806]: pam_unix(cron:session): session closed for user root
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11196]: pam_unix(cron:session): session closed for user p13x
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11255]: Successful su for rubyman by root
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11255]: + ??? root:rubyman
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358274 of user rubyman.
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11255]: pam_unix(su:session): session closed for user rubyman
May  9 07:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358274.
May  9 07:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8401]: pam_unix(cron:session): session closed for user root
May  9 07:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11197]: pam_unix(cron:session): session closed for user samftp
May  9 07:33:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: User nobody from 80.94.95.115 not allowed because not listed in AllowUsers
May  9 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: input_userauth_request: invalid user nobody [preauth]
May  9 07:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=nobody
May  9 07:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Failed password for invalid user nobody from 80.94.95.115 port 22674 ssh2
May  9 07:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11440]: Connection closed by 80.94.95.115 port 22674 [preauth]
May  9 07:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:33:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Failed password for root from 14.103.127.97 port 37346 ssh2
May  9 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Received disconnect from 14.103.127.97 port 37346:11: Bye Bye [preauth]
May  9 07:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11475]: Disconnected from 14.103.127.97 port 37346 [preauth]
May  9 07:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10320]: pam_unix(cron:session): session closed for user root
May  9 07:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Failed password for root from 218.92.0.179 port 42761 ssh2
May  9 07:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42761 ssh2]
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11602]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11601]: pam_unix(cron:session): session closed for user p13x
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Received disconnect from 218.92.0.179 port 42761:11:  [preauth]
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: Disconnected from 218.92.0.179 port 42761 [preauth]
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11586]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: Successful su for rubyman by root
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: + ??? root:rubyman
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358278 of user rubyman.
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11664]: pam_unix(su:session): session closed for user rubyman
May  9 07:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358278.
May  9 07:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8871]: pam_unix(cron:session): session closed for user root
May  9 07:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11602]: pam_unix(cron:session): session closed for user samftp
May  9 07:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10809]: pam_unix(cron:session): session closed for user root
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11997]: pam_unix(cron:session): session closed for user root
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11992]: pam_unix(cron:session): session closed for user p13x
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: Successful su for rubyman by root
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: + ??? root:rubyman
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358284 of user rubyman.
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12058]: pam_unix(su:session): session closed for user rubyman
May  9 07:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358284.
May  9 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11994]: pam_unix(cron:session): session closed for user root
May  9 07:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9394]: pam_unix(cron:session): session closed for user root
May  9 07:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11993]: pam_unix(cron:session): session closed for user samftp
May  9 07:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11199]: pam_unix(cron:session): session closed for user root
May  9 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12426]: pam_unix(cron:session): session closed for user p13x
May  9 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12492]: Successful su for rubyman by root
May  9 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12492]: + ??? root:rubyman
May  9 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12492]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358288 of user rubyman.
May  9 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12492]: pam_unix(su:session): session closed for user rubyman
May  9 07:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358288.
May  9 07:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9805]: pam_unix(cron:session): session closed for user root
May  9 07:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12427]: pam_unix(cron:session): session closed for user samftp
May  9 07:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11604]: pam_unix(cron:session): session closed for user root
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12816]: pam_unix(cron:session): session closed for user p13x
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: Successful su for rubyman by root
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: + ??? root:rubyman
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358293 of user rubyman.
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12875]: pam_unix(su:session): session closed for user rubyman
May  9 07:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358293.
May  9 07:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10318]: pam_unix(cron:session): session closed for user root
May  9 07:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12817]: pam_unix(cron:session): session closed for user samftp
May  9 07:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11996]: pam_unix(cron:session): session closed for user root
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13209]: pam_unix(cron:session): session closed for user p13x
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: Successful su for rubyman by root
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: + ??? root:rubyman
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358297 of user rubyman.
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13275]: pam_unix(su:session): session closed for user rubyman
May  9 07:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358297.
May  9 07:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10808]: pam_unix(cron:session): session closed for user root
May  9 07:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13210]: pam_unix(cron:session): session closed for user samftp
May  9 07:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12429]: pam_unix(cron:session): session closed for user root
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13721]: pam_unix(cron:session): session closed for user p13x
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: Successful su for rubyman by root
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: + ??? root:rubyman
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358301 of user rubyman.
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13843]: pam_unix(su:session): session closed for user rubyman
May  9 07:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358301.
May  9 07:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13718]: pam_unix(cron:session): session closed for user root
May  9 07:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11198]: pam_unix(cron:session): session closed for user root
May  9 07:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13722]: pam_unix(cron:session): session closed for user samftp
May  9 07:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Received disconnect from 80.94.95.125 port 52085:11: Bye [preauth]
May  9 07:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14068]: Disconnected from 80.94.95.125 port 52085 [preauth]
May  9 07:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12819]: pam_unix(cron:session): session closed for user root
May  9 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: Invalid user apache from 50.235.31.47
May  9 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: input_userauth_request: invalid user apache [preauth]
May  9 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 07:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: Failed password for invalid user apache from 50.235.31.47 port 58404 ssh2
May  9 07:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14199]: Connection closed by 50.235.31.47 port 58404 [preauth]
May  9 07:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.103.127.97  user=root
May  9 07:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: Failed password for root from 14.103.127.97 port 33262 ssh2
May  9 07:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: Received disconnect from 14.103.127.97 port 33262:11: Bye Bye [preauth]
May  9 07:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14202]: Disconnected from 14.103.127.97 port 33262 [preauth]
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14213]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14219]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14220]: pam_unix(cron:session): session closed for user root
May  9 07:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14213]: pam_unix(cron:session): session closed for user p13x
May  9 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14286]: Successful su for rubyman by root
May  9 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14286]: + ??? root:rubyman
May  9 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14286]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358307 of user rubyman.
May  9 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14286]: pam_unix(su:session): session closed for user rubyman
May  9 07:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358307.
May  9 07:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14215]: pam_unix(cron:session): session closed for user root
May  9 07:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11603]: pam_unix(cron:session): session closed for user root
May  9 07:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14214]: pam_unix(cron:session): session closed for user samftp
May  9 07:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13212]: pam_unix(cron:session): session closed for user root
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14654]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14655]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14654]: pam_unix(cron:session): session closed for user p13x
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14725]: Successful su for rubyman by root
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14725]: + ??? root:rubyman
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14725]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358310 of user rubyman.
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14725]: pam_unix(su:session): session closed for user rubyman
May  9 07:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358310.
May  9 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11995]: pam_unix(cron:session): session closed for user root
May  9 07:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14655]: pam_unix(cron:session): session closed for user samftp
May  9 07:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13724]: pam_unix(cron:session): session closed for user root
May  9 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15069]: pam_unix(cron:session): session closed for user p13x
May  9 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: Successful su for rubyman by root
May  9 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: + ??? root:rubyman
May  9 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358315 of user rubyman.
May  9 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15136]: pam_unix(su:session): session closed for user rubyman
May  9 07:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358315.
May  9 07:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12428]: pam_unix(cron:session): session closed for user root
May  9 07:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15070]: pam_unix(cron:session): session closed for user samftp
May  9 07:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15318]: Bad protocol version identification 'MGLNDD_198.199.94.12_22' from 20.168.121.95 port 37996
May  9 07:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14219]: pam_unix(cron:session): session closed for user root
May  9 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15464]: pam_unix(cron:session): session closed for user p13x
May  9 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: Successful su for rubyman by root
May  9 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: + ??? root:rubyman
May  9 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358318 of user rubyman.
May  9 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15527]: pam_unix(su:session): session closed for user rubyman
May  9 07:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358318.
May  9 07:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12818]: pam_unix(cron:session): session closed for user root
May  9 07:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15465]: pam_unix(cron:session): session closed for user samftp
May  9 07:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14658]: pam_unix(cron:session): session closed for user root
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15864]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15863]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15862]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15860]: pam_unix(cron:session): session closed for user p13x
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: Successful su for rubyman by root
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: + ??? root:rubyman
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358322 of user rubyman.
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15929]: pam_unix(su:session): session closed for user rubyman
May  9 07:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358322.
May  9 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Invalid user admin from 80.94.95.241
May  9 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: input_userauth_request: invalid user admin [preauth]
May  9 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13211]: pam_unix(cron:session): session closed for user root
May  9 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user admin from 80.94.95.241 port 11568 ssh2
May  9 07:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15862]: pam_unix(cron:session): session closed for user samftp
May  9 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user admin from 80.94.95.241 port 11568 ssh2
May  9 07:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user admin from 80.94.95.241 port 11568 ssh2
May  9 07:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user admin from 80.94.95.241 port 11568 ssh2
May  9 07:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Failed password for invalid user admin from 80.94.95.241 port 11568 ssh2
May  9 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Received disconnect from 80.94.95.241 port 11568:11: Bye [preauth]
May  9 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: Disconnected from 80.94.95.241 port 11568 [preauth]
May  9 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 07:44:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15927]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 07:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15072]: pam_unix(cron:session): session closed for user root
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16252]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16253]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16253]: pam_unix(cron:session): session closed for user root
May  9 07:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16247]: pam_unix(cron:session): session closed for user p13x
May  9 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: Successful su for rubyman by root
May  9 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: + ??? root:rubyman
May  9 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358329 of user rubyman.
May  9 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16317]: pam_unix(su:session): session closed for user rubyman
May  9 07:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358329.
May  9 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16250]: pam_unix(cron:session): session closed for user root
May  9 07:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13723]: pam_unix(cron:session): session closed for user root
May  9 07:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16248]: pam_unix(cron:session): session closed for user samftp
May  9 07:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.208  user=root
May  9 07:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16571]: Failed password for root from 218.92.0.208 port 58492 ssh2
May  9 07:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15468]: pam_unix(cron:session): session closed for user root
May  9 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16730]: pam_unix(cron:session): session closed for user p13x
May  9 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16804]: Successful su for rubyman by root
May  9 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16804]: + ??? root:rubyman
May  9 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358333 of user rubyman.
May  9 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16804]: pam_unix(su:session): session closed for user rubyman
May  9 07:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358333.
May  9 07:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14217]: pam_unix(cron:session): session closed for user root
May  9 07:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16731]: pam_unix(cron:session): session closed for user samftp
May  9 07:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15864]: pam_unix(cron:session): session closed for user root
May  9 07:46:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:46:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:47:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for root from 218.92.0.179 port 21081 ssh2
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17174]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17173]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17172]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17171]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17171]: pam_unix(cron:session): session closed for user p13x
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: Successful su for rubyman by root
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: + ??? root:rubyman
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358336 of user rubyman.
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17233]: pam_unix(su:session): session closed for user rubyman
May  9 07:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358336.
May  9 07:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for root from 218.92.0.179 port 21081 ssh2
May  9 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14656]: pam_unix(cron:session): session closed for user root
May  9 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Failed password for root from 218.92.0.179 port 21081 ssh2
May  9 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Received disconnect from 218.92.0.179 port 21081:11:  [preauth]
May  9 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: Disconnected from 218.92.0.179 port 21081 [preauth]
May  9 07:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17161]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 07:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17172]: pam_unix(cron:session): session closed for user samftp
May  9 07:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16252]: pam_unix(cron:session): session closed for user root
May  9 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17565]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:47:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17565]: Did not receive identification string from 193.32.162.89
May  9 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17586]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17584]: pam_unix(cron:session): session closed for user p13x
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17645]: Successful su for rubyman by root
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17645]: + ??? root:rubyman
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17645]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358340 of user rubyman.
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17645]: pam_unix(su:session): session closed for user rubyman
May  9 07:48:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358340.
May  9 07:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15071]: pam_unix(cron:session): session closed for user root
May  9 07:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17585]: pam_unix(cron:session): session closed for user samftp
May  9 07:48:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:48:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 07:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Failed password for root from 80.94.95.116 port 49708 ssh2
May  9 07:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17945]: Connection closed by 80.94.95.116 port 49708 [preauth]
May  9 07:48:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16734]: pam_unix(cron:session): session closed for user root
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18109]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18110]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18107]: pam_unix(cron:session): session closed for user p13x
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18172]: Successful su for rubyman by root
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18172]: + ??? root:rubyman
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18172]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358344 of user rubyman.
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18172]: pam_unix(su:session): session closed for user rubyman
May  9 07:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358344.
May  9 07:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15466]: pam_unix(cron:session): session closed for user root
May  9 07:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18108]: pam_unix(cron:session): session closed for user samftp
May  9 07:49:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17174]: pam_unix(cron:session): session closed for user root
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18522]: pam_unix(cron:session): session closed for user root
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18517]: pam_unix(cron:session): session closed for user p13x
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: Successful su for rubyman by root
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: + ??? root:rubyman
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358348 of user rubyman.
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18586]: pam_unix(su:session): session closed for user rubyman
May  9 07:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358348.
May  9 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18519]: pam_unix(cron:session): session closed for user root
May  9 07:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15863]: pam_unix(cron:session): session closed for user root
May  9 07:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18518]: pam_unix(cron:session): session closed for user samftp
May  9 07:50:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17587]: pam_unix(cron:session): session closed for user root
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18953]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18952]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18952]: pam_unix(cron:session): session closed for user p13x
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: Successful su for rubyman by root
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: + ??? root:rubyman
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358355 of user rubyman.
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19022]: pam_unix(su:session): session closed for user rubyman
May  9 07:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358355.
May  9 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16251]: pam_unix(cron:session): session closed for user root
May  9 07:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18953]: pam_unix(cron:session): session closed for user samftp
May  9 07:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18110]: pam_unix(cron:session): session closed for user root
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19374]: pam_unix(cron:session): session closed for user p13x
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: Successful su for rubyman by root
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: + ??? root:rubyman
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358358 of user rubyman.
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19435]: pam_unix(su:session): session closed for user rubyman
May  9 07:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358358.
May  9 07:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16733]: pam_unix(cron:session): session closed for user root
May  9 07:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19375]: pam_unix(cron:session): session closed for user samftp
May  9 07:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18521]: pam_unix(cron:session): session closed for user root
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19788]: pam_unix(cron:session): session closed for user p13x
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19851]: Successful su for rubyman by root
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19851]: + ??? root:rubyman
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19851]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358362 of user rubyman.
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19851]: pam_unix(su:session): session closed for user rubyman
May  9 07:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358362.
May  9 07:53:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17173]: pam_unix(cron:session): session closed for user root
May  9 07:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19789]: pam_unix(cron:session): session closed for user samftp
May  9 07:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18956]: pam_unix(cron:session): session closed for user root
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20196]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20194]: pam_unix(cron:session): session closed for user p13x
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: Successful su for rubyman by root
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: + ??? root:rubyman
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358367 of user rubyman.
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20255]: pam_unix(su:session): session closed for user rubyman
May  9 07:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358367.
May  9 07:54:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17586]: pam_unix(cron:session): session closed for user root
May  9 07:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20195]: pam_unix(cron:session): session closed for user samftp
May  9 07:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19377]: pam_unix(cron:session): session closed for user root
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20595]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20595]: pam_unix(cron:session): session closed for user root
May  9 07:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20589]: pam_unix(cron:session): session closed for user p13x
May  9 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: Successful su for rubyman by root
May  9 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: + ??? root:rubyman
May  9 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358371 of user rubyman.
May  9 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20670]: pam_unix(su:session): session closed for user rubyman
May  9 07:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358371.
May  9 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20591]: pam_unix(cron:session): session closed for user root
May  9 07:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18109]: pam_unix(cron:session): session closed for user root
May  9 07:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20590]: pam_unix(cron:session): session closed for user samftp
May  9 07:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19791]: pam_unix(cron:session): session closed for user root
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21041]: pam_unix(cron:session): session closed for user p13x
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21112]: Successful su for rubyman by root
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21112]: + ??? root:rubyman
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21112]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358377 of user rubyman.
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21112]: pam_unix(su:session): session closed for user rubyman
May  9 07:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358377.
May  9 07:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18520]: pam_unix(cron:session): session closed for user root
May  9 07:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21042]: pam_unix(cron:session): session closed for user samftp
May  9 07:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20197]: pam_unix(cron:session): session closed for user root
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21483]: pam_unix(cron:session): session closed for user p13x
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: Successful su for rubyman by root
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: + ??? root:rubyman
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358381 of user rubyman.
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21550]: pam_unix(su:session): session closed for user rubyman
May  9 07:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358381.
May  9 07:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18955]: pam_unix(cron:session): session closed for user root
May  9 07:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21485]: pam_unix(cron:session): session closed for user samftp
May  9 07:57:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Invalid user admin from 80.94.95.112
May  9 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: input_userauth_request: invalid user admin [preauth]
May  9 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:57:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user admin from 80.94.95.112 port 10191 ssh2
May  9 07:57:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20594]: pam_unix(cron:session): session closed for user root
May  9 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user admin from 80.94.95.112 port 10191 ssh2
May  9 07:57:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:57:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user admin from 80.94.95.112 port 10191 ssh2
May  9 07:57:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user admin from 80.94.95.112 port 10191 ssh2
May  9 07:57:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: pam_unix(sshd:auth): check pass; user unknown
May  9 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Failed password for invalid user admin from 80.94.95.112 port 10191 ssh2
May  9 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Received disconnect from 80.94.95.112 port 10191:11: Bye [preauth]
May  9 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: Disconnected from 80.94.95.112 port 10191 [preauth]
May  9 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 07:57:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22110]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22206]: pam_unix(cron:session): session closed for user p13x
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: Successful su for rubyman by root
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: + ??? root:rubyman
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358386 of user rubyman.
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22292]: pam_unix(su:session): session closed for user rubyman
May  9 07:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358386.
May  9 07:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19376]: pam_unix(cron:session): session closed for user root
May  9 07:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22207]: pam_unix(cron:session): session closed for user samftp
May  9 07:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21044]: pam_unix(cron:session): session closed for user root
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22678]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22679]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22676]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22676]: pam_unix(cron:session): session closed for user p13x
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22743]: Successful su for rubyman by root
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22743]: + ??? root:rubyman
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22743]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358388 of user rubyman.
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22743]: pam_unix(su:session): session closed for user rubyman
May  9 07:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358388.
May  9 07:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19790]: pam_unix(cron:session): session closed for user root
May  9 07:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22678]: pam_unix(cron:session): session closed for user samftp
May  9 07:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21487]: pam_unix(cron:session): session closed for user root
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23143]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23146]: pam_unix(cron:session): session closed for user root
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23142]: pam_unix(cron:session): session closed for user root
May  9 08:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23140]: pam_unix(cron:session): session closed for user p13x
May  9 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: Successful su for rubyman by root
May  9 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: + ??? root:rubyman
May  9 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358394 of user rubyman.
May  9 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23248]: pam_unix(su:session): session closed for user rubyman
May  9 08:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358394.
May  9 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23143]: pam_unix(cron:session): session closed for user root
May  9 08:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20196]: pam_unix(cron:session): session closed for user root
May  9 08:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23141]: pam_unix(cron:session): session closed for user samftp
May  9 08:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22212]: pam_unix(cron:session): session closed for user root
May  9 08:00:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Failed password for root from 218.92.0.179 port 18715 ssh2
May  9 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18715 ssh2]
May  9 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Received disconnect from 218.92.0.179 port 18715:11:  [preauth]
May  9 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: Disconnected from 218.92.0.179 port 18715 [preauth]
May  9 08:00:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23692]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:00:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23746]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23747]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23745]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23744]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23744]: pam_unix(cron:session): session closed for user p13x
May  9 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: Successful su for rubyman by root
May  9 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: + ??? root:rubyman
May  9 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358399 of user rubyman.
May  9 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23916]: pam_unix(su:session): session closed for user rubyman
May  9 08:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358399.
May  9 08:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20592]: pam_unix(cron:session): session closed for user root
May  9 08:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23745]: pam_unix(cron:session): session closed for user samftp
May  9 08:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22680]: pam_unix(cron:session): session closed for user root
May  9 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24286]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24286]: pam_unix(cron:session): session closed for user p13x
May  9 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: Successful su for rubyman by root
May  9 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: + ??? root:rubyman
May  9 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358403 of user rubyman.
May  9 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24358]: pam_unix(su:session): session closed for user rubyman
May  9 08:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358403.
May  9 08:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21043]: pam_unix(cron:session): session closed for user root
May  9 08:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24288]: pam_unix(cron:session): session closed for user samftp
May  9 08:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23145]: pam_unix(cron:session): session closed for user root
May  9 08:02:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24725]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24724]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24723]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24722]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24722]: pam_unix(cron:session): session closed for user p13x
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: Successful su for rubyman by root
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: + ??? root:rubyman
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358408 of user rubyman.
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24780]: pam_unix(su:session): session closed for user rubyman
May  9 08:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358408.
May  9 08:03:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21486]: pam_unix(cron:session): session closed for user root
May  9 08:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24723]: pam_unix(cron:session): session closed for user samftp
May  9 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Invalid user admin from 80.94.95.125
May  9 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: input_userauth_request: invalid user admin [preauth]
May  9 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:03:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user admin from 80.94.95.125 port 27550 ssh2
May  9 08:03:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user admin from 80.94.95.125 port 27550 ssh2
May  9 08:03:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user admin from 80.94.95.125 port 27550 ssh2
May  9 08:03:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:03:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user admin from 80.94.95.125 port 27550 ssh2
May  9 08:03:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:03:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Failed password for invalid user admin from 80.94.95.125 port 27550 ssh2
May  9 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Received disconnect from 80.94.95.125 port 27550:11: Bye [preauth]
May  9 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: Disconnected from 80.94.95.125 port 27550 [preauth]
May  9 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:03:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24684]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23747]: pam_unix(cron:session): session closed for user root
May  9 08:04:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25132]: pam_unix(cron:session): session closed for user p13x
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: Invalid user ftpuser from 194.0.234.19
May  9 08:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: input_userauth_request: invalid user ftpuser [preauth]
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25196]: Successful su for rubyman by root
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25196]: + ??? root:rubyman
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25196]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358412 of user rubyman.
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25196]: pam_unix(su:session): session closed for user rubyman
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358412.
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19
May  9 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: Failed password for invalid user ftpuser from 194.0.234.19 port 63178 ssh2
May  9 08:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25120]: Connection closed by 194.0.234.19 port 63178 [preauth]
May  9 08:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22208]: pam_unix(cron:session): session closed for user root
May  9 08:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25134]: pam_unix(cron:session): session closed for user samftp
May  9 08:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24292]: pam_unix(cron:session): session closed for user root
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25553]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25558]: pam_unix(cron:session): session closed for user root
May  9 08:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25552]: pam_unix(cron:session): session closed for user p13x
May  9 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25634]: Successful su for rubyman by root
May  9 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25634]: + ??? root:rubyman
May  9 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25634]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358417 of user rubyman.
May  9 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25634]: pam_unix(su:session): session closed for user rubyman
May  9 08:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358417.
May  9 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22679]: pam_unix(cron:session): session closed for user root
May  9 08:05:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25555]: pam_unix(cron:session): session closed for user root
May  9 08:05:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25553]: pam_unix(cron:session): session closed for user samftp
May  9 08:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24725]: pam_unix(cron:session): session closed for user root
May  9 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26071]: pam_unix(cron:session): session closed for user p13x
May  9 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: Successful su for rubyman by root
May  9 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: + ??? root:rubyman
May  9 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358421 of user rubyman.
May  9 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26140]: pam_unix(su:session): session closed for user rubyman
May  9 08:06:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358421.
May  9 08:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23144]: pam_unix(cron:session): session closed for user root
May  9 08:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26072]: pam_unix(cron:session): session closed for user samftp
May  9 08:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25136]: pam_unix(cron:session): session closed for user root
May  9 08:06:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:06:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Failed password for root from 218.92.0.179 port 52550 ssh2
May  9 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52550 ssh2]
May  9 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Received disconnect from 218.92.0.179 port 52550:11:  [preauth]
May  9 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: Disconnected from 218.92.0.179 port 52550 [preauth]
May  9 08:06:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26432]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26556]: pam_unix(cron:session): session closed for user p13x
May  9 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: Successful su for rubyman by root
May  9 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: + ??? root:rubyman
May  9 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358425 of user rubyman.
May  9 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26616]: pam_unix(su:session): session closed for user rubyman
May  9 08:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358425.
May  9 08:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23746]: pam_unix(cron:session): session closed for user root
May  9 08:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26557]: pam_unix(cron:session): session closed for user samftp
May  9 08:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25557]: pam_unix(cron:session): session closed for user root
May  9 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26998]: pam_unix(cron:session): session closed for user p13x
May  9 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: Successful su for rubyman by root
May  9 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: + ??? root:rubyman
May  9 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358429 of user rubyman.
May  9 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27093]: pam_unix(su:session): session closed for user rubyman
May  9 08:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358429.
May  9 08:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24290]: pam_unix(cron:session): session closed for user root
May  9 08:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27004]: pam_unix(cron:session): session closed for user samftp
May  9 08:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26074]: pam_unix(cron:session): session closed for user root
May  9 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27500]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27498]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27496]: pam_unix(cron:session): session closed for user p13x
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: Successful su for rubyman by root
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: + ??? root:rubyman
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358434 of user rubyman.
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27631]: pam_unix(su:session): session closed for user rubyman
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358434.
May  9 08:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27493]: pam_unix(cron:session): session closed for user root
May  9 08:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24724]: pam_unix(cron:session): session closed for user root
May  9 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Invalid user  from 75.12.134.50
May  9 08:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: input_userauth_request: invalid user  [preauth]
May  9 08:09:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27497]: pam_unix(cron:session): session closed for user samftp
May  9 08:09:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27833]: Connection closed by 75.12.134.50 port 40724 [preauth]
May  9 08:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26559]: pam_unix(cron:session): session closed for user root
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28008]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28013]: pam_unix(cron:session): session closed for user root
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28008]: pam_unix(cron:session): session closed for user p13x
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: Successful su for rubyman by root
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: + ??? root:rubyman
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358442 of user rubyman.
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28079]: pam_unix(su:session): session closed for user rubyman
May  9 08:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358442.
May  9 08:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28010]: pam_unix(cron:session): session closed for user root
May  9 08:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25135]: pam_unix(cron:session): session closed for user root
May  9 08:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28009]: pam_unix(cron:session): session closed for user samftp
May  9 08:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27006]: pam_unix(cron:session): session closed for user root
May  9 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28445]: pam_unix(cron:session): session closed for user p13x
May  9 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28519]: Successful su for rubyman by root
May  9 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28519]: + ??? root:rubyman
May  9 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28519]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358445 of user rubyman.
May  9 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28519]: pam_unix(su:session): session closed for user rubyman
May  9 08:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358445.
May  9 08:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25556]: pam_unix(cron:session): session closed for user root
May  9 08:11:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28446]: pam_unix(cron:session): session closed for user samftp
May  9 08:11:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  9 08:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Failed password for root from 80.94.95.125 port 6247 ssh2
May  9 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: message repeated 4 times: [ Failed password for root from 80.94.95.125 port 6247 ssh2]
May  9 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Received disconnect from 80.94.95.125 port 6247:11: Bye [preauth]
May  9 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: Disconnected from 80.94.95.125 port 6247 [preauth]
May  9 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  9 08:11:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28707]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27500]: pam_unix(cron:session): session closed for user root
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28853]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28849]: pam_unix(cron:session): session closed for user p13x
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28926]: Successful su for rubyman by root
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28926]: + ??? root:rubyman
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28926]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358449 of user rubyman.
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28926]: pam_unix(su:session): session closed for user rubyman
May  9 08:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358449.
May  9 08:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26073]: pam_unix(cron:session): session closed for user root
May  9 08:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28850]: pam_unix(cron:session): session closed for user samftp
May  9 08:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28012]: pam_unix(cron:session): session closed for user root
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29363]: pam_unix(cron:session): session closed for user p13x
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: Successful su for rubyman by root
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: + ??? root:rubyman
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358453 of user rubyman.
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29427]: pam_unix(su:session): session closed for user rubyman
May  9 08:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358453.
May  9 08:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26558]: pam_unix(cron:session): session closed for user root
May  9 08:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29364]: pam_unix(cron:session): session closed for user samftp
May  9 08:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28449]: pam_unix(cron:session): session closed for user root
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29771]: pam_unix(cron:session): session closed for user p13x
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: Successful su for rubyman by root
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: + ??? root:rubyman
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358457 of user rubyman.
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29832]: pam_unix(su:session): session closed for user rubyman
May  9 08:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358457.
May  9 08:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27005]: pam_unix(cron:session): session closed for user root
May  9 08:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29772]: pam_unix(cron:session): session closed for user samftp
May  9 08:14:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30051]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Invalid user pi from 75.12.134.50
May  9 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: input_userauth_request: invalid user pi [preauth]
May  9 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: Invalid user git from 75.12.134.50
May  9 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: input_userauth_request: invalid user git [preauth]
May  9 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:14:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Failed password for invalid user pi from 75.12.134.50 port 34874 ssh2
May  9 08:14:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30053]: Connection closed by 75.12.134.50 port 34874 [preauth]
May  9 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: Failed password for invalid user git from 75.12.134.50 port 47622 ssh2
May  9 08:14:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30090]: Connection closed by 75.12.134.50 port 47622 [preauth]
May  9 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28853]: pam_unix(cron:session): session closed for user root
May  9 08:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Invalid user wang from 75.12.134.50
May  9 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: input_userauth_request: invalid user wang [preauth]
May  9 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:14:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Failed password for invalid user wang from 75.12.134.50 port 47634 ssh2
May  9 08:14:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30101]: Connection closed by 75.12.134.50 port 47634 [preauth]
May  9 08:14:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: Invalid user mongo from 75.12.134.50
May  9 08:14:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: input_userauth_request: invalid user mongo [preauth]
May  9 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:14:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: Failed password for invalid user mongo from 75.12.134.50 port 51268 ssh2
May  9 08:14:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30134]: Connection closed by 75.12.134.50 port 51268 [preauth]
May  9 08:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Invalid user nginx from 75.12.134.50
May  9 08:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: input_userauth_request: invalid user nginx [preauth]
May  9 08:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:14:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:14:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Failed password for invalid user nginx from 75.12.134.50 port 47650 ssh2
May  9 08:14:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30118]: Connection closed by 75.12.134.50 port 47650 [preauth]
May  9 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Invalid user gpadmin from 75.12.134.50
May  9 08:14:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: input_userauth_request: invalid user gpadmin [preauth]
May  9 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:14:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:14:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30170]: Failed password for invalid user gpadmin from 75.12.134.50 port 60216 ssh2
May  9 08:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Invalid user gitlab from 75.12.134.50
May  9 08:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: input_userauth_request: invalid user gitlab [preauth]
May  9 08:15:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Failed password for root from 75.12.134.50 port 60246 ssh2
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30202]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30202]: pam_unix(cron:session): session closed for user root
May  9 08:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30197]: pam_unix(cron:session): session closed for user p13x
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: Successful su for rubyman by root
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: + ??? root:rubyman
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358461 of user rubyman.
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30261]: pam_unix(su:session): session closed for user rubyman
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358461.
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30284]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30172]: Connection closed by 75.12.134.50 port 60246 [preauth]
May  9 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30199]: pam_unix(cron:session): session closed for user root
May  9 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Failed password for invalid user gitlab from 75.12.134.50 port 55394 ssh2
May  9 08:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30194]: Connection closed by 75.12.134.50 port 55394 [preauth]
May  9 08:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27498]: pam_unix(cron:session): session closed for user root
May  9 08:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30198]: pam_unix(cron:session): session closed for user samftp
May  9 08:15:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30488]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30488]: Failed password for root from 75.12.134.50 port 42382 ssh2
May  9 08:15:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30488]: Connection closed by 75.12.134.50 port 42382 [preauth]
May  9 08:15:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30514]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Invalid user flask from 75.12.134.50
May  9 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: input_userauth_request: invalid user flask [preauth]
May  9 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Failed password for invalid user flask from 75.12.134.50 port 54476 ssh2
May  9 08:15:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30523]: Connection closed by 75.12.134.50 port 54476 [preauth]
May  9 08:15:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:15:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Failed password for root from 75.12.134.50 port 55404 ssh2
May  9 08:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30457]: Connection closed by 75.12.134.50 port 55404 [preauth]
May  9 08:15:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Invalid user admin from 80.94.95.241
May  9 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: input_userauth_request: invalid user admin [preauth]
May  9 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 08:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Failed password for invalid user admin from 80.94.95.241 port 18592 ssh2
May  9 08:15:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Invalid user oracle from 75.12.134.50
May  9 08:15:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: input_userauth_request: invalid user oracle [preauth]
May  9 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Invalid user oracle from 75.12.134.50
May  9 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: input_userauth_request: invalid user oracle [preauth]
May  9 08:15:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Failed password for invalid user admin from 80.94.95.241 port 18592 ssh2
May  9 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29366]: pam_unix(cron:session): session closed for user root
May  9 08:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Failed password for invalid user oracle from 75.12.134.50 port 51282 ssh2
May  9 08:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30159]: Connection closed by 75.12.134.50 port 51282 [preauth]
May  9 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Failed password for invalid user admin from 80.94.95.241 port 18592 ssh2
May  9 08:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Invalid user test from 75.12.134.50
May  9 08:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: input_userauth_request: invalid user test [preauth]
May  9 08:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Failed password for invalid user oracle from 75.12.134.50 port 48586 ssh2
May  9 08:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30559]: Connection closed by 75.12.134.50 port 48586 [preauth]
May  9 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Failed password for invalid user admin from 80.94.95.241 port 18592 ssh2
May  9 08:15:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Failed password for invalid user test from 75.12.134.50 port 48602 ssh2
May  9 08:15:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30574]: Connection closed by 75.12.134.50 port 48602 [preauth]
May  9 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Failed password for invalid user admin from 80.94.95.241 port 18592 ssh2
May  9 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Received disconnect from 80.94.95.241 port 18592:11: Bye [preauth]
May  9 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: Disconnected from 80.94.95.241 port 18592 [preauth]
May  9 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 08:15:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30548]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Invalid user developer from 75.12.134.50
May  9 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: input_userauth_request: invalid user developer [preauth]
May  9 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Failed password for invalid user developer from 75.12.134.50 port 36668 ssh2
May  9 08:15:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30597]: Connection closed by 75.12.134.50 port 36668 [preauth]
May  9 08:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: User mysql from 75.12.134.50 not allowed because not listed in AllowUsers
May  9 08:15:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: input_userauth_request: invalid user mysql [preauth]
May  9 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=mysql
May  9 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Invalid user tom from 75.12.134.50
May  9 08:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: input_userauth_request: invalid user tom [preauth]
May  9 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Failed password for invalid user mysql from 75.12.134.50 port 45942 ssh2
May  9 08:15:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30625]: Connection closed by 75.12.134.50 port 45942 [preauth]
May  9 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Failed password for invalid user tom from 75.12.134.50 port 45956 ssh2
May  9 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30637]: Connection closed by 75.12.134.50 port 45956 [preauth]
May  9 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Invalid user user from 75.12.134.50
May  9 08:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: input_userauth_request: invalid user user [preauth]
May  9 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:15:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:16:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30650]: pam_unix(cron:session): session closed for user p13x
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Failed password for invalid user user from 75.12.134.50 port 42396 ssh2
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30513]: Connection closed by 75.12.134.50 port 42396 [preauth]
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: Successful su for rubyman by root
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: + ??? root:rubyman
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358466 of user rubyman.
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30720]: pam_unix(su:session): session closed for user rubyman
May  9 08:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358466.
May  9 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Failed password for root from 75.12.134.50 port 60616 ssh2
May  9 08:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30647]: Connection closed by 75.12.134.50 port 60616 [preauth]
May  9 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Invalid user oscar from 75.12.134.50
May  9 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: input_userauth_request: invalid user oscar [preauth]
May  9 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28011]: pam_unix(cron:session): session closed for user root
May  9 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30652]: pam_unix(cron:session): session closed for user samftp
May  9 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Failed password for invalid user oscar from 75.12.134.50 port 60624 ssh2
May  9 08:16:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30770]: Connection closed by 75.12.134.50 port 60624 [preauth]
May  9 08:16:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: Failed password for root from 75.12.134.50 port 36682 ssh2
May  9 08:16:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30624]: Connection closed by 75.12.134.50 port 36682 [preauth]
May  9 08:16:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31001]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Invalid user apache from 75.12.134.50
May  9 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: input_userauth_request: invalid user apache [preauth]
May  9 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Failed password for invalid user apache from 75.12.134.50 port 33852 ssh2
May  9 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31019]: Connection closed by 75.12.134.50 port 33852 [preauth]
May  9 08:16:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29774]: pam_unix(cron:session): session closed for user root
May  9 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Invalid user support from 80.94.95.125
May  9 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: input_userauth_request: invalid user support [preauth]
May  9 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:16:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Failed password for root from 75.12.134.50 port 58406 ssh2
May  9 08:16:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user support from 80.94.95.125 port 43134 ssh2
May  9 08:16:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user support from 80.94.95.125 port 43134 ssh2
May  9 08:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user support from 80.94.95.125 port 43134 ssh2
May  9 08:16:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user support from 80.94.95.125 port 43134 ssh2
May  9 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31058]: Connection closed by 75.12.134.50 port 58406 [preauth]
May  9 08:16:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Failed password for invalid user support from 80.94.95.125 port 43134 ssh2
May  9 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Received disconnect from 80.94.95.125 port 43134:11: Bye [preauth]
May  9 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: Disconnected from 80.94.95.125 port 43134 [preauth]
May  9 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:16:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31081]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:16:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31148]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31161]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31162]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:16:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: Failed password for root from 75.12.134.50 port 52712 ssh2
May  9 08:17:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31173]: Connection closed by 75.12.134.50 port 52712 [preauth]
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31184]: pam_unix(cron:session): session closed for user root
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31187]: pam_unix(cron:session): session closed for user p13x
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: Invalid user plexserver from 75.12.134.50
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: input_userauth_request: invalid user plexserver [preauth]
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: Successful su for rubyman by root
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: + ??? root:rubyman
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358470 of user rubyman.
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31253]: pam_unix(su:session): session closed for user rubyman
May  9 08:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358470.
May  9 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: Failed password for invalid user plexserver from 75.12.134.50 port 52726 ssh2
May  9 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31176]: Connection closed by 75.12.134.50 port 52726 [preauth]
May  9 08:17:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28448]: pam_unix(cron:session): session closed for user root
May  9 08:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31188]: pam_unix(cron:session): session closed for user samftp
May  9 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Invalid user sonar from 75.12.134.50
May  9 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: input_userauth_request: invalid user sonar [preauth]
May  9 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Failed password for invalid user sonar from 75.12.134.50 port 52742 ssh2
May  9 08:17:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Connection closed by 75.12.134.50 port 52742 [preauth]
May  9 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Invalid user tools from 75.12.134.50
May  9 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: input_userauth_request: invalid user tools [preauth]
May  9 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Failed password for invalid user tools from 75.12.134.50 port 38604 ssh2
May  9 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31444]: Connection closed by 75.12.134.50 port 38604 [preauth]
May  9 08:17:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: User mysql from 75.12.134.50 not allowed because not listed in AllowUsers
May  9 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: input_userauth_request: invalid user mysql [preauth]
May  9 08:17:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=mysql
May  9 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Invalid user gpadmin from 75.12.134.50
May  9 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: input_userauth_request: invalid user gpadmin [preauth]
May  9 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: Failed password for invalid user mysql from 75.12.134.50 port 35066 ssh2
May  9 08:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31471]: Connection closed by 75.12.134.50 port 35066 [preauth]
May  9 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Failed password for invalid user gpadmin from 75.12.134.50 port 35086 ssh2
May  9 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31507]: Connection closed by 75.12.134.50 port 35086 [preauth]
May  9 08:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30201]: pam_unix(cron:session): session closed for user root
May  9 08:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Invalid user www from 75.12.134.50
May  9 08:17:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: input_userauth_request: invalid user www [preauth]
May  9 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Invalid user oracle from 75.12.134.50
May  9 08:17:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: input_userauth_request: invalid user oracle [preauth]
May  9 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Failed password for invalid user www from 75.12.134.50 port 59350 ssh2
May  9 08:17:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31550]: Connection closed by 75.12.134.50 port 59350 [preauth]
May  9 08:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Failed password for invalid user oracle from 75.12.134.50 port 59334 ssh2
May  9 08:17:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31510]: Connection closed by 75.12.134.50 port 59334 [preauth]
May  9 08:17:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31563]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Invalid user test from 75.12.134.50
May  9 08:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: input_userauth_request: invalid user test [preauth]
May  9 08:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: Failed password for root from 75.12.134.50 port 38730 ssh2
May  9 08:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31552]: Connection closed by 75.12.134.50 port 38730 [preauth]
May  9 08:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Failed password for invalid user test from 75.12.134.50 port 38760 ssh2
May  9 08:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31589]: Connection closed by 75.12.134.50 port 38760 [preauth]
May  9 08:17:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: Invalid user app from 75.12.134.50
May  9 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: input_userauth_request: invalid user app [preauth]
May  9 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:17:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:17:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Invalid user admin from 75.12.134.50
May  9 08:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: input_userauth_request: invalid user admin [preauth]
May  9 08:18:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: Failed password for invalid user app from 75.12.134.50 port 39174 ssh2
May  9 08:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31612]: Connection closed by 75.12.134.50 port 39174 [preauth]
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31629]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31626]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31628]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31625]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31625]: pam_unix(cron:session): session closed for user p13x
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: Failed password for root from 75.12.134.50 port 39158 ssh2
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: Successful su for rubyman by root
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: + ??? root:rubyman
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358475 of user rubyman.
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31716]: pam_unix(su:session): session closed for user rubyman
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358475.
May  9 08:18:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31602]: Connection closed by 75.12.134.50 port 39158 [preauth]
May  9 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28851]: pam_unix(cron:session): session closed for user root
May  9 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Failed password for invalid user admin from 75.12.134.50 port 39144 ssh2
May  9 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: Invalid user elastic from 75.12.134.50
May  9 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: input_userauth_request: invalid user elastic [preauth]
May  9 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31591]: Connection closed by 75.12.134.50 port 39144 [preauth]
May  9 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: Failed password for invalid user elastic from 75.12.134.50 port 51122 ssh2
May  9 08:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31614]: Connection closed by 75.12.134.50 port 51122 [preauth]
May  9 08:18:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31626]: pam_unix(cron:session): session closed for user samftp
May  9 08:18:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Failed password for root from 75.12.134.50 port 51126 ssh2
May  9 08:18:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31850]: Connection closed by 75.12.134.50 port 51126 [preauth]
May  9 08:18:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Invalid user sonar from 75.12.134.50
May  9 08:18:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: input_userauth_request: invalid user sonar [preauth]
May  9 08:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Invalid user jumpserver from 75.12.134.50
May  9 08:18:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: input_userauth_request: invalid user jumpserver [preauth]
May  9 08:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:18:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: Invalid user tom from 75.12.134.50
May  9 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: input_userauth_request: invalid user tom [preauth]
May  9 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: Failed password for root from 75.12.134.50 port 50386 ssh2
May  9 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31928]: Connection closed by 75.12.134.50 port 50386 [preauth]
May  9 08:18:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Failed password for invalid user jumpserver from 75.12.134.50 port 57174 ssh2
May  9 08:18:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32035]: Connection closed by 75.12.134.50 port 57174 [preauth]
May  9 08:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: Failed password for invalid user tom from 75.12.134.50 port 57186 ssh2
May  9 08:18:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32039]: Connection closed by 75.12.134.50 port 57186 [preauth]
May  9 08:18:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Failed password for root from 218.92.0.179 port 26935 ssh2
May  9 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Failed password for root from 218.92.0.179 port 26935 ssh2
May  9 08:18:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Invalid user git from 75.12.134.50
May  9 08:18:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: input_userauth_request: invalid user git [preauth]
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Failed password for root from 218.92.0.179 port 26935 ssh2
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Received disconnect from 218.92.0.179 port 26935:11:  [preauth]
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: Disconnected from 218.92.0.179 port 26935 [preauth]
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32041]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Invalid user user from 80.94.95.125
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: input_userauth_request: invalid user user [preauth]
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Failed password for invalid user sonar from 75.12.134.50 port 50396 ssh2
May  9 08:18:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31957]: Connection closed by 75.12.134.50 port 50396 [preauth]
May  9 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Failed password for invalid user user from 80.94.95.125 port 5177 ssh2
May  9 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Failed password for invalid user user from 80.94.95.125 port 5177 ssh2
May  9 08:18:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30654]: pam_unix(cron:session): session closed for user root
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Failed password for invalid user user from 80.94.95.125 port 5177 ssh2
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Invalid user ranger from 75.12.134.50
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: input_userauth_request: invalid user ranger [preauth]
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Failed password for invalid user git from 75.12.134.50 port 33358 ssh2
May  9 08:18:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32109]: Connection closed by 75.12.134.50 port 33358 [preauth]
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Failed password for invalid user ranger from 75.12.134.50 port 33372 ssh2
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Failed password for root from 75.12.134.50 port 33378 ssh2
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Failed password for invalid user user from 80.94.95.125 port 5177 ssh2
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32218]: Connection closed by 75.12.134.50 port 33372 [preauth]
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32250]: Connection closed by 75.12.134.50 port 33378 [preauth]
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Failed password for invalid user user from 80.94.95.125 port 5177 ssh2
May  9 08:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Received disconnect from 80.94.95.125 port 5177:11: Bye [preauth]
May  9 08:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: Disconnected from 80.94.95.125 port 5177 [preauth]
May  9 08:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:18:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32216]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Invalid user appuser from 75.12.134.50
May  9 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: input_userauth_request: invalid user appuser [preauth]
May  9 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:18:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:18:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Failed password for invalid user appuser from 75.12.134.50 port 39992 ssh2
May  9 08:18:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32307]: Connection closed by 75.12.134.50 port 39992 [preauth]
May  9 08:18:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: Invalid user elsearch from 75.12.134.50
May  9 08:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32351]: input_userauth_request: invalid user elsearch [preauth]
May  9 08:18:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user p13x
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: Successful su for rubyman by root
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: + ??? root:rubyman
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358480 of user rubyman.
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32456]: pam_unix(su:session): session closed for user rubyman
May  9 08:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358480.
May  9 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32558]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32569]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32613]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29365]: pam_unix(cron:session): session closed for user root
May  9 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Invalid user nginx from 75.12.134.50
May  9 08:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: input_userauth_request: invalid user nginx [preauth]
May  9 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user samftp
May  9 08:19:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32767]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Failed password for root from 75.12.134.50 port 39696 ssh2
May  9 08:19:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[315]: Connection closed by 75.12.134.50 port 39696 [preauth]
May  9 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Invalid user user from 75.12.134.50
May  9 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: input_userauth_request: invalid user user [preauth]
May  9 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Failed password for invalid user user from 75.12.134.50 port 44640 ssh2
May  9 08:19:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[334]: Connection closed by 75.12.134.50 port 44640 [preauth]
May  9 08:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:19:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Failed password for invalid user nginx from 75.12.134.50 port 50834 ssh2
May  9 08:19:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32377]: Connection closed by 75.12.134.50 port 50834 [preauth]
May  9 08:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Invalid user uftp from 75.12.134.50
May  9 08:19:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: input_userauth_request: invalid user uftp [preauth]
May  9 08:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:19:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Failed password for invalid user uftp from 75.12.134.50 port 44652 ssh2
May  9 08:19:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[354]: Connection closed by 75.12.134.50 port 44652 [preauth]
May  9 08:19:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31190]: pam_unix(cron:session): session closed for user root
May  9 08:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[448]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: Invalid user oracle from 75.12.134.50
May  9 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: input_userauth_request: invalid user oracle [preauth]
May  9 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:19:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: Failed password for invalid user oracle from 75.12.134.50 port 58846 ssh2
May  9 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[445]: Connection closed by 75.12.134.50 port 58846 [preauth]
May  9 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Invalid user bigdata from 75.12.134.50
May  9 08:19:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: input_userauth_request: invalid user bigdata [preauth]
May  9 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:19:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Failed password for invalid user bigdata from 75.12.134.50 port 58834 ssh2
May  9 08:19:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[395]: Connection closed by 75.12.134.50 port 58834 [preauth]
May  9 08:19:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Invalid user docker from 75.12.134.50
May  9 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: input_userauth_request: invalid user docker [preauth]
May  9 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:19:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Failed password for invalid user docker from 75.12.134.50 port 39918 ssh2
May  9 08:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[520]: Connection closed by 75.12.134.50 port 39918 [preauth]
May  9 08:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session closed for user root
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[546]: pam_unix(cron:session): session closed for user p13x
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: Successful su for rubyman by root
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: + ??? root:rubyman
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358484 of user rubyman.
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: pam_unix(su:session): session closed for user rubyman
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358484.
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Invalid user oracle from 75.12.134.50
May  9 08:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: input_userauth_request: invalid user oracle [preauth]
May  9 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[548]: pam_unix(cron:session): session closed for user root
May  9 08:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29773]: pam_unix(cron:session): session closed for user root
May  9 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Failed password for invalid user oracle from 75.12.134.50 port 47726 ssh2
May  9 08:20:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[570]: Connection closed by 75.12.134.50 port 47726 [preauth]
May  9 08:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[547]: pam_unix(cron:session): session closed for user samftp
May  9 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Invalid user postgres from 75.12.134.50
May  9 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: input_userauth_request: invalid user postgres [preauth]
May  9 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Failed password for invalid user postgres from 75.12.134.50 port 47742 ssh2
May  9 08:20:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[822]: Connection closed by 75.12.134.50 port 47742 [preauth]
May  9 08:20:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: Invalid user ftpuser from 75.12.134.50
May  9 08:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: input_userauth_request: invalid user ftpuser [preauth]
May  9 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: Failed password for invalid user ftpuser from 75.12.134.50 port 48102 ssh2
May  9 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[907]: Connection closed by 75.12.134.50 port 48102 [preauth]
May  9 08:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Invalid user test from 75.12.134.50
May  9 08:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: input_userauth_request: invalid user test [preauth]
May  9 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: Invalid user guest from 75.12.134.50
May  9 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: input_userauth_request: invalid user guest [preauth]
May  9 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: Failed password for invalid user guest from 75.12.134.50 port 37458 ssh2
May  9 08:20:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[953]: Connection closed by 75.12.134.50 port 37458 [preauth]
May  9 08:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Failed password for invalid user test from 75.12.134.50 port 37448 ssh2
May  9 08:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: Invalid user worker from 75.12.134.50
May  9 08:20:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: input_userauth_request: invalid user worker [preauth]
May  9 08:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[909]: Connection closed by 75.12.134.50 port 37448 [preauth]
May  9 08:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31629]: pam_unix(cron:session): session closed for user root
May  9 08:20:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: Failed password for invalid user worker from 75.12.134.50 port 52502 ssh2
May  9 08:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[955]: Connection closed by 75.12.134.50 port 52502 [preauth]
May  9 08:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: Invalid user flask from 75.12.134.50
May  9 08:20:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[978]: input_userauth_request: invalid user flask [preauth]
May  9 08:20:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1032]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Invalid user flask from 75.12.134.50
May  9 08:20:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: input_userauth_request: invalid user flask [preauth]
May  9 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Failed password for invalid user flask from 75.12.134.50 port 47252 ssh2
May  9 08:20:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1041]: Connection closed by 75.12.134.50 port 47252 [preauth]
May  9 08:20:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Invalid user testuser from 75.12.134.50
May  9 08:20:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: input_userauth_request: invalid user testuser [preauth]
May  9 08:20:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: Invalid user postgres from 75.12.134.50
May  9 08:20:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: input_userauth_request: invalid user postgres [preauth]
May  9 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:20:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Failed password for invalid user testuser from 75.12.134.50 port 47272 ssh2
May  9 08:21:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1070]: Connection closed by 75.12.134.50 port 47272 [preauth]
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1087]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1086]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1086]: pam_unix(cron:session): session closed for user p13x
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: Failed password for invalid user postgres from 75.12.134.50 port 60898 ssh2
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1072]: Connection closed by 75.12.134.50 port 60898 [preauth]
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: Successful su for rubyman by root
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: + ??? root:rubyman
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358489 of user rubyman.
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1161]: pam_unix(su:session): session closed for user rubyman
May  9 08:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358489.
May  9 08:21:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Invalid user jenkins from 75.12.134.50
May  9 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: input_userauth_request: invalid user jenkins [preauth]
May  9 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:21:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30200]: pam_unix(cron:session): session closed for user root
May  9 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1087]: pam_unix(cron:session): session closed for user samftp
May  9 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Failed password for invalid user jenkins from 75.12.134.50 port 60924 ssh2
May  9 08:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1083]: Connection closed by 75.12.134.50 port 60924 [preauth]
May  9 08:21:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: Invalid user dspace from 164.68.105.9
May  9 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: input_userauth_request: invalid user dspace [preauth]
May  9 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:21:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: Invalid user weblogic from 75.12.134.50
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: input_userauth_request: invalid user weblogic [preauth]
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: Failed password for invalid user dspace from 164.68.105.9 port 52602 ssh2
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1408]: Connection closed by 164.68.105.9 port 52602 [preauth]
May  9 08:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: Failed password for invalid user weblogic from 75.12.134.50 port 33326 ssh2
May  9 08:21:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1396]: Connection closed by 75.12.134.50 port 33326 [preauth]
May  9 08:21:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Invalid user steam from 75.12.134.50
May  9 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: input_userauth_request: invalid user steam [preauth]
May  9 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:21:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Failed password for invalid user steam from 75.12.134.50 port 54892 ssh2
May  9 08:21:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1460]: Connection closed by 75.12.134.50 port 54892 [preauth]
May  9 08:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
May  9 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: Invalid user centos from 75.12.134.50
May  9 08:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: input_userauth_request: invalid user centos [preauth]
May  9 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: Failed password for root from 75.12.134.50 port 58448 ssh2
May  9 08:21:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1491]: Connection closed by 75.12.134.50 port 58448 [preauth]
May  9 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: Failed password for invalid user centos from 75.12.134.50 port 58460 ssh2
May  9 08:21:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1497]: Connection closed by 75.12.134.50 port 58460 [preauth]
May  9 08:21:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: User mysql from 75.12.134.50 not allowed because not listed in AllowUsers
May  9 08:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: input_userauth_request: invalid user mysql [preauth]
May  9 08:21:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=mysql
May  9 08:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1546]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: Failed password for invalid user mysql from 75.12.134.50 port 43946 ssh2
May  9 08:21:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1538]: Connection closed by 75.12.134.50 port 43946 [preauth]
May  9 08:21:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1576]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:21:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1601]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1604]: pam_unix(cron:session): session closed for user p13x
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Invalid user tomcat from 75.12.134.50
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: input_userauth_request: invalid user tomcat [preauth]
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: Successful su for rubyman by root
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: + ??? root:rubyman
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358495 of user rubyman.
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1682]: pam_unix(su:session): session closed for user rubyman
May  9 08:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358495.
May  9 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Failed password for invalid user tomcat from 75.12.134.50 port 58464 ssh2
May  9 08:22:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1528]: Connection closed by 75.12.134.50 port 58464 [preauth]
May  9 08:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30653]: pam_unix(cron:session): session closed for user root
May  9 08:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1605]: pam_unix(cron:session): session closed for user samftp
May  9 08:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  9 08:22:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Failed password for root from 193.70.84.184 port 54596 ssh2
May  9 08:22:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1948]: Connection closed by 193.70.84.184 port 54596 [preauth]
May  9 08:22:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2016]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: User ftp from 75.12.134.50 not allowed because not listed in AllowUsers
May  9 08:22:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: input_userauth_request: invalid user ftp [preauth]
May  9 08:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=ftp
May  9 08:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Failed password for invalid user ftp from 75.12.134.50 port 40548 ssh2
May  9 08:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2025]: Connection closed by 75.12.134.50 port 40548 [preauth]
May  9 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: Invalid user elastic from 75.12.134.50
May  9 08:22:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: input_userauth_request: invalid user elastic [preauth]
May  9 08:22:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:22:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Invalid user admin from 75.12.134.50
May  9 08:22:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: input_userauth_request: invalid user admin [preauth]
May  9 08:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:22:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: Failed password for invalid user elastic from 75.12.134.50 port 40552 ssh2
May  9 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2029]: Connection closed by 75.12.134.50 port 40552 [preauth]
May  9 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Failed password for invalid user admin from 75.12.134.50 port 35148 ssh2
May  9 08:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2059]: Connection closed by 75.12.134.50 port 35148 [preauth]
May  9 08:22:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2064]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session closed for user root
May  9 08:22:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Invalid user tomcat from 75.12.134.50
May  9 08:22:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: input_userauth_request: invalid user tomcat [preauth]
May  9 08:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:22:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:22:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: Invalid user gitlab from 75.12.134.50
May  9 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: input_userauth_request: invalid user gitlab [preauth]
May  9 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Failed password for invalid user tomcat from 75.12.134.50 port 35168 ssh2
May  9 08:22:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2095]: Connection closed by 75.12.134.50 port 35168 [preauth]
May  9 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2107]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: Failed password for invalid user gitlab from 75.12.134.50 port 49028 ssh2
May  9 08:22:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2097]: Connection closed by 75.12.134.50 port 49028 [preauth]
May  9 08:22:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2107]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2107]: Failed password for root from 75.12.134.50 port 49032 ssh2
May  9 08:22:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2107]: Connection closed by 75.12.134.50 port 49032 [preauth]
May  9 08:22:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Invalid user hadoop from 75.12.134.50
May  9 08:22:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: input_userauth_request: invalid user hadoop [preauth]
May  9 08:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:22:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:22:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Failed password for invalid user hadoop from 75.12.134.50 port 49044 ssh2
May  9 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:22:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2132]: Connection closed by 75.12.134.50 port 49044 [preauth]
May  9 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Failed password for root from 75.12.134.50 port 40562 ssh2
May  9 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2170]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2168]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2167]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2167]: pam_unix(cron:session): session closed for user p13x
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2228]: Successful su for rubyman by root
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2228]: + ??? root:rubyman
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2228]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358497 of user rubyman.
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2228]: pam_unix(su:session): session closed for user rubyman
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358497.
May  9 08:23:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2052]: Connection closed by 75.12.134.50 port 40562 [preauth]
May  9 08:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31189]: pam_unix(cron:session): session closed for user root
May  9 08:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2168]: pam_unix(cron:session): session closed for user samftp
May  9 08:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  9 08:23:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Failed password for root from 80.94.95.125 port 28813 ssh2
May  9 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Failed password for root from 80.94.95.125 port 28813 ssh2
May  9 08:23:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: message repeated 2 times: [ Failed password for root from 80.94.95.125 port 28813 ssh2]
May  9 08:23:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Failed password for root from 80.94.95.125 port 28813 ssh2
May  9 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Received disconnect from 80.94.95.125 port 28813:11: Bye [preauth]
May  9 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: Disconnected from 80.94.95.125 port 28813 [preauth]
May  9 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125  user=root
May  9 08:23:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2435]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:23:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: Failed password for root from 75.12.134.50 port 34770 ssh2
May  9 08:23:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: Connection closed by 75.12.134.50 port 34770 [preauth]
May  9 08:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1093]: pam_unix(cron:session): session closed for user root
May  9 08:23:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Failed password for root from 75.12.134.50 port 59804 ssh2
May  9 08:23:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2575]: Connection closed by 75.12.134.50 port 59804 [preauth]
May  9 08:23:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: Invalid user developer from 75.12.134.50
May  9 08:23:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: input_userauth_request: invalid user developer [preauth]
May  9 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:23:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:23:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: Failed password for invalid user developer from 75.12.134.50 port 52280 ssh2
May  9 08:23:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2596]: Connection closed by 75.12.134.50 port 52280 [preauth]
May  9 08:23:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: User ftp from 75.12.134.50 not allowed because not listed in AllowUsers
May  9 08:24:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: input_userauth_request: invalid user ftp [preauth]
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2622]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2623]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2621]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2620]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2620]: pam_unix(cron:session): session closed for user p13x
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2695]: Successful su for rubyman by root
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2695]: + ??? root:rubyman
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2695]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358502 of user rubyman.
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2695]: pam_unix(su:session): session closed for user rubyman
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358502.
May  9 08:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=ftp
May  9 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Invalid user mongodb from 75.12.134.50
May  9 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: input_userauth_request: invalid user mongodb [preauth]
May  9 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Failed password for invalid user ftp from 75.12.134.50 port 59280 ssh2
May  9 08:24:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2607]: Connection closed by 75.12.134.50 port 59280 [preauth]
May  9 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31628]: pam_unix(cron:session): session closed for user root
May  9 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Failed password for invalid user mongodb from 75.12.134.50 port 59290 ssh2
May  9 08:24:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2706]: Connection closed by 75.12.134.50 port 59290 [preauth]
May  9 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2621]: pam_unix(cron:session): session closed for user samftp
May  9 08:24:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Invalid user app from 75.12.134.50
May  9 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: input_userauth_request: invalid user app [preauth]
May  9 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Failed password for invalid user app from 75.12.134.50 port 33876 ssh2
May  9 08:24:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2894]: Connection closed by 75.12.134.50 port 33876 [preauth]
May  9 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Failed password for root from 75.12.134.50 port 33890 ssh2
May  9 08:24:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2905]: Connection closed by 75.12.134.50 port 33890 [preauth]
May  9 08:24:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Invalid user tuan from 50.235.31.47
May  9 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: input_userauth_request: invalid user tuan [preauth]
May  9 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: Invalid user www from 75.12.134.50
May  9 08:24:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: input_userauth_request: invalid user www [preauth]
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Failed password for invalid user tuan from 50.235.31.47 port 48682 ssh2
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2936]: Connection closed by 50.235.31.47 port 48682 [preauth]
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Invalid user sonar from 75.12.134.50
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: input_userauth_request: invalid user sonar [preauth]
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: Failed password for invalid user www from 75.12.134.50 port 33894 ssh2
May  9 08:24:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2934]: Connection closed by 75.12.134.50 port 33894 [preauth]
May  9 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Failed password for invalid user sonar from 75.12.134.50 port 35352 ssh2
May  9 08:24:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2938]: Connection closed by 75.12.134.50 port 35352 [preauth]
May  9 08:24:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2948]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: Invalid user docker from 75.12.134.50
May  9 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: input_userauth_request: invalid user docker [preauth]
May  9 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: Failed password for invalid user docker from 75.12.134.50 port 35372 ssh2
May  9 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2973]: Connection closed by 75.12.134.50 port 35372 [preauth]
May  9 08:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Invalid user postgres from 75.12.134.50
May  9 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: input_userauth_request: invalid user postgres [preauth]
May  9 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1607]: pam_unix(cron:session): session closed for user root
May  9 08:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Failed password for invalid user postgres from 75.12.134.50 port 36070 ssh2
May  9 08:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2987]: Connection closed by 75.12.134.50 port 36070 [preauth]
May  9 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Invalid user dev from 75.12.134.50
May  9 08:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: input_userauth_request: invalid user dev [preauth]
May  9 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Failed password for root from 75.12.134.50 port 36066 ssh2
May  9 08:24:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2976]: Connection closed by 75.12.134.50 port 36066 [preauth]
May  9 08:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Failed password for invalid user dev from 75.12.134.50 port 36074 ssh2
May  9 08:24:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3017]: Connection closed by 75.12.134.50 port 36074 [preauth]
May  9 08:24:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Invalid user guest from 75.12.134.50
May  9 08:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: input_userauth_request: invalid user guest [preauth]
May  9 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: Invalid user tomcat from 75.12.134.50
May  9 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: input_userauth_request: invalid user tomcat [preauth]
May  9 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3048]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Failed password for invalid user guest from 75.12.134.50 port 44796 ssh2
May  9 08:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3022]: Connection closed by 75.12.134.50 port 44796 [preauth]
May  9 08:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: Failed password for invalid user tomcat from 75.12.134.50 port 44812 ssh2
May  9 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3033]: Connection closed by 75.12.134.50 port 44812 [preauth]
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Invalid user  from 80.94.95.125
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: input_userauth_request: invalid user  [preauth]
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed none for invalid user  from 80.94.95.125 port 39303 ssh2
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: Invalid user git from 75.12.134.50
May  9 08:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: input_userauth_request: invalid user git [preauth]
May  9 08:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for invalid user  from 80.94.95.125 port 39303 ssh2
May  9 08:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: Failed password for invalid user git from 75.12.134.50 port 53892 ssh2
May  9 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for invalid user  from 80.94.95.125 port 39303 ssh2
May  9 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3059]: Connection closed by 75.12.134.50 port 53892 [preauth]
May  9 08:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Invalid user esuser from 75.12.134.50
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: input_userauth_request: invalid user esuser [preauth]
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for invalid user  from 80.94.95.125 port 39303 ssh2
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Failed password for invalid user esuser from 75.12.134.50 port 47288 ssh2
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3073]: Connection closed by 75.12.134.50 port 47288 [preauth]
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Failed password for invalid user  from 80.94.95.125 port 39303 ssh2
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Received disconnect from 80.94.95.125 port 39303:11: Bye [preauth]
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: Disconnected from 80.94.95.125 port 39303 [preauth]
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.125
May  9 08:24:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3061]: PAM service(sshd) ignoring max retries; 4 > 3
May  9 08:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3089]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3093]: pam_unix(cron:session): session closed for user root
May  9 08:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3087]: pam_unix(cron:session): session closed for user p13x
May  9 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: Successful su for rubyman by root
May  9 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: + ??? root:rubyman
May  9 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358509 of user rubyman.
May  9 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3159]: pam_unix(su:session): session closed for user rubyman
May  9 08:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358509.
May  9 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Invalid user ftpuser from 75.12.134.50
May  9 08:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: input_userauth_request: invalid user ftpuser [preauth]
May  9 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3089]: pam_unix(cron:session): session closed for user root
May  9 08:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user root
May  9 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Invalid user esuser from 75.12.134.50
May  9 08:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: input_userauth_request: invalid user esuser [preauth]
May  9 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Failed password for invalid user ftpuser from 75.12.134.50 port 47300 ssh2
May  9 08:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3084]: Connection closed by 75.12.134.50 port 47300 [preauth]
May  9 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3088]: pam_unix(cron:session): session closed for user samftp
May  9 08:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Failed password for invalid user esuser from 75.12.134.50 port 47302 ssh2
May  9 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3303]: Connection closed by 75.12.134.50 port 47302 [preauth]
May  9 08:25:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:25:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Failed password for root from 75.12.134.50 port 55756 ssh2
May  9 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: Invalid user vagrant from 75.12.134.50
May  9 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: input_userauth_request: invalid user vagrant [preauth]
May  9 08:25:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3405]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3381]: Connection closed by 75.12.134.50 port 55756 [preauth]
May  9 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: Failed password for invalid user vagrant from 75.12.134.50 port 53902 ssh2
May  9 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3071]: Connection closed by 75.12.134.50 port 53902 [preauth]
May  9 08:25:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3442]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2171]: pam_unix(cron:session): session closed for user root
May  9 08:25:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: Invalid user demo from 75.12.134.50
May  9 08:25:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: input_userauth_request: invalid user demo [preauth]
May  9 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: Failed password for invalid user demo from 75.12.134.50 port 36204 ssh2
May  9 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3505]: Connection closed by 75.12.134.50 port 36204 [preauth]
May  9 08:25:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3527]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3533]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Invalid user oscar from 75.12.134.50
May  9 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: input_userauth_request: invalid user oscar [preauth]
May  9 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:25:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Failed password for invalid user oscar from 75.12.134.50 port 46064 ssh2
May  9 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3549]: Connection closed by 75.12.134.50 port 46064 [preauth]
May  9 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Invalid user dolphinscheduler from 75.12.134.50
May  9 08:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Failed password for invalid user dolphinscheduler from 75.12.134.50 port 46074 ssh2
May  9 08:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3560]: Connection closed by 75.12.134.50 port 46074 [preauth]
May  9 08:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Invalid user pi from 75.12.134.50
May  9 08:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: input_userauth_request: invalid user pi [preauth]
May  9 08:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Invalid user dev from 75.12.134.50
May  9 08:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: input_userauth_request: invalid user dev [preauth]
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Failed password for invalid user pi from 75.12.134.50 port 46090 ssh2
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3591]: Connection closed by 75.12.134.50 port 46090 [preauth]
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3608]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3609]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3607]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3606]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3606]: pam_unix(cron:session): session closed for user p13x
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3673]: Successful su for rubyman by root
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3673]: + ??? root:rubyman
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358513 of user rubyman.
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3673]: pam_unix(su:session): session closed for user rubyman
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358513.
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Failed password for invalid user dev from 75.12.134.50 port 49914 ssh2
May  9 08:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3603]: Connection closed by 75.12.134.50 port 49914 [preauth]
May  9 08:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: Invalid user oceanbase from 75.12.134.50
May  9 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: input_userauth_request: invalid user oceanbase [preauth]
May  9 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session closed for user root
May  9 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: Failed password for invalid user oceanbase from 75.12.134.50 port 49918 ssh2
May  9 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3726]: Connection closed by 75.12.134.50 port 49918 [preauth]
May  9 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3607]: pam_unix(cron:session): session closed for user samftp
May  9 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Invalid user lighthouse from 75.12.134.50
May  9 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: input_userauth_request: invalid user lighthouse [preauth]
May  9 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Failed password for invalid user lighthouse from 75.12.134.50 port 39060 ssh2
May  9 08:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3848]: Connection closed by 75.12.134.50 port 39060 [preauth]
May  9 08:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Failed password for root from 75.12.134.50 port 39064 ssh2
May  9 08:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3864]: Connection closed by 75.12.134.50 port 39064 [preauth]
May  9 08:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Invalid user user from 75.12.134.50
May  9 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: input_userauth_request: invalid user user [preauth]
May  9 08:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.119.218  user=root
May  9 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Failed password for root from 75.12.134.50 port 42014 ssh2
May  9 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Connection closed by 75.12.134.50 port 42014 [preauth]
May  9 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Failed password for root from 75.12.134.50 port 60552 ssh2
May  9 08:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3535]: Connection closed by 75.12.134.50 port 60552 [preauth]
May  9 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Failed password for invalid user user from 75.12.134.50 port 42036 ssh2
May  9 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3916]: Connection closed by 75.12.134.50 port 42036 [preauth]
May  9 08:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Failed password for root from 101.36.119.218 port 53956 ssh2
May  9 08:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Received disconnect from 101.36.119.218 port 53956:11: Bye Bye [preauth]
May  9 08:26:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3931]: Disconnected from 101.36.119.218 port 53956 [preauth]
May  9 08:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3944]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2623]: pam_unix(cron:session): session closed for user root
May  9 08:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4007]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Invalid user ftpuser from 75.12.134.50
May  9 08:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: input_userauth_request: invalid user ftpuser [preauth]
May  9 08:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Failed password for invalid user ftpuser from 75.12.134.50 port 55006 ssh2
May  9 08:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3997]: Connection closed by 75.12.134.50 port 55006 [preauth]
May  9 08:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Invalid user esadmin from 75.12.134.50
May  9 08:26:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: input_userauth_request: invalid user esadmin [preauth]
May  9 08:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Failed password for root from 75.12.134.50 port 42024 ssh2
May  9 08:26:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3899]: Connection closed by 75.12.134.50 port 42024 [preauth]
May  9 08:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Invalid user flask from 75.12.134.50
May  9 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: input_userauth_request: invalid user flask [preauth]
May  9 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Failed password for invalid user flask from 75.12.134.50 port 58450 ssh2
May  9 08:26:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4054]: Connection closed by 75.12.134.50 port 58450 [preauth]
May  9 08:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Invalid user deploy from 75.12.134.50
May  9 08:27:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: input_userauth_request: invalid user deploy [preauth]
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4067]: pam_unix(cron:session): session closed for user p13x
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: Successful su for rubyman by root
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: + ??? root:rubyman
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358515 of user rubyman.
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4136]: pam_unix(su:session): session closed for user rubyman
May  9 08:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358515.
May  9 08:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4056]: Failed password for invalid user deploy from 75.12.134.50 port 58466 ssh2
May  9 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1089]: pam_unix(cron:session): session closed for user root
May  9 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4068]: pam_unix(cron:session): session closed for user samftp
May  9 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Failed password for root from 75.12.134.50 port 46262 ssh2
May  9 08:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4169]: Connection closed by 75.12.134.50 port 46262 [preauth]
May  9 08:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Invalid user rabbitmq from 75.12.134.50
May  9 08:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: input_userauth_request: invalid user rabbitmq [preauth]
May  9 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:27:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Failed password for invalid user rabbitmq from 75.12.134.50 port 60016 ssh2
May  9 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4473]: Connection closed by 75.12.134.50 port 60016 [preauth]
May  9 08:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Failed password for root from 75.12.134.50 port 37118 ssh2
May  9 08:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4019]: Connection closed by 75.12.134.50 port 37118 [preauth]
May  9 08:27:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Failed password for invalid user esadmin from 75.12.134.50 port 37122 ssh2
May  9 08:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4033]: Connection closed by 75.12.134.50 port 37122 [preauth]
May  9 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Invalid user wang from 75.12.134.50
May  9 08:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: input_userauth_request: invalid user wang [preauth]
May  9 08:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3091]: pam_unix(cron:session): session closed for user root
May  9 08:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:27:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Failed password for invalid user wang from 75.12.134.50 port 44036 ssh2
May  9 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Failed password for root from 75.12.134.50 port 49120 ssh2
May  9 08:27:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4520]: Connection closed by 75.12.134.50 port 49120 [preauth]
May  9 08:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4626]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4627]: Did not receive identification string from 193.32.162.89
May  9 08:27:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Invalid user awsgui from 75.12.134.50
May  9 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: input_userauth_request: invalid user awsgui [preauth]
May  9 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Failed password for invalid user awsgui from 75.12.134.50 port 54686 ssh2
May  9 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4628]: Connection closed by 75.12.134.50 port 54686 [preauth]
May  9 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Failed password for root from 75.12.134.50 port 54700 ssh2
May  9 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4642]: Connection closed by 75.12.134.50 port 54700 [preauth]
May  9 08:27:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Invalid user ubuntu from 5.189.153.19
May  9 08:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: input_userauth_request: invalid user ubuntu [preauth]
May  9 08:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19
May  9 08:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Failed password for invalid user ubuntu from 5.189.153.19 port 38716 ssh2
May  9 08:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Received disconnect from 5.189.153.19 port 38716:11: Bye Bye [preauth]
May  9 08:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4653]: Disconnected from 5.189.153.19 port 38716 [preauth]
May  9 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4667]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4666]: pam_unix(cron:session): session closed for user p13x
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: Successful su for rubyman by root
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: + ??? root:rubyman
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358519 of user rubyman.
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4730]: pam_unix(su:session): session closed for user rubyman
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358519.
May  9 08:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May  9 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1606]: pam_unix(cron:session): session closed for user root
May  9 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Failed password for root from 45.6.188.43 port 35574 ssh2
May  9 08:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4743]: Connection closed by 45.6.188.43 port 35574 [preauth]
May  9 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Invalid user oracle from 75.12.134.50
May  9 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: input_userauth_request: invalid user oracle [preauth]
May  9 08:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4667]: pam_unix(cron:session): session closed for user samftp
May  9 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Failed password for invalid user oracle from 75.12.134.50 port 49936 ssh2
May  9 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Connection closed by 75.12.134.50 port 49936 [preauth]
May  9 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Invalid user yarn from 75.12.134.50
May  9 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: input_userauth_request: invalid user yarn [preauth]
May  9 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Invalid user guest from 75.12.134.50
May  9 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: input_userauth_request: invalid user guest [preauth]
May  9 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Failed password for invalid user yarn from 75.12.134.50 port 49908 ssh2
May  9 08:28:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4655]: Connection closed by 75.12.134.50 port 49908 [preauth]
May  9 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Failed password for invalid user guest from 75.12.134.50 port 52612 ssh2
May  9 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4938]: Connection closed by 75.12.134.50 port 52612 [preauth]
May  9 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: Invalid user wang from 75.12.134.50
May  9 08:28:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: input_userauth_request: invalid user wang [preauth]
May  9 08:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: Failed password for invalid user wang from 75.12.134.50 port 52618 ssh2
May  9 08:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: Connection closed by 75.12.134.50 port 52618 [preauth]
May  9 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Invalid user www from 75.12.134.50
May  9 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: input_userauth_request: invalid user www [preauth]
May  9 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for invalid user www from 75.12.134.50 port 52620 ssh2
May  9 08:28:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 75.12.134.50 port 52620 [preauth]
May  9 08:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Failed password for root from 75.12.134.50 port 60032 ssh2
May  9 08:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4509]: Connection closed by 75.12.134.50 port 60032 [preauth]
May  9 08:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: Invalid user nexus from 75.12.134.50
May  9 08:28:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: input_userauth_request: invalid user nexus [preauth]
May  9 08:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: Failed password for invalid user nexus from 75.12.134.50 port 33402 ssh2
May  9 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4988]: Connection closed by 75.12.134.50 port 33402 [preauth]
May  9 08:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: Invalid user app from 75.12.134.50
May  9 08:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: input_userauth_request: invalid user app [preauth]
May  9 08:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: Failed password for invalid user app from 75.12.134.50 port 33408 ssh2
May  9 08:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5182]: Connection closed by 75.12.134.50 port 33408 [preauth]
May  9 08:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3609]: pam_unix(cron:session): session closed for user root
May  9 08:28:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Invalid user sugi from 75.12.134.50
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: input_userauth_request: invalid user sugi [preauth]
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Invalid user es from 75.12.134.50
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: input_userauth_request: invalid user es [preauth]
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Failed password for invalid user es from 75.12.134.50 port 52112 ssh2
May  9 08:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5272]: Connection closed by 75.12.134.50 port 52112 [preauth]
May  9 08:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:28:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Failed password for invalid user sugi from 75.12.134.50 port 52114 ssh2
May  9 08:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5246]: Connection closed by 75.12.134.50 port 52114 [preauth]
May  9 08:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Failed password for root from 75.12.134.50 port 43048 ssh2
May  9 08:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5274]: Connection closed by 75.12.134.50 port 43048 [preauth]
May  9 08:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4548]: Connection closed by 75.12.134.50 port 44036 [preauth]
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5304]: pam_unix(cron:session): session closed for user p13x
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: Successful su for rubyman by root
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: + ??? root:rubyman
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358524 of user rubyman.
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5364]: pam_unix(su:session): session closed for user rubyman
May  9 08:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358524.
May  9 08:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2170]: pam_unix(cron:session): session closed for user root
May  9 08:29:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5305]: pam_unix(cron:session): session closed for user samftp
May  9 08:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Failed password for root from 218.92.0.179 port 12814 ssh2
May  9 08:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 12814 ssh2]
May  9 08:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Received disconnect from 218.92.0.179 port 12814:11:  [preauth]
May  9 08:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: Disconnected from 218.92.0.179 port 12814 [preauth]
May  9 08:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5578]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: User ftp from 75.12.134.50 not allowed because not listed in AllowUsers
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: input_userauth_request: invalid user ftp [preauth]
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Invalid user nvidia from 75.12.134.50
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: input_userauth_request: invalid user nvidia [preauth]
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=ftp
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50  user=root
May  9 08:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: Failed password for invalid user ftp from 75.12.134.50 port 59096 ssh2
May  9 08:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Failed password for invalid user nvidia from 75.12.134.50 port 43034 ssh2
May  9 08:29:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4603]: Connection closed by 75.12.134.50 port 59096 [preauth]
May  9 08:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5194]: Connection closed by 75.12.134.50 port 43034 [preauth]
May  9 08:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Failed password for root from 75.12.134.50 port 43040 ssh2
May  9 08:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5207]: Connection closed by 75.12.134.50 port 43040 [preauth]
May  9 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Invalid user dolphinscheduler from 75.12.134.50
May  9 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: input_userauth_request: invalid user dolphinscheduler [preauth]
May  9 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.12.134.50
May  9 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Failed password for invalid user dolphinscheduler from 75.12.134.50 port 54692 ssh2
May  9 08:29:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4640]: Connection closed by 75.12.134.50 port 54692 [preauth]
May  9 08:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4071]: pam_unix(cron:session): session closed for user root
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session closed for user root
May  9 08:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5770]: pam_unix(cron:session): session closed for user p13x
May  9 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: Successful su for rubyman by root
May  9 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: + ??? root:rubyman
May  9 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358530 of user rubyman.
May  9 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5927]: pam_unix(su:session): session closed for user rubyman
May  9 08:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358530.
May  9 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session closed for user root
May  9 08:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2622]: pam_unix(cron:session): session closed for user root
May  9 08:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5771]: pam_unix(cron:session): session closed for user samftp
May  9 08:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4670]: pam_unix(cron:session): session closed for user root
May  9 08:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:30:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Failed password for root from 218.92.0.179 port 42905 ssh2
May  9 08:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42905 ssh2]
May  9 08:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Received disconnect from 218.92.0.179 port 42905:11:  [preauth]
May  9 08:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: Disconnected from 218.92.0.179 port 42905 [preauth]
May  9 08:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6251]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6313]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6312]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6311]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6311]: pam_unix(cron:session): session closed for user p13x
May  9 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: Successful su for rubyman by root
May  9 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: + ??? root:rubyman
May  9 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358534 of user rubyman.
May  9 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6379]: pam_unix(su:session): session closed for user rubyman
May  9 08:31:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358534.
May  9 08:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3090]: pam_unix(cron:session): session closed for user root
May  9 08:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6312]: pam_unix(cron:session): session closed for user samftp
May  9 08:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5307]: pam_unix(cron:session): session closed for user root
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6720]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6718]: pam_unix(cron:session): session closed for user p13x
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6791]: Successful su for rubyman by root
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6791]: + ??? root:rubyman
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6791]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358538 of user rubyman.
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6791]: pam_unix(su:session): session closed for user rubyman
May  9 08:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358538.
May  9 08:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3608]: pam_unix(cron:session): session closed for user root
May  9 08:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6719]: pam_unix(cron:session): session closed for user samftp
May  9 08:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user root
May  9 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7245]: pam_unix(cron:session): session closed for user p13x
May  9 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: Successful su for rubyman by root
May  9 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: + ??? root:rubyman
May  9 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358541 of user rubyman.
May  9 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7306]: pam_unix(su:session): session closed for user rubyman
May  9 08:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358541.
May  9 08:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4070]: pam_unix(cron:session): session closed for user root
May  9 08:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7246]: pam_unix(cron:session): session closed for user samftp
May  9 08:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7652]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6314]: pam_unix(cron:session): session closed for user root
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7756]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7754]: pam_unix(cron:session): session closed for user p13x
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: Successful su for rubyman by root
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: + ??? root:rubyman
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358546 of user rubyman.
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7824]: pam_unix(su:session): session closed for user rubyman
May  9 08:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358546.
May  9 08:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4668]: pam_unix(cron:session): session closed for user root
May  9 08:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7755]: pam_unix(cron:session): session closed for user samftp
May  9 08:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Invalid user  from 64.62.156.31
May  9 08:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: input_userauth_request: invalid user  [preauth]
May  9 08:34:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8073]: Connection closed by 64.62.156.31 port 12159 [preauth]
May  9 08:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6721]: pam_unix(cron:session): session closed for user root
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8192]: pam_unix(cron:session): session closed for user root
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8185]: pam_unix(cron:session): session closed for user p13x
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8259]: Successful su for rubyman by root
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8259]: + ??? root:rubyman
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8259]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358551 of user rubyman.
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8259]: pam_unix(su:session): session closed for user rubyman
May  9 08:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358551.
May  9 08:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Invalid user test from 194.0.234.16
May  9 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: input_userauth_request: invalid user test [preauth]
May  9 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  9 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8189]: pam_unix(cron:session): session closed for user root
May  9 08:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5306]: pam_unix(cron:session): session closed for user root
May  9 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Failed password for invalid user test from 194.0.234.16 port 35794 ssh2
May  9 08:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8301]: Connection closed by 194.0.234.16 port 35794 [preauth]
May  9 08:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8187]: pam_unix(cron:session): session closed for user samftp
May  9 08:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8512]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7248]: pam_unix(cron:session): session closed for user root
May  9 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8647]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8647]: pam_unix(cron:session): session closed for user p13x
May  9 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: Successful su for rubyman by root
May  9 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: + ??? root:rubyman
May  9 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358556 of user rubyman.
May  9 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[8729]: pam_unix(su:session): session closed for user rubyman
May  9 08:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358556.
May  9 08:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session closed for user root
May  9 08:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8649]: pam_unix(cron:session): session closed for user samftp
May  9 08:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7761]: pam_unix(cron:session): session closed for user root
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9072]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9071]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9071]: pam_unix(cron:session): session closed for user p13x
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9222]: Successful su for rubyman by root
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9222]: + ??? root:rubyman
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9222]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358559 of user rubyman.
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9222]: pam_unix(su:session): session closed for user rubyman
May  9 08:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358559.
May  9 08:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6313]: pam_unix(cron:session): session closed for user root
May  9 08:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9072]: pam_unix(cron:session): session closed for user samftp
May  9 08:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8191]: pam_unix(cron:session): session closed for user root
May  9 08:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Failed password for root from 5.189.153.19 port 46122 ssh2
May  9 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Received disconnect from 5.189.153.19 port 46122:11: Bye Bye [preauth]
May  9 08:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9539]: Disconnected from 5.189.153.19 port 46122 [preauth]
May  9 08:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Invalid user dev from 101.36.119.218
May  9 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: input_userauth_request: invalid user dev [preauth]
May  9 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.119.218
May  9 08:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Failed password for invalid user dev from 101.36.119.218 port 42400 ssh2
May  9 08:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Received disconnect from 101.36.119.218 port 42400:11: Bye Bye [preauth]
May  9 08:37:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9570]: Disconnected from 101.36.119.218 port 42400 [preauth]
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9589]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9589]: pam_unix(cron:session): session closed for user p13x
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: Successful su for rubyman by root
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: + ??? root:rubyman
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358563 of user rubyman.
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9650]: pam_unix(su:session): session closed for user rubyman
May  9 08:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358563.
May  9 08:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6720]: pam_unix(cron:session): session closed for user root
May  9 08:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9590]: pam_unix(cron:session): session closed for user samftp
May  9 08:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8651]: pam_unix(cron:session): session closed for user root
May  9 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9992]: pam_unix(cron:session): session closed for user p13x
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10114]: Successful su for rubyman by root
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10114]: + ??? root:rubyman
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358568 of user rubyman.
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10114]: pam_unix(su:session): session closed for user rubyman
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358568.
May  9 08:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9990]: pam_unix(cron:session): session closed for user root
May  9 08:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7247]: pam_unix(cron:session): session closed for user root
May  9 08:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9993]: pam_unix(cron:session): session closed for user samftp
May  9 08:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9074]: pam_unix(cron:session): session closed for user root
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10587]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10594]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10586]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10594]: pam_unix(cron:session): session closed for user root
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10585]: pam_unix(cron:session): session closed for user p13x
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: Successful su for rubyman by root
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: + ??? root:rubyman
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358572 of user rubyman.
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10694]: pam_unix(su:session): session closed for user rubyman
May  9 08:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358572.
May  9 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10587]: pam_unix(cron:session): session closed for user root
May  9 08:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7756]: pam_unix(cron:session): session closed for user root
May  9 08:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10586]: pam_unix(cron:session): session closed for user samftp
May  9 08:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9592]: pam_unix(cron:session): session closed for user root
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11080]: pam_unix(cron:session): session closed for user p13x
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11147]: Successful su for rubyman by root
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11147]: + ??? root:rubyman
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11147]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358578 of user rubyman.
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11147]: pam_unix(su:session): session closed for user rubyman
May  9 08:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358578.
May  9 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11223]: Did not receive identification string from 193.32.162.89
May  9 08:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8190]: pam_unix(cron:session): session closed for user root
May  9 08:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11081]: pam_unix(cron:session): session closed for user samftp
May  9 08:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9995]: pam_unix(cron:session): session closed for user root
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11477]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11478]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11474]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11474]: pam_unix(cron:session): session closed for user p13x
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: Successful su for rubyman by root
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: + ??? root:rubyman
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358583 of user rubyman.
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11542]: pam_unix(su:session): session closed for user rubyman
May  9 08:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358583.
May  9 08:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8650]: pam_unix(cron:session): session closed for user root
May  9 08:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11475]: pam_unix(cron:session): session closed for user samftp
May  9 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10593]: pam_unix(cron:session): session closed for user root
May  9 08:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:42:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11817]: Connection reset by 118.123.1.123 port 40596 [preauth]
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11876]: pam_unix(cron:session): session closed for user p13x
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: Successful su for rubyman by root
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: + ??? root:rubyman
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358586 of user rubyman.
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11940]: pam_unix(su:session): session closed for user rubyman
May  9 08:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358586.
May  9 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: Invalid user wxg from 5.189.153.19
May  9 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: input_userauth_request: invalid user wxg [preauth]
May  9 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19
May  9 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: Failed password for invalid user wxg from 5.189.153.19 port 44124 ssh2
May  9 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: Received disconnect from 5.189.153.19 port 44124:11: Bye Bye [preauth]
May  9 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11927]: Disconnected from 5.189.153.19 port 44124 [preauth]
May  9 08:43:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.119.218  user=root
May  9 08:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9073]: pam_unix(cron:session): session closed for user root
May  9 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Failed password for root from 101.36.119.218 port 48358 ssh2
May  9 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Received disconnect from 101.36.119.218 port 48358:11: Bye Bye [preauth]
May  9 08:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12014]: Disconnected from 101.36.119.218 port 48358 [preauth]
May  9 08:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11877]: pam_unix(cron:session): session closed for user samftp
May  9 08:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11083]: pam_unix(cron:session): session closed for user root
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12274]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12273]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12272]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12271]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12271]: pam_unix(cron:session): session closed for user p13x
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: Successful su for rubyman by root
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: + ??? root:rubyman
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358591 of user rubyman.
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12351]: pam_unix(su:session): session closed for user rubyman
May  9 08:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358591.
May  9 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9591]: pam_unix(cron:session): session closed for user root
May  9 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Invalid user adempiere from 103.237.249.202
May  9 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: input_userauth_request: invalid user adempiere [preauth]
May  9 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:44:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.237.249.202
May  9 08:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12272]: pam_unix(cron:session): session closed for user samftp
May  9 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Failed password for invalid user adempiere from 103.237.249.202 port 41304 ssh2
May  9 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Received disconnect from 103.237.249.202 port 41304:11: Bye Bye [preauth]
May  9 08:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12472]: Disconnected from 103.237.249.202 port 41304 [preauth]
May  9 08:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11478]: pam_unix(cron:session): session closed for user root
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12674]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12673]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12678]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12678]: pam_unix(cron:session): session closed for user root
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12673]: pam_unix(cron:session): session closed for user p13x
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12744]: Successful su for rubyman by root
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12744]: + ??? root:rubyman
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12744]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358599 of user rubyman.
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12744]: pam_unix(su:session): session closed for user rubyman
May  9 08:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358599.
May  9 08:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12675]: pam_unix(cron:session): session closed for user root
May  9 08:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9994]: pam_unix(cron:session): session closed for user root
May  9 08:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12674]: pam_unix(cron:session): session closed for user samftp
May  9 08:45:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Invalid user postgres from 193.70.84.184
May  9 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: input_userauth_request: invalid user postgres [preauth]
May  9 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 08:45:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Failed password for invalid user postgres from 193.70.84.184 port 52884 ssh2
May  9 08:45:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12946]: Connection closed by 193.70.84.184 port 52884 [preauth]
May  9 08:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11879]: pam_unix(cron:session): session closed for user root
May  9 08:45:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:45:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: Failed password for root from 218.92.0.179 port 13928 ssh2
May  9 08:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 13928 ssh2]
May  9 08:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: Received disconnect from 218.92.0.179 port 13928:11:  [preauth]
May  9 08:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: Disconnected from 218.92.0.179 port 13928 [preauth]
May  9 08:45:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13044]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13107]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13104]: pam_unix(cron:session): session closed for user p13x
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: Successful su for rubyman by root
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: + ??? root:rubyman
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358602 of user rubyman.
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13169]: pam_unix(su:session): session closed for user rubyman
May  9 08:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358602.
May  9 08:46:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10592]: pam_unix(cron:session): session closed for user root
May  9 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13105]: pam_unix(cron:session): session closed for user samftp
May  9 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13360]: Connection closed by 71.6.199.23 port 35616 [preauth]
May  9 08:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13358]: Connection closed by 71.6.199.23 port 35464 [preauth]
May  9 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12274]: pam_unix(cron:session): session closed for user root
May  9 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Invalid user admin from 80.94.95.241
May  9 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: input_userauth_request: invalid user admin [preauth]
May  9 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Failed password for invalid user admin from 80.94.95.241 port 37001 ssh2
May  9 08:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:46:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Failed password for invalid user admin from 80.94.95.241 port 37001 ssh2
May  9 08:46:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:46:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Failed password for invalid user admin from 80.94.95.241 port 37001 ssh2
May  9 08:46:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Failed password for invalid user admin from 80.94.95.241 port 37001 ssh2
May  9 08:46:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: pam_unix(sshd:auth): check pass; user unknown
May  9 08:46:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Failed password for invalid user admin from 80.94.95.241 port 37001 ssh2
May  9 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Received disconnect from 80.94.95.241 port 37001:11: Bye [preauth]
May  9 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: Disconnected from 80.94.95.241 port 37001 [preauth]
May  9 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 08:46:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13439]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13613]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13612]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13611]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13611]: pam_unix(cron:session): session closed for user p13x
May  9 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13676]: Successful su for rubyman by root
May  9 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13676]: + ??? root:rubyman
May  9 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358604 of user rubyman.
May  9 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13676]: pam_unix(su:session): session closed for user rubyman
May  9 08:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358604.
May  9 08:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11082]: pam_unix(cron:session): session closed for user root
May  9 08:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13612]: pam_unix(cron:session): session closed for user samftp
May  9 08:47:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13925]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12677]: pam_unix(cron:session): session closed for user root
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14019]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14015]: pam_unix(cron:session): session closed for user p13x
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: Successful su for rubyman by root
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: + ??? root:rubyman
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358610 of user rubyman.
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14082]: pam_unix(su:session): session closed for user rubyman
May  9 08:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358610.
May  9 08:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11477]: pam_unix(cron:session): session closed for user root
May  9 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14016]: pam_unix(cron:session): session closed for user samftp
May  9 08:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:48:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.119.218  user=root
May  9 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Failed password for root from 101.36.119.218 port 36492 ssh2
May  9 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Received disconnect from 101.36.119.218 port 36492:11: Bye Bye [preauth]
May  9 08:48:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14261]: Disconnected from 101.36.119.218 port 36492 [preauth]
May  9 08:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 08:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Failed password for root from 5.189.153.19 port 41208 ssh2
May  9 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Received disconnect from 5.189.153.19 port 41208:11: Bye Bye [preauth]
May  9 08:48:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14290]: Disconnected from 5.189.153.19 port 41208 [preauth]
May  9 08:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13107]: pam_unix(cron:session): session closed for user root
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14423]: pam_unix(cron:session): session closed for user p13x
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14484]: Successful su for rubyman by root
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14484]: + ??? root:rubyman
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358614 of user rubyman.
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14484]: pam_unix(su:session): session closed for user rubyman
May  9 08:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358614.
May  9 08:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11878]: pam_unix(cron:session): session closed for user root
May  9 08:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14424]: pam_unix(cron:session): session closed for user samftp
May  9 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13614]: pam_unix(cron:session): session closed for user root
May  9 08:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:49:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.215  user=root
May  9 08:49:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14774]: Failed password for root from 218.92.0.215 port 26752 ssh2
May  9 08:50:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14839]: pam_unix(cron:session): session closed for user root
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14834]: pam_unix(cron:session): session closed for user p13x
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: Successful su for rubyman by root
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: + ??? root:rubyman
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358616 of user rubyman.
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14915]: pam_unix(su:session): session closed for user rubyman
May  9 08:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358616.
May  9 08:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14836]: pam_unix(cron:session): session closed for user root
May  9 08:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12273]: pam_unix(cron:session): session closed for user root
May  9 08:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Failed password for root from 218.92.0.179 port 14251 ssh2
May  9 08:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14835]: pam_unix(cron:session): session closed for user samftp
May  9 08:50:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Failed password for root from 218.92.0.179 port 14251 ssh2
May  9 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Failed password for root from 218.92.0.179 port 14251 ssh2
May  9 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Received disconnect from 218.92.0.179 port 14251:11:  [preauth]
May  9 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: Disconnected from 218.92.0.179 port 14251 [preauth]
May  9 08:50:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14831]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14019]: pam_unix(cron:session): session closed for user root
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15268]: pam_unix(cron:session): session closed for user p13x
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15339]: Successful su for rubyman by root
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15339]: + ??? root:rubyman
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15339]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358622 of user rubyman.
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15339]: pam_unix(su:session): session closed for user rubyman
May  9 08:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358622.
May  9 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12676]: pam_unix(cron:session): session closed for user root
May  9 08:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 08:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15269]: pam_unix(cron:session): session closed for user samftp
May  9 08:51:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Failed password for root from 164.68.105.9 port 55624 ssh2
May  9 08:51:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15490]: Connection closed by 164.68.105.9 port 55624 [preauth]
May  9 08:51:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Invalid user operator from 194.0.234.16
May  9 08:51:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: input_userauth_request: invalid user operator [preauth]
May  9 08:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Failed none for invalid user operator from 194.0.234.16 port 43628 ssh2
May  9 08:51:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15531]: Connection closed by 194.0.234.16 port 43628 [preauth]
May  9 08:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14426]: pam_unix(cron:session): session closed for user root
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15668]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15670]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15667]: pam_unix(cron:session): session closed for user p13x
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15737]: Successful su for rubyman by root
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15737]: + ??? root:rubyman
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15737]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358628 of user rubyman.
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15737]: pam_unix(su:session): session closed for user rubyman
May  9 08:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358628.
May  9 08:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13106]: pam_unix(cron:session): session closed for user root
May  9 08:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15668]: pam_unix(cron:session): session closed for user samftp
May  9 08:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14838]: pam_unix(cron:session): session closed for user root
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16070]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16070]: pam_unix(cron:session): session closed for user p13x
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: Successful su for rubyman by root
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: + ??? root:rubyman
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358630 of user rubyman.
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16131]: pam_unix(su:session): session closed for user rubyman
May  9 08:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358630.
May  9 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13613]: pam_unix(cron:session): session closed for user root
May  9 08:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16071]: pam_unix(cron:session): session closed for user samftp
May  9 08:53:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:53:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.119.218  user=root
May  9 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Failed password for root from 101.36.119.218 port 35964 ssh2
May  9 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Received disconnect from 101.36.119.218 port 35964:11: Bye Bye [preauth]
May  9 08:53:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16334]: Disconnected from 101.36.119.218 port 35964 [preauth]
May  9 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:53:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 08:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15271]: pam_unix(cron:session): session closed for user root
May  9 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: Failed password for root from 5.189.153.19 port 41158 ssh2
May  9 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: Received disconnect from 5.189.153.19 port 41158:11: Bye Bye [preauth]
May  9 08:53:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16372]: Disconnected from 5.189.153.19 port 41158 [preauth]
May  9 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16477]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16476]: pam_unix(cron:session): session closed for user p13x
May  9 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: Successful su for rubyman by root
May  9 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: + ??? root:rubyman
May  9 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358635 of user rubyman.
May  9 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16564]: pam_unix(su:session): session closed for user rubyman
May  9 08:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358635.
May  9 08:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14018]: pam_unix(cron:session): session closed for user root
May  9 08:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16477]: pam_unix(cron:session): session closed for user samftp
May  9 08:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15670]: pam_unix(cron:session): session closed for user root
May  9 08:54:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:54:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: Failed password for root from 218.92.0.179 port 18276 ssh2
May  9 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 18276 ssh2]
May  9 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: Received disconnect from 218.92.0.179 port 18276:11:  [preauth]
May  9 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: Disconnected from 218.92.0.179 port 18276 [preauth]
May  9 08:54:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16854]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16943]: pam_unix(cron:session): session closed for user root
May  9 08:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16937]: pam_unix(cron:session): session closed for user p13x
May  9 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: Successful su for rubyman by root
May  9 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: + ??? root:rubyman
May  9 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358639 of user rubyman.
May  9 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17015]: pam_unix(su:session): session closed for user rubyman
May  9 08:55:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358639.
May  9 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16940]: pam_unix(cron:session): session closed for user root
May  9 08:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14425]: pam_unix(cron:session): session closed for user root
May  9 08:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16938]: pam_unix(cron:session): session closed for user samftp
May  9 08:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16073]: pam_unix(cron:session): session closed for user root
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17376]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17374]: pam_unix(cron:session): session closed for user p13x
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17443]: Successful su for rubyman by root
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17443]: + ??? root:rubyman
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17443]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358645 of user rubyman.
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17443]: pam_unix(su:session): session closed for user rubyman
May  9 08:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358645.
May  9 08:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14837]: pam_unix(cron:session): session closed for user root
May  9 08:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17375]: pam_unix(cron:session): session closed for user samftp
May  9 08:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16484]: pam_unix(cron:session): session closed for user root
May  9 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17909]: pam_unix(cron:session): session closed for user p13x
May  9 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: Successful su for rubyman by root
May  9 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: + ??? root:rubyman
May  9 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358648 of user rubyman.
May  9 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17977]: pam_unix(su:session): session closed for user rubyman
May  9 08:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358648.
May  9 08:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15270]: pam_unix(cron:session): session closed for user root
May  9 08:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17910]: pam_unix(cron:session): session closed for user samftp
May  9 08:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16942]: pam_unix(cron:session): session closed for user root
May  9 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18322]: pam_unix(cron:session): session closed for user p13x
May  9 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18390]: Successful su for rubyman by root
May  9 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18390]: + ??? root:rubyman
May  9 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18390]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358652 of user rubyman.
May  9 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18390]: pam_unix(su:session): session closed for user rubyman
May  9 08:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358652.
May  9 08:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15669]: pam_unix(cron:session): session closed for user root
May  9 08:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18323]: pam_unix(cron:session): session closed for user samftp
May  9 08:58:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:58:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.119.218  user=root
May  9 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Failed password for root from 101.36.119.218 port 52410 ssh2
May  9 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Received disconnect from 101.36.119.218 port 52410:11: Bye Bye [preauth]
May  9 08:58:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18618]: Disconnected from 101.36.119.218 port 52410 [preauth]
May  9 08:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17377]: pam_unix(cron:session): session closed for user root
May  9 08:58:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 08:58:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: Failed password for root from 5.189.153.19 port 33804 ssh2
May  9 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: Received disconnect from 5.189.153.19 port 33804:11: Bye Bye [preauth]
May  9 08:58:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18711]: Disconnected from 5.189.153.19 port 33804 [preauth]
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18735]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18734]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18734]: pam_unix(cron:session): session closed for user p13x
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: Successful su for rubyman by root
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: + ??? root:rubyman
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358656 of user rubyman.
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18804]: pam_unix(su:session): session closed for user rubyman
May  9 08:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358656.
May  9 08:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16072]: pam_unix(cron:session): session closed for user root
May  9 08:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18735]: pam_unix(cron:session): session closed for user samftp
May  9 08:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17912]: pam_unix(cron:session): session closed for user root
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19153]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19152]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19149]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19150]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19154]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19155]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19155]: pam_unix(cron:session): session closed for user root
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19151]: pam_unix(cron:session): session closed for user root
May  9 09:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19149]: pam_unix(cron:session): session closed for user p13x
May  9 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: Successful su for rubyman by root
May  9 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: + ??? root:rubyman
May  9 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358666 of user rubyman.
May  9 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19253]: pam_unix(su:session): session closed for user rubyman
May  9 09:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358666.
May  9 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16482]: pam_unix(cron:session): session closed for user root
May  9 09:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19152]: pam_unix(cron:session): session closed for user root
May  9 09:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19150]: pam_unix(cron:session): session closed for user samftp
May  9 09:00:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18325]: pam_unix(cron:session): session closed for user root
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19674]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19673]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19672]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19671]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19671]: pam_unix(cron:session): session closed for user p13x
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: Successful su for rubyman by root
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: + ??? root:rubyman
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358667 of user rubyman.
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19741]: pam_unix(su:session): session closed for user rubyman
May  9 09:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358667.
May  9 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16941]: pam_unix(cron:session): session closed for user root
May  9 09:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19672]: pam_unix(cron:session): session closed for user samftp
May  9 09:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18737]: pam_unix(cron:session): session closed for user root
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20084]: pam_unix(cron:session): session closed for user p13x
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20148]: Successful su for rubyman by root
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20148]: + ??? root:rubyman
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20148]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358673 of user rubyman.
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20148]: pam_unix(su:session): session closed for user rubyman
May  9 09:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358673.
May  9 09:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17376]: pam_unix(cron:session): session closed for user root
May  9 09:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20085]: pam_unix(cron:session): session closed for user samftp
May  9 09:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19154]: pam_unix(cron:session): session closed for user root
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20479]: pam_unix(cron:session): session closed for user p13x
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: Successful su for rubyman by root
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: + ??? root:rubyman
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358676 of user rubyman.
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: pam_unix(su:session): session closed for user rubyman
May  9 09:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358676.
May  9 09:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17911]: pam_unix(cron:session): session closed for user root
May  9 09:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20480]: pam_unix(cron:session): session closed for user samftp
May  9 09:03:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19674]: pam_unix(cron:session): session closed for user root
May  9 09:03:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:03:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: Failed password for root from 218.92.0.179 port 25532 ssh2
May  9 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 25532 ssh2]
May  9 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: Received disconnect from 218.92.0.179 port 25532:11:  [preauth]
May  9 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: Disconnected from 218.92.0.179 port 25532 [preauth]
May  9 09:03:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20800]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20901]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20900]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20900]: pam_unix(cron:session): session closed for user p13x
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20964]: Successful su for rubyman by root
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20964]: + ??? root:rubyman
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20964]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358682 of user rubyman.
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20964]: pam_unix(su:session): session closed for user rubyman
May  9 09:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358682.
May  9 09:04:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18324]: pam_unix(cron:session): session closed for user root
May  9 09:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20901]: pam_unix(cron:session): session closed for user samftp
May  9 09:04:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Invalid user mcserver from 5.189.153.19
May  9 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: input_userauth_request: invalid user mcserver [preauth]
May  9 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:04:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19
May  9 09:04:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Failed password for invalid user mcserver from 5.189.153.19 port 45682 ssh2
May  9 09:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Received disconnect from 5.189.153.19 port 45682:11: Bye Bye [preauth]
May  9 09:04:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21150]: Disconnected from 5.189.153.19 port 45682 [preauth]
May  9 09:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20088]: pam_unix(cron:session): session closed for user root
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21346]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21345]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21344]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21346]: pam_unix(cron:session): session closed for user root
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21340]: pam_unix(cron:session): session closed for user p13x
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21407]: Successful su for rubyman by root
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21407]: + ??? root:rubyman
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358685 of user rubyman.
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21407]: pam_unix(su:session): session closed for user rubyman
May  9 09:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358685.
May  9 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21343]: pam_unix(cron:session): session closed for user root
May  9 09:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18736]: pam_unix(cron:session): session closed for user root
May  9 09:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21341]: pam_unix(cron:session): session closed for user samftp
May  9 09:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20482]: pam_unix(cron:session): session closed for user root
May  9 09:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:05:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:05:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: Failed password for root from 218.92.0.206 port 44952 ssh2
May  9 09:05:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21745]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 44952 ssh2]
May  9 09:05:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:06:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22087]: pam_unix(cron:session): session closed for user p13x
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: Successful su for rubyman by root
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: + ??? root:rubyman
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358689 of user rubyman.
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: pam_unix(su:session): session closed for user rubyman
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358689.
May  9 09:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: Failed password for root from 218.92.0.206 port 41004 ssh2
May  9 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: Failed password for root from 218.92.0.206 port 41004 ssh2
May  9 09:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19153]: pam_unix(cron:session): session closed for user root
May  9 09:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22088]: pam_unix(cron:session): session closed for user samftp
May  9 09:06:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: Failed password for root from 218.92.0.206 port 41004 ssh2
May  9 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 41004 ssh2]
May  9 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 41004 ssh2 [preauth]
May  9 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: Disconnecting: Too many authentication failures [preauth]
May  9 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:06:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[22076]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 09:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20903]: pam_unix(cron:session): session closed for user root
May  9 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session closed for user p13x
May  9 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: Successful su for rubyman by root
May  9 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: + ??? root:rubyman
May  9 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358695 of user rubyman.
May  9 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: pam_unix(su:session): session closed for user rubyman
May  9 09:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358695.
May  9 09:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19673]: pam_unix(cron:session): session closed for user root
May  9 09:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session closed for user samftp
May  9 09:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21345]: pam_unix(cron:session): session closed for user root
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23030]: pam_unix(cron:session): session closed for user p13x
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23096]: Successful su for rubyman by root
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23096]: + ??? root:rubyman
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23096]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358697 of user rubyman.
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23096]: pam_unix(su:session): session closed for user rubyman
May  9 09:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358697.
May  9 09:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20087]: pam_unix(cron:session): session closed for user root
May  9 09:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23031]: pam_unix(cron:session): session closed for user samftp
May  9 09:08:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: Invalid user pi from 80.94.95.115
May  9 09:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: input_userauth_request: invalid user pi [preauth]
May  9 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:08:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  9 09:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: Failed password for invalid user pi from 80.94.95.115 port 60956 ssh2
May  9 09:08:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23403]: Connection closed by 80.94.95.115 port 60956 [preauth]
May  9 09:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22091]: pam_unix(cron:session): session closed for user root
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23538]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23540]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23538]: pam_unix(cron:session): session closed for user p13x
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23664]: Successful su for rubyman by root
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23664]: + ??? root:rubyman
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23664]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358701 of user rubyman.
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[23664]: pam_unix(su:session): session closed for user rubyman
May  9 09:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358701.
May  9 09:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23536]: pam_unix(cron:session): session closed for user root
May  9 09:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20481]: pam_unix(cron:session): session closed for user root
May  9 09:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23539]: pam_unix(cron:session): session closed for user samftp
May  9 09:09:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Invalid user u from 103.179.57.150
May  9 09:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: input_userauth_request: invalid user u [preauth]
May  9 09:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:09:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Failed password for invalid user u from 103.179.57.150 port 39190 ssh2
May  9 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Received disconnect from 103.179.57.150 port 39190:11: Bye Bye [preauth]
May  9 09:09:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24034]: Disconnected from 103.179.57.150 port 39190 [preauth]
May  9 09:09:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Invalid user dev from 5.189.153.19
May  9 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: input_userauth_request: invalid user dev [preauth]
May  9 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:09:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19
May  9 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Failed password for invalid user dev from 5.189.153.19 port 39058 ssh2
May  9 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Received disconnect from 5.189.153.19 port 39058:11: Bye Bye [preauth]
May  9 09:09:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24046]: Disconnected from 5.189.153.19 port 39058 [preauth]
May  9 09:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session closed for user root
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24157]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24156]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24160]: pam_unix(cron:session): session closed for user root
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24155]: pam_unix(cron:session): session closed for user p13x
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: Successful su for rubyman by root
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: + ??? root:rubyman
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358708 of user rubyman.
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24234]: pam_unix(su:session): session closed for user rubyman
May  9 09:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358708.
May  9 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24157]: pam_unix(cron:session): session closed for user root
May  9 09:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20902]: pam_unix(cron:session): session closed for user root
May  9 09:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24156]: pam_unix(cron:session): session closed for user samftp
May  9 09:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23033]: pam_unix(cron:session): session closed for user root
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24632]: pam_unix(cron:session): session closed for user p13x
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: Successful su for rubyman by root
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: + ??? root:rubyman
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358712 of user rubyman.
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24707]: pam_unix(su:session): session closed for user rubyman
May  9 09:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358712.
May  9 09:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21344]: pam_unix(cron:session): session closed for user root
May  9 09:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24633]: pam_unix(cron:session): session closed for user samftp
May  9 09:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23541]: pam_unix(cron:session): session closed for user root
May  9 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25048]: pam_unix(cron:session): session closed for user p13x
May  9 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: Successful su for rubyman by root
May  9 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: + ??? root:rubyman
May  9 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358716 of user rubyman.
May  9 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25114]: pam_unix(su:session): session closed for user rubyman
May  9 09:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358716.
May  9 09:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22090]: pam_unix(cron:session): session closed for user root
May  9 09:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25049]: pam_unix(cron:session): session closed for user samftp
May  9 09:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24159]: pam_unix(cron:session): session closed for user root
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25468]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25467]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25465]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25465]: pam_unix(cron:session): session closed for user p13x
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25533]: Successful su for rubyman by root
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25533]: + ??? root:rubyman
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25533]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358720 of user rubyman.
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25533]: pam_unix(su:session): session closed for user rubyman
May  9 09:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358720.
May  9 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22572]: pam_unix(cron:session): session closed for user root
May  9 09:13:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25466]: pam_unix(cron:session): session closed for user samftp
May  9 09:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24635]: pam_unix(cron:session): session closed for user root
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25959]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25958]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25957]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25956]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25956]: pam_unix(cron:session): session closed for user p13x
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26018]: Successful su for rubyman by root
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26018]: + ??? root:rubyman
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26018]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358725 of user rubyman.
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26018]: pam_unix(su:session): session closed for user rubyman
May  9 09:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358725.
May  9 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23032]: pam_unix(cron:session): session closed for user root
May  9 09:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7  user=root
May  9 09:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25957]: pam_unix(cron:session): session closed for user samftp
May  9 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Failed password for root from 190.103.202.7 port 59042 ssh2
May  9 09:14:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26178]: Connection closed by 190.103.202.7 port 59042 [preauth]
May  9 09:14:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: Invalid user its from 5.189.153.19
May  9 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: input_userauth_request: invalid user its [preauth]
May  9 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:14:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19
May  9 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: Failed password for invalid user its from 5.189.153.19 port 38582 ssh2
May  9 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: Received disconnect from 5.189.153.19 port 38582:11: Bye Bye [preauth]
May  9 09:14:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26268]: Disconnected from 5.189.153.19 port 38582 [preauth]
May  9 09:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25051]: pam_unix(cron:session): session closed for user root
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26359]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26360]: pam_unix(cron:session): session closed for user root
May  9 09:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26355]: pam_unix(cron:session): session closed for user p13x
May  9 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: Successful su for rubyman by root
May  9 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: + ??? root:rubyman
May  9 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358732 of user rubyman.
May  9 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26436]: pam_unix(su:session): session closed for user rubyman
May  9 09:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358732.
May  9 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26357]: pam_unix(cron:session): session closed for user root
May  9 09:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23540]: pam_unix(cron:session): session closed for user root
May  9 09:15:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26356]: pam_unix(cron:session): session closed for user samftp
May  9 09:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25468]: pam_unix(cron:session): session closed for user root
May  9 09:15:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:15:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:15:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: Failed password for root from 218.92.0.179 port 38633 ssh2
May  9 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 38633 ssh2]
May  9 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: Received disconnect from 218.92.0.179 port 38633:11:  [preauth]
May  9 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: Disconnected from 218.92.0.179 port 38633 [preauth]
May  9 09:15:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26802]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:15:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:15:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.36.126.68  user=root
May  9 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: Failed password for root from 183.36.126.68 port 43582 ssh2
May  9 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: Received disconnect from 183.36.126.68 port 43582:11: Bye Bye [preauth]
May  9 09:15:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26852]: Disconnected from 183.36.126.68 port 43582 [preauth]
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26873]: pam_unix(cron:session): session closed for user p13x
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26973]: Successful su for rubyman by root
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26973]: + ??? root:rubyman
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26973]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358734 of user rubyman.
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26973]: pam_unix(su:session): session closed for user rubyman
May  9 09:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358734.
May  9 09:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24158]: pam_unix(cron:session): session closed for user root
May  9 09:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26874]: pam_unix(cron:session): session closed for user samftp
May  9 09:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25959]: pam_unix(cron:session): session closed for user root
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27396]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27395]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27382]: pam_unix(cron:session): session closed for user root
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27384]: pam_unix(cron:session): session closed for user p13x
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27481]: Successful su for rubyman by root
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27481]: + ??? root:rubyman
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27481]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358739 of user rubyman.
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27481]: pam_unix(su:session): session closed for user rubyman
May  9 09:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358739.
May  9 09:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24634]: pam_unix(cron:session): session closed for user root
May  9 09:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27386]: pam_unix(cron:session): session closed for user samftp
May  9 09:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26359]: pam_unix(cron:session): session closed for user root
May  9 09:17:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Invalid user admin from 80.94.95.241
May  9 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: input_userauth_request: invalid user admin [preauth]
May  9 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:17:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user admin from 80.94.95.241 port 61649 ssh2
May  9 09:17:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:17:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user admin from 80.94.95.241 port 61649 ssh2
May  9 09:17:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user admin from 80.94.95.241 port 61649 ssh2
May  9 09:17:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user admin from 80.94.95.241 port 61649 ssh2
May  9 09:17:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Failed password for invalid user admin from 80.94.95.241 port 61649 ssh2
May  9 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Received disconnect from 80.94.95.241 port 61649:11: Bye [preauth]
May  9 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: Disconnected from 80.94.95.241 port 61649 [preauth]
May  9 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.241
May  9 09:17:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27787]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27837]: pam_unix(cron:session): session closed for user p13x
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: Successful su for rubyman by root
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: + ??? root:rubyman
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358743 of user rubyman.
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27905]: pam_unix(su:session): session closed for user rubyman
May  9 09:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358743.
May  9 09:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25050]: pam_unix(cron:session): session closed for user root
May  9 09:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27838]: pam_unix(cron:session): session closed for user samftp
May  9 09:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26876]: pam_unix(cron:session): session closed for user root
May  9 09:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Invalid user pi from 80.94.95.112
May  9 09:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: input_userauth_request: invalid user pi [preauth]
May  9 09:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:18:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 09:18:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Failed password for invalid user pi from 80.94.95.112 port 61635 ssh2
May  9 09:18:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Failed password for invalid user pi from 80.94.95.112 port 61635 ssh2
May  9 09:18:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Failed password for invalid user pi from 80.94.95.112 port 61635 ssh2
May  9 09:18:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:19:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Failed password for invalid user pi from 80.94.95.112 port 61635 ssh2
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28249]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28248]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28247]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28247]: pam_unix(cron:session): session closed for user p13x
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28307]: Successful su for rubyman by root
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28307]: + ??? root:rubyman
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28307]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358748 of user rubyman.
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28307]: pam_unix(su:session): session closed for user rubyman
May  9 09:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358748.
May  9 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Failed password for invalid user pi from 80.94.95.112 port 61635 ssh2
May  9 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Received disconnect from 80.94.95.112 port 61635:11: Bye [preauth]
May  9 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: Disconnected from 80.94.95.112 port 61635 [preauth]
May  9 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 09:19:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28228]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 09:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25467]: pam_unix(cron:session): session closed for user root
May  9 09:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28248]: pam_unix(cron:session): session closed for user samftp
May  9 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27396]: pam_unix(cron:session): session closed for user root
May  9 09:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:19:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: Failed password for root from 5.189.153.19 port 45196 ssh2
May  9 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: Received disconnect from 5.189.153.19 port 45196:11: Bye Bye [preauth]
May  9 09:19:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28594]: Disconnected from 5.189.153.19 port 45196 [preauth]
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28652]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28659]: pam_unix(cron:session): session closed for user root
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28652]: pam_unix(cron:session): session closed for user p13x
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: Successful su for rubyman by root
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: + ??? root:rubyman
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358751 of user rubyman.
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28719]: pam_unix(su:session): session closed for user rubyman
May  9 09:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358751.
May  9 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28656]: pam_unix(cron:session): session closed for user root
May  9 09:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25958]: pam_unix(cron:session): session closed for user root
May  9 09:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28654]: pam_unix(cron:session): session closed for user samftp
May  9 09:20:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:20:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:20:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Failed password for root from 218.92.0.179 port 36632 ssh2
May  9 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36632 ssh2]
May  9 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Received disconnect from 218.92.0.179 port 36632:11:  [preauth]
May  9 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: Disconnected from 218.92.0.179 port 36632 [preauth]
May  9 09:20:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28946]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27840]: pam_unix(cron:session): session closed for user root
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29191]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29192]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29189]: pam_unix(cron:session): session closed for user p13x
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29266]: Successful su for rubyman by root
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29266]: + ??? root:rubyman
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358759 of user rubyman.
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29266]: pam_unix(su:session): session closed for user rubyman
May  9 09:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358759.
May  9 09:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26358]: pam_unix(cron:session): session closed for user root
May  9 09:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29190]: pam_unix(cron:session): session closed for user samftp
May  9 09:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28250]: pam_unix(cron:session): session closed for user root
May  9 09:21:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:21:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:21:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: Failed password for root from 218.92.0.206 port 48824 ssh2
May  9 09:21:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 48824 ssh2]
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29614]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29615]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29612]: pam_unix(cron:session): session closed for user p13x
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: Successful su for rubyman by root
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: + ??? root:rubyman
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358764 of user rubyman.
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29673]: pam_unix(su:session): session closed for user rubyman
May  9 09:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358764.
May  9 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: Failed password for root from 218.92.0.206 port 48824 ssh2
May  9 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 48824 ssh2 [preauth]
May  9 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: Disconnecting: Too many authentication failures [preauth]
May  9 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29583]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26875]: pam_unix(cron:session): session closed for user root
May  9 09:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29613]: pam_unix(cron:session): session closed for user samftp
May  9 09:22:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28658]: pam_unix(cron:session): session closed for user root
May  9 09:22:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29928]: Connection reset by 198.235.24.41 port 59262 [preauth]
May  9 09:23:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30022]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30022]: pam_unix(cron:session): session closed for user p13x
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30083]: Successful su for rubyman by root
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30083]: + ??? root:rubyman
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30083]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358766 of user rubyman.
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30083]: pam_unix(su:session): session closed for user rubyman
May  9 09:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358766.
May  9 09:23:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Failed password for root from 218.92.0.179 port 53297 ssh2
May  9 09:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27395]: pam_unix(cron:session): session closed for user root
May  9 09:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Failed password for root from 218.92.0.179 port 53297 ssh2
May  9 09:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30023]: pam_unix(cron:session): session closed for user samftp
May  9 09:23:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Failed password for root from 218.92.0.179 port 53297 ssh2
May  9 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Received disconnect from 218.92.0.179 port 53297:11:  [preauth]
May  9 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: Disconnected from 218.92.0.179 port 53297 [preauth]
May  9 09:23:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30019]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29192]: pam_unix(cron:session): session closed for user root
May  9 09:23:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: Failed password for root from 80.94.95.116 port 37354 ssh2
May  9 09:23:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30333]: Connection closed by 80.94.95.116 port 37354 [preauth]
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30413]: pam_unix(cron:session): session closed for user p13x
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: Successful su for rubyman by root
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: + ??? root:rubyman
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358771 of user rubyman.
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30478]: pam_unix(su:session): session closed for user rubyman
May  9 09:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358771.
May  9 09:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27839]: pam_unix(cron:session): session closed for user root
May  9 09:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30414]: pam_unix(cron:session): session closed for user samftp
May  9 09:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Failed password for root from 38.7.207.148 port 41266 ssh2
May  9 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30719]: Connection closed by 38.7.207.148 port 41266 [preauth]
May  9 09:24:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: Failed password for root from 38.7.207.148 port 41272 ssh2
May  9 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30721]: Connection closed by 38.7.207.148 port 41272 [preauth]
May  9 09:24:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29615]: pam_unix(cron:session): session closed for user root
May  9 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Failed password for root from 38.7.207.148 port 41276 ssh2
May  9 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30732]: Connection closed by 38.7.207.148 port 41276 [preauth]
May  9 09:24:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Failed password for root from 38.7.207.148 port 41280 ssh2
May  9 09:24:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30763]: Connection closed by 38.7.207.148 port 41280 [preauth]
May  9 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: Failed password for root from 38.7.207.148 port 41284 ssh2
May  9 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30765]: Connection closed by 38.7.207.148 port 41284 [preauth]
May  9 09:24:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Failed password for root from 38.7.207.148 port 41286 ssh2
May  9 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30776]: Connection closed by 38.7.207.148 port 41286 [preauth]
May  9 09:24:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: Failed password for root from 38.7.207.148 port 41290 ssh2
May  9 09:24:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30790]: Connection closed by 38.7.207.148 port 41290 [preauth]
May  9 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: Failed password for root from 38.7.207.148 port 41296 ssh2
May  9 09:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30800]: Connection closed by 38.7.207.148 port 41296 [preauth]
May  9 09:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: Failed password for root from 38.7.207.148 port 41300 ssh2
May  9 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Failed password for root from 5.189.153.19 port 56368 ssh2
May  9 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30811]: Connection closed by 38.7.207.148 port 41300 [preauth]
May  9 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Received disconnect from 5.189.153.19 port 56368:11: Bye Bye [preauth]
May  9 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30809]: Disconnected from 5.189.153.19 port 56368 [preauth]
May  9 09:24:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: Failed password for root from 38.7.207.148 port 41304 ssh2
May  9 09:24:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30815]: Connection closed by 38.7.207.148 port 41304 [preauth]
May  9 09:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:24:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Failed password for root from 38.7.207.148 port 41306 ssh2
May  9 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30826]: Connection closed by 38.7.207.148 port 41306 [preauth]
May  9 09:25:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30836]: pam_unix(cron:session): session closed for user root
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30831]: pam_unix(cron:session): session closed for user p13x
May  9 09:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: Successful su for rubyman by root
May  9 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: + ??? root:rubyman
May  9 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358777 of user rubyman.
May  9 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30907]: pam_unix(su:session): session closed for user rubyman
May  9 09:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358777.
May  9 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30828]: Failed password for root from 38.7.207.148 port 41308 ssh2
May  9 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30828]: Connection closed by 38.7.207.148 port 41308 [preauth]
May  9 09:25:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30833]: pam_unix(cron:session): session closed for user root
May  9 09:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28249]: pam_unix(cron:session): session closed for user root
May  9 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Failed password for root from 38.7.207.148 port 41310 ssh2
May  9 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31076]: Connection closed by 38.7.207.148 port 41310 [preauth]
May  9 09:25:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30832]: pam_unix(cron:session): session closed for user samftp
May  9 09:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Failed password for root from 38.7.207.148 port 41316 ssh2
May  9 09:25:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31203]: Connection closed by 38.7.207.148 port 41316 [preauth]
May  9 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: Failed password for root from 38.7.207.148 port 41318 ssh2
May  9 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31223]: Connection closed by 38.7.207.148 port 41318 [preauth]
May  9 09:25:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: Failed password for root from 38.7.207.148 port 41324 ssh2
May  9 09:25:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31225]: Connection closed by 38.7.207.148 port 41324 [preauth]
May  9 09:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Failed password for root from 38.7.207.148 port 41328 ssh2
May  9 09:25:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31247]: Connection closed by 38.7.207.148 port 41328 [preauth]
May  9 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Failed password for root from 38.7.207.148 port 41332 ssh2
May  9 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31253]: Connection closed by 38.7.207.148 port 41332 [preauth]
May  9 09:25:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Failed password for root from 38.7.207.148 port 41334 ssh2
May  9 09:25:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31265]: Connection closed by 38.7.207.148 port 41334 [preauth]
May  9 09:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Failed password for root from 38.7.207.148 port 41336 ssh2
May  9 09:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31291]: Connection closed by 38.7.207.148 port 41336 [preauth]
May  9 09:25:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: Failed password for root from 38.7.207.148 port 41340 ssh2
May  9 09:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31294]: Connection closed by 38.7.207.148 port 41340 [preauth]
May  9 09:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30025]: pam_unix(cron:session): session closed for user root
May  9 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Failed password for root from 38.7.207.148 port 41342 ssh2
May  9 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31305]: Connection closed by 38.7.207.148 port 41342 [preauth]
May  9 09:25:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31321]: Failed password for root from 38.7.207.148 port 41344 ssh2
May  9 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31321]: Connection closed by 38.7.207.148 port 41344 [preauth]
May  9 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Failed password for root from 38.7.207.148 port 41350 ssh2
May  9 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31339]: Connection closed by 38.7.207.148 port 41350 [preauth]
May  9 09:25:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Failed password for root from 38.7.207.148 port 41354 ssh2
May  9 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31349]: Connection closed by 38.7.207.148 port 41354 [preauth]
May  9 09:25:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Failed password for root from 38.7.207.148 port 41364 ssh2
May  9 09:25:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31367]: Connection closed by 38.7.207.148 port 41364 [preauth]
May  9 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Failed password for root from 38.7.207.148 port 41366 ssh2
May  9 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31377]: Connection closed by 38.7.207.148 port 41366 [preauth]
May  9 09:25:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31379]: Failed password for root from 38.7.207.148 port 41368 ssh2
May  9 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31379]: Connection closed by 38.7.207.148 port 41368 [preauth]
May  9 09:25:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Failed password for root from 38.7.207.148 port 41372 ssh2
May  9 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31389]: Connection closed by 38.7.207.148 port 41372 [preauth]
May  9 09:25:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:25:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Failed password for root from 38.7.207.148 port 41376 ssh2
May  9 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31399]: Connection closed by 38.7.207.148 port 41376 [preauth]
May  9 09:25:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31412]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31411]: pam_unix(cron:session): session closed for user p13x
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: Successful su for rubyman by root
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: + ??? root:rubyman
May  9 09:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358780 of user rubyman.
May  9 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31482]: pam_unix(su:session): session closed for user rubyman
May  9 09:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358780.
May  9 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Failed password for root from 38.7.207.148 port 41378 ssh2
May  9 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31401]: Connection closed by 38.7.207.148 port 41378 [preauth]
May  9 09:26:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28657]: pam_unix(cron:session): session closed for user root
May  9 09:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: Failed password for root from 38.7.207.148 port 41382 ssh2
May  9 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31412]: pam_unix(cron:session): session closed for user samftp
May  9 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31592]: Connection closed by 38.7.207.148 port 41382 [preauth]
May  9 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150  user=root
May  9 09:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Failed password for root from 103.179.57.150 port 46278 ssh2
May  9 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Received disconnect from 103.179.57.150 port 46278:11: Bye Bye [preauth]
May  9 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31669]: Disconnected from 103.179.57.150 port 46278 [preauth]
May  9 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Failed password for root from 38.7.207.148 port 41384 ssh2
May  9 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31693]: Connection closed by 38.7.207.148 port 41384 [preauth]
May  9 09:26:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Failed password for root from 38.7.207.148 port 41388 ssh2
May  9 09:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31707]: Connection closed by 38.7.207.148 port 41388 [preauth]
May  9 09:26:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Failed password for root from 38.7.207.148 port 41392 ssh2
May  9 09:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31709]: Connection closed by 38.7.207.148 port 41392 [preauth]
May  9 09:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Failed password for root from 38.7.207.148 port 41394 ssh2
May  9 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31733]: Connection closed by 38.7.207.148 port 41394 [preauth]
May  9 09:26:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Failed password for root from 38.7.207.148 port 41396 ssh2
May  9 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31744]: Connection closed by 38.7.207.148 port 41396 [preauth]
May  9 09:26:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Failed password for root from 38.7.207.148 port 41398 ssh2
May  9 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31746]: Connection closed by 38.7.207.148 port 41398 [preauth]
May  9 09:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Failed password for root from 38.7.207.148 port 41404 ssh2
May  9 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31770]: Connection closed by 38.7.207.148 port 41404 [preauth]
May  9 09:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Failed password for root from 38.7.207.148 port 41406 ssh2
May  9 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31773]: Connection closed by 38.7.207.148 port 41406 [preauth]
May  9 09:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Failed password for root from 38.7.207.148 port 41412 ssh2
May  9 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31783]: Connection closed by 38.7.207.148 port 41412 [preauth]
May  9 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30416]: pam_unix(cron:session): session closed for user root
May  9 09:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: Failed password for root from 38.7.207.148 port 41414 ssh2
May  9 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31799]: Connection closed by 38.7.207.148 port 41414 [preauth]
May  9 09:26:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Failed password for root from 38.7.207.148 port 41418 ssh2
May  9 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31816]: Connection closed by 38.7.207.148 port 41418 [preauth]
May  9 09:26:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: Failed password for root from 38.7.207.148 port 41426 ssh2
May  9 09:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31828]: Connection closed by 38.7.207.148 port 41426 [preauth]
May  9 09:26:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: Failed password for root from 38.7.207.148 port 41430 ssh2
May  9 09:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31830]: Connection closed by 38.7.207.148 port 41430 [preauth]
May  9 09:26:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Failed password for root from 38.7.207.148 port 41432 ssh2
May  9 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31853]: Connection closed by 38.7.207.148 port 41432 [preauth]
May  9 09:26:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Failed password for root from 38.7.207.148 port 41434 ssh2
May  9 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31864]: Connection closed by 38.7.207.148 port 41434 [preauth]
May  9 09:26:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: Failed password for root from 38.7.207.148 port 41438 ssh2
May  9 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31869]: Connection closed by 38.7.207.148 port 41438 [preauth]
May  9 09:26:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Failed password for root from 38.7.207.148 port 41446 ssh2
May  9 09:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31887]: Connection closed by 38.7.207.148 port 41446 [preauth]
May  9 09:26:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:26:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31889]: Failed password for root from 38.7.207.148 port 41448 ssh2
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31889]: Connection closed by 38.7.207.148 port 41448 [preauth]
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31909]: pam_unix(cron:session): session closed for user p13x
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: Successful su for rubyman by root
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: + ??? root:rubyman
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358783 of user rubyman.
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32060]: pam_unix(su:session): session closed for user rubyman
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358783.
May  9 09:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29191]: pam_unix(cron:session): session closed for user root
May  9 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Failed password for root from 38.7.207.148 port 41450 ssh2
May  9 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31905]: Connection closed by 38.7.207.148 port 41450 [preauth]
May  9 09:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31910]: pam_unix(cron:session): session closed for user samftp
May  9 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Failed password for root from 38.7.207.148 port 41454 ssh2
May  9 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32420]: Connection closed by 38.7.207.148 port 41454 [preauth]
May  9 09:27:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Failed password for root from 38.7.207.148 port 41458 ssh2
May  9 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32457]: Connection closed by 38.7.207.148 port 41458 [preauth]
May  9 09:27:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Failed password for root from 38.7.207.148 port 41464 ssh2
May  9 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32459]: Connection closed by 38.7.207.148 port 41464 [preauth]
May  9 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Failed password for root from 38.7.207.148 port 41466 ssh2
May  9 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32470]: Connection closed by 38.7.207.148 port 41466 [preauth]
May  9 09:27:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Failed password for root from 38.7.207.148 port 41472 ssh2
May  9 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32494]: Connection closed by 38.7.207.148 port 41472 [preauth]
May  9 09:27:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Failed password for root from 38.7.207.148 port 41476 ssh2
May  9 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32497]: Connection closed by 38.7.207.148 port 41476 [preauth]
May  9 09:27:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Failed password for root from 38.7.207.148 port 41482 ssh2
May  9 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32509]: Connection closed by 38.7.207.148 port 41482 [preauth]
May  9 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32524]: Failed password for root from 38.7.207.148 port 41486 ssh2
May  9 09:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32524]: Connection closed by 38.7.207.148 port 41486 [preauth]
May  9 09:27:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Failed password for root from 38.7.207.148 port 41490 ssh2
May  9 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32539]: Connection closed by 38.7.207.148 port 41490 [preauth]
May  9 09:27:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Failed password for root from 38.7.207.148 port 41494 ssh2
May  9 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Failed password for root from 218.92.0.179 port 47516 ssh2
May  9 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32549]: Connection closed by 38.7.207.148 port 41494 [preauth]
May  9 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30835]: pam_unix(cron:session): session closed for user root
May  9 09:27:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Failed password for root from 218.92.0.179 port 47516 ssh2
May  9 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Failed password for root from 38.7.207.148 port 41496 ssh2
May  9 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32568]: Connection closed by 38.7.207.148 port 41496 [preauth]
May  9 09:27:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Failed password for root from 218.92.0.179 port 47516 ssh2
May  9 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Received disconnect from 218.92.0.179 port 47516:11:  [preauth]
May  9 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: Disconnected from 218.92.0.179 port 47516 [preauth]
May  9 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32541]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Failed password for root from 38.7.207.148 port 41498 ssh2
May  9 09:27:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32589]: Connection closed by 38.7.207.148 port 41498 [preauth]
May  9 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Failed password for root from 38.7.207.148 port 41500 ssh2
May  9 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32591]: Connection closed by 38.7.207.148 port 41500 [preauth]
May  9 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Failed password for root from 38.7.207.148 port 41504 ssh2
May  9 09:27:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32614]: Connection closed by 38.7.207.148 port 41504 [preauth]
May  9 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Failed password for root from 38.7.207.148 port 41506 ssh2
May  9 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32677]: Connection closed by 38.7.207.148 port 41506 [preauth]
May  9 09:27:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Failed password for root from 38.7.207.148 port 41510 ssh2
May  9 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32722]: Connection closed by 38.7.207.148 port 41510 [preauth]
May  9 09:27:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Failed password for root from 38.7.207.148 port 41512 ssh2
May  9 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32725]: Connection closed by 38.7.207.148 port 41512 [preauth]
May  9 09:27:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Failed password for root from 38.7.207.148 port 41518 ssh2
May  9 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32739]: Connection closed by 38.7.207.148 port 41518 [preauth]
May  9 09:27:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:27:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Failed password for root from 38.7.207.148 port 41520 ssh2
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32741]: Connection closed by 38.7.207.148 port 41520 [preauth]
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32760]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32757]: pam_unix(cron:session): session closed for user p13x
May  9 09:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: Successful su for rubyman by root
May  9 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: + ??? root:rubyman
May  9 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358788 of user rubyman.
May  9 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[376]: pam_unix(su:session): session closed for user rubyman
May  9 09:28:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358788.
May  9 09:28:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: Failed password for root from 38.7.207.148 port 41528 ssh2
May  9 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32754]: Connection closed by 38.7.207.148 port 41528 [preauth]
May  9 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29614]: pam_unix(cron:session): session closed for user root
May  9 09:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Failed password for root from 38.7.207.148 port 41530 ssh2
May  9 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[560]: Connection closed by 38.7.207.148 port 41530 [preauth]
May  9 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32758]: pam_unix(cron:session): session closed for user samftp
May  9 09:28:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Failed password for root from 38.7.207.148 port 41532 ssh2
May  9 09:28:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[625]: Connection closed by 38.7.207.148 port 41532 [preauth]
May  9 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Failed password for root from 38.7.207.148 port 41536 ssh2
May  9 09:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[641]: Connection closed by 38.7.207.148 port 41536 [preauth]
May  9 09:28:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: Failed password for root from 38.7.207.148 port 41538 ssh2
May  9 09:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[643]: Connection closed by 38.7.207.148 port 41538 [preauth]
May  9 09:28:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Failed password for root from 38.7.207.148 port 41540 ssh2
May  9 09:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[670]: Connection closed by 38.7.207.148 port 41540 [preauth]
May  9 09:28:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: Failed password for root from 38.7.207.148 port 41542 ssh2
May  9 09:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[672]: Connection closed by 38.7.207.148 port 41542 [preauth]
May  9 09:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: Failed password for root from 38.7.207.148 port 41546 ssh2
May  9 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[686]: Connection closed by 38.7.207.148 port 41546 [preauth]
May  9 09:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[712]: Failed password for root from 38.7.207.148 port 41548 ssh2
May  9 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[712]: Connection closed by 38.7.207.148 port 41548 [preauth]
May  9 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Failed password for root from 38.7.207.148 port 41550 ssh2
May  9 09:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[719]: Connection closed by 38.7.207.148 port 41550 [preauth]
May  9 09:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31414]: pam_unix(cron:session): session closed for user root
May  9 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Failed password for root from 38.7.207.148 port 41552 ssh2
May  9 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[728]: Connection closed by 38.7.207.148 port 41552 [preauth]
May  9 09:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=root
May  9 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Failed password for root from 38.7.207.148 port 41556 ssh2
May  9 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[750]: Connection closed by 38.7.207.148 port 41556 [preauth]
May  9 09:28:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Invalid user user from 38.7.207.148
May  9 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: input_userauth_request: invalid user user [preauth]
May  9 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Failed password for invalid user user from 38.7.207.148 port 41562 ssh2
May  9 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[770]: Connection closed by 38.7.207.148 port 41562 [preauth]
May  9 09:28:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Invalid user user from 38.7.207.148
May  9 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: input_userauth_request: invalid user user [preauth]
May  9 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Failed password for invalid user user from 38.7.207.148 port 41564 ssh2
May  9 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[773]: Connection closed by 38.7.207.148 port 41564 [preauth]
May  9 09:28:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: Invalid user user from 38.7.207.148
May  9 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: input_userauth_request: invalid user user [preauth]
May  9 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: Failed password for invalid user user from 38.7.207.148 port 41570 ssh2
May  9 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[800]: Connection closed by 38.7.207.148 port 41570 [preauth]
May  9 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: Invalid user user from 38.7.207.148
May  9 09:28:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: input_userauth_request: invalid user user [preauth]
May  9 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: Failed password for invalid user user from 38.7.207.148 port 41572 ssh2
May  9 09:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[802]: Connection closed by 38.7.207.148 port 41572 [preauth]
May  9 09:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Invalid user user from 38.7.207.148
May  9 09:28:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: input_userauth_request: invalid user user [preauth]
May  9 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Failed password for invalid user user from 38.7.207.148 port 41574 ssh2
May  9 09:28:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[815]: Connection closed by 38.7.207.148 port 41574 [preauth]
May  9 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: Invalid user user from 38.7.207.148
May  9 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: input_userauth_request: invalid user user [preauth]
May  9 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: Failed password for invalid user user from 38.7.207.148 port 41578 ssh2
May  9 09:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[825]: Connection closed by 38.7.207.148 port 41578 [preauth]
May  9 09:28:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Invalid user user from 38.7.207.148
May  9 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: input_userauth_request: invalid user user [preauth]
May  9 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Failed password for invalid user user from 38.7.207.148 port 41582 ssh2
May  9 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[828]: Connection closed by 38.7.207.148 port 41582 [preauth]
May  9 09:28:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Invalid user user from 38.7.207.148
May  9 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: input_userauth_request: invalid user user [preauth]
May  9 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:28:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Failed password for invalid user user from 38.7.207.148 port 41584 ssh2
May  9 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[839]: Connection closed by 38.7.207.148 port 41584 [preauth]
May  9 09:29:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Invalid user user from 38.7.207.148
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: input_userauth_request: invalid user user [preauth]
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[848]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[845]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[845]: pam_unix(cron:session): session closed for user p13x
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: Successful su for rubyman by root
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: + ??? root:rubyman
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358791 of user rubyman.
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[917]: pam_unix(su:session): session closed for user rubyman
May  9 09:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358791.
May  9 09:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May  9 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Failed password for invalid user user from 38.7.207.148 port 41586 ssh2
May  9 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[841]: Connection closed by 38.7.207.148 port 41586 [preauth]
May  9 09:29:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Invalid user user from 38.7.207.148
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: input_userauth_request: invalid user user [preauth]
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: Failed password for root from 45.6.188.43 port 34720 ssh2
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[949]: Connection closed by 45.6.188.43 port 34720 [preauth]
May  9 09:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30024]: pam_unix(cron:session): session closed for user root
May  9 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Failed password for invalid user user from 38.7.207.148 port 41590 ssh2
May  9 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1047]: Connection closed by 38.7.207.148 port 41590 [preauth]
May  9 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[846]: pam_unix(cron:session): session closed for user samftp
May  9 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Invalid user user from 38.7.207.148
May  9 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: input_userauth_request: invalid user user [preauth]
May  9 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.107.67.65  user=root
May  9 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Failed password for invalid user user from 38.7.207.148 port 41592 ssh2
May  9 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1149]: Connection closed by 38.7.207.148 port 41592 [preauth]
May  9 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Failed password for root from 103.107.67.65 port 60450 ssh2
May  9 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1138]: Connection closed by 103.107.67.65 port 60450 [preauth]
May  9 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Invalid user user from 38.7.207.148
May  9 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: input_userauth_request: invalid user user [preauth]
May  9 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Failed password for invalid user user from 38.7.207.148 port 41596 ssh2
May  9 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1163]: Connection closed by 38.7.207.148 port 41596 [preauth]
May  9 09:29:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Invalid user user from 38.7.207.148
May  9 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: input_userauth_request: invalid user user [preauth]
May  9 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Failed password for invalid user user from 38.7.207.148 port 41600 ssh2
May  9 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1167]: Connection closed by 38.7.207.148 port 41600 [preauth]
May  9 09:29:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Invalid user user from 38.7.207.148
May  9 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: input_userauth_request: invalid user user [preauth]
May  9 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Failed password for invalid user user from 38.7.207.148 port 41606 ssh2
May  9 09:29:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1198]: Connection closed by 38.7.207.148 port 41606 [preauth]
May  9 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Invalid user user from 38.7.207.148
May  9 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: input_userauth_request: invalid user user [preauth]
May  9 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Failed password for invalid user user from 38.7.207.148 port 41618 ssh2
May  9 09:29:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1200]: Connection closed by 38.7.207.148 port 41618 [preauth]
May  9 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Invalid user user from 38.7.207.148
May  9 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: input_userauth_request: invalid user user [preauth]
May  9 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Failed password for invalid user user from 38.7.207.148 port 41622 ssh2
May  9 09:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1213]: Connection closed by 38.7.207.148 port 41622 [preauth]
May  9 09:29:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Invalid user user from 38.7.207.148
May  9 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: input_userauth_request: invalid user user [preauth]
May  9 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Failed password for invalid user user from 38.7.207.148 port 41628 ssh2
May  9 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1248]: Connection closed by 38.7.207.148 port 41628 [preauth]
May  9 09:29:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Invalid user user from 38.7.207.148
May  9 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: input_userauth_request: invalid user user [preauth]
May  9 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Failed password for invalid user user from 38.7.207.148 port 41632 ssh2
May  9 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1250]: Connection closed by 38.7.207.148 port 41632 [preauth]
May  9 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Invalid user user from 38.7.207.148
May  9 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: input_userauth_request: invalid user user [preauth]
May  9 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31912]: pam_unix(cron:session): session closed for user root
May  9 09:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Failed password for invalid user user from 38.7.207.148 port 41638 ssh2
May  9 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1266]: Connection closed by 38.7.207.148 port 41638 [preauth]
May  9 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Invalid user user from 38.7.207.148
May  9 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: input_userauth_request: invalid user user [preauth]
May  9 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Failed password for invalid user user from 38.7.207.148 port 41640 ssh2
May  9 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1290]: Connection closed by 38.7.207.148 port 41640 [preauth]
May  9 09:29:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Invalid user user from 38.7.207.148
May  9 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: input_userauth_request: invalid user user [preauth]
May  9 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Failed password for invalid user user from 38.7.207.148 port 41642 ssh2
May  9 09:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1303]: Connection closed by 38.7.207.148 port 41642 [preauth]
May  9 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Invalid user user from 38.7.207.148
May  9 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: input_userauth_request: invalid user user [preauth]
May  9 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Failed password for invalid user user from 38.7.207.148 port 41646 ssh2
May  9 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1305]: Connection closed by 38.7.207.148 port 41646 [preauth]
May  9 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Invalid user user from 38.7.207.148
May  9 09:29:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: input_userauth_request: invalid user user [preauth]
May  9 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Failed password for invalid user user from 38.7.207.148 port 41650 ssh2
May  9 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1321]: Connection closed by 38.7.207.148 port 41650 [preauth]
May  9 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Invalid user user from 38.7.207.148
May  9 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: input_userauth_request: invalid user user [preauth]
May  9 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Failed password for invalid user user from 38.7.207.148 port 41652 ssh2
May  9 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1345]: Connection closed by 38.7.207.148 port 41652 [preauth]
May  9 09:29:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Invalid user user from 38.7.207.148
May  9 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: input_userauth_request: invalid user user [preauth]
May  9 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Failed password for invalid user user from 38.7.207.148 port 41654 ssh2
May  9 09:29:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1347]: Connection closed by 38.7.207.148 port 41654 [preauth]
May  9 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Invalid user user from 38.7.207.148
May  9 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: input_userauth_request: invalid user user [preauth]
May  9 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Failed password for invalid user user from 38.7.207.148 port 41656 ssh2
May  9 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1357]: Connection closed by 38.7.207.148 port 41656 [preauth]
May  9 09:29:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Invalid user user from 38.7.207.148
May  9 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: input_userauth_request: invalid user user [preauth]
May  9 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:29:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Failed password for invalid user user from 38.7.207.148 port 41660 ssh2
May  9 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1360]: Connection closed by 38.7.207.148 port 41660 [preauth]
May  9 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Invalid user user from 38.7.207.148
May  9 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: input_userauth_request: invalid user user [preauth]
May  9 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:29:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Failed password for invalid user user from 38.7.207.148 port 41662 ssh2
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1373]: Connection closed by 38.7.207.148 port 41662 [preauth]
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1393]: pam_unix(cron:session): session closed for user root
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1387]: pam_unix(cron:session): session closed for user p13x
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Invalid user user from 38.7.207.148
May  9 09:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: input_userauth_request: invalid user user [preauth]
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: Successful su for rubyman by root
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: + ??? root:rubyman
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358796 of user rubyman.
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1484]: pam_unix(su:session): session closed for user rubyman
May  9 09:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358796.
May  9 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Failed password for invalid user user from 38.7.207.148 port 41666 ssh2
May  9 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1375]: Connection closed by 38.7.207.148 port 41666 [preauth]
May  9 09:30:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1389]: pam_unix(cron:session): session closed for user root
May  9 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Invalid user user from 38.7.207.148
May  9 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: input_userauth_request: invalid user user [preauth]
May  9 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30415]: pam_unix(cron:session): session closed for user root
May  9 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Failed password for invalid user user from 38.7.207.148 port 41672 ssh2
May  9 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1593]: Connection closed by 38.7.207.148 port 41672 [preauth]
May  9 09:30:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Invalid user user from 38.7.207.148
May  9 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: input_userauth_request: invalid user user [preauth]
May  9 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1388]: pam_unix(cron:session): session closed for user samftp
May  9 09:30:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Failed password for root from 5.189.153.19 port 55134 ssh2
May  9 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Failed password for invalid user user from 38.7.207.148 port 41674 ssh2
May  9 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Received disconnect from 5.189.153.19 port 55134:11: Bye Bye [preauth]
May  9 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1744]: Disconnected from 5.189.153.19 port 55134 [preauth]
May  9 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1712]: Connection closed by 38.7.207.148 port 41674 [preauth]
May  9 09:30:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: Invalid user user from 38.7.207.148
May  9 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: input_userauth_request: invalid user user [preauth]
May  9 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: Failed password for invalid user user from 38.7.207.148 port 41676 ssh2
May  9 09:30:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1747]: Connection closed by 38.7.207.148 port 41676 [preauth]
May  9 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Invalid user user from 38.7.207.148
May  9 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: input_userauth_request: invalid user user [preauth]
May  9 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Failed password for invalid user user from 38.7.207.148 port 41678 ssh2
May  9 09:30:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1758]: Connection closed by 38.7.207.148 port 41678 [preauth]
May  9 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Invalid user user from 38.7.207.148
May  9 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: input_userauth_request: invalid user user [preauth]
May  9 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Failed password for invalid user user from 38.7.207.148 port 41682 ssh2
May  9 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1773]: Connection closed by 38.7.207.148 port 41682 [preauth]
May  9 09:30:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Invalid user user from 38.7.207.148
May  9 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: input_userauth_request: invalid user user [preauth]
May  9 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Failed password for invalid user user from 38.7.207.148 port 41686 ssh2
May  9 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1788]: Connection closed by 38.7.207.148 port 41686 [preauth]
May  9 09:30:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: Invalid user user from 38.7.207.148
May  9 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: input_userauth_request: invalid user user [preauth]
May  9 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: Failed password for invalid user user from 38.7.207.148 port 41690 ssh2
May  9 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1791]: Connection closed by 38.7.207.148 port 41690 [preauth]
May  9 09:30:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Invalid user user from 38.7.207.148
May  9 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: input_userauth_request: invalid user user [preauth]
May  9 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Failed password for invalid user user from 38.7.207.148 port 41692 ssh2
May  9 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1819]: Connection closed by 38.7.207.148 port 41692 [preauth]
May  9 09:30:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Invalid user user from 38.7.207.148
May  9 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: input_userauth_request: invalid user user [preauth]
May  9 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Failed password for invalid user user from 38.7.207.148 port 41696 ssh2
May  9 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1830]: Connection closed by 38.7.207.148 port 41696 [preauth]
May  9 09:30:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Invalid user user from 38.7.207.148
May  9 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: input_userauth_request: invalid user user [preauth]
May  9 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32760]: pam_unix(cron:session): session closed for user root
May  9 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Failed password for invalid user user from 38.7.207.148 port 41700 ssh2
May  9 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1833]: Connection closed by 38.7.207.148 port 41700 [preauth]
May  9 09:30:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Invalid user user from 38.7.207.148
May  9 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: input_userauth_request: invalid user user [preauth]
May  9 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Failed password for invalid user user from 38.7.207.148 port 41706 ssh2
May  9 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1864]: Connection closed by 38.7.207.148 port 41706 [preauth]
May  9 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Invalid user user from 38.7.207.148
May  9 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: input_userauth_request: invalid user user [preauth]
May  9 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Failed password for invalid user user from 38.7.207.148 port 41708 ssh2
May  9 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1870]: Connection closed by 38.7.207.148 port 41708 [preauth]
May  9 09:30:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Invalid user user from 38.7.207.148
May  9 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: input_userauth_request: invalid user user [preauth]
May  9 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Failed password for invalid user user from 38.7.207.148 port 41710 ssh2
May  9 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1881]: Connection closed by 38.7.207.148 port 41710 [preauth]
May  9 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Invalid user user from 38.7.207.148
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: input_userauth_request: invalid user user [preauth]
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Invalid user rent from 164.68.105.9
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: input_userauth_request: invalid user rent [preauth]
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9
May  9 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Failed password for invalid user user from 38.7.207.148 port 41712 ssh2
May  9 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1883]: Connection closed by 38.7.207.148 port 41712 [preauth]
May  9 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Failed password for invalid user rent from 164.68.105.9 port 41336 ssh2
May  9 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1885]: Connection closed by 164.68.105.9 port 41336 [preauth]
May  9 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: Invalid user user from 38.7.207.148
May  9 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: input_userauth_request: invalid user user [preauth]
May  9 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: Failed password for invalid user user from 38.7.207.148 port 41714 ssh2
May  9 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1954]: Connection closed by 38.7.207.148 port 41714 [preauth]
May  9 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Invalid user user from 38.7.207.148
May  9 09:30:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: input_userauth_request: invalid user user [preauth]
May  9 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Failed password for invalid user user from 38.7.207.148 port 41720 ssh2
May  9 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1956]: Connection closed by 38.7.207.148 port 41720 [preauth]
May  9 09:30:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Invalid user user from 38.7.207.148
May  9 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: input_userauth_request: invalid user user [preauth]
May  9 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Failed password for invalid user user from 38.7.207.148 port 41722 ssh2
May  9 09:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1985]: Connection closed by 38.7.207.148 port 41722 [preauth]
May  9 09:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Invalid user user from 38.7.207.148
May  9 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: input_userauth_request: invalid user user [preauth]
May  9 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Failed password for invalid user user from 38.7.207.148 port 41724 ssh2
May  9 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2017]: Connection closed by 38.7.207.148 port 41724 [preauth]
May  9 09:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: Invalid user user from 38.7.207.148
May  9 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: input_userauth_request: invalid user user [preauth]
May  9 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:30:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: Failed password for invalid user user from 38.7.207.148 port 41726 ssh2
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2019]: Connection closed by 38.7.207.148 port 41726 [preauth]
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2031]: pam_unix(cron:session): session closed for user p13x
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: Successful su for rubyman by root
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: + ??? root:rubyman
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358801 of user rubyman.
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2100]: pam_unix(su:session): session closed for user rubyman
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358801.
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Invalid user user from 38.7.207.148
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: input_userauth_request: invalid user user [preauth]
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Failed password for invalid user user from 38.7.207.148 port 41732 ssh2
May  9 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2089]: Connection closed by 38.7.207.148 port 41732 [preauth]
May  9 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Invalid user user from 38.7.207.148
May  9 09:31:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: input_userauth_request: invalid user user [preauth]
May  9 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30834]: pam_unix(cron:session): session closed for user root
May  9 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2032]: pam_unix(cron:session): session closed for user samftp
May  9 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Failed password for invalid user user from 38.7.207.148 port 41736 ssh2
May  9 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2238]: Connection closed by 38.7.207.148 port 41736 [preauth]
May  9 09:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Invalid user user from 38.7.207.148
May  9 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: input_userauth_request: invalid user user [preauth]
May  9 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Failed password for invalid user user from 38.7.207.148 port 41738 ssh2
May  9 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2291]: Connection closed by 38.7.207.148 port 41738 [preauth]
May  9 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Invalid user user from 38.7.207.148
May  9 09:31:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: input_userauth_request: invalid user user [preauth]
May  9 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Failed password for invalid user user from 38.7.207.148 port 41744 ssh2
May  9 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2293]: Connection closed by 38.7.207.148 port 41744 [preauth]
May  9 09:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Invalid user user from 38.7.207.148
May  9 09:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: input_userauth_request: invalid user user [preauth]
May  9 09:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Failed password for invalid user user from 38.7.207.148 port 41746 ssh2
May  9 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2310]: Connection closed by 38.7.207.148 port 41746 [preauth]
May  9 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Invalid user user from 38.7.207.148
May  9 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: input_userauth_request: invalid user user [preauth]
May  9 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Failed password for invalid user user from 38.7.207.148 port 41752 ssh2
May  9 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2319]: Connection closed by 38.7.207.148 port 41752 [preauth]
May  9 09:31:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Invalid user user from 38.7.207.148
May  9 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: input_userauth_request: invalid user user [preauth]
May  9 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Failed password for invalid user user from 38.7.207.148 port 41760 ssh2
May  9 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2329]: Connection closed by 38.7.207.148 port 41760 [preauth]
May  9 09:31:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Invalid user user from 38.7.207.148
May  9 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: input_userauth_request: invalid user user [preauth]
May  9 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Failed password for invalid user user from 38.7.207.148 port 41764 ssh2
May  9 09:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2340]: Connection closed by 38.7.207.148 port 41764 [preauth]
May  9 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: Invalid user user from 38.7.207.148
May  9 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: input_userauth_request: invalid user user [preauth]
May  9 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: Failed password for invalid user user from 38.7.207.148 port 41768 ssh2
May  9 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2356]: Connection closed by 38.7.207.148 port 41768 [preauth]
May  9 09:31:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Invalid user user from 38.7.207.148
May  9 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: input_userauth_request: invalid user user [preauth]
May  9 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Failed password for invalid user user from 38.7.207.148 port 41772 ssh2
May  9 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2372]: Connection closed by 38.7.207.148 port 41772 [preauth]
May  9 09:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Invalid user user from 38.7.207.148
May  9 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: input_userauth_request: invalid user user [preauth]
May  9 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[848]: pam_unix(cron:session): session closed for user root
May  9 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Failed password for invalid user user from 38.7.207.148 port 41774 ssh2
May  9 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2376]: Connection closed by 38.7.207.148 port 41774 [preauth]
May  9 09:31:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Invalid user user from 38.7.207.148
May  9 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: input_userauth_request: invalid user user [preauth]
May  9 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Failed password for invalid user user from 38.7.207.148 port 41776 ssh2
May  9 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2421]: Connection closed by 38.7.207.148 port 41776 [preauth]
May  9 09:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Invalid user user from 38.7.207.148
May  9 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: input_userauth_request: invalid user user [preauth]
May  9 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Failed password for invalid user user from 38.7.207.148 port 41778 ssh2
May  9 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2432]: Connection closed by 38.7.207.148 port 41778 [preauth]
May  9 09:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: Invalid user user from 38.7.207.148
May  9 09:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: input_userauth_request: invalid user user [preauth]
May  9 09:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: Failed password for invalid user user from 38.7.207.148 port 41780 ssh2
May  9 09:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2434]: Connection closed by 38.7.207.148 port 41780 [preauth]
May  9 09:31:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Invalid user user from 38.7.207.148
May  9 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: input_userauth_request: invalid user user [preauth]
May  9 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Failed password for invalid user user from 38.7.207.148 port 41786 ssh2
May  9 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2458]: Connection closed by 38.7.207.148 port 41786 [preauth]
May  9 09:31:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Invalid user user from 38.7.207.148
May  9 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: input_userauth_request: invalid user user [preauth]
May  9 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Failed password for invalid user user from 38.7.207.148 port 41790 ssh2
May  9 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2460]: Connection closed by 38.7.207.148 port 41790 [preauth]
May  9 09:31:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: Invalid user user from 38.7.207.148
May  9 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: input_userauth_request: invalid user user [preauth]
May  9 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: Failed password for invalid user user from 38.7.207.148 port 41792 ssh2
May  9 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2472]: Connection closed by 38.7.207.148 port 41792 [preauth]
May  9 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: Invalid user user from 38.7.207.148
May  9 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: input_userauth_request: invalid user user [preauth]
May  9 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: Failed password for invalid user user from 38.7.207.148 port 41800 ssh2
May  9 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2484]: Connection closed by 38.7.207.148 port 41800 [preauth]
May  9 09:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: Invalid user user from 38.7.207.148
May  9 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: input_userauth_request: invalid user user [preauth]
May  9 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:31:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: Failed password for invalid user user from 38.7.207.148 port 41806 ssh2
May  9 09:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2487]: Connection closed by 38.7.207.148 port 41806 [preauth]
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Invalid user user from 38.7.207.148
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: input_userauth_request: invalid user user [preauth]
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2504]: pam_unix(cron:session): session closed for user p13x
May  9 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: Successful su for rubyman by root
May  9 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: + ??? root:rubyman
May  9 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358805 of user rubyman.
May  9 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2569]: pam_unix(su:session): session closed for user rubyman
May  9 09:32:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358805.
May  9 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Failed password for invalid user user from 38.7.207.148 port 41810 ssh2
May  9 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2500]: Connection closed by 38.7.207.148 port 41810 [preauth]
May  9 09:32:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Invalid user user from 38.7.207.148
May  9 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: input_userauth_request: invalid user user [preauth]
May  9 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31413]: pam_unix(cron:session): session closed for user root
May  9 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2505]: pam_unix(cron:session): session closed for user samftp
May  9 09:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Failed password for invalid user user from 38.7.207.148 port 41812 ssh2
May  9 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2704]: Connection closed by 38.7.207.148 port 41812 [preauth]
May  9 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Invalid user user from 38.7.207.148
May  9 09:32:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: input_userauth_request: invalid user user [preauth]
May  9 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Failed password for invalid user user from 38.7.207.148 port 41818 ssh2
May  9 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2781]: Connection closed by 38.7.207.148 port 41818 [preauth]
May  9 09:32:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Invalid user user from 38.7.207.148
May  9 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: input_userauth_request: invalid user user [preauth]
May  9 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Failed password for invalid user user from 38.7.207.148 port 41820 ssh2
May  9 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2791]: Connection closed by 38.7.207.148 port 41820 [preauth]
May  9 09:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: Invalid user user from 38.7.207.148
May  9 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: input_userauth_request: invalid user user [preauth]
May  9 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: Failed password for invalid user user from 38.7.207.148 port 41824 ssh2
May  9 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2795]: Connection closed by 38.7.207.148 port 41824 [preauth]
May  9 09:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Invalid user user from 38.7.207.148
May  9 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: input_userauth_request: invalid user user [preauth]
May  9 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Failed password for invalid user user from 38.7.207.148 port 41828 ssh2
May  9 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2818]: Connection closed by 38.7.207.148 port 41828 [preauth]
May  9 09:32:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: Invalid user user from 38.7.207.148
May  9 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: input_userauth_request: invalid user user [preauth]
May  9 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: Failed password for invalid user user from 38.7.207.148 port 41830 ssh2
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2820]: Connection closed by 38.7.207.148 port 41830 [preauth]
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Invalid user user from 103.179.57.150
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: input_userauth_request: invalid user user [preauth]
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Invalid user user from 38.7.207.148
May  9 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: input_userauth_request: invalid user user [preauth]
May  9 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Failed password for invalid user user from 103.179.57.150 port 58356 ssh2
May  9 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Received disconnect from 103.179.57.150 port 58356:11: Bye Bye [preauth]
May  9 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2832]: Disconnected from 103.179.57.150 port 58356 [preauth]
May  9 09:32:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Failed password for invalid user user from 38.7.207.148 port 41832 ssh2
May  9 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2834]: Connection closed by 38.7.207.148 port 41832 [preauth]
May  9 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Invalid user user from 38.7.207.148
May  9 09:32:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: input_userauth_request: invalid user user [preauth]
May  9 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Failed password for invalid user user from 38.7.207.148 port 41834 ssh2
May  9 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2860]: Connection closed by 38.7.207.148 port 41834 [preauth]
May  9 09:32:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: Invalid user user from 38.7.207.148
May  9 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: input_userauth_request: invalid user user [preauth]
May  9 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: Failed password for invalid user user from 38.7.207.148 port 41840 ssh2
May  9 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2863]: Connection closed by 38.7.207.148 port 41840 [preauth]
May  9 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Invalid user user from 38.7.207.148
May  9 09:32:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: input_userauth_request: invalid user user [preauth]
May  9 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1392]: pam_unix(cron:session): session closed for user root
May  9 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Failed password for invalid user user from 38.7.207.148 port 41846 ssh2
May  9 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2875]: Connection closed by 38.7.207.148 port 41846 [preauth]
May  9 09:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: Invalid user user from 38.7.207.148
May  9 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: input_userauth_request: invalid user user [preauth]
May  9 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: Failed password for invalid user user from 38.7.207.148 port 41848 ssh2
May  9 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2901]: Connection closed by 38.7.207.148 port 41848 [preauth]
May  9 09:32:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Invalid user user from 38.7.207.148
May  9 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: input_userauth_request: invalid user user [preauth]
May  9 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Failed password for invalid user user from 38.7.207.148 port 41850 ssh2
May  9 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2913]: Connection closed by 38.7.207.148 port 41850 [preauth]
May  9 09:32:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: Invalid user user from 38.7.207.148
May  9 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: input_userauth_request: invalid user user [preauth]
May  9 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: Failed password for invalid user user from 38.7.207.148 port 41852 ssh2
May  9 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2915]: Connection closed by 38.7.207.148 port 41852 [preauth]
May  9 09:32:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Invalid user user from 38.7.207.148
May  9 09:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: input_userauth_request: invalid user user [preauth]
May  9 09:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Failed password for invalid user user from 38.7.207.148 port 41854 ssh2
May  9 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2942]: Connection closed by 38.7.207.148 port 41854 [preauth]
May  9 09:32:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Invalid user ubuntu from 38.7.207.148
May  9 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Failed password for invalid user ubuntu from 38.7.207.148 port 41858 ssh2
May  9 09:32:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2952]: Connection closed by 38.7.207.148 port 41858 [preauth]
May  9 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Invalid user ubuntu from 38.7.207.148
May  9 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Failed password for invalid user ubuntu from 38.7.207.148 port 41862 ssh2
May  9 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2954]: Connection closed by 38.7.207.148 port 41862 [preauth]
May  9 09:32:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: Invalid user ubuntu from 38.7.207.148
May  9 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: Failed password for invalid user ubuntu from 38.7.207.148 port 41864 ssh2
May  9 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2967]: Connection closed by 38.7.207.148 port 41864 [preauth]
May  9 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: Invalid user ubuntu from 38.7.207.148
May  9 09:32:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:32:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:32:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: Failed password for invalid user ubuntu from 38.7.207.148 port 41866 ssh2
May  9 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2969]: Connection closed by 38.7.207.148 port 41866 [preauth]
May  9 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Invalid user ubuntu from 38.7.207.148
May  9 09:32:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2984]: pam_unix(cron:session): session closed for user p13x
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3047]: Successful su for rubyman by root
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3047]: + ??? root:rubyman
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3047]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358809 of user rubyman.
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3047]: pam_unix(su:session): session closed for user rubyman
May  9 09:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358809.
May  9 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Failed password for invalid user ubuntu from 38.7.207.148 port 41868 ssh2
May  9 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2981]: Connection closed by 38.7.207.148 port 41868 [preauth]
May  9 09:33:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31911]: pam_unix(cron:session): session closed for user root
May  9 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Failed password for invalid user ubuntu from 38.7.207.148 port 41872 ssh2
May  9 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3099]: Connection closed by 38.7.207.148 port 41872 [preauth]
May  9 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2985]: pam_unix(cron:session): session closed for user samftp
May  9 09:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: Failed password for invalid user ubuntu from 38.7.207.148 port 41876 ssh2
May  9 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3241]: Connection closed by 38.7.207.148 port 41876 [preauth]
May  9 09:33:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Failed password for invalid user ubuntu from 38.7.207.148 port 41880 ssh2
May  9 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3251]: Connection closed by 38.7.207.148 port 41880 [preauth]
May  9 09:33:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: Failed password for invalid user ubuntu from 38.7.207.148 port 41884 ssh2
May  9 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3253]: Connection closed by 38.7.207.148 port 41884 [preauth]
May  9 09:33:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Failed password for invalid user ubuntu from 38.7.207.148 port 41890 ssh2
May  9 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3276]: Connection closed by 38.7.207.148 port 41890 [preauth]
May  9 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Failed password for invalid user ubuntu from 38.7.207.148 port 41894 ssh2
May  9 09:33:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3281]: Connection closed by 38.7.207.148 port 41894 [preauth]
May  9 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Failed password for invalid user ubuntu from 38.7.207.148 port 41898 ssh2
May  9 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3288]: Connection closed by 38.7.207.148 port 41898 [preauth]
May  9 09:33:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Failed password for invalid user ubuntu from 38.7.207.148 port 41902 ssh2
May  9 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3299]: Connection closed by 38.7.207.148 port 41902 [preauth]
May  9 09:33:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Failed password for invalid user ubuntu from 38.7.207.148 port 41904 ssh2
May  9 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3312]: Connection closed by 38.7.207.148 port 41904 [preauth]
May  9 09:33:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2034]: pam_unix(cron:session): session closed for user root
May  9 09:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: Failed password for invalid user ubuntu from 38.7.207.148 port 41906 ssh2
May  9 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3323]: Connection closed by 38.7.207.148 port 41906 [preauth]
May  9 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Failed password for invalid user ubuntu from 38.7.207.148 port 41910 ssh2
May  9 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3342]: Connection closed by 38.7.207.148 port 41910 [preauth]
May  9 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Failed password for invalid user ubuntu from 38.7.207.148 port 41912 ssh2
May  9 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3357]: Connection closed by 38.7.207.148 port 41912 [preauth]
May  9 09:33:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Failed password for invalid user ubuntu from 38.7.207.148 port 41914 ssh2
May  9 09:33:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3368]: Connection closed by 38.7.207.148 port 41914 [preauth]
May  9 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: Failed password for invalid user ubuntu from 38.7.207.148 port 41916 ssh2
May  9 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3379]: Connection closed by 38.7.207.148 port 41916 [preauth]
May  9 09:33:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: Failed password for invalid user ubuntu from 38.7.207.148 port 41920 ssh2
May  9 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3399]: Connection closed by 38.7.207.148 port 41920 [preauth]
May  9 09:33:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Failed password for invalid user ubuntu from 38.7.207.148 port 41922 ssh2
May  9 09:33:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3410]: Connection closed by 38.7.207.148 port 41922 [preauth]
May  9 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Failed password for invalid user ubuntu from 38.7.207.148 port 41926 ssh2
May  9 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3422]: Connection closed by 38.7.207.148 port 41926 [preauth]
May  9 09:33:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Failed password for invalid user ubuntu from 38.7.207.148 port 41932 ssh2
May  9 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3424]: Connection closed by 38.7.207.148 port 41932 [preauth]
May  9 09:33:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: Invalid user ubuntu from 38.7.207.148
May  9 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:33:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: Failed password for invalid user ubuntu from 38.7.207.148 port 41938 ssh2
May  9 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3445]: Connection closed by 38.7.207.148 port 41938 [preauth]
May  9 09:34:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3450]: pam_unix(cron:session): session closed for user p13x
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3513]: Successful su for rubyman by root
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3513]: + ??? root:rubyman
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3513]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358814 of user rubyman.
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3513]: pam_unix(su:session): session closed for user rubyman
May  9 09:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358814.
May  9 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Failed password for invalid user ubuntu from 38.7.207.148 port 41944 ssh2
May  9 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3447]: Connection closed by 38.7.207.148 port 41944 [preauth]
May  9 09:34:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32759]: pam_unix(cron:session): session closed for user root
May  9 09:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3451]: pam_unix(cron:session): session closed for user samftp
May  9 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Failed password for invalid user ubuntu from 38.7.207.148 port 41950 ssh2
May  9 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3674]: Connection closed by 38.7.207.148 port 41950 [preauth]
May  9 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Failed password for invalid user ubuntu from 38.7.207.148 port 41956 ssh2
May  9 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3727]: Connection closed by 38.7.207.148 port 41956 [preauth]
May  9 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Failed password for invalid user ubuntu from 38.7.207.148 port 41958 ssh2
May  9 09:34:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3737]: Connection closed by 38.7.207.148 port 41958 [preauth]
May  9 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: Failed password for invalid user ubuntu from 38.7.207.148 port 41960 ssh2
May  9 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3746]: Connection closed by 38.7.207.148 port 41960 [preauth]
May  9 09:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: Failed password for invalid user ubuntu from 38.7.207.148 port 41970 ssh2
May  9 09:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3765]: Connection closed by 38.7.207.148 port 41970 [preauth]
May  9 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: Failed password for invalid user ubuntu from 38.7.207.148 port 41976 ssh2
May  9 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3776]: Connection closed by 38.7.207.148 port 41976 [preauth]
May  9 09:34:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Failed password for invalid user ubuntu from 38.7.207.148 port 41982 ssh2
May  9 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3778]: Connection closed by 38.7.207.148 port 41982 [preauth]
May  9 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Failed password for invalid user ubuntu from 38.7.207.148 port 41988 ssh2
May  9 09:34:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3800]: Connection closed by 38.7.207.148 port 41988 [preauth]
May  9 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Failed password for invalid user ubuntu from 38.7.207.148 port 41994 ssh2
May  9 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3802]: Connection closed by 38.7.207.148 port 41994 [preauth]
May  9 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Failed password for invalid user ubuntu from 38.7.207.148 port 41996 ssh2
May  9 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2508]: pam_unix(cron:session): session closed for user root
May  9 09:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3813]: Connection closed by 38.7.207.148 port 41996 [preauth]
May  9 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Failed password for invalid user ubuntu from 38.7.207.148 port 42000 ssh2
May  9 09:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3835]: Connection closed by 38.7.207.148 port 42000 [preauth]
May  9 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Failed password for invalid user ubuntu from 38.7.207.148 port 42004 ssh2
May  9 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3845]: Connection closed by 38.7.207.148 port 42004 [preauth]
May  9 09:34:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Failed password for invalid user ubuntu from 38.7.207.148 port 42006 ssh2
May  9 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3856]: Connection closed by 38.7.207.148 port 42006 [preauth]
May  9 09:34:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: Failed password for invalid user ubuntu from 38.7.207.148 port 42008 ssh2
May  9 09:34:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3858]: Connection closed by 38.7.207.148 port 42008 [preauth]
May  9 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: Failed password for invalid user ubuntu from 38.7.207.148 port 42014 ssh2
May  9 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3883]: Connection closed by 38.7.207.148 port 42014 [preauth]
May  9 09:34:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Failed password for invalid user ubuntu from 38.7.207.148 port 42018 ssh2
May  9 09:34:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3889]: Connection closed by 38.7.207.148 port 42018 [preauth]
May  9 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: Failed password for invalid user ubuntu from 38.7.207.148 port 42024 ssh2
May  9 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3896]: Connection closed by 38.7.207.148 port 42024 [preauth]
May  9 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: Failed password for invalid user ubuntu from 38.7.207.148 port 42026 ssh2
May  9 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3905]: Connection closed by 38.7.207.148 port 42026 [preauth]
May  9 09:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Invalid user ubuntu from 38.7.207.148
May  9 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Failed password for invalid user ubuntu from 38.7.207.148 port 42028 ssh2
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3910]: Connection closed by 38.7.207.148 port 42028 [preauth]
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3935]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3935]: pam_unix(cron:session): session closed for user root
May  9 09:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3927]: pam_unix(cron:session): session closed for user p13x
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: Successful su for rubyman by root
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: + ??? root:rubyman
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358820 of user rubyman.
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4031]: pam_unix(su:session): session closed for user rubyman
May  9 09:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358820.
May  9 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3931]: pam_unix(cron:session): session closed for user root
May  9 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Failed password for invalid user ubuntu from 38.7.207.148 port 42036 ssh2
May  9 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3922]: Connection closed by 38.7.207.148 port 42036 [preauth]
May  9 09:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[847]: pam_unix(cron:session): session closed for user root
May  9 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Failed password for invalid user ubuntu from 38.7.207.148 port 42038 ssh2
May  9 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4181]: Connection closed by 38.7.207.148 port 42038 [preauth]
May  9 09:35:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3928]: pam_unix(cron:session): session closed for user samftp
May  9 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: Failed password for invalid user ubuntu from 38.7.207.148 port 42042 ssh2
May  9 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4227]: Connection closed by 38.7.207.148 port 42042 [preauth]
May  9 09:35:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Failed password for invalid user ubuntu from 38.7.207.148 port 42046 ssh2
May  9 09:35:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Connection closed by 38.7.207.148 port 42046 [preauth]
May  9 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Failed password for invalid user ubuntu from 38.7.207.148 port 42050 ssh2
May  9 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4282]: Connection closed by 38.7.207.148 port 42050 [preauth]
May  9 09:35:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Failed password for invalid user ubuntu from 38.7.207.148 port 42054 ssh2
May  9 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4377]: Connection closed by 38.7.207.148 port 42054 [preauth]
May  9 09:35:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Failed password for invalid user ubuntu from 38.7.207.148 port 42056 ssh2
May  9 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4426]: Connection closed by 38.7.207.148 port 42056 [preauth]
May  9 09:35:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: Failed password for invalid user ubuntu from 38.7.207.148 port 42064 ssh2
May  9 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4428]: Connection closed by 38.7.207.148 port 42064 [preauth]
May  9 09:35:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Failed password for root from 5.189.153.19 port 52022 ssh2
May  9 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Received disconnect from 5.189.153.19 port 52022:11: Bye Bye [preauth]
May  9 09:35:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4444]: Disconnected from 5.189.153.19 port 52022 [preauth]
May  9 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Failed password for invalid user ubuntu from 38.7.207.148 port 42066 ssh2
May  9 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4446]: Connection closed by 38.7.207.148 port 42066 [preauth]
May  9 09:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Failed password for invalid user ubuntu from 38.7.207.148 port 42070 ssh2
May  9 09:35:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4469]: Connection closed by 38.7.207.148 port 42070 [preauth]
May  9 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Failed password for invalid user ubuntu from 38.7.207.148 port 42072 ssh2
May  9 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2987]: pam_unix(cron:session): session closed for user root
May  9 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4471]: Connection closed by 38.7.207.148 port 42072 [preauth]
May  9 09:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: Failed password for invalid user ubuntu from 38.7.207.148 port 42076 ssh2
May  9 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4496]: Connection closed by 38.7.207.148 port 42076 [preauth]
May  9 09:35:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Failed password for invalid user ubuntu from 38.7.207.148 port 42080 ssh2
May  9 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4516]: Connection closed by 38.7.207.148 port 42080 [preauth]
May  9 09:35:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Failed password for invalid user ubuntu from 38.7.207.148 port 42082 ssh2
May  9 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4529]: Connection closed by 38.7.207.148 port 42082 [preauth]
May  9 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Failed password for invalid user ubuntu from 38.7.207.148 port 42092 ssh2
May  9 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4541]: Connection closed by 38.7.207.148 port 42092 [preauth]
May  9 09:35:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Failed password for invalid user ubuntu from 38.7.207.148 port 42096 ssh2
May  9 09:35:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4559]: Connection closed by 38.7.207.148 port 42096 [preauth]
May  9 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Failed password for invalid user ubuntu from 38.7.207.148 port 42104 ssh2
May  9 09:35:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4570]: Connection closed by 38.7.207.148 port 42104 [preauth]
May  9 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Failed password for invalid user ubuntu from 38.7.207.148 port 42106 ssh2
May  9 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4572]: Connection closed by 38.7.207.148 port 42106 [preauth]
May  9 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Failed password for invalid user ubuntu from 38.7.207.148 port 42110 ssh2
May  9 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4584]: Connection closed by 38.7.207.148 port 42110 [preauth]
May  9 09:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Invalid user ubuntu from 38.7.207.148
May  9 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Failed password for invalid user ubuntu from 38.7.207.148 port 42112 ssh2
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4586]: Connection closed by 38.7.207.148 port 42112 [preauth]
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4604]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4602]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4602]: pam_unix(cron:session): session closed for user p13x
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: Successful su for rubyman by root
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: + ??? root:rubyman
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358824 of user rubyman.
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4668]: pam_unix(su:session): session closed for user rubyman
May  9 09:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358824.
May  9 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Failed password for invalid user ubuntu from 38.7.207.148 port 42114 ssh2
May  9 09:36:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4599]: Connection closed by 38.7.207.148 port 42114 [preauth]
May  9 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1390]: pam_unix(cron:session): session closed for user root
May  9 09:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4603]: pam_unix(cron:session): session closed for user samftp
May  9 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Failed password for invalid user ubuntu from 38.7.207.148 port 42120 ssh2
May  9 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4806]: Connection closed by 38.7.207.148 port 42120 [preauth]
May  9 09:36:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4880]: Did not receive identification string from 193.32.162.89
May  9 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Failed password for invalid user ubuntu from 38.7.207.148 port 42122 ssh2
May  9 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4869]: Connection closed by 38.7.207.148 port 42122 [preauth]
May  9 09:36:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: Failed password for invalid user ubuntu from 38.7.207.148 port 42126 ssh2
May  9 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4881]: Connection closed by 38.7.207.148 port 42126 [preauth]
May  9 09:36:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Failed password for invalid user ubuntu from 38.7.207.148 port 42128 ssh2
May  9 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4891]: Connection closed by 38.7.207.148 port 42128 [preauth]
May  9 09:36:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Failed password for invalid user ubuntu from 38.7.207.148 port 42134 ssh2
May  9 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4907]: Connection closed by 38.7.207.148 port 42134 [preauth]
May  9 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: Failed password for invalid user ubuntu from 38.7.207.148 port 42138 ssh2
May  9 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4911]: Connection closed by 38.7.207.148 port 42138 [preauth]
May  9 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Failed password for invalid user ubuntu from 38.7.207.148 port 42140 ssh2
May  9 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4926]: Connection closed by 38.7.207.148 port 42140 [preauth]
May  9 09:36:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: Failed password for invalid user ubuntu from 38.7.207.148 port 42146 ssh2
May  9 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4950]: Connection closed by 38.7.207.148 port 42146 [preauth]
May  9 09:36:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Failed password for invalid user ubuntu from 38.7.207.148 port 42156 ssh2
May  9 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4955]: Connection closed by 38.7.207.148 port 42156 [preauth]
May  9 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3453]: pam_unix(cron:session): session closed for user root
May  9 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Failed password for invalid user ubuntu from 38.7.207.148 port 42160 ssh2
May  9 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4966]: Connection closed by 38.7.207.148 port 42160 [preauth]
May  9 09:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Failed password for invalid user ubuntu from 38.7.207.148 port 42162 ssh2
May  9 09:36:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4991]: Connection closed by 38.7.207.148 port 42162 [preauth]
May  9 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Failed password for invalid user ubuntu from 38.7.207.148 port 42168 ssh2
May  9 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5052]: Connection closed by 38.7.207.148 port 42168 [preauth]
May  9 09:36:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Failed password for invalid user ubuntu from 38.7.207.148 port 42170 ssh2
May  9 09:36:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5183]: Connection closed by 38.7.207.148 port 42170 [preauth]
May  9 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Failed password for invalid user ubuntu from 38.7.207.148 port 42176 ssh2
May  9 09:36:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5195]: Connection closed by 38.7.207.148 port 42176 [preauth]
May  9 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Failed password for invalid user ubuntu from 38.7.207.148 port 42180 ssh2
May  9 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5214]: Connection closed by 38.7.207.148 port 42180 [preauth]
May  9 09:36:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Failed password for invalid user ubuntu from 38.7.207.148 port 42182 ssh2
May  9 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5227]: Connection closed by 38.7.207.148 port 42182 [preauth]
May  9 09:36:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Invalid user ubuntu from 38.7.207.148
May  9 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: input_userauth_request: invalid user ubuntu [preauth]
May  9 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Failed password for invalid user ubuntu from 38.7.207.148 port 42188 ssh2
May  9 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5241]: Connection closed by 38.7.207.148 port 42188 [preauth]
May  9 09:36:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Invalid user debian from 38.7.207.148
May  9 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: input_userauth_request: invalid user debian [preauth]
May  9 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Failed password for invalid user debian from 38.7.207.148 port 42190 ssh2
May  9 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5243]: Connection closed by 38.7.207.148 port 42190 [preauth]
May  9 09:36:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Invalid user debian from 38.7.207.148
May  9 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: input_userauth_request: invalid user debian [preauth]
May  9 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Failed password for invalid user debian from 38.7.207.148 port 42198 ssh2
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5255]: Connection closed by 38.7.207.148 port 42198 [preauth]
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5261]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5260]: pam_unix(cron:session): session closed for user p13x
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5324]: Successful su for rubyman by root
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5324]: + ??? root:rubyman
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5324]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358828 of user rubyman.
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5324]: pam_unix(su:session): session closed for user rubyman
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358828.
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Invalid user debian from 38.7.207.148
May  9 09:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2033]: pam_unix(cron:session): session closed for user root
May  9 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Failed password for invalid user debian from 38.7.207.148 port 42200 ssh2
May  9 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5257]: Connection closed by 38.7.207.148 port 42200 [preauth]
May  9 09:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Invalid user debian from 38.7.207.148
May  9 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5261]: pam_unix(cron:session): session closed for user samftp
May  9 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Failed password for invalid user debian from 38.7.207.148 port 42206 ssh2
May  9 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5495]: Connection closed by 38.7.207.148 port 42206 [preauth]
May  9 09:37:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Invalid user debian from 38.7.207.148
May  9 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Failed password for invalid user debian from 38.7.207.148 port 42210 ssh2
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5529]: Connection closed by 38.7.207.148 port 42210 [preauth]
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5556]: Connection closed by 66.240.192.85 port 58784 [preauth]
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: Invalid user debian from 38.7.207.148
May  9 09:37:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: Failed password for invalid user debian from 38.7.207.148 port 42214 ssh2
May  9 09:37:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5553]: Connection closed by 38.7.207.148 port 42214 [preauth]
May  9 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Invalid user debian from 38.7.207.148
May  9 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Failed password for invalid user debian from 38.7.207.148 port 42218 ssh2
May  9 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5566]: Connection closed by 38.7.207.148 port 42218 [preauth]
May  9 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Invalid user debian from 38.7.207.148
May  9 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Failed password for invalid user debian from 38.7.207.148 port 42224 ssh2
May  9 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5609]: Connection closed by 38.7.207.148 port 42224 [preauth]
May  9 09:37:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Invalid user debian from 38.7.207.148
May  9 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Failed password for invalid user debian from 38.7.207.148 port 42228 ssh2
May  9 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5622]: Connection closed by 38.7.207.148 port 42228 [preauth]
May  9 09:37:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Invalid user debian from 38.7.207.148
May  9 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Failed password for invalid user debian from 38.7.207.148 port 42232 ssh2
May  9 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5624]: Connection closed by 38.7.207.148 port 42232 [preauth]
May  9 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Invalid user debian from 38.7.207.148
May  9 09:37:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Failed password for invalid user debian from 38.7.207.148 port 42236 ssh2
May  9 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5654]: Connection closed by 38.7.207.148 port 42236 [preauth]
May  9 09:37:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Invalid user debian from 38.7.207.148
May  9 09:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 218.92.0.206 port 28300 ssh2
May  9 09:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Failed password for invalid user debian from 38.7.207.148 port 42242 ssh2
May  9 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5658]: Connection closed by 38.7.207.148 port 42242 [preauth]
May  9 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 218.92.0.206 port 28300 ssh2
May  9 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Invalid user debian from 38.7.207.148
May  9 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3934]: pam_unix(cron:session): session closed for user root
May  9 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Failed password for invalid user debian from 38.7.207.148 port 42246 ssh2
May  9 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5669]: Connection closed by 38.7.207.148 port 42246 [preauth]
May  9 09:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: Invalid user debian from 38.7.207.148
May  9 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 218.92.0.206 port 28300 ssh2
May  9 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: Failed password for invalid user debian from 38.7.207.148 port 42250 ssh2
May  9 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5692]: Connection closed by 38.7.207.148 port 42250 [preauth]
May  9 09:37:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Invalid user debian from 38.7.207.148
May  9 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 218.92.0.206 port 28300 ssh2
May  9 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Failed password for invalid user debian from 38.7.207.148 port 42254 ssh2
May  9 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5707]: Connection closed by 38.7.207.148 port 42254 [preauth]
May  9 09:37:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Invalid user debian from 38.7.207.148
May  9 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Failed password for root from 218.92.0.206 port 28300 ssh2
May  9 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 28300 ssh2 [preauth]
May  9 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: Disconnecting: Too many authentication failures [preauth]
May  9 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 09:37:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5656]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Failed password for invalid user debian from 38.7.207.148 port 42258 ssh2
May  9 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5717]: Connection closed by 38.7.207.148 port 42258 [preauth]
May  9 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Invalid user debian from 38.7.207.148
May  9 09:37:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Failed password for invalid user debian from 38.7.207.148 port 42260 ssh2
May  9 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5719]: Connection closed by 38.7.207.148 port 42260 [preauth]
May  9 09:37:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Invalid user debian from 38.7.207.148
May  9 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Failed password for invalid user debian from 38.7.207.148 port 42266 ssh2
May  9 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5745]: Connection closed by 38.7.207.148 port 42266 [preauth]
May  9 09:37:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Invalid user debian from 38.7.207.148
May  9 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Failed password for invalid user debian from 38.7.207.148 port 42270 ssh2
May  9 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5747]: Connection closed by 38.7.207.148 port 42270 [preauth]
May  9 09:37:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Invalid user debian from 38.7.207.148
May  9 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Failed password for invalid user debian from 38.7.207.148 port 42274 ssh2
May  9 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5757]: Connection closed by 38.7.207.148 port 42274 [preauth]
May  9 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Invalid user debian from 38.7.207.148
May  9 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Failed password for invalid user debian from 38.7.207.148 port 42276 ssh2
May  9 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5759]: Connection closed by 38.7.207.148 port 42276 [preauth]
May  9 09:37:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Invalid user debian from 38.7.207.148
May  9 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: input_userauth_request: invalid user debian [preauth]
May  9 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:37:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5772]: pam_unix(cron:session): session closed for user p13x
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Failed password for invalid user debian from 38.7.207.148 port 42282 ssh2
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5769]: Connection closed by 38.7.207.148 port 42282 [preauth]
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: Successful su for rubyman by root
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: + ??? root:rubyman
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358831 of user rubyman.
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5929]: pam_unix(su:session): session closed for user rubyman
May  9 09:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358831.
May  9 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Invalid user debian from 38.7.207.148
May  9 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Failed password for invalid user debian from 38.7.207.148 port 42286 ssh2
May  9 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5927]: Connection closed by 38.7.207.148 port 42286 [preauth]
May  9 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2507]: pam_unix(cron:session): session closed for user root
May  9 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Invalid user debian from 38.7.207.148
May  9 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5773]: pam_unix(cron:session): session closed for user samftp
May  9 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Failed password for invalid user debian from 38.7.207.148 port 42290 ssh2
May  9 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6085]: Connection closed by 38.7.207.148 port 42290 [preauth]
May  9 09:38:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Invalid user debian from 38.7.207.148
May  9 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Failed password for invalid user debian from 38.7.207.148 port 42294 ssh2
May  9 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6130]: Connection closed by 38.7.207.148 port 42294 [preauth]
May  9 09:38:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Invalid user debian from 38.7.207.148
May  9 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Failed password for invalid user debian from 38.7.207.148 port 42298 ssh2
May  9 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6141]: Connection closed by 38.7.207.148 port 42298 [preauth]
May  9 09:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Invalid user debian from 38.7.207.148
May  9 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Failed password for invalid user debian from 38.7.207.148 port 42302 ssh2
May  9 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6163]: Connection closed by 38.7.207.148 port 42302 [preauth]
May  9 09:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: Invalid user debian from 38.7.207.148
May  9 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: Failed password for invalid user debian from 38.7.207.148 port 42304 ssh2
May  9 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6165]: Connection closed by 38.7.207.148 port 42304 [preauth]
May  9 09:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Invalid user debian from 38.7.207.148
May  9 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Failed password for invalid user debian from 38.7.207.148 port 42308 ssh2
May  9 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6180]: Connection closed by 38.7.207.148 port 42308 [preauth]
May  9 09:38:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Invalid user debian from 38.7.207.148
May  9 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Failed password for invalid user debian from 38.7.207.148 port 42310 ssh2
May  9 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6182]: Connection closed by 38.7.207.148 port 42310 [preauth]
May  9 09:38:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Invalid user debian from 38.7.207.148
May  9 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Failed password for invalid user debian from 38.7.207.148 port 42314 ssh2
May  9 09:38:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6205]: Connection closed by 38.7.207.148 port 42314 [preauth]
May  9 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Invalid user debian from 38.7.207.148
May  9 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Failed password for invalid user debian from 38.7.207.148 port 42316 ssh2
May  9 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6216]: Connection closed by 38.7.207.148 port 42316 [preauth]
May  9 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Invalid user debian from 38.7.207.148
May  9 09:38:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4605]: pam_unix(cron:session): session closed for user root
May  9 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Failed password for invalid user debian from 38.7.207.148 port 42322 ssh2
May  9 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6219]: Connection closed by 38.7.207.148 port 42322 [preauth]
May  9 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Invalid user debian from 38.7.207.148
May  9 09:38:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Failed password for invalid user debian from 38.7.207.148 port 42324 ssh2
May  9 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6252]: Connection closed by 38.7.207.148 port 42324 [preauth]
May  9 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Invalid user debian from 38.7.207.148
May  9 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Failed password for invalid user debian from 38.7.207.148 port 42330 ssh2
May  9 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6255]: Connection closed by 38.7.207.148 port 42330 [preauth]
May  9 09:38:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Invalid user debian from 38.7.207.148
May  9 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Failed password for invalid user debian from 38.7.207.148 port 42334 ssh2
May  9 09:38:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6265]: Connection closed by 38.7.207.148 port 42334 [preauth]
May  9 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Invalid user debian from 38.7.207.148
May  9 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Failed password for invalid user debian from 38.7.207.148 port 42340 ssh2
May  9 09:38:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6280]: Connection closed by 38.7.207.148 port 42340 [preauth]
May  9 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Invalid user debian from 38.7.207.148
May  9 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Failed password for invalid user debian from 38.7.207.148 port 42346 ssh2
May  9 09:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6292]: Connection closed by 38.7.207.148 port 42346 [preauth]
May  9 09:38:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Invalid user debian from 38.7.207.148
May  9 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Failed password for invalid user debian from 38.7.207.148 port 42348 ssh2
May  9 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6294]: Connection closed by 38.7.207.148 port 42348 [preauth]
May  9 09:38:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Invalid user debian from 38.7.207.148
May  9 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Invalid user a from 80.94.95.115
May  9 09:38:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: input_userauth_request: invalid user a [preauth]
May  9 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  9 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Failed password for invalid user debian from 38.7.207.148 port 42354 ssh2
May  9 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6305]: Connection closed by 38.7.207.148 port 42354 [preauth]
May  9 09:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Invalid user debian from 38.7.207.148
May  9 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Failed password for invalid user a from 80.94.95.115 port 23726 ssh2
May  9 09:38:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6304]: Connection closed by 80.94.95.115 port 23726 [preauth]
May  9 09:38:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Failed password for invalid user debian from 38.7.207.148 port 42356 ssh2
May  9 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6316]: Connection closed by 38.7.207.148 port 42356 [preauth]
May  9 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: Invalid user debian from 38.7.207.148
May  9 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: input_userauth_request: invalid user debian [preauth]
May  9 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:38:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6335]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6338]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6336]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6334]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6334]: pam_unix(cron:session): session closed for user p13x
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: Failed password for invalid user debian from 38.7.207.148 port 42362 ssh2
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6321]: Connection closed by 38.7.207.148 port 42362 [preauth]
May  9 09:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6456]: Successful su for rubyman by root
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6456]: + ??? root:rubyman
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6456]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358836 of user rubyman.
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6456]: pam_unix(su:session): session closed for user rubyman
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358836.
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Invalid user debian from 38.7.207.148
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6332]: pam_unix(cron:session): session closed for user root
May  9 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Failed password for invalid user debian from 38.7.207.148 port 42366 ssh2
May  9 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6428]: Connection closed by 38.7.207.148 port 42366 [preauth]
May  9 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2986]: pam_unix(cron:session): session closed for user root
May  9 09:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: Invalid user debian from 38.7.207.148
May  9 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6335]: pam_unix(cron:session): session closed for user samftp
May  9 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: Failed password for invalid user debian from 38.7.207.148 port 42368 ssh2
May  9 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6635]: Connection closed by 38.7.207.148 port 42368 [preauth]
May  9 09:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Invalid user debian from 38.7.207.148
May  9 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Failed password for invalid user debian from 38.7.207.148 port 42380 ssh2
May  9 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6680]: Connection closed by 38.7.207.148 port 42380 [preauth]
May  9 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: Invalid user debian from 38.7.207.148
May  9 09:39:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: Failed password for invalid user debian from 38.7.207.148 port 42386 ssh2
May  9 09:39:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6682]: Connection closed by 38.7.207.148 port 42386 [preauth]
May  9 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Invalid user debian from 38.7.207.148
May  9 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Failed password for invalid user debian from 38.7.207.148 port 42390 ssh2
May  9 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6701]: Connection closed by 38.7.207.148 port 42390 [preauth]
May  9 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Invalid user debian from 38.7.207.148
May  9 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150  user=root
May  9 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Failed password for invalid user debian from 38.7.207.148 port 42398 ssh2
May  9 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6712]: Connection closed by 38.7.207.148 port 42398 [preauth]
May  9 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Failed password for root from 103.179.57.150 port 35082 ssh2
May  9 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Received disconnect from 103.179.57.150 port 35082:11: Bye Bye [preauth]
May  9 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6718]: Disconnected from 103.179.57.150 port 35082 [preauth]
May  9 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Invalid user debian from 38.7.207.148
May  9 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Failed password for invalid user debian from 38.7.207.148 port 42404 ssh2
May  9 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6721]: Connection closed by 38.7.207.148 port 42404 [preauth]
May  9 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Invalid user debian from 38.7.207.148
May  9 09:39:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Failed password for invalid user debian from 38.7.207.148 port 42408 ssh2
May  9 09:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6732]: Connection closed by 38.7.207.148 port 42408 [preauth]
May  9 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Invalid user debian from 38.7.207.148
May  9 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Failed password for invalid user debian from 38.7.207.148 port 42416 ssh2
May  9 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6748]: Connection closed by 38.7.207.148 port 42416 [preauth]
May  9 09:39:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Invalid user debian from 38.7.207.148
May  9 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Failed password for invalid user debian from 38.7.207.148 port 42420 ssh2
May  9 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6759]: Connection closed by 38.7.207.148 port 42420 [preauth]
May  9 09:39:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Invalid user debian from 38.7.207.148
May  9 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5264]: pam_unix(cron:session): session closed for user root
May  9 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Failed password for invalid user debian from 38.7.207.148 port 42426 ssh2
May  9 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6771]: Connection closed by 38.7.207.148 port 42426 [preauth]
May  9 09:39:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Invalid user debian from 38.7.207.148
May  9 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Failed password for invalid user debian from 38.7.207.148 port 42428 ssh2
May  9 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6795]: Connection closed by 38.7.207.148 port 42428 [preauth]
May  9 09:39:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Invalid user debian from 38.7.207.148
May  9 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Failed password for invalid user debian from 38.7.207.148 port 42434 ssh2
May  9 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6805]: Connection closed by 38.7.207.148 port 42434 [preauth]
May  9 09:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Invalid user debian from 38.7.207.148
May  9 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Failed password for invalid user debian from 38.7.207.148 port 42438 ssh2
May  9 09:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6807]: Connection closed by 38.7.207.148 port 42438 [preauth]
May  9 09:39:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Invalid user debian from 38.7.207.148
May  9 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Failed password for invalid user debian from 38.7.207.148 port 42442 ssh2
May  9 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6832]: Connection closed by 38.7.207.148 port 42442 [preauth]
May  9 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Invalid user debian from 38.7.207.148
May  9 09:39:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Failed password for invalid user debian from 38.7.207.148 port 42450 ssh2
May  9 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6834]: Connection closed by 38.7.207.148 port 42450 [preauth]
May  9 09:39:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Invalid user debian from 38.7.207.148
May  9 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Failed password for invalid user debian from 38.7.207.148 port 42454 ssh2
May  9 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6844]: Connection closed by 38.7.207.148 port 42454 [preauth]
May  9 09:39:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Invalid user debian from 38.7.207.148
May  9 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Failed password for invalid user debian from 38.7.207.148 port 42460 ssh2
May  9 09:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6846]: Connection closed by 38.7.207.148 port 42460 [preauth]
May  9 09:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Invalid user debian from 38.7.207.148
May  9 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:39:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Failed password for invalid user debian from 38.7.207.148 port 42464 ssh2
May  9 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6859]: Connection closed by 38.7.207.148 port 42464 [preauth]
May  9 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Invalid user debian from 38.7.207.148
May  9 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: input_userauth_request: invalid user debian [preauth]
May  9 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:39:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Failed password for invalid user debian from 38.7.207.148 port 42468 ssh2
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6868]: Connection closed by 38.7.207.148 port 42468 [preauth]
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6875]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6877]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6879]: pam_unix(cron:session): session closed for user root
May  9 09:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6874]: pam_unix(cron:session): session closed for user p13x
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: Successful su for rubyman by root
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: + ??? root:rubyman
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358845 of user rubyman.
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7038]: pam_unix(su:session): session closed for user rubyman
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358845.
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Invalid user debian from 38.7.207.148
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6876]: pam_unix(cron:session): session closed for user root
May  9 09:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3452]: pam_unix(cron:session): session closed for user root
May  9 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Failed password for invalid user debian from 38.7.207.148 port 42478 ssh2
May  9 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6871]: Connection closed by 38.7.207.148 port 42478 [preauth]
May  9 09:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Invalid user debian from 38.7.207.148
May  9 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6875]: pam_unix(cron:session): session closed for user samftp
May  9 09:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Failed password for invalid user debian from 38.7.207.148 port 42486 ssh2
May  9 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7249]: Connection closed by 38.7.207.148 port 42486 [preauth]
May  9 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Invalid user debian from 38.7.207.148
May  9 09:40:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Failed password for invalid user debian from 38.7.207.148 port 42490 ssh2
May  9 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7278]: Connection closed by 38.7.207.148 port 42490 [preauth]
May  9 09:40:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Invalid user debian from 38.7.207.148
May  9 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Failed password for invalid user debian from 38.7.207.148 port 42498 ssh2
May  9 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7288]: Connection closed by 38.7.207.148 port 42498 [preauth]
May  9 09:40:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Invalid user debian from 38.7.207.148
May  9 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Failed password for invalid user debian from 38.7.207.148 port 42502 ssh2
May  9 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7296]: Connection closed by 38.7.207.148 port 42502 [preauth]
May  9 09:40:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: Invalid user debian from 38.7.207.148
May  9 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: Failed password for invalid user debian from 38.7.207.148 port 42506 ssh2
May  9 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7313]: Connection closed by 38.7.207.148 port 42506 [preauth]
May  9 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: Invalid user debian from 38.7.207.148
May  9 09:40:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: Failed password for invalid user debian from 38.7.207.148 port 42510 ssh2
May  9 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7315]: Connection closed by 38.7.207.148 port 42510 [preauth]
May  9 09:40:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Invalid user debian from 38.7.207.148
May  9 09:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Failed password for invalid user debian from 38.7.207.148 port 42514 ssh2
May  9 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7325]: Connection closed by 38.7.207.148 port 42514 [preauth]
May  9 09:40:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Invalid user debian from 38.7.207.148
May  9 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Failed password for invalid user debian from 38.7.207.148 port 42518 ssh2
May  9 09:40:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7339]: Connection closed by 38.7.207.148 port 42518 [preauth]
May  9 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: Invalid user debian from 38.7.207.148
May  9 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: Failed password for invalid user debian from 38.7.207.148 port 42524 ssh2
May  9 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7349]: Connection closed by 38.7.207.148 port 42524 [preauth]
May  9 09:40:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: Invalid user debian from 38.7.207.148
May  9 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5775]: pam_unix(cron:session): session closed for user root
May  9 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: Failed password for invalid user debian from 38.7.207.148 port 42530 ssh2
May  9 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7359]: Connection closed by 38.7.207.148 port 42530 [preauth]
May  9 09:40:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Invalid user debian from 38.7.207.148
May  9 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Failed password for invalid user debian from 38.7.207.148 port 42536 ssh2
May  9 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7381]: Connection closed by 38.7.207.148 port 42536 [preauth]
May  9 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Invalid user debian from 38.7.207.148
May  9 09:40:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Failed password for root from 5.189.153.19 port 51888 ssh2
May  9 09:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Received disconnect from 5.189.153.19 port 51888:11: Bye Bye [preauth]
May  9 09:40:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7391]: Disconnected from 5.189.153.19 port 51888 [preauth]
May  9 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Failed password for invalid user debian from 38.7.207.148 port 42540 ssh2
May  9 09:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7393]: Connection closed by 38.7.207.148 port 42540 [preauth]
May  9 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Invalid user debian from 38.7.207.148
May  9 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Failed password for invalid user debian from 38.7.207.148 port 42548 ssh2
May  9 09:40:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7399]: Connection closed by 38.7.207.148 port 42548 [preauth]
May  9 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Invalid user debian from 38.7.207.148
May  9 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Failed password for invalid user debian from 38.7.207.148 port 42554 ssh2
May  9 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7418]: Connection closed by 38.7.207.148 port 42554 [preauth]
May  9 09:40:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Invalid user debian from 38.7.207.148
May  9 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Failed password for invalid user debian from 38.7.207.148 port 42558 ssh2
May  9 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7429]: Connection closed by 38.7.207.148 port 42558 [preauth]
May  9 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Invalid user debian from 38.7.207.148
May  9 09:40:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Failed password for invalid user debian from 38.7.207.148 port 42564 ssh2
May  9 09:40:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7431]: Connection closed by 38.7.207.148 port 42564 [preauth]
May  9 09:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Invalid user debian from 38.7.207.148
May  9 09:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Failed password for invalid user debian from 38.7.207.148 port 42568 ssh2
May  9 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7441]: Connection closed by 38.7.207.148 port 42568 [preauth]
May  9 09:40:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Invalid user debian from 38.7.207.148
May  9 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: input_userauth_request: invalid user debian [preauth]
May  9 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:40:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Failed password for invalid user debian from 38.7.207.148 port 42574 ssh2
May  9 09:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7446]: Connection closed by 38.7.207.148 port 42574 [preauth]
May  9 09:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Invalid user debian from 38.7.207.148
May  9 09:40:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: input_userauth_request: invalid user debian [preauth]
May  9 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7461]: pam_unix(cron:session): session closed for user p13x
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: Successful su for rubyman by root
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: + ??? root:rubyman
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358847 of user rubyman.
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[7632]: pam_unix(su:session): session closed for user rubyman
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358847.
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Failed password for invalid user debian from 38.7.207.148 port 42576 ssh2
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7456]: Connection closed by 38.7.207.148 port 42576 [preauth]
May  9 09:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Invalid user admin from 38.7.207.148
May  9 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3932]: pam_unix(cron:session): session closed for user root
May  9 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Failed password for invalid user admin from 38.7.207.148 port 42582 ssh2
May  9 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7669]: Connection closed by 38.7.207.148 port 42582 [preauth]
May  9 09:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Invalid user admin from 38.7.207.148
May  9 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7462]: pam_unix(cron:session): session closed for user samftp
May  9 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Failed password for invalid user admin from 38.7.207.148 port 42586 ssh2
May  9 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7830]: Connection closed by 38.7.207.148 port 42586 [preauth]
May  9 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: Invalid user admin from 38.7.207.148
May  9 09:41:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: Failed password for invalid user admin from 38.7.207.148 port 42590 ssh2
May  9 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7844]: Connection closed by 38.7.207.148 port 42590 [preauth]
May  9 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Invalid user admin from 38.7.207.148
May  9 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Failed password for invalid user admin from 38.7.207.148 port 42604 ssh2
May  9 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7854]: Connection closed by 38.7.207.148 port 42604 [preauth]
May  9 09:41:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Invalid user admin from 38.7.207.148
May  9 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Failed password for invalid user admin from 38.7.207.148 port 42610 ssh2
May  9 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7864]: Connection closed by 38.7.207.148 port 42610 [preauth]
May  9 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Invalid user admin from 38.7.207.148
May  9 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Failed password for invalid user admin from 38.7.207.148 port 42616 ssh2
May  9 09:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7881]: Connection closed by 38.7.207.148 port 42616 [preauth]
May  9 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Invalid user admin from 38.7.207.148
May  9 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Failed password for invalid user admin from 38.7.207.148 port 42620 ssh2
May  9 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7893]: Connection closed by 38.7.207.148 port 42620 [preauth]
May  9 09:41:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Invalid user admin from 38.7.207.148
May  9 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Failed password for invalid user admin from 38.7.207.148 port 42622 ssh2
May  9 09:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7895]: Connection closed by 38.7.207.148 port 42622 [preauth]
May  9 09:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Invalid user admin from 38.7.207.148
May  9 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Failed password for invalid user admin from 38.7.207.148 port 42628 ssh2
May  9 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7919]: Connection closed by 38.7.207.148 port 42628 [preauth]
May  9 09:41:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Invalid user admin from 38.7.207.148
May  9 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Failed password for invalid user admin from 38.7.207.148 port 42632 ssh2
May  9 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7922]: Connection closed by 38.7.207.148 port 42632 [preauth]
May  9 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Invalid user admin from 38.7.207.148
May  9 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6338]: pam_unix(cron:session): session closed for user root
May  9 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Failed password for invalid user admin from 38.7.207.148 port 42642 ssh2
May  9 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7933]: Connection closed by 38.7.207.148 port 42642 [preauth]
May  9 09:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Invalid user admin from 38.7.207.148
May  9 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Failed password for invalid user admin from 38.7.207.148 port 42646 ssh2
May  9 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7957]: Connection closed by 38.7.207.148 port 42646 [preauth]
May  9 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: Invalid user admin from 38.7.207.148
May  9 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: Failed password for invalid user admin from 38.7.207.148 port 42654 ssh2
May  9 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7971]: Connection closed by 38.7.207.148 port 42654 [preauth]
May  9 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Invalid user admin from 38.7.207.148
May  9 09:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Failed password for invalid user admin from 38.7.207.148 port 42660 ssh2
May  9 09:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7983]: Connection closed by 38.7.207.148 port 42660 [preauth]
May  9 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: Invalid user admin from 38.7.207.148
May  9 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: Failed password for invalid user admin from 38.7.207.148 port 42664 ssh2
May  9 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7985]: Connection closed by 38.7.207.148 port 42664 [preauth]
May  9 09:41:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Invalid user admin from 38.7.207.148
May  9 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Failed password for invalid user admin from 38.7.207.148 port 42668 ssh2
May  9 09:41:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8008]: Connection closed by 38.7.207.148 port 42668 [preauth]
May  9 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Invalid user admin from 38.7.207.148
May  9 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Failed password for invalid user admin from 38.7.207.148 port 42674 ssh2
May  9 09:41:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8020]: Did not receive identification string from 196.251.114.29
May  9 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8010]: Connection closed by 38.7.207.148 port 42674 [preauth]
May  9 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Invalid user admin from 38.7.207.148
May  9 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Failed password for invalid user admin from 38.7.207.148 port 42678 ssh2
May  9 09:41:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8021]: Connection closed by 38.7.207.148 port 42678 [preauth]
May  9 09:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Invalid user admin from 38.7.207.148
May  9 09:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Failed password for invalid user admin from 38.7.207.148 port 42686 ssh2
May  9 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8023]: Connection closed by 38.7.207.148 port 42686 [preauth]
May  9 09:41:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Invalid user admin from 38.7.207.148
May  9 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: input_userauth_request: invalid user admin [preauth]
May  9 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:41:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8036]: pam_unix(cron:session): session closed for user p13x
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8104]: Successful su for rubyman by root
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8104]: + ??? root:rubyman
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8104]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358850 of user rubyman.
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8104]: pam_unix(su:session): session closed for user rubyman
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358850.
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Failed password for invalid user admin from 38.7.207.148 port 42696 ssh2
May  9 09:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8033]: Connection closed by 38.7.207.148 port 42696 [preauth]
May  9 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Invalid user admin from 38.7.207.148
May  9 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4604]: pam_unix(cron:session): session closed for user root
May  9 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Failed password for invalid user admin from 38.7.207.148 port 42700 ssh2
May  9 09:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8167]: Connection closed by 38.7.207.148 port 42700 [preauth]
May  9 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Invalid user admin from 38.7.207.148
May  9 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user samftp
May  9 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Failed password for invalid user admin from 38.7.207.148 port 42704 ssh2
May  9 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8298]: Connection closed by 38.7.207.148 port 42704 [preauth]
May  9 09:42:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Invalid user admin from 38.7.207.148
May  9 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Failed password for invalid user admin from 38.7.207.148 port 42712 ssh2
May  9 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8314]: Connection closed by 38.7.207.148 port 42712 [preauth]
May  9 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Invalid user admin from 38.7.207.148
May  9 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Failed password for invalid user admin from 38.7.207.148 port 42718 ssh2
May  9 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8327]: Connection closed by 38.7.207.148 port 42718 [preauth]
May  9 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: Invalid user admin from 38.7.207.148
May  9 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: Failed password for invalid user admin from 38.7.207.148 port 42724 ssh2
May  9 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8351]: Connection closed by 38.7.207.148 port 42724 [preauth]
May  9 09:42:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Invalid user admin from 38.7.207.148
May  9 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Failed password for invalid user admin from 38.7.207.148 port 42730 ssh2
May  9 09:42:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8353]: Connection closed by 38.7.207.148 port 42730 [preauth]
May  9 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Invalid user admin from 38.7.207.148
May  9 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Failed password for invalid user admin from 38.7.207.148 port 42736 ssh2
May  9 09:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8363]: Connection closed by 38.7.207.148 port 42736 [preauth]
May  9 09:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: Invalid user admin from 38.7.207.148
May  9 09:42:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: Failed password for invalid user admin from 38.7.207.148 port 42746 ssh2
May  9 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8365]: Connection closed by 38.7.207.148 port 42746 [preauth]
May  9 09:42:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Invalid user admin from 38.7.207.148
May  9 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Failed password for invalid user admin from 38.7.207.148 port 42750 ssh2
May  9 09:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8390]: Connection closed by 38.7.207.148 port 42750 [preauth]
May  9 09:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Invalid user admin from 38.7.207.148
May  9 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Failed password for invalid user admin from 38.7.207.148 port 42758 ssh2
May  9 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8392]: Connection closed by 38.7.207.148 port 42758 [preauth]
May  9 09:42:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Invalid user admin from 38.7.207.148
May  9 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6878]: pam_unix(cron:session): session closed for user root
May  9 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Failed password for invalid user admin from 38.7.207.148 port 42764 ssh2
May  9 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8403]: Connection closed by 38.7.207.148 port 42764 [preauth]
May  9 09:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: Invalid user admin from 38.7.207.148
May  9 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: Failed password for invalid user admin from 38.7.207.148 port 42770 ssh2
May  9 09:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8439]: Connection closed by 38.7.207.148 port 42770 [preauth]
May  9 09:42:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Invalid user admin from 38.7.207.148
May  9 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Failed password for invalid user admin from 38.7.207.148 port 42778 ssh2
May  9 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8441]: Connection closed by 38.7.207.148 port 42778 [preauth]
May  9 09:42:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Invalid user admin from 38.7.207.148
May  9 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Failed password for invalid user admin from 38.7.207.148 port 42784 ssh2
May  9 09:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8451]: Connection closed by 38.7.207.148 port 42784 [preauth]
May  9 09:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: Invalid user admin from 38.7.207.148
May  9 09:42:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: Failed password for invalid user admin from 38.7.207.148 port 42790 ssh2
May  9 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8464]: Connection closed by 38.7.207.148 port 42790 [preauth]
May  9 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: Invalid user admin from 38.7.207.148
May  9 09:42:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: Failed password for invalid user admin from 38.7.207.148 port 42796 ssh2
May  9 09:42:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8480]: Connection closed by 38.7.207.148 port 42796 [preauth]
May  9 09:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Invalid user admin from 38.7.207.148
May  9 09:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Failed password for invalid user admin from 38.7.207.148 port 42806 ssh2
May  9 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8483]: Connection closed by 38.7.207.148 port 42806 [preauth]
May  9 09:42:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Invalid user admin from 38.7.207.148
May  9 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Failed password for invalid user admin from 38.7.207.148 port 42812 ssh2
May  9 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8493]: Connection closed by 38.7.207.148 port 42812 [preauth]
May  9 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Invalid user admin from 38.7.207.148
May  9 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: input_userauth_request: invalid user admin [preauth]
May  9 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:42:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Failed password for invalid user admin from 38.7.207.148 port 42818 ssh2
May  9 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8505]: Connection closed by 38.7.207.148 port 42818 [preauth]
May  9 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Invalid user admin from 38.7.207.148
May  9 09:42:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8525]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8527]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8524]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8524]: pam_unix(cron:session): session closed for user p13x
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Failed password for invalid user admin from 38.7.207.148 port 42824 ssh2
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8591]: Successful su for rubyman by root
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8591]: + ??? root:rubyman
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8591]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358854 of user rubyman.
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8591]: pam_unix(su:session): session closed for user rubyman
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358854.
May  9 09:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8508]: Connection closed by 38.7.207.148 port 42824 [preauth]
May  9 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Invalid user admin from 38.7.207.148
May  9 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Failed password for invalid user admin from 38.7.207.148 port 42832 ssh2
May  9 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8614]: Connection closed by 38.7.207.148 port 42832 [preauth]
May  9 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5263]: pam_unix(cron:session): session closed for user root
May  9 09:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: Invalid user admin from 38.7.207.148
May  9 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8525]: pam_unix(cron:session): session closed for user samftp
May  9 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: Failed password for invalid user admin from 38.7.207.148 port 42836 ssh2
May  9 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8766]: Connection closed by 38.7.207.148 port 42836 [preauth]
May  9 09:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Invalid user admin from 38.7.207.148
May  9 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Failed password for invalid user admin from 38.7.207.148 port 42842 ssh2
May  9 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8794]: Connection closed by 38.7.207.148 port 42842 [preauth]
May  9 09:43:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Invalid user admin from 38.7.207.148
May  9 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Failed password for invalid user admin from 38.7.207.148 port 42846 ssh2
May  9 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8799]: Connection closed by 38.7.207.148 port 42846 [preauth]
May  9 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: Invalid user admin from 38.7.207.148
May  9 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: Failed password for invalid user admin from 38.7.207.148 port 42850 ssh2
May  9 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8819]: Connection closed by 38.7.207.148 port 42850 [preauth]
May  9 09:43:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Invalid user admin from 38.7.207.148
May  9 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Failed password for invalid user admin from 38.7.207.148 port 42856 ssh2
May  9 09:43:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8829]: Connection closed by 38.7.207.148 port 42856 [preauth]
May  9 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Invalid user admin from 38.7.207.148
May  9 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Failed password for invalid user admin from 38.7.207.148 port 42858 ssh2
May  9 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8831]: Connection closed by 38.7.207.148 port 42858 [preauth]
May  9 09:43:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Invalid user admin from 38.7.207.148
May  9 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Failed password for invalid user admin from 38.7.207.148 port 42862 ssh2
May  9 09:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8846]: Connection closed by 38.7.207.148 port 42862 [preauth]
May  9 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Invalid user admin from 38.7.207.148
May  9 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Failed password for invalid user admin from 38.7.207.148 port 42866 ssh2
May  9 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8861]: Connection closed by 38.7.207.148 port 42866 [preauth]
May  9 09:43:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Invalid user admin from 38.7.207.148
May  9 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Failed password for invalid user admin from 38.7.207.148 port 42876 ssh2
May  9 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8874]: Connection closed by 38.7.207.148 port 42876 [preauth]
May  9 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: Invalid user admin from 38.7.207.148
May  9 09:43:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7464]: pam_unix(cron:session): session closed for user root
May  9 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: Failed password for invalid user admin from 38.7.207.148 port 42882 ssh2
May  9 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8876]: Connection closed by 38.7.207.148 port 42882 [preauth]
May  9 09:43:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Invalid user admin from 38.7.207.148
May  9 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Failed password for invalid user admin from 38.7.207.148 port 42888 ssh2
May  9 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8906]: Connection closed by 38.7.207.148 port 42888 [preauth]
May  9 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Invalid user admin from 38.7.207.148
May  9 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Failed password for invalid user admin from 38.7.207.148 port 42894 ssh2
May  9 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8918]: Connection closed by 38.7.207.148 port 42894 [preauth]
May  9 09:43:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Invalid user admin from 38.7.207.148
May  9 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Failed password for invalid user admin from 38.7.207.148 port 42898 ssh2
May  9 09:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8920]: Connection closed by 38.7.207.148 port 42898 [preauth]
May  9 09:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Invalid user admin from 38.7.207.148
May  9 09:43:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Failed password for invalid user admin from 38.7.207.148 port 42902 ssh2
May  9 09:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8945]: Connection closed by 38.7.207.148 port 42902 [preauth]
May  9 09:43:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Invalid user admin from 38.7.207.148
May  9 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Failed password for invalid user admin from 38.7.207.148 port 42914 ssh2
May  9 09:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8947]: Connection closed by 38.7.207.148 port 42914 [preauth]
May  9 09:43:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Invalid user admin from 38.7.207.148
May  9 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Failed password for invalid user admin from 38.7.207.148 port 42920 ssh2
May  9 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8957]: Connection closed by 38.7.207.148 port 42920 [preauth]
May  9 09:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: Invalid user admin from 38.7.207.148
May  9 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: Failed password for invalid user admin from 38.7.207.148 port 42924 ssh2
May  9 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8971]: Connection closed by 38.7.207.148 port 42924 [preauth]
May  9 09:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: Invalid user admin from 38.7.207.148
May  9 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: input_userauth_request: invalid user admin [preauth]
May  9 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:43:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: Failed password for invalid user admin from 38.7.207.148 port 42926 ssh2
May  9 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8974]: Connection closed by 38.7.207.148 port 42926 [preauth]
May  9 09:43:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Invalid user admin from 38.7.207.148
May  9 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8989]: pam_unix(cron:session): session closed for user p13x
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: Successful su for rubyman by root
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: + ??? root:rubyman
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358859 of user rubyman.
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9051]: pam_unix(su:session): session closed for user rubyman
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358859.
May  9 09:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Failed password for invalid user admin from 38.7.207.148 port 42932 ssh2
May  9 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8985]: Connection closed by 38.7.207.148 port 42932 [preauth]
May  9 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Invalid user admin from 38.7.207.148
May  9 09:44:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5774]: pam_unix(cron:session): session closed for user root
May  9 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Failed password for invalid user admin from 38.7.207.148 port 42938 ssh2
May  9 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9110]: Connection closed by 38.7.207.148 port 42938 [preauth]
May  9 09:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8990]: pam_unix(cron:session): session closed for user samftp
May  9 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Invalid user admin from 38.7.207.148
May  9 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Failed password for invalid user admin from 38.7.207.148 port 42942 ssh2
May  9 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9356]: Connection closed by 38.7.207.148 port 42942 [preauth]
May  9 09:44:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Invalid user admin from 38.7.207.148
May  9 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Failed password for invalid user admin from 38.7.207.148 port 42946 ssh2
May  9 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9363]: Connection closed by 38.7.207.148 port 42946 [preauth]
May  9 09:44:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: Invalid user admin from 38.7.207.148
May  9 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: Failed password for invalid user admin from 38.7.207.148 port 42954 ssh2
May  9 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9374]: Connection closed by 38.7.207.148 port 42954 [preauth]
May  9 09:44:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: Invalid user admin from 38.7.207.148
May  9 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: Failed password for invalid user admin from 38.7.207.148 port 42964 ssh2
May  9 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9397]: Connection closed by 38.7.207.148 port 42964 [preauth]
May  9 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Invalid user admin from 38.7.207.148
May  9 09:44:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Failed password for invalid user admin from 38.7.207.148 port 42976 ssh2
May  9 09:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9401]: Connection closed by 38.7.207.148 port 42976 [preauth]
May  9 09:44:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: Invalid user admin from 38.7.207.148
May  9 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: Failed password for invalid user admin from 38.7.207.148 port 42982 ssh2
May  9 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9412]: Connection closed by 38.7.207.148 port 42982 [preauth]
May  9 09:44:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: Invalid user admin from 38.7.207.148
May  9 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: Failed password for invalid user admin from 38.7.207.148 port 42988 ssh2
May  9 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9435]: Connection closed by 38.7.207.148 port 42988 [preauth]
May  9 09:44:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Invalid user admin from 38.7.207.148
May  9 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Failed password for invalid user admin from 38.7.207.148 port 42994 ssh2
May  9 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9437]: Connection closed by 38.7.207.148 port 42994 [preauth]
May  9 09:44:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session closed for user root
May  9 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: Invalid user admin from 38.7.207.148
May  9 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: Failed password for invalid user admin from 38.7.207.148 port 43000 ssh2
May  9 09:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9447]: Connection closed by 38.7.207.148 port 43000 [preauth]
May  9 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: Invalid user admin from 38.7.207.148
May  9 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: Failed password for invalid user admin from 38.7.207.148 port 43002 ssh2
May  9 09:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9473]: Connection closed by 38.7.207.148 port 43002 [preauth]
May  9 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Invalid user admin from 38.7.207.148
May  9 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Failed password for invalid user admin from 38.7.207.148 port 43008 ssh2
May  9 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9483]: Connection closed by 38.7.207.148 port 43008 [preauth]
May  9 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Invalid user admin from 38.7.207.148
May  9 09:44:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Failed password for invalid user admin from 38.7.207.148 port 43016 ssh2
May  9 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9493]: Connection closed by 38.7.207.148 port 43016 [preauth]
May  9 09:44:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Invalid user admin from 38.7.207.148
May  9 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Failed password for invalid user admin from 38.7.207.148 port 43022 ssh2
May  9 09:44:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9509]: Connection closed by 38.7.207.148 port 43022 [preauth]
May  9 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Invalid user admin from 38.7.207.148
May  9 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Failed password for invalid user admin from 38.7.207.148 port 43030 ssh2
May  9 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9519]: Connection closed by 38.7.207.148 port 43030 [preauth]
May  9 09:44:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Invalid user admin from 38.7.207.148
May  9 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Failed password for invalid user admin from 38.7.207.148 port 43038 ssh2
May  9 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9521]: Connection closed by 38.7.207.148 port 43038 [preauth]
May  9 09:44:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Invalid user admin from 38.7.207.148
May  9 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Failed password for invalid user admin from 38.7.207.148 port 43046 ssh2
May  9 09:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9531]: Connection closed by 38.7.207.148 port 43046 [preauth]
May  9 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Invalid user admin from 38.7.207.148
May  9 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: input_userauth_request: invalid user admin [preauth]
May  9 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:44:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9546]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9547]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9548]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9551]: pam_unix(cron:session): session closed for user root
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9546]: pam_unix(cron:session): session closed for user p13x
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Failed password for invalid user admin from 38.7.207.148 port 43052 ssh2
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9543]: Connection closed by 38.7.207.148 port 43052 [preauth]
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: Successful su for rubyman by root
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: + ??? root:rubyman
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358864 of user rubyman.
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9613]: pam_unix(su:session): session closed for user rubyman
May  9 09:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358864.
May  9 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Invalid user admin from 38.7.207.148
May  9 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: input_userauth_request: invalid user admin [preauth]
May  9 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9548]: pam_unix(cron:session): session closed for user root
May  9 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Failed password for invalid user admin from 38.7.207.148 port 43060 ssh2
May  9 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9611]: Connection closed by 38.7.207.148 port 43060 [preauth]
May  9 09:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6336]: pam_unix(cron:session): session closed for user root
May  9 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: Invalid user admin from 38.7.207.148
May  9 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: input_userauth_request: invalid user admin [preauth]
May  9 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9547]: pam_unix(cron:session): session closed for user samftp
May  9 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: Failed password for invalid user admin from 38.7.207.148 port 43066 ssh2
May  9 09:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9782]: Connection closed by 38.7.207.148 port 43066 [preauth]
May  9 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Invalid user admin from 38.7.207.148
May  9 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: input_userauth_request: invalid user admin [preauth]
May  9 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:45:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Failed password for invalid user admin from 38.7.207.148 port 43072 ssh2
May  9 09:45:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9831]: Connection closed by 38.7.207.148 port 43072 [preauth]
May  9 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Invalid user admin from 38.7.207.148
May  9 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: input_userauth_request: invalid user admin [preauth]
May  9 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:45:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Failed password for invalid user admin from 38.7.207.148 port 43076 ssh2
May  9 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9842]: Connection closed by 38.7.207.148 port 43076 [preauth]
May  9 09:45:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Invalid user pi from 38.7.207.148
May  9 09:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: input_userauth_request: invalid user pi [preauth]
May  9 09:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:45:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148
May  9 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Failed password for invalid user pi from 38.7.207.148 port 43084 ssh2
May  9 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9857]: Connection closed by 38.7.207.148 port 43084 [preauth]
May  9 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184  user=root
May  9 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: User ftp from 38.7.207.148 not allowed because not listed in AllowUsers
May  9 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: input_userauth_request: invalid user ftp [preauth]
May  9 09:45:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=38.7.207.148  user=ftp
May  9 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Failed password for root from 193.70.84.184 port 52100 ssh2
May  9 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Failed password for invalid user ftp from 38.7.207.148 port 43092 ssh2
May  9 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9869]: Connection closed by 193.70.84.184 port 52100 [preauth]
May  9 09:45:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9871]: Connection closed by 38.7.207.148 port 43092 [preauth]
May  9 09:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8527]: pam_unix(cron:session): session closed for user root
May  9 09:45:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150  user=root
May  9 09:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Failed password for root from 103.179.57.150 port 54448 ssh2
May  9 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Received disconnect from 103.179.57.150 port 54448:11: Bye Bye [preauth]
May  9 09:45:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9950]: Disconnected from 103.179.57.150 port 54448 [preauth]
May  9 09:45:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:45:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: Failed password for root from 5.189.153.19 port 59926 ssh2
May  9 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: Received disconnect from 5.189.153.19 port 59926:11: Bye Bye [preauth]
May  9 09:45:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9973]: Disconnected from 5.189.153.19 port 59926 [preauth]
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9999]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9996]: pam_unix(cron:session): session closed for user p13x
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: Successful su for rubyman by root
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: + ??? root:rubyman
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358869 of user rubyman.
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10068]: pam_unix(su:session): session closed for user rubyman
May  9 09:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358869.
May  9 09:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6877]: pam_unix(cron:session): session closed for user root
May  9 09:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9997]: pam_unix(cron:session): session closed for user samftp
May  9 09:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8992]: pam_unix(cron:session): session closed for user root
May  9 09:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:46:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:46:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Failed password for root from 218.92.0.179 port 44423 ssh2
May  9 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 44423 ssh2]
May  9 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Received disconnect from 218.92.0.179 port 44423:11:  [preauth]
May  9 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: Disconnected from 218.92.0.179 port 44423 [preauth]
May  9 09:46:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10443]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10514]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10515]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10516]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10514]: pam_unix(cron:session): session closed for user p13x
May  9 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10580]: Successful su for rubyman by root
May  9 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10580]: + ??? root:rubyman
May  9 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10580]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358873 of user rubyman.
May  9 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10580]: pam_unix(su:session): session closed for user rubyman
May  9 09:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358873.
May  9 09:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7463]: pam_unix(cron:session): session closed for user root
May  9 09:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10515]: pam_unix(cron:session): session closed for user samftp
May  9 09:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9550]: pam_unix(cron:session): session closed for user root
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10969]: pam_unix(cron:session): session closed for user p13x
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11030]: Successful su for rubyman by root
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11030]: + ??? root:rubyman
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358876 of user rubyman.
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11030]: pam_unix(su:session): session closed for user rubyman
May  9 09:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358876.
May  9 09:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session closed for user root
May  9 09:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10970]: pam_unix(cron:session): session closed for user samftp
May  9 09:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9999]: pam_unix(cron:session): session closed for user root
May  9 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11359]: pam_unix(cron:session): session closed for user p13x
May  9 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: Successful su for rubyman by root
May  9 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: + ??? root:rubyman
May  9 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358881 of user rubyman.
May  9 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11418]: pam_unix(su:session): session closed for user rubyman
May  9 09:49:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358881.
May  9 09:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8526]: pam_unix(cron:session): session closed for user root
May  9 09:49:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11360]: pam_unix(cron:session): session closed for user samftp
May  9 09:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10517]: pam_unix(cron:session): session closed for user root
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11757]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11756]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11762]: pam_unix(cron:session): session closed for user root
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11756]: pam_unix(cron:session): session closed for user p13x
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: Successful su for rubyman by root
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: + ??? root:rubyman
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358888 of user rubyman.
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11828]: pam_unix(su:session): session closed for user rubyman
May  9 09:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358888.
May  9 09:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11758]: pam_unix(cron:session): session closed for user root
May  9 09:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8991]: pam_unix(cron:session): session closed for user root
May  9 09:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11757]: pam_unix(cron:session): session closed for user samftp
May  9 09:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10972]: pam_unix(cron:session): session closed for user root
May  9 09:50:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Invalid user user from 5.189.153.19
May  9 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: input_userauth_request: invalid user user [preauth]
May  9 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19
May  9 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Failed password for invalid user user from 5.189.153.19 port 58992 ssh2
May  9 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Received disconnect from 5.189.153.19 port 58992:11: Bye Bye [preauth]
May  9 09:50:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12172]: Disconnected from 5.189.153.19 port 58992 [preauth]
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12177]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12179]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12178]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12176]: pam_unix(cron:session): session closed for user p13x
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12245]: Successful su for rubyman by root
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12245]: + ??? root:rubyman
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12245]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358890 of user rubyman.
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12245]: pam_unix(su:session): session closed for user rubyman
May  9 09:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358890.
May  9 09:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9549]: pam_unix(cron:session): session closed for user root
May  9 09:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12177]: pam_unix(cron:session): session closed for user samftp
May  9 09:51:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11362]: pam_unix(cron:session): session closed for user root
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12596]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12594]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12594]: pam_unix(cron:session): session closed for user p13x
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12651]: Successful su for rubyman by root
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12651]: + ??? root:rubyman
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12651]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358894 of user rubyman.
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12651]: pam_unix(su:session): session closed for user rubyman
May  9 09:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358894.
May  9 09:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9998]: pam_unix(cron:session): session closed for user root
May  9 09:52:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12595]: pam_unix(cron:session): session closed for user samftp
May  9 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Invalid user gabriele from 103.179.57.150
May  9 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: input_userauth_request: invalid user gabriele [preauth]
May  9 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Failed password for invalid user gabriele from 103.179.57.150 port 53158 ssh2
May  9 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Received disconnect from 103.179.57.150 port 53158:11: Bye Bye [preauth]
May  9 09:52:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12812]: Disconnected from 103.179.57.150 port 53158 [preauth]
May  9 09:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11761]: pam_unix(cron:session): session closed for user root
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12986]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12985]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12987]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12983]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12983]: pam_unix(cron:session): session closed for user p13x
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13050]: Successful su for rubyman by root
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13050]: + ??? root:rubyman
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358898 of user rubyman.
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13050]: pam_unix(su:session): session closed for user rubyman
May  9 09:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358898.
May  9 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Invalid user csserver from 103.237.249.202
May  9 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: input_userauth_request: invalid user csserver [preauth]
May  9 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:53:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.237.249.202
May  9 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Failed password for invalid user csserver from 103.237.249.202 port 49770 ssh2
May  9 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Received disconnect from 103.237.249.202 port 49770:11: Bye Bye [preauth]
May  9 09:53:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12978]: Disconnected from 103.237.249.202 port 49770 [preauth]
May  9 09:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10516]: pam_unix(cron:session): session closed for user root
May  9 09:53:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12985]: pam_unix(cron:session): session closed for user samftp
May  9 09:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12179]: pam_unix(cron:session): session closed for user root
May  9 09:53:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13334]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13384]: pam_unix(cron:session): session closed for user p13x
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13530]: Successful su for rubyman by root
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13530]: + ??? root:rubyman
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13530]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358903 of user rubyman.
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13530]: pam_unix(su:session): session closed for user rubyman
May  9 09:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358903.
May  9 09:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10971]: pam_unix(cron:session): session closed for user root
May  9 09:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13385]: pam_unix(cron:session): session closed for user samftp
May  9 09:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12597]: pam_unix(cron:session): session closed for user root
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13887]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13888]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13893]: pam_unix(cron:session): session closed for user root
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13887]: pam_unix(cron:session): session closed for user p13x
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13960]: Successful su for rubyman by root
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13960]: + ??? root:rubyman
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13960]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358909 of user rubyman.
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13960]: pam_unix(su:session): session closed for user rubyman
May  9 09:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358909.
May  9 09:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13889]: pam_unix(cron:session): session closed for user root
May  9 09:55:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11361]: pam_unix(cron:session): session closed for user root
May  9 09:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13888]: pam_unix(cron:session): session closed for user samftp
May  9 09:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12987]: pam_unix(cron:session): session closed for user root
May  9 09:55:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:56:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115  user=root
May  9 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14331]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14330]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14330]: pam_unix(cron:session): session closed for user p13x
May  9 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14399]: Successful su for rubyman by root
May  9 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14399]: + ??? root:rubyman
May  9 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14399]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358913 of user rubyman.
May  9 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14399]: pam_unix(su:session): session closed for user rubyman
May  9 09:56:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358913.
May  9 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Failed password for root from 80.94.95.115 port 55492 ssh2
May  9 09:56:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14318]: Connection closed by 80.94.95.115 port 55492 [preauth]
May  9 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11759]: pam_unix(cron:session): session closed for user root
May  9 09:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 09:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14331]: pam_unix(cron:session): session closed for user samftp
May  9 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Failed password for root from 5.189.153.19 port 56862 ssh2
May  9 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Received disconnect from 5.189.153.19 port 56862:11: Bye Bye [preauth]
May  9 09:56:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14549]: Disconnected from 5.189.153.19 port 56862 [preauth]
May  9 09:56:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:56:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:56:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Failed password for root from 218.92.0.179 port 24707 ssh2
May  9 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 24707 ssh2]
May  9 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Received disconnect from 218.92.0.179 port 24707:11:  [preauth]
May  9 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: Disconnected from 218.92.0.179 port 24707 [preauth]
May  9 09:56:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14634]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13387]: pam_unix(cron:session): session closed for user root
May  9 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14751]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14750]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14749]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14749]: pam_unix(cron:session): session closed for user p13x
May  9 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14809]: Successful su for rubyman by root
May  9 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14809]: + ??? root:rubyman
May  9 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14809]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358919 of user rubyman.
May  9 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14809]: pam_unix(su:session): session closed for user rubyman
May  9 09:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358919.
May  9 09:57:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14874]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12178]: pam_unix(cron:session): session closed for user root
May  9 09:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14750]: pam_unix(cron:session): session closed for user samftp
May  9 09:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13892]: pam_unix(cron:session): session closed for user root
May  9 09:57:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:57:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15161]: pam_unix(cron:session): session closed for user p13x
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: Successful su for rubyman by root
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: + ??? root:rubyman
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358920 of user rubyman.
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15221]: pam_unix(su:session): session closed for user rubyman
May  9 09:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358920.
May  9 09:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Failed password for root from 218.92.0.179 port 51853 ssh2
May  9 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12596]: pam_unix(cron:session): session closed for user root
May  9 09:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Failed password for root from 218.92.0.179 port 51853 ssh2
May  9 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15162]: pam_unix(cron:session): session closed for user samftp
May  9 09:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Failed password for root from 218.92.0.179 port 51853 ssh2
May  9 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Received disconnect from 218.92.0.179 port 51853:11:  [preauth]
May  9 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: Disconnected from 218.92.0.179 port 51853 [preauth]
May  9 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15158]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:58:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Invalid user lisong from 103.179.57.150
May  9 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: input_userauth_request: invalid user lisong [preauth]
May  9 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: pam_unix(sshd:auth): check pass; user unknown
May  9 09:58:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Failed password for invalid user lisong from 103.179.57.150 port 41614 ssh2
May  9 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Received disconnect from 103.179.57.150 port 41614:11: Bye Bye [preauth]
May  9 09:58:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15406]: Disconnected from 103.179.57.150 port 41614 [preauth]
May  9 09:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14334]: pam_unix(cron:session): session closed for user root
May  9 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 09:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15560]: pam_unix(cron:session): session closed for user p13x
May  9 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: Successful su for rubyman by root
May  9 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: + ??? root:rubyman
May  9 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358926 of user rubyman.
May  9 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[15622]: pam_unix(su:session): session closed for user rubyman
May  9 09:59:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358926.
May  9 09:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12986]: pam_unix(cron:session): session closed for user root
May  9 09:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15561]: pam_unix(cron:session): session closed for user samftp
May  9 09:59:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 09:59:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:59:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: Failed password for root from 218.92.0.179 port 36392 ssh2
May  9 09:59:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 36392 ssh2]
May  9 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: Received disconnect from 218.92.0.179 port 36392:11:  [preauth]
May  9 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: Disconnected from 218.92.0.179 port 36392 [preauth]
May  9 09:59:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15848]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 09:59:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14752]: pam_unix(cron:session): session closed for user root
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15967]: pam_unix(cron:session): session closed for user root
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15971]: pam_unix(cron:session): session closed for user root
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15965]: pam_unix(cron:session): session closed for user p13x
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: Successful su for rubyman by root
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: + ??? root:rubyman
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358932 of user rubyman.
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16055]: pam_unix(su:session): session closed for user rubyman
May  9 10:00:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358932.
May  9 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13386]: pam_unix(cron:session): session closed for user root
May  9 10:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15968]: pam_unix(cron:session): session closed for user root
May  9 10:00:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15966]: pam_unix(cron:session): session closed for user samftp
May  9 10:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15164]: pam_unix(cron:session): session closed for user root
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16458]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16457]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16456]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16455]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16455]: pam_unix(cron:session): session closed for user p13x
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: Successful su for rubyman by root
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: + ??? root:rubyman
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358935 of user rubyman.
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16546]: pam_unix(su:session): session closed for user rubyman
May  9 10:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358935.
May  9 10:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13890]: pam_unix(cron:session): session closed for user root
May  9 10:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16456]: pam_unix(cron:session): session closed for user samftp
May  9 10:01:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:01:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 10:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Failed password for root from 5.189.153.19 port 54056 ssh2
May  9 10:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Received disconnect from 5.189.153.19 port 54056:11: Bye Bye [preauth]
May  9 10:01:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16763]: Disconnected from 5.189.153.19 port 54056 [preauth]
May  9 10:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15563]: pam_unix(cron:session): session closed for user root
May  9 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16920]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16920]: pam_unix(cron:session): session closed for user p13x
May  9 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: Successful su for rubyman by root
May  9 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: + ??? root:rubyman
May  9 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358939 of user rubyman.
May  9 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[16997]: pam_unix(su:session): session closed for user rubyman
May  9 10:02:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358939.
May  9 10:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14333]: pam_unix(cron:session): session closed for user root
May  9 10:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16927]: pam_unix(cron:session): session closed for user samftp
May  9 10:02:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15970]: pam_unix(cron:session): session closed for user root
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17341]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17340]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17338]: pam_unix(cron:session): session closed for user p13x
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: Successful su for rubyman by root
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: + ??? root:rubyman
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358944 of user rubyman.
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17400]: pam_unix(su:session): session closed for user rubyman
May  9 10:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358944.
May  9 10:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14751]: pam_unix(cron:session): session closed for user root
May  9 10:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17339]: pam_unix(cron:session): session closed for user samftp
May  9 10:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16458]: pam_unix(cron:session): session closed for user root
May  9 10:03:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:03:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:03:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Failed password for root from 218.92.0.179 port 56852 ssh2
May  9 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 56852 ssh2]
May  9 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Received disconnect from 218.92.0.179 port 56852:11:  [preauth]
May  9 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: Disconnected from 218.92.0.179 port 56852 [preauth]
May  9 10:03:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17704]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17759]: pam_unix(cron:session): session closed for user p13x
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17925]: Successful su for rubyman by root
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17925]: + ??? root:rubyman
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17925]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358947 of user rubyman.
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17925]: pam_unix(su:session): session closed for user rubyman
May  9 10:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358947.
May  9 10:04:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Invalid user transmission from 103.179.57.150
May  9 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: input_userauth_request: invalid user transmission [preauth]
May  9 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15163]: pam_unix(cron:session): session closed for user root
May  9 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17760]: pam_unix(cron:session): session closed for user samftp
May  9 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Failed password for invalid user transmission from 103.179.57.150 port 40480 ssh2
May  9 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Received disconnect from 103.179.57.150 port 40480:11: Bye Bye [preauth]
May  9 10:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18004]: Disconnected from 103.179.57.150 port 40480 [preauth]
May  9 10:04:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16929]: pam_unix(cron:session): session closed for user root
May  9 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:04:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  9 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Failed password for root from 50.235.31.47 port 53104 ssh2
May  9 10:04:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18247]: Connection closed by 50.235.31.47 port 53104 [preauth]
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18281]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18278]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18282]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18282]: pam_unix(cron:session): session closed for user root
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user p13x
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: Successful su for rubyman by root
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: + ??? root:rubyman
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358951 of user rubyman.
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18349]: pam_unix(su:session): session closed for user rubyman
May  9 10:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358951.
May  9 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18278]: pam_unix(cron:session): session closed for user root
May  9 10:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15562]: pam_unix(cron:session): session closed for user root
May  9 10:05:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18277]: pam_unix(cron:session): session closed for user samftp
May  9 10:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17341]: pam_unix(cron:session): session closed for user root
May  9 10:05:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Invalid user matrix from 194.0.234.16
May  9 10:05:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: input_userauth_request: invalid user matrix [preauth]
May  9 10:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:05:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.16
May  9 10:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Failed password for invalid user matrix from 194.0.234.16 port 40476 ssh2
May  9 10:05:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18656]: Connection closed by 194.0.234.16 port 40476 [preauth]
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18717]: pam_unix(cron:session): session closed for user p13x
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18795]: Successful su for rubyman by root
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18795]: + ??? root:rubyman
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18795]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358957 of user rubyman.
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18795]: pam_unix(su:session): session closed for user rubyman
May  9 10:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358957.
May  9 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15969]: pam_unix(cron:session): session closed for user root
May  9 10:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18719]: pam_unix(cron:session): session closed for user samftp
May  9 10:06:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:06:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 10:06:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Failed password for root from 5.189.153.19 port 48212 ssh2
May  9 10:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Received disconnect from 5.189.153.19 port 48212:11: Bye Bye [preauth]
May  9 10:06:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19044]: Disconnected from 5.189.153.19 port 48212 [preauth]
May  9 10:06:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session closed for user root
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19147]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user p13x
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: Successful su for rubyman by root
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: + ??? root:rubyman
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358961 of user rubyman.
May  9 10:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19203]: pam_unix(su:session): session closed for user rubyman
May  9 10:07:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358961.
May  9 10:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16457]: pam_unix(cron:session): session closed for user root
May  9 10:07:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session closed for user samftp
May  9 10:07:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18281]: pam_unix(cron:session): session closed for user root
May  9 10:07:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Invalid user david from 103.237.249.202
May  9 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: input_userauth_request: invalid user david [preauth]
May  9 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:07:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.237.249.202
May  9 10:07:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Failed password for invalid user david from 103.237.249.202 port 59812 ssh2
May  9 10:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Received disconnect from 103.237.249.202 port 59812:11: Bye Bye [preauth]
May  9 10:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19530]: Disconnected from 103.237.249.202 port 59812 [preauth]
May  9 10:07:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:08:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19557]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19556]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19555]: pam_unix(cron:session): session closed for user p13x
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19628]: Successful su for rubyman by root
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19628]: + ??? root:rubyman
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19628]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358965 of user rubyman.
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[19628]: pam_unix(su:session): session closed for user rubyman
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358965.
May  9 10:08:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Failed password for root from 218.92.0.179 port 56359 ssh2
May  9 10:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Failed password for root from 218.92.0.179 port 56359 ssh2
May  9 10:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16928]: pam_unix(cron:session): session closed for user root
May  9 10:08:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19556]: pam_unix(cron:session): session closed for user samftp
May  9 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Failed password for root from 218.92.0.179 port 56359 ssh2
May  9 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Received disconnect from 218.92.0.179 port 56359:11:  [preauth]
May  9 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: Disconnected from 218.92.0.179 port 56359 [preauth]
May  9 10:08:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19540]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18722]: pam_unix(cron:session): session closed for user root
May  9 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19975]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19976]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19974]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19971]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19974]: pam_unix(cron:session): session closed for user p13x
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20103]: Successful su for rubyman by root
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20103]: + ??? root:rubyman
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358971 of user rubyman.
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20103]: pam_unix(su:session): session closed for user rubyman
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358971.
May  9 10:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19971]: pam_unix(cron:session): session closed for user root
May  9 10:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17340]: pam_unix(cron:session): session closed for user root
May  9 10:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19975]: pam_unix(cron:session): session closed for user samftp
May  9 10:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:09:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 10:09:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 218.92.0.206 port 25918 ssh2
May  9 10:09:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 218.92.0.206 port 25918 ssh2
May  9 10:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19147]: pam_unix(cron:session): session closed for user root
May  9 10:09:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Failed password for root from 218.92.0.206 port 25918 ssh2
May  9 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: message repeated 2 times: [ Failed password for root from 218.92.0.206 port 25918 ssh2]
May  9 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 25918 ssh2 [preauth]
May  9 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: Disconnecting: Too many authentication failures [preauth]
May  9 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 10:09:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20366]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 10:09:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:09:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 10:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: Failed password for root from 218.92.0.206 port 8964 ssh2
May  9 10:09:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20425]: message repeated 3 times: [ Failed password for root from 218.92.0.206 port 8964 ssh2]
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20470]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20476]: pam_unix(cron:session): session closed for user root
May  9 10:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20469]: pam_unix(cron:session): session closed for user p13x
May  9 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: Successful su for rubyman by root
May  9 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: + ??? root:rubyman
May  9 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358978 of user rubyman.
May  9 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20543]: pam_unix(su:session): session closed for user rubyman
May  9 10:10:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358978.
May  9 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20472]: pam_unix(cron:session): session closed for user root
May  9 10:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user root
May  9 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20742]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:10:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20470]: pam_unix(cron:session): session closed for user samftp
May  9 10:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Invalid user sht from 103.179.57.150
May  9 10:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: input_userauth_request: invalid user sht [preauth]
May  9 10:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:10:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Failed password for invalid user sht from 103.179.57.150 port 60284 ssh2
May  9 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Received disconnect from 103.179.57.150 port 60284:11: Bye Bye [preauth]
May  9 10:10:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20746]: Disconnected from 103.179.57.150 port 60284 [preauth]
May  9 10:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19558]: pam_unix(cron:session): session closed for user root
May  9 10:10:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:10:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:10:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Failed password for root from 218.92.0.179 port 58710 ssh2
May  9 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 58710 ssh2]
May  9 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Received disconnect from 218.92.0.179 port 58710:11:  [preauth]
May  9 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: Disconnected from 218.92.0.179 port 58710 [preauth]
May  9 10:10:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20910]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20938]: pam_unix(cron:session): session closed for user p13x
May  9 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21002]: Successful su for rubyman by root
May  9 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21002]: + ??? root:rubyman
May  9 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21002]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358980 of user rubyman.
May  9 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21002]: pam_unix(su:session): session closed for user rubyman
May  9 10:11:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358980.
May  9 10:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18280]: pam_unix(cron:session): session closed for user root
May  9 10:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20939]: pam_unix(cron:session): session closed for user samftp
May  9 10:11:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19977]: pam_unix(cron:session): session closed for user root
May  9 10:11:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:11:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.153.19  user=root
May  9 10:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: Failed password for root from 5.189.153.19 port 60710 ssh2
May  9 10:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: Received disconnect from 5.189.153.19 port 60710:11: Bye Bye [preauth]
May  9 10:11:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21330]: Disconnected from 5.189.153.19 port 60710 [preauth]
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21380]: pam_unix(cron:session): session closed for user p13x
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21437]: Successful su for rubyman by root
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21437]: + ??? root:rubyman
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21437]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358986 of user rubyman.
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[21437]: pam_unix(su:session): session closed for user rubyman
May  9 10:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358986.
May  9 10:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18721]: pam_unix(cron:session): session closed for user root
May  9 10:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21381]: pam_unix(cron:session): session closed for user samftp
May  9 10:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20475]: pam_unix(cron:session): session closed for user root
May  9 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22096]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22097]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22099]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22095]: pam_unix(cron:session): session closed for user p13x
May  9 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: Successful su for rubyman by root
May  9 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: + ??? root:rubyman
May  9 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358991 of user rubyman.
May  9 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[22162]: pam_unix(su:session): session closed for user rubyman
May  9 10:13:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358991.
May  9 10:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19146]: pam_unix(cron:session): session closed for user root
May  9 10:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22096]: pam_unix(cron:session): session closed for user samftp
May  9 10:13:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20941]: pam_unix(cron:session): session closed for user root
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22572]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22570]: pam_unix(cron:session): session closed for user p13x
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: Successful su for rubyman by root
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: + ??? root:rubyman
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 358995 of user rubyman.
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22633]: pam_unix(su:session): session closed for user rubyman
May  9 10:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 358995.
May  9 10:14:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19557]: pam_unix(cron:session): session closed for user root
May  9 10:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22571]: pam_unix(cron:session): session closed for user samftp
May  9 10:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21383]: pam_unix(cron:session): session closed for user root
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23037]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23036]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23038]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23040]: pam_unix(cron:session): session closed for user root
May  9 10:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23035]: pam_unix(cron:session): session closed for user p13x
May  9 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23103]: Successful su for rubyman by root
May  9 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23103]: + ??? root:rubyman
May  9 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23103]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359001 of user rubyman.
May  9 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23103]: pam_unix(su:session): session closed for user rubyman
May  9 10:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359001.
May  9 10:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23037]: pam_unix(cron:session): session closed for user root
May  9 10:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19976]: pam_unix(cron:session): session closed for user root
May  9 10:15:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23036]: pam_unix(cron:session): session closed for user samftp
May  9 10:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22099]: pam_unix(cron:session): session closed for user root
May  9 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23568]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23569]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23567]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23566]: pam_unix(cron:session): session closed for user p13x
May  9 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: Successful su for rubyman by root
May  9 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: + ??? root:rubyman
May  9 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359003 of user rubyman.
May  9 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23640]: pam_unix(su:session): session closed for user rubyman
May  9 10:16:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359003.
May  9 10:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20474]: pam_unix(cron:session): session closed for user root
May  9 10:16:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23567]: pam_unix(cron:session): session closed for user samftp
May  9 10:16:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: Invalid user gerard from 103.179.57.150
May  9 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: input_userauth_request: invalid user gerard [preauth]
May  9 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:16:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: Failed password for invalid user gerard from 103.179.57.150 port 46756 ssh2
May  9 10:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: Received disconnect from 103.179.57.150 port 46756:11: Bye Bye [preauth]
May  9 10:16:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23938]: Disconnected from 103.179.57.150 port 46756 [preauth]
May  9 10:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22573]: pam_unix(cron:session): session closed for user root
May  9 10:16:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:16:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24049]: Connection closed by 64.227.70.84 port 30542 [preauth]
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24104]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24103]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24105]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24100]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24100]: pam_unix(cron:session): session closed for user root
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24102]: pam_unix(cron:session): session closed for user p13x
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24166]: Successful su for rubyman by root
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24166]: + ??? root:rubyman
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24166]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359006 of user rubyman.
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24166]: pam_unix(su:session): session closed for user rubyman
May  9 10:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359006.
May  9 10:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20940]: pam_unix(cron:session): session closed for user root
May  9 10:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24103]: pam_unix(cron:session): session closed for user samftp
May  9 10:17:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23039]: pam_unix(cron:session): session closed for user root
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24545]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24544]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24541]: pam_unix(cron:session): session closed for user p13x
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24609]: Successful su for rubyman by root
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24609]: + ??? root:rubyman
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24609]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359011 of user rubyman.
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24609]: pam_unix(su:session): session closed for user rubyman
May  9 10:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359011.
May  9 10:18:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21382]: pam_unix(cron:session): session closed for user root
May  9 10:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24543]: pam_unix(cron:session): session closed for user samftp
May  9 10:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23569]: pam_unix(cron:session): session closed for user root
May  9 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24966]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24965]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24965]: pam_unix(cron:session): session closed for user p13x
May  9 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: Successful su for rubyman by root
May  9 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: + ??? root:rubyman
May  9 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359017 of user rubyman.
May  9 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25030]: pam_unix(su:session): session closed for user rubyman
May  9 10:19:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359017.
May  9 10:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22097]: pam_unix(cron:session): session closed for user root
May  9 10:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24966]: pam_unix(cron:session): session closed for user samftp
May  9 10:19:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: Invalid user default from 80.94.95.115
May  9 10:19:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: input_userauth_request: invalid user default [preauth]
May  9 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:19:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.115
May  9 10:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: Failed password for invalid user default from 80.94.95.115 port 51930 ssh2
May  9 10:19:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25234]: Connection closed by 80.94.95.115 port 51930 [preauth]
May  9 10:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24105]: pam_unix(cron:session): session closed for user root
May  9 10:19:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:19:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:19:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Failed password for root from 218.92.0.179 port 42604 ssh2
May  9 10:19:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 42604 ssh2]
May  9 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Received disconnect from 218.92.0.179 port 42604:11:  [preauth]
May  9 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: Disconnected from 218.92.0.179 port 42604 [preauth]
May  9 10:20:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25355]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25384]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25381]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25385]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25380]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25386]: pam_unix(cron:session): session closed for user root
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25380]: pam_unix(cron:session): session closed for user p13x
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: Successful su for rubyman by root
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: + ??? root:rubyman
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359023 of user rubyman.
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25449]: pam_unix(su:session): session closed for user rubyman
May  9 10:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359023.
May  9 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25383]: pam_unix(cron:session): session closed for user root
May  9 10:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22572]: pam_unix(cron:session): session closed for user root
May  9 10:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25381]: pam_unix(cron:session): session closed for user samftp
May  9 10:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24545]: pam_unix(cron:session): session closed for user root
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25886]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25886]: pam_unix(cron:session): session closed for user p13x
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: Successful su for rubyman by root
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: + ??? root:rubyman
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359025 of user rubyman.
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25971]: pam_unix(su:session): session closed for user rubyman
May  9 10:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359025.
May  9 10:21:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23038]: pam_unix(cron:session): session closed for user root
May  9 10:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25887]: pam_unix(cron:session): session closed for user samftp
May  9 10:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24969]: pam_unix(cron:session): session closed for user root
May  9 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26306]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26304]: pam_unix(cron:session): session closed for user p13x
May  9 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26372]: Successful su for rubyman by root
May  9 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26372]: + ??? root:rubyman
May  9 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26372]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359029 of user rubyman.
May  9 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[26372]: pam_unix(su:session): session closed for user rubyman
May  9 10:22:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359029.
May  9 10:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23568]: pam_unix(cron:session): session closed for user root
May  9 10:22:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26305]: pam_unix(cron:session): session closed for user samftp
May  9 10:22:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: Invalid user ftpuser from 103.179.57.150
May  9 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: input_userauth_request: invalid user ftpuser [preauth]
May  9 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:22:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: Failed password for invalid user ftpuser from 103.179.57.150 port 35810 ssh2
May  9 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: Received disconnect from 103.179.57.150 port 35810:11: Bye Bye [preauth]
May  9 10:22:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26675]: Disconnected from 103.179.57.150 port 35810 [preauth]
May  9 10:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25385]: pam_unix(cron:session): session closed for user root
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26795]: pam_unix(cron:session): session closed for user p13x
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: Successful su for rubyman by root
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: + ??? root:rubyman
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359033 of user rubyman.
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26859]: pam_unix(su:session): session closed for user rubyman
May  9 10:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359033.
May  9 10:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24104]: pam_unix(cron:session): session closed for user root
May  9 10:23:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26797]: pam_unix(cron:session): session closed for user samftp
May  9 10:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25889]: pam_unix(cron:session): session closed for user root
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27273]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27272]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27272]: pam_unix(cron:session): session closed for user p13x
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27344]: Successful su for rubyman by root
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27344]: + ??? root:rubyman
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27344]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359037 of user rubyman.
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27344]: pam_unix(su:session): session closed for user rubyman
May  9 10:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359037.
May  9 10:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24544]: pam_unix(cron:session): session closed for user root
May  9 10:24:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27273]: pam_unix(cron:session): session closed for user samftp
May  9 10:24:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26307]: pam_unix(cron:session): session closed for user root
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27739]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27744]: pam_unix(cron:session): session closed for user root
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27739]: pam_unix(cron:session): session closed for user p13x
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: Successful su for rubyman by root
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: + ??? root:rubyman
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359041 of user rubyman.
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27808]: pam_unix(su:session): session closed for user rubyman
May  9 10:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359041.
May  9 10:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27741]: pam_unix(cron:session): session closed for user root
May  9 10:25:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24968]: pam_unix(cron:session): session closed for user root
May  9 10:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27740]: pam_unix(cron:session): session closed for user samftp
May  9 10:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28099]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26799]: pam_unix(cron:session): session closed for user root
May  9 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28184]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28183]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28181]: pam_unix(cron:session): session closed for user p13x
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: Successful su for rubyman by root
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: + ??? root:rubyman
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359047 of user rubyman.
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28249]: pam_unix(su:session): session closed for user rubyman
May  9 10:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359047.
May  9 10:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25384]: pam_unix(cron:session): session closed for user root
May  9 10:26:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28182]: pam_unix(cron:session): session closed for user samftp
May  9 10:26:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27277]: pam_unix(cron:session): session closed for user root
May  9 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28599]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28597]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28598]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28597]: pam_unix(cron:session): session closed for user p13x
May  9 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: Successful su for rubyman by root
May  9 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: + ??? root:rubyman
May  9 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359052 of user rubyman.
May  9 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28661]: pam_unix(su:session): session closed for user rubyman
May  9 10:27:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359052.
May  9 10:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25888]: pam_unix(cron:session): session closed for user root
May  9 10:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28598]: pam_unix(cron:session): session closed for user samftp
May  9 10:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27743]: pam_unix(cron:session): session closed for user root
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29000]: pam_unix(cron:session): session closed for user p13x
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: Successful su for rubyman by root
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: + ??? root:rubyman
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359056 of user rubyman.
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29153]: pam_unix(su:session): session closed for user rubyman
May  9 10:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359056.
May  9 10:28:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26306]: pam_unix(cron:session): session closed for user root
May  9 10:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29001]: pam_unix(cron:session): session closed for user samftp
May  9 10:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Invalid user nancy from 103.179.57.150
May  9 10:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: input_userauth_request: invalid user nancy [preauth]
May  9 10:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:28:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Failed password for invalid user nancy from 103.179.57.150 port 45716 ssh2
May  9 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Received disconnect from 103.179.57.150 port 45716:11: Bye Bye [preauth]
May  9 10:28:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29404]: Disconnected from 103.179.57.150 port 45716 [preauth]
May  9 10:28:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28184]: pam_unix(cron:session): session closed for user root
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29508]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29507]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29507]: pam_unix(cron:session): session closed for user p13x
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29570]: Successful su for rubyman by root
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29570]: + ??? root:rubyman
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29570]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359059 of user rubyman.
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29570]: pam_unix(su:session): session closed for user rubyman
May  9 10:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359059.
May  9 10:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26798]: pam_unix(cron:session): session closed for user root
May  9 10:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29508]: pam_unix(cron:session): session closed for user samftp
May  9 10:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28600]: pam_unix(cron:session): session closed for user root
May  9 10:29:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: Invalid user shutdown from 190.103.202.7
May  9 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: input_userauth_request: invalid user shutdown [preauth]
May  9 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:29:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  9 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: Failed password for invalid user shutdown from 190.103.202.7 port 33910 ssh2
May  9 10:29:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29859]: Connection closed by 190.103.202.7 port 33910 [preauth]
May  9 10:29:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:29:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May  9 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Failed password for root from 45.6.188.43 port 33824 ssh2
May  9 10:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29885]: Connection closed by 45.6.188.43 port 33824 [preauth]
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29919]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29920]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29920]: pam_unix(cron:session): session closed for user root
May  9 10:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29914]: pam_unix(cron:session): session closed for user p13x
May  9 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29989]: Successful su for rubyman by root
May  9 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29989]: + ??? root:rubyman
May  9 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359068 of user rubyman.
May  9 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29989]: pam_unix(su:session): session closed for user rubyman
May  9 10:30:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359068.
May  9 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29917]: pam_unix(cron:session): session closed for user root
May  9 10:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27275]: pam_unix(cron:session): session closed for user root
May  9 10:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29915]: pam_unix(cron:session): session closed for user samftp
May  9 10:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29003]: pam_unix(cron:session): session closed for user root
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30343]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30342]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30341]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30340]: pam_unix(cron:session): session closed for user p13x
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: Successful su for rubyman by root
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: + ??? root:rubyman
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359070 of user rubyman.
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30407]: pam_unix(su:session): session closed for user rubyman
May  9 10:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359070.
May  9 10:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27742]: pam_unix(cron:session): session closed for user root
May  9 10:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30341]: pam_unix(cron:session): session closed for user samftp
May  9 10:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29510]: pam_unix(cron:session): session closed for user root
May  9 10:31:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:31:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Failed password for root from 186.124.22.55 port 41434 ssh2
May  9 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Received disconnect from 186.124.22.55 port 41434:11: Bye Bye [preauth]
May  9 10:31:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30729]: Disconnected from 186.124.22.55 port 41434 [preauth]
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30750]: pam_unix(cron:session): session closed for user p13x
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: Successful su for rubyman by root
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: + ??? root:rubyman
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359075 of user rubyman.
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[30808]: pam_unix(su:session): session closed for user rubyman
May  9 10:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359075.
May  9 10:32:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28183]: pam_unix(cron:session): session closed for user root
May  9 10:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30751]: pam_unix(cron:session): session closed for user samftp
May  9 10:32:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29919]: pam_unix(cron:session): session closed for user root
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31240]: pam_unix(cron:session): session closed for user p13x
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: Successful su for rubyman by root
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: + ??? root:rubyman
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359079 of user rubyman.
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31315]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31311]: pam_unix(su:session): session closed for user rubyman
May  9 10:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359079.
May  9 10:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28599]: pam_unix(cron:session): session closed for user root
May  9 10:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31241]: pam_unix(cron:session): session closed for user samftp
May  9 10:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30343]: pam_unix(cron:session): session closed for user root
May  9 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31668]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31663]: pam_unix(cron:session): session closed for user p13x
May  9 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: Successful su for rubyman by root
May  9 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: + ??? root:rubyman
May  9 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359082 of user rubyman.
May  9 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31740]: pam_unix(su:session): session closed for user rubyman
May  9 10:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359082.
May  9 10:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29002]: pam_unix(cron:session): session closed for user root
May  9 10:34:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31664]: pam_unix(cron:session): session closed for user samftp
May  9 10:34:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Invalid user esadmin from 51.79.165.186
May  9 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: input_userauth_request: invalid user esadmin [preauth]
May  9 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:34:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Failed password for invalid user esadmin from 51.79.165.186 port 54766 ssh2
May  9 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Received disconnect from 51.79.165.186 port 54766:11: Bye Bye [preauth]
May  9 10:34:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32060]: Disconnected from 51.79.165.186 port 54766 [preauth]
May  9 10:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30753]: pam_unix(cron:session): session closed for user root
May  9 10:34:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:34:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150  user=root
May  9 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Failed password for root from 103.179.57.150 port 51806 ssh2
May  9 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Received disconnect from 103.179.57.150 port 51806:11: Bye Bye [preauth]
May  9 10:34:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32311]: Disconnected from 103.179.57.150 port 51806 [preauth]
May  9 10:34:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:34:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Failed password for root from 181.164.27.204 port 47118 ssh2
May  9 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Received disconnect from 181.164.27.204 port 47118:11: Bye Bye [preauth]
May  9 10:35:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32361]: Disconnected from 181.164.27.204 port 47118 [preauth]
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32389]: pam_unix(cron:session): session closed for user root
May  9 10:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32384]: pam_unix(cron:session): session closed for user p13x
May  9 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32463]: Successful su for rubyman by root
May  9 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32463]: + ??? root:rubyman
May  9 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32463]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359090 of user rubyman.
May  9 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[32463]: pam_unix(su:session): session closed for user rubyman
May  9 10:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359090.
May  9 10:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32386]: pam_unix(cron:session): session closed for user root
May  9 10:35:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29509]: pam_unix(cron:session): session closed for user root
May  9 10:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32385]: pam_unix(cron:session): session closed for user samftp
May  9 10:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31243]: pam_unix(cron:session): session closed for user root
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[549]: pam_unix(cron:session): session closed for user p13x
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: Successful su for rubyman by root
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: + ??? root:rubyman
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359091 of user rubyman.
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[621]: pam_unix(su:session): session closed for user rubyman
May  9 10:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359091.
May  9 10:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29918]: pam_unix(cron:session): session closed for user root
May  9 10:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[550]: pam_unix(cron:session): session closed for user samftp
May  9 10:36:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:36:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.0.234.19  user=root
May  9 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Failed password for root from 194.0.234.19 port 49872 ssh2
May  9 10:36:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[916]: Connection closed by 194.0.234.19 port 49872 [preauth]
May  9 10:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31668]: pam_unix(cron:session): session closed for user root
May  9 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1034]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1032]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1031]: pam_unix(cron:session): session closed for user p13x
May  9 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1107]: Successful su for rubyman by root
May  9 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1107]: + ??? root:rubyman
May  9 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1107]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359096 of user rubyman.
May  9 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1107]: pam_unix(su:session): session closed for user rubyman
May  9 10:37:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359096.
May  9 10:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30342]: pam_unix(cron:session): session closed for user root
May  9 10:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1032]: pam_unix(cron:session): session closed for user samftp
May  9 10:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32388]: pam_unix(cron:session): session closed for user root
May  9 10:37:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1426]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:37:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1426]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 10:37:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1426]: Failed password for root from 164.68.105.9 port 45644 ssh2
May  9 10:37:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1426]: Connection closed by 164.68.105.9 port 45644 [preauth]
May  9 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1513]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1512]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1511]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1511]: pam_unix(cron:session): session closed for user p13x
May  9 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: Successful su for rubyman by root
May  9 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: + ??? root:rubyman
May  9 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359101 of user rubyman.
May  9 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1586]: pam_unix(su:session): session closed for user rubyman
May  9 10:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359101.
May  9 10:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30752]: pam_unix(cron:session): session closed for user root
May  9 10:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1512]: pam_unix(cron:session): session closed for user samftp
May  9 10:38:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Invalid user plexuser from 80.94.95.112
May  9 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: input_userauth_request: invalid user plexuser [preauth]
May  9 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:38:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for invalid user plexuser from 80.94.95.112 port 61568 ssh2
May  9 10:38:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for invalid user plexuser from 80.94.95.112 port 61568 ssh2
May  9 10:38:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for invalid user plexuser from 80.94.95.112 port 61568 ssh2
May  9 10:38:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:38:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for invalid user plexuser from 80.94.95.112 port 61568 ssh2
May  9 10:38:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Failed password for invalid user plexuser from 80.94.95.112 port 61568 ssh2
May  9 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Received disconnect from 80.94.95.112 port 61568:11: Bye [preauth]
May  9 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: Disconnected from 80.94.95.112 port 61568 [preauth]
May  9 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.112
May  9 10:38:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1811]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 10:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[552]: pam_unix(cron:session): session closed for user root
May  9 10:38:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: Invalid user  from 185.93.89.118
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: input_userauth_request: invalid user  [preauth]
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2056]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2053]: pam_unix(cron:session): session closed for user p13x
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: Successful su for rubyman by root
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: + ??? root:rubyman
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359105 of user rubyman.
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2179]: pam_unix(su:session): session closed for user rubyman
May  9 10:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359105.
May  9 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2051]: pam_unix(cron:session): session closed for user root
May  9 10:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: Failed password for invalid user  from 185.93.89.118 port 21102 ssh2
May  9 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2040]: Connection closed by 185.93.89.118 port 21102 [preauth]
May  9 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31242]: pam_unix(cron:session): session closed for user root
May  9 10:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:39:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2054]: pam_unix(cron:session): session closed for user samftp
May  9 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Invalid user s from 185.93.89.118
May  9 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: input_userauth_request: invalid user s [preauth]
May  9 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:39:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Failed password for invalid user s from 185.93.89.118 port 4100 ssh2
May  9 10:39:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2347]: Connection closed by 185.93.89.118 port 4100 [preauth]
May  9 10:39:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: Invalid user N from 185.93.89.118
May  9 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: input_userauth_request: invalid user N [preauth]
May  9 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:39:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 10:39:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: Failed password for invalid user N from 185.93.89.118 port 2244 ssh2
May  9 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2446]: Connection closed by 185.93.89.118 port 2244 [preauth]
May  9 10:39:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1035]: pam_unix(cron:session): session closed for user root
May  9 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Invalid user ) from 185.93.89.118
May  9 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: input_userauth_request: invalid user ) [preauth]
May  9 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:39:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 10:39:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Failed password for invalid user ) from 185.93.89.118 port 7840 ssh2
May  9 10:39:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2481]: Connection closed by 185.93.89.118 port 7840 [preauth]
May  9 10:39:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: Invalid user b from 185.93.89.118
May  9 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: input_userauth_request: invalid user b [preauth]
May  9 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:39:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 10:39:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: Failed password for invalid user b from 185.93.89.118 port 62660 ssh2
May  9 10:39:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2534]: Connection closed by 185.93.89.118 port 62660 [preauth]
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2589]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2593]: pam_unix(cron:session): session closed for user root
May  9 10:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2579]: pam_unix(cron:session): session closed for user p13x
May  9 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2668]: Successful su for rubyman by root
May  9 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2668]: + ??? root:rubyman
May  9 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2668]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359110 of user rubyman.
May  9 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[2668]: pam_unix(su:session): session closed for user rubyman
May  9 10:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359110.
May  9 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2590]: pam_unix(cron:session): session closed for user root
May  9 10:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31667]: pam_unix(cron:session): session closed for user root
May  9 10:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2589]: pam_unix(cron:session): session closed for user samftp
May  9 10:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1514]: pam_unix(cron:session): session closed for user root
May  9 10:40:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Invalid user test from 103.179.57.150
May  9 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: input_userauth_request: invalid user test [preauth]
May  9 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:40:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Failed password for invalid user test from 103.179.57.150 port 54020 ssh2
May  9 10:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Received disconnect from 103.179.57.150 port 54020:11: Bye Bye [preauth]
May  9 10:40:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3020]: Disconnected from 103.179.57.150 port 54020 [preauth]
May  9 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3061]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3059]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3058]: pam_unix(cron:session): session closed for user p13x
May  9 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3128]: Successful su for rubyman by root
May  9 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3128]: + ??? root:rubyman
May  9 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3128]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359115 of user rubyman.
May  9 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3128]: pam_unix(su:session): session closed for user rubyman
May  9 10:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359115.
May  9 10:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32387]: pam_unix(cron:session): session closed for user root
May  9 10:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3059]: pam_unix(cron:session): session closed for user samftp
May  9 10:41:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2056]: pam_unix(cron:session): session closed for user root
May  9 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3489]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3491]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3488]: pam_unix(cron:session): session closed for user p13x
May  9 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: Successful su for rubyman by root
May  9 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: + ??? root:rubyman
May  9 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359121 of user rubyman.
May  9 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3551]: pam_unix(su:session): session closed for user rubyman
May  9 10:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359121.
May  9 10:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[551]: pam_unix(cron:session): session closed for user root
May  9 10:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3489]: pam_unix(cron:session): session closed for user samftp
May  9 10:42:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Invalid user administrator from 186.124.22.55
May  9 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: input_userauth_request: invalid user administrator [preauth]
May  9 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:42:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55
May  9 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Failed password for invalid user administrator from 186.124.22.55 port 40526 ssh2
May  9 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Received disconnect from 186.124.22.55 port 40526:11: Bye Bye [preauth]
May  9 10:42:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3819]: Disconnected from 186.124.22.55 port 40526 [preauth]
May  9 10:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2592]: pam_unix(cron:session): session closed for user root
May  9 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3912]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3910]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3908]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3908]: pam_unix(cron:session): session closed for user p13x
May  9 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: Successful su for rubyman by root
May  9 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: + ??? root:rubyman
May  9 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359122 of user rubyman.
May  9 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4007]: pam_unix(su:session): session closed for user rubyman
May  9 10:43:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359122.
May  9 10:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1034]: pam_unix(cron:session): session closed for user root
May  9 10:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3910]: pam_unix(cron:session): session closed for user samftp
May  9 10:43:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Invalid user newusername from 51.79.165.186
May  9 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: input_userauth_request: invalid user newusername [preauth]
May  9 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:43:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Failed password for invalid user newusername from 51.79.165.186 port 40768 ssh2
May  9 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Received disconnect from 51.79.165.186 port 40768:11: Bye Bye [preauth]
May  9 10:43:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4270]: Disconnected from 51.79.165.186 port 40768 [preauth]
May  9 10:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3061]: pam_unix(cron:session): session closed for user root
May  9 10:43:53 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:43:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 10:43:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Failed password for root from 181.164.27.204 port 42968 ssh2
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Received disconnect from 181.164.27.204 port 42968:11: Bye Bye [preauth]
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4482]: Disconnected from 181.164.27.204 port 42968 [preauth]
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Invalid user haorui from 103.237.249.202
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: input_userauth_request: invalid user haorui [preauth]
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:43:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.237.249.202
May  9 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Failed password for invalid user haorui from 103.237.249.202 port 45592 ssh2
May  9 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Received disconnect from 103.237.249.202 port 45592:11: Bye Bye [preauth]
May  9 10:43:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4484]: Disconnected from 103.237.249.202 port 45592 [preauth]
May  9 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4510]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4502]: pam_unix(cron:session): session closed for user p13x
May  9 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: Successful su for rubyman by root
May  9 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: + ??? root:rubyman
May  9 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359126 of user rubyman.
May  9 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4581]: pam_unix(su:session): session closed for user rubyman
May  9 10:44:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359126.
May  9 10:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1513]: pam_unix(cron:session): session closed for user root
May  9 10:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4507]: pam_unix(cron:session): session closed for user samftp
May  9 10:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3491]: pam_unix(cron:session): session closed for user root
May  9 10:44:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Invalid user user1 from 190.103.202.7
May  9 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: input_userauth_request: invalid user user1 [preauth]
May  9 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:44:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.103.202.7
May  9 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Failed password for invalid user user1 from 190.103.202.7 port 53496 ssh2
May  9 10:44:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[4915]: Connection closed by 190.103.202.7 port 53496 [preauth]
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4942]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4941]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4946]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4948]: pam_unix(cron:session): session closed for user root
May  9 10:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4940]: pam_unix(cron:session): session closed for user p13x
May  9 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: Successful su for rubyman by root
May  9 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: + ??? root:rubyman
May  9 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359131 of user rubyman.
May  9 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[5194]: pam_unix(su:session): session closed for user rubyman
May  9 10:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359131.
May  9 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4942]: pam_unix(cron:session): session closed for user root
May  9 10:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2055]: pam_unix(cron:session): session closed for user root
May  9 10:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4941]: pam_unix(cron:session): session closed for user samftp
May  9 10:45:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:45:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3913]: pam_unix(cron:session): session closed for user root
May  9 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:45:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5488]: Connection closed by 20.106.32.153 port 56120 [preauth]
May  9 10:45:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:45:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: Failed password for root from 218.92.0.179 port 23771 ssh2
May  9 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 23771 ssh2]
May  9 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: Received disconnect from 218.92.0.179 port 23771:11:  [preauth]
May  9 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: Disconnected from 218.92.0.179 port 23771 [preauth]
May  9 10:45:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[5524]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5632]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5631]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5628]: pam_unix(cron:session): session closed for user p13x
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5707]: Successful su for rubyman by root
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5707]: + ??? root:rubyman
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359137 of user rubyman.
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[5707]: pam_unix(su:session): session closed for user rubyman
May  9 10:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359137.
May  9 10:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2591]: pam_unix(cron:session): session closed for user root
May  9 10:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5631]: pam_unix(cron:session): session closed for user samftp
May  9 10:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4510]: pam_unix(cron:session): session closed for user root
May  9 10:46:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Invalid user pawel from 103.179.57.150
May  9 10:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: input_userauth_request: invalid user pawel [preauth]
May  9 10:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:46:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Failed password for invalid user pawel from 103.179.57.150 port 38804 ssh2
May  9 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Received disconnect from 103.179.57.150 port 38804:11: Bye Bye [preauth]
May  9 10:46:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6128]: Disconnected from 103.179.57.150 port 38804 [preauth]
May  9 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6150]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6149]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6148]: pam_unix(cron:session): session closed for user p13x
May  9 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: Successful su for rubyman by root
May  9 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: + ??? root:rubyman
May  9 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359142 of user rubyman.
May  9 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[6213]: pam_unix(su:session): session closed for user rubyman
May  9 10:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359142.
May  9 10:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3060]: pam_unix(cron:session): session closed for user root
May  9 10:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6149]: pam_unix(cron:session): session closed for user samftp
May  9 10:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4946]: pam_unix(cron:session): session closed for user root
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6545]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6546]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6547]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6544]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6544]: pam_unix(cron:session): session closed for user p13x
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: Successful su for rubyman by root
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: + ??? root:rubyman
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359146 of user rubyman.
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[6607]: pam_unix(su:session): session closed for user rubyman
May  9 10:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359146.
May  9 10:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3490]: pam_unix(cron:session): session closed for user root
May  9 10:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6545]: pam_unix(cron:session): session closed for user samftp
May  9 10:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5633]: pam_unix(cron:session): session closed for user root
May  9 10:48:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: Invalid user phase from 186.124.22.55
May  9 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: input_userauth_request: invalid user phase [preauth]
May  9 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:48:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55
May  9 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: Failed password for invalid user phase from 186.124.22.55 port 47716 ssh2
May  9 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: Received disconnect from 186.124.22.55 port 47716:11: Bye Bye [preauth]
May  9 10:48:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[6901]: Disconnected from 186.124.22.55 port 47716 [preauth]
May  9 10:48:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:48:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186  user=root
May  9 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Failed password for root from 51.79.165.186 port 50172 ssh2
May  9 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Received disconnect from 51.79.165.186 port 50172:11: Bye Bye [preauth]
May  9 10:48:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7024]: Disconnected from 51.79.165.186 port 50172 [preauth]
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7060]: pam_unix(cron:session): session closed for user p13x
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: Successful su for rubyman by root
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: + ??? root:rubyman
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359148 of user rubyman.
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7139]: pam_unix(su:session): session closed for user rubyman
May  9 10:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359148.
May  9 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3912]: pam_unix(cron:session): session closed for user root
May  9 10:49:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7061]: pam_unix(cron:session): session closed for user samftp
May  9 10:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:49:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.107.67.65  user=root
May  9 10:49:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Failed password for root from 103.107.67.65 port 55768 ssh2
May  9 10:49:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7336]: Connection closed by 103.107.67.65 port 55768 [preauth]
May  9 10:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6151]: pam_unix(cron:session): session closed for user root
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7483]: pam_unix(cron:session): session closed for user root
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7476]: pam_unix(cron:session): session closed for user p13x
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7648]: Successful su for rubyman by root
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7648]: + ??? root:rubyman
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7648]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359153 of user rubyman.
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[7648]: pam_unix(su:session): session closed for user rubyman
May  9 10:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359153.
May  9 10:50:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7480]: pam_unix(cron:session): session closed for user root
May  9 10:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 10:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4509]: pam_unix(cron:session): session closed for user root
May  9 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7479]: pam_unix(cron:session): session closed for user samftp
May  9 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7768]: Failed password for root from 181.164.27.204 port 58372 ssh2
May  9 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7768]: Received disconnect from 181.164.27.204 port 58372:11: Bye Bye [preauth]
May  9 10:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7768]: Disconnected from 181.164.27.204 port 58372 [preauth]
May  9 10:50:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:50:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:50:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Failed password for root from 218.92.0.179 port 63719 ssh2
May  9 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 63719 ssh2]
May  9 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Received disconnect from 218.92.0.179 port 63719:11:  [preauth]
May  9 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: Disconnected from 218.92.0.179 port 63719 [preauth]
May  9 10:50:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[7890]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6547]: pam_unix(cron:session): session closed for user root
May  9 10:50:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:50:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 10:50:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Failed password for root from 80.94.95.116 port 47450 ssh2
May  9 10:50:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8026]: Connection closed by 80.94.95.116 port 47450 [preauth]
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8040]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8037]: pam_unix(cron:session): session closed for user p13x
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: Successful su for rubyman by root
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: + ??? root:rubyman
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359158 of user rubyman.
May  9 10:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8113]: pam_unix(su:session): session closed for user rubyman
May  9 10:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359158.
May  9 10:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4945]: pam_unix(cron:session): session closed for user root
May  9 10:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8038]: pam_unix(cron:session): session closed for user samftp
May  9 10:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7064]: pam_unix(cron:session): session closed for user root
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8475]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8473]: pam_unix(cron:session): session closed for user p13x
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: Successful su for rubyman by root
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: + ??? root:rubyman
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359163 of user rubyman.
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8540]: pam_unix(su:session): session closed for user rubyman
May  9 10:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359163.
May  9 10:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[5632]: pam_unix(cron:session): session closed for user root
May  9 10:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8474]: pam_unix(cron:session): session closed for user samftp
May  9 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:52:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8776]: Did not receive identification string from 154.81.156.51
May  9 10:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7482]: pam_unix(cron:session): session closed for user root
May  9 10:52:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Invalid user shixiaozhou from 103.179.57.150
May  9 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: input_userauth_request: invalid user shixiaozhou [preauth]
May  9 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:52:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Failed password for invalid user shixiaozhou from 103.179.57.150 port 49210 ssh2
May  9 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Received disconnect from 103.179.57.150 port 49210:11: Bye Bye [preauth]
May  9 10:52:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[8887]: Disconnected from 103.179.57.150 port 49210 [preauth]
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8907]: pam_unix(cron:session): session closed for user p13x
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: Successful su for rubyman by root
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: + ??? root:rubyman
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359167 of user rubyman.
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[8974]: pam_unix(su:session): session closed for user rubyman
May  9 10:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359167.
May  9 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6150]: pam_unix(cron:session): session closed for user root
May  9 10:53:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8908]: pam_unix(cron:session): session closed for user samftp
May  9 10:53:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8040]: pam_unix(cron:session): session closed for user root
May  9 10:53:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:53:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186  user=root
May  9 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9439]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9438]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:54:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9436]: pam_unix(cron:session): session closed for user p13x
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9498]: Successful su for rubyman by root
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9498]: + ??? root:rubyman
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9498]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359170 of user rubyman.
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[9498]: pam_unix(su:session): session closed for user rubyman
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359170.
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Failed password for root from 51.79.165.186 port 57394 ssh2
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Received disconnect from 51.79.165.186 port 57394:11: Bye Bye [preauth]
May  9 10:54:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9428]: Disconnected from 51.79.165.186 port 57394 [preauth]
May  9 10:54:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[6546]: pam_unix(cron:session): session closed for user root
May  9 10:54:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9437]: pam_unix(cron:session): session closed for user samftp
May  9 10:54:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8476]: pam_unix(cron:session): session closed for user root
May  9 10:54:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:54:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Failed password for root from 186.124.22.55 port 53960 ssh2
May  9 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Received disconnect from 186.124.22.55 port 53960:11: Bye Bye [preauth]
May  9 10:54:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[9785]: Disconnected from 186.124.22.55 port 53960 [preauth]
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9840]: pam_unix(cron:session): session closed for user root
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9835]: pam_unix(cron:session): session closed for user p13x
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: Successful su for rubyman by root
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: + ??? root:rubyman
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359174 of user rubyman.
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[9905]: pam_unix(su:session): session closed for user rubyman
May  9 10:55:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359174.
May  9 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9837]: pam_unix(cron:session): session closed for user root
May  9 10:55:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7063]: pam_unix(cron:session): session closed for user root
May  9 10:55:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9836]: pam_unix(cron:session): session closed for user samftp
May  9 10:55:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8910]: pam_unix(cron:session): session closed for user root
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10351]: pam_unix(cron:session): session closed for user p13x
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: Successful su for rubyman by root
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: + ??? root:rubyman
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359180 of user rubyman.
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[10426]: pam_unix(su:session): session closed for user rubyman
May  9 10:56:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359180.
May  9 10:56:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[7481]: pam_unix(cron:session): session closed for user root
May  9 10:56:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10352]: pam_unix(cron:session): session closed for user samftp
May  9 10:56:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:56:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Failed password for root from 181.164.27.204 port 45520 ssh2
May  9 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Received disconnect from 181.164.27.204 port 45520:11: Bye Bye [preauth]
May  9 10:56:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[10659]: Disconnected from 181.164.27.204 port 45520 [preauth]
May  9 10:56:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9439]: pam_unix(cron:session): session closed for user root
May  9 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10852]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:57:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10848]: pam_unix(cron:session): session closed for user p13x
May  9 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10908]: Successful su for rubyman by root
May  9 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10908]: + ??? root:rubyman
May  9 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10908]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359184 of user rubyman.
May  9 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[10908]: pam_unix(su:session): session closed for user rubyman
May  9 10:57:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359184.
May  9 10:57:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8039]: pam_unix(cron:session): session closed for user root
May  9 10:57:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10850]: pam_unix(cron:session): session closed for user samftp
May  9 10:57:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:57:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:57:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Failed password for root from 218.92.0.179 port 20686 ssh2
May  9 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 20686 ssh2]
May  9 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Received disconnect from 218.92.0.179 port 20686:11:  [preauth]
May  9 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: Disconnected from 218.92.0.179 port 20686 [preauth]
May  9 10:57:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11090]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 10:57:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9839]: pam_unix(cron:session): session closed for user root
May  9 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11240]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:58:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11239]: pam_unix(cron:session): session closed for user p13x
May  9 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11300]: Successful su for rubyman by root
May  9 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11300]: + ??? root:rubyman
May  9 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11300]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359190 of user rubyman.
May  9 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[11300]: pam_unix(su:session): session closed for user rubyman
May  9 10:58:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359190.
May  9 10:58:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8475]: pam_unix(cron:session): session closed for user root
May  9 10:58:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11240]: pam_unix(cron:session): session closed for user samftp
May  9 10:58:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10354]: pam_unix(cron:session): session closed for user root
May  9 10:58:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Invalid user valheim from 103.179.57.150
May  9 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: input_userauth_request: invalid user valheim [preauth]
May  9 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): check pass; user unknown
May  9 10:59:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11638]: pam_unix(cron:session): session closed for user p13x
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Failed password for invalid user valheim from 103.179.57.150 port 48938 ssh2
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: Successful su for rubyman by root
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: + ??? root:rubyman
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359192 of user rubyman.
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[11697]: pam_unix(su:session): session closed for user rubyman
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359192.
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Received disconnect from 103.179.57.150 port 48938:11: Bye Bye [preauth]
May  9 10:59:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11635]: Disconnected from 103.179.57.150 port 48938 [preauth]
May  9 10:59:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[8909]: pam_unix(cron:session): session closed for user root
May  9 10:59:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11639]: pam_unix(cron:session): session closed for user samftp
May  9 10:59:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 10:59:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186  user=root
May  9 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Failed password for root from 51.79.165.186 port 58776 ssh2
May  9 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Received disconnect from 51.79.165.186 port 58776:11: Bye Bye [preauth]
May  9 10:59:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[11890]: Disconnected from 51.79.165.186 port 58776 [preauth]
May  9 10:59:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10852]: pam_unix(cron:session): session closed for user root
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12030]: pam_unix(cron:session): session closed for user root
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12026]: pam_unix(cron:session): session closed for user root
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12024]: pam_unix(cron:session): session closed for user p13x
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12122]: Successful su for rubyman by root
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12122]: + ??? root:rubyman
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12122]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359202 of user rubyman.
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12122]: pam_unix(su:session): session closed for user rubyman
May  9 11:00:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359202.
May  9 11:00:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12027]: pam_unix(cron:session): session closed for user root
May  9 11:00:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9438]: pam_unix(cron:session): session closed for user root
May  9 11:00:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12025]: pam_unix(cron:session): session closed for user samftp
May  9 11:00:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11242]: pam_unix(cron:session): session closed for user root
May  9 11:00:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Invalid user safeuser from 186.124.22.55
May  9 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: input_userauth_request: invalid user safeuser [preauth]
May  9 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:00:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55
May  9 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Failed password for invalid user safeuser from 186.124.22.55 port 60094 ssh2
May  9 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Received disconnect from 186.124.22.55 port 60094:11: Bye Bye [preauth]
May  9 11:00:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12477]: Disconnected from 186.124.22.55 port 60094 [preauth]
May  9 11:00:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Invalid user felix from 50.235.31.47
May  9 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: input_userauth_request: invalid user felix [preauth]
May  9 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:00:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47
May  9 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Failed password for invalid user felix from 50.235.31.47 port 49998 ssh2
May  9 11:00:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[12508]: Connection closed by 50.235.31.47 port 49998 [preauth]
May  9 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12539]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12536]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:01:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12536]: pam_unix(cron:session): session closed for user p13x
May  9 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12604]: Successful su for rubyman by root
May  9 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12604]: + ??? root:rubyman
May  9 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12604]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359203 of user rubyman.
May  9 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[12604]: pam_unix(su:session): session closed for user rubyman
May  9 11:01:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359203.
May  9 11:01:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[9838]: pam_unix(cron:session): session closed for user root
May  9 11:01:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12537]: pam_unix(cron:session): session closed for user samftp
May  9 11:01:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11641]: pam_unix(cron:session): session closed for user root
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12928]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12930]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12926]: pam_unix(cron:session): session closed for user p13x
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: Successful su for rubyman by root
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: + ??? root:rubyman
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359208 of user rubyman.
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[12989]: pam_unix(su:session): session closed for user rubyman
May  9 11:02:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359208.
May  9 11:02:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10353]: pam_unix(cron:session): session closed for user root
May  9 11:02:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12927]: pam_unix(cron:session): session closed for user samftp
May  9 11:02:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:02:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Failed password for root from 181.164.27.204 port 53976 ssh2
May  9 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Received disconnect from 181.164.27.204 port 53976:11: Bye Bye [preauth]
May  9 11:02:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13197]: Disconnected from 181.164.27.204 port 53976 [preauth]
May  9 11:02:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12029]: pam_unix(cron:session): session closed for user root
May  9 11:02:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:02:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:02:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Failed password for root from 218.92.0.179 port 52502 ssh2
May  9 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 52502 ssh2]
May  9 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Received disconnect from 218.92.0.179 port 52502:11:  [preauth]
May  9 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: Disconnected from 218.92.0.179 port 52502 [preauth]
May  9 11:02:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[13287]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13331]: pam_unix(cron:session): session closed for user p13x
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: Successful su for rubyman by root
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: + ??? root:rubyman
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359212 of user rubyman.
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[13392]: pam_unix(su:session): session closed for user rubyman
May  9 11:03:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359212.
May  9 11:03:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[10851]: pam_unix(cron:session): session closed for user root
May  9 11:03:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13332]: pam_unix(cron:session): session closed for user samftp
May  9 11:03:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12539]: pam_unix(cron:session): session closed for user root
May  9 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13842]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13839]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13840]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:04:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13839]: pam_unix(cron:session): session closed for user p13x
May  9 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: Successful su for rubyman by root
May  9 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: + ??? root:rubyman
May  9 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359215 of user rubyman.
May  9 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[13902]: pam_unix(su:session): session closed for user rubyman
May  9 11:04:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359215.
May  9 11:04:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11241]: pam_unix(cron:session): session closed for user root
May  9 11:04:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13840]: pam_unix(cron:session): session closed for user samftp
May  9 11:04:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12930]: pam_unix(cron:session): session closed for user root
May  9 11:04:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Invalid user front-user from 51.79.165.186
May  9 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: input_userauth_request: invalid user front-user [preauth]
May  9 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:04:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Failed password for invalid user front-user from 51.79.165.186 port 43178 ssh2
May  9 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Received disconnect from 51.79.165.186 port 43178:11: Bye Bye [preauth]
May  9 11:04:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14178]: Disconnected from 51.79.165.186 port 43178 [preauth]
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14242]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14241]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14242]: pam_unix(cron:session): session closed for user root
May  9 11:05:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14237]: pam_unix(cron:session): session closed for user p13x
May  9 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: Successful su for rubyman by root
May  9 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: + ??? root:rubyman
May  9 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359224 of user rubyman.
May  9 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[14309]: pam_unix(su:session): session closed for user rubyman
May  9 11:05:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359224.
May  9 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14239]: pam_unix(cron:session): session closed for user root
May  9 11:05:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[11640]: pam_unix(cron:session): session closed for user root
May  9 11:05:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14238]: pam_unix(cron:session): session closed for user samftp
May  9 11:05:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: User vncuser from 103.179.57.150 not allowed because not listed in AllowUsers
May  9 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: input_userauth_request: invalid user vncuser [preauth]
May  9 11:05:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150  user=vncuser
May  9 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: Failed password for invalid user vncuser from 103.179.57.150 port 42892 ssh2
May  9 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: Received disconnect from 103.179.57.150 port 42892:11: Bye Bye [preauth]
May  9 11:05:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[14528]: Disconnected from 103.179.57.150 port 42892 [preauth]
May  9 11:05:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13334]: pam_unix(cron:session): session closed for user root
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14683]: pam_unix(cron:session): session closed for user p13x
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14750]: Successful su for rubyman by root
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14750]: + ??? root:rubyman
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14750]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359225 of user rubyman.
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[14750]: pam_unix(su:session): session closed for user rubyman
May  9 11:06:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359225.
May  9 11:06:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12028]: pam_unix(cron:session): session closed for user root
May  9 11:06:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14684]: pam_unix(cron:session): session closed for user samftp
May  9 11:06:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13842]: pam_unix(cron:session): session closed for user root
May  9 11:06:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:06:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Failed password for root from 186.124.22.55 port 58548 ssh2
May  9 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Received disconnect from 186.124.22.55 port 58548:11: Bye Bye [preauth]
May  9 11:06:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15057]: Disconnected from 186.124.22.55 port 58548 [preauth]
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15101]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15102]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15099]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15098]: pam_unix(cron:session): session closed for user p13x
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: Successful su for rubyman by root
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: + ??? root:rubyman
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359229 of user rubyman.
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15158]: pam_unix(su:session): session closed for user rubyman
May  9 11:07:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359229.
May  9 11:07:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12538]: pam_unix(cron:session): session closed for user root
May  9 11:07:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15099]: pam_unix(cron:session): session closed for user samftp
May  9 11:07:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14241]: pam_unix(cron:session): session closed for user root
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15497]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15495]: pam_unix(cron:session): session closed for user p13x
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15555]: Successful su for rubyman by root
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15555]: + ??? root:rubyman
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15555]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359233 of user rubyman.
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[15555]: pam_unix(su:session): session closed for user rubyman
May  9 11:08:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359233.
May  9 11:08:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[12928]: pam_unix(cron:session): session closed for user root
May  9 11:08:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15496]: pam_unix(cron:session): session closed for user samftp
May  9 11:08:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Invalid user administrator from 181.164.27.204
May  9 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: input_userauth_request: invalid user administrator [preauth]
May  9 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:08:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204
May  9 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Failed password for invalid user administrator from 181.164.27.204 port 56724 ssh2
May  9 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Received disconnect from 181.164.27.204 port 56724:11: Bye Bye [preauth]
May  9 11:08:22 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15768]: Disconnected from 181.164.27.204 port 56724 [preauth]
May  9 11:08:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15802]: Connection closed by 172.104.11.4 port 59810 [preauth]
May  9 11:08:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15804]: Connection closed by 172.104.11.4 port 59814 [preauth]
May  9 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:08:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:08:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15806]: fatal: Unable to negotiate with 172.104.11.4 port 59822: no matching host key type found. Their offer: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 [preauth]
May  9 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:08:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14686]: pam_unix(cron:session): session closed for user root
May  9 11:08:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Failed password for root from 218.92.0.179 port 57123 ssh2
May  9 11:08:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 57123 ssh2]
May  9 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Received disconnect from 218.92.0.179 port 57123:11:  [preauth]
May  9 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: Disconnected from 218.92.0.179 port 57123 [preauth]
May  9 11:08:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[15807]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15903]: pam_unix(cron:session): session closed for user p13x
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16023]: Successful su for rubyman by root
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16023]: + ??? root:rubyman
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16023]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359237 of user rubyman.
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16023]: pam_unix(su:session): session closed for user rubyman
May  9 11:09:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359237.
May  9 11:09:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15899]: pam_unix(cron:session): session closed for user root
May  9 11:09:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13333]: pam_unix(cron:session): session closed for user root
May  9 11:09:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15905]: pam_unix(cron:session): session closed for user samftp
May  9 11:09:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15102]: pam_unix(cron:session): session closed for user root
May  9 11:09:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: Invalid user eacsaci from 51.79.165.186
May  9 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: input_userauth_request: invalid user eacsaci [preauth]
May  9 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:09:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: Failed password for invalid user eacsaci from 51.79.165.186 port 43158 ssh2
May  9 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: Received disconnect from 51.79.165.186 port 43158:11: Bye Bye [preauth]
May  9 11:09:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16350]: Disconnected from 51.79.165.186 port 43158 [preauth]
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16383]: pam_unix(cron:session): session closed for user root
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16378]: pam_unix(cron:session): session closed for user p13x
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: Successful su for rubyman by root
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: + ??? root:rubyman
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359244 of user rubyman.
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16459]: pam_unix(su:session): session closed for user rubyman
May  9 11:10:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359244.
May  9 11:10:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16380]: pam_unix(cron:session): session closed for user root
May  9 11:10:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[13841]: pam_unix(cron:session): session closed for user root
May  9 11:10:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16379]: pam_unix(cron:session): session closed for user samftp
May  9 11:10:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[16746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:10:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15499]: pam_unix(cron:session): session closed for user root
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16869]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16863]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16864]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16863]: pam_unix(cron:session): session closed for user p13x
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: Successful su for rubyman by root
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: + ??? root:rubyman
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359248 of user rubyman.
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[16961]: pam_unix(su:session): session closed for user rubyman
May  9 11:11:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359248.
May  9 11:11:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14240]: pam_unix(cron:session): session closed for user root
May  9 11:11:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16864]: pam_unix(cron:session): session closed for user samftp
May  9 11:11:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:11:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.68.105.9  user=root
May  9 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Failed password for root from 164.68.105.9 port 51530 ssh2
May  9 11:11:12 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17160]: Connection closed by 164.68.105.9 port 51530 [preauth]
May  9 11:11:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Invalid user wordpress from 103.179.57.150
May  9 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: input_userauth_request: invalid user wordpress [preauth]
May  9 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:11:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Failed password for invalid user wordpress from 103.179.57.150 port 60404 ssh2
May  9 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Received disconnect from 103.179.57.150 port 60404:11: Bye Bye [preauth]
May  9 11:11:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17182]: Disconnected from 103.179.57.150 port 60404 [preauth]
May  9 11:11:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15907]: pam_unix(cron:session): session closed for user root
May  9 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:12:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17314]: pam_unix(cron:session): session closed for user p13x
May  9 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: Successful su for rubyman by root
May  9 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: + ??? root:rubyman
May  9 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359254 of user rubyman.
May  9 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[17374]: pam_unix(su:session): session closed for user rubyman
May  9 11:12:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359254.
May  9 11:12:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[14685]: pam_unix(cron:session): session closed for user root
May  9 11:12:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17315]: pam_unix(cron:session): session closed for user samftp
May  9 11:12:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16382]: pam_unix(cron:session): session closed for user root
May  9 11:12:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:12:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Failed password for root from 186.124.22.55 port 33432 ssh2
May  9 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Received disconnect from 186.124.22.55 port 33432:11: Bye Bye [preauth]
May  9 11:12:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17696]: Disconnected from 186.124.22.55 port 33432 [preauth]
May  9 11:12:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:12:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:12:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 218.92.0.179 port 10378 ssh2
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17762]: pam_unix(cron:session): session closed for user p13x
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17929]: Successful su for rubyman by root
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17929]: + ??? root:rubyman
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17929]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359259 of user rubyman.
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[17929]: pam_unix(su:session): session closed for user rubyman
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359259.
May  9 11:13:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 218.92.0.179 port 10378 ssh2
May  9 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Failed password for root from 218.92.0.179 port 10378 ssh2
May  9 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Received disconnect from 218.92.0.179 port 10378:11:  [preauth]
May  9 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: Disconnected from 218.92.0.179 port 10378 [preauth]
May  9 11:13:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[17746]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:13:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15101]: pam_unix(cron:session): session closed for user root
May  9 11:13:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17763]: pam_unix(cron:session): session closed for user samftp
May  9 11:13:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16869]: pam_unix(cron:session): session closed for user root
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18273]: pam_unix(cron:session): session closed for user p13x
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18338]: Successful su for rubyman by root
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18338]: + ??? root:rubyman
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18338]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359261 of user rubyman.
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[18338]: pam_unix(su:session): session closed for user rubyman
May  9 11:14:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359261.
May  9 11:14:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15497]: pam_unix(cron:session): session closed for user root
May  9 11:14:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18274]: pam_unix(cron:session): session closed for user samftp
May  9 11:14:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:14:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Failed password for root from 181.164.27.204 port 39956 ssh2
May  9 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Received disconnect from 181.164.27.204 port 39956:11: Bye Bye [preauth]
May  9 11:14:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18572]: Disconnected from 181.164.27.204 port 39956 [preauth]
May  9 11:14:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17317]: pam_unix(cron:session): session closed for user root
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18691]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18695]: pam_unix(cron:session): session closed for user root
May  9 11:15:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18690]: pam_unix(cron:session): session closed for user p13x
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Invalid user ubuntu from 51.79.165.186
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: input_userauth_request: invalid user ubuntu [preauth]
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: Successful su for rubyman by root
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: + ??? root:rubyman
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359267 of user rubyman.
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[18770]: pam_unix(su:session): session closed for user rubyman
May  9 11:15:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359267.
May  9 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Failed password for invalid user ubuntu from 51.79.165.186 port 48556 ssh2
May  9 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Received disconnect from 51.79.165.186 port 48556:11: Bye Bye [preauth]
May  9 11:15:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[18679]: Disconnected from 51.79.165.186 port 48556 [preauth]
May  9 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[15906]: pam_unix(cron:session): session closed for user root
May  9 11:15:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18692]: pam_unix(cron:session): session closed for user root
May  9 11:15:08 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18691]: pam_unix(cron:session): session closed for user samftp
May  9 11:15:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17780]: pam_unix(cron:session): session closed for user root
May  9 11:15:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Invalid user anonymous from 80.94.95.116
May  9 11:15:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: input_userauth_request: invalid user anonymous [preauth]
May  9 11:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:15:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116
May  9 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Failed password for invalid user anonymous from 80.94.95.116 port 22356 ssh2
May  9 11:15:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19121]: Connection closed by 80.94.95.116 port 22356 [preauth]
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19142]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19142]: pam_unix(cron:session): session closed for user p13x
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19208]: Successful su for rubyman by root
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19208]: + ??? root:rubyman
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19208]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359271 of user rubyman.
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19208]: pam_unix(su:session): session closed for user rubyman
May  9 11:16:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359271.
May  9 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16381]: pam_unix(cron:session): session closed for user root
May  9 11:16:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19143]: pam_unix(cron:session): session closed for user samftp
May  9 11:16:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18276]: pam_unix(cron:session): session closed for user root
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19605]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19606]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19607]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19603]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19601]: pam_unix(cron:session): session closed for user root
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19603]: pam_unix(cron:session): session closed for user p13x
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19682]: Successful su for rubyman by root
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19682]: + ??? root:rubyman
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19682]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359276 of user rubyman.
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[19682]: pam_unix(su:session): session closed for user rubyman
May  9 11:17:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359276.
May  9 11:17:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[16868]: pam_unix(cron:session): session closed for user root
May  9 11:17:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19605]: pam_unix(cron:session): session closed for user samftp
May  9 11:17:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:17:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Failed password for root from 218.92.0.179 port 59295 ssh2
May  9 11:17:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 59295 ssh2]
May  9 11:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Received disconnect from 218.92.0.179 port 59295:11:  [preauth]
May  9 11:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: Disconnected from 218.92.0.179 port 59295 [preauth]
May  9 11:17:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19854]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:17:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Invalid user r00t from 103.179.57.150
May  9 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: input_userauth_request: invalid user r00t [preauth]
May  9 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:17:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.179.57.150
May  9 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Failed password for invalid user r00t from 103.179.57.150 port 46136 ssh2
May  9 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Received disconnect from 103.179.57.150 port 46136:11: Bye Bye [preauth]
May  9 11:17:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[19930]: Disconnected from 103.179.57.150 port 46136 [preauth]
May  9 11:17:35 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18694]: pam_unix(cron:session): session closed for user root
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20031]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20029]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20026]: pam_unix(cron:session): session closed for user p13x
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: Successful su for rubyman by root
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: + ??? root:rubyman
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359279 of user rubyman.
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20092]: pam_unix(su:session): session closed for user rubyman
May  9 11:18:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359279.
May  9 11:18:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17316]: pam_unix(cron:session): session closed for user root
May  9 11:18:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20029]: pam_unix(cron:session): session closed for user samftp
May  9 11:18:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19145]: pam_unix(cron:session): session closed for user root
May  9 11:18:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:18:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Failed password for root from 186.124.22.55 port 48580 ssh2
May  9 11:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Received disconnect from 186.124.22.55 port 48580:11: Bye Bye [preauth]
May  9 11:18:50 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[20401]: Disconnected from 186.124.22.55 port 48580 [preauth]
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20424]: pam_unix(cron:session): session closed for user p13x
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20490]: Successful su for rubyman by root
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20490]: + ??? root:rubyman
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20490]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359283 of user rubyman.
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[20490]: pam_unix(su:session): session closed for user rubyman
May  9 11:19:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359283.
May  9 11:19:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[17779]: pam_unix(cron:session): session closed for user root
May  9 11:19:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20425]: pam_unix(cron:session): session closed for user samftp
May  9 11:19:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19607]: pam_unix(cron:session): session closed for user root
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20891]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20884]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20891]: pam_unix(cron:session): session closed for user root
May  9 11:20:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20882]: pam_unix(cron:session): session closed for user p13x
May  9 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: Successful su for rubyman by root
May  9 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: + ??? root:rubyman
May  9 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359288 of user rubyman.
May  9 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[20953]: pam_unix(su:session): session closed for user rubyman
May  9 11:20:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359288.
May  9 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20888]: pam_unix(cron:session): session closed for user root
May  9 11:20:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18275]: pam_unix(cron:session): session closed for user root
May  9 11:20:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20884]: pam_unix(cron:session): session closed for user samftp
May  9 11:20:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:20:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186  user=root
May  9 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Failed password for root from 51.79.165.186 port 40272 ssh2
May  9 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Received disconnect from 51.79.165.186 port 40272:11: Bye Bye [preauth]
May  9 11:20:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21250]: Disconnected from 51.79.165.186 port 40272 [preauth]
May  9 11:20:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:20:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:20:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: Failed password for root from 181.164.27.204 port 47848 ssh2
May  9 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: Received disconnect from 181.164.27.204 port 47848:11: Bye Bye [preauth]
May  9 11:20:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[21262]: Disconnected from 181.164.27.204 port 47848 [preauth]
May  9 11:20:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20031]: pam_unix(cron:session): session closed for user root
May  9 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:21:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21387]: pam_unix(cron:session): session closed for user p13x
May  9 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: Successful su for rubyman by root
May  9 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: + ??? root:rubyman
May  9 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359295 of user rubyman.
May  9 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[21454]: pam_unix(su:session): session closed for user rubyman
May  9 11:21:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359295.
May  9 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[18693]: pam_unix(cron:session): session closed for user root
May  9 11:21:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21388]: pam_unix(cron:session): session closed for user samftp
May  9 11:21:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20427]: pam_unix(cron:session): session closed for user root
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22118]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22115]: pam_unix(cron:session): session closed for user p13x
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22184]: Successful su for rubyman by root
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22184]: + ??? root:rubyman
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22184]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359298 of user rubyman.
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22184]: pam_unix(su:session): session closed for user rubyman
May  9 11:22:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359298.
May  9 11:22:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19144]: pam_unix(cron:session): session closed for user root
May  9 11:22:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22116]: pam_unix(cron:session): session closed for user samftp
May  9 11:22:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20890]: pam_unix(cron:session): session closed for user root
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22590]: pam_unix(cron:session): session closed for user p13x
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: Successful su for rubyman by root
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: + ??? root:rubyman
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359301 of user rubyman.
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[22657]: pam_unix(su:session): session closed for user rubyman
May  9 11:23:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359301.
May  9 11:23:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[19606]: pam_unix(cron:session): session closed for user root
May  9 11:23:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22591]: pam_unix(cron:session): session closed for user samftp
May  9 11:23:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21390]: pam_unix(cron:session): session closed for user root
May  9 11:24:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23057]: pam_unix(cron:session): session closed for user p13x
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: Successful su for rubyman by root
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: + ??? root:rubyman
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359307 of user rubyman.
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23117]: pam_unix(su:session): session closed for user rubyman
May  9 11:24:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359307.
May  9 11:24:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20030]: pam_unix(cron:session): session closed for user root
May  9 11:24:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23058]: pam_unix(cron:session): session closed for user samftp
May  9 11:24:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22118]: pam_unix(cron:session): session closed for user root
May  9 11:24:48 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:24:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Failed password for root from 186.124.22.55 port 47818 ssh2
May  9 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Received disconnect from 186.124.22.55 port 47818:11: Bye Bye [preauth]
May  9 11:24:51 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[23528]: Disconnected from 186.124.22.55 port 47818 [preauth]
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23556]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23561]: pam_unix(cron:session): session closed for user root
May  9 11:25:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23556]: pam_unix(cron:session): session closed for user p13x
May  9 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: Successful su for rubyman by root
May  9 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: + ??? root:rubyman
May  9 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359309 of user rubyman.
May  9 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[23630]: pam_unix(su:session): session closed for user rubyman
May  9 11:25:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359309.
May  9 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23558]: pam_unix(cron:session): session closed for user root
May  9 11:25:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20426]: pam_unix(cron:session): session closed for user root
May  9 11:25:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23557]: pam_unix(cron:session): session closed for user samftp
May  9 11:25:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: Invalid user noroot from 51.79.165.186
May  9 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: input_userauth_request: invalid user noroot [preauth]
May  9 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:25:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22593]: pam_unix(cron:session): session closed for user root
May  9 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: Failed password for invalid user noroot from 51.79.165.186 port 49334 ssh2
May  9 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: Received disconnect from 51.79.165.186 port 49334:11: Bye Bye [preauth]
May  9 11:25:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24025]: Disconnected from 51.79.165.186 port 49334 [preauth]
May  9 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24115]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:26:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24112]: pam_unix(cron:session): session closed for user p13x
May  9 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24182]: Successful su for rubyman by root
May  9 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24182]: + ??? root:rubyman
May  9 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24182]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359315 of user rubyman.
May  9 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[24182]: pam_unix(su:session): session closed for user rubyman
May  9 11:26:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359315.
May  9 11:26:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[20889]: pam_unix(cron:session): session closed for user root
May  9 11:26:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24113]: pam_unix(cron:session): session closed for user samftp
May  9 11:26:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:26:15 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 11:26:17 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for root from 218.92.0.206 port 54346 ssh2
May  9 11:26:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for root from 218.92.0.206 port 54346 ssh2
May  9 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:26:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for root from 218.92.0.206 port 54346 ssh2
May  9 11:26:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Failed password for root from 181.164.27.204 port 50154 ssh2
May  9 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for root from 218.92.0.206 port 54346 ssh2
May  9 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Received disconnect from 181.164.27.204 port 50154:11: Bye Bye [preauth]
May  9 11:26:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24444]: Disconnected from 181.164.27.204 port 50154 [preauth]
May  9 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Failed password for root from 218.92.0.206 port 54346 ssh2
May  9 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: error: maximum authentication attempts exceeded for root from 218.92.0.206 port 54346 ssh2 [preauth]
May  9 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: Disconnecting: Too many authentication failures [preauth]
May  9 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.206  user=root
May  9 11:26:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24417]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 11:26:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[24478]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:26:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23060]: pam_unix(cron:session): session closed for user root
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24562]: pam_unix(cron:session): session closed for user p13x
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24631]: Successful su for rubyman by root
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24631]: + ??? root:rubyman
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359319 of user rubyman.
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[24631]: pam_unix(su:session): session closed for user rubyman
May  9 11:27:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359319.
May  9 11:27:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[21389]: pam_unix(cron:session): session closed for user root
May  9 11:27:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24563]: pam_unix(cron:session): session closed for user samftp
May  9 11:27:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23560]: pam_unix(cron:session): session closed for user root
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24988]: pam_unix(cron:session): session closed for user p13x
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25050]: Successful su for rubyman by root
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25050]: + ??? root:rubyman
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25050]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359323 of user rubyman.
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25050]: pam_unix(su:session): session closed for user rubyman
May  9 11:28:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359323.
May  9 11:28:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22117]: pam_unix(cron:session): session closed for user root
May  9 11:28:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24989]: pam_unix(cron:session): session closed for user samftp
May  9 11:28:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:28:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:28:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Failed password for root from 218.92.0.179 port 46567 ssh2
May  9 11:28:32 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Failed password for root from 218.92.0.179 port 46567 ssh2
May  9 11:28:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24115]: pam_unix(cron:session): session closed for user root
May  9 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Failed password for root from 218.92.0.179 port 46567 ssh2
May  9 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Received disconnect from 218.92.0.179 port 46567:11:  [preauth]
May  9 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: Disconnected from 218.92.0.179 port 46567 [preauth]
May  9 11:28:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25297]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25403]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25402]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25400]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25399]: pam_unix(cron:session): session closed for user p13x
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25461]: Successful su for rubyman by root
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25461]: + ??? root:rubyman
May  9 11:29:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25461]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359327 of user rubyman.
May  9 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[25461]: pam_unix(su:session): session closed for user rubyman
May  9 11:29:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359327.
May  9 11:29:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[22592]: pam_unix(cron:session): session closed for user root
May  9 11:29:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25400]: pam_unix(cron:session): session closed for user samftp
May  9 11:29:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24565]: pam_unix(cron:session): session closed for user root
May  9 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25856]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:29:49 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.188.43  user=root
May  9 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25856]: Failed password for root from 45.6.188.43 port 32926 ssh2
May  9 11:29:52 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[25856]: Connection closed by 45.6.188.43 port 32926 [preauth]
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25878]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25880]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25881]: pam_unix(cron:session): session closed for user root
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25876]: pam_unix(cron:session): session closed for user p13x
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25962]: Successful su for rubyman by root
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25962]: + ??? root:rubyman
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25962]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359336 of user rubyman.
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[25962]: pam_unix(su:session): session closed for user rubyman
May  9 11:30:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359336.
May  9 11:30:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25878]: pam_unix(cron:session): session closed for user root
May  9 11:30:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23059]: pam_unix(cron:session): session closed for user root
May  9 11:30:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25877]: pam_unix(cron:session): session closed for user samftp
May  9 11:30:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24991]: pam_unix(cron:session): session closed for user root
May  9 11:30:44 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Invalid user kamil from 51.79.165.186
May  9 11:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: input_userauth_request: invalid user kamil [preauth]
May  9 11:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:30:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Failed password for invalid user kamil from 51.79.165.186 port 53370 ssh2
May  9 11:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Received disconnect from 51.79.165.186 port 53370:11: Bye Bye [preauth]
May  9 11:30:47 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26293]: Disconnected from 51.79.165.186 port 53370 [preauth]
May  9 11:30:54 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:30:55 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Failed password for root from 186.124.22.55 port 45984 ssh2
May  9 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Received disconnect from 186.124.22.55 port 45984:11: Bye Bye [preauth]
May  9 11:30:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26314]: Disconnected from 186.124.22.55 port 45984 [preauth]
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26334]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26332]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26333]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26331]: pam_unix(cron:session): session closed for user p13x
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26397]: Successful su for rubyman by root
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26397]: + ??? root:rubyman
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26397]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359338 of user rubyman.
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26397]: pam_unix(su:session): session closed for user rubyman
May  9 11:31:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359338.
May  9 11:31:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[23559]: pam_unix(cron:session): session closed for user root
May  9 11:31:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26332]: pam_unix(cron:session): session closed for user samftp
May  9 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Invalid user = from 185.93.89.118
May  9 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: input_userauth_request: invalid user = [preauth]
May  9 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:31:09 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 11:31:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Failed password for invalid user = from 185.93.89.118 port 32138 ssh2
May  9 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26328]: Connection closed by 185.93.89.118 port 32138 [preauth]
May  9 11:31:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Invalid user v from 185.93.89.118
May  9 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: input_userauth_request: invalid user v [preauth]
May  9 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 11:31:24 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:31:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:31:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Failed password for invalid user v from 185.93.89.118 port 19230 ssh2
May  9 11:31:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: Failed password for root from 218.92.0.179 port 19591 ssh2
May  9 11:31:29 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: Failed password for root from 218.92.0.179 port 19591 ssh2
May  9 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26699]: Connection closed by 185.93.89.118 port 19230 [preauth]
May  9 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: Failed password for root from 218.92.0.179 port 19591 ssh2
May  9 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: Received disconnect from 218.92.0.179 port 19591:11:  [preauth]
May  9 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: Disconnected from 218.92.0.179 port 19591 [preauth]
May  9 11:31:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26729]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:31:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25403]: pam_unix(cron:session): session closed for user root
May  9 11:31:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: Invalid user Administrator from 80.94.95.115
May  9 11:31:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: input_userauth_request: invalid user Administrator [preauth]
May  9 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: Failed none for invalid user Administrator from 80.94.95.115 port 25632 ssh2
May  9 11:31:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26771]: Connection closed by 80.94.95.115 port 25632 [preauth]
May  9 11:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Invalid user Q from 185.93.89.118
May  9 11:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: input_userauth_request: invalid user Q [preauth]
May  9 11:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:31:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 11:31:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Failed password for invalid user Q from 185.93.89.118 port 30300 ssh2
May  9 11:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26740]: Connection closed by 185.93.89.118 port 30300 [preauth]
May  9 11:31:46 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Invalid user , from 185.93.89.118
May  9 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: input_userauth_request: invalid user , [preauth]
May  9 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:31:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 11:31:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Failed password for invalid user , from 185.93.89.118 port 13286 ssh2
May  9 11:31:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26807]: Connection closed by 185.93.89.118 port 13286 [preauth]
May  9 11:32:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26838]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26839]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26838]: pam_unix(cron:session): session closed for user p13x
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26903]: Successful su for rubyman by root
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26903]: + ??? root:rubyman
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26903]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359342 of user rubyman.
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[26903]: pam_unix(su:session): session closed for user rubyman
May  9 11:32:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359342.
May  9 11:32:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24114]: pam_unix(cron:session): session closed for user root
May  9 11:32:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26839]: pam_unix(cron:session): session closed for user samftp
May  9 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Invalid user e from 185.93.89.118
May  9 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: input_userauth_request: invalid user e [preauth]
May  9 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:32:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.93.89.118
May  9 11:32:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Failed password for invalid user e from 185.93.89.118 port 19948 ssh2
May  9 11:32:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[26827]: Connection closed by 185.93.89.118 port 19948 [preauth]
May  9 11:32:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:32:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:32:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Failed password for root from 181.164.27.204 port 45178 ssh2
May  9 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Received disconnect from 181.164.27.204 port 45178:11: Bye Bye [preauth]
May  9 11:32:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[27219]: Disconnected from 181.164.27.204 port 45178 [preauth]
May  9 11:32:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25880]: pam_unix(cron:session): session closed for user root
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27327]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27324]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27324]: pam_unix(cron:session): session closed for user p13x
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: Successful su for rubyman by root
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: + ??? root:rubyman
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359347 of user rubyman.
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[27409]: pam_unix(su:session): session closed for user rubyman
May  9 11:33:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359347.
May  9 11:33:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24564]: pam_unix(cron:session): session closed for user root
May  9 11:33:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27326]: pam_unix(cron:session): session closed for user samftp
May  9 11:33:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26334]: pam_unix(cron:session): session closed for user root
May  9 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:34:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27787]: pam_unix(cron:session): session closed for user p13x
May  9 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27847]: Successful su for rubyman by root
May  9 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27847]: + ??? root:rubyman
May  9 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27847]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359349 of user rubyman.
May  9 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[27847]: pam_unix(su:session): session closed for user rubyman
May  9 11:34:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359349.
May  9 11:34:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[24990]: pam_unix(cron:session): session closed for user root
May  9 11:34:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27788]: pam_unix(cron:session): session closed for user samftp
May  9 11:34:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26841]: pam_unix(cron:session): session closed for user root
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28198]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28200]: pam_unix(cron:session): session closed for user root
May  9 11:35:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28194]: pam_unix(cron:session): session closed for user p13x
May  9 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28266]: Successful su for rubyman by root
May  9 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28266]: + ??? root:rubyman
May  9 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359355 of user rubyman.
May  9 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[28266]: pam_unix(su:session): session closed for user rubyman
May  9 11:35:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359355.
May  9 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28197]: pam_unix(cron:session): session closed for user root
May  9 11:35:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25402]: pam_unix(cron:session): session closed for user root
May  9 11:35:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28195]: pam_unix(cron:session): session closed for user samftp
May  9 11:35:27 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:35:28 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:35:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Failed password for root from 218.92.0.179 port 35760 ssh2
May  9 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Failed password for root from 218.92.0.179 port 35760 ssh2
May  9 11:35:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27330]: pam_unix(cron:session): session closed for user root
May  9 11:35:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Failed password for root from 218.92.0.179 port 35760 ssh2
May  9 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Received disconnect from 218.92.0.179 port 35760:11:  [preauth]
May  9 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: Disconnected from 218.92.0.179 port 35760 [preauth]
May  9 11:35:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28545]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:35:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:35:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186  user=root
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: Failed password for root from 51.79.165.186 port 57516 ssh2
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: Received disconnect from 51.79.165.186 port 57516:11: Bye Bye [preauth]
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[28631]: Disconnected from 51.79.165.186 port 57516 [preauth]
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28637]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28638]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28635]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28635]: pam_unix(cron:session): session closed for user p13x
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: Successful su for rubyman by root
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: + ??? root:rubyman
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359359 of user rubyman.
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[28707]: pam_unix(su:session): session closed for user rubyman
May  9 11:36:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359359.
May  9 11:36:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[25879]: pam_unix(cron:session): session closed for user root
May  9 11:36:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28636]: pam_unix(cron:session): session closed for user samftp
May  9 11:36:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27790]: pam_unix(cron:session): session closed for user root
May  9 11:36:56 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29126]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:36:57 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29126]: Failed password for root from 186.124.22.55 port 35668 ssh2
May  9 11:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29126]: Received disconnect from 186.124.22.55 port 35668:11: Bye Bye [preauth]
May  9 11:36:59 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29126]: Disconnected from 186.124.22.55 port 35668 [preauth]
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29149]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29146]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29147]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29146]: pam_unix(cron:session): session closed for user p13x
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29211]: Successful su for rubyman by root
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29211]: + ??? root:rubyman
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29211]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359364 of user rubyman.
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[29211]: pam_unix(su:session): session closed for user rubyman
May  9 11:37:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359364.
May  9 11:37:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26333]: pam_unix(cron:session): session closed for user root
May  9 11:37:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29147]: pam_unix(cron:session): session closed for user samftp
May  9 11:37:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28199]: pam_unix(cron:session): session closed for user root
May  9 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29562]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29559]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:38:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29559]: pam_unix(cron:session): session closed for user p13x
May  9 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: Successful su for rubyman by root
May  9 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: + ??? root:rubyman
May  9 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359367 of user rubyman.
May  9 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[29623]: pam_unix(su:session): session closed for user rubyman
May  9 11:38:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359367.
May  9 11:38:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[26840]: pam_unix(cron:session): session closed for user root
May  9 11:38:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29560]: pam_unix(cron:session): session closed for user samftp
May  9 11:38:30 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:38:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: Failed password for root from 181.164.27.204 port 50200 ssh2
May  9 11:38:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28638]: pam_unix(cron:session): session closed for user root
May  9 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: Received disconnect from 181.164.27.204 port 50200:11: Bye Bye [preauth]
May  9 11:38:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[29872]: Disconnected from 181.164.27.204 port 50200 [preauth]
May  9 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29970]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29969]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29967]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29968]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:39:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29967]: pam_unix(cron:session): session closed for user p13x
May  9 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: Successful su for rubyman by root
May  9 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: + ??? root:rubyman
May  9 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359371 of user rubyman.
May  9 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30097]: pam_unix(su:session): session closed for user rubyman
May  9 11:39:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359371.
May  9 11:39:03 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29965]: pam_unix(cron:session): session closed for user root
May  9 11:39:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27327]: pam_unix(cron:session): session closed for user root
May  9 11:39:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29968]: pam_unix(cron:session): session closed for user samftp
May  9 11:39:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29149]: pam_unix(cron:session): session closed for user root
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30464]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30463]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30459]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30465]: pam_unix(cron:session): session closed for user root
May  9 11:40:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30459]: pam_unix(cron:session): session closed for user p13x
May  9 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30527]: Successful su for rubyman by root
May  9 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30527]: + ??? root:rubyman
May  9 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30527]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359377 of user rubyman.
May  9 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[30527]: pam_unix(su:session): session closed for user rubyman
May  9 11:40:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359377.
May  9 11:40:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30462]: pam_unix(cron:session): session closed for user root
May  9 11:40:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[27789]: pam_unix(cron:session): session closed for user root
May  9 11:40:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30461]: pam_unix(cron:session): session closed for user samftp
May  9 11:40:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29563]: pam_unix(cron:session): session closed for user root
May  9 11:40:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:40:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.107.67.65  user=root
May  9 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Failed password for root from 103.107.67.65 port 57342 ssh2
May  9 11:40:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[30840]: Connection closed by 103.107.67.65 port 57342 [preauth]
May  9 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30893]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30892]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30890]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:41:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30890]: pam_unix(cron:session): session closed for user p13x
May  9 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31035]: Successful su for rubyman by root
May  9 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31035]: + ??? root:rubyman
May  9 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31035]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359383 of user rubyman.
May  9 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[31035]: pam_unix(su:session): session closed for user rubyman
May  9 11:41:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359383.
May  9 11:41:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28198]: pam_unix(cron:session): session closed for user root
May  9 11:41:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30891]: pam_unix(cron:session): session closed for user samftp
May  9 11:41:18 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: Invalid user zw from 51.79.165.186
May  9 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: input_userauth_request: invalid user zw [preauth]
May  9 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:41:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: Failed password for invalid user zw from 51.79.165.186 port 60156 ssh2
May  9 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: Received disconnect from 51.79.165.186 port 60156:11: Bye Bye [preauth]
May  9 11:41:21 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31277]: Disconnected from 51.79.165.186 port 60156 [preauth]
May  9 11:41:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:41:25 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 11:41:26 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Failed password for root from 218.92.0.204 port 64340 ssh2
May  9 11:41:31 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: message repeated 2 times: [ Failed password for root from 218.92.0.204 port 64340 ssh2]
May  9 11:41:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29970]: pam_unix(cron:session): session closed for user root
May  9 11:41:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Failed password for root from 218.92.0.204 port 64340 ssh2
May  9 11:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Failed password for root from 218.92.0.204 port 64340 ssh2
May  9 11:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 64340 ssh2 [preauth]
May  9 11:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: Disconnecting: Too many authentication failures [preauth]
May  9 11:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 11:41:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31290]: PAM service(sshd) ignoring max retries; 5 > 3
May  9 11:41:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:41:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 11:41:43 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Failed password for root from 218.92.0.204 port 63348 ssh2
May  9 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: message repeated 5 times: [ Failed password for root from 218.92.0.204 port 63348 ssh2]
May  9 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: error: maximum authentication attempts exceeded for root from 218.92.0.204 port 63348 ssh2 [preauth]
May  9 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: Disconnecting: Too many authentication failures [preauth]
May  9 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 11:42:00 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31355]: PAM service(sshd) ignoring max retries; 6 > 3
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31405]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31406]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31404]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31403]: pam_unix(cron:session): session closed for user p13x
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31465]: Successful su for rubyman by root
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31465]: + ??? root:rubyman
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31465]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359387 of user rubyman.
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31465]: pam_unix(su:session): session closed for user rubyman
May  9 11:42:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359387.
May  9 11:42:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:42:03 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.204  user=root
May  9 11:42:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[28637]: pam_unix(cron:session): session closed for user root
May  9 11:42:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Failed password for root from 218.92.0.204 port 34426 ssh2
May  9 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31404]: pam_unix(cron:session): session closed for user samftp
May  9 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Received disconnect from 218.92.0.204 port 34426:11:  [preauth]
May  9 11:42:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[31502]: Disconnected from 218.92.0.204 port 34426 [preauth]
May  9 11:42:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30464]: pam_unix(cron:session): session closed for user root
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31834]: pam_unix(cron:session): session closed for user p13x
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31911]: Successful su for rubyman by root
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31911]: + ??? root:rubyman
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31911]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359390 of user rubyman.
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[31911]: pam_unix(su:session): session closed for user rubyman
May  9 11:43:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359390.
May  9 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29148]: pam_unix(cron:session): session closed for user root
May  9 11:43:04 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:43:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:43:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31835]: pam_unix(cron:session): session closed for user samftp
May  9 11:43:07 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Failed password for root from 186.124.22.55 port 57624 ssh2
May  9 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Received disconnect from 186.124.22.55 port 57624:11: Bye Bye [preauth]
May  9 11:43:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[32349]: Disconnected from 186.124.22.55 port 57624 [preauth]
May  9 11:43:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30893]: pam_unix(cron:session): session closed for user root
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32553]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32551]: pam_unix(cron:session): session closed for user p13x
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: Successful su for rubyman by root
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: + ??? root:rubyman
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359394 of user rubyman.
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[32676]: pam_unix(su:session): session closed for user rubyman
May  9 11:44:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359394.
May  9 11:44:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29562]: pam_unix(cron:session): session closed for user root
May  9 11:44:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32552]: pam_unix(cron:session): session closed for user samftp
May  9 11:44:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31406]: pam_unix(cron:session): session closed for user root
May  9 11:44:35 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:44:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204  user=root
May  9 11:44:37 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Failed password for root from 181.164.27.204 port 34876 ssh2
May  9 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Received disconnect from 181.164.27.204 port 34876:11: Bye Bye [preauth]
May  9 11:44:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[618]: Disconnected from 181.164.27.204 port 34876 [preauth]
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[690]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[697]: pam_unix(cron:session): session closed for user root
May  9 11:45:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[688]: pam_unix(cron:session): session closed for user p13x
May  9 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[771]: Successful su for rubyman by root
May  9 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[771]: + ??? root:rubyman
May  9 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[771]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359402 of user rubyman.
May  9 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[771]: pam_unix(su:session): session closed for user rubyman
May  9 11:45:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359402.
May  9 11:45:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[690]: pam_unix(cron:session): session closed for user root
May  9 11:45:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[29969]: pam_unix(cron:session): session closed for user root
May  9 11:45:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[689]: pam_unix(cron:session): session closed for user samftp
May  9 11:45:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31837]: pam_unix(cron:session): session closed for user root
May  9 11:45:58 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1201]: pam_unix(cron:session): session closed for user p13x
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: Successful su for rubyman by root
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: + ??? root:rubyman
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359405 of user rubyman.
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[1289]: pam_unix(su:session): session closed for user rubyman
May  9 11:46:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359405.
May  9 11:46:02 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.94.95.116  user=root
May  9 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Failed password for root from 80.94.95.116 port 26934 ssh2
May  9 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30463]: pam_unix(cron:session): session closed for user root
May  9 11:46:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1187]: Connection closed by 80.94.95.116 port 26934 [preauth]
May  9 11:46:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1202]: pam_unix(cron:session): session closed for user samftp
May  9 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:46:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.235.31.47  user=root
May  9 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Failed password for root from 50.235.31.47 port 51648 ssh2
May  9 11:46:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1542]: Connection closed by 50.235.31.47 port 51648 [preauth]
May  9 11:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:46:23 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1564]: Did not receive identification string from 154.81.156.51
May  9 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:46:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32554]: pam_unix(cron:session): session closed for user root
May  9 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: Invalid user home from 51.79.165.186
May  9 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: input_userauth_request: invalid user home [preauth]
May  9 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:46:34 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186
May  9 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: Failed password for invalid user home from 51.79.165.186 port 41174 ssh2
May  9 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: Received disconnect from 51.79.165.186 port 41174:11: Bye Bye [preauth]
May  9 11:46:36 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[1605]: Disconnected from 51.79.165.186 port 41174 [preauth]
May  9 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1688]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1685]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:47:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1685]: pam_unix(cron:session): session closed for user p13x
May  9 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: Successful su for rubyman by root
May  9 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: + ??? root:rubyman
May  9 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359408 of user rubyman.
May  9 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[1769]: pam_unix(su:session): session closed for user rubyman
May  9 11:47:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359408.
May  9 11:47:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[30892]: pam_unix(cron:session): session closed for user root
May  9 11:47:05 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: Invalid user mapr from 193.70.84.184
May  9 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: input_userauth_request: invalid user mapr [preauth]
May  9 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.70.84.184
May  9 11:47:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1687]: pam_unix(cron:session): session closed for user samftp
May  9 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: Failed password for invalid user mapr from 193.70.84.184 port 34080 ssh2
May  9 11:47:08 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2036]: Connection closed by 193.70.84.184 port 34080 [preauth]
May  9 11:47:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[693]: pam_unix(cron:session): session closed for user root
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2207]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2204]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2204]: pam_unix(cron:session): session closed for user p13x
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2266]: Successful su for rubyman by root
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2266]: + ??? root:rubyman
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2266]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359412 of user rubyman.
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2266]: pam_unix(su:session): session closed for user rubyman
May  9 11:48:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359412.
May  9 11:48:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31405]: pam_unix(cron:session): session closed for user root
May  9 11:48:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2206]: pam_unix(cron:session): session closed for user samftp
May  9 11:48:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:48:14 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:48:16 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: Failed password for root from 218.92.0.179 port 22408 ssh2
May  9 11:48:19 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: message repeated 2 times: [ Failed password for root from 218.92.0.179 port 22408 ssh2]
May  9 11:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: Received disconnect from 218.92.0.179 port 22408:11:  [preauth]
May  9 11:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: Disconnected from 218.92.0.179 port 22408 [preauth]
May  9 11:48:20 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2482]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179  user=root
May  9 11:48:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1206]: pam_unix(cron:session): session closed for user root
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2650]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2648]: pam_unix(cron:session): session closed for user p13x
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2723]: Successful su for rubyman by root
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2723]: + ??? root:rubyman
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2723]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359418 of user rubyman.
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[2723]: pam_unix(su:session): session closed for user rubyman
May  9 11:49:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359418.
May  9 11:49:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[31836]: pam_unix(cron:session): session closed for user root
May  9 11:49:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2649]: pam_unix(cron:session): session closed for user samftp
May  9 11:49:10 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:49:11 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.124.22.55  user=root
May  9 11:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Failed password for root from 186.124.22.55 port 39550 ssh2
May  9 11:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Received disconnect from 186.124.22.55 port 39550:11: Bye Bye [preauth]
May  9 11:49:13 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[2919]: Disconnected from 186.124.22.55 port 39550 [preauth]
May  9 11:49:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1689]: pam_unix(cron:session): session closed for user root
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3077]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3079]: pam_unix(cron:session): session closed for user root
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3074]: pam_unix(cron:session): session closed for user p13x
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: Successful su for rubyman by root
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: + ??? root:rubyman
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359420 of user rubyman.
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[3145]: pam_unix(su:session): session closed for user rubyman
May  9 11:50:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359420.
May  9 11:50:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3076]: pam_unix(cron:session): session closed for user root
May  9 11:50:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[32553]: pam_unix(cron:session): session closed for user root
May  9 11:50:07 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3075]: pam_unix(cron:session): session closed for user samftp
May  9 11:50:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2208]: pam_unix(cron:session): session closed for user root
May  9 11:50:38 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Invalid user phase from 181.164.27.204
May  9 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: input_userauth_request: invalid user phase [preauth]
May  9 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): check pass; user unknown
May  9 11:50:39 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.164.27.204
May  9 11:50:40 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Failed password for invalid user phase from 181.164.27.204 port 32812 ssh2
May  9 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Received disconnect from 181.164.27.204 port 32812:11: Bye Bye [preauth]
May  9 11:50:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3480]: Disconnected from 181.164.27.204 port 32812 [preauth]
May  9 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3535]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3536]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3534]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:51:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3533]: pam_unix(cron:session): session closed for user p13x
May  9 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: Successful su for rubyman by root
May  9 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: + ??? root:rubyman
May  9 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359426 of user rubyman.
May  9 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[3633]: pam_unix(su:session): session closed for user rubyman
May  9 11:51:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359426.
May  9 11:51:05 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[691]: pam_unix(cron:session): session closed for user root
May  9 11:51:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3534]: pam_unix(cron:session): session closed for user samftp
May  9 11:51:33 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[2651]: pam_unix(cron:session): session closed for user root
May  9 11:51:41 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May  9 11:51:42 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.79.165.186  user=root
May  9 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: Failed password for root from 51.79.165.186 port 53502 ssh2
May  9 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: Received disconnect from 51.79.165.186 port 53502:11: Bye Bye [preauth]
May  9 11:51:45 attack20221223-s-1vcpu-2gb-sfo1-01 sshd[3921]: Disconnected from 51.79.165.186 port 53502 [preauth]
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4001]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4000]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4002]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3999]: pam_unix(cron:session): session closed for user p13x
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: Successful su for rubyman by root
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: + ??? root:rubyman
May  9 11:52:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359431 of user rubyman.
May  9 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 su[4064]: pam_unix(su:session): session closed for user rubyman
May  9 11:52:02 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359431.
May  9 11:52:04 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[1203]: pam_unix(cron:session): session closed for user root
May  9 11:52:06 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4000]: pam_unix(cron:session): session closed for user samftp
May  9 11:52:34 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[3078]: pam_unix(cron:session): session closed for user root
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4567]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session opened for user p13x by (uid=0)
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4564]: pam_unix(cron:session): session opened for user samftp by (uid=0)
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4565]: pam_unix(cron:session): session opened for user root by (uid=0)
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 CRON[4563]: pam_unix(cron:session): session closed for user p13x
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: Successful su for rubyman by root
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: + ??? root:rubyman
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: pam_unix(su:session): session opened for user rubyman by (uid=0)
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: New session 359434 of user rubyman.
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 su[4631]: pam_unix(su:session): session closed for user rubyman
May  9 11:53:01 attack20221223-s-1vcpu-2gb-sfo1-01 systemd-logind[401]: Removed session 359434.